We research a wide range of cybersecurity topics. Our current projects span network measurement and traffic analysis, network security, and testbeds for security. We study ways to improve technologies and skills of security teams. We build systems and prototypes, and much of the research is grounded in operational deployment.
Network Measurement and Traffic Analysis
We aim to reliably measure and analyze network data to understand current and emerging threats. We research ways to generate, collect and analyze large volumes of data in ever-evolving networks. We develop, deploy and operate a state of the art infrastructure for network measurement and traffic analysis to gain cyber situational awareness.
We focus on technologies enabling security analyses over big data. We research mechanisms for efficient operation of security teams through data acquisition, collaborative analysis, information sharing, and automated decision support. We develop methods for automation of sophisticated network attacks and focus on their large-scale simulations and evaluation.
Testbeds for Security
We aim at building knowledge of new cyber threats and training in correct and timely responses to them. We research innovative methods for learning cutting-edge cybersecurity skills. We develop virtualized, controlled and monitored environments to provide complex simulations of cyber systems and networks.
Pavel’s research interest spans multiple areas and includes network measurement and traffic analysis, network security, and cybersecurity testbeds for research and education. The research topics are subject of many projects, national and international collaborations, and Ph.D. dissertations.
Milan focuses on the development of advanced methods for detection of attacks and anomalies in network traffic using modern approaches and technologies. In addition to forensic analysis of network traffic, he is also interested in the topic of creation and sharing of network datasets and their use in the evaluation of new analytical methods. Milan uses his knowledge of various areas of computer security not only in our research projects but also in teaching within the Laboratory of Cyber Security at FI MUNI.
PUBLICATIONS | Scholar | ORCID | RESEARCH GATE | LINKEDIN
Martin devoted himself to high-speed network data analysis and anomaly identification. The results of his work were deployed both in the MUNI environment and are actively used by the Czech Police. His interest gradually shifted into the field of offensive technologies, APT, and autonomous attackers. Due to his cooperation with NATO member states, he participated in the formulation of the reference architecture of autonomous cybersecurity systems. He is currently developing realistic simulation environments for cybersecurity agents.
Martin Husák is a researcher in cyber situational awareness and threat intelligence, focusing on early detection and prediction of network attacks. To achieve his goals, he mostly works with honeypots, network monitoring, and information sharing platforms. He also contributes to The Honeynet Project, undertook an internship at Florida Atlantic University, and frequently serves the academic community as a reviewer or a program committee member.
PUBLICATIONS | Scholar | ORCID
Tomas is a data scientist with a focus on network traffic analysis. He leads H2020 project SAPPAN at MU, where he researches methods for network traffic anomaly detection. Among his other research interests belong machine learning in general, its application for network security, host behavioral analysis, and time series analysis.
PUBLICATIONS | SCHOLAR | ORCID | RESEARCH GATE | LINKEDIN
Martin protects the university cyberspace as the leader of CSIRT-MU incident handling team. His research is focused on finding new methods of cyber situational awareness building based on passive network monitoring, which he does in the Crusoe project as well as in his Ph.D. thesis.
Michal’s main scope is authentication, authorization, identity, and access management in the distributed systems. He works on concepts which are trying to be easy to use for the users and also ensures high quality of user identification. New concepts are tested in international projects focusing on sensitive data processing. He is a member of international working groups, and he is a leader in some of them.
PUBLICATIONS | Scholar | ORCID | RESEARCH GATE | github
Vít's primary goal is to simplify the demanding work of cybersecurity experts through interactive visualizations and efficient user interfaces. In his work, he tries to involve end-users to the whole process of research and development (so-called user-centered design). He is a co-researcher of the NC3 / TRACTOR project and participates in the KYPO II project.
PUBLICATIONS | SCHOLAR | ORCID | LINKEDIN
Stanislav devotes himself to researching new methods to increase the situation awareness of cybersecurity personnel. As part of this research, he looks for new ways to provide the data necessary to detect attacks hidden in encrypted network traffic. The research results are applied both in practice, in solving incidents in the network of Masaryk University and in research projects led by CSIRT-MU.
PUBLICATIONS | SCHOLAR | ORCID
Valdemar enjoys teaching, so it is no surprise that he researches how to train new cybersecurity experts effectively. Specifically, he analyzes data from KYPO cybersecurity games to provide personalized feedback to learners who practice their offensive security skills. He actively participates in the US ACM SIGCSE conferences, and he also won the Masaryk university award for the best student-teachers.
PUBLICATIONS | Scholar | portfolio | KYPO LAB
Daniel deals with architectures of complex cyber-security systems. At the present time, he serves as a technical lead and architect of KYPO Cyber Range Platform. He is also a data architect of a new generation of CSIRT-MU core capabilities and services. Research-wise, Daniel focuses on applications of event-driven architectures and linked data methods in cyber-security. In this context, he specializes in the acquisition, processing, and stream-based analysis of cyber-security data, with a special focus on log data.
Petr studies network traffic monitoring using NetFlow and IPFIX technology. He focuses on expanding the set of information gathered from the network traffic and on improving the quality of network flows. As part of the MACE project, he focuses on network monitoring in the cloud environment.