Research Engineer F/M on AI-driven Network Intrusion Detection for Clouds
Inria
il y a un jour
Date de publicationil y a un jour
S/O
Niveau d'expérienceS/O
Temps pleinType de contrat
Temps pleinSystèmes d'information / RéseauxCatégorie d'emploi
Systèmes d'information / RéseauxA propos du centre ou de la direction fonctionnelle
The Inria Centre at Rennes University is one of Inria's eight centres and has more than thirty research teams. The Inria Centre is a major and recognized player in the field of digital sciences. It is at the heart of a rich R&D and innovation ecosystem: highly innovative PMEs, large industrial groups, competitiveness clusters, research and higher education players, laboratories of excellence, technological research institute, etc.
Contexte et atouts du poste
Inria PIRAT team (https://team.inria.fr/pirat/) is hiring one research engineer at Rennes with a strong background on the practices of Machine Learning-driven Cyber Security.In this project, the PIRAT team will be funded by BPI-France project Cyberte and collaborate with Scality, a start-up on Cloud Service (https://www.scality.com/).
Previous practices of Machine Learning (ML)-driven intrusion detection systems (IDS) suffer from two bottlenecks. First of all, the attack behaviors evolve persistently. New attack techniques / campaigns emerge and may change drastically the malicious payloads that recorded in the data, e.g., system logs or network traffics. Such change over malicious behaviors can lead to failure of Machine Learning-driven intrusion detection. Second, beyond evaluating the detection accuracy, it is interesting to understand the decision logics learned by the intrusion detection model. Current practices of ML-based intrusion detection methods depend heavily on black-box prediction models. It is therefore difficult to the owner of IDS to assess and identify potential bias in the detection output.
Therefore, the goal of this research engineer position is to collaborate with our research team to develop and integrate fast and adaptive ML methods that can detect and update the model to cope with the variation of attack behaviors. This position will be hosted at Rennes and may be required to travel to work with the AI and security team of Scality in Paris regularly. Travel expenses will be covered within the limits of the scale in force.
Mission confiée
Assignments :
With the help of the researchers at PIRAT and AI engineers at Scality, the recruited research engineer will work with our research team to develop ML-based intrusion detection algorithms in two perspectives. We aim first to provide transferable ML-based intrusion detection systems. In this study, the ML-based intrusion detection model should be designed to be easily adapted to different network traffic data sources without relearning from scratch. For example, we first train an intrusion detection model using network traffics from some attack campaigns from CIC-IDS-2018 [1]. After that, we want to identify the optimal hyperparameters or the optimal detection model using a few network flows of the other attack campaigns of the same dataset. The adapted model should achieve accurate detection over the other attack campaigns during test. In this sense, the designed ML-based detection model can be flexibly reused without the intense retraining cost in different network intrusion detection applications. Potential Machine Learning methodologies, e.g. meta learning [2] or transfer learning [3], could be useful to achieve fast adaption of the intrusion detection methods across different data sources, or across the drift of attack behaviours.
In a further step, we will also focus on providing interpretable intrusion detection algorithms. The expected ML-driven intrusion detection model should automatically discover malicious payload signatures and attack behaviors from network traffic data. These ML-generated signatures can help understand the process of stealth attacks, such as APT attacks, and make the decision of ML-based detection models more reliable compared to black box ML models. In this respect, we plan to explore if the popular examplanable methods, e.g. Shapley value [4] or LIME [5] could be applied to interpret the detection logics and highlight the important attributes of cyber attack behaviours.
[1] https://www.unb.ca/cic/datasets/ids-2018.html
[2] Chelsea Finn, Pieter Abbeel, Sergey Levine (2017). "Model-Agnostic Meta-Learning for Fast Adaptation of Deep Networks" arXiv:1703.03400
[3] Jeeyung Kim, Alex Sim, Jinoh Kim, Kesheng Wu, and Jaegyoon Hahm. 2020. Transfer Learning Approach for Botnet Detection Based on Recurrent Variational Autoencoder. In Proceedings of the 3rd International Workshop on Systems and Network Telemetry and Analytics (SNTA '20).
[4] https://shap.readthedocs.io/en/latest/
[5] https://github.com/marcotcr/lime
Responsibilities :
The research engineer recruited will be in charge of implementing the ML algorithms for intrusion detection and integrating the ML algorithms developped with the Cloud network traffic flow data provided by Scality. The research engineer is also expected to work with our research team to investigate how we can apply ML-based detector over encrypted network traffic flows.
Principales activités
Main activities:
Compétences
Technical skills and level required :
Relational skills
Working Language : English (will be preferred)
Avantages
The Inria Centre at Rennes University is one of Inria's eight centres and has more than thirty research teams. The Inria Centre is a major and recognized player in the field of digital sciences. It is at the heart of a rich R&D and innovation ecosystem: highly innovative PMEs, large industrial groups, competitiveness clusters, research and higher education players, laboratories of excellence, technological research institute, etc.
Contexte et atouts du poste
Inria PIRAT team (https://team.inria.fr/pirat/) is hiring one research engineer at Rennes with a strong background on the practices of Machine Learning-driven Cyber Security.In this project, the PIRAT team will be funded by BPI-France project Cyberte and collaborate with Scality, a start-up on Cloud Service (https://www.scality.com/).
Previous practices of Machine Learning (ML)-driven intrusion detection systems (IDS) suffer from two bottlenecks. First of all, the attack behaviors evolve persistently. New attack techniques / campaigns emerge and may change drastically the malicious payloads that recorded in the data, e.g., system logs or network traffics. Such change over malicious behaviors can lead to failure of Machine Learning-driven intrusion detection. Second, beyond evaluating the detection accuracy, it is interesting to understand the decision logics learned by the intrusion detection model. Current practices of ML-based intrusion detection methods depend heavily on black-box prediction models. It is therefore difficult to the owner of IDS to assess and identify potential bias in the detection output.
Therefore, the goal of this research engineer position is to collaborate with our research team to develop and integrate fast and adaptive ML methods that can detect and update the model to cope with the variation of attack behaviors. This position will be hosted at Rennes and may be required to travel to work with the AI and security team of Scality in Paris regularly. Travel expenses will be covered within the limits of the scale in force.
Mission confiée
Assignments :
With the help of the researchers at PIRAT and AI engineers at Scality, the recruited research engineer will work with our research team to develop ML-based intrusion detection algorithms in two perspectives. We aim first to provide transferable ML-based intrusion detection systems. In this study, the ML-based intrusion detection model should be designed to be easily adapted to different network traffic data sources without relearning from scratch. For example, we first train an intrusion detection model using network traffics from some attack campaigns from CIC-IDS-2018 [1]. After that, we want to identify the optimal hyperparameters or the optimal detection model using a few network flows of the other attack campaigns of the same dataset. The adapted model should achieve accurate detection over the other attack campaigns during test. In this sense, the designed ML-based detection model can be flexibly reused without the intense retraining cost in different network intrusion detection applications. Potential Machine Learning methodologies, e.g. meta learning [2] or transfer learning [3], could be useful to achieve fast adaption of the intrusion detection methods across different data sources, or across the drift of attack behaviours.
In a further step, we will also focus on providing interpretable intrusion detection algorithms. The expected ML-driven intrusion detection model should automatically discover malicious payload signatures and attack behaviors from network traffic data. These ML-generated signatures can help understand the process of stealth attacks, such as APT attacks, and make the decision of ML-based detection models more reliable compared to black box ML models. In this respect, we plan to explore if the popular examplanable methods, e.g. Shapley value [4] or LIME [5] could be applied to interpret the detection logics and highlight the important attributes of cyber attack behaviours.
[1] https://www.unb.ca/cic/datasets/ids-2018.html
[2] Chelsea Finn, Pieter Abbeel, Sergey Levine (2017). "Model-Agnostic Meta-Learning for Fast Adaptation of Deep Networks" arXiv:1703.03400
[3] Jeeyung Kim, Alex Sim, Jinoh Kim, Kesheng Wu, and Jaegyoon Hahm. 2020. Transfer Learning Approach for Botnet Detection Based on Recurrent Variational Autoencoder. In Proceedings of the 3rd International Workshop on Systems and Network Telemetry and Analytics (SNTA '20).
[4] https://shap.readthedocs.io/en/latest/
[5] https://github.com/marcotcr/lime
Responsibilities :
The research engineer recruited will be in charge of implementing the ML algorithms for intrusion detection and integrating the ML algorithms developped with the Cloud network traffic flow data provided by Scality. The research engineer is also expected to work with our research team to investigate how we can apply ML-based detector over encrypted network traffic flows.
Principales activités
Main activities:
- Co-development (with the post-doc and permanent researchers in the PIRAT team) of extensible ML methods to deliver fast adaption of intrusion detection use across different attack behaviours, as well as across different data sources. In this study, we especially focus on network traffic flow-based intrusion detection.
- Preprocessing and measurement study of the proposed methods using publica datasets and network flows collected by the team members
- Preparing technical documents of developped ML-based network intrusion detection algorithms.
Compétences
Technical skills and level required :
- Basic knowledge in intrusion detection systems. Previous experiences with network flow-based intrusion detection systems will be favored.
- Knowledge in Machine Learning.
- Proficient in programming in python. Experience with programming using pytorch and GPU platform will be preferred.
Relational skills
- Good communications skills
- Reasonable presentations skills
Working Language : English (will be preferred)
Avantages
- Subsidized meals
- Partial reimbursement of public transport costs
- Leave: 7 weeks of annual leave + 10 extra days off due to RTT (statutory reduction in working hours) + possibility of exceptional leave (sick children, moving home, etc.)
- Possibility of teleworking (after 6 months of employment) and flexible organization of working hours
- Professional equipment available (videoconferencing, loan of computer equipment, etc.)
- Social, cultural and sports events and activities
- Access to vocational training
- Social security coverage
RÉSUMÉ DE L' OFFRE
Research Engineer F/M on AI-driven Network Intrusion Detection for Clouds
Inria
Rennes
il y a un jour
S/O
Temps plein
Research Engineer F/M on AI-driven Network Intrusion Detection for Clouds