Hasso-Plattner-Institut
 
    • de
 

Overview

Recent trends show an increasing frequency and complexity of attacks in Corporate Networks or IT systems. This happens due to constantly increasing number of new computer systems, services, development of the Internet of Things, growth of the mobile and wireless communications. All these trends make the protection of computer networks more complicated. The analysis of a single system is often not enough to detect all vulnerabilities since the majority of prevalent weaknesses result from the interaction of multiple systems. Additionally, attackers are harder to be identified because they are performing more targeted attacks and use ever more sophisticated methods and hacking tools. A modern security system must be prepared against these challenges and must fulfill stringent requirements for high security of its IT-Infrastructure.

Research Topics

  • Big Security Data Analytics Architectures (Pipelines)
  • High Performance Event Stream Processing with Deep Normalization and Fast Persistence
  • Enhanced Threat Intelligence Platform
  • Real-time Signature/Pattern Matching and Correlation
  • Advanced Analytical Approaches:

    • Automated and Comprehensive Correlations - Beaconing Detection, Multiple-source Statistical Analysis, Ad-hoc Data Science, etc.
    • Machine Learning Analytics - K-Means based, K-NN based, Poisson- and negative Binomial based, as well as User Behaviour based Anormaly Detection, Hybrid Outlier Detection, etc
    • Efficient Graph-based Investigation - MalRank, Belief Propagation, Semi Supervised Learning, Random Walk with Restart, etc.
    • Attack Graph Workflow - Gathering information, constructing an Attack Graph, as well as visualizing and analyzing the graph are the three steps of the workflow
    • Visualization and Collaboration - Visualizing the correlation results and the security-relevant events in general is essential for an effective defense of sophisticated attacks.

Selection of Relevant Publications

  • A. Sapegin, D. Jaeger, F. Cheng, and Ch. Meinel
    Towards a System for Complex Analysis of Security Events in Large-scale Networks.
    Computers & Security (COSE), Elsevier, 67 (6):16-34, 2017.
  • A. Sapegin, M. Gawron, D. Jeager, F. Cheng, and Ch. Meinel
    Evaluation of In-Memory Storage Engine for Machine Learning Analysis of Security Events,
    Journal of Concurrency and Computation: Practice and Experience (CCPE), Wiley Blackwell, 29(2), 2017.
  • A. Azodi, F. Cheng, and Ch. Meinel
    Event Driven Network Topology Discovery and Inventory Listing using REAMS,
    International Journal of Wireless Personal Communications (JoWPS), Springer,  94(3):415-430, 2017 .
  • D. Jaeger, H. Graupner, Ch. Pelchen, F. Cheng, and Ch. Meinel
    Fast Automated Processing and Evaluation of Identity Leaks,
    Internetional Journal of Parallel Programming (ICPP), Springer, 44(6), 2016.
  • F. Cheng, A. Azodi, D. Jaeger, Ch. Meinel
    Multi-Core Supported High Performance Security Analytics,
    Proc. of the 13th IEEE International Conference on Scalable Computing and Communication (ScalCom'13), Chengdu, China, December 20-22, 2013
  • S. Roschke, F. Cheng, and Ch. Meinel,
    High Quality Attack Graph based IDS Correlation
    ,
    Logic Journal of the IGPL (JIGPAL), Oxford University Press, 21(4), 2013.
  • F. Cheng, A. Azodi, D. Jaeger, Ch. Meinel
    Security Event Correlation Supported by Multi-Core Architecture,
    Proc. of the 3rd IEEE  International Conference on IT Convergence and Security (ICITS'13), Macau, China, December16-18, 2013

Deliverables

Team

  • Team leader: Prof. Dr. sc. nat., Dr.rer.nat. Christoph Meinel
  • Senior Researcher: Dr. rer. nat. Feng Cheng
  • Team members:

  • Student co-workers:

    • Linus Heinzl (BBA)

  • Former co-workers/PhD students, research students, and interns:

    • Dr. Sebastian Roschke (till Oct. 2012, now with Google Inc.)
    • Dr. Amir Azodi (till Nov. 2015, now with Deloitte)
    • Dr.-Ing. Martin Ussath (till Jul. 2018, now with DSCO)
    • Daniel Stelter-Glieset - MSc. Student (till Apr. 2017, now with Google Inc.)
    • Carl Ambroselli - Student Assistant (till Dec. 2014)
    • Richard Meissner - Student Assistant (till Jul. 2013)
    • Bjoern Groneberg - Student Assistant (till Sept. 2011)
    • Felix Leupold - Student Assistant (till Oct. 2010)
    • Martin Kreichgauer - Student (Masterprojekt)
    • Michael Frister - Student (Masterprojekt)
    • Florian Thomas - Student (Masterprojekt)

Other Links

... to our Research
              Security Engineering - Learning & Knowledge Tech - Design Thinking - former
... to our Teaching
              Tele-Lectures - MOOCs - Labs - Systems 
... to our Publications
              Books - Journals - Conference-Papers - Patents
... and to our Annual Reports.