Person: Morató Osés, Daniel
No Profile Picture Available
Email Address
person.page.identifierURI
Birth Date
Job Title
Last Name
Morató Osés
First Name
Daniel
person.page.departamento
Ingeniería Eléctrica, Electrónica y de Comunicación
person.page.instituteName
ISC. Institute of Smart Cities
ORCID
person.page.observainves
person.page.upna
Name
- Publications
- item.page.relationships.isAdvisorOfPublication
- item.page.relationships.isAdvisorTFEOfPublication
- item.page.relationships.isAuthorMDOfPublication
65 results
Search Results
Now showing 1 - 10 of 65
Publication Open Access Network simulation in a TCP-enabled industrial internet of things environment - reproducibility issues for performance evaluation(IEEE, 2022) Morató Osés, Daniel; Pérez-Gómara, Carlos; Magaña Lizarrondo, Eduardo; Izal Azcárate, Mikel; Ingeniaritza Elektrikoa, Elektronikoaren eta Telekomunikazio Ingeniaritzaren; Institute of Smart Cities - ISC; Ingeniería Eléctrica, Electrónica y de ComunicaciónNetwork simulation is a tool used to analyse and predict the performance of Industrial Internet of Things deployments while dealing with the complexity of real testbeds. Large network deployments with complex protocols such as Transmission Control Protocol are subject to chaos-theory behaviour, i.e. small changes in the implementation of the protocol stack or simulator behaviour may result in large differences in the performance results. We present the results of simulating two different scenarios using three simulators. The first scenario focuses on the Incast phenomenon in a local area network where sensor data are collected. The second scenario focuses on a congested link traversed by the collected measurements. The performance metrics obtained from the simulators are compared among them and with ground-truth obtained from real network experiments. The results demonstrate how subtle implementation differences in network simulators impact performance results, and how network engineers must consider these differences.Publication Open Access IP addresses distribution in Internet and its application on reduction methods for IP alias resolution(IEEE, 2009) García-Jiménez, Santiago; Magaña Lizarrondo, Eduardo; Izal Azcárate, Mikel; Morató Osés, Daniel; Automática y Computación; Automatika eta KonputazioaDiscovery of Internet topology is an important and open task. It is difficulted by the high number of networks and internetworking equipments, and even by the dynamic of those interconnections. Mapping Internet at router-level needs to identify IP addresses that belong to the same router. This is called IP address alias resolution and classical methods in the state of the art like Ally need to test IP addresses in pairs. This means a very high cost in traffic generated and time consumption, specially with an increasing topology size. Some methods have been proposed to reduce the number of pairs of IP addresses to compare based on the TTL or IP identifier fields from the IP header. However both need extra traffic and they have problems with the probing distribution between several probing nodes. This paper proposes to use the peculiar distribution of IP addresses in Internet Autonomous Systems in order to reduce the number of IP addresses to compare. The difference between pairs of IP addresses is used to know a priori if they are candidates to be alias with certain probability. Performance evaluation has been made using Planetlab and Etomic measurement platforms. The paper justifies the reduction method, obtaining high reduction ratios without injecting extra traffic in the network and with the possibility to distribute the process for alias resolution.Publication Open Access Resolución de alias para el cálculo de topologías(2007) García-Jiménez, Santiago; Magaña Lizarrondo, Eduardo; Izal Azcárate, Mikel; Morató Osés, Daniel; Automática y Computación; Automatika eta KonputazioaThe network topology is a fundamental parameter for managers and researchers. The traditional methodology for discovering the topology of a network is based on the tool traceroute, used from several vantage points in different subnetworks. The result is a set of sink trees where the nodes are the discovered IP addresses from the routers. However, few tools have faced the problem of identifying the nodes in different sink trees as interfaces in the same router. This paper shows a new methodology for this problem of alias resolution. It has been used in the european research network using the ETOMIC platform. It shows that the traditional methodologies are not effective in today’s networking scenario but can be easily improved at least in a factor of 3 in the number of successes.Publication Open Access Preemption window for burst differentiation in OBS(IEEE, 2008) Klinkowski, Miroslaw; Careglio, Davide; Morató Osés, Daniel; Solé Pareta, Josep; Automática y Computación; Automatika eta KonputazioaThis paper presents a novel control architecture for optical burst switching networks to efficiently apply burst preemption without the resources overbooking, which is specific to conventional OBS. Simulation results prove the effectiveness of this proposal.Publication Open Access Detecting disruption periods on TCP servers with passive packet traffic analysis(IARIA, 2015) Prieto Suárez, Iria; Izal Azcárate, Mikel; Magaña Lizarrondo, Eduardo; Morató Osés, Daniel; Automática y Computación; Automatika eta KonputazioaThis paper presents a simple passive algorithm to monitor service availability. The algorithm is based on packet counting over a passive traffic trace of a population of clients accessing servers of interest. The major advantage of the algorithm is that it is passive and thus not invasive while usual monitor systems that can be found on Internet are active probing agents. The proposed system does not communicates to actual servers. It is easy to build as an online monitoring system with no big constraints in software or hardware. It does not relay on a distributed number of network placements for probing agents but works on a single network observing point near network edge. Initial proof of work of the algorithm is presented by analyzing unavailability problems for popular servers at an academic network at Public University of Navarre.Publication Open Access Multiresolution analysis of optical burst switching traffic(IEEE, 2003) Aracil Rico, Javier; Morató Osés, Daniel; Magaña Lizarrondo, Eduardo; Izal Azcárate, Mikel; Automática y Computación; Automatika eta KonputazioaIn this paper, a Multiresolution Analysis is conducted in order to study the self-similar features of Optical Burst Switching (OBS) traffi c. The scenario consists of an OBS backbone with input traffic from a large number of Internet users, that generate Poisson-arriving heavytailed bursts. The results show that long-range dependence is preserved at timescales longer than the burst assembly timeout value while the traffic variability at short timescales is increased.Publication Open Access Evaluation of RTT as an estimation of interactivity time for QoE evaluation in remote desktop environments(IEEE, 2023) Arellano Usón, Jesús; Magaña Lizarrondo, Eduardo; Morató Osés, Daniel; Izal Azcárate, Mikel; Ingeniería Eléctrica, Electrónica y de Comunicación; Ingeniaritza Elektrikoa, Elektronikoa eta Telekomunikazio IngeniaritzaIn recent years, there has been a notable surge in the utilization of remote desktop services, largely driven by the emergence of new remote work models introduced during the pandemic. Traditional evaluation of the quality of experience (QoE) of users in remote desktop environments has relied on measures such as round-trip time (RTT). However, these measures are insufficient to capture all the factors that influence QoE. This study evaluated RTT and interactivity time in an enterprise environment over a period of 6 months and analysed the suitability of using RTT drawing previously unexplored connections between RTT, interactivity, and QoE. The results indicate that RTT is an insufficient indicator of QoE in productive environments with low RTT values. We outline some precise measures of interactivity needed to capture all the factors that contribute to QoE in remote desktop environments.Publication Open Access Ransomware early detection by the analysis of file sharing traffic(Elsevier, 2018) Morató Osés, Daniel; Berrueta Irigoyen, Eduardo; Magaña Lizarrondo, Eduardo; Izal Azcárate, Mikel; Ingeniaritza Elektrikoa, Elektronikoaren eta Telekomunikazio Ingeniaritzaren; Institute of Smart Cities - ISC; Ingeniería Eléctrica, Electrónica y de ComunicaciónCrypto ransomware is a type of malware that locks access to user files by encrypting them and demands a ransom in order to obtain the decryption key. This type of malware has become a serious threat for most enterprises. In those cases where the infected computer has access to documents in network shared volumes, a single host can lock access to documents across several departments in the company. We propose an algorithm that can detect ransomware action and prevent further activity over shared documents. The algorithm is based on the analysis of passively monitored traffic by a network probe. 19 different ransomware families were used for testing the algorithm in action. The results show that it can detect ransomware activity in less than 20 s, before more than 10 files are lost. Recovery of even those files was also possible because their content was stored in the traffic monitored by the network probe. Several days of traffic from real corporate networks were used to validate a low rate of false alarms. This paper offers also analytical models for the probability of early detection and the probability of false alarms for an arbitrarily large population of users.Publication Open Access Detección de congestión en la Internet europea(IEEE, 2007) Hernández, Ana; Magaña Lizarrondo, Eduardo; Izal Azcárate, Mikel; Morató Osés, Daniel; Automática y Computación; Automatika eta KonputazioaIn this paper we present a study about the utilization of one-way delay measurements to detect and characterize network congestion in the european Internet. The experiments have been made using the ETOMIC platfom that allows one-way delay measurement with high precision timestamps. We have found a peculiar router behaviour in which the bottleneck is not the available bandwidth but it is the packet processing power of the router (backplane and CPU constraints). This router has been characterized with several network parameters. Some of them are the dependency of this limitation with the input data rate in packets per second, the size of burst packet losses measured in packets or time and the absence of specific scheduling algorithms in the router that could affect to larger flows.Publication Open Access Crypto-ransomware detection using machine learning models in file-sharing network scenarios with encrypted traffic(Elsevier, 2022) Berrueta Irigoyen, Eduardo; Morató Osés, Daniel; Magaña Lizarrondo, Eduardo; Izal Azcárate, Mikel; Ingeniería Eléctrica, Electrónica y de Comunicación; Ingeniaritza Elektrikoa, Elektronikoaren eta Telekomunikazio Ingeniaritzaren; Universidad Pública de Navarra / Nafarroako Unibertsitate PublikoaRansomware is considered as a significant threat for home users and enterprises. In corporate scenarios, users’ computers usually store only system and program files, while all the documents are accessed from shared servers. In these scenarios, one crypto-ransomware infected host is capable of locking the access to all shared files it has access to, which can be the whole set of files from a workgroup of users. We propose a tool to detect and block crypto-ransomware activity based on file-sharing traffic analysis. The tool monitors the traffic exchanged between the clients and the file servers and using machine learning techniques it searches for patterns in the traffic that betray ransomware actions while reading and overwriting files. This is the first proposal designed to work not only for clear text protocols but also for encrypted file-sharing protocols. We extract features from network traffic that describe the activity opening, closing, and modifying files. The features allow the differentiation between ransomware activity and high activity from benign applications. We train and test the detection model using a large set of more than 70 ransomware binaries from 33 different strains and more than 2,400 h of ‘not infected’ traffic from real users. The results reveal that the proposed tool can detect all ransomware binaries described, including those not used in the training phase. This paper provides a validation of the algorithm by studying the false positive rate and the amount of information from user files that the ransomware could encrypt before being detected