Thijs van Ede

About Me

I am currently an assistant professor at the Semantics, Cybersecurity and services (SCS) group at the University of Twente. Before that, I did my PhD under the supervision of Andrea Continella, Andreas Peter and Maarten van Steen. My research interests are on the intersection between security and artificial intelligence. I have carried out projects involving processing of Cyber Threat Intelligence (CTI), network analysis mobile security and anomaly detection in evolving systems. I carried out this research in the project: EVolutionary Intrusion DEtectioN for Changing Environments (EVIDENCE).

In January 2020, I joined the SecLab at UC Santa Barbara as a visiting researcher with Giovanni Vigna and Christopher Kruegel for six months. Together with Lastline (now VMware) we worked on detecting network attack patterns using artificial intelligence.

More details can be found in my CV

Publications

Comprehending Security Events: Context-based Identification and Explanation
Thijs van Ede
In PhD Thesis, 2023.
PDF Cite Presentation Slides Code Teaser

Detecting Anomalous Misconfigurations in AWS Identity and Access Management Policies
Thijs van Ede, Niek Khasuntsev, Bas Steen and Andrea Continella
In Proceedings of the 2022 Cloud Computing Security Workshop (CCSW), 2022.
PDF Cite Presentation Slides Code Teaser

DeepCASE: Semi-Supervised Contextual Analysis of Security Events
Thijs van Ede, Hojjat Aghakhani, Noah Spahn, Riccardo Bortolameotti, Marco Cova, Andrea Continella, Maarten van Steen, Andreas Peter, Christopher Kruegel and Giovanni Vigna
In Proceedings of the IEEE Symposium on Security and Privacy (S&P), 2022.
PDF Cite Presentation Slides Code Teaser

FlowPrint: Semi-Supervised Mobile-App Fingerprinting on Encrypted Network Traffic
Thijs van Ede, Riccardo Bortolameotti, Andrea Continella, Jingjing Ren, Daniel J. Dubois, Martina Lindorfer, David Choffnes, Maarten van Steen and Andreas Peter
In Proceedings of the ISOC Network and Distributed Systems Security Symposium (NDSS), 2020.
PDF Cite Presentation Slides Code Teaser

Mobile App Fingerprinting through Automata Learning and Machine Learning
Fatemeh Marzani, Fatemeh Ghassemi, Zeynab Sabahi-Kaviani, Thijs van Ede and Maarten Van Steen
In IFIP Networking Conference (IFIP Networking), 2023.
PDF Cite Presentation Slides Code Teaser

HoneyKube: Designing and Deploying a Microservices-based Web Honeypot
Chakshu Gupta, Thijs van Ede and Andrea Continella
In SecWeb 2023, 2023.
PDF Cite Presentation Slides Code Teaser

Stepping out of the MUD: Contextual threat information for IoT devices with manufacturer-provided behaviour profiles
Luca Morgese Zangrandi, Thijs van Ede, Tim Booij, Savio Sciancalepore, Luca Allodi, and Andrea Continella.
In Proceedings of the Annual Computer Security Applications Conference (ACSAC), 2022.
PDF Cite Presentation Slides Code Teaser

Federated Lab (FedLab): An Open-source Distributed Platform for Internet of Things (IoT) Research and Experimentation
Max Meijer, Giacomo Tommaso Petrucci, Matthijs Schotsman, Luca Morgese Zangrandi, Thijs van Ede, Andrea Continella, Ganduulga Gankhuyag, Luca Allodi, Savio Sciancalepore
In World Forum on Internet of Things (WF-IoT), 2022.
PDF Cite Presentation Slides Code Teaser

Victim-Aware Adaptive Covert Channels
Riccardo Bortolameotti, Thijs van Ede, Andrea Continella, Maarten Everts, Willem Jonker, Pieter Hartel and Andreas Peter
In Proceedings of the International Conference on Security and Privacy in Communication Networks (SecureComm), 2020.
PDF Cite Presentation Slides Code Teaser

HeadPrint: Detecting Anomalous Communications through Header-based Application Fingerprinting
Riccardo Bortolameotti, Thijs van Ede, Andrea Continella, Thomas Hupperich, Maarten Everts, Reza Rafati, Willem Jonker, Pieter Hartel and Andreas Peter
In Proceedings of the ACM Symposium on Applied Computing (SAC), 2020.
PDF Cite Presentation Slides Code Teaser

DECANTeR: DEteCtion of Anomalous outbouNd HTTP TRaffic by Passive Application Fingerprinting
Riccardo Bortolameotti, Thijs van Ede, Marco Caselli, Maarten H Everts, Pieter Hartel, Rick Hofstede, Willem Jonker and Andreas Peter
In Proceedings of the 33rd Annual Computer Security Applications Conference (ACSAC), 2017.
PDF Cite Presentation Slides Code Teaser

Implementations

An important part of evaluating academic work is to compare your own approach with the current state-of-the-art. However, sometimes, the original source code of developed tools is not publically available. This can be caused by reasons, such as contractual obligations for original authors to not publish their source code. It is important to reach out to the original authors of the academic works for which you want to obtain source code. Even if they are unable to give you the code, authors can often give helpful pointers for your own re-implementations. This section highlights the re-implemented academic source code for comparison with our own work.

Tiresias: Predicting Security Events Through Deep Learning
Yun Shen, Enrico Mariconti, Pierre Antoine Vervier and Gianluca Stringhini
In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS), 2018.
PDF Cite Code Documentation

DeepLog: Anomaly detection and diagnosis from system logs through deep learning
Min Du, Feifei Li, Guineng Zheng and Vivek Srikumar
In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (CCS), 2017.
PDF Cite Code Documentation

Appscanner: Automatic fingerprinting of smartphone apps from encrypted network traffic
Vincent F. Taylor, Riccardo Spolaor, Mauro Conti, Ivan Martinovic
In IEEE European Symposium on Security and Privacy (EuroS&P), 2016.
PDF Cite Code Documentation

Recurrent Memory Array Structures
Kamil Rocki
In arXiv, 2016.
PDF Cite Code Documentation

Projects

Besides my publications, I also worked on the projects listed below.

ANTIC: A framework for collecting labelled network traffic of Android applications.
Authors: An overview of the top publishing authors in the field of systems security.

Teaching

Teaching assistant for the AI & Cyber Security course.
Teaching assistant for the Privacy Enhancing Security course.
Together with Andrea Continella and many PhD students of our group I run the Twente Hacking Squad (THS) .

Student Supervision

Jeroen Hoegen Dijkhof - KubeIDS: Intrustion and Anomaly Detection in Cloud Environments (In progress)
Martin Stoev - Adversarial Machine Learning Attacks against DeepCASE (In progress)
Ronan Oostveen - Fine-Tuning a Language Model for CVE-to-CWE embedding (Graduated Nov 2024)
Remon Hoogendijk - Analyzing and Improving the Explainability of DeepCase using Behavior Nets (Graduated Aug 2024)
Mario Vuolo - Towards Applications’ Fingerprinting through the usage of Netflow/IPfix Technology (Graduated Apr 2024)
Matteo Liberato - SecBERT: Analyzing reports with BERT-like models (Graduated Dec 2022)
Timme Bethe - ShadowDroid: Evading Dynamic Android Analysis Tools (Graduated Jan 2022)
Luca Morgese - Stepping out of the MUD: Contextual Network Threat Information for IoT Devices with Manufacturer-Provided Behavioural Profiles (Graduated Dec 2021)
Chakshu Gupta - HoneyKube: Designing a Honeypot Using Microservices-Based Architecture (Graduated Aug 2021)
Æde Hoekstra - Deobfuscating Third Party Libraries in Android Applications Using Library Detection Tools (Graduated Apr 2021)
Tycho Teesselink - Identifying Application Phases in Mobile Encrypted Network Traffic (Graduated Sep 2019)

Let's Get In Touch!

University of Twente
Faculty of Electrical Engineering, Mathematics & Computer Science
Zilverling (building no. 11), room 2027
Hallenweg 19
7522NH Enschede
The Netherlands