Open Access
Techniques for better alias resolution in Internet topology discovery
(IEEE, 2009) García-Jiménez, Santiago; Magaña Lizarrondo, Eduardo; Morató Osés, Daniel; Izal Azcárate, Mikel; Automática y Computación; Automatika eta Konputazioa
One of the challenging problems related with network topology discovery in Internet is the process of IP address alias identification. Topology information is usually obtained from a set of traceroutes that provide IP addresses of routers in the path from a source to a destination. If these traceroutes are repeated between several source/destination pairs we can get a sampling of all IP addresses for crossed routers. In order to generate the topology graph in which each router is a node, it is needed to identify all IP addresses that belong to the same router. In this work we propose improvements over existing methods to obtain alias identification related mainly with the types and options in probing packets.
Open Access
On the reduction of authoritative DNS cache timeouts: detection and implications for user privacy
(Elsevier, 2021) Hernández Quintanilla, Tomás; Magaña Lizarrondo, Eduardo; Morató Osés, Daniel; Izal Azcárate, Mikel; Ingeniaritza Elektrikoa, Elektronikoaren eta Telekomunikazio Ingeniaritzaren; Institute of Smart Cities - ISC; Ingeniería Eléctrica, Electrónica y de Comunicación
The domain name system (DNS) is an Internet network service that is used by hosts to resolve IP addresses from symbolic names. This basic service has been attacked and abused many times, as it is one of the oldest and most vulnerable services on the Internet. Some DNS resolvers conduct DNS manipulation, in which authoritative DNS responses are modified. This DNS manipulation is sometimes used for legitimate reasons (e.g., parental control) and other times is used to support malicious activities, such as DNS poisoning or data collection. Between these DNS manipulation activities, some Internet service providers (ISPs) are changing the DNS cache timeout of the DNS responses with which their DNS resolvers responded to obtain additional data about their subscribers. These data can be a detailed web browsing profile of the user. This approach does not require a large investment and can yield huge benefits if the information is used or sold. Therefore, user privacy is disputed. We conducted a study in which we analyse how ISPs use this DNS manipulation, propose a method for identifying this DNS manipulation by the end-user and determine the amount of information an ISP can collect by using it. We also developed a public web tool, for which the source code is available, that can help Internet users determine whether their privacy is being compromised by their ISP via the exploitation of DNS cache timeouts. This service can facilitate the collection of data on how many people are victims of this abuse and which ISPs around the world are utilizing this technique.
Open Access
IPmiser, sistema de monitorización de enlaces ATM a 155Mbps
(1998) Aracil Rico, Javier; Morató Osés, Daniel; Izal Azcárate, Mikel; Solana, Juan Ignacio; Ariste, Teresa; Fillmore, David; Automática y Computación; Automatika eta Konputazioa
Open Access
Protocol-agnostic method for monitoring interactivity time in remote desktop services
(Springer Nature, 2021-02-24) Arellano Usón, Jesús; Magaña Lizarrondo, Eduardo; Morató Osés, Daniel; Izal Azcárate, Mikel; Ingeniería Eléctrica, Electrónica y de Comunicación; Ingeniaritza Elektrikoa, Elektronikoa eta Telekomunikazio Ingeniaritza; Institute of Smart Cities - ISC
The growing trend of desktop virtualisation has facilitated the reduction of management costs associated with traditional systems and access to services from devices with different capabilities. However, desktop virtualisation requires controlling the interactivity provided by an infrastructure and the quality of experience perceived by users. This paper proposes a methodology for the quantification of interactivity based on the measurement of the time elapsed between user interactions and the associated responses. Measurement error is controlled using a novel mechanism for the detection of screen changes, which can lead to erroneous measurements. Finally, a campus virtual desktop infrastructure and the Amazon WorkSpaces solution are analysed using this proposed methodology. The results demonstrate the importance of the location of virtualisation infrastructure and the types of protocols used by remote desktop services.
Open Access
Interactivity anomaly detection in remote work scenarios using LTSM
(IEEE, 2024) Arellano Usón, Jesús; Magaña Lizarrondo, Eduardo; Morató Osés, Daniel; Izal Azcárate, Mikel; Ingeniería Eléctrica, Electrónica y de Comunicación; Ingeniaritza Elektrikoa, Elektronikoa eta Telekomunikazio Ingeniaritza; Institute of Smart Cities - ISC
In recent years, there has been a notable surge in the utilization of remote desktop services, largely driven by the emergence of new remote work models introduced during the pandemic. These services cater to interactive cloud-based applications (CIAs), whose core functionality operates in the cloud, demanding strict end-user interactivity requirements. This boom has led to a significant increase in their deployment, accompanied by a corresponding increase in associated maintenance costs. Service administrators aim to guarantee a satisfactory Quality of Experience (QoE) by monitoring metrics like interactivity time, particularly in cloud environments where variables such as network performance and shared resources come into play. This paper analyses anomaly detection state of the art and proposes a novel system for detecting interactivity time anomalies in cloud-based remote desktop environments. We employ an automatic model based on LSTM neural networks that achieves an accuracy of up to 99.97%.
Open Access
A popularity-aware method for discovering server IP addresses related to websites
(IEEE, 2013) Torres García, Luis Miguel; Magaña Lizarrondo, Eduardo; Izal Azcárate, Mikel; Morató Osés, Daniel; Automática y Computación; Automatika eta Konputazioa
The complexity of web traffic has grown in the past years as websites evolve and new services are provided over the HTTP protocol. When accessing a website, multiple connections to different servers are opened and it is usually difficult to distinguish which servers are related to which sites. However, this information is useful from the perspective of security and accounting and can also help to label web traffic and use it as ground truth for traffic classification systems. In this paper we present a method to discover server IP addresses related to specific websites in a traffic trace. Our method uses NetFlow-type records which makes it scalable and impervious to encryption of packet payloads. It is, moreover, popularity-aware in the sense that it takes into consideration the differences in the number of accesses to each site in order to provide a better identification of servers. The method can be used to gather data from a group of interesting websites or, by applying it to a representative set of websites, it can label a sizeable number of connections in a packet trace.
Open Access
A proposal of burst cloning for video quality improvement in optical burst switching networks
(2013) Espina Antolín, Félix; Morató Osés, Daniel; Izal Azcárate, Mikel; Magaña Lizarrondo, Eduardo; Automática y Computación; Automatika eta Konputazioa
Open Access
Pamplona-traceroute: topology discovery and alias resolution to build router level Internet maps
(IEEE, 2013) García-Jiménez, Santiago; Magaña Lizarrondo, Eduardo; Morató Osés, Daniel; Izal Azcárate, Mikel; Automática y Computación; Automatika eta Konputazioa
An Internet topology map at the router level not only needs to discover IP addresses in Internet paths (traceroute) but also needs to identify IP addresses belonging to the same router (IP aliases). Both processes, discovery and IP alias resolution, have traditionally been independent tasks. In this paper, a new tool called Pamplona-traceroute is proposed to improve upon current results in a state of the art for Internet topology construction at the router level. Indirect probing using TTLscoped UDP packets, usually present in the discovery phases, is reused in IP alias resolution phases, providing high identification rates, especially in access routers.
Open Access
Ingress traffic classification versus aggregation in video over OBS networks
(2010) Izal Azcárate, Mikel; Espina Antolín, Félix; Morató Osés, Daniel; Magaña Lizarrondo, Eduardo; Automática y Computación; Automatika eta Konputazioa
Optical Burst Switched (OBS) networks may become a backbone technology for video-on-demand providers. This work addresses the problem of dimensioning the access link of an ingress node to the optical core network in a video over OBS scenario. A video-ondemand provider using an OBS transport network will have to deliver traffic to a set of egress destinations. A large part of this traffic would be composed of video streaming traffic. However, in a real network there would be also a fraction of non video traffic related to non video services. This work studies the decision whether it is better to gather all traffic to the same destination in a joint burst assembler or separate video and general data traffic on different burs assemblers. The later may increase burst blocking probability but also allow for better tuning of OBS parameters that help improve video reception quality. Result show that this tuning of parameters is not enough to compensate the drop probability increase and thus it is better to aggregate video and general data traffic.
Open Access
Internet traffic shaping for IP over WDM links with source output buffering or multiple parallel wavelengths
(Kluwer Academic Publishers, 2001) Aracil Rico, Javier; Izal Azcárate, Mikel; Morató Osés, Daniel; Automática y Computación; Automatika eta Konputazioa
Since the number of wavelengths per fiber is growing in an exponential fashion the over- flow traffic can be routed through overflow lightpaths, thus providing an ideal network with near-infinite capacity and almost no-buffering. Such unprecedented bandwidth growth in the network backbone is only limited by the processing speed of the electronic elements. Even though multiple parallel high-speed channels (lightpaths) are provided between IP routers the switching speed of the latter is an order of magnitude below the lightpath transmission speed. As a result, minimizing transfer delay is not only a matter of forwarding traffic as fast as possible but to shape traffic so that the input queues of the destination routers do not over-flow. Even though it is desirable to exploit the WDM capabilities to forward traffic in parallel channels in order to nearly eliminate the router output buffering, it turns out that the extreme burstiness of Internet traffic is even increased by routing part of the traffic through a backup channel. Instead, the use of source output buffering for traffic shaping purposes proves more beneficial. In this paper, we examine the typical scenario of a static WDM network with several wavelengths between IP routers. In a simple configuration of a primary and over flow lightpath the results show that if 3% of the traffic is routed through the over flow lightpath then the packet forwarding speed in the destination router should be increased in 20% in order to obtain the same transfer delay as with the single lightpath configuration with source output buffering.