Intern
    Data Science Chair

    Domain-Specific Representation-Learning for Cyber Security

    06.05.2025

    Develop and evaluate representation learning methods on structured security log data. The goal is to capture domain-specific patterns from benign and attack behavior that can later support anomaly detection and explainability in cyber security.

    Objective:

    Develop and evaluate representation learning methods on structured security log data. The goal is to capture domain-specific patterns from benign and attack behavior that can later support anomaly detection and explainability in cyber security.

    Betreuer: Daniel Schlör

    Key Tasks:

    • Select security log datasets (e.g., sysmon, audit logs, Netflow) with rich feature diversity
    • Analyze specific feature patterns, structures, cardinalities for relevant entities (e.g., commands, file paths, ports, Ips)
    • Research fitting representation learning approaches
    • Design preprocessing and input representations (e.g., sequences, token vectors, one-hot/categorical formats) and train models
    • Visualize or cluster the embeddings to assess structure and separability of behavior patterns and known classes
    • Evaluate influence of representations in end-to-end detection scenarios

    Extension Directions (Master Thesis / Practica):

    • Contrastive Learning for Anomaly and Threat Representation
    • Complex Representations for Security Event Sequences
    • Representation Evaluation for Explainability

     

    Zurück