[aims-announce] Postdoc position on Data analytics for cybersecurity
Jérôme François
jerome.francois at inria.fr
Mon Mar 6 13:56:06 CET 2017
[Apologies for multiple postings]
A postdoctoral position is now open at Inria Nancy Grand Est, France on
Data analytics for cybersecurity:
http://bit.ly/2lSdM89
- *Contacts:*
Jérôme François (jerome.francois at inria.fr
<mailto:jerome.francois at inria.fr>), Isabelle Chrisment
(isabelle.chrisment at inria.fr <mailto:isabelle.chrisment at inria.fr>)
- *Scientific Context :*
The huge growth of Internet exposes many users to various threats. This
has been intensified by the large deployment of new devices in addition
to traditional computers. This includes smartphones and sensors, and
will concern daily life objects in a near future with the emergence of
the Internet of Things (IoT) the last years. Hence, this represents a
tremendous playground for attackers. To fight them, network security is
essential to identify misbehaviors and potential victims as earlier as
possible.
Since attackers evolve from individuals towards organized cyber-criminal
organizations while meantime the attacks being more distributed and
complex. For example, the botnets [2] are still a major threat on
Internet, where thousands of zombie machines can take part, because they
have been successfully adapted from a centralized model based on IRC
towards distributed approach, even P2P, taking advantage of traditional
protocol (DNS for fast fluxing) and new technologies (social networks
for synchronization). In parallel, they are responsible of various
attacks including spam, denial of service, credential stealing...
Therefore fighting such a threat among others require to collect,
analyze and correlate various sources of data to create summarized view
that are exploitable by human administrator and, if possible, in real
time and in an automated way. This is the current challenge of the
network security monitoring [6]. Currently, most of attacks remains
unrevealed, but when they are suspected, it is vital to investigate it
to confirm, to trace the root causes and attackers. The forensics
security teams have very few tools which let them performing analysis
mainly manual which introduces two bias: long delay (from few hours to
several months) and human bias due to background and experiences.
In parallel, data-analytics methods have skyrocketed recently and are
able to cope with huge volumes of unstructured data and so are good
candidates for being adapted and applied to security monitoring
challenges by allowing collecting and analyzing multiple sources of
relevant data while current approaches focuses on few ones or on simple
correlation of several ones.
*- Missions :*
The objective of the post-doctorate is to contribute to investigation
of complex attacks by modeling acquired data and leveraging artificial
intelligence techniques. To achieve that, it will be necessary :
* analyze current threats to define data and features being primordial
for an efficient monitoring. This will allow then to design data
models which are able to handle heterogeneous and multi-dimensionnal
data.
* define methods based on data-analytics to identify anomalies based
on these data models. This will consider statistical analysis,
stochastic modeling (such as Hidden Markov Models) graph analysis
and machine learning approaches (Topological Data Analysis, topic
modeling). Some of these methods are already prototype and will
require further development
* define methods for interactive and visual investigation of multiple
sources of security data. This will consider similar methods that
those under the second item but with a hard constraint on the
reactivity and the limited quantity of information which can be
dealt simultaneously by a human. Hence, these methods may rely on
streaming analytics approaches, learning approaches to predict the
next requests of the analysts to prepare the results, combining and
selecting information.
* validate the proposed methods on different scenarios
In addition to these scientific tasks, the role of post-doctorate is
also to implement proof-of-concepts of those define methods and interact
with and report to other partners in the project to ensure a proper
integration in a global platform (common at all partners in the projects)
This work will be achieved in the context of the first French high
security academic research laboratory in Nancy (LHS – High Security
Laboratory) which provides powerful tools and support for collecting and
analyzing dataset in a realistic environment and in the context of the
HuMa project funded under the FUI programme (Fond Unique
Interministériel) with major French industrial players in cyber-security.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ifi.uzh.ch/pipermail/aims-announce/attachments/20170306/d623c8ed/attachment-0001.html>
More information about the aims-announce
mailing list