DecADe

Decentralized Anomaly Detection

Description

Today's IT systems used by corporations are characterized by a steadily growing number of computers and other devices. Furthermore, virtually all devices are connected via networks. Lastly, the complexity of dependencies between computers and services is growing. The named reasons make it difficult to understand, protect and maintain the functionality of computer networks already today.

An additional difficulty is that today's IT systems cannot be shielded anymore from the outside world. One important reason is the spatial expansion of many computer networks which might lead to physically exposed hosts that might be compromized by adversaries. Another reason is the amount of interaction between entities within the (secure and trusted) own IT system and other (hazardous and untrusted) entities located in the outside world.

To reduce operational costs, networks and computers are consolidated today using various types of virtualization technologies, for instance hardware or network virtualization (VLAN, VPN, SDN, etc.). Formerly physically separated machines and networks are now isolated from each other by a thin layer of software that abstracts over the hardware. If the security offered by the virtualization layer fails, the security of the entire IT system can be weakened, as attacks can spread more easily between components.

The changes listed above can even be witnessed even in the very security critical main scenarios addressed by the DecADe project: IT systems found in airplanes and automobiles.

In the project we focus on solutions for permanent and comprehensive monitoring of the IT system, early detection of attacks, and a concise assessment of the current threat level of the entire IT system. The project understands the growing amount of devices and connectivity not only as a problem but also as a chance that only needs to be used in order to increase the security level of the IT system. The projects main idea is that components of the IT system with free capacity (CPU, memory, bandwidth, etc.) shall be leveraged to monitor the behavior of other components in order to find anomalies in the entire IT system.

Partners:

  • Airbus Group Innovations
  • Audi Electronic Ventures GmbH (Assoziiert)
  • AVL Software & Functions GmbH
  • b-plus GmbH
  • Technische Hochschule Deggendorf
  • Universität Bremen

Related publications

2017-07-01 Nadine Herold, Matthias Wachs, Marko Dorfhuber, Christoph Rudolf, Stefan Liebald, Georg Carle, “Achieving reproducible network environments with INSALATA,” in 11th International Conference on Autonomous Infrastructure, Management and Security (AIMS’2017), Best Paper Award, Zurich, Switzerland, Jul. 2017. [Pdf] [Slides] [Bib]
2017-06-01 Marcel von Maltitz, Cornelius Diekmann, Georg Carle, “Privacy Assessment using Static Taint Analysis (Tool Paper),” in FORTE – 37th IFIP International Conference on Formal Techniques for Distributed Objects, Components and Systems, Neuchatel, Switzerland, Jun. 2017. [Url] [Preprint] [Slides] [Sourcecode] [Rawdata] [Extended version] [DOI] [Bib]
2016-11-01 Marcel von Maltitz, Cornelius Diekmann, Georg Carle, “Taint Analysis for System-Wide Privacy Audits: A Framework and Real-World Case Studies.” 1st Workshop for Formal Methods on Privacy, Nov-2016. workshop without proceedings [Preprint] [Sourcecode] [Rawdata] [Bib]

Finished student theses

Author Title Type Advisors Links
Marko Dorfhuber Information Collection for Temporal Variation Analysis on Networks BA Nadine Herold, Matthias Wachs, Stefan Liebald
Christoph Rudolf Automated Planning, Setup and Configuration for Scientific Testbed Environments BA Nadine Herold, Matthias Wachs, Stefan Liebald

Open and running student theses

Author Title Type Advisors Links
Manuel Ehler Distributed Self-Learning Detection of Advanced Persistent Threats MA Dr. Holger Kinkelin, Stefan Liebald, Marcel von Maltitz Pdf
Valentin Hauner Trustworthy Configuration Management for Networked Elements MA Dr. Holger Kinkelin, Dr. Heiko Niedermayer Pdf
Stefanos Georgiou A Trustworthy Distribution and Logging Mechanism for the 3D Printing Supply Chain based on Blockchain-Technology MA Dr. Holger Kinkelin, Sree Harsha Totakura, Dr. Heiko Niedermayer
Benedict Drechsler Federated Identity and Transaction Management over Blockchain BA Dr. Heiko Niedermayer, Dr.Holger Kinkelin Pdf
Jan Felix Hoops Federated Identity and Transaction Management over Blockchain II BA Dr. Heiko Niedermayer, Dr.Holger Kinkelin Pdf
Max Tettenborn A Usable and Expressive Schema for Access Control MA Dr.Holger Kinkelin, Marcel von Maltitz
Dominik Bitzer Secure and Controlled Querying of Sensor Data MA Marcel von Maltitz, Dr. Holger Kinkelin Pdf
open Distributed Detection of SomeIP Anomalies MA Dr. Holger Kinkelin, Stefan Liebald, Marcel von Maltitz Pdf