Lars Stiemert

Marcus Knüpfer, Tore Bierwirth, Lars Stiemert et al.

The lack of guided exercises and practical opportunities to learn about cybersecurity in a practical way makes it difficult for security experts to improve their proficiency. Capture the Flag events and Cyber Ranges are ideal for cybersecurity training. Thereby, the participants usually compete in teams against each other, or have to defend themselves in a specific scenario. As organizers of yearly events, we present a taxonomy for interactive cyber training and education. The proposed taxonomy includes different factors of the technical setup, audience, training environment, and training setup. By the comprehensive taxonomy, different aspects of interactive training are considered. This can help trainings to improve and to be established successfully. The provided taxonomy is extendable and can be used in further application areas as research on new security technologies.

Sandro Passarelli, Cem Gündogan, Lars Stiemert et al.

Cyber incidents can have a wide range of cause from a simple connection loss to an insistent attack. Once a potential cyber security incidents and system failures have been identified, deciding how to proceed is often complex. Especially, if the real cause is not directly in detail determinable. Therefore, we developed the concept of a Cyber Incident Handling Support System. The developed system is enriched with information by multiple sources such as intrusion detection systems and monitoring tools. It uses over twenty key attributes like sync-package ratio to identify potential security incidents and to classify the data into different priority categories. Afterwards, the system uses artificial intelligence to support the further decision-making process and to generate corresponding reports to brief the Board of Directors. Originating from this information, appropriate and detailed suggestions are made regarding the causes and troubleshooting measures. Feedback from users regarding the problem solutions are included into future decision-making by using labelled flow data as input for the learning process. The prototype shows that the decision making can be sustainably improved and the Cyber Incident Handling process becomes much more effective.

Peter Hillmann, Lars Stiemert, Gabi Dreo et al.

IP Geolocation is a key enabler for the Future Internet to provide geographical location information for application services. For example, this data is used by Content Delivery Networks to assign users to mirror servers, which are close by, hence providing enhanced traffic management. It is still a challenging task to obtain precise and stable location information, whereas proper results are only achieved by the use of active latency measurements. This paper presents an advanced approach for an accurate and self-optimizing model for location determination, including identification of optimized Landmark positions, which are used for probing. Moreover, the selection of correlated data and the estimated target location requires a sophisticated strategy to identify the correct position. We present an improved approximation of network distances of usually unknown TIER infrastructures using the road network. Our concept is evaluated under real-world conditions focusing Europe.