Postdoc-position on botnet detection

Home

Contact

Curriculum Vitae

Teaching

Research

Publications

Postdoc position

The Open Universiteit in the Netherlands is offering a two-year postdoc-position to research network-based botnet detection using machine learning. The research will be performed in close cooperation with semi-public and private project partners (SIDN, Quarantainenet, Solcon, XS4ALL). Hence, the project offers a splendid opportunity to combine theoretic research on botnet detection by applying machine-learning techniques with strong valorisation and practical relevance.

  • We are looking for an enthousiastic researcher who has (nearly) finished his/her PhD in Computer Science or a related field, and preferably has a background in digital security and/or artificial intelligence/data science.
  • The postdoc will be employed by the Open Universiteit. The postdoc will be located at the Radboud University (Nijmegen, in the Digital Security group) and/or the Open Universiteit (Heerlen, Department of Computer Science).
  • The project is supported actively by: SIDN, Quarantainenet, Solcon, and XS4ALL.
  • The duration of the project is two years.
  • Start is as soon as possible, preferably in September 2017.
  • The salary will be determined on basis of experience and qualifications, and will be in accordance with the general salary scales of the CAO-NU.

Design, application and governance of a botnet detection and profiling system (‘Dagobert’)

Abstract The Dagobert-project aims at improving internet security. It addresses the fight against botnets, which are networks of computers infected with malicious software that subsequently can be controlled remotely by cybercriminals to perform malicious activities. Cybercrime due to botnets imposes a major threat with large economical and societal impact. In the project, we will derive profiles of both known and unknown botnets and subsequently apply these profiles in a botnet detection system. We will research, develop and evaluate automated systems for real-time, large-scale, accurate botnet profiling and detection, as well as the governance for applying such systems at intranet structure providers.

Project goal The goal of the Dagobert-project is to develop and evaluate an automated system that accurately detects botnets at a national scale by real-time analysis of high-volume streams of real-life network traffic (in particular DNS) at internet infrastructure providers such as domain name registries and ISPs. We intend to achieve this by a novel approach that has the following elements:

  1. obtain ‘dedicated’ profiles of known botnets by applying advanced machine learning techniques (deep learning) on monitored network data at internet infrastructure providers;
  2. obtain ‘generic’ profiles (covering both known and unknown botnets) by applying advanced machine learning techniques on the dedicated profiles;
  3. develop, apply and evaluate a botnet detection system in which the dedicated and generic botnet profiles are used in parallel to detect the presence of botnets in real-life, real-time network data streams at internet infrastructure providers such as domain name registries and ISPs.

Besides these technical aspects, the Dagobert-project will also look into governance aspects when integrating and applying the botnet profiling and detection systems in the operational environments of internet infrastructure providers. These governance aspects address how risk management and strategic processes in these organisations are impacted and what measures are required to handle this impact.

Tangible and novel results of the Dagobert-project are:

  1. the botnet profiling system (to obtain dedicated and generic botnet profiles),
  2. the botnet detection system (which applies the botnet profiles),
  3. algorithms applied in these systems using machine learning and artificial intelligence, and
  4. insights on how to manage IT governance when integrating and applying these systems into the operational environments of internet infrastructure providers such as domain name registries and ISPs.

Project tasks The tasks are as follows:

  1. Preparation: The postdoc will contribute to establishing appropriate measures to protect privacy when accessing and processing network data at the project partners.
  2. Botnet profiling system: The postdoc will design the profiling system for deducing profiles from network traces. This includes analysis of static and dynamic properties of network traces, and methods and techniques in machine learning for deriving dedicated and generic profiles. The postdoc will implement the profiling system and also carry out experiments, in close cooperation with the project partners. The deliverable of this task is the design and implementation of the profiling system.
  3. Botnet detection system: The postdoc will design the botnet detection system. This includes research on machine learning methods and techniques. The postdoc will implement a prototype of the system and perform experiments to evaluate the performance of the system, in close cooperation with the project partners. A prototype of the detection system will be coupled to operational environments at the partners (SIDN, Solcon, XS4ALL) and experiments will be performed. The existing DNS-based botnet detection systems by Quarantainenet at the ISP partners (Solcon, XS4ALL) can be used as a basis for measuring accuracy for known botnets.
  4. Governance: The postdoc will study the impact caused by application of the botnet profiling system and the botnet detection system on the strategic processes and risk management.
  5. Scientific publications: The postdoc will write scientific papers. Expected subjects for scientific papers will be: (1) the profiling of botnets and the corresponding profiling system; (2) the detection of botnets and the corresponding botnet detection system; (3) experiments with the botnet detection system; (4) research results on governance aspects; (5) overall results obtained by the project and valorisation.

Project organisation The Dagobert-project is actively supported by four semi-public and private partners: Quarantainenet, SIDN, Solcon, and XS4ALL. These partners will

  • provide data sets and expertise,
  • participate in the project’s users and steering committee,
  • offer short internships for the postdoc,
  • support engineering and testing of the botnet profiling and detection systems in a live environment, delivering feedback on these tests, and
  • consider and evaluate governance aspects when applying the systems in their operational context.

The postdoc will be positioned in the Department of Computer Science of the Open Universiteit (Heerlen) and the Digital Security group at the Radboud Universiteit (Nijmegen) in the Netherlands. The postdoc will regularly visit the project partners. The project is supervised by Harald Vranken.

More info and application

For more info and sending your application, please contact

Dr.ir. Harald Vranken
Open Universiteit, PO Box 2960, 6401 DL Heerlen, The Netherlands
Telephone: +31-(0)45-5762373
E-mail: harald.vranken (at) ou.nl