Computers and computer networks are playing an increasingly important role in everyday life, whether in the private sphere to inform, maintain contacts and for entertainment or in the business sphere to sell products, or to exchange information with employees, partners and customers. The importance and dependence on IT networks will increase if separate network technologies, such as telephony or television, are also distributed via IT networks.
This increased importance of IT networks is accompanied by an increased threat to these networks.
For private users and the home environment, this means that they are becoming a target for SPAM e-mails, are being misused as bots in a bot network and be spied on by Trojans for gaining access to private information and identities.
There are other threats to businesses as well. Denial of Service (DoS) attacks and data theft are particularly noteworthy here.
Internet Service Providers (ISPs) and telecommunications companies that provide the actual network infrastructure are a special case in the corporate sector. Here not only the aforementioned threats play a role, but also threats and events that endanger the general availability of a network. Especially since these threats are not only cyber threats or events but also natural disasters can play a role.
Finally, a country's IT infrastructure can also be the target of attacks as a whole, exploiting a society's dependence on IT services.
Threats to IT networks are so severe primarily because the underlying TCP/IP protocol family was designed without a focus on security. The main reason for this is the originally closed, trustworthy circle of participants. In contrast, today's Internet is open and is composed of mostly unknown participants.
None of this is new and there are many solutions to secure networks. These include firewalls, virus scanners, and intrusion detection systems (IDS).
However, these solutions have a problem keeping pace with current developments and the constantly growing number of attacks and malware. During the lecture, we will take a closer look at these problems.
One approach to counter these problems is the use of methods from the field of Artificial Intelligence. In the lecture, we will consider which methods are used to increase the security and availability of IT networks.
Therefore we will deal with the following questions:
- How can networks be monitored?
- What role can agent technology play in protecting networks and where are their limits?
- How can knowledge, goals, and rules be described in the context of network security?
- How can novel and unknown attacks be detected?
- How can intelligent systems help network administrators to secure and defend against attacks?
- What role can AI play in the detection of successful attacks?
- Can AI also be useful for attackers?
- What are the weaknesses of AI-based security mechanisms?
Lecture and homework assignments the following prior knowledge/skills:
- Basic IT-security knowledge
- Basic machine learning/AI knowledge
- Good knowledge about networks and network protocols
- Good programming skills in either Java or Python
- Linux knowledge and the ability to work with command line tools
- Familiarity with setting up and using virtual machines
- Trainer/in: Karsten Bsufka
- Trainer/in: Bianca Scheibel
- Trainer/in: Jakob Strafer
- Trainer/in ohne Editorrecht: Sahin Albayrak