Thesis: Modélisation et identification de cyberattaques multi-étapes dans des ensembles d'évènements
PhD defense : Julio NAVARRO LARA
Title : Modélisation et identification de cyberattaques multi-étapes dans des ensembles d'évènements
Team : CSTB
Abstract: A cyberattack is considered as multi-step if it is composed of at least two distinct actions. The main goal of this thesis is to help the security analyst in the creation of detection models from a set of alternative multi-step attack cases. To meet this goal, we present four research contributions.
First of all, we have conducted the first systematic survey about multi-step attack detection. One of the conclusions of this survey is the lack of methods to confirm the hypotheses formulated by the security analyst during the investigation of past multi-step attacks.
This leads us to the second of our contributions, the Abstract Attack Scenario Graph or AASG. In an AASG, the alternative proposals about the fundamental steps in an attack are represented as branches to be evaluated on new incoming events.
For this evaluation, we propose two models, Morwilog and Bidimac, which perform detection and identification of correct hypotheses. The evaluation of the results by the analyst allows the evolution of the models.
Finally, we propose a model for the visual investigation of attack scenarios in non-processed events. This model, called SimSC, is based on IP address similarity, considering the temporal distance between the events.
The jury is composed of M. Latapy, senior researcher LIP6 CNRS (Reviewer), J. Garcia-Alfaro, Professor Telecom SudParis (Reviewer), V. Legrand, Professor CNAM, P. Parrend academic ECAM and A. Deruyver, associate professor University of Strasbourg (Thesis supervisor).
The defense take place on Thursday 14th March at 2:00pm in the 114 room of the Forum of the Faculty of Medicine (4 rue Kirschleger, Strasbourg).
Keywords: Cybersecurity, multi-step attack, event correlation, attack detection.
À la une
Offers are available in the Job opportunities section of the ICube website or by clicking on the...
Le 13 novembre, le CNRS a réuni les 26 start-up issues de ses laboratoires sous tutelle,...
L'équipe de l'Université de Strasbourg et la délégation Alsace du CNRS se sont brillamment...
Le vendredi 20 septembre a eu lieu la réunion de lancement du projet INTERREG 2PhaseEx, au...
Paris 27 aout 2024 – ARCHOS annonce que POLADERME, filiale du Startup studio Medtech du groupe...
La 11e journée du département de mécanique s'est tenue le 18 juin 2024. Lors de cette...
A l'occasion de la soirée de gala du 103ème congrès de l’association française des professionnels...
Le 32ème Congrès Français de Thermique de la Société française de thermique (SFT) organisé par le...
L'un des 3 Prix du meilleur poster de la 11èmes journées de la Fédération de Médecine...
La neurostimulation guidée par l’imagerie cérébrale pour traiter les patients atteints d’épilepsie...
L'un des 3 Prix du meilleur poster de la 11èmes journées de la Fédération de Médecine...
