@article{HuChengXuetal.2021,
  author    = {Hu, Ting-Li and Cheng, Feng and Xu, Zhen and Chen, Zhong-Zheng and Yu, Lei and Ban, Qian and Li, Chun-Lin and Pan, Tao and Zhang, Bao-Wei},
  title     = {Molecular and morphological evidence for a new species of the genus Typhlomys (Rodentia: Platacanthomyidae)},
  series = {Zoological research : ZR = Dongwuxue-yanjiu : jikan / published by Kunming Institute of Zoology, Chinese Academy of Sciences, Zhongguo Kexueyuan Kunming Dongwu Yanjiusuo zhuban, Dongwuxue-yanjiu Bianji Weiyuanhui bianji},
  volume    = {42},
  journal   = {Zoological research : ZR = Dongwuxue-yanjiu : jikan / published by Kunming Institute of Zoology, Chinese Academy of Sciences, Zhongguo Kexueyuan Kunming Dongwu Yanjiusuo zhuban, Dongwuxue-yanjiu Bianji Weiyuanhui bianji},
  number    = {1},
  publisher = {Yunnan Renmin Chubanshe},
  address   = {Kunming},
  issn      = {2095-8137},
  doi       = {10.24272/j.issn.2095-8137.2020.132},
  pages     = {100 -- 107},
  year      = {2021},
  abstract  = {In this study, we reassessed the taxonomic position of Typhlomys (Rodentia: Platacanthomyidae) from Huangshan, Anhui, China, based on morphological and molecular evidence. Results suggested that Typhlomys is comprised of up to six species, including four currently recognized species ( Typhlomys cinereus, T. chapensis, T. daloushanensis, and T. nanus), one unconfirmed candidate species, and one new species ( Typhlomys huangshanensis sp. nov.). Morphological analyses further supported the designation of the Huangshan specimens found at mid-elevations in the southern Huangshan Mountains (600 m to 1 200 m a.s.l.) as a new species.},
  language  = {en}
}
@phdthesis{Cheng2024,
  author    = {Cheng, Feng},
  title     = {Evolution and ontogeny of electric organ discharge in African weakly electric fish genus Campylomormyrus: a genomic and transcriptomic perspective},
  doi       = {10.25932/publishup-63017},
  url       = {http://nbn-resolving.de/urn:nbn:de:kobv:517-opus4-630172},
  school      = {Universit{\"a}t Potsdam},
  pages     = {176},
  year      = {2024},
  abstract  = {The African weakly electric fishes (Mormyridae) exhibit a remarkable adaptive radiation possibly due to their species-specific electric organ discharges (EODs). It is produced by a muscle-derived electric organ that is located in the caudal peduncle. Divergence in EODs acts as a pre-zygotic isolation mechanism to drive species radiations. However, the mechanism behind the EOD diversification are only partially understood. The aim of this study is to explore the genetic basis of EOD diversification from the gene expression level across Campylomormyrus species/hybrids and ontogeny. I firstly produced a high quality genome of the species C. compressirostris as a valuable resource to understand the electric fish evolution. The next study compared the gene expression pattern between electric organs and skeletal muscles in Campylomormyrus species/hybrids with different types of EOD duration. I identified several candidate genes with an electric organ-specific expression, e.g. KCNA7a, KLF5, KCNJ2, SCN4aa, NDRG3, MEF2. The overall genes expression pattern exhibited a significant association with EOD duration in all analyzed species/hybrids. The expression of several candidate genes, e.g. KCNJ2, KLF5, KCNK6 and KCNQ5, possibly contribute to the regulation of EOD duration in Campylomormyrus due to their increasing or decreasing expression. Several potassium channel genes showed differential expression during ontogeny in species and hybrid with EOD alteration, e.g. KCNJ2. I next explored allele specific expression of intragenus hybrids by crossing the duration EOD species C. compressirostris with the medium duration EOD species C. tshokwe and the elongated duration EOD species C. rhynchophorus. The hybrids exhibited global expression dominance of the C. compressirostris allele in the adult skeletal muscle and electric organ, as well as in the juvenile electric organ. Only the gene KCNJ2 showed dominant expression of the allele from C. rhynchophorus, and this was increasingly dominant during ontogeny. It hence supported our hypothesis that KCNJ2 is a key gene of regulating EOD duration. Our results help us to understand, from a genetic perspective, how gene expression effect the EOD diversification in the African weakly electric fish.},
  language  = {en}
}
@book{RanaMohapatraSidorovaetal.2022,
  author    = {Rana, Kaushik and Mohapatra, Durga Prasad and Sidorova, Julia and Lundberg, Lars and Sk{\"o}ld, Lars and Lopes Grim, Lu{\´i}s Fernando and Sampaio Gradvohl, Andr{\´e} Leon and Cremerius, Jonas and Siegert, Simon and Weltzien, Anton von and Baldi, Annika and Klessascheck, Finn and Kalancha, Svitlana and Lichtenstein, Tom and Shaabani, Nuhad and Meinel, Christoph and Friedrich, Tobias and Lenzner, Pascal and Schumann, David and Wiese, Ingmar and Sarna, Nicole and Wiese, Lena and Tashkandi, Araek Sami and van der Walt, Est{\´e}e and Eloff, Jan H. P. and Schmidt, Christopher and H{\"u}gle, Johannes and Horschig, Siegfried and Uflacker, Matthias and Najafi, Pejman and Sapegin, Andrey and Cheng, Feng and Stojanovic, Dragan and Stojnev Ilić, Aleksandra and Djordjevic, Igor and Stojanovic, Natalija and Predic, Bratislav and Gonz{\´a}lez-Jim{\´e}nez, Mario and de Lara, Juan and Mischkewitz, Sven and Kainz, Bernhard and van Hoorn, Andr{\´e} and Ferme, Vincenzo and Schulz, Henning and Knigge, Marlene and Hecht, Sonja and Prifti, Loina and Krcmar, Helmut and Fabian, Benjamin and Ermakova, Tatiana and Kelkel, Stefan and Baumann, Annika and Morgenstern, Laura and Plauth, Max and Eberhard, Felix and Wolff, Felix and Polze, Andreas and Cech, Tim and Danz, Noel and Noack, Nele Sina and Pirl, Lukas and Beilharz, Jossekin Jakob and De Oliveira, Roberto C. L. and Soares, F{\´a}bio Mendes and Juiz, Carlos and Bermejo, Belen and M{\"u}hle, Alexander and Gr{\"u}ner, Andreas and Saxena, Vageesh and Gayvoronskaya, Tatiana and Weyand, Christopher and Krause, Mirko and Frank, Markus and Bischoff, Sebastian and Behrens, Freya and R{\"u}ckin, Julius and Ziegler, Adrian and Vogel, Thomas and Tran, Chinh and Moser, Irene and Grunske, Lars and Sz{\´a}rnyas, G{\´a}bor and Marton, J{\´o}zsef and Maginecz, J{\´a}nos and Varr{\´o}, D{\´a}niel and Antal, J{\´a}nos Benjamin},
  title     = {HPI Future SOC Lab - Proceedings 2018},
  number    = {151},
  editor    = {Meinel, Christoph and Polze, Andreas and Beins, Karsten and Strotmann, Rolf and Seibold, Ulrich and R{\"o}dszus, Kurt and M{\"u}ller, J{\"u}rgen},
  publisher = {Universit{\"a}tsverlag Potsdam},
  address   = {Potsdam},
  isbn      = {978-3-86956-547-7},
  issn      = {1613-5652},
  doi       = {10.25932/publishup-56371},
  url       = {http://nbn-resolving.de/urn:nbn:de:kobv:517-opus4-563712},
  publisher      = {Universit{\"a}t Potsdam},
  pages     = {x, 277},
  year      = {2022},
  abstract  = {The "HPI Future SOC Lab" is a cooperation of the Hasso Plattner Institute (HPI) and industry partners. Its mission is to enable and promote exchange and interaction between the research community and the industry partners. The HPI Future SOC Lab provides researchers with free of charge access to a complete infrastructure of state of the art hard and software. This infrastructure includes components, which might be too expensive for an ordinary research environment, such as servers with up to 64 cores and 2 TB main memory. The offerings address researchers particularly from but not limited to the areas of computer science and business information systems. Main areas of research include cloud computing, parallelization, and In-Memory technologies. This technical report presents results of research projects executed in 2018. Selected projects have presented their results on April 17th and November 14th 2017 at the Future SOC Lab Day events.},
  language  = {en}
}
@article{TorkuraSukmanaChengetal.2020,
  author    = {Torkura, Kennedy A. and Sukmana, Muhammad Ihsan Haikal and Cheng, Feng and Meinel, Christoph},
  title     = {CloudStrike},
  series = {IEEE access : practical research, open solutions},
  volume    = {8},
  journal   = {IEEE access : practical research, open solutions},
  publisher = {Institute of Electrical and Electronics Engineers },
  address   = {Piscataway},
  issn      = {2169-3536},
  doi       = {10.1109/ACCESS.2020.3007338},
  pages     = {123044 -- 123060},
  year      = {2020},
  abstract  = {Most cyber-attacks and data breaches in cloud infrastructure are due to human errors and misconfiguration vulnerabilities. Cloud customer-centric tools are imperative for mitigating these issues, however existing cloud security models are largely unable to tackle these security challenges. Therefore, novel security mechanisms are imperative, we propose Risk-driven Fault Injection (RDFI) techniques to address these challenges. RDFI applies the principles of chaos engineering to cloud security and leverages feedback loops to execute, monitor, analyze and plan security fault injection campaigns, based on a knowledge-base. The knowledge-base consists of fault models designed from secure baselines, cloud security best practices and observations derived during iterative fault injection campaigns. These observations are helpful for identifying vulnerabilities while verifying the correctness of security attributes (integrity, confidentiality and availability). Furthermore, RDFI proactively supports risk analysis and security hardening efforts by sharing security information with security mechanisms. We have designed and implemented the RDFI strategies including various chaos engineering algorithms as a software tool: CloudStrike. Several evaluations have been conducted with CloudStrike against infrastructure deployed on two major public cloud infrastructure: Amazon Web Services and Google Cloud Platform. The time performance linearly increases, proportional to increasing attack rates. Also, the analysis of vulnerabilities detected via security fault injection has been used to harden the security of cloud resources to demonstrate the effectiveness of the security information provided by CloudStrike. Therefore, we opine that our approaches are suitable for overcoming contemporary cloud security issues.},
  language  = {en}
}
@misc{GawronChengMeinel2017,
  author    = {Gawron, Marian and Cheng, Feng and Meinel, Christoph},
  title     = {PVD: Passive Vulnerability Detection},
  series = {8th International Conference on Information and Communication Systems (ICICS)},
  journal   = {8th International Conference on Information and Communication Systems (ICICS)},
  publisher = {IEEE},
  address   = {New York},
  isbn      = {978-1-5090-4243-2},
  issn      = {2471-125X},
  doi       = {10.1109/IACS.2017.7921992},
  pages     = {322 -- 327},
  year      = {2017},
  abstract  = {The identification of vulnerabilities relies on detailed information about the target infrastructure. The gathering of the necessary information is a crucial step that requires an intensive scanning or mature expertise and knowledge about the system even though the information was already available in a different context. In this paper we propose a new method to detect vulnerabilities that reuses the existing information and eliminates the necessity of a comprehensive scan of the target system. Since our approach is able to identify vulnerabilities without the additional effort of a scan, we are able to increase the overall performance of the detection. Because of the reuse and the removal of the active testing procedures, our approach could be classified as a passive vulnerability detection. We will explain the approach and illustrate the additional possibility to increase the security awareness of users. Therefore, we applied the approach on an experimental setup and extracted security relevant information from web logs.},
  language  = {en}
}
@misc{TorkuraSukmanaChengetal.2017,
  author    = {Torkura, Kennedy A. and Sukmana, Muhammad Ihsan Haikal and Cheng, Feng and Meinel, Christoph},
  title     = {Leveraging cloud native design patterns for security-as-a-service applications},
  series = {IEEE International Conference on Smart Cloud (SmartCloud)},
  journal   = {IEEE International Conference on Smart Cloud (SmartCloud)},
  publisher = {Institute of Electrical and Electronics Engineers},
  address   = {New York},
  isbn      = {978-1-5386-3684-8},
  doi       = {10.1109/SmartCloud.2017.21},
  pages     = {90 -- 97},
  year      = {2017},
  abstract  = {This paper discusses a new approach for designing and deploying Security-as-a-Service (SecaaS) applications using cloud native design patterns. Current SecaaS approaches do not efficiently handle the increasing threats to computer systems and applications. For example, requests for security assessments drastically increase after a high-risk security vulnerability is disclosed. In such scenarios, SecaaS applications are unable to dynamically scale to serve requests. A root cause of this challenge is employment of architectures not specifically fitted to cloud environments. Cloud native design patterns resolve this challenge by enabling certain properties e.g. massive scalability and resiliency via the combination of microservice patterns and cloud-focused design patterns. However adopting these patterns is a complex process, during which several security issues are introduced. In this work, we investigate these security issues, we redesign and deploy a monolithic SecaaS application using cloud native design patterns while considering appropriate, layered security counter-measures i.e. at the application and cloud networking layer. Our prototype implementation out-performs traditional, monolithic applications with an average Scanner Time of 6 minutes, without compromising security. Our approach can be employed for designing secure, scalable and performant SecaaS applications that effectively handle unexpected increase in security assessment requests.},
  language  = {en}
}
@article{SapeginJaegerChengetal.2017,
  author    = {Sapegin, Andrey and Jaeger, David and Cheng, Feng and Meinel, Christoph},
  title     = {Towards a system for complex analysis of security events in large-scale networks},
  series = {Computers \& security : the international journal devoted to the study of the technical and managerial aspects of computer security},
  volume    = {67},
  journal   = {Computers \& security : the international journal devoted to the study of the technical and managerial aspects of computer security},
  publisher = {Elsevier Science},
  address   = {Oxford},
  issn      = {0167-4048},
  doi       = {10.1016/j.cose.2017.02.001},
  pages     = {16 -- 34},
  year      = {2017},
  abstract  = {After almost two decades of development, modern Security Information and Event Management (SIEM) systems still face issues with normalisation of heterogeneous data sources, high number of false positive alerts and long analysis times, especially in large-scale networks with high volumes of security events. In this paper, we present our own prototype of SIEM system, which is capable of dealing with these issues. For efficient data processing, our system employs in-memory data storage (SAP HANA) and our own technologies from the previous work, such as the Object Log Format (OLF) and high-speed event normalisation. We analyse normalised data using a combination of three different approaches for security analysis: misuse detection, query-based analytics, and anomaly detection. Compared to the previous work, we have significantly improved our unsupervised anomaly detection algorithms. Most importantly, we have developed a novel hybrid outlier detection algorithm that returns ranked clusters of anomalies. It lets an operator of a SIEM system to concentrate on the several top-ranked anomalies, instead of digging through an unsorted bundle of suspicious events. We propose to use anomaly detection in a combination with signatures and queries, applied on the same data, rather than as a full replacement for misuse detection. In this case, the majority of attacks will be captured with misuse detection, whereas anomaly detection will highlight previously unknown behaviour or attacks. We also propose that only the most suspicious event clusters need to be checked by an operator, whereas other anomalies, including false positive alerts, do not need to be explicitly checked if they have a lower ranking. We have proved our concepts and algorithms on a dataset of 160 million events from a network segment of a big multinational company and suggest that our approach and methods are highly relevant for modern SIEM systems.},
  language  = {en}
}
@article{AzodiChengMeinel2015,
  author    = {Azodi, Amir and Cheng, Feng and Meinel, Christoph},
  title     = {Event Driven Network Topology Discovery and Inventory Listing Using REAMS},
  series = {Wireless personal communications : an international journal},
  volume    = {94},
  journal   = {Wireless personal communications : an international journal},
  publisher = {Springer},
  address   = {New York},
  issn      = {0929-6212},
  doi       = {10.1007/s11277-015-3061-3},
  pages     = {415 -- 430},
  year      = {2015},
  abstract  = {Network Topology Discovery and Inventory Listing are two of the primary features of modern network monitoring systems (NMS). Current NMSs rely heavily on active scanning techniques for discovering and mapping network information. Although this approach works, it introduces some major drawbacks such as the performance impact it can exact, specially in larger network environments. As a consequence, scans are often run less frequently which can result in stale information being presented and used by the network monitoring system. Alternatively, some NMSs rely on their agents being deployed on the hosts they monitor. In this article, we present a new approach to Network Topology Discovery and Network Inventory Listing using only passive monitoring and scanning techniques. The proposed techniques rely solely on the event logs produced by the hosts and network devices present within a network. Finally, we discuss some of the advantages and disadvantages of our approach.},
  language  = {en}
}
@misc{GawronChengMeinel2018,
  author    = {Gawron, Marian and Cheng, Feng and Meinel, Christoph},
  title     = {Automatic vulnerability classification using machine learning},
  series = {Risks and Security of Internet and Systems},
  journal   = {Risks and Security of Internet and Systems},
  publisher = {Springer},
  address   = {Cham},
  isbn      = {978-3-319-76687-4},
  issn      = {0302-9743},
  doi       = {10.1007/978-3-319-76687-4_1},
  pages     = {3 -- 17},
  year      = {2018},
  abstract  = {The classification of vulnerabilities is a fundamental step to derive formal attributes that allow a deeper analysis. Therefore, it is required that this classification has to be performed timely and accurate. Since the current situation demands a manual interaction in the classification process, the timely processing becomes a serious issue. Thus, we propose an automated alternative to the manual classification, because the amount of identified vulnerabilities per day cannot be processed manually anymore. We implemented two different approaches that are able to automatically classify vulnerabilities based on the vulnerability description. We evaluated our approaches, which use Neural Networks and the Naive Bayes methods respectively, on the base of publicly known vulnerabilities.},
  language  = {en}
}
@misc{TorkuraSukmanaMeinigetal.2018,
  author    = {Torkura, Kennedy A. and Sukmana, Muhammad Ihsan Haikal and Meinig, Michael and Kayem, Anne V. D. M. and Cheng, Feng and Meinel, Christoph and Graupner, Hendrik},
  title     = {Securing cloud storage brokerage systems through threat models},
  series = {Proceedings IEEE 32nd International Conference on Advanced Information Networking and Applications (AINA)},
  journal   = {Proceedings IEEE 32nd International Conference on Advanced Information Networking and Applications (AINA)},
  publisher = {IEEE},
  address   = {New York},
  isbn      = {978-1-5386-2195-0},
  issn      = {1550-445X},
  doi       = {10.1109/AINA.2018.00114},
  pages     = {759 -- 768},
  year      = {2018},
  abstract  = {Cloud storage brokerage is an abstraction aimed at providing value-added services. However, Cloud Service Brokers are challenged by several security issues including enlarged attack surfaces due to integration of disparate components and API interoperability issues. Therefore, appropriate security risk assessment methods are required to identify and evaluate these security issues, and examine the efficiency of countermeasures. A possible approach for satisfying these requirements is employment of threat modeling concepts, which have been successfully applied in traditional paradigms. In this work, we employ threat models including attack trees, attack graphs and Data Flow Diagrams against a Cloud Service Broker (CloudRAID) and analyze these security threats and risks. Furthermore, we propose an innovative technique for combining Common Vulnerability Scoring System (CVSS) and Common Configuration Scoring System (CCSS) base scores in probabilistic attack graphs to cater for configuration-based vulnerabilities which are typically leveraged for attacking cloud storage systems. This approach is necessary since existing schemes do not provide sufficient security metrics, which are imperatives for comprehensive risk assessments. We demonstrate the efficiency of our proposal by devising CCSS base scores for two common attacks against cloud storage: Cloud Storage Enumeration Attack and Cloud Storage Exploitation Attack. These metrics are then used in Attack Graph Metric-based risk assessment. Our experimental evaluation shows that our approach caters for the aforementioned gaps and provides efficient security hardening options. Therefore, our proposals can be employed to improve cloud security.},
  language  = {en}
}