Tesi sul tema "Télécommunications – Trafic – Mesures de sûreté"
Cita una fonte nei formati APA, MLA, Chicago, Harvard e in molti altri stili
Vedi i top-50 saggi (tesi di laurea o di dottorato) per l'attività di ricerca sul tema "Télécommunications – Trafic – Mesures de sûreté".
Accanto a ogni fonte nell'elenco di riferimenti c'è un pulsante "Aggiungi alla bibliografia". Premilo e genereremo automaticamente la citazione bibliografica dell'opera scelta nello stile citazionale di cui hai bisogno: APA, MLA, Harvard, Chicago, Vancouver ecc.
Puoi anche scaricare il testo completo della pubblicazione scientifica nel formato .pdf e leggere online l'abstract (il sommario) dell'opera se è presente nei metadati.
Vedi le tesi di molte aree scientifiche e compila una bibliografia corretta.
Kheir, Nizar. "Response policies and counter-measure : management of service dependencies and intrusion and reaction impacts". Télécom Bretagne, 2010. http://www.theses.fr/2010TELB0162.
Testo completoLassoued, Imed. "Adaptive monitoring and management of Internet traffic". Nice, 2011. http://www.theses.fr/2011NICE4110.
Testo completoTraffic measurement allows network operators to achieve several purposes such as traffic engineering, network resources provisioning and management, accounting and anomaly detection. However, existing solutions suffer from different problems namely the problem of scalability to high speeds, the problem of detecting changes in network conditions, and the problem of missing meaningful information in the traffic. The main consequence of this trend is an inherent disagreement between existing monitoring solutions and the increasing needs of management applications. Hence, increasing monitoring capabilities presents one of the most challenging issues and an enormous undertaking in a large network. This challenge becomes increasingly difficult to meet with the remarkable growth of the Internet infrastructure, the increasing heterogeneity of user’s behaviour and the emergence of a wide variety of network applications. In this context, we present the design of an adaptive centralized architecture that provides visibility over the entire network through a net-work-wide cognitive monitoring system. We consider the following important requirements in the design of our network-wide monitoring system. The first underscores the fact that the vendors do not want to implement sophisticated sampling schemes that give good results under certain circumstances. They want to implement simple and robust solutions that are well described by some form of a standard (i. E. SFlow, NetFlow). Thus, we decide to design a new solution that deals with existing monitoring techniques and tries to coordinate responsibilities between the different monitors in order to improve the overall accuracy. The second requirement stipulates that the monitoring system should provide general information of the entire network. To do so, we adopt a centralized approach that provides visibility over the entire network. Our system investigates the different local measurements and correlates their results in order to address the trade off between accuracy and monitoring constraints. Ands the last requirement indicates that the monitoring system should address the scalability problem and respect monitoring constraints. To this end, our system relies on a network configuration module hat provides a responsive solution able to detect changes in network conditions and adapt the different sampling rates to network state. At the same time it avoids unnecessary details and oscillations in the traffic in order to keep the resulting overhead within the desired bounds. The network reconfiguration module deals with local monitoring tools and adjusts automatically and periodically sampling rates in order to coordinate responsibilities and distribute the work between the different monitors
Jarma, Yesid. "Protection de ressources dans des centres de données d'entreprise : architectures et protocoles". Phd thesis, Université Pierre et Marie Curie - Paris VI, 2012. http://tel.archives-ouvertes.fr/tel-00666232.
Testo completoFarraposo, Silvia. "Contributions on detection and classification of internet traffic anomalies". Phd thesis, Université Paul Sabatier - Toulouse III, 2009. http://tel.archives-ouvertes.fr/tel-00400506.
Testo completoBoin, Clément. "Détection d'attaques DDoS dans le contexte d'un fournisseur cloud de grande envergure". Electronic Thesis or Diss., Université de Lille (2022-....), 2023. http://www.theses.fr/2023ULILB036.
Testo completoThe objective of this thesis is the conception and development of a system for detecting volumetric DDoS attacks, integrated within a cloud infrastructure. This novel proposition aims to supplant an existing system deemed to be inadequately adaptable and operationally complex for OVHcloud engineers. To achieve this objective, the thesis is structured around four primary axes.Firstly, a comprehensive review of the scientific literature is undertaken to apprehend the issues associated with detecting volumetric attacks within the specific context of cloud environments. Since their emergence in the early 2000s, DDoS attacks have continually increased in sophistication and magnitude. Environments such as OVHcloud are subjected to hundreds of daily DDoS attacks, with some exceeding the terabit traffic threshold. In a primary contribution, a detailed examination of a year's worth of attacks targeting the OVHcloud infrastructure reveals that few prior works take such levels of volume into account. This initial observation underscores the necessity of adapting existing state-of-the-art solutions for application in high-performance environments.In a secondary facet, it is demonstrated that the available datasets for research lack statistical compatibility with the observed conditions within this study's framework. Widely employed metrics in scientific literature fail to capture everyday realities. This shortfall generates issues both in terms of devising context-specific solutions and in reproducing research outcomes. From the perspective of hosting providers, the absence of suitable datasets is partially attributed to the difficulties faced by the academic community in accessing industrial infrastructures, predominantly under the purview of major private-sector multinationals. Considerations linked to the confidentiality of personally identifiable information within such datasets also impede progress. Thus, in a significant tertiary contribution, a traffic generator proposal is formulated, adhering to the specific statistical properties of the studied cloud infrastructure.Leveraging this heightened comprehension of the intrinsic challenges faced by cloud service providers in detecting DDoS attacks, as well as the obstacles posed by the replication of real-world scenarios, encompassing both normal traffic and attacks, a fourth and final facet, presented in the form of an industrial patent, is devoted to delineating an architecture for detecting volumetric DDoS attacks. This architecture must facilitate the integration of detection algorithms while remaining maintainable by domain experts. Furthermore, it should be designed to address issues pertaining to the network load engendered by an infrastructure accommodating millions of clients across the globe
Abbes, Tarek. "Classification du trafic et optimisation des règles de filtrage pour la détection d'intrusions". Nancy 1, 2004. http://www.theses.fr/2004NAN10192.
Testo completoIn this dissertation we are interested by some bottlenecks that the intrusion detection faces, namely the high load traffic, the evasion techniques and the false alerts generation. In order to ensure the supervision of overloaded networks, we classify the traffic using Intrusion Detection Systems (IDS) characteristics and network security policies. Therefore each IDS supervises less IP traffic and uses less detection rules (with respect to traffics it analyses). In addition we reduce the packets time processing by a wise attack detection rules application. During this analysis we rely on a fly pattern matching strategy of several attack signatures. Thus we avoid the traffic reassembly previously used to deceive evasion techniques. Besides, we employ the protocol analysis with decision tree in order to accelerate the intrusion detection and reduce the number of false positives noticed when using a raw pattern matching method
Toure, Almamy. "Collection, analysis and harnessing of communication flows for cyber-attack detection". Electronic Thesis or Diss., Valenciennes, Université Polytechnique Hauts-de-France, 2024. http://www.theses.fr/2024UPHF0023.
Testo completoThe increasing complexity of cyberattacks, characterized by a diversification of attack techniques, an expansion of attack surfaces, and growing interconnectivity of applications with the Internet, makes network traffic management in a professional environment imperative. Companies of all types collect and analyze network flows and logs to ensure the security of exchanged data and prevent the compromise of information systems. However, techniques for collecting and processing network traffic data vary from one dataset to another, and static attack detection approaches have limitations in terms of efficiency and precision, execution time, and scalability. This thesis proposes dynamic approaches for detecting cyberattacks related to network traffic, using feature engineering based on the different communication phases of a network flow, coupled with convolutional neural networks (1D-CNN) and their feature detector. This double extraction allows for better classification of network flows, a reduction in the number of attributes and model execution times, and thus effective attack detection. Companies also face constantly evolving cyber threats, and "zero-day" attacks that exploit previously unknown vulnerabilities are becoming increasingly frequent. Detecting these zero-day attacks requires constant technological monitoring and thorough but time-consuming analysis of the exploitation of these vulnerabilities. The proposed solutions guarantee the detection of certain attack techniques. Therefore, we propose a detection framework for these attacks that covers the entire attack chain, from the data collection phase to the identification of any type of zero-day, even in a constantly evolving environment. Finally, given the obsolescence of existing datasets and data generation techniques for intrusion detection, and the fixed, non-evolving, and non-exhaustive nature of recent attack scenarios, the study of an adapted synthetic data generator while ensuring data confidentiality is addressed. The solutions proposed in this thesis optimize the detection of known and zero-day attack techniques on network flows, improve the accuracy of models, while ensuring the confidentiality and high availability of data and models, with particular attention to the applicability of the solutions in a company network
Rébaï, Raja. "Optimisation de réseaux de télécommunications avec sécurisation". Paris 9, 2000. https://portail.bu.dauphine.fr/fileviewer/index.php?doc=2000PA090025.
Testo completoHachem, Nabil. "MPLS-based mitigation technique to handle cyber attacks". Electronic Thesis or Diss., Evry, Institut national des télécommunications, 2014. http://www.theses.fr/2014TELE0013.
Testo completoCyber attacks cause considerable losses not only for end-users but also service providers. They are fostered by myriad of infected resources and mostly rely on network resources for whether propagating, controlling or damaging. There is an essential need to address these numerous attacks by efficient defence strategies. Researchers have dedicated large resources without reaching a comprehensive method to protect from network attacks. Defence strategies involve first a detection process, completed by mitigation actions. Research on detection is more active than on mitigation. Yet, it is crucial to close the security loop with efficient technique to mitigate counter attacks and their effects. In this thesis, we propose a novel technique to react to attacks that misuse network resources, e.g., DDoS, Botnet, worm spreading, etc. Our technique is built upon network traffic management techniques. We use the Multiprotocol Label Switching (MPLS) technology to manage the traffic diagnosed to be part of a network misuse by detection processes. The goals of our technique can be summarized as follows: first to provide the means — via QoS and routing schemes — to segregate the suspicious flows from the legitimate traffic; and second, to take control over suspicious flows. We profit from the enhancement on the inter-domain MPLS to permit a cooperation among providers building a large-scale defence mechanism. We develop a system to complete the management aspects of the proposed technique. This system performs tasks such as alert data extraction, strategy adaptation and equipments configurations. We model the system using a clustering method and a policy language in order to consistently and automatically manage the mitigation context and environment in which the proposed technique is running. Finally, we show the applicability of the technique and the system through simulation. We evaluate and analyse the QoS and financial impacts inside MPLS networks. The application of the technique demonstrates its effectiveness and reliability in not only alleviating attacks but also providing financial benefits for the different players in the mitigation chain, i.e., service providers
Carlinet, Yannick. "Supervision de trafic au niveau applicatif : application à la sécurité et à l'ingénierie des réseaux". Rennes 1, 2010. https://tel.archives-ouvertes.fr/tel-00536850.
Testo completoTraffic monitoring at the application level: application to security and network engineering. The work presented in this document deals with traffic monitoring in the core network, at the application level. The benefits of traffic monitoring in the layer-7 is illustrated thanks to several studies
Bassil, Carole. "SVSP (Secure Voice over IP Simple Protocole) : une solution pour la sécurisation de la voix sur IP". Paris, ENST, 2005. http://www.theses.fr/2005ENST0045.
Testo completoSince the invention of the first telephone by Alexander Graham Bell in 1869, network telephony technology did not stop evolving: from circuit switching to packet switching, from fixed network to wireless network. Several new architectures were created which combines the transport of voice, data and image in the same data network. The nature of these open networks has an impact on the voice in terms of security. This yields to the imminent need to secure voice communications while insuring a good quality of service to the voice as well in fixed, wireless and IP networks. Different security solutions are proposed for the data. But partial even incomplete solutions are proposed for the voice. First, we define the needs for securing the telephony and the security services required. Thus, we analyze the security offered by the different telephone networks, namely the security in the traditional telephone network (PSTN and ISDN), in the mobile networks (GSM and UMTS), and in the IP network based on the H. 323 and SIP architectures. This will allow us to compare the security solutions offered by these telephony architectures and to be able to present their advantages and limitations and the security requirements that they cannot satisfy. This analysis drives us to an eloquent result that is the absence of a complete end to end security solution that complies with the security requirements of telephony. Secondly, we propose security architecture for a unified telephony architecture. This security architecture proposes a service layer that is inserted between N and N + 1 layers of the OSI reference model. This choice provides a transparency and an independence of the underlying network but requires reviewing the interfaces and therefore the needs to define an API between the security application and the underlying network that insures transparency. This architecture provides the security services and defines necessary security policies to secure voice communications. Following the security architecture, we defined a security protocol that we named SVSP for Simple Voice Security Protocol. SVSP satisfies the security services defined by this architecture that provides a secure end-to-end phone call. Studies were carried out to integrate it in different telephony infrastructures, namely with the traditional telephone network, GSM the mobile network and with the H. 323 standard for voice over IP communications. A prototype of SVSP was implemented followed by integrating it with SIP the IETF voip standard
Cornejo, Bautista Joaquim Alfonso Alejandro. "Etude de la sécurisation du canal de transmission optique par la technique de brouillage de phase". Télécom Bretagne, 2009. http://www.theses.fr/2008TELB0095.
Testo completoSalha, Guillaume. "Management des systèmes d'information et télécommunications". Perpignan, 2006. http://www.theses.fr/2006PERP0712.
Testo completoThe subject concerns the management of the Information systems and Telecommunications. I propose a detailed description of various topologies of inter-connection and security. I propose a modelisation of the information processing systems, to study the behavior of the systems on models and not on the system itself. I present an innovating solution based on the concept of IP collect and Multi operator routing, using the XDSL technologies of infrastructure operators, to the router in a centralized site. I propose project guidelines and methodology intended to provide a common framework covering the control of the fundamental processes and their organizational and technical impacts on the deployment in companies
Hachem, Nabil. "MPLS-based mitigation technique to handle cyber attacks". Thesis, Evry, Institut national des télécommunications, 2014. http://www.theses.fr/2014TELE0013/document.
Testo completoCyber attacks cause considerable losses not only for end-users but also service providers. They are fostered by myriad of infected resources and mostly rely on network resources for whether propagating, controlling or damaging. There is an essential need to address these numerous attacks by efficient defence strategies. Researchers have dedicated large resources without reaching a comprehensive method to protect from network attacks. Defence strategies involve first a detection process, completed by mitigation actions. Research on detection is more active than on mitigation. Yet, it is crucial to close the security loop with efficient technique to mitigate counter attacks and their effects. In this thesis, we propose a novel technique to react to attacks that misuse network resources, e.g., DDoS, Botnet, worm spreading, etc. Our technique is built upon network traffic management techniques. We use the Multiprotocol Label Switching (MPLS) technology to manage the traffic diagnosed to be part of a network misuse by detection processes. The goals of our technique can be summarized as follows: first to provide the means — via QoS and routing schemes — to segregate the suspicious flows from the legitimate traffic; and second, to take control over suspicious flows. We profit from the enhancement on the inter-domain MPLS to permit a cooperation among providers building a large-scale defence mechanism. We develop a system to complete the management aspects of the proposed technique. This system performs tasks such as alert data extraction, strategy adaptation and equipments configurations. We model the system using a clustering method and a policy language in order to consistently and automatically manage the mitigation context and environment in which the proposed technique is running. Finally, we show the applicability of the technique and the system through simulation. We evaluate and analyse the QoS and financial impacts inside MPLS networks. The application of the technique demonstrates its effectiveness and reliability in not only alleviating attacks but also providing financial benefits for the different players in the mitigation chain, i.e., service providers
Truffot, Jérome. "Conception de réseaux haut débit sous contrainte de sécurisation". Clermont-Ferrand 2, 2007. http://www.theses.fr/2007CLF21793.
Testo completoAlberdi, Ion. "Malicious trafic observation using a framework to parallelize and compose midpoint inspection devices". Electronic Thesis or Diss., Toulouse, INSA, 2010. http://www.theses.fr/2010ISAT0008.
Testo completoOur Ph.D states that given the magnitude of malicious behavior in the Internet, end-host software must be monitored. To limit the number of monitoring points, we propose to monitor the software from an interconnection point, i.e. a midpoint. We have designed for this purpose Luth, a tool to compose and parallelize a set of midpoint inspectors (MI) that implement mini IDS, IPS or firewall-s, while checking the correction and optimality of the resulting inspection tree, using a configuration language, its interpreter and associated algorithms. We then configure this tool to monitor some end-host software used to observe malicious traffic. First, we demonstrate why malware downloading honeypots must be monitored by designing an original attack. Then, we show how we configure Luth to block these attacks while accepting the intrusions emulated by the honeypot. In a second step, we use Luth to implement a sandbox that analyzes dynamically and as safely as wanted malware's network communications. We show how the information obtained by this analysis enables us to cluster the analyzed malware and therefore limit the number of malware to analyze manually. Finally, we show how we automatically generate signatures from this analysis to detect those malware from a midpoint device
Hardouin, Ronan. "La responsabilité limitée des prestataires techniques dans la loi pour la confiance dans l'économie numérique". Versailles-St Quentin en Yvelines, 2011. http://www.theses.fr/2011VERS023S.
Testo completoWhereas the liability law has a tendency to be objective, it could seem disparate to grant intermediary service providers a limited liability. This approach doesn’t have part in civil liability’s objectives since the industrial revolution: the compensation of harm. Nevertheless, it departs from the ordinary law and seems coherent if it is compared with « convergence » and « the Internet neutrality » notions, or, basically, with the several fundamental liberties used a lot on the Internet. In reality, it is a response to another revolution; those of communications world whose the Internet has disrupted the basics. Developed on an ideology based on neutrality, the Internet network is certainly become one of the main challenges of our society. It promotes liberties and innovation, which is enhanced by the “Net economy”. However, all these hopes can be satisfied on condition that to introduce a confidence atmosphere. A confidence for Internet service providers who are able to develop their business models if they have a visibility concerning the risks. A confidence for the Internet users who have to not be worried about their rights’ protection and liberties’ respect. All of this lead to a compromise that promotes liberties but forces them to be involved in the stopping of unlawful contents. New Eldorado for few people, source of troubles for others, the limited liability granted Internet service providers is a controversial subject. Should we allow any new services to benefit from this liability? Should the legislator abrogate the liability of Internet service providers? Should we consider as the doctrine does a « third way»? In spite of these questions, this study will prove that the LCEN is a balanced law, which doesn’t have to amend. The challenges concerning the development of Net economy as well as the respect of fundamental liberties are essential and justify the limited liability of Internet service providers
Önen, Suna Melek. "La Sécurité des communications multipoints dans les réseaux satellitaires: Une approche centrée sur la satisfaction des utilisateurs". Phd thesis, Télécom ParisTech, 2005. http://pastel.archives-ouvertes.fr/pastel-00001363.
Testo completoAlberdi, Ion. "Malicious trafic observation using a framework to parallelize and compose midpoint inspection devices". Thesis, Toulouse, INSA, 2010. http://www.theses.fr/2010ISAT0008/document.
Testo completoOur Ph.D states that given the magnitude of malicious behavior in the Internet, end-host software must be monitored. To limit the number of monitoring points, we propose to monitor the software from an interconnection point, i.e. a midpoint. We have designed for this purpose Luth, a tool to compose and parallelize a set of midpoint inspectors (MI) that implement mini IDS, IPS or firewall-s, while checking the correction and optimality of the resulting inspection tree, using a configuration language, its interpreter and associated algorithms. We then configure this tool to monitor some end-host software used to observe malicious traffic. First, we demonstrate why malware downloading honeypots must be monitored by designing an original attack. Then, we show how we configure Luth to block these attacks while accepting the intrusions emulated by the honeypot. In a second step, we use Luth to implement a sandbox that analyzes dynamically and as safely as wanted malware's network communications. We show how the information obtained by this analysis enables us to cluster the analyzed malware and therefore limit the number of malware to analyze manually. Finally, we show how we automatically generate signatures from this analysis to detect those malware from a midpoint device
Belhouane, Nabil. "Étude du rayonnement spectral du four micro-ondes et son influence sur la bande du service mobile par satellite". Toulouse, INPT, 1997. http://www.theses.fr/1997INPT088H.
Testo completoBrissaud, Pierre-Olivier. "Analyse de trafic HTTPS pour la supervision d'activités utilisateurs". Electronic Thesis or Diss., Université de Lorraine, 2020. http://www.theses.fr/2020LORR0255.
Testo completoThe protection of the Internet users’ privacy has made every web service offer some security by using encryption. Thus, it is now impossible to use classical tools anymore, like DPI (deep pakets inspection), in order to detect malicious behaviour on the Internet. The main target of this thesis is to find new ways to monitor malicious behaviours despite the use of encryption (HTTPS). This new solution should, nevertheless, follow tree guidelines: passivity, transparency and privacy preservation. According to the works in the state of the art for encrypted traffic monitoring, they mainly focus about protocols or services detection but not about the detections of the users' behavior inside a service. The first objective is to construct a monitoring solution in order to detect some behaviour inside a web service protected by HTTPS used with HTTP/1.1. We develop an example which detects requests related to non-legitimate keywords on Images search engine by only monitoring the encrypted traffic. The solution reconstructs the size of the encrypted HTTP objects and builds a footprint of the related traffic by using the Kernel Density estimation method (KDE). The evaluation of this traffic classification when monitoring 10 000 keywords achieved an accuracy of more than 99% considering an open world scenario. Despite, this solution is very effective when monitoring HTTP/1.1 traffic, it shows some limitation when dealing with HTTP/2 traffic because of its impact on the traffic. Thus, the second goal is to adapt our knowledge for purposes of detecting keywords when HTTPS is used with HTTP/2. This new method is structured around some features collected on the encrypted traffic and use supervised machine learning (random forest) to classify them. The solution called H2Classifier is evaluated over four very used services (Amazon, Google, Google Images and Google Maps) and achieve a TPR between 61 and 98% depending of the service when monitoring 2000 keywords (per service) considering open world scenario. Finally, H2Classifier evaluated over the time, against new services and with new configurations too
Llorens, Cédric. "Mesure de la sécurité "logique" d'un réseau d'un opérateur de télécommunications". Phd thesis, Télécom ParisTech, 2005. http://pastel.archives-ouvertes.fr/pastel-00001492.
Testo completoDepigny, Marine. "Terrorisme international et mesures de sûreté : analyse économique du comportement du voyageur sur le réseau de transport aérien mondial". Thesis, Lyon 2, 2011. http://www.theses.fr/2011LYO22020/document.
Testo completoIn our dissertation, we question the impact of both international terrorism and security measures on the behavior of the users of the global air transportation network. Using an econometric model, we analyze a new database, AirNetTerror, which contains data on all international passenger flows toward the U.S. from 1990 to 2006 as well as the events of international terrorism by country for the same period. The relevance of our research is twofold. On the one hand, our investigation regarding air travelers’ behavior and their possibilities of modifying their itinerary in light of international terrorism has – so far as we know – never been studied. On the other hand, as we analyze passenger flows from the perspective of the network, we propose a dynamic representation of the impact of travelers’ behavior changes related to terrorist threats and security measures. In particular, taking into account the interdependent security that rules the global air transport network, allows us to question the existence of failures in security measures. Our results underline a significant impact of both international terrorist events and security measures. Furthermore, we locally observe itinerary modifications of travelers that are linked to the previous phenomena. Thus, the combined effect of terrorist threats and security measures seems to lead to equilibrium breaks – that are limited but real – in passenger flows of the global air network. Our thesis offers a different representation of the impact of international terrorism on air transport by placing the traveler’s behavior at the center of the strategic interactions between security actors and terrorists
Varet, Antoine. "Conception, mise en oeuvre et évaluation d'un routeur embarqué pour l'avionique de nouvelle génération". Phd thesis, INSA de Toulouse, 2013. http://tel.archives-ouvertes.fr/tel-00932283.
Testo completoGrandemange, Quentin. "Contribution à la modélisation et à la détection d'anomalies du traffic Internet à partir de mesures d'un coeur de réseau opérateur". Electronic Thesis or Diss., Université de Lorraine, 2018. http://www.theses.fr/2018LORR0061.
Testo completoInter-domain routing statistics are not usually publicly available but with the partnership with Post Luxembourg, we deployed a network wide measurements of Internet traffic. Those statistics show clear daily and weekly pattern and several points of interest. From all the information gathered, two modelling approach were chosen: the first one from the time series domain and the second one from the machine learning approach. Both were tested on several dataset of autonomous systems and the second one, Gaussian Process, was kept for the next steps. The proposal of this study is the development of a software solution called ANODE, which is used at Post Luxembourg, allowing the analysis of backbone traffic: measurments, modelling, forecasting and anomaly detection
Aouini, Zied. "Traffic monitoring in home networks : from theory to practice". Thesis, La Rochelle, 2017. http://www.theses.fr/2017LAROS035/document.
Testo completoHome networks are facing a continuous evolution and are becoming more and more complex. Their complexity has evolved according to two interrelated dimensions. On the one hand, the home network topology (devices and connectivity technologies) tends to produce more complex configurations. On the other hand, the set of services accessed through the home network is growing in a tremendous fashion. Such context has made the home network management more challenging for both Internet Service Provider (ISP) and end-users. In this dissertation, we focus on the traffic dimension of the above described complexity. Our first contribution consists on proposing an architecture for traffic monitoring in home networks. We provide a comparative study of some existing open source tools. Then, we perform a testbed evaluation of the main software components implied in our architecture. Based on the experiments results, we discuss several deployment limits and possibilities. In our second contribution, we conduct a residential traffic and usages analysis based on real trace involving more than 34 000 customers. First, we present our data collection and processing methodology. Second, we present our findings with respect to the different layers of the TCP/IP protocol stack characteristics. Then, we perform a subjective analysis across 645 of residential customers. The results of both evaluations provide a complete synthesis of residential usage patterns and applications characteristics. In our third contribution, we propose a novel scheme for real-time residential traffic classification. Our scheme, which is based on a machine learning approach called C5.0, aims to fulfil the lacks identified in the literature. At this aim, our algorithm is evaluated using several traffic inputs. Then, we detail how we implemented a lightweight probe able to capture, track and identify finely applications running in the home network. This implementation allowed us to validate our designing principles upon realistic test conditions. The obtained results show clearly the efficiency and feasibility of our solution
Sun, Donglai. "Exploring QoS and security in wireless ad-hoc network". Thesis, Dijon, 2012. http://www.theses.fr/2012DIJOS063/document.
Testo completoWireless Ad-hoc Network is an emerging communication technology over the last decade. As this kind of network can be easily implemented without requiring fixed infrastructures, it is considered as one of the most important solutions for building distributed wireless systems. Obviously, the physical channel in wireless ad-hoc network significantly distinguishes itself from the other existing networks. For example, fluctuations caused by unstable wireless channel are more severe. From an ordinaryperspective, these characteristics are treated as disadvantages, and have to be eliminated in network design.Burgeoning technology called physical layer security represents a completely subversive attitude to these issues. Unique physical channel is exploited to provide additional security guarantee. However, new problems are also introduced into the system. Transmission rate of links with physical layer security is largely restricted due to the overhead used for secure mechanism. Network performance (e.g., throughput and delay) is accordingly affected. Thus, QoS turns out to be a major concern innetworks with physical layer security. In this research, the focus is on the problem of how to guarantee QoS and physicallayer security simultaneously in wireless ad-hoc networks. Since traditional solutions for QoS are always implemented in upper layers of the network structure, they can hardly provide full support to the new secure physical layer. Furthermore, as services without secure requirement still exist in the network, the coexistence of secure and regular physical layer has to be taken into consideration. These issues have set new demands of corresponding MAC layer scheduling protocols. Therefore, we summarizethe general characteristics of physical layer security technology, based on which SecDCF, a MAC layer scheduling framework is presented. An interface is also designed to enable the integration of different scheduling policies. Furthermore, diversifiedrequirements from different scenarios are studied, and scheduling policies are then derived to be applied with SecDCF.Corresponding numerical analysis and simulations are also carried out to evaluate our research. As a conclusion, it is illustrated in this dissertation that with elaborately designed MAC layer scheduling schemes, it is possible to exploit the rich physical layercharacteristics for achieving both security and QoS in wireless ad-hoc networks
Gawedzki, Ignacy. "Algorithmes distribués pour la sécurité et la qualité de service dans les réseaux ad hoc mobiles". Paris 11, 2008. http://www.theses.fr/2008PA112240.
Testo completoCurrently available routing protocols for ad hoc networks assume the total absence of malicious participants, although this assumption is seldom true in practical applications. In this work, we look for a way to augment proactive protocols so as to let nodes watch over the network in a distributed fashion and measure the threat represented by every node. The measurement is used to extract a quality of service metric used in turn by the routing protocol to avoid the most suspected nodes, according to all the implemented detection methods. We propose to detect data packet loss, be it intentional or not. The detection is performed by a verification of the principle of flow conservation, based on the exchange of packet counters between neighbors. A scalable method of diffusion of these values is also proposed. The actual checking is used to maintain a local degree of distrust which is diffused in all the network and recombined by the nodes into a global metric of distrust in each node. The application to the OLSR protocol is described and its performance evaluated by simulation. We show that the solution is efficient and that the impact of the control overhead on the medium capacity remains low. Finally, an experimental platform of OLSR with quality of service and security is presented, which is aimed at making our solutions work in an actual real setup in order to reveal any potential problem that may appear with the use of commercial off-the-shelf hardware
Jacquemart, Quentin. "Déceler les attaques par détournement BGP". Electronic Thesis or Diss., Paris, ENST, 2015. http://www.theses.fr/2015ENST0063.
Testo completoThe Internet is composed of tens of thousands Autonomous Systems (ASes) that exchange routing information using the Border Gateway Protocol (BGP). Consequently, every AS implicitly trusts every other ASes to provide accurate routing information. Prefix hijacking is an attack against the inter-domain routing infrastructure that abuses mutual trust in order to propagate fallacious routes. The current detection techniques pathologically raise a large number of alerts, mostly composed of false positives resulting from benign routing practices. In this Dissertation, we seek the root cause of routing events beyond reasonable doubts. First, we reduce the global number of alerts by analyzing false positive alerts, from which we extract constructs that reflect real-world standard routing practices. We then consider the security threat associated with these constructs in a prefix hijacking scenario. Second, we use a variety of auxiliary datasets that reflect distinct facets of the networks involved in a suspicious routing event in order to closely approximate the ground-truth, which is traditionally only known by the network owner. Specifically, we investigate Multiple Origin AS (MOAS) prefixes, and introduce a classification that we use to discard up to 80% of false positive. Then we show a real-world case where a MOAS coincided with spam and web scam traffic. We look at prefix overlaps, clarify their global use, and present a prototype that discards around 50% of false positive sub-MOAS alerts. Finally, we explore the IP blackspace, study the routing-level characteristics of those networks, find live IP addresses, and uncover a large amount of spam and scam activities
Bou, Diab Wafaa. "End-to-security of real-time services over beyond third generation networks". Versailles-St Quentin en Yvelines, 2010. http://www.theses.fr/2010VERS0011.
Testo completoSecurity presents a big challenge for transmitting real-time traffic over IP networks; the goal is to acquire the same security level offered by the standard telephony without affecting the performance and the quality of service. Securing real-time multimedia services over IP networks is a complex process; the security solutions must take into account the real-time constraints of voice and multimedia services and their mechanisms should address possible attacks and overhead associated with it. The need to provide certain level of Quality of Service (QoS) often results with weak security mechanisms. The problem of applying security mechanism for real-time sensitive applications is that security and efficiency are conflicting requirements and the security mechanisms may degrade the performance and the QoS of such applications. This is mainly because security mechanisms can be responsible for the increased latency and the packet loss; if latency is too high, it can be the most deteriorating constrain for the quality of the real-time multimedia communications. On the other hand, one of the major challenges for real-time applications over extgeneration mobile networks or the Beyond Third Generation Networks (B3G) is the seamless vertical handoff. Such latency and loss sensitive applications require fast and efficient handover control over various wireless technologies to realize service continuity and seamless mobility while preserving the security and the QoS. The aim of this thesis is to provide a robust security solution without compromising the QoS and the performance of the real-time multimedia applications. Because of the timecritical nature of multimedia applications and their low tolerance for disruption and packet loss, many security mechanisms implemented in data networks are not applicable to real-time services. We first investigate the different security mechanisms applying nowadays for protecting IP applications, and examine the various VPN security solutions presenting their advantages and drawbacks. Then, we analyze the mechanisms supporting real-time services and enabling to protect both the signaling and the media traffic, and compare the different
Borne, Sylvie. "Sécurisation et dimensionnement de réseaux multicouches : modèles et polyèdres". Phd thesis, Clermont-Ferrand 2, 2006. https://theses.hal.science/tel-00713851/document.
Testo completoBorne, Sylvie. "Sécurisation et dimensionnement de réseaux multicouches : modèles et polyèdres". Phd thesis, Université Blaise Pascal - Clermont-Ferrand II, 2006. http://tel.archives-ouvertes.fr/tel-00713851.
Testo completoHatahet, Sinan. "La Security in unstructured P2P networks". Compiègne, 2011. http://www.theses.fr/2011COMP1935.
Testo completoPeer-to-peer (p2p) networking technology has gained popularity as an efficient mechanism for users to obtain free services without the need for centralized servers. P2P networks offer several advantages such as scalability, fault tolerance, and performance. These properties have led to the proliferation of variety of applications. However, P2P raises some security concerns. Indeed, P2P networks are open systems that apply no restriction whatsoever on the joining process of users. As a result, malicious user scan actively join a P2P system and initiate attacks within the network. Moreover, in P2P networks topology information is exposed to the systems peers to allow cooperation between them. Attackers can leverage this information to compromise P2P networks. P2P security has received a lot of attention in research. A host of research has proposed a number of solutions to reinforce security in P2P networks. In this thesis, we primarily deal with worm propagation and traffic throttling in P2P networks. We present a detailed analysis of the problem while highlighting special features and issues inherent to P2P computing. Then, we review existing security solutions in the literature and analyze their advantages and shortcomings. Next, we identify security vulnerabilities in BitTorrent that can be exploited by active worms. The latter could then propagate much faster than other worms. Then, we propose a worm detection and containment system in BitTorrent that detects active worm propagation. Our analysis shows that our solution can stop worm attacks before 1. 1 percent of the vulnerable hosts are infected. We also present a simulator that we developed to further analyze and study our proposed solutions. Finally, we provide a novel approach to detect BitTorrent illegal download of copyright protected files. Our analyses show that in worst case scenarios, our solution could reduce the download success rate of copyright protected contents to 49 percent
Zeng, Xuan. "Vers une mobilité transparente dans le réseau ICN : connectivité, sécurité, et fiabilité". Electronic Thesis or Diss., Sorbonne université, 2018. http://www.theses.fr/2018SORUS046.
Testo completoWith the proliferation of mobile devices, mobility becomes a requirement and a compelling feature for 5G. However, despite tremendous efforts in the last 2 decades to enable mobility in IP network, the solutions are mostly anchor-based and inefficient. In this context, Information-Centric networking (ICN) is proposed. While ICN has some native support of mobility, other architectural challenges remain unsolved to achieve seamless mobility. The thesis explores 3 main challenges of such and contributes novel solutions. First, to solve producer mobility, MapMe, a micro mobility management protocol supporting latency sensitive traffic is proposed. MAP-Me is anchorless and preserves key ICN benefits. Simulation results show that MAP-Me outperforms existing work in user performance while retaining low network overheads in various network conditions. Second, we investigate security in producer mobility. We focus on prefix hijacking attack, which is a basis of several attacks. To prevent prefix hijacking, we propose a light-weight and distributed prefix attestation protocol based on hash-chaining. First results show significant improvement in verification overhead. It is resistant to replay-based prefix hijacking. Finally, additional transport-layer mechanisms are needed in mobile ICN. To this aim, we investigate alleviating the adverse effect of wireless/mobility loss on congestion control. We propose WLDR and MLDR for in-network loss detection and recovery to facilitate congestion control. Simulation results show a significant reduction in flow completion time (up to 20%)
Grandemange, Quentin. "Contribution à la modélisation et à la détection d'anomalies du traffic Internet à partir de mesures d'un coeur de réseau opérateur". Thesis, Université de Lorraine, 2018. http://www.theses.fr/2018LORR0061/document.
Testo completoInter-domain routing statistics are not usually publicly available but with the partnership with Post Luxembourg, we deployed a network wide measurements of Internet traffic. Those statistics show clear daily and weekly pattern and several points of interest. From all the information gathered, two modelling approach were chosen: the first one from the time series domain and the second one from the machine learning approach. Both were tested on several dataset of autonomous systems and the second one, Gaussian Process, was kept for the next steps. The proposal of this study is the development of a software solution called ANODE, which is used at Post Luxembourg, allowing the analysis of backbone traffic: measurments, modelling, forecasting and anomaly detection
Challal, Yacine. "Sécurité dans les communications de groupe". Compiègne, 2005. http://www.theses.fr/2005COMP1561.
Testo completoThe advantages of IP multicast in multi-party communications, such as saving bandwidth, simplicity and efficiency, are very interesting for new services combining voire, video and text over Internet. This urges the effective large scale deployment of multicasting to satisfy the increasing demand for multicasting from both Internet Service Providers (ISPs) and Content Distributors. Unfortunately, the strengths of IP multicast are also its security weaknesses. Indeed, the open and anonymous membership and the distributed nature of multicasting are serious threats to the security of this communication mode!. Much effort has been conducted to address the many issues relating to securing multicast data transmission, such as: access control, confidentiality, authentication and watermarking. Ln this thesis we deal with the two keystone security issues of any secure multicast architecture: data origin authentication and confidentiality. For each theme, we present a detailed analysis of the problem while highlighting special features and issues inherent to the multicast nature. Then, we review existing solutions in the literature and analyze their advantages and shortcomings. Finally, we provide our own original proposaIs, depicting their advantages over the previous solutions
Mayzaud, Anthéa. "Monitoring and Security for the RPL-based Internet of Things". Electronic Thesis or Diss., Université de Lorraine, 2016. http://www.theses.fr/2016LORR0207.
Testo completoThe growing interest for the Internet of Things (IoT) has resulted in the large scale deployment of Low power and Lossy Networks (LLN). These networks are strongly constrained in terms of resources and communicate using unstable links. In this context, existing routing protocols for traditional networks do not cope with all these constraints. The IETF has proposed a new routing protocol called RPL based on IPv6 and specifically designed for these environments. The RPL protocol is however exposed to a large variety of attacks. The deployment of security mechanisms may also be quite expensive for the nodes. Therefore, LLN networks present new challenges in terms of monitoring and security. In this thesis we propose to investigate a security-oriented monitoring approach for addressing the trade-off between security and cost in the IoT. In a first stage, we assess security threats faced by these networks by identifying and classifying attacks through a dedicated taxonomy. We also quantify the consequences of two major attacks called DAG inconsistency attacks and version number attacks causing over-consumption of node resources. We then focus our work on security solutions for RPL-based IoT. We propose a local strategy for addressing DAG inconsistency attacks. In order to detect complex attacks such as version number attacks and to complement our node-level approach, we design a security-oriented distributed monitoring architecture for RPL networks. This solution allows us to preserve constrained nodes energy by performing monitoring and detection activities on dedicated nodes. We quantify the performance and the cost of this architecture and the deployed detection modules
Shbair, Wazen M. "Service-Level Monitoring of HTTPS Traffic". Electronic Thesis or Diss., Université de Lorraine, 2017. http://www.theses.fr/2017LORR0029.
Testo completoIn this thesis, we provide a privacy preserving for monitoring HTTPS services. First, we first investigate a recent technique for HTTPS services monitoring that is based on the Server Name Indication (SNI) field of the TLS handshake. We show that this method has many weakness, which can be used to cheat monitoring solutions.To mitigate this issue, we propose a novel DNS-based approach to validate the claimed value of SNI. The evaluation show the ability to overcome the shortage. Second, we propose a robust framework to identify the accessed HTTPS services from a traffic dump, without relying neither on a header field nor on the payload content. Our evaluation based on real traffic shows that we can identify encrypted HTTPS services with high accuracy. Third, we have improved our framework to monitor HTTPS services in real-time. By extracting statistical features over the TLS handshake packets and a few application data packets, we can identify HTTPS services very early in the session. The obtained results and a prototype implementation show that our method offers good identification accuracy, high HTTPS flow processing throughput, and a low overhead delay
Amblard, Zoé. "Cryptographie quantique et applications spatiales". Thesis, Limoges, 2016. http://www.theses.fr/2016LIMO0113.
Testo completoThis thesis in collaboration with Thales Alenia Space studies quantum cryptographic protocols for n parties in dimension d. We first analyze the family of Bell inequalities called homogeneous Bell inequalities introduces by François Arnault in [1] and we construct several theoretical tools for a better understanding of these inequalities. With these tools, we show how to implement the measurements required to test these inequalities by using optical devices calleds multiport beamsplitters and described by Zukowski et al. in [2]. We use these devices to construct new cryptographic protocols in dimension d called hdDEB which we describe in [3]. Then, we study advantages and drawbacks of the use of quantum cryptography to protect satellite links in a noisy environment. We consider several scenarios with LEO satellites and, for each of them, we conclude about the interest of using Quantum Key Distribution protocols
Kondratyeva, Olga. "Timed FSM strategy for optimizing web service compositions w.r.t. the quality and safety issues". Electronic Thesis or Diss., Université Paris-Saclay (ComUE), 2015. http://www.theses.fr/2015SACLL004.
Testo completoService-oriented architecture (SOA) together with a family of Everything-as-a-Service (XaaS) concepts nowadays are used almost everywhere, and the proper organization of collaborative activities becomes an important challenge. With the goal of bringing to the end-user safe and reliable service with the guaranteed level of quality, issues of service compositions verification and validation become of high practical and theoretical interest. In the related works, numerous models and techniques are proposed, but mostly focused on functional and non-functional issues in isolation, while integration of these parameters within unified formal framework still remains a problem to be solved – and therefore became one of the core objectives of this thesis. In our work, we address the problems of web service composition verification and optimization with respect to functional, quality and safety properties of the composition. Finite state models are proven to be useful for testing and verification purposes as well as for service quality evaluation at each step of service development. Therefore, we propose to use the model of Finite State Machine with Timeouts (TFSM) for integrating functional service description with time-related quality and safety parameters, and derive the extension of the model in order to adequately inherit significant nondeterminism due to the lack of observability and control over third-party component services. For the purpose of component optimization in the composition, we propose a method for deriving the largest solution containing all allowed component service implementations, based on solving TFSM parallel equation. Further, techniques for extracting restricted solutions with required properties (minimized/maximized time parameters, deadlock- and livelock-safety, similarity to the initially given component, etc.) have been proposed. In cases when the specification of a composite service is provided as a set of functional requirements, possibly, augmented with quality requirements, we propose a technique to minimize this set with respect to the component under optimization. Application of the obtained results for more efficient candidate component services discovery and binding, alongside with extending the framework for more complex distributed modes of communications, are among the topics for the future work
Shbair, Wazen M. "Service-Level Monitoring of HTTPS Traffic". Thesis, Université de Lorraine, 2017. http://www.theses.fr/2017LORR0029/document.
Testo completoIn this thesis, we provide a privacy preserving for monitoring HTTPS services. First, we first investigate a recent technique for HTTPS services monitoring that is based on the Server Name Indication (SNI) field of the TLS handshake. We show that this method has many weakness, which can be used to cheat monitoring solutions.To mitigate this issue, we propose a novel DNS-based approach to validate the claimed value of SNI. The evaluation show the ability to overcome the shortage. Second, we propose a robust framework to identify the accessed HTTPS services from a traffic dump, without relying neither on a header field nor on the payload content. Our evaluation based on real traffic shows that we can identify encrypted HTTPS services with high accuracy. Third, we have improved our framework to monitor HTTPS services in real-time. By extracting statistical features over the TLS handshake packets and a few application data packets, we can identify HTTPS services very early in the session. The obtained results and a prototype implementation show that our method offers good identification accuracy, high HTTPS flow processing throughput, and a low overhead delay
Rizk, Carl. "Contribution to the evaluation and optimization of passengers' screening at airports". Thesis, Toulouse, INPT, 2019. http://www.theses.fr/2019INPT0121.
Testo completoSecurity threats have emerged in the past decades as a more and more critical issue for Air Transportation which has been one of the main ressource for globalization of economy. Reinforced control measures based on pluridisciplinary research and new technologies have been implemented at airports as a reaction to different terrorist attacks. From the scientific perspective, the efficient screening of passengers at airports remain a challenge and the main objective of this thesis is to open new lines of research in this field by developing advanced approaches using the resources of Computer Science. First this thesis introduces the main concepts and definitions of airport security and gives an overview of the passenger terminal control systems and more specifically the screening inspection positions are identified and described. A logical model of the departure control system for passengers at an airport is proposed. This model is transcribed into a graphical view (Controlled Satisfiability Graph-CSG) which allows to test the screening system with different attack scenarios. Then a probabilistic approach for the evaluation of the control system of passenger flows at departure is developped leading to the introduction of Bayesian Colored Petri nets (BCPN). Finally an optimization approach is adopted to organize the flow of passengers at departure as best as possible given the probabilistic performance of the elements composing the control system. After the establishment of a global evaluation model based on an undifferentiated serial processing of passengers, is analyzed a two-stage control structure which highlights the interest of pre-filtering and organizing the passengers into separate groups. The conclusion of this study points out for the continuation of this theme
Azorin, Raphael. "Traffic representations for network measurements". Electronic Thesis or Diss., Sorbonne université, 2024. http://www.theses.fr/2024SORUS141.
Testo completoMeasurements are essential to operate and manage computer networks, as they are critical to analyze performance and establish diagnosis. In particular, per-flow monitoring consists in computing metrics that characterize the individual data streams traversing the network. To develop relevant traffic representations, operators need to select suitable flow characteristics and carefully relate their cost of extraction with their expressiveness for the downstream tasks considered. In this thesis, we propose novel methodologies to extract appropriate traffic representations. In particular, we posit that Machine Learning can enhance measurement systems, thanks to its ability to learn patterns from data, in order to provide predictions of pertinent traffic characteristics.The first contribution of this thesis is a framework for sketch-based measurements systems to exploit the skewed nature of network traffic. Specifically, we propose a novel data structure representation that leverages sketches' under-utilization, reducing per-flow measurements memory footprint by storing only relevant counters. The second contribution is a Machine Learning-assisted monitoring system that integrates a lightweight traffic classifier. In particular, we segregate large and small flows in the data plane, before processing them separately with dedicated data structures for various use cases. The last contributions address the design of a unified Deep Learning measurement pipeline that extracts rich representations from traffic data for network analysis. We first draw from recent advances in sequence modeling to learn representations from both numerical and categorical traffic data. These representations serve as input to solve complex networking tasks such as clickstream identification and mobile terminal movement prediction in WLAN. Finally, we present an empirical study of task affinity to assess when two tasks would benefit from being learned together
Dacier, Marc. "Vers une évaluation quantitative de la sécurité informatique". Phd thesis, Institut National Polytechnique de Toulouse - INPT, 1994. http://tel.archives-ouvertes.fr/tel-00012022.
Testo completoLes modèles formels développés pour l'étude de la sécurité informatique, n'offrent pas le cadre mathématique désiré. L'auteur montre qu'ils adoptent une hypothèse de pire cas sur le comportement des utilisateurs, incompatible avec une modélisation réaliste. Après avoir montré, sur la base du modèle take-grant, comment s'affranchir de cette hypothèse, l'auteur définit un nouveau modèle, le graphe des privilèges, plus efficace pour gérer certains problèmes de protection. Il illustre son utilisation dans le cadre des systèmes Unix.
Enfin, l'auteur propose d'évaluer la sécurité en calculant le temps et l'effort nécessaires à un intrus pour violer les objectifs de protection. Il montre comment définir un cadre mathématique apte à représenter le système pour obtenir de telles mesures. Pour cela, le graphe des privilèges est transformé en un réseau de Petri stochastique et son graphe des marquages est dérivé. Les mesures sont calculées sur cette dernière structure et leurs propriétés mathématiques sont démontrées. L'auteur illustre l'utilité du modèle par quelques résultats issus d'un prototype développé afin d'étudier la sécurité opérationnelle d'un système Unix.
Sambra, Andrei Vlad. "Data ownership and interoperability for a decentralized social semantic web". Electronic Thesis or Diss., Evry, Institut national des télécommunications, 2013. http://www.theses.fr/2013TELE0027.
Testo completoEnsuring personal data ownership and interoperability for decentralized social Web applications is currently a debated topic, especially when taking into consideration the aspects of privacy and access control. Since the user's data are such an important asset of the current business models for most social Websites, companies have no incentive to share data among each other or to offer users real ownership of their own data in terms of control and transparency of data usage. We have concluded therefore that it is important to improve the social Web in such a way that it allows for viable business models while still being able to provide increased data ownership and data interoperability compared to the current situation. To this regard, we have focused our research on three different topics: identity, authentication and access control. First, we tackle the subject of decentralized identity by proposing a new Web standard called "Web Identity and Discovery" (WebID), which offers a simple and universal identification mechanism that is distributed and openly extensible. Next, we move to the topic of authentication where we propose WebID-TLS, a decentralized authentication protocol that enables secure, efficient and user friendly authentication on the Web by allowing people to login using client certificates and without relying on Certification Authorities. We also extend the WebID-TLS protocol, offering delegated authentication and access delegation. Finally we present our last contribution, the Social Access Control Service, which serves to protect the privacy of Linked Data resources generated by users (e.g. pro le data, wall posts, conversations, etc.) by applying two social metrics: the "social proximity distance" and "social contexts"
Lourme, Olivier. "Détection d'intrusions réaliste dans les maisons connectées à l'aide d'indicateurs physiques volatiles". Electronic Thesis or Diss., Université de Lille (2022-....), 2023. http://www.theses.fr/2023ULILB024.
Testo completoWithin the Internet of Things, the smart home sector is booming. For a few tens of euros, everyone can be equipped with smart-home automation solutions that can be controlled remotely. However, these ecosystems are vulnerable to various attacks due to A) an essentially cost-driven design, generating constrained devices with too few resources for viable security implementations, B) the use by these devices of multiple wireless communication protocols, dispersing security efforts, and C) the management of these devices by non-expert consumers, following a “setup and forget” policy.Unlike traditional IT where protection solutions are widespread, we note the absence of an equivalent commercial proposal in smart-home environments. In this thesis, we question the conditions for a large-scale adoption of security solutions such as Intrusion Detection Systems (IDS), aiming at protecting constrained devices already deployed. Thus, a first contribution identifies the characteristics of smart homes to cross them with IDS taxonomies, in order to propose the qualitative criteria of a realistic domestic security solution.Subsequently, in order to facilitate the design of IDS, a second contribution provides the scientific community with a Zigbee dataset, participating to the availability of tools covering the main protocols found in smart homes. All the frames exchanged by 10 devices during 10 days were captured by 4 probes distributed in a test house. Attacks have been introduced in order to establish and compare different detection strategies. In addition to MAC layer data redundancy, the dataset derives its originality from the extraction by each probe of the RSSI (Received Signal Strength Indicator) of each frame. This physical layer feature, accessible easily in most wireless technologies, allows to participate to the identification of fixed nodes. Later, one can imagine identifying each device more robustly by a physical layer fingerprint made of a tuple of several RSSIs, a complex combination to imitate by an attacker.Finally, in a third contribution, we exploit the dataset to propose several IDSs detecting spoofing attacks, favored by the fact that several protocol stacks integrate little or no authentication on their MAC layer. To detect them, the consistency of the MAC layer identifier and the previous RSSI-based fingerprint can be considered, but this is no longer possible when the environments are constantly redrawn by the evolving inhabitants, as the RSSI becomes volatile. By providing RSSI time series as input to an unsupervised learning algorithm, we establish for each (device, probe) pair a model of normal RSSI sequences. Deviations from this model help detect an attack. The obtained detection metrics, which are very interesting given the low complexity of the initial considered architecture, as well as the evaluations of the autonomy and cost of the solution, suggest the spread of such systems in smart homes
Becker, Sheila. "Conceptual Approaches for Securing Networks and Systems". Electronic Thesis or Diss., Université de Lorraine, 2012. http://www.theses.fr/2012LORR0228.
Testo completoPeer-to-peer real-time communication and media streaming applications optimize their performance by using application-level topology estimation services such as virtual coordinate systems. Virtual coordinate systems allow nodes in a peer-to-peer network to accurately predict latency between arbitrary nodes without the need of performing extensive measurements. However, systems that leverage virtual coordinates as supporting building blocks, are prone to attacks conducted by compromised nodes that aim at disrupting, eavesdropping, or mangling with the underlying communications. Recent research proposed techniques to mitigate basic attacks (inflation, deflation, oscillation) considering a single attack strategy model where attackers perform only one type of attack. In this work, we define and use a game theory framework in order to identify the best attack and defense strategies assuming that the attacker is aware of the defense mechanisms. Our approach leverages concepts derived from the Nash equilibrium to model more powerful adversaries. We apply the game theory framework to demonstrate the impact and efficiency of these attack and defense strategies using a well-known virtual coordinate system and real-life Internet data sets. Thereafter, we explore supervised machine learning techniques to mitigate more subtle yet highly effective attacks (frog-boiling, network-partition) that are able to bypass existing defenses. We evaluate our techniques on the Vivaldi system against a more complex attack strategy model, where attackers perform sequences of all known attacks against virtual coordinate systems, using both simulations and Internet deployments
Ould, yahia Youcef. "Proposition d’un modèle de sécurité pour la protection de données personnelles dans les systèmes basés sur l’internet des objets". Electronic Thesis or Diss., Paris, CNAM, 2019. http://www.theses.fr/2019CNAM1242.
Testo completoInternet of Things (IoT) and IT service outsourcing technologies have led to the emergence of new threats to users' privacy. However, the implementation of traditional security measures on IoT equipment is a first challenge due to capacity limitations. On the other hand, the offloading of data processing and storage poses the problem of trust in service providers.In this context, we have proposed an encryption solution that provides owner-centric data protection adapted to the constraining environment of IoT. This model is based on attribute-based encryption with secure offloading capability and Blockchain technology. Then, in response to the issue of trust and service selection, we explored the possibilities offered by artificial intelligence tools. To do this, we proposed a collaborative filtering model based on Kohonen maps and efficient solution to detect the untrusted users
Mayzaud, Anthéa. "Monitoring and Security for the RPL-based Internet of Things". Thesis, Université de Lorraine, 2016. http://www.theses.fr/2016LORR0207/document.
Testo completoThe growing interest for the Internet of Things (IoT) has resulted in the large scale deployment of Low power and Lossy Networks (LLN). These networks are strongly constrained in terms of resources and communicate using unstable links. In this context, existing routing protocols for traditional networks do not cope with all these constraints. The IETF has proposed a new routing protocol called RPL based on IPv6 and specifically designed for these environments. The RPL protocol is however exposed to a large variety of attacks. The deployment of security mechanisms may also be quite expensive for the nodes. Therefore, LLN networks present new challenges in terms of monitoring and security. In this thesis we propose to investigate a security-oriented monitoring approach for addressing the trade-off between security and cost in the IoT. In a first stage, we assess security threats faced by these networks by identifying and classifying attacks through a dedicated taxonomy. We also quantify the consequences of two major attacks called DAG inconsistency attacks and version number attacks causing over-consumption of node resources. We then focus our work on security solutions for RPL-based IoT. We propose a local strategy for addressing DAG inconsistency attacks. In order to detect complex attacks such as version number attacks and to complement our node-level approach, we design a security-oriented distributed monitoring architecture for RPL networks. This solution allows us to preserve constrained nodes energy by performing monitoring and detection activities on dedicated nodes. We quantify the performance and the cost of this architecture and the deployed detection modules
Zeng, Xuan. "Vers une mobilité transparente dans le réseau ICN : connectivité, sécurité, et fiabilité". Thesis, Sorbonne université, 2018. http://www.theses.fr/2018SORUS046/document.
Testo completoWith the proliferation of mobile devices, mobility becomes a requirement and a compelling feature for 5G. However, despite tremendous efforts in the last 2 decades to enable mobility in IP network, the solutions are mostly anchor-based and inefficient. In this context, Information-Centric networking (ICN) is proposed. While ICN has some native support of mobility, other architectural challenges remain unsolved to achieve seamless mobility. The thesis explores 3 main challenges of such and contributes novel solutions. First, to solve producer mobility, MapMe, a micro mobility management protocol supporting latency sensitive traffic is proposed. MAP-Me is anchorless and preserves key ICN benefits. Simulation results show that MAP-Me outperforms existing work in user performance while retaining low network overheads in various network conditions. Second, we investigate security in producer mobility. We focus on prefix hijacking attack, which is a basis of several attacks. To prevent prefix hijacking, we propose a light-weight and distributed prefix attestation protocol based on hash-chaining. First results show significant improvement in verification overhead. It is resistant to replay-based prefix hijacking. Finally, additional transport-layer mechanisms are needed in mobile ICN. To this aim, we investigate alleviating the adverse effect of wireless/mobility loss on congestion control. We propose WLDR and MLDR for in-network loss detection and recovery to facilitate congestion control. Simulation results show a significant reduction in flow completion time (up to 20%)