Search

Your search keyword '"Lagraa, Sofiane"' showing total 50 results
Start Over Author "Lagraa, Sofiane"
50 results on '"Lagraa, Sofiane"'

2. Event-Driven Interest Detection for Task-Oriented Mobile Apps

Author

Ota, Fernando Kaway Carvalho, Damoun, Farouk, Lagraa, Sofiane, Becerra-Sanchez, Patricia, Atten, Christophe, Hilger, Jean, State, Radu, Akan, Ozgur, Editorial Board Member, Bellavista, Paolo, Editorial Board Member, Cao, Jiannong, Editorial Board Member, Coulson, Geoffrey, Editorial Board Member, Dressler, Falko, Editorial Board Member, Ferrari, Domenico, Editorial Board Member, Gerla, Mario, Editorial Board Member, Kobayashi, Hisashi, Editorial Board Member, Palazzo, Sergio, Editorial Board Member, Sahni, Sartaj, Editorial Board Member, Shen, Xuemin (Sherman), Editorial Board Member, Stan, Mircea, Editorial Board Member, Jia, Xiaohua, Editorial Board Member, Zomaya, Albert Y., Editorial Board Member, Hara, Takahiro, editor, and Yamaguchi, Hirozumi, editor

Published
2022
Full Text
View/download PDF

3. Auto Semi-supervised Outlier Detection for Malicious Authentication Events

Author

Kaiafas, Georgios, Hammerschmidt, Christian, Lagraa, Sofiane, State, Radu, Barbosa, Simone Diniz Junqueira, Editorial Board Member, Filipe, Joaquim, Editorial Board Member, Ghosh, Ashish, Editorial Board Member, Kotenko, Igor, Editorial Board Member, Zhou, Lizhu, Editorial Board Member, Cellier, Peggy, editor, and Driessens, Kurt, editor

Published
2020
Full Text
View/download PDF

5. Comparison Issues in Large Graphs: State of the Art and Future Directions

Author

Seba, Hamida, Lagraa, Sofiane, and Ronando, Elsen

Subjects
Computer Science - Data Structures and Algorithms, Computer Science - Databases
Abstract

Graph comparison is fundamentally important for many applications such as the analysis of social networks and biological data and has been a significant research area in the pattern recognition and pattern analysis domains. Nowadays, the graphs are large, they may have billions of nodes and edges. Comparison issues in such huge graphs are a challenging research problem. In this paper, we survey the research advances of comparison problems in large graphs. We review graph comparison and pattern matching approaches that focus on large graphs. We categorize the existing approaches into three classes: partition-based approaches, search space based approaches and summary based approaches. All the existing algorithms in these approaches are described in detail and analyzed according to multiple metrics such as time complexity, type of graphs or comparison concept. Finally, we identify directions for future research.

Published
2015

6. HuMa: A Multi-layer Framework for Threat Analysis in a Heterogeneous Log Environment

Author

Navarro, Julio, Legrand, Véronique, Lagraa, Sofiane, François, Jérôme, Lahmadi, Abdelkader, De Santis, Giulia, Festor, Olivier, Lammari, Nadira, Hamdi, Fayçal, Deruyver, Aline, Goux, Quentin, Allard, Morgan, Parrend, Pierre, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Weikum, Gerhard, Series editor, Imine, Abdessamad, editor, Fernandez, José M., editor, Marion, Jean-Yves, editor, Logrippo, Luigi, editor, and Garcia-Alfaro, Joaquin, editor

Published
2018
Full Text
View/download PDF

9. HuMa: A Multi-layer Framework for Threat Analysis in a Heterogeneous Log Environment

Author

Navarro, Julio, primary, Legrand, Véronique, additional, Lagraa, Sofiane, additional, François, Jérôme, additional, Lahmadi, Abdelkader, additional, De Santis, Giulia, additional, Festor, Olivier, additional, Lammari, Nadira, additional, Hamdi, Fayçal, additional, Deruyver, Aline, additional, Goux, Quentin, additional, Allard, Morgan, additional, and Parrend, Pierre, additional

Published
2018
Full Text
View/download PDF

11. Web Service Matchmaking by Subgraph Matching

Author

Seba, Hamida, Lagraa, Sofiane, Kheddouci, Hamamache, van der Aalst, Wil, Series editor, Mylopoulos, John, Series editor, Rosemann, Michael, Series editor, Shaw, Michael J., Series editor, Szyperski, Clemens, Series editor, Filipe, Joaquim, editor, and Cordeiro, José, editor

Published
2012
Full Text
View/download PDF

14. Leveraging eBPF to preserve user privacy for DNS, DoT, and DoH queries

Author

Rivera, Sean, Gurbani, Vijay, Lagraa, Sofiane, Iannillo, Antonio Ken, State, Radu, Rivera, Sean, Gurbani, Vijay, Lagraa, Sofiane, Iannillo, Antonio Ken, and State, Radu

Abstract

The Domain Name System (DNS), a fundamental protocol that controls how users interact with the Internet, inadequately provides protection for user privacy. Recently, there have been advancements in the field of DNS privacy and security in the form of the DNS over TLS (DoT) and DNS over HTTPS (DoH) protocols. The advent of these protocols and recent advancements in large-scale data processing have drastically altered the threat model for DNS privacy. Users can no longer rely on traditional methods, and must instead take active steps to ensure their privacy. In this paper, we demonstrate how the extended Berkeley Packet Filter (eBPF) can assist users in maintaining their privacy by leveraging eBPF to provide privacy across standard DNS, DoH, and DoT communications. Further, we develop a method that allows users to enforce application-specific DNS servers. Our method provides users with control over their DNS network traffic and privacy without requiring changes to their applications while adding low overhead.

Published
2020

15. Intrusion detection on robot cameras using spatio-temporal autoencoders: A self-driving car application

Author

Amrouche, Faouzi, Lagraa, Sofiane, Frank, Raphaël, State, Radu, Amrouche, Faouzi, Lagraa, Sofiane, Frank, Raphaël, and State, Radu

Abstract

Robot Operating System (ROS) is becoming more and more important and is used widely by developers and researchers in various domains. One of the most important fields where it is being used is the self-driving cars industry. However, this framework is far from being totally secure, and the existing security breaches do not have robust solutions. In this paper we focus on the camera vulnerabilities, as it is often the most important source for the environment discovery and the decision-making process. We propose an unsupervised anomaly detection tool for detecting suspicious frames incoming from camera flows. Our solution is based on spatio-temporal autoencoders used to truthfully reconstruct the camera frames and detect abnormal ones by measuring the difference with the input. We test our approach on a real-word dataset, i.e. flows coming from embedded cameras of self-driving cars. Our solution outperforms the existing works on different scenarios.

Published
2020

16. Process mining-based approach for investigating malicious login events

Author

Lagraa, Sofiane, State, Radu, Lagraa, Sofiane, and State, Radu

Abstract

A large body of research has been accomplished on prevention and detection of malicious events, attacks, threats, or botnets. However, there is a lack of automatic and sophisticated methods for investigating malicious events/users, understanding the root cause of attacks, and discovering what is really hap- pening before an attack. In this paper, we propose an attack model discovery approach for investigating and mining malicious authentication events across user accounts. The approach is based on process mining techniques on event logs reaching attacks in order to extract the behavior of malicious users. The evaluation is performed on a publicly large dataset, where we extract models of the behavior of malicious users via authentication events. The results are useful for security experts in order to improve defense tools by making them robust and develop attack simulations.

Published
2020

17. Federated Learning For Cyber Security: SOC Collaboration For Malicious URL Detection

Author

Khramtsova, Ekaterina, Hammerschmidt, Christian, Lagraa, Sofiane, State, Radu, Khramtsova, Ekaterina, Hammerschmidt, Christian, Lagraa, Sofiane, and State, Radu

Abstract

Managed security service providers increasingly rely on machine-learning methods to exceed traditional, signature- based threat detection and classification methods. As machine- learning often improves with more data available, smaller orga- nizations and clients find themselves at a disadvantage: Without the ability to share their data and others willing to collaborate, their machine-learned threat detection will perform worse than the same model in a larger organization. We show that Feder- ated Learning, i.e. collaborative learning without data sharing, successfully helps to overcome this problem. Our experiments focus on a common task in cyber security, the detection of unwanted URLs in network traffic seen by security-as-a-service providers. Our experiments show that i) Smaller participants benefit from larger participants ii) Participants seeing different types of malicious traffic can generalize better to unseen types of attacks, increasing performance by 8% to 15% on average, and up to 27% in the extreme case. iii) Participating in Federated training never harms the performance of the locally trained model. In our experiment modeling a security-as-a service setting, Federated Learning increased detection up to 30% for some participants in the scheme. This clearly shows that Federated Learning is a viable approach to address issues of data sharing in common cyber security settings.

Published
2020
Full Text
View/download PDF

22. Une nouvelle approche pour la détection d’anomalies dans les flux de graphes hétérogènes

Author

Kiouche, Abd Errahmane, Amrouche, Karima, Seba, Hamida, and Lagraa, Sofiane

Subjects
Computer science [C05] [Engineering, computing & technology], streaming, graph, Sciences informatiques [C05] [Ingénierie, informatique & technologie], anomaly detection, MathematicsofComputing_DISCRETEMATHEMATICS
Abstract

In this work, we propose a new approach to detect anomalous graphs in a stream of di- rected and labeled heterogeneous graphs. Our approach uses a new representation of graphs by vectors. This representation is flexible and allows to update the graph vectors as soon as a new edge arrives. In addition, it is applicable to any type of graph and optimizes memory space. Moreover, it allows the detection of anomalies in real-time.

Published
2019

23. Auto-encoding Robot State against Sensor Spoofing Attacks

Author

ULSNT [research center], CONCORDIA GA 830927. [sponsor], Rivera, Sean, Lagraa, Sofiane, Iannillo, Antonio Ken, State, Radu, ULSNT [research center], CONCORDIA GA 830927. [sponsor], Rivera, Sean, Lagraa, Sofiane, Iannillo, Antonio Ken, and State, Radu

Abstract

In robotic systems, the physical world is highly coupled with cyberspace. New threats affect cyber-physical systems as they rely on several sensors to perform critical operations. The most sensitive targets are their location systems, where spoofing attacks can force robots to behave incorrectly. In this paper, we propose a novel anomaly detection approach for sensor spoofing attacks, based on an auto-encoder architecture. After initial training, the detection algorithm works directly on the compressed data by computing the reconstruction errors. We focus on spoofing attacks on Light Detection and Ranging (LiDAR) systems. We tested our anomaly detection approach against several types of spoofing attacks comparing four different compression rates for the auto-encoder. Our approach has a 99% True Positive rate and a 10% False Negative rate for the 83% compression rate. However, a compression rate of 41% could handle almost all of the same attacks while using half the data.

Published
2019
Full Text
View/download PDF

24. ROS-Defender: SDN-based Security Policy Enforcement for Robotic Applications

Author

Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Services and Data management research group (SEDAN) [research center], Rivera, Sean, Lagraa, Sofiane, State, Radu, Nita-Rotaru, Cristina, Becker, Sheila, Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Services and Data management research group (SEDAN) [research center], Rivera, Sean, Lagraa, Sofiane, State, Radu, Nita-Rotaru, Cristina, and Becker, Sheila

Abstract

—In this paper we propose ROS-Defender, a holistic approach to secure robotics systems, which integrates a Security Event Management System (SIEM), an intrusion prevention system (IPS) and a firewall for a robotic system. ROS-Defender combines anomaly detection systems at application (ROS) level and network level, with dynamic policy enforcement points using software defined networking (SDN) to provide protection against a large class of attacks. Although SIEMs, IPS, and firewall have been previously used to secure computer networks, ROSDefender is applying them for the specific use case of robotic systems, where security is in many cases an afterthought.

Published
2019

26. Real-time attack detection on robot cameras: A self-driving car application

Author

Lagraa, Sofiane, Cailac, Maxime, Rivera, Sean, Beck, Frédéric, State, Radu, Lagraa, Sofiane, Cailac, Maxime, Rivera, Sean, Beck, Frédéric, and State, Radu

Abstract

The Robot Operating System (ROS) are being deployed for multiple life critical activities such as self-driving cars, drones, and industries. However, the security has been persistently neglected, especially the image flows incoming from camera robots. In this paper, we perform a structured security assessment of robot cameras using ROS. We points out a relevant number of security flaws that can be used to take over the flows incoming from the robot cameras. Furthermore, we propose an intrusion detection system to detect abnormal flows. Our defense approach is based on images comparisons and unsupervised anomaly detection method. We experiment our approach on robot cameras embedded on a self-driving car.

Published
2019
Full Text
View/download PDF

27. ROSploit: Cybersecurity tool for ROS

Author

Rivera, Sean, Lagraa, Sofiane, State, Radu, Rivera, Sean, Lagraa, Sofiane, and State, Radu

Abstract

—Robotic Operating System(ROS) security research is currently in a preliminary state, with limited research in tools or models. Considering the trend of digitization of robotic systems, this lack of foundational knowledge increases the potential threat posed by security vulnerabilities in ROS. In this article, we present a new tool to assist further security research in ROS, ROSploit. ROSploit is a modular two-pronged offensive tool covering both reconnaissance and exploitation of ROS systems, designed to assist researchers in testing exploits for ROS.

Published
2019
Full Text
View/download PDF

29. Deep mining port scans from darknet

Author

NATO [sponsor], Bpifrance [sponsor], Region Grand Est [sponsor], Lagraa, Sofiane, Chen, Yutian, François, Jérôme, NATO [sponsor], Bpifrance [sponsor], Region Grand Est [sponsor], Lagraa, Sofiane, Chen, Yutian, and François, Jérôme

Abstract

TCP/UDP port scanning or sweeping is one of the most common technique used 3 by attackers to discover accessible and potentially vulnerable hosts and applications. Although extracting and distinguishing different port scanning strategies is a challenging task, the identification of dependencies among probed ports is primordial for profiling attacker behaviors, with a final goal of better mitigating them. In this paper, we propose an approach that allows to track port scanning behavior patterns among multiple probed ports and identify intrinsic properties of observed group of orts. Our method is fully automated based on graph modeling and data mining techniques, including text mining. It provides to security analysts and operators relevant information about services that are jointly targeted by attackers. This is helpful to assess the strategy of the attacker by understanding the types of applications or environment he or she targets. We applied our method to data collected through a large Internet telescope (or darknet).

Published
2019
Full Text
View/download PDF

31. OMMA: open architecture for Operator-guided Monitoring of Multi-step Attacks

Author

LAGRAA, Sofiane, FRANÇOIS, Jérôme, LAHMADI, Abdelkader, DE SANTIS, Giulia, FESTOR, Olivier, LAMMARI, Nadira, HAMDI, Fayçal, GOUX, Quentin, ALLARD, Morgan, NAVARRO, Julio, LEGRAND, Véronique, DERUYVER, Aline, PARREND, Pierre, Sécurité Défense, Research Team, Laboratoire des sciences de l'ingénieur, de l'informatique et de l'imagerie (ICube), École Nationale du Génie de l'Eau et de l'Environnement de Strasbourg (ENGEES)-Université de Strasbourg (UNISTRA)-Institut National des Sciences Appliquées - Strasbourg (INSA Strasbourg), Institut National des Sciences Appliquées (INSA)-Institut National des Sciences Appliquées (INSA)-Institut National de Recherche en Informatique et en Automatique (Inria)-Les Hôpitaux Universitaires de Strasbourg (HUS)-Centre National de la Recherche Scientifique (CNRS)-Matériaux et Nanosciences Grand-Est (MNGE), Université de Strasbourg (UNISTRA)-Université de Haute-Alsace (UHA) Mulhouse - Colmar (Université de Haute-Alsace (UHA))-Institut National de la Santé et de la Recherche Médicale (INSERM)-Institut de Chimie du CNRS (INC)-Centre National de la Recherche Scientifique (CNRS)-Université de Strasbourg (UNISTRA)-Université de Haute-Alsace (UHA) Mulhouse - Colmar (Université de Haute-Alsace (UHA))-Institut National de la Santé et de la Recherche Médicale (INSERM)-Institut de Chimie du CNRS (INC)-Centre National de la Recherche Scientifique (CNRS)-Réseau nanophotonique et optique, Université de Strasbourg (UNISTRA)-Université de Haute-Alsace (UHA) Mulhouse - Colmar (Université de Haute-Alsace (UHA))-Centre National de la Recherche Scientifique (CNRS)-Université de Strasbourg (UNISTRA)-Centre National de la Recherche Scientifique (CNRS), Centre d'études et de recherche en informatique et communications (CEDRIC), Ecole Nationale Supérieure d'Informatique pour l'Industrie et l'Entreprise (ENSIIE)-Conservatoire National des Arts et Métiers [CNAM] (CNAM), HESAM Université - Communauté d'universités et d'établissements Hautes écoles Sorbonne Arts et métiers université (HESAM)-HESAM Université - Communauté d'universités et d'établissements Hautes écoles Sorbonne Arts et métiers université (HESAM), Institut National des Sciences Appliquées - Strasbourg (INSA Strasbourg), Institut National des Sciences Appliquées (INSA)-Institut National des Sciences Appliquées (INSA)-Université de Strasbourg (UNISTRA)-Centre National de la Recherche Scientifique (CNRS)-École Nationale du Génie de l'Eau et de l'Environnement de Strasbourg (ENGEES)-Réseau nanophotonique et optique, Centre National de la Recherche Scientifique (CNRS)-Université de Strasbourg (UNISTRA)-Université de Haute-Alsace (UHA) Mulhouse - Colmar (Université de Haute-Alsace (UHA))-Centre National de la Recherche Scientifique (CNRS)-Université de Strasbourg (UNISTRA)-Université de Haute-Alsace (UHA) Mulhouse - Colmar (Université de Haute-Alsace (UHA))-Matériaux et nanosciences d'Alsace (FMNGE), Institut de Chimie du CNRS (INC)-Université de Strasbourg (UNISTRA)-Université de Haute-Alsace (UHA) Mulhouse - Colmar (Université de Haute-Alsace (UHA))-Institut National de la Santé et de la Recherche Médicale (INSERM)-Centre National de la Recherche Scientifique (CNRS)-Institut de Chimie du CNRS (INC)-Université de Strasbourg (UNISTRA)-Institut National de la Santé et de la Recherche Médicale (INSERM)-Centre National de la Recherche Scientifique (CNRS), HESAM Université (HESAM)-HESAM Université (HESAM), Institut National des Sciences Appliquées (INSA)-Institut National des Sciences Appliquées (INSA)-Centre National de la Recherche Scientifique (CNRS)-Matériaux et nanosciences d'Alsace (FMNGE), Institut de Chimie du CNRS (INC)-Université de Strasbourg (UNISTRA)-Université de Haute-Alsace (UHA) Mulhouse - Colmar (Université de Haute-Alsace (UHA))-Institut National de la Santé et de la Recherche Médicale (INSERM)-Centre National de la Recherche Scientifique (CNRS)-Institut de Chimie du CNRS (INC)-Université de Strasbourg (UNISTRA)-Université de Haute-Alsace (UHA) Mulhouse - Colmar (Université de Haute-Alsace (UHA))-Institut National de la Santé et de la Recherche Médicale (INSERM)-Centre National de la Recherche Scientifique (CNRS)-Réseau nanophotonique et optique, and Centre National de la Recherche Scientifique (CNRS)-Université de Strasbourg (UNISTRA)-Université de Haute-Alsace (UHA) Mulhouse - Colmar (Université de Haute-Alsace (UHA))-Centre National de la Recherche Scientifique (CNRS)-Université de Strasbourg (UNISTRA)

Subjects
lcsh:Computer engineering. Computer hardware, Process (engineering), Computer science, [SHS.SOCIO] Humanities and Social Sciences/Sociology, Distributed computing, [SHS.INFO]Humanities and Social Sciences/Library and information sciences, 0211 other engineering and technologies, lcsh:TK7885-7895, 02 engineering and technology, computer.software_genre, lcsh:QA75.5-76.95, [SHS.INFO] Humanities and Social Sciences/Library and information sciences, [SHS]Humanities and Social Sciences, Set (abstract data type), Multi-stage attacks, 0202 electrical engineering, electronic engineering, information engineering, Open architecture, Event correlation, 021110 strategic, defence & security studies, [SHS.SOCIO]Humanities and Social Sciences/Sociology, biology, Collaborative engineering, Ant colony optimization algorithms, 020206 networking & telecommunications, Network security, biology.organism_classification, Networksecurity, [SHS.SCIPO]Humanities and Social Sciences/Political science, Computer Science Applications, Signal Processing, Intrusion detection systems, Malware, [SHS.GESTION]Humanities and Social Sciences/Business administration, lcsh:Electronic computers. Computer science, [SHS] Humanities and Social Sciences, [SHS.GESTION] Humanities and Social Sciences/Business administration, Omma, computer, [SHS.SCIPO] Humanities and Social Sciences/Political science, Advanced persistent threats
Abstract

International audience; Current attacks are complex and stealthy. The recent WannaCry malware campaign demonstrates that this is true notonly for targeted operations, but also for massive attacks. Complex attacks can only be described as a set ofindividual actions composing a global strategy. Most of the time, different devices are involved in the same attackscenario. Information about the events recorded in these devices can be collected in the shape of logs in a centralsystem, where an automatic search of threat traces can be implemented. Much has been written about automaticevent correlation to detect multi-step attacks but the proposed methods are rarely brought together in the sameplatform. In this paper, we propose OMMA (Operator-guided Monitoring of Multi-step Attacks), an open andcollaborative engineering system which offers a platform to integrate the methods developed by the multi-stepattack detection research community. Inspired by a HuMa access (Navarro et al., HuMa: A multi-layer framework forthreat analysis in a heterogeneous log environment, 2017) and Knowledge and Information Logs-based System(Legrand et al., Vers une architecture «big-data» bio-inspirée pour la détection d’anomalie des SIEM, 2014) systems,OMMA incorporates real-time feedback from human experts, so the integrated methods can improve theirperformance through a learning process. This feedback loop is used by Morwilog, an Ant Colony Optimization-basedanalysis engine that we show as one of the first methods to be integrated in OMMA.

Published
2018

37. Knowledge Discovery Approach from Blockchain, Crypto-currencies, and Financial Stock Exchanges

Author

Lagraa, Sofiane, Charlier, Jérémy Henri J., State, Radu, Lagraa, Sofiane, Charlier, Jérémy Henri J., and State, Radu

Abstract

Last few years have witnessed a steady growth in interest on crypto-currencies and blockchains. They are receiving considerable interest from industry and the research community, the most popular one being Bitcoin. However, these crypto-currencies are so far relatively poorly analyzed and investigated. Recently, many solutions, mostly based on ad-hoc engineered solutions, are being developed to discover relevant analysis from crypto-currencies, but are not sufficient to understand behind crypto-currencies. In this paper, we provide a deep analysis of crypto-currencies by proposing a new knowledge discovery approach for each crypto-currency, across crypto-currencies, blockchains, and financial stocks. The novel approach is based on a conjoint use of data mining algorithms on imbalanced time series. It automatically reports co-variation dependency patterns of the time series. The experiments on the public crypto-currencies and financial stocks markets data also demonstrate the usefulness of the approach by discovering the different relationships across multiple time series sources and insights correlations behind crypto-currencies.

Published
2018

39. Profiling Smart Contracts Interactions with Tensor Decomposition and Graph Mining

Author

Charlier, Jérémy, Lagraa, Sofiane, State, Radu, Francois, Jerome, Interdisciplinary Centre for Security, Reliability and Trust [Luxembourg] (SnT), Université du Luxembourg (Uni.lu), Management of dynamic networks and services (MADYNES), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Networks, Systems and Services (LORIA - NSS), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), and François, Jérôme

Subjects
[INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], Smart Contract, [INFO.INFO-NI] Computer Science [cs]/Networking and Internet Architecture [cs.NI], Tensor, Stochastic Process, Graph mining
Abstract

International audience; Smart contracts, computer protocols designed for autonomous execution on predefined conditions, arise from the evolution of the Bit-coin's crypto-currency. They provide higher transaction security and allow economy of scale through the automated process. Smart contracts provides inherent benefits for financial institutions such as investment banking, retail banking, and insurance. This technology is widely used within Ethereum, an open source block-chain platform, from which the data has been extracted to conduct the experiments. In this work, we propose an multi-dimensional approach to find and predict smart contracts interactions only based on their crypto-currency exchanges. This approach relies on tensor modeling combined with stochas-tic processes. It underlines actual exchanges between smart contracts and targets the predictions of future interactions among the community. The tensor analysis is also challenged with the latest graph algorithms to assess its strengths and weaknesses in comparison to a more standard approach.

Published
2017

41. BotGM: Unsupervised Graph Mining to Detect Botnets in Traffic Flows

Author

Lagraa, Sofiane, François, Jérôme, Lahmadi, Abdelkader, Minier, Marine, Hammerschmidt, Christian, State, Radu, Lagraa, Sofiane, François, Jérôme, Lahmadi, Abdelkader, Minier, Marine, Hammerschmidt, Christian, and State, Radu

Abstract

Botnets are one of the most dangerous and serious cybersecurity threats since they are a major vector of large-scale attack campaigns such as phishing, distributed denial-of-service (DDoS) attacks, trojans, spams, etc. A large body of research has been accomplished on botnet detection, but recent security incidents show that there are still several challenges remaining to be addressed, such as the ability to develop detectors which can cope with new types of botnets. In this paper, we propose BotGM, a new approach to detect botnet activities based on behavioral analysis of network traffic flow. BotGM identifies network traffic behavior using graph-based mining techniques to detect botnets behaviors and model the dependencies among flows to traceback the root causes then. We applied BotGM on a publicly available large dataset of Botnet network flows, where it detects various botnet behaviors with a high accuracy without any prior knowledge of them.

Published
2017

42. Profiling Smart Contracts Interactions Tensor Decomposition and Graph Mining.

Author

Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Services and Data management research group (SEDAN) [research center], Charlier, Jérémy Henri J., Lagraa, Sofiane, State, Radu, Francois, Jerome, Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Services and Data management research group (SEDAN) [research center], Charlier, Jérémy Henri J., Lagraa, Sofiane, State, Radu, and Francois, Jerome

Abstract

Smart contracts, computer protocols designed for autonomous execution on predefined conditions, arise from the evolution of the Bitcoin’s crypto-currency. They provide higher transaction security and allow economy of scale through the automated process. Smart contracts provides inherent benefits for financial institutions such as investment banking, retail banking, and insurance. This technology is widely used within Ethereum, an open source block-chain platform, from which the data has been extracted to conduct the experiments. In this work, we propose an multi-dimensional approach to find and predict smart contracts interactions only based on their crypto-currency exchanges. This approach relies on tensor modeling combined with stochastic processes. It underlines actual exchanges between smart contracts and targets the predictions of future interactions among the community. The tensor analysis is also challenged with the latest graph algorithms to assess its strengths and weaknesses in comparison to a more standard approach.

Published
2017

45. Nouveaux outils de profilage de MP-SoC basés sur des techniques de fouille de données

Author

Lagraa, Sofiane, Techniques of Informatics and Microelectronics for integrated systems Architecture (TIMA), Institut polytechnique de Grenoble - Grenoble Institute of Technology (Grenoble INP)-Centre National de la Recherche Scientifique (CNRS)-Université Grenoble Alpes (UGA), Laboratoire d'Informatique de Grenoble (LIG), Université Pierre Mendès France - Grenoble 2 (UPMF)-Université Joseph Fourier - Grenoble 1 (UJF)-Institut polytechnique de Grenoble - Grenoble Institute of Technology (Grenoble INP)-Institut National Polytechnique de Grenoble (INPG)-Centre National de la Recherche Scientifique (CNRS)-Université Grenoble Alpes (UGA), Université de Grenoble, Frédéric Pétrot, Alexandre Termier, STAR, ABES, Techniques de l'Informatique et de la Microélectronique pour l'Architecture des systèmes intégrés (TIMA), Université Joseph Fourier - Grenoble 1 (UJF)-Institut polytechnique de Grenoble - Grenoble Institute of Technology (Grenoble INP )-Centre National de la Recherche Scientifique (CNRS), and Institut polytechnique de Grenoble - Grenoble Institute of Technology (Grenoble INP )-Institut National Polytechnique de Grenoble (INPG)-Centre National de la Recherche Scientifique (CNRS)-Université Pierre Mendès France - Grenoble 2 (UPMF)-Université Joseph Fourier - Grenoble 1 (UJF)

Subjects
[INFO.INFO-AI] Computer Science [cs]/Artificial Intelligence [cs.AI], Programe Parallèle, Profilage, Profiling, Parallel program, MPSoC, Fouille de données, Data mining, [INFO.INFO-AI]Computer Science [cs]/Artificial Intelligence [cs.AI]
Abstract

Miniaturization of electronic components has led to the introduction of complex electronic systems which are integrated onto a single chip with multiprocessors, so-called Multi-Processor System-on-Chip (MPSoC). The majority of recent embedded systems are based on massively parallel MPSoC architectures, hence the necessity of developing embedded parallel applications. Embedded parallel application design becomes more challenging: It becomes a parallel programming for non-trivial heterogeneous multiprocessors with diverse communication architectures and design constraints such as hardware cost, power, and timeliness. A challenge faced by many developers is the profiling of embedded parallel applications so that they can scale over more and more cores. This is especially critical for embedded systems powered by MPSoC, where ever demanding applications have to run smoothly on numerous cores, each with modest power budget. Moreover, application performance does not necessarily improve as more cores are added. Application performance can be limited due to multiple bottlenecks including contention for shared resources such as caches and memory. It becomes time consuming for a developer to pinpoint in the source code the bottlenecks decreasing the performance. To overcome these issues, in this thesis, we propose a fully three automatic methods which detect the instructions of the code which lead to a lack of performance due to contention and scalability of processors on a chip. The methods are based on data mining techniques exploiting gigabytes of low level execution traces produced by MPSoC platforms. Our profiling approaches allow to quantify and pinpoint, automatically the bottlenecks in source code in order to aid the developers to optimize its embedded parallel application. We performed several experiments on several parallel application benchmarks. Our experiments show the accuracy of the proposed techniques, by quantifying and pinpointing the hotspot in the source code., La miniaturisation des composants électroniques a conduit à l'introduction de systèmes électroniques complexes qui sont intégrés sur une seule puce avec multiprocesseurs, dits Multi-Processor System-on-Chip (MPSoC). La majorité des systèmes embarqués récents sont basées sur des architectures massivement parallèles MPSoC, d'où la nécessité de développer des applications parallèles embarquées. La conception et le développement d'une application parallèle embarquée devient de plus en plus difficile notamment pour les architectures multiprocesseurs hétérogènes ayant différents types de contraintes de communication et de conception tels que le coût du matériel, la puissance et la rapidité. Un défi à relever par de nombreux développeurs est le profilage des applications parallèles embarquées afin qu'ils puissent passer à l'échelle sur plusieurs cœurs possible. Cela est particulièrement important pour les systèmes embarqués de type MPSoC, où les applications doivent fonctionner correctement sur de nombreux cœurs. En outre, la performance d'une application ne s'améliore pas forcément lorsque l'application tourne sur un nombre de cœurs encore plus grand. La performance d'une application peut être limitée en raison de multiples goulot d'étranglement notamment la contention sur des ressources partagées telles que les caches et la mémoire. Cela devient contraignant etune perte de temps pour un développeur de faire un profilage de l'application parallèle embarquée et d'identifier des goulots d'étranglement dans le code source qui diminuent la performance de l'application. Pour surmonter ces problèmes, dans cette thèse, nous proposons trois méthodes automatiques qui détectent les instructions du code source qui ont conduit à une diminution de performance due à la contention et à l'évolutivité des processeurs sur une puce. Les méthodes sont basées sur des techniques de fouille de données exploitant des gigaoctets de traces d'exécution de bas niveau produites par les platesformes MPSoC. Nos approches de profilage permettent de quantifier et de localiser automatiquement les goulots d'étranglement dans le code source afin d'aider les développeurs à optimiserleurs applications parallèles embarquées. Nous avons effectué plusieurs expériences sur plusieurs applications parallèles embarquées. Nos expériences montrent la précision des techniques proposées, en quantifiant et localisant avec précision les hotspots dans le code source.

Published
2014

46. Scalability bottlenecks discovery in MPSoC platforms using data mining on simulation traces

Author

Lagraa, Sofiane, Termier, Alexandre, Pétrot, Frédéric, HADAS (LIG Laboratoire d'Informatique de Grenoble), Laboratoire d'Informatique de Grenoble (LIG), Université Pierre Mendès France - Grenoble 2 (UPMF)-Université Joseph Fourier - Grenoble 1 (UJF)-Institut polytechnique de Grenoble - Grenoble Institute of Technology (Grenoble INP)-Institut National Polytechnique de Grenoble (INPG)-Centre National de la Recherche Scientifique (CNRS)-Université Grenoble Alpes (UGA)-Université Pierre Mendès France - Grenoble 2 (UPMF)-Université Joseph Fourier - Grenoble 1 (UJF)-Institut polytechnique de Grenoble - Grenoble Institute of Technology (Grenoble INP)-Institut National Polytechnique de Grenoble (INPG)-Centre National de la Recherche Scientifique (CNRS)-Université Grenoble Alpes (UGA), Techniques of Informatics and Microelectronics for integrated systems Architecture (TIMA), Institut polytechnique de Grenoble - Grenoble Institute of Technology (Grenoble INP)-Centre National de la Recherche Scientifique (CNRS)-Université Grenoble Alpes (UGA), Heterogeneous and Adaptive distributed DAta management Systems (HADAS), Institut polytechnique de Grenoble - Grenoble Institute of Technology (Grenoble INP )-Institut National Polytechnique de Grenoble (INPG)-Centre National de la Recherche Scientifique (CNRS)-Université Pierre Mendès France - Grenoble 2 (UPMF)-Université Joseph Fourier - Grenoble 1 (UJF)-Institut polytechnique de Grenoble - Grenoble Institute of Technology (Grenoble INP )-Institut National Polytechnique de Grenoble (INPG)-Centre National de la Recherche Scientifique (CNRS)-Université Pierre Mendès France - Grenoble 2 (UPMF)-Université Joseph Fourier - Grenoble 1 (UJF), Techniques de l'Informatique et de la Microélectronique pour l'Architecture des systèmes intégrés (TIMA), and Université Joseph Fourier - Grenoble 1 (UJF)-Institut polytechnique de Grenoble - Grenoble Institute of Technology (Grenoble INP )-Centre National de la Recherche Scientifique (CNRS)

Subjects
010302 applied physics, [INFO.INFO-DB]Computer Science [cs]/Databases [cs.DB], 0103 physical sciences, 020208 electrical & electronic engineering, 0202 electrical engineering, electronic engineering, information engineering, 020206 networking & telecommunications, 02 engineering and technology, 01 natural sciences, 020202 computer hardware & architecture
Abstract

International audience; Nowadays, a challenge faced by many developers is the profiling of parallel applications so that they can scale over more and more cores. This is especially critical for embedded systems powered by Multi-Processor System-on-Chip (MPSoC), where ever demanding applications have to run smoothly on numerous cores, each with modest power budget. The reasons for the lack of scalability of parallel applications are numerous, and it can be time consuming for a developer to pinpoint the correct one. In this paper, we propose a fully automatic method which detects the instructions of the code which lead to a lack of scalability. The method is based on data mining techniques exploiting low level execution traces produced by MPSoC simulators. Our experiments show the accuracy of the proposed technique on five different kinds of applications, and how the information reported can be exploited by application developers.

Published
2014

47. Data Mining MPSoC Simulation Traces to Identify Concurrent Memory Access Patterns

Author

Lagraa, Sofiane, Termier, Alexandre, Pétrot, Frédéric, Laboratoire d'Informatique de Grenoble (LIG), Université Pierre Mendès France - Grenoble 2 (UPMF)-Université Joseph Fourier - Grenoble 1 (UJF)-Institut polytechnique de Grenoble - Grenoble Institute of Technology (Grenoble INP)-Institut National Polytechnique de Grenoble (INPG)-Centre National de la Recherche Scientifique (CNRS)-Université Grenoble Alpes (UGA), Techniques of Informatics and Microelectronics for integrated systems Architecture (TIMA), Institut polytechnique de Grenoble - Grenoble Institute of Technology (Grenoble INP)-Centre National de la Recherche Scientifique (CNRS)-Université Grenoble Alpes (UGA), HADAS (LIG Laboratoire d'Informatique de Grenoble), Université Pierre Mendès France - Grenoble 2 (UPMF)-Université Joseph Fourier - Grenoble 1 (UJF)-Institut polytechnique de Grenoble - Grenoble Institute of Technology (Grenoble INP)-Institut National Polytechnique de Grenoble (INPG)-Centre National de la Recherche Scientifique (CNRS)-Université Grenoble Alpes (UGA)-Université Pierre Mendès France - Grenoble 2 (UPMF)-Université Joseph Fourier - Grenoble 1 (UJF)-Institut polytechnique de Grenoble - Grenoble Institute of Technology (Grenoble INP)-Institut National Polytechnique de Grenoble (INPG)-Centre National de la Recherche Scientifique (CNRS)-Université Grenoble Alpes (UGA), Enrico Macii, Institut polytechnique de Grenoble - Grenoble Institute of Technology (Grenoble INP )-Institut National Polytechnique de Grenoble (INPG)-Centre National de la Recherche Scientifique (CNRS)-Université Pierre Mendès France - Grenoble 2 (UPMF)-Université Joseph Fourier - Grenoble 1 (UJF), Techniques de l'Informatique et de la Microélectronique pour l'Architecture des systèmes intégrés (TIMA), Université Joseph Fourier - Grenoble 1 (UJF)-Institut polytechnique de Grenoble - Grenoble Institute of Technology (Grenoble INP )-Centre National de la Recherche Scientifique (CNRS), Heterogeneous and Adaptive distributed DAta management Systems (HADAS), and Institut polytechnique de Grenoble - Grenoble Institute of Technology (Grenoble INP )-Institut National Polytechnique de Grenoble (INPG)-Centre National de la Recherche Scientifique (CNRS)-Université Pierre Mendès France - Grenoble 2 (UPMF)-Université Joseph Fourier - Grenoble 1 (UJF)-Institut polytechnique de Grenoble - Grenoble Institute of Technology (Grenoble INP )-Institut National Polytechnique de Grenoble (INPG)-Centre National de la Recherche Scientifique (CNRS)-Université Pierre Mendès France - Grenoble 2 (UPMF)-Université Joseph Fourier - Grenoble 1 (UJF)

Subjects
PACS 85.42, 020208 electrical & electronic engineering, 0202 electrical engineering, electronic engineering, information engineering, 020206 networking & telecommunications, 02 engineering and technology, MPSOC, [SPI.NANO]Engineering Sciences [physics]/Micro and nanotechnologies/Microelectronics
Abstract

Session: Model-based design and verification for embedded systems - http://dl.acm.org/citation.cfm?id=2485471 - ISBN 978-3-9815370-0-0; International audience; Due to a growing need for flexibility, massively parallel Multiprocessor SoC (MPSoC) architectures are currently being developed. This leads to the need for parallel software, but poses the problem of the efficient deployment of the software on these architectures. To address this problem, the execution of the parallel program with software traces enabled on the platform and the visualization of these traces to detect irregular timing behavior is the rule. This is error prone as it relies on software logs and human analysis, and requires an existing platform. To overcome these issues and automate the process, we propose the conjoint use of a virtual platform logging at hardware level the memory accesses and of a data-mining approach to automatically report unexpected instructions timings, and the context of occurrence of these instructions. We demonstrate the approach on a multiprocessor platform running a video decoding application.

Published
2013

Catalog

Books, media, physical & digital resources
See catalog results