@misc{TorkuraSukmanaKayemetal.2018, author = {Torkura, Kennedy A. and Sukmana, Muhammad Ihsan Haikal and Kayem, Anne V. D. M. and Cheng, Feng and Meinel, Christoph}, title = {A cyber risk based moving target defense mechanism for microservice architectures}, series = {IEEE Intl Conf on Parallel \& Distributed Processing with Applications, Ubiquitous Computing \& Communications, Big Data \& Cloud Computing, Social Computing \& Networking, Sustainable Computing \& Communications (ISPA/IUCC/BDCloud/SocialCom/SustainCom)}, journal = {IEEE Intl Conf on Parallel \& Distributed Processing with Applications, Ubiquitous Computing \& Communications, Big Data \& Cloud Computing, Social Computing \& Networking, Sustainable Computing \& Communications (ISPA/IUCC/BDCloud/SocialCom/SustainCom)}, publisher = {Institute of Electrical and Electronics Engineers}, address = {Los Alamitos}, isbn = {978-1-7281-1141-4}, issn = {2158-9178}, doi = {10.1109/BDCloud.2018.00137}, pages = {932 -- 939}, year = {2018}, abstract = {Microservice Architectures (MSA) structure applications as a collection of loosely coupled services that implement business capabilities. The key advantages of MSA include inherent support for continuous deployment of large complex applications, agility and enhanced productivity. However, studies indicate that most MSA are homogeneous, and introduce shared vulnerabilites, thus vulnerable to multi-step attacks, which are economics-of-scale incentives to attackers. In this paper, we address the issue of shared vulnerabilities in microservices with a novel solution based on the concept of Moving Target Defenses (MTD). Our mechanism works by performing risk analysis against microservices to detect and prioritize vulnerabilities. Thereafter, security risk-oriented software diversification is employed, guided by a defined diversification index. The diversification is performed at runtime, leveraging both model and template based automatic code generation techniques to automatically transform programming languages and container images of the microservices. Consequently, the microservices attack surfaces are altered thereby introducing uncertainty for attackers while reducing the attackability of the microservices. Our experiments demonstrate the efficiency of our solution, with an average success rate of over 70\% attack surface randomization.}, language = {en} } @article{WangYangMeinel2016, author = {Wang, Cheng and Yang, Haojin and Meinel, Christoph}, title = {A deep semantic framework for multimodal representation learning}, series = {Multimedia tools and applications : an international journal}, volume = {75}, journal = {Multimedia tools and applications : an international journal}, publisher = {Springer}, address = {Dordrecht}, issn = {1380-7501}, doi = {10.1007/s11042-016-3380-8}, pages = {9255 -- 9276}, year = {2016}, abstract = {Multimodal representation learning has gained increasing importance in various real-world multimedia applications. Most previous approaches focused on exploring inter-modal correlation by learning a common or intermediate space in a conventional way, e.g. Canonical Correlation Analysis (CCA). These works neglected the exploration of fusing multiple modalities at higher semantic level. In this paper, inspired by the success of deep networks in multimedia computing, we propose a novel unified deep neural framework for multimodal representation learning. To capture the high-level semantic correlations across modalities, we adopted deep learning feature as image representation and topic feature as text representation respectively. In joint model learning, a 5-layer neural network is designed and enforced with a supervised pre-training in the first 3 layers for intra-modal regularization. The extensive experiments on benchmark Wikipedia and MIR Flickr 25K datasets show that our approach achieves state-of-the-art results compare to both shallow and deep models in multimodal and cross-modal retrieval.}, language = {en} } @article{EmuoyibofarheAkindeleRonkeetal.2019, author = {Emuoyibofarhe, Justice O. and Akindele, Akinyinka Tosin and Ronke, Babatunde Seyi and Omotosho, Adebayo and Meinel, Christoph}, title = {A Fuzzy Rule-Based Model for Remote Monitoring of Preterm in the Intensive Care Unit of Hospitals}, series = {International Journal of Medical Research \& Health Sciences}, volume = {8}, journal = {International Journal of Medical Research \& Health Sciences}, number = {5}, publisher = {Sumathi}, address = {Trichy}, issn = {2319-5886}, pages = {33 -- 44}, year = {2019}, abstract = {The use of Remote patient monitoring (RPM) systems to monitor critically ill patients in the Intensive Care Unit (ICU) has enabled quality and real-time healthcare management. Fuzzy logic as an approach to designing RPM systems provides a means for encapsulating the subjective decision-making process of medical experts in an algorithm suitable for computer implementation. In this paper, a remote monitoring system for preterm in neonatal ICU incubators is modeled and simulated. The model was designed with 4 input variables (body temperature, heart rate, respiratory rate, and oxygen level saturation), and 1 output variable (action performed represented as ACT). ACT decides whether-an alert is generated or not and also determines the message displayed when a notification is required. ACT classifies the clinical priority of the monitored preterm into 5 different fields: code blue, code red, code yellow, code green, and-code black. The model was simulated using a fuzzy logic toolbox of MATLAB R2015A. About 216 IF_THEN rules were formulated to monitor the inputs data fed into the model. The performance of the model was evaluated using-the confusion matrix to determine the model's accuracy, precision, sensitivity, specificity, and false alarm rate. The-experimental results obtained shows that the fuzzy-based system is capable of producing satisfactory results when used for monitoring and classifying the clinical statuses of neonates in ICU incubators.}, language = {en} } @inproceedings{GruenerMuehleGayvoronskayaetal.2019, author = {Gr{\"u}ner, Andreas and M{\"u}hle, Alexander and Gayvoronskaya, Tatiana and Meinel, Christoph}, title = {A quantifiable trustmModel for Blockchain-based identity management}, series = {IEEE 2018 International Congress on Cybermatics / 2018 IEEE Conferences on Internet of Things, Green Computing and Communications, cyber, physical and Social Computing, Smart Data, Blockchain, Computer and Information Technology}, booktitle = {IEEE 2018 International Congress on Cybermatics / 2018 IEEE Conferences on Internet of Things, Green Computing and Communications, cyber, physical and Social Computing, Smart Data, Blockchain, Computer and Information Technology}, publisher = {IEEE}, address = {New York}, isbn = {978-1-5386-7975-3}, doi = {10.1109/Cybermatics_2018.2018.00250}, pages = {1475 -- 1482}, year = {2019}, language = {en} } @article{KayemMeinelWolthusen2018, author = {Kayem, Anne Voluntas dei Massah and Meinel, Christoph and Wolthusen, Stephen D.}, title = {A resilient smart micro-grid architecture for resource constrained environments}, series = {Smart Micro-Grid Systems Security and Privacy}, volume = {71}, journal = {Smart Micro-Grid Systems Security and Privacy}, publisher = {Springer}, address = {Dordrecht}, isbn = {978-3-319-91427-5}, doi = {10.1007/978-3-319-91427-5_5}, pages = {71 -- 101}, year = {2018}, abstract = {Resource constrained smart micro-grid architectures describe a class of smart micro-grid architectures that handle communications operations over a lossy network and depend on a distributed collection of power generation and storage units. Disadvantaged communities with no or intermittent access to national power networks can benefit from such a micro-grid model by using low cost communication devices to coordinate the power generation, consumption, and storage. Furthermore, this solution is both cost-effective and environmentally-friendly. One model for such micro-grids, is for users to agree to coordinate a power sharing scheme in which individual generator owners sell excess unused power to users wanting access to power. Since the micro-grid relies on distributed renewable energy generation sources which are variable and only partly predictable, coordinating micro-grid operations with distributed algorithms is necessity for grid stability. Grid stability is crucial in retaining user trust in the dependability of the micro-grid, and user participation in the power sharing scheme, because user withdrawals can cause the grid to breakdown which is undesirable. In this chapter, we present a distributed architecture for fair power distribution and billing on microgrids. The architecture is designed to operate efficiently over a lossy communication network, which is an advantage for disadvantaged communities. We build on the architecture to discuss grid coordination notably how tasks such as metering, power resource allocation, forecasting, and scheduling can be handled. All four tasks are managed by a feedback control loop that monitors the performance and behaviour of the micro-grid, and based on historical data makes decisions to ensure the smooth operation of the grid. Finally, since lossy networks are undependable, differentiating system failures from adversarial manipulations is an important consideration for grid stability. We therefore provide a characterisation of potential adversarial models and discuss possible mitigation measures.}, language = {en} } @misc{AlibabaieGhasemzadehMeinel2017, author = {Alibabaie, Najmeh and Ghasemzadeh, Mohammad and Meinel, Christoph}, title = {A variant of genetic algorithm for non-homogeneous population}, series = {International Conference Applied Mathematics, Computational Science and Systems Engineering 2016}, volume = {9}, journal = {International Conference Applied Mathematics, Computational Science and Systems Engineering 2016}, publisher = {EDP Sciences}, address = {Les Ulis}, issn = {2271-2097}, doi = {10.1051/itmconf/20170902001}, pages = {8}, year = {2017}, abstract = {Selection of initial points, the number of clusters and finding proper clusters centers are still the main challenge in clustering processes. In this paper, we suggest genetic algorithm based method which searches several solution spaces simultaneously. The solution spaces are population groups consisting of elements with similar structure. Elements in a group have the same size, while elements in different groups are of different sizes. The proposed algorithm processes the population in groups of chromosomes with one gene, two genes to k genes. These genes hold corresponding information about the cluster centers. In the proposed method, the crossover and mutation operators can accept parents with different sizes; this can lead to versatility in population and information transfer among sub-populations. We implemented the proposed method and evaluated its performance against some random datasets and the Ruspini dataset as well. The experimental results show that the proposed method could effectively determine the appropriate number of clusters and recognize their centers. Overall this research implies that using heterogeneous population in the genetic algorithm can lead to better results.}, language = {en} } @book{HuCordelMeinel2006, author = {Hu, Ji and Cordel, Dirk and Meinel, Christoph}, title = {A virtual machine architecture for creating IT-security laboratories}, publisher = {Universit{\"a}tsverlag Potsdam}, address = {Potsdam}, isbn = {978-3-939469-13-1}, url = {http://nbn-resolving.de/urn:nbn:de:kobv:517-opus-33077}, publisher = {Universit{\"a}t Potsdam}, pages = {50}, year = {2006}, abstract = {E-learning is a flexible and personalized alternative to traditional education. Nonetheless, existing e-learning systems for IT security education have difficulties in delivering hands-on experience because of the lack of proximity. Laboratory environments and practical exercises are indispensable instruction tools to IT security education, but security education in con-ventional computer laboratories poses the problem of immobility as well as high creation and maintenance costs. Hence, there is a need to effectively transform security laboratories and practical exercises into e-learning forms. This report introduces the Tele-Lab IT-Security architecture that allows students not only to learn IT security principles, but also to gain hands-on security experience by exercises in an online laboratory environment. In this architecture, virtual machines are used to provide safe user work environments instead of real computers. Thus, traditional laboratory environments can be cloned onto the Internet by software, which increases accessibilities to laboratory resources and greatly reduces investment and maintenance costs. Under the Tele-Lab IT-Security framework, a set of technical solutions is also proposed to provide effective functionalities, reliability, security, and performance. The virtual machines with appropriate resource allocation, software installation, and system configurations are used to build lightweight security laboratories on a hosting computer. Reliability and availability of laboratory platforms are covered by the virtual machine management framework. This management framework provides necessary monitoring and administration services to detect and recover critical failures of virtual machines at run time. Considering the risk that virtual machines can be misused for compromising production networks, we present security management solutions to prevent misuse of laboratory resources by security isolation at the system and network levels. This work is an attempt to bridge the gap between e-learning/tele-teaching and practical IT security education. It is not to substitute conventional teaching in laboratories but to add practical features to e-learning. This report demonstrates the possibility to implement hands-on security laboratories on the Internet reliably, securely, and economically.}, language = {en} } @techreport{DoellnerFriedrichArnrichetal.2022, author = {D{\"o}llner, J{\"u}rgen Roland Friedrich and Friedrich, Tobias and Arnrich, Bert and Hirschfeld, Robert and Lippert, Christoph and Meinel, Christoph}, title = {Abschlussbericht KI-Labor ITSE}, doi = {10.25932/publishup-57860}, url = {http://nbn-resolving.de/urn:nbn:de:kobv:517-opus4-578604}, pages = {60}, year = {2022}, abstract = {Der Abschlussbericht beschreibt Aufgaben und Ergebnisse des KI-Labors "ITSE". Gegenstand des KI-Labors bildeten Methodik, Technik und Ausbildung in der IT-Systemtechnik zur Analyse, Planung und Konstruktion KI-basierter, komplexer IT-Systeme.}, language = {de} } @book{AsheuerBelgassemEichornetal.2013, author = {Asheuer, Susanne and Belgassem, Joy and Eichorn, Wiete and Leipold, Rio and Licht, Lucas and Meinel, Christoph and Schanz, Anne and Schnjakin, Maxim}, title = {Akzeptanz und Nutzerfreundlichkeit der AusweisApp : eine qualitative Untersuchung ; eine Studie am Hasso-Plattner-Institut f{\"u}r Softwaresystemtechnik im Auftrag des Bundesministeriums des Innern}, publisher = {Universit{\"a}tsverlag Potsdam}, address = {Potsdam}, isbn = {978-3-86956-229-2}, issn = {1613-5652}, url = {http://nbn-resolving.de/urn:nbn:de:kobv:517-opus-63971}, publisher = {Universit{\"a}t Potsdam}, pages = {83}, year = {2013}, abstract = {F{\"u}r die vorliegende Studie »Qualitative Untersuchung zur Akzeptanz des neuen Personalausweises und Erarbeitung von Vorschl{\"a}gen zur Verbesserung der Usability der Software AusweisApp« arbeitete ein Innovationsteam mit Hilfe der Design Thinking Methode an der Aufgabenstellung »Wie k{\"o}nnen wir die AusweisApp f{\"u}r Nutzer intuitiv und verst{\"a}ndlich gestalten?« Zun{\"a}chst wurde die Akzeptanz des neuen Personalausweises getestet. B{\"u}rger wurden zu ihrem Wissensstand und ihren Erwartungen hinsichtlich des neuen Personalausweises befragt, dar{\"u}ber hinaus zur generellen Nutzung des neuen Personalausweises, der Nutzung der Online-Ausweisfunktion sowie der Usability der AusweisApp. Weiterhin wurden Nutzer bei der Verwendung der aktuellen AusweisApp beobachtet und anschließend befragt. Dies erlaubte einen tiefen Einblick in ihre Bed{\"u}rfnisse. Die Ergebnisse aus der qualitativen Untersuchung wurden verwendet, um Verbesserungsvorschl{\"a}ge f{\"u}r die AusweisApp zu entwickeln, die den Bed{\"u}rfnissen der B{\"u}rger entsprechen. Die Vorschl{\"a}ge zur Optimierung der AusweisApp wurden prototypisch umgesetzt und mit potentiellen Nutzern getestet. Die Tests haben gezeigt, dass die entwickelten Neuerungen den B{\"u}rgern den Zugang zur Nutzung der Online-Ausweisfunktion deutlich vereinfachen. Im Ergebnis konnte festgestellt werden, dass der Akzeptanzgrad des neuen Personalausweises stark divergiert. Die Einstellung der Befragten reichte von Skepsis bis hin zu Bef{\"u}rwortung. Der neue Personalausweis ist ein Thema, das den B{\"u}rger polarisiert. Im Rahmen der Nutzertests konnten zahlreiche Verbesserungspotenziale des bestehenden Service Designs sowohl rund um den neuen Personalausweis, als auch im Zusammenhang mit der verwendeten Software aufgedeckt werden. W{\"a}hrend der Nutzertests, die sich an die Ideen- und Prototypenphase anschlossen, konnte das Innovtionsteam seine Vorschl{\"a}ge iterieren und auch verifizieren. Die ausgearbeiteten Vorschl{\"a}ge beziehen sich auf die AusweisApp. Die neuen Funktionen umfassen im Wesentlichen: · den direkten Zugang zu den Diensteanbietern, · umfangreiche Hilfestellungen (Tooltips, FAQ, Wizard, Video), · eine Verlaufsfunktion, · einen Beispieldienst, der die Online-Ausweisfunktion erfahrbar macht. Insbesondere gilt es, den Nutzern mit der neuen Version der AusweisApp Anwendungsfelder f{\"u}r ihren neuen Personalausweis und einen Mehrwert zu bieten. Die Ausarbeitung von weiteren Funktionen der AusweisApp kann dazu beitragen, dass der neue Personalausweis sein volles Potenzial entfalten kann.}, language = {de} } @article{RoschkeChengMeinel2012, author = {Roschke, Sebastian and Cheng, Feng and Meinel, Christoph}, title = {An alert correlation platform for memory-supported techniques}, series = {Concurrency and computation : practice \& experience}, volume = {24}, journal = {Concurrency and computation : practice \& experience}, number = {10}, publisher = {Wiley-Blackwell}, address = {Hoboken}, issn = {1532-0626}, doi = {10.1002/cpe.1750}, pages = {1123 -- 1136}, year = {2012}, abstract = {Intrusion Detection Systems (IDS) have been widely deployed in practice for detecting malicious behavior on network communication and hosts. False-positive alerts are a popular problem for most IDS approaches. The solution to address this problem is to enhance the detection process by correlation and clustering of alerts. To meet the practical requirements, this process needs to be finished fast, which is a challenging task as the amount of alerts in large-scale IDS deployments is significantly high. We identifytextitdata storage and processing algorithms to be the most important factors influencing the performance of clustering and correlation. We propose and implement a highly efficient alert correlation platform. For storage, a column-based database, an In-Memory alert storage, and memory-based index tables lead to significant improvements of the performance. For processing, algorithms are designed and implemented which are optimized for In-Memory databases, e.g. an attack graph-based correlation algorithm. The platform can be distributed over multiple processing units to share memory and processing power. A standardized interface is designed to provide a unified view of result reports for end users. The efficiency of the platform is tested by practical experiments with several alert storage approaches, multiple algorithms, as well as a local and a distributed deployment.}, language = {en} }