Towards Better Availability and Accountability for IoT Updates by means of a Blockchain

International audienceBuilding the Internet of Things requires deploying a huge number of devices with full or limited connectivity to the Internet. Given that these devices are exposed to attackers and generally not secured-by-design, it is essential to be able to update them, to patch their vulnerabilities and to prevent hackers from enrolling them into botnets. Ideally, the update infrastructure should implement the CIA triad properties, i.e., confidentiality, integrity and availability. In this work, we investigate how the use of a blockchain infrastructure can meet these requirements, with a focus on availability

Configuration of the detection function in a distributed IDS using game theory

International audienceWith the rise of the Internet-of-Things, networks are becoming abundant and diverse in nature. Classical solutions to defend such networks, such as firewalls or access control, cannot scale appropriately. The use of Intrusion Detection Systems, especially networked-based, is widespread as a means to compensate for these shortcomings. Yet, the resources to monitor each network individually, grows considerably with the number of networks and the number of different attacks. To solve this issue, we present a distributed network IDS composed of several probes that monitor the different networks. Each probe of the IDS has access to a large number of detection libraries for signature-based detection, as well as our own anomaly-based detection library. However using these detection mechanisms has a cost on each probe, the choice of network to monitor and of the libraries to use, is a complex one that depends on the attacker's strategies and the goals of the defender. To optimize the detection function at every step, this paper models the choices as a two-player nonzero-sum game between the attackers of the network and the IDS's configuration. There are several papers in the literature that use game theory to find optimal configurations of distributed IDS. Those works have been extended here and through a thorough analysis of our framework, we have established guidelines for IDSs

A Hybrid Threat Detection and Security Adaptation System for Industrial Wireless Sensor Networks

International audienceWireless Sensor Networks (WSNs) led the way to new forms of communications, which extend today the Internet paradigm to unforeseen boundaries. The legacy industry, however, is slower to adopt this technology, mainly for security reasons. Self-managed security systems allowing a quicker detection of and better resilience to attacks, may counterbalance this reluctance. We propose in this paper a hybrid threat detection and security adaptation system, designed to run on top of industrial WSNs. We explain why this system is suitable for architectures mainly composed of constrained or sleeping devices, while being able to achieve a fair level of autonomous security

Efficient network representation for GNN-based intrusion detection

International Conference on Applied Cryptography and Network Security (ACNS 2023)International audienceThe last decades have seen a growth in the number of cyber-attacks with severe economic and privacy damages, which reveals the need for network intrusion detection approaches to assist in preventing cyber-attacks and reducing their risks. In this work, we propose a novel network representation as a graph of flows that aims to provide relevant topological information for the intrusion detection task, such as malicious behavior patterns, the relation between phases of multi-step attacks, and the relation between spoofed and pre-spoofed attackers’ activities. In addition, we present a Graph Neural Network (GNN) based-framework responsible for exploiting the proposed graph structure to classify communication flows by assigning them a maliciousness score. The framework comprises three main steps that aim to embed nodes’ features and learn relevant attack patterns from the network representation. Finally, we highlight a potential data leakage issue with classical evaluation procedures and suggest a solution to ensure a reliable validation of intrusion detection systems’ performance. We implement the proposed framework and prove that exploiting the flow-based graph structure outperforms the classical machine learning-based and the previous GNN-based solutions

Energy efficiency in M2M networks : a cooperative key establishment system

International audienceSecurity requirements for the integration of emerging M2M networks in future internet of things are addressed. The heterogeneous nature of M2M devices raises new security challenges that existing proposals could not fulfill. Two entities may not be able to establish a secure end-to-end communication because of the technological gap between them and the resulting inconsistencies in their cryptographic primitives. This paper proposes a novel approach for establishing session keys for highly resource-constrained sensor nodes encountered in these M2M environments with an external server. The proposed system exploits collaboration between heterogeneous nodes by delegating heavy asymmetric cryptographic operations to a set of assisting nodes. A security analysis is conducted to verify that the proposed solution accomplishes safely and efficiently its objective

A Distributed Approach for Secure M2M Communications

Abstract—A key establishment solution for heterogeneous Machine to Machine (M2M) communications is proposed. Decentralization in M2M environment leads to situations where highly resource-constrained nodes have to establish end-to-end secured contexts with powerful remote servers, which would normally be impossible because of the technological gap between these classes of devices. This paper proposes a novel collaborative session key exchange method, wherein a highly resourceconstrained node obtains assistance from its more powerful neighbors when handling costly cryptographic operations. Formal security analysis and performance evaluation of this method are provided; they confirm the safety and efficiency of the proposed solution. M2M; key establishment; resource constraints; energy efficiency; formal security analysis; AVISPA I

A cascade-structured meta-specialists approach for neural network-based intrusion detection

International audienceAn ensemble learning approach for classification in intrusion detection is proposed. Its application to the KDD Cup 99 and NSL-KDD datasets consistently increases the classification accuracy compared to previous techniques. The cascade-structured meta-specialists architecture is based on a three-step optimization method: data augmentation, hyperparameters optimization and ensemble learning. Classifiers are first created with a strong specialization in each specific class. These specialists are then combined to form meta-specialists, more accurate than the best classifiers that compose them. Finally, meta-specialists are arranged in a cascading architecture where each classifier is successively given the opportunity to recognize its own class. This method is particularly useful for datasets where training and test sets differ greatly, as in this case. The cascade-structured meta-specialists approach achieved a very high classification accuracy (94.44% on KDD Cup 99 test set and 88.39% on NSL-KDD test set) with a low false positive rate (0.33% and 1.94% respectively)

Anomaly Detection in Vehicle-to-Infrastructure Communications

International audienceThis paper presents a neural network-based anomaly detection system for vehicular communications. The proposed system is able to detect in-vehicle data tampering in order to avoid the transmission of bogus or harmful information. We investigate the use of Long Short-term Memory (LSTM) and Multilayer Perceptron (MLP) neural networks to build two prediction models. For each model, an efficient architecture is designed based on appropriate hardware requirements. Then, a comparative performance analysis is provided to recommend the most efficient neural network model. Finally, a set of metrics are selected to show the accuracy of the proposed detection system under several types of security attacks

Unsupervised protocol-based intrusion detection for real-world networks

International audienceAnomaly-based Intrusion Detection Systems (IDSs) are rarely deployed in real networks, because of their high false positive rate. Their ability to detect unknown attacks is, however, very valuable in a context where new threats are emerging almost daily. This paper presents an unsupervised anomaly-based intrusion detection solution focused on protocol headers analysis. This approach is tested on a recent and realistic dataset (CICIDS2017) over a 4-day period. Each protocol is converted to a set of normalized numeric features, which are processed by 5 neural network architectures: deep autoencoders, deep MLPs, LSTMs, BiLSTMs, and GANs. The output of these algorithms is an anomaly score, which is normalized and combined with the anomaly scores of other protocols. We argue that this classification problem is very different from the actual problem of intrusion detection and requires new metrics. In particular, packet anomaly scores must be refined in a post-processing step to aggregate anomalies into continuous attacks. This approach successfully detects 7 out of 11 attacks not seen during the training phase, without any false positives. It is thus possible to consider deployments in real-world networks of such IDSs, capable of reliably detecting zero-day attacks

A survey of collaborative services and security-related issues in modern wireless Ad-Hoc communications

International audienceThe use of collaboration has recently started to spread to a wide range of services in modern wireless Ad-Hoc networks, for which it is offering valuable advantages in terms of optimization and resilience. However, allowing collaboration among wireless devices opens the way to a new class of threats that involve internal attackers. In this work, we provide an extensive analysis of the existing collaborative networking services in wireless networks and examine the new threats that are introduced by those collaborative mechanisms. From a study of the security measures proposed in the literature to counter these attacks, we identify two categories of countermeasures, namely security-by-design mechanisms and Trust Management Systems (TMSs). A specific discussion is devoted in this paper to the latter category, which offers the advantage of being more flexible. Aiming at further improving this flexibility by making the design of TMSs adapted to the advent of the Internet of Things, we propose a set of guidelines in order for these systems to fit the new requirements of modern wireless communications