Gregory Blanc's research while affiliated with Institut Mines-Télécom and other places
What is this page?
This page lists the scientific contributions of an author, who either does not have a ResearchGate profile, or has not yet added these contributions to their profile.
It was automatically created by ResearchGate to create a record of this author's body of work. We create such pages to advance our goal of creating and maintaining the most comprehensive scientific repository possible. In doing so, we process publicly available (personal) data relating to the author as a member of the scientific community.
If you're a ResearchGate member, you can follow this page to keep up with this author's work.
If you are this author, and you don't want us to display this page anymore, please let us know.
It was automatically created by ResearchGate to create a record of this author's body of work. We create such pages to advance our goal of creating and maintaining the most comprehensive scientific repository possible. In doing so, we process publicly available (personal) data relating to the author as a member of the scientific community.
If you're a ResearchGate member, you can follow this page to keep up with this author's work.
If you are this author, and you don't want us to display this page anymore, please let us know.
Publications (54)
With the extensive application of deep learning (DL) algorithms in recent years, e.g., for detecting Android malware or vulnerable source code, artificial intelligence (AI) and machine learning (ML) are increasingly becoming essential in the development of cybersecurity solutions. However, sharing the same fundamental limitation with other DL appli...
Smart home IoT devices lack proper security, raising safety and privacy concerns. One-size-fits-all network administration is ineffective because of the diverse QoS requirements of IoT devices. Device classification can improve IoT administration and security. It identifies vulnerable and rogue items and automates network administration by device t...
6th European Cyber Week (6ème semaine européenne de la cybersécurité et de la cyberdéfense)
The chapter focuses on the analysis of the output of clusters and industry associations. It also includes descriptions of national strategic efforts for creating or developing business strategies. With respect to standards, it covers a large scope of standard bodies.
Slice embedding Resource allocation Security VNE a b s t r a c t 5G networks tend to be multi-layered, multi-party and multi-tenant to satisfy the increasing and varying user demand. Network slicing is an efficient solution to share the physical network between different and independent virtual networks called slices. While many research works focu...
This book contains the key findings related to cybersecurity research analysis for Europe and Japan collected during the EUNITY project.
A wide-scope analysis of the synergies and differences between the two regions, the current trends and challenges is provided. The survey is multifaceted, including the relevant legislation, policies and cybersecu...
The third chapter contains the description of the most important research and innovation aspects regarding cybersecurity and privacy. The first two sections have mainly descriptive character, and regard the area of research funding and the area of substantive research directions. The last two sections, in contrast, provide some conclusions regardin...
The chapter examines the state of play of the policy initiatives for both European Union and japan. It does so by offering an high-level comparative analysis of the main legal and policy frameworks on privacy, data protection and cybersecurity applying in the two regions, for the benefit of policy-makers and research experts in the technical and le...
Intrusion detection is an important Cyber Security task. Machine learning (ML) algorithms are often used to calssify the network traffic and detect abnormal behavior. The performance of such algorithms heavily depend on the representation of the network traffic data. Representation learning (RL) consists in learning better features representation b...
Nowadays, IoT devices have been widely deployed for enabling various smart services, such as, smart home or e-healthcare. However, security remains as one of the paramount concern as many IoT devices are vulnerable. Moreover, IoT malware are constantly evolving and getting more sophisticated. IoT devices are intended to perform very specific tasks,...
Nowadays, IoT devices have been widely deployed for enabling various smart services, such as, smart home or e-healthcare. However, security remains as one of the paramount concern as many IoT devices are vulnerable. Moreover, IoT malware are constantly evolving and getting more sophisticated. IoT devices are intended to perform very specific tasks,...
![Fig. 2. Components of NADS [18]](profile/Houda-Jmila/publication/337922455/figure/fig1/AS:863557671477254@1582899601156/Components-of-NADS-18_Q320.jpg)
Intrusion detection is a critical Cyber Security subject. Different Machine Learning (ML) approaches have been proposed for Intrusion Detection Systems (IDS). However, their application to real-life scenarios remains challenging due to high data dimensionality. Representation learning (RL) allows discriminative feature representation in a low dimen...
Network slicing is a prominent feature of 5G, which allow tenants to rent network and computing virtual resources from one or more Infrastructure Providers (InPs). Those resources are allocated according to tenants requirements, not only in terms of QoS but also in terms of security. In this paper, we build on our previous work to propose and evalu...
Phishing attacks have been persistent for more than two decades despite mitigation efforts from academia and industry. We believe that users fall victim to attacks not only because of lack of knowledge and awareness, but also because they are not attentive enough to security indicators and visual abnormalities on the webpages they visit. This is al...
The growing Internet of Things (IoT) market introduces new challenges for network activity monitoring. Legacy network monitoring is not tailored to cope with the huge diversity of smart devices. New network discovery techniques are necessary in order to find out what IoT devices are connected to the network. In this context, data analysis technique...
![Figure 2: 5GPPP Architecture WG's Overall Architecture [5]](profile/Edgardo-Montes-De-Oca/publication/326999865/figure/fig1/AS:969376886951941@1608128868547/5GPPP-Architecture-WGs-Overall-Architecture-5_Q320.jpg)
5G is envisioned as a transformation of the communications architecture towards multi-tenant, scalable and flexible infrastructure, which heavily relies on virtualised network functions and programmable networks. In particular, orchestration will advance one step further in blending both compute and data resources, usually dedicated to virtualisati...
Volumetric Distributed Denial of Service (DDoS) attacks have become a major concern for network operators, as they endanger the network stability by causing severe congestion. Access Control Lists (ACLs), and especially blacklists, have been widely studied as a way of distributing filtering mechanisms at network entry points to alleviate the effect...
This book constitutes the refereed proceedings of the 20th International Conference on Information and Communications Security, ICICS 2018, held in Lille, France, in October 2018.
The 39 revised full papers and 11 short papers presented were carefully selected from 202 submissions. The papers are organized in topics on blockchain technology, malwar...
Distributed Denial of Service (DDoS) attacks have been the plague of the Internet for more than two decades, despite the tremendous and continuous efforts from both academia and industry to counter them. The lessons learned from the past DDoS mitigation designs indicate that the heavy reliance on additional software modules and dedicated hardware d...
This paper presents a dynamic policy enforcement mechanism that allows ISPs to specify security policies to mitigate the impact of network attacks by taking into account the specific requirements of their customers. The proposed policy-based management framework leverages the central network view provided by the Software-Defined Networking (SDN) pa...
We present a DDoS mitigation mechanism dispatching suspicious and legitimate traffic into separate MultiProtocol Label Switching (MPLS) tunnels, well upstream from the target. The objective is to limit the impact a voluminous attack could otherwise have on the legitimate traffic through saturation of network resources. The separation of traffic is...
Because of the threat posed by advanced multi-step attacks, it is difficult for security operators to fully cover all vulnerabilities when deploying countermeasures. Deploying sensors to monitor attacks exploiting residual vulnerabilities is not sufficient and new tools are needed to assess the risk associated with the security events produced by t...
This book constitutes the refereed proceedings oft he 19th International Symposium on Research in Attacks, Intrusions, and Defenses, RAID 2016, held in Evry, France, in September 2016.
The 21 full papers presented were carefully reviewed and selected from 85 submissions. They are organized around the following topics: systems security; low-level at...
It is often said that the eyes are the windows to the soul. If that is true, then it may also be inferred that looking at web users’ eye movements could potentially reflect what they are actually thinking when they view websites. In this paper, we conduct a set of experiments to analyze whether user intention in relation to assessing the credibilit...
As information systems become more complex and dynamic, Policy Decision Points (PDPs) and Policy Enforcement Points (PEPs) follow the same trend. It becomes thus increasingly important to model the capabilities of these PDPs and PEPs, both in terms of coverage, dependencies and scope.
In this paper, we focus on Policy Enforcement Points to model th...
HTTPS websites are often considered safe by the users, due to the use of the SSL/TLS protocol. As a consequence phishing web pages delivered via this protocol benefit from that higher level of trust as well. In this paper, we assessed the relevance of heuristics such as the certificate information, the SSL/TLS protocol version and cipher-suite chos...
We present WebVisor, an automated tool to derive patterns from malware Command and Control (C&C) server connections. From collective network communications stored on a large-scale malware dataset, WebVisor establishes the underlying patterns among samples of the same malware families (e.g., families in terms of development tools). WebVisor focuses...
Distributed Denial of Service attacks (DDoS) have remained as one of the most destructive attacks in the Internet for over two decades. Despite tremendous efforts on the design of DDoS defense strategies, few of them have been considered for widespread deployment due to strong design assumptions on the
Internet infrastructure, prohibitive operation...
This book constitutes the refereed proceedings of the 18th International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2015, held in Kyoto, Japan, in November 2015.
The 28 full papers were carefully reviewed and selected from 119 submissions. This symposium brings together leading researchers and practitioners from academia, gover...
Research in information security has generally focused on providing a
comprehensive interpretation of threats, vulnerabilities, and attacks, in
particular to evaluate their danger and prioritize responses accordingly. Most
of the current approaches propose advanced techniques to detect intrusions and
complex attacks but few of these approaches prop...
The Secure Socket Layer (SSL) and Transport Layer Security (TLS) are the most widely deployed security protocols used in systems required to secure information such as online banking. In this paper, we propose three handshake-information-based methods for classifying SSL/TLS servers in terms of security: (1) Distinguished Names-based, (2) proto-col...
In recent years, we have seen a surge of cybersecurity incidents ranging fromwidespread attacks (e.g., large-scale attacks against infrastructures or end points [1]) to new technological advances (i.e., new generations of malicious code are increasingly stealthy, powerful and pervasive [2]). Facing these incidents, the European Union, Japan, the Un...
Since the late 60's, different security access control models have been proposed. Their rationale is to conceive high level abstract concepts that permit to manage the security policies of organizations efficiently. However, enforcing these models is not a straightforward task, especially when they do not consider the reality of organizations which...
Cloud computing provides a multitenant feature that enables an IT asset to host multiple tenants, improving its utilization rate. The feature provides economic benefits to both users and service providers since it reduces the management cost and thus lowers the subscription price. Many users are, however, reluctant to subscribe to cloud computing s...
Obfuscation, code transformations that make the code unintelligible, is still an issue for web malware analysts and is still a weapon of choice for attackers. Worse, some researchers have arbitrarily decided to consider obfuscated contents as malicious although it has been proven wrong. Yet, we can assume than some web attack kits only feature a fr...
Modern web applications incorporate many programmatic frameworks and APIs that are often pushed to the client-side with most of the application logic while contents are the result of mashing up several resources from different origins. Such applications are threatened by attackers that often attempts to inject directly, or by leveraging a stepstone...
Spam over Internet Telephony (SPIT) will become a serious threat in the near future because of the growing number of Voice over IP (VoIP) users. Due to the real-time processing requirements of voice communication, SPIT is more difficult to filter than email spam. We propose a trust-based mechanism that uses the duration of calls between users to di...
Ensuring users with a safe web experience has become a critical problem recently as fraud and privacy infringement on the Internet are becoming current. Web-scripting-based malware is also intensively used to carry out longer-term exploitation such as XSS worms or botnets, and server-side countermeasures are often ineffective against such threats w...
Everyday, millions of Internet users access AJAX-powered web applications. However, such richness is prone to security issues. In particular, Web 2.0 attacks are difficult to detect and block since it is similar to legitimate traffic. As a ground for our research, we review past related works and explain what might be missing to tackle Web 2.0 secu...
DDoS attacks have created a need for components that not only filter out these malicious flows but also track these flows back to their source, even if spoofed. To track back over inter-domain, an Au-tonomous System (AS) has to determine the actual upstream ASes about the targeted flow. Usually, inferring the upstream AS of a flow requires collecti...
Web attacks are plaguing the Internet and there is no sin-gle day without a user getting infected, subverted or trapped into giving away private or bankable information. Many intrusion systems have tried to protect Web servers but eventually fail to tackle the scope of Web 2.0 attacks. Browser plug-ins are sure a good alternative for preventing the...
Cloud computing is the new trend in information science that is capable to change drastically the way we were using Internet. Despite all its advantages, users are always reluctant to host their data in the cloud because they are doubtful about its security, particularly the security related to the multi-tenant environment. Traditional access contr...
Citations
... The researchers in [20] provide a comprehensive review of the research on XAI and its applications in cybersecurity. The paper highlights the growing need for AI models that can be understood and interpreted by humans in the context of cybersecurity. ...
![[object Object]](https://i1.rgstatic.net/ii/profile.image/11431281086758107-1664317967799_Q64/Fabien-Charmet.jpg)
... Machinelearning-based encrypted TA [224] 2022 A survey consists of an analysis of IoT traffic data acquisition approaches, a classification of public datasets, a literature evaluation of IoT traffic processing, and a comparison of ML approaches for IoT device classification. ...
![[object Object]](https://i1.rgstatic.net/ii/profile.image/977621445771264-1610094524387_Q64/Houda-Jmila.jpg)
![[object Object]](https://i1.rgstatic.net/ii/profile.image/677598682173445-1538563523782_Q64/Mustafizur-Rahman-Shahid-2.jpg)
![[object Object]](https://i1.rgstatic.net/ii/profile.image/11431281085176396-1663661622200_Q64/Marwan-Lazrag.jpg)
... They used Generative Adversarial Imitation Learning (GAIL) as an alternative GAN method with backward reinforcement learning. Shahid et al. [62] presented a method with GAN for IoT Network Traffic Generation. They used GAN for categorical data generation and combined it with a WGAN autoencoder. ...
![[object Object]](https://i1.rgstatic.net/ii/profile.image/272485111300110-1441976921276_Q64/Herve-Debar.jpg)
... In more recent works, researchers attempt to promote solutions concerning different aspects. For instance, research and innovation [18], legal and police [19], historical to maintaining computer security [20], challenges to face the interoperable cyber-security of information [21], barriers that have been present in the implementation of CSIRTs [22]. Finally, at a local level, the ECU-CERT of the Ecuadorian government, the CSIRT of Ecuadorian Consortium for the Development of Research and Academia (CEDIA), and the CSIRT of the National Polytechnic School, which function with traditional services, are still in the implementation and improvement to reach their maturity levels. ...
![[object Object]](https://i1.rgstatic.net/ii/profile.image/325100692885511-1454521453695_Q64/Anna-Felkner.jpg)
... In more recent works, researchers attempt to promote solutions concerning different aspects. For instance, research and innovation [18], legal and police [19], historical to maintaining computer security [20], challenges to face the interoperable cyber-security of information [21], barriers that have been present in the implementation of CSIRTs [22]. Finally, at a local level, the ECU-CERT of the Ecuadorian government, the CSIRT of Ecuadorian Consortium for the Development of Research and Academia (CEDIA), and the CSIRT of the National Polytechnic School, which function with traditional services, are still in the implementation and improvement to reach their maturity levels. ...
... In this scenario, an Impersonation Attack could be suffered, where an attacker impersonates an NSM, having total control of the segments, impacting integrity, including confidentiality of the system, with the API being an attack point [11] [12] [13]. If the traffic between VNFS is routed through an insecure physical route, it could suffer replay attacks and MitM affecting confidentiality and can escalate further [11] [12] [15]. In addition, control plane functions such as the network segment selection function (NSSF) are common in several segments. ...
... Authors in [32] studied a security problem during migration problems. They propose monitoring techniques in order to discover security attacks on the migration process. ...
... IoTrelated Objective [19] Identify DDoS attacks as soon as they are launched from IoT devices that were recruited to a botnet [20] Create an IoT anomaly detection service [29] Create an anomaly detection IoT system for smart cities [30] Review machine learning (ML) and deep learning (DL) based intrusion detection systems (IDSs) used in IoT settings [31] Overcome certain limitations of the Density-Based Spatial Clustering of Applications with Noise (DBSCAN) algorithm [32] Compare several ML algorithms for attack and anomaly detection in IoT systems [33] Create an IDS for low-powered and resource-constrained IoT devices, using unsupervised learning [34] Create a real-time, self-training, easily deployed, anomaly-based DDoS detection system for IoT networks [35] Detect compromised IoT devices without sharing data [36] Improve the effectiveness of traditional ML IDSs on low-frequency attacks in high-dimensional networks [37] Propose a federated-based approach for the detection of botnet attacks, using on-device decentralized traffic data [38] Create an anomaly detector for IoT network communication [39] Create a DL-based botnet attack detector for compromised IoT devices [40] Create a software-defined network (SDN) based security mechanism to detect and mitigate DDoS attacks on IoT networks [41] Detect cyber-attacks based on user behavior [42] Create an anomaly-based DDoS attack detector, using autoencoders (AEs) ...
... Shawe and Abbas [11] introduced a standard for increasing accuracy using singular value decomposition (SVD) enhancement by reducing data, and the classification algorithms used is back propagation neural network (BPNN) with an accuracy of 94,34%. Studies in [12]- [17] have higher detection rates and false alarm rates, also integrated of classification and clustering reached better results. In [18] and [19], analysis of fuzzy cluster is used to classify data and achieved better results. ...
![[object Object]](https://i1.rgstatic.net/ii/profile.image/280388892151811-1443861329772_Q64/Mohamed-Ibn-Khedher.jpg)
![[object Object]](https://i1.rgstatic.net/ii/profile.image/272671728467976-1442021414429_Q64/Mounim-El-Yacoubi.jpg)
... Moreover, a quick and dynamic response should be offered to satisfy the constraints of service level agreement (SLA). Mainly, the present solutions for resource allocation and network slicing are expensive computationally while not supporting the mixed slice requests [5,6]. ...
![[object Object]](https://i1.rgstatic.net/ii/profile.image/869423032332289-1584298012640_Q64/Stephane-Betge-Brezetz-2.jpg)
