@phdthesis{Gawron2019,
  author    = {Gawron, Marian},
  title     = {Towards automated advanced vulnerability analysis},
  doi       = {10.25932/publishup-42635},
  url       = {http://nbn-resolving.de/urn:nbn:de:kobv:517-opus4-426352},
  school      = {Universit{\"a}t Potsdam},
  pages     = {149},
  year      = {2019},
  abstract  = {The identification of vulnerabilities in IT infrastructures is a crucial problem in enhancing the security, because many incidents resulted from already known vulnerabilities, which could have been resolved. Thus, the initial identification of vulnerabilities has to be used to directly resolve the related weaknesses and mitigate attack possibilities. The nature of vulnerability information requires a collection and normalization of the information prior to any utilization, because the information is widely distributed in different sources with their unique formats. Therefore, the comprehensive vulnerability model was defined and different sources have been integrated into one database. Furthermore, different analytic approaches have been designed and implemented into the HPI-VDB, which directly benefit from the comprehensive vulnerability model and especially from the logical preconditions and postconditions. Firstly, different approaches to detect vulnerabilities in both IT systems of average users and corporate networks of large companies are presented. Therefore, the approaches mainly focus on the identification of all installed applications, since it is a fundamental step in the detection. This detection is realized differently depending on the target use-case. Thus, the experience of the user, as well as the layout and possibilities of the target infrastructure are considered. Furthermore, a passive lightweight detection approach was invented that utilizes existing information on corporate networks to identify applications. In addition, two different approaches to represent the results using attack graphs are illustrated in the comparison between traditional attack graphs and a simplistic graph version, which was integrated into the database as well. The implementation of those use-cases for vulnerability information especially considers the usability. Beside the analytic approaches, the high data quality of the vulnerability information had to be achieved and guaranteed. The different problems of receiving incomplete or unreliable information for the vulnerabilities are addressed with different correction mechanisms. The corrections can be carried out with correlation or lookup mechanisms in reliable sources or identifier dictionaries. Furthermore, a machine learning based verification procedure was presented that allows an automatic derivation of important characteristics from the textual description of the vulnerabilities.},
  language  = {en}
}
@misc{GawronChengMeinel2018,
  author    = {Gawron, Marian and Cheng, Feng and Meinel, Christoph},
  title     = {Automatic vulnerability classification using machine learning},
  series = {Risks and Security of Internet and Systems},
  journal   = {Risks and Security of Internet and Systems},
  publisher = {Springer},
  address   = {Cham},
  isbn      = {978-3-319-76687-4},
  issn      = {0302-9743},
  doi       = {10.1007/978-3-319-76687-4_1},
  pages     = {3 -- 17},
  year      = {2018},
  abstract  = {The classification of vulnerabilities is a fundamental step to derive formal attributes that allow a deeper analysis. Therefore, it is required that this classification has to be performed timely and accurate. Since the current situation demands a manual interaction in the classification process, the timely processing becomes a serious issue. Thus, we propose an automated alternative to the manual classification, because the amount of identified vulnerabilities per day cannot be processed manually anymore. We implemented two different approaches that are able to automatically classify vulnerabilities based on the vulnerability description. We evaluated our approaches, which use Neural Networks and the Naive Bayes methods respectively, on the base of publicly known vulnerabilities.},
  language  = {en}
}
@misc{GawronChengMeinel2017,
  author    = {Gawron, Marian and Cheng, Feng and Meinel, Christoph},
  title     = {PVD: Passive Vulnerability Detection},
  series = {8th International Conference on Information and Communication Systems (ICICS)},
  journal   = {8th International Conference on Information and Communication Systems (ICICS)},
  publisher = {IEEE},
  address   = {New York},
  isbn      = {978-1-5090-4243-2},
  issn      = {2471-125X},
  doi       = {10.1109/IACS.2017.7921992},
  pages     = {322 -- 327},
  year      = {2017},
  abstract  = {The identification of vulnerabilities relies on detailed information about the target infrastructure. The gathering of the necessary information is a crucial step that requires an intensive scanning or mature expertise and knowledge about the system even though the information was already available in a different context. In this paper we propose a new method to detect vulnerabilities that reuses the existing information and eliminates the necessity of a comprehensive scan of the target system. Since our approach is able to identify vulnerabilities without the additional effort of a scan, we are able to increase the overall performance of the detection. Because of the reuse and the removal of the active testing procedures, our approach could be classified as a passive vulnerability detection. We will explain the approach and illustrate the additional possibility to increase the security awareness of users. Therefore, we applied the approach on an experimental setup and extracted security relevant information from web logs.},
  language  = {en}
}
@inproceedings{KurbelNowakAzodietal.2015,
  author    = {Kurbel, Karl and Nowak, Dawid and Azodi, Amir and Jaeger, David and Meinel, Christoph and Cheng, Feng and Sapegin, Andrey and Gawron, Marian and Morelli, Frank and Stahl, Lukas and Kerl, Stefan and Janz, Mariska and Hadaya, Abdulmasih and Ivanov, Ivaylo and Wiese, Lena and Neves, Mariana and Schapranow, Matthieu-Patrick and F{\"a}hnrich, Cindy and Feinbube, Frank and Eberhardt, Felix and Hagen, Wieland and Plauth, Max and Herscheid, Lena and Polze, Andreas and Barkowsky, Matthias and Dinger, Henriette and Faber, Lukas and Montenegro, Felix and Czach{\´o}rski, Tadeusz and Nycz, Monika and Nycz, Tomasz and Baader, Galina and Besner, Veronika and Hecht, Sonja and Schermann, Michael and Krcmar, Helmut and Wiradarma, Timur Pratama and Hentschel, Christian and Sack, Harald and Abramowicz, Witold and Sokolowska, Wioletta and Hossa, Tymoteusz and Opalka, Jakub and Fabisz, Karol and Kubaczyk, Mateusz and Cmil, Milena and Meng, Tianhui and Dadashnia, Sharam and Niesen, Tim and Fettke, Peter and Loos, Peter and Perscheid, Cindy and Schwarz, Christian and Schmidt, Christopher and Scholz, Matthias and Bock, Nikolai and Piller, Gunther and B{\"o}hm, Klaus and Norkus, Oliver and Clark, Brian and Friedrich, Bj{\"o}rn and Izadpanah, Babak and Merkel, Florian and Schweer, Ilias and Zimak, Alexander and Sauer, J{\"u}rgen and Fabian, Benjamin and Tilch, Georg and M{\"u}ller, David and Pl{\"o}ger, Sabrina and Friedrich, Christoph M. and Engels, Christoph and Amirkhanyan, Aragats and van der Walt, Est{\´e}e and Eloff, J. H. P. and Scheuermann, Bernd and Weinknecht, Elisa},
  title     = {HPI Future SOC Lab},
  editor    = {Meinel, Christoph and Polze, Andreas and Oswald, Gerhard and Strotmann, Rolf and Seibold, Ulrich and Schulzki, Bernhard},
  url       = {http://nbn-resolving.de/urn:nbn:de:kobv:517-opus4-102516},
  pages     = {iii, 154},
  year      = {2015},
  abstract  = {Das Future SOC Lab am HPI ist eine Kooperation des Hasso-Plattner-Instituts mit verschiedenen Industriepartnern. Seine Aufgabe ist die Erm{\"o}glichung und F{\"o}rderung des Austausches zwischen Forschungsgemeinschaft und Industrie. Am Lab wird interessierten Wissenschaftlern eine Infrastruktur von neuester Hard- und Software kostenfrei f{\"u}r Forschungszwecke zur Verf{\"u}gung gestellt. Dazu z{\"a}hlen teilweise noch nicht am Markt verf{\"u}gbare Technologien, die im normalen Hochschulbereich in der Regel nicht zu finanzieren w{\"a}ren, bspw. Server mit bis zu 64 Cores und 2 TB Hauptspeicher. Diese Angebote richten sich insbesondere an Wissenschaftler in den Gebieten Informatik und Wirtschaftsinformatik. Einige der Schwerpunkte sind Cloud Computing, Parallelisierung und In-Memory Technologien. In diesem Technischen Bericht werden die Ergebnisse der Forschungsprojekte des Jahres 2015 vorgestellt. Ausgew{\"a}hlte Projekte stellten ihre Ergebnisse am 15. April 2015 und 4. November 2015 im Rahmen der Future SOC Lab Tag Veranstaltungen vor.},
  language  = {en}
}