Created in 1973, the University of Aveiro quickly became one of the most dynamic and innovative universities in Portugal. Now a public foundation under private law, attended by about 15,000 students, it continues to develop and implement its mission to provide undergraduate and postgraduate education, to generate research and promote cooperation with society.

The University of Aveiro (Universidade de Aveiro) is a Portuguese public university, headquartered in Aveiro since its creation in 1973. It also provides polytechnic education. Administratively, the teaching and research activities are distributed by Departments and Autonomous Sections, both with specialized faculties. The University has more than 12,500 students distributed across 58 graduate courses, over 40 MSc courses and 25 PhD programs. Its main campus is near the centre of Aveiro, including a nearby Administration and Accounting Institute. The university also has external regional campuses in Águeda, Higher Education Technological and Management School of Águeda, and Oliveira de Azeméis Higher Education School of North Aveiro. It is an R&D university, having research units developing programmes in fundamental and applied mathematics, physics, chemistry, telecommunications, robotics, bioinformatics, sea sciences, materials, design, business administration and industrial engineering. Excellence in research is already one of the hallmarks of the University; 75% of its 19 research units have been classified with very good and excellent in recent evaluations carried out by international specialists.

The University has more than 12,500 students distributed across 58 graduate courses, over 40 MSc courses and 25 PhD programs.

Role

UAVR will design and implement a network-based anomaly Intrusion Detection System (IDS) for production networks, in the scope of the SemI40 Task 1.4.1, which UAVR leads. The proposed IDS will monitor network traffic for particular network segments or devices inside a production network and analyse network, transport, and application protocols to identify suspicious activity. The detection methodologies will be based on statistical and machine learning techniques. The goal of the proposed IDS is the detection of a wide spectrum of different types of malicious events, (i.e. due to known and unknown security threats), and non-malicious events (e.g. due to misconfiguration or operational failures).

Key contribution

UAVR’s main contribution in SemI40 project is to design and implement a network-based anomaly IDS for production networks. The provided IDS will monitor network traffic for particular network segments or devices inside a production network and analyse network, transport, and application protocols to identify suspicious activity. The main objective of the provided IDS is to detect malicious events due to not only known security threats, but also due to attacks that have not yet appeared but can be potential threats for production networks in the future. In addition, it will provide capabilities to achieve reduced false alarm rate for known and unknown attacks. Finally, it will be capable of collaborating with host-based IDSs, which can be also located at the production network, for enhanced performance.