Job description
Malicious actors increasingly abuse the Domain Name System (DNS) by registering new domains for phishing, malware distribution, and other cybercriminal activities.
The speed and volume of these registrations pose a persistent challenge for defenders, who are often forced into a reactive cycle, not to mention that they cause a large waste of resources
that impact the sustainability of the DNS. By the time a malicious domain is flagged by threat intelligence feeds, damage has often already occurred, exposing the limitations of current
detection timelines.
This reactive posture is worsened by a visibility gap in the DNS ecosystem. A lack of transparency in registration data, coupled with the short-lived nature of many malicious domains,
leaves defenders blind to early-stage abuse. Adversaries exploit this opacity to avoid attribution and disrupt detection workflows, often discarding domains within hours of activation.
This project aims to close this gap by developing methods to identify malicious domains closer to their inception, as soon as indicators of compromise surface. Building on our prior work using public data sources such as Certificate Transparency (CT) logs, the Ph.D. candidate will design and implement techniques to flag suspicious registrations in near real-time, helping shift the response model from reactive to proactive. The goal is to increase transparency and
trust in the DNS namespace.
Key research activities will include applying machine learning and graph-based techniques to uncover patterns indicative of malicious behavior in early DNS, TLS, and infrastructure signals;
building large-scale, real-time measurement systems; developing models to assess the risk of new domains before harm occurs; and validating these approaches against community and industry
benchmarks. The work combines network measurements, data science, and systems security, with an emphasis on reproducibility and real-world impact.
This research builds on existing collaborations with national and international partners, including leading research institutes, threat intelligence providers, and public recursive resolvers.
Your profile
- A Master's Degree in Computer Science, Electrical Engineering or a closely related discipline;
- Good communication skills and an excellent command of English;
- A strong computer networking background, excellent coding skills and willingness to work
with real-world production deployments;
- Creative thinker with analytical and problem-solving abilities;
- A high degree of responsibility and independence, while collaborating with close colleagues,
researchers and other staff.
- Experience with streaming infrastructure (e.g., Apache Kafka, ActiveMQ), real-time data
processing frameworks (such as Apache Flink or Spark Streaming), and machine learning
is considered a strong asset.
Our offer
- As a PhD candidate at UT, you will be appointed to a full-time position for four years, with a qualifier in the first year, within a very stimulating and exciting scientific environment.
- The University offers a dynamic ecosystem with enthusiastic colleagues.
- Your salary and associated conditions are in accordance with the collective labour agreement for Dutch universities (CAO-NU).
- You will receive a gross monthly salary ranging from € 3.059,- (first year) to € 3.881,- (fourth year);
- There are excellent benefits, including a holiday allowance of 8% of the gross annual salary, an end-of-year bonus of 8.3%, and a solid pension scheme.
- The flexibility to work (partially) from home.
- A minimum of 232 leave hours in case of full-time employment based on a formal workweek of 38 hours. A full-time employment in practice means 40 hours a week, resulting in 96 extra leave hours on an annual basis.
- Free access to sports facilities on campus
- A family-friendly institution that offers parental leave (both paid and unpaid);
- You will have a training programme as part of the Twente Graduate School, where you and your supervisors will determine a plan for a suitable education and supervision.
- We encourage a high degree of responsibility and independence, while collaborating with close colleagues, researchers and other staff.
Information and application
Are you interested in this position? Please send your application via the 'Apply now' button below before February 16, 2026, and include:
- A detailed CV (resume);
- a motivational letter, including an explanation of your motivation for this PhD position and
for this project;
- An academic transcript of B.Sc. (if applicable) and M.Sc. education;
For enquiries, please contact: Dr. Raffaele Sommese (r.sommese@utwente.nl), Dr. Antonia Affinito (a.affinito@utwente.nl), or Dr. Anna Sperotto (a.sperotto@utwente.nl). For applying, please use this official platform: email applications will not be considered.
Screening is part of the selection process.
About the department
The candidate will join the Design and Analysis of Communication Systems DACS group at the University of Twente, under the supervision of Dr. ir. Raffaele Sommese, Dr. Antonia Affinito, and Prof. Dr. Anna Sperotto.
About the organisation
The faculty of Electrical Engineering, Mathematics and Computer Science (EEMCS) uses mathematics, electronics and computer technology to contribute to the development of Information and Communication Technology (ICT). With ICT present in almost every device and product we use nowadays, we embrace our role as contributors to a broad range of societal activities and as pioneers of tomorrow's digital society. As part of a tech university that aims to shape society, individuals and connections, our faculty works together intensively with industrial partners and researchers in the Netherlands and abroad, and conducts extensive research for external commissioning parties and funders. Our research has a high profile both in the Netherlands and internationally. It has been accommodated in three multidisciplinary UT research institutes: Mesa+ Institute, TechMed Centre and Digital Society Institute.
