Systèmes coopératifs décentralisés de détection et de contre-mesures des incidents et attaques sur les réseaux IP

Abstract : The problem of botnets, networks of infected hosts controlled remotely by attackers, is a major concern because of the number of infected hosts and associated threats, like distributed denial of service (DDoS), spams, and data theft. State of the art solutions to fight against botnets have major limitations in a context of a network operator (scalability of the solution, confidentiality and privacy of users). In this thesis, we propose four network-based contributions to fight against botnets. Each solution address a different and complementary issue in this area: the first contribution tracebacks the source of denial of service attacks which threaten the network availability, allowing by that way to identify infected devices used to perpetrate these attacks. The second contribution detects the communications between infected computers and their command and control server (C&C) in a large scale network and offers the opportunity to block these servers to minimize the risk of future attacks. The third contribution enables collaborative detection of botnets in an inter-domain and inter-operator context in order to fight against the highly distributed aspect of these botnets. Finally, the last contribution mitigates botnets by slowing down the communication between infected hosts and their C&C server, providing a countermeasure against evasion techniques developed by cybercriminals to make their botnets more resilient
Complete list of metadatas

Cited literature [122 references]  Display  Hide  Download

https://pastel.archives-ouvertes.fr/tel-01396932
Contributor : Abes Star <>
Submitted on : Tuesday, November 15, 2016 - 11:20:09 AM
Last modification on : Thursday, October 17, 2019 - 12:36:09 PM
Long-term archiving on: Thursday, March 16, 2017 - 6:39:47 PM

File

theseGuerid2.pdf
Version validated by the jury (STAR)

Identifiers

  • HAL Id : tel-01396932, version 1

Collections

Citation

Hachem Guerid. Systèmes coopératifs décentralisés de détection et de contre-mesures des incidents et attaques sur les réseaux IP. Cryptographie et sécurité [cs.CR]. Télécom ParisTech, 2014. Français. ⟨NNT : 2014ENST0079⟩. ⟨tel-01396932⟩

Share

Metrics

Record views

392

Files downloads

665