monk-it – Efficient distributed monitoring, attack detection, and event correlation


  • Project Period: 2007-01-01 - 2010-09-30

Project Members

Sponsored by

  1. Tobias Limmer and Falko Dressler, "Flow-based TCP Connection Analysis," Proc. of 28th IEEE Intern. Performance Computing and Communications Conference, 2nd IEEE Intern. Workshop on Information and Data Assurance, Phoenix, AZ, USA, December 2009
  2. Tobias Limmer and Falko Dressler, "Flow-based Front Payload Aggregation," Proc. of 34th IEEE Conf. on Local Computer Networks : 4th IEEE LCN Workshop on Network Measurements, Zurich, Switzerland, pp. 1102-1109, October 2009
  3. David Eckhoff, Tobias Limmer and Falko Dressler, "Hash Tables for Efficient Flow Monitoring: Vulnerabilities and Countermeasures," 34th IEEE Conference on Local Computer Networks (LCN 2009): 4th IEEE LCN Workshop on Network Measurements (WNM 2009), Zurich, Switzerland, pp. 1087-1094, October 2009  
  4. Tobias Limmer and Falko Dressler, "Survey of Event Correlation Techniques for Attack Detection in Early Warning Systems," Friedrich-Alexander-Universität, technical report 1, 2008
  5. Tobias Limmer and Falko Dressler, "Distributed monitoring and analysis for reactive security," Proceedings of SPRING - GI/SIDAR Graduierten-Workshop über Reaktive Sicherheit, Dortmund, Germany, July 2007
  6. Falko Dressler, Wolfgang Jaegers and Reinhard German, "Flow-based Worm Detection using Correlated Honeypot Logs," Proc. of 15. GI/ITG Fachtagung Kommunikation in Verteilten Systemen, Bern, Switzerland, pp. 181-186, February 2007
  7. Jochen Kaiser, Alexander Vitzthum, Peter Holleczek and Falko Dressler, "Automated resolving of security incidents as a key mechanism to fight massive infections of malicious software," Proc. of GI SIDAR International Conference on IT-Incident Management & IT-Forensics, Berlin, Stuttgart, Germany, pp. 92-103, October 2006
  8. Ronny T. Lampert, Christoph Sommer, Gerhard Münz and Falko Dressler, "Vermont - A Versatile Monitoring Toolkit Using IPFIX/PSAMP," Proc. of IEEE/IST Workshop on Monitoring, Attack Detection and Mitigation, Tübingen, Germany, pp. 62-65, September 2006
  9. Falko Dressler, Reinhard German and Peter Holleczek, "Selbstorganisierende Netzwerksensoren und automatisierte Ereigniskorrelation," Proc. of BSI-Workshop IT-Frühwarnsysteme, Bonn, Germany, pp. 117-128, July 2006
  10. Jochen Kaiser, Alexander Vitzthum, Peter Holleczek and Falko Dressler, "Ein Sicherheitsportal zur Selbstverwaltung und automatischen Bearbeitung von Sicherheitsvorfällen als Schlüsseltechnologie gegen Masseninfektionen," Proc. of SPRING - GI/SIDAR, Berlin, Germany, July 2006