monkit 2

Distributed Monitoring and Attack Detection in 10 GBit/s Networks


  • Computer and Communication Systems, University of Innsbruck



  • BSI (Bundesamt für Sicherheit in der Informationstechnik)

Project Time

  • 01.12.2011-31.12.2012



The objective is to develop a new and more advanced version of our monkit appliance, which combines efficient network monitoring with attack detection in early warning systems. Looking at current network infrastructures, link speeds of 10 GBit/s and more became quite common. Yet, typical monitoring appliances still have problems operating at those speeds. We aim to establish novel alrogithmic solusions bundled with hardware and Linux kernel support to enable the monkit appliance to operating in 10 GBit/s networks. IN a first step, we carefully evaluated all parts of the appliance to identify performance bottlenecks and possible improvements.

Selected Publications

  • Tobias Limmer and Falko Dressler, "On Network Monitoring for Intrusion Detection," Praxis der Informationsverarbeitung und Kommunikation (PIK), vol. 35 (1), pp. 32-39, April 2012. [DOI, BibTeX, PDF and Details...]
  • Tobias Limmer and Falko Dressler, "Adaptive Load Balancing for Parallel IDS on Multi-Core Systems using Prioritized Flows," Proceedings of 20th IEEE International Conference on Computer Communication Networks (ICCCN 2011), Maui, HI, July/August 2011, pp. 1-8. [DOI, BibTeX, PDF and Details...]
  • Tobias Limmer and Falko Dressler, "Improving the Performance of Intrusion Detection using Dialog-based Payload Aggregation," Proceedings of 30th IEEE Conference on Computer Communications (INFOCOM 2011), 14th IEEE Global Internet Symposium (GI 2011), Shanghai, China, April 2011, pp. 833-838. [DOI, BibTeX, PDF and Details...]