Dans le cadre de notre séminaire « La Cybersécurité sur un plateau » (Cybersecurity on a Plate), nous aurons deux présentations le lundi 17 juin prochain. Le séminaire CoaP aura lieu à 10h dans le bâtiment IMT/TP/TSP, en salle 3.A213.

Si vous venez participer pour la première fois, n'hésitez pas à contacter les organisateurs pour ne pas être bloqué à l'entrée.

Arthur Tran Van (Télécom SudParis) - Mealy Verifier: An Automated, Exhaustive, and Explainable Methodology for Analyzing State Machines in Protocol Implementations

Many network protocol specifications are long and lack clarity, which paves the way to implementation errors. Such errors have led to vulnerabilities for secure protocols such as SSH and TLS. Active automata learning, a black-box method, is an efficient method to discover discrepancies between a specification and its implementation. It consists in extracting state machines by interacting with a network stack. It can be (and has been) combined with model checking to analyze the obtained state machines. Model checking is designed for exhibiting a single model violation instead of all model violations and thus leads to a limited understanding of implementation errors. As far as we are aware, there is only one specialized exhaustive method, leveraging DFA (Deterministic Finite Automaton) intersection, available for analyzing the outcomes of active automata learning applied to network protocols. We propose an alternative method, to improve the discovery of new bug and vulnerability patterns and enhance the exhaustiveness of model verification processes. In this presentation, we apply our method to two use cases: OPC UA, for which we present a full workflow from state machine inference to state machine analysis, and SSH, where we focus on the analysis of existing state machines.

Ces travaux seront présentés fin juillet à la conférence ARES.

Shurok Khozam (Télécom SudParis) - DDoS Mitigation while Preserving QoS: A Deep Reinforcement Learning-Based Approach

The deployment of 5G networks has significantly improved connectivity, providing remarkable speed and capacity. These networks rely on Software-Defined Networking (SDN) to enhance control and flexibility. However, this advancement poses critical challenges including expanded attack surface due to network virtualization and the risk of unauthorized access to critical infrastructure. Since traditional cybersecurity methods are inadequate in addressing the dynamic nature of modern cyber attacks, employing artificial intelligence (AI), and deep reinforcement learning (DRL) in particular, was investigated to enhance 5G networks security. This interest arises from the ability of these techniques to dynamically respond and adapt their defense strategies according to encountered situations and real-time threats. Our proposed mitigation system uses a DRL framework, enabling an intelligent agent to dynamically adjust its defense strategies against a range of DDoS attacks, exploiting ICMP, TCP SYN, and UDP, within an SDN environment designed to mirror real-life user behaviors. This approach aims to maintain the network’s performance while concurrently mitigating the impact of the real-time attacks, by providing adaptive and automated countermeasures according to the network’s situation.