IETF Logo Mail Archive

Re: [Nmlrg] Call for Agenda NMLRG @IETF94, Yokohama

<stephane.senecal@orange.com> Wed, 14 October 2015 14:55 UTC

Return-Path: <stephane.senecal@orange.com>
X-Original-To: nmlrg@ietfa.amsl.com
Delivered-To: nmlrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 83D551A905B for <nmlrg@ietfa.amsl.com>; Wed, 14 Oct 2015 07:55:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.609
X-Spam-Level:
X-Spam-Status: No, score=-1.609 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, MIME_8BIT_HEADER=0.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, UNPARSEABLE_RELAY=0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B_n3z-G-NGi4 for <nmlrg@ietfa.amsl.com>; Wed, 14 Oct 2015 07:55:03 -0700 (PDT)
Received: from relais-inet.orange.com (relais-nor34.orange.com [80.12.70.34]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 78A871A039E for <nmlrg@irtf.org>; Wed, 14 Oct 2015 07:55:03 -0700 (PDT)
Received: from opfednr00.francetelecom.fr (unknown [xx.xx.xx.64]) by opfednr21.francetelecom.fr (ESMTP service) with ESMTP id B1D95C0142; Wed, 14 Oct 2015 16:55:01 +0200 (CEST)
Received: from Exchangemail-eme2.itn.ftgroup (unknown [10.114.31.19]) by opfednr00.francetelecom.fr (ESMTP service) with ESMTP id 514331A0061; Wed, 14 Oct 2015 16:55:01 +0200 (CEST)
Received: from OPEXCLILM43.corporate.adroot.infra.ftgroup ([fe80::ec23:902:c31f:731c]) by OPEXCLILM44.corporate.adroot.infra.ftgroup ([fe80::b08d:5b75:e92c:a45f%19]) with mapi id 14.03.0248.002; Wed, 14 Oct 2015 16:54:56 +0200
From: <stephane.senecal@orange.com>
To: =?iso-8859-1?Q?J=E9r=F4me_Fran=E7ois?= <jerome.francois@inria.fr>, "nmlrg@irtf.org" <nmlrg@irtf.org>
Thread-Topic: [Nmlrg] Call for Agenda NMLRG @IETF94, Yokohama
Thread-Index: AdEBeV8HnWkWaPm6RdGRy6P6iUklwwDoV4OAABvRcLAADZJVAAARPPqAABo6BAAACFTn4A==
Date: Wed, 14 Oct 2015 14:54:56 +0000
Message-ID: <4364_1444834501_561E6CC5_4364_6413_1_18eb7b42-66a1-420e-9510-d2b8d9757256@OPEXCLILM44.corporate.adroot.infra.ftgroup>
References: <5D36713D8A4E7348A7E10DF7437A4B927BBB3FF0@nkgeml512-mbx.china.huawei.com> <561C1629.40304@inria.fr> <1895_1444722834_561CB892_1895_1304_5_b1fc6fa5-5da1-44ec-917a-f4e866804cee@OPEXCLILM7D.corporate.adroot.infra.ftgroup> <561D2BEC.9060907@inria.fr> <2DD56D786E600F45AC6BDE7DA4E8A8C11216D8A7@eusaamb107.ericsson.se> <561E4F9C.6000604@inria.fr>
In-Reply-To: <561E4F9C.6000604@inria.fr>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.168.234.3]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/nmlrg/6NVqzbtzFS9jfxY1gKhRJWm9U8M>
Cc: Daniel Migault <daniel.migault@ericsson.com>, KHEIR Nizar IMT/OLPS <nizar.kheir@orange.com>
Subject: Re: [Nmlrg] Call for Agenda NMLRG @IETF94, Yokohama
X-BeenThere: nmlrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Network Machine Learning Research Group <nmlrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/nmlrg>, <mailto:nmlrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nmlrg/>
List-Post: <mailto:nmlrg@irtf.org>
List-Help: <mailto:nmlrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/nmlrg>, <mailto:nmlrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Oct 2015 14:55:08 -0000

Hi Jerome,

Thanks. Yes you are perfectly right, we aim at detecting DGA Bots. 
However, as you mentioned, we did not address the problems and mechanisms of the domain names generation itself.  
We have actually written a paper about these works, it is now under review, we will release it after. 

Best regards,
Stephane 

-----Message d'origine-----
De : Jérôme François [mailto:jerome.francois@inria.fr] 
Envoyé : mercredi 14 octobre 2015 14:51
À : Daniel Migault; SENECAL Stephane IMT/OLN; nmlrg@irtf.org
Cc : KHEIR Nizar IMT/OLPS
Objet : Re: [Nmlrg] Call for Agenda NMLRG @IETF94, Yokohama

Hi Daniel

Le 14/10/2015 02:19, Daniel Migault a écrit :
> Hi,
>
> The purpose of the DNS traffic was to detect CC. The traffic was only composed of NX domain. We clustered FQDNs based on shared IP addresses to identify Bots. Then infected hosts with corresponding bots were detected by looking at the time series of NX response.
Looks very interesting as well. I guess so your target is randomly generated domain. Did you also look at the how such domains look like, i.e. how they have been generated ?

BR,
jerome

> BR,
> Daniel
>
> -----Original Message-----
> From: Jérôme François [mailto:jerome.francois@inria.fr]
> Sent: Tuesday, October 13, 2015 12:06 PM
> To: stephane.senecal@orange.com; nmlrg@irtf.org
> Cc: Daniel Migault; KHEIR Nizar IMT/OLPS
> Subject: Re: [Nmlrg] Call for Agenda NMLRG @IETF94, Yokohama
>
> Hi Stephane,
>
> What is the purpose of your DNS traffic analysis.
> I did also some work (not only aggregation) using semantic analysis of domain name, and even URL, for fighting phishing.
> Using some Natural Language Processing (NLP) techniques, we basically tried to define a phisher's language such that people will feel secure with the url they are accessing on.
>
> Best regards,
> jerome
>
>
> Le 13/10/2015 09:53, stephane.senecal@orange.com a écrit :
>> Hi Jerome, All,
>>
>> Yes indeed this topic is relevant and very interesting. 
>>
>> Actually we (Daniel and Nizar in cc and I) considered and used clustering approaches for pre-processing DNS traffic traces before applying ML techniques (supervised learning, namely a variant of decision trees) for addressing network security issues. 
>>
>> We would be very interested in listening to your presentation. 
>>
>> BTW Sheng, Brian, do you already know the date and time which will be allocated for this NMLRG session at the forthcoming IETF-94?
>> Also, will it be possible to participate to the session via conf call? 
>> Thanks
>>
>> Best regards,
>> Stephane
>>  
>> Stephane SENECAL
>> Research Engineer/Scientist
>> Orange Labs
>> +33 1 4529 8589
>> stephane.senecal@orange.com
>>
>>
>> -----Message d'origine-----
>> De : nmlrg [mailto:nmlrg-bounces@irtf.org] De la part de Jérôme 
>> François Envoyé : lundi 12 octobre 2015 22:21 À : nmlrg@irtf.org 
>> Objet
>> : Re: [Nmlrg] Call for Agenda NMLRG @IETF94, Yokohama
>>
>> Hi all,
>>
>> I recently introduced a fingerprinting use case on the ML that I could present but I was wondering if it would not better to present something about heterogenous data aggregation.
>>
>> We actually build a method to aggregate multi-dimensional data within a single tree structure without assuming any order between dimensions and with variable granularity. It is a kind of mix between k-dimensional tree and density-based clustering. For example, we applied it to DNS answers aggregating both domain names and IP address in a single data structure to be analyzed rather than an individual record inspection to first identify time period where some divergent behavior appears.
>>
>> I know that it is not ML itself but we used it is fully in the scope of data representation and pre-processing of ML.
>>
>> So, would that topic be interesting for NMLRG participants?
>>
>> Best regards,
>> jerome
>>
>> Le 08/10/2015 05:28, Sheng Jiang a écrit :
>>> Hi, all,
>>>
>>> We have been assigned one session of 2.5 hour for the proposed NMLRG 
>>> (Network Machine Learning Research Group) meeting for
>>> IETF-94 (Yokohama) and are starting to collect agenda items for this 
>>> session.
>>>
>>> The proposed NML RG is still in the very initial stage. So, we have 
>>> very open scope. We do not restrict the topics. The only threshold 
>>> is it should be relevant to network or network devices, using Machine Learning.
>>>
>>> Please send us (jiangsheng@huawei.com, brian.e.carpenter@gmail.com) 
>>> requests for sessions and include:
>>>
>>> Name of time slot:
>>> Name of topic(s):
>>> Time requested:
>>> Presenter name(s):
>>> Brief description of the topic:
>>>
>>> More details about the Yokohama IETF can be found at 
>>> http://www.ietf.org/meeting/94/index.html.
>>>
>>> Also, presenters please invoke discussions in the NMLRG list. We 
>>> have limited time in the face-to-face meeting. Mail list is a good 
>>> place to propagate and discuss the topics.
>>>
>>> Best regards,
>>>
>>> Brian & Sheng
>>> _______________________________________________
>>> nmlrg mailing list
>>> nmlrg@irtf.org
>>> https://www.irtf.org/mailman/listinfo/nmlrg
>> _______________________________________________
>> nmlrg mailing list
>> nmlrg@irtf.org
>> https://www.irtf.org/mailman/listinfo/nmlrg
>>
>> _____________________________________________________________________
>> _ ___________________________________________________
>>
>> Ce message et ses pieces jointes peuvent contenir des informations 
>> confidentielles ou privilegiees et ne doivent donc pas etre diffuses, 
>> exploites ou copies sans autorisation. Si vous avez recu ce message 
>> par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
>>
>> This message and its attachments may contain confidential or 
>> privileged information that may be protected by law; they should not be distributed, used or copied without authorisation.
>> If you have received this email in error, please notify the sender and delete this message and its attachments.
>> As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
>> Thank you.
>>


_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
France Telecom - Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorization.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, France Telecom - Orange shall not be liable if this message was modified, changed or falsified.
Thank you.

v2.8.7 | Report a Bug | By Email