Refine
Departments, institutes and facilities
- Fachbereich Informatik (42)
- Institut für Technik, Ressourcenschonung und Energieeffizienz (TREE) (23)
- Fachbereich Ingenieurwissenschaften und Kommunikation (21)
- Institut für Cyber Security & Privacy (ICSP) (16)
- Fachbereich Wirtschaftswissenschaften (15)
- Institute of Visual Computing (IVC) (11)
- Institut für Verbraucherinformatik (IVI) (9)
- Internationales Zentrum für Nachhaltige Entwicklung (IZNE) (6)
- Fachbereich Angewandte Naturwissenschaften (5)
- Fachbereich Sozialpolitik und Soziale Sicherung (4)
Document Type
- Conference Object (105) (remove)
Year of publication
- 2016 (105) (remove)
Keywords
- IEEE802.11 (2)
- Large, high-resolution displays (2)
- Long-Distance WiFi (2)
- Privacy (2)
- SpMV (2)
- User Experience (2)
- WiLD (2)
- 3D user interface (1)
- API usability (1)
- ARM Cortex M3 Processor (1)
Recent years have seen extensive adoption of domain generation algorithms (DGA) by modern botnets. The main goal is to generate a large number of domain names and then use a small subset for actual C&C communication. This makes DGAs very compelling for botmasters to harden the infrastructure of their botnets and make it resilient to blacklisting and attacks such as takedown efforts. While early DGAs were used as a backup communication mechanism, several new botnets use them as their primary communication method, making it extremely important to study DGAs in detail.
In this paper, we perform a comprehensive measurement study of the DGA landscape by analyzing 43 DGAbased malware families and variants. We also present a taxonomy for DGAs and use it to characterize and compare the properties of the studied families. By reimplementing the algorithms, we pre-compute all possible domains they generate, covering the majority of known and active DGAs. Then, we study the registration status of over 18 million DGA domains and show that corresponding malware families and related campaigns can be reliably identified by pre-computing future DGA domains. We also give insights into botmasters’ strategies regarding domain registration and identify several pitfalls in previous takedown efforts of DGA-based botnets. We will share the dataset for future research and will also provide a web service to check domains for potential DGA identity.
Helping Johnny to Analyze Malware: A Usability-Optimized Decompiler and Malware Analysis User Study
(2016)
Der Arbeitskreis Usable Security & Privacy bietet ein Forum für den Gedankenaustausch und die interdisziplinäre Zusammenarbeit rund um das Thema benutzerfreundliche Informationssicherheit und privatheitsfördernde Technologien. Sicherheit ist bei der Anschaffung von Software und Technikprodukten zwar eines der zentralen Auswahlkriterien – aufgrund mangelnder Gebrauchstauglichkeit werden die vorhandenen Sicherheitsfunktionen und -mechanismen von den Nutzern jedoch oft falsch oder überhaupt nicht bedient. Im alltäglichen Gebrauch ergeben sich hierdurch Sicherheitsgefährdungen beim Umgang mit IKT-Systemen bzw. -Produkten und den darin enthaltenen sensiblen Daten. Im Workshop werden mit den Teilnehmern Beispiele diskutiert und es wird gemeinsam ein Stimmungsbild zum Verständnis, zum Stellenwert und zum aktuellen Grad der Umsetzung von Usable Security & Privacy erhoben. Ergebnis des Workshops ist ein Positionspapier, in dem die aktuellen Problemfelder und die wichtigsten Herausforderungen aus Sicht der Usability und UX Professionals beschrieben sind.
In Fortführung zum erfolgreichen Auftaktworkshop „Usable Security and Privacy: Nutzerzentrierte Lösungsansätze zum Schutz sensibler Daten“ auf der Mensch und Computer 2015 werden in einem zweiten wissenschaftlichen Workshop auf der diesjährigen Mensch und Computer vier Arbeiten auf dem Gebiet Usable Security and Privacy vorgestellt und diskutiert. Das Programm bilden Beiträge aus Forschung und Praxis, die neue nutzerzentrierte Ansätze, aber auch praxisrelevante Lösungen zur nutzerzentrierten Entwicklung und Ausgestaltung von digitalen Schutzmechanismen thematisieren. Mit dem Workshop wird das etablierte Forum weiterentwickelt, in dem sich Experten aus unterschiedlichen Domänen, z. B. dem Usability-Engineering und Security-Engineering, transdisziplinär austauschen können. Der Workshop wird von den Organisatoren als klassischer wissenschaftlicher Workshop ausgestaltet. Ein Programmkomitee hat die Einreichungen bewertet und daraus die zur Präsentation akzeptierten Beiträge ausgewählt.
This paper presents methods for the reduction and compression of meteorological data for web-based wind flow visualizations, which are tailored to the flow visualization technique. Flow data sets represent a large amount of data and are therefore not well suited for mobile networks with low data throughput rates and high latency. Using the mechanisms introduced in this paper, an efficient transfer of thinned out and compressed data can be achieved, while keeping the accuracy of the visualized information almost at the same quality level as for the original data.
Online media consumption is the main driving force for the recent growth of the Web. As especially realtime media is becoming more and more accessible from a wide range of devices, with contrasting screen resolutions, processing resources and network connectivity, a necessary requirement is providing users with a seamless multimedia experience at the best possible quality, henceforth being able to adapt to the specific device and network conditions. This paper introduces a novel approach for adaptive media streaming in the Web. Despite the pervasive pullbased designs based on HTTP, this paper builds upon a Web-native push-based approach by which both the communication and processing overheads are reduced significantly in comparison to the pull-based counterparts. In order to maintain these properties when enhancing the scheme by adaptation features, a server-side monitoring and control needs to be developed as a consequence. Such an adaptive push-based media streaming approach is intr oduced as main contribution of this work. Moreover, the obtained evaluation results provide the evidence that with an adaptive push-based media delivery, on the one hand, an equivalent quality of experience can be provided at lower costs than by adopting pull-based media streaming. On the other hand, an improved responsiveness in switching between quality levels can be obtained at no extra costs.
Application Programming Interfaces (APIs) are a vital link between software components as well as between software and developers. Security APIs deliver crucial functionalities for programmers who see themselves in the increasing need for integrating security services into their software products. The ignorant or incorrect use of Security APIs leads to critical security flaws, as has been revealed by recent security studies. One major reason for this is rooted in usability issues. API Usability research has been deriving recommendations for designing usable APIs in general. Facing the growing relevance of Security APIs, the question arises, whether the observed usability aspects in the general space are already sufficient enough for building usable Security APIs. The currently available findings in the API Usability domain are selective fragments only, though. This still emerging field has not produced a comprehensive model yet. As a consequence, a first contribution of this paper is such a model that provides a consolidated view on the current research coverage of API Usability. On this baseline, the paper continues by conducting an analysis of relevant security studies, which give insights on usability problems developers had, when using Security APIs. This analysis leads to a proposal of eleven specific usability characteristics relevant for Security APIs. These have to be followed up by usability studies in order to evaluate how Security APIs need to be designed in a usable way and which potential trade-offs have to be balanced.
Results from the EU-project iStoppFalls : feasibility, effectiveness, approach for fall prevention
(2016)
Autonomous mobile robots comprise of several hardware and software components. These components interact with each other continuously in order to achieve autonomity. Due to the complexity of such a task, a monumental responsibility is bestowed upon the developer to make sure that the robot is always operable. Hence, some means of detecting faults should be readily available. In this work, the aforementioned fault-detection system is a robotic black box (RBB) attached to the robot which acquires all the relevant measurements of the system that are needed to achieve a fault-free robot. Due to limited computational and memory resources on-board the RBB, a distributed diagnosis is proposed. That is, the fault diagnosis task (detection and isolation) is shared among an on-board component (the black box) and an off-board component (an external computer). The distribution of the diagnosis task allows for a non-intrusive method of detecting and diagnosing faults, in addition to the ability of remotely diagnosing a robot and potentially issuing a repair command. In addition to decomposing the diagnosis task and allowing remote diagnosability of the robot, another key feature of this work is the addition of expert human knowledge to aid in the fault detection process.
MOOCs in POM Education
(2016)
Basic demand from enterprises towards academic education: provide students not only methodological/theoretical knowledge, but also prepare them for the future tasks in the world of works! This contradicts academia’s focus on sustainably teaching basic principles. With the extra-curricular international online program erp4students, we successfully managed to bridge this "conflict-of-interest”.
In this paper, we introduce the international program erp4students as general example on how to successfully prepare university students for the world of works without having to give up the basic principle in higher education, i.e., to exclusively provide sustainable education. We start with introducing the basic concept and design of the program and provide information regarding the demographic development over the past decade and implemented quality assurance mechanisms. Subsequently, the scope and design of and hitherto achieved insights from the Learning Culture Survey are outlined. On the basis of found results, we finally discuss how erp4students can deal with possible culture-specific issues that latest might emerge when the program gets available for learners in the Asian context.
Job-related migration has been fostered across Europe balancing unemployment in one country with demands for employees in others. However, the numbers of early school leavers and university dropouts significantly increased in the hosting countries. We propose a higher measure of cultural sensitivity in education in order to prevent frustration. The Learning Culture Survey investigates learners’ expectations towards and perceptions of education on international level with the aim to make culture in the context of education better understandable. After a brief introduction, we subsume the steps taken during the past seven years and found results. Subsequently, we introduce a method for the determination of conflict potential, which bases on the understanding of culture as the level to which people within a society accept deviations from the usual. We close with demonstrating the usefulness of the data and insights from our Learning Culture Survey in the context of practical scenarios.
Within qualitative interviews we examine attitudes towards driverless cars in order to investigate new mobility services and explore the impact of such services on everyday mobility. We identified three main issues that we would like to discuss in the workshop: (I) Designing beyond a driver-centric approach; (II) Developing mobility services for cars which drive themselves; and (III) Exploring self-driving practices.
A deployment of the Vehicle-to-Vehicle communication technology according to ETSI is in preparation in Europe. Currently, a Public Key Infrastructure policy for Intelligent Transport Systems in Europe is in discussion to enable V2V communication. This policy set aside two classes of keys and certificates for ITS vehicle stations: long term authentication keys and pseudonymous keys and certificates. We show that from our point of view the periodic sent Cooperative Awareness Messages with extensive data have technical limitations and together with the pseudonym concept cause privacy problems.
In this paper, several blocking techniques are applied to matrices that do not have a strong blocked structure. The aim is to efficiently use vectorization with current CPUs, even for matrices without an explicit block structure on nonzero elements. Different approaches are known to find fixed or variable sized blocks of nonzero elements in a matrix. We present a new matrix format for 2D rectangular blocks of variable size, allowing fill-ins per block of explicit zero values up to a user definable threshold. We give a heuristic to detect such 2D blocks in a sparse matrix. The performance of a Sparse Matrix Vector Multiplication for chosen block formats is measured and compared. Results show that the benefit of blocking formats depend – as to be expected – on the structure of the matrix and that variable sized block formats can have advantages over fixed size formats.
SDN and WMN evolved to be sophisticated technologies used in a variety of applications. However, a combined approach called wmSDN has not been widely addressed in the research community. Our idea in this field consists of WiFi-based point-to-point links managed by the OpenFlow protocol. We investigate two different issues regarding this idea. First, which WiFi operational mode is suitable in an OpenFlow managed broadcast domain? Second, does the performance decrease compared with other routing or switching principles? Therefore, we set up a real-world testbed and a suitable simulation environment. Unlike previous work, we show that it is possible to use WiFi links without conducting MAC address rewriting at each hop by utilizing the 4-address-mode.
Supported by their large size and high resolution, display walls suit well for different collaboration types. However, in order to foster instead of impede collaboration processes, interaction techniques need to be carefully designed, taking into regard the possibilities and limitations of the display size, and their effects on human perception and performance. In this paper we investigate the impact of visual distractors (which, for instance, might be caused by other collaborators' input) in peripheral vision on short-term memory and attention. The distractors occur frequently when multiple users collaborate in large wall display systems and may draw attention away from the main task, as such potentially affecting performance and cognitive load. Yet, the effect of these distractors is hardly understood. Gaining a better understanding thus may provide valuable input for designing more effective user interfaces. In this article, we report on two interrelated studies that investigated the effect of distractors. Depending on when the distractor is inserted in the task performance sequence, as well as the location of the distractor, user performance can be disturbed: we will show that distractors may not affect short term memory, but do have an effect on attention. We will closely look into the effects, and identify future directions to design more effective interfaces.
During exercise, heart rate has proven to be a good measure in planning workouts. It is not only simple to measure but also well understood and has been used for many years for workout planning. To use heart rate to control physical exercise, a model which predicts future heart rate dependent on a given strain can be utilized. In this paper, we present a mathematical model based on convolution for predicting the heart rate response to strain with four physiologically explainable parameters. This model is based on the general idea of the Fitness-Fatigue model for performance analysis, but is revised here for heart rate analysis. Comparisons show that the Convolution model can compete with other known heart rate models. Furthermore, this new model can be improved by reducing the number of parameters. The remaining parameter seems to be a promising indicator of the actual subject’s fitness.
Analyzing training performance in sport is usually based on standardized test protocols and needs laboratory equipment, e.g., for measuring blood lactate concentration or other physiological body parameters. Avoiding special equipment and standardized test protocols, we show that it is possible to reach a quality of performance simulation comparable to the results of laboratory studies using training models with nothing but training data. For this purpose, we introduce a fitting concept for a performance model that takes the peculiarities of using training data for the task of performance diagnostics into account. With a specific way of data preprocessing, accuracy of laboratory studies can be achieved for about 50% of the tested subjects, while lower correlation of the other 50% can be explained.
Effects of Workspace Awareness and Territoriality in Environments with Large, Shared Displays
(2016)
Synchronous cooperative work of multiple collaborators in large, high-resolution display systems comprises such psychological phenomena like workspace awareness and human territoriality. The phenomena and interplay between them can cause a significant impact on human-human and human-environment interaction. In a non-digital environment humans rely on their own physical abilities, utilities, and social protocols to control those phenomena (e.g. close eyes, or use earplugs to reduce workspace awareness; rotate oneself towards collaborators to increase workspace awareness). Digital environments, on the other hand, provide us with a possibility to ease, automate, and unify control processes, thus taking off that burden from users. Yet, we have to understand first, what effects workspace awareness and territoriality have within a collaborative environment. The aim of this doctoral thesis is to investigate effects of workspace awareness and territoriality on users and interaction processes in mixed-focus scenarios of various collaborative settings.
The Fitness-Fatigue model (Calvert et al. 1976) is widely used for performance analysis. This antagonistic model is based on a fitness-term, a fatigue-term, and an initial basic level of performance. Instead of generic parameter values, individualizing the model needs a fitting of parameters. With fitted parameters, the model adapts to account for individual responses to strain. Even though in most cases fitting of recorded training data shows useful results, without modification the model cannot be simply used for prediction.
Wireless sensor networks are widely used in a variety of fields including industrial environments. In case of a clustered network the location of cluster head affects the reliability of the network operation. Finding of the optimum location of the cluster head, therefore, is critical for the design of a network. This paper discusses the optimisation approach, based on the brute force algorithm, in the context of topology optimisation of a cluster structure centralised wireless sensor network. Two examples are given to verify the approach that demonstrate the implementation of the brute force algorithm to find an optimum location of the cluster head.
Tierexperimentell konnte nachgewiesen werden, dass spezifische Ionenkanäle (vor allem TRPA1) des nozizeptiven Systems nachhaltig durch die Exposition mit blauem Licht moduliert werden können. Durch Nachweis der Wirksamkeit von nicht-visuellen Effekten einer Lichtexposition auf Somatosensorik und Nozizeption beim Menschen könnte der Einsatz einer Lichttherapie bei Patienten mit Erkrankungen des somatosensorischen Systems, insbesondere neuropathischen Schmerzen, von großer Bedeutung sein.
When navigating larger virtual environments and computer games, natural walking is often unfeasible. Here, we investigate how alternatives such as joystick- or leaning-based locomotion interfaces ("human joystick") can be enhanced by adding walking-related cues following a sensory substitution approach. Using a custom-designed foot haptics system and evaluating it in a multi-part study, we show that adding walking related auditory cues (footstep sounds), visual cues (simulating bobbing head-motions from walking), and vibrotactile cues (via vibrotactile transducers and bass-shakers under participants' feet) could all enhance participants' sensation of self-motion (vection) and involement/presence. These benefits occurred similarly for seated joystick and standing leaning locomotion. Footstep sounds and vibrotactile cues also enhanced participants' self-reported ability to judge self-motion velocities and distances traveled. Compared to seated joystick control, standing leaning enhanced self-motion sensations. Combining standing leaning with a minimal walking-in-place procedure showed no benefits and reduced usability, though. Together, results highlight the potential of incorporating walking-related auditory, visual, and vibrotactile cues for improving user experience and self-motion perception in applications such as virtual reality, gaming, and tele-presence.
This paper presents implementation results of several side channel countermeasures for protecting the scalar multiplication of ECC (Elliptic Curve Cryptography) implemented on an ARM Cortex M3 processor that is used in security sensitive wireless sensor nodes. Our implementation was done for the ECC curves P-256, brainpool256r1, and Ed25519. Investigated countermeasures include Double-And-Add Always, Montgomery Ladder, Scalar Randomization, Randomized Scalar Splitting, Coordinate Randomization, and Randomized Sliding Window. Practical side channel tests for SEMA (Simple Electromagnetic Analysis) and MESD (Multiple Exponent, Single Data) are included. Though more advanced side channel attacks are not evaluated, yet, our results show that an appropriate level of resistance against the most relevant attacks can be reached.
The work at hand outlines a recording setup for capturing hand and finger movements of musicians. The focus is on a series of baseline experiments on the detectability of coloured markers under different lighting conditions. With the goal of capturing and recording hand and finger movements of musicians in mind, requirements for such a system and existing approaches are analysed and compared. The results of the experiments and the analysis of related work show that the envisioned setup is suited for the expected scenario.