Overview

Recent trends show an increasing frequency and complexity of attacks in Corporate Networks or IT systems. This happens due to constantly increasing number of new computer systems, services, development of the Internet of Things, growth of the mobile and wireless communications. All these trends make the protection of computer networks more complicated. The analysis of a single system is often not enough to detect all vulnerabilities since the majority of prevalent weaknesses result from the interaction of multiple systems. Additionally, attackers are harder to be identified because they are performing more targeted attacks and use ever more sophisticated methods and hacking tools. A modern security system must be prepared against these challenges and must fulfill stringent requirements for high security of its IT-Infrastructure.

Research Topics

  • Big Security Data Analytics Architectures (Pipelines)
  • High Performance Event Stream Processing with Deep Normalization and Fast Persistence
  • Enhanced Threat Intelligence Platform
  • Real-time Signature/Pattern Matching and Correlation
  • Advanced Analytical Approaches:
    • Automated and Comprehensive Correlations - Beaconing Detection, Multiple-source Statistical Analysis, Ad-hoc Data Science, etc.
    • Machine Learning Analytics - K-Means based, K-NN based, Poisson- and negative Binomial based, as well as User Behaviour based Anormaly Detection, Hybrid Outlier Detection, etc
    • Efficient Graph-based Investigation - MalRank, Belief Propagation, Semi Supervised Learning, Random Walk with Restart, etc.
    • Attack Graph Workflow - Gathering information, constructing an Attack Graph, as well as visualizing and analyzing the graph are the three steps of the workflow
    • Visualization and Collaboration - Visualizing the correlation results and the security-relevant events in general is essential for an effective defense of sophisticated attacks.

Selection of Relevant Publications

  • P. Najafi, D. Köhler, F. Cheng, and Ch. Meinel
    NLP-based Entity Behavior Analytics for Malware Detection,
    in Proceedings of the 40th IEEE International Performance Computing and Communications Conference (IPCCC'21), IEEE Press, October 28-30, 2021, Austin, Texas, USA (Short Paper, Online)
  • P. Najafi, F. Cheng, and Ch. Meinel
    SIEMA: Bringing Advanced Analytics to Legacy Security Information and Event Management,
    in Proceedings of  the17th EAI International Conference on Security and Privacy in Communication Networks (SecureComm'21), September 6-9, 2021, Canterbury, UK (Online)
  • P. Najafi, A. Muehle, W. Puenter, F. Cheng, and Ch. Meinel
    MalRank: A Measure of Maliciousness in SIEM-based Knowledge Graphs,
    in Proceedings of 2019 Annual Computer Security Applications Conference (ACSAC'19), ACM Press, December 9-13, 2019, San Juan, Puerto Rico
  • D. Jaeger, F. Cheng, and Ch. Meinel
    Accelerating Event Processing for Security Analytics on a Distributed In-Memory Platform,
    in Proceedings of the 16th IEEE Intl Conf on Dependable, Autonomic and Secure Computing (DASC'18) , IEEE Press, August 12-15, 2018, Athens, Greece
  • P. Najafi, A. Sapegin, F. Cheng, and Ch. Meinel
    Guilt-by-Association: Detecting Malicious Entities via Graph Mining,
    in Proceedings of the 13th EAI International Conference on Security and Privacy in Communication Networks (SecureComm'17), Springer LNICST 238, October 22-25, 2017 Niagara Falls, Canada
  • M. Gawron, F. Cheng, and Ch. Meinel
    Automatic Vulnerability Classification using Machine Learning,
    in Proceedings of the 12th International Conference on Risks and Security of Internet and Systems (CRITIS'17), Springer LNCS, September 19-21, 2017, Dinard, France (Best Paper Award)
  • M. Ussath, F. Cheng, and Ch. Meinel
    Enhanced Sinkhole System: Collecting System Details to Support Investigations,
    in Proceedings of the International Conference on Mobile, Secure and Programmable Networking (MSPN'17), Springer LNCS 10566, June 29-30, 2017, Paris, France
  • M. Ussath, D. Jaeger, F. Cheng, and Ch. Meinel
    Identifying Suspicious User Behavior with Neural Networks,
    in Proceedings of the 4th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud'17), IEEE Press, June 26-28, 2017, New York, USA)
  • M. Gawron, F. Cheng, and Ch. Meinel
    PVD: Passive Vulnerability Detection,
    in Proceedings of the International Conference on Information and Communication Systems (ICICS'17) , IEEE Press, April 4-6, 2017, Irbid, Jordan.
  • A. Sapegin, D. Jaeger, F. Cheng, and Ch. Meinel
    Towards a System for Complex Analysis of Security Events in Large-scale Networks.
    Computers & Security (COSE), Elsevier, 67 (6):16-34, 2017.
  • A. Sapegin, M. Gawron, D. Jeager, F. Cheng, and Ch. Meinel
    Evaluation of In-Memory Storage Engine for Machine Learning Analysis of Security Events,
    Journal of Concurrency and Computation: Practice and Experience (CCPE), Wiley Blackwell, 29(2), 2017.
  • A. Azodi, F. Cheng, and Ch. Meinel
    Event Driven Network Topology Discovery and Inventory Listing using REAMS,
    International Journal of Wireless Personal Communications (JoWPS), Springer,  94(3):415-430, 2017 .
  • D. Jaeger, H. Graupner, Ch. Pelchen, F. Cheng, and Ch. Meinel
    Fast Automated Processing and Evaluation of Identity Leaks,
    Internetional Journal of Parallel Programming (ICPP), Springer, 44(6), 2016.
  • F. Cheng, A. Azodi, D. Jaeger, Ch. Meinel
    Multi-Core Supported High Performance Security Analytics,
    Proc. of the 13th IEEE International Conference on Scalable Computing and Communication (ScalCom'13), Chengdu, China, December 20-22, 2013
  • S. Roschke, F. Cheng, and Ch. Meinel
    High Quality Attack Graph based IDS Correlation,
    Logic Journal of the IGPL (JIGPAL), Oxford University Press, 21(4), 2013.
  • F. Cheng, A. Azodi, D. Jaeger, Ch. Meinel
    Security Event Correlation Supported by Multi-Core Architecture,
    Proc. of the 3rd IEEE  International Conference on IT Convergence and Security (ICITS'13), Macau, China, December16-18, 2013

Deliverables

Team

  • Team leader: Prof. Dr. sc. nat., Dr.rer.nat. Christoph Meinel
  • Senior Researcher: Dr. rer. nat. Feng Cheng
  • Team members:
    • Pejman Najafi, MSc.
    • Seyed Ali Alhosseini, M.Sc.
    • Mehryar Majd, M.Sc.
    • Wenzel Pünter, M.Sc.
  • Former co-workers/PhD students, research students, and interns:
    • Dr. Sebastian Roschke (till Oct. 2012, now with Snap Inc.)
    • Dr. Amir Azodi (till Nov. 2015, now with DSGV)
    • Dr.-Ing. Martin Ussath (till Jul. 2017, now with Arvato Systems)
    • Dr.-Ing. David Jaeger (till Apr. 2019, now with Airbus Defence and Space)
    • Dr.-Ing. Marian Gawron (till Jun. 2019, now with DB Systel GmbH)
    • Dr. Andrey Sapegin (till Oct. 2019, now with Deutsche Telekom Technik GmbH, Berlin)
    • Chris Pelchen, MSc. (till Feb. 2022, now tith Stadt Brandenburg, Brandenburg)
    • Daniel Stelter-Glieset - MSc. Student (till Apr. 2017, now with Google Inc.)
    • Carl Ambroselli - Student Assistant (till Dec. 2014)
    • Richard Meissner - Student Assistant (till Jul. 2013)
    • Bjoern Groneberg - Student Assistant (till Sept. 2011)
    • Felix Leupold - Student Assistant (till Oct. 2010)
    • Martin Kreichgauer - Student (Masterprojekt)
    • Michael Frister - Student (Masterprojekt)
    • Florian Thomas - Student (Masterprojekt)

Other Links

... to our Research
              Security Engineering - Learning & Knowledge Tech - Design Thinking - former
... to our Teaching
              Tele-Lectures - MOOCs - Labs - Systems 
... to our Publications
              Books - Journals - Conference-Papers - Patents
... and to our Annual Reports.