Papers
Permanent URI for this collection
Browse
Recent Submissions
Item Internet Early Warning Systems(2010-02-09T14:55:30Z) Bastke, Sascha; Deml, Mathias; Schmidt, SebastianIn the last two decades the Internet has become more and more important to our live and economy. Also the number of threats to the Internet is rising. Actual security systems that are used to protect the infrastructure are insufficient. For this reason Internet Early Warning Systems have gained a more and more important position in research. Such systems have a lot of aspects that must be bear in mind. These are technical and organisational aspects. In this work we give an overview of such aspects to define the term Internet Early Warning Systems in detail.Item The InMAS Approach(2010-02-09T14:55:29Z) Engelberth, Markus; Freiling, Felix C.; Göbel, Jan; Gorecki, Christian; Holz, Thorsten; Hund, Ralf; Trinius, Philipp; Willems, CarstenThe Internet Malware Analysis System (InMAS) is a modular platform for distributed, large-scale monitoring of malware on the Internet. InMAS integrates diverse tools for malware collection (using honeypots) and malware analysis (mainly using dynamic analysis). All collected information is aggregated and accessible through an intuitive and easy-to-use web interface. In this paper, we provide an overview of the structure of InMAS and the various tools it integrates. We also introduce the web frontend that displays all information on different levels of abstraction, from a coarse-grained overview down to highly detailed information on demand.Item Early Warning System on a National Level(2010-02-09T14:55:28Z) Apel, Martin; Biskup, Joachim; Flegel, Ulrich; Meier, MichaelWe present the architecture of an automatic early warning system (EWS) that aims at providing predictions and advice regarding security threats in information and communication technology without incorporation of cognitive abilities of humans and forms the basis for drawing a situation picture. Our EWS particularly targets the growing malware threat and shall achieve the required capabilities by combining malware collectors, malware analysis systems, malware behavior clustering, signature generation and distribution and malware/misuse detection system into an integrated process chain. The quality and timeliness of the results delivered by theEWS are influenced by the number and location of participating partners that share information on security incidents. In order to enable such a cooperation and an effective deployment of the EWS, interests and confidentiality requirements of the parties involved need to be carefully examined. We discuss technical details of the EWS components, evaluate alternatives and examine the interests of all parties involved in the anticipated deployment scenario.Item Beyond centralism(2010-02-09T14:55:26Z) Theilmann, AxelCurrent sensor networks for Early Warning Systems (EWS) have a simple monolithic structure where data is acquired at the network edges and then transmitted over a \dumb" infrastructure to the Early Warning Center (EWC) for analysis. This structure has proven inadequate for cross-organisational EWS and inter-EWS communication. The recently started Herold research project suggests a distributed architecture for network security systems based on independent network agents. While Herold is still in an early stage and much larger in scope, its central ideas can already be applied to alleviate the problems of monolithic EWS architectures.