Fatiha Benali

A distributed and privacy-preserving method for network intrusion detection

Organizations security becomes increasingly more difficult to obtain due to the fact that information technology and networking resources are dispersed across organizations. Network intrusion attacks are more and more difficult to detect even if the most sophisticated security tools are used. To address this problem, researchers and vendors have proposed alert correlation, an analysis process that takes the events produced by the monitoring components and produces compact reports on the security status of the organization under monitoring. Centralized solutions imply to gather from distributed resources by a third party the global state of the network in order to evaluate risks of attacks but neglect the honest but curious behaviors. In this paper, we focus on this issue and propose a set of solutions able to give a coarse or a fine grain global state depending on the system needs and on the privacy level requested by the involved organizations.

Collaborative Approach to Automatic Classification of Heterogeneous Information Security

The messages generated by the security devices represent the necessary data for the detection of the malicious activities in an information system. The heterogeneity of the devices and the lack of a standard for the security messages make the automatic processing of the messages difficult. The messages are short, use a very wide vocabulary and have different formats. We propose in this article the collaboration between classifiers to increase the accuracy of the classification. We apply the text categorization technics for the automatic classification of security log files messages, in categories defined by an ontology. We develop an extraction module for the message attributes to reduce the vocabulary size. Then we apply two training algorithms: the k-nearest neighbour algorithm and the naive Bayes, on two corpus of security log messages. Finally we propose to collaborate the classifiers to produce a single classifier with better accuracy.

Automatic classification of security messages based on text categorization

The generated messages by the security devices are the necessary data for the detection of the malicious activities in an information system. The heterogeneity of the devices and the lack of a standard for the security messages make the automatic processing of the messages difficult. The messages are short, use a very wide vocabulary and have different formats. We propose in this article the application of the text categorization technics for the automatic classification of security log files messages, in categories defined by an ontology. We develop an extraction module for the message attributes to reduce the vocabulary size. Then we apply two training algorithms: the k-nearest neighbour algorithm and the naive bayes, on two corpus of security log messages.