Section: New Results

Monitoring

HTTPS traffic monitoring

Participants : Jérôme François [contact] , Pierre-Olivier Brissaud, Olivier Bettan [Thales] , Isabelle Chrisment, Thibault Cholez.

While privacy is empowered by encrypted communications such as through the HTTPS protocol, it is also legitimated to allow network monitoring of HTTPS traffic. To be compliant with privacy, we proposed a transparent and passive technique that only detects if an HTTPS request is related to a previously defined action [7]. Our technique is able to detect forbidden searches over a web service such as Google Images. It differs from related work that either focuses on detecting the type of traffic or the used web service. To achieve a high accuracy, our technique relies on learning stage where keywords to be monitored are crawled before we leverage KDE (Kernel Density Estimation). KDE allows us to construct a signature summarizing the sizes of the loaded objects on a page, which strongly depend on the user action or search.

Monitoring Programmable Networks

Participants : Jérôme François [contact] , Olivier Festor, Paul Chaignon [Orange Labs] , Kahina Lazri [Orange Labs] , Thibault Delmas [Orange Labs] .

SDN-based monitoring allows us to gather more valuable indicators by specifying or programming the monitoring with a fine granularity. We proposed to use eBPF (extended Berkeley Packet Filter) to apply fine-grained filtering in comparison to OpenFlow. It brings safety guarantees regarding program execution and allows stateful programs. In order to limit the impact on the throughput, we integrated our solution within the regular packet processing pipeline of Open vSwitch, a major software switch for OpenFlow, by extending the cache mechanisms [8].

Predictive Security Monitoring for Large-Scale Internet-of-Things

Participants : Jérôme François [contact] , Rémi Badonnel, Abdelkader Lahmadi, Isabelle Chrisment, Adrien Hemmer.

The Internet-of-Things has become a reality with numerous protocols, platforms and devices being developed and used to support the growing deployment of smart services. Providing new services requires the development of new functionalities, and the elaboration of complex systems that are naturally a source of potential threats. Real cases recently demonstrated that the IoT can be affected by naïve weaknesses. Therefore, security is of paramount importance. In the last decade, many IoT architectures have been proposed. However, security cannot be guaranteed without failure or by-design. In that context, we are currently investigating predictive security monitoring strategies for large-scale Internet-of-Things. In particular, we are considering the building of behavioral models characterizing such complex networks. The objective is to support both the detection of malicious activities, as well as the selection of security counter-measures.

Quality of Experience Monitoring

Participants : Isabelle Chrisment [contact] , Thibault Cholez, Antoine Chemardin, Vassili Rivron [University of Caen] , Lakhdar Meftah [University of Lille] .

We have pursued our work on smartphone usage monitoring with the SPIRALS team (Inria/Université de Lille) and more specifically on proposing new methods to help measure the QoE and to protect the user's privacy when collecting such data.

In the context of the BottleNet project, to build an adequate instrumented investigation system (mobile applications combining measurements and questionnaires), we decomposed, with a group of students, the network quality concept and the perception of the services in several different approaches. These students worked on bibliographic research, on the smartphone usage and on the perception of the Internet. Structured debates on social issues associated with mobile connectivity were organized. The following topics were dealt: Quality of Service/Quality of Experience; rhythms of life and routines; privacy: diversity of practices and ethical issues; advertising and free: volume, exposure, perception, third-party and cost; quantified self-*: relation to self-quantification; online cultural consumption; information practices on mobile; communication practices.

In the context of the IPL BetterNet project, we continued to work on federating Inria's monitoring tools (APISENSE®, Fathom, Hostview, ACQUA) in a common measurement platform. A first test campaign has been performed with a small set of volunteer users to evaluate the full data collection system built from all these tools.