Person:
Izal Azcárate, Mikel

Loading...
Profile Picture

Email Address

Birth Date

Research Projects

Organizational Units

Job Title

Last Name

Izal Azcárate

First Name

Mikel

person.page.departamento

Ingeniería Eléctrica, Electrónica y de Comunicación

person.page.instituteName

ISC. Institute of Smart Cities

ORCID

0000-0002-2770-912X

person.page.upna

2083

Name

Search Results

Now showing 1 - 10 of 55
  • PublicationOpen Access
    Ransomware early detection by the analysis of file sharing traffic
    (Elsevier, 2018) Morató Osés, Daniel; Berrueta Irigoyen, Eduardo; Magaña Lizarrondo, Eduardo; Izal Azcárate, Mikel; Ingeniaritza Elektrikoa, Elektronikoaren eta Telekomunikazio Ingeniaritzaren; Institute of Smart Cities - ISC; Ingeniería Eléctrica, Electrónica y de Comunicación
    Crypto ransomware is a type of malware that locks access to user files by encrypting them and demands a ransom in order to obtain the decryption key. This type of malware has become a serious threat for most enterprises. In those cases where the infected computer has access to documents in network shared volumes, a single host can lock access to documents across several departments in the company. We propose an algorithm that can detect ransomware action and prevent further activity over shared documents. The algorithm is based on the analysis of passively monitored traffic by a network probe. 19 different ransomware families were used for testing the algorithm in action. The results show that it can detect ransomware activity in less than 20 s, before more than 10 files are lost. Recovery of even those files was also possible because their content was stored in the traffic monitored by the network probe. Several days of traffic from real corporate networks were used to validate a low rate of false alarms. This paper offers also analytical models for the probability of early detection and the probability of false alarms for an arbitrarily large population of users.
  • PublicationOpen Access
    Detección de congestión en la Internet europea
    (IEEE, 2007) Hernández, Ana; Magaña Lizarrondo, Eduardo; Izal Azcárate, Mikel; Morató Osés, Daniel; Automática y Computación; Automatika eta Konputazioa
    In this paper we present a study about the utilization of one-way delay measurements to detect and characterize network congestion in the european Internet. The experiments have been made using the ETOMIC platfom that allows one-way delay measurement with high precision timestamps. We have found a peculiar router behaviour in which the bottleneck is not the available bandwidth but it is the packet processing power of the router (backplane and CPU constraints). This router has been characterized with several network parameters. Some of them are the dependency of this limitation with the input data rate in packets per second, the size of burst packet losses measured in packets or time and the absence of specific scheduling algorithms in the router that could affect to larger flows.
  • PublicationOpen Access
    Crypto-ransomware detection using machine learning models in file-sharing network scenarios with encrypted traffic
    (Elsevier, 2022) Berrueta Irigoyen, Eduardo; Morató Osés, Daniel; Magaña Lizarrondo, Eduardo; Izal Azcárate, Mikel; Ingeniería Eléctrica, Electrónica y de Comunicación; Ingeniaritza Elektrikoa, Elektronikoaren eta Telekomunikazio Ingeniaritzaren; Universidad Pública de Navarra / Nafarroako Unibertsitate Publikoa
    Ransomware is considered as a significant threat for home users and enterprises. In corporate scenarios, users’ computers usually store only system and program files, while all the documents are accessed from shared servers. In these scenarios, one crypto-ransomware infected host is capable of locking the access to all shared files it has access to, which can be the whole set of files from a workgroup of users. We propose a tool to detect and block crypto-ransomware activity based on file-sharing traffic analysis. The tool monitors the traffic exchanged between the clients and the file servers and using machine learning techniques it searches for patterns in the traffic that betray ransomware actions while reading and overwriting files. This is the first proposal designed to work not only for clear text protocols but also for encrypted file-sharing protocols. We extract features from network traffic that describe the activity opening, closing, and modifying files. The features allow the differentiation between ransomware activity and high activity from benign applications. We train and test the detection model using a large set of more than 70 ransomware binaries from 33 different strains and more than 2,400 h of ‘not infected’ traffic from real users. The results reveal that the proposed tool can detect all ransomware binaries described, including those not used in the training phase. This paper provides a validation of the algorithm by studying the false positive rate and the amount of information from user files that the ransomware could encrypt before being detected
  • PublicationOpen Access
    Predicción de tráfico de Internet and aplicaciones
    (2001) Bernal, I.; Aracil Rico, Javier; Morató Osés, Daniel; Izal Azcárate, Mikel; Magaña Lizarrondo, Eduardo; Díez Marca, L. A.; Automática y Computación; Automatika eta Konputazioa
    In this paper we focus on traffic prediction as a means to achieve dynamic bandwidth allocation in a generic Internet link. Our findings show that coarse prediction (bytes per interval) proves advantageous to perform dynamic link dimensioning, even if we consider a part of the top traffic producers in the traffic predictor.
  • PublicationOpen Access
    Ingress traffic classification versus aggregation in video over OBS networks
    (2010) Izal Azcárate, Mikel; Espina Antolín, Félix; Morató Osés, Daniel; Magaña Lizarrondo, Eduardo; Automática y Computación; Automatika eta Konputazioa
    Optical Burst Switched (OBS) networks may become a backbone technology for video-on-demand providers. This work addresses the problem of dimensioning the access link of an ingress node to the optical core network in a video over OBS scenario. A video-ondemand provider using an OBS transport network will have to deliver traffic to a set of egress destinations. A large part of this traffic would be composed of video streaming traffic. However, in a real network there would be also a fraction of non video traffic related to non video services. This work studies the decision whether it is better to gather all traffic to the same destination in a joint burst assembler or separate video and general data traffic on different burs assemblers. The later may increase burst blocking probability but also allow for better tuning of OBS parameters that help improve video reception quality. Result show that this tuning of parameters is not enough to compensate the drop probability increase and thus it is better to aggregate video and general data traffic.
  • PublicationOpen Access
    A proposal of burst cloning for video quality improvement in optical burst switching networks
    (2013) Espina Antolín, Félix; Morató Osés, Daniel; Izal Azcárate, Mikel; Magaña Lizarrondo, Eduardo; Automática y Computación; Automatika eta Konputazioa
  • PublicationOpen Access
    Delay-throughput curves for timer-based OBS burstifiers with light load
    (IEEE, 2006) Izal Azcárate, Mikel; Aracil Rico, Javier; Morató Osés, Daniel; Magaña Lizarrondo, Eduardo; Automática y Computación; Automatika eta Konputazioa
    The OBS burstifier delay-throughput curves are analyzed in this paper. The burstifier incorporates a timer-based scheme with minimum burst size, i. e., bursts are subject to padding in light-load scenarios. Precisely, due to this padding effect, the burstifier normalized throughput may not be equal to unity. Conversely, in a high-load scenario, padding will seldom occur. For the interesting light-load scenario, the throughput delay curves are derived and the obtained results are assessed against those obtained by trace-driven simulation. The influence of long-range dependence and instantaneous variability is analyzed to conclude that there is a threshold timeout value that makes the throughput curves flatten out to unity. This result motivates the introduction of adaptive burstification algorithms, that provide a timeout value that minimizes delay, yet keeping the throughput very close to unity. The dependence of such optimum timeout value with traffic long-range dependence and instantaneous burstiness is discussed. Finally, three different adaptive timeout algorithms are proposed, that tradeoff complexity versus accuracy.
  • PublicationOpen Access
    Pamplona-traceroute: topology discovery and alias resolution to build router level Internet maps
    (IEEE, 2013) García-Jiménez, Santiago; Magaña Lizarrondo, Eduardo; Morató Osés, Daniel; Izal Azcárate, Mikel; Automática y Computación; Automatika eta Konputazioa
    An Internet topology map at the router level not only needs to discover IP addresses in Internet paths (traceroute) but also needs to identify IP addresses belonging to the same router (IP aliases). Both processes, discovery and IP alias resolution, have traditionally been independent tasks. In this paper, a new tool called Pamplona-traceroute is proposed to improve upon current results in a state of the art for Internet topology construction at the router level. Indirect probing using TTLscoped UDP packets, usually present in the discovery phases, is reused in IP alias resolution phases, providing high identification rates, especially in access routers.
  • PublicationOpen Access
    Video over OBS Networks
    (2008) Espina Antolín, Félix; Morató Osés, Daniel; Izal Azcárate, Mikel; Magaña Lizarrondo, Eduardo; Automática y Computación; Automatika eta Konputazioa
  • PublicationOpen Access
    Approximations for end-to-end delay analysis in OBS networks with light load
    (IEEE, 2004) Morató Osés, Daniel; Magaña Lizarrondo, Eduardo; Izal Azcárate, Mikel; Automática y Computación; Automatika eta Konputazioa
    In this paper we provide an analysis of end-to-end delay in OBS networks and a large deviations approximation. The analysis is based on an exponential approximation of the OBS router blocking time and on the assumption of Poisson arrivals in routers along the path from source to destination. On the other hand, a lightload assumption is performed, namely, waiting time is mainly due to residual life of the output wavelengths and not to buffering.