References of "State, Radu 50003137"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailDetecting Stealthy Backdoors with Association Rule Mining
Hommes, Stefan UL; State, Radu UL; Engel, Thomas UL

in IFIP Networking 2012 (2012)

In this paper we describe a practical approach for detecting a class of backdoor communication channel that relies on port knocking in order to activate a backdoor on a remote compromised system ... [more ▼]

In this paper we describe a practical approach for detecting a class of backdoor communication channel that relies on port knocking in order to activate a backdoor on a remote compromised system. Detecting such activation sequences is extremely challenging because of varying port sequences and easily modifiable port values. Simple signature-based ap- proaches are not appropriate, whilst more advanced statistics-based test- ing will not work because of missing and incomplete data. We leverage techniques derived from the data mining community designed to detect se- quences of rare events. Simply stated, a sequence of rare events is the joint occurrence of several events, each of which is rare. We show that search- ing for port knocking sequences can be reduced to a problem of finding rare associations. We have implemented a prototype and show some ex- perimental results on its performance and underlying functioning. [less ▲]

Detailed reference viewed: 189 (7 UL)
Full Text
Peer Reviewed
See detailInstant Degradation of Anonymity in Low-Latency Anonymisation Systems
Ries, Thorsten UL; State, Radu UL; Engel, Thomas UL

in Sadre, Ramin; Novotny, Jiri; Celeda, Pavel (Eds.) et al Dependable Networks and Services, LNCS 7279 (2012)

Detailed reference viewed: 147 (4 UL)
Full Text
Peer Reviewed
See detailDetection of Abnormal Behaviour in a Surveillance Environment Using Control Charts
Hommes, Stefan UL; State, Radu UL; Zinnen, Andreas UL et al

in 8th IEEE International Conference on Advanced Video and Signal-Based Surveillance, 2011 (2011)

This paper introduces a new approach to unsupervised detection of abnormal sequences of images in video surveillance data. We leverage an online object detection method and statistical process control ... [more ▼]

This paper introduces a new approach to unsupervised detection of abnormal sequences of images in video surveillance data. We leverage an online object detection method and statistical process control techniques in order to identify suspicious sequences of events. Our method assumes a training phase in which the spatial distribution of objects is learned, followed by a chart-based tracking process. We evaluate the performance of our method on a standard dataset and have implemented a publicly available opensource prototype. [less ▲]

Detailed reference viewed: 154 (5 UL)
Full Text
Peer Reviewed
See detailComparison of Low-Latency Anonymous Communication Systems - Practical Usage and Performance
Ries, Thorsten UL; Panchenko, Andriy UL; State, Radu UL et al

in Ninth Australasian Information Security Conference (2011)

The most popular system for providing practical low-latency anonymity on the Internet is Tor. However, many other tools besides Tor exist as both free and commercial solutions. In this paper, we consider ... [more ▼]

The most popular system for providing practical low-latency anonymity on the Internet is Tor. However, many other tools besides Tor exist as both free and commercial solutions. In this paper, we consider five most popular low-latency anonymisation services that represent the current state of the art: single-hop proxies (Perfect Privacy and free proxies) and Onion Routing based solutions (Tor, I2P, and Jon-Donym). We assess their usability and rank them in regard to their anonymity. We also assess their efficiency and reliability. To this end, we define a set of metrics and present extensive measurements based on round-trip time, inter-packet delay variation and throughput. Apart from the technical realization, economic aspects are also crucial for anonymous communication systems. In order to attract more users, which is mandatory in order to improve anonymity per se, systems need to exhibit a certain payoff. We therefore define an economic model that takes all relevant aspects into consideration. In this paper, we describe the results obtained, lessons learned, and provide guidance for selecting the most appropriate system with respect to a set of requirements. [less ▲]

Detailed reference viewed: 530 (3 UL)
Full Text
Peer Reviewed
See detailMeasuring anonymity using network coordinate systems
Ries, Thorsten UL; State, Radu UL; Engel, Thomas UL

in International Symposium on Communications and Information Technologies (ISCIT), 2011 (2011)

Popularity and awareness of anonymisation systems increased tremendously over the past years, however only a very few systems made it from research to production. These systems usually add intermediate ... [more ▼]

Popularity and awareness of anonymisation systems increased tremendously over the past years, however only a very few systems made it from research to production. These systems usually add intermediate nodes in the communication path aiming to hide user identities. Several attacks against these systems exist, like timing attacks or exploitation of latency information. In this paper, we propose an alternative approach to disclose users of current popular anonymisation systems in practice by the means of virtual network coordinate systems, a widely accepted method for latency prediction and network optimisation. Mapping physical nodes to a n-dimensional space can reveal a geographical proximity that is used to disclose users, who expect to stay anonymous. We define a model that leverages network coordinates in order to measure quantitatively the anonymity services and evaluate it on the Planet-Lab research network. The basic idea is to analyse the relative distance between nodes and to calculate the probability of nodes being hosted in the same location. Evaluation proves that our proposed model can be used as a measure of anonymity. [less ▲]

Detailed reference viewed: 94 (2 UL)
Peer Reviewed
See detailMachine Learning Techniques for Passive Network Inventory
François, Jérôme UL; Abdelnur, Humberto J.; State, Radu UL et al

in IEEE Transactions on Network and Service Management (2010), 7(4), 244-257

Being able to fingerprint devices and services, i.e., remotely identify running code, is a powerful service for both security assessment and inventory management. This paper describes two novel ... [more ▼]

Being able to fingerprint devices and services, i.e., remotely identify running code, is a powerful service for both security assessment and inventory management. This paper describes two novel fingerprinting techniques supported by isomorphic based distances which are adapted for measuring the similarity between two syntactic trees. The first method leverages the support vector machines paradigm and requires a learning stage. The second method operates in an unsupervised manner thanks to a new classification algorithm derived from the ROCK and QROCK algorithms. It provides an efficient and accurate classification. We highlight the use of such classification techniques for identifying the remote running applications. The approaches are validated through extensive experimentations on SIP (Session Initiation Protocol) for evaluating the impact of the different parameters and identifying the best configuration before applying the techniques to network traces collected by a real operator. [less ▲]

Detailed reference viewed: 150 (3 UL)
Full Text
Peer Reviewed
See detailAn Autonomic Testing Framework for IPv6 Configuration Protocols
Becker, Sheila UL; Abdelnur, Humberto J.; State, Radu UL et al

in Lecture Notes in Computer Science 6155 (2010)

Detailed reference viewed: 80 (2 UL)
Full Text
Peer Reviewed
See detailUsing Game Theory to configure P2P SIP
Becker, Sheila UL; State, Radu UL; Engel, Thomas UL

in Lecture Notes in Computer Science (2009)

Detailed reference viewed: 102 (4 UL)
Full Text
Peer Reviewed
See detailDefensive configuration with game theory
Becker, Sheila UL; State, Radu UL; Engel, Thomas UL

in The 11th IFIP/IEEE International Symposium on Integrated Network Management (2009)

Detailed reference viewed: 65 (0 UL)
Full Text
Peer Reviewed
See detailAbusing SIP authentication
Abdelnur, Humberto J.; Avanesov, Tigran UL; Rusinowitch, Michael et al

in Journal of Information Assurance and Security (2009), 4

The recent and massive deployment of Voice over IP infrastructures had raised the importance of the VoIP security and more precisely of the underlying signalisation protocol SIP. In this paper, we will ... [more ▼]

The recent and massive deployment of Voice over IP infrastructures had raised the importance of the VoIP security and more precisely of the underlying signalisation protocol SIP. In this paper, we will present a new attack against the authentication mechanism of SIP. This attack allows to perform toll fraud and call hijacking. We will detail the formal specification method that allowed to detect this vulnerability, highlight a simple usage case and propose a mitigation technique. [less ▲]

Detailed reference viewed: 139 (2 UL)