Ir. S.E. (Sicco) Verwer
Ir. S.E. (Sicco) Verwer
My team (Azqa Nadeem, Laurens Bliek, Chris Hammerschmidt, and me) recently participated and won the first robust malware detection challenge! We developed a new algorithm for adversarial machine learning in discrete spaces, which won both the attack and defence tracks! More information at: sites.google.com/view/advml/advml19-challenge
I got awarded a prestigious VIDI grant from TTW to continue my work on learning state machine models from software! In particular, the goal of this grant is to use properties of data coming from software such as the near absence of noise to improve learning algorithms when applied such data. I have openings for two PhD students and one scientific programmer on this project.
I am an assistant professor in machine learning with applications in cyber security, software engineering, and mathematical optimization. My broad interest is in the development of new machine learning technology, in particular, state machine learning.
I focus on using machine learning for tasks other than prediction, such as analysis, optimization, control, and verification.
My main research line is to learn interpretable models from software logs such as network traces. To this aim, we have developed the open source flexfringe tool ( https://automatonlearning.net), an implementation of flexible learning of state machines from trace data. We have used flexfringe for learning behavioral profiles of malware, learn models for intrusion detection in industrial control systems, and discover bugs in payment systems.
I am assistant professor in machine learning with applications in cyber security and software engineering at TU Delft since 2014. Before this, I have been a postdoctoral researcher for several years at RU Nijmegen, KU Leuven, and TU Eindhoven. I have worked on several topics in machine learning and am best known for my work in grammatical inference, i.e., learning state machines from trace data. I have researched and implemented several algorithms for learning such models including RTI, which is one of the first that is able to learn timed automata. In 20130, I received a VENI grant from STW to extend this work and apply it in cyber security. Other recent work includes several methods for declarative modelling of machine learning problems using mathematical solvers, and making classifiers discrimination-aware.
I teach two courses in the cyber security master at TU Delft: Cyber Data Analytics and Automated Software Testing and Reverse Engineering. If you are interested in the research performed by my lab, or joining as PhD or MSc student, please have a look at my publications and past publicly available MSc and BSc theses.
- Sicco Verwer and Yingqian Zhang - Learning optimal classification trees using a binary linear program formulation
- Gaetano Pellegrino, Qin Lin, Christian Hammerschmidt, and Sicco Verwer - Learning behavioral fingerprints from Netflows using Timed Automata
- Sicco Verwer, Rémi Eyraud, and Colin de la Higuera - PAutomaC: a probabilistic automata and hidden Markov models learning competition
- Marijn Heule and Sicco Verwer - Software model synthesis using satisfiability solvers
- Toon Calders and Sicco Verwer - Three naive Bayes approaches for discrimination-free classification
- Sicco Verwer, Mathijs de Weerdt, and Cees Witteveen - The efficiency of identifying timed automata and the power of clocks
MSc Theses 2018-2019
- Xiaotong Shi - Anomaly detection and diagnosis in ASML event log using attentional LSTM network
- Takang Kajikaw Etta Tabe - Automated data exfiltration detection using netflow metadata
- Hugo Reinbergen - Identifying Anomalous Transitions in SIP Traffic: Using PDFA State Merging
- Sofia Tsoni - Log Differencing using State Machines for Anomaly Detection
- Sandesh Manganahalli Jayaprakash - Behaviour Modelling and Anomaly Detection in Smart-Home IoT Devices
- Hans Schouten - Learning State Machines from data streams and an application in network-based threat detection
- Shiwei Bao - A Robust Solution to Train Shunting using Decision Trees
- Shijian Zhong - Solving Train Maintenance Scheduling Problem with Neural Networks and Tree Search
- Xiwei Shen - Predicting vulnerable files by using machine learning method
- Azqa Nadeem - Clustering Malware's Network Behavior using Simple Sequential Features - winner best graduate of the EEMCS faculty!
- Yikai Lan - Monitoring Release Logs at Adyen: Feature Extraction and Anomaly Detection
- Sander van Santvoort - Remaining Useful Life Estimation Using Explicit Duration Hidden Markov Models
- Lu Dai - A machine learning approach for optimisation in railway planning
- Valentine Mairet - Project Mapyen: A network analysis tool to identify anomalous host behaviours
- Wesley van der Lee - Vulnerability Detection in Mobile Applications Using State Machine Modeling
Master Theses until 2018
- Yuzhu Yan - SSH Implementations: State Machine Learning and Analysis
- Rick Wieman - What Does Passive Learning Bring To Adyen?
- Xiaoran Liu - Anomaly Detection on the Digital Video Braodcasting System
- Laurent Verweijen - Optimizing Greenhouse Heat Production in Lansingerland: Using Simulated Annealing and Simulation
- Vincent van Mieghem - Detecting malicious behaviour using system calls
- Mark Janssen - Combining learning with fuzzing for software deobfuscation - winner 2016 RERS competition!
- Krijn Wijnands - Using endpoints process information for malicious behavior detection
- Arthur Breurkes, Maikel Kerkhof, Ricardo Jongerius, Ties Westerborg - BachelorEnd Project: Real-time anomaly detection in critical Rabobank Processes
- K.Q Lampe, J.C.M. Kraaijeveld, T.D. Den Barber - Mobile Application Security: An assessment of bunq's financial app
Alert-driven Attack Graph Generation using S-PDFA
A. Nadeem / S.E. Verwer / Stephen Moskal / Shanchieh Jay Yang
Intelligent Malware Defenses
A. Nadeem / Vera Rimmer / Joosen Wouter / S.E. Verwer
Open-World Network Intrusion Detection
Vera Rimmer / Azqa Nadeem / Sicco Verwer / Davy Preuveneers / Wouter Joosen
Beyond Labeling: Using Clustering to Build Network Behavioral Profiles of Malware Families
A. Nadeem / C.A. Hammerschmidt / C. Hernandez Ganan / S.E. Verwer
Black-box mixed-variable optimisation using a surrogate model that satisfies integer constraints
Laurens Bliek / Arthur Guijt / Sicco Verwer / Mathijs De Weerdt