PhD position on Characterizing and Detecting IoT Malware

• Hours40 hr.

• Salary indication€ 2,541 - € 3,247

• Deadline5 Jan 2023

The Centrum voor Veiligheid en Digitalisering (Centre for Safety and Digitalisation, CVD) is a knowledge institute in which companies and public organisations are collaborating on questions related to this theme. In this context,  the University of Twente, Saxion University of Applied Sciences, and the Police Academy of the Netherlands are setting up a joint research program around this time. The research program is centered around the 3 focus areas of the CVD: critical data & infrastructure, actionable intelligence and cyberresilience.

For each research line, two PhD candidates will work on this theme. The PhD students will work in a multidisciplinary fashion, in close collaboration with each other, and with the supervision teams with members from the different CVD partners. For more information about CVD, click here

About the Project
Internet of Things (IoT) devices have become ubiquitous. While they automate and simplify many aspects of users’ lives, recent large-scale attacks have shown that their sheer number poses a severe threat to the Internet infrastructure. In fact, cybercriminals have started to target this new technology for malicious purposes. In particular, we have witnessed the development and spreading of IoT-targeted malware, which infects IoT devices to create botnets and run distributed attacks. Unfortunately, because of the fundamental technological differences of the IoT ecosystem (e.g., low power and limited computational resources), traditional malware analysis and defense approaches are not applicable in this setting.

In this project, we will first design and develop methodologies and tools to understand and characterize IoT malware. This will allow us to depict a comprehensive picture of the current threat landscape and to identify the common properties of this new class of malicious behaviors. Then, we will leverage the obtained knowledge to research novel lightweight approaches to effectively and efficiently detect malware infections in IoT devices, mitigating dangerous attacks. Finally, we will investigate the scenario of supply chain attacks, i.e., malware being injected into third-party libraries that are embedded in the building process of IoT firmware.

Are you interested in this position? Please send your application via the 'Apply now' button below before January 6, 2023, and include:

• A motivation letter
• A detailed CV
• Names of 2 or 3 people that we can contact for additional information

For more information regarding this position, you are welcome to contact Andrea Continella, [email protected]

Digitalization brings many new opportunities for businesses and governments by fostering the development of innovative online services. However, this development also brings new challenges, notably in terms of intelligence, interoperability, security and privacy. The mission of the SCS group is to advance the development of innovative online services with improved quality through context-alignment and with reduced security and privacy threats.

Due to the central role and importance of data, our Cybersecurity research strategy at the Services and Cybersecurity (SCS) group follows a data-centric approach. This approach tackles the challenge of defending computer systems as a whole from two different angles, namely by mitigating the risk imposed by ubiquitous data but also by taking the opportunities provided by data richness. First, we research security mechanisms to provide security for data not only while stored and transmitted over networks as implemented by conventional systems but even during data processing. Second, we research the use of data for security and envision a world in which the continuously increasing amounts of data are utilized to identify, analyze, prevent, and respond to cyber-threats. Both research directions are based on the analysis of existing systems and software but also on the design of novel systems.

The faculty of Electrical Engineering, Mathematics and Computer Science (EEMCS) uses mathematics, electronics and computer technology to contribute to the development of Information and Communication Technology (ICT). With ICT present in almost every device and product we use nowadays, we embrace our role as contributors to a broad range of societal activities and as pioneers of tomorrow's digital society. As part of a people-first tech university that aims to shape society, individuals and connections, our faculty works together intensively with industrial partners and researchers in the Netherlands and abroad, and conducts extensive research for external commissioning parties and funders. Our research has a high profile both in the Netherlands and internationally. It has been accommodated in three multidisciplinary UT research institutes: Mesa+ Institute, TechMed Centre and Digital Society Institute.