References of "State, Radu 50003137"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailCompiling packet forwarding rules for switch pipelined architecture
Hamadi, Salaheddine; Blaiech, Khalil; Valtchev, Petko UL et al

in IEEE INFOCOM 2016 - The 35th Annual IEEE International Conference on Computer Communications (2016, July 26)

Detailed reference viewed: 140 (3 UL)
Full Text
Peer Reviewed
See detailNDN.p4: Programming Information-Centric data-planes
Signorello, Salvatore UL; State, Radu UL; François, Jérôme et al

in Proceedings of the IEEE International Workshop on Open-Source Software Networking at NetSoft2016 (2016)

Detailed reference viewed: 190 (9 UL)
Full Text
See detailDeep Learning Concepts from Theory to Practice
Glauner, Patrick UL; State, Radu UL

Scientific Conference (2016, January 19)

Detailed reference viewed: 138 (10 UL)
Full Text
Peer Reviewed
See detailLarge-Scale Detection of Non-Technical Losses in Imbalanced Data Sets
Glauner, Patrick UL; Boechat, Andre; Dolberg, Lautaro et al

in Proceedings of the Seventh IEEE Conference on Innovative Smart Grid Technologies (ISGT 2016) (2016)

Non-technical losses (NTL) such as electricity theft cause significant harm to our economies, as in some countries they may range up to 40% of the total electricity distributed. Detecting NTLs requires ... [more ▼]

Non-technical losses (NTL) such as electricity theft cause significant harm to our economies, as in some countries they may range up to 40% of the total electricity distributed. Detecting NTLs requires costly on-site inspections. Accurate prediction of NTLs for customers using machine learning is therefore crucial. To date, related research largely ignore that the two classes of regular and non-regular customers are highly imbalanced, that NTL proportions may change and mostly consider small data sets, often not allowing to deploy the results in production. In this paper, we present a comprehensive approach to assess three NTL detection models for different NTL proportions in large real world data sets of 100Ks of customers: Boolean rules, fuzzy logic and Support Vector Machine. This work has resulted in appreciable results that are about to be deployed in a leading industry solution. We believe that the considerations and observations made in this contribution are necessary for future smart meter research in order to report their effectiveness on imbalanced and large real world data sets. [less ▲]

Detailed reference viewed: 107 (9 UL)
Full Text
Peer Reviewed
See detailNeighborhood Features Help Detecting Non-Technical Losses in Big Data Sets
Glauner, Patrick UL; Meira, Jorge Augusto UL; Dolberg, Lautaro et al

in Proceedings of the 3rd IEEE/ACM International Conference on Big Data Computing Applications and Technologies (BDCAT 2016) (2016)

Electricity theft occurs around the world in both developed and developing countries and may range up to 40% of the total electricity distributed. More generally, electricity theft belongs to non ... [more ▼]

Electricity theft occurs around the world in both developed and developing countries and may range up to 40% of the total electricity distributed. More generally, electricity theft belongs to non-technical losses (NTL), which occur during the distribution of electricity in power grids. In this paper, we build features from the neighborhood of customers. We first split the area in which the customers are located into grids of different sizes. For each grid cell we then compute the proportion of inspected customers and the proportion of NTL found among the inspected customers. We then analyze the distributions of features generated and show why they are useful to predict NTL. In addition, we compute features from the consumption time series of customers. We also use master data features of customers, such as their customer class and voltage of their connection. We compute these features for a Big Data base of 31M meter readings, 700K customers and 400K inspection results. We then use these features to train four machine learning algorithms that are particularly suitable for Big Data sets because of their parallelizable structure: logistic regression, k-nearest neighbors, linear support vector machine and random forest. Using the neighborhood features instead of only analyzing the time series has resulted in appreciable results for Big Data sets for varying NTL proportions of 1%-90%. This work can therefore be deployed to a wide range of different regions. [less ▲]

Detailed reference viewed: 112 (11 UL)
Full Text
Peer Reviewed
See detailExploring IoT Protocols Through the Information-Centric Networking's Lens
Signorello, Salvatore UL; State, Radu UL; Festor, Olivier

in Intelligent Mechanisms for Network Configuration and Security (2015, June)

Detailed reference viewed: 88 (2 UL)
Full Text
Peer Reviewed
See detailEmpirical assessment of machine learning-based malware detectors for Android: Measuring the Gap between In-the-Lab and In-the-Wild Validation Scenarios
Allix, Kevin UL; Bissyande, Tegawendé François D Assise UL; Jerome, Quentin UL et al

in Empirical Software Engineering (2014)

To address the issue of malware detection through large sets of applications, researchers have recently started to investigate the capabilities of machine-learning techniques for proposing effective ... [more ▼]

To address the issue of malware detection through large sets of applications, researchers have recently started to investigate the capabilities of machine-learning techniques for proposing effective approaches. So far, several promising results were recorded in the literature, many approaches being assessed with what we call in the lab validation scenarios. This paper revisits the purpose of malware detection to discuss whether such in the lab validation scenarios provide reliable indications on the performance of malware detectors in real-world settings, aka in the wild. To this end, we have devised several Machine Learning classifiers that rely on a set of features built from applications’ CFGs. We use a sizeable dataset of over 50 000 Android applications collected from sources where state-of-the art approaches have selected their data. We show that, in the lab, our approach outperforms existing machine learning-based approaches. However, this high performance does not translate in high performance in the wild. The performance gap we observed—F-measures dropping from over 0.9 in the lab to below 0.1 in the wild —raises one important question: How do state-of-the-art approaches perform in the wild ? [less ▲]

Detailed reference viewed: 418 (41 UL)
Full Text
Peer Reviewed
See detailPhishStorm: Detecting Phishing With Streaming Analytics
Marchal, Samuel UL; François, Jérôme UL; State, Radu UL et al

in IEEE Transactions on Network and Service Management (2014), 11(December), 458-471

Despite the growth of prevention techniques, phishing remains an important threat since the principal countermeasures in use are still based on reactive URL blacklisting. This technique is inefficient due ... [more ▼]

Despite the growth of prevention techniques, phishing remains an important threat since the principal countermeasures in use are still based on reactive URL blacklisting. This technique is inefficient due to the short lifetime of phishing Web sites, making recent approaches relying on real-time or proactive phishing URL detection techniques more appropriate. In this paper, we introduce PhishStorm, an automated phishing detection system that can analyze in real time any URL in order to identify potential phishing sites. PhishStorm can interface with any email server or HTTP proxy. We argue that phishing URLs usually have few relationships between the part of the URL that must be registered (low-level domain) and the remaining part of the URL (upper-level domain, path, query). We show in this paper that experimental evidence supports this observation and can be used to detect phishing sites. For this purpose, we define the new concept of intra-URL relatedness and evaluate it using features extracted from words that compose a URL based on query data from Google and Yahoo search engines. These features are then used in machine-learning-based classification to detect phishing URLs from a real dataset. Our technique is assessed on 96 018 phishing and legitimate URLs that result in a correct classification rate of 94.91% with only 1.44% false positives. An extension for a URL phishingness rating system exhibiting high confidence rate ( $>$ 99%) is proposed. We discuss in this paper efficient implementation patterns that allow real-time analytics using Big Data architectures such as STORM and advanced data structures based on the Bloom filter. [less ▲]

Detailed reference viewed: 509 (5 UL)
Full Text
Peer Reviewed
See detailPhishScore: Hacking Phishers' Minds
Marchal, Samuel UL; François, Jérôme UL; State, Radu UL et al

in Proceedings of the 10th International Conference on Network and Service Management (2014, November)

Despite the growth of prevention techniques, phishing remains an important threat since the principal countermeasures in use are still based on reactive URL blacklisting. This technique is inefficient due ... [more ▼]

Despite the growth of prevention techniques, phishing remains an important threat since the principal countermeasures in use are still based on reactive URL blacklisting. This technique is inefficient due to the short lifetime of phishing Web sites, making recent approaches relying on real-time or proactive phishing URLs detection techniques more appropriate. In this paper we introduce PhishScore, an automated real-time phishing detection system. We observed that phishing URLs usually have few relationships between the part of the URL that must be registered (upper level domain) and the remaining part of the URL (low level domain, path, query). Hence, we define this concept as intra-URL relatedness and evaluate it using features extracted from words that compose a URL based on query data from Google and Yahoo search engines. These features are then used in machine learning based classification to detect phishing URLs from a real dataset. [less ▲]

Detailed reference viewed: 214 (5 UL)
Full Text
Peer Reviewed
See detailA Big Data Architecture for Large Scale Security Monitoring
Marchal, Samuel UL; Jiang, Xiuyan; State, Radu UL et al

in Proceedings of the 3rd IEEE Congress on Big Data (2014, July)

Network traffic is a rich source of information for security monitoring. However the increasing volume of data to treat raises issues, rendering holistic analysis of network traffic difficult. In this ... [more ▼]

Network traffic is a rich source of information for security monitoring. However the increasing volume of data to treat raises issues, rendering holistic analysis of network traffic difficult. In this paper we propose a solution to cope with the tremendous amount of data to analyse for security monitoring perspectives. We introduce an architecture dedicated to security monitoring of local enterprise networks. The application domain of such a system is mainly network intrusion detection and prevention, but can be used as well for forensic analysis. This architecture integrates two systems, one dedicated to scalable distributed data storage and management and the other dedicated to data exploitation. DNS data, NetFlow records, HTTP traffic and honeypot data are mined and correlated in a distributed system that leverages state of the art big data solution. Data correlation schemes are proposed and their performance are evaluated against several well-known big data framework including Hadoop and Spark. [less ▲]

Detailed reference viewed: 516 (14 UL)
Full Text
Peer Reviewed
See detailA Forensic Analysis of Android Malware -- How is Malware Written and How It Could Be Detected?
Allix, Kevin UL; Jerome, Quentin UL; Bissyande, Tegawendé François D Assise UL et al

in Proceedings of the 2014 IEEE 38th Annual Computer Software and Applications Conference (2014, July)

We consider in this paper the analysis of a large set of malware and benign applications from the Android ecosystem. Although a large body of research work has dealt with Android malware over the last ... [more ▼]

We consider in this paper the analysis of a large set of malware and benign applications from the Android ecosystem. Although a large body of research work has dealt with Android malware over the last years, none has addressed it from a forensic point of view. After collecting over 500,000 applications from user markets and research repositories, we perform an analysis that yields precious insights on the writing process of Android malware. This study also explores some strange artifacts in the datasets, and the divergent capabilities of state-of-the-art antivirus to recognize/define malware. We further highlight some major weak usage and misunderstanding of Android security by the criminal community and show some patterns in their operational flow. Finally, using insights from this analysis, we build a naive malware detection scheme that could complement existing anti virus software. [less ▲]

Detailed reference viewed: 277 (16 UL)
Full Text
Peer Reviewed
See detailUsing opcode-sequences to detect malicious Android applications
Jerome, Quentin UL; Allix, Kevin UL; State, Radu UL et al

in IEEE International Conference on Communications, ICC 2014, Sydney Australia, June 10-14, 2014 (2014, June)

Recently, the Android platform has seen its number of malicious applications increased sharply. Motivated by the easy application submission process and the number of alternative market places for ... [more ▼]

Recently, the Android platform has seen its number of malicious applications increased sharply. Motivated by the easy application submission process and the number of alternative market places for distributing Android applications, rogue authors are developing constantly new malicious programs. While current anti-virus software mainly relies on signature detection, the issue of alternative malware detection has to be addressed. In this paper, we present a feature based detection mechanism relying on opcode-sequences combined with machine learning techniques. We assess our tool on both a reference dataset known as Genome Project as well as on a wider sample of 40,000 applications retrieved from the Google Play Store. [less ▲]

Detailed reference viewed: 189 (12 UL)
Full Text
Peer Reviewed
See detailLarge-scale Machine Learning-based Malware Detection: Confronting the "10-fold Cross Validation" Scheme with Reality
Allix, Kevin UL; Bissyande, Tegawendé François D Assise UL; Jerome, Quentin UL et al

in Proceedings of the 4th ACM Conference on Data and Application Security and Privacy (2014, March)

To address the issue of malware detection, researchers have recently started to investigate the capabilities of machine- learning techniques for proposing effective approaches. Sev- eral promising results ... [more ▼]

To address the issue of malware detection, researchers have recently started to investigate the capabilities of machine- learning techniques for proposing effective approaches. Sev- eral promising results were recorded in the literature, many approaches being assessed with the common “10-Fold cross validation” scheme. This paper revisits the purpose of mal- ware detection to discuss the adequacy of the “10-Fold” scheme for validating techniques that may not perform well in real- ity. To this end, we have devised several Machine Learning classifiers that rely on a novel set of features built from ap- plications’ CFGs. We use a sizeable dataset of over 50,000 Android applications collected from sources where state-of- the art approaches have selected their data. We show that our approach outperforms existing machine learning-based approaches. However, this high performance on usual-size datasets does not translate in high performance in the wild. [less ▲]

Detailed reference viewed: 288 (21 UL)
Full Text
See detailCorrectness of source code extension for fault detection in openflow based networks
Hermann, Frank UL; Hommes, Stefan UL; State, Radu UL et al

Report (2014)

Software Defined Networks using OpenFlow have to provide a re- liable way to detect network faults and attacks. This technical report shows a formal analysis of correctness for an automated code extension ... [more ▼]

Software Defined Networks using OpenFlow have to provide a re- liable way to detect network faults and attacks. This technical report shows a formal analysis of correctness for an automated code extension technique used to extend OpenFlow networks with a logging mecha- nism that is used for the detection of faults and attacks. As presented in a companion paper, we applied the code extension techniques for a framework that can extend controller programs transparently, making possible on-line fault management, debugging as well as off-line and forensic analysis. [less ▲]

Detailed reference viewed: 152 (37 UL)
Full Text
Peer Reviewed
See detailImplications and Detection of DoS Attacks in OpenFlow-based Networks
Hommes, Stefan UL; State, Radu UL; Engel, Thomas UL

in 2014 IEEE Global Communications Conference (2014)

In this paper, we address the potential of centralised network monitoring based on Software-Defined Networking with OpenFlow. Due to the vulnerability of the flow table, which can store only a limited ... [more ▼]

In this paper, we address the potential of centralised network monitoring based on Software-Defined Networking with OpenFlow. Due to the vulnerability of the flow table, which can store only a limited number of entries, we discuss and show the implications for a DoS attack on a testbed consisting of OpenFlow enabled network devices. Such an attack can be detected by analysing variations in the logical topology, using techniques from information theory that can run as a network service on the network controller. [less ▲]

Detailed reference viewed: 56 (0 UL)
Full Text
Peer Reviewed
See detailIdentifying abnormal pattern in cellular communication flows
Goergen, David UL; Mendiratta, Veena; State, Radu UL et al

in Proceedings of IPTComm 2013 (2013, October)

Analyzing communication flows on the network can help to improve the overall quality it provides to its users and allow the operators to detect abnormal patterns and react accordingly. In this paper we ... [more ▼]

Analyzing communication flows on the network can help to improve the overall quality it provides to its users and allow the operators to detect abnormal patterns and react accordingly. In this paper we consider the analysis of large volumes of cellular communications records. We propose a method that detects abnormal communications events covering call data record volumes, comprising a country-level data set. We detect patterns by calculating a weighted average using a sliding window with a fixed period and correlate the results with actual events happening at that time. We are able to successfully detect several events using a data set provided by a mobile phone operator, and suggest examples of future usage of the outcome such as real time pattern detection and possible visualisation for mobile phone operators. [less ▲]

Detailed reference viewed: 129 (3 UL)
Full Text
Peer Reviewed
See detailAutomated Source Code Extension for Debugging of OpenFlow based Networks
Hommes, Stefan UL; Hermann, Frank UL; State, Radu UL et al

in Proc. 9th International Conference on Network and Service Management (CNSM) (2013, October)

Software-Defined Networks using OpenFlow have to provide a reliable way to to detect network faults in operational environments. Since the functionality of such networks is mainly based on the installed ... [more ▼]

Software-Defined Networks using OpenFlow have to provide a reliable way to to detect network faults in operational environments. Since the functionality of such networks is mainly based on the installed software, tools are required in order to determine software bugs. Moreover, network debugging might be necessary in order to detect faults that occurred on the network devices. To determine such activities, existing controller programs must be extended with the relevant functionality. In this paper we propose a framework that can modify controller programs transparently by using graph transformation, making possible online fault management through logging of network parameters in a NoSQL database. Latter acts as a storage system for flow entries and respective parameters, that can be leveraged to detect network anomalies or to perform forensic analysis. [less ▲]

Detailed reference viewed: 132 (15 UL)
Full Text
Peer Reviewed
See detailClassification of Log Files with Limited Labeled Data
Hommes, Stefan UL; State, Radu UL; Engel, Thomas UL

in Proceedings of IPTComm 2013 (2013, October)

We address the problem of anomaly detection in log files that consist of a huge number of records. In order to achieve this task, we demonstrate label propagation as a semi-supervised learning technique ... [more ▼]

We address the problem of anomaly detection in log files that consist of a huge number of records. In order to achieve this task, we demonstrate label propagation as a semi-supervised learning technique. The strength of this approach lies in the small amount of labelled data that is needed to label the remaining data. This is an advantage since labelled data needs human expertise which comes at a high cost and be- comes infeasible for big datasets. Even though our approach is generally applicable, we focus on the detection of anoma- lous records in firewall log files. This requires a separation of records into windows which are compared using different distance functions to determine their similarity. Afterwards, we apply label propagation to label a complete dataset in only a limited number of iterations. We demonstrate our approach on a realistic dataset from an ISP. [less ▲]

Detailed reference viewed: 186 (11 UL)
Full Text
Peer Reviewed
See detailAdvanced Detection Tool for PDF Threats
Jerome, Quentin UL; Marchal, Samuel UL; State, Radu UL et al

in Proceedings of the sixth International Workshop on Autonomous and Spontaneous Security, RHUL, Egham, U.K., 12th-13th September 2013 (2013, September 13)

In this paper we introduce an efficient application for malicious PDF detection: ADEPT. With targeted attacks rising over the recent past, exploring a new detection and mitigation paradigm becomes ... [more ▼]

In this paper we introduce an efficient application for malicious PDF detection: ADEPT. With targeted attacks rising over the recent past, exploring a new detection and mitigation paradigm becomes mandatory. The use of malicious PDF files that exploit vulnerabilities in well-known PDF readers has become a popular vector for targeted at- tacks, for which few efficient approaches exist. Although simple in theory, parsing followed by analysis of such files is resource-intensive and may even be impossible due to several obfuscation and reader-specific artifacts. Our paper describes a new approach for detecting such malicious payloads that leverages machine learning techniques and an efficient feature selection mechanism for rapidly detecting anomalies. We assess our approach on a large selection of malicious files and report the experimental performance results for the developed prototype. [less ▲]

Detailed reference viewed: 586 (6 UL)