L’Ecole doctorale : Sciences et Technologies de l’Information et de la Communication
\net le Laboratoire de recherche SAMOVAR pr\u00e9sentent
\nl\u2019AVIS DE SOUTENANCE de Monsieur Vinh Hoa LA<\/p>\n
Autoris\u00e9 \u00e0 pr\u00e9senter ses travaux en vue de l\u2019obtention du Doctorat de l’Universit\u00e9 Paris-Saclay, pr\u00e9par\u00e9 \u00e0 T\u00e9l\u00e9com SudParis en :
\nr\u00e9seaux, information et communications<\/p>\n
Quand: le VENDREDI 21 OCTOBRE 2016 \u00e0 10h00
\nO\u00f9: \u00e0 T\u00e9l\u00e9com SudParis, Salle A03, 9 rue Charles Fourier, 91000 EVRY<\/p>\n
Membres du jury :<\/strong><\/p>\n Mme Ana Rosa CAVALLI, Professeur, Telecom SudParis, FRANCE – Directeur de these R\u00e9sum\u00e9 :<\/em><\/p>\n La s\u00e9curit\u00e9 informatique, aussi connue comme la cyber-s\u00e9curit\u00e9, est toujours un sujet d’actualit\u00e9 dans la recherche en sciences informatiques. Comme les cyber-attaques grandissent de plus en plus en volume et en sophistication, la protection des syst\u00e8mes ou r\u00e9seaux d’information devient une t\u00e2che difficile. Les chercheurs dans la communaut\u00e9 de recherche pr\u00eatent une attention constante \u00e0 la s\u00e9curit\u00e9, en particulier ils s’orientent vers deux directions principales: (i) – la conception des infrastructures s\u00e9curis\u00e9es avec des protocoles de communication s\u00e9curis\u00e9s et (ii) – surveillance \/ supervision des syst\u00e8mes ou des r\u00e9seaux afin de trouver et de rem\u00e9dier des vuln\u00e9rabilit\u00e9s. La derni\u00e8re v\u00e9rifie que tout ce qui a \u00e9t\u00e9 con\u00e7u dans la premi\u00e8re fonctionne correctement et en toute s\u00e9curit\u00e9, ainsi d\u00e9tectant les violations de s\u00e9curit\u00e9. Ceci \u00e9tant le sujet principal de cette th\u00e8se. Cette dissertation pr\u00e9sente un cadre de surveillance de la s\u00e9curit\u00e9 en tenant en compte des diff\u00e9rents types de jeu de donn\u00e9es d’audit y compris le trafic de r\u00e9seaux et les messages \u00e9chang\u00e9s dans les applications. Nous proposons \u00e9galement des approches innovantes fond\u00e9es sur l’apprentissage statistique, la th\u00e9orie de l’information et de l’apprentissage automatique pour pr\u00e9traiter et analyser l’entr\u00e9e de donn\u00e9es. Notre cadre est valid\u00e9 dans une large gamme des \u00e9tudes de cas, y compris la surveillance des r\u00e9seaux traditionnels TCP \/ IP (v4) (LAN, WAN, la surveillance de l’Internet), la supervision des r\u00e9seaux de objets connect\u00e9s utilisant la technologie 6LoWPAN (IPv6), et \u00e9galement, l\u2019analyse des logs d’autres applications. Enfin, nous fournissons une \u00e9tude sur la tol\u00e9rance d\u2019intrusion par conception et proposons une approche bas\u00e9e sur l\u2019\u00e9mulation pour d\u00e9tecter et tol\u00e9rer l\u2019intrusion simultan\u00e9ment. Dans chaque \u00e9tude de cas, nous d\u00e9crivons comment nous collectons les jeux de donn\u00e9es d’audit, extrayons les attributs pertinents, traitons les donn\u00e9es re\u00e7ues et d\u00e9codons leur signification de s\u00e9curit\u00e9. Pour attendre ces objectifs, l’outil MMT est utilis\u00e9 comme le c\u0153ur de notre approche. Nous \u00e9valuons \u00e9galement la performance de la solution et sa possibilit\u00e9 de marcher dans les syst\u00e8mes \u201c\u00e0 plus grande \u00e9chelle\u201d avec des jeux de donn\u00e9es plus volumineux.<\/p>\n Abstract :<\/em><\/p>\n Computer security, also known as cyber-security or IT security, is always an emerging topic in computer science research. Because cyber attacks are growing in both volume and sophistication, protecting information systems or networks becomes a difficult task. Therefore, researchers in research community give an ongoing attention in security including two main directions: (i)-designing secured infrastructures with secured communication protocols and (ii)-monitoring\/supervising the systems or networks in order to find and re-mediate vulnerabilities. The former assists the later by forming some additional monitoring-supporting modules. Whilst, the later verifies whether everything designed in the former is correctly and securely functioning as well as detecting security violations. This is the main topic of this thesis. This dissertation presents a security monitoring framework that takes into consideration different types of audit dataset including network traffic and application logs. We propose also some novel approaches based on supervised machine learning to pre-process and analyze the data input. Our framework is validated in a wide range of case studies including traditional TCP\/IPv4 network monitoring (LAN, WAN, Internet monitoring), IoT\/WSN using 6LoWPAN technology (IPv6), and other applications’ logs. Last but not least, we provide a study regarding intrusion tolerance by design and propose an emulation-based approach to simultaneously detect and tolerate intrusion. In each case study, we describe how we collect the audit dataset, extract the relevant attributes, handle received data and decode their security meaning. For these goals, the tool Montimage Monitoring Tool (MMT) is used as the core of our approach. We assess also the solution’s performance and its possibility to work in \u00ab\u00a0larger scale\u00a0\u00bb systems with more voluminous dataset.<\/p>\n","protected":false},"excerpt":{"rendered":" L’Ecole doctorale : Sciences et Technologies de l’Information et de la Communication et le Laboratoire de recherche SAMOVAR pr\u00e9sentent l\u2019AVIS DE SOUTENANCE de Monsieur Vinh Hoa LA Autoris\u00e9 \u00e0 pr\u00e9senter ses travaux en vue de l\u2019obtention du Doctorat de l’Universit\u00e9 Paris-Saclay, pr\u00e9par\u00e9 \u00e0 T\u00e9l\u00e9com SudParis en : r\u00e9seaux, information et communications Quand: le VENDREDI 21 […]<\/p>\n","protected":false},"author":1,"featured_media":783,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ocean_post_layout":"","ocean_both_sidebars_style":"","ocean_both_sidebars_content_width":0,"ocean_both_sidebars_sidebars_width":0,"ocean_sidebar":"","ocean_second_sidebar":"","ocean_disable_margins":"enable","ocean_add_body_class":"","ocean_shortcode_before_top_bar":"","ocean_shortcode_after_top_bar":"","ocean_shortcode_before_header":"","ocean_shortcode_after_header":"","ocean_has_shortcode":"","ocean_shortcode_after_title":"","ocean_shortcode_before_footer_widgets":"","ocean_shortcode_after_footer_widgets":"","ocean_shortcode_before_footer_bottom":"","ocean_shortcode_after_footer_bottom":"","ocean_display_top_bar":"default","ocean_display_header":"default","ocean_header_style":"","ocean_center_header_left_menu":"","ocean_custom_header_template":"","ocean_custom_logo":0,"ocean_custom_retina_logo":0,"ocean_custom_logo_max_width":0,"ocean_custom_logo_tablet_max_width":0,"ocean_custom_logo_mobile_max_width":0,"ocean_custom_logo_max_height":0,"ocean_custom_logo_tablet_max_height":0,"ocean_custom_logo_mobile_max_height":0,"ocean_header_custom_menu":"","ocean_menu_typo_font_family":"","ocean_menu_typo_font_subset":"","ocean_menu_typo_font_size":0,"ocean_menu_typo_font_size_tablet":0,"ocean_menu_typo_font_size_mobile":0,"ocean_menu_typo_font_size_unit":"px","ocean_menu_typo_font_weight":"","ocean_menu_typo_font_weight_tablet":"","ocean_menu_typo_font_weight_mobile":"","ocean_menu_typo_transform":"","ocean_menu_typo_transform_tablet":"","ocean_menu_typo_transform_mobile":"","ocean_menu_typo_line_height":0,"ocean_menu_typo_line_height_tablet":0,"ocean_menu_typo_line_height_mobile":0,"ocean_menu_typo_line_height_unit":"","ocean_menu_typo_spacing":0,"ocean_menu_typo_spacing_tablet":0,"ocean_menu_typo_spacing_mobile":0,"ocean_menu_typo_spacing_unit":"","ocean_menu_link_color":"","ocean_menu_link_color_hover":"","ocean_menu_link_color_active":"","ocean_menu_link_background":"","ocean_menu_link_hover_background":"","ocean_menu_link_active_background":"","ocean_menu_social_links_bg":"","ocean_menu_social_hover_links_bg":"","ocean_menu_social_links_color":"","ocean_menu_social_hover_links_color":"","ocean_disable_title":"default","ocean_disable_heading":"default","ocean_post_title":"","ocean_post_subheading":"","ocean_post_title_style":"","ocean_post_title_background_color":"","ocean_post_title_background":0,"ocean_post_title_bg_image_position":"","ocean_post_title_bg_image_attachment":"","ocean_post_title_bg_image_repeat":"","ocean_post_title_bg_image_size":"","ocean_post_title_height":0,"ocean_post_title_bg_overlay":0.5,"ocean_post_title_bg_overlay_color":"","ocean_disable_breadcrumbs":"default","ocean_breadcrumbs_color":"","ocean_breadcrumbs_separator_color":"","ocean_breadcrumbs_links_color":"","ocean_breadcrumbs_links_hover_color":"","ocean_display_footer_widgets":"default","ocean_display_footer_bottom":"default","ocean_custom_footer_template":"","ocean_post_oembed":"","ocean_post_self_hosted_media":"","ocean_post_video_embed":"","ocean_link_format":"","ocean_link_format_target":"self","ocean_quote_format":"","ocean_quote_format_link":"post","ocean_gallery_link_images":"on","ocean_gallery_id":[],"footnotes":""},"categories":[350],"tags":[],"class_list":["post-784","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-theses-2016-fr","entry","has-media"],"_links":{"self":[{"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/posts\/784","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/comments?post=784"}],"version-history":[{"count":1,"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/posts\/784\/revisions"}],"predecessor-version":[{"id":1656,"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/posts\/784\/revisions\/1656"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/media\/783"}],"wp:attachment":[{"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/media?parent=784"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/categories?post=784"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/tags?post=784"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\nM. Farid NAIT-ABDESSELAM, Professeur , Universit\u00e9 Paris Descartes (Paris V) , FRANCE – Rapporteur
\nM. Marcelo DIAS DE AMORIM, Prof., Directeur de Recherche , Universit\u00e9 Pierre et Marie Curie (Paris VI), FRANCE – Rapporteur
\nM. Patrick SENAC, Prof., Directeur de recherche , ENAC \u2013 Toulouse , FRANCE – Examinateur
\nM. Adrien BECUE, Head of Research & Technology, Airbus DS Cybersecurity, FRANCE – Examinateur
\nM. Wissam MALLOULI, Dr., Ing\u00e9nieur de recherche, Montimage, FRANCE – Examinateur
\nMme Fatiha ZAIDI, Ma\u00eetre de conf\u00e9rences, HDR , Universit\u00e9 Paris Sud, FRANCE – Examinateur<\/p>\n