86documents trouvés
Set-up and deployment of a high-interaction honeypot: experiment and lessons learned
V.NICOMETTE, M.KAANICHE, E.ALATA, M.HERRB
TSF, 2I
Revue Scientifique : Journal in Computer Virology, Vol.7, N°2, pp.143-157, Mai 2011 , N° 09062
Lien : http://hal.archives-ouvertes.fr/hal-00762596
Diffusable
Plus d'informations
Abstract
This paper presents the lessons learned from an empirical analysis of attackers behaviours based on the deployment on the Internet of a high-interaction honeypot for more than one year. We focus in particular on the attacks performed via the SSH service and the activities performed by the attackers once they gain access to the system and try to progress in their intrusion. The first part of the paper describes: i) the global architecture of the honeypot and the mechanisms used to capture the implementation details so that we can observe attackers behaviours and ii) the details of the experiment itself (duration, data captured, overview of the attackers activity). The second part presents the results of the observation of the attackers. It includes: i) the description of the global attack process, constituted of two main steps, dictionary attacks and intrusions and ii) the detailed analysis of these two main steps.
Mots-Clés / Keywords
Security threats; Experimental analysis; Honeypots; Dictionary attack; Intrusion;
Intrusion-tolerant fine-grained authorization for Internet applications
V.NICOMETTE, D.POWELL, Y.DESWARTE, N.ABGHOUR, C.ZANON
TSF, Université Hassan II, 2I
Revue Scientifique : Journal of Systems Architecture, Vol.57, N°4, pp.441-451, Avril 2011 , N° 11352
Diffusable
124901Evaluation quantitative de la sécurité: approche basée sur les vulnérabilités
G.VACHE, V.NICOMETTE, M.KAANICHE
TSF
Rapport LAAS N°11145, Mars 2011, 30p.
Diffusable
124291HTML pages clustering algorithm for web security scanners
A.DESSIATNIKOFF, R.AKROUT, E.ALATA, M.KAANICHE, V.NICOMETTE
TSF
Rapport LAAS N°11053, Février 2011, 12p.
Diffusable
123988Enforcing Kernel constraints by hardware-assisted virtualization
E.LACOMBE, V.NICOMETTE, Y.DESWARTE
TSF
Revue Scientifique : Journal in Computer Virology, Vol.7, N°1, pp.1-21, Février 2011 , N° 09461
Diffusable
Plus d'informations
Abstract
This article deals with kernel security protection. We propose a characterization of malicious kernel-targeted actions, based on how the way they act to corrupt the kernel. Then, we discuss security measures able to counter such attacks. We finally expose our approach based on hardware-virtualization that is partially implemented into our demonstrator Hytux, which is inspired from bluepill (Rutkowska in subverting vista kernel for fun and profit. In: Black Hat in Las Vegas, 2006), a malware that installs itself as a lightweight hypervisor-on a hardware-virtualization compliant CPU-and puts a running Microsoft Windows Operating System into a virtual machine. However, in contrast with bluepill, Hytux is a lightweight hypervisor that implements protection mechanisms in a more privileged mode than the Linux kernel.
Mots-Clés / Keywords
Computer security; Malicious kernel actions; Kernel security protection; Hardware-assisted virtualization;
Amélioration de la détection de vulnérabilités Web par classification automatique des réponses
A.DESSIATNIKOFF, R.AKROUT, E.ALATA, V.NICOMETTE, M.KAANICHE
TSF
Manifestation avec acte : Computer and Electronics Security Applications Rendez-vous (c&esar 2010), Rennes (France), 22-24 Novembre 2010, pp.116-130 , N° 10446
Diffusable
123173Exploiting an I/OMMU vulnerability
F. LONE SANG, E.LACOMBE, V.NICOMETTE, Y.DESWARTE
TSF
Manifestation avec acte : International Conference on Malicious and Unwanted Software (MALWARE 2010), Nancy (France), 19-20 Octobre 2010, pp.9-16 , N° 10447
Diffusable
122896Luth: composing and parallelizing midpoint inspection devices
I.ALBERDI, V.NICOMETTE, P.OWEZARSKI
OLC, TSF
Manifestation avec acte : International Conference on Network and System Security (NSS 2010), Melbourne (Australie), 1-3 Septembre 2010, pp.9-16 , N° 10291
Diffusable
Plus d'informations
Mots-Clés / Keywords
IPS; IDS; Firewall; Internet;
Une analyse empirique du comportement des attaquants. Expérimentations et résultats
V.NICOMETTE, M.KAANICHE, E.ALATA
TSF
Revue Scientifique : Techniques et Sciences Informatiques, Vol.29, N°6, pp.691-720, Septembre 2010 , N° 09176
Diffusable
122294Internet: un réseau fondamentalement non sûr
V.NICOMETTE
TSF
Revues de Vulgarisation : Revue de la Défense, N°147, pp.29-30, Septembre -Octobre 2010 , N° 10714
Diffusable
123135