Das Jahr 2022 neigt sich dem Ende. Wir schauen zurück auf…

Wir möchten uns bei allen, die dazu beigetragen oder mitgefiebert haben, bedanken.

Wir wünschen eine friedliche Weihnachtszeit sowie ein sicheres und gesundes neues Jahr.

Prof. Dr. Dr. Christian Reuter
und das gesamte PEASEC-Team

2022 neu als WiMi im Team oder mit 2022 abgeschlossener Promotion:

News: Highlights 2022

2022 (14)

Alle News 2022

2022 (95)

A-Paper 2022

(CORE≥A v VHB≥A v WKWI≥A v Thomson Reuters JIF≥1 v GI-CSCW≥A)

2022

  • Christian Reuter, Luigi Lo Iacono, Alexander Benlian (2022)
    Special Issue on Usable Security and Privacy with User-Centered Interventions and Transparency Mechanisms – Behaviour & Information Technology (BIT)
    Taylor & Francis.
    [BibTeX]

    @book{reuter_special_2022,
    title = {Special {Issue} on {Usable} {Security} and {Privacy} with {User}-{Centered} {Interventions} and {Transparency} {Mechanisms} - {Behaviour} \& {Information} {Technology} ({BIT})},
    publisher = {Taylor \& Francis},
    author = {Reuter, Christian and Lo Iacono, Luigi and Benlian, Alexander},
    year = {2022},
    note = {Publication Title: Behaviour \& Information Technology (BIT)},
    keywords = {Crisis, HCI, SocialMedia, A-Paper, Ranking-ImpactFactor, Ranking-CORE-A, Peace},
    }

  • Christian Reuter, Luigi Lo Iacono, Alexander Benlian (2022)
    A Quarter Century of Usable Security and Privacy Research: Transparency, Tailorability, and the Road Ahead
    Behaviour & Information Technology (BIT) ;41(10):2035–2048. doi:10.1080/0144929X.2022.2080908
    [BibTeX] [Abstract] [Download PDF]

    In the last decades, research has shown that both technical solutions and user perceptions are important to improve security and privacy in the digital realm. The field of ‘usable security’ already started to emerge in the mid-90s, primarily focussed on password and email security. Later on, the research field of ”usable security and privacy” evolved and broadened the aim to design concepts and tools to assist users in enhancing their behaviour with regard to both privacy and security. Nevertheless, many user interventions are not as effective as desired. Because of highly diverse usage contexts, leading to different privacy and security requirements and not always to one-size-fits-all approaches, tailorability is necessary to address this issue. Furthermore, transparency is a crucial requirement, as providing comprehensible information may counter reactance towards security interventions. This article first provides a brief history of the research field in its first quarter-century and then highlights research on the transparency and tailorability of user interventions. Based on this, this article then presents six contributions with regard to (1) privacy concerns in times of COVID-19, (2) authentication on mobile devices, (3) GDPR-compliant data management, (4) privacy notices on websites, (5) data disclosure scenarios in agriculture, as well as (6) rights under data protection law and the concrete process should data subjects want to claim those rights. This article concludes with several research directions on user-centred transparency and tailorability.

    @article{reuter_quarter_2022,
    title = {A {Quarter} {Century} of {Usable} {Security} and {Privacy} {Research}: {Transparency}, {Tailorability}, and the {Road} {Ahead}},
    volume = {41},
    issn = {0144-929X},
    url = {https://www.tandfonline.com/toc/tbit20/41/10},
    doi = {10.1080/0144929X.2022.2080908},
    abstract = {In the last decades, research has shown that both technical solutions and user perceptions are important to improve security and privacy in the digital realm. The field of ‘usable security’ already started to emerge in the mid-90s, primarily focussed on password and email security. Later on, the research field of ”usable security and privacy” evolved and broadened the aim to design concepts and tools to assist users in enhancing their behaviour with regard to both privacy and security. Nevertheless, many user interventions are not as effective as desired. Because of highly diverse usage contexts, leading to different privacy and security requirements and not always to one-size-fits-all approaches, tailorability is necessary to address this issue. Furthermore, transparency is a crucial requirement, as providing comprehensible information may counter reactance towards security interventions. This article first provides a brief history of the research field in its first quarter-century and then highlights research on the transparency and tailorability of user interventions. Based on this, this article then presents six contributions with regard to (1) privacy concerns in times of COVID-19, (2) authentication on mobile devices, (3) GDPR-compliant data management, (4) privacy notices on websites, (5) data disclosure scenarios in agriculture, as well as (6) rights under data protection law and the concrete process should data subjects want to claim those rights. This article concludes with several research directions on user-centred transparency and tailorability.},
    number = {10},
    journal = {Behaviour \& Information Technology (BIT)},
    author = {Reuter, Christian and Lo Iacono, Luigi and Benlian, Alexander},
    year = {2022},
    keywords = {A-Paper, Crisis, HCI, Projekt-CROSSING, Ranking-CORE-A, Ranking-ImpactFactor, Security, SocialMedia, UsableSec},
    pages = {2035--2048},
    }

  • Sebastian Schwartz, Laura Guntrum, Christian Reuter (2022)
    Vision or Threat – Awareness for Dual-Use in the Development of Autonomous Driving
    IEEE Transactions on Technology and Society ;3(3):163–174. doi:10.1109/TTS.2022.3182310
    [BibTeX] [Abstract] [Download PDF]

    In the digital age, the vision of autonomous vehicles (AVs) is vibrant. Research is being conducted worldwide to inte-grate AVs into our everyday lives in the future, spending consid-erable amounts of money in the development process. Actors from both engineering as well as social sciences are involved in this re-search, with technical disciplines strongly dominating. In addition to perceived progress of numerous newly developed technologies such as AVs, challenges should also be referred to. According to research analysis, the transferability of autonomous cars to the military sphere seems to be frequently forgotten or ignored (dual-use). Since not much research has been conducted in Germany on the potential deployment of autonomous driving development steps into military domains, 25 semi-structured interviews with de-velopers and researchers and actors involved in the field, were conducted in 2020. The paper identifies that the majority of re-spondents interviewed were aware of general existing dual-use de-bates, however, few had reflected about dual-use issues regarding a possible transfer of their own development processes in the con-text of autonomous driving to military applications, intensively. One reason is the small-scale nature of research, another is the complexity of the field, which enables the engineer’s alienation from their responsibility for the artefacts’ use. Moreover, it has become clear that hardly any conversations among colleagues oc-cur about possible misuse and that no standardized policy guide-lines exist, which provide information about possible risk. To raise dual-use awareness, scientific contributions, risk education, and interdisciplinary discussions are essential.

    @article{schwartz_vision_2022,
    title = {Vision or {Threat} – {Awareness} for {Dual}-{Use} in the {Development} of {Autonomous} {Driving}},
    volume = {3},
    issn = {2637-6415},
    url = {https://www.peasec.de/paper/2022/2022_SchwartzGuntrumReuter_VisionorThreatAwarenessDualUseAutonomousDriving_IEEE-TTS.pdf},
    doi = {10.1109/TTS.2022.3182310},
    abstract = {In the digital age, the vision of autonomous vehicles (AVs) is vibrant. Research is being conducted worldwide to inte-grate AVs into our everyday lives in the future, spending consid-erable amounts of money in the development process. Actors from both engineering as well as social sciences are involved in this re-search, with technical disciplines strongly dominating. In addition to perceived progress of numerous newly developed technologies such as AVs, challenges should also be referred to. According to research analysis, the transferability of autonomous cars to the military sphere seems to be frequently forgotten or ignored (dual-use). Since not much research has been conducted in Germany on the potential deployment of autonomous driving development steps into military domains, 25 semi-structured interviews with de-velopers and researchers and actors involved in the field, were conducted in 2020. The paper identifies that the majority of re-spondents interviewed were aware of general existing dual-use de-bates, however, few had reflected about dual-use issues regarding a possible transfer of their own development processes in the con-text of autonomous driving to military applications, intensively. One reason is the small-scale nature of research, another is the complexity of the field, which enables the engineer’s alienation from their responsibility for the artefacts’ use. Moreover, it has become clear that hardly any conversations among colleagues oc-cur about possible misuse and that no standardized policy guide-lines exist, which provide information about possible risk. To raise dual-use awareness, scientific contributions, risk education, and interdisciplinary discussions are essential.},
    language = {en},
    number = {3},
    journal = {IEEE Transactions on Technology and Society},
    author = {Schwartz, Sebastian and Guntrum, Laura and Reuter, Christian},
    year = {2022},
    keywords = {Selected, A-Paper, Ranking-ImpactFactor, Peace, AuswahlPeace, Projekt-ATHENE-FANCY, Projekt-TraCe},
    pages = {163--174},
    }

  • Jonas Franken, Thomas Reinhold, Lilian Reichert, Christian Reuter (2022)
    The Digital Divide in State Vulnerability to Submarine Communications Cable Failure
    International Journal of Critical Infrastructure Protection (IJCIP) ;38(100522):1–15. doi:10.1016/j.ijcip.2022.100522
    [BibTeX] [Abstract] [Download PDF]

    The backbone network of submarine communication cables (SCC) carries 98\% of international internet traffic. Coastal and island states strongly depend on this physical internet infrastructure to provide internet connectivity. Although about 100 SCC breakdowns of human or natural origin occur at yearly average, a literature review reveals that there is no approach to assess individual state vulnerability to SCC failure in global comparison. In this article, the global SCC network is modeled based on publicly available data. Besides the analysis of the global network properties, a focus is put on remaining bandwidth capacities in three different failure scenario simulations of SCC breakdowns. As a result, this study identifies 15 highly vulnerable states and overseas territories, and another 28 territories that are classified as partially vulnerable to SCC failures. Since economic market decisions shape the structure of the SCC network, an uneven distribution of redundancies and the resulting vulnerability of disadvantaged economies can be confirmed. Therefore, the study’s findings may contribute to a better assessment of the necessity of preventive protection measures of critical telecommunication infrastructures in states and territories characterized by high and medium vulnerability.

    @article{franken_digital_2022,
    title = {The {Digital} {Divide} in {State} {Vulnerability} to {Submarine} {Communications} {Cable} {Failure}},
    volume = {38},
    url = {https://peasec.de/paper/2022/2022_FrankenReinholdReichertReuter_DigitalDivideStateVulnerabilitySubmarineCommunicationsCable_IJCIP.pdf},
    doi = {10.1016/j.ijcip.2022.100522},
    abstract = {The backbone network of submarine communication cables (SCC) carries 98\% of international internet traffic. Coastal and island states strongly depend on this physical internet infrastructure to provide internet connectivity. Although about 100 SCC breakdowns of human or natural origin occur at yearly average, a literature review reveals that there is no approach to assess individual state vulnerability to SCC failure in global comparison. In this article, the global SCC network is modeled based on publicly available data. Besides the analysis of the global network properties, a focus is put on remaining bandwidth capacities in three different failure scenario simulations of SCC breakdowns. As a result, this study identifies 15 highly vulnerable states and overseas territories, and another 28 territories that are classified as partially vulnerable to SCC failures. Since economic market decisions shape the structure of the SCC network, an uneven distribution of redundancies and the resulting vulnerability of disadvantaged economies can be confirmed. Therefore, the study's findings may contribute to a better assessment of the necessity of preventive protection measures of critical telecommunication infrastructures in states and territories characterized by high and medium vulnerability.},
    number = {100522},
    journal = {International Journal of Critical Infrastructure Protection (IJCIP)},
    author = {Franken, Jonas and Reinhold, Thomas and Reichert, Lilian and Reuter, Christian},
    year = {2022},
    keywords = {Selected, Student, Security, A-Paper, Ranking-ImpactFactor, AuswahlPeace, Projekt-ATHENE-SecUrban, Projekt-AgriRegio},
    pages = {1--15},
    }

  • Stefka Schmid, Thea Riebe, Christian Reuter (2022)
    Dual-Use and Trustworthy? A Mixed Methods Analysis of AI Diffusion between Civilian and Defense R&D
    Science and Engineering Ethics ;28(12):1–23. doi:10.1007/s11948-022-00364-7
    [BibTeX] [Abstract] [Download PDF]

    Artificial Intelligence (AI) seems to be impacting all industry sectors, while becoming a motor for innovation. The diffusion of AI from the civilian sector to the defense sector, and AI’s dual-use potential has drawn attention from security and ethics scholars. With the publication of the ethical guideline Trustworthy AI by the European Union (EU), normative questions on the application of AI have been further evaluated. In order to draw conclusions on Trustworthy AI as a point of reference for responsible research and development (R&D), we approach the diffusion of AI across both civilian and military spheres in the EU. We capture the extent of technological diffusion and derive European and German patent citation networks. Both networks indicate a low degree of diffusion of AI between civilian and defense sectors. A qualitative investigation of project descriptions of a research institute’s work in both civilian and military fields shows that military AI applications stress accuracy or robustness, while civilian AI reflects a focus on human-centric values. Our work represents a first approach by linking processes of technology diffusion with normative evaluations of R&D.

    @article{schmid_dual-use_2022,
    title = {Dual-{Use} and {Trustworthy}? {A} {Mixed} {Methods} {Analysis} of {AI} {Diffusion} between {Civilian} and {Defense} {R}\&{D}},
    volume = {28},
    url = {https://peasec.de/paper/2022/2022_SchmidRiebeReuter_DualUseandTrustworthy_ScienceEngineeringEthics.pdf},
    doi = {10.1007/s11948-022-00364-7},
    abstract = {Artificial Intelligence (AI) seems to be impacting all industry sectors, while becoming a motor for innovation. The diffusion of AI from the civilian sector to the defense sector, and AI’s dual-use potential has drawn attention from security and ethics scholars. With the publication of the ethical guideline Trustworthy AI by the European Union (EU), normative questions on the application of AI have been further evaluated. In order to draw conclusions on Trustworthy AI as a point of reference for responsible research and development (R\&D), we approach the diffusion of AI across both civilian and military spheres in the EU. We capture the extent of technological diffusion and derive European and German patent citation networks. Both networks indicate a low degree of diffusion of AI between civilian and defense sectors. A qualitative investigation of project descriptions of a research institute’s work in both civilian and military fields shows that military AI applications stress accuracy or robustness, while civilian AI reflects a focus on human-centric values. Our work represents a first approach by linking processes of technology diffusion with normative evaluations of R\&D.},
    number = {12},
    journal = {Science and Engineering Ethics},
    author = {Schmid, Stefka and Riebe, Thea and Reuter, Christian},
    year = {2022},
    keywords = {A-Paper, Ranking-ImpactFactor, Peace, Projekt-DualUse, AuswahlPeace, Projekt-ATHENE-SecUrban, Projekt-TraCe},
    pages = {1--23},
    }

  • Marc-André Kaufhold, Ali Sercan Basyurt, Kaan Eyilmez, Marc Stöttinger, Christian Reuter (2022)
    Cyber Threat Observatory: Design and Evaluation of an Interactive Dashboard for Computer Emergency Response Teams
    Proceedings of the European Conference on Information Systems (ECIS) Timisoara, Romaina.
    [BibTeX] [Abstract] [Download PDF]

    Besides the merits of increasing digitization and networking, societies are increasling exposed to cyberattacks. In Germany, Computer Emerrgency Response Teams (CERTs) of the public sector operate on federal and state level to provide preventative and reactive information security services for authorities, citizens, and enterprises. Their tasks of monitoring, analyzing, and communicating threats is getting more complex by the increasing information quantity disseminated into relevant public channels. Using the lens of design science research, this paper contributes with the design and evaluation of a cross-platform cybersecurity dashboard for CERTs. Based on expert scenario-based walkthroughs in combination with semi-structured interviews (N=12), it discusses six design implications, including the customizability of data sources and filtering of displayed entities, modular integration of additional information sources, interrelation between different information feeds, intelligent algorithms for content assessment and filtering, integration with security software and systems, as well as export, sharing and communication of relevant data.

    @inproceedings{kaufhold_cyber_2022,
    address = {Timisoara, Romaina},
    title = {Cyber {Threat} {Observatory}: {Design} and {Evaluation} of an {Interactive} {Dashboard} for {Computer} {Emergency} {Response} {Teams}},
    url = {http://www.peasec.de/paper/2022/2022_KaufholdBasyurtEyilmezStoettingerReuter_CyberThreatObservatory_ECIS.pdf},
    abstract = {Besides the merits of increasing digitization and networking, societies are increasling exposed to cyberattacks. In Germany, Computer Emerrgency Response Teams (CERTs) of the public sector operate on federal and state level to provide preventative and reactive information security services for authorities, citizens, and enterprises. Their tasks of monitoring, analyzing, and communicating threats is getting more complex by the increasing information quantity disseminated into relevant public channels. Using the lens of design science research, this paper contributes with the design and evaluation of a cross-platform cybersecurity dashboard for CERTs. Based on expert scenario-based walkthroughs in combination with semi-structured interviews (N=12), it discusses six design implications, including the customizability of data sources and filtering of displayed entities, modular integration of additional information sources, interrelation between different information feeds, intelligent algorithms for content assessment and filtering, integration with security software and systems, as well as export, sharing and communication of relevant data.},
    booktitle = {Proceedings of the {European} {Conference} on {Information} {Systems} ({ECIS})},
    author = {Kaufhold, Marc-André and Basyurt, Ali Sercan and Eyilmez, Kaan and Stöttinger, Marc and Reuter, Christian},
    year = {2022},
    keywords = {UsableSec, Security, A-Paper, Ranking-CORE-A, Projekt-CYWARN},
    pages = {1--17},
    }

  • Tom Biselli, Enno Steinbrink, Franziska Herbert, Gina Maria Schmidbauer-Wolf, Christian Reuter (2022)
    On the Challenges of Developing a Concise Questionnaire to Identify Privacy Personas
    Proceedings on Privacy Enhancing Technologies (PoPETs) .
    [BibTeX] [Abstract] [Download PDF]

    Concise instruments to determine privacy personas – typical privacy-related user groups – are not available at present. Consequently, we aimed to identify them on a privacy knowledge–privacy behavior ratio based on a self-developed instrument. To achieve this, we conducted an item analysis (N = 820) and a confirmatory factor analysis (CFA) (N = 656) of data based on an online study with German participants. Starting with 81 items, we reduced those to an eleven-item questionnaire with the two scales privacy knowledge and privacy behavior. A subsequent cluster analysis (N = 656) revealed three distinct user groups: (1) Fundamentalists scoring high in privacy knowledge and behavior, (2) Pragmatists scoring average in privacy knowledge and behavior and (3) Unconcerned scoring low in privacy knowledge and behavior. In a closer inspection of the questionnaire, the CFAs supported the model with a close global fit based on RMSEA in a training and to a lesser extent in a cross-validation sample. Deficient local fit as well as validity and reliability coefficients well below generally accepted thresholds, however, revealed that the questionnaire in its current form cannot be considered a suitable measurement instrument for determining privacy personas. The results are discussed in terms of related persona conceptualizations, the importance of a methodologically sound investigation of corresponding privacy dimensions and our lessons learned.

    @article{biselli_challenges_2022,
    title = {On the {Challenges} of {Developing} a {Concise} {Questionnaire} to {Identify} {Privacy} {Personas}},
    url = {https://petsymposium.org/2022/files/papers/issue4/popets-2022-0126.pdf},
    abstract = {Concise instruments to determine privacy personas – typical privacy-related user groups – are not available at present. Consequently, we aimed to identify them on a privacy knowledge–privacy behavior ratio based on a self-developed instrument. To achieve this, we conducted an item analysis (N = 820) and a confirmatory factor analysis (CFA) (N = 656) of data based on an online study with German participants. Starting with 81 items, we reduced those to an eleven-item questionnaire with the two scales privacy knowledge and privacy behavior. A subsequent cluster analysis (N = 656) revealed three distinct user groups: (1) Fundamentalists scoring high in privacy knowledge and behavior, (2) Pragmatists scoring average in privacy knowledge and behavior and (3) Unconcerned scoring low in privacy knowledge and behavior. In a closer inspection of the questionnaire, the CFAs supported the model with a close global fit based on RMSEA in a training and to a lesser extent in a cross-validation sample. Deficient local fit as well as validity and reliability coefficients well below generally accepted thresholds, however, revealed that the questionnaire in its current form cannot be considered a suitable measurement instrument for determining privacy personas. The results are discussed in terms of related persona conceptualizations, the importance of a methodologically sound investigation of corresponding privacy dimensions and our lessons learned.},
    journal = {Proceedings on Privacy Enhancing Technologies (PoPETs)},
    author = {Biselli, Tom and Steinbrink, Enno and Herbert, Franziska and Schmidbauer-Wolf, Gina Maria and Reuter, Christian},
    year = {2022},
    keywords = {HCI, Selected, UsableSec, Security, A-Paper, Ranking-CORE-A, Projekt-ATHENE-FANCY, AuswahlUsableSec, Projekt-GRKPrivacy},
    }

  • Aparecido Fabiano Pinatti De Carvalho, Saqib Saeed, Christian Reuter, Markus Rohde, Dave Randall, Volkmar Pipek, Volker Wulf (2022)
    Understanding Nomadic Practices of Social Activist Networks through the Lens of Infrastructuring: The Case of the European Social Forum
    Computer Supported Cooperative Work: The Journal of Collaborative Computing (JCSCW) . doi:10.1007/s10606-022-09442-7
    [BibTeX] [Abstract] [Download PDF]

    Within CSCW and HCI, an increasing body of literature has been demonstrating the essential relevance of infrastructures and infrastructuring to the work of people engaging in technologically mediated nomadicity. Tech Nomads – or T-Nomads, as they are sometimes called – not only rely on technological, human, and environmental infrastructural components – such as Wi-Fi, technical support, space, and basic resources such as light and power outlets – but they also have to engage in infrastructuring to mobilise their workplaces and effectively accomplish work in and across different locations. In this article, we bring an infrastructuring perspective to understanding nomadic practices concerning the organisation of complex collaborative events. We introduce findings from a long-term investigation focusing on how infrastructures are re-instantiated with the help of digital technologies, according to emerging demands from T-Nomads. Our findings demonstrate the need for a ‘nonessentialist’ approach to nomadicity, one which recognises the character of nomadic work and its varied aspects in different contexts. We extend the infrastructuring literature by demonstrating how infrastructuring work is done in a complex collaborative initiative, as the organisation of the annual European Social Forum.

    @article{pinatti_de_carvalho_understanding_2022,
    title = {Understanding {Nomadic} {Practices} of {Social} {Activist} {Networks} through the {Lens} of {Infrastructuring}: {The} {Case} of the {European} {Social} {Forum}},
    url = {Understanding Nomadic Practices of Social Activist Networks through the Lens of Infrastructuring: The Case of the European Social Forum},
    doi = {10.1007/s10606-022-09442-7},
    abstract = {Within CSCW and HCI, an increasing body of literature has been demonstrating the essential relevance of infrastructures and infrastructuring to the work of people engaging in technologically mediated nomadicity. Tech Nomads – or T-Nomads, as they are sometimes called – not only rely on technological, human, and environmental infrastructural components – such as Wi-Fi, technical support, space, and basic resources such as light and power outlets – but they also have to engage in infrastructuring to mobilise their workplaces and effectively accomplish work in and across different locations. In this article, we bring an infrastructuring perspective to understanding nomadic practices concerning the organisation of complex collaborative events. We introduce findings from a long-term investigation focusing on how infrastructures are re-instantiated with the help of digital technologies, according to emerging demands from T-Nomads. Our findings demonstrate the need for a ‘nonessentialist’ approach to nomadicity, one which recognises the character of nomadic work and its varied aspects in different contexts. We extend the infrastructuring literature by demonstrating how infrastructuring work is done in a complex collaborative initiative, as the organisation of the annual European Social Forum.},
    journal = {Computer Supported Cooperative Work: The Journal of Collaborative Computing (JCSCW)},
    author = {Pinatti De Carvalho, Aparecido Fabiano and Saeed, Saqib and Reuter, Christian and Rohde, Markus and Randall, Dave and Pipek, Volkmar and Wulf, Volker},
    year = {2022},
    keywords = {Crisis, HCI, A-Paper, Ranking-ImpactFactor},
    }

  • Markus Bayer, Marc-André Kaufhold, Björn Buchhold, Marcel Keller, Jörg Dallmeyer, Christian Reuter (2022)
    Data Augmentation in Natural Language Processing: A Novel Text Generation Approach for Long and Short Text Classifiers
    International Journal of Machine Learning and Cybernetics (IJMLC) . doi:10.1007/s13042-022-01553-3
    [BibTeX] [Abstract]

    In many cases of machine learning, research suggests that the development of training data might have a higher relevance than the choice and modelling of classifiers themselves. Thus, data augmentation methods have been developed to improve classifiers by artificially created training data. In NLP, there is the challenge of establishing universal rules for text transformations which provide new linguistic patterns. In this paper, we present and evaluate a text generation method suitable to increase the performance of classifiers for long and short texts. We achieved promising improvements when evaluating short as well as long text tasks with the enhancement by our text generation method. Especially with regard to small data analytics, additive accuracy gains of up to 15.53\% and 3.56\% are achieved within a constructed low data regime, compared to the no augmentation baseline and another data augmentation technique. As the current track of these constructed regimes is not universally applicable, we also show major improvements in several real world low data tasks (up to +4.84 F1-score). Since we are evaluating the method from many perspectives (in total 11 datasets), we also observe situations where the method might not be suitable. We discuss implications and patterns for the successful application of our approach on different types of datasets.

    @article{bayer_data_2022,
    title = {Data {Augmentation} in {Natural} {Language} {Processing}: {A} {Novel} {Text} {Generation} {Approach} for {Long} and {Short} {Text} {Classifiers}},
    doi = {10.1007/s13042-022-01553-3},
    abstract = {In many cases of machine learning, research suggests that the development of training data might have a higher relevance than the choice and modelling of classifiers themselves. Thus, data augmentation methods have been developed to improve classifiers by artificially created training data. In NLP, there is the challenge of establishing universal rules for text transformations which provide new linguistic patterns. In this paper, we present and evaluate a text generation method suitable to increase the performance of classifiers for long and short texts. We achieved promising improvements when evaluating short as well as long text tasks with the enhancement by our text generation method. Especially with regard to small data analytics, additive accuracy gains of up to 15.53\% and 3.56\% are achieved within a constructed low data regime, compared to the no augmentation baseline and another data augmentation technique. As the current track of these constructed regimes is not universally applicable, we also show major improvements in several real world low data tasks (up to +4.84 F1-score). Since we are evaluating the method from many perspectives (in total 11 datasets), we also observe situations where the method might not be suitable. We discuss implications and patterns for the successful application of our approach on different types of datasets.},
    journal = {International Journal of Machine Learning and Cybernetics (IJMLC)},
    author = {Bayer, Markus and Kaufhold, Marc-André and Buchhold, Björn and Keller, Marcel and Dallmeyer, Jörg and Reuter, Christian},
    year = {2022},
    keywords = {Student, Security, A-Paper, Ranking-ImpactFactor, Projekt-CYWARN},
    }

  • Stefka Schmid, Katrin Hartwig, Robert Cieslinski, Christian Reuter (2022)
    Digital Resilience in Dealing with Misinformation on Social Media during COVID-19: A Web Application to Assist Users in Crises
    Information Systems Frontiers . doi:10.1007/s10796-022-10347-5
    [BibTeX] [Abstract] [Download PDF]

    In crises such as the COVID-19 pandemic, it is crucial to support users when dealing with social media content. Considering digital resilience, we propose a web app based on Social Network Analysis (SNA) to provide an overview of potentially misleading vs. non-misleading content on Twitter, which can be explored by users and enable foundational learning. The latter aims at systematically identifying thematic patterns which may be associated with misleading information. Additionally, it entails reflecting on indicators of misleading tweets which are proposed to approach classification of tweets. Paying special attention to non-expert users of social media, we conducted a two-step Think Aloud study for evaluation. While participants valued the opportunity to generate new knowledge and the diversity of the application, qualities such as equality and rapidity may be further improved. However, learning effects outweighed individual costs as all users were able to shift focus onto relevant features, such as hashtags, while readily pointing out content characteristics. Our design artifact connects to learning-oriented interventions regarding the spread of misleading information and tackles information overload by a SNA-based plug-in.

    @article{schmid_digital_2022,
    title = {Digital {Resilience} in {Dealing} with {Misinformation} on {Social} {Media} during {COVID}-19: {A} {Web} {Application} to {Assist} {Users} in {Crises}},
    url = {https://link.springer.com/article/10.1007/s10796-022-10347-5},
    doi = {10.1007/s10796-022-10347-5},
    abstract = {In crises such as the COVID-19 pandemic, it is crucial to support users when dealing with social media content. Considering digital resilience, we propose a web app based on Social Network Analysis (SNA) to provide an overview of potentially misleading vs. non-misleading content on Twitter, which can be explored by users and enable foundational learning. The latter aims at systematically identifying thematic patterns which may be associated with misleading information. Additionally, it entails reflecting on indicators of misleading tweets which are proposed to approach classification of tweets. Paying special attention to non-expert users of social media, we conducted a two-step Think Aloud study for evaluation. While participants valued the opportunity to generate new knowledge and the diversity of the application, qualities such as equality and rapidity may be further improved. However, learning effects outweighed individual costs as all users were able to shift focus onto relevant features, such as hashtags, while readily pointing out content characteristics. Our design artifact connects to learning-oriented interventions regarding the spread of misleading information and tackles information overload by a SNA-based plug-in.},
    journal = {Information Systems Frontiers},
    author = {Schmid, Stefka and Hartwig, Katrin and Cieslinski, Robert and Reuter, Christian},
    year = {2022},
    keywords = {Crisis, Student, A-Paper, Projekt-NEBULA},
    }

  • Thomas Reinhold, Christian Reuter (2022)
    Towards a Cyber Weapons Assessment Model – Assessment of the Technical Features of Malicious Software
    IEEE Transactions on Technology and Society ;3(3):226–239. doi:10.1109/TTS.2021.3131817
    [BibTeX] [Abstract] [Download PDF]

    The revelation of the Stuxnet malware in 2010 shed light on the presence of state actors that are willing and capable of developing and using highly sophisticated, specialized malicious software for their political interests. These tools -often dubbed cyber weapons -are expected to become the next major advancement in weaponry technology. Besides the threats of offensive cyber operations for civil IT systems due to the interconnected nature of the cyberspace, international regulation of cyber weapons is -among other aspects -hindered by the fact that the military development and the strategic and tactical deployment of cyber weapons differ significantly from other weapons technologies. In order to establish measures of cyber arms related control treaties, it is crucial to identify these particular characteristics. Based on this premise, the article analyzes the current perspectives on cyber weapons, identifying their weaknesses of being either based on assumptions about adversarial actors or being applicable only after the usage of a malicious tool. In contrast to these approaches, the article focuses on the specific functional aspects of malware and presents an indicator-based assessment model based on parameters that can be measured prior to the application of malicious software. This enables the categorization of malicious tools as cyber weapons. Besides this, the article aims to introduce thought-provoking impulses with regard to social responsibility in computer science.

    @article{reinhold_towards_2022,
    title = {Towards a {Cyber} {Weapons} {Assessment} {Model} – {Assessment} of the {Technical} {Features} of {Malicious} {Software}},
    volume = {3},
    issn = {2637-6415},
    url = {https://peasec.de/paper/2021/2021_ReinholdReuter_CyberWeapons_IEEETransactionsTechnologySociety.pdf},
    doi = {10.1109/TTS.2021.3131817},
    abstract = {The revelation of the Stuxnet malware in 2010 shed light on the presence of state actors that are willing and capable of developing and using highly sophisticated, specialized malicious software for their political interests. These tools -often dubbed cyber weapons -are expected to become the next major advancement in weaponry technology. Besides the threats of offensive cyber operations for civil IT systems due to the interconnected nature of the cyberspace, international regulation of cyber weapons is -among other aspects -hindered by the fact that the military development and the strategic and tactical deployment of cyber weapons differ significantly from other weapons technologies. In order to establish measures of cyber arms related control treaties, it is crucial to identify these particular characteristics. Based on this premise, the article analyzes the current perspectives on cyber weapons, identifying their weaknesses of being either based on assumptions about adversarial actors or being applicable only after the usage of a malicious tool. In contrast to these approaches, the article focuses on the specific functional aspects of malware and presents an indicator-based assessment model based on parameters that can be measured prior to the application of malicious software. This enables the categorization of malicious tools as cyber weapons. Besides this, the article aims to introduce thought-provoking impulses with regard to social responsibility in computer science.},
    language = {en},
    number = {3},
    journal = {IEEE Transactions on Technology and Society},
    author = {Reinhold, Thomas and Reuter, Christian},
    month = sep,
    year = {2022},
    keywords = {A-Paper, Ranking-ImpactFactor, Peace, AuswahlPeace, Cyberwar, Projekt-ATHENE-SecUrban},
    pages = {226--239},
    }

  • Sebastian Linsner, Enno Steinbrink, Franz Kuntke, Jonas Franken, Christian Reuter (2022)
    Supporting Users in Data Disclosure Scenarios in Agriculture through Transparency
    Behaviour & Information Technology (BIT) ;41(10):2137–2159. doi:10.1080/0144929X.2022.2068070
    [BibTeX] [Abstract] [Download PDF]

    Business collaboration in the era of digital transformation requires the exchange of operational data. Since data are hardly controllable once they have been published or shared with others, it is highly important that users are clearly informed about who has access to which data and how certain settings can prevent the disclosure of sensitive data. However, giving end users more control over their data through increased transparency could also lead to information overload. This is particularly true in the field of agriculture, where tight schedules put pressure on employees of small enterprises. We conduct an empirical prestudy with 52 German farmers to investigate current data sharing scenarios. From these insights, we derive requirements and a concept for data sharing solutions providing data flow transparency for users. To investigate the behavior of users and the effects of transparent UI controls, we evaluate a prototype with 18 persons. Our evaluation shows that farmers demand flexible and secure tools that adjust to their workflows. Also, data should be stored and processed locally, granting farmers data sovereignty. Although the controls require additional effort, the evaluated transparent controls for data disclosure are easy to use and raise user awareness.

    @article{linsner_supporting_2022,
    title = {Supporting {Users} in {Data} {Disclosure} {Scenarios} in {Agriculture} through {Transparency}},
    volume = {41},
    url = {http://www.peasec.de/paper/2022/2022_LinsnerSteinbrinkKuntkeFrankenReuter_SupportingDataDisclosureScenariosAgriculture_BIT.pdf},
    doi = {10.1080/0144929X.2022.2068070},
    abstract = {Business collaboration in the era of digital transformation requires the exchange of operational data. Since data are hardly controllable once they have been published or shared with others, it is highly important that users are clearly informed about who has access to which data and how certain settings can prevent the disclosure of sensitive data. However, giving end users more control over their data through increased transparency could also lead to information overload. This is particularly true in the field of agriculture, where tight schedules put pressure on employees of small enterprises. We conduct an empirical prestudy with 52 German farmers to investigate current data sharing scenarios. From these insights, we derive requirements and a concept for data sharing solutions providing data flow transparency for users. To investigate the behavior of users and the effects of transparent UI controls, we evaluate a prototype with 18 persons. Our evaluation shows that farmers demand flexible and secure tools that adjust to their workflows. Also, data should be stored and processed locally, granting farmers data sovereignty. Although the controls require additional effort, the evaluated transparent controls for data disclosure are easy to use and raise user awareness.},
    number = {10},
    journal = {Behaviour \& Information Technology (BIT)},
    author = {Linsner, Sebastian and Steinbrink, Enno and Kuntke, Franz and Franken, Jonas and Reuter, Christian},
    year = {2022},
    keywords = {UsableSec, Security, A-Paper, Ranking-ImpactFactor, Ranking-CORE-A, Projekt-GRKPrivacy, Projekt-HyServ, Projekt-AgriRegio},
    pages = {2137--2159},
    }

  • Katrin Hartwig, Christian Reuter (2022)
    Nudging Users Towards Better Security Decisions in Password Creation Using Whitebox-based Multidimensional Visualizations
    Behaviour & Information Technology (BIT) ;41(7):1357–1380. doi:10.1080/0144929X.2021.1876167
    [BibTeX] [Abstract] [Download PDF]

    Nudging users to keep them secure online has become a growing research field in cybersecurity. While existing approaches are mainly blackbox based, showing aggregated visualisations as one-size-fits-all nudges, personalisation turned out promising to enhance the efficacy of nudges within the high variance of users and contexts. This article presents a disaggregated whitebox-based visualisation of critical information as a novel nudge. By segmenting users according to their decision-making and information processing styles, we investigate if the novel nudge is more effective for specific users than a common black-box nudge. Based on existing literature about critical factors in password security, we designed a dynamic radar chart and parallel coordinates as disaggregated visualisations. We evaluated the short-term effectiveness and users‘ perception of the nudges in a think-aloud prestudy and a representative online evaluation (N=1.012). Our findings suggest that dynamic radar charts present a moderately effective nudge towards stronger passwords regarding short-term efficacy and are appreciated particularly by players of role-playing games.

    @article{hartwig_nudging_2022,
    title = {Nudging {Users} {Towards} {Better} {Security} {Decisions} in {Password} {Creation} {Using} {Whitebox}-based {Multidimensional} {Visualizations}},
    volume = {41},
    url = {https://peasec.de/paper/2022/2022_HartwigReuter_WhiteboxMultidimensionalNudges_BIT.pdf},
    doi = {10.1080/0144929X.2021.1876167},
    abstract = {Nudging users to keep them secure online has become a growing research field in cybersecurity. While existing approaches are mainly blackbox based, showing aggregated visualisations as one-size-fits-all nudges, personalisation turned out promising to enhance the efficacy of nudges within the high variance of users and contexts. This article presents a disaggregated whitebox-based visualisation of critical information as a novel nudge. By segmenting users according to their decision-making and information processing styles, we investigate if the novel nudge is more effective for specific users than a common black-box nudge. Based on existing literature about critical factors in password security, we designed a dynamic radar chart and parallel coordinates as disaggregated visualisations. We evaluated the short-term effectiveness and users' perception of the nudges in a think-aloud prestudy and a representative online evaluation (N=1.012). Our findings suggest that dynamic radar charts present a moderately effective nudge towards stronger passwords regarding short-term efficacy and are appreciated particularly by players of role-playing games.},
    number = {7},
    journal = {Behaviour \& Information Technology (BIT)},
    author = {Hartwig, Katrin and Reuter, Christian},
    year = {2022},
    keywords = {HCI, Selected, UsableSec, Security, A-Paper, Ranking-ImpactFactor, Ranking-CORE-A, Projekt-CROSSING, AuswahlUsableSec},
    pages = {1357--1380},
    }

  • Franz Kuntke, Vladimir Romanenko, Sebastian Linsner, Enno Steinbrink, Christian Reuter (2022)
    LoRaWAN Security Issues and Mitigation Options by the Example of Agricultural IoT Scenarios
    Transactions on Emerging Telecommunications Technologies (ETT) ;33.
    [BibTeX] [Abstract] [Download PDF]

    The Internet of Things (IoT) is a major trend that is seen as a great opportunity to improve efficiency in many domains, including agriculture. This technology could transform the sector, improving the management and quality of agricultural operations, for example, crop farming. The most promising data transmission standard for this domain seems to be Long Range Wide Area Network (LoRaWAN), a popular representative of low power wide area network technologies today. LoRaWAN, like any wireless protocol, has properties that can be exploited by attackers, which has been a topic of multiple research papers in recent years. By conducting a systematic literature review, we build a recent list of attacks, as well as collect mitigation options. Taking a look at a concrete use case (IoT in agriculture) allows us to evaluate the practicality of both exploiting the vulnerabilities and implementing the countermeasures. We detected 16 attacks that we grouped into six attack types. Along with the attacks, we collect countermeasures for attack mitigation. Developers can use our findings to minimize the risks when developing applications based on LoRaWAN. These mostly theoretical security recommendations should encourage future works to evaluate the mitigations in practice.

    @article{kuntke_lorawan_2022,
    title = {{LoRaWAN} {Security} {Issues} and {Mitigation} {Options} by the {Example} of {Agricultural} {IoT} {Scenarios}},
    volume = {33},
    url = {https://www.peasec.de/paper/2022/2022_KuntkeRomanenkoLinsnerSteinbrinkReuter_LoRaWANsecurityAgriculture_ETT.pdf},
    abstract = {The Internet of Things (IoT) is a major trend that is seen as a great opportunity to improve efficiency in many domains, including agriculture. This technology could transform the sector, improving the management and quality of agricultural operations, for example, crop farming. The most promising data transmission standard for this domain seems to be Long Range Wide Area Network (LoRaWAN), a popular representative of low power wide area network technologies today. LoRaWAN, like any wireless protocol, has properties that can be exploited by attackers, which has been a topic of multiple research papers in recent years. By conducting a systematic literature review, we build a recent list of attacks, as well as collect mitigation options. Taking a look at a concrete use case (IoT in agriculture) allows us to evaluate the practicality of both exploiting the vulnerabilities and implementing the countermeasures. We detected 16 attacks that we grouped into six attack types. Along with the attacks, we collect countermeasures for attack mitigation. Developers can use our findings to minimize the risks when developing applications based on LoRaWAN. These mostly theoretical security recommendations should encourage future works to evaluate the mitigations in practice.},
    journal = {Transactions on Emerging Telecommunications Technologies (ETT)},
    author = {Kuntke, Franz and Romanenko, Vladimir and Linsner, Sebastian and Steinbrink, Enno and Reuter, Christian},
    year = {2022},
    keywords = {Student, Security, A-Paper, Ranking-ImpactFactor, Projekt-GeoBox, Projekt-GRKPrivacy, Projekt-HyServ, Projekt-AgriRegio},
    }

  • Franz Kuntke, Sebastian Linsner, Enno Steinbrink, Jonas Franken, Christian Reuter (2022)
    Resilience in Agriculture: Communication and Energy Infrastructure Dependencies of German Farmers
    International Journal of Disaster Risk Science (IJDRS) . doi:10.1007/s13753-022-00404-7
    [BibTeX] [Abstract] [Download PDF]

    Agriculture is subject to high demands regarding resilience as it is an essential component of the food production chain. In the agricultural sector, there is an increasing usage of digital tools that rely on communication and energy infrastructures. Should disruption occur, such strengthened dependencies on other infrastructures increase the probability of ripple effects. Thus, there is a need to analyze the resilience of the agricultural sector with a specific focus on the effects of digitalization. This study works out resilience capacities of the interconnected technologies used in farm systems based on the experiences and opinions of farmers. Information was gathered through focus group interviews with farmers (N = 52) and a survey with participants from the agricultural sector (N = 118). In particular, the focus is put on the digital tools and other information and communication technologies they use. Based on a definition of resilience capacities, we evaluate resilience regarding energy and communication demands in various types of farm systems. Especially important are the resilience aspects of modern systems’ digital communication as well as the poorly developed and nonresilient network infrastructure in rural areas that contrast with the claim for a resilient agriculture. The result is a low robustness capacity, as our analysis concludes with the risk of food production losses.

    @article{kuntke_resilience_2022,
    title = {Resilience in {Agriculture}: {Communication} and {Energy} {Infrastructure} {Dependencies} of {German} {Farmers}},
    url = {https://link.springer.com/article/10.1007/s13753-022-00404-7},
    doi = {10.1007/s13753-022-00404-7},
    abstract = {Agriculture is subject to high demands regarding resilience as it is an essential component of the food production chain. In the agricultural sector, there is an increasing usage of digital tools that rely on communication and energy infrastructures. Should disruption occur, such strengthened dependencies on other infrastructures increase the probability of ripple effects. Thus, there is a need to analyze the resilience of the agricultural sector with a specific focus on the effects of digitalization. This study works out resilience capacities of the interconnected technologies used in farm systems based on the experiences and opinions of farmers. Information was gathered through focus group interviews with farmers (N = 52) and a survey with participants from the agricultural sector (N = 118). In particular, the focus is put on the digital tools and other information and communication technologies they use. Based on a definition of resilience capacities, we evaluate resilience regarding energy and communication demands in various types of farm systems. Especially important are the resilience aspects of modern systems’ digital communication as well as the poorly developed and nonresilient network infrastructure in rural areas that contrast with the claim for a resilient agriculture. The result is a low robustness capacity, as our analysis concludes with the risk of food production losses.},
    journal = {International Journal of Disaster Risk Science (IJDRS)},
    author = {Kuntke, Franz and Linsner, Sebastian and Steinbrink, Enno and Franken, Jonas and Reuter, Christian},
    year = {2022},
    keywords = {Selected, Security, A-Paper, Ranking-ImpactFactor, Projekt-GeoBox, Projekt-GRKPrivacy, Projekt-HyServ},
    }

    Alle Paper 2022

    Begutachtete Zeitschriften / Peer-reviewed Journals

  • Thea Riebe, Philipp Kuehn, Philipp Imperatori, Christian Reuter (2022)
    U.S. Security Policy: The Dual-Use Regulation of Cryptography and its Effects on Surveillance
    European Journal for Security Research . doi:10.1007/s41125-022-00080-0
    [BibTeX] [Abstract] [Download PDF]

    Cryptography has become ubiquitous in communication technology and is considered a necessary part of information security. However, both the regulation to restrict access to cryptography, as well as practices to weaken or break encryption, are part of the States’ security policies. The United States (U.S.) regulate cryptography for export in international trade as a dual-use good. However, the regulation has been increasingly loosened and transferred to bilateral agreements with Information and Communication Technology companies. At the same time, the National Security Agency attempted to implement a government encryption standard to guarantee itself easier access to data, thus progressively expanding surveillance on non-U.S. citizens. In this paper, using comparative policy analysis, we examine the evolution of both security policies by tracing the historical development of U.S. regulation of cryptography as a dual-use good, and surveillance technologies, and practices used from the 1990s to today. We conclude that the impact of the dual-use regulation has affected the efficiency of surveillance technology, by loosening regulations only for mass communication services, thereby supporting the proliferation of surveillance intermediaries, while working on strategies to collaborate and exploit their coverage.

    @article{riebe_us_2022,
    title = {U.{S}. {Security} {Policy}: {The} {Dual}-{Use} {Regulation} of {Cryptography} and its {Effects} on {Surveillance}},
    url = {https://link.springer.com/content/pdf/10.1007/s41125-022-00080-0.pdf},
    doi = {10.1007/s41125-022-00080-0},
    abstract = {Cryptography has become ubiquitous in communication technology and is considered a necessary part of information security. However, both the regulation to restrict access to cryptography, as well as practices to weaken or break encryption, are part of the States’ security policies. The United States (U.S.) regulate cryptography for export in international trade as a dual-use good. However, the regulation has been increasingly loosened and transferred to bilateral agreements with Information and Communication Technology companies. At the same time, the National Security Agency attempted to implement a government encryption standard to guarantee itself easier access to data, thus progressively expanding surveillance on non-U.S. citizens. In this paper, using comparative policy analysis, we examine the evolution of both security policies by tracing the historical development of U.S. regulation of cryptography as a dual-use good, and surveillance technologies, and practices used from the 1990s to today. We conclude that the impact of the dual-use regulation has affected the efficiency of surveillance technology, by loosening regulations only for mass communication services, thereby supporting the proliferation of surveillance intermediaries, while working on strategies to collaborate and exploit their coverage.},
    journal = {European Journal for Security Research},
    author = {Riebe, Thea and Kuehn, Philipp and Imperatori, Philipp and Reuter, Christian},
    year = {2022},
    keywords = {Student, Security, Projekt-CROSSING, Projekt-ATHENE-SecUrban, Projekt-CYWARN},
    }

  • Stefka Schmid, Katrin Hartwig, Robert Cieslinski, Christian Reuter (2022)
    Digital Resilience in Dealing with Misinformation on Social Media during COVID-19: A Web Application to Assist Users in Crises
    Information Systems Frontiers . doi:10.1007/s10796-022-10347-5
    [BibTeX] [Abstract] [Download PDF]

    In crises such as the COVID-19 pandemic, it is crucial to support users when dealing with social media content. Considering digital resilience, we propose a web app based on Social Network Analysis (SNA) to provide an overview of potentially misleading vs. non-misleading content on Twitter, which can be explored by users and enable foundational learning. The latter aims at systematically identifying thematic patterns which may be associated with misleading information. Additionally, it entails reflecting on indicators of misleading tweets which are proposed to approach classification of tweets. Paying special attention to non-expert users of social media, we conducted a two-step Think Aloud study for evaluation. While participants valued the opportunity to generate new knowledge and the diversity of the application, qualities such as equality and rapidity may be further improved. However, learning effects outweighed individual costs as all users were able to shift focus onto relevant features, such as hashtags, while readily pointing out content characteristics. Our design artifact connects to learning-oriented interventions regarding the spread of misleading information and tackles information overload by a SNA-based plug-in.

    @article{schmid_digital_2022,
    title = {Digital {Resilience} in {Dealing} with {Misinformation} on {Social} {Media} during {COVID}-19: {A} {Web} {Application} to {Assist} {Users} in {Crises}},
    url = {https://link.springer.com/article/10.1007/s10796-022-10347-5},
    doi = {10.1007/s10796-022-10347-5},
    abstract = {In crises such as the COVID-19 pandemic, it is crucial to support users when dealing with social media content. Considering digital resilience, we propose a web app based on Social Network Analysis (SNA) to provide an overview of potentially misleading vs. non-misleading content on Twitter, which can be explored by users and enable foundational learning. The latter aims at systematically identifying thematic patterns which may be associated with misleading information. Additionally, it entails reflecting on indicators of misleading tweets which are proposed to approach classification of tweets. Paying special attention to non-expert users of social media, we conducted a two-step Think Aloud study for evaluation. While participants valued the opportunity to generate new knowledge and the diversity of the application, qualities such as equality and rapidity may be further improved. However, learning effects outweighed individual costs as all users were able to shift focus onto relevant features, such as hashtags, while readily pointing out content characteristics. Our design artifact connects to learning-oriented interventions regarding the spread of misleading information and tackles information overload by a SNA-based plug-in.},
    journal = {Information Systems Frontiers},
    author = {Schmid, Stefka and Hartwig, Katrin and Cieslinski, Robert and Reuter, Christian},
    year = {2022},
    keywords = {Crisis, Student, A-Paper, Projekt-NEBULA},
    }

  • Franz Kuntke, Vladimir Romanenko, Sebastian Linsner, Enno Steinbrink, Christian Reuter (2022)
    LoRaWAN Security Issues and Mitigation Options by the Example of Agricultural IoT Scenarios
    Transactions on Emerging Telecommunications Technologies (ETT) ;33.
    [BibTeX] [Abstract] [Download PDF]

    The Internet of Things (IoT) is a major trend that is seen as a great opportunity to improve efficiency in many domains, including agriculture. This technology could transform the sector, improving the management and quality of agricultural operations, for example, crop farming. The most promising data transmission standard for this domain seems to be Long Range Wide Area Network (LoRaWAN), a popular representative of low power wide area network technologies today. LoRaWAN, like any wireless protocol, has properties that can be exploited by attackers, which has been a topic of multiple research papers in recent years. By conducting a systematic literature review, we build a recent list of attacks, as well as collect mitigation options. Taking a look at a concrete use case (IoT in agriculture) allows us to evaluate the practicality of both exploiting the vulnerabilities and implementing the countermeasures. We detected 16 attacks that we grouped into six attack types. Along with the attacks, we collect countermeasures for attack mitigation. Developers can use our findings to minimize the risks when developing applications based on LoRaWAN. These mostly theoretical security recommendations should encourage future works to evaluate the mitigations in practice.

    @article{kuntke_lorawan_2022,
    title = {{LoRaWAN} {Security} {Issues} and {Mitigation} {Options} by the {Example} of {Agricultural} {IoT} {Scenarios}},
    volume = {33},
    url = {https://www.peasec.de/paper/2022/2022_KuntkeRomanenkoLinsnerSteinbrinkReuter_LoRaWANsecurityAgriculture_ETT.pdf},
    abstract = {The Internet of Things (IoT) is a major trend that is seen as a great opportunity to improve efficiency in many domains, including agriculture. This technology could transform the sector, improving the management and quality of agricultural operations, for example, crop farming. The most promising data transmission standard for this domain seems to be Long Range Wide Area Network (LoRaWAN), a popular representative of low power wide area network technologies today. LoRaWAN, like any wireless protocol, has properties that can be exploited by attackers, which has been a topic of multiple research papers in recent years. By conducting a systematic literature review, we build a recent list of attacks, as well as collect mitigation options. Taking a look at a concrete use case (IoT in agriculture) allows us to evaluate the practicality of both exploiting the vulnerabilities and implementing the countermeasures. We detected 16 attacks that we grouped into six attack types. Along with the attacks, we collect countermeasures for attack mitigation. Developers can use our findings to minimize the risks when developing applications based on LoRaWAN. These mostly theoretical security recommendations should encourage future works to evaluate the mitigations in practice.},
    journal = {Transactions on Emerging Telecommunications Technologies (ETT)},
    author = {Kuntke, Franz and Romanenko, Vladimir and Linsner, Sebastian and Steinbrink, Enno and Reuter, Christian},
    year = {2022},
    keywords = {Student, Security, A-Paper, Ranking-ImpactFactor, Projekt-GeoBox, Projekt-GRKPrivacy, Projekt-HyServ, Projekt-AgriRegio},
    }

  • Katrin Hartwig, Christian Reuter (2022)
    Nudging Users Towards Better Security Decisions in Password Creation Using Whitebox-based Multidimensional Visualizations
    Behaviour & Information Technology (BIT) ;41(7):1357–1380. doi:10.1080/0144929X.2021.1876167
    [BibTeX] [Abstract] [Download PDF]

    Nudging users to keep them secure online has become a growing research field in cybersecurity. While existing approaches are mainly blackbox based, showing aggregated visualisations as one-size-fits-all nudges, personalisation turned out promising to enhance the efficacy of nudges within the high variance of users and contexts. This article presents a disaggregated whitebox-based visualisation of critical information as a novel nudge. By segmenting users according to their decision-making and information processing styles, we investigate if the novel nudge is more effective for specific users than a common black-box nudge. Based on existing literature about critical factors in password security, we designed a dynamic radar chart and parallel coordinates as disaggregated visualisations. We evaluated the short-term effectiveness and users‘ perception of the nudges in a think-aloud prestudy and a representative online evaluation (N=1.012). Our findings suggest that dynamic radar charts present a moderately effective nudge towards stronger passwords regarding short-term efficacy and are appreciated particularly by players of role-playing games.

    @article{hartwig_nudging_2022,
    title = {Nudging {Users} {Towards} {Better} {Security} {Decisions} in {Password} {Creation} {Using} {Whitebox}-based {Multidimensional} {Visualizations}},
    volume = {41},
    url = {https://peasec.de/paper/2022/2022_HartwigReuter_WhiteboxMultidimensionalNudges_BIT.pdf},
    doi = {10.1080/0144929X.2021.1876167},
    abstract = {Nudging users to keep them secure online has become a growing research field in cybersecurity. While existing approaches are mainly blackbox based, showing aggregated visualisations as one-size-fits-all nudges, personalisation turned out promising to enhance the efficacy of nudges within the high variance of users and contexts. This article presents a disaggregated whitebox-based visualisation of critical information as a novel nudge. By segmenting users according to their decision-making and information processing styles, we investigate if the novel nudge is more effective for specific users than a common black-box nudge. Based on existing literature about critical factors in password security, we designed a dynamic radar chart and parallel coordinates as disaggregated visualisations. We evaluated the short-term effectiveness and users' perception of the nudges in a think-aloud prestudy and a representative online evaluation (N=1.012). Our findings suggest that dynamic radar charts present a moderately effective nudge towards stronger passwords regarding short-term efficacy and are appreciated particularly by players of role-playing games.},
    number = {7},
    journal = {Behaviour \& Information Technology (BIT)},
    author = {Hartwig, Katrin and Reuter, Christian},
    year = {2022},
    keywords = {HCI, Selected, UsableSec, Security, A-Paper, Ranking-ImpactFactor, Ranking-CORE-A, Projekt-CROSSING, AuswahlUsableSec},
    pages = {1357--1380},
    }

  • Verena Zimmermann, Jasmin Haunschild, Marita Unden, Paul Gerber, Nina Gerber (2022)
    Sicherheitsherausforderungen für Smart City-Infrastrukturen
    Wirtschaftsinformatik & Management . doi:10.1365/s35764-022-00396-5
    [BibTeX] [Abstract] [Download PDF]

    Viele Städte entwickeln sich hin zu einer „Smart City“. Der Trend birgt einerseits vielfältige Potenziale für Effizienz, Nachhaltigkeit und Sicherheit. Auf der anderen Seite ergeben sich neue Herausforderungen für den Schutz städtischer Infrastrukturen und der darin befindlichen Daten vor Ausfällen und (Cyber‑)Angriffen, die in ihrer Komplexität bisher nur wenig untersucht sind.

    @article{zimmermann_sicherheitsherausforderungen_2022,
    title = {Sicherheitsherausforderungen für {Smart} {City}-{Infrastrukturen}},
    url = {https://link.springer.com/content/pdf/10.1365/s35764-022-00396-5.pdf},
    doi = {10.1365/s35764-022-00396-5},
    abstract = {Viele Städte entwickeln sich hin zu einer „Smart City“. Der Trend birgt einerseits vielfältige Potenziale für Effizienz, Nachhaltigkeit und Sicherheit. Auf der anderen Seite ergeben sich neue Herausforderungen für den Schutz städtischer Infrastrukturen und der darin befindlichen Daten vor Ausfällen und (Cyber‑)Angriffen, die in ihrer Komplexität bisher nur wenig untersucht sind.},
    journal = {Wirtschaftsinformatik \& Management},
    author = {Zimmermann, Verena and Haunschild, Jasmin and Unden, Marita and Gerber, Paul and Gerber, Nina},
    year = {2022},
    keywords = {UsableSec, Security, Projekt-ATHENE-SecUrban},
    }

  • Laura Guntrum, Mira Keßler, Jignesh Patel, Anna Varfolomeeva (2022)
    Remotely Accessing the Field and Building Trust with Distant Sources. Perspectives from Journalism Practice for Ethnographic Research
    Global Media Journal – German Edition ;12(1).
    [BibTeX] [Abstract] [Download PDF]

    Journalists and ethnographic researchers, such as anthropologists, sociologists or media scholars, have comparable ways of establishing initial contacts with people from their fields of interest. Due to the ongoing COVID-19 pandemic and consequential travel restrictions and social distancing, it has become increasingly difficult to access a field. Taking inspiration from social anthropologist Ulf Hannerz (2004, p. 226), who compared journalists and anthropologists as “neighboring groups engaged in a somehow parallel pursuit,” this article explores what researchers may learn from practitioners who conduct research without being on-site. Fed by various practical journalists’ experiences, the article aims to investigate how information and communication technologies (ICTs) and digitally mediated methods, such as online search tools and social media, can be used to establish contacts and gain trust remotely. Here, the relevance of these methods for accessing a field in general goes beyond the limitations imposed during the COVID-19 pandemic and can be of interest to all those who face difficulties of field access of any kind. Ultimately, this article reflects on corresponding ethical challenges that may arise while conducting research remotely.

    @article{guntrum_remotely_2022,
    title = {Remotely {Accessing} the {Field} and {Building} {Trust} with {Distant} {Sources}. {Perspectives} from {Journalism} {Practice} for {Ethnographic} {Research}},
    volume = {12},
    url = {https://globalmediajournal.de/index.php/gmj/article/view/220},
    abstract = {Journalists and ethnographic researchers, such as anthropologists, sociologists or media scholars, have comparable ways of establishing initial contacts with people from their fields of interest. Due to the ongoing COVID-19 pandemic and consequential travel restrictions and social distancing, it has become increasingly difficult to access a field. Taking inspiration from social anthropologist Ulf Hannerz (2004, p. 226), who compared journalists and anthropologists as “neighboring groups engaged in a somehow parallel pursuit,” this article explores what researchers may learn from practitioners who conduct research without being on-site. Fed by various practical journalists’ experiences, the article aims to investigate how information and communication technologies (ICTs) and digitally mediated methods, such as online search tools and social media, can be used to establish contacts and gain trust remotely. Here, the relevance of these methods for accessing a field in general goes beyond the limitations imposed during the COVID-19 pandemic and can be of interest to all those who face difficulties of field access of any kind. Ultimately, this article reflects on corresponding ethical challenges that may arise while conducting research remotely.},
    number = {1},
    journal = {Global Media Journal - German Edition},
    author = {Guntrum, Laura and Keßler, Mira and Patel, Jignesh and Varfolomeeva, Anna},
    year = {2022},
    keywords = {Peace, Projekt-TraCe},
    }

  • Sebastian Linsner, Enno Steinbrink, Franz Kuntke, Jonas Franken, Christian Reuter (2022)
    Supporting Users in Data Disclosure Scenarios in Agriculture through Transparency
    Behaviour & Information Technology (BIT) ;41(10):2137–2159. doi:10.1080/0144929X.2022.2068070
    [BibTeX] [Abstract] [Download PDF]

    Business collaboration in the era of digital transformation requires the exchange of operational data. Since data are hardly controllable once they have been published or shared with others, it is highly important that users are clearly informed about who has access to which data and how certain settings can prevent the disclosure of sensitive data. However, giving end users more control over their data through increased transparency could also lead to information overload. This is particularly true in the field of agriculture, where tight schedules put pressure on employees of small enterprises. We conduct an empirical prestudy with 52 German farmers to investigate current data sharing scenarios. From these insights, we derive requirements and a concept for data sharing solutions providing data flow transparency for users. To investigate the behavior of users and the effects of transparent UI controls, we evaluate a prototype with 18 persons. Our evaluation shows that farmers demand flexible and secure tools that adjust to their workflows. Also, data should be stored and processed locally, granting farmers data sovereignty. Although the controls require additional effort, the evaluated transparent controls for data disclosure are easy to use and raise user awareness.

    @article{linsner_supporting_2022,
    title = {Supporting {Users} in {Data} {Disclosure} {Scenarios} in {Agriculture} through {Transparency}},
    volume = {41},
    url = {http://www.peasec.de/paper/2022/2022_LinsnerSteinbrinkKuntkeFrankenReuter_SupportingDataDisclosureScenariosAgriculture_BIT.pdf},
    doi = {10.1080/0144929X.2022.2068070},
    abstract = {Business collaboration in the era of digital transformation requires the exchange of operational data. Since data are hardly controllable once they have been published or shared with others, it is highly important that users are clearly informed about who has access to which data and how certain settings can prevent the disclosure of sensitive data. However, giving end users more control over their data through increased transparency could also lead to information overload. This is particularly true in the field of agriculture, where tight schedules put pressure on employees of small enterprises. We conduct an empirical prestudy with 52 German farmers to investigate current data sharing scenarios. From these insights, we derive requirements and a concept for data sharing solutions providing data flow transparency for users. To investigate the behavior of users and the effects of transparent UI controls, we evaluate a prototype with 18 persons. Our evaluation shows that farmers demand flexible and secure tools that adjust to their workflows. Also, data should be stored and processed locally, granting farmers data sovereignty. Although the controls require additional effort, the evaluated transparent controls for data disclosure are easy to use and raise user awareness.},
    number = {10},
    journal = {Behaviour \& Information Technology (BIT)},
    author = {Linsner, Sebastian and Steinbrink, Enno and Kuntke, Franz and Franken, Jonas and Reuter, Christian},
    year = {2022},
    keywords = {UsableSec, Security, A-Paper, Ranking-ImpactFactor, Ranking-CORE-A, Projekt-GRKPrivacy, Projekt-HyServ, Projekt-AgriRegio},
    pages = {2137--2159},
    }

  • Thomas Reinhold, Christian Reuter (2022)
    Towards a Cyber Weapons Assessment Model – Assessment of the Technical Features of Malicious Software
    IEEE Transactions on Technology and Society ;3(3):226–239. doi:10.1109/TTS.2021.3131817
    [BibTeX] [Abstract] [Download PDF]

    The revelation of the Stuxnet malware in 2010 shed light on the presence of state actors that are willing and capable of developing and using highly sophisticated, specialized malicious software for their political interests. These tools -often dubbed cyber weapons -are expected to become the next major advancement in weaponry technology. Besides the threats of offensive cyber operations for civil IT systems due to the interconnected nature of the cyberspace, international regulation of cyber weapons is -among other aspects -hindered by the fact that the military development and the strategic and tactical deployment of cyber weapons differ significantly from other weapons technologies. In order to establish measures of cyber arms related control treaties, it is crucial to identify these particular characteristics. Based on this premise, the article analyzes the current perspectives on cyber weapons, identifying their weaknesses of being either based on assumptions about adversarial actors or being applicable only after the usage of a malicious tool. In contrast to these approaches, the article focuses on the specific functional aspects of malware and presents an indicator-based assessment model based on parameters that can be measured prior to the application of malicious software. This enables the categorization of malicious tools as cyber weapons. Besides this, the article aims to introduce thought-provoking impulses with regard to social responsibility in computer science.

    @article{reinhold_towards_2022,
    title = {Towards a {Cyber} {Weapons} {Assessment} {Model} – {Assessment} of the {Technical} {Features} of {Malicious} {Software}},
    volume = {3},
    issn = {2637-6415},
    url = {https://peasec.de/paper/2021/2021_ReinholdReuter_CyberWeapons_IEEETransactionsTechnologySociety.pdf},
    doi = {10.1109/TTS.2021.3131817},
    abstract = {The revelation of the Stuxnet malware in 2010 shed light on the presence of state actors that are willing and capable of developing and using highly sophisticated, specialized malicious software for their political interests. These tools -often dubbed cyber weapons -are expected to become the next major advancement in weaponry technology. Besides the threats of offensive cyber operations for civil IT systems due to the interconnected nature of the cyberspace, international regulation of cyber weapons is -among other aspects -hindered by the fact that the military development and the strategic and tactical deployment of cyber weapons differ significantly from other weapons technologies. In order to establish measures of cyber arms related control treaties, it is crucial to identify these particular characteristics. Based on this premise, the article analyzes the current perspectives on cyber weapons, identifying their weaknesses of being either based on assumptions about adversarial actors or being applicable only after the usage of a malicious tool. In contrast to these approaches, the article focuses on the specific functional aspects of malware and presents an indicator-based assessment model based on parameters that can be measured prior to the application of malicious software. This enables the categorization of malicious tools as cyber weapons. Besides this, the article aims to introduce thought-provoking impulses with regard to social responsibility in computer science.},
    language = {en},
    number = {3},
    journal = {IEEE Transactions on Technology and Society},
    author = {Reinhold, Thomas and Reuter, Christian},
    month = sep,
    year = {2022},
    keywords = {A-Paper, Ranking-ImpactFactor, Peace, AuswahlPeace, Cyberwar, Projekt-ATHENE-SecUrban},
    pages = {226--239},
    }

  • Christian Reuter, Thea Riebe, Jasmin Haunschild, Thomas Reinhold, Stefka Schmid (2022)
    Zur Schnittmenge von Informatik mit Friedens- und Sicherheitsforschung: Erfahrungen aus der interdisziplinären Lehre in der Friedensinformatik
    Zeitschrift für Friedens- und Konfliktforschung (ZeFKo) . doi:10.1007/s42597-022-00078-4
    [BibTeX] [Abstract] [Download PDF]

    Interdisziplinäre Forschung und Lehre zwischen Informatik sowie Friedens- und Sicherheitsforschung ist vor dem Hintergrund, dass Konflikte im Cyberspace nicht mehr eine in der Zukunft liegende Fiktion, sondern eine realitätsnahe Möglichkeit darstellen, unabdingbar. Auch wenn zahlreiche etablierte Lehrveranstaltungen und Lehrbücher in der einen oder anderen Disziplin existieren, gilt dies nicht für deren Schnittmenge. Dieser Beitrag reflektiert die Einführung der in Bezug auf Thematik und Hörer*innenschaft interdisziplinären Lehrveranstaltung „Informationstechnologie für Frieden und Sicherheit“ für Studierende der Informatik, IT-Sicherheit und Wirtschaftsinformatik der Technischen Universität Darmstadt, sowie Friedens- und Konfliktforschung der TU Darmstadt in Kooperation mit der Goethe-Universität Frankfurt. Hierbei werden Herausforderungen und Lösungsansätze der interdisziplinären Lehre dargestellt und die Bedeutung dieser Lehre hervorgehoben.

    @article{reuter_zur_2022,
    title = {Zur {Schnittmenge} von {Informatik} mit {Friedens}- und {Sicherheitsforschung}: {Erfahrungen} aus der interdisziplinären {Lehre} in der {Friedensinformatik}},
    url = {https://link.springer.com/content/pdf/10.1007/s42597-022-00078-4.pdf},
    doi = {10.1007/s42597-022-00078-4},
    abstract = {Interdisziplinäre Forschung und Lehre zwischen Informatik sowie Friedens- und Sicherheitsforschung ist vor dem Hintergrund, dass Konflikte im Cyberspace nicht mehr eine in der Zukunft liegende Fiktion, sondern eine realitätsnahe Möglichkeit darstellen, unabdingbar. Auch wenn zahlreiche etablierte Lehrveranstaltungen und Lehrbücher in der einen oder anderen Disziplin existieren, gilt dies nicht für deren Schnittmenge. Dieser Beitrag reflektiert die Einführung der in Bezug auf Thematik und Hörer*innenschaft interdisziplinären Lehrveranstaltung „Informationstechnologie für Frieden und Sicherheit“ für Studierende der Informatik, IT-Sicherheit und Wirtschaftsinformatik der Technischen Universität Darmstadt, sowie Friedens- und Konfliktforschung der TU Darmstadt in Kooperation mit der Goethe-Universität Frankfurt. Hierbei werden Herausforderungen und Lösungsansätze der interdisziplinären Lehre dargestellt und die Bedeutung dieser Lehre hervorgehoben.},
    journal = {Zeitschrift für Friedens- und Konfliktforschung (ZeFKo)},
    author = {Reuter, Christian and Riebe, Thea and Haunschild, Jasmin and Reinhold, Thomas and Schmid, Stefka},
    year = {2022},
    keywords = {Peace},
    }

  • Sabrina Gabel, Lilian Reichert, Christian Reuter (2022)
    Discussing Conflict in Social Media – The Use of Twitter in the Jammu and Kashmir Conflict
    Media, War & Conflict ;15(4):1–26.
    [BibTeX] [Abstract] [Download PDF]

    Social media have come to play a vital role not only in our everyday lives, but also in times of conflict and crisis such as natural disasters or civil wars. Recent research has highlighted, on the one hand, the use of social media as a means of recruitment by terrorists and, on the other hand, the use of Facebook, Twitter etc. to gain the support of the population during insurgencies. This article conducts a qualitative content analysis of content on Twitter concerning the conflict in the Jammu and Kashmir region. The tweets following the death of a popular militant, Burhan Wani, cover three different themes: (1) criticism of intellectuals, (2) Burhan Wani’s impact on the conflict, and (3) tweets referring to the conflict itself. Generally, people use Twitter to make their own point of view clear to others and discredit the opposing party, at the same time tweets are reflecting the antagonism between the two parties to the conflict, India and Pakistan. The sample of tweets reflects the lack of awareness among people in the region regarding the motivations of the new generation of militancy emerging in Kashmir after 1990.

    @article{gabel_discussing_2022,
    title = {Discussing {Conflict} in {Social} {Media} – {The} {Use} of {Twitter} in the {Jammu} and {Kashmir} {Conflict}},
    volume = {15},
    url = {https://journals.sagepub.com/doi/full/10.1177/1750635220970997},
    abstract = {Social media have come to play a vital role not only in our everyday lives, but also in times of conflict and crisis such as natural disasters or civil wars. Recent research has highlighted, on the one hand, the use of social media as a means of recruitment by terrorists and, on the other hand, the use of Facebook, Twitter etc. to gain the support of the population during insurgencies. This article conducts a qualitative content analysis of content on Twitter concerning the conflict in the Jammu and Kashmir region. The tweets following the death of a popular militant, Burhan Wani, cover three different themes: (1) criticism of intellectuals, (2) Burhan Wani's impact on the conflict, and (3) tweets referring to the conflict itself. Generally, people use Twitter to make their own point of view clear to others and discredit the opposing party, at the same time tweets are reflecting the antagonism between the two parties to the conflict, India and Pakistan. The sample of tweets reflects the lack of awareness among people in the region regarding the motivations of the new generation of militancy emerging in Kashmir after 1990.},
    number = {4},
    journal = {Media, War \& Conflict},
    author = {Gabel, Sabrina and Reichert, Lilian and Reuter, Christian},
    year = {2022},
    keywords = {Crisis, HCI, SocialMedia, Ranking-ImpactFactor, Peace, Projekt-ATHENE-SecUrban},
    pages = {1--26},
    }

  • Markus Bayer, Marc-André Kaufhold, Björn Buchhold, Marcel Keller, Jörg Dallmeyer, Christian Reuter (2022)
    Data Augmentation in Natural Language Processing: A Novel Text Generation Approach for Long and Short Text Classifiers
    International Journal of Machine Learning and Cybernetics (IJMLC) . doi:10.1007/s13042-022-01553-3
    [BibTeX] [Abstract]

    In many cases of machine learning, research suggests that the development of training data might have a higher relevance than the choice and modelling of classifiers themselves. Thus, data augmentation methods have been developed to improve classifiers by artificially created training data. In NLP, there is the challenge of establishing universal rules for text transformations which provide new linguistic patterns. In this paper, we present and evaluate a text generation method suitable to increase the performance of classifiers for long and short texts. We achieved promising improvements when evaluating short as well as long text tasks with the enhancement by our text generation method. Especially with regard to small data analytics, additive accuracy gains of up to 15.53\% and 3.56\% are achieved within a constructed low data regime, compared to the no augmentation baseline and another data augmentation technique. As the current track of these constructed regimes is not universally applicable, we also show major improvements in several real world low data tasks (up to +4.84 F1-score). Since we are evaluating the method from many perspectives (in total 11 datasets), we also observe situations where the method might not be suitable. We discuss implications and patterns for the successful application of our approach on different types of datasets.

    @article{bayer_data_2022,
    title = {Data {Augmentation} in {Natural} {Language} {Processing}: {A} {Novel} {Text} {Generation} {Approach} for {Long} and {Short} {Text} {Classifiers}},
    doi = {10.1007/s13042-022-01553-3},
    abstract = {In many cases of machine learning, research suggests that the development of training data might have a higher relevance than the choice and modelling of classifiers themselves. Thus, data augmentation methods have been developed to improve classifiers by artificially created training data. In NLP, there is the challenge of establishing universal rules for text transformations which provide new linguistic patterns. In this paper, we present and evaluate a text generation method suitable to increase the performance of classifiers for long and short texts. We achieved promising improvements when evaluating short as well as long text tasks with the enhancement by our text generation method. Especially with regard to small data analytics, additive accuracy gains of up to 15.53\% and 3.56\% are achieved within a constructed low data regime, compared to the no augmentation baseline and another data augmentation technique. As the current track of these constructed regimes is not universally applicable, we also show major improvements in several real world low data tasks (up to +4.84 F1-score). Since we are evaluating the method from many perspectives (in total 11 datasets), we also observe situations where the method might not be suitable. We discuss implications and patterns for the successful application of our approach on different types of datasets.},
    journal = {International Journal of Machine Learning and Cybernetics (IJMLC)},
    author = {Bayer, Markus and Kaufhold, Marc-André and Buchhold, Björn and Keller, Marcel and Dallmeyer, Jörg and Reuter, Christian},
    year = {2022},
    keywords = {Student, Security, A-Paper, Ranking-ImpactFactor, Projekt-CYWARN},
    }

  • Christian Reuter, Luigi Lo Iacono, Alexander Benlian (2022)
    A Quarter Century of Usable Security and Privacy Research: Transparency, Tailorability, and the Road Ahead
    Behaviour & Information Technology (BIT) ;41(10):2035–2048. doi:10.1080/0144929X.2022.2080908
    [BibTeX] [Abstract] [Download PDF]

    In the last decades, research has shown that both technical solutions and user perceptions are important to improve security and privacy in the digital realm. The field of ‘usable security’ already started to emerge in the mid-90s, primarily focussed on password and email security. Later on, the research field of ”usable security and privacy” evolved and broadened the aim to design concepts and tools to assist users in enhancing their behaviour with regard to both privacy and security. Nevertheless, many user interventions are not as effective as desired. Because of highly diverse usage contexts, leading to different privacy and security requirements and not always to one-size-fits-all approaches, tailorability is necessary to address this issue. Furthermore, transparency is a crucial requirement, as providing comprehensible information may counter reactance towards security interventions. This article first provides a brief history of the research field in its first quarter-century and then highlights research on the transparency and tailorability of user interventions. Based on this, this article then presents six contributions with regard to (1) privacy concerns in times of COVID-19, (2) authentication on mobile devices, (3) GDPR-compliant data management, (4) privacy notices on websites, (5) data disclosure scenarios in agriculture, as well as (6) rights under data protection law and the concrete process should data subjects want to claim those rights. This article concludes with several research directions on user-centred transparency and tailorability.

    @article{reuter_quarter_2022,
    title = {A {Quarter} {Century} of {Usable} {Security} and {Privacy} {Research}: {Transparency}, {Tailorability}, and the {Road} {Ahead}},
    volume = {41},
    issn = {0144-929X},
    url = {https://www.tandfonline.com/toc/tbit20/41/10},
    doi = {10.1080/0144929X.2022.2080908},
    abstract = {In the last decades, research has shown that both technical solutions and user perceptions are important to improve security and privacy in the digital realm. The field of ‘usable security’ already started to emerge in the mid-90s, primarily focussed on password and email security. Later on, the research field of ”usable security and privacy” evolved and broadened the aim to design concepts and tools to assist users in enhancing their behaviour with regard to both privacy and security. Nevertheless, many user interventions are not as effective as desired. Because of highly diverse usage contexts, leading to different privacy and security requirements and not always to one-size-fits-all approaches, tailorability is necessary to address this issue. Furthermore, transparency is a crucial requirement, as providing comprehensible information may counter reactance towards security interventions. This article first provides a brief history of the research field in its first quarter-century and then highlights research on the transparency and tailorability of user interventions. Based on this, this article then presents six contributions with regard to (1) privacy concerns in times of COVID-19, (2) authentication on mobile devices, (3) GDPR-compliant data management, (4) privacy notices on websites, (5) data disclosure scenarios in agriculture, as well as (6) rights under data protection law and the concrete process should data subjects want to claim those rights. This article concludes with several research directions on user-centred transparency and tailorability.},
    number = {10},
    journal = {Behaviour \& Information Technology (BIT)},
    author = {Reuter, Christian and Lo Iacono, Luigi and Benlian, Alexander},
    year = {2022},
    keywords = {A-Paper, Crisis, HCI, Projekt-CROSSING, Ranking-CORE-A, Ranking-ImpactFactor, Security, SocialMedia, UsableSec},
    pages = {2035--2048},
    }

  • Aparecido Fabiano Pinatti De Carvalho, Saqib Saeed, Christian Reuter, Markus Rohde, Dave Randall, Volkmar Pipek, Volker Wulf (2022)
    Understanding Nomadic Practices of Social Activist Networks through the Lens of Infrastructuring: The Case of the European Social Forum
    Computer Supported Cooperative Work: The Journal of Collaborative Computing (JCSCW) . doi:10.1007/s10606-022-09442-7
    [BibTeX] [Abstract] [Download PDF]

    Within CSCW and HCI, an increasing body of literature has been demonstrating the essential relevance of infrastructures and infrastructuring to the work of people engaging in technologically mediated nomadicity. Tech Nomads – or T-Nomads, as they are sometimes called – not only rely on technological, human, and environmental infrastructural components – such as Wi-Fi, technical support, space, and basic resources such as light and power outlets – but they also have to engage in infrastructuring to mobilise their workplaces and effectively accomplish work in and across different locations. In this article, we bring an infrastructuring perspective to understanding nomadic practices concerning the organisation of complex collaborative events. We introduce findings from a long-term investigation focusing on how infrastructures are re-instantiated with the help of digital technologies, according to emerging demands from T-Nomads. Our findings demonstrate the need for a ‘nonessentialist’ approach to nomadicity, one which recognises the character of nomadic work and its varied aspects in different contexts. We extend the infrastructuring literature by demonstrating how infrastructuring work is done in a complex collaborative initiative, as the organisation of the annual European Social Forum.

    @article{pinatti_de_carvalho_understanding_2022,
    title = {Understanding {Nomadic} {Practices} of {Social} {Activist} {Networks} through the {Lens} of {Infrastructuring}: {The} {Case} of the {European} {Social} {Forum}},
    url = {Understanding Nomadic Practices of Social Activist Networks through the Lens of Infrastructuring: The Case of the European Social Forum},
    doi = {10.1007/s10606-022-09442-7},
    abstract = {Within CSCW and HCI, an increasing body of literature has been demonstrating the essential relevance of infrastructures and infrastructuring to the work of people engaging in technologically mediated nomadicity. Tech Nomads – or T-Nomads, as they are sometimes called – not only rely on technological, human, and environmental infrastructural components – such as Wi-Fi, technical support, space, and basic resources such as light and power outlets – but they also have to engage in infrastructuring to mobilise their workplaces and effectively accomplish work in and across different locations. In this article, we bring an infrastructuring perspective to understanding nomadic practices concerning the organisation of complex collaborative events. We introduce findings from a long-term investigation focusing on how infrastructures are re-instantiated with the help of digital technologies, according to emerging demands from T-Nomads. Our findings demonstrate the need for a ‘nonessentialist’ approach to nomadicity, one which recognises the character of nomadic work and its varied aspects in different contexts. We extend the infrastructuring literature by demonstrating how infrastructuring work is done in a complex collaborative initiative, as the organisation of the annual European Social Forum.},
    journal = {Computer Supported Cooperative Work: The Journal of Collaborative Computing (JCSCW)},
    author = {Pinatti De Carvalho, Aparecido Fabiano and Saeed, Saqib and Reuter, Christian and Rohde, Markus and Randall, Dave and Pipek, Volkmar and Wulf, Volker},
    year = {2022},
    keywords = {Crisis, HCI, A-Paper, Ranking-ImpactFactor},
    }

  • Thomas Reinhold, Christian Reuter (2022)
    Book Review: Artificial Intelligence and The Future of Warfare, James Johnson (2021)
    Zeitschrift für Außen- und Sicherheitspolitik (ZfAS) . doi:10.1007/s12399-022-00918-4
    [BibTeX] [Download PDF]

    @article{reinhold_book_2022,
    title = {Book {Review}: {Artificial} {Intelligence} and {The} {Future} of {Warfare}, {James} {Johnson} (2021)},
    url = {https://link.springer.com/article/10.1007/s12399-022-00918-4},
    doi = {10.1007/s12399-022-00918-4},
    journal = {Zeitschrift für Außen- und Sicherheitspolitik (ZfAS)},
    author = {Reinhold, Thomas and Reuter, Christian},
    year = {2022},
    keywords = {Peace, Projekt-ATHENE-SecUrban},
    }

  • Tom Biselli, Enno Steinbrink, Franziska Herbert, Gina Maria Schmidbauer-Wolf, Christian Reuter (2022)
    On the Challenges of Developing a Concise Questionnaire to Identify Privacy Personas
    Proceedings on Privacy Enhancing Technologies (PoPETs) .
    [BibTeX] [Abstract] [Download PDF]

    Concise instruments to determine privacy personas – typical privacy-related user groups – are not available at present. Consequently, we aimed to identify them on a privacy knowledge–privacy behavior ratio based on a self-developed instrument. To achieve this, we conducted an item analysis (N = 820) and a confirmatory factor analysis (CFA) (N = 656) of data based on an online study with German participants. Starting with 81 items, we reduced those to an eleven-item questionnaire with the two scales privacy knowledge and privacy behavior. A subsequent cluster analysis (N = 656) revealed three distinct user groups: (1) Fundamentalists scoring high in privacy knowledge and behavior, (2) Pragmatists scoring average in privacy knowledge and behavior and (3) Unconcerned scoring low in privacy knowledge and behavior. In a closer inspection of the questionnaire, the CFAs supported the model with a close global fit based on RMSEA in a training and to a lesser extent in a cross-validation sample. Deficient local fit as well as validity and reliability coefficients well below generally accepted thresholds, however, revealed that the questionnaire in its current form cannot be considered a suitable measurement instrument for determining privacy personas. The results are discussed in terms of related persona conceptualizations, the importance of a methodologically sound investigation of corresponding privacy dimensions and our lessons learned.

    @article{biselli_challenges_2022,
    title = {On the {Challenges} of {Developing} a {Concise} {Questionnaire} to {Identify} {Privacy} {Personas}},
    url = {https://petsymposium.org/2022/files/papers/issue4/popets-2022-0126.pdf},
    abstract = {Concise instruments to determine privacy personas – typical privacy-related user groups – are not available at present. Consequently, we aimed to identify them on a privacy knowledge–privacy behavior ratio based on a self-developed instrument. To achieve this, we conducted an item analysis (N = 820) and a confirmatory factor analysis (CFA) (N = 656) of data based on an online study with German participants. Starting with 81 items, we reduced those to an eleven-item questionnaire with the two scales privacy knowledge and privacy behavior. A subsequent cluster analysis (N = 656) revealed three distinct user groups: (1) Fundamentalists scoring high in privacy knowledge and behavior, (2) Pragmatists scoring average in privacy knowledge and behavior and (3) Unconcerned scoring low in privacy knowledge and behavior. In a closer inspection of the questionnaire, the CFAs supported the model with a close global fit based on RMSEA in a training and to a lesser extent in a cross-validation sample. Deficient local fit as well as validity and reliability coefficients well below generally accepted thresholds, however, revealed that the questionnaire in its current form cannot be considered a suitable measurement instrument for determining privacy personas. The results are discussed in terms of related persona conceptualizations, the importance of a methodologically sound investigation of corresponding privacy dimensions and our lessons learned.},
    journal = {Proceedings on Privacy Enhancing Technologies (PoPETs)},
    author = {Biselli, Tom and Steinbrink, Enno and Herbert, Franziska and Schmidbauer-Wolf, Gina Maria and Reuter, Christian},
    year = {2022},
    keywords = {HCI, Selected, UsableSec, Security, A-Paper, Ranking-CORE-A, Projekt-ATHENE-FANCY, AuswahlUsableSec, Projekt-GRKPrivacy},
    }

  • Stefka Schmid, Thea Riebe, Christian Reuter (2022)
    Dual-Use and Trustworthy? A Mixed Methods Analysis of AI Diffusion between Civilian and Defense R&D
    Science and Engineering Ethics ;28(12):1–23. doi:10.1007/s11948-022-00364-7
    [BibTeX] [Abstract] [Download PDF]

    Artificial Intelligence (AI) seems to be impacting all industry sectors, while becoming a motor for innovation. The diffusion of AI from the civilian sector to the defense sector, and AI’s dual-use potential has drawn attention from security and ethics scholars. With the publication of the ethical guideline Trustworthy AI by the European Union (EU), normative questions on the application of AI have been further evaluated. In order to draw conclusions on Trustworthy AI as a point of reference for responsible research and development (R&D), we approach the diffusion of AI across both civilian and military spheres in the EU. We capture the extent of technological diffusion and derive European and German patent citation networks. Both networks indicate a low degree of diffusion of AI between civilian and defense sectors. A qualitative investigation of project descriptions of a research institute’s work in both civilian and military fields shows that military AI applications stress accuracy or robustness, while civilian AI reflects a focus on human-centric values. Our work represents a first approach by linking processes of technology diffusion with normative evaluations of R&D.

    @article{schmid_dual-use_2022,
    title = {Dual-{Use} and {Trustworthy}? {A} {Mixed} {Methods} {Analysis} of {AI} {Diffusion} between {Civilian} and {Defense} {R}\&{D}},
    volume = {28},
    url = {https://peasec.de/paper/2022/2022_SchmidRiebeReuter_DualUseandTrustworthy_ScienceEngineeringEthics.pdf},
    doi = {10.1007/s11948-022-00364-7},
    abstract = {Artificial Intelligence (AI) seems to be impacting all industry sectors, while becoming a motor for innovation. The diffusion of AI from the civilian sector to the defense sector, and AI’s dual-use potential has drawn attention from security and ethics scholars. With the publication of the ethical guideline Trustworthy AI by the European Union (EU), normative questions on the application of AI have been further evaluated. In order to draw conclusions on Trustworthy AI as a point of reference for responsible research and development (R\&D), we approach the diffusion of AI across both civilian and military spheres in the EU. We capture the extent of technological diffusion and derive European and German patent citation networks. Both networks indicate a low degree of diffusion of AI between civilian and defense sectors. A qualitative investigation of project descriptions of a research institute’s work in both civilian and military fields shows that military AI applications stress accuracy or robustness, while civilian AI reflects a focus on human-centric values. Our work represents a first approach by linking processes of technology diffusion with normative evaluations of R\&D.},
    number = {12},
    journal = {Science and Engineering Ethics},
    author = {Schmid, Stefka and Riebe, Thea and Reuter, Christian},
    year = {2022},
    keywords = {A-Paper, Ranking-ImpactFactor, Peace, Projekt-DualUse, AuswahlPeace, Projekt-ATHENE-SecUrban, Projekt-TraCe},
    pages = {1--23},
    }

  • Stefka Schmid (2022)
    Trustworthy and Explainable: A European Vision of (Weaponised) Artificial Intelligence
    Die Friedens-Warte / Journal of International Peace and Organization (JIPO) ;95(3-4):290–315. doi:10.35998/fw-2022-0013
    [BibTeX] [Abstract] [Download PDF]

    The European Union (EU) has undertaken policies which address the research and development of artificial intelligence (AI). In light of debates of technology assessment which focus on risks for humans and questions of control of AI, the EU has propagated an ethical, human-centred approach of the application of AI. It is important to identify how the EU envisions AI as this may guide emerging norms in AI governance and today’s research and development of (weaponised) AI. Building on works of Human-Computer Interaction (HCI), this work derives the actor’s understanding of human-AI interaction, including conceptualisations of explainability, interpretability, and risks. Analysis of EU documents on the implementation of AI as a general-purpose technology and for military application reveals that explainability and risk identification are crucial elements for trust, which itself is a necessary component in the uptake of AI. Interdisciplinary approaches allow for a more detailed understanding of actors’ fundamental views on human control of AI, which further contributes to debates on technology assessment in professionalised political contexts.

    @article{schmid_trustworthy_2022,
    title = {Trustworthy and {Explainable}: {A} {European} {Vision} of ({Weaponised}) {Artificial} {Intelligence}},
    volume = {95},
    url = {https://elibrary.bwv-verlag.de/article/10.35998/fw-2022-0013},
    doi = {10.35998/fw-2022-0013},
    abstract = {The European Union (EU) has undertaken policies which address the research and development of artificial intelligence (AI). In light of debates of technology assessment which focus on risks for humans and questions of control of AI, the EU has propagated an ethical, human-centred approach of the application of AI. It is important to identify how the EU envisions AI as this may guide emerging norms in AI governance and today’s research and development of (weaponised) AI. Building on works of Human-Computer Interaction (HCI), this work derives the actor’s understanding of human-AI interaction, including conceptualisations of explainability, interpretability, and risks. Analysis of EU documents on the implementation of AI as a general-purpose technology and for military application reveals that explainability and risk identification are crucial elements for trust, which itself is a necessary component in the uptake of AI. Interdisciplinary approaches allow for a more detailed understanding of actors’ fundamental views on human control of AI, which further contributes to debates on technology assessment in professionalised political contexts.},
    number = {3-4},
    journal = {Die Friedens-Warte / Journal of International Peace and Organization (JIPO)},
    author = {Schmid, Stefka},
    year = {2022},
    keywords = {Peace, Projekt-ATHENE-SecUrban, Projekt-TraCe},
    pages = {290--315},
    }

  • Christian Reuter, Malte Göttsche, Friederike Frieß, Pierre Thielbörger, Johannes Vüllers (2022)
    Between Destabilization and Enabling Resilience: Perspectives from the Technical Sciences, Political Science and Law
    Die Friedens-Warte / Journal of International Peace and Organization (JIPO) ;95(3-4):244–246.
    [BibTeX] [Abstract] [Download PDF]

    In this special issue of the “Journal of International Peace and Organization”, we approach the topic of resilience from the different perspectives of the technical sciences (with a focus on new technologies), the social sciences, and law. In our view such interdisciplinary exchange of views within the research field of peace and conflict research is highly important, yet at the same time all too rare. Today’s international security environment is marked by the demise of the classical arms control architecture, the return of great power politics, and eroding trust among states. New developments in military and dual use technology as well as weapon modernization programs add complexity to any effort towards peace and security. The importance of dealing with these issues in an informed manner has been widely accepted since Russia’s invasion of Ukraine in February 2022. The first part of this special issue is based on the interdisciplinary conference Science Peace Security 2021 in Aachen, which examined the impacts of new technologies on resilience. It sought concepts on how a more resilient security environment can be achieved through scientific contributions and policy measures towards crisis resolution, risk assessments, confidence-building, and arms limitations. Nuclear, biological, chemical, and space threats as well as developments in information technology such as cyber or artificial intelligence issues, and any other relevant technical fields, were examined.

    @article{reuter_between_2022,
    title = {Between {Destabilization} and {Enabling} {Resilience}: {Perspectives} from the {Technical} {Sciences}, {Political} {Science} and {Law}},
    volume = {95},
    url = {https://elibrary.bwv-verlag.de/article/99.105025/fw202203024401},
    abstract = {In this special issue of the “Journal of International Peace and Organization”, we approach the topic of resilience from the different perspectives of the technical sciences (with a focus on new technologies), the social sciences, and law. In our view such interdisciplinary exchange of views within the research field of peace and conflict research is highly important, yet at the same time all too rare.
    Today’s international security environment is marked by the demise of the classical arms control architecture, the return of great power politics, and eroding trust among states. New developments in military and dual use technology as well as weapon modernization programs add complexity to any effort towards peace and security. The importance of dealing with these issues in an informed manner has been widely accepted since Russia’s invasion of Ukraine in February 2022.
    The first part of this special issue is based on the interdisciplinary conference Science Peace Security 2021 in Aachen, which examined the impacts of new technologies on resilience. It sought concepts on how a more resilient security environment can be achieved through scientific contributions and policy measures towards crisis resolution, risk assessments, confidence-building, and arms limitations. Nuclear, biological, chemical, and space threats as well as developments in information technology such as cyber or artificial intelligence issues, and any other relevant technical fields, were examined.},
    number = {3-4},
    journal = {Die Friedens-Warte / Journal of International Peace and Organization (JIPO)},
    author = {Reuter, Christian and Göttsche, Malte and Frieß, Friederike and Thielbörger, Pierre and Vüllers, Johannes},
    year = {2022},
    keywords = {Peace},
    pages = {244--246},
    }

  • Christian Reuter, Malte Göttsche, Friederike Frieß, Pierre Thielbörger, Johannes Vüllers (2022)
    Zwischen Destabilisierung und der Ermöglichung von Resilienz: Perspektiven aus den Technikwissenschaften, den Sozialwissenschaften und den Rechtswissenschaften
    Die Friedens-Warte / Journal of International Peace and Organization (JIPO) ;95(3-4):241–243.
    [BibTeX] [Abstract] [Download PDF]

    In dieser Sonderausgabe von „Die Friedens-Warte“ nähern wir uns dem Thema Resilienz aus den unterschiedlichen Perspektiven der Technikwissenschaften (mit einem Schwerpunkt auf neuen Technologien), den Sozialwissenschaften und den Rechtswissenschaften. Ein solcher interdisziplinärer Austausch innerhalb des Forschungsfeldes der Friedens- und Konfliktforschung ist aus unserer Sicht immens wichtig, zurzeit jedoch noch allzu rar. Das heutige internationale Sicherheitsumfeld ist gekennzeichnet durch den Niedergang der klassischen Rüstungskontrollarchitektur, die Rückkehr der Großmachtpolitik und das schwindende Vertrauen zwischen den Staaten. Neue Entwicklungen im Bereich der Militärtechnologie und der Technologien mit Doppelverwendungsfähigkeit sowie Modernisierungsprogramme für Waffen machen die Bemühungen um Frieden und Sicherheit noch komplexer. Seit dem Einmarsch Russlands in die Ukraine im Februar 2022 ist allgemein anerkannt, wie wichtig es ist, sich mit diesen Fragen sachkundig auseinanderzusetzen. Der erste Teil dieser Sonderausgabe basiert auf der interdisziplinären Konferenz Science Peace Security 2021 in Aachen, die sich mit den Auswirkungen neuer Technologien auf die Resilienz befasste. Gesucht wurden Konzepte zur Erreichung eines widerstandsfähigeren Sicherheitsumfeldes durch wissenschaftliche Beiträge und politische Maßnahmen zur Krisenbewältigung, Risikobewertung, Vertrauensbildung und Rüstungsbegrenzung. Untersucht wurden nukleare, biologische, chemische und weltraumgestützte Bedrohungen sowie Entwicklungen in der Informationstechnologie, wie z. B. Cyber- oder künstliche Intelligenz, sowie weitere relevante technischen Bereiche.

    @article{reuter_zwischen_2022,
    title = {Zwischen {Destabilisierung} und der {Ermöglichung} von {Resilienz}: {Perspektiven} aus den {Technikwissenschaften}, den {Sozialwissenschaften} und den {Rechtswissenschaften}},
    volume = {95},
    url = {https://elibrary.bwv-verlag.de/article/99.105025/fw202203024101},
    abstract = {In dieser Sonderausgabe von „Die Friedens-Warte“ nähern wir uns dem Thema Resilienz aus den unterschiedlichen Perspektiven der Technikwissenschaften (mit einem Schwerpunkt auf neuen Technologien), den Sozialwissenschaften und den Rechtswissenschaften. Ein solcher interdisziplinärer Austausch innerhalb des Forschungsfeldes der Friedens- und Konfliktforschung ist aus unserer Sicht immens wichtig, zurzeit jedoch noch allzu rar.
    Das heutige internationale Sicherheitsumfeld ist gekennzeichnet durch den Niedergang der klassischen Rüstungskontrollarchitektur, die Rückkehr der Großmachtpolitik und das schwindende Vertrauen zwischen den Staaten. Neue Entwicklungen im Bereich der Militärtechnologie und der Technologien mit Doppelverwendungsfähigkeit sowie Modernisierungsprogramme für Waffen machen die Bemühungen um Frieden und Sicherheit noch komplexer. Seit dem Einmarsch Russlands in die Ukraine im Februar 2022 ist allgemein anerkannt, wie wichtig es ist, sich mit diesen Fragen sachkundig auseinanderzusetzen.
    Der erste Teil dieser Sonderausgabe basiert auf der interdisziplinären Konferenz Science Peace Security 2021 in Aachen, die sich mit den Auswirkungen neuer Technologien auf die Resilienz befasste. Gesucht wurden Konzepte zur Erreichung eines widerstandsfähigeren Sicherheitsumfeldes durch wissenschaftliche Beiträge und politische Maßnahmen zur Krisenbewältigung, Risikobewertung, Vertrauensbildung und Rüstungsbegrenzung. Untersucht wurden nukleare, biologische, chemische und weltraumgestützte Bedrohungen sowie Entwicklungen in der Informationstechnologie, wie z. B. Cyber- oder künstliche Intelligenz, sowie weitere relevante technischen Bereiche.},
    number = {3-4},
    journal = {Die Friedens-Warte / Journal of International Peace and Organization (JIPO)},
    author = {Reuter, Christian and Göttsche, Malte and Frieß, Friederike and Thielbörger, Pierre and Vüllers, Johannes},
    year = {2022},
    keywords = {Peace},
    pages = {241--243},
    }

  • Jonas Franken, Thomas Reinhold, Lilian Reichert, Christian Reuter (2022)
    The Digital Divide in State Vulnerability to Submarine Communications Cable Failure
    International Journal of Critical Infrastructure Protection (IJCIP) ;38(100522):1–15. doi:10.1016/j.ijcip.2022.100522
    [BibTeX] [Abstract] [Download PDF]

    The backbone network of submarine communication cables (SCC) carries 98\% of international internet traffic. Coastal and island states strongly depend on this physical internet infrastructure to provide internet connectivity. Although about 100 SCC breakdowns of human or natural origin occur at yearly average, a literature review reveals that there is no approach to assess individual state vulnerability to SCC failure in global comparison. In this article, the global SCC network is modeled based on publicly available data. Besides the analysis of the global network properties, a focus is put on remaining bandwidth capacities in three different failure scenario simulations of SCC breakdowns. As a result, this study identifies 15 highly vulnerable states and overseas territories, and another 28 territories that are classified as partially vulnerable to SCC failures. Since economic market decisions shape the structure of the SCC network, an uneven distribution of redundancies and the resulting vulnerability of disadvantaged economies can be confirmed. Therefore, the study’s findings may contribute to a better assessment of the necessity of preventive protection measures of critical telecommunication infrastructures in states and territories characterized by high and medium vulnerability.

    @article{franken_digital_2022,
    title = {The {Digital} {Divide} in {State} {Vulnerability} to {Submarine} {Communications} {Cable} {Failure}},
    volume = {38},
    url = {https://peasec.de/paper/2022/2022_FrankenReinholdReichertReuter_DigitalDivideStateVulnerabilitySubmarineCommunicationsCable_IJCIP.pdf},
    doi = {10.1016/j.ijcip.2022.100522},
    abstract = {The backbone network of submarine communication cables (SCC) carries 98\% of international internet traffic. Coastal and island states strongly depend on this physical internet infrastructure to provide internet connectivity. Although about 100 SCC breakdowns of human or natural origin occur at yearly average, a literature review reveals that there is no approach to assess individual state vulnerability to SCC failure in global comparison. In this article, the global SCC network is modeled based on publicly available data. Besides the analysis of the global network properties, a focus is put on remaining bandwidth capacities in three different failure scenario simulations of SCC breakdowns. As a result, this study identifies 15 highly vulnerable states and overseas territories, and another 28 territories that are classified as partially vulnerable to SCC failures. Since economic market decisions shape the structure of the SCC network, an uneven distribution of redundancies and the resulting vulnerability of disadvantaged economies can be confirmed. Therefore, the study's findings may contribute to a better assessment of the necessity of preventive protection measures of critical telecommunication infrastructures in states and territories characterized by high and medium vulnerability.},
    number = {100522},
    journal = {International Journal of Critical Infrastructure Protection (IJCIP)},
    author = {Franken, Jonas and Reinhold, Thomas and Reichert, Lilian and Reuter, Christian},
    year = {2022},
    keywords = {Selected, Student, Security, A-Paper, Ranking-ImpactFactor, AuswahlPeace, Projekt-ATHENE-SecUrban, Projekt-AgriRegio},
    pages = {1--15},
    }

  • Sebastian Schwartz, Laura Guntrum, Christian Reuter (2022)
    Vision or Threat – Awareness for Dual-Use in the Development of Autonomous Driving
    IEEE Transactions on Technology and Society ;3(3):163–174. doi:10.1109/TTS.2022.3182310
    [BibTeX] [Abstract] [Download PDF]

    In the digital age, the vision of autonomous vehicles (AVs) is vibrant. Research is being conducted worldwide to inte-grate AVs into our everyday lives in the future, spending consid-erable amounts of money in the development process. Actors from both engineering as well as social sciences are involved in this re-search, with technical disciplines strongly dominating. In addition to perceived progress of numerous newly developed technologies such as AVs, challenges should also be referred to. According to research analysis, the transferability of autonomous cars to the military sphere seems to be frequently forgotten or ignored (dual-use). Since not much research has been conducted in Germany on the potential deployment of autonomous driving development steps into military domains, 25 semi-structured interviews with de-velopers and researchers and actors involved in the field, were conducted in 2020. The paper identifies that the majority of re-spondents interviewed were aware of general existing dual-use de-bates, however, few had reflected about dual-use issues regarding a possible transfer of their own development processes in the con-text of autonomous driving to military applications, intensively. One reason is the small-scale nature of research, another is the complexity of the field, which enables the engineer’s alienation from their responsibility for the artefacts’ use. Moreover, it has become clear that hardly any conversations among colleagues oc-cur about possible misuse and that no standardized policy guide-lines exist, which provide information about possible risk. To raise dual-use awareness, scientific contributions, risk education, and interdisciplinary discussions are essential.

    @article{schwartz_vision_2022,
    title = {Vision or {Threat} – {Awareness} for {Dual}-{Use} in the {Development} of {Autonomous} {Driving}},
    volume = {3},
    issn = {2637-6415},
    url = {https://www.peasec.de/paper/2022/2022_SchwartzGuntrumReuter_VisionorThreatAwarenessDualUseAutonomousDriving_IEEE-TTS.pdf},
    doi = {10.1109/TTS.2022.3182310},
    abstract = {In the digital age, the vision of autonomous vehicles (AVs) is vibrant. Research is being conducted worldwide to inte-grate AVs into our everyday lives in the future, spending consid-erable amounts of money in the development process. Actors from both engineering as well as social sciences are involved in this re-search, with technical disciplines strongly dominating. In addition to perceived progress of numerous newly developed technologies such as AVs, challenges should also be referred to. According to research analysis, the transferability of autonomous cars to the military sphere seems to be frequently forgotten or ignored (dual-use). Since not much research has been conducted in Germany on the potential deployment of autonomous driving development steps into military domains, 25 semi-structured interviews with de-velopers and researchers and actors involved in the field, were conducted in 2020. The paper identifies that the majority of re-spondents interviewed were aware of general existing dual-use de-bates, however, few had reflected about dual-use issues regarding a possible transfer of their own development processes in the con-text of autonomous driving to military applications, intensively. One reason is the small-scale nature of research, another is the complexity of the field, which enables the engineer’s alienation from their responsibility for the artefacts’ use. Moreover, it has become clear that hardly any conversations among colleagues oc-cur about possible misuse and that no standardized policy guide-lines exist, which provide information about possible risk. To raise dual-use awareness, scientific contributions, risk education, and interdisciplinary discussions are essential.},
    language = {en},
    number = {3},
    journal = {IEEE Transactions on Technology and Society},
    author = {Schwartz, Sebastian and Guntrum, Laura and Reuter, Christian},
    year = {2022},
    keywords = {Selected, A-Paper, Ranking-ImpactFactor, Peace, AuswahlPeace, Projekt-ATHENE-FANCY, Projekt-TraCe},
    pages = {163--174},
    }

  • Franz Kuntke, Sebastian Linsner, Enno Steinbrink, Jonas Franken, Christian Reuter (2022)
    Resilience in Agriculture: Communication and Energy Infrastructure Dependencies of German Farmers
    International Journal of Disaster Risk Science (IJDRS) . doi:10.1007/s13753-022-00404-7
    [BibTeX] [Abstract] [Download PDF]

    Agriculture is subject to high demands regarding resilience as it is an essential component of the food production chain. In the agricultural sector, there is an increasing usage of digital tools that rely on communication and energy infrastructures. Should disruption occur, such strengthened dependencies on other infrastructures increase the probability of ripple effects. Thus, there is a need to analyze the resilience of the agricultural sector with a specific focus on the effects of digitalization. This study works out resilience capacities of the interconnected technologies used in farm systems based on the experiences and opinions of farmers. Information was gathered through focus group interviews with farmers (N = 52) and a survey with participants from the agricultural sector (N = 118). In particular, the focus is put on the digital tools and other information and communication technologies they use. Based on a definition of resilience capacities, we evaluate resilience regarding energy and communication demands in various types of farm systems. Especially important are the resilience aspects of modern systems’ digital communication as well as the poorly developed and nonresilient network infrastructure in rural areas that contrast with the claim for a resilient agriculture. The result is a low robustness capacity, as our analysis concludes with the risk of food production losses.

    @article{kuntke_resilience_2022,
    title = {Resilience in {Agriculture}: {Communication} and {Energy} {Infrastructure} {Dependencies} of {German} {Farmers}},
    url = {https://link.springer.com/article/10.1007/s13753-022-00404-7},
    doi = {10.1007/s13753-022-00404-7},
    abstract = {Agriculture is subject to high demands regarding resilience as it is an essential component of the food production chain. In the agricultural sector, there is an increasing usage of digital tools that rely on communication and energy infrastructures. Should disruption occur, such strengthened dependencies on other infrastructures increase the probability of ripple effects. Thus, there is a need to analyze the resilience of the agricultural sector with a specific focus on the effects of digitalization. This study works out resilience capacities of the interconnected technologies used in farm systems based on the experiences and opinions of farmers. Information was gathered through focus group interviews with farmers (N = 52) and a survey with participants from the agricultural sector (N = 118). In particular, the focus is put on the digital tools and other information and communication technologies they use. Based on a definition of resilience capacities, we evaluate resilience regarding energy and communication demands in various types of farm systems. Especially important are the resilience aspects of modern systems’ digital communication as well as the poorly developed and nonresilient network infrastructure in rural areas that contrast with the claim for a resilient agriculture. The result is a low robustness capacity, as our analysis concludes with the risk of food production losses.},
    journal = {International Journal of Disaster Risk Science (IJDRS)},
    author = {Kuntke, Franz and Linsner, Sebastian and Steinbrink, Enno and Franken, Jonas and Reuter, Christian},
    year = {2022},
    keywords = {Selected, Security, A-Paper, Ranking-ImpactFactor, Projekt-GeoBox, Projekt-GRKPrivacy, Projekt-HyServ},
    }

    Bücher und herausgegebene Zeitschriften / Books and Edited Special Issues in Journals

  • Christian Reuter, Luigi Lo Iacono, Alexander Benlian (2022)
    Special Issue on Usable Security and Privacy with User-Centered Interventions and Transparency Mechanisms – Behaviour & Information Technology (BIT)
    Taylor & Francis.
    [BibTeX]

    @book{reuter_special_2022,
    title = {Special {Issue} on {Usable} {Security} and {Privacy} with {User}-{Centered} {Interventions} and {Transparency} {Mechanisms} - {Behaviour} \& {Information} {Technology} ({BIT})},
    publisher = {Taylor \& Francis},
    author = {Reuter, Christian and Lo Iacono, Luigi and Benlian, Alexander},
    year = {2022},
    note = {Publication Title: Behaviour \& Information Technology (BIT)},
    keywords = {Crisis, HCI, SocialMedia, A-Paper, Ranking-ImpactFactor, Ranking-CORE-A, Peace},
    }

  • Christian Reuter (2022)
    A European Perspective on Crisis Informatics: Citizens‘ and Authorities‘ attitudes towards Social Media for Public Safety and Security
    1 ed. Wiesbaden: Springer Vieweg. doi:https://doi.org/10.1007/978-3-658-39720-3
    [BibTeX] [Abstract] [Download PDF]

    Mobilising helpers in the event of a flood or letting friends know that you are okay in the event of a terrorist attack – more and more people are using social media in emergency, crisis or disaster situations. Storms, floods, attacks or pandemics (esp. COVID-19) show that citizens use social media to inform themselves or to coordinate. This thesis presents qualitative and quantitative studies on the attitudes of emergency services and citizens in Europe towards social media in emergencies. Across the individual sub-studies, almost 10,000 people are surveyed including representative studies in the Netherlands, Germany, the UK and Italy. The work empirically shows that social media is increasingly important for emergency services, both for prevention and during crises; that private use of social media is a driving force in shaping opinions for organisational use; and that citizens have high expectations towards authorities, especially monitoring social media is expected, and sometimes responses within one hour. Depending on the risk culture, the data show further differences, e.g. whether the state (Germany) or the individual (Netherlands) is seen as primarily responsible for coping with the situation.

    @book{reuter_european_2022,
    address = {Wiesbaden},
    edition = {1},
    title = {A {European} {Perspective} on {Crisis} {Informatics}: {Citizens}' and {Authorities}' attitudes towards {Social} {Media} for {Public} {Safety} and {Security}},
    isbn = {978-3-658-39719-7},
    url = {https://link.springer.com/book/10.1007/978-3-658-39720-3},
    abstract = {Mobilising helpers in the event of a flood or letting friends know that you are okay in the event of a terrorist attack – more and more people are using social media in emergency, crisis or disaster situations. Storms, floods, attacks or pandemics (esp. COVID-19) show that citizens use social media to inform themselves or to coordinate. This thesis presents qualitative and quantitative studies on the attitudes of emergency services and citizens in Europe towards social media in emergencies. Across the individual sub-studies, almost 10,000 people are surveyed including representative studies in the Netherlands, Germany, the UK and Italy. The work empirically shows that social media is increasingly important for emergency services, both for prevention and during crises; that private use of social media is a driving force in shaping opinions for organisational use; and that citizens have high expectations towards authorities, especially monitoring social media is expected, and sometimes responses within one hour. Depending on the risk culture, the data show further differences, e.g. whether the state (Germany) or the individual (Netherlands) is seen as primarily responsible for coping with the situation.},
    language = {en},
    publisher = {Springer Vieweg},
    author = {Reuter, Christian},
    year = {2022},
    doi = {https://doi.org/10.1007/978-3-658-39720-3},
    keywords = {Crisis, HCI, SocialMedia, Projekt-EmerGent, Projekt-KontiKat, Projekt-ATHENE-SecUrban, Projekt-emergenCITY},
    }

  • Christian Reuter, Malte Göttsche, Friederike Frieß, Pierre Thielbörger, Johannes Vüllers (2022)
    Special Issue on Between Destabilization and Enabling Resilience: Perspectives from the Technical Sciences, Social Sciences, and Law – Die Friedens-Warte / Journal of International Peace and Organization (JIPO)
    Berliner Wissenschafts-Verlag.
    [BibTeX] [Abstract] [Download PDF]

    In this special issue of the “Journal of International Peace and Organization”, we approach the topic of resilience from the different perspectives of the technical sciences (with a focus on new technologies), the social sciences, and law. In our view such interdisciplinary exchange of views within the research field of peace and conflict research is highly important, yet at the same time all too rare. Today’s international security environment is marked by the demise of the classical arms control architecture, the return of great power politics, and eroding trust among states. New developments in military and dual use technology as well as weapon modernization programs add complexity to any effort towards peace and security. The importance of dealing with these issues in an informed manner has been widely accepted since Russia’s invasion of Ukraine in February 2022. The first part of this special issue is based on the interdisciplinary conference Science Peace Security 2021 in Aachen, which examined the impacts of new technologies on resilience. It sought concepts on how a more resilient security environment can be achieved through scientific contributions and policy measures towards crisis resolution, risk assessments, confidence-building, and arms limitations. Nuclear, biological, chemical, and space threats as well as developments in information technology such as cyber or artificial intelligence issues, and any other relevant technical fields, were examined.

    @book{reuter_special_2022-1,
    title = {Special {Issue} on {Between} {Destabilization} and {Enabling} {Resilience}: {Perspectives} from the {Technical} {Sciences}, {Social} {Sciences}, and {Law} - {Die} {Friedens}-{Warte} / {Journal} of {International} {Peace} and {Organization} ({JIPO})},
    volume = {95},
    url = {https://elibrary.bwv-verlag.de/journal/fw/95/3-4},
    abstract = {In this special issue of the “Journal of International Peace and Organization”, we approach the topic of resilience from the different perspectives of the technical sciences (with a focus on new technologies), the social sciences, and law. In our view such interdisciplinary exchange of views within the research field of peace and conflict research is highly important, yet at the same time all too rare.
    Today’s international security environment is marked by the demise of the classical arms control architecture, the return of great power politics, and eroding trust among states. New developments in military and dual use technology as well as weapon modernization programs add complexity to any effort towards peace and security. The importance of dealing with these issues in an informed manner has been widely accepted since Russia’s invasion of Ukraine in February 2022.
    The first part of this special issue is based on the interdisciplinary conference Science Peace Security 2021 in Aachen, which examined the impacts of new technologies on resilience. It sought concepts on how a more resilient security environment can be achieved through scientific contributions and policy measures towards crisis resolution, risk assessments, confidence-building, and arms limitations. Nuclear, biological, chemical, and space threats as well as developments in information technology such as cyber or artificial intelligence issues, and any other relevant technical fields, were examined.},
    publisher = {Berliner Wissenschafts-Verlag},
    author = {Reuter, Christian and Göttsche, Malte and Frieß, Friederike and Thielbörger, Pierre and Vüllers, Johannes},
    year = {2022},
    keywords = {Peace},
    }

  • Christian Bueger, Tobias Liebetrau, Jonas Franken (2022)
    Security threats to undersea communications cables and infrastructure – consequences for the EU
    Brussels: European Parliament.
    [BibTeX] [Abstract] [Download PDF]

    The EU’s subsea data cable network is both vital for global connectivity and vulnerable. This study provides a systematic review of the current security threats, as well as the actors at the origin of these threats. Building on reports and expert input, the paper takes stock of current awareness, preparedness and response mechanisms, both at the EU and Member State level. A number of recommendations suggest how to improve the resilience of the cable network. Proposals build on the need to enhance EU-wide awareness, improve coordination and share information across EU institutions and Member States. In addition, surveillance capabilities must be advanced, response and repair mechanisms strengthened, and the topic mainstreamed across external action.

    @book{bueger_security_2022,
    address = {Brussels},
    title = {Security threats to undersea communications cables and infrastructure – consequences for the {EU}},
    url = {https://www.europarl.europa.eu/thinktank/en/document/EXPO_IDA(2022)702557},
    abstract = {The EU’s subsea data cable network is both vital for global connectivity and vulnerable. This study provides a systematic review of the current security threats, as well as the actors at the origin of these threats. Building on reports and expert input, the paper takes stock of current awareness, preparedness and response mechanisms, both at the EU and Member State level. A number of recommendations suggest how to improve the resilience of the cable network. Proposals build on the need to enhance EU-wide awareness, improve coordination and share information across EU institutions and Member States. In addition, surveillance capabilities must be advanced, response and repair mechanisms strengthened, and the topic mainstreamed across external action.},
    publisher = {European Parliament},
    author = {Bueger, Christian and Liebetrau, Tobias and Franken, Jonas},
    year = {2022},
    keywords = {Student, Security, Infrastructure, Cyberwar, Projekt-ATHENE-SecUrban, Projekt-emergenCITY},
    }

  • Christian Reuter (2022)
    A European Perspective on Crisis Informatics: Citizens‘ and Authorities‘ attitudes towards Social Media for Public Safety and Security
    Nijmegen: The Radboud University Thesis Repository.
    [BibTeX] [Abstract] [Download PDF]

    Mobilising helpers in the event of a flood or letting friends know that you are okay in the event of a terrorist attack – more and more people are using social media in emergency, crisis or disaster situations. Storms, floods, attacks or pandemics (esp. COVID-19) show that citizens use social media to inform themselves or to coordinate. This thesis presents qualitative and quantitative studies on the attitudes of emergency services and citizens in Europe towards social media in emergencies. Across the individual sub-studies, almost 10,000 people are surveyed including representative studies in the Netherlands, Germany, the UK and Italy. The work empirically shows that social media is increasingly important for emergency services, both for prevention and during crises; that private use of social media is a driving force in shaping opinions for organisational use; and that citizens have high expectations towards authorities, especially monitoring social media is expected, and sometimes responses within one hour. Depending on the risk culture, the data show further differences, e.g. whether the state (Germany) or the individual (Netherlands) is seen as primarily responsible for coping with the situation.

    @book{reuter_european_2022-1,
    address = {Nijmegen},
    title = {A {European} {Perspective} on {Crisis} {Informatics}: {Citizens}' and {Authorities}' attitudes towards {Social} {Media} for {Public} {Safety} and {Security}},
    url = {https://repository.ubn.ru.nl/handle/2066/253000},
    abstract = {Mobilising helpers in the event of a flood or letting friends know that you are okay in the event of a terrorist attack – more and more people are using social media in emergency, crisis or disaster situations. Storms, floods, attacks or pandemics (esp. COVID-19) show that citizens use social media to inform themselves or to coordinate. This thesis presents qualitative and quantitative studies on the attitudes of emergency services and citizens in Europe towards social media in emergencies. Across the individual sub-studies, almost 10,000 people are surveyed including representative studies in the Netherlands, Germany, the UK and Italy. The work empirically shows that social media is increasingly important for emergency services, both for prevention and during crises; that private use of social media is a driving force in shaping opinions for organisational use; and that citizens have high expectations towards authorities, especially monitoring social media is expected, and sometimes responses within one hour. Depending on the risk culture, the data show further differences, e.g. whether the state (Germany) or the individual (Netherlands) is seen as primarily responsible for coping with the situation.},
    publisher = {The Radboud University Thesis Repository},
    author = {Reuter, Christian},
    year = {2022},
    keywords = {AuswahlCrisis, Crisis, HCI, Selected, SocialMedia, Projekt-EmerGent, Projekt-KontiKat, Projekt-ATHENE-SecUrban, Projekt-emergenCITY},
    }

  • Niklas Schörnig, Thomas Reinhold (2022)
    Armament, Arms Control and Artificial Intelligence – The Janus-faced Nature of Machine Learning in the Military Realm
    1 ed. Springer. doi:https://doi.org/10.1007/978-3-031-11043-6
    [BibTeX] [Abstract] [Download PDF]

    Looking at a variety of armament sectors, the book examines how Artificial Intelligence (AI) impacts the fields of armament and arms control, how existing arms control measures will be affected by AI, and what new approaches based on AI have been or are currently developed. The significant increase in computing power, the increasing reliance on software, and the advent of (narrow) AI and deep-learning algorithms all have the potential to lead to disruptive changes for military operations and warfare, rendering many classical arms control instruments less effective, or even useless. On the other hand, AI might lead to completely new arms control approaches, raising the effectiveness and reliability of new verification measures. To provide a common understanding, the book starts by presenting a general introduction to the state of the art in artificial intelligence and arms control, and how the two topics are interrelated. The second part of the book looks at examples from various fields of weapon technology, including weapons of mass destruction (WMD), conventional armament, and emerging technologies. The final section offers a cross-cutting perspective based on the examples presented in the second part. This volume will appeal to students and scholars of international relations, as well as policy-makers and practitioners interested in a better understanding of peace and security studies in general, and armament and arms control in particular with a strong focus on AI.

    @book{schornig_armament_2022,
    edition = {1},
    title = {Armament, {Arms} {Control} and {Artificial} {Intelligence} - {The} {Janus}-faced {Nature} of {Machine} {Learning} in the {Military} {Realm}},
    isbn = {978-3-031-11043-6},
    url = {https://link.springer.com/book/10.1007/978-3-031-11043-6},
    abstract = {Looking at a variety of armament sectors, the book examines how Artificial Intelligence (AI) impacts the fields of armament and arms control, how existing arms control measures will be affected by AI, and what new approaches based on AI have been or are currently developed.
    The significant increase in computing power, the increasing reliance on software, and the advent of (narrow) AI and deep-learning algorithms all have the potential to lead to disruptive changes for military operations and warfare, rendering many classical arms control instruments less effective, or even useless. On the other hand, AI might lead to completely new arms control approaches, raising the effectiveness and reliability of new verification measures. To provide a common understanding, the book starts by presenting a general introduction to the state of the art in artificial intelligence and arms control, and how the two topics are interrelated. The second part of the book looks at examples from various fields of weapon technology, including weapons of mass destruction (WMD), conventional armament, and emerging technologies. The final section offers a cross-cutting perspective based on the examples presented in the second part.
    This volume will appeal to students and scholars of international relations, as well as policy-makers and practitioners interested in a better understanding of peace and security studies in general, and armament and arms control in particular with a strong focus on AI.},
    language = {en},
    publisher = {Springer},
    author = {Schörnig, Niklas and Reinhold, Thomas},
    year = {2022},
    doi = {https://doi.org/10.1007/978-3-031-11043-6},
    keywords = {Security, Peace, Projekt-ATHENE-SecUrban},
    }

  • Max Mühlhäuser, Christian Reuter, Bastian Pfleging, Thomas Kosch, Andrii Matviienko, Katrin Gerling, Sven Mayer, Wilko Heuten, Tanja Döring, Florian Müller, Martin Schmitz (2022)
    Proceedings of Mensch und Computer 2022: Facing Realities
    ACM.
    [BibTeX] [Abstract] [Download PDF]

    Die 2001 ins Leben gerufene Konferenz „Mensch und Computer“ (MuC) ist die größte Tagungsreihe der Mensch-Computer-Interaktion in Europa. Teilnehmenden aus Wissenschaft und Industrie bietet die MuC eine Plattform für Beiträge und Diskussionen zu innovativen Formen der Interaktion zwischen Menschen und digitaler Technik, zu nutzerorientierten Entwicklungsmethoden, interaktiven Anwendungen und weiteren Themen aus dem Spannungsfeld zwischen Nutzenden, Teams und Communities einerseits sowie den genutzten Informations- und Kommunikationstechnologien andererseits. Ziel der Tagung ist es, innovative Forschungsergebnisse zu diskutieren, den Informationsaustausch zwischen Wissenschaft und Praxis zu fördern, Forschungsaktivitäten und Ausbildung anzuregen sowie Wissenschaft, Praxis und Öffentlichkeit für die Relevanz nutzungs- und aufgabengerechter Technikgestaltung zu sensibilisieren. Hauptsächlich englischsprachige Fachbeiträge und deren Veröffentlichung in der „ACM Digital Library“ bzw. Digitalen Bibliothek der GI fördern die weltweite Sichtbarkeit der wissenschaftlichen Resultate der MuC.

    @book{muhlhauser_proceedings_2022,
    title = {Proceedings of {Mensch} und {Computer} 2022: {Facing} {Realities}},
    isbn = {978-1-4503-9690-5},
    url = {https://dl.acm.org/doi/proceedings/10.1145/3543758},
    abstract = {Die 2001 ins Leben gerufene Konferenz „Mensch und Computer“ (MuC) ist die größte Tagungsreihe der
    Mensch-Computer-Interaktion in Europa. Teilnehmenden aus Wissenschaft und Industrie bietet die MuC
    eine Plattform für Beiträge und Diskussionen zu innovativen Formen der Interaktion zwischen Menschen und digitaler Technik, zu nutzerorientierten Entwicklungsmethoden, interaktiven Anwendungen und weiteren Themen aus dem Spannungsfeld zwischen Nutzenden, Teams und Communities einerseits sowie den genutzten Informations- und Kommunikationstechnologien andererseits. Ziel der Tagung ist es, innovative Forschungsergebnisse zu diskutieren, den Informationsaustausch zwischen Wissenschaft und Praxis zu fördern, Forschungsaktivitäten und Ausbildung anzuregen sowie Wissenschaft, Praxis und Öffentlichkeit
    für die Relevanz nutzungs- und aufgabengerechter Technikgestaltung zu sensibilisieren. Hauptsächlich englischsprachige Fachbeiträge und deren Veröffentlichung in der „ACM Digital Library“ bzw. Digitalen Bibliothek der GI fördern die weltweite Sichtbarkeit der wissenschaftlichen Resultate der MuC.},
    publisher = {ACM},
    author = {Mühlhäuser, Max and Reuter, Christian and Pfleging, Bastian and Kosch, Thomas and Matviienko, Andrii and Gerling, Katrin and Mayer, Sven and Heuten, Wilko and Döring, Tanja and Müller, Florian and Schmitz, Martin},
    year = {2022},
    keywords = {HCI},
    }

  • Malte Göttsche, Sibylle Bauer, Anja Dahlmann, Friederike Frieß, Filippa Lentzos, Götz Neuneck, Irmgard Niemeyer, Thea Riebe, Jantje Silomon, Christian Reuter, Jakob Brochhaus, Lukas Rademacher (2022)
    Conference Proceedings : Science, Peace, Security ’21 : The Impact of new Technologies: Destabilizing or Enabling Resilience? : 8-10 September 2021
    Aachen: RWTH Aachen University. doi:10.18154/RWTH-2022-02256
    [BibTeX] [Abstract] [Download PDF]

    The impact of the rapid technological change on peace and security continuously grows and becomes increasingly complex. Against the background of a quickly deteriorating security environment, the international conference SCIENCE · PEACE · SECURITY ’21 (RWTH Aachen University, 8-10 September 2021) examined the role of emerging technologies. The 60 speakers and 220 participants came from the natural, technical and social sciences. Diplomats and representatives from international organisations participated in the discussions. Topics included nuclear, chemical and biological arms control, autonomy in weapon systems, cybersecurity and the militarization of space among others. The main outcome was that all of these issues could be more effectively addressed by new approaches to rigorous interdisciplinary research collaboration to create policy-relevant knowledge and by tightening the nexus between the scientist and policy communities. Both can only be achieved and sustained by funding novel structures that enable scientific-technical scholars to engage on these topics. Key problems to be addressed by integrating natural, technical and social science perspectives include early risk assessment of potential dual-use research and technologies – especially in bio-security and epidemiology as well as IT and robotic research. Ways forward are the inclusion of norms into technology design as well as addressing questions of responsibility and standards. For military-usable technologies, entirely new regulatory approaches are necessary to prevent escalatory dynamics and to maintain accountability structures, moving from object-based to behaviour-based approaches. Scientific-technical research contributes to peace and security in positive ways. A prominent example are nuclear verification techniques. While instruments to monitor nonproliferation and test ban commitments benefit from further improvement, many gaps on how to verify future arms control and disarmament agreements still exist and must be urgently closed. The best cutting-edge scientific and academic expertise that is required for these complex research tasks is found in universities and other independent research institutes. Typically, however, decisionmakers draw knowledge from governmental institutions because of ease and existing connections. Therefore, efforts should be made to better connect the policy and academic communities. Communication between both can be improved by meeting on a regular basis and not only when advice on a specific issue is sought. This can foster more stable relationships and increase an understanding of each other. Lastly, opportunities should be improved for the younger generation of scientists and technologists to engage with policymakers. It is crucial to educate and engage early-on the next generation of scientifically-literate policymakers and security-aware scientists.

    @book{gottsche_conference_2022,
    address = {Aachen},
    title = {Conference {Proceedings} : {Science}, {Peace}, {Security} '21 : {The} {Impact} of new {Technologies}: {Destabilizing} or {Enabling} {Resilience}? : 8-10 {September} 2021},
    url = {https://peasec.de/paper/2022/2022_Goettscheetal_ProceedingsSciencePeaceSecurity21ImpactOfNewTechnologies.pdf},
    abstract = {The impact of the rapid technological change on peace and security continuously grows and becomes increasingly complex. Against the background of a quickly deteriorating security environment, the international conference SCIENCE · PEACE · SECURITY ’21 (RWTH Aachen University, 8-10 September 2021) examined the role of emerging technologies. The 60 speakers and 220 participants came from the natural, technical and social sciences. Diplomats and representatives from international organisations participated in the discussions. Topics included nuclear, chemical and biological arms control, autonomy in weapon systems, cybersecurity and the militarization of space among others.
    The main outcome was that all of these issues could be more effectively addressed by new approaches to rigorous interdisciplinary research collaboration to create policy-relevant knowledge and by tightening the nexus between the scientist and policy communities. Both can only be achieved and sustained by funding novel structures that enable scientific-technical scholars to engage on these topics.
    Key problems to be addressed by integrating natural, technical and social science perspectives include early risk assessment of potential dual-use research and technologies – especially in bio-security and epidemiology as well as IT and robotic research. Ways forward are the inclusion of norms into technology design as well as addressing questions of responsibility and standards. For military-usable technologies, entirely new regulatory approaches are necessary to prevent escalatory dynamics and to maintain accountability structures, moving from object-based to behaviour-based approaches.
    Scientific-technical research contributes to peace and security in positive ways. A prominent example are nuclear verification techniques. While instruments to monitor nonproliferation and test ban commitments benefit from further improvement, many gaps on how to verify future arms control and disarmament agreements still exist and must be urgently closed.
    The best cutting-edge scientific and academic expertise that is required for these complex research tasks is found in universities and other independent research institutes. Typically, however, decisionmakers draw knowledge from governmental institutions because of ease and existing connections. Therefore, efforts should be made to better connect the policy and academic communities. Communication between both can be improved by meeting on a regular basis and not only when advice on a specific issue is sought. This can foster more stable relationships and increase an understanding of each other.
    Lastly, opportunities should be improved for the younger generation of scientists and technologists to engage with policymakers. It is crucial to educate and engage early-on the next generation of scientifically-literate policymakers and security-aware scientists.},
    publisher = {RWTH Aachen University},
    author = {Göttsche, Malte and Bauer, Sibylle and Dahlmann, Anja and Frieß, Friederike and Lentzos, Filippa and Neuneck, Götz and Niemeyer, Irmgard and Riebe, Thea and Silomon, Jantje and Reuter, Christian and Brochhaus, Jakob and Rademacher, Lukas},
    year = {2022},
    doi = {10.18154/RWTH-2022-02256},
    keywords = {Peace},
    }

  • Marc-André Kaufhold, Christian Reuter, Tina Comes, Milad Mirabaie, Stefan Stieglitz (2022)
    Proceedings of the 2nd Workshop on Mobile Resilience: Designing Interactive Systems for Crisis Response
    Darmstadt: TUprints.
    [BibTeX] [Abstract] [Download PDF]

    Information and communication technologies (ICT), including artificial intelligence, internet of things, and mobile applications can be utilized to tackle important societal challenges, such as the ongoing COVID-19 pandemic. While they may increase societal resilience, their design, functionality, and underlying infrastructures must be resilient against disruptions caused by anthropogenic, natural and hybrid crises, emergencies, and threats. In order to research challenges, designs, and potentials of interactive technologies, this workshop investigated the space of mobile technologies and resilient systems for crisis response, including the application domains of cyber threat and pandemic response.

    @book{kaufhold_proceedings_2022,
    address = {Darmstadt},
    title = {Proceedings of the 2nd {Workshop} on {Mobile} {Resilience}: {Designing} {Interactive} {Systems} for {Crisis} {Response}},
    url = {http://www.peasec.de/paper/2022/2022_KaufholdReuterComesMirbabaieStieglitz_Proceedings2ndWorkshopMobileResilience.pdf},
    abstract = {Information and communication technologies (ICT), including artificial intelligence, internet of things, and mobile applications can be utilized to tackle important societal challenges, such as the ongoing COVID-19 pandemic. While they may increase societal resilience, their design, functionality, and underlying infrastructures must be resilient against disruptions caused by anthropogenic, natural and hybrid crises, emergencies, and threats. In order to research challenges, designs, and potentials of interactive technologies, this workshop investigated the space of mobile technologies and resilient systems for crisis response, including the application domains of cyber threat and pandemic response.},
    publisher = {TUprints},
    author = {Kaufhold, Marc-André and Reuter, Christian and Comes, Tina and Mirabaie, Milad and Stieglitz, Stefan},
    year = {2022},
    keywords = {Crisis, Projekt-CYWARN},
    }

    Kapitel in Büchern

  • Jasmin Haunschild, Marc-André Kaufhold, Christian Reuter (2022)
    Cultural Violence and Fragmentation on Social Media: Interventions and Countermeasures by Humans and Social Bots
    In: Myriam Dunn Cavelty, Andreas Wenger: Cyber Security Politics: Socio-Technological Transformations and Political Fragmentation. Routledge, , 48–63.
    [BibTeX] [Abstract] [Download PDF]

    Mobile technologies and social media services are among the socio-technological innovations that have an enormous impact transforming modern culture and political processes. Social media are often defined as a “group of internet-based applications […] that allow the creation and exchange of user-generated content” (Kaplan and Haenlein 2010). Shaping opinions, politics, participation, and protest (Wulf et al. 2013), they are used by citizens for news consumption and social exchange (Robinson et al. 2017); by journalists for reporting, analyzing, and collecting information (Stieglitz et al. 2018a); and by organizations to monitor crises, emergencies, customer feedback, and sentiment, among others (Haunschild et al. 2020). Large-scale international events, such as the 2010 Arab Spring, showcased the potential of socio-technological transformations: Citizens were not passive victims but active and autonomous participants utilizing social media to coordinate protest and for crisis response (Reuter and Kaufhold 2018). However, in other cases, citizens’ activities coordinated via social media also increased the complexity of tasks and pressure for formal authorities, since the lack of state control has not had only empowering or benign effects. Instead, on social media, false information spreads fast and it is easy for groups to find an audience there, either to enhance their profit or to target vulnerable groups with dangerous ideology.

    @incollection{haunschild_cultural_2022,
    title = {Cultural {Violence} and {Fragmentation} on {Social} {Media}: {Interventions} and {Countermeasures} by {Humans} and {Social} {Bots}},
    isbn = {978-0-367-62674-7},
    url = {https://peasec.de/paper/2022/2022_HaunschildKaufholdReuter_SocialMediaAndFragmentation_Routledge.pdf},
    abstract = {Mobile technologies and social media services are among the socio-technological innovations that have an enormous impact transforming modern culture and political processes. Social media are often defined as a “group of internet-based applications […] that allow the creation and exchange of user-generated content” (Kaplan and Haenlein 2010). Shaping opinions, politics, participation, and protest (Wulf et al. 2013), they are used by citizens for news consumption and social exchange (Robinson et al. 2017); by journalists for reporting, analyzing, and collecting information (Stieglitz et al. 2018a); and by organizations to monitor crises, emergencies, customer feedback, and sentiment, among others (Haunschild et al. 2020). Large-scale international events, such as the 2010 Arab Spring, showcased the potential of socio-technological transformations: Citizens were not passive victims but active and autonomous participants utilizing social media to coordinate protest and for crisis response (Reuter and Kaufhold 2018). However, in other cases, citizens’ activities coordinated via social media also increased the complexity of tasks and pressure for formal authorities, since the lack of state control has not had only empowering or benign effects. Instead, on social media, false information spreads fast and it is easy for groups to find an audience there, either to enhance their profit or to target vulnerable groups with dangerous ideology.},
    booktitle = {Cyber {Security} {Politics}: {Socio}-{Technological} {Transformations} and {Political} {Fragmentation}},
    publisher = {Routledge},
    author = {Haunschild, Jasmin and Kaufhold, Marc-André and Reuter, Christian},
    editor = {Cavelty, Myriam Dunn and Wenger, Andreas},
    year = {2022},
    keywords = {Crisis, SocialMedia, Peace, Projekt-ATHENE-SecUrban},
    pages = {48--63},
    }

  • Anja P. Jakobi, Jasmin Haunschild (2022)
    Transnational organisierte Kriminalität und internationale Politik
    In: Frank Sauer, Luba von Hauff, Carlo Masala: Handbuch Internationale Beziehungen. Wiesbaden: VS Verlag für Sozialwissenschaften, , 1–25. doi:10.1007/978-3-531-19954-2_40-4
    [BibTeX] [Abstract] [Download PDF]

    Der Beitrag analysiert die unterschiedlichen Formen und Voraussetzungen der Bekämpfung, Verfolgung und Prävention transnational organisierter Kriminalität in der internationalen Politik. Dazu führen wir zunächst in die Definition und die Grundlagen in diesem Bereich ein, auch im Hinblick auf eine Einordnung in Debatten der Internationalen Beziehungen, bevor einzelne Politikbereiche – Drogenhandel, Menschenhandel und -schmuggel, Waffenhandel, Geldwäsche und Terrorismusfinanzierung, Konfliktmineralien – vorgestellt werden. Die Schlussfolgerungen bieten einen Ausblick in weitere Teilbereiche und erläutern die Rolle von staatlichen und nicht-staatlichen Akteuren in der Bekämpfung transnational organisierter Kriminalität.

    @incollection{jakobi_transnational_2022,
    address = {Wiesbaden},
    title = {Transnational organisierte {Kriminalität} und internationale {Politik}},
    isbn = {978-3-531-19954-2},
    url = {https://doi.org/10.1007/978-3-531-19954-2_40-4},
    abstract = {Der Beitrag analysiert die unterschiedlichen Formen und Voraussetzungen der Bekämpfung, Verfolgung und Prävention transnational organisierter Kriminalität in der internationalen Politik. Dazu führen wir zunächst in die Definition und die Grundlagen in diesem Bereich ein, auch im Hinblick auf eine Einordnung in Debatten der Internationalen Beziehungen, bevor einzelne Politikbereiche – Drogenhandel, Menschenhandel und -schmuggel, Waffenhandel, Geldwäsche und Terrorismusfinanzierung, Konfliktmineralien – vorgestellt werden. Die Schlussfolgerungen bieten einen Ausblick in weitere Teilbereiche und erläutern die Rolle von staatlichen und nicht-staatlichen Akteuren in der Bekämpfung transnational organisierter Kriminalität.},
    booktitle = {Handbuch {Internationale} {Beziehungen}},
    publisher = {VS Verlag für Sozialwissenschaften},
    author = {Jakobi, Anja P. and Haunschild, Jasmin},
    editor = {Sauer, Frank and von Hauff, Luba and Masala, Carlo},
    year = {2022},
    doi = {10.1007/978-3-531-19954-2_40-4},
    pages = {1--25},
    }

  • Niklas Schörnig, Thomas Reinhold (2022)
    Introduction
    In: Niklas Schörnig, Thomas ReinholdArmament, Arms Control and Artificial Intelligence – The Janus-faced Nature of Machine Learning in the Military Realm. 1 ed. Springer, , 1–9. doi:https://doi.org/10.1007/978-3-031-11043-6_1
    [BibTeX] [Abstract] [Download PDF]

    In 1987, Allan Din published the seminal book “Arms and Artificial Intelligence,” in which he argued that the future military use of AI would be a double-edged sword. Warning about control failures and accidental war on one hand, Din also pointed out the potential of AI to enhance arms control. 35 years later, what was a niche technology in Din’s day has since become one of the most influential technologies in both the civilian and military sectors. In addition, AI has evolved from sophisticated yet deterministic expert systems to machine learning algorithms. Today, AI is about to be introduced in almost every branch of the military, with a variety of implications for arms control. This book reflects the work of the individual authors and identifies common themes and areas where AI can be used for the greater good or where its use calls for particular vigilance. It offers an essential primer for interested readers, while also encouraging experts from the arms control community to dig more deeply into the issues.

    @incollection{schornig_introduction_2022,
    edition = {1},
    title = {Introduction},
    isbn = {978-3-031-11043-6},
    url = {https://link.springer.com/chapter/10.1007/978-3-031-11043-6_1},
    abstract = {In 1987, Allan Din published the seminal book “Arms and Artificial Intelligence,” in which he argued that the future military use of AI would be a double-edged sword. Warning about control failures and accidental war on one hand, Din also pointed out the potential of AI to enhance arms control. 35 years later, what was a niche technology in Din’s day has since become one of the most influential technologies in both the civilian and military sectors. In addition, AI has evolved from sophisticated yet deterministic expert systems to machine learning algorithms. Today, AI is about to be introduced in almost every branch of the military, with a variety of implications for arms control. This book reflects the work of the individual authors and identifies common themes and areas where AI can be used for the greater good or where its use calls for particular vigilance. It offers an essential primer for interested readers, while also encouraging experts from the arms control community to dig more deeply into the issues.},
    language = {en},
    booktitle = {Armament, {Arms} {Control} and {Artificial} {Intelligence} - {The} {Janus}-faced {Nature} of {Machine} {Learning} in the {Military} {Realm}},
    publisher = {Springer},
    author = {Schörnig, Niklas and Reinhold, Thomas},
    editor = {Schörnig, Niklas and Reinhold, Thomas},
    year = {2022},
    doi = {https://doi.org/10.1007/978-3-031-11043-6_1},
    keywords = {Security, Peace, Projekt-ATHENE-SecUrban},
    pages = {1--9},
    }

  • Thomas Reinhold, Christian Reuter (2022)
    Cyber Weapons and Artificial Intelligence: Impact, Influence and the Challenges for Arms Control
    In: Niklas Schörnig, Thomas ReinholdArmament, Arms Control and Artificial Intelligence – The Janus-faced Nature of Machine Learning in the Military Realm. 1 ed. Springer, , 145–158. doi:https://doi.org/10.1007/978-3-031-11043-6_11
    [BibTeX] [Abstract] [Download PDF]

    As cyber weapons and artificial intelligence technologies share the same technological foundation of bits and bytes, there is a strong trend of connecting both, thus addressing the imminent challenge of cyber weapons of processing, filtering and aggregating huge amounts of digital data in real time into decisions and actions. This chapter will analyze this development and highlight the increasing tendency towards AI enabled autonomous decisions in defensive as well as offensive cyber weapons, the arising additional challenges for attributing cyberattacks and the problems for developing arms control measures for this “technology fusion”. However, the article also ventures an outlook how AI methods can help to mitigate these challenges if applied for arms control measures itself.

    @incollection{reinhold_cyber_2022,
    edition = {1},
    title = {Cyber {Weapons} and {Artificial} {Intelligence}: {Impact}, {Influence} and the {Challenges} for {Arms} {Control}},
    isbn = {978-3-031-11043-6},
    url = {https://link.springer.com/chapter/10.1007/978-3-031-11043-6_11},
    abstract = {As cyber weapons and artificial intelligence technologies share the same technological foundation of bits and bytes, there is a strong trend of connecting both, thus addressing the imminent challenge of cyber weapons of processing, filtering and aggregating huge amounts of digital data in real time into decisions and actions. This chapter will analyze this development and highlight the increasing tendency towards AI enabled autonomous decisions in defensive as well as offensive cyber weapons, the arising additional challenges for attributing cyberattacks and the problems for developing arms control measures for this “technology fusion”. However, the article also ventures an outlook how AI methods can help to mitigate these challenges if applied for arms control measures itself.},
    language = {en},
    booktitle = {Armament, {Arms} {Control} and {Artificial} {Intelligence} - {The} {Janus}-faced {Nature} of {Machine} {Learning} in the {Military} {Realm}},
    publisher = {Springer},
    author = {Reinhold, Thomas and Reuter, Christian},
    editor = {Schörnig, Niklas and Reinhold, Thomas},
    year = {2022},
    doi = {https://doi.org/10.1007/978-3-031-11043-6_11},
    keywords = {Security, Peace, Projekt-ATHENE-SecUrban},
    pages = {145--158},
    }

  • Thomas Reinhold (2022)
    Arms Control for Artificial Intelligence
    In: Niklas Schörnig, Thomas ReinholdArmament, Arms Control and Artificial Intelligence – The Janus-faced Nature of Machine Learning in the Military Realm. 1 ed. Springer, , 211–226. doi:https://doi.org/10.1007/978-3-031-11043-6_15
    [BibTeX] [Abstract] [Download PDF]

    With military weapon systems getting more and more improved by artificial intelligence and states competing about the leading role in this development, the question arises how arms control measures can be applied to decrease this equipment spiral. The ongoing debates on cyber weapons have already highlighted the problems with controlling or limiting digital technologies, not to mention the dual use problems. While still in an early stage, this chapter develops possible approaches for AI arms control by considering the different life cycle steps of a typical AI enabled system, based on lessons learned from other arms control approaches. It will discuss the different starting points, their arms control potential as well as its limitations to provide a holistic perspective for necessary further develops and debates.

    @incollection{reinhold_arms_2022,
    edition = {1},
    title = {Arms {Control} for {Artificial} {Intelligence}},
    isbn = {978-3-031-11043-6},
    url = {https://link.springer.com/chapter/10.1007/978-3-031-11043-6_15},
    abstract = {With military weapon systems getting more and more improved by artificial intelligence and states competing about the leading role in this development, the question arises how arms control measures can be applied to decrease this equipment spiral. The ongoing debates on cyber weapons have already highlighted the problems with controlling or limiting digital technologies, not to mention the dual use problems. While still in an early stage, this chapter develops possible approaches for AI arms control by considering the different life cycle steps of a typical AI enabled system, based on lessons learned from other arms control approaches. It will discuss the different starting points, their arms control potential as well as its limitations to provide a holistic perspective for necessary further develops and debates.},
    language = {en},
    booktitle = {Armament, {Arms} {Control} and {Artificial} {Intelligence} - {The} {Janus}-faced {Nature} of {Machine} {Learning} in the {Military} {Realm}},
    publisher = {Springer},
    author = {Reinhold, Thomas},
    editor = {Schörnig, Niklas and Reinhold, Thomas},
    year = {2022},
    doi = {https://doi.org/10.1007/978-3-031-11043-6_15},
    keywords = {Security, Peace, Projekt-ATHENE-SecUrban},
    pages = {211--226},
    }

    Publikationen in Konferenzbänden / Peer-reviewed Conference Papers

  • Laura Guntrum (2022)
    Justice-oriented Research in Peace and Conflict Studies in Times of Social Distancing
    Workshop-Proceedings Mensch und Computer Darmstadt. doi:10.18420/muc2022-mci-ws10-216
    [BibTeX] [Abstract] [Download PDF]

    Not only since the COVID-19 pandemic, many research processes had already been increasingly digitized to maintain global ex-change of information efficiently. For years, scientific empirical studies have been conducted in politically sensitive contexts using digitally mediated methods, entailing numerous risks as well as potentials. One goal of digital research is to also capture marginal-ized voices. With emerging risks related to digital research, such as digital surveillance and social media monitoring by adversaries (e.g., the military in Myanmar), research needs to be more thoughtfully conducted. Considering research ethics, an evolving discrepancy between security measures and values of social jus-tice, such as accessibility and representation, appears as most data-secure applications are not used widely and offers such as “Free Basics” entice people to use rather data-unsecure applica-tions. Reflecting on this existing discrepancy in ethical require-ments, I illustrate challenges of the German research context re-lated to digitally conducted research focusing on overt conflictive social contexts.

    @inproceedings{guntrum_justice-oriented_2022,
    address = {Darmstadt},
    series = {Mensch und {Computer} 2022 - {Workshopband}},
    title = {Justice-oriented {Research} in {Peace} and {Conflict} {Studies} in {Times} of {Social} {Distancing}},
    url = {https://dl.gi.de/handle/20.500.12116/39092},
    doi = {10.18420/muc2022-mci-ws10-216},
    abstract = {Not only since the COVID-19 pandemic, many research processes had already been increasingly digitized to maintain global ex-change of information efficiently. For years, scientific empirical studies have been conducted in politically sensitive contexts using digitally mediated methods, entailing numerous risks as well as potentials. One goal of digital research is to also capture marginal-ized voices. With emerging risks related to digital research, such as digital surveillance and social media monitoring by adversaries (e.g., the military in Myanmar), research needs to be more thoughtfully conducted. Considering research ethics, an evolving discrepancy between security measures and values of social jus-tice, such as accessibility and representation, appears as most data-secure applications are not used widely and offers such as “Free Basics” entice people to use rather data-unsecure applica-tions. Reflecting on this existing discrepancy in ethical require-ments, I illustrate challenges of the German research context re-lated to digitally conducted research focusing on overt conflictive social contexts.},
    language = {en},
    booktitle = {Workshop-{Proceedings} {Mensch} und {Computer}},
    publisher = {Gesellschaft für Informatik},
    author = {Guntrum, Laura},
    year = {2022},
    keywords = {Security, Peace, Projekt-ATHENE-FANCY, Projekt-TraCe},
    }

  • Marc-André Kaufhold, Julian Bäumler, Christian Reuter (2022)
    The Implementation of Protective Measures and Communication of Cybersecurity Alerts in Germany – A Representative Survey of the Population
    Workshop-Proceedings Mensch und Computer Darmstadt. doi:10.18420/muc2022-mci-ws01-228
    [BibTeX] [Abstract] [Download PDF]

    Despite the merits of digitization in private and professional spaces, critical infrastructures and societies are increasingly exposed to cyberattacks. We conducted a representative survey with German citizens (N=1,093) to examine how they assess the current and future cyber threat situation as well as possible protective measures in cyberspace. Furthermore, we asked what information and channels citizens need to be aware of cyber threats. Our findings indicate that large proportions of the German population feel inadequately informed about cyber threats and tend to only apply enforced security measures by programs (e.g., updates) and services (e.g., two-factor authentication). Furthermore, institutions such as state-level Computer Emergency Response Teams (CERTs) are relatively unknown among the population and respondents showed little confidence in German security authorities to cope with largescale attacks and ultimately protect citizens. Still, our participants prefer to receive cybersecurity information via installed security applications, television channels, or emergency warning apps.

    @inproceedings{kaufhold_implementation_2022,
    address = {Darmstadt},
    series = {Mensch und {Computer} 2022 - {Workshopband}},
    title = {The {Implementation} of {Protective} {Measures} and {Communication} of {Cybersecurity} {Alerts} in {Germany} - {A} {Representative} {Survey} of the {Population}},
    url = {https://dl.gi.de/handle/20.500.12116/39061},
    doi = {10.18420/muc2022-mci-ws01-228},
    abstract = {Despite the merits of digitization in private and professional spaces, critical infrastructures and societies are increasingly exposed to cyberattacks. We conducted a representative survey with German citizens (N=1,093) to examine how they assess the current and future cyber threat situation as well as possible protective measures in cyberspace. Furthermore, we asked what information and channels citizens need to be aware of cyber threats. Our findings indicate that large proportions of the German population feel inadequately informed about cyber threats and tend to only apply enforced security measures by programs (e.g., updates) and services (e.g., two-factor authentication). Furthermore, institutions such as state-level Computer Emergency Response Teams (CERTs) are relatively unknown among the population and respondents showed little confidence in German security authorities to cope with largescale attacks and ultimately protect citizens. Still, our participants prefer to receive cybersecurity information via installed security applications, television channels, or emergency warning apps.},
    language = {en},
    booktitle = {Workshop-{Proceedings} {Mensch} und {Computer}},
    publisher = {Gesellschaft für Informatik},
    author = {Kaufhold, Marc-André and Bäumler, Julian and Reuter, Christian},
    year = {2022},
    keywords = {Student, UsableSec, Security, Projekt-ATHENE-SecUrban, Projekt-CYWARN},
    }

  • Marc-André Kaufhold, Ali Sercan Basyurt, Kaan Eyilmez, Marc Stöttinger, Christian Reuter (2022)
    Cyber Threat Observatory: Design and Evaluation of an Interactive Dashboard for Computer Emergency Response Teams
    Proceedings of the European Conference on Information Systems (ECIS) Timisoara, Romaina.
    [BibTeX] [Abstract] [Download PDF]

    Besides the merits of increasing digitization and networking, societies are increasling exposed to cyberattacks. In Germany, Computer Emerrgency Response Teams (CERTs) of the public sector operate on federal and state level to provide preventative and reactive information security services for authorities, citizens, and enterprises. Their tasks of monitoring, analyzing, and communicating threats is getting more complex by the increasing information quantity disseminated into relevant public channels. Using the lens of design science research, this paper contributes with the design and evaluation of a cross-platform cybersecurity dashboard for CERTs. Based on expert scenario-based walkthroughs in combination with semi-structured interviews (N=12), it discusses six design implications, including the customizability of data sources and filtering of displayed entities, modular integration of additional information sources, interrelation between different information feeds, intelligent algorithms for content assessment and filtering, integration with security software and systems, as well as export, sharing and communication of relevant data.

    @inproceedings{kaufhold_cyber_2022,
    address = {Timisoara, Romaina},
    title = {Cyber {Threat} {Observatory}: {Design} and {Evaluation} of an {Interactive} {Dashboard} for {Computer} {Emergency} {Response} {Teams}},
    url = {http://www.peasec.de/paper/2022/2022_KaufholdBasyurtEyilmezStoettingerReuter_CyberThreatObservatory_ECIS.pdf},
    abstract = {Besides the merits of increasing digitization and networking, societies are increasling exposed to cyberattacks. In Germany, Computer Emerrgency Response Teams (CERTs) of the public sector operate on federal and state level to provide preventative and reactive information security services for authorities, citizens, and enterprises. Their tasks of monitoring, analyzing, and communicating threats is getting more complex by the increasing information quantity disseminated into relevant public channels. Using the lens of design science research, this paper contributes with the design and evaluation of a cross-platform cybersecurity dashboard for CERTs. Based on expert scenario-based walkthroughs in combination with semi-structured interviews (N=12), it discusses six design implications, including the customizability of data sources and filtering of displayed entities, modular integration of additional information sources, interrelation between different information feeds, intelligent algorithms for content assessment and filtering, integration with security software and systems, as well as export, sharing and communication of relevant data.},
    booktitle = {Proceedings of the {European} {Conference} on {Information} {Systems} ({ECIS})},
    author = {Kaufhold, Marc-André and Basyurt, Ali Sercan and Eyilmez, Kaan and Stöttinger, Marc and Reuter, Christian},
    year = {2022},
    keywords = {UsableSec, Security, A-Paper, Ranking-CORE-A, Projekt-CYWARN},
    pages = {1--17},
    }

  • Laura Buhleier, Sebastian Linsner, Enno Steinbrink, Christian Reuter (2022)
    Eine Klassifikation sicherheitskritischer UX-Design-Patterns
    Workshop-Proceedings Mensch und Computer Darmstadt. doi:10.18420/muc2022-mci-ws10-275
    [BibTeX] [Abstract] [Download PDF]

    User Experience ist von zunehmender Relevanz für die Entwicklung digitaler Designentscheidungen und hat somit weitgehende Auswirkungen auf das Nutzerverhalten. Dass dies besonders für die Sicherheit und Vertraulichkeit nicht nur von Vorteil sein kann, sondern Nutzer*innen negativ beeinflussen kann, wird in dieser Arbeit ersichtlich. Betrachtetwerden dafür die Themengebiete Anti-Patterns, Grey Patterns und Dark-Patterns. Anti-Patterns bezeichnen wiederkehrende Lösungen für ein Konzept eines User Interfaces, die trotz guter Intention ungewünschte Nebeneffekte oder Konsequenzen haben. Dark-Patterns dagegen stellen Designentscheidungen dar, die durch Täuschung oder Ausnutzung psychischen Drucks versuchen Nutzer*innen zu Handlungen zu verleiten, von denen die Ersteller*innen des Dark-Patterns mehr profitieren als die Anwender* innen. Der Begriff Grey Patterns wird in dieser Arbeit für alle Design Patterns genutzt, die sich nicht direkt zuordnen lassen. Da es bisher kaum vergleichendeWerke und keinen Konsens zu diesen Themengebieten gibt, ist das Ziel dieser Arbeit ein grundlegendes Modell aufzustellen. Dabei wird durch die Untersuchung bestehender Literatur eine zusammenfassende Taxonomie und ein Vorgehen zur Unterscheidung von Anti-Patterns und Dark-Patterns erarbeitet, die als Grundlage für weitere Arbeiten und zur Entwicklung von Gegenmaßnahmen genutzt werden können.

    @inproceedings{buhleier_klassifikation_2022,
    address = {Darmstadt},
    series = {Mensch und {Computer} 2022 - {Workshopband}},
    title = {Eine {Klassifikation} sicherheitskritischer {UX}-{Design}-{Patterns}},
    url = {https://dl.gi.de/handle/20.500.12116/39087},
    doi = {10.18420/muc2022-mci-ws10-275},
    abstract = {User Experience ist von zunehmender Relevanz für die Entwicklung digitaler Designentscheidungen und hat somit weitgehende Auswirkungen auf das Nutzerverhalten. Dass dies besonders für die Sicherheit und Vertraulichkeit nicht nur von Vorteil sein kann, sondern Nutzer*innen negativ beeinflussen kann, wird in dieser Arbeit ersichtlich. Betrachtetwerden dafür die Themengebiete Anti-Patterns, Grey Patterns und Dark-Patterns. Anti-Patterns bezeichnen wiederkehrende Lösungen für ein Konzept eines User Interfaces, die trotz guter Intention ungewünschte Nebeneffekte oder Konsequenzen haben. Dark-Patterns dagegen stellen Designentscheidungen dar, die durch Täuschung oder Ausnutzung psychischen Drucks versuchen Nutzer*innen zu Handlungen zu verleiten, von denen die Ersteller*innen des Dark-Patterns mehr profitieren als die Anwender* innen. Der Begriff Grey Patterns wird in dieser Arbeit für alle Design Patterns genutzt, die sich nicht direkt zuordnen lassen. Da es bisher kaum vergleichendeWerke und keinen Konsens zu diesen Themengebieten gibt, ist das Ziel dieser Arbeit ein grundlegendes Modell aufzustellen. Dabei wird durch die Untersuchung bestehender Literatur eine zusammenfassende Taxonomie und ein Vorgehen zur Unterscheidung von Anti-Patterns und Dark-Patterns erarbeitet, die als Grundlage für weitere Arbeiten und zur Entwicklung von Gegenmaßnahmen genutzt werden können.},
    language = {de},
    booktitle = {Workshop-{Proceedings} {Mensch} und {Computer}},
    publisher = {Gesellschaft für Informatik},
    author = {Buhleier, Laura and Linsner, Sebastian and Steinbrink, Enno and Reuter, Christian},
    year = {2022},
    keywords = {HCI, Student, UsableSec, Security, Projekt-CROSSING, Projekt-GRKPrivacy},
    }

  • Laura Buhleier, Patrick Gantner, Tobias Frey, Michael Boers, Marc-André Kaufhold, Christian Reuter (2022)
    Effizienz und Nachhaltigkeit durch Green-IT: ein systematischer Literaturüberblick im Kontext der Klimakrise
    INFORMATIK 2022: 52. Jahrestagung der Gesellschaft für Informatik – Informatik für Gesellschaft (Workshop-Beiträge), Lecture Notes in Informatics (LNI) Hamburg, Germany. doi:10.18420/inf2022_83
    [BibTeX] [Abstract] [Download PDF]

    Die Klimakrise gehört zu den aktuell größten Herausforderungen unserer Zeit. Informations- und Kommunikationstechnologien (IKT) können hierbei eine entscheidende Rolle spielen. Einerseits, da eine Effizienzsteigerung von oder durch IKT zu einer klimafreundlicheren Nutzung beitragen kann, und andererseits, da IKT zu einem erhöhten Ressourcenverbrauch führen kann. Um diese Thematik weiter zu untersuchen, wird in dieser Arbeit eine systematische Literaturrecherche durchgeführt, um Herausforderungen und Potenziale in der Adressierung der Klimakrise durch eine effiziente und nachhaltige Entwicklung des IKT-Sektors zu analysieren. Die dabei untersuchte Literatur beinhaltet Herausforderungen wie zum Beispiel den hohen Energie- und Materialverbrauch der IKT-Geräte und Datenzentren sowie die entstehenden Entsorgungskosten und das Konsumverhalten der Nutzer*innen. Deswegen sollten die Nutzer*innen mehr Informationen zur Wartung, zum Kauf gebrauchter Geräte, und zum Recyceln/Entsorgen erhalten. Die Analyse lieferte aber auch viele Potenziale. Durch IKT können Effizienzsteigerungen in den Bereich Industrie, Landwirtschaft, Verkehr und Transport erreicht und auch umweltschädliche Geräte substituiert werden. Durch diese Potenziale kann es aber, wie in anderen Bereichen, zu einem Rebound-Effekt kommen.

    @inproceedings{buhleier_effizienz_2022,
    address = {Hamburg, Germany},
    title = {Effizienz und {Nachhaltigkeit} durch {Green}-{IT}: ein systematischer {Literaturüberblick} im {Kontext} der {Klimakrise}},
    isbn = {978-3-88579-720-3},
    url = {https://dl.gi.de/bitstream/handle/20.500.12116/39590/rsflab_06.pdf?sequence=1&isAllowed=y},
    doi = {10.18420/inf2022_83},
    abstract = {Die Klimakrise gehört zu den aktuell größten Herausforderungen unserer Zeit. Informations- und Kommunikationstechnologien (IKT) können hierbei eine entscheidende Rolle spielen. Einerseits, da eine Effizienzsteigerung von oder durch IKT zu einer klimafreundlicheren Nutzung beitragen kann, und andererseits, da IKT zu einem erhöhten Ressourcenverbrauch führen kann. Um diese Thematik weiter zu untersuchen, wird in dieser Arbeit eine systematische Literaturrecherche durchgeführt, um Herausforderungen und Potenziale in der Adressierung der Klimakrise durch eine effiziente und nachhaltige Entwicklung des IKT-Sektors zu analysieren. Die dabei untersuchte Literatur beinhaltet Herausforderungen wie zum Beispiel den hohen Energie- und Materialverbrauch der IKT-Geräte und Datenzentren sowie die entstehenden Entsorgungskosten und das Konsumverhalten der Nutzer*innen. Deswegen sollten die Nutzer*innen mehr Informationen zur Wartung, zum Kauf gebrauchter Geräte, und zum Recyceln/Entsorgen erhalten. Die Analyse lieferte aber auch viele Potenziale. Durch IKT können Effizienzsteigerungen in den Bereich Industrie, Landwirtschaft, Verkehr und Transport erreicht und auch umweltschädliche Geräte substituiert werden. Durch diese Potenziale kann es aber, wie in anderen Bereichen, zu einem Rebound-Effekt kommen.},
    language = {de},
    booktitle = {{INFORMATIK} 2022: 52. {Jahrestagung} der {Gesellschaft} für {Informatik} – {Informatik} für {Gesellschaft} ({Workshop}-{Beiträge}), {Lecture} {Notes} in {Informatics} ({LNI})},
    publisher = {Gesellschaft für Informatik e. V.},
    author = {Buhleier, Laura and Gantner, Patrick and Frey, Tobias and Boers, Michael and Kaufhold, Marc-André and Reuter, Christian},
    editor = {Demmler, D. and Krupka, D. and Federrath, H.},
    year = {2022},
    keywords = {Student, Ranking-CORE-C, Ranking-VHB-C, Security, Projekt-AgriRegio},
    pages = {995--1012},
    }

  • Denis Orlov, Simon Möller, Sven Düfler, Steffen Haesler, Christian Reuter (2022)
    Detecting a Crisis: Comparison of Self-Reported vs. Automated Internet Outage Measuring Methods
    Workshop-Proceedings Mensch und Computer Darmstadt. doi:10.18420/muc2022-mci-ws10-321
    [BibTeX] [Abstract] [Download PDF]

    Every day, there are internet disruptions or outages around the world that affect our daily lives. In this paper, we analyzed these events in Germany in recent years and found out how they can be detected, and what impact they have on citizens, especially in crisis situations. For this purpose, we take a look at two different approaches to recording internet outages, namely the self-reporting of citizens and automatic reporting by algorithmic examination of the availability of IP networks. We evaluate the data of six major events with regard to their meaningfulness in quality and quantity. We found that due to the amount of data and the inherent imprecision of the methods used, it is difficult to detect outages through algorithmic examination. But once an event is publicly known by self-reporting, they have advantages to capture the temporal and spatial dimensions of the outage due to its nature of objective measurements. As a result, we propose that users’ crowdsourcing can enhance the detection of outages and should be seen as an important starting point to even begin an analysis with algorithm-based techniques, but it is to ISPs and regulatory authorities to support that.

    @inproceedings{orlov_detecting_2022,
    address = {Darmstadt},
    series = {Mensch und {Computer} 2022 - {Workshopband}},
    title = {Detecting a {Crisis}: {Comparison} of {Self}-{Reported} vs. {Automated} {Internet} {Outage} {Measuring} {Methods}},
    url = {https://dl.gi.de/handle/20.500.12116/39089},
    doi = {10.18420/muc2022-mci-ws10-321},
    abstract = {Every day, there are internet disruptions or outages around the world that affect our daily lives. In this paper, we analyzed these events in Germany in recent years and found out how they can be detected, and what impact they have on citizens, especially in crisis situations. For this purpose, we take a look at two different approaches to recording internet outages, namely the self-reporting of citizens and automatic reporting by algorithmic examination of the availability of IP networks. We evaluate the data of six major events with regard to their meaningfulness in quality and quantity. We found that due to the amount of data and the inherent imprecision of the methods used, it is difficult to detect outages through algorithmic examination. But once an event is publicly known by self-reporting, they have advantages to capture the temporal and spatial dimensions of the outage due to its nature of objective measurements. As a result, we propose that users’ crowdsourcing can enhance the detection of outages and should be seen as an important starting point to even begin an analysis with algorithm-based techniques, but it is to ISPs and regulatory authorities to support that.},
    language = {en},
    booktitle = {Workshop-{Proceedings} {Mensch} und {Computer}},
    publisher = {Gesellschaft für Informatik},
    author = {Orlov, Denis and Möller, Simon and Düfler, Sven and Haesler, Steffen and Reuter, Christian},
    year = {2022},
    keywords = {HCI, Student, UsableSec, Security, Projekt-emergenCITY},
    }

  • Philipp Kuehn, Julian Bäumler, Marc-André Kaufhold, Marc Wendelborn, Christian Reuter (2022)
    The Notion of Relevance in Cybersecurity: A Categorization of Security Tools and Deduction of Relevance Notions
    Workshop-Proceedings Mensch und Computer Darmstadt. doi:10.18420/muc2022-mci-ws01-220
    [BibTeX] [Abstract] [Download PDF]

    Proper cybersecurity requires timely information to defend the IT infrastructure. In a dynamic field like cybersecurity, gathering up-to-date information is usually a manual, time-consuming, and exhaustive task. Automatic and usable approaches are supposed to be a solution to this problem, but for this, they require a notion of information relevance to distinguish relevant from irrelevant information. First, on the basis of a literature review, this paper proposes a novel cybersecurity tool categorization based on corresponding tool types with their respective definitions and core features. Second, it elaborates information used in each category and deduces notions of relevance. Third, it outlines how these findings informed the design of a security dashboard to guide computer emergency response team staff in identifying current threats in open source intelligence sources while mitigating information overload.

    @inproceedings{kuehn_notion_2022,
    address = {Darmstadt},
    series = {Mensch und {Computer} 2022 - {Workshopband}},
    title = {The {Notion} of {Relevance} in {Cybersecurity}: {A} {Categorization} of {Security} {Tools} and {Deduction} of {Relevance} {Notions}},
    url = {https://dl.gi.de/handle/20.500.12116/39072},
    doi = {10.18420/muc2022-mci-ws01-220},
    abstract = {Proper cybersecurity requires timely information to defend the IT infrastructure. In a dynamic field like cybersecurity, gathering up-to-date information is usually a manual, time-consuming, and exhaustive task. Automatic and usable approaches are supposed to be a solution to this problem, but for this, they require a notion of information relevance to distinguish relevant from irrelevant information. First, on the basis of a literature review, this paper proposes a novel cybersecurity tool categorization based on corresponding tool types with their respective definitions and core features. Second, it elaborates information used in each category and deduces notions of relevance. Third, it outlines how these findings informed the design of a security dashboard to guide computer emergency response team staff in identifying current threats in open source intelligence sources while mitigating information overload.},
    language = {en},
    booktitle = {Workshop-{Proceedings} {Mensch} und {Computer}},
    publisher = {Gesellschaft für Informatik},
    author = {Kuehn, Philipp and Bäumler, Julian and Kaufhold, Marc-André and Wendelborn, Marc and Reuter, Christian},
    year = {2022},
    keywords = {Student, UsableSec, Security, Projekt-ATHENE-SecUrban, Projekt-CYWARN},
    }

  • Jelle Groenendaal, Ira Helsloot, Christian Reuter (2022)
    Towards More Insight into Cyber Incident Response Decision Making and its Implications for Cyber Crisis Management
    Proceedings of the Information Systems for Crisis Response and Management (ISCRAM) .
    [BibTeX] [Abstract] [Download PDF]

    Organizations affected by a cyber-attack usually rely on external Cyber Incident Response (CIR) consultants to conduct investigations and mitigate the impact. These CIR consultants need to make critical decisions that could have major impact on their clients. This preliminary investigation aims to get a better understanding of CIR decision-making and answers the following questions: (1.) To what extent do experienced CIR consultants use a Recognition-Primed Decision (RPD) Making strategy during their work? (2.) What are the implications for cyber crisis management as well as for training and decision-making? To answer these questions, we conducted a literature review and interviewed six experienced CIR consultants using the Critical Decision Method. Our analysis reveals that CIR consultants recognize situations based on past experiences and apply a course of action that has worked effectively in the past. This course of action is mainly aimed at collecting and evaluating more data. This finding differs from other operational domains such as the military and fire department, where recognition is usually followed immediately by action. For cyber crisis management, this means that crisis management teams should decide to what extent and in what ways they want to mitigate the risk of responding belatedly to cyber events, which could potentially lead to unnecessary data theft and sustained business disruption. Another implication is that crisis management teams should consider whether additional forensic investigation outweighs the expected benefits throughout the response process. For instance, if the likely entry-point of the attacker has been discovered, how much effort should be devoted to exclude other potential entry-points. Reflecting on the status-quo, several implications for training and decision-making are provided.

    @inproceedings{groenendaal_towards_2022,
    title = {Towards {More} {Insight} into {Cyber} {Incident} {Response} {Decision} {Making} and its {Implications} for {Cyber} {Crisis} {Management}},
    url = {http://idl.iscram.org/files/jellegroenendaal/2022/2468_JelleGroenendaal_etal2022.pdf},
    abstract = {Organizations affected by a cyber-attack usually rely on external Cyber Incident Response (CIR) consultants to conduct investigations and mitigate the impact. These CIR consultants need to make critical decisions that could have major impact on their clients. This preliminary investigation aims to get a better understanding of CIR decision-making and answers the following questions: (1.) To what extent do experienced CIR consultants use a Recognition-Primed Decision (RPD) Making strategy during their work? (2.) What are the implications for cyber crisis management as well as for training and decision-making? To answer these questions, we conducted a literature review and interviewed six experienced CIR consultants using the Critical Decision Method. Our analysis reveals that CIR consultants recognize situations based on past experiences and apply a course of action that has worked effectively in the past. This course of action is mainly aimed at collecting and evaluating more data. This finding differs from other operational domains such as the military and fire department, where recognition is usually followed immediately by action. For cyber crisis management, this means that crisis management teams should decide to what extent and in what ways they want to mitigate the risk of responding belatedly to cyber events, which could potentially lead to unnecessary data theft and sustained business disruption. Another implication is that crisis management teams should consider whether additional forensic investigation outweighs the expected benefits throughout the response process. For instance, if the likely entry-point of the attacker has been discovered, how much effort should be devoted to exclude other potential entry-points. Reflecting on the status-quo, several implications for training and decision-making are provided.},
    booktitle = {Proceedings of the {Information} {Systems} for {Crisis} {Response} and {Management} ({ISCRAM})},
    author = {Groenendaal, Jelle and Helsloot, Ira and Reuter, Christian},
    year = {2022},
    keywords = {UsableSec, Security},
    }

  • Jonas Franken (2022)
    Seekabel als Maritime Kritische Infrastruktur
    Dreizack 21: Von historischen bis zukünftigen Herausforderungen im maritimen Raum Laboe/Kiel.
    [BibTeX] [Download PDF]

    @inproceedings{franken_seekabel_2022,
    address = {Laboe/Kiel},
    title = {Seekabel als {Maritime} {Kritische} {Infrastruktur}},
    url = {https://www.kielseapowerseries.com/files/ispk/content/workshops/Dreizack/Sammelband zum Dreizack21.pdf},
    booktitle = {Dreizack 21: {Von} historischen bis zukünftigen {Herausforderungen} im maritimen {Raum}},
    author = {Franken, Jonas},
    editor = {Schilling, Henrik},
    year = {2022},
    keywords = {Student, Security, Projekt-ATHENE-SecUrban},
    pages = {22--25},
    }

  • Kaan Eyilmez, Ali Sercan Basyurt, Stefan Stieglitz, Christoph Fuchss, Marc-André Kaufhold, Christian Reuter, Milad Mirabaie (2022)
    A Design Science Artefact for Cyber Threat Detection and Actor Specific Communication
    Australasian Conference on Information Systems (ACIS) .
    [BibTeX] [Download PDF]

    @inproceedings{eyilmez_design_2022,
    title = {A {Design} {Science} {Artefact} for {Cyber} {Threat} {Detection} and {Actor} {Specific} {Communication}},
    url = {https://aisel.aisnet.org/cgi/viewcontent.cgi?article=1049&context=acis2022},
    booktitle = {Australasian {Conference} on {Information} {Systems} ({ACIS})},
    publisher = {AIS Electronic Library (AISel)},
    author = {Eyilmez, Kaan and Basyurt, Ali Sercan and Stieglitz, Stefan and Fuchss, Christoph and Kaufhold, Marc-André and Reuter, Christian and Mirabaie, Milad},
    year = {2022},
    keywords = {Projekt-CYWARN, Security, Student},
    }

  • Tilo Mentler, Christian Reuter, Simon Nestler, Marc-André Kaufhold, Michael Herczeg, Jens Pottebaum (2022)
    9. Workshop Mensch-Maschine-Interaktion in sicherheitskritischen Systemen
    Mensch und Computer 2022 – Workshopband Darmstadt, Germany. doi:10.18420/muc2022-mci-ws10-117
    [BibTeX] [Abstract] [Download PDF]

    Im Zentrum dieses Workshops steht die Interaktion von Mensch und Technik in sicherheitskritischen Kontexten. Hierzu zählen Bereiche, die bereits seit Jahrzehnten Gegenstand der Forschung sind (z.B. Prozessführung in Leitwarten), aber auch aktuelle Herausforderungen (z.B. Social Media im Katastrophenschutz). In diesen und vielen weiteren Bereichen gilt, dass sichere Systemzustände nur durch die ganzheitliche Betrachtung von Mensch, Technik und Organisation gewährleistet bzw. schnellstmöglich wieder erreicht werden können. In diesem Zusammenhang ist der Workshop auch der Nutzbarkeit und Akzeptanz von Sicherheitskonzepten sowie einer bewussteren Auseinandersetzung der Nutzenden mit diesem Thema gewidmet.

    @inproceedings{mentler_9_2022,
    address = {Darmstadt, Germany},
    title = {9. {Workshop} {Mensch}-{Maschine}-{Interaktion} in sicherheitskritischen {Systemen}},
    url = {https://dl.gi.de/handle/20.500.12116/39086},
    doi = {10.18420/muc2022-mci-ws10-117},
    abstract = {Im Zentrum dieses Workshops steht die Interaktion von Mensch und Technik in sicherheitskritischen Kontexten. Hierzu zählen Bereiche, die bereits seit Jahrzehnten Gegenstand der Forschung sind (z.B. Prozessführung in Leitwarten), aber auch aktuelle Herausforderungen (z.B. Social Media im Katastrophenschutz). In diesen und vielen weiteren Bereichen gilt, dass sichere Systemzustände nur durch die ganzheitliche Betrachtung von Mensch, Technik und Organisation gewährleistet bzw. schnellstmöglich wieder erreicht werden können. In diesem Zusammenhang ist der Workshop auch der Nutzbarkeit und Akzeptanz von Sicherheitskonzepten sowie einer bewussteren Auseinandersetzung der Nutzenden mit diesem Thema gewidmet.},
    language = {de},
    booktitle = {Mensch und {Computer} 2022 - {Workshopband}},
    publisher = {Gesellschaft für Informatik e.V.},
    author = {Mentler, Tilo and Reuter, Christian and Nestler, Simon and Kaufhold, Marc-André and Herczeg, Michael and Pottebaum, Jens},
    year = {2022},
    keywords = {Security},
    }

  • Jasmin Haunschild, Marc-André Kaufhold, Christian Reuter (2022)
    Perceptions and Use of Warning Apps – Did Recent Crises Lead to Changes in Germany?
    Mensch und Computer 2022 – Tagungsband New York. doi:10.1145/3543758.3543770
    [BibTeX] [Abstract] [Download PDF]

    Warning and emergency apps are an integral part of crisis informatics and particularly relevant in countries that currently do not have cell broadcast, such as Germany. Previous studies have shown that such apps are regarded as relevant, but only around 16\% of German citizens used them in 2017 and 2019. With the COVID-19 pandemic and a devastating flash flood, Germany has recently experienced severe crisis-related losses. By comparing data from representative surveys from 2017, 2019 and 2021, this study investigates whether these events have changed the perceptions of warning apps and their usage patterns in Germany. The study shows that while multi-hazard emergency and warning apps have been easily surpassed in usage by COVID-19 contact tracing apps, the use of warning apps has also increased and the pandemic has added new desired features. While these have been little-used during the COVID-19 pandemic, especially non-users see smartphone messengers app channels as possible alternatives to warning apps. In addition, regional warning apps appear promising, possibly because they make choosing a warning app easier when there are several available on the market.

    @inproceedings{haunschild_perceptions_2022,
    address = {New York},
    title = {Perceptions and {Use} of {Warning} {Apps} – {Did} {Recent} {Crises} {Lead} to {Changes} in {Germany}?},
    url = {https://dl.gi.de/handle/20.500.12116/39227},
    doi = {10.1145/3543758.3543770},
    abstract = {Warning and emergency apps are an integral part of crisis informatics and particularly relevant in countries that currently do not have cell broadcast, such as Germany. Previous studies have shown that such apps are regarded as relevant, but only around 16\% of German citizens used them in 2017 and 2019. With the COVID-19 pandemic and a devastating flash flood, Germany has recently experienced severe crisis-related losses. By comparing data from representative surveys from 2017, 2019 and 2021, this study investigates whether these events have changed the perceptions of warning apps and their usage patterns in Germany. The study shows that while multi-hazard emergency and warning apps have been easily surpassed in usage by COVID-19 contact tracing apps, the use of warning apps has also increased and the pandemic has added new desired features. While these have been little-used during the COVID-19 pandemic, especially non-users see smartphone messengers app channels as possible alternatives to warning apps. In addition, regional warning apps appear promising, possibly because they make choosing a warning app easier when there are several available on the market.},
    language = {en},
    booktitle = {Mensch und {Computer} 2022 - {Tagungsband}},
    publisher = {ACM},
    author = {Haunschild, Jasmin and Kaufhold, Marc-André and Reuter, Christian},
    year = {2022},
    keywords = {Crisis, Projekt-ATHENE-SecUrban},
    }

  • Christian Reuter, Franz Kuntke, Matthias Trapp, Christian Wied, Gerwin Brill, Georg Müller, Enno Steinbrink, Jonas Franken, Daniel Eberz-Eder, Wolfgang Schneider (2022)
    AgriRegio: Infrastruktur zur Förderung von digitaler Resilienz und Klimaresilienz im ländlichen Raum am Beispiel der Pilotregion Nahe-Donnersberg
    INFORMATIK 2022: 52. Jahrestagung der Gesellschaft für Informatik – Informatik für Gesellschaft (Workshop-Beiträge), Lecture Notes in Informatics (LNI) Hamburg, Germany. doi:10.18420/inf2022_81
    [BibTeX] [Abstract] [Download PDF]

    Die Digitalisierung schreitet auch in der Landwirtschaft immer weiter voran. Vermehrt werden in landwirtschaftlichen Betrieben sogenannte Smart Farming-Technologien eingesetzt, mit deren Hilfe verschiedenste Arbeitsabläufe automatisiert ablaufen, kontrolliert werden und mit anderen Betrieben ausgetauscht werden können. Durch die verfügbaren Daten und die Vernetzung mit anderen Betrieben, ergeben sich vielfältige neue Möglichkeiten in Bezug auf ressourcenschonendes, wirtschaftlicheres und kollaboratives Arbeiten. Problematiken ergeben sich mit Blick auf die Speicherung dieser sensiblen Betriebsdaten, vor allem, wenn hierfür nur einige wenige Anbieter zur Verfügung stehen. Das Forschungsprojekt „AgriRegio“ soll die digitalisierte Datenerfassung und -nutzung in landwirtschaftlichen Betrieben widerstandsfähiger machen und die sicherheitskritische Infrastruktur schützen. Sieben Projektpartner erproben dazu smarte Sensoren auf Basis standardisierter Open-Source-Technologien in der Landwirtschaft, bei denen die Betriebsdaten dezentral auf lokalen Servern gespeichert werden.

    @inproceedings{reuter_agriregio_2022,
    address = {Hamburg, Germany},
    title = {{AgriRegio}: {Infrastruktur} zur {Förderung} von digitaler {Resilienz} und {Klimaresilienz} im ländlichen {Raum} am {Beispiel} der {Pilotregion} {Nahe}-{Donnersberg}},
    isbn = {978-3-88579-720-3},
    url = {https://dl.gi.de/bitstream/handle/20.500.12116/39588/rsflab_04.pdf?sequence=1&isAllowed=y},
    doi = {10.18420/inf2022_81},
    abstract = {Die Digitalisierung schreitet auch in der Landwirtschaft immer weiter voran. Vermehrt werden in landwirtschaftlichen Betrieben sogenannte Smart Farming-Technologien eingesetzt, mit deren Hilfe verschiedenste Arbeitsabläufe automatisiert ablaufen, kontrolliert werden und mit anderen Betrieben ausgetauscht werden können. Durch die verfügbaren Daten und die Vernetzung mit anderen Betrieben, ergeben sich vielfältige neue Möglichkeiten in Bezug auf ressourcenschonendes, wirtschaftlicheres und kollaboratives Arbeiten. Problematiken ergeben sich mit Blick auf die Speicherung dieser sensiblen Betriebsdaten, vor allem, wenn hierfür nur einige wenige Anbieter zur Verfügung stehen. Das Forschungsprojekt „AgriRegio“ soll die digitalisierte Datenerfassung und -nutzung in landwirtschaftlichen Betrieben widerstandsfähiger machen und die sicherheitskritische Infrastruktur schützen. Sieben Projektpartner erproben dazu smarte Sensoren auf Basis standardisierter Open-Source-Technologien in der Landwirtschaft, bei denen die Betriebsdaten dezentral auf lokalen Servern gespeichert werden.},
    language = {de},
    booktitle = {{INFORMATIK} 2022: 52. {Jahrestagung} der {Gesellschaft} für {Informatik} – {Informatik} für {Gesellschaft} ({Workshop}-{Beiträge}), {Lecture} {Notes} in {Informatics} ({LNI})},
    publisher = {Gesellschaft für Informatik e. V.},
    author = {Reuter, Christian and Kuntke, Franz and Trapp, Matthias and Wied, Christian and Brill, Gerwin and Müller, Georg and Steinbrink, Enno and Franken, Jonas and Eberz-Eder, Daniel and Schneider, Wolfgang},
    editor = {Demmler, D. and Krupka, D. and Federrath, H.},
    year = {2022},
    keywords = {Ranking-CORE-C, Ranking-VHB-C, UsableSec, Security, Projekt-AgriRegio},
    pages = {961--972},
    }

  • Christian Reuter, Daniel Eberz-Eder, Franz Kuntke, Matthias Trapp (2022)
    RSF-Lab’22: Resilient Smart Farming Laboratory: Für eine widerstandsfähige und intelligente Landwirtschaft
    INFORMATIK 2022: 52. Jahrestagung der Gesellschaft für Informatik – Informatik für Gesellschaft (Workshop-Beiträge), Lecture Notes in Informatics (LNI) Hamburg, Germany. doi:10.18420/inf2022_78
    [BibTeX] [Download PDF]

    @inproceedings{reuter_rsf-lab22_2022,
    address = {Hamburg, Germany},
    title = {{RSF}-{Lab}’22: {Resilient} {Smart} {Farming} {Laboratory}: {Für} eine widerstandsfähige und intelligente {Landwirtschaft}},
    isbn = {978-3-88579-720-3},
    url = {https://dl.gi.de/bitstream/handle/20.500.12116/39585/rsflab_01.pdf?sequence=1&isAllowed=y},
    doi = {10.18420/inf2022_78},
    language = {de},
    booktitle = {{INFORMATIK} 2022: 52. {Jahrestagung} der {Gesellschaft} für {Informatik} – {Informatik} für {Gesellschaft} ({Workshop}-{Beiträge}), {Lecture} {Notes} in {Informatics} ({LNI})},
    publisher = {Gesellschaft für Informatik e. V.},
    author = {Reuter, Christian and Eberz-Eder, Daniel and Kuntke, Franz and Trapp, Matthias},
    editor = {Demmler, D. and Krupka, D. and Federrath, H.},
    year = {2022},
    keywords = {Security, Projekt-AgriRegio},
    pages = {931--934},
    }

  • Ali Sercan Basyurt, Jennifer Fromm, Philipp Kuehn, Marc-André Kaufhold, Milad Mirabaie (2022)
    Help Wanted – Challenges in Data Collection, Analysis and Communication of Cyber Threats in Security Operation Centers
    Proceedings of the International Conference on Wirtschaftsinformatik (WI) Nürnberg.
    [BibTeX] [Abstract] [Download PDF]

    Security Operation Centers are tasked with collecting and analyzing cyber threat data from multiple sources to communicate warning messages and solutions. These tasks are extensive and resource consuming, which makes supporting approaches valuable to experts. However, to implement such approaches, information about the challenges these experts face while performing these tasks is necessary. We therefore conducted semi-structured expert interviews to identify these challenges. By doing so, valuable insights into these challenges based on expert knowledge is acquired, which in return could be leveraged to develop automated approaches to support experts and address these challenges.

    @inproceedings{basyurt_help_2022,
    address = {Nürnberg},
    title = {Help {Wanted} - {Challenges} in {Data} {Collection}, {Analysis} and {Communication} of {Cyber} {Threats} in {Security} {Operation} {Centers}},
    url = {http://www.peasec.de/paper/2022/2022_BasyourtFrommKuehnKaufholdMirabaie_HelpWantedChallengesDataCollectionAnalysisCommunication_WI.pdf},
    abstract = {Security Operation Centers are tasked with collecting and analyzing cyber threat data from multiple sources to communicate warning messages and solutions. These tasks are extensive and resource consuming, which makes supporting approaches valuable to experts. However, to implement such approaches, information about the challenges these experts face while performing these tasks is necessary. We therefore conducted semi-structured expert interviews to identify these challenges. By doing so, valuable insights into these challenges based on expert knowledge is acquired, which in return could be leveraged to develop automated approaches to support experts and address these challenges.},
    booktitle = {Proceedings of the {International} {Conference} on {Wirtschaftsinformatik} ({WI})},
    author = {Basyurt, Ali Sercan and Fromm, Jennifer and Kuehn, Philipp and Kaufhold, Marc-André and Mirabaie, Milad},
    year = {2022},
    keywords = {Ranking-CORE-C, Security, Projekt-CYWARN},
    }

  • Daniel Eberz-Eder, Franz Kuntke, Christian Reuter (2022)
    Sensibilität für Resilient Smart Farming (RSF) und seine Bedeutung in Krisenzeiten
    42. GIL-Jahrestagung: Informatik in der Land-, Forst- und Ernährungswirtschaft Tänikon, Switzerland.
    [BibTeX] [Abstract] [Download PDF]

    Mit der globalen COVID-19-Pandemie und dem Hochwasser in West- und Mitteleuropa im Sommer 2021 hat unter anderem Deutschland in jüngster Vergangenheit zwei schwerwiegende Krisenszenarien erlebt. Die Auswirkungen auf die Gesellschaft und Wirtschaft sind verheerend. Parallel lassen sich Krisenereignisse im digitalen Raum, wie die Zunahme an Cyberkriminalität beobachten. Es wird zunehmend deutlich, dass die Resilienz analoger sowie digitaler Prozesse wichtiger für die vollständige Betriebsfähigkeit wird. Die vorliegende Arbeit setzt sich mit der Bedeutung des Resilient Smart Farming (RSF) in Krisenzeiten als Möglichkeit für eine nachhaltige, umweltgerechte und resiliente digitale Landwirtschaft auseinander. Dazu wurden u.a. lokale Schadensmeldungen gruppiert und mögliche RSF-Gegenmaßnahmen aufgezeigt. Im Ergebnis zeigt sich eine Bewertung von Konzepten des RSF hinsichtlich der Krisenprävention und -bewältigung anhand aktueller realer Beispiele. Aufgrund zunehmender Bedrohungen durch Naturkatastrophen und Cyberkriminialität gehen wir davon aus, dass die Aufmerksamkeit von Gesellschaft und Politik für die Resilienz der Primärproduktion weiter steigen wird.

    @inproceedings{eberz-eder_sensibilitat_2022,
    address = {Tänikon, Switzerland},
    title = {Sensibilität für {Resilient} {Smart} {Farming} ({RSF}) und seine {Bedeutung} in {Krisenzeiten}},
    url = {https://peasec.de/paper/2022/2022_EberzEderKuntkeReuter_SensibilitaetResilientSmartFarmingKrisen_GIL.pdf},
    abstract = {Mit der globalen COVID-19-Pandemie und dem Hochwasser in West- und Mitteleuropa im Sommer 2021 hat unter anderem Deutschland in jüngster Vergangenheit zwei schwerwiegende Krisenszenarien erlebt. Die Auswirkungen auf die Gesellschaft und Wirtschaft sind verheerend. Parallel lassen sich Krisenereignisse im digitalen Raum, wie die Zunahme an Cyberkriminalität beobachten. Es wird zunehmend deutlich, dass die Resilienz analoger sowie digitaler Prozesse wichtiger für die vollständige Betriebsfähigkeit wird. Die vorliegende Arbeit setzt sich mit der Bedeutung des Resilient Smart Farming (RSF) in Krisenzeiten als Möglichkeit für eine nachhaltige, umweltgerechte und resiliente digitale Landwirtschaft auseinander. Dazu wurden u.a. lokale Schadensmeldungen gruppiert und mögliche RSF-Gegenmaßnahmen aufgezeigt. Im Ergebnis zeigt sich eine Bewertung von Konzepten des RSF hinsichtlich der Krisenprävention und -bewältigung anhand aktueller realer Beispiele. Aufgrund zunehmender Bedrohungen durch Naturkatastrophen und Cyberkriminialität gehen wir davon aus, dass die Aufmerksamkeit von Gesellschaft und Politik für die Resilienz der Primärproduktion weiter steigen wird.},
    booktitle = {42. {GIL}-{Jahrestagung}: {Informatik} in der {Land}-, {Forst}- und {Ernährungswirtschaft}},
    publisher = {Gesellschaft für Informatik},
    author = {Eberz-Eder, Daniel and Kuntke, Franz and Reuter, Christian},
    year = {2022},
    keywords = {Projekt-GeoBox, Projekt-AgriRegio},
    }

    Weitere Publikationen / Other Publications

  • Markus Bayer, Philipp Kuehn, Ramin Shanehsaz, Christian Reuter (2022)
    CySecBERT: A Domain-Adapted Language Model for the Cybersecurity Domain
    2022. doi:10.48550/ARXIV.2212.02974
    [BibTeX] [Download PDF]

    @techreport{bayer_cysecbert_2022,
    title = {{CySecBERT}: {A} {Domain}-{Adapted} {Language} {Model} for the {Cybersecurity} {Domain}},
    copyright = {arXiv.org perpetual, non-exclusive license},
    url = {https://arxiv.org/abs/2212.02974},
    institution = {arXiv},
    author = {Bayer, Markus and Kuehn, Philipp and Shanehsaz, Ramin and Reuter, Christian},
    year = {2022},
    doi = {10.48550/ARXIV.2212.02974},
    keywords = {Projekt-ATHENE-SecUrban, Projekt-CYWARN},
    }

  • Oliver Meier, Michael Brzoska, Anna-Katharina Ferl, Sascha Hach, Markus_ Bayer, Max Mutschler, Berenike Prem, Thomas Reinhold, Stefka Schmid, Matthias Schwarz (2022)
    Für eine umfassende, globale und aktive Abrüstungs- und Rüstungskontrollpolitik
    2022.
    [BibTeX] [Download PDF]

    @techreport{meier_fur_2022,
    title = {Für eine umfassende, globale und aktive {Abrüstungs}- und {Rüstungskontrollpolitik}},
    url = {https://fourninesecurity.de/2022/11/10/fuer-eine-umfassende-globale-und-aktive-abruestungs-und-ruestungskontrollpolitik},
    language = {de},
    author = {Meier, Oliver and Brzoska, Michael and Ferl, Anna-Katharina and Hach, Sascha and Bayer, Markus\_ and Mutschler, Max and Prem, Berenike and Reinhold, Thomas and Schmid, Stefka and Schwarz, Matthias},
    year = {2022},
    }

  • Markus Bayer, Tobias Frey, Christian Reuter (2022)
    Multi-Level Fine-Tuning, Data Augmentation, and Few-Shot Learning for Specialized Cyber Threat Intelligence
    2022. doi:10.48550/ARXIV.2207.11076
    [BibTeX] [Download PDF]

    @techreport{bayer_multi-level_2022,
    title = {Multi-{Level} {Fine}-{Tuning}, {Data} {Augmentation}, and {Few}-{Shot} {Learning} for {Specialized} {Cyber} {Threat} {Intelligence}},
    copyright = {arXiv.org perpetual, non-exclusive license},
    url = {https://arxiv.org/abs/2207.11076},
    institution = {arXiv},
    author = {Bayer, Markus and Frey, Tobias and Reuter, Christian},
    year = {2022},
    doi = {10.48550/ARXIV.2207.11076},
    keywords = {Student, Security, Projekt-CYWARN},
    }

  • Philipp Kuehn, David Relke, Christian Reuter (2022)
    Common Vulnerability Scoring System Prediction based on Open Source Intelligence Information Sources
    2022. doi:10.48550/arXiv.2210.02143
    [BibTeX] [Abstract] [Download PDF]

    The number of newly published vulnerabilities is constantly increas- ing. Until now, the information available when a new vulnerability is published is manually assessed by experts using a Common Vul- nerability Scoring System (CVSS) vector and score. This assessment is time consuming and requires expertise. Various works already try to predict CVSS vectors or scores using machine learning based on the textual descriptions of the vulnerability to enable faster as- sessment. However, for this purpose, previous works only use the texts available in databases such as National Vulnerability Database. With this work, the publicly available web pages referenced in the National Vulnerability Database are analyzed and made available as sources of texts through web scraping. A Deep Learning based method for predicting the CVSS vector is implemented and eval- uated. The present work provides a classification of the National Vulnerability Database’s reference texts based on the suitability and crawlability of their texts. While we identified the overall in- fluence of the additional texts is negligible, we outperformed the state-of-the-art with our Deep Learning prediction models.

    @techreport{kuehn_common_2022,
    title = {Common {Vulnerability} {Scoring} {System} {Prediction} based on {Open} {Source} {Intelligence} {Information} {Sources}},
    copyright = {arXiv.org perpetual, non-exclusive license},
    url = {https://web7.arxiv.org/pdf/2210.02143.pdf},
    abstract = {The number of newly published vulnerabilities is constantly increas-
    ing. Until now, the information available when a new vulnerability
    is published is manually assessed by experts using a Common Vul-
    nerability Scoring System (CVSS) vector and score. This assessment
    is time consuming and requires expertise. Various works already
    try to predict CVSS vectors or scores using machine learning based
    on the textual descriptions of the vulnerability to enable faster as-
    sessment. However, for this purpose, previous works only use the
    texts available in databases such as National Vulnerability Database.
    With this work, the publicly available web pages referenced in the
    National Vulnerability Database are analyzed and made available
    as sources of texts through web scraping. A Deep Learning based
    method for predicting the CVSS vector is implemented and eval-
    uated. The present work provides a classification of the National
    Vulnerability Database’s reference texts based on the suitability
    and crawlability of their texts. While we identified the overall in-
    fluence of the additional texts is negligible, we outperformed the
    state-of-the-art with our Deep Learning prediction models.},
    language = {en},
    institution = {arXiv},
    author = {Kuehn, Philipp and Relke, David and Reuter, Christian},
    year = {2022},
    doi = {10.48550/arXiv.2210.02143},
    keywords = {Student, Security, Projekt-ATHENE-SecUrban, Projekt-CYWARN},
    }

  • Philipp Kuehn, Moritz Kerk, Marc Wendelborn, Christian Reuter (2022)
    Clustering of Threat Information to Mitigate Information Overload for Computer Emergency Response Teams
    2022.
    [BibTeX] [Abstract] [Download PDF]

    The constantly increasing number of threats and the existing diversity of information sources pose challenges for Computer Emergency Response Teams (CERTs). In order to respond to new threats, CERTs need to gather information in a timely and comprehensive manner. However, the volume of information and sources can lead to information overload. This paper answers the question of how to reduce information overload for CERTs with the help of clustering methods. Conditions for such a framework were established and subsequently tested. In order to perform an evaluation, different types of evaluation metrics were introduced and selected in relation to the framework conditions. Furthermore, different vectorizations and distance measures in combination with the clustering methods were evaluated and interpreted. Two different ground-truth datasets were used for the evaluation, one containing threat messages and a dataset with messages from different news categories. The work shows that the K-means clustering method along with TF-IDF vectorization and cosine distance provide the best results in the domain of threat messages.

    @techreport{kuehn_clustering_2022,
    title = {Clustering of {Threat} {Information} to {Mitigate} {Information} {Overload} for {Computer} {Emergency} {Response} {Teams}},
    copyright = {arXiv.org perpetual, non-exclusive license},
    url = {https://arxiv.org/pdf/2210.14067.pdf},
    abstract = {The constantly increasing number of threats and the existing diversity of information sources pose challenges for Computer Emergency Response Teams (CERTs). In order to respond to new threats, CERTs need to gather information in a timely and comprehensive manner. However, the volume of information and sources can lead to information overload. This paper answers the question of how to reduce information overload for CERTs with the help of clustering methods. Conditions for such a framework were established and subsequently tested. In order to perform an evaluation, different types of evaluation metrics were introduced and selected in relation to the framework conditions. Furthermore, different vectorizations and distance measures in combination with the clustering methods were evaluated and interpreted. Two different ground-truth datasets were used for the evaluation, one containing threat messages and a dataset with messages from different news categories. The work shows that the K-means clustering method along with TF-IDF vectorization and cosine distance provide the best results in the domain of threat messages.},
    language = {en},
    institution = {arXiv},
    author = {Kuehn, Philipp and Kerk, Moritz and Wendelborn, Marc and Reuter, Christian},
    year = {2022},
    note = {https://doi.org/10.48550/arXiv.2210.14067},
    keywords = {Student, Security, Projekt-ATHENE-SecUrban, Projekt-CYWARN},
    }

    PEASEC-Jahresbilanz 2022: Jubliläumsjahr, Konferenzausrichtung „Mensch und Computer“, Medienpräsenz und Promotionen