Search Results

Documents authored by Vogel, Michael


Document
Efficient Distributed Intrusion Detection applying Multi Step Signatures

Authors: Michael Vogel and Sebastian Schmerl

Published in: OASIcs, Volume 17, 17th GI/ITG Conference on Communication in Distributed Systems (KiVS 2011)


Abstract
Intrusion Detection Systems (IDS) offer valuable measures to cope with today’s attacks on computers and networks. But the increasing performance of networks and end systems and the growing complexity of IT systems lead to rapidly growing volumes of observation data and large signature bases. Therefore, IDS are forced to drop observations in high load situations offering chances to attackers to act undetectable. We introduce an efficient dynamically adaptable, distributed approach for a multi-step signature based IDS. Finally, we discuss initial performance evaluations of a prototype implementation and motivate future work scopes.

Cite as

Michael Vogel and Sebastian Schmerl. Efficient Distributed Intrusion Detection applying Multi Step Signatures. In 17th GI/ITG Conference on Communication in Distributed Systems (KiVS 2011). Open Access Series in Informatics (OASIcs), Volume 17, pp. 188-193, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2011)


Copy BibTex To Clipboard

@InProceedings{vogel_et_al:OASIcs.KiVS.2011.188,
  author =	{Vogel, Michael and Schmerl, Sebastian},
  title =	{{Efficient Distributed Intrusion Detection applying Multi Step Signatures}},
  booktitle =	{17th GI/ITG Conference on Communication in Distributed Systems (KiVS 2011)},
  pages =	{188--193},
  series =	{Open Access Series in Informatics (OASIcs)},
  ISBN =	{978-3-939897-27-9},
  ISSN =	{2190-6807},
  year =	{2011},
  volume =	{17},
  editor =	{Luttenberger, Norbert and Peters, Hagen},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/entities/document/10.4230/OASIcs.KiVS.2011.188},
  URN =		{urn:nbn:de:0030-drops-29716},
  doi =		{10.4230/OASIcs.KiVS.2011.188},
  annote =	{Keywords: Computer Security, Distributed Intrusion Detection, Attack Signatures}
}
Document
2. 08102 Working Group – Early Warning Systems

Authors: Joachim Biskup, Bernhard Hämmerli, Michael Meier, Sebastian Schmerl, Jens Tölle, and Michael Vogel

Published in: Dagstuhl Seminar Proceedings, Volume 8102, Perspectives Workshop: Network Attack Detection and Defense (2008)


Abstract
Early Warning Systems aim at detecting unclassified but potentially harmful sys-tem behavior based on preliminary indications and are complementary to Intrusion Detection Systems. Both kinds of systems try to detect, identify and react before pos-sible damage occurs and contribute to an integrated and aggregated situation report (big picture). A particular emphasis of Early Warning Systems is to establish hypotheses and predictions as well as to generate advises in still not completely understood situations. Thus the term early has two meanings, a) to start early in time aiming to minimize damage, and b) to process uncertain and incomplete information.

Cite as

Joachim Biskup, Bernhard Hämmerli, Michael Meier, Sebastian Schmerl, Jens Tölle, and Michael Vogel. 2. 08102 Working Group – Early Warning Systems. In Perspectives Workshop: Network Attack Detection and Defense. Dagstuhl Seminar Proceedings, Volume 8102, pp. 1-2, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2008)


Copy BibTex To Clipboard

@InProceedings{biskup_et_al:DagSemProc.08102.2,
  author =	{Biskup, Joachim and H\"{a}mmerli, Bernhard and Meier, Michael and Schmerl, Sebastian and T\"{o}lle, Jens and Vogel, Michael},
  title =	{{2. 08102 Working Group – Early Warning Systems}},
  booktitle =	{Perspectives Workshop: Network Attack Detection and Defense},
  pages =	{1--2},
  series =	{Dagstuhl Seminar Proceedings (DagSemProc)},
  ISSN =	{1862-4405},
  year =	{2008},
  volume =	{8102},
  editor =	{Georg Carle and Falko Dressler and Richard A. Kemmerer and Hartmut K\"{o}nig and Christopher Kruegel},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/entities/document/10.4230/DagSemProc.08102.2},
  URN =		{urn:nbn:de:0030-drops-14936},
  doi =		{10.4230/DagSemProc.08102.2},
  annote =	{Keywords: Intrusion detection and prevention, attack response and countermeasures, reactive security, automated security, survivability and self-protection, ma network monitoring, flow analysis, denial of service detection and response, event correlation}
}
Questions / Remarks / Feedback
X

Feedback for Dagstuhl Publishing


Thanks for your feedback!

Feedback submitted

Could not send message

Please try again later or send an E-mail