ICDF2C 2021 - Two papers accepted and presented

22 Dezember 2021

The article Find my IoT Device -- An Efficient and Effective Approximate Matching Algorithm to Identify IoT Traffic Flows was accepted at ICDF2C. The paper was presented at the 12th EAI International Conference on Digital Forensics & Cyber Crime (ICDF2C) 2021 as a hybrid event in Singapur in December 2021.

Authors: Thomas Göbel, Frieder Uhlig, Harald Baier

Abstract:

Internet of Things (IoT) devices become more and more popular as they are limited in terms of resources, designed to serve only one specific purpose, and hence cheap. However, their profitableness comes with the difficulty to patch them. Moreover, the IoT topology is often not well documented, too. Thus IoT devices form a popular attack vector in networks. Due to the widespread missing documentation vulnerable IoT network components must be quickly identified and located during an incident and a network forensic response. In this paper, we present a novel approach to efficiently and effectively identify a specific IoT device by using approximate matching applied to network traffic captures. Our algorithm is called Cu-IoT and publicly available. Cu-IoT is superior to previous machine-learning approaches, because it does not require feature extraction and a learning phase. Furthermore, in case of 2 out of 3 datasets, Cu-IoT outperforms a hash-based competitor, too. We present an in-depth evaluation of Cu-IoT on different IoT datasets and achieve nearly 100% classification performance in terms of accuracy, recall, and precision, respectively, for the first dataset, and almost 99% accuracy and 84% precision and recall, respectively, for the second dataset, and almost 100% accuracy and 90% precision and recall, respectively, for the third dataset.

 

The article Towards Mitigation of Data Exfiltration Techniques using the MITRE ATT&CK Framework was accepted at ICDF2C, too. The paper was presented at the 12th EAI International Conference on Digital Forensics & Cyber Crime (ICDF2C) 2021 as a hybrid event in Singapur in December 2021.

Authors: Michael Mundt, Harald Baier

Abstract:

Network-based attacks and their mitigation are of increasing importance in our ever-connected world. Besides denial of service a major goal of today’s attackers is to gain access to the victim’s data (e.g. for espionage or blackmailing purposes). Hence the detection and prevention of data exfiltration is one of the major challenges of institutions
connected to the Internet. The cyber security community provides different standards and best-practices on both high and fine-granular level to handle this problem. In this paper we propose a conclusive process, which links Cyber Threat Intelligence (CTI) and Information Security Management Systems (ISMS) in a dynamic manner to reduce the risk of unwanted data loss through data exfiltration. While both CTI and ISMS are widespread in modern cyber security strategies, most often they are implemented concurrently. Our process, however, is based on the hypothesis that the mitigation of data loss is improved if both CTI and ISMS interact with one another and complement each other conclusively. Our concept makes use of the MITRE ATT&CK framework in order to enable (partial) automatic  execution of our process chain and to execute proactive simulations to measure the effectiveness of the implemented countermeasures and to identify any security gaps that may exist.

Aktuelles

Vortrag des Forschungsinstituts CODE auf der 31. DFN-CERT Konferenz in Hamburg

Als externer Doktorand stellte Michael Mundt die Arbeit "Gib dem Dino Futter – adaptive Detektion von Bedrohungen in KRITIS-Netzwerken mittels Open-Source-Forensik" auf der 31. DFN-CERT Konferenz am 30./31. Januar vor.

ForTrace Workshop @ DFRWS EU 2024

We will present our research on the ForTrace data synthesis framework for digital forensics at the DFRWS EU 2024.

DFRWS EU 2024 - Two papers accepted

Our two papers on "Hypervisor-based Data Synthesis: On its Potential to Tackle the Curse of Client-side Agent Remnants in Forensic Image Generation" and "Ubi est indicium? On Forensic Analysis of the UBI File System" were accepted for presentation at the DFRWS EU 2024.

IFIP WG 11.9 ICDF 2024 - Paper accepted and presented

Our paper on "Usable and Assessable Generation of Forensic Data Sets Containing Anti-Forensic Traces at the Filesystem Level" was accepted for presentation at the IFIP WG 11.9 ICDF 2024.

AICSEC 2023 - Paper accepted

We will present our work on "Scalable Image Clustering to screen for self-produced CSAM" in Bratislava at the AICSEC 2023.

NordSec 2023 - Paper accepted

We will present our work on WhatsApp Stickers in Oslo at the NordSec 2023.

DFRWS USA 2023 - PAPER ACCEPTED

Our paper Combining AI and AM - Improving Approximate Matching through Transformer Networks was accepted at the DFRWS USA 2023.