This thesis presents the design, implementation, and validation of a piezoelectric energy harvester (PEH) emulator to enable repeatable evaluation of energy extraction circuits for vibration-based systems. PEHs convert mechanical vibrations into electricity using materials that generate charge under stress, offering compact, maintenance-free power for low-power electronics.
Efficient energy extraction from PEHs requires specialized circuits whose performance depends heavily on the PEH’s electrical characteristics. However, real PEHs often exhibit nonlinear and chaotic behavior, complicating consistent testing and comparison. The proposed emulator overcomes this by replicating PEH electrical behavior in a controlled, configurable, and repeatable way.
The emulator employs a voltage-controlled voltage source with analog impedance modeling, supporting output ranges up to ±25 V and 3 A. It includes modular impedance matching and real-time responsiveness without digital latency. A complete prototype was built and tested. Simulations showed stable operation under various conditions, and experimental results demonstrated 80–100% accuracy in reproducing PEH power output.
To the author's knowledge, this is the first emulator designed specifically for PEHs, addressing a gap in existing literature. While emulators are common in photovoltaic and thermoelectric domains, none existed for piezoelectric harvesters. This work establishes a flexible benchmarking platform and outlines paths for improving emulator accuracy via improved impedance modeling and alternative architectures.

Stateful Functions-as-a-Service (SFaaS) platforms, such as Styx, are emerging as powerful abstractions for building distributed, serverless cloud applications. By combining the abilities of FaaS with strong transactional guarantees, they enable complex, stateful workflows without requiring developers to manage infrastructure. However, they lack built-in support for analytical queries across distributed function state. This thesis addresses that gap by proposing H-Styx, whose hybrid architecture extends Styx with a snapshot-based Query Engine, enabling near-real-time OLAP queries over global state while maintaining performance isolation for transactions. The Query Engine integrates seamlessly into the Styx architecture, leveraging periodic snapshots transmitted via a loosely-coupled, asynchronous interface. It ingests partitioned state from object store MinIO into columnar database DuckDB, supports incremental delta loads, and delivers results over a Kafka-based interface to achieve scalable, low-latency analytical querying while employing robust fault tolerance.

Empirical evaluation demonstrates that H-Styx preserves transactional throughput and latency under hybrid workloads, while significantly outperforming a baseline HTAP architecture (Postgres with Streaming Replication) on analytical throughput and providing superior workload isolation. These results validate the feasibility of supporting hybrid transactional and analytical processing in SFaaS environments. Overall, H-Styx bridges a crucial capability gap in SFaaS, enabling more powerful data-driven applications in distributed, event-driven architectures.

Developers often use dependency managers to make updating dependencies easier. These dependency managers allow permissive declaration strategies to be used which automatically keep dependencies up-to-date. To prevent these automatic updates from breaking projects, developers can use version locking to lock specific versions in place. To investigate how version locking is used we have done research into version locking in projects using Gradle. We found that version locking is not widely adapted, as only 0.34% of our sampled Gradle projects contained a lock file. Our analysis into the use of version ranges in projects using version locking showed that only 29.5% to 44.4% of analyzed projects using version locking, used version ranges. This is surprising as version locking is most effective when using version ranges. Our research into the effect of version locking showed that in 18.2% of the analyzed projects, version locking prevented the build from failing. Looking into the negative effects of version locking, we found that 9.8% of the dependencies are at risk of being a vulnerability, as for these dependencies there are newer versions available which might introduce security patches.

Java projects often depend on third-party libraries to support development, but intensive reuse can lead to version conflicts, a common manifestation of dependency hell. This paper presents an empirical study of 124 GitHub pull requests from 85 Maven-based Java projects that addressed such version conflicts. We investigate the phenomenon from three perspectives: developer effort, the role of Semantic Versioning (SemVer) and conflict resolution strategies. Our analysis reveals that activity-based effort metrics are often confounded by unrelated changes and automation, suggesting the need for qualitative validation. Despite widespread use of SemVer syntax, 80% of observed runtime errors resulted from forward incompatibilities not covered by SemVer and even SemVer-compliant library versions occasionally broke backward-compatibility. The most common resolution strategy was library harmonization (67.7% of PRs), often achieved through version alignment techniques. These findings highlight the limitations of relying solely on versioning conventions and emphasize the importance of proactive tools and practices for managing dependencies. All datasets and analysis scripts are publicly available to support further research.

As Open-Source projects grow in size and incorporate more and more external dependencies, developers increasingly rely on dependency managers such as Maven to manage version conflicts and automate dependency resolution. However, developers are often unaware of vulnerabilities in their dependencies or do not prioritise security due to the effort required to update dependencies, resulting from a lack of compliance with Semantic Versioning policies. This paper aims to motivate greater adoption of version ranges by empirically analysing a large selection of open-source Maven projects to determine the impact of fixed versions compared to version ranges and identify opportunities for safe updates. It also proposes TeSTer as a conceptual command-line tool that analyse dependencies and provides insight into security practices, release frequency, and SemVer compliance to support informed decisions when incorporating dependencies in a project.

The Maven ecosystem relies heavily on dependencies to provide functionality, but the relationships between these dependencies are not well understood. This paper introduces the concept of dependency families, where a group of dependencies are owned by the same entity and designed to be used together. We develop a method to detect these families using a combination of structural and statistical techniques, and apply it to the Maven Central repository. Our analysis reveals insights into the structure and trends of dependency families, including their size distribution, usage patterns, and version homogeneity. Specifically, we find that most families are composed of a small core of frequently used dependencies alongside many supplemental ones; that releases without code changes are surprisingly prevalent; and that while many dependencies in a family share version numbering, this is not consistent enough for developers to always rely on. Our findings have implications for developers, maintainers, and users of dependencies in the Maven ecosystem.

In practical situations, computer vision technique is applied to solve various tasks, including image classification, object detection, image segmentation, and so on. The commonly used supervised learning training paradigm for the network models used to solve these tasks requires training data as well as the ground truth labels specifying the data samples' reference information for the task. However, getting labels for every task would be expensive or even almost impossible, such as medical images due to privacy reasons and expert annotations from medical professionals and facial recognition also because of privacy concerns. Many large-scale general datasets exist, like ILSVRC2012 for both image classification and object detection tasks and COCO also for objection tasks. , and the corresponding pre-trained models whose knowledge can be transferred to other fields. While deeper models typically have better performance and can learn better feature representation from the same tasks, increasing network models introduces difficulties in practical deployment, especially regarding resource limitation and response latency. We hope to explore the learning methods in knowledge distillation to help the smaller student network learn better features from the unlabeled training data and have better transfer performance on downstream tasks. With the remarkable success of contrastive learning, it has become one of the most promising methods of learning from unlabeled data. In this thesis, we proposed an unsupervised knowledge distillation method that applies a contrastive learning method to construct and extract relational knowledge from the feature representations of the intermediate layers as well as the final layer. The evaluation with the ILSVRC2012 dataset proves the effectiveness of the proposed method on feature learning as the method helped the ResNet-18 model achieve a 2% improvement in linear evaluation accuracy compared to the baseline model. Extensive experiments were conducted on eight transfer learning tasks, and the model trained by the proposed method outperformed its baseline model in all the eight classification tasks and also achieved better fine-tuning accuracy in the situation where only a small fraction of the ground truth label was available for fine-tuning.

With the rise of new space, space missions are becoming increasingly more accessible. This is caused by the increased use of commercial-off-the-shelf components as well as the possibility of having multiple parties operating on a single satellite platform. This development combined with a new attitude towards the security of these systems has exposed some flaws in current designs. These concerns are in the lack of defense-in-depth measures on board the satellite and the fully trusted nature of the internal bus. In this thesis we perform a high-level risk analysis for CubeSat missions and map them to the SPACE-SHIELD framework. We then implement several mitigations based on the identified risks, with a focus on less explored research areas. The performance of the mitigations is then evaluated in order to test their viability for use in the industry. We provide a simulator setup for testing and evaluating the mitigations. In order to improve the security of CubeSats we ran several fuzzing campaigns, which have led to the discovery of potentially vulnerable sections of code. Furthermore, we implemented mitigations to achieve network segmentation and end-to-end security on the internal bus of the device. The authenticated encryption scheme implemented for end-to-end security uses the NIST standard for lightweight cryptography known as Ascon. The measurements show that our reference implementation of this AEAD scheme has an overhead of 15% for message payload sizes of 200 bytes. Lastly, we contribute to several entries in the SPACE-SHIELD framework which were lacking before.

In this research, we propose a new method for detecting slow, distributed port scanners by utilizing clustering techniques based on the behavioral characteristics of scan sources. Traditional methods often rely on identifying sources within the same subnet and using frequency-based algorithms; however, our method operates independently of source address correlations. We assign numeric features based on these characteristics to packet sources observed through our network telescope. These features are then processed using a clustering algorithm to identify distributed scans without depending on the origin of source addresses.

Our findings demonstrate the effectiveness of this method in accurately clustering and identifying slow scanners. We verified the results by comparing the detected scan clusters against the expected behavior derived from our simulations. This approach not only reveals complete distributed scans but also offers insight into different scanning strategies employed across the internet.

The implications of our research are significant for network security, enabling early detection and mitigation of potential cyber threats. Our methodology lays a foundation for further research and optimization, offering a valuable tool for both understanding and securing internet infrastructure against scanning techniques.

Distributed Reflection Denial-of-Service (DRDoS) attacks remain among the most damaging cyber threats, leveraging vulnerable UDP-based protocols to amplify traffic and overwhelm targets. Our measurement study investigates the amplification potential of three commonly exploited protocols: DNS, NTP, and Memcached, within the context of the network infrastructure in Belgium and Luxembourg. By analysing amplification factors through various query strategies, we aim to identify potential vulnerabilities and correlations between factors that influence the weaponisation of these protocols. We also investigated application-layer looping vulnerabilities, also known as “Loopy”. Our findings indicate that despite protocol hardening, significant risks remain, particularly with improperly configured DNS servers and not updated NTP and Memcached versions.

Amplification Distributed Denial of Service attacks require networks that do not drop packets with spoofed IP addresses and servers open to the Internet running UDP protocols with amplification potential. These attacks have the potential to overwhelm large network links and disrupt the availability of the largest network infrastructures. While multiple studies exist addressing vulnerable protocols and exploring solutions for collaborative mitigation of such attacks, there is the unaddressed issue of stopping exploitable servers from being deployed in the first place. In this paper, we investigate such servers located in Sweden running DNS, NTP, and Memcached services to learn what makes them vulnerable. After analyzing thousands of servers, we give insights into the current state of the Swedish network and find multiple DNS recursive resolvers amplifying bandwidth more than 100 times, authoritative DNS servers hosting domains with huge amounts of data, and NTP servers patched against old attacks but still providing significant amplification. We find that important parameters that shape the large DNS amplifiers include the choice of the EDNS buffer size, the truncation of responses exceeding it, and a lack of the “ANY” query limitation. NTP servers with debug commands accessible from the Internet have amplification potential, and no vulnerable Memcached servers were found in Sweden.

Amplification Denial of Service (DoS) attacks have been a persistent challenge in network security, with the consequences ranging from causing minor disruptions to substantial financial losses and irreparable damage to reputation.

In today's network environment, many infrastructures are not primary targets of amplification attacks but unwittingly aid them by sending large responses generated by spoofed packets to the potential victims. The ever-growing number of servers makes manual detection of vulnerable components impractical, emphasizing the urgent need for automated tools, which are currently lacking.

This paper investigates factors that affect amplification DoS attacks on three UDP-based protocols, DNS, NTP, and Memcached. Our analysis indicates that for DNS, factors such as the buffer size, replying to ANY queries, Resource Records (RR), and Name Servers (NS) per domain significantly impact the amplification potential. For Memcached, the key and value lengths substantially affect the amplification factor. Regarding NTP, the magnitude of amplification is influenced by the number of recently contacted clients, with the version being a critical determinant for the likelihood of attack success for both NTP and Memcached.

By incorporating these parameters, we propose the development of an automated tool capable of identifying such vulnerable components within network infrastructures.

Distributed reflection denial-of-service (DRDoS) attacks are a type of cyberattack where a malicious actor sends requests to public and open servers on behalf of the victim by spoofing their IP address. The traffic generated by the corresponding responses is directed towards the victim (whose IP address appeared as the source address of the initial packets), potentially exhausting their bandwidth. These attacks have kept becoming more powerful over the years.
This thesis presents a measurement study of three well-known protocols, where we assess the amplification potential of hosts located in Greece running these protocols. We find that DNS remains the most vulnerable protocol to amplification; the top 250 hosts can cumulatively amplify the traffic by 32,000×. Furthermore, we discover that the “ANY” query type and the improperly configured DNS extension (EDNS0) are two significant causes of DNS amplification. Lastly, we also find hosts vulnerable to looping attacks, a novel threat in the context of DDoS attacks.

This paper explores Distributed Reflective Denial-of-Service (DRDoS) attacks, a variant of Distributed Denial-of-Service (DDoS) attacks that leverage publicly accessible UDP servers to amplify traffic towards a target. These attacks, accounting for over half of all DDoS cases in 2023, are significant threats to online services due to their potential to generate traffic volumes in the Tbps range. Despite existing research on DDoS attack vectors and techniques, there remains a gap in tools for identifying potential amplification sources within specific networks. This paper aims to fill that gap by identifying and measuring amplification hazards in the Dutch IP range, focusing on DNS, NTP, and Memcached protocols. Our findings reveal significant amplification potentials, particularly within NTP and Memcached servers, and highlight the influence of factors such as EDNS0 buffer size on DNS amplification.

This paper explores the effect of forecasting methods on the Optimistic Follow The Regularized Leader (OFTRL) caching policy. It has been theoretically proven that the performance of OFTRL improves with accurate forecasters. However, the forecasters were portrayed as black boxes. In this paper, we do not treat forecasters as a black box but rather use recommender systems and temporal convolutional networks (TCN) implementations as forecasters for OFTRL in the caching context. The said forecasters predict the next file requests directly from the request trace rather than monitoring popularity. Using request traces extracted from the well-known MovieLens dataset, it was found that incorporating a forecaster into an optimistic learning algorithm is not straightforward. In fact, it was found that simpler approaches such as one that predicts the most requested file, can outperform more complicated deep learning models in terms of regret even if they possess a lower accuracy.

Group work is an integral part of Computing Education, but introduces problems when students either fail to participate enough or dominate, not allowing their team members to contribute. This research focuses on identifying the participation level of the students, allowing the teacher or teaching assistant who monitors the group throughout the project to identify and resolve problems. The software metrics that can be extracted from the code repository are often used in this monitoring process. Therefore, this study investigates the correlation between the software metrics and the participation level. Furthermore, this study aims to understand the correlation between programming experience and the participation level in the project.

To this end, four project groups were observed over several weeks, followed by interviews with their teaching assistants. A questionnaire assessed each student’s programming experience and collected data about confounding factors. A selection of software metrics to collect was made based on the literature and the teaching assistant interviews. Per contributor, we collected and analysed the number of lines of code, amount of issue comments, amount of MR comments, amount of commits, cumulative cyclomatic complexity, maximum cyclomatic complexity, amount of pipelines triggered, and pipeline failure ratio.

Of the twenty students in the observed groups, eight were classified as high participation, and six were identified as low participation. No significant correlation was found between participation level and gender, age, nationality, GPA, or group familiarity. Programming experience also did not predict participation, suggesting that a lack of experience is not a valid reason for low engagement. Furthermore, the number of lines of code students wrote, the number of commits students made, and the number of comments that students posted on merge requests are correlated with the participation level. This means these metrics can be used for monitoring student software groups and can indicate more than just code contribution.

Due to the increasing popularity of various types of sensors in traffic management, it has become significantly easier to collect data on traffic flow. However, the integrity of these data sets is often compromised due to missing values resulting from sensor failures, communication errors, and other malfunctions. This study investigates the effect of missing data on the performance of Long Short-Term Memory (LSTM) models in traffic flow prediction and assesses strategies to handle these missing values. By actively removing values from a complete data set, three strategies to handle these missing values are evaluated: dropping null values, replacing them with zero, and linear interpolation. We show that LSTM models are surprisingly resilient to missing data, with little impact on prediction accuracy for up to 40% of missing data, irrespective of the strategy used. For higher proportions of missing data, dropping null values leads to significant performance degradation, while zero-filling and interpolation maintain predictive accuracy. This paper provides insights into the choice of missing data handling strategies in time-series prediction tasks, demonstrating the potential of LSTM models for traffic forecasting under less-than-ideal data conditions

Traffic prediction plays a big role in efficient transport planning capabilities and can reduce traffic congestion. In this study the application of Long Short-Term Memory (LSTM) models for predicting traffic volumes across varying prediction horizons is investigated. The data used is collected by the municipality of The Hague for a single month. The study focuses on comparing the performance of the LSTM across different time horizons up to 10 hours in the future. To evaluate the performance of the LSTM models, two common evaluation measures are employed: Root Mean Square Error (RMSE) and Symmetric Mean Absolute Percentage Error (SMAPE). The baseline for the predictions is set at a 15-minute future forecast. Comparing the 1-hour prediction against the 10-hour predictions relative to the baseline RMSE, the RMSE increased threefold. However, the SMAPE first increases, but surprisingly after 6 hours starts to decrease again.