Successful doctorate at the Professorship for Data Science
3 November 2025
On October 28, our external doctoral candidate Sergej Schultenkämper (research assistant in the Business Informatics department at Bielefeld University of Applied Sciences) successfully completed his doctorate. The entire CODE research institute extends its warmest congratulations!
Social online networks have become an integral part of digital communication and are experiencing exponential growth in user numbers. Platforms such as Facebook, Instagram, X, and LinkedIn now have a significant impact on the way people communicate and exchange information. Users willingly share personal information on these platforms in the form of text, photos, and videos. However, the protection of this data is often neglected. The widespread availability of personal information on the internet poses significant risks to privacy. Data distributed across various platforms and accessible to third parties leads over time to comprehensive data collections that are used to develop complex data-driven applications, for example to correlate user profiles and remove their anonymity. The resulting identifiability makes users potential targets for various threat scenarios such as identity theft or social engineering in the form of spear phishing.
In his dissertation, Mr. Schultenkämper applies the concept of the digital twin, as used in Industry 4.0 to simulate technical systems, to actors in social networks for the first time. The aim is to develop a framework for quantifying privacy risks. In his work, the digital twin represents a cross-platform representation of real people, instantiated exclusively from publicly available information on social networks using ontological modeling approaches. On this basis, a measurable assessment of potential threats in social networks is made possible. The work presents a risk model that, in addition to a general risk assessment, also takes into account specific scenarios such as identity theft and spear phishing attacks. To this end, the privacy score used in the literature is extended to include network structural characteristics. Building on this, two application-specific metrics are introduced: the Identity Theft Risk Score, which is determined by machine learning methods, and the Spear Phishing Exposure Score, which is based on information-theoretical concepts. These metrics enable a differentiated assessment of specific threat scenarios. The digital twins created are analyzed using the metrics developed. The evaluation shows that almost half of the digital twins across all three metrics have a high risk potential and are therefore considered to be highly exposed. The framework presented thus offers a transparent and reproducible method for quantifying potential risks in social networks and forms the basis for future protection systems.
Image sources: Sergej Schultenkämper, Benjamin Bellgrau (FI CODE)
