[nmrg] Postdoc position on Data analytics for cybersecurity
Jérôme François <jerome.francois@inria.fr> Mon, 06 March 2017 12:56 UTC
Return-Path: <jerome.francois@inria.fr>
X-Original-To: nmrg@ietfa.amsl.com
Delivered-To: nmrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A7442129675 for <nmrg@ietfa.amsl.com>; Mon, 6 Mar 2017 04:56:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QqPmLU7geJjQ for <nmrg@ietfa.amsl.com>; Mon, 6 Mar 2017 04:56:52 -0800 (PST)
Received: from mail2-relais-roc.national.inria.fr (mail2-relais-roc.national.inria.fr [192.134.164.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AD1F01294A0 for <nmrg@irtf.org>; Mon, 6 Mar 2017 04:56:51 -0800 (PST)
X-IronPort-AV: E=Sophos;i="5.35,253,1484002800"; d="scan'208,217";a="263317994"
Received: from unknown (HELO [192.168.230.34]) ([195.176.9.3]) by mail2-relais-roc.national.inria.fr with ESMTP/TLS/DHE-RSA-AES128-SHA; 06 Mar 2017 13:56:49 +0100
Message-ID: <58BD5C66.2030302@inria.fr>
Date: Mon, 06 Mar 2017 13:56:06 +0100
From: Jérôme François <jerome.francois@inria.fr>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0
MIME-Version: 1.0
To: nmrg@irtf.org
Content-Type: multipart/alternative; boundary="------------040207040904060209080809"
Archived-At: <https://mailarchive.ietf.org/arch/msg/nmrg/WydROusRb4DUzFrPaGzDH1hT83g>
Subject: [nmrg] Postdoc position on Data analytics for cybersecurity
X-BeenThere: nmrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Network Management Research Group discussion list <nmrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/nmrg>, <mailto:nmrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nmrg/>
List-Post: <mailto:nmrg@irtf.org>
List-Help: <mailto:nmrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/nmrg>, <mailto:nmrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Mar 2017 12:56:54 -0000
[Apologies for multiple postings] A postdoctoral position is now open at Inria Nancy Grand Est, France on Data analytics for cybersecurity: http://bit.ly/2lSdM89 - *Contacts:* Jérôme François (jerome.francois@inria.fr <mailto:jerome.francois@inria.fr>), Isabelle Chrisment (isabelle.chrisment@inria.fr <mailto:isabelle.chrisment@inria.fr>) - *Scientific Context :* The huge growth of Internet exposes many users to various threats. This has been intensified by the large deployment of new devices in addition to traditional computers. This includes smartphones and sensors, and will concern daily life objects in a near future with the emergence of the Internet of Things (IoT) the last years. Hence, this represents a tremendous playground for attackers. To fight them, network security is essential to identify misbehaviors and potential victims as earlier as possible. Since attackers evolve from individuals towards organized cyber-criminal organizations while meantime the attacks being more distributed and complex. For example, the botnets [2] are still a major threat on Internet, where thousands of zombie machines can take part, because they have been successfully adapted from a centralized model based on IRC towards distributed approach, even P2P, taking advantage of traditional protocol (DNS for fast fluxing) and new technologies (social networks for synchronization). In parallel, they are responsible of various attacks including spam, denial of service, credential stealing... Therefore fighting such a threat among others require to collect, analyze and correlate various sources of data to create summarized view that are exploitable by human administrator and, if possible, in real time and in an automated way. This is the current challenge of the network security monitoring [6]. Currently, most of attacks remains unrevealed, but when they are suspected, it is vital to investigate it to confirm, to trace the root causes and attackers. The forensics security teams have very few tools which let them performing analysis mainly manual which introduces two bias: long delay (from few hours to several months) and human bias due to background and experiences. In parallel, data-analytics methods have skyrocketed recently and are able to cope with huge volumes of unstructured data and so are good candidates for being adapted and applied to security monitoring challenges by allowing collecting and analyzing multiple sources of relevant data while current approaches focuses on few ones or on simple correlation of several ones. *- Missions :* The objective of the post-doctorate is to contribute to investigation of complex attacks by modeling acquired data and leveraging artificial intelligence techniques. To achieve that, it will be necessary : * analyze current threats to define data and features being primordial for an efficient monitoring. This will allow then to design data models which are able to handle heterogeneous and multi-dimensionnal data. * define methods based on data-analytics to identify anomalies based on these data models. This will consider statistical analysis, stochastic modeling (such as Hidden Markov Models) graph analysis and machine learning approaches (Topological Data Analysis, topic modeling). Some of these methods are already prototype and will require further development * define methods for interactive and visual investigation of multiple sources of security data. This will consider similar methods that those under the second item but with a hard constraint on the reactivity and the limited quantity of information which can be dealt simultaneously by a human. Hence, these methods may rely on streaming analytics approaches, learning approaches to predict the next requests of the analysts to prepare the results, combining and selecting information. * validate the proposed methods on different scenarios In addition to these scientific tasks, the role of post-doctorate is also to implement proof-of-concepts of those define methods and interact with and report to other partners in the project to ensure a proper integration in a global platform (common at all partners in the projects) This work will be achieved in the context of the first French high security academic research laboratory in Nancy (LHS – High Security Laboratory) which provides powerful tools and support for collecting and analyzing dataset in a realistic environment and in the context of the HuMa project funded under the FUI programme (Fond Unique Interministériel) with major French industrial players in cyber-security.
- [nmrg] Postdoc position on Data analytics for cyb… Jérôme François