X-CHECK - Detection of Security Incidents at Internet Exchange Points

The consortium has set itself the goal of reliably identifying IT security incidents. For this purpose, network traffic on the Internet is considered across ISPs. The project will explore a system for the detection of both known IT security incidents and new, unconventional anomalies at Internet hubs.

Core components are mechanisms for the automatic evaluation of anomalies, whereby data of the network and the application layer are analyzed. Furthermore, methods and tools for real-time network forensics are to be researched with which step by step security incidents can be clarified afterwards.

Open solutions are to be created which allow a seamless extension or adaptation by third parties, for example for an efficient interaction with local measures for anomaly detection.
Since the data accessible at the IXP nodes is highly sensitive, all developments are carried out under strict data protection. In particular, compliance with the minimum principle, that is, to collect, process or use as little data as possible has the highest priority in the implementation.