https:\/\/webconf.imt.fr\/frontend\/her-dkl-zx5-md3<\/a>
T\u00e9l\u00e9com SudParis 19 place Marguerite Perey 91120 Palaiseau France<\/p>\n\n\n\nMembres du jury :<\/strong><\/p>\n\n\n\nM. Herv\u00e9 DEBAR<\/strong>, Professeur, T\u00e9l\u00e9com SudParis, FRANCE – Directeur de these
M. Micha\u00ebl HAUSPIE<\/strong>, Ma\u00eetre de conf\u00e9rences, Universit\u00e9 de Lille, FRANCE – Rapporteur
Mme Isabelle CHRISMENT<\/strong>, Professeure, Universit\u00e9 de Lorraine, FRANCE – Examinateur
M. Vincent NICOMETTE<\/strong>, Professeur, INSA de Toulouse, FRANCE – Examinateur
M. Ludovic M\u00c9<\/strong>, Chercheur contractuel, HDR, Inria, FRANCE – Rapporteur<\/p>\n\n\n\n\u00ab Mod\u00e9lisation de syst\u00e8mes de leurres complexes \u00bb<\/h2>\n\n\n\npr\u00e9sent\u00e9 par Monsieur Marwan ABBAS ESCRIBANO<\/h2>\n\n\n\n
R\u00e9sum\u00e9 :<\/strong><\/p>\n\n\n\nL\u2019emploi de leurres et de techniques de d\u00e9ception pour la cybers\u00e9curit\u00e9 est tr\u00e8s pr\u00e9sent dans la litt\u00e9rature, m\u00eame s\u2019il reste relativement peu employ\u00e9 dans l\u2019industrie malgr\u00e9 des progr\u00e8s dans la virtualisation des syst\u00e8mes et des architectures. Il est possible aujourd\u2019hui de d\u00e9ployer des leurres pour d\u00e9tecter des attaquants et analyser leur proc\u00e9d\u00e9s, mais se d\u00e9ploiement se fait au niveau individuel, avec un approche restreinte : un leurre simulant un ou plusieurs services est positionn\u00e9 au sein d\u2019un p\u00e9rim\u00e8tre \u00e0 d\u00e9fendre. Cette approche au cas par cas rend difficilement g\u00e9n\u00e9ralisable le d\u00e9ploiement et l\u2019analyse de donn\u00e9es issues des leurres. Dans cette th\u00e8se, nous avons cherch\u00e9 \u00e0 construire un mod\u00e8le de leurre qui permet de d\u00e9crire ceux-ci de fa\u00e7on claire et d\u00e9taill\u00e9e et \u00e0 tester la faisabilit\u00e9 et l\u2019efficacit\u00e9 des leurres b\u00e2tis selon celui-ci . Nous pr\u00e9sentons en premier notre mod\u00e8le ainsi que ses diff\u00e9rentes composantes. Il se base en particulier sur la matrice MITRE ATT&CK qui nous permet une approche novatrice en construisant nos leurres \u00e0 partir de possibilit\u00e9s d\u2019attaque offertes aux attaquants, en simulant toute une cyberkillchain plut\u00f4t que de simples vuln\u00e9rabilit\u00e9s. Nous avons ensuite cherch\u00e9 \u00e0 v\u00e9rifier la faisabilit\u00e9 de notre mod\u00e8le en construisant un r\u00e9seau de leurres en nous basant sur notre mod\u00e8le, puis avons test\u00e9 l\u2019efficacit\u00e9 de ces leurres pour l\u2019analyse de donn\u00e9es d\u2019attaque en les d\u00e9ployant dans deux contextes diff\u00e9rents. Nous avons d\u00e9montr\u00e9 que nos leurres sont efficaces \u00e0 l\u2019heure d\u2019attirer des attaquants et d\u2019obtenir des donn\u00e9es d\u2019analyse exploitables.<\/p>\n\n\n\n
Abstract :<\/strong><\/p>\n\n\n\nThe use of decoys and deception techniques in cybersecurity is well documented in the literature, although it is not widespread used in industry despite advances in system and architecture virtualization. It is possible today to deploy decoys to detect attackers and analyze their processes, but deployment is done on an individual level, with a restricted approach: a decoy simulating one or more services is positioned within a perimeter to be defended. This case-by-case approach makes it difficult to generalize the deployment and analysis of decoy data. In this thesis, we set out to build a decoy model that provides a clear and detailed description of decoys, and to test the feasibility and effectiveness of decoys based on this model. We first present our model and its various components. In particular, it is based on the MITRE ATT&CK matrix, which enables us to take an innovative approach by building our decoys from attack possibilities offered to attackers, simulating an entire cyberkillchain rather than just vulnerabilities. We then sought to verify the feasibility of our model by building a network of decoys based on our model, and tested the effectiveness of these decoys for analyzing attack data by deploying them in two different contexts. We demonstrated that our decoys are effective in attracting attackers and obtaining exploitable analysis data.<\/p>\n","protected":false},"excerpt":{"rendered":"
L’Ecole doctorale : Ecole Doctorale de l’Institut Polytechnique de Paris et le Laboratoire de recherche SAMOVAR – Services r\u00e9partis, Architectures, Mod\u00e9lisation, Validation, Administration des R\u00e9seaux pr\u00e9sentent l\u2019AVIS DE SOUTENANCE de Monsieur Marwan ABBAS ESCRIBANO Autoris\u00e9 \u00e0 pr\u00e9senter ses travaux en vue de l\u2019obtention du Doctorat de l’Institut Polytechnique de Paris, pr\u00e9par\u00e9 \u00e0 T\u00e9l\u00e9com SudParis en […]<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ocean_post_layout":"","ocean_both_sidebars_style":"","ocean_both_sidebars_content_width":0,"ocean_both_sidebars_sidebars_width":0,"ocean_sidebar":"","ocean_second_sidebar":"","ocean_disable_margins":"enable","ocean_add_body_class":"","ocean_shortcode_before_top_bar":"","ocean_shortcode_after_top_bar":"","ocean_shortcode_before_header":"","ocean_shortcode_after_header":"","ocean_has_shortcode":"","ocean_shortcode_after_title":"","ocean_shortcode_before_footer_widgets":"","ocean_shortcode_after_footer_widgets":"","ocean_shortcode_before_footer_bottom":"","ocean_shortcode_after_footer_bottom":"","ocean_display_top_bar":"default","ocean_display_header":"default","ocean_header_style":"","ocean_center_header_left_menu":"","ocean_custom_header_template":"","ocean_custom_logo":0,"ocean_custom_retina_logo":0,"ocean_custom_logo_max_width":0,"ocean_custom_logo_tablet_max_width":0,"ocean_custom_logo_mobile_max_width":0,"ocean_custom_logo_max_height":0,"ocean_custom_logo_tablet_max_height":0,"ocean_custom_logo_mobile_max_height":0,"ocean_header_custom_menu":"","ocean_menu_typo_font_family":"","ocean_menu_typo_font_subset":"","ocean_menu_typo_font_size":0,"ocean_menu_typo_font_size_tablet":0,"ocean_menu_typo_font_size_mobile":0,"ocean_menu_typo_font_size_unit":"px","ocean_menu_typo_font_weight":"","ocean_menu_typo_font_weight_tablet":"","ocean_menu_typo_font_weight_mobile":"","ocean_menu_typo_transform":"","ocean_menu_typo_transform_tablet":"","ocean_menu_typo_transform_mobile":"","ocean_menu_typo_line_height":0,"ocean_menu_typo_line_height_tablet":0,"ocean_menu_typo_line_height_mobile":0,"ocean_menu_typo_line_height_unit":"","ocean_menu_typo_spacing":0,"ocean_menu_typo_spacing_tablet":0,"ocean_menu_typo_spacing_mobile":0,"ocean_menu_typo_spacing_unit":"","ocean_menu_link_color":"","ocean_menu_link_color_hover":"","ocean_menu_link_color_active":"","ocean_menu_link_background":"","ocean_menu_link_hover_background":"","ocean_menu_link_active_background":"","ocean_menu_social_links_bg":"","ocean_menu_social_hover_links_bg":"","ocean_menu_social_links_color":"","ocean_menu_social_hover_links_color":"","ocean_disable_title":"default","ocean_disable_heading":"default","ocean_post_title":"","ocean_post_subheading":"","ocean_post_title_style":"","ocean_post_title_background_color":"","ocean_post_title_background":0,"ocean_post_title_bg_image_position":"","ocean_post_title_bg_image_attachment":"","ocean_post_title_bg_image_repeat":"","ocean_post_title_bg_image_size":"","ocean_post_title_height":0,"ocean_post_title_bg_overlay":0.5,"ocean_post_title_bg_overlay_color":"","ocean_disable_breadcrumbs":"default","ocean_breadcrumbs_color":"","ocean_breadcrumbs_separator_color":"","ocean_breadcrumbs_links_color":"","ocean_breadcrumbs_links_hover_color":"","ocean_display_footer_widgets":"default","ocean_display_footer_bottom":"default","ocean_custom_footer_template":"","ocean_post_oembed":"","ocean_post_self_hosted_media":"","ocean_post_video_embed":"","ocean_link_format":"","ocean_link_format_target":"self","ocean_quote_format":"","ocean_quote_format_link":"post","ocean_gallery_link_images":"on","ocean_gallery_id":[],"footnotes":""},"categories":[286,603],"tags":[],"class_list":["post-6545","post","type-post","status-publish","format-standard","hentry","category-fractualites-ennews-fr","category-seminaire-scn","entry"],"_links":{"self":[{"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/posts\/6545","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/comments?post=6545"}],"version-history":[{"count":1,"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/posts\/6545\/revisions"}],"predecessor-version":[{"id":6546,"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/posts\/6545\/revisions\/6546"}],"wp:attachment":[{"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/media?parent=6545"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/categories?post=6545"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/tags?post=6545"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}