Article
Engineering, Electrical & Electronic
Shohei Kamamura, Yuhei Hayashi, Yuki Miyoshi, Takeaki Nishioka, Chiharu Morioka, Hiroyuki Ohnishi
Summary: This paper proposes Fast xFlow Proxy, a fast and scalable traffic monitoring system that can handle various packet processing operations at a wire rate. It has been successfully tested on a large carrier network for practical monitoring.
IEICE TRANSACTIONS ON COMMUNICATIONS
(2022)
Article
Engineering, Electrical & Electronic
Prosha Rahman, Boris Beranger, Scott Sisson, Matthew Roughan
Summary: This article introduces a likelihood-based analysis method that fully incorporates packet thinning and flow aggregation, enabling inference on individual packet-level models while only observing thinned flow summaries.
IEEE TRANSACTIONS ON SIGNAL AND INFORMATION PROCESSING OVER NETWORKS
(2022)
Article
Computer Science, Information Systems
Arman Pashamokhtari, Norihiro Okui, Yutaka Miyake, Masataka Nakahara, Hassan Habibi Gharakheili
Summary: Residential ISPs have limited visibility into devices in subscriber houses due to NAT technology, which makes home networks attractive targets for cyber attackers. This article introduces the use of IPFIX to infer connected IoT devices and ensure their cyber health without making changes to home networks. The study analyzes IPFIX records, trains a classification model, and develops deterministic models for cloud services consumed by IoTs.
IEEE INTERNET OF THINGS JOURNAL
(2023)
Proceedings Paper
Computer Science, Information Systems
Martin Fejrskov, Jens Myrup Pedersen, Emmanouil Vasilomanolakis
Summary: DNS hijacking is a security threat where malware changes the client DNS configuration to a malicious resolver. This paper proposes a method to detect client-based DNS hijacking by classifying public resolvers and using NetFlow-based features. Experimental results show that the classification of well-known and malicious servers can be achieved with an AUROC of 0.85.
2022 IEEE CONFERENCE ON COMMUNICATIONS AND NETWORK SECURITY (CNS)
(2022)
Article
Engineering, Civil
Nataline Simon, Olivier Bour, Nicolas Lavenant, Gilles Porel, Benoit Nauleau, Maria Klepikova
Summary: This study investigates the feasibility of using active-Distributed Temperature Sensing (DTS) measurements to monitor and quantify groundwater flux variations over time. The results show that temperature elevation is sensitive to flow conditions and can be used to characterize groundwater flux variations. The approach offers the possibility of continuously monitoring flux variations under certain flow conditions.
JOURNAL OF HYDROLOGY
(2023)
Article
Computer Science, Information Systems
Xiaodong Zang, Jian Gong, Maoli Wang, Peng Gao
Summary: This paper proposes an encryption-independent approach from a network-side perspective by analyzing the communication behavior of the IPs. It identifies similar service behavior clusters and infers whether they serve a fixed user group or provide interactive service. The proposed approach is verified using open-source benchmark datasets, synthetic datasets, and real Netflow data, and experimental results show its superiority over other state-of-the-art methods in terms of accuracy and recall rate. The work is also efficient for network management and security monitoring, as it can distinguish malicious behavior clusters.
IEEE TRANSACTIONS ON NETWORK AND SERVICE MANAGEMENT
(2023)
Article
Computer Science, Information Systems
Meenakshi Syamkumar, Yugali Gullapalli, Wei Tang, Paul Barford, Joel Sommers
Summary: This paper introduces BigBen, a network telemetry processing system designed for accurate and timely reporting of Internet events. By using passive measurements of Network Time Protocol (NTP) traffic, BigBen is able to identify various Internet events characterized by their location, scope, and duration, and provide more event details compared to active probe-based detection systems. Additionally, BigBen can confirm and provide missing event details from third-party reports.
IEEE TRANSACTIONS ON NETWORK AND SERVICE MANAGEMENT
(2022)
Article
Computer Science, Hardware & Architecture
Mohanad Sarhan, Siamak Layeghy, Marius Portmann
Summary: This paper proposes and evaluates standard NIDS feature sets based on the NetFlow network meta-data collection protocol and system to address the lack of standard feature sets in current NIDS datasets. The NetFlow-based NIDS feature set allows for a fair comparison of ML-based network traffic classifiers across different NIDS datasets, potentially bridging the gap between academic research and practical deployment of such systems.
MOBILE NETWORKS & APPLICATIONS
(2022)
Article
Computer Science, Hardware & Architecture
Zhang Long, Wang Jinsong
Summary: Network traffic classification is crucial for various network activities, and machine learning methods are increasingly used due to the rise of encryption. However, the application of machine learning methods for network traffic classification using sampled NetFlow data is underdeveloped. This study proposes a network traffic classification module that combines NetFlow data with a deep neural network, and demonstrates its superior performance compared to other classifiers using real-world datasets.
Article
Computer Science, Hardware & Architecture
Poonam Rani, Preeti Kaur, Vibha Jain, Jyoti Shokeen, Sweety Nain
Summary: This paper proposes a secure architecture for a four-layer internet of things enabled health monitoring system that utilizes blockchain technology and transfer learning for data classification and communication. The proposed approach achieves high classification accuracy according to simulation results.
JOURNAL OF SUPERCOMPUTING
(2022)
Article
Computer Science, Artificial Intelligence
Shi Dong
Summary: This paper explores the use of network flow-level characteristics for identifying application types of traffic, introducing an improved support vector machine algorithm called CMSVM to address the data imbalance issue. Experimental results show that the CMSVM algorithm can reduce computation cost, improve classification accuracy, and solve the imbalance problem compared to other machine learning techniques.
EXPERT SYSTEMS WITH APPLICATIONS
(2021)
Article
Physics, Multidisciplinary
Mikolaj Komisarek, Marek Pawlicki, Rafal Kozik, Witold Holubowicz, Michal Choras
Summary: This study fills the research gap related to identifying and investigating valuable features in the NetFlow schema for effective machine-learning-based network intrusion detection. By applying feature selection techniques on five flow-based network intrusion detection datasets, an informative feature set has been established.
Article
Computer Science, Information Systems
Ignacio Samuel Crespo-Martinez, Adrian Campazas-Vega, Angel Manuel Guerrero-Higueras, Virginia Riego-DelCastillo, Claudia Alvarez-Aparicio, Camino Fernandez-Llamas
Summary: SQL injections are ranked in the OWASP Top 3 and can be detected or prevented by analyzing network datagrams. However, routers for handling heavy traffic loads are unable to apply the proposed solutions due to the need to study all packets in a computer network. This study demonstrates the possibility of detecting SQL injection attacks on flow data from lightweight protocols, achieving a detection rate of over 97% with a false alarm rate of less than 0.07% using a Logistic Regression-based model.
COMPUTERS & SECURITY
(2023)
Article
Chemistry, Analytical
Arkadiusz Sikorski, Fernando Solano Donado, Stanislaw Kozdrowski
Summary: Wireless sensor networks are essential for the Internet of Things, and this paper focuses on minimizing the cost of covering a sewer network by proposing a mixed-integer programming model and using the CPLEX solver. The study was conducted under selected scenarios determined by artificial and realistic datasets.
Article
Green & Sustainable Science & Technology
Ridha Ouni, Kashif Saleem
Summary: This paper reviews the related work on monitoring systems and proposes a framework based on Wireless Sensor Networks (WSN) for sensing readings from the environment, transmitting and storing them in the cloud, and accessing them through handheld devices when needed.
Article
Computer Science, Information Systems
Gianluca Perna, Martino Trevisan, Danilo Giordano, Idilio Drago
Summary: The third version of HTTP, HTTP/3, is in the final standardization phase and promises better security, flexibility, and performance benefits. Leading Internet companies such as Google, Facebook, and Cloudflare have already adopted HTTP/3 and it has shown significant performance advantages in high-latency or mobile networks.
COMPUTER COMMUNICATIONS
(2022)
Article
Multidisciplinary Sciences
Stanislav Spacek, Petr Velan, Pavel Celeda, Daniel Tovarnak
Summary: The dataset captures monitoring data from eight servers hosting more than 800 sites across a large campus network, suitable for training machine learning techniques for anomaly detection and identifying relationships between network traffic and events on web servers.
Article
Education & Educational Research
Valdemar Svabensky, Jan Vykopal, Pavel Celeda, Kristian Tkacik, Daniel Popovic
Summary: Hands-on cybersecurity training allows students and professionals to practice tools and improve their technical skills. Analyzing cybersecurity training data using data mining and machine learning techniques provides insights into students' typical behavior, mistakes, solution strategies, and difficult training stages.
EDUCATION AND INFORMATION TECHNOLOGIES
(2022)
Article
Education & Educational Research
Valdemar Svabensky, Jan Vykopal, Pavel Celeda, Lydia Kraus
Summary: This paper provides an in-depth insight into the recently growing research on collecting and analyzing data from hands-on training in security contexts. It surveys publications in this area and categorizes them according to the collected data, analysis methods, and application contexts, providing researchers, developers, and educators with an original perspective and practical recommendations.
EDUCATION AND INFORMATION TECHNOLOGIES
(2022)
Article
Multidisciplinary Sciences
Carlos Henrique Gomes Ferreira, Fabricio Murai, Ana P. C. Silva, Martino Trevisan, Luca Vassio, Idilio Drago, Marco Mellia, Jussara M. Almeida
Summary: Collective user behavior in social media applications has a significant impact on the spread of opinions and information. Current studies mainly analyze these behaviors using network models and user interactions. However, only a small part of the user interactions contribute to the actual investigation, and a large number of irrelevant interactions may blur the underlying structures and user communities driving the target phenomenon. To solve this problem, researchers have proposed several network backbone extraction techniques. However, there is currently a lack of clear methods for comparing and selecting the most suitable extraction method.
Article
Computer Science, Information Systems
Martino Trevisan, Francesca Soro, Marco Mellia, Idilio Drago, Ricardo Morla
Summary: Privacy protection is a priority on the Internet, and various methods have been used to limit personal information leakage. However, domain names are still visible to observers in the network. Efforts have been made to encrypt domain names, but this article shows that simple features and machine learning models can still recover encrypted domain names with high precision and recall. The effectiveness of padding-based mitigation is also evaluated, and it is found that all three attacks can still be successful despite padding. Therefore, more robust techniques are needed to protect end users' privacy.
ACM TRANSACTIONS ON INTERNET TECHNOLOGY
(2023)
Article
Computer Science, Information Systems
Razvan Beurana, Jan Vykopal, Daniela Belajova, Pavel Celeda, Yasuo Tan, Yoichi Shinoda
Summary: Cybersecurity training is vital for equipping the IT workforce with the necessary knowledge and skills to combat the increasing cybersecurity threats. This paper introduces a capability assessment methodology for cybersecurity training platforms, focusing on content representation, environment management, and training facilitation. The assessment tool is used to evaluate two open-source platforms, CyTrONE and ICYPO, and provides valuable insights for deploying or developing cybersecurity training platforms.
COMPUTERS & SECURITY
(2023)
Article
Computer Science, Information Systems
Luca Gioacchini, Luca Vassio, Marco Mellia, Idilio Drago, Zied Ben Houidi, Dario Rossi
Summary: Darknets are probes that listen to traffic reaching IP addresses that host no services. This traffic results from the actions of internet scanners, botnets, and misconfigured hosts. i-DarkVec is a methodology that uses Natural Language Processing techniques to learn meaningful representations of darknet traffic. The embeddings learned with i-DarkVec enable various machine learning tasks, such as identifying clusters of senders engaged in similar activities and solving the classification problem of associating unknown sources with coordinated actors. i-DarkVec leverages a scalable and robust incremental embedding learning approach, making it applicable to dynamic and large-scale scenarios.
ACM TRANSACTIONS ON INTERNET TECHNOLOGY
(2023)
Article
Computer Science, Hardware & Architecture
Martin Lastovicka, Martin Husak, Petr Velan, Tomas Jirsik, Pavel Celeda
Summary: Fingerprinting a host's operating system is a common yet risky task in network management. Existing approaches using TCP/IP header parameters or machine learning analysis of hosts' behavior are becoming obsolete due to the evolution of network traffic. This paper discusses the evolution of passive OS fingerprinting methods over the past twenty years, highlighting the challenges faced and the importance of behavioral analysis and machine learning in complementing the host differences in network stack settings. The evolution of OS fingerprinting was driven by factors such as network traffic encryption and privacy-preserving concepts in application protocols.
Article
Computer Science, Interdisciplinary Applications
Jan Vykopal, Pavel Seda, Valdemar Svabensky, Pavel Celeda
Summary: This study designs a unique and novel smart environment for adaptive cybersecurity skills training, which assigns a suitable learning path based on student data. The results show that students were assigned tasks with appropriate difficulty, enabling successful completion of the training. Students reported enjoyment and satisfaction with the training format.
IEEE TRANSACTIONS ON LEARNING TECHNOLOGIES
(2023)
Proceedings Paper
Computer Science, Hardware & Architecture
Martino Trevisan, Idilio Drago, Paul Schmitt, Francesco Bronzino
Summary: Recent developments in Internet protocols and services, such as Apple's iCloud Private Relay, aim to enhance security and privacy for users' traffic. However, our performance study shows that iCloud Private Relay can decrease speed test performance (up to 10x decrease) and negatively affect page load time and download/upload throughput in different scenarios. Despite this, the overlay routing introduced by the service may improve performance in some cases. Further investigations are needed to understand the implications of large-scale deployment of similar multi-hop privacy-enhancing architectures.
PASSIVE AND ACTIVE MEASUREMENT, PAM 2023
(2023)
Proceedings Paper
Computer Science, Artificial Intelligence
Matteo Boffa, Giulia Milan, Luca Vassio, Idilio Drago, Marco Mellia, Zied Ben Houidi
Summary: This study evaluates the application of Natural Language Processing (NLP) in honeypot attack activities and successfully uses clustering algorithms to identify attackers' goals. This is of great importance for automatically identifying attack patterns in honeypots and supporting security activities.
7TH IEEE EUROPEAN SYMPOSIUM ON SECURITY AND PRIVACY WORKSHOPS (EUROS&PW 2022)
(2022)
Proceedings Paper
Computer Science, Artificial Intelligence
Thomas Favale, Danilo Giordano, Idilio Drago, Marco Mellia
Summary: This paper revisits the visibility problem of honeypots from a horizontal perspective and deploys a flexible honeypot system to collect and analyze data from multiple services. The study reveals that some attackers focus on a few services while others target multiple services simultaneously. Furthermore, it provides an analysis of brute-force attacks against multiple services.
7TH IEEE EUROPEAN SYMPOSIUM ON SECURITY AND PRIVACY WORKSHOPS (EUROS&PW 2022)
(2022)
Proceedings Paper
Computer Science, Hardware & Architecture
Stanislav Spacek, Petr Velan, Pavel Celeda, Daniel Tovarnak
Summary: This paper proposes a new approach to encrypted web traffic monitoring by designing a method for correlating host-based and network monitoring data, analyzing correlation results, and identifying configurations that negatively affect correlation. The method is tested and evaluated on a dataset collected from a campus network.
PROCEEDINGS OF THE IEEE/IFIP NETWORK OPERATIONS AND MANAGEMENT SYMPOSIUM 2022
(2022)
Proceedings Paper
Computer Science, Artificial Intelligence
Rodolfo Valentim, Idilio Drago, Federico Cerutti, Marco Mellia
Summary: Domain squatting is an attacking technique that tricks users by exploiting the similarity between domain names, and sound-squatting is a specific type that targets the similarity in pronunciation. With the increasing popularity of intelligent speakers and voice-based navigation, there is a need for better methods to protect users from sound-squatting attacks. In this study, an AI-based approach is proposed to automatically generate sound-squatting candidates using text translation capabilities. The generated candidates are evaluated and classified according to their threat level, demonstrating the usefulness of automatic sound-squatting generation in proactively preventing abuse.
7TH IEEE EUROPEAN SYMPOSIUM ON SECURITY AND PRIVACY WORKSHOPS (EUROS&PW 2022)
(2022)
