The University of Twente invites applications for a fully funded PhD position focused on the real-time detection of DNS abuse, aiming to shift the paradigm from reactive to proactive defense. Malicious actors increasingly exploit the Domain Name System (DNS) by registering domains for phishing, malware distribution, and other cybercriminal activities. The rapid pace and high volume of these registrations challenge defenders, who often operate reactively and face significant resource waste, impacting DNS sustainability. Current threat intelligence feeds typically flag malicious domains only after damage has occurred, highlighting the need for earlier detection and improved transparency in the DNS ecosystem. This research project seeks to close the visibility gap by developing methods to identify malicious domains at their inception, leveraging public data sources such as Certificate Transparency logs. The successful PhD candidate will design and implement techniques to flag suspicious domain registrations in near real-time, helping to increase trust and transparency in the DNS namespace. Key research activities include applying machine learning and graph-based techniques to uncover patterns of malicious behavior in early DNS, TLS, and infrastructure signals; building large-scale, real-time measurement systems; developing risk assessment models for new domains; and validating these approaches against industry benchmarks. The project is situated within the Design and Analysis of Communication Systems (DACS) group at the University of Twente, under the supervision of Dr. ir. Raffaele Sommese, Dr. Antonia Affinito, and Prof. Dr. Anna Sperotto. The work combines network measurements, data science, and systems security, with a strong emphasis on reproducibility and real-world impact. The DACS group collaborates with national and international partners, including leading research institutes, threat intelligence providers, and public recursive resolvers. Applicants should hold a Master's degree in Computer Science, Electrical Engineering, or a closely related discipline. Essential qualifications include a strong background in computer networking, excellent coding skills, and a willingness to work with real-world production deployments. Experience with streaming infrastructure (e.g., Apache Kafka, ActiveMQ), real-time data processing frameworks (such as Apache Flink or Spark Streaming), and machine learning is highly desirable. Candidates should possess excellent communication skills, fluency in English, creativity, analytical thinking, and the ability to work both independently and collaboratively. The position offers a full-time, four-year appointment with a qualifier in the first year. The University of Twente provides a dynamic and stimulating scientific environment, competitive salary ranging from €3,059 to €3,881 per month, holiday allowance, end-of-year bonus, pension scheme, flexible work arrangements, generous leave hours, free access to campus sports facilities, and family-friendly policies including paid and unpaid parental leave. The successful candidate will participate in a tailored training program as part of the Twente Graduate School, with a personalized education and supervision plan. Applications must be submitted via the official University of Twente careers platform by February 15, 2026. Required documents include a detailed CV, motivational letter, and academic transcripts. Email applications will not be considered. For further information, prospective applicants may contact Dr. Raffaele Sommese, Dr. Antonia Affinito, or Prof. Dr. Anna Sperotto via the provided email addresses. Screening is part of the selection process. The University of Twente's faculty of Electrical Engineering, Mathematics and Computer Science (EEMCS) is renowned for its contributions to ICT development and its collaborative research with industrial partners and international institutes. The faculty's research is housed within three multidisciplinary institutes: Mesa+ Institute, TechMed Centre, and Digital Society Institute.

The University of Twente invites applications for a PhD position focused on the real-time detection of DNS abuse, aiming to shift the paradigm from reactive to proactive security. Malicious actors increasingly exploit the Domain Name System (DNS) by registering domains for phishing, malware distribution, and other cybercriminal activities. The rapid pace and high volume of these registrations challenge defenders, often resulting in delayed detection and significant resource waste that impacts DNS sustainability. Current threat intelligence feeds typically flag malicious domains only after damage has occurred, highlighting the limitations of reactive detection timelines. The project addresses the visibility gap in the DNS ecosystem, where a lack of transparency in registration data and the short-lived nature of malicious domains hinder early-stage abuse detection. Adversaries exploit this opacity to avoid attribution and disrupt workflows, frequently discarding domains within hours of activation. This PhD research aims to develop innovative methods to identify malicious domains at their inception, leveraging public data sources such as Certificate Transparency (CT) logs. The successful candidate will design and implement techniques to flag suspicious registrations in near real-time, helping to increase transparency and trust in the DNS namespace. Key research activities include applying machine learning and graph-based techniques to uncover patterns of malicious behavior in early DNS, TLS, and infrastructure signals; building large-scale, real-time measurement systems; developing risk assessment models for new domains; and validating these approaches against community and industry benchmarks. The project combines network measurements, data science, and systems security, with a strong emphasis on reproducibility and real-world impact. The research builds on collaborations with national and international partners, including leading research institutes, threat intelligence providers, and public recursive resolvers. The candidate will join the Design and Analysis of Communication Systems (DACS) group at the University of Twente, supervised by Dr. ir. Raffaele Sommese, Dr. Antonia Affinito, and Prof. Dr. Anna Sperotto. The faculty of Electrical Engineering, Mathematics and Computer Science (EEMCS) at the University of Twente is renowned for its contributions to Information and Communication Technology (ICT), working closely with industrial partners and researchers both in the Netherlands and abroad. Research is conducted within multidisciplinary UT institutes such as Mesa+ Institute, TechMed Centre, and Digital Society Institute. Applicants should hold a relevant MSc degree (e.g., Computer Science, Information Technology, or related field) and have a strong background in network security, data science, or machine learning. To apply, submit your application via the official University of Twente careers platform before February 16, 2026, including a detailed CV, motivational letter, and academic transcripts. For enquiries, contact Dr. Raffaele Sommese, Dr. Antonia Affinito, or Prof. Dr. Anna Sperotto. Email applications will not be considered; screening is part of the selection process.