Description
Network intrusion detection systems (NIDS) observe network traffic and aim to pinpoint intrusions, i.e. effective threats on the integrity, availability or confidentiality of services and data provided by this network. There are two types of NIDS:1) signature-based intrusion detection systems that identify known intrusions by referring to an existing knowledge base, and2) anomaly-based intrusion detection systems (AIDS) that detect intrusions based on deviations from a model of normal network traffic, usually learnt through machine learning techniques.While AIDS have the advantage to not necessitate the manual creation of signatures, deploying AIDS in networks is challenging in practice.First, collecting representative network data and properly labelling it is complex and costly. This data is also highly unbalanced, as attacks are rare events. Finally, a learned AIDS is likely to show a drop in detection rates due to differences between the training context and the inference context.This presentation will discuss the results of Nicolas Sourbier’s PhD thesis that has studied how genetic programming and Tangled Program Graphs (TPGs) machine learning can help overcoming the challenges of the network AIDS.
Prochains exposés
-
NEAT: A Nile-English Aligned Translation Corpus based on a Robust Methodology for Intent Based Networking and Security
Orateur : Pierre Alain - IUT de Lannion
The rise of Intent Based Networking (IBN) has paved the way for more efficient network and security management, reduced errors, and accelerated deployment times by leveraging AI processes capable of translating natural language intents into policies or configurations. Specialized neural networks could offer a promising solution at the core of translation operations. Still, they require dedicated,[…]-
SoSysec
-
Network
-
Security policies
-
-
Black-Box Collision Attacks on Widely Deployed Perceptual Hash Functions and Their Consequences
Orateur : Diane Leblanc-Albarel - KU Leuven
Perceptual hash functions identify multimedia content by mapping similar inputs to similar outputs. They are widely used for detecting copyright violations and illegal content but lack transparency, as their design details are typically kept secret. Governments are considering extending the application of these functions to Client-Side Scanning (CSS) for end-to-end encrypted services: multimedia[…]-
Cryptography
-
SoSysec
-
-
Malware Detection with AI Systems: bridging the gap between industry and academia
Orateur : Luca Demetrio - University of Genova
With the abundance of programs developed everyday, it is possible to develop next-generation antivirus programs that leverage this vast accumulated knowledge. In practice, these technologies are developed with a mixture of established techniques like pattern matching, and machine learning algorithms, both tailored to achieve high detection rate and low false alarms. While companies state the[…]-
SoSysec
-
Intrusion detection
-
Machine learning
-
-
CHERIoT RTOS: An OS for Fine-Grained Memory-Safe Compartments on Low-Cost Embedded Devices
Orateur : Hugo Lefeuvre - The University of British Columbia
Embedded systems do not benefit from strong memory protection, because they are designed to minimize cost. At the same time, there is increasing pressure to connect embedded devices to the internet, where their vulnerable nature makes them routinely subject to compromise. This fundamental tension leads to the current status-quo where exploitable devices put individuals and critical infrastructure[…]-
SoSysec
-
Compartmentalization
-
Operating system and virtualization
-
Hardware/software co-design
-
Hardware architecture
-