Maciej Korczynski, Ph.D.


Grenoble Institute of Technology
LIG Lab, Drakkar group

IMAG building
700 avenue Centrale, office 420
38401 Saint-Martin d'Heres

e-mail: maciej (dot) korczynski (at) univ-grenoble-alpes (dot) fr
Phone: +33 457 421 692
PGP key ID: 1BDA32F6

Short biography I am a researcher at Grenoble INP-Ensimag and a member of the Drakkar group at LIG Lab.

Previously, I was a post-doctoral researcher at TU Delft and a member of the Economics of Cybersecurity group analyzing large-scale Internet measurement and incident data to identify how providers of Internet services deal with security risks and incidents.

I was a visiting scientist at the Yokohama National University in March 2015.

Between February 2013 and May 2014, I was post-doctoral researcher at Rutgers University and a member of the Fefferman Lab investigating bio-inspired algorithms in distributed anomaly detection systems.

I received my Ph.D. in Computer Science from the University of Joseph Fourier in Grenoble. Between October 2009 and December 2012 I was a member of the Drakkar group at LIG Lab.

Until 2012 I was an active member of the group of the researchers within the COST Action IC0703 "Data Traffic Monitoring and Analysis (TMA)" dedicated to traffic measurement and network attack detection in the Department of Telecommunications in AGH University of Science and Technology.

I received my M.Sc. in Electronics and Telecommunications from the AGH University of Science and Technology in 2009.

In 2009 I was an invited researcher student in Network Management and Optimal Design Laboratory (NETMODE) at National Technical University of Athens (Short Term Scientific Mission within the COST Action IC0703).

  • [2017.11.01] We invite applications for a PhD Student position in the area of measurements for cybersecurity and Domain Name System (DNS) abuse. Application deadline: 31.12.2017
  • [2017.09.05] Together with my colleague Maarten Wullink (SIDN) we would like to invite everyone to join the webinar entitled: "The Statistical Analysis of DNS Abuse in gTLDs", on 13 and 14 September 2017, organized and hosted by ICANN.
  • [2017.08.20] I'm very happy to announce that starting from September 2017 I will be appointed at ENSIMAG and will join the Drakkar research group lead by Prof. Andrzej Duda at LIG Lab (Grenoble Computer Science Laboratory).
  • [2017.08.04] We have delivered the SADAG final report to ICANN. Between August 9 and September 27, 2017 ICANN invites public comments from the community on the data, methodology, and results of our report.
  • [2016.12.13] I'm very happy to announce that we kicked off a new study for ICANN together with SIDN Labs to investigate the abuse of domain names in new and legacy gTLDs. Please check our blog post and the SADAG site for more information.
  • [2016.05.05] I will give a talk about the Clean Netherlands project titled: "Tackling Internet pollution using science and law enforcement" at a cybercrime conference organized by the Cambridge Cloud Cybercrime Centre on Thursday, 14th July 2016.
Scientific interests I am interested in areas related to network security:
  • Network traffic measurement, analysis, and classification
  • Distributed detection and confinement of abnormal activities in network traffic
  • Reputation metrics to improve intermediary incentives for security

Publications Selected Publications:
  • "In Log We Trust: Revealing Poor Security Practices with Certificate Transparency Logs and Internet Measurements", O. Gasser, B. Hof, M. Helm, M. Korczynski, R. Holz, G. Carle, Passive and Active Measurement Conference (PAM 2018), accepted, Berlin, March 2018
  • "Rotten Apples or Bad Harvest? What We Are Measuring When We Are Measuring Abuse", Samaneh Tajalizadehkhoob, Rainer Bohme, Carlos Ganan, Maciej Korczynski, and Michel van Eeten, in ACM Transactions on Internet Technology (ACM TOIT), accepted, 2018
  • "Who Gets the Boot? Analyzing Victimization by DDoS-as-a-Service", Arman Noroozian, Maciej Korczynski, Carlos Hernandez Ganan, Daisuke Makita, Katsunari Yoshioka, and Michel van Eeten, International Symposium on Research in Attacks, Intrusions and Defenses (RAID'16), pages 368-389, Paris, September 2016 (Acceptance rate: 25,9%)
  • "Two Methods for Detection Malware", Maciej Korczynski, Gilles Berger-Sabbatel, Andrzej Duda 6th INDECT/IEEE International Conference on Multimedia Communications, Services and Security, pages 1-12, Cracow, June 2013
Ph.D. thesis (in English):
Master of Science thesis (in English):
  • "Evaluating Impact of Sampling Methods on Detection of DDoS Attacks Accuracy for Unified Rate Limiting Algorithm", Maciej Korczynski, Cracow, July 2009
Selected Talks:
  • Trends in Abuse: New and Legacy gTLDs (speaker), 41st M3AAWG General Meeting, Toronto, Canada, September 5, 2017
  • Statistical Analysis of DNS Abuse in gTLDs (SADAG) (invited speaker), ICANN 59 meeting, Johannesburg, South Africa, June 27, 2017
  • Zone Poisoning: The How and Where of Non-Secure DNS Dynamic Updates (speaker), DNS-OARC 2017 Spring Workshop, Madrid, Spain, May 15, 2017
  • Statistical Analysis of DNS Abuse in generic Top-Level Domains, ICANN meeting (invited speaker), Copenhagen, Denmark, March 14, 2017
  • Measuring Malware and Phishing Rates in .nl and Other TLDs (co-author), Council of European National Top-Level Domain Registries (CENTR), Belgrade, Serbia, October 6, 2016
  • Who gets the Boot? Analyzing Victimization by DDoS-as-a-Service (keynote speaker), Tech Together (ISPConnect & Dutch Hosting Provider Association), Nieuwegein, The Netherlands, September 1, 2016
  • Tackling Internet Pollution Using Science and Law Enforcement (invited speaker), Cambridge Cybercrime Centre: Inaugural Cybercrime Conference, Cambridge, UK, July 14, 2016
  • "Reputation Metrics Design to Improve Intermediary Incentives for Security of TLDs" (invited speaker, panelist), The First IAS-YNU Symposium on Information and Physical Security, Yokohama, Japan, March 18, 2015
  • "Badness Metrics for Hosters: Ranking Abuse in the Dutch Market" (co-author), Digital Crimes Consortium, Miami, Florida, USA, March 12, 2015
Projects Past Projects:
  • Nederland Schoon (Clean NL): Project aims to tackle Internet pollution in the Dutch hosting market. A collaboration between Dutch National Police, the Authority for Consumers and Markets (ACM), the Public Prosecutor, and Delft University of Technology. Role: Senior researcher
  • Nature-Inspired Cyber Health: DHS project on bio-inspired distributed decision algorithms for anomaly detection (2013-2015). Role: Senior researcher
  • INDECT: European research project on security of citizens in both real and virtual environments (2009-2014). Role: PhD researcher
  • COST IC0703: European research project on traffic monitoring and analysis (2008-2012). Role: Junior researcher
  • PBZ: National project on next generation services and networks (2007-2010). Role: Junior researcher.

Ongoing Projects:

  • SADAG: Statistical Analysis of DNS Abuse in generic Top-Level Domains (2016-2017). Project in collaboration with SIDN and the Internet Corporation for Assigned Names and Numbers (ICANN). Project coordinator: SIDN Labs. Role co-Principal Investigator, senior researcher
  • REMEDI3S-TLD Phase 2: Reputation Metrics Design to Improve Intermediary Incentives for Security of Top-Level Domains (2016-2017). Project in collaboration with SIDN Labs. Role: Principal Investigator
  • Benchmark System for the Security of the Dutch Hosting Market. Project founded by the Dutch Ministry of Economics (2016-2018). Role: Principal Investigator
  • Crowd-sourcing BCP38 Compliance Measurements (2017). Project in collaboration with NCSC. Role: co-Principal Investigator

Courses I teach the Reseaux: Telecommunications course at Grenoble INP - Ensimag in 2017/2018.

I prepared the course on Understanding International Grand Challenges in Cyber Security at Delft University of Technology during the academic year 2016/2017.

In July 2016, I gave a guest lecture on Economics of Cyber Security at the Risk Management Summer School at TU Delft.

I gave the Security of Information Systems course at University of Joseph Fourier in Grenoble and Introduction aux Reseaux de Communications at Grenoble INP during the academic year 2011/2012.