Intrusions (Botnets, Trojan Horses, etc.) are a big problem in corporate networks. By systematically analyzing records of network traffic, it is possible to detect the appearance of unusual applications through the different characteristics of this traffic. A particularly powerful method of collecting such traffic data has been implemented by NexThink, an EPFL spinoff company.
In this project, you will use traffic data collected by NexThink users to build:
a) a realistic traffic simulator that generates network traffic with a similar distribution and allows simulating intrusions.
b) several analysis techniques that learn how to distinguish legitimate from illegitimate traffic and thus detect intrusions. These could be based on simple statistics (amount of traffic, distribution of addresses, etc.) and on more detailed models of the traffic (e.g. Markov models or dynamic Bayes nets).
The project will be carried out at the EPFL Artificial Intelligence Laboratory under the supervision of Li Pu (assistant) and Boi Faltings. The student should have good programming skills in Java, and basic knowledge of Artificial Intelligence.
Please contact Li Pu or Boi Faltings if you are interested in this project.