Malicious software or malware is used to perform malicious activities on computer networks such as denial of service attacks, spam distribution, and data exfiltration. Solutions for detecting such activities rely on the development of so-called fingerprints: pieces of data that are unique to a specific activity. The researchers develop machine-learning technology that learns and detects such fingerprints, which are subsequently used to automatically recognise and pinpoint the presence of malware in large computer networks.

Using modern data stream mining techniques, the researcher is capable of learning complex behavioural models in real-time from vast amounts of network streams. These models provide insightful behavioural fingerprints that can be interpreted and matched with monitored network traffic to find all existing infections of the same malware. This approach is what makes the project unique.

The researcher pushes the boundary of software understanding by moving from traditional black box testing of unknown software towards white box testing by unravelling the internal structure of software through machine learning.