Project leader: prof. dr. Roel Wieringa, UT (1 January 2005 till 1 June 2009)

   >  related interview

   >  download pdf

Integrated Policy-based Intrusion Detection (IPID) focus is to develop tools to detect invaders in computer networks based on the security policy of the business concerned. Previously existing systems were not effective (a large number of incidents were not reported) and/or not efficient (a large number of false alarms are issued).

Project results

IPID has resulted in a patented system to detect attacks on company networks. The system is based on abnormal behaviour of the network in question. It can therefore also recognise completely new zero-day attacks. In traditional security systems a new attack must first of all be described. Only when it has been entered into the databank can a security system recognise it and resist the attack. The system developed within IPID adapts itself to its environment. The security system first of all examines how the network in question normally functions and subsequently detects abnormal behaviour. This approach minimises the number of false reports and the security system is always alert. Within IPID researchers collaborated intensively with the Sentinels projects VISPER and VRIEND.

Follow-up activities

IPID has resulted in the setting up of a successful company. This start-up Security Matters has been further expanded with the help of a valorisation grant. IPID has also resulted in several follow-up projects: HERMES, CASTOR, and MIDAS have a total budget of more than one million euros. In additon to this there are a number of proposals for various national and international funding rounds in the pipeline.

Universities and partners involved

  •     Universiteit Twente
  •     Rabobank
  •     TNO ICT