Ongoing PhD projects

CMI PhD projects

Detecting Malware and Cyber Attacks using ISP Data

The overall goal of the project is to develop methods to use Internet and mobile telephony providers' knowledge of customers and data traffic to identify cyber-attacks and malware infections, as well as develop tools to actively exploit this knowledge and relate it to different customer segments. Telenor, as an Internet and mobile telephony provider, has much more data on the customer base than can be deduced from the IP traffic which has been the subject of previous research. This extra data is not only expected to improve the precision of existing detection methods, but also to contribute to the commercial use of the results. From a research perspective, the results are obtained through the combination of state-of-the art research including methodologies already developed on AAU, knowledge, data and commercial understanding from Telenor, and the results expected to be created in the project. Commercially and strategically, the project will provide important knowledge for Telenor, as in addition to product development in an area of strong growth, it will lead to closer customer contact and additional sales opportunities to detect attacks/malware for customers. From a society perspective, the project is also interesting as it will help to combat cyber-attacks and improve the mapping of cyber-attacks/malware prevalence in Denmark, which is useful knowledge to estimate the general societal threat level.

Supervisor: Jens Myrup Pedersen            Co-Supervisor: Emmanouil Vasilomanolakis