A5035871932- Advanced Malware Detection Techniques
- Digital and Cyber Forensics
- Security and Verification in Computing
- Network Security and Intrusion Detection
- Distributed systems and fault tolerance
- Information and Cyber Security
- Digital Media Forensic Detection
- Internet Traffic Analysis and Secure E-voting
- Privacy, Security, and Data Protection
- User Authentication and Security Systems
- Optimization and Search Problems
- Security in Wireless Sensor Networks
- Software System Performance and Reliability
- Mobile Ad Hoc Networks
- Parallel Computing and Optimization Techniques
- Energy Efficient Wireless Sensor Networks
- Software Reliability and Analysis Research
- Advanced Data Storage Technologies
- Cryptography and Data Security
- Cloud Data Security Solutions
- Spam and Phishing Detection
- Physical Unclonable Functions (PUFs) and Hardware Security
- Software Testing and Debugging Techniques
- Advanced Steganography and Watermarking Techniques
- Digitalization, Law, and Regulation
Friedrich-Alexander-Universität Erlangen-Nürnberg
2016-2025
University of Mannheim
2006-2011
Dependable Computing (United States)
2007
Siemens (Germany)
2006
Technische Universität Berlin
2006
Harvard University
2006
Laboratoire d'Informatique de Paris-Nord
2006
RWTH Aachen University
2005
Technical University of Darmstadt
2001
Malware is notoriously difficult to combat because it appears and spreads so quickly. In this article, we describe the design implementation of CWSandbox, a malware analysis tool that fulfills our three criteria automation, effectiveness, correctness for Win32 family operating systems
Smartphones in general and Android particular are increasingly shifting into the focus of cybercriminals. For understanding threat to security privacy it is important for researchers analyze malicious software written these systems. The exploding number malware calls automation analysis. In this paper, we present Mobile-Sandbox, a system designed automatically applications two novel ways: (1) combines static dynamic analysis, i.e., results analysis used guide extend coverage executed code,...
We are currently moving from the Internet society to a mobile where more and access information is done by previously dumb phones. For example, number of phones using full blown OS has risen nearly200% Q3/2009 Q3/2010. As result, security no longer immanent, but imperative. This survey paper provides concise overview network security, attack vectors back end system web browser, also hardware layer user as enabler. show differences similarities between "normal" draw conclusions for further...
The complexity and connectivity of modern vehicles has constantly increased over the past years. Within scope this development security risk for in-vehicle network its components risen massively. Apart from threats comfort confidentiality, these attacks can also affect safety critical systems vehicle therefore endanger driver other road users. In paper introduction anomaly detection to automotive is discussed. Based on properties typical vehicular networks, like Controller Area Network...
Attackers target many different types of computer systems in use today, exploiting software vulnerabilities to take over the device and make it act maliciously. Reports numerous attacks have been published, against constrained embedded devices Internet Things, mobile like smartphones tablets, high-performance desktop server environments, as well complex industrial control systems. Trusted computing architectures give users remote parties vendors guarantees about behaviour they run,...
We study techniques to visualize the behavior of malicious software (malware). Our aim is help human analysts quickly assess and classify nature a new malware sample. are based on parametrized abstraction detailed behavioral reports automatically generated by sandbox environments. then explore two visualization techniques: treemaps thread graphs. argue that both can effectively support analyst (a) in detecting maliciousness software, (b) classifying behavior.
We discovered and reverse engineered Feederbot, a botnet that uses DNS as carrier for its command control. Using k-Means clustering Euclidean Distance based classifier, we correctly classified more than 14m transactions of 42,143 malware samples concerning DNS-C&C usage, revealing another bot family with C&C. In addition, detected C&C in mixed office workstation network traffic.
Abstract Recently, Apple removed access to various device hardware identifiers that were frequently misused by iOS third-party apps track users. We are, therefore, now studying the extent which users of smartphones can still be uniquely identified simply through their personalized configurations. Using Apple’s as an example, we show how a fingerprint computed using 29 different configuration features. These features queried from arbitrary thirdparty via official SDK. Experimental evaluations...
The Sancus security architecture for networked embedded devices was proposed in 2013 at the USENIX Security conference. It supports remote (even third-party) software installation on while maintaining strong guarantees. More specifically, can remotely attest to a provider that specific module is running uncompromised and provide secure communication channel between modules providers. Software securely maintain local state interact with other they choose trust. Over past three years,...
A botnet is a network of compromised machines under the control an attacker. Botnets are driving force behind several misuses on Internet, for example spam mails or automated identity theft. In this paper, we study most prevalent peer-to-peer in 2009: Waledac. We present our ltration Waledac botnet, which can be seen as successor Storm Worm botnet. To achieve implemented clone bot named Walowdac. It implements communication features but does not cause any harm, i.e., no emails sent and other...
Dynamic analysis of malware is widely used to obtain a better understanding unknown software. While existing systems mainly focus on host-level activities and limit the period few minutes, we concentrate network behavior over longer periods. We provide comprehensive overview typical by discussing results that obtained during more than 100,000 samples. The resulting was dissected in our new environment called Sandnet complements focusing traffic analysis. Our in-depth two protocols are most...