Tegeler, Florian

[["dc.bibliographiccitation.firstpage","349"],["dc.bibliographiccitation.lastpage","360"],["dc.contributor.author","Tegeler, Florian"],["dc.contributor.author","Fu, Xiaoming"],["dc.contributor.author","Vigna, Giovanni"],["dc.contributor.author","Kruegel, Christopher"],["dc.date.accessioned","2018-05-02T10:36:13Z"],["dc.date.available","2018-05-02T10:36:13Z"],["dc.date.issued","2012"],["dc.description.abstract","Bots are the root cause of many security problems on the Internet, as they send spam, steal information from infected machines, and perform distributed denial-of-service attacks. Many approaches to bot detection have been proposed, but they either rely on end-host installations, or, if they operate on network traffic, require deep packet inspection for signature matching. In this paper, we present BotFinder, a novel system that detects infected hosts in a network using only high-level properties of the bot's network traffic. BotFinder does not rely on content analysis. Instead, it uses machine learning to identify the key features of command-and-control communication, based on observing traffic that bots produce in a controlled environment. Using these features, BotFinder creates models that can be deployed at network egress points to identify infected hosts. We trained our system on a number of representative bot families, and we evaluated BotFinder on real-world traffic datasets -- most notably, the NetFlow information of a large ISP that contains more than 25 billion flows. Our results show that BotFinder is able to detect bots in network traffic without the need of deep packet inspection, while still achieving high detection rates with very few false positives."],["dc.identifier.doi","10.1145/2413176.2413217"],["dc.identifier.uri","https://resolver.sub.uni-goettingen.de/purl?gro-2/13802"],["dc.language.iso","en"],["dc.notes.status","final"],["dc.publisher","ACM"],["dc.relation.conference","CoNEXT '12"],["dc.relation.eventend","2012-12-13"],["dc.relation.eventlocation","New York, NY, USA"],["dc.relation.eventstart","2012-12-10"],["dc.relation.isbn","978-1-4503-1775-7"],["dc.relation.ispartof","Proceedings of the 8th international conference on Emerging networking experiments and technologies"],["dc.title","BotFinder"],["dc.title.subtitle","Finding Bots in Network Traffic Without Deep Packet Inspection"],["dc.type","conference_paper"],["dc.type.internalPublication","unknown"],["dspace.entity.type","Publication"]]

[["dc.bibliographiccitation.firstpage","1"],["dc.bibliographiccitation.lastpage","6"],["dc.contributor.author","Tegeler, Florian"],["dc.contributor.author","Koll, David"],["dc.contributor.author","Fu, Xiaoming"],["dc.date.accessioned","2018-05-07T11:01:12Z"],["dc.date.available","2018-05-07T11:01:12Z"],["dc.date.issued","2011"],["dc.description.abstract","Social networking platforms such as Facebook, MySpace, and Twitter have seen a significant increase in user population and user provided information. However, users are increasingly concerned about identity and data privacy since information is controlled by single companies. To address this issue researchers investigated alternative solutions, where the users' data, e.g. profile information, comments and messages, is stored at user-controlled nodes. Although these solutions provide a plausible means for avoiding privacy leaking in central instances, they raise a new challenge to design a cost-effective storage replica scheme which ensures a high data availability even when some users are offline. In this paper we present Gemstone, a social network platform where the data replication scheme leverages a learning mechanism based on social relationships, online patterns of peers and user experiences. Our preliminary evaluation shows that compared to related works, it achieves higher data availability while requiring a smaller number of data replicas."],["dc.identifier.doi","10.1109/GLOCOM.2011.6134236"],["dc.identifier.uri","https://resolver.sub.uni-goettingen.de/purl?gro-2/14613"],["dc.language.iso","en"],["dc.notes.status","final"],["dc.publisher","IEEE"],["dc.relation.conference","Global Communications Conference"],["dc.relation.eventend","2011-12-09"],["dc.relation.eventlocation","Houston, Texas, USA"],["dc.relation.eventstart","2011-12-05"],["dc.relation.isbn","978-1-4244-9268-8"],["dc.relation.isbn","978-1-4244-9266-4"],["dc.relation.isbn","978-1-4244-9267-1"],["dc.relation.ispartof","Proceedings of the Global Communications Conference"],["dc.title","Gemstone: Empowering Decentralized Social Networking with High Data Availability"],["dc.type","conference_paper"],["dc.type.internalPublication","unknown"],["dspace.entity.type","Publication"]]

[["dc.bibliographiccitation.firstpage","1"],["dc.bibliographiccitation.lastpage","2"],["dc.contributor.author","Tegeler, Florian"],["dc.contributor.author","Fu, Xiaoming"],["dc.date.accessioned","2018-05-24T09:28:31Z"],["dc.date.available","2018-05-24T09:28:31Z"],["dc.date.issued","2010"],["dc.description.abstract","In decentralized dynamic networks such as peer-to-peer networks, it is difficult to authorize identities without a centralized authority, since a node interacts with nodes previously unknown to itself. To optimize the quality of experience and exclude malicious nodes from such networks, various trust and reputation systems (TRS) have been proposed. However, most of these TRSs rely on properties such as trust attributed to certain persistent identities and the bootstrapping is difficult without a central trusted instance. Hence, TRSs are vulnerable to sybil attacks [1], where a number of artificial identities can be used by some malicious entity to compromise probabilistic protection mechanisms. These mechanisms usually rely on the assumption that most nodes in a network behave well. Unfortunately, this is not the case if an attacker maintains numerous identities. We present SybilConf, a simple scheme to increase costs for maintaining an identity, thus reducing the sybil attack's impact. The basic idea is to combine public/ private keying with a novel puzzle creation algorithm to enable a flexible, strong and identity-bound sybil protection."],["dc.identifier.doi","10.1109/INFCOMW.2010.5466685"],["dc.identifier.uri","http://hdl.handle.net/2/14742"],["dc.language.iso","en"],["dc.notes.status","final"],["dc.publisher","IEEE"],["dc.relation.eventend","2010-03-19"],["dc.relation.eventlocation","San Diego, CA, USA"],["dc.relation.eventstart","2010-03-15"],["dc.relation.isbn","978-1-4244-6739-6"],["dc.relation.ispartof","INFOCOM IEEE Conference on Computer Communications Workshops"],["dc.title","SybilConf: Computational Puzzles for Confining Sybil Attacks"],["dc.type","conference_paper"],["dc.type.internalPublication","unknown"],["dspace.entity.type","Publication"]]