A5047826517- Network Security and Intrusion Detection
- Anomaly Detection Techniques and Applications
- Software System Performance and Reliability
- Advanced Malware Detection Techniques
- Internet Traffic Analysis and Secure E-voting
- Advanced Clustering Algorithms Research
- Network Packet Processing and Optimization
- Scientific Computing and Data Management
- Network Traffic and Congestion Control
- Artificial Immune Systems Applications
- Software Testing and Debugging Techniques
- Cloud Computing and Resource Management
- Advanced Database Systems and Queries
- Algorithms and Data Compression
- Mobile Agent-Based Network Management
- Data Stream Mining Techniques
- Data Quality and Management
- Data Mining Algorithms and Applications
- Electronic Health Records Systems
- Distributed and Parallel Computing Systems
- Spam and Phishing Detection
- Software-Defined Networks and 5G
- Neural Networks and Applications
Hasso Plattner Institute
2013-2020
University of Potsdam
2013-2017
The differences in log file formats employed a variety of services and applications remain to be problem for security analysts developers intrusion detection systems. proposed solution, i.e. the usage common formats, has limited utilization within existing solutions management. In our paper, we reveal reasons this limitation. We show disadvantages normalisation events. To deal with it have created new format that fits purposes can extended easily. Taking previous work into account, would...
Summary Modern security information and event management systems should be capable to store process high amount of events or log messages in different formats from sources. This requirement often prevents such usage computational heavy algorithms for analysis. To deal with this issue, we built our system based on an in‐memory database integrated machine learning library, namely, SAP HANA. Three approaches, that is, (1) deep normalisation messages, (2) storing data the main memory (3) running...
When looking at media reports nowadays, major security breaches of big companies and governments seem to be a normal situation. An important step for the investigation or even prevention these is normalize analyze security-related log events from various systems in target network. However, number produced IT landscapes can grow up multiple billions per day. Current management solutions, e.g., Security Information Event Management (SIEM), cannot closely such huge amounts data therefore...
Nowadays processing of Big Security Data, such as log messages, is commonly used for intrusion detection purposes. Its heterogeneous nature, well a combination numerical and categorical attributes, do not allow to apply the existing data mining methods directly on without feature preprocessing. Therefore, rather computationally expensive conversion attributes into vector space should be utilised analysis data. However, well-known k-modes algorithm allows cluster avoid space. The...
Modern Security Information and Event Management systems should be capable to store process high amount of events or log messages in different formats from sources. This requirement often prevents such usage computational-heavy algorithms for security analysis. To deal with this issue, we built our system based on an in-memory data base integrated machine learning library, namely SAP HANA. Three approaches, i.e. (1) deep normalisation (2) storing the main memory (3) running analysis directly...
For testing new methods of network security or algorithms analytics, we need the experimental environments as well data which are much possible similar to real-world data. Therefore, researchers always trying find best approaches and recommendations creating simulating testbeds, because issue automation testbed creation is a crucial goal accelerate research progress. One ways generate simulate user behavior on virtual machines, but challenge how describe what want simulate.
The rapid development and integration of Information Technologies over the last decades influenced all areas our life, including business world. Yet not only modern enterprises become digitalised, but also security criminal threats move into digital sphere. To withstand these threats, companies must be aware activities within their computer networks. The keystone for such continuous monitoring is a Security Event Management (SIEM) system that collects processes security-related log messages...
The boundary devices, such as routers, firewalls, proxies, and domain controllers, etc., are continuously generating logs showing the behaviors of internal external users, working state network well devices themselves. To rapidly efficiently analyze these makes great sense in terms security reliability. However, it is a challenging task due to fact that huge amount data might be generated for being analyzed very short time. In this paper, we address challenge by applying complex analytics...
Internet scalability depends on of its core routing protocol - Border Gateway Protocol (BGP). However, dynamics BGP still conceal many unanswered questions. Most these questions are related to update messages: root cause spikes, correlation between spikes in the different parts and influence individual global routing. This article presents a methodology locate events behind specific spikes. The method explores correlated updates seen vantage points [1]. Although previous work [2] uses...
The “HPI Future SOC Lab” is a cooperation of the Hasso Plattner Institute (HPI) and industry partners. Its mission to enable promote exchange interaction between research community partners. HPI Lab provides researchers with free charge access complete infrastructure state art hard software. This includes components, which might be too expensive for an ordinary environment, such as servers up 64 cores 2 TB main memory. offerings address particularly from but not limited areas computer...
Nowadays processing of Big Security Data, such as log messages, is commonly used for intrusion detection purposed. Its heterogeneous nature, well combination numerical and categorical attributes does not allow to apply the existing data mining methods directly on without feature preprocessing. Therefore, a rather computationally expensive conversion into vector space should be utilised analysis data. However, well-known k-modes algorithm allows cluster avoid space. The implementations Data...