- »Lectures and Classes
- Diskrete Strukturen und Logik (WS 2011/12)
- Internet Security (WS2011/2012)
- Semantic Web Technologien (WS2011/2012)
- Large Scale Processing for Multimedia Analysis (WS2011/2012)
- Webprogrammierung und Web 2.0-Technologien (WS2011/12)
- Der neue Personalausweis: Konzept und Umsetzung (WS2011/2012)
- Web Service Security (WS2011/2012)
- Network Security in Practice (WS2011/2012)
- Archive
- »Tele-Lectures
- »Master-Projekte
- Master Theses
- »Bachelor Projects
- PhD Students
- D-School teaching
- Research Seminars
- »Lectures and Classes
Contact
Prof. Dr. Christoph Meinel
Hasso-Plattner-Institut
an der Universität Potsdam
Tel: +49 0331/5509-222
Fax: +49 0331/5509-325
Mobil: +49 176 10010727
meinel"at"hpi.uni-potsdam.de
Blogs
Books
Overview
Along with the rapid development and extension of IT-Technology, computer and network attacks as well as their countermeasures become more and more complicated. Intrusion detection systems (IDS) have been commonly used in practice for identifying malicious behaviors against protected hosts or network environments. Growing networks and traffic increase the number of detected events heavily. Technical-supported automated analysis becomes necessary for handling the huge amounts of data. High-end hardware provides new possibilities for advanced analysis techniques using a multi-core architecture and In-Memory storage approaches. Furthermore, new attack modeling techniques enable the analysis of weaknesses caused by a combination of multiple vulnerabilities and attack steps. Security Analytics combines modern attack modeling techniques with advanced detection and correlation methods using high-end hardware with up to 2 TB of main memory and multi-core architecures.
- Correlation of Alerts
Research
Correlation and Pattern Matching - IDS Sensors and Log Gatherers create a large number of security related events which may be caused by serious attacks on the network. This stream of events needs to be analyzed and refined by technical means, as manual processing is far to complex and time consuming. Correlation and pattern matching can be used to infer from related events that specific attack scenarios have been carried out on the protected network.
Attack Graph Workflow - Gathering information, constructing an Attack Graph, as well as visualizing and analyzing the graph are the three steps of the workflow. Improving the different phases of the workflow as well as combining the workflow with IDS is a research topic at HPI.
IDS Management - Efficient Intrusion Detection System Management (IDSM) is an important capability for distributed IDS solutions, which makes it possible to integrate and handle different types of sensors or collect and synthesize alerts generated from multiple hosts in a distributed environment. Improving the efficiency of IDS Management is a research goal at HPI.
Virtualization and IDS - The concept of virtualization has been introduced into many popular IDS implementations, due to the advantage on isolation and fast recovery in case of being compromised as well as its applicability in emerging concepts, such as Cloud Computing. Advancing the capabilities for combining these newly emerged Virtual Machine (VM) based IDS approaches is another research topic at HPI.
IDS in the Cloud - The concept of Cloud computing yields multiple unsovled security problems. Securing a Cloud infrastrcuture using IDS Sensors and management is one of the research topics focused in this project.
Visualization and Collaboration - Visualizing the correlation results and the security-relevant events in general is essential for an effective defense of sophisticated attacks. Visualizating results and collaboration in security operations is a focus in this research project.
Publications
- S. Roschke, F. Cheng, Ch. Meinel
BALG: Bypassing Application Layer Gateways Using Multi-Staged Encrypted Shellcodes
Proc. 12th IFIP/IEEE IM'11, IEEE Press, Dublin, Ireland, 2011 (to appear). - S. Roschke, F. Cheng, Ch. Meinel
Using Vulnerability Information and Attack Graphs for Intrusion Detection
Proc. 6th IAS'10, IEEE Press, Atlanta, United States, 2010, pp. 104-109. - S.Roschke, F. Cheng, Ch. Meinel
A Flexible and Efficient Alert Correlation Platform for Distributed IDS
Proc. of 4th NSS'10, IEEE Press, Melbourne, Australia, 2010, pp. 24-31. - S. Roschke, F. Cheng, Ch. Meinel
Intrusion Detection in the Cloud
Proc. Workshop SCC'09 (in conjunction with 8th PICom), IEEE Press, Chengdu, China, December, 2009 (to appear) - S. Roschke, F. Cheng, R. Schuppenies, Ch. Meinel
Towards Unifying Vulnerability Information for Attack Graph Construction
Proc.12th ISC'09, Springer LNCS 5735 , Pisa (Italy), 2009, pp. 218-233. - S. Roschke, F. Cheng, Ch. Meinel
An Advanced IDS Management Architecture
Journal of Information Assurance and Security, Vol. 5, Issue 1, Atlanta, USA, 2010, pp. 246-255. - F. Cheng, S. Roschke, Ch. Meinel
Implementing IDS Management on Lock-Keeper
Proc. 4th ISPEC'09, Springer LNCS 5451, Xi'an (China), 2009, pp. 360-371.
Contact
Research group of Internet Technologies and Systems,
Hasso-Plattner-Institute, at the University of Potsdam,
D-14440, Potsdam, Germany
Phone: 0049 331 5509 530
Fax: 0049 331 5509 325
Room: H-1.13
security-analytics (at) hpi.uni-potsdam.de