ELTE–OTP KIBERLAB TOPICS 2025/2026, 2nd semester
2026. 02. 10.
1. Incident management
1.1 Honeypot design (based on real machine architectures), statistical data collection planning, prototype development
The goal is to analyze the architectures of state-of-the-art honeypot systems in order to examine potential internet attacks, and to design and validate new solutions best suited for banking applications.
To validate the research results, the student will design a honeypot system to be implemented and develop its prototype. A related task is implementing logging and preparing the processing of the collected results.
1.2 Attacker profiling
The purpose of graph-based modeling is to make the activities, tools, infrastructures, TTPs, and relationships of an attacker (or attacker group) analyzable as a network of interconnections.
The student’s task is to create a visual system that presents information based on relationships. The task includes collecting and normalizing entities, mapping relationships, graph-based behavior analysis, identifying infrastructural correlations, temporal analysis, and anomaly and pattern recognition.
1.3 Phishing website discovery and monitoring
Develop new methods to search for and discover phishing or potentially phishing websites using online sources and search engines, and evaluate the effectiveness of these methods by identifying sites that abuse the OTP brand and may pose a risk to OTP customers.
Monitor identified potentially phishing sites, observe and analyze changes on them, and detect phishing content affecting OTP. Develop new methods suitable for efficient recognition, categorization, and logging of potentially phishing sites and related activity.
1.4 Combating phishing with AI agents
Research AI agent–based defensive solutions against phishing websites. The student’s task is to investigate the applicability of AI agents in the fight against phishing websites and fraud committed via such sites.
1.5 Detecting transaction fraud using AI
The goal is to develop new AI-based methods that enable the creation of an effective transaction fraud monitoring system.
1.6 Assessing the trustworthiness of bank account numbers
The research task is to determine how trustworthy a given bank account number is. It is particularly important to recognize account numbers belonging to well-known and major organizations and companies (e.g., NAV, MÁK, utility/service providers), including potentially unique account numbers, and mark them as trustworthy.
The goal is to develop new methods that combine analysis of databases and web content with the use of AI algorithms.
1.7 Detecting AI-generated content
The student analyzes, evaluates, and compares different AI systems and the systems created to detect them, with special emphasis on audio- and image-based “deepfake” solutions.
The student’s task also includes finding and learning AI systems suitable for face recognition and capable of detecting fraud. This topic is closely related to the “Research on face-recognition-based identification solutions” topic; therefore, students working on these two topics must collaborate closely.
1.8 Automated incident analysis using AI
The student’s task is to become familiar with state-of-the-art systems and to build their own testing environment in which it can be tested to what extent an AI can: classify incidents by severity (triage), correlate events, and provide remediation recommendations.
2. Research on defensive solutions against financial fraud
The goal is to understand the tools and methods used by perpetrators, strengthen existing defensive solutions, and research new defensive solutions.
2.1 Research and evaluation of new and existing customer identification methods
The project aims to understand the technologies used to identify customers, map and test their weaknesses and strengths, and create prototypes of potential new technologies.
2.2 Research on tools for assessing vulnerabilities and incident-response capability
The goal is to research innovative methods that make it possible to assess an organization’s vulnerabilities and incident-response capability, even against sophisticated attacks that require specialized tools.
2.3 Analysis of web dependencies
Develop new methods and procedures for security testing of websites, with particular focus on external dependencies and embedded code.
3. Risk management
3.1 Establishing an LLM security testing and compliance process
Research LLM memorization and assess possibilities related to extracting data contained in the training dataset processed by the model.
Research and design a compliance process for large language models usable in a banking environment, based on the requirements of the AI Act, NIST, and ISO standards, covering security, privacy, and operational controls.
3.2 Testing the Hungarian-language capability of LLMs
Research testing methods for LLM language knowledge. Test different LLMs according to their Hungarian language skills and their Hungarian-language problem-solving capability.
3.3 Examining post-quantum solutions
The goal is to examine how much of a threat “Q-day” poses to different systems, and how to defend against it: e.g., preventing the encryption of messaging and file storage from becoming breakable, or preventing digitally signed documents from losing their authenticity.
3.4 Protecting personal data during client–server communication
Research a cryptographic protocol that enables data collection from clients with provable privacy protections, preserving users’ privacy.
3.5 Assessing the trustworthiness of source-code libraries
Many source codes and libraries are available online, but their reliability, maintainability, language, and legal status vary widely.
The student’s task is to research search methods/solutions that enable searching based on given criteria (e.g., language, legal status, purpose) and also evaluate results from a security perspective (e.g., number of commits, number of maintainers, CVEs, number of downloads, code analysis).
3.6 Federated learning
Training AI systems requires huge amounts of data. For security and legal reasons, centralized training is not always feasible.
The student’s task is to become familiar with federated learning algorithms and explore potential banking applications.
4. Other
5.1. News crawler
The main goal of the project is to develop an AI-based news analysis system that downloads, evaluates, and classifies news relevant to IT security, and then highlights the most important items.
The student’s task is to create an automatic IT-security news/article downloading method and develop a program/script prototype during the semester that can later be used in the system.
Solutions already exist, but to complete this topic, a well-validated solution must be created that applies one’s own, novel approaches as well.
5.2. Open topics
Students who have an interesting cybersecurity research idea of their own are encouraged to contact us. Topics different from those listed above can also be launched.