This file was created by the TYPO3 extension
bib
--- Timezone: UTC
Creation date: 2025-02-17
Creation time: 20-50-07
--- Number of references
8
inproceedings
2025-wolsing-geco
GeCos Replacing Experts: Generalizable and Comprehensible Industrial Intrusion Detection
2025
8
https://www.comsys.rwth-aachen.de/fileadmin/papers/2025/2025-wolsing-geco.pdf
Proceedings of the 34th USENIX Security Symposium (USENIX Sec)
Seattle, WA, USA
34th USENIX Security Symposium
August 13-15, 2025
accepted
1
KonradWolsing
EricWagner
LuisaLux
KlausWehrle
MartinHenze
inproceedings
2025-wagner-caiba
CAIBA: Multicast Source Authentication for CAN Through Reactive Bit Flipping
2025
6
Proceedings of the 2025 IEEE 10th European Symposium on Security and Privacy (EuroS&P)
Venice, Italy
10th European Symposium on Security and Privacy
June 30 - July 4, 2025
accepted
1
EricWagner
FrederikBasels
JanBauer
TillZimmermann
KlausWehrle
MartinHenze
inproceedings
2025-kunze-crq
Congestion-Responsive Queuing for Internet Flows
2025
5
Internet congestion management is once again undergoing radical change: QUIC has ignited a cambrian explosion in congestion control (CC) implementations while the many versions of BBR alone have increased the diversity in algorithms used with TCP, both making the congestion landscape more complex. At the same time, the interplay of CC and AQM is also evolving but congestion unresponsiveness remains a threat. In particular, L4S crucially requires a fine-grained CC and AQM interaction to provide its benefits and suffers from unresponsive traffic. Overall, we need more responsive traffic on the Internet as well as mechanisms that can cope with unresponsiveness.
We present Congestion-Responsive Queuing (CRQ), our L4S-inspired system which is designed to promote responsive CC, manage unresponsive traffic, and handle QUIC and TCP flows alike. Similar to L4S, CRQ uses two queues for flow isolation. Yet, in contrast to L4S, we isolate flows based on their actual congestion responsiveness, moving responsive flows to one queue and leaving the remaining flows in the other. Our evaluation with an eBPF prototype highlights the efficacy of our design and shows that CRQ can provide effective incentives for responsive CC.
https://www.comsys.rwth-aachen.de/fileadmin/papers/2025/2025-kunze-crq.pdf
IEEE
Proceedings of the 2025 IEEE/IFIP Network Operations and Management Symposium (NOMS '25), May 12-16, 2025, Honolulu, HI, USA
Honolulu, HI, USA
2025 IEEE/IFIP Network Operations and Management Symposium
May 12-16, 2025
accepted
1
IkeKunze
ConstantinSander
MikeKosek
LarsTissen
JanPennekamp
KlausWehrle
inproceedings
2025-fink-mptcp
Emulating and Evaluating Transport Layer Protocols for Resilient Communication in Smart Grids
2025
5
https://www.comsys.rwth-aachen.de/fileadmin/papers/2025/2025-fink-mptcp.pdf
IEEE
Proceedings of the 2025 IEEE/IFIP Network Operations and Management Symposium (NOMS '25), May 12-16, 2025, Honolulu, HI, USA
Honolulu, HI, USA
2025 IEEE/IFIP Network Operations and Management Symposium
May 12-16, 2025
accepted
1
Ina BereniceFink
LennartFerlemann
MarkusDahlmanns
ChristianThimm
KlausWehrle
inproceedings
2025-fink-hybridmon
Advancing Network Monitoring with Packet-Level Records and Selective Flow Aggregation
2025
5
Due to its superior efficiency, network operators frequently prefer flow monitoring over full packet captures. However, packet-level information is crucial for the timely and reliable detection, investigation, and mitigation of security incidents. Currently, no solution effectively balances these two contradicting approaches, forcing network operators to compromise between efficiency and accuracy. In this paper, we thus propose HybridMon, a hybrid solution that combines condensed packet-level monitoring with selective flow-based aggregation to strike a new balance between efficiency and accuracy. Operating on the data plane of P4-programmable switches, HybridMon enables fine-grained, practical, and flexible network monitoring at Tbps speeds. We validate the effectiveness of HybridMon through extensive evaluations using Internet backbone and university campus traffic traces, demonstrating its reliability and performance in network forensics and intrusion detection contexts. Our results show that HybridMon reliably monitors all flows while reducing the output bandwidth to 12 % to 20 % compared to packet monitoring when exporting standard features.
Security Services; Control and Data Plane Programmability; Monitoring and Measurements
https://www.comsys.rwth-aachen.de/fileadmin/papers/2025/2025-fink-hybridmon.pdf
IEEE
Proceedings of the 2025 IEEE/IFIP Network Operations and Management Symposium (NOMS '25), May 12-16, 2025, Honolulu, HI, USA
Honolulu, HI, USA
2025 IEEE/IFIP Network Operations and Management Symposium
May 12-16, 2025
accepted
1
Ina BereniceFink
IkeKunze
PascalHein
JanPennekamp
BenjaminStandaert
KlausWehrle
JanRüth
inproceedings
2025_pennekamp_mapxchange
MapXchange: Designing a Confidentiality-Preserving Platform for Exchanging Technology Parameter Maps
2025
4
Technology parameter maps summarize experiences with specific parameters in production processes, e.g., milling, and significantly help in designing new or improving existing production processes. Businesses could greatly benefit from globally exchanging such existing knowledge across organizations to optimize their processes. Unfortunately, confidentiality concerns and the lack of appropriate designs in existing data space frameworks—both in academia and industry—greatly impair respective actions in practice. To address this research gap, we propose MapXchange, our homomorphic encryption-based approach to combine technology parameters from different organizations into technology parameter maps while accounting for the confidentiality needs of involved businesses. Central to our design is that it allows for local modifications (updates) of these maps directly at the exchange platform. Moreover, data consumers can query them, without involving data providers, to eventually improve their setups. By evaluating a real-world use case in the domain of milling, we further underline MapXchange's performance, security, and utility for businesses.
secure industrial collaboration; homomorphic encryption; data sharing; exchange platform; process planning; Internet of Production
internet-of-production
https://www.comsys.rwth-aachen.de/fileadmin/papers/2025/2025-pennekamp-mapxchange.pdf
ACM
Proceedings of the 40th ACM/SIGAPP Symposium on Applied Computing (SAC '25), March 31-April 4, 2025, Catania, Italy
Catania, Italy
ACM/SIGAPP Symposium on Applied Computing
March 31-April 4, 2025
accepted
979-8-4007-0629-5/25/03
10.1145/3672608.3707734
1
JanPennekamp
JosephLeisten
PaulWeiler
MarkusDahlmanns
MarcelFey
ChrstianBrecher
SandraGeisler
KlausWehrle
inproceedings
2025_berninger_ratings
Privacy-Aware Supply Chain Ratings: Interdisciplinary Research On Collaborative Supply Chain Management
2025
3
The establishment, expansion, and operation of reliable value-creation networks present an increasing challenge for manufacturing companies, given the growing volatility of the market environment in which they operate. For example, the development of new business areas, mass customization, or the disruption of supply chains frequently necessitates the establishment of partnerships with new suppliers, both short- and long-term. The utilization of supplier key performance indicators (KPIs) can facilitate the selection of new business partners, as they provide a quick and objective indication of their reliability. Nevertheless, access to potentially sensitive KPIs, such as a supplier's on-time delivery performance, is currently mainly limited to existing supplier relationships and not made available to other companies. This paper presents a coordinated approach for supplier rating systems, thereby enabling the privacy-aware exchange of supplier KPIs across organizations and exemplifies it using an application in the "Internet of Production". Specifically, we conduct interdisciplinary research by formulating the requirements from a business perspective (supply chain design, trust in data sharing, and business models) and evaluating promising solutions from a technical perspective (information security, data quality, data sovereignty, and collaboration). This approach enables the combination of state-of-the-art technology with the evolving requirements of stakeholders, thus creating new paths for exploiting inter-organizational supply chain rating.
supply chain management; privacy awareness; data sharing; collaboration; Internet of Production
internet-of-production
publish-Ing.
Proceedings of the 7h Conference on Production Systems and Logistics (CPSL '25), March 18-21, 2025, Lima, Peru
Lima, Peru
Conference on Production Systems and Logistics
March 18-21, 2025
accepted
2701-6277
1
StefanieBerninger
Soo-YonKim
JoanaPiel
MartinPerau
SandraGeisler
FrankPiller
KlausWehrle
JanPennekamp
inproceedings
2025_vansloun_ransomwareio
Detecting Ransomware Despite I/O Overhead: A Practical Multi-Staged Approach
2025
2
27
Ransomware attacks have become one of the most widely feared cyber attacks for businesses and home users. Since attacks are evolving and use advanced phishing campaigns and zero-day exploits, everyone is at risk, ranging from novice users to experts. As a result, much research has focused on preventing and detecting ransomware attacks, with real-time monitoring of I/O activity being the most prominent approach for detection. These approaches have in common that they inject code into the execution of the operating system’s I/O stack, a more and more optimized system. However, they seemingly do not consider the impact the integration of such mechanisms would have on system performance or only consider slow storage mediums, such as rotational hard disk drives. This paper analyzes the impact of monitoring different features of relevant I/O operations for Windows and Linux. We find that even simple features, such as the entropy of a buffer, can increase execution time by 350% and reduce SSD performance by up to 75%. To combat this degradation, we propose adjusting the number of monitored features based on a process’s behavior in real-time. To this end, we design and implement a multi-staged IDS that can adjust overhead by moving a process between stages that monitor different numbers of features. By moving seemingly benign processes to stages with fewer features and less overhead while moving suspicious processes to stages with more features to confirm the suspicion, the average time a system requires to perform I/O operations can be reduced drastically. We evaluate the effectiveness of our design by combining actual I/O behavior from a public dataset with the measurements we gathered for each I/O operation and found that a multi-staged design can reduce the overhead to I/O operations by an order of magnitude while maintaining similar detection accuracy of traditional single- staged approaches. As a result, real-time behavior monitoring for ransomware detection becomes feasible despite its inherent overhead impacts.
https://www.comsys.rwth-aachen.de/fileadmin/papers/2025/2025-sloun-multi-staged-ids.pdf
Internet Society
Proceedings of the 22nd Annual Network and Distributed System Security Symposium (NDSS '25), February 24–28, 2025, San Diego, CA, USA
San Diego, CA, USA
Network and Distributed System Security Symposium
February 24–28, 2025
accepted
979-8-9894372-8-3
10.14722/ndss.2025.240764
1
Christianvan Sloun
VincentWoeste
KonradWolsing
JanPennekamp
KlausWehrle