@inproceedings{dam_large-scale_2019, address = {Canterbury, United Kingdom}, title = {Large-{Scale} {Analysis} of {Pop}-{Up} {Scam} on {Typosquatting} {URLs}}, doi = {10/gh378k}, booktitle = {Proceedings of the 14th {International} {Conference} on {Availability}, {Reliability} and {Security}}, publisher = {ACM}, author = {Dam, Tobias and Klausner, Lukas Daniel and Buhov, Damjan and Schrittwieser, Sebastian}, year = {2019}, note = {Projekt: TARGET}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Konferenz-Paper, SP IT Sec System \& Application Security, Vortrag, Wiss. Beitrag, peer-reviewed}, pages = {53:1--53:9}, } @article{luh_advanced_2019, title = {Advanced threat intelligence: detection and classification of anomalous behavior in system processes}, volume = {Springer}, abstract = {With the advent of Advanced Persistent Threats (APTs), it has become increasingly difficult to identify and understand attacks on computer systems. This paper presents a system capable of explaining anomalous behavior within network-enabled user sessions by describing and interpreting kernel event anomalies detected by their deviation from normal behavior. The prototype has been developed at the Josef Ressel Center for Unified Threat Intelligence on Targeted Attacks (TARGET) at St. Pölten University of Applied Sciences.}, journal = {e {\textbackslash}\& i Elektrotechnik und Informationstechnik}, author = {Luh, Robert and Schrittwieser, Sebastian}, month = dec, year = {2019}, note = {Projekt: TARGET}, keywords = {FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, SP IT Sec Applied Security \& Data Science, best, peer-reviewed, ⛔ No DOI found}, pages = {1--7}, } @inproceedings{luh_robert_apt_2018, title = {{APT} {RPG}: {Design} of a {Gamified} {Attacker}/{Defender} {Meta} {Model}}, booktitle = {International {Workshop} on {FORmal} methods for {Security} {Engineering}}, author = {{Luh, Robert} and Temper, Marlies and Tjoa, Simon and Schrittwieser, Sebastian}, year = {2018}, note = {Projekt: TARGET}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Data Intelligence, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Schriftpublikation, peer-reviewed, ⛔ No DOI found}, } @article{kieseberg_forensics_2017, title = {Forensics using {Internal} {Database} {Structures}}, url = {http://ercim-news.ercim.eu/images/stories/EN108/EN108-web.pdf}, number = {108}, journal = {ERCIM News}, author = {Kieseberg, Peter and Weippl, Edgar and Schrittwieser, Sebastian}, year = {2017}, note = {Projekt: TARGET}, keywords = {Center for Artificial Intelligence, Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Schriftpublikation, peer-reviewed, ⛔ No DOI found}, } @article{kieseberg_forensics_2016, title = {Forensics using {Internal} {Database} {Structures}}, number = {108}, journal = {ERCIM News}, author = {Kieseberg, Peter and Weippl, Edgar and Schrittwieser, Sebastian}, year = {2016}, note = {Projekt: TARGET}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Schriftpublikation, peer-reviewed, ⛔ No DOI found}, } @article{kieseberg_security_2017, title = {Security {Testing} for {Mobile} {Applications}}, volume = {109}, url = {https://www.sba-research.org/wp-content/uploads/publications/201704 - KIESEBERG - Pages from EN109-web.pdf}, journal = {ERCIM News}, author = {Kieseberg, Peter and Frühwirt, Peter and Schrittwieser, Sebastian}, year = {2017}, note = {Projekt: TARGET}, keywords = {Center for Artificial Intelligence, Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Schriftpublikation, peer-reviewed, ⛔ No DOI found}, pages = {52--53}, } @article{malle_privacy_2016, title = {Privacy {Aware} {Machine} {Learning} and the {Right} to be {Forgotten}}, number = {107}, journal = {ERCIM News}, author = {Malle, Bernd and Kieseberg, Peter and Schrittwieser, Sebastian and Holzinger, Andreas}, year = {2016}, note = {Projekt: TARGET}, keywords = {Center for Artificial Intelligence, Center for Digital Health Innovation, Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Schriftpublikation, peer-reviewed, ⛔ No DOI found}, } @article{kieseberg_detection_2016, title = {Detection of {Data} {Leaks} in {Collaborative} {Data} {Driven} {Research}}, number = {105}, journal = {ERCIM News}, author = {Kieseberg, Peter and Weippl, Edgar and Schrittwieser, Sebastian}, year = {2016}, note = {Projekt: TARGET}, keywords = {Center for Artificial Intelligence, Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Schriftpublikation, peer-reviewed, ⛔ No DOI found}, } @inproceedings{kieseberg_security_2015, title = {Security tests for mobile applications - {Why} using {TLS} or {SSL} is not enough}, doi = {10/gnt2t7}, booktitle = {2015 {IEEE} {Eighth} {International} {Conference} on {Software} {Testing}, {Verification} and {Validation} {Workshops} ({ICSTW})}, author = {Kieseberg, Peter and Fruehwirt, Peter and Schrittwieser, Sebastian and Weippl, Edgar R.}, year = {2015}, keywords = {Center for Artificial Intelligence, Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation, SP IT Sec System \& Application Security, peer-reviewed}, } @inproceedings{luh_design_2017, address = {Madeira, Portugal}, title = {Design of an {Anomaly}-based {Threat} {Detection} \& {Explication} {System}}, doi = {10/gnd7mx}, author = {Luh, Robert and Schrittwieser, Sebastian and Janicke, Helge and Marschalek, Stefan}, year = {2017}, note = {Projekt: TARGET}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Schriftpublikation, peer-reviewed}, } @inproceedings{marschalek_empirical_2016, title = {Empirical {Malware} {Research} through {Observation} of {System} {Behaviour}}, doi = {10/gnt2tx}, booktitle = {First {Workshop} on {Empirical} {Research} {Methods} in {Information} {Security}}, publisher = {ACM}, author = {Marschalek, Stefan and Kaiser, Manfred and Luh, Robert and Schrittwieser, Sebastian}, year = {2016}, note = {Projekt: TARGET}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Schriftpublikation, peer-reviewed}, pages = {467--469}, } @inproceedings{marschalek_endpoint_2017, address = {Altoona, PA}, title = {Endpoint {Data} {Classification} {Using} {Markov} {Chains}}, isbn = {978-1-5386-4808-7}, url = {https://ieeexplore.ieee.org/document/8392618/}, doi = {10/gnt2tz}, urldate = {2019-01-24}, booktitle = {2017 {International} {Conference} on {Software} {Security} and {Assurance} ({ICSSA})}, publisher = {IEEE}, author = {Marschalek, Stefan and Luh, Robert and Schrittwieser, Sebastian}, month = jul, year = {2017}, keywords = {FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, SP IT Sec System \& Application Security, peer-reviewed}, pages = {56--59}, } @inproceedings{luh_design_2017-1, title = {Design of an {Anomaly}-based {Threat} {Detection} \& {Explication} {System}}, doi = {10/gnd63p}, publisher = {ACM}, author = {Luh, Robert and Schrittwieser, Sebastian and Marschalek, Stefan and Janicke, Helge and Weippl, Edgar}, year = {2017}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Schriftpublikation, peer-reviewed}, } @inproceedings{luh_taon_2016, title = {{TAON}: {An} {Ontology}-based {Approach} to {Mitigating} {Targeted} {Attacks}}, doi = {10/gnt2tw}, publisher = {ACM}, author = {Luh, Robert and Schrittwieser, Sebastian and Marschalek, Stefan}, year = {2016}, note = {Projekt: TARGET}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Schriftpublikation, peer-reviewed}, } @article{kieseberg_testen_2017, title = {Das {Testen} von {Algorithmen} in sensibler datengetriebener {Forschung}}, url = {http://fa-wi-maw.gi.de/fileadmin/gliederungen/fg-maw/Rundbriefe/GI_Rundbrief_41_JG23_Online.pdf}, journal = {Rundbrief des Fachausschusses Management der Anwendungsentwicklung und -wartung (WI-MAW)}, author = {Kieseberg, Peter and Schrittwieser, Sebastian and Malle, Bernd and Weippl, Edgar}, year = {2017}, keywords = {Center for Artificial Intelligence, Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Schriftpublikation, SP IT Sec Applied Security \& Data Science, peer-reviewed, ⛔ No DOI found}, } @inproceedings{kieseberg_real-time_2017, title = {Real-time {Forensics} through {Endpoint} {Visibility}}, url = {https://www.sba-research.org/wp-content/uploads/publications/fleetForensics.pdf}, author = {Kieseberg, Peter and Neuner, Sebastian and Schrittwieser, Sebastian and Schmiedecker, Martin}, year = {2017}, keywords = {Center for Artificial Intelligence, Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Schriftpublikation, SP IT Sec Security Management \& Privacy, peer-reviewed, ⛔ No DOI found}, } @article{luh_penquest_2019, title = {{PenQuest}: a gamified attacker/defender meta model for cyber security assessment and education}, issn = {2263-8733}, url = {https://doi.org/10.1007/s11416-019-00342-x}, doi = {10/gh378z}, abstract = {Attacks on IT systems are a rising threat against the confidentiality, integrity, and availability of critical information and infrastructures. At the same time, the complex interplay of attack techniques and possible countermeasures makes it difficult to appropriately plan, implement, and evaluate an organization’s defense. More often than not, the worlds of technical threats and organizational controls remain disjunct. In this article, we introduce PenQuest, a meta model designed to present a complete view on information system attacks and their mitigation while providing a tool for both semantic data enrichment and security education. PenQuest simulates time-enabled attacker/defender behavior as part of a dynamic, imperfect information multi-player game that derives significant parts of its ruleset from established information security sources such as STIX, CAPEC, CVE/CWE and NIST SP 800-53. Attack patterns, vulnerabilities, and mitigating controls are mapped to counterpart strategies and concrete actions through practical, data-centric mechanisms. The gamified model considers and defines a wide range of actors, assets, and actions, thereby enabling the assessment of cyber risks while giving technical experts the opportunity to explore specific attack scenarios in the context of an abstracted IT infrastructure. We implemented PenQuest as a physical serious game prototype and successfully tested it in a higher education environment. Additional expert interviews helped evaluate the model’s applicability to information security scenarios.}, journal = {Journal of Computer Virology and Hacking Techniques}, author = {Luh, Robert and Temper, Marlies and Tjoa, Simon and Schrittwieser, Sebastian and Janicke, Helge}, month = nov, year = {2019}, keywords = {FH SP Cyber Security, Forschungsgruppe Data Intelligence, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Paper, SP IT Sec Security Management \& Privacy, peer-reviewed}, } @incollection{wagner_visual_2017, title = {Visual {Analytics}: {Foundations} and {Experiences} in {Malware} {Analysis}}, isbn = {978-1-4987-7641-7}, abstract = {This chapter starts by providing some background in behavior-based malware analysis. Subsequently, it introduces VA and its main components based on the knowledge generation model for VA (Sacha et al., 2014). Then, it demonstrates the applicability of VA in in this subfield of software security with three projects that illustrate practical experience of VA methods: MalwareVis (Zhuo et al., 2012) supports network forensics and malware analysis by visually assessing TCP and DNS network streams. SEEM (Gove et al., 2014) allows visual comparison of multiple large attribute sets of malware samples, thereby enabling bulk classification. KAMAS (Wagner et al. 2017) is a knowledge-assisted visualization system for behavior-based malware forensics enabled by API calls and system call traces. Future directions in visual analytics for malware analysis conclude the chapter.}, booktitle = {Empirical {Research} for {Software} {Security}: {Foundations} and {Experience}}, publisher = {CRC/Taylor and Francis}, author = {Wagner, Markus and Sacha, Dominik and Rind, Alexander and Fischer, Fabian and Luh, Robert and Schrittwieser, Sebastian and Keim, Daniel A and Aigner, Wolfgang}, editor = {Othmane, Lotfi Ben and Jaatun, Martin Gilje and Weippl, Edgar}, year = {2017}, note = {Projekt: KAVA-Time}, keywords = {FH SP Cyber Security, FH SP Data Analytics \& Visual Computing, Forschungsgruppe Digital Technologies, Forschungsgruppe Media Computing, Institut für Creative Media Technologies, Publikationstyp Schriftpublikation, Visual Computing, Visual analytics, Wiss. Beitrag, best, best-lbwagnerm, data, interaction, knowledge generation, malware analysis, model, peer-reviewed, visualization}, pages = {139--171}, } @article{luh_aidis_2019, title = {{AIDIS}: {Detecting} and classifying anomalous behavior in ubiquitous kernel processes}, issn = {0167-4048}, url = {http://www.sciencedirect.com/science/article/pii/S0167404818314457}, doi = {10/gh38cc}, abstract = {Targeted attacks on IT systems are a rising threat against the confidentiality, integrity, and availability of critical information and infrastructures. With the rising prominence of advanced persistent threats (APTs), identifying and understanding such attacks has become increasingly important. Current signature-based systems are heavily reliant on fixed patterns that struggle with unknown or evasive applications, while behavior-based solutions usually leave most of the interpretative work to a human analyst. In this article we propose AIDIS, an Advanced Intrusion Detection and Interpretation System capable to explain anomalous behavior within a network-enabled user session by considering kernel event anomalies identified through their deviation from a set of baseline process graphs. For this purpose we adapt star structures, a bipartite representation used to approximate the edit distance between two graphs. Baseline templates are generated automatically and adapt to the nature of the respective operating system process. We prototypically implemented smart anomaly classification through a set of competency questions applied to graph template deviations and evaluated the approach using both Random Forest and linear kernel support vector machines. The determined attack classes are ultimately mapped to a dedicated APT attacker/defender meta model that considers actions, actors, as well as assets and mitigating controls, thereby enabling decision support and contextual interpretation of ongoing attacks.}, number = {84}, journal = {Computers \& Security}, author = {Luh, Robert and Janicke, Helge and Schrittwieser, Sebastian}, month = jul, year = {2019}, note = {Projekt: TARGET}, keywords = {FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, SP IT Sec System \& Application Security, best, best-rluh, peer-reviewed}, pages = {120--147}, } @article{luh_sequin_2018, title = {{SEQUIN}: a grammar inference framework for analyzing malicious system behavior}, url = {http://mc.fhstp.ac.at/sites/default/files/publications/Luh_2018_SEQUIN.pdf}, doi = {10/cwdf}, abstract = {Targeted attacks on IT systems are a rising threat to the confidentiality of sensitive data and the availability of critical systems. The emergence of Advanced Persistent Threats (APTs) made it paramount to fully understand the particulars of such attacks in order to improve or devise effective defense mechanisms. Grammar inference paired with visual analytics (VA) techniques offers a powerful foundation for the automated extraction of behavioral patterns from sequential event traces. To facilitate the interpretation and analysis of APTs, we present SEQUIN, a grammar inference system based on the Sequitur compression algorithm that constructs a context-free grammar (CFG) from string-based input data. In addition to recursive rule extraction, we expanded the procedure through automated assessment routines capable of dealing with multiple input sources and types. This automated assessment enables the accurate identification of interesting frequent or anomalous patterns in sequential corpora of arbitrary quantity and origin. On the formal side, we extended the CFG with attributes that help describe the extracted (malicious) actions. Discovery-focused pattern visualization of the output is provided by our dedicated KAMAS VA prototype.}, journal = {Journal of Computer Virology and Hacking Techniques}, author = {Luh, Robert and Schramm, Gregor and Wagner, Markus and Janicke, Helge and Schrittwieser, Sebastian}, year = {2018}, note = {Projekt: TARGET Projekt: KAVA-Time}, keywords = {FH SP Cyber Security, Forschungsgruppe Digital Technologies, Forschungsgruppe Media Computing, Forschungsgruppe Secure Societies, Institut für Creative Media Technologies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Visual analytics, Wiss. Beitrag, attribute grammar, best, best-lbwagner, best-rluh, knowledge generation, malware analysis, peer-reviewed, system behavior}, pages = {01 -- 21}, } @inproceedings{marschalek_classifying_2015, title = {Classifying {Malicious} {System} {Behavior} using {Event} {Propagation} {Trees}}, doi = {10/gh378f}, booktitle = {Proceedings of the 17th {International} {Con}- ference on {Information} {Integration} and {Web}-based {Applications} {Services} ({iiWAS2015})}, author = {Marschalek, Stefan and Luh, Robert and Kaiser, Manfred and Schrittwieser, Sebastian}, year = {2015}, note = {Projekt: TARGET}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Schriftpublikation, SP IT Sec System \& Application Security, peer-reviewed}, } @article{buhov_flash_2018, title = {{FLASH}: {Is} the 20th {Century} {Hero} {Really} {Gone}? {Large}-{Scale} {Evaluation} on {Flash} {Usage} \& {Its} {Security} and {Privacy} {Implications}}, volume = {9}, doi = {10/gh375m}, abstract = {Although the Adobe Flash browser plugin steadily lost popularity throughout the last few years, Flash content still regularly appears when browsing the web. Known for its infamous security track record, Flash remains a challenge in making web browsing more secure. In this paper, we present a largescale measurement of the current uses of Flash, based on a crawl of the top 1 million websites. The different types of measurements result in most detailed classification of Flash uses to date. In particular, special attention is payed to Flash usage related to user tracking, as well as to malicious Flash files used by malvertising or exploit kits. We present Garrick, a novel crawling framework, which is based on a full-fledged Mozilla Firefox browser. Garrick is able to mimic any browser, plugin and operating system configuration so that fingerprinting scripts can be tricked to deliver malicious Flash files. Our measurements show that Flash is still used by approximately 7.5\% of the top 1 million websites, with 62\% of the Flash content coming from third-parties such as ad networks. In general, on popular websites Flash usage is higher compared to less prominent websites and a bigger share of Flash content on these sites comes from third-parties. From a security perspective, malicious Flash files served by highly targeted malvertising campaigns are an ongoing challenge.}, language = {en}, number = {4}, journal = {Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA)}, author = {Buhov, Damjan and Rauchberger, Julian and Schrittwieser, Sebastian}, month = dec, year = {2018}, keywords = {FH SP Cyber Security, Institut für IT Sicherheitsforschung, SP IT Sec System \& Application Security, peer-reviewed}, pages = {15}, } @inproceedings{luh_sequitur-based_2017, title = {Sequitur-based {Inference} and {Analysis} {Framework} for {Malicious} {System} {Behavior}}, doi = {10/cwdb}, author = {Luh, Robert and Schramm, Georg and Wagner, Markus and Schrittwieser, Sebastian}, year = {2017}, note = {Projekt: TARGET Projekt: KAVA-Time}, keywords = {2017, Department Medien und Digitale Technologien, Department Technologie, FH SP Cyber Security, Forschungsgruppe Digital Technologies, Forschungsgruppe Media Computing, Forschungsgruppe Secure Societies, Institut für Creative Media Technologies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Präsentation, Publikationstyp Schriftpublikation, peer-reviewed}, } @inproceedings{valicek_creation_2017, address = {Altoona, PA}, title = {Creation and {Integration} of {Remote} {High} {Interaction} {Honeypots}}, isbn = {978-1-5386-4808-7}, url = {https://ieeexplore.ieee.org/document/8392617/}, doi = {10/gh375g}, urldate = {2019-01-24}, booktitle = {2017 {International} {Conference} on {Software} {Security} and {Assurance} ({ICSSA})}, publisher = {IEEE}, author = {Valicek, Martin and Schramm, Gregor and Pirker, Martin and Schrittwieser, Sebastian}, month = jul, year = {2017}, keywords = {FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung}, pages = {50--55}, } @inproceedings{rauchberger_other_2018, address = {Hamburg, Deutschland}, title = {The {Other} {Side} of the {Coin}: {A} {Framework} for {Detecting} and {Analyzing} {Web}-based {Cryptocurrency} {Mining} {Campaigns}}, doi = {10/gh373c}, booktitle = {Proceedings of the 13th {International} {Conference} on {Availability}, {Reliability} and {Security}}, publisher = {ACM}, author = {Rauchberger, Julian and Schrittwieser, Sebastian and Dam, Tobias and Luh, Robert and Buhov, Damjan and Pötzelsberger, Gehard and Kim, Hyoungshick}, year = {2018}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Schriftpublikation, SP IT Sec System \& Application Security, best, peer-reviewed}, } @inproceedings{rauchberger_longkit_2017, address = {Madeira, Portugal}, title = {Longkit - {A} {Universal} {Framework} for {BIOS}/{UEFI} {Rootkits} in {System} {Management} {Mode}}, doi = {10/gh3729}, author = {Rauchberger, Julian and Luh, Robert and Schrittwieser, Sebastian}, year = {2017}, note = {Projekt: TARGET}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Schriftpublikation, SP IT Sec System \& Application Security, best, peer-reviewed}, } @inproceedings{luh_llr-based_2017, title = {{LLR}-based {Sentiment} {Analysis} for {Kernel} {Event} {Sequences}}, doi = {10/gh3728}, publisher = {IEEE}, author = {Luh, Robert and Schrittwieser, Sebastian and Marschalek, Stefan}, year = {2017}, note = {Projekt: TARGET}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Schriftpublikation, best, peer-reviewed}, } @inproceedings{buhov_catch_2016, title = {Catch {Me} {If} {You} {Can}! {Transparent} {Detection} {Of} {Shellcode}}, doi = {10/gh3725}, publisher = {IEEE}, author = {Buhov, Damjan and Thron, Richard and Schrittwieser, Sebastian}, year = {2016}, note = {Projekt: TARGET}, keywords = {Department Technologie, FH SP Cyber Security, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Schriftpublikation, peer-reviewed}, } @inproceedings{kim_hello_2017, title = {Hello, {Facebook}! {Here} is the stalkers' paradise!: {Design} and analysis of enumeration attack using phone numbers on {Facebook}}, doi = {10/gh3724}, author = {Kim, Jinwoo and Kim, Kuyju and Cho, Junsung and Kim, Hyoungshick and Schrittwieser, Sebastian}, year = {2017}, note = {Projekt: TARGET}, keywords = {Department Technologie, FH SP Cyber Security, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Schriftpublikation, peer-reviewed}, } @article{eresheim_evolution_2017, title = {The {Evolution} of {Process} {Hiding} {Techniques} in {Malware} – {Current} {Threats} and {Possible} {Countermeasures}}, doi = {10/gh3722}, journal = {Journal of Information Processing}, author = {Eresheim, Sebastian and Luh, Robert and Schrittwieser, Sebastian}, year = {2017}, note = {Projekt: TARGET}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Data Intelligence, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Schriftpublikation, peer-reviewed}, } @article{luh_semantics-aware_2016, title = {Semantics-aware detection of targeted attacks – {A} survey}, url = {http://link.springer.com/article/10.1007/s11416-016-0273-3}, doi = {10/gh372z}, journal = {Journal of Computer Virology and Hacking Techniques}, author = {Luh, Robert and Marschalek, Stefan and Kaiser, Manfred and Janicke, H and Schrittwieser, Sebastian}, year = {2016}, note = {Projekt: TARGET}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Schriftpublikation, best, peer-reviewed}, pages = {1--39}, } @inproceedings{mueller_security_2015, title = {Security and privacy of smartphone messaging applications}, volume = {11}, doi = {10/gh372v}, booktitle = {International {Journal} of {Pervasive} {Computing} and {Communications}}, author = {Mueller, Robin and Schrittwieser, Sebastian and Fruehwirt, Peter and Kieseberg, Peter and Weippl, Edgar}, year = {2015}, keywords = {Center for Artificial Intelligence, Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation, SP IT Sec System \& Application Security, peer-reviewed}, } @article{schrittwieser_protecting_2016, title = {Protecting software through obfuscation: {Can} it keep pace with progress in code analysis}, volume = {49}, doi = {10/gftfv5}, number = {1}, journal = {Computing Surveys}, author = {Schrittwieser, Sebastian and Katzenbeisser, S and Kinder, J and Merzdovnik, G and Weippl, Edgar}, year = {2016}, keywords = {Department Technologie, FH SP Cyber Security, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Schriftpublikation, SP IT Sec System \& Application Security, best, peer-reviewed}, } @inproceedings{kieseberg_structural_2018, address = {Ljubljana, Slovenia}, title = {Structural {Limitations} of {B}+-{Tree} forensics}, isbn = {978-1-4503-6515-4}, url = {http://dl.acm.org/citation.cfm?doid=3277570.3277579}, doi = {10/gh372c}, abstract = {Despite the importance of databases in virtually all data driven applications, database forensics is still not the thriving topic it ought to be. Many database management systems (DBMSs) structure the data in the form of trees, most notably B+-Trees. Since the tree structure is depending on the characteristics of the INSERT-order, it can be used in order to generate information on later manipulations, as was shown in a previously published approach.}, language = {en}, urldate = {2019-01-23}, booktitle = {Proceedings of the {Central} {European} {Cybersecurity} {Conference} 2018 on - {CECC} 2018}, publisher = {ACM Press}, author = {Kieseberg, Peter and Schrittwieser, Sebastian and Weippl, Edgar}, year = {2018}, keywords = {Center for Artificial Intelligence, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Vortrag, best, peer-reviewed}, pages = {1--4}, } @misc{schrittwieser_sicherheit_2019, address = {Wien}, type = {Invited {Talk}}, title = {Sicherheit von {Container}-{Virtualisierung}}, url = {https://idcitsecurity.com/2019/vienna/}, author = {Schrittwieser, Sebastian}, month = sep, year = {2019}, note = {Projekt: TARGET}, keywords = {FH SP Cyber Security, Institut für IT Sicherheitsforschung, SP IT Sec Security Management \& Privacy}, } @misc{schrittwieser_automatische_2019, address = {Börse Wien}, type = {Invited {Talk}}, title = {Automatische {Erkennung} von {Crypto}-{Mining} im {Webbrowser}}, url = {https://www.inara.at/5-symposium-wirtschafts-und-finanzkommunikation/}, author = {Schrittwieser, Sebastian}, month = jun, year = {2019}, note = {Projetkt: TARGET}, keywords = {FH SP Cyber Security, Institut für IT Sicherheitsforschung, SP IT Sec Applied Security \& Data Science}, } @misc{schrittwieser_software_2019, address = {Dagstuhl}, type = {Invited {Talk}}, title = {Software {Protection} through {Obfusction} - {Can} it keep pace with progress in code analysis?}, url = {https://www.dagstuhl.de/en/program/calendar/semhp/?semnr=19331}, author = {Schrittwieser, Sebastian}, year = {2019}, note = {Projekt: TARGET}, keywords = {FH SP Cyber Security, Institut für IT Sicherheitsforschung, SP IT Sec Applied Security \& Data Science}, } @misc{limbeck-lilienau_cryptojacking_2019, address = {FH St. Pölten}, title = {Cryptojacking – und warum ist mein {Akku} immer gleich leer?!}, author = {Limbeck-Lilienau, Barbara and Schrittwieser, Sebastian}, month = jan, year = {2019}, keywords = {FH SP Cyber Security, Institut für IT Sicherheitsforschung}, } @misc{schrittwieser_coineater:_2019, address = {Wiener Neustadt, Österreich}, title = {Coineater: {Automatisierte} {Erkennung} {Von} {Krypto}-{Mining} {Im} {Webbrowser}}, author = {Schrittwieser, Sebastian and Rauchberger, Julian and Dam, Tobias and Buhov, Damjan}, month = apr, year = {2019}, keywords = {FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Poster, SP IT Sec System \& Application Security, peer-reviewed}, } @misc{schrittwieser_regin_2015, address = {St. Pölten, Austria}, title = {Regin - {Chronologie} eines gezielten {IT}-{Angriffs}}, author = {Schrittwieser, Sebastian}, month = nov, year = {2015}, keywords = {Department Technologie, FH SP Cyber Security, Institut für IT Sicherheitsforschung, Publikationstyp Präsentation, SP IT Sec System \& Application Security}, } @misc{schrittwieser_crypto-mining_2018, address = {Fachhochschule St. Pölten}, title = {Crypto-{Mining} im {Webbrowser}}, author = {Schrittwieser, Sebastian}, month = feb, year = {2018}, keywords = {FH SP Cyber Security, Institut für IT Sicherheitsforschung, SP IT Sec System \& Application Security, Vortrag}, } @misc{schrittwieser_chancen_2018, address = {Wien}, title = {Chancen und {Potentiale} in der {IT}-{Sicherheit}}, author = {Schrittwieser, Sebastian}, month = nov, year = {2018}, } @misc{schrittwieser_trends_2018, address = {Wien}, title = {Trends in {Security} {Research}}, author = {Schrittwieser, Sebastian}, month = sep, year = {2018}, keywords = {FH SP Cyber Security, Institut für IT Sicherheitsforschung, SP IT Sec System \& Application Security, Vortrag}, } @misc{schrittwieser_sign_2017, address = {St. Pölten, Austria}, title = {Sign up with your phone number, no password to remember! – {On} the privacy risks of using phones as unique user identifiers and possible mitigations}, url = {https://itsecx.fhstp.ac.at/wp-content/uploads/2017/11/05_Schrittwieser_itsecx2017.pdf}, author = {Schrittwieser, Sebastian}, month = oct, year = {2017}, keywords = {Department Technologie, FH SP Cyber Security, Institut für IT Sicherheitsforschung, Publikationstyp Präsentation, Vortrag, Wiss. Beitrag}, } @misc{schrittwieser_josef_2018, address = {Wieselburg}, title = {Josef {Ressel} {Zentrum} {TARGET}}, author = {Schrittwieser, Sebastian}, month = nov, year = {2018}, keywords = {FH SP Cyber Security, Institut für IT Sicherheitsforschung, Vortrag}, } @misc{schrittwieser_explainable_2018, address = {Wien}, title = {Explainable {AI}}, author = {Schrittwieser, Sebastian}, month = nov, year = {2018}, keywords = {Center for Digital Health Innovation, FH SP Cyber Security, Institut für IT Sicherheitsforschung, Vortrag, Wiss. Beitrag}, } @misc{schrittwieser_chancen_2018-1, address = {Wien}, title = {Chancen und {Potentiale} in der {IT} {Sicherheit}}, author = {Schrittwieser, Sebastian}, month = mar, year = {2018}, keywords = {FH SP Cyber Security, Institut für IT Sicherheitsforschung, Keynote, Vortrag, Wiss. Beitrag}, } @misc{schrittwieser_neue_2018, address = {Wien}, title = {Neue {Herausforderungen} in der {IT} {Security}}, author = {Schrittwieser, Sebastian}, month = sep, year = {2018}, keywords = {FH SP Cyber Security, Institut für IT Sicherheitsforschung, Vortrag, Wiss. Beitrag}, } @misc{schrittwieser_mord_2018, address = {Wien}, title = {Mord im {Planetarium} - {Ein} {Ausflug} in die {Welt} der {Digitalen} {Forensik}}, author = {Schrittwieser, Sebastian and Luh, Robert}, month = apr, year = {2018}, keywords = {FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Vortrag}, } @misc{schrittwieser_security_2018, address = {Wien}, title = {Security by {Obscurity}}, author = {Schrittwieser, Sebastian}, month = may, year = {2018}, keywords = {FH SP Cyber Security, Institut für IT Sicherheitsforschung, Vortrag, Wiss. Beitrag}, } @article{kieseberg_algorithm_2014, title = {An algorithm for collusion-resistant anonymization and fingerprinting of sensitive microdata}, journal = {Special Issue on Security and Privacy in Business Networking}, author = {Kieseberg, Peter and Schrittwieser, Sebastian and Mulazzani, Martin and Echizen, Isao and Weippl, Edgar}, year = {2014}, keywords = {Center for Artificial Intelligence, Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation, SP IT Sec Security Management \& Privacy, peer-reviewed, ⛔ No DOI found}, } @inproceedings{fruehwirt_innodb_2014, title = {{InnoDB} {Datenbank} {Forensik} – {Rekonstruktion} von {Abfragen} über {Datenbank}-interne {Logfiles}}, booktitle = {{GI} {Sicherheit} 2014}, author = {Fruehwirt, Peter and Kieseberg, Peter and Hochreiner, Christoph and Schrittwieser, Sebastian and Weippl, Edgar}, year = {2014}, keywords = {Center for Artificial Intelligence, Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Präsentation, Publikationstyp Schriftpublikation, SP IT Sec System \& Application Security, peer-reviewed, ⛔ No DOI found}, } @inproceedings{beyer_towards_2014, title = {Towards {Fully} {Automated} {Digital} {Alibis} with {Social} {Interaction}}, doi = {10/gnt2vd}, booktitle = {Tenth {Annual} {IFIP} {WG} 11.9 {International} {Conference} on {Digital} {Forensics}}, author = {Beyer, Stefanie and Mulazzani, Martin and Schrittwieser, Sebastian and Huber, Markus and Weippl, Edgar}, year = {2014}, keywords = {Department Technologie, FH SP Cyber Security, Institut für IT Sicherheitsforschung, Publikationstyp Präsentation, Publikationstyp Schriftpublikation, SP IT Sec System \& Application Security, peer-reviewed}, } @inproceedings{neuner_gradually_2015, title = {Gradually {Improving} the {Forensic} {Process}}, doi = {10/gnt2t6}, booktitle = {International {Workshop} on {Cyber} {Crime} ({IWCC})}, author = {Neuner, Sebastian and Mulazzani, Martin and Schrittwieser, Sebastian and Weippl, Edgar R.}, year = {2015}, keywords = {Department Technologie, FH SP Cyber Security, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation, SP IT Sec System \& Application Security, peer-reviewed}, } @inproceedings{fadai_trust_2015, title = {Trust me, {I} am a {Root} {CA}! {Analyzing} {SSL} {Root} {CAs} in modern {Browsers} and {Operating} {Systems}}, booktitle = {International {Conference} on {Availability}, {Reliability} and {Security} ({ARES})}, author = {Fadai, Tariq and Schrittwieser, Sebastian and Kieseberg, Peter and Mulazzani, Martin}, year = {2015}, keywords = {Center for Artificial Intelligence, Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation, SP IT Sec System \& Application Security, peer-reviewed, ⛔ No DOI found}, } @inproceedings{rottermanner_privacy_2015, title = {Privacy and {Data} {Protection} in {Smartphone} {Messengers}}, doi = {10/gh3746}, booktitle = {Proceedings of the 17th {International} {Conference} on {Information} {Integration} and {Web}-based {Applications} {Services} ({iiWAS2015})}, author = {Rottermanner, C and Kieseberg, Peter and Huber, Markus and Schmiedecker, M and Schrittwieser, Sebastian}, year = {2015}, note = {Projekt: TARGET}, keywords = {Center for Artificial Intelligence, Department Technologie, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation}, }