Current research in the Laboratory of Software Architectures and Information Systems, Lasaris, at the Faculty of Informatics, Masaryk University, is focused on data analysis in the cybersecurity domain.
2020 – 2022
My role: Member of the research team, leader of the work package „SW for the evaluation of cybersecurity training“.
2018 – 2022
My role: Member of implementation team (academic staff).
2016 – 2019
My role: Co-investigator (leader at FI MU, software architect, head of the “visualization” research team).
2013 – 2015
My role: Co-investigator (leader at FI MU, head of the “visualization” research team).
The project was awarded by the Ministry of Interior for the exceptional results in the field of security research.
Subtopic: Visual analytics for cybersecurity training
Operational networks are not suitable for building and studying knowledge of cyber threats and training responses to them. Therefore, we develop and operate a flexible, scalable, and sophisticated cyber range since 2013, which serves as a virtual environment where hands-on cybersecurity training can be organized.
From the very beginning, we put emphasis on user experience, user-centered design of user interfaces, and the support of learning and visual analytics. Data collected from training sessions are analyzed in order to continuously improve the quality of training sessions and increase the impact on the trainees. Our research aims to provide visual situational awareness, insight into the abstract cybersecurity processes and threats, storytelling, and advanced analytical tools.
The KYPO Cyber Range Platform is used as a training platform for the regular education of students of Masaryk University as well as for the organization of the biggest cyber defense exercise in the Czech Republic called Cyber Czech (in cooperation with Czech NSA). In 2021 released as open-source.
- 2015: Ministry of Interior of the Czech Republic for exceptional security research results.
- 2021: European Commission’s Innovation Radar Prize for Innovation in Disruptive Tech.
Subtopic: Behavioral modeling and analysis
Practical cybersecurity training is strongly process-oriented. There is no tangible output like code to be assessed or compared. Instead, trainees have to solve tasks, e.g, „scan the network and find vulnerable server“ or „exploit the vulnerability to hack the server“. Therefore, process reconstruction and analysis are required to study behavioral patterns or to measure the quality of training sessions. We address these issues in two ways: (a) by designing models and simulations of cooperation strategies on complex networks, and (b) focusing on cybersecurity process discovery, compliance analysis, and behavior analysis for hands-on training programs by means of process mining techniques.
Subtopic: Digital forensics
The CSIRT team (Computer Security Incident Response Team) of Masaryk University is responsible for the investigation of suspicious computers connected to the university network. Together with them, we develop advanced visual and exploratory techniques to support the forensic investigation processes. We primarily focus on the analysis of file systems using user-centered design and visual techniques.
The FIMETIS (FIlesystem METadata analysIS) tool is developed in cooperation with the CSIRT (Computer Security Incident Response Team) team of Masaryk University, which is responsible for the investigation of cybersecurity incidents in the university network. Together with them, we develop advanced visual and exploratory techniques to support the forensic investigation processes. We primarily focus on the analysis of file systems using user-centered design and visual techniques.