Grüner, A., Mühle, A., Meinel, C.: Using Probabilistic Attribute Aggregation for Increasing Trust in Attribute Assurance.Proceedings of the 2019 IEEE Symposium Series on Computational Intelligence in Cyber Security. IEEE, Xiamen, China (2019).
Identity management is an essential cornerstone of securing online services. Service provisioning relies on correct and valid attributes of a digital identity. Therefore, the identity provider is a trusted third party with a specific trust requirement towards a verified attribute supply. This trust demand implies a significant dependency on users and service providers. We propose a novel attribute aggregation method to reduce the reliance on one identity provider. Trust in an attribute is modelled as a combined assurance of several identity providers based on probability distributions. We formally describe the proposed aggregation model. The resulting trust model is implemented in a gateway that is used for authentication with self-sovereign identity solutions. Thereby, we devise a service provider specific web of trust that constitutes an intermediate approach bridging a global hierarchical model and a locally decentralized peer to peer scheme.
Further Information
AbstractIdentity management is an essential cornerstone of securing online services. Service provisioning relies on correct and valid attributes of a digital identity. Therefore, the identity provider is a trusted third party with a specific trust requirement towards a verified attribute supply. This trust demand implies a significant dependency on users and service providers. We propose a novel attribute aggregation method to reduce the reliance on one identity provider. Trust in an attribute is modelled as a combined assurance of several identity providers based on probability distributions. We formally describe the proposed aggregation model. The resulting trust model is implemented in a gateway that is used for authentication with self-sovereign identity solutions. Thereby, we devise a service provider specific web of trust that constitutes an intermediate approach bridging a global hierarchical model and a locally decentralized peer to peer scheme.
John, C.T., Staubitz, T., Meinel, C.: Took a MOOC. Got a Certificate. What now?2019 IEEE Frontiers in Education Conference (FIE) (2019).
Alhosseini, S.A., Bin Tareaf, R., Najafi, P., Meinel, C.: Detect Me If You Can: Spam Bot Detection Using Inductive Representation Learning.WWW19, World Wide Web Conference. ACM, San Francisco, USA (2019).
Graupner, H., Torkura, K.A., Sukmana, M.I.H., Meinel, C.: Secure Deduplication on Public Cloud Storage.Proceedings of the 2019 4th International Conference on Big Data and Computing. p. 34--41. ACM (2019).
Bethge, J., Yang, H., Bornstein, M., Meinel, C.: BinaryDenseNet: Developing an Architecture for Binary Neural Networks.The IEEE International Conference on Computer Vision (ICCV) Workshops (2019).
von Schmieden, K., Staubitz, T., Mayer, L., Meinel, C.: Skill Confidence Ratings in a MOOC: Examining the Link between Skill Confidence and Learner Development.CSEDU (2019).
von Schmieden, K., Mayer, L., Meinel, C.: Learner Response to Brainstorming Techniques in a Design Thinking MOOC.Cumulus Conference Proceedings. pp. 443-455. Cumulus Design Conference (2019).
Podlesny, N.J., Kayem, A.V.D.M., Meinel, C.: Identifying Data Exposure Across Distributed High-Dimensional Health Data Silos through Bayesian Networks Optimised by Multigrid and Manifold.2019 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech). p. 556--563. IEEE (2019).
Podlesny, N.J., Kayem, A.V.D.M., Meinel, C.: Attribute Compartmentation and Greedy UCC Discovery for High-Dimensional Data Anonymization.Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy. p. 109--119. ACM (2019).
Podlesny, N.J., Kayem, A.V.D.M., Meinel, C., Jungmann, S.: How Data Anonymisation Techniques influence Disease Triage in Digital Health: A Study on Base Rate Neglect.Proceedings of the 9th International Conference on Digital Public Health. p. 55--62. ACM (2019).
Podlesny, N.J., Kayem, A.V.D.M., Meinel, C.: Towards Identifying De-anonymisation Risks in Distributed Health Data Silos.International Conference on Database and Expert Systems Applications. p. 33--43. Springer (2019).
von Schmieden, K., Mayer, L., Taheri, M., Meinel, C.: Iterative Course Design in MOOCs: Evaluating a protoMOOC.Proceedings of the Design Society: International Conference on Engineering Design. pp. 539-548. Cambridge University Press (2019).
Traifeh, H., Staubitz, T., Meinel, C.: Improving learner experience and participation in MOOCs: A design thinking approach.2019 Learning With MOOCS (LWMOOCS) (2019).
Staubitz, T., Teusner, R., Meinel, C.: MOOCs in Secondary Education - Experiments and Observations from German Classrooms.2019 IEEE Global Engineering Education Conference (EDUCON). pp. 173-182 (2019).
Computer science education in German schools is often less than optimal. It is only mandatory in a few of the federal states and there is a lack of qualified teachers. As a MOOC (Massive Open Online Course) provider with a German background, we developed the idea to implement a MOOC addressing pupils in secondary schools to fill this gap. The course targeted high school pupils and enabled them to learn the Python programming language. In 2014, we successfully conducted the first iteration of this MOOC with more than 7000 participants. However, the share of pupils in the course was not quite satisfactory. So we conducted several workshops with teachers to find out why they had not used the course to the extent that we had imagined. The paper at hand explores and discusses the steps we have taken in the following years as a result of these workshops.
Further Information
AbstractComputer science education in German schools is often less than optimal. It is only mandatory in a few of the federal states and there is a lack of qualified teachers. As a MOOC (Massive Open Online Course) provider with a German background, we developed the idea to implement a MOOC addressing pupils in secondary schools to fill this gap. The course targeted high school pupils and enabled them to learn the Python programming language. In 2014, we successfully conducted the first iteration of this MOOC with more than 7000 participants. However, the share of pupils in the course was not quite satisfactory. So we conducted several workshops with teachers to find out why they had not used the course to the extent that we had imagined. The paper at hand explores and discusses the steps we have taken in the following years as a result of these workshops.
Najafi, P., Mühle, A., Pünter, W., Cheng, F., Meinel, C.: MalRank: A Measure of Maliciousness in SIEM-based Knowledge Graphs.Proceedings of the 35th Annual Computer Security Applications Conference. p. 417--429. ACM (2019).
In this paper, we formulate threat detection in SIEM environments as a large-scale graph inference problem. We introduce a SIEM- based knowledge graph which models global associations among entities observed in proxy and DNS logs, enriched with related open-source intelligence (OSINT) and cyber threat intelligence (CTI). Next, we propose MalRank, a graph-based inference algorithm designed to infer a node maliciousness score based on its associations to other entities presented in the knowledge graph, e.g., shared IP ranges or name servers. After a series of experiments on real-world data captured from a global enterprise’s SIEM (spanning over 3TB of disk space), we show that MalRank maintains a high detection rate (AUC = 96%) outperforming its predecessor, Belief Propagation, both in terms of accuracy and efficiency. Furthermore, we show that this approach is effective in identifying previously unknown malicious entities such as malicious domain names and IP addresses. The system proposed in this research can be implemented in conjunction with an organization’s SIEM, providing a maliciousness score for all observed entities, hence aiding SOC investigations.
Further Information
AbstractIn this paper, we formulate threat detection in SIEM environments as a large-scale graph inference problem. We introduce a SIEM- based knowledge graph which models global associations among entities observed in proxy and DNS logs, enriched with related open-source intelligence (OSINT) and cyber threat intelligence (CTI). Next, we propose MalRank, a graph-based inference algorithm designed to infer a node maliciousness score based on its associations to other entities presented in the knowledge graph, e.g., shared IP ranges or name servers. After a series of experiments on real-world data captured from a global enterprise’s SIEM (spanning over 3TB of disk space), we show that MalRank maintains a high detection rate (AUC = 96%) outperforming its predecessor, Belief Propagation, both in terms of accuracy and efficiency. Furthermore, we show that this approach is effective in identifying previously unknown malicious entities such as malicious domain names and IP addresses. The system proposed in this research can be implemented in conjunction with an organization’s SIEM, providing a maliciousness score for all observed entities, hence aiding SOC investigations.
von Schmieden, K., Staubitz, T., Mayer, L., Meinel, C.: Skill Confidence Ratings in a MOOC: Examining the Link Between Skill Confidence and Learner Development.Proceedings of the 11th International Conference on Computer Supported Education. pp. 533-40 (2019).
Bin Tareaf, R., Alhosseini, S.A., Meinel, C.: Facial-Based Personality Prediction Models For Estimating Individuals Private Traits.The 12th IEEE International Conference on Social Computing and Networking ( IEEE SocialCom)). IEEE, Xiamen, China (2019).
Bin Tareaf, R., Alhosseini, S.A., Meinel, C.: Cross-Platform Personality Exploration System for Online Social Networks: Facebook vs. Twitter.Journal of Web Intelligence Consortium (WIC). (2019).
von Schmieden, K., Meinel, C.: Utilizing Warm-Up Games in MOOC Discussion Forums.EMOOCs-WiP. pp. 218-223 (2019).
Staubitz, T., Meinel, C.: Graded Team Assignments in MOOCs: Effects of Team Composition and Further Factors on Team Dropout Rates and Performance.Proceedings of the Sixth (2019) ACM Conference on Learning @ Scale. p. 5:1--5:10. ACM, Chicago, IL, USA (2019).
The ability to work in teams is an important skill in today's work environments. In MOOCs, however, team work, team tasks, and graded team-based assignments play only a marginal role. To close this gap, we have been exploring ways to integrate graded team-based assignments in MOOCs. Some goals of our work are to determine simple criteria to match teams in a volatile environment and to enable a frictionless online collaboration for the participants within our MOOC platform. The high dropout rates in MOOCs pose particular challenges for team work in this context. By now, we have conducted 15 MOOCs containing graded team-based assignments in a variety of topics. The paper at hand presents a study that aims to establish a solid understanding of the participants in the team tasks. Furthermore, we attempt to determine which team compositions are particularly successful. Finally, we examine how several modifications to our platform's collaborative toolset have affected the dropout rates and performance of the teams.
Further Information
AbstractThe ability to work in teams is an important skill in today's work environments. In MOOCs, however, team work, team tasks, and graded team-based assignments play only a marginal role. To close this gap, we have been exploring ways to integrate graded team-based assignments in MOOCs. Some goals of our work are to determine simple criteria to match teams in a volatile environment and to enable a frictionless online collaboration for the participants within our MOOC platform. The high dropout rates in MOOCs pose particular challenges for team work in this context. By now, we have conducted 15 MOOCs containing graded team-based assignments in a variety of topics. The paper at hand presents a study that aims to establish a solid understanding of the participants in the team tasks. Furthermore, we attempt to determine which team compositions are particularly successful. Finally, we examine how several modifications to our platform's collaborative toolset have affected the dropout rates and performance of the teams.
John, C.T., Staubitz, T., Meinel, C.: Performance of Men and Women in Graded Team Assignments in MOOCs.2019 Learning With MOOCS (LWMOOCS) (2019).
Rohloff, T., Sauer, D., Meinel, C.: On the Acceptance and Usefulness of Personalized Learning Objectives in MOOCs.Proceedings of the Sixth ACM Conference on Learning @ Scale. p. 4:1--4:10. ACM, Chicago, IL, USA (2019).
With Massive Open Online Courses (MOOCs) the number of people having access to higher education increased rapidly. The intentions to enroll for a specific course vary significantly and depend on one's professional or personal learning needs and interests. All learners have in common that they pursue their individual learning objectives. However, predominant MOOC platforms follow a one-size-fits-all approach and primarily aim for completion with certification. Specifically, technical support for goal-oriented and self-regulated learning to date is very limited in this context although both learning strategies are proven to be key factors for students' achievement in large-scale online learning environments. In this first investigation, a concept for the application and technical integration of personalized learning objectives in a MOOC platform is realized and assessed. It is evaluated with a mixed-method approach. First, the learners' acceptance is examined with a multivariate A/B test in two courses. Second, a survey was conducted to gather further feedback about the perceived usefulness, next to the acceptance. The results show a positive perception by the learners, which paves the way for future research.
Further Information
AbstractWith Massive Open Online Courses (MOOCs) the number of people having access to higher education increased rapidly. The intentions to enroll for a specific course vary significantly and depend on one's professional or personal learning needs and interests. All learners have in common that they pursue their individual learning objectives. However, predominant MOOC platforms follow a one-size-fits-all approach and primarily aim for completion with certification. Specifically, technical support for goal-oriented and self-regulated learning to date is very limited in this context although both learning strategies are proven to be key factors for students' achievement in large-scale online learning environments. In this first investigation, a concept for the application and technical integration of personalized learning objectives in a MOOC platform is realized and assessed. It is evaluated with a mixed-method approach. First, the learners' acceptance is examined with a multivariate A/B test in two courses. Second, a survey was conducted to gather further feedback about the perceived usefulness, next to the acceptance. The results show a positive perception by the learners, which paves the way for future research.
Bothe, M., Meinel, C.: Applied Mobile-Assisted Seamless Learning Techniques in MOOCs. In: Calise, M., Delgado Kloos, C., Reich, J., Ruiperez-Valiente, J.A., and Wirsing, M. (eds.) Digital Education: At the MOOC Crossroads Where the Interests of Academia and Business Converge. p. 21--30. Springer International Publishing, Cham (2019).
As Massive Open Online Courses (MOOCs) are nowadays used in an increasingly ubiquitous manner, the learning process gets disrupted every time learners change context. Mobile-Assisted Seamless Learning (MSL) techniques have been identified to reduce unwanted overhead for learners and streamline their learning process. However, technical implementations vary across the industry. This paper examines existing MSL research and applied techniques in the context of MOOCs. Therefore, we discussed related MSL research topics. Afterward, eleven characteristic MSL features were selected and compared their implementations across five major MOOC platforms. While web applications provide a bigger feature set, mobile clients offer advanced offline capabilities. Based on the findings, a concept outlines how MSL features can enhance the learning experience on MOOC platforms while considering the technical feasibility.
Further Information
Editor(s)Calise, Mauro and Delgado Kloos, Carlos and Reich, Justin and Ruiperez-Valiente, Jose A. and Wirsing, Martin
AbstractAs Massive Open Online Courses (MOOCs) are nowadays used in an increasingly ubiquitous manner, the learning process gets disrupted every time learners change context. Mobile-Assisted Seamless Learning (MSL) techniques have been identified to reduce unwanted overhead for learners and streamline their learning process. However, technical implementations vary across the industry. This paper examines existing MSL research and applied techniques in the context of MOOCs. Therefore, we discussed related MSL research topics. Afterward, eleven characteristic MSL features were selected and compared their implementations across five major MOOC platforms. While web applications provide a bigger feature set, mobile clients offer advanced offline capabilities. Based on the findings, a concept outlines how MSL features can enhance the learning experience on MOOC platforms while considering the technical feasibility.
Rohloff, T., Renz, J., Suarez, G.N., Meinel, C.: A Ubiquitous Learning Analytics Architecture for a Service-Oriented MOOC Platform. In: Calise, M., Delgado Kloos, C., Reich, J., Ruiperez-Valiente, J.A., and Wirsing, M. (eds.) Digital Education: At the MOOC Crossroads Where the Interests of Academia and Business Converge (EMOOCs 2019). p. 162--171. Springer International Publishing, Cham (2019).
As Massive Open Online Courses (MOOCs) generate a huge amount of learning activity data through its thousands of users, great potential is provided to use this data to understand and optimize the learning experience and outcome, which is the goal of Learning Analytics. But first, the data needs to be collected, processed, analyzed and reported in order to gain actionable insights. Technical concepts and implementations are rarely accessible and therefore this work presents an architecture how Learning Analytics can be implemented in a service-oriented MOOC platform. To achieve that, a service based on extensible schema-agnostic processing pipelines is introduced for the HPI MOOC platform. The approach was evaluated regarding its scalability, extensibility, and versatility with real-world use cases. Also, data privacy was taken into account. Based on five years of running the service in production on several platform deployments, six design recommendations are presented which can be utilized as best practices for platform vendors and researchers when implementing Learning Analytics in MOOCs.
Further Information
Editor(s)Calise, Mauro and Delgado Kloos, Carlos and Reich, Justin and Ruiperez-Valiente, Jose A. and Wirsing, Martin
AbstractAs Massive Open Online Courses (MOOCs) generate a huge amount of learning activity data through its thousands of users, great potential is provided to use this data to understand and optimize the learning experience and outcome, which is the goal of Learning Analytics. But first, the data needs to be collected, processed, analyzed and reported in order to gain actionable insights. Technical concepts and implementations are rarely accessible and therefore this work presents an architecture how Learning Analytics can be implemented in a service-oriented MOOC platform. To achieve that, a service based on extensible schema-agnostic processing pipelines is introduced for the HPI MOOC platform. The approach was evaluated regarding its scalability, extensibility, and versatility with real-world use cases. Also, data privacy was taken into account. Based on five years of running the service in production on several platform deployments, six design recommendations are presented which can be utilized as best practices for platform vendors and researchers when implementing Learning Analytics in MOOCs.
Grüner, A., Mühle, A., Meinel, C.: An Integration Architecture to Enable Service Providers for Self-sovereign Identity.Proceedings of the 18th. International Symposium on Network Computing and Applications. IEEE, Boston, MA (2019).
The self-sovereign identity management model emerged with the rise of blockchain technology. This paradigm focuses on user-centricity and strives to place the user in full control of the digital identity. Numerous implementations embrace the self-sovereign identity concept, leading to a fragmented landscape of solutions. At the same time, traditional identity and access management protocols are largely disregarded and facilities to issue verifiable claims as attributes are not available. Therefore, service providers barely adopt these solutions. We propose a component-based architecture for integrating selfsovereign identity solutions into web applications to foster their adoption by service providers. Furthermore, we outline a sample implementation as a gateway that enables uPort and Jolocom for authentication, via the OpenID Connect protocol, as well as the retrieval of email address attestations for these solutions.
Further Information
AbstractThe self-sovereign identity management model emerged with the rise of blockchain technology. This paradigm focuses on user-centricity and strives to place the user in full control of the digital identity. Numerous implementations embrace the self-sovereign identity concept, leading to a fragmented landscape of solutions. At the same time, traditional identity and access management protocols are largely disregarded and facilities to issue verifiable claims as attributes are not available. Therefore, service providers barely adopt these solutions. We propose a component-based architecture for integrating selfsovereign identity solutions into web applications to foster their adoption by service providers. Furthermore, we outline a sample implementation as a gateway that enables uPort and Jolocom for authentication, via the OpenID Connect protocol, as well as the retrieval of email address attestations for these solutions.
Torkura, K. .A., Sukmana, M.I.H., Cheng, F., Meinel, C.: Security Chaos Engineering for Cloud Services.The Proceedings of 18th IEEE International Symposium on Network Computing and Applications (NCA 2019). IEEE (2019).
Torkura, K. .A., Sukmana, M.I.H., Cheng, F., Meinel, C.: SlingShot: Automated Threat Detection and Incident Response in Multi-Cloud Storage Systems.The Proceedings of 18th IEEE International Symposium on Network Computing and Applications (NCA 2019). IEEE (2019).
Bethge, J., Yang, H., Meinel, C.: Training Accurate Binary Neural Networks from Scratch.2019 26th IEEE International Conference on Image Processing (ICIP) (2019).
Binary neural networks are a promising approach to execute convolutional neural networks on devices with low computational power. Previous work on this subject often quantizes pretrained full-precision models and uses complex training strategies. In our work, we focus on increasing the performance of binary neural networks by training from scratch with a simple training strategy. In our experiments we show that we are able to achieve state-of-the-art results on standard benchmark datasets. Further, we analyze how full-precision network structures can be adapted for efficient binary networks and adopt a network architecture based on a DenseNet for binary networks, which lets us improve the state-of-the-art even further. Our source code can be found online: https://github.com/hpi-xnor/BMXNet-v2
Further Information
AbstractBinary neural networks are a promising approach to execute convolutional neural networks on devices with low computational power. Previous work on this subject often quantizes pretrained full-precision models and uses complex training strategies. In our work, we focus on increasing the performance of binary neural networks by training from scratch with a simple training strategy. In our experiments we show that we are able to achieve state-of-the-art results on standard benchmark datasets. Further, we analyze how full-precision network structures can be adapted for efficient binary networks and adopt a network architecture based on a DenseNet for binary networks, which lets us improve the state-of-the-art even further. Our source code can be found online: https://github.com/hpi-xnor/BMXNet-v2
Rohloff, T., Oldag, S., Renz, J., Meinel, C.: Utilizing Web Analytics in the Context of Learning Analytics for Large-Scale Online Learning.2019 IEEE Global Engineering Education Conference (EDUCON). pp. 296-305 (2019).
Today, Web Analytics (WA) is commonly used to obtain key information about users and their behavior on websites. Besides, with the rise of online learning, Learning Analytics (LA) emerged as a separate research field for collecting and analyzing learners’ interactions on online learning platforms. Although the foundation of both methods is similar, WA has not been profoundly used for LA purposes. However, especially large-scale online learning environments may benefit from WA as it is more sophisticated and well-established in comparison to LA. Therefore, this paper aims to examine to what extent WA can be utilized in this context, without compromising the learners’ data privacy. For this purpose, Google Analytics was integrated into the Massive Open Online Course platform of the Hasso Plattner Institute as a proof of concept. It was tested with two deployments of the platform: openHPI and openSAP, where thousands of learners gain academic and industry knowledge about engineering education. Besides capturing behavioral data, the platforms’ existing LA dashboards were extended by WA metrics. The evaluation of the integration showed that WA covers a large part of the relevant metrics and is particularly suitable for obtaining an overview of the platform’s global activity, but reaches its limitations when it comes to learner-specific metrics.
Further Information
AbstractToday, Web Analytics (WA) is commonly used to obtain key information about users and their behavior on websites. Besides, with the rise of online learning, Learning Analytics (LA) emerged as a separate research field for collecting and analyzing learners’ interactions on online learning platforms. Although the foundation of both methods is similar, WA has not been profoundly used for LA purposes. However, especially large-scale online learning environments may benefit from WA as it is more sophisticated and well-established in comparison to LA. Therefore, this paper aims to examine to what extent WA can be utilized in this context, without compromising the learners’ data privacy. For this purpose, Google Analytics was integrated into the Massive Open Online Course platform of the Hasso Plattner Institute as a proof of concept. It was tested with two deployments of the platform: openHPI and openSAP, where thousands of learners gain academic and industry knowledge about engineering education. Besides capturing behavioral data, the platforms’ existing LA dashboards were extended by WA metrics. The evaluation of the integration showed that WA covers a large part of the relevant metrics and is particularly suitable for obtaining an overview of the platform’s global activity, but reaches its limitations when it comes to learner-specific metrics.
Bothe, M., Renz, J., Rohloff, T., Meinel, C.: From MOOCs to Micro Learning Activities.2019 IEEE Global Engineering Education Conference (EDUCON). pp. 280-288 (2019).
Mobile devices are omnipresent in our daily lives. They are utilized for a variety of tasks and used multiple times for short periods throughout the day. MOOC providers optimized their platforms for these devices in order to support ubiquitous learning. While a combination of desktop and mobile learning yields improved course performances, standalone learning on mobile devices does not perform in the same manner. One indicator for this is the mismatch between the average usage pattern of mobile devices and the time to consume one content item in a MOOC. Micro learning builds on bite-sized learning material and focusses on short-term learning sessions. This work examines the potential of micro learning activities in the context of MOOCs. Therefore, a framework for video-based micro learning is presented, which features a personalized curriculum. Videos are suggested to the user in a non-linear order that is determined by content dependencies, users’ preferences and watched videos, as well as explicit and implicit user feedback. A mobile application was implemented to test the approach with restructured MOOC content resulting in 58 connected short videos about engineering education – e.g. web technologies and programming languages. The usage data indicates initial curiosity by the users. To improve retention rates, more user motivation will be required for future studies. A survey gathered additional qualitative feedback. While the content suggestions were seen as a vital feature for such an approach, the results showed good interest and acceptance rates to create a better learning experience for MOOCs on mobile devices.
Further Information
AbstractMobile devices are omnipresent in our daily lives. They are utilized for a variety of tasks and used multiple times for short periods throughout the day. MOOC providers optimized their platforms for these devices in order to support ubiquitous learning. While a combination of desktop and mobile learning yields improved course performances, standalone learning on mobile devices does not perform in the same manner. One indicator for this is the mismatch between the average usage pattern of mobile devices and the time to consume one content item in a MOOC. Micro learning builds on bite-sized learning material and focusses on short-term learning sessions. This work examines the potential of micro learning activities in the context of MOOCs. Therefore, a framework for video-based micro learning is presented, which features a personalized curriculum. Videos are suggested to the user in a non-linear order that is determined by content dependencies, users’ preferences and watched videos, as well as explicit and implicit user feedback. A mobile application was implemented to test the approach with restructured MOOC content resulting in 58 connected short videos about engineering education – e.g. web technologies and programming languages. The usage data indicates initial curiosity by the users. To improve retention rates, more user motivation will be required for future studies. A survey gathered additional qualitative feedback. While the content suggestions were seen as a vital feature for such an approach, the results showed good interest and acceptance rates to create a better learning experience for MOOCs on mobile devices.
Sukmana, M.I.H., Torkura, K.A., Graupner, H., Chauhan, A., Cheng, F., Meinel, C.: Supporting Internet-Based Location for Location-Based Access Control in Enterprise Cloud Storage Solution.International Conference on Advanced Information Networking and Applications. p. 1240--1253. Springer (2019).
Sukmana, M.I.H., Torkura, K.A., Graupner, H., Cheng, F., Meinel, C.: Unified Cloud Access Control Model for Cloud Storage Broker.2019 International Conference on Information Networking (ICOIN). p. 60--65. IEEE (2019).
Pelchen, C., Jaeger, D., Cheng, F., Meinel, C.: The (Persistent) Threat of Weak Passwords: Implementation of a Semi-automatic Password-Cracking Algorithm.Proceedings of the 15th International Conference on Information Security Practice and Experience. Springer (2019).
Sukmana, M.I.H., Petzolt, M., Torkura, K.A., Graupner, H., Cheng, F., Meinel, C.: Secure and Scalable Multi-Company Management in Enterprise Cloud Storage Broker System. (2019).
Grüner, A., Mühle, A., Gayvoronskaya, T., Meinel, C.: A Comparative Analysis of Trust Requirements in Decentralized Identity Management.Proceedings of the 33rd. International Conference on Advanced Information Networking and Applications. Springer, Matsue, Japan (2019).
Identity management is a fundamental component in securing online services. Isolated and centralized identity models have been applied within organizations. Moreover, identity federations connect digital identities across trust domain boundaries. These traditional models have been thoroughly studied with regard to trust requirements. The recently emerging blockchain technology enables a novel decentralized identity management model that targets user-centricity and eliminates the identity provider as a trusted third party. The result is a substantially different set of entities with mutual trust requirements. In this paper, we analyze decentralized identity management based on blockchain through defining topology patterns. These patterns depict schematically the decentralized setting and its main actors. We study trust requirements for the devised patterns and, finally, compare the result to traditional models. Our contribution enables a clear view of differences in trust requirements within the various models.
Further Information
AbstractIdentity management is a fundamental component in securing online services. Isolated and centralized identity models have been applied within organizations. Moreover, identity federations connect digital identities across trust domain boundaries. These traditional models have been thoroughly studied with regard to trust requirements. The recently emerging blockchain technology enables a novel decentralized identity management model that targets user-centricity and eliminates the identity provider as a trusted third party. The result is a substantially different set of entities with mutual trust requirements. In this paper, we analyze decentralized identity management based on blockchain through defining topology patterns. These patterns depict schematically the decentralized setting and its main actors. We study trust requirements for the devised patterns and, finally, compare the result to traditional models. Our contribution enables a clear view of differences in trust requirements within the various models.
Rohloff, T., Bothe, M., Meinel, C.: Visualizing Content Exploration Traces of MOOC Students.Companion Proceedings of the 9th International Conference on Learning Analytics & Knowledge (LAK19). p. 754--758 (2019).
This workshop paper introduces a novel approach to visualize content exploration traces of students who navigate through the learning material of Massive Open Online Courses (MOOCs). This can help teachers to identify trends and anomalies in their provided learning material in order to improve the learning experience. The difficulty lies in the complexity of data: MOOCs are structured into multiple sections consisting of different learning items and students can navigate freely between them. Therefore, it is challenging to find a meaningful and comprehensible visualization that provides a complete overview for teachers. We utilized a Sankey diagram which shows the students' transitions between course sections by grouping them into different buckets, based on the percentage of visited items in the corresponding section. Three preceding data processing steps are explained as well as the data visualization with an example course. This is followed by pedagogical considerations how MOOC teachers can utilize and interpret the visualization, to gain meaningful insights and execute informed actions. At last, an evaluation concept is outlined.
Further Information
AbstractThis workshop paper introduces a novel approach to visualize content exploration traces of students who navigate through the learning material of Massive Open Online Courses (MOOCs). This can help teachers to identify trends and anomalies in their provided learning material in order to improve the learning experience. The difficulty lies in the complexity of data: MOOCs are structured into multiple sections consisting of different learning items and students can navigate freely between them. Therefore, it is challenging to find a meaningful and comprehensible visualization that provides a complete overview for teachers. We utilized a Sankey diagram which shows the students' transitions between course sections by grouping them into different buckets, based on the percentage of visited items in the corresponding section. Three preceding data processing steps are explained as well as the data visualization with an example course. This is followed by pedagogical considerations how MOOC teachers can utilize and interpret the visualization, to gain meaningful insights and execute informed actions. At last, an evaluation concept is outlined.
Meinig, M., Sukmana, M.I.H., Torkura, K.A., Meinel, C.: Holistic Strategy-Based Threat Model for Organizations.Proceedings of the 10th International Conference on Ambient Systems, Networks and Technologies (ANT 2019). Elsevier Science, Leuven, Belgium (2019).
Data breaches, privacy violations and cyber-attacks are growing problems for companies and governmental organizations. Threat modelling serves as a heuristic procedure of methodological validation of organizations, system designs, software architectures to identify threats. The earlier this happens in the design process, the more cost-effective it is to identify and fix security vulnerabilities and therefore it reduces the possibility of risk happening. Classical literature sources and Internet sources offer different representations of attacker strategies and threat classifications. It is often difficult to apply these schemes to one’s own organization and often the size of them is comprehensible only for experts. In order to improve the understanding of security threats, particularly in the management levels, we provide a structured overview of the most common threat classification schemes and propose a classification model focusing on threats that first considers the specific organization and in a further step presents the courses of action of an attacker in this organization.
Further Information
AbstractData breaches, privacy violations and cyber-attacks are growing problems for companies and governmental organizations. Threat modelling serves as a heuristic procedure of methodological validation of organizations, system designs, software architectures to identify threats. The earlier this happens in the design process, the more cost-effective it is to identify and fix security vulnerabilities and therefore it reduces the possibility of risk happening. Classical literature sources and Internet sources offer different representations of attacker strategies and threat classifications. It is often difficult to apply these schemes to one’s own organization and often the size of them is comprehensible only for experts. In order to improve the understanding of security threats, particularly in the management levels, we provide a structured overview of the most common threat classification schemes and propose a classification model focusing on threats that first considers the specific organization and in a further step presents the courses of action of an attacker in this organization.
Meinig, M., Tröger, P., Meinel, C.: Rough Logs - A Data Reduction Approach for Log Files.Proceedings of the 21st International Conference on Enterprise Information Systems (ICEIS 2019). SCITEPRESS – Science and Technology Publications, Lda, Heraklion, Crete - Greece (2019).
Modern scalable information systems produce a constant stream of log records to describe their activities and current state. This data is increasingly used for online anomaly analysis, so that dependability problems such as security incidents can be detected while the system is running. Due to the constant scaling of many such systems, the amount of processed log data is a significant aspect to be considered in the choice of any anomaly detection approach. We therefore present a new idea for log data reduction called ‘rough logs’. It utilizes rough set theory for reducing the number of attributes being collected in log data for representing events in the system. We tested the approach in a large case study - the experiments showed that data reduction possibilities proposed by our approach remain valid even when the log information is modified due to anomalies happening in the system.
Further Information
AbstractModern scalable information systems produce a constant stream of log records to describe their activities and current state. This data is increasingly used for online anomaly analysis, so that dependability problems such as security incidents can be detected while the system is running. Due to the constant scaling of many such systems, the amount of processed log data is a significant aspect to be considered in the choice of any anomaly detection approach. We therefore present a new idea for log data reduction called ‘rough logs’. It utilizes rough set theory for reducing the number of attributes being collected in log data for representing events in the system. We tested the approach in a large case study - the experiments showed that data reduction possibilities proposed by our approach remain valid even when the log information is modified due to anomalies happening in the system.
Bock, B., Matysik, J.-T., Krentz, K.-F., Meinel, C.: Link Layer Key Revocation and Rekeying for the Adaptive Key Establishment Scheme.Proceedings of the IEEE 5th World Forum on Internet of Things (WF-IoT). IEEE, Limerick, Ireland (2019).
While the IEEE 802.15.4 radio standard has many features that meet the requirements of Internet of things (IoT) applications, IEEE 802.15.4 leaves the whole issue of key management unstandardized. To address this gap, Krentz et al. proposed the Adaptive Key Establishment Scheme (AKES), which establishes session keys for use in IEEE 802.15.4 security. Yet, AKES does not cover all aspects of key management. In particular, AKES comprises no means for key revocation and rekeying. Moreover, existing protocols for key revocation and rekeying seem limited in various ways. In this paper, we hence propose a key revocation and rekeying protocol, which is designed to overcome various limitations of current protocols for key revocation and rekeying. For example, our protocol seems unique in that it routes around IEEE 802.15.4 nodes whose keys are being revoked. We succesfully implemented and evaluated our protocol using the Contiki-NG operating system and aiocoap.
Further Information
AbstractWhile the IEEE 802.15.4 radio standard has many features that meet the requirements of Internet of things (IoT) applications, IEEE 802.15.4 leaves the whole issue of key management unstandardized. To address this gap, Krentz et al. proposed the Adaptive Key Establishment Scheme (AKES), which establishes session keys for use in IEEE 802.15.4 security. Yet, AKES does not cover all aspects of key management. In particular, AKES comprises no means for key revocation and rekeying. Moreover, existing protocols for key revocation and rekeying seem limited in various ways. In this paper, we hence propose a key revocation and rekeying protocol, which is designed to overcome various limitations of current protocols for key revocation and rekeying. For example, our protocol seems unique in that it routes around IEEE 802.15.4 nodes whose keys are being revoked. We succesfully implemented and evaluated our protocol using the Contiki-NG operating system and aiocoap.
Seidel, F., Krentz, K.-F., Meinel, C.: Deep En-Route Filtering of Constrained Application Protocol (CoAP) Messages on 6LoWPAN Border Routers.Proceedings of the IEEE 5th World Forum on Internet of Things (WF-IoT). IEEE, Limerick, Ireland (2019).
Devices on the IoT are usually battery-powered and have limited resources. Hence, energy-efficient and lightweight protocols were designed for IoT devices, such as the popular CoAP. Yet, CoAP itself does not include any defenses against denial-of-sleep attacks, which are attacks that aim at depriving victim devices of entering low-power sleep modes. For example, a denial-of-sleep attack against an IoT device that runs a CoAP server is to send plenty of CoAP messages to it, thereby forcing the IoT device to expend energy for receiving and processing these CoAP messages. All current security solutions for CoAP, namely DTLS, IPsec, and OSCORE, fail to prevent such attacks. To fill this gap, Seitz et al. proposed a method for filtering out inauthentic and replayed CoAP messages "en-route" on 6LoWPAN border routers. In this paper, we expand on Seitz et al.'s proposal in two ways. First, we revise Seitz et al.'s software architecture so that 6LoWPAN border routers can not only check the authenticity and freshness of CoAP messages, but can also perform a wide range of further checks. Second, we propose a couple of such further checks, which, as compared to Seitz et al.'s original checks, more reliably protect IoT devices that run CoAP servers from remote denial-of-sleep attacks, as well as from remote exploits. We prototyped our solution and successfully tested its compatibility with Contiki-NG's CoAP implementation.
Further Information
AbstractDevices on the IoT are usually battery-powered and have limited resources. Hence, energy-efficient and lightweight protocols were designed for IoT devices, such as the popular CoAP. Yet, CoAP itself does not include any defenses against denial-of-sleep attacks, which are attacks that aim at depriving victim devices of entering low-power sleep modes. For example, a denial-of-sleep attack against an IoT device that runs a CoAP server is to send plenty of CoAP messages to it, thereby forcing the IoT device to expend energy for receiving and processing these CoAP messages. All current security solutions for CoAP, namely DTLS, IPsec, and OSCORE, fail to prevent such attacks. To fill this gap, Seitz et al. proposed a method for filtering out inauthentic and replayed CoAP messages "en-route" on 6LoWPAN border routers. In this paper, we expand on Seitz et al.'s proposal in two ways. First, we revise Seitz et al.'s software architecture so that 6LoWPAN border routers can not only check the authenticity and freshness of CoAP messages, but can also perform a wide range of further checks. Second, we propose a couple of such further checks, which, as compared to Seitz et al.'s original checks, more reliably protect IoT devices that run CoAP servers from remote denial-of-sleep attacks, as well as from remote exploits. We prototyped our solution and successfully tested its compatibility with Contiki-NG's CoAP implementation.
Bin Tareaf, R., Berger, P., Hennig, P., Meinel, C.: Personality Exploration System for Online Social Networks: Facebook Brands As a Use Case.IEEE/WIC/ACM International Conference on Web Intelligence. IEEE Press, Santiago, Chile (2019).
User-generated content on social media platforms is a rich source of latent information about individual variables. Crawling and analyzing this content provides a new approach for enterprises to personalize services and put forward product recommendations. In the past few years, brands made a gradual appearance on social media platforms for advertisement, customers support and public relation purposes and by now it became a necessity throughout all branches. This online identity can be represented as a brand personality that reflects how a brand is perceived by its customers. We exploited recent research in text analysis and personality detection to build an automatic brand personality prediction model on top of the (Five-Factor Model) and (Linguistic Inquiry and Word Count) features extracted from publicly available benchmarks. The proposed model reported significant accuracy in predicting specific personality traits form brands. For evaluating our prediction results on actual brands, we crawled the Facebook API for 100k posts from the most valuable brands’ pages in the USA and we visualize exemplars of comparison results and present suggestions for future directions.
Further Information
AbstractUser-generated content on social media platforms is a rich source of latent information about individual variables. Crawling and analyzing this content provides a new approach for enterprises to personalize services and put forward product recommendations. In the past few years, brands made a gradual appearance on social media platforms for advertisement, customers support and public relation purposes and by now it became a necessity throughout all branches. This online identity can be represented as a brand personality that reflects how a brand is perceived by its customers. We exploited recent research in text analysis and personality detection to build an automatic brand personality prediction model on top of the (Five-Factor Model) and (Linguistic Inquiry and Word Count) features extracted from publicly available benchmarks. The proposed model reported significant accuracy in predicting specific personality traits form brands. For evaluating our prediction results on actual brands, we crawled the Facebook API for 100k posts from the most valuable brands’ pages in the USA and we visualize exemplars of comparison results and present suggestions for future directions.
Rezaei, M., Yang, H., Meinel, C.: Learning Imbalanced Semantic Segmentation through Cross-Domain Relations of Multi-Agent Generative Adversarial Networks.SPIE Medical Imaging - Computer Aided Diagnosis (SPIE 2019) (2019).
Meinig, M., Tröger, P., Meinel, C.: Finding Classification Zone Violations with Anonymized Message Flow Analysis.Proceedings of the 5th Conference on Information Systems Security and Privacy (ICISSP 2019). SCITEPRESS – Science and Technology Publications, Lda, Prague, Czech Republic (2019).
Modern information infrastructures and organizations increasingly face the problem of data breaches and cyber-attacks. A traditional method for dealing with this problem are classification zones, such as ‘top secret’, ‘confidential’, and ‘unclassified’, which regulate the access of persons, hardware, and software to data records. In this paper, we present an approach that finds classification zone violations through automated message flow analysis. Our approach considers the problem of anonymization for the source event logs, which makes the resulting data flow model sharable with experts and the public. We discuss practical implications from applying the approach to a large governmental organization data set and discuss how the anonymity of our concept can be formally validated.
Further Information
AbstractModern information infrastructures and organizations increasingly face the problem of data breaches and cyber-attacks. A traditional method for dealing with this problem are classification zones, such as ‘top secret’, ‘confidential’, and ‘unclassified’, which regulate the access of persons, hardware, and software to data records. In this paper, we present an approach that finds classification zone violations through automated message flow analysis. Our approach considers the problem of anonymization for the source event logs, which makes the resulting data flow model sharable with experts and the public. We discuss practical implications from applying the approach to a large governmental organization data set and discuss how the anonymity of our concept can be formally validated.
Bin Tareaf, R., Alhosseini, S.A., Berger, P., Hennig, P., Meinel, C.: Towards Automatic Personality Prediction Using Facebook Likes Metadata. In: 14th International Conference on Intelligent Systems, I.E.E.E. and Knowledge Engineering, D. (eds.) The 14th IEEE International Conference on Intelligent Systems and Knowledge Engineering. IEEE, Dalian, China (2019).
Further Information
Editor(s)14th International Conference on Intelligent Systems, IEEE and Knowledge Engineering, Dalian, China.
Rohloff, T., Bothe, M., Renz, J., Meinel, C.: Towards a Better Understanding of Mobile Learning in MOOCs.Proceedings of the 5th Learning with MOOCs Conference (LWMOOCs 2018) (2018).
The pervasive presence of mobile devices and growing trends like ubiquitous learning make new demands on Massive Open Online Courses (MOOCs). Users learn increasingly on the go and with multiple devices, instead of being tied to a fixed workstation. However, there is a lack of research how the usage of mobile devices influences the learning behavior and outcome in MOOCs. Thus, this paper presents a first quantitative study to examine this question. To enable a statistical analysis, a proof-of-concept implementation outline is presented, which enhances the Learning Analytics capabilities of the openHPI MOOC platform with contextual data to process various learning behavior metrics. Based on an analysis of four courses, it was found that users who additionally learnt with mobile applications showed a higher engagement with the learning material and completed the course more often. Nevertheless, the reasoning must be addressed with qualitative analyses in future, to better support their learning process and success on mobile and stationary devices.
Further Information
AbstractThe pervasive presence of mobile devices and growing trends like ubiquitous learning make new demands on Massive Open Online Courses (MOOCs). Users learn increasingly on the go and with multiple devices, instead of being tied to a fixed workstation. However, there is a lack of research how the usage of mobile devices influences the learning behavior and outcome in MOOCs. Thus, this paper presents a first quantitative study to examine this question. To enable a statistical analysis, a proof-of-concept implementation outline is presented, which enhances the Learning Analytics capabilities of the openHPI MOOC platform with contextual data to process various learning behavior metrics. Based on an analysis of four courses, it was found that users who additionally learnt with mobile applications showed a higher engagement with the learning material and completed the course more often. Nevertheless, the reasoning must be addressed with qualitative analyses in future, to better support their learning process and success on mobile and stationary devices.
Shams, A., Bin Tareaf, R., Renz, J., Meinel, C.: Smart MOOC-Social Computing for Learning and Knowledge Sharing.Proceedings of the 10th International Conference on Computer Supported Education, CSEDU 2018, Funchal, Madeira, Portugal, March 15-17, 2018, Volume 2. p. 391--396. , Capr Town, South Africa (2018).
Massive Open Online Courses(MOOCs) make use of educational technologies to deliver learning materials, supposedly open for everyone, usually with a capacity to serve a substantial number of learners regardless of their geographical locations. A recent advancement in mobile technologies and wireless communications in Africa has produced a conducive digital environment enough to support mobile learning. However, only a handful of learners from Africa participates in online learning compared to their massive engagement in online social networking. Internet-based Social media programs make most of the connections with students for social purposes and yet far less with educational intentions. Participation in mobile learning is still small in the region particular to the Social media who already possess necessary resources for e-learning. Therefore it remains unclear though in which ways, Social media may help to boost mobile learning through its utilization of programs and computation power. This paper argues the best possible approaches aiming to increase the involvement of MOOCs to Africa via a Social network.
Further Information
AbstractMassive Open Online Courses(MOOCs) make use of educational technologies to deliver learning materials, supposedly open for everyone, usually with a capacity to serve a substantial number of learners regardless of their geographical locations. A recent advancement in mobile technologies and wireless communications in Africa has produced a conducive digital environment enough to support mobile learning. However, only a handful of learners from Africa participates in online learning compared to their massive engagement in online social networking. Internet-based Social media programs make most of the connections with students for social purposes and yet far less with educational intentions. Participation in mobile learning is still small in the region particular to the Social media who already possess necessary resources for e-learning. Therefore it remains unclear though in which ways, Social media may help to boost mobile learning through its utilization of programs and computation power. This paper argues the best possible approaches aiming to increase the involvement of MOOCs to Africa via a Social network.
Sukmana, M.I.H., Torkura, K.A., Cheng, F., Meinel, C., Graupner, H.: Unified logging system for monitoring multiple cloud storage providers in cloud storage broker.Information Networking (ICOIN), 2018 International Conference on. p. 44--49. IEEE (2018).
Grüner, A., Mühle, A., Gayvoronskaya, T., Meinel, C.: A Quantifiable Trust Model for Blockchain-Based Identity Management.Proceedings of the 2018 International Conference on Blockchain. IEEE, Halifax, Canada (2018).
Removing the need for a trusted third party, blockchain technology revolutionizes the field of identity management. Service providers rely on digital identities to securely identify, authenticate and authorize users to their services. Traditionally, these digital identities are offered by a central identity provider belonging to a specific organisation. Trust in the digital identity mainly originates from the identity provider’s reputation, organizational functioning and contractual obligations. Blockchain technology enables the creation of decentralized identity management without a central identity provider as trusted third party. Therefore, the derivation of trust in digital identities within this paradigm requires a distinct approach. In this paper we propose a novel general quantifiable trust model and a specific implementation variant for blockchainbased identity management. Applying the model, trust is deduced in a decentralized manner from attestations of claims and applied to the associated digital identity. This concept replaces trust with a central identity provider by aggregated trust into attestation issuers. Thus, promoting self-sovereign identities to be fit for purpose. The calculated numerical trust metric serves as independent basis for the definition of assurance levels to simplify and automate reasoning about trust by service providers without requiring a dedicated evaluation of a trusted third party.
Further Information
AbstractRemoving the need for a trusted third party, blockchain technology revolutionizes the field of identity management. Service providers rely on digital identities to securely identify, authenticate and authorize users to their services. Traditionally, these digital identities are offered by a central identity provider belonging to a specific organisation. Trust in the digital identity mainly originates from the identity provider’s reputation, organizational functioning and contractual obligations. Blockchain technology enables the creation of decentralized identity management without a central identity provider as trusted third party. Therefore, the derivation of trust in digital identities within this paradigm requires a distinct approach. In this paper we propose a novel general quantifiable trust model and a specific implementation variant for blockchainbased identity management. Applying the model, trust is deduced in a decentralized manner from attestations of claims and applied to the associated digital identity. This concept replaces trust with a central identity provider by aggregated trust into attestation issuers. Thus, promoting self-sovereign identities to be fit for purpose. The calculated numerical trust metric serves as independent basis for the definition of assurance levels to simplify and automate reasoning about trust by service providers without requiring a dedicated evaluation of a trusted third party.
Grüner, A., Mühle, A., Gayvoronskaya, T., Meinel, C.: Towards a Blockchain-based Identity Provider.Proceedings of the 12th. International Conference on Emerging Security Information, Systems and Technologies. IARIA, Venice, Italy (2018).
The emerging technology blockchain is under way to revolutionize various fields. One significant domain to apply blockchain is identity management. In traditional identity management, a centralized identity provider, representing a trusted third party, supplies digital identities and their attributes. The identity provider controls and owns digital identities instead of the associated subjects and therefore, constitutes a single point of failure and compromise. To overcome the need for this trusted third party, blockchain enables the creation of a decentralized identity provider serving digital identities that are under full control of the associated subject. In this paper, we outline the design and implementation of a decentralized identity provider using an unpermissioned blockchain. Digital identities are partially stored on the blockchain and their attributes are modelled as verifiable claims, consisting of claims and attestations. In addition to that, the identity provider implements the OpenID Connect protocol to promote seamless integration into existing application landscapes. We provide a sample authentication workflow for a user at an online shop to show practical feasibility.
Further Information
AbstractThe emerging technology blockchain is under way to revolutionize various fields. One significant domain to apply blockchain is identity management. In traditional identity management, a centralized identity provider, representing a trusted third party, supplies digital identities and their attributes. The identity provider controls and owns digital identities instead of the associated subjects and therefore, constitutes a single point of failure and compromise. To overcome the need for this trusted third party, blockchain enables the creation of a decentralized identity provider serving digital identities that are under full control of the associated subject. In this paper, we outline the design and implementation of a decentralized identity provider using an unpermissioned blockchain. Digital identities are partially stored on the blockchain and their attributes are modelled as verifiable claims, consisting of claims and attestations. In addition to that, the identity provider implements the OpenID Connect protocol to promote seamless integration into existing application landscapes. We provide a sample authentication workflow for a user at an online shop to show practical feasibility.
Staubitz, T., Traifeh, H., Meinel, C.: Team-Based Assignments in MOOCs - User Feedback.2018 Learning With MOOCS (LWMOOCS). pp. 39-42 (2018).
With the increasing use of graded team-based assignments on our MOOC platforms-openHPI, openSAP, and mooc.house-we see the need to consult the opinion of our course participants about their perception of these tasks and the sufficiency of the platform support. Since we introduced the feature in May 2016, seven courses that included team-based assignments have been conducted on our platforms. In four of these courses, we have conducted qualitative and quantitative surveys among the participants. The paper at hand presents and discusses the results of these surveys.
Further Information
AbstractWith the increasing use of graded team-based assignments on our MOOC platforms-openHPI, openSAP, and mooc.house-we see the need to consult the opinion of our course participants about their perception of these tasks and the sufficiency of the platform support. Since we introduced the feature in May 2016, seven courses that included team-based assignments have been conducted on our platforms. In four of these courses, we have conducted qualitative and quantitative surveys among the participants. The paper at hand presents and discusses the results of these surveys.
Bin Tareaf, R., Berger, P., Hennig, P., Meinel, C.: ASEDS: Towards Automatic Social Emotion Detection System Using Facebook Reactions.2018 IEEE 20th International Conference on High Performance Computing and Communications. p. 860--866. IEEE Press, Exeter, UK (2018).
The Massive adoption of social media has provided new ways for individuals to express their opinion and emotion online. In 2016, Facebook introduced a new reactions feature that allows users to express their psychological emotions regarding published contents using so-called Facebook reactions. In this paper, a framework for predicting the distribution of Facebook post reactions is presented. For this purpose, we collected an enormous amount of Facebook posts associated with their reactions labels using the proposed scalable Facebook crawler. The training process utilizes 3 million labeled posts for more than 64,000 unique Facebook pages from diverse categories. The evaluation on standard benchmarks using the proposed features shows promising results compared to previous research. The final model is able to predict the reaction distribution on Facebook posts with a recall score of 0.90 for “Joy” emotion.
Further Information
AbstractThe Massive adoption of social media has provided new ways for individuals to express their opinion and emotion online. In 2016, Facebook introduced a new reactions feature that allows users to express their psychological emotions regarding published contents using so-called Facebook reactions. In this paper, a framework for predicting the distribution of Facebook post reactions is presented. For this purpose, we collected an enormous amount of Facebook posts associated with their reactions labels using the proposed scalable Facebook crawler. The training process utilizes 3 million labeled posts for more than 64,000 unique Facebook pages from diverse categories. The evaluation on standard benchmarks using the proposed features shows promising results compared to previous research. The final model is able to predict the reaction distribution on Facebook posts with a recall score of 0.90 for “Joy” emotion.
Bin Tareaf, R., Berger, P., Hennig, P., Meinel, C.: Malicious Behaviour Identification in Online Social Networks.Springer - IFIP International Conference on Distributed Applications and Interoperable Systems. p. 18. Springer LNCS, Madrid, Spain (2018).
This paper outlines work on the detection of anomalous behaviour in Online Social Networks (OSNs). We present various automated techniques for identifying a ‘prodigious’ segment within a tweet, and consider tweets which are unusual because of writing style, posting sequence, or engagement level. We evaluate the mechanism by running extensive experiments over large artificially constructed tweets corpus, crawled to include randomly interpolated and abnormal Tweets. In order to successfully identify anomalies in a tweet, we aggregate more than 21 features to characterize users’ behavioural pattern. Using these features with each of our methods, we examine the effect of the total number of tweets on our ability to detect an anomaly, allowing segments of size 50 tweets 100 tweets and 200 tweets. We show indispensable improvements over a baseline in all circumstances for each method, and identify the method variant which performs persistently better than others.
Further Information
AbstractThis paper outlines work on the detection of anomalous behaviour in Online Social Networks (OSNs). We present various automated techniques for identifying a ‘prodigious’ segment within a tweet, and consider tweets which are unusual because of writing style, posting sequence, or engagement level. We evaluate the mechanism by running extensive experiments over large artificially constructed tweets corpus, crawled to include randomly interpolated and abnormal Tweets. In order to successfully identify anomalies in a tweet, we aggregate more than 21 features to characterize users’ behavioural pattern. Using these features with each of our methods, we examine the effect of the total number of tweets on our ability to detect an anomaly, allowing segments of size 50 tweets 100 tweets and 200 tweets. We show indispensable improvements over a baseline in all circumstances for each method, and identify the method variant which performs persistently better than others.
Traifeh, H., Bin Tareaf, R., Meinel, C.: Challenges and Opportunities in Digital Learning: Perspectives from the Arab World.British Association for International & Comparative Education, BAICE 2018. BAICE UK, University of York, UK (2018).
The plethora of challenges facing the education sector in the Arab World is resulting in significant gaps in outcome and quality between the region and countries with similar levels of economic development. However, the past few years witnessed a gradual trend of improvement propelled by an increasing adoption of digital learning. The widespread of the Internet, the increased number of mobile devices (especially smartphones) among Arab youth and the improvement of some educational institutions’ technical infrastructure, led to a thriving online education landscape. This paper provides a systematic review of Arab digital learning and MOOCs platforms, and highlights the current challenges and issues faced by learners and providers. The paper reports the results of a survey of Arab students and life-long learners about their digital learning experiences. Analysis of the survey data shows that despite its growing adoption, digital learning is still in its early stages compared to that of the developed countries. The paper discusses the identified opportunities for improvement and the potential benefits and advantages for both learners and digital learning providers. The paper concludes with a discussion of future research directions.
Further Information
AbstractThe plethora of challenges facing the education sector in the Arab World is resulting in significant gaps in outcome and quality between the region and countries with similar levels of economic development. However, the past few years witnessed a gradual trend of improvement propelled by an increasing adoption of digital learning. The widespread of the Internet, the increased number of mobile devices (especially smartphones) among Arab youth and the improvement of some educational institutions’ technical infrastructure, led to a thriving online education landscape. This paper provides a systematic review of Arab digital learning and MOOCs platforms, and highlights the current challenges and issues faced by learners and providers. The paper reports the results of a survey of Arab students and life-long learners about their digital learning experiences. Analysis of the survey data shows that despite its growing adoption, digital learning is still in its early stages compared to that of the developed countries. The paper discusses the identified opportunities for improvement and the potential benefits and advantages for both learners and digital learning providers. The paper concludes with a discussion of future research directions.
Rezaei, M., Yang, H., Meinel, C.: Whole Heart and Great Vessel Segmentation with Context-aware of Generative Adversarial Networks. In: Maier, A.K., Deserno, and T.M., Handels, and H., and Klaus Hermann Maier-Hein,, Palm, and C., and Tolxdorff, and T. (eds.) Bildverarbeitung für die Medizin 2018. p. 353--358. Springer (2018).
Further Information
Editor(s)Maier, Andreas K. and and Thomas M. Deserno and and Heinz Handels and and Klaus Hermann Maier-Hein and and Christoph Palm and and Thomas Tolxdorff
Mordido, G., Yang, H., Meinel, C.: Dropout-GAN: Learning from a Dynamic Ensemble of Discriminators.KDD2018 (2018).
Further Information
Editor(s)Day, ACM KDD'18 Deep Learning
Bartz, C., Yang, H., Meinel, C.: SEE: towards semi-supervised end-to-end scene text recognition.Thirty-Second AAAI Conference on Artificial Intelligence (2018).
Bartz, C., Yang, H., Bethge, J., Meinel, C.: LoANs: Weakly Supervised Object Detection with Localizer Assessor Networks.Asian Conference on Computer Vision. p. 341--356. Springer (2018).
Rezaei, M., Yang, H., Meinel, C.: Generative Adversarial Framework for Learning Multiple Clinical Tasks.Digital Image Computing: Techniques and Applications (DICTA-2018) (2018).
Rezaei, M., Yang, H., Meinel, C.: voxel-GAN: Adversarial Framework for Learning Imbalanced Brain Tumor Segmentation.Brainlesion: Glioma, Multiple Sclerosis, Stroke and Traumatic Brain Injuries - Fourth International Workshop, BrainLes 2018, Held in Conjunction with MICCAI 2018, Granada, Spain, September 14, 2018, Revised Selected Papers. Springer (2018).
Rezaei, M., Yang, H., Meinel, C.: Automatic Cardiac MRI Segmentation via Context-aware Recurrent Generative Adversarial Neural Network.Computer Assisted Radiology and Surgery (CARS 2018) (2018).
Rezaei, M., Yang, H., Meinel, C.: Conditional Generative Refinement Adversarial Networks for Unbalanced Medical Image Semantic Segmentation.2019 IEEE Winter Application Computer Vision (2018).
Torkura, K. .A., Sukmana, M.I.H., Tim, S., Cheng, F., Graupner, H., Meinel, C.: Defeating Malicious Intrusions in Multi-Cloud Storage Systems.Proceedings of the 6th HPI Cloud Symposium “Operating the Cloud” 2018. Hasso Plattner Institute, Potsdam, Germany (2018).
Perlich, A., Meinel, C., Zeis, D.: Evaluation of the Technology Acceptance of a Collaborative Documentation System for Addiction Therapists and Clients.Building Continents of Knowledge in Oceans of Data: The Future of Co-Created eHealth. pp. 695-699 (2018).
Addiction treatment outcomes are strongly determined by relational factors. We present the interactive documentation system Tele-Board MED (TBM) developed as an adjunct to therapy sessions aimed at enhancing the therapeutic alliance and patient empowerment. The objective of this work is to find factors that predict the acceptance of TBM in face-to-face addiction treatment sessions. We combined the methodologies of survey and focus group and based the data collection and analysis on the Unified Theory of Acceptance and Use of Technology. The studies, which involved therapists (n=13) and clients (n=33), were conducted in an addiction counselling center in Germany. Therapists see a flexible, contextdependent usage as a basic condition for TBM acceptance and its greatest benefit in providing a discussion framework and quick access to worksheets—in both individual and group sessions. Clients are inclined to use the system with the expectation of improved communication and better recall of the discussed topics based on a personal copy of the session notes.
Further Information
AbstractAddiction treatment outcomes are strongly determined by relational factors. We present the interactive documentation system Tele-Board MED (TBM) developed as an adjunct to therapy sessions aimed at enhancing the therapeutic alliance and patient empowerment. The objective of this work is to find factors that predict the acceptance of TBM in face-to-face addiction treatment sessions. We combined the methodologies of survey and focus group and based the data collection and analysis on the Unified Theory of Acceptance and Use of Technology. The studies, which involved therapists (n=13) and clients (n=33), were conducted in an addiction counselling center in Germany. Therapists see a flexible, contextdependent usage as a basic condition for TBM acceptance and its greatest benefit in providing a discussion framework and quick access to worksheets—in both individual and group sessions. Clients are inclined to use the system with the expectation of improved communication and better recall of the discussed topics based on a personal copy of the session notes.
Sianipar, J., Willems, C., Meinel, C.: Virtual Machine Integrity Verification in Crowd-Resourcing Virtual Laboratory. Presented at the (2018).
In cloud computing, users are able to use their own operating system (OS) image to run a virtual machine (VM) on a remote host. The virtual machine OS is started by the user using some interfaces provided by a cloud provider in public or private cloud. In peer to peer cloud, the VM is started by the host admin. After the VM is running, the user could get a remote access to the VM to install, configure, and run services. For the security reasons, the user needs to verify the integrity of the running VM, because a malicious host admin could modify the image or even replace the image with a similar image, to be able to get sensitive data from the VM. We propose an approach to verify the integrity of a running VM on a remote host, without using any specific hardware such as Trusted Platform Module (TPM). Our approach is implemented on a Linux platform where the kernel files (vmlinuz and initrd) could be replaced with new files, while the VM is running. kexec is used to reboot the VM with the new kernel files. The new kernel has secret codes that will be used to verify whether the VM was started using the new kernel files. The new kernel is used to further measuring the integrity of the running VM.
Further Information
AbstractIn cloud computing, users are able to use their own operating system (OS) image to run a virtual machine (VM) on a remote host. The virtual machine OS is started by the user using some interfaces provided by a cloud provider in public or private cloud. In peer to peer cloud, the VM is started by the host admin. After the VM is running, the user could get a remote access to the VM to install, configure, and run services. For the security reasons, the user needs to verify the integrity of the running VM, because a malicious host admin could modify the image or even replace the image with a similar image, to be able to get sensitive data from the VM. We propose an approach to verify the integrity of a running VM on a remote host, without using any specific hardware such as Trusted Platform Module (TPM). Our approach is implemented on a Linux platform where the kernel files (vmlinuz and initrd) could be replaced with new files, while the VM is running. kexec is used to reboot the VM with the new kernel files. The new kernel has secret codes that will be used to verify whether the VM was started using the new kernel files. The new kernel is used to further measuring the integrity of the running VM.
Torkura, K. .A., Sukmana, M.I.H., Kayem, A.V.D.M., Cheng, F., Meinel, C.: A Cyber Risk Based Moving Target Defense Mechanism for Microservice Architectures.32nd IEEE International Symposium on Parallel and Distributed Processing with Applications. IEEE (2018).
Meinig, M., Meinel, C.: Securing the Flow - Data Flow Analysis with Operational Node Structures.Proceedings of the 4th Conference on Information Systems Security and Privacy (ICISSP 2018). pp. 241-250. SCITEPRESS – Science and Technology Publications, Lda, Madeira, Portugal (2018).
After land, sea, air and space, cyberspace has become the fifth domain of warfare. Organizations recognize the need for protecting confidential, secret - classified – information. Competitors and adversaries turn to illegal methods to obtain classified information. They try to gain a competitive advantage or close a technological gap as well as reduce dependencies on others. Classified information involves facts, subject matters or knowledge needing to be kept secret, regardless of the way in which the information is depicted. In networks with different security classifications a direct physical connection is not allowed. Consequently the possibility of coupling different security domains in affected organizations must be checked comprehensively under security aspects. In this paper we present a new security approach that helps to identify threats at transitions and security zones on valid data flow paths. It can be used to display security challenges within organizations using classified information such as governmental or military organizations. The methodology also incorporates new attributes for data flows in connected systems or processes.
Further Information
AbstractAfter land, sea, air and space, cyberspace has become the fifth domain of warfare. Organizations recognize the need for protecting confidential, secret - classified – information. Competitors and adversaries turn to illegal methods to obtain classified information. They try to gain a competitive advantage or close a technological gap as well as reduce dependencies on others. Classified information involves facts, subject matters or knowledge needing to be kept secret, regardless of the way in which the information is depicted. In networks with different security classifications a direct physical connection is not allowed. Consequently the possibility of coupling different security domains in affected organizations must be checked comprehensively under security aspects. In this paper we present a new security approach that helps to identify threats at transitions and security zones on valid data flow paths. It can be used to display security challenges within organizations using classified information such as governmental or military organizations. The methodology also incorporates new attributes for data flows in connected systems or processes.
Staubitz, T., Meinel, C.: Collaborative Learning in MOOCs - Approaches and Experiments.2018 IEEE Frontiers in Education Conference (FIE). IEEE (2018).
This Research-to-Practice paper examines the practical application of various forms of collaborative learning in MOOCs. Since 2012, about 60 MOOCs in the wider context of Information Technology and Computer Science have been conducted on our self-developed MOOC platform. The platform is also used by several customers, who either run their own platform instances or use our white label platform. We, as well as some of our partners, have experimented with different approaches in collaborative learning in these courses. Based on the results of early experiments, surveys amongst our participants, and requests by our business partners we have integrated several options to offer forms of collaborative learning to the system. The results of our experiments are directly fed back to the platform development, allowing to fine tune existing and to add new tools where necessary. In the paper at hand, we discuss the benefits and disadvantages of decisions in the design of a MOOC with regard to the various forms of collaborative learning. While the focus of the paper at hand is on forms of large group collaboration, two types of small group collaboration on our platforms are briefly introduced.
Further Information
AbstractThis Research-to-Practice paper examines the practical application of various forms of collaborative learning in MOOCs. Since 2012, about 60 MOOCs in the wider context of Information Technology and Computer Science have been conducted on our self-developed MOOC platform. The platform is also used by several customers, who either run their own platform instances or use our white label platform. We, as well as some of our partners, have experimented with different approaches in collaborative learning in these courses. Based on the results of early experiments, surveys amongst our participants, and requests by our business partners we have integrated several options to offer forms of collaborative learning to the system. The results of our experiments are directly fed back to the platform development, allowing to fine tune existing and to add new tools where necessary. In the paper at hand, we discuss the benefits and disadvantages of decisions in the design of a MOOC with regard to the various forms of collaborative learning. While the focus of the paper at hand is on forms of large group collaboration, two types of small group collaboration on our platforms are briefly introduced.
Staubitz, T., Meinel, C.: Team based assignments in MOOCs: results and observations.Proceedings of the Fifth Annual ACM Conference on Learning at Scale, London, UK, June 26-28, 2018. p. 47:1--47:4 (2018).
Teamwork and collaborative learning are considered superior to learning individually by many instructors and didactical theories. Particularly, in the context of e-learning and Massive Open Online Courses (MOOCs) we see great benefits but also great challenges for both, learners and instructors. We discuss our experience with six team based assignments on the openHPI and openSAP1 MOOC platforms.
Further Information
AbstractTeamwork and collaborative learning are considered superior to learning individually by many instructors and didactical theories. Particularly, in the context of e-learning and Massive Open Online Courses (MOOCs) we see great benefits but also great challenges for both, learners and instructors. We discuss our experience with six team based assignments on the openHPI and openSAP1 MOOC platforms.
Perlich, A., Meinel, C.: Cooperative Note-Taking in Psychotherapy Sessions: An Evaluation of the Therapist’s User Experience with Tele-Board MED.Proceedings of the IEEE 20th International Conference on e-Health Networking, Applications and Services (Healthcom 2018) (2018).
In the course of patient treatments, psychotherapists aim to meet the challenges of being both a trusted, knowledgeable conversation partner and a diligent documentalist. We are developing the digital whiteboard system Tele-Board MED (TBM), which allows the therapist to take digital notes during the session together with the patient. This study investigates what therapists are experiencing when they document with TBM in patient sessions for the first time and whether this documentation saves them time when writing official clinical documents. As the core of this study, we conducted four anamnesis session dialogues with behavior psychotherapists and volunteers acting in the role of patients. Following a mixed-method approach, the data collection and analysis involved self-reported emotion samples, user experience curves and questionnaires. We found that even in the very first patient session with TBM, therapists come to feel comfortable, develop a positive feeling and can concentrate on the patient. Regarding administrative documentation tasks, we found with the TBM report generation feature the therapists save 60% of the time they normally spend on writing case reports to the health insurance.
Further Information
AbstractIn the course of patient treatments, psychotherapists aim to meet the challenges of being both a trusted, knowledgeable conversation partner and a diligent documentalist. We are developing the digital whiteboard system Tele-Board MED (TBM), which allows the therapist to take digital notes during the session together with the patient. This study investigates what therapists are experiencing when they document with TBM in patient sessions for the first time and whether this documentation saves them time when writing official clinical documents. As the core of this study, we conducted four anamnesis session dialogues with behavior psychotherapists and volunteers acting in the role of patients. Following a mixed-method approach, the data collection and analysis involved self-reported emotion samples, user experience curves and questionnaires. We found that even in the very first patient session with TBM, therapists come to feel comfortable, develop a positive feeling and can concentrate on the patient. Regarding administrative documentation tasks, we found with the TBM report generation feature the therapists save 60% of the time they normally spend on writing case reports to the health insurance.
Shaabani, N., Meinel, C.: Improving the Efficiency of Inclusion Dependency Detection.Proceedings of the 27th ACM International Conference on Information and Knowledge Management, CIKM 2018. pp. 207-216. ACM (2018).
The detection of all inclusion dependencies (INDs) in an unknown dataset is at the core of any data profiling effort. Apart from the discovery of foreign key relationships, INDs can help perform data integration, integrity checking, schema (re-)design, and query optimization. With the advent of Big Data, the demand increases for efficient INDs discovery algorithms that can scale with the input data size. To this end, we propose S-indd++ as a scalable system for detecting unary INDs in large datasets. S-indd++ applies a new stepwise partitioning technique that helps discard a large number of attributes in early phases of the detection by processing the first partitions of smaller sizes. S-indd++ also extends the concept of the attribute clustering to decide which attributes to be discarded based on the clustering result of each partition. Moreover, in contrast to the state-of-the-art, S-indd++ does not require the partition to fit into the main memory- which is a highly appreciable property in the face of the ever growing datasets. We conducted an exhaustive evaluation of S-indd ++ by applying it to large datasets with thousands attributes and more than 266 million tuples. The results show the high superiority of S-indd++ over the state-of-the-art. S-indd++ reduced up to 50~% of the runtime in comparison with Binder, and up to 98~% in comparison with S-indd.
Further Information
AbstractThe detection of all inclusion dependencies (INDs) in an unknown dataset is at the core of any data profiling effort. Apart from the discovery of foreign key relationships, INDs can help perform data integration, integrity checking, schema (re-)design, and query optimization. With the advent of Big Data, the demand increases for efficient INDs discovery algorithms that can scale with the input data size. To this end, we propose S-indd++ as a scalable system for detecting unary INDs in large datasets. S-indd++ applies a new stepwise partitioning technique that helps discard a large number of attributes in early phases of the detection by processing the first partitions of smaller sizes. S-indd++ also extends the concept of the attribute clustering to decide which attributes to be discarded based on the clustering result of each partition. Moreover, in contrast to the state-of-the-art, S-indd++ does not require the partition to fit into the main memory- which is a highly appreciable property in the face of the ever growing datasets. We conducted an exhaustive evaluation of S-indd ++ by applying it to large datasets with thousands attributes and more than 266 million tuples. The results show the high superiority of S-indd++ over the state-of-the-art. S-indd++ reduced up to 50~% of the runtime in comparison with Binder, and up to 98~% in comparison with S-indd.
Rohloff, T., Utunen, H., Renz, J., Zhao, Y., Gamhewage, G., Meinel, C.: OpenWHO: Integrating Online Knowledge Transfer into Health Emergency Response. In: Dimitrova, V., Praharaj, S., Fominykh, M., and Drachsler, H. (eds.) Practitioner Proceedings of the 13th European Conference On Technology Enhanced Learning (EC-TEL 2018). CEUR-WS.org (2018).
The platform OpenWHO was developed in 2017 in a cooperation between the World Health Organization (WHO) and the Hasso Plattner Institute (HPI). The Department of Infectious Hazard Management, under the WHO Health Emergencies Programme, worked together with the HPI to create a new interactive, web-based, knowledge-transfer platform offering online courses to improve the response to health emergencies. The platform was newly launched as there was an identified need of an open and scalable solution for fast distribution of life-saving content in disease outbreaks for frontline responders. The platform provides adjusted versions of the massive open online learning resources that are self-paced and at ease formats for the frontline and low-bandwidth use. The HPI already developed know-how in previous Massive Open Online Course (MOOC) projects like openHPI and openSAP. OpenWHO is based on the same technology as the aforementioned projects. This paper will provide insights into the practical deployment, the adaption of the MOOC concept, and lessons learnt within the first year of this platform.
Further Information
Editor(s)Dimitrova, Vania and Praharaj, Sambit and Fominykh, Mikhail and Drachsler, Hendrik
AbstractThe platform OpenWHO was developed in 2017 in a cooperation between the World Health Organization (WHO) and the Hasso Plattner Institute (HPI). The Department of Infectious Hazard Management, under the WHO Health Emergencies Programme, worked together with the HPI to create a new interactive, web-based, knowledge-transfer platform offering online courses to improve the response to health emergencies. The platform was newly launched as there was an identified need of an open and scalable solution for fast distribution of life-saving content in disease outbreaks for frontline responders. The platform provides adjusted versions of the massive open online learning resources that are self-paced and at ease formats for the frontline and low-bandwidth use. The HPI already developed know-how in previous Massive Open Online Course (MOOC) projects like openHPI and openSAP. OpenWHO is based on the same technology as the aforementioned projects. This paper will provide insights into the practical deployment, the adaption of the MOOC concept, and lessons learnt within the first year of this platform.
Torkura, K. .A., Sukmana, M.I.H., Tim, S., Cheng, F., Graupner, H., Meinel, C.: CSBAuditor: Proactive Security Risk Analysis for Cloud Storage Broker Systems.The Proceedings of 17th IEEE International Symposium on Network Computing and Applications (NCA 2018). IEEE (2018).
Sianipar, J., Sukmana, M., Meinel, C.: Moving Sensitive Data Against Live Memory Dumping, Spectre and Meltdown Attacks. Presented at the (2018).
The emergence of cloud computing allows users to easily host their Virtual Machines with no up-front investment and the guarantee of always available anytime anywhere. But with the Virtual Machine (VM) is hosted outside of user’s premise, the user loses the physical control of the VM as it could be running on untrusted host machines in the cloud. Malicious host administrator could launch live memory dumping, Spectre, or Meltdown attacks in order to extract sensitive information from the VM’s memory, e.g. passwords or cryptographic keys of applications running in the VM. In this paper, inspired by the moving target defense (MTD) scheme, we propose a novel approach to increase the security of application’s sensitive data in the VM by continuously moving the sensitive data among several memory allocations (blocks) in Random Access Memory (RAM). A movement function is added into the application source code in order for the function to be running concurrently with the application’s main function. Our approach could reduce the possibility of VM’s sensitive data in the memory to be leaked into memory dump file by 25% and secure the sensitive data from Spectre and Meltdown attacks. Our approach’s overhead depends on the number and the size of the sensitive data.
Further Information
AbstractThe emergence of cloud computing allows users to easily host their Virtual Machines with no up-front investment and the guarantee of always available anytime anywhere. But with the Virtual Machine (VM) is hosted outside of user’s premise, the user loses the physical control of the VM as it could be running on untrusted host machines in the cloud. Malicious host administrator could launch live memory dumping, Spectre, or Meltdown attacks in order to extract sensitive information from the VM’s memory, e.g. passwords or cryptographic keys of applications running in the VM. In this paper, inspired by the moving target defense (MTD) scheme, we propose a novel approach to increase the security of application’s sensitive data in the VM by continuously moving the sensitive data among several memory allocations (blocks) in Random Access Memory (RAM). A movement function is added into the application source code in order for the function to be running concurrently with the application’s main function. Our approach could reduce the possibility of VM’s sensitive data in the memory to be leaked into memory dump file by 25% and secure the sensitive data from Spectre and Meltdown attacks. Our approach’s overhead depends on the number and the size of the sensitive data.
Rohloff, T., Meinel, C.: Towards Personalized Learning Objectives in MOOCs. In: Pammer-Schindler, V., Pérez-Sanagustín, M., Drachsler, H., Elferink, R., and Scheffel, M. (eds.) Lifelong Technology-Enhanced Learning (EC-TEL 2018). p. 202--215. Springer International Publishing, Cham (2018).
Instead of measuring success in Massive Open Online Courses (MOOCs) based on certification and completion-rates, researchers started to define success with alternative metrics recently, for example by evaluating the intention-behavior gap and goal achievement. Especially self-regulated and goal-oriented learning have been identified as critical skills to be successful in online learning environments with low guidance like MOOCs, but technical support is rare. Therefore, this paper examines the current technical capabilities and limitations of goal-oriented learning in MOOCs. An observational study to explore how well learners in five MOOCs achieved their initial learning objectives was conducted, and the results are compared with similar studies. Afterwards, a concept with a focus on technical feasibility and automation outlines how personalized learning objectives can be supported and implemented on a MOOC platform.
Further Information
Editor(s)Pammer-Schindler, Viktoria and Pérez-Sanagustín, Mar and Drachsler, Henrik and Elferink, Raymond and Scheffel, Maren
AbstractInstead of measuring success in Massive Open Online Courses (MOOCs) based on certification and completion-rates, researchers started to define success with alternative metrics recently, for example by evaluating the intention-behavior gap and goal achievement. Especially self-regulated and goal-oriented learning have been identified as critical skills to be successful in online learning environments with low guidance like MOOCs, but technical support is rare. Therefore, this paper examines the current technical capabilities and limitations of goal-oriented learning in MOOCs. An observational study to explore how well learners in five MOOCs achieved their initial learning objectives was conducted, and the results are compared with similar studies. Afterwards, a concept with a focus on technical feasibility and automation outlines how personalized learning objectives can be supported and implemented on a MOOC platform.
Torkura, K. .A., Sukmana, M.I.H., Cheng, F., Meinel, C.: CAVAS: Neutralizing Application and Container Security Vulnerabilities in the Cloud Native Era.14th EAI International Conference on Security and Privacy in Communication Networks (SecureComm 2018). Springer (2018).
Torkura, K. .A., Sukmana, M.I.H., Meinig, M., Kayem, A., Cheng, F., Graupner, H., Meinel, C.: Securing Cloud Storage Brokerage Systems through Threat Models.The 32nd IEEE International Conference on Advanced Information Networking and Applications (AINA 2018). IEEE (2018).
Krentz, K.-F., Meinel, C., Graupner, H.: Denial-of-Sleep-Resilient Session Key Establishment for IEEE 802.15.4 Security: From Adaptive to Responsive.Proceedings of the International Conference on Embedded Wireless Systems and Networks (EWSN 2018). Junction, Madrid, Spain (2018).
Battery-powered and energy-harvesting IEEE 802.15.4 nodes are subject to so-called denial-of-sleep attacks. Such attacks generally aim at draining the energy of a victim device. Especially, session key establishment schemes for IEEE 802.15.4 security are susceptible to denial-of-sleep attacks since injected requests for session key establishment typically trigger energy-consuming processing and communication. Nevertheless, Krentz et al.’s Adaptive Key Establishment Scheme (AKES) for IEEE 802.15.4 security is deemed to be resilient to denial-of-sleep attacks thanks to its energy-efficient design and special defenses. However, thus far, AKES’ resilience to denial-of-sleep attacks was presumably never evaluated. In this paper, we make two contributions. First, we evaluate AKES’ resilience to denial-of-sleep attacks both theoretically and empirically. We particularly consider two kinds of denial-of-sleep attacks, namely HELLO flood attacks, as well as what we introduce in this paper as “yo-yo attacks”. Our key finding is that AKES’ denial-of-sleep defenses require trade-offs between denial-of-sleep resilience and the speed at which AKES adapts to topology changes. Second, to alleviate these trade-offs, we devise and evaluate new denial-of-sleep defenses. Indeed, our newly-devised denial-of-sleep defenses turn out to significantly accelerate AKES’ reaction to topology changes, without incurring much overhead nor sacrificing on security.
Further Information
AbstractBattery-powered and energy-harvesting IEEE 802.15.4 nodes are subject to so-called denial-of-sleep attacks. Such attacks generally aim at draining the energy of a victim device. Especially, session key establishment schemes for IEEE 802.15.4 security are susceptible to denial-of-sleep attacks since injected requests for session key establishment typically trigger energy-consuming processing and communication. Nevertheless, Krentz et al.’s Adaptive Key Establishment Scheme (AKES) for IEEE 802.15.4 security is deemed to be resilient to denial-of-sleep attacks thanks to its energy-efficient design and special defenses. However, thus far, AKES’ resilience to denial-of-sleep attacks was presumably never evaluated. In this paper, we make two contributions. First, we evaluate AKES’ resilience to denial-of-sleep attacks both theoretically and empirically. We particularly consider two kinds of denial-of-sleep attacks, namely HELLO flood attacks, as well as what we introduce in this paper as “yo-yo attacks”. Our key finding is that AKES’ denial-of-sleep defenses require trade-offs between denial-of-sleep resilience and the speed at which AKES adapts to topology changes. Second, to alleviate these trade-offs, we devise and evaluate new denial-of-sleep defenses. Indeed, our newly-devised denial-of-sleep defenses turn out to significantly accelerate AKES’ reaction to topology changes, without incurring much overhead nor sacrificing on security.
Torkura, K.A., Sukmana, M.I.H., Meinig, M., Graupner, H., Cheng, F., Meinel, C.: A Threat Modeling Approach for Cloud Storage Brokerage and File Sharing Systems.16th IEEE/IFIP Network Operations and Management Symposium (NOMS 2018). IEEE/IFIP (2018).
Cloud storage brokerage systems abstract cloud storage complexities by mediating technical and business relationships between Cloud Service Providers(CSP) and cloud users, while providing value-added services e.g. increased security, identity management and file sharing/syncing. However, CSBs face several security challenges including enlarged attack surfaces due to integration of disparate components e.g. on-premise and cloud APIs/services. Therefore, appropriate security risk assessment methods are required to identify and evaluate these security issues, and examine the efficiency of countermeasures. A possible approach for satisfying these requirements is employment of threat modeling concepts, which have been successfully applied in traditional paradigms. In this work, we employ threat models including attack trees, attack graphs and Data Flow Diagrams against a representative, real Cloud Storage Broker (CSB) and analyze these security threats and risks. We also propose a technique for combining Common Vulnerability Scoring System (CVSS) and Common Configuration Scoring System (CCSS) base scores in probabilistic attack graphs in order to cater for configuration-based vulnerabilities which are typically leveraged to compromise cloud storage systems. This effort is necessary since existing schemes do not provide sufficient security metrics, imperative for comprehensive risk assessments. We demonstrate the efficiency of our proposal by devising CCSS base scores for two common attacks against cloud storage: Cloud Storage Enumeration Attack and Cloud Storage Exploitation Attack. These metrics are then used in Attack Graph Metric-based risk assessment. Therefore, our approach can be employed by CSBs and CSPs to improve cloud security.
Further Information
AbstractCloud storage brokerage systems abstract cloud storage complexities by mediating technical and business relationships between Cloud Service Providers(CSP) and cloud users, while providing value-added services e.g. increased security, identity management and file sharing/syncing. However, CSBs face several security challenges including enlarged attack surfaces due to integration of disparate components e.g. on-premise and cloud APIs/services. Therefore, appropriate security risk assessment methods are required to identify and evaluate these security issues, and examine the efficiency of countermeasures. A possible approach for satisfying these requirements is employment of threat modeling concepts, which have been successfully applied in traditional paradigms. In this work, we employ threat models including attack trees, attack graphs and Data Flow Diagrams against a representative, real Cloud Storage Broker (CSB) and analyze these security threats and risks. We also propose a technique for combining Common Vulnerability Scoring System (CVSS) and Common Configuration Scoring System (CCSS) base scores in probabilistic attack graphs in order to cater for configuration-based vulnerabilities which are typically leveraged to compromise cloud storage systems. This effort is necessary since existing schemes do not provide sufficient security metrics, imperative for comprehensive risk assessments. We demonstrate the efficiency of our proposal by devising CCSS base scores for two common attacks against cloud storage: Cloud Storage Enumeration Attack and Cloud Storage Exploitation Attack. These metrics are then used in Attack Graph Metric-based risk assessment. Therefore, our approach can be employed by CSBs and CSPs to improve cloud security.
Rezaei, M., Yang, H., Meinel, C.: Multi-Task Generative Adversarial Network for Handling Imbalanced Clinical Data.arXiv preprint arXiv:1811.10419 (2018).
We propose a new generative adversarial architecture to mitigate imbalance data problem for the task of medical image semantic segmentation where the majority of pixels belong to a healthy region and few belong to lesion or non-health region. A model trained with imbalanced data tends to bias towards healthy data which is not desired in clinical applications. We design a new conditional GAN with two components: a generative model and a discriminative model to mitigate imbalanced data problem through selective weighted loss. While the generator is trained on sequential magnetic resonance images (MRI) to learn semantic segmentation and disease classification, the discriminator classifies whether a generated output is real or fake. The proposed architecture achieved state-of-the-art results on ACDC-2017 for cardiac segmentation and diseases classification. We have achieved competitive results on BraTS-2017 for brain tumor segmentation and brain diseases classification.
Further Information
AbstractWe propose a new generative adversarial architecture to mitigate imbalance data problem for the task of medical image semantic segmentation where the majority of pixels belong to a healthy region and few belong to lesion or non-health region. A model trained with imbalanced data tends to bias towards healthy data which is not desired in clinical applications. We design a new conditional GAN with two components: a generative model and a discriminative model to mitigate imbalanced data problem through selective weighted loss. While the generator is trained on sequential magnetic resonance images (MRI) to learn semantic segmentation and disease classification, the discriminator classifies whether a generated output is real or fake. The proposed architecture achieved state-of-the-art results on ACDC-2017 for cardiac segmentation and diseases classification. We have achieved competitive results on BraTS-2017 for brain tumor segmentation and brain diseases classification.
Rezaei, M., Harmuth, K., Gierke, W., Kellermeier, T., Fischer, M., Yang, H., Meinel, C.: A Conditional Adversarial Network for Semantic Segmentation of Brain Tumor.Springer (2018).
Further Information
Editor(s)Crimi, Alessandro and and Spyridon Bakas and and Hugo J. Kuijf and and Bjoern H. Menze and and Mauricio Reyes
Rezaei, M., Yang, H., Meinel, C.: Instance Tumor Segmentation using Multitask Convolutional Neural Network.2018 International Joint Conference on Neural Networks (IJCNN). p. 1--8. IEEE (2018).
Amirkhanyan, A., Meinel, C.: Density and Intensity-Based Spatiotemporal Clustering with Fixed Distance and Time Radius. In: Kar, A.K., Ilavarasan, P.V., Gupta, M.P., Dwivedi, Y.K., Mäntymäki, M., Janssen, M., Simintiras, A., and Al-Sharhan, S. (eds.) Digital Nations -- Smart Cities, Innovation, and Sustainability: 16th IFIP WG 6.11 Conference on e-Business, e-Services, and e-Society, I3E 2017, Delhi, India, November 21--23, 2017, Proceedings. p. 313--324. Springer International Publishing, Cham (2017).
Nowadays, social networks produce a huge amount of spatial and spatiotemporal data that provide interesting knowledge. This knowledge can be discovered by clustering algorithms and the result of that can be used for different applications. One of such applications is the geospatial event detection based on data from social networks. Many of such detection methods rely on clustering algorithms that should provide clusters with the high level of density in space and intensity in time. Meanwhile, traditional clustering methods are not always practical for spatial and spatiotemporal data because of the specific of such data. Therefore, in this paper, we present the density and intensity-based spatiotemporal clustering algorithm with fixed distance and time radius. This approach produces the clusters that have the density-based center in space and intensity-based center in time. In the paper, we provide the description of the method from the perspective of 2 aspects: spatial and temporal. We complete the paper with the full description of the algorithm methods and detailed explanation of the pseudo code.
Further Information
Editor(s)Kar, Arpan Kumar and Ilavarasan, P. Vigneswara and Gupta, M.P. and Dwivedi, Yogesh K. and Mäntymäki, Matti and Janssen, Marijn and Simintiras, Antonis and Al-Sharhan, Salah
AbstractNowadays, social networks produce a huge amount of spatial and spatiotemporal data that provide interesting knowledge. This knowledge can be discovered by clustering algorithms and the result of that can be used for different applications. One of such applications is the geospatial event detection based on data from social networks. Many of such detection methods rely on clustering algorithms that should provide clusters with the high level of density in space and intensity in time. Meanwhile, traditional clustering methods are not always practical for spatial and spatiotemporal data because of the specific of such data. Therefore, in this paper, we present the density and intensity-based spatiotemporal clustering algorithm with fixed distance and time radius. This approach produces the clusters that have the density-based center in space and intensity-based center in time. In the paper, we provide the description of the method from the perspective of 2 aspects: spatial and temporal. We complete the paper with the full description of the algorithm methods and detailed explanation of the pseudo code.
Najafi, P., Sapegin, A., Cheng, F., Meinel, C.: Guilt-by-Association: Detecting Malicious Entities via Graph Mining.International Conference on Security and Privacy in Communication Systems. p. 88--107. Springer (2017).
In this paper, we tackle the problem of detecting malicious domains and IP addresses using graph inference. In this regard, we mine proxy and DNS logs to construct an undirected graph in which vertices represent domain and IP address nodes, and the edges represent relationships describing an association between those nodes. More specifically, we investigate three main relationships: subdomainOf, referredTo, andresolvedTo. We show that by providing minimal ground truth information, it is possible to estimate the marginal probability of a domain or IP node being malicious based on its association with other malicious nodes. This is achieved by adopting belief propagation, i.e., an efficient and popular inference algorithm used in probabilistic graphical models. We have implemented our system in Apache Spark and evaluated using one day of proxy and DNS logs collected from a global enterprise spanning over 2 terabytes of disk space. In this regard, we show that our approach is not only efficient but also capable of achieving high detection rate (96% TPR) with reasonably low false positive rates (8% FPR). Furthermore, it is also capable of fixing errors in the ground truth as well as identifying previously unknown malicious domains and IP addresses. Our proposal can be adopted by enterprises to increase both the quality and the quantity of their threat intelligence and blacklists using only proxy and DNS logs.
Further Information
AbstractIn this paper, we tackle the problem of detecting malicious domains and IP addresses using graph inference. In this regard, we mine proxy and DNS logs to construct an undirected graph in which vertices represent domain and IP address nodes, and the edges represent relationships describing an association between those nodes. More specifically, we investigate three main relationships: subdomainOf, referredTo, andresolvedTo. We show that by providing minimal ground truth information, it is possible to estimate the marginal probability of a domain or IP node being malicious based on its association with other malicious nodes. This is achieved by adopting belief propagation, i.e., an efficient and popular inference algorithm used in probabilistic graphical models. We have implemented our system in Apache Spark and evaluated using one day of proxy and DNS logs collected from a global enterprise spanning over 2 terabytes of disk space. In this regard, we show that our approach is not only efficient but also capable of achieving high detection rate (96% TPR) with reasonably low false positive rates (8% FPR). Furthermore, it is also capable of fixing errors in the ground truth as well as identifying previously unknown malicious domains and IP addresses. Our proposal can be adopted by enterprises to increase both the quality and the quantity of their threat intelligence and blacklists using only proxy and DNS logs.
Torkura, K.A., Sukmana, M.I.H., Cheng, F., Meinel, C.: Leveraging Cloud Native Design Patterns for Security-as-a-Service Applications.Proceedings of the 2nd IEEE International Conference on Smart Cloud (SmartCloud). IEEE (2017).
This paper discusses a new approach for designing and deploying Security-as-a-Service (SecaaS) applications using cloud native design patterns. Current SecaaS approaches do not efficiently handle the increasing threats to computer systems and applications. For example, requests for security assessments drastically increase after a high-risk security vulnerability is disclosed. In such scenarios, SecaaS applications are unable to dynamically scale to serve requests. A root cause of this challenge is employment of architectures not specifically fitted to cloud environments. Cloud native design patterns resolve this challenge by enabling certain properties e.g. massive scalability and resiliency via the combination of microservice patterns and cloud-focused design patterns. However adopting these patterns is a complex process, during which several security issues are introduced. In this work, we investigate these security issues, we redesign and deploy a monolithic SecaaS application using cloud native design patterns while considering appropriate, layered security counter-measures i.e. at the application and cloud networking layer. Our prototype implementation out-performs traditional, monolithic applications with an average Scanner Time of 6 minutes, without compromising security. Our approach can be employed for designing secure, scalable and performant SecaaS applications that effectively handle unexpected increase in security assessment requests.
Further Information
AbstractThis paper discusses a new approach for designing and deploying Security-as-a-Service (SecaaS) applications using cloud native design patterns. Current SecaaS approaches do not efficiently handle the increasing threats to computer systems and applications. For example, requests for security assessments drastically increase after a high-risk security vulnerability is disclosed. In such scenarios, SecaaS applications are unable to dynamically scale to serve requests. A root cause of this challenge is employment of architectures not specifically fitted to cloud environments. Cloud native design patterns resolve this challenge by enabling certain properties e.g. massive scalability and resiliency via the combination of microservice patterns and cloud-focused design patterns. However adopting these patterns is a complex process, during which several security issues are introduced. In this work, we investigate these security issues, we redesign and deploy a monolithic SecaaS application using cloud native design patterns while considering appropriate, layered security counter-measures i.e. at the application and cloud networking layer. Our prototype implementation out-performs traditional, monolithic applications with an average Scanner Time of 6 minutes, without compromising security. Our approach can be employed for designing secure, scalable and performant SecaaS applications that effectively handle unexpected increase in security assessment requests.
Rezaei, M., Yang, H., Meinel, C.: Deep Neural Network with l2-Norm Unit for Brain Lesions Detection.Springer (2017).
Further Information
Editor(s)Liu, Derong and Xie, Shengli and Li, Yuanqing and Zhao, Dongbin and El-Alfy, El-Sayed M.
Bin Tareaf, R., Berger, P., Hennig, P., Jung, J., Meinel, C.: Identifying Audience Attributes - Predicting Age, Gender and Personality for Enhanced Article Writing.ACM - International Conference on Cloud and Big Data Computing. pp. 79-88. ACM Press, London, UK (2017).
In order to create an effective article, having great content is essential. However, to achieve this, the writer needs to target a specific audience. A target audience refers to a group of readers that a writer intends to reach with his content. Defining a target audience is substantial because it has a direct effect on adjusting writing style and content of the article. Nowadays, writers rely solely on annotated attributes of articles, such as location and language to understand his/her audience. The aim of this work is to identify the audience attributes of articles, especially not-annotated attributes. Among others, this work focuses on the detection of three key audience attributes of related articles: age, gender, and personality. We compare between multiple machine learning classifiers to detect these attributes. Finally, we demonstrate a prototypical application that enables writers to run existing algorithms such as trend detection and showing related articles that are specific to a defined target audience based on the newly detected attributes.
Further Information
AbstractIn order to create an effective article, having great content is essential. However, to achieve this, the writer needs to target a specific audience. A target audience refers to a group of readers that a writer intends to reach with his content. Defining a target audience is substantial because it has a direct effect on adjusting writing style and content of the article. Nowadays, writers rely solely on annotated attributes of articles, such as location and language to understand his/her audience. The aim of this work is to identify the audience attributes of articles, especially not-annotated attributes. Among others, this work focuses on the detection of three key audience attributes of related articles: age, gender, and personality. We compare between multiple machine learning classifiers to detect these attributes. Finally, we demonstrate a prototypical application that enables writers to run existing algorithms such as trend detection and showing related articles that are specific to a defined target audience based on the newly detected attributes.
Krentz, K.-F., Meinel, C., Graupner, H.: More Lightweight, yet Stronger 802.15.4 Security through an Intra-Layer Optimization.Proceedings of the 10th International Symposium on Foundations & Practice of Security (FPS 2017). Springer, Nancy, France (2017).
802.15.4 security protects against the replay, injection, and eavesdropping of 802.15.4 frames. A core concept of 802.15.4 security is the use of frame counters for both nonce generation and anti-replay protection. While being functional, frame counters (i) cause an increased energy consumption as they incur a per-frame overhead of 4 bytes and (ii) only provide sequential freshness. The Last Bits (LB) optimization does reduce the per-frame overhead of frame counters, yet at the cost of an increased RAM consumption and occasional energy- and time-consuming resynchronization actions. Alternatively, the timeslotted channel hopping (TSCH) media access control (MAC) protocol of 802.15.4 avoids the drawbacks of frame counters by replacing them with timeslot indices, but findings of Yang et al. question the security of TSCH in general. In this paper, we assume the use of ContikiMAC, which is a popular asynchronous MAC protocol for 802.15.4 networks. Under this assumption, we propose an Intra-Layer Optimization for 802.15.4 Security (ILOS), which intertwines 802.15.4 security and ContikiMAC. In effect, ILOS reduces the security-related per-frame overhead even more than the LB optimization, as well as achieves strong freshness. Furthermore, unlike the LB optimization, ILOS neither incurs an increased RAM consumption nor requires resynchronization actions. Beyond that, ILOS integrates with and advances other security supplements to ContikiMAC. We implemented ILOS using OpenMotes and the Contiki operating system.
Further Information
Abstract802.15.4 security protects against the replay, injection, and eavesdropping of 802.15.4 frames. A core concept of 802.15.4 security is the use of frame counters for both nonce generation and anti-replay protection. While being functional, frame counters (i) cause an increased energy consumption as they incur a per-frame overhead of 4 bytes and (ii) only provide sequential freshness. The Last Bits (LB) optimization does reduce the per-frame overhead of frame counters, yet at the cost of an increased RAM consumption and occasional energy- and time-consuming resynchronization actions. Alternatively, the timeslotted channel hopping (TSCH) media access control (MAC) protocol of 802.15.4 avoids the drawbacks of frame counters by replacing them with timeslot indices, but findings of Yang et al. question the security of TSCH in general. In this paper, we assume the use of ContikiMAC, which is a popular asynchronous MAC protocol for 802.15.4 networks. Under this assumption, we propose an Intra-Layer Optimization for 802.15.4 Security (ILOS), which intertwines 802.15.4 security and ContikiMAC. In effect, ILOS reduces the security-related per-frame overhead even more than the LB optimization, as well as achieves strong freshness. Furthermore, unlike the LB optimization, ILOS neither incurs an increased RAM consumption nor requires resynchronization actions. Beyond that, ILOS integrates with and advances other security supplements to ContikiMAC. We implemented ILOS using OpenMotes and the Contiki operating system.
Rezaei, M., Yang, H., Meinel, C.: Deep Learning for Medical Image Analysis.arXiv preprint arXiv:1708.08987.10 (2017).
Further Information
Editor(s)Rezaei, Mina
Seitz, K., Serth, S., Krentz, K.-F., Meinel, C.: Demo: Enabling En-Route Filtering for End-to-End Encrypted CoAP Messages.Proceedings of the 15th ACM Conference on Embedded Networked Sensor Systems (SenSys 2017). ACM Press, New York, NY, USA (2017).
IoT devices usually are battery-powered and directly connected to the Internet. This makes them vulnerable to so-called path-based denial-of-service (PDoS) attacks. For example, in a PDoS attack an adversary sends multiple Constrained Application Protocol (CoAP) messages towards an IoT device, thereby causing each IoT device along the path to expend energy for forwarding this message. Current end-to-end security solutions, such as DTLS or IPsec, fail to prevent such attacks since they only filter out inauthentic CoAP messages at their destination. This demonstration shows an approach to allow en-route filtering where a trusted gateway has all necessary information to check the integrity, decrypt and, if necessary, drop a message before forwarding it to the constrained mote. Our approach preserves precious resources of IoT devices in the face of path-based denial-of-service attacks by remote attackers.
Further Information
AbstractIoT devices usually are battery-powered and directly connected to the Internet. This makes them vulnerable to so-called path-based denial-of-service (PDoS) attacks. For example, in a PDoS attack an adversary sends multiple Constrained Application Protocol (CoAP) messages towards an IoT device, thereby causing each IoT device along the path to expend energy for forwarding this message. Current end-to-end security solutions, such as DTLS or IPsec, fail to prevent such attacks since they only filter out inauthentic CoAP messages at their destination. This demonstration shows an approach to allow en-route filtering where a trusted gateway has all necessary information to check the integrity, decrypt and, if necessary, drop a message before forwarding it to the constrained mote. Our approach preserves precious resources of IoT devices in the face of path-based denial-of-service attacks by remote attackers.
Mayer, L., von Schmieden, K., Taheri, M., Meinel, C.: Supporting Design Thinking Education in Organizations With Digital Learning Units – A Testing Set-Up. Presented at the (2017).
This research note addresses the design and testing set-up of a prototype learning unit (protoLU). We explain the advantages of adapting Massive Open Online Courses (MOOCs) to digital learning units for professional working environments and introduce the use case for vocational design thinking trainings. Consequently, we describe the case of a protoLU created to support a physical, two-phase design thinking workshop. The protoLU aimed at refreshing participant knowledge, fostering skill transfer and to inspire through behavioral modeling. With our research set-up we intend to gather results for iterating the protoLU and learn more about the needs of design thinking learner teams in independent teamwork phases.
Further Information
AbstractThis research note addresses the design and testing set-up of a prototype learning unit (protoLU). We explain the advantages of adapting Massive Open Online Courses (MOOCs) to digital learning units for professional working environments and introduce the use case for vocational design thinking trainings. Consequently, we describe the case of a protoLU created to support a physical, two-phase design thinking workshop. The protoLU aimed at refreshing participant knowledge, fostering skill transfer and to inspire through behavioral modeling. With our research set-up we intend to gather results for iterating the protoLU and learn more about the needs of design thinking learner teams in independent teamwork phases.
Bin Tareaf, R., Berger, P., Hennig, P., Koall, S., Kohstall, J., Meinel, C.: Information Propagation Speed and Patterns in Social Networks: a Case Study Analysis of German Tweets.JCP 2018. pp. 761-770. ACM & Journal of Computer (ISSN: 1796-203X), Jeju Island, South Korea (2017).
In this paper, we present our experiences in analyzing Twitter data. The analysis has shown that information diffuses over time through the Twitter network in certain patterns. Furthermore, it has shown those friend relationships significantly influence the information propagation speed on Twitter. Since it was launched in 2006, the microblogging service grew tremendously. Tweets are sent by users all around the world. Results show that there are two major patterns. While these patterns accommodate us to understand the diffusion of information through Twitter in an even better plan, the analysis of friend networks provides information on who influences the network, concerning the number of re-tweets and the time between a tweet and its re-tweets. The approaches have been evaluated both technically, based on how certain a topic matches one of the patterns and how prominent friends are compared to other users, and conceptually, based on existing, well-known approaches in measuring the speed and scale of information diffusion on Twitter.
Further Information
AbstractIn this paper, we present our experiences in analyzing Twitter data. The analysis has shown that information diffuses over time through the Twitter network in certain patterns. Furthermore, it has shown those friend relationships significantly influence the information propagation speed on Twitter. Since it was launched in 2006, the microblogging service grew tremendously. Tweets are sent by users all around the world. Results show that there are two major patterns. While these patterns accommodate us to understand the diffusion of information through Twitter in an even better plan, the analysis of friend networks provides information on who influences the network, concerning the number of re-tweets and the time between a tweet and its re-tweets. The approaches have been evaluated both technically, based on how certain a topic matches one of the patterns and how prominent friends are compared to other users, and conceptually, based on existing, well-known approaches in measuring the speed and scale of information diffusion on Twitter.
Rezaei, M., Yang, H., Meinel, C.: Deep Neural Network with l2-norm Unit for Brain Lesions Detection.International Conference on Neural Information Processing. Springer (2017).
Staubitz, T., Meinel, C.: Collaboration and Teamwork on a MOOC Platform - A Toolset.In Proceedings of ACM Learning at Scale Conference (L@S2017)(ACM), accepted as WIP. ACM (2017).
Teamwork is an an important topic in education. It fosters deep learning and allows educators to assign interesting tasks, which would be too complex to be solved by single participants due to the time restrictions defined by the context of a course. Furthermore, today’s jobs require an increasing amount of team skills. On the other hand, teamwork comes with a variety of issues of its own. Particularly in large scale settings, such as MOOCs, teamwork is challenging. Courses often end with dysfunctional teams due to drop-outs or insufficient matching. The paper at hand presents a set of three tools that we have recently added to our system to enable teamwork in our courses. This toolset consists of the TeamBuilder, a tool to match successful teams based on a variable set of parameters, CollabSpaces, providing teams with a secluded area to communicate and collaborate within the course context, and a TeamPeerAssessment tool, which allows to provide teams with complex tasks and which allows assessment that sufficiently scales for the MOOC context. The presented tools are evaluated in terms of success rates of the created teams and workload reduction for the platform’s OPS-team, which prepares the courses in accordance with the requirements of the teaching teams. The evaluation is based on the analysis of data, which has been collected in five courses that have been conducted on one of our platforms during 2015 and 2016 and interviews with the platform’s OPS-team.
Further Information
AbstractTeamwork is an an important topic in education. It fosters deep learning and allows educators to assign interesting tasks, which would be too complex to be solved by single participants due to the time restrictions defined by the context of a course. Furthermore, today’s jobs require an increasing amount of team skills. On the other hand, teamwork comes with a variety of issues of its own. Particularly in large scale settings, such as MOOCs, teamwork is challenging. Courses often end with dysfunctional teams due to drop-outs or insufficient matching. The paper at hand presents a set of three tools that we have recently added to our system to enable teamwork in our courses. This toolset consists of the TeamBuilder, a tool to match successful teams based on a variable set of parameters, CollabSpaces, providing teams with a secluded area to communicate and collaborate within the course context, and a TeamPeerAssessment tool, which allows to provide teams with complex tasks and which allows assessment that sufficiently scales for the MOOC context. The presented tools are evaluated in terms of success rates of the created teams and workload reduction for the platform’s OPS-team, which prepares the courses in accordance with the requirements of the teaching teams. The evaluation is based on the analysis of data, which has been collected in five courses that have been conducted on one of our platforms during 2015 and 2016 and interviews with the platform’s OPS-team.
Ussath, M., Cheng, F., Meinel, C.: Enhanced Sinkhole System: Collecting System Details to Support Investigations.Proceedings of the 3rd International Conference on Mobile, Secure, and Programmable Networking (MSPN 2017). p. 18--33. Springer (2017).
Malchow, M., Renz, J., Bauer, M., Meinel, C.: Embedded Smart Home - Remote Lab Grading in a MOOC with over 6000 Participants.2017 Annual IEEE Systems Conference (SysCon). IEEE (2017).
The popularity of MOOCs has increased considerably in the last years. A typical MOOC course consists of video content, self tests after a video and homework, which is normally in multiple choice format. After solving this homeworks for every week of a MOOC, the final exam certificate can be issued when the student has reached a sufficient score. There are also some attempts to include practical tasks, such as programming, in MOOCs for grading. Nevertheless, until now there is no known possibility to teach embedded system programming in a MOOC course where the programming can be done in a remote lab and where grading of the tasks is additionally possible. This embedded programming includes communication over GPIO pins to control LEDs and measure sensor values. We started a MOOC course called ``Embedded Smart Home'' as a pilot to prove the concept to teach real hardware programming in a MOOC environment under real life MOOC conditions with over 6000 students. Furthermore, also students with real hardware have the possibility to program on their own real hardware and grade their results in the MOOC course. Finally, we evaluate our approach and analyze the student acceptance of this approach to offer a course on embedded programming. We also analyze the hardware usage and working time of students solving tasks to find out if real hardware programming is an advantage and motivating achievement to support students learning success.
Further Information
AbstractThe popularity of MOOCs has increased considerably in the last years. A typical MOOC course consists of video content, self tests after a video and homework, which is normally in multiple choice format. After solving this homeworks for every week of a MOOC, the final exam certificate can be issued when the student has reached a sufficient score. There are also some attempts to include practical tasks, such as programming, in MOOCs for grading. Nevertheless, until now there is no known possibility to teach embedded system programming in a MOOC course where the programming can be done in a remote lab and where grading of the tasks is additionally possible. This embedded programming includes communication over GPIO pins to control LEDs and measure sensor values. We started a MOOC course called ``Embedded Smart Home'' as a pilot to prove the concept to teach real hardware programming in a MOOC environment under real life MOOC conditions with over 6000 students. Furthermore, also students with real hardware have the possibility to program on their own real hardware and grade their results in the MOOC course. Finally, we evaluate our approach and analyze the student acceptance of this approach to offer a course on embedded programming. We also analyze the hardware usage and working time of students solving tasks to find out if real hardware programming is an advantage and motivating achievement to support students learning success.
Ussath, M., Jaeger, D., Cheng, F., Meinel, C.: Identifying Suspicious User Behavior with Neural Networks.Proceedings of the 4th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud 2017). p. 255--263. IEEE (2017).
Sianipar, J., Willems, C., Meinel, C.: Signed URL for an Isolated Web Server in a Virtual Laboratory.Proceedings of the 9th International Conference on Education Technology and Computers, ICETC 2017, Barcelona, Spain, December 20-22, 2017. p. 218--222 (2017).
Sukmana, M.I.H., Torkura, K.A., Meinel, C., Graupner, H.: Redesign cloudRAID for flexible and secure enterprise file sharing over public cloud storage.Proceedings of the 10th International Conference on Security of Information and Networks. p. 3--10. ACM (2017).
Sianipar, J., Willems, C., Meinel, C.: Team Placement in Crowd-Resourcing Virtual Laboratory for IT Security e-Learning.Proceedings of the 2017 International Conference on Cloud and Big Data Computing, ICCBDC 2017, London, United Kingdom, September 17 - 19, 2017. p. 60--66 (2017).
Perlich, A., Meinel, C.: Juggling Doctor and Patient Needs in Mental Health Record Design.Informatics Empowers Healthcare Transformation (2017).
Providing patients access to mental health records is a controversial topic that gains growing attention in research and practice. While it has great potential in increasing the patient engagement, skepticism is prevailing among therapists who fear detrimental effects and face a lack of feasibility when treatment notes are handwritten. We aim at empowering both therapists to new documentation approaches and patients to higher engagement, and develop the collaborative documentation system Tele-Board MED (TBM) as an adjunct to talk-based mental health interventions. We present an evaluation of TBM by comparing four prototypes and testing scenarios, reaching from early simulations to attempts of real-life implementations in clinical routines. This paper delivers a systematic need comparison of therapists as primary users and patients as secondary users, both during and beyond treatment sessions. While patient feedback is thoroughly positive, the therapist needs are only partially addressed; the benefits remain hidden behind the perceived effort.
Further Information
AbstractProviding patients access to mental health records is a controversial topic that gains growing attention in research and practice. While it has great potential in increasing the patient engagement, skepticism is prevailing among therapists who fear detrimental effects and face a lack of feasibility when treatment notes are handwritten. We aim at empowering both therapists to new documentation approaches and patients to higher engagement, and develop the collaborative documentation system Tele-Board MED (TBM) as an adjunct to talk-based mental health interventions. We present an evaluation of TBM by comparing four prototypes and testing scenarios, reaching from early simulations to attempts of real-life implementations in clinical routines. This paper delivers a systematic need comparison of therapists as primary users and patients as secondary users, both during and beyond treatment sessions. While patient feedback is thoroughly positive, the therapist needs are only partially addressed; the benefits remain hidden behind the perceived effort.
Bartz, C., Herold, T., Yang, H., Meinel, C.: Language Identification Using Deep Convolutional Recurrent Neural Networks.International Conference on Neural Information Processing. Springer (2017).
Rohloff, T., Renz, J., Bothe, M., Meinel, C.: Supporting Multi-Device E-Learning Patterns with Second Screen Mobile Applications.Proceedings of the 16th World Conference on Mobile and Contextual Learning (mLearn 2017). pp. 25:1-25:8. ACM, Larnaca, Cyprus (2017).
Many providers of Massive Open Online Course (MOOC) platforms released mobile applications in the recent years to enable learning offline and on the go, for a more ubiquitous learning experience. However, mainly the MOOC content was optimized for small screens, but mobile devices provide the opportunity to enrich the MOOC experience even further by enabling new forms of learning. Based on a previous learning patterns evaluation and a user survey, this paper presents a second screen prototype for the MOOC platform of the Hasso Plattner Institute, whereby the mobile application can be used as a learning companion while using the web platform on a computer. Four different actions were implemented which can be done next to watching a video lecture. The evaluation showed that the prototype was helpful and made learning more efficient, as reported by users, and also ideas for further improvements were proposed.
Further Information
AbstractMany providers of Massive Open Online Course (MOOC) platforms released mobile applications in the recent years to enable learning offline and on the go, for a more ubiquitous learning experience. However, mainly the MOOC content was optimized for small screens, but mobile devices provide the opportunity to enrich the MOOC experience even further by enabling new forms of learning. Based on a previous learning patterns evaluation and a user survey, this paper presents a second screen prototype for the MOOC platform of the Hasso Plattner Institute, whereby the mobile application can be used as a learning companion while using the web platform on a computer. Four different actions were implemented which can be done next to watching a video lecture. The evaluation showed that the prototype was helpful and made learning more efficient, as reported by users, and also ideas for further improvements were proposed.
Amirkhanyan, A., Meinel, C.: The Framework for Spatiotemporal Sequential Rule Mining: Crime Data Case Study.The 2017 International Conference on Knowledge Engineering and Applications (ICKEA2017, IEEE) (2017).
Perlich, A., Thienen, J. von, Meinel, C.: Establishing Therapeutic Alliance in Mental Health Care via Cooperative Documentation.Proceedings of the 16th World Congress on Medical and Health Informatics (MedInfo 2017) (2017).
In talk-based mental health interventions, treatment outcomes can be decisively improved by enhancing the relationship between patient and therapist. We developed the interactive documentation system Tele-Board MED (TBM) with the goal of supporting patients and doctors in their cooperative task of patient care. The system offers a whiteboard-inspired graphical user interface which allows them to take notes jointly during the treatment session. Two proxy studies were conducted whereby TBM was introduced in a role play that showcased the dialogue in a therapy session. The patient role was played by a volunteer. The audience of human-centered design as well as eHealth experts rated the therapist-patient relationship in a session with and without TBM. The data collected via questionnaires shows that TBM consistently receives a positive rating from study participants (N=36) in the areas of: collaboration, communication, patient-doctor relationship, as well as patient empowerment.
Further Information
AbstractIn talk-based mental health interventions, treatment outcomes can be decisively improved by enhancing the relationship between patient and therapist. We developed the interactive documentation system Tele-Board MED (TBM) with the goal of supporting patients and doctors in their cooperative task of patient care. The system offers a whiteboard-inspired graphical user interface which allows them to take notes jointly during the treatment session. Two proxy studies were conducted whereby TBM was introduced in a role play that showcased the dialogue in a therapy session. The patient role was played by a volunteer. The audience of human-centered design as well as eHealth experts rated the therapist-patient relationship in a session with and without TBM. The data collected via questionnaires shows that TBM consistently receives a positive rating from study participants (N=36) in the areas of: collaboration, communication, patient-doctor relationship, as well as patient empowerment.
Renz, J., Shams, A., Meinel, C.: Offline-Enabled Web-based E-Learning for Improved User Experience in Africa.In Proceedings of the 2017 IEEE AFRICON Conference. pp. '759-764'. IEEE (2017).
Web-based E-Learning uses Internet technologies and digital media to deliver education content to learners. Many universities in recent years apply their capacity in producing Massive Open Online Courses (MOOCs). They have been offering MOOCs with an expectation of rendering a comprehensive online apprenticeship. Typically, an online content delivery process requires an Internet connection. However, access to the broadband has never been a readily available resource in many regions. In Africa, poor and no networks are yet predominantly experienced by Internet users, frequently causing offline each moment a digital device disconnect from a network. As a result, a learning process is always disrupted, delayed and terminated in such regions. This paper raises the concern of E-Learning in poor and low bandwidths, in fact, it highlights the needs for an Offline-Enabled mode. The paper also explores technical approaches beamed to enhance the user experience in Web-based E-Learning, particular in Africa.
Further Information
AbstractWeb-based E-Learning uses Internet technologies and digital media to deliver education content to learners. Many universities in recent years apply their capacity in producing Massive Open Online Courses (MOOCs). They have been offering MOOCs with an expectation of rendering a comprehensive online apprenticeship. Typically, an online content delivery process requires an Internet connection. However, access to the broadband has never been a readily available resource in many regions. In Africa, poor and no networks are yet predominantly experienced by Internet users, frequently causing offline each moment a digital device disconnect from a network. As a result, a learning process is always disrupted, delayed and terminated in such regions. This paper raises the concern of E-Learning in poor and low bandwidths, in fact, it highlights the needs for an Offline-Enabled mode. The paper also explores technical approaches beamed to enhance the user experience in Web-based E-Learning, particular in Africa.
Staubitz, T., Meinel, C.: Collaboration and Teamwork on a MOOC Platform: A Toolset.Proceedings of the Fourth (2017) ACM Conference on Learning @ Scale. p. 165--168. ACM, Cambridge, Massachusetts, USA (2017).
Teamwork is an an important topic in education. It fosters deep learning and allows educators to assign interesting tasks, which would be too complex to be solved by single participants due to the time restrictions defined by the context of a course.Furthermore, today's jobs require an increasing amount of team skills. On the other hand, teamwork comes with a variety of issues of its own. Particularly in large scale settings, such as MOOCs, teamwork is challenging. Courses often end with dysfunctional teams due to drop-outs or insufficient matching. The paper at hand presents a set of three tools that we have recently added to our system to enable teamwork in our courses. This toolset consists of the TeamBuilder, a tool to match successful teams based on a variable set of parameters, CollabSpaces, providing teams with a secluded area to communicate and collaborate within the course context, and a TeamPeerAssessment tool, which allows to provide teams with complex tasks and which allows assessment that sufficiently scales for the MOOC context. The presented tools are evaluated in terms of success rates of the created teams and workload reduction for the courses' teaching teams.
Further Information
AbstractTeamwork is an an important topic in education. It fosters deep learning and allows educators to assign interesting tasks, which would be too complex to be solved by single participants due to the time restrictions defined by the context of a course.Furthermore, today's jobs require an increasing amount of team skills. On the other hand, teamwork comes with a variety of issues of its own. Particularly in large scale settings, such as MOOCs, teamwork is challenging. Courses often end with dysfunctional teams due to drop-outs or insufficient matching. The paper at hand presents a set of three tools that we have recently added to our system to enable teamwork in our courses. This toolset consists of the TeamBuilder, a tool to match successful teams based on a variable set of parameters, CollabSpaces, providing teams with a secluded area to communicate and collaborate within the course context, and a TeamPeerAssessment tool, which allows to provide teams with complex tasks and which allows assessment that sufficiently scales for the MOOC context. The presented tools are evaluated in terms of success rates of the created teams and workload reduction for the courses' teaching teams.
Staubitz, T., Teusner, R., Meinel, C.: Towards a Repository for Open Auto-Gradable Programming Exercises.2017 IEEE International Conference on Teaching, Assessment, and Learning for Engineering (TALE) (2017).
Auto-gradable hands-on programming exercises are a key element for scalable programming courses. A variety of auto-graders already exist, however, creating suitable high- quality exercises in a sufficient amount is a very time-consuming and tedious task. One way to approach this problem is to enable sharing auto-gradable exercises between several interested parties. School-teachers, MOOC1 instructors, workshop providers, and university level teachers need programming exercises to provide their students with hands-on experience. Auto-gradability of these exercises is an important requirement. The paper at hand introduces a tool that enables the sharing of such exercises and addresses the various needs and requirements of the different stakeholders.
Further Information
AbstractAuto-gradable hands-on programming exercises are a key element for scalable programming courses. A variety of auto-graders already exist, however, creating suitable high- quality exercises in a sufficient amount is a very time-consuming and tedious task. One way to approach this problem is to enable sharing auto-gradable exercises between several interested parties. School-teachers, MOOC1 instructors, workshop providers, and university level teachers need programming exercises to provide their students with hands-on experience. Auto-gradability of these exercises is an important requirement. The paper at hand introduces a tool that enables the sharing of such exercises and addresses the various needs and requirements of the different stakeholders.
Staubitz, T., Willems, C., Hagedorn, C., Meinel, C.: The gamification of a MOOC platform.2017 IEEE Global Engineering Education Conference (EDUCON). pp. 883-892 (2017).
Massive Open Online Courses (MOOCs) have left their mark on the face of education during the recent couple of years. At the Hasso Plattner Institute (HPI) in Potsdam, Germany, we are actively developing a MOOC platform, which provides our research with a plethora of e-learning topics, such as learning analytics, automated assessment, peer assessment, team-work, online proctoring, and gamification. We run several instances of this platform. On openHPI, we provide our own courses from within the HPI context. Further instances are openSAP, openWHO, and mooc.HOUSE, which is the smallest of these platforms, targeting customers with a less extensive course portfolio. In 2013, we started to work on the gamification of our platform. By now, we have implemented about two thirds of the features that we initially have evaluated as useful for our purposes. About a year ago we activated the implemented gamification features on mooc.HOUSE. They have been employed actively in the course “Design for Non-Designers”. We plan to activate the features on openHPI in the beginning of 2017. The paper at hand recaps, examines, and re-evaluates our initial recommendations.
Further Information
AbstractMassive Open Online Courses (MOOCs) have left their mark on the face of education during the recent couple of years. At the Hasso Plattner Institute (HPI) in Potsdam, Germany, we are actively developing a MOOC platform, which provides our research with a plethora of e-learning topics, such as learning analytics, automated assessment, peer assessment, team-work, online proctoring, and gamification. We run several instances of this platform. On openHPI, we provide our own courses from within the HPI context. Further instances are openSAP, openWHO, and mooc.HOUSE, which is the smallest of these platforms, targeting customers with a less extensive course portfolio. In 2013, we started to work on the gamification of our platform. By now, we have implemented about two thirds of the features that we initially have evaluated as useful for our purposes. About a year ago we activated the implemented gamification features on mooc.HOUSE. They have been employed actively in the course “Design for Non-Designers”. We plan to activate the features on openHPI in the beginning of 2017. The paper at hand recaps, examines, and re-evaluates our initial recommendations.
Staubitz, T., Teusner, R., Meinel, C.: openHPI's Coding Tool Family: CodeOcean, CodeHarbor, CodePilot.Automatische Bewertung von Programmieraufgaben (ABP) (2017).
The Hasso Plattner Institute successfully runs a self-developed Massive Open Online Course (MOOC) platform—openHPI—since 2012. MOOCs, even more than classic classroom situations, depend on automated solutions to assess programming exercises. Manual evaluation is not an option due to the massive amount of users that participate in these courses. The paper at hand maps the landscape of tools that are used on openHPI in the context of automated grading of programming exercises. Furthermore, it provides a sneak preview to new features that will be integrated ion the near future. Particularly, we will introduce CodeHarbor, our platform to share auto-gradeable exercises between various online code execution platforms.
Further Information
AbstractThe Hasso Plattner Institute successfully runs a self-developed Massive Open Online Course (MOOC) platform—openHPI—since 2012. MOOCs, even more than classic classroom situations, depend on automated solutions to assess programming exercises. Manual evaluation is not an option due to the massive amount of users that participate in these courses. The paper at hand maps the landscape of tools that are used on openHPI in the context of automated grading of programming exercises. Furthermore, it provides a sneak preview to new features that will be integrated ion the near future. Particularly, we will introduce CodeHarbor, our platform to share auto-gradeable exercises between various online code execution platforms.
Gawron, M., Cheng, F., Meinel, C.: Automatic Vulnerability Classification using Machine Learning.Proceedings of the 12th International Conference on Risks and Security of Internet and Systems (CRiSIS 2017). Springer (2017).
Amirkhanyan, A., Meinel, C.: Analysis of data from the Twitter account of the Berlin Police for public safety awareness.2017 IEEE 21st International Conference on Computer Supported Cooperative Work in Design (CSCWD). pp. 209-214 (2017).
Torkura, K.A., Sukmana, M.I.H., Meinel, C.: Integrating Continuous Security Assessments in Microservices and Cloud Native Applications.Proceedings of the10th International Conference on Utility and Cloud Computing. p. 171--180. ACM (2017).
Cloud Native Applications (CNA) consists of multiple collaborating microservice instances working together towards common goals. These microservices leverage the underlying cloud infrastructure to enable several properties such as scalability and resiliency. CNA are complex distributed applications, vulnerable to several security issues affecting microservices and traditional cloud-based applications. For example, each microservice instance could be developed with different technologies e.g. programming languages and databases. This diversity of technologies increases the chances for security vulnerabilities in microservices. Moreover, the fast-paced development cycles of CNA increases the probability of insufficient security tests in the development pipelines, and consequent deployment of vulnerable microservices. Furthermore, cloud native environments are ephemeral, microservices are dynamically launched and de-registered, this factor creates a discoverability challenge for traditional security assessment techniques. Hence, security assessments in such environments require new approaches which are specifically adapted and integrated to CNA. In fact, such techniques are to be cloud native i.e. well integrated into the cloud’s fabric. In this paper, we tackle the above-mentioned challenges through the introduction of a novel Security Control concept - the Security Gateway. To support the Security Gateway concept, two other concepts are proposed: dynamic document store and security health endpoints.We have implemented these concepts using cloud native design patterns and integrated them into the CNA workflow. Our experimental evaluations validate the efficiency of our proposals, the time overhead due to the security gateway is minimal and the vulnerability detection rate surpasses that of traditional security assessment approaches. Our proposal can therefore be employed to secure CNA and microservice-based implementations.
Further Information
AbstractCloud Native Applications (CNA) consists of multiple collaborating microservice instances working together towards common goals. These microservices leverage the underlying cloud infrastructure to enable several properties such as scalability and resiliency. CNA are complex distributed applications, vulnerable to several security issues affecting microservices and traditional cloud-based applications. For example, each microservice instance could be developed with different technologies e.g. programming languages and databases. This diversity of technologies increases the chances for security vulnerabilities in microservices. Moreover, the fast-paced development cycles of CNA increases the probability of insufficient security tests in the development pipelines, and consequent deployment of vulnerable microservices. Furthermore, cloud native environments are ephemeral, microservices are dynamically launched and de-registered, this factor creates a discoverability challenge for traditional security assessment techniques. Hence, security assessments in such environments require new approaches which are specifically adapted and integrated to CNA. In fact, such techniques are to be cloud native i.e. well integrated into the cloud’s fabric. In this paper, we tackle the above-mentioned challenges through the introduction of a novel Security Control concept - the Security Gateway. To support the Security Gateway concept, two other concepts are proposed: dynamic document store and security health endpoints.We have implemented these concepts using cloud native design patterns and integrated them into the CNA workflow. Our experimental evaluations validate the efficiency of our proposals, the time overhead due to the security gateway is minimal and the vulnerability detection rate surpasses that of traditional security assessment approaches. Our proposal can therefore be employed to secure CNA and microservice-based implementations.
Yang, H., Fritzsche, M., Bartz, C., Meinel, C.: BMXNet: An Open-Source Binary Neural Network Implementation Based on MXNet.Proceedings of the 2017 ACM on Multimedia Conference. ACM, New York, NY, USA (2017).
Krentz, K.-F., Meinel, C., Graupner, H.: Secure Self-Seeding with Power-Up SRAM States.IEEE Symposium on Computers and Communications (ISCC 2017). IEEE, Heraklion, Greece (2017).
Generating seeds on Internet of things (IoT) devices is challenging because these devices typically lack common entropy sources, such as user interaction or hard disks. A promising replacement is to use power-up static random-access memory (SRAM) states, which are partly random due to manufacturing deviations. Thus far, there, however, seems to be no method for extracting close-to-uniformly distributed seeds from power-up SRAM states in an information-theoretically secure and practical manner. Moreover, the min-entropy of power-up SRAM states reduces with temperature, thereby rendering this entropy source vulnerable to so-called freezing attacks. In this paper, we mainly make three contributions. First, we propose a new method for extracting uniformly distributed seeds from power-up SRAM states. Unlike current methods, ours is information-theoretically secure, practical, and freezing attack-resistant rolled into one. Second, we point out a trick that enables using power-up SRAM states not only for self-seeding at boot time, but also for reseeding at runtime. Third, we compare the energy consumption of seeding an IoT device either with radio noise or power-up SRAM states. While seeding with power-up SRAM states turned out to be more energy efficient, we argue for mixing both these entropy sources.
Further Information
AbstractGenerating seeds on Internet of things (IoT) devices is challenging because these devices typically lack common entropy sources, such as user interaction or hard disks. A promising replacement is to use power-up static random-access memory (SRAM) states, which are partly random due to manufacturing deviations. Thus far, there, however, seems to be no method for extracting close-to-uniformly distributed seeds from power-up SRAM states in an information-theoretically secure and practical manner. Moreover, the min-entropy of power-up SRAM states reduces with temperature, thereby rendering this entropy source vulnerable to so-called freezing attacks. In this paper, we mainly make three contributions. First, we propose a new method for extracting uniformly distributed seeds from power-up SRAM states. Unlike current methods, ours is information-theoretically secure, practical, and freezing attack-resistant rolled into one. Second, we point out a trick that enables using power-up SRAM states not only for self-seeding at boot time, but also for reseeding at runtime. Third, we compare the energy consumption of seeding an IoT device either with radio noise or power-up SRAM states. While seeding with power-up SRAM states turned out to be more energy efficient, we argue for mixing both these entropy sources.
Kayem, A., Meinel, C., Wolthusen, S.: A Smart Micro-Grid Architecture for Resource Constrained Environments.Proceedings, 31st International Conference on Advanced Information Networking and Applications (AINA 2017), Taipei, Taiwan. IEEE (2017).
Micro-grids offer a cost-effective approach to providing reliable power supply in isolated and disadvantaged communities. These communities present a special case where access to national power networks is either non-existent or intermittent due to load-shedding to provision urban areas and/or due to high interconnection costs. By necessity, such micro-grids rely on renewable energy sources that are variable and so only partly predictable. Ensuring reliable power provisioning and billing must therefore be supported by demand management and fair-billing policies. Furthermore, since trusted centralized grid management is not always possible, using a distributed model offers a viable solution approach. However, such a distributed system may be subject to subversion attacks aimed at power theft. In this paper, we present a novel and innovative distributed architecture for power distribution and billing on micro-grids. The architecture is designed to operate efficiently over a lossy communication network, which is an advantage for disadvantaged communities. Since lossy networks are undependable, differentiating system failures from adversarial manipulations is important because grid stability is to a large extent dependent on user participation. To this end, we provide a characterization of potential adversarial models to underline how these can be differentiated from failures.
Further Information
AbstractMicro-grids offer a cost-effective approach to providing reliable power supply in isolated and disadvantaged communities. These communities present a special case where access to national power networks is either non-existent or intermittent due to load-shedding to provision urban areas and/or due to high interconnection costs. By necessity, such micro-grids rely on renewable energy sources that are variable and so only partly predictable. Ensuring reliable power provisioning and billing must therefore be supported by demand management and fair-billing policies. Furthermore, since trusted centralized grid management is not always possible, using a distributed model offers a viable solution approach. However, such a distributed system may be subject to subversion attacks aimed at power theft. In this paper, we present a novel and innovative distributed architecture for power distribution and billing on micro-grids. The architecture is designed to operate efficiently over a lossy communication network, which is an advantage for disadvantaged communities. Since lossy networks are undependable, differentiating system failures from adversarial manipulations is important because grid stability is to a large extent dependent on user participation. To this end, we provide a characterization of potential adversarial models to underline how these can be differentiated from failures.
Meinel, C., Renz, J., Grella, C., Karn, N., Hagedorn, C.: Die Cloud für Schulen in Deutschland. Konzept und Pilotierung der Schul-Cloud.Technische Berichte des Hasso-Plattner-Instituts für Softwaresystemtechnik an der Universität Potsdam.56 (2017).
Die digitale Entwicklung durchdringt unser Bildungssystem, doch Schulen sind auf die Veränderungen kaum vorbereitet: Überforderte Lehrer/innen, infrastrukturell schwach ausgestattete Unterrichtsräume und unzureichend gewartete Computernetzwerke sind keine Seltenheit. Veraltete Hard- und Software erschweren digitale Bildung in Schulen eher, als dass sie diese ermöglichen: Ein zukunftssicherer Ansatz ist es, die Rechner weitgehend aus den Schulen zu entfernen und Bildungsinhalte in eine Cloud zu überführen. Zeitgemäßer Unterricht benötigt moderne Technologie und eine zukunftsorientierte Infrastruktur. Eine Schul-Cloud (https://hpi.de/schul-cloud) kann dabei helfen, die digitale Transformation in Schulen zu meistern und den fächerübergreifenden Unterricht mit digitalen Inhalten zu bereichern. Den Schüler/innen und Lehrkräften kann sie viele Möglichkeiten eröffnen: einen einfachen Zugang zu neuesten, professionell gewarteten Anwendungen, die Vernetzung verschiedener Lernorte, Erleichterung von Unterrichtsvorbereitung und Differenzierung
Further Information
AbstractDie digitale Entwicklung durchdringt unser Bildungssystem, doch Schulen sind auf die Veränderungen kaum vorbereitet: Überforderte Lehrer/innen, infrastrukturell schwach ausgestattete Unterrichtsräume und unzureichend gewartete Computernetzwerke sind keine Seltenheit. Veraltete Hard- und Software erschweren digitale Bildung in Schulen eher, als dass sie diese ermöglichen: Ein zukunftssicherer Ansatz ist es, die Rechner weitgehend aus den Schulen zu entfernen und Bildungsinhalte in eine Cloud zu überführen. Zeitgemäßer Unterricht benötigt moderne Technologie und eine zukunftsorientierte Infrastruktur. Eine Schul-Cloud (https://hpi.de/schul-cloud) kann dabei helfen, die digitale Transformation in Schulen zu meistern und den fächerübergreifenden Unterricht mit digitalen Inhalten zu bereichern. Den Schüler/innen und Lehrkräften kann sie viele Möglichkeiten eröffnen: einen einfachen Zugang zu neuesten, professionell gewarteten Anwendungen, die Vernetzung verschiedener Lernorte, Erleichterung von Unterrichtsvorbereitung und Differenzierung
Grella, C.T., Staubitz, T., Teusner, R., Meinel, C.: Can MOOCs Support Secondary Education in Computer Science? In: Auer, M.E., Guralnick, D., and Uhomoibhi, J. (eds.) Interactive Collaborative Learning. p. 478--493. Springer International Publishing, Cham (2017).
Despite the importance of competencies in computer science for participation in the digital transformation of nearly all sectors, there is still a lack of learning material and technically experienced teachers in German schools. In the paper at hand, we investigate the potential of Massive Open Online Courses (MOOCs) for secondary education. Schools can profit from this learning content and format provided by well-known institutions. However, German schools provide some challenging conditions, which have to be taken into account for a meaningful integration of e-learning elements. Our statistical and qualitative results are based on the representative data of the National Educational Panel Study (NEPS), the learning data of more than 100,000 online learners from over 150 countries, and the outcomes of several workshops with teachers and school administrators.
Further Information
Editor(s)Auer, Michael E. and Guralnick, David and Uhomoibhi, James
AbstractDespite the importance of competencies in computer science for participation in the digital transformation of nearly all sectors, there is still a lack of learning material and technically experienced teachers in German schools. In the paper at hand, we investigate the potential of Massive Open Online Courses (MOOCs) for secondary education. Schools can profit from this learning content and format provided by well-known institutions. However, German schools provide some challenging conditions, which have to be taken into account for a meaningful integration of e-learning elements. Our statistical and qualitative results are based on the representative data of the National Educational Panel Study (NEPS), the learning data of more than 100,000 online learners from over 150 countries, and the outcomes of several workshops with teachers and school administrators.
Krentz, K.-F., Meinel, C., Graupner, H.: Secure Self-Seeding with Power-Up SRAM States.Proceedings of the 22nd IEEE Symposium on Computers and Communications (ISCC 2017). IEEE, Heraklion, Greece (2017).
Generating seeds on Internet of things (IoT) devices is challenging because these devices typically lack common entropy sources, such as user interaction or hard disks. A promising replacement is to use power-up static random-access memory (SRAM) states, which are partly random due to manufacturing deviations. Thus far, there, however, seems to be no method for extracting close-to-uniformly distributed seeds from power-up SRAM states in an information-theoretically secure and practical manner. Moreover, the min-entropy of power-up SRAM states reduces with temperature, thereby rendering this entropy source vulnerable to so-called freezing attacks. In this paper, we mainly make three contributions. First, we propose a new method for extracting uniformly distributed seeds from power-up SRAM states. Unlike current methods, ours is information-theoretically secure, practical, and freezing attack-resistant rolled into one. Second, we point out a trick that enables using power-up SRAM states not only for self-seeding at boot time, but also for reseeding at runtime. Third, we compare the energy consumption of seeding an IoT device either with radio noise or power-up SRAM states. While seeding with power-up SRAM states turned out to be more energy efficient, we argue for mixing both these entropy sources.
Further Information
AbstractGenerating seeds on Internet of things (IoT) devices is challenging because these devices typically lack common entropy sources, such as user interaction or hard disks. A promising replacement is to use power-up static random-access memory (SRAM) states, which are partly random due to manufacturing deviations. Thus far, there, however, seems to be no method for extracting close-to-uniformly distributed seeds from power-up SRAM states in an information-theoretically secure and practical manner. Moreover, the min-entropy of power-up SRAM states reduces with temperature, thereby rendering this entropy source vulnerable to so-called freezing attacks. In this paper, we mainly make three contributions. First, we propose a new method for extracting uniformly distributed seeds from power-up SRAM states. Unlike current methods, ours is information-theoretically secure, practical, and freezing attack-resistant rolled into one. Second, we point out a trick that enables using power-up SRAM states not only for self-seeding at boot time, but also for reseeding at runtime. Third, we compare the energy consumption of seeding an IoT device either with radio noise or power-up SRAM states. While seeding with power-up SRAM states turned out to be more energy efficient, we argue for mixing both these entropy sources.
Gawron, M., Cheng, F., Meinel, C.: PVD: Passive vulnerability detection.Proceedings of the 8th International Conference on Information and Communication Systems (ICICS 2017). pp. 322-327. IEEE (2017).
Seitz, K., Serth, S., Krentz, K.-F., Meinel, C.: Demo: Enabling En-Route Filtering for End-to-End Encrypted CoAP Messages.15th ACM Conference on Embedded Networked Sensor Systems (SenSys 2017). ACM, Delft, The Netherlands (2017).
IoT devices usually are battery-powered and directly connected to the Internet. This makes them vulnerable to so-called path-based denial-of-service (PDoS) attacks. For example, in a PDoS attack an adversary sends multiple Constrained Application Protocol (CoAP) messages towards an IoT device, thereby causing each IoT device along the path to expend energy for forwarding this message. Current end-to-end security solutions, such as DTLS or IPsec, fail to prevent such attacks since they only filter out inauthentic CoAP messages at their destination. This demonstration shows an approach to allow en-route filtering where a trusted gateway has all necessary information to check the integrity, decrypt and, if necessary, drop a message before forwarding it to the constrained mote. Our approach preserves precious resources of IoT devices in the face of path-based denial-of-service attacks by remote attackers.
Further Information
AbstractIoT devices usually are battery-powered and directly connected to the Internet. This makes them vulnerable to so-called path-based denial-of-service (PDoS) attacks. For example, in a PDoS attack an adversary sends multiple Constrained Application Protocol (CoAP) messages towards an IoT device, thereby causing each IoT device along the path to expend energy for forwarding this message. Current end-to-end security solutions, such as DTLS or IPsec, fail to prevent such attacks since they only filter out inauthentic CoAP messages at their destination. This demonstration shows an approach to allow en-route filtering where a trusted gateway has all necessary information to check the integrity, decrypt and, if necessary, drop a message before forwarding it to the constrained mote. Our approach preserves precious resources of IoT devices in the face of path-based denial-of-service attacks by remote attackers.
Shaabani, N., Meinel, C.: Incremental Discovery of Inclusion Dependencies.Proceedings of the 29th International Conference on Scientific and Statistical Database Management (SSDBM'17). p. 2:1--2:12. ACM (2017).
Inclusion dependencies form one of the most fundamental classes of integrity constraints. Their importance in classical data management is reinforced by modern applications such as data profiling, data cleaning, entity resolution and schema matching. Their discovery in an unknown dataset is at the core of any data analysis effort. Therefore, several research approaches have focused on their efficient discovery in a given, static dataset. However, none of these approaches are appropriate for applications on dynamic datasets, such as transactional datasets, scientific applications, and social network. In these cases, discovery techniques should be able to efficiently update the inclusion dependencies after an update in the dataset, without reprocessing the entire dataset. We present the first approach for incrementally updating the unary inclusion dependencies. In particular, our approach is based on the concept of attribute clustering from which the unary inclusion dependencies are efficiently derivable. We incrementally update the clusters after each update of the dataset. Updating the clusters does not need to access the dataset because of special data structures designed to efficiently support the updating process. We perform an exhaustive analysis of our approach by applying it to large datasets with several hundred attributes and more than 116,200,000 million tuples. The results show that the incremental discovery significantly reduces the runtime needed by the static discovery. This reduction in the runtime is up to 99.9996 % for both the insert and the delete.
Further Information
AbstractInclusion dependencies form one of the most fundamental classes of integrity constraints. Their importance in classical data management is reinforced by modern applications such as data profiling, data cleaning, entity resolution and schema matching. Their discovery in an unknown dataset is at the core of any data analysis effort. Therefore, several research approaches have focused on their efficient discovery in a given, static dataset. However, none of these approaches are appropriate for applications on dynamic datasets, such as transactional datasets, scientific applications, and social network. In these cases, discovery techniques should be able to efficiently update the inclusion dependencies after an update in the dataset, without reprocessing the entire dataset. We present the first approach for incrementally updating the unary inclusion dependencies. In particular, our approach is based on the concept of attribute clustering from which the unary inclusion dependencies are efficiently derivable. We incrementally update the clusters after each update of the dataset. Updating the clusters does not need to access the dataset because of special data structures designed to efficiently support the updating process. We perform an exhaustive analysis of our approach by applying it to large datasets with several hundred attributes and more than 116,200,000 million tuples. The results show that the incremental discovery significantly reduces the runtime needed by the static discovery. This reduction in the runtime is up to 99.9996 % for both the insert and the delete.
Krentz, K.-F., Meinel, C., Graupner, H.: Countering Three Denial-of-Sleep Attacks on ContikiMAC.Proceedings of the International Conference on Embedded Wireless Systems and Networks (EWSN 2017). Junction, Uppsala, Sweden (2017).
Like virtually all media access control (MAC) protocols for 802.15.4 networks, also ContikiMAC is vulnerable to various denial-of-sleep attacks. The focus of this paper is on countering three specific denial-of-sleep attacks on ContikiMAC, namely ding-dong ditching, pulse-delay attacks, and collision attacks. Ding-dong ditching is when attackers emit interference, inject frames, or replay frames so as to mislead ContikiMAC into staying in receive mode for extended periods of time and hence consuming much energy. Pulse-delay attacks are actually attacks on time synchronization, but can also be launched against ContikiMAC’s phase-lock optimization to cause an increased energy consumption. Lastly, in collision attacks, an attacker provokes retransmissions via jamming. In this paper, to counter these three kinds of denial-of-sleep attacks, we propose two optimizations to ContikiMAC. The dozing optimization, on the one hand, significantly reduces the energy consumption under ding-dong ditching. Beyond that, the dozing optimization helps during normal operation as it reduces the energy consumption of true wake ups, too. The secure phase-lock optimization, on the other hand, is a version of ContikiMAC’s phase-lock optimization that resists pulse-delay attacks. Additionally, the secure phase-lock optimization makes ContikiMAC resilient to collision attacks, as well as more energy efficient. We implemented and evaluated both optimizations using the Contiki operating system and OpenMotes.
Further Information
AbstractLike virtually all media access control (MAC) protocols for 802.15.4 networks, also ContikiMAC is vulnerable to various denial-of-sleep attacks. The focus of this paper is on countering three specific denial-of-sleep attacks on ContikiMAC, namely ding-dong ditching, pulse-delay attacks, and collision attacks. Ding-dong ditching is when attackers emit interference, inject frames, or replay frames so as to mislead ContikiMAC into staying in receive mode for extended periods of time and hence consuming much energy. Pulse-delay attacks are actually attacks on time synchronization, but can also be launched against ContikiMAC’s phase-lock optimization to cause an increased energy consumption. Lastly, in collision attacks, an attacker provokes retransmissions via jamming. In this paper, to counter these three kinds of denial-of-sleep attacks, we propose two optimizations to ContikiMAC. The dozing optimization, on the one hand, significantly reduces the energy consumption under ding-dong ditching. Beyond that, the dozing optimization helps during normal operation as it reduces the energy consumption of true wake ups, too. The secure phase-lock optimization, on the other hand, is a version of ContikiMAC’s phase-lock optimization that resists pulse-delay attacks. Additionally, the secure phase-lock optimization makes ContikiMAC resilient to collision attacks, as well as more energy efficient. We implemented and evaluated both optimizations using the Contiki operating system and OpenMotes.
Renz, J., Rohloff, T., Meinel, C.: Automatisierte Qualitätssicherung in MOOCs durch Learning Analytics. In: Ullrich, C. and Wessner, M. (eds.) Joint Proceedings of the Pre-Conference Workshops of DeLFI and GMW 2017. CEUR-WS.org (2017).
Dieser Beitrag beschreibt wie mithilfe von Learning Analytics Daten eine automatisierte Qualitätssicherung in MOOCs durchgeführt werden kann. Die Ergebnisse sind auch für andere skalierende E-Learning Systeme anwendbar. Hierfür wird zunächst beschrieben, wie in den untersuchten Systemen (die als verteilte Dienste in einer Microservice-Architektur implementiert sind) Learning Analytics Werkzeuge umgesetzt sind. Darauf aufbauend werden Konzept und Implementierung einer automatisierten Qualitätssicherung beschrieben. In einer ersten Evaluation wird die Nutzung der Funktion auf einer Instanz der am HPI entwickelten MOOC-Plattform untersucht. Anschließend wird ein Ausblick auf Erweiterungen und zukünftige Forschungsfragen gegeben.
Further Information
Editor(s)Ullrich, Carsten and Wessner, Martin
AbstractDieser Beitrag beschreibt wie mithilfe von Learning Analytics Daten eine automatisierte Qualitätssicherung in MOOCs durchgeführt werden kann. Die Ergebnisse sind auch für andere skalierende E-Learning Systeme anwendbar. Hierfür wird zunächst beschrieben, wie in den untersuchten Systemen (die als verteilte Dienste in einer Microservice-Architektur implementiert sind) Learning Analytics Werkzeuge umgesetzt sind. Darauf aufbauend werden Konzept und Implementierung einer automatisierten Qualitätssicherung beschrieben. In einer ersten Evaluation wird die Nutzung der Funktion auf einer Instanz der am HPI entwickelten MOOC-Plattform untersucht. Anschließend wird ein Ausblick auf Erweiterungen und zukünftige Forschungsfragen gegeben.
