Institut für Verteilte Systeme

Unser Institut beschäftigt sich mit Themen wie Skalierbarkeit, Zuverlässigkeit, Sicherheit und Datenschutz, Selbstorganisation und Beherrschbarkeit von Komplexität in Verteilten Systemen in einer Vielzahl von Einsatzszenarien wie Cloud-Computing oder Fahrzeug-Fahrzeug-Kommunikation.

In der Lehre decken wir das gesamte Spektrum von Rechnernetzen, über verteilte Systeme bis hin zu Sicherheit und Privacy-Schutz ab.

Unsere letzten Publikationen


Lukaseder, Thomas; Maile, Lisa; Erb, Benjamin; Kargl, Frank
SDN-Assisted Network-Based Mitigation of Slow DDoS Attacks
SecureComm'18,
August 2018

Zusammenfassung: Slow-running attacks against network applications are often not easy to detect, as the attackers behave according to the specification. The servers of many network applications are not prepared for such attacks, either due to missing countermeasures or because their default configurations ignores such attacks. The pressure to secure network services against such attacks is shifting more and more from the service operators to the network operators of the servers under attack. Recent technologies such as software-defined networking offer the flexibility and extensibility to analyze and influence network flows without the assistance of the target operator. Based on our previous work on a network-based mitigation, we have extended a framework to detect and mitigate slow-running DDoS attacks within the network infrastructure, but without requiring access to servers under attack. We developed and evaluated several identification schemes to identify attackers in the network solely based on network traffic information. We showed that by measuring the packet rate and the uniformity of the packet distances, a reliable identificator can be built, given a training period of the deployment network.

van der Heijden, Rens W.; Lukaseder, Thomas; Kargl, Frank
VeReMi: A Dataset for Comparable Evaluation of Misbehavior Detection in VANETs
SecureComm'18,
August 2018
van der Heijden, Rens W.; Kopp, Henning; Kargl, Frank
Multi-Source Fusion Operations in Subjective Logic
Proceedings of the 21st International Conference on Information Fusion
Herausgeber: IEEE,
Juli 2018
akzeptiert

Zusammenfassung: The purpose of multi-source fusion is to combine information from more than two evidence sources, or subjective opinions from multiple actors. For subjective logic, a number of different fusion operators have been proposed, each matching a fusion scenario with different assumptions. However, not all of these operators are associative, and therefore multi-source fusion is not well-defined for these settings. In this paper, we address this challenge, and define multi-source fusion for weighted belief fusion (WBF) and consensus & compromise fusion (CCF). For WBF, we show the definition to be equivalent to the intuitive formulation under the bijective mapping between subjective logic and Dirichlet evidence PDFs. For CCF, since there is no independent generalization, we show that the resulting multi-source fusion produces valid opinions, and explain why our generalization is sound. For completeness, we also provide corrections to previous results for averaging and cumulative belief fusion (ABF and CBF), as well as belief constraint fusion (BCF), which is an extension of Dempster's rule. With our generalizations of fusion operators, fusing information from multiple sources is now well-defined for all different fusion types defined in subjective logic. This enables wider applicability of subjective logic in applications where multiple actors interact.

Mödinger, David; Kopp, Henning; Kargl, Frank; Hauck, Franz J.
A Flexible Network Approach to Privacy of Blockchain Transactions
Proceedings of the 38th International Conference on Distributed Computing Systems
Juli 2018
akzeptiert

Zusammenfassung: For preserving privacy, blockchains can be equipped with dedicated mechanisms to anonymize participants. How- ever, these mechanism often take only the abstraction layer of blockchains into account whereas observations of the underlying network traffic can reveal the originator of a transaction request. Previous solutions either provide topological privacy that can be broken by attackers controlling a large number of nodes, or offer strong and cryptographic privacy but are inefficient up to practical unusability. Further, there is no flexible way to trade privacy against efficiency to adjust to practical needs. We propose a novel approach that combines existing mechanisms to have quantifiable and adjustable cryptographic privacy which is further improved by augmented statistical measures that prevent frequent attacks with lower resources. This approach achieves flexibility for privacy and efficency requirements of different blockchain use cases.

Matousek, Matthias; Bösch, Christoph; Kargl, Frank
Poster: Privacy-Preserving Decision Trees
Privacy in Machine Learning and Artificial Intelligence Workshop at ICML 2018
Juli 2018
akzeptiert
Export als: BibTeX, XML

Klicken Sie hier um eine Übersicht aller Publikationen zu erhalten.