2023
[BibTeX]
@book{riebe_technology_2023,
address = {Darmstadt, Germany},
title = {Technology {Assessment} of {Dual}-{Use} {ICTs} – {How} to assess {Diffusion}, {Governance} and {Design}},
publisher = {Dissertation (Dr. rer. nat.), Department of Computer Science, Technische Unviersität Darmstadt},
author = {Riebe, Thea},
year = {2023},
keywords = {Projekt-KontiKat, Peace, Projekt-DualUse, Projekt-CYWARN},
}
[BibTeX] [Abstract] [Download PDF]
Data augmentation, the artificial creation of training data for machine learning by transformations, is a widely studied research field across machine learning disciplines. While it is useful for increasing a model’s generalization capabilities, it can also address many other challenges and problems, from overcoming a limited amount of training data, to regularizing the objective, to limiting the amount data used to protect privacy. Based on a precise description of the goals and applications of data augmentation and a taxonomy for existing works, this survey is concerned with data augmentation methods for textual classification and aims to provide a concise and comprehensive overview for researchers and practitioners. Derived from the taxonomy, we divide more than 100 methods into 12 different groupings and give state-of-the-art references expounding which methods are highly promising by relating them to each other. Finally, research perspectives that may constitute a building block for future work are provided.
@article{bayer_survey_2023,
title = {Survey on {Data} {Augmentation} for {Text} {Classification}},
volume = {55},
url = {https://dl.acm.org/doi/10.1145/3544558},
doi = {10.1145/3544558},
abstract = {Data augmentation, the artificial creation of training data for machine learning by transformations, is a widely studied research field across machine learning disciplines. While it is useful for increasing a model's generalization capabilities, it can also address many other challenges and problems, from overcoming a limited amount of training data, to regularizing the objective, to limiting the amount data used to protect privacy. Based on a precise description of the goals and applications of data augmentation and a taxonomy for existing works, this survey is concerned with data augmentation methods for textual classification and aims to provide a concise and comprehensive overview for researchers and practitioners. Derived from the taxonomy, we divide more than 100 methods into 12 different groupings and give state-of-the-art references expounding which methods are highly promising by relating them to each other. Finally, research perspectives that may constitute a building block for future work are provided.},
number = {7},
journal = {ACM Computing Surveys (CSUR)},
author = {Bayer, Markus and Kaufhold, Marc-André and Reuter, Christian},
year = {2023},
keywords = {AuswahlCrisis, Selected, A-Paper, Ranking-CORE-A*, Ranking-ImpactFactor, Projekt-ATHENE-SecUrban, Projekt-CYWARN, Projekt-emergenCITY, AuswahlKaufhold},
pages = {1--39},
}
[BibTeX] [Abstract] [Download PDF]
The use of social media today is not only ubiquitous and an integral part of everyday life but is also increasingly relevant before, during, or after emergencies. Data produced in these contexts, such as situational updates and multimedia content, is disseminated across different social media platforms and can be leveraged by various actors, including emergency services or volunteer communities. However, the dissemination of several thousand or even millions of messages during large-scale emergencies confronts analysts with challenges of information quality and overload. Hence, crisis informatics as a research domain seeks to explore and develop systems that support the collection, analysis, and dissemination of valuable social media information in emergencies. This chapter presents the social media API (SMA), which is a multi-platform service for gathering big social data across different social media channels and analyzing the credibility and relevance of collected data by the means of machine learning models. Based on the lessons learned from both the implementation process and user-centered evaluations in multiple emergency settings, this chapter discusses core challenges and potentials of the SMA and similar services, focusing on (1) the multi-platform gathering and management of data, (2) the mitigation of information overload by relevance assessment and message grouping, (3) the assessment of credibility and information quality, and (4) user-centered tailorability and adjustable data operations.
@incollection{kaufhold_big_2023,
address = {Singapore},
title = {Big {Data} and {Multi}-platform {Social} {Media} {Services} in {Disaster} {Management}},
isbn = {978-981-16-8800-3},
url = {https://peasec.de/paper/2023/2023_KaufholdReuterLudwig_BigDataMultiPlatformSocialMediaDisaster_HandbookDisaster.pdf},
abstract = {The use of social media today is not only ubiquitous and an integral part of everyday life but is also increasingly relevant before, during, or after emergencies. Data produced in these contexts, such as situational updates and multimedia content, is disseminated across different social media platforms and can be leveraged by various actors, including emergency services or volunteer communities. However, the dissemination of several thousand or even millions of messages during large-scale emergencies confronts analysts with challenges of information quality and overload. Hence, crisis informatics as a research domain seeks to explore and develop systems that support the collection, analysis, and dissemination of valuable social media information in emergencies. This chapter presents the social media API (SMA), which is a multi-platform service for gathering big social data across different social media channels and analyzing the credibility and relevance of collected data by the means of machine learning models. Based on the lessons learned from both the implementation process and user-centered evaluations in multiple emergency settings, this chapter discusses core challenges and potentials of the SMA and similar services, focusing on (1) the multi-platform gathering and management of data, (2) the mitigation of information overload by relevance assessment and message grouping, (3) the assessment of credibility and information quality, and (4) user-centered tailorability and adjustable data operations.},
booktitle = {International {Handbook} of {Disaster} {Research}},
publisher = {Springer Nature Singapore},
author = {Kaufhold, Marc-André and Reuter, Christian and Ludwig, Thomas},
editor = {Singh, Amita},
year = {2023},
keywords = {Crisis, Projekt-KOKOS, Projekt-CYWARN, Projekt-emergenCITY},
pages = {1--21},
}
[BibTeX] [Download PDF]
@article{riebe_values_2023,
title = {Values and {Value} {Conflicts} in the {Context} of {OSINT} {Technologies} for {Cybersecurity} {Incident} {Response}: {A} {Value} {Sensitive} {Design} {Perspective}},
url = {https://link.springer.com/article/10.1007/s10606-022-09453-4},
doi = {10.1007/s10606-022-09453-4},
journal = {Computer Supported Cooperative Work: The Journal of Collaborative Computing (JCSCW)},
author = {Riebe, Thea and Bäumler, Julian and Kaufhold, Marc-André and Reuter, Christian},
year = {2023},
keywords = {Student, UsableSec, Security, A-Paper, Ranking-ImpactFactor, Ranking-CORE-B, Projekt-CROSSING, Projekt-ATHENE-SecUrban, Projekt-CYWARN},
}
[BibTeX] [Abstract] [Download PDF]
The use of Open Source Intelligence (OSINT) to monitor and detect cybersecurity threats is gaining popularity among Cybersecurity Emergency or Incident Response Teams (CERTs/CSIRTs). They increasingly use semi-automated OSINT approaches when monitoring cyber threats for public infrastructure services and incident response. Most of the systems use publicly available data, often focusing on social media due to timely data for situational assessment. As indirect and affected stakeholders, the acceptance of OSINT systems by users, as well as the conditions which influence the acceptance, are relevant for the development of OSINT systems for cybersecurity. Therefore, as part of the ethical and social technology assessment, we conducted a survey (N=1,093), in which we asked participants about their acceptance of OSINT systems, their perceived need for open source surveillance, as well as their privacy behavior and concerns. Further, we tested if the awareness of OSINT is an interactive factor that affects other factors. Our results indicate that cyber threat perception and the perceived need for OSINT are positively related to acceptance, while privacy concerns are negatively related. The awareness of OSINT, however, has only shown effects on people with higher privacy concerns. Here, particularly high OSINT awareness and limited privacy concerns were associated with higher OSINT acceptance. Lastly, we provide implications for further research and the use of OSINT systems for cybersecurity by authorities. As OSINT is a framework rather than a single technology, approaches can be selected and combined to adhere to data minimization and anonymization as well as to leverage improvements in privacy-preserving computation and machine learning innovations. Regarding the use of OSINT, the results suggest to favor approaches that provide transparency to users regarding the use of the systems and the data they gather.
@article{riebe_privacy_2023,
title = {Privacy {Concerns} and {Acceptance} {Factors} of {OSINT} for {Cybersecurity}: {A} {Representative} {Survey}},
url = {https://petsymposium.org/popets/2023/popets-2023-0028.pdf},
abstract = {The use of Open Source Intelligence (OSINT) to monitor and detect cybersecurity threats is gaining popularity among Cybersecurity Emergency or Incident Response Teams (CERTs/CSIRTs). They increasingly use semi-automated OSINT approaches when monitoring cyber threats for public infrastructure services and incident response. Most of the systems use publicly available data, often focusing on social media due to timely data for situational assessment. As indirect and affected stakeholders, the acceptance of OSINT systems by users, as well as the conditions which influence the acceptance, are relevant for the development of OSINT systems for cybersecurity. Therefore, as part of the ethical and social technology assessment, we conducted a survey (N=1,093), in which we asked participants about their acceptance of OSINT systems, their perceived need for open source surveillance, as well as their privacy behavior and concerns. Further, we tested if the awareness of OSINT is an interactive factor that affects other factors. Our results indicate that cyber threat perception and the perceived need for OSINT are positively related to acceptance, while privacy concerns are negatively related. The awareness of OSINT, however, has only shown effects on people with higher privacy concerns. Here, particularly high OSINT awareness and limited privacy concerns were associated with higher OSINT acceptance. Lastly, we provide implications for further research and the use of OSINT systems for cybersecurity by authorities. As OSINT is a framework rather than a single technology, approaches can be selected and combined to adhere to data minimization and anonymization as well as to leverage improvements in privacy-preserving computation and machine learning innovations. Regarding the use of OSINT, the results suggest to favor approaches that provide transparency to users regarding the use of the systems and the data they gather.},
journal = {Proceedings on Privacy Enhancing Technologies (PoPETs)},
author = {Riebe, Thea and Biselli, Tom and Kaufhold, Marc-André and Reuter, Christian},
year = {2023},
keywords = {Selected, UsableSec, Security, A-Paper, Ranking-CORE-A, Projekt-CYWARN, Projekt-ATHENE-FANCY, AuswahlUsableSec},
}
[BibTeX] [Abstract]
In summary, crisis informatics has established itself as an important research area in the ever-increasing complexity of the cyber world. Its importance is further amplified by the time-critical constraints of emergencies and disasters. However, crisis informatics will be challenged to evolve quickly to tackle global-scale emergencies, such as the ongoing COVID-19 pandemic and the increasing risks of natural hazards due to climate change. This chapter seeks to supplement this effort by analyzing interaction, role, information, and perception patterns, which were prevalent in the past 20 years of social media use in crises.
@incollection{reuter_crisis_2023,
title = {Crisis {Informatics}},
isbn = {978-1-00-905708-0},
abstract = {In summary, crisis informatics has established itself as an important research area in the ever-increasing complexity of the cyber world. Its importance is further amplified by the time-critical constraints of emergencies and disasters. However, crisis informatics will be challenged to evolve quickly to tackle global-scale emergencies, such as the ongoing COVID-19 pandemic and the increasing risks of natural hazards due to climate change. This chapter seeks to supplement this effort by analyzing interaction, role, information, and perception patterns, which were prevalent in the past 20 years of social media use in crises.},
booktitle = {Cambridge {Handbook} of {Cyber} {Behavior}},
publisher = {Cambridge University Press},
author = {Reuter, Christian and Kaufhold, Marc-André},
editor = {Yan, Zheng},
year = {2023},
keywords = {Crisis, HCI, Peace, Projekt-CYWARN, Projekt-ATHENE-FANCY, Projekt-emergenCITY},
}
[BibTeX]
@incollection{ozalp_trends_2023,
address = {Bielefeld},
title = {Trends in {Explainable} {Artificial} {Intelligence} for {Non}-{Experts}},
booktitle = {Artificial {Intelligence} – {Limits} and {Prospects}},
publisher = {Transcript Verlag},
author = {Özalp, Elise and Hartwig, Katrin and Reuter, Christian},
editor = {Klimczak, Peter and Petersen, Christer},
year = {2023},
keywords = {HCI, Student, Projekt-ATHENE-SecUrban, Projekt-CYWARN},
pages = {223--243},
}
[BibTeX]
@book{riebe_technology_2023-1,
address = {Darmstadt, Germany},
title = {Technology {Assessment} of {Dual}-{Use} {ICTs} – {How} to assess {Diffusion}, {Governance} and {Design}},
publisher = {Springer Vieweg},
author = {Riebe, Thea},
year = {2023},
keywords = {Projekt-KontiKat, Peace, Projekt-DualUse, Projekt-CYWARN},
}
[BibTeX] [Abstract]
The number of newly published vulnerabilities is constantly increasing. Until now, the information available when a new vulnerability is published is manually assessed by experts using a Common Vulnerability Scoring System (CVSS) vector and score. This assessment is time consuming and requires expertise. Various works already try to predict CVSS vectors or scores using machine learning based on the textual descriptions of the vulnerability to enable faster assessment. However, for this purpose, previous works only use the texts available in databases such as National Vulnerability Database. With this work, the publicly available web pages referenced in the National Vulnerability Database are analyzed and made available as sources of texts through web scraping. A Deep Learning based method for predicting the CVSS vector is implemented and evaluated. The present work provides a classification of the National Vulnerability Database’s reference texts based on the suitability and crawlability of their texts. While we identified the overall influence of the additional texts is negligible, we outperformed the state-of-the-art with our Deep Learning prediction models.
@article{kuehn_common_2023,
title = {Common {Vulnerability} {Scoring} {System} {Prediction} {Based} on {Open} {Source} {Intelligence} {Information} {Sources}},
abstract = {The number of newly published vulnerabilities is constantly increasing. Until now, the information available when a new vulnerability is published is manually assessed by experts using a Common Vulnerability Scoring System (CVSS) vector and score. This assessment is time consuming and requires expertise. Various works already try to predict CVSS vectors or scores using machine learning based on the textual descriptions of the vulnerability to enable faster assessment. However, for this purpose, previous works only use the texts available in databases such as National Vulnerability Database. With this work, the publicly available web pages referenced in the National Vulnerability Database are analyzed and made available as sources of texts through web scraping. A Deep Learning based method for predicting the CVSS vector is implemented and evaluated. The present work provides a classification of the National Vulnerability Database's reference texts based on the suitability and crawlability of their texts. While we identified the overall influence of the additional texts is negligible, we outperformed the state-of-the-art with our Deep Learning prediction models.},
journal = {Computers \& Security},
author = {Kuehn, Philipp and Relke, David N. and Reuter, Christian},
year = {2023},
keywords = {Student, UsableSec, Security, Projekt-ATHENE-SecUrban, Projekt-CYWARN, Ranking-Core-B},
}
2022
[BibTeX] [Abstract] [Download PDF]
Cryptography has become ubiquitous in communication technology and is considered a necessary part of information security. However, both the regulation to restrict access to cryptography, as well as practices to weaken or break encryption, are part of the States’ security policies. The United States (U.S.) regulate cryptography for export in international trade as a dual-use good. However, the regulation has been increasingly loosened and transferred to bilateral agreements with Information and Communication Technology companies. At the same time, the National Security Agency attempted to implement a government encryption standard to guarantee itself easier access to data, thus progressively expanding surveillance on non-U.S. citizens. In this paper, using comparative policy analysis, we examine the evolution of both security policies by tracing the historical development of U.S. regulation of cryptography as a dual-use good, and surveillance technologies, and practices used from the 1990s to today. We conclude that the impact of the dual-use regulation has affected the efficiency of surveillance technology, by loosening regulations only for mass communication services, thereby supporting the proliferation of surveillance intermediaries, while working on strategies to collaborate and exploit their coverage.
@article{riebe_us_2022,
title = {U.{S}. {Security} {Policy}: {The} {Dual}-{Use} {Regulation} of {Cryptography} and its {Effects} on {Surveillance}},
url = {https://link.springer.com/content/pdf/10.1007/s41125-022-00080-0.pdf},
doi = {10.1007/s41125-022-00080-0},
abstract = {Cryptography has become ubiquitous in communication technology and is considered a necessary part of information security. However, both the regulation to restrict access to cryptography, as well as practices to weaken or break encryption, are part of the States’ security policies. The United States (U.S.) regulate cryptography for export in international trade as a dual-use good. However, the regulation has been increasingly loosened and transferred to bilateral agreements with Information and Communication Technology companies. At the same time, the National Security Agency attempted to implement a government encryption standard to guarantee itself easier access to data, thus progressively expanding surveillance on non-U.S. citizens. In this paper, using comparative policy analysis, we examine the evolution of both security policies by tracing the historical development of U.S. regulation of cryptography as a dual-use good, and surveillance technologies, and practices used from the 1990s to today. We conclude that the impact of the dual-use regulation has affected the efficiency of surveillance technology, by loosening regulations only for mass communication services, thereby supporting the proliferation of surveillance intermediaries, while working on strategies to collaborate and exploit their coverage.},
journal = {European Journal for Security Research},
author = {Riebe, Thea and Kuehn, Philipp and Imperatori, Philipp and Reuter, Christian},
year = {2022},
keywords = {Student, Security, Projekt-CROSSING, Projekt-ATHENE-SecUrban, Projekt-CYWARN},
}
[BibTeX] [Download PDF]
@techreport{bayer_cysecbert_2022,
title = {{CySecBERT}: {A} {Domain}-{Adapted} {Language} {Model} for the {Cybersecurity} {Domain}},
copyright = {arXiv.org perpetual, non-exclusive license},
url = {https://arxiv.org/abs/2212.02974},
institution = {arXiv},
author = {Bayer, Markus and Kuehn, Philipp and Shanehsaz, Ramin and Reuter, Christian},
year = {2022},
doi = {10.48550/ARXIV.2212.02974},
keywords = {Projekt-ATHENE-SecUrban, Projekt-CYWARN},
}
[BibTeX] [Download PDF]
@techreport{bayer_multi-level_2022,
title = {Multi-{Level} {Fine}-{Tuning}, {Data} {Augmentation}, and {Few}-{Shot} {Learning} for {Specialized} {Cyber} {Threat} {Intelligence}},
copyright = {arXiv.org perpetual, non-exclusive license},
url = {https://arxiv.org/abs/2207.11076},
institution = {arXiv},
author = {Bayer, Markus and Frey, Tobias and Reuter, Christian},
year = {2022},
doi = {10.48550/ARXIV.2207.11076},
keywords = {Student, Security, Projekt-CYWARN},
}
[BibTeX] [Abstract] [Download PDF]
Despite the merits of digitization in private and professional spaces, critical infrastructures and societies are increasingly exposed to cyberattacks. We conducted a representative survey with German citizens (N=1,093) to examine how they assess the current and future cyber threat situation as well as possible protective measures in cyberspace. Furthermore, we asked what information and channels citizens need to be aware of cyber threats. Our findings indicate that large proportions of the German population feel inadequately informed about cyber threats and tend to only apply enforced security measures by programs (e.g., updates) and services (e.g., two-factor authentication). Furthermore, institutions such as state-level Computer Emergency Response Teams (CERTs) are relatively unknown among the population and respondents showed little confidence in German security authorities to cope with largescale attacks and ultimately protect citizens. Still, our participants prefer to receive cybersecurity information via installed security applications, television channels, or emergency warning apps.
@inproceedings{kaufhold_implementation_2022,
address = {Darmstadt},
series = {Mensch und {Computer} 2022 - {Workshopband}},
title = {The {Implementation} of {Protective} {Measures} and {Communication} of {Cybersecurity} {Alerts} in {Germany} - {A} {Representative} {Survey} of the {Population}},
url = {https://dl.gi.de/handle/20.500.12116/39061},
doi = {10.18420/muc2022-mci-ws01-228},
abstract = {Despite the merits of digitization in private and professional spaces, critical infrastructures and societies are increasingly exposed to cyberattacks. We conducted a representative survey with German citizens (N=1,093) to examine how they assess the current and future cyber threat situation as well as possible protective measures in cyberspace. Furthermore, we asked what information and channels citizens need to be aware of cyber threats. Our findings indicate that large proportions of the German population feel inadequately informed about cyber threats and tend to only apply enforced security measures by programs (e.g., updates) and services (e.g., two-factor authentication). Furthermore, institutions such as state-level Computer Emergency Response Teams (CERTs) are relatively unknown among the population and respondents showed little confidence in German security authorities to cope with largescale attacks and ultimately protect citizens. Still, our participants prefer to receive cybersecurity information via installed security applications, television channels, or emergency warning apps.},
language = {en},
booktitle = {Workshop-{Proceedings} {Mensch} und {Computer}},
publisher = {Gesellschaft für Informatik},
author = {Kaufhold, Marc-André and Bäumler, Julian and Reuter, Christian},
year = {2022},
keywords = {Student, UsableSec, Security, Projekt-ATHENE-SecUrban, Projekt-CYWARN},
}
[BibTeX] [Abstract] [Download PDF]
Besides the merits of increasing digitization and networking, societies are increasling exposed to cyberattacks. In Germany, Computer Emerrgency Response Teams (CERTs) of the public sector operate on federal and state level to provide preventative and reactive information security services for authorities, citizens, and enterprises. Their tasks of monitoring, analyzing, and communicating threats is getting more complex by the increasing information quantity disseminated into relevant public channels. Using the lens of design science research, this paper contributes with the design and evaluation of a cross-platform cybersecurity dashboard for CERTs. Based on expert scenario-based walkthroughs in combination with semi-structured interviews (N=12), it discusses six design implications, including the customizability of data sources and filtering of displayed entities, modular integration of additional information sources, interrelation between different information feeds, intelligent algorithms for content assessment and filtering, integration with security software and systems, as well as export, sharing and communication of relevant data.
@inproceedings{kaufhold_cyber_2022,
address = {Timisoara, Romaina},
title = {Cyber {Threat} {Observatory}: {Design} and {Evaluation} of an {Interactive} {Dashboard} for {Computer} {Emergency} {Response} {Teams}},
url = {http://www.peasec.de/paper/2022/2022_KaufholdBasyurtEyilmezStoettingerReuter_CyberThreatObservatory_ECIS.pdf},
abstract = {Besides the merits of increasing digitization and networking, societies are increasling exposed to cyberattacks. In Germany, Computer Emerrgency Response Teams (CERTs) of the public sector operate on federal and state level to provide preventative and reactive information security services for authorities, citizens, and enterprises. Their tasks of monitoring, analyzing, and communicating threats is getting more complex by the increasing information quantity disseminated into relevant public channels. Using the lens of design science research, this paper contributes with the design and evaluation of a cross-platform cybersecurity dashboard for CERTs. Based on expert scenario-based walkthroughs in combination with semi-structured interviews (N=12), it discusses six design implications, including the customizability of data sources and filtering of displayed entities, modular integration of additional information sources, interrelation between different information feeds, intelligent algorithms for content assessment and filtering, integration with security software and systems, as well as export, sharing and communication of relevant data.},
booktitle = {Proceedings of the {European} {Conference} on {Information} {Systems} ({ECIS})},
author = {Kaufhold, Marc-André and Basyurt, Ali Sercan and Eyilmez, Kaan and Stöttinger, Marc and Reuter, Christian},
year = {2022},
keywords = {UsableSec, Security, A-Paper, Ranking-CORE-A, Projekt-CYWARN},
pages = {1--17},
}
[BibTeX] [Abstract] [Download PDF]
Proper cybersecurity requires timely information to defend the IT infrastructure. In a dynamic field like cybersecurity, gathering up-to-date information is usually a manual, time-consuming, and exhaustive task. Automatic and usable approaches are supposed to be a solution to this problem, but for this, they require a notion of information relevance to distinguish relevant from irrelevant information. First, on the basis of a literature review, this paper proposes a novel cybersecurity tool categorization based on corresponding tool types with their respective definitions and core features. Second, it elaborates information used in each category and deduces notions of relevance. Third, it outlines how these findings informed the design of a security dashboard to guide computer emergency response team staff in identifying current threats in open source intelligence sources while mitigating information overload.
@inproceedings{kuehn_notion_2022,
address = {Darmstadt},
series = {Mensch und {Computer} 2022 - {Workshopband}},
title = {The {Notion} of {Relevance} in {Cybersecurity}: {A} {Categorization} of {Security} {Tools} and {Deduction} of {Relevance} {Notions}},
url = {https://dl.gi.de/handle/20.500.12116/39072},
doi = {10.18420/muc2022-mci-ws01-220},
abstract = {Proper cybersecurity requires timely information to defend the IT infrastructure. In a dynamic field like cybersecurity, gathering up-to-date information is usually a manual, time-consuming, and exhaustive task. Automatic and usable approaches are supposed to be a solution to this problem, but for this, they require a notion of information relevance to distinguish relevant from irrelevant information. First, on the basis of a literature review, this paper proposes a novel cybersecurity tool categorization based on corresponding tool types with their respective definitions and core features. Second, it elaborates information used in each category and deduces notions of relevance. Third, it outlines how these findings informed the design of a security dashboard to guide computer emergency response team staff in identifying current threats in open source intelligence sources while mitigating information overload.},
language = {en},
booktitle = {Workshop-{Proceedings} {Mensch} und {Computer}},
publisher = {Gesellschaft für Informatik},
author = {Kuehn, Philipp and Bäumler, Julian and Kaufhold, Marc-André and Wendelborn, Marc and Reuter, Christian},
year = {2022},
keywords = {Student, UsableSec, Security, Projekt-ATHENE-SecUrban, Projekt-CYWARN},
}
[BibTeX] [Abstract]
In many cases of machine learning, research suggests that the development of training data might have a higher relevance than the choice and modelling of classifiers themselves. Thus, data augmentation methods have been developed to improve classifiers by artificially created training data. In NLP, there is the challenge of establishing universal rules for text transformations which provide new linguistic patterns. In this paper, we present and evaluate a text generation method suitable to increase the performance of classifiers for long and short texts. We achieved promising improvements when evaluating short as well as long text tasks with the enhancement by our text generation method. Especially with regard to small data analytics, additive accuracy gains of up to 15.53\% and 3.56\% are achieved within a constructed low data regime, compared to the no augmentation baseline and another data augmentation technique. As the current track of these constructed regimes is not universally applicable, we also show major improvements in several real world low data tasks (up to +4.84 F1-score). Since we are evaluating the method from many perspectives (in total 11 datasets), we also observe situations where the method might not be suitable. We discuss implications and patterns for the successful application of our approach on different types of datasets.
@article{bayer_data_2022,
title = {Data {Augmentation} in {Natural} {Language} {Processing}: {A} {Novel} {Text} {Generation} {Approach} for {Long} and {Short} {Text} {Classifiers}},
doi = {10.1007/s13042-022-01553-3},
abstract = {In many cases of machine learning, research suggests that the development of training data might have a higher relevance than the choice and modelling of classifiers themselves. Thus, data augmentation methods have been developed to improve classifiers by artificially created training data. In NLP, there is the challenge of establishing universal rules for text transformations which provide new linguistic patterns. In this paper, we present and evaluate a text generation method suitable to increase the performance of classifiers for long and short texts. We achieved promising improvements when evaluating short as well as long text tasks with the enhancement by our text generation method. Especially with regard to small data analytics, additive accuracy gains of up to 15.53\% and 3.56\% are achieved within a constructed low data regime, compared to the no augmentation baseline and another data augmentation technique. As the current track of these constructed regimes is not universally applicable, we also show major improvements in several real world low data tasks (up to +4.84 F1-score). Since we are evaluating the method from many perspectives (in total 11 datasets), we also observe situations where the method might not be suitable. We discuss implications and patterns for the successful application of our approach on different types of datasets.},
journal = {International Journal of Machine Learning and Cybernetics (IJMLC)},
author = {Bayer, Markus and Kaufhold, Marc-André and Buchhold, Björn and Keller, Marcel and Dallmeyer, Jörg and Reuter, Christian},
year = {2022},
keywords = {Student, Security, A-Paper, Ranking-ImpactFactor, Projekt-CYWARN},
}
[BibTeX] [Abstract] [Download PDF]
Over the past few decades, the number and variety of cyberattacks and malware patterns have increased immensely. As a countermeasure, computer emergency response teams were established with the responsibility of securing the cyber environment. However, recent studies revealed that currently performed manual processes and the unavailability of adequate tools impede the achievement of cybersecurity. To address these challenges, we followed the Design Science paradigm to develop an artefact that improves the evaluation of open-source intelligence obtained from Twitter as well as the actor-specific communication of cyber threat information. Subsequently, the implemented artefact will be evaluated through semi-structured interviews with subject matter experts. This research in progress article presents the identified research gap and describes the development process and the endeavor to contribute to the cybersecurity domain theoretically with design principles for the development of an instrument and practically by implementing an artefact that supports domain experts in their work.
@inproceedings{eyilmez_design_2022,
title = {A {Design} {Science} {Artefact} for {Cyber} {Threat} {Detection} and {Actor} {Specific} {Communication}},
url = {https://aisel.aisnet.org/cgi/viewcontent.cgi?article=1049&context=acis2022},
abstract = {Over the past few decades, the number and variety of cyberattacks and malware patterns have increased immensely. As a countermeasure, computer emergency response teams were established with the responsibility of securing the cyber environment. However, recent studies revealed that currently performed manual processes and the unavailability of adequate tools impede the achievement of cybersecurity. To address these challenges, we followed the Design Science paradigm to develop an artefact that improves the evaluation of open-source intelligence obtained from Twitter as well as the actor-specific communication of cyber threat information. Subsequently, the implemented artefact will be evaluated through semi-structured interviews with subject matter experts. This research in progress article presents the identified research gap and describes the development process and the endeavor to contribute to the cybersecurity domain theoretically with design principles for the development of an instrument and practically by implementing an artefact that supports domain experts in their work.},
booktitle = {Australasian {Conference} on {Information} {Systems} ({ACIS})},
publisher = {AIS Electronic Library (AISel)},
author = {Eyilmez, Kaan and Basyurt, Ali Sercan and Stieglitz, Stefan and Fuchss, Christoph and Kaufhold, Marc-André and Reuter, Christian and Mirabaie, Milad},
year = {2022},
keywords = {Student, Security, Projekt-CYWARN},
}
[BibTeX] [Abstract] [Download PDF]
The constantly increasing number of threats and the existing diversity of information sources pose challenges for Computer Emergency Response Teams (CERTs). In order to respond to new threats, CERTs need to gather information in a timely and comprehensive manner. However, the volume of information and sources can lead to information overload. This paper answers the question of how to reduce information overload for CERTs with the help of clustering methods. Conditions for such a framework were established and subsequently tested. In order to perform an evaluation, different types of evaluation metrics were introduced and selected in relation to the framework conditions. Furthermore, different vectorizations and distance measures in combination with the clustering methods were evaluated and interpreted. Two different ground-truth datasets were used for the evaluation, one containing threat messages and a dataset with messages from different news categories. The work shows that the K-means clustering method along with TF-IDF vectorization and cosine distance provide the best results in the domain of threat messages.
@techreport{kuehn_clustering_2022,
title = {Clustering of {Threat} {Information} to {Mitigate} {Information} {Overload} for {Computer} {Emergency} {Response} {Teams}},
copyright = {arXiv.org perpetual, non-exclusive license},
url = {https://arxiv.org/pdf/2210.14067.pdf},
abstract = {The constantly increasing number of threats and the existing diversity of information sources pose challenges for Computer Emergency Response Teams (CERTs). In order to respond to new threats, CERTs need to gather information in a timely and comprehensive manner. However, the volume of information and sources can lead to information overload. This paper answers the question of how to reduce information overload for CERTs with the help of clustering methods. Conditions for such a framework were established and subsequently tested. In order to perform an evaluation, different types of evaluation metrics were introduced and selected in relation to the framework conditions. Furthermore, different vectorizations and distance measures in combination with the clustering methods were evaluated and interpreted. Two different ground-truth datasets were used for the evaluation, one containing threat messages and a dataset with messages from different news categories. The work shows that the K-means clustering method along with TF-IDF vectorization and cosine distance provide the best results in the domain of threat messages.},
language = {en},
institution = {arXiv},
author = {Kuehn, Philipp and Kerk, Moritz and Wendelborn, Marc and Reuter, Christian},
year = {2022},
note = {https://doi.org/10.48550/arXiv.2210.14067},
keywords = {Student, Security, Projekt-ATHENE-SecUrban, Projekt-CYWARN},
}
[BibTeX] [Abstract] [Download PDF]
Information and communication technologies (ICT), including artificial intelligence, internet of things, and mobile applications can be utilized to tackle important societal challenges, such as the ongoing COVID-19 pandemic. While they may increase societal resilience, their design, functionality, and underlying infrastructures must be resilient against disruptions caused by anthropogenic, natural and hybrid crises, emergencies, and threats. In order to research challenges, designs, and potentials of interactive technologies, this workshop investigated the space of mobile technologies and resilient systems for crisis response, including the application domains of cyber threat and pandemic response.
@book{kaufhold_proceedings_2022,
address = {Darmstadt},
title = {Proceedings of the 2nd {Workshop} on {Mobile} {Resilience}: {Designing} {Interactive} {Systems} for {Crisis} {Response}},
url = {http://www.peasec.de/paper/2022/2022_KaufholdReuterComesMirbabaieStieglitz_Proceedings2ndWorkshopMobileResilience.pdf},
abstract = {Information and communication technologies (ICT), including artificial intelligence, internet of things, and mobile applications can be utilized to tackle important societal challenges, such as the ongoing COVID-19 pandemic. While they may increase societal resilience, their design, functionality, and underlying infrastructures must be resilient against disruptions caused by anthropogenic, natural and hybrid crises, emergencies, and threats. In order to research challenges, designs, and potentials of interactive technologies, this workshop investigated the space of mobile technologies and resilient systems for crisis response, including the application domains of cyber threat and pandemic response.},
publisher = {TUprints},
author = {Kaufhold, Marc-André and Reuter, Christian and Comes, Tina and Mirabaie, Milad and Stieglitz, Stefan},
year = {2022},
keywords = {Crisis, Projekt-CYWARN},
}
[BibTeX] [Abstract] [Download PDF]
Security Operation Centers are tasked with collecting and analyzing cyber threat data from multiple sources to communicate warning messages and solutions. These tasks are extensive and resource consuming, which makes supporting approaches valuable to experts. However, to implement such approaches, information about the challenges these experts face while performing these tasks is necessary. We therefore conducted semi-structured expert interviews to identify these challenges. By doing so, valuable insights into these challenges based on expert knowledge is acquired, which in return could be leveraged to develop automated approaches to support experts and address these challenges.
@inproceedings{basyurt_help_2022,
address = {Nürnberg},
title = {Help {Wanted} - {Challenges} in {Data} {Collection}, {Analysis} and {Communication} of {Cyber} {Threats} in {Security} {Operation} {Centers}},
url = {http://www.peasec.de/paper/2022/2022_BasyourtFrommKuehnKaufholdMirabaie_HelpWantedChallengesDataCollectionAnalysisCommunication_WI.pdf},
abstract = {Security Operation Centers are tasked with collecting and analyzing cyber threat data from multiple sources to communicate warning messages and solutions. These tasks are extensive and resource consuming, which makes supporting approaches valuable to experts. However, to implement such approaches, information about the challenges these experts face while performing these tasks is necessary. We therefore conducted semi-structured expert interviews to identify these challenges. By doing so, valuable insights into these challenges based on expert knowledge is acquired, which in return could be leveraged to develop automated approaches to support experts and address these challenges.},
booktitle = {Proceedings of the {International} {Conference} on {Wirtschaftsinformatik} ({WI})},
author = {Basyurt, Ali Sercan and Fromm, Jennifer and Kuehn, Philipp and Kaufhold, Marc-André and Mirabaie, Milad},
year = {2022},
keywords = {Ranking-CORE-C, Security, Projekt-CYWARN},
}
2021
[BibTeX] [Abstract] [Download PDF]
Die zweite, aktualisierte Auflage dieses Lehr- und Fachbuchs gibt eine fundierte und praxisbezogene Einführung sowie einen Überblick über Grundlagen, Methoden und Anwendungen der Mensch-Computer-Interaktion im Kontext von Sicherheit, Notfällen, Krisen, Katastrophen, Krieg und Frieden. Dies adressierend werden interaktive, mobile, ubiquitäre und kooperative Technologien sowie soziale Medien vorgestellt. Hierbei finden klassische Themen wie benutzbare (IT-)Sicherheit, Industrie 4.0, Katastrophenschutz, Medizin und Automobil, aber auch Augmented Reality, Crowdsourcing, Shitstorm Management, Social Media Analytics und Cyberwar ihren Platz. Methodisch wird das Spektrum von Usable Safety bis Usable Security Engineering von Analyse über Design bis Evaluation abgedeckt. Das Buch eignet sich ebenso als Lehrbuch für Studierende wie als Handbuch für Wissenschaftler, Designer, Entwickler und Anwender.
@book{reuter_sicherheitskritische_2021,
address = {Wiesbaden},
edition = {2},
title = {Sicherheitskritische {Mensch}-{Computer}-{Interaktion}: {Interaktive} {Technologien} und {Soziale} {Medien} im {Krisen}- und {Sicherheitsmanagement} ({Zweite} {Auflage})},
isbn = {978-3-658-32795-8},
url = {https://www.springer.com/de/book/9783658327941},
abstract = {Die zweite, aktualisierte Auflage dieses Lehr- und Fachbuchs gibt eine fundierte und praxisbezogene Einführung sowie einen Überblick über Grundlagen, Methoden und Anwendungen der Mensch-Computer-Interaktion im Kontext von Sicherheit, Notfällen, Krisen, Katastrophen, Krieg und Frieden. Dies adressierend werden interaktive, mobile, ubiquitäre und kooperative Technologien sowie soziale Medien vorgestellt. Hierbei finden klassische Themen wie benutzbare (IT-)Sicherheit, Industrie 4.0, Katastrophenschutz, Medizin und Automobil, aber auch Augmented Reality, Crowdsourcing, Shitstorm Management, Social Media Analytics und Cyberwar ihren Platz. Methodisch wird das Spektrum von Usable Safety bis Usable Security Engineering von Analyse über Design bis Evaluation abgedeckt. Das Buch eignet sich ebenso als Lehrbuch für Studierende wie als Handbuch für Wissenschaftler, Designer, Entwickler und Anwender.},
publisher = {Springer Vieweg},
author = {Reuter, Christian},
year = {2021},
keywords = {AuswahlCrisis, HCI, Selected, SocialMedia, UsableSec, Security, Projekt-KontiKat, Peace, Infrastructure, Projekt-ATHENE-SecUrban, Projekt-CYWARN, Projekt-emergenCITY},
}
[BibTeX] [Abstract] [Download PDF]
Many Germans perceive a brutalization of society, and state officials also report feeling under attack. At the same time, policing is criticised for becoming increasingly militarised and for having extended surveillance in the course of fighting terrorism. Advancements in HCI are used in the context of many of the issues that policing is facing. In this study, we conduct a representative survey of the German population to investigate personal experiences with and attitudes towards the police and information and communication technologies (ICT) used for policing. We find an overall positive image of the police and uncritical attitudes towards ICT used for general surveillance (body-worn cameras, video surveillance, face recognition) and slightly more critical attitudes towards personal surveillance (e.g. through communication data retention). The study indicates that perceptions differ according to experience of unfair treatment by the police, while other factors such as age and education have similar effects.
@inproceedings{haunschild_perceptions_2021,
address = {Bonn},
title = {Perceptions of {Police} {Technology} {Use} and {Attitudes} {Towards} the {Police} - {A} {Representative} {Survey} of the {German} {Population}},
volume = {Mensch und Computer 2021 - Workshopband},
url = {http://www.peasec.de/paper/2021/2021_HaunschildReuter_PoliceTechnologyUseSurvey_MuC-WS.pdf},
doi = {10.18420/muc2021-mci-ws08-255},
abstract = {Many Germans perceive a brutalization of society, and state officials also report feeling under attack. At the same time, policing is criticised for becoming increasingly militarised and for having extended surveillance in the course of fighting terrorism. Advancements in HCI are used in the context of many of the issues that policing is facing. In this study, we conduct a representative survey of the German population to investigate personal experiences with and attitudes towards the police and information and communication technologies (ICT) used for policing. We find an overall positive image of the police and uncritical attitudes towards ICT used for general surveillance (body-worn cameras, video surveillance, face recognition) and slightly more critical attitudes towards personal surveillance (e.g. through communication data retention). The study indicates that perceptions differ according to experience of unfair treatment by the police, while other factors such as age and education have similar effects.},
booktitle = {Workshop-{Proceedings} {Mensch} und {Computer}},
publisher = {Gesellschaft für Informatik e. V.},
author = {Haunschild, Jasmin and Reuter, Christian},
year = {2021},
keywords = {Security, Projekt-ATHENE-SecUrban, Projekt-CYWARN, Projekt-emergenCITY},
}
[BibTeX] [Abstract] [Download PDF]
Die sicherheitskritische Mensch-Computer-Interaktion (MCI) ist eine interdisziplinäre Herausforderung und ein für die Informatik und die jeweiligen Anwendungsdomänen ein zunehmend an Bedeutung gewinnendes Thema. Dieses Kapitel bietet eine Einfüh-rung in das Lehr- und Fachbuch „Sicherheitskritische Mensch-Computer-Interaktion – Interaktive Technologien und Soziale Medien im Krisen- und Sicherheitsmanagement“. Als didaktisch aufbereiteter, umfassender Überblick über Grundlagen, Methoden und Anwendungsgebiete soll es sowohl als vorlesungsbegleitende Lektüre als auch als Nach-schlagewerk für Personen aus Wissenschaft, Design und Entwicklung dienen. Dies ad-ressierend werden interaktive, mobile, ubiquitäre und kooperative Technologien sowie soziale Medien vorgestellt. Hierbei finden klassische Themen wie benutzbare (IT-)Sicherheit, Industrie 4.0, Katastrophenschutz, Medizin und Automobil, aber auch Augmented Reality, Crowdsourcing, Shitstorm Management, Social Media Analytics und Cyberwar ihren Platz. Methodisch wird das Spektrum von Usable Safety bis Usable Security Engineering, von Analyse über Design bis Evaluation abgedeckt.
@incollection{reuter_einleitung_2021,
address = {Wiesbaden, Germany},
edition = {2},
title = {Einleitung in die sicherheitskritische {Mensch}-{Computer}-{Interaktion}},
isbn = {978-3-658-32794-1},
url = {https://doi.org/10.1007/978-3-658-32795-8_1},
abstract = {Die sicherheitskritische Mensch-Computer-Interaktion (MCI) ist eine interdisziplinäre Herausforderung und ein für die Informatik und die jeweiligen Anwendungsdomänen ein zunehmend an Bedeutung gewinnendes Thema. Dieses Kapitel bietet eine Einfüh-rung in das Lehr- und Fachbuch „Sicherheitskritische Mensch-Computer-Interaktion – Interaktive Technologien und Soziale Medien im Krisen- und Sicherheitsmanagement“. Als didaktisch aufbereiteter, umfassender Überblick über Grundlagen, Methoden und Anwendungsgebiete soll es sowohl als vorlesungsbegleitende Lektüre als auch als Nach-schlagewerk für Personen aus Wissenschaft, Design und Entwicklung dienen. Dies ad-ressierend werden interaktive, mobile, ubiquitäre und kooperative Technologien sowie soziale Medien vorgestellt. Hierbei finden klassische Themen wie benutzbare (IT-)Sicherheit, Industrie 4.0, Katastrophenschutz, Medizin und Automobil, aber auch Augmented Reality, Crowdsourcing, Shitstorm Management, Social Media Analytics und Cyberwar ihren Platz. Methodisch wird das Spektrum von Usable Safety bis Usable Security Engineering, von Analyse über Design bis Evaluation abgedeckt.},
booktitle = {Sicherheitskritische {Mensch}-{Computer}-{Interaktion}: {Interaktive} {Technologien} und {Soziale} {Medien} im {Krisen}- und {Sicherheitsmanagement} ({Zweite} {Auflage})},
publisher = {Springer Vieweg},
author = {Reuter, Christian},
editor = {Reuter, Christian},
year = {2021},
keywords = {Crisis, HCI, UsableSec, Security, Projekt-CYWARN},
pages = {3--17},
}
[BibTeX] [Abstract] [Download PDF]
Die Nutzung sozialer Medien hat sich nicht nur im Alltag, sondern auch in vielen ver-schiedenen Notfällen, Krisen und Katastrophen etabliert. Dieser Prozess begann bereits vor etwa 20 Jahren nach den Terroranschlägen vom 11. September 2001. In den darauf-folgenden Jahren, vor allem aber dem letzten Jahrzehnt, wurde eine Vielzahl von Stu-dien veröffentlicht, die sich auf den Gebrauch von Informations- und Kommunikations-technologien einschließlich der sozialen Medien vor, während oder nach Notfällen kon-zentrieren. Dieser Forschungsbereich wird auch unter dem Begriff Crisis Informatics zusammengefasst. Das Ziel dieses Kapitels ist es, den Gebrauch von und die Forschung über soziale Medien in Katastrophen und Notfällen in den vergangenen 20 Jahren mit besonderem Schwerpunkt auf identifizierbare Nutzungsmuster und deren Wahrnehmung zusammenzufassen, um die bisherigen Ergebnisse und zukünftigen Potenziale herauszu-stellen.
@incollection{reuter_soziale_2021,
address = {Wiesbaden, Germany},
edition = {2},
title = {Soziale {Medien} in {Notfällen}, {Krisen} und {Katastrophen}},
isbn = {978-3-658-32794-1},
url = {https://doi.org/10.1007/978-3-658-32795-8_19},
abstract = {Die Nutzung sozialer Medien hat sich nicht nur im Alltag, sondern auch in vielen ver-schiedenen Notfällen, Krisen und Katastrophen etabliert. Dieser Prozess begann bereits vor etwa 20 Jahren nach den Terroranschlägen vom 11. September 2001. In den darauf-folgenden Jahren, vor allem aber dem letzten Jahrzehnt, wurde eine Vielzahl von Stu-dien veröffentlicht, die sich auf den Gebrauch von Informations- und Kommunikations-technologien einschließlich der sozialen Medien vor, während oder nach Notfällen kon-zentrieren. Dieser Forschungsbereich wird auch unter dem Begriff Crisis Informatics zusammengefasst. Das Ziel dieses Kapitels ist es, den Gebrauch von und die Forschung über soziale Medien in Katastrophen und Notfällen in den vergangenen 20 Jahren mit besonderem Schwerpunkt auf identifizierbare Nutzungsmuster und deren Wahrnehmung zusammenzufassen, um die bisherigen Ergebnisse und zukünftigen Potenziale herauszu-stellen.},
booktitle = {Sicherheitskritische {Mensch}-{Computer}-{Interaktion}: {Interaktive} {Technologien} und {Soziale} {Medien} im {Krisen}- und {Sicherheitsmanagement} ({Zweite} {Auflage})},
publisher = {Springer Vieweg},
author = {Reuter, Christian and Kaufhold, Marc-André},
editor = {Reuter, Christian},
year = {2021},
keywords = {Crisis, Security, Peace, Projekt-CYWARN},
pages = {407--430},
}
[BibTeX] [Abstract] [Download PDF]
Sicherheitskritische Mensch-Computer-Interaktion ist nicht nur derzeit ein hochaktuel-les Thema, sondern wird dies auch in Zukunft bleiben. Insofern ist ein Lehr- und Fach-buch wie dieses immer nur eine Momentaufnahme, und kann immer nur einen punktuel-len Stand abdecken. Dennoch kann der Versuch unternommen werden, aktuelle Trends zu identifizieren und einen Ausblick in die Zukunft zu wagen. Genau das möchte dieses Kapitel erreichen: Es sollen zukünftige Entwicklungen vorausgesagt und versucht wer-den, diese korrekt einzuordnen. Das ist an dieser Stelle nicht nur durch den Herausgeber, sondern durch Abfrage bei zahlreichen am Lehrbuch beteiligten Autor*innen geschehen. Neben einem Ausblick auf Grundlagen und Methoden werden dementsprechend auch sicherheitskritische interaktive Systeme und sicherheitskritische kooperative Systeme abgedeckt.
@incollection{reuter_zukunft_2021,
address = {Wiesbaden, Germany},
edition = {2},
title = {Die {Zukunft} sicherheitskritischer {Mensch}-{Computer}-{Interaktion}},
isbn = {978-3-658-19523-6},
url = {https://doi.org/10.1007/978-3-658-32795-8_31},
abstract = {Sicherheitskritische Mensch-Computer-Interaktion ist nicht nur derzeit ein hochaktuel-les Thema, sondern wird dies auch in Zukunft bleiben. Insofern ist ein Lehr- und Fach-buch wie dieses immer nur eine Momentaufnahme, und kann immer nur einen punktuel-len Stand abdecken. Dennoch kann der Versuch unternommen werden, aktuelle Trends zu identifizieren und einen Ausblick in die Zukunft zu wagen. Genau das möchte dieses Kapitel erreichen: Es sollen zukünftige Entwicklungen vorausgesagt und versucht wer-den, diese korrekt einzuordnen. Das ist an dieser Stelle nicht nur durch den Herausgeber, sondern durch Abfrage bei zahlreichen am Lehrbuch beteiligten Autor*innen geschehen. Neben einem Ausblick auf Grundlagen und Methoden werden dementsprechend auch sicherheitskritische interaktive Systeme und sicherheitskritische kooperative Systeme abgedeckt.},
booktitle = {Sicherheitskritische {Mensch}-{Computer}-{Interaktion}: {Interaktive} {Technologien} und {Soziale} {Medien} im {Krisen}- und {Sicherheitsmanagement} (2. {Auflage})},
publisher = {Springer Vieweg},
author = {Reuter, Christian and Aal, Konstantin and Beham, Frank and Boden, Alexander and Brauner, Florian and Ludwig, Thomas and Lukosch, Stephan and Fiedrich, Frank and Fuchs-Kittowski, Frank and Geisler, Stefan and Gennen, Klaus and Herrmann, Dominik and Kaufhold, Marc-André and Klafft, Michael and Lipprandt, Myriam and Lo Iacono, Luigi and Pipek, Volkmar and Mentler, Tilo and Nestler, Simon and Pottebaum, Jens and Quadflieg, Sven and Stieglitz, Stefan and Sturm, Christian and Rusch, Gebhard and Sackmann, Stefan and Volkamer, Melanie and Wulf, Volker},
editor = {Reuter, Christian},
year = {2021},
note = {https://doi.org/10.1007/978-3-658-32795-8\_31},
keywords = {Crisis, HCI, SocialMedia, UsableSec, Security, Projekt-KontiKat, Projekt-CYWARN},
pages = {673--681},
}
[BibTeX] [Abstract] [Download PDF]
Seit jeher hatten die Erkenntnisse aus Naturwissenschaft und Technik einen großen Einfluss auf die Art und Weise, wie Kriege und Konflikte ausgetragen wurden bezie-hungsweise werden. Im Kontext von Frieden und Sicherheit können Erkenntnisse, die eigentlich für zivile Kontexte gewonnen wurden, auch für militärische Auseinanderset-zungen genutzt werden (Dual-Use-Problematik). Seit einigen Jahren betrifft dies insbe-sondere die Informatik, die durch die militärische Nutzung von Computern, Cyberwar, Cyberspionage Information Warfare, aber auch in Bereichen wie Desinformationen kon-fliktäre Auseinandersetzungen unterstützen (und verstärken) kann. Auch werden Kon-flikte vermehrt im digitalen Raum ausgetragen, mit erschwerter Zuordnungsmöglichkeit von einzelnen (angreifenden) Akteur*innen. Im Gegenzug dazu bietet die Informatik jedoch auch für friedensstiftende Aktivitäten zahlreiche Einsatzmöglichkeiten. Dieses Kapitel möchte eine Einführung in die zunehmend an Bedeutung gewinnende Thematik liefern.
@incollection{reuter_informatik_2021,
address = {Wiesbaden, Germany},
edition = {2},
title = {Informatik für {Frieden}-, {Konflikt}- und {Sicherheitsforschung}},
isbn = {978-3-658-32794-1},
url = {https://doi.org/10.1007/978-3-658-32795-8_28},
abstract = {Seit jeher hatten die Erkenntnisse aus Naturwissenschaft und Technik einen großen Einfluss auf die Art und Weise, wie Kriege und Konflikte ausgetragen wurden bezie-hungsweise werden. Im Kontext von Frieden und Sicherheit können Erkenntnisse, die eigentlich für zivile Kontexte gewonnen wurden, auch für militärische Auseinanderset-zungen genutzt werden (Dual-Use-Problematik). Seit einigen Jahren betrifft dies insbe-sondere die Informatik, die durch die militärische Nutzung von Computern, Cyberwar, Cyberspionage Information Warfare, aber auch in Bereichen wie Desinformationen kon-fliktäre Auseinandersetzungen unterstützen (und verstärken) kann. Auch werden Kon-flikte vermehrt im digitalen Raum ausgetragen, mit erschwerter Zuordnungsmöglichkeit von einzelnen (angreifenden) Akteur*innen. Im Gegenzug dazu bietet die Informatik jedoch auch für friedensstiftende Aktivitäten zahlreiche Einsatzmöglichkeiten. Dieses Kapitel möchte eine Einführung in die zunehmend an Bedeutung gewinnende Thematik liefern.},
booktitle = {Sicherheitskritische {Mensch}-{Computer}-{Interaktion}: {Interaktive} {Technologien} und {Soziale} {Medien} im {Krisen}- und {Sicherheitsmanagement} ({Zweite} {Auflage})},
publisher = {Springer Vieweg},
author = {Reuter, Christian and Kaufhold, Marc-André},
editor = {Reuter, Christian},
year = {2021},
keywords = {Security, Peace, Projekt-DualUse, Projekt-CYWARN},
pages = {605--630},
}
[BibTeX] [Abstract] [Download PDF]
Vulnerability databases are one of the main information sources for IT security experts. Hence, the quality of their information is of utmost importance for anyone working in this area. Previous work has shown that machine readable information is either missing, incorrect, or inconsistent with other data sources. In this paper, we introduce a system called Overt Vulnerability source ANAlysis (OVANA), utilizing state-of-the-art machine learning (ML) and natural-language processing (NLP) techniques, which analyzes the information quality (IQ) of vulnerability databases, searches the free-form description for relevant information missing from structured fields, and updates it accordingly. Our paper shows that OVANA is able to improve the IQ of the National Vulnerability Database by 51.23\% based on the indicators of accuracy, completeness, and uniqueness. Moreover, we present information which should be incorporated into the structured fields to increase the uniqueness of vulnerability entries and improve the discriminability of different vulnerability entries. The identified information from OVANA enables a more targeted vulnerability search and provides guidance for IT security experts in finding relevant information in vulnerability descriptions for severity assessment.
@inproceedings{kuehn_ovana_2021,
title = {{OVANA}: {An} {Approach} to {Analyze} and {Improve} the {Information} {Quality} of {Vulnerability} {Databases}},
isbn = {978-1-4503-9051-4},
url = {https://peasec.de/paper/2021/2021_KuehnBayerWendelbornReuter_OVANAQualityVulnerabilityDatabases_ARES.pdf},
doi = {10.1145/3465481.3465744},
abstract = {Vulnerability databases are one of the main information sources for IT security experts. Hence, the quality of their information is of utmost importance for anyone working in this area. Previous work has shown that machine readable information is either missing, incorrect, or inconsistent with other data sources. In this paper, we introduce a system called Overt Vulnerability source ANAlysis (OVANA), utilizing state-of-the-art machine learning (ML) and natural-language processing (NLP) techniques, which analyzes the information quality (IQ) of vulnerability databases, searches the free-form description for relevant information missing from structured fields, and updates it accordingly. Our paper shows that OVANA is able to improve the IQ of the National Vulnerability Database by 51.23\% based on the indicators of accuracy, completeness, and uniqueness. Moreover, we present information which should be incorporated into the structured fields to increase the uniqueness of vulnerability entries and improve the discriminability of different vulnerability entries. The identified information from OVANA enables a more targeted vulnerability search and provides guidance for IT security experts in finding relevant information in vulnerability descriptions for severity assessment.},
booktitle = {Proceedings of the 16th {International} {Conference} on {Availability}, {Reliability} and {Security}},
publisher = {ACM},
author = {Kuehn, Philipp and Bayer, Markus and Wendelborn, Marc and Reuter, Christian},
year = {2021},
keywords = {Security, Peace, Ranking-CORE-B, AuswahlPeace, Projekt-ATHENE-SecUrban, Projekt-CYWARN},
pages = {1--11},
}
[BibTeX] [Abstract] [Download PDF]
Im Zentrum dieses Workshops steht die Interaktion von Mensch und Technik in sicherheitskritischen Kontexten. Hierzu zählen Anwendungsfelder, die bereits seit vielen Jahren Gegenstand der Forschung und Entwicklung sind. Beispiele sind Katastrophen-schutz oder Medizin, aber auch kritische Infrastrukturen. In die-sen und vielen weiteren Bereichen gilt, dass sichere Systemzu-stände nur durch die ganzheitliche Betrachtung von Mensch, Technik und Organisation gewährleistet bzw. schnellstmöglich wieder erreicht werden können. In diesem Zusammenhang ist der Workshop auch der Nutzbarkeit und Akzeptanz von Sicher-heitskonzepten sowie einer bewussteren Auseinandersetzung der Nutzenden mit diesem Thema gewidmet. Dieser Beitrag stellt die Themenkomplexe des Workshops, die angenommenen Bei-träge und das Organisationsteam vor.
@inproceedings{mentler_8_2021,
address = {Ingolstadt},
title = {8. {Workshop} {Mensch}-{Maschine}-{Interaktion} in sicherheitskritischen {Systemen}: {Ausnahmezustand}},
url = {https://dl.gi.de/handle/20.500.12116/37338},
doi = {10.18420/muc2021-mci-ws08-117},
abstract = {Im Zentrum dieses Workshops steht die Interaktion von Mensch und Technik in sicherheitskritischen Kontexten. Hierzu zählen Anwendungsfelder, die bereits seit vielen Jahren Gegenstand der Forschung und Entwicklung sind. Beispiele sind Katastrophen-schutz oder Medizin, aber auch kritische Infrastrukturen. In die-sen und vielen weiteren Bereichen gilt, dass sichere Systemzu-stände nur durch die ganzheitliche Betrachtung von Mensch, Technik und Organisation gewährleistet bzw. schnellstmöglich wieder erreicht werden können. In diesem Zusammenhang ist der Workshop auch der Nutzbarkeit und Akzeptanz von Sicher-heitskonzepten sowie einer bewussteren Auseinandersetzung der Nutzenden mit diesem Thema gewidmet. Dieser Beitrag stellt die Themenkomplexe des Workshops, die angenommenen Bei-träge und das Organisationsteam vor.},
booktitle = {Mensch und {Computer} 2021 - {Workshopband}},
publisher = {Gesellschaft für Informatik e.V.},
author = {Mentler, Tilo and Reuter, Christian and Nestler, Simon and Kaufhold, Marc-André and Herczeg, Michael and Pottebaum, Jens},
year = {2021},
keywords = {HCI, Security, Projekt-CYWARN},
}
[BibTeX] [Abstract] [Download PDF]
Past studies in the domains of information systems have analysed the potentials and barriers of social media in emergencies. While information disseminated in social media can lead to valuable insights, emergency services and researchers face the challenge of information overload as data quickly exceeds the manageable amount. We propose an embedding-based clustering approach and a method for the automated labelling of clusters. Given that the clustering quality is highly dependent on embeddings, we evaluate 19 embedding models with respect to time, internal cluster quality, and language invariance. The results show that it may be sensible to use embedding models that were already trained on other crisis datasets. However, one must ensure that the training data generalizes enough, so that the clustering can adapt to new situations. Confirming this, we found out that some embeddings were not able to perform as well on a German dataset as on an English dataset.
@inproceedings{bayer_information_2021,
title = {Information {Overload} in {Crisis} {Management}: {Bilingual} {Evaluation} of {Embedding} {Models} for {Clustering} {Social} {Media} {Posts} in {Emergencies}},
url = {https://peasec.de/paper/2021/2021_BayerKaufholdReuter_InformationOverloadInCrisisManagementBilingualEvaluation_ECIS.pdf},
abstract = {Past studies in the domains of information systems have analysed the potentials and barriers of social media in emergencies. While information disseminated in social media can lead to valuable insights, emergency services and researchers face the challenge of information overload as data quickly exceeds the manageable amount. We propose an embedding-based clustering approach and a method for the automated labelling of clusters. Given that the clustering quality is highly dependent on embeddings, we evaluate 19 embedding models with respect to time, internal cluster quality, and language invariance. The results show that it may be sensible to use embedding models that were already trained on other crisis datasets. However, one must ensure that the training data generalizes enough, so that the clustering can adapt to new situations. Confirming this, we found out that some embeddings were not able to perform as well on a German dataset as on an English dataset.},
booktitle = {Proceedings of the {European} {Conference} on {Information} {Systems} ({ECIS})},
author = {Bayer, Markus and Kaufhold, Marc-André and Reuter, Christian},
year = {2021},
keywords = {Crisis, SocialMedia, A-Paper, Ranking-CORE-A, Projekt-ATHENE-SecUrban, Projekt-CYWARN},
pages = {1--18},
}
[BibTeX] [Abstract] [Download PDF]
Social media have an enormous impact on modern life but are prone to the dissemination of false information. In several domains, such as crisis management or political communication, it is of utmost importance to detect false and to promote credible information. Although educational measures might help individuals to detect false information, the sheer volume of social big data, which sometimes need to be anal- ysed under time-critical constraints, calls for automated and (near) real- time assessment methods. Hence, this paper reviews existing approaches before designing and evaluating three deep learning models (MLP, RNN, BERT) for real-time credibility assessment using the example of Twitter posts. While our BERT implementation achieved best results with an accuracy of up to 87.07\% and an F1 score of 0.8764 when using meta- data, text, and user features, MLP and RNN showed lower classification quality but better performance for real-time application. Furthermore, the paper contributes with a novel dataset for credibility assessment.
@inproceedings{kaufhold_design_2021,
address = {Bratislava},
title = {Design and {Evaluation} of {Deep} {Learning} {Models} for {Real}-{Time} {Credibility} {Assessment} in {Twitter}},
url = {https://peasec.de/paper/2021/2021_KaufholdBayerHartungReuter_DeepLearningCredibilityAssessmentTwitter_ICANN.pdf},
doi = {https://doi.org/10.1007/978-3-030-86383-8_32},
abstract = {Social media have an enormous impact on modern life but are prone to the dissemination of false information. In several domains, such as crisis management or political communication, it is of utmost importance to detect false and to promote credible information. Although educational measures might help individuals to detect false information, the sheer volume of social big data, which sometimes need to be anal- ysed under time-critical constraints, calls for automated and (near) real- time assessment methods. Hence, this paper reviews existing approaches before designing and evaluating three deep learning models (MLP, RNN, BERT) for real-time credibility assessment using the example of Twitter posts. While our BERT implementation achieved best results with an accuracy of up to 87.07\% and an F1 score of 0.8764 when using meta- data, text, and user features, MLP and RNN showed lower classification quality but better performance for real-time application. Furthermore, the paper contributes with a novel dataset for credibility assessment.},
booktitle = {30th {International} {Conference} on {Artificial} {Neural} {Networks} ({ICANN2021})},
author = {Kaufhold, Marc-André and Bayer, Markus and Hartung, Daniel and Reuter, Christian},
year = {2021},
keywords = {Student, Security, Ranking-CORE-B, Projekt-ATHENE-SecUrban, Projekt-CYWARN},
pages = {1--13},
}
[BibTeX] [Abstract] [Download PDF]
Despite the merits of digitisation in private and professional spaces, critical infrastructures and societies are increasingly ex-posed to cyberattacks. Thus, Computer Emergency Response Teams (CERTs) are deployed in many countries and organisations to enhance the preventive and reactive capabilities against cyberattacks. However, their tasks are getting more complex by the increasing amount and varying quality of information dissem-inated into public channels. Adopting the perspectives of Crisis Informatics and safety-critical Human-Computer Interaction (HCI) and based on both a narrative literature review and group discussions, this paper first outlines the research agenda of the CYWARN project, which seeks to design strategies and technolo-gies for cross-platform cyber situational awareness and actor-spe-cific cyber threat communication. Second, it identifies and elabo-rates eight research challenges with regard to the monitoring, analysis and communication of cyber threats in CERTs, which serve as a starting point for in-depth research within the project.
@inproceedings{kaufhold_cywarn_2021,
address = {Bonn},
series = {Mensch und {Computer} 2021 - {Workshopband}},
title = {{CYWARN}: {Strategy} and {Technology} {Development} for {Cross}-{Platform} {Cyber} {Situational} {Awareness} and {Actor}-{Specific} {Cyber} {Threat} {Communication}},
url = {https://peasec.de/paper/2021/2021_Kaufholdetal_CYWARN-CyberSituationalAwareness_MuC-WS.pdf},
doi = {10.18420/muc2021-mci-ws08-263},
abstract = {Despite the merits of digitisation in private and professional spaces, critical infrastructures and societies are increasingly ex-posed to cyberattacks. Thus, Computer Emergency Response Teams (CERTs) are deployed in many countries and organisations to enhance the preventive and reactive capabilities against cyberattacks. However, their tasks are getting more complex by the increasing amount and varying quality of information dissem-inated into public channels. Adopting the perspectives of Crisis Informatics and safety-critical Human-Computer Interaction (HCI) and based on both a narrative literature review and group discussions, this paper first outlines the research agenda of the CYWARN project, which seeks to design strategies and technolo-gies for cross-platform cyber situational awareness and actor-spe-cific cyber threat communication. Second, it identifies and elabo-rates eight research challenges with regard to the monitoring, analysis and communication of cyber threats in CERTs, which serve as a starting point for in-depth research within the project.},
booktitle = {Workshop-{Proceedings} {Mensch} und {Computer}},
publisher = {Gesellschaft für Informatik},
author = {Kaufhold, Marc-André and Fromm, Jennifer and Riebe, Thea and Mirbabaie, Milad and Kuehn, Philipp and Basyurt, Ali Sercan and Bayer, Markus and Stöttinger, Marc and Eyilmez, Kaan and Möller, Reinhard and Fuchß, Christoph and Stieglitz, Stefan and Reuter, Christian},
year = {2021},
keywords = {Security, Projekt-CYWARN},
}
[BibTeX] [Abstract] [Download PDF]
Information and communication technologies (ICT), including artificial intelligence, internet of things, and mobile applications, can be utilized to tackle important societal challenges, such as the ongoing COVID-19 pandemic. While they may increase societal resilience, their design, functionality, and underlying infrastructures must be resilient against disruptions caused by anthropogenic, natural and hybrid crises, emergencies, and threats. In order to research challenges, designs, and potentials of interactive technologies, the second iteration of the workshop investigates the space of mobile technologies and resilient systems for crisis response, including the application domains of cyber threat and pandemic response.
@article{kaufhold_2nd_2021,
series = {{MobileHCI} '21 {Adjunct}},
title = {2nd {Workshop} on {Mobile} {Resilience}: {Designing} {Mobile} {Interactive} {Systems} for {Crisis} {Response}},
url = {https://peasec.de/paper/2021/2021_KaufholdReuterComesMirbabaieStieglitz_2ndWorkshopMobileResilience_MobileHCI.pdf},
doi = {10.1145/3447527.3474869},
abstract = {Information and communication technologies (ICT), including artificial intelligence, internet of things, and mobile applications, can be utilized to tackle important societal challenges, such as the ongoing COVID-19 pandemic. While they may increase societal resilience, their design, functionality, and underlying infrastructures must be resilient against disruptions caused by anthropogenic, natural and hybrid crises, emergencies, and threats. In order to research challenges, designs, and potentials of interactive technologies, the second iteration of the workshop investigates the space of mobile technologies and resilient systems for crisis response, including the application domains of cyber threat and pandemic response.},
journal = {MobileHCI '21: 23nd International Conference on Human-Computer Interaction with Mobile Devices and Services},
author = {Kaufhold, Marc-André and Reuter, Christian and Comes, Tina and Mirbabaie, Milad and Stieglitz, Stefan},
year = {2021},
keywords = {Crisis, Projekt-CYWARN},
}
[BibTeX] [Abstract] [Download PDF]
Marc-André Kaufhold explores user expectations and design implications for the utilization of new media in crisis management and response. He develops a novel framework for information refinement, which integrates the event, organisational, societal, and technological perspectives of crises. Therefore, he reviews the state of the art on crisis informatics and empirically examines the use, potentials and barriers of both social media and mobile apps. Based on these insights, he designs and evaluates ICT concepts and artifacts with the aim to overcome the issues of information overload and quality in large-scale crises, concluding with practical and theoretical implications for technology adaptation and design.
@book{kaufhold_information_2021,
address = {Wiesbaden, Germany},
title = {Information {Refinement} {Technologies} for {Crisis} {Informatics}: {User} {Expectations} and {Design} {Principles} for {Social} {Media} and {Mobile} {Apps}},
isbn = {978-3-658-33343-0},
url = {https://www.springer.com/gp/book/9783658333430},
abstract = {Marc-André Kaufhold explores user expectations and design implications for the utilization of new media in crisis management and response. He develops a novel framework for information refinement, which integrates the event, organisational, societal, and technological perspectives of crises. Therefore, he reviews the state of the art on crisis informatics and empirically examines the use, potentials and barriers of both social media and mobile apps. Based on these insights, he designs and evaluates ICT concepts and artifacts with the aim to overcome the issues of information overload and quality in large-scale crises, concluding with practical and theoretical implications for technology adaptation and design.},
publisher = {Springer Vieweg},
author = {Kaufhold, Marc-André},
year = {2021},
doi = {10.1007/978-3-658-33341-6},
keywords = {Crisis, Projekt-KontiKat, Projekt-ATHENE-SecUrban, Projekt-CYWARN, AuswahlKaufhold},
}
[BibTeX] [Abstract] [Download PDF]
Besides the merits of increasing digitization and interconnectedness in private and professional spaces, critical infrastructures and societies are more and more exposed to cyberattacks. In order to enhance the preventative and reactive capabilities against cyberattacks, Computer Emergency Response Teams (CERTs) are deployed in many countries and organizations. In Germany, CERTs in the public sector operate on federal and state level to provide information security services for authorities, citizens, and enterprises. Their tasks of monitoring, analyzing, and communicating threats and incidents is getting more complex due to the increasing amount of information disseminated into public channels. By adopting the perspectives of Computer-Supported Cooperative Work (CSCW) and Crisis Informatics, we contribute to the study of organizational structures, technology use, and the impact on collaborative practices in and between state CERTs with empirical research based on expert interviews with representatives of German state CERTs (N=15) and supplementary document analyses (N=25). We derive design and policy implications from our findings, including the need for interoperable and modular architecture, a shift towards service level agreements, cross-platform monitoring and analysis of incident data, use of deduplication techniques and standardized threat exchange formats, a reduction of resource costs through process automation, and transparent reporting and tool structures for information exchange.
@article{riebe_impact_2021,
title = {The {Impact} of {Organizational} {Structure} and {Technology} {Use} on {Collaborative} {Practices} in {Computer} {Emergency} {Response} {Teams}: {An} {Empirical} {Study}},
volume = {5},
url = {https://www.peasec.de/paper/2021/2021_RiebeKaufholdReuter_ComputerEmegencyResponseTeams_CSCW.pdf},
doi = {10.1145/3479865},
abstract = {Besides the merits of increasing digitization and interconnectedness in private and professional spaces, critical infrastructures and societies are more and more exposed to cyberattacks. In order to enhance the preventative and reactive capabilities against cyberattacks, Computer Emergency Response Teams (CERTs) are deployed in many countries and organizations. In Germany, CERTs in the public sector operate on federal and state level to provide information security services for authorities, citizens, and enterprises. Their tasks of monitoring, analyzing, and communicating threats and incidents is getting more complex due to the increasing amount of information disseminated into public channels. By adopting the perspectives of Computer-Supported Cooperative Work (CSCW) and Crisis Informatics, we contribute to the study of organizational structures, technology use, and the impact on collaborative practices in and between state CERTs with empirical research based on expert interviews with representatives of German state CERTs (N=15) and supplementary document analyses (N=25). We derive design and policy implications from our findings, including the need for interoperable and modular architecture, a shift towards service level agreements, cross-platform monitoring and analysis of incident data, use of deduplication techniques and standardized threat exchange formats, a reduction of resource costs through process automation, and transparent reporting and tool structures for information exchange.},
number = {CSCW2},
journal = {Proceedings of the ACM: Human Computer Interaction (PACM): Computer-Supported Cooperative Work and Social Computing},
author = {Riebe, Thea and Kaufhold, Marc-André and Reuter, Christian},
year = {2021},
keywords = {Crisis, UsableSec, Security, A-Paper, Ranking-CORE-A, Projekt-KontiKat, Projekt-ATHENE-SecUrban, Projekt-CYWARN, AuswahlUsableSec, AuswahlKaufhold},
}
[BibTeX] [Abstract] [Download PDF]
Receiving relevant information on possible cyber threats, attacks, and data breaches in a timely manner is crucial for early response. The social media platform Twitter hosts an active cyber security community. Their activities are often monitored manually by security experts, such as Computer Emergency Response Teams (CERTs). We thus propose a Twitter-based alert generation system that issues alerts to a system operator as soon as new relevant cyber security related topics emerge. Thereby, our system allows us to monitor user accounts with significantly less workload. Our system applies a supervised classifier, based on active learning, that detects tweets containing relevant information. The results indicate that uncertainty sampling can reduce the amount of manual relevance classification effort and enhance the classifier performance substantially compared to random sampling. Our approach reduces the number of accounts and tweets that are needed for the classifier training, thus making the tool easily and rapidly adaptable to the specific context while also supporting data minimization for Open Source Intelligence (OSINT). Relevant tweets are clustered by a greedy stream clustering algorithm in order to identify significant events. The proposed system is able to work near real-time within the required 15-minutes time frame and detects up to 93.8\% of relevant events with a false alert rate of 14.81\%.
@inproceedings{riebe_cysecalert_2021,
title = {{CySecAlert}: {An} {Alert} {Generation} {System} for {Cyber} {Security} {Events} {Using} {Open} {Source} {Intelligence} {Data}},
url = {https://peasec.de/paper/2021/2021_RiebeWirthBayerKuehnKaufholdKnautheGutheReuter_CySecAlertOpenSourceIntelligence_ICICS.pdf},
doi = {10.1007/978-3-030-86890-1_24},
abstract = {Receiving relevant information on possible cyber threats, attacks, and data breaches in a timely manner is crucial for early response. The social media platform Twitter hosts an active cyber security community. Their activities are often monitored manually by security experts, such as Computer Emergency Response Teams (CERTs). We thus propose a Twitter-based alert generation system that issues alerts to a system operator as soon as new relevant cyber security related topics emerge. Thereby, our system allows us to monitor user accounts with significantly less workload. Our system applies a supervised classifier, based on active learning, that detects tweets containing relevant information. The results indicate that uncertainty sampling can reduce the amount of manual relevance classification effort and enhance the classifier performance substantially compared to random sampling. Our approach reduces the number of accounts and tweets that are needed for the classifier training, thus making the tool easily and rapidly adaptable to the specific context while also supporting data minimization for Open Source Intelligence (OSINT). Relevant tweets are clustered by a greedy stream clustering algorithm in order to identify significant events. The proposed system is able to work near real-time within the required 15-minutes time frame and detects up to 93.8\% of relevant events with a false alert rate of 14.81\%.},
booktitle = {Information and {Communications} {Security} ({ICICS})},
author = {Riebe, Thea and Wirth, Tristan and Bayer, Markus and Kuehn, Philipp and Kaufhold, Marc-André and Knauthe, Volker and Guthe, Stefan and Reuter, Christian},
year = {2021},
keywords = {Student, UsableSec, Security, Ranking-CORE-B, Projekt-ATHENE-SecUrban, Projekt-CYWARN},
pages = {429--446},
}
[BibTeX] [Abstract] [Download PDF]
Smart cities aim at improving efficiency while providing safety and security by merging conventional infrastructures with information and communication technology. One strategy for mitigating hazardous situations and improving the overall resilience of the system is to involve citizens. For instance, smart grids involve prosumers – capable of producing and consuming electricity – who can adjust their electricity profile dynamically (i.e., decrease or increase electricity consumption), or use their local production to supply electricity to the grid. This mitigates the impact of peak-consumption periods on the grid and makes it easier for operators to control the grid. This involvement of prosumers is accompanied by numerous socio-technical challenges, including motivating citizens to contribute by adjusting their electricity consumption to the requirements of the energy grid. Towards this end, this work investigates motivational strategies and tools, including nudging, persuasive technologies, and incentives, that can be leveraged to increase the motivation of citizens. We discuss long-term and side effects and ethical and privacy considerations, before portraying bug bounty programs, gamification and apps as technologies and strategies to communicate the motivational strategies to citizens.
@article{egert_towards_2021,
series = {i-com},
title = {Towards {Resilient} {Critical} {Infrastructures} - {Motivating} {Users} to {Contribute} to {Smart} {Grid} {Resilience}},
volume = {20},
url = {https://www.degruyter.com/document/doi/10.1515/icom-2021-0021/html},
doi = {10.1515/icom-2021-0021},
abstract = {Smart cities aim at improving efficiency while providing safety and security by merging conventional infrastructures with information and communication technology. One strategy for mitigating hazardous situations and improving the overall resilience of the system is to involve citizens. For instance, smart grids involve prosumers - capable of producing and consuming electricity - who can adjust their electricity profile dynamically (i.e., decrease or increase electricity consumption), or use their local production to supply electricity to the grid. This mitigates the impact of peak-consumption periods on the grid and makes it easier for operators to control the grid. This involvement of prosumers is accompanied by numerous socio-technical challenges, including motivating citizens to contribute by adjusting their electricity consumption to the requirements of the energy grid. Towards this end, this work investigates motivational strategies and tools, including nudging, persuasive technologies, and incentives, that can be leveraged to increase the motivation of citizens. We discuss long-term and side effects and ethical and privacy considerations, before portraying bug bounty programs, gamification and apps as technologies and strategies to communicate the motivational strategies to citizens.},
number = {2},
journal = {i-com - Journal of Interactive Media},
author = {Egert, Rolf and Gerber, Nina and Haunschild, Jasmin and Kuehn, Philipp and Zimmermann, Verena},
year = {2021},
keywords = {Security, Infrastructure, Projekt-ATHENE-SecUrban, Projekt-CYWARN, Projekt-emergenCITY},
pages = {161--175},
}
2020
[BibTeX] [Abstract] [Download PDF]
Digitalization and interconnectedness, facilitated by the Internet of Things (IoT) and the widespread distribution of mobile devices, can be used to tackle important societal challenges. This is maybe most prominently visible in the response to the COVID-2019 Pandemic. However, the design of mobile technology, functionality and underlying infrastructures must be resilient against disruptions caused by man-made (e.g. bombings, hacking) and natural (e.g. earthquakes, hurricanes) crises, emergencies and threats. To explore challenges, designs and potentials of interactive technologies, this workshop investigates the overlapping space of mobile technologies and resilient systems, including future application domains such as smart cities.
@inproceedings{reuter_mobile_2020,
title = {Mobile {Resilience}: {Designing} {Mobile} {Interactive} {Systems} for {Societal} and {Technical} {Resilience}},
url = {https://dl.acm.org/doi/pdf/10.1145/3406324.3424590},
doi = {10.1145/3406324.3424590},
abstract = {Digitalization and interconnectedness, facilitated by the Internet of Things (IoT) and the widespread distribution of mobile devices, can be used to tackle important societal challenges. This is maybe most prominently visible in the response to the COVID-2019 Pandemic. However, the design of mobile technology, functionality and underlying infrastructures must be resilient against disruptions caused by man-made (e.g. bombings, hacking) and natural (e.g. earthquakes, hurricanes) crises, emergencies and threats. To explore challenges, designs and potentials of interactive technologies, this workshop investigates the overlapping space of mobile technologies and resilient systems, including future application domains such as smart cities.},
booktitle = {{MobileHCI} '20: 22nd {International} {Conference} on {Human}-{Computer} {Interaction} with {Mobile} {Devices} and {Services}},
author = {Reuter, Christian and Kaufhold, Marc-André and Comes, Tina and Knodt, Michèle and Mühlhäuser, Max},
year = {2020},
keywords = {Crisis, HCI, SocialMedia, Ranking-CORE-B, Projekt-ATHENE-SecUrban, Projekt-CYWARN, Projekt-emergenCITY},
pages = {1--3},
}
[BibTeX] [Abstract] [Download PDF]
Threats in cyberspace have increased in recent years due to the increment of offensive capabilities by states. Approaches to mitigate the security dilemma in cyberspace within the UN are deadlocked, as states have not been able to achieve agreements. However, from the perspective of IT-Security, there are Cyber Threat Intelligence (CTI) platforms to share and analyze cyber threats for a collective crisis management. To investigate, whether or not CTI platforms can be used as a confidence-building measure between states and international organizations, we portray current CTI platforms, showcase political requirements, and answer the question of how CTI communication may contribute to confidence-building in international affairs. Our results suggest the need to further develop analytical capabilities, as well as the implementation of a broad social, political, and legal environment for international CTI sharing.
@article{kuehn_sharing_2020,
title = {Sharing of {Cyber} {Threat} {Intelligence} between {States}},
volume = {38},
url = {http://www.peasec.de/paper/2020/2020_KuehnRiebeApeltJansenReuter_SharingCyberThreatIntelligence_SF.pdf},
doi = {10.5771/0175-274X-2020-1-22},
abstract = {Threats in cyberspace have increased in recent years due to the increment of offensive capabilities by states. Approaches to mitigate the security dilemma in cyberspace within the UN are deadlocked, as states have not been able to achieve agreements. However, from the perspective of IT-Security, there are Cyber Threat Intelligence (CTI) platforms to share and analyze cyber threats for a collective crisis management. To investigate, whether or not CTI platforms can be used as a confidence-building measure between states and international organizations, we portray current CTI platforms, showcase political requirements, and answer the question of how CTI communication may contribute to confidence-building in international affairs. Our results suggest the need to further develop analytical capabilities, as well as the implementation of a broad social, political, and legal environment for international CTI sharing.},
number = {1},
journal = {S+F Sicherheit und Frieden / Peace and Security},
author = {Kuehn, Philipp and Riebe, Thea and Apelt, Lynn and Jansen, Max and Reuter, Christian},
year = {2020},
keywords = {Student, Security, Peace, Projekt-DualUse, Cyberwar, Projekt-ATHENE-SecUrban, Projekt-CYWARN},
pages = {22--28},
}
[BibTeX] [Abstract]
In den letzten 20 Jahren haben sich mobile Technologien und soziale Medien nicht nur im Alltag, sondern auch in Krisensituationen etabliert. Insbesondere großflächige Ereignisse wie der Hurrikan Sandy (2012) oder das mitteleuropäische Hochwasser (2013) haben gezeigt, dass sich die Bevölkerung aktiv mit Informations- und Kommunikationstechnologie (IKT) an der Schadensbewältigung beteiligt (Reuter, Hughes, et al., 2018). Daraus ist das Forschungsfeld der Kriseninformatik entstanden, welches Wissen der Informatik und Gesellschaftswissenschaften kombiniert und zudem in Disziplinen wie der MenschMaschine-Interaktion (HCI), Computerunterstützten Gruppenarbeit (CSCW) und Wirtschaftsinformatik (WI) verankert ist. Während die Bevölkerung IKT einsetzt, um die Unsicherheiten in Krisen zu bewältigen, nutzen Behörden und Organisationen mit Sicherheitsaufgaben (BOS), etwa Feuerwehr und Polizei, öffentliche Daten, um das Situationsbewusstsein und die Entscheidungsfindung für eine bessere Schadensbewältigung zu verbessern (Palen & Anderson, 2016). Noch größere Katastrophen wie die aktuelle COVID-19-Pandemie verstärken dabei die Herausforderungen der Kriseninformatik (Xie et al., 2020). Für BOS stellt die umfangreiche Menge heterogener und semantisch verknüpfter Daten, auch Social Big Data genannt (Olshannikova et al., 2017), eine große Herausforderung im Hinblick auf die Qualität, Quantität und den Zugriff auf relevante Informationen dar. Um ein Situationsbewusstsein und nutzbare Informationen, d. h. die richtigen Informationen zur richtigen Zeit bei der richtigen Person, zu erhalten (Zade et al., 2018), müssen Informationen auf die Bedingungen des Ereignisses, organisationale Anforderungen, soziale Rahmenbedingungen und technische Möglichkeiten verfeinert werden. Diese Dissertation kombiniert das methodische Framework der Designfallstudien (Wulf et al., 2011) mit den Prinzipien der Design-Science-Forschung (Hevner et al., 2004), um das Thema der Informationsverfeinerung (Information Refinement) in vier Phasen zu untersuchen, wovon jede unterschiedliche Forschungsbeiträge hervorbringt. Die Arbeit begutachtet zunächst Nutzungs-, Rollen- und Wahrnehmungsmuster in der Kriseninformatik und stellt die Potenziale sozialer Medien zur öffentlichen Teilhabe an der Krisenbewältigung heraus. Die empirische Studien mit der deutschen Bevölkerung zeigen die positiven Einstellungen und die steigende Nutzung mobiler und sozialer Technologien in Krisen, stellen aber auch Barrieren heraus und zeigen die Erwartung, dass BOS in soziale Medien aktiv sind. Die Ergebnisse fundieren das Design innovativer IKT-Artefakte, darunter visuelle Bevölkerungsrichtlinien für soziale Medien in Krisen (SMG), ein Web-Interface für BOS zur Aggregation mobiler und sozialer Daten (ESI), ein Algorithmus zur Extraktion relevanter Informationen in sozialen Medien (SMO), und eine mobile App für die bidirektionale Kommunikation zwischen BOS und Bevölkerung (112.social). Die Evaluation der Artefakte involviert EndnutzerInnen aus dem Anwendungsfeld des Krisenmanagements, um potenziale für Verbesserungen und zukünftige Forschung zu identifizieren. Die Arbeit schließt mit einem Framework zur Informationsverfeinerung für die Kriseninformatik ab, welche die event-, gesellschafts-, organisation- und technologiebasierte Perspektive integriert.
@book{kaufhold_information_2020,
address = {Darmstadt, Germany},
title = {Information {Refinement} {Technologies} for {Crisis} {Informatics}: {User} {Expectations} and {Design} {Implications} for {Social} {Media} and {Mobile} {Apps} in {Crisis}},
abstract = {In den letzten 20 Jahren haben sich mobile Technologien und soziale Medien nicht nur im Alltag, sondern auch in Krisensituationen etabliert. Insbesondere großflächige Ereignisse wie der Hurrikan Sandy (2012) oder das mitteleuropäische Hochwasser (2013) haben gezeigt, dass sich die Bevölkerung aktiv mit Informations- und Kommunikationstechnologie (IKT) an der Schadensbewältigung beteiligt (Reuter, Hughes, et al., 2018). Daraus ist das Forschungsfeld der Kriseninformatik entstanden, welches Wissen der Informatik und Gesellschaftswissenschaften kombiniert und zudem in Disziplinen wie der MenschMaschine-Interaktion (HCI), Computerunterstützten Gruppenarbeit (CSCW) und Wirtschaftsinformatik (WI) verankert ist. Während die Bevölkerung IKT einsetzt, um die Unsicherheiten in Krisen zu bewältigen, nutzen Behörden und Organisationen mit Sicherheitsaufgaben (BOS), etwa Feuerwehr und Polizei, öffentliche Daten, um das Situationsbewusstsein und die Entscheidungsfindung für eine bessere Schadensbewältigung zu verbessern (Palen \& Anderson, 2016). Noch größere Katastrophen wie die aktuelle COVID-19-Pandemie verstärken dabei die Herausforderungen der Kriseninformatik (Xie et al., 2020). Für BOS stellt die umfangreiche Menge heterogener und semantisch verknüpfter Daten, auch Social Big Data genannt (Olshannikova et al., 2017), eine große Herausforderung im Hinblick auf die Qualität, Quantität und den Zugriff auf relevante Informationen dar. Um ein Situationsbewusstsein und nutzbare Informationen, d. h. die richtigen Informationen zur richtigen Zeit bei der richtigen Person, zu erhalten (Zade et al., 2018), müssen Informationen auf die Bedingungen des Ereignisses, organisationale Anforderungen, soziale Rahmenbedingungen und technische Möglichkeiten verfeinert werden. Diese Dissertation kombiniert das methodische Framework der Designfallstudien (Wulf et al., 2011) mit den Prinzipien der Design-Science-Forschung (Hevner et al., 2004), um das Thema der Informationsverfeinerung (Information Refinement) in vier Phasen zu untersuchen, wovon jede unterschiedliche Forschungsbeiträge hervorbringt. Die Arbeit begutachtet zunächst Nutzungs-, Rollen- und Wahrnehmungsmuster in der Kriseninformatik und stellt die Potenziale sozialer Medien zur öffentlichen Teilhabe an der Krisenbewältigung heraus. Die empirische Studien mit der deutschen Bevölkerung zeigen die positiven Einstellungen und die steigende Nutzung mobiler und sozialer Technologien in Krisen, stellen aber auch Barrieren heraus und zeigen die Erwartung, dass BOS in soziale Medien aktiv sind. Die Ergebnisse fundieren das Design innovativer IKT-Artefakte, darunter visuelle Bevölkerungsrichtlinien für soziale Medien in Krisen (SMG), ein Web-Interface für BOS zur Aggregation mobiler und sozialer Daten (ESI), ein Algorithmus zur Extraktion relevanter Informationen in sozialen Medien (SMO), und eine mobile App für die bidirektionale Kommunikation zwischen BOS und Bevölkerung (112.social). Die Evaluation der Artefakte involviert EndnutzerInnen aus dem Anwendungsfeld des Krisenmanagements, um potenziale für Verbesserungen und zukünftige Forschung zu identifizieren. Die Arbeit schließt mit einem Framework zur Informationsverfeinerung für die Kriseninformatik ab, welche die event-, gesellschafts-, organisation- und technologiebasierte Perspektive integriert.},
publisher = {Dissertation (Dr. rer. nat.), Department of Computer Science, Technische Unviersität Darmstadt},
author = {Kaufhold, Marc-André},
year = {2020},
keywords = {Crisis, Projekt-KontiKat, Projekt-ATHENE-SecUrban, Projekt-CYWARN},
}