PhD position on Explainable Incident Response -- TUCCR
at Universiteit Twente
7522 Enschede, Overijssel, Netherlands -
| Start Date | Expiry Date | Salary | Posted On | Experience | Skills | Telecommute | Sponsor Visa |
|---|---|---|---|---|---|---|---|
| Immediate | 23 Dec, 2024 | ANG 2 Annual | 26 Sep, 2024 | N/A | Good communication skills | No | No |
Required Visa Status:
| Citizen | GC |
| US Citizen | Student Visa |
| H1B | CPT |
| OPT | H4 Spouse of H1B |
| GC Green Card |
Employment Type:
| Full Time | Part Time |
| Permanent | Independent - 1099 |
| Contract – W2 | C2H Independent |
| C2H W2 | Contract – Corp 2 Corp |
| Contract to Hire – Corp 2 Corp |
Description:
KEY TAKEAWAYS
Hours
40 hr.
Salary indication
Salary gross/monthly
based on full-time
€ 2,872 - € 3,670
Deadline
6 Oct 2024
Analysts working in Security Operations Centres (SOCs) investigate thousands of alerts daily, often leading to burnout and fatigue. In recent years, machine learning (ML) has emerged as a promising solution to automate the workflows of SOC analysts. However, analysts are often contractually obligated to investigate all alerts, thus, making it critical that they can understand how such ML-based solutions work.
The objective of this PhD project is to create ‘AI-assisted practitioners’ for incident response by developing novel human-in-the-loop ML algorithms that reduce analyst workload and provide decision-making assistance. We propose to develop explainable ML algorithms that summarize large volumes of observable data (intrusion alerts, network & system logs) to discover contextually meaningful patterns from them. The student will conduct fundamental research and explore various learning paradigms to develop actionable explanations from these discovered patterns that are tailored to the operator’s expertise. The evaluation of these algorithms will be done under closed-world and open-world settings. For the closed-world setting, a major challenge is the lack of suitable datasets to evaluate ML models. The student will set up a testbed together with our industry collaborators for the collection of intrusion alert datasets. For the open-world setting, the student will deploy these algorithms in real SOC environments to measure the extent of workload reduction experienced by the analysts. In doing so, we aim to develop technologies that are not only novel but also have real-world applications.
The PhD student will be embedded within the Semantics, Cybersecurity, and Services (SCS) group at the University of Twente. The student will have the opportunity to participate in internships and/or collaboration with industry partners under the TUCCR initiative. The SCS group offers a stimulating, supportive, and diverse research environment, as well as plenty of opportunities for personal and professional growth.
Responsibilities:
Please refer the Job description for details
REQUIREMENT SUMMARY
Min:N/AMax:5.0 year(s)
Education Management
IT Software - Other
Education, Teaching
Graduate
Proficient
1
7522 Enschede, Netherlands
