Samuel Marchal - Aalto

October 1, 2018

Samuel MarchalAalto UniversityOffice A110Konemiehentie 2FI-02150 Espoo, [email protected](+358) 50 433 4884people.aalto.fi/samuel.marchal

Education

• University of Luxembourg / University of Lorraine Luxembourg / FrancePh.D. Computer Science 2011 – 2015

– Thesis: DNS and Semantic Analysis for Phishing Detection

– Graduating date: June 22nd, 2015

• TELECOM Nancy - University of Lorraine Nancy, FranceM.Sc. Computer Science 2008 – 2011

– Thesis: Anomaly Detection in DNS Traffic

– Graduating date: October 20th, 2011

• University of Lorraine Nancy, FranceDEUG Mathematics - Computer Science 2006 – 2008

– Graduating date: December 2nd, 2008

Appointment & Positions

• Intel Collaborative Research Institute for CARS (ICRI-CARS) Helsinki, FinlandCo-Principal Investigator Sep. 2017 – present

Adversarial machine learning and defenses for resilient autonomous systems

• Aalto University Helsinki, FinlandPostdoctoral Researcher (Secure Systems Group) June 2015 – present

Applications of machine learning to Internet and IoT security / User and network traffic profiling /Adversarial machine learning

• Intel Collaborative Research Institute for Secure Computing (ICRI-SC) Helsinki, FinlandResearcher June 2015 – Aug. 2017

Phishing detection / User behavior modeling and analysis

• Bell Laboratories - Alcatel Lucent Naperville, Illnois, U.S.A.Intern June 2012 – Aug. 2012

Prevention of Denial of Service attacks on the Session Initiation Protocol (SIP)

• Interdisciplinary Centre for Security, Reliability & Trust Luxembourg, LuxembourgPh.D. Candidate (SecanLab Group) Oct. 2011 – June 2015

Large scale network traffic analysis, machine learning and natural language processing for intrusion detection,identification of malicious domain names and URLs

• INRIA Nancy - Grand EST Nancy, FranceIntern (MADYNES Group) April 2011 – Sep. 2011

Detection of malicious domain names (botnet C&C) using passive DNS analysis

Prizes & Awards

• AFR-PhD Grant - 167,636 e 2012–2015Malware behavior analysis National Research Fund (FNR) of Luxembourg

• Best Demo/Poster Award IEEE ICDCS 2017 2017IoT Sentinel Demo: Automated Device-Type Identification for Security Enforcement in IoT IEEE

• Google Internet of Things Technology Research Award 2016BLE beacons reputation system Google

• Google Internet of Things Technology Research Award 2016IoT device fingerprinting Google

Project Management

• Modeling of Suspicious Similarity in Streaming Data (25,750 e) Principal InvestigatorProject management, research coordination, research lead 2018 – 2019

– Size of the team: 3 people

– Partner: Zalando Payment Gmbh

– Tasks: Lead the collaboration and coordinate the research made with Zalando. Supervision of theresearch made in the frame of the project at Aalto University.

• SeLIoT: Securing Lifecycle of IoT devices (234,894 e) Co-Principal InvestigatorProject management, research 2017 – present


– Partners: UC Irvine (USA) - University of Florida (USA)

– Tasks: Led the writing of the proposal. Coordinate the research made with project partners.Dissemination of results from the project. Supervision of the research made in the frame of the projectat Aalto University.

• ICRI for Collaborative Autonomous and Resilient Systems (600,000 $) Co-Principal InvestigatorResponsible for adversarial machine learning pillar 2017 – present


– Partners: TU Darmstadt - TU Bochum - TU Vienna - University of Luxembourg - Intel

– Tasks: Co-writing of the proposal. Lead the research related to adversarial machine learning anddefenses.

• ICRI for Secure Computing (1,000,000 $) ResearcherResponsible for machine learning application to security 2015 – 2017


– Partners: TU Darmstadt - University of Helsinki - Intel

– Tasks: Led the research related to designing automated methods for phishing detection, webpageclassification and user behavior profiling. Supervised initiatives of technology transfer for phishingdetection solution.

Academic & Industrial Collaborations

Academic Collaborations

• Technical University Darmstadt (Germany) 2015 –

– Main collaborators: Prof. Ahmad Sadeghi, Markus Miettinen

– Purpose: research related to IoT network security

– Outcomes: publication of 2 joint research papers

– Visit: several short visits (2-5 days) during 2015-2018

• University of California Irvine (UCI) & University of Florida (UF) (USA) 2016 –

– Main collaborators: Prof. Gene Tsudik (UCI), Prof. Patrick Traynor (UF)

– Purpose: writing of, and collaborative research in, the SELIoT research project (security of IoT systems)

– Outcomes: joint project funding (470,000 e) provided by Academy of Finland and NSF

– Visit: Bi-yearly visit (2-5 days) in Finland and the US

• University of Luxembourg 2015 –

– Main collaborators: Prof. Radu State, Christian Hammershmidt, Salvatore Signorello

– Purpose: research on network traffic profiling and security of information centric networks

– Outcomes: publication of 3 joint research papers

– Visit: Bi-yearly visit (1-10 days) during 2015-2017

Industrial Collaborations

• Zalando Payment Gmbh (Germany) 2018 –

– Main collaborator: Dr. Nidhi Singh

– Purpose: research on machine learning-based modeling technique for identifying suspicious similarity instreaming data (payment transactions)

– Visit: Monthly physical meetings (Germany or Finland)

• F-Secure (Finland) 2016 –

– Main collaborator: Dr. Alexey Kirichenko

– Purpose: research on automated techniques for phishing detection and IoT network security

– Outcomes: partial technology transfer with integration of novel features for phishing detection

• Intel (USA) 2015 –

– Main collaborators: Dr. Matthias Schunter, Dr. Nidhi Singh

– Purpose: research on automated techniques for phishing detection, Internet user profiling, adversarialmachine learning in the frame of ICRI-SC and ICRI-CARS. Consultancy for operating system securityreview.

– Outcomes: publication of 2 joint research papers, technical report on security of Intel IoT OS.

– Visit: Bi-yearly physical meetings (1-3 days) during 2015-2018

• Bell Laboratories (USA) 2012 – 2013

– Main collaborators: Dr. Vijay Gurbani

– Purpose: research on automated techniques for anomaly detection in Session Initiation Protocol (SIP)packets

– Outcomes: publication of 1 joint research paper

– Visit: Internship (Jun - Aug 2012) at Bell Laboratories in Naperville (USA)

• CETREL - SIX Group (Luxembourg) 2012 – 2015

– Main collaborators: Sam Gabbaı, Jean-Yves Decker

– Purpose: research on honeypots, intrusion detection systems and solutions for large scale securitymonitoring

– Outcomes: Integration of honeypots and result from their analysis in security monitoring solution atCETREL

– Visit: Monthly visits and meeting to coordinate the research directions and test developed solutions

Synergistic Activities

• Conference/Session Chair

– Intel CRI-CARS Retreat - Adversarial Machine Learning session (20 participants) - 2018

– ESORICS International Workshop on Secure Internet of Things (SIoT) (35 participants) - 2017

• Program Committee (TPC)

– Elsevier Computer Networks - Special Issue on Security and Privacy Internet of Things - 2018

– European Signal Processing Conference (EUSIPCO) - 2018

– IEEE Global Communications Conference (Globecom) - 2018

– NDSS Workshop on Decentralized IoT Security and Standards (NDSS-DISS) - 2018

– IEEE/IFIP International Workshop on Managing and Managed by Blockchain (Man2Block) - 2018

– ACM Asia Conference on Computer and Communications Security (ASIACCS - Shadow PC) - 2017

– ESORICS International Workshop on Secure Internet of Things (SIoT) - 2017

– IEEE/IFIP International Workshop on Security for Emerging Distributed Network Technologies - 2017

– IEEE/IFIP International Workshop on Analytics for Network and Service Management - 2017, 2018

– SecureComm Workshop on Security and Privacy in the Internet Of Things (SePrIoT) - 2017, 2018

– Nordic Conference on Secure IT Systems (NORDSEC) - 2016

• Reviewer

– Nordic Conference on Secure IT Systems (NORDSEC) - 2017

– Financial Cryptography - 2016

– IEEE/IFIP Network Operations and Management Symposium (NOMS) - 2016

– Elsevier Computers & Security - 2017

– Elsevier Computer Networks - 2016, 2017, 2018

– Journal of Computer Virology and Hacking Techniques - 2015, 2016, 2017, 2018

• Organization

– ESORICS International Workshop on Secure Internet of Things (SIoT) (30 participants) - 2017

– IoT Security Workshop - kickoff of AoF/WiFIUS SeLIoT research project (90 participants) - 2017

– Aalto Secure Systems Group team retreat - 2016

– Aalto Secure Systems Group Annual Demo Day (70 participants) - 2016

– Workshop for the AoF Contextual Security research project (40 participants) - 2015

• Invited Talks

– Keynote RESSI conference La Bresse, FranceMachine Learning in the presence of adversaries May 2018

– LORIA Seminar Nancy, FranceMachine Learning & Security: Detection, Prediction and Beyond January 2018

– LAAS-CNRS Seminar Toulouse, FranceMachine Learning & Security: Detection, Prediction and Beyond December 2017

– SECAN-Lab Seminar Dagstuhl, GermanyIoT Sentinel: Automated Device-Type Identification for Security Enforcement in IoT December 2017

– Aalto IoT Security Workshop Espoo, FinlandchownIoT: Secure Handling of Smart Home IoT Devices Ownership Change September 2017

– Intel CRI-SC Retreat Darmstadt, GermanyIoT Sentinel: Protecting your Network from Unknown Devices May 2017

– Workshop on Mobile Services and Edge Computing Helsinki, FinlandOff-the-Hook: Real-Time Client-Side Phishing Prevention System July 2016

– Intel CRI-SC Retreat Portland, USAOff-the-Hook: Real-Time Client Side Phishing Prevention June 2016

– Polytechnique Montreal Seminar Montreal, CanadaMachine Learning to the Rescue: When we Fail to Apply Security by Design May 2016

• Miscellaneous

– Pre-Selection of graduated students for the Master’s Program in Computer, Communication andInformation Sciences (CCIS) - Major: Security and Mobile Computing at Aalto University - 2017

Teaching Experience

• Research Seminar on Security and Privacy of Machine Learning (CSE-E4001) Aalto UniversityResponsible Fall 2018

– Teaching level: Master.

– Teaching load: 16 hours/semester.

– Description: Threats and attacks against machine learning applications and potential defenses, methodsfor scientific paper reading, analyzing and synthesizing information.

– Tasks: course design, create lectures and course material, giving lectures.

• Mobile Systems Security (CSE-E5480) Aalto University / University of HelsinkiLecturer Spring 2016, Spring 2017, Spring 2018



– Description: principles behind software and hardware platform security architectures, similarities anddifferences between example architectures, challenges in designing security mechanisms for mobiledevice.

– Tasks: correction of assignments, course management, responsible for challenges and surveys, createdand gave two lectures (Internet of Things (IoT) Security & Machine Learning for Security).

• Software Security (T110.6220) Aalto University / University of HelsinkiTeaching Assistant Spring 2016


– Teaching load: 12 hours.

– Description: software breaks in the security sense, activities and strategies available to create moresecure software, security and privacy threat modeling (architectural risk analysis and privacy impactassessment), language-theoretic approach to security engineering.

– Tasks: supervision and correction of assignments, global course management.

• Open Network Security (M3.14) University of LuxembourgTeaching Assistant Fall 2013, Fall 2014



– Description: approaches for assessing the security of network and software and mathematical modelingof malware and worm activities

– Tasks: supervision and correction of assignments.

• Computer Network 2 (M2.4) University of LuxembourgLecturer Spring 2013, Spring 2014, Spring 2015

– Teaching level: Bachelor.


– Description: presentation of the highest layers of the TCP/IP stack and some of their protocols.

– Tasks: teaching the course, supervision and correction of assignments.

Supervision of Research Activities

• Machine Learning Model Stealing Attack and DefensesAlexey Dmitrenko - M.Sc. thesis - Aalto University - 100% - ongoing

• Privacy Preserving Machine Learning Prediction using Trusted HardwareMax Reuter - M.Sc. thesis - Aalto University - 50% - ongoing

• Automatic Ownership Change Detection of IoT devicesArtur Valiev - M.Sc. thesis - Aalto University - 100% - ongoing

• Wireless IoT device isolationManish Thapa - M.Sc. thesis - Aalto University - 100% - 2018

• Enhancing Privacy in IoT Devices through Automated Handling of Ownership ChangeMd Sakib Khan - M.Sc. thesis - Aalto University - 100% - 2017

• Automated Deauthentication using Web Transaction AnalysisRadek Tomsu - M.Sc. thesis - Aalto University - 100% - 2017

• Malicious entity categorization using graph modelingSrinivaasan Gayathri - M.Sc. thesis - Aalto University - 50% - 2016

• Real-time client-side phishing detectionGiovanni Armano - M.Sc. thesis - Aalto University - 100% - 2016

• Phishing target identificationKalle Saari - M.Sc. thesis - Aalto University - 50% - 2015

• Computational efficiency of big data frameworksXiuyan Jiang - M.Sc. thesis - University of Luxembourg - 50% - 2014

• Identification of malicious PDF files using n-gram analysisQuentin Jerome - M.Sc. intern - SnT - 50% - 2012

Publications

Journal Papers

1. S. Marchal, G. Armano, T. Grondahl, K. Saari, N. Singh, and N. Asokan. Off-the-hook: An efficient andusable client-side phishing prevention application. IEEE Transactions on Computers (TC), 66(10):1717–1733,2017 (CORE A*) - (IF: 2.916)

2. S. Marchal, A. Mehta, V. K. Gurbani, R. State, T. K. Ho, and F. Sancier-Barbosa. Mitigating mimicryattacks against the session initiation protocol. IEEE Transactions on Network and Service Management(TNSM), 12(3):467–482, 2015 (IF: 3.134)

3. S. Marchal, J. Francois, R. State, and T. Engel. PhishStorm: Detecting phishing with streaming analytics.IEEE Transactions on Network and Service Management (TNSM), 11(4):458–471, 2014 (IF: 3.134)

Conference Proceedings

4. S. Marchal and N. Asokan. On designing and evaluating phishing webpage detection techniques for the realworld. In 11th USENIX Workshop on Cyber Security Experimentation and Test (CSET 18), pages 1–8, 2018

5. S. Signorello, S. Marchal, J. Francois, O. Festor, et al. Advanced interest flooding attacks in named-datanetworking. In Proceedings of the IEEE International Symposium on Network Computing and Applications(NCA), pages 1–10, 2017 (CORE A)

6. R. Tomsu, S. Marchal, and N. Asokan. Profiling users by modeling web transactions. Proceedings of the IEEEInternational Conference on Distributed Computing Systems (ICDCS), pages 2399–2404, 2017 (CORE A)

7. M. Miettinen, S. Marchal, I. Hafeez, N. Asokan, A.-R. Sadeghi, and S. Tarkoma. IoT Sentinel: Automateddevice-type identification for security enforcement in iot. Proceedings of the IEEE International Conferenceon Distributed Computing Systems (ICDCS), pages 2177–2184, 2017 (CORE A)

8. S. Marchal, K. Saari, N. Singh, and N. Asokan. Know your phish: Novel techniques for detecting phishingsites and their targets. In Proceedings of the IEEE International Conference on Distributed ComputingSystems (ICDCS), pages 323–333, 2016 (CORE A) - (AR: 17%)

9. S. Marchal, J. Francois, R. State, and T. Engel. Phishscore: Hacking phishers’ minds. In Proceedings of theInternational Conference on Network and Service Management (CNSM), pages 46–54, 2014 (CORE B) -(AR: 17%)

10. S. Marchal, X. Jiang, R. State, and T. Engel. A big data architecture for large scale security monitoring. InProceedings of the IEEE International Congress on Big Data (BigData), pages 56–63, 2014 (AR: 19%)

11. S. Marchal, J. Francois, R. State, and T. Engel. Proactive discovery of phishing related domain names. InProceedings of the International Symposium on Research in Attacks, Intrusions and Defenses (RAID), pages190–209, 2012 (CORE A) - (AR: 21%)

12. S. Marchal, J. Francois, C. Wagner, and T. Engel. Semantic exploration of DNS. In Proceedings of the IFIPInternational Conference on Research in Networking (NETWORKING), pages 370–384, 2012 (CORE A) -(AR: 28%)

13. S. Marchal, J. Francois, R. State, and T. Engel. Semantic based DNS forensics. In Proceedings of the IEEEInternational Workshop on Information Forensics and Security (WIFS), pages 91–96, 2012 (AR: 30%)

Short/Poster/Demo Papers

14. M. Miettinen, S. Marchal, I. Hafeez, T. Frassetto, N. Asokan, A.-R. Sadeghi, and S. Tarkoma. IoT Sentineldemo: Automated device-type identification for security enforcement in iot. In Proceedings of the IEEEInternational Conference on Distributed Computing Systems (ICDCS), pages 2511–2514, 2017 (CORE A)

15. C. Hammerschmidt, S. Marchal, R. State, G. Pellegrino, and S. Verwer. Efficient learning of communicationprofiles from ip flow records. In Proceedings of the IEEE Conference on Local Computer Networks (LCN),pages 559–562, 2016 (CORE A)

16. C. Hammerschmidt, S. Marchal, R. State, and S. Verwer. Behavioral clustering of non-stationary ip flowrecord data. In Proceedings of the International Conference on Network and Service Management (CNSM),pages 297–301, 2016 (CORE B)

17. G. Armano, S. Marchal, and N. Asokan. Real-time client-side phishing prevention add-on. In Proceedings ofthe IEEE International Conference on Distributed Computing Systems (ICDCS), pages 777–778, 2016(CORE A)

18. Q. Jerome, S. Marchal, R. State, and T. Engel. Advanced detection tool for pdf threats. In Proceedings of theWorkshop on Data Privacy Management and Autonomous Spontaneous Security (SETOP), pages 300–315,2013

19. S. Marchal, J. Francois, C. Wagner, R. State, A. Dulaunoy, T. Engel, and O. Festor. DNSSM: A large scalepassive dns security monitoring framework. In Proceedings of the IEEE Network Operations and ManagementSymposium (NOMS), pages 988–993, 2012 (CORE B)

20. S. Marchal and T. Engel. Large scale DNS analysis. In Proceedings of the IFIP International Conference onAutonomous Infrastructure, Management and Security (AIMS), pages 151–154, 2012

Technical Reports

21. M. Juuti, S. Szyller, A. Dmitrenko, S. Marchal, and N. Asokan. PRADA: protecting against DNN modelstealing attacks. CoRR, abs/1805.02628, 2018

22. T. D. Nguyen, S. Marchal, M. Miettinen, N. Asokan, and A. Sadeghi. DIoT: A crowdsourced self-learningapproach for detecting compromised iot devices. CoRR, abs/1804.07474, 2018

Language proficiency

• French : Mother Tongue

• English : Fluent

Samuel Marchal - Aalto

Documents

Transcript of Samuel Marchal - Aalto