Probe-based Internet Early Warning System - Prof. Dr. Norbert Pohlmann

Probe-based Internet Early Warning System


Norbert Pohlmann  (Institut für Internet-Sicherheit:,
“Probe-based Internet Early Warning System”,
ENISA Quarterly Vol. 3,
No. 1,
Jan-Mar 2007

The constantly growing importance of the Internet for our knowledge and information society makes it necessary to analyse andbe acquainted with its status beyond the limits of the individual network operators.
Only if we have precise knowledge of normal behaviour and its status is it possible to detect anomalies which influence the functionality of the Internet. A probe-based Internet Analysis System is currently being designed and developed in a research and development project of the
Institute for Internet Security at the University of Applied Sciences in
Gelsenkirchen, in co-operation with the German Federal Office for Information Security (BSI). This project aims to create and analyse local and global perspectives of the Internet in order to facilitate the generation of early warnings. Particular focal points of the project are the collection and optimisation of information, in compliance with data protection regulations, with the aim of storing data long term to allow the analysis of trends and developments over extended periods.

Aims and tasks of the Internet Analysis System
The objectives of the Internet Analysis System are on one hand to analyse local communication data in identified subnetworks of the Internet while, on the other, the system aims to create a global perspective of the Internet by combining a large number of local perspectives. The main functions of the Internet Analysis System are divided into the four subsystems of pattern formation, description of the actual status, alarm signalling and

Pattern formation:
The main objective of pattern formation is to perform a comprehensive analysis and interpretation of the communication parameters of
Internet traffic, with the aim of detecting technology trends, interrelationships and patterns which represent the status, behaviour and perspectives of the Internet. On the basis of this knowledge, a search is
carried out for anomalies among the current measured values, and the events that lead to status changes are then analysed and interpreted. It is important to distinguish whether the anomalies are caused by ‘natural’ phenomena, for example, a technological change, or whether they are
attributable to a cyberattack.

Weitere Informationen zum Thema “Cyber-Sicherheits-Frühwarn- und Lagebildsystem”:

„Kommunikationslage im Blick – Gefahr erkannt, Gefahr gebannt“

„An ideal Internet Early Warning System“

„Ideales Internet-Frühwarnsystem”

„Internet Situation Awareness“

„Probe-based Internet Early Warning System”

„Internet Early Warning System: The Global View”

“Internet Situation Awareness”


Vorlesung: „Cyber-Sicherheit Frühwarn- und Lagebildsysteme“

Glossareintrag: “Cyber-Sicherheits-Frühwarn- und Lagebildsystem”

Informationen über das Lehrbuch: „Cyber-Sicherheit“

kostenlos downloaden
Probe-based Internet Early Warning System Prof. Dr. Norbert Pohlmann - Cyber-Sicherheitsexperten