Espace membre

Cet espace est dédié aux étudiants, aux enseignants et au personnel administratif de l'école


Mot de passe oublié?



Doctorate thesis defense of Yosra Lakhdhar

Doctorate thesis defense on March 26th 2021 at 09H00 ,in Sup’Com Amphitheater Ibn Khaldoun.

Entitled :Active Cyber Defense: Modeling, Design and Analytics

Presented by :Yosra Lakhdhar


President :

Mr. Adel Ghazel

Professor at SUP'COM, University of Carthage




Reporters :

Mr. Faouzi Zarai

Professor, ENET’COM, University of Sfax


Mrs. Kaouther Sethom

Professor, ENICarthage, University of Carthage


Examiner :

Mr. Nabil Tabbane

Professor, SUP’COM, University of Carthage




Thesis Supervisor :

Mr. Slim Rekhis

Professor at SUP'COM, University of Carthage


Active Cyber Defense (ACD) has emerged as a branch of security capable of proactively and predictively fighting against cyber security attacks, while calling for the use of advanced analytics and cyber intelligence approaches and models.

The main objective of this thesis is to provide active cyber defense models, designs, and analytics to proactively detect and react to cyber attacks. Four contributions are achieved. First, we propose graph-based active cyber defense models and analytics that ensure the proactive attack detection and reaction, as well as the sustainability of critical systems’ missions. Semantically rich graphs are proposed to describe cyber systems and study the cyber attacks’ impact on critical mission accomplishment. To predict damage occurrence starting from incomplete collected data, and proactively react to malicious detected events, an observation-based technique is proposed. Second, we develop a context-based ACD model that allows the generation of both known and unknown attack scenarios starting from the formal description of cyber system, and assesses the system' ability in defending against their execution under a predefined context. We also develop Global and Observed Local Scenario to ensure a step-by-step assessment of a system’s ability to defend against executed attacks and identify the step at which the scenario can be blocked. Third, we develop a Visibility-based ACD model to prove system compromise in proactive (before damage occurrence), instantaneous (at the moment of damage occurrence), or reactive (after damage occurrence) way, even if the security solutions are unable to straightforwardly assess the damage property. Fourth, we develop a game theoretic active cyber defense model for deploying forensic ready systems. The proposed game is a non-cooperative two-player game between: (a) an adaptive cyber defender that deploys a cognitive security solution to increase the investigation readiness and reduce the attackers’ untraceability while spending a reasonable cost; and (b) a strategic cyber attacker that tries to execute non-provable attacks with a low cost. The model is used to design a cognitive security solution that takes strategic decisions, based on its ability to make forensic experts able to differentiate between provable identifiable, provable non-identifiable, and non-provable attack scenarios, starting from the expected evidence to be generated.

Keywords :

Active Cyber Defense, Attacks and Observations, Contextualization, Game Theory, Sustainability, Visibility.