SIMULATION DE CYBERATTAQUES DANS UN ENVIRONNEMENT VIRTUEL : ÉTUDE DE CAS SUR LA DÉTECTION DES MENACES
DOI :
https://doi.org/10.59277/RRST-EE.2026.1.24Mots-clés :
Cybersécurité, Sécurité des réseaux, Tests d'intrusion, Simulation virtuelle, Piratage éthiqueRésumé
Dans cette étude, nous présentons comment nous avons simulé des cyberattaques dans un environnement virtuel contrôlé afin d'évaluer la sécurité et les capacités de détection d'un système Windows 7. À l'aide d'outils de test d'intrusion courants, nous avons recréé des scénarios réalistes, notamment l'analyse des ports, les tentatives de connexion par force brute, le craquage de mots de passe à partir de hachages NTLM et le hameçonnage à l'aide de sites web clonés. Nos conclusions ont révélé que les systèmes obsolètes, lorsqu'ils ne sont pas mis à jour et mal surveillés, sont particulièrement vulnérables, soulignant ainsi la nécessité de mises à jour régulières, de pratiques de mot de passe fortes et d'une surveillance en temps réel pour réduire les risques, tout en fournissant des informations sur la manière de tester et de renforcer ces environnements contre différentes cybermenaces.
Références
(1) I.C. Bogdan, E. Simion, Cybersecurity assessment and certification of critical infrastructures, U.P.B. Scientific Bulletin, Series C, 86, 4 (2024).
(2) Z. Zhang, H.A. Hamadi, E. Damiani, C.Y. Yeun, F. Taher, Explainable artificial intelligence applications in cyber security: state-of-the-art in research, IEEE Access, 10, pp. 93104–93139 (2022).
(3) B.K. Mamade, D.M. Dabala, Exploring the correlation between cyber security awareness, protection measures, and the state of victimhood: the case study of Ambo University's academic staff, Journal of Cyber Security and Mobility, 10, 4, pp. 699–724 (2021).
(4) I. Ahmad, F., Rodriguez, T., Kumar, J., Suomalainen, S.K., Jagatheesaperumal Walter, Communications security in industry X: a survey, IEEE Open Journal of the Communications Society, 5, pp. 982–1025 (2024).
(5) A. Arteche, C. Asher, C. Bull, H. Dare, I. Datey, E. Elshoff, M. Mahmoud, Data approach to biometrics in cybersecurity with related risks, 2022 International Conference on Computational Science and Computational Intelligence, Las Vegas, NV, pp. 1059–1066 (2022).
(6) S. Jain, P. Ashok, S. Prabhu, Emerging technologies for cybersecurity in healthcare: evaluating risks and implementing standards, 2024 International Conference on Cybernation and Computation, Dehradun, India, pp. 725–731 (2024).
(7) M. Xiao, A. Sellars, S. Scheffler, When anti-fraud laws become a barrier to computer science research, arXiv preprint arXiv:2502.02767 (2025).
(8) A.-I. Concea-Prisăcaru, T. Nițescu, V. Sgârciu, SDLC and the importance of software security, U.P.B. Scientific Bulletin, Series C, 85, 1 (2023).
(9) A.J. Burstein, Conducting cybersecurity research legally and ethically, First USENIX Workshop on Large-Scale Exploits and Emergent Threats, San Francisco, CA (2008).
(10) K. Macnish, J. van der Ham, Ethics in cybersecurity research and practice, Technology in Society, 63, 101382 (2020).
(11) H. Jiang, T. Choi, R.K.L. Ko, Pandora: a cyber range environment for the safe testing and deployment of autonomous cyber attack tools, arXiv preprint arXiv:2009.11484 (2020).
(12) P. Cao, Z. Kalbarczyk, R.K. Iyer, Security testbed for preempting attacks against supercomputing infrastructure, arXiv preprint arXiv:2409.09602 (2024).
(13) Y. Wan, X. Shi, X. Zhao, J. Cao, Distributed secure consensus tracking of multiagent systems under hybrid cyberattacks: an event-triggered neuroadaptive approach, IEEE Systems, Man, and Cybernetics Magazine, 10, 4, pp. 77–91 (2024).
(14) T.-T. Nguyen, R. Kadavil, H. Hooshyar, A real-time cyber-physical simulation testbed for cybersecurity assessment of large-scale power systems, IEEE Transactions on Industry Applications, 60, 6, pp. 8329–8340 (2024).
(15) S.T. Velayudhan, K. Devi, BUFIT: fine grained dynamic burst fault injection tool for embedded field programmable gate array testing, Rev. Roum. Sci. Techn. – Électrotechn. et Énerg., 69, 3, pp. 299–304 (2024).
(16) Z. Liu, L. Meng, Q. Zhao, F. Li, M. Song, Y. Jian, H. Tian, Authenticated key agreement scheme based on blockchain for AMI communication security, Rev. Roum. Sci. Techn. – Électrotechn. et Énerg., 68, 2, pp. 218–223 (2023).
(17) C.-G. Dumitrache, C.V. Marian, G. Predusca, F.M. Barbu, M. Neferu, Wireless authentication system for internet of things using FreeRADIUS and blockchain, Rev. Roum. Sci. Techn. – Électrotechn. et Énerg., 70, 4, pp. 585–590 (2025).
(18) I. Nedyalkov, Study the level of network security and penetration tests on power electronic device, Computers, 13, 3, 81 (2024).
(19) B. Nijssen, L. Langer, Comparing security vulnerabilities in Windows 7 and Windows 10 (2020).
(20) P. Kaluarachchi, C. Attanayake, S. Rajasooriya, C. Tsokos, An analytical approach to assess and compare the vulnerability risk of operating systems, International Journal of Computer Network and Information Security, 12, pp. 1–10 (2020).
(21) H. Ai, REMnux: a Linux distro for malware analysis and reverse engineering, Undercode Testing (2025), https://undercodetesting.com/remnux-a-linux-distro-for-malware-analysis-and-reverse-engineering/ (Accessed: Jun. 18, 2025).
(22) P. Paganini, REMnux: malware analysis, Security Affairs (2020), https://securityaffairs.com/106380/malware/remnux-malware-analysis.html (Accessed: Jun. 18, 2025).
(23) ***Ingress and egress firewall rules, Netgate Documentation, https://docs.netgate.com/pfsense/en/latest/firewall/ingress-egress.html (Accessed: Jun. 18, 2025).
(24) J.M. Pittman, Machine learning and port scans: a systematic review, arXiv preprint arXiv:2301.13581 (2023).
(25) L. Livera, Top 50 common types of cybersecurity attacks: a comprehensive guide, LinkedIn (2025), https://www.linkedin.com/pulse/top-50-common-types-cybersecurity-attacks-guide-lahiru-livera-ndcwc (Accessed: Jun. 18, 2025).
(26) C. Harry, I. Sivan-Sevilla, M. McDermott, Measuring the size and severity of the integrated cyber attack surface across US county governments, Journal of Cybersecurity, 11, 1, tyae032 (2025).
(27) Z. Liu, Working mechanism of EternalBlue and its application in ransomworm, arXiv preprint arXiv:2112.14773 (2021).
(28) ***Privilege escalation – Windows introduction, InfoSec39 (2025), https://infosec39.home.blog/2025/01/17/privilege-escalation-windows-introduction (Accessed: Jun. 18, 2025).
(29) D.N. Răceanu, C.V. Marian, Cybersecurity virtual labs for pentesting education, The 13th International Symposium on Advanced Topics in Electrical Engineering, Romania (2023).
(30) R.Ş. Lungu, O.A. Frasin, C.V. Marian, Design and implementation of lightweight virtualized firewalls for industrial cybersecurity and medical services, The 2025 IEEE International Black Sea Conference on Communications and Networking, Moldova (2025).
(31) B.-I. Ciubotaru, V.-G. Sasu, A. Vasilateanu, A. Mitrea, N. Goga, Improved secure internet of things system using web services and low-power single-board computers, The 8th IEEE International Conference on E-Health and Bioengineering, Romania (2020).
(32) G. Thiyagarajan, V. Bist, P. Nayak, The hidden dangers of outdated software: a cyber security perspective, International Journal of Scientific Research in Computer Science, Engineering and Information Technology, 11 (2025).
(33) V. Duvvur, Securing the future: strategies for modernizing legacy systems and enhancing cybersecurity, Journal of Artificial Intelligence & Cloud Computing, 1, pp. 1–3 (2022).
Téléchargements
Publiée
Numéro
Rubrique
Licence
(c) Copyright REVUE ROUMAINE DES SCIENCES TECHNIQUES — SÉRIE ÉLECTROTECHNIQUE ET ÉNERGÉTIQUE 2026
Ce travail est disponible sous licence Creative Commons Attribution - Pas d'Utilisation Commerciale - Pas de Modification 4.0 International.
