% % This file was created by the TYPO3 extension % bib % --- Timezone: UTC % Creation date: 2024-11-21 % Creation time: 11-46-00 % --- Number of references % 23 % @Inproceedings { 2025_vansloun_ransomwareio, title = {Detecting Ransomware Despite I/O Overhead: A Practical Multi-Staged Approach}, year = {2025}, month = {2}, publisher = {Internet Society}, booktitle = {Proceedings of the 22nd Annual Network and Distributed System Security Symposium (NDSS '25), February 24–28, 2025, San Diego, CA, USA}, event_place = {San Diego, CA, USA}, event_name = {Network and Distributed System Security Symposium}, event_date = {February 24–28, 2025}, state = {accepted}, ISBN = {978-1-891562-93-8}, reviewed = {1}, author = {van Sloun, Christian and Woeste, Vincent and Wolsing, Konrad and Pennekamp, Jan and Wehrle, Klaus} } @Inproceedings { 2024-wolsing-deployment, title = {Deployment Challenges of Industrial Intrusion Detection Systems}, year = {2024}, month = {9}, abstract = {With the escalating threats posed by cyberattacks on Industrial Control Systems (ICSs), the development of customized Industrial Intrusion Detection Systems (IIDSs) received significant attention in research. While existing literature proposes effective IIDS solutions evaluated in controlled environments, their deployment in real-world industrial settings poses several challenges. This paper highlights two critical yet often overlooked aspects that significantly impact their practical deployment, i.e., the need for sufficient amounts of data to train the IIDS models and the challenges associated with finding suitable hyperparameters, especially for IIDSs training only on genuine ICS data. Through empirical experiments conducted on multiple state-of-the-art IIDSs and diverse datasets, we establish the criticality of these issues in deploying IIDSs. Our findings show the necessity of extensive malicious training data for supervised IIDSs, which can be impractical considering the complexity of recording and labeling attacks in actual industrial environments. Furthermore, while other IIDSs circumvent the previous issue by requiring only benign training data, these can suffer from the difficulty of setting appropriate hyperparameters, which likewise can diminish their performance. By shedding light on these challenges, we aim to enhance the understanding of the limitations and considerations necessary for deploying effective cybersecurity solutions in ICSs, which might be one reason why IIDSs see few deployments.}, keywords = {Industrial Intrusion Detection Systems, Cyber-Physical Systems, Industrial Control Systems, Deployment}, web_url = {https://arxiv.org/pdf/2403.01809}, publisher = {Springer}, booktitle = {Proceedings of the 10th Workshop on the Security of Industrial Control Systems \& of Cyber-Physical Systems (CyberICPS '24), co-located with the the 29th European Symposium on Research in Computer Security (ESORICS '24)}, event_place = {Bydgoszcz, Poland}, event_name = {10th Workshop on the Security of Industrial Control Systems \& of Cyber-Physical Systems (CyberICPS 2024)}, event_date = {September 16-20, 2024}, state = {accepted}, language = {English}, reviewed = {1}, author = {Wolsing, Konrad and Wagner, Eric and Basels, Frederik and Wagner, Patrick and Wehrle, Klaus} } @Inproceedings { 2024-saillard-exploring, title = {Exploring Anomaly Detection for Marine Radar Systems}, year = {2024}, month = {9}, abstract = {Marine radar systems are a core technical instrument for collision avoidance in shipping and an indispensable decision-making aid for navigators on the ship’s bridge in limited visibility conditions at sea, in straits, and harbors. While electromagnetic attacks against radars can be carried out externally, primarily by military actors, research has recently shown that marine radar is also vulnerable to attacks from cyberspace. These can be carried out internally, less “loudly”, and with significantly less effort and know-how, thus posing a general threat to the shipping industry, the global maritime transport system, and world trade. Based on cyberattacks discussed in the scientific community and a simulation environment for marine radar systems, we investigate in this work to which extent existing Intrusion Detection System (IDS) solutions can secure vessels’ radar systems, how effective their detection capability is, and where their limits lie. From this, we derive a research gap for radar-specific methods and present the first two approaches in that direction. Thus, we pave the way for necessary future developments of anomaly detection specific for marine navigation radars.}, keywords = {Marine Radar Systems, Maritime Cyber Security, Intrusion Detection Systems, Anomaly Detection, Navico BR24}, publisher = {Springer}, booktitle = {Proceedings of the 10th Workshop on the Security of Industrial Control Systems \& of Cyber-Physical Systems (CyberICPS '24), co-located with the the 29th European Symposium on Research in Computer Security (ESORICS '24)}, event_place = {Bydgoszcz, Poland}, event_name = {10th Workshop on the Security of Industrial Control Systems \& of Cyber-Physical Systems (CyberICPS 2024)}, event_date = {September 16-20, 2024}, state = {accepted}, language = {English}, reviewed = {1}, author = {Saillard, Antoine and Wolsing, Konrad and Wehrle, Klaus and Bauer, Jan} } @Inproceedings { 2024-basels-demo, title = {Demo: Maritime Radar Systems under Attack. Help is on the Way!}, year = {2024}, abstract = {For a long time, attacks on radar systems were limited to military targets. With increasing interconnection, cyber attacks have nowadays become a serious complementary threat also affecting civil radar systems for aviation traffic control or maritime navigation. Hence, operators need to be enabled to detect and respond to cyber attacks and must be supported by defense capabilities. However, security research in this domain is only just beginning and is hampered by a lack of adequate test and development environments. In this demo, we thus present a maritime Radar Cyber Security Lab (RCSL) as a holistic framework to identify vulnerabilities of navigation radars and to support the development of defensive solutions. RCSL offers an offensive tool for attacking navigation radars and a defensive module leveraging network-based anomaly detection. In our demonstration, we will showcase the radars’ vulnerabilities in a simulative environment and demonstrate the benefit of an application-specific Intrusion Detection System.}, publisher = {IEEE}, booktitle = {Proceedings of the 2023 IEEE 48th Conference on Local Computer Networks (LCN)}, event_place = {Caen, Normandy, France}, event_date = {October 8-10, 2024}, state = {accepted}, reviewed = {1}, author = {Basels, Frederik and Wolsing, Konrad and Padilla, Elmar and Bauer, Jan} } @Article { 2023_lamberts_metrics-sok, title = {SoK: Evaluations in Industrial Intrusion Detection Research}, journal = {Journal of Systems Research}, year = {2023}, month = {10}, day = {31}, volume = {3}, number = {1}, abstract = {Industrial systems are increasingly threatened by cyberattacks with potentially disastrous consequences. To counter such attacks, industrial intrusion detection systems strive to timely uncover even the most sophisticated breaches. Due to its criticality for society, this fast-growing field attracts researchers from diverse backgrounds, resulting in 130 new detection approaches in 2021 alone. This huge momentum facilitates the exploration of diverse promising paths but likewise risks fragmenting the research landscape and burying promising progress. Consequently, it needs sound and comprehensible evaluations to mitigate this risk and catalyze efforts into sustainable scientific progress with real-world applicability. In this paper, we therefore systematically analyze the evaluation methodologies of this field to understand the current state of industrial intrusion detection research. Our analysis of 609 publications shows that the rapid growth of this research field has positive and negative consequences. While we observe an increased use of public datasets, publications still only evaluate 1.3 datasets on average, and frequently used benchmarking metrics are ambiguous. At the same time, the adoption of newly developed benchmarking metrics sees little advancement. Finally, our systematic analysis enables us to provide actionable recommendations for all actors involved and thus bring the entire research field forward.}, tags = {internet-of-production, rfc}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-lamberts-metrics-sok.pdf}, publisher = {eScholarship Publishing}, ISSN = {2770-5501}, DOI = {10.5070/SR33162445}, reviewed = {1}, author = {Lamberts, Olav and Wolsing, Konrad and Wagner, Eric and Pennekamp, Jan and Bauer, Jan and Wehrle, Klaus and Henze, Martin} } @Inproceedings { 2023-wagner-lcn-repel, title = {Retrofitting Integrity Protection into Unused Header Fields of Legacy Industrial Protocols}, year = {2023}, month = {10}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-wagner-repel.pdf}, publisher = {IEEE}, booktitle = {48th IEEE Conference on Local Computer Networks (LCN), Daytona Beach, Florida, US}, event_place = {Daytona Beach, Florida, US}, event_name = {IEEE Conference on Local Computer Networks (LCN)}, event_date = {Oktober 1-5, 2023}, state = {accepted}, language = {en}, reviewed = {1}, author = {Wagner, Eric and Rothaug, Nils and Wolsing, Konrad and Bader, Lennart and Wehrle, Klaus and Henze, Martin} } @Inproceedings { 2023-wolsing-xluuvlab, title = {XLab-UUV – A Virtual Testbed for Extra-Large Uncrewed Underwater Vehicles}, year = {2023}, month = {10}, abstract = {Roughly two-thirds of our planet is covered with water, and so far, the oceans have predominantly been used at their surface for the global transport of our goods and commodities. Today, there is a rising trend toward subsea infrastructures such as pipelines, telecommunication cables, or wind farms which demands potent vehicles for underwater work. To this end, a new generation of vehicles, large and Extra-Large Unmanned Underwater Vehicles (XLUUVs), is currently being engineered that allow for long-range, remotely controlled, and semi-autonomous missions in the deep sea. However, although these vehicles are already heavily developed and demand state-of-the-art communi- cation technologies to realize their autonomy, no dedicated test and development environments exist for research, e.g., to assess the implications on cybersecurity. Therefore, in this paper, we present XLab-UUV, a virtual testbed for XLUUVs that allows researchers to identify novel challenges, possible bottlenecks, or vulnerabilities, as well as to develop effective technologies, protocols, and procedures.}, keywords = {Maritime Simulation Environment, XLUUV, Cyber Range, Autonomous Shipping, Operational Technology}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-wolsing-xluuvlab.pdf}, publisher = {IEEE}, booktitle = {1st IEEE LCN Workshop on Maritime Communication and Security (MarCaS)}, event_place = {Daytona Beach, Florida, USA}, event_name = {1st IEEE LCN Workshop on Maritime Communication and Security (MarCaS)}, event_date = {Oktober 1-5, 2023}, state = {accepted}, language = {en}, DOI = {10.1109/LCN58197.2023.10223405}, reviewed = {1}, author = {Wolsing, Konrad and Saillard, Antoine and Padilla, Elmar and Bauer, Jan} } @Inproceedings { 2023_wolsing_ensemble, title = {One IDS is not Enough! Exploring Ensemble Learning for Industrial Intrusion Detection}, year = {2023}, month = {9}, day = {25}, volume = {14345}, pages = {102-122}, abstract = {Industrial Intrusion Detection Systems (IIDSs) play a critical role in safeguarding Industrial Control Systems (ICSs) against targeted cyberattacks. Unsupervised anomaly detectors, capable of learning the expected behavior of physical processes, have proven effective in detecting even novel cyberattacks. While offering decent attack detection, these systems, however, still suffer from too many False-Positive Alarms (FPAs) that operators need to investigate, eventually leading to alarm fatigue. To address this issue, in this paper, we challenge the notion of relying on a single IIDS and explore the benefits of combining multiple IIDSs. To this end, we examine the concept of ensemble learning, where a collection of classifiers (IIDSs in our case) are combined to optimize attack detection and reduce FPAs. While training ensembles for supervised classifiers is relatively straightforward, retaining the unsupervised nature of IIDSs proves challenging. In that regard, novel time-aware ensemble methods that incorporate temporal correlations between alerts and transfer-learning to best utilize the scarce training data constitute viable solutions. By combining diverse IIDSs, the detection performance can be improved beyond the individual approaches with close to no FPAs, resulting in a promising path for strengthening ICS cybersecurity.}, note = {Lecture Notes in Computer Science (LNCS), Volume 14345}, keywords = {Intrusion Detection; Ensemble Learning; ICS}, tags = {internet-of-production, rfc}, url = {https://jpennekamp.de/wp-content/papercite-data/pdf/wkw+23.pdf}, publisher = {Springer}, booktitle = {Proceedings of the 28th European Symposium on Research in Computer Security (ESORICS '23), September 25-29, 2023, The Hague, The Netherlands}, event_place = {The Hague, The Netherlands}, event_name = {28th European Symposium on Research in Computer Security (ESORICS '23)}, event_date = {September 25-29, 2023}, ISBN = {978-3-031-51475-3}, ISSN = {0302-9743}, DOI = {10.1007/978-3-031-51476-0_6}, reviewed = {1}, author = {Wolsing, Konrad and Kus, Dominik and Wagner, Eric and Pennekamp, Jan and Wehrle, Klaus and Henze, Martin} } @Inproceedings { 2022_kus_ensemble, title = {Poster: Ensemble Learning for Industrial Intrusion Detection}, year = {2022}, month = {12}, day = {8}, number = {RWTH-2022-10809}, abstract = {Industrial intrusion detection promises to protect networked industrial control systems by monitoring them and raising an alarm in case of suspicious behavior. Many monolithic intrusion detection systems are proposed in literature. These detectors are often specialized and, thus, work particularly well on certain types of attacks or monitor different parts of the system, e.g., the network or the physical process. Combining multiple such systems promises to leverage their joint strengths, allowing the detection of a wider range of attacks due to their diverse specializations and reducing false positives. We study this concept's feasibility with initial results of various methods to combine detectors.}, tags = {rfc}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-kus-ensemble-poster.pdf}, publisher = {RWTH Aachen University}, booktitle = {38th Annual Computer Security Applications Conference (ACSAC '22), December 5-9, 2022, Austin, TX, USA}, institution = {RWTH Aachen University}, event_place = {Austin, TX, USA}, event_name = {38th Annual Computer Security Applications Conference (ACSAC '22)}, event_date = {December 5-9, 2022}, DOI = {10.18154/RWTH-2022-10809}, reviewed = {1}, author = {Kus, Dominik and Wolsing, Konrad and Pennekamp, Jan and Wagner, Eric and Henze, Martin and Wehrle, Klaus} } @Inproceedings { 2022-wolsing-ipal, title = {IPAL: Breaking up Silos of Protocol-dependent and Domain-specific Industrial Intrusion Detection Systems}, year = {2022}, month = {10}, day = {26}, abstract = {The increasing interconnection of industrial networks exposes them to an ever-growing risk of cyber attacks. To reveal such attacks early and prevent any damage, industrial intrusion detection searches for anomalies in otherwise predictable communication or process behavior. However, current efforts mostly focus on specific domains and protocols, leading to a research landscape broken up into isolated silos. Thus, existing approaches cannot be applied to other industries that would equally benefit from powerful detection. To better understand this issue, we survey 53 detection systems and find no fundamental reason for their narrow focus. Although they are often coupled to specific industrial protocols in practice, many approaches could generalize to new industrial scenarios in theory. To unlock this potential, we propose IPAL, our industrial protocol abstraction layer, to decouple intrusion detection from domain-specific industrial protocols. After proving IPAL’s correctness in a reproducibility study of related work, we showcase its unique benefits by studying the generalizability of existing approaches to new datasets and conclude that they are indeed not restricted to specific domains or protocols and can perform outside their restricted silos.}, url = {/fileadmin/papers/2022/2022-wolsing-ipal.pdf}, booktitle = {Proceedings of the 25th International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2022)}, DOI = {10.1145/3545948.3545968}, reviewed = {1}, author = {Wolsing, Konrad and Wagner, Eric and Saillard, Antoine and Henze, Martin} } @Inproceedings { 2022-rechenberg-cim, title = {Guiding Ship Navigators through the Heavy Seas of Cyberattacks}, year = {2022}, month = {10}, keywords = {Maritime Cybersecurity, Intrusion Detection System, Integrated Bridge System, IEC 61162-450, NMEA 0183}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-rechenberg-guiding.pdf}, web_url = {https://zenodo.org/record/7148794}, publisher = {Zenodo}, booktitle = {European Workshop on Maritime Systems Resilience and Security (MARESEC 2022)}, event_place = {Bremerhaven, Germany}, DOI = {10.5281/zenodo.7148794}, reviewed = {1}, author = {von Rechenberg, Merlin and R{\"o}{\ss}ler, Nina and Schmidt, Mari and Wolsing, Konrad and Motz, Florian and Bergmann, Michael and Padilla, Elmar and Bauer, Jan} } @Proceedings { 2022-wolsing-radarsec, title = {Network Attacks Against Marine Radar Systems: A Taxonomy, Simulation Environment, and Dataset}, year = {2022}, month = {9}, tags = {rfc}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-wolsing-radar.pdf}, publisher = {IEEE}, event_place = {Edmonton, Canada}, event_name = {47th IEEE Conference on Local Computer Networks (LCN)}, event_date = {September 26-29, 2022}, DOI = {10.1109/LCN53696.2022.9843801}, reviewed = {1}, author = {Wolsing, Konrad and Saillard, Antoine and Bauer, Jan and Wagner, Eric and van Sloun, Christian and Fink, Ina Berenice and Schmidt, Mari and Wehrle, Klaus and Henze, Martin} } @Inproceedings { 2022-wolsing-simple, title = {Can Industrial Intrusion Detection Be SIMPLE?}, year = {2022}, month = {9}, volume = {978-3-031-17143-7}, pages = {574--594}, abstract = {Cyberattacks against industrial control systems pose a serious risk to the safety of humans and the environment. Industrial intrusion detection systems oppose this threat by continuously monitoring industrial processes and alerting any deviations from learned normal behavior. To this end, various streams of research rely on advanced and complex approaches, i.e., artificial neural networks, thus achieving allegedly high detection rates. However, as we show in an analysis of 70 approaches from related work, their inherent complexity comes with undesired properties. For example, they exhibit incomprehensible alarms and models only specialized personnel can understand, thus limiting their broad applicability in a heterogeneous industrial domain. Consequentially, we ask whether industrial intrusion detection indeed has to be complex or can be SIMPLE instead, i.e., Sufficient to detect most attacks, Independent of hyperparameters to dial-in, Meaningful in model and alerts, Portable to other industrial domains, Local to a part of the physical process, and computationally Efficient. To answer this question, we propose our design of four SIMPLE industrial intrusion detection systems, such as simple tests for the minima and maxima of process values or the rate at which process values change. Our evaluation of these SIMPLE approaches on four state-of-the-art industrial security datasets reveals that SIMPLE approaches can perform on par with existing complex approaches from related work while simultaneously being comprehensible and easily portable to other scenarios. Thus, it is indeed justified to raise the question of whether industrial intrusion detection needs to be inherently complex.}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-wolsing-simple.pdf}, editor = {Atluri, Vijayalakshmi and Di Pietro, Roberto and Jensen, Christian D. and Meng, Weizhi}, publisher = {Springer Nature Switzerland}, booktitle = {Proceedings of the 27th European Symposium on Research in Computer Security (ESORICS '22), September 26-30, 2022, Copenhagen, Denmark}, event_place = {Copenhagen, Denmark}, event_name = {27th European Symposium on Research in Computer Security (ESORICS)}, event_date = {September 26-30, 2022}, DOI = {10.1007/978-3-031-17143-7_28}, reviewed = {1}, author = {Wolsing, Konrad and Thiemt, Lea and van Sloun, Christian and Wagner, Eric and Wehrle, Klaus and Henze, Martin} } @Proceedings { 2022-serror-cset, title = {PowerDuck: A GOOSE Data Set of Cyberattacks in Substations}, year = {2022}, month = {8}, day = {8}, pages = {5}, keywords = {data sets, network traffic, smart grid security, IDS}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-serror-cset-powerduck.pdf}, publisher = {ACM}, address = {New York, NY, USA}, howpublished = {online}, event_place = {Virtual}, event_name = {Cyber Security Experimentation and Test Workshop (CSET 2022)}, event_date = {August 8, 2022}, ISBN = {978-1-4503-9684-4/22/08}, DOI = {10.1145/3546096.3546102}, reviewed = {1}, author = {Zemanek, Sven and Hacker, Immanuel and Wolsing, Konrad and Wagner, Eric and Henze, Martin and Serror, Martin} } @Inproceedings { 2022_kus_iids_generalizability, title = {A False Sense of Security? Revisiting the State of Machine Learning-Based Industrial Intrusion Detection}, year = {2022}, month = {5}, day = {30}, pages = {73-84}, abstract = {Anomaly-based intrusion detection promises to detect novel or unknown attacks on industrial control systems by modeling expected system behavior and raising corresponding alarms for any deviations. As manually creating these behavioral models is tedious and error-prone, research focuses on machine learning to train them automatically, achieving detection rates upwards of 99 \%. However, these approaches are typically trained not only on benign traffic but also on attacks and then evaluated against the same type of attack used for training. Hence, their actual, real-world performance on unknown (not trained on) attacks remains unclear. In turn, the reported near-perfect detection rates of machine learning-based intrusion detection might create a false sense of security. To assess this situation and clarify the real potential of machine learning-based industrial intrusion detection, we develop an evaluation methodology and examine multiple approaches from literature for their performance on unknown attacks (excluded from training). Our results highlight an ineffectiveness in detecting unknown attacks, with detection rates dropping to between 3.2 \% and 14.7 \% for some types of attacks. Moving forward, we derive recommendations for further research on machine learning-based approaches to ensure clarity on their ability to detect unknown attacks.}, keywords = {anomaly detection; machine learning; industrial control system}, tags = {internet-of-production, rfc}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-kus-iids-generalizability.pdf}, publisher = {ACM}, booktitle = {Proceedings of the 8th ACM Cyber-Physical System Security Workshop (CPSS '22), co-located with the 17th ACM ASIA Conference on Computer and Communications Security (ASIACCS '22), May 30-June 3, 2022, Nagasaki, Japan}, ISBN = {978-1-4503-9176-4/22/05}, DOI = {10.1145/3494107.3522773}, reviewed = {1}, author = {Kus, Dominik and Wagner, Eric and Pennekamp, Jan and Wolsing, Konrad and Fink, Ina Berenice and Dahlmanns, Markus and Wehrle, Klaus and Henze, Martin} } @Article { 2022-wolsing-aistracks, title = {Anomaly Detection in Maritime AIS Tracks: A Review of Recent Approaches}, journal = {Journal of Marine Science and Engineering}, year = {2022}, month = {1}, day = {14}, volume = {10}, number = {1}, abstract = {The automatic identification system (AIS) was introduced in the maritime domain to increase the safety of sea traffic. AIS messages are transmitted as broadcasts to nearby ships and contain, among others, information about the identification, position, speed, and course of the sending vessels. AIS can thus serve as a tool to avoid collisions and increase onboard situational awareness. In recent years, AIS has been utilized in more and more applications since it enables worldwide surveillance of virtually any larger vessel and has the potential to greatly support vessel traffic services and collision risk assessment. Anomalies in AIS tracks can indicate events that are relevant in terms of safety and also security. With a plethora of accessible AIS data nowadays, there is a growing need for the automatic detection of anomalous AIS data. In this paper, we survey 44 research articles on anomaly detection of maritime AIS tracks. We identify the tackled AIS anomaly types, assess their potential use cases, and closely examine the landscape of recent AIS anomaly research as well as their limitations.}, keywords = {automatic identification system; AIS; anomaly detection; maritime safety; maritime security; maritime surveillance}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-wolsing-aistracks.pdf}, web_url = {https://www.mdpi.com/2077-1312/10/1/112}, language = {en}, DOI = {10.3390/jmse10010112}, reviewed = {1}, author = {Wolsing, Konrad and Roepert, Linus and Bauer, Jan and Wehrle, Klaus} } @Inproceedings { 2021-hemminghaus-sigmar, title = {SIGMAR: Ensuring Integrity and Authenticity of Maritime Systems using Digital Signatures}, year = {2021}, month = {11}, day = {25}, abstract = {Distributed maritime bridge systems are customary standard equipment on today’s commercial shipping and cruising vessels. The exchange of nautical data, e.g., geographical positions, is usually implemented using multicast network communication without security measures, which poses serious risks to the authenticity and integrity of transmitted data. In this paper, we introduce digital SIGnatures for MARitime systems (SIGMAR), a low-cost solution to seamlessly retrofit authentication of nautical data based on asymmetric cryptography. Extending the existing IEC 61162-450 protocol makes it is possible to build a backward-compatible authentication mechanism that prevents common cyber attacks. The development was successfully accompanied by permanent investigations in a bridge simulation environment, including a maritime cyber attack generator. We demonstrate SIGMAR’s feasibility by introducing a proof-of-concept implementation on low-cost and low-resource hardware and present a performance analysis of our approach.}, keywords = {Maritime Cyber Security;Authentication;Integrity;IEC 61162-450;NMEA 0183}, publisher = {IEEE}, booktitle = {In Proceedings of the International Symposium on Networks, Computers and Communications (ISNCC)}, event_place = {Dubai, United Arab Emirates}, event_name = {International Symposium on Networks, Computers and Communications}, event_date = {31 Oct.-2 Nov. 2021}, DOI = {10.1109/ISNCC52172.2021.9615738}, reviewed = {1}, author = {Hemminghaus, Christian and Bauer, Jan and Wolsing, Konrad} } @Inproceedings { 2020-wolsing-facilitating, title = {Poster: Facilitating Protocol-independent Industrial Intrusion Detection Systems}, year = {2020}, month = {11}, day = {9}, abstract = {Cyber-physical systems are increasingly threatened by sophisticated attackers, also attacking the physical aspect of systems. Supplementing protective measures, industrial intrusion detection systems promise to detect such attacks. However, due to industrial protocol diversity and lack of standard interfaces, great efforts are required to adapt these technologies to a large number of different protocols. To address this issue, we identify existing universally applicable intrusion detection approaches and propose a transcription for industrial protocols to realize protocol-independent semantic intrusion detection on top of different industrial protocols.}, keywords = {Intrusion Detection; IDS; Industrial Protocols; CPS; IEC-60870-5-104; Modbus; NMEA 0183}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2020/2020-wolsing-facilitating.pdf}, publisher = {ACM}, address = {New York, NY, USA}, booktitle = {Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security (CCS ’20), November 9–13, 2020, Virtual Event, USA.}, event_place = {Virtual Event, USA}, event_date = {November 9-13, 2020}, DOI = {10.1145/3372297.3420019}, reviewed = {1}, author = {Wolsing, Konrad and Wagner, Eric and Henze, Martin} } @Inproceedings { 2019-rueth-quic-userstudy, title = {Perceiving QUIC: Do Users Notice or Even Care?}, year = {2019}, month = {12}, tags = {maki,reflexes}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-rueth-quic-userstudy.pdf}, web_url2 = {https://arxiv.org/abs/1910.07729}, publisher = {ACM}, booktitle = {In Proceedings of the 15th International Conference on emerging Networking EXperiments and Technologies (CoNEXT '19)}, event_place = {Orlando, Florida, USA}, event_name = {International Conference on emerging Networking EXperiments and Technologies}, event_date = {9.12.2019-12.12.2019}, DOI = {10.1145/3359989.3365416}, reviewed = {1}, author = {R{\"u}th, Jan and Wolsing, Konrad and Wehrle, Klaus and Hohlfeld, Oliver} } @Inproceedings { 2019-wolsing-quicperf, title = {A Performance Perspective on Web Optimized Protocol Stacks: TCP+TLS+HTTP/2 vs. QUIC}, year = {2019}, month = {7}, day = {22}, tags = {maki,reflexes}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-wolsing-quicperf.pdf}, web_url2 = {https://arxiv.org/abs/1906.07415}, publisher = {ACM}, booktitle = {In Proceedings of the Applied Networking Research Workshop (ANRW '19)}, event_place = {Montreal, Quebec, Canada}, event_name = {Applied Networking Research Workshop at IETF-105}, event_date = {2019-07-22}, DOI = {10.1145/3340301.3341123}, reviewed = {1}, author = {Wolsing, Konrad and R{\"u}th, Jan and Wehrle, Klaus and Hohlfeld, Oliver} } @Techreport { 2019-rueth-blitzstart, title = {Blitz-starting QUIC Connections}, year = {2019}, month = {5}, day = {8}, number2 = {arXiv:1905.03144 [cs.NI]}, pages = {1--8}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-rueth-blitzstart.pdf}, web_url = {https://arxiv.org/abs/1905.03144}, misc2 = {Online}, publisher = {COMSYS, RWTH Aachen University}, address = {Ahornstr. 55, 52074 Aachen, Germany}, institution = {COMSYS, RWTH Aachen University}, type = {Technical Report}, language = {en}, author = {R{\"u}th, Jan and Wolsing, Konrad and Serror, Martin and Wehrle, Klaus and Hohlfeld, Oliver} } @Inproceedings { 2018-rueth-mining, title = {Digging into Browser-based Crypto Mining}, year = {2018}, month = {10}, day = {31}, tags = {maki,internet-measurements}, url = {http://www.comsys.rwth-aachen.de/fileadmin/papers/2018/2018-rueth-mining.pdf}, web_url2 = {https://arxiv.org/abs/1808.00811}, publisher = {ACM}, booktitle = {Proceedings of the Internet Measurement Conference (IMC '18)}, event_place = {Boston, US}, event_name = {Internet Measurement Conference 2018}, event_date = {31.10.18 - 2.11.18}, language = {en}, DOI = {10.1145/3278532.3278539}, reviewed = {1}, author = {R{\"u}th, Jan and Zimmermann, Torsten and Wolsing, Konrad and Hohlfeld, Oliver} } @Inproceedings { 2018-tzimmermann-metacdn, title = {Characterizing a Meta-CDN}, year = {2018}, month = {3}, day = {26}, pages = {114-128}, tags = {maki}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2018/2018-hohlfeld-metacdn.pdf}, web_url = {https://arxiv.org/abs/1803.09990}, publisher = {Springer, Cham}, booktitle = {In Proceedings of the Passive and Active Measurement Conference (PAM '18)}, event_place = {Berlin, Germany}, event_name = {Passive and Active Measurement Conference (PAM 2018)}, event_date = {26.3.2018 - 27.3.2018}, language = {en}, ISBN = {978-3-319-76480-1}, DOI = {10.1007/978-3-319-76481-8_9}, reviewed = {1}, author = {Hohlfeld, Oliver and R{\"u}th, Jan and Wolsing, Konrad and Zimmermann, Torsten} }