Aller au contenu

Post doctoral position in Distributed, Explainable and Robust Anomaly Detection - 2 years contract

  • On-site
    • Palaiseau, Île-de-France, France
  • Réseaux et Internet des objets

Job description

Télécom SudParis

ABOUT TELECOM SUDPARIS

Telecom SudParis is a public graduate school for engineering, which has been recognized on the highest level in the domain of digital technology. The quality of its courses is founded on the scientific excellence of its faculty and on teaching techniques that emphasize project management, innovation and intercultural understanding. Telecom SudParis is part of the Institut Mines-Telecom, the number one group of engineering schools in France, under the supervision of the Minister for Industry. Telecom SudParis with Ecole Polytechnique, ENSTA Paris, ENSAE Paris, ENPC and Telecom Paris are co-founders of the Institut Polytechnique de Paris, an institute of Science and Technology with an international vocation. Vidéo présentation de Télécom SudParis

ABOUT INSTITUT MINES-TELECOM :

The Institut Mines-Télécom (IMT) is a public institution dedicated to higher education and research for innovation in the fields of engineering and digital technology. Always attentive to the needs of the business world, the IMT combines strong academic and scientific legitimacy, close ties with companies and a unique positioning on the major transformations of the 21st century: digital, energy, industrial and educational. Its activities are carried out by the Mines and Télécom Grandes Ecoles under the authority of the Minister for Industry and Electronic Communications, two subsidiaries and associated partners or partners under agreement. ITM is a founding member of the Alliance Industrie du Futur. It has been awarded the Carnot label for the quality of its research partnerships.
Institut Mines-Télécom video presentation

MISSIONS:

Applications are increasingly exposed through Web interfaces to human users or through APIs to machines. In case they are badly designed, they may represent priority targets for attackers and lead to severe economical loss. It is thus necessary to develop API management solutions that integrate security by design. However, even when users are authenticated using a secure method, it cannot prevent malicious actions from compromised users. We then propose to detect attack behaviours from API or Web portal users. In particular, anomaly detection to secure APIs is an emerging research domain. Little concrete data is available to precisely characterize attacks. Therefore, a reasonable approach focusses on data about what is known, that is, legitimate user requests. But, these requests are sensitive as they are often human-generated and may contain secrets. And even if we would obtain such data, we may not prevent data poisoning that would perturb the training of an anomaly detector. It becomes crucial to understand what we want to represent and distinguish legitimate behaviours so as to produce a robust representation that an attacker could not imitate. Finally, learning on a dataset tends to overfit, and comes with additional challenges such as adversarial attacks or concept drift, that may induce classification errors. Many approaches may help in reducing errors such as incremental learning, privacy-preserving distributed learning (such as Federated Learning), contrastive learning, as well as other approaches such as Open Set Recognition.

 

ACTIVITIES: 

In order to respect users’ privacy, we exploit a Federated Learning approach and delegate data collection and local detection to the API’s clients. We propose an approach robust to adversarial attacks, to minimize false positives, which can drastically occur in an environment with numerous requests. We also consider using adversarial ML, explainable AI and Open Set Learning to reduce false positives. These methods are more or less costly and induce delays that may hinder Federated Learning.

  • Thus, in a first prototype, we will carry out off-line analysis, as can be done in legacy intrusion detection systems, where alerts are treated by a Security Incident and Event Management (SIEM).

  • In a second use case, we will optimise the learning pipeline in order to reduce delay and propose a near-real-time detection, which enables reaction. The reaction will be more precise if we are able to learn new attack classes.

To evaluate the relevance and feasibility of the federated (even, contrastive) learning approach, we will rely on typical detection performance metrics but also evaluate the induced distributed deployment costs (scalability), and privacy threats to end users.

Job requirements

Level of training and / or experience required:

  • PhD or Doctorat for less than 3 years

Essential skills, knowledge and experience:

  • Experience in machine-learning based cybersecurity, in particular, intrusion detection

  • Skills in Federated Learning

  • English written and spoken

Advantageous skills, knowledge and experience:

  • Skills in Adversarial Attacks

  • Skills in explainable AI

  • Skills in Open Set Learning

  • Skills in Contrastive Learning

  • Skills in Concep Drift

Abilities and skills:

  • Rigor

  • Autonomy

  • Teamwork


APPLICATION PROCEDURE

  • Application deadline: 31/08/2025

  • Nature of the contract: Temporary contract / 24 months

  • Category and profession of the position: II - R, Research and development engineer

  • To apply, please send us a CV, a cover letter

  • Location of the position : Palaiseau (France)

  • The positions offered for recruitment are open to all with, on request, accommodations for candidates with disabilities

  • Working conditions: Teleworking possible, restaurant and cafeteria on site, accessibility by public transport (with employer's participation) or close to main roads, staff association and sports association on campus

  • Contact person: Gregory BLANC (gregory.blanc@telecom-sudparis.eu)

or