Actual research areas

 

SOC R&D

One of our main research directions is the expansion and continuous development of our Security Operations Center (SOC), which is currently operating on campus and built with open-source tools. This will primarily involve optimization based on log and monitoring data from SOC-connected devices, but we are also working on broader solutions for attack detection. In a general network, we will fine-tune devices used on the defense side, such as firewalls, intrusion prevention/intrusion detection, antivirus and others, by analyzing data coming into the SOC, where appropriate using machine learning assisted methods. The result of the research is applied in various research, development and consultancy projects to prepare the systems and human resource of our partners to be cyber resilient.

Related thesis / dissertation topics HERE...

 

VSOC R&D

The rapid development of vehicle electronics in the last decades has led to the emergence of an increasing number of new electronically supported functions. The various control units no longer operate as autonomous devices, but together, using different communication protocols, have made it possible to build a vehicle electronics network. This continuous evolution also requires an increase in the reliability, data transfer rate and data volume of communication technologies. In addition, the connection of cars to the Internet places new demands on the protocols and networks used in the automotive industry. Our research aims at the security analysis of automotive electronic networks. We work together with large automotive companies in this direction to be sure that their products are cyber safe.

Related thesis / dissertation topics HERE...

 

Honeypot R&D

In order to protect an organization's network infrastructure, a so-called Honeypot mechanism is often used to detect, prevent or in some way counteract attempts to unauthorized use of information systems. To this end, systems incorporating several honeypot functions and services are often used, rather than just a single honeypot server. These systems trap attackers, trying to attract attention by simulating real services and environments. The aim is to attract and divert the attacker's attention from the real network. The main goal of our research is to build a framework for measuring the effectiveness of honeypots and to optimize honeypots based on the metrics. The honeypot system built in our SOC-supported network is tested by means of Capture the Flag (CtF) contests advertised among students. Here we have embedded CtF challenges in honeypot services that students have to find in a given time interval.

Related thesis / dissertation topics HERE...

 

Security analysis of 5G networks - 5G SOC development

The new 5th generation of mobile communications offers us a lot of new opportunities. However, new technological achievements naturally bring with them many new security threats. The main objective of our research is the security analysis of the RAN interface of 5G networks in a dedicated 5G lab. The research will investigate potential vulnerabilities from both the offensive and defensive sides and will also aim at enabling network monitoring by setting up a dedicated Security Operations Centre (SOC) for 5G networks. A state-of-the art physical infrastructures are established in our university working together with operators and technology suppliers.

Related thesis / dissertation topics HERE...

 

Investigating the applicability of attack graphs in SOC environments

Identification of vulnerabilities, security analysis and risk assessment, which are essential to identify and improve the security level of a network. It is also important for risk assessment to visualize the correlations between the attack actions that attackers can take. Tree structure-based or graph-based models are commonly used to represent attack paths. However, the use of these methods poses scalability problems and existing graph and tree generating applications usually have a very limited toolbox. The main thrust of our research is to implement an attack graph generator stored in a graph database that meets our own requirements, which will help to further optimize the functions supported by the SOC by scanning, analyzing and evaluating the data stored in our other research topics.

Related thesis / dissertation topics HERE...

 

Our R&D references

We do work by using open-source toolkits to build up our SOC environment. The following figure shows the built up core architecture and the processes we operate on it.

Related thesis / dissertation topics HERE...

 

Óbuda University SOC researches

Besides the computational infrastructure we do have two 5G research laboratories. One closed laboratory is dedicated to technology development. Here all tools can be found that are necessary for a modern communication laboratory. In our open laboratory, we use public frequencies of an operator in our research where the access points are installed on and in our building. In the open lab, the focus is on the applications.

Related thesis / dissertation topics HERE...

 

Cyber Range

Gaining and improving practical experience in cybersecurity, learning how to defend against cyber-attacks and respond effectively and quickly to security incidents is extremely difficult. Although the number of cyber-attacks worldwide is growing at an unprecedented rate, the number and variety of such incidents over the time spent in a given position is not sufficient to gain experience. To compensate for this, nations, cybersecurity agencies and military organisations are creating Cyber Ranges, where participants can test their skills and develop their abilities in a simulated environment, individually or in teams, on both the offensive (red team) and defensive (blue team) sides.
 
The Cyber Range is a controlled and simulated environment designed to train, test and evaluate cyber security skills, tools and techniques. It provides a safe and controlled environment for cyber security professionals and enthusiastic and eager students to learn, where they can practice and develop their skills without causing real harm.

These infrastructures can vary in complexity and scale, from simple virtual environments to more advanced and sophisticated simulations. They can mimic various real-world scenarios, such as cyber-attacks, data breaches, malicious code damage and other network intrusions.

The implementation of a successful cyber exercise revolves around three main pillars: firstly, the development and management of a virtual infrastructure (green team), secondly, the definition of the tasks of the red team, and thirdly, the development of good blue team strategies and tools.

The aim is to develop a "cyber range" and different attack scenarios along these three pillars, which will teach students step by step the different attack methods and how to defend against them. Initially, simple attacks and vulnerabilities are presented that are easy to understand and manage, and then gradually progress to more complex attacks and defence strategies.

Related thesis / dissertation topics HERE...

 

Development

Architect of Security Operation Center:

 

 

Infrastructure of the lab:

Publications

Theses, dissertations and TDKs:

  • Orsós Miklós: Biztonsági műveleti központ módszertan kialakítása 5G mobilhálózatokban
  • Kecskés Miklós Vilmos: Napló kezelés kialakítása biztonsági műveleti központ használatával 5G hálózatokban
  • Kincses László Nándor: Támadások észlelése 5G hálózatokban naplóadatok alapján
  • Schmidt Krisztián: Rádiós interfészek sérülékenységei 5G-s hálózatokban
  • Berze-Simkó Bálint: Honeypotok alkalmazhatóságának vizsgálata 5G környezetben
  • Adámi Bence: SIEM rendszerek adaptálása 5G hálózatokra
  • Tóth András: 5G sérülékenységek elemzése biztonsági műveleti központban
  • Bánki Máté: Felhasználókezelés tervezése és kialakítása Biztonsági Műveleti Központban, 2023 január
  • Szabó Márton Bálint BSc: Webes sérülékenységek elemzése és szimulálása, 2023 január
  • Tusor Tamás BSc: Beágyazott rendszerek Kiber-biztonsági vizsgálata az iparban és otthoni környezetben, 2023 január
  • Koltai Gábor József BSc: Automotive Ethernet: Biztonsági analízis és tesztelés, 2023 január
  • Vereczki András Sándor BSc: Járműelektronikai átjárórendszer: Biztonsági elemzés és értékelés, 2023 január
  • Tarr Zsombor BSc: IDS/IPS rendszerek optimalizálása biztonsági műveleti központban, 2023 január
  • Leposa Márkó Dániel BSc: Kiberbiztonsági elemző rendszer adatgyűjtő moduljának megtervezése és megvalósítása, 2023 január
  • Román Péter BSc: SIEM megoldások, a Biztonsági műveleti központhoz, 2023 január
  • Kruppa Ádám BSc: Sérülékenységi vizsgálat biztonsági műveleti központban, 2023 január
  • Érsok Máté BSc: Honeypotok szerepe támadások felderítésében, API környezetben, 2022 június
Papers can be downloaded electronically from the Library!

 

 

Publications

  1. A. Balogh, M. Érsok, L. Erdődi, A. Szarvák, E. Kail, and A. Bánáti, “Honeypot optimization based on CTF game,” in IEEE 20th Jubilee World Symposium on Applied Machine Intelligence and Informatics SAMI (2022), 2022, pp. 153–157.
  2. A. Bánáti, E. Rigó, R. Fleiner, and E. Kail, “Use cases of attack graph for SOC optimization purpose,” in 2022 IEEE 26th International Conference on Intelligent Engineering Systems (INES 2022), 2022, pp. 143–147.
  3. M. Érsok, Á. Balogh, L. Erdődi, M. Kozlovszky, E. Kail, and A. Bánáti, “Measuring Honeypots based on CTF game,” in IEEE 10th Jubilee International Conference on Computational Cybernetics and Cyber-Medical Systems ICCC 2022, 2022, pp. 123–128.
  4. G. Simon-Nagy, R. Fleiner, and A. Bánáti, “Attack graph implementation in graph database,” in IEEE 20th Jubilee International Symposium on Intelligent Systems and Informatics (SISY 2022), 2022, pp. 127–132.
  5. M. V. Kecskés, M. Orsós, E. Kail, A. Németh, and A. Bánáti, “5G registration tracking based on logdata,” in IEEE 10th Jubilee International Conference on Computational Cybernetics and Cyber-Medical Systems ICCC 2022, 2022, pp. 129–134.
  6. N.-E. S. Mera, M. Kozlovszky, Á. Csilling, A. Banati, and B. Abdallah, “Overview of Attack Graph Generation For Automotive Systems,” in IEEE 10th Jubilee International Conference on Computational Cybernetics and Cyber-Medical Systems ICCC 2022, 2022, pp. 135–142.
  7. M. Orsós, M. V. Kecskés, E. Kail and A. Bánáti, “Log collection and SIEM for 5G SOC,” in IEEE 20th Jubilee World Symposium on Applied Machine Intelligence and Informatics SAMI (2022), 2022, pp. 147–151.
  8. R. Fleiner, R. Hubert, A. Bánáti, and L. Erdődi, “Security threats based on critical database system privileges,” in IEEE 10th Jubilee International Conference on Computational Cybernetics and Cyber-Medical Systems ICCC 2022, 2022, pp. 117–122.
  9. H. Ruben, B. Anna, E. László, and F. Rita, “Strengthening Database Security with Capture the Flag Exercises,” in 2022 IEEE 26th International Conference on Intelligent Engineering Systems (INES 2022), 2022, pp. 137–142.
  10. M. V. Kecskés, M. Orsós, E. Kail, and A. Bánáti, “Monitoring 5G networks in Security Operation Center,” in 21th IEEE International Symposium on Computational Intelligence and Informatics (CINTI 2021), 2021, pp. 223–227.
  11. D. Mahmoud, A. B. Tóth, E. Kail, and A. Bánáti, “5G Vulnarabilities from Security Operation Center’s Perspective,” in 21th IEEE International Symposium on Computational Intelligence and Informatics (CINTI 2021), 2021, pp. 229–234.
  12. K. Juhász, V. Póser, M. Kozlovszky, and A. Bánáti, “WiFi vulnerability caused by SSID forgery in the IEEE 802.11 protocol,” in 2019 IEEE 17TH WORLD SYMPOSIUM ON APPLIED MACHINE INTELLIGENCE AND INFORMATICS (SAMI 2019), 2019, pp. 333–338.
  13. A. Bánáti, E. Kail, K. Karóczkai, and M. Kozlovszky, “Authentication and authorization orchestrator for microservice-based software architectures,” in 2018 41st International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), 2018.
  14. E. Kail, A. Bánáti, L. Erdődi, and K. Miklós, “Security Survey of Dedicated IoT Networks in the Unlicensed ISM Bands,” in IEEE 12th International Symposium on Applied Computational Intelligence and Informatics (SACI 2018), 2018, pp. 449–454.