Olivier Bettan scite author profile

Olivier Bettan

5Publications

46Citation Statements Received

121Citation Statements Given

How they've been cited

How they cite others

121

Affiliations

Thales (France), Unité Mixte de Physique CNRS/Thales, Thales (Portugal)

Publications

Order By: Most citations

Attacks against Network Functions Virtualization and Software-Defined Networking: State-of-the-art

Reynaud¹,

Aguessy²,

Bettan³

et al. 2016

View full text Add to dashboard Cite

Network Functions Virtualization (NFV) and Software-Defined Networking (SDN) are two emerging paradigms for networks. While being independent from each other, they may be deployed together, which is likely to happen more frequently in the future, as they bring many opportunities for simpler, more flexible and energy-efficient networks. However, they also come with weaknesses that evil-minded users could exploit to disrupt such architectures. In this paper, we survey attacks that have been or could be performed against NFV and SDN, and propose practical countermeasures when applicable.

show abstract

Transparent and Service-Agnostic Monitoring of Encrypted Web Traffic

Brissaud

Jérôme

Chrisment

et al. 2019

IEEE Trans. Netw. Serv. Manage.

View full text Add to dashboard Cite

Nowadays, most of web services are accessed through HTTPS. While preserving user privacy is important, it is also mandatory to monitor and detect specific users' actions, for instance, according to a security policy. This paper presents a solution to monitor HTTP/2 traffic over TLS. It highly differs from HTTP/1.1 over TLS traffic what makes existing monitoring techniques obsolete. Our solution, H2Classifier, aims at detecting if a user performs an action that has been previously defined over a monitored web service, but without using any decryption. It is thus only based on passive traffic analysis and relies on random forest classifier. A challenge is to extract representative values of the loaded content associated to a web page, which is actually customized based on the user action. Extensive evaluations with five top used web services demonstrate the viability of our technique with an accuracy between 94% and 99%.

show abstract

A Protocol for Secure Verification of Watermarks Embedded into Machine Learning Models

Kapusta

Thouvenot

Bettan

et al. 2021

View full text Add to dashboard Cite

Hybrid Risk Assessment Model Based on Bayesian Networks

Aguessy

Bettan

Blanc

et al. 2016

View full text Add to dashboard Cite

Abstract. Because of the threat posed by advanced multi-step attacks, it is difficult for security operators to fully cover all vulnerabilities when deploying countermeasures. Deploying sensors to monitor attacks exploiting residual vulnerabilities is not sufficient and new tools are needed to assess the risk associated with the security events produced by these sensors. Although attack graphs were proposed to represent known multistep attacks occurring in an information system, they are not directly suited for dynamic risk assessment. In this paper, we present the Hybrid Risk Assessment Model (HRAM), a Bayesian network-based extension to topological attack graphs, capable of handling topological cycles, making it fit for any information system. This hybrid model is subdivided in two complementary models: (1) Dynamic Risk Correlation Models, correlating a chain of alerts with the knowledge on the system to analyse ongoing attacks and provide the hosts' compromise probabilities, and (2) Future Risk Assessment Models, taking into account existing vulnerabilities and current attack status to assess the most likely future attacks. We validate the performance and accuracy of this model on simulated network topologies and against diverse attack scenarios of realistic size.

show abstract

Discovering Correlations: A Formal Definition of Causal Dependency Among Heterogeneous Events

Xosanavongsa

Totel

Bettan

2019

View full text Add to dashboard Cite

In order to supervise the security of a large infrastructure, the administrator deploys multiple sensors and intrusion detection systems on several critical places in the system. It is easier to explain and detect attacks if more events are logged. Starting from a suspicious event (appearing as a log entry), the administrator can start his investigation by manually building the set of previous events that are linked to this event of interest. Accordingly, the administrator attempts to identify links among the logged events in order to retrieve those that correspond to the traces of the attacker's actions in the supervised system; previous work is aimed at building these connections. In practice, however, this type of link is not trivial to define and discover. Hence, there is a real necessity to describe and define formally the semantics of these links in literature. In this paper, a clear definition of this relationship, called contextual event causal dependency, is introduced and proposed. The work presented in this paper aims at defining a formal model that would ideally unify previous work on causal dependencies among heterogeneous events. We define a relationship among events that enables the discovery of all events, which can be considered as the cause (in the past) or the effect (in the future) of an event of interest (e.g., an indicator of compromise, produced by an attacker action). This model is gradually introduced and defined by merging two previously defined causality models from the distributed system and operating system research areas (i.e., Lamport's and d'Ausbourg's). Our model takes into consideration heterogeneous events that emanate from different abstraction layers (e.g., network, system, and application) with the main objective of formally defining a causal relationship among logged events. Thereafter, we show how existing implementations separately allow the computation of parts of the model. Finally, we describe the implementation and assessment of the model according to real attacks on distributed environments and its accuracy to extract all causally linked events related to a given attack event trace.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Olivier Bettan

Attacks against Network Functions Virtualization and Software-Defined Networking: State-of-the-art

Transparent and Service-Agnostic Monitoring of Encrypted Web Traffic

A Protocol for Secure Verification of Watermarks Embedded into Machine Learning Models

Hybrid Risk Assessment Model Based on Bayesian Networks

Discovering Correlations: A Formal Definition of Causal Dependency Among Heterogeneous Events

Contact Info

Product

Resources

About