Zum Hauptinhalt springen

NetSec Lecture Series: DEEPCASE: Semi-Supervised Contextual Analysis of Security Events

Datum und Uhrzeit

15.06.2022, 17:00 - 18:30 Uhr
Im Kalender speichern




Die Fachgruppe Sicherheit in Mobil- und Festnetzen veranstaltet in diesem Sommersemester die virtuelle NetSec Lecture Series. Die dritte Veranstaltung findet am 15. Juni 2022 von 17:00 - 18:30 Uhr statt. Die Zoom-Einwahldaten für die Veranstaltung sind: https://tu-berlin.zoom.us/j/63223549564?pwd=SUdRSjcvVzJJeVhielM0UE5pNGhlQT09.

Save-the-date: NetSec Lecture Series

  • 15. Juni 2022: Prof. Dr. Andreas Peter, Universität Oldenburg
    DEEPCASE: Semi-Supervised Contextual Analysis of Security Events

Am 15. Juni 2022 findet der dritte Vortrag der NetSec Lecture Series statt. Prof. Dr. Andreas Peter von der Universität Oldenburg wird über die Analyse von IT-Sicherheitsereignissen sprechen.

DEEPCASE: Semi-Supervised Contextual Analysis of Security Events

Abstract: Security monitoring systems detect potentially malicious activities in IT infrastructures, by either looking for known signatures or for anomalous behavior. Security operators investigate associated security events to determine whether they pose a threat to their organization. In many cases, a single event may be insufficient to determine whether certain activity is indeed malicious. Therefore, a security operator frequently needs to correlate multiple events to identify if they pose a real threat. Unfortunately, the vast number of events that need to be correlated often overload security operators, forcing them to ignore some events and, thereby, potentially miss attacks.

In this presentation, we will talk about how to automatically correlate security events and, thus, automate parts of the security operator's workload. Concretely, we will look at the design and evaluation of DeepCASE, a system that leverages the context around events to determine which events require further inspection. This approach reduces the number of events that need to be inspected. In addition, the context provides valuable insights into why certain events are classified as malicious. We show that DeepCASE automatically filters 86.72% of the events and reduces the manual workload of security operators by 90.53%, while underestimating the risk of potential threats in less than 0.001% of cases.

CV: Andreas Peter is a professor in computer science at the Carl von Ossietzky University of Oldenburg in Germany, where he leads the research group on Safety-Security-Interaction. He is also a visiting professor in IT-security at the University of Twente in the Netherlands. His current research interests include both fundamental and applied security and privacy aspects in IT systems, particularly in the context of safety-critical systems and the Internet of Things.

Prof. Peter studied mathematics at the Universities of Oldenburg and Cambridge (England) and received his doctorate in computer science from the Technical University of Darmstadt in 2013. He then worked at the University of Twente, initially as a research assistant, then from 2014 to 2018 as assistant professor and later as professor in IT-security at the computer science department. In 2022, he took on the professorship in Oldenburg. Prof. Peter is an editorial board member of the EURASIP Journal on Information Security and regularly serves on the program committees of several workshops and conferences devoted to security and privacy.

Vergangene Veranstaltungen der NetSec Lecture Series: