Autor*innen mit den meisten Dokumenten
Auflistung nach:
Neueste Veröffentlichungen
- ZeitschriftenartikelEnabling data-centric AI through data quality management and data literacy(it - Information Technology: Vol. 64, No. 1-2, 2022) Abedjan, ZiawaschData is being produced at an intractable pace. At the same time, there is an insatiable interest in using such data for use cases that span all imaginable domains, including health, climate, business, and gaming. Beyond the novel socio-technical challenges that surround data-driven innovations, there are still open data processing challenges that impede the usability of data-driven techniques. It is commonly acknowledged that overcoming heterogeneity of data with regard to syntax and semantics to combine various sources for a common goal is a major bottleneck. Furthermore, the quality of such data is always under question as the data science pipelines today are highly ad-hoc and without the necessary care for provenance. Finally, quality criteria that go beyond the syntactical and semantic correctness of individual values but also incorporate population-level constraints, such as equal parity and opportunity with regard to protected groups, play a more and more important role in this process. Traditional research on data integration was focused on post-merger integration of companies, where customer or product databases had to be integrated. While this is often hard enough, today the challenges aggravate because of the fact that more stakeholders are using data analytics tools to derive domain-specific insights. I call this phenomenon the democratization of data science, a process, which is both challenging and necessary. Novel systems need to be user-friendly in a way that not only trained database admins can handle them but also less computer science savvy stakeholders. Thus, our research focuses on scalable example-driven techniques for data preparation and curation. Furthermore, we believe that it is important to educate the breadth of society on implications of a data-driven world and actively promote the concept of data literacy as a fundamental competence.
- ZeitschriftenartikelExtracting network based attack narratives through use of the cyber kill chain: A replication study(it - Information Technology: Vol. 64, No. 1-2, 2022) Weathersby, Aaron; Washington, MarkThe defense of a computer network requires defenders to both understand when an attack is taking place and understand the larger strategic goals of their attackers. In this paper we explore this topic through the replication of a prior study “Extracting Attack Narratives from Traffic Datasets” by Mireles et al. [Athanasiades, N., et al., Intrusion detection testing and benchmarking methodologies, in First IEEE International Workshop on Information Assurance. 2003, IEEE: Darmstadt, Germany]. In their original research Mireles et al. proposed a framework linking a particular cyber-attack model (the Mandiant Life Cycle Model) and identification of individual attack signatures into a process as to provide a higher-level insight of an attacker in what they termed as attack narratives. In our study we both replicate the original authors work while also moving the research forward by integrating many of the suggestions Mireles et al. provided that would have improved their study. Through our analysis, we confirm the concept that attack narratives can provide additional insight beyond the review of individual cyber-attacks. We also built upon one of their suggested areas by exploring their framework through the lens of Lockheed Martin Cyber Kill Chain. While we found the concept to be novel and potentially useful, we found challenges replicating the clarity Mireles et al. described. In our research we identify the need for additional research into describing additional components of an attack narrative including the nonlinear nature of cyber-attacks and issues of identity and attribution.
- ZeitschriftenartikelTowards practical privacy-preserving protocols(it - Information Technology: Vol. 64, No. 1-2, 2022) Demmler, DanielProtecting users’ privacy in digital systems becomes more complex and challenging over time, as the amount of stored and exchanged data grows steadily and systems become increasingly involved and connected. Two techniques that try to approach this issue are the privacy-preserving protocols secure multi-party computation (MPC) and private information retrieval (PIR), which aim to enable practical computation while simultaneously keeping sensitive data private. In the dissertation [Daniel Demmler. “Towards Practical Privacy-Preserving Protocols”. Diss. Darmstadt: Technische Universität, 2018. url: http://tuprints.ulb.tu-darmstadt.de/8605/], summarized in this article, we present results showing how real-world applications can be executed in a privacy-preserving way. This is not only desired by users of such applications, but since 2018 also based on a strong legal foundation with the GDPR in the European Union, that enforces privacy protection of user data by design.
- ZeitschriftenartikelPrivacy-preserving Web single sign-on: Formal security analysis and design(it - Information Technology: Vol. 64, No. 1-2, 2022) Schmitz, GuidoSingle sign-on (SSO) systems, such as OpenID and OAuth, allow Web sites to delegate user authentication to third parties, such as Facebook or Google. These systems provide a convenient mechanism for users to log in and ease the burden of user authentication for Web sites. Conversely, by integrating such SSO systems, they become a crucial part of the security of the modern Web. So far, it has been hard to prove if Web standards and protocols actually meet their security goals. SSO systems, in particular, need to satisfy strong security and privacy properties. In this thesis, we develop a new systematic approach to rigorously and formally analyze and verify such strong properties with the Web Infrastructure Model (WIM), the most comprehensive model of the Web infrastructure to date. Our analyses reveal severe vulnerabilities in SSO systems that lead to critical attacks against their security and privacy. We propose fixes and formally verify that our proposals are sufficient to establish security. Our analyses, however, also show that even Mozilla’s proposal for a privacy-preserving SSO system does not meet its unique privacy goal. To fill this gap, we use our novel approach to develop a new SSO system, SPRESSO, and formally prove that our system indeed enjoys strong security and privacy properties.
- ZeitschriftenartikelReplication study challenges and new number formats for chaotic pseudo random number generators(it - Information Technology: Vol. 64, No. 1-2, 2022) Heßeling, Carina; Keller, JörgChaotic Pseudo Random Number Generators have been seen as a promising candidate for secure random number generation. Using the logistic map as state transition function, we perform number generation experiments that illustrate the challenges when trying to do a replication study. Those challenges range from uncertainties about the rounding mode in arithmetic hardware over chosen number representations for variables to compiler or programmer decisions on evaluation order for arithmetic expressions. We find that different decisions lead to different streams with different security properties, where we focus on period length. However, descriptions in articles often are not detailed enough to deduce all decisions unambiguously. To address similar problems in other replication studies for security applications, we propose recommendations for descriptions of numerical experiments on security applications to avoid the above challenges. Moreover, we use the results to propose the use of higher-radix and mixed-radix representations to trade storage size for period length, and investigate if exploiting the symmetry of the logistic map function for number representation is advantageous.
- ZeitschriftenartikelIndustrial analytics – An overview(it - Information Technology: Vol. 64, No. 1-2, 2022) Gröger, ChristianThe digital transformation generates huge amounts of heterogeneous data across the industrial value chain, from simulation data in engineering, over sensor data in manufacturing to telemetry data on product use. Extracting insights from these data constitutes a critical success factor for industrial enterprises, e. g., to optimize processes and enhance product features. This is referred to as industrial analytics, i. e., data analytics for industrial value creation. Industrial analytics is an interdisciplinary subject area between data science and industrial engineering and is at the core of Industry 4.0. Yet, existing literature on industrial analytics is fragmented and specialized. To address this issue, this paper presents a holistic overview of the field of industrial analytics integrating both current research as well as industry experiences on real-world industrial analytics projects. We define key terms, describe typical use cases and discuss characteristics of industrial analytics. Moreover, we present a conceptual framework for industrial analytics that structures essential elements, e. g., data platforms and data roles. Finally, we conclude and highlight future research directions.
- ZeitschriftenartikelExploring syntactical features for anomaly detection in application logs(it - Information Technology: Vol. 64, No. 1-2, 2022) Copstein, Rafael; Karlsen, Egil; Schwartzentruber, Jeff; Zincir-Heywood, Nur; Heywood, MalcolmIn this research, we analyze the effect of lightweight syntactical feature extraction techniques from the field of information retrieval for log abstraction in information security. To this end, we evaluate three feature extraction techniques and three clustering algorithms on four different security datasets for anomaly detection. Results demonstrate that these techniques have a role to play for log abstraction in the form of extracting syntactic features which improves the identification of anomalous minority classes, specifically in homogeneous security datasets.
- ZeitschriftenartikelGuest editorial: Information security methodology and replication studies(it - Information Technology: Vol. 64, No. 1-2, 2022) Wendzel, Steffen; Caviglione, Luca; Mileva, Aleksandra; Lalande, Jean-Francois; Mazurczyk, WojciechThis special issue presents five articles that address the topic of replicability and scientific methodology in information security research, featuring two extended articles from the 2021 International Workshop on Information Security Methodology and Replication Studies (IWSMR). This special issue also comprises two distinguished dissertations.
- ZeitschriftenartikelFrontmatter(it - Information Technology: Vol. 64, No. 1-2, 2022) Frontmatter
- ZeitschriftenartikelTowards Human-Centered AI: Psychological concepts as foundation for empirical XAI research(it - Information Technology: Vol. 64, No. 1-2, 2022) Weitz, KatharinaHuman-Centered AI is a widely requested goal for AI applications. To reach this is explainable AI promises to help humans to understand the inner workings and decisions of AI systems. While different XAI techniques have been developed to shed light on AI systems, it is still unclear how end-users with no experience in machine learning perceive these. Psychological concepts like trust, mental models, and self-efficacy can serve as instruments to evaluate XAI approaches in empirical studies with end-users. First results in applications for education, healthcare, and industry suggest that one XAI does not fit all. Instead, the design of XAI has to consider user needs, personal background, and the specific task of the AI system.