A year ago the Josef Ressel Centre started its work on unified threat intelligence of targeted attacks (TARGET) at the St.Pölten UAS. It researches the security in case of targeted IT attacks on companies. By re-enacting attacks on servers researchers are currently developing methods protecting companies from future attacks.
Identifying software by behaviour
“We research what kind of traces targeted IT attacks on companies leave behind on networks and how these traces can be detected. In future, so far unknown security holes are to be identified this way“, says Sebastian Schrittwieser, UAS lecturer at the Department of Computer Science and Security of the St. Pölten UAS and head of TARGET.
Dangers are currently being judged by virus protection programmes on the basis of their appearance. So-called signatures, parts of the code of the malware, are searched for and reveal intruders. However, therefore the danger must already be known. Targeted attacks often use still unknown methods and are often only detected when the damage has already been caused.
Therefore, the centre relies on a new method of malware detection. Its basis is behaviour: here and there a file is created, a programme is started or a connection to the internet is set up – activities which are also individually conducted by harmless programmes. It’s all about a huge number of commands being neutral if on their own but suspicious if performed together.
Differentiating attacks from normal operations
“In practice it’s more difficult than it sounds”, says Martin Pirker, researcher at the Josef Ressel Centre TARGET. “One has to find out, for example, whether changes in a Windows system file are part of a normal Windows update or are caused by a particular and suspicious incident.“ A similar scenario exists with an update of programmes like internet browsers – it can be a harmless automatic update or part of an attack.
Currently, researchers of the Josef Ressel Centre are testing these new methods by comparing systems on two servers. One runs normally and undisturbed, the other is used for simulated attacks by Pirker. The aim is to gain the ability to automatically differentiate normal operation without attack from operation during an attack.
Cooperation of research and economy
In Josef Ressel Centres, application-oriented research is conducted on a high level. Therefore, excellent researchers cooperate with innovative companies. In the Josef Ressel Centre TARGET the St. Pölten UAS works with two business partners, IKARUS Security Software GmbH and SEC Consult Unternehmensberatung GmbH. The centre is financed by the Federal Ministry of Science, Research and Economy (BMWFW) as well as by both business partners.
“In order to promote innovations and achieve improvements applied research is indispensable. By cooperating with the Josef Ressel Centre we are able to improve the chain of innovation in research and academic education. That is why these collaborations are especially essential for us “, explains Clemens Foisner, managing partner of SEC Consult Unternehmensberatung GmbH.
“For us as software, company, it is highly valuable to create attractive technologies in cooperation with the researchers of the new Ressel Centre and to develop them further into an internationally competitive product. We work with academic and non-academic research institutions in diverse research projects and collaborations. This knowledge transfer is substantial for the attractiveness of our products." says Joe Pichlmayr, CEO at IKARUS Security Software GmbH.
Recently, Sebastian Schrittwieser has been invited to a “Campus Talk” on Campus & City Radio 94.4.
Listen to the programme (in German):
About the Josef Ressel Centre
The Josef Ressel Centre for unified threat intelligence of targeted attacks (TARGET) is run by the St. Pölten UAS in cooperation with IKARUS Security Software GmbH and SEC Consult Unternehmensberatung GmbH. On 1 April the St. Pölten UAS began its work at the research centre sponsored by the Christian Doppler-Gesellschaft.
The centre is financed by the Federal Ministry of Science, Research and Economy (BMWFW) as well as IKARUS Security Software GmbH and SEC Consult Unternehmensberatung GmbH. Above all that, the field of expertise is embedded in Bachelor and Master study programmes of the Department of Computer Science and Security at the St. Pölten UAS as well as in the Institute of IT Security Research.
- Josef Ressel Centre for unified threat intelligence of targeted attacks (TARGET):
- Institute of IT Security Research at St. Pölten UAS
- SEC Consult Unternehmensberatung GmbH
- IKARUS Security Software GmbH