Research Group
Machine Learning
and Security
View from our building over Berlin.

Research Projects

At TU Berlin

AIGENCY — Opportunities and Risks of Generative AI in Security

The project aims to systematically investigate the opportunities and risks of generative artificial intelligence in computer security. It explores generative models as a new tool as well as a new threat. The project is joint work with Fraunhofer AISEC, CISPA, FU Berlin, and Aleph Alpha.

BMBF 2023 – 2026

MALFOY — Machine Learning for Offensive Computer Security

The ERC Consolidator Grant MALFOY explores the application of machine learning in offensive computer security. It is an effort to understand how learning algorithms can be used by attackers and how this threat can be effectively mitigated.

ERC 2023 – 2028 Website

ALISON — Attacks against Machine Learning in Structured Domains

The goal of this project is to investigate the security of learning algorithms in structured domains. That is, the project develops a better understanding of attacks and defenses that operate in the problem space of learning algorithms rather than the feature space.

DFG 2023 – 2026

TELLY — Testing the Limits of Machine Learning in Vulnerability Discovery

The project aims to open the black box of machine learning in vulnerability discovery. Its goal is to systematically assess the limits of learning-based discovery approaches and derive a better understanding of their role in security. The project is part of the excellence cluster CASA.

DFG 2023 – 2026

IVAN — Intelligent Methods for Detection of Software Backdoors

The project IVAN is concerned developing novel methods for detecting software backdoors. It combines concepts from security, program analysis, and machine learning to automatically identify unusual and insecure structures in code. The project is joint work with SAP Research.

BMBF 2020 – 2023 Website

PACO — Analysis and Discovery of Parser-Confusion Vulnerabilities

This project investigates vulnerabilities resulting from the interplay of parsers, such as polyglots in web browsers. The project establishes a formal view on these vulnerabilities and devises methods for discovering them in practice. The project is part of the excellence cluster CASA.

DFG 2020 – 2023

At TU Braunschweig

ELSA — Explainable Learning for Security Applications

The project develops and analyzes novel methods for explaining deep learning in security applications. In contrast to prior work, it aims at modeling and analyzing the entire decision process of learning in security, exposing weak spots, ineffciency and vulnerabilities. The project is part of the excellence cluster CASA.

DFG 2019 – 2022

FIDI — Intelligent Data Analysis for Digital Forensics

The project is concerned with developing new methods for digital forensics. It combines concepts from the fields of security, machine learning, and system simulation to detect characteristic traces of cybercrime. It is joint work with the University of Erlangen, ERNW, BSI, and BKA.

BMBF 2018 – 2021 Website

TWINS — Attacking Machine Learning and Digital Watermarking

The project TWINS investigates the security of machine learning and digital watermarking. Both domain seem disconnected, yet they suffer from similar attacks. The project's goal is to explore, formalize and join research concepts from both domains to strengthen their security.

DFG 2018 – 2022

VAMOS — Efficient Analysis and Detection of Modern Malware

The project is concerned with analysis of modern malware. It develop methods for large-scale detection of malicious activities in program behavior using machine learning. The project is joint work with VMRay, Siemens, and Deutsche Telekom.

BMBF 2016 – 2020 Website

PropStop — Detection, Analysis and Mitigation of Online Propaganda

The project is concerned with the detection of propaganda attacks in social media. It aims at establishing technical means for identifying automated and coordinated postings in social networks. The project is joint work with the University of Münster, Spiegel Online and Süddeutsche Zeitung.

BMBF 2016 – 2019 Website

ABBO — Analysis and Mitigation of Organized Fraud in E-Commerce

The project is concerned with the analysis and mitigation of organized fraud in electronic commerce. The project links data mining algorithms with privacy-enhancing technology to identify fraudulent transactions without compromising the customers' privacy. The project is joint work with the Steinbeis-Hochschule Berlin and Zalando.

BMBF 2015 – 2018 Website

APT-Sweeper — Contextual and Structural Detection of Targeted Attacks

The project explores techniques for detecting targeted attacks in email and web communication. To cope with stealthiness and evasion, it focuses on identifying suspicious inconsistencies in communication, in contrast to searching for known attack patterns. The projects is joint work with Genua and the University of Erlangen.

BMBF 2016 – 2018 Website

At University of Göttingen

MALTE — Machine Learning for Threat Intelligence

The project deals with applying machine learning techniques for threat intelligence and analytics. An extension to the analysis platform MANTIS is developed that enables retrieving and searching threat data efficiently. The project is joint work with Siemens.

Siemens 2015 – 2015

INDI — Intelligent Intrusion Detection Systems for Industrial Processes

The project deals with the development of security systems for industrial networks. By combining concepts from protocol analysis and machine learning, it aims at creating intelligent systems that adapt to industrial processes and spot anomalous activities. The project is joint work with Vattenfall, BTU Cottbus-Senftenberg, and Genua.

BMBF 2014 – 2016 Website

BJOERN — Mining Binary Code for Vulnerabilities using Graph Databases

This project, funded with a Google Faculty Research Award, develops a system for modeling and discovering vulnerabilities in binary code. It combines concepts from classic binary analysis and reverse engineering with modern graph databases.

Google 2014 – 2016 Website

DEVIL — Detection of Software Vulnerabilities using Machine Learning

The project aims at developing methods for vulnerability discovery in source code using machine learning. To this end, structured representations of program code are embedded in feature spaces and analyzed using unsupervised learning for identifying vulnerable programming patterns.

DFG 2013 – 2016

PROSEC — Proactive Security for Convergent Communication

The project aims at protecting modern communication services, devices and infrastructures. Proactive concepts from computer security, such as honeypots, are coupled with machine learning for automatically detecting, analyzing and security threats. The project is joint work with TU Berlin, Alcatel-Lucent and Idalab.

BMBF 2011 – 2015