TY - JOUR A1 - Yeung, Ching-man Au A1 - Noll, Michael G. A1 - Gibbins, Nicholas A1 - Meinel, Christoph A1 - Shadbolt, Nigel T1 - Spear spamming-resistant expertise analysis and ranking incollaborative tagging systems JF - Computational intelligence N2 - In this article, we discuss the notions of experts and expertise in resource discovery in the context of collaborative tagging systems. We propose that the level of expertise of a user with respect to a particular topic is mainly determined by two factors. First, an expert should possess a high-quality collection of resources, while the quality of a Web resource in turn depends on the expertise of the users who have assigned tags to it, forming a mutual reinforcement relationship. Second, an expert should be one who tends to identify interesting or useful resources before other users discover them, thus bringing these resources to the attention of the community of users. We propose a graph-based algorithm, SPEAR (spamming-resistant expertise analysis and ranking), which implements the above ideas for ranking users in a folksonomy. Our experiments show that our assumptions on expertise in resource discovery, and SPEAR as an implementation of these ideas, allow us to promote experts and demote spammers at the same time, with performance significantly better than the original hypertext-induced topic search algorithm and simple statistical measures currently used in most collaborative tagging systems. KW - collaborative tagging KW - expertise KW - folksonomy KW - HITS KW - ranking KW - spamming Y1 - 2011 U6 - https://doi.org/10.1111/j.1467-8640.2011.00384.x SN - 0824-7935 SN - 1467-8640 VL - 27 IS - 3 SP - 458 EP - 488 PB - Wiley-Blackwell CY - Hoboken ER - TY - JOUR A1 - Roschke, Sebastian A1 - Cheng, Feng A1 - Meinel, Christoph T1 - An alert correlation platform for memory-supported techniques JF - Concurrency and computation : practice & experience N2 - Intrusion Detection Systems (IDS) have been widely deployed in practice for detecting malicious behavior on network communication and hosts. False-positive alerts are a popular problem for most IDS approaches. The solution to address this problem is to enhance the detection process by correlation and clustering of alerts. To meet the practical requirements, this process needs to be finished fast, which is a challenging task as the amount of alerts in large-scale IDS deployments is significantly high. We identifytextitdata storage and processing algorithms to be the most important factors influencing the performance of clustering and correlation. We propose and implement a highly efficient alert correlation platform. For storage, a column-based database, an In-Memory alert storage, and memory-based index tables lead to significant improvements of the performance. For processing, algorithms are designed and implemented which are optimized for In-Memory databases, e.g. an attack graph-based correlation algorithm. The platform can be distributed over multiple processing units to share memory and processing power. A standardized interface is designed to provide a unified view of result reports for end users. The efficiency of the platform is tested by practical experiments with several alert storage approaches, multiple algorithms, as well as a local and a distributed deployment. KW - memory-based correlation KW - memory-based clustering KW - memory-based databases KW - IDS management Y1 - 2012 U6 - https://doi.org/10.1002/cpe.1750 SN - 1532-0626 VL - 24 IS - 10 SP - 1123 EP - 1136 PB - Wiley-Blackwell CY - Hoboken ER - TY - JOUR A1 - Quasthoff, Matthias A1 - Meinel, Christoph T1 - Supporting object-oriented programming of semantic-web software JF - IEEE transactions on systems, man, and cybernetics : Part C, Applications and reviews N2 - This paper presents the state of the art in the development of Semantic-Web-enabled software using object-oriented programming languages. Object triple mapping (OTM) is a frequently used method to simplify the development of such software. A case study that is based on interviews with developers of OTM frameworks is presented at the core of this paper. Following the results of the case study, the formalization of OTM is kept separate from optional but desirable extensions of OTM with regard to metadata, schema matching, and integration into the Semantic-Web infrastructure. The material that is presented is expected to not only explain the development of Semantic-Web software by the usage of OTM, but also explain what properties of Semantic-Web software made developers come up with OTM. Understanding the latter will be essential to get nonexpert software developers to use Semantic-Web technologies in their software. KW - Resource description framework KW - Software KW - Java KW - Data models KW - Programming KW - Interviews Y1 - 2012 U6 - https://doi.org/10.1109/TSMCC.2011.2151282 SN - 1094-6977 VL - 42 IS - 1 SP - 15 EP - 24 PB - Inst. of Electr. and Electronics Engineers CY - Piscataway ER - TY - JOUR A1 - Rafiee, Hosnieh A1 - von Loewis, Martin A1 - Meinel, Christoph T1 - IPv6 Deployment and Spam Challenges JF - IEEE Internet computing N2 - Spam has posed a serious problem for users of email since its infancy. Today, automated strategies are required to deal with the massive amount of spam traffic. IPv4 networks offer a variety of solutions to reduce spam, but IPv6 networks' large address space and use of temporary addresses - both of which are particularly vulnerable to spam attacks - makes dealing with spam and the use of automated approaches much more difficult. IPv6 thus poses a unique security issue for ISPs because it's more difficult for them to differentiate between good IP addresses and those that are known to originate spam messages. Y1 - 2012 SN - 1089-7801 VL - 16 IS - 6 SP - 22 EP - 29 PB - Inst. of Electr. and Electronics Engineers CY - Los Alamitos ER - TY - JOUR A1 - AlSa'deh, Ahmad A1 - Meinel, Christoph T1 - Secure neighbor discovery Review, challenges, perspectives, and recommendations JF - IEEE security & privacy : building confidence in a networked world N2 - Secure Neighbor Discovery is designed as a countermeasure to Neighbor Discovery Protocol threats. The authors discuss Secure Neighbor Discovery implementation and deployment challenges and review proposals to optimize it. Y1 - 2012 SN - 1540-7993 VL - 10 IS - 4 SP - 26 EP - 34 PB - Inst. of Electr. and Electronics Engineers CY - Los Alamitos ER - TY - JOUR A1 - Roschke, Sebastian A1 - Cheng, Feng A1 - Meinel, Christoph T1 - High-quality attack graph-based IDS correlation JF - Logic journal of the IGPL N2 - Intrusion Detection Systems are widely deployed in computer networks. As modern attacks are getting more sophisticated and the number of sensors and network nodes grow, the problem of false positives and alert analysis becomes more difficult to solve. Alert correlation was proposed to analyse alerts and to decrease false positives. Knowledge about the target system or environment is usually necessary for efficient alert correlation. For representing the environment information as well as potential exploits, the existing vulnerabilities and their Attack Graph (AG) is used. It is useful for networks to generate an AG and to organize certain vulnerabilities in a reasonable way. In this article, a correlation algorithm based on AGs is designed that is capable of detecting multiple attack scenarios for forensic analysis. It can be parameterized to adjust the robustness and accuracy. A formal model of the algorithm is presented and an implementation is tested to analyse the different parameters on a real set of alerts from a local network. To improve the speed of the algorithm, a multi-core version is proposed and a HMM-supported version can be used to further improve the quality. The parallel implementation is tested on a multi-core correlation platform, using CPUs and GPUs. KW - Correlation KW - attack graph KW - HMM KW - multi-core KW - IDS Y1 - 2013 U6 - https://doi.org/10.1093/jigpal/jzs034 SN - 1367-0751 VL - 21 IS - 4 SP - 571 EP - 591 PB - Oxford Univ. Press CY - Oxford ER - TY - JOUR A1 - Takouna, Ibrahim A1 - Sachs, Kai A1 - Meinel, Christoph T1 - Multiperiod robust optimization for proactive resource provisioning in virtualized data centers JF - The journal of supercomputing : an internat. journal of supercomputer design, analysis and use KW - Energy-aware KW - Virtualization KW - Resource management KW - Robust optimization KW - Prediction Y1 - 2014 U6 - https://doi.org/10.1007/s11227-014-1246-2 SN - 0920-8542 SN - 1573-0484 VL - 70 IS - 3 SP - 1514 EP - 1536 PB - Springer CY - Dordrecht ER - TY - JOUR A1 - Azodi, Amir A1 - Cheng, Feng A1 - Meinel, Christoph T1 - Event Driven Network Topology Discovery and Inventory Listing Using REAMS JF - Wireless personal communications : an international journal N2 - Network Topology Discovery and Inventory Listing are two of the primary features of modern network monitoring systems (NMS). Current NMSs rely heavily on active scanning techniques for discovering and mapping network information. Although this approach works, it introduces some major drawbacks such as the performance impact it can exact, specially in larger network environments. As a consequence, scans are often run less frequently which can result in stale information being presented and used by the network monitoring system. Alternatively, some NMSs rely on their agents being deployed on the hosts they monitor. In this article, we present a new approach to Network Topology Discovery and Network Inventory Listing using only passive monitoring and scanning techniques. The proposed techniques rely solely on the event logs produced by the hosts and network devices present within a network. Finally, we discuss some of the advantages and disadvantages of our approach. KW - Network topology KW - Inventory systems KW - Network monitoring KW - Network graph KW - Service detection KW - Event processing KW - Event normalization Y1 - 2015 U6 - https://doi.org/10.1007/s11277-015-3061-3 SN - 0929-6212 SN - 1572-834X VL - 94 SP - 415 EP - 430 PB - Springer CY - New York ER - TY - JOUR A1 - Sapegin, Andrey A1 - Jaeger, David A1 - Cheng, Feng A1 - Meinel, Christoph T1 - Towards a system for complex analysis of security events in large-scale networks JF - Computers & security : the international journal devoted to the study of the technical and managerial aspects of computer security N2 - After almost two decades of development, modern Security Information and Event Management (SIEM) systems still face issues with normalisation of heterogeneous data sources, high number of false positive alerts and long analysis times, especially in large-scale networks with high volumes of security events. In this paper, we present our own prototype of SIEM system, which is capable of dealing with these issues. For efficient data processing, our system employs in-memory data storage (SAP HANA) and our own technologies from the previous work, such as the Object Log Format (OLF) and high-speed event normalisation. We analyse normalised data using a combination of three different approaches for security analysis: misuse detection, query-based analytics, and anomaly detection. Compared to the previous work, we have significantly improved our unsupervised anomaly detection algorithms. Most importantly, we have developed a novel hybrid outlier detection algorithm that returns ranked clusters of anomalies. It lets an operator of a SIEM system to concentrate on the several top-ranked anomalies, instead of digging through an unsorted bundle of suspicious events. We propose to use anomaly detection in a combination with signatures and queries, applied on the same data, rather than as a full replacement for misuse detection. In this case, the majority of attacks will be captured with misuse detection, whereas anomaly detection will highlight previously unknown behaviour or attacks. We also propose that only the most suspicious event clusters need to be checked by an operator, whereas other anomalies, including false positive alerts, do not need to be explicitly checked if they have a lower ranking. We have proved our concepts and algorithms on a dataset of 160 million events from a network segment of a big multinational company and suggest that our approach and methods are highly relevant for modern SIEM systems. KW - Intrusion detection KW - SAP HANA KW - In-memory KW - Security KW - Machine learning KW - Anomaly detection KW - Outlier detection Y1 - 2017 U6 - https://doi.org/10.1016/j.cose.2017.02.001 SN - 0167-4048 SN - 1872-6208 VL - 67 SP - 16 EP - 34 PB - Elsevier Science CY - Oxford ER - TY - JOUR A1 - Chujfi-La-Roche, Salim A1 - Meinel, Christoph T1 - Matching cognitively sympathetic individual styles to develop collective intelligence in digital communities JF - AI & society : the journal of human-centred systems and machine intelligence N2 - Creation, collection and retention of knowledge in digital communities is an activity that currently requires being explicitly targeted as a secure method of keeping intellectual capital growing in the digital era. In particular, we consider it relevant to analyze and evaluate the empathetic cognitive personalities and behaviors that individuals now have with the change from face-to-face communication (F2F) to computer-mediated communication (CMC) online. This document proposes a cyber-humanistic approach to enhance the traditional SECI knowledge management model. A cognitive perception is added to its cyclical process following design thinking interaction, exemplary for improvement of the method in which knowledge is continuously created, converted and shared. In building a cognitive-centered model, we specifically focus on the effective identification and response to cognitive stimulation of individuals, as they are the intellectual generators and multiplicators of knowledge in the online environment. Our target is to identify how geographically distributed-digital-organizations should align the individual's cognitive abilities to promote iteration and improve interaction as a reliable stimulant of collective intelligence. The new model focuses on analyzing the four different stages of knowledge processing, where individuals with sympathetic cognitive personalities can significantly boost knowledge creation in a virtual social system. For organizations, this means that multidisciplinary individuals can maximize their extensive potential, by externalizing their knowledge in the correct stage of the knowledge creation process, and by collaborating with their appropriate sympathetically cognitive remote peers. KW - argumentation research KW - cyber humanistic KW - cognition KW - collaboration KW - knowledge building KW - knowledge management KW - teamwork KW - virtual groups Y1 - 2017 U6 - https://doi.org/10.1007/s00146-017-0780-x SN - 0951-5666 SN - 1435-5655 VL - 35 IS - 1 SP - 5 EP - 15 PB - Springer CY - New York ER -