Flow based and packet level based Intrusion Detection as complementary concepts

The task of this thesis is the evaluation of possible synergy effects between packet/payload based intrusion detection and flow based intrusion detection. The student shall:

• identify the shortcomings of both approaches
• develop concepts using both approaches to compensate their respective shortcomings
• evaluate the effectiveness of these approaches in compensation of the shortcomings in a real world environment

He shall provide a list of attacks seen during the experimentations and evaluate,

• whether these attacks can be detected more accurately with the developed concepts
• whether the alert confidence for them has changed or
• whether they were not detectable otherwise at all.

The outcome shall be an evaluation on the question in which way the suspected advantages of combining given approaches hold in real world scenarios.