photo
Florian SKOPIK
Head of Cyber Security Research @AIT | ISMS Auditor
Mag.rer.soc.oec. Dipl.-Ing. Dr.techn. Dr.rer.soc.oec.
CISSP, CCSP, CISM, CISA, CRISC, CSSLP, GPEN, GCIH, GWAPT, GCFE, GMON, GAWN, GCDA, GICSP, GCTI, GRID, GDSA, GMOB, GCSA, GOSI, GCCC, GCPN, GSOM, CCNP-S, CEH, CIPM, LPIC-1/2/3, ISO27001 LA & others
Current Affiliation: AIT Austrian Institute of Technology
Center for Digital Safety and Security
Email (AIT): firstname.lastname@ait.ac.at
LinkedIn: Profile of Florian Skopik on LinkedIn
ResearchGate: Profile of Florian Skopik
ORCID: 0000-0002-1922-7892
ResearcherID: G-9180-2017

Last updated: March 1st, 2024

This personal page shows my complete scientific track record.
All information on this page is publically available elsewhere and collected here to show a coherent track record.

Flag Counter

[Short CV]
[Research Interests]
[Books]
[Research Videos]
[Research Projects]
[Publications]
[Students & Lecturing]
[Professional Activities]
[Certifications]
[Patents]

Valid HTML 4.01 Transitional

Short CV
Florian Skopik is Head of the Cyber Security Research Program at the Austrian Institute of Technology (AIT) with a team comprising around 30 people. He spent 10+ years in cyber security research, before, and partly in parallel, another 15 years in software development. Nowadays, he coordinates national and large-scale international research projects, as well as the overall research direction of the team. His main interests are centered on critical infrastructure protection, smart grid security and national cyber security and defense. Since 2018, Florian is further certified ISO 27001 Lead Auditor, ISO 27018 Auditor and ISO27701 Auditor for the company CIS GmbH, where he audits information security management systems of Austrian organizations. He is further appointed auditor for operators of essential services (NISG §17(3)) and authorized to audit systems on behalf of CIS GmbH and B-SEC better secure KG. As court certified expert ("Allgemein beeideter und gerichtlich zertifizierter Sachverständiger") he is authorized to give advisory opinions on legal questions concerning IT Security and data security at court.

Before joining AIT, Florian was with the Distributed Systems Group at the Vienna University of Technology as a research assistant and post-doctoral research scientist from 2007 to 2011, where he was involved in a number of international research projects dealing with cross-organizational collaboration over the Web. In context of these projects, he also finished his PhD studies. Florian further spent a sabbatical at IBM Research India in Bangalore for several months. He published more than 125 scientific conference papers and journal articles (h-index = 30) and holds around 50 industry recognized security certifications, including CISSP, CISM, CISA, CRISC, and CCNP Security. In 2017 he finished a professional degree in Advanced Computer Security at the Stanford University, USA. In parallel to his studies, he worked for numerous SMEs as firmware developer for microcontroller systems for about 15 years (see legacy projects; current projects).

Florian is member of various conference program committees (e.g., ACM SAC, ARES, CRITIS and EICC), editorial boards (e.g., IEEE Transactions on Dependable and Secure Computing) and standardization groups, such as ETSI TC Cyber, IFIP TC11 WG1, and OASIS CTI. He frequently serves as reviewer for numerous high-profile journals, including Elsevier's Computers & Security and ACM Computing Surveys (CSUR). He is registered subject matter expert of ENISA (ENISA M-CEI-17-T01) in the areas of new ICTs and emerging application areas as well as Critical Information Infrastructure Protection (CIIP) and CSIRTs cooperation. As invited reviewer he evaluates research project proposals for numerous national research funding agencies, including the Austrian agency for international mobility and cooperation in education (OEAD), the Czech Science Foundation and the European Science Foundation (ESF), and the EC's Horizon 2020 programme (EX2017D307167). Additionally, he works occasionally as assessor for the Agency of Quality Assurance (AQ Austria) to serve in the accreditation process of cyber security programmes at universities of applied sciences (FHs).

In his career, he gave several keynote speeches, organized scientific panel discussions at flagship conferences, such as a smart grid security panel at the IEEE Innovative Smart Grid Technologies (ISGT) conference in Washington D.C., and acted as co-moderator of the National Austrian Cyber Security Challenge 2017 and 2021, and as jury member of the United Nations Cyber Security Challenge 2019. He is SANS enthusiast, participated in several SANS weeks and supported SANS Vienna 2020 and SANS Munich 2020 as a moderator. As cyber security expert, he holds numerous GIAC certifications specifically in the DFIR area (digital forensics and incident response). He participates in NetWars CTFs and as winner of the SANS FOR500 Forensics Challenge as well as FOR578 CTI challenge he is recognized SANS Lethal Forensicator Coin holder. Florian is Member of the GIAC Advisory Board.

Florian is IEEE Senior Member, Senior Member of the Association for Computing Machinery (ACM), Member of (ISC)2, Member of ISACA and Member of the International Society of Automation (ISA).

Research Interests
Download my research statement as pdf here.

Collaborative Cyber Security and Defence
The Internet threat landscape is fundamentally changing. A major shift away from hobby hacking towards well-organized cyber crime can be observed. These attacks are typically carried out for commercial reasons in a sophisticated and targeted manner, and specifically in a way to circumvent common security measures. Additionally, networks have grown to a scale and complexity, and have reached a degree of interconnectedness, that their protection can often only be guaranteed and financed as shared efforts. Consequently, new paradigms are required for detecting contemporary attacks and mitigating their effects. My research regarding collaborative cyber security and defence is centred on three key questions:


Topic-1: SPOTTING APTs AND NEW ATTACK VECTORS USING ANOMALY DETECTION

An advanced persistent threat (also known as APT) is a deliberately slow-moving cyberattack that is applied to quietly compromise interconnected information systems without revealing itself. APTs often use a variety of attack methods to get unauthorized system access initially and then gradually spread throughout the network. In contrast to traditional attacks, they are not used to interrupt services but primarily to steal intellectual property, sensitive internal business and legal documents and other data. If an attack on a system is successful, timely detection is of paramount importance to mitigate its impact and prohibit APTs from further spreading. However, recent security incidents, such as Operation Shady Rat, Operation Red October or the discovery of MiniDuke - just to name a few - have impressively demonstrated that current security mechanisms are mostly insufficient to prohibit targeted and customized attacks.

Research Focus: Research is centred on a novel anomaly detection approach, called AECID, which applies different machine learning techniques to learn a model of the system (usage) behaviour. The AECID approach digests system log data to keep track of system events, their dependencies and occurrences, and thus learns the normal system behaviour over time and points out actions that differ from the learned system model.

Research Methodology: New algorithms are designed and subsequently tested on data obtained from real or simulated attack cases to rate their feasibility. Empirical studies carried out in testbeds support the evaluation process.

Contributions: Numerous machine learning algorithms have been proposed, implemented and published -- most of them also patented. Compared to the state of the art, these algorithms are designed to digest log data (in contrast to network packets or numerical data), thus they are able to handle sequentially produced text lines of unknown form and structure, preferably in real-time and a single-pass manner.

Top-5 Publications:


Topic-2: INFORMATION SHARING & THREAT INTELLIGENCE EXCHANGE

Today, many attack detection tasks are performed within individual organizations, and there is little cross-organizational information sharing. However, the timely exchange of information on new threats and vulnerabilities is a cornerstone of effective cyber defence. Especially national authorities are taking a vital role as information brokers through national cyber security centres and distribute warnings on new attack vectors and vital recommendations on how to mitigate them. information sharing is a crucial step to acquiring a thorough understanding of large-scale cyber-attack situations and is therefore seen as one of the key concepts to protect future networks. Discovering covert cyber attacks and new malware, issuing early warnings, advice about how to secure networks, and selectively distribute threat intelligence data are just some of the many use cases. Although many of these initiatives are effective to some degree, they also suffer from severe limitations. Many steps in the exchange process require extensive human involvement to manually review, vet, enrich, analyse and distribute security information. Some countries have therefore started to adopt distributed cyber security sensor networks to enable the automatic collection, analysis and preparation of security data and thus effectively overcome limiting scalability factors. The basic idea of IoC-centric cyber security sensor networks is that national authorities distribute Indicators of Compromise (IoCs) to organizations and receive sightings in return. This effectively helps them to estimate the spreading of malware, anticipate further trends of spreading and derive vital findings for decision makers.

Research Focus: My research is centred on how to make information sharing more efficient, by creating an appropriate mindset of involved stakeholders, establishing effective procedures and employing feasible technology.

Research Methodology: In this topic I apply a mix of methods, including desk research, structured interviews with experts from national authorities and CERTs, as well as empirical studies, and proof-of-concept-driven evaluations.

Contributions: A number of information sharing protocols (in accordance with the State-of-the-Art, such as STIX), collaboration models, and platforms, as well as strategies and processes to perform information exchange have been proposed. Newer work includes the design of cyber security sensors to make the creation of threat intelligence more applicable.

Top-5 Publications:


Topic-3: CYBER SITUATIONAL AWARENESS, INCIDENT HANDLING AND ATTACK ATTRIBUTION

National cyber security centres (NCSCs) are gaining more and more importance to ensure the security and proper operations of critical infrastructures. As a prerequisite, NCSCs need to collect, analyse, process, assess and share security-relevant information from infrastructure operators. A vital capability of mentioned NCSCs is to establish Cyber Situational Awareness (CSA) as a precondition for understanding the security situation of critical infrastructures. Knowing which products possess vulnerabilities, what services are affected, which tools and techniques are applied and what threat actors are out there is important for proper risk assessment and subsequent reduction of potential attack surfaces at national level. Moreover, the attribution of cyber attacks is often neglected. The consensus still is that little can be done to prosecute the perpetrators (and unfortunately, this might be right in many cases). What is however only of limited interest for the private industry is in the centre of interest for nation states. Investigating if an attack was carried out in the name of a nation state is a crucial task for secret services. Many methods, tools and processes exist for network- and computer forensics that allow the collection of traces and evidences. They are the basis to associate adversarial actions with threat actors. However, a serious problem which has not got the appropriate attention from research yet, are false flag campaigns, cyber attacks which apply covert tactics to deceive or misguide attribution attempts (either to hide traces or to blame others).

Research Focus: My research focuses on novel models for establishing cyber situational awareness, in particular, what information is required by national authorities to carry out their tasks and how can this information be efficiently collected. It is crucial to present relevant information and analysis findings to decision makers without influencing their decision.

Research Methodology: Most of my research involves user studies, structured interviews and applied tests with user groups in course of cyber security games. These are appropriate means to evaluate which methods, e.g. to aggregate information or visualize a cyber security situation, are received best and appropriately support security processes.

Contributions: Numerous approaches to create context-specific common operational pictures have been proposed and evaluated with Proof-of-Concept implementations. Furthermore, analytical concepts to create higher-level information from low-level data (such as log data and anomaly detection output) have been proposed.

Top-5 Publications:
Books

AMiner Book cover     Smart Log Data Analytics: Techniques for Advanced Security Analysis (2021)

This book provides insights into smart ways of computer log data analysis, with the goal of spotting adversarial actions. It is organized into 3 major parts with a total of 8 chapters that include a detailed view on existing solutions, as well as novel techniques that go far beyond state of the art. The first part of this book motivates the entire topic and highlights major challenges, trends and design criteria for log data analysis approaches, and further surveys and compares the state of the art. The second part of this book introduces concepts that apply character-based, rather than token-based, approaches and thus work on a more fine-grained level. Furthermore, these solutions were designed for "online use", not only forensic analysis, but also process new log lines as they arrive in an efficient single pass manner. An advanced method for time series analysis aims at detecting changes in the overall behavior profile of an observed system and spotting trends and periodicities through log analysis. The third part of this book introduces the design of the AMiner, which is an advanced open source component for log data anomaly mining. The AMiner comes with several detectors to spot new events, new parameters, new correlations, new values and unknown value combinations and can run as stand-alone solution or as sensor with connection to a SIEM solution. More advanced detectors help to determines the characteristics of variable parts of log lines, specifically the properties of numerical and categorical fields.

Skopik F., Wurzenberger M., Landauer M.: Smart Log Data Analytics: Techniques for Advanced Security Analysis, Springer, 2021, ISBN: 978-3-030-74449-6.
Link: https://www.springer.com/gp/book/9783030744496
Order on Amazon: https://www.amazon.de/Smart-Log-Data-Analytics-Techniques/dp/3030744493/


CISA Book cover     Cyber Situational Awareness in Public-Private-Partnerships: Organisationsübergreifende Cyber-Sicherheitsvorfälle effektiv bewältigen (2018) [in German]

Mit dem Inkrafttreten der NIS Richtlinie haben die EU-Mitgliedsstaaten den Grundstein für all jene Strukturen gelegt, die Cyber Security langfristig gewährleisten sollen. Eine besondere Bedeutung kommt dabei den geplanten NIS Behörden zu, die als Informationsdrehscheiben zwischen privaten Anbietern kritischer Dienstleistungen und staatlichen Einrichtungen fungieren sollen. Gleichzeitig birgt dieser wichtige Schritt eine ganze Reihe neuer Herausforderungen für alle Unternehmen, die kritische Infrastrukturen betreiben oder digitale Dienste bereitstellen. Durch die interdisziplinäre Verknüpfung technischer, organisatorischer und rechtlicher Aspekte stellt das Buch gekonnt die Komplexität der Thematik dar und liefert gleichzeitig zahlreiche Vorschläge zur Umsetzung der Richtlinien zur Cyber-Sicherheit. Entscheidungsträger in Organisationen und Führungskräfte, die mit den Restrukturierungen betraut sind, finden in dem Buch einen wertvollen Handlungsleitfaden. Auch Studenten des Security Managements und ähnlicher Fachbereiche, die sich einen Überblick über die Thematik verschaffen möchten, dient das Buch als wichtige Informationsquelle.

Skopik F., Pahi T., Leitner M.: Cyber Situational Awareness in Public-Private-Partnerships: Organisationsübergreifende Cyber-Sicherheitsvorfälle effektiv bewältigen, Springer, 2018, ISBN: 978-3-662-56083-9.
Link: https://www.springer.com/de/book/9783662560839
Order on Amazon: https://www.amazon.de/dp/3662560836/


CTI Book cover     Collaborative Cyber Threat Intelligence: Detecting and Responding to Advanced Cyber Attacks at the National Level (2017)

Threat intelligence is a surprisingly complex topic that goes far beyond the obvious technical challenges of collecting, modelling and sharing technical indicators. Most books in this area focus mainly on technical measures to harden a system based on threat intel data and limit their scope to single organizations only. This book provides a unique angle on the topic of national cyber threat intelligence and security information sharing. It also provides a clear view on ongoing works in research laboratories world-wide in order to address current security concerns at national level. It allows practitioners to learn about upcoming trends, researchers to share current results, and decision makers to prepare for future developments.

Skopik F.: Collaborative Cyber Threat Intelligence: Detecting and Responding to Advanced Cyber Attacks at the National Level, CRC Press, 2017, ISBN: 978-1-13-803182-1.
Link: https://www.crcpress.com/Collaborative-Cyber-Threat-Intelligence-Detecting-and-Responding-to-Advanced/Skopik/p/book/9781138031821
Order on Amazon: https://www.amazon.com/Collaborative-Cyber-Threat-Intelligence-Responding/dp/1138031828


Smart Grid Security Book cover     Smart Grid Security - Innovative Solutions for a Modernized Grid (2015)

The Smart Grid security ecosystem is complex and multi-disciplinary, and relatively under-researched compared to the traditional information and network security disciplines. While the Smart Grid has provided increased efficiencies in monitoring power usage, directing power supplies to serve peak power needs and improving efficiency of power delivery, the Smart Grid has also opened the way for information security breaches and other types of security breaches. Potential threats range from meter manipulation to directed, high-impact attacks on critical infrastructure that could bring down regional or national power grids. It is essential that security measures are put in place to ensure that the Smart Grid does not succumb to these threats and to safeguard this critical infrastructure at all times.

Skopik F., Smith P.: Smart Grid Security - Innovative Solutions for a Modernized Grid, Elsevier Science Publishing, 2015, ISBN: 978-0-12-802122-4.
Link: http://www.elsevier.com/books/smart-grid-security/skopik/978-0-12-802122-4
Order on Amazon: http://www.amazon.com/Smart-Grid-Security-Innovative-Modernized/dp/0128021225


CAIS Book cover     Cyber Attack Information System (2015) [in German]

In den letzten Jahren hat sich das Internet schnell zu einem massiven wirtschaftlichen Betätigungsfeld entwickelt, leider auch für illegale Unternehmungen. Das Ausnutzen von Schwachstellen in IKT-Systemen ist inzwischen ein profitables Geschäftsmodell. Das staatlich geförderte Forschungsprojekt CAIS beschäftigte sich deshalb mit der Implementierung eines Cyber Attack Information Systems auf nationaler Ebene mit dem Ziel, die Widerstandsfähigkeit der heutigen vernetzten Systeme zu stärken und ihre Verfügbarkeit und Vertrauenswürdigkeit zu erhöhen. Hauptziele dieses Projektes waren die Identifizierung der künftigen Cyber-Risiken und -Bedrohungen, die Untersuchung neuartiger Techniken zur Anomalieerkennung, die Entwicklung modularer Infrastrukturmodelle und agentenbasierter Simulationen zur Risiko- und Bedrohungsanalyse, und schließlich die Analyse und mögliche Umsetzung eines nationalen Cyber Attack Information Systems.

Leopold H., Bleier T., Skopik F.: Cyber Attack Information System, Springer, 2015, ISBN: 978-3-662-44305-7.
Link: http://www.springer.com/de/book/9783662443057


HPS Book cover     Socially Enhanced Services Computing (2011)

Socially enhanced Services Computing deals with a novel and exciting new field at the intersection between Social Computing, Service-oriented Computing, Crowd Computing, and Cloud Computing. The present work presents a collection of selected papers by the editors of this volume, which they feel will help the reader in understanding this field. The approach discussed allows for a seamless integration of people into trusted dynamic compositions of Human-provided Services and Software-based services, thus empowering new interaction models and processes in massive collaboration scenarios in a Future Internet.

Dustdar, S., Schall, D., Skopik, F., Juszczyk, L., Psaier, H.: Socially Enhanced Services Computing, Springer, 2011, ISBN: 978-3-7091-0812-3.
Link: http://www.springer.com/en/book/9783709108123




Research Videos

    Taranis_AI

Taranis AI is an advanced Open-Source Intelligence (OSINT) tool, leveraging Artificial Intelligence to revolutionize information gathering and situational analysis.

Further information on the Taranis_AI Website; Software available on Github.

Credits go to Peter Leitmann for recording the video.
Published online on March 01st, 2024 on the Taranis_AI Website.

    KoordTool

The KoordTool was developed within the scope of the project ACCSA (Austrian Cyber Crisis Support Activities), a research project funded by the FFG (Austrian Research Promotion Agency). The tool has been improved within the scope of AWAKE, a project co-financed by the Connecting Europe Facility (CEF) of the European Union. The tool can be downloaded from https://github.com/ait-cs-IaaS/koord2ool. Contributions are welcome!

Software available on Github.

Credits go to Manuel Warum for recording the video.
Published online on September 09th, 2022 on Youtube.

    AECID Demo - Anomaly Detection with AMiner and Reporting to IBM QRadar

This video introduces the AMiner as a log-based anomaly detection tool. The AMiner allows to create pipelines for collecting, parsing, filtering, and analyzing log data. Thereby, the pipeline can be individually configured using modules from the ÆCID toolbox (https://aecid.ait.ac.at/), including parsing models, detectors, and interfaces to established standards such as message queues. In the video, we briefly outline the theoretical background of AMiner's efficient log parsing and anomaly detection approach and then demonstrate its practical application in a scenario involving an attack on a Horde Webmail web server (CVE-2019-9858). Finally, the disclosed anomalies are viewed in IBM's QRadar SIEM.

Further information on the AECID Webpage; Software available at Github.

Credits go to Max Landauer for recording the video.
Published online on May 11th, 2020 on Youtube.

   

AMiner Demo: MQTT Security and AMiner Anomaly Detection

This video gives a short introduction to a demonstrator developed within the IoT4CPS project. This demonstrator integrates the logdata-anomaly-miner (AMiner) in a small testbed, consisting of a cyber-physical system (a robotic arm) and IoT devices communicating via MQTT. It shows the benefits of using anomaly detection and security measures in a CPS / IoT environment.

Further information on the AECID Webpage; Software available at Github.

Credits go to Arndt Bonitz for recording the video.
Published online on November 06th, 2019 on Youtube.

   

AECID Demo - Logdata Anomaly Miner (AMiner)

This video shortly introduces the logdata-anomaly-miner (AMiner) and its capabilities. The component allows to create log analysis pipelines to analyze log data streams and detect violations or anomalies. It can be run from console, as daemon with e-mail alerting and interfacing message queues or embedded as library into own programs. It was designed to run the analysis with limited resources and lowest possible permissions to make it suitable for production server use. Analysis methods demonstrated in this video include: (i) Pattern detection similar to logcheck but with extended syntax and options (open-source), (ii) ComboDetector for the detection of new data elements (IPs, user names, MAC addresses) and their combined occurrences (open-source), (iii) VariableTypeDetector for statistical anomalies of parameter values, distributions, and frequencies (not open-source), (iv) CorrelationDetector for generating and checking event correlation rules (not open-source). The tool is suitable to replace logcheck but also to operate as a sensor feeding a SIEM.

Further information on the AECID Webpage; Software available at Github.

Credits go to Max Landauer for recording the video.
Published online on October 07th, 2019 on Youtube.

   

CAIS - Cyber Attack Information System (in German)

An advanced persistent threat (also known as APT) is a deliberately slow-moving cyber-attack that is applied to quietly compromise interconnected information systems without revealing itself. APTs often use a variety of attack methods to get unauthorized system access initially and then gradually spread throughout the network. In contrast to traditional attacks, they are not used to interrupt services but primarily to steal intellectual property, sensitive internal business and legal documents and other data. If an attack on a system is successful, timely detection is of paramount importance to mitigate its impact and prohibit APTs from further spreading. However, recent security incidents, such as Operation Shady Rat, Operation Red October or the discovery of MiniDuke - just to name a few - have impressively demonstrated that current security mechanisms are mostly insufficient to prohibit targeted and customized attacks.

This talk provides an overview of the research cluster CAIS and software solution's portfolio spanning from tools to detect advanced mutli-stage attacks using AECID, the mitigation and appropirate response to current issues using CAESAIR and the proactive improvement of preventive security measures using BAESE. An overview of this solutions portfolio can be downloaded as pdf.

Published online on March 20th, 2016 on Youtube.
   

CAESAIR - Collaborative Analysis Engine for Situational Awareness and Incident Response

CAESAIR is a cyber threat intelligence solution designed to provide analytical support for security experts carrying out IT incident handling tasks on a local, national or international level. Thanks to its powerful correlation capability, CAESAIR provides analysts with the necessary support to handle reported incident information. It aggregates and examines intelligence acquired from numerous Open Source INTelligence (OSINT) feeds; it quickly identifies related threats and existing mitigation procedures; it allows to establish cyber situational awareness by keeping track of security incidents and threats affecting the monitored infrastructures over time.

CAESAIR was designed, developed and demonstrated in the European FP7 research project ECOSSIAN and is further developed together with major industry partners and national bodies.

Published online on December 16th, 2016 on Youtube.
   

AECID - Automatic Event Correlation for Incident Detection

With the emergence of comprehensive ICT networks and their increasing interconnection, number of participants and access points, attack surfaces and vectors multiply. Specifically, advanced persistent threats (APTs), which are targeted and highly customized attacks against organizational assets, pose serious security threats. However, typical security systems that are applied in today's ICT networks, including malware scanners and intrusion detection systems, apply common black-list approaches, which consider only actions and behavior that match to well-known attack patterns and signatures of malware traces. We argue that for future critical infrastructures, a more restrictive approach, that cannot be circumvented by customized malware, will increase the security level tremendously.

Therefore, AECID ("automatic event correlation for incident detection") applies a smart white-list approach. Our anomaly detection technique keeps track of system events, their dependencies and occurrences, to learn the "normal" system behavior over time and reports all actions that differ from a dynamically created system model. The application of such a system is specifically promising in control networks, as applied in the emerging smart grid, which mostly implement well-specified processes, resulting in rather predictable and static behavior.

Published online on April 15th, 2014 on Youtube.


Research Projects and Awarded Grants

Current Projects

  1. Adapting Cyber Awareness for Evolving Computing Environments (NEWSROOM), 2023 - 2025. Contributor (F.Skopik, AIT). [EU Factsheet]
    European Defence Fund (EDF) 2021 [Call: EDF-2022-RA-CYBER-CSACE: Adapting cyber situational awareness for evolving computing environments].
    Abstract: The main ambition of the NEWSROOM project is to overcome the current limitations of cyber situational awareness (CSA), by studying all relevant CSA aspects, and designing an integrated CSA platform combining data insights. In addition, collaborative intrusion detection for attack classification and cyber threat intelligence (CTI) respecting military standards regarding information security and confidentiality will also be taken into consideration. Finally, the project will identify relevant applicable scenarios for CSA technologies in cyber defence, which will be validated in cyber range environments to enable realistic conditions for testing CSA solutions, processes and training of military staff

  2. EUropean Cyber and INFormation warfare toolbox (EUCINF), 2023 - 2025. Task Leader (F.Skopik, AIT). [EU Factsheet]
    European Defence Fund (EDF) 2022 [Call: EDF-2022-DA-CYBER-CIWT: Cyber and information warfare toolbox].
    Abstract: The project EUCINF will study, design, prototype, test and demonstrate cutting-edge capabilities in the domain of Cyber and Information Warfare through a toolbox, i.e. a holistic system which embeds a coherent set of components, an interoperability Framework and its associated Testbed, and a Store able to host components and their associated metadata.

  3. AI Framework for Improving Cyber Defence Operations (AInception), 2022 - 2024. Work Package Leader (F.Skopik, AIT). [EU Factsheet]
    European Defence Fund (EDF) 2021 [Call: Cyber threat intelligence and improved cyber operational capabilities].
    Abstract: AInception will seek to improve cyber defence operations by using AI-based tools and techniques. The project "AI Framework for Improving Cyber Defence Operations"(AInception) aims at developing Artificial Intelligence-based intrusion detection tools and techniques that outperform current military systems for selected scenarios and techniques that can abstract, aggregate, enrich and contextualise alerts into a more manageable set of abstracted meta-alerts.

  4. Cyber situational awareness for collaborative knowledge and joint preparedness (AWAKE), 2021 - 2024. Coordinator (F.Skopik, AIT).
    European project funded by the Connecting Europe Facility (CEF) in Telecom instrument, 2020-AT-IA-0254.
    Abstract: The project AWAKE aims at creating a collaboration-driven Cyber Situational Awareness (CSA) that enables multiple stakeholders to cooperate and share information on cyber incidents and crises at operational level. In the project two main pillars are developed that will reinforce the coordinated response: (1) Inter-organizational cyber security case management for shared CSA is developed that enables an automated operative CCOP at Member State level. AWAKE will integrate also ongoing activities (e.g., standard operating procedures) within the Cyber Crises Liaison Organisation Network (CyCLONe) and the CSIRT Network (CNW). (2) The collaboration and situation-dependent completion of the Common Cyber Operational Picture (CCOP) is implemented. Incident or crises coordinators, such as National Cyber Security Centers (NCSCs) can direct inquiries to certain communities, including operators of essential services, to learn about the distribution and impact of an issue, and gather relevant information for operational CCOPs.

Past Projects

  1. Konzeption eines IOC basierten Frühwarnsystems (KONSTANZE) (en: Concept for an IoC-based early warning system), 2022 - 2023. Consultant (F.Skopik, AIT).
    Direct contract handled by the Bundesbeschaffungsgesellschaft (BBG).
    Abstract: Through the NIS Act, the Federal Ministry of the Interior was tasked with developing proactive ICT solutions that identify risks and incidents from network and information systems at an early stage. In the course of this, the AIT was commissioned to design a concept for an early warning system based on Indicators of Compromise (IOC). The primary goal is the early detection of threats in computer networks, as well as an effective exchange of information with the stakeholders of the NIS Act. Inspired by European pioneers such as Finland, Germany and Spain, who have already implemented similar systems, a high-level architecture was developed. The requirements of the various stakeholders, such as the BMI, the CERT/CSIRTs and in particular the public administration institutions and the operators of essential services as users of the solution, were collected through workshops, interviews and a large-scale survey. The concept was gradually optimized. The diverse technical and organizational options for both implementation and operation were examined in detail. These were assessed using in-depth, multi-layered risk and opportunity management. As a result, we presented a high-level architecture that serves as the core of the concept. The concept also includes a plan for phased rollout as well as detailed technical and organizational aspects for implementation and operation and has been prepared for further awarding to potential solution providers and implementers.

  2. Cyber Security MONITORING and LOGGING Best Practice Guidance (CyberMonoLog), 2022 - 2023. Coordinator (F.Skopik, AIT). [Overview Poster]
    National research project funded by the FFG in course of the KIRAS security research programme.
    Abstract: The aim of the project is to develop best practices for cyber security monitoring and logging based on known attack techniques (MITRE ATT&CK). The research question is therefore which data sources have to be analyzed with which methods (ranking) in order to identify the most relevant attack techniques with the economic use of resources. The results of the project should be best practice guidelines for the implementation of a monitoring strategy of SMEs and operators of essential services. The guidelines will be based on the known state of the art and the applicability of the results will be ensured by cross-validation with external stakeholders as well as applicants, authorities and experts from CERT.at. Legal aspects (data protection, labor law issues) are taken into account.

  3. Single Device for Multiple Security Domains - Technische Machbarkeitsstudie und Validierung (SD4MSD), 2021 - 2023. Coordinator (F.Skopik, AIT). [Overview Poster]
    National research project funded by the FFG in course of the FORTE security research programme.
    Abstract: The hardware and software requirements for ICT equipment for military use in the field are extremely high in terms of robustness, reliability and security. The end devices should be able to be used at short intervals, specific to the mission, in multiple security domains, and the soldier must be able to rely on the functionality and integrity of ICT devices that were previously used in other missions, at all times. The company MUSE develops an independent cyber-physical architecture for a robust tablet. A prototype has been created based on industrial design and reinforced plastics, which is also resistant to electromagnetic attacks The project SD4MSD builds on these results and develops an innovative, comprehensive security concept for further hardware-related, but above all Software-based hardening of the mobile device, such as hardware security gateways that regulate the flow of data between the components, as well as authentication mechanisms using cryptography and signature processes with the software running on the platform to ensure integrity. SD4MSD creates a modular system architecture for multiple purposes and develops methods for a comprehensible validation of the overall concept in the form of a demonstrator.

  4. DEtection and Handling of CybEr-Physical Attacks (DECEPT), 2020 - 2023. Coordinator (F.Skopik, AIT).
    National research project funded by the FFG in course of the ICT of the Future research programme.
    Abstract: While there exist numerous behavior-based anomaly detection approaches for enterprise-IT security, they are not easily applicable to other domains, e.g. embedded systems and IoT. They are usually highly optimized for specific purposes, are tightly bound to domain-specific technologies and rely on a specific syntax of investigated data or events. DECEPT will provide a generally applicable cross-domain anomaly detection approach, that monitors unstructured textual event data (i.e., log data of any form, encoding, size or frequency), and implement unsupervised self-learning, which supports applications in different independent domains. To emphasize general applicability, a parser generator will be developed that applies unsupervised self-learning to establish a model of normal system behavior on top of observed system events, which then can be leveraged to detect anomalies that manifest in deviations from that baseline. Furthermore, a concept for unsupervised anomaly detection will be designed, implemented and validated that applies machine learning techniques, correlation rules, time series analysis and statistical rules that will be automatically generated and afterwards evaluated with a smart rule generator and evaluator. DECEPT's general and cross-domain applicability will be demonstrated in the domains of (i) Enterprise IT security and (ii) Embedded Systems/IoT security. Concrete proof of concepts to be realized are anomaly detection for Web-server landscape security and IT-supported facility security. In light of the GDPR, technical developments will be supervised by a legal expert to aid the later potential commercial exploitation of DECEPT.

  5. Strengthening Cybersecurity Capacities in Georgia (CSC Georgia), 2020 - 2023. WG Member (F.Skopik, AIT).
    Twinning Ref.: GE 18 ENI JH 01 20 in course of the programme EU4 Security, Accountability and Fight against Crime in Georgia (SAFE), ENI/2018/041-443 Direct Management.
    Abstract: The overall objective of the project is to strengthen Georgia's preparedness and resilience towards cyber threats and attacks, by capacity building of Georgian stakeholders and creating enabling cybersecurity frameworks, in line with the EU's approach, standards, and relevant legal and policy framework, notably but not limited to the NIS Directive.

  6. Cyber Defence Platform for Real-time Threat Hunting, Incident Response and Information Sharing (PANDORA), 2020 - 2022. Contributor (F.Skopik, AIT). [EU Factsheet]
    European Defence Industrial Development Programme (EDIDP) 2019 [Call].
    Abstract: The PANDORA project aims at contributing to EU cyber defence capacity building, by designing and implementing an open technical solution for real-time threat hunting and incident response, focusing on endpoint protection, as well as information sharing. The PANDORA system aims also to promptly detect and classify known and unknown threats, enforce policies on-the-fly to counter these threats, and also exchange threat intelligence information with third parties, at both national and international level. The technical solution developed in PANDORA will be integrated and assessed in a pre-operational environment against two relevant use cases: warship security and military sensor network security.

  7. MALware cOmmunication in cRitical Infrastructures (MALORI), 2020 - 2022. Work Package Leader (F.Skopik, AIT).
    National research project funded by the FFG in course of the KIRAS security research programme.
    Abstract: The project MALORI investigates new techniques for hidden malware communication in critical infrastructures such as encryption and network steganography (covert and subliminal channels) and explores suitable methods to detect and contain hidden malware communication. In terms of detection methods, MALORI sets particular emphasis on the investigation of opportunities and challenges of machine learning based algorithms. As part of a structured in-depth analysis of malware, including theoretical models for hidden communication according to the state of art, existing and potential future attack possibilities for specific critical infrastructures are defined as use cases. Based on those scenarios new detection and containment methods are developed. Recommendations are formulated to assess and minimize new threats by protocols. A holistic detection approach aims at combining data from various sources for a more comprehensive evaluation and consideration of context to improve classification and detection performance. The developed methods will be also evaluated with regard to their robustness against active manipulation, extending the research in the field of adversarial machine learning.

  8. Cyber Attack Decision and Support Platform - Technische Machbarkeitsstudie und Validierung (CADSP), 2019 - 2022. Coordinator (F.Skopik, AIT). [Overview Poster]
    National research project funded by the FFG in course of the FORTE security research programme.
    Abstract: The aim of CADSP is the scientifically sound conception and prototypical evaluation of a Cyber Attack Decision and Support Platform (CADSP) for selected BMLV (Federal Ministry of Defense) use cases and defined processes for Cyber Incident Responses especially in the military domain. For that purpose, CADSP should investigate which data sources are suitable in the selected application scenario in order to provide sufficiently accurate information for assessing the current security status of an infrastructure and cyber attacks taking place. Building on this, a suitable user interface and situation visualization are generated that optimally support the Cyber Incident Response process. The project aims to ensure that user-centered support in the form of a software prototype demonstrably enhances situational awareness and thereby the ability of military users to act appropriately.

  9. A cybersecurity framework to GUArantee Reliability and trust for Digital service chains (GUARD), 2019 - 2022. Contributor (F.Skopik, AIT).
    EU Innovation Action. H2020-SU-ICT-2018-2020; Grant agreement no: 833456
    Abstract: Evolving business models are progressively reshaping the scope and structure of ICT services, with massive introduction of virtualization paradigms and tight integration with the physical environment. Several market forces are already driving towards the creation of multi-domain and complex business service chains, which undoubtedly bring more agility in service deployment and operation but introduce additional security and privacy concerns that have not been addressed in a satisfactory way yet. Tackling conflicting trends in the cybersecurity market, like fragmentation or vendor lock-ins, GUARD will develop an open and extensible platform for advanced assurance and protection of trustworthy and reliable business chains spanning multiple administrative domains and heterogeneous infrastructures. The purpose of GUARD is manifold: i) to increase the information base for analysis and detection, while preserving privacy, ii) to improve the detection capability by data correlation between domains and sources, iii) to verify reliability and dependability by formal methods that take into account configuration and trust properties of the whole chain, and iv) to increase awareness by better propagation of knowledge to the humans in the loop. The distinctive approach of GUARD will be the architectural separation between analysis and data sources, mediated by proper abstraction; this paradigm will result in an open, modular, pluggable, extendable, and scalable security framework. This holistic solution will blend security-by-design with enhanced inspection and detection techniques, raising situational awareness at different levels of the companies' structure by tailored informative contents, so to enable quick and effective reaction to cyber-threats. Demonstration and validation in two challenging scenarios is envisioned to bring the technology to an acceptable level of maturity, as well as direct involvement of relevant stakeholders for concrete business planning.

  10. Industrial Security (IT/OT convergence) (InduSec), 2019 - 2021. Task Leader (F.Skopik, AIT).
    National research project funded by the FFG in course of the 4th Call Qualification Networks.
    Abstract: InduSec focuses on information security in IT/OT environments and considers technical and organizational aspects of production from the point of view of attackers and defenders. Participants will learn the theoretical basics for securing existing IT/OT systems and new industry 4.0 technologies; the basics will be put into practice through exercises in a realistic test environment. Finally, a large-scale simulation game takes place in which the participants can apply the knowledge they have learned.

  11. Austrian Cyber Crisis Support Activities (ACCSA), 2017 - 2020. Coordinator (F.Skopik, AIT). [Overview Poster]
    National research project funded by the FFG in course of the KIRAS security research programme.
    Abstract: As the number of complex cyber attacks (such as ransomware, spear phishing, high-bandwidth DDoS, CEO fraud) has risen rapidly in recent years, it is becoming more and more challenging for companies and government agencies to adequately prepare for these incidents and to practive and test cyber crisis management (CKM) procedures. Therefore, the ACCSA research project deals with the question of how novel and comprehensive concepts for the training and exercise of CKM processes can be developed and applied by using current technologies in the area of CKM, in order to make a substantial contribution to the preparation for national cyber crises and enable a significantly reduced response time and error rate for all relevant actors. In ACCSA, an integral training and exercise concept is developed for all CKM actors and possible training scenarios and decision options are developed using exploratory scenario analysis. The concepts are designed to train inter-level communication (technology, management, first responder, politics) between actors and a comprehensive cooperation between the government and the economy to deal with cyber crises by the means of dynamic nonlinear exercises.

  12. Study on the establishment of an APT Competence Center in Austria (APT-CC), 2018 - 2020. Coordinator (F.Skopik, AIT). [Overview Poster]
    National research project funded by the FFG in course of the KIRAS security research programme.
    Abstract: Advanced Persistent Threats (APT) are complex, targeted and effective attacks on critical IT infrastructures and confidential data from government agencies, large and medium-sized enterprises. The establishment of an APT Competence Center (APT-CC) for the observation and investigation of espionage and sabotage in state-security-relevant organizations and critical infrastructures is a declared goal of the Austrian security ministries to increase national resilience. In order to establish an APT-CC effectively, it is essential in advance to lay the groundwork for fundamental decisions with regard to resources, equipment and relevant powers of such an APT-CC. This project is to be carried out as part of the KIRAS study APT-CC. In particular, it will be investigated to what extent sensor networks can be used for the proactive detection of APTs, what are the processes for the forensic processing of APTs and what possibilities exist for the establishment of a Rapid Response Team. On the one hand, the results are supplemented by legal considerations and, on the other hand, they are discussed on the basis of application-oriented case studies.

  13. Security for cyber-physical Value Networks Exploiting Smart Grid Systems (synERGY), 2017 - 2019. Coordinator (F.Skopik, AIT).
    National research project funded by the FFG in course of the ICT of the Future research programme.
    Abstract: The degree of sophistication of modern cyber-attacks has increased in recent years - in the future, these attacks will increasingly target CPS. Unfortunately, today's security solutions that are used for enterprise IT infrastructures are not sufficient to protect CPS, which have largely different properties, involve heterogeneous technologies, and have an architecture that is very much shaped to specific physical processes. The objective of synERGY is to develop new methods, tools and processes for cross-layer Anomaly Detection (AD) to enable the early discovery of both cyber- and physical-attacks with impact on CPS. To achieve this, synERGY will develop novel machine learning approaches to understand a system's normal behaviour and detect consequences of security issues as deviations from the norm. The solution proposed by synERGY will flexibly adapt itself to specific CPS layers, thus improving its detection capabilities. Moreover, synERGY will interface with various organizational data sources, such as asset databases, configuration management, and risk data to facilitate the semi-automatic interpretation of detected anomalies. The synERGY approach will be evaluated in real smart grid vendor environments - a societally important CPS. We propose, because of the approach taken in the project, the synERGY results will be readily applicable to a wide range of CPS in value networks, and will thus result in broader impact on future CPS security solutions.

  14. Power Semiconductor and Electronics Manufacturing 4.0 (SEMI4.0), 2016 - 2019. Task Contributor (F.Skopik, AIT).
    ECSEL Joint Undertaking, Innovation Action 692466-2, Call 2015-2.
    Abstract: Electronic components and systems are key drivers for the innovation capacity of European industries, large and small, generating economic growth and supporting meaningful jobs for citizens. They offer solutions to some of the difficult societal challenges addressing European policies for 2020 and beyond. For both reasons, it is vital that investments are made to assure European collaboration and the access to the technologies, know-how and manufacturing capabilities, which guarantee growth potential and strategic independence in the face of increased globalization.

  15. Crisismanagment/RISkanalysis - CROSSover system (CRISCROSS), 2017 - 2019. Work Package Leader (F.Skopik, AIT).
    National research project funded by the FFG in course of the KIRAS security research programme.
    Abstract: The state of the art in risk management implies a strong dependency on expert opinions and can only generate static views on a situation. CRISCROSS is a project that aims to develop a software tool, that collects knowledge about infrastructures, threats, vulnerabilities and attacks on these infrastructures online and aggregates all these data into a nation-wide dynamic situational view. The use case of this risk analysis tool is a KPI-based management and decision support system applicable in near real-time. The tool is expected to increase the analysis capabilities of national bodies, the willingness to cooperate across organizations and with the government, and the development of a real-world cyber risk situational view to support key decision making.

  16. Cyber Incident Situational Awareness (CISA), 2015 - 2018. Coordinator (F.Skopik, AIT). [Overview Poster]
    National research project funded by the FFG in course of the KIRAS security research programme.
    Abstract: The project CISA aims towards a consistent fusion of existing research activities in the field of national cyber security, in order to develop a process to establish cyber-situational awareness within a scientifically sound concept. At the operational and technical level, solutions for the collection and aggregation of information regarding cyber threats have been developed in the recent years, and at the strategic level the assessment and handling of cyber threats based on cyber situational awareness pictures has been studied. However, an important link, specifically the question of how the technical information from the cyberspace can be processed and presented in such a cyber-situational awareness picture, turned out to be a challenging problem, for which there are still no sufficient solutions. Therefore, the project CISA is carried out in close cooperation with national stakeholders to create a sound definition of the concept of cyber-situational awareness (both military and civilian), describe the creation and utilisation processes, and combine (existing) tools to new instruments. At the same time, the involvement of Austrian legal experts is crucial in order to ensure the real-world applicability of the newly developed solutions. Ultimately, these efforts are evaluated and assessed in a demonstrator during a cyber exercise.

  17. Bontempiorgel - Implementation Suggestion for an Authority Network, 2016 - 2017. Work Package Leader (F.Skopik, AIT).
    National research project funded by the FFG in course of the KIRAS security research programme.
    Abstract: project content classified.

  18. European Control System Security Incident Analysis Network (ECOSSIAN), 2014 - 2017. Work Package Leader (F.Skopik, AIT).
    EU large-scale integrated project. FP7 Security Call; Grant agreement no: 607577
    Abstract: The protection of critical infrastructures increasingly demands solutions which support incident detection and management at the levels of individual CI, across CIs which are depending on each other, and across borders. An approach is required which really integrates functionalities across all these levels. Cooperation of privately operated CIs and public bodies (governments and EU) is difficult but mandatory. After about 10 years of analysis and research on partial effects in CIP and for individual infrastructure sectors, ECOSSIAN is supposed to be the first attempt to develop this holistic system in the sense portrayed above. A prototype system will be developed which facilitates preventive functions like threat monitoring, early indicator and real threat detection, alerting, support of threat mitigation and disaster management. In the technical architecture with an operations centre and the interfaces to legacy systems (e.g., SCADA), advanced technologies need to be integrated, including fast data aggregation and fusion, visualization of the situation, planning and decision support, and flexible networks for information sharing and coordination support, and the connection of local operations centres. This system will only be successful, if the technical solutions will be complemented by an effective and agreed organizational concept and the implementation of novel rules and regulations. And finally, the large spectrum of economically intangible factors will have significant influence on the quality and acceptance of the system. These factors of societal perception and appreciation, the existing and required legal framework, questions of information security and implications on privacy will be analyzed, assessed and regarded in the concept. The system will be tested, demonstrated and evaluated in realistic use cases. They will be developed with the community of stakeholders and cover the sectors energy, transportation and finance, and the ubiquitous sector of ICT.

  19. Cyber Incident Information Sharing (CIIS), 2013 - 2016. Coordinator (F.Skopik, AIT).
    National research project funded by the FFG in course of the KIRAS security research programme.
    Abstract: The smooth operation of critical infrastructures, such as telecommunications or electricity supply is essential for our society. In recent years, however, operators of critical infrastructure have increasingly struggled with cyber security problems. Through the use of ICT standard products and the increasing network interdependencies, the attack surfaces and channels have multiplied. Therefore, the goals in CIIS are twofold: the development of mechanisms for information correlation, aggregation, and fingerprinting of status and attack data, as well as the development of methods and technologies for the exchange of information on cyber incidents to better defend against cyber attacks and to streamline the analysis of the current threat. As a result, the resilience of systems to be improved (e.g., operators of critical infrastructures) both between organizations and between organizational units within large organizations (e.g., within ministries) and increased regarding cyber attacks in sensitive areas.

  20. Smart Grid Security Guidance (SG2), 2012 - 2015. Coordinator (AIT).
    National research project funded by the FFG in course of the KIRAS security research programme.
    Abstract: Future energy grids will make extensive use of the integration of ICT technologies. Thus, cyber security risks become a threat even for energy suppliers. Numerous security issues are completely unsolved today, because these special environments require novel security mechanisms and processes. The aim of the project SG2 is therefore a systematic study of smart grid technologies in terms of ICT security issues and the research of countermeasures. Based on a thorough threat and risk analysis from a state-level perspective and security analysis of Smart Grid components, SG2 explores measures for power grid operators that serve to increase the security of computer systems deployed in the future critical infrastructure of "energy".
    Success story about the project on the open4innovation platform hosted by the funding body: https://open4innovation.at/de/highlights/sicherheitsforschung/information_sharing.php [pdf]

  21. Cyber Attack Information System (CAIS), 2011 - 2013. Coordinator (F.Skopik, AIT).
    National research project funded by the FFG in course of the KIRAS security research programme.
    Abstract: In the last years ICT has changed our lives considerably. This brings in some new dependencies - hardly anything is working without ICT these days, and this trend is even increasing. To reduce IT related risks the CAIS project is developing two tools as the foundation of a comprehensive Cyber Attack Information System. The project is focusing on a methodology and accompanying software tool for modelling, analysing and simulating IT infrastructures and specifically the interdependencies of them. It supports the identification of problematic areas and the simulation of threats for the development of countermeasures. The second tool developed within the project complements the first one and builds upon multiple data sources to correlate the data and analyse current threats and anomalies. It starts with information about traffic flows and incorporates interfaces to malware analysis systems and other security relevant information sources. Prospective users include large companies, e.g. operators of critical infrastructures, as well as public authorities responsible for security in Austria.

  22. Collaboration and Interoperability for Networked Enterprises (COIN), 2008 - 2011. Work Package Leader (TUV)
    EU Framework 7 IP project, Call 1, Theme ICT 1.1.3 ICT in support of the networked enterprise
    Overview of TU Vienna's contributions.
    Abstract: "By 2020 enterprise collaboration and interoperability services will become an invisible, pervasive and self-adaptive knowledge and business utility at disposal of the European networked enterprises from any industrial sector and domain in order to rapidly set-up, efficiently manage and effectively operate different forms of business collaborations, from the most traditional supply chains to the most advanced and dynamic business ecosystems." The mission of the COIN IP is to study, design, develop and prototype an open, self-adaptive, generic ICT integrated solution to support the above 2020 vision, starting from notable existing research results in the field of Enterprise Interoperability (and made available by the whole Enterprise Interoperability DG INFSO D4 Cluster and specifically by the projects ATHENA, INTEROP, ABILITIES, SATINE, TRUSTCOM) and Enterprise Collaboration (and made available by the projects ECOLEAD, DBE, E4 and ECOSPACE). In particular, a COIN business-pervasive open-source service platform will be able to expose, integrate, compose and mash-up in a secure and adaptive way existing and innovative to-bedeveloped Enterprise Interoperability and Enterprise Collaboration services, by applying intelligent maturity models, business rules and self-adaptive decision-support guidelines to guarantee the best combination of the needed services in dependence of the business context, as industrial sector and domain, size of the companies involved, openness and dynamics of collaboration. This way, the Information Technology vision of Software as a Service (SaaS) will find its implementation in the field of interoperability among collaborative enterprises, supporting the various collaborative business forms, from supply chains to business ecosystems, and becoming for them like a utility, a commodity, the so-called Interoperability Service Utility (ISU). The COIN project will finally develop an original business model based on the SaaS-U (Software as a Service-Utility) paradigm where the open-source COIN service platform will be able to integrate both free-of-charge and chargeable, open and proprietary services depending on the case and business policies.

  23. Current and Future Technologies for Collaborative Working Environments (ESA-CWE), 2008.
    funded by the European Space Agency (ESA), ESA ITT Number AO/3-12280/07/NL/CB.
    conducted in close collaboration with the ESA Advanced Concepts Team.

Publications

Copyright Policy on Published Papers
Several papers are available for download. By following these links you agree to respect the copyrights of the papers.
The papers obtained from this Web page are included by the contributing authors as a means to ensure timely dissemination of scholarly and technical work on a non-commercial basis. Copyright and all rights therein are maintained by the authors or by other copyright holders, notwithstanding that they have offered their works here electronically. It is understood that all persons copying this information will adhere to the terms and constraints invoked by each author's copyright. These works may not be reposted without the explicit permission of the copyright holder.

Edited Journals and Special Issues

  1. Skopik F., Stefanidis K. (2022): Fighting Cybercrime. [pdf]
    ERCIM - The European Research Consortium for Informatics and Mathematics., Number 128, April 2022. ERCIM.

Journal and Magazine Articles

  1. Skopik F., Akhras B. (2024): Taranis AI: Applying Natural Language Processing for Advanced Open-Source Intelligence Analysis.
    ERCIM News, Number 136, January 2024. ERCIM - The European Research Consortium for Informatics and Mathematics.

  2. Wurzenberger M., Hoeld G., Landauer M., Skopik F. (2024): Analysis of Statistical Properties of Variables in Log Data for Advanced Anomaly Detection in Cyber Security.
    Elsevier Computers & Security Journal, forthcoming. Elsevier.

  3. Skopik F., Bonitz A., Slamanig D. Kirschner M., Hacker W. (2023): SD4MSD: Using a Single Device for Multiple Security Domains.
    ERCIM News, Number 134, July 2023. ERCIM - The European Research Consortium for Informatics and Mathematics.

  4. Landauer M., Onder S., Skopik F., Wurzenberger M. (2023): Deep Learning for Anomaly Detection in Log Data: A Survey. [pdf]
    Machine Learning with Applications, Volume 12, 15 June 2023, 100470, Elsevier.

  5. Landauer M., Wurzenberger M., Skopik F., Hotwagner W., Hoeld G. (2023): AMiner: A Modular Log Data Analysis Pipeline for Anomaly-based Intrusion Detection. [pdf]
    Digital Threats: Research and Practice, Vol.4, Issue 1, pp. 1-16, ACM.

  6. Skopik F., Bonitz A., Grantz V., Goehler G. (2022): From scattered data to actionable knowledge: flexible cyber security reporting in the military domain. [pdf]
    International Journal of Information Security, Vol.21, pp. 1323-1347, Springer.

  7. Landauer M., Skopik F., Frank M., Hotwagner W., Wurzenberger M., Rauber A. (2022): Maintainable Log Datasets for Evaluation of Intrusion Detection Systems. [pdf]
    IEEE Transactions on Dependable and Secure Computing, Vol. 20, pp. 3466-3482, July-Aug. 2023, IEEE.

  8. Skopik F., Wurzenberger M., Hoeld G., Landauer M., Kuhn W. (2022): Behavior-Based Anomaly Detection in Log Data of Physical Access Control Systems. [pdf]
    IEEE Transactions on Dependable and Secure Computing, Vol. 20, pp. 3158-3175, July-Aug. 2023, IEEE.

  9. Landauer M., Skopik F., Wurzenberger M., Rauber A. (2022): Dealing with Security Alert Flooding: Using Machine Learning for Domain-independent Alert Aggregation. [pdf]
    ACM Transactions on Privacy and Security, Volume 25, Issue 3. August 2022, pp. 1-36, ACM.

  10. Skopik F., Landauer M., Wurzenberger M. (2022): Blind spots of security monitoring in enterprise infrastructures: A survey. [pdf]
    IEEE Security & Privacy, Vol.20, Issue 6, pp. 18-26. IEEE.

  11. Kern M., Skopik F. (2022): SPOTTED: Systematic Mapping of Detection Approaches on Data Sources for Enhanced Cyber Defence.
    ERCIM News, Number 128, April 2022. ERCIM - The European Research Consortium for Informatics and Mathematics.

  12. Landauer M., Skopik F., Wurzenberger M., Hotwagner W. (2022): Kyoushi Testbed Environment: A Model-driven Simulation Framework to Generate Open Log Data Sets for Security Evaluations.
    ERCIM News, Number 128, April 2022. ERCIM - The European Research Consortium for Informatics and Mathematics.

  13. Skopik F., Landauer M., Wurzenberger M. (2022): Online Log Data Analysis With Efficient Machine Learning: A Review. [pdf]
    IEEE Security & Privacy, Vol.20, Issue 3, pp. 80-90. IEEE.

  14. Leitner M., Frank M., Langner G., Landauer M., Skopik F., Smith P., Akhras B., Hotwagner W., Kucek S., Pahi T., Reuter L., Warum M. (2021): Enabling exercises, education and research with a comprehensive cyber range. [pdf]
    Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA) , Vol.12, Issue 4, December 2021.

  15. Skopik F., Wurzenberger M., Landauer M. (2021): The Seven Golden Principles of Effective Anomaly-Based Intrusion Detection. [pdf]
    IEEE Security & Privacy, Vol.19, Sept./Oct. 2021, pp. 36-45. IEEE.

  16. Landauer M., Skopik F., Wurzenberger M., Hotwagner W., Rauber A. (2021): Have It Your Way: Generating Customized Log Data Sets with a Model-driven Simulation Testbed.
    IEEE Transactions on Reliability, Vol.70, Issue 1, pp. 402-415. IEEE.

  17. Skopik F., Wurzenberger M., Landauer M. (2020): DECEPT: Detecting Cyber-Physical Attacks using Machine Learning on Log Data.
    ERCIM News, Number 123, October 2020, pp. 33-34. ERCIM - The European Research Consortium for Informatics and Mathematics.

  18. Skopik F., Landauer M., Wurzenberger M. et al. (2020): synERGY: Cross-correlation of operational and contextual data to timely detect and mitigate attacks to cyber-physical systems. [pdf]
    Elsevier Journal of Information Security and Applications (JISA), Volume 54, October 2020. Elsevier.

  19. Skopik F., Pahi T. (2020): Under false flag: Using technical artifacts for cyber attack attribution. [pdf]
    Springer Cybersecurity Journal, Vol.3, Article 8. Springer.

  20. Landauer M., Skopik F., Wurzenberger M., Rauber A. (2020): System Log Clustering Approaches for Cyber Security Applications: A Survey. [pdf]
    Elsevier Computers & Security Journal, Volume 92. May 2020, pp. 1-17. Elsevier.

  21. Skopik F., Filip S. (2019): A blueprint and proof-of-concept for a national cyber security sensor network.
    International Journal on Cyber Situational Awareness (IJCSA), Vol. 4, No. 1, pp. 155-184. C-MRIC.

  22. Skopik F. (2019): National Cyber Security Sensor Networks and the Human in the Loop. [pdf]
    Journal of Information Warfare, Vol. 18, Issue 2, pp. 01-14. Peregrine.

  23. Landauer M., Skopik F. (2019): INDICÆTING - Automatically Detecting, Extracting, and Correlating Cyber Threat Intelligence from Raw Computer Log Data.
    ERCIM News, Number 116, January 2019, pp. 25-26. ERCIM - The European Research Consortium for Informatics and Mathematics.

  24. Skopik F. (2018): Cross-Organizational Cyber Risk Assessments.
    ERCIM News, Number 115, October 2018, pp. 42-43. ERCIM - The European Research Consortium for Informatics and Mathematics.

  25. Landauer M., Wurzenberger M., Skopik F., Settanni G., Filzmoser P. (2018): Dynamic Log File Analysis: An Unsupervised Cluster Evolution Approach for Anomaly Detection. [pdf]
    Elsevier Computers & Security Journal, Volume 79. November 2018, pp. 94-116. Elsevier.

  26. Skopik F., Wurzenberger M., Fiedler R. (2018): synERGY: Detecting advanced attacks across multiple layers of cyber-physical systems.
    ERCIM News, Number 114, July 2018, pp. 30-31. ERCIM - The European Research Consortium for Informatics and Mathematics.

  27. Settanni G., Skopik F., Wurzenberger M., Fiedler R. (2018): Countering targeted cyber-physical attacks using anomaly detection in self-adaptive Industry 4.0 Systems.
    e&i Elektrotechnik und Informationstechnik, Volume 135, Issue 3, pp. 278-285. Springer.

  28. Pahi T., Leitner M., Skopik F. (2017): Preparation, Modelling and Visualization of Cyber Common Operating Pictures for National Cyber Security Centres. [pdf]
    Journal of Information Warfare, Vol. 16, Issue 4. Peregrine.

  29. Einzinger K., Skopik F. (2017): Über die datenschutzrechtliche Problematik in CERTs/CSIRTs-Netzwerken.
    Datenschutz und Datensicherheit (DuD), Vol. 41, Issue 8. Gabler Verlag | Springer Fachmedien.

  30. Settanni G., Skopik F. et al. (2017): A collaborative cyber incident management system for European interconnected critical infrastructures. [pdf]
    Elsevier Journal of Information Security and Applications (JISA), Volume 34 Part 2, June 2017, pp. 166-182. Elsevier.

  31. Pahi T., Skopik F. (2016): A Public-Private-Partnership Model for National Cyber Situational Awareness [pdf]
    International Journal on Cyber Situational Awareness (IJCSA), Vol. 1, November 2016, Article 2, C-MRIC.

  32. Wurzenberger M., Skopik F. (2016): The BAESE Testbed - Analytic Evaluation of IT Security Tools in Specified Network Environments.
    ERCIM News, Number 107, October 2016, pp. 51-52. ERCIM - The European Research Consortium for Informatics and Mathematics.

  33. Lucie L., Skopik F., Smith P., Kammerstetter M. (2016): From old to new: assessing cybersecurity risks for an evolving smart grid. [pdf]
    Elsevier Computers & Security Journal, Volume 62, September 2016, pp. 165-176. Elsevier.

  34. Skopik F., Leitner M., Pahi T. (2016): CISA: Establishing National Cyber Situational Awareness to Counter New Threats.
    ERCIM News, Number 106, July 2016, pp. 52-53. ERCIM - The European Research Consortium for Informatics and Mathematics.

  35. Skopik F., Settanni G., Fiedler R. (2016): A Problem Shared is a Problem Halved: A Survey on the Dimensions of Collective Cyber Defense through Security Information Sharing. [pdf]
    Elsevier Computers & Security Journal, Volume 60. July 2016, pp. 154-176. Elsevier.

  36. Wurzenberger M., Skopik F., Settanni G., Scherrer W. (2016): Complex Log File Synthesis for Rapid Sandbox-Benchmarking of Security- and Computer Network Analysis Tools. [pdf]
    Elsevier Information Systems (IS), Volume 60, Aug./Sept. 2016, pp. 13-33. Elsevier.

  37. Einzinger K., Skopik F., Fiedler R. (2015): Keine Cyber-Sicherheit ohne Datenschutz.
    Datenschutz und Datensicherheit (DuD), Vol. 39, Issue 11. Gabler Verlag | Springer Fachmedien.

  38. Friedberg I., Skopik F., Fiedler R. (2015): Cyber Situational Awareness through Network Anomaly Detection: State of the Art and New Approaches.
    e&i Elektrotechnik und Informationstechnik
    , Volume 132, Issue 2, pp. 101-105. Springer.

  39. Kaufmann H., Hutter R., Skopik F., Mantere M. (2015): A Structural Design for a Pan-European Early Warning System for Critical Infrastructures.
    e&i Elektrotechnik und Informationstechnik
    , Volume 132, Issue 2, pp. 117-121. Springer.

  40. Friedberg I., Skopik F., Settanni G., Fiedler R. (2015): Combating Advanced Persistent Threats: From Network Event Correlation to Incident Detection [pdf].
    Elsevier Computers & Security Journal, Volume 48, pp. 35-57. Elsevier.

  41. Skopik F., Bleier T. (2014): Securing Interconnected Cyber-Physical Systems through Strategic Information Sharing.
    ERCIM News, Number 97, April 2014, pp. 20-21. ERCIM - The European Research Consortium for Informatics and Mathematics.

  42. Skopik F., Fiedler R., Lendl O. (2014): Cyber Attack Information Sharing.
    Datenschutz und Datensicherheit (DuD), Vol. 38, Issue 4. Gabler Verlag | Springer Fachmedien.

  43. Skopik F. (2014): The Social Smart Grid: Dealing with Constrained Energy Resources through Social Coordination. [pdf]
    Journal of Systems and Software (JSS), Volume 89, March 2014, pp. 3-18. Elsevier.

  44. Skopik F., Langer L. (2013): Cyber Security Challenges in Heterogeneous ICT Infrastructures of Smart Grids.
    Journal of Communications (JCM), Volume 8, Issue 8, August 2013, pp. 463-472. Engineering and Technology Publishing.

  45. Skopik F., Smith P., Bleier T. (2013): Secure Smart Grids or Say 'Goodnight Vienna!'.
    ERCIM News, Number 92, January 2013, pp 38-39. ERCIM - The European Research Consortium for Informatics and Mathematics.

  46. Skopik F., Schall D., Dustdar S. (2012): Discovering and Managing Social Compositions in Collaborative Enterprise Crowdsourcing Systems.
    International Journal of Cooperative Information Systems (IJCIS), Volume 21, Issue 4, December 2012, pp 279-341. World Scientific.

  47. Schall D., Skopik F. (2012): Social Network Mining of Requester Communities in Crowdsourcing Markets.
    Social Network Analysis and Mining, Volume 2, Issue 4, December 2012, pp 329-344. Springer.

  48. Skopik F., Bleier T. (2012): Cybercrime and the Security of Critical Infrastructures.
    ERCIM News, Number 91, October 2012, pp 26-28. ERCIM - The European Research Consortium for Informatics and Mathematics.

  49. Skopik F., Ma Z., Bleier T., Grüneis H. (2012): A Survey on Threats and Vulnerabilities in Smart Metering Infrastructures.
    International Journal of Smart Grid and Clean Energy (IJSGCE), Volume 1, Issue 1, September 2012, pp 22-28. Engineering and Technology Publishing.

  50. Skopik F. (2012): Security is not enough! On Privacy Challenges in Smart Grids.
    International Journal of Smart Grid and Clean Energy (IJSGCE), Volume 1, Issue 1, September 2012, pp 7-14. Engineering and Technology Publishing.

  51. Ma Z., Wagner C., Woitsch R., Skopik F., Bleier T. (2012): Model-driven Security: from Theory to Application.
    International Journal of Computer Information Systems and Industrial Management Applications (IJCISIM), Volume 5, 2012, pp. 151-158. MIR Labs.

  52. Schall D., Skopik F., Dustdar S. (2012): Expert Discovery and Interactions in Mixed Service-Oriented Systems.
    IEEE Transactions on Services Computing (TSC), Volume 5, Issue 2, April-June 2012, pp 233-245. IEEE.

  53. Skopik F., Schall D., Dustdar S. (2012): Trusted Information Sharing Using SOA-Based Social Overlay Networks.
    International Journal of Computer Science and Applications, Volume 9, Issue 1, 2012, pp 116-151. Technomathematics Research Foundation.

  54. Dorn C., Skopik F., Schall D., Dustdar S. (2011): Interaction Mining and Skill-dependent Recommendations for Multi-objective Team Composition.
    Data & Knowledge Engineering, Volume 70, Issue 10, October 2011, pp 866-891. Elsevier.

  55. Skopik F., Schall D., Psaier H., Treiber M., Dustdar S. (2011): Towards Social Crowd Environments using Service-oriented Architectures.
    it - Information Technology: Special Issue on Knowledge Processes and Services, Volume 53, Issue 3, 3/2011, pp 108-116. Oldenbourg Wissenschaftsverlag.

  56. Skopik F., Schall D., Dustdar S. (2010): Modeling and Mining of Dynamic Trust in Complex Service-oriented Systems. [pdf]
    Elsevier Information Systems Journal (IS), Volume 35, Issue 7, November 2010, pp 735-757. Elsevier.

Conference Proceedings

    2023
  1. Langner G., Furnell S., Quirchmayr G., Skopik F. (2023): A comprehensive design framework for multi-disciplinary cyber security education.
    17th International Symposium on Human Aspects of Information Security & Assurance (HAISA 2023), July 04-06, 2023, Canterbury, United Kingdom. IFIP.

  2. Himler P., Landauer M., Skopik F., Wurzenberger M. (2023): Towards Detecting Anomalies in Log-Event Sequences with Deep Learning: Open Research Challenges.
    European Interdisciplinary Cybersecurity Conference (EICC 2023), June 14-15, 2023, Stavanger, Norway. ACM.


  3. 2022
  4. Landauer M., Skopik F., Hoeld G., Wurzenberger M. (2022): A User and Entity Behavior Analytics Log Data Set for Anomaly Detection in Cloud Computing.
    2022 IEEE International Conference on Big Data - 6th International Workshop on Big Data Analytics for Cyber Intelligence and Defense (BDA4CID 2022), December 17-20, 2022, Osaka, Japan. IEEE.

  5. Landauer M., Frank M., Skopik F., Hotwagner W., Wurzenberger M., Rauber A. (2022): A Framework for Automatic Labeling of Log Datasets from Model-driven Testbeds for HIDS Evaluation.
    ACM Workshop on Secure and Trustworthy Cyber-Physical Systems (ACM SaT-CPS 2022), April 27, 2022, Baltimore, MD, USA. ACM.

  6. Kern M., Skopik F., Landauer M., Weippl E. (2022): Strategic selection of data sources for cyber attack detection in enterprise networks: A survey and approach.
    The 37th ACM/SIGAPP Symposium On Applied Computing (ACM SAC 2022), April 25-29, 2022, Virtual Conference. ACM.

  7. Langner G., Skopik F., Furnell S, Quirchmayr G. (2022): A tailored model for cyber security education utilizing a cyber range.
    The 8th International Conference on Information Systems Security and Privacy (ICISSP 2022), February 09-11, 2022, Virtual Conference. INSTICC.


  8. 2021
  9. Skopik F., Leitner M. (2021): Preparing for National Cyber Crises Using Non-linear Cyber Exercises.
    18th Annual International Conference on Privacy, Security and Trust (PST 2021), December 13-15, 2021, Auckland, New Zealand / Virtual Conference. IEEE.

  10. Landauer M., Höld G., Wurzenberger M., Skopik F., Rauber A. (2021): Iterative Selection of Categorical Variables for Log Data Anomaly Detection.
    The 26th European Symposium on Research in Computer Security (ESORICS 2021), October 04-08, 2021, virtual. Springer.


  11. 2020
  12. Landauer M., Skopik F., Wurzenberger M., Hotwagner W., Rauber A. (2020): Have It Your Way: Generating Customized Log Data Sets with a Model-driven Simulation Testbed.
    The 20th IEEE International Conference on Software Quality, Reliability, and Security (QRS 2020), December 11-14, 2020, Macau, China. IEEE.

  13. Leitner M., Frank M., Hotwagner W., Langner G., Maurhart O., Pahi T., Reuter L., Skopik F., Smith P., Warum M. (2020): AIT Cyber Range: Flexible Cyber Security Environment for Exercises, Training and Research.
    European Interdisciplinary Cybersecurity Conference (EICC), November 18, 2020, Rennes, France. ACM.

  14. Wurzenberger M., Höld G., Landauer M., Skopik F., Kastner W. (2020): Creating Character-based Templates for Log Data to Enable Security Event Classification.
    15th ACM ASIA Conference on Computer and Communications Security (ACM Asia CCS), October 05-09, 2020, Taipei, Taiwan. ACM.

  15. Landauer M., Skopik F., Wurzenberger M., Hotwagner W., Rauber A. (2020): Visualizing Syscalls using Self-Organizing Maps for System Intrusion Detection.
    6th International Conference on Information Systems Security and Privacy (ICISSP 2020), February 25-27, 2020, Valetta, Malta. INSTICC.


  16. 2019
  17. Landauer M., Skopik F., Wurzenberger M., Hotwagner W., Rauber A. (2019): A Framework for Cyber Threat Intelligence Extraction from Raw Log Data.
    International Workshop on Big Data Analytics for Cyber Threat Hunting (CyberHunt 2019) in conjunction with the IEEE International Conference on Big Data 2019, December 9-12, 2019, Los Angeles, CA, USA. IEEE.

  18. Pahi T., Skopik F. (2019): Cyber Attribution 2.0: Capture the False Flag.
    18th European Conference on Cyber Warfare and Security (ECCWS 2019), July 04-05, 2019, Coimbra, Portugal. ACPI.

  19. Skopik F., Filip S. (2019): Design principles for national cyber security sensor networks: Lessons learned from small-scale demonstrators.
    International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA 2019), June 03-04, 2019, University of Oxford, United Kingdom. IEEE.

  20. Wurzenberger M., Landauer M., Skopik F., Kastner W. (2019): AECID-PG: A Tree-Based Log Parser Generator To Enable Log Analysis.
    4th IEEE/IFIP International Workshop on Analytics for Network and Service Management (AnNet 2019) in conjunction with the IFIP/IEEE International Symposium on Integrated Network Management (IM), April 8, 2019, Washington D.C., USA. IEEE.

  21. Skopik F. (2019): The limitations of national cyber security sensor networks debunked: Why the human factor matters.
    14th International Conference on Cyber Warfare and Security (ICCWS), February 28 - March 01, 2019, Stellenbosch University, South Africa. ACPI.


  22. 2018
  23. Landauer M., Wurzenberger M., Skopik F., Settanni G., Filzmoser P. (2018): Time Series Analysis: Unsupervised Anomaly Detection Beyond Outlier Detection.
    14th International Conference on Information Security Practice and Experience (ISPEC), September 25-27, 2018, Tokyo, Japan. Springer LNCS.

  24. Rass S., Schorn A., Skopik F. (2018): Trust and Distrust: On Sense and Nonsense in Big Data.
    IFIP Summer School on Privacy and Identity Management (IFIPSC 2018), August 20-24, 2018, Vienna, Austria. Springer LNCS.

  25. Settanni G., Skopik F., Karaj, A., Wurzenberger M., Fiedler R. (2018): Protecting Cyber Physical Production Systems using Anomaly Detection to enable Self-adaptation.
    1st IEEE International Conference on Industrial Cyber-Physical Systems (ICPS), May 15-18, 2018, Saint-Petersburg, Russia. IEEE.

  26. Wurzenberger M., Skopik F., Settanni G., Fiedler R. (2018): AECID: A Self-learning Anomaly Detection Approach Based on Light-weight Log Parser Models.
    4th International Conference on Information Systems Security and Privacy (ICISSP 2018), January 22-24, 2018, Funchal, Madeira - Portugal. INSTICC.


  27. 2017
  28. Wurzenberger M., Skopik F., Landauer M., Greitbauer P., Fiedler R., Kastner W. (2017): Incremental Clustering for Semi-Supervised Anomaly Detection applied on Log Data.
    12th International Conference on Availability, Reliability and Security (ARES), August 29 - September 01, 2017, Reggio Calabria, Italy. ACM.

  29. Pahi T., Leitner M., Skopik F. (2017): Data Exploitation at Large: Your Way to Adequate Cyber Common Operating Pictures.
    16th European Conference on Cyber Warfare and Security (ECCWS), June 29-30, 2017, Dublin, Ireland. ACPI.

  30. Wurzenberger M., Skopik F., Fiedler R., Kastner W. (2017): Applying High-Performance Bioinformatics Tools for Outlier Detection in Log Data.
    3rd IEEE International Conference on Cybernetics (CYBCONF), June 21-23, 2017, Exeter, UK. IEEE.

  31. Settanni G., Shovgenya Y., Skopik F., Graf R., Wurzenberger M., Fiedler R. (2017): Acquiring Cyber Threat Intelligence through Security Information Correlation.
    3rd IEEE International Conference on Cybernetics (CYBCONF), June 21-23, 2017, Exeter, UK. IEEE.

  32. Maghrabi L., Pfluegel E., Al-Fagih L., Graf R., Settanni G. and Skopik F. (2017): Improved Software Vulnerability Patching Techniques Using CVSS and Game Theory.
    International Conference on Cyber Security and Protection of Digital Services (Cyber Security 2017), June 19-20, 2017, London, UK. C-MRIC.

  33. Pahi T., Leitner M., Skopik F. (2017): Analysis and Assessment of Situational Awareness Models for National Cyber Security Centers.
    3rd International Conference on Information Systems Security and Privacy (ICISSP 2017), February 19-21, 2017, Porto, Portugal. INSTICC.


  34. 2016
  35. Settanni G., Shovgenya, Y., Skopik F., Graf R., Wurzenberger M., Fiedler R. (2016): Correlating Cyber Incident Information to Establish Situational Awareness in Critical Infrastructures.
    14th Conference on Privacy, Security and Trust (PST), December 12-14, 2016, Auckland, New Zealand. IEEE.

  36. Wurzenberger M., Skopik F., Fiedler R., Kastner W. (2016): Discovering Insider Threats from Log Data with High-Performance Bioinformatics Tools.
    8th ACM CCS International Workshop on Managing Insider Security Threats (MIST 2016) colocated with the 23rd ACM Conference on Computer and Communications Security (CCS), October 24-28, 2016, Vienna, Austria. ACM.

  37. Casas P., D'Alconzo A., Settanni G., Fiadino P., Skopik F. (2016): (Semi)-Supervised Machine Learning Approaches for Network Security in High-Dimensional Network Data.
    Workshop of Artificial Intelligence and Security (Alsec 2016) colocated with the 23rd ACM Conference on Computer and Communications Security (CCS), October 24-28, 2016, Vienna, Austria. ACM.

  38. Graf R., Skopik F., Whitebloom K. (2016): A Decision Support Model for Situational Awareness in National Cyber Operations Centers.
    International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA 2016), June 13-14, 2016, London, UK. C-MRIC.

  39. Settanni G., Skopik F., Shovgenya Y., Fiedler R.(2016): A Collaborative Analysis System for Cross-Organization Cyber Incident Handling.
    2nd International Conference on Information Systems Security and Privacy (ICISSP 2016), February 19-21, 2016, Rome, Italy. INSTICC.


  40. 2015
  41. Settanni G., Skopik F., Shovgenya Y., Fiedler R., et al. (2015): A Blueprint for a Pan-European Cyber Incident Analysis System.
    3rd International Symposium for ICS & SCADA Cyber Security Research 2015 (ICS-CSR 2015), September 17-18, 2015, Ingolstadt, Germany. BCS.

  42. Skopik F., Wurzenberger M., Settanni G., Fiedler R. (2015): Establishing National Cyber Situational Awareness through Incident Information Clustering.
    International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA 2015), June 8-9, 2015, London, UK. C-MRIC.

  43. Wurzenberger M., Skopik F., Settanni G., Fiedler R. (2015): Beyond Gut Instincts: Understanding, Rating and Comparing Self-Learning IDSs (Poster and Extended Abstract).
    International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA 2015), June 8-9, 2015, London, UK. C-MRIC.

  44. Shovgenya Y., Theuerkauf K., Skopik F. (2015): On Demand for Situational Awareness for Preventing Attacks on the Smart Grid.
    International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA 2015), June 8-9, 2015, London, UK. C-MRIC.


  45. 2014
  46. McLaughlin K., Sezer S., Smith P., Ma Z., Skopik F. (2014): PRECYSE: Cyber-attack Detection and Response for Industrial Control Systems.
    2nd International Symposium for ICS & SCADA Cyber Security Research, September 11-12, 2014, St. Pölten, Austria. BCS.

  47. Skopik F., Settanni G., Fiedler R., Friedberg I. (2014): Semi-Synthetic Data Set Generation for Security Software Evaluation.
    12th International Conference on Privacy, Security and Trust, July 23-14, 2014, Toronto, Canada. IEEE.

  48. Kammerstetter M, Langer L., Skopik F., Kastner W. (2014): Architecture-Driven Smart Grid Security Management.
    2nd ACM Workshop on Information Hiding and Multimedia Security, June 11-13, 2014, Salzburg, Austria. ACM.

  49. Kammerstetter M, Langer L., Skopik F., Kupzog F., Kastner W. (2014): Practical Risk Assessment Using a Cumulative Smart Grid Model.
    3rd International Conference on Smart Grids and Green IT Systems, April 03-04, 2014, Barcelona, Spain. INSTICC.

  50. Skopik F., Friedberg I., Fiedler R. (2014): Dealing with Advanced Persistent Threats in Smart Grid ICT Networks.
    5th IEEE Innovative Smart Grid Technologies Conference, February 19-22, 2014, Washington DC, USA. IEEE.


  51. 2013
  52. Langer L., Skopik F., Kienesberger G., Li Q. (2013): Privacy Issues of Smart E-Mobility.
    39th Annual Conference of the IEEE Industrial Electronics Society, November 10-13, 2013, Vienna, Austria. IEEE.

  53. Bleier T., Langer L., Skopik F., Smith P. (2013): Smart grid cyber-security standards: today and tomorrow.
    World Smart Grid Forum 2013, September 23-25, 2013, Berlin, Germany. VDE.

  54. Skopik F., Bonitz A. (2013): An Architectural Blueprint for a National Cyber Attack Information System.
    8th Future Security Research Conference, September 17-19, 2013, Berlin, Germany. Frauenhofer.

  55. Skopik F., Fiedler R. (2013): Intrusion Detection in Distributed Systems using Fingerprinting and Massive Event Correlation.
    43. Jahrestagung der Gesellschaft für Informatik e.V. (GI) (INFORMATIK 2013), September 16-20, 2013, Koblenz, Germany. GI.

  56. Ma Z., Smith P., Skopik F. (2013): Architectural Model for Information Security Analysis of Critical Information Infrastructures.
    IDIMT - Interdisciplinary Information and Management Talks, September 11-13, 2013, Prague, Czech Republic. Universitätsverlag Rudolf Trauner, Linz, Austria.

  57. Skopik F., Li Q. (2013): Trustworthy Incident Information Sharing in Social Cyber Defense Alliances.
    18th IEEE Symposium on Computers and Communications (ISCC), July 07-13, 2013, Split, Croatia. IEEE.

  58. Tauber M., Skopik F., Bleier T., Hutchison D. (2013): A Self-Organising Approach for Smart Meter Communication Systems.
    7th International Workshop on Self-Organizing Systems (IWSOS), May 09-10, 2013, Palma de Mallorca, Spain. Springer.


  59. 2012
  60. Skopik F., Bleier T., Fiedler R. (2012): Information Management and Sharing for National Cyber Situational Awareness.
    Information Security Solution Conference (ISSE), October 23-24, 2012, Brussels, Belgium. Vieweg Verlag.

  61. Skopik F., Treytl A., Geven A., Hirschler B., Bleier T., Eckel A., El-Salloum C., Wasicek A. (2012): Towards Secure Time-Triggered Systems.
    ERCIM/EWICS DECOS Dependable Cyber-physical Systems Workshop colocated with:
    31st International Conference on Computer Safety, Reliability and Security (SAFECOMP), September 25-28, 2012, Magdeburg, Germany. Springer.

  62. Skopik F., Bleier T., Kammerstetter M., Kienesberger G. (2012): Smart Grid Security Guidance: Eine Sicherheitsinitiative für Intelligente Stromnetze.
    42. Jahrestagung der Gesellschaft für Informatik e.V. (GI) (INFORMATIK 2012), September 16-21, 2012, Braunschweig, Germany. GI.

  63. Skopik F., Ma Z., Smith P., Bleier T. (2012): Designing a Cyber Attack Information System for National Situational Awareness.
    7th Security Research Conference, September 4-6, 2012, Bonn, Germany. Springer.

  64. Skopik F., Ma Z. (2012): Attack Vectors to Metering Data in Smart Grids under Security Constraints.
    The First IEEE International Workshop on Methods for Establishing Trust with Open Data (METHOD 2012) colocated with:
    IEEE 36th International Conference on Computer Software and Applications (COMPSAC), July 16-20, 2012, Izmir, Turkey. IEEE.

  65. Skopik F., Wagner C. (2012): Novel Energy Saving Opportunities in Smart Grids using a Secure Social Networking Layer.
    IEEE 36th International Conference on Computer Software and Applications (COMPSAC), July 16-20, 2012, Izmir, Turkey. IEEE.

  66. Skopik F. (2012): Towards a National Cyber Attack Information System.
    The Sixth Conference on Cyberterrorism and Cybercrime, June 12-13, 2012, Prague, Czech Republic.

  67. Raml R., Schuster C., Skopik F., Wagner C. (2012): An Empirical Study on the Acceptance of a Security Information System for Citizens.
    IADIS e-society 2012, March 10-13, 2012, Berlin, Germany. IADIS Press.


  68. 2011
  69. Schall D., Skopik F. (2011): An Analysis of the Structure and Dynamics of Large-scale Q/A Communities.
    15th East-European Conference on Advances in Databases and Information Systems (ADBIS), September 20-23, 2011, Vienna, Austria. Springer.

  70. Psaier H., Skopik F., Schall D., Dustdar S. (2011): Resource and Agreement Management in Dynamic Crowdcomputing Environments.
    15th IEEE International EDOC Conference (EDOC), August 29 - September 2, 2011, Helsinki, Finland. IEEE.

  71. Skopik F., Schall D., Dustdar S. (2011): Opportunistic Information Flows Through Strategic Social Link Establishment.
    10th IEEE/WIC/ACM International Conference on Web Intelligence (WI), August 22-27, 2011, Lyon, France. IEEE.

  72. Skopik F., Schall D., Dustdar S. (2011): Managing Social Overlay Networks in Semantic Open Enterprise Systems.
    1st International Conference on Web Intelligence, Mining and Semantics (WIMS), May 25-27, 2011, Sogndal, Norway. ACM.

  73. Skopik F., Schall D., Dustdar S. (2011): Computational Social Network Management in Crowdsourcing Environments.
    16th IEEE International Conference on Engineering of Complex Computer Systems (ICECCS), April 27-29, 2011, Las Vegas, USA. IEEE.

  74. Schall D., Skopik F., Psaier H., Dustdar S. (2011): Bridging Socially-Enhanced Virtual Communities.
    26th ACM Symposium On Applied Computing (SAC), March 21-25, 2011, Taichung, Taiwan. ACM.

  75. Skopik F., Schall D., Psaier H., Dustdar S. (2011): Adaptive Provisioning of Human Expertise in Service-oriented Systems.
    26th ACM Symposium On Applied Computing (SAC), March 21-25, 2011, Taichung, Taiwan. ACM.


  76. 2010
  77. Skopik F., Schall D., Psaier H., Dustdar S. (2010): Social Formation and Interactions in Evolving Service-oriented Communities.
    8th European Conference on Web Services (ECOWS), December 1-3, 2010, Ayia Napa, Cyprus. IEEE.

  78. Psaier H., Skopik F., Schall D., Juszczyk L., Treiber M., Dustdar S. (2010): A Programming Model for Self-Adaptive Open Enterprise Systems.
    5th MW4SOC Workshop of the 11th International Middleware Conference, November 29 - December 3, 2010, Bangalore, India. ACM.

  79. Schall D., Skopik F. (2010): Mining and Composition of Emergent Collectives in Mixed Service-Oriented Systems.
    12th IEEE Conference on Commerce and Enterprise Computing (CEC), November 10-12, 2010, Shanghai, China. IEEE.

  80. Psaier H., Juszczyk L., Skopik F., Schall D., Dustdar S. (2010): Runtime Behavior Monitoring and Self-Adaptation in Service-Oriented Systems.
    4th IEEE International Conference on Self-Adaptive and Self-Organizing Systems (SASO), September 27 - October 01, 2010, Budapest, Hungary. IEEE.

  81. Skopik F., Schall D., Dustdar S. (2010): Supporting Network Formation through Mining under Privacy Constraints.
    10th Annual International Symposium on Applications and the Internet (SAINT), July 19-23, 2010, Seoul, South Korea. IEEE.

  82. Psaier H., Skopik F., Schall D., Dustdar S. (2010): Behavior Monitoring in Self-healing Service-oriented Systems.
    34th Annual IEEE Computer Software and Applications Conference (COMPSAC), July 19-23, 2010, Seoul, South Korea. IEEE.

  83. Skopik F., Schall D., Dustdar S., Sesana M. (2010): Context-Aware Interaction Models in Cross-Organizational Processes.
    5th International Conference on Internet and Web Applications and Services (ICIW), May 09-15, 2010, Barcelona, Spain. IEEE.

  84. Treiber M., Skopik F., Schall D., Dustdar S., Haslinger S. (2010): Context-aware Campaigns in Social Networks.
    5th International Conference on Internet and Web Applications and Services (ICIW), May 09-15, 2010, Barcelona, Spain. IEEE.

  85. Skopik F., Schall D., Dustdar S. (2010): Trust-based Adaptation in Complex Service-oriented Systems.
    15th IEEE International Conference on Engineering of Complex Computer Systems (ICECCS), March 22-26, 2010, University of Oxford, UK. IEEE.

  86. Skopik F., Schall D., Dustdar S. (2010): Trustworthy Interaction Balancing in Mixed Service-oriented Systems.
    25th ACM Symposium On Applied Computing (SAC), March 22-26, 2010, Sierre, Switzerland. ACM.

  87. Skopik F., Schall D., Dustdar S. (2010): Trusted Interaction Patterns in Large-scale Enterprise Service Networks.
    18th Euromicro International Conference on Parallel, Distributed and Network-Based Computing (PDP), February 17-19, 2010, Pisa, Italy. IEEE.


  88. 2009
  89. Skopik F., Schall D., Dustdar S. (2009): Start Trusting Strangers? Bootstrapping and Prediction of Trust.
    10th International Conference on Web Information Systems Engineering (WISE), October 05-07, 2009, Poznan, Poland. Springer.

  90. Skopik F., Schall D., Dustdar S. (2009): The Cycle of Trust in Mixed Service-oriented Systems.
    35th Euromicro Conference on Software Engineering and Advanced Applications (SEAA), August 27-29, 2009, Patras, Greece. IEEE.

  91. Skopik F., Truong H.-L., Dustdar S. (2009): Trust and Reputation Mining in Professional Virtual Communities.
    9th International Conference on Web Engineering (ICWE), June 24-26, 2009, San Sebastian, Spain. Springer.

  92. Skopik F., Truong H.-L., Dustdar S. (2009): VieTE - Enabling Trust Emergence in Service-oriented Collaborative Environments.
    5th International Conference on Web Information Systems and Technologies (WEBIST), March 23-26, 2009, Lisbon, Portugal. INSTICC.

Books

  1. Skopik F., Wurzenberger M., Landauer M. (2021): Smart Log Data Analytics: Techniques for Advanced Security Analysis.
    208p., 1st edition, ISBN-13: 978-3-030-74449-6, Springer International Publishing.

  2. Skopik F., Pahi T., Leitner M. (2018): Cyber Situational Awareness in Public-Private-Partnerships: Organisationsübergreifende Cyber-Sicherheitsvorfälle effektiv bewältigen.
    347p., 1st edition, ISBN-10: 3662560836, ISBN-13: 978-3-662-56083-9, Springer Vieweg.

  3. Skopik F. (2017): Collaborative Cyber Threat Intelligence: Detecting and Responding to Advanced Cyber Attacks at the National Level.
    416p., 1st edition, ISBN-10: 1138031828, ISBN-13: 978-1138031821, Taylor & Francis, CRC Press.

  4. Skopik F., Smith P. (2015): Smart Grid Security - Innovative Solutions for a Modernized Grid.
    324p., 1st edition, ISBN-10: 0128021225, ISBN-13: 978-0128021224, Elsevier Science Publishing.

  5. Leopold H., Skopik F., Bleier T. (2015): Cyber Attack Information System: Erfahrungen und Erkenntnisse aus der IKT-Sicherheitsforschung.
    German, 208p., 1st edition, ISBN-10: 3662443058, ISBN-13: 978-3662443057, Springer Wien.

  6. Dustdar S., Schall D., Skopik F., Juszczyk L., Psaier H. (2011): Socially Enhanced Services Computing: Modern Models and Algorithms for Distributed Systems.
    153p., 1st edition, ISBN-10: 3709108128, ISBN-13: 978-3709108123, Springer Wien.

Book Chapters

  1. Skopik, F., Wurzenberger, M., Landauer, M. (2022): Detecting Unknown Cyber Security Attacks Through System Behavior Analysis.
    In Cybersecurity of Digital Service Chains (pp. 103-119). Springer, Cham.

  2. Wurzenberger, M., Landauer, M., Bajraktari, A., Skopik, F. (2022): Automatic Attack Pattern Mining for Generating Actionable CTI Applying Alert Aggregation.
    In Cybersecurity of Digital Service Chains (pp. 136-161). Springer, Cham.

  3. Wurzenberger M., Skopik F., Settanni G. (2018): Big Data for Cyber Security.
    In Encyclopedia of Big Data Technologies. Sakr, Sherif and Zomaya, Albert (Eds.)
    Springer International Publishing, 2019.

  4. Schall D., Skopik F. (2014): Collective Intelligence for Crowdsourcing and Community Q&A.
    In Encyclopedia of Social Network Analysis and Mining. Alhajj, Reda; Rokne, Jon (Eds.)
    Springer International Publishing, Sep. 2014, 2200p., ISBN 978-1-4614-6169-2. Update: 2nd edition in 2018.

  5. Möderl M., Rauch W., Achleitner S., Lukas A., Mayr E., Neunteufel R., Perfler R., Neuhold C., Godina R., Wiesenegger H., Friedl F., Fuchs-Hanusch D., Lammel J., Hohenblum P., Skopik F., Bleier T., Weber K., Eder F., Brugger M. (2014): Austrian activities in protecting critical water infrastructure. pp. 343-373
    In Securing Water and Wastewater Systems: Global Experiences, Volume 2. Editors: Robert M. Clark, Simon Hakim.
    Springer International Publishing, 2014, ISBN 978-3-319-01091-5.

  6. Jansson K., Sesana M., Skopik F., Olmo A. (2011): COIN Innovative Enterprise Collaboration Services.
    In The COIN Book: Enterprise Collaboration and Interoperability.
    Mainz, Nov. 2011, 200p., ISBN 3-86130-713-8.

  7. Haslinger S., Skopik F., Schall D., Treiber M. (2010): Woodapples: A new approach for Context Aware Mobile Marketing.
    In Mobile Web 2.0: Developing and Delivering Services to Mobile Phones.
    CRC Press, Dec. 2010, 617p., ISBN 9781439800829.

Technical Reports

  1. Ma Z., Smith P., Skopik F. (2012): Towards a Layered Architectural View for Security Analysis in SCADA Systems.
    Technical Report, ArXiv 1211.3908, November 2012.

  2. Dorn C., Skopik F., Schall D., Dustdar S. (2011): Interaction Mining and Skill-dependent Recommendations for Multi-objective Team Composition.
    Technical Report, TUV-1841-2011-03, Vienna University of Technology, April 2011.

  3. Skopik F., Schall D., Dustdar S. (2010): Adaptive Information Disclosure in a Dynamic Web of Trust.
    Technical Report, TUV-1841-2010-03, Vienna University of Technology, April 2010.

  4. Schall D., Skopik F., Dustdar S. (2010): Trust-based Discovery and Interactions in Mixed Service-Oriented Systems.
    Technical Report, TUV-1841-2010-01, Vienna University of Technology, April 2010.

  5. Truong H.-L., Sitek P., Aguilera C., Sesana M., Skopik F., Zarvic N. (2009): The COIN Enterprise Collaboration SaaS Platform.
    Project Report, FP7-216256 COIN, April 2009.

  6. Skopik F., Schall D., Truong H.-L., Dustdar S. (2009): Innovative Human Interaction Services Specification (Slides).
    Technical Report, FP7-216256 COIN, D4.5.1a, January 2009.

  7. Skopik F., Truong H.-L., Dustdar S. (2008): Current and Future Technologies for Collaborative Working Environments.
    Study, Full report for the European Space Agency (PDF), Executive Summary (PDF).
    ESA ITT Number AO/3-12280/07/NL/CB, May 2008.

Theses

  1. Skopik F. (2013): Discovery and Formation Models for Socio-computational Crowd Environments.
    PhD Thesis in Social and Economic Sciences (Dr.rer.soc.oec), Vienna University of Technology.

  2. Skopik F. (2010): Dynamic Trust in Mixed Service-oriented Systems - Models, Algorithms, and Applications.
    PhD Thesis in Computer Science (Dr.techn.), Vienna University of Technology. Slides of the Defense.
    Advisors: Prof. Schahram Dustdar, Prof. Frank Leymann.

Data Sets

  1. Landauer M., Skopik F., Wurzenberger M. (2023): AIT Alert Data Set [Data set].
    Zenodo, 2023. https://doi.org/10.5281/zenodo.8263180

  2. Landauer M., Skopik F., Hoeld G., Wurzenberger M. (2022): Cloud-based User Entity Behavior Analytics Log Data Set [Data set].
    Zenodo, 2022. https://doi.org/10.5281/zenodo.7119952

  3. Soro F., Landauer M., Skopik F., Hotwagner W., Wurzenberger M. (2022): AIT Netflow Data Set [Data set].
    Zenodo, 2022. https://doi.org/10.5281/zenodo.6610489

  4. Landauer M., Skopik F., Frank M., Hotwagner W., Wurzenberger M., Rauber A. (2022): AIT Log Data Set V2.0 (Version v2_0) [Data set].
    Zenodo, 2022. https://doi.org/10.5281/zenodo.5789064

  5. Landauer M., Frank M., Skopik F., Hotwagner W., Wurzenberger M., Rauber A. (2021): Kyoushi Log Data Set [Data set].
    Zenodo, 2021. https://doi.org/10.5281/zenodo.5779410

  6. Landauer M., Skopik F., Wurzenberger M., Hotwagner W., Rauber A. (2020): AIT Log Data Set V1.1 (Version v1_1) [Data set].
    Zenodo, 2020. https://doi.org/10.5281/zenodo.4264796

  7. Landauer M., Skopik F., Wurzenberger M., Hotwagner W., Rauber A. (2020): AIT Log Data Set V1.0 (Version v1_0) [Data set].
    Zenodo, 2020. https://doi.org/10.5281/zenodo.3723083

Contributions to Standards

  1. Organization for the Advancement of Structured Information Standards (OASIS) (2021): Structured Threat Information eXpression (STIX 2.1).
    Contribution via OASIS TC Cyber Threat Intelligence.

  2. European Telecommunications Standards Institute (ETSI) (2017): Implementation of the Network and Information Security (NIS) Directive, ETSI TR 103 456 V1.1.1 (2017-10).
    Contribution via ETSI TC Cyber.

  3. Organization for the Advancement of Structured Information Standards (OASIS) (2016): Structured Threat Information eXpression (STIX 2.0).
    Contribution via OASIS TC Cyber Threat Intelligence.

Other

  1. Skopik F. (2020): Logdatenanalyse mittels Machine Learning.
    GIT Gesellschaft für Informations- und Kommunikationstechnik im OVE, Newsletter 11/2020.

  2. Skopik F. (2015): Sicherheit als integrales Gesamtkonzept in IoT-Anwendungen.
    GIT Gesellschaft für Informations- und Kommunikationstechnik im OVE, Newsletter 12/2015.

  3. Skopik F. (2015): Organisationsübergreifender Austausch von Security-Informationen - eine interdisziplinäre Herausforderung!.
    GIT Gesellschaft für Informations- und Kommunikationstechnik im OVE, Newsletter 04/2015.

  4. Langer L., Kupzog F., Kammerstetter M., Kerbl T., Skopik F. (2013): Smart Grid Security Guidance (SG)2 - Empfehlungen für sichere Smart Grids in Österreich.
    Tagung ComForEn 2013 - 4. Fachkonferenz Kommunikation für Energienetze der Zukunft, September 26, 2013. OVE.

  5. Skopik F. (2013): Web Security.
    GIT Gesellschaft für Informations- und Kommunikationstechnik im OVE, Newsletter 09/2013.

  6. Skopik F. (2012): Sichere vernetzte Embedded Systems brauchen vernetzte Forschung und Entwicklung.
    GIT Gesellschaft für Informations- und Kommunikationstechnik im OVE, Newsletter 03/2012.

Student (Co-)Supervision & Lecturing

PhD Theses

  1. Manuel Kern: Systematic Mapping of Detection Approaches on Data Sources for Enhanced Cyber Defense, Vienna University of Technology, funded by the FFG via the "Industrienahe Dissertation" project SPOTTED (2021-2024), ongoing.
  2. Max Landauer: Intrusion Detection by Correlating Automatically Extracted Threat Intelligence, Vienna University of Technology, funded by the FFG via the "Industrienahe Dissertation" project INDICAETING (2018-2022), defended on May 16th, 2022.
  3. Markus Wurzenberger: Benchmarking and Analytic Evaluation of IDSs in Specified Environments, Vienna University of Technology, funded by the FFG via the "Industrienahe Dissertation" project BAESE (2016-2019), defended on March 26th, 2021.

MSc Theses

  1. Marin Dylgjeri: Quantitative Comparison of Clustering Algorithms for Massive Online Log Data Analysis, TU Wien, 2023.
  2. Patrick Himler: Federated learning for log-based anomaly detection, TU Wien, 2022.
  3. Georg Höld: Goodness of fit tests with estimated parameters, TU Wien, 2022.
  4. Cristodulo Simion Dias: Practical Use Cases of Anomaly Detection in the Fields of Cyber Security and Internet of Things, FH Technikum Wien Wien, 2021.
  5. Maximilian Frank: Quality improvement of labels for model-driven benchmark data generation for intrusion detection systems, TU Wien, 2021.
  6. Timea Pahi: Nationale Cyber Lagezentren: Umsetzung und Unterstützung, FH Joanneum, 2019.
  7. Manuel Kern: Erhebung und Bewertung relevanter Datenquellen zur Erkennung von Advanced Persistent Threats, FH Technikum Wien, 2019.
  8. Stefan Filip: Applying Cyber Security Sensors to gain Cyber Situational Awareness, Vienna University of Technology, ongoing.
  9. Max Landauer: Dynamic Log File Analysis: An Unsupervised Cluster Evolution Approach for Anomaly Detection, Vienna University of Technology, 2018.
  10. Anjeza Karaj: Application of Anomaly Detection for Steering the Security Posture of Self-Adaptive Cyber Physical Systems, FH Kaernten, 2017.
  11. Yegor Shovgenya: Applying Free Text Analysis Methods to Support Vulnerability and Incident Report Handling, University Vienna, ongoing.
  12. Markus Wurzenberger: Synthetic Log Data Modeling for the Evaluation of Intrusion Detection Systems, Vienna University of Technology, 2015.
  13. Ivo Friedberg: Anomaly Detection Through Massive Event Correlation in ICT Networks, Vienna University of Technology, 2014.
  14. Iwona Leś: Trusted Information Sharing, Vienna University of Technology, 2011.

BSc Theses

  1. Ernst Leierzopf: Systematische Evaluierung möglicher Ansätze für Unit Tests in der Software-Qualitätssicherung, FH Oberösterreich Campus Hagenberg, 2019.
  2. Timea Pahi: Cyber Intelligence Centre Framework: From technical data to strategic decisions in cyber defense, FH St. Poelten, 2016.

Lectures

  1. BITI-5SM-WS2020 - System- und Netzwerksicherheit, University of Applied Sciences (FH) Burgenland, winter term 2020
  2. BITI-5SM-WS2021 - System- und Netzwerksicherheit, University of Applied Sciences (FH) Burgenland, winter term 2021
  3. BITI-5SM-WS2022 - Sicherheit in IT-Systemen ILV, University of Applied Sciences (FH) Burgenland, winter term 2022
  4. B.INFO.V.20.WS22 - Fortgeschrittene IT-Sicherheit ILV, University of Applied Sciences (FH) Wiener Neustadt, winter term 2022
  5. BITI-5SM-WS2023 - Sicherheit in IT-Systemen ILV, University of Applied Sciences (FH) Burgenland, winter term 2023
  6. B.INFO.V.21.WS23 - Fortgeschrittene IT-Sicherheit ILV, University of Applied Sciences (FH) Wiener Neustadt, winter term 2023
Professional Activities

About me (and my work) in the Press/Media

  1. Künstliche Intelligenz und Cybersicherheit: Feiern oder fürchten? (German), Podcast "Web of Trust, Episode 3", Lena Jansa, 24. Januar 2024.
  2. Wie Autos sicherer gemacht werden (German), Kurier Nr. 279 am 09. Oktober 2023; Barbara Wimmer. Seite 19, 2023.
  3. Wie Sicherheitsforscher verhindern, dass Autos gehackt werden (German), Futurezone Oktober 2022; Barbara Wimmer. online, 09.10.2023.
  4. Im Fadenkreuz - Wie kann der digitalisierte Maschinenbau kontern? Und was bringt die EU Regulierungswelle? (German), Industriemagazin Oktober 2022; Peter Oslak. Seiten 64-69, 2022.
  5. Immer mehr Menschen gehen Internetbetrügern ins Netz (German), Salzburger Nachrichten am 22.09.2022; Nike Kacianka. Seite 19, 2022.
  6. Cyberkriminelle haben oft leichtes Spiel (German), Beilage zu derStandard am 30.09.2021; Topic "Technologies for Smart Factories", Anna Deisenhammer. Seite 5, 2021.
  7. Handy gehackt! Was tun? (German), Contribution on the national radio station OE3. Ö3 Wecker, Shin Chang, 6:39 -6:43 AM, June 25th, 2021.
  8. Es kann jeden erwischen (German), Author: Hansjörg Preims, Ausgabe 06/2021. OIZ Österreichische Immobilien Zeitung, Austria.
  9. Aktuell Nach Eins: Cybercrime im Home Office (German), Author: Anita Dollmanits, Contributing interview for the Austrian national broadcasting corporation ORF2, March 3rd, 2021. [Watch online]
  10. Homeoffice als Risikofaktor (German), Author: Saskia Etschmaier, Contributing interview for the Austrian national broadcasting corporation ORF, published on the ORF News site, February 15th, 2021.
  11. Mehrfach bedenklicher Telegram-Boom (German), Author: Saskia Etschmaier, Contributing interview for the Austrian national broadcasting corporation ORF, published on the ORF News site, December 05th, 2020.
  12. Wissenschaftsradio: Das schwächste Glied in der Kette ist der Mensch (German), Interview on the radio station NJOY, May 12th, 2020.
  13. Ende von Windows-7 - sicherheitsgefährdend (German), Comment on the national radio stations of the Austrian broadcasting company. January 14th, 2020.
  14. 3 Antworten zur Cyber-Attacke auf das Außenministerium (German), Interview on the national radio station OE3 with Martin Krachler. Ö3 Wecker Prime Time, 7:35-7:40 AM, January 8th, 2020.
  15. Chats löschen - geht das so einfach? (German), Author: Alfred Bankhamer, Issue 48/2019. Trend Premium, Austria.
  16. Im Netzwerk der ÖVP (German), Author: Rainer Nowak, Iris Bonavida and Manuel Reinartz, Coverstory, September 06, 2019. DiePresse, Austria.
  17. Wie sicher ist das Netz? (German), Author: Karin Legat, December 17, 2018. energie Report, Austria.
  18. Die Facebook-Falle: Was Zuckerbergs Datenskandal für österreichische Normalbürger bedeutet (German), April 13, 2018. News Magazin, Nr. 15, Austria.
  19. Servus am Abend: Virenfalle Fotodrucker - was die Geräte eigentlich mit unseren USB-Sticks anstellen (German), January 9, 2018, ServusTV (Austrian private TV station), Austria. [Watch online]
  20. Newton: Tag X - gut gerüstet für die Katastrophe?! (German), interview in the science tv show "Newton" about energy blackouts, September 23, 2017, ORF 1 (Austrian broadcasting corporation), Austria. [Watch on Youtube]
  21. Kritische Infrastruktur besser geschützt: Europäisches Kontrollsystem zur Abwehr von Cyber-Security-Angriffen (German), press release, published online at computerwelt.at and mycity24.at, Sender: TECHNIKON Forschungsgesellschaft mbH, July 28, 2017, pressetext.com, Austria.
  22. Sicher gut geschützt (German), Cover-Story about ICT Security Research in Austria, Author: Alfred Bankhamer, May 29, 2017, Issue 21, e-Trend, Austria.
  23. IT-Experte: "Man hätte Wannacry frühzeitig erkennen können" (German), Interview about WannaCry, Author: Alois Pumhösel, May 26, 2017, derstandard.at, Austria.
  24. Sicher in der Cloud (German), Interview about security in hotels, Author: Thomas Schweighofer, Nov. 2015, Issue 11, Hotel & Touristik, Austria.
  25. Cyber-Angriffe: "Eine grundsätzliche Bedrohung der Gesellschaft" (German), Interview with Springer Professional, Author: Andreas Burkert, September 28, 2015, Springer, Germany.
  26. Virtuelle Fahndung nach unbekannten Tätern (German), Article about my current research work, Author: Tanja Traxler, September 18, 2015, derstandard.at, Austria.

Panels

  1. United Nations (UN) Technology Innovation Labs: Cybersecurity Challenge - Countering Digital Terrorism, Jury member of the panel at the 2020 cyber security challenge, December 05-06, 2019, Vienna, Austria.
  2. Smart Grid Security: Current and Future Issues, Panel chair at the 5th IEEE Innovative Smart Grid Technologies Conference, February 19-21, 2014, Washington DC, USA.
  3. Smart Grid Security & Privacy - The new Challenges for Distribution System Operators, Panel participant at the Siemens Workshop: Intelligent Distribution Systems in the Smart Grid in conjunction with the E-World: Energy & Water, February 10-14, 2014, Essen, Germany.

Awards and Competitions

  1. Ideenwettbewerb Innovationstagung Cyber- und Informationstechnologie der CODE der Universität der Bundeswehr München, Pitch Talk: AMiner - Erkennen Smarter Cyber-Angriffe in komplexen Infrastrukturen (in German), ranked 4th out of 22 submissions, [certificate], July 12th, 2023.

Guest Editor of Journals

  1. ERCIM News No. 129 - Special Theme "Fighting Cybercrime", ERCIM - the European Research Consortium for Informatics and Mathematics, April, 2022.

Keynotes and Invited Talks

  1. Skopik F., Akhras B.: "Advanced OSINT Analysis for NIS Authorities, CSIRT Teams, and Organizations"; IKT Sicherheitskonferenz des Abwehramts, Linz, Austria, 04.10.2023. [slides]
  2. Skopik F.: "CADSP: Cyber Attack Decision and Support Platform"; 3. Fachtagung FORTISSIMO, FFG und BMLV, Eisenstadt, Austria, 25.04.2023. [slides]
  3. Skopik F.: "Active Cyber Security 4TW"; CriM - Cyber Security Seminar and Workshops , University of Oulu, Finland, Nov 7-11, 2022.
  4. Skopik F.: "Active Security 4TW"; Siemens CEE CISO Meeting, Wien, Austria, 27.06.2022.
  5. Slamanig D., Skopik F., Lechner P.: "SD4MSD: Single Device for Multiple Security Domains"; 2. Fachtagung FORTISSIMO, FFG und BMLV, Eisenstadt, Austria, 26.04.2022.
  6. Skopik F., Wurzenberger M.: "Cyber Security Research Program at AIT: Overview and Insights"; ViSP System Security Research Meetup, Vienna, Austria; 10.12.2021.
  7. Skopik F., Wurzenberger M., Landauer M.: "Don't get hacked, get AMiner! Log Data Analysis for Intrusion Detection"; In-Depth Security Conference Europe (DeepSec) 2021, Vienna, Austria; 18.11.-19.11.2021. [slides]
  8. Skopik F.: "CISA - Cyber Incident Situational Awareness"; KIRAS Fachtagung 2020, Vienna, Austria; 21.09.2020. [slides]
  9. Skopik F.: "Cyber Attack Decision and Support Platform" (in German); 1. Fachtagung FORTISSIMO, FFG und BMLV, Eisenstadt, Austria, 26.11.2019. [slides]
  10. Skopik F., Wurzenberger M., Landauer M.: "Machine Learning für Logdatenanalyse - Ein Ausblick auf Morgen"; IKT Sicherheitskonferenz des Abwehramts, Fürstenfeld, Austria, 01.10.2019. [slides]
  11. Krenn W., Skopik F., Leitner M.: "AIT's Wholistic Cybersecurity Approach - from Machine Code to Cyber Ranges"; Security Forum Hagenberg, Hagenberg, Austria, 11.04.2019.
  12. Skopik F.: "Cyber Security-Herausforderungen durch die voranschreitende Digitalisierung" (in German); Digitalisierung in der Siedlungswasserwirtschaft, ÖWAV, Innsbruck, Austria, 06.02.2019.
  13. Skopik F.: "Integriertes Incident Response in modernen IT-OT Infrastrukturen" (in German); National Cyber Security Exercise (KSÖ Planspiel 2017), Wien, Austria, 06.11. and 07.11.2017. [slides on request]
  14. Skopik F.: "Sensornetze: Technische Möglichkeiten, Rahmenbedingungen und Herausforderungen" (in German); IKT Sicherheitskonferenz des Abwehramts, Villach, Austria, 27.09.2017. [slides]
  15. Skopik F.: "Gefahren in der vernetzten Welt - Überblick über IKT- und Informationssicherheit und deren Relevanz für den HTL Unterricht" (in German); KeyNote at Konferenz der Abteilungsvorstände der HTLs Österreichs, Windischgarsten, Austria; 23.03.2017.
  16. Skopik F.: "Cyber Attack Information Systems: Erkennen und Bewältigen von Advanced Persistent Threats"; Sehen und Verstehen 2016, Vienna, Austria; 25.02.2016.
  17. Skopik F., Fiedler R.: "Erkennen und Bewältigen von Advanced Persistent Threats: Erkenntnisse aus dem Projekt CIIS"; CERT Stammtisch Jänner 2016, Vienna, Austria; 13.01.2016.
  18. Skopik F.: "CIIS - Cyber Incident Information Sharing"; KIRAS Fachtagung 2015, Vienna, Austria; 05.11.2015.
  19. Skopik F.: "Combating Advanced Persistent Threats with AECID"; Bits That Byte Lecture Series at the University of Applied Sciences Burgenland, Eisenstadt, Austria; 17.10.2014.
  20. Skopik F.: "Combating Advanced Persistent Threats through Log Data Fusion"; International Workshop on Data Fusion and Big Data, Thun, Switzerland; 27.08.2014.
  21. Skopik F.: "Cyber Defense and Situational Awareness: CAIS, CIIS and ECOSSIAN"; KIRAS Fachtagung 2014, Vienna, Austria; 22.10.2014.
  22. Skopik F.: "Smart Grid Security & Privacy - The new Challenges for Distribution System Operators"; Siemens Workshop: Intelligent Distribution Systems in the Smart Grid, Essen, Germany; 12.02.2014.
  23. Skopik F.: "Trustworthy Incident Information Sharing for Collaborative Cyber Defense"; ICT Networking Event Vienna - Security and Visualization, Vienna, Austria; 07.10.2013.
  24. Skopik F.: "CAIS - Cyber Attack Information System: A National Cyber Defense System as a best practice example"; NTU AIT Security Workshop 2012, Singapore; 29.10.2012 - 30.10.2012.
  25. Skopik F.: "Towards a National Cyber Attack Information System"; The Sixth International Conference on Cyberterrorism and Cybercrime, Prague, Czech Republic; 12.06.2012 - 13.06.2012.

Member in Standardization Groups

  1. ETSI TC Cyber - European Telecommunication Standards Institute
  2. OASIS CTI - OASIS Cyber Threat Intelligence
  3. IFIP TC11 WG1 - Information Security Management

Editorial Board Memberships

  1. IEEE Transactions on Dependable and Secure Computing (TDSC) - IEEE Computer Society, New York, USA, ISSN: 1545-5971
  2. Open Journal of Web Technologies (OJWT) - Research Online Publishing, Lübeck, Germany, ISSN: 2199-188X
  3. International Journal on Advances in Networks and Services - IARIA, ISSN: 1942-2644
  4. International Journal of Smart Grid and Clean Energy (IJSGCE) - Engineering and Technology Publishing, ISSN: 2315-4462

Program Committee Chair

  1. ARES 2024 - 19th International Conference on Availability, Reliability and Security, EU Workshop Symposium Chair 2023, July 30 - August 02 2024 - Vienna, Austria.
  2. ARES 2023 - 18th International Conference on Availability, Reliability and Security, EU Workshop Symposium Chair 2023, August 29 - September 01, 2023 - Benevento, Italy.
  3. ARES 2022 - 17th International Conference on Availability, Reliability and Security, EU Workshop Symposium Chair 2022, August 23-26, 2022 - Vienna, Austria.
  4. IWSGNC 2015 - 2015 International Workshop on Smart Grid Networking and Communications, October 20-23, 2015 - Offenburg, Germany.
  5. IWSGNC 2014 - 2014 International Workshop on Smart Grid Networking and Communications, October 29-31, 2014 - Sharjah, U.A.E.

Program Committee Memberships

  1. ARES 2024 - 19th International Conference on Availability, Reliability and Security, July 30 - August 02, 2024 - Vienna, Austria.
  2. EICC 2024 - European Interdisciplinary Cybersecurity Conference, June 05-06, 2024 - Democritus University of Thrace, Greece.
  3. ACM SAC 2024 - The 39th ACM/SIGAPP Symposium On Applied Computing, April 08-12, 2024 - Avila, Spain.
  4. ICISSP 2024 - The 10th International Conference on Information Systems Security and Privacy, February 26-28, 2024 - Rome, Italy.
  5. CRITIS 2023 - 18th International Conference on Critical Information Infrastructures Security, September 13-15, 2023 - Helsinki, Finland.
  6. ARES 2023 - 18th International Conference on Availability, Reliability and Security, August 29 - September 01, 2023 - Benevento, Italy.
  7. Cyber Science 2023 - International Conference on Cyber Situational Awareness, Data Analytics and Assessment 2022, July 03-04, 2023 - Copenhagen, University of Aalborg, Denmark.
  8. EICC 2023 - European Interdisciplinary Cybersecurity Conference, June 14-15, 2023 - Stavanger, Norway.
  9. ACM SAC 2023 - The 38th ACM/SIGAPP Symposium On Applied Computing, March 27-31, 2023 - Tallinn, Estonia.
  10. ICISSP 2023 - The 9th International Conference on Information Systems Security and Privacy, February 16-18, 2023 - Lisbon, Portugal.
  11. CRITIS 2022 - 17th International Conference on Critical Information Infrastructures Security, September 14-16, 2022 - Munich, Germany.
  12. ARES 2022 - 17th International Conference on Availability, Reliability and Security, August 23-26, 2022 - Vienna, Austria.
  13. Cyber Science 2022 - International Conference on Cyber Situational Awareness, Data Analytics and Assessment 2022, June 20-21, 2022 - Wales, UK.
  14. EICC 2022 - European Interdisciplinary Cybersecurity Conference, June 08-09, 2022 - Barcelona, Spain.
  15. ICISSP 2022 - The 8th International Conference on Information Systems Security and Privacy, February 09-11, 2022 - online.
  16. ACM SAC 2022 - The 37th ACM/SIGAPP Symposium On Applied Computing, April 25-29, 2022 - Brno, Czech Republic.
  17. EICC 2021 - European Interdisciplinary Cybersecurity Conference, November 10-11, 2021 - Targu Mures, Romania.
  18. CRITIS 2021 - 16th International Conference on Critical Information Infrastructures Security, September 27-29, 2021 - Lausanne, Switzerland.
  19. ARES 2021 - 16th International Conference on Availability, Reliability and Security, August 17-20, 2021 - all-digital conference.
  20. Cyber Science 2021 - International Conference on Cyber Situational Awareness, Data Analytics and Assessment 2021, June 14-16, 2021 - virtual conference.
  21. ACM SAC 2021 - The 36th ACM/SIGAPP Symposium On Applied Computing, Data Analytics and Assessment, March 22 - 26, 2021 - Gwangju, Korea.
  22. ICS-CSR 2020 - 7th International Symposium for ICS & SCADA Cyber Security Research 2020, August 26-27, 2020 - Dublin, Ireland.
  23. CyberSA 2020 - International Conference on Cyber Situational Awareness, Data Analytics and Assessment 2020, June 15-17, 2020 - Dublin, Ireland.
  24. ACM SAC 2020 - The 35th ACM/SIGAPP Symposium On Applied Computing, Data Analytics and Assessment, March 30 - April 03, 2020 - Brno, Czech Republic.
  25. ICS-CSR 2019 - 6th International Symposium for ICS & SCADA Cyber Security Research 2019, September 11-12, 2019 - Athens, Greece.
  26. CyberSA 2019 - International Conference on Cyber Situational Awareness, Data Analytics and Assessment 2019, June 03-04, 2019 - University of Oxford, UK.
  27. SPT-IoT@PERCOM 2019 - The Third International Workshop on Security, Privacy and Trust in the Internet of Things colocated with IEEE PERCOM 2019, March 11-15, 2019 - Kyoto, Japan.
  28. ACM SAC 2019 - The 34th ACM/SIGAPP Symposium On Applied Computing, Data Analytics and Assessment, April 8-12, 2019 - Limassol, Cyprus.
  29. ICS-CSR 2018 - 5th International Symposium for ICS & SCADA Cyber Security Research 2018, August 29-30, 2018 - Hamburg, Germany.
  30. APF 2018 - ENISA's Annual Privacy Forum 2017, June 13-14, 2018 - Barcelona, Spain.
  31. ACM SAC 2018 - The 33rd ACM/SIGAPP Symposium On Applied Computing, Data Analytics and Assessment, April 9-13, 2018 - Pau, France.
  32. CyberSA 2017 - International Conference on Cyber Situational Awareness, Data Analytics and Assessment, June 19-20, 2017 - London, UK.
  33. APF 2017 - ENISA's Annual Privacy Forum 2017, June 07-08, 2017 - Vienna, Austria.
  34. IEA/AIE 2017 - The 30th International Conference on Industrial, Engineering, Other Applications of Applied Intelligent Systems - Special Track on Anomaly Detection, June 27-30, 2017 - Arras, France.
  35. SAC WT 2017 - 32nd Annual ACM Symposium on Applied Computing - Web Technologies Track, April 03-07, 2017 - Marrakech, Morocco.
  36. IEEE PERCOM 2017 - The 2nd IEEE PERCOM Workshop on Security, Privacy and Trust in the Internet of Things - in conjunction with IEEE International Conference on Pervasive Computing and Communications 2017, March 14-18, 2017 - Hawaii, USA.
  37. ICSGCE 2016 - International Conference on Smart Grid and Clean Energy Technologies, October 19-22, 2016 - Chengdu, China.
  38. IEEE ISGT 2016 - 7th IEEE PES Innovative Smart Grid Technologies Conference, September 06-09, 2016 - Minneapolis, Minnesota, USA.
  39. ICS-CSR 2016 - 4th International Symposium for ICS & SCADA Cyber Security Research 2016, August, 2016 - Belfast, Ireland.
  40. SAC WT 2016 - 31st Annual ACM Symposium on Applied Computing - Web Technologies Track, April 03-08, 2016 - Pisa, Italy.
  41. ICS-CSR 2015 - 3rd International Symposium for ICS & SCADA Cyber Security Research 2015, September 17-18, 2015 - Ingolstadt, Germany.
  42. ICIW 2015 - The Tenth International Conference on Internet and Web Applications and Services, June 21-26, 2015 - Brussels, Belgium.
  43. SAC WT 2015 - 30th Annual ACM Symposium on Applied Computing - Web Technologies Track, April 13-17, 2015 - Salamanca, Spain.
  44. IEEE ISGT 2015 - 6th IEEE PES Innovative Smart Grid Technologies Conference, February 18-20, 2015 - Washington D.C., USA.
  45. METHOD@ISWC 2014 - 3rd International Workshop on Methods for Establishing Trust with Open Data (colocated with The 13th International Semantic Web Conference), October 19-23, 2014 - Riva Del Garda - Trentino, Italy.
  46. ICIW 2014 - The Ninth International Conference on Internet and Web Applications and Services, July 20-24, 2014 - Paris, France.
  47. SAC WT 2014 - 29th Annual ACM Symposium on Applied Computing - Web Technologies Track, March 24-28, 2014 - Gyeongju, Korea.
  48. IEEE ISGT 2014 - 5th IEEE PES Innovative Smart Grid Technologies Conference, February 19-22, 2014 - Washington D.C., USA.
  49. ICSGCE 2013 - International Conference on Smart Grid and Clean Energy Technologies, October 11-13, 2013 - Kuala Lumpur, Malaysia.
  50. METHOD@COMPSAC 2013 - 2nd IEEE International Workshop on Methods for Establishing Trust with Open Data (colocated with The 37th Annual International Computer Software & Applications Conference), July 22-26, 2013 - Kyoto, Japan.
  51. ICIW 2013 - The Eighth International Conference on Internet and Web Applications and Services, June 23-28, 2013 - Rome, Italy.
  52. SAC WT 2013 - 28th Annual ACM Symposium on Applied Computing - Web Technologies Track, March 18-22, 2013 - Coimbra, Portugal.
  53. IEEE ISGT 2013 - 4th IEEE PES Innovative Smart Grid Technologies Conference, February 24-27, 2013 - Washington D.C., USA.
  54. IEEE ICECCS 2012 - 17th IEEE International Conference on Engineering of Complex Computer Systems, July 18-20, 2012 - Ecole Normale Supérieure, Paris, France.
  55. ICIW 2012 - The Seventh International Conference on Internet and Web Applications and Services, May 27-June 01, 2012 - Stuttgart, Germany.
  56. SAC WT 2012 - 27th Annual ACM Symposium on Applied Computing - Web Technologies Track, March 25-29, 2012 - Riva del Garda (Trento), Italy.
  57. IEEE CSE 2011 - 14th IEEE International Conference on Computational Science and Engineering, August 24-26, 2011 - Dalian, China.
  58. ICIW 2011 - The Sixth International Conference on Internet and Web Applications and Services, March 20-25, 2011 - St. Maarten, The Netherlands Antilles.

Reviewer for Journals

  1. Computers & Security - Elsevier, ISSN: 0167-4048 [certificate]
  2. Future Generation Computer Systems (FGCS) - Elsevier, ISSN: 0167-739X [certificate]
  3. Pervasive and Mobile Computing - Elsevier, ISSN: 1574-1192 [certificate]
  4. International Journal of Law, Crime and Justice - Elsevier, ISSN: 1756-0616 [certificate]
  5. Journal of Systems and Software - Elsevier, ISSN: 0164-1212 [certificate]
  6. International Journal of Electrical Power & Energy Systems - Elsevier, ISSN: 0142-0615 [certificate]
  7. ACM Computing Surveys - ACM, ISSN: 0360-0300
  8. IEEE Transactions on Dependable and Secure Computing (TDSC) - IEEE, ISSN: 1941-0018
  9. IEEE Transactions on Parallel and Distributed Systems (TPDS) - IEEE, ISSN: 1045-9219
  10. IEEE Access - IEEE, ISSN: 2169-3536
  11. IEEE Transactions on Cybernetics - IEEE, ISSN: 2168-2267
  12. Security and Communication Networks - Hindawi, ISSN: 1939-0114
  13. R&D Management - Wiley, ISSN: 0033-6807
  14. IEEE Journal on Emerging and Selected Topics in Circuits and Systems - IEEE, ISSN: 2156-3357
  15. Information Security Journal: A Global Perspective - Taylor & Francis, ISSN: 1939-3555
  16. IEEE Transactions on Parallel and Distributed Systems - IEEE, ISSN: 1045-9219
  17. IEEE Transactions on Industrial Informatics - IEEE, ISSN: 1551-3203
  18. Journal of Computer and System Sciences - Elsevier, ISSN: 0022-0000
  19. IBM Journal of Research and Development
  20. Software: Practice and Experience - Wiley, ISSN: 1097-024X
  21. Computers in Human Behavior - Elsevier, ISSN: 0747-5632
  22. Computers & Operations Research - Elsevier, ISSN: 0305-0548
  23. IET Information Security - IET, Print ISSN 1751-8709
  24. International Journal of Trust Management in Computing and Communications (IJTMCC) - Inderscience, Print ISSN: 2048-8378
  25. Applied Mathematical Modelling - Elsevier, Print ISSN: 0307-904X
  26. IEEE Transactions on Smart Grid - IEEE, ISSN: 1949-3053
  27. Enterprise Information Systems (EIS) - Taylor and Francis, ISSN: 1751-7575
  28. Electronic Commerce Research and Applications (ECRA) - Elsevier, ISSN: 1567-4223
  29. Transactions on Service Computing (TSC) - IEEE Computer Society, ISSN: 1939-1374
  30. International Journal of Cooperative Information Systems (IJCIS) - World Scientific, Print ISSN: 0218-8430, Online ISSN: 1793-6365
  31. Electronic Markets - The International Journal on Networked Business (EM) - Springer, Print ISSN: 1019-6781, Online ISSN: 1422-8890
  32. Transactions on Human-Computer Interaction (THCI) - AIS, ISSN: 1944-3900
  33. ACM Transactions on Internet Technology (TOIT) - Association for Computing Machinery, Print ISSN: 1533-5399, Online ISSN: 1557-6051

Reviewer for Research Funding Agencies

  1. Amt der Oö. Landesregierung, Interreg-Programme (EFRE).
  2. The Netherlands Organisation for Scientific Research (NWO, the Dutch Research Council), Cyber Security Research.
  3. European Commission: Horizon 2020 Programme.
  4. European Science Foundation (ESF), Post-doctoral Fellowships; AXA RF Call; IMPACT programme; etc. Panel Member. [certificate]
  5. OEAD - Austrian agency for international mobility and cooperation in education, science and research - Scientific & Technological Cooperation (S&T Cooperation).
  6. The Czech Science Foundation.

Reviewer for the Agency of Quality Assurance (AQ Austria)

  1. Assessment of the programme Cyber Security and Resilience at FH St. Pölten, April 2020. [Gutachten (report)]
Certifications

    Security/Project Management, Risk Assessment, and Auditing

  1. Certified Information Systems Auditor (CISA) - ISACA, January 2020. [certificate]
  2. Information Security Auditor acc. to ISO 27001 - CIS - Certification & Information Security GmbH, December 2018. [certificate]
  3. Certified in Risk and Information Systems Control (CRISC) - ISACA, June 2018. [certificate]
  4. Certified Information Security Manager (CISM) - ISACA, February 2018. [certificate]
  5. Information Security Manager acc. to ISO 27001 - CIS - Certification & Information Security GmbH, November 2016. [certificate]
  6. Trusted Security Auditor (TSA) - TÜV Austria, 17.113.016.01, October 2016. [certificate]
  7. Information Security Foundation based on ISO/IEC 27002 (ISFS) - EXIN, EX0-105, August 2016. [certificate]
  8. IPMA Level C: Project Manager (CPM) - ICB 3.0, September 2013. [certificate]
  9. Information Systems Security

  10. CISSP Concentration: Information Systems Security Management Professional (CISSP-ISSMP) - (ISC)2, January 2023. [certificate]
  11. Certified Secure Software Lifecycle Professional (CSSLP) - (ISC)2, October 2022. [certificate]
  12. Certified Cloud Security Professional (CCSP) - (ISC)2, May 2022. [certificate]
  13. Certified Information Systems Security Professional (CISSP) - (ISC)2, September 2017. [certificate]
  14. Computer Hacking Forensic Investigator (CHFI) - EC Council, CHFIv8, 312-49, December 2016. [certificate]
  15. Certified Wireless Security Professional (CWSP) - Certified Wireless Network Professional, CWSP-205, August 2016. [certificate]
  16. Certified Web Security Professional - CIW Certifications, 1D0-571, August 2016. [certificate]
  17. Certified Security Analyst (ECSA) - EC Council, ECSAv4, 412-79, November 2013. [certificate]
  18. Certified Ethical Hacker (CEH) - EC Council, CEHv8, 312-50, October 2013. [certificate]
  19. CompTIA Security+ - SY0-301, January 2012. [certificate]
  20. Privacy Management

  21. CIS Datenschutzbeauftragter (Data Privacy Officer) - CIS - Certification & Information Security GmbH, June 2020. [certificate]
  22. Certified Data Privacy Solutions Engineer (CDPSE) - ISACA, June 2020. [certificate]
  23. Certified Information Privacy Manager (CIPM) - The International Association of Privacy Professionals (IAPP), January 2019. [certificate]
  24. SANS courses and GIAC certifications

  25. LDR551: Building and Leading Security Operations Centers. SANS Live Online Europe January 2024, January 29 - February 03, 2024; Cyber42 interactive leadership simulation winner MGT551 COIN holder
    Related certification: GIAC GSOM - GIAC Security Operations Manager, February 2024. [certificate]
  26. SEC588: Cloud Penetration Testing. SANS OnDemand, February 2023 - April 2023;
    Related certification: GIAC GCPN - GIAC Cloud Penetration Tester, April 2023. [certificate]
  27. SEC566: Implementing and Auditing Security Frameworks and Controls. SANS Paris October 2022, October 17 - October 22, 2022;
    Related certification: GIAC GCCC - GIAC Critical Controls Certification, February 2023. [certificate]
  28. SEC487: Open-Source Intelligence (OSINT) Gathering and Analysis. SANS Paris January 2022, January 31 - February 05, 2022; Official SANS course moderator; Final capstone winner SEC487 COIN holder
    Related certification: GIAC GOSI - GIAC Open Source Intelligence, March 2022. [certificate]
  29. SEC540: Cloud Security and DevSecOps Automation. SANS OnDemand, October 2021 - January 2022;
    Related certification: GIAC GCSA - GIAC Cloud Security Automation, January 2022. [certificate]
  30. SEC575: Mobile Device Security and Ethical Hacking. SANS OnDemand, October 2021 - December 2021;
    Related certification: GIAC GMOB - Mobile Device Security Analyst, December 2021. [certificate]
  31. SEC530: Defensible Security Architecture and Engineering. SANS OnDemand, May 2021 - June 2021;
    Related certification: GIAC GDSA - Defensible Security Architecture, June 2021. [certificate]
  32. SEC555: SIEM with Tactical Analytics. SANS OnDemand, February 2021 - March 2021;
    Related certification: GIAC GCDA - GIAC Certified Detection Analyst, March 2021. [certificate]
  33. SEC617: Wireless Penetration Testing and Ethical Hacking. SANS OnDemand, December 2020 - January 2021;
    Related certification: GIAC GAWN - GIAC Assessing and Auditing Wireless Networks, January 2021. [certificate]
  34. SEC511: Continuous Monitoring and Security Operations. SANS Munich 2020, September 14 - September 19, 2020; Official SANS course moderator; Final defend the flag (DTF) victor and SEC511 COIN holder
    Related certification: GIAC GMON - GIAC Continuous Monitoring Certification, October 2020. [certificate]
  35. ICS515: ICS Active Defense and Incident Response, SANS OnDemand, July - September 2020;
    Related certification: GIAC GRID - GIAC Response and Industrial Defense, September 2020. [certificate]
  36. SEC542: Web App Penetration Testing and Ethical Hackingd, SANS OnDemand, May - July 2020;
    Related certification: GIAC GWAPT - GIAC Web Application Penetration Tester, July 2020. [certificate]
  37. SEC560: Network Penetration Testing and Ethical Hacking, SANS OnDemand, April - June 2020;
    Related certification: GIAC GPEN - GIAC Penetration Tester, June 2020. [certificate]
  38. FOR578: Cyber Threat Intelligence, SANS Brussels 2020 Live Online, April 20 - April 24, 2020; Winner of the final threat intelligence/attribution challenge and FOR578 COIN holder
    Related certification: GIAC GCTI - GIAC Cyber Threat Intelligence, May 2020. [certificate]
  39. ICS410: ICS/SCADA Security Essentials SANS OnDemand, March - May 2020;
    Related certification: GIAC GICSP - Global Industrial Cyber Security Professional, May 2020. [certificate]
  40. SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling, SANS Vienna 2020, January 27 - February 01, 2020; Official SANS course facilitator; Final capture the flag (CTF) victor and SEC504 COIN holder
    Related certification: GIAC GCIH - GIAC Certified Incident Handler, March 2020. [certificate]
  41. FOR500: Windows Forensic Analysis, SANS Frankfurt 2019, December 9-14, 2019; Winner of the final digital forensics challenge and FOR500 COIN holder
    Related certification: GIAC GCFE - GIAC Certified Forensics Examiner, January 2020. [certificate]
  42. Cisco Certifications - Security Track

  43. Cisco Certified Network Professional - Security (CCNP Security) - Cisco, 300-206 SENSS, 300-208 SISAS, 300-209 SIMOS, 300-210 SITCS, April 2018. [certificate]
  44. Cisco Certified Specialist - Network Security VPN Implementation (CCS-NSVPNI) - Cisco, 300-730 SVPN, April 2018. [certificate]
  45. Cisco Certified Specialist - Web Content Security (CCS-WebCS) - Cisco, 300-725 SWSA, April 2018. [certificate]
  46. Cisco Certified Specialist - Security Identity Management Implementation (CCS-SIMI) - Cisco, 300-715 SISE, April 2018. [certificate]
  47. Cisco Certified Specialist - Network Security Firepower (CCS-NSF) - Cisco, 300-710 SNCF, April 2018. [certificate]
  48. Cisco Certified Specialist - Security Core (CCS-Score) - Cisco, 350-701 SCOR, April 2018. [certificate]
  49. Cisco Certified Network Associate - Security (CCNA-S) - Cisco, 210-216 IINS - Implementing Cisco Network Security, March 2017. [certificate]
  50. Cisco Certified Network Associate - Routing & Switching (CCNA) - Cisco, 100-105 (ICND1) & 200-105 (ICND2), February 2017. [certificate]
  51. Cisco Certified Entry Networking Technician (CCENT) - Cisco, 100-105 ICND1 - Interconnecting Cisco Networking Devices Part 1, November 2016. [certificate]
  52. Microsoft Certifications - Security Track

  53. Microsoft Security, Compliance, and Identity Fundamentals - Course SC-900T00--A: Microsoft Security, Compliance, and Identity Fundamentals - Microsoft, SC-900, January 2024. [certificate]
  54. Microsoft Security Operations Analyst - Course SC-200T00--A: Microsoft Security Operations Analyst - Microsoft, SC-200, December 2023. [course participation] [certificate]
  55. Microsoft Cybersecurity Architect - Course SC-100T00--A: Microsoft Cybersecurity Architect - Microsoft, SC-100, December 2023. [course participation]
  56. ISA/IEC 62443 Certifications

  57. ISA/IEC 62443 Cybersecurity Expert - International Society of Automation (ISA), IC32+IC33+IC34+IC37, April 2019. [certificate]
  58. ISA/IEC 62443 Cybersecurity Design & Implementation Specialist (CDS) - International Society of Automation (ISA), IC34, April 2019. [certificate]
  59. ISA/IEC 62443 Cybersecurity Risk Assessment Specialist (CRS) - International Society of Automation (ISA), IC33, October 2018. [certificate]
  60. ISA/IEC 62443 Cybersecurity Maintenance Specialist (CMS) - International Society of Automation (ISA), IC37, December 2017. [certificate]
  61. ISA/IEC 62443 Cybersecurity Fundamentals Specialist (CFS) - International Society of Automation (ISA), IC32, June 2017. [certificate]
  62. Computer and Network Administration

  63. LPIC-3: Linux Enterprise Professional for Mixed Environments - Linux Professional Institute (LPI), LPI 300-100, January 2017. [certificate]
  64. LPIC-2: Linux Network Professional Certification - Linux Professional Institute (LPI), LPI 201 & LPI 202, November 2016. [certificate]
  65. LPIC-1: Linux Server Professional Certification - Linux Professional Institute (LPI), LPI 101 & LPI 102, September 2016. [certificate]
  66. CompTIA Linux+ - LX0-103 & LX0-104, September 2016. [certificate]
  67. Certified Wireless Network Administrator (CWNA) - Certified Wireless Network Professional, CWNA-106, August 2016. [certificate]
  68. ISO Certifications

  69. ISO/IEC 27035:2016 Information technology - Security techniques - Information security incident management - Lead Incident Manager - PECB, March 2020. [certificate]
  70. ISO 31000:2018 Risk management - Guidelines - Senior Lead Risk Manager - PECB, February 2020. [certificate]
  71. ISO/IEC 27005:2018 Information technology - Security techniques - Information security risk management - Lead Risk Manager - PECB, January 2020. [certificate]
  72. ISO 22301:2012 Societal security - Business continuity management systems - Requirements - Lead Auditor - PECB, December 2019. [certificate]
  73. ISO/IEC 27001:2013 Information technology - Security techniques - Information security management systems - Requirements - Lead Auditor - PECB, September 2019. [certificate]
  74. ISO/IEC 27019:2017 Information technology - Security techniques - Information security controls for the energy utility industry - Senior Lead SCADA Security Manager - PECB, August 2019. [certificate]
Patents

  1. Landauer M., Skopik F., Wurzenberger M. (2021): EP21197043.9 - Verfahren zur Klassifizierung von anomalen Betriebszuständen eines Computernetzwerks ("AlertAggregation EP"), European Patent granted, September 2021.
  2. Höld G., Landauer M., Wurzenberger M., Skopik F. (2021): EP21191583.0 - Verfahren zur Detektion von anomalen Betriebszuständen eines Computersystems ("Variable Correlation Detector EP"), European Patent pending, August 2021.
  3. Höld G., Wurzenberger M., Landauer M., Skopik F. (2021): EP21181569.1 - Verfahren zur Detektion von anomalen Betriebszuständen eines Computersystems ("Variable Type Detector EP"), European Patent granted, June 2021.
  4. Landauer M., Skopik F., Wurzenberger M. (2020): AT 523933 (A51010/2020) - Verfahren zur Klassifizierung von anomalen Betriebszuständen eines Computernetzwerks ("AlertAggregation AT"), Austrian Patent granted, November 2020.
  5. Höld G., Landauer M., Wurzenberger M., Skopik F. (2020): AT 523948 (A50741/2020) - Verfahren zur Detektion von anomalen Betriebszuständen eines Computersystems ("Variable Correlation Detector AT"), Austrian Patent granted, September 2020.
  6. Höld G., Wurzenberger M., Landauer M., Skopik F. (2020): AT 523829 (A50642/2020) - Verfahren zur Detektion von anomalen Betriebszuständen eines Computersystems ("Variable Type Detector AT"), Austrian Patent granted, July 2020.
  7. Wurzenberger M., Höld G., Landauer M., Skopik F. (2020): EP20160854.4 - Verfahren zur Charakterisierung des Betriebszustands eines Computersystems ("Cluster Templates EP"), European Patent pending, March 2020.
  8. Wurzenberger M., Landauer M., Fiedler R., Skopik F. (2019): EP3582443 - Verfahren zur Charakterisierung des Zustands eines Computersystems ("Grammatikerkennung EP"), European Patent granted, April 2019.
  9. Wurzenberger M., Höld G., Landauer M., Skopik F. (2019): A50285/2019 - Verfahren zur Charakterisierung des Betriebszustands eines Computersystems ("Cluster Templates AT"), Austrian Patent pending, April 2019.
  10. Landauer M., Skopik F., Wurzenberger M. (2019): EP3528162 - Method for recognizing abnormal operational states ("Time Series Analysis EP"), European Patent granted, January 2019.
  11. Wurzenberger M., Landauer M., Fiedler R., Skopik F. (2018): AT 521665 (A50461/2018) - Verfahren zur Charakterisierung des Zustands eines Computersystems ("Grammatikerkennung AT"), Austrian Patent granted, June 2018.
  12. Wurzenberger M., Skopik F. (2018): EP3396477 - Method for detecting normal operating states in a working process ("Maschinendatensaetze EP"), European Patent granted, March 2018.
  13. Landauer M., Skopik F., Wurzenberger M. (2018): AT 520746 (A50156/2018) - Verfahren zur Erkennung von anormalen Betriebszuständen (engl.: Method for detecting anormal operating states) ("Time Series Analysis AT"), Austrian Patent granted, February 2018.
  14. Fiedler R., Skopik F., Wurzenberger M. (2017): EP3267625 - Method for detecting anomolous states in a computer network ("Bioclustering EP"), European Patent granted, July 2017.
  15. Wurzenberger M., Skopik F. (2017): AT 519777 (A50233/2017) - Verfahren zur Erkennung des normalen Betriebszustands eines Arbeitsprozesses (engl.: Method for detecting normal operating states in a working process) ("Maschinendatensaetze AT"), Austrian Patent granted, March 2017.
  16. Fiedler R., Skopik F., Wurzenberger M. (2016): AT 518805 (A50601/2016) - Verfahren zur Detektion von anomalen Zuständen in einem Computernetzwerk (engl.: Method for detecting anomolous states in a computer network) ("Bioclustering AT"), Austrian Patent granted, July 2016.
  17. Skopik F., Fiedler R. (2014): EP2800307 - Method for detecting deviations from a given standard state ("AECID EP"), European Patent granted, April 2014.
  18. Skopik F., Fiedler R. (2013): AT 514215 (A50292/2013) - Verfahren zur Feststellung von Abweichungen von einem vorgegebenen Normalzustand (engl.: Method for detecting deviations from a given standard state) ("AECID AT"), Austrian Patent granted, April 2013.

Offenlegung gemäß §25 Mediengesetz, Österreich: Inhaber der Website ist DDr. Florian Skopik, Himmelbauerstrasse 36, 2000 Stockerau. Ich distanziere mich von den Inhalten aller extern gelinkten Seiten und übernehme diesbezüglich keine Haftung. Alle Texte auf dieser Homepage wurden sorgfältig geprüft. Nichtsdestotrotz kann keine Garantie für die Richtigkeit, Vollständigkeit und Aktualität der Angaben übernommen werden. Eine Haftung meinerseits wird daher ausgeschlossen. Die Links zu anderen Webseiten wurden sorgfältig ausgewählt. Da ich auf deren Inhalt keinen Einfluss habe, übernehme ich dafür keine Verantwortung.