Institute of distributed systems logo Ulm university logo
This page is not localized, hence its original content is displayed.

Dennis Eisermann

Dennis Eisermann is a research assistant at the Institute of Distributed Systems. He holds a Bachelor of Science degree in Computer Science from the University of Augsburg and furthered his education with a Master of Science degree in the same field from the University of Ulm.

His research interests are centered around several critical aspects of deep neural networks. He is deeply engaged in exploring the explainability of deep neural network behavior, aiming to make these complex models more transparent and accessible. Additionally, he uses his knowledge to mitigate adversarial attacks, which are designed to deceive neural networks and compromise their performance. His studies also extends to trust quantification in deep neural networks, with the goal of ensuring their reliability and enabling their safe and successful deployment in real-world applications.

His efforts aim to improve the robustness and trustworthiness of deep learning technologies, making significant strides in both theoretical and practical domains.

Research Interests

  • Trustworthy AI
    • Adversarial Attacks
    • Trust Quantification
  • Autonomous Systems
    • Unmanned Aerial Vehicle
    • Autonomous Cars
  • Medical AI

    • Diagnose Support

    • Interpretable Machine Learning

Publications

2026

Hermann, A., Remmers, J.N., Eisermann, D., Erb, B. and Kargl, F. 2026. VeReMi NextGen: A Dataset for Evaluating Misbehavior Detection Systems in VANETs. 2026 IEEE Vehicular Networking Conference (VNC) (Montreal, Canada, Jun. 2026).
V2X communication enhances road safety but is vulnerable to data manipulation attacks that could lead to safety-critical incidents, motivating the use of Misbehavior Detection Systems (MDSs). The evaluation of MDSs typically relies on simulated V2X scenarios and attacks. To enable reproducible evaluations, publicly available datasets containing V2X messages are important. Existing datasets have several limitations, including limited attack diversity and missing training/validation/test sets for machine-learning-based MDSs. Therefore, we introduce VeReMi NextGen, generated using the InTAS traffic scenario and Eclipse MOSAIC. The dataset includes urban and highway scenarios, three driver profiles, 15 attack types, and training/validation/test sets, thereby providing significantly broader coverage than previous datasets. The attacks were designed to be more advanced and harder to detect than those in the predecessor VeReMi Extension, as confirmed by an evaluation using a state-of-the-art MDS. Our contribution includes the dataset and a publicly available dataset generator, enabling easy integration of additional attacks and entities, such as vulnerable road users.

2025

Hermann, A., Trkulja, N., Eisermann, D., Erb, B. and Kargl, F. 2025. Hyperparameter Optimization-Based Trust Quantification for Misbehavior Detection Systems. 2025 IEEE International Conference on Intelligent Transportation Systems (Nov. 2025), 2589–2596.
Vehicular communication via V2X networks significantly improves road safety, but is vulnerable to data manipulation, which can lead to serious incidents. To address this threat, misbehavior detection systems (MBDs) have been developed to detect such misbehavior. In order to enhance the detection of data manipulation, trust assessment in V2X networks has recently gained increasing attention. Trust assessment takes into account the output of various security mechanisms such as MBDs or Intrusion Detection Systems (IDSs) to detect misbehavior. One particular challenge in trust assessment is the appropriate quantification of the output of these security mechanisms into trust opinions. In this paper, we propose a trust quantification methodology that transforms the output of an MBD into a subjective logic opinion. Furthermore, we apply a hyperparameter optimization approach to determine the optimal parameter set for an MBD. Our evaluation using three MBD variants shows that the optimization approach significantly increased the detection-performance of all MBDs. The MBD variant that used the optimization approach and our proposed trust quantification methodology achieved the best performance, increasing the F1 score by over 13% compared to other state-of-the-art MBD variants analyzed in this work.
Schoffit, J., Pietzschmann, L., Prechtel, P., Eisermann, D., Wendzel, S., Kargl, F. and International Conference on Networked Systems (Ilmenau, 01.-04.09-2025) 2025. Enhancing client security in zero trust architectures: a device-agent policy enforcement point for compartmentalized network management. Proceedings of the International Conference on Networked Systems 2025 (NetSys 2025): Technische Universität Ilmenau, 1 – 4 September 2025. (Aug. 2025), 29–32.
Zero Trust Architectures have recently attracted a lot of interest in the network community. However, access control is often not extending into client devices. In this paper, we propose an extension of Zero Trust Policy Enforcement Points that integrates a device agent to expand the zero trust security model to client devices. We have developed a generalized framework that integrates with multiple compartmentalization technologies, ensuring the isolation of processes and enforcement of network policies while maintaining application and user authentication. This approach minimizes the attack surface of malicious processes, as our Zero Trust Device Agent manages compartment lifecycles based on their behaviour within the network and integrates into the global access control framework, thereby improving the overall security of zero trust architectures.
Ouattara, K.I., Krontiris, I., Dimitrakos, T., Eisermann, D., Labiod, H. and Kargl, F. 2025. PaTAS: A Framework for Trust Propagation in Neural Networks Using Subjective Logic.
Kleber, S., Eppler, J., Palm, T., Eisermann, D. and Kargl, F. 2025. Assessing the Transferability of Adversarial Patches in Real-World Systems: Implications for Adversarial Testing of Image Recognition Security. 2025 55th Annual IEEE/IFIP International Conference on Dependable Systems and Networks - Supplemental Volume (DSN-S) (2025), 42–48.

Open Topics

“Trust Analysis of Traffic Sign Classifiers under Occlusions,” Bachelor's thesis or Master's thesis, D. Eisermann (Supervisor), F. Kargl (Examiner), Inst. of Distr. Sys., Ulm Univ., 2025 – Open.
This thesis aims to investigate the reliability and trustworthiness of traffic sign classifiers when subjected to occlusions. Utilizing the German Traffic Sign Recognition Benchmark (GTSRB) dataset, this research will focus on annotating the dataset with various levels and types of occlusions to evaluate if the predictions are still trustworthy. The primary objective is to assess the performance degradation of the classifier under different occlusion scenarios and to develop strategies to enhance its robustness. This study is crucial for improving the safety and reliability of autonomous driving systems where traffic signs might be partially obscured.
“Enhancing Trustworthiness in Generated Information by Finetuning Llama 3 8b,” Project, D. Eisermann (Supervisor), F. Kargl (Examiner), Inst. of Distr. Sys., Ulm Univ., 2025 – Open.
This project will focus on improving the trustworthiness of generated information through the fine-tuning of the Llama 3 8b model using the Unsloth training performance optimization library. The primary goal is to enhance the reliability and accuracy of AI-generated content by leveraging advanced training techniques. The research will involve evaluating the performance of the Llama 3 8b model before and after fine-tuning, analyzing improvements in trustworthiness metrics, and developing new methodologies to further optimize the model’s performance.
“Detection of Natural Adversarial Examples against ImageNet Classifiers,” Master's thesis, D. Eisermann (Supervisor), F. Kargl (Examiner), Inst. of Distr. Sys., Ulm Univ., 2025 – Open.
This thesis will investigate methods for detecting natural adversarial examples against ImageNet classifiers using classic computer vision techniques. Adversarial examples are inputs to machine learning models that are designed to cause the model to make a mistake. This project will utilize the Harder ImageNet Test Set (https://arxiv.org/abs/1907.07174) as an dataset for Natural Adversarial Examples. The primary objective is to explore and compare the effectiveness of traditional computer vision methods, such as histograms and SIFT (Scale-Invariant Feature Transform), in identifying these adversarial examples. The outcome of this research will enhance our understanding of model vulnerabilities and contribute to developing more robust machine learning systems.
“A Comparison of Various Optimization Strategies for Generating Adversarial Patches,” Bachelor's thesis or Master's thesis, D. Eisermann (Supervisor), F. Kargl (Examiner), Inst. of Distr. Sys., Ulm Univ., 2025 – Open.
This thesis will explore the effectiveness of different optimization strategies in the generation of adversarial patches. Adversarial patches are small, intentionally designed perturbations that can cause machine learning models, particularly in computer vision, to misclassify inputs. The primary objective of this research is to compare various optimization techniques, such as gradient-based methods, evolutionary algorithms, and reinforcement learning, to determine which methods are most effective and efficient in creating these patches. The outcome of this research could significantly enhance our understanding of model vulnerabilities and contribute to the development of more robust machine learning systems.
“A Comparison of Kolmogorov-Arnold Networks (KANs) with Multi-Layer Perceptrons (MLPs) for Image Classification,” Project, D. Eisermann (Supervisor), F. Kargl (Examiner), Inst. of Distr. Sys., Ulm Univ., 2025 – Open.
This project will investigate the performance differences between Kolmogorov-Arnold Networks (KANs) and Multi-Layer Perceptrons (MLPs) in the context of image classification tasks. Kolmogorov-Arnold Networks offer a novel approach to neural network architecture based on mathematical foundations that differ from traditional MLPs. The primary goal of this research is to empirically compare these two types of neural networks to evaluate their classification accuracy. The outcome of this research may provide insights into the potential advantages of KANs over conventional MLPs in practical applications.
“Trust Analysis of Traffic Sign Classifiers under Occlusions,” Bachelor's thesis or Master's thesis, D. Eisermann (Supervisor), F. Kargl (Examiner), Inst. of Distr. Sys., Ulm Univ., 2024 – Open.
This thesis aims to investigate the reliability and trustworthiness of traffic sign classifiers when subjected to occlusions. Utilizing the German Traffic Sign Recognition Benchmark (GTSRB) dataset, this research will focus on annotating the dataset with various levels and types of occlusions to evaluate if the predictions are still trustworthy. The primary objective is to assess the performance degradation of the classifier under different occlusion scenarios and to develop strategies to enhance its robustness. This study is crucial for improving the safety and reliability of autonomous driving systems where traffic signs might be partially obscured.
“Enhancing Trustworthiness in Generated Information by Finetuning Llama 3 8b,” Project, D. Eisermann (Supervisor), F. Kargl (Examiner), Inst. of Distr. Sys., Ulm Univ., 2024 – Open.
This project will focus on improving the trustworthiness of generated information through the fine-tuning of the Llama 3 8b model using the Unsloth training performance optimization library. The primary goal is to enhance the reliability and accuracy of AI-generated content by leveraging advanced training techniques. The research will involve evaluating the performance of the Llama 3 8b model before and after fine-tuning, analyzing improvements in trustworthiness metrics, and developing new methodologies to further optimize the model’s performance.
“Detection of Natural Adversarial Examples against ImageNet Classifiers,” Master's thesis, D. Eisermann (Supervisor), F. Kargl (Examiner), Inst. of Distr. Sys., Ulm Univ., 2024 – Open.
This thesis will investigate methods for detecting natural adversarial examples against ImageNet classifiers using classic computer vision techniques. Adversarial examples are inputs to machine learning models that are designed to cause the model to make a mistake. This project will utilize the Harder ImageNet Test Set (https://arxiv.org/abs/1907.07174) as an dataset for Natural Adversarial Examples. The primary objective is to explore and compare the effectiveness of traditional computer vision methods, such as histograms and SIFT (Scale-Invariant Feature Transform), in identifying these adversarial examples. The outcome of this research will enhance our understanding of model vulnerabilities and contribute to developing more robust machine learning systems.
“A Comparison of Various Optimization Strategies for Generating Adversarial Patches,” Bachelor's thesis or Master's thesis, D. Eisermann (Supervisor), F. Kargl (Examiner), Inst. of Distr. Sys., Ulm Univ., 2024 – Open.
This thesis will explore the effectiveness of different optimization strategies in the generation of adversarial patches. Adversarial patches are small, intentionally designed perturbations that can cause machine learning models, particularly in computer vision, to misclassify inputs. The primary objective of this research is to compare various optimization techniques, such as gradient-based methods, evolutionary algorithms, and reinforcement learning, to determine which methods are most effective and efficient in creating these patches. The outcome of this research could significantly enhance our understanding of model vulnerabilities and contribute to the development of more robust machine learning systems.
“A Comparison of Kolmogorov-Arnold Networks (KANs) with Multi-Layer Perceptrons (MLPs) for Image Classification,” Project, D. Eisermann (Supervisor), F. Kargl (Examiner), Inst. of Distr. Sys., Ulm Univ., 2024 – Open.
This project will investigate the performance differences between Kolmogorov-Arnold Networks (KANs) and Multi-Layer Perceptrons (MLPs) in the context of image classification tasks. Kolmogorov-Arnold Networks offer a novel approach to neural network architecture based on mathematical foundations that differ from traditional MLPs. The primary goal of this research is to empirically compare these two types of neural networks to evaluate their classification accuracy. The outcome of this research may provide insights into the potential advantages of KANs over conventional MLPs in practical applications.

Teaching

SS2025

  • Lecture: Maschine Learning & Security
  • Seminar: Research Trends in Distributed Systems
  • Proseminar: Privacy im Internet
  • Lecture: Practical IT-Security

WS2024

  • Seminar: Research Trends in Distributed Systems

SS2024

  • Lecture: Security and Privacy in Mobile Systems
Logo: Certificate since 2008 - audit family-friendly university Logo: StudyCheck - top university Logo: StudyCheck - digital readiness Logo: Universities for openness, tolerance and against xenophobia