Our research group conducts fundamental research at the intersection of computer security and machine learning. On the one end, we are interested in developing intelligent systems that can learn to protect computers from attacks and identify security problems automatically. On the other end, we explore the security and privacy of machine learning by developing novel attacks and defenses.
We are part of the Berlin Institute for the Foundations of Learning and Data (BIFOLD) at Technische Universität Berlin. Previously, we have been working at Technische Universität Braunschweig and the University of Göttingen.
August 26, 2024 — We are hiring! 🧑💻 We have a new open PhD student position in our research group. Further details are available here. The deadline for application is September 20, 2024.
August 14, 2024 — We are happy to receive the Distinguished Paper Award at the USENIX Security Symposium for our work on blind cross-site scripting. This was a great collaboration with our friends from TU Braunschweig.
July 4, 2024 — We present four papers at ASIACCS in Singapore, 🇸🇬. Felix discusses target selection in fuzzing, Jonas explores differential testing of JSON, Josiane tackles simbox fraud, and Alwin investigates instruction embeddings.
See all news and updates of the research group.
AML — Adversarial Machine Learning
This integrated lecture is concerned with adversarial machine learning. It explores various attacks on learning algorithms, including white-box and black-box adversarial examples, poisoning, backdoors, membership inference, and model extraction. It also examines the security and privacy implications of these attacks and discusses defensive strategies, ranging from threat modeling to integrated countermeasures.
This lab is a hands-on course that explores machine learning in computer security. Students design and develop intelligent systems for security problems such as attack detection, malware clustering, and vulnerability discovery. The developed systems are trained and evaluated on real-world data, providing insight into their strengths and weaknesses in practice. The lab is a continuation of the lecture "Machine Learning for Computer Security" and thus knowledge from that course is expected.
See all teaching course.
Seeing through: Analyzing and Attacking Virtual Backgrounds in Video Calls.
Proc. of the 34th USENIX Security Symposium, 2025. (to appear)
Evil from Within: Machine Learning Backdoors Through Dormant Hardware Trojans.
Proc. of the 40th Annual Computer Security Applications Conference (ACSAC), 2024. (to appear)
Pitfalls in Machine Learning for Computer Security.
Communications of the ACM, 67, (11), 2024.
Dancer in the Dark: Synthesizing and Evaluating Polyglots for Blind Cross-Site Scripting.
Proc. of the 33rd USENIX Security Symposium, 2024.
Distinguished Paper Award
See all publications of the research group.
AIGENCY — Opportunities and Risks of Generative AI in Security
The project aims to systematically investigate the opportunities and risks of generative artificial intelligence in computer security. It explores generative models as a new tool as well as a new threat. The project is joint work with Fraunhofer AISEC, CISPA, FU Berlin, and Aleph Alpha.
MALFOY — Machine Learning for Offensive Computer Security
The ERC Consolidator Grant MALFOY explores the application of machine learning in offensive computer security. It is an effort to understand how learning algorithms can be used by attackers and how this threat can be effectively mitigated.
ALISON — Attacks against Machine Learning in Structured Domains
The goal of this project is to investigate the security of learning algorithms in structured domains. That is, the project develops a better understanding of attacks and defenses that operate in the problem space of learning algorithms rather than the feature space.
See all projects of the research group.
Technische Universität Berlin
Machine Learning and Security, TEL 8-2
Ernst-Reuter-Platz 7
10587 Berlin, Germany
Office: office@mlsec.tu-berlin.de
Responsibility under the German Press Law §55 Sect. 2 RStV:
Prof. Dr. Konrad Rieck