CS | Cyber Security

Trust is good, control is better – or so the saying goes. When it comes to IT today, trust is inept and control is imperative!

IT systems and their users often do not live up to the trust placed in them. Quite to the contrary, they are vulnerable in many ways. It is therefore critical to monitor security-relevant processes during IT usage to protect against attacks and ensure operational capability.

The Cyber ​​Security (CS) department develops confidence-building measures and control mechanisms. Monitoring of security-related processes and their assessment with regard to security conformity enables a constant overview. The department’s research is focused on analysis of attack techniques and the development of approaches to their detection and defense against them.

In addition, the team of scientists studies and tests whether protective measures can be defeated. In this connection, they have a particular interest in close examination of networked environments which have been introduced to IT only recently, such as smart buildings or the Internet of Things.

Distributed cooperative security monitoring

Cooperation of multiple organizations, potentially including competitors, offers huge advantages when it comes to identification and defense against threats. At the same time, cooperation on common security objectives - by exchanging relevant information, for instance - is inhibited by competing individual confidentiality interests. The Cyber Security (CS) department develops and studies approaches to resolve respective conflicts and balance these interests, in particular using customized pseudonymization. The focus is on the construction and combination of pseudonymization methods with specific detection and interlinkability properties. 


Anomaly detection

Despite existing security measures, the residual risk of possible attacks remains, especially in complex IT environments. The CS department develops approaches and methods for continuous control of IT operations that enable the detection of security incidents.


Security in building automation

In the area of smart buildings, the CS department studies the safety of long-lasting building automation components and helps manufacturers to harden their systems. It analyzes the security of existing real estate and develops systems for detecting anomalies in building automation networks.


IT security awareness

An important tool for systematic risk management is the evaluation of the costs and benefits of risk-mitigating security measures. Computer systems play a role in this, but users have to be included in the safety assessment as well. In this area, the CS department devises methods and procedures for improving and systematically evaluating IT security awareness.


Threat intelligence

In this problem set, the CS department deals with the question of how third-party information can be used to increase ones's own security and ensure one's own operational capability. Its focus is on generating, sharing, evaluating and exploiting such information.


Official bodies/networks

  • Alliance for Cyber Security; Prof. Dr. Michael Meier, member of the Cyber Security Expert Group
  • SIDAR (Security Incident Detection And Response) of the Gesellschaft für Informatik e.V.; Prof. Dr. Michael Meier, founding member and spokesman of the expert group
  • DIMVA (Detection of Intrusions and Malware & Vulnerability Assessment); Prof. Dr. Michael Meier, member of the steering committee of the international symposium
  • Department of Security of the Gesellschaft für Informatik e.V.; Prof. Dr. Michael Meier, member of the governing body 
  • Society for Data Protection and Data Security e.V. (GDD); Prof. Dr. Michael Meier, board member
  • Bonn Dialog for Cyber ​​Security; Prof. Dr. Michael Meier, co-organizer    



  • University of Bonn
    Close collaboration with the IT security working group, participation in fundamental research projects, university teaching and the further qualification of young scientists.
  • University of Applied Sciences Bonn-Rhein-Sieg
    Joint operation of the learning laboratory for cyber security at the Bonn/Sankt Augustin site.