University of Hamburg - to research, to teach, to educate and form, to homepage
Computer Networks

Photo: UHH/Denstorf

Computer Networks

Bachelorprojekt Applied IT-Security

Bachelor Project Applied IT-Security

German original title for this course: "Bachelorprojekt Angewandte IT-Sicherheit"

Lecture Objectives and Contents

This bachelor project (taught in German) aims to provide theoretical knowledge and practical experience in applied IT-Security topics.

Course Organization and Availability

Project kickoff: 16. April 2025 (moved)
Wednesday, 2:00 pm, G203 @ Informatikum

Topics

Summer term 2025: Exploring Advanced Tunneling Techniques in Networking

Nowadays, attackers often disguise their communication by tunneling data through familiar protocols like DNS, making it harder to detect malicious activity. While traditional DNS tunneling is easy to spot, newer methods like DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT) make detection much more challenging due to their encrypted nature. Even though Machine Learning-based methods exist for detecting DoH tunneling, these rely mainly on packet sizes and timing – but what happens if those are altered? That's the question we aim to explore.

In this course, you'll dive deep into understanding and developing detection mechanisms for advanced tunneling techniques. Your ultimate goal will be to develop strategies to evade detection while maintaining high data transfer rates. You’ll have the freedom to experiment with any protocol you like, but you’ll also have the option to explore and build upon existing DoH-based evasion techniques.

Ready to take on the challenge and push the boundaries of network security? Enroll on STiNE (No. 64-196).

Summer term 2024: Privacy-Aware Threat Sharing of Cyber-Attacks in Home Networks

An increasing number of cyber-attacks requires fast detection and response to the evolving threat landscape. Intrusion Detection System (IDS) solutions allow one to keep an eye on every event to monitor for suspicious activity. However, most events are irrelevant and require high expertise to evaluate them. Therefore, even experienced people may assess an alert from an IDS as benign. Sharing of cyber threats benefits everyone to discover known attacks more quickly. As the current state of data for Machine Learning (ML) is spare, the generation of such data is necessary to train models.

This course aims to develop a solution for sharing cyber threats based on Federated Learning, whereby anyone can participate in the sharing process. Additionally, the goal is to embed attacks into network traces to create training data for ML models. Lastly, the identified threats should be visualized, and false positives should be fed back to the model.

During the course you will develop different tools that have the following functionality:

  • Sharing of ML-Models using OpenFL across different organizations
  • Generate and embed attacks into network logs to be detectable by IDS Systems
  • User Interface to visualize current threats on the network using data from Tenzir

Summer term 2023: Bot Hunting: Building a High-Interaction Honeypot for SSH, HTTP and Network Telescope

Topic 1: Network Telescope

A Network Telescope is a tool for large-scale network monitoring, capturing and analyzing traffic directed at specific IP addresses. It accepts connection attempts, forwards them to honeypots, and provides scalability, basic configuration, firewall capabilities, and robust data analysis.

  • Large-scale monitoring of network traffic.
  • Accept and analyze connection attempts.
  • Provide scalability, configuration, firewall, and robust data analysis.

Topic 2: SSH (telnet) Honeypot

An SSH Honeypot redirects potential attackers to a simulated SSH server, constraining system resources. It operates in shared or individual modes, with considerations for logging and resource confinement.

  • Redirect potential attackers to a simulated SSH server.
  • Constrain system resources in shared or individual modes.
  • Implement effective logging and resource confinement.

Topic 3: HTTP Honeypot

The HTTP Honeypot imitates a web page, inducing vulnerabilities and dynamically generating subpages per IP address. It logs bot movements, monitors attacks, and integrates with web servers and backend frameworks.

  • Imitate a web page, induce vulnerabilities.
  • Dynamically generate subpages per IP address.
  • Log bot movements, monitor attacks, integrate with web servers and frameworks.

Summer term 2022: Secure, privacy-friendly platform for wearables and health data

Wearable devices like smartwatches are getting increasingly popular, especially in their capacity as health and fitness monitors. As they collect highly sensitive data which can be used to create movement and health profiles of their users, this raises concerns regarding the security and privacy of the collected data.
This term's bachelor project aims to develop a decentralized, collaborative healthcare platform that protects inherently sensitive data while sharing it among authorized users or user groups based on strict access control, allowing for secret sharing and multi-party computation. It will collect sensitive data, e.g., through heart rate monitoring, via a wearable device, and apply varying privacy-preserving techniques to ensure that parties can only see the level of information granted to them. Furthermore, the platform will include a dockerized application layer, providing Docker templates used to build different privacy-preserving applications, such as secure data aggregation and privacy-preserved machine learning. The developed platform will communicate across individual instances and securely exchange data among them.


Therefore, the main components of the system in this project will include:

  • Strong access control (e.g., via a public key infrastructure and secret sharing)
  • A dockerized application layer
  • A communication layer that handles securely exchanging data or machine learning models between individual platform instances

Summer term 2021: Collaborative Home Network Intrusion Detection

With the rising number of insecure IoT devices, home networks arouse interest for cyber criminals. Most people are not aware of security leaks and their consequences. Thus, they are not capable of deciding whether devices are correctly configured or up to date. Due to the current peak of home offices, this also impacts the security of companies.
This term's bachelor project has the goal to develop a collaborative information and intrusion detection system for home networks. It will enable users to get an overview of the security status of their devices, detect (unknown) attacks, and provide users with potential countermeasures. The main component consists of an automated, privacy-preserving exchange of device characteristics and collaborative intrusion detection to detect attacks across networks while keeping personal network information as private as possible. For evaluation purposes, the system should be deployed in a real-world scenario with several home networks, where attacks are injected.

Therefore, the main components of the collaborative home network intrusion detection system in this project will include:

  • Extraction of network characteristics for intrusion detection using the open source intrusion detection system (IDS) Zeek
  • Enabling collaborative intrusion detection to detect (unknown) attacks by applying anomaly detection using Federated Learning (FL)
  • Evaluating the system based on penetration testing

Summer term 2020: Ikum Monitoring and Cyber Defense Platform (IMCDP)

The goal of this term's bachelor project is to build a security monitoring platform for our Informatikum campus. You can connect to a Virtual Private Network (VPN) to volunteer their traffic for analysis. Via the Intrusion Detection System (IDS) Zeek, the traffic will be analysed, e.g., for TLS certificates or other metadata to obtain an overview about the behavior of the devices.
Furthermore, the VPN will offer an optional active vulnerability scanning service, that checks your device for network-based problems and offers tips and tricks to make them more secure.
During this project you will develop multiple component that comprise the Ikum Monitoring and Cyber Defense Platform (IMCDP):

  • Passive and active scanning components based on various security tools such as Zeek, nmap and others
  • A backend for datastorage that stores and processes obtained network data
  • A web-based frontend that present the obtained statistics via charts and other graphic representations

Summer term 2019

Industry production processes are often automated by Programmable Logic Controllers (PLCs). In the "Factory of the Future", these PLCs are going to be connected to robots, smart devices, autonomous vehicles, augmented reality tools and the overall factory network. This increases the attack surface and the damage an attacker can cause, i.e., robots going rogue, vehicles driving into workers or manipulating the production line to produce defective units.
In this project, the students will set up real PLCs, other automation hardware, and a virtualized assembly line via FactoryIO to simulate a part of a factory. Then, possible attacks on the setup should be developed and evaluated, while a part of the student group tries to secure the setup against attacks.
In cooperation with AIRBUS the students will explore the chances and risks of Industry 4.0.
An introduction to the general topic and on PLCs will be given at the beginning of the project. Additionally, students will give presentations on related topics and report on the progress of the project.

Poster

Summer term 2018

A honeypot is an effective tool for network defenders to detect both reconnaissance and ongoing attacks in their networks. Building on the success of last year's bachelor projekt, the task in this year is to enhance the honeypot in various aspects.
For that, a red-team blue-team approach will be used to harden the honeypot and to extend its capabilities. Students in the blue team implement new features and enhance the honeypot, while students in the red team are up to detect the honeypot, to attack, and to compromise it.
Furthermore, the developed honeypots should be also deployable in large-scale, e.g., distributed on the Internet, to detect global threats early on. For that, the participants will develop the infrastructure to interconnect multiple honeypots and to optimally use the available resources for honeypot hosting.
Students will obtain the necessary background on honeypots during an introductory lecture and by giving presentations on related topics to their tasks.

Summer term 2017

Attacks on IT systems increasingly threaten our modern society. As there is no such thing as total security, it is essential to develop resilient systems that can tolerate attacks, detect attacks early on, and heal their impacts as fast as possible.
One technique to detect attacks on networks are honeypots. They represent devices whose sole purpose is to get compromised and to deliver information on attacks. The task of the project is to develop a light-weight medium-interaction network honypot for a small selection of well-known network protocols, e.g., tcp, http, https, smb, or ssh. The honeypot should provide a range of different export functions, so that the gathered information on attacks can be easily analyzed later on.
Students will obtain the necessary background on honeypots during an introductory lecture and by giving presentations on related topics.