Logo des Repositoriums

Auflistung nach Autor:in "Baier, Harald"

1 - 8 von 8
  • Konferenzbeitrag
    COFFEE: a concept based on OpenFlow to filter and erase events of botnet activity at high-speed nodes
    (INFORMATIK 2013 – Informatik angepasst an Mensch, Organisation und Umwelt, 2013) Schehlmann, Lisa; Baier, Harald
    It is a great challenge to tackle the increasing threat of botnets to contemporary networks. The community developed a lot of approaches to detect botnets. Their fundamental idea differs and may be grouped according to the location (e.g., host-based, network-based), data sets (e.g., full network packets, packet header information), and algorithms (e.g., signature based, anomaly based). However, if applied to high-speed networks like nodes of an Internet service provider (ISP) currently proposed methods suffer from two drawbacks. First, the false positive rate is too high to be used in an operational environment. Second, mitigation and reaction is not addressed. In this paper we introduce COFFEE, our concept of a botnet detection and mitigation framework at large-scale networks. The overall goal of COFFEE is to keep operational costs to a minimum. The detection part of COFFEE comprises two phases: the first one processes the whole traffic to filter candidates of a command-and-control communication using NetFlow-based detection algorithms. In order to decrease the false positive rate, suspected network connections are inspected in more detail in the second phase. The second phase makes use of the concept of Software-Defined Networking (SDN), which is currently deployed in some networks. If the detection yields an alert, SDN again is used to react (e.g., to drop suspect connections).
  • Konferenzbeitrag
    A note on the protection level of biometric data in electronic passports
    (BIOSIG 2009: biometrics and electronic signatures, 2009) Baier, Harald; Straub, Tobias
    Following regulations of the EU Council in 2004, the member states have deployed electronic passports according to ICAO standards. Such documents contain an embedded radio frequency chip for storing personal data. The chip of a first generation German passport only duplicates the information which is already printed on the passport. In the current second version there are now also two fingerprints as additional biometric attributes apart from the digital facial image of the document owner. The note at hand concentrates on attack vectors of biometric characteristics contained in the RF chip and discusses which threats towards fingerprints are thwarted. Our gist is to point to the low protection level of the facial image on the one hand and the high protection level of fingerprints on the other hand although both biometric characteristics are easy to gather.
  • Konferenzbeitrag
    Performance evaluation of classification and feature selection algorithms for NetFlow-based protocol recognition
    (INFORMATIK 2013 – Informatik angepasst an Mensch, Organisation und Umwelt, 2013) Abt, Sebastian; Wener, Sascha; Baier, Harald
    Protocol recognition is a commonly required technique to deploy servicedependent billing schemes and to secure computer networks, e.g., to reliably determine the protocol used for a botnet command and control (C & C) channel. In the past, different deep packet inspection based approaches to protocol recognition have been proposed. However, such approaches suffer from two drawbacks: first, they fail when data streams are encrypted, and second, they do not scale at high traffic rates. To overcome these limitations, in this paper we evaluate the performance in terms of precision and recall (i.e., accuracy) of different feature selection and classification algorithms with regard to NetFlow-based protocol recognition. As NetFlow does not rely on payload information and gives a highly aggregated view on network communication, it serves as a natural data source in ISP networks. Our evaluation shows that NetFlow based protocol detection achieves high precision and recall rates of more than 92% for widespread protocols used for C&C communication (e.g., HTTP, DNS).
  • Konferenzbeitrag
    A preliminary study on the feasibility of storing fingerprint and iris image data in 2D-barcodes
    (Biosig 2016, 2016) Buchmann, Nicolas; Rathgeb, Christian; Wagner, Johannes; Busch, Christoph; Baier, Harald
  • Konferenzbeitrag
    A quality score honoring approach to semantic conformance assessment of minutiae-based feature extractors
    (BIOSIG 2011 – Proceedings of the Biometrics Special Interest Group, 2011) Abt, Sebastian; Busch, Christoph; Baier, Harald
    The use of biometric systems is steadily increasing, which leads to heterogeneity and, thus, possibly interoperability issues. In order to address such issues, standards are developed by ISO/IEC Joint Technical Committee 1. In the case of minutiae-based fingerprint recognition, for instance, ISO/IEC 19794-2 defines biometric data interchange records that vendors should adhere to. To validate adherence to this standard, ISO/IEC 29109-2 specifies means to perform syntactic conformance testing. Yet, a specification of semantic conformance testing is missing and is currently being discussed as a working draft amendment of ISO/IEC 29109-2. In order to contribute to this development, this paper proposes a general semantic conformance testing framework. Especially, a formal semantic conformance computation model is proposed that can be used to assess a biometric systems vendor's semantic conformance according to a ground-truth data set and to compare different testing approaches. Furthermore, an instance thereof is proposed that honors minutia quality scores when computing semantic conformance rates. Initial evaluation shows, that semantic conformance rates computed using this quality-honoring approach correlate with inter-vendor performance measures we would expect in a real-world scenario.
  • Konferenzbeitrag
    Scenario-based Data Set Generation for Use in Digital Forensics: A Case Study
    (INFORMATIK 2024, 2024) Göbel, Thomas; Baier, Harald; Wolf, Dennis
    Digital forensics is a rapidly growing and highly relevant field of cybersecurity. In case of an incident, the subsequent digital forensic investigation and analysis shall reveal the respective digital evidence. However, although electronic devices and their data play a central role in each crime investigation, data sets to train experts or to validate tools are sparse. While manual data set generation is a time-consuming, elaborate and error-prone task, tool-based data synthesis is an excellent candidate for simplifying data generation and solving the data set gap problem. Synthetic data sets can be used, for example, to test and refine forensic tools and methods under controlled conditions. In addition, entirely new approaches can be explored. Several promising data synthesis frameworks for digital forensic data set creation have been published lately, the most recent of which is ForTrace, a freely available, community-driven data synthesis framework written in Python for generating digital forensic data sets. This paper shows how to apply ForTrace in a large-scale manner without human interaction. Our main goal is to show the usability of ForTrace and demonstrate its practicality and benefits for the digital forensic domain. We therefore provide a sample usage of ForTrace in two scenarios, namely a VeraCrypt and a malware use case, and present the definition of the corresponding configurations.
  • Konferenzbeitrag
    Security considerations on extending PACE to a biometric-based connection establishment
    (BIOSIG 2013, 2013) Buchmann, Nicolas; Peeters, Roel; Baier, Harald; Pashalidis, Andreas
    The regulations of the European Union (EU) Council in 2004 are the basis of the deployment of electronic passports within the EU. Since then EU member states adopt the format and the access protocols to further electronic machine readable travel documents (eMRTD) like national electronic ID cards and electronic residence permits, respectively. The security protocols to communicate with an eMRTD are based on the paradigm of strong cohesion and loose coupling, i.e., each step is designed to ensure only a particular security goal like authorisation to access a certain data group, authenticity and integrity of the data, originality of the chip, or the linkage between the eMRTD and its holder. However, recently a discussion evolved to integrate the linkage security goal within the connection establishment, which currently only aims at limiting basic access of authorised terminals to the eMRTD. For instance, the BioPACE protocol proposes to replace the knowledge-based shared 'secret' of PACE by a biometric-based one. The goal of the paper at hand is twofold: First, we evaluate the BioPACE protocol and propose improvements to enhance its features. Second, we analyse the expediency of integrating our BioPACE version 2 into the eMRTD domain. Our initial evaluation shows that our BioPACE version 2 is expedient if the EAC protocols and the corresponding PKI are abandoned.
  • Konferenzbeitrag
    Vom elektronischen Reisepass zum Personalausweis: RFID und personenbezogene Daten – Lessons Learned !?
    (Informatik 2009 – Im Focus das Leben, 2009) Baier, Harald; Straub, Tobias