IVAN: Intelligent Methods for Detection of Software Backdoors
The project is concerned with developing novel methods for detecting backdoors in software. We bring together concepts from computer security, program analysis, and machine learning to automatically identify unusual structures in code. While the general detection of backdoors is an unsolvable (undecidable) problem, we are optimistic to raise the bar for adversaries to plant manipulated code in legitimate software. Project website.
CASA: Cyber-Security in the Age of Large-Scale Adversaries
The DFG Excellence Cluster CASA at Ruhr-University Bochum pursues the goal of enabling sustainable security against large-scale adversaries, in particular nation-state attackers. The research is characterized by a strongly interdisciplinary approach which investigates key questions of security at different layers. As a member of the CASA consortium, the Institute of System Security develops security systems based on robust and explainable machine learning. Website of the cluster.
FIDI: Intelligent Data Analysis for Digital Forensics
The BMBF project FIDI is concerned with developing novel methods for digital forensics and fighting cybercrime. As part of the project, we aim at bringing together concepts from computer security, machine learning, and system simulation to automatically extract characteristic traces from digital data. The project is funded by the Federal Ministry of Education and Research (BMBF) and joint work with ERNW Research, and Friedrich-Alexander-Universität Erlangen-Nürnberg. Project website
BIFOLD: Berlin Institute for the Foundations of Learning and Data
BIFOLD is a leading center for AI research in Germany. It is concerned with research on the scientific foundations of big data and machine learning in AI applications. As a member of the BIFOLD consortium, the Institute of System Security develops techniques for analyzing the security of learning-based systems as well as protecting the privacy of data and learning models. Website of the center
TWINS: Attacking Machine Learning and Digital Watermarking
The project TWINS is concerned with the security of machine learning and digital watermarking. Both domains — machine learning and digital watermarking — seem disconnected at a first glance. However, the underlying methods share the same vulnerabilities and suffer from similar attacks. It is the goal of this project to systematically study, formalize and join research concepts from both domains to strengthen their security. The project is funded by Deutsche Forschungsgemeinschaft (DFG).
VAMOS: Efficient Analysis and Detection of Modern Malware
The objective of the BMBF project VAMOS is the development of novel methods for the analysis and detection of malware. On the basis of detailed behavioral threat analysis, the project aims at automatically extracting patterns of targeted attacks with the aid of machine learning techniques. The project is joint work with VMRay, Siemens and Deutsche Telekom. It is funded by the Federal Ministry of Education and Research (BMBF). Project website
PropStop: Detection, Analysis and Mitigation of Online Propaganda
The project is concerned with the detection of propaganda attacks in social media. It aims at establishing technical means for identifying automated and coordinated postings in social networks and online forums, such as campaigns of political propaganda and covered advertising. The project is joint work with the University of Münster, Spiegel Online, Süddeutsche Zeitung und Pallas GmbH. It is funded by the Federal Ministry of Education and Research (BMBF). Project website
INDI: Intelligent Intrusion Detection Systems for Industrial Processes
The project deals with the development of novel security systems for industrial networks. By combining concepts from intrusion detection, protocol analysis and machine learning, the project aims at creating intelligent systems that adapt to industrial processes and spot anomalous activities in their communication. The project is joint work with Vattenfall, BTU Cottbus-Senftenberg, and Genua. It is funded by the Federal Ministry of Education and Research (BMBF). Project website
APT-Sweeper: Contextual and Structural Detection of Targeted Attacks
The project explores novel techniques for detecting targeted attacks in email and web communication. To cope with stealthiness and evasion, the project focuses on identifying suspicious inconsistencies in the context and structure of communication—in contrast to searching for known attack patterns. The projects is joint work with Genua and the University of Erlangen. It is funded by the Federal Ministry of Education and Research (BMBF).
ABBO: Analysis and Mitigation of Organized Fraud in E-Commerce
The project is concerned with the analysis and mitigation of organized fraud in electronic commerce. The project links data mining algorithms with privacy-enhancing technology for developing methods that are effective in identifying fraudulent orders and at the same time protect the privacy of customers. The project is joint work with the Steinbeis-Hochschule Berlin and Zalando. It is funded by the Federal Ministry of Education and Research (BMBF). Project website
BJOERN: Mining Binary Code for Vulnerabilities using Graph Databases
The project is concerned with developing a system for modeling and discovering vulnerabilities in binary code—similar to our system Joern for analyzing source code. The project combines concepts from classic binary analysis and reverse engineering with modern graph databases and thereby enables mining for vulnerabilities using database queries. The project is funded with a Google Faculty Research Award.
DEVIL: Detection of Software Vulnerabilities using Machine Learning
The project aims at developing methods for vulnerability discovery in source code using machine learning. To this end, structured representations of source code, such as abstract syntax trees and control flow graphs, are embedded in semantic feature spaces and analyzed using unsupervised learning algorithms for identifying vulnerable programming patterns. The project is funded by Deutsche Forschungsgemeinschaft (DFG).
MALTE: Machine Learning for Threat Intelligence
The project deals with applying machine learning techniques for security threat intelligence and analytics. The project is joint work with Siemens and has a running time of one year.
PROSEC: Proactive Security for Convergent Communication
The project aims at protecting modern communication services, devices and infrastructures. Proactive concepts from computer security, such as honeypots, are coupled with machine learning techniques for automatically detecting, analyzing and stopping novel threats. The project is joint work with Technische Universität Berlin, Alcatel-Lucent and Idalab. It is funded by the Federal Ministry of Education and Research (BMBF). Project website
DYNAMO: Dynamic Malware Detection using Machine Learning
The project deals with the detection of malicious software at run-time. To identify malicious activity as early as possible, techniques for analysis of program behavior are coupled with learning methods specifically designed for early identification of malicious activities. The project is joint work with the University of Erlangen. The project is funded by the Deutsche Forschungsgemeinschaft (DFG).
EVESKO: Detection of Malware Communication Channels
The project is concerned with the detection of malicious software and its communication channels. Techniques from statistics and machine learning are applied for identifying anomalous and unusual patterns in communication. The project is joint work with the University of Tübingen and funded by the Federal Office for Information Security (BSI).
LAMA: Learning Methods for Automatic Malware Analysis
The project aims at developing methods for the automatic analysis of malicious software (malware). Learning techniques are applied to program behavior of malware for discovery and discrimination of novel variants. The project is joint work with the University of Mannheim as part of the INMAS project funded by the Federal Office for Information Security (BSI).