Huawei Artificial Intelligence for Cyber-Security Research Team
An applied research team that exploits AI/ML techniques for threat detection
The Huawei Artificial Intelligence for Cyber-Security (AI4Sec) Research Team is responsible for the research and results of AI-based next-generation threat detection capabilities required for Huawei’s core security technologies. Our current projects are focused on detection of sophisticated threats via graphs analysis, clustering of user’s behaviors for detecting anomalies, ML-based malware analysis and detection, and automatic cyber-threat intelligence extraction.
- [10/2021] Zengyu Yan joins AI4Sec as research intern
We are happy to welcome onboard Zengyu Yan as research intern: she will be doing her internship on the topic of mining and comprehension of cyber threat intelligence.
- [10/2021] Prerak Gupta joins AI4Sec as research intern
We are happy to welcome onboard Prerak Gupta as research intern: he will be doing his internship on the topic of cyber-threat intelligence extraction.
- [09/2021] We have new openings!
Read more at Careers.
- [09/2021] Marco Gullotto and Matteo Bunino join AI4Sec as research interns
We are happy to welcome onboard Marco Gullotto and Matteo Bunino as research interns: they will be doing their internship on the topic of malware analysis and detection with machine learning.
- [08/2021] Huawei Enters the 2021 Gartner Magic Quadrant for Security Information Event Management
We are happy to announce that Huawei enters the 2021 Gartner Magic Quadrant for Security Information Event Management Report. The report confirms the ability of Huawei HiSec Insight Advanced Threat Analytics System (HiSec Insight for short) to interwork with a series of security components, such as the network traffic analyzer (NTA), sandbox, online behavior management, identity and access management (IAM), and endpoint detection and response (EDR). Through its extensive interworking capabilities, HiSec Insight implements Security Orchestration, Automation and Response (SOAR), helping customers quickly manage threat events in a closed-loop manner.
The Gartner report highlights the fact that two of the key components for threat analysis of Huawei HiSec are the AI4Sec’s Peer Group Analysis and Network Entity Risk Ranking System modules.
- [07/2021] Marco Brotto joins AI4Sec as research intern
We are happy to welcome onboard Marco Brotto as research intern: he will be doing his internship on the topic of lateral movement detection.
- [06/2021] 1st Huawei Innovation Workshop on Artificial Intelligence for Cyber-Security
We are pleased to lunch the inaugural edition of the "1st Huawei Innovation Workshop on Artificial Intelligence for Cyber-Security". The workshop will take place (virtually) on 23rd July 2021 (9AM-5PM CEST), and will be jointly organized by the Huawei AI4Sec Research Team (Munich Research Center) and Huawei Datacom. More info are available at https://ai4sec.net/IW2021.
- [06/2021] We have new openings!
Read more at Careers.
With statistics showing an average of 350,000 new malicious programs (malware) released on the wild on a daily basis, it is important to provide organizations with efficient and advanced techniques able to analyse and detect various strains of malware.
Traditional Network Behavior Anomaly Detection (NBAD) systems model a network's normal behavior via a per-host or a per-network approach. The per-host model provides high recall, however, it typically suffers from noise and false alarms. On the other hand, the per-network model is more robust at the expense of lower recall.
At the end of 2017, the cryptocurrency market reached a market capitalization of over $600 billion. However, the potential financial gains are attracting not only investors but also malicious actors. Illicit cryptocurrency mining has become one of the prevalent methods for monetization of computer security incidents. In this attack, victims' computing resources are abused to mine cryptocurrency for the benefit of attackers.
Advanced attacks consist of unknown and partially untraceable actions across multiple network entities, which make widely used single point solutions conceptually incapable of reconstructing the complete attack story. Sophisticated attackers attempt to cover but unavoidably do leave traces that end up in the midst of huge amounts of network traffic data and tens of millions of logs produced by organization-level IT networks daily. Despite considerable technological advancement and algorithmic maturation of combined rule-, statistics- and machine learning-based threat detection systems, SOC analysts are still challenged by overwhelming amounts of false positives and the lack of an overall system that uncovers hidden traces and reconstruct the complete and individual attack story with high precision and recall.
Cybersecurity Threat Intelligence is a model of the cybersecurity threat landscape, comprising an ontology of entities and their interrelations. It represents an essential tool for defenders to become aware of relevant threats, timely and comprehensively.
In enterprise- and organization-level IT networks, a continuously increasing amount of security-related alerts are triggered daily by detection modules which are implemented at various security system levels and use network traffic, host and application logs and events from security appliances as input. In order not to miss real incidents (true positives), alert-raising detection modules must be tuned conservatively. That means, alerts must be raised even if there is a low level of certainty that an actual security threat has been detected. The consequence is the common problem of high false positive rates, which makes manual inspection of security alerts increasingly challenging.
Collaboration with the Chair of Network Architectures and Services from the Department of Informatics at Technical University of Munich (TUM)
Mass Entity Modelling based on TLS-Encrypted Traffic Analysis
Within the scope of the Joint Lab, which is a collaboration framework established by the Munich Research Center of Huawei and the Technical University of Munich (TUM), AI4Sec is collaborating closely with the Chair of Network Architectures and Services (NET) from the Department of Informatics (IN) at TUM on the topic of Mass Entity Modelling based on TLS-Encrypted Traffic Analysis. The objective of the project is to design and develop a framework capable of actively, efficiently and autonomously scanning the Internet in various ways, analyzing the resulting TLS fingerprints and extracting information that allows the system to draw security-relevant conclusions about the scanned entities.
Lead: Prof. Dr.-Ing. Georg Carle (NET IN TUM), Tan Jing (Huawei AI4Sec)
Staff: NET IN TUM: Patrick Sattler, Markus Sosnowski, Johannes Zirngibl
Huawei AI4Sec: Claas Grohnfeldt, Michele Russo, Daniele Sgandurra, Nedim Šrndic
- We are looking for an PhD Candidate in Malware Analysis to research in the area of malware analysis based on machine learning (ML). We are particularly interested in the research for improving anti-analysis mitigation techniques to cater for packing, obfuscation, anti-sandboxing, as well as for detecting and eliciting malware behavior. This is a four-year contract position, starting from the date of PhD (see PhD Requirements). More information and the application are available here.
- We are looking for a (Senior) Machine Learning Researcher. This is a full-time, permanent position. Your task will be to advance ML/AI algorithms and scale them on large datasets in the cybersecurity domain to produce state-of-the-art results for both academic publications and practical applications. As a member of our team, you will collaborate with fellow ML/AI researchers, security experts, PhD students and interns, and be a driver of collaborations with external research groups. More information and the application are available here.
- We are looking for a Cyber-Security Researcher in Binary Analysis. This is a full-time, permanent position. As a member of the AI4Sec Research Team, you will be performing applied research aimed at developing novel methods for analyzing malware binaries aimed at extracting control-flow graphs and behavioral signatures also in presence of packed or evasive malware. More information and the application are available here.
- We are looking for a Cyber-Security Researcher in Malware Analysis and Detection. This is a full-time, permanent position. As a member of the AI4Sec Research Team, you will be performing applied research aimed at analyzing advanced malware and developing novel methods for their detection and mitigation. More information and the application are available here.
- [CLOSED] We are looking for an looking for an enthusiastic and motivated Intern in NLP for Threat Intelligence. This is a full-time position for 6 months. Ideally, you already have in-depth knowledge programming with NLP, ML or knowledge graph libraries. Under the supervision of our internal scientists, you will support our research focused on mining and comprehension of Cyber Threat Intelligence (CTI).
- [CLOSED] We are looking for an enthusiastic and motivated Intern in Malware Analysis and Detection. This is a full-time position for 6 months. Ideally, you already have first hands-on experience and knowledge in cybersecurity and machine learning (ML). In collaboration with AI4Sec team members, you will support our research focused on improving ML-based dynamic analysis of known and unknown malware.
- Various Positions
We regularly advertise positions in our team: therefore, we suggest interested candidates to check this page regularly for future opportunities. We are particularly interested in talented PhD candidates and interns. In both cases, ideal candidates should have background, or being strongly interested, in the topics of malware analysis, network/computer security, and threat intelligence. It is also recommended candidates to have a strong interest in machine learning and be passionate about performing research in real environments. To inquiry availability of PhD positions, please send us (see contacts above):
- (i) your updated CV (including transcripts of all exams and link to your MSc thesis);
- (ii) a 1-page research statement (preferably on the research topics of AI4Sec),
- (ii) and two contact persons who could act as reference.
Candidates for internships would have to be enrolled in an MSc or PhD in Computer Science (or any related field), and would be expected to write their thesis in the topic of Cyber Security. Ideal candidates for internships should also have a good publication history and should be willing to perform development and evaluation of prototypes in real-world environments.
Huawei's Munich Research Center
AI4Sec Research Team is located within Huawei's Munich Research Center. Huawei's Munich Research Center is responsible for advanced technology research, architectural development, design and strategic engineering of Huawei's products. Career opportunities at Huawei's Munich Research Center are available at this page.