Related papers: Identifying and characterizing ZMap scans: a crypt…
The starting point of securing a network is having a concise overview of it. As networks are becoming more and more complex both in general and with the introduction of IoT technology and their topological peculiarities in particular, this…
The comparison analysis of the most popular tools to extract features from network traffic is conducted in this paper. Feature extraction plays a crucial role in Intrusion Detection Systems (IDS) because it helps to transform huge raw…
Today, smartphone devices are owned by a large portion of the population and have become a very popular platform for accessing the Internet. Smartphones provide the user with immediate access to information and services. However, they can…
This article describes a novel dataset that maps the network layer of the Invisible Internet Project (I2P). The data was collected using SWARM-I2P framework, which deployed I2P routers as a network of mapping agents that gather information…
Honeypots are decoy systems that lure attackers by presenting them with a seemingly vulnerable system. They provide an early detection mechanism as well as a method for learning how adversaries work and think. However, over the last years,…
Internet of Things devices have seen a rapid growth and popularity in recent years with many more ordinary devices gaining network capability and becoming part of the ever growing IoT network. With this exponential growth and the limitation…
The Invisible Internet Project (I2P) provides strong anonymity through garlic routing and distributed network architecture, making it attractive for legitimate privacy needs. Nevertheless, the same properties can be exploited by malicious…
DNS is a distributed, fault tolerant system that avoids a single point of failure. As such it is an integral part of the internet as we use it today and hence deemed a safe protocol which is let through firewalls and proxies with no or…
This paper proposes to develop a network phenotyping mechanism based on network resource usage analysis and identify abnormal network traffic. The network phenotyping may use different metrics in the cyber physical system (CPS), including…
Network operators and system administrators are increasingly overwhelmed with incessant cyber-security threats ranging from malicious network reconnaissance to attacks such as distributed denial of service and data breaches. A large number…
The two most spread network anomalies are port and net scan. In this work, we present and analyze the results obtained by traditional approaches for the detection of net scan and port scans. We use a simple threshold-based algorithm,…
Content scanning systems employ perceptual hashing algorithms to scan user content for illegal material, such as child pornography or terrorist recruitment flyers. Perceptual hashing algorithms help determine whether two images are visually…
Modern traffic management systems increasingly adopt hierarchical control strategies for improved efficiency and scalability, where a local traffic controller mode is chosen by a supervisory controller based on the changing large-scale…
In this paper we present a study on using novel data types to perform cyber risk quantification by estimating the likelihood of a data breach. We demonstrate that it is feasible to build a highly accurate cyber risk assessment model using…
In this article, we explored orthogonal methods to analyze malware motivated by signal and image processing. Malware samples are represented as images or signals. Image and signal-based features are extracted to characterize malware. Our…
Internet eXchange Points (IXP) are critical components of the Internet infrastructure that affect its performance, evolution, security and economics. In this work, we introduce techniques to augment the well-known traceroute tool with the…
HTTPS is quickly rising alongside the need of Internet users to benefit from security and privacy when accessing the Web, and it becomes the predominant application protocol on the Internet. This migration towards a secure Web using HTTPS…
Internet-wide scans are an important tool to evaluate the deployment of services. To enable large-scale application layer scans, a fast, stateless port scan (e.g., using ZMap) is often performed ahead of time to collect responsive targets.…
Packing is an obfuscation technique widely used by malware to hide the content and behavior of a program. Much prior research has explored how to detect whether a program is packed. This research includes a broad variety of approaches such…
The machine learning algorithm is gaining prominence in traffic identification research as it offers a way to overcome the shortcomings of port-based and deep packet inspection, especially for P2P-based Skype. However,recent studies have…