Rohit Kaushik, Portability of Targeted Adversarial Attacks, University of Zurich, Faculty of Business, Economics and Informatics, 2022. (Master's Thesis)
 
In recent years, image classification with neural networks have shown promising results and hence garnered interest of researchers. These networks have been able to perform classification with near human efficiency. However it was later discovered that it is easy to fool neural networks and they are not robust to small non random perturbations. Addition of small non random pertubations which is imperceptible to human eye can cause neural network to misclassify an image which was previously correctly classified. Such a perturbed image is called adversarial image and an approach to generate such image is called adversarial attack. Morever these perturbations are portable to other neural network architecture which means an adversarial image that can fool one network can also be used to fool other networks. This poses a huge security risk for system that rely on image classification such medical analysis and autonomous vehicle. An attacker can modify the input image which could lead to failure of the system. This suggests that there is a need to build systems which are robust against such small perturbations. Portability is another import aspect, since if an adversarial example is only portable to few of the neural networks, an ensemble of network can be used to prevent against such attacks. In this work we propose experiments to evaluate portability of adversarial images across popular neural networks. We perform an in depth portability study by looking into how far the predictions are from true class. Since there has been very few research for targeted attack and it’s portability we include them in our study. We generate adversarial images on 13 neural network model with 3 adversarial attack and different value of perturbation constant epsilon on the subset of ImageNet dataset (ILSVRC 2012). A
distance metric was proposed to calculate the distance between any two classes of the dataset. The experiments shows that with untargeted attack and a larger epsilon the portability is high between networks of similar architecture but it drops significantly as we reduce the epsilon. With targeted attack, 3 different approach to choosing target was proposed but we observe low portability with all the targeted attacks and different values of target and perturbation constant. |
|
Raphael Koch, The Role of Blockchain Technology in Achieving the Sustainable Development Goals, University of Zurich, Faculty of Business, Economics and Informatics, 2022. (Master's Thesis)
 
This thesis examines the impact of Blockchain on the United Nations’ Sustainable Development Goals (SDGs). It includes two parts: Firstly, a comprehensive literature review is conducted to investigate published evidence of Blockchain as an enabler/inhibitor of the 169 targets stated in the SDGs. The study observed a positive impact of Blockchain on achieving targets in financial inclusion, supply chain management, fundraising, energy usage, environmental surveillance, health insurance and govern-ance. Increased energy consumption and money laundering due to cryptocurrencies are assessed as inhibitors. In the second part of the work, four fundraising platforms and four supply chain service providers are interviewed to examine practical evidence of Blockchain as an enabler/inhibitor for achieving the targets. A contribution to the targets’ achievement can be determined for all startups. However, it is observed that the Blockchain is only one piece of the puzzle, whereby the design of the business idea and the combination of additional technologies such as the Internet of Things (IoT) as a whole must be considered. |
|
Timothy Zimmermann, "Drone Supervisor: Toward Run-time Monitoring and Detection of Unexpected behaviour of Drones", University of Zurich, Faculty of Business, Economics and Informatics, 2022. (Bachelor's Thesis)
 
As the autonomous flying robots and the consumer Unmanned Aerial Vehicle (UAV) market flourish, safe collocated human-UAV interactions are becoming increasingly important. UAVs' automated testing and runtime monitoring to ensure their proper behaviour is still an open technical and research challenge despite research advances.
This study aims to determine if Machine Learning (ML) tools can be leveraged to classify a UAV flight behaviour at runtime to avoid unsafe and unreliable behaviours. To test the feasibility of this approach, we constructed a dataset containing various simulated flight scenarios. We identified a misbehaviour using anomaly detection methods during the UAV's landing phase. This misbehaviour led to the UAV hopping once it touched the ground and performing the landing sequence again. We then first investigated which of the UAV's sensor readings and estimation are key for successfully training an ML model using feature selection methods. Subsequently, we trained and validated the ML models using industry-standard performance metrics.
We identified 12 features of interest, and the Random Forest Classifier as the best performing model on our simulated flights dataset. The resulting Random Forest was then used to evaluate the UAV's behaviour during various time-steps during landing. The results suggest that a runtime supervisor could enable the UAV to identify misbehaviours in advance. |
|
Claudius Knecht, Wie muss ein elektronischer B2B-Marktplatz aufgebaut sein, um die digitale Sichtbarkeit von europäischen Produktionsstätten zu steigern?, University of Zurich, Faculty of Business, Economics and Informatics, 2022. (Bachelor's Thesis)
 
The objective of this bachelor thesis is to describe the development of an electronic B2B marketplace in Europe and to define its requirements on the part of the various users. First, an analysis of an existing electronic marketplace is presented with focus on the success factors of this very marketplace. In addition to the results of interviews with potential users of the marketplace a description of functions offer substantial added value to all parties in a procurement relationship. The development of an electronic marketplace in Europe also increases the digital visibility of European production sites, which in turn benefits individual companies as well as the European workplace as a whole. The influence of directories on the digital visibility of companies described by Hauck et al. (2020) confirms this positive effect. This bachelor thesis is relevant for readers who want to understand how an electronic marketplace works. It also serves as a helpful guide for people who want to develop an electronic marketplace for Europe in defining its requirements and success factors. |
|
Laura Salathe, Predicting Human Error in Geolocation Tasks Using Online Metadata - An Exploratory Study, University of Zurich, Faculty of Business, Economics and Informatics, 2022. (Master's Thesis)
 
This thesis addresses the problem of predicting human errors in image geolocation tasks with the help of collected metadata. For this purpose, an interactive experiment architecture allowing the collection of mouse coordinates, clicking events, timestamps, and further human interaction data was designed. One hundred participants took part in the experiment and solved various geolocation tasks.
The collected data was used to train different machine learning classifiers, such as logistic regression models, k-nearest neighbors, and support vector machines. The best-performing model is able to predict human errors in geolocation tasks to a small extent. The test accuracy on unseen test data is 10% higher than random chance and 4% better than the most simple rule-based model classifying all answers as correct. |
|
Mariia Lapaeva, MR-based synthetic CT generation for MR-guided radiotherapy, University of Zurich, Faculty of Business, Economics and Informatics, 2022. (Master's Thesis)
 
The aim of this study is to devise deep learning (DL) approaches trained on paired and unpaired data that are able to generate realistic synthetic computed tomography (CT) images for magnetic resonance-guided radiotherapy (MRgRT) in the area of the abdomen and to assess its clinical applicability. The imaging data of 76 patients with a tumour in the abdomen who were treated with MRgRT at USZ was collected retrospectively and divided in training (59) and test sets (17). To
improve the current state-of-the-art of DL technologies by studying different architectures and ensembles of configurations, the following experiments were conducted: (a) evaluating the influence of the different GAN architectures trained on paired (Pix2pix) and unpaired data (CycleGAN and CUT, which firstly applied for the purpose of sCT generation); (b) investigating the footprint of different preprocessing methods (Nyul, novel N-peaks); (c) improving spatial consistency of
results by adjusting the network configuration (2D, pseudo3D); (d) testing different GAN training objectives (LSGAN, WGAN-GP); (e) estimating the influence of the loss function on the generated results (per-pixel L1 loss, VGG19 perceptual loss). The quality of sCT generation was assessed using both, image similarity and dosimetric accuracy metrics. The dosimetric accuracy of the best performing models was estimated by comparing the dose distribution of MRgRT treatment plans
calculated from synthetic CT and original CT images using dose-volume histogram (DVH) parameters to allow assessment of the clinical applicability of the DL methods. Our results suggest that DL models trained with unpaired data achieve similar performance as models requiring perfectly aligned image pairs, and even perform better in the bone and air pocket areas. The mean absolute errors (mean ± SD) calculated within the body contour are 71.0±20, 73.4±21 and 84.5 ±19
HU when using the best performing configuration of pix2pix, CycleGAN and CUT, respectively. The proposed DL-based synthetic CT generation methods may be considered clinically applicable for treatment planning in the abdominal area with the mean DVH indicator discrepancies with
the original plan of less than 1% for all models, and less than 0.5% for all tumour DVH indicators for the best performing model, CycleGAN. The study confirmed that generation of synthetic CT using a DL approach from low field magnetic resonance images in the abdomen is feasible and
allows a reliable calculation of irradiation plans in MRgRT. |
|
Jordan Cedeno, Mitigating Cyberattacks Affecting Resource-constrained Devices Through Moving Target Defense (MTD) Mechanisms, University of Zurich, Faculty of Business, Economics and Informatics, 2022. (Bachelor's Thesis)
 
Most Internet of Things (IoT) devices such as radio spectrum sensors are not designed and built with security in mind. The static nature of such IoT devices coupled with the resource constrains under which they operate, makes such devices a lucrative target for cyberattacks. One option when it comes to dealing with such cyberattacks is employing Moving Target Defense (MTD) in which some system parameters are ”moved” in order to disrupt an ongoing attack. This thesis aims to propose, design and implement a prototypical lightweight MTD based framework (MTD Framework) for Linux based IoT devices such as radio spectrum sensors, which is capable of deploying host-based MTD security solutions (MTD Solutions) based on reported attacks/events from an external program monitoring for attacks/events. Furthermore, this thesis implements a total of four MTD based security solutions to deal with the following three malware families once they have already infected the system: command & control based malware, crypto ransomware, user-level rootkits (using preloads). To test the effectiveness of the MTD Framework and the MTD Solutions they were tested against real malware to see how they perform.
Additionally some performance data is gathered to present the additional resource consumption that the MTD Framework incurs. The results are promising and suggest that the MTD Framework combined with the MTD Solutions proposed and implemented in this thesis work well as an additional security layer which is capable of disrupting/disabling running malware of the above mentioned malware families. |
|
Ramon Solo de Zaldivar, Creation of a Dataset Modeling the System Calls of Spectrum Sensors Affected by Malware, University of Zurich, Faculty of Business, Economics and Informatics, 2022. (Bachelor's Thesis)
 
The growing usage of IoT devices brings in itself multiple different new use cases. From healthcare, location tracking to process automations and crowdsensing, IoT devices are being used more than ever. In parallel there has been a growing cybersecurity concern, as IoT devices are becoming a desirable target for cyber attackers. IoT devices, depending on their purpose can have access to large amounts of data which makes them an attractive target for cyber criminals. To further this issue, these devices are poorly secured and inherently, as they are resource constrained, can not support conventional cybersecurity software. IoT devices have been the targets of different kinds of malware, from botnets and backdoors to rootkits, ransomwares and others.
A feasible way to sever these cyber security concerns and prevent these targeted malware attacks from happening, is with the help of Intrusion Detection Systems (IDSs). Nevertheless, traditional IDSs are powerless when it comes to detecting new unknown malware attacks, other wise known as zero day attacks. For this reason, new research is relying heavily on Machine Learning (ML) and Deep Learning (DL) decision engine based IDSs. A key component that determines the efficacy of these IDSs is a quality dataset, containing the behavior of a device under normal behavior and also the behavior when it has been compromised by novel malware, with which the ML or DL based IDS can be trained. A ML or DL based IDS with a quality dataset is then statistically better suited to detect novel malware. In spite of the importance of these datasets, quality datasets, especially ones modelling the internal behavior of IoT devices in a normal state and when under attack by zero day attacks such as botnets, backdoors and others, are scarce.
In wake of this limitation, this thesis aims to create a quality dataset that accurately represents the internal behavior of an IoT device, both when it is functioning normally and when it is under attack. In order to accomplish this, the system calls of the IoT device, which in this specific case is an ElectroSense sensor, are monitored under normal behavior, gathered, cleaned and stored in a centralized directory. Then, the device is infected with current malware affecting IoT devices, such as the bashlite botnet, thetick backdoor, bdvl rootkit and a ransomware proof of concept and the monitoring process is repeated for each malware. The infections are sequential, meaning that the device is not infected with more than one malware at a time. Finally the generated dataset contains normal and anomalous behavior classified by malware. It is then evaluated through analyzing the sequences and frequencies of the system calls statistically. |
|
Konstantin Moser, Intelligent and Behavioral-based Detection of Cryptominers in Resource-constrained Spectrum Sensors, University of Zurich, Faculty of Business, Economics and Informatics, 2022. (Bachelor's Thesis)
 
With the rising popularity of cryptocurrencies and IoT devices, the number of cryptomining attacks on such devices is intensifying as they are often poorly secured. The reason cybercriminals are increasingly interested in cryptominers is that they offer fast and anonymous way of making money while taking low risks. A modern approach for detecting cyber attacks is to combine behavioural fingerprinting analysis with machine learning models. While recent works provide numerous state-of-the-art approaches for general computers, literature shows little research on detecting malicious cryptomining on IoT devices. Therefore, the underlying thesis proposes different supervised and unsupervised models that aim at detecting cryptojacking on IoT devices from the devices' perspective. One of the requirements to train machine learning models effectively are data sets containing clean, as well as infected device behaviour.
Therefore, behavioural monitoring is predominantly performed on a Raspberry Pi using a monitoring script that periodically measures the number of performance events. The test device is part of a real world IoT crowdsensing platform called ElectroSense, whose sensor will be infected with a cryptojacker as part of this thesis. The framework creation process involves collecting and preprocessing data and the training of different ML-based algorithms. The performance of the models is evaluated using various statistical methods. The model based on the Isolation Forest algorithm, which takes an unsupervised approach, achieves the best overall weighted accuracy of 93.9%. The unsupervised Local Outlier Factor model performs best with 97.7% if the accuracy is not weighted. Regarding the supervised models, the Decision Tree classifier achieves the best F1-Score macro average of 76%, which transforms to 100% if the F1-Scores are weighted per class. Because supervised and unsupervised approaches work fundamentally different, the percentages should not be compared directly due to varying evaluation metrics and individual strengths and weaknesses. Nonetheless, it becomes clear that all the trained detection modules are able to detect the vast majority of attack samples during the evaluation. This proves, that using machine learning models combined with behaviour fingerprinting is a viable option to detect cryptojackers in IoT devices. |
|
Marc Zwimpfer, Diffusion of Innovation among Smallholder Farmer Households in Tanzania: An Agent-based Modelling Approach, University of Zurich, Faculty of Business, Economics and Informatics, 2022. (Master's Thesis)
 
Poverty and hunger still prevails in many parts of the world. Sub-Saharan countries are particularly affected by severe food insecurity due to heavy reliance on agriculture and lack of sufficient farming equipment. Thus, finding a cost-effective method to introduce improved equipment to a high percentage of farmers in reasonable time is crucial. For this reason, we develop a modular agent-based model which simulates innovation diffusion among smallholder farmer households in Tanzania. It is based on proven innovation research as well as recent findings in an ongoing field study of the University of Zurich in Tanzania.
Furthermore, we define different intervention strategies to accelerate the diffusion rate of an innovation among farmers. We outline how our model can be utilized to evaluate and compare such strategies in various ways. By applying algorithms from machine-learning on our diffusion simulation results, we show how key factors behind the performance of a strategy can be determined and demonstrate possibilities to predict the success rate of a strategy. Our findings present researchers an inexpensive alternative to assess intervention strategies effectiveness before launching them in the field. |
|
Björn Bloch, Minergie labels in Switzerland: Mitigation of tenant-related risks, University of Zurich, Faculty of Business, Economics and Informatics, 2022. (Master's Thesis)

|
|
Simon Giesch, Fairness in Online Ad Auctions: the Role of the Auction Mechanism; An analysis of how economic competition leads to discrimination in the displaying of ads, University of Zurich, Faculty of Business, Economics and Informatics, 2022. (Bachelor's Thesis)
 
This thesis examines the public value creation in digital ecosystems.
It, therefore, aims to elaborate on success factors that lead to successful public value creation in digital ecosystems.
For this purpose, interviews were conducted with representatives of digital ecosystems as part of a multiple case study, which was then evaluated using qualitative analysis.
Through the analysis combined with the literature review, a number of success factors were determined that positively influence the process of public value creation.
In a second step, a fuzzy-set Qualitative Comparative Analysis (fsQCA) was performed, which compiles configuration paths from these success factors.
The results of this configuration analysis suggest different configurations paths that show in which configurations the success factors lead to successful public value creation for platform owners and complementors. |
|
Kirthan Gengatharan, Digital Ecosystems for Public Value, University of Zurich, Faculty of Business, Economics and Informatics, 2022. (Bachelor's Thesis)
 
This thesis examines the public value creation in digital ecosystems.
It, therefore, aims to elaborate on success factors that lead to successful public value creation in digital ecosystems.
For this purpose, interviews were conducted with representatives of digital ecosystems as part of a multiple case study, which was then evaluated using qualitative analysis.
Through the analysis combined with the literature review, a number of success factors were determined that positively influence the process of public value creation.
In a second step, a fuzzy-set Qualitative Comparative Analysis (fsQCA) was performed, which compiles configuration paths from these success factors.
The results of this configuration analysis suggest different configurations paths that show in which configurations the success factors lead to successful public value creation for platform owners and complementors. |
|
Sebastian Küng, Opening Pandora’s Box: An Analysis of the Usage of the Data Field in Blockchains, University of Zurich, Faculty of Business, Economics and Informatics, 2022. (Bachelor's Thesis)
 
Since the inception of the Bitcoin blockchain in 2009 with the inclusion of the message "The Times 03/Jan/2009 Chancellor on brink of second bailout for banks" in its genesis block, blockchains have been used to store generic media. These include text, images, and documents. However such media is often not easily discoverable in the blockchains and is embedded deep within their binary data structures. The main goal of this thesis is to design and implement a tool that scans blockchains for their media content. The software tool developed for this work, the blockchain-parser, is capable of detecting text strings and files embedded in blockchains. The blockchains of the Bitcoin, Monero, and Ethereum cryptocurrencies were examined to find commonalities and differences between different blockchains in terms of their generic media storage usage. Prior related work has focused on the methods for storing media in Bitcoin. This thesis provides statistics and examples of the blockchain parser's detected media across Bitcoin, Monero, and Ethereum, which are presented and discussed herein. It concludes that Ethereum has been the most-used blockchain for media data storage of the three and might also be the best-suited blockchain for this task. |
|
Raphael Imfeld, Increasing Privacy in Smart Contracts: Exploring Encryption Mechanisms, University of Zurich, Faculty of Business, Economics and Informatics, 2022. (Bachelor's Thesis)
 
After the introduction of the concept of Smart Contracts (SC) in 1994, it took another decade until a use case was found. The blockchain's focus on transactions appeared to be a perfect ground to implement the concept of automated, self-executing contracts. Popular blockchains such as Ethereum tied the integration of SC closely to their core functionalities, using the programming language Solidity specifically introduced for this purpose. Since physical contracts know distinct security properties due to privacy requirements, the digital equivalents are expected to fulfill the same. However, the transfer of such properties are challenging as some blockchains are trustless systems and therefore no channel of communication between the two contracting parties is expected.
In order to resolve this challenge, cryptographic mechanisms were introduced to ensure privacy by either encrypting the values on-chain and allow them to be read and manipulated by authorized contracting parties or using an o-chain approach, which outsources the storage and manipulation of sensitive data to a Trusted Third Party. Different encryption approaches were explored by implementing a simple transaction scenario using a SC with different types of data, showing limitations of each approach when using a on- or o-chain solution. Furthermore, performance of the encryption approaches were investigated in order to determine aspects, such as the contract size, the Gas used during the process and runtime. Finally, a comparison of all approaches was done, showing the difficulties of on-chain approaches for the chosen scenario and proposing some adjustments for further research to simplify the implementation. The evaluation showed a positive correlation between the complexity of the encryption mechanism and the three parameters mentioned, since the unencrypted approach used the least amount of memory or Gas and was the fastest, while the homomorphic approach was located at the other end of the scale. |
|
David Stalder, Machine-learning based Detection of Malicious DNS-over-HTTPS (DoH) Traffic Based on Packet Captures, University of Zurich, Faculty of Business, Economics and Informatics, 2022. (Bachelor's Thesis)
 
The goal of this thesis is to implement a working prototype for the detection of malicious DNS-over-HTTPS (DoH) traffic into the already existing System SecGrid, a platform for the extraction of internet traffic, its analysis, and the detection of cyber-attacks developed by the CSG-Group at the University of Zurich. The implementation contains a special feature extraction for DoH traffic based on TCP-flows and a two Layered Machine Learning pipeline for the detection of malicious DoH traffic. The evaluation proves that the prototype is extremely precise for single data-sets, but as soon as the models are trained and tested with different data the accuracy of the prototype deteriorates drastically. The conclusion is the diversification of the training data-sets into data-sets that are aligned with real-world browser settings and all available DoH resolvers and especially the quantitative and qualitative extension of the state-of-the-art data. |
|
Florin Ulrich, Evaluating and Extending Parallel Fuzzing, University of Zurich, Faculty of Business, Economics and Informatics, 2022. (Bachelor's Thesis)
 
Fuzz testing is a software testing technique that uses random inputs to find faults in programs. In recent years, American Fuzzy Lop (AFL), a state of the art greybox fuzzer has seen much interest [Godefroid, 2020]. One avenue of research is the improvement of AFLs’ effect when run in parallel. In this thesis, we explore the effects of parallelizing AFL with up to 25 parallel instances. Additionally, we reimplement PAFL, an approach that improves the parallel abilities of the AFL based fuzzers FairFuzz and AFLfast [Liang et al., 2018]. We show that PAFL does not improve the standard AFL implementation for setups with three fuzzing instances. |
|
Pratyush Singh, Table Detection and Structure Recognition; A pragmatic approach, University of Zurich, Faculty of Business, Economics and Informatics, 2022. (Master's Thesis)
 
Tables are one of the most convenient ways to present complex, correlated, and structured information. While rule and heuristic based approaches have long dominated the table detection and structure recognition, their usefulness has been confined to a subset of tables that follow these rules. Significant research has been conducted to localize table structure, the majority of which focuses on using heuristics and rules with the assistance of optical character recognition (OCR) to manually select layout characteristics of the tables. With the rise of Deep Learning, new models have shown to be applicable across multiple unseen domains by incorporating transfer learning. This thesis presents an end-to-end object detection approach to detect tables and recognize their structures in a document and thus, help in table data extraction with the use of a deep learning model namely, Faster R-CNN. This work will also introduce a new metric based on Intersection over Union (IoU) for the task of table detection which does not penalize large bounding box predictions up to a defined extent and reduces the dependency of the F1 score on the chosen IoU threshold. A significant amount of experiments will be discussed on many popular publicly available datasets like ICDAR 2013, ICDAR 2019, ISRI-OCR, Marmot, TableBank, and PubTables-1M to carefully adapt and design the parameters of the Faster R-CNN model and demonstrate the robustness of the model across unseen datasets. The model present in this thesis outperforms other models including a transformer-based model to establish the state-of-the-art results on these datasets proving once again the superiority of the Faster R-CNN architecture. |
|
Adrianna Marszal, Changes of Response Authoring Practices Through AI Support in Online Customer Feedback Management, University of Zurich, Faculty of Business, Economics and Informatics, 2022. (Master's Thesis)
 
This study analyzes the data collected within the ReAdvisor project at the Department of Informatics in collaboration with company re:spondelligent. Research work takes place from October 2021 to March 2022. The thesis gathers three types of data: videos, interviews and questionnaires, which are then analyzed qualitatively and quantitatively. The impact of the AI-human interaction on a socio-technical system is researched through: (a) analyzing changes in response authoring practices with the influence of the AI (through videos), (b) analyzing authors' perception of the AI on the intelligent co-writing (through interviews and questionnaires), and (c) researching what possible business models the modern machine learning tools enable. Results suggest that some of the introduced AI tools save time for students, but not for professionals. The AI tools regarded as most useful by both groups of authors are the response generator and the quality checker, in that order. All of the tools are reported to have room for improvement. Overall, the new system is perceived as a positive technological development which impacts the socio-technical system by enabling the collaboration between the AI and the humans. Lastly, the study develops a categorization of 11 AI-enabled business models and discusses strategic options to be used for enhancing re:spondelligent's business model. |
|
Gzim Nevzadi, Real Estate Mezzanine Financing through Marketplace Lending, University of Zurich, Faculty of Business, Economics and Informatics, 2022. (Master's Thesis)

This master’s thesis explores the opportunities real estate mezzanine financing o↵ers
investors and borrowers through marketplace lending in Switzerland. To answer the
research question, existing studies on marketplace lending were analysed, and a
quantitative analysis was completed using data from the largest Swiss marketplace
lending platform. The results indicate that using mezzanine financing through the
alternative intermediary marketplace lending platforms creates new opportunities
for investors and borrowers that are not available with traditional banks. On this
basis, using this alternative option and optimising its results is advised. |
|