Sommaire

  • Cet exposé a été présenté le 26 novembre 2021.

Description

  • Orateur

    David Lubicz (DGA-MI)

In this paper, a new approach for the detection of ransomware based on the runtime analysis of their behaviour is presented. The main idea is to get samples by using a mini-filter to intercept write requests, then decide if a sample corresponds to a benign or a malicious write request. To do so, in a learning phase, statistical models of structured file headers are built using Markov chains. Then in a detection phase, a maximum likelihood test is used to decide if a sample provided by a write request is normal or malicious. We introduce new statistical distances between two Markov chains, which are variants of the Kullback-Leibler divergence, which measure the efficiency of a maximum likelihood test to distinguish between two distributions given by Markov chains. This distance and extensive experiments are used to demonstrate the relevance of our method.

Infos pratiques

Prochains exposés

  • Hardware-Software Co-Designs for Microarchitectural Security

    • 11 décembre 2025 (11:00 - 12:00)

    • Inria Center of the University of Rennes - Room Petri/Turing

    Orateur : Lesly-Ann Daniel - EURECOM

    Microarchitectural optimizations, such as caches and speculative out-of-order execution, are essential for achieving high performance. However, these same mechanisms also open the door to attacks that can undermine software-enforced security policies. The current gold standard for defending against such attacks is the constant-time programming discipline, which prohibits secret-dependent control[…]

    • SoSysec

    • Hardware/software co-design

    • Micro-architectural vulnerabilities

  • Should I trust or should I go? A deep dive into the (not so reliable) web PKI trust model

    • 19 décembre 2025 (11:00 - 12:00)

    • Inria Center of the University of Rennes - Room Markov

    Orateur : Romain Laborde - University of Toulouse

    The padlock shown in the URL bar of our favorite web browser indicates that we are connected using a secure HTTPS connection and providing some sense of security. Unfortunately, the reality is slightly more complex. The trust model of the underlying Web PKI is invalid, making TLS a colossus with feet of clay. In this talk, we will dive into the trust model of the web PKI ecosystem to understand[…]

    • SoSysec

    • Protocols

    • Network

Voir les exposés passés
Haut de page