Eugen Staab

Runtime Monitoring and Dynamic Reconfiguration for Intrusion Detection Systems

Our work proposes a generic architecture for runtime monitoring and optimization of IDS based on the challenge insertion. The challenges, known instances of malicious or legitimate behavior, are inserted into the network traffic represented by NetFlow records, processed with the current traffic and the systems response to the challenges is used to determine its effectiveness and to fine-tune its parameters. The insertion of challenges is based on the threat models expressed as attack trees with attached risk/loss values. The use of threat model allows the system to measure the expected undetected loss and to improve its performance with respect to the relevant threats, as we have verified in the experiments performed on live network traffic.

Combining Cognitive with Computational Trust Reasoning

We propose a concept that combines the cognitive with the computational approaches to experience-based trust reasoning. We emphasize that a cognitive component is vital for computationally modeling trust. At the same time, we recognize the predictive nature of trust. This suggests a combination of the different approaches. The idea is to introduce a cognitive component that produces factual positive and factual negative experiences. These experiences can then be used in a predictive component to estimate the future behavior of an agent. The components are combined in a modular way which allows the replacement of them independently. It further facilitates the integration of already existing trust update algorithms. In this work, we analyze the chain of trust processing for the concept step by step. This results in a concise survey on challenges for experience-based trust models.

Threat-model-driven runtime adaptation and evaluation of intrusion detection system

We present a mechanism for autonomous self-adaptation of a network-based intrusion detection system (IDS). The system is composed of a set of cooperating agents, each of which is based on an existing network behavior analysis method. The self adaptation mechanism is based on the insertion of a small number of challenges, i.e. known instances of past legitimate or malicious behavior. The response of individual system components to these challenges is used to measure and eventually optimize the system performance in terms of accuracy. In this work we show how to choose the challenges in a way such that the IDS attaches more importance to the detection of attacks that cause much damage.

Tuning Evidence-Based Trust Models

Many evidence-based trust models require the adjustment of parameters such as aging- or exploration-factors. What the literature often does not address is the systematic choice of these parameters. In our work, we propose a generic procedure for finding trust model parameters that maximize the expected utility to the trust model user. The procedure is based on gametheoretic considerations and uses a genetic algorithm to cope with the vast number of possible attack strategies. To demonstrate the feasibility of the approach, we apply our procedure to a concrete trust model and optimize the parameters of this model.

Formalizing Excusableness of Failures in Multi-Agent Systems

To estimate how much an agent can be trusted, its trustworthiness needs to be assessed. Usually, poor performance of an agent leads to a decrease of trust in that agent. This is not always reasonable. If the environment interferes with the performance, the agent is possibly not to blame for the failure. We examine which failures can be called excusable and hence must not be seen as bad performances. Knowledge about these failures makes assessments of trustworthiness more accurate. In order to approach a formal definition of excusableness , we introduce a generic formalism for describing environments of Multi-Agent Systems. This formalism provides a basis for the definition of environmental interference . We identify the remaining criteria for excusableness and give a formal definition for it. Our analysis reveals that environmental interference and a strong commitment of the performing agent do not suffice to make a failure excusable .

On the profitability of incompetence

The exchange of information is in many multi-agent systems the essential form of interaction. For this reason, it is crucial to keep agents from providing unreliable information. However, agents that provide information have to balance between being highly competent, in order to achieve a good reputation as information provider, and staying incompetent, in order to minimize the costs of information acquisition. In this paper, we use a multi-agent simulation to identify conditions under which it is profitable for agents either to make an investment to become competent, or to economize and stay incompetent. We focus on the case where the quality of the acquired information cannot objectively be assessed in any immediate way and where hence the information end users have to rely on secondary methods for assessing the quality of the information itself, as well as the trustworthiness of those who provide it.

Unlinkable Communication

In this paper we present a protocol for unlinkable communication, i.e. where an attacker cannot map the sender and receiver node of a communication. Existing anonymity protocols either do not guarantee unlinkability (e.g. Tor and Mix networks), or produce huge overhead -- the dining cryptographers network causes quadratic number of messages. Our protocol needs only a linear number of messages while it still guarantees unlinkability. We introduce a measure of unlinkability and show that our protocol offers the highest possible degree of unlinkability. We show how to use the protocol in practice by adapting it to Internet and ad hoc communication.