Actual research areas
SOC R&D
One of our main research directions is the expansion and continuous development of our Security Operations Center (SOC), which is currently operating on campus and built with open-source tools. This will primarily involve optimization based on log and monitoring data from SOC-connected devices, but we are also working on broader solutions for attack detection. In a general network, we will fine-tune devices used on the defense side, such as firewalls, intrusion prevention/intrusion detection, antivirus and others, by analyzing data coming into the SOC, where appropriate using machine learning assisted methods. The result of the research is applied in various research, development and consultancy projects to prepare the systems and human resource of our partners to be cyber resilient.
Related thesis / dissertation topics HERE...
VSOC R&D
The rapid development of vehicle electronics in the last decades has led to the emergence of an increasing number of new electronically supported functions. The various control units no longer operate as autonomous devices, but together, using different communication protocols, have made it possible to build a vehicle electronics network. This continuous evolution also requires an increase in the reliability, data transfer rate and data volume of communication technologies. In addition, the connection of cars to the Internet places new demands on the protocols and networks used in the automotive industry. Our research aims at the security analysis of automotive electronic networks. We work together with large automotive companies in this direction to be sure that their products are cyber safe.
Related thesis / dissertation topics HERE...
Honeypot R&D
In order to protect an organization's network infrastructure, a so-called Honeypot mechanism is often used to detect, prevent or in some way counteract attempts to unauthorized use of information systems. To this end, systems incorporating several honeypot functions and services are often used, rather than just a single honeypot server. These systems trap attackers, trying to attract attention by simulating real services and environments. The aim is to attract and divert the attacker's attention from the real network. The main goal of our research is to build a framework for measuring the effectiveness of honeypots and to optimize honeypots based on the metrics. The honeypot system built in our SOC-supported network is tested by means of Capture the Flag (CtF) contests advertised among students. Here we have embedded CtF challenges in honeypot services that students have to find in a given time interval.
Related thesis / dissertation topics HERE...
Security analysis of 5G networks - 5G SOC development
The new 5th generation of mobile communications offers us a lot of new opportunities. However, new technological achievements naturally bring with them many new security threats. The main objective of our research is the security analysis of the RAN interface of 5G networks in a dedicated 5G lab. The research will investigate potential vulnerabilities from both the offensive and defensive sides and will also aim at enabling network monitoring by setting up a dedicated Security Operations Centre (SOC) for 5G networks. A state-of-the art physical infrastructures are established in our university working together with operators and technology suppliers.
Related thesis / dissertation topics HERE...
Investigating the applicability of attack graphs in SOC environments
Identification of vulnerabilities, security analysis and risk assessment, which are essential to identify and improve the security level of a network. It is also important for risk assessment to visualize the correlations between the attack actions that attackers can take. Tree structure-based or graph-based models are commonly used to represent attack paths. However, the use of these methods poses scalability problems and existing graph and tree generating applications usually have a very limited toolbox. The main thrust of our research is to implement an attack graph generator stored in a graph database that meets our own requirements, which will help to further optimize the functions supported by the SOC by scanning, analyzing and evaluating the data stored in our other research topics.
Related thesis / dissertation topics HERE...
Our R&D references
We do work by using open-source toolkits to build up our SOC environment. The following figure shows the built up core architecture and the processes we operate on it.
Related thesis / dissertation topics HERE...
Óbuda University SOC researches
Besides the computational infrastructure we do have two 5G research laboratories. One closed laboratory is dedicated to technology development. Here all tools can be found that are necessary for a modern communication laboratory. In our open laboratory, we use public frequencies of an operator in our research where the access points are installed on and in our building. In the open lab, the focus is on the applications.
Related thesis / dissertation topics HERE...
Cyber Range
Related thesis / dissertation topics HERE...
Development
Architect of Security Operation Center:
Infrastructure of the lab:
Publications
Theses, dissertations and TDKs:
- Orsós Miklós: Biztonsági műveleti központ módszertan kialakítása 5G mobilhálózatokban
- Kecskés Miklós Vilmos: Napló kezelés kialakítása biztonsági műveleti központ használatával 5G hálózatokban
- Kincses László Nándor: Támadások észlelése 5G hálózatokban naplóadatok alapján
- Schmidt Krisztián: Rádiós interfészek sérülékenységei 5G-s hálózatokban
- Berze-Simkó Bálint: Honeypotok alkalmazhatóságának vizsgálata 5G környezetben
- Adámi Bence: SIEM rendszerek adaptálása 5G hálózatokra
- Tóth András: 5G sérülékenységek elemzése biztonsági műveleti központban
- Bánki Máté: Felhasználókezelés tervezése és kialakítása Biztonsági Műveleti Központban, 2023 január
- Szabó Márton Bálint BSc: Webes sérülékenységek elemzése és szimulálása, 2023 január
- Tusor Tamás BSc: Beágyazott rendszerek Kiber-biztonsági vizsgálata az iparban és otthoni környezetben, 2023 január
- Koltai Gábor József BSc: Automotive Ethernet: Biztonsági analízis és tesztelés, 2023 január
- Vereczki András Sándor BSc: Járműelektronikai átjárórendszer: Biztonsági elemzés és értékelés, 2023 január
- Tarr Zsombor BSc: IDS/IPS rendszerek optimalizálása biztonsági műveleti központban, 2023 január
- Leposa Márkó Dániel BSc: Kiberbiztonsági elemző rendszer adatgyűjtő moduljának megtervezése és megvalósítása, 2023 január
- Román Péter BSc: SIEM megoldások, a Biztonsági műveleti központhoz, 2023 január
- Kruppa Ádám BSc: Sérülékenységi vizsgálat biztonsági műveleti központban, 2023 január
- Érsok Máté BSc: Honeypotok szerepe támadások felderítésében, API környezetben, 2022 június
Publications
- A. Balogh, M. Érsok, L. Erdődi, A. Szarvák, E. Kail, and A. Bánáti, “Honeypot optimization based on CTF game,” in IEEE 20th Jubilee World Symposium on Applied Machine Intelligence and Informatics SAMI (2022), 2022, pp. 153–157.
- A. Bánáti, E. Rigó, R. Fleiner, and E. Kail, “Use cases of attack graph for SOC optimization purpose,” in 2022 IEEE 26th International Conference on Intelligent Engineering Systems (INES 2022), 2022, pp. 143–147.
- M. Érsok, Á. Balogh, L. Erdődi, M. Kozlovszky, E. Kail, and A. Bánáti, “Measuring Honeypots based on CTF game,” in IEEE 10th Jubilee International Conference on Computational Cybernetics and Cyber-Medical Systems ICCC 2022, 2022, pp. 123–128.
- G. Simon-Nagy, R. Fleiner, and A. Bánáti, “Attack graph implementation in graph database,” in IEEE 20th Jubilee International Symposium on Intelligent Systems and Informatics (SISY 2022), 2022, pp. 127–132.
- M. V. Kecskés, M. Orsós, E. Kail, A. Németh, and A. Bánáti, “5G registration tracking based on logdata,” in IEEE 10th Jubilee International Conference on Computational Cybernetics and Cyber-Medical Systems ICCC 2022, 2022, pp. 129–134.
- N.-E. S. Mera, M. Kozlovszky, Á. Csilling, A. Banati, and B. Abdallah, “Overview of Attack Graph Generation For Automotive Systems,” in IEEE 10th Jubilee International Conference on Computational Cybernetics and Cyber-Medical Systems ICCC 2022, 2022, pp. 135–142.
- M. Orsós, M. V. Kecskés, E. Kail and A. Bánáti, “Log collection and SIEM for 5G SOC,” in IEEE 20th Jubilee World Symposium on Applied Machine Intelligence and Informatics SAMI (2022), 2022, pp. 147–151.
- R. Fleiner, R. Hubert, A. Bánáti, and L. Erdődi, “Security threats based on critical database system privileges,” in IEEE 10th Jubilee International Conference on Computational Cybernetics and Cyber-Medical Systems ICCC 2022, 2022, pp. 117–122.
- H. Ruben, B. Anna, E. László, and F. Rita, “Strengthening Database Security with Capture the Flag Exercises,” in 2022 IEEE 26th International Conference on Intelligent Engineering Systems (INES 2022), 2022, pp. 137–142.
- M. V. Kecskés, M. Orsós, E. Kail, and A. Bánáti, “Monitoring 5G networks in Security Operation Center,” in 21th IEEE International Symposium on Computational Intelligence and Informatics (CINTI 2021), 2021, pp. 223–227.
- D. Mahmoud, A. B. Tóth, E. Kail, and A. Bánáti, “5G Vulnarabilities from Security Operation Center’s Perspective,” in 21th IEEE International Symposium on Computational Intelligence and Informatics (CINTI 2021), 2021, pp. 229–234.
- K. Juhász, V. Póser, M. Kozlovszky, and A. Bánáti, “WiFi vulnerability caused by SSID forgery in the IEEE 802.11 protocol,” in 2019 IEEE 17TH WORLD SYMPOSIUM ON APPLIED MACHINE INTELLIGENCE AND INFORMATICS (SAMI 2019), 2019, pp. 333–338.
- A. Bánáti, E. Kail, K. Karóczkai, and M. Kozlovszky, “Authentication and authorization orchestrator for microservice-based software architectures,” in 2018 41st International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), 2018.
- E. Kail, A. Bánáti, L. Erdődi, and K. Miklós, “Security Survey of Dedicated IoT Networks in the Unlicensed ISM Bands,” in IEEE 12th International Symposium on Applied Computational Intelligence and Informatics (SACI 2018), 2018, pp. 449–454.