Abstract: A transmitting data between a real first network and a real second network is provided. The transmission device has a first network port for coupling to the real first network and a second network port for coupling to the real second network and also comprises: a simulation unit which is connected to the first network port and which is configured to receive network-specific data from the real first network via the first network port, to provide, in accordance with the received network-specific data, a virtual simulation network of the real first network, and to prepare the provided virtual simulation network, via the second network port, for access to the provided virtual simulation network by the real second network. The transmission device provided allows an attacker to be deliberately deceived, which increases security against attempts to access the real first network from the real second network.

Abstract: A transmission device for transmitting data between a first network and a second network is provided. The transmission device includes a first network port for coupling to the first network and a second network port for coupling to the second network, and the transmission device further includes: a first detection unit which is connected to the first network port and is configured to receive data transmitted by the first network via the first network port and to detect anomalies with respect to the received data, and a second detection unit which is connected to the second network port and is configured to receive data transmitted by the second network via the second network port and to detect anomalies with respect to the received data. The provided transmission device leads to an optimized detection of anomalies in the first and the second network, thereby increasing security during data transmission between the first and the second network.

Abstract: A transmission device for transmitting data between a first network and a second includes: a first unidirectional transmission unit which is coupled to the first network and is configured to exclusively receive data transmitted from the first network to the transmission device, a second unidirectional transmission unit which is coupled to the second network and is configured to exclusively send data from the transmission device to the second network, and an identification unit which is located between the first unidirectional unit and the second unidirectional unit and which is configured to receive the data received by the first unidirectional transmission unit and to identify anomalies in the received data. The provided transmission device achieves the reliable, optimized identification of anomalies in the first network and increases security in the identification unit against manipulation and against attacks or intrusion attempts from the second network.

Abstract: An apparatus for monitoring a protected network using unidirectional communication includes a sending unit coupled to one or more devices of the protected network for obtaining network data related to protected network status. The apparatus further includes an eavesdropping unit with an interceptor configured to intercept the requested data within the sending unit via a loop connection between input and output interfaces of the sending unit. The interceptor and the loop connection are inductively coupled and configured for unidirectional communication from the sending unit to the receiving unit. A receiving unit is coupled to the eavesdropping unit for receiving the duplicated data and forwarding the duplicated data to an evaluation system located in a low security external network. A reconfigurable application layer includes at least one modular application configured to operate security related functions that support intrusion detection.

Abstract: A computing device is proposed for detecting attacks on a technical system based on events of an event sequence is provided. The computing device has a receiving unit for receiving the event sequence which includes a plurality of events, wherein an attack is determined by a specific sequence in the events in the received event sequence, and a checking unit for checking the received event sequence based on a main event which is contained in the specific sequence in events, wherein the checking unit is additionally designed to carry out a pattern recognition in the received event sequence based on the specific sequence in events if the main event has occurred. As the checking unit merely checks the received event sequence for the occurrence of a main event, and the more exact pattern recognition is only carried out after the main event occurs, the necessary computing expense can be reduced.

Abstract: A system for obtaining and analyzing forensic data in a distributed computer infrastructure. The system includes a plurality of computing devices and at least one monitoring unit, which are connected to each other via a communication network. Every computing device is configured to detect security events and send same to the monitoring unit. The monitoring unit is configured to evaluate the received security events and assign same to a danger category, wherein if there is a lack of information for assigning a danger category, the computing device is configured in such a manner as to receive instructions for gathering additional forensic data and to send the additional data via an analysis unit to the monitoring unit. The monitoring unit is configured in such a manner as to transmit instructions to the computing device for gathering additional data and to use same for re-evaluation and assigning of a danger category.

Abstract: A method for identifying manipulation of data records in a system including a computation apparatus and an external security apparatus, wherein the data records are stored in the computation apparatus, having the method steps of: allocation of a secret to a computation apparatus, generation of a first cryptographic key by a one-way function on the basis of the secret, storage of the secret on a security apparatus that is different from the computation apparatus, use of the first cryptographic key for the purpose of protecting a first data record, and generation of a respective next cryptographic key by the same one-way function on the basis of the respectively preceding cryptographic key for the purpose of protecting a next data record on the computation apparatus and simultaneous erasure or overwriting of the respectively preceding cryptographic key.

Abstract: A system for obtaining and analyzing forensic data in a distributed computer infrastructure. The system includes a plurality of computing devices and at least one monitoring unit, which are connected to each other via a communication network. Every computing device is configured to detect security events and send same to the monitoring unit. The monitoring unit is configured to evaluate the received security events and assign same to a danger category, wherein if there is a lack of information for assigning a danger category, the computing device is configured in such a manner as to receive instructions for gathering additional forensic data and to send the additional data via an analysis unit to the monitoring unit. The monitoring unit is configured in such a manner as to transmit instructions to the computing device for gathering additional data and to use same for re-evaluation and assigning of a danger category.

Abstract: A computing device is proposed for detecting attacks on a technical system based on events of an event sequence is provided. The computing device has a receiving unit for receiving the event sequence which includes a plurality of events, wherein an attack is determined by a specific sequence in the events in the received event sequence, and a checking unit for checking the received event sequence based on a main event which is contained in the specific sequence in events, wherein the checking unit is additionally designed to carry out a pattern recognition in the received event sequence based on the specific sequence in events if the main event has occurred. As the checking unit merely checks the received event sequence for the occurrence of a main event, and the more exact pattern recognition is only carried out after the main event occurs, the necessary computing expense can be reduced.

Abstract: A method and a device for detecting autonomous, self-propagating malicious software in at least one first computing unit in a first network, wherein the first network is coupled to a second network via a first link, having the following method steps: a) generating at least one first indicator which specifies a first behaviour of the at least one first computing unit; b) generating at least one second indicator which specifies a second behaviour of at least one second computing unit in the second network; c) transmitting the at least one first indicator and the at least one second indicator to a correlation component; d) generating at least one correlation result by correlating the at least one first indicator with the at least one second indicator; e) outputting an instruction signal if, when a comparison is made, a definable threshold value is exceeded by the correlation result, is provided.