Team

FH-Prof. Dipl.-Ing. Dr. Sebastian Schrittwieser Bakk.

  • Institutsleiter Institut für IT Sicherheitsforschung
  • Leiter Josef Ressel-Zentrum für konsolidierte Erkennung gezielter Angriffe
  • Internationaler Koordinator
  • Department Informatik und Security
Arbeitsplatz: A - Matthias Corvinus-Straße 15
M: +43/676/847 228 648

Studiengänge

  • Data Science and Business Analytics (BA)
  • IT Security (BA)
  • Applied Research and Innovation in Computer Science (MA)
  • Information Security (MA)

Departments

  • Informatik und Security

Kurzprofil

  • 2003-2010: Studium Wirtschaftsinformatik (TU Wien)
  • 2010-2013: Wissenschaftlicher Mitarbeiter bei SBA Research
  • 2010-2014: Projektassistent an der Technischen Universität Wien
  • 2014: Abschluss des Doktoratsstudiums der technischen Wissenschaften Informatik (TU Wien)
  • seit 2015: Leiter Josef Ressel Zentrum TARGET

Download CV

Publikationen

Dam, T., Klausner, L. D., & Schrittwieser, S. (2020). Typosquatting for Fun and Profit: Cross-Country Analysis of Pop-Up Scam. Journal of Cyber Security and Mobility, 2020(2), 265–300.
Luh, R., & Schrittwieser, S. (2019). Advanced threat intelligence: detection and classification of anomalous behavior in system processes. E \& i Elektrotechnik Und Informationstechnik, Springer, 1–7.
Luh, R., Temper, M., Tjoa, S., Schrittwieser, S., & Janicke, H. (2019). PenQuest: a gamified attacker/defender meta model for cyber security assessment and education. Journal of Computer Virology and Hacking Techniques. https://doi.org/10.1007/s11416-019-00342-x
Schrittwieser, S. (2019, September 26). Sicherheit von Container-Virtualisierung [Invited Talk]. IDC Security Roadshow Vienna, Wien. https://idcitsecurity.com/2019/vienna/
Luh, R., Janicke, H., & Schrittwieser, S. (2019). AIDIS: Detecting and classifying anomalous behavior in ubiquitous kernel processes. Computers & Security, 84, 120–147. https://doi.org/https://doi.org/10.1016/j.cose.2019.03.015
Schrittwieser, S. (2019, June 6). Automatische Erkennung von Crypto-Mining im Webbrowser [Invited Talk]. Symposium für Wirtschafts- und Finanzkommunikation, Börse Wien. https://www.inara.at/5-symposium-wirtschafts-und-finanzkommunikation/
Schrittwieser, S., Rauchberger, J., Dam, T., & Buhov, D. (2019, April 24). Coineater: Automatisierte Erkennung Von Krypto-Mining Im Webbrowser. FFH Forum, Wiener Neustadt, Österreich.
Schrittwieser, S. (2019, 08.-16.08). Software Protection through Obfusction - Can it keep pace with progress in code analysis? [Invited Talk]. Dagstuhl Seminar on Software Protection Decision Support and Evaluation Methodologies, Dagstuhl. https://www.dagstuhl.de/en/program/calendar/semhp/?semnr=19331
Limbeck-Lilienau, B., & Schrittwieser, S. (2019, January 29). Cryptojacking – und warum ist mein Akku immer gleich leer?! Security Day, FH St. Pölten.
Dam, T., Klausner, L. D., Buhov, D., & Schrittwieser, S. (2019). Large-Scale Analysis of Pop-Up Scam on Typosquatting URLs. Proceedings of the 14th International Conference on Availability, Reliability and Security, 53:1–53:9.
Schrittwieser, S. (2018, March 12). Chancen und Potentiale in der IT Sicherheit. Cybersecurity Vernetzungstreffen DE-AT, Wien.
Schrittwieser, S. (2018, November 29). Josef Ressel Zentrum TARGET. Technopol Frühstück, Wieselburg.
Schrittwieser, S. (2018, November 13). Chancen und Potentiale in der IT-Sicherheit. European Big Data Value Forum, Wien.
Schrittwieser, S. (2018, November 13). Explainable AI. EBDVF, Wien.
Schrittwieser, S. (2018, September 27). Neue Herausforderungen in der IT Security. IDC Security Roadshow, Wien.
Schrittwieser, S. (2018, September 27). Trends in Security Research. IDC Security Roadshow, Wien.
Schrittwieser, S. (2018, May 17). Security by Obscurity. We Are Developers - World Congress, Wien.
Schrittwieser, S., & Luh, R. (2018, April 13). Mord im Planetarium - Ein Ausflug in die Welt der Digitalen Forensik. Volkshochschule Wien, Wien.
Schrittwieser, S. (2018, February 20). Crypto-Mining im Webbrowser. Studiengangsbeirat, Fachhochschule St. Pölten.
Luh, R., Schramm, G., Wagner, M., Janicke, H., & Schrittwieser, S. (2018). SEQUIN: a grammar inference framework for analyzing malicious system behavior. Journal of Computer Virology and Hacking Techniques, 01–21. https://doi.org/10.1007/s11416-018-0318-x
Kieseberg, P., Schrittwieser, S., & Weippl, E. (2018). Structural Limitations of B+-Tree forensics. Proceedings of the Central European Cybersecurity Conference 2018 on - CECC 2018, 1–4. https://doi.org/10.1145/3277570.3277579
Buhov, D., Rauchberger, J., & Schrittwieser, S. (2018). FLASH: Is the 20th Century Hero Really Gone? Large-Scale Evaluation on Flash Usage & Its Security and Privacy Implications. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA), 9(4), 15. https://doi.org/http://dx.doi.org/10.22667/JOWUA.2018.12.31.026
Rauchberger, J., Schrittwieser, S., Dam, T., Luh, R., Buhov, D., Pötzelsberger, G., & Kim, H. (2018). The Other Side of the Coin: A Framework for Detecting and Analyzing Web-based Cryptocurrency Mining Campaigns. Proceedings of the 13th International Conference on Availability, Reliability and Security. ARES 2018, Hamburg, Deutschland.
Luh, Robert, Temper, M., Tjoa, S., & Schrittwieser, S. (2018). APT RPG: Design of a Gamified Attacker/Defender Meta Model. International Workshop on FORmal Methods for Security Engineering. International Workshop on FORmal methods for Security Engineering.
Schrittwieser, S. (2017, October 11). Sign up with your phone number, no password to remember! – On the privacy risks of using phones as unique user identifiers and possible mitigations. IT-SECX, St. Pölten, Austria. https://itsecx.fhstp.ac.at/wp-content/uploads/2017/11/05_Schrittwieser_itsecx2017.pdf
Marschalek, S., Luh, R., & Schrittwieser, S. (2017). Endpoint Data Classification Using Markov Chains. 2017 International Conference on Software Security and Assurance (ICSSA), 56–59. https://doi.org/10.1109/ICSSA.2017.17
Valicek, M., Schramm, G., Pirker, M., & Schrittwieser, S. (2017). Creation and Integration of Remote High Interaction Honeypots. 2017 International Conference on Software Security and Assurance (ICSSA), 50–55. https://doi.org/10.1109/ICSSA.2017.21
Eresheim, S., Luh, R., & Schrittwieser, S. (2017). The Evolution of Process Hiding Techniques in Malware – Current Threats and Possible Countermeasures. Journal of Information Processing. https://doi.org/10.2197/ipsjjip.25.866
Rauchberger, J., Luh, R., & Schrittwieser, S. (2017). Longkit - A Universal Framework for BIOS/UEFI Rootkits in System Management Mode. Third International Conference on Information Systems Security and Privacy, Madeira, Portugal.
Luh, R., Schrittwieser, S., & Marschalek, S. (2017). LLR-based Sentiment Analysis for Kernel Event Sequences. 31th International Conference on Advanced Information Networking and Applications.
Wagner, M., Sacha, D., Rind, A., Fischer, F., Luh, R., Schrittwieser, S., Keim, D. A., & Aigner, W. (2017). Visual Analytics: Foundations and Experiences in Malware Analysis. In L. B. Othmane, M. G. Jaatun, & E. Weippl (Eds.), Empirical Research for Software Security: Foundations and Experience (pp. 139–171). CRC/Taylor and Francis.
Kieseberg, P., Schrittwieser, S., Malle, B., & Weippl, E. (2017). Das Testen von Algorithmen in sensibler datengetriebener Forschung. Rundbrief Des Fachausschusses Management Der Anwendungsentwicklung Und -Wartung (WI-MAW). http://fa-wi-maw.gi.de/fileadmin/gliederungen/fg-maw/Rundbriefe/GI_Rundbrief_41_JG23_Online.pdf
Kieseberg, P., Neuner, S., Schrittwieser, S., & Schmiedecker, M. (2017). Real-time Forensics through Endpoint Visibility. International Conference on Digital Forensics & Cyber Crime (ICDF2C). https://www.sba-research.org/wp-content/uploads/publications/fleetForensics.pdf
Kim, J., Kim, K., Cho, J., Kim, H., & Schrittwieser, S. (2017). Hello, Facebook! Here is the stalkers" paradise!: Design and analysis of enumeration attack using phone numbers on Facebook. 13th International Conference on Information Security Practice and Experience (ISPEC 2017).
Kieseberg, P., Frühwirt, P., & Schrittwieser, S. (2017). Security Testing for Mobile Applications. ERCIM News, 109, 52–53. https://www.sba-research.org/wp-content/uploads/publications/201704 - KIESEBERG - Pages from EN109-web.pdf
Kieseberg, P., Weippl, E., & Schrittwieser, S. (2017). Forensics using Internal Database Structures. ERCIM News, 108. http://ercim-news.ercim.eu/images/stories/EN108/EN108-web.pdf
Luh, R., Schrittwieser, S., Janicke, H., & Marschalek, S. (2017). Design of an Anomaly-based Threat Detection & Explication System. Third International Conference on Information Systems Security and Privacy, Madeira, Portugal.
Luh, R., Schrittwieser, S., Marschalek, S., Janicke, H., & Weippl, E. (2017). Design of an Anomaly-based Threat Detection & Explication System. 22nd ACM Symposium on Access Control Models and Technologies (SACMAT). https://doi.org/10.1145/3078861.3084162
Luh, R., Schramm, G., Wagner, M., & Schrittwieser, S. (2017). Sequitur-based Inference and Analysis Framework for Malicious System Behavior. First International Workshop on Formal Methods for Security Engineering.
Luh, R., Marschalek, S., Kaiser, M., Janicke, H., & Schrittwieser, S. (2016). Semantics-aware detection of targeted attacks – A survey. Journal of Computer Virology and Hacking Techniques, 1–39. https://doi.org/10.1007/s11416-016-0273-3
Malle, B., Kieseberg, P., Schrittwieser, S., & Holzinger, A. (2016). Privacy Aware Machine Learning and the Right to be Forgotten. ERCIM News, 107.
Buhov, D., Thron, R., & Schrittwieser, S. (2016). Catch Me If You Can! Transparent Detection Of Shellcode. the 2016 International Conference on Software Security and Assurance (ICSSA).
Kieseberg, P., Weippl, E., & Schrittwieser, S. (2016). Detection of Data Leaks in Collaborative Data Driven Research. ERCIM News, 105.
Kieseberg, P., Weippl, E., & Schrittwieser, S. (2016). Forensics using Internal Database Structures. ERCIM News, 108.
Schrittwieser, S., Katzenbeisser, S., Kinder, J., Merzdovnik, G., & Weippl, E. (2016). Protecting software through obfuscation: Can it keep pace with progress in code analysis. Computing Surveys, 49(1).
Marschalek, S., Kaiser, M., Luh, R., & Schrittwieser, S. (2016). Empirical Malware Research through Observation of System Behaviour. First Workshop on Empirical Research Methods in Information Security, 467–469. https://doi.org/10.1145/2872518.2888609
Luh, R., Schrittwieser, S., & Marschalek, S. (2016). TAON: An Ontology-based Approach to Mitigating Targeted Attacks. International Conference on Information Integration and Web-based Applications & Services (iiWAS).
Schrittwieser, S. (2015, November 6). Regin - Chronologie eines gezielten IT-Angriffs. IT-SeCX, St. Pölten, Austria.
Marschalek, S., Luh, R., Kaiser, M., & Schrittwieser, S. (2015). Classifying Malicious System Behavior using Event Propagation Trees. Proceedings of the 17th International Con- Ference on Information Integration and Web-Based Applications Services (IiWAS2015).
Mueller, R., Schrittwieser, S., Fruehwirt, P., Kieseberg, P., & Weippl, E. (2015). Security and privacy of smartphone messaging applications. International Journal of Pervasive Computing and Communications, 11.
Fadai, T., Schrittwieser, S., Kieseberg, P., & Mulazzani, M. (2015). Trust me, I am a Root CA! Analyzing SSL Root CAs in modern Browsers and Operating Systems. International Conference on Availability, Reliability and Security (ARES).
Kieseberg, P., Fruehwirt, P., Schrittwieser, S., & Weippl, E. R. (2015). Security tests for mobile applications - Why using TLS or SSL is not enough. 2015 IEEE Eighth International Conference on Software Testing, Verification and Validation Workshops (ICSTW).
Neuner, S., Mulazzani, M., Schrittwieser, S., & Weippl, E. R. (2015). Gradually Improving the Forensic Process. International Workshop on Cyber Crime (IWCC).
Rottermanner, C., Kieseberg, P., Huber, M., Schmiedecker, M., & Schrittwieser, S. (2015). Privacy and Data Protection in Smartphone Messengers. Proceedings of the 17th International Conference on Information Integration and Web-Based Applications Services (IiWAS2015).
Beyer, S., Mulazzani, M., Schrittwieser, S., Huber, M., & Weippl, E. (2014). Towards Fully Automated Digital Alibis with Social Interaction. Tenth Annual IFIP WG 11.9 International Conference on Digital Forensics.
Kieseberg, P., Schrittwieser, S., Mulazzani, M., Echizen, I., & Weippl, E. (2014). An algorithm for collusion-resistant anonymization and fingerprinting of sensitive microdata. Special Issue on Security and Privacy in Business Networking.
Fruehwirt, P., Kieseberg, P., Hochreiner, C., Schrittwieser, S., & Weippl, E. (2014). InnoDB Datenbank Forensik – Rekonstruktion von Abfragen über Datenbank-interne Logfiles. GI Sicherheit 2014.

Projekte