PhD Student Internship Position (MISP-02)

Overview - PhD Student Internship Position - Providing Situational Awareness from MISP - Malware Information Sharing Platform

The aim of this project is to analyse existing technical and non-technical indicators within MISP platforms (and related threat sharing platforms). The candidate will review existing state-of-the art data mining algorithms in the field of summarization algorithms, classification and correlation. The candidate is invited to start with a literature research followed by an experimental validation in the context of feasibility studies. Human interfaces are experimented using prototypes that are developed by the candidate to display easily accessible information for non-technical users having roles in information security like risks managers, internal or external auditors or lead management. The candidate is invited to publish his or her findings in highly ranked conferences. Although it is not a fixed requirement of some academic conferences, the candidate has to release the source code of his or her experimental evaluations and prototypes such that other researchers can reproduce the experiments to facilitate third party innovations in the investigated research area.

The candidate will implement new techniques (based on his research in the field) to improve cybersecurity situational awareness. The main goal is to advance in the summarization and comprehension on cybersecurity threats based on technical indicators and details originated from practical incident response or analysis.

The candidate will improve a web-based interface to query the MISP API and create new overlay to support the summarization of information security threats by security analysts. The candidate will validate and integrate his research in the field into the operational platforms.

The situational awareness software will be an independent software (to be released as free software) relying on the existing MISP API along with the other APIs from CIRCL or external services.


  • Must be eligible for an PhD student internship (in one of the FNR program) in the field of information security and/or computer science
  • Must be enrolled at a degree-awarding institution
  • Must have a high-level of ethic due to the nature of the work
  • Must be fluent in English, Unix, Python and git (and a strong willingness to learn new techniques)

Copyrights note

The Parties agree that any software developments done within the framework of the PhD agreement will be done under the supervision of CIRCL and will use CIRCL background. The Parties therefore agree that all software developments done within the framework of this PhD agreement will be released under the Affero GNU GPL v3. This license, under this version, is to be considered as a complete part of the PhD agreement.

The participation of CIRCL as set up within the PhD agreement is understood by all parties implied as strictly as in kind, therefore limited as investments in goods and services.

The goal of CIRCL is to provide and improve situational awareness in Luxembourg and at the international level. The results of the research can be freely used by the economical sector in Luxembourg and abroad.

How To Apply

The application package must include the following in ASCII text format (language: English):

  • Your résumé letter
  • A motivation letter why you are interested in the internship

The package is to be sent to info(@) indicating reference internship-misp-01.

Application Deadline

Deadline for the application is the 15th March 2020. Applications received after the deadline will not be considered.

Classification of this document

TLP:WHITE information may be distributed without restriction, subject to copyright controls.