References of "Festor, Olivier"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailAdvanced Interest Flooding Attacks in Named-Data Networking
Signorello, Salvatore UL; Marchal, Samuel; François, Jérôme et al

Scientific Conference (2017, October 30)

The Named-Data Networking (NDN) has emerged as a clean-slate Internet proposal on the wave of Information-Centric Networking. Although the NDN’s data-plane seems to offer many advantages, e.g., native ... [more ▼]

The Named-Data Networking (NDN) has emerged as a clean-slate Internet proposal on the wave of Information-Centric Networking. Although the NDN’s data-plane seems to offer many advantages, e.g., native support for multicast communications and flow balance, it also makes the network infrastructure vulnerable to a specific DDoS attack, the Interest Flooding Attack (IFA). In IFAs, a botnet issuing unsatisfiable content requests can be set up effortlessly to exhaust routers’ resources and cause a severe performance drop to legitimate users. So far several countermeasures have addressed this security threat, however, their efficacy was proved by means of simplistic assumptions on the attack model. Therefore, we propose a more complete attack model and design an advanced IFA. We show the efficiency of our novel attack scheme by extensively assessing some of the state-of-the-art countermeasures. Further, we release the software to perform this attack as open source tool to help design future more robust defense mechanisms. [less ▲]

Detailed reference viewed: 149 (12 UL)
Full Text
Peer Reviewed
See detailNDN.p4: Programming Information-Centric data-planes
Signorello, Salvatore UL; State, Radu UL; François, Jérôme et al

in Proceedings of the IEEE International Workshop on Open-Source Software Networking at NetSoft2016 (2016)

Detailed reference viewed: 199 (9 UL)
Full Text
Peer Reviewed
See detailExploring IoT Protocols Through the Information-Centric Networking's Lens
Signorello, Salvatore UL; State, Radu UL; Festor, Olivier

in Intelligent Mechanisms for Network Configuration and Security (2015, June)

Detailed reference viewed: 93 (2 UL)
Full Text
Peer Reviewed
See detailDNSSM: A large-scale Passive DNS Security Monitoring Framework
Marchal, Samuel UL; François, Jérôme UL; Wagner, Cynthia UL et al

in IEEE/IFIP Network Operations and Management Symposium (2012, April)

We present a monitoring approach and the supporting software architecture for passive DNS traffic. Monitoring DNS traffic can reveal essential network and system level activity profiles. Worm infected and ... [more ▼]

We present a monitoring approach and the supporting software architecture for passive DNS traffic. Monitoring DNS traffic can reveal essential network and system level activity profiles. Worm infected and botnet participating hosts can be identified and malicious backdoor communications can be detected. Any passive DNS monitoring solution needs to address several challenges that range from architectural approaches for dealing with large volumes of data up to specific Data Mining approaches for this purpose. We describe a framework that leverages state of the art distributed processing facilities with clustering techniques in order to detect anomalies in both online and offline DNS traffic. This framework entitled DSNSM is implemented and operational on several networks. We validate the framework against two large trace sets. [less ▲]

Detailed reference viewed: 164 (2 UL)
Peer Reviewed
See detailMachine Learning Techniques for Passive Network Inventory
François, Jérôme UL; Abdelnur, Humberto J.; State, Radu UL et al

in IEEE Transactions on Network and Service Management (2010), 7(4), 244-257

Being able to fingerprint devices and services, i.e., remotely identify running code, is a powerful service for both security assessment and inventory management. This paper describes two novel ... [more ▼]

Being able to fingerprint devices and services, i.e., remotely identify running code, is a powerful service for both security assessment and inventory management. This paper describes two novel fingerprinting techniques supported by isomorphic based distances which are adapted for measuring the similarity between two syntactic trees. The first method leverages the support vector machines paradigm and requires a learning stage. The second method operates in an unsupervised manner thanks to a new classification algorithm derived from the ROCK and QROCK algorithms. It provides an efficient and accurate classification. We highlight the use of such classification techniques for identifying the remote running applications. The approaches are validated through extensive experimentations on SIP (Session Initiation Protocol) for evaluating the impact of the different parameters and identifying the best configuration before applying the techniques to network traces collected by a real operator. [less ▲]

Detailed reference viewed: 119 (3 UL)