Dr. Matthias Wübbeling

Lecturer

Contact
Phone: +49 228 73-54250
Fax: +49 228 73-54254
Email: matthias.wuebbeling@REMOVETHISPART.cs.uni-bonn.de
PGP public key: 0x4E38E7B6
   
Visitor address: Institute of Computer Science 4
Friedrich-Hirzebruch-Allee 8
D-53115 Bonn
Germany
Postal address: Friedrich-Hirzebruch-Allee 5
Room: 1.016
 

Research

Projects:

with Fraunhofer FKIE:

  • "Monitoring durch Informationsfusion und Klassifikation zur Anomalieerkennung (MonIKA)", funded by Bundesministerium für Bildung und Forschung (BMBF), 2012 - 2014 (Website)
  • "Analyse von Routinganomalien und Gegenmaßnahmen zur Absicherung der Kommunikation über das öffentliche Internet", internal project, 2015 - 2016
  • "Detection of the NSA attack 'Quantuminsert' in enterprise networks", internal project, 2014 - 2015
  • "NSA network attacks beside 'Quantuminsert'", research & developement, 2015 - 2017
  • "Threat Intelligence / Sharing Threat Information", internal project. Since 2017

with University of Bonn:

  • "Erkennung von Fehlkonfiguration im und Angriffen auf das Inter-Domain-Routing", funded by Deutsche Forschungsgemeinschaft (DFG), 2012
  • "IT-Sicherheits Awareness Penetration Testing (ITS.APT)", funded by Bundesministerium für Bildung und Forschung (BMBF), 2015 - 2018 (Website)
  • "Threat Intelligence - Stix2IDS", research & developement, 2014 - 2015
  • "Effektive Information nach Digitalem Identitätsdiebstahl (EIDI)", funded by Bundesministerium für Bildung und Forschung (BMBF), 2017 - 2019 (Website)
  • "Strategic Programs for Advanced Research and Technology in Europe (SPARTA)", 2019 - 2021 (Website)

with TU Dortmund University:

  • "sms&charge", funded by Bundesministerium für Bildung und Forschung (BMBF), 2011 (Website)

Interests:

  • IT and network security.
  • Detection and classification of network anomalies.
  • Analyzation and visualization of effects of and countermeasures against network anomalies.
  • Privacy, pseudonymization and anonymization in global networks (namely the Internet).
  • Digitally signed and encrypted communication and plausible deniability.
  • Microcontroller hacking and programing (arduino).

Teaching

General:

If you are interested in one of the research topics above and would like me to supervise your bachelor or master thesis or lab, do not hesitate to drop me an email or come by my office.

Open Theses:

 

WT 2020:

Lectures:

Master Theses:

  • Investigating MOAS Network Fragmentation from the Perspective of Multiple Distinct Viewpoints [thesis]
  • How to Simulate the Whole Internet in GNS3? [thesis]
  • Use RIPE ATLAS data to investigate prefix hijacking partitions [thesis]

Labs/Projects:

  • Entwicklung eines Veranstaltungsmanagement Tools - VMT (Bachelor PG) [report]
  • Leakchecker Gamification (Bachelor PG) [report]
  • Secure Kubernetes Setup (Master Lab) [report]

 

ST 2020:

Lectures:

Master Theses:

  • Optimizing Kubernetes Cluster Performance [thesis]

Bachelor Theses:

  • Automatisierte Analyse unstrukturierter Identitätsdaten in öffentlich verfügbaren Leaks [thesis]

Labs/Projects:

  • BART in Kubernetes - Modern REST based Infrastructure for BART (BGP Anomaly Research Toolkit) (Master Lab)


WT 2019/20:

Master Theses:

  • Analyzing News Articles for Detecting Identity Leaks Using NLP (Alexander Kuchenbuch) [thesis]

Bachelor Theses:

  • Automatisiertes Monitoring von Identitätsdaten-Leaks zum Schutz universitärer Nutzeraccounts (Calvin Heidermanns) [thesis]

Labs/Projects:

  • SCION and BGP evaluation environment - concept and implementation (Master Lab)

Seminars:

 

ST 2019:

Lectures:

  • Lecture "IT Security" on behalf of Prof. Dr. Meier: "Internet Routing (and anomaly detection)", July 11th.

Bachelor Theses:

  • Datenschutzfreundliche Aktualitätsprüfung von Identitätsdaten bei Online-Diensten (Khosro Tahmasebie) [thesis]

Labs/Projects:

  • Clustered Detection of Routing Anomalies and Calculation of Prefix-Hijacking Consequences (Master Lab; Andy Fano) [report]

 

WT 2018/19:

Labs/Projects:

  • Characteristics of Complex Computer Networks at the example of Inter Domain Networks (Master Lab; Andy Fano) [report]

Seminars:

 

ST 2018:

Lectures:

  • Exercises to "IT Security" (lecture by Prof. Dr. Meier)
  • Lecture "IT Security" on behalf of Prof. Dr. Meier: "Internet Routing (and anomaly detection)", Apr. 19th
  • Lecture "IT Security" on behalf of Prof. Dr. Meier: "Internet Routing (and anomaly detection) - Part II", Apr. 26th

Master Theses:

  • Measuring slotcar performance with automated test runs on race tracks (Lorenzo Pfeifer) [thesis]

Labs/Projects:

  • Cluster Based Computation of Prefix Hijacking Events and Their Consequences (Björn Urban, Christian Zaharia) [report]

 

 

WT 2017/18:

Lectures:

  • Lecture "IT-Sicherheit" on behalf of Prof. Dr. Meier: "Informationstechnik - Computer und Netze", Oct. 26th

Bachelor Theses:

Seminars:


ST 2017:

Lectures:

  • Exercises to "IT Security" (lecture by Prof. Dr. Meier)
  • Lecture "IT Security" on behalf of Prof. Dr. Meier: "Internet Routing (and anomaly detection)", Apr. 20th
  • Lecture "IT Security" on behalf of Prof. Dr. Meier: "Internet Routing (and anomaly detection) - Part II", Apr. 27th

Bachelor Theses:

  • Thunderbird Suchfunktion für GnuPG verschlüsselte E-Mails (Alexander Reiter) [thesis]
  • Analyse und Normalisierung von identitätsbezogenen Daten (Jonas Prämaßing) [thesis]

 

WT 2016/17:

Bachelor Theses:

  • Automatische Konfiguration von Routern zur Umgehung von Routing-Anomalien (Andy Fano) [thesis]

Master Theses:

  • Security Analysis of Autonomic Networking on Cisco gear (Omar Eissa) [thesis]
  • Systeme und Prozesse zum proaktiven Abgleich gestohlener Identitätsdaten unter Beachtung von Datenschutzaspekten (Franz Jaspers, TH Köln) [thesis]

 

ST 2016:

Lectures:

  • Exercises to "IT Security" (lecture by Prof. Dr. Meier)
  • Lecture "IT Security" on behalf of Prof. Dr. Meier: "Internet Routing (and anomaly detection)", Jul. 7th
  • Lecture "IT Security" on behalf of Prof. Dr. Meier: "Internet Routing (and anomaly detection) - Part II", Jul. 14th

Labs/Projects:

  • Consequences caused by Internet Routing Anomalies (Master Lab; Viktor Kaszian)
  • Prefix-Hijacking im Internet - Partitionen (Bachelor PG; Jonas Prämaßing and Alexander Reiter)
  • Carrera: Optimale Geist-Gegner auf Basis von Mikrocontrollern (Bachelor PG; Chris Rattay)

Master Theses:

  • ITS.APT: Infrastructure Provisioning for Human Penetration Testing (René Neff) [undefinedthesis]

Bachelor Theses:

  • ITS.APT: Artefakte und Benutzer-Reaktionen zur Messung von IT-Sicherheitsbewusstsein (Tim Jüliger) [undefinedthesis]
  • Erkennung von gefälschten TCP-Paketen und Ergreifen von Gegenmaßnahmen unter Linux (Lorenzo Pfeifer) [thesis]

Seminars:

 

WT 2015/16:

Labs/Projects:

  • E-Mail-Phishing als technische Komponente zur Messung von IT-Sicherheitsbewusstsein (Bachelor PG; Tim Jüliger and Chris Rattay)


ST 2015:

Lectures:

  • Exercises to "Systemnahe Informatik" (lecture by Prof. Dr. Martini)
  • Exercises to "IT Security" (lecture by Prof. Dr. Meier)
  • Lecture "IT Security" on behalf of Prof. Dr. Meier: "Internet Routing (and anomaly detection)", Apr. 16th
  • Lecture "IT Security" on behalf of Prof. Dr. Meier: "Internet Routing (and anomaly detection) - Part II", Apr. 23rd

 

WT 2014/15:

Labs/Projects:

  • Secure Online and Offline Transactions with Google Glass (Master Lab; Anuschka Clasen, Thomas Maqua, René Neff) [undefinedreport]

Master Theses:

  • Quantuminsert Detection in TOR Environments (Mohiuddin Ebna Kawsar)

Bachelor Theses:

  • Entwicklung eines Frameworks zur Funktionsprüfung von On-Chip-Kryptografie (Maximilian Häring) [undefinedthesis]

 

ST 2014:

Lectures:

Seminars:

Bachelor Theses:

  • Realisierung externer kryptografischer Funktionen für Arduino. (René Neff) [undefinedthesis]
  • Internet-Routing-Situationen mit GNS3 darstellen. (Thomas Trimborn) [undefinedthesis]
  • Aufnahme und Wiedergabe von Tastatur-Eingabesequenzen mittels Arduino Mikrocontroller. (Andreas Fritz) [undefinedthesis]

 

WT 2013/14:

Lectures:

Labs/Projects:

  • Human Intrusion Detection System (Bachelor PG; Andreas Fritz)

Diploma Thesis:

  • Implementierung und Evaluation theoretischer Lösungen zur Verifikation von BGP-Announcements


ST 2013:

Lectures:

Labs/Projects:

  • Entwicklung einer Netzwerk-basierten Infrarot-Fernbedienung (Bachelor PG; Rene Neff and Thomas Trimborn) [undefinedreport] ("Best Presentation Award" (€200) for our undefinedpaper "ARINA - Arduino Remote Infrared Network Adapter" at the CSCUBS Conference. Bonn. 2014)
  • Entwicklung eines Browser-Plugins zur Routenüberwachung (Bachelor PG; Maximilian Häring) [undefinedreport]

Diploma Thesis:

  • Verifikation von BGP-AS-Pfaden anhand von traceroute-basierter Internet-Topologie


 

WT 2012/13:

Lectures:


ST 2012:

Lectures:

Master Thesis:

  • Automatic Classification, Analysis and Evaluation of MOAS Conflicts (Zia Ul Huda)

Bachelor Thesis:

  • Heuristische Klassifikation und Analyse von Topologieinformationen in BGP-Update-Nachrichten zur verteilten computergestützten Erkennung von Anomalien im globalen Internetrouting (Fabian Rump)

Publications

2020:

  • A. Sykosch, C. Doll, M. Wübbeling, M. Meier. Generalizing the Phishing Principle - Analyzing User Behavior in Response to Controlled Stimuli for IT Security Awareness Assessment. In The 15th International Conference on Availability, Reliability and Security (ARES 2020). Virtual Event (Ireland). Aug 2020. [undefinedPDF]
  • T. Malderle, M. Wübbeling, M. Meier. Effektive Warnung bei Identitätsdatendiebstahl an Hochschulen. In: 27. DFN-Konferenz 2020 "Sicherheit in vernetzten Systemen". Hamburg. Feb. 2020 (tba). [PDF]
  • T. Malderle, S. Knauer, M. Lang, M. Wübbeling, M. Meier. Track Down Identity Leaks Using Threat Intelligence. In: Proceedings of the International Conference on Information Systems Security and Privacy (ICISSP 2020). Valletta (Malta). Feb. 2020. [undefinedPDF]

2019:

  • S. Gonscherowski, M. Wübbeling. #dataleak – Wie man Betroffene informiert. In: Hans-Christian Gräfe und Telemedicus e.V.(Hrsg.) Über den Tellerrand - Tagungsband zur Telemedicus Sommerkonferenz 2019. Berlin. 2020. [undefinedPDF]
  • M. Wübbeling. Prefix-Hijacking im Internetrouting - Monitoring, Analyse und Mitigation. University of Bonn. Oct. .2019. [undefinedDissertation]

2018:

  • T. Malderle, M. Wübbeling, S. Knauer, M.Meier. Warning of Affected Users About an Identity Leak. In: A. Madureira, A. Abraham, N. Gandhi, C. Silva, M. Antunes (eds). Proceedings of the Tenth International Conference on Soft Computing and Pattern Recognition (SoCPaR 2018). Advances in Intelligent Systems and Computing. Porto. Dec. 2018. [undefinedPDF]
  • D. Gruss, M. Schwarz, M. Wübbeling, S. Guggi, T. Malderle, S. More, M. Lipp. Use-After-FreeMail: Generalizing the Use-After-Free Problem and Applying it to Email Services. In: ASIA CCS ’18: 2018 ACM Asia Conference on Computer and Communications Security, Incheon, Republic of Korea. June 2018. [undefinedPDF]
  • T. Malderle, M. Wübbeling, S. Knauer, M. Meier. Gathering and Analyzing Identity Leaks for a proactive Warning of affected Users (Short Paper). ACM International Conference on Computing Frontiers 2018. Ischia (Italy). May 8-10. 2018. [undefinedPDF]
  • T. Malderle, M. Wübbeling, S. Knauer, M. Meier. Ein Werkzeug zur automatisierten Analyse von Identitätsdaten-Leaks. In: Langweg, H., Meier, M., Witt, B. C. & Reinhardt, D. (Hrsg.), SICHERHEIT 2018. Bonn: Gesellschaft für Informatik e.V.. pp. 43-54. Konstanz. Apr. 2018. [undefinedPDF]
  • T. Malderle, M. Wübbeling, M. Meier. Sammlung geleakter Identitätsdaten zur Vorbereitung proaktiver Opfer-Warnung. MKWI 2018. Lüneburg. Mar. 2018. [undefinedPDF]

2017:

  • M. Wübbeling, M. Meier. Reclaim Your Prefix: Mitigation of Prefix Hijacking Using IPSec Tunnels. In: Proceedings of IEEE 42nd Conference on Local Computer Networks. Singapore. Oct. 2017 [undefinedPDF]
  • M. Wübbeling, A. Sykosch, M.Meier. Quantum suite - A look inside the NSA toolbox. In: Digitale Gesellschaft zwischen Risikobereitschaft und Sicherheitsbedürfnis. (Tagungsband zum 15. Deutschen IT-Sicherheitskongress). pp 239 - 254. Bonn. May 2017.

2016:

  • M. Wübbeling, M. Meier. Improved Calculation of AS Resilience Against IP Prefix Hijacking. In: Proceedings of IEEE 41st Conference on Local Computer Networks Workshops. Dubai. Nov. 2016 [undefinedPDF]

2015:

  • A. Sykosch, M. Wübbeling. How IT Security Awareness Should be Tested. In: Proceedings of the 10. GI SIG SIDAR Graduate Workshop on Reactive Security (SPRING). Matthias Wübbeling (Ed.). Technical Report SR-2015-01. GI FG SIDAR. Neubiberg/Bonn. July 2015.
  • M. Wübbeling, A. Sykosch. Intelligence Driven Intrusion Detection. In: Proceedings of the 10. GI SIG SIDAR Graduate Workshop on Reactive Security (SPRING). Matthias Wübbeling (Ed.). Technical Report SR-2015-01. GI FG SIDAR. Neubiberg/Bonn. July 2015.
  • A. Sykosch, M. Wübbeling. STIX 2 IDS. Coordinating Attack Response at Internet Scale (CARIS) Workshop. Berlin. June 2015.
  • M. Wübbeling, A. Sykosch, M.Meier. MonIKA: Cooperative IT Security Monitoring for Competing Participants. In: Risiken kennen, Herausforderungen annehmen, Lösungen gestalten (Tagungsband zum 14. Deutschen IT-Sicherheitskongress). pp 427 - 438. Bonn. May 2015. [undefinedslides]

2014:

  • M. Wübbeling, M.Meier. Utilization of Traceroutes to Improve Cooperative Detection of Internet Routing Anomalies. In: Proceedings of 9th Future Security - Security Research Conference. Klaus Thoma, Ivo Häring, Tobias Leismann (Eds.). Berlin. Sep. 2014.
  • T. Kiesling, N. Motsch, H. Kaufmann, M. Wübbeling, T. Elsner, M. Meier. Collaborative Security Monitoring based on the MonIKA Framework for Privacy-Preserving Information Sharing. In: Proceedings of 9th Future Security - Security Research Conference. Klaus Thoma, Ivo Häring, Tobias Leismann (Eds.). Berlin. Sep. 2014.
  • M. Wübbeling. Improved Routing Anomaly Detection to Protect End Users. In: Proceedings of the Ninth GI SIG SIDAR Graduate Workshop on Reactive Security (SPRING). Matthias Meyer (Ed.). Technical Report SR-2014-01. page 6. GI FG SIDAR. Bochum. July 2014.
  • M. Wübbeling, T.Elsner, M. Meier. Inter-AS Routing Anomalies: Improved Detection and Classification. In: Proceedings of 6th International Conference on Cyber Conflict. P. Brangetto, M. Maybaum, J. Stinissen (Eds.). Tallin. June 2014. [undefinedPDF]

2013:

  • P. Roos, P. Schumacher, T. Elsner, M. Wübbeling. Rechtliche Betrachtung von Desinfektionsmaßnahmen zur Botnetzbekämpfung durch Internet-Service-Provider. In: Informationssicherheit stärken – Vertrauen in die Zukunft schaffen (Tagungsband zum 13. Deutschen IT-Sicherheitskongress). pp. 37 – 53. Bonn. May 2013. [undefinedslides]
  • M. Wübbeling. Visibility of Routing Anomalies for End Users. In: Proceedings of the Eight GI SIGSIDAR Graduate Workshop on Reactive Security (SPRING). Christoph Pohl, Sebastian Schinzel, Ste ffen Wendzel (Eds.). Technical Report SR-2013-01, GI FGSIDAR, Munich, Feb. 2013.

2012:

  • T. Elsner, M. Meier, M. Wübbeling. Poster: "Distributed Cooperative Monitoring for Network Anomaly Detection". Future Security 2012 Poster Session. Bonn. Sep. 2012.

2011:

  • M. Wübbeling. Komfortable Webservice-basierte Lösung zum OSGi-Standard „Remote Services“ mit erweitertem dynamischen Marshalling. Diploma Thesis. TU Dortmund University. Aug. 2011.

Magazine articles

2020:

2019:

2018:

2017:

2016:

2015:

2013:

  • T. Elsner, A. Sykosch, M. Wübbeling. Kooperatives Monitoring zum Schutz kritischer Infrastrukturen. In Sonderheft "AFCEA 2013". Behörden Spiegel Gruppe. ISBN: 978-3-934401-15-0. Bonn. 2013. 

    Media presence & Invited Talks

    2020

    2019

    • Invited Talk: "Identity Theft" (International Bulletproofhosting & Botnet Conference. Dec. 2019. Hamburg)

    2018

    • Invited Talk: "Use After Free-Mail" (International Bulletproofhosting & Botnet Conference. Oct. 2018. Bonn)

    2017

    • Invited Talk: "Ransomware - 2 pay or not 2 pay" (Dark Cyber Monday. Bonner Tage für Cybersicherheit. Deutsche Telekom AG, Bonn)

    2015

    2014