Search

Your search keyword '"Lahmadi, Abdelkader"' showing total 143 results
Start Over Author "Lahmadi, Abdelkader"

Refine your results

more »

more »

more »

more »
143 results on '"Lahmadi, Abdelkader"'

2. Exploratory Data Analysis of a Network Telescope Traffic and Prediction of Port Probing Rates

Author

Zakroum, Mehdi, Houmz, Abdellah, Ghogho, Mounir, Mezzour, Ghita, Lahmadi, Abdelkader, François, Jérôme, and Koutbi, Mohammed El

Subjects
Computer Science - Cryptography and Security, Computer Science - Artificial Intelligence, Computer Science - Machine Learning
Abstract

Understanding the properties exhibited by large scale network probing traffic would improve cyber threat intelligence. In addition, the prediction of probing rates is a key feature for security practitioners in their endeavors for making better operational decisions and for enhancing their defense strategy skills. In this work, we study different aspects of the traffic captured by a /20 network telescope. First, we perform an exploratory data analysis of the collected probing activities. The investigation includes probing rates at the port level, services interesting top network probers and the distribution of probing rates by geolocation. Second, we extract the network probers exploration patterns. We model these behaviors using transition graphs decorated with probabilities of switching from a port to another. Finally, we assess the capacity of Non-stationary Autoregressive and Vector Autoregressive models in predicting port probing rates as a first step towards using more robust models for better forecasting performance., Comment: IEEE Intelligence and Security Informatics

Published
2018
Full Text
View/download PDF

3. MitM Attack Detection in BLE Networks Using Reconstruction and Classification Machine Learning Techniques

Author

Lahmadi, Abdelkader, Duque, Alexis, Heraief, Nathan, Francq, Julien, Filipe, Joaquim, Editorial Board Member, Ghosh, Ashish, Editorial Board Member, Prates, Raquel Oliveira, Editorial Board Member, Zhou, Lizhu, Editorial Board Member, Koprinska, Irena, editor, Kamp, Michael, editor, Appice, Annalisa, editor, Loglisci, Corrado, editor, Antonie, Luiza, editor, Zimmermann, Albrecht, editor, Guidotti, Riccardo, editor, Özgöbek, Özlem, editor, Ribeiro, Rita P., editor, Gavaldà, Ricard, editor, Gama, João, editor, Adilova, Linara, editor, Krishnamurthy, Yamuna, editor, Ferreira, Pedro M., editor, Malerba, Donato, editor, Medeiros, Ibéria, editor, Ceci, Michelangelo, editor, Manco, Giuseppe, editor, Masciari, Elio, editor, Ras, Zbigniew W., editor, Christen, Peter, editor, Ntoutsi, Eirini, editor, Schubert, Erich, editor, Zimek, Arthur, editor, Monreale, Anna, editor, Biecek, Przemyslaw, editor, Rinzivillo, Salvatore, editor, Kille, Benjamin, editor, Lommatzsch, Andreas, editor, and Gulla, Jon Atle, editor

Published
2020
Full Text
View/download PDF

6. HuMa: A Multi-layer Framework for Threat Analysis in a Heterogeneous Log Environment

Author

Navarro, Julio, Legrand, Véronique, Lagraa, Sofiane, François, Jérôme, Lahmadi, Abdelkader, De Santis, Giulia, Festor, Olivier, Lammari, Nadira, Hamdi, Fayçal, Deruyver, Aline, Goux, Quentin, Allard, Morgan, Parrend, Pierre, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Weikum, Gerhard, Series editor, Imine, Abdessamad, editor, Fernandez, José M., editor, Marion, Jean-Yves, editor, Logrippo, Luigi, editor, and Garcia-Alfaro, Joaquin, editor

Published
2018
Full Text
View/download PDF

7. Performance of Network and Service Monitoring Frameworks

Author

Lahmadi, Abdelkader, Andrey, Laurent, and Festor, Olivier

Subjects
Computer Science - Performance
Abstract

The efficiency and the performance of anagement systems is becoming a hot research topic within the networks and services management community. This concern is due to the new challenges of large scale managed systems, where the management plane is integrated within the functional plane and where management activities have to carry accurate and up-to-date information. We defined a set of primary and secondary metrics to measure the performance of a management approach. Secondary metrics are derived from the primary ones and quantifies mainly the efficiency, the scalability and the impact of management activities. To validate our proposals, we have designed and developed a benchmarking platform dedicated to the measurement of the performance of a JMX manager-agent based management system. The second part of our work deals with the collection of measurement data sets from our JMX benchmarking platform. We mainly studied the effect of both load and the number of agents on the scalability, the impact of management activities on the user perceived performance of a managed server and the delays of JMX operations when carrying variables values. Our findings show that most of these delays follow a Weibull statistical distribution. We used this statistical model to study the behavior of a monitoring algorithm proposed in the literature, under heavy tail delays distribution. In this case, the view of the managed system on the manager side becomes noisy and out of date.

Published
2009

8. SecSip: A Stateful Firewall for SIP-based Networks

Author

Lahmadi, Abdelkader and Festor, Olivier

Subjects
Computer Science - Cryptography and Security, Computer Science - Networking and Internet Architecture
Abstract

SIP-based networks are becoming the de-facto standard for voice, video and instant messaging services. Being exposed to many threats while playing an major role in the operation of essential services, the need for dedicated security management approaches is rapidly increasing. In this paper we present an original security management approach based on a specific vulnerability aware SIP stateful firewall. Through known attack descriptions, we illustrate the power of the configuration language of the firewall which uses the capability to specify stateful objects that track data from multiple SIP elements within their lifetime. We demonstrate through measurements on a real implementation of the firewall its efficiency and performance.

Published
2009

13. Outsourcing Mobile Security in the Cloud

Author

Hurel, Gaëtan, Badonnel, Rémi, Lahmadi, Abdelkader, Festor, Olivier, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Kobsa, Alfred, editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Weikum, Gerhard, editor, Sperotto, Anna, editor, Doyen, Guillaume, editor, Latré, Steven, editor, Charalambides, Marinos, editor, and Stiller, Burkhard, editor

Published
2014
Full Text
View/download PDF

14. HuMa: A Multi-layer Framework for Threat Analysis in a Heterogeneous Log Environment

Author

Navarro, Julio, primary, Legrand, Véronique, additional, Lagraa, Sofiane, additional, François, Jérôme, additional, Lahmadi, Abdelkader, additional, De Santis, Giulia, additional, Festor, Olivier, additional, Lammari, Nadira, additional, Hamdi, Fayçal, additional, Deruyver, Aline, additional, Goux, Quentin, additional, Allard, Morgan, additional, and Parrend, Pierre, additional

Published
2018
Full Text
View/download PDF

16. Multi-Attribute Monitoring for Anomaly Detection: a Reinforcement Learning Approach based on Unsupervised Reward

Author

Said Frikha, Mohamed, Mettali Gammar, Sonia, Lahmadi, Abdelkader, Centre de Recherche Réseau Image SysTème Architecture et MuLtimédia (CRISTAL), École Nationale des Sciences de l'Informatique [Manouba] (ENSI), Université de la Manouba [Tunisie] (UMA)-Université de la Manouba [Tunisie] (UMA), Resilience and Elasticity for Security and ScalabiliTy of dynamic networked systems (RESIST), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Networks, Systems and Services (LORIA - NSS), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), and Lahmadi, Abdelkader

Subjects
[INFO.INFO-AI] Computer Science [cs]/Artificial Intelligence [cs.AI], [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], [INFO.INFO-NI] Computer Science [cs]/Networking and Internet Architecture [cs.NI], Deep Reinforcement Learning, Internet of Things, Outlier detection, Unsupervised Learning, [INFO.INFO-AI]Computer Science [cs]/Artificial Intelligence [cs.AI]
Abstract

International audience; This paper proposes a new method to solve the monitoring and anomaly detection problems of Low-power Internet of Things (IoT) devices. However, their performances are constrained by limited processing, memory, and communication, usually using battery-powered energy. Polling driven mechanisms for monitoring the security, performance, and quality of service of these networks should be efficient and with low overhead, which makes it particularly challenging. The present work proposes the design of a novel method based on a Deep Reinforcement Learning (DRL) algorithm coupled with an Unsupervised Learning reward technique to build a pooling monitoring of IoT networks. This combination makes the network more secure and optimizes predictions of the DRL agent in adaptive environments.

Published
2021

17. Modeling and Performance Evaluation of the Network and Service Management Plane

Author

Lahmadi, Abdelkader, Andrey, Laurent, Festor, Olivier, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Bandara, Arosha K., editor, and Burgess, Mark, editor

Published
2007
Full Text
View/download PDF

18. On the Impact of Management Instrumentation Models on Web Server Performance: A JMX Case Study

Author

Lahmadi, Abdelkader, Ghitescu, Anca, Andrey, Laurent, Festor, Olivier, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Bandara, Arosha K., editor, and Burgess, Mark, editor

Published
2007
Full Text
View/download PDF

19. On Delays in Management Frameworks: Metrics, Models and Analysis

Author

Lahmadi, Abdelkader, Andrey, Laurent, Festor, Olivier, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Nierstrasz, Oscar, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Sudan, Madhu, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Dough, Series editor, Vardi, Moshe Y., Series editor, Weikum, Gerhard, Series editor, State, Radu, editor, van der Meer, Sven, editor, O’Sullivan, Declan, editor, and Pfeifer, Tom, editor

Published
2006
Full Text
View/download PDF

20. Caractérisation et diagnostic des applications de cloud gaming sur réseaux mobiles

Author

Ky, Joël, Mathieu, Bertrand, Lahmadi, Abdelkader, Boutaba, Raouf, Orange Labs [Lannion], France Télécom, Resilience and Elasticity for Security and ScalabiliTy of dynamic networked systems (RESIST), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Networks, Systems and Services (LORIA - NSS), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), David R. Cheriton School of Computer Science, University of Waterloo [Waterloo], and ANR-19-CE25-0012,MOSAICO,Orchestration multi couches pour les applications à faible latence et sécurisées(2019)

Subjects
[INFO]Computer Science [cs]
Abstract

International audience; Low-latency applications (cloud-gaming, cloud-robotics, metaverse...) have soared with the rapid evolution of Internet. Current network capacities (especially time-varying capacity networks like 4G/5G networks) struggle to ensure user QoE (Quality of Experience). There is therefore a need to collect, identify and analyze metrics specific to low-latency applications in network equipment (switches, base stations, UEs...) for efficient troubleshooting of user QoE degradation purposes.

Published
2022

21. On the Impact of Management on the Performance of a Managed System: A JMX-Based Management Case Study

Author

Lahmadi, Abdelkader, Andrey, Laurent, Festor, Olivier, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Nierstrasz, Oscar, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Sudan, Madhu, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Dough, Series editor, Vardi, Moshe Y., Series editor, Weikum, Gerhard, Series editor, Schönwälder, Jürgen, editor, and Serrat, Joan, editor

Published
2005
Full Text
View/download PDF

22. Computer-implemented method for testing the cybersecurity of a target environment

Author

Lahmadi, Abdelkader, François, Jérôme, Beck, Frédéric, Resilience and Elasticity for Security and ScalabiliTy of dynamic networked systems (RESIST), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Networks, Systems and Services (LORIA - NSS), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), and Institut National de Recherche en Informatique et en Automatique (Inria)

Subjects
[INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR]
Published
2022

25. Automated mapping of CVE vulnerabilties to MITRE ATT&CK Framework

Author

Baccar, Karim, Lahmadi, Abdelkader, Beck, Frédéric, Resilience and Elasticity for Security and ScalabiliTy of dynamic networked systems (RESIST), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Networks, Systems and Services (LORIA - NSS), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), Service Expérimentation et Développement [Nancy] (SED), Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria), Tekup, and Khaled Jerbi

Subjects
Machine Learning, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], Deep Learning, [INFO]Computer Science [cs], [INFO.INFO-NE]Computer Science [cs]/Neural and Evolutionary Computing [cs.NE], MITRE ATT&CK, Natural Language Processing, [INFO.INFO-AI]Computer Science [cs]/Artificial Intelligence [cs.AI]
Abstract

National audience; This report is the synthesis of our work carried out within the INRIA research laboratory. The main objective of this project is to automate the mapping of the vulnerability database of MITRE CVE to the MITRE ATT&CK framework which is a set of knowledge base of tactics and techniques used incomputer attacks. We implemented in this project an approach which is based on machine learning, as well as Natural Language Processing(NLP) to be able to process the textual data of the vulnerabilities and thus classify them through a classification algorithm. We also detailed the techniques used such as the pre-processing and post-processing methods implemented in order to improve the datasets quality and to therefore improve the prediction performance.; Ce rapport est le synthèse de notre travail réalisé au sein du Laboratoire de recherche INRIA. L’objectif principal de ce projet est d’automtiser le mapping de la base de données de vulnerabilités de MITRE CVE vers le framework MITRE ATT&CK qui est un ensemble de base de connaissances des tactiques et techniques utilisées dans les attaques informatique. Nous avons implémenté dans ce projet une approche qui sera basée sur l’apprentissage automatique ainsi que les techniques de traitement automatique de langues (NLP) pour pouvoir traiter les données textuelles des vulnerabilités et les classifier a travers un algorithme de classification. Nous avons également détaillé la méthodologie utilisée ainsi que lestraitements appliqués afin d’analyser les jeux de données et améliorer la prédiction.

Published
2021

26. TANGLED: A Cooperative Anycast Testbed

Author

Bertholdo, Leandro Marcio, Ceron, Joao Marcelo, de Vries, Wouter B., Schmitt, Ricardo de O., Granville, Lisandro Zambenedetti, van Rijswijk - Deij, Roland Martijn, Pras, Aiko, Ahmed, Toufik, Festor, Olivier, Ghamri-Doudane, Yacine, Kang, Joon-Myung, Schaeffer-Filho, Alberto E., Lahmadi, Abdelkader, Madeira, Edmundo, Design and Analysis of Communication Systems, and Digital Society Institute

Subjects
Routing Management, Testing networks, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Configuration Management, 22/1 OA procedure, Anycast Network, Network Measurement
Abstract

Anycast routing has attracted interest in recent years as a technology for CDNs and anti-DDoS services. Most anycast studies conducted in the past relied on coarse measurement data, or are subjected to the collaboration of a global player affecting the experiment flexibility. In this paper, we present TANGLED, an anycast testbed where researchers can run experiments and better understand the impacts of their proposals on a global infrastructure. We also share our hand-on experience validating transit providers routing configurations. Our testbed offers a flexible and complete testing environment to evaluate the routing behavior of anycast networks in the wild. We provided tools that allow users to customize and reconFigure the anycast network, perform experiments, do active measurements, and collect data by using a platform specially designed for. The deployed infrastructure was designed to create industry and academy cooperation. TANGLED enables researchers to answer your research questions while allows transit providers to validate the implementation of complex routing agreements.

Published
2021

27. HSL: a Cyber Security Research Facility for Sensitive Data Experiments

Author

Beck, Frédéric, Lahmadi, Abdelkader, François, Jérôme, Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria), Resilience and Elasticity for Security and ScalabiliTy of dynamic networked systems (RESIST), Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Networks, Systems and Services (LORIA - NSS), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL), This work was supported in part by the CPER funding, and the ThreatPredict project funded by NATO., Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), and Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)

Subjects
reproducible experiments, [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], cybersecurity, research facility
Abstract

International audience; Cybersecurity experiments that involve private data or malware samples require controlled environments and an appropriate facility to collect and characterise them, or understand their operations without compromising the security of these data and the hosting institution. Using such facilities allows the researchers to carry reproducible and long term research activities in a safe environment, without worrying about side effects or loss of data. In this paper, we detail the design of a cybersecurity facility to carry such experiments, including malware collection and analysis, network telescopes and honeypots, or hosting critical services. The facility, aka High Security Lab (HSL), is running since 2010, and is widely used by multiple research groups to carry sensitive data cybersecurity experiments. It includes an evolving infrastructure with tools and processes for building and running long-term and reproducible cyber security experiments. We report on our experience and lessons learned from the design, the setup and the evolution of this facility during 10 years while focusing on major cybersecurity experiments that have been conducted by researchers.

Published
2021

28. Practical security analysis of IoT devices

Author

Lahmadi, Abdelkader, Beck, Frédéric, Resilience and Elasticity for Security and ScalabiliTy of dynamic networked systems (RESIST), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Networks, Systems and Services (LORIA - NSS), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL), Institut National de Recherche en Informatique et en Automatique (Inria), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), and Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)

Subjects
[INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], ComputingMilieux_MISCELLANEOUS
Abstract

International audience

Published
2021

33. CONTAIN: Privacy-oriented Contact Tracing Protocols for Epidemics

Author

Ahmed, Toufik, Festor, Olivier, Ghamri-Doudane, Yacine, Kang, Joon-Myung, Schaeffer-Filho, Alberto E., Lahmadi, Abdelkader, Madeira, Edmundo, Hekmati, Arvin, Ramachandran, Gowri, Krishnamachari, Bhaskar, Ahmed, Toufik, Festor, Olivier, Ghamri-Doudane, Yacine, Kang, Joon-Myung, Schaeffer-Filho, Alberto E., Lahmadi, Abdelkader, Madeira, Edmundo, Hekmati, Arvin, Ramachandran, Gowri, and Krishnamachari, Bhaskar

Abstract

Public health agencies advocate the use of contact tracing procedures to deal with pandemics such as COVID-19 to prevent the infection of a vast population. Although several mobile applications have been developed previously for contact tracing, they typically require collection of privacy-intrusive information such as GPS locations, personal data, or require infrastructures such as WiFi APs. In this paper, we introduce CONTAIN, an early proposal for privacy-sensitive contact tracing. CONTAIN is a privacy-oriented bluetooth-based mobile digital contact tracing framework that does not rely on any infrastructure-based location sensing, nor the continuous logging of personally identifiable information. The goal of CONTAIN is to allow users to determine with complete privacy if and when they have been within a short distance of someone that is infected. We identify and prove the privacy guarantees provided by CONTAIN. We also present a simulation study utilizing an empirical trace dataset which shows that users can maximize their possibility of identifying if they were near an infected user by turning on the app in more crowded settings.

Published
2021

42. Minimizing Range Rules for Packet Filtering Using a Double Mask Representation

Author

Abboud, Ahmad, Lahmadi, Abdelkader, Rusinowitch, Michaël, Couceiro, Miguel, Bouhoula, Adel, Resilience and Elasticity for Security and ScalabiliTy of dynamic networked systems (RESIST), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Networks, Systems and Services (LORIA - NSS), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), Proof techniques for security protocols (PESTO), Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Formal Methods (LORIA - FM), Knowledge representation, reasonning (ORPAILLEUR), Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Natural Language Processing & Knowledge Discovery (LORIA - NLPKD), and Ecole supérieure des communications de Tunis (SUP'COM [TUNIS])

Subjects
Computer Science::Sound, Astrophysics::Instrumentation and Methods for Astrophysics, [INFO]Computer Science [cs]
Abstract

International audience; In this work, we introduce a novel representation of packet filtering rules, so called double masks, where the first mask is used as an inclusion prefix and the second one for exclusion. An efficient algorithm is developed to compute a set of double masks for a given range.

Published
2019

43. Rule-Based Synthesis of Chains of Security Functions for Software-Defined Networks

Author

Schnepf, Nicolas, Badonnel, Rémi, Lahmadi, Abdelkader, Merz, Stephan, Resilience and Elasticity for Security and ScalabiliTy of dynamic networked systems (RESIST), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Networks, Systems and Services (LORIA - NSS), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL), Modeling and Verification of Distributed Algorithms and Systems (VERIDIS), Max-Planck-Institut für Informatik (MPII), Max-Planck-Gesellschaft-Max-Planck-Gesellschaft-Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Formal Methods (LORIA - FM), Proof-oriented development of computer-based systems (MOSEL), Department of Formal Methods (LORIA - FM), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria), Management of dynamic networks and services (MADYNES), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), and Badonnel, Rémi

Subjects
[INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], Security Management, [INFO.INFO-NI] Computer Science [cs]/Networking and Internet Architecture [cs.NI], [INFO.INFO-FL]Computer Science [cs]/Formal Languages and Automata Theory [cs.FL], Android, Rule-Based Programming, Rule- Based Programming, An- droid, Software-Defined Networking
Abstract

Software-defined networks (SDN) offer a high degree of programmability for handling and forwarding packets. In particular, they allow network administrators to combine different security functions, such as firewalls, intrusion detection systems, and external services, into security chains designed to prevent or mitigate attacks against end user applications. These chains can benefit from formal techniques for their automated construction and verification. We propose in this paper a rule-based system for automating the composition and configuration of such chains for Android applications. Given the network characterization of an application and the set of permissions it requires, our rules construct an abstract representation of a custom security chain. This representation is then translated into a concrete implementation of the chain in pyretic, a domain-specific language for programming SDN controllers. We prove that the chains produced by our rules satisfy a number of correctness properties such as the absence of black holes or loops, and shadowing freedom, and that they are coherent with the underlying security policy., Electronic Communications of the EASST, Volume 76: Automated Verification of Critical Systems 2018 (AVoCS 2018)

Published
2019
Full Text
View/download PDF

44. Minimizing Range Rules for Packet Filtering Using Double Mask Representation

Author

Abboud, Ahmad, Lahmadi, Abdelkader, Rusinowitch, Michaël, Couceiro, Miguel, Bouhoula, Adel, Awainia, Saif El Hakk, Ayadi, Mondher, Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), Resilience and Elasticity for Security and ScalabiliTy of dynamic networked systems (RESIST), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Networks, Systems and Services (LORIA - NSS), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), Proof techniques for security protocols (PESTO), Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Formal Methods (LORIA - FM), Knowledge representation, reasonning (ORPAILLEUR), Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Natural Language Processing & Knowledge Discovery (LORIA - NLPKD), Ecole supérieure des communications de Tunis (SUP'COM [TUNIS]), and NUMERYX

Subjects
[INFO]Computer Science [cs]
Abstract

Packet filtering is widely used in multiple networking appliances and applications, in particular, to block malicious traffic (protect network infrastructures through fire-walls and intrusion detection systems) and to be deployed on routers, switches and load balancers for packet classification. This mechanism relies on the packet's header fields to filter such traffic by using range rules of IP addresses or ports. However, the set of packet filters has to handle a growing number of connected nodes and many of them are compromised and used as sources of attacks. For instance, IP filter sets available in blacklists may reach several millions of entries, and may require large memory space for their storage in filtering appliances. In this paper, we propose a new method based on a double mask IP prefix representation together with a linear transformation algorithm to build a minimized set of range rules. We define formally the double mask representation over range rules and we prove that the number of required masks for any range is at most 2w − 4, where w is the length of a field. This representation makes the network more secure, reliable and easy to maintain and configure. We define formally the double mask representation over range rules. We show empirically that the proposed method achieves an average compression ratio of 11% on real-life blacklists and up to 74% on synthetic range rule sets.Finally, we add support of double mask into a real SDN network.

Published
2019

45. Automated Factorization of Security Chains in Software-Defined Networks

Author

Schnepf, Nicolas, Badonnel, Rémi, Lahmadi, Abdelkader, Merz, Stephan, Resilience and Elasticity for Security and ScalabiliTy of dynamic networked systems (RESIST), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Networks, Systems and Services (LORIA - NSS), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), Modeling and Verification of Distributed Algorithms and Systems (VERIDIS), Max-Planck-Institut für Informatik (MPII), Max-Planck-Gesellschaft-Max-Planck-Gesellschaft-Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Formal Methods (LORIA - FM), Proof-oriented development of computer-based systems (MOSEL), Department of Formal Methods (LORIA - FM), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Max-Planck-Institut für Informatik (MPII), and Max-Planck-Gesellschaft-Max-Planck-Gesellschaft

Subjects
[INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], Security Management, Merging Methods, Software-Defined Networking, Chain Synthesis
Abstract

International audience; Software-defined networking (SDN) offers new perspectives with respect to the programmability of networks and services. In particular in the area of security management, it may serve as a support for building and deploying security chains in order to protect devices that may have limited resources. These security chains are typically composed of different security functions, such as firewalls, intrusion detection systems, or data leakage prevention mechanisms. In previous work, we suggested the use of techniques for learning automata as a basis for generating security chains. However, the complexity and the high number of these chains induce significant deployment and orchestration costs. In this paper, we propose and evaluate algorithms for merging and simplifying these security chains in software-defined networks, while keeping acceptable accuracy. We first describe the overall system supporting the generation and factorization of the security chains. We then present the different algorithms supporting their merging, and finally we evaluate the solution through an extensive set of experiments.

Published
2019

46. A Tool Suite for the Automated Synthesis of Security Function Chains

Author

Schnepf, Nicolas, Badonnel, Rémi, Lahmadi, Abdelkader, Merz, Stephan, Resilience and Elasticity for Security and ScalabiliTy of dynamic networked systems (RESIST), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Networks, Systems and Services (LORIA - NSS), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL), Modeling and Verification of Distributed Algorithms and Systems (VERIDIS), Max-Planck-Institut für Informatik (MPII), Max-Planck-Gesellschaft-Max-Planck-Gesellschaft-Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Formal Methods (LORIA - FM), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), and Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)

Subjects
[INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI]
Abstract

International audience; Software-defined networking may serve as a support for the elaboration of security chains capable of protecting end-userdevices. These chains may be composed of different security functions, such as firewalls and intrusion detection systems.This demonstration showcases a tool suite for automating such a generation, from the learning of the behavior of applications, to the factoring and instanciation of security chains.

Published
2019

47. Verifying Security Requirements of an IoT device using SCUBA Tool Suite

Author

Beck, Frédéric, François, Jérôme, Lacour, Thomas, Lahmadi, Abdelkader, Service Expérimentation et Développement [Nancy] (SED), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria), Resilience and Elasticity for Security and ScalabiliTy of dynamic networked systems (RESIST), Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Networks, Systems and Services (LORIA - NSS), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), Inria Nancy - Grand Est (Villers-lès-Nancy, France), In collaboration with Red Alert Labs, Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL), and Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)

Subjects
[INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR]
Published
2018

48. Security Analysis of Internet of Things Devices: Hands-on lab

Author

Lahmadi, Abdelkader, Beck, Frédéric, Resilience and Elasticity for Security and ScalabiliTy of dynamic networked systems (RESIST), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Networks, Systems and Services (LORIA - NSS), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), Laboratoire de Haute Sécurité (LHS - Inria), Institut National de Recherche en Informatique et en Automatique (Inria)-Direction générale de l'Armement (DGA), and Institut National de Recherche en Informatique et en Automatique (Inria)

Subjects
[INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], ComputingMilieux_MISCELLANEOUS
Abstract

International audience

Published
2018

49. OMMA: open architecture for Operator-guided Monitoring of Multi-step Attacks

Author

LAGRAA, Sofiane, FRANÇOIS, Jérôme, LAHMADI, Abdelkader, DE SANTIS, Giulia, FESTOR, Olivier, LAMMARI, Nadira, HAMDI, Fayçal, GOUX, Quentin, ALLARD, Morgan, NAVARRO, Julio, LEGRAND, Véronique, DERUYVER, Aline, PARREND, Pierre, Sécurité Défense, Research Team, Laboratoire des sciences de l'ingénieur, de l'informatique et de l'imagerie (ICube), École Nationale du Génie de l'Eau et de l'Environnement de Strasbourg (ENGEES)-Université de Strasbourg (UNISTRA)-Institut National des Sciences Appliquées - Strasbourg (INSA Strasbourg), Institut National des Sciences Appliquées (INSA)-Institut National des Sciences Appliquées (INSA)-Institut National de Recherche en Informatique et en Automatique (Inria)-Les Hôpitaux Universitaires de Strasbourg (HUS)-Centre National de la Recherche Scientifique (CNRS)-Matériaux et Nanosciences Grand-Est (MNGE), Université de Strasbourg (UNISTRA)-Université de Haute-Alsace (UHA) Mulhouse - Colmar (Université de Haute-Alsace (UHA))-Institut National de la Santé et de la Recherche Médicale (INSERM)-Institut de Chimie du CNRS (INC)-Centre National de la Recherche Scientifique (CNRS)-Université de Strasbourg (UNISTRA)-Université de Haute-Alsace (UHA) Mulhouse - Colmar (Université de Haute-Alsace (UHA))-Institut National de la Santé et de la Recherche Médicale (INSERM)-Institut de Chimie du CNRS (INC)-Centre National de la Recherche Scientifique (CNRS)-Réseau nanophotonique et optique, Université de Strasbourg (UNISTRA)-Université de Haute-Alsace (UHA) Mulhouse - Colmar (Université de Haute-Alsace (UHA))-Centre National de la Recherche Scientifique (CNRS)-Université de Strasbourg (UNISTRA)-Centre National de la Recherche Scientifique (CNRS), Centre d'études et de recherche en informatique et communications (CEDRIC), Ecole Nationale Supérieure d'Informatique pour l'Industrie et l'Entreprise (ENSIIE)-Conservatoire National des Arts et Métiers [CNAM] (CNAM), HESAM Université - Communauté d'universités et d'établissements Hautes écoles Sorbonne Arts et métiers université (HESAM)-HESAM Université - Communauté d'universités et d'établissements Hautes écoles Sorbonne Arts et métiers université (HESAM), Institut National des Sciences Appliquées - Strasbourg (INSA Strasbourg), Institut National des Sciences Appliquées (INSA)-Institut National des Sciences Appliquées (INSA)-Université de Strasbourg (UNISTRA)-Centre National de la Recherche Scientifique (CNRS)-École Nationale du Génie de l'Eau et de l'Environnement de Strasbourg (ENGEES)-Réseau nanophotonique et optique, Centre National de la Recherche Scientifique (CNRS)-Université de Strasbourg (UNISTRA)-Université de Haute-Alsace (UHA) Mulhouse - Colmar (Université de Haute-Alsace (UHA))-Centre National de la Recherche Scientifique (CNRS)-Université de Strasbourg (UNISTRA)-Université de Haute-Alsace (UHA) Mulhouse - Colmar (Université de Haute-Alsace (UHA))-Matériaux et nanosciences d'Alsace (FMNGE), Institut de Chimie du CNRS (INC)-Université de Strasbourg (UNISTRA)-Université de Haute-Alsace (UHA) Mulhouse - Colmar (Université de Haute-Alsace (UHA))-Institut National de la Santé et de la Recherche Médicale (INSERM)-Centre National de la Recherche Scientifique (CNRS)-Institut de Chimie du CNRS (INC)-Université de Strasbourg (UNISTRA)-Institut National de la Santé et de la Recherche Médicale (INSERM)-Centre National de la Recherche Scientifique (CNRS), HESAM Université (HESAM)-HESAM Université (HESAM), Institut National des Sciences Appliquées (INSA)-Institut National des Sciences Appliquées (INSA)-Centre National de la Recherche Scientifique (CNRS)-Matériaux et nanosciences d'Alsace (FMNGE), Institut de Chimie du CNRS (INC)-Université de Strasbourg (UNISTRA)-Université de Haute-Alsace (UHA) Mulhouse - Colmar (Université de Haute-Alsace (UHA))-Institut National de la Santé et de la Recherche Médicale (INSERM)-Centre National de la Recherche Scientifique (CNRS)-Institut de Chimie du CNRS (INC)-Université de Strasbourg (UNISTRA)-Université de Haute-Alsace (UHA) Mulhouse - Colmar (Université de Haute-Alsace (UHA))-Institut National de la Santé et de la Recherche Médicale (INSERM)-Centre National de la Recherche Scientifique (CNRS)-Réseau nanophotonique et optique, and Centre National de la Recherche Scientifique (CNRS)-Université de Strasbourg (UNISTRA)-Université de Haute-Alsace (UHA) Mulhouse - Colmar (Université de Haute-Alsace (UHA))-Centre National de la Recherche Scientifique (CNRS)-Université de Strasbourg (UNISTRA)

Subjects
lcsh:Computer engineering. Computer hardware, Process (engineering), Computer science, [SHS.SOCIO] Humanities and Social Sciences/Sociology, Distributed computing, [SHS.INFO]Humanities and Social Sciences/Library and information sciences, 0211 other engineering and technologies, lcsh:TK7885-7895, 02 engineering and technology, computer.software_genre, lcsh:QA75.5-76.95, [SHS.INFO] Humanities and Social Sciences/Library and information sciences, [SHS]Humanities and Social Sciences, Set (abstract data type), Multi-stage attacks, 0202 electrical engineering, electronic engineering, information engineering, Open architecture, Event correlation, 021110 strategic, defence & security studies, [SHS.SOCIO]Humanities and Social Sciences/Sociology, biology, Collaborative engineering, Ant colony optimization algorithms, 020206 networking & telecommunications, Network security, biology.organism_classification, Networksecurity, [SHS.SCIPO]Humanities and Social Sciences/Political science, Computer Science Applications, Signal Processing, Intrusion detection systems, Malware, [SHS.GESTION]Humanities and Social Sciences/Business administration, lcsh:Electronic computers. Computer science, [SHS] Humanities and Social Sciences, [SHS.GESTION] Humanities and Social Sciences/Business administration, Omma, computer, [SHS.SCIPO] Humanities and Social Sciences/Political science, Advanced persistent threats
Abstract

International audience; Current attacks are complex and stealthy. The recent WannaCry malware campaign demonstrates that this is true notonly for targeted operations, but also for massive attacks. Complex attacks can only be described as a set ofindividual actions composing a global strategy. Most of the time, different devices are involved in the same attackscenario. Information about the events recorded in these devices can be collected in the shape of logs in a centralsystem, where an automatic search of threat traces can be implemented. Much has been written about automaticevent correlation to detect multi-step attacks but the proposed methods are rarely brought together in the sameplatform. In this paper, we propose OMMA (Operator-guided Monitoring of Multi-step Attacks), an open andcollaborative engineering system which offers a platform to integrate the methods developed by the multi-stepattack detection research community. Inspired by a HuMa access (Navarro et al., HuMa: A multi-layer framework forthreat analysis in a heterogeneous log environment, 2017) and Knowledge and Information Logs-based System(Legrand et al., Vers une architecture «big-data» bio-inspirée pour la détection d’anomalie des SIEM, 2014) systems,OMMA incorporates real-time feedback from human experts, so the integrated methods can improve theirperformance through a learning process. This feedback loop is used by Morwilog, an Ant Colony Optimization-basedanalysis engine that we show as one of the first methods to be integrated in OMMA.

Published
2018

Catalog

Books, media, physical & digital resources
See catalog results