Logo Hochschule Coburg
FORSCHUNG // PROF. DR. DIETER LANDES

Online-Basierte Ereignisanalyse im Sicherheitsbereich bei KMUs

1

Malware Detection on Windows Audit Logs Using LSTMs

Ring, M.; Schlör, S.; Wunderlich , D.; Landes, Dieter; Hotho, A. (2021)

Computers and Security 109, S. 1-12.
DOI: 10.1016/j.cose.2021.102389


Peer Reviewed
mehr

Impact of Generative Adversarial Networks on NetFlow-Based Traffic Classification

Wolf, Maximilian; Ring, M.; Landes, Dieter (2020)

13th International Conference on Computational Intelligence in Security for Information Systems (CISIS 2020) / Cham 2020 (1267), S. 393–404.


Peer Reviewed

The Impact of Different System Call Representations on Intrusion Detection

Wunderlich, Sarah; Ring, M.; Landes, Dieter; Hotho, A. (2020)

Logic Journal of the IGPL 2020.
DOI: 10.1093/jigpal/jzaa058


Peer Reviewed
mehr

Comparison of System Call Representations for Intrusion Detection

Wunderlich, Sarah; Ring, M.; Landes, Dieter; Hotho, A. (2019)

International Joint Conference: 12th International Conference on Computational Intelligence in Security for Information Systems (CISIS 2019) and 10th International Conference on European Transnational Education (ICEUTE 2019). Advances in Intelligent Systems and Computing 951, S. 14–24.


Peer Reviewed
mehr

Detection of slow port scans in flow-based network traffic

Ring, M.; Landes, Dieter; Hotho, A. (2018)

PLOS ONE 2018 13 (9).
DOI: 10.1371/journal.pone.0204507


Open Access Peer Reviewed
 

Frequently, port scans are early indicators of more serious attacks. Unfortunately, the detection of slow port scans in company networks is challenging due to the massive amount of network data. This paper proposes an innovative approach for preprocessing flow-based data which is specifically tailored to the detection of slow port scans. The preprocessing chain generates new objects based on flow-based data aggregated over time windows while taking domain knowledge as well as additional knowledge about the network structure into account. The computed objects are used as input for the further analysis. Based on these objects, we propose two different approaches for detection of slow port scans. One approach is unsupervised and uses sequential hypothesis testing whereas the other approach is supervised and uses classification algorithms. We compare both approaches with existing port scan detection algorithms on the flow-based CIDDS-001 data set. Experiments indicate that the proposed approaches achieve better detection rates and exhibit less false alarms than similar algorithms.

mehr

Flow-based benchmark data sets for intrusion detection

Ring, M.; Wunderlich, Sarah; Grüdl, Dominik; Landes, Dieter; Hotho, A. (2017)

Proceedings of the 16th European Conference on Cyber Warfare and Security (ECCWS) 2017, S. 361–369.


Peer Reviewed


Projektleitung

Prof. Dr. Dieter Landes
T 09561317177
dieter.landes[at]hs-coburg.de

ORCID iD: 0000-0002-0741-3540

Projektdauer

15.07.2019 - 14.09.2022

Projektträger

VDI|VDE|IT

Projektförderung

Bayerisches Staatsministerium für Wirtschaft, Landesentwicklung und Energie

Förderprogramm

Bayerisches Staatsministerium für Wirtschaft, Landesentwicklung und Energie - Information- und Kommunikationstechnik