Magaña Lizarrondo, Eduardo
Loading...
Email Address
person.page.identifierURI
Birth Date
Job Title
Last Name
Magaña Lizarrondo
First Name
Eduardo
person.page.departamento
Ingeniería Eléctrica, Electrónica y de Comunicación
person.page.instituteName
ISC. Institute of Smart Cities
ORCID
person.page.observainves
person.page.upna
Name
- Publications
- item.page.relationships.isAdvisorOfPublication
- item.page.relationships.isAdvisorTFEOfPublication
- item.page.relationships.isAuthorMDOfPublication
2 results
Search Results
Now showing 1 - 2 of 2
Publication Open Access Crypto-ransomware detection using machine learning models in file-sharing network scenarios with encrypted traffic(Elsevier, 2022) Berrueta Irigoyen, Eduardo; Morató Osés, Daniel; Magaña Lizarrondo, Eduardo; Izal Azcárate, Mikel; Ingeniería Eléctrica, Electrónica y de Comunicación; Ingeniaritza Elektrikoa, Elektronikoaren eta Telekomunikazio Ingeniaritzaren; Universidad Pública de Navarra / Nafarroako Unibertsitate PublikoaRansomware is considered as a significant threat for home users and enterprises. In corporate scenarios, users’ computers usually store only system and program files, while all the documents are accessed from shared servers. In these scenarios, one crypto-ransomware infected host is capable of locking the access to all shared files it has access to, which can be the whole set of files from a workgroup of users. We propose a tool to detect and block crypto-ransomware activity based on file-sharing traffic analysis. The tool monitors the traffic exchanged between the clients and the file servers and using machine learning techniques it searches for patterns in the traffic that betray ransomware actions while reading and overwriting files. This is the first proposal designed to work not only for clear text protocols but also for encrypted file-sharing protocols. We extract features from network traffic that describe the activity opening, closing, and modifying files. The features allow the differentiation between ransomware activity and high activity from benign applications. We train and test the detection model using a large set of more than 70 ransomware binaries from 33 different strains and more than 2,400 h of ‘not infected’ traffic from real users. The results reveal that the proposed tool can detect all ransomware binaries described, including those not used in the training phase. This paper provides a validation of the algorithm by studying the false positive rate and the amount of information from user files that the ransomware could encrypt before being detectedPublication Open Access Network simulation in a TCP-enabled industrial internet of things environment - reproducibility issues for performance evaluation(IEEE, 2022) Morató Osés, Daniel; Pérez-Gómara, Carlos; Magaña Lizarrondo, Eduardo; Izal Azcárate, Mikel; Ingeniaritza Elektrikoa, Elektronikoaren eta Telekomunikazio Ingeniaritzaren; Institute of Smart Cities - ISC; Ingeniería Eléctrica, Electrónica y de ComunicaciónNetwork simulation is a tool used to analyse and predict the performance of Industrial Internet of Things deployments while dealing with the complexity of real testbeds. Large network deployments with complex protocols such as Transmission Control Protocol are subject to chaos-theory behaviour, i.e. small changes in the implementation of the protocol stack or simulator behaviour may result in large differences in the performance results. We present the results of simulating two different scenarios using three simulators. The first scenario focuses on the Incast phenomenon in a local area network where sensor data are collected. The second scenario focuses on a congested link traversed by the collected measurements. The performance metrics obtained from the simulators are compared among them and with ground-truth obtained from real network experiments. The results demonstrate how subtle implementation differences in network simulators impact performance results, and how network engineers must consider these differences.