Dipl.-Inform. Matthias Wübbeling

Researcher

Contact
Phone:	+49 228 73-54250
Fax:	+49 228 73-54254
Email:	matthias.wuebbeling@REMOVETHISPART.cs.uni-bonn.de
PGP public key:	0x4E38E7B6

Address
	Institute of Computer Science 4 Endenicher Allee 19A 53115 Bonn Germany
Room:	1.016

Research

Projects:

with Fraunhofer FKIE:

"Monitoring durch Informationsfusion und Klassifikation zur Anomalieerkennung (MonIKA)", funded by Bundesministerium für Bildung und Forschung (BMBF), 2012 - 2014 (Website)
"Analyse von Routinganomalien und Gegenmaßnahmen zur Absicherung der Kommunikation über das öffentliche Internet", internal project, 2015 - 2016
"Detection of the NSA attack 'Quantuminsert' in enterprise networks", internal project, 2014 - 2015
"NSA network attacks beside 'Quantuminsert'", research & developement, 2015 - 2017
"Threat Intelligence / Sharing Threat Information", internal project. Since 2017

with University of Bonn:

"Erkennung von Fehlkonfiguration im und Angriffen auf das Inter-Domain-Routing", funded by Deutsche Forschungsgemeinschaft (DFG), 2012
"IT-Sicherheits Awareness Penetration Testing (ITS.APT)", funded by Bundesministerium für Bildung und Forschung (BMBF), 2015 - 2018 (Website)
"Threat Intelligence - Stix2IDS", research & developement, 2014 - 2015
"Effektive Information nach Digitalem Identitätsdiebstahl (EIDI)", funded by Bundesministerium für Bildung und Forschung (BMBF), 2017 - 2019 (Website)
"Strategic Programs for Advanced Research and Technology in Europe (SPARTA)", 2019 - 2021 (Website)

with TU Dortmund University:

"sms&charge", funded by Bundesministerium für Bildung und Forschung (BMBF), 2011 (Website)

Interests:

IT and network security.
Detection and classification of network anomalies.
Analyzation and visualization of effects of and countermeasures against network anomalies.
Privacy, pseudonymization and anonymization in global networks (namely the Internet).
Digitally signed and encrypted communication and plausible deniability.
Microcontroller hacking and programing (arduino).

Teaching

General:

If you are interested in one of the research topics above and would like me to supervise your bachelor or master thesis or lab, do not hesitate to drop me an email or come by my office.

Open Theses:

Topic Overview

ST 2019:

Lectures:

Lecture "IT Security" on behalf of Prof. Dr. Meier: "Internet Routing (and anomaly detection)", tba.

Bachelor Theses:

Datenschutzfreundliche Aktualitätsprüfung von Identitätsdaten bei Online-Diensten (Khosro Tahmasebie) [thesis]

Labs/Projects:

Clustered Detection of Routing Anomalies and Calculation of Prefix-Hijacking Consequences (Andy Fano) [report]

WT 2018/19:

Labs/Projects:

Characteristics of Complex Computer Networks at the example of Inter Domain Networks (Andy Fano) [report]

Seminars:

Supervisor in Seminar: Selected Topics in IT-Security

ST 2018:

Lectures:

Exercises to "IT Security" (lecture by Prof. Dr. Meier)
Lecture "IT Security" on behalf of Prof. Dr. Meier: "Internet Routing (and anomaly detection)", Apr. 19th
Lecture "IT Security" on behalf of Prof. Dr. Meier: "Internet Routing (and anomaly detection) - Part II", Apr. 26th

Master Theses:

Measuring slotcar performance with automated test runs on race tracks (Lorenzo Pfeifer) [thesis]

Labs/Projects:

Cluster Based Computation of Prefix Hijacking Events and Their Consequences (Björn Urban, Christian Zaharia) [report]

WT 2017/18:

Lectures:

Lecture "IT-Sicherheit" on behalf of Prof. Dr. Meier: "Informationstechnik - Computer und Netze", Oct. 26th

Bachelor Theses:

Carrera: Position Tracking of Human Controlled Objects on a Well Known Path (cancelled)
Clustering der Beziehungsanalyse von Autonomen Systemen (Alexander Kuchenbuch) [thesis]

Seminars:

Supervisor in Seminar: Selected Topics in IT-Security

ST 2017:

Lectures:

Exercises to "IT Security" (lecture by Prof. Dr. Meier)
Lecture "IT Security" on behalf of Prof. Dr. Meier: "Internet Routing (and anomaly detection)", Apr. 20th
Lecture "IT Security" on behalf of Prof. Dr. Meier: "Internet Routing (and anomaly detection) - Part II", Apr. 27th

Bachelor Theses:

Thunderbird Suchfunktion für GnuPG verschlüsselte E-Mails (Alexander Reiter) [thesis]
Analyse und Normalisierung von identitätsbezogenen Daten (Jonas Prämaßing) [thesis]

WT 2016/17:

Bachelor Theses:

Automatische Konfiguration von Routern zur Umgehung von Routing-Anomalien (Andy Fano) [thesis]

Master Theses:

Security Analysis of Autonomic Networking on Cisco gear (Omar Eissa) [thesis]
Systeme und Prozesse zum proaktiven Abgleich gestohlener Identitätsdaten unter Beachtung von Datenschutzaspekten (Franz Jaspers, TH Köln) [thesis]

ST 2016:

Lectures:

Exercises to "IT Security" (lecture by Prof. Dr. Meier)
Lecture "IT Security" on behalf of Prof. Dr. Meier: "Internet Routing (and anomaly detection)", Jul. 7th
Lecture "IT Security" on behalf of Prof. Dr. Meier: "Internet Routing (and anomaly detection) - Part II", Jul. 14th

Labs/Projects:

Consequences caused by Internet Routing Anomalies (Lab)
Prefix-Hijacking im Internet - Partitionen (Projektgruppe)
Carrera: Optimale Geist-Gegner auf Basis von Mikrocontrollern (Projektgruppe)

Master Theses:

ITS.APT: Infrastructure Provisioning for Human Penetration Testing (René Neff) [thesis]

Bachelor Theses:

ITS.APT: Artefakte und Benutzer-Reaktionen zur Messung von IT-Sicherheitsbewusstsein (Tim Jüliger) [thesis]
Erkennung von gefälschten TCP-Paketen und Ergreifen von Gegenmaßnahmen unter Linux (Lorenzo Pfeifer) [thesis]

Seminars:

Supervisor in Seminar: Selected Topics in IT Security

WT 2015/16:

Labs/Projects:

E-Mail-Phishing als technische Komponente zur Messung von IT-Sicherheitsbewusstsein

ST 2015:

Lectures:

Exercises to "Systemnahe Informatik" (lecture by Prof. Dr. Martini)
Exercises to "IT Security" (lecture by Prof. Dr. Meier)
Lecture "IT Security" on behalf of Prof. Dr. Meier: "Internet Routing (and anomaly detection)", Apr. 16th
Lecture "IT Security" on behalf of Prof. Dr. Meier: "Internet Routing (and anomaly detection) - Part II", Apr. 23rd

WT 2014/15:

Labs/Projects:

Secure Online and Offline Transactions with Google Glass [report]

Master Theses:

Quantuminsert Detection in TOR Environments

Bachelor Theses:

Entwicklung eines Frameworks zur Funktionsprüfung von On-Chip-Kryptografie (Maximilian Häring) [thesis]

ST 2014:

Lectures:

Exercises to "Systemnahe Informatik" (lecture by Prof. Dr. Martini)

Seminars:

Supervisor in Seminar: Selected Topics in IT Security

Bachelor Theses:

Realisierung externer kryptografischer Funktionen für Arduino. (René Neff) [thesis]
Internet-Routing-Situationen mit GNS3 darstellen. (Thomas Trimborn) [thesis]
Aufnahme und Wiedergabe von Tastatur-Eingabesequenzen mittels Arduino Mikrocontroller. (Andreas Fritz) [thesis]

WT 2013/14:

Lectures:

Exercises to "Systemnahe Programmierung" (lecture by Prof. Dr. Meier and Dr. Frank)
Lecture "Systemnahe Programmierung" on behalf of Prof. Dr. Meier: "C network programming (part II)", Nov. 5th

Labs/Projects:

Human Intrusion Detection System (Bachelor PG, Andreas Fritz)

Diploma Thesis:

Implementierung und Evaluation theoretischer Lösungen zur Verifikation von BGP-Announcements

ST 2013:

Lectures:

Exercises to "Systemnahe Informatik" (lecture by Prof. Dr. Martini)

Labs/Projects:

Entwicklung einer Netzwerk-basierten Infrarot-Fernbedienung (Bachelor PG, Rene Neff and Thomas Trimborn) [report] ("Best Presentation Award" (€200) for our paper "ARINA - Arduino Remote Infrared Network Adapter" at the CSCUBS Conference. Bonn. 2014)
Entwicklung eines Browser-Plugins zur Routenüberwachung (Bachelor PG, Maximilian Häring) [report]

Diploma Thesis:

Verifikation von BGP-AS-Pfaden anhand von traceroute-basierter Internet-Topologie

WT 2012/13:

Lectures:

Exercises to "Systemnahe Programmierung" (lecture by Prof. Dr. Meier and Dr. Frank)
Lecture "Systemnahe Programmierung" on behalf of Prof. Dr. Meier: "C network programming (part I)", Oct. 23rd

ST 2012:

Lectures:

Exercises to "Systemnahe Informatik" (lecture by Prof. Dr. Martini)

Master Thesis:

Automatic Classification, Analysis and Evaluation of MOAS Conflicts (Zia Ul Huda)

Bachelor Thesis:

Heuristische Klassifikation und Analyse von Topologieinformationen in BGP-Update-Nachrichten zur verteilten computergestützten Erkennung von Anomalien im globalen Internetrouting (Fabian Rump)

Publications

2018:

D. Gruss, M. Schwarz, M. Wübbeling, S. Guggi, T. Malderle, S. More, M. Lipp. Use-After-FreeMail: Generalizing the Use-After-Free Problem and Applying it to Email Services. (Announced) In: ASIA CCS ’18: 2018 ACM Asia Conference on Computer and Communications Security, Incheon, Republic of Korea. June 2018. [PDF]
T. Malderle, M. Wübbeling, S. Knauer, M. Meier: Gathering and Analyzing Identity Leaks for a proactive Warning of affected Users (Short Paper). ACM International Conference on Computing Frontiers 2018, Ischia, Italy , May 8-10, 2018. [PDF]
T. Malderle, M. Wübbeling, S. Knauer, M. Meier. Ein Werkzeug zur automatisierten Analyse von Identitätsdaten-Leaks. In: Langweg, H., Meier, M., Witt, B. C. & Reinhardt, D. (Hrsg.), SICHERHEIT 2018. Bonn: Gesellschaft für Informatik e.V.. pp. 43-54. Konstanz. Apr. 2018. [PDF]
T. Malderle, M. Wübbeling, M. Meier. Sammlung geleakter Identitätsdaten zur Vorbereitung proaktiver Opfer-Warnung. MKWI 2018. Lüneburg. Mar. 2018. [PDF]

2017:

M. Wübbeling, M. Meier. Reclaim Your Prefix: Mitigation of Prefix Hijacking Using IPSec Tunnels. In: Proceedings of IEEE 42nd Conference on Local Computer Networks. Singapore. Oct. 2017 [PDF]
M. Wübbeling, A. Sykosch, M.Meier. Quantum suite - A look inside the NSA toolbox. In: Digitale Gesellschaft zwischen Risikobereitschaft und Sicherheitsbedürfnis. (Tagungsband zum 15. Deutschen IT-Sicherheitskongress). pp 239 - 254. Bonn. May 2017.

2016:

M. Wübbeling, M. Meier. Improved Calculation of AS Resilience Against IP Prefix Hijacking. In: Proceedings of IEEE 41st Conference on Local Computer Networks Workshops. Dubai. Nov. 2016 [PDF]

2015:

A. Sykosch, M. Wübbeling. How IT Security Awareness Should be Tested. In: Proceedings of the 10. GI SIG SIDAR Graduate Workshop on Reactive Security (SPRING). Matthias Wübbeling (Ed.). Technical Report SR-2015-01. GI FG SIDAR. Neubiberg/Bonn. July 2015.
M. Wübbeling, A. Sykosch. Intelligence Driven Intrusion Detection. In: Proceedings of the 10. GI SIG SIDAR Graduate Workshop on Reactive Security (SPRING). Matthias Wübbeling (Ed.). Technical Report SR-2015-01. GI FG SIDAR. Neubiberg/Bonn. July 2015.
A. Sykosch, M. Wübbeling. STIX 2 IDS. Coordinating Attack Response at Internet Scale (CARIS) Workshop. Berlin. June 2015.
M. Wübbeling, A. Sykosch, M.Meier. MonIKA: Cooperative IT Security Monitoring for Competing Participants. In: Risiken kennen, Herausforderungen annehmen, Lösungen gestalten (Tagungsband zum 14. Deutschen IT-Sicherheitskongress). pp 427 - 438. Bonn. May 2015. [slides]

2014:

M. Wübbeling, M.Meier. Utilization of Traceroutes to Improve Cooperative Detection of Internet Routing Anomalies. In: Proceedings of 9th Future Security - Security Research Conference. Klaus Thoma, Ivo Häring, Tobias Leismann (Eds.). Berlin. September 2014.
T. Kiesling, N. Motsch, H. Kaufmann, M. Wübbeling, T. Elsner, M. Meier. Collaborative Security Monitoring based on the MonIKA Framework for Privacy-Preserving Information Sharing. In: Proceedings of 9th Future Security - Security Research Conference. Klaus Thoma, Ivo Häring, Tobias Leismann (Eds.). Berlin. September 2014.
M. Wübbeling. Improved Routing Anomaly Detection to Protect End Users. In: Proceedings of the Ninth GI SIG SIDAR Graduate Workshop on Reactive Security (SPRING). Matthias Meyer (Ed.). Technical Report SR-2014-01. page 6. GI FG SIDAR. Bochum. July 2014.
M. Wübbeling, T.Elsner, M. Meier. Inter-AS Routing Anomalies: Improved Detection and Classification. In: Proceedings of 6th International Conference on Cyber Conflict. P. Brangetto, M. Maybaum, J. Stinissen (Eds.). Tallin. June 2014. [PDF]

2013:

P. Roos, P. Schumacher, T. Elsner, M. Wübbeling. Rechtliche Betrachtung von Desinfektionsmaßnahmen zur Botnetzbekämpfung durch Internet-Service-Provider. In: Informationssicherheit stärken – Vertrauen in die Zukunft schaffen (Tagungsband zum 13. Deutschen IT-Sicherheitskongress). pp. 37 – 53. Bonn. May 2013. [slides]
M. Wübbeling. Visibility of Routing Anomalies for End Users. In: Proceedings of the Eight GI SIGSIDAR Graduate Workshop on Reactive Security (SPRING). Christoph Pohl, Sebastian Schinzel, Steffen Wendzel (Eds.). Technical Report SR-2013-01, GI FGSIDAR, Munich, February 2013.

2012:

T. Elsner, M. Meier, M. Wübbeling. Poster: "Distributed Cooperative Monitoring for Network Anomaly Detection". Future Security 2012 Poster Session. Bonn. September 2012.

2011:

M. Wübbeling. Komfortable Webservice-basierte Lösung zum OSGi-Standard „Remote Services“ mit erweitertem dynamischen Marshalling. Diploma Thesis. TU Dortmund University. August 2011.

Journal articles

2015:

M. Wübbeling. Linux Policy Routing zum sicheren Teilen von OpenVPN-Zugängen. In IT-Administrator. München. Oktober 2015.
M. Wübbeling, S. Wendzel. IT-Sicherheitsmonitoring. In Sicherheitstechnischer Report - Cyber Security Report 2015. No. 1/2015. Mittler Report Verlag GmbH. Bonn. Oktober 2015.

2013:

T. Elsner, A. Sykosch, M. Wübbeling. Kooperatives Monitoring zum Schutz kritischer Infrastrukturen. In Sonderheft "AFCEA 2013". Behörden Spiegel Gruppe. ISBN: 978-3-934401-15-0. Bonn. 2013.