KIT Career ServiceKIT internalsTheses at KIT

Audit log data conversion and enhancement for DARPA TC Engagement CDM records

Research topic/area
Security, Data Science, KI/ML
Type of thesis
Master
Start time
08.12.2025
Application deadline
01.01.2027
Duration of the thesis
6 Monate

Description

The de-facto standard datasets for evaluating APT attack detection approaches are the DARPA Transparent Computing (TC) Engagement 3 and 5 datasets. Many attack detection approach implementations are evaluated using these datasets and thus feature parsers for this specific data format. To integrate the dataset from our cyber range, we want to convert the raw audit data to the DARPA CDM format.

For this, different methods of data conversion and enrichment shall be implemented and evaluated. DARPA provides an API for their existing Kafka-based code to generate CDM records, which can be used to implement a naive data mapping utility.

Also, MoCoRe by Gstür et al. shall be used for data conversion and its data enrichment capabilities. With MoCoRe, additional data can be extracted and visualisations like network and provenance graphs be created.

See https://www.iai.kit.edu/english/973_5479.php for the original thesis announcement including figures.


Main Tasks:
• Familiarization with the TC Engagement datasets and data format and auditing systems for Linux and Windows
• Evaluating the use and benefit of ML for data extraction, conversion and validation
• Implementation of a data conversion utility
• Implementation of data enrichment and visualisation
• Evaluating and validation of the data

What we offer:
• Possibility of contributing to scientific publications
• Close supervision
• Thesis in English or German possible
• Opportunity to work with machine learning models and research data
• Student assistant position or familiarisation period possible

Requirement

Requirements for students
  • Studies in Computer Science
  • Python, C++ or Java programming skills
  • Basic understanding of machine learning and data types
  • Basic knowledge of system calls and network traffic

Faculty departments
  • Engineering sciences
    Informatics


Supervision

Title, first name, last name
Richard Rudolph, Moritz Gstür
Organizational unit
Institut für Automation und angewandte Informatik (IAI)
Email address
richard.rudolph@kit.edu
Link to personal homepage/personal page
Website

Application via email

Application documents
  • Cover letter
  • Grade transcript

E-Mail Address for application
Senden Sie die oben genannten Bewerbungsunterlagen bitte per Mail an richard.rudolph@kit.edu


Back