Related papers: Identifying and characterizing ZMap scans: a crypt…
Cyber security is one of the most significant technical challenges in current times. Detecting adversarial activities, prevention of theft of intellectual properties and customer data is a high priority for corporations and government…
Network Address Translation (NAT) plays an essential role in shielding devices inside an internal local area network from direct malicious accesses from the public Internet. However, recent studies show the possibilities of penetrating NAT…
With the shift to working remotely after the COVID-19 pandemic, the use of Virtual Private Networks (VPNs) around the world has nearly doubled. Therefore, measuring the traffic and security aspects of the VPN ecosystem is more important now…
Users around the world face escalating network interference such as censorship, throttling, and interception, largely driven by the commoditization and growing availability of Deep Packet Inspection (DPI) devices. Once reserved for a few…
A novel approach to analyze statistically the network traffic raw data is proposed. The huge amount of raw data of actual network traffic from the Intrusion Detection System is analyzed to determine if a traffic is a normal or harmful one.…
Network Traffic Monitoring and Analysis (NTMA) represents a key component for network management, especially to guarantee the correct operation of large-scale networks such as the Internet. As the complexity of Internet services and the…
The classification of internet traffic has become increasingly important due to the rapid growth of today's networks and applications. The number of connections and the addition of new applications in our networks causes a vast amount of…
We investigate the detection of botnet command and control (C2) hosts in massive IP traffic using machine learning methods. To this end, we use NetFlow data -- the industry standard for monitoring of IP traffic -- and ML models using two…
Network intrusion detection systems play a critical role in protecting the information infrastructure of an organization. Due to the sophistication and complexity of techniques used for the analysis they are commonly based on…
The goal of this note is to assess whether simple machine learning algorithms can be used to determine whether and how a given network has been attacked. The procedure is based on the $k$-Nearest Neighbor and the Random Forest…
Detection of malicious behavior in a large network is a challenging problem for machine learning in computer security, since it requires a model with high expressive power and scalable inference. Existing solutions struggle to achieve this…
Cryptography techniques are essential for a robust and stable security design of a system to mitigate the risk of external attacks and thus improve its efficiency. Wireless Sensor Networks (WSNs) play a pivotal role in sensing, monitoring,…
The battle for a more secure Internet is waged on many fronts, including the most basic of networking protocols. Our focus is the IPv4 Identifier (IPID), an IPv4 header field as old as the Internet with an equally long history as an…
Development of information technology, especially in the field of computer network allows the exchange of information faster and more complex and the data that is exchanged can vary. Security of data on communication in the network is a…
Cyberattacks on enterprise networks exploit complex dependencies among infrastructure, services, and applications, which challenge traditional analysis methods that focus on attack paths or network topology in isolation. In this study, we…
Image scaling is an integral part of machine learning and computer vision systems. Unfortunately, this preprocessing step is vulnerable to so-called image-scaling attacks where an attacker makes unnoticeable changes to an image so that it…
Risk assessment plays a crucial role in ensuring the security and resilience of modern computer systems. Existing methods for conducting risk assessments often suffer from tedious and time-consuming processes, making it challenging to…
In this paper, we uncover the essential features of websites that allow intelligent models to distinguish between phishing and legitimate sites. Phishing websites are those that are made with a similar user interface and a near similar…
Traffic anomalies and attacks are commonplace in today's networks and identifying them rapidly and accurately is critical for large network operators. For a statistical intrusion detection system (IDS), it is crucial to detect at the…
In the last decade, the use of fast flux technique has become established as a common practice to organise botnets in Fast Flux Service Networks (FFSNs), which are platforms able to sustain illegal online services with very high…