end of studies projects - wordpress.com2016-2018 end of studies projects ... achraf samir chamkra...

1

Master MCSC ‘CyberSecurity & cyberCriminality’ 2016-2018

END OF STUDIES PROJECTS

‘Abstracts’

ENSA of Tangier, September 2018

2

Author Title of the project

Imad ABDESSADKI A classification based model for malicious PE files detection and cellular automata based simulation for malware propagation through complex networks

Marouane BADI TOUZANI

Deep analysis of cryptographic solutions for IoT

Mustapha BELKACIM Conception d’une plateforme Multiagents basé sur l’apprentissage profond pour la détection des cybers attaques

Hafsa BOURIAN Recherche et étude des normes de sécurité applicable dans le domaine Financier

Ossama BOUZIANI Next generation intrusion detection systems : Survey, Deployment and Tests

El Mehdi CHAABI AWS Security and Data protection Cryptographic solutions

Noureddine EL AFYA Sécurité du cloud

Otman EL AKHDAR Etudes des Algorithmes de Détection des anomalies et proposition de recommandation pour son application dans des environnements de cyber –sécurité

Abdelaziz ELBAGHDADI

Cyber security in the Smart Grid

Jihane JEBRANE IoT communication protocol security

Yasser KHATTABI Détection d’Intrusion dans l’Internet des Objets : étude des différentes attaques et les moyens de protection

Younes LAHRAOUI Towards New Encryption Scheme Using Elliptic Curve Cryptography

Bilal NKHILI Secure development methodology: survey, comparison, and implementation

Youssef OUADJOU Blockchain and cryptocurrency

Noureddine SABAH Semantic primitive Extraction.

Hajar ZEROUANI Système multi agent pour détecter les cybercrimes

3

Head of master : Prof. Saiida LAZAAR

Email: [email protected], [email protected]

PEDAGOGIC TEAM

- from FS of Rabat : Prof. Hafssa BENABOUD

- from ENSA of Tangier, Professors :

Youssef AMAL

Khalid AMECHNOUE

Houda BELMOKADEM

Nizar BENACHHAB

Said BOUCHKAREN

Assaad CHAHBOUN

Mohamed El ALAMI

Ahmed El OUALKADI

Rabea GOUY

Saiida LAZAAR

Abdelouahid LYHYAOUI

Mounir MAOUENE

Mohamed MOUSSAOUI

Jalila SABIL

Youssef SBAYTRI

Mariam TANANA

Tarek ZOUGARI

mailto:[email protected]

mailto:[email protected]

4

Title of the Project

A classification based model for malicious PE files detection and cellular

automata based simulation for malware propagation through complex networks

Author: Imad ABDESSADKI

Supervised by: Pr. Saiida LAZAAR

ERMIA- ENSA of TANGIER

Abstract: Malware presents a major threat to the security of computer systems, smart devices, and applications. It can also endanger sensitive data by modifying or destroying them. Thus, the electronic exchanges through different communicating entities can be compromised. However, currently used signature based methods cannot provide accurate detection of zero-day attacks, polymorphic and metamorphic programs which have the ability to change their code during propagation. In order to solve this issue, static and dynamic malware analysis is being used along with machine learning algorithms for malware detection and classification. Machine learning methods play an important role in automated malware detection. Several approaches have been applied to classify and to detect malware. The most challenging task is selecting a relevant set of features from a large dataset, so that the classification model can be built in less time with higher accuracy. The purpose of this work is to give a critical review on the existing detection methods in order to determine the best feature extraction and classification methods and to develop an automated system to detect unknown malware based on PE (Portable Executable) headers with low performance and more efficiency. Experimental results for the best classifier selected in this study, namely Random Forest will be presented, accuracy and time performance will be discussed. The present work will be reinforced by mathematical modeling of the spread of malware using classical models inspired from infectious diseases transmissions models. Numerical simulation will be conducted by cellular automata. Keywords: Malware analysis, Polymorphic, Metamorphic, Machine learning, Malware detection, Portable Executable, Feature extraction, spread of malware, cellular automata.

Date of defense : September 21, 2018 Jury members: Professors Y. Amal, M. El Alami, S. Bouchkaren, S. Lazaar

5


Concepts-Features Automatic Extraction

Author: Noureddine SABAH

Supervised by: Mounir MAOUENE

Abstract:

The highly cited scientific papers in any field are without a doubt one of the best sources for

quality knowledge related to that field. The extraction of this knowledge from texts in the

form of concepts and their characterizing features requires first and foremost techniques to

structure these texts that are an unstructured form of data. Given its nature, a text is a series

of sentences, which are in their turn made of constituents following certain grammatical rules.

In our work, focusing on the cybersecurity field, we attempt to combine between handcrafted

syntactic rules inspired by Chomsky’s phrase structure rules and heuristics to extract,

reconstruct and score phrases in order to draw out from texts the key concepts and features.

Keywords; Concepts, Features, Extraction, Knowledge, Syntactic rules, Heuristics, Cybersecurity

Date of defense : September 29, 2018 Jury members: Professors A. Lyhyahoui, M. Maouene, T. Zougari

6


Next generation intrusion detection systems

Survey, Deployment and Tests

Author: Ossama BOUZIANI

Supervised by: Pr. Hafssa BENABOUD (FS- Rabat)

Iman BACHAN (DATAPROTECT), Achraf Samir CHAMKRA (DATAPROTECT)

Abstract:

The frequency of malicious action against information systems increased in the last years, and the

security of information systems become difficult because of the new attacking tools and attackers’

skills that can compromise the information system and leads to huge financial and material loss. In

order to face these threats, modern information systems include security tools such as, Antivirus,

Access control mechanisms, Intrusion Detection Systems, etc. that implement the adopted security

policy and ensure the CAI (Confidentiality, Availability,Integrity) of the system. In our project, we

focus on the important role of intrusion detection systems for detecting unauthorized actions initiated

from both internal and external network by collecting and monitoring network traffic. Intrusion

detection system can be classified depending on many layers, among these layers we have the

detection methods which include misuse detection which relies on a database that contains the

signatures of all known attacks, and anomaly based detection which establishes a baseline of normal

usage patterns, and whatever deviates from normal behavior get flagged as possible intrusions. We

present several evasion techniques that can be used against signature based detection IDS, and we

focus on shellcode mutation using some kali Linux framework to evade detection. We will focus on the

open source Next-Generation of ids (SNORT, SURICATA, BRO) explain their different architecture and

methods of detection and we will test and compare their persistance against evasion techniques used

by attackers including Shell code mutation, Duplicate insertion, Packet splitting and Denial-of-service,

Detection of malware and exploit kit.

Keywords: Next-Genaration of intrusion detection, SNORT, SURICATA, BRO, Evasion Technique .

Date de Soutenance : 21 septembre 2018 Membres de Jury: Professeurs H. Benaboud, S. Lazaar, M. Tanana et Mr A. CHAMKAR (DATAPROTECT)

7


Intrusion detection system in the internet of things,

problems and solutions

Author: Yasser KHATTABI

Supervised by: Prof. Khalid AMECHNOUE

Co-Supervised by: Prof. Nizar Benachhab


Abstract: Internet of Things (IoT), an Internet based technical architecture where different sensors collaborate for computing based on several technologies and standard communication protocols, to provide different information concerning different phenomenon’s, but as it is known, everything that is related to the internet is always jeopardized to its attacks, such as DOS attacks or messages flooding. Some research has already been made and done like the SVELETE,watchdog algorithms, but needs more enhancement, and that’s the purpose of this study. Keywords: Internet of things, IDS, IPS, Security, WSN, Sybil attack, Sinckhole attack, Warmhole attack, DOS, Hello flooding, Pathfinder, Watchdog, 6LowPan,RPL

Date de Soutenance : 21 septembre 2018 Membres de Jury: Professeurs Kh. Amechnoue, N. Benachhab, S. Lazaar

https://ieeexplore.ieee.org/search/searchresult.jsp?matchBoolean=true&queryText=%22Index%20Terms%22:.QT.6LoWPAN.QT.&newsearch=true

8


La sécurité du cloud computing

Author: Noureddine EL AFYA

Supervisor: Prof. Abdelouahid LYHYAOUI

LTI- ENSA of TANGIER

Abstract:

The purpose of this study is to examine the state of security of cloud computing in general and OpenStack in particular. Reassessing the security of cloud computing can help to understand better how it works and the types of security issues that are associated with it. This study defines the context of cloud computing and its different deployment models. It also describes various security issues that affect business decisions to embrace cloud computing. Then, an overview of security issues in OpenStack is presented. Finally, we propose a secure scheme for the data transferred to the cloud.

Keywords: Cloud computing; Security ; Confidentiality ; Intrusions ; Attacks ; OpenStack ; Virtualization ; cryptography

Brief description of the study: This project combines two technologies, the Internet of Things and Cloud Computing, our goal is to set up a secure private cloud based on OpenStack, considered as a repository of data collected by the wireless sensor network, sent to the Cloud, ensuring the security of this data during transmission and storage in the cloud.

Date de Soutenance : 28 septembre 2018 Membres de Jury: Professeurs A. Chahboun, A. Lyhyaoui, M. Tanana

9


IOT : Sécurité du protocole de communication dans la couche application

Author: Jihane JEBRANE

Supervisor: Prof. Assaad CHAHBOUN

LABTIC- ENSA of TANGIER

Résumé: Le développement rapide de la technologie a conduit à un concept nouveau et révolutionnaire, appelée Internet of Things (IoT), ou Internet des Objets (IdO). Ce modèle intègre divers capteurs, objets et nœuds intelligents capables de communiquer entre eux sans intervention humaine. Les appareils connectés à Internet connaissent une croissance exponentielle et il a été révélé que plus de 50 milliards d'appareils seront connectés via internet d'ici 2020. L'une des principales préoccupations dans le déploiement d’IOT est d'assurer la sécurité d'appareils, tout objet tangible ou non, ne peut être sécurisé a 100% parce que dans cet état parfaitement sécurisé, il ne peut pas être encore utile en termes de sa valeur intrinsèque. Toutefois, si elle peut conserver sa valeur intrinsèque maximale dans des conditions différentes, elle peut être considérée comme sécurisée. Dans ce travail, Nous décrivons l'importance d'IoT, son architecture générique et ses nombreuses applications possibles. Ensuite, nous fournissons une approche critique de la sécurité des deux protocoles de couche application MQTT & COAP, nous faisons également une comparaison des protocoles discutées. En mettant l'accent sur les vulnérabilités et les problèmes possibles dans la couche application qui permettent à un intrus d'exécuter des commandes, d'accéder à des données non autorisée et/ou d'effectuer des attaques par Déni de Service(DoS). Par la suite, nous présentons des nouvelles directions de recherches pour réduire à la fois les menaces potentielles et leurs conséquences. Ainsi, nous proposons une méthode DTLS pour sécuriser le protocole COAP avec le mode certificat. Enfin, nous fournissons des opportunités de recherches et des conclusions futures. Mots-clés : IoT, MQTT, COAP, ABE, DTLS, ECC, certificat SSL, RSA.

Date de Soutenance : 21 septembre 2018 Membres de Jury: Professeurs A. Chahboun, N. Benachhab, M. Tanana

10


Multi-agent systems with deep learning agents in network security

Author: Mustapha BELKACIM

Supervised by: Prof. Mohamed EL ALAMI HASSOUN


Abstract: The growing rate of cyber-attacks makes it mandatory for modern networks to have an Intrusion Detection System (IDS), although traditional signature-based IDSs can easily detect known attacks, they fail to detect new ones, for which no pattern is available, hence the need for more efficient techniques to detect new unknown attacks due to the rapid growth of malware, a job Anomaly-based IDSs are designed for. However, building a model of a trustworthy activity needs a big amount of traffic log, which requires deep learning approaches for it to be accurate; the process is time-consuming that it degrades the performance of IDSs, which raises the need for distributed and parallel processing. Multi-agent systems technology fulfills these requirements by introducing communication, cooperation, coordination and load balancing techniques to solve this trade-off between performance and reliability. The focus of this thesis is to give an overview of Multi-agent systems with deep learning agents, and how they can make a difference in network security when used as an upgrade to anomaly-based IDSs.

Brief description of the study: Machine learning approaches seem so promising when it

comes to enhancing Intrusion detection systems but with all the benefits that it brings it still

not widely used due to performance problems that come with it. The thesis mainly deals with

Multi-agent systems and how they are efficient in network security

Date de Soutenance : 28 septembre 2018 Membres de Jury: Professeurs S. Bouchkaren, M. EL Alami, S. Lazaar

11


Multi agent system to detect cybercrime

Author: Hajar ZEROUANI

Supervisor: Prof. Mohamed EL ALAMI HASSOUN


Abstract:

The acronym of cybercrime is much in the news, it is a phenomenon that entails considerable costs. Security is becoming one of the most active areas of research and consedering the world wide web the largest available network on the internet .it has attracted considerable and due to the use of accessibility it has become a suitable play ground for cybercrimals. Our primary concern in this project is to build a multi-agent architecture using agent intercommunication mechanisms and sentiment analysis based on machine learning to provide a flexible and adaptive inspection process by use of picture of signal instead of processing a text to detect vulgar words that showcase indecency ,or acts of harassing Furthermore, it is also important to emphasize that we must focus on the psychology of cybercriminals to understand what leads them to cybercrime and what impact do their action have on vctims psychology .

Keywords: Agent, Artificial intelligence, Cybercrime ,Cyberpsychology, Sentimental Analysis.

Brief description of the study: One of the biggest benefits of artificial intelligence is its

ability to perform highly repetitive tasks that would normally require a human. As the cyber

security arms race heats up, it’s fair to say we are nearing a new phase, one where AI and

image processing will play an increasingly important role to detect cybercrime. Don't forget

to do research about psychologie of both cybercriminel and victim to motive we for doing

more and more against cybercrime .

Date de Soutenance : 28 septembre 2018 Membres de Jury: Professeurs S. Bouchkaren, M. EL Alami, N. Benachhab

12


Secure development methodologies: survey, comparison, and implementation

Author: Bilal NKHILI

Supervised by: Khalid AMECHNOUE

Co-Supervised by: Said BOUCHKAREN

ERMIA – ENSA of Tangier

Abstract:

Information security is critical to businesses across the globe, and vulnerabilities in software

applications are the result of bad design and implementation of software systems. In order to

address this problem, several leading organizations in information security have proposed

methodologies for integrating security in the software development lifecycle.

In this project we present different methodologies to secure the development process

lifecycle (SDL) such as OWASP OpenSAMM (Software Assurance Maturity Model), Microsoft

SDL and secure DevOps, and we discuss the difference between them and how to implement

them in all phases of development.

Key words: Security, Development, Software, Lifecycle, DevSecOps, OWASP CLASP,

Microsoft SDL.

Date de Soutenance : 29 septembre 2018 Membres de Jury: Professeurs Kh. Amechnoue, S. Bouchkaren, N. Benachhab

13

Titre du projet

Recherche et étude des normes de sécurité applicables dans le domaine financier

Auteur : Hafsa BOURIAN

Encadrante : Pr. Saiida LAZAAR (ERMIA – ENSA de Tanger) Co-Encadrants : Pr. Hafssa BENABOUD (FS de Rabat)

Mehdi BENKIRAN (DATA PROTECT)

Résumé : Le système SWIFT est le premier fournisseur mondial des services sécurisés de messagerie financière, servant le secteur financier en tant que plate-forme de communication, fournisseur de produits/services et développeur des normes. Les infrastructures informatiques supportant l’activité financière des banques constituent une cible préférée pour les attaquants. En effet, plusieurs banques à l’échelle mondiale ont subi des attaques avancées pendant ces dernières années à cause de la présence de plusieurs failles de sécurité dans leur système informatique. Pour remédier à cette problématique, nous avons conduit une recherche et étude sur les normes de sécurité existantes qui peuvent être appliquées sur le périmètre financier pour proposer une stratégie de sécurité adaptée aux risques menaçant le périmètre informatique financier.

Mots clés : Se curite , SWIFT Description de l'étude: Durant les deux dernières années, des banques en Afrique comme en Europe demandent l’accompagnement des entreprises de sécurité dans des investigations avancées sur des fraudes qui ont été effectuées suite à des attaques informatiques ciblant leur périmètre financier. A la base de ces faits, des statistiques indiquant que le seuil de Cybercriminalité ciblant l’environnement informatique financier des banques ne cesse d’augmenter. A ce titre, nous avons décidé de faire une recherche et étude sur les normes de sécurité qui peuvent apporter un cadre de sécurité adéquat aux risques liés au périmètre informatique financier. C’est dans cette perspective que ce projet s’inscrit et a pour but d’établir des recherches approfondies sur les normes existantes, étudier les risques liés à l’environnement informatique financier et de proposer une stratégie sécuritaire pertinente et la renforcer par une étude des algorithmes de chiffrement utilisée.

Date de Soutenance : 21 septembre 2018 Membres de Jury: Professeurs S. Bouchkaren, S. Lazaar, M. Tanana et Mr M. Benkiran (DATAPROTECT)

14

Title of the projet

Blockchain and Cryptocurrency

Auhorr : Youssef OUADJOU

Supervisor : Pr. Said BOUCHKAREN Co-Supervisor: Pr. Kh. AMECHNOUE


Abstract: Blockchain is a decentralized transaction and data management technologyto provide security, anonymity and data integrity. In this work, we have studied this technology, how it works, its applications, characteristics, challenges and limitations.

Keywords: Blockchain, Bitcoin

Brief description of the study:

Blockchain is a new technology that allows to build trust in distributed network, it is a set of technique combined together to build an immutable and secure database.

The first implementation of this technology is Bitcoin the first cryptocurrency working without central control. Actually the blockchain has various applications in different areas. In our project, we investigate this technology, we analyze its limitations and challenges.

Date of defense: September 29, 2018 Jury: Professeurs S. Bouchkaren, S. Lazaar, Kh. Amechnoue

15

Title of the projet

Towards New Encryption Scheme Using Elliptic Curve Cryptography

Author: Youness LAHRAOUI

Supervisor: Pr. Youssef AMAL


Abstract: Elliptic curve cryptography (ECC) is an asymmetric key cryptography which has diverse applications (message encryption, key agreement protocols and digital signature). The level of security provided by small key sizes of ECC makes it a better choice for small devices with memory and power constraints. A cryptosystem based on ECC can only deal with points, the fact that a plaintext message is a sequence of characters gives rise to the need of converting the message to a point on the curve. The work at hands, we present a geometrical and theoretical studies, which leads to propose a plaintext mapping technique merged with ElGamal’s encryption method to define a new encryption scheme using elliptic curve. It provide high security level based on the proposed mapping methodology and the hardness assumption of solving the Elliptic Curve Discrete Logarithm Problem.

Keywords: Keywords: elliptic curve cryptography, message mapping, discrete logarithm problem, asymmetric cryptography, encryption, plaintext, security.

Date of defense: September 29, 2018 Jury: Professeurs Y. Amal, S. Lazaar, M. El Alami

16

Title of the project

Deep analysis of the main cryptographic solutions for IoT

Author: Marouan BADI TOUZANI

Supervisor: Pr. Saiida LAZAAR Co-Supervisor: Pr. Mariam TANANA


Abstract: Our world is getting smaller and became more connected than before. The technology revolution makes more easy data transmissions and communications between users, but unfortunately, this new digital lifestyle is not safe. Security and privacy issues for IoT are paramount and of great importance. The objective of our work is to provide the optimal cryptography algorithm which can be the best choice of a robust security solution and lightweight algorithm that fit into IoT devices. More precisely, this research conducted to select an hybrid algorithm method called HAN which will be combination of two of the important algorithms, NTRU asymmetric algorithm and AES symmetric algorithm.

Keywords: Internet of Things, security, hybrid algorithm, lightweight cryptography

Date of defense: September 21, 2018 Jury: Professeurs S. Bouchkaren, S. Lazaar, M. El Alami

17

Title of the project

Cybersecurity in smart grids

Author: Abdelaziz EL BAGHDADI

Supervisor: Pr. Ahmad EL OUALKADI

LABTIC – ENSA of Tangier

Résumé : De plus en plus de pays adoptent des solutions de production d’énergies renouvelables par la mise en place des réseaux électriques rendus intelligents à travers l’incorporation massive des technologies de l’information et de la communication. Dans ce contexte, ce travail de recherche vise premièrement, à comprendre les raisons motivant une telle mise à jour du réseau électrique et deuxièmement, à comprendre quels sont les enjeux sécuritaires d’une telle informatisation, à une époque où les cyber-attaques et les vols de données informatisées se font de plus en plus nombreux. Mots clés : AMI, IDS, Attaque Dos/DDos, Cryptographie, Apprentissage Automatique

Date of defense: September 28, 2018 Jury: Professeurs S. Mezrouie, S. Lazaar, A. El Oualkadi

end of studies projects - wordpress.com2016-2018 end of studies projects ... achraf samir chamkra...

Documents