Advancing Network Monitoring with Packet-Level Records and Selective Flow Aggregation

Fink, Ina Berenice; Kunze, Ike; Hein, Pascal; Pennekamp, Jan; Standaert, Benjamin; Wehrle, Klaus; Rüth, Jan; van Sloun, Christian; Woeste, Vincent; Wolsing, Konrad; Pennekamp, Jan; Wehrle, Klaus; Lohmöller, Johannes; Pennekamp, Jan; Matzutt, Roman; Schneider, Carolin Victoria; Vlad, Eduard; Trautwein, Christian; Wehrle, Klaus; Pennekamp, Jan; Matzutt, Roman; Klinkmüller, Christopher; Bader, Lennart; Serror, Martin; Wagner, Eric; Malik, Sidra; Spiß, Maria; Rahn, Jessica; Gürpinar, Tan; Vlad, Eduard; Leemans, Sander J. J.; Kanhere, Salil S.; Stich, Volker; Wehrle, Klaus; Dahlmanns, Markus; Sander, Constantin; Decker, Robin; Wehrle, Klaus; Pennekamp, Jan; Lohmöller, Johannes; Vlad, Eduard; Loos, Joscha; Rodemann, Niklas; Sapel, Patrick; Fink, Ina Berenice; Schmitz, Seth; Hopmann, Christian; Jarke, Matthias; Schuh, Günther; Wehrle, Klaus; Henze, Martin; Dahlmanns, Markus; Lohmöller, Johannes; Pennekamp, Jan; Bodenhausen, Jörn; Wehrle, Klaus; Henze, Martin

doi:10.14722/ndss.2025.240764

Security and Privacy Group

The research vision of the Security and Privacy Group at COMSYS is the analysis, design, and evaluation of secure and privacy-preserving communication systems across various domains, including the Industrial Internet of Things, Smart Grids, and healthcare, among others.

To realize this vision, we most notably craft novel (and sustainable) security and privacy architectures, paradigms, and mechanisms as well as improve upon existing approaches to security and privacy. We consider all types of systems and networks, e.g. ranging from highly resource-constrained IoT networks to distributed (peer-to-peer) applications and networks and large-scale cloud deployments.

Our used and developed technologies range from soft privacy solutions such as semantic annotations and behavioral nudges to applied cryptography or confidential computing for strong and provable security and privacy guarantees.

The close cooperation with the other research groups at COMSYS allows us to work closely with domain experts from various types of communication systems, most notably, centering around industrial, medical, and corporate use cases.

Currently, we pursue this research vision by tackling the following research topics:

Security and Privacy in the Industrial Internet of Things (IIoT)
- Enabling privacy-sensitive dataflows between different (mutually distrusting) stakeholders
- Protocol design with existing building blocks (e.g., Bloom filter, HE, PSI, OT, ...) to offer novel use cases
- Detecting, analyzing, and restricting network flows in the IIoT to improve the network security
- Secure integration of legacy industrial devices into communication over the Internet
- Network monitoring solutions that cover industrial performance demands and protocols
Security and Privacy in Decentralized Information Systems
- Alternatives to traditional (centralized) cloud computing
- Approaches for sovereign data sharing and privacy-preserving processing
- Information/Privacy leakage from distributed analysis mechanisms
- Applications sourcing decentralized infrastructure, with a focus on medical and business use cases
Network Security for the IP-based Internet of Things
- Secure end-to-end communication of highly resource-constrained devices
- Adaptive configuration and selection of security concepts, mechanisms, and ciphersuites
- Delegation of security tasks to less resource-constrained gateways
(Host-centric) Intrusion Detection and Prevention Systems
- Studying how network information can improve host-based intrusion detection
- Enabling efficient real-time detection of ransomware
Privacy Enhancing Techniques (PETs)
- Protocols for secure (industrial) collaboration (e.g., using Homomorphic Encryption)
- Quantitative modeling of privacy protection and risk (e.g., Differential Privacy)
- Reconciling PETs and user perception of privacy (e.g., empirical user studies)

Projects

Current Projects

IoP: Internet of Prodution for enabling a new level of cross-domain collaboration for production (DFG EXC, 2019-2025+)
RUST: Latent Patient Representations using Single-Cell Transcriptomics (ERS SFFAIR002, 2025)
SUSTAINET-guarDian: Sustainable Techologies for Advanced Resilient and Energy-Efficient Networks, guided utilities for automation, resilience, and Digital innovation in advanced networks (EUREKA CELTIC-NEXT, 2025-2027)
SYNCLIVER: A Utility Assessment of Synthetic Liver Cancer Data (ERS SFFAIR003, 2025)
VeN²uS: VerNetzte NetzschUtzSysteme / Networked Grid Protection Systems – Adaptive and Networked (BMWK, 2021-2025)
VeSiTRUST: Verlässliche Sicherheitsgarantien für Unternehmen in Wertschöpfungssystemen (BMBF, 2024-2028)

Selected Past Projects

CONSENT: Conformance-driven and Auto-configured Security for Home and Industrial Networks (NERD.NRW, 2018-2021)
CONNECT: Innovative Smart Components, Modules and Appliances for a Truly Connected, Efficient and Secure Smart Grid (ECSEL Joint Undertaking, 2017-2021)
Digital Campus (BMBF, DAAD, 2020-2021)
IPACS: Intelligent Privacy-aware Cloud-based Services (DFG EI, 2013-2016)
Mobile ACcess: Mobility and City-wide Communication Environment for Secure Internet Services (IKT.NRW, 2009-2012)
myneData: Self-determined Utilization of Personal Data with Inherent Protection of Privacy and Data (BMBF, 2016-2019)
PREserv: Privacy Enhanced Sensing, Encoding, Relaying & Visualization (IKT.NRW, 2013-2016)
SensorCloud: Trustworthy Management and Analysis of Sensor Data in a Cloud Infrastructure (BMWi, 2012-2014)
SSICLOPS: Scalable and Secure Infrastructures for Cloud Operations (EU H2020, 2015-2018)
TRINICS: Transparent Information on the Individual Usage of Cloud Services (BMBF, 2016-2018)

Researchers

	Markus Dahlmanns, M.Sc. Researcher +49 241 80-21425 markus.dahlmanns(at)comsys.rwth-aachen.de		Ina Berenice Fink, M.Sc. Researcher +49 241 80-21419 ina.fink(at)comsys.rwth-aachen.de
	David Heye, M.Sc. Researcher +49 241 80-21426 david.heye(at)comsys.rwth-aachen.de		Hajeong Jeon, M.Sc. Researcher +49 241 80-21412 hajeong.jeon(at)comsys.rwth-aachen.de
	Johannes Lohmöller, M.Sc. Researcher +49 241 80-21421 johannes.lohmoeller@comsys.rwth-aachen.de		Dr. rer. nat. Jan Pennekamp Postdoctoral Researcher +49 241 80-21411 jan.pennekamp(at)comsys.rwth-aachen.de
	Christian van Sloun, M.Sc. Researcher +49 241 80-21414 christian.van.sloun(at)comsys.rwth-aachen.de

Available Theses

The Security and Privacy Group typically has thesis topics available for motivated and talented students. An excerpt of available theses can be seen from inside the RWTH University network. If you have specific interests, you may contact any group member individually.

Selected Recent Publications

7.	Ina Berenice Fink, Ike Kunze, Pascal Hein, Jan Pennekamp, Benjamin Standaert, Klaus Wehrle, and Jan Rüth Advancing Network Monitoring with Packet-Level Records and Selective Flow Aggregation Proceedings of the 2025 IEEE/IFIP Network Operations and Management Symposium (NOMS '25), May 12-16, 2025, Honolulu, HI, USA Publisher: IEEE, May 2025 Accepted
6.	Christian van Sloun, Vincent Woeste, Konrad Wolsing, Jan Pennekamp, and Klaus Wehrle Detecting Ransomware Despite I/O Overhead: A Practical Multi-Staged Approach Proceedings of the 22nd Annual Network and Distributed System Security Symposium (NDSS '25), February 24–28, 2025, San Diego, CA, USA Publisher: Internet Society, February 2025 DOI: 10.14722/ndss.2025.240764 ISBN: 979-8-9894372-8-3
5.	Johannes Lohmöller, Jan Pennekamp, Roman Matzutt, Carolin Victoria Schneider, Eduard Vlad, Christian Trautwein, and Klaus Wehrle The Unresolved Need for Dependable Guarantees on Security, Sovereignty, and Trust in Data Ecosystems Data & Knowledge Engineering, 151 May 2024 ISSN: 0169-023X DOI: 10.1016/j.datak.2024.102301
4.	Jan Pennekamp, Roman Matzutt, Christopher Klinkmüller, Lennart Bader, Martin Serror, Eric Wagner, Sidra Malik, Maria Spiß, Jessica Rahn, Tan Gürpinar, Eduard Vlad, Sander J. J. Leemans, Salil S. Kanhere, Volker Stich, and Klaus Wehrle An Interdisciplinary Survey on Information Flows in Supply Chains ACM Computing Surveys, 56(2) February 2024 ISSN: 0360-0300 DOI: 10.1145/3606693
3.	Markus Dahlmanns, Constantin Sander, Robin Decker, and Klaus Wehrle Secrets Revealed in Container Images: An Internet-wide Study on Occurrence and Impact Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security (ASIACCS '23), July 10-14, 2023, Melbourne, VIC, Australia, page 797-811. Publisher: ACM, July 2023 DOI: 10.1145/3579856.3590329 ISBN: 979-8-4007-0098-9/23/07
2.	Jan Pennekamp, Johannes Lohmöller, Eduard Vlad, Joscha Loos, Niklas Rodemann, Patrick Sapel, Ina Berenice Fink, Seth Schmitz, Christian Hopmann, Matthias Jarke, Günther Schuh, Klaus Wehrle, and Martin Henze Designing Secure and Privacy-Preserving Information Systems for Industry Benchmarking Proceedings of the 35th International Conference on Advanced Information Systems Engineering (CAiSE '23), June 12-16, 2023, Zaragoza, Spain Volume 13901, page 489-505. Publisher: Springer, June 2023 DOI: 10.1007/978-3-031-34560-9_29 ISBN: 978-3-031-34559-3
1.	Markus Dahlmanns, Johannes Lohmöller, Jan Pennekamp, Jörn Bodenhausen, Klaus Wehrle, and Martin Henze Missed Opportunities: Measuring the Untapped TLS Support in the Industrial Internet of Things Proceedings of the 2022 ACM Asia Conference on Computer and Communications Security (ASIACCS '22), May 30-June 3, 2022, Nagasaki, Japan, page 252-266. Publisher: ACM, May 2022 DOI: 10.1145/3488932.3497762 ISBN: 978-1-4503-9140-5/22/05