PhD in Electrical, Electronics and Communications Engineering
PhD Student: Matteo Boffa
Context of the research activity
Unsupervised Machine Learning aims at finding unexpected patterns in data. It has been used in several problems in computer networks, from the detection of port scans to the monitoring of time‐series collected from Internet systems.
Developments on AI bring new possibilities for anomaly detection too. Indeed, data‐driven approaches and machine learning have seen widespread application on anomaly detection, and this trend has been accelerated by new AI algorithms, such as auto‐encoders and adversarial
Classic anomaly detection approaches are far from appropriate for complex multi‐dimensional problems. They either produce an unbearable high number of irrelevant anomalies or miss complex cases that are characterized by events only noticeable when taking multiple sensors into account simultaneously.
Multi‐dimensional time‐series are the norm for some security applications. This is the case for the analysis of the data collected by security instruments such as honeypots. Honeypot data is usually noisy, as they are systems deployed to be attacked. Finding relevant anomalies in these complex multivariate data is essential for the security analysts, which must (i) pinpoint cases where attackers have succeeded breaching the honeypot system – thus producing relevant traces; and (ii) identify when attackers may have taken control of the honeypot system altogether – thus representing a threat for the network environment.
This thesis will focus on anomaly detection based on machine learning on complex multivariate time‐series collected from honeypot deployments and communication networks in general. It will tackle the following research questions:
- How to effectively deploy honeypots to obtain a comprehensive picture of operational network attacks?
- How to efficiently collect and process the time‐series monitored from the honeypots to spot anomalies on a timely fashion using machine learning solutions?
- How to identify anomalies considering a complete view of the security monitoring environment, as opposed to identify anomalies on independent time‐series?
Skills and competencies for the development of the activity
- Knowledge of network security;
- Knowledge about operation of honeypots;
- Knowledge of basic machine learning algorithms;
- Knowledge of classic anomaly detection algorithms;
- Python programming.
Further information about the PhD program at Politecnico can be found here
Back to the list of PhD positions