Skip to main content
lsi card

Master CA

DESS in Cybersecurity

success

Status: Completed Successfully (2026) The academic journey has been fulfilled, and the graduate diploma has been officially achieved with an outstanding academic record.

The graduate course of study was carried out in Canada, precisely at UQO (Université du Québec en Outaouais), enrolled in the Diplôme d'études supérieures spécialisées en cybersécurité (Program 1454).

📊 Academic Record & Official Results

Here is the official breakdown of the achievements and grades obtained during the Winter 2026 term (Trimestre H.2026):

Course CodeCourse TitleCreditsFinal Grade
CYB6003Techniques de cryptographie3.0A
CYB6033Rens. sur les cybermenaces et analyse de risques de cyb3.0A-
CYB6043Atelier pratique en cybersécurité3.0A+
CYB6053Sécurité des sys. embarqués et de l'internet des objets3.0A-
CYB6063Méth. avancées en cybersé. basée sur l'intellig. artifi.3.0A+

🎯 Key Specializations Covered

  • Advanced AI in Cyber: Deep dive into advanced methods in cybersecurity driven by Artificial Intelligence (CYB6063).
  • Practical Hands-on Labs: Intensive practical workshops focusing on real-world cyber defense scenarios (CYB6043).
  • IoT & Embedded Security: Mitigating threats and securing smart devices and embedded ecosystems (CYB6053).
  • Risk Analysis & Intelligence: Threat intelligence gathering and corporate cyber risk modeling (CYB6033).

Below are some details of some projects on the subjects where significant projects have been carried out 😊

🧠 Advanced Methods in Cybersecurity Based on AI

Project: Password Strength Analysis and Classification via ML

Developed entirely within a Google Colab environment, this applied research project addressed the limitations of classical rule-based authentication systems by implementing intelligent predictive models capable of classifying password strength into three tiers: Faible/Weak (0), Medium (1), and Fort/Strong (2).

📈 Dataset & Exploratory Data Analysis (EDA)

Model training was conducted on the Password Strength Checker Dataset (Kaggle), meticulously cleaned of null values and redundancies, resulting in a corpus of 669,469 real-world passwords. The EDA highlighted strong discriminative indicators across classes:

  • String Length: Identified as the primary predictive feature, with the average length escalating from 6.55 characters (Weak class) up to 15.93 characters (Strong class).
  • Uppercase Characters: A binary signal that was virtually absent in the lower two classes, but overwhelmingly present (92.24%) in the Strong class.
  • Shannon Entropy: Confirmed the logical consistency of the classification, displaying a strictly monotonic growth across tiers (2.45 → 2.95 → 3.70 bits).

🛠️ Engineering Pipeline & Feature Extraction

To process raw text and optimize predictive accuracy, a structured methodology was engineered:

  1. Vector Representation (TF-IDF): Configured explicitly at the character level (analyzer='char') with a character n-gram range set from $(1,3)$ and a maximum limit of 5,000 features. This approach successfully maps internal sequences and sub-string patterns, bypassing the failures of traditional word-based tokenizers.
  2. Hybrid Feature Engineering: 15 additional calculated numerical features (specific lengths, character type counts, and entropy metrics) were injected into the pipeline to maximize precision within overlapping class boundaries.

🔬 Class Imbalance Management & Evaluated Benchmarks

Given the natural prevalence of the Medium class (74.2%), four architectural variations were developed and benchmarked:

  • v2.1 (Baseline): Natural distribution without dataset modifications.
  • v2.3 (Undersampling): Perfect balance (33%/33%/33%) by artificially reducing samples to 83,000 per class.
  • v2.4 (Cost-Sensitive): Full dataset utilizing penalizing weights (class_weight/sample_weight) integrated directly into the models.
  • v2.5 & v2.6 (Advanced Hybrid): Leveraging the combined power of TF-IDF and custom numerical Feature Engineering, the LightGBM-based architecture achieved an outstanding top accuracy of 99.97%.

11 Machine Learning algorithms were trained, evaluated, and cross-referenced (using confusion matrices, ROC-AUC curves, and F1-Macro scores):

  • Standard & Probabilistic Models: Logistic Regression, Naive Bayes, Support Vector Machines (LinearSVC).
  • Tree-based & Ensemble Models: Decision Tree, Random Forest, Extra Trees, Gradient Boosting, XGBoost, LightGBM, and CatBoost.
  • Neural Networks: Multilayer Perceptron (MLP).
  • Deep Learning: Preliminary research into Recurrent Neural Networks (RNN) and Large Multimodal Models (LMM) for extended analytical tasks.

🔒 IoT Network and Infrastructure Security on AWS

Project: Design and Implementation of a Secure and HA IoT Infrastructure

This project involved the logical design, network architecture, and end-to-end production deployment on Amazon Web Services (AWS) to ingest, protect, process, and visualize industrial IoT telemetry for a simulated enterprise environment (TechMedia).

🌐 Network Segmentation (VPC & Defense in Depth)

The system is hosted within an isolated Amazon VPC (CIDR 10.1.0.0/16) and strictly segmented into four dedicated security zones distributed across Availability Zones to guarantee resilience, each governed by specific NACLs (stateless) and Security Groups (stateful):

  • DMZ-A (Subnet: 10.1.1.0/24): Hosts the primary MQTT broker (Gw1), a Snort IDS intrusion detection instance, and a NAT Gateway to securely route outbound traffic from the private zone.
  • DMZ-B (Subnet: 10.1.3.0/24): Hosts the backup MQTT broker (Gw2), establishing multi-zone High Availability (HA).
  • MGMT Zone (Subnet: 10.1.4.0/24): An isolated administrative subnet containing an SSH Bastion Host. Access to all VPC instances relies exclusively on SSH agent forwarding, ensuring private keys are never stored on or transmitted through the bridge server.
  • Private Zone (Subnet: 10.1.2.0/24): A highly protected subnet with no public IP addresses, dedicated entirely to data processing and internal storage.

🔐 Data Flow & MQTTS Encryption Architecture

The lifecycle of telemetry data is hardened throughout its entire transit pipeline:

  1. Secure Channel (MQTTS): Edge field sensors transmit encrypted data over port 8883 utilizing the MQTTS (MQTT over TLS 1.3) protocol.
  2. TLS Termination (SSL Offloading): Traffic converges on a public Network Load Balancer (NLB) paired with an SSL certificate from AWS Certificate Manager (ACM). The NLB validates and handles the TLS 1.3 offloading, forwarding cleartext traffic internally via TCP over port 1883 to the backend Mosquitto brokers, drastically reducing CPU overhead on the EC2 instances.
  3. Strict Access Control (ACLs): Anonymous access is fully disabled on the Mosquitto brokers (allow_anonymous false). Data isolation is enforced by binding ACLs that restrict edge devices to write-only permissions on their specific topics (devices/+/telemetry), while backend processes manage read permissions.

👁️ Active Monitoring, IDS (Snort), and Alerting via SNS

The overall security posture and threat detection capabilities are driven by a proactive monitoring framework:

  • Snort IDS: A dedicated EC2 instance runs Snort (v2.9.15.1) in daemon mode, inspecting traffic against over 3,900 community rules. The defensive setup was validated through targeted offensive scans using Nmap (XMAS -sX, NULL -sN, and aggressive SYN scans), all successfully intercepted and flagged as Priority 1 and 2 alerts by the IDS.
  • Log Pipeline & Alerting: An integrated CloudWatch Agent parses Snort's alert logs (/var/log/snort/alert) and streams them to a CloudWatch Logs Group. Upon detection of critical intrusion patterns, a CloudWatch Alarm instantly triggers an Amazon SNS notification, dispatching immediate alert emails to the security team.

📊 Data Ingestion & Real-Time Dashboard

Once cleared through the DMZ, metrics are routed into the private zone for historical logging and analytics:

  • Ingestion Engine: A private Ubuntu-based EC2 instance executes custom Python background scripts (ingest_mqtt.py and ingestion_db.py) subscribed to the broker topics. Telemetry data is simultaneously appended to a local chronological NDJSON file (telemetry.ndjson) and written into a structured SQLite database (capteurs.db).
  • Frontend Visualization: An interactive web dashboard built with Streamlit (app.py) continuously queries the SQLite database, generating real-time live charts and KPIs of the incoming sensor metrics. The interface is securely exposed externally via HTTPS mapping (mapping port 443 of the NLB to the internal port 8080 of the Streamlit application).

This is a reference about the diploma: D.E.S.S. in Cybersecurity