Slideshow Image 1 Slideshow Image 3 Slideshow Image 4 Slideshow Image 5 Slideshow Image 7 Slideshow Image 8 Slideshow Image 9 Slideshow Image 10 Slideshow Image 11 Slideshow Image 15 Slideshow Image 16 Slideshow Image 17 Slideshow Image 18 Slideshow Image 20 Slideshow Image 23 Slideshow Image 24 Slideshow Image 25 Slideshow Image 26 Slideshow Image 27 Slideshow Image 28 Slideshow Image 29 Slideshow Image 30 Slideshow Image 31 Slideshow Image 32 Slideshow Image 33

Project Overview

Main Idea

With the increasing convergence of communication to IP-based networks, dynamic and adaptive protection against security threats becomes a critical requirement. Unfortunately, convergent communication is characterized by complex network protocols, heterogeneous infrastructures and a multitude of user devices. Today's security instruments fail to cope with this diversity; communication services as well as clients regularly fall victim to network attacks and malicious software.

The project PROSEC aims at establishing a holistic protection for convergent communication. This protection builds on three layers: (a) the protection of services, (b) the protection of devices, and (c) the adaptive monitoring of the infrastructure. The following figure shows these three layers. Information about current threats are collected using dynamic decoys and analysed with machine learning for automatically identifying novel threats. As a result, a proactive protection can be established that adapts to changing trends in communication and attack development.

Overview

Proactive Protection of Services

The first goal is the development of techniques for protecting communication services, e.g. services for Internet Telephony (VoIP) and Internet Television (IPTV). These services use variable and changing protocols. Thus, there is a need for methods capable of automatically learning structures of protocols to mimic their functionality and to bait attacks ("Honey Services"). These electronic decoys facilitate the development of a proactive attack detection, which automatically analyzes the collected data for identifying and stopping upcoming threats.

Proactive Protection of Devices

The second goal of the project is the development of methods for the protection of end user devices, like IP telephones, smartphones and mobile computers. The diversity and multitude of these devices makes threat detection from within the devices difficult. Hence, attacks need to be fend off before reaching the devices. To this end, techniques from machine learning are applied for analysis of mobile applications and communication content. In combination with electronic decoys ("Honey Devices"), they also contribute to the proactive protection of communication.

Adaptive Monitoring

Besides services and end user devices, the infrastructure itself can be a target of possible attacks. The third goal is thus the analysis and detection of global security problems within the infrastructure. To reach this objective, robust methods for dynamic and adaptive monitoring are developed that operate under locally and temporally fluctuating traffic. Based on the monitored data and observations of the electronic decoys, an automated threat analysis and early warning can be conducted, permitting the identification and visualization of security breaches and anomalies within the infrastructure.