BLAISE Agathe
Supervision : Stefano SECCI
Co-supervision : BOUET Mathieu, CONAN Vania
Novel anomaly detection and classification algorithms for IP and mobile networks
The nature of anomalies detected in network traffic data is quite diverse. Anomalies range from outages (including equipment malfunctions and outages from cloud and mobile network operators) and operational events (including updates and ingress shifts), to unusual end-users behaviors (including flash crowds and point to multi-point communications) and malicious ones (including denial of service attacks and malicious scans).
Therefore, we rather look at different granularity levels and range of features to take into account each anomaly type's peculiarities. For example, Denial-of-Service (DoS) events may be detected by looking at per-flow volume anomalies, rather than to per-packet attributes. Network and port scanning may be detected at the flow-level (or even at the port-level), as each new port or combination of port and target IP generates a new flow. Finally, botnet detection may be performed at the flow-level and preferably at the host-level. The dissertation discusses several novel anomaly detection techniques in relation to important fields of networking in association with emerging technologies in it. We thus present such anomaly detection and classification techniques in three different contexts: the detection of vulnerabilities' exploitation on the Internet, intrusion detection in IP networks (at enterprise-level), and anomaly detection cellular networks. Our techniques are pragmatic, lightweight and fit to real networks.
On the same occasion, we develop methods that were not exploited before, by exploring novel points of view, as the analysis of the usage of port numbers, services and mobile applications.
Defence : 12/14/2020
Jury members :
FIORE Marco (IMDEA Networks) [Rapporteur]
STANICA Razvan (INSA Lyon, Inria) [Rapporteur]
SECCI Stefano (Conservatoire National des Arts et Métiers)
CONAN Vania (Thales)
BOUET Mathieu (Thales)
MAGNIEN Clémence (CNRS, Sorbonne Université)
HOTEIT Sahar (Université Paris Saclay, Centrale-Supélec)
CARNEIRO VIANA Aline (Inria Saclay)
NGUYEN Thi-Mai-Trang (LIP6, Sorbonne Université)
SCOTT-HAYWARD Sandra (Queen University Belfast)
2018-2022 Publications
-
2022
- A. Blaise, M. Bouet, V. Conan, S. Secci : “Group anomaly detection in mobile app usages: A spatiotemporal convex hull methodology”, Computer Networks, pp. 109277, (Elsevier) (2022)
-
2020
- A. Blaise : “Nouveaux algorithmes de détection d’anomalies et de classification dans les réseaux IP et mobiles”, thesis, phd defence 12/14/2020, supervision Secci, Stefano, co-supervision : Bouet, Mathieu, Conan, Vania (2020)
- A. Blaise, M. Bouet, V. Conan, S. Secci : “Detection of zero-day attacks: An unsupervised port-based approach”, Computer Networks, vol. 180, pp. 107391, (Elsevier) (2020)
- A. Blaise, M. Bouet, V. Conan, S. Secci : “Botnet Fingerprinting: a Frequency Distributions Scheme for Lightweight Bot Detection”, IEEE Transactions on Network and Service Management, vol. 17 (3), pp. 1701-1714, (IEEE) (2020)
- A. Blaise, S. Scott‑Hayward, S. Secci : “Scalable and Collaborative Intrusion Detection and Prevention Systems Based on SDN and NFV”, chapter in Guide to Disaster-Resilient Communication Networks, Computer Communications and Networks, pp. 653-673, (Springer) (2020)
- A. Blaise, M. Bouet, V. Conan, S. Secci : “BotFP: FingerPrints Clustering for Bot Detection”, IEEE/IFIP Network Operations and Management Symposium (NOMS), Budapest, Hungary, (IEEE) (2020)
-
2019
- A. Blaise, M. Bouet, S. Secci, V. Conan : “Split-and-Merge: Detecting Unknown Botnets”, 2019 IFIP/IEEE Symposium on Integrated Network and Service Management (IM), Arlington, United States, pp. 153-161, (IFIP) (2019)
-
2018
- A. Blaise, M. Bouet, V. Conan, S. Secci : “Désanonymisation du jeu de données MAWI”, MISC : multi-system & internet security cookbook, (Edition Diamond) (2018)