Publications & Patents - AIT Austrian Institute Of Technology

Top Publications

Anomaly Detection & Cyber Threat Intelligence

Landauer M., Skopik F., Wurzenberger M., Hotwagner W., Rauber A. (2021): Have It Your Way: Generating Customized Log Data Sets with a Model-driven Simulation Testbed. IEEE Transactions on Reliability, Vol.70, Issue 1, pp. 402-415. IEEE.
Skopik F., Pahi T. (2020): Under false flag: Using technical artifacts for cyber attack attribution. [pdf]
Springer Cybersecurity Journal, Vol.3, Article 8. Springer.
Landauer M., Skopik F., Wurzenberger M., Rauber A. (2020): System Log Clustering Approaches for Cyber Security Applications: A Survey. [pdf] Elsevier Computers & Security Journal, Volume 92. May 2020, pp. 1-17. Elsevier.
Wurzenberger M., Höld G., Landauer M., Skopik F., Kastner W. (2020): Creating Character-based Templates for Log Data to Enable Security Event Classification. 15th ACM ASIA Conference on Computer and Communications Security (ACM Asia CCS), October 05-09, 2020, Taipei, Taiwan. ACM.
Landauer M., Skopik F., Wurzenberger M., Hotwagner W., Rauber A. (2019): A Framework for Cyber Threat Intelligence Extraction from Raw Log Data. International Workshop on Big Data Analytics for Cyber Threat Hunting (CyberHunt 2019) in conjunction with the IEEE International Conference on Big Data 2019, December 9-12, 2019, Los Angeles, CA, USA. IEEE.
Wurzenberger M., Landauer M., Skopik F., Kastner W. (2019): AECID-PG: A Tree-Based Log Parser Generator To Enable Log Analysis. 4th IEEE/IFIP International Workshop on Analytics for Network and Service Management (AnNet 2019) in conjunction with the IFIP/IEEE International Symposium on Integrated Network Management (IM), April 8, 2019, Washington D.C., USA. IEEE.
Skopik F., Pahi T., Leitner M.: Cyber Situational Awareness in Public-Private-Partnerships: Organisationsübergreifende Cyber-Sicherheitsvorfälle effektiv bewältigen, Springer, 2018, ISBN: 978-3-662-56083-9.
Landauer M., Wurzenberger M., Skopik F., Settanni G., Filzmoser P. (2018): Dynamic Log File Analysis: An Unsupervised Cluster Evolution Approach for Anomaly Detection. Elsevier Computers & Security Journal, Volume 79. November 2018, pp. 94-116. Elsevier.
Skopik F.: Collaborative Cyber Threat Intelligence: Detecting and Responding to Advanced Cyber Attacks at the National Level, CRC Press, 2017, ISBN: 978-1-13-803182-1.
Settanni G., Skopik F. et al. (2017): A collaborative cyber incident management system for European interconnected critical infrastructures. Elsevier Journal of Information Security and Applications (JISA), Volume 34 Part 2, June 2017, pp. 166-182. Elsevier.
Wurzenberger M., Skopik F., Landauer M., Greitbauer P., Fiedler R., Kastner W. (2017): Incremental Clustering for Semi-Supervised Anomaly Detection applied on Log Data. 12th International Conference on Availability, Reliability and Security (ARES), August 29 - September 01, 2017, Reggio Calabria, Italy. ACM.
Skopik F., Settanni G., Fiedler R. (2016): A Problem Shared is a Problem Halved: A Survey on the Dimensions of Collective Cyber Defense through Security Information Sharing. Elsevier Computers & Security Journal, Volume 60. July 2016, pp. 154-176. Elsevier.
Friedberg I., Skopik F., Settanni G., Fiedler R. (2015): Combating Advanced Persistent Threats: From Network Event Correlation to Incident Detection. Elsevier Computers & Security Journal, Volume 48, pp. 35-57. Elsevier.

Cyber-Physical Systems

Piatkowska E., Gavriluta C., Smith P. and Andrén F. P. , "Online Reasoning about the Root Causes of Software Rollout Failures in the Smart Grid," 2020 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm), Tempe, AZ, USA, 2020, pp. 1-7, doi: 10.1109/SmartGridComm47815.2020.9303005.
Reuter L., Jung O. and Magin J., "Neural network based anomaly detection for SCADA systems," 2020 23rd Conference on Innovation in Clouds, Internet and Networks and Workshops (ICIN), Paris, France, 2020, pp. 194-201, doi: 10.1109/ICIN48450.2020.9059436.
Friedberg I., Hong X., Mclaughlin K., Smith P., Miller P.C.: "Evidential Network Modeling for Cyber-Physical System State Inference," IEEE Access, vol. 5, pp. 17149-17164, 2017.
Friedberg I., McLaughlin K., Smith P., Laverty D., Sezer S.: "STPA-SafeSec: Safety and security analysis for cyber-physical systems," Journal of Information Security and Applications, vol. 34, no. 2, pp. 183-196, June 2017.
Langer L., Skopik F., Smith P., Kammerstetter M.: "From old to new: Assessing cybersecurity risks for an evolving smart grid," Computers & Security, vol. 62, pp. 165-176, Sep. 2016.
Paudel S., Smith P., Zseby T.: “Stealthy Attacks on Smart Grid PMU State Estimation,” 13th International Conference on Availability, Reliability and Security (ARES 2018), Hamburg, Germany, August 2018, Article 16, 10 pages. DOI: https://doi.org/10.1145/3230833.3230868

Cyber Range & Training

Kucek S., & Leitner M. (2020). An Empirical Survey of Functions and Configurations of Open-Source Capture the Flag (CTF) Environments. Journal of Network and Computer Applications, 151, 102470. https://doi.org/10.1016/j.jnca.2019.102470
Leitner M., Frank M., Hotwagner W., Langner G., Maurhart O., Pahi T., Reuter L., Skopik F., Smith P., & Warum M. (2020). AIT Cyber Range: Flexible Cyber Security Environment for Exercises, Training and Research. Proceedings of the European Interdisciplinary Cybersecurity Conference, 1–6. https://doi.org/10.1145/3424954.3424959
Teuffenbach M., Piatkowska E., Smith P.: “Subverting Network Intrusion Detection: Crafting Adversarial Examples Accounting for Domain-Specific Constraints,” International IFIP Cross Domain (CD) Conference for Machine Learning & Knowledge Extraction (MAKE) 2020, Online Event, pp. 301-320, 2020.
Kucek S. and Leitner M., “Training the Human-in-the-Loop in Industrial Cyber Ranges,” in Proceedings of the 1st European Advances in Digital Transformation Conference 2018, 2018.
Skopik F., Páhi T. and Leitner M., Eds., Cyber Situational Awareness in Public-Private-Partnerships: Organisationsübergreifende Cyber-Sicherheitsvorfälle effektiv bewältigen. Springer Vieweg, 2018.
Frank M., Leitner M. and Pahi T., “Design Considerations for Cyber Security Testbeds: A Case Study on a Cyber Security Testbed for Education,” in 2017 IEEE 15th Intl Conf on Dependable, Autonomic and Secure Computing, 15th Intl Conf on Pervasive Intelligence and Computing, 3rd Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress(DASC/PiCom/DataCom/CyberSciTech), 2017, pp. 38–46.
Leitner M., Pahi T. and Skopik F., “Situational Awareness for Strategic Decision Making on a National Level,” in Collaborative Cyber Threat Intelligence, F. Skopik, Ed. CRC Press, 2017, pp. 225–276.

Cryptography

Derler D., Gellert K., Jager T., Slamanig D., Striecks C., “Bloom Filter Encryption and Applications to Efficient Forward-Secret Key Exchange”, Journal of Cryptology 2021.
Cini V., Ramacher S., Slamanig D., Striecks C., “CCA-Secure (Puncturable) KEMs from Encryption with Non-Negligible Decryption Errors”, ASIACRYPT 2020.
Abdolmaleki B., Ramacher S., Slamanig D., “Lift-and-Shift: Obtaining Simulation Extractable Subversion and Updatable SNARKs Generically”, ACM CCS 2020.
Derler D., Samelin K., Slamanig D., Striecks Ch. Fine-Grained and Controlled Rewriting in Blockchains: Chameleon-Hashing Gone Attribute-Based. In Proc. NDSS 2019
Derler D., Jager T., Slamanig D., Striecks Ch. Bloom Filter Encryption and Applications to Efficient Forward-Secret Key Exchange. In Proc. EUROCRYPT 2018
Derler D., Krenn S., Lorünser T., Ramacher S., Slamanig D., Striecks Ch. Revisiting Proxy Re-encryption: Forward Secrecy, Improved Security, and Applications. In Proc. PKC 2018
Stangl J., Lorünser T., Manoj Pudukotai Dinakarrao S. A fast and resource efficient FPGA implementation of secret sharing for storage applications. In Proc. DATE 2018
Krenn S., Lorünser T., Salzer A., Striecks Ch. Towards Attribute-Based Credentials in the Cloud. In Proc. CANS 2017
Chase M., Derler D., Goldfeder S., Orlandi C., Ramacher S., Rechberger Ch., Slamanig D., Zaverucha G.: Post Quantum Zero-Knowledge and Signatures from Symmetric-Key Primitives. ACM Conference on Computer and Communications Security 2017
Pacher Ch., Abidin A., Lorünser T., Peev M., Ursin R., Zeilinger A., Larsson J.:, Attacks on quantum key distribution protocols that employ non-ITS authentication. In Quantum Information Processing 15(1) 2016

Pentesting

B. Aichernig, H. Brandl, E. Jöbstl, W. Krenn, R. Schlick, and S. Tiran, “MoMuT::UML model-based mutation testing for UML,” in Software testing, verification and validation (icst), 2015 ieee 8th international conference on, 2015, pp. 1-8.
P. Daca, T. A. Henzinger, W. Krenn, and D. Ničković, “Compositional specifications for ioco testing,” in Software testing, verification and validation (icst), seventh international conference on, 2014, pp. 373-382.
B. K. Aichernig, K. Hörmaier, F. Lorber, D. Ničković, R. Schlick, D. Simoneau, and S. Tiran, “Integration of Requirements Engineering and Test-Case Generation via OSLC,” in Qsic ’14: proceedings of the 2014 14th international conference on quality software, Dallas, USA, 2014, p. 117–126.
B. K. Aichernig, K. Hörmaier, and F. Lorber, “Debugging with timed automata mutations,” in Computer safety, reliability, and security, A. Bondavalli and F. Di Giandomenico, Eds., Springer International Publishing, 2014, vol. 8666, pp. 49-64.
B. K. Aichernig, E. Jöbstl, and S. Tiran, “Model-based mutation testing via symbolic refinement checking,” Science of computer programming, 2014.
B. K. Aichernig, H. Brandl, E. Jöbstl, W. Krenn, R. Schlick, and S. Tiran, “Killing strategies for model-based mutation testing,” Software testing, verification and reliability, p. n/a–n/a, 2014.
B. K. Aichernig, J. Auer, E. Jöbstl, R. Korošec, W. Krenn, R. Schlick, and B. V. Schmidt, “Model-based mutation testing of an industrial measurement device,” in Tests and proofs, M. Seidl and N. Tillmann, Eds., Springer International Publishing, 2014, vol. 8570, p. 1–19.
W. Krenn, D. Ničković, and L. Tec, “Incremental language inclusion checking for networks of timed automata,” in Formal modeling and analysis of timed systems, V. Braberman and L. Fribourg, Eds., Springer Berlin Heidelberg, 2013, vol. 8053, pp. 152-167.
W. Krenn, R. Schlick, and B. K. Aichernig, “Mapping UML to labeled transition systems for test-case generation: a translation via object-oriented action systems,” in Proceedings of the 8th international conference on formal methods for components and objects, Berlin, Heidelberg, 2010, p. 186–207.
B. K. Aichernig, H. Brandl, and W. Krenn, “Qualitative action systems,” in Formal methods and software engineering, D. Hutchison, T. Kanade, J. Kittler, J. M. Kleinberg, F. Mattern, J. C. Mitchell, M. Naor, O. Nierstrasz, C. Pandu Rangan, B. Steffen, M. Sudan, D. Terzopoulos, D. Tygar, M. Y. Vardi, G. Weikum, K. Breitman, and A. Cavalcanti, Eds., Berlin, Heidelberg: Springer Berlin Heidelberg, 2009, vol. 5885, p. 206–225.

Risk Management

Schmittner, C., Latzenhofer, M., Abdelkader, S., & Hofer, M. (2018). A Proposal for a Comprehensive Automotive Cybersecurity Reference Architecture. VEHICULAR 2018, The Seventh International Conference on Advances in Vehicular Systems, Technologies and Applications, 30–36. https://www.thinkmind.org/download.php?articleid=vehicular_2018_3_10_30004
Schmittner, C., Latzenhofer, M., Shaaban, A. M., Bonitz, A., & Hofer, M. (2019). Towards a Comprehensive Automotive Cybersecurity Reference Architecture. International Journal of Advanced Computer Science and Applications, 12(no 1 & 2), 1–12.
Vogt T., Spahovic E., Doms T., Seyer R., Weiskirchner H., Pollhammer K., Raab T., Rührup S., Latzenhofer M., Schmittner C., Hofer M., Bonitz A., Kloibhofer C., Chlup S.: „A Comprehensive Risk Management Approach to Information Security in Intelligent Transport Systems”, SAE International Journal of Transportation Cybersecurity and Privacy, (2021)
Schauer S., Grafenauer T., König S., Warum M. and Rass S., “Estimating Cascading Effects in Cyber-Physical Critical Infrastructures”, in The 14th International Conference on Critical Information Infrastructures Security, Linköping, Sweden, 2019
König S. and Schauer S., “Cascading Threats in Critical Infrastructures with Control Systems”, in Proceedings of ISCRAM 2019, Valencia, Spain, 2019
Grafenauer T., König S., Rass S. and Schauer S., „A Simulation Tool for Cascading Effects in Interdependent Critical Infrastructures“, in Proceedings of the 13th International Conference on Availability, Reliability and Security - ARES 2018, Hamburg, Germany, 2018, S. 1–8.
König S. and Rass S., „Stochastic Dependencies Between Critical Infrastructures“, in SECURWARE 2017, The Eleventh International Conference on Emerging Security Information, Systems and Technologies, Rome, Italy, 2017, S. 106–110.
Schauer S., König S., Latzenhofer M., Rass S. and Grafenauer T., „Analyzing Cascading Effects among Critical Infrastructures : The CERBERUS Approach“, in Proceedings of ISCRAM 2018, Rochester, USA, 2018.

Patents

Anomaly Detection & Cyber Threat Intelligence

Landauer M., Skopik F., Wurzenberger M. (2020): A51010/2020 – Verfahren zur Klassifizierung von anomalen Betriebszuständen eines Computersystems (“AlertAggregation AT”), Austrian Patent pending, November 2020.
Höld G., Landauer M., Wurzenberger M.,Skopik F. (2020): A50741/2020 – Verfahren zur Detektion von anomalen Betriebszuständen eines Computersystems (“Variable Correlation Detector AT”), Austrian Patent pending, September 2020.
Höld G., Wurzenberger M., Landauer M., Skopik F. (2020): A50642/2020 – Verfahren zur Detektion von anomalen Betriebszuständen eines Computersystems (“Variable Type Detector AT”), Austrian Patent pending, July 2020.
Wurzenberger M., Höld G., Landauer M., Skopik F. (2020): EP20160854.4 – Verfahren zur Charakterisierung des Betriebszustands eines Computersystems (“Cluster Templates EP”), European Patent pending, March 2020.
Wurzenberger M., Landauer M., Skopik F., Fiedler R. (2019): EP19169705.1 – Verfahren zur Charakterisierung des Zustands eines Computersystems (“Grammatikerkennung EP”), European Patent pending, April 2019.
Wurzenberger M., Höld G., Landauer M., Skopik F. (2019): A50285/2019 – Verfahren zur Charakterisierung des Betriebszustands eines Computersystems (“Cluster Templates AT”), Austrian Patent pending, April 2019.
Landauer M., Skopik F., Wurzenberger M. (2019): EP3528162 – Method for recognizing abnormal operational states (“Time Series Analysis EP”), European Patent granted, January 2019.
Wurzenberger M., Landauer M., Skopik F., Fiedler R. (2018): A50461/2018 – Verfahren zur Charakterisierung des Zustands eines Computersystems (“Grammatikerkennung AT”), Austrian Patent pending, June 2018.
Wurzenberger M., Skopik F. (2018): EP18160444.8 – Method for detecting normal operating states in a working process (“Maschinendatensaetze EP”), European Patent pending, March 2018.
Landauer M., Skopik F., Wurzenberger M. (2018): A50156/2018 (AT 520.746) – Verfahren zur Erkennung von anormalen Betriebszuständen (engl.: Method for detecting anormal operating states) (“Time Series Analysis AT”), Austrian Patent granted, February 2018.
Fiedler R., Skopik F., Wurzenberger M. (2017): EP3267625 – Method for detecting anomolous states in a computer network (“Bioclustering EP”), European Patent granted, July 2017.
Wurzenberger M., Skopik F. (2017): A50233/2017 (AT 519.777) – Verfahren zur Erkennung des normalen Betriebszustands eines Arbeitsprozesses (engl.: Method for detecting normal operating states in a working process) (“Maschinendatensaetze AT”), Austrian Patent granted, March 2017.
Fiedler R., Skopik F., Wurzenberger M. (2016): A50601/2016 (AT 518.805) – Verfahren zur Detektion von anomalen Zuständen in einem Computernetzwerk (engl.: Method for detecting anomolous states in a computer network) (“Bioclustering AT”), Austrian Patent granted, July 2016.
Skopik F., Fiedler R. (2014): EP2800307 - Method for detecting deviations from a given standard state ("AECID EP"), European Patent granted, April 2014.
Skopik F., Fiedler R. (2013): AT 514215 (A50292/2013) - Verfahren zur Feststellung von Abweichungen von einem vorgegebenen Normalzustand (engl.: Method for detecting deviations from a given standard state) ("AECID AT"), Austrian Patent granted, April 2013.

Cryptography

Lorünser T., Krenn S., Schrenk B., Pacher Ch. A method for creating and distributing cryptographic keys. AT519476B1, 2017
Krenn S., Lorünser T. Method for testing the availability and integrity of a distributed data stored object. AT518910B1, 2016
Krenn S., Lorünser T., Striecks Ch. Method for exchanging data fields of certified documents. AT519025B1, 2016