Literature Database Entry


Mario Berger, "Optimizing Attack Detection Techniques using Load Distribution and Anomaly Detection," Master's Thesis, Institute of Computer Science, University of Innsbruck, August 2012. (Advisors: Falko Dressler and Felix Erlacher)


Attacks against computer systems are often launched over the Internet or any other computer network. Therefore, attacks or intrusion attempts can be identified by examining network traffic, which is also known as intrusion detection. Traditional Intrusion Detection Systems (IDSs) often rely on signatures or rule sets which are used to describe well-known attacks. Unfortunately, with these systems it is almost impossible to detect novel attacks, because rule sets do not have any information about these attacks. To address this problem, anomaly detection techniques can be used to detect novel attacks by identifying network traffic that deviates from normal behavior. As many different Anomaly Detection Algorithms (ADAs) have been developed for different types of anomalies, it seems to be reasonable to rely on multiple algorithms for intrusion detection. Because algorithms can also be very resource-intensive, they may not be able to keep up with packet rates of today's high-speed networks. Therefore, a load balancing scheme is required to control the amount of network traffic to be analyzed by the individual algorithms. In order to make extensive use of multiple ADAs for intrusion detection in computer networks, we have developed a framework for anomaly detection as part of a network monitoring software. As a proof of concept, we have implemented an initial set of ADAs together with a load balancer for operation in high-speed networks. Our evaluations have shown that detection performances can benefit from using multiple algorithms and that the developed framework is also able to cope with packet rates of high-speed networks.

Quick access

BibTeX BibTeX


Mario Berger

BibTeX reference

    author = {Berger, Mario},
    title = {{Optimizing Attack Detection Techniques using Load Distribution and Anomaly Detection}},
    advisor = {Dressler, Falko and Erlacher, Felix},
    institution = {Institute of Computer Science},
    location = {Innsbruck, Austria},
    month = {8},
    school = {University of Innsbruck},
    type = {Master's Thesis},
    year = {2012},

Copyright notice

Links to final or draft versions of papers are presented here to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted or distributed for commercial purposes without the explicit permission of the copyright holder.

The following applies to all papers listed above that have IEEE copyrights: Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.

The following applies to all papers listed above that are in submission to IEEE conference/workshop proceedings or journals: This work has been submitted to the IEEE for possible publication. Copyright may be transferred without notice, after which this version may no longer be accessible.

The following applies to all papers listed above that have ACM copyrights: ACM COPYRIGHT NOTICE. Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, to republish, to post on servers, or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from Publications Dept., ACM, Inc., fax +1 (212) 869-0481, or

The following applies to all SpringerLink papers listed above that have Springer Science+Business Media copyrights: The original publication is available at

This page was automatically generated using BibDB and bib2web.