Description
Date depot: 2 février 2023
Titre: Adaptive, distributed and explainable monitoring
Directeur de thèse:
Sébastien TIXEUIL (LIP6)
Encadrant :
Gregory BLANC (SAMOVAR)
Domaine scientifique: Sciences et technologies de l'information et de la communication
Thématique CNRS : Systèmes et réseaux
Resumé: This thesis proposes an adaptive approach to monitoring network incidents or attacks in a future network context. In particular, the approach aims at (i) detecting anomalies locally by capturing differences from a learned behavior, (ii) transfering knowledge to other areas of the network, (iii) adapting monitoring parameters with respect to security levels and en- ergy consumption using network programmability, and (iv) evaluating both the anomaly detection and the impact of countermeasures, beyond the performance aspect.
Departing from a static approach to countermeasure selection, the approach will lift locks in adaptive security using artificial intelligence: by modelling the network state con- tinuously, we will be able to observe anomalies and recover from anomalous situations, while quantifying the impacts of mitigation on the target network and reconfiguration of the monitoring systems.
Our monitoring approach will carefully design data collection techniques to be lightweight (likely to be deployed at the edge) and a robust detection technique able to sustain uncertainties by better accommodating the dynamics of future networks, including IoT networks, through SDN-based reconfiguration.
Then, the thesis will focus on studying ways to assess the precision of the selected features in representing regular/anomalous traffic, but also challenging the robustness of the learning-based monitoring approach to adversarial approaches. Beyond, the work will focus on designing a rigorous and explainable methodology to assess anomaly detectors.
Additionally, there is a need to quantify the impacts of changes brought upon by the reconfiguration of the network and security policies with respect to distinct objectives such as the return on investment, the business impact. An attempt to reconcile multiple, often opposite, objectives will focus on designing optimization functions.
Doctorant.e: Ayoubi Solayman