Security Research Bearing Experimental Results

SeRBER

Security Research Bearing Experimental Results

Research Group

Affiliated Organization Unit

Research group areas of expertise and current scientific interests

Intrusion detection, intrusion tolerance, network security, cybersecurity, threat intelligence, fraud detection.

Internship Proposal:

Supervisor: Marc Dacier, research group SeRBER

Egaming security

Online Gaming represents a huge economic sector these days, even bigger than the movies industry. They enjoy a spectacular and continuous growth. They rely on a number of different business models but, in many games (not to say most of them), there are financial incentives for players to cheat to improve their performances, to attack others to win parties, to rely on external third parties to acquire new privileges/skills, to buy/sell virtual elements of the games against real monetary values, to misuse the games to commit money laundering, etc…

Over the last years, a great creativity has taken place among fraudsters to provide techniques, tools, services to cheat and commit fraud. The goal of this project is twofold. First, we will carry out a review of the state of the art in terms of scientific contributions to the field. Second, we will experiment with real attacks, in a confined environment, on real platforms, assess their severity and find ways to mitigate them. Any new attack found in the course of this work will be reported to companies following a responsible disclosure process.

You do not need to be an experienced gamer to apply for this project but if you are, it could help. Most importantly, a desire to understand how networks function, an appetite for looking at packets and strange protocols is a must. Python programming is going to be required.

Particular attention will be devoted to ethical consideration before experimenting with any of the identified cheating techniques. Any student misusing the knowledge gained during this project, for his own profit or others, will suffer severe consequences.

Expected Deliverables:

As part of the SeRBER team, the intern will produce a review of the state of the art,. He/She will build a confined networking environment amenable to run repeatable experiments with various games and various game platforms and launch different kinds of attacks against them, while measuring various characteristics of the attack. Mitigation techniques will also be experimented with.

Pen testing the intra network elements

A number of elements exist in the network that can affect the quality, reliability, performance of network connections. They are normally used to improve the end user experience but remain mostly invisible to him/her. Examples of such elements are Web Access Firewall (WAF), Network Firewalls, Traffic shaper, Intrusion Prevention Systems (IPS), Proxies, CDNs, Tunnels, Encapsulation/Translation mechanisms (IPV4/IPV6, HTTP1/HTTP2, etc.), etc.. It is thus very important to continuously verify that these systems behave as they should, that they have not been misconfigured (accidentally or intentionally). It is also very important to be able to verify that no malicious actor has introduced such element on a route between two communicating parties.

As part of an ongoing research project, we have developed a platform that enables to generate test cases and test campaigns exactly for that purpose. The goal of this project is to use that platform to develop test campaigns against specific use cases, such as the detection of a WAF, for instance. The campaigns, once produced, will be tested experimentally at large scale by using machines deployed all over the world. The analysis of the results and of the lessons learned is going to be part of the project as well.

Expected Deliverables:

The intern, together with the other people involved in this project, will first select an interesting use case and, then, develop the test campaigns needed for that target. He/she will design an experimental campaign and run it. He/she will analyse the experimental results. The ultimate goal will be to produce a paper summarizing the work that could be submitted to a security or networking measurement conference.

A desire to understand how networks function, an appetite for looking at packets and strange protocols is a must. Python programming is going to be required.

Security Training in/with/for the meta verse

The goal of this project is to assess the feasibility of using virtual reality for security training. Without going into the details, suffice it to say that we want to build something equivalent to a "Capture the Flag" (CTF) experience in VR. That CTF could be played by players having different levels of expertise. This could be a very simplified view of the world where the user would have "super power" to run attacks, eg in a smart city. It could also be played by an experience person to run detailed attacks against, eg PLCs. In both cases, the underlying system under test would remain the same.

In the context of this project, we have limited ambitions and want to build a first proof of concept to assess the feasibility of developing such environment in VR (eg using an oculus). The development of the parts specific to the VR will be done in collaboration with an engineer who has a long expertise. The intern task will mostly be devoted to the CTF aspect, the networking elements in particular. It will be carried out in collaboration with other people.

A real interest for networking security is a must, as well as a good understanding of network protocols and python programming.

Expected Deliverables:

A proof of concept running in an oculus of a simple CTF playable in a virtual environment. If successful, we would like to also share the lessons learned while doing this work in a scientific conference devoted to teaching and training cybersecurity. A study of the state of the art would thus be required and a paper written at the end of the project with the results obtained.

Forensics analysis of the malicious bot scrapers ecosystem

Web scraping bots are now using so-called RESidential IP Proxy (RESIP) services to defeat state-of-the-art commercial bot countermeasures RESIP providers promise their customers to give them access to tens of millions of residential IP addresses, which belong to legitimate users. They dramatically complicate the task of the existing anti-bot solutions and give the upper hand to the malicious actors. We have developed a new technique to detect traffic coming through such proxy and, in collaboration with industrial partners, have gathered a very large datasets of such connections, and measures thereof. In this project, we want to analyse that dataset according to various view points and, in particular, we want to investigate whether it is possible to use a new multilateration algorithm that we have developed to geolocalize the malicious actors hidden behind the proxies. If successfull, this would immensely benefit the good actors trying to protect the scraped websites.

This work will require strong analytical skills, rigorous mindsets and creativity. The intern will have to try to extract intelligence information from a large dataset. A desire to acquire hands on experience with big data analytics (most likely SQL based) as well with visualization techniques is a must. Python programming will most likely be required.

Expected Deliverables:

A platform to systematically analyse large amount of data provided to the intern must be built. It will offer a visualisation of the intelligence extracted from the data by the intern. If successful, this could lead to a scientific paper to be written for a conference dealing with security visualisation techniques.