Smoking remains a leading cause of preventable death, making effective cessation support a global health priority. While conversational agents (chatbots) offer a scalable solution, their success depends on understanding the user’s experience. This study addresses two interconnected challenges: first, understanding the subjective experience of smokers with preparatory activities proposed by a chatbot, and second, evaluating the efficacy of Large Language Models (LLMs) in analyzing this qualitative feedback. This research employs a comparative design. A manual thematic analysis of smokers’ written reflections first established a baseline coding scheme. This scheme was then compared against the outputs of three LLMs, which were tasked with both generating themes independently and applying the predefined manual scheme. The accuracy of the LLMs’ application was measured against the human baseline using Cohen’s Kappa. The manual analysis revealed that smokers’ experiences were predominantly positive, showing strong motivation and a sense that the activities helped reinforce their quitting goals. This was concurrently challenged by expressions of skepticism about the activities’ effectiveness and mentions of personal barriers to quitting. The comparative analysis demonstrated that while LLMs could identify these broad positive and negative topics, they failed to capture more subtle, attitude-based concepts, such as a user’s willingness to engage with an activity despite their personal doubts. Furthermore, the models’ accuracy in applying a predefined coding scheme was substantially lower than the human baseline. This work makes two primary contributions. For digital health, the findings show that cessation aids must be designed to personalize activities to address specific user barriers and skepticism. Methodologically, the study provides a clear verdict on the current role of LLMs in this context: while LLMs show potential as an exploratory aid in theme generation, they are not yet a viable tool for applying a predefined coding scheme, making human analytical oversight essential for ensuring the depth and validity of qualitative research.

As Deep Neural Networks (DNNs) continue to be deployed in safety-critical domains, two specific concerns — adversarial examples and Out-of-Distribution (OoD) data — pose significant threats to their reliability. This thesis proposes novel methods to enhance the robustness of deep learning by detecting such inputs and mitigating their impact.

A central insight of this work is that algorithmic stability plays a crucial role in generalizing to in-distribution data. Motivated by this, the thesis formulates a dual perspective on stability with respect to the hypotheses and explores whether this perspective facilitates the separation of problematic inputs under two main lenses: epistemic uncertainty estimation and the choice of an appropriate inductive bias. By grounding our approach in generative modeling with a latent variable based on an information bottleneck and, specifically, employing Variational Autoencoders (VAEs), we first leverage Bayesian inference over model parameters to estimate the model’s uncertainty with respect to a particular input. Second, we investigate the required properties of both VAE maps and latent representations from a topological perspective. This reveals how OoD inputs predominantly map onto empty regions — or “holes” — in the latent manifold. Finally, we discover that adversarial examples likewise exhibit similar behavior. This finding is then used to craft new scoring functions that reliably distinguish between inliers, outliers, and adversarial attacks.

We increasingly encounter artificial intelligence-based technology in our daily lives, from smart home devices to self-driving cars to invisible systems running on our internet. Many artificial intelligence techniques use machine learning, algorithms that learn to predict or act based on collected data. Unfortunately, the most popular machine learning techniques, such as neural networks and ensembles, are so complex that humans cannot understand how they make predictions. Without understanding the prediction process, it is difficult to trust the model. Therefore, in this dissertation, we work on algorithms that learn models that are understandable to humans. The type of model we consider is a decision tree, a flowchart-like model that can easily be visualized so humans can understand it. These models ask a series of questions about an input and use the answers to derive a prediction.

Decision trees were popularized in the 1980s and extensively studied, but there is still room for improvement. The most popular algorithms for learning decision trees are fast but do not necessarily lead to the best performance. They are not robust, meaning tiny changes in the data can negatively influence the quality of their predictions. Also, the existing algorithms cannot be directly applied to problems where multiple sequential predictions have to be made. Therefore, this dissertation studies several techniques for learning decision trees for robustness and sequential decision making problems.

In Part I of the dissertation, we consider the problem of optimizing decision trees to make good predictions while being robust to small changes in the data. In Chapter 4, we tackle the problem of learning good decision trees quickly in this setting. We improved the runtime of an existing algorithm by speeding up one of the key operations. In Chapter 5, we solve the problem of finding the best possible robust decision tree. The idea is to formulate the problem as an Integer-Linear Program, a special mathematical problem that can be solved with highly optimized algorithms. In Chapter 6, we propose a method that allows learning of models that are more flexible in terms of robustness, i.e., by allowing data changes in different shapes. To create an efficient algorithm, we optimize only the model’s predictions, not the model’s question part. Finally, in Chapter 7, we use techniques for improving data privacy to enable robustness against another kind of data change: someone adding or removing data.

Part II of this dissertation is about sequential decision making problems. In these settings, we control a device or agent that tries to achieve some goal in a potentially uncertain environment. Sequential decision making problems are significantly different from the supervised learning problems considered in Part I since the data is not pre-collected. This class of problems encompasses many real-life problems; one of the simplest of those could be a thermostat that measures the temperature in a room and needs to decide whether to turn a heater on or off constantly. Highly complex problems such as self-driving cars can be modeled similarly. We aim to find a controller represented by a simple decision tree for such problems. Such a controller is called a policy, and by representing it with a small decision tree, humans can understand it. In Chapter 9, we assume that we have a perfect mathematical description of the problem and use it to find the best possible decision tree via Integer Programming techniques. Later in Chapter 10, we assume that we can only interact with the environment and do not have a mathematical description of the problem. In this setting, we find good policies by iteratively updating the tree to achieve better scores using gradient information.

In our research, we have developed various algorithms for learning decision trees in settings that are hard to optimize with existing methods: robust predictions and sequential decision making. We hope that our work on decision tree learning for these settings allows human-understandable machine learning to be used in more real applications in the future. By improving model understanding and robustness, we aim to enable machine learning systems that humans can trust.

In modern society, data is increasingly important for people's daily lives and commercial activities to benefit organization, management and analysis. Proper data utilization involves different stages, and the data life cycle is introduced to describe the procedures as generation, collection, processing, storage, management, analysis, visualization and interpretation. Along the data life cycle, data privacy is highly concerned since possible breaches can lead to the abuse of personal information and financial loss. In this thesis, we advance data privacy protection in data processing, data management, and data analysis correlated with the Spark Living Lab project in the domain of supply chains and machine learning. To enhance privacy protection, we propose solutions based on differential privacy and cryptographic protocols since they provide strong and provable security and privacy guarantees. Moreover, we integrate differential privacy and cryptographic protocols to achieve strong privacy guarantees efficiently and practically for data processing, management, and analysis.

In data processing, we focus on data anonymization and location data perturbation in supply chains. Data de-identification is essential to comply with privacy laws, such as GDPR, before possible sharing or analysis. We propose an anonymization algorithm by combining differential privacy and k-anonymity to achieve stronger privacy guarantees or better data utility than using them alone. Meanwhile, we consider trajectory hiding under possible attacks and real maps, which propose a more practical solution to share trajectory data under privacy protection.

In data management, we address secure data sharing with cryptographic protocols. Data sharing is vital in data management to advance collaboration and knowledge. However, possible data breaches and malicious inputs can lead to potential financial loss and identity theft. In this thesis, we propose a framework for sharing logistic data in a privacy-preserving way using blockchain and cryptographic protocols. Differential privacy is applied to anonymize data, while cryptographic protocols enhance privacy during data transmission.

In data analysis, we pay attention to privacy-preserving machine learning. Machine learning models are usually trained on large datasets which may contain sensitive personal information. It is important to consider privacy protection during the training and utilization of models. We use differential privacy and secure multi-party computation techniques to design a framework for collaborative learning among multiple parties against inference attacks. Also, we utilize zero-knowledge proof to validate model integrity without leaking the model.

In an era of increasing reliance on digital technology, securing embedded and interconnected devices, such as smart cards or Internet of Things (IoT) devices, against emerging threats becomes crucial, highlighting the need for advanced security measures. Cryptographic algorithms, essential for secure communication, data storage, and transaction integrity, are often employed to develop secure systems. However, the practical implementation of these algorithms in software and hardware introduces vulnerabilities, exposing sensitive information to risks. Implementation attacks, such as fault injection (FI) and side-channel analysis (SCA), belong to a category of security threats that exploit these vulnerabilities occurring during the cryptographic algorithms’ execution.

Security evaluation and certification assess the product’s security features against industry best practices and regulatory standards. These processes aim to independently verify the claims made about the product’s security, fostering and maintaining trust among users. Given the evolving landscape of security threats and increasing security concerns, the need for more efficient and resource-effective security evaluations has become evident. Fault injection and side-channel analysis are commonly conducted as part of this assessment, and recent studies have demonstrated that integrating artificial intelligence (AI) methods can significantly enhance their performance. Moreover, this integration can provide more automated and optimized attacks for security evaluation.

This thesis aims to advance AI-based implementation attacks by investigating current AI frameworks, with the objective of improving the efficiency and effectiveness of these attacks across various scenarios. We target specific challenges within AI-based fault injection (AIFI) and deep learning-based SCA (DLSCA), addressing gaps in the current methodologies and proposing solutions that significantly impact their performance and efficiency. We focus on hyperparameter tuning of the utilized AI methods, portability of the attacks, and alternative evaluation metrics within the AI frameworks.

Hyperparameter tuning is critical but can be a time-intensive process. By investigating specific hyperparameters, we can identify those crucial for the performance, guiding a more efficient tuning process. This thesis focuses on initialization methods, revealing no universally optimal initialization method. Instead, we offer a strategic approach to selecting initialization methods that can lead to improved and more reliable performance in specific scenarios. Next, we provide practical AI-based solutions to enhance the portability of FI parameter search results across different samples of the same target and SCA profiling models across different public datasets (targets). This approach makes security evaluation more efficient by leveraging data and findings to expedite evaluations on other targets. Furthermore, this enables future efforts to develop universal methods to help standardize the AI-based implementation attacks for security evaluation. Lastly, we revisit and refine evaluation metrics within the AI-based implementation attacks, proposing new metrics better aligned with the considered objectives. We present new XIX XX SUMMARY metrics for evaluating the performance of AI-based FI parameter search to find distant vulnerable regions of the target alongside algorithms for this objective. On the other hand, we improve the training process of DLSCA by introducing a training scheme involving the redefinition of the labels and a metric that can evaluate the generality of the profiling model, enabling better assessment for early stopping and model tuning.

Through its exploration of AI-based implementation attacks, this thesis offers valuable insights and practical solutions that significantly enhance the field. By improving the efficiency and effectiveness of AI-based implementation attacks, this research not only aids security analysts but also offers a foundation for future standardization efforts of these attacks for security evaluation.

In recent years, the practice of risk-assessment has started to utilize machine learning to take in larger data sets and improve prediction accuracy. Simultaneously, it has expanded into the sentencing stage of the criminal justice system. This paper analyzes the effect of these developments on the consideration of the theories of punishment during sentencing. After first going over key characteristics of both the theories of punishment and the practice of risk-assessment, it presents a series of connections between aspects of machine learning enabled risk-assessment and each of the theories of punishment. It then provides developers of such systems with both general advice and advice aimed specifically at the highlighted effects, rooted in various design methodologies such as Systemic Design and Value-Sensitive Design, in order to better account for these effects. Future research can expand upon this paper both in depth and in scope: in depth by carrying out the empirical research needed to verify and improve upon the ideas in this paper; in scope by extending this research to other ethical debates surrounding machine learning in criminal justice.

Bitcoin is a widely acknowledged digital currency that is designed in a decentralized manner. The recognition of Bitcoin has introduced the notion of cryptocurrencies and, in general, blockchain technology. Blockchain, within less than a decade, has become one of the most exciting technological developments. Among several exciting use cases and projects, there has been an inevitable hype in the industry as well. While in the research community, it has opened an interdisciplinary research field among cryptography, distributed systems, and economics.

Notwithstanding the interest and great effort, blockchain is still a new and evolving technology, and numerous challenges need to be addressed.
To name a few, security, privacy, scalability, smart contracts, and economic aspects with their manifold sub-challenges can be mentioned.Among the research challenges, in this thesis, we investigate three crucial ones for the long-term functionality of the Bitcoin-like blockchains, which are security, scalability, and economic aspects.Our works can be divided into two subjects: transaction propagation and payment channel networks.

Transaction propagation or advertisement refers to the dissemination of newly created transactions of clients in the mining network.In this thesis, we investigate the lack of incentives for transaction propagation and provide an incentive mechanism for peer-to-peer mining networks. Moreover, we focus on the inefficient routing of the transactions and propose a smart routing mechanism.

Payment channel networks (PCN) are promising layer-2 protocols aiming to improve the scalability of blockchains.In this thesis, we present three works on the PCNs.Firstly, we investigate the incentives to participate in multi-hop payments and propose a profit strategy that would encourage the use of PCNs.
Secondly, we propose the first Bitcoin-compatible virtual channel constructions on payment channels that improve the efficiency and availability of multi-hop payments. Finally, we introduce the first post-quantum PCN utilizing our post-quantum adaptor signature scheme. Our works mainly focus on Bitcoin and its PCN, Lightning Network, yet they can be applied to the blockchains and cryptocurrencies having similar characteristics.

This thesis presents several methodological and statistical solutions to problems encountered in cyber security. We investigated the effects of compromised data veracity in state estimators and fraud detection systems, a model to impute missing data in attributes of linked observations, and an unsupervised approach to detect infected machines in a computer network.

The internet traffic is constantly rising nowadays due to the significant increase of the devices connected to the Internet. As a consequence, many cyber risks have arisen. Cybercriminals are trying to exploit the vulnerabilities of these devices to cause damage and gain profit. Monitoring the network traffic and detecting such threats has become essential in order to keep safe systems that are connected to the Internet. The powerful properties of state machines and the sequential nature of the network traffic data, makes them an interesting and promising solution for the implementation of an intrusion detection system.

The goal of this thesis is to implement a new state-merging heuristic which will speedup the state machine building procedure without a significant loss on the quality of the model, and use it to detect malicious host on network traffic data. The new state-merging heuristic is utilizing the Locality-sensitive Hashing concept to store the future traces of each state and simplify the consistency check for the merge of two states. The network traffic data used are in the NetFlow format, and they are encoded and converted into traces in order to build the state machine model and measure its performance. The state machine built is modeling a malicious behavior and used to classify other hosts.

We show that the models built can effectively detect the malicious hosts, with its performance being comparable to the one of a state-of-the-art model. At the same time, the time needed to build the model is much less when compared to the time needed by other state-merging heuristics.

The Internet is a relatively new technology that the world has become immensely dependent on. It is a tool that makes it possible to simplify our lives and better our society. But as with many things, there are people who with to exploit this tool we have for their own malicious gain. One of the mechanisms that we can use for protection against these malicious actors is the intrusion detection system. Machine learning-based intrusion detection systems (IDS) have been heavily researched for a number of years now. Much of this research, though, appears to be conducted using improper methodologies and incorrect evaluation.
Such methodologies include training and testing IDSs with unrealistic data and using uninformative metrics to determine performance. In this research, we perform a case study using one such IDS. This IDS is trained and evaluated using real network traffic collected from a real-world network. Additionally, we test its performance on actual attack traffic. This research demonstrates that an IDS that is trained with unrealistic data performs nowhere near as well as is claimed by the author when trained using real network traffic. Finally, we propose CAML-IDS, a framework for the correct assessment of machine learning-based intrusion detection systems. This framework can assist future IDS research by preventing incorrect evaluation, in turn preventing the formulation of incorrect research.

Strape enables users to initiate and authorize peer-to-peer transactions without alphanumerical input by
using gestures. OK, a smart wallet app, combines authentication, marketing and payment services in a single
app. By choice, peer-to-peer payments were excluded from the initial design of the OK app, because no
compelling user experience for this type of payment was available, yet. With Strape there is. To incorporate
the Strape functionality inOKand other host applications, the Strape functionality needs to be made available
as an SDK.
The goal of the project is therefore twofold: An SDK must be developed that provides the gesture-based
functionality and adheres to a number of integration use cases for various possible hosting applications. First,
it should be possible to initiate transactions by using gestures, and authorize the transactions by tapping on
a discovered user and swiping it towards them. Secondly, the SDK should be structured in such a way that it
is possible for a host application to fully integrate the SDK.
The system is implemented using a set of configurable classes with the business logic and a data provider
that handles all data mutation and persistence. Furthermore, it holds views that can be extended by a host
application for further customization. Discovery is implemented by using Bluetooth Low Energy, a protocol
that enables constant advertisement and scanning of users in proximity. To ensure testability and maintainability,
aModel-View-Presenter architecture is used.
The SDK is implemented in OK at various points in the app, namely as a favorite between payment accounts,
IDs and tickets, as a shortcut in the main overview and as an overlay with transaction objects. OK
mostly uses the standard SDK configuration variables.
The project was managed using Scrum with 1-week sprints. Version control was handled by Git and
SemVer and the project was continuously integrated by using Bitrise. Although a connection to the Strape
Virtual Account System was planned, time constraints and prioritization of the core Strape functionality resulted
in leaving it out of the final product.
The result satisfies the project goal in that an SDK is realized comprising the core Strape functionality
with the specified integration requirements. Furthermore, a first version of the SDK is integrated in the OK
app, satisfying all UI integration requirements. The project has showed us the importance of the necessary
overhead with software development projects such as this one. We recommend developing the requirements
we deemed out of scope for this project to complete the entire peer-to-peer transaction proposition.

This thesis' objective is to provide privacy to mobile code. A practical example of mobile code is a mobile software agent that performs a task on behalf of its user. The agent travels over the network and is executed at different locations of which beforehand it is not known whether or not these can be trusted. Because a mobile software agent performs actions on behalf of its user, agent must be protected in order to provide privacy to the user. For example, a software agent must purchase a flight ticket. Other parties like airlines are then not entitled to know the agent's strategy when the agent will purchase the ticket.In this thesis, several solutions are provided to this problem, and to obtain more in depth knowledge on protecting privacy in mobile code a theoretical analysis was performed. Essential in this problem is that the execution environment cannot be trusted. It is curious in the content of the mobile code, although it does not change the content.Two approaches are covered in this thesis. First, a practical approach is given that presents several solutions to various aspects of the mobile code privacy problem. These solutions provide a level of privacy protection, however, it does not provide knowledge on what level of privacy can be provided. To answer this question a theoretical analysis is made to derivelimits of the maximum privacy level that can be achieved