Domain-Specific Representation-Learning for Cyber Security
06.05.2025Develop and evaluate representation learning methods on structured security log data. The goal is to capture domain-specific patterns from benign and attack behavior that can later support anomaly detection and explainability in cyber security.
Objective:
Develop and evaluate representation learning methods on structured security log data. The goal is to capture domain-specific patterns from benign and attack behavior that can later support anomaly detection and explainability in cyber security.
Betreuer: Daniel Schlör
Key Tasks:
- Select security log datasets (e.g., sysmon, audit logs, Netflow) with rich feature diversity
- Analyze specific feature patterns, structures, cardinalities for relevant entities (e.g., commands, file paths, ports, Ips)
- Research fitting representation learning approaches
- Design preprocessing and input representations (e.g., sequences, token vectors, one-hot/categorical formats) and train models
- Visualize or cluster the embeddings to assess structure and separability of behavior patterns and known classes
- Evaluate influence of representations in end-to-end detection scenarios
Extension Directions (Master Thesis / Practica):
- Contrastive Learning for Anomaly and Threat Representation
- Complex Representations for Security Event Sequences
- Representation Evaluation for Explainability