Dr. Marc Ohm

Researcher

Contact
Phone: +49 228 73-60531
Fax: +49 228 73-54254
Email: ohm@REMOVETHISPART.cs.uni-bonn.de
PGP public key: 0x9156D1B6
   
Visitor address: Institute of Computer Science 4
Friedrich-Hirzebruch-Allee 8
D-53115 Bonn
Germany
Postal address: Friedrich-Hirzebruch-Allee 5
Room: 1.018
 

Research Topics

  • Threat Intelligence
  • Software Supply Chain Attacks

 

 

Teaching

If you are interested in a topic do not hesitate to contact me.

Supervised Topics

2023

  • A Survey of Software Supply Chain Attack Detection Approaches (Seminar)
  • Detection of Malicious Packages with Semgrep (Lab)
  • Another Kind of Supply Chain: Stack Overflow Snippets (Masterarbeit)
  • Zwei Ansätze zur Sicherung der Software Supply Chain durch Erweiterung des Heimdall Systems (Projektgruppe)

2022

  • Analysis of the Kaseya Supply Chain Attack (Seminar)
  • Statistische Charakterisierung bekannter, trojanisierter Softwarepakete und Evaluation eines Früherkennungssystems für solche (Bachelorarbeit)
  • Estimating the vulnerability of open source software software projects to supply chain attacks (Lab)
  • Sicheres und effizientes DIY IoT (Projektgruppe)
  • Dynamic Capability Reduction to Create Resilience against Malicious Software Updates (Masterarbeit)

2021

  • Safeguards for Package Repositories to prevent Software Supply Chain Attacks (Seminar)
  • Detektion von Software Supply Chain Angriffen anhand von Softwareartefakten aus dynamischer Analyse (Bachelorarbeit)
  • Machine Learning Leveraged to Evaluate Software Packages’ Utilization in Software Supply Chain Attacks (Lab)
  • CSI basierte Lokalisierung in Innenräumen mittels maschinellen Lernens (Bachelorarbeit)
  • ChangeDrift - Anomaly Detection Based on Divergent Behaviour of Homogeneous IoT Devices (Masterarbeit)
  • Postmortem of the SolarWinds Software Supply Chain Attack (Seminar)
  • Erkennung von trojanisierten Softwarepaketen mittels Autoencoder (Bachelorarbeit)

2020

  • Erweiterung von Cuckoo Sandbox zum Extrahieren von Observables aus Docker-Containern (Projektgruppe)
  • Detektion von Software Supply Chain Attacks durch Codeähnlichkeitsanalyse (Bachelorarbeit)
  • Supply Chain Attacks Based on In-Depth Analysis of the event-stream Incident (Seminar)
  • Inferenz der Wohnorte von Besitzern Wi-Fi fähiger Geräte anhand ihrer Preferred Network List (Projektgruppe)

2019

  • Klassifikation von SSL-Zertifikaten zur Erkennung von Phishing-Webseiten (Bachelorarbeit)
  • Auswirkung von Adblocking auf den Energieverbrauch von Netzwerkgeräten (Bachelorarbeit)

2018

  • The Use of Gamification in Authentication Processes (Seminar)
  • Personal Data Privacy & Linkability: Pseudonymization (Lab)

2017

  • State of the Art in Gamification of Cyber Security (Seminar)
  • Konzeption und Implementierung eines Einreichsystems für IT-Sicherheitsmetriken (Projektgruppe)
  • reCAP - Automatisierte Rekonstruktion von PCAP Dateien anhand von Bedrohungsbeschreibungen (Bachelorarbeit)
  • IP Archive - Langzeitspeicherung von IP-Adressinformationen zur forensischen Analyse (Bachelorarbeit)
  • Überwachung neu-registrierter Domains zur Aufdeckung von Phishingversuchen (Bachelorarbeit)

 

 

Publications

Power Consumption of Common Symmetric Encryption Algorithms on Low-Cost Microchips
Ohm, M., Taufenbach, L., Weber, K., Pohl, T. (2023, Oktober)
EnviroInfo 2023. LNI.

Measuring Resource Efficiency of LaTeX Paper Templates
Pohl, T., Ohm, M. (2023, Oktober)
EnviroInfo 2023. LNI.

SoK: Practical Detection of Software Supply Chain Attacks
Ohm, M., Stuke, C. (2023, August)
18th International Conference on Availability, Reliability and Security. ACM.

You Can Run But You Can't Hide: Runtime Protection Against Malicious Package Updates For Node. js
Ohm, M.,Pohl, T., Boes, F. (2023)
arXiv preprint arXiv:2305.19760

On the Feasibility of Supervised Machine Learning for the Detection of Malicious Software Packages
Ohm, M., Boes F., Bungartz, C., Meier M. (2022, August)
17th International Conference on Availability, Reliability and Security. ACM.

Towards Detection of Malicious Software Packages Through Code Reuse by Malevolent Actors
Ohm, M., Kempf L., Boes F., Meier M. (2022, April)
Sicherheit 2022

Software Supply Chain Angriffe - Analyse und Erkennung
Ohm, M. (2021, September)
Dissertation - Universitäts- und Landesbibliothek Bonn

Towards Detection of Software Supply Chain Attacks by Forensic Artifacts
Ohm, M., Sykosch, A., Meier, M. (2020, August)
15th International Conference on Availability, Reliability and Security. ACM.

An Investigation on the Feasibility of the Bluetooth Frequency Hopping Mechanism for the Use as a Covert Channel Technique
Vogel, D., Akhmedjanov, A., Ohm, M., Meier, M. (2020, August)
15th International Conference on Availability, Reliability and Security. ACM.

Backstabber's Knife Collection: A Review of Open Source Software Supply Chain Attacks
Ohm, M., Plate, H., Sykosch, A., Meier, M. (2020, July)
17th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (p. 23). Springer.

The environmental impact of online advertisement
Ohm, M., Prahl-Kamps F., Vogel, D. (2019, September)
Adjunct Proceedings of the 33rd edition of the EnviroInfo (p. 298). Shaker.

Automated Pattern Inference Based on Repeatedly Observed Malware Artifacts
Doll, C., Sykosch, A., Ohm, M., Meier, M. (2019, August)
In Proceedings of the 14th International Conference on Availability, Reliability and Security (p. 82). ACM.

Hunting Observable Objects for Indication of Compromise
Sykosch, A., Ohm, M., Meier, M. (2018, August)
In Proceedings of the 13th International Conference on Availability, Reliability and Security (p. 59). ACM.

 

 

Projects

ProjectLink
SPARTA - Re-imagining the way cybersecurity research, innovation, and training are performed in the European Unionundefinedsparta.eu
OVERVIEW: Cyber Security situational reports as decision supportundefineditsec.cs.uni-bonn.de/overview