Short CV

Markus Wurzenberger is a junior scientist and project manager at AIT – Austrian Institute of Technology, located in Vienna, Austria. Since 2014 he is part of the cyber security research group of AIT’s Center for Digital Safety and Security. His main research interests are log data analysis with focus on anomaly detection and cyber threat intelligence (CTI). Markus is one of the key researchers working on AIT’s anomaly detection project AECID. Among the most prominent solutions developed within this project, Markus and his team created AMiner, a software component for log analysis, which implements several anomaly detection algorithms and is included as packet in the official Debian distribution.

In 2016, Markus enrolled for his PhD studies in computer science, with focus on anomaly detection in computer log data. The subject of his PhD aligns with several national and international research projects AIT is involved in. In 2015 Markus obtained his Master’s Degree in Technical Mathematics at the Vienna University of Technology. Since 2014 he is a full-time researcher at AIT in the area of cyber security.

Contact

Current affiliation:
AIT Austrian Institute of Technology GmbH
Giefinggasse 4
1210 Vienna – Austria

E-Mail: firstname.lastname@ait.ac.at

Last updated: 2020-05-13

Short CV

Markus Wurzenberger is a junior scientist and project manager at AIT – Austrian Institute of Technology, located in Vienna, Austria. Since 2014 he is part of the cyber security research group of AIT’s Center for Digital Safety and Security. His main research interests are log data analysis with focus on anomaly detection and cyber threat intelligence (CTI). Markus is one of the key researchers working on AIT’s anomaly detection project AECID. Among the most prominent solutions developed within this project, Markus and his team created AMiner, a software component for log analysis, which implements several anomaly detection algorithms and is included as packet in the official Debian distribution.

In 2016, Markus enrolled for his PhD studies in computer science, with focus on anomaly detection in computer log data. The subject of his PhD aligns with several national and international research projects AIT is involved in. In 2015 Markus obtained his Master’s Degree in Technical Mathematics at the Vienna University of Technology. Since 2014 he is a full-time researcher at AIT in the area of cyber security.

Contact

Current affiliation:
AIT Austrian Institute of Technology GmbH
Giefinggasse 4
1210 Vienna – Austria

E-Mail: firstname.lastname@ait.ac.at

Last updated: 2020-05-06

Research interests

Log-based anomaly detection

Intrusion detection systems (IDS) can employ three different methods: (i) signature-based (knowledge), (ii) anomaly-based (behavior) and (iii) stateful protocol analysis (specification). While signatures are simple to deploy and effective against known attacks, they are not able to detect novel attacks such as zero-day exploits and can be easily evaded by sophisticated attackers. Keeping signatures up to date in nowadays’ fast evolving cyber threat landscape is complicated and can be ineffective. Furthermore, no signatures are usually available for legacy systems and systems with small market shares, as they lack of vendor support and are poorly documented.

Anomaly-based IDS aim to overcome these limitations. Anomaly detection systems build a baseline by learning the normal system behavior; they then compare all occurring events against this baseline to identify deviations. With this approach it is also possible to detect previously unknown attacks and to secure networks and IT systems against zero-day threats, as well as tailored sophisticated attacks, such as advanced persistent threats (APT).
Most anomaly detection systems employed nowadays analyze pure network traffic. However, due to end-to-end encryption, most of the traffic is encrypted and this precludes deep packet inspection (DPI).
Log data, instead, is normally available in plain text and is therfore becoming a more valuable source for anomaly detection. Every system and service produces log data that reflects and tracks its behavior. Anomaly detection systems leverage log data to monitor all system events and their occurrences over time; this allows to identify unusual event sequences that may indicate malicious activity.

In the course of the AECID project, my research activities comprise the design and development of novel anomaly detection algorithms for AMiner. My primary focus is on self-learning algorithms, able to autonomously determine the normal behavior of systems or computer networks, and identify discrepancies that indicate anomalies. The advantage of such algorithms is that they require only a minimum amount of computational resources, making them flexibly deployable at host-, application-, or network-layer, as well as across layers.
Other research topics include automatic log parsing and correlation rule generation.

Research videos

AECID Demo – Anomaly Detection with AMiner and Reporting to IBM QRadar

Published on 2020-05-13 on YouTube
Credits for recording the video go to Max Landauer.

Further information: AECID, AMiner, GUARD

The log data used in the demonstration is available via Zenodo.

his video introduces the AMiner as a log-based anomaly detection tool. The AMiner allows to create pipelines for collecting, parsing, filtering, and analyzing log data. Thereby, the pipeline can be individually configured using modules from the AECID toolbox, including parsing models, detectors, and interfaces to established standards such as message queues. In the video, we briefly outline the theoretical background of AMiner’s efficient log parsing and anomaly detection approach and then demonstrate its practical application in a scenario involving an attack on a Horde Webmail web server (CVE-2019-9858). Finally, the disclosed anomalies are viewed in IBM’s QRadar SIEM.

Analysis techniques presented in this video include:

  • New event detection (log lines that do not cohere with the parser model)
  • Anomalous value detection (new parameter values in log lines)
  • Anomalous combination detection (new occurrence of groups of parameter values) 

AMiner demo: MQTT security and AMiner anomaly detection

Published on 2019-11-29 on YouTube
Credits for recording the video go to Arndt Bonitz.

Further information: AECID, AMiner, GUARD, IoT4CPS

This video gives a short introduction to a demonstrator developed within the IoT4CPS project. This demonstrator integrates the logdata-anomaly-miner (AMiner) in a small testbed, consisting of a cyber-physical system (a robotic arm) and IoT devices communicating via MQTT. It shows the benefits of using anomaly detection and security measures in a CPS/IoT environment.

AECID demo - logdata anomaly miner (AMiner)

Published on 2019-10-7 on YouTube
Credits for recording the video go to Max Landauer.

Further information: AECID, AMiner, GUARD

This video shortly introduces the logdata-anomaly-miner (AMiner) and its capabilities. The component allows to create log analysis pipelines to analyze log data streams and detect violations or anomalies. It can be run from console, as daemon with e-mail alerting and interfacing message queues or embedded as library into own programs. It was designed to run the analysis with limited resources and lowest possible permissions to make it suitable for production server use.

Analysis methods demonstrated in this video include:

  • Pattern detection similar to logcheck but with extended syntax and options (open-source)
  • ComboDetector for the detection of new data elements (IPs, user names, MAC addresses) and their combined occurrences (open-source)
  • VariableTypeDetector for statistical anomalies of parameter values, distributions, and frequencies (not open-source)
  • CorrelationDetector for generating and checking event correlation rules (not open-source)

The tool is suitable to replace logcheck but also to operate as a sensor feeding a SIEM.

CAESAIR - Screencast

Published on 2016-12-16 on YouTube
Credits for recording the video go to Giuseppe Settanni.

Further information: CAESAIR, ECOSSIAN

CÆSAIR is a cyber threat intelligence solution designed to provide analytical support for security experts carrying out IT incident handling tasks on a local, national or international level. Thanks to its powerful correlation capability, CÆSAIR provides analysts with the necessary support to handle reported incident information. It aggregates and examines intelligence acquired from numerous Open Source INTelligence (OSINT) feeds; it quickly identifies related threats and existing mitigation procedures; it allows to establish cyber situational awareness by keeping track of security incidents and threats affecting the monitored infrastructures over time.

Research projects

Current projects

  1. DECEPT – Detection and Handling of Cyber-Physical Attacks (2020-2022)
    National research project funded by the FFG – ICT of the Future research program
    Role: Contributor
    Abstract: While there exist numerous behavior-based anomaly detection approaches for enterprise-IT security, they are not easily applicable to other domains, e.g. embedded systems and IoT. They are usually highly optimized for specific purposes, are tightly bound to domain-specific technologies and rely on a specific syntax of investigated data or events. DECEPT will provide a generally applicable cross-domain anomaly detection approach, that monitors unstructured textual event data (i.e., log data of any form, encoding, size or frequency), and implement unsupervised self-learning, which supports applications in different independent domains. To emphasize general applicability, a parser generator will be developed that applies unsupervised self-learning to establish a model of normal system behavior on top of observed system events, which then can be leveraged to detect anomalies that manifest in deviations from that baseline. Furthermore, a concept for unsupervised anomaly detection will be designed, implemented and validated that applies machine learning techniques, correlation rules, time series analysis and statistical rules that will be automatically generated and afterwards evaluated with a smart rule generator and evaluator. DECEPT’s general and cross-domain applicability will be demonstrated in the domains of (i) Enterprise IT security and (ii) Embedded Systems/IoT security. Concrete proof of concepts to be realized are anomaly detection for Web-server landscape security and IT-supported facility security. In light of the GDPR, technical developments will be supervised by a legal expert to aid the later potential commercial exploitation of DECEPT.
  2. MALORI – Malware Communication in Critical Infrastructures (2020 – 2021)
    National research project funded by the FFG – KIRAS security research program
    Role: Contributor
    Abstract: The project MALORI investigates new techniques for hidden malware communication in critical infrastructures such as encryption and network steganography (covert and subliminal channels) and explores suitable methods to detect and contain hidden malware communication. In terms of detection methods, MALORI sets particular emphasis on the investigation of opportunities and challenges of machine learning based algorithms. As part of a structured in-depth analysis of malware, including theoretical models for hidden communication according to the state of art, existing and potential future attack possibilities for specific critical infrastructures are defined as use cases. Based on those scenarios new detection and containment methods are developed. Recommendations are formulated to assess and minimize new threats by protocols. A holistic detection approach aims at combining data from various sources for a more comprehensive evaluation and consideration of context to improve classification and detection performance. The developed methods will be also evaluated with regard to their robustness against active manipulation, extending the research in the field of adversarial machine learning.
  3. GUARD – A Cybersecurity Framework to Guarantee Reliability and Trust for Digital Service chains (2019 – 2022)
    EU Innovation Action. H2020-SU-ICT-2018-2020; Grant agreement no: 833456
    Role: Work Package Leader
    Abstract: Evolving business models are progressively reshaping the scope and structure of ICT services, with massive introduction of virtualization paradigms and tight integration with the physical environment. Several market forces are already driving towards the creation of multi-domain and complex business service chains, which undoubtedly bring more agility in service deployment and operation but introduce additional security and privacy concerns that have not been addressed in a satisfactory way yet. Tackling conflicting trends in the cybersecurity market, like fragmentation or vendor lock-ins, GUARD will develop an open and extensible platform for advanced assurance and protection of trustworthy and reliable business chains spanning multiple administrative domains and heterogeneous infrastructures. The purpose of GUARD is manifold: i) to increase the information base for analysis and detection, while preserving privacy, ii) to improve the detection capability by data correlation between domains and sources, iii) to verify reliability and dependability by formal methods that take into account configuration and trust properties of the whole chain, and iv) to increase awareness by better propagation of knowledge to the humans in the loop. The distinctive approach of GUARD will be the architectural separation between analysis and data sources, mediated by proper abstraction; this paradigm will result in an open, modular, pluggable, extendable, and scalable security framework. This holistic solution will blend security-by-design with enhanced inspection and detection techniques, raising situational awareness at different levels of the companies’ structure by tailored informative contents, so to enable quick and effective reaction to cyber-threats. Demonstration and validation in two challenging scenarios is envisioned to bring the technology to an acceptable level of maturity, as well as direct involvement of relevant stakeholders for concrete business planning. 
  4. InduSec – Industrial Security (IT/OT convergence) (2019-2021)
    National research project funded by the FFG – 4th Call Qualification Networks
    Role: Contributor
    Abstract: InduSec focuses on information security in IT/OT environments and considers technical and organizational aspects of production from the point of view of attackers and defenders. Participants will learn the theoretical basics for securing existing IT/OT systems and new industry 4.0 technologies; the basics will be put into practice through exercises in a realistic test environment. Finally, a large-scale simulation game takes place in which the participants can apply the knowledge they have learned.

Past projects

  1. synERGY – Security for Cyber-Physical Value Networks Exploiting Smart Grid Systems (2017-2019)
    National research project funded by the FFG – ICT of the Future research program
    Role: Contributor
    Abstract: The degree of sophistication of modern cyber-attacks has increased in recent years – in the future, these attacks will increasingly target CPS. Unfortunately, today’s security solutions that are used for enterprise IT infrastructures are not sufficient to protect CPS, which have largely different properties, involve heterogeneous technologies, and have an architecture that is very much shaped to specific physical processes. The objective of synERGY is to develop new methods, tools and processes for cross-layer Anomaly Detection (AD) to enable the early discovery of both cyber- and physical-attacks with impact on CPS. To achieve this, synERGY will develop novel machine learning approaches to understand a system’s normal behaviour and detect consequences of security issues as deviations from the norm. The solution proposed by synERGY will flexibly adapt itself to specific CPS layers, thus improving its detection capabilities. Moreover, synERGY will interface with various organizational data sources, such as asset databases, configuration management, and risk data to facilitate the semi-automatic interpretation of detected anomalies. The synERGY approach will be evaluated in real smart grid vendor environments – a societally important CPS. We propose, because of the approach taken in the project, the synERGY results will be readily applicable to a wide range of CPS in value networks, and will thus result in broader impact on future CPS security solutions.
  2. SEMI4.0 – Power Semiconductor and Electronics Manufacturing 4.0 (2016-2019)
    ECSEL Joint Undertaking, Innovation Action 692466-2, Call 2015-2
    Role: Contributor
    Abstract: Electronic components and systems are key drivers for the innovation capacity of European industries, large and small, generating economic growth and supporting meaningful jobs for citizens. They offer solutions to some of the difficult societal challenges addressing European policies for 2020 and beyond. For both reasons, it is vital that investments are made to assure European collaboration and the access to the technologies, know-how and manufacturing capabilities, which guarantee growth potential and strategic independence in the face of increased globalization.
  3. ECOSSIAN – European Control System Security Incident Analysis Network (2014-2017)
    EU large-scale integrated project. FP7 Security Call; Grant agreement no: 607577
    Role: Contributor
    Abstract: The protection of critical infrastructures increasingly demands solutions which support incident detection and management at the levels of individual CI, across CIs which are depending on each other, and across borders. An approach is required which really integrates functionalities across all these levels. Cooperation of privately operated CIs and public bodies (governments and EU) is difficult but mandatory. After about 10 years of analysis and research on partial effects in CIP and for individual infrastructure sectors, ECOSSIAN is supposed to be the first attempt to develop this holistic system in the sense portrayed above. A prototype system will be developed which facilitates preventive functions like threat monitoring, early indicator and real threat detection, alerting, support of threat mitigation and disaster management. In the technical architecture with an operations centre and the interfaces to legacy systems (e.g., SCADA), advanced technologies need to be integrated, including fast data aggregation and fusion, visualization of the situation, planning and decision support, and flexible networks for information sharing and coordination support, and the connection of local operations centres. This system will only be successful, if the technical solutions will be complemented by an effective and agreed organizational concept and the implementation of novel rules and regulations. And finally, the large spectrum of economically intangible factors will have significant influence on the quality and acceptance of the system. These factors of societal perception and appreciation, the existing and required legal framework, questions of information security and implications on privacy will be analyzed, assessed and regarded in the concept. The system will be tested, demonstrated and evaluated in realistic use cases. They will be developed with the community of stakeholders and cover the sectors energy, transportation and finance, and the ubiquitous sector of ICT.

Publications and talks

Links to databases

Journal and magazine articles

  1.  Landauer M., Skopik F., Wurzenberger M., Rauber A. (2020): System Log Clustering Approaches for Cyber Security Applications: A Survey. Elsevier Computers & Security Journal, Volume 92. May 2020, pp. 1-17. Elsevier. [PDF]
  2. Landauer M., Wurzenberger M., Skopik F., Settanni G., Filzmoser P. (2018): Dynamic Log File Analysis: An Unsupervised Cluster Evolution Approach for Anomaly Detection. Elsevier Computers & Security Journal, Volume 79. November 2018, pp. 94-116. Elsevier. [PDF]
  3. Skopik F., Wurzenberger M., Fiedler R. (2018): synERGY: Detecting advanced attacks across multiple layers of cyber-physical systems. ERCIM News, Number 114, July 2018, pp. 30-31. ERCIM – The European Research Consortium for Informatics and Mathematics.
  4. Settanni G., Skopik F., Wurzenberger M., Fiedler R. (2018): Countering targeted cyber-physical attacks using anomaly detection in self-adaptive Industry 4.0 Systems. e&i Elektrotechnik und Informationstechnik, Volume 135, Issue 3, pp. 278-285. Springer.
  5. Wurzenberger M., Skopik F. (2016): The BAESE Testbed – Analytic Evaluation of IT Security Tools in Specified Network Environments. ERCIM News, Number 107, October 2016, pp. 51-52. ERCIM – The European Research Consortium for Informatics and Mathematics.
  6. Wurzenberger M., Skopik F., Settanni G., Scherrer W. (2016): Complex Log File Synthesis for Rapid Sandbox-Benchmarking of Security- and Computer Network Analysis Tools. Elsevier Information Systems (IS), Volume 60, Aug./Sept. 2016, pp. 13-33. Elsevier. [PDF]

Conference papers

    2020

  1. Wurzenberger M., Höld G., Landauer M., Skopik F., Kastner W. (2020): Creating Character-based Templates for Log Data to Enable Security Event Classification. 15th ACM ASIA Conference on Computer and Communications Security (ACM Asia CCS), October 05-09, 2020, Taipei, Taiwan. ACM. [PDF]
  2. Landauer M., Skopik F., Wurzenberger M., Hotwagner W., Rauber A. (2020): Visualizing Syscalls using Self-Organizing Maps for System Intrusion Detection. 6th International Conference on Information Systems Security and Privacy (ICISSP 2020), February 25-27, 2020, Valetta, Malta. INSTICC. [PDF]
  3. 2019

  4. Landauer M., Skopik F., Wurzenberger M., Hotwagner W., Rauber A. (2019): A Framework for Cyber Threat Intelligence Extraction from Raw Log Data. International Workshop on Big Data Analytics for Cyber Threat Hunting (CyberHunt 2019) in conjunction with the IEEE International Conference on Big Data 2019, December 9-12, 2019, Los Angeles, CA, USA. IEEE. [PDF]
  5. Wurzenberger M., Landauer M., Skopik F., Kastner W. (2019): AECID-PG: A Tree-Based Log Parser Generator To Enable Log Analysis. 4th IEEE/IFIP International Workshop on Analytics for Network and Service Management (AnNet 2019) in conjunction with the IFIP/IEEE International Symposium on Integrated Network Management (IM), April 8, 2019, Washington D.C., USA. IEEE. [PDF]
  6. 2018

  7. Landauer M., Wurzenberger M., Skopik F., Settanni G., Filzmoser P. (2018): Time Series Analysis: Unsupervised Anomaly Detection Beyond Outlier Detection. 14th International Conference on Information Security Practice and Experience (ISPEC), September 25-27, 2018, Tokyo, Japan. Springer LNCS. [PDF]
  8. Settanni G., Skopik F., Karaj, A., Wurzenberger M., Fiedler R. (2018): Protecting Cyber Physical Production Systems using Anomaly Detection to enable Self-adaptation. 1st IEEE International Conference on Industrial Cyber-Physical Systems (ICPS), May 15-18, 2018, Saint-Petersburg, Russia. IEEE. [PDF]
  9. Wurzenberger M., Skopik F., Settanni G., Fiedler R. (2018): AECID: A Self-learning Anomaly Detection Approach Based on Light-weight Log Parser Models. 4th International Conference on Information Systems Security and Privacy (ICISSP 2018), January 22-24, 2018, Funchal, Madeira - Portugal. INSTICC. [PDF]
  10. 2017

  11. Wurzenberger M., Skopik F., Landauer M., Greitbauer P., Fiedler R., Kastner W. (2017): Incremental Clustering for Semi-Supervised Anomaly Detection applied on Log Data. 12th International Conference on Availability, Reliability and Security (ARES), August 29 - September 01, 2017, Reggio Calabria, Italy. ACM. [PDF]
  12. Wurzenberger M., Skopik F., Fiedler R., Kastner W. (2017): Applying High-Performance Bioinformatics Tools for Outlier Detection in Log Data. 3rd IEEE International Conference on Cybernetics (CYBCONF), June 21-23, 2017, Exeter, UK. IEEE. [PDF]
  13. Settanni G., Shovgenya Y., Skopik F., Graf R., Wurzenberger M., Fiedler R. (2017): Acquiring Cyber Threat Intelligence through Security Information Correlation. 3rd IEEE International Conference on Cybernetics (CYBCONF), June 21-23, 2017, Exeter, UK. IEEE. [PDF]
  14. 2016

  15. Settanni G., Shovgenya, Y., Skopik F., Graf R., Wurzenberger M., Fiedler R. (2016): Correlating Cyber Incident Information to Establish Situational Awareness in Critical Infrastructures. 14th Conference on Privacy, Security and Trust (PST), December 12-14, 2016, Auckland, New Zealand. IEEE. [PDF]
  16. Wurzenberger M., Skopik F., Fiedler R., Kastner W. (2016): Discovering Insider Threats from Log Data with High-Performance Bioinformatics Tools. 8th ACM CCS International Workshop on Managing Insider Security Threats (MIST 2016) colocated with the 23rd ACM Conference on Computer and Communications Security (CCS), October 24-28, 2016, Vienna, Austria. ACM. [PDF]
  17. Friedberg I., McLaughlin S., Smith P., Wurzenberger M. (2016): Towards a Resilience Metric Framework for Cyber-Physical Systems. 4th International Symposium for ICS & SCADA Cyber Security Research (ICS-CSR), August 23-25, 2016, Belfast, UK. ACM. [PDF]
  18. 2015

  19. Skopik F., Wurzenberger M., Settanni G., Fiedler R. (2015): Establishing National Cyber Situational Awareness through Incident Information Clustering. International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA 2015), June 8-9, 2015, London, UK. C-MRIC. [PDF]
  20. Wurzenberger M., Skopik F., Settanni G., Fiedler R. (2015): Beyond Gut Instincts: Understanding, Rating and Comparing Self-Learning IDSs (Poster and Extended Abstract). International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA 2015), June 8-9, 2015, London, UK. C-MRIC. [PDF]

Book chapters

  1. Wurzenberger M., Skopik F., Settanni G. (2018): Big Data for Cyber Security. In Encyclopedia of Big Data Technologies. Sakr, Sherif and Zomaya, Albert (Eds.) Springer International Publishing, 2019, Online ISBN: 978-3-319-63962-8.
  2. Friedberg I., Wurzenberger M., Balushi A., Kang B. (2017): From Monitoring, Logging, and Network Analysis to Threat Intelligence Extraction. pp. 69-127. In Collaborative Cyber Threat Intelligence: Detecting and Responding to Advanced Cyber Attacks at the National Level. Editor: Florian Skopik Taylor & Francis, CRC Press, 2017, ISBN-10: 1138031828, ISBN-13: 978-1138031821.

Keynotes and invited talks

  1. Landauer M., Wurzenberger M.: “ÆCID: A self-learning Anomaly Detection Approach Based on Light-weight Log Analytics”; BSides Vienna 2019, Vienna, Austria, November 30, 2019. [slides]
  2. Skopik F., Wurzenberger M., Landauer M.: “Machine Learning für Logdatenanalyse – Ein Ausblick auf Morgen”; IKT Sicherheitskonferenz des Abwehramts, Fürstenfeld, Austria, October 1,2019. [slides]

Panels

  1. Artificial Intelligence in Cyber Security, Panel Participant at the European Big Data Value Forum, November 12-15, 2018, Vienna, Austria.

Patents

  1. Wurzenberger M., Höld G., Landauer M., Skopik F. (2020): EP20160854.4 – Verfahren zur Charakterisierung des Betriebszustands eines Computersystems (“Cluster Templates EP”), European Patent pending, March 2020.
  2. Wurzenberger M., Landauer M., Skopik F., Fiedler R. (2019): EP19169705.1 – Verfahren zur Charakterisierung des Zustands eines Computersystems (“Grammatikerkennung EP”), European Patent pending, April 2019.
  3. Wurzenberger M., Höld G., Landauer M., Skopik F. (2019): A50285/2019 – Verfahren zur Charakterisierung des Betriebszustands eines Computersystems (“Cluster Templates AT”), Austrian Patent pending, April 2019.
  4. Landauer M., Skopik F., Wurzenberger M. (2019): EP3528162 – Method for recognizing abnormal operational states (“Time Series Analysis EP”), European Patent granted, January 2019.
  5. Wurzenberger M., Landauer M., Skopik F., Fiedler R. (2018): A50461/2018 – Verfahren zur Charakterisierung des Zustands eines Computersystems (“Grammatikerkennung AT”), Austrian Patent pending, June 2018.
  6. Wurzenberger M., Skopik F. (2018): EP18160444.8 – Method for detecting normal operating states in a working process (“Maschinendatensaetze EP”), European Patent pending, March 2018.
  7. Landauer M., Skopik F., Wurzenberger M. (2018): A50156/2018 (AT 520.746) – Verfahren zur Erkennung von anormalen Betriebszuständen (engl.: Method for detecting anormal operating states) (“Time Series Analysis AT”), Austrian Patent granted, February 2018.
  8. Fiedler R., Skopik F., Wurzenberger M. (2017): EP3267625 – Method for detecting anomolous states in a computer network (“Bioclustering EP”), European Patent granted, July 2017.
  9. Wurzenberger M., Skopik F. (2017): A50233/2017 (AT 519.777) – Verfahren zur Erkennung des normalen Betriebszustands eines Arbeitsprozesses (engl.: Method for detecting normal operating states in a working process) (“Maschinendatensaetze AT”), Austrian Patent granted, March 2017.
  10. Fiedler R., Skopik F., Wurzenberger M. (2016): A50601/2016 (AT 518.805) – Verfahren zur Detektion von anomalen Zuständen in einem Computernetzwerk (engl.: Method for detecting anomolous states in a computer network) (“Bioclustering AT”), Austrian Patent granted, July 2016.