Domain-Specific Representation-Learning for Cyber Security

Objective:

Develop and evaluate representation learning methods on structured security log data. The goal is to capture domain-specific patterns from benign and attack behavior that can later support anomaly detection and explainability in cyber security.

Betreuer: Daniel Schlör

Key Tasks:

• Select security log datasets (e.g., sysmon, audit logs, Netflow) with rich feature diversity
• Analyze specific feature patterns, structures, cardinalities for relevant entities (e.g., commands, file paths, ports, Ips)
• Research fitting representation learning approaches
• Design preprocessing and input representations (e.g., sequences, token vectors, one-hot/categorical formats) and train models
• Visualize or cluster the embeddings to assess structure and separability of behavior patterns and known classes
• Evaluate influence of representations in end-to-end detection scenarios

Extension Directions (Master Thesis / Practica):

• Contrastive Learning for Anomaly and Threat Representation
• Complex Representations for Security Event Sequences
• Representation Evaluation for Explainability