Applied Security & Data Science

Applied Security, in our understanding, comprises above all the detachment from purely theoretical and software-oriented aspects to the safeguarding of real (complex) systems, which have to fulfil corresponding framework parameters (e.g. uptime, immutability, certifications).

A special focus of this topic for us lies in the area of industrial security, which is of particular importance with regard to complexity and criticality: Due to the increasing interconnection of industrial systems (operational technology, OT), also with the Internet and external applications, and the use of standard IT components, security risks similar to those in the Internet world are occurring more and more frequently in the industrial environment.

The Stuxnet malware has impressively shown that even sealed automation systems can be attacked. Since then, industrial components as well as industrial systems have become increasingly targeted by attackers.

Data Science

Data Science is another thematic focus of our institute's research work, not least with regard to the use of our research work in the new course of studies "Data Science & Business Analytics". The current focus lies on the interface between data science and IT security, especially privacy: Privacy Aware Machine Learning and data protection are only two aspects. We are particularly concerned with how this contradiction between the highest possible data protection on the one hand and the highest possible data utility on the other can be resolved, but also with the proactive and reactive protection of data in data-driven applications (e.g. data leak detection). For us, however, data science is also an enabler in terms of researching new methods to increase security, such as automated malware detection or traffic analysis.

In addition, we also have experience in the application of machine learning methods, which we are happy to make available in cooperation projects with use-case providers.

Key Focus Coordinator

  • Senior Researcher
    Josef Ressel Center for Blockchain-Technologies and Security management
  • Department of Computer Science and Security
P: +43/2742/313 228 690

Research Staff

  • Teaching and Research Assistant IT Security (BA)
  • Department of Computer Science and Security
  • Researcher
  • Department of Computer Science and Security
P: +43/2742/313 228 692
  • Head of Research Institute
    Institute of IT Security Research
  • Lecturer
  • Head of Josef Ressel Center for Blockchain-Technologies and Security management
  • Department of Computer Science and Security
P: +43/676/847 228 696
  • Researcher IT Security (BA)
  • Department of Computer Science and Security
P: +43/2742/313 228 691
  • Junior Researcher Institute of IT Security Research
  • Department of Computer Science and Security



Secret Key Generation for Long Range Communication Networks - LoRaKey aims at energy efficient secret key generation for lightweight LPWAN applications.

Substation Security

The project aims at improving security within the automation network of power distribution systems by developing anomaly detection algorithms for the communication networks of substations.


Olipitz, S. (2020, October 27). Campustalk: für ein modernes Urheberrecht.
Longo, L., Goebel, R., Lecue, F., Kieseberg, P., & Holzinger, A. (2020, August 27). Explainable Artificial Intelligence: Concepts, Applications, Research Challenges and Visions. International Cross-Domain Conference for Machine Learning and Knowledge Extraction, Virtuell.
Adensamer, A., & Klausner, L. D. (2020, August 20). “Part Man, Part Machine, All Cop”: Automation in Policing. EASST + 4S Joint Conference 2020, Prague/online.
Klausner, L. D. (2020, May 27). Sichere Einbindung von externen Partnern.
Kieseberg, P. (2020, May 20). Datenschutz & Datensicherheit im Homeoffice.
Dam, T. (2020, May 15). Cloud-Dienste oder selbst betriebene Programme.
Schrittwieser, S. (2020, May 13). Sichere Einbindung von Smartphone / Tablets ins Homeoffice.
Kieseberg, P. (2020, August 5). Sicheres gemeinsames Arbeiten an Dokumenten.
Klausner, L. D. (2020, May 6). Soziale Interaktion und informelle Kommunikation im Homeoffice.
Kieseberg, P. (2020, April 30). Sichere Audio- & Videokonferenzen.
Schrittwieser, S. (2020, April 28). Sichere Chats & Kommunikationsdienste.
Dam, T. (2020, April 24). Sicherer Fernzugang zur IT des Unternehmens.
Kieseberg, P. (2020, April 22). Hardware- & Softwareanforderungen an sicheres Homeoffice.
Klausner, L. D. (2020, April 17). Gefahren durch Kriminelle im Internet – gefälschte E-Mails und Websites.
Schrittwieser, S. (2020, April 15). Einführung in sicheres Homeoffice.
Dam, T., Klausner, L. D., & Schrittwieser, S. (2020). Typosquatting for Fun and Profit: Cross-Country Analysis of Pop-Up Scam. Journal of Cyber Security and Mobility, 2020(2), 265–300.
Holzinger, A., Kieseberg, P., & Müller, H. (2020). KANDINSKY Patterns: A Swiss-Knife for the Study of Explainable AI. ERCIM-News, 120, 41–42.
Eresheim, S. (2020). Cybersecurity Containment Agent. Machine Learning Prague 2020.
Otto, P., Dobusch, L., & Klausner, L. D. (2020). Ein modernes Urheberrecht. Friedrich-Naumann-Stiftung für die Freiheit.
Eresheim, S. (2020). Reinforcement Learning for Incident Protection in IT. First Conference on Mathematics of Data Science (MDS20).
Olipitz, S. (2019, December 17). Campustalk: Predictive Policing.
Luh, R., & Schrittwieser, S. (2019). Advanced threat intelligence: detection and classification of anomalous behavior in system processes. E \& i Elektrotechnik Und Informationstechnik, Springer, 1–7.
Pirker, M. (2019, November 22). More Data - More Security? [Invited Talk]. TOP Alumni Club, TU Wien.
Schubert, S. (2019, August 11). NIST 2019 Runde 2 - Die Zukunft moderner Kryptografie und Kommunikation [Vortrag]. IT SECX 2019, St. Pölten University of Applied Sciences, Austria.
Adensamer, A., & Klausner, L. D. (2019, October 24). Ich weiß, was du nächsten Sommer getan haben wirst: Predictive Policing in Österreich. PrivacyWeek 2019, Vienna.
Pirker, M. (2019, October 23). Digitale Probleme....für Alle! PrivacyWeek, Wien.
Adensamer, A., & Klausner, L. D. (2019). Ich weiß, was du nächsten Sommer getan haben wirst: Predictive Policing in Österreich. Juridikum, 2019(3), 419–431.
Amiri, F., Quirchmayr, G., Kieseberg, P., Weippl, E., & Bertone, A. (2019). Towards Data Anonymization in Data Mining via Meta-heuristic Approaches. Data Privacy Management, Cryptocurrencies and Blockchain Technology, 39–48.
Kreimel, P., & Tavolato, P. (2019, December 9). Neural Net-Based Anomaly Detection System in Substation Networks. 6th International Symposium for ICS & SCADA Cyber Security Research, Athen, Griechenland.
Martinelli, F., Mercaldo, F., Santone, A., Tavolato-Wötzl, C., & Tavolato, P. (2019, July 26). Timed Automata Networks for SCADA Attacks Real-Time Mitigation. 5th International Conference on Software Security and Assurance, ICSSA 2019, St. Poelten (Austria).
Amiri, F., Quirchmayr, G., Kieseberg, P., Bertone, A., & Weippl, E. (2019). Efficiently Vectorized Anonymization in Data Mining using Genetic Algorithms. Proceedings of the 34th International Conference on ICT Systems Security and Privacy Protection-IFIP SEC 2019.
Schrittwieser, S. (2019, June 6). Automatische Erkennung von Crypto-Mining im Webbrowser [Invited Talk]. Symposium für Wirtschafts- und Finanzkommunikation, Börse Wien.
Pirker, M. (2019, March 29). (Big) Data (Science) für Security [Invited Talk]. Vienna Data Science Group, Wien.
Pirker, M. (2019, February 26). Robustes Parsen von Inputdaten. Sec4dev, Wien.
Dabrowski, A., Merzdovnik, G., Ullrich, J., Sendera, G., & Weippl, E. (2019). Measuring cookies and Web privacy in a post-GDPR world. Passive and Active Measurement, pp 258-270.
Kurniawan, K., Ekelhart, A., Fröschl, A., & Ekaputra, F. (2019). Semantic integration and monitoring of file system activity. Semantic Systems. The Power of AI and Knowledge Graphs, Artikel Nummer 17.
Tjoa, S. (2019, January 29). Nostradamus 4.0 – Die Wissenschaft hinter Vorhersagen. Security Day, FH St. Pölten.
Kieseberg, P. (2019, May 8). Privacy Aware Machine Learning in Health Informatics. Fachkonferenz DIGITAL SAFETY + CYBER SECURITY, Novomatic Forum, Vienna, Austria.
Kieseberg, P. (2019, February 21). Federated Machine Learning in Health Informatics. Beirat, Fachhochschule St. Pölten.
Schrittwieser, S. (2019, 08.-16.08). Software Protection through Obfusction - Can it keep pace with progress in code analysis? [Invited Talk]. Dagstuhl Seminar on Software Protection Decision Support and Evaluation Methodologies, Dagstuhl.
Eigner, O. (2019, May 20). Grundlagen Projektmanagement (Rolle als Sicherheitsexperte) Thema der Fallstudie: Unterirdische Packstation an der FH Kiel. International Staff Week, Fachhochschule Kiel, Sokratespl. 1, 24149 Kiel, Deutschland.
Eigner, O. (2019, May 21). Künstliche Intelligenz: Diskussion über Schnittflächen zwischen KI / Big Data / IT-Sicherheit und Ethik. International Staff Week, Fachhochschule Kiel, Sokratespl. 1, 24149 Kiel, Deutschland.
Eigner, O. (2019, May 22). Übungseinheit: Einführung in IT-Sicherheit für 2 verschiedene Gruppen. International Staff Week, Fachhochschule Kiel, Sokratespl. 1, 24149 Kiel, Deutschland.
Eresheim, S. (2019, February 12). Process Behaviour Classification. 2019 CES+ Global Camp at Austria & Moldova for Sharing the PBL (Project Based Learning) Know-how, FH St. Pölten.
Gafic, M. (2019, January 29). Data Science in Practice. Security Day, FH St. Pölten.
Kieseberg, P., Klausner, L. D., & Holzinger, A. (2019). Distortion in Real-World Analytic Processes. ERCIM News, 118, 49–50.
Pirker, M. (2018). IT Security + Data Science for Security.
Tavolato, Paul. (2018, October 30). In Big Data We Trust - Wie sicher können wir da sein? SPIRIT, Linz, Austria.
Tavolato, P. (2018, September 20). Sec4dig Projektvorstellung. Studiengangsbeirat, Fachhochschule St. Pölten.
Eigner, O., Kreimel, P., & Tavolato, P. (2018). CPS-Security.
Tjoa, S. (2018, February 20). Neuer Studiengang „Data Science and Business Analytics. Studiengangbeirat, Fachhochschule St. Pölten.
Malle, B., Giuliani, N., Kieseberg, P., & Holzinger, A. (2018). The Need for Speed of AI Applications: Performance Comparison of Native vs. Browser-based Algorithm Implementations. ArXiv:1802.03707 [Cs, Stat].
Pirker, Martin. (2018, September 2). Big Data (Science) on Small Devices. Vienna Data Science Group Cafe, Vienna.
Holzinger, K., Mak, K., Kieseberg, P., & Holzinger, A. (2018). Can we trust Machine Learning Results? Artificial Intelligence in Safety-Critical decision Support. ERCIM News, 112(1), 42–43.
Brandstetter, T., & Convay, T. (2018). These are the good old days: Analysis and taxonomy of ICS attack campaigns. SANS ICS Europe.
Brandstetter, T. (2018). Bessere Verteidigung gegen industrielle Schadsoftware. Industrial Communication Journal, 2(Mai 2018).
Kieseberg, Peter. (2018, April 12). Security & Reproducibility in Health System Research. DEXHELPP, TU Wien.
Tjoa, S. (2018). Data Science and Business Analytics - Staune was mit Daten alles möglich ist. BEST, Wien.
Ullrich, J., Stifter, N., Judmayer, A., & Weippl, E. (2018). Proof-of-blackouts? how proof-of-work cryptocurrencies could affect power grids. International Symposium on Research in Attacks, Intrusions and Defenses (RAID).
Rupprecht, D., Dabrowski, A., Holz, T., Weippl, E., & Popper, C. (2018). On security research towards future mobile network generations. IEEE Communications Surveys & Tutorials.
Holzinger, A., Kieseberg, P., Weippl, E., & Tjoa, A. M. (2018). Current Advances, Trends and Challenges of Machine Learning and Knowledge Extraction: From Machine Learning to Explainable AI. In A. Holzinger, P. Kieseberg, A. M. Tjoa, & E. Weippl (Eds.), Machine Learning and Knowledge Extraction (Vol. 11015, pp. 1–8). Springer International Publishing.
Kochberger, P., & Seitl, F. (2018). Detecting Cryptography through IR Visualization. 2018 International Conference on Software Security and Assurance (ICSSA).
Kochberger, P., & Seitl, F. (2018, January 30). Physical Security - Lockpicking. Security Day, FH St. Pölten.
Tjoa, S. (2018). Campus Talk "Data Science studieren" [Campus & City Radio 94.4].
Temper, M. (2018). Is the future near? Future of real-time processing of Big Data. European Big Data Value Forum 2018, Wien.
Tjoa, S. (2018). Big Challenges – Future cyber-security challenges and the role of software security and assurance in the era of IoT, industry 4.0 and big data. ICSSA Konferenz, Seoul, South Korea.
Eresheim, S. (2018). Process Behaviour Classification. IKT Sicherheitskonferenz des BMLVS, Young Researcher"s Day, Villach.
CD-MAKE. (2018). Machine learning and knowledge extraction: Second IFIP TC 5, TC 8/WG 8.4, 8.9, TC 12.9, International Cross-Domain Conference, CD-MAKE 2018, Hamburg, Germany, August 27–30, 2018: proceedings (A. Holzinger, P. Kieseberg, A. M. Tjoa, & E. R. Weippl, Eds.). Springer.
Kochberger, P. (2018, January 29). Physical Security - Lockpicking. Schulworkshop HLM Mödling, Hackerspace Segmentation Vault.
Kochberger, P. (2018). Binary Analysis - Basics & radare2. ICSSA Konferenz, Seoul, South Korea.
Kochberger, P. (2018, August 20). Physical Security - Lockpicking. Young Campus, Hackerspace Segmentation Vault.
Kieseberg, P., Schrittwieser, S., Malle, B., & Weippl, E. (2017). Das Testen von Algorithmen in sensibler datengetriebener Forschung. Rundbrief Des Fachausschusses Management Der Anwendungsentwicklung Und -Wartung (WI-MAW).
Hodo, E., Grebeniuk, S., Ruotsalainen, H., & Tavolato, P. (2017). Anomaly Detection for Simulated IEC-60870-5-104 Trafiic. ARES - S-CI 2017: S-CI II - Critical Infrastructure Systems CyberSecurity Tools.
Ullrich, J., Zseby, T., Fabini, J., & Weippl, E. (2017). Network-based secret communication in clouds: A survey. IEEE Communications Surveys & Tutorials.
Brandstetter, T., & Reisinger, K. (2017). (In)Security in der Gebäudeautomatisierung. 15. Deutscher IT Sicherheitskongress des BSI.
Eigner, O., & Kreimel, P. (2017, September 15). Sicherheit in Cyper-physischen Systemen. Forschungsfest Niederösterreich, Palais Niederösterreich, Herrengasse 13, 1010 Wien.
Mayer, W., Zauner, A., Schmiedecker, M., & Huber, M. (2016). No Need for Black Chambers: Testing TLS in the E-mail Ecosystem at Large. 11th International Conference on Availability, Reliability and Security (ARES), Salzburg.
Kaiser, M. (2015, October 8). BioMe - Kontinuierliche Authentifikation von BenutzerInnen mittels Smartphones. Symposium Sicherheitstechnologie, Linz, Österreich.
Brandstetter, T. (2015, October 1). How dangerous is the internet ? - A View From The Industrial & Critical Infrastructure Perspective. Veranstaltung der Fa. Schubert Elektroanlagen, St. Pölten.
Piller, E., & Moya de Rivas, F. (2015). A New Decentralized Cryptographic Access Control Solution for Smart-phones. Universal Journal of Communications and Network, 3(2), 51–56.
Lang-Muhr, C., Schrattenholzer, M., & Tavolato, P. (2015). Multi-Layer Agent-Based Simulation of Network Behaviour in Advanced Metering Infrastructures. Proceedings of the 3rd International Symposium for ICS & SCADA Cyber Security Research 2015. 3rd International Symposium for ICS & SCADA Cyber Security Research 2015, University of Applied Sciences Ingolstadt, Germany.
Temper, M., Tjoa, S., & Kaiser, M. (2015). Touch to Authenticate – Continuous Biometric Authentication on Mobile Devices. International Conference on Software Security and Assurance (ICSSA), Korea.
Piller, E., & Westfeld, A. (2015). Kryptografisches Zugriffskontrollsystem für mobile Endgeräte. DACH Security 2015. DACH Security 2015, Bonn Germany.
Temper, M., & Kaiser, M. (2015). BioMe - Kontinuierliche Athentifikation mittels Smartphone. DACH Security 2015. DACH Security 2015, Bonn Germany.
Brandstetter, T. (2015, September 24). 5 years post-Stuxnet. What changed, what didn’t and what lies ahead of us. SANS International Industrial Control System Summit, Amsterdam.
Brandstetter, T. (2015, April 22). 5 Jahre nach Stuxnet, Was kam, was blieb, Herausforderungen. Securityforum, Hagenberger Kreis.
Westfeld, A., Wurzer, J., Fabian, C., & Piller, E. (2013). Pit Stop for an Audio Steganography Algorithm. 123–134.
Rybnicek, M., Poisel, R., & Tjoa, S. (2013). Automatisierte Akquise und Auswertung kinderpornographischer Inhalte. 7. Forschungsforum der Österreichischen Fachhochschulen.
Rybnicek, M., Poisel, R., & Tjoa, S. (2013). Facebook Watchdog: A Research Agenda For Detecting Online Grooming and Bullying Activities. IEEE International Conference on Systems, Man, and Cybernetics (SMC).
Tavolato, P. (2013). Herausforderungen an die IT-Security im produktionsnahen Umfeld. In Der Instandhaltungs-Berater - Aktuelles Nachschlagewerk für alle Bereiche des Instandhaltungsmanagements. TÜV Media GmbH TÜV Rheinland Group.
Poisel, R., & Rybnicek, M. (2012). Digitales Sehen. Linux Magazin, 12.
Fischer, B. (2012). Ein Heimnetzwerk selber bauen. Der fortschrittliche Landwirt, 1, 6–7.
Tavolato, P. (2012). Herausforderungen an die IT-Security im produktionsnahen Umfeld. Total Productive and Safety Maintenance - Produktionsstätten, Prozesse Und Anlagen Sicher Und Effizient Gestalten. 26. Instandhaltungsforum.
Brandl, M., Kos, A., Kellner, K., Mayerhofer, C., Posnicek, T., & Fabian, C. (2011). A Source Based on-demand Data Forwarding Scheme for Wireless Sensor networks. International Journal of Wireless Networks and Broadband Technologies, 1(3), 49–70.
Fischer, M., Rybnicek, M., & Fischer, C. (2011). Evaluation of Illumination Compensation Approaches for ELGBPHS. Springer Series Advances in Intelligent and Soft Computing, 7th International Conference on Computer Recognition Systems (CORES"11), 317–325.
Nutzinger, M., & Wurzer, J. (2011). A Novel Phase Coding Technique for Steganography in Auditive Media. 6th International Conference on Availability, Reliability and Security (ARES"11), 91–98.
Fabian, C., Nutzinger, M., Piller, E., Poisel, R., & Wurzer, J. (2011). Moderne Verfahren der Steganographie und Steg-Analyse. KIRAS Tagungsband - Sicherheit in der Informations- und Kommunikationstechnologie, 130–138.
Waldecker, B. (2011). A Review on IRC Botnet Detection and Defence. Kaspersky IT Security for the Next Generation - European Cup 2011, 1–9.
Wurzer, J. (2010). Integration der Steganographie ins Betriebssystem. In Die Funktion verdeckter Kommunikation-Impulse für eine Technikfolgenabschätzung zur Steganographie (Vol. 9, pp. 55–64). LIT Verlag.
Piller, E. (2010). Einführung in die Steganographie. In Die Funktion verdeckter Kommunikation-Impulse für eine Technikfolgenabschätzung zur Steganographie (Vol. 9, pp. 43–64). LIT Verlag.
Nutzinger, M., & Poisel, R. (2010). Software architecture for Real-Time Steganography in Auditive Media. IEEE International Conference on Computational Technologies in Electrical and Electronics Engineering (SIBIRCON"10), 100–105.
Rybnicek, M., & Fischer, C. (2010). A comparative survey of face recognition approaches for resource-constrained devices. World e-ID, Sophia Antipolis, France.
Piller, E. (2010). Contactless smart cards with new personal activation mechanism and state machine. e-smart, Sophia Antipolis, France.
Poisel, R., & Wurzer, J. (2010). Mobile VoIP Steganography: From Framework to Implementation. DeepSec 2010, Wien, Austria.
Nutzinger, M., & Poisel, R. (2010). Generic Framework for Real-time Steganography in Auditive Media. 4. Forschungsforum Der Österreichischen Fachhochschulen, 97–103.
Nutzinger, M., Fabian, C., & Wurzer, J. (2010). Erfahrungen mit Echo Hiding Steganographie in Audiodaten. D-A-CH Security, 90–99.
Fischer, B. (2010). Safe Navigation with the Aid of an Open Sea Chart. 27th Chaos Communication Congress-We Come in Peace, 1–5.
Nutzinger, M., Fabian, C., & Marschalek, M. (2010). Secure Hybrid Spread Spectrum System for Steganography in Auditive Media. 6th IEEE International Conference on Intelligent Information Hiding and Multimedia Signal Processing, 78–81.
Piller, E. (2009). Biometrische Benutzerauthentifizierung durch Chipkarten mit einem Gesichtserkennungs-Matching-on-card. 7. Information Security Konferenz, 119–134.
Haag, J., & Poisel, R. (2009). Location Based Services für Netze nach dem IEEE 802.11 Standard. 3. Forschungsforum der österreichischen Fachhochschulen, 185–190.
Piller, E., & Nutzinger, M. (2009). Neue Protokolle der Steganografie. 11. Deutscher IT-Sicherheitskongress, 442–456.
Poisel, R. (2008). Location based services with WLAN.
Piller, E. (2008). Neue Verfahren der Steganografie. 6. Information Security Conference, 6–16.
Piller, E. (2007). StegIT Machbarkeitsstudie für Anti-Steganografie-Lösungen für VoIP und GSM.
Piller, E., Riegler, S., & Janisch, R. (2007). StegIT Machbarkeitsstudie für Anti- Steganografielösungen für VoIP und GSM. 2. FH Forschungsforum.