Skip to Main content Skip to Navigation
Habilitation à diriger des recherches

Audit et monitorage de la sécurité

Radu State 1, 2
2 MADYNES - Management of dynamic networks and services
INRIA Lorraine, LORIA - Laboratoire Lorrain de Recherche en Informatique et ses Applications
Abstract : This document describes my main research activities, performed over the pas few years. It starts with a summarized historical overview of my activities and continues with detailed content on a selection of topics. The document starts with syntax driven approaches for service and network fingerprinting scheme, showing how parse trees of captured messages are serving to learn distinctive features capable to perform fingerprinting. We consider next the case of unknown protocols and propose an unsupervised learning method based on support vector clustering - SCV. The follow-up part of the document considers the behavioral fingerprinting, based on the analysis of temporal and state machine induced feature. We introduce the TR-FSM, a tree structured parametrized finite state machine having time annotated edges. A TR-FSM represents a fingerprint for device/stack. Several such fingerprints are associated with a device. We propose a supervised learning method, where support vector machines do use kernel functions defined over the space of TR-FSMs. We validated our approach using SIP as a target protocol. We address also the security monitoring of VoIP and present new monitoring approaches for VoIP specific environments. We address next the the practical outcomes of our fuzzing approach. We summarize the fuzzing architecture and give an overview on some of the most surprising vulnerabilities that we have found. We present a short positioning of our work with respect to relevant ongoing international activities in the sixth chapter. The final chapter of this manuscript concludes and points out the future activities to be undertaken.
Document type :
Habilitation à diriger des recherches
Complete list of metadatas

Cited literature [161 references]  Display  Hide  Download

https://tel.archives-ouvertes.fr/tel-00442530
Contributor : Radu State <>
Submitted on : Monday, December 21, 2009 - 3:24:24 PM
Last modification on : Monday, September 23, 2019 - 5:12:19 PM
Long-term archiving on: : Thursday, June 17, 2010 - 7:52:37 PM

Identifiers

  • HAL Id : tel-00442530, version 1

Collections

Citation

Radu State. Audit et monitorage de la sécurité. Réseaux et télécommunications [cs.NI]. Université Henri Poincaré - Nancy I, 2009. ⟨tel-00442530⟩

Share

Metrics

Record views

568

Files downloads

1138