LAAS-CNRS is represented in this COOST action by:
- Philippe Owezarski (owe <at> laas [dot] fr – http://www.laas.fr/~owe/index_eng.html)
LAAS-CNRS has several interests in TMA:
- LAAS-CNRS is involved in the deployment of traffic monitoring tools in France, at the edge of the RENATER network (the French network for education and research), collecting traces, preparing them (sanity check, anonymization) for the (essentially French) research community in TMA.
- LAAS-CNRS is also working on designing and developping a global monitoring system or large scale networks which integrates active and passive measurment techniques, local and distributed analysis and a key protocol for controling / configuring the different monitoring/measurement components, and reporting at the network scale the pre-processed measurement results. This system is supposed to work at the Internet scale and includes both wired and wireless technologies.
- LAAS-CNRS is also deeply involved in traffic characterization and analysis. In particular, LAAS proposes with some of its partners (notably ENS Lyon) multi-scaling analysis methods of the traffic. We then are able to propose characterization models of the traffic considering non gaussianity of traffic as well as LRD, and able to represent the natural variability of regular traffic as well as its anomalies.
- This previous work on traffic anomaly detection is completed by some researches on analysis methods able to distinguish between legitimate anomalies (flash crowds) and illegitimate ones (DoS attacks, failures). It then opens new research direction for improving IDS and security policies in the network.
- We are also deeply involved in research in the area of malicious traffic analysis using honeypots. We ae working on the design of a new platform including honeypot, sandboxes, an emulation platform for emulating a private Internet and a new kind of firewall inspecting deeply all outgoing connection. Indeed, we are responsible in front of the French justice about any troubles our outgoing traffic can provoke. We then need to be ery strict concerning the traffic we let go out when executing the malware we have collected thanks to ou honeypots. The objective of this platform is more specifically to study the way botnets are created and controlled by hackers. It is a way to infer the threat on the Internet. Based on this information, we design new strategies for making security enforcement proactive.
- As another gloabl application, The traffic analysis work helps us to understand the QoS and performance issues of networks, and gives direction on new measurement based protocols and architecture for improving the Internet.