Dr. Marc Ohm
Researcher
|
Research Topics
- Threat Intelligence
- Software Supply Chain Attacks
Teaching
If you are interested in a topic do not hesitate to contact me.
Supervised Topics
2023
- A Survey of Software Supply Chain Attack Detection Approaches (Seminar)
- Detection of Malicious Packages with Semgrep (Lab)
- Another Kind of Supply Chain: Stack Overflow Snippets (Masterarbeit)
- Zwei Ansätze zur Sicherung der Software Supply Chain durch Erweiterung des Heimdall Systems (Projektgruppe)
2022
- Analysis of the Kaseya Supply Chain Attack (Seminar)
- Statistische Charakterisierung bekannter, trojanisierter Softwarepakete und Evaluation eines Früherkennungssystems für solche (Bachelorarbeit)
- Estimating the vulnerability of open source software software projects to supply chain attacks (Lab)
- Sicheres und effizientes DIY IoT (Projektgruppe)
- Dynamic Capability Reduction to Create Resilience against Malicious Software Updates (Masterarbeit)
2021
- Safeguards for Package Repositories to prevent Software Supply Chain Attacks (Seminar)
- Detektion von Software Supply Chain Angriffen anhand von Softwareartefakten aus dynamischer Analyse (Bachelorarbeit)
- Machine Learning Leveraged to Evaluate Software Packages’ Utilization in Software Supply Chain Attacks (Lab)
- CSI basierte Lokalisierung in Innenräumen mittels maschinellen Lernens (Bachelorarbeit)
- ChangeDrift - Anomaly Detection Based on Divergent Behaviour of Homogeneous IoT Devices (Masterarbeit)
- Postmortem of the SolarWinds Software Supply Chain Attack (Seminar)
- Erkennung von trojanisierten Softwarepaketen mittels Autoencoder (Bachelorarbeit)
2020
- Erweiterung von Cuckoo Sandbox zum Extrahieren von Observables aus Docker-Containern (Projektgruppe)
- Detektion von Software Supply Chain Attacks durch Codeähnlichkeitsanalyse (Bachelorarbeit)
- Supply Chain Attacks Based on In-Depth Analysis of the event-stream Incident (Seminar)
- Inferenz der Wohnorte von Besitzern Wi-Fi fähiger Geräte anhand ihrer Preferred Network List (Projektgruppe)
2019
- Klassifikation von SSL-Zertifikaten zur Erkennung von Phishing-Webseiten (Bachelorarbeit)
- Auswirkung von Adblocking auf den Energieverbrauch von Netzwerkgeräten (Bachelorarbeit)
2018
- The Use of Gamification in Authentication Processes (Seminar)
- Personal Data Privacy & Linkability: Pseudonymization (Lab)
2017
- State of the Art in Gamification of Cyber Security (Seminar)
- Konzeption und Implementierung eines Einreichsystems für IT-Sicherheitsmetriken (Projektgruppe)
- reCAP - Automatisierte Rekonstruktion von PCAP Dateien anhand von Bedrohungsbeschreibungen (Bachelorarbeit)
- IP Archive - Langzeitspeicherung von IP-Adressinformationen zur forensischen Analyse (Bachelorarbeit)
- Überwachung neu-registrierter Domains zur Aufdeckung von Phishingversuchen (Bachelorarbeit)
Publications
Using Pre-trained Transformers to Detect Malicious Source Code Within JavaScript Packages
Ohm, M., Götz, J. (2024)
INFORMATIK 2024. LNI.
Assessing the Impact of Large Language Models on Cybersecurity Education: A Study of ChatGPT's Influence on Student Performance
Ohm, M., Bungartz, C., Boes, F., Meier, M. (2024)
19th International Conference on Availability, Reliability and Security. ACM.
You Can Run But You Can’t Hide: Runtime Protection Against Malicious Package Updates For Node.js
Pohl, T., Ohm, M., Boes F., Meier M. (2024)
Sicherheit 2024. LNI.
Power Consumption of Common Symmetric Encryption Algorithms on Low-Cost Microchips
Ohm, M., Taufenbach, L., Weber, K., Pohl, T. (2023, Oktober)
EnviroInfo 2023. LNI.
Measuring Resource Efficiency of LaTeX Paper Templates
Pohl, T., Ohm, M. (2023, Oktober)
EnviroInfo 2023. LNI.
SoK: Practical Detection of Software Supply Chain Attacks
Ohm, M., Stuke, C. (2023, August)
18th International Conference on Availability, Reliability and Security. ACM.
You Can Run But You Can't Hide: Runtime Protection Against Malicious Package Updates For Node. js
Ohm, M.,Pohl, T., Boes, F. (2023)
arXiv preprint arXiv:2305.19760
On the Feasibility of Supervised Machine Learning for the Detection of Malicious Software Packages
Ohm, M., Boes F., Bungartz, C., Meier M. (2022, August)
17th International Conference on Availability, Reliability and Security. ACM.
Towards Detection of Malicious Software Packages Through Code Reuse by Malevolent Actors
Ohm, M., Kempf L., Boes F., Meier M. (2022, April)
Sicherheit 2022
Software Supply Chain Angriffe - Analyse und Erkennung
Ohm, M. (2021, September)
Dissertation - Universitäts- und Landesbibliothek Bonn
Towards Detection of Software Supply Chain Attacks by Forensic Artifacts
Ohm, M., Sykosch, A., Meier, M. (2020, August)
15th International Conference on Availability, Reliability and Security. ACM.
An Investigation on the Feasibility of the Bluetooth Frequency Hopping Mechanism for the Use as a Covert Channel Technique
Vogel, D., Akhmedjanov, A., Ohm, M., Meier, M. (2020, August)
15th International Conference on Availability, Reliability and Security. ACM.
Backstabber's Knife Collection: A Review of Open Source Software Supply Chain Attacks
Ohm, M., Plate, H., Sykosch, A., Meier, M. (2020, July)
17th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (p. 23). Springer.
The environmental impact of online advertisement
Ohm, M., Prahl-Kamps F., Vogel, D. (2019, September)
Adjunct Proceedings of the 33rd edition of the EnviroInfo (p. 298). Shaker.
Automated Pattern Inference Based on Repeatedly Observed Malware Artifacts
Doll, C., Sykosch, A., Ohm, M., Meier, M. (2019, August)
In Proceedings of the 14th International Conference on Availability, Reliability and Security (p. 82). ACM.
Hunting Observable Objects for Indication of Compromise
Sykosch, A., Ohm, M., Meier, M. (2018, August)
In Proceedings of the 13th International Conference on Availability, Reliability and Security (p. 59). ACM.
Projects
Project | Link |
---|---|
DROPS - Data trust module for preventive protection against identity data misuse | itsec.cs.uni-bonn.de/drops |
SPARTA - Re-imagining the way cybersecurity research, innovation, and training are performed in the European Union | sparta.eu |
OVERVIEW: Cyber Security situational reports as decision support | itsec.cs.uni-bonn.de/overview |