Visible to the public Biblio

Filters: Author is Schrittwieser, Sebastian  [Clear All Filters]
2019-05-08
Kieseberg, Peter, Schrittwieser, Sebastian, Weippl, Edgar.  2018.  Structural Limitations of B+-Tree Forensics. Proceedings of the Central European Cybersecurity Conference 2018. :9:1–9:4.
Despite the importance of databases in virtually all data driven applications, database forensics is still not the thriving topic it ought to be. Many database management systems (DBMSs) structure the data in the form of trees, most notably B+-Trees. Since the tree structure is depending on the characteristics of the INSERT-order, it can be used in order to generate information on later manipulations, as was shown in a previously published approach. In this work we analyse this approach and investigate, whether it is possible to generalize it to detect DELETE-operations within general INSERT-only trees. We subsequently prove that almost all forms of B+-Trees can be constructed solely by using INSERT-operations, i.e. that this approach cannot be used to prove the existence of DELETE-operations in the past.
2018-11-19
Rauchberger, Julian, Schrittwieser, Sebastian, Dam, Tobias, Luh, Robert, Buhov, Damjan, Pötzelsberger, Gerhard, Kim, Hyoungshick.  2018.  The Other Side of the Coin: A Framework for Detecting and Analyzing Web-Based Cryptocurrency Mining Campaigns. Proceedings of the 13th International Conference on Availability, Reliability and Security. :18:1–18:10.

Mining for crypto currencies is usually performed on high-performance single purpose hardware or GPUs. However, mining can be easily parallelized and distributed over many less powerful systems. Cryptojacking is a new threat on the Internet and describes code included in websites that uses a visitor's CPU to mine for crypto currencies without the their consent. This paper introduces MiningHunter, a novel web crawling framework which is able to detect mining scripts even if they obfuscate their malicious activities. We scanned the Alexa Top 1 million websites for cryptojacking, collected more than 13,400,000 unique JavaScript files with a total size of 246 GB and found that 3,178 websites perform cryptocurrency mining without their visitors' consent. Furthermore, MiningHunter can be used to provide an in-depth analysis of cryptojacking campaigns. To show the feasibility of the proposed framework, three of such campaigns are examined in detail. Our results provide the most comprehensive analysis to date of the spread of cryptojacking on the Internet.

2017-09-05
Luh, Robert, Schrittwieser, Sebastian, Marschalek, Stefan.  2016.  TAON: An Ontology-based Approach to Mitigating Targeted Attacks. Proceedings of the 18th International Conference on Information Integration and Web-based Applications and Services. :303–312.

Targeted attacks on IT systems are a rising threat against the confidentiality of sensitive data and the availability of systems and infrastructures. Planning for the eventuality of a data breach or sabotage attack has become an increasingly difficult task with the emergence of advanced persistent threats (APTs), a class of highly sophisticated cyber-attacks that are nigh impossible to detect using conventional signature-based systems. Understanding, interpreting, and correlating the particulars of such advanced targeted attacks is a major research challenge that needs to be tackled before behavior-based approaches can evolve from their current state to truly semantics-aware solutions. Ontologies offer a versatile foundation well suited for depicting the complex connections between such behavioral data and the diverse technical and organizational properties of an IT system. In order to facilitate the development of novel behavior-based detection systems, we present TAON, an OWL-based ontology offering a holistic view on actors, assets, and threat details, which are mapped to individual abstracted events and anomalies that can be detected by today's monitoring data providers. TOAN offers a straightforward means to plan an organization's defense against APTs and helps to understand how, why, and by whom certain resources are targeted. Populated by concrete data, the proposed ontology becomes a smart correlation framework able to combine several data sources into a semantic assessment of any targeted attack.