Completed Theses

The annotation of datasets for deep learning models is a tedious and time-consuming task. The annotation becomes particularly challenging when preparing 3D point cloud datasets to train complex neural network architectures for tasks like segmentation or scene flow.

However, 3D point clouds present particular geometric properties, that can be leveraged to make the annotation easier.

Deep Learning performs remarkably well on large datasets that covers wide range of cases. However, the labeled data of many world time series applications may be limited. As an effective way to enhance the size and quality of the training data, we rely on data augmentation which showed a huge success in computer vision problems. However, less attention has been paid to find better data augmentation methods for time series.

Neural Network is increasingly applied in various domains within the automotive industry. One of many is the field of predictive maintenance, which tries to estimate the current state of car parts to early access needs for maintenance and residual car value estimation. For these application signal bus system (CAN) data can be used, giving a huge amount of time series data to estimate the state of a car component. Problematic about this data is, that time series signals can vary strongly depending on driving situations, user and environmental factors, and therefore are not necessarily comparable. Knowledge about similar and different situations within the data, would enable a smarter selection of data for training and evaluation, therefore increase training data quality and performance of the model. Further, knowledge about repeating events within the data, would enable condition monitoring based on behavioral changes in well-comparable situations.

Being said that, the objective behind this work is to explore algorithms to find often occurring events within the multidimensional CAN-data. Due to the huge size of the data and high dimensionality, efficient algorithms need to be found and tested regarding the quality of the results. For this investigation, a case study from the automotive domain is considered, where the model is taking multivariate time series from the signal bus system as features in order to find often occurring and rare events such as a specific driving maneuver within testing data or commute trips within real car usage CAN data.

Ubiquitous computing is in need of techniques that allow the system to act intelligently and autonomously. In this respect, one of the main concerns is the automated and dynamic creation of plans, which give the system the capabilities to reason about heterogenous and uncertain changes in the environment in an efficient manner. In spite of the important advancements that the field of Artificial Intelligence (AI) have made in automated planning and reasoning techniques, efficient planning for large sequence of actions in ever changing environments remains an open problem.

Daten für Process Mining bestehen aus sogenannten Event Logs, welche zum Beispiel ​aus Enterprise Resource Planning (ERP) Systemen extrahiert werden können. Mit der zunehmenden Verbreitung von IoT ist es möglich mehr und detailliertere Daten zu Produktionsprozessen zu sammeln. Die über IoT gesammelten rohen Daten stehen jedoch noch in keinem direkten Zusammenhang und müssen erst passend mit dem Prozess verknüpft werden.

Process Mining und AR/VR, wie passt das zusammen? Aktuell werden Geschäftsprozessdaten aus Ereignisprotokollen mit Process Discovery in Form von 2D-Flowcharts visuell auf Bildschirmen dargestellt. Prozessschritte sind dadurch von der realen Welt entkoppelt, weshalb sich nicht alle Zusammenhänge zwischen Prozessschritten und Ressourcen direkt visualisieren lassen.

This work focusses on word embeddings for process data representation. Process data is a record of activities executed within an enterprise, e.g., a procurement process within a business. Usually this data is stored as a collection of traces, or sequences of activities, often amended by a timestamp and an executor, which are examples of attributes to these activities. Word embeddings can be used for clustering these traces, which ultimately serves a better understanding and analysis when it comes to process discovery. The idea is based on a previous framework which only focusses on the activity name. The extended framework developed in this thesis incorporates an additional semantic level by using not only the activity name but also the attributes an activity provides.

Cyber attacks are becoming increasingly sophisticated and coordinated. Isolated intrusion detection systems can sometimes not detect coordinated attacks in time. Therefore, collaboration between intrusion detection systems in needed, in the form of alert exchange. However, beneficial collaboration between mutually untrusted peers (some may be controlled by attackers already) is a problem of its own. To address this problem, we have introduced TRIDEnT (opens in new tab), a blockchain-based Collaborative Intrusion Detection System (CIDS).

Neural networs pop up all over the place in current research. They won many competitions and achieved state-of-the-art results in many domains such as object recognition in images or videos. However, we still do not know how these networks reach such extraordinary understanding of the domains. Many approaches have been proposed that try to find the task one specific neuron has been trained to do, but most approaches try to achieve this by arbitrarily changing the input until a neuron fires. Then you can imply from the input what the specific neuron “likes”. More interesting it would be to ask the neuron itself “What do you like?”.

Non-visible signals (such as sound) have been used in the past to recognize people, and people's activities. In many cases these signals are distinguishable and useful for recognition tasks even when objects obstruct the user's direct view. With such approaches as basis, it is possible to envision cases in which what is being occluded can be rendered into the user's visual field through augmented reality (AR).

Hybrid Online Social Network (HOSN) provides Twitter users with additional means of privacy control. Besides using Twitter normally, HOSN enables users to tweet securely to a private network, which is accessible only by users’ fellows, away from the commercial service providers. However, developing this concept encounters several challenges including among others, protecting user data and improving user experience.

In conventional machine learning, data needs to be collected then used to train a model. Federated learning enables distributed users to build a model collaboratively without sharing their sensitive data with others. However, applying federated learning widens the attack surface against the built model.

Edge Computing verlagert Dienste von Cloud-Infrastruktur in die Nähe der Datenquellen und Endnutzer, um so beispielsweise die Ende-zu-Ende-Latenz zu reduzieren. Aufgrund der Heterogenität der Geräte macht es in bestimmten Situationen Sinn, die Applikationslogik in verschiedenen Qualitätsstufen bereitzustellen, z.B. unterschiedliche Genauigkeiten von Objekterkennungen oder verschiedene Kompressionsstufen eines Video-Streams.

Desweiteren müssen Metainformationen, wie etwa die Ausführungszeit einer Operation in der Pipeline, bereitgestellt werden, um auf dieser Basis Entscheidungen für Adaptierung zu treffen.

Edge Computing verlagert Dienste von weit entfernten Cloud-Infrastrukturen in die Nähe der Datenquellen und Endnutzer, um so beispielsweise die Ende-zu-Ende-Latenz zu reduzieren. Neben Diensten, die eine Processing-Infrastruktur bereitstellen umfasst dies auch das (verteilte) Speichern von Daten mobiler Endgeräte.

Bisherige Ansätze treffen zumeist eine statische Entscheidung, wo die Daten vorgehalten werden sollen. Im Rahmen dieser Arbeit sollen realitätsnahe Caching- und Replication-Strategien erforscht werden, die die Mobilität der Nutzer mit einbeziehen.

Desweiteren erfordern auch die unterschiedlichen Zugriffsmuster und Zuverlässigkeit der Speicherknoten eine kontinuierliche Adaptierung.

Edge Computing verlagert Dienste von weit entfernten Cloud-Infrastrukturen in die Nähe der Datenquellen und Endnutzer, um so beispielsweise die Ende-zu-Ende-Latenz zu reduzieren.

Bestehende Frameworks zu Edge Computing implementieren meist einen zentralen Controller, der Applikationslogik verteilt und auf die Mobilität von Clients reagiert. Mit der steigenden Anzahl der Geräte ist ein solcher Ansatz jedoch schlecht skalierbar. Im Rahmen dieser Arbeit soll daher ein hierarchisches, verteiltes Control-Framework für Edge Computing entwickelt werden.

Checking certain business rules in process models (e.g. petri-nets, BPMN or flow graphs) is usually done using a model checker or an automata. Increasing models and the increasing amount of rules lead to long computation times. The Taint Flow Analysis operates on graphs to determine certain flows (source to sink). With a neat conversion of rules we can check business rules on flow graphs very efficiently. However, the current approach is limited.

Techniken aus dem Process Mining können zur Analyse von Aufzeichnungen aus Prozessabläufen genutzt werden, um neue Erkenntnisse über die Prozessabläufe extrahieren zu können. Um den Zugang zu den Prozessdaten zu erleichtern, können auf Prozessablaufdaten Algorithmen aus dem Process Mining angewandt werden, um das tatsächlich gelebte Prozessmodell zu erhalten, welches visuell dargestellt werden kann. Da Prozessabläufe zueinander sehr unterschiedlich sein können, kann die Visualisierung eine sehr komplexe und unstrukturierte Form annehmen und dadurch, bedingt durch eine sehr hohe Anzahl an unterschiedlichen Prozessaktivitäten sowie potenziell sehr hohen Anzahl an Kanten, die von Prozessaktivitäten ausgehen, können, potenziell wichtige Zusammenhänge aus der Visualisierung nicht wahrgenommen werden.

Aus aufgezeichneten Eventlogs aus IT-Systemen und Maschinen kann mittels Process Mining Discovery Algorithmen der tatsächliche IST-Ablauf visuell rekonstruiert werden. Hieraus lassen sich interessante Erkenntnisse gewinnen, z.B. wie sich die Durchlaufzeit bestimmter Aktivitäten verhält oder ob alle notwendigen Aktivitäten überhaupt ausgeführt werden. Durch die Zunahme an Komplexität von Geschäftsprozessen werden rekonstruierte Prozessmodelle immer unübersichtlicher und lassen sich somit nur schwer analysieren. Aktuelle Process Mining Tools zeigen alle Daten auf einmal an, sodass ein Analyst nur mit Schwierigkeiten die wichtigen Erkenntnisse extrahieren kann.

The latest trend in computing world is the cloud computing which is Internet-based computing that provides shared computer processing resources and data to computers and other devices on demand. There are numbers of cloud providers that provide different services, e.g. Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS), to users. Users need to select the most trustworthy service provider that they can totally rely upon to fulfil their demands. For this purpose, trust calculation plays an important role. Because the limited Web interfaces do not allow users to identify the trustworthiness of service providers like typical face-to-face interaction. Users can find the trustworthiness of a service provider in cloud reputation services, e.g. TaaS4Cloud. The functionality of this web service can be enhanced by users’ ratings and recommendations to make it more user-centric. So that users can select the appropriate provider they need. In this case, trustworthiness of the users should also be considered to get more dependable recommendations. We can fulfil these requirements of users to select the most trustworthy providers by implementing a trust-oriented recommender system for cloud reputation services.

Nowadays, the number and sophistication of cyberattacks is constantly increasing. To cope with this, security solutions such as Intrusion Detection Systems (IDSs) are considered a mandatory line of defense for any critical network. However, IDSs usually employ passive monitoring techniques. Honeypots emerged from the need for more active monitoring.

Honeypots are systems whose only value is to be probed, attacked and compromised. Their purpose is to attract malicious users, study their activities and, at the same time, reduce the attack surface of the monitored network. It is important to note that since honeypots do not feature any other purpose; by definition, any interaction with them is considered an attack. Thus, they do not exhibit false positives, i.e., all incoming traffic is considered malicious.

Aus aufgezeichneten Eventlogs aus IT-Systemen und Maschinen können mittels Process Mining interessante Erkenntnisse extrahiert werden. Doch die Menge der gesammelten Daten kann mittels aktueller Verfahren nicht ohne Unterstützung analysiert werden, der Benutzer wird schlicht überfordert. Aktuelle Tools zeigen alle Daten auf einmal an, ohne sie systematisch oder intelligent filterbar zu machen. So ist das Finden von Auffälligkeiten und Schwachstellen schwierig.

The amount of data produced in urban areas is steadily increasing. This is due to the increasing capabilities of devices and the desire to provide citizen advanced services based on the analysis of such data. Data is transmitted from a producer or publisher to a gateway access node, where it is further processed by in-network processing topologies to extract information and act in a timely manner. Contrary to stationary sensors, today’s data producers are highly mobile – examples include mobile phones and cars. These two sources of data will be the primary focus of this thesis. With a variety of highly mobile data publishers and different kinds of data, the question arises which communication patterns should be used to transfer the data to gateway nodes. This becomes especially relevant when publishers do not have an a-priori knowledge of subscribers and messages have different priorities.

Data Stream Processing (DSP) systems have emerged as a way for the timely processing of real-time data generated by a variety of sources. Continuous streams of data from these sources are passed through different operators, each of which performs some computations on the data. The operators are chained and together form the overall logic of a stream processing application.
With new concepts such as In-network processing or edge computing, more and more devices become available to process data in the core network or at the extreme edge of the network, rather than in distant cloud computing architectures. Given this scenario, the question arises where to place and schedule operators. Strategies for placement and scheduling can optimize for different metrics (e.g. latency, resource utilization, user-defined QoS etc.). Furthermore, the problem is NP-hard, so efficient heuristics are needed to solve it in reasonable time.
This thesis examines the problem using Apache Storm as a DSP. For this system, several schedulers have been proposed in literature, however, they each employ a different approach and have a different focus for optimization. This makes it very hard to compare them and identify means to efficiently solve the placement problem.

We are currently in a smart-phone era. Mobile devices are gaining more popular than the exis- ting traditional computers. As the growth of technology increases, the possibility of increasing risks are higher. The risk of possible attacks for a mobile device are increasing and could be with physical access and remote access. Even though we do not have a major attack on mobile devices in past, there are some attacks which happened such as by sharing the non-signed and non-verified downloaded executable files to one another [MSCU2011]. Mobile security is one of the most important and key element in today’s world. Security and privacy-related are most important topics in such mobile devices scenarios. The possible factors of mobile attacks are less, because of less heterogeneity. To understand the heterogeneity and homogeneity with re- spect to mobile devices, consider a smart device which is manufactured by different companies with different operating system (handset manufacturers). For example, if we consider a black- berry or an apple which manufactures its own hardware and software (Operating System). In this scenario, the security features of the hardware is tightly coupled with the software they designed. So, the overall security outcome of such scenario is much better. The smart phone OS makers reluctant to give access to such hardware security features. But, even if the OS makers are willing to share such information via their customised APIs, the application developers or other parties are forced to fully trust the smart phone OS makers hardware based security API functions. Also, the companies such as apple are not sharing the information or APIs to access secure isolated environments. When comes to homogeneity, Even though the companies such as Motorola, LG, Samsung are bound in using the standard open platform Android, they are en- ding up manufacturing their own custom hardware specifications and custom software designs. This leads in implementing custom and buggy security properties as there is no standardization. Again in this case, application developers are forced to trust the modified OS and to fully trust the security based API functions if available.

Mobile devices such as smartphones today feature a variety of different apps, each one serving one particular purpose. Data captured or sent by those apps is usually stored at a distant server, i.e., in the cloud, but in any case at a location predetermined by that particular application.
Also, many users use different apps that serve the same or a similar purpose. The existing app landscape therefore hinders sharing data between different applications.
More importantly, the way these apps store and access data is completely decoupled to how the data is acutally used, what the current usage context and the user's intention is. In this thesis, we will provide a framework that abstracts from concrete storage locations and decides where to best place the data based on these factors. Furthermore, the emerging concept of Edge Computing provides an opportunity to place data close to the source, as to save latency and bandwidth in the core network.

Smartphones have become the information hub for people and organizations. In order to enhance the usability of smartphones, so-called mobile apps are available in app stores for download. Many of these apps are useful for our daily life. However, the current app stores do not provide means to support users in distinguishing “good” (trusted) apps from the “bad” (untrusted) ones considering security & privacy related factors. In this thesis, a system architecture is proposed to automate the trustworthiness assessment of mobile apps from an end-user perspective. We also plan to develop a solution to realize the system that calculates and visualizes the trust score of mobile apps.

Die Analyse von Geschäftsprozessen mittels Process-Mining ermöglicht eine objektive Sicht auf einen Prozess durch Ermittlung des IST-Zustands auf Basis von Ereignis-Logs. Üblicher-weise werden zur Visualisierung Graphen oder Petri-Netze verwendet, der die tatsächlich ausgeführten Ereignisse und Abläufe repräsentiert. Oft ist das Ziel einer Prozessanalyse das Finden von Schwachstellen im Prozess (bspw. Schleifen in der Ausführung) und das Optimie-ren von Ausführungsvarianten (bspw. Reduktion der Prozessschritte).
Anpassungen am Prozessgraphen oder –modell werden heute durch Prozessexperten manuell vorgeschlagen und implementiert. Dies ist ein zeitaufwendiger und schwieriger Arbeitsschritt, da IST-Prozessgraphen selbst in kleinen und mittelgroßen Unternehmen sehr komplex werden können. Die Prozessgraphen können daher aktuell nur begrenzt für die Optimierung des betrachteten Prozesses herangezogen werden.

Das Straßennetz ist das Kernelement für den Personen- und Güterverkehr innerhalb einer Stadt. In dem Netz sind tausende Sensoren verbaut um Fahrzeuge zu erkennen und um Fahrzeugströme optimal zu steuern. Besonders an Kreuzungen treten Engpässe auf, die durch Forschung an kooperativen Systeme und insbesondere Car-to-Car und Car-to-Infrastructure Technologien künftig verringert werden sollen. Hierbei spielen Internet of Things Ansätze eine große Rolle. Diese Arbeit nutzt Technologien des Internet of Things um Verkehrsinfrastruktur-Sensor- und -Signaldaten zu extrahieren, anzureichern und zu analysieren um sie dritten Anwendungen zur Verfügung zu stellen.

Diese Thesis adaptiert eine Belastungsmetrik (Degree of Saturation) des australischen SCATS auf ein reales deutsches Straßennetz. Hierbei müssen Lösungen für die Unterschiede zwischen australischen und deutschen Verkehrsnetzen erarbeitet und mit den Imperfektionen eines realen Verkehrsnetzes umgegangen werden.

Das Erfassen von Informationen aus städtischen Infrastrukturen und deren Bereitstellung für andere Dienste ist ein Kernbedarf, um vorhandene als auch neuartige Infrastrukturen effizienter zu nutzen und neue Dienstleistungen für Bürger und Unternehmen zu ermöglichen. Ein Beispiel für solche städtischen Infrastrukturen sind Lichtsignalanlagen und die damit verbundenen Verkehrsmanagementsysteme. Solche Systeme haben eine Betriebslebensdauer von mehreren Jahrzehnten, und viele solcher Systeme bieten keine Form von digitalen Schnittstellen, was die Wiederverwendung und Umwidmung von Informationen deutlich erschwert. Viele zukünftige Automobil-dienste werden von der Verfügbarkeit von Echtzeit-Signalphasendaten abhängen, wie z.B. eine Effizienzoptimierung des Antriebsstrangs, Bremsassistenzsysteme, Passagier- und Fußgängersicherheit sowie Komfortfunktionen. Alle diese Dienste sind ebenso Sprungbretter, um autonomes Fahren in städtischen Gebieten zu verwirklichen.

In dieser Abschlussarbeit wird ein IoT-basierter Ansatz vorgestellt, inklusive eines Geräts und dazugehöriger Software, um Lichtsignalinformationen aus Verkehrssystemen zu gewinnen, die keine Art von digitaler Schnittstelle bieten. Die gesammelten Informationen werden zur weiteren Verarbeitung an eine cloudbasierte IoT-Plattform weitergeleitet, bevor sie über diese an die Fahrzeuge auf der Straße übertragen werden. Dieser neue Ansatz ermöglicht eine schnelle Bereitstellung und Abdeckung in Städten, wo diese Informationen sonst nicht verfügbar wären.

The power grid infrastructure is experiencing a dramatic change in the way it produces, distributes, and stores electricity. With these advancements, however, a new set of threats are also being enabled. In order to defend the smart grid infrastructure against novel attacks, new mechanisms for discovering threats must be developed. Fortunately, there is plenty of new information collected by intelligent sensors which can be leveraged to create mechanisms to detect attacks, intrusions and anomalies in smart grids.

With the addition of intelligent sensing devices, known as smart meters, information about usage patterns in the smart grid is being collected. This thesis project aims at developing intrusion detection techniques that can model normal usage patterns and detect deviations from these models. The developed techniques will rely on different machine learning algorithms and statistical analysis.

In order to evaluate methodologies for detecting threats in smart grids, we will provide real-world data related to the production and consumption of electricity, gas and heat in a real smart grid. Different machine learning algorithms need to be tested and evaluated on top of this data. Software is also expected to be developed where the proposed methodologies are demonstrated.

Getting good datasets for social media analytics research is hard. Service providers hardly release any data anymore and the few public datasets that exist are old and therefore outdated. Also the world of social media is changing rapidly which makes synthetic data useless.
Crawling your own data is a solution for this problem. However it is not known – considering rate limiting and possibly crawling detection – what the most time efficient way to collect such datasets is.

Das Konzept des „In-network processing“ lagert Berechnungen auf lokale, dezentrale Berechnungseinheiten aus. Vorteile gegenüber dem traditionellen Cloud Computing liegen u.a. in einer wesentlich geringeren Latenz. Um geeignete Berechnungseinheiten zu finden kann man sich eines Brokers bedienen, der – ähnlich dem Publish/Subscribe-Paradigma – unter Berücksichtigung von verschiedenen Anforderungen zwischen Berechnungseinheiten und Clients vermittelt. Um vorhandene Infrastruktur in Ballungsräumen auszunutzen, schlagen wir vor, solche Broker auf Heimroutern zu platzieren.

Darknet market places allow people to purchase illegal goods or illegal services like a botnet for DDoS attacks. The usage and the popularity of such market places is permanently increasing. Darknet research is still in its infancy. Our goal is to get a better understanding in this area. This challenge will be tackled in this thesis.
This market functions as a black market and offers the opportunity for users to remain anonymous. Marketplace operators use Tor hidden services to hide their identity. Sellers and buyers use Tor and BitCoin to trade anonymously.
However, every user of such a Darknet market has to be registered with a username which are visible to everyone within that marketplace. These names can be linked to offered products. Thus, it is possible to monitor the activity of users which can be related to each other. This can lead to new perceptions.

Prozesse begegnen uns an vielen Stellen des Alltags: beim Online-Kauf, Hotlines oder Paketlieferungen. Prozesse geben vor wie ein bestimmtes Ziel zu erreichen ist. Oft passiert es aber, dass Prozesse nicht so ausgeführt werden, wie sie es eigentlich sollen, was man meist als Kunde als Erster mitbekommt. Diese Probleme treten für Unternehmen oft unentdeckt und ohne konkret bekannten Zeitpunkt auf. Damit gegengesteuert werden kann, ist es essentiell zu wissen, ob und wann ein Prozessproblem auftritt.

Rapid growth and the pervasive cyber-physical nature of Internet of Things (IoT) technology influences both, commer- cial/industrial as well as personal environments. „Data is the new gold“ – in the future: billions of inter-connected devices and cloud-services collect, analyze, infer and disseminate (personal) data to make our everyday life smarter.
Interaction between IoT and our personal lives, with information processing in domains like eHealth, location-based services, smart cities and smart environments calls for privacy protection [3]. „The capacity to correlate information is going to change all of those interactions, and I lose power over a great deal of my life when there’s a massive amount of information over me that I don’t have control over“ worries Goeff Webb [2].
Fortunately, many solutions to enhance privacy already exist and are well researched in form of Privacy Enhancing Technologies (PETs). For example: onion routing for origin anonymity, spatial location cloaking against location tracking, k-anonymity for anonymous data disclosure and data encryption for confidentiality. But, do we really know how to use and combine them correctly?

In today’s IT ecosystem, big multinational organizations have tens if not hundreds of web applications. It’s usually not possible for global organizations to know the technical specification (security) for all their web applications around the world. According to National Vulnerability database, i.e. NVD, in last 4 years the number of vulnerabilities have been more than 5000 per year. So with hundreds of web applications, more than 5000 vulnerabilities per year and not all technical specification known, it can confusing to decide which application to fix first. So, organizations need framework to prioritize applications which have biggest impact on their business due to vulnerabilities without knowing all the technical details.
The Merck Group has products in health care, Life Science and Performance Materials. The thesis presents a framework called Application Vulnerability Business Impact Framework, i.e. AVBIF. This framework is developed for Merck KGaA which has products in health care, Life Science and Performance Materials. The AVBIF encourages development of ISMS and abstracts the unknown that is technical details by using template based approach. The AVBIF considers the business impact factor in the calculation for severity of vulnerability making the framework sensitive to the business impact. It also considers vulnerable applications exposing other applications which share data, location or login (SSO). Thus the severity rating an organization will get for its applications will be based not only on the severity of the vulnerability but also the impact on the business if the vulnerability is exploited in the web application.

Personal assistance systems like Google Now or Apple’s Siri, which support users in their daily lives, become more and more popular. However, building assistance applications or services personalized for each user requires, first, an in-depth understanding of user’s behavior and, second, appropriate techniques for providing assistance to users. State of the art systems are already able to realize the first part by tracking users through multiple devices and analyzing these personal data, e.g., to access mental health or behavioral trends. Therefore, this thesis focuses on the second part by providing assistance and intervention.

Smartphones became increasingly intelligent in recent years due to fine-granular sensors, powerful computing hardware and various actuation capabilities. This allows the development of smart applications to support users in everyday life, so called assistance apps. However, the development of multiple intelligent assistance apps still involves a huge effort through individual complex development from scratch. In this thesis, a distributed pervasive assistance platform is presented which acts as a base frame for solving arbitrary assistance use cases. Therefore, we identify common stages and functionalities of such assistance applications (e.g., tracking and actioning on mobile devices) and encapsulate them in reusable, modular and event-driven systems. Developers can just use the resulting data flow and implement the solution of an assistance use case by creating so-called data and assistance modules using the provided API. Therewith the developers can concentrate on solving problems instead of re-implementing existing functionalities over and over again. We demonstrate that this extensible approach is developer-friendly and allows fast and efficient development of arbitrary assistance systems. Our evaluation shows that the resulting platform is horizontally scalable which allows supporting growing amounts of active users and assistance use-cases.

Wissensarbeiter sind einer hohen Arbeitsbelastung ausgesetzt und stehen aufgrund vieler Deadlines oftmals unter Druck. Generell scheinen die zeitlichen Anforderungen an diese Arbeitergruppe stetig zu wachsen und nach oben unbeschränkt zu sein. Dementsprechend ist insbesondere für Wissensarbeiter ein effektives Zeitmanagement wichtig. Die vorliegende Arbeit thematisiert die Konzeption eines mobilen Assistenzsystems, welches Wissensarbeiter bei ihren arbeitsorganisatorischen Aktivitäten unterstützen. Aktuelle Lösungen zur Unterstützung des Zeitmanagements von Wissensarbeiter weisen entweder keinen ausreichenden Funktionalitätsumfang auf, oder nutzen nicht den aktuellen Stand der Technik, wodurch insbesondere im Bereich der Personalisierung großes Optimierungspotenzial verloren geht. Die Unterstützung durch das konzipierte Assistenzsystem basiert einerseits auf der Übernahme des kompletten Zeitmanagements durch das Assistenzsystem und andererseits auf der Minimierung von Auswirkungen verschiedener Probleme im Arbeitsfluss von Wissensarbeiter, welche für die Arbeitergruppe der Wissensarbeiter typisch sind.

Mobile cloud computing offers a solution for offloading high intensity tasks to the cloud and to overcome certain barriers of mobile computing such as computation and data storage capacity. Offloading tasks to the clouds require high bandwidth Internet connectivity which cannot be assured always for the users. Cloudlets bring the clouds closer to the end users to overcome the latency and bandwidth problems. Cloudlets make use of the locally available devices as a computing platform for the mobile devices. However, cloudlets are range restricted, mobile users should be within the range of a cloudlet device to receive the result. When the mobile user moves out of the cloudlet range results are either offloaded to the cloud or discarded. In this work we address the range restriction problem by connecting the cloudlet devices and distributing the results through connection forecast. Connected cloudlets share the responsibility of result distribution providing the users with the opportunity to use the cloudlet service over a larger area. We demonstrate the approach to turn low resource devices into cloudlets. We show how we overcome the range restriction issue and evaluate the work based on network metrics. Places like coffee shops, offices, hospitals can implement the approach of this work to provide services over a wider area and at a low cost.

Publisher Subscriber or Pub/Sub pattern provides decoupling, scalability, efficiency. However, privacy is a subject that still needs to be dealt with when we consider such systems. In order to ensure privacy we need to look into the anonymity and confidentiality of such systems. Inherently, such communication or design patterns overlook the need for privacy.
Off-late there has been an increasing impetus on security and building systems keeping additional goals of anonymity, confidentiality in mind during inception itself rather than imposing it on the system after developing it. We aim for such an implementation which inherently provides and guarantees anonymity without effecting system performance.

Aspect Under consideration: Churn is measured as the rate at which nodes leave and join the system. Churning should not effect the reliability and availability of a system. There are several suggested ways to handle churn. However, still such systems are susceptible to churn. Information about other nodes helps upto a good extinct in normal pubsub to restructure and balance the communication overlays. In order to safeguard anonymity our system will not provide detailed node data. Addressing this issue and looking for alternatives such that Anonymity is preserved and Anonymous PubSub is efficiently able to handle churn is the research direction which is our primary area of focus.

In a pub/sub system, each node has a specific role, publishers produce information, subscribers consume the information and broker forwards the information generated by the producer to the consumer. Broker nodes have the information cor- responding to the identity of the publisher and the subscriber nodes. An attacker needs to attack only these broker nodes and can get information about publisher-subscriber relationship. In order to establish the relationship between publisher and subscribers, a routing table needs to be maintained and distributed. This process should preserve confidentiality and anonymity of receivers /senders while minimizing message overhead.

Today, the number of Distributed Denial of Service (DDoS) attacks is becoming more and more a threat in terms of cyber criminality. The motivations for this kind of attacks are financial and economical gain, revenge, ideological belief, intellectual challenge, and Cyberwarfare.
One famous DDoS form is the amplification attack. In general, an amplification attack means a short spoofed network protocol request and a huge response that is reflected to a victim. These messages are flooded to the victim to exhaust the bandwidth. The abused services for this kind of attack must have at least two properties. First, the service should base on UDP, which is stateless. The benefit of UDP is the direct transport layer interaction without any network session establishment like the TCP Three-Way-Handshake. Second, make protocol requests whose responses are significantly bigger that it works as amplifier. Currently, different services are in focus of hackers to run this kind of attack.
Before vulnerability’s in a service is abused, the potential for an amplification in a protocol must be known. This thesis will develop an automatic tool for the detection of protocols that are vulnerable for amplification attacks. After a protocol is detected, a crawler will check the popularity of the service. Other hosts that offer the same service are penetrated with packets that are crafted from previous captured traffic. This behavior checks if the other service provider are vulnerable too. A detection mechanism is integrated into an existing IDS. The analysis of the intercepted traffic elects requests response pairs. If they are linked, different measurements are calculated. The main contribution of the thesis is a protocol analysis system that detects protocols that are vulnerable to amplification attacks and a crawler that checks the impact of the detection.

Since time is the most limited ressource students have, an efficient use of it is neccessary. To get the most out of it, time management is a crucial process which itself unfortunately counsumes too much time and therefore is often neglected by students. However, research shows that good time management results in less stress and an increased academic performance of students. The process of time management can be split into three major parts, which should be conducted periodically, e.g. each day: (i) defining goals and subgoals, (ii) prioterizing these and (iii) monitoring which goals were achieved and how much time was spent achieving them. An automatization of single parts of this process implies lower time consumption for the whole process. To assist students in time management, a system capable of automatically detecting students’ daily activities, like listening to a Lecture, is needed. Such a system would simplify part (iii) of the time management process.
Activity recognition systems can be split into two groups: (a) systems to detect simple activities like sitting, walking or running and (b) systems to detect complex activities like listening to a Lecture. Student activities refer to complex activities. Hence, they can only be detected with systems of group (b). Current activity recognition systems commonly use sensor data at personal scale to detect simple activities. These systems focus on users’ physical activities and do not consider the actual context. Nevertheless, they are able to detect simple activities like sitting, walking or running with an accuracy above 90 %. Systems bother with detecting complex activities – like student activities – instead, do not gain such a high value of accuracy. They often try to gather more than smartphone-based sensor data by deploying additional sensors resulting in increased costs of the overall system. Albeit the ubiquitous sensors, the social context of the user is not considered. For example, it cannot be used to determine the number of people around the user, nor the number of friends nearby. However, this information is crucial to derive a deep insight into the actual situation and to correctly classify a conducted activity.
The goal of this thesis is to build a system capable to automatically detect the following seven student activities: Lecture, Learning, Teamwork, Transition, Leisure, Sleeping and Job.

Mobile phones have become essential devices that people carry around everywhere they go. These devices contain important personal and confidential information, such as pictures, emails and login credentials, which make them a prime for theft. A user with the knowledge that their device has been stolen is able to prevent further damage with tools that remotely contact the device. These technologies are useless, however, if the user does not know that the device has been stolen or if a remote connection is not possible.
In this project we are going to create technologies that are capable of automatically detecting when a mobile phone has been stolen without human intervention. These technologies will learn the behavior of the owner and will recognize when the device is no longer being used by the owner. Once it is discovered that there is someone else using the device, it will lock itself up and try to contact back the owner.

The realization of this technology will be in the form of an Android application lock the mobile device up in such a way that only the owner of the device will be able to unlock it. We will use artificial intelligence to learn and distinguish between different user behaviors.

In the recent years, the increasing amount of network traffic put new challenges to the identification of malicious traces within the masses of data. Stand alone Intrusion Detection System (IDS) and Centralised IDSs struggle to process the data. Distributed approaches try to share the workload among nodes, at the cost of network overhead for nodes communicating input data and results. Moreover, sharing data over a network that is only for a subset of the nodes important produces useless overhead and keeps the other nodes from processing data important to them. Furthermore, it is hard to share data privately with only a subset of those nodes.

3D-Druck wird das Potenzial zugesprochen, eine neue industrielle Revolution auszulösen. Sie soll breite Massen kreativer Entwickler und Entwicklercommunities in die Lage versetzen, personalisiertere Produkte und schneller Prototypen zu entwickeln. Bisweilen beschränkt sich dieser Trend allerdings auf die Anfertigung nicht-interaktiver Objekte (aus Kunststoff, Metall etc.).
Im Zuge dieser Arbeit sollen daher die neuen Möglichkeiten des 3D-Drucks zur Produktion einer gedruckten und zugleich berührungssensitiven Smartphone-Hülle verwendet werden.

“Where do I find the double underlined button in word?” Often users of graphical user interfaces (GUI) want to search for functionalities in software programs. Today people start searching in the world wide web or try to find it via given hierarchical menus or manuals. These menus are organized by a software developer which may have a totally different view of grouping these features. This thesis wants to give a solution for this problem. Hence a search engine for graphical user interfaces is proposed. The main approach is divided into two tasks.
The first task is to extract models of software programs live from users. This model contains what elements appear when a button or other UI elements are clicked or invoked. Thus it is possible to find out which path of interactions has to be executed to see a GUI element. The main sources of such information are frameworks of user interface (UI) accessibility like “Microsoft Active Accessibility” (MSAA) or the successor called “Microsoft UI Automation” (UIA). These frameworks are created for people with disabilities to interact with this kind of interfaces. It helps to find and select graphical control elements. Assistive technology (AT) like screen readers make heavy use of it. Extracting such models with UI accessibility frameworks can only happen live when the user interacts with a program because the elements are just accessible when they exist on the screen. Therefore additionally a tool called ClickMonkey is developed which explores the software by clicking on all UI elements.
The second task is to build up a search engine based on such a model to index all text displayed on screen. When the user is in a situation of not finding the right widget, it is possible to bring up a search window on top via a keyboard shortcut or a mouse click. Afterwards the user can type in a search term and a list of ranked user interface elements is presented. Selecting one of them triggers a execution of interactions (like mouse clicks) to bring the appropriate program in the right state. The interactions are inferred from the model because every interaction observed from a user can be simulated like in GUI testing frameworks.
The evaluation shows that the current implementation can help the people in difficult tasks at least in 60 % of the cases. For easy tasks which can be completed in less than 5 clicks the additional time to search is too long. This shows that the approach can help novice as well as expert users which know and work with the software.
The proposed approach tries to help users which could not find a functionality although it exists. It will guide them to the correct place and the user can continue to work.

The Graphical User Interface (GUI) serves as an interface to directly manipulate graphical elements. Application softwares contain these graphical elements which represent functionality for a specific application. The main target is the discovery of patterns which express functionality usage. In the first part, the interaction between study participants and application softwares are observed by a tool called “Interaction Observer”. This is accomplished with the Accessibility technology which provides access to graphical elements. The approach is termed “Graphical Software Mining” which mines software exclusively on a graphical level. The observation forms an interaction log. In the second part, interaction patterns are defined and in the interaction log discovered. Interaction patterns are sequences of interactions which express an intentional action. This approach is termed “GUI Usage Mining” which discovers usage information from GUI interaction logs. Initially, reference patterns are discovered by human annotators. The insights are used to preprocess the raw interaction log. Transactions, which are meaningful interaction clusters, are identified with four approaches. This enables the application of four mining strategies: sequential pattern mining, graph mining, process mining and mining based on n-grams. They are implemented with the help of extern libraries. User-program pairs are analyzed in the evaluation. The patterns of the four strategies are judged by the corresponding participants. The evaluation indicates that the n-gram based strategy discovers more accepted patterns.

3D-Druck wird das Potenzial zugesprochen, eine neue industrielle Revolution auszulösen. Sie soll breite Massen kreativer Entwickler und Entwicklercommunities in die Lage ver- setzen, personalisiertere Produkte und schneller Prototypen zu entwickeln. Bisweilen beschränkt sich dieser Trend allerdings auf die Anfertigung nicht-interaktiver Objekte (aus Kunststoff, Metall etc.).
Im Zuge dieser Arbeit sollen daher die neuen Möglichkeiten des 3D-Drucks zur Produktion personalisierter physisch greifbarer Knöpfe genutzt werden. Hierbei stellen sich verschiedenste Herausforderungen. Beispielsweise ist unklar, in welcher Form weitestge- hend starre Materialien (z.B. ABS oder PLA) zur Produktion drückbarer, d.h. in eine vorgegebenen Richtung flexibel bewegbare, Knöpfe genutzt werden können oder ob sich andere flexiblere Materialien hierzu eher eignen.