Refine
Departments, institutes and facilities
- Fachbereich Informatik (42)
- Institut für Technik, Ressourcenschonung und Energieeffizienz (TREE) (23)
- Fachbereich Ingenieurwissenschaften und Kommunikation (21)
- Institut für Cyber Security & Privacy (ICSP) (16)
- Fachbereich Wirtschaftswissenschaften (15)
- Institute of Visual Computing (IVC) (11)
- Institut für Verbraucherinformatik (IVI) (9)
- Internationales Zentrum für Nachhaltige Entwicklung (IZNE) (6)
- Fachbereich Angewandte Naturwissenschaften (5)
- Fachbereich Sozialpolitik und Soziale Sicherung (4)
- Institut für Sicherheitsforschung (ISF) (2)
- Centrum für Entrepreneurship, Innovation und Mittelstand (CENTIM) (1)
- Institut für Detektionstechnologien (IDT) (1)
Document Type
- Conference Object (105) (remove)
Year of publication
- 2016 (105) (remove)
Keywords
- IEEE802.11 (2)
- Large, high-resolution displays (2)
- Long-Distance WiFi (2)
- Privacy (2)
- SpMV (2)
- User Experience (2)
- WiLD (2)
- 3D user interface (1)
- API usability (1)
- ARM Cortex M3 Processor (1)
Recent years have seen extensive adoption of domain generation algorithms (DGA) by modern botnets. The main goal is to generate a large number of domain names and then use a small subset for actual C&C communication. This makes DGAs very compelling for botmasters to harden the infrastructure of their botnets and make it resilient to blacklisting and attacks such as takedown efforts. While early DGAs were used as a backup communication mechanism, several new botnets use them as their primary communication method, making it extremely important to study DGAs in detail.
In this paper, we perform a comprehensive measurement study of the DGA landscape by analyzing 43 DGAbased malware families and variants. We also present a taxonomy for DGAs and use it to characterize and compare the properties of the studied families. By reimplementing the algorithms, we pre-compute all possible domains they generate, covering the majority of known and active DGAs. Then, we study the registration status of over 18 million DGA domains and show that corresponding malware families and related campaigns can be reliably identified by pre-computing future DGA domains. We also give insights into botmasters’ strategies regarding domain registration and identify several pitfalls in previous takedown efforts of DGA-based botnets. We will share the dataset for future research and will also provide a web service to check domains for potential DGA identity.
Helping Johnny to Analyze Malware: A Usability-Optimized Decompiler and Malware Analysis User Study
(2016)
Der Arbeitskreis Usable Security & Privacy bietet ein Forum für den Gedankenaustausch und die interdisziplinäre Zusammenarbeit rund um das Thema benutzerfreundliche Informationssicherheit und privatheitsfördernde Technologien. Sicherheit ist bei der Anschaffung von Software und Technikprodukten zwar eines der zentralen Auswahlkriterien – aufgrund mangelnder Gebrauchstauglichkeit werden die vorhandenen Sicherheitsfunktionen und -mechanismen von den Nutzern jedoch oft falsch oder überhaupt nicht bedient. Im alltäglichen Gebrauch ergeben sich hierdurch Sicherheitsgefährdungen beim Umgang mit IKT-Systemen bzw. -Produkten und den darin enthaltenen sensiblen Daten. Im Workshop werden mit den Teilnehmern Beispiele diskutiert und es wird gemeinsam ein Stimmungsbild zum Verständnis, zum Stellenwert und zum aktuellen Grad der Umsetzung von Usable Security & Privacy erhoben. Ergebnis des Workshops ist ein Positionspapier, in dem die aktuellen Problemfelder und die wichtigsten Herausforderungen aus Sicht der Usability und UX Professionals beschrieben sind.
In Fortführung zum erfolgreichen Auftaktworkshop „Usable Security and Privacy: Nutzerzentrierte Lösungsansätze zum Schutz sensibler Daten“ auf der Mensch und Computer 2015 werden in einem zweiten wissenschaftlichen Workshop auf der diesjährigen Mensch und Computer vier Arbeiten auf dem Gebiet Usable Security and Privacy vorgestellt und diskutiert. Das Programm bilden Beiträge aus Forschung und Praxis, die neue nutzerzentrierte Ansätze, aber auch praxisrelevante Lösungen zur nutzerzentrierten Entwicklung und Ausgestaltung von digitalen Schutzmechanismen thematisieren. Mit dem Workshop wird das etablierte Forum weiterentwickelt, in dem sich Experten aus unterschiedlichen Domänen, z. B. dem Usability-Engineering und Security-Engineering, transdisziplinär austauschen können. Der Workshop wird von den Organisatoren als klassischer wissenschaftlicher Workshop ausgestaltet. Ein Programmkomitee hat die Einreichungen bewertet und daraus die zur Präsentation akzeptierten Beiträge ausgewählt.
This paper presents methods for the reduction and compression of meteorological data for web-based wind flow visualizations, which are tailored to the flow visualization technique. Flow data sets represent a large amount of data and are therefore not well suited for mobile networks with low data throughput rates and high latency. Using the mechanisms introduced in this paper, an efficient transfer of thinned out and compressed data can be achieved, while keeping the accuracy of the visualized information almost at the same quality level as for the original data.
Online media consumption is the main driving force for the recent growth of the Web. As especially realtime media is becoming more and more accessible from a wide range of devices, with contrasting screen resolutions, processing resources and network connectivity, a necessary requirement is providing users with a seamless multimedia experience at the best possible quality, henceforth being able to adapt to the specific device and network conditions. This paper introduces a novel approach for adaptive media streaming in the Web. Despite the pervasive pullbased designs based on HTTP, this paper builds upon a Web-native push-based approach by which both the communication and processing overheads are reduced significantly in comparison to the pull-based counterparts. In order to maintain these properties when enhancing the scheme by adaptation features, a server-side monitoring and control needs to be developed as a consequence. Such an adaptive push-based media streaming approach is intr oduced as main contribution of this work. Moreover, the obtained evaluation results provide the evidence that with an adaptive push-based media delivery, on the one hand, an equivalent quality of experience can be provided at lower costs than by adopting pull-based media streaming. On the other hand, an improved responsiveness in switching between quality levels can be obtained at no extra costs.
Application Programming Interfaces (APIs) are a vital link between software components as well as between software and developers. Security APIs deliver crucial functionalities for programmers who see themselves in the increasing need for integrating security services into their software products. The ignorant or incorrect use of Security APIs leads to critical security flaws, as has been revealed by recent security studies. One major reason for this is rooted in usability issues. API Usability research has been deriving recommendations for designing usable APIs in general. Facing the growing relevance of Security APIs, the question arises, whether the observed usability aspects in the general space are already sufficient enough for building usable Security APIs. The currently available findings in the API Usability domain are selective fragments only, though. This still emerging field has not produced a comprehensive model yet. As a consequence, a first contribution of this paper is such a model that provides a consolidated view on the current research coverage of API Usability. On this baseline, the paper continues by conducting an analysis of relevant security studies, which give insights on usability problems developers had, when using Security APIs. This analysis leads to a proposal of eleven specific usability characteristics relevant for Security APIs. These have to be followed up by usability studies in order to evaluate how Security APIs need to be designed in a usable way and which potential trade-offs have to be balanced.
Results from the EU-project iStoppFalls : feasibility, effectiveness, approach for fall prevention
(2016)
Autonomous mobile robots comprise of several hardware and software components. These components interact with each other continuously in order to achieve autonomity. Due to the complexity of such a task, a monumental responsibility is bestowed upon the developer to make sure that the robot is always operable. Hence, some means of detecting faults should be readily available. In this work, the aforementioned fault-detection system is a robotic black box (RBB) attached to the robot which acquires all the relevant measurements of the system that are needed to achieve a fault-free robot. Due to limited computational and memory resources on-board the RBB, a distributed diagnosis is proposed. That is, the fault diagnosis task (detection and isolation) is shared among an on-board component (the black box) and an off-board component (an external computer). The distribution of the diagnosis task allows for a non-intrusive method of detecting and diagnosing faults, in addition to the ability of remotely diagnosing a robot and potentially issuing a repair command. In addition to decomposing the diagnosis task and allowing remote diagnosability of the robot, another key feature of this work is the addition of expert human knowledge to aid in the fault detection process.
MOOCs in POM Education
(2016)
Basic demand from enterprises towards academic education: provide students not only methodological/theoretical knowledge, but also prepare them for the future tasks in the world of works! This contradicts academia’s focus on sustainably teaching basic principles. With the extra-curricular international online program erp4students, we successfully managed to bridge this "conflict-of-interest”.
In this paper, we introduce the international program erp4students as general example on how to successfully prepare university students for the world of works without having to give up the basic principle in higher education, i.e., to exclusively provide sustainable education. We start with introducing the basic concept and design of the program and provide information regarding the demographic development over the past decade and implemented quality assurance mechanisms. Subsequently, the scope and design of and hitherto achieved insights from the Learning Culture Survey are outlined. On the basis of found results, we finally discuss how erp4students can deal with possible culture-specific issues that latest might emerge when the program gets available for learners in the Asian context.
Job-related migration has been fostered across Europe balancing unemployment in one country with demands for employees in others. However, the numbers of early school leavers and university dropouts significantly increased in the hosting countries. We propose a higher measure of cultural sensitivity in education in order to prevent frustration. The Learning Culture Survey investigates learners’ expectations towards and perceptions of education on international level with the aim to make culture in the context of education better understandable. After a brief introduction, we subsume the steps taken during the past seven years and found results. Subsequently, we introduce a method for the determination of conflict potential, which bases on the understanding of culture as the level to which people within a society accept deviations from the usual. We close with demonstrating the usefulness of the data and insights from our Learning Culture Survey in the context of practical scenarios.