Subventions et des contributions :

Subvention ou bourse octroyée s'appliquant à plus d'un exercice financier. (2017-2018 à 2020-2021)

Everyday, a deluge of cyber attacks is launched against the cyber infrastructure of corporations, governmental agencies and individuals, with unprecedented sophistication, speed, intensity, volume, damage and audacity. Besides, the threat landscape is shifting towards more stealthy, mercurial and targeted advanced persistent threats against: (a) industrial control systems, (b) IoT devices, (c) social networks, (d) SDN and cloud infrastructure, and (e) mobile devices, which exacerbates even more the security challenge. These attacks emanate from a wide spectrum of perpetrators such as criminals, cyber-terrorists, terrorists, and foreign intelligence/military services. The damage can be even more potent when the target involves critical infrastructure. Organizations deploy an arsenal of security apparatus such as firewalls, intrusion detection and prevention systems, and network security monitoring, which generates various alerts, events, code and logs that are generally voluminous, unavailable in real-time, and underused. In this context, there is an acute desideratum that consists of harnessing big data technologies in order to subject the aforementioned security logs, data feeds and streams to real-time aggregation, analysis, mining and correlation to derive timely and relevant cyber threat intelligence that will enable detection, prevention, mitigation and attribution of cyber threats. In the short term, we will focus on the most prominent OS platforms, namely those based on Android operating system. Indeed, Android holds nearly 87.6% of the market share in the mobile world. Moreover, it is rapidly expanding to various consumer electronics and Internet of Things (IoT) devices through the Google’s Brillo platform. In this regard, the long-term goal of this research proposal is to elaborate a practical framework for the generation of timely, relevant, and actionable intelligence to counter cyber threats. In the short term, we will focus on the analysis of Android threats. In this respect, our short and mid-term goals are as follows: (i) elaborate a suite of highly scalable techniques for the automatic analysis of large influx of Android malware and target applications. Typical analyses include: classification and clustering of malicious targets, new malware family detection and isolation of malicious behaviours; (ii) devise scalable algorithms to characterize, track and aggregate network footprints of Android threats by analyzing various network information such as passive DNS streams, malware network flows collected via dynamic analysis, as well as darknet traffic streams; (iii) design and implement a framework for the generation of cyber threat intelligence that leverages the aforementioned innovative, near-real-time, highly-scalable and streamlined techniques for the analysis of the malware feeds, applications and related network information streams.