![]() Signorello, Salvatore ![]() Scientific Conference (2017, October 30) The Named-Data Networking (NDN) has emerged as a clean-slate Internet proposal on the wave of Information-Centric Networking. Although the NDN’s data-plane seems to offer many advantages, e.g., native ... [more ▼] The Named-Data Networking (NDN) has emerged as a clean-slate Internet proposal on the wave of Information-Centric Networking. Although the NDN’s data-plane seems to offer many advantages, e.g., native support for multicast communications and flow balance, it also makes the network infrastructure vulnerable to a specific DDoS attack, the Interest Flooding Attack (IFA). In IFAs, a botnet issuing unsatisfiable content requests can be set up effortlessly to exhaust routers’ resources and cause a severe performance drop to legitimate users. So far several countermeasures have addressed this security threat, however, their efficacy was proved by means of simplistic assumptions on the attack model. Therefore, we propose a more complete attack model and design an advanced IFA. We show the efficiency of our novel attack scheme by extensively assessing some of the state-of-the-art countermeasures. Further, we release the software to perform this attack as open source tool to help design future more robust defense mechanisms. [less ▲] Detailed reference viewed: 198 (12 UL)![]() Signorello, Salvatore ![]() ![]() in Proceedings of the IEEE International Workshop on Open-Source Software Networking at NetSoft2016 (2016) Detailed reference viewed: 297 (11 UL)![]() Signorello, Salvatore ![]() ![]() in Intelligent Mechanisms for Network Configuration and Security (2015, June) Detailed reference viewed: 141 (2 UL)![]() Marchal, Samuel ![]() ![]() ![]() in IEEE/IFIP Network Operations and Management Symposium (2012, April) We present a monitoring approach and the supporting software architecture for passive DNS traffic. Monitoring DNS traffic can reveal essential network and system level activity profiles. Worm infected and ... [more ▼] We present a monitoring approach and the supporting software architecture for passive DNS traffic. Monitoring DNS traffic can reveal essential network and system level activity profiles. Worm infected and botnet participating hosts can be identified and malicious backdoor communications can be detected. Any passive DNS monitoring solution needs to address several challenges that range from architectural approaches for dealing with large volumes of data up to specific Data Mining approaches for this purpose. We describe a framework that leverages state of the art distributed processing facilities with clustering techniques in order to detect anomalies in both online and offline DNS traffic. This framework entitled DSNSM is implemented and operational on several networks. We validate the framework against two large trace sets. [less ▲] Detailed reference viewed: 223 (2 UL)![]() ![]() François, Jérôme ![]() ![]() in IEEE Transactions on Network and Service Management (2010), 7(4), 244-257 Being able to fingerprint devices and services, i.e., remotely identify running code, is a powerful service for both security assessment and inventory management. This paper describes two novel ... [more ▼] Being able to fingerprint devices and services, i.e., remotely identify running code, is a powerful service for both security assessment and inventory management. This paper describes two novel fingerprinting techniques supported by isomorphic based distances which are adapted for measuring the similarity between two syntactic trees. The first method leverages the support vector machines paradigm and requires a learning stage. The second method operates in an unsupervised manner thanks to a new classification algorithm derived from the ROCK and QROCK algorithms. It provides an efficient and accurate classification. We highlight the use of such classification techniques for identifying the remote running applications. The approaches are validated through extensive experimentations on SIP (Session Initiation Protocol) for evaluating the impact of the different parameters and identifying the best configuration before applying the techniques to network traces collected by a real operator. [less ▲] Detailed reference viewed: 189 (3 UL) |
||