Closed Access
Refine
Year of publication
- 2022 (77) (remove)
Document Type
- Bachelor Thesis (31)
- Master's Thesis (13)
- Part of a Book (9)
- Conference Proceeding (9)
- Article (reviewed) (7)
- Book (5)
- Article (unreviewed) (3)
Conference Type
- Konferenzartikel (9)
Keywords
- JavaScript (3)
- Künstliche Intelligenz (3)
- Bewegungsanalyse (2)
- Data Governance (2)
- Datenmanagement (2)
- Datenqualität (2)
- Datenschutz (2)
- Deep learning (2)
- Digitalisierung (2)
- Entrepreneurship (2)
Institute
- Fakultät Medien (M) (ab 22.04.2021) (38)
- Fakultät Maschinenbau und Verfahrenstechnik (M+V) (21)
- Fakultät Elektrotechnik, Medizintechnik und Informatik (EMI) (ab 04/2019) (15)
- Fakultät Wirtschaft (W) (6)
- INES - Institut für nachhaltige Energiesysteme (4)
- POIM - Peter Osypka Institute of Medical Engineering (3)
- ivESK - Institut für verlässliche Embedded Systems und Kommunikationselektronik (3)
- ACI - Affective and Cognitive Institute (1)
- IUAS - Institute for Unmanned Aerial Systems (1)
Open Access
- Closed Access (77)
Privacy is the capacity to keep some things private despite their social repercussions. It relates to a person’s capacity to control the amount, time, and circumstances under which they disclose sensitive personal information, such as a person’s physiology, psychology, or intelligence. In the age of data exploitation, privacy has become even more crucial. Our privacy is now more threatened than it was 20 years ago, outside of science and technology, due to the way data and technology highly used. Both the kinds and amounts of information about us and the methods for tracking and identifying us have grown a lot in recent years. It is a known security concern that human and machine systems face privacy threats. There are various disagreements over privacy and security; every person and group has a unique perspective on how the two are related. Even though 79% of the study’s results showed that legal or compliance issues were more important, 53% of the survey team thought that privacy and security were two separate things. Data security and privacy are interconnected, despite their distinctions. Data security and data privacy are linked with each other; both are necessary for the other to exist. Data may be physically kept anywhere, on our computers or in the cloud, but only humans have authority over it. Machine learning has been used to solve the problem for our easy solution. We are linked to our data. Protect against attackers by protecting data, which also protects privacy. Attackers commonly utilize both mechanical systems and social engineering techniques to enter a target network. The vulnerability of this form of attack rests not only in the technology but also in the human users, making it extremely difficult to fight against. The best option to secure privacy is to combine humans and machines in the form of a Human Firewall and a Machine Firewall. A cryptographic route like Tor is a superior choice for discouraging attackers from trying to access our system and protecting the privacy of our data There is a case study of privacy and security issues in this thesis. The problems and different kinds of attacks on people and machines will then be briefly talked about. We will explain how Human Firewalls and machine learning on the Tor network protect our privacy from attacks such as social engineering and attacks on mechanical systems. As a real-world test, we will use genomic data to try out a privacy attack called the Membership Inference Attack (MIA). We’ll show Machine Firewall as a way to protect ourselves, and then we’ll use Differential Privacy (DP), which has already been done. We applied the method of Lasso and convolutional neural networks (CNN), which are both popular machine learning models, as the target models. Our findings demonstrate a logarithmic link between the desired model accuracy and the privacy budget.
Organizations striving to achieve success in the long term must have a positive brand image which will have direct implications on the business. In the face of the rising cyber threats and intense competition, maintaining a threat-free domain is an important aspect of preserving that image in today's internet world. Domain names are often near-synonyms for brand names for numerous companies. There are likely thousands of domains that try to impersonate the big companies in a bid to trap unsuspecting users, usually falling prey to attacks such as phishing or watering hole. Because domain names are important for organizations for running their business online, they are also particularly vulnerable to misuse by malicious actors. So, how can you ensure that your domain name is protected while still protecting your brand identity? Brand Monitoring, for example, may assist. The term "Brand Monitoring" applies only to keep tabs on an organization's brand performance, reception, and overall online presence through various online channels and platforms [1]. There has been a rise in the need of maintaining one's domain clear of any linkages to malicious activities as the threat environment has expanded. Since attackers are targeting domain names of organizations and luring unsuspecting users to visit malicious websites, domain monitoring becomes an important aspect. Another important aspect of brand abuse is how attackers leverage brand logos in creating fake and phishing web pages. In this Master Thesis, we try to solve the problem of classification of impersonated domains using rule-based and machine learning algorithms and automation of domain monitoring. We first use a rule-based classifier and Machine Learning algorithms to classify the domains gathered into two buckets – "Parked" and "Non-Parked". In the project's second phase, we will deploy object detection models (Scale Invariant Feature Transform - SIFT and Multi-Template Matching – MTM) to detect brand logos from the domains of interest.
Even though the internet has only been there for a short period, it has grown tremendously. To- day, a significant portion of commerce is conducted entirely online because of increased inter- net users and technological advancements in web construction. Additionally, cyberattacks and threats have expanded significantly, leading to financial losses, privacy breaches, identity theft, a decrease in customers’ confidence in online banking and e-commerce, and a decrease in brand reputation and trust. When an attacker pretends to be a genuine and trustworthy institution, they can steal private and confidential information from a victim. Aside from that, phishing has been an ongoing issue for a long time. Billions of dollars have been shed on the global economy. In recent years, there has been significant progress in the development of phishing detection and identification systems to protect against phishing attacks. Phishing detection technologies frequently produce binary results, i.e., whether a phishing attempt was made or not, with no explanation. On the other hand, phishing identification methodologies identify phishing web- pages by visually comparing webpages with predetermined authentic references and reporting phishing together with its target brand, resulting in findings that are understandable. However, technical difficulties in the field of visual analysis limit the applicability of currently available solutions, preventing them from being both effective (with high accuracy) and efficient (with little runtime overhead). Here, we evaluate existed framework called Phishpedia. This hybrid deep learning system can recognize identity logos from webpage screenshots and match logo variants of the same brand with high precision. Phishpedia provides high accuracy with low run- time. Lastly, unlike other methods, Phishpedia does not require training on any phishing sam- ples whatsoever. Phishpedia exceeds baseline identification techniques (EMD, PhishZoo, and LogoSENSE), inaccurately detecting phishing pages in lengthy testing using accurate phishing data. The effectiveness of Phishpedia was tested and compared against other standard machine learning algorithms and some state-of-the-art algorithms. The given solutions performed better than different algorithms in the given dataset, which is impressive.
Technology advancement has played a vital role in business development; however, it has opened a broad attack surface. Passwords are one of the essential concepts used in applications for authentication. Companies manage many corporate applications, so the employees must meet the password criteria, which leads to password fatigue. This thesis addressed this issue and how we can overcome this problem by theoretically implementing an IAM solution. In this, we disused MFA, SSO, biometrics, strong password policies and access control. We introduced the IAM framework that should be considered while implementing the IAM solution. Implementing an IAM solution adds an extra layer of security.
On a regular basis, we hear of well-known online services that have been abused or compromised as a result of data theft. Because insecure applications jeopardize users' privacy as well as the reputation of corporations and organizations, they must be effectively secured from the outset of the development process. The limited expertise and experience of involved parties, such as web developers, is frequently cited as a cause of risky programs. Consequently, they rarely have a full picture of the security-related decisions that must be made, nor do they understand how these decisions affect implementation accurately.
The selection of tools and procedures that can best assist a certain situation in order to protect an application against vulnerabilities is a critical decision. Regardless of the level of security that results from adhering to security standards, these factors inadvertently result in web applications that are insufficiently secured. JavaScript is a language that is heavily relied on as a mainstream programming language for web applications with several new JavaScript frameworks being released every year.
JavaScript is used on both the server-side in web applications development and the client-side in web browsers as well.
However, JavaScript web programming is based on a programming style in which the application developer can, and frequently must, automatically integrate various bits of code from third parties. This potent combination has resulted in a situation today where security issues are frequently exploited. These vulnerabilities can compromise an entire server if left unchecked. Even though there are numerous ad hoc security solutions for web browsers, client-side attacks are also popular. The issue is significantly worse on the server side because the security technologies available for server-side JavaScript application frameworks are nearly non-existent.
Consequently, this thesis focuses on the server-side aspect of JavaScript; the development and evaluation of robust server-side security technologies for JavaScript web applications. There is a clear need for robust security technologies and security best practices in server-side JavaScript that allow fine-grained security.
However, more than ever, there is this requirement of reducing the associated risks without hindering the web application in its functionality.
This is the problem that will be tackled in this thesis: the development of secure security practices and robust security technologies for JavaScript web applications, specifically, on the server-side, that offer adequate security guarantees without putting too many constraints on their functionality.
As information technology continues to advance at a rapid speed around the world, new difficulties emerge. The growing number of organizational vulnerabilities is among the most important issues. Finding and mitigating vulnerabilities is critical in order to protect an organization’s environment from multiple attack vectors.
The study investigates and comprehends the complete vulnerability management process from the standpoint of the security officer job role, as well as potential improvements. Few strategies are used to achieve efficient mitigation and the de- velopment of a process for tracking and mitigating vulnerabilities. As a result, a qualitative study is conducted in which the objective is to create a proposed vulner- ability and risk management process, as well as to develop a system for analyzing and tracking vulnerabilities and presenting the vulnerabilities in a graphical dash- board format. This thesis’s data was gathered through an organized literature study as well as through the use of various web resources. We explored numerous ap- proaches to analyze the data, such as categorizing the vulnerabilities every 30, 60, and 90 days to see whether the vulnerabilities were reoccurring or new. According to our findings, tracking vulnerabilities can be advantageous for a security officer.
We come to the conclusion that if an organization has a proper vulnerability tracking system and vulnerability management process, it can aid security officers in having a better understanding of and making plans for reducing vulnerabilities. In terms of system patching and vulnerability remediation, it will also assist the security officer in identifying areas of weakness in the process. As a result, the suggested ways provide an alternate approach to managing and tracking vulnerabilities in an effective manner, although there is still a small area that needs additional analysis and research to make it even better.
Significant improvements in module performance are possible via implementation of multi-wire electrodes. This is economically sound as long as the mechanical yield of the production is maintained. While flat ribbons have a relatively large contact area to exert forces onto the solar cell, wires with round cross section reduce this contact area considerably – in theory to an infinitively thin line. Therefore, the local stresses induced by the electrodes might increase to a point that mechanical production yields suffer unacceptably.
In this paper, we assess this issue by an analytical mechanical model as well as experiments with an encapsulant-free N.I.C.E. test setup. From these, we can derive estimations for the relationship between lay-up accuracy and expected breakage losses. This paves the way for cost-optimized choices of handling equipment in industrial N.I.C.E.-wire production lines.
Digitalisierung und Visualisierung für die Lehre an Hochschulen am Beispiel der Medientechnik
(2022)
Ziel dieser Arbeit war die Erstellung eines Konzepts für die digitale Lehre am Beispiel der Medientechnik an der Hochschule Offenburg. Das Konzept sollte anhand der Funktionsweise von Digitalkameras und den Themengebieten Blende, Verschlusszeit, ISO und dem Crop-Faktor erstellt werden. Bei Konzepterstellung wurden insbesondere existierende, wissenschaftliche Erkenntnisse aus den Bereichen E-Learning, Blended-Learning und Visualisierung berücksichtigt. Darüber hinaus wurden für das Konzept Visualisierungen für die genannten Themengebiete erstellt. Vor Erstellung der Visualisierungen galt es, mögliche Vorteile der 3D-Visualisierung gegenüber der 2D-Visualisierung zu prüfen und eine Auswahl für das Konzept zu treffen. Als weiteres Ziel sollten die in der Arbeit gewonnenen Erkenntnisse, insbesondere bei der Konzepterstellung, anderen Hochschulen und Lehrenden als Grundlage für eigene Konzepte dienen, um eine digitale Lehre mit Online-Anteilen umsetzen zu können.
Diese Ziele werden im Verlauf der Arbeit uneingeschränkt erreicht.
Die in der Arbeit durchgeführte Literaturanalyse zeigt, dass der Einsatz von E-Learning und digitalen Medien zu einem besseren Lernerfolg bei Studierenden führt. Die Anwendung von Blended-Learning-Modellen, als Ergänzung zum E-Learning, können die Nachteile der Präsenzlehre ausgleichen.
Durch den Einsatz von Visualisierungen (Bilder und Animationen) kann in der Theorie belegt werden, dass sich beide Darstellungsformen positiv auf die Lernleistung von Studierenden auswirken. Insbesondere eigenen sich Animationen bei der Durchführung von Laboren zum Ausgleich unterschiedlicher Vorkenntnisse. Außerdem tragen Animationen dazu bei, die Fähigkeit zur eigenständigen Problemlösung zu verbessern, wenn Animationen gleichzeitig mit Erläuterungen eingesetzt werden.
Eine Vorteilhaftigkeit von 3D- gegenüber 2D-Visualisierungen in der Lehre, konnte in der Arbeit nicht bestätigt werden. Nicht zuletzt aufgrund eines erhöhten Aufwandes zur Erstellung und Anwendung von 3D-Visualisierungen, wurde für das Konzept eine 2D-Darstellung gewählt. Zwar werden 3D-Visualisierungen zur Wissensvermittlung an Hochschulen eingesetzt, es konnten jedoch keine wissenschaftlichen Erkenntnisse herangezogen werden, die eine verbesserte Lernleistung oder einen besseren Lernerfolg gegenüber 2D-Visualisierungen belegen. Diese Arbeit zeigt ebenfalls, dass die Anforderungen Expressivität, Effektivität und Angemessenheit für jede Visualisierung erfüllt werden müssen, damit eine Visualisierung im Kontext der Lehre vorteilhaft ist. Darüber hinaus müssen für jede Darstellung operationalisierte Lernziele definiert werden. Nur so kann eine Überprüfung und Beurteilung einer Visualisierung durchgeführt werden. Die Erfüllung dieser Anforderungen wurde für die selbsterstellten Illustrationen zu Blende, Verschlusszeit, ISO und dem Crop-Faktor berücksichtigt und kritisch geprüft. Die Anforderungen wurden vollumfänglich erfüllt.
Bei der Konzepterstellung wurden die in der Arbeit gewonnenen wissenschaftlichen Erkenntnisse berücksichtigt und am Beispiel der Vorlesung Digitale Medien 2 umgesetzt. Das Konzept zeigt in der Theorie, wie E-Learning, Blended-Learning und Visualisierungen bei dieser Vorlesung eingesetzt werden können.
Eine Erprobung in der praktischen Anwendung muss zwingend erfolgen, um die im Konzept definierten, operationalisierten Lernziele der Visualisierungen zu bestätigen. Ebenfalls gilt es den Einfluss des Konzepts auf den Lernerfolg von Studierenden an der Hochschule Offenburg zu prüfen.
Zu Beginn dieser Arbeit wurde das Problem beschrieben, dass das Ersetzen von einzelnen Modulen innerhalb TYPO3s durch React bisher nicht möglich war. Dadurch ergab sich die Aufgabe eine Lösung zu finden, mit der die Vorteile von React in TYPO3 eingebracht werden können, möglichst ohne große Veränderungen und Aufwände zu betreiben. Als zusätzliche Anforderung wurde definiert, dass React in TypeScript geschrieben werden soll.
Um dem Leser dieser Arbeit die Möglichkeit zu geben, den angefertigten Code verstehen und interpretieren zu können, wurden zunächst Grundlagen in TypeScript, React und TYPO3 geschaffen. Daraufhin wurde der Ist-Stand beschrieben, welcher ein simples TYPO3-Plugin beschreibt. Dies wurde für die grundsätzliche Umwandlung in React möglichst simpel gehalten, war dennoch mit einigen Grundsätzen wie AJAX und Rerendering ausgestattet, um gewisse Vorteile und Problematiken bei der Umsetzung aufzeigen zu können. Daraus ergab sich ein Soll-Stand, welcher zugleich weitere Anforderungen an die spätere Lösung definierte.
Um ein mögliches Lösungskonzept erarbeiten zu können wurden im Kapitel „Stand der Technik“ 2 verwandte Arbeiten und Möglichkeiten vorgestellt. Daraufhin wurden die beiden zu entwickelnden Plugins beschrieben, zunächst das Dummy-TYPO3-Plugin, gefolgt vom in React entwickelten Äquivalent.
In Kapitel 8 wurde ein Konzept erstellt und daraufhin die Umsetzung Schritt für Schritt durchgeführt. Dabei konnte erfolgreich React in TYPO3 aufgesetzt und zur Entwicklung genutzt werden. Das Dummy-Plugin konnte ohne größere Probleme umgesetzt werden und zeigte somit eine mögliche Lösung für die Umwandlung von TYPO3 zu React auf. Um diese Lösung zu validieren, wurde im Folgekapitel das ProofOfConcept entwickelt. Dabei handelte es sich um ein produktiv eingesetztes Projekt, welches auf einer älteren Version basiert und verschiedene Anforderungen mitbrachte. Dies wurde nach Vorstellung des Projektes und Lösungskonzept Schritt für Schritt umgesetzt.
In automotive parking scenario, where the curb shall be detected and classified to be traversable or not, radars play an important role. There are different approaches already proposed in other works to estimate the target height. This paper assesses and compares two methods. The first is based on Angle of Arrival (AoA) estimation of input signals of multiple antennas using the Multiple-Input-Multiple-Output (MIMO) principle. The second method uses the geometry in multipath propagation of the radar echo signal for one antenna input. In this work a modified method of calculation of the curb height based on the second method is proposed. The theory of approach is mathematically proved and effectiveness is demonstrated by evaluation of measurements with a 77 GHz Frequency Modulated Continuous Wave (FMCW) radar. In order to evaluate the performance of the introduced method the mean square error (MSE) is used in the proposed scenario. This method, using only one antenna input, produced up to 3.4 times better results for curb height detection in comparison with former methods.