Two papers got accepted at the Workshop on Empirical Research Methods in Information Security which is held in conjunction with the 25rd International World Wide Web Conference (WWW 2016) in Montreal.
Martin Pirker, Andreas Nusser. A Work-Flow for Empirical Exploration of Security Events. First Workshop on Empirical Research Methods in Information Security 2016.
Abstract: As the internet continuously expands and more and more devices connect to it, information security research is a never ending challenge. It is impossible to known all internet participants, protocols and their applications. Instead, certain security research focuses on empirically collected real-world data; stores, processes, transforms and analyses the data, in order to learn from it and its anomalies—security issues—as they happen.
This paper presents one practical work-flow for collection and processing of security events data. It present a hard- and software setup, experiences made and lessons learned, and estimates what future challenges await. This gives others the opportunity to learn and identify areas for improvement, especially those in the early stages of setting up a research project based on empirically gathered data.
Stefan Marschalek, Manfred Kaiser, Robert Luh, Sebastian Schrittwieser. Empirical Malware Research through Observation of System Behaviour. First Workshop on Empirical Research Methods in Information Security 2016.
Abstract: Behavioural analysis has become an important method of today’s malware research. Malicious software is executed inside a controlled environment where its runtime behaviour can be studied. Recently, we proposed the concept of not only observing individual executables but a computer system as a whole. The basic idea is to identify malware by detecting anomalies in the way a system behaves. In this paper we discuss our methodology for empirical malware research and highlight its strengths and limitations. Furthermore, we explain the challenges we faced during our research and describe our lessons learned.