Abschlussarbeiten

In the digital age, organizations heavily rely on information technology (IT) systems to store and process sensitive data, making them prime targets for cyberattacks. While extensive research has been conducted on the technical aspects of cybersecurity incidents, there is a growing need to understand the psychological impact on IT employees who play a pivotal role in detecting, mitigating, and recovering from such incidents. This master's thesis aims to investigate the psychological reactions of IT employees when confronted with significant cybersecurity incidents and provide insights that can enhance employee well-being and organizational resilience.

Possible Research Objectives:

1. To explore the emotional and cognitive responses of IT employees during and after significant cybersecurity incidents.
2. To identify the factors that influence the psychological reactions of IT employees to cybersecurity incidents, including the severity of the incident, organizational support, and individual characteristics.
3. To examine the long-term effects of cybersecurity incidents on IT employees, such as post-traumatic stress, job satisfaction, and performance.

Methodology:

1. Literature Review: Conduct an extensive review of the existing literature on cybersecurity incidents, their psychological impact on employees, and relevant psychological theories (e.g., stress theory, coping mechanisms, and resilience).
2. Interviews: Conduct expert interviews with IT employees who have experienced significant cybersecurity incidents. Explore their emotional responses, coping strategies, and perceptions of organizational support.
3. Data Analysis: Analyze interview data using qualitative methods to identify patterns and factors influencing psychological reactions.
4. Longitudinal Study: If possible, follow a subset of IT employees over time to assess the long-term effects of cybersecurity incidents on their psychological well-being.

Expected Contributions:

1. Enhanced Understanding: This research will contribute to a better understanding of the psychological reactions of IT employees to significant cybersecurity incidents, shedding light on the emotional and cognitive aspects of incident response.
2. Organizational Insights: Findings will provide organizations with insights into how to better support IT employees during and after cybersecurity incidents, potentially reducing the long-term negative impact.
3. Academic Contribution: The thesis will contribute to the academic literature on the intersection of cybersecurity and psychology, filling a gap in the current research landscape.

Contact: Prof. Dr. Arne Buchwald

Ransomware is malicious software designed to encrypt a victim’s data, rendering it inaccessible until a ransom is paid to the attacker. It typically involves infiltrating the victim's system, encrypting critical files, and delivering a ransom note threatening permanent data loss if the payment is not made (Alzahrani et al. 2025). 

The first known ransomware attack dates back to 1989 with the "AIDS" trojan by Joseph Popp (O'Kane et al. 2018). Popp distributed 20,000 infected floppy disks to AIDS researchers at the WHO international AIDS conference in Stockholm. The Trojan encrypted the victims’ files and demanded a $189 ransom to be paid to a mailbox in Panama. While based on a weak encryption compared to today’s standards, the attack marked the first known case of ransomware, laying the groundwork for modern extortion malware (KnowBe4 2025; Richardson and North 2017).

Today, ransomware attacks are doubling year-by- year (Zscaler 2024) and ransomware groups are proliferating rapidly—70 active groups in Q1 2025, up 55% from the prior year (GuidePoint Security 2025). While early ransomware groups were primarily financially motivated, recent developments reveal a shift: state-sponsored actors increasingly use ransomware to advance geopolitical goals—for example, by weaponizing disclosure rules to destabilize critical institutions (Reed 2025)—and target critical infrastructure. For example, the 2020 ransomware attack on the Duesseldorf University Hospital was related to the loss of human life (Cimpanu 2020). As a result, ransomware now inflicts not only financial and reputational damage but also concrete human consequences.

The ever-growing prevalence of ransomware attacks is accompanied by the emergence of a professionalized Ransomware-as-a-Service (RaaS) business model. RaaS has lowered the barrier to entry for cybercriminals. Attackers no longer need advanced skills. In the early years, conducting a ransomware attack required significant technical expertise—including knowledge of encryption, malware development, and network infiltration. Cybercrime-as-a-Service allows even individuals with no programming or hacking skills to carry out ransomware attacks by purchasing toolkits and services on darknet marketplaces (Manky 2013; Meland et al. 2020). RaaS providers offer tools, infrastructure, and negotiation strategies to affiliates, mirroring legitimate business models (Alwashali et al. 2021; Meland et al. 2020; Salvi 2019). Groups like LockBit, Conti, and BlackBasta not only deploy ransomware but also manage affiliates, infrastructure, and negotiation pipelines. Several of these groups have been breached, leaking thousands of internal communications that offer rare insight into their organizational models.

Despite the prominence of ransomware in public discourse, academic research has primarily focused on technical detection and mitigation  (e.g., Alzahrani et al. 2025; McIntosh et al. 2024). In contrast, the internal structures, work routines, and negotiation strategies of RaaS groups remain understudied (Meland et al. 2020). Leaked chat logs from LockBit, BlackBasta, and Conti now offer a unique opportunity to explore these internal dynamics in detail. 

Potential Research questions of interest are, but not limited to¹:

• How are RaaS groups internally structured?

• What organizational patterns (e.g., hierarchy, division of labor) emerge from leaked communications of RaaS groups?

• How do RaaS operators negotiate with victims, and what makes a negotiation successful?

• What differences in negotiation strategy can be observed across RaaS groups such as LockBit, BlackBasta, and Conti?

• What procedural stages can be algorithmically extracted from RaaS chat data?

• What role does platform infrastructure (e.g., internal ticketing, automation, chat protocols) play in shaping RaaS group dynamics?

• …

Contact: Deinera Jechle, (öffnet neues Fenster)Prof. Dr. Marten Risius (öffnet neues Fenster)

¹The examples outline potential areas of inquiry that may serve as inspiration for developing a thesis research question. The concrete research question is to be formulated by the student in consultation with their supervisor.

Literature

Alwashali, A. A. M. A., Rahman, N. A. A., and Ismail, N. 2021. "A Survey of Ransomware as a Service (Raas) and Methods to Mitigate the Attack." pp. 92-96.

Alzahrani, S., Xiao, Y., Asiri, S., Zheng, J., and Li, T. 2025. "A Survey of Ransomware Detection Methods," IEEE Access (13), pp. 57943-57982.

Cimpanu, C. 2020. "First Death Reported Following a Ransomware Attack on a German Hospital," in: ZDNET /tech.

GuidePoint Security. 2025. "First Quarter of 2025 Sets Record for Ransomware Attacks and Threat Groups," SilconANGLE.

KnowBe4. 2025. "What Is Ransomware?," KnowBe4.

Manky, D. 2013. "Cybercrime as a Service: A Very Modern Business," Computer Fraud & Security (2013:6), pp. 9-13.

McIntosh, T., Susnjak, T., Liu, T., Xu, D., Watters, P., Liu, D., Hao, Y., Ng, A., and Halgamuge, M. 2024. "Ransomware Reloaded: Re-Examining Its Trend, Research and Mitigation in the Era of Data Exfiltration," ACM Comput. Surv. (57:1).

Meland, P. H., Bayoumy, Y. F. F., and Sindre, G. 2020. "The Ransomware-as-a-Service Economy within the Darknet," Computers & Security (92), p. 101762.

O'Kane, P., Sezer, S., and Carlin, D. 2018. "Evolution of Ransomware," IET Networks (7:5), pp. 321-327.

Reed, J. 2025. "The Current State of Ransomware: Weaponizing Disclosure Rules and More," IBM.

Richardson, R., and North, M. 2017. "Ransomware: Evolution, Mitigation and Prevention,").

Salvi, H. 2019. "Raas Ransomware-as-a-Service," International Journal of Computer Sciences and Engineering (7), pp. 586-590.

Zscaler. 2024. “Zscaler’s Annual Ransomware Report Uncovers Record-Breaking Ransom Payment of Us$75 Million, Reinforcing the Need for Zero Trust.”

In September 2020, an ransomware attack disrupted IT systems at the University Hospital of Düsseldorf, halting operations and forcing patient diversions. Tragically, a critically ill patient died due to delayed care, marking the first known fatality linked to a cyberattack on a healthcare institution (O'Neill 2020).

• High Stakes: Hospitals rely heavily on interconnected systems for patient care. Even minor disruptions can lead to life-threatening consequences (Coventry and Branley 2018).
• Financial and Operational Impact: Besides patient safety risks, ransomware attacks impose significant recovery costs and disrupt hospital workflows (Neprash et al. 2022).
• Increased Targeting: Cybercriminals use the sensitivity of healthcare services, knowing providers are more likely to pay to restore access (Neprash et al. 2022; O'Neill 2020).

➥ What are the key components of a ransomware readiness framework for hospitals? How do hospitals train staff to recognize and respond to ransomware threats? What gaps in cyber hygiene practices are most common among healthcare staff?

Literature

Coventry, L., and Branley, D. 2018. "Cybersecurity in Healthcare: A Narrative Review of Trends, Threats and Ways Forward," Maturitas (113), pp. 48-52.

Neprash, H. T., McGlave, C. C., Cross, D. A., Virnig, B. A., Puskarich, M. A., Huling, J. D., Rozenshtein, A. Z., and Nikpay, S. S. 2022. "Trends in Ransomware Attacks on Us Hospitals, Clinics, and Other Health Care Delivery Organizations, 2016-2021," JAMA Health Forum (3:12), pp. e224873-e224873.

O'Neill, P. H. 2020. "A Paitent Has Died after Ransomware Hackers Hit a German Hospital." 2024, from https://www.technologyreview.com/2020/09/18/1008582/a-patient-has-died-after-ransomware-hackers-hit-a-german-hospital/

Contact: Deinera Jechle (öffnet neues Fenster)

Red-teaming in Trust and Safety involves assembling a group of specialists to challenge the security, integrity, and effectiveness of an organization's trust and safety systems. These teams simulate adversarial behavior, such as exploiting vulnerabilities in content moderation, platform policies, or technical safeguards, to uncover weaknesses before malicious actors can exploit them. By thinking like attackers and identifying gaps in defenses, red teams help platforms proactively address issues related to misinformation, harassment, fraud, or abuse. This process fosters more robust trust and safety measures, ensuring platforms can better protect users and uphold their integrity in a constantly evolving threat landscape. A student could summarise the current state of research, compare and contrast it to red-teaming in other contexts (e.g., cybersecurity), identify use-cases alongside potential opportunities and drawbacks.

Sample reference: https://www.technologyreview.com/2024/11/21/1107158/how-openai-stress-tests-its-large-language-models/?ref=everythinginmoderation.co (öffnet neues Fenster)

Contact:   Prof. Dr. Marten Risius

Prevention against cyberattacks is crucial, as successful breaches can lead to severe financial and reputational losses (Nikkhah and Grover 2022). Companies not only implement proactive security measures to defend against cyberattacks but also stress-test their systems by conducting rigorous penetration testing and red teaming exercises.

The rise of deepfake AI fundamentally alters the work of red teams by expanding the threat landscape and necessitating more advanced defensive strategies against AI-driven deception (Mustak et al. 2023). Red teams, traditionally tasked with simulating cyberattacks, security breaches, and social engineering tactics to test an organization’s defenses, now face the challenge of countering highly realistic AI-generated content used for disinformation, fraud, and manipulation. Deepfakes introduce sophisticated attack vectors, such as impersonation of executives for business email compromise (BEC) scams, synthetic identity fraud, and AI-powered phishing campaigns that are more convincing than ever (Agrawal et al. 2024). Red teams must now incorporate GenAI and specifically deepfake detection techniques into their methodologies to stress-test systems and organizations. They also play a crucial role in training employees and executives to recognize deepfakes and respond to AI-driven social engineering attempts (Schmitt and Flechais 2024). 

Potential Research questions of interest are, but not limited to¹:

• (RQ1) How does the rise of GenAI change the work (to awarness, cognitive load, agility, volume of attacks, …) of red teams? / How does the rise of deepfake AI change the work (to awarness, cognitive load, agility, volume of attacks, …) of red teams?

• (RQ2) How can red teams adapt their methodologies to account for AI-generated deepfake threats in social engineering and phishing attacks?

• (RQ3)  How does the recognition of deepfake awarness training differ across countries/regions red team initiatives?

¹The examples outline potential areas of inquiry that may serve as inspiration for developing a thesis research question. The concrete research question is to be formulated by the student in consultation with their supervisor.

Literature

Agrawal, G., Kaur, A., and Myneni, S. 2024. "A Review of Generative Models in Generating Synthetic Attack Data for Cybersecurity," Electronics (13:2), p. 322.

Nikkhah, Hamid Reza and Grover, Varun. 2022. "An Empirical Investigation of Company Response to Data Breaches," MIS Quarterly, (46: 4) pp.2163-2196.

Mustak, M., Salminen, J., Mäntymäki, M., Rahman, A., and Dwivedi, Y. K. 2023. "Deepfakes: Deceptions, Mitigations, and Opportunities," Journal of Business Research (154), p. 113368.

Schmitt, M., and Flechais, I. 2024. "Digital Deception: Generative Artificial Intelligence in Social Engineering and Phishing," Artificial Intelligence Review (57:12), p. 324.

Contact:  Prof. Dr. Marten Risius (öffnet neues Fenster), Deinera Jechle (öffnet neues Fenster)

AI red teaming is a structured process used to identify vulnerabilities, risks, and flaws in AI systems. It involves a dedicated team (the “Red Team”) that adopts adversarial testing methods to simulate attacks and stress-test the AI model (such as contracting external experts, focus group discussions, games, CTF competitions, bounties, or grassroots jailbreaking). The specific focus of AI red teaming lies on finding harmful or biased outputs, identifying system weaknesses that could be exploited, and testing potential unintended consequences of AI deployment (e.g., for malicious purposes) (Bullwinkel et al. 2025; Feffer et al. 2024; Namiot and Zubareva 2023). Thus, AI red teaming provides transparency into AI system limitations, adding to the ongoing discussion on policy and regulatory frameworks in AI (Friedler et al. 2023).

Unlike traditional cybersecurity red teaming, which focuses on testing IT infrastructures against human-driven cyberattacks, AI red teaming requires specialized techniques to evaluate AI models for robustness, bias, and susceptibility to adversarial manipulation (Feffer et al. 2024; Longpre et al. 2024). Thus, the thesis should explore how red teams test such AI systems.

Potential Research questions of interest are, but not limited to¹:

• (RQ1) How do red teams test (different) AI systems for security?

• (RQ2) What are the limitations of current AI red teaming techniques? 

• (RQ3) What are the ethical considerations in AI red teaming?

Methodological approach can be case studies of real-world AI red teaming exercises (e.g. OpenAI, Microsoft, Defcon GRT for LLMSec, …), Interviews with cybersecurity experts and red teamers, surveys, etc.

¹The examples outline potential areas of inquiry that may serve as inspiration for developing a thesis research question. The concrete research question is to be formulated by the student in consultation with their supervisor.

Literature

Bullwinkel, B., Minnich, A., Chawla, S., Lopez, G., Pouliot, M., Maxwell, W., de Gruyter, J., Pratt, K., Qi, S., and Chikanov, N. 2025. "Lessons from Red Teaming 100 Generative Ai Products," arXiv preprint arXiv:2501.07238).

Feffer, M., Sinha, A., Deng, W. H., Lipton, Z. C., and Heidari, H. 2024. "Red-Teaming for Generative Ai: Silver Bullet or Security Theater?," Proceedings of the AAAI/ACM Conference on AI, Ethics, and Society, pp. 421-437.

Friedler, S., Singh, R., Blili-Hamelin, B., Metcalf, J., and Chen, B. J. 2023. "Ai Red-Teaming Is Not a One-Stop Solution to Ai Harms."

Longpre, S., Kapoor, S., Klyman, K., Ramaswami, A., Bommasani, R., Blili-Hamelin, B., Huang, Y., Skowron, A., Yong, Z.-X., and Kotha, S. 2024. "A Safe Harbor for Ai Evaluation and Red Teaming," arXiv preprint arXiv:2403.04893).

Namiot, D., and Zubareva, E. 2023. "About Ai Red Team," International Journal of Open Information Technologies (11:10), pp. 130-139.

Contact:  Prof. Dr. Marten Risius (öffnet neues Fenster), Deinera Jechle (öffnet neues Fenster)

“Social engineering takes advantage of human characteristics such as a willingness to help others; trust, fear or respect for authority are even exploited to manipulate people in a very clever way. Cyber criminals thus persuade their victims to share confidential information, go round security functions, send money or install malware on their personal devices or on a computer linked to a company network” (BSI).

Social engineering remains one of the greatest threats to information security. Despite advanced technical safeguards, humans are often the weakest link in the security chain (Naidoo, 2020). Attacks such as phishing, CEO fraud, pretexting, or tailgating show how human behavior can be cleverly exploited (Simon et al., 2002; Workman, 2008). With the rise of large language models (LLMs) and agentic Artificial Intelligence (AI), new risks and challenges are emerging that require systematic research (Schmitt & Flechais, 2023).

The goal of these in this area is to make a scientific contribution to the research, analysis, and prevention of social engineering attacks.

Possible topics include, but are not limited to:

• Review of LLMs in Social Engineering: Conduct a structured literature review on how Large Language Models (LLMs) are applied in social engineering. Explore their potential to increase the quality and scalability of attacks, as well as their possible role in detecting or mitigating such threats. E.g., How have Large Language Models been applied in social engineering to date, and what are their potential roles in both enabling and detecting such attacks?
• Awareness of AI-supported Social Engineering: Awareness programs must adapt to the changing nature of social engineering attacks, especially AI-driven threats such as deepfakes and LLM-generated phishing. E.g., Which training methods and content improve resilience? How can training effectiveness be measured in practice?
• Theory-driven vs. Data-driven Detection: Compare theory-based detection systems (i.e., Kernel Theory-based systems) with ML/LLM-based, data-driven approaches. E.g., Which approach detects social engineering attacks more effectively? How do plausibility and detection rates differ across approaches?
• Training Bot for Social Engineering: Design and implement an interactive training bot that generates attack scenarios guided by an explicit kernel theory of human manipulation and gives the users report on how they can protect themselves. E.g., How can kernel theory XY be formalized into a bot? Do kernel-driven bots produce more realistic and effective simulations than simple rule-based systems?
• Practice-oriented Theses in Collaboration with Industry: In cooperation with companies, practice-based research can be conducted, for example: Red teaming with AI-supported social engineering simulations; Development and evaluation of tailored training and awareness programs

References

BSI. Social Engineering - the "Human Factor". Federal Office for Information Security. Retrieved 30.09.2025 from https://www.bsi.bund.de/EN/Themen/Verbraucherinnen-und-Verbraucher/Cyber-Sicherheitslage/Methoden-der-Cyber-Kriminalitaet/Social-Engineering/social-engineering_node.html

Naidoo, R. (2020). A multi-level influence model of COVID-19 themed cybercrime. European Journal of Information Systems, 29(3), 306-321. https://doi.org/10.1080/0960085X.2020.1771222

Schmitt, M., & Flechais, I. (2023). Digital Deception: Generative Artificial Intelligence in Social Engineering and Phishing. Artif. Intell. Rev., 57, 324. 

Simon, W. L., Wozniak, S., & Mitnick, K. D. (2002). The Art of Deception: Controlling the Human Element of Security. Wiley. 

Workman, M. (2008). Wisecrackers: A theory-grounded investigation of phishing and pretext social engineering threats to information security. Journal of the American Society for Information Science and Technology, 59(4), 662-674. https://doi.org/https://doi.org/10.1002/asi.20779

Contact: Deinera Jechle (öffnet neues Fenster)

Most research on hacking and social engineering focuses on the perspectives of cybersecurity professionals (Steinmetz et al., 2019), e.g. in red-teaming exercises, penetration tests, or awareness training. While these studies are valuable, they largely neglect the so-called black hat perspective — hackers who operate outside legal and ethical boundaries.

Directly researching black hats poses major challenges: they are rarely willing to speak openly with researchers and typically avoid self-disclosure. However, podcasts such as Darknet Diaries and similar formats have successfully given (ex-)hackers a platform to share their stories and perspectives. These narratives provide unique, publicly accessible insights into motivations, techniques, and social engineering tactics “from the other side”.

The thesis aims to leverage podcast data to analyze (Kulkov et al., 2024) how black hat hackers themselves describe their practices, motivations, and techniques. The goal is to contrast these perspectives with established research and professional (red teaming) approaches, identifying similarities, differences, and blind spots in current knowledge.

Possible questions, but not limited to:

• How do black hat accounts of social engineering differ from established research findings and security professionals’ assumptions?/How do black hat hackers describe their social engineering tactics in podcasts compared to how professionals or researchers characterize them?
• Which psychological tactics, strategies, and rationalizations do black hats themselves emphasize?
• To what extent do these narratives reveal blind spots in current cybersecurity research and awareness programs?/What new or overlooked tactics emerge from podcast analysis that are absent in existing literature?
• How do black hats justify or rationalize their actions, and what does this reveal about their mindset compared to “ethical” hackers?

Expected contribution:
This thesis would not only broaden the empirical basis for social engineering research but also bridge the gap between academic understanding and black hat self-perception, potentially informing more effective awareness and defense strategies.

References

Kulkov, I., Kulkova, J., Rohrbeck, R., & Menvielle, L. (2024). Leveraging Podcasts as Academic Resources: A Seven-step Methodological Guide. International Journal of Qualitative Methods, 23, 16094069241266197. https://doi.org/10.1177/16094069241266197

Steinmetz, K., Goe, R., & Pimentel, A. (2019). On social engineering. In (pp. 173-193). https://doi.org/10.4324/9780429460593-8

Contact: Deinera Jechle (öffnet neues Fenster)

In the plant and engineering industry, the utilization of data-driven approaches has the potential to revolutionize service delivery. Companies in this sector are increasingly exploring innovative data-driven service models to enhance operational efficiency and customer satisfaction. This master's thesis aims to investigate the prerequisites necessary for the successful implementation of innovative data-driven service models in the plant and engineering industry, considering the perspectives of both service providers and service recipients.

Possible Research Objectives:

1. To identify the key prerequisites for companies in the plant and engineering industry to develop and implement data-driven service models effectively.
2. To examine the expectations and requirements of clients and customers (service recipients) within the industry regarding data-driven services and their perceived value.
3. To analyze the alignment between the prerequisites identified on the service provider side and the expectations of clients and customers, with a focus on potential gaps and areas of convergence.
4. To explore case studies of organizations within the plant and engineering industry that have successfully implemented data-driven service models to understand best practices and lessons learned.

Methodology:

1. Literature Review: Conduct an extensive review of the literature on data-driven service models (e.g., pay-per-x), literature in the plant and engineering industry, innovation, and client/customer expectations in the digital age.
2. Expert Interviews: Conduct expert interviews with clients and customers (service recipients) on their respective perspectives, prerequisites, and expectations regarding data-driven services.
3. Case Studies: Select and analyze case studies of organizations within the plant and engineering industry that have successfully implemented data-driven service models, investigating the strategies they employed and the challenges they overcame.

Expected Contributions:

1. Industry-Specific Insights: This research will provide industry-specific insights into the prerequisites necessary for the successful implementation of data-driven service models in the plant and engineering sector.
2. Alignment Insights: Findings will offer insights into the alignment (or misalignment) between service providers' efforts and the expectations of clients and customers, helping organizations bridge potential gaps and deliver more valuable data-driven services.
3. Practical Guidance: The thesis will provide practical recommendations for companies in the plant and engineering industry aiming to innovate their service models through data-driven approaches, based on empirical data and real-world case studies.

Contact: Prof. Dr. Arne Buchwald

Viele Unternehmen beschäftigen Unternehmensberater, um große und komplexe Projekte zu bewältigen. Die Arbeitsbeziehung zwischen BeraterInnen und ihren KundInnen sind vielfach noch unerforscht.

Spannende Fragestellungen sind beispielsweise:

•    Wie findet Know-how Transfer zwischen Berater und Kunde statt?
•    Welche Rolle spielt persönliche „Nähe“ zwischen Berater und Kunde (z.B. gleiches Studium) in der Projektarbeit?
•    Welche kritischen Erfolgsfaktoren (in der Beziehung zwischen Kunde und Berater) erhöhen die Chancen erfolgreicher Projektarbeit?

Ansprechpartner:  Prof. Dr. Heiko Gewald (öffnet neues Fenster)

As organizations increasingly recognize the strategic importance of data, the role of Chief Data Officer (CDO) has gained prominence. However, the responsibilities and success criteria associated with this role can vary widely across industries and organizations. This master's thesis aims to investigate the nature of the Chief Data Officer role and develop a framework for defining success metrics that can effectively measure the impact of CDOs in different organizational contexts.

Possible Research Objectives:

1. To comprehensively analyze the responsibilities and functions of Chief Data Officers across a diverse range of industries and organizations.
2. To identify key performance indicators (KPIs) and success metrics that are relevant and effective in assessing the impact and contributions of CDOs.
3. To explore case studies of organizations with successful CDO implementations, examining the strategies, challenges, and outcomes associated with their data leadership.
4. To develop a flexible framework for assessing the success of Chief Data Officers that can be tailored to the unique needs and goals of different organizations.

Methodology:

1. Literature Review: Conduct an extensive review of the literature on emerging Top Management Team (TMT) roles, on the role of Chief Data Officers, their responsibilities, and existing success metrics.
2. Expert Interviews: Conduct expert interviews with CDOs and senior executives in various industries to gather insights into their roles, responsibilities, and the metrics they use to measure success.
3. Case Studies: Select and analyze case studies of organizations that have successfully implemented the CDO role, examining their strategies, challenges, and the impact on data-driven decision-making and business outcomes.
4. Framework Development: Based on research findings, develop a flexible framework for defining success metrics for Chief Data Officers that considers the unique characteristics of different organizations.

Expected Contributions:

1. Role Clarity: This research will provide clarity on the evolving role of Chief Data Officers, shedding light on their responsibilities and functions in diverse organizational contexts.
2. Success Metrics: Findings will offer insights into effective success metrics and KPIs that can be used to evaluate the impact and contributions of CDOs.
3. Practical Guidance: The thesis will provide practical guidance for organizations seeking to establish or enhance the CDO role within their structures, including recommendations for measuring the success of CDOs in a way that aligns with their specific goals.

Contact: Prof. Dr. Arne Buchwald

The proliferation of no-code and low-code platforms has empowered non-technical employees to develop applications and automate processes without formal IT involvement. Simultaneously, the phenomenon of "Shadow IT," where employees use unauthorized software and applications, poses challenges to IT governance and security. This master's thesis aims to investigate the intricate relationship and dynamics between the adoption of no-code/low-code platforms and the prevalence of Shadow IT within organizations, exploring the potential synergies and conflicts that arise.

Possible Research Objectives:

1. To examine the adoption patterns of no-code/low-code platforms within organizations, including the motivations and challenges associated with their implementation.
2. To analyze the extent and nature of Shadow IT practices, identifying the reasons why employees resort to unauthorized software and applications.
3. To investigate the influence of no-code/low-code platforms on the emergence and evolution of Shadow IT within organizations.
4. To explore strategies and best practices for organizations to harness the potential benefits of no-code/low-code platforms while managing the associated risks of Shadow IT.

Methodology:

1. Literature Review: Conduct a comprehensive review of the literature on no-code/low-code platforms, Shadow IT, and their implications for organizational IT governance.
2. Expert Interviews: Conduct expert interviews with IT professionals, business users, and organizational leaders to gather data on the adoption of no-code/low-code platforms, Shadow IT practices, and the perceived impact on organizational dynamics.
3. Case Studies: Select and analyze case studies of organizations that have experienced the adoption of no-code/low-code platforms and assess how this adoption has influenced Shadow IT dynamics.

Expected Contributions:

1. Insights into Adoption Patterns: This research will provide insights into the motivations and challenges associated with the adoption of no-code/low-code platforms within organizations.
2. Understanding of Shadow IT: Findings will enhance our understanding of Shadow IT practices, shedding light on the reasons why employees resort to unauthorized software.
3. Relationship Dynamics: The thesis will elucidate the complex relationship and dynamics between no-code/low-code adoption and the emergence of Shadow IT.
4. Practical Guidance: The research will offer practical guidance for organizations on how to harness the benefits of no-code/low-code platforms while effectively managing Shadow IT risks.

Contact: Prof. Dr. Arne Buchwald

Digitale Gesundheitstechnologien (Websites, Plattformen, Soziale Netzwerke, Apps, Wearables, etc.) haben zum Ziel die Gesundheit und das Wohlbefinden von Konsumenten positiv zu beeinflussen.

In der Forschung ist jedoch wenig darüber bekannt, welche Faktoren die potentiellen eHealth-NutzerInnen in Ihrer Adoption und Nutzung solcher Technologien beeinflussen und welchen Einfluss eine tatsächliche eHealth-Nutzung auf Gesundheit und Wohlbefinden der NutzerInnen hat.

Entsprechend sollen auf Basis theoretischer Modelle und empirischer Studien neue Erkenntnisse zur Adoption, Nutzung und bestenfalls auch zu Auswirkungen von eHealth gewonnen werden.

Eine empirische Studie kann sowohl qualitativ (Interviews mit Konsumenten) und/oder quantitativ (Fragebogen) durchgeführt werden, wobei eine quantitative Studie bevorzugt wird. Als Probanden können sowohl die "allgemeine" Bevölkerung, aber auch spezielle Gruppen, wie SeniorInnen oder PatientInnen, dienen.

Die Auswahl der theoretischen Grundlagen/Modelle, Forschungsmethode, Zielgruppe und Art der eHealth-Technologie werden Rücksprachen mit dem Betreuer der Abschlussarbeit festgelegt.

Ansprechpartner: Prof. Dr. Heiko Gewald (öffnet neues Fenster)

Die Online Bewertung von ÄrztInnen (z.B. bei Google oder jameda) bleibt ein spannendes Thema. In Deutschland führt diese Form der Arztbewertung noch ein Schattendasein, gewinnt aber immer stärker an Bedeutung.

Interessante Fragestellungen sind beispielsweise:
•    wie funktioniert die kognitive Bewertung des Arztes beim Patienten/Patientin?
•    Warum schreiben manche PatientInnen eine Bewertung und andere nicht?
•    Kann durch kreative Maßnahmen der ÄrztInnen die Anzahl der Bewertungen gesteigert werden?

Die Festlegung des konkreten Themas erfolgt in Rücksprache.

Ansprechpartner: Prof. Dr. Heiko Gewald (öffnet neues Fenster)

Large enterprises are increasingly adopting cloud computing services and Software as a Service (SaaS) applications to enhance agility, scalability, and cost-effectiveness. However, the proliferation of SaaS subscriptions can lead to complex cost management challenges. This master's thesis aims to investigate the adoption of cloud computing in large firms, focusing on the challenges and strategies related to cost management amid the growing number of SaaS subscriptions.

Possible Research Objectives:

1. To identify the challenges and complexities associated with managing the costs of a vast number of SaaS subscriptions in large firms.
2. To investigate the strategies and best practices employed by large enterprises to effectively manage and optimize SaaS-related costs while maximizing value.

Methodology:

1. Literature Review: Conduct an extensive review of the literature on cloud computing adoption, SaaS subscriptions, and clou computing cost management.
2. Expert Interviews: Conduct expert interviews with IT professionals, finance executives, and decision-makers in large enterprises to gather data on cloud adoption, SaaS subscriptions, and cost management practices.
3. Case Studies: Select and analyze case studies of large enterprises that have successfully managed and optimized SaaS-related costs, examining their strategies, tools, and outcomes.

Expected Contributions:

1. Adoption Patterns: This research will provide insights into the patterns and drivers of cloud computing adoption, with a particular emphasis on the proliferation of SaaS subscriptions in large firms.
2. Cost Management Challenges: Findings will elucidate the challenges and complexities associated with managing a vast number of SaaS subscriptions and their associated costs.
3. Best Practices: The thesis will offer valuable best practices and strategies for large enterprises to effectively manage and optimize SaaS-related costs while maximizing value.

Contact: Prof. Dr. Arne Buchwald

Large organizations, such as Lufthansa Airlines, rely on the expertise and support of external providers to fulfill their duties. In order to steer the activities of the providers, a management system has to be established. Over the past decades, the structure of such systems has evolved with Service Level Agreements (SLAs) becoming an integral part of it. These SLAs are oftentimes customized to specific scenarios and lack standardization, hence, leading to increased administrative overhead.

This master thesis, in collaboration with Lufthansa Airlines, will address the following issues:

1. What is the status quo in SLA-driven provider management? (Methodology: Literature Analysis according to Webster & Watson (2002))
2. What are expectations on sound SLAs in airline provider management? How are SLAs currently utilized at Lufthansa Airlines to steer providers? (Methodology: Semi-structured expert interviews)
3. Development of a blueprint for the ground operations department by combining the learnings from (1) and (2) (Methodology TBD)

Ansprechpartner: Prof. Dr. Arne Buchwald

In the evolving landscape of IT outsourcing, organizations often consider transitioning from one IT outsourcing vendor to another, seeking to improve service quality, cost efficiency, and alignment with evolving business needs. At the same time, organizations often experience a decrease in the capabilities of their internal IT team to effectively steer the IT outsourcing vendor. This master's thesis aims to investigate the complex challenges associated with multi-transitions in IT outsourcing, where the internal retained IT organization's ability to manage and govern the vendor diminishes with each switch. It explores the economic, organizational, and technical implications of such transitions and seeks to identify strategies for navigating these challenges successfully.

Possible Research Objectives:

1. To analyze the economic factors driving organizations to transition from one IT outsourcing vendor to another and assess the cumulative cost implications of multiple transitions.
2. To investigate the organizational challenges arising from diminishing in-house IT steering capabilities, including the impact on governance, stakeholder alignment, and IT outsourcing vendor management.
3. To examine the technical complexities and risks involved in successive transitions and assess the impact on IT systems, data, and processes.
4. To identify best practices and strategies for organizations facing multi-transitions in IT outsourcing, focusing on mitigating challenges and optimizing vendor relationships in this evolving landscape.

Methodology:

1. Literature Review: Conduct an extensive review of the literature on IT outsourcing transitions, multi-transitions, and technical complexities.
2. Expert Interviews: Conduct expert interviews with IT professionals, decision-makers, and IT outsourcing vendor representatives from organizations that have undergone multiple IT outsourcing transitions.
3. Data Analysis: Analyze interview findings to identify common economic, organizational, and technical challenges faced during multi-transitions in IT outsourcing.
4. Case Studies: Select and analyze case studies of organizations that have successfully managed multi-transitions in IT outsourcing, examining their strategies, best practices, and lessons learned.
5. Framework Development: Develop a practical framework for organizations to assess and plan for multi-transitions in IT outsourcing, including strategies for addressing the identified challenges.

Expected Contributions:

1. Economic Insights: This research will provide insights into the economic drivers and cumulative cost implications of transitioning between IT outsourcing vendors while experiencing diminishing internal steering capabilities.
2. Organizational Challenges: Findings will shed light on the organizational challenges, including governance and stakeholder alignment, associated with successive transitions.
3. Technical Complexities: The thesis will explore the technical complexities and risks involved in multi-transitions and their impact on IT systems, data, and processes.
4. Mitigation Strategies: The research will offer practical strategies and best practices for organizations to navigate multi-transitions in IT outsourcing, optimize vendor relationships, and mitigate associated challenges.

Contact: Prof. Dr. Arne Buchwald

The landscape of cloud computing has evolved significantly in recent years, with many companies initially migrating as much of their IT operations as possible to hyperscale cloud providers. However, a growing trend is emerging, wherein organizations are considering and experimenting with bringing some of their IT functions back in-house while still relying on hyperscalers. This master's thesis aims to investigate the future of hybrid cloud computing, focusing on the shift towards companies complementing hyperscale cloud vendors with in-house IT, and the strategic implications of this shift.

Possible Research Objectives:

1. To analyze the historical context and motivations that led companies to migrate IT to hyperscale cloud providers.
2. To examine the drivers behind the recent trend of bringing some IT functions back in-house and the strategic considerations that influence this decision.
3. To assess the technical challenges and benefits associated with managing a hybrid IT environment that combines hyperscalers and in-house IT infrastructure.
4. To identify the key success factors and best practices for effectively implementing and managing a hybrid cloud strategy in the evolving landscape.

Methodology:

1. Literature Review: Conduct a comprehensive review of the literature on cloud computing.
2. Expert Interviews: Conduct expert interviews with IT professionals and decision-makers in organizations that have adopted or are considering a hybrid cloud approach. Gather insights into their motivations, challenges, and strategies.
3. Technical Analysis: Assess the technical aspects of managing a hybrid cloud environment, including compatibility, security, and performance considerations.
4. Case Studies: Analyze case studies of organizations that have successfully implemented a hybrid cloud strategy, examining their experiences, lessons learned, and outcomes.
5. Framework Development: Develop a framework of strategies and recommendations for organizations looking to navigate the transition from a hyperscale-dominated environment to a hybrid cloud model effectively.

Expected Contributions:

1. Trend Understanding: This research will provide a comprehensive understanding of the evolving trend towards hybrid cloud computing and the motivations behind it.
2. Strategic Insights: Findings will offer insights into the strategic considerations that influence organizations in bringing some IT functions back in-house while complementing hyperscale providers.
3. Technical Assessment: The thesis will assess the technical challenges and benefits of managing a hybrid IT environment, offering insights into best practices for technical implementation.
4. Practical Guidance: The research will provide practical guidance for organizations aiming to adopt and manage a hybrid cloud strategy in an evolving cloud computing landscape.

Contact: Prof. Dr. Arne Buchwald

In recent years, the world of technology has witnessed a significant transformation as Information Technology (IT) and Operational Technology (OT) have started to converge. This convergence marks a fundamental shift in how organizations manage and utilize their technological infrastructure. To put it simply, IT encompasses the technologies and systems used for data processing, networking, and general computing tasks, while OT includes the specialized technologies that control and monitor physical processes, such as machinery, sensors, and industrial equipment. The convergence of IT and OT refers to the merging of these traditionally distinct domains, creating a unified ecosystem where IT systems and applications interconnect with OT technologies. IT and OT convergence holds promise for various industries, such as manufacturing, energy, healthcare, and transportation, as it allows for more seamless data sharing, increased automation, and better control over complex operational processes. However, this transformative trend also brings challenges and implications for IT management, as it blurs the boundaries between traditional IT responsibilities and those associated with OT systems. This master's thesis aims to investigate the consequences of the IT and OT convergence for IT management, focusing on the changes in roles, responsibilities, and strategies required to effectively navigate this evolving landscape.

Possible Research Objectives:

1. To investigate the specific consequences of IT and OT convergence on IT management practices, including changes in roles, responsibilities, and skillsets.
2. To assess the impact of IT and OT convergence on IT governance, cybersecurity, and risk management strategies.
3. To identify best practices and strategies for organizations to adapt their IT management frameworks to the demands of a converged IT and OT environment.

Methodology:

1. Literature Review: Conduct a comprehensive review of the literature on IT and OT convergence, the drivers behind the trend, and the implications for IT management.
2. Expert Interviews: Conduct expert interviews with IT professionals, decision-makers, and experts in organizations that have attempted to integrate their IT and OT.
3. Data Analysis: Analyze interview data to identify common consequences and challenges in IT management practices.
4. Framework Development: Develop a practical framework of strategies and recommendations for organizations to adapt their IT management to the demands of a converged environment.

Expected Contributions:

1. Convergence Understanding: This research will provide a comprehensive understanding of the motivations and drivers behind IT and OT convergence and its implications for organizations.
2. IT Management Consequences: Findings will offer insights into the specific consequences of IT and OT convergence on IT management practices, including changes in roles, responsibilities, and skillsets.
3. Governance and Security Impact: The thesis will assess the impact of IT and OT convergence on IT governance, cybersecurity, and risk management, highlighting strategies to mitigate risks.
4. Practical Guidance: The research will provide practical recommendations and best practices for organizations to adapt their IT management frameworks to effectively manage the demands of a converged IT and OT environment.

Contact: Prof. Dr. Arne Buchwald

Durch den demografischen Wandel rücken verstärkt alternde Menschen in den Fokus von Gesellschaft und Wirtschaft: Steigende Gesundheitsrisiken, zunehmende gesellschaftliche Isolation, sinkende Selbstbestimmung.

Die zunehmende Digitalisierung schafft – beispielsweise durch soziale Plattformen, IT-Wearables und mobile Applikationen – völlig neue Möglichkeiten das allgemeine Wohlbefinden, soziale Inklusion, aktive Gesundheitsvorsorge und somit ein längeres, selbstbestimmtes Leben der alternden Bevölkerung zu erreichen.

Voraussetzung zur Entfaltung dieser Potenziale ist allerdings, dass Menschen bzw. SeniorInnen von diesen Technologien Gebrauch machen – und die tatsächliche Nutzung dieser Technologien durch SeniorInnen findet oft nur in geringem Maße statt. Menschen in höherem Alter tendieren oft zur Aussage "Ich bin zu alt für Computer" – sie stellen ihre Alter in Zusammenhang mit Technologie-Nutzung. Es zeigt sich jedoch auch, dass Menschen sich oft nicht "so alt fühlen" wie sie eigentlich sind: Subjektives Alter und chronologisches Alter stehen nicht immer im Einklang.

In der Forschung ist wenig darüber bekannt, welchen Einfluss diese subjektive Einschätzung des eigenen Alters auf die IT-Akzeptanz und -Nutzung hat. Entsprechend sollen in dieser Abschlussarbeit konzeptionelle und theoretische Grundlagen aus der "Altersforschung" aus der Literatur abgeleitet werden und anhand einer empirischen Studie im Kontext von IT-Akzeptanz erprobt werden.Die konkrete Ausgestaltung des Themas erfolgt in Rücksprache.

Ansprechpartner: Prof. Dr. Heiko Gewald (öffnet neues Fenster)

Durch den demografischen Wandel rücken verstärkt alternde Menschen in den Fokus von Gesellschaft und Wirtschaft: Steigende Gesundheitsrisiken, zunehmende gesellschaftliche Isolation, sinkende Selbstbestimmung.

Die zunehmende Digitalisierung schafft einen bislang wenig betrachteten Problemkreis. Für praktisch jede Software, Hardware, Apps etc. müssen sich die NutzerInnen authentifizieren, üblicherweise durch die Eingabe eine PIN bzw. eines Passwortes.

Die alternde Gesellschaft hat jedoch mit zwei Problemen zu kämpfen: Abnehmende Gedächtnisleistung und sinkende motorische Fähigkeiten. Passworte werden leicht vergessen, biometrische Erkennung und die Eingabe von Passworten werden bspw. durch zitternde Finger erschwert.

Wenn immer mehr Tätigkeiten digitalisiert werden, bei gleichzeitig immer älter werdender Gesellschaft, stehen wir hier vor einem Dilemma. Gesucht werden kreative Mechanismen, wie sich NutzerInnen sicher und zweifelsfrei authentifizieren können, unter Berücksichtigung der oben skizzierten Probleme.

Forschungsmethodisch steht ein breites Spektrum von Interviews und Befragungen über kontrollierte Experimente und die Nutzung des Usability Labs an der HNU zur Verfügung.

Dieses Thema kann daher auch von mehreren Studierenden unabhängig voneinander bearbeitet werden.

Die konkrete Ausgestaltung des Themas und des empirischen Vorgehens wird in enger Abstimmung mit dem Betreuer festgelegt.

Ansprechpartner: Prof. Dr. Heiko Gewald (öffnet neues Fenster)

Die präzise Erkennung emotionaler Zustände spielt eine zunehmend wichtige Rolle in verschiedensten Anwendungsbereichen – von Kundeninteraktion über mentale Gesundheitsversorgung bis hin zur Mensch-Maschine-Kommunikation. Besonders das gesprochene Wort bietet vielfältige Hinweise auf emotionale Befindlichkeiten, etwa durch Stimmfarbe, Intonation oder Sprechgeschwindigkeit. Die automatisierte Extraktion solcher emotionaler Informationen aus Sprache eröffnet neue Möglichkeiten, Systeme empathischer, adaptiver und kontextsensitiver zu gestalten.

Trotz großer Fortschritte in der Sprachverarbeitung stellt die emotionale Analyse gesprochener Sprache nach wie vor eine Herausforderung dar – insbesondere im deutschsprachigen Raum. Die Gründe dafür sind vielfältig: Zum einen handelt es sich um ein relativ junges Forschungsfeld. Zum anderen bestehen kulturell und sprachlich bedingte Unterschiede in der stimmlichen Expression von Emotionen, was die direkte Übertragung bestehender Modelle (z. B. aus dem Englischen) erschwert. Die Datengrundlage für emotionale Sprachmodelle im Deutschen ist bislang begrenzt und heterogen.

Bevor neue Datensätze erhoben oder Modelle trainiert werden, stellen sich zentrale forschungsleitende Fragen:

• Wie zuverlässig lassen sich Emotionen allein aus gesprochener Sprache extrahieren?
• Welche Rolle spielen dabei Kontextfaktoren wie Sprechsituation, Sprecherprofil oder kulturelle Normen?
• Welche sprachlichen und parasprachlichen Merkmale sind besonders relevant?
• Wie kann eine datenschutzkonforme Erhebung und Verarbeitung emotionaler Sprachdaten gestaltet werden?
• Welche ethischen und gesellschaftlichen Implikationen ergeben sich aus der automatisierten Emotionserkennung?

Diese und weitere Fragestellungen können im Rahmen einer Abschlussarbeit adressiert werden. Die konkrete Ausgestaltung des Themas sowie die methodische Herangehensweise erfolgen in enger Abstimmung mit der betreuenden Person und orientieren sich an individuellen Interessen und Kompetenzen.

Ansprechpartner: Prof. Dr. Heiko Gewald (öffnet neues Fenster)

Subjektives Wohlbefinden hat sich in den vergangenen Jahrzehnten von einem primär psychologischen Konzept zu einem zentralen Bestandteil gesundheitsbezogener Forschung und Politik entwickelt (Diener et al. 2003; OECD 2013; World Health Organizaiton 2020). Neben seiner Bedeutung als Indikator für Lebensqualität gewinnt es zunehmend an Relevanz in der Alternsforschung sowie in gesundheitsökonomischen Bewertungen (Steptoe et al. 2015).

Langzeitstudien legen nahe, dass subjektives Wohlbefinden über längere Zeiträume hinweg relativ stabil bleibt – ein Befund, der in der Set-Point Theory theoretisch gefasst wurde (Brickman 1971). Dieses Modell geht davon aus, dass Individuen nach positiven oder negativen Lebensereignissen zu einem stabilen Wohlbefindensniveau zurückkehren.

Neuere Forschungsarbeiten stellen diese Annahme jedoch zunehmend infrage: Headey (2007) und Lucas (2007) zeigen, dass unter bestimmten Umständen – etwa bei einschneidenden Lebensereignissen oder wiederkehrenden Belastungen – dauerhafte Veränderungen im subjektiven Wohlbefinden auftreten können. Eine weiterführende Perspektive bietet die Shifting Baseline Theory (Cohen-Mansfield 2011), die argumentiert, dass sich individuelle Wohlbefindensreferenzen über Zeit hinweg neu justieren, etwa im Zuge von Altern, Krankheit oder Veränderungen im sozialen Umfeld.

Diese Abschlussarbeit zielt darauf ab, diese theoretischen Überlegungen in ein sprachbasiertes maschinelles Lernmodell zu überführen. Auf Grundlage einmaliger Sprachaufnahmen sowie zugehöriger WHO-QOL-Scores sollen individuelle Wohlbefindensmuster erkannt und potenzielle Abweichungen davon modelliert werden.Die Arbeit baut auf den methodischen Grundlagen von Finze et al. (2024) auf, die nachweisen, dass Sprachdaten als valide Prädiktoren für subjektives Wohlbefinden genutzt werden können.

Ziel der Arbeit ist:

• Die Modellierung einer Wohlbefindens Baselines aus Sprachmustern ohne wiederholte Daten
• Die Erkennung von Abweichungen z.B. über cluster- oder embeddingbasierte Vergleichswerte
• Theoretische Einbettung in die Diskussion um stabile vs. dynamische Wohlbefindensniveaus

Ansprechpartner:Prof. Dr. Heiko Gewald, (öffnet neues Fenster)

Literatur

Brickman, P. 1971. "Hedonic Relativism and Planning the Good Society," Adaptation level theory), pp. 287-301.

Cohen-Mansfield, J. 2011. "The Shifting Baseline Theory of Well-Being: Lessons from across the Aging Spectrum," Understanding Well-Being in the Oldest Old), pp. 46-64.

Diener, E., Oishi, S., and Lucas, R. 2003. "Personality, Culture, and Subjective Well-Being: Emotional and Cognitive Evaluations of Life," Annual review of psychology (54), pp. 403-425.

Finze, N., Jechle, D., Faußer, S., and Gewald, H. 2024. "How Are We Doing Today? Using Natural Speech Analysis to Assess Older Adults’ Subjective Well-Being," Bus Inf Syst Eng (66), pp. 321–334.

Headey, B. 2007. "The Set-Point Theory of Well-Being Needs Replacing: On the Brink of a Scientific Revolution?,").

Lucas, R. E. 2007. "Adaptation and the Set-Point Model of Subjective Well-Being: Does Happiness Change after Major Life Events?," Current directions in psychological science (16:2), pp. 75-79.

OECD. 2013. "Guidelines on Measuring Subjective Well-Being," Paris.

Steptoe, A., Deaton, A., and Stone, A. A. 2015. "Subjective Wellbeing, Health, and Ageing," Lancet (385:9968), pp. 640-648.

World Health Organizaiton. 2020. "Constitution of the World Health Organization."   Retrieved 9 Nov 2024, from https://www.who.int/about/accountability/governance/constitution

Die Alzheimer-Krankheit (AD) ist die häufigste Form der Demenz. Aufgrund der steigenden durchschnittlichen Lebenserwartung, insbesondere in den entwickelten Gesellschaften, nimmt die Zahl der Betroffenen stetig zu.

Da AD durch ein allmähliches Verschwinden des Gedächtnisses und anderer kognitiver Funktionen, insbesondere auch der Sprache, bereits in frühen Stadien definiert ist, liegt es auf der Hand, dass gerade letztere untersucht werden sollten.
Vor allem Methoden des maschinellen Lernens haben sich als sehr ermutigend erwiesen. Es fehlt jedoch an Forschung zu mobilen Anwendungen in Bezug auf das Diagnoseverfahren.

Diese Abschlussarbeit hat das Ziel einen konzeptionellen Rahmen zu entwickeln, der für den Einsatz in einer mobilen Anwendung geeignet ist, die mit Hilfe von maschinellen Lernverfahren den Diagnoseprozess durch die Erkennung pathologischer Sprachmuster unterstützt.

Die genaue Ausgestaltung des Themas und des Vorgehens wird in enger Abstimmung mit dem Betreuer festgelegt.

Ansprechpartner:  Prof. Dr. Heiko Gewald

Adversaries are perpetually devising sophisticated methods to circumvent security measures, as online platforms increasingly rely on AI-driven systems to identify and mitigate harmful content. Evasion techniques include technical strategies such as adversarial perturbations on images, leetspeak in text, or cross-modal manipulation, as well as behavioural tactics like using coded language or algospeak and taking advantage of policy flaws. There is increasing recognition of the vulnerabilities of multimodal moderation systems, particularly with regard to adversarial patches, prompt-based jailbreaks targeting language models, and synthetic media. Such workarounds raise concerns about the reliability of AI tools and highlight technical shortcomings. For instance, systems may face scalability challenges when confronted with coordinated attacks or an arms race of adversarial tactics. A student could systematically review documented evasion techniques, develop a taxonomy of attack categories for (1) visual or (2) text material, implement and test selected adversarial methods against open-source moderation models, assess the effectiveness of current defence strategies, and propose recommendations for making AI-based moderation systems more resilient.

Sample reference: https://nvlpubs.nist.gov/nistpubs/ai/NIST.AI.100-2e2023.pdf, https://dl.acm.org/doi/10.1145/3270101.3270103 (öffnet neues Fenster), https://journals.sagepub.com/doi/full/10.1177/20563051231194586

Contact: Nils Riekers, (öffnet neues Fenster)Prof. Dr. Marten Risius (öffnet neues Fenster)

The emergence of AI-powered “nudify” websites—tools that generate non-consensual intimate images—has led to an industrial-scale form of image-based abuse. Recent studies suggest that just 18 of these services generated between $2.6 million and $18.4 million in six months, and highlighted their ongoing reliance on mainstream infrastructure providers such as Amazon, Cloudflare, Google, and payment processors like PayPal and Coinbase.

This thesis investigates the ecosystem that enables the growth and monetization of these abuse tools, including:

• the use of sponsored social media ads to promote nudification tools (e.g., on Facebook/Instagram),
• the role of major hosting, payment, and authentication providers, and
• regulatory gaps under current EU digital safety frameworks (e.g., the Digital Services Act and GDPR).

The thesis may, for example, combine ad library research, source code analysis, and policy evaluation, surveys or interviews to produce concrete recommendations for trust and safety teams, platforms, and regulators.

Sample References: https://www.wired.com/story/ai-nudify-websites-are-raking-in-millions-of-dollars, https://assets.publishing.service.gov.uk/media/6878b4b80263c35f52e4dce2/Digital_violence_real_world_harm_evaluating_survivor_centric_tools_for_intimate_image_abuse_in_the_age_of_generative_AI.pdf, https://link.springer.com/content/pdf/10.1007/s11229-022-04012-2.pdf 

Contact: Prof. Dr. Marten Risius (öffnet neues Fenster)

With countries like Australia introducing mandatory age limits for social media access and Germany actively considering similar regulations, the need for reliable, privacy-conscious, and enforceable age verification mechanisms has become urgent. This thesis aims to address this challenge by designing, implementing, and evaluating a novel framework for age verification tailored to social media platforms.

The research begins with a comprehensive review of current age verification techniques—ranging from self-declaration methods to biometric and third-party verification services—analyzing their strengths, weaknesses, ethical implications, and regulatory compliance. Based on the findings, the thesis develops a prototype age verification system that balances user privacy, accuracy, accessibility, and legal adequacy.

The prototype could be evaluated through simulated user interactions, expert interviews, and technical assessments, focusing on effectiveness, user experience, and resistance to circumvention. The study contributes practical guidance for policymakers and platform developers seeking compliant and ethical solutions in the evolving landscape of online safety and digital rights.

Sample reference: https://ec.europa.eu/commission/presscorner/detail/en/ip_25_1820, https://www.mdpi.com/2079-9292/13/16/3259, https://quire.substack.com/p/what-will-influence-companies-child 

Contact: Prof. Dr. Marten Risius (öffnet neues Fenster)

Harmful content (e.g., fake news, hate speech, extremist propaganda, conspiracy theories) proliferates widely on social media. While such content drives engagement and is integral to many platforms’ business models, it also has demonstrably negative effects on individuals. Consequently, regulatory bodies (e.g., the EU) enforce the removal of harmful content. 

In response, social media platforms have developed a wide range of moderation mechanisms, including the removal of posts or accounts, shadowbanning, or the application of warning labels. Reddit applies a unique approach by allowing each subreddit to define its own community rules. These rules are constantly present in the user’s environment; however, the effectiveness of simply displaying the rules alongside the actual content remains largely unexplored. It is unclear under which conditions (i.e., how and when) users notice, understand, and follow these rules, and how this awareness of the rules influences user behavior on social media platforms. 

This thesis aims to address this gap by investigating users’ perception of moderation mechanisms through an eye-tracking experiment conducted in the HNU eye-tracking laboratory. The study will examine whether individuals attend to and cognitively process moderation cues—such as community rules—during naturalistic interactions with social media content. Therefore, this study will shed light on the question of which mechanism(s) constitute adherence (e.g., non-violations of the displayed rules) to community rules on platforms employing a decentralized content moderation system, such as Reddit. 

The main tasks for the student will be: 

• Creating the experimental stimuli and setting up the study in the HNU eye-tracking laboratory,
• Designing a study that effectively addresses the research question,
• Conducting the experiment, collecting data, and performing data analysis. 

 Contact: Marco Dürr, (öffnet neues Fenster)Prof. Marten Risius (öffnet neues Fenster)

Sample reference for an overview on content moderation: https://doi.org/10.1007/s12599-024-00905-3 (öffnet neues Fenster)  

The Fediverse is a decentralized network of interconnected social media platforms that allow users to share content and interact across different services without relying on a single company or central authority. Unlike traditional platforms like Twitter or Facebook, the Fediverse is made up of independent servers (called instances) that operate together using open protocols, such as ActivityPub. Users can join an instance that aligns with their interests or values but still communicate with people on other instances seamlessly, much like emailing someone on a different provider. This structure promotes user control, data privacy, and a more diverse online community. A student could summarise the current state of research and explore the unique opportunities or challenges for content moderation.

Sample reference: https://asml.cyber.harvard.edu/fediverseobservatory/ (öffnet neues Fenster)

Contact:   Prof. Dr. Marten Risius

With the rise of online video platforms and short-form video formats, individuals, groups, and organizations increasingly use videos to spread harmful content, including hate speech. The sheer scale and speed of video uploads make manual moderation infeasible. Detecting such content requires the joint analysis of spoken words, on-screen text, visual symbols, and temporal context, making it markedly harder than single-modality moderation. Harmful content is often subtle or context-dependent, using coded language and visual metaphors that evade simple keyword or image matching. A range of detection techniques has been proposed for this purpose, with AI-based tools emerging as the most promising approach. Recent advances in multimodal architectures have improved detection capabilities, yet many challenges remain, including cross-lingual and cross-cultural detection. Evaluation must consider both accuracy and real-world applicability, such as latency and scalability. Automated systems must be designed with transparency and fairness in mind to maintain user trust and avoid unwarranted censorship. A student could summarise the state of research, catalogue available datasets, benchmark current approaches, explore model adaptation on curated subsets, and devise evaluation protocols that better capture real-world moderation constraints.

Sample references: https://ojs.aaai.org/index.php/ICWSM/article/view/35951/38105

Contact: Nils Riekers, (öffnet neues Fenster)Prof. Dr. Marten Risius (öffnet neues Fenster)

Foreign Information Manipulation and Interference (FIMI), a term popularized by EU policy frameworks, refers to coordinated state-backed campaigns that spread false or misleading information to manipulate public discourse and destabilize democratic systems. While the political consequences of such campaigns are increasingly studied, far less attention has been paid to how FIMI tactics target or affect private enterprises. In Germany and across Europe, companies have faced reputational harm, internal disruption, and operational risk due to being falsely implicated in foreign-backed disinformation campaigns. 

This thesis explores the extent, mechanisms, and real-world impacts of FIMI on organizations. The study proceeds in two parts. First (1), it identifies emblematic FIMI campaigns that have demonstrably targeted or affected businesses. For example, Russia-linked operations such as “Doppelganger” and “Storm 1516” have used mass media impersonation, deepfakes, and false flag tactics to implicate German companies and political actors in fabricated scandals. Other operations have falsely portrayed companies as complicit in conspiracies regarding migration, climate policies, or COVID-19. 

Second (2), the thesis will include an empirical component: a structured survey of employees across one or more selected companies in Germany. The survey will examine awareness of FIMI, perceived exposure to disinformation, and internal measures for response or mitigation. Special focus will be given to sectors vulnerable to politicized narratives (e.g., energy, pharmaceuticals, tech). It will also assess whether employees have experienced secondary effects of disinformation, such as increased customer distrust, internal confusion, or targeted harassment.

Combining qualitative case analysis with empirical data, the thesis aims to understand how foreign state actors may be reshaping the information environments of businesses –  intentionally or as collateral damage. It will explore questions of corporate resilience, information hygiene, and whether current defenses (e.g., fact-checking units, legal remedies, or digital crisis management) are sufficient.

Sample reference: https://doi.org/10.1057/ejis.2010.2,  https://www.disinfo.eu/wp-content/uploads/2025/07/20250714_Disinfo-landscape-in-Germany-v2.pdf  

Contact: Dr. Adeline Frenzel-Piasentin, (öffnet neues Fenster)Prof. Dr. Marten Risius (öffnet neues Fenster)

The term incel (“involuntary celibate”) refers to men who define themselves by their perceived inability to form sexual or romantic relationships with women. Online incel communities are considered one of the most extremist strands of the broader “manosphere” (Ging 2019), marked by misogynistic worldviews and fatalistic beliefs summarized in the so-called blackpill ideology (Rothermel 2022). Dedicated forums such as incels.is as well as social media platforms like YouTube (Papadamou et al. 2021) and TikTok (Solea & Sugiura 2023) provide spaces for emotional venting and extremist messaging. Incel beliefs have been linked to more than 50 murders since 2014 (Lindsay 2022).

While pathways into inceldom and radicalization are increasingly studied (Sparks et al. 2024; Moskalenko et al. 2022; Miller 2024, Meier and Sharp 2024), processes of disengagement remain underexplored compared to more traditional forms of extremism (Hart & Huber 2023). A promising entry point is the Reddit community r/incelexit, which explicitly supports individuals who want to leave the incel worldview behind. The forum (22k members in 2025) brings together current and former incels as well as activists offering advice and support. Previous qualitative research based on r/inceexit has highlighted self-improvement, community involvement, and disruption of incel rhetoric as key disengagement strategies (Gheorghe & Yuzva Clement 2023). Burns and Boisland (2024) further described disengagement as a gradual process, involving a desire to date, attempts at ideological change, and struggles to fully exit inceldom.

However, existing studies rely on small qualitative samples. Larger-scale analyses remain absent. For this reason, this thesis will use the r/incelexit dataset published by Golbeck (2024) on the Harvard Dataverse, containing over 20,000 posts. Computational text analysis methods such as topic modeling (Vayansky & Kumar 2020; Churchill & Singh 2022) offer the opportunity to map disengagement trajectories on a broader scale.

Possible research questions include but are not limited to:

• What are the central themes in discussions about disengaging from online extremism?
• What opportunities for moving users to disengage from online extremism can we deduct from the conversations?

Contact: Christopher David, (öffnet neues Fenster)Prof. Dr. Marten Risius (öffnet neues Fenster)

Sources:

Abdelrazek, A., Eid, Y., Gawish, E., Medhat, W., and Hassan, A. 2023. "Topic Modeling Algorithms and Applications: A Survey," Information Systems (112), p. 102131.

Burns, L.-M., and Boislard, M.-A. 2024. "“I’m Better Than This”: A Qualitative Analysis of the Turning Points Leading to Exiting Inceldom," The Journal of Sex Research), pp. 1–17.

Churchill, R., and Singh, L. 2022. "The Evolution of Topic Modeling," ACM Comput. Surv. (54:10s), p. Article 215.

Gheorghe, R. M., and Yuzva Clement, D. 2023. "‘It's Time to Put the Copes down and Get to Work’: A Qualitative Study of Incel Exit Strategies on R/Incelexit," Behavioral Sciences of Terrorism and Political Aggression), pp. 1–21.

Ging, D. 2019. "Alphas, Betas, and Incels: Theorizing the Masculinities of the Manosphere," Men and Masculinities (22:4), pp. 638–657.

Goldbeck, J. 2024. "A Dataset for the Study of Online Radicalization through Incel Forum Archives," Journal of Quantitative Description: Digital Media (4).

Hart, G., and Huber, A. R. 2023. "Five Things We Need to Learn About Incel Extremism: Issues, Challenges and Avenues for Fresh Research," Studies in Conflict & Terrorism), pp. 1–17.

Lindsay, A. (2022). Swallowing the Black Pill: Involuntary Celibates’ (Incels) Anti Feminism within Digital Society. International Journal for Crime, Justice and Social Democracy, 11(1), 210–224. https://doi.org/10.5204/ijcjsd.2138 

Meier, M. L., & Sharp, K. (2024). Death to Chad and Stacy: Incels and anti-fandom as group identity. International Journal of Cultural Studies, 27(3), 349–367. https://doi.org/10.1177/13678779231220056 

Miller, S. (2024). Supreme Gentlemen: The Path of Radicalization for the Incel Community’s Lone Wolves. Terrorism and Political Violence, 36(6), 818–833. https://doi.org/10.1080/09546553.2023.2202779 

Moskalenko, S. G., J. F.-G., Kates, N., & Morton, J. (2022). Incel Ideology, Radicalization and Mental Health: A Survey Study. The Journal of Intelligence, Conflict, and Warfare, 4(3), 1–29.

Papadamou, K., Zannettou, S., Blackburn, J., Cristofaro, E. D., Stringhini, G., & Sirivianos, M. (2021). "How over is it?" Understanding the Incel Community on YouTube. Proc. ACM Hum.-Comput. Interact., 5(CSCW2), Article 412. https://doi.org/10.1145/3479556 

Solea, A. I., and Sugiura, L. 2023. "Mainstreaming the Blackpill: Understanding the Incel Community on Tiktok," European Journal on Criminal Policy and Research (29:3), pp. 311–336.

Sparks, B., Zidenberg, A. M., & Olver, M. E. (2024). One is the loneliest number: Involuntary celibacy (incel), mental health, and loneliness. Current Psychology, 43(1), 392–406. https://doi.org/10.1007/s12144-023-04275-z 

Vayansky, I., & Kumar, S. A. P. (2020). A review of topic modeling methods. Information Systems, 94, 101582. https://doi.org/https://doi.org/10.1016/j.is.2020.101582 

Large Language Models (LLMs) like ChatGPT, Gemini, and Claude have rapidly become fixtures in digital information consumption. However, their susceptibility to manipulation through so-called “LLM grooming” has raised urgent concerns. LLM grooming refers to deliberate, large-scale efforts to seed the internet with targeted disinformation in hopes that such material will be absorbed into LLM training datasets – or cited during real-time web searches – thereby shaping model outputs. Malicious actors, e.g., Russian state-aligned networks such as the “Pravda network,” are engaging in this emerging form of information warfare.

The thesis has three interconnected goals. First (1), it aims to outline the mechanics of LLM grooming attacks: how high-volume, low-quality disinformation content is systematically produced, translated, and disseminated through poorly designed but highly active web domains, e.g., the Portal Kombat ecosystem, which currently produces over 3 million pro-Kremlin propaganda articles annually, with strong indicators of targeting LLMs as its primary audience). Second (2), the thesis presents a case-based analysis of how these attacks manifest in practice. It will review incidents where LLMs (e.g., GPT-4o) reproduced falsehoods directly sourced from known disinformation outlets. Example prompts – such as those regarding the Ukraine conflict or NATO weapon systems – will be tested to evaluate how and when LLMs fail to reject tainted content. Third (3), the thesis develops a proof-of-concept defense strategy. This may include simulating small-scale grooming attempts to probe model vulnerabilities, evaluating model behavior with and without real-time search, and identifying key risk factors (e.g., low editorial coverage, source repetition, ambiguous prompts). Based on this, the work proposes potential safeguards (e.g., content provenance tracking or training data deduplication) to better detect and neutralize grooming attempts.

Drawing on methods from computational social science, adversarial machine learning, and open-source intelligence (OSINT), this research aims to shed light on a novel, underexplored threat to the epistemic reliability of AI. Ultimately, the thesis seeks to understand not only how LLMs are being manipulated, but also how to build them to resist the next generation of information operations.

Sample reference: https://doi.org/10.1007/s12599-024-00851-0, https://americansunlight.substack.com/p/bad-actors-are-grooming-llms-to-produce 

Contact: Dr. Adeline Frenzel-Piasentin, (öffnet neues Fenster)Prof. Dr. Marten Risius (öffnet neues Fenster)

Harmful narratives are proliferating across online platforms at an alarming rate, yet their full scope remains largely uncharted—terms commonly found in this rhetoric such as autocratic appeal, delegitimization, and conspiratorial framing are central to this approach. A student working in this framework would begin by filtering an existing Reddit corpus to extract posts and comments exhibiting anti-democratic or authoritarian sentiment, then apply unsupervised topic-modeling methods to cluster these items into coherent narrative themes (for example, elite betrayal, national decline, or purity restoration) and analyze how they propagate and interconnect. As an extension, the same pipeline can be run on mainstream, non-harmful forums to contrast everyday discourse with extremist narratives. To deepen the analysis, the student could also collaborate with the READ project, comparing Reddit-derived narrative clusters with those found in extremist group manifestos to highlight common threads and divergences between informal online rhetoric and formal ideological texts.

Sample Reference: https://doi.org/10.1177/20563051251331748 

Contact: Marco Dürr, (öffnet neues Fenster)Prof. Dr. Marten Risius (öffnet neues Fenster)

Romance scams (sometimes also referred to as “sextortion”) —where individuals are threatened with the public release of intimate images or videos—have become an increasingly widespread form of online abuse. Despite the growing scale of the phenomenon, little is known about how victims perceive the threat, rationalize their decisions, and choose between options such as paying, reporting, or ignoring the scam.

This thesis aims to explore how victims of sextortion understand and respond to the threats they face, focusing particularly on the psychological and contextual factors that shape their behavior, for example, to explore how perceived severity, vulnerability, self-efficacy, and response efficacy influence decision-making. It may also focus on particular group behaviors (e.g., Yahoo Boys). The student may draw on behavioral, psychological, or sociotechnical theories such as Protection Motivation Theory (PMT) as a conceptual lens, but also pursue computationally Intensive Theory Construction, digital ethnographic approaches, case studies or others.

As a primary empirical source, the thesis may analyze user-generated posts from publicly available forums such as Scam Survivors, which contains thousands of first-person narratives of sextortion experiences. 

Sample reference: https://journals.sagepub.com/doi/full/10.1177/15248380241277271, https://www.scamsurvivors.com/forum/, https://www.digitaljournal.com/tech-science/ai-powered-nudify-apps-fuel-deadly-wave-of-digital-blackmail/article (öffnet neues Fenster)  

Contact: Prof. Dr. Marten Risius (öffnet neues Fenster)

Confirmation bias is a central blind spot of the mental immune system and is ubiquitous among humans. It refers to the unconscious tendency to seek out information that reinforces existing beliefs, while disregarding contradictory evidence; sometimes completely, in extreme cases. This bias becomes especially problematic when individuals are persuaded into adopting harmful attitudes through exposure to manipulative content on social media. For example, disinformation can convince individuals to adopt false beliefs about climate change and other highly consequential topics, thereby distorting their information environment. Once individuals fall prey to confirmation bias, they subconsciously ignore information that conflicts with their existing (false) beliefs and are drawn deeper into a spiral of increasingly harmful attitudes. 

Prebunking offers a preventive approach to addressing this problem. Unlike debunking, which seeks to correct falsehoods after the fact, prebunking aims to build resistance to disinformation by preemptively exposing individuals to refutations of common manipulation techniques. This method has been successfully applied to inoculate individuals against persuasion tactics such as conspiracy theories or online scams. Recently, research in this field has emphasized the importance of targeting specific thinking styles for prebunking interventions (see sample reference). 

The aim of this thesis is to develop and empirically test a prebunking intervention that specifically addresses the phenomenon of confirmation bias. The intervention will focus on fostering awareness of the bias, equipping individuals with strategies to mitigate it, and cultivating a mindset that values openness to opposing viewpoints and effective information-seeking practices. The modality of the intervention could be a text- or visuals-based online intervention or an online gamified prebunking session. 

The main tasks for the student will be: 

• Developing the prebunking intervention,
• Designing an appropriate study to test its effectiveness,
• Conducting the study with social media users. 

 Contact:Marco Dürr, (öffnet neues Fenster)Prof. Marten Risius (öffnet neues Fenster)

Sample reference: https://www.sciencedirect.com/science/article/pii/S002210312500099X (öffnet neues Fenster)  

Confirmation bias is a central blind spot of the mental immune system and is ubiquitous among humans. It refers to the unconscious tendency to seek out information that reinforces existing beliefs, while disregarding contradictory evidence; sometimes completely, in extreme cases. This bias becomes especially problematic when individuals are persuaded into adopting harmful attitudes through exposure to manipulative content on social media. For example, disinformation can convince individuals to adopt false beliefs about climate change and other highly consequential topics, thereby distorting their information environment. Once individuals fall prey to confirmation bias, they subconsciously ignore information that conflicts with their existing (false) beliefs and are drawn deeper into a spiral of increasingly harmful attitudes. 

Prebunking offers a preventive approach to addressing this problem. Unlike debunking, which seeks to correct falsehoods after the fact, prebunking aims to build resistance to disinformation by preemptively exposing individuals to refutations of common manipulation techniques. This method has been successfully applied to inoculate individuals against persuasion tactics such as conspiracy theories or online scams. Recently, research in this field has emphasized the importance of targeting specific thinking styles for prebunking interventions (see sample reference). 

The aim of this thesis is to develop and empirically test a prebunking intervention that specifically addresses the phenomenon of confirmation bias. The intervention will focus on fostering awareness of the bias, equipping individuals with strategies to mitigate it, and cultivating a mindset that values openness to opposing viewpoints and effective information-seeking practices. The modality of the intervention could be a text- or visuals-based online intervention or an online gamified prebunking session. 

The main tasks for the student will be: 

• Developing the prebunking intervention, 
• Designing an appropriate study to test its effectiveness, 
• Conducting the study with social media users. 

 Contact:Marco Dürr, (öffnet neues Fenster)Prof. Marten Risius (öffnet neues Fenster)

Sample reference: https://www.sciencedirect.com/science/article/pii/S002210312500099X (öffnet neues Fenster)  

This thesis applies and adapts the Dynamic Matrix of Extremisms and Terrorism (DMET) framework as outlined in the GIFCT Taxonomy Report to conduct a detailed analysis of extremist discourse on Reddit. The research leverages a large Reddit dataset drawn from forums known for hosting or tolerating extremist rhetoric (e.g., archived subreddits, niche ideological communities). Posts and comments are then annotated or classified according to a modified DMET schema. To operationalize the framework, the thesis incorporates both manual coding and automated classification techniques (e.g., keyword-driven mapping, embedding-based clustering). The thesis then leverages the classifier to establish group profiles and time-dependent patterns.

Sample reference: https://gifct.org/wp-content/uploads/2021/07/GIFCT-TaxonomyReport-2021.pdf (öffnet neues Fenster)

Contact: Prof. Dr. Marten Risius (öffnet neues Fenster)

This thesis explores the development of a fine-tuned large language model (LLM) trained on extreme ideological speech to serve as a conversational simulation tool for therapists and mental health professionals. The model is designed to replicate the rhetorical patterns, cognitive biases, and emotional triggers often found in individuals holding radical or extreme beliefs—including but not limited to conspiracy theories, political extremism, or cult-like ideologies.

By simulating realistic, high-fidelity conversations with ideologically extreme personas, the tool aims to provide a safe, controlled environment for therapists to practice de-escalation techniques, build empathy, and refine their communication strategies. We can assist with sourcing appropriate training data. The research faces the technical challenges of fine tuning LLM agents as well as evaluating the discourse with those agents.

The project includes rigorous evaluation of the model’s behavioral fidelity, safety constraints to prevent misuse, and usability testing. Ultimately, this thesis contributes to the growing field of AI-assisted therapeutic training and proposes a novel application of LLMs for enhancing preparedness in mental health interventions involving extremist beliefs.

Sample reference: https://aclanthology.org/2024.emnlp-main.711/, https://arxiv.org/abs/2009.06807 

Contact: Prof. Dr. Marten Risius (öffnet neues Fenster)

Money laundering schemes increasingly exploit online mule accounts—individuals who, knowingly or unknowingly, move illicit funds through personal accounts—to obscure the origin and flow of criminal proceeds. This thesis investigates how such mule operations are organized and executed across digital platforms, with a focus on the observable online footprints they leave behind. 

The thesis includes a case-based exploration of publicly reported incidents involving mule accounts—drawing from government enforcement reports (e.g., Europol, FinCEN, BKA), transparency disclosures from financial institutions, and court proceedings. The work then pursues an exploratory approach (e.g., open-source intelligence (OSINT), digital ethnography) methods, for example relying on publicly accessible data sources, including forum posts, social media activity, leaked datasets, and court case records or studying social media forums like Telegram groups, Reddit threads, or YoutTube/TikTok videos promoting “easy money” schemes. The research begins with a literature review of digital money laundering typologies and mule recruitment patterns to identify a specific research question, then conducts a respective analysis – for example of online - where mule recruitment is suspected to occur.

Sample references and data: https://www.emerald.com/insight/content/doi/10.1108/jfc-10-2022-0243/full/html, https://arxiv.org/abs/2506.13989, https://www.kaggle.com/datasets/ellipticco/elliptic2-data-set 

Contact: Prof. Dr. Marten Risius (öffnet neues Fenster)