International Association
for Cryptologic Research

Large-Scale Online Learning for Intrusion Detection and Proactive Forensics

** Main objective of the research is to overcome limitations of existing intrusion-detection systems (IDS), which are presently mainly based on expert knowl­edge or contemporary online learning. For IDSs, the continuous learning of new and changing attack patterns, and the use of relevant attributes or fea­tures that represent abnormal behaviour in network-traffic data is of greatest importance in order to detect hostile activities in dynamic network environ­ments. Online-learning systems with an embedded online-feature selection have a great potential to assist in understanding the nature of network in­trusions as well as to assist in establishing the ability to process massive amounts of data in large-scale networks. Specific objectives of the proposed research are two-fold:

- To develop new computational-intelligent methods for online-learning in malware and intrusion-detection systems that can deal with the challenges of massive data, obfuscation, adversarial activities, chang­ing environments and the lack of a real-labeled reference data and training dataset, and

- To develop new embedded-online-feature-selection methods without prior knowledge or limited number of features (open-system system approach)

** Specific background and skills in one or more of the following areas is highly desirable:

- Excellent MSc degree in computer science/engineering, mathematics or statistics

- Experience in numerical analysis, algorithms and complexity analysis

- Knowledge in machine learning and pattern recognition

- Programming ability in one or more of the following languages: Matlab, Python, Java,C, C++, or C#

- Fluent in English: oral and written communication skills

- Ability to communicate technical concepts clearly and effectively

- Scientific publications in re