The development of TLS-based encrypted traffic comes with new challenges related to the management and security analysis traffic. There is an essential need for methods investigate, a proper level identification, increasing number HTTPS that may hold breaches. In fact, although many approaches detect type application (Web, P2P, SSH, etc.) running in secure tunnels, others identify couple specific web pages through website fingerprinting, this paper proposes robust technique precisely...

Content-Centric Networking (CCN) recently received a lot of attention thanks to its elegant way optimize content diffusion at the scale Internet. However, communications occurring edge Internet, in particular Internet Things (IoT), are also vivid research topic. Even if CCN was not initially designed specific traffic pattern IoT, it can be improved better support these new applications. In this paper, we propose within for IoT network where information is created and consumed different...

Information Centric Networking (ICN) is seen as a promising solution to re-conciliate the Internet usage with its core architecture. However, be considered realistic alternative IP, ICN must evolve from pure academic proposition deployed in test environments an operational which security assessed protocol design running implementation. Among solutions, Named Data (NDN), together reference implementation NDN Forwarding Daemon (NFD), acts most mature proposal but vulnerability against Content...

Nowadays, most of Web services are accessed through HTTPS. While preserving user privacy is important, it also mandatory to monitor and detect specific users' actions, for instance, according a security policy. This paper presents solution HTTP/2 traffic over TLS. It highly differs from HTTP/1.1 TLS what makes existing monitoring techniques obsolete. Our solution, H2Classifier, aims at detecting if performs an action that has been previously defined monitored service, but without using any...

Encrypted Internet traffic is an essential element to enable security and privacy in the Internet. Surveys show that websites are more being served over HTTPS. They highlight increase of 48% sites using TLS past year, justifying tendency Web going be encrypted. This motivates development new tools methods monitor filter HTTPS traffic. paper handles latest technique for filtering based on Server Name Indication (SNI) field which has been recently implemented many firewall solutions. Our main...

With the recent technological evolutions in networks and increased deployment of multi-tier clouds, cloud gaming (CG) is gaining renewed interest expected to become a major Internet service upcoming years. Many companies have launched powerful platforms such as Google Stadia, Nvidia GeForce Now, Microsoft xCloud, Sony PlayStation Now among others, attract players. However, for all end-users fully enjoy their sessions over wide range network access qualities, CG must adapt traffic. In this...

Cloud Gaming (CG) has been gaining a lot of interest and major actors have entered this market such as Google, Nvidia, Sony or Microsoft. They operate CG platforms that attract an increasing number players worldwide. This type traffic is highly demanding for network infrastructures because it requests simultaneously high bandwidth, low delay no degradation (interruptions jitter) to ensure good end-user's QoE. To improve the delivery low-latency applications, new Active Queue Management...

The Distributed Hash Table (DHT) architecture is known to be a very efficient way implement peer-to-peer (P2P) computer networks.However, the scientific literature also proved that DHT functioning in P2P networks can easily disrupted by single entity controlling many peers, as Sybil Attack.Various defensive mechanisms are prevent such attacks, or at least hinder them.The current study evaluates resiliency of InterPlanetary File System (IPFS) network legacy Attack.We show that, surprisingly,...

While IPv6 is increasingly being deployed in networks, including ISPs, the need to monitor and manage associated protocols increases. In this paper we focus on Neighbor Discovery Protocol motivate importance it. We also present our approach for task together with functionalities provide software, NDPMon, that developed.

The Bitcoin peer-to-peer network ensures the consensus between different nodes responsible for propagation of blocks containing validated bitcoin transactions. quality and safety this are therefore particularly essential. In work, we present a study public that form backbone p2p network. We analyze results our measurement campaign was made following well-defined reproducible methodology. particular several criteria can affect resilience: distribution security assessment clients' versions,...

Low-Iatency (LL) applications, such as the increasingly popular cloud gaming (CG) services, have stringent latency requirements. Recent network technologies L4S (Low Latency Low Loss Scalable throughput) propose to optimize transport of LL traffic and require efficient ways identify it. A previous work proposed a supervised machine learning model CG but it suffers from limited processing rate due pure software approach lack generalization. In this paper, we hybrid P4/NFV architecture, where...

BitTorrent is a widely deployed P2P file sharing protocol, extensively used to distribute digital content and soft- ware updates, among others. Recent actions against torrent tracker repositories have fostered the move towards fully distributed solution based on hash table support both search implementation. In this paper we present security study of main decentralized in BitTorrent, commonly known as Mainline DHT. We show that lack DHT allows very efficient attacks can easily impact...

Recent surveys show that the proportion of encrypted web traffic is quickly increasing. On one side, it provides users with essential properties security and privacy, but on other raises important challenges issues for organizations, related to monitoring (filtering, anomaly detection, etc.). This paper proposes improve a recent technique HTTPS based Server Name Indication (SNI) field TLS which has been implemented in many firewall solutions. method currently some weaknesses can be used...

We present a new solution to protect the widely deployed KAD DHT against localized attacks which can take control over entries. show through measurements that IDs distribution of best peers found after lookup process follows geometric distribution. then use this result detect by comparing real peers' ID distributions theoretical one thanks Kullback-Leibler divergence. When an attack is detected, we propose countermeasures progressively remove suspicious from list possible contacts provide...

Peer-to-peer (P2P) systems are widely used to exchange content over the Internet. Knowledge of pedophile activity in such networks remains limited, despite having important social consequences. Moreover, though there different P2P use, previous academic works on this topic focused one system at a time and their results not directly comparable. We design methodology for comparing KAD eDonkey, two among most prominent ones with anonymity levels. monitor eDonkey servers network during several...

NDN is a promising protocol that can help to reduce congestion at Internet scale by putting content the center of communications instead hosts, and providing each node with caching capability. also natively authenticate transmitted mechanism similar website certificates allows clients assess original provider. But this security feature comes high cost, as it relies heavily on asymmetric cryptography which affects server performance when Data are generated. This particularly critical for many...

We propose a new distributed architecture that aims to investigate and control the spread of contents in KAD P2P network through indexation keywords files. Our solution can DHT at local level with strategy bypassing Sybil attack protections inserted KAD. For targeted entries, we monitor all requests emitted by peers, from initial content publication or search, final download request fake files, assessing accurately peers interest access it. demonstrate efficiency our approach experiments...

de niveau recherche, publiés ou non, émanant des établissements d'enseignement et recherche français étrangers, laboratoires publics privés.

Content pollution is one of the major issues affecting P2P file sharing networks. However, since early studies on FastTrack and Overnet, no recent investigation has reported its impact current In this paper, we present a method supporting architecture to quantify contents in KAD network. We first collect information many popular files shared Then, propose new way detect content by analyzing all filenames linked with metric based Tversky index which gives very low error rates. By large number...

The orchestration of counter-measures in the context security incidents remains a challenging task for network operators. main objective this demonstration is to present how possible virtualized NDN network. Based on an adaptation TOSCA topology and model, it trigger these counter- measures after detection specific attacks. We show Montimage Monitoring Tool (MMT) has been adapted detect typical Content Poisoning Attack (CPA), orchestrator can reactions mitigate their impact