@misc{AlibabaieGhasemzadehMeinel2017, author = {Alibabaie, Najmeh and Ghasemzadeh, Mohammad and Meinel, Christoph}, title = {A variant of genetic algorithm for non-homogeneous population}, series = {International Conference Applied Mathematics, Computational Science and Systems Engineering 2016}, volume = {9}, journal = {International Conference Applied Mathematics, Computational Science and Systems Engineering 2016}, publisher = {EDP Sciences}, address = {Les Ulis}, issn = {2271-2097}, doi = {10.1051/itmconf/20170902001}, pages = {8}, year = {2017}, abstract = {Selection of initial points, the number of clusters and finding proper clusters centers are still the main challenge in clustering processes. In this paper, we suggest genetic algorithm based method which searches several solution spaces simultaneously. The solution spaces are population groups consisting of elements with similar structure. Elements in a group have the same size, while elements in different groups are of different sizes. The proposed algorithm processes the population in groups of chromosomes with one gene, two genes to k genes. These genes hold corresponding information about the cluster centers. In the proposed method, the crossover and mutation operators can accept parents with different sizes; this can lead to versatility in population and information transfer among sub-populations. We implemented the proposed method and evaluated its performance against some random datasets and the Ruspini dataset as well. The experimental results show that the proposed method could effectively determine the appropriate number of clusters and recognize their centers. Overall this research implies that using heterogeneous population in the genetic algorithm can lead to better results.}, language = {en} } @misc{GawronChengMeinel2017, author = {Gawron, Marian and Cheng, Feng and Meinel, Christoph}, title = {PVD: Passive Vulnerability Detection}, series = {8th International Conference on Information and Communication Systems (ICICS)}, journal = {8th International Conference on Information and Communication Systems (ICICS)}, publisher = {IEEE}, address = {New York}, isbn = {978-1-5090-4243-2}, issn = {2471-125X}, doi = {10.1109/IACS.2017.7921992}, pages = {322 -- 327}, year = {2017}, abstract = {The identification of vulnerabilities relies on detailed information about the target infrastructure. The gathering of the necessary information is a crucial step that requires an intensive scanning or mature expertise and knowledge about the system even though the information was already available in a different context. In this paper we propose a new method to detect vulnerabilities that reuses the existing information and eliminates the necessity of a comprehensive scan of the target system. Since our approach is able to identify vulnerabilities without the additional effort of a scan, we are able to increase the overall performance of the detection. Because of the reuse and the removal of the active testing procedures, our approach could be classified as a passive vulnerability detection. We will explain the approach and illustrate the additional possibility to increase the security awareness of users. Therefore, we applied the approach on an experimental setup and extracted security relevant information from web logs.}, language = {en} } @misc{MalchowRenzBaueretal.2017, author = {Malchow, Martin and Renz, Jan and Bauer, Matthias and Meinel, Christoph}, title = {Embedded smart home}, series = {11th Annual IEEE International Systems Conference (SysCon)}, journal = {11th Annual IEEE International Systems Conference (SysCon)}, publisher = {IEEE}, address = {New York}, isbn = {978-1-5090-4623-2}, issn = {1944-7620}, doi = {10.1109/SYSCON.2017.7934728}, pages = {195 -- 200}, year = {2017}, abstract = {The popularity of MOOCs has increased considerably in the last years. A typical MOOC course consists of video content, self tests after a video and homework, which is normally in multiple choice format. After solving this homeworks for every week of a MOOC, the final exam certificate can be issued when the student has reached a sufficient score. There are also some attempts to include practical tasks, such as programming, in MOOCs for grading. Nevertheless, until now there is no known possibility to teach embedded system programming in a MOOC course where the programming can be done in a remote lab and where grading of the tasks is additionally possible. This embedded programming includes communication over GPIO pins to control LEDs and measure sensor values. We started a MOOC course called "Embedded Smart Home" as a pilot to prove the concept to teach real hardware programming in a MOOC environment under real life MOOC conditions with over 6000 students. Furthermore, also students with real hardware have the possibility to program on their own real hardware and grade their results in the MOOC course. Finally, we evaluate our approach and analyze the student acceptance of this approach to offer a course on embedded programming. We also analyze the hardware usage and working time of students solving tasks to find out if real hardware programming is an advantage and motivating achievement to support students learning success.}, language = {en} } @misc{StaubitzWilkinsHagedornetal.2017, author = {Staubitz, Thomas and Wilkins, Christian and Hagedorn, Christiane and Meinel, Christoph}, title = {The Gamification of a MOOC Platform}, series = {Proceedings of 2017 IEEE Global Engineering Education Conference (EDUCON)}, journal = {Proceedings of 2017 IEEE Global Engineering Education Conference (EDUCON)}, publisher = {IEEE}, address = {New York}, isbn = {978-1-5090-5467-1}, issn = {2165-9567}, doi = {10.1109/EDUCON.2017.7942952}, pages = {883 -- 892}, year = {2017}, abstract = {Massive Open Online Courses (MOOCs) have left their mark on the face of education during the recent years. At the Hasso Plattner Institute (HPI) in Potsdam, Germany, we are actively developing a MOOC platform, which provides our research with a plethora of e-learning topics, such as learning analytics, automated assessment, peer assessment, team-work, online proctoring, and gamification. We run several instances of this platform. On openHPI, we provide our own courses from within the HPI context. Further instances are openSAP, openWHO, and mooc.HOUSE, which is the smallest of these platforms, targeting customers with a less extensive course portfolio. In 2013, we started to work on the gamification of our platform. By now, we have implemented about two thirds of the features that we initially have evaluated as useful for our purposes. About a year ago we activated the implemented gamification features on mooc.HOUSE. Before activating the features on openHPI as well, we examined, and re-evaluated our initial considerations based on the data we collected so far and the changes in other contexts of our platforms.}, language = {en} } @misc{TorkuraSukmanaChengetal.2017, author = {Torkura, Kennedy A. and Sukmana, Muhammad Ihsan Haikal and Cheng, Feng and Meinel, Christoph}, title = {Leveraging cloud native design patterns for security-as-a-service applications}, series = {IEEE International Conference on Smart Cloud (SmartCloud)}, journal = {IEEE International Conference on Smart Cloud (SmartCloud)}, publisher = {Institute of Electrical and Electronics Engineers}, address = {New York}, isbn = {978-1-5386-3684-8}, doi = {10.1109/SmartCloud.2017.21}, pages = {90 -- 97}, year = {2017}, abstract = {This paper discusses a new approach for designing and deploying Security-as-a-Service (SecaaS) applications using cloud native design patterns. Current SecaaS approaches do not efficiently handle the increasing threats to computer systems and applications. For example, requests for security assessments drastically increase after a high-risk security vulnerability is disclosed. In such scenarios, SecaaS applications are unable to dynamically scale to serve requests. A root cause of this challenge is employment of architectures not specifically fitted to cloud environments. Cloud native design patterns resolve this challenge by enabling certain properties e.g. massive scalability and resiliency via the combination of microservice patterns and cloud-focused design patterns. However adopting these patterns is a complex process, during which several security issues are introduced. In this work, we investigate these security issues, we redesign and deploy a monolithic SecaaS application using cloud native design patterns while considering appropriate, layered security counter-measures i.e. at the application and cloud networking layer. Our prototype implementation out-performs traditional, monolithic applications with an average Scanner Time of 6 minutes, without compromising security. Our approach can be employed for designing secure, scalable and performant SecaaS applications that effectively handle unexpected increase in security assessment requests.}, language = {en} } @misc{RenzShamsMeinel2017, author = {Renz, Jan and Shams, Ahmed and Meinel, Christoph}, title = {Offline-Enabled Web-based E-Learning for Improved User Experience in Africa}, series = {2017 IEEE Africon}, journal = {2017 IEEE Africon}, publisher = {IEEE}, address = {New York}, isbn = {978-1-5386-2775-4}, issn = {2153-0025}, doi = {10.1109/AFRCON.2017.8095574}, pages = {736 -- 742}, year = {2017}, abstract = {Web-based E-Learning uses Internet technologies and digital media to deliver education content to learners. Many universities in recent years apply their capacity in producing Massive Open Online Courses (MOOCs). They have been offering MOOCs with an expectation of rendering a comprehensive online apprenticeship. Typically, an online content delivery process requires an Internet connection. However, access to the broadband has never been a readily available resource in many regions. In Africa, poor and no networks are yet predominantly experienced by Internet users, frequently causing offline each moment a digital device disconnect from a network. As a result, a learning process is always disrupted, delayed and terminated in such regions. This paper raises the concern of E-Learning in poor and low bandwidths, in fact, it highlights the needs for an Offline-Enabled mode. The paper also explores technical approaches beamed to enhance the user experience inWeb-based E-Learning, particular in Africa.}, language = {en} } @misc{PerlichMeinel2018, author = {Perlich, Anja and Meinel, Christoph}, title = {Cooperative Note-Taking in Psychotherapy Sessions}, series = {2018 IEEE 20th International Conference on e-Health Networking, Applications and Services (Healthcom)}, journal = {2018 IEEE 20th International Conference on e-Health Networking, Applications and Services (Healthcom)}, publisher = {IEEE}, address = {New York}, isbn = {978-1-5386-4294-8}, pages = {6}, year = {2018}, abstract = {In the course of patient treatments, psychotherapists aim to meet the challenges of being both a trusted, knowledgeable conversation partner and a diligent documentalist. We are developing the digital whiteboard system Tele-Board MED (TBM), which allows the therapist to take digital notes during the session together with the patient. This study investigates what therapists are experiencing when they document with TBM in patient sessions for the first time and whether this documentation saves them time when writing official clinical documents. As the core of this study, we conducted four anamnesis session dialogues with behavior psychotherapists and volunteers acting in the role of patients. Following a mixed-method approach, the data collection and analysis involved self-reported emotion samples, user experience curves and questionnaires. We found that even in the very first patient session with TBM, therapists come to feel comfortable, develop a positive feeling and can concentrate on the patient. Regarding administrative documentation tasks, we found with the TBM report generation feature the therapists save 60\% of the time they normally spend on writing case reports to the health insurance.}, language = {en} } @misc{GawronChengMeinel2018, author = {Gawron, Marian and Cheng, Feng and Meinel, Christoph}, title = {Automatic vulnerability classification using machine learning}, series = {Risks and Security of Internet and Systems}, journal = {Risks and Security of Internet and Systems}, publisher = {Springer}, address = {Cham}, isbn = {978-3-319-76687-4}, issn = {0302-9743}, doi = {10.1007/978-3-319-76687-4_1}, pages = {3 -- 17}, year = {2018}, abstract = {The classification of vulnerabilities is a fundamental step to derive formal attributes that allow a deeper analysis. Therefore, it is required that this classification has to be performed timely and accurate. Since the current situation demands a manual interaction in the classification process, the timely processing becomes a serious issue. Thus, we propose an automated alternative to the manual classification, because the amount of identified vulnerabilities per day cannot be processed manually anymore. We implemented two different approaches that are able to automatically classify vulnerabilities based on the vulnerability description. We evaluated our approaches, which use Neural Networks and the Naive Bayes methods respectively, on the base of publicly known vulnerabilities.}, language = {en} } @misc{BauerMalchowMeinel2018, author = {Bauer, Matthias and Malchow, Martin and Meinel, Christoph}, title = {Improving access to online lecture videos}, series = {Proceedings of 2018 IEEE Global Engineering Education Conference (EDUCON)}, journal = {Proceedings of 2018 IEEE Global Engineering Education Conference (EDUCON)}, publisher = {IEEE}, address = {New York}, isbn = {978-1-5386-2957-4}, issn = {2165-9567}, doi = {10.1109/EDUCON.2018.8363361}, pages = {1161 -- 1168}, year = {2018}, abstract = {In university teaching today, it is common practice to record regular lectures and special events such as conferences and speeches. With these recordings, a large fundus of video teaching material can be created quickly and easily. Typically, lectures have a length of about one and a half hours and usually take place once or twice a week based on the credit hours. Depending on the number of lectures and other events recorded, the number of recordings available is increasing rapidly, which means that an appropriate form of provisioning is essential for the students. This is usually done in the form of lecture video platforms. In this work, we have investigated how lecture video platforms and the contained knowledge can be improved and accessed more easily by an increasing number of students. We came up with a multistep process we have applied to our own lecture video web portal that can be applied to other solutions as well.}, language = {en} } @misc{MalchowBauerMeinel2018, author = {Malchow, Martin and Bauer, Matthias and Meinel, Christoph}, title = {Embedded smart home — remote lab MOOC with optional real hardware experience for over 4000 students}, series = {Proceedings of 2018 IEEE Global Engineering Education Conference (EDUCON)}, journal = {Proceedings of 2018 IEEE Global Engineering Education Conference (EDUCON)}, publisher = {IEEE}, address = {New York}, isbn = {978-1-5386-2957-4}, issn = {2165-9567}, doi = {10.1109/EDUCON.2018.8363353}, pages = {1104 -- 1111}, year = {2018}, abstract = {MOOCs (Massive Open Online Courses) become more and more popular for learners of all ages to study further or to learn new subjects of interest. The purpose of this paper is to introduce a different MOOC course style. Typically, video content is shown teaching the student new information. After watching a video, self-test questions can be answered. Finally, the student answers weekly exams and final exams like the self test questions. Out of the points that have been scored for weekly and final exams a certificate can be issued. Our approach extends the possibility to receive points for the final score with practical programming exercises on real hardware. It allows the student to do embedded programming by communicating over GPIO pins to control LEDs and measure sensor values. Additionally, they can visualize values on an embedded display using web technologies, which are an essential part of embedded and smart home devices to communicate with common APIs. Students have the opportunity to solve all tasks within the online remote lab and at home on the same kind of hardware. The evaluation of this MOOCs indicates the interesting design for students to learn an engineering technique with new technology approaches in an appropriate, modern, supporting and motivating way of teaching.}, language = {en} } @misc{MalchowBauerMeinel2018, author = {Malchow, Martin and Bauer, Matthias and Meinel, Christoph}, title = {Enhance Learning in a Video Lecture Archive with Annotations}, series = {Proceedings of OF 2018 IEEE Global Engineering Education Conference (EDUCON)}, journal = {Proceedings of OF 2018 IEEE Global Engineering Education Conference (EDUCON)}, publisher = {IEEE}, address = {New York}, isbn = {978-1-5386-2957-4}, issn = {2165-9567}, pages = {849 -- 856}, year = {2018}, abstract = {When students watch learning videos online, they usually need to watch several hours of video content. In the end, not every minute of a video is relevant for the exam. Additionally, students need to add notes to clarify issues of a lecture. There are several possibilities to enhance the metadata of a video, e.g. a typical way to add user-specific information to an online video is a comment functionality, which allows users to share their thoughts and questions with the public. In contrast to common video material which can be found online, lecture videos are used for exam preparation. Due to this difference, the idea comes up to annotate lecture videos with markers and personal notes for a better understanding of the taught content. Especially, students learning for an exam use their notes to refresh their memories. To ease this learning method with lecture videos, we introduce the annotation feature in our video lecture archive. This functionality supports the students with keeping track of their thoughts by providing an intuitive interface to easily add, modify or remove their ideas. This annotation function is integrated in the video player. Hence, scrolling to a separate annotation area on the website is not necessary. Furthermore, the annotated notes can be exported together with the slide content to a PDF file, which can then be printed easily. Lecture video annotations support and motivate students to learn and watch videos from an E-Learning video archive.}, language = {en} } @misc{TorkuraSukmanaMeinigetal.2018, author = {Torkura, Kennedy A. and Sukmana, Muhammad Ihsan Haikal and Meinig, Michael and Kayem, Anne V. D. M. and Cheng, Feng and Meinel, Christoph and Graupner, Hendrik}, title = {Securing cloud storage brokerage systems through threat models}, series = {Proceedings IEEE 32nd International Conference on Advanced Information Networking and Applications (AINA)}, journal = {Proceedings IEEE 32nd International Conference on Advanced Information Networking and Applications (AINA)}, publisher = {IEEE}, address = {New York}, isbn = {978-1-5386-2195-0}, issn = {1550-445X}, doi = {10.1109/AINA.2018.00114}, pages = {759 -- 768}, year = {2018}, abstract = {Cloud storage brokerage is an abstraction aimed at providing value-added services. However, Cloud Service Brokers are challenged by several security issues including enlarged attack surfaces due to integration of disparate components and API interoperability issues. Therefore, appropriate security risk assessment methods are required to identify and evaluate these security issues, and examine the efficiency of countermeasures. A possible approach for satisfying these requirements is employment of threat modeling concepts, which have been successfully applied in traditional paradigms. In this work, we employ threat models including attack trees, attack graphs and Data Flow Diagrams against a Cloud Service Broker (CloudRAID) and analyze these security threats and risks. Furthermore, we propose an innovative technique for combining Common Vulnerability Scoring System (CVSS) and Common Configuration Scoring System (CCSS) base scores in probabilistic attack graphs to cater for configuration-based vulnerabilities which are typically leveraged for attacking cloud storage systems. This approach is necessary since existing schemes do not provide sufficient security metrics, which are imperatives for comprehensive risk assessments. We demonstrate the efficiency of our proposal by devising CCSS base scores for two common attacks against cloud storage: Cloud Storage Enumeration Attack and Cloud Storage Exploitation Attack. These metrics are then used in Attack Graph Metric-based risk assessment. Our experimental evaluation shows that our approach caters for the aforementioned gaps and provides efficient security hardening options. Therefore, our proposals can be employed to improve cloud security.}, language = {en} } @misc{KrentzMeinelGraupner2018, author = {Krentz, Konrad-Felix and Meinel, Christoph and Graupner, Hendrik}, title = {More Lightweight, yet Stronger 802.15.4 Security Through an Intra-layer Optimization}, series = {Foundations and Practice of Security}, volume = {10723}, journal = {Foundations and Practice of Security}, publisher = {Springer}, address = {Cham}, isbn = {978-3-319-75650-9}, issn = {0302-9743}, doi = {10.1007/978-3-319-75650-9_12}, pages = {173 -- 188}, year = {2018}, abstract = {802.15.4 security protects against the replay, injection, and eavesdropping of 802.15.4 frames. A core concept of 802.15.4 security is the use of frame counters for both nonce generation and anti-replay protection. While being functional, frame counters (i) cause an increased energy consumption as they incur a per-frame overhead of 4 bytes and (ii) only provide sequential freshness. The Last Bits (LB) optimization does reduce the per-frame overhead of frame counters, yet at the cost of an increased RAM consumption and occasional energy-and time-consuming resynchronization actions. Alternatively, the timeslotted channel hopping (TSCH) media access control (MAC) protocol of 802.15.4 avoids the drawbacks of frame counters by replacing them with timeslot indices, but findings of Yang et al. question the security of TSCH in general. In this paper, we assume the use of ContikiMAC, which is a popular asynchronous MAC protocol for 802.15.4 networks. Under this assumption, we propose an Intra-Layer Optimization for 802.15.4 Security (ILOS), which intertwines 802.15.4 security and ContikiMAC. In effect, ILOS reduces the security-related per-frame overhead even more than the LB optimization, as well as achieves strong freshness. Furthermore, unlike the LB optimization, ILOS neither incurs an increased RAM consumption nor requires resynchronization actions. Beyond that, ILOS integrates with and advances other security supplements to ContikiMAC. We implemented ILOS using OpenMotes and the Contiki operating system.}, language = {en} } @misc{ShaabaniMeinel2018, author = {Shaabani, Nuhad and Meinel, Christoph}, title = {Improving the efficiency of inclusion dependency detection}, series = {Proceedings of the 27th ACM International Conference on Information and Knowledge Management}, journal = {Proceedings of the 27th ACM International Conference on Information and Knowledge Management}, publisher = {Association for Computing Machinery}, address = {New York}, isbn = {978-1-4503-6014-2}, doi = {10.1145/3269206.3271724}, pages = {207 -- 216}, year = {2018}, abstract = {The detection of all inclusion dependencies (INDs) in an unknown dataset is at the core of any data profiling effort. Apart from the discovery of foreign key relationships, INDs can help perform data integration, integrity checking, schema (re-)design, and query optimization. With the advent of Big Data, the demand increases for efficient INDs discovery algorithms that can scale with the input data size. To this end, we propose S-INDD++ as a scalable system for detecting unary INDs in large datasets. S-INDD++ applies a new stepwise partitioning technique that helps discard a large number of attributes in early phases of the detection by processing the first partitions of smaller sizes. S-INDD++ also extends the concept of the attribute clustering to decide which attributes to be discarded based on the clustering result of each partition. Moreover, in contrast to the state-of-the-art, S-INDD++ does not require the partition to fit into the main memory-which is a highly appreciable property in the face of the ever growing datasets. We conducted an exhaustive evaluation of S-INDD++ by applying it to large datasets with thousands attributes and more than 266 million tuples. The results show the high superiority of S-INDD++ over the state-of-the-art. S-INDD++ reduced up to 50 \% of the runtime in comparison with BINDER, and up to 98 \% in comparison with S-INDD.}, language = {en} } @misc{ElsaidShawishMeinel2018, author = {Elsaid, Mohamed Esam and Shawish, Ahmed and Meinel, Christoph}, title = {Enhanced cost analysis of multiple virtual machines live migration in VMware environments}, series = {2018 IEEE 8th International Symposium on Cloud and Service Computing (SC2)}, journal = {2018 IEEE 8th International Symposium on Cloud and Service Computing (SC2)}, publisher = {IEEE}, address = {New York}, isbn = {978-1-7281-0236-8}, doi = {10.1109/SC2.2018.00010}, pages = {16 -- 23}, year = {2018}, abstract = {Live migration is an important feature in modern software-defined datacenters and cloud computing environments. Dynamic resource management, load balance, power saving and fault tolerance are all dependent on the live migration feature. Despite the importance of live migration, the cost of live migration cannot be ignored and may result in service availability degradation. Live migration cost includes the migration time, downtime, CPU overhead, network and power consumption. There are many research articles that discuss the problem of live migration cost with different scopes like analyzing the cost and relate it to the parameters that control it, proposing new migration algorithms that minimize the cost and also predicting the migration cost. For the best of our knowledge, most of the papers that discuss the migration cost problem focus on open source hypervisors. For the research articles focus on VMware environments, none of the published articles proposed migration time, network overhead and power consumption modeling for single and multiple VMs live migration. In this paper, we propose empirical models for the live migration time, network overhead and power consumption for single and multiple VMs migration. The proposed models are obtained using a VMware based testbed.}, language = {en} } @misc{BinTareafBergerHennigetal.2019, author = {Bin Tareaf, Raad and Berger, Philipp and Hennig, Patrick and Meinel, Christoph}, title = {Personality exploration system for online social networks}, series = {2018 IEEE/WIC/ACM International Conference on Web Intelligence (WI)}, journal = {2018 IEEE/WIC/ACM International Conference on Web Intelligence (WI)}, publisher = {IEEE}, address = {New York}, isbn = {978-1-5386-7325-6}, doi = {10.1109/WI.2018.00-76}, pages = {301 -- 309}, year = {2019}, abstract = {User-generated content on social media platforms is a rich source of latent information about individual variables. Crawling and analyzing this content provides a new approach for enterprises to personalize services and put forward product recommendations. In the past few years, brands made a gradual appearance on social media platforms for advertisement, customers support and public relation purposes and by now it became a necessity throughout all branches. This online identity can be represented as a brand personality that reflects how a brand is perceived by its customers. We exploited recent research in text analysis and personality detection to build an automatic brand personality prediction model on top of the (Five-Factor Model) and (Linguistic Inquiry and Word Count) features extracted from publicly available benchmarks. The proposed model reported significant accuracy in predicting specific personality traits form brands. For evaluating our prediction results on actual brands, we crawled the Facebook API for 100k posts from the most valuable brands' pages in the USA and we visualize exemplars of comparison results and present suggestions for future directions.}, language = {en} } @misc{KayemMeinelWolthusen2018, author = {Kayem, Anne Voluntas dei Massah and Meinel, Christoph and Wolthusen, Stephen D.}, title = {Smart micro-grid systems security and privacy preface}, series = {Smart micro-grid systems security and privacy}, volume = {71}, journal = {Smart micro-grid systems security and privacy}, publisher = {Springer}, address = {Dordrecht}, isbn = {978-3-319-91427-5}, doi = {10.1007/978-3-319-91427-5_1}, pages = {VII -- VIII}, year = {2018}, abstract = {Studies indicate that reliable access to power is an important enabler for economic growth. To this end, modern energy management systems have seen a shift from reliance on time-consuming manual procedures , to highly automated management , with current energy provisioning systems being run as cyber-physical systems . Operating energy grids as a cyber-physical system offers the advantage of increased reliability and dependability , but also raises issues of security and privacy. In this chapter, we provide an overview of the contents of this book showing the interrelation between the topics of the chapters in terms of smart energy provisioning. We begin by discussing the concept of smart-grids in general, proceeding to narrow our focus to smart micro-grids in particular. Lossy networks also provide an interesting framework for enabling the implementation of smart micro-grids in remote/rural areas, where deploying standard smart grids is economically and structurally infeasible. To this end, we consider an architectural design for a smart micro-grid suited to low-processing capable devices. We model malicious behaviour, and propose mitigation measures based properties to distinguish normal from malicious behaviour .}, language = {en} } @misc{SianiparWillemsMeinel2019, author = {Sianipar, Johannes Harungguan and Willems, Christian and Meinel, Christoph}, title = {Virtual machine integrity verification in Crowd-Resourcing Virtual Laboratory}, series = {2018 IEEE 11th Conference on Service-Oriented Computing and Applications (SOCA)}, journal = {2018 IEEE 11th Conference on Service-Oriented Computing and Applications (SOCA)}, publisher = {IEEE}, address = {New York}, isbn = {978-1-5386-9133-5}, issn = {2163-2871}, doi = {10.1109/SOCA.2018.00032}, pages = {169 -- 176}, year = {2019}, abstract = {In cloud computing, users are able to use their own operating system (OS) image to run a virtual machine (VM) on a remote host. The virtual machine OS is started by the user using some interfaces provided by a cloud provider in public or private cloud. In peer to peer cloud, the VM is started by the host admin. After the VM is running, the user could get a remote access to the VM to install, configure, and run services. For the security reasons, the user needs to verify the integrity of the running VM, because a malicious host admin could modify the image or even replace the image with a similar image, to be able to get sensitive data from the VM. We propose an approach to verify the integrity of a running VM on a remote host, without using any specific hardware such as Trusted Platform Module (TPM). Our approach is implemented on a Linux platform where the kernel files (vmlinuz and initrd) could be replaced with new files, while the VM is running. kexec is used to reboot the VM with the new kernel files. The new kernel has secret codes that will be used to verify whether the VM was started using the new kernel files. The new kernel is used to further measuring the integrity of the running VM.}, language = {en} } @misc{SianiparSukmanaMeinel2019, author = {Sianipar, Johannes Harungguan and Sukmana, Muhammad Ihsan Haikal and Meinel, Christoph}, title = {Moving sensitive data against live memory dumping, spectre and meltdown attacks}, series = {26th International Conference on Systems Engineering (ICSEng)}, journal = {26th International Conference on Systems Engineering (ICSEng)}, publisher = {IEEE}, address = {New York}, isbn = {978-1-5386-7834-3}, pages = {8}, year = {2019}, abstract = {The emergence of cloud computing allows users to easily host their Virtual Machines with no up-front investment and the guarantee of always available anytime anywhere. But with the Virtual Machine (VM) is hosted outside of user's premise, the user loses the physical control of the VM as it could be running on untrusted host machines in the cloud. Malicious host administrator could launch live memory dumping, Spectre, or Meltdown attacks in order to extract sensitive information from the VM's memory, e.g. passwords or cryptographic keys of applications running in the VM. In this paper, inspired by the moving target defense (MTD) scheme, we propose a novel approach to increase the security of application's sensitive data in the VM by continuously moving the sensitive data among several memory allocations (blocks) in Random Access Memory (RAM). A movement function is added into the application source code in order for the function to be running concurrently with the application's main function. Our approach could reduce the possibility of VM's sensitive data in the memory to be leaked into memory dump file by 2 5\% and secure the sensitive data from Spectre and Meltdown attacks. Our approach's overhead depends on the number and the size of the sensitive data.}, language = {en} } @misc{TorkuraSukmanaKayemetal.2018, author = {Torkura, Kennedy A. and Sukmana, Muhammad Ihsan Haikal and Kayem, Anne V. D. M. and Cheng, Feng and Meinel, Christoph}, title = {A cyber risk based moving target defense mechanism for microservice architectures}, series = {IEEE Intl Conf on Parallel \& Distributed Processing with Applications, Ubiquitous Computing \& Communications, Big Data \& Cloud Computing, Social Computing \& Networking, Sustainable Computing \& Communications (ISPA/IUCC/BDCloud/SocialCom/SustainCom)}, journal = {IEEE Intl Conf on Parallel \& Distributed Processing with Applications, Ubiquitous Computing \& Communications, Big Data \& Cloud Computing, Social Computing \& Networking, Sustainable Computing \& Communications (ISPA/IUCC/BDCloud/SocialCom/SustainCom)}, publisher = {Institute of Electrical and Electronics Engineers}, address = {Los Alamitos}, isbn = {978-1-7281-1141-4}, issn = {2158-9178}, doi = {10.1109/BDCloud.2018.00137}, pages = {932 -- 939}, year = {2018}, abstract = {Microservice Architectures (MSA) structure applications as a collection of loosely coupled services that implement business capabilities. The key advantages of MSA include inherent support for continuous deployment of large complex applications, agility and enhanced productivity. However, studies indicate that most MSA are homogeneous, and introduce shared vulnerabilites, thus vulnerable to multi-step attacks, which are economics-of-scale incentives to attackers. In this paper, we address the issue of shared vulnerabilities in microservices with a novel solution based on the concept of Moving Target Defenses (MTD). Our mechanism works by performing risk analysis against microservices to detect and prioritize vulnerabilities. Thereafter, security risk-oriented software diversification is employed, guided by a defined diversification index. The diversification is performed at runtime, leveraging both model and template based automatic code generation techniques to automatically transform programming languages and container images of the microservices. Consequently, the microservices attack surfaces are altered thereby introducing uncertainty for attackers while reducing the attackability of the microservices. Our experiments demonstrate the efficiency of our solution, with an average success rate of over 70\% attack surface randomization.}, language = {en} } @misc{SukmanaTorkuraChengetal.2018, author = {Sukmana, Muhammad Ihsan Haikal and Torkura, Kennedy A. and Cheng, Feng and Meinel, Christoph and Graupner, Hendrik}, title = {Unified logging system for monitoring multiple cloud storage providers in cloud storage broker}, series = {32ND International Conference on Information Networking (ICOIN)}, journal = {32ND International Conference on Information Networking (ICOIN)}, publisher = {IEEE}, address = {New York}, isbn = {978-1-5386-2290-2}, doi = {10.1109/ICOIN.2018.8343081}, pages = {44 -- 49}, year = {2018}, abstract = {With the increasing demand for personal and enterprise data storage service, Cloud Storage Broker (CSB) provides cloud storage service using multiple Cloud Service Providers (CSPs) with guaranteed Quality of Service (QoS), such as data availability and security. However monitoring cloud storage usage in multiple CSPs has become a challenge for CSB due to lack of standardized logging format for cloud services that causes each CSP to implement its own format. In this paper we propose a unified logging system that can be used by CSB to monitor cloud storage usage across multiple CSPs. We gather cloud storage log files from three different CSPs and normalise these into our proposed log format that can be used for further analysis process. We show that our work enables a coherent view suitable for data navigation, monitoring, and analytics.}, language = {en} } @misc{TorkuraSukmanaStraussetal.2018, author = {Torkura, Kennedy A. and Sukmana, Muhammad Ihsan Haikal and Strauss, Tim and Graupner, Hendrik and Cheng, Feng and Meinel, Christoph}, title = {CSBAuditor}, series = {17th International Symposium on Network Computing and Applications (NCA)}, journal = {17th International Symposium on Network Computing and Applications (NCA)}, publisher = {IEEE}, address = {New York}, isbn = {978-1-5386-7659-2}, doi = {10.1109/NCA.2018.8548329}, pages = {10}, year = {2018}, abstract = {Cloud Storage Brokers (CSB) provide seamless and concurrent access to multiple Cloud Storage Services (CSS) while abstracting cloud complexities from end-users. However, this multi-cloud strategy faces several security challenges including enlarged attack surfaces, malicious insider threats, security complexities due to integration of disparate components and API interoperability issues. Novel security approaches are imperative to tackle these security issues. Therefore, this paper proposes CSBAuditor, a novel cloud security system that continuously audits CSB resources, to detect malicious activities and unauthorized changes e.g. bucket policy misconfigurations, and remediates these anomalies. The cloud state is maintained via a continuous snapshotting mechanism thereby ensuring fault tolerance. We adopt the principles of chaos engineering by integrating Broker Monkey, a component that continuously injects failure into our reference CSB system, Cloud RAID. Hence, CSBAuditor is continuously tested for efficiency i.e. its ability to detect the changes injected by Broker Monkey. CSBAuditor employs security metrics for risk analysis by computing severity scores for detected vulnerabilities using the Common Configuration Scoring System, thereby overcoming the limitation of insufficient security metrics in existing cloud auditing schemes. CSBAuditor has been tested using various strategies including chaos engineering failure injection strategies. Our experimental evaluation validates the efficiency of our approach against the aforementioned security issues with a detection and recovery rate of over 96 \%.}, language = {en} } @misc{BinTareafBergerHennigetal.2018, author = {Bin Tareaf, Raad and Berger, Philipp and Hennig, Patrick and Meinel, Christoph}, title = {ASEDS}, series = {IEEE 20th International Conference on High Performance Computing and Communications; IEEE 16th International Conference on Smart City; IEEE 4th International Conference on Data Science and Systems (HPCC/SmartCity/DSS))}, journal = {IEEE 20th International Conference on High Performance Computing and Communications; IEEE 16th International Conference on Smart City; IEEE 4th International Conference on Data Science and Systems (HPCC/SmartCity/DSS))}, publisher = {IEEE}, address = {New York}, isbn = {978-1-5386-6614-2}, doi = {10.1109/HPCC/SmartCity/DSS.2018.00143}, pages = {860 -- 866}, year = {2018}, abstract = {The Massive adoption of social media has provided new ways for individuals to express their opinion and emotion online. In 2016, Facebook introduced a new reactions feature that allows users to express their psychological emotions regarding published contents using so-called Facebook reactions. In this paper, a framework for predicting the distribution of Facebook post reactions is presented. For this purpose, we collected an enormous amount of Facebook posts associated with their reactions labels using the proposed scalable Facebook crawler. The training process utilizes 3 million labeled posts for more than 64,000 unique Facebook pages from diverse categories. The evaluation on standard benchmarks using the proposed features shows promising results compared to previous research. The final model is able to predict the reaction distribution on Facebook posts with a recall score of 0.90 for "Joy" emotion.}, language = {en} } @misc{StaubitzMeinel2018, author = {Staubitz, Thomas and Meinel, Christoph}, title = {Collaborative Learning in MOOCs - Approaches and Experiments}, series = {2018 IEEE Frontiers in Education (FIE) Conference}, journal = {2018 IEEE Frontiers in Education (FIE) Conference}, publisher = {IEEE}, address = {New York}, isbn = {978-1-5386-1174-6}, issn = {0190-5848}, pages = {9}, year = {2018}, abstract = {This Research-to-Practice paper examines the practical application of various forms of collaborative learning in MOOCs. Since 2012, about 60 MOOCs in the wider context of Information Technology and Computer Science have been conducted on our self-developed MOOC platform. The platform is also used by several customers, who either run their own platform instances or use our white label platform. We, as well as some of our partners, have experimented with different approaches in collaborative learning in these courses. Based on the results of early experiments, surveys amongst our participants, and requests by our business partners we have integrated several options to offer forms of collaborative learning to the system. The results of our experiments are directly fed back to the platform development, allowing to fine tune existing and to add new tools where necessary. In the paper at hand, we discuss the benefits and disadvantages of decisions in the design of a MOOC with regard to the various forms of collaborative learning. While the focus of the paper at hand is on forms of large group collaboration, two types of small group collaboration on our platforms are briefly introduced.}, language = {en} } @misc{BartzYangMeinel2018, author = {Bartz, Christian and Yang, Haojin and Meinel, Christoph}, title = {SEE: Towards semi-supervised end-to-end scene text recognition}, series = {Proceedings of the Thirty-Second AAAI Conference on Artificial Intelligence, Thirtieth Innovative Applications of Artificial Intelligence Conference, Eight Symposium on Educational Advances in Artificial Intelligence}, volume = {10}, journal = {Proceedings of the Thirty-Second AAAI Conference on Artificial Intelligence, Thirtieth Innovative Applications of Artificial Intelligence Conference, Eight Symposium on Educational Advances in Artificial Intelligence}, publisher = {ASSOC Association for the Advancement of Artificial Intelligence}, address = {Palo Alto}, isbn = {978-1-57735-800-8}, pages = {6674 -- 6681}, year = {2018}, abstract = {Detecting and recognizing text in natural scene images is a challenging, yet not completely solved task. In recent years several new systems that try to solve at least one of the two sub-tasks (text detection and text recognition) have been proposed. In this paper we present SEE, a step towards semi-supervised neural networks for scene text detection and recognition, that can be optimized end-to-end. Most existing works consist of multiple deep neural networks and several pre-processing steps. In contrast to this, we propose to use a single deep neural network, that learns to detect and recognize text from natural images, in a semi-supervised way. SEE is a network that integrates and jointly learns a spatial transformer network, which can learn to detect text regions in an image, and a text recognition network that takes the identified text regions and recognizes their textual content. We introduce the idea behind our novel approach and show its feasibility, by performing a range of experiments on standard benchmark datasets, where we achieve competitive results.}, language = {en} } @misc{KliemeTietzMeinel2018, author = {Klieme, Eric and Tietz, Christian and Meinel, Christoph}, title = {Beware of SMOMBIES}, series = {The 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom 2018)/the 12th IEEE International Conference on Big Data Science and Engineering (IEEE BigDataSE 2018)}, journal = {The 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom 2018)/the 12th IEEE International Conference on Big Data Science and Engineering (IEEE BigDataSE 2018)}, publisher = {IEEE}, address = {New York}, isbn = {978-1-5386-4387-7}, issn = {2324-9013}, doi = {10.1109/TrustCom/BigDataSE.2018.00096}, pages = {651 -- 660}, year = {2018}, abstract = {Several research evaluated the user's style of walking for the verification of a claimed identity and showed high authentication accuracies in many settings. In this paper we present a system that successfully verifies a user's identity based on many real world smartphone placements and yet not regarded interactions while walking. Our contribution is the distinction of all considered activities into three distinct subsets and a specific one-class Support Vector Machine per subset. Using sensor data of 30 participants collected in a semi-supervised study approach, we prove that unsupervised verification is possible with very low false-acceptance and false-rejection rates. We furthermore show that these subsets can be distinguished with a high accuracy and demonstrate that this system can be deployed on off-the-shelf smartphones.}, language = {en} } @misc{StaubitzMeinel2019, author = {Staubitz, Thomas and Meinel, Christoph}, title = {Graded Team Assignments in MOOCs}, series = {SCALE}, journal = {SCALE}, publisher = {Association for Computing Machinery}, address = {New York}, isbn = {978-1-4503-6804-9}, doi = {10.1145/3330430.3333619}, pages = {10}, year = {2019}, abstract = {The ability to work in teams is an important skill in today's work environments. In MOOCs, however, team work, team tasks, and graded team-based assignments play only a marginal role. To close this gap, we have been exploring ways to integrate graded team-based assignments in MOOCs. Some goals of our work are to determine simple criteria to match teams in a volatile environment and to enable a frictionless online collaboration for the participants within our MOOC platform. The high dropout rates in MOOCs pose particular challenges for team work in this context. By now, we have conducted 15 MOOCs containing graded team-based assignments in a variety of topics. The paper at hand presents a study that aims to establish a solid understanding of the participants in the team tasks. Furthermore, we attempt to determine which team compositions are particularly successful. Finally, we examine how several modifications to our platform's collaborative toolset have affected the dropout rates and performance of the teams.}, language = {en} } @misc{BockMatysikKrentzetal.2019, author = {Bock, Benedikt and Matysik, Jan-Tobias and Krentz, Konrad-Felix and Meinel, Christoph}, title = {Link Layer Key Revocation and Rekeying for the Adaptive Key Establishment Scheme}, series = {2019 IEEE 5TH World Forum on internet of things (WF-IOT)}, journal = {2019 IEEE 5TH World Forum on internet of things (WF-IOT)}, publisher = {IEEE}, address = {New York}, isbn = {978-1-5386-4980-0}, doi = {10.1109/WF-IoT.2019.8767211}, pages = {374 -- 379}, year = {2019}, abstract = {While the IEEE 802.15.4 radio standard has many features that meet the requirements of Internet of things applications, IEEE 802.15.4 leaves the whole issue of key management unstandardized. To address this gap, Krentz et al. proposed the Adaptive Key Establishment Scheme (AKES), which establishes session keys for use in IEEE 802.15.4 security. Yet, AKES does not cover all aspects of key management. In particular, AKES comprises no means for key revocation and rekeying. Moreover, existing protocols for key revocation and rekeying seem limited in various ways. In this paper, we hence propose a key revocation and rekeying protocol, which is designed to overcome various limitations of current protocols for key revocation and rekeying. For example, our protocol seems unique in that it routes around IEEE 802.15.4 nodes whose keys are being revoked. We successfully implemented and evaluated our protocol using the Contiki-NG operating system and aiocoap.}, language = {en} } @misc{PodlesnyKayemMeinel2019, author = {Podlesny, Nikolai Jannik and Kayem, Anne V. D. M. and Meinel, Christoph}, title = {Attribute Compartmentation and Greedy UCC Discovery for High-Dimensional Data Anonymisation}, series = {Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy}, journal = {Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy}, publisher = {Association for Computing Machinery}, address = {New York}, isbn = {978-1-4503-6099-9}, doi = {10.1145/3292006.3300019}, pages = {109 -- 119}, year = {2019}, abstract = {High-dimensional data is particularly useful for data analytics research. In the healthcare domain, for instance, high-dimensional data analytics has been used successfully for drug discovery. Yet, in order to adhere to privacy legislation, data analytics service providers must guarantee anonymity for data owners. In the context of high-dimensional data, ensuring privacy is challenging because increased data dimensionality must be matched by an exponential growth in the size of the data to avoid sparse datasets. Syntactically, anonymising sparse datasets with methods that rely of statistical significance, makes obtaining sound and reliable results, a challenge. As such, strong privacy is only achievable at the cost of high information loss, rendering the data unusable for data analytics. In this paper, we make two contributions to addressing this problem from both the privacy and information loss perspectives. First, we show that by identifying dependencies between attribute subsets we can eliminate privacy violating attributes from the anonymised dataset. Second, to minimise information loss, we employ a greedy search algorithm to determine and eliminate maximal partial unique attribute combinations. Thus, one only needs to find the minimal set of identifying attributes to prevent re-identification. Experiments on a health cloud based on the SAP HANA platform using a semi-synthetic medical history dataset comprised of 109 attributes, demonstrate the effectiveness of our approach.}, language = {en} } @misc{AlhosseiniAlmodarresiYasinBinTareafNajafietal.2019, author = {Alhosseini Almodarresi Yasin, Seyed Ali and Bin Tareaf, Raad and Najafi, Pejman and Meinel, Christoph}, title = {Detect me if you can}, series = {Companion Proceedings of The 2019 World Wide Web Conference}, journal = {Companion Proceedings of The 2019 World Wide Web Conference}, publisher = {Association for Computing Machinery}, address = {New York}, isbn = {978-1-4503-6675-5}, doi = {10.1145/3308560.3316504}, pages = {148 -- 153}, year = {2019}, abstract = {Spam Bots have become a threat to online social networks with their malicious behavior, posting misinformation messages and influencing online platforms to fulfill their motives. As spam bots have become more advanced over time, creating algorithms to identify bots remains an open challenge. Learning low-dimensional embeddings for nodes in graph structured data has proven to be useful in various domains. In this paper, we propose a model based on graph convolutional neural networks (GCNN) for spam bot detection. Our hypothesis is that to better detect spam bots, in addition to defining a features set, the social graph must also be taken into consideration. GCNNs are able to leverage both the features of a node and aggregate the features of a node's neighborhood. We compare our approach, with two methods that work solely on a features set and on the structure of the graph. To our knowledge, this work is the first attempt of using graph convolutional neural networks in spam bot detection.}, language = {en} } @misc{RenzMeinel2019, author = {Renz, Jan and Meinel, Christoph}, title = {The "Bachelor Project"}, series = {2019 IEEE Global Engineering Education Conference (EDUCON)}, journal = {2019 IEEE Global Engineering Education Conference (EDUCON)}, publisher = {IEEE}, address = {New York}, isbn = {978-1-5386-9506-7}, issn = {2165-9567}, doi = {10.1109/EDUCON.2019.8725140}, pages = {580 -- 587}, year = {2019}, abstract = {One of the challenges of educating the next generation of computer scientists is to teach them to become team players, that are able to communicate and interact not only with different IT systems, but also with coworkers and customers with a non-it background. The "bachelor project" is a project based on team work and a close collaboration with selected industry partners. The authors hosted some of the teams since spring term 2014/15. In the paper at hand we explain and discuss this concept and evaluate its success based on students' evaluation and reports. Furthermore, the technology-stack that has been used by the teams is evaluated to understand how self-organized students in IT-related projects work. We will show that and why the bachelor is the most successful educational format in the perception of the students and how this positive results can be improved by the mentors.}, language = {en} } @misc{StaubitzTeusnerMeinel2019, author = {Staubitz, Thomas and Teusner, Ralf and Meinel, Christoph}, title = {MOOCs in Secondary Education}, series = {2019 IEEE Global Engineering Education Conference (EDUCON)}, journal = {2019 IEEE Global Engineering Education Conference (EDUCON)}, publisher = {IEEE}, address = {New York}, isbn = {978-1-5386-9506-7}, issn = {2165-9567}, doi = {10.1109/EDUCON.2019.8725138}, pages = {173 -- 182}, year = {2019}, abstract = {Computer science education in German schools is often less than optimal. It is only mandatory in a few of the federal states and there is a lack of qualified teachers. As a MOOC (Massive Open Online Course) provider with a German background, we developed the idea to implement a MOOC addressing pupils in secondary schools to fill this gap. The course targeted high school pupils and enabled them to learn the Python programming language. In 2014, we successfully conducted the first iteration of this MOOC with more than 7000 participants. However, the share of pupils in the course was not quite satisfactory. So we conducted several workshops with teachers to find out why they had not used the course to the extent that we had imagined. The paper at hand explores and discusses the steps we have taken in the following years as a result of these workshops.}, language = {en} } @misc{SukmanaTorkuraGraupneretal.2019, author = {Sukmana, Muhammad Ihsan Haikal and Torkura, Kennedy A. and Graupner, Hendrik and Cheng, Feng and Meinel, Christoph}, title = {Unified Cloud Access Control Model for Cloud Storage Broker}, series = {33rd International Conference on Information Networking (ICOIN 2019)}, journal = {33rd International Conference on Information Networking (ICOIN 2019)}, publisher = {IEEE}, address = {Los Alamitos}, isbn = {978-1-5386-8350-7}, issn = {1976-7684}, doi = {10.1109/ICOIN.2019.8717982}, pages = {60 -- 65}, year = {2019}, abstract = {Cloud Storage Broker (CSB) provides value-added cloud storage service for enterprise usage by leveraging multi-cloud storage architecture. However, it raises several challenges for managing resources and its access control in multiple Cloud Service Providers (CSPs) for authorized CSB stakeholders. In this paper we propose unified cloud access control model that provides the abstraction of CSP's services for centralized and automated cloud resource and access control management in multiple CSPs. Our proposal offers role-based access control for CSB stakeholders to access cloud resources by assigning necessary privileges and access control list for cloud resources and CSB stakeholders, respectively, following privilege separation concept and least privilege principle. We implement our unified model in a CSB system called CloudRAID for Business (CfB) with the evaluation result shows it provides system-and-cloud level security service for cfB and centralized resource and access control management in multiple CSPs.}, language = {en} } @misc{BartzYangBethgeetal.2019, author = {Bartz, Christian and Yang, Haojin and Bethge, Joseph and Meinel, Christoph}, title = {LoANs}, series = {Computer Vision - ACCV 2018 Workshops}, volume = {11367}, journal = {Computer Vision - ACCV 2018 Workshops}, publisher = {Springer}, address = {Cham}, isbn = {978-3-030-21074-8}, issn = {0302-9743}, doi = {10.1007/978-3-030-21074-8_29}, pages = {341 -- 356}, year = {2019}, abstract = {Recently, deep neural networks have achieved remarkable performance on the task of object detection and recognition. The reason for this success is mainly grounded in the availability of large scale, fully annotated datasets, but the creation of such a dataset is a complicated and costly task. In this paper, we propose a novel method for weakly supervised object detection that simplifies the process of gathering data for training an object detector. We train an ensemble of two models that work together in a student-teacher fashion. Our student (localizer) is a model that learns to localize an object, the teacher (assessor) assesses the quality of the localization and provides feedback to the student. The student uses this feedback to learn how to localize objects and is thus entirely supervised by the teacher, as we are using no labels for training the localizer. In our experiments, we show that our model is very robust to noise and reaches competitive performance compared to a state-of-the-art fully supervised approach. We also show the simplicity of creating a new dataset, based on a few videos (e.g. downloaded from YouTube) and artificially generated data.}, language = {en} } @misc{SeidelKrentzMeinel2019, author = {Seidel, Felix and Krentz, Konrad-Felix and Meinel, Christoph}, title = {Deep En-Route Filtering of Constrained Application Protocol (CoAP) Messages on 6LoWPAN Border Routers}, series = {2019 IEEE 5th World Forum on Internet of Things (WF-IoT)}, journal = {2019 IEEE 5th World Forum on Internet of Things (WF-IoT)}, publisher = {Institute of Electrical and Electronics Engineers}, address = {New York}, isbn = {978-1-5386-4980-0}, doi = {10.1109/WF-IoT.2019.8767262}, pages = {201 -- 206}, year = {2019}, abstract = {Devices on the Internet of Things (IoT) are usually battery-powered and have limited resources. Hence, energy-efficient and lightweight protocols were designed for IoT devices, such as the popular Constrained Application Protocol (CoAP). Yet, CoAP itself does not include any defenses against denial-of-sleep attacks, which are attacks that aim at depriving victim devices of entering low-power sleep modes. For example, a denial-of-sleep attack against an IoT device that runs a CoAP server is to send plenty of CoAP messages to it, thereby forcing the IoT device to expend energy for receiving and processing these CoAP messages. All current security solutions for CoAP, namely Datagram Transport Layer Security (DTLS), IPsec, and OSCORE, fail to prevent such attacks. To fill this gap, Seitz et al. proposed a method for filtering out inauthentic and replayed CoAP messages "en-route" on 6LoWPAN border routers. In this paper, we expand on Seitz et al.'s proposal in two ways. First, we revise Seitz et al.'s software architecture so that 6LoWPAN border routers can not only check the authenticity and freshness of CoAP messages, but can also perform a wide range of further checks. Second, we propose a couple of such further checks, which, as compared to Seitz et al.'s original checks, more reliably protect IoT devices that run CoAP servers from remote denial-of-sleep attacks, as well as from remote exploits. We prototyped our solution and successfully tested its compatibility with Contiki-NG's CoAP implementation.}, language = {en} } @misc{MeinelSack2004, author = {Meinel, Christoph and Sack, Harald}, title = {WWW : Kommunikation, Internetworking, Web-Technologien}, publisher = {Springer}, address = {Berlin}, isbn = {3-540-44276-6}, issn = {1439-5428}, pages = {1179 S.}, year = {2004}, language = {de} }