Have any questions?
+44 1234 567 890
Intrusion detection via multi-dimensional analysis of security data streams
The processes employed by modern businesses, and consequently their economic success, increasingly hinge upon IT-systems, which in turn are increasingly hard to defend against security risks. On the one hand high interconnectivity grants suppliers with the opportunity to implement more efficient process chains, on the other it introduces complex dependencies and new attack vectors. Meanwhile, the last decade has seen the rise of highly organized, professional, financially motivated attackers, threatening businesses with a multitude of criminal methods.
Furthermore, the growing integration of classic information technology (IT) and operational technology (OT) creates risks of its own. These call for an increased emphasis on logging and monitoring, in addition to classic methods like firewalls and malware protection, as businesses need to assume that
1. adversaries will bypass perimeter protection and that
2. deployed malware may not be detected.
Any intrusion can only be detected through unusual behaviour of systems or applications, as well as anomalous network communication. Detecting these anomalies usually requires the aggregation of data stemming from different systems in a centralized system for correlation and analysis. This gives rise to new challenges due to the large volume of data involved. Furthermore, the development of algorithms performing the analysis is hindered by the poor availability of concurrent annotated datasets required to train and evaluate them.
In today’s IT landscape multiple tools are already being used to detect attacks, weaknesses and undesired behaviour in computer systems and networks. Signature-based methods search for the occurrence of predefined negative behaviour. Anomaly-based methods, however, build a model of normal behaviour in order to find irregularities in new data. These irregularities tend to correspond to unwanted behaviour. The structure of the data, like attributes, metrics and aggregations, from which this model is built, needs to be defined a priori. This is problematic, since it limits the analysis to finding only the anomalies that are visible in that exact structure, while missing others.
This is why the objective of this project is to develop advanced concepts for automatic aggregation and analysis of network data related to information security. In addition to covering all possible data structures to detect a variety of anomalies, automatic aggregation directly yields the view of the data that best displays anomalies. As the aggregations are generated automatically, the configuration of the system is simplified.
One of the major concerns when constructing these concepts will be efficiency, since regular hardware needs to be sufficient for supporting the resulting system. Horizontal scalability will enable the system to grow alongside an expanding IT infrastructure. Another concern is the presentation of results, which is of increased importance in automated systems. On the one hand, the results and any information explaining their classification needs to be shared with other Monitoring- and SIEM-Systems (Security and Information Management) in a structured format (Indicator of Compromise). On the other, they need to be communicated to human Security Analysts, who perform manual analysis and need to react to malicious behaviour. This necessitates proper visualization of all relevant information.
Open Source. Open Solutions. Open Strategies. The mission of the Bremen-based IT system integrator and software house is to provide, optimize, secure and support innovative open source software solutions. Among the main priorities are security applications and monitoring systems, which can be implemented and continuously developed in customer centred projects using various products (SIEM systems, IDS, firewalls, VPN, Nagios, etc.). In addition to providing consulting, system management and software development, research projects are conducted in association with both national and international partners.
rt-solutions.de GmbH is a consulting firm which was founded in 2000 by scientists and entrepreneurs with the goal of realising performant and secure IT processes and infrastructures as a basis for effective business processes. rt-solutions.de provides consulting to leading international businesses in all questions regarding information security and data privacy. The core business of the firm are developing and operating security management systems and technological security measures, as well as auditing complex IT environments and conducting forensic investigations to analyse and solve security breaches.
The research group Trust@HsH has been operating in the areas of trusted computing, network security and mobile security since 2006. Various BMBF-funded research projects were conducted within these areas, like tNAC, ESUKOM, VisITMeta and SIMU. Members of the research group present their results on national and international conferences and workshops, while also actively participating as liaison members in the specification processes of the Trusted Computing Group, a worldwide consortium of major IT companies ans research institutions, with the purpose of introducing internationally recognized standards in the area of IT security.
The Plate Büromaterial Vertreibs GmbH consists of an association of companies, located in Bremerhaven, Isernhagen, Brandenburg, Magdeburg, Dessau, Leipzig, Duisburg, Hamburg, Düsseldorf, Freiburg, Ratingen and Gütersloh. Today the group employs over 300 people and sells about 100 mio. EUR worth of “everything good for the office” annually.
The sewage company hanseWasser Bremen GmbH of about 400 employees operates the 2,300 kilometre long sewer network beneath Bremen, while securing a cost effective and environmentally sensitive purification process in two water treatment plants, located in Seehausen and Farge, for about 50 mio. Cubic metres of sewage per year from Bremen, neighbouring communities, as well as industrial and business customers.
News from the GLACIER project
Conference entries and presentations
Project meetings, telephone conferences and other important dates
|09.03.2020||Bremen||Telephone conference with the partners regarding the work on AP1 and AP2|
|05.03.2020||Hannover||Developer workshop at the University of Applied Sciences in Hannover|
|19.02.2020||Bremen||Fourth project meeting at DECOIT GmbH in Bremen|
|14.02.2020||Bremen||Developer telephone conference with the partners regarding the anomalie detection|
|10.02.2020||Bremen||Telephone conference with the partners regarding the work on AP1 and AP2|
|27.01.2020||Bremen||Telephone conference with the partners regarding the work on AP1 and AP2|
|21.01.2020||Bremen||Developer telephone conference with the partners regarding the anomalie detection|
|20.01.2020||Bremen||Developer telephone conference with the partners regarding the Docker development|
|13.01.2020||Bremen||Telephone conference with the partners regarding the work on AP1 and AP2|
|09.01.2020||Bremen||Docker workshop with rt-solutions|
|16.12.2019||Bremen||Telephone conference with the partners regarding the work on AP1|
|05.12.2019||Bremen||Telephone conference with the partners regarding the development of agents|
|02.12.2019||Bremen||Telephone conference with the partners regarding the work on AP0 and AP1|
|14.11.2019||Cologne||Third project meeting at rt-solutions in Cologne|
|04.11.2019||Bremen||Telephone conference with the partners regarding the work on AP0 and AP1|
|21.10.2019||Bremen||Telephone conference with the partners regarding the work on the AP0-reports|
|07.10.2019||Bremen||Telephone conference with the partners regarding the work on the AP0-reports|
|23.09.2019||Bremen||Telephone conference with the partners regarding the work on the AP0-reports|
|09.09.2019||Bremen||Telephone conference with the partners regarding the work on the AP0-reports|
|26.08.2019||Bremen||Telephone conference with the partners regarding the work on the AP0-reports|
|19.08.2019||Bremen||Telephone conference with the partners regarding the work on the AP0-reports|
|12.08.2019||Bremen||Telephone conference with the developers regarding the high-level architecture|
|12.08.2019||Bremen||Telephone conference with the partners regarding the work on AP0 and AP1|
|30.07.2019||Hannover||Second project meeting in Hannover|
|15.07.2019||Bremen||Telephone conference with the partners regarding the work on the AP0-reports|
|01.07.2019||Bremen||Telephone conference with the partners regarding the work on the AP0-reports|
|17.06.2019||Bremen||Telephone conference with the partners regarding the work on the AP0-reports|
|27.05.2019||Bremen||Telephone conference with the partners regarding the work on the AP0-reports|
|26.05.2019||Bremen||Workshop at the associated partner hanseWasser|
|21.05.2019||Bremen||Open Source Business Day at the Bremen Chamber of Commerce|
|13.05.2019||Bremen||Telephone conference with the partners regarding the work on the AP0-reports|
|29.04.2019||Bremen||Telephone conference with the partners regarding the work on the AP0-reports|
|15.04.2019||Bremen||Telephone conference with the partners regarding the work on the AP0-reports|
|04.04.2019||Bremen||Kick-off meeting at DECOIT® GmbH|
|01.04.2019||Bremen||Official BMWi start date for the GLACIER project|