Diploma Thesis (Diplomarbeit): Theoretical Fundamentals And Prototypical Implementation Of A Anomaly Based Network Intrusion Detection System (NIDS)   About This diploma thesis is about the theoretical backgrounds and basic conceptions of a network intrusion detection system. NIDS provide the ability to detect anomalies, intrusions or abnormal behaviour in a given network. Anomaly based systems are specialized to detect such events without previous knowledge of how such events might look like and have therefore an advantage over traditional, so called pattern based systems. This diploma thesis discusses the basics and theoretical backgrounds of such systems. The main focus is to provide a working, prototypical implementation of an anomaly based NIDS.   Diploma thesis This diploma thesis has been written by Magnus Schmidt, (c)opyright 2002/2003. It is published under the following copyright:      This work is protected by copyright. While anyone is free to use the ideas expressed in it, they are not allowed to copy, distribute or publish the work or part of it, in any form, printed, electronic or otherwise, except for reasonable quoting, clearly indicating the source. Readers are permitted to make copies, electronically or printed, for non-commercial use, particularly personal or classroom use. Diploma thesis (PDF / German language)   Download / NAD The prototypical implementation of a anomaly based network intrustion detection system. This program is written in PERL. The development-platform has been Linux, but it may run on UNIXes or even Windows. You will need libpcap for capturing and the corresponding perl libraries. For storing and displaying alarm events a mysql-database and an apache web-server with PHP-support is needed. This program has been developed in conjunction with this diploma thesis and is not maintained any more. WARNING:   NEVER USER THIS PROGRAM IN ANY PRODUCTIVE ENVIRONMENT. It is a prototypical implementation for study purposes only. This program is published under the GNU Public Licence (GPL). nad.tgz   Contact You can eMail me under: (Click for eMail).