Open Access
A survey on detection techniques for cryptographic ransomware
(IEEE, 2019) Berrueta Irigoyen, Eduardo; Morató Osés, Daniel; Magaña Lizarrondo, Eduardo; Izal Azcárate, Mikel; Ingeniaritza Elektrikoa, Elektronikoaren eta Telekomunikazio Ingeniaritzaren; Institute of Smart Cities - ISC; Ingeniería Eléctrica, Electrónica y de Comunicación
Crypto-ransomware is a type of malware that encrypts user files, deletes the original data, and asks for a ransom to recover the hijacked documents. It is a cyber threat that targets both companies and residential users, and has spread in recent years because of its lucrative results. Several articles have presented classifications of ransomware families and their typical behaviour. These insights have stimulated the creation of detection techniques for antivirus and firewall software. However, because the ransomware scene evolves quickly and aggressively, these studies quickly become outdated. In this study, we surveyed the detection techniques that the research community has developed in recent years. We compared the different approaches and classified the algorithms based on the input data they obtain from ransomware actions, and the decision procedures they use to reach a classification decision between benign or malign applications. This is a detailed survey that focuses on detection algorithms, compared to most previous studies that offer a survey of ransomware families or isolated proposals of detection algorithms. We also compared the results of these proposals.
Open Access
A proposal of burst cloning for video quality improvement in optical burst switching networks
(2013) Espina Antolín, Félix; Morató Osés, Daniel; Izal Azcárate, Mikel; Magaña Lizarrondo, Eduardo; Automática y Computación; Automatika eta Konputazioa
Open Access
Ingress traffic classification versus aggregation in video over OBS networks
(2010) Izal Azcárate, Mikel; Espina Antolín, Félix; Morató Osés, Daniel; Magaña Lizarrondo, Eduardo; Automática y Computación; Automatika eta Konputazioa
Optical Burst Switched (OBS) networks may become a backbone technology for video-on-demand providers. This work addresses the problem of dimensioning the access link of an ingress node to the optical core network in a video over OBS scenario. A video-ondemand provider using an OBS transport network will have to deliver traffic to a set of egress destinations. A large part of this traffic would be composed of video streaming traffic. However, in a real network there would be also a fraction of non video traffic related to non video services. This work studies the decision whether it is better to gather all traffic to the same destination in a joint burst assembler or separate video and general data traffic on different burs assemblers. The later may increase burst blocking probability but also allow for better tuning of OBS parameters that help improve video reception quality. Result show that this tuning of parameters is not enough to compensate the drop probability increase and thus it is better to aggregate video and general data traffic.
Open Access
TNS research in progress
(Universidad Politécnica de Cartagena, Servicio de Documentación, 2012) Izal Azcárate, Mikel; Prieto Suárez, Iria; Espina Antolín, Félix; Morató Osés, Daniel; Magaña Lizarrondo, Eduardo; Automática y Computación; Automatika eta Konputazioa; Universidad Pública de Navarra / Nafarroako Unibertsitate Publikoa
This paper summarizes latest works of Telematic, Networks and Services research group (TNS) of Public University of Navarra in the topics of FIERRO thematic network. Last two papers sent to major conferences are addressed First work shows how self-similar traffic can be generated using Perlin Noise, an algorithm commonly used to generate 2D/3D noise for natural looking graphics. 1-dimension Perlin Noise can be interpreted as network traffic and used to generate long range dependent traffic for network simulation. The algorithm is compared to more classical approach Random Midpoint Displacement showing at traffic generated is similar but can be generated continuously with no fixed block size. Second work presents two novel cloning schemes for video delivery in OBS networks that dramatically improve user perceived content quality. These schemes take into account the special characteristics of compressed video traffic. Analytical and simulation results show up to 40% QoE improvement without a substantial increase in the overall network traffic and without increasing the number of bursts in the network. The results show the strong dependency of this novel cloning scheme on the video traffic structure due to the coding mechanisms.
Open Access
Detecting disruption periods on TCP servers with passive packet traffic analysis
(IARIA, 2015) Prieto Suárez, Iria; Izal Azcárate, Mikel; Magaña Lizarrondo, Eduardo; Morató Osés, Daniel; Automática y Computación; Automatika eta Konputazioa
This paper presents a simple passive algorithm to monitor service availability. The algorithm is based on packet counting over a passive traffic trace of a population of clients accessing servers of interest. The major advantage of the algorithm is that it is passive and thus not invasive while usual monitor systems that can be found on Internet are active probing agents. The proposed system does not communicates to actual servers. It is easy to build as an online monitoring system with no big constraints in software or hardware. It does not relay on a distributed number of network placements for probing agents but works on a single network observing point near network edge. Initial proof of work of the algorithm is presented by analyzing unavailability problems for popular servers at an academic network at Public University of Navarre.
Open Access
Multiresolution analysis of optical burst switching traffic
(IEEE, 2003) Aracil Rico, Javier; Morató Osés, Daniel; Magaña Lizarrondo, Eduardo; Izal Azcárate, Mikel; Automática y Computación; Automatika eta Konputazioa
In this paper, a Multiresolution Analysis is conducted in order to study the self-similar features of Optical Burst Switching (OBS) traffi c. The scenario consists of an OBS backbone with input traffic from a large number of Internet users, that generate Poisson-arriving heavytailed bursts. The results show that long-range dependence is preserved at timescales longer than the burst assembly timeout value while the traffic variability at short timescales is increased.
Open Access
Ransomware encrypted your files but you restored them from network traffic
(IEEE, 2019) Berrueta Irigoyen, Eduardo; Morató Osés, Daniel; Magaña Lizarrondo, Eduardo; Izal Azcárate, Mikel; Ingeniaritza Elektrikoa, Elektronikoaren eta Telekomunikazio Ingeniaritzaren; Institute of Smart Cities - ISC; Ingeniería Eléctrica, Electrónica y de Comunicación
In a scenario where user files are stored in a network shared volume, a single computer infected by ransomware could encrypt the whole set of shared files, with a large impact on user productivity. On the other hand, medium and large companies maintain hardware or software probes that monitor the traffic in critical network links, in order to evaluate service performance, detect security breaches, account for network or service usage, etc. In this paper we suggest using the monitoring capabilities in one of these tools in order to keep a trace of the traffic between the users and the file server. Once the ransomware is detected, the lost files can be recovered from the traffic trace. This includes any user modifications posterior to the last snapshot of periodic backups. The paper explains the problems faced by the monitoring tool, which is neither the client nor the server of the file sharing operations. It also describes the data structures in order to process the actions of users that could be simultaneously working on the same file. A proof of concept software implementation was capable of successfully recovering the files encrypted by 18 different ransomware families.
Open Access
Herramienta de gestión en tiempo real de redes de área extensa
(1998) Magaña Lizarrondo, Eduardo; Aracil Rico, Javier; Villadangos Alonso, Jesús; Automática y Computación; Automatika eta Konputazioa
This paper presents PROMIS, a new network management tool based on a distributed architecture of traffic probes. It allows network managers to monitor traffic from any wide area network segment in real time using a WWW console or a Tcl/Tk graphic interface.
Open Access
Network simulation in a TCP-enabled industrial internet of things environment - reproducibility issues for performance evaluation
(IEEE, 2022) Morató Osés, Daniel; Pérez-Gómara, Carlos; Magaña Lizarrondo, Eduardo; Izal Azcárate, Mikel; Ingeniaritza Elektrikoa, Elektronikoaren eta Telekomunikazio Ingeniaritzaren; Institute of Smart Cities - ISC; Ingeniería Eléctrica, Electrónica y de Comunicación
Network simulation is a tool used to analyse and predict the performance of Industrial Internet of Things deployments while dealing with the complexity of real testbeds. Large network deployments with complex protocols such as Transmission Control Protocol are subject to chaos-theory behaviour, i.e. small changes in the implementation of the protocol stack or simulator behaviour may result in large differences in the performance results. We present the results of simulating two different scenarios using three simulators. The first scenario focuses on the Incast phenomenon in a local area network where sensor data are collected. The second scenario focuses on a congested link traversed by the collected measurements. The performance metrics obtained from the simulators are compared among them and with ground-truth obtained from real network experiments. The results demonstrate how subtle implementation differences in network simulators impact performance results, and how network engineers must consider these differences.
Open Access
Monitorización activa de altas prestaciones mediante la plataforma paneuropa ETOMIC
(2005) Magaña Lizarrondo, Eduardo; Naranjo Abad, Francisco José; Aracil Rico, Javier; Automática y Computación; Automatika eta Konputazioa
In this paper we present the first set of active measurements that we have made using the ETOMIC system. ETOMIC is a paneuropean traffic measurement infrastructure with GPS-synchronized monitoring nodes. Specific hardware is used in order to provide high-precision transmission and reception capabilities. Besides, the system is open and any experiment can be executed. Internet measurements with high infrastructure requirements are now possible like one-way delay, routes and topology changing, congestion detection and virtual path aggregation detection. We will explain the results and how easy is to implement these measurements using the tools provided by ETOMIC, specially the API for using the specific sending and receiving capabilities.