Open Access
A passive traffic algorithm for detecting unavailable periods in TCP services
(IARIA, 2015) Prieto Suárez, Iria; Izal Azcárate, Mikel; Magaña Lizarrondo, Eduardo; Morató Osés, Daniel; Automática y Computación; Automatika eta Konputazioa
This paper presents a simple passive algorithm to monitor service availability. The algorithm is based on packet counting over a passive traffic trace of a population of clients accessing servers of interest. The major advantage of the algorithm is that it is passive and thus not invasive while usual monitor systems that can be found on Internet are active probing agents. The proposed system does not communicate to actual servers. It is easy to build as an online monitoring system with no big constraints in software or hardware. It does not relay on a distributed number of network placements for probing agents but works on a single network observing point near network edge. Initial proof of work of the algorithm is presented by studying the influence of different kinds of disruptions on packet level traffic and analyzing unavailability problems for popular servers at an academic network at Public University of Navarre.
Open Access
Evaluation of preemption probabilities in OBS networks with burst segmentation
(IEEE, 2005) Magaña Lizarrondo, Eduardo; Morató Osés, Daniel; Izal Azcárate, Mikel; Aracil Rico, Javier; Automática y Computación; Automatika eta Konputazioa
Preemption techniques have been recently proposed for service differentiation in Optical Burst Switching (OBS) networks. According to [1], an incoming burst with the same priority that the burst in service will preempt the wavelength if the residual length of the burst in service is smaller than the incoming burst transmission time. For a network scenario with no wavelength conversion, the preemption probability is evaluated assuming Exponential, Gaussian and Pareto-distributed burst sizes. Knowledge of the preemption dynamics at an OBS switch is a fundamental issue in performance evaluation, since the downstream switches will surely be affected. An analytical upper bound is provided, that shows that the preemption probability depends on the burst size distribution, which in turn depends on the burst assembly technique used at the network edges. On the other hand, not only truncated bursts result from preemption, as reported in other studies, but also the burst size distribution for preempting bursts is shifted to larger values.
Open Access
Open repository for the evaluation of ransomware detection tools
(IEEE, 2020) Berrueta Irigoyen, Eduardo; Morató Osés, Daniel; Magaña Lizarrondo, Eduardo; Izal Azcárate, Mikel; Ingeniaritza Elektrikoa, Elektronikoaren eta Telekomunikazio Ingeniaritzaren; Institute of Smart Cities - ISC; Ingeniería Eléctrica, Electrónica y de Comunicación
Crypto-ransomware is a type of malware that encrypts user files, deletes the original data, and asks for ransom to recover the hijacked documents. Several articles have presented detection techniques for this type of malware; these techniques are applied before the ransomware encrypts files or during its action in an infected host. The evaluation of these proposals has always been accomplished using sets of ransomware samples that are prepared locally for the research article, without making the data available. Different studies use different sets of samples and different evaluation metrics, resulting in insufficient comparability. In this paper, we describe a public data repository containing the file access operations of more than 70 ransomware samples during the encryption of a large network shared directory. These data have already been used successfully in the evaluation of a network-based ransomware detection algorithm. Now, we are making these data available to the community and describing their details, how they were captured, and how they can be used in the evaluation and comparison of the results of most ransomware detection techniques.
Open Access
Validation of HTTP response time from network traffic as an alternative to web browser instrumentation
(IEEE, 2021) López Romera, Carlos; Morató Osés, Daniel; Magaña Lizarrondo, Eduardo; Izal Azcárate, Mikel; Ingeniaritza Elektrikoa, Elektronikoaren eta Telekomunikazio Ingeniaritzaren; Institute of Smart Cities - ISC; Ingeniería Eléctrica, Electrónica y de Comunicación
The measurement of response time in hypertext transfer protocol (HTTP) requests is the most basic proxy measurement method for evaluating web browsing quality. It is used in the research literature and in application performance measurement instruments. During the development of a website, response time is obtained from in-browser measurements. After the website has been deployed, network traffic is used to continuously monitor activity, and the measurement data are used for service management and planning. In this study, we evaluate the accuracy of the measurements obtained from network traffic by comparing them with the in-browser measurement of resource load time. We evaluate the response times for encrypted and clear-text requests in an emulated network environment, in a laboratory deployment equivalent to a data centre network, and accessing popular web sites on the public Internet. The accuracy for response time measurements obtained from network traffic is noticeable higher for Internet long distance paths than for lowdelay paths (below 20 ms round-trip). The overhead of traffic encryption in secure HTTP requests has a negative effect on measurement accuracy, and we find relative measurement errors higher than 70% when using network traffic to infer HTTP response times compared
Open Access
Evaluation of RTT as an estimation of interactivity time for QoE evaluation in remote desktop environments
(IEEE, 2023) Arellano Usón, Jesús; Magaña Lizarrondo, Eduardo; Morató Osés, Daniel; Izal Azcárate, Mikel; Ingeniería Eléctrica, Electrónica y de Comunicación; Ingeniaritza Elektrikoa, Elektronikoa eta Telekomunikazio Ingeniaritza
In recent years, there has been a notable surge in the utilization of remote desktop services, largely driven by the emergence of new remote work models introduced during the pandemic. Traditional evaluation of the quality of experience (QoE) of users in remote desktop environments has relied on measures such as round-trip time (RTT). However, these measures are insufficient to capture all the factors that influence QoE. This study evaluated RTT and interactivity time in an enterprise environment over a period of 6 months and analysed the suitability of using RTT drawing previously unexplored connections between RTT, interactivity, and QoE. The results indicate that RTT is an insufficient indicator of QoE in productive environments with low RTT values. We outline some precise measures of interactivity needed to capture all the factors that contribute to QoE in remote desktop environments.
Open Access
Mejoras en la identificación de tráfico de aplicación basado en firmas
(2008) Santolaya Bea, Néstor; Magaña Lizarrondo, Eduardo; Izal Azcárate, Mikel; Morató Osés, Daniel; Automática y Computación; Automatika eta Konputazioa
Traffic identification has been based traditionally on transport protocol ports, associating always the same ports with the same applications. Nowadays that assumption is not true and new methods like signature identification or statistical techniques are applied. This work presents a method based on signature identification with some improvements. The use of regular expressions for typical applications has been studied deeply and its use has been improved in the aspects of percentage identification and resources consumption. On the other hand, a flows-record structure has been applied in order to classify those packets that do not verify any regular expression. Results are compared with the opensource related project L7-filter, and the improvements are presented. Finally, detailed regular expressions for analyzed applications are included in the paper, especially P2P applications.
Open Access
Collecting packet traces at high speed
(2006) Aguirre Cascallana, Gorka; Magaña Lizarrondo, Eduardo; Automática y Computación; Automatika eta Konputazioa
In order to capture packet traces at high speed using a low-cost platform, we have to optimize the networking stack of a general purpose operating system. Different techniques are compared with the final objective of avoiding packet loss. Among those techniques we will study the performance of NAPI [6] and PF-RING [9]. Depending on the final application, we should tune certain parameters accordingly. We also present the advantages of a multiprocessor platform and the problematic of storing full packets directly to hard disk.
Open Access
Ingress traffic classification versus aggregation in video over OBS networks
(2010) Izal Azcárate, Mikel; Espina Antolín, Félix; Morató Osés, Daniel; Magaña Lizarrondo, Eduardo; Automática y Computación; Automatika eta Konputazioa
Optical Burst Switched (OBS) networks may become a backbone technology for video-on-demand providers. This work addresses the problem of dimensioning the access link of an ingress node to the optical core network in a video over OBS scenario. A video-ondemand provider using an OBS transport network will have to deliver traffic to a set of egress destinations. A large part of this traffic would be composed of video streaming traffic. However, in a real network there would be also a fraction of non video traffic related to non video services. This work studies the decision whether it is better to gather all traffic to the same destination in a joint burst assembler or separate video and general data traffic on different burs assemblers. The later may increase burst blocking probability but also allow for better tuning of OBS parameters that help improve video reception quality. Result show that this tuning of parameters is not enough to compensate the drop probability increase and thus it is better to aggregate video and general data traffic.
Open Access
Pamplona-traceroute: topology discovery and alias resolution to build router level Internet maps
(IEEE, 2013) García-Jiménez, Santiago; Magaña Lizarrondo, Eduardo; Morató Osés, Daniel; Izal Azcárate, Mikel; Automática y Computación; Automatika eta Konputazioa
An Internet topology map at the router level not only needs to discover IP addresses in Internet paths (traceroute) but also needs to identify IP addresses belonging to the same router (IP aliases). Both processes, discovery and IP alias resolution, have traditionally been independent tasks. In this paper, a new tool called Pamplona-traceroute is proposed to improve upon current results in a state of the art for Internet topology construction at the router level. Indirect probing using TTLscoped UDP packets, usually present in the discovery phases, is reused in IP alias resolution phases, providing high identification rates, especially in access routers.
Open Access
A proposal of burst cloning for video quality improvement in optical burst switching networks
(2013) Espina Antolín, Félix; Morató Osés, Daniel; Izal Azcárate, Mikel; Magaña Lizarrondo, Eduardo; Automática y Computación; Automatika eta Konputazioa