Offene Arbeiten

Intrusion Detection using Stochastic Block Models

communication networks ,machine learning, cyber security


Communication networks are already key in the everyday life of most people. From social interaction to controlling vital infrastructure, communication networks constitute one of the enabling technologies for the modern world. But this importance comes with challenges. Among others, it makes communication networks the target of attacks. Such attacks can take a variety of forms. Two prominent examples are denial of service and the gain of unauthorized access to machines/data. To securely operate a communication network it is of great importance to detect and mitigate attacks as early as possible.

In this context, the proposed project focuses on the collection and analysis of network traffic. The gained insights should then be utilized to detect malicious behavior. As a first step, your task is to implement an environment where known attacks can be carried out in a secure and observable manner. This especially includes:

  • setup of virtual machines that can be used as a target.

  • setup of virtual machines with attack capabilities.

  • architecture for collecting ground-truth data during the attack phase.

As a second step, your task is to evaluate methods for identifying traffic patterns of different attacks. In this context, a special focus lies on the research question of how so-called Stochastic Block Models (SBMs) can be used to detect specific forms of attacks.

Within this project, you will gain a broad overview of network security, which is a valuable asset for your future career. You will help us to develop mitigation strategies and thus directly contribute towards the improvement of network security. Of course, it is possible to do a student thesis within the scope of this project.


Please send a short intro of yourself together with your CV and transcript of record to us. We are looking forward to meeting you.


  • Basic knowledge of Linux

  • Basic Python programming skills
  • General understanding of communication networks (especially on packet level; protocols: IP, TCP/UDP)



Maximilian Stephan, Patrick Krämer

Laufende Arbeiten


Predictability of Chameleon

The goal of this thesis is to investigate the patterns exhibited in the decisions of the Chameleon controller.


The paper Chameleon describes a control path algorithm with the goal of achieving predictable latency and high network utilization. Chameleon utilizes path diversity, priority queueing and recalculating routes to outperform state of the art.

The controller decides if a new flow can be embedded depending on the current network state and the requirements of the new flow. Understanding the decision process of Chameleon is crucial to further improve performance. Therefore, the goal of this thesis is to investigate the decisions of the Chameleon controller. The task of the student is to design a framework to easily generate and store data with Chameleon for further evaluation. After this, the student should evaluate the collected data. The goal here is to find patterns the controller exhibits in its decisions.



Amaury Van Bemten, Nemanja Ðeri?, Amir Varasteh, Stefan Schmid, Carmen Mas-Machuca, Andreas Blenk, and Wolfgang Kellerer. 2020. Chameleon: Predictable Latency and High Utilization with Queue-Aware and Adaptive Source Routing. In The 16th International Conference on emerging Networking EXperiments and Technologies (CoNEXT ’20), December 1–4, 2020, Barcelona, Spain. ACM, New York, NY, USA, 15 pages.


  • Experience with Python
  • Experience with Linux command line
  • Experience with Java is a plus


Measuring the Throughput of quantized neural networks on P4 devices


Implement a quantized neural network in P4 and evaluate the throughput of feed-forward networks and networks with attention mechanisms on P4 hardware.



Implementing and Evaluating a Neural Network-based Routing Protocol

AI, deep learning, eBPF, MPLS Networking


The goal of traffic engineering in communication networks is steering traffic such that a objective is optimized. The objective depends on the application and can be among others minimizing the maximum link utilization, and minimizing the flow completion time. To optimize any objective, a TE solution maps the current state of the network into a forwarding decision. That is, given the network state, source, and destination, forward this traffic along that path. Currently, the decision making in TE system is based on simple, hand-crafted algorithms. The reason lies in the strict computational requirements towards any TE algorithm (decisions at (sub)millisecond scale), and the necessity to realize the TE system as a distributed protocol.

Recent work shows that Neural Networks (NNs) can learn a distributed protocol from examples. The NN uses decisions of a TE system and synthesizes a distributed protocol out of those examples. In the process, the NN learns how information on a node should be encoded, which nodes need to exchange information to make decisions, and how to map the exchanged network state into a forwarding decision. For fast inference, the NN that makes the decisions is a fully binarized NN, i.e., input, weights, and activations are binary. While a Binary Neural Network (BNN) accelerates the evaluation, a practical implementation in existing hardware is still missing.

The goal of this thesis is to fill this gap and realize the BNN on a physical system. Your task is to develop a host based implementation (Appendix C.2 in [1]) using the extended Berkeley Packet Filter (eBPF). Concretely, the eBPF implementation must process update messages, and use the NN to make forwarding decisions for outbound traffic, and signal the forwarding decisions to the Network. The creation and the sending of update messages on switches is not part of the thesis and will be provided. The final deliverable is a small VM-based Clos-Topology (e.g., two pods of a k=4 fat-tree topology) in which traffic is routed based on the path determined by the NN in the end-hosts.


vnf2tx: Automating VNF platform operation with Reinforcement Learning




Deliberate Load-Imbalancing in Data Center Networks

Traffic Engineering, Scheduling, Data Center Networks
Goal of this thesis is the implementation and evaluation of an in-dataplane flow scheduling algorithm based on the online scheduling algorithm IMBAL in NS3.


Recently, a scalable load balancing algorithm in the dataplane has been proposed that leverages P4 to estimate the utilization in the network and assign flows to the least utilized path. This approach can be interpreted as a form of Graham's List algorithm.

In this thesis, the student is tasked to investigate how a different online scheduling algorithm called IMBAL performs compared to HULA. A prototype of IMBAL should be implemented in NS3. The tasks of this thesis are:

  1. Literature research and overview to online scheduling and traffic engineering in data center networks.
  2. Design how IMBAL can be implemented in NS3.
  3. Implementation of IMBAL in NS3.
  4. Evaluation of the implementation in NS3 with production traffic traces and comparison to HULA (a HULA implementation is provided from the chair and its implementation not part of this thesis).


Forschungspraxis (Research Internships)

Towards Digital Network Twins: Can we Machine Learn Network Function Behaviors?


Digital Network Twins can help to improve future network operation and management significantly.
A Digital Twin (DT) of a network is a digital representation that is coupled to the real network.
It can be used to perform experiments e.g. to improve the operation of the real network.
Running a detailed model of a network as a DT can be quite challenging.
Either the computational effort is too high to run the model somehow in real-time or the abstraction level is too high so the DT does not represent the real network closely enough.
Here Machine Learning (ML) could be a solution. Instead of accurately modeling the behavior analytically, an ML approach observes and learns the behavior of a network and its elements and may lead to a model that is less complex to use for a DT.
Research in this direction is still at its infancy, however.
This research internship should investigate the ability of current ML approaches to learn the behavior of network functions.
For this task, Kubernetes' ingress controller, a load balancer (LB), shall be set up as an exemplary network function in a virtual testbed.
The setup should further contain traffic generators to benchmark network functions and monitoring installations to observe the be-
havior of the LB. The collected data should then be used to train an ML model.
The core question is whether how far the behavior of network functions can be learned and abstracted with ML models.


- Linux

- Kubernetes

- Basic knowledge ML


Probabilistic Traffic Classification

Probabilistic Graphical Models, Markov Model, Hidden Markov Model, Machine Learning, Traffic Classification
Classification of packet level traces using Markov and Hidden Markov Models.


The goal of this thesis is the classification of packet-level traces using Markov- and Hidden Markov Model. The scenario is open-world: Traffic of specific web applications should be distinguished from all possible web-pages (background traffic). In addition, several pages should be differentiated. Examples include: Google Maps, Youtube, Google Search, Facebook, Google Drive, Instagram, Amazon Store, Amazon Prime Video, etc.