Institutszentrum Birlinghoven

Filters

Reset filters

Settings
Now showing 1 - 10 of 16
  • Patent
    Concept for combined dynamic range compression and quided clipping prevention for audio devices
    ( 2019)
    Borsum, Arne
    ;
    Kratschmer, Michael
    ;
    Küch, Fabian
    ;
    Meier, Michael
    ;
    Neugebauer, Bernhard
    ;
    Uhle, Christian
    The invention provides a concept for combined dynamic range compression and guided clipping prevention for audio devices. An audio decoder for decoding an audio bitstream and a metadata bitstream related to the audio bitstream according to the concept comprisesan audio processing chain configured to receive a decoded audio signal derived from the audio bitstream and to adjust characteristics of the audio signal in order to produce an audio output signal, the audio adjustment chain comprising a plurality of adjustment stages including a dynamic range control stage for adjusting a dynamic range of the audio output signal and a guided clipping prevention stage for preventing clipping of the audio output signal; anda metadata decoder configured to receive the metadata bitstream and to extract dynamic range control gain sequences and guided clipping prevention gain sequences from the metadata bitstream, at least a part of the dynamic range control gain sequences being supplied to the dynamic range control stage, and at least a part of the guided clipping prevention gain sequences being supplied to the guided clipping prevention stage.
  • Publication
    Ein Werkzeug zur automatisierten Analyse von Identitätsdaten-Leaks
    ( 2018)
    Malderle, Timo
    ;
    Wübbeling, Matthias
    ;
    Knauer, Sven
    ;
    Meier, Michael
    Schon vor den Leaks von Dienstleistern wie last.fm, Playstation-Network oder Ashley Madison war Identitätsdiebstahl ein relevantes Thema im Bereich IT-Sicherheit. Die deutsche Gesetzgebung fordert zumeist eine Veröffentlichung der Umstände in relevanten Medien. Trotz öffentlicher Bekanntgabe und Präsenz in einschlägigen Medien erreichen relevante Informationen oft nur wenige Betroffene. Durch solche Veröffentlichungen lässt sich der Missbrauch von personenbezogenen und persönlichen Daten durch Kriminelle weder verhindern noch kontrollieren. Individuelle Benachrichtigungen von Betroffenen können die Folgen von Identitätsdiebstahl abschwächen. Dabei sollten die Benachrichtigungen weiterführende Informationen über den Umfang des Leaks beinhalten, welche die Kritikalität der betroffenen Merkmale darstellen und auch über mögliche Maßnahmen informieren. Um eine individuelle Information auf Basis verfügbarer Identitätsdaten-Leaks zu gewährleisten, müssen diese normalisiert und analysiert werden. Aufgrund der großen Menge kursierender Identitätsdatensammlungen ist eine Automatisierung notwendig. Diese Arbeit dokumentiert eine Implementierung zur automatisierten syntaktisch-, semantischen Analyse und Normalisierung relevanter Merkmale öffentlich verfügbarer Identitätsdaten als Vorbereitung zur individuellen Benachrichtigung von Betroffenen.
  • Publication
    Gathering and analyzing identity leaks for a proactive warning of affected users
    ( 2018)
    Malderle, Timo
    ;
    Wübbeling, Matthias
    ;
    Knauer, Sven
    ;
    Meier, Michael
    Identity theft is a common consequence of successful cyber-attacks. Criminals steal identity data in order to either (mis)use the data themselves or sell entire identity collections of such data to other parties. Warning the victims of identity theft is crucial to avoid or limit the damage caused by identity misuse. However, in order to provide proactive warnings to victims in a timely fashion, the leaked identity data has to be available. Within this paper we present a methodology to gather and analyze leaked identity data to enable proactive warnings of victims.
  • Publication
    Hunting observable objects for indication of compromise
    ( 2018)
    Sykosch, Arnold
    ;
    Ohm, Marc
    ;
    Meier, Michael
    Shared Threat Intelligence is often imperfect. Especially so called Indicator of Compromise might not be well constructed. This might either be the case if the threat only appeared recently and recordings do not allow for construction of high quality Indicators or the threat is only observed by sharing partners lesser capable to model the threat. However, intrusion detection based on imperfect intelligence yields low quality results. Within this paper we illustrate how one is able to overcome these shortcomings in data quality and is able to achieve solid intrusion detection. This is done by assigning individual weights to observables listed in a STIXTM report to express their significance for detection. For evaluation, an automatized toolchain was developed to mimic the Threat Intelligence sharing ecosystem from initial detection over reporting, sharing, and determining compromise by STIXTM-formated data. Multiple strategies to detect and attribute a specific threat are compared using this data, leading up to an approach yielding a F1-Score of 0.79.
  • Publication
    Detecting zero-day attacks using context-aware anomaly detection at the application-layer
    ( 2017)
    Duessel, Patrick
    ;
    Gehl, Christian
    ;
    Flegel, Ulrich
    ;
    Dietrich, Sven
    ;
    Meier, Michael
    Anomaly detection allows for the identification of unknown and novel attacks in network traffic. However, current approaches for anomaly detection of network packet payloads are limited to the analysis of plain byte sequences. Experiments have shown that application-layer attacks become difficult to detect in the presence of attack obfuscation using payload customization. The ability to incorporate syntactic context into anomaly detection provides valuable information and increases detection accuracy. In this contribution, we address the issue of incorporating protocol context into payload-based anomaly detection. We present a new data representation, called cn-grams, that allows to integrate syntactic and sequential features of payloads in an unified feature space and provides the basis for context-aware detection of network intrusions. We conduct experiments on both text-based and binary application-layer protocols which demonstrate superior accuracy on the detection of various types of attacks over regular anomaly detection methods. Furthermore, we show how cn-grams can be used to interpret detected anomalies and thus, provide explainable decisions in practice.
  • Publication
    Reclaim your prefix: Mitigation of prefix hijacking using IPsec tunnels
    ( 2017)
    Wübbeling, Matthias
    ;
    Meier, Michael
    Prefix hijacking is a serious threat in the Internet routing landscape. The Border Gateway Protocol has no origin authentication by design. Countermeasures, e.g. on-top authentication as implemented by R-PKI infrastructures, are not yet deployed on a very large scale. Being victim of prefix hijacking is a difficult situation with few options. Not only the owner of a prefix is victim but all the networks being deceived by the attacker. They are unable to communicate with the owner and corresponding traffic travels into the wrong direction. Current data from the Internet routing plane as collected by RIPE-NCC is examined to detect prefix hijacking. This paper discusses means to manipulate the partitions resulting from prefix hijacking with router inherent functionality. By this means, prefix owners become able to increase their impact and enlarge the corresponding partition, with just one assistant Autonomous System (AS). Selection strategies to find a well suited assistant AS are compared and the top three are verified in an emulation environment. Therefore, an emulation network is created on the dataset that is representative for prefix hijacking in the Internet. The presented approach can be the foundation of a (semi-)automated tool to mitigate prefix hijacking in the future.
  • Publication
    Towards a toolkit for utility and privacy-preserving transformation of semi-structured data using data pseudonymization
    ( 2017)
    Kasem-Madani, Saffija
    ;
    Meier, Michael
    ;
    Wehner, Martin
    We present a flexibly configurable toolkit for the automatic pseudonymization of datasets that keeps certain utility. The toolkit could be used to pseudonymize data in order to preserve the privacy of data owners while data processing and to meet the requirements of the new European general data protection regulation. We define some possible utility requirements and corresponding utility options a pseudonym can meet. Based on that, we define a policy language that can be used to produce machine-readable utility policies. The utility policies are used to configure the toolkit to produce a pseudonymized dataset that offers the utility options. Here, we follow a confidentiality-by-default principle. I.e., only the data mentioned in the policy is transformed and included in the pseudonymized dataset. All remaining data is kept confidential. This stays in contrast to common pseudonymization techniques that replace only personal or sensitive data of a dataset with pseudonyms, while keeping any other information in plaintext. If applied appropriately, our approach allows for providing pseudonymized datasets that includes less information that can be misused to infer personal information about the individuals the data belong to.
  • Publication
    Improved calculation of aS resilience against IP prefix hijacking
    ( 2016)
    Wübbeling, Matthias
    ;
    Meier, Michael
    Network prefix hijacking is still a serious threat in the Internet. Confirmed incidents in the recent past have shown that even small autonomous systems (ASs) are able to manipulate routing information with huge global impact. Even though countermeasures exist, they are not established at large scale yet. Monitoring of the actual routing state is the only mean to provide at least information about prefix hijacking events for single ASs. Given topology information the resilience of an AS against prefix hijacking attacks can be determined. This paper proposes an improved formula to calculate the resilience of an AS against prefix hijacking. Additionally, the role of internet exchange points (IXPs) and the peering opportunities they provide are evaluated. Such opportunities allow for establishing links between ASs at very low cost. Current peering opportunities are derived from a collection of member data gathered from European IXPs. Furthermore, the effect of additional l inks on an AS's resilience is investigated by combining actual peering and individual peering opportunities.