@misc{pirker_digitale_2019, address = {Wien}, title = {Digitale {Probleme}....für {Alle}!}, url = {https://media.ccc.de/v/pw19-256-digitale-probleme-fr-alle-}, abstract = {Diese Vortrag bringt einen bunten Querschnitt von Nachrichten aus der IT-Sicherheitswelt, die in "normalen" Nachrichtenfeeds wohl kaum auftauchen, oder nicht wahrgenommen werden, die aber auf Grund der fortschreitenden Digitalisierung unserer Alltagswelt eigentlich Sicherheits- und Datenprivacy-Auswirkungen auf uns alle haben (könnten). Dieser Vortrag soll motivieren sich mit den eingesetzten modernen "digitalen" und "cloudigen" Tools etwas tiefergehend auseinanderzusetzen, anstatt reflexartig überall "Ja" bei der Installation zu klicken und ein "ist ja gratis" und ein "ich habe ja nichts zu verbergen" verhindert jede weitere Reflektion.}, author = {Pirker, Martin}, month = oct, year = {2019}, note = {Projekt: TARGET}, keywords = {FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, SP IT Sec Applied Security \& Data Science}, } @inproceedings{wagner_problem_2014, address = {Paris}, title = {Problem {Characterization} and {Abstraction} for {Visual} {Analytics} in {Behavior}-{Based} {Malware} {Pattern} {Analysis}}, url = {https://ifs.tuwien.ac.at/~rind/preprint/wagner_2014_VizSec_problem.pdf}, doi = {10/cv8p}, abstract = {Behavior-based analysis of emerging malware families involves finding suspicious patterns in large collections of execution traces. This activity cannot be automated for previously unknown malware families and thus malware analysts would benefit greatly from integrating visual analytics methods in their process. However existing approaches are limited to fairly static representations of data and there is no systematic characterization and abstraction of this problem domain. Therefore we performed a systematic literature study, conducted a focus group as well as semi-structured interviews with 10 malware analysts to elicit a problem abstraction along the lines of data, users, and tasks. The requirements emerging from this work can serve as basis for future design proposals to visual analytics-supported malware pattern analysis.}, booktitle = {Proceedings of the {Eleventh} {Workshop} on {Visualization} for {Cyber} {Security}}, publisher = {ACM}, author = {Wagner, Markus and Aigner, Wolfgang and Rind, Alexander and Dornhackl, Hermann and Kadletz, Konstantin and Luh, Robert and Tavolato, Paul}, editor = {Harrison, Lane}, month = nov, year = {2014}, note = {Projekt: TARGET Projekt: KAVA-Time}, keywords = {2014, Creative Industries, Department Technologie, FH SP Cyber Security, Forschungsgruppe Digital Technologies, Forschungsgruppe Media Computing, Forschungsgruppe Secure Societies, Institut für Creative Media Technologies, Institut für IT Sicherheitsforschung, KAVA-Time, Publikationstyp Präsentation, Publikationstyp Schriftpublikation, Visual analytics, best, best-lbwagnerm, evaluation, malicious software, malware analysis, peer-reviewed, problem characterization and abstraction, user centered design, visualization}, pages = {9 -- 16}, } @inproceedings{dam_large-scale_2019, address = {Canterbury, United Kingdom}, title = {Large-{Scale} {Analysis} of {Pop}-{Up} {Scam} on {Typosquatting} {URLs}}, doi = {10/gh378k}, booktitle = {Proceedings of the 14th {International} {Conference} on {Availability}, {Reliability} and {Security}}, publisher = {ACM}, author = {Dam, Tobias and Klausner, Lukas Daniel and Buhov, Damjan and Schrittwieser, Sebastian}, year = {2019}, note = {Projekt: TARGET}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Konferenz-Paper, SP IT Sec System \& Application Security, Vortrag, Wiss. Beitrag, peer-reviewed}, pages = {53:1--53:9}, } @article{luh_advanced_2019, title = {Advanced threat intelligence: detection and classification of anomalous behavior in system processes}, volume = {Springer}, abstract = {With the advent of Advanced Persistent Threats (APTs), it has become increasingly difficult to identify and understand attacks on computer systems. This paper presents a system capable of explaining anomalous behavior within network-enabled user sessions by describing and interpreting kernel event anomalies detected by their deviation from normal behavior. The prototype has been developed at the Josef Ressel Center for Unified Threat Intelligence on Targeted Attacks (TARGET) at St. Pölten University of Applied Sciences.}, journal = {e {\textbackslash}\& i Elektrotechnik und Informationstechnik}, author = {Luh, Robert and Schrittwieser, Sebastian}, month = dec, year = {2019}, note = {Projekt: TARGET}, keywords = {FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, SP IT Sec Applied Security \& Data Science, best, peer-reviewed, ⛔ No DOI found}, pages = {1--7}, } @article{wenzl_hack_2019, title = {From {Hack} to {Elaborate} {Technique}—{A} {Survey} on {Binary} {Rewriting}}, volume = {52}, url = {https://doi.org/10.1145/3316415}, abstract = {Binary rewriting is changing the semantics of a program without having the source code at hand. It is used for diverse purposes, such as emulation (e.g., QEMU), optimization (e.g., DynInst), observation (e.g., Valgrind), and hardening (e.g., Control flow integrity enforcement). This survey gives detailed insight into the development and state-of-the-art in binary rewriting by reviewing 67 publications from 1966 to 2018. Starting from these publications, we provide an in-depth investigation of the challenges and respective solutions to accomplish binary rewriting. Based on our findings, we establish a thorough categorization of binary rewriting approaches with respect to their use-case, applied analysis technique, code-transformation method, and code generation techniques. We contribute a comprehensive mapping between binary rewriting tools, applied techniques, and their domain of application. Our findings emphasize that although much work has been done over the past decades, most of the effort was put into improvements aiming at rewriting general purpose applications but ignoring other challenges like altering throughput-oriented programs or software with real-time requirements, which are often used in the emerging field of the Internet of Things. To the best of our knowledge, our survey is the first comprehensive overview on the complete binary rewriting process.}, number = {3 / Artikel 49}, journal = {ACM Computing Surveys}, author = {Wenzl, Matthias and Merzdovnik, Georg and Ullrich, Johanna and Weippl, Edgar}, month = jun, year = {2019}, note = {Projekt: TARGET}, keywords = {FH SP Cyber Security, Institut für IT Sicherheitsforschung, SP IT Sec Security Management \& Privacy, best, peer-reviewed, ⛔ No DOI found}, } @inproceedings{eresheim_cybersecurity_2020, title = {Cybersecurity {Containment} {Agent}}, abstract = {Poster}, author = {Eresheim, Sebastian}, year = {2020}, note = {Projekt: TARGET}, keywords = {FH SP Cyber Security, Forschungsgruppe Data Intelligence, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Poster, SP IT Sec Applied Security \& Data Science, ⛔ No DOI found}, } @inproceedings{luh_robert_apt_2018, title = {{APT} {RPG}: {Design} of a {Gamified} {Attacker}/{Defender} {Meta} {Model}}, booktitle = {International {Workshop} on {FORmal} methods for {Security} {Engineering}}, author = {{Luh, Robert} and Temper, Marlies and Tjoa, Simon and Schrittwieser, Sebastian}, year = {2018}, note = {Projekt: TARGET}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Data Intelligence, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Schriftpublikation, peer-reviewed, ⛔ No DOI found}, } @article{kieseberg_forensics_2017, title = {Forensics using {Internal} {Database} {Structures}}, url = {http://ercim-news.ercim.eu/images/stories/EN108/EN108-web.pdf}, number = {108}, journal = {ERCIM News}, author = {Kieseberg, Peter and Weippl, Edgar and Schrittwieser, Sebastian}, year = {2017}, note = {Projekt: TARGET}, keywords = {Center for Artificial Intelligence, Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Schriftpublikation, peer-reviewed, ⛔ No DOI found}, } @article{kieseberg_forensics_2016, title = {Forensics using {Internal} {Database} {Structures}}, number = {108}, journal = {ERCIM News}, author = {Kieseberg, Peter and Weippl, Edgar and Schrittwieser, Sebastian}, year = {2016}, note = {Projekt: TARGET}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Schriftpublikation, peer-reviewed, ⛔ No DOI found}, } @article{kieseberg_security_2017, title = {Security {Testing} for {Mobile} {Applications}}, volume = {109}, url = {https://www.sba-research.org/wp-content/uploads/publications/201704 - KIESEBERG - Pages from EN109-web.pdf}, journal = {ERCIM News}, author = {Kieseberg, Peter and Frühwirt, Peter and Schrittwieser, Sebastian}, year = {2017}, note = {Projekt: TARGET}, keywords = {Center for Artificial Intelligence, Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Schriftpublikation, peer-reviewed, ⛔ No DOI found}, pages = {52--53}, } @article{malle_privacy_2016, title = {Privacy {Aware} {Machine} {Learning} and the {Right} to be {Forgotten}}, number = {107}, journal = {ERCIM News}, author = {Malle, Bernd and Kieseberg, Peter and Schrittwieser, Sebastian and Holzinger, Andreas}, year = {2016}, note = {Projekt: TARGET}, keywords = {Center for Artificial Intelligence, Center for Digital Health Innovation, Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Schriftpublikation, peer-reviewed, ⛔ No DOI found}, } @article{kieseberg_detection_2016, title = {Detection of {Data} {Leaks} in {Collaborative} {Data} {Driven} {Research}}, number = {105}, journal = {ERCIM News}, author = {Kieseberg, Peter and Weippl, Edgar and Schrittwieser, Sebastian}, year = {2016}, note = {Projekt: TARGET}, keywords = {Center for Artificial Intelligence, Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Schriftpublikation, peer-reviewed, ⛔ No DOI found}, } @inproceedings{luh_design_2017, address = {Madeira, Portugal}, title = {Design of an {Anomaly}-based {Threat} {Detection} \& {Explication} {System}}, doi = {10/gnd7mx}, author = {Luh, Robert and Schrittwieser, Sebastian and Janicke, Helge and Marschalek, Stefan}, year = {2017}, note = {Projekt: TARGET}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Schriftpublikation, peer-reviewed}, } @inproceedings{marschalek_empirical_2016, title = {Empirical {Malware} {Research} through {Observation} of {System} {Behaviour}}, doi = {10/gnt2tx}, booktitle = {First {Workshop} on {Empirical} {Research} {Methods} in {Information} {Security}}, publisher = {ACM}, author = {Marschalek, Stefan and Kaiser, Manfred and Luh, Robert and Schrittwieser, Sebastian}, year = {2016}, note = {Projekt: TARGET}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Schriftpublikation, peer-reviewed}, pages = {467--469}, } @inproceedings{luh_taon_2016, title = {{TAON}: {An} {Ontology}-based {Approach} to {Mitigating} {Targeted} {Attacks}}, doi = {10/gnt2tw}, publisher = {ACM}, author = {Luh, Robert and Schrittwieser, Sebastian and Marschalek, Stefan}, year = {2016}, note = {Projekt: TARGET}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Schriftpublikation, peer-reviewed}, } @techreport{luh_advanced_2019-1, type = {Dissertation}, title = {Advanced {Threat} {Intelligence}: {Interpretation} of {Anomalous} {Behavior} in {Ubiquitous} {Kernel} {Processes}}, url = {https://dora.dmu.ac.uk/handle/2086/18527}, abstract = {Targeted attacks on digital infrastructures are a rising threat against the confidentiality, integrity, and availability of both IT systems and sensitive data. With the emergence of advanced persistent threats (APTs), identifying and understanding such attacks has become an increasingly difficult task. Current signature-based systems are heavily reliant on fixed patterns that struggle with unknown or evasive applications, while behavior-based solutions usually leave most of the interpretative work to a human analyst. This thesis presents a multi-stage system able to detect and classify anomalous behavior within a user session by observing and analyzing ubiquitous kernel processes. Application candidates suitable for monitoring are initially selected through an adapted sentiment mining process using a score based on the log likelihood ratio (LLR). For transparent anomaly detection within a corpus of associated events, the author utilizes star structures, a bipartite representation designed to approximate the edit distance between graphs. Templates describing nominal behavior are generated automatically and are used for the computation of both an anomaly score and a report containing all deviating events. The extracted anomalies are classified using the Random Forest (RF) and Support Vector Machine (SVM) algorithms. Ultimately, the newly labeled patterns are mapped to a dedicated APT attacker–defender model that considers objectives, actions, actors, as well as assets, thereby bridging the gap between attack indicators and detailed threat semantics. This enables both risk assessment and decision support for mitigating targeted attacks. Results show that the prototype system is capable of identifying 99.8\% of all star structure anomalies as benign or malicious. In multi-class scenarios that seek to associate each anomaly with a distinct attack pattern belonging to a particular APT stage we achieve a solid accuracy of 95.7\%. Furthermore, we demonstrate that 88.3\% of observed attacks could be identified by analyzing and classifying a single ubiquitous Windows process for a mere 10 seconds, thereby eliminating the necessity to monitor each and every (unknown) application running on a system. With its semantic take on threat detection and classification, the proposed system offers a formal as well as technical solution to an information security challenge of great significance.}, institution = {De Monfort University Leicester}, author = {Luh, Robert}, month = jul, year = {2019}, note = {Projekt: TARGET}, keywords = {FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, PhD, SP IT Sec Security Management \& Privacy, best rluh}, } @article{luh_automatische_2011, title = {Automatische verhaltensbasierte {Malware}-{Analyse}}, language = {Deutsch}, number = {11}, journal = {Hackin9}, author = {Luh, Robert and Tavolato, Paul}, year = {2011}, note = {Projekt: TARGET}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation}, } @inproceedings{wagner_survey_2015, address = {Cagliari, Italy}, title = {A {Survey} of {Visualization} {Systems} for {Malware} {Analysis}}, url = {http://mc.fhstp.ac.at/supp/EuroVisStar2015}, doi = {10/cwc4}, abstract = {Due to the increasing threat from malicious software (malware), monitoring of vulnerable systems is becoming increasingly important. The need to log and analyze activity encompasses networks, individual computers, as well as mobile devices. While there are various automatic approaches and techniques available to detect, identify, or capture malware, the actual analysis of the ever-increasing number of suspicious samples is a time-consuming process for malware analysts. The use of visualization and highly interactive visual analytics systems can help to support this analysis process with respect to investigation, comparison, and summarization of malware samples. Currently, there is no survey available that reviews available visualization systems supporting this important and emerging field. We provide a systematic overview and categorization of malware visualization systems from the perspective of visual analytics. Additionally, we identify and evaluate data providers and commercial tools that produce meaningful input data for the reviewed malware visualization systems. This helps to reveal data types that are currently underrepresented, enabling new research opportunities in the visualization community.}, booktitle = {Eurographics {Conference} on {Visualization} ({EuroVis}) - {STARs}}, publisher = {The Eurographics Association}, author = {Wagner, Markus and Fischer, Fabian and Luh, Robert and Haberson, Andrea and Rind, Alexander and Keim, Daniel A. and Aigner, Wolfgang}, editor = {Borgo, Rita and Ganovelli, Fabio and Viola, Ivan}, year = {2015}, note = {Projekt: TARGET Projekt: KAVA-Time}, keywords = {Creative Industries, FH SP Cyber Security, FH SP Data Analytics \& Visual Computing, Forschungsgruppe Digital Technologies, Forschungsgruppe Media Computing, Forschungsgruppe Secure Societies, Institut für Creative Media Technologies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, KAVA-Time, Model/Taxonomy, Publikationstyp Präsentation, Publikationstyp Schriftpublikation, Time-Oriented Data, Visual Computing, Visual analytics, Vortrag, Wiss. Beitrag, best, best-lbaigner, best-lbwagnerm, best-rluh, information visualization, interdisziplinär, malicious software, malware, peer-reviewed, survey, taxonomy, visualization}, pages = {105--125}, } @article{luh_aidis_2019, title = {{AIDIS}: {Detecting} and classifying anomalous behavior in ubiquitous kernel processes}, issn = {0167-4048}, url = {http://www.sciencedirect.com/science/article/pii/S0167404818314457}, doi = {10/gh38cc}, abstract = {Targeted attacks on IT systems are a rising threat against the confidentiality, integrity, and availability of critical information and infrastructures. With the rising prominence of advanced persistent threats (APTs), identifying and understanding such attacks has become increasingly important. Current signature-based systems are heavily reliant on fixed patterns that struggle with unknown or evasive applications, while behavior-based solutions usually leave most of the interpretative work to a human analyst. In this article we propose AIDIS, an Advanced Intrusion Detection and Interpretation System capable to explain anomalous behavior within a network-enabled user session by considering kernel event anomalies identified through their deviation from a set of baseline process graphs. For this purpose we adapt star structures, a bipartite representation used to approximate the edit distance between two graphs. Baseline templates are generated automatically and adapt to the nature of the respective operating system process. We prototypically implemented smart anomaly classification through a set of competency questions applied to graph template deviations and evaluated the approach using both Random Forest and linear kernel support vector machines. The determined attack classes are ultimately mapped to a dedicated APT attacker/defender meta model that considers actions, actors, as well as assets and mitigating controls, thereby enabling decision support and contextual interpretation of ongoing attacks.}, number = {84}, journal = {Computers \& Security}, author = {Luh, Robert and Janicke, Helge and Schrittwieser, Sebastian}, month = jul, year = {2019}, note = {Projekt: TARGET}, keywords = {FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, SP IT Sec System \& Application Security, best, best-rluh, peer-reviewed}, pages = {120--147}, } @article{luh_sequin_2018, title = {{SEQUIN}: a grammar inference framework for analyzing malicious system behavior}, url = {http://mc.fhstp.ac.at/sites/default/files/publications/Luh_2018_SEQUIN.pdf}, doi = {10/cwdf}, abstract = {Targeted attacks on IT systems are a rising threat to the confidentiality of sensitive data and the availability of critical systems. The emergence of Advanced Persistent Threats (APTs) made it paramount to fully understand the particulars of such attacks in order to improve or devise effective defense mechanisms. Grammar inference paired with visual analytics (VA) techniques offers a powerful foundation for the automated extraction of behavioral patterns from sequential event traces. To facilitate the interpretation and analysis of APTs, we present SEQUIN, a grammar inference system based on the Sequitur compression algorithm that constructs a context-free grammar (CFG) from string-based input data. In addition to recursive rule extraction, we expanded the procedure through automated assessment routines capable of dealing with multiple input sources and types. This automated assessment enables the accurate identification of interesting frequent or anomalous patterns in sequential corpora of arbitrary quantity and origin. On the formal side, we extended the CFG with attributes that help describe the extracted (malicious) actions. Discovery-focused pattern visualization of the output is provided by our dedicated KAMAS VA prototype.}, journal = {Journal of Computer Virology and Hacking Techniques}, author = {Luh, Robert and Schramm, Gregor and Wagner, Markus and Janicke, Helge and Schrittwieser, Sebastian}, year = {2018}, note = {Projekt: TARGET Projekt: KAVA-Time}, keywords = {FH SP Cyber Security, Forschungsgruppe Digital Technologies, Forschungsgruppe Media Computing, Forschungsgruppe Secure Societies, Institut für Creative Media Technologies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Visual analytics, Wiss. Beitrag, attribute grammar, best, best-lbwagner, best-rluh, knowledge generation, malware analysis, peer-reviewed, system behavior}, pages = {01 -- 21}, } @inproceedings{dabrowski_measuring_2019, address = {Chile}, title = {Measuring cookies and {Web} privacy in a post-{GDPR} world}, url = {https://www.johannaullrich.eu/assets/papers/dabrowski2019_pam.pdf}, doi = {10/ghjgnn}, abstract = {In response, the European Union has adopted the General Data Protection Regulation (GDPR), a legislative framework for data protection empowering individuals to control their data. Since its adoption on May 25th, 2018, its real-world implications are still not fully understood. An often mentioned aspect is Internet browser cookies, used for authentication and session management but also for user tracking and advertisement targeting. In this paper, we assess the impact of the GDPR on browser cookies in the wild in a threefold way. First, we investigate whether there are differences in cookie setting when accessing Internet services from different jurisdictions. Therefore, we collected cookies from the Alexa Top 100,000 websites and compared their cookie behavior from different vantage points. Second, we assess whether cookie setting behavior has changed over time by comparing today’s results with a data set from 2016. Finally, we discuss challenges caused by these new cookie setting policies for Internet measurement studies and propose ways to overcome them}, booktitle = {Passive and {Active} {Measurement}}, publisher = {Springer}, author = {Dabrowski, Adrian and Merzdovnik, G and Ullrich, Johanna and Sendera, Gerald and Weippl, Edgar}, year = {2019}, note = {Projekt: TARGET}, keywords = {FH SP Cyber Security, Institut für IT Sicherheitsforschung, SP IT Sec Applied Security \& Data Science, Vortrag, peer-reviewed}, pages = {pp 258--270}, } @inproceedings{marschalek_classifying_2015, title = {Classifying {Malicious} {System} {Behavior} using {Event} {Propagation} {Trees}}, doi = {10/gh378f}, booktitle = {Proceedings of the 17th {International} {Con}- ference on {Information} {Integration} and {Web}-based {Applications} {Services} ({iiWAS2015})}, author = {Marschalek, Stefan and Luh, Robert and Kaiser, Manfred and Schrittwieser, Sebastian}, year = {2015}, note = {Projekt: TARGET}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Schriftpublikation, SP IT Sec System \& Application Security, peer-reviewed}, } @inproceedings{luh_sequitur-based_2017, title = {Sequitur-based {Inference} and {Analysis} {Framework} for {Malicious} {System} {Behavior}}, doi = {10/cwdb}, author = {Luh, Robert and Schramm, Georg and Wagner, Markus and Schrittwieser, Sebastian}, year = {2017}, note = {Projekt: TARGET Projekt: KAVA-Time}, keywords = {2017, Department Medien und Digitale Technologien, Department Technologie, FH SP Cyber Security, Forschungsgruppe Digital Technologies, Forschungsgruppe Media Computing, Forschungsgruppe Secure Societies, Institut für Creative Media Technologies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Präsentation, Publikationstyp Schriftpublikation, peer-reviewed}, } @inproceedings{pirker_assessment_2016, title = {Assessment of {Server} {State} via {Inter}-{Clone} {Differences}}, doi = {10/gh375j}, publisher = {IEEE}, author = {Pirker, Martin and Nusser, Andreas}, year = {2016}, note = {Projekt: TARGET}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Schriftpublikation, peer-reviewed}, } @inproceedings{pirker_work-flow_2016, series = {{WWW} '16 {Companion}}, title = {A {Work}-{Flow} for {Empirical} {Exploration} of {Security} {Events}}, url = {http://www2016.net/proceedings/companion/p477.pdf}, doi = {10/gh375h}, booktitle = {25th {International} {Conference} {Companion} on {World} {Wide} {Web}}, publisher = {ACM}, author = {Pirker, Martin and Nusser, Andreas}, year = {2016}, note = {Projekt: TARGET}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Schriftpublikation, peer-reviewed}, } @inproceedings{rottermanner_privacy_2015, title = {Privacy and {Data} {Protection} in {Smartphone} {Messengers}}, doi = {10/gh3746}, booktitle = {Proceedings of the 17th {International} {Conference} on {Information} {Integration} and {Web}-based {Applications} {Services} ({iiWAS2015})}, author = {Rottermanner, C and Kieseberg, Peter and Huber, Markus and Schmiedecker, M and Schrittwieser, Sebastian}, year = {2015}, note = {Projekt: TARGET}, keywords = {Center for Artificial Intelligence, Department Technologie, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation}, } @inproceedings{wegerer_defeating_2016, title = {Defeating the {Database} {Adversary} {Using} {Deception} – {A} {MySQL} {Database} {Honeypot}}, doi = {10/gh3745}, publisher = {IEEE}, author = {Wegerer, Mathias and Tjoa, Simon}, year = {2016}, note = {Projekt: TARGET}, keywords = {Department Technologie, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation, peer-reviewed}, } @inproceedings{rauchberger_longkit_2017, address = {Madeira, Portugal}, title = {Longkit - {A} {Universal} {Framework} for {BIOS}/{UEFI} {Rootkits} in {System} {Management} {Mode}}, doi = {10/gh3729}, author = {Rauchberger, Julian and Luh, Robert and Schrittwieser, Sebastian}, year = {2017}, note = {Projekt: TARGET}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Schriftpublikation, SP IT Sec System \& Application Security, best, peer-reviewed}, } @inproceedings{luh_llr-based_2017, title = {{LLR}-based {Sentiment} {Analysis} for {Kernel} {Event} {Sequences}}, doi = {10/gh3728}, publisher = {IEEE}, author = {Luh, Robert and Schrittwieser, Sebastian and Marschalek, Stefan}, year = {2017}, note = {Projekt: TARGET}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Schriftpublikation, best, peer-reviewed}, } @inproceedings{buhov_catch_2016, title = {Catch {Me} {If} {You} {Can}! {Transparent} {Detection} {Of} {Shellcode}}, doi = {10/gh3725}, publisher = {IEEE}, author = {Buhov, Damjan and Thron, Richard and Schrittwieser, Sebastian}, year = {2016}, note = {Projekt: TARGET}, keywords = {Department Technologie, FH SP Cyber Security, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Schriftpublikation, peer-reviewed}, } @inproceedings{kim_hello_2017, title = {Hello, {Facebook}! {Here} is the stalkers' paradise!: {Design} and analysis of enumeration attack using phone numbers on {Facebook}}, doi = {10/gh3724}, author = {Kim, Jinwoo and Kim, Kuyju and Cho, Junsung and Kim, Hyoungshick and Schrittwieser, Sebastian}, year = {2017}, note = {Projekt: TARGET}, keywords = {Department Technologie, FH SP Cyber Security, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Schriftpublikation, peer-reviewed}, } @article{eresheim_evolution_2017, title = {The {Evolution} of {Process} {Hiding} {Techniques} in {Malware} – {Current} {Threats} and {Possible} {Countermeasures}}, doi = {10/gh3722}, journal = {Journal of Information Processing}, author = {Eresheim, Sebastian and Luh, Robert and Schrittwieser, Sebastian}, year = {2017}, note = {Projekt: TARGET}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Data Intelligence, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Schriftpublikation, peer-reviewed}, } @article{luh_semantics-aware_2016, title = {Semantics-aware detection of targeted attacks – {A} survey}, url = {http://link.springer.com/article/10.1007/s11416-016-0273-3}, doi = {10/gh372z}, journal = {Journal of Computer Virology and Hacking Techniques}, author = {Luh, Robert and Marschalek, Stefan and Kaiser, Manfred and Janicke, H and Schrittwieser, Sebastian}, year = {2016}, note = {Projekt: TARGET}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Schriftpublikation, best, peer-reviewed}, pages = {1--39}, } @inproceedings{kurniawan_semantic_2019, address = {Karlsruhe, Deutschland}, title = {Semantic integration and monitoring of file system activity}, isbn = {ISBN 978-3-030-33220-4}, url = {http://ceur-ws.org/Vol-2451/paper-17.pdf}, abstract = {File access activity information is an important source for identifying unauthorized data transmissions. In this paper, we present a semantic approach for the monitoring of file system activity in the context of information security. We thereby tackle limitations of existing monitoring approaches in terms of semantic integration, contextualization, and cross-system interoperability. In particular, we present a vocabulary for file activity logs and outline an architecture for log file collection, extraction, linking, and storage. We demonstrate the applicability of this approach by means of an application scenario. Finally, we show how analysts can inspect the life-cycle of files in a context-rich manner by means of SPARQL queries and a graph visualization of the results}, booktitle = {Semantic {Systems}. {The} {Power} of {AI} and {Knowledge} {Graphs}}, author = {Kurniawan, Kabul and Ekelhart, Andreas and Fröschl, Agnes and Ekaputra, Fajar}, year = {2019}, note = {Projekt: TARGET}, keywords = {FH SP Cyber Security, Institut für IT Sicherheitsforschung, SP IT Sec Applied Security \& Data Science, peer-reviewed}, pages = {Artikel Nummer 17}, } @misc{pirker_robustes_2019, address = {Wien}, title = {Robustes {Parsen} von {Inputdaten}}, url = {https://sec4dev.io/sessions/robustes-parsen-von-inputdaten}, abstract = {In unserer digitalen Welt kommunizieren unterschiedlichste Programme mit Hilfe von vielerlei Datenformaten miteinander. Oft werden Standardformate verwendet (z.B. XML oder JSON) weil diese in den Bibliotheken der gängigen Programmiersprachen leicht verfügbar sind. Mit der Annahme und weiteren Verarbeitung von Daten unbekannter Herkunft (z.B. "von irgendwoher" aus dem Internet) stellt sich auch immer die Sicherheitsfrage: Könnten geschickt manipulierte Daten in meiner Verarbeitung Probleme verursachen? Dieser Vortrag beschäftigt sich mit der Frage wie man Daten robust und sicher ins eigene Programm importieren kann. Oder anders formuliert, mit wieviel Aufwand kann man wie komplexe Daten einlesen und was kann man über die Sicherheit dieses exponierten Programmcodes dann noch aussagen?}, author = {Pirker, Martin}, month = feb, year = {2019}, note = {Projekt: TARGET}, keywords = {FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, SP IT Sec Applied Security \& Data Science}, } @misc{schrittwieser_sicherheit_2019, address = {Wien}, type = {Invited {Talk}}, title = {Sicherheit von {Container}-{Virtualisierung}}, url = {https://idcitsecurity.com/2019/vienna/}, author = {Schrittwieser, Sebastian}, month = sep, year = {2019}, note = {Projekt: TARGET}, keywords = {FH SP Cyber Security, Institut für IT Sicherheitsforschung, SP IT Sec Security Management \& Privacy}, } @misc{schrittwieser_software_2019, address = {Dagstuhl}, type = {Invited {Talk}}, title = {Software {Protection} through {Obfusction} - {Can} it keep pace with progress in code analysis?}, url = {https://www.dagstuhl.de/en/program/calendar/semhp/?semnr=19331}, author = {Schrittwieser, Sebastian}, year = {2019}, note = {Projekt: TARGET}, keywords = {FH SP Cyber Security, Institut für IT Sicherheitsforschung, SP IT Sec Applied Security \& Data Science}, } @misc{pirker_more_2019, address = {TU Wien}, type = {Invited {Talk}}, title = {More {Data} - {More} {Security}?}, url = {https://www.eventbrite.com/e/ai-among-us-todays-use-cases-of-applied-ai-tickets-78776670141}, abstract = {Viel mehr Daten, viel mehr Sicherheit? Im Vortrag werden die verschiedenen Stadien der Lösung und Umsetzung eines konkreten ML/AI Problems beleuchtet:Martin Pirker und sein Team wollen die folgende Forschungsfrage beantworten: „könnte man mit Anomaliedetektion neuartige Einbrüche erkennen?“. Dazu werden viele Daten benötigt - hierbei muss die Problematik der persönlichen Daten besonders berücksichtigt werden. Ist dies geschafft, werden die riesigen Datenberge durchforstet und entsprechend organisiert. Eine weitere Hürde ist das Implementierungs-Trade-Offzwischen der Speicher- und Prozessorleistung und den Deployment-Kosten.Am Ende der Entwicklung steht die Integration im kommerziellen Produkt und der "Explainability"der Ergebnisse und Bedienbarkeit für den Kunden}, author = {Pirker, Martin}, month = nov, year = {2019}, note = {Projekt: TARGET}, keywords = {FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, SP IT Sec Applied Security \& Data Science}, } @misc{pirker_big_2019, address = {Wien}, type = {Invited {Talk}}, title = {({Big}) {Data} ({Science}) für {Security}}, url = {https://www.meetup.com/de-DE/Vienna-Data-Science-Group-Meetup/events/259922553/}, author = {Pirker, Martin}, month = mar, year = {2019}, note = {Projekt: TARGET}, keywords = {FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, SP IT Sec Applied Security \& Data Science}, }