Logo der Universität Wien


Master's theses


Supervision: Univ.-Prof. Dipl.-Ing. Dr. Erich Schikuta, Dipl.-Inf. Univ. Arian Bär

Title: Continuous Network Data Mining

Introduction: The analysis of big amounts of data has become a challenge for more and more fields and applications in computer science. One interesting application field of big data processing is network data analysis. Although, many approaches for processing network data already exist, the application of data mining algorithms is still in its initial phase. Therefore, the idea of this project is to apply and extend already existing data mining algorithms on network monitoring data. More precisely, we want to focus on algorithms which can run continuously on newly arriving data as they are produced by the network under study.

Description: The general frame of this thesis is the FP7 project mPlane (http://www.ict-mplane.eu/) where the general idea is to build a measurement plane for the internet, which can automatically provide insights into the performance of a network and problems therein. In the thesis project, we want to start from the import of publicly available network traces into the existing stream data warehouse DBStream[1]. The next step is to implement well known data mining algorithms and extend them it to be continuously executed over time. One of the outcomes of the thesis could be an extended version of the network anomaly detection algorithm[2], which is able to automatically detect network wide anomalies by investigating feature distributions over time. Finally, we plan to investigate how the implemented approach performs and what new insights about the imported data it can be gained.

 [1] A. Bär, A. Finamore, I. Bermudez, L. Golab, M. Mellia, P. Casas, "Technical Report: Continuous Analytics for Traffic Monitoring and Applications to CDN", FTW-TECHREPORT-129, 2013

 [2] A. D’Alconzo, A. Coluccia, and F. Ricciato, "A Distribution-Based Approach to Anomaly Detection for 3G Mobile Networks", IEEE Globecom ’09


Supervision Univ.-Prof. Dr. Stefanie Rinderle-Ma:

Topic 1: Implementing a web-based C3Pro editor (see C3Pro project)

Introduction: Change is one of the main focus points in the C3Pro project, which stands for "Change and Compliance for Collaborative Processes". In collaborative processes, private processes are the individual business process models of the participating businesses. The public view or public processes abstract the private processes in such a way that only the public activities -- those where another partner is also involved -- are shown. Change in such an inter-organisational context is challenging, as a single modification from one participant in its own private process might impact some partners' related public processes, which in turn could trigger transitive changes to other partners. The correct propagation of change is an important challenge, which is being tackled on in the C3Pro Project.

Description: We have implemented a change propagation library in the Java programming language, which takes into consideration all the changes partners have to perform for various change activities: insert, replace, and delete. Based on this library, we have implemented a desktop-based editor for visualising and simulating various change scenarios. The proposed bachelor project's goal would be implementing the same editor as a web-based prototype. Having a web-based editor for interactive change management would make the topic more accessible for everyone, allowing them to see the effects of changes in an inter-organisational context. This prototype would:

  1. Visualise choreography models as well as participating partner's public processes.
  2. Display related activities on all partners' public processes.
  3. Display the proposed changes and affected fragments (direct as well as transitive).
  4. Display statistics after applying and propagating changes.

Requirements / Programming Languages:

  • Java (server-side) or other JVM-based languages
  • Javascript (client-side) or other languages compiled to Javascript (HaXe, Clojurescript, Coffeescript etc.)
  • Clojure (optional, to understand the current editor)


  • Web Services
  • HTML 5
  • Web Sockets
  • AJAX

Due to the long lifecycle, many things can change even if they change slowly: assets are replaced by new ones; new components and services are added on top of existing systems; companies merge and split; key employees may leave. As a result, even if the system has been commissioned with a clear blueprint, the operators can partially lose track of their IT inventory. Without a clear view of their IT assets (PCs, equipment, field devices, and networks) in the first place, it is impossible to secure them. As such, operators do not have clear visibility into attacks underneath the production monitoring surface.

Topic 2: Security analysis of automotive systems

Problem statement

As a transformative technology, autonomous and connected vehicle creates new challenges and risks. One of the biggest threats is cybersecurity which impacts on road and public safety. Modern vehicles have more than 100 ECUs and 100 million lines of code. Rigorous security engineering approaches to the development of automotive systems are required to address safety and security of modern vehicles. Security analysis is one of the important building blocks in this process. Threat modeling is a best-practice technique for identifying and analyzing security threats and risks in web application. It needs to be adapted to the automotive domain that takes specific context and attributes into consideration.


You will develop and extend existing threat modeling method and tool for modeling realistic cyberattacks on automotive systems such as the 2015 Jeep hack[1]  and the 2016 Tesla hack [2]. The objective is to represent and capture these threats in the threat modeling tool such that it can be used for future security analysis of automotive systems.


[2] http://keenlab.tencent.com/en/2016/09/19/Keen-Security-Lab-of-Tencent-Car-Hacking-Research-Remote-Attack-to-Tesla-Cars/


Topic 3: Process Mining of Inter-process and Inter-instance Security Constraints 

Process mining techniques are used to analyze and extract process-related information from event logs.
Currently, many mining approaches address the monitoring of constraints over business processes. However,
main focus has been put on constraint verification for intra-instance security constraints so
far, i.e., security constraints that affect single instances. 
This Master's Thesis aims on evaluating how instance-spanning security constraints can be verified using process mining techniques. For example, the sum of all approved credit applications by employee or a certain dosage of medicine over a course of treatments that should not be exceeded are inter-instance constraints. The findings are evaluated with a proof-of-concept prototype.

Related projects: CRISP and SPRINT


Topic 4: Mining of Inter-Instance Constraints from Process Logs - Prototype 

 Based on the ISC discovery algorithm developed in the CRISP project a prototype including a graphical user interface is to be developed. Different classification techniques should be selectable. Means for iterative log preparation techniques should be implemented. 

The conceptual part of the thesis comprises the design for the GUI as well as the user guidance through the discovery algorithm.

Related projectsCRISP and SPRINT

Ongoing Master's theses: 

(supervised by Univ.-Prof. Dr. Stefanie Rinderle-Ma)

  • Security Modeling in Business Processes: Empirical Research (see project SPRINT): desc
  • Merging of Process Views
  • Prototype for the sonification of business process event logs (see project ADVENTURE): desc
  • Analyze Mining Results of Merged Process Views (see HuMIC project): description: desc
  • Datenbank-Schemaänderungen und ihre Auswirkungen auf XML / Relationales Mapping
  • Mining of Usage Processes in Electronic Newspapers

Completed Master's theses:

  • Einsatz von intelligentem Queuing zur Analyse und Optimierung von Prozessen
  • Workflow Watson - W2: A REST-ful Declarative Rule Engine As a Web Service for Workflow Support
  • ACaPlan - Adaptive Care Flow Planning
  • Konzeption und Umsetzung erweiterter Versionsverwaltungsverfahren für prozessorientierte Informationssysteme
  • Datenqualität für Process Mining
  • Process Mining für Webanwendungen
  • Differenzen-basierte Versionskontrolle von Geschäftsprozessen
  • Managing Responsibilities and Permissions for Process-Aware Information Systems
  • Analysis of existing systems and design of a HC-PAIS user interface
  • Evaluation and Implementation of a Visualization Component for Difference Analysis of Process Models

Bachelor theses: 

open (Supervision Univ.-Prof. Dr. Erich Schikuta):

Thema: Implementierung von eLearning Komponenten in NetLuke

NetLuke ist ein interaktives eLearning System zur Visualisierung des dynamischen Verhaltens von Algorithmen und Datenstrukturen.
NetLuke wurde im Rahmen von 2 Diplomarbeiten an der RG WST entwickelt (wst.univie.ac.at/workgroups/netluke).
Ziel ist der Einsatz von NetLuke im Modul AlgoDatzur Unterstützung der Studierenden

Spezifisches Ziel der PR Arbeit(en) ist die Realisierung von Algorithmen und/oder Datenstrukturen und deren Visualisierung mit Java im NetLuke Framework.

Max. Anzahl von Studierenden: 5

InteressentInnen moegen sich bei Erich Schikuta per email (erich.schikuta@univie.ac.at) zwecks Terminvereinbarung melden.

open (Supervision Univ.-Prof. Dr. Stefanie Rinderle-Ma):


Topic 1: Extended analysis of developer focused workflow engines

Workflows are frequently used in end-user focused environments using end-user focused graphical tools (e.g., jBPM). However, those end-user focused projects typically utilize feature crowded complex server infrastructures so that they can hardly be integrated in small to medium software projects. So, software developers often implement their own small workflow projects based on e.g. the saga or workflow pattern.

Hence, it would be interesting to analyze existing lightweight object oriented developer focused workflow engines to check their applicability in typical small to medium software projects.

A previous bachelor thesis has analyzed multiple workflow engines for their control flow definition and execution capabilities.
The approach would require to extend the results of the previous work!

You will need to:
a) Read up on workflows, workflow engines, and workflow patterns/views and perspectives (Do some study work BEFORE you apply for this thesis so that you have at least some background knowledge on these topics!)

b) Identify at least 5 different workflow which should be analyzed.
Possible sources to identify relevant open source engines are, e.g.:
https://github.com/ (search, e.g., for workflow engine and java)

The engines should preferably be written in Java (recommended) or any other object oriented programming language, maintained, and you will need to argue why the selected engines were chosen.
In addition some preselected workflow engines, at our choice, will be included!

c) Select a reasonable amount of workflow patterns from the perspective Control, Resource, Data, Exception Handling (see www.workflowpatterns.com))

The total amount of patterns should be larger or equal to 20 and should contain patterns from all 4 perspective (the last three ones are the most important ones for this work!)

d) Analyze if the engines support the selected patterns. Read the engines documentation. If no documentation is available read the code and use it as a reference, analyze given examples, communicate with the authors for examples, and so on.

You will need to IMPLEMENT the patterns, most frequently by writing source code and interacting with the API of the engine. Only modeling the patterns is not sufficient, i.e., a significant amount of code must be written! Note, if you recognize that a pattern is not support you will need to check if it would be possible, with minor self developed additions, if you can add support! For example, if an engine does not support to execute multiple workflows at once you can "add" support for this by using multiple threads spawned by your programming language of choice.

NOTE: You will need to hand in the source code!

e) Write the thesis, add a theoretical background (e.g., why workflows, why worklow engines, why developer focused engines vs larger projects), include your results, describe drawbacks and limitations of the analyzed workflow engines. Compare the results (i.e., the supported patterns) with multiple existing large scale workflow engines.





currently running (supervision Univ.-Prof. Dr. Stefanie Rinderle-Ma)

  • Sonification prototype

completed (supervision Univ.-Prof. Dr. Stefanie Rinderle-Ma)

  • Knowledge engineering of Privacy in Business Processes
  • A fully automated Single Sign-On-Solution capable of authenticating through a Third-Party Service
  • Privacy in Geschäftsprozessen
  • Process Information Elicitation Evaluation of process descriptions and comparison of description methods
  • Evaluation von organisationsbasierten Sicherheitskonzepten in AristaFlow und Activiti
  • Knowledge Engineering on Business Processes
  • Eine Analyse und Evaluierung von Sicherheitsaspekten in der Geschäftsprozessmodellierung
  • Evaluation of Security Concepts in Existing Process-Aware Information Systems
  • Evaluation of Security Extensions in Business Process Modeling
  • On Evaluating the Effort of Manual Role Mining (I)
  • On Evaluating the Effort of Manual Role Mining (II)
  • Modellierung und Simulation von Geschäftsprozessen mittels farbigen Petri-Netzen zur Analyse und zum Role-Mining von Event Logs
  • Präparation und Analyse von Prozesslogdaten für Role Engineering
  • Implementierung und Vergleich der Orgkomponenten dreier ausgewählter Prozess-Management-Systeme anhand eines Use Cases
Contact us
Faculty of Computer Science
University of Vienna

Währinger Straße 29
A-1090 Vienna