• de

Complete List of Conference Papers of the chair of Prof. Dr. Christoph Meinel

Here you can find all our peer-reviewed conference papers:

Poisson-based Anomaly Detection for Identifying Malicious User Behaviour

Sapegin, Andrey; Amirkhanyan, Aragats; Gawron, Marian; Cheng, Feng; Meinel, Christoph in Proceedings of the International Conference on Mobile, Secure and Programmable Networking (MSPN'15) Springer , 2015 .

Nowadays, malicious user behaviour that does not trigger access violation or alert of data leak is difficult to be detected. Using the stolen login credentials the intruder doing espionage will first try to stay undetected: silently collect data from the company network and use only resources he is authorised to access. To deal with such cases, a Poisson-based anomaly detection algorithm is proposed in this paper. Two extra measures make it possible to achieve high detection rates and meanwhile reduce number of false positive alerts: (1) checking probability first for the group, and then for single users and (2) selecting threshold automatically. To prove the proposed approach, we developed a special simulation testbed that emulates user behaviour in the virtual network environment. The proof-of-concept implementation has been integrated into our prototype of a SIEM system — Real-time Event Analysis and Monitoring System, where the emulated Active Directory logs from Microsoft Windows domain are extracted and normalised into Object Log Format for further processing and anomaly detection. The experimental results show that our algorithm was able to detect all events related to malicious activity and produced zero false positive results. Forethought as the module for our self-developed SIEM system based on the SAP HANA in-memory database, our solution is capable of processing high volumes of data and shows high efficiency on experimental dataset.
Weitere Informationen
Tags anomaly_detection authentication intrusion_detection its user_behaviour

You can also find sub-lists of our peer-reviewed conference papers focusing on 

Other Links

... to our Research
              Security Engineering - Learning & Knowledge Tech - Design Thinking - former
... to our Teaching
              Tele-Lectures - MOOCs - Labs - Systems 
... to our Publications
              Books - Journals - Conference-Papers - Patents
... and to our Annual Reports.