News

Vojtěch Dvořák is a student at the Faculty of Information Technology BUT. At the same time, he has been working for more than three years as a software engineer at Gen, formerly Avast, specifically in the Threat Labs team. This is a specialised cybersecurity research team responsible for identifying, analysing, and monitoring new digital threats and scams around the world. Vojtěch focuses specifically on extracting malware features and subsequently classifying them. As a software engineer, he helps develop and maintain internal systems used mainly by threat analysts.

Vojtěch Dvořák began working for this major technology company while still pursuing his Bachelor’s studies at FIT BUT, when he became interested in formal languages and compilers. His Bachelor’s thesis, which was also developed thanks to his work at Gen, focused on the incremental static analysis of the YARA language, which analysts use to detect and classify malware. For this thesis, he received an award from Gen for its exceptionally high quality. Today, he is completing his Master’s studies with a specialisation in machine learning and, together with Gen, is working on his Master’s thesis on improving the detection of cyber scams based on visual data, specifically images of PDF documents and websites. Vojtěch’s career so far is another example of a perfectly managed symbiosis between university study and research in the environment of one of the Faculty’s industry partners. That is why we invited him for a short interview and asked him about his career path so far.

Do you remember when your interest in computer science and information technology first began?

I have always been more technically oriented, most likely also because of my father’s technical profession, as he is an electrical engineer. At the multi-year grammar school I attended, we worked on technical secondary-school projects related to robotics. That was also where I first came into contact with programming. I decided on FIT specifically because of an experience at an open day.

I understand that you got into cybersecurity quite early during your studies. What attracted you to this field?

IT is a dynamic world in itself, but what attracted me to cybersecurity in particular was how quickly it develops. With threats changing so rapidly, you never get bored. And, of course, I see great purpose in it. I am happy when I can help others feel safe in the digital space. As long as people move around in that space, they will want to avoid risks just as they do in the real world, which, at least in my eyes, makes this a promising field.

How did you actually end up at Gen?

First, I completed the Formal Languages and Compilers course at FIT, and later, in another course, I attended a guest lecture by a doctoral student who was also working at Gen. The possibility of writing a Bachelor’s thesis in cooperation with the company was presented there. At the time, I was looking for a way to gain some practical experience alongside my studies, so it all fit together nicely.

I have to ask: formal languages and compilers are not an easy topic. And combining studies with an internship at a technology company is certainly not a simple path either. What led you to “complicate” your life in this way?

To be honest, the prospect that the internship would also involve work on my Bachelor’s thesis made the whole picture considerably simpler. It was a challenge, I do not deny that. But at Gen specifically, a major advantage is that the management is very accommodating towards studies — during the exam period, for example, the demands of a student’s schedule are clearly taken into account. Even so, you do have to sacrifice some time beyond your studies, although I did not have to push myself to the very limit. If you choose to study IT, it is not a hobby but a choice of professional path. And if you can try out real practice while still studying, it helps you choose your Master’s specialisation, elective courses, and so on. In a way, it is a form of self-discovery.

Your Bachelor’s thesis focused on the incremental static analysis of the YARA language. What interested you about this topic?

I had a sense that the topic was directly related to the material covered in the Formal Languages and Compilers course. I wanted to learn what the current development in this area looked like in practice and how the theory could actually be applied. In addition, during the internship I learned many other things related to software development and more advanced concepts in languages such as C, C++, and Python. On the other hand, I was pleased that I could already make use of many things I had learned at school during the internship — not only theory, but also soft skills such as teamwork and the ability to learn systematically. At the Faculty, you face challenges repeatedly, and that makes you better prepared for challenges at work.

You have been working in the Threat Labs team since the beginning of your internship. How would you introduce it to readers?

The team analyses new threats that appear in cyberspace. I specifically focus on extracting malware features that can be used to classify it. I have to say that I have a relatively high degree of freedom in how I can solve problems, although this also requires thorough research.

… and within Threat Labs you also worked on the topic of your Bachelor’s thesis, which, incidentally, received an internal Gen award for its high quality. What was the aim of your research?

The situation where we have an enormous number of threats creates a need to describe and classify them clearly. This is what the YARA tool and the language of the same name are used for. In this language, we write rules that define the characteristic features of malware, or rather rules that make it possible to identify and search for malware. Just as programmers try to be as efficient as possible when writing code in programming languages, cybersecurity threat analysts want the same when writing rules in the YARA language. For this reason, they use various tools to make working with YARA source code easier. My thesis specifically dealt with how to make the automatic checking of rules in this language more efficient from both the semantic and syntactic perspectives. The aim was faster detection of errors in the code, which ultimately speeds up the work of malware analysts.

For your Master’s thesis, however, you chose a different topic: detecting cyber scams based on visual data. Why this topic in particular?

After my Bachelor’s studies, I was choosing a specialisation for my follow-up Master’s degree, and, also with regard to trends in IT, I opted for machine learning. After about a year, I began focusing directly on malware detection using visual features at the company. I saw this topic as a great opportunity to combine my study specialisation with the field of cybersecurity. But my “shift” towards machine learning actually reflects broader changes in the field of cybersecurity threats and scams in general. Almost everyone has probably received a fraudulent email, attachment, or something similar at some point. When detecting fraud, we try to understand the content of a document in greater depth. On the other hand, fraudsters try to make detection more difficult through obfuscation, or the “masking” of documents, which complicates the work of analysts attempting to detect fraud using specialised tools.

By masking documents against specialised tools, you mean, for example…

… for example, when the text in a PDF document is replaced with an image. The text is then not visible to the detection tool. Put simply, my Master’s thesis deals with the idea that instead of trying to detect fraud directly in the document in its original format, we work from its visual representation, from the rendered document, thereby bypassing these methods of masking. We use machine learning algorithms that enable us to automatically describe and annotate documents in image form. We then try to cluster documents based on their semantic and visual similarity. Thanks to this, we know what to focus on when deploying specialised detection tools. In my thesis, I mostly deal with PDF documents, although they are not the most common attack vector. Fraudsters use virtually all communication channels when carrying out scams.

Is there any result of your work that you are particularly proud of?

I recently had a really good feeling when I learned that my Master’s thesis solution had helped uncover the first real fraudulent campaign.

Cybersecurity is a field that is developing and changing very dynamically. Do you think the type of threats you deal with in your work will still be relevant in a few years’ time?

It is becoming increasingly easy to generate fraudulent documents, partly thanks to tools that use so-called artificial intelligence. Attackers can create high-quality personalised fraudulent documents relatively cheaply and, at the same time, target them at a large number of users. That is why I think the number of attacks of this type will continue to grow for some time.

And where do you see yourself in a few years? Where will your steps lead after completing your Master’s studies at FIT? Are you perhaps considering a doctorate?

I am considering it; I like trying new things and taking on new challenges. But I think that for some time I will be happy to focus only on my work at Gen. I do not have one specific major career goal. I see purpose in what I do, and that is not a small thing.

Large Language Models (LLMs) have been among the most frequently discussed topics in the field of artificial intelligence in recent years. Technology that works with human language—such as that behind generative chatbots—is increasingly finding its way into everyday use, both in business and in private life. Naturally, this is accompanied by an increase in the frequency and severity of attempts to manipulate or misuse this technology, and with it, the importance of cybersecurity protection for these models.

It was precisely in this field that an interesting application of doctoral research from FIT VUT in corporate practice emerged last year. Moreover, it was with a leading global developer of open-source software solutions for businesses. Jakub Reš, a doctoral student working under the supervision of Assoc. Prof. Kamil Malinka and a member of the Security@FIT research group, began a research internship at Red Hat. Their collaboration, broadly speaking, focuses on securing next-generation artificial intelligence systems against manipulation. A specific example of such LLM manipulation is a phenomenon known as fact injection. Its goal is clear: to trick the language model, through covert modifications, into confidently generating fabricated data as if it were true, thereby undermining its reliability and intentionally deceiving users. Attackers achieve this by making highly detailed, precise, and simultaneously difficult-to-detect adjustments to the model’s parameters. A major challenge is the difficulty of distinguishing these malicious inputs from legitimate ones in the form of harmless model updates. The impact can be severe: the widespread dissemination of sophisticated disinformation leading to erroneous decisions in sensitive areas (e.g., finance) or, for example, damage to an organization’s reputation, or more generally, users’ trust in artificial intelligence systems. Cybersecurity research, meanwhile, focuses on the technical aspects of attacks with the aim of eliminating their impact.

Reš defines the field in which he has recently begun collaborating with Red Hat as follows: The integrity of language models and its security. This is, of course, a broad definition, so he immediately adds a clarification—he is interested in verifying the integrity of AI models, i.e., developing software methods for preventing or detecting undisclosed manipulation of AI models. Interference with the functioning of LLMs can occur in several scenarios: It can happen at any point between the model’s creation by the developer and its use by the end user. However, the problem may arise at the creator’s end. A third possibility involves community contributors to the model (developers with their own datasets), who routinely modify it to improve it for a specific domain (when users do not want a general-purpose model, but perhaps one focused on programming). And what exactly might constitute the harmfulness of manipulating LLM models? This depends heavily on the specific use case. “Let me give an example: a chatbot on a gardening website that recommends competitors or links to inappropriate products. However, there are also abuses leading to potential massive political influence on users or, for instance, the generation of dangerous code. And a very serious manifestation of hidden model modifications can be erroneous advice regarding our health,” Jakub Reš specifies the potential risks. The verification he is working on combines two main approaches: a) prevention—ensuring trustworthy computations from the model source all the way to users using cryptography and digital model signatures; b) detection of undisclosed modifications, where it is necessary to delve deep into the model and examine not only how it behaves but also its “inner workings”—how much it has been modified and how this affects its internal states.

How did Reš’s path to becoming a major player in software development even begin? “If you have an interesting research topic, don’t keep it to yourself. Talk to people, spread awareness about it. Sometimes you’ll find like-minded people offering to collaborate. In my case, the main thanks go to Martin Ukrop and Marek Grác from Red Hat,” our student recalls the start of the collaboration. The research internship, on which the collaboration is based, is, in his view, a little-known and underutilized platform for involving students in corporate practice. “It’s not very well known among students—certainly less so than a traditional internship—and that’s a shame.” Yet the connection between university research and corporate practice often gives students a strong sense of purpose and motivation, as Reš confirms: “For me, it means a clear vision of what I want to achieve and what it will lead to. I won’t stop at an article that will just sit on a shelf somewhere. Academic results can be put to immediate practical use, and there’s someone out there who might be interested in this. For me, it’s an incredible source of motivation, a spark for what I do.”

We hope Jakub Reš continues to enjoy this collaboration throughout his doctoral studies. It certainly has meaning and social impact.