@inproceedings{wagner_problem_2014, address = {Paris}, title = {Problem {Characterization} and {Abstraction} for {Visual} {Analytics} in {Behavior}-{Based} {Malware} {Pattern} {Analysis}}, url = {https://ifs.tuwien.ac.at/~rind/preprint/wagner_2014_VizSec_problem.pdf}, doi = {10/cv8p}, abstract = {Behavior-based analysis of emerging malware families involves finding suspicious patterns in large collections of execution traces. This activity cannot be automated for previously unknown malware families and thus malware analysts would benefit greatly from integrating visual analytics methods in their process. However existing approaches are limited to fairly static representations of data and there is no systematic characterization and abstraction of this problem domain. Therefore we performed a systematic literature study, conducted a focus group as well as semi-structured interviews with 10 malware analysts to elicit a problem abstraction along the lines of data, users, and tasks. The requirements emerging from this work can serve as basis for future design proposals to visual analytics-supported malware pattern analysis.}, booktitle = {Proceedings of the {Eleventh} {Workshop} on {Visualization} for {Cyber} {Security}}, publisher = {ACM}, author = {Wagner, Markus and Aigner, Wolfgang and Rind, Alexander and Dornhackl, Hermann and Kadletz, Konstantin and Luh, Robert and Tavolato, Paul}, editor = {Harrison, Lane}, month = nov, year = {2014}, note = {Projekt: TARGET Projekt: KAVA-Time}, keywords = {2014, Creative Industries, Department Technologie, FH SP Cyber Security, Forschungsgruppe Digital Technologies, Forschungsgruppe Media Computing, Forschungsgruppe Secure Societies, Institut für Creative Media Technologies, Institut für IT Sicherheitsforschung, KAVA-Time, Publikationstyp Präsentation, Publikationstyp Schriftpublikation, Visual analytics, best, best-lbwagnerm, evaluation, malicious software, malware analysis, peer-reviewed, problem characterization and abstraction, user centered design, visualization}, pages = {9 -- 16}, } @inproceedings{luh_robert_apt_2018, title = {{APT} {RPG}: {Design} of a {Gamified} {Attacker}/{Defender} {Meta} {Model}}, booktitle = {International {Workshop} on {FORmal} methods for {Security} {Engineering}}, author = {{Luh, Robert} and Temper, Marlies and Tjoa, Simon and Schrittwieser, Sebastian}, year = {2018}, note = {Projekt: TARGET}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Data Intelligence, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Schriftpublikation, peer-reviewed, ⛔ No DOI found}, } @article{kieseberg_forensics_2017, title = {Forensics using {Internal} {Database} {Structures}}, url = {http://ercim-news.ercim.eu/images/stories/EN108/EN108-web.pdf}, number = {108}, journal = {ERCIM News}, author = {Kieseberg, Peter and Weippl, Edgar and Schrittwieser, Sebastian}, year = {2017}, note = {Projekt: TARGET}, keywords = {Center for Artificial Intelligence, Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Schriftpublikation, peer-reviewed, ⛔ No DOI found}, } @article{kieseberg_forensics_2016, title = {Forensics using {Internal} {Database} {Structures}}, number = {108}, journal = {ERCIM News}, author = {Kieseberg, Peter and Weippl, Edgar and Schrittwieser, Sebastian}, year = {2016}, note = {Projekt: TARGET}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Schriftpublikation, peer-reviewed, ⛔ No DOI found}, } @article{kieseberg_security_2017, title = {Security {Testing} for {Mobile} {Applications}}, volume = {109}, url = {https://www.sba-research.org/wp-content/uploads/publications/201704 - KIESEBERG - Pages from EN109-web.pdf}, journal = {ERCIM News}, author = {Kieseberg, Peter and Frühwirt, Peter and Schrittwieser, Sebastian}, year = {2017}, note = {Projekt: TARGET}, keywords = {Center for Artificial Intelligence, Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Schriftpublikation, peer-reviewed, ⛔ No DOI found}, pages = {52--53}, } @article{malle_privacy_2016, title = {Privacy {Aware} {Machine} {Learning} and the {Right} to be {Forgotten}}, number = {107}, journal = {ERCIM News}, author = {Malle, Bernd and Kieseberg, Peter and Schrittwieser, Sebastian and Holzinger, Andreas}, year = {2016}, note = {Projekt: TARGET}, keywords = {Center for Artificial Intelligence, Center for Digital Health Innovation, Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Schriftpublikation, peer-reviewed, ⛔ No DOI found}, } @article{kieseberg_detection_2016, title = {Detection of {Data} {Leaks} in {Collaborative} {Data} {Driven} {Research}}, number = {105}, journal = {ERCIM News}, author = {Kieseberg, Peter and Weippl, Edgar and Schrittwieser, Sebastian}, year = {2016}, note = {Projekt: TARGET}, keywords = {Center for Artificial Intelligence, Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Schriftpublikation, peer-reviewed, ⛔ No DOI found}, } @inproceedings{luh_design_2017, address = {Madeira, Portugal}, title = {Design of an {Anomaly}-based {Threat} {Detection} \& {Explication} {System}}, doi = {10/gnd7mx}, author = {Luh, Robert and Schrittwieser, Sebastian and Janicke, Helge and Marschalek, Stefan}, year = {2017}, note = {Projekt: TARGET}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Schriftpublikation, peer-reviewed}, } @inproceedings{marschalek_empirical_2016, title = {Empirical {Malware} {Research} through {Observation} of {System} {Behaviour}}, doi = {10/gnt2tx}, booktitle = {First {Workshop} on {Empirical} {Research} {Methods} in {Information} {Security}}, publisher = {ACM}, author = {Marschalek, Stefan and Kaiser, Manfred and Luh, Robert and Schrittwieser, Sebastian}, year = {2016}, note = {Projekt: TARGET}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Schriftpublikation, peer-reviewed}, pages = {467--469}, } @inproceedings{luh_taon_2016, title = {{TAON}: {An} {Ontology}-based {Approach} to {Mitigating} {Targeted} {Attacks}}, doi = {10/gnt2tw}, publisher = {ACM}, author = {Luh, Robert and Schrittwieser, Sebastian and Marschalek, Stefan}, year = {2016}, note = {Projekt: TARGET}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Schriftpublikation, peer-reviewed}, } @article{luh_automatische_2011, title = {Automatische verhaltensbasierte {Malware}-{Analyse}}, language = {Deutsch}, number = {11}, journal = {Hackin9}, author = {Luh, Robert and Tavolato, Paul}, year = {2011}, note = {Projekt: TARGET}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation}, } @inproceedings{wagner_survey_2015, address = {Cagliari, Italy}, title = {A {Survey} of {Visualization} {Systems} for {Malware} {Analysis}}, url = {http://mc.fhstp.ac.at/supp/EuroVisStar2015}, doi = {10/cwc4}, abstract = {Due to the increasing threat from malicious software (malware), monitoring of vulnerable systems is becoming increasingly important. The need to log and analyze activity encompasses networks, individual computers, as well as mobile devices. While there are various automatic approaches and techniques available to detect, identify, or capture malware, the actual analysis of the ever-increasing number of suspicious samples is a time-consuming process for malware analysts. The use of visualization and highly interactive visual analytics systems can help to support this analysis process with respect to investigation, comparison, and summarization of malware samples. Currently, there is no survey available that reviews available visualization systems supporting this important and emerging field. We provide a systematic overview and categorization of malware visualization systems from the perspective of visual analytics. Additionally, we identify and evaluate data providers and commercial tools that produce meaningful input data for the reviewed malware visualization systems. This helps to reveal data types that are currently underrepresented, enabling new research opportunities in the visualization community.}, booktitle = {Eurographics {Conference} on {Visualization} ({EuroVis}) - {STARs}}, publisher = {The Eurographics Association}, author = {Wagner, Markus and Fischer, Fabian and Luh, Robert and Haberson, Andrea and Rind, Alexander and Keim, Daniel A. and Aigner, Wolfgang}, editor = {Borgo, Rita and Ganovelli, Fabio and Viola, Ivan}, year = {2015}, note = {Projekt: TARGET Projekt: KAVA-Time}, keywords = {Creative Industries, FH SP Cyber Security, FH SP Data Analytics \& Visual Computing, Forschungsgruppe Digital Technologies, Forschungsgruppe Media Computing, Forschungsgruppe Secure Societies, Institut für Creative Media Technologies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, KAVA-Time, Model/Taxonomy, Publikationstyp Präsentation, Publikationstyp Schriftpublikation, Time-Oriented Data, Visual Computing, Visual analytics, Vortrag, Wiss. Beitrag, best, best-lbaigner, best-lbwagnerm, best-rluh, information visualization, interdisziplinär, malicious software, malware, peer-reviewed, survey, taxonomy, visualization}, pages = {105--125}, } @article{luh_sequin_2018, title = {{SEQUIN}: a grammar inference framework for analyzing malicious system behavior}, url = {http://mc.fhstp.ac.at/sites/default/files/publications/Luh_2018_SEQUIN.pdf}, doi = {10/cwdf}, abstract = {Targeted attacks on IT systems are a rising threat to the confidentiality of sensitive data and the availability of critical systems. The emergence of Advanced Persistent Threats (APTs) made it paramount to fully understand the particulars of such attacks in order to improve or devise effective defense mechanisms. Grammar inference paired with visual analytics (VA) techniques offers a powerful foundation for the automated extraction of behavioral patterns from sequential event traces. To facilitate the interpretation and analysis of APTs, we present SEQUIN, a grammar inference system based on the Sequitur compression algorithm that constructs a context-free grammar (CFG) from string-based input data. In addition to recursive rule extraction, we expanded the procedure through automated assessment routines capable of dealing with multiple input sources and types. This automated assessment enables the accurate identification of interesting frequent or anomalous patterns in sequential corpora of arbitrary quantity and origin. On the formal side, we extended the CFG with attributes that help describe the extracted (malicious) actions. Discovery-focused pattern visualization of the output is provided by our dedicated KAMAS VA prototype.}, journal = {Journal of Computer Virology and Hacking Techniques}, author = {Luh, Robert and Schramm, Gregor and Wagner, Markus and Janicke, Helge and Schrittwieser, Sebastian}, year = {2018}, note = {Projekt: TARGET Projekt: KAVA-Time}, keywords = {FH SP Cyber Security, Forschungsgruppe Digital Technologies, Forschungsgruppe Media Computing, Forschungsgruppe Secure Societies, Institut für Creative Media Technologies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Visual analytics, Wiss. Beitrag, attribute grammar, best, best-lbwagner, best-rluh, knowledge generation, malware analysis, peer-reviewed, system behavior}, pages = {01 -- 21}, } @inproceedings{marschalek_classifying_2015, title = {Classifying {Malicious} {System} {Behavior} using {Event} {Propagation} {Trees}}, doi = {10/gh378f}, booktitle = {Proceedings of the 17th {International} {Con}- ference on {Information} {Integration} and {Web}-based {Applications} {Services} ({iiWAS2015})}, author = {Marschalek, Stefan and Luh, Robert and Kaiser, Manfred and Schrittwieser, Sebastian}, year = {2015}, note = {Projekt: TARGET}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Schriftpublikation, SP IT Sec System \& Application Security, peer-reviewed}, } @inproceedings{luh_sequitur-based_2017, title = {Sequitur-based {Inference} and {Analysis} {Framework} for {Malicious} {System} {Behavior}}, doi = {10/cwdb}, author = {Luh, Robert and Schramm, Georg and Wagner, Markus and Schrittwieser, Sebastian}, year = {2017}, note = {Projekt: TARGET Projekt: KAVA-Time}, keywords = {2017, Department Medien und Digitale Technologien, Department Technologie, FH SP Cyber Security, Forschungsgruppe Digital Technologies, Forschungsgruppe Media Computing, Forschungsgruppe Secure Societies, Institut für Creative Media Technologies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Präsentation, Publikationstyp Schriftpublikation, peer-reviewed}, } @inproceedings{pirker_assessment_2016, title = {Assessment of {Server} {State} via {Inter}-{Clone} {Differences}}, doi = {10/gh375j}, publisher = {IEEE}, author = {Pirker, Martin and Nusser, Andreas}, year = {2016}, note = {Projekt: TARGET}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Schriftpublikation, peer-reviewed}, } @inproceedings{pirker_work-flow_2016, series = {{WWW} '16 {Companion}}, title = {A {Work}-{Flow} for {Empirical} {Exploration} of {Security} {Events}}, url = {http://www2016.net/proceedings/companion/p477.pdf}, doi = {10/gh375h}, booktitle = {25th {International} {Conference} {Companion} on {World} {Wide} {Web}}, publisher = {ACM}, author = {Pirker, Martin and Nusser, Andreas}, year = {2016}, note = {Projekt: TARGET}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Schriftpublikation, peer-reviewed}, } @inproceedings{rottermanner_privacy_2015, title = {Privacy and {Data} {Protection} in {Smartphone} {Messengers}}, doi = {10/gh3746}, booktitle = {Proceedings of the 17th {International} {Conference} on {Information} {Integration} and {Web}-based {Applications} {Services} ({iiWAS2015})}, author = {Rottermanner, C and Kieseberg, Peter and Huber, Markus and Schmiedecker, M and Schrittwieser, Sebastian}, year = {2015}, note = {Projekt: TARGET}, keywords = {Center for Artificial Intelligence, Department Technologie, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation}, } @inproceedings{wegerer_defeating_2016, title = {Defeating the {Database} {Adversary} {Using} {Deception} – {A} {MySQL} {Database} {Honeypot}}, doi = {10/gh3745}, publisher = {IEEE}, author = {Wegerer, Mathias and Tjoa, Simon}, year = {2016}, note = {Projekt: TARGET}, keywords = {Department Technologie, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation, peer-reviewed}, } @inproceedings{rauchberger_longkit_2017, address = {Madeira, Portugal}, title = {Longkit - {A} {Universal} {Framework} for {BIOS}/{UEFI} {Rootkits} in {System} {Management} {Mode}}, doi = {10/gh3729}, author = {Rauchberger, Julian and Luh, Robert and Schrittwieser, Sebastian}, year = {2017}, note = {Projekt: TARGET}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Schriftpublikation, SP IT Sec System \& Application Security, best, peer-reviewed}, } @inproceedings{luh_llr-based_2017, title = {{LLR}-based {Sentiment} {Analysis} for {Kernel} {Event} {Sequences}}, doi = {10/gh3728}, publisher = {IEEE}, author = {Luh, Robert and Schrittwieser, Sebastian and Marschalek, Stefan}, year = {2017}, note = {Projekt: TARGET}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Schriftpublikation, best, peer-reviewed}, } @inproceedings{buhov_catch_2016, title = {Catch {Me} {If} {You} {Can}! {Transparent} {Detection} {Of} {Shellcode}}, doi = {10/gh3725}, publisher = {IEEE}, author = {Buhov, Damjan and Thron, Richard and Schrittwieser, Sebastian}, year = {2016}, note = {Projekt: TARGET}, keywords = {Department Technologie, FH SP Cyber Security, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Schriftpublikation, peer-reviewed}, } @inproceedings{kim_hello_2017, title = {Hello, {Facebook}! {Here} is the stalkers' paradise!: {Design} and analysis of enumeration attack using phone numbers on {Facebook}}, doi = {10/gh3724}, author = {Kim, Jinwoo and Kim, Kuyju and Cho, Junsung and Kim, Hyoungshick and Schrittwieser, Sebastian}, year = {2017}, note = {Projekt: TARGET}, keywords = {Department Technologie, FH SP Cyber Security, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Schriftpublikation, peer-reviewed}, } @article{eresheim_evolution_2017, title = {The {Evolution} of {Process} {Hiding} {Techniques} in {Malware} – {Current} {Threats} and {Possible} {Countermeasures}}, doi = {10/gh3722}, journal = {Journal of Information Processing}, author = {Eresheim, Sebastian and Luh, Robert and Schrittwieser, Sebastian}, year = {2017}, note = {Projekt: TARGET}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Data Intelligence, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Schriftpublikation, peer-reviewed}, } @article{luh_semantics-aware_2016, title = {Semantics-aware detection of targeted attacks – {A} survey}, url = {http://link.springer.com/article/10.1007/s11416-016-0273-3}, doi = {10/gh372z}, journal = {Journal of Computer Virology and Hacking Techniques}, author = {Luh, Robert and Marschalek, Stefan and Kaiser, Manfred and Janicke, H and Schrittwieser, Sebastian}, year = {2016}, note = {Projekt: TARGET}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Schriftpublikation, best, peer-reviewed}, pages = {1--39}, }