Felix Weissberg, Lukas Pirch, Erik Imgrund, Jonas Möller, Thorsten Eisenhofer, and Konrad Rieck
LLM-based Vulnerability Discovery through the Lens of Code Metrics
IEEE/ACM International Conference on Software Engineering (ICSE) (to appear)
Thorsten Eisenhofer
ML & Computer Security
About Me
I am a postdoctoral researcher at TU Berlin, working in the Machine Learning and Security group led by Konrad Rieck. Prior to this, I completed my PhD at Ruhr University Bochum, where I was part of the Systems Security group under the supervision of Thorsten Holz. My PhD work was awarded by the faculty for outstanding achievements. During my PhD, I was also a security researcher in the German Research Foundation's Cluster of Excellence “Cyber Security in the Age of Large-Scale Adversaries” (CASA).
My research focus is on two fundamental aspects, machine learning and computer security, which I aim to investigate from a systems security perspective. By considering the learning algorithm as a part of a larger system, I study the increased attack surface of practical systems, but also analyze how such systems can be secured. I am further interested to investigate how learning-based approaches can be used to solve problems in computer security.
Along the way, I was interning in the SecLab at UC Santa Barbara working with Giovanni Vigna and Christopher Kruegel on symbolic execution and played with Shellphish at the DEF CON CTF finals in Las Vegas. More recently, I was visiting the Cleverhans Lab at the Vector Institute working with Nicolas Papernot on secure and trustworthy machine learning.
I obtained a B.Sc. in Computer Science from Paderborn University and a M.Sc. in Computer Security from Ruhr University Bochum. For my master studies, I was awarded best student in graduating class.
For questions, discussions or collaborations, feel free to reach out.
Publications
2026
2025
Erik Imgrund, Thorsten Eisenhofer, and Konrad Rieck
Adversarial Observations in Weather Forecasting
ACM Conference on Computer and Communications Security (CCS) (to appear)
[pdf]
[code]
[poster]
[arxiv]
Jonas Möller, Lukas Pirch, Felix Weissberg, Sebastian Baunsgaard, Thorsten Eisenhofer, and Konrad Rieck
Adversarial Inputs for Linear Algebra Backends
International Conference on Machine Learning (ICML)
[pdf]
[code]
Felix Weissberg, Jan Malte Hilgefort, Steve Grogorick, Daniel Arp, Thorsten Eisenhofer, Martin Eisemann, and Konrad Rieck
Seeing Through: Analyzing and Attacking Virtual Backgrounds in Video Calls
David Pape, Sina Mavali, Thorsten Eisenhofer, and Lea Schönherr
David Beste, Grégoire Menguy, Hossein Hajipour, Mario Fritz, Antonio Emanuele Cinà, Sébastien Bardin, Thorsten Holz, Thorsten Eisenhofer, and Lea Schönherr
Exploring the Potential of LLMs for Code Deobfuscation
Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA)
[pdf]
[code]
Roei Schuster, Jin Peng Zhou, Thorsten Eisenhofer, Paul Grubbs, and Nicolas Papernot
Learned-Database Systems Security
Transactions on Machine Learning Research (TMLR)
[pdf]
[arxiv]
2024
Joel Frank, Franziska Herbert, Jonas Ricker, Lea Schönherr, Thorsten Eisenhofer, Asja Fischer, Markus Dürmuth, and Thorsten Holz
A Representative Study on Human Detection of Artificially Generated Media Across Countries
IEEE Symposium on Security and Privacy (S&P)
[pdf]
[preregistration]
[code]
[arxiv]
Jonathan Evertz, Merlin Chlosta, Lea Schönherr, and Thorsten Eisenhofer
Whispers in the Machine: Confidentiality in LLM-integrated Systems
Felix Weissberg, Jonas Möller, Tom Ganz, Erik Imgrund, Lukas Pirch, Lukas Seidel, Moritz Schloegel, Thorsten Eisenhofer, and Konrad Rieck
SoK: Where to Fuzz? Assessing Target Selection Methods in Directed Fuzzing
ACM Asia Conference on Computer and Communications Security (ASIACCS)
[pdf]
[code]
[arxiv]
Jonas Möller, Felix Weissberg, Lukas Pirch, Thorsten Eisenhofer, and Konrad Rieck
Cross-Language Differential Testing of JSON Parsers
ACM Asia Conference on Computer and Communications Security (ASIACCS)
[pdf]
[code]
2023
Thorsten Eisenhofer, Erwin Quiring, Jonas Möller, Doreen Riepel, Thorsten Holz, and Konrad Rieck
No more Reviewer #2: Subverting Automatic Paper-Reviewer Assignment using Adversarial Learning
USENIX Security Symposium
[pdf]
[slides]
[examples]
[code]
[arxiv]
Hojjat Aghakhani, Lea Schönherr, Thorsten Eisenhofer, Dorothea Kolossa, Thorsten Holz, Christopher Kruegel, and Giovanni Vigna
VenoMave: Targeted Poisoning Against Speech Recognition
IEEE Conference on Secure and Trustworthy Machine Learning (SaTML)
[pdf]
[code]
[arxiv]
Nico Schiller, Merlin Chlosta, Moritz Schloegel, Nils Bars, Thorsten Eisenhofer, Tobias Scharnowski, Felix Domke, Lea Schönherr, and Thorsten Holz
Drone Security and the Mysterious Case of DJI's DroneID
Network and Distributed System Security Symposium (NDSS)
[pdf]
[code]
David Pape, Sina Däubener, Thorsten Eisenhofer, Antonio Emanuele Cinà, and Lea Schönherr
On the Limitations of Model Stealing with Uncertainty Quantification Models
European Symposium on Artificial Neural Networks, Computational Intelligence and Machine Learning (ESANN)
[pdf]
[arxiv]
2022
Michel Abdalla, Thorsten Eisenhofer, Eike Kiltz, Sabrina Kunzweiler, and Doreen Riepel
Password-Authenticated Key Exchange from Group Actions
Annual International Cryptology Conference (CRYPTO)
[pdf]
Lea Schönherr, Maximilian Golla, Thorsten Eisenhofer, Jan Wiele, Dorothea Kolossa, and Thorsten Holz
2021
2020
Joel Frank, Thorsten Eisenhofer, Lea Schönherr, Asja Fischer, Dorothea Kolossa, and Thorsten Holz
Leveraging Frequency Analysis for Deep Fake Image Recognition
International Conference on Machine Learning (ICML)
[pdf]
[slides]
[code]
[arxiv]
Lea Schönherr, Thorsten Eisenhofer, Steffen Zeiler, Thorsten Holz, and Dorothea Kolossa
Imperio: Robust Over-the-Air Adversarial Examples for Automatic Speech Recognition Systems
Annual Computer Security Applications Conference (ACSAC)
[pdf]
[talk]
[examples]
[arxiv]
Keynotes, Panels and Talks
Verifiable and Provably Secure Machine Unlearning, Conference talk, SaTML, 2025
Security of Machine Learning Systems, Spring school “SAIL”, Bielefeld University, 2025
Security of Machine Learning Systems, Keynote, Winter school “WinterHack”, Ruhr University Bochum, 2024
Maschinelles Lernen in der IT-Sicherheit, Lecture series “KI und Informationssicherheit”, Heidelberg University, 2024
International Research Environments, Panel discussion, Ruhr University Bochum, 2024
Machine Learning and Security, Lecture series “Machine Learning in Science & Industry”, TU Berlin, 2024
Subverting Automatic Paper-Reviewer Assignment, Conference talk, USENIX Security, 2023
Security of Machine Learning Systems, Defense, Ruhr University Bochum, 2023
Communicating Research, Panel discussion, Ruhr University Bochum, 2023
Adversarially Robust Speech Recognition, Spotlight presentation, CASA Retreat, 2021
Taming Audio Adversarial Examples, Conference talk, USENIX Security, 2021
Reviewing
Teaching
Instructor
Security and Privacy of AI, TU Berlin
Master・Seminar・Summer 2025Reproducing AI Attacks and Defenses, TU Berlin
Master・Hands-on class・Winter 2024/25Privacy and Security in Learning, TU Berlin
Master・Seminar・Summer 2024Security Playground for Generative Agents, TU Berlin
Master・Hands-on class・Summer 2024ML & Computer Security, Ruhr University Bochum
Master・Hands-on class・Winter 2021/22ML & Computer Security, Ruhr University Bochum
Master・Hands-on class・Summer 2021ML & Computer Security, Ruhr University Bochum
Master・Hands-on class・Winter 2020/21
Teaching Assistant
Machine Learning for Computer Security, TU Berlin
Master・Lecture・Summer 2025Adversarial Machine Learning, TU Berlin
Master・Lecture・Winter 2024/25Machine Learning for Computer Security, TU Berlin
Master・Lecture・Summer 2024System Security, Saarland University
Bachelor・Lecture・Summer 2021System Security, Ruhr University Bochum
Bachelor・Lecture・Summer 2020Operating System Security, Ruhr University Bochum
Master・Lecture・Winter 2019/20System Security, Ruhr University Bochum
Bachelor・Lecture・Summer 2019
News Coverage
Artificially Generated Media
CISPA: «New results in AI research: Humans barely able to recognize AI-generated media» (EN)
heise online: «KI: Großer Teil kann KI-Inhalte nicht erkennen und weiß nicht, was KI ist» (DE)
Ruhr University Bochum: «New Findings from AI Research: Humans Can Hardly Recognize...» (EN)
Valve World Expo: «People can no longer recognize AI-generated media» (EN)
radioeins: «Warum Menschen KI-erstellte Inhalte häufig nicht mehr erkennen» (DE)
Drone Security
Ruhr University Bochum: «Security vulnerabilities detected in drones made by DJI» (EN)
WIRED: «This Hacker Tool Can Pinpoint a DJI Drone Operator's Exact Location» (EN)
EurekAlert!: «Security vulnerabilities detected in drones made by DJI» (EN)
Golem.de: «DJI-Drohnen verraten Standort des Piloten» (DE)
Caschys Blog: «NDSS: DroneID von DJI kann leicht durch Angreifer gekapert werden» (DE)
hackster.io: «Researchers Release a Tool for Geolocating Commercial Drones and Their...» (EN)
sUAS News: «DIY DJI Aeroscope to find drone operator locations» (EN)
News8Plus: «Security vulnerabilities detected in drones made by DJI» (EN)
大疆.COM: «德国研究人员发现大疆四款无人机存安全漏洞» (CN)
Born's Tech and Windows World: «Security: DJI drones and it's AeroScope vulnerabilities» (EN)
System Weakness: «Annoying Drone Near You? Fuzz It, Find the Operator. A Hack» (EN)
HACKREAD: «Serious DJI Drones Flaws Could Crash Drones Mid-flight» (EN)
C-UAS Hub: «Security Vulnerabilities Found in DJI Drones» (EN)
Bitdefender: «Security Researchers Find Vulnerabilities that Could Crash DJI Drones and...» (EN)
HOMBURG1: «Sicherheitslücken in Drohnen des Herstellers DJI entdeckt» (DE)
infodron.es: «Alemania descubre vulnerabilidades de seguridad en los drones de DJI» (ES)
Forexdigital.net: «Vulnerabilidades de seguranca detectadas em drones fabricados pela dji» (PT)
Tom's Guide: «DJI drones have serious security flaws that can crash them and track your...» (EN)
DroneDJ: «DJI says it fixed drone firmware security flaws before publication of research...» (EN)
drones-magazin.de: «Deutsche Forscher entdecken Sicherheitslücken bei DJI-Drohnen» (DE)
FPV.bg: «Vulnerability in DJI drones reveals pilot information, German study reports» (EN)
DroneXL: «DJI drones have serious security flaws that can crash them and track your location» (EN)
DroneWatch: «DJI stilletjes gestopt met productie van dronedetectiesysteem AeroScope» (NL)
SPIEGEL: «Warum Ukrainer deutsche Drohnen-Hacker um Rat bitten» (DE)
INDIA TODAY: « How civilian drones are being used in Russia-Ukraine war» (EN)
derSTANDARD: «Russische Angriffe auf ukrainische Drohnenpiloten: DJI gesteht unsichere...» (DE)
Accidental Trigger
Ruhr University Bochum: «When Speech Assistants Listen Even Though They Shouldn't» (EN)
NDR: «Wenn der smarte Lautsprecher mit dem Tatort-Kommissar spricht» (DE)
Süddeutsche Zeitung: «Wenn Alexa aus Versehen lauscht» (DE)
STRG_F: «Sex, Streit, Arztgespräche: wie oft Smart Speaker heimlich mithören» (DE)
tagesschau.de: «Die lauschenden Lautsprecher» (DE)
Tagesthemen: «Sprachassistenten hören mit» (DE)
Ars Technica: «Uncovered: 1,000 phrases that incorrectly trigger Alexa, Siri, and Google...» (EN)
ZDF logo!: «Hat Siri schlechte Ohren?» (DE)
detektor.fm: «Alexa, spionierst du mich aus?» (DE)
Fast Company: «Tired of Saying 'Hey Google' and 'Alexa'? Change it Up with These...» (EN)
Mitteldeutsche Rundfunk: «Wann hören Sprachassistenten mit?» (DE)
The Times: «Not in Front of the Speaker! Words that Wake Up Alexa» (EN)
Voicebot.ai: «More Than 1,000 Phrases Will Accidentally Awaken Alexa, Siri, and Google...» (EN)
Hessischer Rundfunk: «Immer ganz Ohr – Lauschangriff der Sprachassistenten» (DE)
Max Planck Society: «Uninvited Listeners in Your Speakers» (EN)
Remote Chaos Experience: «Alexa, Who Else Is Listening?» (EN)
Tech Conversationalist: «Are You Accidentally 'Waking Up' Your Smart Devices?» (EN)
hackster.io: «Incorrect Alexa, Siri, Google Assistant, and Cortana Trigger Words Are...» (EN)
Sputnik International: «‘Alarming’: Research Identifies Over 1,000 Phrases That Trick,...» (EN)
Mimikama: «Wenn Sprachassistenten zuhören, obwohl sie gar nicht sollen!» (DE)
Deep Fake Detection
Ruhr University Bochum: «Fake-Bilder anhand von Frequenzanalysen erkennen» (DE)
Homeland Security News Wire: «Using Frequency Analysis to Recognize Fake Images» (EN)
ElectronicsWeekly.com: «Frequency Analysis can Help Reveal Deep Fake Images» (EN)
Lab Manager: «Recognizing Fake Images Using Frequency Analysis» (EN)
SciTechDaily: «Which Face is Real? Using Frequency Analysis to Identify “Deep-Fake” Images» (EN)
Spektrum.de: «Mathematische Analyse soll alle Deep Fakes enttarnen» (DE)
VDI nachrichten: «Frequenzanalyse enttarnt Fake-Bilder» (DE)
INGENIEUR.de: «Social Media: Mit Frequenzanalysen Deep Fakes auf der Spur» (DE)
INDUSTRY OF THINGS: «Fake-Bilder anhand von Frequenzanalysen erkennen» (DE)
ZDF logo!: «Erkennt Greta Deep Fakes?» (DE)
Adversarially Robust Speech Recognition
RUBIN: «Wie Sprachassistenten unhörbare Befehle befolgen» (DE)
elektroniknet.de: «Angriffe auf Spracherkennungssoftware Kaldi» (DE)
Tech Xplore: «How Voice Assistants follow Inaudible Commands» (EN)
INGENIEUR.de: «Alexa, Siri und Co. – sicherer dank Training» (DE)
sg.hu: «Kivédhető a virtuális asszisztensek manipulálása» (HU)
Ruhr Unversity Bochum: «Die Forschungsreise „Möglichmacher“ legt Halt in Bochum ein» (DE)
WAZ: «IT-Sicherheit heißt: Immer einen Schritt voraus zu sein» (DE)