Support

Lorem ipsum dolor sit amet:

24h / 365days

We offer support for our customers

Mon - Fri 8:00am - 5:00pm (GMT +1)

Get in touch

Cybersteel Inc.
376-293 City Road, Suite 600
San Francisco, CA 94102

Have any questions?
+44 1234 567 890

Drop us a line
info@yourdomain.com

About us

Lorem ipsum dolor sit amet, consectetuer adipiscing elit.

Aenean commodo ligula eget dolor. Aenean massa. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Donec quam felis, ultricies nec.

PROJECT

Intrusion detection via multi-dimensional analysis of security data streams

The processes employed by modern businesses, and consequently their economic success, increasingly hinge upon IT-systems, which in turn are increasingly hard to defend against security risks. On the one hand high interconnectivity grants suppliers with the opportunity to implement more efficient process chains, on the other it introduces complex dependencies and new attack vectors. Meanwhile, the last decade has seen the rise of highly organized, professional, financially motivated attackers, threatening businesses with a multitude of criminal methods.

Furthermore, the growing integration of classic information technology (IT) and operational technology (OT) creates risks of its own. These call for an increased emphasis on logging and monitoring, in addition to classic methods like firewalls and malware protection, as businesses need to assume that

1. adversaries will bypass perimeter protection and that

2. deployed malware may not be detected.

Any intrusion can only be detected through unusual behaviour of systems or applications, as well as anomalous network communication. Detecting these anomalies usually requires the aggregation of data stemming from different systems in a centralized system for correlation and analysis. This gives rise to new challenges due to the large volume of data involved. Furthermore, the development of algorithms performing the analysis is hindered by the poor availability of concurrent annotated datasets required to train and evaluate them.

In today’s IT landscape multiple tools are already being used to detect attacks, weaknesses and undesired behaviour in computer systems and networks. Signature-based methods search for the occurrence of predefined negative behaviour. Anomaly-based methods, however, build a model of normal behaviour in order to find irregularities in new data. These irregularities tend to correspond to unwanted behaviour. The structure of the data, like attributes, metrics and aggregations, from which this model is built, needs to be defined a priori. This is problematic, since it limits the analysis to finding only the anomalies that are visible in that exact structure, while missing others.

This is why the objective of this project is to develop advanced concepts for automatic aggregation and analysis of network data related to information security. In addition to covering all possible data structures to detect a variety of anomalies, automatic aggregation directly yields the view of the data that best displays anomalies. As the aggregations are generated automatically, the configuration of the system is simplified.

One of the major concerns when constructing these concepts will be efficiency, since regular hardware needs to be sufficient for supporting the resulting system. Horizontal scalability will enable the system to grow alongside an expanding IT infrastructure. Another concern is the presentation of results, which is of increased importance in automated systems. On the one hand, the results and any information explaining their classification needs to be shared with other Monitoring- and SIEM-Systems (Security and Information Management) in a structured format (Indicator of Compromise). On the other, they need to be communicated to human Security Analysts, who perform manual analysis and need to react to malicious behaviour. This necessitates proper visualization of all relevant information.

Project Partners

Open Source. Open Solutions. Open Strategies. The mission of the Bremen-based IT system integrator and software house is to provide, optimize, secure and support innovative open source software solutions. Among the main priorities are security applications and monitoring systems, which can be implemented and continuously developed in customer centred projects using various products (SIEM systems, IDS, firewalls, VPN, Nagios, etc.). In addition to providing consulting, system management and software development, research projects are conducted in association with both national and international partners.

rt-solutions.de GmbH is a consulting firm which was founded in 2000 by scientists and entrepreneurs with the goal of realising performant and secure IT processes and infrastructures as a basis for effective business processes. rt-solutions.de provides consulting to leading international businesses in all questions regarding information security and data privacy. The core business of the firm are developing and operating security management systems and technological security measures, as well as auditing complex IT environments and conducting forensic investigations to analyse and solve security breaches.

The research group Trust@HsH has been operating in the areas of trusted computing, network security and mobile security since 2006. Various BMBF-funded research projects were conducted within these areas, like tNAC, ESUKOM, VisITMeta and SIMU. Members of the research group present their results on national and international conferences and workshops, while also actively participating as liaison members in the specification processes of the Trusted Computing Group, a worldwide consortium of major IT companies ans research institutions, with the purpose of introducing internationally recognized standards in the area of IT security.

Associated Partners

Plate Büromaterial Vertriebs GmbH

The Plate Büromaterial Vertreibs GmbH consists of an association of companies, located in Bremerhaven, Isernhagen, Brandenburg, Magdeburg, Dessau, Leipzig, Duisburg, Hamburg, Düsseldorf, Freiburg, Ratingen and Gütersloh. Today the group employs over 300 people and sells about 100 mio. EUR worth of “everything good for the office” annually.

hanseWasser Bremen GmbH

The sewage company hanseWasser Bremen GmbH of about 400 employees operates the 2,300 kilometre long sewer network beneath Bremen, while securing a cost effective and environmentally sensitive purification process in two water treatment plants, located in Seehausen and Farge, for about 50 mio. Cubic metres of sewage per year from Bremen, neighbouring communities, as well as industrial and business customers.

Conference entries and presentations

Project meetings, telephone conferences and other important dates

21.10.19 Bremen Telephone conference with the partners regarding the work on the AP0-reports
07.10.19 Bremen Telephone conference with the partners regarding the work on the AP0-reports
23.09.19 Bremen Telephone conference with the partners regarding the work on the AP0-reports
09.09.19 Bremen Telephone conference with the partners regarding the work on the AP0-reports
26.08.19 Bremen Telephone conference with the partners regarding the work on the AP0-reports
19.08.19 Bremen Telephone conference with the partners regarding the work on the AP0-reports
12.08.19 Bremen Telephone conference with the developers regarding the high-level architecture
12.08.19 Bremen Telephone conference with the partners regarding the work on AP0 and AP1
30.07.2019 Hannover Second project meeting in Hannover
15.07.2019 Bremen Telephone conference with the partners regarding the work on the AP0-reports
01.07.2019 Bremen Telephone conference with the partners regarding the work on the AP0-reports
17.06.2019 Bremen Telephone conference with the partners regarding the work on the AP0-reports
27.05.2019 Bremen Telephone conference with the partners regarding the work on the AP0-reports
26.05.2019 Bremen Workshop at the associated partner hanseWasser
21.05.2019 Bremen Open Source Business Day at the Bremen Chamber of Commerce
13.05.2019 Bremen Telephone conference with the partners regarding the work on the AP0-reports
29.04.2019 Bremen Telephone conference with the partners regarding the work on the AP0-reports
15.04.2019 Bremen Telephone conference with the partners regarding the work on the AP0-reports
04.04.2019 Bremen Kick-off meeting at DECOIT® GmbH
01.04.2019 Bremen Official BMWi start date for the GLACIER project

Do you have questions regarding our product?

Pflichtfelder sind mit einem * gekennzeichnet.

Funded through:

BMBF
Copyright 2019 GLACIER--Konsortium 2019. All Rights Reserved.
It will load necessary cookies, Google Fonts, Google Maps, OpenStreetMap, Youtube and Google Analytics. More details in our privacy policy and our imprint.