piwik-script

Intern
    DMIR Research Group

    Publications by Andreas Hotho

    These publications are hosted by BibSonomy.

    A Toolset for Intrusion and Insider Threat Detection

    Ring, Markus; Wunderlich, Sarah; Grüdl, Dominik; Landes, Dieter; Hotho, Andreas . Seite 3--31 . Springer International Publishing , Cham , 2017 .

    Company data are a valuable asset and must be protected against unauthorized access and manipulation. In this contribution, we report on our ongoing work that aims to support IT security experts with identifying novel or obfuscated attacks in company networks, irrespective of their origin inside or outside the company network. A new toolset for anomaly based network intrusion detection is proposed. This toolset uses flow-based data which can be easily retrieved by central network components. We study the challenges of analysing flow-based data streams using data mining algorithms and build an appropriate approach step by step. In contrast to previous work, we collect flow-based data for each host over a certain time window, include the knowledge of domain experts and analyse the data from three different views. We argue that incorporating expert knowledge and previous flows allow us to create more meaningful attributes for subsequent analysis methods. This way, we try to detect novel attacks while simultaneously limiting the number of false positives.
    Weitere Informationen
    Herausgeber Palomares Carrascosa, Iván; Kalutarage, Harsha Kumara; Huang, Yan
    DOIhttp://dx.doi.org/10.1007/978-3-319-59439-2_1
    Tags2017  flow  myown  network  security  toolset 

    Hinweis zum Datenschutz

    Mit 'OK' verlassen Sie die Seiten der Universität Würzburg und werden zu Facebook weitergeleitet. Informationen zu den dort erfassten Daten und deren Verarbeitung finden Sie in deren Datenschutzerklärung.

    Hinweis zum Datenschutz

    Mit 'OK' verlassen Sie die Seiten der Universität Würzburg und werden zu Twitter weitergeleitet. Informationen zu den dort erfassten Daten und deren Verarbeitung finden Sie in deren Datenschutzerklärung.

    Social Media
    Kontakt

    Andreas Hotho
    DMIR Research Group
    Am Hubland
    97074 Würzburg

    Tel.: +49 931 31-86731
    Fax: +49 931 31-86732

    Suche Ansprechpartner

    Hubland Süd, Geb. M2
    Hubland Süd, Geb. M2