Contexte et atouts du poste
Inria PIRAT team ( is hiring one postdoctoral researcher at Rennes with a strong background on the research and practices of Machine Learning-driven intrusion detection systems.
In this project, the PIRAT team will be funded by BPI-France project Cyberte and collaborate with Scality, a start-up on Cloud /).
Previous practices of Machine Learning (ML)-driven intrusion detection systems (IDS) suffer from two bottlenecks.
First of all, the attack behaviors evolve persistently.
New attack techniques / campaigns emerge and may change drastically the malicious payloads that recorded in the data, e.g., system logs or network traffics.
Such change over malicious behaviors can lead to failure of Machine Learning-driven intrusion detection.
Second, beyond evaluating the detection accuracy, it is interesting to understand the decision logics learned by the intrusion detection model.
Current practices of ML-based intrusion detection methods depend heavily on black-box prediction models.
It is therefore difficult to the owner of IDS to assess and identify potential bias in the detection output.
Therefore, the goal of this post-doctoral position is twofold.
We will first focus on developping fast and adaptive ML methods that can detect and update the model to cope with the variation of attack behaviors.
Furthermore, we expect the trained detection model to be interpretable.
It can evaluate the informativeness of attributes in security reports.
It can reveal the causal relationship between these raw attributes and the detection and classification results.
Notably, we will specially focus on using ML techniques to unveil suspicious attack behaviours with encrypted traffic flows.
The post-doc researcher will be hosted at Rennes and may be required to travel to work with Scality regularly, which is located in Paris.
Travel expenses will be covered within the limits of the scale in force.
Mission confiée
Assignments :
With the help of the researchers at PIRAT and AI engineers at Scality, the recruited post-doc researcher will be taken to conduct research in two perspectives.
We aim first to provide transferable ML-based intrusion detection systems.
In this study, the ML-based intrusion detection model should be designed to be easily adapted to different network traffic data sources without relearning from scratch.
For example, we first train an intrusion detection model using network traffics from some attack campaigns from CIC-IDS-2018 [1].
After that, we want to identify the optimal hyperparameters or the optimal detection model using a few network flows of the other attack campaigns of the same dataset.
The adapted model should achieve accurate detection over the other attack campaigns during test.
In this sense, the designed ML-based detection model can be flexibly reused without the intense retraining cost in different network intrusion detection applications.
Potential Machine Learning methodologies, e.g. meta learning [2] or transfer learning [3], could be useful to achieve fast adaption of the intrusion detection methods across different data sources, or across the drift of attack behaviours.
In a further step, we will also focus on providing interpretable intrusion detection algorithms.
The expected ML-driven intrusion detection model should automatically discover malicious payload signatures and attack behaviors from network traffic data.
These ML-generated signatures can help understand the process of stealth attacks, such as APT attacks, and make the decision of ML-based detection models more reliable compared to black box ML models.
In this respect, we plan to explore if the popular examplanable methods, e.g. Shapley value [4] or LIME [5] could be applied to interpret the detection logics and highlight the important attributes of cyber attack behaviours.
[1]
Principales activités
Main activities:
Compétences
Technical skills and level required :
Relational skills
Languages : English
Avantages
Rémunération
Monthly gross salary amounting to 2788 euros