Maciej Korczynski, Ph.D.

Associate Professor
Grenoble Alpes University
LIG, Grenoble Computer Science Laboratory
Drakkar group

IMAG building
700 avenue Centrale, office 411
38401 Saint-Martin d'Heres

e-mail: maciej (dot) korczynski (at) univ-grenoble-alpes (dot) fr
Phone: +33 457 421 692
PGP key ID: 1BDA32F6

Short biography I am Associate Professor of computer network security at Grenoble INP-Ensimag and a member of the Drakkar group at LIG Lab. I received my HDR (Habilitation) in Computer Science from the Grenoble Alpes University in 2021.

Previously, I was a post-doctoral researcher at TU Delft and a member of the Economics of Cybersecurity group analyzing large-scale Internet measurement and incident data to identify how providers of Internet services deal with security risks and incidents.

Between February 2013 and May 2014, I was a post-doctoral researcher at Rutgers University and a member of the Fefferman Lab investigating bio-inspired algorithms in distributed anomaly detection systems.

I received my Ph.D. in Computer Science from the Grenoble Alpes University. Between October 2009 and December 2012 I was a member of the Drakkar group at LIG Lab.

Scientific interests I am interested in areas related to cybersecurity:
  • Security of DNS infrastructure and domain name abuse
  • Large-scale network traffic measurement, analysis, and classification
  • Secure protocols and communication mechanisms
  • Distributed detection and confinement of abnormal activities in network traffic
  • Reputation metrics to improve intermediary incentives for security

  • [2024.01.10] Congratulations to Yevheniya! Our paper titled "Extended DNS Errors: Unlocking the Full Potential of DNS Troubleshooting" that was presented at ACM IMC 2023 has been awarded the Applied Networking Research Prize in 2024!
  • [2023.11.22] We invite applications for a PhD Student position in the area of network secuity. The Ph.D. program is part of the Joint Base for Cyber Intelligence and Detection project, a French initiative led by Thales in collaboration with public and private sector stakeholders.
  • [2023.10.10] I will give a talk entitled "Building a Resilient Domain Whitelist to Enhance Phishing Blocklist Accuracy" at ICANN Tech Day on October 23, 2023.
  • [2022.02.07] I will give a talk entitled "Compromised versus Maliciously Registered Domains" at the ICANN Plenary Session: Evolving the DNS Abuse Conversation on March 9, 2022.
  • [2022.02.01] I will be giving several presentations on the Technical Report of the Domain Name System Abuse Project commissioned by the European Commission at the ICANN Contracted Party House DNS Abuse Subgroup Meeting (April 12, 2022), High-Level Group on Internet Governance Multi-stakeholder Open Session (March 11, 2022), ICANN73 GAC Public Safety Working Group (March 8, 2022), Names and Numbers SIG at M3AAWG Conference Call (March 2, 2022), DNS Abuse SIG-FIRST Conference Call (March 1, 2022), and ICANN73 Business Constituency (February 17, 2022).
  • [2021-05-20] We will give a talk about the COMAR project titled: "Classification of Compromised versus Maliciously Registered Domains" at the 2021 ICANN DNS Symposium (virtual) on May 26th 2021.
  • [2020.10.29] We wrote two blog posts describing our method for inferring the deployment of inbound Source Address Validation using DNS resolvers (Closed Resolver Project) for APNIC and RIPE NCC.
  • [2019.07.12] I will give a keynote speech titled: "Internet-wide Measurements to Prevent and Combat Cybercrime" at the 8th International Workshop on Cyber Crime at ARES on August 28, 2019 in Canterbury, UK.
  • [2019.06.23] We invite applications for a PhD Student position in the area of measurements for cybersecurity and Domain Name System (DNS) abuse. Application deadline: 31.07.2019
  • [2019.06.13] I will give a talk titled: "Internet-wide Measurements for Cybersecurity: The Case of DNS Zone Poisoning" at the French Cyber Defence and Strategy conference organized by the Cercle National des Armees on Tuesday, 2nd July 2019.
  • [2018.11.10] We are happy to announce we will be hosting a meeting of the Scientific Council of AFNIC at LIG Lab on November 22, 2018!
  • [2018.10.02] SIDN Labs, Afnic Labs, and Grenoble Alps University started a new research project called "Classification of compromised versus maliciously registered domains" (COMAR) on 1 October 2018. You can find our blog post here.
  • [2018.10.02] Our colleague Oliver Gasser (TU Munich) will give a talk titled "Clusters in the Expanse: Understanding and Unbiasing IPv6 Hitlists" at the upcoming RIPE meeting. You can find more information on our blog post.
  • [2018.07.02] Mehmet Tahir Sandikkaya will be joining the Drakkar team as a visiting researcher to work on the security of IoT devices. Welcome, Tahir!
  • [2018.03.26] The publication "In Log We Trust: Revealing Poor Security Practices with Certificate Transparency Logs and Internet Measurements" has been awarded the Best Paper Award at the Passive and Active Measurement Conference (PAM'18)!
  • [2018.02.11] Our ACM CCS paper titled "Herding Vulnerable Cats: A Statistical Approach to Disentangle Joint Responsibility for Web Security in Shared Hosting" was nominated along with 4 other paper for the best Dutch cybersecurity research paper in 2018.
  • [2017.11.01] We invite applications for a PhD Student position in the area of measurements for cybersecurity and Domain Name System (DNS) abuse. Application deadline: 31.12.2017
  • [2017.09.05] Together with my colleague Maarten Wullink (SIDN) we would like to invite everyone to join the webinar entitled: "The Statistical Analysis of DNS Abuse in gTLDs", on 13 and 14 September 2017, organized and hosted by ICANN.
  • [2017.08.20] I'm very happy to announce that starting from September 2017 I will be appointed at ENSIMAG and will join the Drakkar research group lead by Prof. Andrzej Duda at LIG Lab (Grenoble Computer Science Laboratory).
  • [2017.08.04] We have delivered the SADAG final report to ICANN. Between August 9 and September 27, 2017, ICANN invites public comments from the community on the data, methodology, and results of our report.
  • [2016.12.13] I'm very happy to announce that we kicked off a new study for ICANN together with SIDN Labs to investigate the abuse of domain names in new and legacy gTLDs. Please check our blog post and the SADAG site for more information.
  • [2016.05.05] I will give a talk about the Clean Netherlands project titled: "Tackling Internet pollution using science and law enforcement" at a cybercrime conference organized by the Cambridge Cloud Cybercrime Centre on Thursday, 14th July 2016.
Publications Selected Publications (see also my google scholar and dblp pages):
  • "Deployment of Source Address Validation by Network Operators: A Randomized Control Trial", Qasim Lone, Alisa Frik, Matthew Luckie, Maciej Korczynski, Michel van Eeten, Carlos Ganan, 43rd IEEE Symposium on Security and Privacy (IEEE S&P), San Francisco, 2022
  • "Semantic Identifiers and DNS Names for IoT", Simon Fernandez, Michele Amoretti, Fabrizio Restori, Maciej Korczynski, Andrzej Duda, IEEE International Conference on Computer Communications and Networks (ICCCN'21), Greece
  • "SAVing the Internet: Explaining the Adoption of Source Address Validation by Internet Service Providers", Qasim Lone, Maciej Korczynski, Carlos Ganan, Michel van Eeten, WEIS 2020, Brussels, Belgium, December 2020 (Acceptance rate: 34,9%)
  • "MLSEC - Benchmarking Shallow and Deep Machine Learning Models for Network Security", Pedro Casas, Gonzalo Marin, German Capdehourat, Maciej Korczynski, IEEE S&P Workshop on Traffic Measurements for Cybersecurity (WTMC 2019), San Francisco, California, May 2019
  • "Tranco: A Research-Oriented Top Sites Ranking Hardened Against Manipulation", V. Le Pochat, T. Van Goethem, S. Tajalizadehkhoob, M. Korczynski, W. Joosen, Network and Distributed System Security Symposium (NDSS 2019), San Diego, California, February 2019 (Acceptance rate: 17%)
  • "Clusters in the Expanse: Understanding and Unbiasing IPv6 Hitlists", Oliver Gasser, Quirin Scheitle, Pawel Foremski, Qasim Lone, Maciej Korczynski, Stephen D. Strowes, Luuk Hendriks, Georg Carle, ACM SIGCOMM Internet Measurement Conference (IMC'18), Boston, USA, November 2018 (Acceptance rate: 24,7%)
  • "Using Crowdsourcing Marketplaces for Network Measurements: The Case of Spoofer", Qasim Lone, Matthew Luckie, Maciej Korczynski, Hadi Asghari, Mobin Javed, Michel van Eeten, Network Traffic Measurement and Analysis Conference (TMA 2018), Vienna, Austria, June 2018 (Acceptance rate: 33,3%)
  • "Rotten Apples or Bad Harvest? What We Are Measuring When We Are Measuring Abuse", Samaneh Tajalizadehkhoob, Rainer Bohme, Carlos Ganan, Maciej Korczynski, and Michel van Eeten, in ACM Transactions on Internet Technology (ACM TOIT), Volume 18 Issue 4, September 2018
  • "Who Gets the Boot? Analyzing Victimization by DDoS-as-a-Service", Arman Noroozian, Maciej Korczynski, Carlos Hernandez Ganan, Daisuke Makita, Katsunari Yoshioka, and Michel van Eeten, International Symposium on Research in Attacks, Intrusions and Defenses (RAID'16), pages 368-389, Paris, September 2016 (Acceptance rate: 25,9%)
  • "Two Methods for Detection Malware", Maciej Korczynski, Gilles Berger-Sabbatel, Andrzej Duda 6th INDECT/IEEE International Conference on Multimedia Communications, Services and Security, pages 1-12, Cracow, June 2013
HDR thesis: Ph.D. thesis:
Master of Science thesis (in English):
  • "Evaluating Impact of Sampling Methods on Detection of DDoS Attacks Accuracy for Unified Rate Limiting Algorithm", Maciej Korczynski, Cracow, July 2009
Selected Talks:
  • Trends in Abuse: New and Legacy gTLDs (speaker), 41st M3AAWG General Meeting, Toronto, Canada, September 5, 2017
  • Statistical Analysis of DNS Abuse in gTLDs (SADAG) (invited speaker), ICANN 59 meeting, Johannesburg, South Africa, June 27, 2017
  • Zone Poisoning: The How and Where of Non-Secure DNS Dynamic Updates (speaker), DNS-OARC 2017 Spring Workshop, Madrid, Spain, May 15, 2017
  • Statistical Analysis of DNS Abuse in generic Top-Level Domains, ICANN meeting (invited speaker), Copenhagen, Denmark, March 14, 2017
  • Measuring Malware and Phishing Rates in .nl and Other TLDs (co-author), Council of European National Top-Level Domain Registries (CENTR), Belgrade, Serbia, October 6, 2016
  • Who gets the Boot? Analyzing Victimization by DDoS-as-a-Service (keynote speaker), Tech Together (ISPConnect & Dutch Hosting Provider Association), Nieuwegein, The Netherlands, September 1, 2016
  • Tackling Internet Pollution Using Science and Law Enforcement (invited speaker), Cambridge Cybercrime Centre: Inaugural Cybercrime Conference, Cambridge, UK, July 14, 2016
  • "Reputation Metrics Design to Improve Intermediary Incentives for Security of TLDs" (invited speaker, panelist), The First IAS-YNU Symposium on Information and Physical Security, Yokohama, Japan, March 18, 2015
  • "Badness Metrics for Hosters: Ranking Abuse in the Dutch Market" (co-author), Digital Crimes Consortium, Miami, Florida, USA, March 12, 2015
Projects Ongoing Projects:
  • PrevDDoS: Preventing DDoS Attacks. Project funded by the IDEX Universite Grenoble Alpes Initiatives de Recherche Strategiques (IRS) (2019-2021). Role: Principal Investigator
  • COMAR: Classification of compromised versus maliciously registered domains (2018-2021). Project funded by SIDN and AFNIC. Role Principal Investigator
  • DINS: DNS Naming and Services for Secure Seamless IoT. Project funded by the Agence Nationale de la Recherche (ANR). Project in collaboration with AFNIC, ACKLIO, Bouygues Telecom, and IMT Atlantique (2020-2023). Role: Senior researcher

Past Projects:

  • SADAG: Statistical Analysis of DNS Abuse in generic Top-Level Domains (2016-2017). Project in collaboration with SIDN and the Internet Corporation for Assigned Names and Numbers (ICANN). Project coordinator: SIDN Labs. Role co-Principal Investigator, senior researcher
  • REMEDI3S-TLD Phase 2: Reputation Metrics Design to Improve Intermediary Incentives for Security of Top-Level Domains (2016-2017). Project in collaboration with SIDN Labs. Role: Principal Investigator
  • Benchmark System for the Security of the Dutch Hosting Market. Project funded by the Dutch Ministry of Economics (2016-2018). Role: Principal Investigator
  • Crowd-sourcing BCP38 Compliance Measurements (2017). Project in collaboration with NCSC. Role: co-Principal Investigator
  • Nederland Schoon (Clean NL): Project aims to tackle Internet pollution in the Dutch hosting market. A collaboration between the Dutch National Police, the Authority for Consumers and Markets (ACM), the Public Prosecutor, and Delft University of Technology. Role: Senior researcher
  • Nature-Inspired Cyber Health: DHS project on bio-inspired distributed decision algorithms for anomaly detection (2013-2015). Role: Senior researcher
  • INDECT: European research project on the security of citizens in both real and virtual environments (2009-2014). Role: PhD researcher
  • COST IC0703: European research project on traffic monitoring and analysis (2008-2012). Role: Junior researcher
  • PBZ: National project on next-generation services and networks (2007-2010). Role: Junior researcher.

Courses I teach "Introduction a la securite", "Ingenierie de la securite", "Securite des reseaux", and "Reseaux: Complements et Applications (partie DNS)" courses at Grenoble INP - Ensimag (Master RIE, academic years 2018/2019, 2019/2020).

I taught the "Reseaux: Telecommunications" and "Reseaux: Complements et Applications" courses at Grenoble INP - Ensimag in 2017/2018.

I prepared the course on Understanding International Grand Challenges in Cyber Security at Delft University of Technology during the academic year 2016/2017.

In July 2016, I gave a guest lecture on Economics of Cyber Security at the Risk Management Summer School at TU Delft.

I gave the Security of Information Systems course at the University of Joseph Fourier in Grenoble and Introduction aux Reseaux de Communications at Grenoble INP during the academic year 2011/2012.