Today’s cybersecurity is a technology race between attack and defence. Security incidents inflict unprecedented damage in terms of material wealth, reputation, political capital, and even human life. Timely detection of security incidents enables organizations to mitigate the damage and prevent future risk, so the associated technologies have become an indispensable part of practical security management. Reliable detection of rapidly changing attacks is possible only if detection technologies stay ahead of the development of new offensive tools. To this end, our research seeks to identify novel security threats and develop the countermeasures and detection methods that will protect organizations from them. As modern attack-detection methods depend heavily on data analysis techniques, we also focus on the security of machine learning and artificial intelligence.

Selected Projects 

Advancing Human Performance in Cybersecurity, ADVANCES

The world is experiencing a high demand for high-quality cybersecurity specialists due to an increasing number of cyberattacks and their technological advancement. In the Baltic countries, the geopolitical situation sets cybersecurity as a top priority.  All economic sectors depend on the protection against cybercrime. In more than 90% of cyber incidents, humans could be seen both as attack targets and defenders having a broad set of technical and generic competencies. There is an enormous lack of research regarding the role of human factors in cybersecurity internationally. The establishment of an international cross-disciplinary research team will address the urgent need for a scientific understanding of human limitations and capabilities in the cyber kill chain. More...

Detection of Malicious Cryptomining in Network Traffic

With the Bitcoin price at its all-time high, clandestine cryptomining has become a lucrative technique with which to monetize security incidents. Infected computers can be forced to join mining pools and mint coins on behalf of and to the benefit of malicious actors. While detection of mining operations on individual hosts is comparatively easy, it requires substantial installation and maintenance costs. Our team developed a novel approach for detecting mining activities that provides reliable detection even if network traffic is encrypted. The new method can be deployed at the core elements of organizations’ network infrastructure (e.g., Internet gateway), so it provides broad coverage at minimal cost.

Measuring Industrial Demand for Skills in Information Security Education

The cybersecurity industry is plagued by the lack of skilled professionals. Despite the growing deployment of tools with which to automate security, most critical security-related decisions and investigation of security incidents are still largely manual. The goal of this project, funded by the Liechtenstein Agency for Educational Affairs (AIBA), is to develop quantitative measures of the ‘skill gap’ in the field of information security. The project’s approach is based on automatic analyses of job advertisements and educational curricula in information security. Using topic-modelling techniques, we  characterize the skills required in the security industry and compare them to present educational offerings.


Selected Publications

Srndic, N., & Laskov, P. (2016). Hidost: a static machine-learning-based detector of malicious files. EURASIP Journal on Information Security, 2016(22).

Srndic, N., & Laskov, P. (2014). Practical evasion of a learning-based classifier: A case study. Paper presented at the IEEE Symposium on Security and Privacy.

Biggio, B., Corona, I., Maiorca, D., Nelson, B., Srndic, N., Laskov, P., Giacinto, G., & Roli, F. (2013). Evasion attacks against machine learning at test time. Paper presented at the European Conference on Machine Learning.

Srndic, N., & Laskov, P. (2013). Detection of malicious PDF files based on hierarchical document structure. Paper presented at the 20th Network and Distributed Systems Symposium.

Biggio, B., Nelson, B., & Laskov, P. (2012). Poisoning attacks against support vector machines. Paper presented at the International Conference on Machine Learning.


Universität Liechtenstein
Prof. Dr. Pavel Laskov
9490 Vaduz

Telefon +423 265 13 52
Fax +423 265 11 12