If your are interested in doing a Praktikum, a diploma thesis,
or a doctoral thesis in the area of computer security, please
contact me by sending an email to this address. Note
that some of the Praktika and theses are funded. That
is, you get paid to be able to concentrate on the given tasks.
Topics
Virus Collection
Anti-virus software requires an accurate and up-to-date
virus description database. Thus, it is of particular
importance to get samples of unknown viruses as quickly as
possible to start immediate analysis and signature
generation. This work aims to analyze current approaches
to get virus samples and to develop novel techniques to
obtain such samples (both for SMTP-based viruses and other
spreading mechanisms). The work will be funded and is
performed in cooperation with Ikarus Software (an Austria
anti-virus vendor).
Prerequisites:
Excellent programming, very good networking knowledge.
Worm Early Warning System
Recent epidemics have shown the potential of
fast-spreading worms to infect a large percentage of
vulnerable machines within minutes. Thus, it is
imperative to stop a worm outbreak as soon as possible,
using fully-automated mechanisms. This work aims to
analyze current worm detection and containment approaches
and to develop novel techniques to quickly and accurately
detect spreading worms. The work will be funded and is
performed in cooperation with Ikarus Software (an
Austria anti-virus vendor).
Prerequisites:
Very good programming, excellent networking knowledge.
Mail Content Analysis and Spam Detection
Email spam is becoming an increasing problem, and studies
show that a large fraction of all email sent worldwide is
unsolicited. Current solutions such as SpamAssassin still
work satisfactorily, but spammers have caught up and
explicitly target the current detection mechanisms (rule
sets and Bayesian content analysis). This work aims to
analyze current Spam detection approaches and to develop
novel techniques to separate Spam from Ham. The work will
be funded and is performed in cooperation with Ikarus
Software (an Austria anti-virus vendor).
Prerequisites:
Very good programming, very good networking knowledge,
SpamAssassin knowledge favorable.
Virus Detection
Anti-virus software requires an accurate and up-to-date
virus description database. Currently, the number of new
viruses that emerge every month reaches into the
thousands. For each virus, a precise signature needs to
be specified. Thus, it is important to automate the
signature generation, and to minimize false positives that
occur when a signature accidentally matches a benign
file. This work aims to analyze the current approaches
for signature generation and to develop techniques and
tools to support the fast and accurate
signature generation. The work will be funded and is
performed in cooperation with Ikarus Software (an Austria
anti-virus vendor).
Prerequisites:
Excellent programming, very good operating system
knowledge, virus development knowledge favorable.
Anomaly Intrusion Detection
Intrusion detection is the task of detecting attacks
against a network and its resources. Anomaly detection is
based on the analysis of network traffic or
system/application behavior. The idea is to build models
of normal behavior. Then, any deviations from normal
behavior can be flagged as an attack. We have previously
built a small collection of models that analyze web
service requests and operating system calls. This work
aims to analyze the effectiveness of the present models
and to provide additional or improved ones. In addition,
the detection domain can be extended (for example, to
web services).
Prerequisites:
Excellent programming, good networking and operating
system knowledge, background in statistics.
Intrusion Alert Correlation
An intrusion detection system attempts to identify attacks
against a network and its resources. Alert correlation is
a process that takes as input the alerts produced by one
or more intrusion detection systems and provides a more
succinct and high-level view of occurring or attempted
intrusions. The aim of this work is to analyze
current alert correlation approaches and to identify
their shortcomings. Based on this analysis, novel
correlation techniques should be developed that address
additional issues such as privacy concerns when different
organizations want to share and correlate some of
their information.
Prerequisites:
Excellent programming, very good networking knowledge.
Internet Routing Security
The Border Gateway Protocol (BGP) is the de-facto Internet
routing protocol between ASes (autonomous systems). It
is known that BGP has weaknesses that are fundamental to
the protocol design. Many solutions to these weaknesses
have been proposed, but most require resource intensive
cryptographic operations and modifications to the
existing protocol and router software. For this reason,
none of them have been widely adopted. This work aims to
analyze the problems of BGP and the solutions that have
been proposed. Based on this analysis, novel techniques
should be developed that help to detect attacks and
common misconfigurations, using only passive traffic
analysis without protocol modifications.
Prerequisites:
Very good programming, excellent networking knowledge.
Vulnerability Testing Framework
The evaluation of security protection mechanisms is a
tedious task that is often done in an ad-hoc fashion. For
testing, the developer usually identifies a few attacks
and checks the effectiveness of her tool in these
cases. This neither allows the comparison
between different protection mechanisms nor a reasonable
coverage. This work aims to develop a testing framework
for security solutions. For this framework, it is
required to come up with ways to automatically set up a
diverse test environment, integrate the security mechanism
under analysis into this setup, and then run a set of
test instances.
Prerequisites:
Excellent programming, very good Unix operating system knowledge.
Praktikum Information
The purpose of a Praktikum is to gain experience in the design
and development of a real-world software project. You have to
become acquainted with standard open-source development tools
such as build tools (autoconf, automake), debuggers (gdb,
valgrind) or version control systems (cvs). In addition, you
should learn how to write solid and stable code. Praktika are
available most of the time (there is always some work that
needs to be done), so feel free to ask.
Master and Ph.D. Thesis Information
When doing a master thesis or a Ph.D. thesis, I expect you to
perform scientific research. This means that you have to find
an interesting problem (alternatively, you can ask me about
one) and solve it in a novel fashion. Then, you have to verify
the feasibility of your solution by providing experimental
data. The difference between a master and a Ph.D. thesis is
the problem size and the expected degree of your
autonomy. When doing a master thesis, you can focus on a
particular problem and you will receive more guidance when
difficult problems crop up. When doing a Ph.D. thesis, you are
expected to be able to compete with world-leading experts in a
particular field at the time you graduate.
