Hasso-Plattner-Institut
 

High Performance Security Analytics

With HPI-REAMS, HPI-ILC and HPI-VDB

HPI-REAMS

Real-time Event Analysis and Monitoring System Traditional network monitoring systems are no longer capable of supporting the challenges of Big Data in the large IT landscape. Security incidents require rapid and instant responses in order to preserve security. With HPI REAMS (Real-Time Event Analytics and Monitoring System), we are building the next generation of security monitoring systems that utilize massive parallelization, advanced analytics, as well as In-Memory platform to detect incidents and threats in real-time. Partnering with SAP, some of our research results are now being integrated in the new SAP product, ITOA (IT Operations Analytics), which allows IT to have a holistic view of their data center finding and reacting to attacks in a faster manner.

HPI-ILC: Identity Leak Checker

The HPI Identity Leak Checker monitors the Internet for illegally leaked identity data. The leaks are collected, normalized and centralized in the high performance database. A web interface allows potential victims of the stolen data to ask the database, whether they are affected by a leak. Among this identity information, there are passwords, first and last name, addresses, bank and credit card data and birthdays. In the end, the service should raise awareness in people to better take care what kind of information they are revealing in the Internet and should act as a warning system for leaked identity information. The collected Big Data can be further used for different security analytics, e.g., password analysis, threat intelligence, etc.

HPI-VDB: Vulnerability Database

HPI-VDB is a comprehensive and up-to-date repository, which contains a large number of known vulnerabilities of Software. The vulnerability information being gathered from Internet is evaluated, normalized, and centralized in the high performance database. The textual descriptions about each vulnerability entry are grabbed from the public portals of other vulnerability databases, software vendors, etc. A well-structured data model is proposed to host all pieces of information, which is related to the specific vulnerability entry. Thanks to the high quality data saved in our database, many query and analytics services can be provided, including browsing, searching, self-diagnosis, Attack Graph (AG), etc. Additionally, we offer many types of API for IT developers to use our database for their own analytics or developments. Currently the database contains 84,741 vulnerabilities, concerning about 203,000 different Software from 16,203 vendors.