TY - JOUR A1 - Peng, Junjie A1 - Liu, Danxu A1 - Wang, Yingtao A1 - Zeng, Ying A1 - Cheng, Feng A1 - Zhang, Wenqiang T1 - Weight-based strategy for an I/O-intensive application at a cloud data center JF - Concurrency and computation : practice & experience N2 - Applications with different characteristics in the cloud may have different resources preferences. However, traditional resource allocation and scheduling strategies rarely take into account the characteristics of applications. Considering that an I/O-intensive application is a typical type of application and that frequent I/O accesses, especially small files randomly accessing the disk, may lead to an inefficient use of resources and reduce the quality of service (QoS) of applications, a weight allocation strategy is proposed based on the available resources that a physical server can provide as well as the characteristics of the applications. Using the weight obtained, a resource allocation and scheduling strategy is presented based on the specific application characteristics in the data center. Extensive experiments show that the strategy is correct and can guarantee a high concurrency of I/O per second (IOPS) in a cloud data center with high QoS. Additionally, the strategy can efficiently improve the utilization of the disk and resources of the data center without affecting the service quality of applications. KW - IOPS KW - process scheduling KW - random I KW - O KW - small files KW - weight Y1 - 2018 U6 - https://doi.org/10.1002/cpe.4648 SN - 1532-0626 SN - 1532-0634 VL - 30 IS - 19 PB - Wiley CY - Hoboken ER - TY - GEN A1 - Sukmana, Muhammad Ihsan Haikal A1 - Torkura, Kennedy A. A1 - Cheng, Feng A1 - Meinel, Christoph A1 - Graupner, Hendrik T1 - Unified logging system for monitoring multiple cloud storage providers in cloud storage broker T2 - 32ND International Conference on Information Networking (ICOIN) N2 - With the increasing demand for personal and enterprise data storage service, Cloud Storage Broker (CSB) provides cloud storage service using multiple Cloud Service Providers (CSPs) with guaranteed Quality of Service (QoS), such as data availability and security. However monitoring cloud storage usage in multiple CSPs has become a challenge for CSB due to lack of standardized logging format for cloud services that causes each CSP to implement its own format. In this paper we propose a unified logging system that can be used by CSB to monitor cloud storage usage across multiple CSPs. We gather cloud storage log files from three different CSPs and normalise these into our proposed log format that can be used for further analysis process. We show that our work enables a coherent view suitable for data navigation, monitoring, and analytics. KW - Unified logging system KW - Cloud Service Provider KW - cloud monitoring KW - data integration KW - security analytics Y1 - 2018 SN - 978-1-5386-2290-2 U6 - https://doi.org/10.1109/ICOIN.2018.8343081 SP - 44 EP - 49 PB - IEEE CY - New York ER - TY - GEN A1 - Sukmana, Muhammad Ihsan Haikal A1 - Torkura, Kennedy A. A1 - Graupner, Hendrik A1 - Cheng, Feng A1 - Meinel, Christoph T1 - Unified Cloud Access Control Model for Cloud Storage Broker T2 - 33rd International Conference on Information Networking (ICOIN 2019) N2 - Cloud Storage Broker (CSB) provides value-added cloud storage service for enterprise usage by leveraging multi-cloud storage architecture. However, it raises several challenges for managing resources and its access control in multiple Cloud Service Providers (CSPs) for authorized CSB stakeholders. In this paper we propose unified cloud access control model that provides the abstraction of CSP's services for centralized and automated cloud resource and access control management in multiple CSPs. Our proposal offers role-based access control for CSB stakeholders to access cloud resources by assigning necessary privileges and access control list for cloud resources and CSB stakeholders, respectively, following privilege separation concept and least privilege principle. We implement our unified model in a CSB system called CloudRAID for Business (CfB) with the evaluation result shows it provides system-and-cloud level security service for cfB and centralized resource and access control management in multiple CSPs. KW - Cloud Storage Broker KW - Cloud access control and resource management KW - Unified cloud model KW - Privilege separation concept KW - Least privilege principle KW - Role-based access control Y1 - 2019 SN - 978-1-5386-8350-7 U6 - https://doi.org/10.1109/ICOIN.2019.8717982 SN - 1976-7684 SP - 60 EP - 65 PB - IEEE CY - Los Alamitos ER - TY - JOUR A1 - Sapegin, Andrey A1 - Jaeger, David A1 - Cheng, Feng A1 - Meinel, Christoph T1 - Towards a system for complex analysis of security events in large-scale networks JF - Computers & security : the international journal devoted to the study of the technical and managerial aspects of computer security N2 - After almost two decades of development, modern Security Information and Event Management (SIEM) systems still face issues with normalisation of heterogeneous data sources, high number of false positive alerts and long analysis times, especially in large-scale networks with high volumes of security events. In this paper, we present our own prototype of SIEM system, which is capable of dealing with these issues. For efficient data processing, our system employs in-memory data storage (SAP HANA) and our own technologies from the previous work, such as the Object Log Format (OLF) and high-speed event normalisation. We analyse normalised data using a combination of three different approaches for security analysis: misuse detection, query-based analytics, and anomaly detection. Compared to the previous work, we have significantly improved our unsupervised anomaly detection algorithms. Most importantly, we have developed a novel hybrid outlier detection algorithm that returns ranked clusters of anomalies. It lets an operator of a SIEM system to concentrate on the several top-ranked anomalies, instead of digging through an unsorted bundle of suspicious events. We propose to use anomaly detection in a combination with signatures and queries, applied on the same data, rather than as a full replacement for misuse detection. In this case, the majority of attacks will be captured with misuse detection, whereas anomaly detection will highlight previously unknown behaviour or attacks. We also propose that only the most suspicious event clusters need to be checked by an operator, whereas other anomalies, including false positive alerts, do not need to be explicitly checked if they have a lower ranking. We have proved our concepts and algorithms on a dataset of 160 million events from a network segment of a big multinational company and suggest that our approach and methods are highly relevant for modern SIEM systems. KW - Intrusion detection KW - SAP HANA KW - In-memory KW - Security KW - Machine learning KW - Anomaly detection KW - Outlier detection Y1 - 2017 U6 - https://doi.org/10.1016/j.cose.2017.02.001 SN - 0167-4048 SN - 1872-6208 VL - 67 SP - 16 EP - 34 PB - Elsevier Science CY - Oxford ER - TY - GEN A1 - Torkura, Kennedy A. A1 - Sukmana, Muhammad Ihsan Haikal A1 - Meinig, Michael A1 - Kayem, Anne V. D. M. A1 - Cheng, Feng A1 - Meinel, Christoph A1 - Graupner, Hendrik T1 - Securing cloud storage brokerage systems through threat models T2 - Proceedings IEEE 32nd International Conference on Advanced Information Networking and Applications (AINA) N2 - Cloud storage brokerage is an abstraction aimed at providing value-added services. However, Cloud Service Brokers are challenged by several security issues including enlarged attack surfaces due to integration of disparate components and API interoperability issues. Therefore, appropriate security risk assessment methods are required to identify and evaluate these security issues, and examine the efficiency of countermeasures. A possible approach for satisfying these requirements is employment of threat modeling concepts, which have been successfully applied in traditional paradigms. In this work, we employ threat models including attack trees, attack graphs and Data Flow Diagrams against a Cloud Service Broker (CloudRAID) and analyze these security threats and risks. Furthermore, we propose an innovative technique for combining Common Vulnerability Scoring System (CVSS) and Common Configuration Scoring System (CCSS) base scores in probabilistic attack graphs to cater for configuration-based vulnerabilities which are typically leveraged for attacking cloud storage systems. This approach is necessary since existing schemes do not provide sufficient security metrics, which are imperatives for comprehensive risk assessments. We demonstrate the efficiency of our proposal by devising CCSS base scores for two common attacks against cloud storage: Cloud Storage Enumeration Attack and Cloud Storage Exploitation Attack. These metrics are then used in Attack Graph Metric-based risk assessment. Our experimental evaluation shows that our approach caters for the aforementioned gaps and provides efficient security hardening options. Therefore, our proposals can be employed to improve cloud security. KW - Cloud-Security KW - Threat Models KW - Security Metrics KW - Security Risk Assessment KW - Secure Configuration Y1 - 2018 SN - 978-1-5386-2195-0 U6 - https://doi.org/10.1109/AINA.2018.00114 SN - 1550-445X SP - 759 EP - 768 PB - IEEE CY - New York ER - TY - GEN A1 - Gawron, Marian A1 - Cheng, Feng A1 - Meinel, Christoph T1 - PVD: Passive Vulnerability Detection T2 - 8th International Conference on Information and Communication Systems (ICICS) N2 - The identification of vulnerabilities relies on detailed information about the target infrastructure. The gathering of the necessary information is a crucial step that requires an intensive scanning or mature expertise and knowledge about the system even though the information was already available in a different context. In this paper we propose a new method to detect vulnerabilities that reuses the existing information and eliminates the necessity of a comprehensive scan of the target system. Since our approach is able to identify vulnerabilities without the additional effort of a scan, we are able to increase the overall performance of the detection. Because of the reuse and the removal of the active testing procedures, our approach could be classified as a passive vulnerability detection. We will explain the approach and illustrate the additional possibility to increase the security awareness of users. Therefore, we applied the approach on an experimental setup and extracted security relevant information from web logs. Y1 - 2017 SN - 978-1-5090-4243-2 U6 - https://doi.org/10.1109/IACS.2017.7921992 SN - 2471-125X SP - 322 EP - 327 PB - IEEE CY - New York ER - TY - THES A1 - Cheng, Feng T1 - Physical separation technology and its lock-keeper implementation Y1 - 2010 CY - Potsdam ER - TY - JOUR A1 - Hu, Ting-Li A1 - Cheng, Feng A1 - Xu, Zhen A1 - Chen, Zhong-Zheng A1 - Yu, Lei A1 - Ban, Qian A1 - Li, Chun-Lin A1 - Pan, Tao A1 - Zhang, Bao-Wei T1 - Molecular and morphological evidence for a new species of the genus Typhlomys (Rodentia: Platacanthomyidae) JF - Zoological research : ZR = Dongwuxue-yanjiu : jikan / published by Kunming Institute of Zoology, Chinese Academy of Sciences, Zhongguo Kexueyuan Kunming Dongwu Yanjiusuo zhuban, Dongwuxue-yanjiu Bianji Weiyuanhui bianji N2 - In this study, we reassessed the taxonomic position of Typhlomys (Rodentia: Platacanthomyidae) from Huangshan, Anhui, China, based on morphological and molecular evidence. Results suggested that Typhlomys is comprised of up to six species, including four currently recognized species ( Typhlomys cinereus, T. chapensis, T. daloushanensis, and T. nanus), one unconfirmed candidate species, and one new species ( Typhlomys huangshanensis sp. nov.). Morphological analyses further supported the designation of the Huangshan specimens found at mid-elevations in the southern Huangshan Mountains (600 m to 1 200 m a.s.l.) as a new species. KW - Morphology KW - Phylogenetics KW - Species delimitation KW - Taxonomy Y1 - 2021 U6 - https://doi.org/10.24272/j.issn.2095-8137.2020.132 SN - 2095-8137 VL - 42 IS - 1 SP - 100 EP - 107 PB - Yunnan Renmin Chubanshe CY - Kunming ER - TY - GEN A1 - Torkura, Kennedy A. A1 - Sukmana, Muhammad Ihsan Haikal A1 - Cheng, Feng A1 - Meinel, Christoph T1 - Leveraging cloud native design patterns for security-as-a-service applications T2 - IEEE International Conference on Smart Cloud (SmartCloud) N2 - This paper discusses a new approach for designing and deploying Security-as-a-Service (SecaaS) applications using cloud native design patterns. Current SecaaS approaches do not efficiently handle the increasing threats to computer systems and applications. For example, requests for security assessments drastically increase after a high-risk security vulnerability is disclosed. In such scenarios, SecaaS applications are unable to dynamically scale to serve requests. A root cause of this challenge is employment of architectures not specifically fitted to cloud environments. Cloud native design patterns resolve this challenge by enabling certain properties e.g. massive scalability and resiliency via the combination of microservice patterns and cloud-focused design patterns. However adopting these patterns is a complex process, during which several security issues are introduced. In this work, we investigate these security issues, we redesign and deploy a monolithic SecaaS application using cloud native design patterns while considering appropriate, layered security counter-measures i.e. at the application and cloud networking layer. Our prototype implementation out-performs traditional, monolithic applications with an average Scanner Time of 6 minutes, without compromising security. Our approach can be employed for designing secure, scalable and performant SecaaS applications that effectively handle unexpected increase in security assessment requests. KW - Cloud-Security KW - Security-as-a-Service KW - Vulnerability Assessment KW - Cloud Native Applications Y1 - 2017 SN - 978-1-5386-3684-8 U6 - https://doi.org/10.1109/SmartCloud.2017.21 SP - 90 EP - 97 PB - Institute of Electrical and Electronics Engineers CY - New York ER - TY - BOOK A1 - Rana, Kaushik A1 - Mohapatra, Durga Prasad A1 - Sidorova, Julia A1 - Lundberg, Lars A1 - Sköld, Lars A1 - Lopes Grim, Luís Fernando A1 - Sampaio Gradvohl, André Leon A1 - Cremerius, Jonas A1 - Siegert, Simon A1 - Weltzien, Anton von A1 - Baldi, Annika A1 - Klessascheck, Finn A1 - Kalancha, Svitlana A1 - Lichtenstein, Tom A1 - Shaabani, Nuhad A1 - Meinel, Christoph A1 - Friedrich, Tobias A1 - Lenzner, Pascal A1 - Schumann, David A1 - Wiese, Ingmar A1 - Sarna, Nicole A1 - Wiese, Lena A1 - Tashkandi, Araek Sami A1 - van der Walt, Estée A1 - Eloff, Jan H. P. A1 - Schmidt, Christopher A1 - Hügle, Johannes A1 - Horschig, Siegfried A1 - Uflacker, Matthias A1 - Najafi, Pejman A1 - Sapegin, Andrey A1 - Cheng, Feng A1 - Stojanovic, Dragan A1 - Stojnev Ilić, Aleksandra A1 - Djordjevic, Igor A1 - Stojanovic, Natalija A1 - Predic, Bratislav A1 - González-Jiménez, Mario A1 - de Lara, Juan A1 - Mischkewitz, Sven A1 - Kainz, Bernhard A1 - van Hoorn, André A1 - Ferme, Vincenzo A1 - Schulz, Henning A1 - Knigge, Marlene A1 - Hecht, Sonja A1 - Prifti, Loina A1 - Krcmar, Helmut A1 - Fabian, Benjamin A1 - Ermakova, Tatiana A1 - Kelkel, Stefan A1 - Baumann, Annika A1 - Morgenstern, Laura A1 - Plauth, Max A1 - Eberhard, Felix A1 - Wolff, Felix A1 - Polze, Andreas A1 - Cech, Tim A1 - Danz, Noel A1 - Noack, Nele Sina A1 - Pirl, Lukas A1 - Beilharz, Jossekin Jakob A1 - De Oliveira, Roberto C. L. A1 - Soares, Fábio Mendes A1 - Juiz, Carlos A1 - Bermejo, Belen A1 - Mühle, Alexander A1 - Grüner, Andreas A1 - Saxena, Vageesh A1 - Gayvoronskaya, Tatiana A1 - Weyand, Christopher A1 - Krause, Mirko A1 - Frank, Markus A1 - Bischoff, Sebastian A1 - Behrens, Freya A1 - Rückin, Julius A1 - Ziegler, Adrian A1 - Vogel, Thomas A1 - Tran, Chinh A1 - Moser, Irene A1 - Grunske, Lars A1 - Szárnyas, Gábor A1 - Marton, József A1 - Maginecz, János A1 - Varró, Dániel A1 - Antal, János Benjamin ED - Meinel, Christoph ED - Polze, Andreas ED - Beins, Karsten ED - Strotmann, Rolf ED - Seibold, Ulrich ED - Rödszus, Kurt ED - Müller, Jürgen T1 - HPI Future SOC Lab – Proceedings 2018 N2 - The “HPI Future SOC Lab” is a cooperation of the Hasso Plattner Institute (HPI) and industry partners. Its mission is to enable and promote exchange and interaction between the research community and the industry partners. The HPI Future SOC Lab provides researchers with free of charge access to a complete infrastructure of state of the art hard and software. This infrastructure includes components, which might be too expensive for an ordinary research environment, such as servers with up to 64 cores and 2 TB main memory. The offerings address researchers particularly from but not limited to the areas of computer science and business information systems. Main areas of research include cloud computing, parallelization, and In-Memory technologies. This technical report presents results of research projects executed in 2018. Selected projects have presented their results on April 17th and November 14th 2017 at the Future SOC Lab Day events. N2 - Das Future SOC Lab am HPI ist eine Kooperation des Hasso-Plattner-Instituts mit verschiedenen Industriepartnern. Seine Aufgabe ist die Ermöglichung und Förderung des Austausches zwischen Forschungsgemeinschaft und Industrie. Am Lab wird interessierten Wissenschaftler:innen eine Infrastruktur von neuester Hard- und Software kostenfrei für Forschungszwecke zur Verfügung gestellt. Dazu zählen Systeme, die im normalen Hochschulbereich in der Regel nicht zu finanzieren wären, bspw. Server mit bis zu 64 Cores und 2 TB Hauptspeicher. Diese Angebote richten sich insbesondere an Wissenschaftler:innen in den Gebieten Informatik und Wirtschaftsinformatik. Einige der Schwerpunkte sind Cloud Computing, Parallelisierung und In-Memory Technologien. In diesem Technischen Bericht werden die Ergebnisse der Forschungsprojekte des Jahres 2018 vorgestellt. Ausgewählte Projekte stellten ihre Ergebnisse am 17. April und 14. November 2018 im Rahmen des Future SOC Lab Tags vor. T3 - Technische Berichte des Hasso-Plattner-Instituts für Digital Engineering an der Universität Potsdam - 151 KW - Future SOC Lab KW - research projects KW - multicore architectures KW - in-memory technology KW - cloud computing KW - machine learning KW - artifical intelligence KW - Future SOC Lab KW - Forschungsprojekte KW - Multicore Architekturen KW - In-Memory Technologie KW - Cloud Computing KW - maschinelles Lernen KW - künstliche Intelligenz Y1 - 2022 U6 - http://nbn-resolving.de/urn/resolver.pl?urn:nbn:de:kobv:517-opus4-563712 SN - 978-3-86956-547-7 SN - 1613-5652 SN - 2191-1665 IS - 151 PB - Universitätsverlag Potsdam CY - Potsdam ER - TY - BOOK A1 - Zhang, Shuhao A1 - Plauth, Max A1 - Eberhardt, Felix A1 - Polze, Andreas A1 - Lehmann, Jens A1 - Sejdiu, Gezim A1 - Jabeen, Hajira A1 - Servadei, Lorenzo A1 - Möstl, Christian A1 - Bär, Florian A1 - Netzeband, André A1 - Schmidt, Rainer A1 - Knigge, Marlene A1 - Hecht, Sonja A1 - Prifti, Loina A1 - Krcmar, Helmut A1 - Sapegin, Andrey A1 - Jaeger, David A1 - Cheng, Feng A1 - Meinel, Christoph A1 - Friedrich, Tobias A1 - Rothenberger, Ralf A1 - Sutton, Andrew M. A1 - Sidorova, Julia A. A1 - Lundberg, Lars A1 - Rosander, Oliver A1 - Sköld, Lars A1 - Di Varano, Igor A1 - van der Walt, Estée A1 - Eloff, Jan H. P. A1 - Fabian, Benjamin A1 - Baumann, Annika A1 - Ermakova, Tatiana A1 - Kelkel, Stefan A1 - Choudhary, Yash A1 - Cooray, Thilini A1 - Rodríguez, Jorge A1 - Medina-Pérez, Miguel Angel A1 - Trejo, Luis A. A1 - Barrera-Animas, Ari Yair A1 - Monroy-Borja, Raúl A1 - López-Cuevas, Armando A1 - Ramírez-Márquez, José Emmanuel A1 - Grohmann, Maria A1 - Niederleithinger, Ernst A1 - Podapati, Sasidhar A1 - Schmidt, Christopher A1 - Huegle, Johannes A1 - de Oliveira, Roberto C. L. A1 - Soares, Fábio Mendes A1 - van Hoorn, André A1 - Neumer, Tamas A1 - Willnecker, Felix A1 - Wilhelm, Mathias A1 - Kuster, Bernhard ED - Meinel, Christoph ED - Polze, Andreas ED - Beins, Karsten ED - Strotmann, Rolf ED - Seibold, Ulrich ED - Rödszus, Kurt ED - Müller, Jürgen T1 - HPI Future SOC Lab – Proceedings 2017 T1 - HPI Future SOC Lab – Proceedings 2017 N2 - The “HPI Future SOC Lab” is a cooperation of the Hasso Plattner Institute (HPI) and industry partners. Its mission is to enable and promote exchange and interaction between the research community and the industry partners. The HPI Future SOC Lab provides researchers with free of charge access to a complete infrastructure of state of the art hard and software. This infrastructure includes components, which might be too expensive for an ordinary research environment, such as servers with up to 64 cores and 2 TB main memory. The offerings address researchers particularly from but not limited to the areas of computer science and business information systems. Main areas of research include cloud computing, parallelization, and In-Memory technologies. This technical report presents results of research projects executed in 2017. Selected projects have presented their results on April 25th and November 15th 2017 at the Future SOC Lab Day events. N2 - Das Future SOC Lab am HPI ist eine Kooperation des Hasso-Plattner-Instituts mit verschiedenen Industriepartnern. Seine Aufgabe ist die Ermöglichung und Förderung des Austausches zwischen Forschungsgemeinschaft und Industrie. Am Lab wird interessierten Wissenschaftlern eine Infrastruktur von neuester Hard- und Software kostenfrei für Forschungszwecke zur Verfügung gestellt. Dazu zählen teilweise noch nicht am Markt verfügbare Technologien, die im normalen Hochschulbereich in der Regel nicht zu finanzieren wären, bspw. Server mit bis zu 64 Cores und 2 TB Hauptspeicher. Diese Angebote richten sich insbesondere an Wissenschaftler in den Gebieten Informatik und Wirtschaftsinformatik. Einige der Schwerpunkte sind Cloud Computing, Parallelisierung und In-Memory Technologien. In diesem Technischen Bericht werden die Ergebnisse der Forschungsprojekte des Jahres 2017 vorgestellt. Ausgewählte Projekte stellten ihre Ergebnisse am 25. April und 15. November 2017 im Rahmen der Future SOC Lab Tag Veranstaltungen vor. T3 - Technische Berichte des Hasso-Plattner-Instituts für Digital Engineering an der Universität Potsdam - 130 KW - Future SOC Lab KW - research projects KW - multicore architectures KW - In-Memory technology KW - cloud computing KW - machine learning KW - artifical intelligence KW - Future SOC Lab KW - Forschungsprojekte KW - Multicore Architekturen KW - In-Memory Technologie KW - Cloud Computing KW - maschinelles Lernen KW - Künstliche Intelligenz Y1 - 2020 U6 - http://nbn-resolving.de/urn/resolver.pl?urn:nbn:de:kobv:517-opus4-433100 SN - 978-3-86956-475-3 SN - 1613-5652 SN - 2191-1665 IS - 130 PB - Universitätsverlag Potsdam CY - Potsdam ER - TY - CHAP A1 - Kurbel, Karl A1 - Nowak, Dawid A1 - Azodi, Amir A1 - Jaeger, David A1 - Meinel, Christoph A1 - Cheng, Feng A1 - Sapegin, Andrey A1 - Gawron, Marian A1 - Morelli, Frank A1 - Stahl, Lukas A1 - Kerl, Stefan A1 - Janz, Mariska A1 - Hadaya, Abdulmasih A1 - Ivanov, Ivaylo A1 - Wiese, Lena A1 - Neves, Mariana A1 - Schapranow, Matthieu-Patrick A1 - Fähnrich, Cindy A1 - Feinbube, Frank A1 - Eberhardt, Felix A1 - Hagen, Wieland A1 - Plauth, Max A1 - Herscheid, Lena A1 - Polze, Andreas A1 - Barkowsky, Matthias A1 - Dinger, Henriette A1 - Faber, Lukas A1 - Montenegro, Felix A1 - Czachórski, Tadeusz A1 - Nycz, Monika A1 - Nycz, Tomasz A1 - Baader, Galina A1 - Besner, Veronika A1 - Hecht, Sonja A1 - Schermann, Michael A1 - Krcmar, Helmut A1 - Wiradarma, Timur Pratama A1 - Hentschel, Christian A1 - Sack, Harald A1 - Abramowicz, Witold A1 - Sokolowska, Wioletta A1 - Hossa, Tymoteusz A1 - Opalka, Jakub A1 - Fabisz, Karol A1 - Kubaczyk, Mateusz A1 - Cmil, Milena A1 - Meng, Tianhui A1 - Dadashnia, Sharam A1 - Niesen, Tim A1 - Fettke, Peter A1 - Loos, Peter A1 - Perscheid, Cindy A1 - Schwarz, Christian A1 - Schmidt, Christopher A1 - Scholz, Matthias A1 - Bock, Nikolai A1 - Piller, Gunther A1 - Böhm, Klaus A1 - Norkus, Oliver A1 - Clark, Brian A1 - Friedrich, Björn A1 - Izadpanah, Babak A1 - Merkel, Florian A1 - Schweer, Ilias A1 - Zimak, Alexander A1 - Sauer, Jürgen A1 - Fabian, Benjamin A1 - Tilch, Georg A1 - Müller, David A1 - Plöger, Sabrina A1 - Friedrich, Christoph M. A1 - Engels, Christoph A1 - Amirkhanyan, Aragats A1 - van der Walt, Estée A1 - Eloff, J. H. P. A1 - Scheuermann, Bernd A1 - Weinknecht, Elisa ED - Meinel, Christoph ED - Polze, Andreas ED - Oswald, Gerhard ED - Strotmann, Rolf ED - Seibold, Ulrich ED - Schulzki, Bernhard T1 - HPI Future SOC Lab BT - Proceedings 2015 N2 - Das Future SOC Lab am HPI ist eine Kooperation des Hasso-Plattner-Instituts mit verschiedenen Industriepartnern. Seine Aufgabe ist die Ermöglichung und Förderung des Austausches zwischen Forschungsgemeinschaft und Industrie. Am Lab wird interessierten Wissenschaftlern eine Infrastruktur von neuester Hard- und Software kostenfrei für Forschungszwecke zur Verfügung gestellt. Dazu zählen teilweise noch nicht am Markt verfügbare Technologien, die im normalen Hochschulbereich in der Regel nicht zu finanzieren wären, bspw. Server mit bis zu 64 Cores und 2 TB Hauptspeicher. Diese Angebote richten sich insbesondere an Wissenschaftler in den Gebieten Informatik und Wirtschaftsinformatik. Einige der Schwerpunkte sind Cloud Computing, Parallelisierung und In-Memory Technologien. In diesem Technischen Bericht werden die Ergebnisse der Forschungsprojekte des Jahres 2015 vorgestellt. Ausgewählte Projekte stellten ihre Ergebnisse am 15. April 2015 und 4. November 2015 im Rahmen der Future SOC Lab Tag Veranstaltungen vor. KW - Future SOC Lab KW - Forschungsprojekte KW - Multicore Architekturen KW - In-Memory Technologie KW - Cloud Computing KW - maschinelles Lernen KW - künstliche Intelligenz Y1 - 2017 U6 - http://nbn-resolving.de/urn/resolver.pl?urn:nbn:de:kobv:517-opus4-102516 ER - TY - JOUR A1 - Roschke, Sebastian A1 - Cheng, Feng A1 - Meinel, Christoph T1 - High-quality attack graph-based IDS correlation JF - Logic journal of the IGPL N2 - Intrusion Detection Systems are widely deployed in computer networks. As modern attacks are getting more sophisticated and the number of sensors and network nodes grow, the problem of false positives and alert analysis becomes more difficult to solve. Alert correlation was proposed to analyse alerts and to decrease false positives. Knowledge about the target system or environment is usually necessary for efficient alert correlation. For representing the environment information as well as potential exploits, the existing vulnerabilities and their Attack Graph (AG) is used. It is useful for networks to generate an AG and to organize certain vulnerabilities in a reasonable way. In this article, a correlation algorithm based on AGs is designed that is capable of detecting multiple attack scenarios for forensic analysis. It can be parameterized to adjust the robustness and accuracy. A formal model of the algorithm is presented and an implementation is tested to analyse the different parameters on a real set of alerts from a local network. To improve the speed of the algorithm, a multi-core version is proposed and a HMM-supported version can be used to further improve the quality. The parallel implementation is tested on a multi-core correlation platform, using CPUs and GPUs. KW - Correlation KW - attack graph KW - HMM KW - multi-core KW - IDS Y1 - 2013 U6 - https://doi.org/10.1093/jigpal/jzs034 SN - 1367-0751 VL - 21 IS - 4 SP - 571 EP - 591 PB - Oxford Univ. Press CY - Oxford ER - TY - JOUR A1 - Jaeger, David A1 - Graupner, Hendrik A1 - Pelchen, Chris A1 - Cheng, Feng A1 - Meinel, Christoph T1 - Fast Automated Processing and Evaluation of Identity Leaks JF - International journal of parallel programming N2 - The relevance of identity data leaks on the Internet is more present than ever. Almost every week we read about leakage of databases with more than a million users in the news. Smaller but not less dangerous leaks happen even multiple times a day. The public availability of such leaked data is a major threat to the victims, but also creates the opportunity to learn not only about security of service providers but also the behavior of users when choosing passwords. Our goal is to analyze this data and generate knowledge that can be used to increase security awareness and security, respectively. This paper presents a novel approach to the processing and analysis of a vast majority of bigger and smaller leaks. We evolved from a semi-manual to a fully automated process that requires a minimum of human interaction. Our contribution is the concept and a prototype implementation of a leak processing workflow that includes the extraction of digital identities from structured and unstructured leak-files, the identification of hash routines and a quality control to ensure leak authenticity. By making use of parallel and distributed programming, we are able to make leaks almost immediately available for analysis and notification after they have been published. Based on the data collected, this paper reveals how easy it is for criminals to collect lots of passwords, which are plain text or only weakly hashed. We publish those results and hope to increase not only security awareness of Internet users but also security on a technical level on the service provider side. KW - Identity leak KW - Data breach KW - Automated parsing KW - Parallel processing Y1 - 2018 U6 - https://doi.org/10.1007/s10766-016-0478-6 SN - 0885-7458 SN - 1573-7640 VL - 46 IS - 2 SP - 441 EP - 470 PB - Springer CY - New York ER - TY - THES A1 - Cheng, Feng T1 - Evolution and ontogeny of electric organ discharge in African weakly electric fish genus Campylomormyrus: a genomic and transcriptomic perspective N2 - The African weakly electric fishes (Mormyridae) exhibit a remarkable adaptive radiation possibly due to their species-specific electric organ discharges (EODs). It is produced by a muscle-derived electric organ that is located in the caudal peduncle. Divergence in EODs acts as a pre-zygotic isolation mechanism to drive species radiations. However, the mechanism behind the EOD diversification are only partially understood. The aim of this study is to explore the genetic basis of EOD diversification from the gene expression level across Campylomormyrus species/hybrids and ontogeny. I firstly produced a high quality genome of the species C. compressirostris as a valuable resource to understand the electric fish evolution. The next study compared the gene expression pattern between electric organs and skeletal muscles in Campylomormyrus species/hybrids with different types of EOD duration. I identified several candidate genes with an electric organ-specific expression, e.g. KCNA7a, KLF5, KCNJ2, SCN4aa, NDRG3, MEF2. The overall genes expression pattern exhibited a significant association with EOD duration in all analyzed species/hybrids. The expression of several candidate genes, e.g. KCNJ2, KLF5, KCNK6 and KCNQ5, possibly contribute to the regulation of EOD duration in Campylomormyrus due to their increasing or decreasing expression. Several potassium channel genes showed differential expression during ontogeny in species and hybrid with EOD alteration, e.g. KCNJ2. I next explored allele specific expression of intragenus hybrids by crossing the duration EOD species C. compressirostris with the medium duration EOD species C. tshokwe and the elongated duration EOD species C. rhynchophorus. The hybrids exhibited global expression dominance of the C. compressirostris allele in the adult skeletal muscle and electric organ, as well as in the juvenile electric organ. Only the gene KCNJ2 showed dominant expression of the allele from C. rhynchophorus, and this was increasingly dominant during ontogeny. It hence supported our hypothesis that KCNJ2 is a key gene of regulating EOD duration. Our results help us to understand, from a genetic perspective, how gene expression effect the EOD diversification in the African weakly electric fish. N2 - Die Mormyridae, eine Familie afrikanischer schwach elektrischer Süßwasserfische, zeigen eine außergewöhnliche adaptive Radiation. Eine Erklärung für die Diversifizierung dieser Gruppe stellen die artspezifischen elektrischen Organentladungen (EODs) dar. Diese werden von einem elektrischen Organ muskulären Ursprungs im Ansatz der Schwanzflosse erzeugt. Die verschiedenen EODs könnten als präzygotischer Isolationsmechanismus für die Radiation verantwortlich sein. Dennoch ist der Mechanismus hinter der EOD-Diversifizierung bisher nicht vollständig geklärt. Ziel dieser Studie ist es, die genetische Grundlage der EOD-Diversifizierung auf der Ebene der Genexpression bei verschiedenen Campylomormyrus-Arten bzw. -Hybriden und während der Ontogenese zu ermitteln. Zunächst wurde erstmals das Genom der Art C. compressirostris in hoher Qualität sequenziert. Dies bildet eine bedeutende Grundlage für das Verständnis der Evolution der elektrischen Fische. In der zweiten Studie wurden Genexpressionsmuster von elektrischen Organen und Skelettmuskeln bei Campylomormyrus-Arten bzw. -Hybriden mit unterschiedlicher EOD-Dauer verglichen. Dabei konnten mehrere Kandidatengene identifiziert werden, die potentiell Elektroorgan-spezifisch exprimiert sind, i.a. KCNA7a, KLF5, KCNJ2, SCN4aa, NDRG3, MEF2. Bei allen untersuchten Arten/Hybriden wies das Genexpressionsmuster einen signifikanten Zusammenhang mit der EOD-Dauer auf. Die Expression mehrerer Kandidatengene, wie beispielsweise KCNJ2, KLF5, KCNK6 und KCNQ5, trägt möglicherweise zur Regulierung der EOD-Dauer bei Campylomormyrus bei. Bei Arten und Hybriden mit EOD-Unterschieden zeigten Kaliumkanal-Gene wie KCNJ2 eine unterschiedliche Expression während der Ontogenese. Zudem wurde die Allel-spezifische Expression bei Intragenus-Hybriden unter Verwendung der Arten C. compressirostris, C. tshokwe und C. rhynchophorus, die jeweils eine kurze, intermediäre bzw. lange EOD-Dauer aufweisen, untersucht. Die Hybriden wiesen eine generell dominante Expression der Allele von C. compressirostris in der adulten Skelettmuskulatur und im elektrischen Organ sowie im juvenilen elektrischen Organ auf. Einzig im Gen KCNJ2 dominierte das Allel von C. rhynchophorus, mit zunehmender Dominanz mit fortschreitender Ontogenese. Dies stützt unsere Hypothese einer Beteiligung des KCNJ2-Gens an der Regulation der EOD-Dauer. Unsere Ergebnisse stellen einen wesentlichen Beitrag zum Verständnis des Einflusses der Genexpression auf die EOD-Diversifizierung bei afrikanischen schwach elektrischen Fischen dar. KW - tropical freshwater fish KW - weakly electric fish KW - genomics KW - transcriptomics KW - Genomik KW - Transkriptomik KW - tropische Süßwasserfische KW - schwach elektrischer Fisch Y1 - 2024 U6 - http://nbn-resolving.de/urn/resolver.pl?urn:nbn:de:kobv:517-opus4-630172 ER - TY - JOUR A1 - Azodi, Amir A1 - Cheng, Feng A1 - Meinel, Christoph T1 - Event Driven Network Topology Discovery and Inventory Listing Using REAMS JF - Wireless personal communications : an international journal N2 - Network Topology Discovery and Inventory Listing are two of the primary features of modern network monitoring systems (NMS). Current NMSs rely heavily on active scanning techniques for discovering and mapping network information. Although this approach works, it introduces some major drawbacks such as the performance impact it can exact, specially in larger network environments. As a consequence, scans are often run less frequently which can result in stale information being presented and used by the network monitoring system. Alternatively, some NMSs rely on their agents being deployed on the hosts they monitor. In this article, we present a new approach to Network Topology Discovery and Network Inventory Listing using only passive monitoring and scanning techniques. The proposed techniques rely solely on the event logs produced by the hosts and network devices present within a network. Finally, we discuss some of the advantages and disadvantages of our approach. KW - Network topology KW - Inventory systems KW - Network monitoring KW - Network graph KW - Service detection KW - Event processing KW - Event normalization Y1 - 2015 U6 - https://doi.org/10.1007/s11277-015-3061-3 SN - 0929-6212 SN - 1572-834X VL - 94 SP - 415 EP - 430 PB - Springer CY - New York ER - TY - GEN A1 - Torkura, Kennedy A. A1 - Sukmana, Muhammad Ihsan Haikal A1 - Strauss, Tim A1 - Graupner, Hendrik A1 - Cheng, Feng A1 - Meinel, Christoph T1 - CSBAuditor BT - proactive security risk analysis for cloud storage broker systems T2 - 17th International Symposium on Network Computing and Applications (NCA) N2 - Cloud Storage Brokers (CSB) provide seamless and concurrent access to multiple Cloud Storage Services (CSS) while abstracting cloud complexities from end-users. However, this multi-cloud strategy faces several security challenges including enlarged attack surfaces, malicious insider threats, security complexities due to integration of disparate components and API interoperability issues. Novel security approaches are imperative to tackle these security issues. Therefore, this paper proposes CSBAuditor, a novel cloud security system that continuously audits CSB resources, to detect malicious activities and unauthorized changes e.g. bucket policy misconfigurations, and remediates these anomalies. The cloud state is maintained via a continuous snapshotting mechanism thereby ensuring fault tolerance. We adopt the principles of chaos engineering by integrating Broker Monkey, a component that continuously injects failure into our reference CSB system, Cloud RAID. Hence, CSBAuditor is continuously tested for efficiency i.e. its ability to detect the changes injected by Broker Monkey. CSBAuditor employs security metrics for risk analysis by computing severity scores for detected vulnerabilities using the Common Configuration Scoring System, thereby overcoming the limitation of insufficient security metrics in existing cloud auditing schemes. CSBAuditor has been tested using various strategies including chaos engineering failure injection strategies. Our experimental evaluation validates the efficiency of our approach against the aforementioned security issues with a detection and recovery rate of over 96 %. KW - Cloud-Security KW - Cloud Audit KW - Security Metrics KW - Security Risk Assessment KW - Secure Configuration Y1 - 2018 SN - 978-1-5386-7659-2 U6 - https://doi.org/10.1109/NCA.2018.8548329 PB - IEEE CY - New York ER - TY - JOUR A1 - Torkura, Kennedy A. A1 - Sukmana, Muhammad Ihsan Haikal A1 - Cheng, Feng A1 - Meinel, Christoph T1 - CloudStrike BT - chaos engineering for security and resiliency in cloud infrastructure JF - IEEE access : practical research, open solutions N2 - Most cyber-attacks and data breaches in cloud infrastructure are due to human errors and misconfiguration vulnerabilities. Cloud customer-centric tools are imperative for mitigating these issues, however existing cloud security models are largely unable to tackle these security challenges. Therefore, novel security mechanisms are imperative, we propose Risk-driven Fault Injection (RDFI) techniques to address these challenges. RDFI applies the principles of chaos engineering to cloud security and leverages feedback loops to execute, monitor, analyze and plan security fault injection campaigns, based on a knowledge-base. The knowledge-base consists of fault models designed from secure baselines, cloud security best practices and observations derived during iterative fault injection campaigns. These observations are helpful for identifying vulnerabilities while verifying the correctness of security attributes (integrity, confidentiality and availability). Furthermore, RDFI proactively supports risk analysis and security hardening efforts by sharing security information with security mechanisms. We have designed and implemented the RDFI strategies including various chaos engineering algorithms as a software tool: CloudStrike. Several evaluations have been conducted with CloudStrike against infrastructure deployed on two major public cloud infrastructure: Amazon Web Services and Google Cloud Platform. The time performance linearly increases, proportional to increasing attack rates. Also, the analysis of vulnerabilities detected via security fault injection has been used to harden the security of cloud resources to demonstrate the effectiveness of the security information provided by CloudStrike. Therefore, we opine that our approaches are suitable for overcoming contemporary cloud security issues. KW - cloud security KW - security chaos engineering KW - resilient architectures KW - security risk assessment Y1 - 2020 U6 - https://doi.org/10.1109/ACCESS.2020.3007338 SN - 2169-3536 VL - 8 SP - 123044 EP - 123060 PB - Institute of Electrical and Electronics Engineers  CY - Piscataway ER - TY - GEN A1 - Gawron, Marian A1 - Cheng, Feng A1 - Meinel, Christoph T1 - Automatic vulnerability classification using machine learning T2 - Risks and Security of Internet and Systems N2 - The classification of vulnerabilities is a fundamental step to derive formal attributes that allow a deeper analysis. Therefore, it is required that this classification has to be performed timely and accurate. Since the current situation demands a manual interaction in the classification process, the timely processing becomes a serious issue. Thus, we propose an automated alternative to the manual classification, because the amount of identified vulnerabilities per day cannot be processed manually anymore. We implemented two different approaches that are able to automatically classify vulnerabilities based on the vulnerability description. We evaluated our approaches, which use Neural Networks and the Naive Bayes methods respectively, on the base of publicly known vulnerabilities. KW - Vulnerability analysis KW - Security analytics KW - Data mining Machine learning KW - Neural Networks Y1 - 2018 SN - 978-3-319-76687-4 SN - 978-3-319-76686-7 U6 - https://doi.org/10.1007/978-3-319-76687-4_1 SN - 0302-9743 SN - 1611-3349 SP - 3 EP - 17 PB - Springer CY - Cham ER - TY - JOUR A1 - Roschke, Sebastian A1 - Cheng, Feng A1 - Meinel, Christoph T1 - An alert correlation platform for memory-supported techniques JF - Concurrency and computation : practice & experience N2 - Intrusion Detection Systems (IDS) have been widely deployed in practice for detecting malicious behavior on network communication and hosts. False-positive alerts are a popular problem for most IDS approaches. The solution to address this problem is to enhance the detection process by correlation and clustering of alerts. To meet the practical requirements, this process needs to be finished fast, which is a challenging task as the amount of alerts in large-scale IDS deployments is significantly high. We identifytextitdata storage and processing algorithms to be the most important factors influencing the performance of clustering and correlation. We propose and implement a highly efficient alert correlation platform. For storage, a column-based database, an In-Memory alert storage, and memory-based index tables lead to significant improvements of the performance. For processing, algorithms are designed and implemented which are optimized for In-Memory databases, e.g. an attack graph-based correlation algorithm. The platform can be distributed over multiple processing units to share memory and processing power. A standardized interface is designed to provide a unified view of result reports for end users. The efficiency of the platform is tested by practical experiments with several alert storage approaches, multiple algorithms, as well as a local and a distributed deployment. KW - memory-based correlation KW - memory-based clustering KW - memory-based databases KW - IDS management Y1 - 2012 U6 - https://doi.org/10.1002/cpe.1750 SN - 1532-0626 VL - 24 IS - 10 SP - 1123 EP - 1136 PB - Wiley-Blackwell CY - Hoboken ER - TY - GEN A1 - Torkura, Kennedy A. A1 - Sukmana, Muhammad Ihsan Haikal A1 - Kayem, Anne V. D. M. A1 - Cheng, Feng A1 - Meinel, Christoph T1 - A cyber risk based moving target defense mechanism for microservice architectures T2 - IEEE Intl Conf on Parallel & Distributed Processing with Applications, Ubiquitous Computing & Communications, Big Data & Cloud Computing, Social Computing & Networking, Sustainable Computing & Communications (ISPA/IUCC/BDCloud/SocialCom/SustainCom) N2 - Microservice Architectures (MSA) structure applications as a collection of loosely coupled services that implement business capabilities. The key advantages of MSA include inherent support for continuous deployment of large complex applications, agility and enhanced productivity. However, studies indicate that most MSA are homogeneous, and introduce shared vulnerabilites, thus vulnerable to multi-step attacks, which are economics-of-scale incentives to attackers. In this paper, we address the issue of shared vulnerabilities in microservices with a novel solution based on the concept of Moving Target Defenses (MTD). Our mechanism works by performing risk analysis against microservices to detect and prioritize vulnerabilities. Thereafter, security risk-oriented software diversification is employed, guided by a defined diversification index. The diversification is performed at runtime, leveraging both model and template based automatic code generation techniques to automatically transform programming languages and container images of the microservices. Consequently, the microservices attack surfaces are altered thereby introducing uncertainty for attackers while reducing the attackability of the microservices. Our experiments demonstrate the efficiency of our solution, with an average success rate of over 70% attack surface randomization. KW - Security Risk Assessment KW - Security Metrics KW - Moving Target Defense KW - Microservices Security KW - Application Container Security Y1 - 2018 SN - 978-1-7281-1141-4 U6 - https://doi.org/10.1109/BDCloud.2018.00137 SN - 2158-9178 SP - 932 EP - 939 PB - Institute of Electrical and Electronics Engineers CY - Los Alamitos ER -