Open Thesis

Intrusion Detection using Stochastic Block Models

communication networks ,machine learning, cyber security
Short Description:


Communication networks are already key in the everyday life of most people. From social interaction to controlling vital infrastructure, communication networks constitute one of the enabling technologies for the modern world. But this importance comes with challenges. Among others, it makes communication networks the target of attacks. Such attacks can take a variety of forms. Two prominent examples are denial of service and the gain of unauthorized access to machines/data. To securely operate a communication network it is of great importance to detect and mitigate attacks as early as possible.

In this context, the proposed project focuses on the collection and analysis of network traffic. The gained insights should then be utilized to detect malicious behavior. As a first step, your task is to implement an environment where known attacks can be carried out in a secure and observable manner. This especially includes:

  • setup of virtual machines that can be used as a target.

  • setup of virtual machines with attack capabilities.

  • architecture for collecting ground-truth data during the attack phase.

As a second step, your task is to evaluate methods for identifying traffic patterns of different attacks. In this context, a special focus lies on the research question of how so-called Stochastic Block Models (SBMs) can be used to detect specific forms of attacks.

Within this project, you will gain a broad overview of network security, which is a valuable asset for your future career. You will help us to develop mitigation strategies and thus directly contribute towards the improvement of network security. Of course, it is possible to do a student thesis within the scope of this project.


Please send a short intro of yourself together with your CV and transcript of record to us. We are looking forward to meeting you.


  • Basic knowledge of Linux

  • Basic Python programming skills
  • General understanding of communication networks (especially on packet level; protocols: IP, TCP/UDP)



Maximilian Stephan, Patrick Krämer

Ongoing Thesis

Master's Theses

Towards Log Data-driven Fault Analysis in a Heterogeneous Content Provider Network


Bayerischer Rundfunk (BR) operates a network to deliver content via television, radio and the internet to its users. This requires a highly heterogenous network. The network monitoring solution for the BR-network collects log data from involved devices and stores it in a central database. Currently, human operators make network management decisions based on a manual review of this log data. This especially includes root cause identification in case of network failures. Such a human-centric process can be tedious and does not scale well with increasing network complexity. In this thesis, the student should perform a thourough analysis of the described data and evaluate the potential for automated processing. Goal is to provide a data-driven approach that significantly supports human operators with identifying root causes in case of network failures.


Maximilian Stephan