2019 |
Röhling, Martin Max; Grimmer, Martin; Kreusel, Dennis; Hoffmann, Jörn; Franczyk, Bogdan Standardized container virtualization approach for collecting host intrusion detection data Inproceedings M. Ganzha L. Maciaszek, Paprzycki M (Hrsg.): Proceedings of the 2019 Federated Conference on Computer Science and Information Systems, S. 459 – 463, ACSIS, 2019, ISSN: 2300-5963, (ISBN: 978-83-952357-8-8. IEEE Catalog Number: CFP1985N-ART). @inproceedings{8860005, title = {Standardized container virtualization approach for collecting host intrusion detection data}, author = {Martin Max Röhling and Martin Grimmer and Dennis Kreusel and Jörn Hoffmann and Bogdan Franczyk}, editor = {M. Ganzha, L. Maciaszek, M. Paprzycki}, url = {https://ieeexplore.ieee.org/document/8860005}, doi = {10.15439/2019F212}, issn = {2300-5963}, year = {2019}, date = {2019-09-03}, booktitle = {Proceedings of the 2019 Federated Conference on Computer Science and Information Systems}, issuetitle = {Advances in Network Systems and Applications}, volume = {18}, pages = {459 – 463}, publisher = {ACSIS}, abstract = {Anomaly-based Intrusion Detection Systems (IDS) can be instrumental in detecting attacks on IT systems. For evaluation and training of IDS, data sets containing samples of common security-scenarios are essential. Existing data sets are not sufficient for training modern IDS. This work introduces a new methodology for recording data that is useful in the context of intrusion detection. The approach presented is comprised of a system architecture as well as a novel framework for simulating security-related scenarios.}, note = {ISBN: 978-83-952357-8-8. IEEE Catalog Number: CFP1985N-ART}, keywords = {}, pubstate = {published}, tppubtype = {inproceedings} } Anomaly-based Intrusion Detection Systems (IDS) can be instrumental in detecting attacks on IT systems. For evaluation and training of IDS, data sets containing samples of common security-scenarios are essential. Existing data sets are not sufficient for training modern IDS. This work introduces a new methodology for recording data that is useful in the context of intrusion detection. The approach presented is comprised of a system architecture as well as a novel framework for simulating security-related scenarios. |
Grimmer, Martin; Röhling, Martin Max; Kreusel, Dennis; Ganz, Simon A Modern and Sophisticated Host Based Intrusion Detection Data Set Inproceedings 16. Deutscher IT-Sicherheitskongress, 2019 (Hrsg.): IT-Sicherheit als Voraussetzung für eine erfolgreiche Digitalisierung, S. 135-145, 16. Deutscher IT-Sicherheitskongress, 2019 SecuMedia, 2019, ISBN: 978-3-922746-82-9. @inproceedings{Grimmer2019, title = {A Modern and Sophisticated Host Based Intrusion Detection Data Set}, author = {Martin Grimmer and Martin Max Röhling and Dennis Kreusel and Simon Ganz}, editor = {16. Deutscher IT-Sicherheitskongress, 2019}, url = {https://www.bsi.bund.de/DE/Service/Aktuell/Veranstaltungen/IT-Sicherheitskongress/IT-Sicherheitskongress_node.html https://www.exploids.de/wp-content/uploads/2019/05/BSI-LID-DS.pdf}, isbn = {978-3-922746-82-9}, year = {2019}, date = {2019-05-21}, booktitle = {IT-Sicherheit als Voraussetzung für eine erfolgreiche Digitalisierung}, pages = {135-145}, publisher = {SecuMedia}, organization = {16. Deutscher IT-Sicherheitskongress, 2019}, abstract = {Cyber attacks can do great damage. Host intrusion detection systems (HIDS) can help to detect those attacks. In order to compare different HIDS and test their effectiveness, up-to-date, correct and publicly accessible data sets are required. Since all data sets available so far have serious problems, we present a new one that solves these problems.}, keywords = {}, pubstate = {published}, tppubtype = {inproceedings} } Cyber attacks can do great damage. Host intrusion detection systems (HIDS) can help to detect those attacks. In order to compare different HIDS and test their effectiveness, up-to-date, correct and publicly accessible data sets are required. Since all data sets available so far have serious problems, we present a new one that solves these problems. |
2018 |
Grimmer, Martin; Hoffmann, Jörn; Röhling, Martin Max Exploids: Host-basierte Angriffserkennung auf Linux-VMs Artikel Linux Magazin, 03/2018 , 2018. @article{Grimmer2018b, title = {Exploids: Host-basierte Angriffserkennung auf Linux-VMs}, author = {Martin Grimmer and Jörn Hoffmann and Martin Max Röhling}, editor = {Computec Media GmbH}, url = {https://www.linux-magazin.de/ausgaben/2018/03/intrusion-detection/}, year = {2018}, date = {2018-03-01}, journal = {Linux Magazin}, volume = {03/2018}, abstract = {Forscher untersuchen, wie sich Hackerangriffe schnell erkennen und erfolgreich abwehren lassen und wie Admins Spuren sichern können, die später bei einer juristischen Ahndung helfen. Trotzdem soll die Privatsphäre der Anwender aber geschützt bleiben.}, keywords = {}, pubstate = {published}, tppubtype = {article} } Forscher untersuchen, wie sich Hackerangriffe schnell erkennen und erfolgreich abwehren lassen und wie Admins Spuren sichern können, die später bei einer juristischen Ahndung helfen. Trotzdem soll die Privatsphäre der Anwender aber geschützt bleiben. |
Grimmer, Martin; Röhling, Martin Max; Kricke, Matthias; Franczyk, Bogdan; Rahm, Erhard Intrusion Detection on System Call Graphs Inproceedings in vernetzten DFN-CERT, DFN-Konferenz "Sicherheit Systemen" 25 (Hrsg.): Sicherheit in vernetzten Systemen, S. G1-G18, DFN-CERT Services GmbH, 2018, ISBN: 978-3-3-7460-8637-8. @inproceedings{Grimmer2018, title = {Intrusion Detection on System Call Graphs}, author = {Martin Grimmer and Martin Max Röhling and Matthias Kricke and Bogdan Franczyk and Erhard Rahm}, editor = {DFN-CERT, 25. DFN-Konferenz "Sicherheit in vernetzten Systemen"}, url = {https://www.dfn-cert.de/veranstaltungen/Sicherheitskonferenz2018.html}, isbn = {978-3-3-7460-8637-8}, year = {2018}, date = {2018-02-28}, booktitle = {Sicherheit in vernetzten Systemen}, pages = {G1-G18}, publisher = {DFN-CERT Services GmbH}, abstract = {Cyber attacks such as ransomware can do great damage. Intrusion detection systems can help to detect those attacks. Especially with anomaly detection methods, it is possible to detect previous unknown attacks. In this paper, we present a graph-based approach in combination with existing methods trying to increase recognition rates and reduce false alarm rates. Our Hypotheses: By taking the inherent structure of the underlying data into account, it is possible to gain more insights compared to other known methods. The modern ADFA-LD dataset was used for the evaluation, which reflects the operation in a modern operating system. Compared to the Stide approach we demonstrate that a graph-based approach can keep pace. }, keywords = {}, pubstate = {published}, tppubtype = {inproceedings} } Cyber attacks such as ransomware can do great damage. Intrusion detection systems can help to detect those attacks. Especially with anomaly detection methods, it is possible to detect previous unknown attacks. In this paper, we present a graph-based approach in combination with existing methods trying to increase recognition rates and reduce false alarm rates. Our Hypotheses: By taking the inherent structure of the underlying data into account, it is possible to gain more insights compared to other known methods. The modern ADFA-LD dataset was used for the evaluation, which reflects the operation in a modern operating system. Compared to the Stide approach we demonstrate that a graph-based approach can keep pace. |
2017 |
Hirmer, Pascal; Waizenegger, Tim; Falazi, Ghareeb; Abdo, Majd; Volga, Yuliya; Askinadze, Alexander; Liebeck, Matthias; Conrad, Stefan; Hildebrandt, Tobias; Indiono, Conrad; Rinderle-Ma, Stefanie; Grimmer, Martin; Kricke, Matthias; Peukert, Eric The First Data Science Challenge at BTW 2017 Artikel Datenbank-Spektrum, 17 (3), S. 207–222, 2017, ISSN: 1610-1995. @article{Hirmer2017, title = {The First Data Science Challenge at BTW 2017}, author = {Pascal Hirmer and Tim Waizenegger and Ghareeb Falazi and Majd Abdo and Yuliya Volga and Alexander Askinadze and Matthias Liebeck and Stefan Conrad and Tobias Hildebrandt and Conrad Indiono and Stefanie Rinderle-Ma and Martin Grimmer and Matthias Kricke and Eric Peukert}, url = {https://doi.org/10.1007/s13222-017-0263-8}, doi = {10.1007/s13222-017-0263-8}, issn = {1610-1995}, year = {2017}, date = {2017-11-01}, journal = {Datenbank-Spektrum}, volume = {17}, number = {3}, pages = {207--222}, abstract = {The 17th Conference on Database Systems for Business, Technology, and Web (BTW2017) of the German Informatics Society (GI) took place in March 2017 at the University of Stuttgart in Germany. A Data Science Challenge was organized for the first time at a BTW conference by the University of Stuttgart and Sponsor IBM. We challenged the participants to solve a data analysis task within one month and present their results at the BTW. In this article, we give an overview of the organizational process surrounding the Challenge, and introduce the task that the participants had to solve. In the subsequent sections, the final four competitor groups describe their approaches and results.}, keywords = {}, pubstate = {published}, tppubtype = {article} } The 17th Conference on Database Systems for Business, Technology, and Web (BTW2017) of the German Informatics Society (GI) took place in March 2017 at the University of Stuttgart in Germany. A Data Science Challenge was organized for the first time at a BTW conference by the University of Stuttgart and Sponsor IBM. We challenged the participants to solve a data analysis task within one month and present their results at the BTW. In this article, we give an overview of the organizational process surrounding the Challenge, and introduce the task that the participants had to solve. In the subsequent sections, the final four competitor groups describe their approaches and results. |
Kricke, Matthias; Grimmer, Martin; Schmeißer, Michael Preserving Recomputability of Results from Big Data Transformation Workflows Artikel Datenbank-Spektrum, 17 (3), S. 245–253, 2017, ISSN: 1610-1995. @article{Kricke2017b, title = {Preserving Recomputability of Results from Big Data Transformation Workflows}, author = {Matthias Kricke and Martin Grimmer and Michael Schmeißer}, url = {https://doi.org/10.1007/s13222-017-0265-6}, doi = {10.1007/s13222-017-0265-6}, issn = {1610-1995}, year = {2017}, date = {2017-11-01}, journal = {Datenbank-Spektrum}, volume = {17}, number = {3}, pages = {245--253}, abstract = {The ability to recompute results from raw data at any time is important for data-driven companies to ensure data stability and to selectively incorporate new data into an already delivered data product. However, data transformation processes are heterogeneous and it is possible that manual work of domain experts is part of the process to create a deliverable data product. Domain experts and their work are expensive and time consuming, a recomputation process needs the ability of automatically adding former human interactions. It becomes even more challenging when external systems are used or data changes over time. In this paper, we propose a system architecture which ensures recomputability of results from big data transformation workflows on internal and external systems by using distributed key-value data stores. Furthermore, the system architecture will contain the possibility of incorporating human interactions of former data transformation processes. We will describe how our approach significantly relieves external systems and at the same time increases the performance of the big data transformation workflows.}, keywords = {}, pubstate = {published}, tppubtype = {article} } The ability to recompute results from raw data at any time is important for data-driven companies to ensure data stability and to selectively incorporate new data into an already delivered data product. However, data transformation processes are heterogeneous and it is possible that manual work of domain experts is part of the process to create a deliverable data product. Domain experts and their work are expensive and time consuming, a recomputation process needs the ability of automatically adding former human interactions. It becomes even more challenging when external systems are used or data changes over time. In this paper, we propose a system architecture which ensures recomputability of results from big data transformation workflows on internal and external systems by using distributed key-value data stores. Furthermore, the system architecture will contain the possibility of incorporating human interactions of former data transformation processes. We will describe how our approach significantly relieves external systems and at the same time increases the performance of the big data transformation workflows. |
2015 |
Schwarzbach, Björn; Glöckner, Michael; Pirogov, Alexander; Röhling, Martin Max; Franczyk, Bogdan Secure service interaction for collaborative business processes in the inter-cloud Inproceedings 2015 Federated Conference on Computer Science and Information Systems (FedCSIS), S. 1377-1386, 2015. @inproceedings{7321609, title = {Secure service interaction for collaborative business processes in the inter-cloud}, author = {Björn Schwarzbach and Michael Glöckner and Alexander Pirogov and Martin Max Röhling and Bogdan Franczyk}, url = {https://fedcsis.org/2015/ http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=7321609}, doi = {10.15439/2015F282}, year = {2015}, date = {2015-09-01}, booktitle = {2015 Federated Conference on Computer Science and Information Systems (FedCSIS)}, pages = {1377-1386}, abstract = {The emergence of a closer relationship between cloud service providers in the cloud computing market is the inevitable consequence of the computing as utility concept. The closer cooperation creates competitive advantages for providers and users of cloud services as well. Capacities and services can be used in a collaborative and flexible way. Despite the numerous potentials of composite cloud services, trust, policy and privacy are the major challenges resulting from the distributed and flexible data handling. The paper derives requirements and solutions in the field of inter-cloud service communication with a special focus on security. The proposed architecture is evaluated with a sample collaborative business process of inter-cloud service interaction.}, keywords = {}, pubstate = {published}, tppubtype = {inproceedings} } The emergence of a closer relationship between cloud service providers in the cloud computing market is the inevitable consequence of the computing as utility concept. The closer cooperation creates competitive advantages for providers and users of cloud services as well. Capacities and services can be used in a collaborative and flexible way. Despite the numerous potentials of composite cloud services, trust, policy and privacy are the major challenges resulting from the distributed and flexible data handling. The paper derives requirements and solutions in the field of inter-cloud service communication with a special focus on security. The proposed architecture is evaluated with a sample collaborative business process of inter-cloud service interaction. |
Publikationen
2019 |
Standardized container virtualization approach for collecting host intrusion detection data Inproceedings M. Ganzha L. Maciaszek, Paprzycki M (Hrsg.): Proceedings of the 2019 Federated Conference on Computer Science and Information Systems, S. 459 – 463, ACSIS, 2019, ISSN: 2300-5963, (ISBN: 978-83-952357-8-8. IEEE Catalog Number: CFP1985N-ART). |
A Modern and Sophisticated Host Based Intrusion Detection Data Set Inproceedings 16. Deutscher IT-Sicherheitskongress, 2019 (Hrsg.): IT-Sicherheit als Voraussetzung für eine erfolgreiche Digitalisierung, S. 135-145, 16. Deutscher IT-Sicherheitskongress, 2019 SecuMedia, 2019, ISBN: 978-3-922746-82-9. |
2018 |
Exploids: Host-basierte Angriffserkennung auf Linux-VMs Artikel Linux Magazin, 03/2018 , 2018. |
Intrusion Detection on System Call Graphs Inproceedings in vernetzten DFN-CERT, DFN-Konferenz "Sicherheit Systemen" 25 (Hrsg.): Sicherheit in vernetzten Systemen, S. G1-G18, DFN-CERT Services GmbH, 2018, ISBN: 978-3-3-7460-8637-8. |
2017 |
The First Data Science Challenge at BTW 2017 Artikel Datenbank-Spektrum, 17 (3), S. 207–222, 2017, ISSN: 1610-1995. |
Preserving Recomputability of Results from Big Data Transformation Workflows Artikel Datenbank-Spektrum, 17 (3), S. 245–253, 2017, ISSN: 1610-1995. |
2015 |
Secure service interaction for collaborative business processes in the inter-cloud Inproceedings 2015 Federated Conference on Computer Science and Information Systems (FedCSIS), S. 1377-1386, 2015. |