5G Security Assessment Platform

Participants: Abdelkader Lahmadi [contact], Karim Baccar.

During 2022, we developed a novel platform dedicated to the security assessment of 5G networks and their respective protocols. Our platform provides a full end-to-end 5G network and operates in standalone mode (SA). Ir relies on hardware base station (Amarisoft CallBox) and uses Ettus USRP B210 SDR cards for radio transmission. It also contains mobile 5G devices operating and UE emulators. This platforms is used to develop mainly fuzzing and security assessment tools dedicated to 5G protocols. First prototypes of these tool are already and integrated in the platform to generate and inject them on the fly 5G packets. This platform is restricted to be used by the RESIST team.

7.1.1 Programmable Network Monitoring

Participants: Jérôme François [contact], Raouf Boutaba, Isabelle Chrisment, Abir Laraba.

We have further extended this work by combining our EFSM scheme with a Petri net, whose main advantage is to be easily represented and so implemented with reconfigurable match tables. As a result, an attack detector can be recomposed at run-time from a set of EFSM models which are synchronized with a Petri net. We thus proposed a method to automatically map a Petri Net into P4 abstractions which can be then compiled to a P4 programmable dataplane. Our approach has been demonstrated to be effective on sophisticated attacks, e.g. a DNS poisoning attack involving multiple stages. This work has been presented at IFIP/IEEE NOMS 2022 (Network Operations and Management Symposium) 11.

7.1.2 Predictive Security Monitoring for Large-Scale Internet-of-Things

Participants: Rémi Badonnel [contact], Isabelle Chrisment, Jérôme François, Adrien Hemmer.

In 2022 we have pursued our efforts on an ensemble learning-based architecture for supporting an early detection of multi-phase attacks in IoT systems. This architecture leverages the performance of five major detection methods, namely process mining, elliptic envelope, one class support vector machine, local outlier factor and isolation forest. We have described the main components of this architecture, their operations and the interactions amongst them. We have complemented this architecture with a feedback loop mechanism, that enables improving the reactivity of attack detection in these systems. In particular, it permits to adjust the parameterization of considered detection methods, when the premises of potential attacks are identified on some data sources characterizing the IoT system. We have also extended our performance evaluation through additional extensive set of experiments based on industrial environments, in order to quantify the impact of perturbations, namely data noises and data losses, on the overall detection results. As future work, we are interested in integrating complementary detection methods to our ensemble-based solution, and elaborating cost-based strategies to determine the best sub-set of detection methods to be considered per data source. We also would like to investigate the coupling of our solution with threat intelligence, such as exploiting vulnerability descriptions to adapt the attack detection strategy based on this additional knowledge.

7.1.3 Monitoring and exploitation of Blockchains' Networking Infrastructure

Participants: Thibault Cholez [contact], Jean-Philippe Eisenbarth, Thomas Martignon.

In 2022, we pursued our work on the Ethereum P2P network. We noticed that, on the one hand, the Ethereum P2P network based on a distributed hash table (DHT) is largely unexploited, as no data is stored in the DHT, and on the other hand, the storage of the blockchain data is only growing (which will eventually be problematic as fewer nodes will be able to afford the storage costs). We studied in a second time the data storage of the main client of Ethereum (Geth) and its way of synchronizing the state of the blockchain between the peers. We designed a new distributed storage architecture for Ethereum taking full advantage of the DHT, that is backward compatible with current clients and able to reduce the disk space used for long-term storage by 95% (58% of the total storage of a node), without impacting the guarantees or the performance of the Ethereum blockchain.

However, storing data on the DHT makes it more prone to attacks, especially to localized Sybil attacks. We therefore analyzed Ethereum peers looking for patterns that could prove that Sybil attacks are possible. More precisely, we looked for peers that: 1) are too close to each other in the DHT ID space, or 2) are from the same /24 subnetwork, or 3) share the same IP address. We showed the existence of thousands of suspicious nodes grouping many identifiers for a single IP address (up to 10.000/IP) which clearly proves that the threat of a Sybil attack on Ethereum's DHT is real.

We finally designed and implemented a protection architecture against Sybil attacks to avoid suspicious nodes to grow in number with time and conduct a large scale attack able to disrupt the Etherum blockchain. It is based on a a global monitoring system that detects suspicious nodes in real time, a Smart Contract structuring the resulting list of nodes and propagating it to all peers, and finally a fully-distributed revocation system, where each peer must check individually if the report is accurate and remove its connections to suspicious peers. The revocation is currently based on an external tool using the RPC API of the Geth client but could be later directly integrated in the main client. The deployment of all these mechanisms on Ethereum's test network has shown the effectiveness of the proposed architecture. This work was published in Springer's Journal of Network and Systems Management 3 in 2022.

7.1.4 Monitoring Internet-wide threat with a network telescope

Participants: Jérôme François [contact], Isabelle Chrisment, Mehdi Zakroum.

Network reconnaissance is the first step preceding a cyber-attack. Hence, monitoring the probing activities is imperative to help security practitioners enhancing their awareness about Internet’s large-scale events or peculiar events targeting their network.

We introduced a framework 5 for an improved and efficient monitoring of the probing activities targeting network telescopes. Particularly, we model the probing rates which are a good indicator for measuring the cyber-security risk targeting network services. Sequences of probing rates targeting similar ports are used as inputs to stacked Long Short-Term Memory (LSTM) neural networks to predict probing rates 1 hour and 1 day in advance. It serves to compute monitoring indicators to infer anomalous probing traffic and to raise early threat warnings.

7.2.1 Understanding Cloud Gaming Network Traffic and optimizing its transport

Participants: Thibault Cholez [contact], Olivier Festor, Philippe Graff, Xavier Marchal.

In 2022, we pursued our work to characterize CG traffic and evaluate the ability of the platforms to adapt their traffic to cope with network constraints. We extended our work with new measurements on the platforms through emulated cellular network conditions and refined our analysis of the delivered QoS by platforms. This extension is accepted with minor revision in Springer Journal of Network and System Management (JNSM) and the corresponding dataset is available for the community.

To improve the delivery of such low-latency applications, new Active Queue Management architectures like L4S (Low Latency, Low Loss, Scalable Throughput) are proposed. Currently, traffic is routed to a low-latency queue only based on the presence of the ECN (Explicit Congestion Notification) bit in the IP header, but this is too restrictive and can be easily manipulated. Instead, we aim at analyzing and detecting CG traffic based on its inherent characteristics, so as to forward the packets in the low-latency queue. We designed a decision trees based ML model to efficiently detect CG traffic based on flow-level features among other high-bitrate applications transported over UDP. The evaluation proves that our model achieves good results (98.5% accuracy) and can be realistically deployed as a Virtualized Network Function at the edge, handling more than 10Gb/s of medium-sized flows on a low-end server. This work is accepted for publication as a full paper in IFIP/IEEE NOMS 2023.

Finally, we extended the cloud-gaming use case to cloud-Virtual Reality. While VR headsets are progressively popularized, they still need an expensive 3D-capable computer to render appealing virtual environments. A potential solution to further generalize VR lies in the development of cloud-VR where the rendering is performed on a distant server. However, this raises new challenges for the network that is not yet ready to transport such high-bandwidth and ultra-low latency flows. We conducted an analysis of the network traffic generated by the Air-Link protocol of a Meta Quest 2 headset. We give its characteristics and show that it is resilient to concurrent Wi-Fi traffic. We list the main challenges to enable the transport of VR flows on WAN and give promising research directions in particular in the area of network management.

7.2.2 Benchmarking of lightweight cryptographic algorithms for wireless IoT networks

Participants: Abdelkader Lahmadi [contact], Lama Sleem.

Cryptographic algorithms that can provide both encryption and authentication are increasingly required in modern security architectures and protocols (e.g. TLS v1.3). Many authenticated encryption systems have been proposed in the past few years, which has resulted in several cryptanalysis research work. In this same direction, the National Institute of Standards and Technology (NIST) is coordinating a large effort to find a new standard authenticated encryption algorithm to be used by resource-constrained and limited devices.

In 2, we evaluate on a real IoT test-bed 12 algorithms of the 33 candidates of the Round 2 phase from NIST competition. We ported the 12 algorithms to different hardware platforms (an x86_64 PC, an AVR ATmega128, an MSP430F1611 and the IoT-LAB platform) and make a fair comparison between their performance. We adapted these algorithms to the Contiki operating system to evaluate the latency and efficiency of each algorithm on IoT applications deployed on a national experimental platform which is IoT-LAB.

7.3.1 Efficient Distribution of Security Filtering Rules in SDN

Participants: Abdelkader Lahmadi [contact].

In 6, we extend our previous work on network management rules distribution by introducing an efficient update strategy. Through extensive experiments on several rule sets with single and multiple path topologies, we evaluate and analyze the performance of our strategy. The obtained results show a reduction of up to 90% in update time.

7.3.2 Characterization and troubleshooting of cloud gaming applications on mobile networks

Participants: Abdelkader Lahmadi [contact], Isabelle Chrisment, Raouf Boutaba, Joël Ky.

In the context of the Joel Ky's PhD thesis, our aim is to develop novel solutions for automatically - leveraging AI techniques - characterizing, classifying and troubleshooting cloud gaming applications 19. These Low-latency applications have soared with the rapid evolution of Internet. Current network capacities (especially time-varying capacity networks like 4G/5G networks) struggle to ensure user QoE (Quality of Experience). There is therefore a need to collect, identify and analyze metrics specific to low-latency applications in network equipment (switches, base stations, UEs...) for efficient troubleshooting of user QoE degradation purposes.

In 10 we investigate unsupervised ML approaches (PCA, OC-SVM, Isolation Forest, Auto-Encoder, LSTM-VAE) to understand their performance and their robustness. Our dataset consists of game sessions played on the public Google Stadia Cloud Gaming servers. The game sessions are played using a 4G network emulation replicating the capacity variations sampled on a commercial 4G network. We compare different models ranging from traditional approaches to deep learning and we evaluate their default performance while varying the level of contamination in their training datasets. Our experiments show that Auto-Encoder models achieve the best performance without contamination while the OC-SVM and the Isolation Forest are the most robust to data contamination.

7.3.3 Support for Programmable In-Network Analytics

Participants: Jérôme François [contact], Olivier Festor, Matthews Jose.

In previous years, we introduced a framework, InREC, to compute floating point arithmetic with P4-capable Tofino programmable switches. Our solution heavily relied on lookup-tables fiulled with pre-computed operations. This framework was extend in 2022 with NetREC 4, 9 that adds further support. In 4, our main contribution was focused on adding the support for stateful function. In 9, we first introduced a new real number fixed point representation that is aligned with switch capabilities. By doing so, exchanging real number representations among multiple switches was more convenient and efficient. It paved the way for distributed computation of sophisticated functions on multiple switches. This however requires to deal with constraints related to switch resources and packet forwarding. All of them are resolved thanks to a MILP (Mixed-integer linear programming) formulation and resolution. Besides, support for recursive or time-based functions was added.

7.3.4 Security Analysis of Embedded Devices

Participants: Jérôme François [contact], Olivier Festor, Pierre-Marie Junges.

In order to observe attackers, we defined a new honeypot called HiFiPot. It is capable of creating a high-interaction honeypot on-the-fly with a high fidelity, i.e. from a firmware image. Our technique improves the most recent state-of-the-art solution to emulate an IoT device without scarifying the furtiveness. It is based on an iterative learning procedure to automatically correct emulation errors and to ensure Internet connectivity while maintaining these corrections invisible to the attackers. Out of the 1,000 firmware images tested, 443 (44,3%) can be deployed as honeypot. More than 500 instances of were deployed in the wild, and received about 1,900 HTTP traversal attacks, and downloaded 31 distinct malware binaries (out of 909) among which eight were unknown.

This work concludes the PhD thesis of P.-M. Junges 17 and is accepted for publications in IEEE/IFIP NOMS 2023.

7.3.5 Analysis of network resiliency

Participants: Nicolas Schnepf [contact].

To meet their stringent requirements in terms of performance and dependability, communication networks should be “well connected”. While classic connectivity measures typically revolve around topological properties, e.g., related to cuts, these measures may not reflect well the degree to which a network is actually dependable. In 7 we introduced a more refined measure for network connectivity, the hazard value, which is developed to meet the needs of a real network operator. It accounts for crucial aspects affecting the dependability experienced in practice, including actual traffic patterns, distribution of failure probabilities, routing constraints, and alternatives for services with preferences therein. We analytically showed that the hazard value fulfills several fundamental desirable properties that make it suitable for comparing different network topologies with one another, and for reasoning about how to efficiently enhance the robustness of a given network. We also presented an optimised algorithm to compute the hazard value and an experimental evaluation against networks from the Internet Topology Zoo and classical datacenter topologies, such as fat trees and BCubes. This evaluation showed that the algorithm computes the hazard value within minutes for realistic networks, making it practically usable for network designers.

7.4.1 Vulkan for NFV

Participants: Thibault Cholez.

Our architecture is based on a combination of open and standardized technologies, namely SPIR-V, Vulkan, and Kubernetes. We described our architecture and provided design guidelines to use it. We proved its applicability with an actual use case performing traffic classification with random forest inference. This VNF was deployed successfully by Kubernetes on different GPU hardware and executed with better performance than the Cython counterpart on CPU. Our contribution is supported by a software made available for the community and the corresponding full paper was accepted for publication at IFIP/IEEE NOMS 2022 8.

7.4.2 Software-Defined Security for Clouds

Participants: Rémi Badonnel [contact], Olivier Festor, Mohamed Oulaaffart.

Within the H2020 Concordia project, we have pursued investigating a security automation strategy for cloud services, with a focus on issues related to resource migration. This strategy argues in favor of exploiting service descriptions as an important knowledge source to drive security enhancement. The first pillar of this work consists in extending an orchestration language for specifying different orchestrated security levels and supporting security automation. The second pillar concerns the design of a framework with selection algorithms to determine the security mechanisms to be activated for protecting a whole cloud service during the migration of one or several of its resources.

In particular, we have proposed in 12 an automated SMT-based security framework for supporting the migration of resources in these cloud services, and preventing the occurrence of new configuration vulnerabilities. We have formalized the underlying security automation based on SMT solver, in order to assess the migrated resources and select adequate countermeasures, considering both endogenous and exogenous security mechanisms. We have then evaluated its benefits and limits through large series of experiments based on a proof-of-concept prototype implemented over the CVC4 commonly-used open-source solver 22. These experiments show a minimal overhead with regular operating systems deployed in cloud environments. The prototype has been showcased during an international conference 13, where we have illustrated its operation through two main scenarios related to the detection of vulnerable configurations prior to resource migrations, and related to the suggestion of corrective operations for remediating them.

Furthermore, we have started to work on an inter-cloud trusted third-party approach, called C3S-TTP, for supporting such configuration security. Vulnerability prevention is challenged by the reluctance of stakeholders, namely the cloud tenant and the cloud provider, to share precise configuration information regarding respectively their cloud composite services and their cloud infrastructures, this information disclosure posing also security issues. Our third-party entity serves as an intermediate between the cloud tenant and the cloud provider, and is responsible for collecting configuration information and preventing configuration vulnerabilities before the migration of cloud resources. We have specified an extension of the TOSCA orchestration language, to support the interactions amongst the trusted third party, the cloud tenant and the cloud provider. We have shown to what extent the observability enabled by the trusted third party contributes to increase the performance of vulnerability prevention, and to minimize risks related to vulnerable configurations.

Numeryx Technologies (Paris, France)

Participants: Abdelkader Lahmadi [contact], Wafik Zahwa, Michael Rusinowitch [PESTO team], Mondher Ayadi [NUMERYX].

• CIFRE PhD in collaboration with PESTO team (Wafik Zahwa, supervised by Michael Rusinowitch, Abdelkader Lahmadi and Mondher Ayadi) on Building Self-Driven Network Functions. Since October 2022.

Orange Lab (Issy-Les-Moulineaux, France)

Participants: Jérôme François [contact], Olivier Festor, Matthews Jose, Joël Ky, Bertrand Mathieu [Orange], Kahina Lazri [Orange].

• CIFRE PhD (Joël Ky , supervised by Isabelle Chrisment, Abdelkader Lahmadi, Raouf Boutaba and Bertrand Mathieu) on Automatic characterization, classification and troubleshooting of cloud gaming applications10, 19. Since October 2021.
• CIFRE PhD (Matthews Jose, supervised by Olivier Festor, Jérôme François and Kahina Lazri) on Complex arithmetic operation for in-network computing using hardware dataplanes4, 9. Since January 2019.

9.1.1 Inria associate team not involved in an IIL or an international program

9.1.2 STIC/MATH/CLIMAT AmSud projects

9.2.1 H2020 projects

9.3.1 ANR

9.3.2 PEPR

9.3.3 Inria joint Labs

10.1.1 Scientific events: organisation

10.1.2 Scientific events: selection

10.1.3 Journal

Rémi Badonnel has been selected to serve as Editor-in-Chief for Springer Journal of Network and System Management (JNSM)from January 2023.

10.1.4 Invited talks

Rémi Badonnel gave a talk on Cyberspace Security Management at University of Zurich (Switzerland) in April 2022.

Rémi Badonnel gave a talk on Security Monitoring for the Cyberspace at the DGA Workshop on Security Monitoring (SupSec) organized at Inria Rennes in September 2022.

Rémi Badonnel gave a talk on Managing Security for the Internet at the French-German Workshop organized at CISPA (Germany) in October 2022.

10.1.5 Leadership within the scientific community

Rémi Badonnel is chair of the IFIP (International Federation for Information Processing) WG6.6 (Working Group 6.6) dedicated to the management of networks and distributed systems.

Jérôme François is co-chair of NMRG (Network Management Research Group) of IRTF (Internet Research Task Force).

10.1.6 Scientific expertise

Isabelle Chrisment is a member of the AFNIC's Scientific Council. She is also a member of the SLICES-PP project's general assembly.

Olivier Festor is member of the Scientific Council of Orange. He is also member of the board of the ANR evaluation committee on "Software Science and Engineering, communication Networks and High Performance Infrastructures". He is member of the Strategic Board of the UE project CONCORDIA.

10.1.7 Research administration

Isabelle Chrisment is Deputy Scientific Director at Inria in charge of the national scientific domain “Networks, Systems ans Services, Distributed Computing”. She was also a member of the COMIPERS at Inria Nancy Grand Est.

Abdelkader Lahmadi is the scientific head of the High Security Lab of Nancy.

Thibault Cholez is part of the executive committee of the University of Lorraine's I-site project Digitrust on cybersecurity and responsible of the axis "Protocols for Secure Networks and Network Monitoring". Digitrust Activity Report.

10.2.1 Teaching

Rémi Badonnel is heading the Internet Systems and Security specialization of the 2nd and 3rd years at the TELECOM Nancy engineering school.

Thibault Cholez is in charge of the organization of professional projects for the three years of TELECOM Nancy students in apprenticeship.

Olivier Festor is the Director of Lorraine INP which groups all engineering schools of Université of Lorraine.

Abdelkader Lahmadi is heading the training Engineering of Digial Systems at ENSEM engineering school.

Team members are teaching the following courses:

• Rémi Badonnel 242 hours - L3, M1, M2 - Networks, Systems and Services, Software Design and Programming, Cloud Computing, Network and Security Management - TELECOM Nancy, Université de Lorraine
• Thibault Cholez 300 hours - L3, M1, M2 - Computer Networks, Network Services, Constraint development on small Connected Objects, Mobile applications and Internet of Things, Git - TELECOM Nancy, Université de Lorraine
• Olivier Festor 128 hours - L3, M1, M2 - Advanced algorithmics and problem solving, Data Structures and Algorithms, Network security, network management, Devops and SCRUM, Project Management – TELECOM Nancy, Université de Lorraine
• Jérôme François 70 hours - M1, M2 - Network security, network management, big data - TELECOM Nancy, Université de Lorraine
• Abdelkader Lahmadi 280 hours - L3, M1, M2 - Sensor Networks, Distributed Systems and Algorithms, Algorithms and Advanced Programming, Security of Cyber Physical Systems - ENSEM Engineering School, Université de Lorraine

10.2.2 Supervision

PhD in progress

• Enzo D'Andrea, Graph-based network data representation for machine learning, since October 2021, supervised by Olivier Festor & Jérôme François.
• Omar Anser, Automation of attack mitigations in 5G environments, since December 2021, supervised by Isabelle Chrisment & Jérôme François.
• Philippe Graff, Development and orchestration of network micro-services for low-latency and secure applications, since September 2020, supervised by Olivier Festor and Thibault Cholez.
• Adrien Hemmer, Predictive Security Monitoring for Large-Scale Internet-of-Things, since October 2018, supervised by Isabelle Chrisment and Rémi Badonnel.
• Matthews Jose, Programming model for new flow-based network monitoring, since January 2019, supervised by Olivier Festor & Jérôme François.
• Joel Ky, Caractérisation, classification et diagnostic des applications de cloud gaming, since October 2021, supervised by Raouf Boutaba & Abdelkader Lahmadi.
• Mohamed Oulaaffart, Automating security enhancement for cloud services, since January 2020, supervised by Olivier Festor & Rémi Badonnel.
• Mehdi Zakroum, Forecasting cyberthreats from exogeneous data, since October 2019, supervised by Isabelle Chrisment & Jérôme François.
• Wafik Zahwa, Building Self-Driven Network Functions, since October 2022, supervised by Michael Rusinowitch (PESTO team) & Abdelkader Lahmadi.

PhD defended in 2022

• Jean-Philippe Eisenbarth, Securing the future blockchain-based security services1, Université de Lorraine, December 13, 2022, supervised by Thibault Cholez and Olivier Perrin (COAST team).
• Pierre-Marie Junges, Internet-wide automated assessment of the exposure of the IoT devices to security risks, Université de Lorraine, July 7, 2022, supervised by Olivier Festor and Jérôme François 17.
• Abir Laraba, Data-Driven Intelligent Monitoring for Software-Defined Networks, Université de Lorraine, October 12, 2022, supervised by Isabelle Chrisment, Raouf Boutaba & Jérôme François 18.

10.2.3 Juries

Team members participated in the following Ph.D. defense committees:

• Eder Scheid, PhD in Computer Science from University of Zurich (Switzerland). Title: An Intent-based Blockchain-agnostic Interaction Environment, April 2022 – (Rémi Badonnel as reviewer)
• Manel Smine, PhD in Computer Science from IMT Atlantique Bretagne – Pays de la Loire (France). Title: Software-defined Security for Network Function Virtualization, December 2022 – (Rémi Badonnel as reviewer)
• Laurens Van Hoye, PhD in Computer Science from Ghent University (Belgium). Title: Mitigating Potential Trust Issues in Ad Hoc Collaborations, December 2022 – (Rémi Badonnel as reviewer)
• Antoine Durey, PhD in Computer Science from Université de Lille. Title: Leveraging browser fingerprinting to strengthen web authentication, January 2022 – (Isabelle Chrisment reviewer)
• Nicolas Sourbier, PhD in Computer Science from INSA Rennes COMUE Université Bretagne Loire. Title: Learning-Based Network Intrusion Detection : an Imbalanced, Constantly Evolving and Timely Problem, September 2022 – (Isabelle Chrisment as reviewer)
• Imane Taibi, PhD in Computer Science from Université Rennes 1. Title: Web-based data driven network monitoring: from performance estimation to anomaly detection. September 2022 – (Isabelle Chrisment as examiner)
• Alexandre Dey, PhD in Computer Science from Ecole Nationale Supérieure Mines-Télécom Atlantique Bretagne Pays-de-la-Loire - IMT Atlantique. Title: Datascience in support of cybersecurity operations. Adaptable, robust and explainable anomaly detection for security analysis. December 2022 – (Isabelle Chrisment as examiner)
• Arnaud Rosay, PhD in Computer Science from Le Mans Université. Title: Détection d’intrusions dans les objets connectés par des techniques d’apprentissage automatique, December 2022 – (Isabelle Chrisment as examiner)
• Zhejiayu Ma, PhD in Computer Science from Université Côte d'Azur. Title: Optimisation basée sur l’apprentissage des systèmes de streaming hybrides cdn/v2v, Decembre 2022 – (Isabelle Chrisment as examiner)
• Aïmad Berady, PhD in Computer Science from Centrale Supélec. Title: Comprendre les menaces sophistiquées, November 2022 – (Jérôme François as examiner)

Team members participated in the following Habilitation Degree committees:

• Eric Alata, HDR in Computer Science from Université de Toulouse, (France). Title: Sécurité système multi-niveaux, des architectures bas-niveaux aux approches formelles orientées langages, November 2022 – (Isabelle Chrisment as president)
• Emmanuel Lavinal, HDR in Computer Science from Université de Toulouse, (France). Title: De la configuration `a la programmation de réseaux virtuels, December 2022 – (Olivier Festor as reviewer)

International committees:

• Ihsan Ullah, committee for Tenured Associate Professor position, University of Balochistan, Pakistan. October 2022 – (Thibault Cholez as reviewer)

International journals

• 1 articleR.Remi Badonnel, C.Carol Fung, S.Sandra Scott-Hayward, Q.Qi Li, F.Fulvio Valenza and C.Cristian Hesselman. Guest Editors Introduction: Special Section on Recent Advances in Network Security Management.IEEE Transactions on Network and Service Management193September 2022, 2251-2254
  HALDOIback to text
• 2 articleS.Soline Blanc, A.Abdelkader Lahmadi, K.Kévin Le Gouguec, M.Marine Minier and L.Lama Sleem. Benchmarking of lightweight cryptographic algorithms for wireless IoT networks.Wireless Networks288November 2022, 3453-3476
  HALDOIback to text
• 3 articleJ.-P.Jean-Philippe Eisenbarth, T.Thibault Cholez and O.Olivier Perrin. Ethereum’s Peer-to-Peer Network Monitoring and Sybil Attack Prevention.Journal of Network and Systems Management304July 2022, 65
  HALDOIback to text
• 4 articleM.Matthews Jose, K.Kahina Lazri, J.Jérôme François and O.Olivier Festor. Stateful InREC: Stateful In-network REal Number Computation with Recursive Functions.IEEE Transactions on Network and Service ManagementAugust 2022, 1-1
  HALDOIback to textback to textback to text
• 5 articleM.Mehdi Zakroum, J.Jerome Francois, I.Isabelle Chrisment and M.Mounir Ghogho. Monitoring Network Telescopes and Inferring Anomalous Traffic Through the Prediction of Probing Rates.IEEE Transactions on Network and Service ManagementJune 2022, 1-1
  HALDOIback to text

International peer-reviewed conferences

• 6 inproceedingsA.Ahmad Abboud, R.Remi Garcia, A.Abdelkader Lahmadi, M.Michael Rusinowitch, A.Adel Bouhoula and M.Mondher Ayadi. Automatically Distributing and Updating In-Network Management Rules for Software Defined Networks.NOMS 2022-2022 IEEE/IFIP Network Operations and Management SymposiumBudapest, HungaryIEEEApril 2022, 1-9
  HALDOIback to text
• 7 inproceedingsP.Pieter Cuijpers, S.Stefan Schmid, N.Nicolas Schnepf and J.Jiří Srba. The Hazard Value: A Quantitative Network Connectivity Measure Accounting for Failures.2022 52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)Baltimore, United StatesIEEEJune 2022, 239-250
  HALDOIback to text
• 8 inproceedingsJ.Juuso Haavisto, T.Thibault Cholez and J.Jukka Riekki. Unleashing GPUs for Network Function Virtualization: an open architecture based on Vulkan and Kubernetes.35th IEEE/IFIP Network Operations and Management Symposium (NOMS 2022)Budapest, HungaryIEEEApril 2022, 1-8
  HALDOIback to text
• 9 inproceedingsM.Matthews Jose, K.Kahina Lazri, J.Jérôme François and O.Olivier Festor. NetREC: Network-wide in-network REal-value Computation.IEEE NetSoft 2022 - 8th IEEE International Conference on Network SoftwarizationMilan, ItalyJune 2022
  HALback to textback to textback to text
• 10 inproceedingsJ.Joel Ky, B.Bertrand Mathieu, A.Abdelkader Lahmadi and R.Raouf Boutaba. Assessing Unsupervised Machine Learning solutions for Anomaly Detection in Cloud Gaming Sessions.18th International Conference on Network and Service Management (CNSM)2022 18th International Conference on Network and Service Management (CNSM)Thessaloniki, GreeceIEEEOctober 2022, 367-373
  HALDOIback to textback to text
• 11 inproceedingsA.Abir Laraba, J.Jérôme François, I.Isabelle Chrisment, S.Shihabur Rahman Chowdhury and R.Raouf Boutaba. Detecting Multi-Step Attacks: A Modular Approach for Programmable Data Plane.NOMS2022 - IEEE/IFIP Network Operations and Management SymposiumBudapest, HungaryApril 2022
  HALback to text
• 12 inproceedingsM.Mohamed Oulaaffart, R.Remi Badonnel and C.Christophe Bianco. An Automated SMT-based Security Framework for Supporting Migrations in Cloud Composite Services.IEEE/IFIP Network Operations and Management SymposiumBudapest, HungaryApril 2022
  HALback to text
• 13 inproceedingsM.Mohamed Oulaaffart, R.Rémi Badonnel and O.Olivier Festor. CMSec: A Vulnerability Prevention Tool for Supporting Migrations in Cloud Composite Services.CloudNet 2022 - IEEE International Conference on Cloud NetworkingParis, FranceNovember 2022
  HALback to text
• 14 inproceedingsS.Sara Ricci, M.Marek Sikora, S.Simon Parker, I.Imre Lendak, Y.Yianna Danidou, A.Argyro Chatzopoulou, R.Remi Badonnel and D.Donatas Alksnys. Job Adverts Analyzer for Cybersecurity Skills Needs Evaluation.ARES 2022: The 17th International Conference on Availability, Reliability and SecurityARES '22: Proceedings of the 17th International Conference on Availability, Reliability and SecurityVienna, AustriaACMAugust 2022, 1-10
  HALDOIback to text

Edition (books, proceedings, special issue of a journal)

• 15 periodicalBRAINS 2020 special issue: Blockchain research and applications for innovative networks and services.International Journal of Network Management3222022, e2189
  HALDOIback to text

Doctoral dissertations and habilitation theses

• 16 thesisR.Rémi Badonnel. Managing Security for the Cyber-Space - From Smart Monitoring to Automated Configuration.Université de Lorraine (UL)March 2022
  HALback to text
• 17 thesisP.-M.Pierre-Marie Junges. Internet-wide automated assessment of the exposure of the IoT devices to security risks.Université de LorraineJuly 2022
  HALback to textback to text
• 18 thesisA.Abir Laraba. Protocol Abuse Mitigation In SDN Programmable Data Planes.Université de LorraineOctober 2022
  HALback to text

Scientific popularization

• 19 inproceedingsJ.Joël Ky, B.Bertrand Mathieu, A.Abdelkader Lahmadi and R.Raouf Boutaba. Characterization and troubleshooting of cloud gaming applications on mobile networks.Network Traffic Measurement and Analysis Conference (TMA 2022)Enschede, NetherlandsJune 2022
  HALback to textback to text

Patents

• 20 patentA.Abdelkader Lahmadi, J.Jérôme François and F.Frédéric Beck. Computer-implemented method for testing the cybersecurity of a target environment.WO2022023671A1FranceFebruary 2022
  HALback to text