Maciej Korczynski, Ph.D.

Grenoble Institute of Technology
LIG Lab, Drakkar group

IMAG building
700 avenue Centrale, office 420
38401 Saint-Martin d'Heres
France

e-mail: maciej (dot) korczynski (at) univ-grenoble-alpes (dot) fr
Phone: +33 457 421 692
PGP key ID: 1BDA32F6




Short biography I am a Maitre de Conferences at Grenoble INP-Ensimag and a member of the Drakkar group at LIG Lab.

Previously, I was a post-doctoral researcher at TU Delft and a member of the Economics of Cybersecurity group analyzing large-scale Internet measurement and incident data to identify how providers of Internet services deal with security risks and incidents.

I was a visiting scientist at the Yokohama National University in March 2015.

Between February 2013 and May 2014, I was post-doctoral researcher at Rutgers University and a member of the Fefferman Lab investigating bio-inspired algorithms in distributed anomaly detection systems.

I received my Ph.D. in Computer Science from the Grenoble Alpes University. Between October 2009 and December 2012 I was a member of the Drakkar group at LIG Lab.


News
  • [2018.10.02] SIDN Labs, Afnic Labs, and Grenoble Alps University started a new research project called "Classification of compromised versus maliciously registered domains" (COMAR) on 1 October 2018. You can find our blog post here.
  • [2018.10.02] Our colleague Oliver Gasser (TU Munich) will give a talk titled "Clusters in the Expanse: Understanding and Unbiasing IPv6 Hitlists" at the upcoming RIPE meeting. You can find more information on our blog post.
  • [2018.07.02] Mehmet Tahir Sandikkaya will be joining the Drakkar team as a visiting researcher to work on security of IoT devices. Welcome Tahir!
  • [2018.03.26] The publication "In Log We Trust: Revealing Poor Security Practices with Certificate Transparency Logs and Internet Measurements" has been awarded with the Best Paper Award at the Passive and Active Measurement Conference (PAM'18)!
  • [2018.02.11] Our ACM CCS paper titled "Herding Vulnerable Cats: A Statistical Approach to Disentangle Joint Responsibility for Web Security in Shared Hosting" was nominated along with 4 other paper for the best Dutch cybersecurity research paper in 2018.
  • [2017.11.01] We invite applications for a PhD Student position in the area of measurements for cybersecurity and Domain Name System (DNS) abuse. Application deadline: 31.12.2017
  • [2017.09.05] Together with my colleague Maarten Wullink (SIDN) we would like to invite everyone to join the webinar entitled: "The Statistical Analysis of DNS Abuse in gTLDs", on 13 and 14 September 2017, organized and hosted by ICANN.
  • [2017.08.20] I'm very happy to announce that starting from September 2017 I will be appointed at ENSIMAG and will join the Drakkar research group lead by Prof. Andrzej Duda at LIG Lab (Grenoble Computer Science Laboratory).
  • [2017.08.04] We have delivered the SADAG final report to ICANN. Between August 9 and September 27, 2017 ICANN invites public comments from the community on the data, methodology, and results of our report.
  • [2016.12.13] I'm very happy to announce that we kicked off a new study for ICANN together with SIDN Labs to investigate the abuse of domain names in new and legacy gTLDs. Please check our blog post and the SADAG site for more information.
  • [2016.05.05] I will give a talk about the Clean Netherlands project titled: "Tackling Internet pollution using science and law enforcement" at a cybercrime conference organized by the Cambridge Cloud Cybercrime Centre on Thursday, 14th July 2016.
Scientific interests I am interested in areas related to cybersecurity:
  • Network traffic measurement, analysis, and classification
  • Distributed detection and confinement of abnormal activities in network traffic
  • Reputation metrics to improve intermediary incentives for security

Publications Selected Publications (see also my google scholar and dblp pages):
  • "Clusters in the Expanse: Understanding and Unbiasing IPv6 Hitlists", Oliver Gasser, Quirin Scheitle, Pawel Foremski, Qasim Lone, Maciej Korczynski, Stephen D. Strowes, Luuk Hendriks, Georg Carle, ACM SIGCOMM Internet Measurement Conference (IMC'18), Boston, USA, November 2018 (Acceptance rate: 24,7%)
  • "Using Crowdsourcing Marketplaces for Network Measurements: The Case of Spoofer", Qasim Lone, Matthew Luckie, Maciej Korczynski, Hadi Asghari, Mobin Javed, Michel van Eeten, Network Traffic Measurement and Analysis Conference (TMA 2018), Vienna, Austria, June 2018 (Acceptance rate: 33,3%)
  • "In Log We Trust: Revealing Poor Security Practices with Certificate Transparency Logs and Internet Measurements", O. Gasser, B. Hof, M. Helm, M. Korczynski, R. Holz, G. Carle, Passive and Active Measurement Conference (PAM 2018), Berlin, March 2018 (Best Paper Award)
  • "Rotten Apples or Bad Harvest? What We Are Measuring When We Are Measuring Abuse", Samaneh Tajalizadehkhoob, Rainer Bohme, Carlos Ganan, Maciej Korczynski, and Michel van Eeten, in ACM Transactions on Internet Technology (ACM TOIT), Volume 18 Issue 4, September 2018
  • "Who Gets the Boot? Analyzing Victimization by DDoS-as-a-Service", Arman Noroozian, Maciej Korczynski, Carlos Hernandez Ganan, Daisuke Makita, Katsunari Yoshioka, and Michel van Eeten, International Symposium on Research in Attacks, Intrusions and Defenses (RAID'16), pages 368-389, Paris, September 2016 (Acceptance rate: 25,9%)
  • "Two Methods for Detection Malware", Maciej Korczynski, Gilles Berger-Sabbatel, Andrzej Duda 6th INDECT/IEEE International Conference on Multimedia Communications, Services and Security, pages 1-12, Cracow, June 2013
Ph.D. thesis (in English):
Master of Science thesis (in English):
  • "Evaluating Impact of Sampling Methods on Detection of DDoS Attacks Accuracy for Unified Rate Limiting Algorithm", Maciej Korczynski, Cracow, July 2009
Selected Talks:
  • Trends in Abuse: New and Legacy gTLDs (speaker), 41st M3AAWG General Meeting, Toronto, Canada, September 5, 2017
  • Statistical Analysis of DNS Abuse in gTLDs (SADAG) (invited speaker), ICANN 59 meeting, Johannesburg, South Africa, June 27, 2017
  • Zone Poisoning: The How and Where of Non-Secure DNS Dynamic Updates (speaker), DNS-OARC 2017 Spring Workshop, Madrid, Spain, May 15, 2017
  • Statistical Analysis of DNS Abuse in generic Top-Level Domains, ICANN meeting (invited speaker), Copenhagen, Denmark, March 14, 2017
  • Measuring Malware and Phishing Rates in .nl and Other TLDs (co-author), Council of European National Top-Level Domain Registries (CENTR), Belgrade, Serbia, October 6, 2016
  • Who gets the Boot? Analyzing Victimization by DDoS-as-a-Service (keynote speaker), Tech Together (ISPConnect & Dutch Hosting Provider Association), Nieuwegein, The Netherlands, September 1, 2016
  • Tackling Internet Pollution Using Science and Law Enforcement (invited speaker), Cambridge Cybercrime Centre: Inaugural Cybercrime Conference, Cambridge, UK, July 14, 2016
  • "Reputation Metrics Design to Improve Intermediary Incentives for Security of TLDs" (invited speaker, panelist), The First IAS-YNU Symposium on Information and Physical Security, Yokohama, Japan, March 18, 2015
  • "Badness Metrics for Hosters: Ranking Abuse in the Dutch Market" (co-author), Digital Crimes Consortium, Miami, Florida, USA, March 12, 2015
Projects Past Projects:
  • Nederland Schoon (Clean NL): Project aims to tackle Internet pollution in the Dutch hosting market. A collaboration between Dutch National Police, the Authority for Consumers and Markets (ACM), the Public Prosecutor, and Delft University of Technology. Role: Senior researcher
  • Nature-Inspired Cyber Health: DHS project on bio-inspired distributed decision algorithms for anomaly detection (2013-2015). Role: Senior researcher
  • INDECT: European research project on security of citizens in both real and virtual environments (2009-2014). Role: PhD researcher
  • COST IC0703: European research project on traffic monitoring and analysis (2008-2012). Role: Junior researcher
  • PBZ: National project on next generation services and networks (2007-2010). Role: Junior researcher.

Ongoing Projects:

  • SADAG: Statistical Analysis of DNS Abuse in generic Top-Level Domains (2016-2017). Project in collaboration with SIDN and the Internet Corporation for Assigned Names and Numbers (ICANN). Project coordinator: SIDN Labs. Role co-Principal Investigator, senior researcher
  • REMEDI3S-TLD Phase 2: Reputation Metrics Design to Improve Intermediary Incentives for Security of Top-Level Domains (2016-2017). Project in collaboration with SIDN Labs. Role: Principal Investigator
  • Benchmark System for the Security of the Dutch Hosting Market. Project founded by the Dutch Ministry of Economics (2016-2018). Role: Principal Investigator
  • Crowd-sourcing BCP38 Compliance Measurements (2017). Project in collaboration with NCSC. Role: co-Principal Investigator

Courses I teach "Ingenierie de la securite" course at Grenoble INP - Ensimag (academic year 2018/2019).

I taught the "Reseaux: Telecommunications" and "Reseaux: Complements et Applications" courses at Grenoble INP - Ensimag in 2017/2018.

I prepared the course on Understanding International Grand Challenges in Cyber Security at Delft University of Technology during the academic year 2016/2017.

In July 2016, I gave a guest lecture on Economics of Cyber Security at the Risk Management Summer School at TU Delft.

I gave the Security of Information Systems course at University of Joseph Fourier in Grenoble and Introduction aux Reseaux de Communications at Grenoble INP during the academic year 2011/2012.