The center aims at developing threat intelligence methodologies that observe the system as a whole and apply formal modeling in conjuncture with the collection, processing, comparison, and analysis of system state information. Its research topics are:
Next to extracting various attack indicators, we aim to develop a universal model for describing malicious behavior.
Our applied work focuses on behavioral analysis of IT system activity and malicious software on API call level.
Anomaly detection and threat response is enabled by data mining procedures utilizing a multitude of algorithms.
Honeypot & kernel monitoring
We use honeypot and kernel monitoring technology to tempt attackers and learn about APT behavior.