Description
Network intrusion detection systems (NIDS) observe network traffic and aim to pinpoint intrusions, i.e. effective threats on the integrity, availability or confidentiality of services and data provided by this network. There are two types of NIDS:1) signature-based intrusion detection systems that identify known intrusions by referring to an existing knowledge base, and2) anomaly-based intrusion detection systems (AIDS) that detect intrusions based on deviations from a model of normal network traffic, usually learnt through machine learning techniques.While AIDS have the advantage to not necessitate the manual creation of signatures, deploying AIDS in networks is challenging in practice.First, collecting representative network data and properly labelling it is complex and costly. This data is also highly unbalanced, as attacks are rare events. Finally, a learned AIDS is likely to show a drop in detection rates due to differences between the training context and the inference context.This presentation will discuss the results of Nicolas Sourbier’s PhD thesis that has studied how genetic programming and Tangled Program Graphs (TPGs) machine learning can help overcoming the challenges of the network AIDS.
Prochains exposés
-
The Battle Against Bots: Current Threats and New Directions to Counter Automated Attacks
Orateur : Elisa Chiapponi - Amadeus IT Group
In today's digital landscape, the battle between industry and automated bots is an ever-evolving challenge. Attackers are leveraging advanced techniques such as residential proxies, CAPTCHA farms, and AI-enhanced fingerprint rotations to evade detection and execute functional abuse attacks, including web scraping, denial of inventory, and SMS pumping. This talk will explore ongoing efforts[…]-
SoSysec
-
Détection d'intrusion
-
-
Safety-Security Convergence of Industrial Control Systems
Orateur : Maxime Puys - Université Clermont Auvergne - IUT de Clermont-Ferrand
Industrial Control Systems (ICS) are designed to provide a service, such as power generation or water treatment, while protecting people, assets, and the environment against hazards. However, ICS now integrate Information Technology (IT) and are interconnected with the outside world such as the Internet, thereby exposing their infrastructures to cyberattacks. Cyberattacks have thus become new[…]-
SoSysec
-
Détection d'intrusion
-