XSS-FP: Browser Fingerprinting using HTML Parser Quirks

There are many scenarios in which inferring the type of a client browser is desirable, for instance to fight against session stealing. This is known as browser fingerprinting. This paper presents and evaluates a novel fingerprinting technique to determine the exact nature (browser type and version, eg Firefox 15) of a web-browser, exploiting HTML parser quirks exercised through XSS. Our experiments show that the exact version of a web browser can be determined with 71% of accuracy, and that only 6 tests are sufficient to quickly determine the exact family a web browser belongs to

Discordance in cathepsin B and cystatin C expressions in bronchoalveolar fluids between murine bleomycin-induced fibrosis and human idiopathic fibrosis

International audienceAbstractThe activity of cysteine cathepsin B increased markedly in lung homogenates and in bronchoalveolar lavage fluids (BALF) of the mouse model of bleomycin-induced lung fibrosis after 14 days of challenge. In contrast the level of the cysteine cathepsin inhibitor cystatin C was unaffected in BALF of wild-type and cathepsin B-deficient mice. Therefore, murine cystatin C is not a reliable marker of fibrosis during bleomycin-induced lung fibrosis. Current data are in sharp contrast to previous analysis carried on human BALF from patients with idiopathic pulmonary fibrosis, for which the level of cathepsin B remained unchanged while cystatin C was significantly increased

A training-resistant anomaly detection system

Modern network intrusion detection systems rely on machine learning techniques to detect traffic anomalies and thus intruders. However, the ability to learn the network behaviour in real-time comes at a cost: malicious software can interfere with the learning process, and teach the intrusion detection system to accept dangerous traffic. This paper presents an intrusion detection system (IDS) that is able to detect common network attacks including but not limited to, denial-of-service, bot nets, intrusions, and network scans. With the help of the proposed example IDS, we show to what extent the training attack (and more sophisticated variants of it) has an impact on machine learning based detection schemes, and how it can be detected. © 2018 Elsevier Lt

La sécurité inter-domaines à l'aide de l'analyseur de sécurité

National audienceLa sécurité des réseaux est un problème souvent négligé car les solutions aujourd'hui proposées imposent soit des contraintes importantes aux utilisateurs, soit des modifications au niveau applicatif. L'analyseur de sécurité, par sa vision optimiste du problème, permet de sécuriser un réseau sans pour autant modifier les applications en présence ni les pénaliser dans leur exécution. Il est en cela mieux accepté par les utilisateurs

Detecting masquerades with principal component analysis based on cross frequency weights

International audienceIn this paper, several cross frequency weights are used for extracting attributes of audit events. Principal Component Analysis (PCA) are then employed to discover the interrelationships and dependencies among features in a large number of variables and also to reduce the high dimensionality of these variables. Command data are used in the experiments for masquerade detection and the results demonstrate the effectiveness and efficiency of the method

Navigateurs & Sécurité

International audienceLes attaquants font de plus en plus usage de langages dyna- miques pour initier leurs attaques. Dans le cadre d'attaques de type "point d'eau" où un lien vers site web piégé est envoyé à une victime, ou lorsqu'une application web est compromise pour y héberger un "ex- ploit kit", les attaquants emploient souvent du code JavaScript fortement obfusqué. Ces codes sont rendus adhérents au navigateur par diverses techniques a n d'en bloquer l'exécution au sein de sandbox anti-virales. Notre présentation s'attachera à expliquer brièvement l'origine de ces techniques, et comment transformer un navigateur web "du commerce" en sandbox d'analyse JavaScript capable de déjouer certaines de ces ob- fuscations et de faciliter notre travail d'analyse

Intrusion detection using principal component analysis

International audienceIntrusion detection using principal component analysi

Intrusion detection using principal component analysis

International audienceIntrusion detection using principal component analysi

Efficient Detection of DDoS Attacks with Important Attributes

International audienceDDoS attacks are major threats in current computer networks. However, DDoS attacks are difficult to be quickly detected. In this paper, we introduce a system that only extracts several important attributes from network traffic for DDoS attack detection in real computer networks. We collect a large set of DDoS attack traffic by implementing various DDoS attacks as well as normal data during normal usage. Information Gain and Chi-square methods are used to rank the importance of 41 attributes extracted from the network traffic with our programs. Bayesian networks as well as C4.5 are then employed to detect attacks as well as to determine what size of attributes is appropriate for fast detection. Empirical results show that only using the most important 9 attributes, the detection accuracy remains the same or even has some improvements compared with that of using all the 41 attributes based on Bayesian Networks and C4.5 methods. Only using several attributes also improves the efficiency in terms of attributes constructing, models training as well as intrusion detection

Fonction de réaction

International audienceFonction de réactio