Seminars and workshops

Seminar 27/07/2017

In July 2017 also starts the Inria International Chair of Raouf Boutaba. As his research agenda is about softwarization of networks also part of the Masdin associate team topic, we invite him to our seminar. It was hel at Inria Nancy Grand Est research center.

Inria Madynes Attendees: Abdelkader Lahmadi, Giulia De Santis, Isabelle Chrisment, Jérôme François, Lucas Nussbaum, Rémi Badonnel, Loïc Rouch, Sofiane Lagraa, Daishi Kondo, Alexandre Merlin, Laurent Andrey, Abdulqawi Saïf

Invited person: Raouf Boutaba (Inria International Chair, University of Waterloo)

SnT Attendees: Steffan Hommes, Wazen shbair

Programme
  • 10h – 10h10: Introduction
  • 10h10 – 10h40: Raouf Boutaba – Introduction to recent research
  • 10h40 – 11h10: Wazen Shbair – Blockchain: an overview and research prospective
  • 11h10 – 11h40: Alexandre Merlin – Introduction to Distem – DISTributed systems EMulator
  • 11h40 – 12h20: Jérôme François – Understanding Disruptive Monitoring Capabilities of Programmable Networks
  • 12h15 – 13h45: Lunch
  • 13h45 – 14h15: Guila De Santis – Fingerprinting Scans over Internet
  • 14h15 – 14h45: Loïc Rouch – Observing DNS queries to detect attacks and infected hosts
  • 14h45 – 15h15: Daishi Kondo – Risk Analysis of Information-Leakage through Interest Packets in NDN
  • 16h – 16h30: Abdelkader Lamhadi – Automated Verification of Security Chains in Software-Defined Networks with Synaptic

Joint Seminar with Orpailleur team – 01/12/2016

The third meeting took place in Metz. The objective of this meeting was to prepare the second year of the associate team. As many of our activities rely on machine learning and data mining techniques, we also invite our colleagues from the Orpailleur Inria team.

Inria Madynes Attendees: Abdelkader Lahmadi, Giulia De Santis, Isabelle Chrisment, Jérôme François, Lucas Nussbaum, Olivier Festor, Rémi Badonnel, Thibault Cholez, Xavier Marchal, Sofiane Lagraa, Wazen Shbair, Benoit Henry

Inria Orpailleur Attendees: Amedeo Napoli, Chedy Raissi, Younes Abid

SnT Attendees: Eric Falk, Mathis Steichen, Radu State, Alex Yakubov, Manxing Du, Salvatore Signorello, Stefan Hommes, Ramiro Camino, Georgios Varisteas, Angelo Migliosi, Patrick Glauner, Petko Valtchev, Jeremy Charlier

Programme
  • 9h30 – 11h
    • Jérôme: Intro and Masdin update (10 min)
    • Radu: Sedan Présentation (15 min)
    • Amedeo: Orpailleur presentation (15 min)
    • Patrick: Neighborhood Features Help Detecting Non-Technical Losses in Big Data Sets (20 min)
    • Abid Younes: Online link disclosure strategies for social networks (30 min)
  • 11:00 – 11:10 short break
  • 11:10  – 12:40
    • Petko Valtchev/Stefan Hommes: Formal Concept Analysis for SDN (30 min)
    • Lucas Nussbaum: Networking experiments on Grid’5000 (general G5K intro + focus on networking) (30 min)
    • Benoît: SDN-based DDoS mitigation (30 min)
  • Lunch Break
  • 14h30 – 16h30
    • Sofiane Lagraa: Behavioral change-based anomaly detection in computer networks using data mining (30 min)
    • Abdelkader Lahmadi: Topological Analysis and Visualisation of Network Monitoring Data (30 min)
    • Wazen Shbair : Real-Time Identification of Services in HTTPS Traffic (30 min)
    • Giulia: Modeling of IP scanning activities with Hidden Markov Models: Darknet case study (30 min)
  • 16h30 – 16h50: break
  • 16h50 – 17h40
    • Xavier Marchal: NDN content poisoning attack (20 min)
    • Salvatore: A more accurate view on Interest Flooding Attacks in Named-Data Networking (30 min)

 

Workshop on intrusion detection and netflow analysis – 20/07/2016

On 20/07/2016, a workshop on intrusion detection and netflow analysis was organized by SEDAN team at University of Luxembourg. Masdin was invited to participate. The first half of the day was a practical session on network traffic collection and (pre-)processing with the goal of obtaining datasets for research on fingerprinting or applications of machine learning lead by Sebastian Garcia. The second half of the day was dedicated to talks by the participants on topics of network security with a focus on work using netflow data, including talks from industry and academia. We encouraged the exchange between practitioners from academia and industry with theoretical and proof-of-concept works from academia.

  • Security Monitoring of HTTPS Traffic
    • Abstract: The encrypted Internet traffic is an essential element to enable security and privacy in the Internet. Surveys show that websites are more and more being served over HTTPS. On one side, We applications are encouraged to use TLS protocols to keep user privacy and security from malicious activities. On the other side, important challenges and issues, related to the security analysis of encrypted traffic (filtering, anomaly detection, etc.), need to be resolved effectively. Existing solutions have privacy issues related to the decryption of the traffic in the middle. Thus, our research question is to find an efficient HTTPS monitoring technique that don’t decrypt HTTPS traffic. We have investigated the latest technique for HTTPS traffic filtering that is based on the Server Name Indication (SNI) field of TLS and which has been recently implemented in many firewall solutions. We proved that SNI has weaknesses that can be used to bypass firewall systems. More recently, we have started to develop a method for monitoring HTTPS traffic in the context of network forensic investigation. In this context, we proposed a framework with a novel multi-level classification approach able to identify the services running in HTTPS with high level of accuracy with the goal to improve the security of networks with a new generation of HTTPS firewall.
    • Speaker: Wazen Shbair is a PhD candidate (3 rd year) at LORIA (Lorraine Research Laboratory in Computer Science and its Applications), Nancy, France. He earned a Master degree (2009) from university of Cairo, Egypt and bachelor of computer engineering from the IUG University, Palestine. He started his research activities in the field of encrypted traffic monitoring at University of Lorraine with his PhD thesis, which addresses the challenge of security monitoring of HTTPS traffic. He has published papers on network and service management issues in IFIP/IEEE Integrated Network Management Symposium, IFIP/IEEE Network Operation Management Symposium, and IEEE International Workshop on Security Testing and Monitoring. Speaker: Wazen Shbair PhD Candidate, Univ.Lorraine LORIA , MADYNES Team Nancy, France
  • Adware landscape: what you didn’t want to hear
    • Abstract: In the past, adware as advertising oriented software was clearly considered harmless and legitimate. In recent years this has changed and it is now often common to find adware presenting a mix of advertising and malicious behaviour. Where do we draw the line? There is still no general agreement on what is considered malicious when it comes to this type of software. Our research showed that 85% of the companies surveyed between January and October 2015 were infected by adware, averaging around 400 hosts per million adware infections per day. This is an alarming number considering that most of these infections remain un-handled for long periods of time as the capacity of incident response teams is usually quickly exhausted by remediating high risk threats. In this presentation we will show how does the adware landscape looks like, typical distribution methods and what type of information is usually exfiltrated by this type of software. We will present details of a concrete case of a malware being distributed by adware and how the escalation took place.
    • Speaker: Veronica Valeros Malware Researcher Cognitive Threat Analytics Cisco Systems, Inc. https://cognitive.cisco.com/
  • Malware Detection in the Network. Behavioral Analysis with Machine Learning
    • Abstract: “The detection of malware in the network can be improved by studying its connection patterns. These patterns, carefully analyzed, can reveal the behavior of the malware in the network. We present the Stratosphere Project, an effort to create a free software, behavioral-based IPS for malicious traffic detection. Stratosphere analyzes the behavior in the network, creating models of known malicious connections and detecting unknown traffic.”
    • Speaker: Sebastian Garcia is a malware researcher and security teacher. He did his PhD on the detection of botnets/malware by analyzing their network traffic and creating behavioral models of their actions. He likes to analyze network patterns with machine learning tools, specially on malware and botnet traffic. He is a researcher in the ATG group of Czech Technical University in Prague. He believes that free software and machine learning tools can help better protect users from abuse of their digital rights. He has been teaching in several countries and Universities and working on penetration testing for both corporations and governments. As a co-founder of the MatesLab hackspace he is a free software advocate that worked on honeypots, malware detection, distributed scanning (dnmap) keystroke dynamics, bluetooth analysis, privacy protection, intruder detection, robotics and biohacking. In the CTU University he is managing the Stratosphere IPS project, where they are developing a free-software behavioral-based IPS. Speaker: Sebastian Garcia @eldracote https://www.researchgate.net/profile/Sebastian_Garcia6 http://stratosphereips.org

Wazen

Kick-off meeting – 21/04/2016

The first Masding meeting took place at Inria Nancy Grand Est on 21/04/2016. The objective of this meeting was to present the research works of the different members to build working group among them on specific topics.

Inria Attendees: Jonathan Arnault, Abdelkader Lahmadi, Cristian Ruiz, Emmanuel Jeanvoine, Giulia De Santis, Isabelle Chrisment, Jérôme François, Lucas Nussbaum, Olivier Festor, Paul Chaignon, Rémi Badonnel, Thibault Cholez, Xavier Marchal

SnT Attendees: Eric Falk, Mathis Steichen, Radu State, , Salvatore Signorello, Stefan Hommes, Thomas Engel

Invited Partner: Kahina Lazri (Orange Labs)

Scientific presentations

  • Masdin Overview (Jérôme, 20min)
  • Implementing NDN over P4 (Salvatore, 25min)NDN performance (Xavier, 15min)
  • Security Function Chaining for Android devices (Abdelkader, Rémi 25min)Security of Software-Defined Networks (Paul, 25min)
  • Optimizing streaming in Kafka (Eric, 25min)Virtual Security Operation Center as a Service (Radu 25min)Data-Analytics for Security Monitoring (Jonathan, 10min)
  • Modeling and analysis of Advanced Persistent Threats (Giulia, 10min)

Preliminary identification of working groups

  • NDN performance analysis with and without virtualisation: Xavier, Salvatore, Thibault, Jérôme, Radu
  • Data analytics for Netflow: Jonathan, Christian, Abdelkader, Jérôme, Radu

Comments are closed.