• Welcome to the
    Cyber Threat Intelligence Lab
  • Research Story:
    Cryptojacking
    Malicious, invisible exploitation of website visitors
    Read how adversaries are forcing
    website visitors to mine cryptocurrency for them

    Learn more
  • Research Story:
    Ransomware Coordination
    via the Blockchain
    Learn how cyber criminals are using the bitcoin blockchain
    to avoid take-down of their command & control infrastructure

    Learn more

Who We Are

Effective defense requires insight into the capabilities and intentions of the adversary. Without it, we run the risk to not allocate defenses where they matter most, and thus remain vulnerable or waste precious resources.

The cyber threat intelligence lab at HPI develops methods to collect information about adversaries, their tactics, and ways to securely share this information, because as defenders we can only be successful by working together.

Christian DoerrPrincipal Investigator of the CTI Lab

Our Research Topics

Fingerprinting Adversarial Tactics and Procedures

Current defense focus mostly on low-level indicators of compromise, which adversaries can trivially change to avoid detection. We develop AI algorithms and fingerprinting techniques to track attackers and their techniques for sustainable detection success.

Acquisition and Sharing of Cyber Threat Intelligence

In order to successfully customize a defense portfolio, organizations need threat intelligence. We develop mechanisms to extract actionable intelligence from data already present in organizations, and design algorithms so that intelligence can be shared while maintaining users' privacy.

Vulnerability and Incident Analysis

How large are attacks? How are adversaries trying to break in? Using our network telescope and distributed sensor infrastructure, we are estimating the size and impact of attacks, and measure the resilience of the Internet ecosystem.

Design of Advanced Detection and Mitigation

To address advanced and evolving threats, advanced and adaptive countermeasures are needed. Our lab designs algorithms that can sense minor anomalies, but require only minimal training effort to provide effective and cost effective mitigation.

Latest News

18September

Cyber Threat Intelligence Training at NIS Summer School

Coming week, the ENISA Summer School on Network and Information Security will take place in Heraklion, Greece, including a two day training on Cyber Threat Intelligence. Our entire team will be there, join us for our introduction on CTI fundamentals or have some ice-cold drink with us afterwards.

27August

First International Workshop on Cyber Threat Intelligence

This week, the first International Workshop on Cyber Threat Intelligence (WCTI) has taken place in Hamburg, Germany. 40 attendees had an engaging discussion on the latest innovations, big challenges and future directions in CTI. Read More

25July

New website launched

Finally, our new website is live. Over the coming months, you will be able to read more about the emerging field of cyber threat intelligence here.

1July

Three summer schools this year

This year, we have a busy summer and are showcasing our work at three summer schools: the National Cyber Security Summer School, the Indo-Dutch Summer School and the Risk Management Summer Course. Great to see so much multidisciplinary interest into cybersecurity!

20June

Stijn and Cyril awarded best honors thesis of TU Delft

Our two BSc students Stijn Pletinckx and Cyril Trap have won the award for the best honors thesis of the TU Delft. Congratulations!

\