Open Access
A proposal of burst cloning for video quality improvement in optical burst switching networks
(2013) Espina Antolín, Félix; Morató Osés, Daniel; Izal Azcárate, Mikel; Magaña Lizarrondo, Eduardo; Automática y Computación; Automatika eta Konputazioa
Open Access
A survey on detection techniques for cryptographic ransomware
(IEEE, 2019) Berrueta Irigoyen, Eduardo; Morató Osés, Daniel; Magaña Lizarrondo, Eduardo; Izal Azcárate, Mikel; Ingeniaritza Elektrikoa, Elektronikoaren eta Telekomunikazio Ingeniaritzaren; Institute of Smart Cities - ISC; Ingeniería Eléctrica, Electrónica y de Comunicación
Crypto-ransomware is a type of malware that encrypts user files, deletes the original data, and asks for a ransom to recover the hijacked documents. It is a cyber threat that targets both companies and residential users, and has spread in recent years because of its lucrative results. Several articles have presented classifications of ransomware families and their typical behaviour. These insights have stimulated the creation of detection techniques for antivirus and firewall software. However, because the ransomware scene evolves quickly and aggressively, these studies quickly become outdated. In this study, we surveyed the detection techniques that the research community has developed in recent years. We compared the different approaches and classified the algorithms based on the input data they obtain from ransomware actions, and the decision procedures they use to reach a classification decision between benign or malign applications. This is a detailed survey that focuses on detection algorithms, compared to most previous studies that offer a survey of ransomware families or isolated proposals of detection algorithms. We also compared the results of these proposals.
Open Access
Ingress traffic classification versus aggregation in video over OBS networks
(2010) Izal Azcárate, Mikel; Espina Antolín, Félix; Morató Osés, Daniel; Magaña Lizarrondo, Eduardo; Automática y Computación; Automatika eta Konputazioa
Optical Burst Switched (OBS) networks may become a backbone technology for video-on-demand providers. This work addresses the problem of dimensioning the access link of an ingress node to the optical core network in a video over OBS scenario. A video-ondemand provider using an OBS transport network will have to deliver traffic to a set of egress destinations. A large part of this traffic would be composed of video streaming traffic. However, in a real network there would be also a fraction of non video traffic related to non video services. This work studies the decision whether it is better to gather all traffic to the same destination in a joint burst assembler or separate video and general data traffic on different burs assemblers. The later may increase burst blocking probability but also allow for better tuning of OBS parameters that help improve video reception quality. Result show that this tuning of parameters is not enough to compensate the drop probability increase and thus it is better to aggregate video and general data traffic.
Open Access
Delay-throughput curves for timer-based OBS burstifiers with light load
(IEEE, 2006) Izal Azcárate, Mikel; Aracil Rico, Javier; Morató Osés, Daniel; Magaña Lizarrondo, Eduardo; Automática y Computación; Automatika eta Konputazioa
The OBS burstifier delay-throughput curves are analyzed in this paper. The burstifier incorporates a timer-based scheme with minimum burst size, i. e., bursts are subject to padding in light-load scenarios. Precisely, due to this padding effect, the burstifier normalized throughput may not be equal to unity. Conversely, in a high-load scenario, padding will seldom occur. For the interesting light-load scenario, the throughput delay curves are derived and the obtained results are assessed against those obtained by trace-driven simulation. The influence of long-range dependence and instantaneous variability is analyzed to conclude that there is a threshold timeout value that makes the throughput curves flatten out to unity. This result motivates the introduction of adaptive burstification algorithms, that provide a timeout value that minimizes delay, yet keeping the throughput very close to unity. The dependence of such optimum timeout value with traffic long-range dependence and instantaneous burstiness is discussed. Finally, three different adaptive timeout algorithms are proposed, that tradeoff complexity versus accuracy.
Open Access
Evaluation of preemption probabilities in OBS networks with burst segmentation
(IEEE, 2005) Magaña Lizarrondo, Eduardo; Morató Osés, Daniel; Izal Azcárate, Mikel; Aracil Rico, Javier; Automática y Computación; Automatika eta Konputazioa
Preemption techniques have been recently proposed for service differentiation in Optical Burst Switching (OBS) networks. According to [1], an incoming burst with the same priority that the burst in service will preempt the wavelength if the residual length of the burst in service is smaller than the incoming burst transmission time. For a network scenario with no wavelength conversion, the preemption probability is evaluated assuming Exponential, Gaussian and Pareto-distributed burst sizes. Knowledge of the preemption dynamics at an OBS switch is a fundamental issue in performance evaluation, since the downstream switches will surely be affected. An analytical upper bound is provided, that shows that the preemption probability depends on the burst size distribution, which in turn depends on the burst assembly technique used at the network edges. On the other hand, not only truncated bursts result from preemption, as reported in other studies, but also the burst size distribution for preempting bursts is shifted to larger values.
Open Access
Arquitectura y diseño de un modelo de red OBS para simulación
(2009) Espina Antolín, Félix; Armendáriz Silva, Javier; Izal Azcárate, Mikel; Morató Osés, Daniel; Magaña Lizarrondo, Eduardo; Automática y Computación; Automatika eta Konputazioa
Optical Burst Switching (OBS) es una nueva tecnología de conmutación óptica capaz de soportar una gran demanda de ancho de banda en backbones ópticos con Wavelength Division Multiplexing (WDM). Muchos investigadores están interesados en el estudio de esta propuesta emergente y la búsqueda de sus parámetros y entornos de funcionamiento óptimos. Sin embargo se encuentran con el gran handicap de que no existen muchas testbed para su estudio físico, ni tampoco herramientas de software óptimas para su estudio mediante simulaciones. En este trabajo se presenta un modelo de simulación de OBS para el simulador de eventos discretos OMNeT++. Este modelo permite estudiar tanto los nodos frontera, como los nodos del core, así como enlazar la red OBS con otras redes de datos soportadas en OMNeT++, principalmente IP. Además, el diseño presenta una gran modularidad lo que permite modificar fácilmente el modelo OBS para incluir futuras propuestas que se hagan sobre esta tecnología.
Open Access
TBDClust: time-based density clustering to enable free browsing of sites in pay-per-use mobile Internet providers
(Elsevier, 2017) Torres García, Luis Miguel; Magaña Lizarrondo, Eduardo; Morató Osés, Daniel; García-Jiménez, Santiago; Izal Azcárate, Mikel; Automatika eta Konputazioa; Institute of Smart Cities - ISC; Automática y Computación
The World Wide Web has evolved rapidly, incorporating new content types and becoming more dynamic. The contents from a website can be distributed between several servers, and as a consequence, web traffic has become increasingly complex. From a network traffic perspective, it can be difficult to ascertain which websites are being visited by a user, let alone which part of the user's traffic each website is responsible for. In this paper we present a method for identifying the TCP connections involved in the same full webpage download without the need of deep packet inspection. This identification is needed for example to enable free browsing of specific websites in a pay per use mobile Internet access. It could be not only for third party promoted websites but also portals to gubernamental or medical emergency websites. The proposal is based on a modification of the DBSCAN clustering algorithm to work online and over one-dimensional sorted data. In order to validate our results we use both real traffic and packet captures from a controlled environment. The proposal achieves excellent results in consistency (99%) and completeness (92%), meaning that its error margin identifying the webpage downloads is minimal.
Open Access
Improving efﬁciency of IP alias resolution based on offsets between IP addresses
(IEEE, 2009) García-Jiménez, Santiago; Magaña Lizarrondo, Eduardo; Morató Osés, Daniel; Izal Azcárate, Mikel; Automática y Computación; Automatika eta Konputazioa
In order to get a router-level topology in Internet, IP address alias resolution techniques allow to identify IP addresses that belong to the same router. There are several proposals to make this identification, some based on active measurements and others based on inference studies. The former provides more accuracy and completeness, however efficiency is very low because of the high number of probes needed. These methods probe IP addresses in pairs. With thousands or even more IP addresses to check for aliases, the number of tests gets too high. In order to reduce the number of probes, we propose to select the pairs of IP addresses to test for aliasing using information available a priori. This selection will be based on the offset (numerical distance) between the IP addresses to test. We will show that we can improve efficiency of active alias identification with almost no loss on completeness and without generating probing traffic. The technique is also adaptable to a distributed measurement scenario.
Open Access
Video over OBS Networks
(2008) Espina Antolín, Félix; Morató Osés, Daniel; Izal Azcárate, Mikel; Magaña Lizarrondo, Eduardo; Automática y Computación; Automatika eta Konputazioa
Open Access
Pamplona-traceroute: topology discovery and alias resolution to build router level Internet maps
(IEEE, 2013) García-Jiménez, Santiago; Magaña Lizarrondo, Eduardo; Morató Osés, Daniel; Izal Azcárate, Mikel; Automática y Computación; Automatika eta Konputazioa
An Internet topology map at the router level not only needs to discover IP addresses in Internet paths (traceroute) but also needs to identify IP addresses belonging to the same router (IP aliases). Both processes, discovery and IP alias resolution, have traditionally been independent tasks. In this paper, a new tool called Pamplona-traceroute is proposed to improve upon current results in a state of the art for Internet topology construction at the router level. Indirect probing using TTLscoped UDP packets, usually present in the discovery phases, is reused in IP alias resolution phases, providing high identification rates, especially in access routers.