Use knowledge of malware and threats to build software that detects unknown threats.
Endpoint security, Anomaly detection, rule based detection, malware analytics
- Expected duration of thesis: 3-6 months
- Level: Hbo / BSc
- Profile: Programming education with a strong interest in security. Experience with Python is very highly recommended.
- Compensation: 500 euro/month
Fox-IT has developed an endpoint security solution that prevents malware execution. Additionaly, the software logs large amounts of events on the endpoints. The goal of this project is to use knowledge of malware and threats to build software that detects unknown threats from endpoint events generated by Fox-IT’s endpoint security solution.
The suggested project outline is as follows:
- Research typical malware characteristics and define theoretical methods to detect malware using rules. This will probably include elements such as the creation of registry keys, alternate datastreams and injection of processes.
- Build software to run these rules offline on a dataset of events. Test and document the results.
- Research typical malware characteristics and define theoretical methods to detect malware using a statistical approach. This will probably include elements such as the rarity of a process in the scope of a single system or the rarity of a registry write in the context of a population.
- Extend the software to also run the statistical detection methods. Test and document the results
- If the software runs successfully on a static dataset, modify the software to detect suspicious events in real time on the management server.
Please share your profile and motivation with us (vacature[at]fox-it.com). In case of questions please call Walter Doorduin at 00 31 6 419 01 011.