References of "Engel, Thomas 50001752"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailA Distance-Based Method to Detect Anomalous Attributes in Log Files
Hommes, Stefan UL; State, Radu UL; Engel, Thomas UL

in Proceedings of IEEE/IFIP NOMS 2012 (2012, April)

Dealing with large volumes of logs is like the prover- bial needle in the haystack problem. Finding relevant events that might be associated with an incident, or real time analysis of operational logs is ... [more ▼]

Dealing with large volumes of logs is like the prover- bial needle in the haystack problem. Finding relevant events that might be associated with an incident, or real time analysis of operational logs is extremely difficult when the underlying data volume is huge and when no explicit misuse model exists. While domain-specific knowledge and human expertise may be useful in analysing log data, automated approaches for detecting anomalies and track incidents are the only viable solutions when confronted with large volumes of data. In this paper we address the issue of automated log analysis and consider more specifically the case of ISP-provided firewall logs. We leverage approaches derived from statistical process control and information theory in order to track potential incidents and detect suspicious network activity. [less ▲]

Detailed reference viewed: 295 (4 UL)
Full Text
Peer Reviewed
See detailDNSSM: A large-scale Passive DNS Security Monitoring Framework
Marchal, Samuel UL; François, Jérôme UL; Wagner, Cynthia UL et al

in IEEE/IFIP Network Operations and Management Symposium (2012, April)

We present a monitoring approach and the supporting software architecture for passive DNS traffic. Monitoring DNS traffic can reveal essential network and system level activity profiles. Worm infected and ... [more ▼]

We present a monitoring approach and the supporting software architecture for passive DNS traffic. Monitoring DNS traffic can reveal essential network and system level activity profiles. Worm infected and botnet participating hosts can be identified and malicious backdoor communications can be detected. Any passive DNS monitoring solution needs to address several challenges that range from architectural approaches for dealing with large volumes of data up to specific Data Mining approaches for this purpose. We describe a framework that leverages state of the art distributed processing facilities with clustering techniques in order to detect anomalies in both online and offline DNS traffic. This framework entitled DSNSM is implemented and operational on several networks. We validate the framework against two large trace sets. [less ▲]

Detailed reference viewed: 358 (4 UL)
Full Text
Peer Reviewed
See detailInstant Degradation of Anonymity in Low-Latency Anonymisation Systems
Ries, Thorsten UL; State, Radu UL; Engel, Thomas UL

in Sadre, Ramin; Novotny, Jiri; Celeda, Pavel (Eds.) et al Dependable Networks and Services, LNCS 7279 (2012)

Detailed reference viewed: 346 (5 UL)
Full Text
See detailA Survey on the Performance of Commercial Mobile Access Networks
Frank, Raphaël UL; Forster, Markus UL; Mario, Gerla et al

Report (2012)

Detailed reference viewed: 194 (7 UL)
Full Text
See detailEvaluation of Sensors in Modern Smartphones for Vehicular Traffic Monitoring
Forster, Markus UL; Frank, Raphaël UL; Engel, Thomas UL

Report (2012)

Detailed reference viewed: 198 (5 UL)
Full Text
Peer Reviewed
See detailImproving Performance and Anonymity in the Tor Network
Panchenko, Andriy UL; Lanze, Fabian UL; Engel, Thomas UL

in Abstract book of 31st IEEE International Performance Computing and Communications Conference (IEEE IPCCC 2012) (2012)

Detailed reference viewed: 289 (13 UL)
See detailNARVAL SCILAB TOOLBOX: Network Analysis and Routing eVALuation
Melakessou, Foued UL; Engel, Thomas UL

in Abstract book of 2012 International Workshop on Scilab & OW2 (IWSO) (2012)

Network Analysis and Routing eVALuation 2.0 referenced as NARVAL has been designed on top of the Scilab environment. It has been created at the University of Luxembourg within the Interdisciplinary Centre ... [more ▼]

Network Analysis and Routing eVALuation 2.0 referenced as NARVAL has been designed on top of the Scilab environment. It has been created at the University of Luxembourg within the Interdisciplinary Centre for Security, Reliability and Trust (SnT). The Centre carries out interdisciplinary research and graduate education in secure, reliable, and trustworthy ICT systems and services. This module is focusing on the analysis of network protocols. The main goal of this toolbox is to provide a complete software environment enabling the understanding of available communication algorithms, but also the design of new schemes. NARVAL permits to generate random topologies in order to study the impact of routing algorithms on the effectiveness of transmission protocols used by data communications. The target audience includes academics, students, engineers and scientists. We put some efforts to build detailed help files. The description of each function has been carefully done in order to facilitate the end users' comprehension. The module is self-sufficient as it does not depend on other internal/external Scilab toolboxes. NARVAL is running on the current release Scilab 5.3.3. We decided to create a specific classification according to the goal of each function: NARVAL_D_* (topology Discovery), NARVAL_F_* (general Functions), NARVAL_G_* (Graph), NARVAL_IP_* (Image Processing), NARVAL_I_* ( Internet traffic), NARVAL_M_* (Mobility), NARVAL_P_* (Peer-to-Peer), NARVAL_R_* (Routing), NARVAL_S_* (Security), NARVAL_T_* (Topology generation) and NARVAL_W_* (Wireless Sensor Network). This work was carried out as part of the EU FP7 BUTLER project (http://www.iot-butler.eu). [less ▲]

Detailed reference viewed: 623 (8 UL)
Full Text
Peer Reviewed
See detailDetecting Stealthy Backdoors with Association Rule Mining
Hommes, Stefan UL; State, Radu UL; Engel, Thomas UL

in IFIP Networking 2012 (2012)

In this paper we describe a practical approach for detecting a class of backdoor communication channel that relies on port knocking in order to activate a backdoor on a remote compromised system ... [more ▼]

In this paper we describe a practical approach for detecting a class of backdoor communication channel that relies on port knocking in order to activate a backdoor on a remote compromised system. Detecting such activation sequences is extremely challenging because of varying port sequences and easily modifiable port values. Simple signature-based ap- proaches are not appropriate, whilst more advanced statistics-based test- ing will not work because of missing and incomplete data. We leverage techniques derived from the data mining community designed to detect se- quences of rare events. Simply stated, a sequence of rare events is the joint occurrence of several events, each of which is rare. We show that search- ing for port knocking sequences can be reduced to a problem of finding rare associations. We have implemented a prototype and show some ex- perimental results on its performance and underlying functioning. [less ▲]

Detailed reference viewed: 321 (7 UL)
Full Text
Peer Reviewed
See detailImproving Highway Traffic through Partial Velocity Synchronization
Forster, Markus UL; Frank, Raphaël UL; Gerla, Mario et al

in Proceedings of the IEEE Global Communications Conference 2012 (2012)

In this paper we address the problem of uncoor- dinated highway traffic. We first identify the main causes of the capacity drop, namely high traffic demand and inadequate driver reaction. In the past ... [more ▼]

In this paper we address the problem of uncoor- dinated highway traffic. We first identify the main causes of the capacity drop, namely high traffic demand and inadequate driver reaction. In the past, traffic and user behavior have been accurately described by cellular automata (CA) models. In this paper we extend the CA model to deal with highway traffic fluctuations and jams. Specifically, the model incorporates the communication layer between vehicles. The model thus enables us to study the impact of inter-vehicular communications and in particular the delivery of critical and timely upstream traffic information on driver reaction. Based on the newly-available traffic metrics, we propose an Advanced Driver Assistance System (ADAS) that suggests non-intuitive speed reduction in order to avoid the formation of so-called phantom jams. The results show that using such a system considerably increases the overall traffic flow, reduces travel time and avoids unnecessary slow-downs. [less ▲]

Detailed reference viewed: 459 (7 UL)
Full Text
Peer Reviewed
See detailTowards Collaborative Traffic Sensing using Mobile Phones
Frank, Raphaël UL; Mouton, Maximilien UL; Engel, Thomas UL

in Proceedings of the IEEE Vehicular Networking Conference 2012 (2012)

Participatory mobile sensing applications are becoming increasingly popular. The growing population of privately-held mobile smartphones enables a plethora of new services. One of the most promising ... [more ▼]

Participatory mobile sensing applications are becoming increasingly popular. The growing population of privately-held mobile smartphones enables a plethora of new services. One of the most promising application areas is collaborative traffic sensing. Here, smartphones are used as mobile sensors to collect and share relevant location information in order to reconstruct a global picture of the traffic situation in a monitored area. There are several challenges that need to be addressed in order to provide an efficient and ubiquitous service. In this talk we present how low-cost mobile smartphones can be used for such services without compromising the everyday usage of the device. We first test several sensing policies and evaluate how they affect location accuracy and battery life. We then perform a penetration rate study to identify the proportion of participants required to provide good service by varying several parameters. The outcome shows that if configured correctly, smartphones can be used as accurate mobile traffic sensors providing important information even at low penetration rates. [less ▲]

Detailed reference viewed: 280 (3 UL)
Full Text
Peer Reviewed
See detailMeasuring anonymity using network coordinate systems
Ries, Thorsten UL; State, Radu UL; Engel, Thomas UL

in International Symposium on Communications and Information Technologies (ISCIT), 2011 (2011)

Popularity and awareness of anonymisation systems increased tremendously over the past years, however only a very few systems made it from research to production. These systems usually add intermediate ... [more ▼]

Popularity and awareness of anonymisation systems increased tremendously over the past years, however only a very few systems made it from research to production. These systems usually add intermediate nodes in the communication path aiming to hide user identities. Several attacks against these systems exist, like timing attacks or exploitation of latency information. In this paper, we propose an alternative approach to disclose users of current popular anonymisation systems in practice by the means of virtual network coordinate systems, a widely accepted method for latency prediction and network optimisation. Mapping physical nodes to a n-dimensional space can reveal a geographical proximity that is used to disclose users, who expect to stay anonymous. We define a model that leverages network coordinates in order to measure quantitatively the anonymity services and evaluate it on the Planet-Lab research network. The basic idea is to analyse the relative distance between nodes and to calculate the probability of nodes being hosted in the same location. Evaluation proves that our proposed model can be used as a measure of anonymity. [less ▲]

Detailed reference viewed: 217 (2 UL)
Full Text
Peer Reviewed
See detailVerification of Data Location in Cloud Networking
Ries, Thorsten UL; Fusenig, Volker UL; Vilbois, Christian UL et al

in IEEE/ACM International Conference on Utility and Cloud Computing (2011)

Cloud computing aims to provide services and resources on a pay-as-you-use basis with additional possibilities for efficient adaptation of the required resources to the actual needs. Cloud networking ... [more ▼]

Cloud computing aims to provide services and resources on a pay-as-you-use basis with additional possibilities for efficient adaptation of the required resources to the actual needs. Cloud networking extends this approach by providing more flexibility in the placement, movement, and interconnection of these virtual resources. Depending on the use, customers however require the data to be located under a certain jurisdiction. To ensure this without the need of trusting the cloud operator, we propose a geolocation approach based on network coordinate systems and evaluate the accuracy of three prevalent systems. Even if the cloud operator uses supplemental measures like traffic relaying to hide the resource location, a high probability of location disclosure is achieved by the means of supervised classification algorithms. [less ▲]

Detailed reference viewed: 263 (1 UL)
Full Text
Peer Reviewed
See detailWebsite Fingerprinting in Onion Routing Based Anonymization Networks
Panchenko, Andriy UL; Niessen, Lukas; Zinnen, Andreas UL et al

in 18th ACM Computer and Communications Security (ACM CCS) Workshop on Privacy in the Electronic Society (WPES) (2011)

Detailed reference viewed: 301 (0 UL)
Full Text
Peer Reviewed
See detailPerformance Bound for Routing in Urban Scenarios
Frank, Raphaël UL; Giordano, Eugenio; Gerla, Mario et al

in Proceedings of the 7th Asian Internet Engineering Conference (AINTEC 2011) (2011)

In this paper we present a novel evaluation methodology for the comparison of ad hoc routing protocols in urban scenarios applied to inter-vehicular communications. We introduce a new route evaluation ... [more ▼]

In this paper we present a novel evaluation methodology for the comparison of ad hoc routing protocols in urban scenarios applied to inter-vehicular communications. We introduce a new route evaluation metric that identifies the goodness of a given route. Through analysis of subsequent mobility snapshots of the network topology, we compute an optimal route between two communicating vehicles. We compare the properties of the obtained route to the most representative routing approaches namely reactive and proactive routing. Based on this evaluation we provide a detailed discussion on the pros and cons of the different schemes when applied to urban scenarios. [less ▲]

Detailed reference viewed: 279 (2 UL)
Full Text
Peer Reviewed
See detailDetection of Abnormal Behaviour in a Surveillance Environment Using Control Charts
Hommes, Stefan UL; State, Radu UL; Zinnen, Andreas UL et al

in 8th IEEE International Conference on Advanced Video and Signal-Based Surveillance, 2011 (2011)

This paper introduces a new approach to unsupervised detection of abnormal sequences of images in video surveillance data. We leverage an online object detection method and statistical process control ... [more ▼]

This paper introduces a new approach to unsupervised detection of abnormal sequences of images in video surveillance data. We leverage an online object detection method and statistical process control techniques in order to identify suspicious sequences of events. Our method assumes a training phase in which the spatial distribution of objects is learned, followed by a chart-based tracking process. We evaluate the performance of our method on a standard dataset and have implemented a publicly available opensource prototype. [less ▲]

Detailed reference viewed: 278 (5 UL)
Full Text
Peer Reviewed
See detailLightweight Hidden Services
Panchenko, Andriy UL; Spaniol, Otto; Egners, Andre et al

in 10th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom 2011) (2011)

Hidden services (HS) are mechanisms designed to provide network services while preserving anonymity for the identity of the server. Besides protecting the identity of the server, hidden services help to ... [more ▼]

Hidden services (HS) are mechanisms designed to provide network services while preserving anonymity for the identity of the server. Besides protecting the identity of the server, hidden services help to resist censorship, are resistant against distributed DoS attacks, and allow server functionality even if the service provider does not own a public IP address. Currently, only the Tor network offers this feature in full functionality. However, the HS concept in Tor is complex and provides poor performance. According to recent studies, average contact time for a hidden service is 24s which is far beyond what an average user is willing to wait. In this paper we introduce a novel approach for hidden services that achieves similar functionality as HS in Tor but does so in a simple and lightweight way with the goal to improve performance and usability. Additionally, contrary to Tor, in our approach clients are not required to install any specific software for accessing hidden services. This increases usability of our approach. Simplicity makes our approach easier to understand for normal users, eases protocol reviews, and increases chances of having several implementations of the protocol available. Moreover, simpler solutions are easier to analyze and they are naturally less prone to implementation failures rather than complex protocols. In this paper, we describe our approach and provide performance as well as anonymity analysis of resulting properties of the protocol. [less ▲]

Detailed reference viewed: 268 (0 UL)
Full Text
Peer Reviewed
See detailComparison of Low-Latency Anonymous Communication Systems - Practical Usage and Performance
Ries, Thorsten UL; Panchenko, Andriy UL; State, Radu UL et al

in Ninth Australasian Information Security Conference (2011)

The most popular system for providing practical low-latency anonymity on the Internet is Tor. However, many other tools besides Tor exist as both free and commercial solutions. In this paper, we consider ... [more ▼]

The most popular system for providing practical low-latency anonymity on the Internet is Tor. However, many other tools besides Tor exist as both free and commercial solutions. In this paper, we consider five most popular low-latency anonymisation services that represent the current state of the art: single-hop proxies (Perfect Privacy and free proxies) and Onion Routing based solutions (Tor, I2P, and Jon-Donym). We assess their usability and rank them in regard to their anonymity. We also assess their efficiency and reliability. To this end, we define a set of metrics and present extensive measurements based on round-trip time, inter-packet delay variation and throughput. Apart from the technical realization, economic aspects are also crucial for anonymous communication systems. In order to attract more users, which is mandatory in order to improve anonymity per se, systems need to exhibit a certain payoff. We therefore define an economic model that takes all relevant aspects into consideration. In this paper, we describe the results obtained, lessons learned, and provide guidance for selecting the most appropriate system with respect to a set of requirements. [less ▲]

Detailed reference viewed: 691 (4 UL)
Full Text
Peer Reviewed
See detailAn Autonomic Testing Framework for IPv6 Configuration Protocols
Becker, Sheila UL; Abdelnur, Humberto J.; State, Radu UL et al

in Lecture Notes in Computer Science 6155 (2010)

Detailed reference viewed: 253 (4 UL)
Full Text
Peer Reviewed
See detailInteroperable Networking Applications for Emergency Services
Frank, Raphaël UL; Hourte, Benjamin; Jungels, Dan et al

in International Journal of Multimedia and Ubiquitous Engineering (2009), 4(1), 1122

Detailed reference viewed: 168 (2 UL)
Full Text
Peer Reviewed
See detailUsing Game Theory to configure P2P SIP
Becker, Sheila UL; State, Radu UL; Engel, Thomas UL

in Lecture Notes in Computer Science (2009)

Detailed reference viewed: 213 (5 UL)