| 1. |
- Afzal, Zeeshan, 1991-, et al.
(författare)
-
Slice Distance : An Insert-Only Levenshtein Distance with a Focus on Security Applications
- 2018
-
Ingår i: Proceedings of NTMS 2018 Conference and Workshop. - New York : IEEE. - 9781538636626 - 9781538636633 ; , s. 1-5
-
Konferensbidrag (refereegranskat)abstract
- Levenshtein distance is well known for its use in comparing two strings for similarity. However, the set of considered edit operations used when comparing can be reduced in a number of situations. In such cases, the application of the generic Levenshtein distance can result in degraded detection and computational performance. Other metrics in the literature enable limiting the considered edit operations to a smaller subset. However, the possibility where a difference can only result from deleted bytes is not yet explored. To this end, we propose an insert-only variation of the Levenshtein distance to enable comparison of two strings for the case in which differences occur only because of missing bytes. The proposed distance metric is named slice distance and is formally presented and its computational complexity is discussed. We also provide a discussion of the potential security applications of the slice distance.
|
|
| 2. |
- Afzal, Zeeshan, 1991-, et al.
(författare)
-
Towards Multipath TCP Aware Security Technologies
- 2016
-
Ingår i: 2016 8th IFIP International Conference onNew Technologies, Mobility and Security (NTMS). - New York : IEEE. - 9781509029143 ; , s. 1-8
-
Konferensbidrag (refereegranskat)abstract
- Multipath TCP (MPTCP) is a proposed extension to TCP that enables a number of performance advantages that have not been offered before. While the protocol specification is close to being finalized, there still remain some unaddressed challenges regarding the deployment and security implications of the protocol. This work attempts to tackle some of these concerns by proposing and implementing MPTCP aware security services and deploying them inside a proof of concept MPTCP proxy. The aim is to enable hosts, even those without native MPTCP support, to securely benefit from the MPTCP performance advantages. Our evaluations show that the security services that are implemented enable proper intrusion detection and prevention to thwart potential attacks as well as threshold rules to prevent denial of service (DoS) attacks.
|
|
| 3. |
- Afzal, Zeeshan, 1991-, et al.
(författare)
-
Using Features of Encrypted Network Traffic to Detect Malware
- 2021
-
Ingår i: 25th Nordic Conference on Secure IT Systems, NordSec 2020. - Cham : Springer Science and Business Media Deutschland GmbH. ; , s. 37-53
-
Konferensbidrag (refereegranskat)abstract
- Encryption on the Internet is as pervasive as ever. This has protected communications and enhanced the privacy of users. Unfortunately, at the same time malware is also increasingly using encryption to hide its operation. The detection of such encrypted malware is crucial, but the traditional detection solutions assume access to payload data. To overcome this limitation, such solutions employ traffic decryption strategies that have severe drawbacks. This paper studies the usage of encryption for malicious and benign purposes using large datasets and proposes a machine learning based solution to detect malware using connection and TLS metadata without any decryption. The classification is shown to be highly accurate with high precision and recall rates by using a small number of features. Furthermore, we consider the deployment aspects of the solution and discuss different strategies to reduce the false positive rate.
|
|
| 4. |
- Afzal, Zeeshan, 1991-, et al.
(författare)
-
Using Partial Signatures in Intrusion Detection for Multipath TCP
- 2019
-
Ingår i: Secure IT-systems. - Cham, Switzerland : Springer. ; , s. 71-86
-
Konferensbidrag (refereegranskat)abstract
- Traditional security mechanisms such as signature basedintrusion detection systems (IDSs) attempt to find a perfect match of aset of signatures in network traffic. Such IDSs depend on the availabilityof a complete application data stream. With emerging protocols such asMultipath TCP (MPTCP), this precondition cannot be ensured, result-ing in false negatives and IDS evasion. On the other hand, if approximatesignature matching is used instead in an IDS, a potentially high numberof false positives make the detection impractical. In this paper, we showthat, by using a specially tailored partial signature matcher and knowl-edge about MPTCP semantics, the Snort3 IDS can be empowered withpartial signature detection. Additionally, we uncover the type of Snort3rules suitable for the task of partial matching. Experimental results withthese rules show a low false positive rate for benign traffic and highdetection coverage for attack traffic.
|
|
| 5. |
- Mandalari, Anna Maria, et al.
(författare)
-
Experience: Implications of Roaming in Europe
- 2018
-
Ingår i: MobiCom '18. Proceedings of the 24th Annual International Conference on Mobile Computing and Networking. - New York, USA : ACM Publications. - 9781450359030 ; , s. 179-189
-
Konferensbidrag (refereegranskat)abstract
- "Roam like Home" is the initiative of the European Commission (EC) to end the levy of extra charges when roaming within the European region. As a result, people are able to use data services more freely across Europe. However, the implications roaming solutions have on performance have not been carefully examined. This paper provides an in-depth characterization of the implications of international data roaming within Europe. We build a unique roaming measurement platform using 16 different mobile networks deployed in six countries across Europe. Using this platform, we measure different aspects of international roaming in 3G and 4G networks, including mobile network configuration, performance characteristics, and content discrimination. We find that operators adopt common approaches to implementing roaming, resulting in additional latency penalties of ∼60 ms or more, depending on geographical distance. Considering content accessibility, roaming poses additional constraints that leads to only minimal deviations when accessing content in the original country. However, geographical restrictions in the visited country make the picture more complicated and less intuitive.
|
|
| 6. |
|
|
| 7. |
- Rajiullah, Mohammad, 1981-, et al.
(författare)
-
Syslog Performance : Data Modeling and Transport
- 2011
-
Ingår i: Proceedings of the 3rd International Workshop on Security and Communication Networks (IWSCN 2011). - Norway : IEEE Press. ; , s. 31-37
-
Konferensbidrag (refereegranskat)abstract
- Syslog is one of the basic methods for event logging in computer networks. Log messages that are generated by syslog can be used for a number of purposes, including optimizing system performance, system auditing, and investigating malicious activities in a computer network. Considering all these attractive uses, both timeliness and reliability is needed when syslog messages are transported over a network. The unreliable transport protocol UDP was specified in the original syslog specification; later a reliable transport service based on TCP was also proposed. However, TCP is a costly alternative in terms of delay. In our previous work, we introduced the partially reliable extension of SCTP, PR-SCTP, as a transport service for syslog, trading reliability against timeliness by prioritizing syslog messages. In this work, we first model syslog data using real syslog traces from an operational network. The model is then used as input in the performance evaluation of PR-SCTP. In the experiments, real congestion is introduced in the network by running several competing flows. Although PR-SCTP clearly outperformed TCP and SCTP in our previous work, our present evaluations show that PR-SCTP performance is largely influenced by the syslog data size characteristics
|
|
| 8. |
|
|
| 9. |
- Abbas, Muhammad Tahir, et al.
(författare)
-
Energy-Saving Solutions for Cellular Internet of Things - A Survey
- 2022
-
Ingår i: IEEE Access. - IEEE : IEEE. - 2169-3536. ; 10, s. 62096-62096
-
Tidskriftsartikel (refereegranskat)abstract
- The Cellular Internet of Things (CIoT), a new paradigm, paves the way for a large-scale deployment of IoT devices. CIoT promises enhanced coverage and massive deployment of low-cost IoT devices with an expected battery life of up to 10 years. However, such a long battery life can only be achieved provided the CIoT device is configured with energy efficiency in mind. This paper conducts a comprehensive survey on energy-saving solutions in 3GPP-based CIoT networks. In comparison to current studies, the contribution of this paper is the classification and an extensive analysis of existing energy-saving solutions for CIoT, e.g., the configuration of particular parameter values and software modifications of transport- or radio-layer protocols, while also stressing key parameters impacting the energy consumption such as the frequency of data reporting, discontinuous reception cycles (DRX), and Radio Resource Control (RRC) timers. In addition, we discuss shortcomings, limitations, and possible opportunities which can be investigated in the future to reduce the energy consumption of CIoT devices.
|
|
| 10. |
- Abbas, Muhammad Tahir, et al.
(författare)
-
Guidelines for an Energy Efficient Tuning of the NB-IoT Stack
- 2020
-
Ingår i: 45th IEEE Conference on Local Computer Networks (LCN). - : IEEE Communications Society. ; , s. 60-69
-
Konferensbidrag (refereegranskat)abstract
- In this paper, we study the energy consumptionof Narrowband IoT devices. The paper suggests that key tosaving energy for NB-IoT devices is the usage of full Discontinuous Reception (DRX), including the use of connected-mode DRX (cDRX): In some cases, cDRX reduced the energy consumption over a 10-year period with as much as 50%. However, the paper also suggests that tunable parameters, such as the inactivity timer, do have a significant impact. On the basis of our findings, guidelines are provided on how to tune the NB-IoT device so that it meets the target of the 3GPP, i.e., a 5-Wh battery should last for at least 10 years. It is further evident from our results that the energy consumption is largely dependent on the intensity and burstiness of the traffic, and thus could be significantly reduced if data is sent in bursts with less intensity,irrespective of cDRX support.
|
|
