Kursinformation

Computers and computer networks are increasingly important in everyday life, whether in the private sphere to inform, maintain contacts, and entertain or in the business sphere to sell products or exchange information with employees, partners, and customers. The importance and dependence on IT networks will increase if separate network technologies, such as telephony or television, are distributed via IT networks.

For private users and the home environment, this means that they are becoming a target for SPAM e-mails, are being misused as bots in a bot network, and are spied on by Trojans for gaining access to private information and identities.

There are other threats to businesses as well. Denial of Service (DoS) attacks and data theft are noteworthy here.

Internet Service Providers (ISPs) and telecommunications companies that provide the network infrastructure are a special case in the corporate sector. Here, not only the threats, as mentioned earlier, play a role, but also threats and events that endanger the general availability of a network, especially since these threats are not only cyber threats or events but also natural disasters, which can play a role.

Finally, a country's IT infrastructure can also be the target of attacks, exploiting society's dependence on IT services. 

Threats to IT networks are severe primarily because the underlying TCP/IP protocol family was designed without focusing on security. The main reason is the originally closed, trustworthy circle of participants. In contrast, today's Internet is open and comprises mostly unknown participants.

None of this is new, and many secure network solutions exist. These include firewalls, virus scanners, and intrusion detection systems (IDS).

However, these solutions struggle to keep pace with current developments and the constantly growing number of attacks and malware. During the lecture, we will examine these problems more closely.

One approach to countering these problems is to use artificial intelligence methods. In the lecture, we will consider which methods increase the security and availability of IT networks. 

Therefore, we will deal with the following questions:

• How can networks be monitored?
• What role can agent technology play in protecting networks, and where are their limits?
• How can knowledge, goals, and rules be described in the context of network security?
• How can novel and unknown attacks be detected?
• How can intelligent systems help network administrators to secure and defend against attacks?
• What role can AI play in the detection of successful attacks?
• Can AI also be useful for attackers?
• What are the weaknesses of AI-based security mechanisms?

Lecture and homework assignments the following prior knowledge/skills:

• Basic IT-security knowledge
• Basic machine learning/AI knowledge
• Good knowledge of networks and network protocols
• Good programming skills in either Java or Python
• Linux knowledge and the ability to work with command-line tools
• Familiarity with setting up and using virtual machines