References of "Hommes, Stefan 50022016"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailVSOC - A Virtual Security Operating Center
Falk, Eric UL; Fiz Pontiveros, Beltran UL; Repcek, Stefan et al

in Global Communications (2017)

Security in virtualised environments is becoming increasingly important for institutions, not only for a firm’s own on-site servers and network but also for data and sites that are hosted in the cloud ... [more ▼]

Security in virtualised environments is becoming increasingly important for institutions, not only for a firm’s own on-site servers and network but also for data and sites that are hosted in the cloud. Today, security is either handled globally by the cloud provider, or each customer needs to invest in its own security infrastructure. This paper proposes a Virtual Security Operation Center (VSOC) that allows to collect, analyse and visualize security related data from multiple sources. For instance, a user can forward log data from its firewalls, applications and routers in order to check for anomalies and other suspicious activities. The security analytics provided by the VSOC are comparable to those of commercial security incident and event management (SIEM) solutions, but are deployed as a cloud-based solution with the additional benefit of using big data processing tools to handle large volumes of data. This allows us to detect more complex attacks that cannot be detected with todays signature-based (i.e. rules) SIEM solutions. [less ▲]

Detailed reference viewed: 186 (9 UL)
Full Text
Peer Reviewed
See detailOptimising Packet Forwarding in Multi-Tenant Networks using Rule Compilation
Hommes, Stefan UL; Valtchev, Petko; Blaiech, Khalil et al

in Optimising Packet Forwarding in Multi-Tenant Networks using Rule Compilation (2017, November)

Packet forwarding in Software-Defined Networks (SDN) relies on a centralised network controller which enforces network policies expressed as forwarding rules. Rules are deployed as sets of entries into ... [more ▼]

Packet forwarding in Software-Defined Networks (SDN) relies on a centralised network controller which enforces network policies expressed as forwarding rules. Rules are deployed as sets of entries into network device tables. With heterogeneous devices, deployment is strongly bounded by the respective table constraints (size, lookup time, etc.) and forwarding pipelines. Hence, minimising the overall number of entries is paramount in reducing resource consumption and speeding up the search. Moreover, since multiple control plane applications can deploy own rules, conflicts may occur. To avoid those and ensure overall correctness, a rule validation mechanism is required. Here, we present a compilation mechanism for rules of diverging origins that minimises the number of entries. Since it exploits the semantics of rules and entries, our compiler fits a heterogeneous landscape of network devices. We evaluated compiler implementations on both software and hardware switches using a realistic testbed. Experimental results show a reduction in both produced table entries and forwarding delay. [less ▲]

Detailed reference viewed: 130 (4 UL)
Full Text
Peer Reviewed
See detailRule Compilation in Multi-Tenant Networks
Blaiech, Khalil; Hamadi, Salaheddine; Hommes, Stefan UL et al

in Rule Compilation in Multi-Tenant Networks (2017, May 18)

Detailed reference viewed: 173 (9 UL)
Full Text
Peer Reviewed
See detailConfirmation Delay Prediction of Transactions in the Bitcoin Network
Fiz Pontiveros, Beltran UL; Hommes, Stefan UL; State, Radu UL

in Lecture Notes in Electrical Engineering (2017)

Bitcoin is currently the most popular digital currency. It operates on a decentralised peer-to-peer network using an open source cryptographic protocol. In this work, we create a model of the selection ... [more ▼]

Bitcoin is currently the most popular digital currency. It operates on a decentralised peer-to-peer network using an open source cryptographic protocol. In this work, we create a model of the selection process performed by mining pools on the set of unconfirmed transactions and then attempt to predict if an unconfirmed transaction will be part of the next block by treating it as a supervised classification problem. We identified a vector of features obtained through service monitoring of the Bitcoin transaction network and performed our experiments on a publicly available dataset of Bitcoin transaction. [less ▲]

Detailed reference viewed: 225 (9 UL)
Full Text
Peer Reviewed
See detailChainGuard - A Firewall for Blockchain Applications using SDN with OpenFlow
Steichen, Mathis UL; Hommes, Stefan UL; State, Radu UL

in ChainGuard - A Firewall for Blockchain Applications using SDN with OpenFlow (2017)

Recently, blockchains have been gathering a lot of interest. Many applications can benefit from the advantages of blockchains. Nevertheless, applications with more restricted privacy or participation ... [more ▼]

Recently, blockchains have been gathering a lot of interest. Many applications can benefit from the advantages of blockchains. Nevertheless, applications with more restricted privacy or participation requirements cannot rely on public blockchains. First, the whole blockchain can be downloaded at any time, thus making the data available to the public. Second, anyone can deploy a node, join the blockchain network and take part in the consensus building process. Private and consortium blockchains promise to combine the advantages of blockchains with stricter requirements on the participating entities. This is also the reason for the comparably small number of nodes that store and extend those blockchains. However, by targeting specific nodes, an attacker can influence how consensuses are reached and possibly even halt the blockchain operation. To provide additional security to the blockchain nodes, ChainGuard utilizes SDN functionalities to filter network traffic, thus implementing a firewall for blockchain applications. ChainGuard communicates with the blockchain nodes it guards to determine which origin of the traffic is legitimate. Packets from illegitimate sources are intercepted and thus cannot have an effect on the blockchain. As is shown with experiments, ChainGuard provides access control functionality and can effectively mitigate flooding attacks from several sources at once. [less ▲]

Detailed reference viewed: 177 (13 UL)
Full Text
See detailFault Detection and Network Security in Software-Defined Networks with OpenFlow
Hommes, Stefan UL

Doctoral thesis (2014)

Due to the rigid architecture of most switches and routers, which provide functionality only for a certain application scenario, the flexibility of deploying new network functions is limited. The advent ... [more ▼]

Due to the rigid architecture of most switches and routers, which provide functionality only for a certain application scenario, the flexibility of deploying new network functions is limited. The advent of programmable networks, which is described as Software-Defined Networking (SDN), allows the extension and control of networks based on a flexible con- trol plane, which is based on software and acts as a network operating system with network applications running on top of it. In this thesis we focussed on SDN based on the concept of the OpenFlow protocol. In or- der to deploy such networks in operational environments and datacentres, the challenges concerning network management are still lacking a sufficient analysis and are further investigated in this thesis, which examines the reliability and maintainability of SDN, as well as new security issues that are introduced with this architecture. The second contribution of this thesis is to provide solutions to some of the addressed challenges, with a focus on fault detection and network security. With regard to fault detection, we discuss the information content and monitoring as- pects of flow entries that are located on the network devices, but are managed from the network controller. This involves applying methods from information theory to deter- mine faults and attacks by observing the logical topology, and correlation facilities to determine errors that relate to the data plane. In network security, current approaches mostly rely on security appliances that are de- ployed at different locations in the network. We analyse the extend to which SDN can be leveraged to provide new ways of thwarting network attacks, and investigate the pos- sibilities for controller-based packet inspection to detect malicious communications in the network. This includes the extraction of hidden communication patterns originating from a stealthy backdoor. The freedom of extending controller software to meet new network service requirements comes at a high cost. Since the reliability of the network must be assured, tools are required to debug and test the software after each alteration step. We propose a solu- tion that instruments network applications with additional code for logging purposes, guaranteeing certain correctness properties. In combination with a database system, our framework can be leveraged to allow network debugging or anomaly detection. [less ▲]

Detailed reference viewed: 850 (47 UL)
Full Text
See detailCorrectness of source code extension for fault detection in openflow based networks
Hermann, Frank UL; Hommes, Stefan UL; State, Radu UL et al

Report (2014)

Software Defined Networks using OpenFlow have to provide a re- liable way to detect network faults and attacks. This technical report shows a formal analysis of correctness for an automated code extension ... [more ▼]

Software Defined Networks using OpenFlow have to provide a re- liable way to detect network faults and attacks. This technical report shows a formal analysis of correctness for an automated code extension technique used to extend OpenFlow networks with a logging mecha- nism that is used for the detection of faults and attacks. As presented in a companion paper, we applied the code extension techniques for a framework that can extend controller programs transparently, making possible on-line fault management, debugging as well as off-line and forensic analysis. [less ▲]

Detailed reference viewed: 191 (37 UL)
Full Text
Peer Reviewed
See detailImplications and Detection of DoS Attacks in OpenFlow-based Networks
Hommes, Stefan UL; State, Radu UL; Engel, Thomas UL

in 2014 IEEE Global Communications Conference (2014)

In this paper, we address the potential of centralised network monitoring based on Software-Defined Networking with OpenFlow. Due to the vulnerability of the flow table, which can store only a limited ... [more ▼]

In this paper, we address the potential of centralised network monitoring based on Software-Defined Networking with OpenFlow. Due to the vulnerability of the flow table, which can store only a limited number of entries, we discuss and show the implications for a DoS attack on a testbed consisting of OpenFlow enabled network devices. Such an attack can be detected by analysing variations in the logical topology, using techniques from information theory that can run as a network service on the network controller. [less ▲]

Detailed reference viewed: 119 (0 UL)
Full Text
Peer Reviewed
See detailClassification of Log Files with Limited Labeled Data
Hommes, Stefan UL; State, Radu UL; Engel, Thomas UL

in Proceedings of IPTComm 2013 (2013, October)

We address the problem of anomaly detection in log files that consist of a huge number of records. In order to achieve this task, we demonstrate label propagation as a semi-supervised learning technique ... [more ▼]

We address the problem of anomaly detection in log files that consist of a huge number of records. In order to achieve this task, we demonstrate label propagation as a semi-supervised learning technique. The strength of this approach lies in the small amount of labelled data that is needed to label the remaining data. This is an advantage since labelled data needs human expertise which comes at a high cost and be- comes infeasible for big datasets. Even though our approach is generally applicable, we focus on the detection of anoma- lous records in firewall log files. This requires a separation of records into windows which are compared using different distance functions to determine their similarity. Afterwards, we apply label propagation to label a complete dataset in only a limited number of iterations. We demonstrate our approach on a realistic dataset from an ISP. [less ▲]

Detailed reference viewed: 256 (11 UL)
Full Text
Peer Reviewed
See detailAutomated Source Code Extension for Debugging of OpenFlow based Networks
Hommes, Stefan UL; Hermann, Frank UL; State, Radu UL et al

in Proc. 9th International Conference on Network and Service Management (CNSM) (2013, October)

Software-Defined Networks using OpenFlow have to provide a reliable way to to detect network faults in operational environments. Since the functionality of such networks is mainly based on the installed ... [more ▼]

Software-Defined Networks using OpenFlow have to provide a reliable way to to detect network faults in operational environments. Since the functionality of such networks is mainly based on the installed software, tools are required in order to determine software bugs. Moreover, network debugging might be necessary in order to detect faults that occurred on the network devices. To determine such activities, existing controller programs must be extended with the relevant functionality. In this paper we propose a framework that can modify controller programs transparently by using graph transformation, making possible online fault management through logging of network parameters in a NoSQL database. Latter acts as a storage system for flow entries and respective parameters, that can be leveraged to detect network anomalies or to perform forensic analysis. [less ▲]

Detailed reference viewed: 195 (15 UL)
Full Text
Peer Reviewed
See detailA Distance-Based Method to Detect Anomalous Attributes in Log Files
Hommes, Stefan UL; State, Radu UL; Engel, Thomas UL

in Proceedings of IEEE/IFIP NOMS 2012 (2012, April)

Dealing with large volumes of logs is like the prover- bial needle in the haystack problem. Finding relevant events that might be associated with an incident, or real time analysis of operational logs is ... [more ▼]

Dealing with large volumes of logs is like the prover- bial needle in the haystack problem. Finding relevant events that might be associated with an incident, or real time analysis of operational logs is extremely difficult when the underlying data volume is huge and when no explicit misuse model exists. While domain-specific knowledge and human expertise may be useful in analysing log data, automated approaches for detecting anomalies and track incidents are the only viable solutions when confronted with large volumes of data. In this paper we address the issue of automated log analysis and consider more specifically the case of ISP-provided firewall logs. We leverage approaches derived from statistical process control and information theory in order to track potential incidents and detect suspicious network activity. [less ▲]

Detailed reference viewed: 151 (4 UL)
Full Text
Peer Reviewed
See detailDetecting Stealthy Backdoors with Association Rule Mining
Hommes, Stefan UL; State, Radu UL; Engel, Thomas UL

in IFIP Networking 2012 (2012)

In this paper we describe a practical approach for detecting a class of backdoor communication channel that relies on port knocking in order to activate a backdoor on a remote compromised system ... [more ▼]

In this paper we describe a practical approach for detecting a class of backdoor communication channel that relies on port knocking in order to activate a backdoor on a remote compromised system. Detecting such activation sequences is extremely challenging because of varying port sequences and easily modifiable port values. Simple signature-based ap- proaches are not appropriate, whilst more advanced statistics-based test- ing will not work because of missing and incomplete data. We leverage techniques derived from the data mining community designed to detect se- quences of rare events. Simply stated, a sequence of rare events is the joint occurrence of several events, each of which is rare. We show that search- ing for port knocking sequences can be reduced to a problem of finding rare associations. We have implemented a prototype and show some ex- perimental results on its performance and underlying functioning. [less ▲]

Detailed reference viewed: 229 (7 UL)
Full Text
Peer Reviewed
See detailDetection of Abnormal Behaviour in a Surveillance Environment Using Control Charts
Hommes, Stefan UL; State, Radu UL; Zinnen, Andreas UL et al

in 8th IEEE International Conference on Advanced Video and Signal-Based Surveillance, 2011 (2011)

This paper introduces a new approach to unsupervised detection of abnormal sequences of images in video surveillance data. We leverage an online object detection method and statistical process control ... [more ▼]

This paper introduces a new approach to unsupervised detection of abnormal sequences of images in video surveillance data. We leverage an online object detection method and statistical process control techniques in order to identify suspicious sequences of events. Our method assumes a training phase in which the spatial distribution of objects is learned, followed by a chart-based tracking process. We evaluate the performance of our method on a standard dataset and have implemented a publicly available opensource prototype. [less ▲]

Detailed reference viewed: 186 (5 UL)