.: mlsec.org

Machine Learning and Computer Security Research

Research Group at the University of Goettingen

Security Group

The research group is concerned with all aspects of applied computer security, including the detection of attacks, the analysis of malicious code, and the discovery of vulnerabilities. A special emphasis is put on the combination of computer security and machine learning, which allows for developing security systems that learn from data and adapt to changing threats.

Malheur — Automatic Analysis of Malware Behavior

Malheur

Malheur is a tool for the automatic analysis of program behavior recorded from malicious software (malware). It has been designed to support the regular analysis of malicious software and the development of detection and defense measures. Malheur allows for identifying novel classes of malware with similar behavior and assigning unknown malware to discovered classes using machine learning.

Sally — A Tool for Embedding Strings in Vector Spaces

Sally

Sally is a small tool for mapping a set of strings to a set of vectors. This mapping is referred to as embedding and allows for applying techniques of machine learning and data mining for analysis of string data. Sally can applied to several types of string data, such as text documents, DNA sequences or log files, where it can handle common formats such as directories, archives and text files.

Joern - A Robust Tool for Static Code Analysis

Joern is a tool for robust analysis of C/C++ code. It generates abstract syntax trees, control flow graphs and searchable indexes of code constructs, even for code that does not compile due to missing headers. As such, it has been specifically designed to meet the needs of code auditors, who often find themselves in a situation where constructing a working build environment is not a feasible option or is simply impossible due to missing code.

Derrick - A Simple Network Stream Recorder

Derrick is a simple tool for recording data streams of TCP and UDP traffic. It shares similarities with other network recorders, such as tcpflow and wireshark, where it is more advanced than the first and clearly inferior to the latter. Derrick has been specifically designed to monitor application-layer communication. In contrast to other tools the application data is logged in a line-based ASCII format. Common UNIX tools, such as grep, sed & awk, can be directly applied.

Blog on Machine Learning for Computer Security

Blog

This blog deals with research in the areas of machine learning and computer security. Posts of the blog are authored by members of the research group in Göttingen.