Skip to Main content Skip to Navigation
Theses

Security monitoring for network protocols and applications

Abstract : Computer security, also known as cyber-security or IT security, is always an emerging topic in computer science research. Because cyber attacks are growing in both volume and sophistication, protecting information systems or networks becomes a difficult task. Therefore, researchers in research community give an ongoing attention in security including two main directions: (i)-designing secured infrastructures with secured communication protocols and (ii)-monitoring/supervising the systems or networks in order to find and re-mediate vulnerabilities. The former assists the later by forming some additional monitoring-supporting modules. Whilst, the later verifies whether everything designed in the former is correctly and securely functioning as well as detecting security violations. This is the main topic of this thesis.This dissertation presents a security monitoring framework that takes into consideration different types of audit dataset including network traffic and application logs. We propose also some novel approaches based on supervised machine learning to pre-process and analyze the data input. Our framework is validated in a wide range of case studies including traditional TCP/IPv4 network monitoring (LAN, WAN, Internet monitoring), IoT/WSN using 6LoWPAN technology (IPv6), and other applications' logs. Last but not least, we provide a study regarding intrusion tolerance by design and propose an emulation-based approach to simultaneously detect and tolerate intrusion.In each case study, we describe how we collect the audit dataset, extract the relevant attributes, handle received data and decode their security meaning. For these goals, the tool Montimage Monitoring Tool (MMT) is used as the core of our approach. We assess also the solution's performance and its possibility to work in "larger scale" systems with more voluminous dataset
Complete list of metadatas

Cited literature [82 references]  Display  Hide  Download

https://tel.archives-ouvertes.fr/tel-01782396
Contributor : Abes Star :  Contact
Submitted on : Wednesday, May 2, 2018 - 1:01:47 AM
Last modification on : Wednesday, June 24, 2020 - 4:18:49 PM
Long-term archiving on: : Monday, September 24, 2018 - 8:33:09 PM

File

74443_LA_2016_archivage.pdf
Version validated by the jury (STAR)

Identifiers

  • HAL Id : tel-01782396, version 1

Citation

Vinh Hoa La. Security monitoring for network protocols and applications. Networking and Internet Architecture [cs.NI]. Université Paris-Saclay, 2016. English. ⟨NNT : 2016SACLL006⟩. ⟨tel-01782396⟩

Share

Metrics

Record views

774

Files downloads

1137