Abdelkader Lahmadi

Abdelkader Lahmadi

Université de Lorraine

H-index: 17

Europe-France

Abdelkader Lahmadi Information

University

Université de Lorraine

Position

Associate Professor of Computer Science - ENSEM - LORIA

Citations(all)

975

Citations(since 2020)

557

Cited By

620

hIndex(all)

17

hIndex(since 2020)

12

i10Index(all)

31

i10Index(since 2020)

17

Email

University Profile Page

Université de Lorraine

Abdelkader Lahmadi Skills & Research Interests

network monitoring

network security

machine learning

Top articles of Abdelkader Lahmadi

Deep Reinforcement Learning for Automated Cyber-Attack Path Prediction in Communication Networks

Building an intelligent agent that mimics attackers and autonomously identifies attack paths in a network has emerged as a crucial strategy for discovering and keeping control over potential security breaches in a communication network. A full and realistic automation of network security analysis necessitates discarding assumptions about prior knowledge of the network structure, hence the process should not be considered completely observable. Instead, it should be treated as a black box that is partially observable and dynamically discoverable. This can be achieved through the use of deep reinforcement learning (RL) and representing the target network as a graph-based Partially Observable Markov Decision Process (POMDP). We have been utilizing CyberBattleSim, an experimental research platform that is designed to offer a simulated and abstract network environment, suited for RL training. We have enhanced its partial observability and redefined the observation and action spaces to deal with a local abstraction of the problem, allowing a neural network structure that is generalizable among topologies. The observation space will consist of partially visible evolving features for the source and the target nodes of the attack. The set of all possible exploitable vulnerabilities will instead represent the action space. Preliminary convergence results were obtained with a CyberBattleSim environment that represents a chain of alternating Windows and Linux vulnerable nodes that lead to a terminal node with a goal flag. These initial results demonstrate the potential of value-based, policy-based, and actor-critic techniques to discover an optimal …

Authors

Franco Terranova,Abdelkader Lahmadi,Isabelle Chrisment

Published Date

2024/1/21

Computer-implemented method for testing the cybersecurity of a target environment

A computer-implemented method for testing cybersecurity of a target environment. The method includes: receiving data from the target environment, the data including software elements; accessing a database of vulnerabilities, and extracting therefrom a list of vulnerabilities including all of the vulnerabilities associated with an element; and building a list of vulnerability chains on the basis of the list of vulnerabilities. The building includes: for each given vulnerability in the list of vulnerabilities, comparing consequences of the current vulnerability with the means of the given vulnerability; when a similarity is found, defining one or more new chains by adding the given vulnerability to each of the chains in the current list, adding the new chain (s) to the list of vulnerability chains, and repealing the receiving and the accessing with the given vulnerability as the current vulnerability, and the list of vulnerability chains as the …

Published Date

2023/7/13

Ml models for detecting qoe degradation in low-latency applications: A cloud-gaming case study

Detecting abnormal network events is an important activity of Internet Service Providers particularly when running critical applications (e.g., ultra low-latency applications in mobile wireless networks). Abnormal events can stress the infrastructure and lead to severe degradation of user experience. Machine Learning (ML) models have demonstrated their relevance in many tasks including Anomaly Detection (AD). While promising remarkable performance compared to manual or threshold-based detection, applying ML-based AD methods is challenging for operators due to the proliferation of ML models and the lack of well-established methodology and metrics to evaluate them and select the most appropriate one. This paper presents a comprehensive evaluation of eight unsupervised ML models selected from different classes of ML algorithms and applied to AD in the context of cloud gaming applications. We collect …

Authors

Joël Roman Ky,Bertrand Mathieu,Abdelkader Lahmadi,Raouf Boutaba

Journal

IEEE Transactions on Network and Service Management

Published Date

2023/7/11

Automated Placement of In-Network ACL Rules

Automatically deploying distributed Access Control Lists (ACLs) in a software-defined network can ensure their internal services and hosts connectivity, security and reliability. ACLs are often deployed in a switch using Ternary ContentAddressable Memory (TCAM). Since TCAM memory is often too limited to store a large ACL, one has to split the lists and distribute the parts on several switches in such a way that every packet travelling from a source to a destination undergoes the required match-action rules. In this paper, we develop and compare three algorithms based on graph theory and Reinforcement Learning (RL) techniques to automatically distribute ACLs across networks switches, while minimizing their TCAM memory occupancy. We compare the three algorithms on several network topologies to evaluate their efficiency in terms of memory occupancy.

Authors

Wafik Zahwa,Abdelkader Lahmadi,Michael Rusinowitch,Mondher Ayadi

Published Date

2023/6/19

An experimental testbed for 5g network security assessment

The Fifth Generation (5G) mobile networks are designed to provide a large range of services with stringent requirements in robustness and security. Thus, it is important to ensure that these networks fulfill these requirements and are resilient against attacks. To meet this challenge, experimental testbeds and tools are required to test and evaluate the security of 5G networks. This work presents an experimentation testbed and support tools for generating and injecting on the fly 5G packets to realize multiple security assessing tasks in particular fuzzing operations for vulnerabilities discovery. Our tool is implemented and tested within a controlled testbed environment built on top of a 5G standalone core server provided by a hardware base station (gNb) and uses an Software Defined Radio(SDR) card for radio transmission. We validate our testbed and the developed tools by successfully injecting at the 5G air interface …

Authors

Karim Baccar,Abdelkader Lahmadi

Published Date

2023/5/8

An Experimental Study of Denial of Service Attacks on a 5G COTS Hardware

While a significant efforts have been made in the specification and deployment of the 5th generation mobile systems (5G), there is a noticeable lack of practical experiments regarding its security. The 3GPP standardisation body has already defined numerous protocols, procedures and implementation guidelines for 5G. However, many of these requirements and procedures are missing assessment and experiments to validate their security conformance. In this paper we experiment and implement various DoS attacks in the 5G protocol stack by using a COTS 5G solution. we mainly show through these experiments that numerous potential misconfiguration and misuses pose significant threats to the security of 5G networks.

Authors

Karim Baccar,Abdelkader Lahmadi

Published Date

2023/10/16

Assessing unsupervised machine learning solutions for anomaly detection in cloud gaming sessions

Cloud gaming applications have gained great adoption on the Internet particularly benefiting from the wide availability of broadband access networks. However, they still fail to meet users’ quality requirements when accessed using cellular networks due to common wireless channel degradations. Machine Learning (ML) techniques can be leveraged to detect such anomalies during users’ cloud gaming sessions. In this respect, unsupervised ML approaches are particularly interesting since they do not require labeled datasets. In this work, we investigate these approaches to understand their performance and their robustness. Our dataset consists of game sessions played on the public Google Stadia Cloud Gaming servers. The game sessions are played using a 4G network emulation replicating the capacity variations sampled on a commercial 4G network. We compare different models ranging from traditional …

Authors

Joël Roman Ky,Bertrand Mathieu,Abdelkader Lahmadi,Raouf Boutaba

Published Date

2022/10/31

Characterization and troubleshooting of cloud gaming applications on mobile networks

Low-latency applications (cloud-gaming, cloud-robotics, metaverse...) have soared with the rapid evolution of Internet. Current network capacities (especially time-varying capacity networks like 4G/5G networks) struggle to ensure user QoE (Quality of Experience). There is therefore a need to collect, identify and analyze metrics specific to low-latency applications in network equipment (switches, base stations, UEs...) for efficient troubleshooting of user QoE degradation purposes.

Authors

Joël Roman Ky,Bertrand Mathieu,Abdelkader Lahmadi,Raouf Boutaba

Published Date

2022/6/27

Automatically distributing and updating in-network management rules for software defined networks

Software Defined Networks (SDN) heavily rely on diverse management rules (ACL, traffic control, etc. ) to satisfy security and business requirements of their associated services. As these networks are increasing in size and complexity, their management rules configured in devices are becoming more complex. These rules are constantly growing in size and it is challenging to distribute them across network devices with limited capacities. The most challenging task is to deploy rules updates in a fast and efficient way to avoid a security breach or to meet a service needs. In this paper, we extend our previous work on network management rules distribution by introducing an efficient update strategy. Through extensive experiments on several rule sets with single and multiple path topologies, we evaluate and analyze the performance of our strategy. Our obtained results show a reduction of up to 90% in update time.

Authors

Ahmad Abboud,Rémi Garcia,Abdelkader Lahmadi,Michaël Rusinowitch,Adel Bouhoula,Mondher Ayadi

Published Date

2022/4/25

BRAINS 2020 special issue: Blockchain research and applications for innovative networks and services.

Abstract Blockchain and Distributed Ledger Technologies (DLT) have the potential to disrupt all the industrial domains which involve coordination among autonomous resources. The first paper," Truthful Decentralized Blockchain Oracles" by Cai et al., presents a novel oracle protocol by proposing a peer prediction-based scoring scheme along with non-linear staking rules, aiming at extracting subjective data truthfully. FOCUS ON THE FOUR SELECTED PAPERS These four selected papers are addressing various timely issues for Blockchain research and applications, so the reader can get a snapshot of important topics in the domain.[Extracted from the article]Copyright of International Journal of Network Management is the property of Wiley-Blackwell and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may …

Authors

Abdelkader Lahmadi,Emmanuel Bertin,Ruidong Li

Journal

International Journal of Network Management

Published Date

2022/3/1

Benchmarking of lightweight cryptographic algorithms for wireless IoT networks

Cryptographic algorithms that can provide both encryption and authentication are increasingly required in modern security architectures and protocols (e.g. TLS v1.3). Many authenticated encryption systems have been proposed in the past few years, which has resulted in several cryptanalysis research work. In this same direction, the National Institute of Standards and Technology (NIST) is coordinating a large effort to find a new standard authenticated encryption algorithm to be used by resource-constrained and limited devices. In this paper, 12 algorithms of the 33 candidates of the Round 2 phase from NIST competition are being benchmarked on a real IoT test-bed. These 33 ciphers implement authenticated encryption with associated data which aims at preserving integrity, privacy and authenticity at the same time. In this work, we ported the 12 algorithms to different hardware platforms (an x86_64 PC, an AVR …

Authors

Soline Blanc,Abdelkader Lahmadi,Kévin Le Gouguec,Marine Minier,Lama Sleem

Journal

Wireless Networks

Published Date

2022/11

Automated Orchestration of Security Chains Driven by Process Learning

Connected devices, such as smartphones and tablets, are exposed to a large variety of attacks. Their protection is often challenged by their resource constraints in terms of CPU, memory and energy. Security chains, composed of security functions such as firewalls, intrusion detection systems and data leakage prevention mechanisms, offer new perspectives to protect these devices using software‐defined networking and network function virtualization. However, the complexity and dynamics of these chains require new automation techniques to orchestrate them. This chapter describes an automated orchestration methodology for security chains in order to secure connected devices and their applications. This methodology exploits process learning to establish behavioral models and infer security constraints represented as logical predicates. It then generates and merges a set of …

Authors

Nicolas Schnepf,Rémi Badonnel,Abdelkader Lahmadi,Stephan Merz

Journal

Communication Networks and Service Management in the Era of Artificial Intelligence and Machine Learning

Published Date

2021/10/12

Reinforcement and deep reinforcement learning for wireless Internet of Things: A survey

Nowadays, many research studies and industrial investigations have allowed the integration of the Internet of Things (IoT) in current and future networking applications by deploying a diversity of wireless-enabled devices ranging from smartphones, wearables, to sensors, drones, and connected vehicles. The growing number of IoT devices, the increasing complexity of IoT systems, and the large volume of generated data have made the monitoring and management of these networks extremely difficult. Numerous research papers have applied Reinforcement Learning (RL) and Deep Reinforcement Learning (DRL) techniques to overcome these difficulties by building IoT systems with effective and dynamic decision-making mechanisms, dealing with incomplete information related to their environments. The paper first reviews pre-existing surveys covering the application of RL and DRL techniques in IoT …

Authors

Mohamed Said Frikha,Sonia Mettali Gammar,Abdelkader Lahmadi,Laurent Andrey

Published Date

2021/10/1

Automated mapping of CVE vulnerabilties to MITRE ATT&CK Framework

This report is the synthesis of our work carried out within the INRIA research laboratory. The main objective of this project is to automate the mapping of the vulnerability database of MITRE CVE to the MITRE ATT&CK framework which is a set of knowledge base of tactics and techniques used in computer attacks. We implemented in this project an approach which is based on machine learning, as well as Natural Language Processing(NLP) to be able to process the textual data of the vulnerabilities and thus classify them through a classification algorithm. We also detailed the techniques used such as the pre-processing and post-processing methods implemented in order to improve the datasets quality and to therefore improve the prediction performance.

Authors

Karim Baccar,Abdelkader Lahmadi,Frédéric Beck

Published Date

2021/7/8

Practical security analysis of IoT devices

Security Analysis of IoT Devices Page 1 Security Analysis of IoT Devices Abdelkader Lahmadi, Frédéric Beck Abdelkader.lahmadi@loria.fr, Frederic.Beck@inria.fr IFIP/IEEE International Symposium on Integrated Network Management 21 May 2021 // Bordeaux, France Page 2 Outline • IoT devices overview (1h: 9h am -> 10h am) • Consumer and industrial IoT • Hardware and software architectures • Communication protocols (1h: 10h am -> 11h am) • Z-Wave protocol • Bluetooth Low Energy (BLE) protocol • IoT attacks and threats (2h: 11h15 am -> 1h15 pm) • Case studies and demonstrations • Protocols analysis: BLE and Zwave (4h: 2h15 -> 6h30 pm) • BLE Sniffing and hacking • ML based detection of MitM attack in BLE networks Page 3 Lab material • Demos and exercices https://gitlab.inria.fr/resist/tutorial-iot-security • How to detect a MitM attack in BLE network using Machine Learning https://colab.research.google.…

Authors

Abdelkader Lahmadi,Frédéric Beck

Published Date

2021/5/17

HSL: a cyber security research facility for sensitive data experiments

In this paper, we detail the design of a cybersecurity facility to carry reproducible and long term research activities in a safe environment, including malware collection and analysis, network telescopes and honeypots, or hosting critical services, without worrying about side effects or loss of data. The facility, aka High Security Lab (HSL), is running since 2010, and is widely used by multiple research groups to carry sensitive data cybersecurity experiments. It includes an evolving infrastructure with tools and processes for building and running long-term and reproducible cyber security experiments. We report on our experience and lessons learned from the design, the setup and the evolution of this facility during 10 years while focusing on major cybersecurity experiments that have been conducted by researchers.

Authors

Frédéric Beck,Abdelkader Lahmadi,Jérôme François

Published Date

2021/5/17

Multi-attribute monitoring for anomaly detection: a reinforcement learning approach based on unsupervised reward

This paper proposes a new method to solve the monitoring and anomaly detection problems of Low-power Internet of Things (IoT) devices. However, their performances are constrained by limited processing, memory, and communication, usually using battery-powered energy. Polling driven mechanisms for monitoring the security, performance, and quality of service of these networks should be efficient and with low overhead, which makes it particularly challenging. The present work proposes the design of a novel method based on a Deep Reinforcement Learning (DRL) algorithm coupled with an Unsupervised Learning reward technique to build a pooling monitoring of IoT networks. This combination makes the network more secure and optimizes predictions of the DRL agent in adaptive environments.

Authors

Mohamed Said Frikha,Sonia Mettali Gammar,Abdelkader Lahmadi

Published Date

2021/11/23

Double mask: An efficient rule encoding for software defined networking

Packet filtering is widely used in multiple networking appliances and applications, in particular, to block malicious traffic (protect network infrastructures through firewalls and intrusion detection systems) and to be deployed on routers, switches and load balancers for packet classification. This mechanism relies on the packet's header fields to filter such traffic by using range rules of IP addresses or ports. However, the set of packet filters has to handle a growing number of connected nodes and many of them are compromised and used as sources of attacks. For instance, IP filter sets available in blacklists may reach several millions of entries, and may require large memory space for their storage in filtering appliances. In this paper, we propose a new method based on a double mask IP prefix representation together with a linear transformation algorithm to build a minimized set of range rules. This representation …

Authors

Ahmad Abboud,Abdelkader Lahmadi,Michael Rusinowitch,Miguel Couceiro,Adel Bouhoulal,Mondher Avadi

Published Date

2020/2/24

Management plane for differential privacy preservation through smart contracts

Blockchain has emerged as a novel solution addressing a plethora of industrial issues in domains spanning from financial to educational. However, several challenges restrict the widespread adoption of the technology and data privacy, with throughput and scalability issues, ranks amongst the foremost. In this paper, we introduce a novel privacy management plane which integrates differential privacy to query existing relational databases through the blockchain as well as spearheads the use of blockchain for local differential privacy. The distinguishing feature in the latter is that the privacy management plane gives the data owners the right to perturb their data with the desired privacy budget, while in the former it gives the right to the data curator to change the privacy budget dynamically while answering queries through the blockchain. The paper also includes experimental evaluation of the developed privacy …

Authors

Nida Khan,Abdelkader Lahmadi,Zsofia Kräussl,Radu State

Published Date

2020/11/2

ThreatPredict: from global social and technical big data to cyber threat forecast

Predicting the next threats that may occurs in the Internet is a multifaceted problem as the predictions must be enough precise and given as most as possible in advance to be exploited efficiently, for example to setup defensive measures. The ThreatPredict project aims at building predictive models by integrating exogenous sources of data using machine learning algorithms. This paper reports the most notable results using technical data from security sensors or contextual information about darkweb cyber-criminal markets and data breaches.

Authors

Jérôme François,Frédéric Beck,Ghita Mezzour,Kathleen M Carley,Abdelkader Lahmadi,Mounir Ghogho,Abdellah Houmz,Hicham Hammouchi,Mehdi Zakroum,Narjisse Nejjari,Othmane Cherqi

Published Date

2020

R2-d2: Filter rule set decomposition and distribution in software defined networks

Software Defined Networks administrators can specify and smoothly deploy abstract network-wide policies. The rule sets of these policies are deployed in the forwarding tables of the available switches. In this paper, we propose a technique, named R2-D2, for decomposing and distributing a rule set on network switches of limited flow tables size, while preserving the network policy semantics. Through experiments on several rule sets with single dimension, we evaluate and analyse the performance of our rule decomposition techniques. Our results show that our technique is efficient in practice compared to existing techniques.

Authors

Ahmad Abboud,Rémi Garcia,Abdelkader Lahmadi,Michaël Rusinowitch,Adel Bouhoula

Published Date

2020/11/2

Leveraging Reinforcement Learning for Adaptive Monitoring of Low-Power IoT Networks

Low-power Internet of Things (IoT) networks are widely deployed in various environments with resource-constrained devices, making their states monitoring particularly challenging. In this paper, we propose an adaptive monitoring mechanism for low-power IoT devices, by using a reinforcement learning (RL) method to automatically adapt the polling frequencies of the collected attributes. Our goal is to minimize the number of monitoring packets while keeping accurate and timely detection of threshold crossings associated with supervised attributes. We study the various RL parameter settings under different monitoring attribute behaviors using the OpenAi Gym simulator. We implement the RL based adaptive polling in Contiki OS, and we evaluate its performance using the Cooja simulator. Our results show that our approach converges to optimal polling frequencies and outperforms static periodic notification-based …

Authors

Mohamed Said Frikha,Abdelkader Lahmadi,Sonia Mettali Gammar,Laurent Andrey

Published Date

2020/10/12

MitM attack detection in BLE networks using reconstruction and classification machine learning techniques

Internet of Things (IoT) devices, including smartphones and tablets, are widely deployed in various application domains ranging from smart homes to industrial environments. Many of these devices rely on Bluetooth Low Energy (BLE) as a communication protocol for their control or the transfer of data. Trivial attacks can easily target these devices to compromise them due to their low security features and inherent vulnerabilities in their software and communication components. In this paper, we firstly demonstrate a Man-in-the-Middle (MitM) attack against BLE devices while collecting datasets of network traffic data exchange with and without the attack. Secondly, we study the use of machine learning to detect this attack by combining unsupervised and supervised techniques. We applied and compared two unsupervised techniques to reconstruct the model of BLE communications and detect suspicious data batches …

Authors

Abdelkader Lahmadi,Alexis Duque,Nathan Heraief,Julien Francq

Published Date

2020/9/14

Detecting a stealthy attack in distributed control for microgrids using machine learning algorithms

With the increasing penetration of inverter-based distributed generators (DG) into low-voltage distribution microgrid systems, it is of great importance to guarantee their safe and reliable operations. These systems leverage communication networks to implement a distributed and cooperative control structure. However, the detection of stealthy attacks with a large impact and weak detection signals on such distributed control systems is rarely studied. In this paper, we address the problem of detecting a stealthy attack, named MaR, on the communication network of a microgrid while an attacker modifies the voltage measurement with the reference values. We collect datasets from a hardware platform modeled after a simplified microgrid and running the MaR attack performed with a Man-in-the-Middle (MitM) technique. We use the collected datasets to compare different attack detection algorithms based on multiple …

Authors

Mingxiao Ma,Abdelkader Lahmadi,Isabelle Chrisment

Published Date

2020/6/10

Efficient distribution of security policy filtering rules in software defined networks

Software Defined Networks administrators can specify and smoothly deploy abstract network-wide policies, and then the controller acting as a central authority implements them in the flow tables of the network switches. The rule sets of these policies are specified in the forwarding tables, which are usually accessed using very expensive and power-hungry ternary content-addressable memory (TCAM). Consequently, a given table can only contain a limited number of rules. However, various applications need large rule sets to perform filtering on diverse flows. In this paper, we propose several algorithms for decomposing and distributing a rule set on network switches of limited flow tables size, while preserving the network policy semantics. Through experiments on several rule sets with single and multiple dimensions, we evaluate and analyse the performance of our rule placement techniques. Our results show that …

Authors

Ahmad Abboud,Rémi Garcia,Abdelkader Lahmadi,Michaël Rusinowitch,Adel Bouhoula

Published Date

2020/11/24

See List of Professors in Abdelkader Lahmadi University(Université de Lorraine)

Abdelkader Lahmadi FAQs

What is Abdelkader Lahmadi's h-index at Université de Lorraine?

The h-index of Abdelkader Lahmadi has been 12 since 2020 and 17 in total.

What are Abdelkader Lahmadi's top articles?

The articles with the titles of

Deep Reinforcement Learning for Automated Cyber-Attack Path Prediction in Communication Networks

Computer-implemented method for testing the cybersecurity of a target environment

Ml models for detecting qoe degradation in low-latency applications: A cloud-gaming case study

Automated Placement of In-Network ACL Rules

An experimental testbed for 5g network security assessment

An Experimental Study of Denial of Service Attacks on a 5G COTS Hardware

Assessing unsupervised machine learning solutions for anomaly detection in cloud gaming sessions

Characterization and troubleshooting of cloud gaming applications on mobile networks

...

are the top articles of Abdelkader Lahmadi at Université de Lorraine.

What are Abdelkader Lahmadi's research interests?

The research interests of Abdelkader Lahmadi are: network monitoring, network security, machine learning

What is Abdelkader Lahmadi's total number of citations?

Abdelkader Lahmadi has 975 citations in total.

    academic-engine

    Useful Links