The ERC Consolidator Grant MALFOY explores the application of machine learning in offensive computer security. It is an effort to understand how learning algorithms can be used by attackers and how this threat can be effectively mitigated.
ALISON — Attacks against Machine Learning in Structured Domains
The goal of this project is to investigate the security of learning algorithms in structured domains. That is, the project develops a better understanding of attacks and defenses that operate in the problem space of learning algorithms rather than the feature space.
TELLY — Testing the Limits of Machine Learning in Vulnerability Discovery
The project aims to open the black box of machine learning in vulnerability discovery. Its goal is to systematically assess the limits of learning-based discovery approaches and derive a better understanding of their role in security. The project is part of the excellence cluster CASA.
The project IVAN is concerned developing novel methods for detecting software backdoors. It combines concepts from security, program analysis, and machine learning to automatically identify unusual and insecure structures in code. The project is joint work with SAP Research.
PACO — Analysis and Discovery of Parser-Confusion Vulnerabilities
This project investigates vulnerabilities resulting from the interplay of parsers, such as polyglots in web browsers. The project establishes a formal view on these vulnerabilities and devises methods for discovering them in practice. The project is part of the excellence cluster CASA.
The project is concerned with developing new methods for digital forensics. It combines concepts from the fields of security, machine learning, and system simulation to detect characteristic traces of cybercrime. It is joint work with the University of Erlangen, ERNW, BSI, and BKA.
TWINS — Attacking Machine Learning and Digital Watermarking
The project TWINS investigates the security of machine learning and digital watermarking. Both domain seem disconnected, yet they suffer from similar attacks. The project's goal is to explore, formalize and join research concepts from both domains to strengthen their security.
The project is concerned with analysis of modern malware. It develop methods for large-scale detection of malicious activities in program behavior using machine learning. The project is joint work with VMRay, Siemens, and Deutsche Telekom.
The project is concerned with the detection of propaganda attacks in social media. It aims at establishing technical means for identifying automated and coordinated postings in social networks. The project is joint work with the University of Münster, Spiegel Online and Süddeutsche Zeitung.
The project is concerned with the analysis and mitigation of organized fraud in electronic commerce. The project links data mining algorithms with privacy-enhancing technology to identify fraudulent transactions without compromising the customers' privacy. The project is joint work with the Steinbeis-Hochschule Berlin and Zalando.
The project explores techniques for detecting targeted attacks in email and web communication. To cope with stealthiness and evasion, it focuses on identifying suspicious inconsistencies in communication, in contrast to searching for known attack patterns. The projects is joint work with Genua and the University of Erlangen.
MALTE — Machine Learning for Threat Intelligence
The project deals with applying machine learning techniques for threat intelligence and analytics. An extension to the analysis platform MANTIS is developed that enables retrieving and searching threat data efficiently. The project is joint work with Siemens.
The project deals with the development of security systems for industrial networks. By combining concepts from protocol analysis and machine learning, it aims at creating intelligent systems that adapt to industrial processes and spot anomalous activities. The project is joint work with Vattenfall, BTU Cottbus-Senftenberg, and Genua.
This project, funded with a Google Faculty Research Award, develops a system for modeling and discovering vulnerabilities in binary code. It combines concepts from classic binary analysis and reverse engineering with modern graph databases.
DEVIL — Detection of Software Vulnerabilities using Machine Learning
The project aims at developing methods for vulnerability discovery in source code using machine learning. To this end, structured representations of program code are embedded in feature spaces and analyzed using unsupervised learning for identifying vulnerable programming patterns.
PROSEC — Proactive Security for Convergent Communication
The project aims at protecting modern communication services, devices and infrastructures. Proactive concepts from computer security, such as honeypots, are coupled with machine learning for automatically detecting, analyzing and security threats. The project is joint work with TU Berlin, Alcatel-Lucent and Idalab.