Abstract: A method for automated network deployment of cloud services into a network is suggested. The method includes receiving a certain cloud service with a certain resource protection template specifying an isolation policy for isolating zones in the network, receiving certain customer protection parameters specifying customer needs regarding protection in the network, providing security requirements by matching the received resource protection templates and the received customer protection parameters, and automatically deploying the certain cloud service into the network by using the provided security requirements.

Abstract: Given a new user U or a user whose role in the organization changed, an automated method of the present disclosure in one aspect determines the new or revised access permissions the user should have. In one aspect, the method of the present disclosure automatically determines access rights based on the access rights held by similar users. This general idea, including a formalization of similarity between users, the details of how access rights are determined, and an algorithm to test if the presented methods are safe to use are provided.

Abstract: A method for automated network deployment of cloud services into a network is suggested. The method includes receiving a certain cloud service with a certain resource protection template specifying an isolation policy for isolating zones in the network, receiving certain customer protection parameters specifying customer needs regarding protection in the network, providing security requirements by matching the received resource protection templates and the received customer protection parameters, and automatically deploying the certain cloud service into the network by using the provided security requirements.

Abstract: A method and system is designed for processing alarms, that have been triggered by a monitoring system such as an intrusion detection system, a firewall, or a network management system, comprising the steps of entering the triggered alarms into an alarm log, evaluating similarity between alarms, grouping similar alarms into alarm clusters, summarizing alarm clusters by means of generalized alarms, counting the covered alarms for each generalized alarm and forwarding generalized alarms for further processing if the number of alarms covered satisfies a predetermined criterion. In the event of high rates of alarm messages, possibly containing many false alarms, a system administrator will therefore not be confronted with a flood of messages with little significance. Instead, only generalized alarms, more meaningful and smaller in number, are presented.

Abstract: A peripheral device includes an interface configured to communicate with a computer, the peripheral device; logic configured to perform an integrity verification of an operating system of the computer; and a display configured to display a result of the integrity verification. A method for integrity verification of a computer using a peripheral device includes connecting the peripheral device to the computer; sending a challenge from the device to the computer; computing attestation data using the challenge and information stored in the computer, retrieving the attestation data from the computer by a client program running on the computer; sending the attestation data to the peripheral device; and verifying the attestation data by the peripheral device.

Abstract: A method for resolving an exchange of a first object and a second object in a communication network. The first object is sent by a first entity to a second entity, the second object having been requested by the first entity from the second entity. A number of verifiers verify a transfer of the first object from the first entity, a number of trustees provide the second object or an equivalent to the second object. There are at least two verifiers or two trustees. Transfer verification is provided by at least one verifier. If the transfer of the first object from the first entity is verified, and a step of transferring the second objector the equivalent to the first entity by at least one trustee of the number of trustees based on the transfer verification.

Abstract: A method for locating documents has a step of, on each entity of the plurality of document-storing entities, calculating a respective fingerprint for each document of the documents stored on the entity, a step of transferring the calculated fingerprints by the entities to a data localization server having a fingerprint database for storing the transferred fingerprints, and a step of, at the data localization server, locating copies of a specimen document by calculating a fingerprint of the specimen document and comparing the calculated fingerprint of the specimen document with the fingerprints stored in the fingerprint database.

Abstract: A computer implemented method and system for analysing a first set of data records where each data record comprises attribute values for one or more attributes, by expanding the first set of data records into a second set of data records by creating for at least one of the attributes of the first set of data records at least two redundant attributes with corresponding redundant attribute values, assigning different generalization rules to the at least two redundant attributes, and performing a generalization of the second set of data records by means of an attribute-oriented induction (AOI)-algorithm.

Abstract: A peripheral device includes an interface configured to communicate with a computer, the peripheral device; logic configured to perform an integrity verification of an operating system of the computer; and a display configured to display a result of the integrity verification. A method for integrity verification of a computer using a peripheral device includes connecting the peripheral device to the computer; sending a challenge from the device to the computer; computing attestation data using the challenge and information stored in the computer, retrieving the attestation data from the computer by a client program running on the computer; sending the attestation data to the peripheral device; and verifying the attestation data by the peripheral device.

Abstract: Given a new user U or a user whose role in the organization changed, an automated method of the present disclosure in one aspect determines the new or revised access permissions the user should have. In one aspect, the method of the present disclosure automatically determines access rights based on the access rights held by similar users. This general idea, including a formalization of similarity between users, the details of how access rights are determined, and an algorithm to test if the presented methods are safe to use are provided.

Abstract: A method and system is designed for processing alarms, that have been triggered by a monitoring system such as an intrusion detection system, a firewall, or a network management system, comprising the steps of entering the triggered alarms into an alarm log, evaluating similarity between alarms, grouping similar alarms into alarm clusters, summarizing alarm clusters by means of generalized alarms, counting the covered alarms for each generalized alarm and forwarding generalized alarms for further processing if the number of alarms covered satisfies a predetermined criterion. In the event of high rates of alarm messages, possibly containing many false alarms, a system administrator will therefore not be confronted with a flood of messages with little significance. Instead, only generalized alarms, more meaningful and smaller in number, are presented.

Abstract: A method and system is designed for processing alarms, that have been triggered by a monitoring system such as an intrusion detection system, a firewall, or a network management system, comprising the steps of entering the triggered alarms into an alarm log, evaluating similarity between alarms, grouping similar alarms into alarm clusters, summarizing alarm clusters by means of generalized alarms, counting the covered alarms for each generalized alarm and forwarding generalized alarms for further processing if the number of alarms covered satisfies a predetermined criterion.

Abstract: Described is a technique for detecting attacks on a data communications network having a plurality of addresses for assignment to data processing systems in the network. The technique involves identifying data traffic on the network originating at any assigned address and addressed to any unassigned address. Any data traffic so identified is inspected for data indicative of an attack. On detection of data indicative of an attack, an alert signal is generated.

Abstract: A computer implemented method and system for analysing a first set of data records where each data record comprises attribute values for one or more attributes, by expanding the first set of data records into a second set of data records by creating for at least one of the attributes of the first set of data records at least two redundant attributes with corresponding redundant attribute values, assigning different generalization rules to the at least two redundant attributes, and performing a generalization of the second set of data records by means of an attribute-oriented induction (AOI)-algorithm.

Abstract: An apparatus, a method, and a computer program are provided for distinguishing relevant security threats. With conventional computer systems, distinguishing security threats from actual security threats is a complex and difficult task because of the general inability to quantify a “threat.” By the use of an intelligent conceptual clustering technique, threats can be accurately distinguished from benign behaviors. Thus, electronic commerce, and Information Technology systems generally, can be made safer without sacrificing efficiency.

Abstract: The present invention provides a method for generating from requests from a first data network attack signatures for use in a second data network having a plurality of addresses assigned to data processing systems, the method comprising receiving data traffic from the first data network addressed to a number of unassigned addresses in a third data network; inspecting several incidents of the received data traffic for a common data pattern, upon finding a said data pattern, determining from the corresponding data traffic the attack signature for use in detecting attacks for the second data network. The invention also provides an apparatus for generating from requests on a first data network attack signatures for use in a second data network having a plurality of addresses assigned to data processing systems.

Abstract: An apparatus, a method, and a computer program are provided for distinguishing relevant security threats. With conventional computer systems, distinguishing security threats from actual security threats is a complex and difficult task because of the general inability to quantify a “threat.” By the use of an intelligent conceptual clustering technique, threats can be accurately distinguished from benign behaviors. Thus, electronic commerce, and Information Technology systems generally, can be made safer without sacrificing efficiency.

Abstract: A method and system is designed for processing alarms, that have been triggered by a monitoring system such as an intrusion detection system, a firewall, or a network management system, comprising the steps of entering the triggered alarms into an alarm log, evaluating similarity between alarms, grouping similar alarms into alarm clusters, summarizing alarm clusters by means of generalized alarms, counting the covered alarms for each generalized alarm and forwarding generalized alarms for further processing if the number of alarms covered satisfies a predetermined criterion. In the event of high rates of alarm messages, possibly containing many false alarms, a system administrator will therefore not be confronted with a flood of messages with little significance. Instead, only generalized alarms, more meaningful and smaller in number, are presented.

Abstract: A method and system is proposed that allow to process alarms, that have been triggered by a monitoring system, by means of a model representing the normal alarm behavior of the monitoring system. The number of alarms, that have been triggered, and the number of alarms, that have been filtered by means of the model, are counted. Then the ratio between the number of alarms, that have been filtered, and the number of alarms, that have been triggered, is calculated; and the update of the model is started whenever the ratio has reached a first or a second threshold value. Thus in order to efficiently achieve an optimal over-all performance, an update of the model is always performed, whenever a decline in the model's performance is detected. In a preferred embodiment, alarms that have been triggered, are grouped depending on source address information contained therein.