Página en construcción
Dolor sit amet consect fetur adipiscing elit.
I'm Nick Durov
Quisque volutpat condimentum velit. Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos himenaeos. Nam nec ante. Sed lacinia, urna non tincidunt mattis, tortor neque adipiscing diam, a cursus ipsum ante quis turpis. Nulla facilisi. Ut fringilla. Suspendisse potenti. Nunc feugiat mi a tellus consequat imperdiet. Vestibulum sapien. Proin quam. Etiam ultrices. Suspendisse in justo eu magna luctus suscipit. Sed lectus. Integer euismod lacus luctus magna.
Curabitur sodales ligula in libero. Sed dignissim lacinia nunc. Curabitur tortor. Pellentesque nibh. Aenean quam. In scelerisque sem at dolor. Maecenas mattis. Sed convallis tristique sem. Proin ut ligula vel nunc egestas porttitor. Morbi lectus risus, iaculis vel, suscipit quis, luctus non, massa. Fusce ac turpis quis ligula lacinia aliquet. Mauris ipsum. Nulla metus metus, ullamcorper vel, tincidunt sed, euismod in, nibh.
Pub. Indexdadas
PUBLICACIONES
+
PROYECTOS INV.
+
ACCIONES INNOVACIÓN DOCENTE
+
ASIGNATURAS IMPARTIDAS
+
DIRECCIÓN TRABAJOS ALUMNOS
+
PREMIOS
Publicaciones
2024
Díaz-Verdejo, Jesús E.; Estepa Alonso, Rafael; Estepa Alonso, Antonio; Muñoz-Calle, F. J.; Madinabeitia, German
Building a large, realistic and labeled HTTP URI dataset for anomaly-based intrusion detection systems: Biblio-US17 Artículo de revista En preparación
En: Cybersecurity, En preparación, ISSN: 2523-3246.
@article{Biblio24,
title = {Building a large, realistic and labeled HTTP URI dataset for anomaly-based intrusion detection systems: Biblio-US17 },
author = {Jesús E. {Díaz-Verdejo} and {Estepa Alonso}, Rafael and {Estepa Alonso}, Antonio and F. J. Muñoz-Calle and German
Madinabeitia},
doi = {https://doi.org/10.1186/s42400‑024‑00336‑3},
issn = {2523-3246},
year = {2024},
date = {2024-12-11},
urldate = {2024-12-11},
journal = {Cybersecurity},
abstract = {This paper introduces Biblio-US17, a labeled dataset collected over 6 months from the log files of a popular public website at the University of Seville. It contains 47 million records, each including the method, uniform resource identifier (URI) and associated response code and size of every request received by the web server. Records have been classified as either normal or attack using a comprehensive semi-automated process, which involved signature-based detection, assisted inspection of URIs vocabulary, and substantial expert manual supervision. Unlike comparable datasets, this one offers a genuine real-world perspective on the normal operation of an active website, along with an unbiased proportion of actual attacks (i.e., non-synthetic). This makes it ideal for evaluating and comparing anomalybased approaches in a realistic environment. Its extensive size and duration also make it valuable for addressing challenges like data shift and insufficient training. This paper describes the collection and labeling processes, dataset structure, and most relevant properties. We also include an example of an application for assessing the performance of a simple anomaly detector. Biblio-US17, now available to the scientific community, can also be used to model the URIs used by current web servers.},
keywords = {},
pubstate = {forthcoming},
tppubtype = {article}
}
This paper introduces Biblio-US17, a labeled dataset collected over 6 months from the log files of a popular public website at the University of Seville. It contains 47 million records, each including the method, uniform resource identifier (URI) and associated response code and size of every request received by the web server. Records have been classified as either normal or attack using a comprehensive semi-automated process, which involved signature-based detection, assisted inspection of URIs vocabulary, and substantial expert manual supervision. Unlike comparable datasets, this one offers a genuine real-world perspective on the normal operation of an active website, along with an unbiased proportion of actual attacks (i.e., non-synthetic). This makes it ideal for evaluating and comparing anomalybased approaches in a realistic environment. Its extensive size and duration also make it valuable for addressing challenges like data shift and insufficient training. This paper describes the collection and labeling processes, dataset structure, and most relevant properties. We also include an example of an application for assessing the performance of a simple anomaly detector. Biblio-US17, now available to the scientific community, can also be used to model the URIs used by current web servers.
Lara, Agustín; Estepa, Antonio; Estepa, Rafael; Díaz-Verdejo, Jesús E.; Mayor, Vicente
Anomaly-based Intrusion Detection System for smart lighting Artículo de revista
En: Internet of Things, vol. 28, pp. 101427, 2024, ISSN: 2542-6605.
@article{LARA2024101427,
title = {Anomaly-based Intrusion Detection System for smart lighting},
author = {Agustín Lara and Antonio Estepa and Rafael Estepa and Jesús E. Díaz-Verdejo and Vicente Mayor},
url = {https://www.sciencedirect.com/science/article/pii/S2542660524003688},
doi = {https://doi.org/10.1016/j.iot.2024.101427},
issn = {2542-6605},
year = {2024},
date = {2024-01-01},
urldate = {2024-01-01},
journal = {Internet of Things},
volume = {28},
pages = {101427},
abstract = {Smart Lighting Systems (SLS) are essential to smart cities, offering enhanced energy efficiency and public safety. However, they are susceptible to security threats, potentially leading to safety risks and service disruptions, making the protection of this infrastructure critical. This paper presents an anomaly-based Intrusion Detection System (IDS) designed for a real-world operational SLS. As commercial deployments vary in components, protocols, and functionalities, IDSs must be tailored to the specific characteristics of each deployment to perform effectively. Our anomaly-based IDS has been defined based on the properties of the available data and the types of attacks we aim to detect, offering both explainability and low complexity. The proposed system identifies anomalies in seven features of network traffic and in the telemetry data received at the central control (O&M) server. For the latter, we designed three customized detectors to identify abnormal data points, persistent deviations in street lamp power consumption, and abnormal power value based on the time of day. Validation with real-world data and simulated attacks demonstrates the effectiveness of our approach. Network attacks (e.g., DoS, scanning) were detected by at least one of the seven flow-related anomaly detectors, while simulated data poisoning attacks and operational technology (OT) issues were detected with nearly 90% accuracy. The datasets used in this work are publicly available and may serve as reference for the design of future IDSs. While our detectors were designed specifically for our dataset, the variables examined and vulnerabilities addressed are common in most commercial SLSs.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Smart Lighting Systems (SLS) are essential to smart cities, offering enhanced energy efficiency and public safety. However, they are susceptible to security threats, potentially leading to safety risks and service disruptions, making the protection of this infrastructure critical. This paper presents an anomaly-based Intrusion Detection System (IDS) designed for a real-world operational SLS. As commercial deployments vary in components, protocols, and functionalities, IDSs must be tailored to the specific characteristics of each deployment to perform effectively. Our anomaly-based IDS has been defined based on the properties of the available data and the types of attacks we aim to detect, offering both explainability and low complexity. The proposed system identifies anomalies in seven features of network traffic and in the telemetry data received at the central control (O&M) server. For the latter, we designed three customized detectors to identify abnormal data points, persistent deviations in street lamp power consumption, and abnormal power value based on the time of day. Validation with real-world data and simulated attacks demonstrates the effectiveness of our approach. Network attacks (e.g., DoS, scanning) were detected by at least one of the seven flow-related anomaly detectors, while simulated data poisoning attacks and operational technology (OT) issues were detected with nearly 90% accuracy. The datasets used in this work are publicly available and may serve as reference for the design of future IDSs. While our detectors were designed specifically for our dataset, the variables examined and vulnerabilities addressed are common in most commercial SLSs.
Muñoz-Calle, Javier; Alonso, Rafael Estepa; Alonso, Antonio Estepa; Díaz-Verdejo, Jesús E.; Fernández, Elvira Castillo; Madinabeitia, Germán
A Flexible Multilevel System for Mitre ATT&CK Model-driven Alerts and Events Correlation in Cyberattacks Detection Artículo de revista
En: JUCS – Journal of Universal Computer Science, vol. 30, no 9, pp. 1184-1204, 2024, ISSN: 0948-695X.
@article{10.3897/jucs.131686,
title = {A Flexible Multilevel System for Mitre ATT&CK Model-driven Alerts and Events Correlation in Cyberattacks Detection},
author = {Javier Muñoz-Calle and Rafael Estepa Alonso and Antonio Estepa Alonso and Jesús E. Díaz-Verdejo and Elvira Castillo Fernández and Germán Madinabeitia},
url = {https://doi.org/10.3897/jucs.131686},
doi = {10.3897/jucs.131686},
issn = {0948-695X},
year = {2024},
date = {2024-01-01},
urldate = {2024-01-01},
journal = {JUCS - Journal of Universal Computer Science},
volume = {30},
number = {9},
pages = {1184-1204},
publisher = {Journal of Universal Computer Science},
abstract = {Network monitoring systems can struggle to detect the full sequence of actions in a multi-step cyber attack, frequently resulting in multiple alerts (some of which are false positive (FP)) and missed actions. The challenge of easing the job of security analysts by triggering a single and accurate alert per attack requires developing and evaluating advanced event correlation techniques and models that have the potential to devise relationships between the different observed events/alerts.This work introduces a flexible architecture designed for hierarchical and iterative correlation of alerts and events. Its key feature is the sequential correlation of operations targeting specific attack episodes or aspects. This architecture utilizes IDS alerts or similar cybersecurity sensors, storing events and alerts in a non-relational database. Modules designed for knowledge creation then query these stored items to generate meta-alerts, also stored in the database. This approach facilitates creating a more refined knowledge that can be built on top of existing one by creating specialized modules. For illustrative purposes, we make a case study where we use this architectural approach to explore the feasibility of monitoring the progress of attacks of increased complexity by increasing the levels of the hyperalerts defined, including a case of a multi-step attack that adheres to the ATT&CK model. Although the mapping between the observations and the model components (i.e., techniques and tactics) is challenging, we could fully monitor the progress of two attacks and up to 5 out of 6 steps of the most complex attack by building up to three specialized modules. Despite some limitations due to the sensors and attack scenarios tested, the results indicate the architecture’s potential for enhancing the detection of complex cyber attacks, offering a promising direction for future cybersecurity research.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Network monitoring systems can struggle to detect the full sequence of actions in a multi-step cyber attack, frequently resulting in multiple alerts (some of which are false positive (FP)) and missed actions. The challenge of easing the job of security analysts by triggering a single and accurate alert per attack requires developing and evaluating advanced event correlation techniques and models that have the potential to devise relationships between the different observed events/alerts.This work introduces a flexible architecture designed for hierarchical and iterative correlation of alerts and events. Its key feature is the sequential correlation of operations targeting specific attack episodes or aspects. This architecture utilizes IDS alerts or similar cybersecurity sensors, storing events and alerts in a non-relational database. Modules designed for knowledge creation then query these stored items to generate meta-alerts, also stored in the database. This approach facilitates creating a more refined knowledge that can be built on top of existing one by creating specialized modules. For illustrative purposes, we make a case study where we use this architectural approach to explore the feasibility of monitoring the progress of attacks of increased complexity by increasing the levels of the hyperalerts defined, including a case of a multi-step attack that adheres to the ATT&CK model. Although the mapping between the observations and the model components (i.e., techniques and tactics) is challenging, we could fully monitor the progress of two attacks and up to 5 out of 6 steps of the most complex attack by building up to three specialized modules. Despite some limitations due to the sensors and attack scenarios tested, the results indicate the architecture’s potential for enhancing the detection of complex cyber attacks, offering a promising direction for future cybersecurity research.
Díaz-Verdejo, Jesús E.; Estepa Alonso, Rafael; Estepa Alonso, Antonio; Muñoz-Calle, Javier; Madinabeitia, Germán
Biblio-US17: A labeled real URL dataset for anomaly-based intrusion detection systems development Proceedings Article
En: European Interdisciplinary Cybersecurity Conference (EICC 2024), pp. 217–218, 2024, ISBN: 9798400716515.
@inproceedings{Diaz-Verdejo2024b,
title = {Biblio-US17: A labeled real URL dataset for anomaly-based intrusion detection systems development},
author = {Jesús E. Díaz-Verdejo and {Estepa Alonso}, Rafael and {Estepa Alonso}, Antonio and Javier Muñoz-Calle and Germán Madinabeitia},
doi = {10.1145/3655693.3661319},
isbn = {9798400716515},
year = {2024},
date = {2024-01-01},
urldate = {2024-01-01},
booktitle = {European Interdisciplinary Cybersecurity Conference (EICC 2024)},
pages = {217–218},
abstract = {The development of anomaly-based intrusion detection systems is hindered by the scarcity of adequate datasets. An ideal dataset should contain real traffic, genuine attacks and cover a large time period that may demonstrate time shift. To be useful, the dataset must be labeled to provide accurate ground-truth, This paper presents a dataset of URLs that possesses these qualities. It can therefore be used to effectively train, test, and validate URL-based anomaly detection systems. The dataset is publicly available and contains 47M registers, including 320k attacks, and spans for 6.5 months. It is partitioned acording to two schemes to allow for time dependent and time independent experiments.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
The development of anomaly-based intrusion detection systems is hindered by the scarcity of adequate datasets. An ideal dataset should contain real traffic, genuine attacks and cover a large time period that may demonstrate time shift. To be useful, the dataset must be labeled to provide accurate ground-truth, This paper presents a dataset of URLs that possesses these qualities. It can therefore be used to effectively train, test, and validate URL-based anomaly detection systems. The dataset is publicly available and contains 47M registers, including 320k attacks, and spans for 6.5 months. It is partitioned acording to two schemes to allow for time dependent and time independent experiments.
Díaz-Verdejo, J.; Alonso, R. Estepa; Alonso, A. Estepa; Muñoz-Calle, F. J.
Impacto de la evolución temporal de datasets reales en el rendimiento de un IDS basados en anomalías: estudio experimental sobre HTTP Proceedings Article
En: XI Jornadas Nacionales de Investigación en Ciberseguridad, pp. 302–309, 2024.
@inproceedings{DiazVerdejo2024,
title = {Impacto de la evolución temporal de datasets reales en el rendimiento de un IDS basados en anomalías: estudio experimental sobre HTTP},
author = {J. Díaz-Verdejo and R. Estepa Alonso and A. Estepa Alonso and F. J. Muñoz-Calle},
year = {2024},
date = {2024-01-01},
urldate = {2024-01-01},
booktitle = {XI Jornadas Nacionales de Investigación en Ciberseguridad},
pages = {302–309},
abstract = {El desarrollo y evaluación de sistemas de detección de intrusiones basados en anomalías es de vital importancia en el contexto de la ciberseguridad, especialmente en relación a los ataques de día cero. La naturaleza altamente diamica tanto de los sistemas a proteger como de los ataques hace que la detección de anomalías resulte una tarea compleja, ya que esta evolución temporal puede afectar a las capacidades de los modelos estimados en un escenario y periodo determinados. A pesar de su importancia, este efecto ha sido explorado de forma limitada en la literatura, especialmente por la prática inexistencia de datos reales convenientemente etiquetados con la suficiente extensión temporal. En el presente trabajo evaluamos experimentalmente el impacto de la evolución temporal en un sistema para la detección de ataques basados en URL utilizando datos reales capturados en un escenario real durante un periodo de tiempo relativamente extenso. Nuestros análisis demuestran una degradación de creciente con la distancia temporal entre el entrenamiento y la evaluación. Esta degradación es debida a la combinación de la pérdida de calidad del modelo con el tiempo así como a la propia variación del comportamiento del servicio y/o ataques a lo largo del tiempo.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
El desarrollo y evaluación de sistemas de detección de intrusiones basados en anomalías es de vital importancia en el contexto de la ciberseguridad, especialmente en relación a los ataques de día cero. La naturaleza altamente diamica tanto de los sistemas a proteger como de los ataques hace que la detección de anomalías resulte una tarea compleja, ya que esta evolución temporal puede afectar a las capacidades de los modelos estimados en un escenario y periodo determinados. A pesar de su importancia, este efecto ha sido explorado de forma limitada en la literatura, especialmente por la prática inexistencia de datos reales convenientemente etiquetados con la suficiente extensión temporal. En el presente trabajo evaluamos experimentalmente el impacto de la evolución temporal en un sistema para la detección de ataques basados en URL utilizando datos reales capturados en un escenario real durante un periodo de tiempo relativamente extenso. Nuestros análisis demuestran una degradación de creciente con la distancia temporal entre el entrenamiento y la evaluación. Esta degradación es debida a la combinación de la pérdida de calidad del modelo con el tiempo así como a la propia variación del comportamiento del servicio y/o ataques a lo largo del tiempo.
Díaz-Verdejo, J.; Muñoz-Calle, J.; Alonso, R. Estepa; Alonso, A. Estepa
InspectorLog : A New Tool for Offline Attack Detection over Web Log Proceedings Article
En: Proceedings of the 21st International Conference on Security and Cryptography (SECRYPT 2024), pp. 692–697, 2024, ISBN: 9789897587092.
@inproceedings{Diaz-Verdejo2024a,
title = {InspectorLog : A New Tool for Offline Attack Detection over Web Log},
author = {J. Díaz-Verdejo and J. Muñoz-Calle and R. Estepa Alonso and A. Estepa Alonso},
doi = {10.5220/0012764000003767},
isbn = {9789897587092},
year = {2024},
date = {2024-01-01},
urldate = {2024-01-01},
booktitle = {Proceedings of the 21st International Conference on Security and Cryptography (SECRYPT 2024)},
number = {Secrypt},
pages = {692–697},
abstract = {InspectorLog is a novel tool for offline analysis of HTTP logs. The tool processes web server logs to identify attacks using diverse rule sets, focusing primarily on the URI field. It is compatible with standard rule formats from systems such as Snort, Nemesida, and ModSecurity. This paper describes InspectorLog functionalities, architecture and applications to the scientific community. We also experimentally validate InspectorLog by comparing its detection power with that of the IDS from which rules are taken. Inspector log fills a gap in available tools in cybersecurity practices in forensic analysis, dataset sanitization, and signature tuning. Future enhancements are planned to support additionalWeb Application Firewalls (WAFs), new rule types, and HTTP protocol methods, aiming to broaden its scope and utility in the ever-evolving domain of network security.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
InspectorLog is a novel tool for offline analysis of HTTP logs. The tool processes web server logs to identify attacks using diverse rule sets, focusing primarily on the URI field. It is compatible with standard rule formats from systems such as Snort, Nemesida, and ModSecurity. This paper describes InspectorLog functionalities, architecture and applications to the scientific community. We also experimentally validate InspectorLog by comparing its detection power with that of the IDS from which rules are taken. Inspector log fills a gap in available tools in cybersecurity practices in forensic analysis, dataset sanitization, and signature tuning. Future enhancements are planned to support additionalWeb Application Firewalls (WAFs), new rule types, and HTTP protocol methods, aiming to broaden its scope and utility in the ever-evolving domain of network security.
Díaz-Verdejo, Jesús; Alonso, Rafael Estepa; Alonso, Antonio Estepa; Muñoz-Calle, Javier
Insights into anomaly-based intrusion detection systems usability. A case study using real http requests Proceedings Article
En: Proc. European Interdisciplinary Cybersecurity Conference (EICC 2024), pp. 82–89, 2024, ISBN: 9798400716515.
@inproceedings{Diaz-Verdejo2024,
title = {Insights into anomaly-based intrusion detection systems usability. A case study using real http requests},
author = {Jesús Díaz-Verdejo and Rafael Estepa Alonso and Antonio Estepa Alonso and Javier Muñoz-Calle},
doi = {10.1145/3655693.3655745},
isbn = {9798400716515},
year = {2024},
date = {2024-01-01},
urldate = {2024-01-01},
booktitle = {Proc. European Interdisciplinary Cybersecurity Conference (EICC 2024)},
pages = {82–89},
abstract = {Intrusion detection systems based on anomalies (A-IDS) are crucial for detecting cyberattacks, especially zero-day attacks. Numerous A-IDS proposals in the literature report excellent performance according to established metrics and settings in a laboratory. However, finding systems implementing these proposals in real-world scenarios is challenging. This work explores, through a case study, the suitability of performance metrics commonly used in the scientific literature to real-world scenarios. Our case study will consider a Web attack detector based on URIs and a real, large-scale dataset. Our results show significant limitations in the performance metrics commonly used to select the system's operating point and its practical use in real-world scenarios.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Intrusion detection systems based on anomalies (A-IDS) are crucial for detecting cyberattacks, especially zero-day attacks. Numerous A-IDS proposals in the literature report excellent performance according to established metrics and settings in a laboratory. However, finding systems implementing these proposals in real-world scenarios is challenging. This work explores, through a case study, the suitability of performance metrics commonly used in the scientific literature to real-world scenarios. Our case study will consider a Web attack detector based on URIs and a real, large-scale dataset. Our results show significant limitations in the performance metrics commonly used to select the system's operating point and its practical use in real-world scenarios.
2023
Walabonso Lara, Agustín; Mayor, Vicente; Estepa Alonso, Rafael; Estepa Alonso, Antonio; Díaz-Verdejo, Jesús E.
Smart home anomaly-based IDS: Architecture proposal and case study Artículo de revista
En: Internet of Things, vol. 22, pp. 100773, 2023, ISSN: 2542-6605.
@article{Lara2023,
title = {Smart home anomaly-based IDS: Architecture proposal and case study},
author = { {Walabonso Lara}, Agustín and Vicente Mayor and {Estepa Alonso}, Rafael and {Estepa Alonso} , Antonio and Jesús E. {Díaz-Verdejo}},
url = {https://linkinghub.elsevier.com/retrieve/pii/S2542660523000963},
doi = {10.1016/J.IOT.2023.100773},
issn = {2542-6605},
year = {2023},
date = {2023-07-01},
urldate = {2023-07-01},
journal = {Internet of Things},
volume = {22},
pages = {100773},
publisher = {Elsevier},
abstract = {The complexity and diversity of the technologies involved in the Internet of Things (IoT) challenge the generalization of security solutions based on anomaly detection, which should fit the particularities of each context and deployment and allow for performance comparison. In this work, we provide a flexible architecture based on building blocks suited for detecting anomalies in the network traffic and the application-layer data exchanged by IoT devices in the context of Smart Home. Following this architecture, we have defined a particular Intrusion Detector System (IDS) for a case study that uses a public dataset with the electrical consumption of 21 home devices over one year. In particular, we have defined ten Indicators of Compromise (IoC) to detect network attacks and two anomaly detectors to detect false command or data injection attacks. We have also included a signature-based IDS (Snort) to extend the detection range to known attacks. We have reproduced eight network attacks (e.g., DoS, scanning) and four False Command or Data Injection attacks to test our IDS performance. The results show that all attacks were successfully detected by our IoCs and anomaly detectors with a false positive rate lower than 0.3%. Signature detection was able to detect only 4 out of 12 attacks. Our architecture and the IDS developed can be a reference for developing future IDS suited to different contexts or use cases. Given that we use a public dataset, our contribution can also serve as a baseline for comparison with new techniques that improve detection performance.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The complexity and diversity of the technologies involved in the Internet of Things (IoT) challenge the generalization of security solutions based on anomaly detection, which should fit the particularities of each context and deployment and allow for performance comparison. In this work, we provide a flexible architecture based on building blocks suited for detecting anomalies in the network traffic and the application-layer data exchanged by IoT devices in the context of Smart Home. Following this architecture, we have defined a particular Intrusion Detector System (IDS) for a case study that uses a public dataset with the electrical consumption of 21 home devices over one year. In particular, we have defined ten Indicators of Compromise (IoC) to detect network attacks and two anomaly detectors to detect false command or data injection attacks. We have also included a signature-based IDS (Snort) to extend the detection range to known attacks. We have reproduced eight network attacks (e.g., DoS, scanning) and four False Command or Data Injection attacks to test our IDS performance. The results show that all attacks were successfully detected by our IoCs and anomaly detectors with a false positive rate lower than 0.3%. Signature detection was able to detect only 4 out of 12 attacks. Our architecture and the IDS developed can be a reference for developing future IDS suited to different contexts or use cases. Given that we use a public dataset, our contribution can also serve as a baseline for comparison with new techniques that improve detection performance.
Castillo-Fernández, E.; Diaz-Verdejo, J.; Estepa Alonso, R.; Estepa Alonso, A.
Riesgos en la Smart Home: estudio experimental Proceedings Article
En: Actas de las VIII Jornadas Nacionales de Investigación en Ciberseguridad (JNIC23), pp. 375-382, 2023, ISBN: 978-84-8158-970-2.
@inproceedings{jnic23-iot,
title = {Riesgos en la Smart Home: estudio experimental},
author = {E. Castillo-Fernández and J. Diaz-Verdejo and {Estepa Alonso}, R. and {Estepa Alonso}, A.},
isbn = {978-84-8158-970-2},
year = {2023},
date = {2023-06-21},
urldate = {2023-06-21},
booktitle = {Actas de las VIII Jornadas Nacionales de Investigación en Ciberseguridad (JNIC23)},
pages = {375-382},
abstract = {En este trabajo realizamos una evaluación preliminar de los riesgos de ciberseguridad en un escenario de aplicación típico de SmartHome: una vivienda unifamiliar. Para ello se han desplegado varias tecnologías comúnmente utilizadas en este contexto y se ha monitorizado el tráfico asociado a los dispositivos y servidores SmartHome. A partir del análisis realizado se ha constatado la existencia de ataques, patrones de comunicación anómalos entre dispositivos y con servidores externos, así como vulnerabilidades asociadas a debilidades en las configuraciones de los dispositivos y los protocolos desplegados, algunos de ellos propietarios. Adicionalmente, para algunos dispositivos se ha constatado una gran dependencia de la nube, lo que facilita la indisponibilidad de algunos servicios en caso de fallos en la conexión con nube. El resultado evidencia un pobre tratamiento de la ciberseguridad por la mayoría de los operadores del sector y un riesgo en este tipo de instalaciones que puede pasar inadvertido al usuario.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
En este trabajo realizamos una evaluación preliminar de los riesgos de ciberseguridad en un escenario de aplicación típico de SmartHome: una vivienda unifamiliar. Para ello se han desplegado varias tecnologías comúnmente utilizadas en este contexto y se ha monitorizado el tráfico asociado a los dispositivos y servidores SmartHome. A partir del análisis realizado se ha constatado la existencia de ataques, patrones de comunicación anómalos entre dispositivos y con servidores externos, así como vulnerabilidades asociadas a debilidades en las configuraciones de los dispositivos y los protocolos desplegados, algunos de ellos propietarios. Adicionalmente, para algunos dispositivos se ha constatado una gran dependencia de la nube, lo que facilita la indisponibilidad de algunos servicios en caso de fallos en la conexión con nube. El resultado evidencia un pobre tratamiento de la ciberseguridad por la mayoría de los operadores del sector y un riesgo en este tipo de instalaciones que puede pasar inadvertido al usuario.
Castillo-Fernández, Elvira; Muñoz, Escolástico; Diaz-Verdejo, J.; Estepa Alonso, R; Estepa Alonso, A.
Diseño y despliegue de un laboratorio para formación e investigación en ciberseguridad Proceedings Article
En: Actas de las VIII Jornadas Nacionales de Investigación en Ciberseguridad (JNIC23) , pp. 445-452, 2023, ISBN: 978-84-8158-970-2.
@inproceedings{jnic23-cslab,
title = {Diseño y despliegue de un laboratorio para formación e investigación en ciberseguridad},
author = {Elvira Castillo-Fernández and Escolástico Muñoz and J. Diaz-Verdejo and {Estepa Alonso}, R and {Estepa Alonso}, A.},
isbn = {978-84-8158-970-2},
year = {2023},
date = {2023-06-21},
urldate = {2023-06-21},
booktitle = {Actas de las VIII Jornadas Nacionales de Investigación en Ciberseguridad (JNIC23) },
journal = {Actas de las VIII Jornadas Nacionales de Investigación en Ciberseguridad (JNIC23) - En revisión},
pages = {445-452},
abstract = {La realización de simulacros y/o experimentos para actividades de formación e investigación en ciberseguridad plantea serias dificultades prácticas por la ejecución de ataques a los sistemas que conforman la propia infraestructura. Se presentan múltiples requisitos, en ocasiones, incompatibles entre sí, como la necesidad de preservar la seguridad de los sistemas externos y de monitorización sin perder la conectividad hacia Internet, la capacidad de monitorización y adquisición de trazas de una forma segura, la flexibilidad que permita múltiples escenarios lo más realistas posible y una fácil reusabilidad del laboratorio. En el presente trabajo se propone e implementa una arquitectura para un laboratorio de ciberseguridad que presenta un equilibrio entre flexibilidad, funcionalidad, usabilidad y seguridad de las operaciones. La propuesta se basa en la división en una red de supervisión y una red de laboratorio sobre la que, mediante virtualización de bajo nivel, se pueden desarrollar los diferentes experimentos y ataques con riesgo mínimo de impacto sobre la red de supervisión. Para ello se establecen diferentes barreras, tanto físicas como lógicas, que permiten filtrar el tráfico entre ambas y la conectividad hacia Internet. Para mostrar la operación y capacidades de la arquitectura propuesta se presenta un caso de uso con un ataque multietapa que involucra diversos sistemas operativos y equipos.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
La realización de simulacros y/o experimentos para actividades de formación e investigación en ciberseguridad plantea serias dificultades prácticas por la ejecución de ataques a los sistemas que conforman la propia infraestructura. Se presentan múltiples requisitos, en ocasiones, incompatibles entre sí, como la necesidad de preservar la seguridad de los sistemas externos y de monitorización sin perder la conectividad hacia Internet, la capacidad de monitorización y adquisición de trazas de una forma segura, la flexibilidad que permita múltiples escenarios lo más realistas posible y una fácil reusabilidad del laboratorio. En el presente trabajo se propone e implementa una arquitectura para un laboratorio de ciberseguridad que presenta un equilibrio entre flexibilidad, funcionalidad, usabilidad y seguridad de las operaciones. La propuesta se basa en la división en una red de supervisión y una red de laboratorio sobre la que, mediante virtualización de bajo nivel, se pueden desarrollar los diferentes experimentos y ataques con riesgo mínimo de impacto sobre la red de supervisión. Para ello se establecen diferentes barreras, tanto físicas como lógicas, que permiten filtrar el tráfico entre ambas y la conectividad hacia Internet. Para mostrar la operación y capacidades de la arquitectura propuesta se presenta un caso de uso con un ataque multietapa que involucra diversos sistemas operativos y equipos.
Fernández, Elvira Castillo; Díaz-Verdejo, Jesús E.; Estepa Alonso, Rafael; Estepa Alonso, Antonio; Muñoz-Calle, Javier; Madinabeitia, Germán
Multistep Cyberattacks Detection using a Flexible Multilevel System for Alerts and Events Correlation Proceedings Article
En: Proc. European Interdisciplinary Cybersecurity Conference (EICC 2023), pp. 6, 2023.
@inproceedings{eicc23-attacks,
title = {Multistep Cyberattacks Detection using a Flexible Multilevel System for Alerts and Events Correlation},
author = {Elvira {Castillo Fernández} and Jesús E. {Díaz-Verdejo} and {Estepa Alonso}, Rafael and {Estepa Alonso}, Antonio and Javier {Muñoz-Calle} and Germán Madinabeitia},
doi = {10.1145/3590777.3590778},
year = {2023},
date = {2023-06-14},
urldate = {2023-06-14},
booktitle = {Proc. European Interdisciplinary Cybersecurity Conference (EICC 2023)},
pages = {6},
abstract = {Current network monitoring systems tend to generate several alerts per attack, especially in multistep attacks. However, Cybersecurity Officers (CSO) would rather receive a single alert summarizing the entire incident. Triggering a single alert per attack is a challenge that requires developing and evaluating advanced event correlation techniques and models to determine the relationships between the different observed events/alerts.
In this work, we propose a flexible architecture oriented toward the correlation and aggregation of events and alerts in a multilevel iterative approach.
In our scheme, sensors generate events and alerts that are stored in a non-relational database queried by modules that create knowledge structured as meta-alerts that are also stored in the database. These meta-alerts (also called hyperalerts) are, in turn, used iteratively to create new knowledge. This iterative approach can be used to aggregate information at multiple levels or steps in complex attack models.
Our architecture also allows the incorporation of additional sensors and the evaluation of various correlation techniques and multistage attack models. The capabilities of the system are assessed through three case studies.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Current network monitoring systems tend to generate several alerts per attack, especially in multistep attacks. However, Cybersecurity Officers (CSO) would rather receive a single alert summarizing the entire incident. Triggering a single alert per attack is a challenge that requires developing and evaluating advanced event correlation techniques and models to determine the relationships between the different observed events/alerts.
In this work, we propose a flexible architecture oriented toward the correlation and aggregation of events and alerts in a multilevel iterative approach.
In our scheme, sensors generate events and alerts that are stored in a non-relational database queried by modules that create knowledge structured as meta-alerts that are also stored in the database. These meta-alerts (also called hyperalerts) are, in turn, used iteratively to create new knowledge. This iterative approach can be used to aggregate information at multiple levels or steps in complex attack models.
Our architecture also allows the incorporation of additional sensors and the evaluation of various correlation techniques and multistage attack models. The capabilities of the system are assessed through three case studies.
In this work, we propose a flexible architecture oriented toward the correlation and aggregation of events and alerts in a multilevel iterative approach.
In our scheme, sensors generate events and alerts that are stored in a non-relational database queried by modules that create knowledge structured as meta-alerts that are also stored in the database. These meta-alerts (also called hyperalerts) are, in turn, used iteratively to create new knowledge. This iterative approach can be used to aggregate information at multiple levels or steps in complex attack models.
Our architecture also allows the incorporation of additional sensors and the evaluation of various correlation techniques and multistage attack models. The capabilities of the system are assessed through three case studies.
Lara, Agustín W.; Ternero, J. A.; Estepa Alonso, Rafael; Estepa Alonso, Antonio; Ruiz-Robles, Fernando; Díaz-Verdejo, Jesús E.
HTTP Cyberattacks Detection through Automatic Signature Generation in multi-site IoT Deployments Proceedings Article
En: Proc. European Interdisciplinary Cybersecurity Conference (EICC 2023) , pp. 6, 2023.
@inproceedings{eicc2-firmas,
title = {HTTP Cyberattacks Detection through Automatic Signature Generation in multi-site IoT Deployments},
author = {Agustín W. Lara and J.A. Ternero and {Estepa Alonso}, Rafael and {Estepa Alonso}, Antonio and Fernando Ruiz-Robles and Jesús E. Díaz-Verdejo
},
doi = {10.1145/3590777.3590788},
year = {2023},
date = {2023-06-14},
urldate = {2023-06-14},
booktitle = {Proc. European Interdisciplinary Cybersecurity Conference (EICC 2023)
},
pages = {6},
abstract = { IoT deployments often include a web-interface server for managerial purposes. Signature-based Intrusion Detection Systems are commonly used to detect HTTP attacks on these web servers. The standard signature repositories used by these defensive systems can be enhanced with new signatures generated automatically from attacks detected with anomaly detection techniques.
This work presents a scheme for generating such anomaly-based signatures from HTTP attacks in a way that avoids excessive false positives. The signatures generated are distributed to peer sites in a multi-site environment. We also present a case study based on an IoT real-life dataset collected at four different SmartLight deployments from the same organization. Our results show a notable performance improvement (from $24.1%$ to $66.7%$) when anomaly-based signatures are added to the standard default Snort ruleset and distributed to the other three sites.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
IoT deployments often include a web-interface server for managerial purposes. Signature-based Intrusion Detection Systems are commonly used to detect HTTP attacks on these web servers. The standard signature repositories used by these defensive systems can be enhanced with new signatures generated automatically from attacks detected with anomaly detection techniques.
This work presents a scheme for generating such anomaly-based signatures from HTTP attacks in a way that avoids excessive false positives. The signatures generated are distributed to peer sites in a multi-site environment. We also present a case study based on an IoT real-life dataset collected at four different SmartLight deployments from the same organization. Our results show a notable performance improvement (from $24.1%$ to $66.7%$) when anomaly-based signatures are added to the standard default Snort ruleset and distributed to the other three sites.
This work presents a scheme for generating such anomaly-based signatures from HTTP attacks in a way that avoids excessive false positives. The signatures generated are distributed to peer sites in a multi-site environment. We also present a case study based on an IoT real-life dataset collected at four different SmartLight deployments from the same organization. Our results show a notable performance improvement (from $24.1%$ to $66.7%$) when anomaly-based signatures are added to the standard default Snort ruleset and distributed to the other three sites.
Román-Martínez, Isabel; Calvillo-Arbizu, Jorge; Mayor-Gallego, Vicente J.; Madinabeitia-Luque, Germán; Estepa-Alonso, Antonio J.; Estepa-Alonso, Rafael M.
Blockchain-Based Service-Oriented Architecture for Consent Management, Access Control, and Auditing Artículo de revista
En: IEEE Access, vol. 11, pp. 12727-12741, 2023, ISSN: 2169-3536.
@article{10036374,
title = {Blockchain-Based Service-Oriented Architecture for Consent Management, Access Control, and Auditing},
author = {Isabel Román-Martínez and Jorge Calvillo-Arbizu and Vicente J. Mayor-Gallego and Germán Madinabeitia-Luque and Antonio J. Estepa-Alonso and Rafael M. Estepa-Alonso},
doi = {10.1109/ACCESS.2023.3242605},
issn = {2169-3536},
year = {2023},
date = {2023-01-01},
journal = {IEEE Access},
volume = {11},
pages = {12727-12741},
abstract = {Continuity of care requires the exchange of health information among organizations and care teams. The EU General Data Protection Regulation (GDPR) establishes that subject of care should give explicit consent to the treatment of her personal data, and organizations must obey the individual’s will. Nevertheless, few solutions focus on guaranteeing the proper execution of consents. We propose a service-oriented architecture, backed by blockchain technology, that enables: (1) tamper-proof and immutable storage of subject of care consents; (2) a fine-grained access control for protecting health data according to consents; and (3) auditing tasks for supervisory authorities (or subjects of care themselves) to assess that healthcare organizations comply with GDPR and granted consents. Standards for health information exchange and access control are adopted to guarantee interoperability. Access control events and the subject of care consents are maintained on a blockchain, providing a trusted collaboration between organizations, supervisory authorities, and individuals. A prototype of the architecture has been implemented as a proof of concept to evaluate the performance of critical components. The application of subject of care consent to control the treatment of personal health data in federated and distributed environments is a pressing concern. The experimental results show that blockchain can effectively support sharing consent and audit events among healthcare organizations, supervisory authorities, and individuals.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Continuity of care requires the exchange of health information among organizations and care teams. The EU General Data Protection Regulation (GDPR) establishes that subject of care should give explicit consent to the treatment of her personal data, and organizations must obey the individual’s will. Nevertheless, few solutions focus on guaranteeing the proper execution of consents. We propose a service-oriented architecture, backed by blockchain technology, that enables: (1) tamper-proof and immutable storage of subject of care consents; (2) a fine-grained access control for protecting health data according to consents; and (3) auditing tasks for supervisory authorities (or subjects of care themselves) to assess that healthcare organizations comply with GDPR and granted consents. Standards for health information exchange and access control are adopted to guarantee interoperability. Access control events and the subject of care consents are maintained on a blockchain, providing a trusted collaboration between organizations, supervisory authorities, and individuals. A prototype of the architecture has been implemented as a proof of concept to evaluate the performance of critical components. The application of subject of care consent to control the treatment of personal health data in federated and distributed environments is a pressing concern. The experimental results show that blockchain can effectively support sharing consent and audit events among healthcare organizations, supervisory authorities, and individuals.
Castillo-Fernández, Elvira; Díaz-Verdejo, Jesús Esteban; Alonso, Rafael María Estepa; Alonso, Antonio Estepa; Muñoz-Calle, Fco Javier
Uso practico del modelo ATT&CK para la detección de ciberataques Proceedings Article
En: Actas de las XVI Jornadas de Ingeniería Telemática – JITEL 2023, pp. 1–4, 2023, ISBN: 9783131450715.
@inproceedings{Castillo-Fernandez2023,
title = {Uso practico del modelo ATT&CK para la detección de ciberataques},
author = {Elvira Castillo-Fernández and Jesús Esteban Díaz-Verdejo and Rafael María Estepa Alonso and Antonio Estepa Alonso and Fco Javier Muñoz-Calle},
isbn = {9783131450715},
year = {2023},
date = {2023-01-01},
urldate = {2023-01-01},
booktitle = {Actas de las XVI Jornadas de Ingeniería Telemática - JITEL 2023},
pages = {1–4},
abstract = {ATT&CK establece un modelo donde se especifican las fases secuenciales de un ciberataque, así como las técnicas que suelen ser usadas en cada paso del ataque. Sería interesante incorporar este modelo en el proceso de detección de los ciberataques ya que facilitaría la correlación de las numerosas alertas generadas por los sistemas de monitorización de red. Sin embargo, la aplicación del modelo en los procesos de correlación de eventos no es inmediata, ya que no está formulado en términos de eventos observables y/o detecciones sino de acciones a realizar. En el presente trabajo exploramos y evaluamos los elementos necesarios para incorporar el modelo ATT&CK en el procesamiento de la información generada por los sistemas de monitorización de la seguridad en la red.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
ATT&CK establece un modelo donde se especifican las fases secuenciales de un ciberataque, así como las técnicas que suelen ser usadas en cada paso del ataque. Sería interesante incorporar este modelo en el proceso de detección de los ciberataques ya que facilitaría la correlación de las numerosas alertas generadas por los sistemas de monitorización de red. Sin embargo, la aplicación del modelo en los procesos de correlación de eventos no es inmediata, ya que no está formulado en términos de eventos observables y/o detecciones sino de acciones a realizar. En el presente trabajo exploramos y evaluamos los elementos necesarios para incorporar el modelo ATT&CK en el procesamiento de la información generada por los sistemas de monitorización de la seguridad en la red.
Mayor, V.; Estepa, R.; Estepa, A.
CO-CAC: A new approach to Call Admission Control for VoIP in 5G/WiFi UAV-based relay networks Artículo de revista
En: Computer Communications, vol. 197, pp. 284-293, 2023, ISSN: 01403664, (cited By 0).
@article{Mayor2023284,
title = {CO-CAC: A new approach to Call Admission Control for VoIP in 5G/WiFi UAV-based relay networks},
author = {V. Mayor and R. Estepa and A. Estepa},
url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85145556975&doi=10.1016%2fj.comcom.2022.11.006&partnerID=40&md5=8185edfcb26bb2d34ddc5fbccf38f0cb},
doi = {10.1016/j.comcom.2022.11.006},
issn = {01403664},
year = {2023},
date = {2023-01-01},
journal = {Computer Communications},
volume = {197},
pages = {284-293},
publisher = {Elsevier B.V.},
abstract = {Voice over IP (VoIP) requires a Call Admission Control (CAC) mechanism in WiFi networks to preserve VoIP packet flows from excessive network delay or packet loss. Ideally, this mechanism should be integrated with the operational scenario, guarantee the quality of service of active calls, and maximize the number of concurrent calls. This paper presents a novel CAC scheme for VoIP in the context of a WiFi access network deployed with Unmanned Aerial Vehicles (UAVs) that relay to a backhaul 5G network. Our system, named Codec-Optimization CAC (CO-CAC), is integrated into each drone. It intercepts VoIP call control messages and decides on the admission of every new call based on a prediction of the WiFi network's congestion level and the minimum quality of service desired for VoIP calls. To maximize the number of concurrent calls, CO-CAC proactively optimizes the codec settings of active calls by exchanging signaling with VoIP users. We have simulated CO-CAC in a 50m × 50m scenario with four UAVs providing VoIP service to up to 200 ground users with IEEE 802.11ac WiFi terminals. Our results show that without CAC, the number of calls that did not meet a minimum quality level during the simulation was 10% and 90%, for 50 and 200 users, respectively. However, when CO-CAC was in place, all calls achieved minimum quality for up to 90 users without rejecting any call. For 200 users, only 25% of call attempts were rejected by the admission control scheme. These results were narrowly worse when the ground users moved randomly in the scenario. © 2022 Elsevier B.V.},
note = {cited By 0},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Voice over IP (VoIP) requires a Call Admission Control (CAC) mechanism in WiFi networks to preserve VoIP packet flows from excessive network delay or packet loss. Ideally, this mechanism should be integrated with the operational scenario, guarantee the quality of service of active calls, and maximize the number of concurrent calls. This paper presents a novel CAC scheme for VoIP in the context of a WiFi access network deployed with Unmanned Aerial Vehicles (UAVs) that relay to a backhaul 5G network. Our system, named Codec-Optimization CAC (CO-CAC), is integrated into each drone. It intercepts VoIP call control messages and decides on the admission of every new call based on a prediction of the WiFi network’s congestion level and the minimum quality of service desired for VoIP calls. To maximize the number of concurrent calls, CO-CAC proactively optimizes the codec settings of active calls by exchanging signaling with VoIP users. We have simulated CO-CAC in a 50m × 50m scenario with four UAVs providing VoIP service to up to 200 ground users with IEEE 802.11ac WiFi terminals. Our results show that without CAC, the number of calls that did not meet a minimum quality level during the simulation was 10% and 90%, for 50 and 200 users, respectively. However, when CO-CAC was in place, all calls achieved minimum quality for up to 90 users without rejecting any call. For 200 users, only 25% of call attempts were rejected by the admission control scheme. These results were narrowly worse when the ground users moved randomly in the scenario. © 2022 Elsevier B.V.
Muñoz-calle, Javier; Fructuoso, Javier; Estepa, Rafael; Estepa, Antonio
Evaluación experimental de las capacidades de detección de ciberataques basados en técnicas del modelo ATT & CK mediante Snort Proceedings Article
En: Actas de las XVI Jornadas de Ingeniería Telemática – JITEL 2023, pp. 5–8, 2023.
@inproceedings{Munoz-calle2023,
title = {Evaluación experimental de las capacidades de detección de ciberataques basados en técnicas del modelo ATT & CK mediante Snort},
author = {Javier Muñoz-calle and Javier Fructuoso and Rafael Estepa and Antonio Estepa},
year = {2023},
date = {2023-01-01},
urldate = {2023-01-01},
booktitle = {Actas de las XVI Jornadas de Ingeniería Telemática - JITEL 2023},
pages = {5–8},
abstract = {ATT&CK establece un modelo donde se especifican las fases secuenciales de un ciberataque, as´ı como las t´ecnicas que suelen ser usadas en cada paso del ataque. Ser´ıa interesante incorporar este modelo en el proceso de detecci´on de los ciberataques ya que facilitar´ıa la correlaci´on de las numerosas alertas generadas por los sistemas de monitorizaci´on de red. Sin embargo, la aplicaci´on del modelo en los procesos de correlaci´on de eventos no es inmediata, ya que no est´a formulado en t´erminos de eventos observables y/o detecciones sino de acciones a realizar. En el presente trabajo exploramos y evaluamos los elementos necesarios para incorporar el modelo ATT&CK en el procesamiento de la informaci´on generada por los sistemas de monitorizaci´on de la seguridad en la red.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
ATT&CK establece un modelo donde se especifican las fases secuenciales de un ciberataque, as´ı como las t´ecnicas que suelen ser usadas en cada paso del ataque. Ser´ıa interesante incorporar este modelo en el proceso de detecci´on de los ciberataques ya que facilitar´ıa la correlaci´on de las numerosas alertas generadas por los sistemas de monitorizaci´on de red. Sin embargo, la aplicaci´on del modelo en los procesos de correlaci´on de eventos no es inmediata, ya que no est´a formulado en t´erminos de eventos observables y/o detecciones sino de acciones a realizar. En el presente trabajo exploramos y evaluamos los elementos necesarios para incorporar el modelo ATT&CK en el procesamiento de la informaci´on generada por los sistemas de monitorizaci´on de la seguridad en la red.
Díaz-Verdejo, Jesús E.; Estepa Alonso, Rafael; Estepa Alonso, Antonio; Madinabeitia, German
A critical review of the techniques used for anomaly detection of HTTP-based attacks: taxonomy, limitations and open challenges Artículo de revista
En: Computers and Security, vol. 124, pp. 102997, 2023, ISSN: 01674048.
@article{Diaz-Verdejo2023,
title = {A critical review of the techniques used for anomaly detection of HTTP-based attacks: taxonomy, limitations and open challenges},
author = {Jesús E. Díaz-Verdejo and {Estepa Alonso}, Rafael and {Estepa Alonso}, Antonio and German Madinabeitia},
doi = {10.1016/j.cose.2022.102997},
issn = {01674048},
year = {2023},
date = {2023-01-01},
urldate = {2023-01-01},
journal = {Computers and Security},
volume = {124},
pages = {102997},
abstract = {Intrusion Detection Systems (IDSs) and Web Application Firewalls (WAFs) offer a crucial layer of defense that allows organizations to detect cyberattacks on their web servers. Academic research overwhelmingly suggests using anomaly detection techniques to improve the performance of these defensive systems. However, analyzing and comparing the wide range of solutions in the scientific literature is challenging since they are typically presented as isolated (unrelated) contributions, and their results cannot be generalized. We believe that this impairs the industry's adoption of academic results and the advancement of research in this field. This paper aims to shed light on the literature on anomaly-based detection of attacks that use HTTP request messages. We define a novel framework for anomaly detection based on six data processing steps grouped into two sequential phases: preprocessing and classification. Based on this framework, we provide a taxonomy and critical review of the techniques surveyed, emphasizing their limitations and applicability. Future approaches should take advantage of the syntax and semantics of the Uniform Resource Locator (URL), be scalable, and address their obsolescence. These aspects are frequently overlooked in the literature and pose a significant challenge in the current era of web services. For better comparability, authors should use adequate public datasets, follow a thorough methodology, and use appropriate metrics that fully show the pros and cons of the approach.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Intrusion Detection Systems (IDSs) and Web Application Firewalls (WAFs) offer a crucial layer of defense that allows organizations to detect cyberattacks on their web servers. Academic research overwhelmingly suggests using anomaly detection techniques to improve the performance of these defensive systems. However, analyzing and comparing the wide range of solutions in the scientific literature is challenging since they are typically presented as isolated (unrelated) contributions, and their results cannot be generalized. We believe that this impairs the industry's adoption of academic results and the advancement of research in this field. This paper aims to shed light on the literature on anomaly-based detection of attacks that use HTTP request messages. We define a novel framework for anomaly detection based on six data processing steps grouped into two sequential phases: preprocessing and classification. Based on this framework, we provide a taxonomy and critical review of the techniques surveyed, emphasizing their limitations and applicability. Future approaches should take advantage of the syntax and semantics of the Uniform Resource Locator (URL), be scalable, and address their obsolescence. These aspects are frequently overlooked in the literature and pose a significant challenge in the current era of web services. For better comparability, authors should use adequate public datasets, follow a thorough methodology, and use appropriate metrics that fully show the pros and cons of the approach.
2022
Alonso, Antonio Estepa; Alonso, Rafael Estepa; Wideberg, Johan; Díaz-Verdejo, Jesús; Marquez, Adolfo Crespo
Smart Detection of Cyberattacks in IoT servers: Application to smart lighting and other smart city applications Proceedings Article
En: Leva, Maria Chiara; Petelli, Edoardo; Podofillini, Luca; Wilson, Simon (Ed.): European Conference on Safety and Reliability (ESREL 2022), pp. 3-4, 2022.
@inproceedings{esrel22,
title = {Smart Detection of Cyberattacks in IoT servers: Application to smart lighting and other smart city applications},
author = {Antonio {Estepa Alonso} and Rafael {Estepa Alonso} and Johan Wideberg and Jesús {Díaz-Verdejo} and Adolfo {Crespo Marquez}},
editor = {Maria {Chiara Leva} and Edoardo Petelli and Luca Podofillini and Simon Wilson},
year = {2022},
date = {2022-08-31},
urldate = {2022-08-31},
booktitle = {European Conference on Safety and Reliability (ESREL 2022)},
journal = {European Conference on Safety and Reliability (ESREL 2022)},
pages = {3-4},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Muñoz, Javier; Bueno, Felipe; Estepa, Rafael; Estepa, Antonio; Díaz-Verdejo, Jesús E.
Ataques a servidores web: estudio experimental de la capacidad de detección de algunos SIDS gratuitos Proceedings Article
En: Actas de las VII Jornadas Nacionales de Investigación en Ciberseguridad (JNIC'22), pp. 22–25, 2022, ISBN: 9878488734136.
@inproceedings{Munoz-jnic22,
title = {Ataques a servidores web: estudio experimental de la capacidad de detección de algunos SIDS gratuitos},
author = {Javier Muñoz and Felipe Bueno and Rafael Estepa and Antonio Estepa and Jesús E. Díaz-Verdejo},
isbn = {9878488734136},
year = {2022},
date = {2022-01-01},
urldate = {2022-01-01},
booktitle = {Actas de las VII Jornadas Nacionales de Investigación en Ciberseguridad (JNIC'22)},
pages = {22--25},
abstract = {Este trabajo cuantifica de forma experimental la capacidad de detección de ataques a servidores web ofrecida por algunos de los detectores de intrusiones basados en firmas (SIDS) disponibles de forma gratuita. Para ello, se ha realizado una búsqueda y selección de 28 herramientas actuales para la generación de ataques y análisis de seguridad del servicio web. Con ellas, se han realizado casi 150 ataques a dos escenarios de uso de un servidor web (una web estática y una dinámica). Las peticiones HTTP registradas durante los ataques han sido utilizadas para crear un dataset de ataques que será utilizado como entrada a tres SIDS gratuitos seleccionados por su amplio uso, de forma que se podrá determinar la capacidad de detección de los mismos frente a los ataques generados. Este trabajo se encuentra aún en desarrollo, por lo que en esta contribución se muestran los primeros resultados relativos a la recolección y selección de herramientas para la generación de los ataques, la generación del dataset de ataques de forma que sea representativo de los ataques actuales y la evaluación preliminar de las capacidades de detección.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Este trabajo cuantifica de forma experimental la capacidad de detección de ataques a servidores web ofrecida por algunos de los detectores de intrusiones basados en firmas (SIDS) disponibles de forma gratuita. Para ello, se ha realizado una búsqueda y selección de 28 herramientas actuales para la generación de ataques y análisis de seguridad del servicio web. Con ellas, se han realizado casi 150 ataques a dos escenarios de uso de un servidor web (una web estática y una dinámica). Las peticiones HTTP registradas durante los ataques han sido utilizadas para crear un dataset de ataques que será utilizado como entrada a tres SIDS gratuitos seleccionados por su amplio uso, de forma que se podrá determinar la capacidad de detección de los mismos frente a los ataques generados. Este trabajo se encuentra aún en desarrollo, por lo que en esta contribución se muestran los primeros resultados relativos a la recolección y selección de herramientas para la generación de los ataques, la generación del dataset de ataques de forma que sea representativo de los ataques actuales y la evaluación preliminar de las capacidades de detección.
Mayor, V.; Estepa, R.; Estepa, A.
QoS-Aware Multilayer UAV Deployment to Provide VoWiFi Service over 5G Networks Artículo de revista
En: Wireless Communications and Mobile Computing, vol. 2022, 2022, ISSN: 15308669, (cited By 4).
@article{Mayor2022,
title = {QoS-Aware Multilayer UAV Deployment to Provide VoWiFi Service over 5G Networks},
author = {V. Mayor and R. Estepa and A. Estepa},
url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85124381535&doi=10.1155%2f2022%2f3110572&partnerID=40&md5=c2fb1ebc948f2679dedab29b078cd4e1},
doi = {10.1155/2022/3110572},
issn = {15308669},
year = {2022},
date = {2022-01-01},
journal = {Wireless Communications and Mobile Computing},
volume = {2022},
publisher = {Hindawi Limited},
abstract = {Drones equipped with wireless network cards can provide communication services in open areas. This paper proposes a hierarchical two-layered network architecture with two types of drones according to their communication equipment: Access and Distribution. While access drones provide WiFi access to ground users, distribution drones act as WiFi-to-5G relay forwarding packets into the 5G Core Network. In this context, we formulate a novel optimization problem for the 3-D initial placement of drones to provide Voice over WiFi (VoWiFi) service to ground users. Our optimization problem finds the minimum number of drones (and their type and location) to be deployed constrained to coverage and minimum voice speech quality. We have used a well-known metaheuristic algorithm (Particle Swarm Optimization) to solve our problem, examining the results obtained for different terrain sizes (from 25m×25m to 100m×100m) and ground users (from 10 to 100). In the most demanding case, we were able to provide VoWiFi service with four distribution drones and five access drones. Our results show that the overall number of UAVs deployed grows with the terrain size (i.e., with users' sparsity) and the number of ground users. © 2022 Vicente Mayor et al.},
note = {cited By 4},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Drones equipped with wireless network cards can provide communication services in open areas. This paper proposes a hierarchical two-layered network architecture with two types of drones according to their communication equipment: Access and Distribution. While access drones provide WiFi access to ground users, distribution drones act as WiFi-to-5G relay forwarding packets into the 5G Core Network. In this context, we formulate a novel optimization problem for the 3-D initial placement of drones to provide Voice over WiFi (VoWiFi) service to ground users. Our optimization problem finds the minimum number of drones (and their type and location) to be deployed constrained to coverage and minimum voice speech quality. We have used a well-known metaheuristic algorithm (Particle Swarm Optimization) to solve our problem, examining the results obtained for different terrain sizes (from 25m×25m to 100m×100m) and ground users (from 10 to 100). In the most demanding case, we were able to provide VoWiFi service with four distribution drones and five access drones. Our results show that the overall number of UAVs deployed grows with the terrain size (i.e., with users’ sparsity) and the number of ground users. © 2022 Vicente Mayor et al.
Mayor, V.; Estepa, R.; Estepa, A.; Madinabeitia, G.
Deployment of UAV-mounted Access Points for VoWiFi Service with guaranteed QoS Artículo de revista
En: Computer Communications, vol. 193, pp. 94-108, 2022, ISSN: 01403664, (cited By 0).
@article{Mayor202294,
title = {Deployment of UAV-mounted Access Points for VoWiFi Service with guaranteed QoS},
author = {V. Mayor and R. Estepa and A. Estepa and G. Madinabeitia},
url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85133540825&doi=10.1016%2fj.comcom.2022.06.037&partnerID=40&md5=e2d77e953e2987abaffb06aca60418c5},
doi = {10.1016/j.comcom.2022.06.037},
issn = {01403664},
year = {2022},
date = {2022-01-01},
journal = {Computer Communications},
volume = {193},
pages = {94-108},
publisher = {Elsevier B.V.},
abstract = {Unmanned Aerial Vehicle (UAV) networks have emerged as a promising means to provide wireless coverage in open geographical areas. Nevertheless, in wireless networks such as WiFi, signal coverage alone is insufficient to guarantee that network performance meets the quality of service (QoS) requirements of real-time communication services, as it also depends on the traffic load produced by ground users sharing the medium access. We formulate a new problem for UAVs optimal deployment in which the QoS level is guaranteed for real-time voice over WiFi (VoWiFi) communications. More specifically, our goal is to dispatch the minimum number of UAVs possible to provide VoWiFi service to a set of ground users subject to coverage, call-blocking probability, and QoS constraints. Optimal solutions are found using well-known heuristics that include K-means clusterization and genetic algorithms. Via numerical results, we show that the WiFi standard revision (e.g. IEEE 802.11a/b/g/n/ac) in use plays an important role in both coverage and QoS performance and hence, in the number of UAVs required to provide the service. © 2022 The Author(s)},
note = {cited By 0},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Unmanned Aerial Vehicle (UAV) networks have emerged as a promising means to provide wireless coverage in open geographical areas. Nevertheless, in wireless networks such as WiFi, signal coverage alone is insufficient to guarantee that network performance meets the quality of service (QoS) requirements of real-time communication services, as it also depends on the traffic load produced by ground users sharing the medium access. We formulate a new problem for UAVs optimal deployment in which the QoS level is guaranteed for real-time voice over WiFi (VoWiFi) communications. More specifically, our goal is to dispatch the minimum number of UAVs possible to provide VoWiFi service to a set of ground users subject to coverage, call-blocking probability, and QoS constraints. Optimal solutions are found using well-known heuristics that include K-means clusterization and genetic algorithms. Via numerical results, we show that the WiFi standard revision (e.g. IEEE 802.11a/b/g/n/ac) in use plays an important role in both coverage and QoS performance and hence, in the number of UAVs required to provide the service. © 2022 The Author(s)
Díaz-Verdejo, J. E.; Muñoz-Calle, F. J.; Estepa Alonso, A.; Estepa Alonso, R.; Madinabeitia, G.
On the Detection Capabilities of Signature-Based Intrusion Detection Systems in the Context of Web Attacks Artículo de revista
En: Applied Sciences, vol. 12, no 2, pp. 852, 2022, ISSN: 20763417.
@article{Diaz-Verdejo2022,
title = {On the Detection Capabilities of Signature-Based Intrusion Detection Systems in the Context of Web Attacks},
author = {J. E. Díaz-Verdejo and F. J. Muñoz-Calle and {Estepa Alonso}, A. and {Estepa Alonso}, R. and G. Madinabeitia},
url = {https://www.mdpi.com/2076-3417/12/2/852/htm https://www.mdpi.com/2076-3417/12/2/852},
doi = {10.3390/app12020852},
issn = {20763417},
year = {2022},
date = {2022-01-01},
urldate = {2022-01-01},
journal = {Applied Sciences},
volume = {12},
number = {2},
pages = {852},
publisher = {Multidisciplinary Digital Publishing Institute},
abstract = {Signature-based Intrusion Detection Systems (SIDS) play a crucial role within the arsenal of security components of most organizations. They can find traces of known attacks in the network traffic or host events for which patterns or signatures have been pre-established. SIDS include standard packages of detection rulesets, but only those rules suited to the operational environment should be activated for optimal performance. However, some organizations might skip this tuning process and instead activate default off-the-shelf rulesets without understanding its implications and trade-offs. In this work, we help gain insight into the consequences of using predefined rulesets in the performance of SIDS. We experimentally explore the performance of three SIDS in the context of web attacks. In particular, we gauge the detection rate obtained with predefined subsets of rules for Snort, ModSecurity and Nemesida using seven attack datasets. We also determine the precision and rate of alert generated by each detector in a real-life case using a large trace from a public webserver. Results show that the maximum detection rate achieved by the SIDS under test is insufficient to protect systems effectively and is lower than expected for known attacks. Our results also indicate that the choice of predefined settings activated on each detector strongly influences its detection capability and false alarm rate. Snort and ModSecurity scored either a very poor detection rate (activating the less-sensitive predefined ruleset) or a very poor precision (activating the full ruleset). We also found that using various SIDS for a cooperative decision can improve the precision or the detection rate, but not both. Consequently, it is necessary to reflect upon the role of these open-source SIDS with default configurations as core elements for protection in the context of web attacks. Finally, we provide an efficient method for systematically determining which rules deactivate from a ruleset to significantly reduce the false alarm rate for a target operational environment. We tested our approach using Snort’s ruleset in our real-life trace, increasing the precision from 0.015 to 1 in less than 16 h of work.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Signature-based Intrusion Detection Systems (SIDS) play a crucial role within the arsenal of security components of most organizations. They can find traces of known attacks in the network traffic or host events for which patterns or signatures have been pre-established. SIDS include standard packages of detection rulesets, but only those rules suited to the operational environment should be activated for optimal performance. However, some organizations might skip this tuning process and instead activate default off-the-shelf rulesets without understanding its implications and trade-offs. In this work, we help gain insight into the consequences of using predefined rulesets in the performance of SIDS. We experimentally explore the performance of three SIDS in the context of web attacks. In particular, we gauge the detection rate obtained with predefined subsets of rules for Snort, ModSecurity and Nemesida using seven attack datasets. We also determine the precision and rate of alert generated by each detector in a real-life case using a large trace from a public webserver. Results show that the maximum detection rate achieved by the SIDS under test is insufficient to protect systems effectively and is lower than expected for known attacks. Our results also indicate that the choice of predefined settings activated on each detector strongly influences its detection capability and false alarm rate. Snort and ModSecurity scored either a very poor detection rate (activating the less-sensitive predefined ruleset) or a very poor precision (activating the full ruleset). We also found that using various SIDS for a cooperative decision can improve the precision or the detection rate, but not both. Consequently, it is necessary to reflect upon the role of these open-source SIDS with default configurations as core elements for protection in the context of web attacks. Finally, we provide an efficient method for systematically determining which rules deactivate from a ruleset to significantly reduce the false alarm rate for a target operational environment. We tested our approach using Snort’s ruleset in our real-life trace, increasing the precision from 0.015 to 1 in less than 16 h of work.
2021
Estepa, R.; Estepa, A.; Madinabeitia, G.; Garcia, E.
RPL Cross-Layer Scheme for IEEE 802.15.4 IoT Devices with Adjustable Transmit Power Artículo de revista
En: IEEE Access, vol. 9, pp. 120689-120703, 2021, ISSN: 21693536, (cited By 5).
@article{Estepa2021120689,
title = {RPL Cross-Layer Scheme for IEEE 802.15.4 IoT Devices with Adjustable Transmit Power},
author = {R. Estepa and A. Estepa and G. Madinabeitia and E. Garcia},
url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85113833413&doi=10.1109%2fACCESS.2021.3107981&partnerID=40&md5=013e007afc3cced8a0ce5eaeae0b38c6},
doi = {10.1109/ACCESS.2021.3107981},
issn = {21693536},
year = {2021},
date = {2021-01-01},
journal = {IEEE Access},
volume = {9},
pages = {120689-120703},
publisher = {Institute of Electrical and Electronics Engineers Inc.},
abstract = {We propose a novel cross-layer scheme to reduce energy consumption in wireless sensor networks composed of IEEE 802.15.4 IoT devices with adjustable transmit power. Our approach is based on the IETF's Routing Protocol for Low power and lossy networks (RPL). Nodes discover neighbors and keep fresh link statistics for each available transmit power level. Using the product of ETX and local transmit power level as a single metric, each node selects both the parent that minimizes the energy for packet transmission along the path to the root and the optimal local transmit power to be used. We have implemented our cross-layer scheme in NG-Contiki using the Z1 mote and two transmit power levels (55mW and 31mW). Simulations of a network of 15 motes show that (on average) 66% of nodes selected the low-power setting in a 25m times25textm area. As a result, we obtained an average reduction of 25% of the energy spent on transmission and reception of packets compared to the standard RPL settings where all nodes use the same transmit power level. In large scenarios (e.g., 150m times150textm and 40-100 motes), our approach provides better results in dense networks where reducing the transmit power of nodes does not translate into longer paths to the root nor degraded quality of service. © 2013 IEEE.},
note = {cited By 5},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
We propose a novel cross-layer scheme to reduce energy consumption in wireless sensor networks composed of IEEE 802.15.4 IoT devices with adjustable transmit power. Our approach is based on the IETF’s Routing Protocol for Low power and lossy networks (RPL). Nodes discover neighbors and keep fresh link statistics for each available transmit power level. Using the product of ETX and local transmit power level as a single metric, each node selects both the parent that minimizes the energy for packet transmission along the path to the root and the optimal local transmit power to be used. We have implemented our cross-layer scheme in NG-Contiki using the Z1 mote and two transmit power levels (55mW and 31mW). Simulations of a network of 15 motes show that (on average) 66% of nodes selected the low-power setting in a 25m times25textm area. As a result, we obtained an average reduction of 25% of the energy spent on transmission and reception of packets compared to the standard RPL settings where all nodes use the same transmit power level. In large scenarios (e.g., 150m times150textm and 40-100 motes), our approach provides better results in dense networks where reducing the transmit power of nodes does not translate into longer paths to the root nor degraded quality of service. © 2013 IEEE.
Diaz-Verdejo, J.; Muñoz, F. J.; Alonso, R. Estepa; Alonso, A. Estepa; Madinabeitia, G.
Sobre las capacidades de detección de los IDS basados en firmas Proceedings Article
En: Serrano, Manuel A.; Fernández-Medina, Eduardo; Alcaraz, Cristina; Castro, Noemí; Calvo, Guillermo (Ed.): Actas de las VI Jornadas Nacionales de Investigación en Ciberseguridad, pp. 55–64, Ediciones de la Universidad de Castilla-La Mancha, 2021, ISBN: 9788490444634.
@inproceedings{diaz-verdejo-jnic21,
title = {Sobre las capacidades de detección de los IDS basados en firmas},
author = {J. Diaz-Verdejo and F. J. Muñoz and R. Estepa Alonso and A. Estepa Alonso and G. Madinabeitia},
editor = {Manuel A. Serrano and Eduardo Fernández-Medina and Cristina Alcaraz and Noemí Castro and Guillermo Calvo},
url = {https://ruidera.uclm.es/xmlui/handle/10578/28597},
doi = {10.18239/jornadas_2021.34.00},
isbn = {9788490444634},
year = {2021},
date = {2021-01-01},
urldate = {2021-01-01},
booktitle = {Actas de las VI Jornadas Nacionales de Investigación en Ciberseguridad},
pages = {55--64},
publisher = {Ediciones de la Universidad de Castilla-La Mancha},
series = {Colección Jornadas y Congresos},
abstract = {Los sistemas de detección de intrusiones (IDS) pueden detectar actividades maliciosas y generar alertas a supervisar, por lo que constituyen el n´ ucleo de los sistemas de monitorización de la seguridad de las redes. Tradicionalmente, se ha asumido que los IDS basados en firmas (SIDS) ofrecen una capacidad de detección y tasa de falsos positivos adecuadas, presentando limitaciones sólo en la detección de ataques 0-day. Sin embargo, estas capacidades están inequívocamente asociadas a la calidad de las firmas disponibles, que varían no sólo en el tiempo sino con la herramienta concreta utilizada. En este trabajo se exploran las capacidades de diversos sistemas SIDS ampliamente utilizados en un escenario real en el contexto de servicios web. Asimismo, se analiza la evolución de sus prestaciones a lo largo del tiempo considerando la actualización de las firmas. Los resultados de nuestras pruebas evidencian una gran variabilidad en las prestaciones en función de la herramienta seleccionada, así como una deficiente cobertura de ataques conocidos, incluso cuando se optimizan las reglas para ajustarse al sistema a proteger. Consecuentemente, es necesario revisar el papel de los SIDS como elementos de protección, ya que pueden proporcionar una falsa sensación de seguridad.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Los sistemas de detección de intrusiones (IDS) pueden detectar actividades maliciosas y generar alertas a supervisar, por lo que constituyen el n´ ucleo de los sistemas de monitorización de la seguridad de las redes. Tradicionalmente, se ha asumido que los IDS basados en firmas (SIDS) ofrecen una capacidad de detección y tasa de falsos positivos adecuadas, presentando limitaciones sólo en la detección de ataques 0-day. Sin embargo, estas capacidades están inequívocamente asociadas a la calidad de las firmas disponibles, que varían no sólo en el tiempo sino con la herramienta concreta utilizada. En este trabajo se exploran las capacidades de diversos sistemas SIDS ampliamente utilizados en un escenario real en el contexto de servicios web. Asimismo, se analiza la evolución de sus prestaciones a lo largo del tiempo considerando la actualización de las firmas. Los resultados de nuestras pruebas evidencian una gran variabilidad en las prestaciones en función de la herramienta seleccionada, así como una deficiente cobertura de ataques conocidos, incluso cuando se optimizan las reglas para ajustarse al sistema a proteger. Consecuentemente, es necesario revisar el papel de los SIDS como elementos de protección, ya que pueden proporcionar una falsa sensación de seguridad.
Román, Isabel; Madinabeitia, Germán; Estepa, Rafael; Díaz-Verdejo, Jesús; Estepa, Antonio; González-Sánchez, José Luis; Prieto, Felipe Lemuz
Aplicación de control de acceso y técnicas de Blockchain para el control de datos genéticos Proceedings Article
En: Actas de las VI Jornadas Nacionales de Investigación en Ciberseguridad, pp. 293–299, 2021, ISBN: 9788490444634.
@inproceedings{Roman2021,
title = {Aplicación de control de acceso y técnicas de Blockchain para el control de datos genéticos},
author = {Isabel Román and Germán Madinabeitia and Rafael Estepa and Jesús Díaz-Verdejo and Antonio Estepa and José Luis González-Sánchez and Felipe Lemuz Prieto},
url = {https://ruidera.uclm.es/xmlui/handle/10578/28677},
doi = {10.18239/jornadas_2021.34.67},
isbn = {9788490444634},
year = {2021},
date = {2021-01-01},
booktitle = {Actas de las VI Jornadas Nacionales de Investigación en Ciberseguridad},
pages = {293--299},
abstract = {Este trabajo presenta una solución al reto de mejorar la trazabilidad del acceso a información genética almacenada en una aplicación propietaria a trav´es del uso de blockchain. Para ello se realizan tres acciones: (a) se normaliza la estructura y acceso a los datos conforme al estándar sanitario FHIR; (b) se dise ña una arquitectura normalizada de control de acceso a los datos en la que el paciente puede administrar las políticas de acceso a sus datos clínicos compatible con el RGDP; (c) se securiza mediante blockchain la trazabilidad del acceso a los datos. Los resultados de las tres acciones anteriores se integran en un demostrador o una aplicación piloto que tiene las siguientes características: (a) arquitectura SOA con interfaces normalizados de acceso que siguen el estándar FHIR; (b) cuenta con sistema distribuido de control de acceso de grano fino que sigue el estándard XACML/SAML; (c) utiliza blockchain de forma que se garantice la trazabilidad y la integridad de los registros de acceso al sistema.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Este trabajo presenta una solución al reto de mejorar la trazabilidad del acceso a información genética almacenada en una aplicación propietaria a trav´es del uso de blockchain. Para ello se realizan tres acciones: (a) se normaliza la estructura y acceso a los datos conforme al estándar sanitario FHIR; (b) se dise ña una arquitectura normalizada de control de acceso a los datos en la que el paciente puede administrar las políticas de acceso a sus datos clínicos compatible con el RGDP; (c) se securiza mediante blockchain la trazabilidad del acceso a los datos. Los resultados de las tres acciones anteriores se integran en un demostrador o una aplicación piloto que tiene las siguientes características: (a) arquitectura SOA con interfaces normalizados de acceso que siguen el estándar FHIR; (b) cuenta con sistema distribuido de control de acceso de grano fino que sigue el estándard XACML/SAML; (c) utiliza blockchain de forma que se garantice la trazabilidad y la integridad de los registros de acceso al sistema.
Estepa, Rafael; Estepa, Antonio; Díaz-Verdejo, Jesús; Lara, Agustín W; Madinabeitia, Germán; Sánchez, José A. Morales
Diseño de un IDS basado en anomalías para IoT: caso de estudio en SmartCities Proceedings Article
En: Actas de las VI Jornadas Nacionales de Investigación en Ciberseguridad, pp. 135–138, 2021.
@inproceedings{Estepa-jnic2021,
title = {Diseño de un IDS basado en anomalías para IoT: caso de estudio en SmartCities},
author = {Rafael Estepa and Antonio Estepa and Jesús Díaz-Verdejo and Agustín W Lara and Germán Madinabeitia and José A. Morales Sánchez},
url = {https://ruidera.uclm.es/xmlui/handle/10578/28638},
doi = {10.18239/jornadas_2021.34.30},
year = {2021},
date = {2021-01-01},
urldate = {2021-01-01},
booktitle = {Actas de las VI Jornadas Nacionales de Investigación en Ciberseguridad},
pages = {135--138},
abstract = {Los sistemas de Smart-City constituyen un campo específico en el IoT. Las soluciones de ciberseguridad IT tradicionales son excesivamente genéricas y poco eficientes para este tipo de instalaciones con escasos recursos computacionales y de coste limitado. Por ello, en conjunción con una empresa del sector, se está desarrollando un proyecto para la detección de incidentes de seguridad de un sistema de Iluminación Inteligente. En este artículo se describen los resultados iniciales del proyecto.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Los sistemas de Smart-City constituyen un campo específico en el IoT. Las soluciones de ciberseguridad IT tradicionales son excesivamente genéricas y poco eficientes para este tipo de instalaciones con escasos recursos computacionales y de coste limitado. Por ello, en conjunción con una empresa del sector, se está desarrollando un proyecto para la detección de incidentes de seguridad de un sistema de Iluminación Inteligente. En este artículo se describen los resultados iniciales del proyecto.
2020
Díaz-Verdejo, Jesús E.; Estepa, Antonio; Estepa, Rafael; Madinabeitia, German; Muñoz-Calle, Fco Javier
A methodology for conducting efficient sanitization of HTTP training datasets Artículo de revista
En: Future Generation Computer Systems, vol. 109, pp. 67–82, 2020, ISSN: 0167739X.
@article{Diaz-Verdejo2020,
title = {A methodology for conducting efficient sanitization of HTTP training datasets},
author = {Jesús E. Díaz-Verdejo and Antonio Estepa and Rafael Estepa and German Madinabeitia and Fco Javier Muñoz-Calle},
url = {https://linkinghub.elsevier.com/retrieve/pii/S0167739X19322629},
doi = {10.1016/j.future.2020.03.033},
issn = {0167739X},
year = {2020},
date = {2020-08-01},
urldate = {2020-08-01},
journal = {Future Generation Computer Systems},
volume = {109},
pages = {67--82},
publisher = {Elsevier B.V.},
abstract = {The performance of anomaly-based intrusion detection systems depends on the quality of the datasets used to form normal activity profiles. Suitable datasets should include high volumes of real-life data free from attack instances. On account of this requirement, obtaining quality datasets from collected data requires a process of data sanitization that may be prohibitive if done manually, or uncertain if fully automated. In this work, we propose a sanitization approach for obtaining datasets from HTTP traces suited for training, testing, or validating anomaly-based attack detectors. Our methodology has two sequential phases. In the first phase, we clean known attacks from data using a pattern-based approach that relies on tools that detect URI-based known attacks. In the second phase, we complement the result of the first phase by conducting assisted manual labeling systematically and efficiently, setting the focus of expert examination not on the raw data (which would be millions of URIs), but on the set of words that compose the URIs. This dramatically downsizes the volume of data that requires expert discernment, making manual sanitization of large datasets feasible. We have applied our method to sanitize a trace that includes 45 million requests received by the library web server of the University of Seville. We were able to generate clean datasets in less than 84 h with only 33 h of manual supervision. We have also applied our method to some public benchmark datasets, confirming that attacks unnoticed by signature-based detectors can be discovered in a reduced time span.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The performance of anomaly-based intrusion detection systems depends on the quality of the datasets used to form normal activity profiles. Suitable datasets should include high volumes of real-life data free from attack instances. On account of this requirement, obtaining quality datasets from collected data requires a process of data sanitization that may be prohibitive if done manually, or uncertain if fully automated. In this work, we propose a sanitization approach for obtaining datasets from HTTP traces suited for training, testing, or validating anomaly-based attack detectors. Our methodology has two sequential phases. In the first phase, we clean known attacks from data using a pattern-based approach that relies on tools that detect URI-based known attacks. In the second phase, we complement the result of the first phase by conducting assisted manual labeling systematically and efficiently, setting the focus of expert examination not on the raw data (which would be millions of URIs), but on the set of words that compose the URIs. This dramatically downsizes the volume of data that requires expert discernment, making manual sanitization of large datasets feasible. We have applied our method to sanitize a trace that includes 45 million requests received by the library web server of the University of Seville. We were able to generate clean datasets in less than 84 h with only 33 h of manual supervision. We have also applied our method to some public benchmark datasets, confirming that attacks unnoticed by signature-based detectors can be discovered in a reduced time span.
Mayor, V.; Estepa, R.; Estepa, A.; Madinabeitia, G.
Energy-efficient uavs deployment for qos-guaranteed vowifi service Artículo de revista
En: Sensors (Switzerland), vol. 20, no 16, pp. 1-32, 2020, ISSN: 14248220, (cited By 8).
@article{Mayor20201,
title = {Energy-efficient uavs deployment for qos-guaranteed vowifi service},
author = {V. Mayor and R. Estepa and A. Estepa and G. Madinabeitia},
url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85089348929&doi=10.3390%2fs20164455&partnerID=40&md5=e3dcfd4e62d8b2180e9fdfe7b936b6c0},
doi = {10.3390/s20164455},
issn = {14248220},
year = {2020},
date = {2020-01-01},
journal = {Sensors (Switzerland)},
volume = {20},
number = {16},
pages = {1-32},
publisher = {MDPI AG},
abstract = {This paper formulates a new problem for the optimal placement of Unmanned Aerial Vehicles (UAVs) geared towards wireless coverage provision for Voice over WiFi (VoWiFi) service to a set of ground users confined in an open area. Our objective function is constrained by coverage and by VoIP speech quality and minimizes the ratio between the number of UAVs deployed and energy efficiency in UAVs, hence providing the layout that requires fewer UAVs per hour of service. Solutions provide the number and position of UAVs to be deployed, and are found using well-known heuristic search methods such as genetic algorithms (used for the initial deployment of UAVs), or particle swarm optimization (used for the periodical update of the positions). We examine two communication services: (a) one bidirectional VoWiFi channel per user; (b) single broadcast VoWiFi channel for announcements. For these services, we study the results obtained for an increasing number of users confined in a small area of 100 m2 as well as in a large area of 10,000 m2 . Results show that the drone turnover rate is related to both users’ sparsity and the number of users served by each UAV. For the unicast service, the ratio of UAVs per hour of service tends to increase with user sparsity and the power of radio communication represents 14–16% of the total UAV energy consumption depending on ground user density. In large areas, solutions tend to locate UAVs at higher altitudes seeking increased coverage, which increases energy consumption due to hovering. However, in the VoWiFi broadcast communication service, the traffic is scarce, and solutions are mostly constrained only by coverage. This results in fewer UAVs deployed, less total power consumption (between 20% and 75%), and less sensitivity to the number of served users. © 2020 by the authors. Licensee MDPI, Basel, Switzerland.},
note = {cited By 8},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
This paper formulates a new problem for the optimal placement of Unmanned Aerial Vehicles (UAVs) geared towards wireless coverage provision for Voice over WiFi (VoWiFi) service to a set of ground users confined in an open area. Our objective function is constrained by coverage and by VoIP speech quality and minimizes the ratio between the number of UAVs deployed and energy efficiency in UAVs, hence providing the layout that requires fewer UAVs per hour of service. Solutions provide the number and position of UAVs to be deployed, and are found using well-known heuristic search methods such as genetic algorithms (used for the initial deployment of UAVs), or particle swarm optimization (used for the periodical update of the positions). We examine two communication services: (a) one bidirectional VoWiFi channel per user; (b) single broadcast VoWiFi channel for announcements. For these services, we study the results obtained for an increasing number of users confined in a small area of 100 m2 as well as in a large area of 10,000 m2 . Results show that the drone turnover rate is related to both users’ sparsity and the number of users served by each UAV. For the unicast service, the ratio of UAVs per hour of service tends to increase with user sparsity and the power of radio communication represents 14–16% of the total UAV energy consumption depending on ground user density. In large areas, solutions tend to locate UAVs at higher altitudes seeking increased coverage, which increases energy consumption due to hovering. However, in the VoWiFi broadcast communication service, the traffic is scarce, and solutions are mostly constrained only by coverage. This results in fewer UAVs deployed, less total power consumption (between 20% and 75%), and less sensitivity to the number of served users. © 2020 by the authors. Licensee MDPI, Basel, Switzerland.
Mayor, V.; Estepa, R.; Estepa, A.; Madinabeitia, G.
Unified call admission control in corporate domains Artículo de revista
En: Computer Communications, vol. 150, pp. 589-602, 2020, ISSN: 01403664, (cited By 4).
@article{Mayor2020589,
title = {Unified call admission control in corporate domains},
author = {V. Mayor and R. Estepa and A. Estepa and G. Madinabeitia},
url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85076849304&doi=10.1016%2fj.comcom.2019.11.041&partnerID=40&md5=5af7826dafc22674ad6e1d5dd0e20f57},
doi = {10.1016/j.comcom.2019.11.041},
issn = {01403664},
year = {2020},
date = {2020-01-01},
journal = {Computer Communications},
volume = {150},
pages = {589-602},
publisher = {Elsevier B.V.},
abstract = {Call Admission Control is a central mechanism for assurance of quality of service in telephony. While CAC is integrated into Public Switched Telephony Network (PSTN), its application to voice over IP in a corporate environment is challenging not only due to the heterogeneity of technologies, but also because of the difficulty of implementation into commercial VoIP terminals or Access Points. We present a novel framework that unifies call admission control for VoIP telephony corporate users despite their access network (i.e., WiFi or Ethernet) under a single corporate management domain. Our Unified CAC (U-CAC) system can be implemented in a VoIP Gateway/Proxy and uses only standard protocols already present in commercial off-the-shelf devices, avoiding the need to modify the firmware of existing APs or VoIP terminals. We define two variants of the decision algorithm: basic and advanced. In the basic mode of operation, the admission of new calls is based on the availability of spare circuits and the impact of the new call in the speech quality of VoWiFi calls in progress. In the advanced mode of operation, the traffic load in affected APs is proactively reduced by reconfiguring ongoing calls before rejecting the new call. Simulation results show that the number of simultaneous VoWiFi calls under guaranteed quality increases with our unified call admission control scheme. When using the advanced mode of operation, the number of simultaneous calls under guaranteed quality can be doubled when compared to the standard mode of operation. © 2019 Elsevier B.V.},
note = {cited By 4},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Call Admission Control is a central mechanism for assurance of quality of service in telephony. While CAC is integrated into Public Switched Telephony Network (PSTN), its application to voice over IP in a corporate environment is challenging not only due to the heterogeneity of technologies, but also because of the difficulty of implementation into commercial VoIP terminals or Access Points. We present a novel framework that unifies call admission control for VoIP telephony corporate users despite their access network (i.e., WiFi or Ethernet) under a single corporate management domain. Our Unified CAC (U-CAC) system can be implemented in a VoIP Gateway/Proxy and uses only standard protocols already present in commercial off-the-shelf devices, avoiding the need to modify the firmware of existing APs or VoIP terminals. We define two variants of the decision algorithm: basic and advanced. In the basic mode of operation, the admission of new calls is based on the availability of spare circuits and the impact of the new call in the speech quality of VoWiFi calls in progress. In the advanced mode of operation, the traffic load in affected APs is proactively reduced by reconfiguring ongoing calls before rejecting the new call. Simulation results show that the number of simultaneous VoWiFi calls under guaranteed quality increases with our unified call admission control scheme. When using the advanced mode of operation, the number of simultaneous calls under guaranteed quality can be doubled when compared to the standard mode of operation. © 2019 Elsevier B.V.
2019
Alonso, Antonio J. Estepa; Díaz-Verdejo, Jesús E.; Ramírez, Estefanía Osma; Alonso, Rafael M. Estepa; Luque, Germán Madinabeitia; Romero, Agustín W. Lara
Ciberseguridad en entornos de generación eléctrica en parques renovables. Resumen extendido Proceedings Article
En: Actas de las V Jornadas Nacionales de Investigación en Ciberseguridad, pp. 334–335, 2019, ISBN: 978-84-09-12121-2.
@inproceedings{Alonso2019,
title = {Ciberseguridad en entornos de generación eléctrica en parques renovables. Resumen extendido},
author = {Antonio J. Estepa Alonso and Jesús E. Díaz-Verdejo and Estefanía Osma Ramírez and Rafael M. Estepa Alonso and Germán Madinabeitia Luque and Agustín W. Lara Romero},
isbn = {978-84-09-12121-2},
year = {2019},
date = {2019-01-01},
booktitle = {Actas de las V Jornadas Nacionales de Investigación en Ciberseguridad},
pages = {334--335},
abstract = {Este documento presenta un proyecto en curso en el marco de ciberseguridad en entornos industriales de generación eléctrica. Por limitaciones de espacio y por motivos de confidencialidad, tan sólo se describirá el contexto de este proyecto, el alcance esperado y los requisitos que debe cumplir la solución de ciberseguridad. Por último se realiza una breve introducción al diseño inicial de la solución propuesta siguiendo la aproximación de Mínimo Producto Viable. Dicha solución se basa en la definición de Indicadores de Compromiso IoC para la detección anomalías y vulnerabilidades en la planta.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Este documento presenta un proyecto en curso en el marco de ciberseguridad en entornos industriales de generación eléctrica. Por limitaciones de espacio y por motivos de confidencialidad, tan sólo se describirá el contexto de este proyecto, el alcance esperado y los requisitos que debe cumplir la solución de ciberseguridad. Por último se realiza una breve introducción al diseño inicial de la solución propuesta siguiendo la aproximación de Mínimo Producto Viable. Dicha solución se basa en la definición de Indicadores de Compromiso IoC para la detección anomalías y vulnerabilidades en la planta.
Díaz-Verdejo, Jesús; Alonso, Rafael Estepa; Alonso, Antonio Estepa; Madinabeitia, Germán
Metodología supervisada para la obtención de trazas limpias del servicio HTTP Proceedings Article
En: Actas de las V Jornadas Nacionales de Investigación en Ciberseguridad, pp. 78–85, 2019.
@inproceedings{Diaz-verdejo2019,
title = {Metodología supervisada para la obtención de trazas limpias del servicio HTTP},
author = {Jesús Díaz-Verdejo and Rafael Estepa Alonso and Antonio Estepa Alonso and Germán Madinabeitia},
year = {2019},
date = {2019-01-01},
booktitle = {Actas de las V Jornadas Nacionales de Investigación en Ciberseguridad},
pages = {78--85},
abstract = {Disponer de datos adecuados para el entrenamiento, evaluación y validación de sistemas de detección de intrusos basados en anomalías representa un problema de índole práctica relevante. Las características requeridas para los datos plantean una serie de retos contrapuestos entre los que destaca la necesidad de disponer de un volumen significativo de datos reales que no contenga instancias de ataques. Esto implica un proceso de limpieza y supervisión que puede resultar muy costoso si se realiza manualmente. En este trabajo planteamos una metodología para automatizar en lo posible la adquisición y acondicionamiento de trazas del servicio HTTP para la detección de ataques basada en URI. Esta metodología se aplica con buenos resultados sobre una traza real como caso de estudio.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Disponer de datos adecuados para el entrenamiento, evaluación y validación de sistemas de detección de intrusos basados en anomalías representa un problema de índole práctica relevante. Las características requeridas para los datos plantean una serie de retos contrapuestos entre los que destaca la necesidad de disponer de un volumen significativo de datos reales que no contenga instancias de ataques. Esto implica un proceso de limpieza y supervisión que puede resultar muy costoso si se realiza manualmente. En este trabajo planteamos una metodología para automatizar en lo posible la adquisición y acondicionamiento de trazas del servicio HTTP para la detección de ataques basada en URI. Esta metodología se aplica con buenos resultados sobre una traza real como caso de estudio.
Estepa, A.; Estepa, R.; Madinabeitia, G.; Vozmediano, J.
Designing Cost-Effective Reliable Networks from a Risk Analysis Perspective: A Case Study for a Hospital Campus Artículo de revista
En: IEEE Access, vol. 7, pp. 120411-120423, 2019, ISSN: 21693536, (cited By 0).
@article{Estepa2019120411,
title = {Designing Cost-Effective Reliable Networks from a Risk Analysis Perspective: A Case Study for a Hospital Campus},
author = {A. Estepa and R. Estepa and G. Madinabeitia and J. Vozmediano},
url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85097341585&doi=10.1109%2fACCESS.2019.2937449&partnerID=40&md5=4894eb6b5897d4f7e9e02d45d51ce3be},
doi = {10.1109/ACCESS.2019.2937449},
issn = {21693536},
year = {2019},
date = {2019-01-01},
journal = {IEEE Access},
volume = {7},
pages = {120411-120423},
publisher = {Institute of Electrical and Electronics Engineers Inc.},
abstract = {The unavailability of information and communication services due to network-related incidents may have a significant impact on large organizations. Network incidents can hence be viewed as a risk for organizations whose consequences are not accounted for by traditional network design problems. In this work, we address the problem of designing a reliable wired network from a risk analysis perspective. We propose a novel methodology for the quantitative assessment of the risk associated with network-related incidents in a hospital campus. We then define an optimization problem to find the topology that minimizes the network cost plus the expected loss over time attributable to the unavailability of corporate services to staff affected by network incidents. A case study illustrates our methodology and its benefits. Using available public information, we design the topology of a campus network for a large hospital where the cost of labor exceeds 200M€/year. The solution to our optimization problem is found through well-known genetic algorithms and provides a topology where network nodes with a higher impact on productivity exhibit higher reliability. As a consequence, the topology obtained reduces more than 95% (+392 000€) the expected annual lost profits when compared to common reduced-cost topologies such as the minimum-cost ring or the non-reliable minimum-cost tree, showing that investment in risk reduction pays off. Our contribution may be used by engineers to (re)design cost-effective reliable networks or by hospital managers to support decisions on updating present infrastructure based on risk reduction. © 2013 IEEE.},
note = {cited By 0},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The unavailability of information and communication services due to network-related incidents may have a significant impact on large organizations. Network incidents can hence be viewed as a risk for organizations whose consequences are not accounted for by traditional network design problems. In this work, we address the problem of designing a reliable wired network from a risk analysis perspective. We propose a novel methodology for the quantitative assessment of the risk associated with network-related incidents in a hospital campus. We then define an optimization problem to find the topology that minimizes the network cost plus the expected loss over time attributable to the unavailability of corporate services to staff affected by network incidents. A case study illustrates our methodology and its benefits. Using available public information, we design the topology of a campus network for a large hospital where the cost of labor exceeds 200M€/year. The solution to our optimization problem is found through well-known genetic algorithms and provides a topology where network nodes with a higher impact on productivity exhibit higher reliability. As a consequence, the topology obtained reduces more than 95% (+392 000€) the expected annual lost profits when compared to common reduced-cost topologies such as the minimum-cost ring or the non-reliable minimum-cost tree, showing that investment in risk reduction pays off. Our contribution may be used by engineers to (re)design cost-effective reliable networks or by hospital managers to support decisions on updating present infrastructure based on risk reduction. © 2013 IEEE.
Mayor, V.; Estepa, R.; Estepa, A.; Madinabeitia, G.
Deploying a Reliable UAV-Aided Communication Service in Disaster Areas Artículo de revista
En: Wireless Communications and Mobile Computing, vol. 2019, 2019, ISSN: 15308669, (cited By 25).
@article{Mayor2019,
title = {Deploying a Reliable UAV-Aided Communication Service in Disaster Areas},
author = {V. Mayor and R. Estepa and A. Estepa and G. Madinabeitia},
url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85065643702&doi=10.1155%2f2019%2f7521513&partnerID=40&md5=415539a365bd0d35ce600b19ff3ce412},
doi = {10.1155/2019/7521513},
issn = {15308669},
year = {2019},
date = {2019-01-01},
journal = {Wireless Communications and Mobile Computing},
volume = {2019},
publisher = {Hindawi Limited},
abstract = {When telecommunication infrastructure is damaged by natural disasters, creating a network that can handle voice channels can be vital for search and rescue missions. Unmanned Aerial Vehicles (UAV) equipped with WiFi access points could be rapidly deployed to provide wireless coverage to ground users. This WiFi access network can in turn be used to provide a reliable communication service to be used in search and rescue missions. We formulate a new problem for UAVs optimal deployment which considers not only WiFi coverage but also the mac sublayer (i.e., quality of service). Our goal is to dispatch the minimum number of UAVs for provisioning a WiFi network that enables reliable VoIP communications in disaster scenarios. Among valid solutions, we choose the one that minimizes energy expenditure at the user's WiFi interface card in order to extend ground user's smartphone battery life as much as possible. Solutions are found using well-known heuristics such as K-means clusterization and genetic algorithms. Via numerical results, we show that the IEEE 802.11 standard revision has a decisive impact on the number of UAVs required to cover large areas, and that the user's average energy expenditure (attributable to communications) can be reduced by limiting the maximum altitude for drones or by increasing the VoIP speech quality. © 2019 Vicente Mayor et al.},
note = {cited By 25},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
When telecommunication infrastructure is damaged by natural disasters, creating a network that can handle voice channels can be vital for search and rescue missions. Unmanned Aerial Vehicles (UAV) equipped with WiFi access points could be rapidly deployed to provide wireless coverage to ground users. This WiFi access network can in turn be used to provide a reliable communication service to be used in search and rescue missions. We formulate a new problem for UAVs optimal deployment which considers not only WiFi coverage but also the mac sublayer (i.e., quality of service). Our goal is to dispatch the minimum number of UAVs for provisioning a WiFi network that enables reliable VoIP communications in disaster scenarios. Among valid solutions, we choose the one that minimizes energy expenditure at the user’s WiFi interface card in order to extend ground user’s smartphone battery life as much as possible. Solutions are found using well-known heuristics such as K-means clusterization and genetic algorithms. Via numerical results, we show that the IEEE 802.11 standard revision has a decisive impact on the number of UAVs required to cover large areas, and that the user’s average energy expenditure (attributable to communications) can be reduced by limiting the maximum altitude for drones or by increasing the VoIP speech quality. © 2019 Vicente Mayor et al.
2018
Díaz-Verdejo, J.; Estepa, R.; Estepa, A.; Madinabeitia, G.; Rodríguez, D.
Metodología para la generacion de conjuntos de datos de ataques basados en URI de HTTP Proceedings Article
En: Actas de las V Jornadas Nacionales de Investigación en Ciberseguridad, pp. 119–126, 2018, ISBN: 978-84-09-02697-5.
@inproceedings{diaz-verdejo-jnic2018,
title = {Metodología para la generacion de conjuntos de datos de ataques basados en URI de HTTP},
author = {J. Díaz-Verdejo and R. Estepa and A. Estepa and G. Madinabeitia and D. Rodríguez},
isbn = {978-84-09-02697-5},
year = {2018},
date = {2018-01-01},
booktitle = {Actas de las V Jornadas Nacionales de Investigación en Ciberseguridad},
pages = {119--126},
abstract = {El desarrollo de sistemas de detección de intrusiones basadas en web, o de firewalls de aplicación web, requiere el uso de conjuntos de datos (datasets) apropiados para el entrenamiento y evaluación. Una elección inadecuada de los mismos resultará en sesgos e imprecisiones que pueden invalidar la experimentación y, consecuentemente, la evaluación de las capacidades de detección de la/s técnica/s analizada/s. El problema es especialmente relevante en el caso de los sistemas basados en anomalías, ya que se requiere disponer de ataques adecuados al entorno de experimentación. En el presente trabajo se propone una metodología para la generación de datasets adaptados a las necesidades de la experimentación y del escenario de uso, mediante el uso de la combinación y parametrización de diferentes fuentes de ataques. Además, se ha implementado una herramienta que sigue la metodología propuesta, generando dos datasets con 800 y 1.100 instancias de ataque respectivamente, que responden a las necesidades de la experimentación particular de un sistema de detección de anomalías en peticiones HTTP. No obstante, la metodología desarrollada es suficientemente genérica para permitir la generación de datasets adecuados al desarrollo de otros sistemas en función de las necesidades del usuario.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
El desarrollo de sistemas de detección de intrusiones basadas en web, o de firewalls de aplicación web, requiere el uso de conjuntos de datos (datasets) apropiados para el entrenamiento y evaluación. Una elección inadecuada de los mismos resultará en sesgos e imprecisiones que pueden invalidar la experimentación y, consecuentemente, la evaluación de las capacidades de detección de la/s técnica/s analizada/s. El problema es especialmente relevante en el caso de los sistemas basados en anomalías, ya que se requiere disponer de ataques adecuados al entorno de experimentación. En el presente trabajo se propone una metodología para la generación de datasets adaptados a las necesidades de la experimentación y del escenario de uso, mediante el uso de la combinación y parametrización de diferentes fuentes de ataques. Además, se ha implementado una herramienta que sigue la metodología propuesta, generando dos datasets con 800 y 1.100 instancias de ataque respectivamente, que responden a las necesidades de la experimentación particular de un sistema de detección de anomalías en peticiones HTTP. No obstante, la metodología desarrollada es suficientemente genérica para permitir la generación de datasets adecuados al desarrollo de otros sistemas en función de las necesidades del usuario.
2017
Estepa, R.; Estepa, A.; Díaz-Verdejo, J.; Campos, I.; Madinabeitia, G.; Peña, I.; Castaño, M.; Estrada, C.
Caso de estudio: sistema automatizado de evaluación del riesgo TIC Proceedings Article
En: Actas de las III Jornadas Nacionales de Investigación en Ciberseguridad, pp. 188–189, 2017, ISBN: 9788460846598.
@inproceedings{R.EstepaA.EstepaJ.DiazVerdejoI.CamposG.MadinabeitiaI.PenaM.Castano2017,
title = {Caso de estudio: sistema automatizado de evaluación del riesgo TIC},
author = {R. Estepa and A. Estepa and J. Díaz-Verdejo and I. Campos and G. Madinabeitia and I. Peña and M. Castaño and C. Estrada},
isbn = {9788460846598},
year = {2017},
date = {2017-01-01},
urldate = {2017-01-01},
booktitle = {Actas de las III Jornadas Nacionales de Investigación en Ciberseguridad},
pages = {188--189},
abstract = {Es importante que las organizaciones dispongan de productos o servicios que ayuden a identificar los riesgos tecnológicos. Este artículo presenta nuestra experiencia con el diseño y evaluación de un sistema automatizado de auditorías de seguridad. El sistema ha sido diseñado para realizar de forma autónoma las tareas de inventariado, búsqueda de vulnerabilidades y detección de ataques a través de la red a los sistemas auditados. El sistema sólo utiliza componentes de software libre y combina el resultado de herramientas activas y pasivas mediante dos etapas de correlación. El objetivo final es ofrecer una estimación del nivel de riesgo de cada uno de los activos de la organización.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Es importante que las organizaciones dispongan de productos o servicios que ayuden a identificar los riesgos tecnológicos. Este artículo presenta nuestra experiencia con el diseño y evaluación de un sistema automatizado de auditorías de seguridad. El sistema ha sido diseñado para realizar de forma autónoma las tareas de inventariado, búsqueda de vulnerabilidades y detección de ataques a través de la red a los sistemas auditados. El sistema sólo utiliza componentes de software libre y combina el resultado de herramientas activas y pasivas mediante dos etapas de correlación. El objetivo final es ofrecer una estimación del nivel de riesgo de cada uno de los activos de la organización.
Estepa, R.; Estepa, A.; Wideberg, J.; Jonasson, M.; Stensson-Trigell, A.
More Effective Use of Urban Space by Autonomous Double Parking Artículo de revista
En: Journal of Advanced Transportation, vol. 2017, 2017, ISSN: 01976729, (cited By 17).
@article{Estepa2017,
title = {More Effective Use of Urban Space by Autonomous Double Parking},
author = {R. Estepa and A. Estepa and J. Wideberg and M. Jonasson and A. Stensson-Trigell},
url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85042314940&doi=10.1155%2f2017%2f8426946&partnerID=40&md5=4bc61a0cece24f66e7c83ffdd7708a8c},
doi = {10.1155/2017/8426946},
issn = {01976729},
year = {2017},
date = {2017-01-01},
journal = {Journal of Advanced Transportation},
volume = {2017},
publisher = {Hindawi Limited},
abstract = {The new capabilities of autonomous cars can be used to mitigate to a large extent safety concerns and nuisance traditionally associated with double parking. In this paper double parking for autonomous cars is proposed as a new approach to temporarily increase parking capacity in locations in clear need for extra provision when best alternatives cannot be found. The basic requirements, operation, and procedures of the proposed solution are outlined. A curbside parking has been simulated implementing the suggested double parking operation and important advantages have been identified for drivers, the environment, and the city. Double parking can increase over 50% the parking capacity of a given area. Autonomous car owners would (at least) double their probabilities of finding parking compared to traditional drivers, saving cruising time and emissions. However, significant work and technological advances are still needed in order to make this feasible in the near future. © 2017 Rafael Estepa et al.},
note = {cited By 17},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The new capabilities of autonomous cars can be used to mitigate to a large extent safety concerns and nuisance traditionally associated with double parking. In this paper double parking for autonomous cars is proposed as a new approach to temporarily increase parking capacity in locations in clear need for extra provision when best alternatives cannot be found. The basic requirements, operation, and procedures of the proposed solution are outlined. A curbside parking has been simulated implementing the suggested double parking operation and important advantages have been identified for drivers, the environment, and the city. Double parking can increase over 50% the parking capacity of a given area. Autonomous car owners would (at least) double their probabilities of finding parking compared to traditional drivers, saving cruising time and emissions. However, significant work and technological advances are still needed in order to make this feasible in the near future. © 2017 Rafael Estepa et al.
2016
Delgado, A.; Estepa, A.; Troyano, J. A.; Estepa, R.
Reusing UI elements with model-based user interface development Artículo de revista
En: International Journal of Human Computer Studies, vol. 86, pp. 48-62, 2016, ISSN: 10715819, (cited By 13).
@article{Delgado201648,
title = {Reusing UI elements with model-based user interface development},
author = {A. Delgado and A. Estepa and J. A. Troyano and R. Estepa},
url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84942928651&doi=10.1016%2fj.ijhcs.2015.09.003&partnerID=40&md5=2197068cc0682df11d690c82b5552703},
doi = {10.1016/j.ijhcs.2015.09.003},
issn = {10715819},
year = {2016},
date = {2016-01-01},
journal = {International Journal of Human Computer Studies},
volume = {86},
pages = {48-62},
publisher = {Academic Press},
abstract = {This paper introduces the potential for reusing UI elements in the context of Model-Based UI Development (MBUID) and provides guidance for future MBUID systems with enhanced reutilization capabilities. Our study is based upon the development of six inter-related projects with a specific MBUID environment which supports standard techniques for reuse such as parametrization and sub-specification, inclusion or shared repositories. We analyze our experience and discuss the benefits and limitations of each technique supported by our MBUID environment. The system architecture, the structure and composition of UI elements and the models specification languages have a decisive impact on reusability. In our case, more than 40% of the elements defined in the UI specifications were reused, resulting in a reduction of 55% of the specification size. Inclusion, parametrization and sub-specification have facilitated modularity and internal reuse of UI specifications at development time, whereas the reuse of UI elements between applications has greatly benefited from sharing repositories of UI elements at run time. © 2015 Elsevier Ltd.},
note = {cited By 13},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
This paper introduces the potential for reusing UI elements in the context of Model-Based UI Development (MBUID) and provides guidance for future MBUID systems with enhanced reutilization capabilities. Our study is based upon the development of six inter-related projects with a specific MBUID environment which supports standard techniques for reuse such as parametrization and sub-specification, inclusion or shared repositories. We analyze our experience and discuss the benefits and limitations of each technique supported by our MBUID environment. The system architecture, the structure and composition of UI elements and the models specification languages have a decisive impact on reusability. In our case, more than 40% of the elements defined in the UI specifications were reused, resulting in a reduction of 55% of the specification size. Inclusion, parametrization and sub-specification have facilitated modularity and internal reuse of UI specifications at development time, whereas the reuse of UI elements between applications has greatly benefited from sharing repositories of UI elements at run time. © 2015 Elsevier Ltd.
2014
Jimenez, J.; Estepa, R.; Estepa, A.; Rubio, F. R.; Gõmez-Estern, F.
Energy efficiency and quality of service optimization for constant bit rate real-time applications in 802.11 networks Artículo de revista
En: Wireless Communications and Mobile Computing, vol. 14, no 6, pp. 583-595, 2014, ISSN: 15308669, (cited By 2).
@article{Jimenez2014583,
title = {Energy efficiency and quality of service optimization for constant bit rate real-time applications in 802.11 networks},
author = {J. Jimenez and R. Estepa and A. Estepa and F. R. Rubio and F. Gõmez-Estern},
url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84898003589&doi=10.1002%2fwcm.2210&partnerID=40&md5=87a65bbe5e6a8ff2a711ab53c3035691},
doi = {10.1002/wcm.2210},
issn = {15308669},
year = {2014},
date = {2014-01-01},
journal = {Wireless Communications and Mobile Computing},
volume = {14},
number = {6},
pages = {583-595},
publisher = {John Wiley and Sons Ltd},
abstract = {In this paper, we propose a quality of service (QoS)-sensitive energy efficiency optimization mechanism for 802.11 networks on the basis of the dynamic and simultaneous adjustment of the content window (W) and retry attempts limit (r) of the media access control (MAC) sublayer. The use of both operational variables let us not only find the optimum operational point regarding energy efficiency but also attain a positive impact on the QoS, which improves the results obtained with current single-variable optimization strategies. The model under consideration includes external noise and does not impose the saturation condition in stations and as such is well suited for real-time industrial applications under noisy channels. Results obtained from simulation confirm the advantages of adjusting simultaneously W and r versus adjusting either one separately, obtaining a slight improvement in energy efficiency and resulting in less loss and delay at the MAC sublayer. Copyright © 2012 John Wiley & Sons, Ltd.},
note = {cited By 2},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
In this paper, we propose a quality of service (QoS)-sensitive energy efficiency optimization mechanism for 802.11 networks on the basis of the dynamic and simultaneous adjustment of the content window (W) and retry attempts limit (r) of the media access control (MAC) sublayer. The use of both operational variables let us not only find the optimum operational point regarding energy efficiency but also attain a positive impact on the QoS, which improves the results obtained with current single-variable optimization strategies. The model under consideration includes external noise and does not impose the saturation condition in stations and as such is well suited for real-time industrial applications under noisy channels. Results obtained from simulation confirm the advantages of adjusting simultaneously W and r versus adjusting either one separately, obtaining a slight improvement in energy efficiency and resulting in less loss and delay at the MAC sublayer. Copyright © 2012 John Wiley & Sons, Ltd.
2011
Estepa, R.; Estepa, A.; Cupertino, T.; Vozmediano, J. M.; Madinabeitia, G.
A productivity-based approach to LAN topology design Artículo de revista
En: IEEE Communications Letters, vol. 15, no 3, pp. 349-351, 2011, ISSN: 10897798, (cited By 2).
@article{Estepa2011349,
title = {A productivity-based approach to LAN topology design},
author = {R. Estepa and A. Estepa and T. Cupertino and J. M. Vozmediano and G. Madinabeitia},
url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-79952900288&doi=10.1109%2fLCOMM.2011.012511.101742&partnerID=40&md5=f9279a570b98809e8d1fbad864ce0e31},
doi = {10.1109/LCOMM.2011.012511.101742},
issn = {10897798},
year = {2011},
date = {2011-01-01},
journal = {IEEE Communications Letters},
volume = {15},
number = {3},
pages = {349-351},
abstract = {Over the useful life of a LAN, network downtimes will have a negative impact on organizational productivity not included in current Network Topological Design (NTD) problems. We propose a new approach to LAN topological design that includes the impact of these productivity losses into the network design, minimizing not only the CAPEX but also the expected cost of unproductiveness attributable to network downtimes over a certain period of network operation. © 2010 IEEE.},
note = {cited By 2},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Over the useful life of a LAN, network downtimes will have a negative impact on organizational productivity not included in current Network Topological Design (NTD) problems. We propose a new approach to LAN topological design that includes the impact of these productivity losses into the network design, minimizing not only the CAPEX but also the expected cost of unproductiveness attributable to network downtimes over a certain period of network operation. © 2010 IEEE.
Estepa, A. J.; Vozmediano, J. M.; López, J.; Estepa, R. M.
Impact of VoIP codecs on the energy consumption of portable devices Proceedings Article
En: pp. 123-130, 2011, ISBN: 9781450309028, (cited By 6).
@inproceedings{Estepa2011123,
title = {Impact of VoIP codecs on the energy consumption of portable devices},
author = {A. J. Estepa and J. M. Vozmediano and J. López and R. M. Estepa},
url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-83055177176&doi=10.1145%2f2069087.2069104&partnerID=40&md5=c08c18ae6c381dc4d4960f63a162373e},
doi = {10.1145/2069087.2069104},
isbn = {9781450309028},
year = {2011},
date = {2011-01-01},
journal = {PM2HW2N'11 - Proceedings of the 6th ACM International Workshop on Performance Monitoring, Measurement, and Evaluation of Heterogeneous Wireless and Wired Networks},
pages = {123-130},
abstract = {In this paper we investigate the influence of the codecs into the energy consumption of VoIP applications. These applications are increasingly extended among users of batterydependent devices such as laptops, smartphones and tablets. We provide a methodology to compare the energy efficiency of different VoIP codecs for a given device. This allows users and developers to minimize the energy consumption by codec selection, and introduces a new variable into the QoS-bandwidth balance that has traditionally lead the codec selection in VoIP applications. Our results show that the codec can have a significant impact on the energy consumption attributable to the VoIP software of the portable device. Copyright 2011 ACM.},
note = {cited By 6},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
In this paper we investigate the influence of the codecs into the energy consumption of VoIP applications. These applications are increasingly extended among users of batterydependent devices such as laptops, smartphones and tablets. We provide a methodology to compare the energy efficiency of different VoIP codecs for a given device. This allows users and developers to minimize the energy consumption by codec selection, and introduces a new variable into the QoS-bandwidth balance that has traditionally lead the codec selection in VoIP applications. Our results show that the codec can have a significant impact on the energy consumption attributable to the VoIP software of the portable device. Copyright 2011 ACM.
Estepa, R.; Estepa, A.; Cupertino, T.
A productivity-oriented methodology for local area network design in industrial environments Artículo de revista
En: Computer Networks, vol. 55, no 9, pp. 2303-2314, 2011, ISSN: 13891286, (cited By 2).
@article{Estepa20112303,
title = {A productivity-oriented methodology for local area network design in industrial environments},
author = {R. Estepa and A. Estepa and T. Cupertino},
url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-79957450386&doi=10.1016%2fj.comnet.2011.03.011&partnerID=40&md5=24a7813b3bc920d26cca5bacc072726d},
doi = {10.1016/j.comnet.2011.03.011},
issn = {13891286},
year = {2011},
date = {2011-01-01},
journal = {Computer Networks},
volume = {55},
number = {9},
pages = {2303-2314},
abstract = {Industrial plants use conventional local area networks (LANs) to access a growing number of client/server (C/S) applications such as customer relationship management (CRM) or enterprise resource planning (ERP) which have a direct impact on organization's productivity. These LANs are typically extended throughout the plant which makes them exposed to occasional accidents such as fiber breakages or power failures. Reliable network design (RND) problems address the design of minimum-cost topologies resilient to link failures up to a certain degree. However, RND problems fail to capture some parameters of practical importance for organizations such as productivity losses due to network outages, the time period for which the network design is expected to be operating, or the fact that not all nodes are equally important for productivity. We propose a new approach to LAN topological design named Productivity-aware reliable network design (PA-RND) that takes into account the productivity associated to each node of the network, minimizing not only the CAPEX but also the expected cost attributable to network downtimes over a certain period of network operation. Results show that our PA-RND problem optimizes the LAN topological design obtaining better results than current network design problems such as reliability constrained network design (RCND), minimum spanning tree (MST) or minimum cost ring (MCR). © 2011 Elsevier B.V. All rights reserved.},
note = {cited By 2},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Industrial plants use conventional local area networks (LANs) to access a growing number of client/server (C/S) applications such as customer relationship management (CRM) or enterprise resource planning (ERP) which have a direct impact on organization’s productivity. These LANs are typically extended throughout the plant which makes them exposed to occasional accidents such as fiber breakages or power failures. Reliable network design (RND) problems address the design of minimum-cost topologies resilient to link failures up to a certain degree. However, RND problems fail to capture some parameters of practical importance for organizations such as productivity losses due to network outages, the time period for which the network design is expected to be operating, or the fact that not all nodes are equally important for productivity. We propose a new approach to LAN topological design named Productivity-aware reliable network design (PA-RND) that takes into account the productivity associated to each node of the network, minimizing not only the CAPEX but also the expected cost attributable to network downtimes over a certain period of network operation. Results show that our PA-RND problem optimizes the LAN topological design obtaining better results than current network design problems such as reliability constrained network design (RCND), minimum spanning tree (MST) or minimum cost ring (MCR). © 2011 Elsevier B.V. All rights reserved.
2009
Delgado, A.; Estepa, A.; Troyano, J. A.; Estepa, R.
On the reusability of user interface declarative models Proceedings Article
En: pp. 313-318, Kluwer Academic Publishers, 2009, ISBN: 9781848822054, (cited By 0).
@inproceedings{Delgado2009313,
title = {On the reusability of user interface declarative models},
author = {A. Delgado and A. Estepa and J. A. Troyano and R. Estepa},
url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84878905058&doi=10.1007%2f978-1-84882-206-1_29&partnerID=40&md5=7ffcc7ac506f13dee0480195df56562b},
doi = {10.1007/978-1-84882-206-1_29},
isbn = {9781848822054},
year = {2009},
date = {2009-01-01},
journal = {Computer-Aided Design of User Interfaces VI - Proceedings of the 7th International Conference on Computer-Aided Design of User Interfaces, CADUI 2008},
pages = {313-318},
publisher = {Kluwer Academic Publishers},
abstract = {The automatic generation of user interfaces based on declarative models achieves a significant reduction of the development effort. In this paper, we analyze the feasibility of using two well-known techniques such as XInclude and Packaging in the new context of reusing user-interface model specifications. After analyzing the suitability of each technique for UI reutilization and implementing both techniques in a real system, we show that both techniques are suited to be used within the context of today's existing model-based user interfaces. © Springer-Verlag London Limited 2009.},
note = {cited By 0},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
The automatic generation of user interfaces based on declarative models achieves a significant reduction of the development effort. In this paper, we analyze the feasibility of using two well-known techniques such as XInclude and Packaging in the new context of reusing user-interface model specifications. After analyzing the suitability of each technique for UI reutilization and implementing both techniques in a real system, we show that both techniques are suited to be used within the context of today’s existing model-based user interfaces. © Springer-Verlag London Limited 2009.
2008
Estepa, A.; Estepa, R.; Campos, I.; Delgado, A.
Dimensioning aggregated voice traffic in MPLS nodes Proceedings Article
En: 2008, ISBN: 9783901882272, (cited By 1).
@inproceedings{Estepa2008,
title = {Dimensioning aggregated voice traffic in MPLS nodes},
author = {A. Estepa and R. Estepa and I. Campos and A. Delgado},
url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-51849141359&doi=10.1109%2fONDM.2008.4578394&partnerID=40&md5=e01e3ad9f878fb14ab9f08750b4406df},
doi = {10.1109/ONDM.2008.4578394},
isbn = {9783901882272},
year = {2008},
date = {2008-01-01},
journal = {ONDM 2008 - 12th Conference on Optical Network Design and Modelling},
abstract = {MPLS offers a efficient transport scheme and traffic engineering capabilities for real-time VoIP. However, at the transport plane, the bandwidth reserved for voice traffic is a key parameter necessary to ensure performance guarantees for VoIP communications. This paper addresses this important piece of traffic engineering: determining the bandwidth requirements for voice traffic aggregated. To achieve our goal we first define a model for a generic voice source which embodies any current type of voice source (which we name Generalized VoIP source). Then, we extend the fluid model with our new GVoIP source to obtain a loss and delay prediction for each multiplexer node. Finally, we design a simple but efficient dimensioning algorithm that provides the bandwidth requirement for a desired performance when multiplexing a number of homogeneous GVoIP sources. Using of dimensioning algorithm we compare the bandwidth requirements for two transport schemes VoIP over MPLS and VoMPLS. Results confirm that our extended multiplexing analytical model improves the estimation of the bandwidth requirement of a voice traffic trunk over MPLS, whereas any other on-off based dimensioning model is not valid for these kind of codecs.},
note = {cited By 1},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
MPLS offers a efficient transport scheme and traffic engineering capabilities for real-time VoIP. However, at the transport plane, the bandwidth reserved for voice traffic is a key parameter necessary to ensure performance guarantees for VoIP communications. This paper addresses this important piece of traffic engineering: determining the bandwidth requirements for voice traffic aggregated. To achieve our goal we first define a model for a generic voice source which embodies any current type of voice source (which we name Generalized VoIP source). Then, we extend the fluid model with our new GVoIP source to obtain a loss and delay prediction for each multiplexer node. Finally, we design a simple but efficient dimensioning algorithm that provides the bandwidth requirement for a desired performance when multiplexing a number of homogeneous GVoIP sources. Using of dimensioning algorithm we compare the bandwidth requirements for two transport schemes VoIP over MPLS and VoMPLS. Results confirm that our extended multiplexing analytical model improves the estimation of the bandwidth requirement of a voice traffic trunk over MPLS, whereas any other on-off based dimensioning model is not valid for these kind of codecs.
Estepa, A.; Estepa, R.; Vozmediano, J.
Traffic trunk parameters for voice transport over MPLS Artículo de revista
En: Communications in Computer and Information Science, vol. 9, pp. 199-210, 2008, ISSN: 18650929, (cited By 0).
@article{Estepa2008199,
title = {Traffic trunk parameters for voice transport over MPLS},
author = {A. Estepa and R. Estepa and J. Vozmediano},
editor = {Obaidat M. S. Filipe J.},
url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85025453062&doi=10.1007%2f978-3-540-70760-8_16&partnerID=40&md5=f55008a672886f9a2e86c71012e57ab2},
doi = {10.1007/978-3-540-70760-8_16},
issn = {18650929},
year = {2008},
date = {2008-01-01},
journal = {Communications in Computer and Information Science},
volume = {9},
pages = {199-210},
publisher = {Springer Verlag},
abstract = {Access nodes in NGN are likely to transport voice traffic using MPLS Traffic Trunks. The traffic parameters describing a Traffic Trunk are basic to calculate the network resources to be allocated along the nodes belonging to its corresponding Label-Switched-Path (LSP). This paper provides an analytical model to estimate the lower limit of the bandwidth that needs to be allocated to a TT loaded with a heterogeneous set of voice connections. Our model considers the effect of the Silence Insertion Descriptor (SID) frames that a number of VoIP codecs currently use. Additionally, two transport schemes are considered: VoIP and VoMPLS. The results, experimentally validated, quantify the benefits of VoMPLS over VoIP. © Springer-Verlag Berlin Heidelberg 2008.},
note = {cited By 0},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Access nodes in NGN are likely to transport voice traffic using MPLS Traffic Trunks. The traffic parameters describing a Traffic Trunk are basic to calculate the network resources to be allocated along the nodes belonging to its corresponding Label-Switched-Path (LSP). This paper provides an analytical model to estimate the lower limit of the bandwidth that needs to be allocated to a TT loaded with a heterogeneous set of voice connections. Our model considers the effect of the Silence Insertion Descriptor (SID) frames that a number of VoIP codecs currently use. Additionally, two transport schemes are considered: VoIP and VoMPLS. The results, experimentally validated, quantify the benefits of VoMPLS over VoIP. © Springer-Verlag Berlin Heidelberg 2008.
Estepa, A.; Estepa, R.; Pacheco, A.
Accurate resource estimation for generalized VoIP sources Artículo de revista
En: Telecommunication Systems, vol. 39, no 1, pp. 37-50, 2008, ISSN: 10184864, (cited By 3).
@article{Estepa200837,
title = {Accurate resource estimation for generalized VoIP sources},
author = {A. Estepa and R. Estepa and A. Pacheco},
url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-49449095865&doi=10.1007%2fs11235-008-9084-2&partnerID=40&md5=bb597ddaa93a06927252fae29e031c4e},
doi = {10.1007/s11235-008-9084-2},
issn = {10184864},
year = {2008},
date = {2008-01-01},
journal = {Telecommunication Systems},
volume = {39},
number = {1},
pages = {37-50},
abstract = {Current voice codecs like G.729, G.723.1 or AMR can generate short background descriptors (SID) frames during voice inactivity periods for Comfort Noise Generation (CNG). This feature alters the classical on-off traffic pattern typically used to model the traffic generated by codecs with a Silence Suppression scheme. Therefore the CNG feature leads to severe inaccuracies in the dimensioning analysis done through traditional models based on multiplexing on-off sources like MMPP or fluid model. In this paper, we focus on the VoIP dimensioning issue. First, we define the traffic pattern generated by those codecs that include CNG (generalized VoIP sources). Second, we extend the traditional MMPP and fluid analytical models to multiplex our generalized VoIP sources and propose a simple but efficient dimensioning algorithm. Results are validated by simulations fed by VoIP traces and demonstrate a significant improvement in accuracy with respect to current on-off based approaches. © 2008 Springer Science+Business Media, LLC.},
note = {cited By 3},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Current voice codecs like G.729, G.723.1 or AMR can generate short background descriptors (SID) frames during voice inactivity periods for Comfort Noise Generation (CNG). This feature alters the classical on-off traffic pattern typically used to model the traffic generated by codecs with a Silence Suppression scheme. Therefore the CNG feature leads to severe inaccuracies in the dimensioning analysis done through traditional models based on multiplexing on-off sources like MMPP or fluid model. In this paper, we focus on the VoIP dimensioning issue. First, we define the traffic pattern generated by those codecs that include CNG (generalized VoIP sources). Second, we extend the traditional MMPP and fluid analytical models to multiplex our generalized VoIP sources and propose a simple but efficient dimensioning algorithm. Results are validated by simulations fed by VoIP traces and demonstrate a significant improvement in accuracy with respect to current on-off based approaches. © 2008 Springer Science+Business Media, LLC.
Estepa, A.; Estepa, R.
Accurate resource estimation for homogeneous VoIP aggregated traffic Artículo de revista
En: Computer Networks, vol. 52, no 13, pp. 2505-2517, 2008, ISSN: 13891286, (cited By 6).
@article{Estepa20082505,
title = {Accurate resource estimation for homogeneous VoIP aggregated traffic},
author = {A. Estepa and R. Estepa},
url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-49049103930&doi=10.1016%2fj.comnet.2008.04.012&partnerID=40&md5=7c03558bd610a83013b07656e6a10d77},
doi = {10.1016/j.comnet.2008.04.012},
issn = {13891286},
year = {2008},
date = {2008-01-01},
journal = {Computer Networks},
volume = {52},
number = {13},
pages = {2505-2517},
abstract = {Modern VoIP codecs like G.729, G.723.1 or AMR can generate traffic during voice inactivity periods for Comfort Noise Generation (CNG). This feature alters the classical on-off pattern typically used to model the traffic generated by codecs with a Silence Suppression scheme. Therefore, the traffic generated due to CNG leads to severe inaccuracies in the dimensioning analysis done through traditional models based on multiplexing on-off sources like MMPP or fluid model. This paper addresses the VoIP dimensioning issue. First, we extend the traditional MMPP and fluid analytical models to include those traffic sources which perform the CNG feature. Second, we propose a simple but efficient algorithm which can be applied in dimensioning or admission control to find out the bandwidth reservation required to guarantee delay and loss in a packet-switch multiplexer node for VoIP traffic. Results are validated by simulations and VoIP traces and demonstrate a significant improvement in accuracy with respect to current on-off-based approaches. © 2008 Elsevier B.V. All rights reserved.},
note = {cited By 6},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Modern VoIP codecs like G.729, G.723.1 or AMR can generate traffic during voice inactivity periods for Comfort Noise Generation (CNG). This feature alters the classical on-off pattern typically used to model the traffic generated by codecs with a Silence Suppression scheme. Therefore, the traffic generated due to CNG leads to severe inaccuracies in the dimensioning analysis done through traditional models based on multiplexing on-off sources like MMPP or fluid model. This paper addresses the VoIP dimensioning issue. First, we extend the traditional MMPP and fluid analytical models to include those traffic sources which perform the CNG feature. Second, we propose a simple but efficient algorithm which can be applied in dimensioning or admission control to find out the bandwidth reservation required to guarantee delay and loss in a packet-switch multiplexer node for VoIP traffic. Results are validated by simulations and VoIP traces and demonstrate a significant improvement in accuracy with respect to current on-off-based approaches. © 2008 Elsevier B.V. All rights reserved.
2007
Estepa, A.; Estepa, R.
Dimensioning generalized VoIP sources in WAN links Artículo de revista
En: IEEE Communications Letters, vol. 11, no 12, pp. 1010-1012, 2007, ISSN: 10897798, (cited By 1).
@article{Estepa20071010,
title = {Dimensioning generalized VoIP sources in WAN links},
author = {A. Estepa and R. Estepa},
url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-38149120631&doi=10.1109%2fLCOMM.2007.070924&partnerID=40&md5=d85618446bd944e5ef8defaa9c3dd468},
doi = {10.1109/LCOMM.2007.070924},
issn = {10897798},
year = {2007},
date = {2007-01-01},
journal = {IEEE Communications Letters},
volume = {11},
number = {12},
pages = {1010-1012},
abstract = {The Comfort Noise Generation (CNG) feature of current VoIP codecs can lead to severe inaccuracies in the dimensioning analysis done through traditional models based on multiplexing on-off sources. We adapt the fluid model to obtain an accurate loss prediction in the multiplexing process of those codecs equipped with CNG. Results are validated by simulations fed with VoIP traffic traces and demonstrate a significant accuracy improvement with respect to current on-off multiplexing approaches. © 2007 IEEE.},
note = {cited By 1},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The Comfort Noise Generation (CNG) feature of current VoIP codecs can lead to severe inaccuracies in the dimensioning analysis done through traditional models based on multiplexing on-off sources. We adapt the fluid model to obtain an accurate loss prediction in the multiplexing process of those codecs equipped with CNG. Results are validated by simulations fed with VoIP traffic traces and demonstrate a significant accuracy improvement with respect to current on-off multiplexing approaches. © 2007 IEEE.
Delgado, A.; Estepa, A.; Estepa, R.
WAINE;Automatic generator of web based applications Proceedings Article
En: pp. 226-233, 2007, (cited By 3).
@inproceedings{Delgado2007226,
title = {WAINE;Automatic generator of web based applications},
author = {A. Delgado and A. Estepa and R. Estepa},
url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-67650003983&partnerID=40&md5=840a43ba9b363abc3baa6a441bf1281e},
year = {2007},
date = {2007-01-01},
journal = {Webist 2007 - 3rd International Conference on Web Information Systems and Technologies, Proceedings},
volume = {WIA},
pages = {226-233},
abstract = {This paper presents WAINE (Web Application & INterface Engine), a system for quick web application development based on a novel architecture which provide multiple benefits like: zero programming, integrated security, high re-usability and many degrees of independence. The architecture is well suited for development of multi-user applications and is based on an abstract model which captures all the elements of a typical application. The sample applications developed validate the advantages of the proposed architecture.},
note = {cited By 3},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
This paper presents WAINE (Web Application & INterface Engine), a system for quick web application development based on a novel architecture which provide multiple benefits like: zero programming, integrated security, high re-usability and many degrees of independence. The architecture is well suited for development of multi-user applications and is based on an abstract model which captures all the elements of a typical application. The sample applications developed validate the advantages of the proposed architecture.
Estepa, A.; Estepa, R.
Accurate VoIP dimensioning for WAN links Artículo de revista
En: Electronics Letters, vol. 43, no 23, pp. 1318-1320, 2007, ISSN: 00135194, (cited By 3).
@article{Estepa20071318,
title = {Accurate VoIP dimensioning for WAN links},
author = {A. Estepa and R. Estepa},
url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-36049039557&doi=10.1049%2fel%3a20071739&partnerID=40&md5=19fddcff41c2ce59723e252cd4019314},
doi = {10.1049/el:20071739},
issn = {00135194},
year = {2007},
date = {2007-01-01},
journal = {Electronics Letters},
volume = {43},
number = {23},
pages = {1318-1320},
abstract = {The comfort noise generation (CNG) feature of current VoIP codecs leads to inaccuracies in the multiplexing performance analysis based on on-off sources. The fluid model is adapted to obtain accurate loss prediction in the multiplexing process of VoIP sources equipped with CNG and provide an algorithmic solution for its dimensioning application. Results, validated with traces, demonstrate significant improvement with respect to on-off multiplexing approaches. © The Institution of Engineering and Technology 2007.},
note = {cited By 3},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The comfort noise generation (CNG) feature of current VoIP codecs leads to inaccuracies in the multiplexing performance analysis based on on-off sources. The fluid model is adapted to obtain accurate loss prediction in the multiplexing process of VoIP sources equipped with CNG and provide an algorithmic solution for its dimensioning application. Results, validated with traces, demonstrate significant improvement with respect to on-off multiplexing approaches. © The Institution of Engineering and Technology 2007.
2006
Estepa, A.; Estepa, R.; Vozmediano, J.
Traffic trunk parameters for voice transport over MPLS Proceedings Article
En: pp. 58-64, 2006, ISBN: 9728865643; 9789728865641, (cited By 1).
@inproceedings{Estepa200658,
title = {Traffic trunk parameters for voice transport over MPLS},
author = {A. Estepa and R. Estepa and J. Vozmediano},
url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-77954132303&partnerID=40&md5=30e7bf0bd5927eb640cdca2a72628a25},
isbn = {9728865643; 9789728865641},
year = {2006},
date = {2006-01-01},
journal = {SIGMAP 2006 - International Conference on Signal Processing and Multimedia Applications, Proceedings},
pages = {58-64},
abstract = {Access nodes in NGN are likely to transport voice traffic using MPLS Traffic Trunks. The traffic parameters describing a Traffic Trunk are basic to calculate the network resources to be allocated along the nodes belonging to its corresponding Label-Switched-Path (LSP). This paper provides an analytical model to estimate the lower limit of the bandwidth that needs to be allocated to a TT loaded with a heterogeneous set of voice connections. Our model considers the effect of the Silence Insertion Descriptor (SID) frames that a number of VoIP codecs currently use. Additionally, two transport schemes are considered: VoIP and VoMPLS. The results, experimentally validated, quantify the benefits of VoMPLS over VoIP.},
note = {cited By 1},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Access nodes in NGN are likely to transport voice traffic using MPLS Traffic Trunks. The traffic parameters describing a Traffic Trunk are basic to calculate the network resources to be allocated along the nodes belonging to its corresponding Label-Switched-Path (LSP). This paper provides an analytical model to estimate the lower limit of the bandwidth that needs to be allocated to a TT loaded with a heterogeneous set of voice connections. Our model considers the effect of the Silence Insertion Descriptor (SID) frames that a number of VoIP codecs currently use. Additionally, two transport schemes are considered: VoIP and VoMPLS. The results, experimentally validated, quantify the benefits of VoMPLS over VoIP.