CIDRE is over! But our seminars aren’t. Find them here!

---

Thursday 7 December 2023 - BBB – 14h

Fabien Pesquerel (Inria): IMED-RL: Regret optimal learning of ergodic Markov decision processes

Abstract: We consider reinforcement learning in a discrete, undiscounted, infinite-horizon Markov decision problem (MDP) under the average reward criterion, and focus on the minimization of the regret with respect to an optimal policy, when the learner does not know the rewards nor transitions of the MDP. In light of their success at regret minimization in multi-armed bandits, popular bandit strategies, such as the optimistic \texttt{UCB}, \texttt{KL-UCB} or the Bayesian Thompson sampling strategy, have been extended to the MDP setup. Despite some key successes, existing strategies for solving this problem either fail to be provably asymptotically optimal, or suffer from prohibitive burn-in phase and computational complexity when implemented in practice. In this work, we shed a novel light on regret minimization strategies, by extending to reinforcement learning the computationally appealing Indexed Minimum Empirical Divergence (\texttt{IMED}) bandit algorithm. Traditional asymptotic problem-dependent lower bounds on the regret are known under the assumption that the MDP is \emph{ergodic}. Under this assumption, we introduce \texttt{IMED-RL} and prove that its regret upper bound asymptotically matches the regret lower bound. We discuss both the case when the supports of transitions are unknown, and the more informative but a priori harder-to-exploit-optimally case when they are known. Rewards are assumed light-tailed, semi-bounded from above. Last, we provide numerical illustrations on classical tabular MDPs, \textit{ergodic} and \textit{communicative} only, showing the competitiveness of \texttt{IMED-RL} in finite-time against state-of-the-art algorithms. \texttt{IMED-RL} also benefits from a lighter complexity.

Bio: Fabien Pesquerel is a doctor from Inria Lille who works mainly on bandit problems and reinforcement learning.

---

Thursday 26 October 2023 - BBB – 14h

Lionel Hemmerlé (CentraleSupélec): Arm wrestling with atomic instructions

Abstract: Pour détecter l’exécution de rootkits dans une machine virtuelle, une approche connue consiste à intégrer un système de détection d’intrusion dans l’hyperviseur. Dans cette situation, l’hyperviseur doit détecter divers événements ayant lieu dans la VM, incluant notamment les modifications apportées à certaines structures cruciales, comme la table d’appel système. On peut naturellement penser à utiliser le mécanisme de traduction d’adresse, qui gère également les permissions des différentes pages de mémoire virtuelle. Cependant, une difficulté réside dans la manière dont les opérations atomiques sont implémentées dans l’architecture arm64, qui doivent alors être émulée par l’hyperviseur.

Bio: Lionel Hemmerlé est un doctorant de 2e année dans l’équipe CIDRE

---

Thursday 12 October 2023 - BBB – 14h

---

Tuesday 30 May 2023 - BBB – 15h

Xiangliang Zhang (University of Notre Dame): What indeed can GPT models do in chemistry?

Abstract: Large Language Models (LLMs) with strong abilities in natural language processing tasks have emerged and have been rapidly applied in various kinds of areas such as science, finance and software engineering. However, the capability of LLMs to advance the field of chemistry remains unclear. In this talk, we report the recent development of LLMs in chemistry field and a comprehensive benchmark evaluation of three GPT models GPT-4, GPT-3.5, and Davinci-003) on 8 practical chemistry tasks. The key findings of our investigation are 1) GPT-4 outperforms the other two models among the three evaluated, as anticipated; 2) GPT models exhibit less competitive performance in tasks demanding precise understanding of molecular SMILES representation, such as reaction prediction and retrosynthesis; 3) GPT models demonstrate strong capabilities in text-related explanation tasks such as molecule captioning; and 4) GPT models exhibit comparable or better performance to classical machine learning models when applied to chemical problems that can be transformed into classification or ranking tasks, such as property prediction, and yield prediction. In addition, we share discussions on how different settings related to LLMs affect performance across various chemistry tasks. 

Bio: Dr. Xiangliang Zhang is currently an Associate Professor and directs the Machine Intelligence and Knowledge Engineering (MINE) Laboratory in the Department of Computer Science and Engineering at University of Notre Dame, USA.  She received the Ph.D. degree in computer science from INRIA-University Paris-Sud, France, in July 2010. She has authored or co-authored over 200 refereed papers in various journals and conferences. Her current research interests lie in designing machine learning algorithms for learning from complex and large-scale graph data. She was invited to deliver an Early Career Spotlight talk at IJCAI-ECAI 2018. She regularly serves on the Program Committee for premier conferences like SIGKDD (Senior PC), AAAI (Area Chair, Senior PC), IJCAI (Area Chair, Senior PC), etc. She also serves as the Editor-in-Chief of SIGKDD Explorations and an associated editor for IEEE Transactions on Dependable and Secure Computing (TDSC) and Information Sciences.

---

Wednesday 17 May 2023 – BBB – 16h

Sutanu Kumar Ghosh (University of Illinois): OSTINATO: Cross-host Attack Correlation Through Attack Activity Similarity Detection

Abstract: Modern attacks against enterprises often have multiple targets inside the enterprise network. Due to the large size of these networks and increasingly stealthy attacks, attacker activities spanning multiple hosts are extremely difficult to correlate during a threat-hunting effort. In this work, I’ll present a method for an efficient cross-host attack correlation across multiple hosts. The central idea behind our approach involves comparing (OS agnostic) activities on different hosts and correlating the hosts that display the use of similar tactics, techniques, and procedures. We implement our approach in a tool called Ostinato and successfully evaluate it in threat hunting scenarios involving DARPA-led red team engagements spanning 500 hosts and in another multi-host attack scenario. 

Bio: Sutanu Kumar Ghosh is a PhD student at the Department of Computer Science, University of Illinois Chicago. His research passion lies in the domain of cybersecurity, with a specific emphasis on the detection and correlation of Advanced Persistent Threat (APT) based attacks. Through his work, he aspires to contribute significantly to the development of innovative and effective strategies to combat these sophisticated cyber threats.

---

Thursday 11 May 2023 – BBB – 14h

Victor Lomné (NinjaLab): A Side Journey to Titan

Abstract: The Google Titan Security Key is a FIDO U2F hardware device proposed by Google (available since July 2018) as a two-factor authentication token to sign in to applications (e.g. your Google account). This work describes a side-channel attack that targets the Google Titan Security Key’s secure element (the NXP A700X chip) by the observation of its local electromagnetic radiations during ECDSA signatures (the core cryptographic operation of the FIDO U2F protocol). In other words, an attacker can create a clone of a legitimate Google Titan Security Key.

Bio: Victor holds a master degree in cryptology and computer security from the university of Bordeaux, France, and a PhD degree in microelectronics from the university of Montpellier, France. He worked during 7 years as security expert in the hardware security team of the scientific division of ANSSI (French Cybersecurity Agency) in Paris, France. During these years he created and was responsible for the team lab, worked as penetration tester on a wide range of products, and was technical support for the ANSSI National Certification Center. He then came back to work as researcher at the LIRMM (laboratory of computer science, robotics and microelectronics of the university of Montpellier), before co-founding NinjaLab. Victor is also an active academic researcher in the fields of cryptology and hardware security, with publications, keynotes and program committee membership in top conferences like CHES, FDTC and COSADE.

---

Thursday 4 May 2023 – CentraleSupélec, floor 5 – 14h

Sébastien Gambs (Université du Québec à Montréal): Synergies and tensions between privacy and other ethical issues in responsible machine learning

Abstract: The success of machine learning models is such that they are now ubiquitous in our society. Their widespread use also raises serious privacy and ethical issues, however, especially if their predictions are put into action in domains in which they can significantly affect individuals. As a result, we have witnessed in recent years several initiatives proposing design principles and guidelines for the responsible development of artificial intelligence. To understand how we may best address privacy and ethics responsibly when developing machine learning models, we therefore need to first have a clear view on how these concepts interact with each other in a positive as well as negative manner. In this talk, I will review the main tensions but also convergences that can emerge when addressing jointly the privacy and ethical challenges that go into designing and deploying machine learning models.

Bio: Sébastien hold currently the Canada Research Chair (Tier 2) in Privacy-preserving and Ethical Analysis of Big Data since December 2017. He has joined the Computer Science Department of the Université du Québec à Montréal (UQAM) in January 2016, after having held a joint Research chair in Security of Information Systems between Université de Rennes 1 and Inria from September 2009 to December 2015. Before that, he was a CNRS postdoctoral researcher in LAAS-CNRS collaborating with Yves Deswarte on the concept of the “privacy-preserving identity card”, after having defending in 2008 his PhD thesis in computer science at the Université de Montréal under the supervision of Gilles Brassard. He has defended in June 2014 his HDR (Habilitation à Diriger les Recherches) titled “Protection of Privacy in the Information Society”. He is a member of the LATECE laboratory as well as the SERENE RISC cybersecurity network.

---

Thursday 27 April 2023 – CentraleSupélec, floor 5 – 14h

Nicolas Bellec (Inria): Amélioration de la sécurité des systèmes embarqués, temps réels et critiques

Abstract: Les systèmes temps-réels embarquent de plus en plus de moyen pour communiquer sans fils avec des utilisateurs extérieurs. Ces mêmes moyens peuvent être détournés pour attaquer ces systèmes, brisant les garanties de ces derniers et pouvant engendrer des accidents. Pour protéger les systèmes temps-réels contre ces nouvelles attaques, il est nécessaire de développer de nouvelles protections prenant en compte les spécificités de ces systèmes. Dans cette thèse, nous cherchons à améliorer la sécurité des systèmes temps-réels contre des attaques dites par corruption de mémoire. Ces attaques utilisent une mauvaise gestion de la mémoire dans un programme pour modifier son comportement. Nous nous intéressons en particulier à une défense appelée Intégrité du flux de donnée, qui peux protéger contre une vaste classe d’attaque par corruption de mémoire. Nous adaptons cette protection au contexte des systèmes temps-réels en optimisant le temps d’exécution dans le pire cas, une métrique fondamentale pour garantir la bonne exécution de ces systèmes.

Bio: Nicolas Bellec is PhD student at PACAP where he studies how to improve the security of Real-Time systems. His previous work was on detecting Control-Flow deviation by detecting timing anomalies.

---

Thursday 20 April 2023 – CentraleSupélec, floor 5 – 15h

Mukesh Tiwari (University of Cambridge): Theorem Provers to Protect Democracy: Formally Verified Vote-Counting-Software

Abstract: Paper ballots are widely used around the world to record the preferences of eligible voters. Paper ballots provide three important ingredients: (i) correctness, (ii) verifiability, and (iii) privacy. However, a paper ballot election brings various other challenges, e.g., it is slow for large democracies like India, error prone for complex voting methods like single transferable vote, and poses operational challenges for large countries like Australia. In order to mitigate these problems, and various others, many countries are adopting electronic voting. However, electronic voting introduces a new set of problems. In most cases, the software programs –written in unsound languages like C, Java and used to conduct elections– have numerous problems, including, but not limited to, counting bugs, ballot identification, etc. Moreover, these software programs are proprietary artifacts and are not allowed to be inspected by members of the public. As a consequence, the result produced by these software programs can not be substantiated. In this talk, I will address three main concerns of electronic voting: (i) correctness, (ii) verifiability, and (iii) privacy. More specifically, I will demonstrate the correctness by implementing the vote counting algorithm (Schulze Method) in Coq theorem prover, the verifiability by generating an independently checkable scrutiny sheet, and the privacy by using cryptography.

Bio: Mukesh Tiwari is a senior research associate at the University of Cambridge and working on formalising graph algorithms in the Coq theorem prover to model network protocols. Before moving to Cambridge, he was a PhD student at The Australian National University Canberra where he worked on formalising vote-counting algorithms in the Coq theorem prover. He did bachelors and masters in computer science from a technical university, Indian Institute of Information Technology, where he learnt his first programming language C. His penchant to prove his code correct led him to discover the Coq theorem prover in 2012 and since then he never looked back. He also wants to thank all the French taxpayers for funding the research that led to the Coq theorem prover.

---

Thursday 13 April 2023 – BBB – 14h

Luca Demetrio (University of Geneva): Adversarial EXEmples: functionality-preserving optimization of adversarial Windows malware

Abstract: Windows malware classifiers that rely on static analysis have been proven vulnerable to adversarial EXEmples, i.e., malware samples carefully manipulated to evade detection. However, such attacks are typically optimized via query-inefficient algorithms that iteratively apply random manipulations on the input malware, and require checking that the malicious functionality is preserved after manipulation through computationally-expensive validations. To overcome these limitations, we propose RAMEn, a general framework for creating adversarial EXEmples via functionality-preserving manipulations. RAMEn optimizes the parameters of such manipulations via gradient-based (white-box) and gradient-free (black-box) attacks, implementing many state-of-the-art attacks for crafting adversarial Windows malware. It also includes a family of black-box attacks, called GAMMA, which optimizes the injection of benign content to facilitate evasion. Our experiments show that gradient-based and gradient-free attacks can bypass malware detectors based on deep learning, non-differentiable models trained on hand-crafted features, and even some commercial products.

Bio: Luca Demetrio is an Assistant Professor at the University of Genova (Italy), where he also received his Ph.D. in 2021. His thesis, “Formalizing Evasion Attacks against Security Detectors”, revolves around the application of Adversarial Machine Learning against threat detectors, specifically how to fool Windows malware and SQL injections detectors by applying well-crafted noise to data. As a natural follow-up of his Ph.D. work, he is currently studying the security of Windows malware detectors implemented with Machine Learning techniques. He is also currently involved in the development of techniques that can improve the quality of the evaluation of machine learning models, by providing debugging tools that can spot the failures at attack time.

---

Thursday 6 April 2023 – BBB – 14h

Mathieu Escouteloup (LAAS): Design of secure processor microarchitectures

Abstract: Nowadays, digital systems are everywhere in our lives: smarphones, computers, IoT … If they all seem different, each of these electronic devices rely on the same component called processor. It is responsible for the execution of most of the operations allowing to the whole system to work. In the last few years, numerous weaknesses have been highlighted, showing that the processor is currently an interesting source of information. By observing its behavior (e.g. power consumption or execution timing), it becomes possible for an attacker to deduce the (secret) manipulated data. This presentation details our work to tackle these security issues by directly modifying the way we design processors. First, it presents our strategy to allow multiple isolated executions. Particularly, it shows how we modify the instruction set architecture (ISA) for a better hardware shared resource management. Then, it explores how new generic strategies can allow to prevent power transition leakages from the processor.

Bio: Mathieu Escouteloup is a post-doctoral researcher at LAAS-CNRS in Toulouse (France). It was previously a PhD student in the CIDRE team of Inria/CentraleSupélec in Rennes (France). Among other topics, he is interested in the design of processors, hardware security issues and hardware/software interactions.

---

Thursday 30 March 2023 – CentraleSupélec, floor 5 – 14h

Steffen Wendzel (Hochschule Worms): Obfuscation and Concealment Methods for Network Traffic

Abstract: The talk starts with an introduction to network-level concealment and obfuscation methods, including techniques from network covert channels and censorship circumvention. It highlights the recent advancements regarding a taxonomy for concealment and obfuscation methods (cf. https://patterns.ztt.hs-worms.de/) and provides an outlook on future steps to be undertaken in this context. Afterwards, the talk highlights novel concealment methods, especially DYST and epsilon-kappa-libur.

Bio: Steffen Wendzel is a professor of information security and computer networks at Hochschule Worms, where he is also the scientific director of the Center for Technology and Transfer. In addition, he is a lecturer at the University of Hagen. Before his professorship, he was a PostDoc at Fraunhofer FKIE in Bonn, where he led a research team on smart building security. He received his Ph.D. (Dr. rer. nat.) and his Habilitation (Dr. habil.) from the Faculty of Mathematics and Computer Science at the University of Hagen in 2013 and 2020, respectively.

---

Thursday 23 March 2023 – CentraleSupélec, floor 5 – 14h

Vincent Raulin (Inria): BAGUETTE: Hunting for evidence of malicious behavior in dynamic analysis reports

Abstract:  Malware analysis consists of studying a sample of suspicious code to understand it and producing a representation or explanation of this code that can be used by a human expert or a clustering/classification/detection tool. The analysis can be static (only the code is studied) or dynamic (only the interaction between the code and its host during one or more executions is studied). The quality of the interpretation of a code and its later detection depends on the quality of the information contained in this representation. To date, many analyses produce voluminous reports that are difficult to handle quickly. In this article, we present BAGUETTE, a graph-based representation of the interactions of a sample and the resources offered by the host system during one execution. We explain how BAGUETTE helps automatically search for specific behaviors in a malware database and how it efficiently assists the expert in analyzing samples.

Bio: Vincent Raulin is a PhD student at CIDRE, working on dynamic analysis of Windows malware.

---

Thursday 16 February 2023 – BBB – 9h

Hangwei Qian (Centre for Frontier AI Research): DualCF: Efficient Model Extraction Attack from Counterfactual Explanations

Abstract: Cloud service providers have launched Machine-Learning-as-a-Service (MLaaS) platforms to allow users to access large-scale cloud-based models via APIs. In addition to prediction outputs, these APIs can also provide other information in a more human-understandable way, such as counterfactual explanations (CF). However, such extra information inevitably causes the cloud models to be more vulnerable to extraction attacks which aim to steal the internal functionality of models in the cloud. Due to the black-box nature of cloud models, however, a vast number of queries are inevitably required by existing attack strategies before the substitute model achieves high fidelity. In this talk, I will introduce our newly proposed novel algorithm, which is a simple yet efficient querying strategy to greatly enhance the querying efficiency to steal a classification model. This is motivated by our observation that current querying strategies suffer from decision boundary shift issue induced by taking far-distant queries and close-to-boundary CFs into substitute model training. Our proposed DualCF strategy can circumvent the above issues, which is achieved by taking not only CF but also counterfactual explanation of CF (CCF) as pairs of training samples for the substitute model. Extensive and comprehensive experimental evaluations are conducted on both synthetic and real-world datasets. The experimental results favorably illustrate that DualCF can produce a high-fidelity model with fewer queries efficiently and effectively.

Bio: Dr Hangwei QIAN is currently a Scientist at Centre for Frontier AI Research (CFAR), A*STAR Research Entities, Singapore. Previously she was awarded the prestigeous Wallenberg-NTU Presidential Postdoctoral Fellowship between 2020 and 2022. She obtained her Ph.D. in computer science and engineering at Nanyang Technological University (NTU), Singapore in 2020 under the supervision of Prof Sinno Jialin Pan. She received the B.Eng. from the University of Science and Technology of China (USTC) in 2015. Her research interests lie in unsupervised learning, transfer learning, and wearable-based studies. She has published top-tier papers on KDD, IJCAI, AAAI and AIJ over the years.

---

Thursday 9 February 2023 – Teams – 13h30

Katarzyna Wasielewska (Universidad de Granada): Network Dataset Quality Assessment with Permutation Testing

Abstract: ML models can only be as good as the datasets they are trained on. The problem of the lack of high-quality network datasets has been mentioned many times in papers. The quality of datasets is difficult to assess, but also to define. What does it mean that a dataset is of high quality? Generally, a dataset is said to be of high quality if it meets the requirements for its intended use. In the convention of this ambiguity, I would like to introduce the PerQoDA methodology, which evaluates the dataset in terms of the relationship between observations and labels in a classification problem. This is just one aspect of the problem of assessing the quality of datasets, but it highlights its problematic nature and complexity.

Bio: Katarzyna Wasielewska received the M.Sc. degree in computer science at the Faculty of Mathematics and Computer Science, Nicolaus Copernicus University (NCU), Torun, Poland, and the Ph.D. degree in telecommunications at the Faculty of Telecommunications, Information Technology and Electrical Engineering, UTP University of Science and Technology, Bydgoszcz, Poland. She has been awarded the Marie Sklodowska-Curie Actions Individual Fellowships (MSCA) program. She is currently a Postdoctoral Researcher at the Department of Signal Theory, Networking and Communications and researcher in the Information and Communication Technologies Research Centre (CITIC) at the University of Granada, Spain. Her research interests include cybersecurity, network security, machine learning, multivariate data analysis, and dataset quality problem. She has ten years of experience as an ISP Network Administrator.

---

Thursday 26 January 2023 – Teams – 14h

Savino Dambra (NortonLifeLock): Mining from telemetry: investigating malware and privacy risks from user-collected data

Abstract: Data is one of the most valuable resources in the world to such an extent as to become the new oil. Data-driven strategies based on objective metrics, facts, and insights derived from data analysis have become the mainstream in nowadays society and industrial world as they help businesses to understand the current market needs, adjust production processes and improve their overall efficiency. Cyber security is no exception. The analysis of telemetry data can help organizations to detect cyber threats, unauthorized intrusions, malware infections, privacy leaks, and it is fundamental for a quick and exhaustive reaction to cyber incidents. More than that, collected data can provide actionable information and objective indicators that can help organizations to predict their cybersecurity risks and avoid adverse events by adopting proactive measures. In this talk, we present two studies realized at Norton Research Labs that exploit telemetry data to discover reliable indicators linked to the risk of malware infections and to quantify how much knowledge tracking organizations possess about home-users’ browsing sessions. In the first work, we evaluate the incidence that different security measures and security postures have on malware-infection risks and assess the goodness of nine host-extracted indicators when investigating the systematic nature of those risks. In the second work, we look at web tracking and demonstrate that previous work has underestimated privacy risks due to web tracking when measuring them by excluding the users’ perspective and relying on externally-collected data.

Bio: Savino Dambra is currently a research scientist in the NRG team. He obtained a Double Degree in Computer Science from the Politecnico di Bari in Italy and the Université Nice Sophia Antipolis in France. During his Ph.D. at Eurecom he was advised by Davide Balzarotti and Leyla Bilge. His research interests revolve around predictive security, with a particular focus on cyber risks. His work aims at leveraging large data sets of real-world telemetry for developing novel techniques for threat detection, risk assessment, predicting cyber-incident risks and frauds employing machine learning algorithms. He is also interested in users’ tracking and profiling both on the web and mobile.

---

Thursday 12 January 2023 – CentraleSupélec, floor 5 – 14h

Maxime Lanvin (CentraleSupélec): Errors in the CICIDS2017 dataset and the significant differences in detection performances it makes

Abstract: Among the difficulties encountered in building datasets to evaluate intrusion detection tools, a tricky part is the process of labelling the events into malicious and benign classes. The labelling correctness is paramount for the quality of the evaluation of intrusion detection systems but is often considered as the ground truth by practitioners and is rarely verified. Another difficulty lies in the correct capture of the network packets. If it is not the case, the characteristics of the network flows generated from the capture could be modified and lead to false results. In this paper, we present several flaws we identified in the labelling of the CICIDS2017 dataset and in the traffic capture, such as packet misorder, packet duplication and attack that were performed but not correctly labelled. Finally, we assess the impact of these different corrections on the evaluation of supervised intrusion detection approaches.

Bio: Maxime Lanvin is a second-year PhD student at CIDRE, working on network intrusion detection.

---

Thursday 15 December 2022 – CentraleSupélec, floor 5 – 14h

Simone Aonzo (Eurecom): Humans vs. Machines in Malware Classification

Abstract: To compare the difference between human and machine intelligence in malware analysis,it is first necessary to understand how human subjects approach malware classification. In this direction, our work presents the first experimental study designed to capture which ‘features’ of a suspicious program (e.g., static properties or runtime behaviors) are prioritized for malware classification according to humans and machines intelligence. For this purpose, we created a malware classification game where 110 human players worldwide and with different seniority levels (72 novices and 38 experts) have competed to classify the highest number of unknown samples based on detailed sandbox reports. Surprisingly, we discovered that both experts and novices base their decisions on approximately the same features, even if there are clear differences between the two expertise classes. Furthermore, we implemented two state-of-the-art Machine Learning models for malware classification and evaluated their performances on the same set of samples. The comparative analysis of the results unveiled a common set of features preferred by both Machine Learning models and helped better understand the difference in the feature extraction. This work reflects the difference in the decision-making process of humans and computer algorithms and the different ways they extract information from the same data. Its findings serve multiple purposes, from training better malware analysts to improving feature encoding.

Bio: Simone Aonzo is an assistant professor at Eurecom (France). He received the Ph.D. degree in computer science and systems engineering from the University of Genoa (Italy) in 2020 with the thesis “Novel Attacks and Defenses in the Userland of Android.” Before the Ph.D., he worked as an Android banking app pentester for an IT security company. His research interests are system security and privacy. In particular, the areas of malware analysis (Windows and Android), reverse engineering, and mobile security.

---

Wednesday 30 November 2022 – Teams – 9h

Gints Engelen (KU Leven): Error Prevalence in NIDS datasets: A Case Study on CIC-IDS-2017 and CSE-CIC-IDS-2018

Abstract: Network Intrusion Detection Systems play a critical role in protecting network architectures from harm. In the past decade, Machine Learning has moved to the forefront of research in this field, with many approaches resulting in great performance on benchmark NIDS datasets. The relevance of these performance results is however directly tied to the quality of the benchmark datasets used for training, which have so far only been subjected to limited analysis. In this presentation, I will dig deeper into the numerous errors we uncovered in two important and widely used NIDS benchmark datasets, CIC-IDS2017 and CSE-CIC-IDS2018, with errors ranging from issues in data pre-processing, attack simulation and documentation to faulty ground-truth of the underlying labelling logic. I will also talk about how we went about rectifying these errors, and what the field of NIDS needs in terms of dataset quality in order to move forward.

Bio: Gints Engelen is currently a 3rd year PhD student at the ‘DistriNet’ research group, department of Computer Science at the university of KU Leuven (Belgium). His research focuses on Robust Machine Learning approaches for Network Intrusion Detection Systems (NIDS). During the past 2 years, he has collaborated with the University of New-South Wales and the University of Edinburgh on in-depth analyses of the most widespread and important NIDS datasets.

---

Monday 28 November 2022 – Teams – 16h30

Francesco Regazzoni (University of Amsterdam and Università della Svizzera italiana): Processor Customization and New Computational Paradigms: challenges and opportunities for security

Abstract: The availability of several RISC-V implementations on the one side and the development of novel computing paradigms on the other, offer new opportunities to designers and researchers, but also open new challenges. In this talk we explore these opportunities and challenges from the security point of view. The first part of the talk will show how processor customization could be leveraged to increase the security of applications running on embedded processors, focusing mainly on resistance against side channel attack as a case of study. The second part will discuss the security dimension of novel computation paradigms, presenting the implications of approximate circuits to a number of hardware-related security threats.

Bio: Dr. Francesco Regazzoni received his Master of Science degree from Politecnico di Milano and his PhD degree from Università della Svizzera italiana. He held research positions at the Université Catholique de Louvain and at Technical University of Delft, and has been visiting researcher at several institutions, including NEC Labs America, Ruhr University of Bochum, and EPFL Lausanne. His research interests are mainly focused on secure IoT devices and embedded systems, covering in particular design automation for security, physical attacks and countermeasures, post-quantum cryptography, and efficient implementation of cryptographic primitives.

---

Thursday 20 October 2022 – CentraleSupélec, floor 5 – 14h

Yufei Han (Inria): Transferable Machine Learning: Learning from What You Learned In The Past 

Abstract: Meta learning helps fast adapt a pre-tuned machine learning model to a brand-new learning scenario. In previous research efforts, meta learning shows the potential to migrate a machine learning model across different learning tasks, despite that the number of classes / the class-wise data distribution drift significantly. Compared to retraining from scratch, meta learning is more economical. In the security research, we expect meta learning to be helpful for being flexible to adapt a trained threat detection/classification model to different attack campaigns with only a few training instances available. This opens a new door to the deployment of flexible and automated AI in security data analysis.

Bio: Dr. Yufei Han is currently working as senior researcher at INRIA CIDRE team. His interests include applying robust and interpretable machine learning techniques to deliver trustworthy cyber security services, e.g. malware detection / classification and network intrusion detection. He is also interested with adversarial attack and defence strategies of distributed machine learning, which aims at providing trustable Machine Learning-as-a-Service (MLaaS). Before joining INRIA, Dr.Han was working as senior principal researcher at Symantec Research Labs located at Sophia-Antipolis from 2015 to 2021 focusing on robust AI for cyber security practices, and a post-doctoral researcher at INRIA Paris from 2011 to 2014.

---

Thursday 6 October 2022 – Teams – 14h

Omar Anser (Inria): Auto-configuration of intrusion detection systems based on past experiences 

Abstract: In recent years, machine learning-based Network Intrusion Detection Systems (NIDSs) have been widely investigated to detect network attacks. However, the performance of such systems is strongly affected by their configuration, i.e. the setting of the hyper-parameters, usually based on human expertise. Few efforts have been made towards automatic methods except using a long process of trials, mostly with grid or random search. Besides, the resulting configuration is specific to a particular context, i.e. the network where the system is deployed or the type of attacks to detect. To address these issues, we define a method using meta-learning which learns from the past experiences. By extracting useful information from the previous optimized tuning tasks, a model is trained in order to infer almost instantaneously a new configuration.

Bio: Omar ANSER is a second year PhD student in cyber-security at Inria Nancy – Grand Est in the RESIST research group. His main research interests center on the automation of attack mitigations in 5G environments. He has studied at INSA Toulouse, a French leading school in computer science, where he completed a Ms. degree.

---

Thursday 8 September 2022 – CentraleSupélec, floor 5 – 14h

Fabien Charmet (NICT): Towards a better understanding of mobile users’ behavior: a web session repair scheme

Talk outline: Using mobile devices to browse the Internet has become increasingly popular over the years. However, the risk of being exposed to malicious content, such as online scams or malware installations, has also increased significantly. In this study, we collected smartphone data from volunteer users by monitoring their use of the Web and the applications they install on their devices. However, the collected data is sometimes incomplete due to the technical limitations of mobile devices. Thus, we propose a data repair scheme to restore incomplete data by inferring missing attributes. Here, the restored data represent the browsing history of a mobile user, which can be used to determine if and how the user has been the victim of web or mobile-specific attacks to compromise their sensitive data. The accuracy of the proposed data repair scheme was evaluated using a machine learning algorithm, and the results demonstrate that the proposed scheme properly reconstructed a user’s browsing history data with an accuracy of 95%. The usability of the repaired data is demonstrated by a practical use case. The user’s browsing history was correlated with other types of data, such as received SMSs and the applications installed by the user. The results demonstrate that a user can fall victim to SMS-based phishing (SMShing) attacks, where the attacker sends an SMS message to a user to trick them into installing a malicious application. We also present a case of a social engineering attack, where the victim was manipulated to provide their Amazon credentials and credit card details.

Bio: Fabien Charmet obtained an MEng at the Ecole Centrale de Lille and an Msc in Computer Science from the University of Lille 1 in 2014. He worked as a Research Engineer at Telecom SudParis from 2014 to 2017, and then started his PhD. He graduated in 2020 from the Institut Polytechnique of Paris on the topics of network virtualization and network security. He was hired upon graduation as a Post-Doc in Telecom SudParis. He then joined the NICT at the end of 2020 as a Technical Researcher. His research interests include Cybersecurity, Machine Learning and Explainable AI.

---

Thursday 1 September 2022 – CentraleSupélec, floor 5 – 14h

Christophe Hauser (University of Southern California): Vulnerability Discovery on Binary Programs: current approaches and perspectives

Talk outline: In spite of their effectiveness in the context of vulnerability discovery, current state-of-the-art binary program analysis approaches are limited by inherent trade-offs between accuracy and scalability. We identify a set of vulnerability properties that can aid both static and dynamic vulnerability detection techniques, improving the precision of the former and the scalability of the latter. By carefully integrating static and dynamic techniques, we detect vulnerabilities that exhibit these properties in real-world programs at a large scale. We also discuss current limitations in state-of-the-art binary program analysis approaches and pointers to addressing them.

Bio: Christophe Hauser founded and co-lead the BASS (binary program analysis and systems security) research group at USC’s Information Sciences Institute. He also co-lead the STEEL research group (networking security, DDOS, malware). His research interests span over several aspects of systems security including intrusion detection, vulnerability discovery, formal verification and reverse engineering, usable security and privacy-preserving systems. Prior to joining USC, he was a postdoctoral researcher at UC Santa Barbara’s Seclab where he worked on developing some of the components of the angr binary program analysis platform. In 2013, he received a Ph.D. in computer science from CentraleSupélec, and Queensland University of Technology (QUT) as part of a joint Ph.D. program, during which he has been working on a kernel-level anomaly detection model for distributed systems based on information flow tracking.

---

Thursday 16 June 2022 – CentraleSupélec, floor 5 – 14h

Nicolas Bellec (Inria): RT-DFI: Optimizing Data-Flow Integrity for Real-Time Systems 

Talk outline: The increased connectivity of Real-Time Systems has led to an increase of the attacks against these systems. To protect these systems against current and future attacks, Data-Flow Integrity (DFI) as been proposed by Castrol et al. This protection ensures at runtime that the program respects a statically computed Data-Flow Graph. However, the overhead of DFI remains a major issue to its adoption. In this presentation, we present RT-DFI, a new approach that optimize DFI to reduce its overhead on the Worst-Case Execution Time (WCET) of a program. This approach uses Integrer Linear Programming to reduce the number of branches taken by DFI instrumentation without reducing its security properties. We show on the TacleBench that our optimization process reduces the DFI overhead on the WCET by 7% on average compared to a state-of-the-art implementation.

Bio: Nicolas Bellec is PhD student at PACAP where he studies how to improve the security of Real-Time systems. His previous work was on detecting Control-Flow deviation by detecting timing anomalies.

---

Thursday 2 June 2022 – CentraleSupélec, floor 5 – 14h

Jean-Loup Hatchikian-Houdot (Inria): Constant Time Secure Embedded Systems Through Hardware/Software Cooperation 

Talk outline: Countermeasures against timing attacks already exist both at the hardware level and software level. However, those countermeasures can be costly and sometimes not sufficient. Our goal is to define a contract between the hardware and the software through an ISA extension. This contract would specify the timing behavior of the micro-architecture implementations and give the software better control over the security mechanisms of the hardware, thus permitting higher timing security at a low computational and material cost.

Bio: Jean-Loup studied computer science at the engineering school INSA Rennes (Institut National des Sciences Appliquées), during which he had a short internship at Inria in the EMSEC team (embedded security & cryptography). He worked one year as an engineer before starting his PhD in the Celtique/Epicure Team in October 2021.

---

Thursday 19 May 2022 – CentraleSupélec, floor 5 – 14h

Séverine Delaplace (CentraleSupélec/Université du Luxembourg): Extracting network communications from Android applications

Talk outline: Lots of Android applications communicate with remote servers, as social network applications, email clients, and sêo on. Sometimes, there are malicious flows hidden in these applications. Analysts have to determine if theses applications are benign or not. For that, they have to find theses malicious flows in applications, often obfuscated, that are getting bigger and bigger. We can wonder how to help analysts to focus on network flows. To answer this question, we work on a static analysis tool that give an overview of network communications made by a given application.

Bio: Séverine is a PhD student in a joint project between CentraleSupélec and Luxembourg University. She works on Android malware and their communications with C&C servers.

---

Thursday 5 May 2022 – CentraleSupélec, floor 5 – 14h

Jérôme Fellus and Gwen Le Viavant (CT-Square): Automating security recommendations to small businesses with an active audit tool and factorized bayesian attack graphs

Talk outline: CT-Square’s contribution to the Cyber Grand Challenge (GDC) call from the French Government aims at offering a fully integrated Managed Security Service to small to medium businesses (SMB) that go beyond the classical separation of pentest, risk assessment and supervision. To address SMB’s limited budget, understaffing, poor cyber awareness and scarce understanding of their own networks, we developed an affordable automated solution that collects evidence of misconfigurations, vulnerabilities and bad practices/behaviors and generates a risk-driven action plan whose top recommendations are tailored to the customer’s scope. Interoperating with active threat intelligence sources and our managed detection and response (MDR) SaaS platform, it brings liveliness and evolvability to the good old Pentest-as-a-Snapshot.  In this talk, Jérôme and Gwen will highlight two pillars of our approach:

• A modular active audit solution built into a single-board computer (SBC), that autonomously conducts the systematic aspects of a pentest. Simply sent and plugged into the client’s network, it focuses the analysts’ effort on the highest-value steps of the engagement, dumping the assessment costs so low that customers may afford self-auditing on a regular basis. Gwen will demonstrate how this tool can own a full active-directory domain with almost no human intervention and highly detailed automatic reporting.
• A bayesian risk model based on attack graphs that predicts top recommendations by tactically summarizing threat reports, exploiting findings from ongoing audits, and anticipating probabilistic causalities in threat actions (TTPs). Jerome will detail how using a factorized tactical-topological graph helped enumerating critical paths without combinatorial explosion and quantifying risk factors to build a live prioritized recommendation engine.

Bio: Jérôme Fellus has been a researcher @CT-Square since 2019. His activities range from designing inclusive statistical models that make the various cyber defensive efforts mutually beneficial by capitalizing, interoperating and correlating data, to developing live visualizations to make these data accessible to non-experts. He formerly worked as a postdoc in INRIA CIDRE team on privacy-preserving machine learning. He holds a PhD in decentralized and asynchronous machine learning on multimedia contents from Cergy-Pontoise University. 

Gwen Le Viavant is an engineering student in his last year at ENSIBS, and a work-study intern at CT-Square since May 2021. His work concerns the development of the semi-automated auditing tool, including the modules of the tool. The objective of these activities is to extend the scope of an audit while minimizing the necessary interaction of analysts.

---

Thursday 7 April 2022 – CentraleSupélec, floor 5 – 14h

Tomás Concepción Miranda (CentraleSupélec): DaViz: Visualization for Android Malware Datasets

Talk outline: With millions of Android malware samples available, researchers have a large amount of data to perform malware detection and classification, specially with the help of machine learning. Thus far, visualization tools focus on single samples or one-to-many comparison, but not a many-to-many approach. In order to exploit the quantity of data from various datasets to obtain meaningful information, we propose DaViz, a visualization tool for Android malware datasets. With the aid of multiple chart types and interactive sample filtering, users can explore different application datasets and compare them. This new tool allows to get a better understanding of the datasets at hand, and help to continue research by narrowing the samples to those of interest based on selected characteristics.

Bio: Tomás Concepción Miranda is a PhD student in the CIDRE team. He works on Android malware.

---

Tuesday 29 March 2022 – CentraleSupélec, floor 5 – 10h

Kevin Allix (Université du Luxembourg): Android Malware Detection: What’s left to Research?

Talk outline: Every month, dozens of papers are published that often report 99% accuracy in Android Malware Detection with Machine-Learning. In practice however, there is no sign that Android Malware are a thing of the past. In this talk, I will introduce limitations of current state-of-the-art approaches that explain this discrepancy. I will then present some of my attempts to mitigate those limitations.  Reflecting on 10 years of working in the field of Android Malware detection with Machine-Learning, I will outline possible avenues to bring more maturity to this research domain.

Bio: Dr. Kevin Allix is a Research Associate at the SnT – University of Luxembourg, where he carries research on Android Malware detection, Machine-Learning for Security, Software Engineering, and Natural Language Processing. Before he moved to research, Kevin held operational positions in network, system, and security engineering. Kevin received his PhD degree in 2015 from the University of Luxembourg.

---

Thursday 10 March 2022 – CentraleSupélec, floor 5 – 14h

Mathieu Gestin (Inria): Hidden Issuer Anonymous credential

Talk outline:  Identity Management Systems (IMS) are frameworks that allow users to prove characteristics about themselves to multiple service providers. These systems evolved from impractical, site-by-site authentication, to versatile, privacy-enhancing Self Sovereign Identity (SSI) Frameworks. SSI frameworks often use Anonymous Credential schemes to provide user privacy, and more precisely unlinkability between uses of these credentials. However, these schemes imply the disclosure of the identity of the Issuer of a given credential to any service provider. This can lead to information leaks. We offer to deal with this problem by introducing a new Anonymous Credential scheme that allows the user to hide the Issuer of a credential, while being able to convince the service providers they can trust the information provided.

Bio: Mathieu Gestin is a PhD student at the INRIA in the WIDE team. He is studying decentralized identity management systems and more precisely Self Svereign Identities (SSI). The goal of his thesis is to provide tools for efficient and privacy preserving decentralized SSI.

---

Thursday 24 February 2022 – CentraleSupélec, floor 5 – 14h

Yufei Han (Inria): Introduction to Attention Mechanism in Deep Learning and the practices in Cyber Security 

Talk outline: In Deep Learning research, the attention mechanism was originally introduced to improve the performance of the auto encoder-decoder model for machine translation. The core idea behind the attention mechanism is to permit the decoder to utilize the most relevant parts of the input sequence in a flexible manner, by a weighted combination of all of the encoded input vectors, with the most relevant vectors being attributed the highest weights. In this talk, we will go through the definition, the formulation and the implementations of the attention mechanism module in the practices of Deep Learning. Furthermore, we will also dive into how to use attention mechanism to facilitate security data analysis.

Bio: Dr. Yufei Han is currently working as senior researcher at INRIA CIDRE team. His interests include applying robust and interpretable machine learning techniques to deliver trustworthy cyber security services, e.g. malware detection / classification and network intrusion detection. He is also interested with adversarial attack and defence strategies of distributed machine learning, which aims at providing trustable Machine Learning-as-a-Service (MLaaS). Before joining INRIA, Dr.Han was working as senior principal researcher at Symantec Research Labs located at Sophia-Antipolis from 2015 to 2021 focusing on robust AI for cyber security practices, and a post-doctoral researcher at INRIA Paris from 2011 to 2014.

---

Thursday 10 February 2022 – Teams – 14h

Frédéric Recoules (CEA): Verifying low-level C code with inline assembly 

Talk outline: Formal methods for software development have made great strides in the last two decades, to the point that their application in safety-critical embedded software is an undeniable success. Their extension to non-critical software is one of the notable forthcoming challenges. For example, C programmers regularly use GNU style inline assembly for low-level optimizations and system primitives. This usually results in rendering state-of-the-art formal analyzers developed for C ineffective. This is particulary problematic since inline assembly is notoriously hard to write correctly∶ not only the assembly chunk may contain some errors, but there is a risk of a mismatch at the interface between C and assembly, leading to subtle and hard-to-find bugs. In this talk, we will present our work on addressing the problem of verifying C programs containing inline assembly. We propose two techniques, named RUSTInA and TInA, based on an original formalization of inline assembly together with novel dedicated algorithms. RUSTInA is the first automated technique for formally checking inline assembly inteface compliance (i.e. no mismatch between code and interface), with the extra ability to propose (proven) patches and code refinements (optimization) in certain cases. TInA is the first automated, generic, verification-friendly and trustworthy lifting technique turning inline assembly into semantically equivalent C code amenable to verification, in order to take advantage of existing C analyzers. Extensive experiments on real-world code (all assembly chunks found on the Debian Jessie packages) raised 986 significant issues in 54 packages, including 156 issues in 7 packages that were succesfully repported to and addressed by the developpers thanks to our automatic patch generation method, and show the feasibility of our principled assembly-to-C lifting and its benefits for state-of-the-art C analyzers.

Thursday 27 January 2022 – Teams – 14h

Simone Aonzo (Eurecom): An Overview Of Modern Windows Malware Analysis: Where We Are And Where We Are Going 

Talk outline: Malicious software has constantly been growing and evolving, from a small research experiment in 1971 to an essential component of modern military arsenals. Today, malware analysis is a term used in the literature to describe a broad field of work that spans multiple goals. In this talk, after providing the necessary background, I present the many facets of this line of research that unfold under the malware “umbrella.” Finally, by referencing some of our works on Windows malware, I show the hidden challenges I have faced as a researcher, hoping that my solutions will help our community not repeat my mistakes.

Bio: Simone Aonzo is a research engineer at Eurecom (France). He received the Ph.D. degree in computer science and systems engineering from the University of Genoa (Italy) in 2020 with the thesis “Novel Attacks and Defenses in the Userland of Android.” Before the Ph.D., he worked as an Android banking app pentester for an IT security company. His research interests are system security and privacy. In particular, the areas of malware analysis (Windows and Android), reverse engineering, and mobile security.

---

Thursday 13 January 2022 – Teams – 14h

Nicolas Sourbier (INSA Rennes): Intrusion detection in Information Systems using Reinforcement Learning techniques 

Talk outline: Intrusion detection is a key component of computer network security. The consequences of networks intrusions are increasingly costly to targeted companies, and attacks often remain undetected for months before malicious exploits of data or accesses are discovered. Intrusion detection can be performed either through pattern matching (Intrusion detection by signature) or through anomaly detection. Signature-based intrusion detection finds its limits in the difficulty to manually create attacks signatures when attacks are multifaceted and constantly evolving, with sometimes fully unknown “zero-day attacks”. Intrusion detection by anomaly detection aims at analysing the network traffic, and at finding in its connections, through learning, the ones that are the most likely to be intrusions. Several properties make network anomaly detection difficult: intrusions are rare events, constantly evolving, and supervised training sets are difficult and costly to build.Tangled program Graphs are a recent genetic programming method that has interesting properties in terms of lightweight computation, agility and continual learning capabilities. This method is an interesting candidate for the intrusion detection problem. In the presented PhD thesis work, we analyse how to exploit and evolve Tangled Program Graphs to make always-on embeddable intrusion detection feasible and efficient. As anomaly detection is performed through Genetic Programming, the mitigation of the “rare event learning” issue is a key step in the conception of an Intrusion Detection System. This presentation aims at presenting our research on network intrusion detection, and the opportunities and challenges of Genetic programming in this context.

Bio: Nicolas Sourbier is a PhD student at INSA Rennes that works in artificial intelligence and cybersecurity.

---

Thursday 16 December 2021 – CentraleSupélec, floor 5 – 14h

Romain Brisse (CentraleSupélec/Malizen): KRAKEN: A Knowledge-Based Recommender system for Analysts, to Kick Exploration up a Notch 

Talk outline: During a computer security investigation, a security analyst has to explore the logs available to understand what happened in the compromised system. For such tasks, visual analysis tools have been developed to help with log exploration. They provide visualisations of aggregated logs, and help navigate data efficiently. However, even using visualisation tools, the task can still be difficult and tiresome. The amount and the numerous dimensions of the logs to analyse, the potential stealthiness and complexity of the attack may end with the analyst missing some parts of an attack. We offer to help the analyst finding the logs where her expertise is needed rapidly and efficiently. We design a recommender system called KRAKEN that links knowledge coming from advanced attack descriptions into a visual analysis tool to suggest exploration paths. KRAKEN confronts real world adversary knowledge with the investigated logs to dynamically provide relevant parts of the dataset to explore. To evaluate KRAKEN we conducted a user study with seven security analysts. Using our system, they investigated a dataset from the DARPA containing different Advanced Persistent Threat attacks. The results and comments of the security analysts show the usability and usefulness of the recommender system.

Bio: Romain Brisse is a PhD student at CentraleSupélec and working with Malizen. He is part of the CIDRE team at CentraleSupélec and he is working on integrating his research in Malizen’s product: ZeroKit.

---

Thursday 2 December 2021 – CentraleSupélec, floor 5 – 14h

Alexandre Gonzalvez (CNRS/Irisa): (Crypto -) Ransomware: An introduction 

Talk outline: Ransomware is becoming a serious threat, especially when targeting critical business data. The principle behind this is to encrypt (critical business) data and demand a ransom to make them usable with encryption again. Nowadays, even some states offer rewards to fight their effectiveness. In this talk, I will give an introduction to the actual academic knowledge of crypto-ransomware targeting Windows OS systems. First, I will show the main mechanisms. Second, I will bring some features of crypto-ransomware with real examples. Finally, a quick presentation of different tools used to detect or prevent ransomware actions will be given.

Bio: Alexandre Gonzalvez received a computer science doctorate at IMT-Atlantique in 2020, under the supervision of Caroline Fontaine and Fabien Dagnat. He studied effects of programs protected with opaque predicates during a dynamic symbolic execution. He is now involved in a postdoctoral position in the EMSEC/CAPSULE team to improve detection and prevention techniques for a ransomware analysis platform.

---

Thursday 4 November 2021 – CentraleSupélec, floor 5 – 11h

Pascal Greliche (CentraleSupélec): Rework of a security event exchange format: state of the art

Talk outline: Security Information and Event Managements need to collect some data. Today, three ways of working coexist. 1) Historical SIEMS are using proprietary formats. These formats are mostly static and limit elements of data available to transmit. 2) Recent actors are coming from central log management. They offer the possibility to relay almost any piece of information. The mapping to a pivot data model is made in central. 3) IDMEF format objective was to define a standard to be adopted by event emitters and central management. Several elements led to the fact that only some open-source actors adopted it, all as one of the possible alternatives. SECEF project aim is to update, clean up, or even rewrite IDMEF. Understanding what is done in other similar formats is important and inspiring. I studied and compared 6 formats or data models as an entry point for further SECEF work.

Bio: Pascal Greliche is a research engineer in the CIDRE team. After 17 years of experience in IT engineering, he attended in 2020-2021, the “Mastère Spécialisé” in CyberSecurity held jointly by CentraleSupélec and IMT Atlantique. Today, he works on the SECEF Project.

---

Thursday 21 October 2021 – Teams – 14h

Yang Zhang (CISPA): Quantifying Privacy Risks of Machine Learning Models

Talk outline: Machine learning has made tremendous progress during the past decade. While continuing to improve our daily lives, recent research shows that machine learning models are vulnerable to various privacy attacks. In this talk, I’ll cover our two recent works on quantifying the privacy risks of machine learning models. First, I will talk about some recent development of membership inference, including membership inference with only labels and attacks against machine unlearning. Second, I will present our work on the first link stealing attacks against graph neural networks.

Bio: Yang Zhang is a faculty member at CISPA Helmholtz Center for Information Security, Germany. Previously, he was a group leader at CISPA. He obtained his Ph.D. degree from University of Luxembourg in November 2016. Yang’s research interests lie at the intersection of privacy and machine learning. Over the years, he has published multiple papers at top venues in computer science, including WWW, CCS, NDSS, and USENIX Security. His work has received the NDSS 2019 distinguished paper award. Yang has served in the technical program committee of USENIX Security 2022 2021, ACM CCS 2021, 2020, 2019, WWW 2021 2020, AAAI 2022 2021, RAID 2020, ICWSM 2020, and PETS 2022, 2021, 2020.

---

Thursday 14 October 2021 – CentraleSupélec, floor 5 – 14h

Maxime Lanvin (Inria/CentraleSupélec): A network intrusion detection system based on security objects graph 

Talk outline: Over the past few years, information systems have become essential for most companies and organizations. The sanitary context also increased even more our dependency to those systems. At the same time, we observe a surge of attacks on these information systems. Network Intrusion Detection Systems (NIDS) are the last rampart against intrusions by enabling an early detection in order to react as soon as possible. During this presentation, the techniques developed during Laetitia Leichtnam thesis and other improvements will be presented. It mainly relies on an unsupervised method using an auto-encoder, some kind of neural network.

Bio: Maxime Lanvin starts a PhD on anomaly detection in network logs in the CIDRE Team.

---

Thursday 30 September 2021 – CentraleSupélec, floor 5 – 14h

Thibault Reynaldo (Université Rennes 1): Evaluation of the ns-3 network simulator 

Talk outline: With more than 30 years of development led by the DARPA, the University of Berkeley and today by an academic and industrial consortium (of which INRIA is a founding member); the ambitious ns-3 network simulator project is emerging as one of the benchmarks in the field of network research. The purpose of this study is to evaluate the latest version of the ns-3 simulator in the very specific context of dynamic ad hoc networks. Indeed, wireless decentralized ad hoc networks operate without infrastructure while each node contribute to the whole routing. Moreover, free to move, these nodes form an autoconfigured mobile mesh-network which make their studies in real life difficult to perform. Historically developed by the army for communication deployment over operation field without infrastructure, then, by civil society in order to have technical solutions after natural disaster; research on ad hoc networks is now driven by the proliferation of connected objects. Thus, the emergence of new research themes such as Vehicular Ad-Hoc Network (VANET) used for communication between vehicles and road equipment or even smart phone ad hoc networks (SPAN) allowing many devices to communicate without cellular infrastructures, raise issues related to the dynamism and variety of these networks. Consequently, the use of a reference simulator (compared and supported by real-life experiments) is extremely interesting for the research, the development and the comparison of ad hoc solutions.

Bio: Thibault Reynaldo did an internship at Inria in the CIDRE Team.

---

Thursday 16 September 2021 – CentraleSupélec, floor 5 – 14h

Vincent Raulin (Inria/CentraleSupélec): Towards explainable and transferable dynamic malware analysis with deep learning models 

​Talk outline: Dynamic analysis of malware relies on identifying the payload of malware during their execution. This is usually done by analyzing patterns in the sequence of system calls the malware has made during its execution. Deep learning models (neural networks) are quite good at recognizing patterns in large amounts of data, which makes it very suitable for detecting malware. In our study, we built such a detector, using an advanced instrumentation system to execute and monitor malware. We also present the goal of our work: create a semantics representation of a malware execution trace to allow for explainable and transferable (from one OS to another) malware detection.

Bio: Vincent Raulin starts a PhD on malware analysis in the CIDRE Team.

---

Thursday 1 July 2021 – Teams – 11h

Sérgio Nóbrega (CentraleSupélec): Adaptation of a multi-model intrusion detection approach to network traffic in distributed systems 

Talk outline: A multi-model intrusion detection mechanism aims at bridging flaws in individual models allowing the IDS to make a multi-layered decision. In this work, we use a solution proposed by David Lanöe that relies on an automaton and invariant models derived from the same mathematical structure: a lattice. The representation of a distributed computation using a lattice allows for preserving the partial order of events and creates a computationally easy structure to be analyzed. From these structures, it is possible to infer rules that must be verified throughout the computation and to create automata that reflect the correct flows of events. We know that this approach has some success from previous work when detecting attacks on a distributed application (like the file system XtreemFS) using logs of the application’s events. The question we address now is how these models can be adapted to work on a captured network traffic and how the solution compares to state-of-the-art IDSs using popular datasets. This study is based on the work of David Lanöe from his PhD thesis “Construction d’un multi-modèle d’application répartie pour la détection d’intrusion”.

Bio: Sérgio Nóbrega did an internship at CentraleSupelec in the CIDRE Team.

---

Thursday 17 June 2021 – Teams – 11h

Frédéric Majorczyk (DGA-MI): Detecting anomalies in logs using natural language processing techniques 

Talk outline: The use of machine learning techniques for detecting intrusions is quite common nowadays. Whether it is used for classification or for computing an anomaly score, the first step is almost always the definition of a set of features computed from the raw data. Those features are then used as input to different algorithms. The results obviously depend on the algorithm used but also on the features defined. In this work, our goal was to bypass that first step and use the raw data, in our case a log line, as input to a machine-learning algorithm to compute an anomaly score. This work is inspired by previous work by Tuor et al. (Recurrent neural network language models for open vocabulary event-level cyber anomaly, 2017) and by techniques used in natural language processing (NLP). We add a feedback loop to improve the results of the model and tested our prototype on two different datasets. This work was realized by Julien Salis during his internship at DGA-MI last year.

Bio: Frédéric Majorczyk is a researcher-engineer at DGA-MI and an external member of the CIDRE team.

---

Thursday 10 June 2021 – Teams – 11h

Pierre-Victor Besson (CentraleSupélec): Deception in computer security: a honeypot state of the art, and where to go from there 

Talk outline: Honeypots are information systems that are designed to lure in attackers into protected environments without their knowledge. By fooling attackers into believing that they are a vulnerable information system, but without actually letting them do any harm, they can be a powerful tool in computer security. Honeypots can be used either as recon tool, baiting attackers in order to learn more about their attack techniques, or as defense tool to distract them from a “real” target. This presentation will get into the current state of the art of honeypots, showcasing different types of honeypots and their pros and cons. It will then present the current direction of our research, which will attempt to formalize honeypot generation in order to make their deployment more diverse and efficient.

Bio: Pierre-Victor Besson is a first-year PhD student in the CIDRE research team.

---

Thursday 3 June 2021 – Teams – 11h

Adrien Schoen (CentraleSupélec): Realistic network traffic generation with deep learning 

Talk outline: Network intrusion detection systems (NIDS) are of uttermost importance in nowadays information systems. However, assessing NIDS performances in various settings is difficult due to the lack of real-world data. Often, public datasets are based on an automated network setup that does not entail the diversity of real-world scenarios. To remedy this issue, we propose to generate datasets automatically through artificial intelligence techniques and, more precisely, deep learning techniques. This presentation presents the challenges of generating datasets and our preliminary results with generative antagonist network (GAN) and variational autoencoder (VAE).

Bio: Adrien Schoen is currently an intern in the CIDRE Team and he will continue to work on this subject in a PhD.

---

Wednesday 19 May 2021 – Teams – 14h

Louis Rilling (DGA / Inria): TANSIV: Time-Accurate Network Simulation Interconnecting VMs towards Stealth Analysis

Talk outline: Malware analysts often rely on sandboxes to study malware and their interaction with the environment. In this context, the malware payload is executed in a virtual machine (VM) on top of a custom hypervisor. Various analysis tools can then safely analyze the malware execution from outside of the VM. Attackers have however developed different evasion techniques, to detect sandboxes and hide their malicious behavior. A class of evasion techniques relies on timing analysis. For instance, a malware can compare several time references to detect discrepancies which can be caused by the analysis environment. To the best of our knowledge, the currently known evasion techniques solely rely on comparing time references that are local to the VM (e.g. execution loops’ timings). The TANSIV project focuses on making sandboxes stealth with respect to timing-analysis-based evasion techniques using network interactions as part of their time references. Such evasions are easy enough to implement to be considered as real threats from the analyst perspective. In this talk I will present our work in progress towards this goal. The first step that we are studying consists in coupling a scalable, flow-based, discrete-event network simulator with hypervisors to accurately control the progression of time in the network end-points of the malware analysis environment with respect to the simulated performance of network communications.

Bio: Louis Rilling is a cyber-security R&D engineer at DGA since 2012 and an external research collaborator at Inria since 2014. Before that he was leading research and development at the Kerlabs spin-off of Inria, a startup founded to develop and make business with the Kerrighed distributed operating system. He holds a PhD from Université de Rennes 1 in 2005. His main current research interest is security in operating systems and virtualization, both to secure these layers and to find new security applications benefiting from their low-level mechanisms. Past research interests include distributed systems and fault-tolerance.

---

Thursday 29 April 2021 – Teams – 11h

Sylvain Cecchetto (Cyber-Detect): BOA : data flow analysis in order to construct control flow graphs of obfuscated x86 binary codes 

Talk outline: The increase in cyber attacks around the world makes malicious code analysis a priority research area. This software uses various protection methods, also known as obfuscations, to bypass antivirus software and slow down the analysis process. We provide a solution to build the Control Flow Graph (CFG) of obfuscated binary code in this context. We developed the BOA platform (Basic blOck Analysis), which performs a static analysis of a protected binary code. For this, we have defined a semantics based on the BINSEC tool to which we have added continuations. On the one hand, these allow to control the self-modifications and, on the other hand, to simulate the operating system to handle system calls and interruptions. The static analysis is done by symbolically executing the binary code and calculating the system states’ values using SMT solvers. Thus, we perform a data flow analysis to build the CFG by calculating the transfer addresses. Finally, loop handling is performed by transforming a CFG into a pushdown automaton. BOA can compute dynamic jump addresses, detect opaque predicates, compute return addresses on a stack even if they have been falsified, manage interrupt handler falsifications, rebuild import tables on the fly, and finally, manage self-modifications. We validated the BOA correction using the Tigress code obfuscator. Then, we tested BOA on 35 known packers and showed that in 30 cases, BOA was able to completely or partially rebuild the initially protected binary. Finally, we detected the opaque predicates protecting XTunnel, a malware used during the 2016 U.S. elections. We partially unpacked a sample of the Emotet Trojan, which on 14/10/2020 was detected by only 7 antivirus programs out of the 63 offered by VirusTotal. This work contributes to the development of tools for static analysis of malicious code. In contrast to dynamic methods, this solution allows analysis without executing the binary, which offers a double advantage: on the one hand, a static approach is easier to deploy, and on the other hand, since the malicious code is not executed, it cannot warn its author.

Bio: Sylvain Cecchetto did a Ph.D. with Jean-Yves Marion and Guillaume Bonfante at Loria. He studied disassembly and control flow graph construction of obfuscated binaries such as malware. He also developed the BOA platform. Sylvain defended his Ph.D. on 22 February 2021. He now works in the company Cyber-Detect that develops an antivirus software suite based on the morphologic analysis of binary codes.

---

Tuesday 27 April 2021 – Teams – 11h

Damien Marion (IRISA): Binary Data Analysis for Source Code Leakage Assessment 

Talk outline: Side Channel Analysis (SCA) is known to be a serious threat for cryptographic algorithms since twenty years. Recently, the explosion of the Internet of Things (IoT) has increased the number of devices that can be targeted by these attacks, making this threat more relevant than ever. Furthermore, the evaluations of cryptographic algorithms regarding SCA are usually performed at the very end of a product design cycle, impacting considerably the time-to-market in case of security flaws. Hence, early simulations of embedded software and methodologies have been developed to assess vulnerabilities with respect to SCA for specific hardware architectures. Aiming to provide an agnostic evaluation method, we propose in this paper a new methodology of data collection and analysis to reveal leakage of sensitive information from any software implementation. As an illustration our solution is used interestingly to break a White Box Cryptography (WBC) implementation, challenging existing simulation-based attacks.

---

Thursday 22 April 2021 – Teams – 11h

Alix Trieu (Aarhus University): Protecting the Stack on a Capability Machine in Presence of Untrusted Code

Talk outline: Capability machines are computers that provide support for fine grained control over memory accesses. Pointers are replaced by capabilities, unforgeable tokens of authority that represent the ability to access a memory location. As such, capability machines are an attractive target for secure compilation, and this interest is further compounded by the recent commitment from Arm to develop an industrial prototype of CHERI-based capability machines. In this talk, I will present how one can use capability machines to enforce well-bracketed control-flow and local state encapsulation on a capability machine, even in presence of untrusted code, and how one can prove it.

---

Monday 19 April 2021 – Teams – 16h

Walid J. Ghandour (American University of Beirut): Strength-Based Dynamic Slicing Tool for x86 Binaries

Talk outline: Dynamic dependence analysis monitors information flow between instructions in a program at runtime. Strength-based dynamic dependence analysis quantifies the strength of each dependence chain by a measure computed based on the values induced at the source and target of the chain. A high measure means that the source strongly influences the target, whereas a low measure means that the dependence is weak. We present tool support for strength-based dynamic dependence analysis and experimental evidence of its effectiveness on the x86 platform. Tool support involves two main components: 1) A Pin based profiler that identifies dynamic dependences in a binary executable and records the associated values induced at their sources and targets, and 2) an analysis tool that computes the strengths of the identified dependences using information theoretic and statistical metrics applied on their associated values. In addition, we study the relation between dynamic dependences and measurable information flow. Also, we show the potential usage of the proposed tool in data value and indirect branch predictions.

---

Tuesday 13 April 2021 – Teams – 11h

Thinh Pham (University of Bristol): Instruction Set Extension for co-Software/Hardware security mechanisms

Talk outline: Modern computer architectures have been often designed and optimized for performance, while security defenses are typically addressed reactively. Advanced threats, particularly novel software attacks exploiting hardware vulnerabilities and/or side-channel information pose extremely challenging and often not possible to be mitigated completely at a high level using solely software. Hardware-based alternatives can effectively address security issues at low levels, however, deploying a security mechanism in hardware is normally costly, and its fixed functionalities are not often able to prevent new attacks. This emphasizes the need for co-software/hardware security mechanisms in which a software/hardware interface is an important aspect to develop the defense mechanisms efficiently. Instruction set extension (ISE) offering an effective and flexible software/hardware interface is an open and fast-moving area of research. The study of ISEs is basically grouped into those that improve efficiency and those that enhance security resilience. This talk will discuss the application of ISEs in the context of side-channel attack mitigation. Particularly, we will focus on presenting our current work on a countermeasure mitigating side-channel leakage based on the concept of diversified ISE and hardware diversification. This work proposes a lightweight and generic method to harden cryptographic software on an embedded processor against SCA attacks.

---

Thursday 31 March 2021 – Teams – 11h

Cyprien Gottstein (CentraleSupélec / Orange Labs): Rebalancing geo-ordered data within a ring-based database 

Talk outline: Through many domains and fields of research, we have to deal with trade-offs. Within the database context, many of them include the well-known Brewer theorem (CAP), which states that, for any given distributed database, it cannot be consistent, available, and support network partition at the same time.  For some graphs, not all, geography is the best distribution key with regards to query performance. In our work, we seek to partition graphs based on their geography within a ring-based topology. Ring topology is issued from the P2P (Peer-To-Peer) domain and has been proved to be an efficient data structure. By definition, a ring handles a keyspace, and each of its members is responsible for storing a continuous part of it. Because we aim to partition a graph based on its geography, the keyspace is the one-dimensional mapping of a space-filling curve covering the earth. Therefore, as data are ordered in the keyspace, a continuous bloc of the keyspace matches to a continuous surface over the earth. Within a distributed database, data are distributed over partitions, and each of them must assume a similar load for the distribution to be efficient and fully exploit the participating machines. Both data and machine evolve with time as records are inserted or deleted. Machines may also join or leave a cluster, meaning our distribution strategy must also evolve and rebalance its content to remain efficient. We propose to show you how we maintain a balanced ordered data distribution, what trade-off we deal with, our choices, and our latest results through this presentation.

Bio: Cyprien Gottstein is a 3rd year PhD student in a joint project between CIDRE team and Orange Labs.

---

Friday 19 March 2021 – Teams – 11h

Maria Mushtaq (CNRS): Microarchitectural Vulnerability Assessment and Mitigations 

Talk outline:Access-driven Cache Side-Channel Attacks (CSCAs) are strong cryptanalysis techniques that break cryptographic algorithms by targeting their implementations. Most of the existing mitigation approaches against CSCAs heavily compromise performance benefits. Therefore, to find a security vs performance trade-off, we argue in favor of need-based protection in this presentation, which will allow the operating system to apply mitigation only after successful detection of CSCAs. Thus, detection can serve as a first line of defense against such attacks. This presentation introduces a novel OS-level runtime detection-based mitigation mechanism, against CSCAs in general-purpose operating systems. The proposed mechanism enhances the security and privacy capabilities of Linux as a proof of concept, which can be widely used in commodity systems without any hardware modifications. The detection-based mitigation mechanism is also able to work on recently reported computational attacks like Spectre and Meltdown, which exploit the residual micro-architectural cache states that are left after speculative execution.

Bio: Maria MUSHTAQ received her PhD in Information Security from the University of South Brittany (UBS), France, in 2019. She was awarded the French regional scholarship for her PhD. Currently, she is working as a CNRS Postdoctoral Researcher at LIRMM, University of Montpellier (UM), France under “excellence post-doc grant”.

---

Thursday 11 March 2021 – Teams – 11h

Nicolas Bellec (Inria): Adapting Data-Flow Integrity to Real-Time Systems

Talk outline: Data-Flow Integrity aims at preventing memory-corruption attacks by ensuring at runtime that the data-flow of the program does not deviate from the statically analyzed data-flow. This property can be used to protect against a wide range of attacks, from Return-Oriented Programming to more subtle non-control data attacks. In our current work, we try to adapt this protection to real-time systems where the predictability of the system has as much importance as its performance. In particular, we aim at improving the upper bound of the execution time, also called Worst-Case Execution Time (WCET), of protected programs by performing iterative optimizations on the computed WCET path.

Bio: Nicolas Bellec is PhD student at PACAP where he studies how to improve the security of Real-Time systems. His previous work was on detecting Control-Flow deviation by detecting timing anomalies.

---

Thursday 11 February 2021 – Teams – 11h

Cyrius Nugier (LAAS): Post-Quantum Cryptography: Introduction and Perspectives 

Talk outline: This presentation aims to explain how the arrival of quantum computers will change the cryptographic landscape in the upcoming years. I will present how quantum algorithms will make our current standards obsolete. There will also be an introduction to the upcoming post-quantum cryptographic standards and their mathematical basis. I will also talk about security issues against side channel attacks and ongoing research directions.

Bio: Cyrius Nugier is a PhD student at LAAS-CNRS, Toulouse. He works on post-quantum cryptography on primitives optimization and side-channel protection.

---

Thursday 21 January 2021 – Teams – 11h

Mathieu Gestin (Inria): Anonymous Credential With Hidden Issuer 

Talk outline: A verifiable claim, is a claim that a user makes about himself, verified and signed by an Issuer. This user can then prove a statement to a Verifier, using only his Verifiable Claim. An Anonymous Claim is a Claim that doesn’t disclose the user Identity during the verification process. The Verifier only needs to know and trust the Issuer of the claim to be convinced by what is written on it. We will present a new scheme, improving the privacy of the user, by not disclosing the Issuer identity.

Bio: Mathieu Gestin is an M2 intern in WIDE, a joint research team of Inria and IRISA.

---

Thursday 7 January 2021 – Teams – 11h

Romain Cayre and Florent Galtier (LAAS): Overview of security in wireless communication protocols 

Talk outline: With the evergrowing expansion of the Internet of Things (IoT), and the progressive integration of wireless protocols in industrial contexts, Wireless Local Area Networks (WLAN) security becomes a growing concern in modern industries and Smart Homes. As such, we, in our Ph.D. theses, studied different aspects of this topic. We will present a framework designed for modularity oriented towards IoT offensive security, developed by Romain, along with various vulnerabilities found in common WLAN protocols. Then we will discuss possible counter-measures against those threats and a new low-cost method for intrusion detection in such wireless environments.

Bio: Romain Cayre and Florent Galtier are Ph.D. students at LAAS-CNRS laboratory, in Toulouse, France. They work on wireless communications vulnerabilities.

---

Thursday 3 December 2020 – Teams – 11h

Mathieu Escouteloup (CentraleSupélec): Preventing timing information leakages from the microarchitecture

Talk outline: Numerous timing side-channels attacks have been proposed in recent years, showing that all shared states inside the CPU microarchitecture are potential threats. Nevertheless, any hardware protection against these threats involves to slightly modify the instruction set architecture (ISA), to communicate informations from the software to the hardware. In this presentation, we will see what design principles can be extracted from these attacks, how we have modified the instruction set to tackle the whole problem, and what is the impact on both hardware and software sides.

Bio: Graduated from the field of microelectronics, Mathieu is now a Ph.D. student since octobre 2018 in the CIDRE team. His interests are the security of system hardware, particulary CPU microarchitecture.

---

Monday 9 March 2020 – CentraleSupelec – 10h

Emmanuel Fleury (Bordeaux University): Binary Code Analysis: What’s new and What’s next?

Talk outline: Binary code analysis appeared around the year 2000, with the raise of fuzzing tools and SMT-solvers, it grew up as a research domain since then. We will introduce the domain of binary code analysis with its limitations, present recent discoveries in fuzzing techniques and in symbolic execution and see how they can be combined to improve binary code analysis in the next few years.

Bio: Emmanuel Fleury is an associate professor at Bordeaux University since 2005. He took part to the development of the Insight binary analysis tool and to the BINCOA project around 2008-2012. He is in charge of the computer security part of the Master of Cryptology and Computer Security at University of Bordeaux and teach computer security and reverse-engineering there.

---

Tuesday 13 Februrary 2020 – Inria – 14h

Mathilde Ollivier (CEA Saclay): How to kill symbolic deobfuscation for free

Talk outline: Code obfuscation is a major tool for protecting software intellectual property from attacks such as reverse engineering or code tampering. Yet, recently proposed (automated) attacks based on Dynamic Symbolic Execution (DSE) shows very promising results, hence threatening software integrity. Current defenses are not fully satisfactory, being either not efficient against symbolic reasoning, or affecting runtime performance too much, or being too easy to spot. We present and study a new class of anti-DSE protections coined as path-oriented protections targeting the weakest spot of DSE, namely path exploration. We propose a lightweight, efficient, resistant and analytically proved class of obfuscation algorithms designed to hinder DSE-based attacks. Extensive evaluation demonstrates that these approaches critically counter symbolic deobfuscation while yielding only a very slight overhead.

Bio: Mathilde Ollivier, en 3ème année de thèse au CEA Saclay. J’étudie l’exécution symbolique dynamique et ses applications dans le domaine de l’obfuscation.

---

Friday 31 January 2020 – CentraleSupélec – 10h

Julia Lawall (Inria): Coccinelle: 10 Years of Automated Evolution in the Linux Kernel

Talk outline: The Coccinelle C-program matching and transformation tool was first released in 2008 to facilitate specification and automation in the evolution of Linux kernel code. Coccinelle allows software developers to write code manipulation rules in terms of the code structure itself, via a generalization of the patch syntax. Over the years, Coccinelle has been extensively used in Linux kernel development, resulting in almost 8000 commits to the Linux kernel, and has found its place as part of the Linux kernel development process. This talk gives an overview of the impact of Coccinelle on Linux kernel development and the features of Coccinelle that have made it possible. We will briefly present two more recent tools, Prequel and Spinfer, that build on Coccinelle to help developers better benefit from the information found in software change histories.

Bio: Julia Lawall is a senior researcher at Inria-Paris, working at the intersection of programming languages, software engineering, and systems. She also contributes to the Linux kernel based on the results of her research. This work is done in collaboration with Gilles Muller.

---

Thursday 12 December 2019 – Inria- 14h

Mathieu Escouteloup (CentraleSupélec): Sécurité de la microarchitecture des CPUs

Talk outline: La découverte des attaques de type Spectre et Meltdown, et de leurs nombreuses variantes depuis, a mis en évidence la possibilité d’exploiter la microarchitecture des CPUs afin d’exfiltrer des données. La complexité des mécanismes remis en cause rend l’application de simples patches finalement peu efficace. Nous verrons donc pourquoi il est nécessaire d’intégrer des contraintes de sécurité dès la conception, et quel nouveau rôle doit jouer le jeu d’instructions.

Bio: Diplômé dans le domaine de la microélectronique, Mathieu est actuellement en thèse depuis octobre 2018 au sein de l’équipe CIDRE. Il s’intéresse à la sécurité des composantes matériels des systèmes, et plus particulièrement de la microarchitecture des CPUs.