pr\u00e9sentent<\/p>\n\n\n\n
Autoris\u00e9 \u00e0 pr\u00e9senter ses travaux en vue de l\u2019obtention du Doctorat de l’Institut Polytechnique de Paris, pr\u00e9par\u00e9 \u00e0 T\u00e9l\u00e9com SudParis en :<\/p>\n\n\n\n
le MARDI 10 D\u00e9CEMBRE 2024 \u00e0 14h00<\/p>\n\n\n\n
\u00e0<\/p>\n\n\n\n
Amphith\u00e9\u00e2tre 03 Membres du jury :<\/strong><\/p>\n\n\n\n M. Fr\u00e9d\u00e9ric LEHMANN<\/strong>, Full professor, Institut Polytechnique de Paris , FRANCE – Directeur de these Invit\u00e9 :<\/strong><\/p>\n\n\n\n M. Alexis OLIVEREAU<\/strong>, Ing\u00e9nieur de Recherche, CEA-LIST, Encadrant de th\u00e8se<\/p>\n\n\n\n R\u00e9sum\u00e9 :<\/strong><\/p>\n\n\n\n Face \u00e0 l’escalade de la complexit\u00e9 et \u00e0 la fr\u00e9quence des cyberattaques, cette th\u00e8se propose des approches innovantes pour la d\u00e9tection d’intrusion dans les r\u00e9seaux, en exploitant les capacit\u00e9s avanc\u00e9es des r\u00e9seaux de neurones en graphe (Graph Neural Networks, GNNs) et de nouvelles repr\u00e9sentations sous forme de graphes. Nous commen\u00e7ons par une analyse critique des jeux de donn\u00e9es et des repr\u00e9sentations de r\u00e9seaux actuels, en abordant des questions cl\u00e9s sur leur efficacit\u00e9. Nous introduisons une nouvelle repr\u00e9sentation des flux de communication sous forme de graphes, offrant une plus grande robustesse face aux manipulations de type attaques adversariales (adversarial attacks). Nous pr\u00e9sentons ensuite l\u2019un des premiers syst\u00e8mes de d\u00e9tection d’intrusion utilisant notre repr\u00e9sentation en graphe bas\u00e9e sur les GNNs. Ce syst\u00e8me permet d’\u00e9valuer les comportements malveillants en capturant des motifs complexes souvent ignor\u00e9s par les m\u00e9thodes traditionnelles. Les r\u00e9sultats montrent que notre approche surpasse largement les solutions existantes bas\u00e9es sur l’apprentissage automatique et les GNNs en termes de pr\u00e9cision et de robustesse. Pour relever les d\u00e9fis de la scalabilit\u00e9 et de l’efficacit\u00e9 dans les environnements \u00e0 grande \u00e9chelle, nous introduisons G-DEMIS (\u00ab Graph-based DEcentralized Multi-agent Intrusion detection System \u00bb), un syst\u00e8me multi-agent d\u00e9centralis\u00e9 exploitant les GNNs pour une d\u00e9tection rapide des activit\u00e9s malveillantes. En agr\u00e9geant les informations locales \u00e0 travers le r\u00e9seau, G-DEMIS am\u00e9liore la d\u00e9tection en temps r\u00e9el tout en r\u00e9duisant la consommation d’\u00e9nergie de 58 % et le temps de r\u00e9ponse de 17,13 % par rapport aux approches centralis\u00e9es. Enfin, nous proposons un algorithme innovant pour tracer les chemins de propagation des attaques, aidant \u00e0 identifier les machines compromises dans le contexte des menaces persistantes avanc\u00e9es. Les travaux de cette th\u00e8se permettent non seulement de faire progresser l’\u00e9tat de l’art en mati\u00e8re de d\u00e9tection d’intrusions, mais ouvrent \u00e9galement la voie \u00e0 de nouvelles avanc\u00e9es en cybers\u00e9curit\u00e9. Abstract :<\/strong><\/p>\n\n\n\n In light of the escalating complexity and frequency of cyberattacks, this thesis presents innovative approachs to network intrusion detection that leverages the advanced capabilities of Graph Neural Networks (GNNs) and novel graph-based representations. To lay the foundation for our research, we first conduct a critical review of existing intrusion detection datasets and network representations, focusing on their effectiveness in addressing key research challenges. This thesis presents our insights and analysis of two widely used datasets: ToN IoT and CICIDS 2017, highlighting their strengths and limitations. Our approach introduces a new flow-based graph representation of communication flows, which enhances existing solutions by increasing robustness against adversarial attacks. First, we present one of the pioneering GNN-based intrusion detection systems, which utilizes our graph representation and GNN algorithms to compute maliciousness scores. This system captures complex relational patterns that traditional methods often overlook. Our findings demonstrate that this framework significantly outperforms the current state-of-the-art machine learning and GNN-based solutions in terms of both accuracy and robustness. Additionally, we propose a three-stage intrusion detection system inspired by the Lockheed Martin cyber kill chain, designed to detect advanced multi-step attacks. This system achieved an average F1-score of 94% on the ToN IoT dataset, surpassing traditional random forest models and demonstrating its effectiveness for real-world applications. To address scalability and efficiency challenges in large-scale environments, we introduce G-DEMIS, a Graph-based DEcentralized Multi-agent Intrusion detection System that enhances the use of GNNs for a fast detection of malicious activities. G-DEMIS employs a collaborative approach in which multiple agents monitor different network segments, aggregating local graph information to form a comprehensive view of the network. This framework not only enhances real-time detection capabilities but also reduces energy consumption by 58.08% and detection time by 17.13% compared to centralized models. Finally, we tackle the challenge of defending against Advanced Persistent Threats (APTs) by proposing a novel algorithm for reconstructing attack propagation paths. This algorithm assists engineers in identifying compromised machines following an APT attack by detecting and analyzing anomalous behaviors in the network, tracing the progression of the attack, and providing a detailed understanding of the attack paths. This thesis not only advances the current state of intrusion detection but also lays the foundation for future innovations in cybersecurity.<\/p>\n","protected":false},"excerpt":{"rendered":" L’Ecole doctorale : Ecole Doctorale de l’Institut Polytechnique de Paris et le Laboratoire de recherche SAMOVAR – Services r\u00e9partis, Architectures, Mod\u00e9lisation, Validation, Administration des R\u00e9seaux pr\u00e9sentent l\u2019AVIS DE SOUTENANCE de Monsieur Hamdi FRIJI Autoris\u00e9 \u00e0 pr\u00e9senter ses travaux en vue de l\u2019obtention du Doctorat de l’Institut Polytechnique de Paris, pr\u00e9par\u00e9 \u00e0 T\u00e9l\u00e9com SudParis en : […]<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ocean_post_layout":"","ocean_both_sidebars_style":"","ocean_both_sidebars_content_width":0,"ocean_both_sidebars_sidebars_width":0,"ocean_sidebar":"","ocean_second_sidebar":"","ocean_disable_margins":"enable","ocean_add_body_class":"","ocean_shortcode_before_top_bar":"","ocean_shortcode_after_top_bar":"","ocean_shortcode_before_header":"","ocean_shortcode_after_header":"","ocean_has_shortcode":"","ocean_shortcode_after_title":"","ocean_shortcode_before_footer_widgets":"","ocean_shortcode_after_footer_widgets":"","ocean_shortcode_before_footer_bottom":"","ocean_shortcode_after_footer_bottom":"","ocean_display_top_bar":"default","ocean_display_header":"default","ocean_header_style":"","ocean_center_header_left_menu":"","ocean_custom_header_template":"","ocean_custom_logo":0,"ocean_custom_retina_logo":0,"ocean_custom_logo_max_width":0,"ocean_custom_logo_tablet_max_width":0,"ocean_custom_logo_mobile_max_width":0,"ocean_custom_logo_max_height":0,"ocean_custom_logo_tablet_max_height":0,"ocean_custom_logo_mobile_max_height":0,"ocean_header_custom_menu":"","ocean_menu_typo_font_family":"","ocean_menu_typo_font_subset":"","ocean_menu_typo_font_size":0,"ocean_menu_typo_font_size_tablet":0,"ocean_menu_typo_font_size_mobile":0,"ocean_menu_typo_font_size_unit":"px","ocean_menu_typo_font_weight":"","ocean_menu_typo_font_weight_tablet":"","ocean_menu_typo_font_weight_mobile":"","ocean_menu_typo_transform":"","ocean_menu_typo_transform_tablet":"","ocean_menu_typo_transform_mobile":"","ocean_menu_typo_line_height":0,"ocean_menu_typo_line_height_tablet":0,"ocean_menu_typo_line_height_mobile":0,"ocean_menu_typo_line_height_unit":"","ocean_menu_typo_spacing":0,"ocean_menu_typo_spacing_tablet":0,"ocean_menu_typo_spacing_mobile":0,"ocean_menu_typo_spacing_unit":"","ocean_menu_link_color":"","ocean_menu_link_color_hover":"","ocean_menu_link_color_active":"","ocean_menu_link_background":"","ocean_menu_link_hover_background":"","ocean_menu_link_active_background":"","ocean_menu_social_links_bg":"","ocean_menu_social_hover_links_bg":"","ocean_menu_social_links_color":"","ocean_menu_social_hover_links_color":"","ocean_disable_title":"default","ocean_disable_heading":"default","ocean_post_title":"","ocean_post_subheading":"","ocean_post_title_style":"","ocean_post_title_background_color":"","ocean_post_title_background":0,"ocean_post_title_bg_image_position":"","ocean_post_title_bg_image_attachment":"","ocean_post_title_bg_image_repeat":"","ocean_post_title_bg_image_size":"","ocean_post_title_height":0,"ocean_post_title_bg_overlay":0.5,"ocean_post_title_bg_overlay_color":"","ocean_disable_breadcrumbs":"default","ocean_breadcrumbs_color":"","ocean_breadcrumbs_separator_color":"","ocean_breadcrumbs_links_color":"","ocean_breadcrumbs_links_hover_color":"","ocean_display_footer_widgets":"default","ocean_display_footer_bottom":"default","ocean_custom_footer_template":"","ocean_post_oembed":"","ocean_post_self_hosted_media":"","ocean_post_video_embed":"","ocean_link_format":"","ocean_link_format_target":"self","ocean_quote_format":"","ocean_quote_format_link":"post","ocean_gallery_link_images":"on","ocean_gallery_id":[],"footnotes":""},"categories":[286,543],"tags":[],"class_list":["post-6740","post","type-post","status-publish","format-standard","hentry","category-fractualites-ennews-fr","category-seminaire-istec","entry"],"_links":{"self":[{"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/posts\/6740","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/comments?post=6740"}],"version-history":[{"count":1,"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/posts\/6740\/revisions"}],"predecessor-version":[{"id":6741,"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/posts\/6740\/revisions\/6741"}],"wp:attachment":[{"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/media?parent=6740"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/categories?post=6740"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/tags?post=6740"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
19 place Marguerite Perey – 91120 PALAISEAU
et sur le lien zoom:
https:\/\/telecom-paris.zoom.us\/j\/93441814530?pwd=Mqb8aFD3v1X2B9a1VA5tqITxntj0tu.1<\/a>
ID de r\u00e9union: 934 4181 4530<\/a>
Code secret: 361629<\/p>\n\n\n\n
M. Erol GELENBE<\/strong>, Full professor, Institute of Theoretical and Applied Informatics, Polish Academy of Sciences, POLOGNE – Rapporteur
M. Imed ROMDHANI<\/strong>, Associate Professor, Edinburgh Napier University, ROYAUME-UNI – Rapporteur
M. Fabrice ROSSI<\/strong>, Full professor, Universit\u00e9 Paris Dauphine, FRANCE – Rapporteur
M. Pierre-Francois GIMENEZ<\/strong>, Docteur, INRIA, FRANCE – Examinateur
M. Maxime LABONNE<\/strong>, Docteur, Liquid AI, ETATS-UNIS – Examinateur
Mme Mireille SARKISS<\/strong>, Ma\u00eetre de conf\u00e9rences, Institut Polytechnique de Paris, FRANCE – Co-encadrant de these
M. Rida KHATOUN<\/strong>, Full professor, Institut Polytechnique de Paris, FRANCE – Examinateur<\/p>\n\n\n\n\u00ab D\u00e9tection d’intrusion bas\u00e9e sur les Graph Neural Networks pour la s\u00e9curisation des r\u00e9seaux en p\u00e9riph\u00e9rie \u00bb<\/h2>\n\n\n\n
pr\u00e9sent\u00e9 par Monsieur Hamdi FRIJI<\/h2>\n\n\n\n
<\/p>\n\n\n\n