The IAID research project creates an innovation for anomaly detection in networks for a new generation of early warning systems, to develop protection against new attack mechanisms.
With the subproject "Flow Data Anomaly Detection and user-assisted intelligent alarm filtering" has its focus to discover malicious and on TCP and UDP-based communication in a network and thus to detect attacks and compromised systems. An approach that is based on a novel flow data format of the Internet Analysis System. This flow data is a statistical description of network flows, avoiding the privacy-related information. By using statistical models, these flows are analyzed by method of anomaly detection to detect abnormal communications. Reports of the proceedings will be sent by an intelligent filter that learns user-supported, thereby to reduce false alarms later or irrelevant alarms dramatically.