The gist of the project is to develop semi-automated methods for cyber-security incident response. This requires applications at the intersection between Computer Security (for attack detection and response planning) and Human-Computer-Interaction (for effective communication and trust-building techniques between the system and the operator).
The overall goal of SeReNity is to develop the technologies needed to move towards automated incident response in the cybersecurity domain. This requires not only reliable detection and alert prioritization techniques, but also an effective integration of event data and automated analysis results in the response process.
The candidate in this project will work with state-of-the-art detection and alerting technologies deployed in the Security Operation Center (SOC) operated by the Department of Mathematics and Computer Science at the Eindhoven University of Technology, and in collaboration with an industrial leader in the domain of cyber-attack detection and response.
The PhD student applying to this position will have the opportunity to work on technical as well as human-level aspects of information security; the goal is to develop methods and techniques to effectively and timely extract and communicate information on security incidents to the (human) analysts operating the SOC. These techniques should aim toward a semi-automated response process, whereby the provided information can be immediately 'operationalized' into a response strategy or plan. This requires not only technical and analytical developments in the area of attack detection, but also the evaluation of trust-building techniques to increase the operator's confidence in the provided information.
An extensive project description is available on request.
- carry out research within the project, in cooperation with the other parties involved;
- develop the techniques and tool prototypes required by the project, in cooperation with the other parties involved;
- contribute to the writing of scientific papers;
- finishing a PhD thesis within four years;
- contributing to the teaching activities of the Security group.