Auflistung nach Schlagwort "intrusion detection"
1 - 4 von 4
Treffer pro Seite
Sortieroptionen
- KonferenzbeitragA new Attack Composition for Network Security(10. DFN-Forum Kommunikationstechnologien, 2017) Beer, Frank; Hofer, Tim; Karimi, David; Bühler, UlrichAs the current cyber threat landscape is becorning more depressing, sophisticated intrusion detection systems must evolve to protect network infrastructures efficiently. Building such a detector is highly data-driven and requires quality datasets to evaluate different phases in both the development and deployment process. However, finding publicly available captures with a ground truth is challenging. Most existing datasets focus on very specific subjects such as botnet, flooding, or brute-force traffic rather than providing a broad arsenal of different attack vectors threatening today's networks. This work addresses this gap by introducing a new attack composition comprising a multitude of classic as well as state-of-the-art attacks. The dataset embrace rich and untreated packet traces including payload, collected log events, and a detailed ground truth. lntitial results reveal the proposed captures complement existing traces and provide a sound base for various rnining applications in the field of network security research.
- KonferenzbeitragDistributed Machine Learning Based Intrusion Detection System for Smart Grid(Sicherheit 2024, 2024) Wöhnert, Kai HendrikThe electrical grid is transitioning towards a decentralized structure, spurred by the inclusion of renewable energy. This paper addresses the complex security challenges faced due to its decentral network architecture. Traditional network security methods are insufficient in safeguarding against threats in this evolving environment. The focus is the creation of a decentralized intrusion detection system (IDS) using a machine learning approach optimized for resource-constrained devices. Preliminary evaluations indicate that smaller recurrent neural networks can effectively detect denial of service attacks in simulated networks. Future work will involve real-world data analysis and field tests in genuine smart grid environments.
- KonferenzbeitragIterative präzisionsbewertende Signaturgenerierung(Sicherheit 2010. Sicherheit, Schutz und Zuverlässigkeit, 2010) Rietz, René; Schmerl, Sebastian; Vogel, Michael; König, HartmutDie Wirksamkeit signaturbasierter Intrusion Detection Systeme hängt entscheidend von der Präzision der verwendeten Signaturen ab. Die Ursachen unpräziser Signaturen sind hauptsächlich der Signaturableitung zuzuschreiben. Die Spezifikation einer Signatur ist aufwendig und fehleranfällig. Methoden für ein systematisches Vorgehen existieren bisher kaum. In diesem Papier stellen wir einen Ansatz zur systematischen Ableitung von Signaturen für Host-basierte IDS vor. Ausgehend vom Programmcode und der Verwundbarkeit werden ganze Signaturen oder Signaturfragmente generiert. Wir zeigen, dass durch den Einsatz von statischer Code-Analyse der Entwurfsprozess für Signaturen automatisiert und entscheidend verkürzt werden kann. Ferner ist eine Qualitätsabschätzung der abgeleiteten Signatur möglich.
- KonferenzbeitragA transparent Bridge for forensic sound network traffic data acquisition(Sicherheit 2010. Sicherheit, Schutz und Zuverlässigkeit, 2010) Kiltz, Stefan; Hildebrandt, Mario; Altschaffel, Robert; Dittmann, JanaIn this paper we introduce a prototype that is designed to produce forensic sound network data recordings using inexpensive hardand software, the Linux Forensic Transparent Bridge (LFTB). It supports the investigation of the network communication parameters and the investigation of the payload of network data. The basis for the LFTB is a self-developed model of the forensic process which also addresses forensically relevant data types and considerations for the design of forensic software using software engineering techniques. LFTB gathers forensic evidence to support cases such as malfunctioning hardand software and for investigating malicious activity. In the latter application the stealthy design of the proposed device is beneficial. Experiments as part of a first evaluation show its usability in a support case and a malicious activity scenario. Effects to latency and throughput were tested and limitations for packet recording analysed. A live monitoring scheme warning about potential packet loss endangering evidence has been implemented.