004 Informatik
Refine
Year of publication
Document Type
- Bachelor Thesis (49)
- Master's Thesis (33)
- Conference Proceeding (6)
- Contribution to a Periodical (5)
- Article (reviewed) (2)
- Doctoral Thesis (2)
- Book (1)
Conference Type
- Konferenzartikel (6)
Keywords
- IT-Sicherheit (12)
- JavaScript (9)
- Computersicherheit (4)
- Deep learning (4)
- E-Learning (4)
- HTML 5.0 (4)
- Internet der Dinge (4)
- Internet of Things (4)
- Blockchain (3)
- Künstliche Intelligenz (3)
Institute
- Fakultät Medien (M) (ab 22.04.2021) (36)
- Fakultät Medien und Informationswesen (M+I) (bis 21.04.2021) (36)
- Fakultät Elektrotechnik, Medizintechnik und Informatik (EMI) (ab 04/2019) (17)
- Fakultät Elektrotechnik und Informationstechnik (E+I) (bis 03/2019) (6)
- ivESK - Institut für verlässliche Embedded Systems und Kommunikationselektronik (4)
- Zentrale Einrichtungen (3)
- Fakultät Wirtschaft (W) (2)
- IMLA - Institute for Machine Learning and Analytics (1)
Open Access
- Closed Access (47)
- Open Access (27)
- Closed (24)
- Diamond (2)
Die Thesis beschäftigt sich mit dem Kommunikationsprotokoll Lightweight Machine to Machine, welches für das Internet of Things entwickelt wurde. Es soll untersucht werden, wie das Protokoll funktioniert und wie es eingesetzt werden kann. Ebenfalls soll die Thesis zeigen, wie und ob Lightweight Machine to Machine über Long Term Evolution for Machines für Anwendungen mit begrenzten Ressourcen geeignet ist. Um diese Fragestellung zu beantworten, wurde das Protokoll auf Grund seiner Spezifikation und seinen Softwareimplementationen untersucht. Daraufhin wurde ein Versuchssystem entworfen und dieses anschließend auf sein Laufzeitverhalten und auf sein Energieverbrauch getestet. Die Evaluation des Protokolls ergab, dass es viele sinnvolle Funktionen zugeschnitten auf Geräte im Internet of Things besitzt und diese Funktionen kompakt und verständlich umsetzt. Da das Protokoll noch relativ jung ist, stellt es an verschiedenen Punkten eine Herausforderung dar. Die Tests des Versuchssystems ergaben, dass Lightweight Machine to Machine sich unter bestimmten Bedingungen für ressourcenbegrenzte Anwendungen eignet.
In dieser Arbeit wird der Bildbearbeitungsprozess von Dokumenten mithilfe von einem schlicht gehaltenem Neuronalen Netzwerk und Bearbeitungsoperationen optimiert. Ziel ist es, abfotografierte Dokumente zum Drucken aufzubereiten, sodass die Schrift gut lesbar, gerade und nicht verzerrt ist und Störfaktoren herausgefiltert werden. Als API zur Verfügung gestellt, können Bilder von Dokumenten beliebiger Größe und Schriftgröße bearbeitet werden. Während ein unter schlechten Bedingungen schräg aufgenommenes Bild nach Tesseract keine Buchstaben enthält, wird mit dem bearbeiteten Bild davon eine Buchstabenfehlerrate von 0,9% erreicht.
Linux and Linux-based operating systems have been gaining more popularity among the general users and among developers. Many big enterprises and large companies are using Linux for servers that host their websites, some even require their developers to have knowledge about Linux OS. Even in embedded systems one can find many Linux-based OS that run them. With its increasing popularity, one can deduce the need to secure such a system that many personnel rely on, be it to protect the data that it stores or to protect the integrity of the system itself, or even to protect the availability of the services it offers. Many researchers and Linux enthusiasts have been coming up with various ways to secure Linux OS, however new vulnerabilities and new bugs are always found, by malicious attackers, with every update or change, which calls for the need of more ways to secure these systems.
This Thesis explores the possibility and feasibility of another way to secure Linux OS, specifically securing the terminal of such OS, by altering the commands of the terminal, getting in the way of attackers that have gained terminal access and delaying, giving more time for the response teams and for forensics to stop the attack, minimize the damage, restore operations, and to identify collect and store evidence of the cyber-attack. This research will discuss the advantages and disadvantages of various security measures and compare and contrast with the method suggested in this research.
This research is significant because it paints a better picture of what the state of the art of Linux and Linux-based operating systems security looks like, and it addresses the concerns of security enthusiasts, while exploring new uncharted area of security that have been looked at as a not so significant part of protecting the OSes out of concern of the various limitations and problems it entails. This research will address these concerns while exploring few ways to solve them, as well as addressing the ideal areas and situations in which the proposed method can be used, and when would such method be more of a burden than help if used.
The Internet of Things is spreading significantly in every sector, including the household, a variety of industries, healthcare, and emergency services, with the goal of assisting all of those infrastructures by providing intelligent means of service delivery. An Internet of Vulnerabilities (IoV) has emerged as a result of the pervasiveness of the Internet of Things (IoT), which has led to a rise in the use of applications and devices connected to the IoT in our day-to-day lives. The manufacture of IoT devices are growing at a rapid pace, but security and privacy concerns are not being taken into consideration. These intelligent Internet of Things devices are especially vulnerable to a variety of attacks, both on the hardware and software levels, which leaves them exposed to the possibility of use cases. This master’s thesis provides a comprehensive overview of the Internet of Things (IoT) with regard to security and privacy in the area of applications, security architecture frameworks, a taxonomy of various cyberattacks based on various architecture models, such as three-layer, four-layer, and five-layer. The fundamental purpose of this thesis is to provide recommendations for alternate mitigation strategies and corrective actions by using a holistic rather than a layer-by-layer approach. We discussed the most effective solutions to the problems of privacy and safety that are associated with the Internet of Things (IoT) and presented them in the form of research questions. In addition to that, we investigated a number of further possible directions for the development of this research.
Das automatisierte Erkennen von Schwachstellen wird immer wichtiger. Gerade bei der Softwareentwicklung werden immer häufiger Schwachstellenscanner eingesetzt. Das Ziel der vorliegenden Arbeit ist es einen Überblick zu erhalten, welche Schwachstellenscanner für Webanwendungen existieren und wie sinnvoll deren Einsatz ist. Um diese Frage zu beantworten, werden vier auf dem Markt verfügbare Schwachstellenscanner getestet. Aus der bisherigen Infrastruktur von M und M Software werden Anforderungen und Selektionskriterien abgeleitet. In zwei Testphasen werden verschiedene Schwachstellenscanner analysiert und bewertet wie gut sie die Kriterien erfüllen. Am Ende wird bewertet, ob der Einsatz eines Schwachstellenscanners in der Infrastruktur sinnvoll ist. Neben dieser Analyse wird außerdem untersucht welche Chancen die AI-Technologie für Schwachstellenscanner bietet.
In dieser Forschungsarbeit wird die Datensicherheit von Microsoft Azure analysiert und bewertet. Die Bewertung findet dabei aus der Sicht von Unternehmen statt. Im ersten Abschnitt wird zunächst der grundlegende Aufbau und die unterschiedlichen Formen des Cloud Computing beschrieben. Im zweiten Teil wird ein Vergleich der drei größten Cloud Anbieter vollzogen. Der letzte Teil besteht aus der Evaluation der Datensicherheit von Azure, wobei auf Aspekte wie Datenschutz, Bedrohungen und Schutzmaßnahmen eingegangen wird. Abschließend wird eine Empfehlung für das Unternehmen Bechtle GmbH Offenburg IT-Systemhaus abgegeben.
Im Verlauf der Arbeit stellt sich heraus, dass Azure eine ausreichende Datensicherheit bieten kann. Allerdings wird deutlich, dass durch die Kombination von mehreren Nebenfaktoren wie das Patch-Verhalten oder die Antwortzeit auf Sicherheitsschwachstellen seitens Microsofts, eine große Gefahr für die Daten von Unternehmen entstehen kann. Demnach ist Microsoft als Anbieter ein größeres Problem für die Sicherheit von Daten in Azure als der Cloud-Dienst selbst.
As e-commerce platforms have grown in popularity, new difficulties have emerged, such as the growing use of bots—automated programs—to engage with e-commerce websites. Even though some algorithms are helpful, others are malicious and can seriously hurt e-commerce platforms by making fictitious purchases, posting fictitious evaluations, and gaining control of user accounts. Therefore, the development of more effective and precise bot identification systems is urgently needed to stop such actions. This thesis proposes a methodology for detecting bots in E-commerce using machine learning algorithms such as K-nearest neighbors, Decision Tree, Random Forest, Support Vector Machine, and Neural Network. The purpose of the research is to assess and contrast the output of these machine learning methods. The suggested approach will be based on data that is readily accessible to the public, and the study’s focus will be on the research of bots in e-commerce.
The purpose of the study is to provide an overview of bots in e-commerce, as well as information on the different kinds and traits of bots, as well as current research on bots in e-commerce and associated work on bot detection in e-commerce. The research also seeks to create a more precise and effective bot detection system as well as find critical factors in detecting bots in e-commerce.
This research is significant because it sheds light on the increasing issue of bots in e-commerce and the requirement for more effective bot detection systems. The suggested approach for using machine learning algorithms to identify bots in ecommerce can give e-commerce platforms a more precise and effective bot detection system to stop malicious bot activities. The study’s results can also be used to create a more effective bot detection system and pinpoint key elements in detecting bots in e-commerce.
Die Komplexität von Softwareprojekten hat in den letzten Jahren stetig zugenommen. Um den gleichzeitig steigenden Anforderungen an die Codequalität gerecht zu werden, setzen auch ursprünglich dynamisch typisierte Programmiersprachen zuhnemend auf statische Typisierung. Dies kann in Form von externen Werkzeugen geschehen, die zusätzlich zum eigentlichen Compiler den Code auf Typsicherheit überprüfen, oder alternativ durch Erweiterung der Compiler selbst, um die Unterstützung für statische Typisierung direkt in der Sprache zu verankern. Ziel des etylizer-Projekts ist es, für die Programmiersprache Erlang zunächst ein solches externes Tool bereitzustellen und langfristig Teil der Compiler-Toolchain zu werden.In dieser Arbeit wird der Typchecker um die Fähigkeit erweitert, Erlang-Projekte vollständig zu verifizieren. Dafür wird zunächst die interne Symboltabelle erweitert, die etylizer nutzt, um Verweise auf Funktionen und Typen aus anderen Modulen aufzulösen. Die Implementierung der Symboltabelle wird so angepasst,dass sie zur Laufzeit um alle für das aktuell geprüfte Modul benötigten Symbole erweitert wird. Um die Laufzeit im Rahmen zu halten, wird ein Algorithmus entwickelt, der die Abhängigkeiten zwischen den Source-Code Dateien des Erlang-Projekts erkennt und anhand dieser entscheidet, welche Dateien sich seit dem letzten Durchlauf geändert haben und deshalb erneut überprüft werden müssen.
Encryption techniques allow storing and transferring of sensitive information securely by using encryption at rest and encryption in transit, respectively. However, when computation is performed on these sensitive data, the data needs to be decrypted first and encrypted again after performing the computations. During the computations, the sensitive data becomes vulnerable to attackers as it's in decrypted form. Homomorphic encryption, a special type of encryption technique that allows computation on encrypted data can be used to solve the above-mentioned problem. The best way to achieve maximum security with homomorphic encryption is to perform at least the homomorphic encryption and decryption on the client side (browser) of a web application by not trusting the server. At present time there are many libraries with different homomorphic schemes available for homomorphic encryption. However, there are very few to no JavaScript libraries available to perform homomorphic encryption on the client side of any web application. This thesis mainly focuses on the JavaScript implementation of client-side homomorphic encryption. The fully homomorphic encryption scheme BFV is selected for the implementation. After implementing the fully homomorphic encryption scheme based on the “py-fhe” library, tests are also carried out in order to determine the applicability (in terms of time consumption, security and correctness) of this implementation in a web application by comparing the performance and security for different test cases and different settings.
As cyber threats continue to evolve, it is becoming increasingly important for organizations to have a Security Operations Center (SOC) in place to effectively defend against them. However, building and maintaining a SOC can be a daunting task without clear guidelines, policies, and procedures in place. Additionally, most current SOC solutions used by organizations are outdated, lack key features and integrations, and are expensive to maintain and upgrade. Moreover, proprietary solutions can lead to vendor lock-in, making it difficult to switch to a different solution in the future.
To address these challenges, this thesis proposes a comprehensive SOC framework and an open-source SOC solution that provides organizations with a flexible and cost-effective way to defend against modern cyber threats. The research methodology involved conducting a thorough literature review of existing literature and research on building and maintaining a SOC, including using SOC as a service. The data collected from the literature review was analyzed to identify common themes, challenges, and best practices for building and maintaining a SOC.
Based on the data collected, a comprehensive framework for building and maintaining a SOC was developed. The framework addresses essential areas such as the scope and purpose of the SOC, governance and leadership, staffing and skills, technologies and tools, processes and procedures, service level agreements (SLAs), and evaluation and measurement. This framework provides organizations with the necessary guidance and resources to establish and effectively operate a SOC, as well as a reference for evaluating the service provided by SOC service providers.
In addition to the SOC framework, a modern open-source SOC solution was developed, which emphasizes several key measures to help organizations defend against modern cyber threats. These measures include real-time, actionable threat intelligence, rapid and effective incident response, continuous security monitoring and alerting, automation, integration, and customization. The use of open-source technologies and a modular architecture makes the solution cost-effective, allowing organizations to scale it up or down as needed.
Overall, the proposed SOC framework and open-source SOC solution provide organizations with a comprehensive and systematic approach for building and maintaining a SOC that is aligned with the needs and objectives of the organization. The open-source SOC solution provides a flexible and cost-effective way to defend against modern cyber threats, helping organizations to effectively operate their SOC and reduce their risk of security incidents and breaches.