@book{MeinelWillemsRoschkeetal.2011,
  author    = {Meinel, Christoph and Willems, Christian and Roschke, Sebastian and Schnjakin, Maxim},
  title     = {Virtualisierung und Cloud Computing : Konzepte, Technologiestudie, Markt{\"u}bersicht},
  isbn      = {978-3-86956-113-4},
  url       = {http://nbn-resolving.de/urn:nbn:de:kobv:517-opus-49708},
  publisher      = {Universit{\"a}t Potsdam},
  year      = {2011},
  abstract  = {Virtualisierung und Cloud Computing geh{\"o}ren derzeit zu den wichtigsten Schlagworten f{\"u}r Betreiber von IT Infrastrukturen. Es gibt eine Vielzahl unterschiedlicher Technologien, Produkte und Gesch{\"a}ftsmodelle f{\"u}r vollkommen verschiedene Anwendungsszenarien. Die vorliegende Studie gibt zun{\"a}chst einen detaillierten {\"U}berblick {\"u}ber aktuelle Entwicklungen in Konzepten und Technologien der Virtualisierungstechnologie - von klassischer Servervirtualisierung {\"u}ber Infrastrukturen f{\"u}r virtuelle Arbeitspl{\"a}tze bis zur Anwendungsvirtualisierung und macht den Versuch einer Klassifikation der Virtualisierungsvarianten. Bei der Betrachtung des Cloud Computing-Konzepts werden deren Grundz{\"u}ge sowie verschiedene Architekturvarianten und Anwendungsf{\"a}lle eingef{\"u}hrt. Die ausf{\"u}hrliche Untersuchung von Vorteilen des Cloud Computing sowie m{\"o}glicher Bedenken, die bei der Nutzung von Cloud-Ressourcen im Unternehmen beachtet werden m{\"u}ssen, zeigt, dass Cloud Computing zwar große Chancen bietet, aber nicht f{\"u}r jede Anwendung und nicht f{\"u}r jeden rechtlichen und wirtschaftlichen Rahmen in Frage kommt.. Die anschließende Markt{\"u}bersicht f{\"u}r Virtualisierungstechnologie zeigt, dass die großen Hersteller - Citrix, Microsoft und VMware - jeweils Produkte f{\"u}r fast alle Virtualisierungsvarianten anbieten und hebt entscheidende Unterschiede bzw. die St{\"a}rken der jeweiligen Anbieter heraus. So ist beispielsweise die L{\"o}sung von Citrix f{\"u}r Virtual Desktop Infrastructures sehr ausgereift, w{\"a}hrend Microsoft hier nur auf Standardtechnologie zur{\"u}ckgreifen kann. VMware hat als Marktf{\"u}hrer die gr{\"o}ßte Verbreitung in Rechenzentren gefunden und bietet als einziger Hersteller echte Fehlertoleranz. Microsoft hingegen punktet mit der nahtlosen Integration ihrer Virtualisierungsprodukte in bestehende Windows-Infrastrukturen. Im Bereich der Cloud Computing-Systeme zeigen sich einige quelloffene Softwareprojekte, die durchaus f{\"u}r den produktiven Betrieb von sogenannten privaten Clouds geeignet sind.},
  language  = {de}
}
@phdthesis{Roschke2011,
  author    = {Roschke, Sebastian},
  title     = {Towards high quality security event correlation using in-memory and multi-core processing},
  address   = {Potsdam},
  pages     = {131 S.},
  year      = {2011},
  language  = {en}
}
@article{RoschkeChengMeinel2013,
  author    = {Roschke, Sebastian and Cheng, Feng and Meinel, Christoph},
  title     = {High-quality attack graph-based IDS correlation},
  series = {Logic journal of the IGPL},
  volume    = {21},
  journal   = {Logic journal of the IGPL},
  number    = {4},
  publisher = {Oxford Univ. Press},
  address   = {Oxford},
  issn      = {1367-0751},
  doi       = {10.1093/jigpal/jzs034},
  pages     = {571 -- 591},
  year      = {2013},
  abstract  = {Intrusion Detection Systems are widely deployed in computer networks. As modern attacks are getting more sophisticated and the number of sensors and network nodes grow, the problem of false positives and alert analysis becomes more difficult to solve. Alert correlation was proposed to analyse alerts and to decrease false positives. Knowledge about the target system or environment is usually necessary for efficient alert correlation. For representing the environment information as well as potential exploits, the existing vulnerabilities and their Attack Graph (AG) is used. It is useful for networks to generate an AG and to organize certain vulnerabilities in a reasonable way. In this article, a correlation algorithm based on AGs is designed that is capable of detecting multiple attack scenarios for forensic analysis. It can be parameterized to adjust the robustness and accuracy. A formal model of the algorithm is presented and an implementation is tested to analyse the different parameters on a real set of alerts from a local network. To improve the speed of the algorithm, a multi-core version is proposed and a HMM-supported version can be used to further improve the quality. The parallel implementation is tested on a multi-core correlation platform, using CPUs and GPUs.},
  language  = {en}
}
@article{RoschkeChengMeinel2012,
  author    = {Roschke, Sebastian and Cheng, Feng and Meinel, Christoph},
  title     = {An alert correlation platform for memory-supported techniques},
  series = {Concurrency and computation : practice \& experience},
  volume    = {24},
  journal   = {Concurrency and computation : practice \& experience},
  number    = {10},
  publisher = {Wiley-Blackwell},
  address   = {Hoboken},
  issn      = {1532-0626},
  doi       = {10.1002/cpe.1750},
  pages     = {1123 -- 1136},
  year      = {2012},
  abstract  = {Intrusion Detection Systems (IDS) have been widely deployed in practice for detecting malicious behavior on network communication and hosts. False-positive alerts are a popular problem for most IDS approaches. The solution to address this problem is to enhance the detection process by correlation and clustering of alerts. To meet the practical requirements, this process needs to be finished fast, which is a challenging task as the amount of alerts in large-scale IDS deployments is significantly high. We identifytextitdata storage and processing algorithms to be the most important factors influencing the performance of clustering and correlation. We propose and implement a highly efficient alert correlation platform. For storage, a column-based database, an In-Memory alert storage, and memory-based index tables lead to significant improvements of the performance. For processing, algorithms are designed and implemented which are optimized for In-Memory databases, e.g. an attack graph-based correlation algorithm. The platform can be distributed over multiple processing units to share memory and processing power. A standardized interface is designed to provide a unified view of result reports for end users. The efficiency of the platform is tested by practical experiments with several alert storage approaches, multiple algorithms, as well as a local and a distributed deployment.},
  language  = {en}
}