{"id":1470,"date":"2023-04-11T08:54:53","date_gmt":"2023-04-11T06:54:53","guid":{"rendered":"https:\/\/dtstc.ugr.es\/neus-cslab\/?page_id=1470"},"modified":"2025-07-28T12:41:01","modified_gmt":"2025-07-28T10:41:01","slug":"actas","status":"publish","type":"page","link":"https:\/\/dtstc.ugr.es\/neus-cslab\/publicaciones\/actas\/","title":{"rendered":"Publicaciones &#8211; Actas"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-page\" data-elementor-id=\"1470\" class=\"elementor elementor-1470\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-8cabec4 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"8cabec4\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-08216ed\" data-id=\"08216ed\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-inner-section elementor-element elementor-element-9500728 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"9500728\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-16 elementor-inner-column elementor-element elementor-element-d3dfd7c\" data-id=\"d3dfd7c\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-0261190 elementor-align-center full-btn elementor-widget elementor-widget-button\" data-id=\"0261190\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-md\" href=\"\/neus-cslab\/revistas\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">Revistas<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-16 elementor-inner-column elementor-element elementor-element-47809cd\" data-id=\"47809cd\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-af8a64c elementor-align-center full-btn elementor-widget elementor-widget-button\" data-id=\"af8a64c\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-md\" href=\"\/neus-cslab\/actas\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">Actas congresos<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-16 elementor-inner-column elementor-element elementor-element-1862819\" data-id=\"1862819\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-c3d9f90 elementor-align-center full-btn elementor-widget elementor-widget-button\" data-id=\"c3d9f90\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-md\" href=\"\/neus-cslab\/libros\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">libros<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-16 elementor-inner-column elementor-element elementor-element-b725f8f\" data-id=\"b725f8f\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-6edd183 elementor-align-center full-btn elementor-widget elementor-widget-button\" data-id=\"6edd183\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-md\" href=\"\/neus-cslab\/cap-libros\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">Cap. libros<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-16 elementor-inner-column elementor-element elementor-element-5d46512\" data-id=\"5d46512\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-16 elementor-inner-column elementor-element elementor-element-f14a422\" data-id=\"f14a422\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-747344d5 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"747344d5\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-688fefa8\" data-id=\"688fefa8\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-625f073 elementor-widget elementor-widget-shortcode\" data-id=\"625f073\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"shortcode.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-shortcode\"><div class=\"teachpress_pub_list\"><form name=\"tppublistform\" method=\"get\"><a name=\"tppubs\" id=\"tppubs\"><\/a><\/form><div class=\"tablenav\"><div class=\"tablenav-pages\"><span class=\"displaying-num\">51 registros<\/span> <a class=\"page-numbers button disabled\">&laquo;<\/a> <a class=\"page-numbers button disabled\">&lsaquo;<\/a> 1 de 2 <a href=\"https:\/\/dtstc.ugr.es\/neus-cslab\/publicaciones\/actas\/?limit=2&amp;tgid=&amp;yr=&amp;type=&amp;usr=&amp;auth=&amp;tsr=#tppubs\" title=\"p\u00e1gina siguiente\" class=\"page-numbers button\">&rsaquo;<\/a> <a href=\"https:\/\/dtstc.ugr.es\/neus-cslab\/publicaciones\/actas\/?limit=2&amp;tgid=&amp;yr=&amp;type=&amp;usr=&amp;auth=&amp;tsr=#tppubs\" title=\"\u00faltima p\u00e1gina\" class=\"page-numbers button\">&raquo;<\/a> <\/div><\/div><div class=\"teachpress_publication_list\"><h3 class=\"tp_h3\" id=\"tp_h3_2025\">2025<\/h3><div class=\"tp_publication tp_publication_inproceedings\"><div class=\"tp_pub_info\"><p class=\"tp_pub_author\"> Mu\u00f1oz-Calle, Javier;  Fern\u00e1ndez-Jim\u00e9nez, Francisco Jos\u00e9;  Estepa, Rafael;  Mayor, Vicente;  Garcia-Campos, Jos\u00e9 M.<\/p><p class=\"tp_pub_title\">Experiencias de formaci\u00f3n en ciberseguridad usando portales cautivos <span class=\"tp_pub_type tp_  inproceedings\">Proceedings Article<\/span> <\/p><p class=\"tp_pub_additional\"><span class=\"tp_pub_additional_in\">En: <\/span><span class=\"tp_pub_additional_booktitle\">Actas de las X Jornadas Nacionales de Investigaci\u00f3n en Ciberseguridad, <\/span><span class=\"tp_pub_additional_pages\">pp. 477-484, <\/span><span class=\"tp_pub_additional_year\">2025<\/span>, <span class=\"tp_pub_additional_isbn\">ISBN: 78-84-10169-61-6<\/span>.<\/p><p class=\"tp_pub_menu\"><span class=\"tp_abstract_link\"><a id=\"tp_abstract_sh_499\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('499','tp_abstract')\" title=\"Mostrar resumen\" style=\"cursor:pointer;\">Resumen<\/a><\/span> | <span class=\"tp_bibtex_link\"><a id=\"tp_bibtex_sh_499\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('499','tp_bibtex')\" title=\"Mostrar entrada BibTeX \" style=\"cursor:pointer;\">BibTeX<\/a><\/span><\/p><div class=\"tp_bibtex\" id=\"tp_bibtex_499\" style=\"display:none;\"><div class=\"tp_bibtex_entry\"><pre>@inproceedings{2025-jnic-portales,<br \/>\r\ntitle = {Experiencias de formaci\u00f3n en ciberseguridad usando portales cautivos},<br \/>\r\nauthor = {Javier {Mu\u00f1oz-Calle} and Francisco Jos\u00e9 {Fern\u00e1ndez-Jim\u00e9nez} and Rafael Estepa and Vicente Mayor and Jos\u00e9 M. {Garcia-Campos}},<br \/>\r\nisbn = {78-84-10169-61-6},<br \/>\r\nyear  = {2025},<br \/>\r\ndate = {2025-06-06},<br \/>\r\nurldate = {2025-06-06},<br \/>\r\nbooktitle = {Actas de las X Jornadas Nacionales de Investigaci\u00f3n en Ciberseguridad},<br \/>\r\npages = {477-484},<br \/>\r\nabstract = {Este trabajo describe una experiencia de formaci\u00f3n y educaci\u00f3n b\u00e1sica en ciberseguridad desarrollada en el marco de las jornadas de puertas abiertas de la Escuela T\u00e9cnica Superior de Ingenieros de la Universidad de Sevilla para estudiantes de bachillerato. El objetivo es que el alumnado sea consciente de los riesgos asociados al uso de sistemas conectados, especialmente cuando se utilizan infraestructuras de acceso gratuito. Se describe el escenario experimental desplegado, la secuencia de actividades realizada, que incluye acciones de motivaci\u00f3n y acceso aparentemente inofensivo, y los resultados obtenidos.},<br \/>\r\nkeywords = {},<br \/>\r\npubstate = {published},<br \/>\r\ntppubtype = {inproceedings}<br \/>\r\n}<br \/>\r\n<\/pre><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('499','tp_bibtex')\">Cerrar<\/a><\/p><\/div><div class=\"tp_abstract\" id=\"tp_abstract_499\" style=\"display:none;\"><div class=\"tp_abstract_entry\">Este trabajo describe una experiencia de formaci\u00f3n y educaci\u00f3n b\u00e1sica en ciberseguridad desarrollada en el marco de las jornadas de puertas abiertas de la Escuela T\u00e9cnica Superior de Ingenieros de la Universidad de Sevilla para estudiantes de bachillerato. El objetivo es que el alumnado sea consciente de los riesgos asociados al uso de sistemas conectados, especialmente cuando se utilizan infraestructuras de acceso gratuito. Se describe el escenario experimental desplegado, la secuencia de actividades realizada, que incluye acciones de motivaci\u00f3n y acceso aparentemente inofensivo, y los resultados obtenidos.<\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('499','tp_abstract')\">Cerrar<\/a><\/p><\/div><\/div><\/div><div class=\"tp_publication tp_publication_inproceedings\"><div class=\"tp_pub_info\"><p class=\"tp_pub_author\"> Mu\u00f1oz-Calle, J.;  D\u00edaz-Verdejo, J.;  Alonso, R. Estepa;  Alonso, A. Estepa<\/p><p class=\"tp_pub_title\">An\u00e1lisis comparativo de las capacidades de SIDS <span class=\"tp_pub_type tp_  inproceedings\">Proceedings Article<\/span> <\/p><p class=\"tp_pub_additional\"><span class=\"tp_pub_additional_in\">En: <\/span><span class=\"tp_pub_additional_booktitle\">Actas de las X Jornadas Nacionales de Investigaci\u00f3n en Ciberseguridad, <\/span><span class=\"tp_pub_additional_pages\">pp. 169-176, <\/span><span class=\"tp_pub_additional_year\">2025<\/span>, <span class=\"tp_pub_additional_isbn\">ISBN: 78-84-10169-61-6<\/span>.<\/p><p class=\"tp_pub_menu\"><span class=\"tp_abstract_link\"><a id=\"tp_abstract_sh_500\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('500','tp_abstract')\" title=\"Mostrar resumen\" style=\"cursor:pointer;\">Resumen<\/a><\/span> | <span class=\"tp_bibtex_link\"><a id=\"tp_bibtex_sh_500\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('500','tp_bibtex')\" title=\"Mostrar entrada BibTeX \" style=\"cursor:pointer;\">BibTeX<\/a><\/span><\/p><div class=\"tp_bibtex\" id=\"tp_bibtex_500\" style=\"display:none;\"><div class=\"tp_bibtex_entry\"><pre>@inproceedings{2025-jnic-smart,<br \/>\r\ntitle = {An\u00e1lisis comparativo de las capacidades de SIDS},<br \/>\r\nauthor = { J. {Mu\u00f1oz-Calle} and J. {D\u00edaz-Verdejo} and R. {Estepa Alonso} and A. {Estepa Alonso} },<br \/>\r\nisbn = {78-84-10169-61-6},<br \/>\r\nyear  = {2025},<br \/>\r\ndate = {2025-06-06},<br \/>\r\nurldate = {2025-06-06},<br \/>\r\nbooktitle = {Actas de las X Jornadas Nacionales de Investigaci\u00f3n en Ciberseguridad},<br \/>\r\npages = {169-176},<br \/>\r\nabstract = {Cada vez son m\u00e1s los dispositivos desplegados en entornos SmartHome residenciales para conseguir funcionalidades de control relativamente simples. Su bajo coste y facilidad de uso propician una fuerte expansi\u00f3n, lo que a su vez representa un desaf\u00edo desde el punto de vista de la ciberseguridad, aumentando<br \/>\r\nsignificativamente la exposici\u00f3n de las redes residenciales. La utilizaci\u00f3n de sistemas de detecci\u00f3n de intrusiones adaptados al contexto podr\u00eda mejorar la seguridad. Este trabajo estudia la idoneidad de los IDS para la detecci\u00f3n de ciberataques en un escenario tipo SmartHome real, utilizando tanto detectores<br \/>\r\nde dominio p\u00fablico como comerciales. Para ello se analizan trazas reales disponibles con 3 IDS ampliamente utilizados: Snort, Palo Alto NGFW y FortiGate. Los resultados obtenidos ilustran la imposibilidad de su despliegue en su configuraci\u00f3n por defecto, planteando algunas cuestiones relativas al rendimiento<br \/>\r\ny la dificultad de comparar sus rendimientos debido al punto de operaci\u00f3n elegido en los equipos comerciales frente a Snort.},<br \/>\r\nkeywords = {},<br \/>\r\npubstate = {published},<br \/>\r\ntppubtype = {inproceedings}<br \/>\r\n}<br \/>\r\n<\/pre><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('500','tp_bibtex')\">Cerrar<\/a><\/p><\/div><div class=\"tp_abstract\" id=\"tp_abstract_500\" style=\"display:none;\"><div class=\"tp_abstract_entry\">Cada vez son m\u00e1s los dispositivos desplegados en entornos SmartHome residenciales para conseguir funcionalidades de control relativamente simples. Su bajo coste y facilidad de uso propician una fuerte expansi\u00f3n, lo que a su vez representa un desaf\u00edo desde el punto de vista de la ciberseguridad, aumentando<br \/>\r\nsignificativamente la exposici\u00f3n de las redes residenciales. La utilizaci\u00f3n de sistemas de detecci\u00f3n de intrusiones adaptados al contexto podr\u00eda mejorar la seguridad. Este trabajo estudia la idoneidad de los IDS para la detecci\u00f3n de ciberataques en un escenario tipo SmartHome real, utilizando tanto detectores<br \/>\r\nde dominio p\u00fablico como comerciales. Para ello se analizan trazas reales disponibles con 3 IDS ampliamente utilizados: Snort, Palo Alto NGFW y FortiGate. Los resultados obtenidos ilustran la imposibilidad de su despliegue en su configuraci\u00f3n por defecto, planteando algunas cuestiones relativas al rendimiento<br \/>\r\ny la dificultad de comparar sus rendimientos debido al punto de operaci\u00f3n elegido en los equipos comerciales frente a Snort.<\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('500','tp_abstract')\">Cerrar<\/a><\/p><\/div><\/div><\/div><h3 class=\"tp_h3\" id=\"tp_h3_2024\">2024<\/h3><div class=\"tp_publication tp_publication_inproceedings\"><div class=\"tp_pub_info\"><p class=\"tp_pub_author\"> D\u00edaz-Verdejo, Jes\u00fas E.;  Estepa Alonso, Rafael;  Estepa Alonso, Antonio;  Mu\u00f1oz-Calle, Javier;  Madinabeitia, Germ\u00e1n<\/p><p class=\"tp_pub_title\"><a class=\"tp_title_link\" onclick=\"teachpress_pub_showhide('492','tp_links')\" style=\"cursor:pointer;\">Biblio-US17: A labeled real URL dataset for anomaly-based intrusion detection systems development<\/a> <span class=\"tp_pub_type tp_  inproceedings\">Proceedings Article<\/span> <\/p><p class=\"tp_pub_additional\"><span class=\"tp_pub_additional_in\">En: <\/span><span class=\"tp_pub_additional_booktitle\">European Interdisciplinary Cybersecurity Conference (EICC 2024), <\/span><span class=\"tp_pub_additional_pages\">pp. 217\u2013218, <\/span><span class=\"tp_pub_additional_year\">2024<\/span>, <span class=\"tp_pub_additional_isbn\">ISBN: 9798400716515<\/span>.<\/p><p class=\"tp_pub_menu\"><span class=\"tp_abstract_link\"><a id=\"tp_abstract_sh_492\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('492','tp_abstract')\" title=\"Mostrar resumen\" style=\"cursor:pointer;\">Resumen<\/a><\/span> | <span class=\"tp_resource_link\"><a id=\"tp_links_sh_492\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('492','tp_links')\" title=\"Mostrar enlaces y recursos\" style=\"cursor:pointer;\">Enlaces<\/a><\/span> | <span class=\"tp_bibtex_link\"><a id=\"tp_bibtex_sh_492\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('492','tp_bibtex')\" title=\"Mostrar entrada BibTeX \" style=\"cursor:pointer;\">BibTeX<\/a><\/span><\/p><div class=\"tp_bibtex\" id=\"tp_bibtex_492\" style=\"display:none;\"><div class=\"tp_bibtex_entry\"><pre>@inproceedings{Diaz-Verdejo2024b,<br \/>\r\ntitle = {Biblio-US17: A labeled real URL dataset for anomaly-based intrusion detection systems development},<br \/>\r\nauthor = {Jes\u00fas E. D\u00edaz-Verdejo and {Estepa Alonso}, Rafael and {Estepa Alonso}, Antonio and Javier Mu\u00f1oz-Calle and Germ\u00e1n Madinabeitia},<br \/>\r\ndoi = {10.1145\/3655693.3661319},<br \/>\r\nisbn = {9798400716515},<br \/>\r\nyear  = {2024},<br \/>\r\ndate = {2024-01-01},<br \/>\r\nurldate = {2024-01-01},<br \/>\r\nbooktitle = {European Interdisciplinary Cybersecurity Conference (EICC 2024)},<br \/>\r\npages = {217\u2013218},<br \/>\r\nabstract = {The development of anomaly-based intrusion detection systems is hindered by the scarcity of adequate datasets. An ideal dataset should contain real traffic, genuine attacks and cover a large time period that may demonstrate time shift. To be useful, the dataset must be labeled to provide accurate ground-truth, This paper presents a dataset of URLs that possesses these qualities. It can therefore be used to effectively train, test, and validate URL-based anomaly detection systems. The dataset is publicly available and contains 47M registers, including 320k attacks, and spans for 6.5 months. It is partitioned acording to two schemes to allow for time dependent and time independent experiments.},<br \/>\r\nkeywords = {},<br \/>\r\npubstate = {published},<br \/>\r\ntppubtype = {inproceedings}<br \/>\r\n}<br \/>\r\n<\/pre><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('492','tp_bibtex')\">Cerrar<\/a><\/p><\/div><div class=\"tp_abstract\" id=\"tp_abstract_492\" style=\"display:none;\"><div class=\"tp_abstract_entry\">The development of anomaly-based intrusion detection systems is hindered by the scarcity of adequate datasets. An ideal dataset should contain real traffic, genuine attacks and cover a large time period that may demonstrate time shift. To be useful, the dataset must be labeled to provide accurate ground-truth, This paper presents a dataset of URLs that possesses these qualities. It can therefore be used to effectively train, test, and validate URL-based anomaly detection systems. The dataset is publicly available and contains 47M registers, including 320k attacks, and spans for 6.5 months. It is partitioned acording to two schemes to allow for time dependent and time independent experiments.<\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('492','tp_abstract')\">Cerrar<\/a><\/p><\/div><div class=\"tp_links\" id=\"tp_links_492\" style=\"display:none;\"><div class=\"tp_links_entry\"><ul class=\"tp_pub_list\"><li><i class=\"ai ai-doi\"><\/i><a class=\"tp_pub_list\" href=\"https:\/\/dx.doi.org\/10.1145\/3655693.3661319\" title=\"DOI de seguimiento:10.1145\/3655693.3661319\" target=\"_blank\">doi:10.1145\/3655693.3661319<\/a><\/li><\/ul><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('492','tp_links')\">Cerrar<\/a><\/p><\/div><\/div><\/div><div class=\"tp_publication tp_publication_inproceedings\"><div class=\"tp_pub_info\"><p class=\"tp_pub_author\"> D\u00edaz-Verdejo, J.;  Alonso, R. Estepa;  Alonso, A. Estepa;  Mu\u00f1oz-Calle, F. J.<\/p><p class=\"tp_pub_title\">Impacto de la evoluci\u00f3n temporal de datasets reales en el rendimiento de un IDS basados en anomal\u00edas: estudio experimental sobre HTTP <span class=\"tp_pub_type tp_  inproceedings\">Proceedings Article<\/span> <\/p><p class=\"tp_pub_additional\"><span class=\"tp_pub_additional_in\">En: <\/span><span class=\"tp_pub_additional_booktitle\">XI Jornadas Nacionales de Investigaci\u00f3n en Ciberseguridad, <\/span><span class=\"tp_pub_additional_pages\">pp. 302\u2013309, <\/span><span class=\"tp_pub_additional_year\">2024<\/span>.<\/p><p class=\"tp_pub_menu\"><span class=\"tp_abstract_link\"><a id=\"tp_abstract_sh_493\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('493','tp_abstract')\" title=\"Mostrar resumen\" style=\"cursor:pointer;\">Resumen<\/a><\/span> | <span class=\"tp_bibtex_link\"><a id=\"tp_bibtex_sh_493\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('493','tp_bibtex')\" title=\"Mostrar entrada BibTeX \" style=\"cursor:pointer;\">BibTeX<\/a><\/span><\/p><div class=\"tp_bibtex\" id=\"tp_bibtex_493\" style=\"display:none;\"><div class=\"tp_bibtex_entry\"><pre>@inproceedings{DiazVerdejo2024,<br \/>\r\ntitle = {Impacto de la evoluci\u00f3n temporal de datasets reales en el rendimiento de un IDS basados en anomal\u00edas: estudio experimental sobre HTTP},<br \/>\r\nauthor = {J. D\u00edaz-Verdejo and R. Estepa Alonso and A. Estepa Alonso and F. J. Mu\u00f1oz-Calle},<br \/>\r\nyear  = {2024},<br \/>\r\ndate = {2024-01-01},<br \/>\r\nurldate = {2024-01-01},<br \/>\r\nbooktitle = {XI Jornadas Nacionales de Investigaci\u00f3n en Ciberseguridad},<br \/>\r\npages = {302\u2013309},<br \/>\r\nabstract = {El desarrollo y evaluaci\u00f3n de sistemas de detecci\u00f3n de intrusiones basados en anomal\u00edas es de vital importancia en el contexto de la ciberseguridad, especialmente en relaci\u00f3n a los ataques de d\u00eda cero. La naturaleza altamente diamica tanto de los sistemas a proteger como de los ataques hace que la detecci\u00f3n de anomal\u00edas resulte una tarea compleja, ya que esta evoluci\u00f3n temporal puede afectar a las capacidades de los modelos estimados en un escenario y periodo determinados. A pesar de su importancia, este efecto ha sido explorado de forma limitada en la literatura, especialmente por la pr\u00e1tica inexistencia de datos reales convenientemente etiquetados con la suficiente extensi\u00f3n temporal. En el presente trabajo evaluamos experimentalmente el impacto de la evoluci\u00f3n temporal en un sistema para la detecci\u00f3n de ataques basados en URL utilizando datos reales capturados en un escenario real durante un periodo de tiempo relativamente extenso. Nuestros an\u00e1lisis demuestran una degradaci\u00f3n de creciente con la distancia temporal entre el entrenamiento y la evaluaci\u00f3n. Esta degradaci\u00f3n es debida a la combinaci\u00f3n de la p\u00e9rdida de calidad del modelo con el tiempo as\u00ed como a la propia variaci\u00f3n del comportamiento del servicio y\/o ataques a lo largo del tiempo.},<br \/>\r\nkeywords = {},<br \/>\r\npubstate = {published},<br \/>\r\ntppubtype = {inproceedings}<br \/>\r\n}<br \/>\r\n<\/pre><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('493','tp_bibtex')\">Cerrar<\/a><\/p><\/div><div class=\"tp_abstract\" id=\"tp_abstract_493\" style=\"display:none;\"><div class=\"tp_abstract_entry\">El desarrollo y evaluaci\u00f3n de sistemas de detecci\u00f3n de intrusiones basados en anomal\u00edas es de vital importancia en el contexto de la ciberseguridad, especialmente en relaci\u00f3n a los ataques de d\u00eda cero. La naturaleza altamente diamica tanto de los sistemas a proteger como de los ataques hace que la detecci\u00f3n de anomal\u00edas resulte una tarea compleja, ya que esta evoluci\u00f3n temporal puede afectar a las capacidades de los modelos estimados en un escenario y periodo determinados. A pesar de su importancia, este efecto ha sido explorado de forma limitada en la literatura, especialmente por la pr\u00e1tica inexistencia de datos reales convenientemente etiquetados con la suficiente extensi\u00f3n temporal. En el presente trabajo evaluamos experimentalmente el impacto de la evoluci\u00f3n temporal en un sistema para la detecci\u00f3n de ataques basados en URL utilizando datos reales capturados en un escenario real durante un periodo de tiempo relativamente extenso. Nuestros an\u00e1lisis demuestran una degradaci\u00f3n de creciente con la distancia temporal entre el entrenamiento y la evaluaci\u00f3n. Esta degradaci\u00f3n es debida a la combinaci\u00f3n de la p\u00e9rdida de calidad del modelo con el tiempo as\u00ed como a la propia variaci\u00f3n del comportamiento del servicio y\/o ataques a lo largo del tiempo.<\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('493','tp_abstract')\">Cerrar<\/a><\/p><\/div><\/div><\/div><div class=\"tp_publication tp_publication_inproceedings\"><div class=\"tp_pub_info\"><p class=\"tp_pub_author\"> D\u00edaz-Verdejo, J.;  Mu\u00f1oz-Calle, J.;  Alonso, R. Estepa;  Alonso, A. Estepa<\/p><p class=\"tp_pub_title\"><a class=\"tp_title_link\" onclick=\"teachpress_pub_showhide('491','tp_links')\" style=\"cursor:pointer;\">InspectorLog : A New Tool for Offline Attack Detection over Web Log<\/a> <span class=\"tp_pub_type tp_  inproceedings\">Proceedings Article<\/span> <\/p><p class=\"tp_pub_additional\"><span class=\"tp_pub_additional_in\">En: <\/span><span class=\"tp_pub_additional_booktitle\">Proceedings of the 21st International Conference on Security and Cryptography (SECRYPT 2024), <\/span><span class=\"tp_pub_additional_pages\">pp. 692\u2013697, <\/span><span class=\"tp_pub_additional_year\">2024<\/span>, <span class=\"tp_pub_additional_isbn\">ISBN: 9789897587092<\/span>.<\/p><p class=\"tp_pub_menu\"><span class=\"tp_abstract_link\"><a id=\"tp_abstract_sh_491\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('491','tp_abstract')\" title=\"Mostrar resumen\" style=\"cursor:pointer;\">Resumen<\/a><\/span> | <span class=\"tp_resource_link\"><a id=\"tp_links_sh_491\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('491','tp_links')\" title=\"Mostrar enlaces y recursos\" style=\"cursor:pointer;\">Enlaces<\/a><\/span> | <span class=\"tp_bibtex_link\"><a id=\"tp_bibtex_sh_491\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('491','tp_bibtex')\" title=\"Mostrar entrada BibTeX \" style=\"cursor:pointer;\">BibTeX<\/a><\/span><\/p><div class=\"tp_bibtex\" id=\"tp_bibtex_491\" style=\"display:none;\"><div class=\"tp_bibtex_entry\"><pre>@inproceedings{Diaz-Verdejo2024a,<br \/>\r\ntitle = {InspectorLog : A New Tool for Offline Attack Detection over Web Log},<br \/>\r\nauthor = {J. D\u00edaz-Verdejo and J. Mu\u00f1oz-Calle and R. Estepa Alonso and A. Estepa Alonso},<br \/>\r\ndoi = {10.5220\/0012764000003767},<br \/>\r\nisbn = {9789897587092},<br \/>\r\nyear  = {2024},<br \/>\r\ndate = {2024-01-01},<br \/>\r\nurldate = {2024-01-01},<br \/>\r\nbooktitle = {Proceedings of the 21st International Conference on Security and Cryptography (SECRYPT 2024)},<br \/>\r\nnumber = {Secrypt},<br \/>\r\npages = {692\u2013697},<br \/>\r\nabstract = {InspectorLog is a novel tool for offline analysis of HTTP logs. The tool processes web server logs to identify attacks using diverse rule sets, focusing primarily on the URI field. It is compatible with standard rule formats from systems such as Snort, Nemesida, and ModSecurity. This paper describes InspectorLog functionalities, architecture and applications to the scientific community. We also experimentally validate InspectorLog by comparing its detection power with that of the IDS from which rules are taken. Inspector log fills a gap in available tools in cybersecurity practices in forensic analysis, dataset sanitization, and signature tuning. Future enhancements are planned to support additionalWeb Application Firewalls (WAFs), new rule types, and HTTP protocol methods, aiming to broaden its scope and utility in the ever-evolving domain of network security.},<br \/>\r\nkeywords = {},<br \/>\r\npubstate = {published},<br \/>\r\ntppubtype = {inproceedings}<br \/>\r\n}<br \/>\r\n<\/pre><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('491','tp_bibtex')\">Cerrar<\/a><\/p><\/div><div class=\"tp_abstract\" id=\"tp_abstract_491\" style=\"display:none;\"><div class=\"tp_abstract_entry\">InspectorLog is a novel tool for offline analysis of HTTP logs. The tool processes web server logs to identify attacks using diverse rule sets, focusing primarily on the URI field. It is compatible with standard rule formats from systems such as Snort, Nemesida, and ModSecurity. This paper describes InspectorLog functionalities, architecture and applications to the scientific community. We also experimentally validate InspectorLog by comparing its detection power with that of the IDS from which rules are taken. Inspector log fills a gap in available tools in cybersecurity practices in forensic analysis, dataset sanitization, and signature tuning. Future enhancements are planned to support additionalWeb Application Firewalls (WAFs), new rule types, and HTTP protocol methods, aiming to broaden its scope and utility in the ever-evolving domain of network security.<\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('491','tp_abstract')\">Cerrar<\/a><\/p><\/div><div class=\"tp_links\" id=\"tp_links_491\" style=\"display:none;\"><div class=\"tp_links_entry\"><ul class=\"tp_pub_list\"><li><i class=\"ai ai-doi\"><\/i><a class=\"tp_pub_list\" href=\"https:\/\/dx.doi.org\/10.5220\/0012764000003767\" title=\"DOI de seguimiento:10.5220\/0012764000003767\" target=\"_blank\">doi:10.5220\/0012764000003767<\/a><\/li><\/ul><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('491','tp_links')\">Cerrar<\/a><\/p><\/div><\/div><\/div><div class=\"tp_publication tp_publication_inproceedings\"><div class=\"tp_pub_info\"><p class=\"tp_pub_author\"> D\u00edaz-Verdejo, Jes\u00fas;  Alonso, Rafael Estepa;  Alonso, Antonio Estepa;  Mu\u00f1oz-Calle, Javier<\/p><p class=\"tp_pub_title\"><a class=\"tp_title_link\" onclick=\"teachpress_pub_showhide('490','tp_links')\" style=\"cursor:pointer;\">Insights into anomaly-based intrusion detection systems usability. A case study using real http requests<\/a> <span class=\"tp_pub_type tp_  inproceedings\">Proceedings Article<\/span> <\/p><p class=\"tp_pub_additional\"><span class=\"tp_pub_additional_in\">En: <\/span><span class=\"tp_pub_additional_booktitle\">Proc. European Interdisciplinary Cybersecurity Conference (EICC 2024), <\/span><span class=\"tp_pub_additional_pages\">pp. 82\u201389, <\/span><span class=\"tp_pub_additional_year\">2024<\/span>, <span class=\"tp_pub_additional_isbn\">ISBN: 9798400716515<\/span>.<\/p><p class=\"tp_pub_menu\"><span class=\"tp_abstract_link\"><a id=\"tp_abstract_sh_490\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('490','tp_abstract')\" title=\"Mostrar resumen\" style=\"cursor:pointer;\">Resumen<\/a><\/span> | <span class=\"tp_resource_link\"><a id=\"tp_links_sh_490\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('490','tp_links')\" title=\"Mostrar enlaces y recursos\" style=\"cursor:pointer;\">Enlaces<\/a><\/span> | <span class=\"tp_bibtex_link\"><a id=\"tp_bibtex_sh_490\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('490','tp_bibtex')\" title=\"Mostrar entrada BibTeX \" style=\"cursor:pointer;\">BibTeX<\/a><\/span><\/p><div class=\"tp_bibtex\" id=\"tp_bibtex_490\" style=\"display:none;\"><div class=\"tp_bibtex_entry\"><pre>@inproceedings{Diaz-Verdejo2024,<br \/>\r\ntitle = {Insights into anomaly-based intrusion detection systems usability. A case study using real http requests},<br \/>\r\nauthor = {Jes\u00fas D\u00edaz-Verdejo and Rafael Estepa Alonso and Antonio Estepa Alonso and Javier Mu\u00f1oz-Calle},<br \/>\r\ndoi = {10.1145\/3655693.3655745},<br \/>\r\nisbn = {9798400716515},<br \/>\r\nyear  = {2024},<br \/>\r\ndate = {2024-01-01},<br \/>\r\nurldate = {2024-01-01},<br \/>\r\nbooktitle = {Proc. European Interdisciplinary Cybersecurity Conference (EICC 2024)},<br \/>\r\npages = {82\u201389},<br \/>\r\nabstract = {Intrusion detection systems based on anomalies (A-IDS) are crucial for detecting cyberattacks, especially zero-day attacks. Numerous A-IDS proposals in the literature report excellent performance according to established metrics and settings in a laboratory. However, finding systems implementing these proposals in real-world scenarios is challenging. This work explores, through a case study, the suitability of performance metrics commonly used in the scientific literature to real-world scenarios. Our case study will consider a Web attack detector based on URIs and a real, large-scale dataset. Our results show significant limitations in the performance metrics commonly used to select the system&#039;s operating point and its practical use in real-world scenarios.},<br \/>\r\nkeywords = {},<br \/>\r\npubstate = {published},<br \/>\r\ntppubtype = {inproceedings}<br \/>\r\n}<br \/>\r\n<\/pre><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('490','tp_bibtex')\">Cerrar<\/a><\/p><\/div><div class=\"tp_abstract\" id=\"tp_abstract_490\" style=\"display:none;\"><div class=\"tp_abstract_entry\">Intrusion detection systems based on anomalies (A-IDS) are crucial for detecting cyberattacks, especially zero-day attacks. Numerous A-IDS proposals in the literature report excellent performance according to established metrics and settings in a laboratory. However, finding systems implementing these proposals in real-world scenarios is challenging. This work explores, through a case study, the suitability of performance metrics commonly used in the scientific literature to real-world scenarios. Our case study will consider a Web attack detector based on URIs and a real, large-scale dataset. Our results show significant limitations in the performance metrics commonly used to select the system&#039;s operating point and its practical use in real-world scenarios.<\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('490','tp_abstract')\">Cerrar<\/a><\/p><\/div><div class=\"tp_links\" id=\"tp_links_490\" style=\"display:none;\"><div class=\"tp_links_entry\"><ul class=\"tp_pub_list\"><li><i class=\"ai ai-doi\"><\/i><a class=\"tp_pub_list\" href=\"https:\/\/dx.doi.org\/10.1145\/3655693.3655745\" title=\"DOI de seguimiento:10.1145\/3655693.3655745\" target=\"_blank\">doi:10.1145\/3655693.3655745<\/a><\/li><\/ul><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('490','tp_links')\">Cerrar<\/a><\/p><\/div><\/div><\/div><h3 class=\"tp_h3\" id=\"tp_h3_2023\">2023<\/h3><div class=\"tp_publication tp_publication_inproceedings\"><div class=\"tp_pub_info\"><p class=\"tp_pub_author\"> Castillo-Fern\u00e1ndez, E.;  Diaz-Verdejo, J.;  Estepa Alonso, R.;  Estepa Alonso, A.<\/p><p class=\"tp_pub_title\">Riesgos en la Smart Home: estudio experimental <span class=\"tp_pub_type tp_  inproceedings\">Proceedings Article<\/span> <\/p><p class=\"tp_pub_additional\"><span class=\"tp_pub_additional_in\">En: <\/span><span class=\"tp_pub_additional_booktitle\">Actas de las VIII Jornadas Nacionales de Investigaci\u00f3n en Ciberseguridad (JNIC23), <\/span><span class=\"tp_pub_additional_pages\">pp. 375-382, <\/span><span class=\"tp_pub_additional_year\">2023<\/span>, <span class=\"tp_pub_additional_isbn\">ISBN: 978-84-8158-970-2<\/span>.<\/p><p class=\"tp_pub_menu\"><span class=\"tp_abstract_link\"><a id=\"tp_abstract_sh_476\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('476','tp_abstract')\" title=\"Mostrar resumen\" style=\"cursor:pointer;\">Resumen<\/a><\/span> | <span class=\"tp_bibtex_link\"><a id=\"tp_bibtex_sh_476\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('476','tp_bibtex')\" title=\"Mostrar entrada BibTeX \" style=\"cursor:pointer;\">BibTeX<\/a><\/span><\/p><div class=\"tp_bibtex\" id=\"tp_bibtex_476\" style=\"display:none;\"><div class=\"tp_bibtex_entry\"><pre>@inproceedings{jnic23-iot,<br \/>\r\ntitle = {Riesgos en la Smart Home: estudio experimental},<br \/>\r\nauthor = {E. Castillo-Fern\u00e1ndez and J. Diaz-Verdejo and {Estepa Alonso}, R. and {Estepa Alonso}, A.},<br \/>\r\nisbn = {978-84-8158-970-2},<br \/>\r\nyear  = {2023},<br \/>\r\ndate = {2023-06-21},<br \/>\r\nurldate = {2023-06-21},<br \/>\r\nbooktitle = {Actas de las VIII Jornadas Nacionales de Investigaci\u00f3n en Ciberseguridad (JNIC23)},<br \/>\r\npages = {375-382},<br \/>\r\nabstract = {En este trabajo realizamos una evaluaci\u00f3n preliminar de los riesgos de ciberseguridad en un escenario de aplicaci\u00f3n t\u00edpico de SmartHome: una vivienda unifamiliar. Para ello se han desplegado varias tecnolog\u00edas com\u00fanmente utilizadas en este contexto y se ha monitorizado el tr\u00e1fico asociado a los dispositivos y servidores SmartHome. A partir del an\u00e1lisis realizado se ha constatado la existencia de ataques, patrones de comunicaci\u00f3n an\u00f3malos entre dispositivos y con servidores externos, as\u00ed como vulnerabilidades asociadas a debilidades en las configuraciones de los dispositivos y los protocolos desplegados, algunos de ellos propietarios. Adicionalmente, para algunos dispositivos se ha constatado una gran dependencia de la nube, lo que facilita la indisponibilidad de  algunos servicios en caso de fallos en la conexi\u00f3n con nube. El resultado evidencia un pobre tratamiento de la ciberseguridad por la mayor\u00eda de los operadores del sector y un riesgo en este tipo de instalaciones que puede pasar inadvertido al usuario.},<br \/>\r\nkeywords = {},<br \/>\r\npubstate = {published},<br \/>\r\ntppubtype = {inproceedings}<br \/>\r\n}<br \/>\r\n<\/pre><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('476','tp_bibtex')\">Cerrar<\/a><\/p><\/div><div class=\"tp_abstract\" id=\"tp_abstract_476\" style=\"display:none;\"><div class=\"tp_abstract_entry\">En este trabajo realizamos una evaluaci\u00f3n preliminar de los riesgos de ciberseguridad en un escenario de aplicaci\u00f3n t\u00edpico de SmartHome: una vivienda unifamiliar. Para ello se han desplegado varias tecnolog\u00edas com\u00fanmente utilizadas en este contexto y se ha monitorizado el tr\u00e1fico asociado a los dispositivos y servidores SmartHome. A partir del an\u00e1lisis realizado se ha constatado la existencia de ataques, patrones de comunicaci\u00f3n an\u00f3malos entre dispositivos y con servidores externos, as\u00ed como vulnerabilidades asociadas a debilidades en las configuraciones de los dispositivos y los protocolos desplegados, algunos de ellos propietarios. Adicionalmente, para algunos dispositivos se ha constatado una gran dependencia de la nube, lo que facilita la indisponibilidad de  algunos servicios en caso de fallos en la conexi\u00f3n con nube. El resultado evidencia un pobre tratamiento de la ciberseguridad por la mayor\u00eda de los operadores del sector y un riesgo en este tipo de instalaciones que puede pasar inadvertido al usuario.<\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('476','tp_abstract')\">Cerrar<\/a><\/p><\/div><\/div><\/div><div class=\"tp_publication tp_publication_inproceedings\"><div class=\"tp_pub_info\"><p class=\"tp_pub_author\"> Castillo-Fern\u00e1ndez, Elvira;  Mu\u00f1oz, Escol\u00e1stico;  Diaz-Verdejo, J.;  Estepa Alonso, R;  Estepa Alonso, A.<\/p><p class=\"tp_pub_title\">Dise\u00f1o y despliegue de un laboratorio para formaci\u00f3n e investigaci\u00f3n  en ciberseguridad <span class=\"tp_pub_type tp_  inproceedings\">Proceedings Article<\/span> <\/p><p class=\"tp_pub_additional\"><span class=\"tp_pub_additional_in\">En: <\/span><span class=\"tp_pub_additional_booktitle\">Actas de las VIII Jornadas Nacionales de Investigaci\u00f3n en Ciberseguridad (JNIC23) , <\/span><span class=\"tp_pub_additional_pages\">pp. 445-452, <\/span><span class=\"tp_pub_additional_year\">2023<\/span>, <span class=\"tp_pub_additional_isbn\">ISBN: 978-84-8158-970-2<\/span>.<\/p><p class=\"tp_pub_menu\"><span class=\"tp_abstract_link\"><a id=\"tp_abstract_sh_480\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('480','tp_abstract')\" title=\"Mostrar resumen\" style=\"cursor:pointer;\">Resumen<\/a><\/span> | <span class=\"tp_bibtex_link\"><a id=\"tp_bibtex_sh_480\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('480','tp_bibtex')\" title=\"Mostrar entrada BibTeX \" style=\"cursor:pointer;\">BibTeX<\/a><\/span><\/p><div class=\"tp_bibtex\" id=\"tp_bibtex_480\" style=\"display:none;\"><div class=\"tp_bibtex_entry\"><pre>@inproceedings{jnic23-cslab,<br \/>\r\ntitle = {Dise\u00f1o y despliegue de un laboratorio para formaci\u00f3n e investigaci\u00f3n  en ciberseguridad},<br \/>\r\nauthor = {Elvira Castillo-Fern\u00e1ndez and Escol\u00e1stico Mu\u00f1oz and J. Diaz-Verdejo and {Estepa Alonso}, R and {Estepa Alonso}, A.},<br \/>\r\nisbn = {978-84-8158-970-2},<br \/>\r\nyear  = {2023},<br \/>\r\ndate = {2023-06-21},<br \/>\r\nurldate = {2023-06-21},<br \/>\r\nbooktitle = {Actas de las VIII Jornadas Nacionales de Investigaci\u00f3n en Ciberseguridad (JNIC23) },<br \/>\r\njournal = {Actas de las VIII Jornadas Nacionales de Investigaci\u00f3n en Ciberseguridad (JNIC23) - En revisi\u00f3n},<br \/>\r\npages = {445-452},<br \/>\r\nabstract = {La realizaci\u00f3n de simulacros y\/o experimentos para actividades de formaci\u00f3n e investigaci\u00f3n en ciberseguridad plantea serias dificultades pr\u00e1cticas por la ejecuci\u00f3n de ataques a los sistemas que conforman la propia infraestructura. Se presentan m\u00faltiples requisitos, en ocasiones, incompatibles entre s\u00ed, como la necesidad de preservar la seguridad de los sistemas externos y de monitorizaci\u00f3n sin perder la conectividad hacia Internet, la capacidad de monitorizaci\u00f3n y adquisici\u00f3n de trazas de una forma segura, la flexibilidad que permita m\u00faltiples escenarios lo m\u00e1s realistas posible y una f\u00e1cil reusabilidad del laboratorio. En el presente trabajo se propone e implementa una arquitectura para un laboratorio de ciberseguridad que presenta un equilibrio entre flexibilidad, funcionalidad, usabilidad y seguridad de las operaciones. La propuesta se basa en la divisi\u00f3n en una red de supervisi\u00f3n y una red de laboratorio sobre la que, mediante virtualizaci\u00f3n de bajo nivel, se pueden desarrollar los diferentes experimentos y ataques con riesgo m\u00ednimo de impacto sobre la red de supervisi\u00f3n. Para ello se establecen diferentes barreras, tanto f\u00edsicas como l\u00f3gicas, que permiten filtrar el tr\u00e1fico entre ambas y la conectividad hacia Internet. Para mostrar la operaci\u00f3n y capacidades de la arquitectura propuesta se presenta un caso de uso con un ataque multietapa que involucra diversos sistemas operativos y equipos.},<br \/>\r\nkeywords = {},<br \/>\r\npubstate = {published},<br \/>\r\ntppubtype = {inproceedings}<br \/>\r\n}<br \/>\r\n<\/pre><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('480','tp_bibtex')\">Cerrar<\/a><\/p><\/div><div class=\"tp_abstract\" id=\"tp_abstract_480\" style=\"display:none;\"><div class=\"tp_abstract_entry\">La realizaci\u00f3n de simulacros y\/o experimentos para actividades de formaci\u00f3n e investigaci\u00f3n en ciberseguridad plantea serias dificultades pr\u00e1cticas por la ejecuci\u00f3n de ataques a los sistemas que conforman la propia infraestructura. Se presentan m\u00faltiples requisitos, en ocasiones, incompatibles entre s\u00ed, como la necesidad de preservar la seguridad de los sistemas externos y de monitorizaci\u00f3n sin perder la conectividad hacia Internet, la capacidad de monitorizaci\u00f3n y adquisici\u00f3n de trazas de una forma segura, la flexibilidad que permita m\u00faltiples escenarios lo m\u00e1s realistas posible y una f\u00e1cil reusabilidad del laboratorio. En el presente trabajo se propone e implementa una arquitectura para un laboratorio de ciberseguridad que presenta un equilibrio entre flexibilidad, funcionalidad, usabilidad y seguridad de las operaciones. La propuesta se basa en la divisi\u00f3n en una red de supervisi\u00f3n y una red de laboratorio sobre la que, mediante virtualizaci\u00f3n de bajo nivel, se pueden desarrollar los diferentes experimentos y ataques con riesgo m\u00ednimo de impacto sobre la red de supervisi\u00f3n. Para ello se establecen diferentes barreras, tanto f\u00edsicas como l\u00f3gicas, que permiten filtrar el tr\u00e1fico entre ambas y la conectividad hacia Internet. Para mostrar la operaci\u00f3n y capacidades de la arquitectura propuesta se presenta un caso de uso con un ataque multietapa que involucra diversos sistemas operativos y equipos.<\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('480','tp_abstract')\">Cerrar<\/a><\/p><\/div><\/div><\/div><div class=\"tp_publication tp_publication_inproceedings\"><div class=\"tp_pub_info\"><p class=\"tp_pub_author\"> Fern\u00e1ndez, Elvira Castillo;  D\u00edaz-Verdejo, Jes\u00fas E.;  Estepa Alonso, Rafael;  Estepa Alonso, Antonio;  Mu\u00f1oz-Calle, Javier;  Madinabeitia, Germ\u00e1n<\/p><p class=\"tp_pub_title\"><a class=\"tp_title_link\" onclick=\"teachpress_pub_showhide('477','tp_links')\" style=\"cursor:pointer;\">Multistep Cyberattacks Detection using a Flexible Multilevel System for Alerts and Events Correlation<\/a> <span class=\"tp_pub_type tp_  inproceedings\">Proceedings Article<\/span> <\/p><p class=\"tp_pub_additional\"><span class=\"tp_pub_additional_in\">En: <\/span><span class=\"tp_pub_additional_booktitle\">Proc. European Interdisciplinary Cybersecurity Conference (EICC 2023), <\/span><span class=\"tp_pub_additional_pages\">pp. 6, <\/span><span class=\"tp_pub_additional_year\">2023<\/span>.<\/p><p class=\"tp_pub_menu\"><span class=\"tp_abstract_link\"><a id=\"tp_abstract_sh_477\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('477','tp_abstract')\" title=\"Mostrar resumen\" style=\"cursor:pointer;\">Resumen<\/a><\/span> | <span class=\"tp_resource_link\"><a id=\"tp_links_sh_477\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('477','tp_links')\" title=\"Mostrar enlaces y recursos\" style=\"cursor:pointer;\">Enlaces<\/a><\/span> | <span class=\"tp_bibtex_link\"><a id=\"tp_bibtex_sh_477\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('477','tp_bibtex')\" title=\"Mostrar entrada BibTeX \" style=\"cursor:pointer;\">BibTeX<\/a><\/span><\/p><div class=\"tp_bibtex\" id=\"tp_bibtex_477\" style=\"display:none;\"><div class=\"tp_bibtex_entry\"><pre>@inproceedings{eicc23-attacks,<br \/>\r\ntitle = {Multistep Cyberattacks Detection using a Flexible Multilevel System for Alerts and Events Correlation},<br \/>\r\nauthor = {Elvira {Castillo Fern\u00e1ndez} and Jes\u00fas E. {D\u00edaz-Verdejo} and {Estepa Alonso}, Rafael and {Estepa Alonso}, Antonio and Javier {Mu\u00f1oz-Calle} and Germ\u00e1n Madinabeitia},<br \/>\r\ndoi = {10.1145\/3590777.3590778},<br \/>\r\nyear  = {2023},<br \/>\r\ndate = {2023-06-14},<br \/>\r\nurldate = {2023-06-14},<br \/>\r\nbooktitle = {Proc. European Interdisciplinary Cybersecurity Conference (EICC 2023)},<br \/>\r\npages = {6},<br \/>\r\nabstract = {Current network monitoring systems tend to generate several alerts per attack, especially in multistep attacks. However, Cybersecurity Officers (CSO) would rather receive a single alert summarizing the entire incident. Triggering a single alert per attack is a challenge that requires developing and evaluating advanced event correlation techniques and models to determine the relationships between the different observed events\/alerts.<br \/>\r\n<br \/>\r\nIn this work, we propose a flexible architecture oriented toward the correlation and aggregation of events and alerts in a multilevel iterative approach. <br \/>\r\nIn our scheme, sensors generate events and alerts that are stored in a non-relational database queried by modules that create knowledge structured as meta-alerts that are also stored in the database. These meta-alerts (also called hyperalerts) are, in turn, used iteratively to create new knowledge. This iterative approach can be used to aggregate information at multiple levels or steps in complex attack models. <br \/>\r\nOur architecture also allows the incorporation of additional sensors and the evaluation of various correlation techniques and multistage attack models. The capabilities of the system are assessed through three case studies.},<br \/>\r\nkeywords = {},<br \/>\r\npubstate = {published},<br \/>\r\ntppubtype = {inproceedings}<br \/>\r\n}<br \/>\r\n<\/pre><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('477','tp_bibtex')\">Cerrar<\/a><\/p><\/div><div class=\"tp_abstract\" id=\"tp_abstract_477\" style=\"display:none;\"><div class=\"tp_abstract_entry\">Current network monitoring systems tend to generate several alerts per attack, especially in multistep attacks. However, Cybersecurity Officers (CSO) would rather receive a single alert summarizing the entire incident. Triggering a single alert per attack is a challenge that requires developing and evaluating advanced event correlation techniques and models to determine the relationships between the different observed events\/alerts.<br \/>\r\n<br \/>\r\nIn this work, we propose a flexible architecture oriented toward the correlation and aggregation of events and alerts in a multilevel iterative approach. <br \/>\r\nIn our scheme, sensors generate events and alerts that are stored in a non-relational database queried by modules that create knowledge structured as meta-alerts that are also stored in the database. These meta-alerts (also called hyperalerts) are, in turn, used iteratively to create new knowledge. This iterative approach can be used to aggregate information at multiple levels or steps in complex attack models. <br \/>\r\nOur architecture also allows the incorporation of additional sensors and the evaluation of various correlation techniques and multistage attack models. The capabilities of the system are assessed through three case studies.<\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('477','tp_abstract')\">Cerrar<\/a><\/p><\/div><div class=\"tp_links\" id=\"tp_links_477\" style=\"display:none;\"><div class=\"tp_links_entry\"><ul class=\"tp_pub_list\"><li><i class=\"ai ai-doi\"><\/i><a class=\"tp_pub_list\" href=\"https:\/\/dx.doi.org\/10.1145\/3590777.3590778\" title=\"DOI de seguimiento:10.1145\/3590777.3590778\" target=\"_blank\">doi:10.1145\/3590777.3590778<\/a><\/li><\/ul><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('477','tp_links')\">Cerrar<\/a><\/p><\/div><\/div><\/div><div class=\"tp_publication tp_publication_inproceedings\"><div class=\"tp_pub_info\"><p class=\"tp_pub_author\"> Lara, Agust\u00edn W.;  Ternero, J. A.;  Estepa Alonso, Rafael;  Estepa Alonso, Antonio;  Ruiz-Robles, Fernando;  D\u00edaz-Verdejo, Jes\u00fas E.<\/p><p class=\"tp_pub_title\"><a class=\"tp_title_link\" onclick=\"teachpress_pub_showhide('478','tp_links')\" style=\"cursor:pointer;\">HTTP Cyberattacks Detection through Automatic Signature Generation in multi-site IoT Deployments<\/a> <span class=\"tp_pub_type tp_  inproceedings\">Proceedings Article<\/span> <\/p><p class=\"tp_pub_additional\"><span class=\"tp_pub_additional_in\">En: <\/span><span class=\"tp_pub_additional_booktitle\">Proc. European Interdisciplinary Cybersecurity Conference (EICC 2023)\r\n, <\/span><span class=\"tp_pub_additional_pages\">pp. 6, <\/span><span class=\"tp_pub_additional_year\">2023<\/span>.<\/p><p class=\"tp_pub_menu\"><span class=\"tp_abstract_link\"><a id=\"tp_abstract_sh_478\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('478','tp_abstract')\" title=\"Mostrar resumen\" style=\"cursor:pointer;\">Resumen<\/a><\/span> | <span class=\"tp_resource_link\"><a id=\"tp_links_sh_478\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('478','tp_links')\" title=\"Mostrar enlaces y recursos\" style=\"cursor:pointer;\">Enlaces<\/a><\/span> | <span class=\"tp_bibtex_link\"><a id=\"tp_bibtex_sh_478\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('478','tp_bibtex')\" title=\"Mostrar entrada BibTeX \" style=\"cursor:pointer;\">BibTeX<\/a><\/span><\/p><div class=\"tp_bibtex\" id=\"tp_bibtex_478\" style=\"display:none;\"><div class=\"tp_bibtex_entry\"><pre>@inproceedings{eicc2-firmas,<br \/>\r\ntitle = {HTTP Cyberattacks Detection through Automatic Signature Generation in multi-site IoT Deployments},<br \/>\r\nauthor = {Agust\u00edn W. Lara and J.A. Ternero and {Estepa Alonso}, Rafael and {Estepa Alonso}, Antonio and Fernando Ruiz-Robles and Jes\u00fas E. D\u00edaz-Verdejo<br \/>\r\n},<br \/>\r\ndoi = {10.1145\/3590777.3590788},<br \/>\r\nyear  = {2023},<br \/>\r\ndate = {2023-06-14},<br \/>\r\nurldate = {2023-06-14},<br \/>\r\nbooktitle = {Proc. European Interdisciplinary Cybersecurity Conference (EICC 2023)<br \/>\r\n},<br \/>\r\npages = {6},<br \/>\r\nabstract = { IoT deployments often include a web-interface server for managerial purposes. Signature-based Intrusion Detection Systems are commonly used to detect HTTP attacks on these web servers. The standard signature repositories used by these defensive systems can be enhanced with new signatures generated automatically from attacks detected with anomaly detection techniques. <br \/>\r\n  This work presents a scheme for generating such anomaly-based signatures from HTTP attacks in a way that avoids excessive false positives. The signatures generated are distributed to peer sites in a multi-site environment. We also present a case study based on an IoT real-life dataset collected at four different SmartLight deployments from the same organization. Our results show a notable performance improvement (from $24.1%$ to $66.7%$) when anomaly-based signatures are added to the standard default Snort ruleset and distributed to the other three sites.},<br \/>\r\nkeywords = {},<br \/>\r\npubstate = {published},<br \/>\r\ntppubtype = {inproceedings}<br \/>\r\n}<br \/>\r\n<\/pre><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('478','tp_bibtex')\">Cerrar<\/a><\/p><\/div><div class=\"tp_abstract\" id=\"tp_abstract_478\" style=\"display:none;\"><div class=\"tp_abstract_entry\"> IoT deployments often include a web-interface server for managerial purposes. Signature-based Intrusion Detection Systems are commonly used to detect HTTP attacks on these web servers. The standard signature repositories used by these defensive systems can be enhanced with new signatures generated automatically from attacks detected with anomaly detection techniques. <br \/>\r\n  This work presents a scheme for generating such anomaly-based signatures from HTTP attacks in a way that avoids excessive false positives. The signatures generated are distributed to peer sites in a multi-site environment. We also present a case study based on an IoT real-life dataset collected at four different SmartLight deployments from the same organization. Our results show a notable performance improvement (from $24.1%$ to $66.7%$) when anomaly-based signatures are added to the standard default Snort ruleset and distributed to the other three sites.<\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('478','tp_abstract')\">Cerrar<\/a><\/p><\/div><div class=\"tp_links\" id=\"tp_links_478\" style=\"display:none;\"><div class=\"tp_links_entry\"><ul class=\"tp_pub_list\"><li><i class=\"ai ai-doi\"><\/i><a class=\"tp_pub_list\" href=\"https:\/\/dx.doi.org\/10.1145\/3590777.3590788\" title=\"DOI de seguimiento:10.1145\/3590777.3590788\" target=\"_blank\">doi:10.1145\/3590777.3590788<\/a><\/li><\/ul><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('478','tp_links')\">Cerrar<\/a><\/p><\/div><\/div><\/div><div class=\"tp_publication tp_publication_inproceedings\"><div class=\"tp_pub_info\"><p class=\"tp_pub_author\"> Mu\u00f1oz-calle, Javier;  Fructuoso, Javier;  Estepa, Rafael;  Estepa, Antonio<\/p><p class=\"tp_pub_title\">Evaluaci\u00f3n experimental de las capacidades de detecci\u00f3n de ciberataques basados en t\u00e9cnicas del modelo ATT &amp; CK mediante Snort <span class=\"tp_pub_type tp_  inproceedings\">Proceedings Article<\/span> <\/p><p class=\"tp_pub_additional\"><span class=\"tp_pub_additional_in\">En: <\/span><span class=\"tp_pub_additional_booktitle\">Actas de las XVI Jornadas de Ingenier\u00eda Telem\u00e1tica - JITEL 2023, <\/span><span class=\"tp_pub_additional_pages\">pp. 5\u20138, <\/span><span class=\"tp_pub_additional_year\">2023<\/span>.<\/p><p class=\"tp_pub_menu\"><span class=\"tp_abstract_link\"><a id=\"tp_abstract_sh_487\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('487','tp_abstract')\" title=\"Mostrar resumen\" style=\"cursor:pointer;\">Resumen<\/a><\/span> | <span class=\"tp_bibtex_link\"><a id=\"tp_bibtex_sh_487\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('487','tp_bibtex')\" title=\"Mostrar entrada BibTeX \" style=\"cursor:pointer;\">BibTeX<\/a><\/span><\/p><div class=\"tp_bibtex\" id=\"tp_bibtex_487\" style=\"display:none;\"><div class=\"tp_bibtex_entry\"><pre>@inproceedings{Munoz-calle2023,<br \/>\r\ntitle = {Evaluaci\u00f3n experimental de las capacidades de detecci\u00f3n de ciberataques basados en t\u00e9cnicas del modelo ATT & CK mediante Snort},<br \/>\r\nauthor = {Javier Mu\u00f1oz-calle and Javier Fructuoso and Rafael Estepa and Antonio Estepa},<br \/>\r\nyear  = {2023},<br \/>\r\ndate = {2023-01-01},<br \/>\r\nurldate = {2023-01-01},<br \/>\r\nbooktitle = {Actas de las XVI Jornadas de Ingenier\u00eda Telem\u00e1tica - JITEL 2023},<br \/>\r\npages = {5\u20138},<br \/>\r\nabstract = {ATT&CK establece un modelo donde se especifican las fases secuenciales de un ciberataque, as\u00b4\u0131 como las t\u00b4ecnicas que suelen ser usadas en cada paso del ataque. Ser\u00b4\u0131a interesante incorporar este modelo en el proceso de detecci\u00b4on de los ciberataques ya que facilitar\u00b4\u0131a la correlaci\u00b4on de las numerosas alertas generadas por los sistemas de monitorizaci\u00b4on de red. Sin embargo, la aplicaci\u00b4on del modelo en los procesos de correlaci\u00b4on de eventos no es inmediata, ya que no est\u00b4a formulado en t\u00b4erminos de eventos observables y\/o detecciones sino de acciones a realizar. En el presente trabajo exploramos y evaluamos los elementos necesarios para incorporar el modelo ATT&CK en el procesamiento de la informaci\u00b4on generada por los sistemas de monitorizaci\u00b4on de la seguridad en la red.},<br \/>\r\nkeywords = {},<br \/>\r\npubstate = {published},<br \/>\r\ntppubtype = {inproceedings}<br \/>\r\n}<br \/>\r\n<\/pre><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('487','tp_bibtex')\">Cerrar<\/a><\/p><\/div><div class=\"tp_abstract\" id=\"tp_abstract_487\" style=\"display:none;\"><div class=\"tp_abstract_entry\">ATT&amp;CK establece un modelo donde se especifican las fases secuenciales de un ciberataque, as\u00b4\u0131 como las t\u00b4ecnicas que suelen ser usadas en cada paso del ataque. Ser\u00b4\u0131a interesante incorporar este modelo en el proceso de detecci\u00b4on de los ciberataques ya que facilitar\u00b4\u0131a la correlaci\u00b4on de las numerosas alertas generadas por los sistemas de monitorizaci\u00b4on de red. Sin embargo, la aplicaci\u00b4on del modelo en los procesos de correlaci\u00b4on de eventos no es inmediata, ya que no est\u00b4a formulado en t\u00b4erminos de eventos observables y\/o detecciones sino de acciones a realizar. En el presente trabajo exploramos y evaluamos los elementos necesarios para incorporar el modelo ATT&amp;CK en el procesamiento de la informaci\u00b4on generada por los sistemas de monitorizaci\u00b4on de la seguridad en la red.<\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('487','tp_abstract')\">Cerrar<\/a><\/p><\/div><\/div><\/div><div class=\"tp_publication tp_publication_inproceedings\"><div class=\"tp_pub_info\"><p class=\"tp_pub_author\"> Castillo-Fern\u00e1ndez, Elvira;  D\u00edaz-Verdejo, Jes\u00fas Esteban;  Alonso, Rafael Mar\u00eda Estepa;  Alonso, Antonio Estepa;  Mu\u00f1oz-Calle, Fco Javier<\/p><p class=\"tp_pub_title\">Uso practico del modelo ATT&amp;CK para la detecci\u00f3n de ciberataques <span class=\"tp_pub_type tp_  inproceedings\">Proceedings Article<\/span> <\/p><p class=\"tp_pub_additional\"><span class=\"tp_pub_additional_in\">En: <\/span><span class=\"tp_pub_additional_booktitle\">Actas de las XVI Jornadas de Ingenier\u00eda Telem\u00e1tica - JITEL 2023, <\/span><span class=\"tp_pub_additional_pages\">pp. 1\u20134, <\/span><span class=\"tp_pub_additional_year\">2023<\/span>, <span class=\"tp_pub_additional_isbn\">ISBN: 9783131450715<\/span>.<\/p><p class=\"tp_pub_menu\"><span class=\"tp_abstract_link\"><a id=\"tp_abstract_sh_484\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('484','tp_abstract')\" title=\"Mostrar resumen\" style=\"cursor:pointer;\">Resumen<\/a><\/span> | <span class=\"tp_bibtex_link\"><a id=\"tp_bibtex_sh_484\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('484','tp_bibtex')\" title=\"Mostrar entrada BibTeX \" style=\"cursor:pointer;\">BibTeX<\/a><\/span><\/p><div class=\"tp_bibtex\" id=\"tp_bibtex_484\" style=\"display:none;\"><div class=\"tp_bibtex_entry\"><pre>@inproceedings{Castillo-Fernandez2023,<br \/>\r\ntitle = {Uso practico del modelo ATT&CK para la detecci\u00f3n de ciberataques},<br \/>\r\nauthor = {Elvira Castillo-Fern\u00e1ndez and Jes\u00fas Esteban D\u00edaz-Verdejo and Rafael Mar\u00eda Estepa Alonso and Antonio Estepa Alonso and Fco Javier Mu\u00f1oz-Calle},<br \/>\r\nisbn = {9783131450715},<br \/>\r\nyear  = {2023},<br \/>\r\ndate = {2023-01-01},<br \/>\r\nurldate = {2023-01-01},<br \/>\r\nbooktitle = {Actas de las XVI Jornadas de Ingenier\u00eda Telem\u00e1tica - JITEL 2023},<br \/>\r\npages = {1\u20134},<br \/>\r\nabstract = {ATT&CK establece un modelo donde se especifican las fases secuenciales de un ciberataque, as\u00ed como las t\u00e9cnicas que suelen ser usadas en cada paso del ataque. Ser\u00eda interesante incorporar este modelo en el proceso de detecci\u00f3n de los ciberataques ya que facilitar\u00eda la correlaci\u00f3n de las numerosas alertas generadas por los sistemas de monitorizaci\u00f3n de red. Sin embargo, la aplicaci\u00f3n del modelo en los procesos de correlaci\u00f3n de eventos no es inmediata, ya que no est\u00e1 formulado en t\u00e9rminos de eventos observables y\/o detecciones sino de acciones a realizar. En el presente trabajo exploramos y evaluamos los elementos necesarios para incorporar el modelo ATT&CK en el procesamiento de la informaci\u00f3n generada por los sistemas de monitorizaci\u00f3n de la seguridad en la red.},<br \/>\r\nkeywords = {},<br \/>\r\npubstate = {published},<br \/>\r\ntppubtype = {inproceedings}<br \/>\r\n}<br \/>\r\n<\/pre><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('484','tp_bibtex')\">Cerrar<\/a><\/p><\/div><div class=\"tp_abstract\" id=\"tp_abstract_484\" style=\"display:none;\"><div class=\"tp_abstract_entry\">ATT&amp;CK establece un modelo donde se especifican las fases secuenciales de un ciberataque, as\u00ed como las t\u00e9cnicas que suelen ser usadas en cada paso del ataque. Ser\u00eda interesante incorporar este modelo en el proceso de detecci\u00f3n de los ciberataques ya que facilitar\u00eda la correlaci\u00f3n de las numerosas alertas generadas por los sistemas de monitorizaci\u00f3n de red. Sin embargo, la aplicaci\u00f3n del modelo en los procesos de correlaci\u00f3n de eventos no es inmediata, ya que no est\u00e1 formulado en t\u00e9rminos de eventos observables y\/o detecciones sino de acciones a realizar. En el presente trabajo exploramos y evaluamos los elementos necesarios para incorporar el modelo ATT&amp;CK en el procesamiento de la informaci\u00f3n generada por los sistemas de monitorizaci\u00f3n de la seguridad en la red.<\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('484','tp_abstract')\">Cerrar<\/a><\/p><\/div><\/div><\/div><h3 class=\"tp_h3\" id=\"tp_h3_2022\">2022<\/h3><div class=\"tp_publication tp_publication_inproceedings\"><div class=\"tp_pub_info\"><p class=\"tp_pub_author\"> Alonso, Antonio Estepa;  Alonso, Rafael Estepa;  Wideberg, Johan;  D\u00edaz-Verdejo, Jes\u00fas;  Marquez, Adolfo Crespo<\/p><p class=\"tp_pub_title\">Smart Detection of Cyberattacks in IoT servers: Application to smart lighting and other smart city applications <span class=\"tp_pub_type tp_  inproceedings\">Proceedings Article<\/span> <\/p><p class=\"tp_pub_additional\"><span class=\"tp_pub_additional_in\">En: <\/span> Leva, Maria Chiara;  Petelli, Edoardo;  Podofillini, Luca;  Wilson, Simon (Ed.): <span class=\"tp_pub_additional_booktitle\">European Conference on Safety and Reliability (ESREL 2022), <\/span><span class=\"tp_pub_additional_pages\">pp. 3-4, <\/span><span class=\"tp_pub_additional_year\">2022<\/span>.<\/p><p class=\"tp_pub_menu\"><span class=\"tp_bibtex_link\"><a id=\"tp_bibtex_sh_481\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('481','tp_bibtex')\" title=\"Mostrar entrada BibTeX \" style=\"cursor:pointer;\">BibTeX<\/a><\/span><\/p><div class=\"tp_bibtex\" id=\"tp_bibtex_481\" style=\"display:none;\"><div class=\"tp_bibtex_entry\"><pre>@inproceedings{esrel22,<br \/>\r\ntitle = {Smart Detection of Cyberattacks in IoT servers: Application to smart lighting and other smart city applications},<br \/>\r\nauthor = {Antonio {Estepa Alonso} and Rafael {Estepa Alonso} and Johan Wideberg and Jes\u00fas {D\u00edaz-Verdejo} and Adolfo {Crespo Marquez}},<br \/>\r\neditor = {Maria {Chiara Leva} and Edoardo Petelli and Luca Podofillini and Simon Wilson},<br \/>\r\nyear  = {2022},<br \/>\r\ndate = {2022-08-31},<br \/>\r\nurldate = {2022-08-31},<br \/>\r\nbooktitle = {European Conference on Safety and Reliability (ESREL 2022)},<br \/>\r\njournal = {European Conference on Safety and Reliability (ESREL 2022)},<br \/>\r\npages = {3-4},<br \/>\r\nkeywords = {},<br \/>\r\npubstate = {published},<br \/>\r\ntppubtype = {inproceedings}<br \/>\r\n}<br \/>\r\n<\/pre><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('481','tp_bibtex')\">Cerrar<\/a><\/p><\/div><\/div><\/div><div class=\"tp_publication tp_publication_inproceedings\"><div class=\"tp_pub_info\"><p class=\"tp_pub_author\"> Mu\u00f1oz, Javier;  Bueno, Felipe;  Estepa, Rafael;  Estepa, Antonio;  D\u00edaz-Verdejo, Jes\u00fas E.<\/p><p class=\"tp_pub_title\">Ataques a servidores web: estudio experimental de la capacidad de detecci\u00f3n de algunos SIDS gratuitos <span class=\"tp_pub_type tp_  inproceedings\">Proceedings Article<\/span> <\/p><p class=\"tp_pub_additional\"><span class=\"tp_pub_additional_in\">En: <\/span><span class=\"tp_pub_additional_booktitle\">Actas de las VII Jornadas Nacionales de Investigaci\u00f3n en Ciberseguridad (JNIC&#039;22), <\/span><span class=\"tp_pub_additional_pages\">pp. 22\u201325, <\/span><span class=\"tp_pub_additional_year\">2022<\/span>, <span class=\"tp_pub_additional_isbn\">ISBN: 9878488734136<\/span>.<\/p><p class=\"tp_pub_menu\"><span class=\"tp_abstract_link\"><a id=\"tp_abstract_sh_266\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('266','tp_abstract')\" title=\"Mostrar resumen\" style=\"cursor:pointer;\">Resumen<\/a><\/span> | <span class=\"tp_bibtex_link\"><a id=\"tp_bibtex_sh_266\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('266','tp_bibtex')\" title=\"Mostrar entrada BibTeX \" style=\"cursor:pointer;\">BibTeX<\/a><\/span><\/p><div class=\"tp_bibtex\" id=\"tp_bibtex_266\" style=\"display:none;\"><div class=\"tp_bibtex_entry\"><pre>@inproceedings{Munoz-jnic22,<br \/>\r\ntitle = {Ataques a servidores web: estudio experimental de la capacidad de detecci\u00f3n de algunos SIDS gratuitos},<br \/>\r\nauthor = {Javier Mu\u00f1oz and Felipe Bueno and Rafael Estepa and Antonio Estepa and Jes\u00fas E. D\u00edaz-Verdejo},<br \/>\r\nisbn = {9878488734136},<br \/>\r\nyear  = {2022},<br \/>\r\ndate = {2022-01-01},<br \/>\r\nurldate = {2022-01-01},<br \/>\r\nbooktitle = {Actas de las VII Jornadas Nacionales de Investigaci\u00f3n en Ciberseguridad (JNIC&#039;22)},<br \/>\r\npages = {22--25},<br \/>\r\nabstract = {Este trabajo cuantifica de forma experimental la capacidad de detecci\u00f3n de ataques a servidores web ofrecida por algunos de los detectores de intrusiones basados en firmas (SIDS) disponibles de forma gratuita. Para ello, se ha realizado una b\u00fasqueda y selecci\u00f3n de 28 herramientas actuales para la generaci\u00f3n de ataques y an\u00e1lisis de seguridad del servicio web. Con ellas, se han realizado casi 150 ataques a dos escenarios de uso de un servidor web (una web est\u00e1tica y una din\u00e1mica). Las peticiones HTTP registradas durante los ataques han sido utilizadas para crear un dataset de ataques que ser\u00e1 utilizado como entrada a tres SIDS gratuitos seleccionados por su amplio uso, de forma que se podr\u00e1 determinar la capacidad de detecci\u00f3n de los mismos frente a los ataques generados. Este trabajo se encuentra a\u00fan en desarrollo, por lo que en esta contribuci\u00f3n se muestran los primeros resultados relativos a la recolecci\u00f3n y selecci\u00f3n de herramientas para la generaci\u00f3n de los ataques, la generaci\u00f3n del dataset de ataques de forma que sea representativo de los ataques actuales y la evaluaci\u00f3n preliminar de las capacidades de detecci\u00f3n.},<br \/>\r\nkeywords = {},<br \/>\r\npubstate = {published},<br \/>\r\ntppubtype = {inproceedings}<br \/>\r\n}<br \/>\r\n<\/pre><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('266','tp_bibtex')\">Cerrar<\/a><\/p><\/div><div class=\"tp_abstract\" id=\"tp_abstract_266\" style=\"display:none;\"><div class=\"tp_abstract_entry\">Este trabajo cuantifica de forma experimental la capacidad de detecci\u00f3n de ataques a servidores web ofrecida por algunos de los detectores de intrusiones basados en firmas (SIDS) disponibles de forma gratuita. Para ello, se ha realizado una b\u00fasqueda y selecci\u00f3n de 28 herramientas actuales para la generaci\u00f3n de ataques y an\u00e1lisis de seguridad del servicio web. Con ellas, se han realizado casi 150 ataques a dos escenarios de uso de un servidor web (una web est\u00e1tica y una din\u00e1mica). Las peticiones HTTP registradas durante los ataques han sido utilizadas para crear un dataset de ataques que ser\u00e1 utilizado como entrada a tres SIDS gratuitos seleccionados por su amplio uso, de forma que se podr\u00e1 determinar la capacidad de detecci\u00f3n de los mismos frente a los ataques generados. Este trabajo se encuentra a\u00fan en desarrollo, por lo que en esta contribuci\u00f3n se muestran los primeros resultados relativos a la recolecci\u00f3n y selecci\u00f3n de herramientas para la generaci\u00f3n de los ataques, la generaci\u00f3n del dataset de ataques de forma que sea representativo de los ataques actuales y la evaluaci\u00f3n preliminar de las capacidades de detecci\u00f3n.<\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('266','tp_abstract')\">Cerrar<\/a><\/p><\/div><\/div><\/div><h3 class=\"tp_h3\" id=\"tp_h3_2021\">2021<\/h3><div class=\"tp_publication tp_publication_inproceedings\"><div class=\"tp_pub_info\"><p class=\"tp_pub_author\"> Rom\u00e1n, Isabel;  Madinabeitia, Germ\u00e1n;  Estepa, Rafael;  D\u00edaz-Verdejo, Jes\u00fas;  Estepa, Antonio;  Gonz\u00e1lez-S\u00e1nchez, Jos\u00e9 Luis;  Prieto, Felipe Lemuz<\/p><p class=\"tp_pub_title\"><a class=\"tp_title_link\" onclick=\"teachpress_pub_showhide('273','tp_links')\" style=\"cursor:pointer;\">Aplicaci\u00f3n de control de acceso y t\u00e9cnicas de Blockchain para el control de datos gen\u00e9ticos<\/a> <span class=\"tp_pub_type tp_  inproceedings\">Proceedings Article<\/span> <\/p><p class=\"tp_pub_additional\"><span class=\"tp_pub_additional_in\">En: <\/span><span class=\"tp_pub_additional_booktitle\">Actas de las VI Jornadas Nacionales de Investigaci\u00f3n en Ciberseguridad, <\/span><span class=\"tp_pub_additional_pages\">pp. 293\u2013299, <\/span><span class=\"tp_pub_additional_year\">2021<\/span>, <span class=\"tp_pub_additional_isbn\">ISBN: 9788490444634<\/span>.<\/p><p class=\"tp_pub_menu\"><span class=\"tp_abstract_link\"><a id=\"tp_abstract_sh_273\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('273','tp_abstract')\" title=\"Mostrar resumen\" style=\"cursor:pointer;\">Resumen<\/a><\/span> | <span class=\"tp_resource_link\"><a id=\"tp_links_sh_273\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('273','tp_links')\" title=\"Mostrar enlaces y recursos\" style=\"cursor:pointer;\">Enlaces<\/a><\/span> | <span class=\"tp_bibtex_link\"><a id=\"tp_bibtex_sh_273\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('273','tp_bibtex')\" title=\"Mostrar entrada BibTeX \" style=\"cursor:pointer;\">BibTeX<\/a><\/span><\/p><div class=\"tp_bibtex\" id=\"tp_bibtex_273\" style=\"display:none;\"><div class=\"tp_bibtex_entry\"><pre>@inproceedings{Roman2021,<br \/>\r\ntitle = {Aplicaci\u00f3n de control de acceso y t\u00e9cnicas de Blockchain para el control de datos gen\u00e9ticos},<br \/>\r\nauthor = {Isabel Rom\u00e1n and Germ\u00e1n Madinabeitia and Rafael Estepa and Jes\u00fas D\u00edaz-Verdejo and Antonio Estepa and Jos\u00e9 Luis Gonz\u00e1lez-S\u00e1nchez and Felipe Lemuz Prieto},<br \/>\r\nurl = {https:\/\/ruidera.uclm.es\/xmlui\/handle\/10578\/28677},<br \/>\r\ndoi = {10.18239\/jornadas_2021.34.67},<br \/>\r\nisbn = {9788490444634},<br \/>\r\nyear  = {2021},<br \/>\r\ndate = {2021-01-01},<br \/>\r\nbooktitle = {Actas de las VI Jornadas Nacionales de Investigaci\u00f3n en Ciberseguridad},<br \/>\r\npages = {293--299},<br \/>\r\nabstract = {Este trabajo presenta una soluci\u00f3n al reto de mejorar la trazabilidad del acceso a informaci\u00f3n gen\u00e9tica almacenada en una aplicaci\u00f3n propietaria a trav\u00b4es del uso de blockchain. Para ello se realizan tres acciones: (a) se normaliza la estructura y acceso a los datos conforme al est\u00e1ndar sanitario FHIR; (b) se dise \u00f1a una arquitectura normalizada de control de acceso a los datos en la que el paciente puede administrar las pol\u00edticas de acceso a sus datos cl\u00ednicos compatible con el RGDP; (c) se securiza mediante blockchain la trazabilidad del acceso a los datos. Los resultados de las tres acciones anteriores se integran en un demostrador o una aplicaci\u00f3n piloto que tiene las siguientes caracter\u00edsticas: (a) arquitectura SOA con interfaces normalizados de acceso que siguen el est\u00e1ndar FHIR; (b) cuenta con sistema distribuido de control de acceso de grano fino que sigue el est\u00e1ndard XACML\/SAML; (c) utiliza blockchain de forma que se garantice la trazabilidad y la integridad de los registros de acceso al sistema.},<br \/>\r\nkeywords = {},<br \/>\r\npubstate = {published},<br \/>\r\ntppubtype = {inproceedings}<br \/>\r\n}<br \/>\r\n<\/pre><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('273','tp_bibtex')\">Cerrar<\/a><\/p><\/div><div class=\"tp_abstract\" id=\"tp_abstract_273\" style=\"display:none;\"><div class=\"tp_abstract_entry\">Este trabajo presenta una soluci\u00f3n al reto de mejorar la trazabilidad del acceso a informaci\u00f3n gen\u00e9tica almacenada en una aplicaci\u00f3n propietaria a trav\u00b4es del uso de blockchain. Para ello se realizan tres acciones: (a) se normaliza la estructura y acceso a los datos conforme al est\u00e1ndar sanitario FHIR; (b) se dise \u00f1a una arquitectura normalizada de control de acceso a los datos en la que el paciente puede administrar las pol\u00edticas de acceso a sus datos cl\u00ednicos compatible con el RGDP; (c) se securiza mediante blockchain la trazabilidad del acceso a los datos. Los resultados de las tres acciones anteriores se integran en un demostrador o una aplicaci\u00f3n piloto que tiene las siguientes caracter\u00edsticas: (a) arquitectura SOA con interfaces normalizados de acceso que siguen el est\u00e1ndar FHIR; (b) cuenta con sistema distribuido de control de acceso de grano fino que sigue el est\u00e1ndard XACML\/SAML; (c) utiliza blockchain de forma que se garantice la trazabilidad y la integridad de los registros de acceso al sistema.<\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('273','tp_abstract')\">Cerrar<\/a><\/p><\/div><div class=\"tp_links\" id=\"tp_links_273\" style=\"display:none;\"><div class=\"tp_links_entry\"><ul class=\"tp_pub_list\"><li><i class=\"fas fa-globe\"><\/i><a class=\"tp_pub_list\" href=\"https:\/\/ruidera.uclm.es\/xmlui\/handle\/10578\/28677\" title=\"https:\/\/ruidera.uclm.es\/xmlui\/handle\/10578\/28677\" target=\"_blank\">https:\/\/ruidera.uclm.es\/xmlui\/handle\/10578\/28677<\/a><\/li><li><i class=\"ai ai-doi\"><\/i><a class=\"tp_pub_list\" href=\"https:\/\/dx.doi.org\/10.18239\/jornadas_2021.34.67\" title=\"DOI de seguimiento:10.18239\/jornadas_2021.34.67\" target=\"_blank\">doi:10.18239\/jornadas_2021.34.67<\/a><\/li><\/ul><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('273','tp_links')\">Cerrar<\/a><\/p><\/div><\/div><\/div><div class=\"tp_publication tp_publication_inproceedings\"><div class=\"tp_pub_info\"><p class=\"tp_pub_author\"> Diaz-Verdejo, J.;  Mu\u00f1oz, F. J.;  Alonso, R. Estepa;  Alonso, A. Estepa;  Madinabeitia, G.<\/p><p class=\"tp_pub_title\"><a class=\"tp_title_link\" onclick=\"teachpress_pub_showhide('272','tp_links')\" style=\"cursor:pointer;\">Sobre las capacidades de detecci\u00f3n de los IDS basados en firmas<\/a> <span class=\"tp_pub_type tp_  inproceedings\">Proceedings Article<\/span> <\/p><p class=\"tp_pub_additional\"><span class=\"tp_pub_additional_in\">En: <\/span> Serrano, Manuel A.;  Fern\u00e1ndez-Medina, Eduardo;  Alcaraz, Cristina;  Castro, Noem\u00ed;  Calvo, Guillermo (Ed.): <span class=\"tp_pub_additional_booktitle\">Actas de las VI Jornadas Nacionales de Investigaci\u00f3n en Ciberseguridad, <\/span><span class=\"tp_pub_additional_pages\">pp. 55\u201364, <\/span><span class=\"tp_pub_additional_publisher\">Ediciones de la Universidad de Castilla-La Mancha, <\/span><span class=\"tp_pub_additional_year\">2021<\/span>, <span class=\"tp_pub_additional_isbn\">ISBN: 9788490444634<\/span>.<\/p><p class=\"tp_pub_menu\"><span class=\"tp_abstract_link\"><a id=\"tp_abstract_sh_272\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('272','tp_abstract')\" title=\"Mostrar resumen\" style=\"cursor:pointer;\">Resumen<\/a><\/span> | <span class=\"tp_resource_link\"><a id=\"tp_links_sh_272\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('272','tp_links')\" title=\"Mostrar enlaces y recursos\" style=\"cursor:pointer;\">Enlaces<\/a><\/span> | <span class=\"tp_bibtex_link\"><a id=\"tp_bibtex_sh_272\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('272','tp_bibtex')\" title=\"Mostrar entrada BibTeX \" style=\"cursor:pointer;\">BibTeX<\/a><\/span><\/p><div class=\"tp_bibtex\" id=\"tp_bibtex_272\" style=\"display:none;\"><div class=\"tp_bibtex_entry\"><pre>@inproceedings{diaz-verdejo-jnic21,<br \/>\r\ntitle = {Sobre las capacidades de detecci\u00f3n de los IDS basados en firmas},<br \/>\r\nauthor = {J. Diaz-Verdejo and F. J. Mu\u00f1oz and R. Estepa Alonso and A. Estepa Alonso and G. Madinabeitia},<br \/>\r\neditor = {Manuel A. Serrano and Eduardo Fern\u00e1ndez-Medina and Cristina Alcaraz and Noem\u00ed Castro and Guillermo Calvo},<br \/>\r\nurl = {https:\/\/ruidera.uclm.es\/xmlui\/handle\/10578\/28597},<br \/>\r\ndoi = {10.18239\/jornadas_2021.34.00},<br \/>\r\nisbn = {9788490444634},<br \/>\r\nyear  = {2021},<br \/>\r\ndate = {2021-01-01},<br \/>\r\nurldate = {2021-01-01},<br \/>\r\nbooktitle = {Actas de las VI Jornadas Nacionales de Investigaci\u00f3n en Ciberseguridad},<br \/>\r\npages = {55--64},<br \/>\r\npublisher = {Ediciones de la Universidad de Castilla-La Mancha},<br \/>\r\nseries = {Colecci\u00f3n Jornadas y Congresos},<br \/>\r\nabstract = {Los sistemas de detecci\u00f3n de intrusiones (IDS) pueden detectar actividades maliciosas y generar alertas a supervisar, por lo que constituyen el n\u00b4 ucleo de los sistemas de monitorizaci\u00f3n de la seguridad de las redes. Tradicionalmente, se ha asumido que los IDS basados en firmas (SIDS) ofrecen una capacidad de detecci\u00f3n y tasa de falsos positivos adecuadas, presentando limitaciones s\u00f3lo en la detecci\u00f3n de ataques 0-day. Sin embargo, estas capacidades est\u00e1n inequ\u00edvocamente asociadas a la calidad de las firmas disponibles, que var\u00edan no s\u00f3lo en el tiempo sino con la herramienta concreta utilizada. En este trabajo se exploran las capacidades de diversos sistemas SIDS ampliamente utilizados en un escenario real en el contexto de servicios web. Asimismo, se analiza la evoluci\u00f3n de sus prestaciones a lo largo del tiempo considerando la actualizaci\u00f3n de las firmas. Los resultados de nuestras pruebas evidencian una gran variabilidad en las prestaciones en funci\u00f3n de la herramienta seleccionada, as\u00ed como una deficiente cobertura de ataques conocidos, incluso cuando se optimizan las reglas para ajustarse al sistema a proteger. Consecuentemente, es necesario revisar el papel de los SIDS como elementos de protecci\u00f3n, ya que pueden proporcionar una falsa sensaci\u00f3n de seguridad.},<br \/>\r\nkeywords = {},<br \/>\r\npubstate = {published},<br \/>\r\ntppubtype = {inproceedings}<br \/>\r\n}<br \/>\r\n<\/pre><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('272','tp_bibtex')\">Cerrar<\/a><\/p><\/div><div class=\"tp_abstract\" id=\"tp_abstract_272\" style=\"display:none;\"><div class=\"tp_abstract_entry\">Los sistemas de detecci\u00f3n de intrusiones (IDS) pueden detectar actividades maliciosas y generar alertas a supervisar, por lo que constituyen el n\u00b4 ucleo de los sistemas de monitorizaci\u00f3n de la seguridad de las redes. Tradicionalmente, se ha asumido que los IDS basados en firmas (SIDS) ofrecen una capacidad de detecci\u00f3n y tasa de falsos positivos adecuadas, presentando limitaciones s\u00f3lo en la detecci\u00f3n de ataques 0-day. Sin embargo, estas capacidades est\u00e1n inequ\u00edvocamente asociadas a la calidad de las firmas disponibles, que var\u00edan no s\u00f3lo en el tiempo sino con la herramienta concreta utilizada. En este trabajo se exploran las capacidades de diversos sistemas SIDS ampliamente utilizados en un escenario real en el contexto de servicios web. Asimismo, se analiza la evoluci\u00f3n de sus prestaciones a lo largo del tiempo considerando la actualizaci\u00f3n de las firmas. Los resultados de nuestras pruebas evidencian una gran variabilidad en las prestaciones en funci\u00f3n de la herramienta seleccionada, as\u00ed como una deficiente cobertura de ataques conocidos, incluso cuando se optimizan las reglas para ajustarse al sistema a proteger. Consecuentemente, es necesario revisar el papel de los SIDS como elementos de protecci\u00f3n, ya que pueden proporcionar una falsa sensaci\u00f3n de seguridad.<\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('272','tp_abstract')\">Cerrar<\/a><\/p><\/div><div class=\"tp_links\" id=\"tp_links_272\" style=\"display:none;\"><div class=\"tp_links_entry\"><ul class=\"tp_pub_list\"><li><i class=\"fas fa-globe\"><\/i><a class=\"tp_pub_list\" href=\"https:\/\/ruidera.uclm.es\/xmlui\/handle\/10578\/28597\" title=\"https:\/\/ruidera.uclm.es\/xmlui\/handle\/10578\/28597\" target=\"_blank\">https:\/\/ruidera.uclm.es\/xmlui\/handle\/10578\/28597<\/a><\/li><li><i class=\"ai ai-doi\"><\/i><a class=\"tp_pub_list\" href=\"https:\/\/dx.doi.org\/10.18239\/jornadas_2021.34.00\" title=\"DOI de seguimiento:10.18239\/jornadas_2021.34.00\" target=\"_blank\">doi:10.18239\/jornadas_2021.34.00<\/a><\/li><\/ul><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('272','tp_links')\">Cerrar<\/a><\/p><\/div><\/div><\/div><div class=\"tp_publication tp_publication_inproceedings\"><div class=\"tp_pub_info\"><p class=\"tp_pub_author\"> Estepa, Rafael;  Estepa, Antonio;  D\u00edaz-Verdejo, Jes\u00fas;  Lara, Agust\u00edn W;  Madinabeitia, Germ\u00e1n;  S\u00e1nchez, Jos\u00e9 A. Morales<\/p><p class=\"tp_pub_title\"><a class=\"tp_title_link\" onclick=\"teachpress_pub_showhide('271','tp_links')\" style=\"cursor:pointer;\">Dise\u00f1o de un IDS basado en anomal\u00edas para IoT: caso de estudio en SmartCities<\/a> <span class=\"tp_pub_type tp_  inproceedings\">Proceedings Article<\/span> <\/p><p class=\"tp_pub_additional\"><span class=\"tp_pub_additional_in\">En: <\/span><span class=\"tp_pub_additional_booktitle\">Actas de las VI Jornadas Nacionales de Investigaci\u00f3n en Ciberseguridad, <\/span><span class=\"tp_pub_additional_pages\">pp. 135\u2013138, <\/span><span class=\"tp_pub_additional_year\">2021<\/span>.<\/p><p class=\"tp_pub_menu\"><span class=\"tp_abstract_link\"><a id=\"tp_abstract_sh_271\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('271','tp_abstract')\" title=\"Mostrar resumen\" style=\"cursor:pointer;\">Resumen<\/a><\/span> | <span class=\"tp_resource_link\"><a id=\"tp_links_sh_271\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('271','tp_links')\" title=\"Mostrar enlaces y recursos\" style=\"cursor:pointer;\">Enlaces<\/a><\/span> | <span class=\"tp_bibtex_link\"><a id=\"tp_bibtex_sh_271\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('271','tp_bibtex')\" title=\"Mostrar entrada BibTeX \" style=\"cursor:pointer;\">BibTeX<\/a><\/span><\/p><div class=\"tp_bibtex\" id=\"tp_bibtex_271\" style=\"display:none;\"><div class=\"tp_bibtex_entry\"><pre>@inproceedings{Estepa-jnic2021,<br \/>\r\ntitle = {Dise\u00f1o de un IDS basado en anomal\u00edas para IoT: caso de estudio en SmartCities},<br \/>\r\nauthor = {Rafael Estepa and Antonio Estepa and Jes\u00fas D\u00edaz-Verdejo and Agust\u00edn W Lara and Germ\u00e1n Madinabeitia and Jos\u00e9 A. Morales S\u00e1nchez},<br \/>\r\nurl = {https:\/\/ruidera.uclm.es\/xmlui\/handle\/10578\/28638},<br \/>\r\ndoi = {10.18239\/jornadas_2021.34.30},<br \/>\r\nyear  = {2021},<br \/>\r\ndate = {2021-01-01},<br \/>\r\nurldate = {2021-01-01},<br \/>\r\nbooktitle = {Actas de las VI Jornadas Nacionales de Investigaci\u00f3n en Ciberseguridad},<br \/>\r\npages = {135--138},<br \/>\r\nabstract = {Los sistemas de Smart-City constituyen un campo espec\u00edfico en el IoT. Las soluciones de ciberseguridad IT tradicionales son excesivamente gen\u00e9ricas y poco eficientes para este tipo de instalaciones con escasos recursos computacionales y de coste limitado. Por ello, en conjunci\u00f3n con una empresa del sector, se est\u00e1 desarrollando un proyecto para la detecci\u00f3n de incidentes de seguridad de un sistema de Iluminaci\u00f3n Inteligente. En este art\u00edculo se describen los resultados iniciales del proyecto.},<br \/>\r\nkeywords = {},<br \/>\r\npubstate = {published},<br \/>\r\ntppubtype = {inproceedings}<br \/>\r\n}<br \/>\r\n<\/pre><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('271','tp_bibtex')\">Cerrar<\/a><\/p><\/div><div class=\"tp_abstract\" id=\"tp_abstract_271\" style=\"display:none;\"><div class=\"tp_abstract_entry\">Los sistemas de Smart-City constituyen un campo espec\u00edfico en el IoT. Las soluciones de ciberseguridad IT tradicionales son excesivamente gen\u00e9ricas y poco eficientes para este tipo de instalaciones con escasos recursos computacionales y de coste limitado. Por ello, en conjunci\u00f3n con una empresa del sector, se est\u00e1 desarrollando un proyecto para la detecci\u00f3n de incidentes de seguridad de un sistema de Iluminaci\u00f3n Inteligente. En este art\u00edculo se describen los resultados iniciales del proyecto.<\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('271','tp_abstract')\">Cerrar<\/a><\/p><\/div><div class=\"tp_links\" id=\"tp_links_271\" style=\"display:none;\"><div class=\"tp_links_entry\"><ul class=\"tp_pub_list\"><li><i class=\"fas fa-globe\"><\/i><a class=\"tp_pub_list\" href=\"https:\/\/ruidera.uclm.es\/xmlui\/handle\/10578\/28638\" title=\"https:\/\/ruidera.uclm.es\/xmlui\/handle\/10578\/28638\" target=\"_blank\">https:\/\/ruidera.uclm.es\/xmlui\/handle\/10578\/28638<\/a><\/li><li><i class=\"ai ai-doi\"><\/i><a class=\"tp_pub_list\" href=\"https:\/\/dx.doi.org\/10.18239\/jornadas_2021.34.30\" title=\"DOI de seguimiento:10.18239\/jornadas_2021.34.30\" target=\"_blank\">doi:10.18239\/jornadas_2021.34.30<\/a><\/li><\/ul><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('271','tp_links')\">Cerrar<\/a><\/p><\/div><\/div><\/div><h3 class=\"tp_h3\" id=\"tp_h3_2019\">2019<\/h3><div class=\"tp_publication tp_publication_inproceedings\"><div class=\"tp_pub_info\"><p class=\"tp_pub_author\"> Alonso, Antonio J. Estepa;  D\u00edaz-Verdejo, Jes\u00fas E.;  Ram\u00edrez, Estefan\u00eda Osma;  Alonso, Rafael M. Estepa;  Luque, Germ\u00e1n Madinabeitia;  Romero, Agust\u00edn W. Lara<\/p><p class=\"tp_pub_title\">Ciberseguridad en entornos de generaci\u00f3n el\u00e9ctrica en parques renovables. Resumen extendido <span class=\"tp_pub_type tp_  inproceedings\">Proceedings Article<\/span> <\/p><p class=\"tp_pub_additional\"><span class=\"tp_pub_additional_in\">En: <\/span><span class=\"tp_pub_additional_booktitle\">Actas de las V Jornadas Nacionales de Investigaci\u00f3n en Ciberseguridad, <\/span><span class=\"tp_pub_additional_pages\">pp. 334\u2013335, <\/span><span class=\"tp_pub_additional_year\">2019<\/span>, <span class=\"tp_pub_additional_isbn\">ISBN: 978-84-09-12121-2<\/span>.<\/p><p class=\"tp_pub_menu\"><span class=\"tp_abstract_link\"><a id=\"tp_abstract_sh_277\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('277','tp_abstract')\" title=\"Mostrar resumen\" style=\"cursor:pointer;\">Resumen<\/a><\/span> | <span class=\"tp_bibtex_link\"><a id=\"tp_bibtex_sh_277\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('277','tp_bibtex')\" title=\"Mostrar entrada BibTeX \" style=\"cursor:pointer;\">BibTeX<\/a><\/span><\/p><div class=\"tp_bibtex\" id=\"tp_bibtex_277\" style=\"display:none;\"><div class=\"tp_bibtex_entry\"><pre>@inproceedings{Alonso2019,<br \/>\r\ntitle = {Ciberseguridad en entornos de generaci\u00f3n el\u00e9ctrica en parques renovables. Resumen extendido},<br \/>\r\nauthor = {Antonio J. Estepa Alonso and Jes\u00fas E. D\u00edaz-Verdejo and Estefan\u00eda Osma Ram\u00edrez and Rafael M. Estepa Alonso and Germ\u00e1n Madinabeitia Luque and Agust\u00edn W. Lara Romero},<br \/>\r\nisbn = {978-84-09-12121-2},<br \/>\r\nyear  = {2019},<br \/>\r\ndate = {2019-01-01},<br \/>\r\nbooktitle = {Actas de las V Jornadas Nacionales de Investigaci\u00f3n en Ciberseguridad},<br \/>\r\npages = {334--335},<br \/>\r\nabstract = {Este documento presenta un proyecto en curso en el marco de ciberseguridad en entornos industriales de generaci\u00f3n el\u00e9ctrica. Por limitaciones de espacio y por motivos de confidencialidad, tan s\u00f3lo se describir\u00e1 el contexto de este proyecto, el alcance esperado y los requisitos que debe cumplir la soluci\u00f3n de ciberseguridad. Por \u00faltimo se realiza una breve introducci\u00f3n al dise\u00f1o inicial de la soluci\u00f3n propuesta siguiendo la aproximaci\u00f3n de M\u00ednimo Producto Viable. Dicha soluci\u00f3n se basa en la definici\u00f3n de Indicadores de Compromiso IoC para la detecci\u00f3n anomal\u00edas y vulnerabilidades en la planta.},<br \/>\r\nkeywords = {},<br \/>\r\npubstate = {published},<br \/>\r\ntppubtype = {inproceedings}<br \/>\r\n}<br \/>\r\n<\/pre><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('277','tp_bibtex')\">Cerrar<\/a><\/p><\/div><div class=\"tp_abstract\" id=\"tp_abstract_277\" style=\"display:none;\"><div class=\"tp_abstract_entry\">Este documento presenta un proyecto en curso en el marco de ciberseguridad en entornos industriales de generaci\u00f3n el\u00e9ctrica. Por limitaciones de espacio y por motivos de confidencialidad, tan s\u00f3lo se describir\u00e1 el contexto de este proyecto, el alcance esperado y los requisitos que debe cumplir la soluci\u00f3n de ciberseguridad. Por \u00faltimo se realiza una breve introducci\u00f3n al dise\u00f1o inicial de la soluci\u00f3n propuesta siguiendo la aproximaci\u00f3n de M\u00ednimo Producto Viable. Dicha soluci\u00f3n se basa en la definici\u00f3n de Indicadores de Compromiso IoC para la detecci\u00f3n anomal\u00edas y vulnerabilidades en la planta.<\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('277','tp_abstract')\">Cerrar<\/a><\/p><\/div><\/div><\/div><div class=\"tp_publication tp_publication_inproceedings\"><div class=\"tp_pub_info\"><p class=\"tp_pub_author\"> D\u00edaz-Verdejo, Jes\u00fas;  Alonso, Rafael Estepa;  Alonso, Antonio Estepa;  Madinabeitia, Germ\u00e1n<\/p><p class=\"tp_pub_title\">Metodolog\u00eda supervisada para la obtenci\u00f3n de trazas limpias del servicio HTTP <span class=\"tp_pub_type tp_  inproceedings\">Proceedings Article<\/span> <\/p><p class=\"tp_pub_additional\"><span class=\"tp_pub_additional_in\">En: <\/span><span class=\"tp_pub_additional_booktitle\">Actas de las V Jornadas Nacionales de Investigaci\u00f3n en Ciberseguridad, <\/span><span class=\"tp_pub_additional_pages\">pp. 78\u201385, <\/span><span class=\"tp_pub_additional_year\">2019<\/span>.<\/p><p class=\"tp_pub_menu\"><span class=\"tp_abstract_link\"><a id=\"tp_abstract_sh_276\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('276','tp_abstract')\" title=\"Mostrar resumen\" style=\"cursor:pointer;\">Resumen<\/a><\/span> | <span class=\"tp_bibtex_link\"><a id=\"tp_bibtex_sh_276\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('276','tp_bibtex')\" title=\"Mostrar entrada BibTeX \" style=\"cursor:pointer;\">BibTeX<\/a><\/span><\/p><div class=\"tp_bibtex\" id=\"tp_bibtex_276\" style=\"display:none;\"><div class=\"tp_bibtex_entry\"><pre>@inproceedings{Diaz-verdejo2019,<br \/>\r\ntitle = {Metodolog\u00eda supervisada para la obtenci\u00f3n de trazas limpias del servicio HTTP},<br \/>\r\nauthor = {Jes\u00fas D\u00edaz-Verdejo and Rafael Estepa Alonso and Antonio Estepa Alonso and Germ\u00e1n Madinabeitia},<br \/>\r\nyear  = {2019},<br \/>\r\ndate = {2019-01-01},<br \/>\r\nbooktitle = {Actas de las V Jornadas Nacionales de Investigaci\u00f3n en Ciberseguridad},<br \/>\r\npages = {78--85},<br \/>\r\nabstract = {Disponer de datos adecuados para el entrenamiento, evaluaci\u00f3n y validaci\u00f3n de sistemas de detecci\u00f3n de intrusos basados en anomal\u00edas representa un problema de \u00edndole pr\u00e1ctica relevante. Las caracter\u00edsticas requeridas para los datos plantean una serie de retos contrapuestos entre los que destaca la necesidad de disponer de un volumen significativo de datos reales que no contenga instancias de ataques. Esto implica un proceso de limpieza y supervisi\u00f3n que puede resultar muy costoso si se realiza manualmente. En este trabajo planteamos una metodolog\u00eda para automatizar en lo posible la adquisici\u00f3n y acondicionamiento de trazas del servicio HTTP para la detecci\u00f3n de ataques basada en URI. Esta metodolog\u00eda se aplica con buenos resultados sobre una traza real como caso de estudio.},<br \/>\r\nkeywords = {},<br \/>\r\npubstate = {published},<br \/>\r\ntppubtype = {inproceedings}<br \/>\r\n}<br \/>\r\n<\/pre><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('276','tp_bibtex')\">Cerrar<\/a><\/p><\/div><div class=\"tp_abstract\" id=\"tp_abstract_276\" style=\"display:none;\"><div class=\"tp_abstract_entry\">Disponer de datos adecuados para el entrenamiento, evaluaci\u00f3n y validaci\u00f3n de sistemas de detecci\u00f3n de intrusos basados en anomal\u00edas representa un problema de \u00edndole pr\u00e1ctica relevante. Las caracter\u00edsticas requeridas para los datos plantean una serie de retos contrapuestos entre los que destaca la necesidad de disponer de un volumen significativo de datos reales que no contenga instancias de ataques. Esto implica un proceso de limpieza y supervisi\u00f3n que puede resultar muy costoso si se realiza manualmente. En este trabajo planteamos una metodolog\u00eda para automatizar en lo posible la adquisici\u00f3n y acondicionamiento de trazas del servicio HTTP para la detecci\u00f3n de ataques basada en URI. Esta metodolog\u00eda se aplica con buenos resultados sobre una traza real como caso de estudio.<\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('276','tp_abstract')\">Cerrar<\/a><\/p><\/div><\/div><\/div><h3 class=\"tp_h3\" id=\"tp_h3_2018\">2018<\/h3><div class=\"tp_publication tp_publication_inproceedings\"><div class=\"tp_pub_info\"><p class=\"tp_pub_author\"> D\u00edaz-Verdejo, J.;  Estepa, R.;  Estepa, A.;  Madinabeitia, G.;  Rodr\u00edguez, D.<\/p><p class=\"tp_pub_title\">Metodolog\u00eda para la generacion de conjuntos de datos de ataques basados en URI de HTTP <span class=\"tp_pub_type tp_  inproceedings\">Proceedings Article<\/span> <\/p><p class=\"tp_pub_additional\"><span class=\"tp_pub_additional_in\">En: <\/span><span class=\"tp_pub_additional_booktitle\">Actas de las V Jornadas Nacionales de Investigaci\u00f3n en Ciberseguridad, <\/span><span class=\"tp_pub_additional_pages\">pp. 119\u2013126, <\/span><span class=\"tp_pub_additional_year\">2018<\/span>, <span class=\"tp_pub_additional_isbn\">ISBN: 978-84-09-02697-5<\/span>.<\/p><p class=\"tp_pub_menu\"><span class=\"tp_abstract_link\"><a id=\"tp_abstract_sh_278\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('278','tp_abstract')\" title=\"Mostrar resumen\" style=\"cursor:pointer;\">Resumen<\/a><\/span> | <span class=\"tp_bibtex_link\"><a id=\"tp_bibtex_sh_278\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('278','tp_bibtex')\" title=\"Mostrar entrada BibTeX \" style=\"cursor:pointer;\">BibTeX<\/a><\/span><\/p><div class=\"tp_bibtex\" id=\"tp_bibtex_278\" style=\"display:none;\"><div class=\"tp_bibtex_entry\"><pre>@inproceedings{diaz-verdejo-jnic2018,<br \/>\r\ntitle = {Metodolog\u00eda para la generacion de conjuntos de datos de ataques basados en URI de HTTP},<br \/>\r\nauthor = {J. D\u00edaz-Verdejo and R. Estepa and A. Estepa and G. Madinabeitia and D. Rodr\u00edguez},<br \/>\r\nisbn = {978-84-09-02697-5},<br \/>\r\nyear  = {2018},<br \/>\r\ndate = {2018-01-01},<br \/>\r\nbooktitle = {Actas de las V Jornadas Nacionales de Investigaci\u00f3n en Ciberseguridad},<br \/>\r\npages = {119--126},<br \/>\r\nabstract = {El desarrollo de sistemas de detecci\u00f3n de intrusiones basadas en web, o de firewalls de aplicaci\u00f3n web, requiere el uso de conjuntos de datos (datasets) apropiados para el entrenamiento y evaluaci\u00f3n. Una elecci\u00f3n inadecuada de los mismos resultar\u00e1 en sesgos e imprecisiones que pueden invalidar la experimentaci\u00f3n y, consecuentemente, la evaluaci\u00f3n de las capacidades de detecci\u00f3n de la\/s t\u00e9cnica\/s analizada\/s. El problema es especialmente relevante en el caso de los sistemas basados en anomal\u00edas, ya que se requiere disponer de ataques adecuados al entorno de experimentaci\u00f3n. En el presente trabajo se propone una metodolog\u00eda para la generaci\u00f3n de datasets adaptados a las necesidades de la experimentaci\u00f3n y del escenario de uso, mediante el uso de la combinaci\u00f3n y parametrizaci\u00f3n de diferentes fuentes de ataques. Adem\u00e1s, se ha implementado una herramienta que sigue la metodolog\u00eda propuesta, generando dos datasets con 800 y 1.100 instancias de ataque respectivamente, que responden a las necesidades de la experimentaci\u00f3n particular de un sistema de detecci\u00f3n de anomal\u00edas en peticiones HTTP. No obstante, la metodolog\u00eda desarrollada es suficientemente gen\u00e9rica para permitir la generaci\u00f3n de datasets adecuados al desarrollo de otros sistemas en funci\u00f3n de las necesidades del usuario.},<br \/>\r\nkeywords = {},<br \/>\r\npubstate = {published},<br \/>\r\ntppubtype = {inproceedings}<br \/>\r\n}<br \/>\r\n<\/pre><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('278','tp_bibtex')\">Cerrar<\/a><\/p><\/div><div class=\"tp_abstract\" id=\"tp_abstract_278\" style=\"display:none;\"><div class=\"tp_abstract_entry\">El desarrollo de sistemas de detecci\u00f3n de intrusiones basadas en web, o de firewalls de aplicaci\u00f3n web, requiere el uso de conjuntos de datos (datasets) apropiados para el entrenamiento y evaluaci\u00f3n. Una elecci\u00f3n inadecuada de los mismos resultar\u00e1 en sesgos e imprecisiones que pueden invalidar la experimentaci\u00f3n y, consecuentemente, la evaluaci\u00f3n de las capacidades de detecci\u00f3n de la\/s t\u00e9cnica\/s analizada\/s. El problema es especialmente relevante en el caso de los sistemas basados en anomal\u00edas, ya que se requiere disponer de ataques adecuados al entorno de experimentaci\u00f3n. En el presente trabajo se propone una metodolog\u00eda para la generaci\u00f3n de datasets adaptados a las necesidades de la experimentaci\u00f3n y del escenario de uso, mediante el uso de la combinaci\u00f3n y parametrizaci\u00f3n de diferentes fuentes de ataques. Adem\u00e1s, se ha implementado una herramienta que sigue la metodolog\u00eda propuesta, generando dos datasets con 800 y 1.100 instancias de ataque respectivamente, que responden a las necesidades de la experimentaci\u00f3n particular de un sistema de detecci\u00f3n de anomal\u00edas en peticiones HTTP. No obstante, la metodolog\u00eda desarrollada es suficientemente gen\u00e9rica para permitir la generaci\u00f3n de datasets adecuados al desarrollo de otros sistemas en funci\u00f3n de las necesidades del usuario.<\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('278','tp_abstract')\">Cerrar<\/a><\/p><\/div><\/div><\/div><h3 class=\"tp_h3\" id=\"tp_h3_2017\">2017<\/h3><div class=\"tp_publication tp_publication_inproceedings\"><div class=\"tp_pub_info\"><p class=\"tp_pub_author\"> Estepa, R.;  Estepa, A.;  D\u00edaz-Verdejo, J.;  Campos, I.;  Madinabeitia, G.;  Pe\u00f1a, I.;  Casta\u00f1o, M.;  Estrada, C.<\/p><p class=\"tp_pub_title\">Caso de estudio: sistema automatizado de evaluaci\u00f3n del riesgo TIC <span class=\"tp_pub_type tp_  inproceedings\">Proceedings Article<\/span> <\/p><p class=\"tp_pub_additional\"><span class=\"tp_pub_additional_in\">En: <\/span><span class=\"tp_pub_additional_booktitle\">Actas de las III Jornadas Nacionales de Investigaci\u00f3n en Ciberseguridad, <\/span><span class=\"tp_pub_additional_pages\">pp. 188\u2013189, <\/span><span class=\"tp_pub_additional_year\">2017<\/span>, <span class=\"tp_pub_additional_isbn\">ISBN: 9788460846598<\/span>.<\/p><p class=\"tp_pub_menu\"><span class=\"tp_abstract_link\"><a id=\"tp_abstract_sh_279\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('279','tp_abstract')\" title=\"Mostrar resumen\" style=\"cursor:pointer;\">Resumen<\/a><\/span> | <span class=\"tp_bibtex_link\"><a id=\"tp_bibtex_sh_279\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('279','tp_bibtex')\" title=\"Mostrar entrada BibTeX \" style=\"cursor:pointer;\">BibTeX<\/a><\/span><\/p><div class=\"tp_bibtex\" id=\"tp_bibtex_279\" style=\"display:none;\"><div class=\"tp_bibtex_entry\"><pre>@inproceedings{R.EstepaA.EstepaJ.DiazVerdejoI.CamposG.MadinabeitiaI.PenaM.Castano2017,<br \/>\r\ntitle = {Caso de estudio: sistema automatizado de evaluaci\u00f3n del riesgo TIC},<br \/>\r\nauthor = {R. Estepa and A. Estepa and J. D\u00edaz-Verdejo and I. Campos and G. Madinabeitia and I. Pe\u00f1a and M. Casta\u00f1o and C. Estrada},<br \/>\r\nisbn = {9788460846598},<br \/>\r\nyear  = {2017},<br \/>\r\ndate = {2017-01-01},<br \/>\r\nurldate = {2017-01-01},<br \/>\r\nbooktitle = {Actas de las III Jornadas Nacionales de Investigaci\u00f3n en Ciberseguridad},<br \/>\r\npages = {188--189},<br \/>\r\nabstract = {Es importante que las organizaciones dispongan de productos o servicios que ayuden a identificar los riesgos tecnol\u00f3gicos. Este art\u00edculo presenta nuestra experiencia con el dise\u00f1o y evaluaci\u00f3n de un sistema automatizado de auditor\u00edas de seguridad. El sistema ha sido dise\u00f1ado para realizar de forma aut\u00f3noma las tareas de inventariado, b\u00fasqueda de vulnerabilidades y detecci\u00f3n de ataques a trav\u00e9s de la red a los sistemas auditados. El sistema s\u00f3lo utiliza componentes de software libre y combina el resultado de herramientas activas y pasivas mediante dos etapas de correlaci\u00f3n. El objetivo final es ofrecer una estimaci\u00f3n del nivel de riesgo de cada uno de los activos de la organizaci\u00f3n.},<br \/>\r\nkeywords = {},<br \/>\r\npubstate = {published},<br \/>\r\ntppubtype = {inproceedings}<br \/>\r\n}<br \/>\r\n<\/pre><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('279','tp_bibtex')\">Cerrar<\/a><\/p><\/div><div class=\"tp_abstract\" id=\"tp_abstract_279\" style=\"display:none;\"><div class=\"tp_abstract_entry\">Es importante que las organizaciones dispongan de productos o servicios que ayuden a identificar los riesgos tecnol\u00f3gicos. Este art\u00edculo presenta nuestra experiencia con el dise\u00f1o y evaluaci\u00f3n de un sistema automatizado de auditor\u00edas de seguridad. El sistema ha sido dise\u00f1ado para realizar de forma aut\u00f3noma las tareas de inventariado, b\u00fasqueda de vulnerabilidades y detecci\u00f3n de ataques a trav\u00e9s de la red a los sistemas auditados. El sistema s\u00f3lo utiliza componentes de software libre y combina el resultado de herramientas activas y pasivas mediante dos etapas de correlaci\u00f3n. El objetivo final es ofrecer una estimaci\u00f3n del nivel de riesgo de cada uno de los activos de la organizaci\u00f3n.<\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('279','tp_abstract')\">Cerrar<\/a><\/p><\/div><\/div><\/div><h3 class=\"tp_h3\" id=\"tp_h3_2014\">2014<\/h3><div class=\"tp_publication tp_publication_inproceedings\"><div class=\"tp_pub_info\"><p class=\"tp_pub_author\"> Camacho, Jose;  Macia-Fernandez, Gabriel;  Diaz-Verdejo, Jesus;  Garcia-Teodoro, Pedro<\/p><p class=\"tp_pub_title\"><a class=\"tp_title_link\" onclick=\"teachpress_pub_showhide('287','tp_links')\" style=\"cursor:pointer;\">Tackling the Big Data 4 vs for anomaly detection<\/a> <span class=\"tp_pub_type tp_  inproceedings\">Proceedings Article<\/span> <\/p><p class=\"tp_pub_additional\"><span class=\"tp_pub_additional_in\">En: <\/span><span class=\"tp_pub_additional_booktitle\">2014 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), <\/span><span class=\"tp_pub_additional_pages\">pp. 500\u2013505, <\/span><span class=\"tp_pub_additional_publisher\">IEEE, <\/span><span class=\"tp_pub_additional_year\">2014<\/span>, <span class=\"tp_pub_additional_issn\">ISSN: 0743166X<\/span>.<\/p><p class=\"tp_pub_menu\"><span class=\"tp_abstract_link\"><a id=\"tp_abstract_sh_287\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('287','tp_abstract')\" title=\"Mostrar resumen\" style=\"cursor:pointer;\">Resumen<\/a><\/span> | <span class=\"tp_resource_link\"><a id=\"tp_links_sh_287\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('287','tp_links')\" title=\"Mostrar enlaces y recursos\" style=\"cursor:pointer;\">Enlaces<\/a><\/span> | <span class=\"tp_bibtex_link\"><a id=\"tp_bibtex_sh_287\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('287','tp_bibtex')\" title=\"Mostrar entrada BibTeX \" style=\"cursor:pointer;\">BibTeX<\/a><\/span><\/p><div class=\"tp_bibtex\" id=\"tp_bibtex_287\" style=\"display:none;\"><div class=\"tp_bibtex_entry\"><pre>@inproceedings{Camacho2014,<br \/>\r\ntitle = {Tackling the Big Data 4 vs for anomaly detection},<br \/>\r\nauthor = {Jose Camacho and Gabriel Macia-Fernandez and Jesus Diaz-Verdejo and Pedro Garcia-Teodoro},<br \/>\r\nurl = {http:\/\/ieeexplore.ieee.org\/document\/6849282\/},<br \/>\r\ndoi = {10.1109\/INFCOMW.2014.6849282},<br \/>\r\nissn = {0743166X},<br \/>\r\nyear  = {2014},<br \/>\r\ndate = {2014-04-01},<br \/>\r\nbooktitle = {2014 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)},<br \/>\r\npages = {500--505},<br \/>\r\npublisher = {IEEE},<br \/>\r\nabstract = {In this paper, a framework for anomaly detection and forensics in Big Data is introduced. The framework tackles the Big Data 4 Vs: Variety, Veracity, Volume and Velocity. The varied nature of the data sources is treated by transforming the typically unstructured data into a highly dimensional and structured data set. To overcome both the uncertainty (low veracity) and high dimension introduced, a latent variable method, in particular Principal Component Analysis (PCA), is applied. PCA is well known to present outstanding capabilities to extract information from highly dimensional data sets. However, PCA is limited to low size, thought highly multivariate, data sets. To handle this limitation, a kernel computation of PCA is employed. This avoids computational problems due to the size (number of observations) in the data sets and allows parallelism. Also, hierarchical models are proposed if dimensionality is extreme. Finally, to handle high velocity in analyzing time series data flows, the Exponentially Weighted Moving Average (EWMA) approach is employed. All these steps are discussed in the paper, and the VAST 2012 mini challenge 2 is used for illustration. ?? 2014 IEEE.},<br \/>\r\nkeywords = {},<br \/>\r\npubstate = {published},<br \/>\r\ntppubtype = {inproceedings}<br \/>\r\n}<br \/>\r\n<\/pre><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('287','tp_bibtex')\">Cerrar<\/a><\/p><\/div><div class=\"tp_abstract\" id=\"tp_abstract_287\" style=\"display:none;\"><div class=\"tp_abstract_entry\">In this paper, a framework for anomaly detection and forensics in Big Data is introduced. The framework tackles the Big Data 4 Vs: Variety, Veracity, Volume and Velocity. The varied nature of the data sources is treated by transforming the typically unstructured data into a highly dimensional and structured data set. To overcome both the uncertainty (low veracity) and high dimension introduced, a latent variable method, in particular Principal Component Analysis (PCA), is applied. PCA is well known to present outstanding capabilities to extract information from highly dimensional data sets. However, PCA is limited to low size, thought highly multivariate, data sets. To handle this limitation, a kernel computation of PCA is employed. This avoids computational problems due to the size (number of observations) in the data sets and allows parallelism. Also, hierarchical models are proposed if dimensionality is extreme. Finally, to handle high velocity in analyzing time series data flows, the Exponentially Weighted Moving Average (EWMA) approach is employed. All these steps are discussed in the paper, and the VAST 2012 mini challenge 2 is used for illustration. ?? 2014 IEEE.<\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('287','tp_abstract')\">Cerrar<\/a><\/p><\/div><div class=\"tp_links\" id=\"tp_links_287\" style=\"display:none;\"><div class=\"tp_links_entry\"><ul class=\"tp_pub_list\"><li><i class=\"fas fa-globe\"><\/i><a class=\"tp_pub_list\" href=\"http:\/\/ieeexplore.ieee.org\/document\/6849282\/\" title=\"http:\/\/ieeexplore.ieee.org\/document\/6849282\/\" target=\"_blank\">http:\/\/ieeexplore.ieee.org\/document\/6849282\/<\/a><\/li><li><i class=\"ai ai-doi\"><\/i><a class=\"tp_pub_list\" href=\"https:\/\/dx.doi.org\/10.1109\/INFCOMW.2014.6849282\" title=\"DOI de seguimiento:10.1109\/INFCOMW.2014.6849282\" target=\"_blank\">doi:10.1109\/INFCOMW.2014.6849282<\/a><\/li><\/ul><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('287','tp_links')\">Cerrar<\/a><\/p><\/div><\/div><\/div><div class=\"tp_publication tp_publication_inproceedings\"><div class=\"tp_pub_info\"><p class=\"tp_pub_author\"> Camacho, J.;  Maci\u00e1-Fern\u00e1ndez, G.;  D\u00edaz-Verdejo, J.;  Garc\u00eda-Teodoro, P.<\/p><p class=\"tp_pub_title\">Monitorizaci\u00f3n y selecci\u00f3n de incidentes en seguridad de redes mediante EDA <span class=\"tp_pub_type tp_  inproceedings\">Proceedings Article<\/span> <\/p><p class=\"tp_pub_additional\"><span class=\"tp_pub_additional_in\">En: <\/span><span class=\"tp_pub_additional_booktitle\">Actas de las XIII Reuni\u00f3n Espa\u00f1ola sobre Criptolog\u00eda y Seguridad de la Informaci\u00f3n, <\/span><span class=\"tp_pub_additional_pages\">pp. 309\u2013314, <\/span><span class=\"tp_pub_additional_year\">2014<\/span>, <span class=\"tp_pub_additional_isbn\">ISBN: 9788497173230<\/span>.<\/p><p class=\"tp_pub_menu\"><span class=\"tp_abstract_link\"><a id=\"tp_abstract_sh_286\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('286','tp_abstract')\" title=\"Mostrar resumen\" style=\"cursor:pointer;\">Resumen<\/a><\/span> | <span class=\"tp_bibtex_link\"><a id=\"tp_bibtex_sh_286\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('286','tp_bibtex')\" title=\"Mostrar entrada BibTeX \" style=\"cursor:pointer;\">BibTeX<\/a><\/span><\/p><div class=\"tp_bibtex\" id=\"tp_bibtex_286\" style=\"display:none;\"><div class=\"tp_bibtex_entry\"><pre>@inproceedings{Camacho-recsi2014,<br \/>\r\ntitle = {Monitorizaci\u00f3n y selecci\u00f3n de incidentes en seguridad de redes mediante EDA},<br \/>\r\nauthor = {J. Camacho and G. Maci\u00e1-Fern\u00e1ndez and J. D\u00edaz-Verdejo and P. Garc\u00eda-Teodoro},<br \/>\r\nisbn = {9788497173230},<br \/>\r\nyear  = {2014},<br \/>\r\ndate = {2014-01-01},<br \/>\r\nbooktitle = {Actas de las XIII Reuni\u00f3n Espa\u00f1ola sobre Criptolog\u00eda y Seguridad de la Informaci\u00f3n},<br \/>\r\npages = {309--314},<br \/>\r\nabstract = {Uno de los mayores retos a los que se enfrentan los sistemas de monitorizaci\u00f3n de seguridad en redes es el gran volumen de datos de diversa naturaleza y relevancia que deben procesar para su presentaci\u00f3n adecuada al equipo administrador del sistema, tratando de incorporar la informaci\u00f3n sem\u00e1ntica m\u00e1s relevante. En este art\u00edculo se propone la aplicaci\u00f3n de herramientas derivadas de t\u00e9cnicas de an\u00e1lisis exploratorio de datos para la selecci\u00f3n de los eventos cr\u00edticos en los que el administrador debe focalizar su atenci\u00f3n. Adicionalmente, estas herramientas son capaces de proporcionar informaci\u00f3n sem\u00e1ntica en relaci\u00f3n a los elementos involucrados y su grado de implicaci\u00b4on en los eventos seleccionados. La propuesta se presenta y eval\u00faa utilizando el desaf\u00edo VAST 2012 como caso de estudio, obteni\u00e9ndose resultados altamente satisfactorios.},<br \/>\r\nkeywords = {},<br \/>\r\npubstate = {published},<br \/>\r\ntppubtype = {inproceedings}<br \/>\r\n}<br \/>\r\n<\/pre><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('286','tp_bibtex')\">Cerrar<\/a><\/p><\/div><div class=\"tp_abstract\" id=\"tp_abstract_286\" style=\"display:none;\"><div class=\"tp_abstract_entry\">Uno de los mayores retos a los que se enfrentan los sistemas de monitorizaci\u00f3n de seguridad en redes es el gran volumen de datos de diversa naturaleza y relevancia que deben procesar para su presentaci\u00f3n adecuada al equipo administrador del sistema, tratando de incorporar la informaci\u00f3n sem\u00e1ntica m\u00e1s relevante. En este art\u00edculo se propone la aplicaci\u00f3n de herramientas derivadas de t\u00e9cnicas de an\u00e1lisis exploratorio de datos para la selecci\u00f3n de los eventos cr\u00edticos en los que el administrador debe focalizar su atenci\u00f3n. Adicionalmente, estas herramientas son capaces de proporcionar informaci\u00f3n sem\u00e1ntica en relaci\u00f3n a los elementos involucrados y su grado de implicaci\u00b4on en los eventos seleccionados. La propuesta se presenta y eval\u00faa utilizando el desaf\u00edo VAST 2012 como caso de estudio, obteni\u00e9ndose resultados altamente satisfactorios.<\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('286','tp_abstract')\">Cerrar<\/a><\/p><\/div><\/div><\/div><h3 class=\"tp_h3\" id=\"tp_h3_2011\">2011<\/h3><div class=\"tp_publication tp_publication_inproceedings\"><div class=\"tp_pub_info\"><p class=\"tp_pub_author\"> Camacho, Jos\u00e9;  Padilla, Pablo;  Salcedo-Campos, F. Javier;  Garc\u00eda-Teodoro, Pedro;  D\u00edaz-Verdejo, Jesus<\/p><p class=\"tp_pub_title\">Pair-wise similarity criteria for flows identification in P2P\/non-P2P traffic classification <span class=\"tp_pub_type tp_  inproceedings\">Proceedings Article<\/span> <\/p><p class=\"tp_pub_additional\"><span class=\"tp_pub_additional_in\">En: <\/span><span class=\"tp_pub_additional_booktitle\">AP2PS 2011 - 3rd International Conference on Advances in P2P Systems, <\/span><span class=\"tp_pub_additional_pages\">pp. 59\u201364, <\/span><span class=\"tp_pub_additional_year\">2011<\/span>, <span class=\"tp_pub_additional_isbn\">ISBN: 9781612081731<\/span>.<\/p><p class=\"tp_pub_menu\"><span class=\"tp_abstract_link\"><a id=\"tp_abstract_sh_299\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('299','tp_abstract')\" title=\"Mostrar resumen\" style=\"cursor:pointer;\">Resumen<\/a><\/span> | <span class=\"tp_bibtex_link\"><a id=\"tp_bibtex_sh_299\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('299','tp_bibtex')\" title=\"Mostrar entrada BibTeX \" style=\"cursor:pointer;\">BibTeX<\/a><\/span><\/p><div class=\"tp_bibtex\" id=\"tp_bibtex_299\" style=\"display:none;\"><div class=\"tp_bibtex_entry\"><pre>@inproceedings{Camacho2011a,<br \/>\r\ntitle = {Pair-wise similarity criteria for flows identification in P2P\/non-P2P traffic classification},<br \/>\r\nauthor = {Jos\u00e9 Camacho and Pablo Padilla and F. Javier Salcedo-Campos and Pedro Garc\u00eda-Teodoro and Jesus D\u00edaz-Verdejo},<br \/>\r\nisbn = {9781612081731},<br \/>\r\nyear  = {2011},<br \/>\r\ndate = {2011-01-01},<br \/>\r\nbooktitle = {AP2PS 2011 - 3rd International Conference on Advances in P2P Systems},<br \/>\r\npages = {59--64},<br \/>\r\nabstract = {There is a growing interest in network traffic classification without accessing the packets payload. A main concern for network management is peer-to-peer (P2P) traffic identification. This can be performed at several levels, including packet level, flow level and node level. Most current traffic identification approaches rely on flow level identification, being highly demanding and time consuming procedures. This paper introduces a similarity-based method to pair flows up, which is aimed at reducing the cost of identifying P2P\/non-P2P traffic flows. For that, different similarity measures for flows pairing are proposed and analyzed. Copyright textcopyright IARIA, 2011.},<br \/>\r\nkeywords = {},<br \/>\r\npubstate = {published},<br \/>\r\ntppubtype = {inproceedings}<br \/>\r\n}<br \/>\r\n<\/pre><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('299','tp_bibtex')\">Cerrar<\/a><\/p><\/div><div class=\"tp_abstract\" id=\"tp_abstract_299\" style=\"display:none;\"><div class=\"tp_abstract_entry\">There is a growing interest in network traffic classification without accessing the packets payload. A main concern for network management is peer-to-peer (P2P) traffic identification. This can be performed at several levels, including packet level, flow level and node level. Most current traffic identification approaches rely on flow level identification, being highly demanding and time consuming procedures. This paper introduces a similarity-based method to pair flows up, which is aimed at reducing the cost of identifying P2P\/non-P2P traffic flows. For that, different similarity measures for flows pairing are proposed and analyzed. Copyright textcopyright IARIA, 2011.<\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('299','tp_abstract')\">Cerrar<\/a><\/p><\/div><\/div><\/div><div class=\"tp_publication tp_publication_inproceedings\"><div class=\"tp_pub_info\"><p class=\"tp_pub_author\"> Camacho, J.;  Padilla, P.;  Salcedo-Campos, F. J.;  D\u00edaz-Verdejo, J. E.;  Garc\u00eda-Teodoro, P.<\/p><p class=\"tp_pub_title\">Estudio exploratorio de la capacidad de discriminaci\u00f3n de tr\u00e1fico P2P usando reglas de similitud entre flujos <span class=\"tp_pub_type tp_  inproceedings\">Proceedings Article<\/span> <\/p><p class=\"tp_pub_additional\"><span class=\"tp_pub_additional_in\">En: <\/span><span class=\"tp_pub_additional_booktitle\">Actas de las X Jornadas de Ingenier\u00eda Telem\u00e1tica (JITEL 2011), <\/span><span class=\"tp_pub_additional_pages\">pp. 252\u2013259, <\/span><span class=\"tp_pub_additional_year\">2011<\/span>, <span class=\"tp_pub_additional_isbn\">ISBN: 978-84-694-5948-5<\/span>.<\/p><p class=\"tp_pub_menu\"><span class=\"tp_abstract_link\"><a id=\"tp_abstract_sh_301\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('301','tp_abstract')\" title=\"Mostrar resumen\" style=\"cursor:pointer;\">Resumen<\/a><\/span> | <span class=\"tp_bibtex_link\"><a id=\"tp_bibtex_sh_301\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('301','tp_bibtex')\" title=\"Mostrar entrada BibTeX \" style=\"cursor:pointer;\">BibTeX<\/a><\/span><\/p><div class=\"tp_bibtex\" id=\"tp_bibtex_301\" style=\"display:none;\"><div class=\"tp_bibtex_entry\"><pre>@inproceedings{Camacho2011b,<br \/>\r\ntitle = {Estudio exploratorio de la capacidad de discriminaci\u00f3n de tr\u00e1fico P2P usando reglas de similitud entre flujos},<br \/>\r\nauthor = {J. Camacho and P. Padilla and F. J. Salcedo-Campos and J. E. D\u00edaz-Verdejo and P. Garc\u00eda-Teodoro},<br \/>\r\nisbn = {978-84-694-5948-5},<br \/>\r\nyear  = {2011},<br \/>\r\ndate = {2011-01-01},<br \/>\r\nbooktitle = {Actas de las X Jornadas de Ingenier\u00eda Telem\u00e1tica (JITEL 2011)},<br \/>\r\npages = {252--259},<br \/>\r\nabstract = {Existe un claro inter\u00e9s en la clasificaci\u00f3n de tr\u00e1fico en red sin acceder a la informaci\u00f3n contenida en el payload de los paquetes. En particular, resulta especialmente relevante la identificaci\u00f3n del tr\u00e1fico peer-to-peer (P2P) circulante en una red. El presente art\u00edculo eval\u00faa la aplicabilidad de reglas de similitud entre flujos de datos para la clasificaci\u00f3n de tr\u00e1fico, con especial \u00e9nfasis en la distinci\u00f3n entre el tr\u00e1fico P2P del que no lo es. En concreto, el trabajo se centra en evaluar los par\u00e1metros que permiten crear parejas de flujos asociados a un mismo protocolo. Este trabajo es un paso previo necesario para identificar relaciones entre flujos de cara a la clasificaci\u00f3n de tr\u00e1fico.},<br \/>\r\nkeywords = {},<br \/>\r\npubstate = {published},<br \/>\r\ntppubtype = {inproceedings}<br \/>\r\n}<br \/>\r\n<\/pre><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('301','tp_bibtex')\">Cerrar<\/a><\/p><\/div><div class=\"tp_abstract\" id=\"tp_abstract_301\" style=\"display:none;\"><div class=\"tp_abstract_entry\">Existe un claro inter\u00e9s en la clasificaci\u00f3n de tr\u00e1fico en red sin acceder a la informaci\u00f3n contenida en el payload de los paquetes. En particular, resulta especialmente relevante la identificaci\u00f3n del tr\u00e1fico peer-to-peer (P2P) circulante en una red. El presente art\u00edculo eval\u00faa la aplicabilidad de reglas de similitud entre flujos de datos para la clasificaci\u00f3n de tr\u00e1fico, con especial \u00e9nfasis en la distinci\u00f3n entre el tr\u00e1fico P2P del que no lo es. En concreto, el trabajo se centra en evaluar los par\u00e1metros que permiten crear parejas de flujos asociados a un mismo protocolo. Este trabajo es un paso previo necesario para identificar relaciones entre flujos de cara a la clasificaci\u00f3n de tr\u00e1fico.<\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('301','tp_abstract')\">Cerrar<\/a><\/p><\/div><\/div><\/div><div class=\"tp_publication tp_publication_inproceedings\"><div class=\"tp_pub_info\"><p class=\"tp_pub_author\"> Salcedo-Campos, F. J.;  D\u00edaz-Verdejo, J. E.;  Garc\u00eda-Teodoro, P.<\/p><p class=\"tp_pub_title\"><a class=\"tp_title_link\" onclick=\"teachpress_pub_showhide('304','tp_links')\" style=\"cursor:pointer;\">Multiple vector classification for P2P traffic identification<\/a> <span class=\"tp_pub_type tp_  inproceedings\">Proceedings Article<\/span> <\/p><p class=\"tp_pub_additional\"><span class=\"tp_pub_additional_in\">En: <\/span><span class=\"tp_pub_additional_booktitle\">DCNET 2011 OPTICS 2011 - Proceedings of the International Conference on Data Communication Networking and International Conference on Optical Communication System, <\/span><span class=\"tp_pub_additional_pages\">pp. 5\u201313, <\/span><span class=\"tp_pub_additional_year\">2011<\/span>, <span class=\"tp_pub_additional_isbn\">ISBN: 9789898425690<\/span>.<\/p><p class=\"tp_pub_menu\"><span class=\"tp_abstract_link\"><a id=\"tp_abstract_sh_304\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('304','tp_abstract')\" title=\"Mostrar resumen\" style=\"cursor:pointer;\">Resumen<\/a><\/span> | <span class=\"tp_resource_link\"><a id=\"tp_links_sh_304\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('304','tp_links')\" title=\"Mostrar enlaces y recursos\" style=\"cursor:pointer;\">Enlaces<\/a><\/span> | <span class=\"tp_bibtex_link\"><a id=\"tp_bibtex_sh_304\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('304','tp_bibtex')\" title=\"Mostrar entrada BibTeX \" style=\"cursor:pointer;\">BibTeX<\/a><\/span><\/p><div class=\"tp_bibtex\" id=\"tp_bibtex_304\" style=\"display:none;\"><div class=\"tp_bibtex_entry\"><pre>@inproceedings{Salcedo-Campos2011,<br \/>\r\ntitle = {Multiple vector classification for P2P traffic identification},<br \/>\r\nauthor = {F. J. Salcedo-Campos and J. E. D\u00edaz-Verdejo and P. Garc\u00eda-Teodoro},<br \/>\r\ndoi = {10.5220\/0003457800050013},<br \/>\r\nisbn = {9789898425690},<br \/>\r\nyear  = {2011},<br \/>\r\ndate = {2011-01-01},<br \/>\r\nbooktitle = {DCNET 2011 OPTICS 2011 - Proceedings of the International Conference on Data Communication Networking and International Conference on Optical Communication System},<br \/>\r\npages = {5--13},<br \/>\r\nabstract = {The identification of P2P traffic has become a principal concern for the research community in the last years. Although several P2P traffic identification proposals can be found in the specialized literature, the problem still persists mainly due to obfuscation and privacy matters. This paper presents a flow-based P2P traffic identification scheme which is based on a multiple classification procedure. First, every traffic flow monitored is parameterized by using three different groups of features: time related features, data transfer features and signalling features. After that, a flow identification process is performed for each group of features. Finally, a global identification procedure is carried out by combining the three individual classifications. Promising experimental results have been obtained by using a basic KNN scheme as the classifier. These results provide some insights on the relevance of the group of features considered and demonstrate the validity of our approach to identify P2P traffic in a reliable way, while content inspection is avoided.},<br \/>\r\nkeywords = {},<br \/>\r\npubstate = {published},<br \/>\r\ntppubtype = {inproceedings}<br \/>\r\n}<br \/>\r\n<\/pre><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('304','tp_bibtex')\">Cerrar<\/a><\/p><\/div><div class=\"tp_abstract\" id=\"tp_abstract_304\" style=\"display:none;\"><div class=\"tp_abstract_entry\">The identification of P2P traffic has become a principal concern for the research community in the last years. Although several P2P traffic identification proposals can be found in the specialized literature, the problem still persists mainly due to obfuscation and privacy matters. This paper presents a flow-based P2P traffic identification scheme which is based on a multiple classification procedure. First, every traffic flow monitored is parameterized by using three different groups of features: time related features, data transfer features and signalling features. After that, a flow identification process is performed for each group of features. Finally, a global identification procedure is carried out by combining the three individual classifications. Promising experimental results have been obtained by using a basic KNN scheme as the classifier. These results provide some insights on the relevance of the group of features considered and demonstrate the validity of our approach to identify P2P traffic in a reliable way, while content inspection is avoided.<\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('304','tp_abstract')\">Cerrar<\/a><\/p><\/div><div class=\"tp_links\" id=\"tp_links_304\" style=\"display:none;\"><div class=\"tp_links_entry\"><ul class=\"tp_pub_list\"><li><i class=\"ai ai-doi\"><\/i><a class=\"tp_pub_list\" href=\"https:\/\/dx.doi.org\/10.5220\/0003457800050013\" title=\"DOI de seguimiento:10.5220\/0003457800050013\" target=\"_blank\">doi:10.5220\/0003457800050013<\/a><\/li><\/ul><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('304','tp_links')\">Cerrar<\/a><\/p><\/div><\/div><\/div><div class=\"tp_publication tp_publication_inproceedings\"><div class=\"tp_pub_info\"><p class=\"tp_pub_author\"> Salcedo-Campos, F. J.;  D\u00edaz-Verdejo, J. E.;  Garc\u00eda-Teodoro, P.<\/p><p class=\"tp_pub_title\">Evaluaci\u00f3n de la configuraci\u00f3n de clasificadores KNN para la detecci\u00f3n de flujos P2P <span class=\"tp_pub_type tp_  inproceedings\">Proceedings Article<\/span> <\/p><p class=\"tp_pub_additional\"><span class=\"tp_pub_additional_in\">En: <\/span><span class=\"tp_pub_additional_booktitle\">Actas de las X Jornadas de Ingenier\u00eda Telem\u00e1tica (JITEL 2011), <\/span><span class=\"tp_pub_additional_pages\">pp. 268\u2013275, <\/span><span class=\"tp_pub_additional_year\">2011<\/span>, <span class=\"tp_pub_additional_isbn\">ISBN: 9788469459485<\/span>.<\/p><p class=\"tp_pub_menu\"><span class=\"tp_abstract_link\"><a id=\"tp_abstract_sh_302\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('302','tp_abstract')\" title=\"Mostrar resumen\" style=\"cursor:pointer;\">Resumen<\/a><\/span> | <span class=\"tp_bibtex_link\"><a id=\"tp_bibtex_sh_302\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('302','tp_bibtex')\" title=\"Mostrar entrada BibTeX \" style=\"cursor:pointer;\">BibTeX<\/a><\/span><\/p><div class=\"tp_bibtex\" id=\"tp_bibtex_302\" style=\"display:none;\"><div class=\"tp_bibtex_entry\"><pre>@inproceedings{Garcia-Teodoro-jitel2011,<br \/>\r\ntitle = {Evaluaci\u00f3n de la configuraci\u00f3n de clasificadores KNN para la detecci\u00f3n de flujos P2P},<br \/>\r\nauthor = {F. J. Salcedo-Campos and J. E. D\u00edaz-Verdejo and P. Garc\u00eda-Teodoro},<br \/>\r\nisbn = {9788469459485},<br \/>\r\nyear  = {2011},<br \/>\r\ndate = {2011-01-01},<br \/>\r\nbooktitle = {Actas de las X Jornadas de Ingenier\u00eda Telem\u00e1tica (JITEL 2011)},<br \/>\r\npages = {268--275},<br \/>\r\nabstract = {En los ultimos a\u00f1os se ha producido un aumento de la popularidad de las redes y aplicaciones peer-to-peer (P2P), lo que se traduce en nuevos riesgos de seguridad para los usuarios y los nodos, as\u00ed como nuevos escenarios en la gesti\u00f3n del tr\u00e1fico de las redes. En este sentido existe un claro inter\u00e9s en la detecci\u00f3n del tr\u00e1fico P2P de la red sin acceder a la informaci\u00f3n contenida en el payload de los paquetes. Los clasificadores KNN se han mostrado muy efectivos para este fin, aunque no han sido estudiados en profundidad. El presente trabajo se centra en evaluar clasificadores KNN con diferentes configuraciones de distancia, n\u00famero de vecinos m\u00e1s pr\u00f3ximos y reglas de decisi\u00f3n para determinar si un flujo corresponde a un protocolo P2P o no, obteni\u00e9ndose resultados superiores al 93% en la detecci\u00f3n de flujos P2P y cercano al 97% en la precisi\u00f3n.},<br \/>\r\nkeywords = {},<br \/>\r\npubstate = {published},<br \/>\r\ntppubtype = {inproceedings}<br \/>\r\n}<br \/>\r\n<\/pre><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('302','tp_bibtex')\">Cerrar<\/a><\/p><\/div><div class=\"tp_abstract\" id=\"tp_abstract_302\" style=\"display:none;\"><div class=\"tp_abstract_entry\">En los ultimos a\u00f1os se ha producido un aumento de la popularidad de las redes y aplicaciones peer-to-peer (P2P), lo que se traduce en nuevos riesgos de seguridad para los usuarios y los nodos, as\u00ed como nuevos escenarios en la gesti\u00f3n del tr\u00e1fico de las redes. En este sentido existe un claro inter\u00e9s en la detecci\u00f3n del tr\u00e1fico P2P de la red sin acceder a la informaci\u00f3n contenida en el payload de los paquetes. Los clasificadores KNN se han mostrado muy efectivos para este fin, aunque no han sido estudiados en profundidad. El presente trabajo se centra en evaluar clasificadores KNN con diferentes configuraciones de distancia, n\u00famero de vecinos m\u00e1s pr\u00f3ximos y reglas de decisi\u00f3n para determinar si un flujo corresponde a un protocolo P2P o no, obteni\u00e9ndose resultados superiores al 93% en la detecci\u00f3n de flujos P2P y cercano al 97% en la precisi\u00f3n.<\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('302','tp_abstract')\">Cerrar<\/a><\/p><\/div><\/div><\/div><div class=\"tp_publication tp_publication_inproceedings\"><div class=\"tp_pub_info\"><p class=\"tp_pub_author\"> Khalife, Jawad;  Hajjar, Amjad;  D\u00edaz-Verdejo, Jes\u00fas<\/p><p class=\"tp_pub_title\"><a class=\"tp_title_link\" onclick=\"teachpress_pub_showhide('305','tp_links')\" style=\"cursor:pointer;\">Performance of OpenDPI to identify truncated network traffic<\/a> <span class=\"tp_pub_type tp_  inproceedings\">Proceedings Article<\/span> <\/p><p class=\"tp_pub_additional\"><span class=\"tp_pub_additional_in\">En: <\/span><span class=\"tp_pub_additional_booktitle\">DCNET 2011 OPTICS 2011 - Proceedings of the International Conference on Data Communication Networking and International Conference on Optical Communication System, <\/span><span class=\"tp_pub_additional_pages\">pp. 51\u201356, <\/span><span class=\"tp_pub_additional_year\">2011<\/span>, <span class=\"tp_pub_additional_isbn\">ISBN: 9789898425690<\/span>.<\/p><p class=\"tp_pub_menu\"><span class=\"tp_abstract_link\"><a id=\"tp_abstract_sh_305\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('305','tp_abstract')\" title=\"Mostrar resumen\" style=\"cursor:pointer;\">Resumen<\/a><\/span> | <span class=\"tp_resource_link\"><a id=\"tp_links_sh_305\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('305','tp_links')\" title=\"Mostrar enlaces y recursos\" style=\"cursor:pointer;\">Enlaces<\/a><\/span> | <span class=\"tp_bibtex_link\"><a id=\"tp_bibtex_sh_305\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('305','tp_bibtex')\" title=\"Mostrar entrada BibTeX \" style=\"cursor:pointer;\">BibTeX<\/a><\/span><\/p><div class=\"tp_bibtex\" id=\"tp_bibtex_305\" style=\"display:none;\"><div class=\"tp_bibtex_entry\"><pre>@inproceedings{Khalife2011,<br \/>\r\ntitle = {Performance of OpenDPI to identify truncated network traffic},<br \/>\r\nauthor = {Jawad Khalife and Amjad Hajjar and Jes\u00fas D\u00edaz-Verdejo},<br \/>\r\ndoi = {10.5220\/0003516000510056},<br \/>\r\nisbn = {9789898425690},<br \/>\r\nyear  = {2011},<br \/>\r\ndate = {2011-01-01},<br \/>\r\nbooktitle = {DCNET 2011 OPTICS 2011 - Proceedings of the International Conference on Data Communication Networking and International Conference on Optical Communication System},<br \/>\r\npages = {51--56},<br \/>\r\nabstract = {The identification of the nature of the traffic flowing through a TCP\/IP network is a relevant target for traffic engineering and security related tasks. Traditional methods based on port assignments are no longer valid due to the use of ephemeral ports and ciphering. Despite the privacy concerns it arises, Deep Packet Inspection (DPI) is one of the most successful current techniques. Nevertheless, the performance of DPI is strongly limited by computational issues related to the huge amount of data it needs to handle, both in terms of number of packets and the length of the packets. This paper addresses the sensitivity of OpenDPI, one of the most powerful freely available DPI systems, when truncation of the payloads of the monitored traffic is applied. The results show that it is highly dependent on the protocol being monitored.},<br \/>\r\nkeywords = {},<br \/>\r\npubstate = {published},<br \/>\r\ntppubtype = {inproceedings}<br \/>\r\n}<br \/>\r\n<\/pre><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('305','tp_bibtex')\">Cerrar<\/a><\/p><\/div><div class=\"tp_abstract\" id=\"tp_abstract_305\" style=\"display:none;\"><div class=\"tp_abstract_entry\">The identification of the nature of the traffic flowing through a TCP\/IP network is a relevant target for traffic engineering and security related tasks. Traditional methods based on port assignments are no longer valid due to the use of ephemeral ports and ciphering. Despite the privacy concerns it arises, Deep Packet Inspection (DPI) is one of the most successful current techniques. Nevertheless, the performance of DPI is strongly limited by computational issues related to the huge amount of data it needs to handle, both in terms of number of packets and the length of the packets. This paper addresses the sensitivity of OpenDPI, one of the most powerful freely available DPI systems, when truncation of the payloads of the monitored traffic is applied. The results show that it is highly dependent on the protocol being monitored.<\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('305','tp_abstract')\">Cerrar<\/a><\/p><\/div><div class=\"tp_links\" id=\"tp_links_305\" style=\"display:none;\"><div class=\"tp_links_entry\"><ul class=\"tp_pub_list\"><li><i class=\"ai ai-doi\"><\/i><a class=\"tp_pub_list\" href=\"https:\/\/dx.doi.org\/10.5220\/0003516000510056\" title=\"DOI de seguimiento:10.5220\/0003516000510056\" target=\"_blank\">doi:10.5220\/0003516000510056<\/a><\/li><\/ul><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('305','tp_links')\">Cerrar<\/a><\/p><\/div><\/div><\/div><div class=\"tp_publication tp_publication_inproceedings\"><div class=\"tp_pub_info\"><p class=\"tp_pub_author\"> Khalife, Jawad;  Hajjar, Amjad;  D\u00edaz-Verdejo, Jes\u00fas<\/p><p class=\"tp_pub_title\">On the performance of OpenDPI in identifying P2P truncated flows <span class=\"tp_pub_type tp_  inproceedings\">Proceedings Article<\/span> <\/p><p class=\"tp_pub_additional\"><span class=\"tp_pub_additional_in\">En: <\/span><span class=\"tp_pub_additional_booktitle\">AP2PS 2011 - 3rd International Conference on Advances in P2P Systems, <\/span><span class=\"tp_pub_additional_pages\">pp. 79\u201384, <\/span><span class=\"tp_pub_additional_year\">2011<\/span>, <span class=\"tp_pub_additional_isbn\">ISBN: 9781612081731<\/span>.<\/p><p class=\"tp_pub_menu\"><span class=\"tp_abstract_link\"><a id=\"tp_abstract_sh_300\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('300','tp_abstract')\" title=\"Mostrar resumen\" style=\"cursor:pointer;\">Resumen<\/a><\/span> | <span class=\"tp_bibtex_link\"><a id=\"tp_bibtex_sh_300\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('300','tp_bibtex')\" title=\"Mostrar entrada BibTeX \" style=\"cursor:pointer;\">BibTeX<\/a><\/span><\/p><div class=\"tp_bibtex\" id=\"tp_bibtex_300\" style=\"display:none;\"><div class=\"tp_bibtex_entry\"><pre>@inproceedings{Khalife2011a,<br \/>\r\ntitle = {On the performance of OpenDPI in identifying P2P truncated flows},<br \/>\r\nauthor = {Jawad Khalife and Amjad Hajjar and Jes\u00fas D\u00edaz-Verdejo},<br \/>\r\nisbn = {9781612081731},<br \/>\r\nyear  = {2011},<br \/>\r\ndate = {2011-01-01},<br \/>\r\nbooktitle = {AP2PS 2011 - 3rd International Conference on Advances in P2P Systems},<br \/>\r\npages = {79--84},<br \/>\r\nabstract = {This paper aims to show the impact on classification accuracy and the level of computational gain that could be obtained in applying deep packet inspection on truncated peer to peer traffic flows instead of complete ones. Using one of the latest open source classifiers, experiments were conducted to evaluate classification performance on full and truncated network flows for different protocols, focusing on the detection of peer to peer. Despite minor exceptions, all the results show that with the latest deep packet inspection classifiers, which may incorporate different helper technologies, inspecting the first packets at the beginning of each flow, may still provide concrete computational gain while an acceptable level of classification accuracy is maintained. The present paper discusses this tradeoff and provides some recommendations on the number of packets to be inspected for the detection of peer to peer flows and some other common application protocols. As such, a new sampling approach is proposed, which accommodates samples to the stateful classifier's algorithm, taking into consideration the characteristics of the protocols being classified. Copyright textcopyright IARIA, 2011.},<br \/>\r\nkeywords = {},<br \/>\r\npubstate = {published},<br \/>\r\ntppubtype = {inproceedings}<br \/>\r\n}<br \/>\r\n<\/pre><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('300','tp_bibtex')\">Cerrar<\/a><\/p><\/div><div class=\"tp_abstract\" id=\"tp_abstract_300\" style=\"display:none;\"><div class=\"tp_abstract_entry\">This paper aims to show the impact on classification accuracy and the level of computational gain that could be obtained in applying deep packet inspection on truncated peer to peer traffic flows instead of complete ones. Using one of the latest open source classifiers, experiments were conducted to evaluate classification performance on full and truncated network flows for different protocols, focusing on the detection of peer to peer. Despite minor exceptions, all the results show that with the latest deep packet inspection classifiers, which may incorporate different helper technologies, inspecting the first packets at the beginning of each flow, may still provide concrete computational gain while an acceptable level of classification accuracy is maintained. The present paper discusses this tradeoff and provides some recommendations on the number of packets to be inspected for the detection of peer to peer flows and some other common application protocols. As such, a new sampling approach is proposed, which accommodates samples to the stateful classifier's algorithm, taking into consideration the characteristics of the protocols being classified. Copyright textcopyright IARIA, 2011.<\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('300','tp_abstract')\">Cerrar<\/a><\/p><\/div><\/div><\/div><div class=\"tp_publication tp_publication_inproceedings\"><div class=\"tp_pub_info\"><p class=\"tp_pub_author\"> Salcedo-Campos, Francisco;  D\u00edaz-Verdejo, Jes\u00fas;  Garcia-Teodoro, Pedro<\/p><p class=\"tp_pub_title\">Spam Detection Through Sliding Windowing of E-mail Headers <span class=\"tp_pub_type tp_  inproceedings\">Proceedings Article<\/span> <\/p><p class=\"tp_pub_additional\"><span class=\"tp_pub_additional_in\">En: <\/span><span class=\"tp_pub_additional_booktitle\">9th International Conference on Applied Cryptography and Network Security (ACNS '11), <\/span><span class=\"tp_pub_additional_pages\">pp. 67\u201383, <\/span><span class=\"tp_pub_additional_year\">2011<\/span>.<\/p><p class=\"tp_pub_menu\"><span class=\"tp_bibtex_link\"><a id=\"tp_bibtex_sh_303\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('303','tp_bibtex')\" title=\"Mostrar entrada BibTeX \" style=\"cursor:pointer;\">BibTeX<\/a><\/span><\/p><div class=\"tp_bibtex\" id=\"tp_bibtex_303\" style=\"display:none;\"><div class=\"tp_bibtex_entry\"><pre>@inproceedings{FranciscoSalcedo-CamposJesusDiaz-Verdejo2011,<br \/>\r\ntitle = {Spam Detection Through Sliding Windowing of E-mail Headers},<br \/>\r\nauthor = {Francisco Salcedo-Campos and Jes\u00fas D\u00edaz-Verdejo and Pedro Garcia-Teodoro},<br \/>\r\nyear  = {2011},<br \/>\r\ndate = {2011-01-01},<br \/>\r\nbooktitle = {9th International Conference on Applied Cryptography and Network Security (ACNS '11)},<br \/>\r\npages = {67--83},<br \/>\r\nkeywords = {},<br \/>\r\npubstate = {published},<br \/>\r\ntppubtype = {inproceedings}<br \/>\r\n}<br \/>\r\n<\/pre><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('303','tp_bibtex')\">Cerrar<\/a><\/p><\/div><\/div><\/div><h3 class=\"tp_h3\" id=\"tp_h3_2010\">2010<\/h3><div class=\"tp_publication tp_publication_inproceedings\"><div class=\"tp_pub_info\"><p class=\"tp_pub_author\"> Salazar-Hern\u00e1ndez, Rolando;  D\u00edaz-Verdejo, Jes\u00fas E.<\/p><p class=\"tp_pub_title\">Anonimizaci\u00f3n de payloads para el desarrollo de AIDS basados en protocolos <span class=\"tp_pub_type tp_  inproceedings\">Proceedings Article<\/span> <\/p><p class=\"tp_pub_additional\"><span class=\"tp_pub_additional_in\">En: <\/span><span class=\"tp_pub_additional_booktitle\">Actas de las IX Jornadas de Ingenier\u00eda Telem\u00e1tica (JITEL 2010), <\/span><span class=\"tp_pub_additional_pages\">pp. 260\u2013267, <\/span><span class=\"tp_pub_additional_year\">2010<\/span>.<\/p><p class=\"tp_pub_menu\"><span class=\"tp_abstract_link\"><a id=\"tp_abstract_sh_307\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('307','tp_abstract')\" title=\"Mostrar resumen\" style=\"cursor:pointer;\">Resumen<\/a><\/span> | <span class=\"tp_bibtex_link\"><a id=\"tp_bibtex_sh_307\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('307','tp_bibtex')\" title=\"Mostrar entrada BibTeX \" style=\"cursor:pointer;\">BibTeX<\/a><\/span><\/p><div class=\"tp_bibtex\" id=\"tp_bibtex_307\" style=\"display:none;\"><div class=\"tp_bibtex_entry\"><pre>@inproceedings{Salazar-hernandez-jitel2010,<br \/>\r\ntitle = {Anonimizaci\u00f3n de payloads para el desarrollo de AIDS basados en protocolos},<br \/>\r\nauthor = {Rolando Salazar-Hern\u00e1ndez and Jes\u00fas E. D\u00edaz-Verdejo},<br \/>\r\nyear  = {2010},<br \/>\r\ndate = {2010-01-01},<br \/>\r\nbooktitle = {Actas de las IX Jornadas de Ingenier\u00eda Telem\u00e1tica (JITEL 2010)},<br \/>\r\npages = {260--267},<br \/>\r\nabstract = {La adquisici\u00f3n de tr\u00e1fico de red plantea diversos problemas de \u00edndole legal relacionados con la privacidad de las comunicaciones. Sin embargo, la disponibilidad de este tipo de datos resulta imprescindible para el desarrollo de sistemas de detecci\u00f3n de intrusiones (IDS) basados en anomal\u00edas. Para preservar la privacidad y evitar el problema se pueden utilizar t\u00e9cnicas de anonimizaci\u00f3n del tr\u00e1fico. Las t\u00e9cnicas existentes se centran en la ocultaci\u00f3n de la informaci\u00f3n contenida en las diferentes cabeceras, lo que resulta inadecuado en algunos casos. En este trabajo se presenta y eval\u00faa una t\u00e9cnica de anonimizaci\u00f3n que act\u00faa sobre los contenidos de los mensajes intercambiados y que resulta v\u00e1lida para el desarrollo y evaluaci\u00f3n de AIDS que operen en base a las cargas \u00fatiles del tr\u00e1fico monitorizado.},<br \/>\r\nkeywords = {},<br \/>\r\npubstate = {published},<br \/>\r\ntppubtype = {inproceedings}<br \/>\r\n}<br \/>\r\n<\/pre><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('307','tp_bibtex')\">Cerrar<\/a><\/p><\/div><div class=\"tp_abstract\" id=\"tp_abstract_307\" style=\"display:none;\"><div class=\"tp_abstract_entry\">La adquisici\u00f3n de tr\u00e1fico de red plantea diversos problemas de \u00edndole legal relacionados con la privacidad de las comunicaciones. Sin embargo, la disponibilidad de este tipo de datos resulta imprescindible para el desarrollo de sistemas de detecci\u00f3n de intrusiones (IDS) basados en anomal\u00edas. Para preservar la privacidad y evitar el problema se pueden utilizar t\u00e9cnicas de anonimizaci\u00f3n del tr\u00e1fico. Las t\u00e9cnicas existentes se centran en la ocultaci\u00f3n de la informaci\u00f3n contenida en las diferentes cabeceras, lo que resulta inadecuado en algunos casos. En este trabajo se presenta y eval\u00faa una t\u00e9cnica de anonimizaci\u00f3n que act\u00faa sobre los contenidos de los mensajes intercambiados y que resulta v\u00e1lida para el desarrollo y evaluaci\u00f3n de AIDS que operen en base a las cargas \u00fatiles del tr\u00e1fico monitorizado.<\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('307','tp_abstract')\">Cerrar<\/a><\/p><\/div><\/div><\/div><h3 class=\"tp_h3\" id=\"tp_h3_2009\">2009<\/h3><div class=\"tp_publication tp_publication_inproceedings\"><div class=\"tp_pub_info\"><p class=\"tp_pub_author\"> D\u00edaz-Verdejo, J.;  Garc\u00eda-Teodoro, P.;  Maci\u00e1-Fern\u00e1ndez, G.;  Soriano-Ib\u00e1\u00f1ez, M.<\/p><p class=\"tp_pub_title\"><a class=\"tp_title_link\" onclick=\"teachpress_pub_showhide('313','tp_links')\" style=\"cursor:pointer;\">Environmental security in P2P networks<\/a> <span class=\"tp_pub_type tp_  inproceedings\">Proceedings Article<\/span> <\/p><p class=\"tp_pub_additional\"><span class=\"tp_pub_additional_in\">En: <\/span><span class=\"tp_pub_additional_booktitle\">1st International Conference on Advances in P2P Systems, AP2PS 2009, <\/span><span class=\"tp_pub_additional_pages\">pp. 138\u2013143, <\/span><span class=\"tp_pub_additional_year\">2009<\/span>, <span class=\"tp_pub_additional_isbn\">ISBN: 9780769538310<\/span>.<\/p><p class=\"tp_pub_menu\"><span class=\"tp_abstract_link\"><a id=\"tp_abstract_sh_313\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('313','tp_abstract')\" title=\"Mostrar resumen\" style=\"cursor:pointer;\">Resumen<\/a><\/span> | <span class=\"tp_resource_link\"><a id=\"tp_links_sh_313\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('313','tp_links')\" title=\"Mostrar enlaces y recursos\" style=\"cursor:pointer;\">Enlaces<\/a><\/span> | <span class=\"tp_bibtex_link\"><a id=\"tp_bibtex_sh_313\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('313','tp_bibtex')\" title=\"Mostrar entrada BibTeX \" style=\"cursor:pointer;\">BibTeX<\/a><\/span><\/p><div class=\"tp_bibtex\" id=\"tp_bibtex_313\" style=\"display:none;\"><div class=\"tp_bibtex_entry\"><pre>@inproceedings{Diaz-Verdejo2009a,<br \/>\r\ntitle = {Environmental security in P2P networks},<br \/>\r\nauthor = {J. D\u00edaz-Verdejo and P. Garc\u00eda-Teodoro and G. Maci\u00e1-Fern\u00e1ndez and M. Soriano-Ib\u00e1\u00f1ez},<br \/>\r\ndoi = {10.1109\/AP2PS.2009.29},<br \/>\r\nisbn = {9780769538310},<br \/>\r\nyear  = {2009},<br \/>\r\ndate = {2009-01-01},<br \/>\r\nbooktitle = {1st International Conference on Advances in P2P Systems, AP2PS 2009},<br \/>\r\npages = {138--143},<br \/>\r\nabstract = {The great impact and growth of P2P networks in recent years make them an interesting target for hackers. But the development of P2P is aimed at improving the behavior of the networks, in computational terms, or to hide the transactions from observers. Security in P2P networks has been usually undervalued and not taken into account. This paper tries to highlight the major topics and challenges regarding P2P security, from a network infrastructure point of view (environmental security), providing some insights in current developments and available techniques that could be used to solve those problems. textcopyright 2009 IEEE.},<br \/>\r\nkeywords = {},<br \/>\r\npubstate = {published},<br \/>\r\ntppubtype = {inproceedings}<br \/>\r\n}<br \/>\r\n<\/pre><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('313','tp_bibtex')\">Cerrar<\/a><\/p><\/div><div class=\"tp_abstract\" id=\"tp_abstract_313\" style=\"display:none;\"><div class=\"tp_abstract_entry\">The great impact and growth of P2P networks in recent years make them an interesting target for hackers. But the development of P2P is aimed at improving the behavior of the networks, in computational terms, or to hide the transactions from observers. Security in P2P networks has been usually undervalued and not taken into account. This paper tries to highlight the major topics and challenges regarding P2P security, from a network infrastructure point of view (environmental security), providing some insights in current developments and available techniques that could be used to solve those problems. textcopyright 2009 IEEE.<\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('313','tp_abstract')\">Cerrar<\/a><\/p><\/div><div class=\"tp_links\" id=\"tp_links_313\" style=\"display:none;\"><div class=\"tp_links_entry\"><ul class=\"tp_pub_list\"><li><i class=\"ai ai-doi\"><\/i><a class=\"tp_pub_list\" href=\"https:\/\/dx.doi.org\/10.1109\/AP2PS.2009.29\" title=\"DOI de seguimiento:10.1109\/AP2PS.2009.29\" target=\"_blank\">doi:10.1109\/AP2PS.2009.29<\/a><\/li><\/ul><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('313','tp_links')\">Cerrar<\/a><\/p><\/div><\/div><\/div><div class=\"tp_publication tp_publication_inproceedings\"><div class=\"tp_pub_info\"><p class=\"tp_pub_author\"> D\u00edaz-Verdejo, J.;  Maci\u00e1-Fern\u00e1ndez, G.;  Garc\u00eda-Teodoro, P.;  Nu\u00f1o-Garc\u00eda, J.<\/p><p class=\"tp_pub_title\"><a class=\"tp_title_link\" onclick=\"teachpress_pub_showhide('317','tp_links')\" style=\"cursor:pointer;\">Anomaly detection in P2P networks using Markov modelling<\/a> <span class=\"tp_pub_type tp_  inproceedings\">Proceedings Article<\/span> <\/p><p class=\"tp_pub_additional\"><span class=\"tp_pub_additional_in\">En: <\/span><span class=\"tp_pub_additional_booktitle\">1st International Conference on Advances in P2P Systems, AP2PS 2009, <\/span><span class=\"tp_pub_additional_pages\">pp. 156\u2013159, <\/span><span class=\"tp_pub_additional_year\">2009<\/span>, <span class=\"tp_pub_additional_isbn\">ISBN: 9780769538310<\/span>.<\/p><p class=\"tp_pub_menu\"><span class=\"tp_abstract_link\"><a id=\"tp_abstract_sh_317\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('317','tp_abstract')\" title=\"Mostrar resumen\" style=\"cursor:pointer;\">Resumen<\/a><\/span> | <span class=\"tp_resource_link\"><a id=\"tp_links_sh_317\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('317','tp_links')\" title=\"Mostrar enlaces y recursos\" style=\"cursor:pointer;\">Enlaces<\/a><\/span> | <span class=\"tp_bibtex_link\"><a id=\"tp_bibtex_sh_317\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('317','tp_bibtex')\" title=\"Mostrar entrada BibTeX \" style=\"cursor:pointer;\">BibTeX<\/a><\/span><\/p><div class=\"tp_bibtex\" id=\"tp_bibtex_317\" style=\"display:none;\"><div class=\"tp_bibtex_entry\"><pre>@inproceedings{Diaz-Verdejo2009,<br \/>\r\ntitle = {Anomaly detection in P2P networks using Markov modelling},<br \/>\r\nauthor = {J. D\u00edaz-Verdejo and G. Maci\u00e1-Fern\u00e1ndez and P. Garc\u00eda-Teodoro and J. Nu\u00f1o-Garc\u00eda},<br \/>\r\ndoi = {10.1109\/AP2PS.2009.32},<br \/>\r\nisbn = {9780769538310},<br \/>\r\nyear  = {2009},<br \/>\r\ndate = {2009-01-01},<br \/>\r\nbooktitle = {1st International Conference on Advances in P2P Systems, AP2PS 2009},<br \/>\r\npages = {156--159},<br \/>\r\nabstract = {The popularity of P2P networks makes them an attractive target for hackers. Potential vulnerabilities in the software used in P2P networking represent a big threat for users and the whole community. To prevent and mitigate the risks, intrusion detection techniques have been traditionally applied. In this work in progress, a Markov based technique is applied to the detection of anomalies in the usage of P2P protocols. The detector searches for two kinds of anomalies: those that appear in the structure, grammar and semantics of each of the messages in the protocol, and those associated to the sequence of messages (protocol sessions). Previous results from other protocols, as HTTP and DNS, confirm the potentialities of the approach. textcopyright 2009 IEEE.},<br \/>\r\nkeywords = {},<br \/>\r\npubstate = {published},<br \/>\r\ntppubtype = {inproceedings}<br \/>\r\n}<br \/>\r\n<\/pre><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('317','tp_bibtex')\">Cerrar<\/a><\/p><\/div><div class=\"tp_abstract\" id=\"tp_abstract_317\" style=\"display:none;\"><div class=\"tp_abstract_entry\">The popularity of P2P networks makes them an attractive target for hackers. Potential vulnerabilities in the software used in P2P networking represent a big threat for users and the whole community. To prevent and mitigate the risks, intrusion detection techniques have been traditionally applied. In this work in progress, a Markov based technique is applied to the detection of anomalies in the usage of P2P protocols. The detector searches for two kinds of anomalies: those that appear in the structure, grammar and semantics of each of the messages in the protocol, and those associated to the sequence of messages (protocol sessions). Previous results from other protocols, as HTTP and DNS, confirm the potentialities of the approach. textcopyright 2009 IEEE.<\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('317','tp_abstract')\">Cerrar<\/a><\/p><\/div><div class=\"tp_links\" id=\"tp_links_317\" style=\"display:none;\"><div class=\"tp_links_entry\"><ul class=\"tp_pub_list\"><li><i class=\"ai ai-doi\"><\/i><a class=\"tp_pub_list\" href=\"https:\/\/dx.doi.org\/10.1109\/AP2PS.2009.32\" title=\"DOI de seguimiento:10.1109\/AP2PS.2009.32\" target=\"_blank\">doi:10.1109\/AP2PS.2009.32<\/a><\/li><\/ul><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('317','tp_links')\">Cerrar<\/a><\/p><\/div><\/div><\/div><div class=\"tp_publication tp_publication_inproceedings\"><div class=\"tp_pub_info\"><p class=\"tp_pub_author\"> Salazar-Hern\u00e1ndez, R.;  D\u00edaz-Verdejo, J.<\/p><p class=\"tp_pub_title\">Generaci\u00f3n de tr\u00e1fico de ataque para la evaluaci\u00f3n de sistemas de detecci\u00f3n de intrusos <span class=\"tp_pub_type tp_  inproceedings\">Proceedings Article<\/span> <\/p><p class=\"tp_pub_additional\"><span class=\"tp_pub_additional_in\">En: <\/span><span class=\"tp_pub_additional_booktitle\">Actas de las VIII Jornadas de Ingenier\u00eda Telem\u00e1tica (JITEL 2009), <\/span><span class=\"tp_pub_additional_pages\">pp. 439\u2013442, <\/span><span class=\"tp_pub_additional_year\">2009<\/span>.<\/p><p class=\"tp_pub_menu\"><span class=\"tp_abstract_link\"><a id=\"tp_abstract_sh_318\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('318','tp_abstract')\" title=\"Mostrar resumen\" style=\"cursor:pointer;\">Resumen<\/a><\/span> | <span class=\"tp_bibtex_link\"><a id=\"tp_bibtex_sh_318\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('318','tp_bibtex')\" title=\"Mostrar entrada BibTeX \" style=\"cursor:pointer;\">BibTeX<\/a><\/span><\/p><div class=\"tp_bibtex\" id=\"tp_bibtex_318\" style=\"display:none;\"><div class=\"tp_bibtex_entry\"><pre>@inproceedings{Salazar-Hernandez-jitel2009,<br \/>\r\ntitle = {Generaci\u00f3n de tr\u00e1fico de ataque para la evaluaci\u00f3n de sistemas de detecci\u00f3n de intrusos},<br \/>\r\nauthor = {R. Salazar-Hern\u00e1ndez and J. D\u00edaz-Verdejo},<br \/>\r\nyear  = {2009},<br \/>\r\ndate = {2009-01-01},<br \/>\r\nbooktitle = {Actas de las VIII Jornadas de Ingenier\u00eda Telem\u00e1tica (JITEL 2009)},<br \/>\r\npages = {439--442},<br \/>\r\nabstract = {Los sistemas de detecci\u00f3n de intrusos basados en red y detecci\u00f3n de anomal\u00edas necesitan utilizar tr\u00e1fico de red para realizar las fases de entrenamiento, prueba y validaci\u00f3n. Este tr\u00e1fico debe contener patrones de comportamiento normal y an\u00f3malo y representar adecuadamente el tr\u00e1fico real. Sin embargo, no es f\u00e1cil obtener un conjunto representativo de los ataques existentes. En este art\u00edculo se describen varias aproximaciones para obtener tr\u00e1fico de ataques correspondientes al protocolo HTTP. Se han obtenido de varias fuentes la informaci\u00f3n los exploits necesarios para generar los ataques dentro de un entorno controlado. Las bases de datos as\u00ed recopiladas han sido sometidas a evaluaci\u00f3n con un sistema de detecci\u00f3n de intrusos basado en red para analizar su comportamiento y calidad.},<br \/>\r\nkeywords = {},<br \/>\r\npubstate = {published},<br \/>\r\ntppubtype = {inproceedings}<br \/>\r\n}<br \/>\r\n<\/pre><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('318','tp_bibtex')\">Cerrar<\/a><\/p><\/div><div class=\"tp_abstract\" id=\"tp_abstract_318\" style=\"display:none;\"><div class=\"tp_abstract_entry\">Los sistemas de detecci\u00f3n de intrusos basados en red y detecci\u00f3n de anomal\u00edas necesitan utilizar tr\u00e1fico de red para realizar las fases de entrenamiento, prueba y validaci\u00f3n. Este tr\u00e1fico debe contener patrones de comportamiento normal y an\u00f3malo y representar adecuadamente el tr\u00e1fico real. Sin embargo, no es f\u00e1cil obtener un conjunto representativo de los ataques existentes. En este art\u00edculo se describen varias aproximaciones para obtener tr\u00e1fico de ataques correspondientes al protocolo HTTP. Se han obtenido de varias fuentes la informaci\u00f3n los exploits necesarios para generar los ataques dentro de un entorno controlado. Las bases de datos as\u00ed recopiladas han sido sometidas a evaluaci\u00f3n con un sistema de detecci\u00f3n de intrusos basado en red para analizar su comportamiento y calidad.<\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('318','tp_abstract')\">Cerrar<\/a><\/p><\/div><\/div><\/div><div class=\"tp_publication tp_publication_inproceedings\"><div class=\"tp_pub_info\"><p class=\"tp_pub_author\"> Rodr\u00edguez-G\u00f3mez, Rafael Alejandro;  Maci\u00e1-Fern\u00e1ndez, Gabriel;  Garc\u00eda-Teodoro, Pedro;  D\u00edaz-Verdejo, Jes\u00fas Esteban<\/p><p class=\"tp_pub_title\">Defensas frente a ataques DoS a baja tasa contra servidores basadas en pol\u00edticas de gesti\u00f3n de colas <span class=\"tp_pub_type tp_  inproceedings\">Proceedings Article<\/span> <\/p><p class=\"tp_pub_additional\"><span class=\"tp_pub_additional_in\">En: <\/span><span class=\"tp_pub_additional_booktitle\">Actas de las VIII Jornadas de Ingenier\u00eda Telem\u00e1tica (JITEL 2009), <\/span><span class=\"tp_pub_additional_pages\">pp. 46\u201353, <\/span><span class=\"tp_pub_additional_year\">2009<\/span>.<\/p><p class=\"tp_pub_menu\"><span class=\"tp_abstract_link\"><a id=\"tp_abstract_sh_312\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('312','tp_abstract')\" title=\"Mostrar resumen\" style=\"cursor:pointer;\">Resumen<\/a><\/span> | <span class=\"tp_bibtex_link\"><a id=\"tp_bibtex_sh_312\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('312','tp_bibtex')\" title=\"Mostrar entrada BibTeX \" style=\"cursor:pointer;\">BibTeX<\/a><\/span><\/p><div class=\"tp_bibtex\" id=\"tp_bibtex_312\" style=\"display:none;\"><div class=\"tp_bibtex_entry\"><pre>@inproceedings{Rodriguez-gomez2009,<br \/>\r\ntitle = {Defensas frente a ataques DoS a baja tasa contra servidores basadas en pol\u00edticas de gesti\u00f3n de colas},<br \/>\r\nauthor = {Rafael Alejandro Rodr\u00edguez-G\u00f3mez and Gabriel Maci\u00e1-Fern\u00e1ndez and Pedro Garc\u00eda-Teodoro and Jes\u00fas Esteban D\u00edaz-Verdejo},<br \/>\r\nyear  = {2009},<br \/>\r\ndate = {2009-01-01},<br \/>\r\nbooktitle = {Actas de las VIII Jornadas de Ingenier\u00eda Telem\u00e1tica (JITEL 2009)},<br \/>\r\npages = {46--53},<br \/>\r\nabstract = {En este art\u00edculo se eval\u00faa el uso de defensas contra ataques de denegaci\u00f3n de servicio a baja tasa contra servidores basadas en pol\u00edticas de gesti\u00f3n de colas y la viabilidad de su implementaci\u00f3n. En un sistema real, para este \u00faltimo fin, se modifica el n\u00facleo del sistema operativo Linux proporcionando un marco de trabajo que permite, de forma flexible y simplificada, la introducci\u00f3n del c\u00f3digo que implementa las pol\u00edticas citadas. Se propone una pol\u00edtica de gesti\u00f3n de colas y se muestra que su implementaci\u00f3n es factible en este n\u00facleo modificado. Por \u00faltimo, se realizan una serie de pruebas con dicha pol\u00edtica de gesti\u00f3n de colas y, a la luz de los resultados obtenidos, se comprueba que es eficaz frente a ataques DoS contra servidores, ya que mitiga sus efectos de forma considerable. Palabras},<br \/>\r\nkeywords = {},<br \/>\r\npubstate = {published},<br \/>\r\ntppubtype = {inproceedings}<br \/>\r\n}<br \/>\r\n<\/pre><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('312','tp_bibtex')\">Cerrar<\/a><\/p><\/div><div class=\"tp_abstract\" id=\"tp_abstract_312\" style=\"display:none;\"><div class=\"tp_abstract_entry\">En este art\u00edculo se eval\u00faa el uso de defensas contra ataques de denegaci\u00f3n de servicio a baja tasa contra servidores basadas en pol\u00edticas de gesti\u00f3n de colas y la viabilidad de su implementaci\u00f3n. En un sistema real, para este \u00faltimo fin, se modifica el n\u00facleo del sistema operativo Linux proporcionando un marco de trabajo que permite, de forma flexible y simplificada, la introducci\u00f3n del c\u00f3digo que implementa las pol\u00edticas citadas. Se propone una pol\u00edtica de gesti\u00f3n de colas y se muestra que su implementaci\u00f3n es factible en este n\u00facleo modificado. Por \u00faltimo, se realizan una serie de pruebas con dicha pol\u00edtica de gesti\u00f3n de colas y, a la luz de los resultados obtenidos, se comprueba que es eficaz frente a ataques DoS contra servidores, ya que mitiga sus efectos de forma considerable. Palabras<\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('312','tp_abstract')\">Cerrar<\/a><\/p><\/div><\/div><\/div><h3 class=\"tp_h3\" id=\"tp_h3_2008\">2008<\/h3><div class=\"tp_publication tp_publication_inproceedings\"><div class=\"tp_pub_info\"><p class=\"tp_pub_author\"> S\u00e1nchez, L.;  Garc\u00eda, P.;  D\u00edaz, J.;  Maci\u00e1, G.<\/p><p class=\"tp_pub_title\">Parametrizaci\u00f3n de anomal\u00edas en NIDS h\u00edbridos mediante etiquetado selectivo de contenidos <span class=\"tp_pub_type tp_  inproceedings\">Proceedings Article<\/span> <\/p><p class=\"tp_pub_additional\"><span class=\"tp_pub_additional_in\">En: <\/span><span class=\"tp_pub_additional_booktitle\">Actas de las VII Jornadas de Ingenier\u00eda Telem\u00e1tica (JITEL 2008), <\/span><span class=\"tp_pub_additional_pages\">pp. 49\u201356, <\/span><span class=\"tp_pub_additional_year\">2008<\/span>.<\/p><p class=\"tp_pub_menu\"><span class=\"tp_abstract_link\"><a id=\"tp_abstract_sh_322\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('322','tp_abstract')\" title=\"Mostrar resumen\" style=\"cursor:pointer;\">Resumen<\/a><\/span> | <span class=\"tp_bibtex_link\"><a id=\"tp_bibtex_sh_322\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('322','tp_bibtex')\" title=\"Mostrar entrada BibTeX \" style=\"cursor:pointer;\">BibTeX<\/a><\/span><\/p><div class=\"tp_bibtex\" id=\"tp_bibtex_322\" style=\"display:none;\"><div class=\"tp_bibtex_entry\"><pre>@inproceedings{Sanchez-jitel2008,<br \/>\r\ntitle = {Parametrizaci\u00f3n de anomal\u00edas en NIDS h\u00edbridos mediante etiquetado selectivo de contenidos},<br \/>\r\nauthor = {L. S\u00e1nchez and P. Garc\u00eda and J. D\u00edaz and G. Maci\u00e1},<br \/>\r\nyear  = {2008},<br \/>\r\ndate = {2008-01-01},<br \/>\r\nbooktitle = {Actas de las VII Jornadas de Ingenier\u00eda Telem\u00e1tica (JITEL 2008)},<br \/>\r\npages = {49--56},<br \/>\r\nabstract = {En este art\u00edculo se presenta un procedimiento para la generaci\u00f3n autom\u00e1tica de firmas en sistemas NIDS h\u00edbridos. Con objeto de llevar a cabo una realimentaci\u00f3n en bucle cer rado desde el m\u00f3dulo A-NIDS, basado en anomal\u00edas, al S-NIDS, basado en firmas, el tr\u00e1fico clasificado como an\u00f3malo ser\u00e1 analizado siguiendo un proceso estoc\u00e1stico. A resultas, se seleccionar\u00e1n aquellas partes espec\u00edficamente an\u00f3malas del tr\u00e1fico, de las cuales se derivar\u00e1 una firma a incluir en la base de datos de patrones del S-NIDS. Antes de proceder a su inclusi\u00f3n efectiva, y con objeto de optimizar el espacio de firmas considerado, cada nueva firma generada ser\u00e1 comparada, agrupada y suavizada, en su caso, con !\"#$% '%()(*$#+%, -$ existentes. Aunque de car\u00e1cter preliminar, la experimentaci\u00f3n llevada a cabo hasta el momento evidencia un comportamiento prometedor del sistema global propuesto por los autores.},<br \/>\r\nkeywords = {},<br \/>\r\npubstate = {published},<br \/>\r\ntppubtype = {inproceedings}<br \/>\r\n}<br \/>\r\n<\/pre><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('322','tp_bibtex')\">Cerrar<\/a><\/p><\/div><div class=\"tp_abstract\" id=\"tp_abstract_322\" style=\"display:none;\"><div class=\"tp_abstract_entry\">En este art\u00edculo se presenta un procedimiento para la generaci\u00f3n autom\u00e1tica de firmas en sistemas NIDS h\u00edbridos. Con objeto de llevar a cabo una realimentaci\u00f3n en bucle cer rado desde el m\u00f3dulo A-NIDS, basado en anomal\u00edas, al S-NIDS, basado en firmas, el tr\u00e1fico clasificado como an\u00f3malo ser\u00e1 analizado siguiendo un proceso estoc\u00e1stico. A resultas, se seleccionar\u00e1n aquellas partes espec\u00edficamente an\u00f3malas del tr\u00e1fico, de las cuales se derivar\u00e1 una firma a incluir en la base de datos de patrones del S-NIDS. Antes de proceder a su inclusi\u00f3n efectiva, y con objeto de optimizar el espacio de firmas considerado, cada nueva firma generada ser\u00e1 comparada, agrupada y suavizada, en su caso, con !\"#$% '%()(*$#+%, -$ existentes. Aunque de car\u00e1cter preliminar, la experimentaci\u00f3n llevada a cabo hasta el momento evidencia un comportamiento prometedor del sistema global propuesto por los autores.<\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('322','tp_abstract')\">Cerrar<\/a><\/p><\/div><\/div><\/div><div class=\"tp_publication tp_publication_inproceedings\"><div class=\"tp_pub_info\"><p class=\"tp_pub_author\"> Maci\u00e1-Fern\u00e1ndez, Gabriel;  D\u00edaz-Verdejo, Jes\u00fas E.;  Garc\u00eda-Teodoro, Pedro;  Toro-Negro, Francisco De<\/p><p class=\"tp_pub_title\"><a class=\"tp_title_link\" onclick=\"teachpress_pub_showhide('319','tp_links')\" style=\"cursor:pointer;\">LoRDAS: A low-rate DoS attack against application servers<\/a> <span class=\"tp_pub_type tp_  inproceedings\">Proceedings Article<\/span> <\/p><p class=\"tp_pub_additional\"><span class=\"tp_pub_additional_in\">En: <\/span><span class=\"tp_pub_additional_booktitle\">Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), <\/span><span class=\"tp_pub_additional_pages\">pp. 197\u2013209, <\/span><span class=\"tp_pub_additional_year\">2008<\/span>, <span class=\"tp_pub_additional_issn\">ISSN: 03029743<\/span>.<\/p><p class=\"tp_pub_menu\"><span class=\"tp_abstract_link\"><a id=\"tp_abstract_sh_319\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('319','tp_abstract')\" title=\"Mostrar resumen\" style=\"cursor:pointer;\">Resumen<\/a><\/span> | <span class=\"tp_resource_link\"><a id=\"tp_links_sh_319\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('319','tp_links')\" title=\"Mostrar enlaces y recursos\" style=\"cursor:pointer;\">Enlaces<\/a><\/span> | <span class=\"tp_bibtex_link\"><a id=\"tp_bibtex_sh_319\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('319','tp_bibtex')\" title=\"Mostrar entrada BibTeX \" style=\"cursor:pointer;\">BibTeX<\/a><\/span><\/p><div class=\"tp_bibtex\" id=\"tp_bibtex_319\" style=\"display:none;\"><div class=\"tp_bibtex_entry\"><pre>@inproceedings{Macia-Fernandez2008a,<br \/>\r\ntitle = {LoRDAS: A low-rate DoS attack against application servers},<br \/>\r\nauthor = {Gabriel Maci\u00e1-Fern\u00e1ndez and Jes\u00fas E. D\u00edaz-Verdejo and Pedro Garc\u00eda-Teodoro and Francisco De Toro-Negro},<br \/>\r\ndoi = {10.1007\/978-3-540-89173-4_17},<br \/>\r\nissn = {03029743},<br \/>\r\nyear  = {2008},<br \/>\r\ndate = {2008-01-01},<br \/>\r\nbooktitle = {Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)},<br \/>\r\nvolume = {5141 LNCS},<br \/>\r\npages = {197--209},<br \/>\r\nabstract = {In a communication network, there always exist some specific servers that should be considered a critical infrastructure to be protected, specially due to the nature of the services that they provide. In this paper, a low-rate denial of service attack against application servers is presented. The attack gets advantage of known timing mechanisms in the server behaviour to wisely strike ON\/OFF attack waveforms that cause denial of service, while the traffic rate sent to the server is controlled, thus allowing to bypass defense mechanisms that rely on the detection of high rate traffics. First, we determine the conditions that a server should present to be considered a potential victim of this attack. As an example, the persistent HTTP server case is presented, being the procedure for striking the attack against it described. Moreover, the efficiency achieved by the attack is evaluated in both simulated and real environments, and its behaviour studied according to the variations on the configuration parameters. The aim of this work is to denounce the feasibility of such attacks in order to motivate the development of defense mechanisms. textcopyright 2008 Springer-Verlag.},<br \/>\r\nkeywords = {},<br \/>\r\npubstate = {published},<br \/>\r\ntppubtype = {inproceedings}<br \/>\r\n}<br \/>\r\n<\/pre><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('319','tp_bibtex')\">Cerrar<\/a><\/p><\/div><div class=\"tp_abstract\" id=\"tp_abstract_319\" style=\"display:none;\"><div class=\"tp_abstract_entry\">In a communication network, there always exist some specific servers that should be considered a critical infrastructure to be protected, specially due to the nature of the services that they provide. In this paper, a low-rate denial of service attack against application servers is presented. The attack gets advantage of known timing mechanisms in the server behaviour to wisely strike ON\/OFF attack waveforms that cause denial of service, while the traffic rate sent to the server is controlled, thus allowing to bypass defense mechanisms that rely on the detection of high rate traffics. First, we determine the conditions that a server should present to be considered a potential victim of this attack. As an example, the persistent HTTP server case is presented, being the procedure for striking the attack against it described. Moreover, the efficiency achieved by the attack is evaluated in both simulated and real environments, and its behaviour studied according to the variations on the configuration parameters. The aim of this work is to denounce the feasibility of such attacks in order to motivate the development of defense mechanisms. textcopyright 2008 Springer-Verlag.<\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('319','tp_abstract')\">Cerrar<\/a><\/p><\/div><div class=\"tp_links\" id=\"tp_links_319\" style=\"display:none;\"><div class=\"tp_links_entry\"><ul class=\"tp_pub_list\"><li><i class=\"ai ai-doi\"><\/i><a class=\"tp_pub_list\" href=\"https:\/\/dx.doi.org\/10.1007\/978-3-540-89173-4_17\" title=\"DOI de seguimiento:10.1007\/978-3-540-89173-4_17\" target=\"_blank\">doi:10.1007\/978-3-540-89173-4_17<\/a><\/li><\/ul><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('319','tp_links')\">Cerrar<\/a><\/p><\/div><\/div><\/div><h3 class=\"tp_h3\" id=\"tp_h3_2007\">2007<\/h3><div class=\"tp_publication tp_publication_inproceedings\"><div class=\"tp_pub_info\"><p class=\"tp_pub_author\"> Garc\u00eda-Teodoro, Pedro;  D\u00edaz-Verdejo, Jes\u00fas E.;  Maci\u00e1-Fern\u00e1ndez, Gabriel;  Toro-Negro, Francisco J.;  Antas-Vilanova, Carlos<\/p><p class=\"tp_pub_title\">Detecci\u00f3n H\u00edbrida de Intrusiones en Red y Esquemas de Respuesta Activa <span class=\"tp_pub_type tp_  inproceedings\">Proceedings Article<\/span> <\/p><p class=\"tp_pub_additional\"><span class=\"tp_pub_additional_in\">En: <\/span><span class=\"tp_pub_additional_booktitle\">Actas de las VI Jornadas de Ingenier\u00eda Telem\u00e1tica (JITEL '07), <\/span><span class=\"tp_pub_additional_pages\">pp. 609\u2013612, <\/span><span class=\"tp_pub_additional_year\">2007<\/span>.<\/p><p class=\"tp_pub_menu\"><span class=\"tp_abstract_link\"><a id=\"tp_abstract_sh_331\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('331','tp_abstract')\" title=\"Mostrar resumen\" style=\"cursor:pointer;\">Resumen<\/a><\/span> | <span class=\"tp_bibtex_link\"><a id=\"tp_bibtex_sh_331\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('331','tp_bibtex')\" title=\"Mostrar entrada BibTeX \" style=\"cursor:pointer;\">BibTeX<\/a><\/span><\/p><div class=\"tp_bibtex\" id=\"tp_bibtex_331\" style=\"display:none;\"><div class=\"tp_bibtex_entry\"><pre>@inproceedings{Garcia-jitel2007,<br \/>\r\ntitle = {Detecci\u00f3n H\u00edbrida de Intrusiones en Red y Esquemas de Respuesta Activa},<br \/>\r\nauthor = {Pedro Garc\u00eda-Teodoro and Jes\u00fas E. D\u00edaz-Verdejo and Gabriel Maci\u00e1-Fern\u00e1ndez and Francisco J. Toro-Negro and Carlos Antas-Vilanova},<br \/>\r\nyear  = {2007},<br \/>\r\ndate = {2007-01-01},<br \/>\r\nbooktitle = {Actas de las VI Jornadas de Ingenier\u00eda Telem\u00e1tica (JITEL '07)},<br \/>\r\npages = {609--612},<br \/>\r\nabstract = {This paper presents some proposals and contributions in network-based intrusion-related technologies. Two key points are discussed in this line: hybrid-based intrusion detection, and active response mechanisms. Both of the apsects, detection and response, will be studied as particular functional modules within a single intrusion platform.},<br \/>\r\nkeywords = {},<br \/>\r\npubstate = {published},<br \/>\r\ntppubtype = {inproceedings}<br \/>\r\n}<br \/>\r\n<\/pre><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('331','tp_bibtex')\">Cerrar<\/a><\/p><\/div><div class=\"tp_abstract\" id=\"tp_abstract_331\" style=\"display:none;\"><div class=\"tp_abstract_entry\">This paper presents some proposals and contributions in network-based intrusion-related technologies. Two key points are discussed in this line: hybrid-based intrusion detection, and active response mechanisms. Both of the apsects, detection and response, will be studied as particular functional modules within a single intrusion platform.<\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('331','tp_abstract')\">Cerrar<\/a><\/p><\/div><\/div><\/div><div class=\"tp_publication tp_publication_inproceedings\"><div class=\"tp_pub_info\"><p class=\"tp_pub_author\"> Toro, F. De;  Garc\u00eda-Teodoro, P.;  D\u00edaz-Verdejo, J. E.;  Maci\u00e1-Fern\u00e1ndez, G.<\/p><p class=\"tp_pub_title\">Computaci\u00f3n evolutiva para selecci\u00f3n pesada de caracter\u00edsticas en sistemas de detecci\u00f3n de intrusiones <span class=\"tp_pub_type tp_  inproceedings\">Proceedings Article<\/span> <\/p><p class=\"tp_pub_additional\"><span class=\"tp_pub_additional_in\">En: <\/span><span class=\"tp_pub_additional_booktitle\">Actas del II Simposio sobre Seguridad inform\u00e1tica (SSI'07), <\/span><span class=\"tp_pub_additional_pages\">pp. 95\u2013101, <\/span><span class=\"tp_pub_additional_year\">2007<\/span>, <span class=\"tp_pub_additional_isbn\">ISBN: 9788497326070<\/span>.<\/p><p class=\"tp_pub_menu\"><span class=\"tp_abstract_link\"><a id=\"tp_abstract_sh_324\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('324','tp_abstract')\" title=\"Mostrar resumen\" style=\"cursor:pointer;\">Resumen<\/a><\/span> | <span class=\"tp_bibtex_link\"><a id=\"tp_bibtex_sh_324\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('324','tp_bibtex')\" title=\"Mostrar entrada BibTeX \" style=\"cursor:pointer;\">BibTeX<\/a><\/span><\/p><div class=\"tp_bibtex\" id=\"tp_bibtex_324\" style=\"display:none;\"><div class=\"tp_bibtex_entry\"><pre>@inproceedings{Toro2007,<br \/>\r\ntitle = {Computaci\u00f3n evolutiva para selecci\u00f3n pesada de caracter\u00edsticas en sistemas de detecci\u00f3n de intrusiones},<br \/>\r\nauthor = {F. De Toro and P. Garc\u00eda-Teodoro and J. E. D\u00edaz-Verdejo and G. Maci\u00e1-Fern\u00e1ndez},<br \/>\r\nisbn = {9788497326070},<br \/>\r\nyear  = {2007},<br \/>\r\ndate = {2007-01-01},<br \/>\r\nbooktitle = {Actas del II Simposio sobre Seguridad inform\u00e1tica (SSI'07)},<br \/>\r\npages = {95--101},<br \/>\r\nabstract = {El presente trabajo aborda el uso de un algoritmo evolutivo con hacinamiento determinista para la selecci\u00f3n pesada de caracter\u00edsticas en un clasificador binario de k vecinas en el contexto del dise\u00f1o optimizado de sistemas de detecci\u00f3n de intrusiones basados en anomal\u00edas. La incorporaci\u00f3n de una t\u00e9cnica de mantenimiento de diversidad (hacinamiento determinista) en el dise\u00f1o del algoritmo evolutivo tiene como objeto potenciar la obtenci\u00f3n de diferentes soluciones de optimizaci\u00f3n (subconjuntos de caracter\u00edsticas), de manera que se flexibilice en lo posible la elecci\u00f3n de las caracter\u00edsticas a utilizar. El sistema se ha evaluado preliminarmente en una aplicaci\u00f3n de detecci\u00f3n de ataques de denegaci\u00f3n de servicio.},<br \/>\r\nkeywords = {},<br \/>\r\npubstate = {published},<br \/>\r\ntppubtype = {inproceedings}<br \/>\r\n}<br \/>\r\n<\/pre><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('324','tp_bibtex')\">Cerrar<\/a><\/p><\/div><div class=\"tp_abstract\" id=\"tp_abstract_324\" style=\"display:none;\"><div class=\"tp_abstract_entry\">El presente trabajo aborda el uso de un algoritmo evolutivo con hacinamiento determinista para la selecci\u00f3n pesada de caracter\u00edsticas en un clasificador binario de k vecinas en el contexto del dise\u00f1o optimizado de sistemas de detecci\u00f3n de intrusiones basados en anomal\u00edas. La incorporaci\u00f3n de una t\u00e9cnica de mantenimiento de diversidad (hacinamiento determinista) en el dise\u00f1o del algoritmo evolutivo tiene como objeto potenciar la obtenci\u00f3n de diferentes soluciones de optimizaci\u00f3n (subconjuntos de caracter\u00edsticas), de manera que se flexibilice en lo posible la elecci\u00f3n de las caracter\u00edsticas a utilizar. El sistema se ha evaluado preliminarmente en una aplicaci\u00f3n de detecci\u00f3n de ataques de denegaci\u00f3n de servicio.<\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('324','tp_abstract')\">Cerrar<\/a><\/p><\/div><\/div><\/div><div class=\"tp_publication tp_publication_inproceedings\"><div class=\"tp_pub_info\"><p class=\"tp_pub_author\"> Maci\u00e1-Fern\u00e1ndez, G.;  D\u00edaz-Verdejo, J. E.;  Garc\u00eda-Teodoro, P.;  L\u00f3pez-Soler, J. M.;  Mu\u00f1oz, J. J. Ramos;  Negro, F. De Toro;  Guti\u00e9rrez, P. Ameigeiras;  Ortiz, J. Navarro<\/p><p class=\"tp_pub_title\">Dise\u00f1o e Implantaci\u00f3n de un Laboratorio para la Docencia de Redes Telem\u00e1ticas <span class=\"tp_pub_type tp_  inproceedings\">Proceedings Article<\/span> <\/p><p class=\"tp_pub_additional\"><span class=\"tp_pub_additional_in\">En: <\/span><span class=\"tp_pub_additional_booktitle\">Actas de las VI Jornadas de Ingenier\u00eda Telem\u00e1tica (JITEL '07), <\/span><span class=\"tp_pub_additional_pages\">pp. 593\u2013596, <\/span><span class=\"tp_pub_additional_year\">2007<\/span>.<\/p><p class=\"tp_pub_menu\"><span class=\"tp_abstract_link\"><a id=\"tp_abstract_sh_327\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('327','tp_abstract')\" title=\"Mostrar resumen\" style=\"cursor:pointer;\">Resumen<\/a><\/span> | <span class=\"tp_bibtex_link\"><a id=\"tp_bibtex_sh_327\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('327','tp_bibtex')\" title=\"Mostrar entrada BibTeX \" style=\"cursor:pointer;\">BibTeX<\/a><\/span><\/p><div class=\"tp_bibtex\" id=\"tp_bibtex_327\" style=\"display:none;\"><div class=\"tp_bibtex_entry\"><pre>@inproceedings{Macia-jitel2007,<br \/>\r\ntitle = {Dise\u00f1o e Implantaci\u00f3n de un Laboratorio para la Docencia de Redes Telem\u00e1ticas},<br \/>\r\nauthor = {G. Maci\u00e1-Fern\u00e1ndez and J. E. D\u00edaz-Verdejo and P. Garc\u00eda-Teodoro and J. M. L\u00f3pez-Soler and J. J. Ramos Mu\u00f1oz and F. De Toro Negro and P. Ameigeiras Guti\u00e9rrez and J. Navarro Ortiz},<br \/>\r\nyear  = {2007},<br \/>\r\ndate = {2007-01-01},<br \/>\r\nbooktitle = {Actas de las VI Jornadas de Ingenier\u00eda Telem\u00e1tica (JITEL '07)},<br \/>\r\npages = {593--596},<br \/>\r\nabstract = {The current paper presents the design of a laboratory targeted for educational purposes in telematic networks and technologies. The laboratory has been designed to offer a wide range of teaching possibilities in the disciplines of Wide Area Networks, Local Area Networks, switching and access technologies. It allows practical training in fields such as ATM, X.25, Frame Relay, LAN interconnection, network monitoring, WLAN, ISDN and telephony technologies. The design has been based on several criteria relevant for educational purposes. The result is a laboratory well suited to cover the aspects related to teaching telematics in a telecommunications engineering degree.},<br \/>\r\nkeywords = {},<br \/>\r\npubstate = {published},<br \/>\r\ntppubtype = {inproceedings}<br \/>\r\n}<br \/>\r\n<\/pre><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('327','tp_bibtex')\">Cerrar<\/a><\/p><\/div><div class=\"tp_abstract\" id=\"tp_abstract_327\" style=\"display:none;\"><div class=\"tp_abstract_entry\">The current paper presents the design of a laboratory targeted for educational purposes in telematic networks and technologies. The laboratory has been designed to offer a wide range of teaching possibilities in the disciplines of Wide Area Networks, Local Area Networks, switching and access technologies. It allows practical training in fields such as ATM, X.25, Frame Relay, LAN interconnection, network monitoring, WLAN, ISDN and telephony technologies. The design has been based on several criteria relevant for educational purposes. The result is a laboratory well suited to cover the aspects related to teaching telematics in a telecommunications engineering degree.<\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('327','tp_abstract')\">Cerrar<\/a><\/p><\/div><\/div><\/div><div class=\"tp_publication tp_publication_inproceedings\"><div class=\"tp_pub_info\"><p class=\"tp_pub_author\"> D\u00edaz-Verdejo, J. E.;  Garc\u00eda-Teodoro, P.;  Mu\u00f1oz, P.;  Maci\u00e1-Fern\u00e1ndez, G.;  Toro, F. De<\/p><p class=\"tp_pub_title\">Una aproximaci\u00f3n basada en Snort para el desarrollo e implantaci\u00f3n de IDS h\u00edbridos <span class=\"tp_pub_type tp_  inproceedings\">Proceedings Article<\/span> <\/p><p class=\"tp_pub_additional\"><span class=\"tp_pub_additional_in\">En: <\/span><span class=\"tp_pub_additional_booktitle\">Actas de las VI Jornadas de Ingenier\u00eda Telem\u00e1tica (JITEL '07), <\/span><span class=\"tp_pub_additional_pages\">pp. 151\u2013158, <\/span><span class=\"tp_pub_additional_year\">2007<\/span>.<\/p><p class=\"tp_pub_menu\"><span class=\"tp_abstract_link\"><a id=\"tp_abstract_sh_330\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('330','tp_abstract')\" title=\"Mostrar resumen\" style=\"cursor:pointer;\">Resumen<\/a><\/span> | <span class=\"tp_bibtex_link\"><a id=\"tp_bibtex_sh_330\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('330','tp_bibtex')\" title=\"Mostrar entrada BibTeX \" style=\"cursor:pointer;\">BibTeX<\/a><\/span><\/p><div class=\"tp_bibtex\" id=\"tp_bibtex_330\" style=\"display:none;\"><div class=\"tp_bibtex_entry\"><pre>@inproceedings{Diaz-jitel2007,<br \/>\r\ntitle = {Una aproximaci\u00f3n basada en Snort para el desarrollo e implantaci\u00f3n de IDS h\u00edbridos},<br \/>\r\nauthor = {J. E. D\u00edaz-Verdejo and P. Garc\u00eda-Teodoro and P. Mu\u00f1oz and G. Maci\u00e1-Fern\u00e1ndez and F. De Toro},<br \/>\r\nyear  = {2007},<br \/>\r\ndate = {2007-01-01},<br \/>\r\nbooktitle = {Actas de las VI Jornadas de Ingenier\u00eda Telem\u00e1tica (JITEL '07)},<br \/>\r\npages = {151--158},<br \/>\r\nabstract = {Apart from the modeling techniques, the development and deployment ofanomaly- based intrusion detection systems still faces two main problems. The ?rst one is related to the acquisition and handling of real tra?c to be used for training purposes. The second one concerns the better performance of signature-based IDS for known attacks. In this paper the authors propose the use of a modi?ed version of Snort which results in a hybrid detec- tor\/classi?er. This version can be used both during the training phase of the anomaly-based system and as a deployed hybrid detector and tra?c sni?er. Furthermore, it can be adjusted to work just as signature-based, anomaly-based or both (hybrid) detector. On the other hand, this version can be used to directly sni?, classify and split the network tra?c according to its malicious nature, which eases the problems related to the acquisition and handling of training tra?c.},<br \/>\r\nkeywords = {},<br \/>\r\npubstate = {published},<br \/>\r\ntppubtype = {inproceedings}<br \/>\r\n}<br \/>\r\n<\/pre><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('330','tp_bibtex')\">Cerrar<\/a><\/p><\/div><div class=\"tp_abstract\" id=\"tp_abstract_330\" style=\"display:none;\"><div class=\"tp_abstract_entry\">Apart from the modeling techniques, the development and deployment ofanomaly- based intrusion detection systems still faces two main problems. The ?rst one is related to the acquisition and handling of real tra?c to be used for training purposes. The second one concerns the better performance of signature-based IDS for known attacks. In this paper the authors propose the use of a modi?ed version of Snort which results in a hybrid detec- tor\/classi?er. This version can be used both during the training phase of the anomaly-based system and as a deployed hybrid detector and tra?c sni?er. Furthermore, it can be adjusted to work just as signature-based, anomaly-based or both (hybrid) detector. On the other hand, this version can be used to directly sni?, classify and split the network tra?c according to its malicious nature, which eases the problems related to the acquisition and handling of training tra?c.<\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('330','tp_abstract')\">Cerrar<\/a><\/p><\/div><\/div><\/div><div class=\"tp_publication tp_publication_inproceedings\"><div class=\"tp_pub_info\"><p class=\"tp_pub_author\"> Toro-Negro, Francisco De;  Garc\u00eda-Teodoro, Pedro;  D\u00edaz-Verdejo, Jes\u00fas E.;  Maci\u00e1-Fern\u00e1ndez, Gabriel<\/p><p class=\"tp_pub_title\">Networking analysis for signature-based intrusion detection system methodologies <span class=\"tp_pub_type tp_  inproceedings\">Proceedings Article<\/span> <\/p><p class=\"tp_pub_additional\"><span class=\"tp_pub_additional_in\">En: <\/span><span class=\"tp_pub_additional_booktitle\">IADIS International Conference Applied Computing 2007 469, <\/span><span class=\"tp_pub_additional_pages\">pp. 469\u2013473, <\/span><span class=\"tp_pub_additional_year\">2007<\/span>, <span class=\"tp_pub_additional_isbn\">ISBN: 9789728924300<\/span>.<\/p><p class=\"tp_pub_menu\"><span class=\"tp_abstract_link\"><a id=\"tp_abstract_sh_332\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('332','tp_abstract')\" title=\"Mostrar resumen\" style=\"cursor:pointer;\">Resumen<\/a><\/span> | <span class=\"tp_bibtex_link\"><a id=\"tp_bibtex_sh_332\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('332','tp_bibtex')\" title=\"Mostrar entrada BibTeX \" style=\"cursor:pointer;\">BibTeX<\/a><\/span><\/p><div class=\"tp_bibtex\" id=\"tp_bibtex_332\" style=\"display:none;\"><div class=\"tp_bibtex_entry\"><pre>@inproceedings{DeToro-2007,<br \/>\r\ntitle = {Networking analysis for signature-based intrusion detection system methodologies},<br \/>\r\nauthor = {Francisco De Toro-Negro and Pedro Garc\u00eda-Teodoro and Jes\u00fas E. D\u00edaz-Verdejo and Gabriel Maci\u00e1-Fern\u00e1ndez},<br \/>\r\nisbn = {9789728924300},<br \/>\r\nyear  = {2007},<br \/>\r\ndate = {2007-01-01},<br \/>\r\nbooktitle = {IADIS International Conference Applied Computing 2007 469},<br \/>\r\npages = {469--473},<br \/>\r\nabstract = {This paper addresses the use of an evolutionary algorithm for the optimization of a K-nearest neighbour classifier to be considered in a misuse network based intrusion detection system. The process of optimization allows obtaining information about the features leading to a high accuracy of the classifier. The methodology has been preliminary tested on a Denial of Service attack detection application.},<br \/>\r\nkeywords = {},<br \/>\r\npubstate = {published},<br \/>\r\ntppubtype = {inproceedings}<br \/>\r\n}<br \/>\r\n<\/pre><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('332','tp_bibtex')\">Cerrar<\/a><\/p><\/div><div class=\"tp_abstract\" id=\"tp_abstract_332\" style=\"display:none;\"><div class=\"tp_abstract_entry\">This paper addresses the use of an evolutionary algorithm for the optimization of a K-nearest neighbour classifier to be considered in a misuse network based intrusion detection system. The process of optimization allows obtaining information about the features leading to a high accuracy of the classifier. The methodology has been preliminary tested on a Denial of Service attack detection application.<\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('332','tp_abstract')\">Cerrar<\/a><\/p><\/div><\/div><\/div><div class=\"tp_publication tp_publication_inproceedings\"><div class=\"tp_pub_info\"><p class=\"tp_pub_author\"> Delgado, A.;  Estepa, A.;  Estepa, R.<\/p><p class=\"tp_pub_title\"><a class=\"tp_title_link\" onclick=\"teachpress_pub_showhide('457','tp_links')\" style=\"cursor:pointer;\">WAINE;Automatic generator of web based applications<\/a> <span class=\"tp_pub_type tp_  inproceedings\">Proceedings Article<\/span> <\/p><p class=\"tp_pub_additional\"><span class=\"tp_pub_additional_in\">En: <\/span><span class=\"tp_pub_additional_pages\">pp. 226-233, <\/span><span class=\"tp_pub_additional_year\">2007<\/span><span class=\"tp_pub_additional_note\">, (cited By 3)<\/span>.<\/p><p class=\"tp_pub_menu\"><span class=\"tp_abstract_link\"><a id=\"tp_abstract_sh_457\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('457','tp_abstract')\" title=\"Mostrar resumen\" style=\"cursor:pointer;\">Resumen<\/a><\/span> | <span class=\"tp_resource_link\"><a id=\"tp_links_sh_457\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('457','tp_links')\" title=\"Mostrar enlaces y recursos\" style=\"cursor:pointer;\">Enlaces<\/a><\/span> | <span class=\"tp_bibtex_link\"><a id=\"tp_bibtex_sh_457\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('457','tp_bibtex')\" title=\"Mostrar entrada BibTeX \" style=\"cursor:pointer;\">BibTeX<\/a><\/span><\/p><div class=\"tp_bibtex\" id=\"tp_bibtex_457\" style=\"display:none;\"><div class=\"tp_bibtex_entry\"><pre>@inproceedings{Delgado2007226,<br \/>\r\ntitle = {WAINE;Automatic generator of web based applications},<br \/>\r\nauthor = {A. Delgado and A. Estepa and R. Estepa},<br \/>\r\nurl = {https:\/\/www.scopus.com\/inward\/record.uri?eid=2-s2.0-67650003983&partnerID=40&md5=840a43ba9b363abc3baa6a441bf1281e},<br \/>\r\nyear  = {2007},<br \/>\r\ndate = {2007-01-01},<br \/>\r\njournal = {Webist 2007 - 3rd International Conference on Web Information Systems and Technologies, Proceedings},<br \/>\r\nvolume = {WIA},<br \/>\r\npages = {226-233},<br \/>\r\nabstract = {This paper presents WAINE (Web Application & INterface Engine), a system for quick web application development based on a novel architecture which provide multiple benefits like: zero programming, integrated security, high re-usability and many degrees of independence. The architecture is well suited for development of multi-user applications and is based on an abstract model which captures all the elements of a typical application. The sample applications developed validate the advantages of the proposed architecture.},<br \/>\r\nnote = {cited By 3},<br \/>\r\nkeywords = {},<br \/>\r\npubstate = {published},<br \/>\r\ntppubtype = {inproceedings}<br \/>\r\n}<br \/>\r\n<\/pre><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('457','tp_bibtex')\">Cerrar<\/a><\/p><\/div><div class=\"tp_abstract\" id=\"tp_abstract_457\" style=\"display:none;\"><div class=\"tp_abstract_entry\">This paper presents WAINE (Web Application &amp; INterface Engine), a system for quick web application development based on a novel architecture which provide multiple benefits like: zero programming, integrated security, high re-usability and many degrees of independence. The architecture is well suited for development of multi-user applications and is based on an abstract model which captures all the elements of a typical application. The sample applications developed validate the advantages of the proposed architecture.<\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('457','tp_abstract')\">Cerrar<\/a><\/p><\/div><div class=\"tp_links\" id=\"tp_links_457\" style=\"display:none;\"><div class=\"tp_links_entry\"><ul class=\"tp_pub_list\"><li><i class=\"fas fa-globe\"><\/i><a class=\"tp_pub_list\" href=\"https:\/\/www.scopus.com\/inward\/record.uri?eid=2-s2.0-67650003983&amp;partnerID=40&amp;md5=840a43ba9b363abc3baa6a441bf1281e\" title=\"https:\/\/www.scopus.com\/inward\/record.uri?eid=2-s2.0-67650003983&amp;partnerID=40[...]\" target=\"_blank\">https:\/\/www.scopus.com\/inward\/record.uri?eid=2-s2.0-67650003983&amp;partnerID=40[...]<\/a><\/li><\/ul><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('457','tp_links')\">Cerrar<\/a><\/p><\/div><\/div><\/div><h3 class=\"tp_h3\" id=\"tp_h3_2006\">2006<\/h3><div class=\"tp_publication tp_publication_inproceedings\"><div class=\"tp_pub_info\"><p class=\"tp_pub_author\"> Maci\u00e1-Fern\u00e1ndez, Gabriel;  D\u00edaz-Verdejo, Jes\u00fas E.;  Garc\u00eda-Teodoro, Pedro<\/p><p class=\"tp_pub_title\"><a class=\"tp_title_link\" onclick=\"teachpress_pub_showhide('336','tp_links')\" style=\"cursor:pointer;\">On the design of alow-rate dos attack against iterative servers<\/a> <span class=\"tp_pub_type tp_  inproceedings\">Proceedings Article<\/span> <\/p><p class=\"tp_pub_additional\"><span class=\"tp_pub_additional_in\">En: <\/span><span class=\"tp_pub_additional_booktitle\">SECRYPT 2006 - International Conference on Security and Cryptography, Proceedings, <\/span><span class=\"tp_pub_additional_pages\">pp. 149\u2013156, <\/span><span class=\"tp_pub_additional_year\">2006<\/span>, <span class=\"tp_pub_additional_isbn\">ISBN: 9728865635<\/span>.<\/p><p class=\"tp_pub_menu\"><span class=\"tp_abstract_link\"><a id=\"tp_abstract_sh_336\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('336','tp_abstract')\" title=\"Mostrar resumen\" style=\"cursor:pointer;\">Resumen<\/a><\/span> | <span class=\"tp_resource_link\"><a id=\"tp_links_sh_336\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('336','tp_links')\" title=\"Mostrar enlaces y recursos\" style=\"cursor:pointer;\">Enlaces<\/a><\/span> | <span class=\"tp_bibtex_link\"><a id=\"tp_bibtex_sh_336\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('336','tp_bibtex')\" title=\"Mostrar entrada BibTeX \" style=\"cursor:pointer;\">BibTeX<\/a><\/span><\/p><div class=\"tp_bibtex\" id=\"tp_bibtex_336\" style=\"display:none;\"><div class=\"tp_bibtex_entry\"><pre>@inproceedings{Macia-Fernandez2006a,<br \/>\r\ntitle = {On the design of alow-rate dos attack against iterative servers},<br \/>\r\nauthor = {Gabriel Maci\u00e1-Fern\u00e1ndez and Jes\u00fas E. D\u00edaz-Verdejo and Pedro Garc\u00eda-Teodoro},<br \/>\r\ndoi = {10.5220\/0002103301490156},<br \/>\r\nisbn = {9728865635},<br \/>\r\nyear  = {2006},<br \/>\r\ndate = {2006-01-01},<br \/>\r\nbooktitle = {SECRYPT 2006 - International Conference on Security and Cryptography, Proceedings},<br \/>\r\npages = {149--156},<br \/>\r\nabstract = {Recent research exposes the vulnerability of current networked applications to a family of low-rate DoS attacks based on timing mechanisms. A kind of those attacks is targeted against iterative servers and employs an ON\/OFF scheme to send attack packets during the chosen critical periods. The overall behaviour of the attack is well known and its effectiveness has been demonstrated in previous works. Nevertheless, it is possible to achieve a trade off between the performance of the attack and its detectability. This can be done by tuning some parameters of the attack waveform according to the needs of the attacker and the deployed detection mechanisms. In this paper, a mathematical model for the relationship among those parameters and their impact in the performance of the attack is evaluated. The main goal of the model is to provide a better understanding of the dynamics of the attack, which is explored through simulation. The results obtained point out the model as accurate, thus providing a framework feasible to be used to tune the attack. textcopyright 2010.},<br \/>\r\nkeywords = {},<br \/>\r\npubstate = {published},<br \/>\r\ntppubtype = {inproceedings}<br \/>\r\n}<br \/>\r\n<\/pre><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('336','tp_bibtex')\">Cerrar<\/a><\/p><\/div><div class=\"tp_abstract\" id=\"tp_abstract_336\" style=\"display:none;\"><div class=\"tp_abstract_entry\">Recent research exposes the vulnerability of current networked applications to a family of low-rate DoS attacks based on timing mechanisms. A kind of those attacks is targeted against iterative servers and employs an ON\/OFF scheme to send attack packets during the chosen critical periods. The overall behaviour of the attack is well known and its effectiveness has been demonstrated in previous works. Nevertheless, it is possible to achieve a trade off between the performance of the attack and its detectability. This can be done by tuning some parameters of the attack waveform according to the needs of the attacker and the deployed detection mechanisms. In this paper, a mathematical model for the relationship among those parameters and their impact in the performance of the attack is evaluated. The main goal of the model is to provide a better understanding of the dynamics of the attack, which is explored through simulation. The results obtained point out the model as accurate, thus providing a framework feasible to be used to tune the attack. textcopyright 2010.<\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('336','tp_abstract')\">Cerrar<\/a><\/p><\/div><div class=\"tp_links\" id=\"tp_links_336\" style=\"display:none;\"><div class=\"tp_links_entry\"><ul class=\"tp_pub_list\"><li><i class=\"ai ai-doi\"><\/i><a class=\"tp_pub_list\" href=\"https:\/\/dx.doi.org\/10.5220\/0002103301490156\" title=\"DOI de seguimiento:10.5220\/0002103301490156\" target=\"_blank\">doi:10.5220\/0002103301490156<\/a><\/li><\/ul><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('336','tp_links')\">Cerrar<\/a><\/p><\/div><\/div><\/div><div class=\"tp_publication tp_publication_inproceedings\"><div class=\"tp_pub_info\"><p class=\"tp_pub_author\"> Maci\u00e1-Fern\u00e1ndez, Gabriel;  D\u00edaz-Verdejo, Jes\u00fas E.;  Garc\u00eda-Teodoro, Pedro<\/p><p class=\"tp_pub_title\"><a class=\"tp_title_link\" onclick=\"teachpress_pub_showhide('340','tp_links')\" style=\"cursor:pointer;\">Mathematical foundations for the design of a low-rate dos attack to iterative servers<\/a> <span class=\"tp_pub_type tp_  inproceedings\">Proceedings Article<\/span> <\/p><p class=\"tp_pub_additional\"><span class=\"tp_pub_additional_in\">En: <\/span><span class=\"tp_pub_additional_booktitle\">Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), <\/span><span class=\"tp_pub_additional_pages\">pp. 282\u2013291, <\/span><span class=\"tp_pub_additional_year\">2006<\/span>, <span class=\"tp_pub_additional_issn\">ISSN: 16113349<\/span>.<\/p><p class=\"tp_pub_menu\"><span class=\"tp_abstract_link\"><a id=\"tp_abstract_sh_340\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('340','tp_abstract')\" title=\"Mostrar resumen\" style=\"cursor:pointer;\">Resumen<\/a><\/span> | <span class=\"tp_resource_link\"><a id=\"tp_links_sh_340\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('340','tp_links')\" title=\"Mostrar enlaces y recursos\" style=\"cursor:pointer;\">Enlaces<\/a><\/span> | <span class=\"tp_bibtex_link\"><a id=\"tp_bibtex_sh_340\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('340','tp_bibtex')\" title=\"Mostrar entrada BibTeX \" style=\"cursor:pointer;\">BibTeX<\/a><\/span><\/p><div class=\"tp_bibtex\" id=\"tp_bibtex_340\" style=\"display:none;\"><div class=\"tp_bibtex_entry\"><pre>@inproceedings{Macia-Fernandez2006,<br \/>\r\ntitle = {Mathematical foundations for the design of a low-rate dos attack to iterative servers},<br \/>\r\nauthor = {Gabriel Maci\u00e1-Fern\u00e1ndez and Jes\u00fas E. D\u00edaz-Verdejo and Pedro Garc\u00eda-Teodoro},<br \/>\r\ndoi = {10.1007\/11935308_20},<br \/>\r\nissn = {16113349},<br \/>\r\nyear  = {2006},<br \/>\r\ndate = {2006-01-01},<br \/>\r\nbooktitle = {Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)},<br \/>\r\nvolume = {4307 LNCS},<br \/>\r\npages = {282--291},<br \/>\r\nabstract = {A low-rate DoS attack to iterative servers has recently appeared as a new approach for defeating services using rates of traffic that could be adjusted to bypass security detection mechanisms. Although the fundamentals and effectiveness of these kind of attacks are known, it is not clear how to design the attack to achieve specific constraints based on the used rate and the efficiency in denial of service obtained. In this paper1, a comprehensive mathematical framework that models the behaviour of the attack is presented. The main contribution of this model is to give a better understanding of the dynamics of these kind of attacks, in order to facilitate the development of detection and defense mechanisms.},<br \/>\r\nkeywords = {},<br \/>\r\npubstate = {published},<br \/>\r\ntppubtype = {inproceedings}<br \/>\r\n}<br \/>\r\n<\/pre><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('340','tp_bibtex')\">Cerrar<\/a><\/p><\/div><div class=\"tp_abstract\" id=\"tp_abstract_340\" style=\"display:none;\"><div class=\"tp_abstract_entry\">A low-rate DoS attack to iterative servers has recently appeared as a new approach for defeating services using rates of traffic that could be adjusted to bypass security detection mechanisms. Although the fundamentals and effectiveness of these kind of attacks are known, it is not clear how to design the attack to achieve specific constraints based on the used rate and the efficiency in denial of service obtained. In this paper1, a comprehensive mathematical framework that models the behaviour of the attack is presented. The main contribution of this model is to give a better understanding of the dynamics of these kind of attacks, in order to facilitate the development of detection and defense mechanisms.<\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('340','tp_abstract')\">Cerrar<\/a><\/p><\/div><div class=\"tp_links\" id=\"tp_links_340\" style=\"display:none;\"><div class=\"tp_links_entry\"><ul class=\"tp_pub_list\"><li><i class=\"ai ai-doi\"><\/i><a class=\"tp_pub_list\" href=\"https:\/\/dx.doi.org\/10.1007\/11935308_20\" title=\"DOI de seguimiento:10.1007\/11935308_20\" target=\"_blank\">doi:10.1007\/11935308_20<\/a><\/li><\/ul><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('340','tp_links')\">Cerrar<\/a><\/p><\/div><\/div><\/div><h3 class=\"tp_h3\" id=\"tp_h3_2005\">2005<\/h3><div class=\"tp_publication tp_publication_inproceedings\"><div class=\"tp_pub_info\"><p class=\"tp_pub_author\"> D\u00edaz-Verdejo, J.;  Est\u00e9vez-Tapiador, J. M.;  Garc\u00eda-Teodoro, P.<\/p><p class=\"tp_pub_title\">Aplicaci\u00f3n de t\u00e9cnicas de agrupamiento a la detecci\u00f3n de intrusiones en red mediante N3 <span class=\"tp_pub_type tp_  inproceedings\">Proceedings Article<\/span> <\/p><p class=\"tp_pub_additional\"><span class=\"tp_pub_additional_in\">En: <\/span><span class=\"tp_pub_additional_booktitle\">Actas del I Simposio sobre Seguridad Inform\u00e1tica (SSI'05), <\/span><span class=\"tp_pub_additional_pages\">pp. 101\u2013108, <\/span><span class=\"tp_pub_additional_year\">2005<\/span>.<\/p><p class=\"tp_pub_menu\"><span class=\"tp_abstract_link\"><a id=\"tp_abstract_sh_342\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('342','tp_abstract')\" title=\"Mostrar resumen\" style=\"cursor:pointer;\">Resumen<\/a><\/span> | <span class=\"tp_bibtex_link\"><a id=\"tp_bibtex_sh_342\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('342','tp_bibtex')\" title=\"Mostrar entrada BibTeX \" style=\"cursor:pointer;\">BibTeX<\/a><\/span><\/p><div class=\"tp_bibtex\" id=\"tp_bibtex_342\" style=\"display:none;\"><div class=\"tp_bibtex_entry\"><pre>@inproceedings{Diaz-verdejo-ssi05,<br \/>\r\ntitle = {Aplicaci\u00f3n de t\u00e9cnicas de agrupamiento a la detecci\u00f3n de intrusiones en red mediante N3},<br \/>\r\nauthor = {J. D\u00edaz-Verdejo and J. M. Est\u00e9vez-Tapiador and P. Garc\u00eda-Teodoro},<br \/>\r\nyear  = {2005},<br \/>\r\ndate = {2005-01-01},<br \/>\r\nbooktitle = {Actas del I Simposio sobre Seguridad Inform\u00e1tica (SSI'05)},<br \/>\r\npages = {101--108},<br \/>\r\nabstract = {En el presente trabajo se desarrollan t\u00e9cni- cas de agrupamiento de vectores de carac- ter\u00edsticas para su aplicaci\u00f3n en un sistema de detecci\u00f3n de intrusiones en red propuesto por los autores. Este sistema, denominado de Vecino Normal m\u00e1s Cercano (N3), propor- ciona unos excelentes resultados de detecci\u00f3n, aunque adolece de un alto coste computacional para su aplicaci\u00f3n efectiva en entornos reales. En este trabajo se mostrar\u00e1 que, mediante la aplicaci\u00f3n de t\u00e9cnicas de agrupamiento, es posible reducir significativamente la compleji- dad computacional del sistema, sin degradar los resultados de detecci\u00f3n.},<br \/>\r\nkeywords = {},<br \/>\r\npubstate = {published},<br \/>\r\ntppubtype = {inproceedings}<br \/>\r\n}<br \/>\r\n<\/pre><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('342','tp_bibtex')\">Cerrar<\/a><\/p><\/div><div class=\"tp_abstract\" id=\"tp_abstract_342\" style=\"display:none;\"><div class=\"tp_abstract_entry\">En el presente trabajo se desarrollan t\u00e9cni- cas de agrupamiento de vectores de carac- ter\u00edsticas para su aplicaci\u00f3n en un sistema de detecci\u00f3n de intrusiones en red propuesto por los autores. Este sistema, denominado de Vecino Normal m\u00e1s Cercano (N3), propor- ciona unos excelentes resultados de detecci\u00f3n, aunque adolece de un alto coste computacional para su aplicaci\u00f3n efectiva en entornos reales. En este trabajo se mostrar\u00e1 que, mediante la aplicaci\u00f3n de t\u00e9cnicas de agrupamiento, es posible reducir significativamente la compleji- dad computacional del sistema, sin degradar los resultados de detecci\u00f3n.<\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('342','tp_abstract')\">Cerrar<\/a><\/p><\/div><\/div><\/div><div class=\"tp_publication tp_publication_inproceedings\"><div class=\"tp_pub_info\"><p class=\"tp_pub_author\"> Maci\u00e1, G.;  D\u00edaz-Verdejo, J. E.<\/p><p class=\"tp_pub_title\">An\u00e1lisis del coste del protocolo PIM-DM en topolog\u00edas sin bucles <span class=\"tp_pub_type tp_  inproceedings\">Proceedings Article<\/span> <\/p><p class=\"tp_pub_additional\"><span class=\"tp_pub_additional_in\">En: <\/span><span class=\"tp_pub_additional_booktitle\">Actas de las V jornadas de Ingenier\u00eda Telem\u00e1tica (JITEL '05), <\/span><span class=\"tp_pub_additional_pages\">pp. 531\u2013538, <\/span><span class=\"tp_pub_additional_year\">2005<\/span>.<\/p><p class=\"tp_pub_menu\"><span class=\"tp_abstract_link\"><a id=\"tp_abstract_sh_343\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('343','tp_abstract')\" title=\"Mostrar resumen\" style=\"cursor:pointer;\">Resumen<\/a><\/span> | <span class=\"tp_bibtex_link\"><a id=\"tp_bibtex_sh_343\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('343','tp_bibtex')\" title=\"Mostrar entrada BibTeX \" style=\"cursor:pointer;\">BibTeX<\/a><\/span><\/p><div class=\"tp_bibtex\" id=\"tp_bibtex_343\" style=\"display:none;\"><div class=\"tp_bibtex_entry\"><pre>@inproceedings{Macia-jitel05,<br \/>\r\ntitle = {An\u00e1lisis del coste del protocolo PIM-DM en topolog\u00edas sin bucles},<br \/>\r\nauthor = {G. Maci\u00e1 and J. E. D\u00edaz-Verdejo},<br \/>\r\nyear  = {2005},<br \/>\r\ndate = {2005-01-01},<br \/>\r\nbooktitle = {Actas de las V jornadas de Ingenier\u00eda Telem\u00e1tica (JITEL '05)},<br \/>\r\npages = {531--538},<br \/>\r\nabstract = {This work presents an approach to estimate the number of overhead packets, both for data an control traffic, generated by the use of the PIM-DM protocol. A loop-free network topology and equal transmission speeds and propagation times for all the links in the network are assumed. Although restrictive at a first glance, the results show a good performance in simulated real networks when mean values for the link parameters are used. The expres- sions are deduced from the protocol functioning, overcoming limitations and approximations of previously published works},<br \/>\r\nkeywords = {},<br \/>\r\npubstate = {published},<br \/>\r\ntppubtype = {inproceedings}<br \/>\r\n}<br \/>\r\n<\/pre><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('343','tp_bibtex')\">Cerrar<\/a><\/p><\/div><div class=\"tp_abstract\" id=\"tp_abstract_343\" style=\"display:none;\"><div class=\"tp_abstract_entry\">This work presents an approach to estimate the number of overhead packets, both for data an control traffic, generated by the use of the PIM-DM protocol. A loop-free network topology and equal transmission speeds and propagation times for all the links in the network are assumed. Although restrictive at a first glance, the results show a good performance in simulated real networks when mean values for the link parameters are used. The expres- sions are deduced from the protocol functioning, overcoming limitations and approximations of previously published works<\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('343','tp_abstract')\">Cerrar<\/a><\/p><\/div><\/div><\/div><div class=\"tp_publication tp_publication_inproceedings\"><div class=\"tp_pub_info\"><p class=\"tp_pub_author\"> Est\u00e9vez-Tapiador, Juan M.;  Garc\u00eda-Teodoro, Pedro;  D\u00edaz-Verdejo, Jes\u00fas E.<\/p><p class=\"tp_pub_title\"><a class=\"tp_title_link\" onclick=\"teachpress_pub_showhide('346','tp_links')\" style=\"cursor:pointer;\">Detection of web-based attacks through Markovian protocol parsing<\/a> <span class=\"tp_pub_type tp_  inproceedings\">Proceedings Article<\/span> <\/p><p class=\"tp_pub_additional\"><span class=\"tp_pub_additional_in\">En: <\/span><span class=\"tp_pub_additional_booktitle\">Proceedings - IEEE Symposium on Computers and Communications, <\/span><span class=\"tp_pub_additional_pages\">pp. 457\u2013462, <\/span><span class=\"tp_pub_additional_year\">2005<\/span>, <span class=\"tp_pub_additional_issn\">ISSN: 15301346<\/span>.<\/p><p class=\"tp_pub_menu\"><span class=\"tp_abstract_link\"><a id=\"tp_abstract_sh_346\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('346','tp_abstract')\" title=\"Mostrar resumen\" style=\"cursor:pointer;\">Resumen<\/a><\/span> | <span class=\"tp_resource_link\"><a id=\"tp_links_sh_346\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('346','tp_links')\" title=\"Mostrar enlaces y recursos\" style=\"cursor:pointer;\">Enlaces<\/a><\/span> | <span class=\"tp_bibtex_link\"><a id=\"tp_bibtex_sh_346\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('346','tp_bibtex')\" title=\"Mostrar entrada BibTeX \" style=\"cursor:pointer;\">BibTeX<\/a><\/span><\/p><div class=\"tp_bibtex\" id=\"tp_bibtex_346\" style=\"display:none;\"><div class=\"tp_bibtex_entry\"><pre>@inproceedings{Estevez-Tapiador2005,<br \/>\r\ntitle = {Detection of web-based attacks through Markovian protocol parsing},<br \/>\r\nauthor = {Juan M. Est\u00e9vez-Tapiador and Pedro Garc\u00eda-Teodoro and Jes\u00fas E. D\u00edaz-Verdejo},<br \/>\r\ndoi = {10.1109\/ISCC.2005.51},<br \/>\r\nissn = {15301346},<br \/>\r\nyear  = {2005},<br \/>\r\ndate = {2005-01-01},<br \/>\r\nbooktitle = {Proceedings - IEEE Symposium on Computers and Communications},<br \/>\r\npages = {457--462},<br \/>\r\nabstract = {This paper presents a novel approach based on the monitoring of incoming HTTP requests to detect attacks against web servers. The detection is accomplished through a Markovian model whose states and transitions between them are determined from the specification of the HTTP protocol, while the probabilities of the symbols associated to the Markovian source are obtained during a training stage according to a set of attack-free requests for the target server. The experiments carried out show a high detection capability with low false positive rates at reasonable computation requirements. textcopyright 2005 IEEE.},<br \/>\r\nkeywords = {},<br \/>\r\npubstate = {published},<br \/>\r\ntppubtype = {inproceedings}<br \/>\r\n}<br \/>\r\n<\/pre><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('346','tp_bibtex')\">Cerrar<\/a><\/p><\/div><div class=\"tp_abstract\" id=\"tp_abstract_346\" style=\"display:none;\"><div class=\"tp_abstract_entry\">This paper presents a novel approach based on the monitoring of incoming HTTP requests to detect attacks against web servers. The detection is accomplished through a Markovian model whose states and transitions between them are determined from the specification of the HTTP protocol, while the probabilities of the symbols associated to the Markovian source are obtained during a training stage according to a set of attack-free requests for the target server. The experiments carried out show a high detection capability with low false positive rates at reasonable computation requirements. textcopyright 2005 IEEE.<\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('346','tp_abstract')\">Cerrar<\/a><\/p><\/div><div class=\"tp_links\" id=\"tp_links_346\" style=\"display:none;\"><div class=\"tp_links_entry\"><ul class=\"tp_pub_list\"><li><i class=\"ai ai-doi\"><\/i><a class=\"tp_pub_list\" href=\"https:\/\/dx.doi.org\/10.1109\/ISCC.2005.51\" title=\"DOI de seguimiento:10.1109\/ISCC.2005.51\" target=\"_blank\">doi:10.1109\/ISCC.2005.51<\/a><\/li><\/ul><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('346','tp_links')\">Cerrar<\/a><\/p><\/div><\/div><\/div><div class=\"tp_publication tp_publication_inproceedings\"><div class=\"tp_pub_info\"><p class=\"tp_pub_author\"> D\u00edaz-Verdejo, Jes\u00fas;  Est\u00e9vez-Tapiador, Juan M.;  Garc\u00eda-Teodoro, Pedro<\/p><p class=\"tp_pub_title\">T\u00e9cnicas de agrupamiento vectorial y detecci\u00f3n geom\u00e9trica de anomal\u00edas en red <span class=\"tp_pub_type tp_  inproceedings\">Proceedings Article<\/span> <\/p><p class=\"tp_pub_additional\"><span class=\"tp_pub_additional_in\">En: <\/span><span class=\"tp_pub_additional_booktitle\">Actas de las V jornadas de Ingenier\u00eda Telem\u00e1tica (JITEL '05), <\/span><span class=\"tp_pub_additional_pages\">pp. 394\u2013406, <\/span><span class=\"tp_pub_additional_year\">2005<\/span>.<\/p><p class=\"tp_pub_menu\"><span class=\"tp_abstract_link\"><a id=\"tp_abstract_sh_341\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('341','tp_abstract')\" title=\"Mostrar resumen\" style=\"cursor:pointer;\">Resumen<\/a><\/span> | <span class=\"tp_bibtex_link\"><a id=\"tp_bibtex_sh_341\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('341','tp_bibtex')\" title=\"Mostrar entrada BibTeX \" style=\"cursor:pointer;\">BibTeX<\/a><\/span><\/p><div class=\"tp_bibtex\" id=\"tp_bibtex_341\" style=\"display:none;\"><div class=\"tp_bibtex_entry\"><pre>@inproceedings{Diaz-verdejo-jitel2005,<br \/>\r\ntitle = {T\u00e9cnicas de agrupamiento vectorial y detecci\u00f3n geom\u00e9trica de anomal\u00edas en red},<br \/>\r\nauthor = {Jes\u00fas D\u00edaz-Verdejo and Juan M. Est\u00e9vez-Tapiador and Pedro Garc\u00eda-Teodoro},<br \/>\r\nyear  = {2005},<br \/>\r\ndate = {2005-01-01},<br \/>\r\nbooktitle = {Actas de las V jornadas de Ingenier\u00eda Telem\u00e1tica (JITEL '05)},<br \/>\r\npages = {394--406},<br \/>\r\nabstract = {This paper presents some issues concerning N3 -a geometrical based Intrusion Detection System (IDS)- related with its computational performance. Despite its good behavior as an IDS, the scoring of an observed traffic instance by N3 requires its comparison with a set of instances representing the normality model obtained during a training stage. As the size of the training set increases, so do the detection capabilities of N3. Nevertheless, there is a counterpart: a significant increase in computational effort. Our goal is to reduce the size of the normality model and, therefore, the computational requirements of N3, without degrading its detection capabilities. For this purpose, two clustering techniques are proposed and evaluated. The first one is inspired by the well-known k-means algorithm, as k-means is not directly applicable to tackle this problem. The second one is an ad hoc technique developed for this case. Both algorithms allow us to achieve the proposed goal},<br \/>\r\nkeywords = {},<br \/>\r\npubstate = {published},<br \/>\r\ntppubtype = {inproceedings}<br \/>\r\n}<br \/>\r\n<\/pre><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('341','tp_bibtex')\">Cerrar<\/a><\/p><\/div><div class=\"tp_abstract\" id=\"tp_abstract_341\" style=\"display:none;\"><div class=\"tp_abstract_entry\">This paper presents some issues concerning N3 -a geometrical based Intrusion Detection System (IDS)- related with its computational performance. Despite its good behavior as an IDS, the scoring of an observed traffic instance by N3 requires its comparison with a set of instances representing the normality model obtained during a training stage. As the size of the training set increases, so do the detection capabilities of N3. Nevertheless, there is a counterpart: a significant increase in computational effort. Our goal is to reduce the size of the normality model and, therefore, the computational requirements of N3, without degrading its detection capabilities. For this purpose, two clustering techniques are proposed and evaluated. The first one is inspired by the well-known k-means algorithm, as k-means is not directly applicable to tackle this problem. The second one is an ad hoc technique developed for this case. Both algorithms allow us to achieve the proposed goal<\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('341','tp_abstract')\">Cerrar<\/a><\/p><\/div><\/div><\/div><h3 class=\"tp_h3\" id=\"tp_h3_2003\">2003<\/h3><div class=\"tp_publication tp_publication_inproceedings\"><div class=\"tp_pub_info\"><p class=\"tp_pub_author\"> Est\u00e9vez-Tapiador, Juan M.;  Garc\u00eda-Teodoro, Pedro;  D\u00edaz-Verdejo, Jes\u00fas E.<\/p><p class=\"tp_pub_title\">Identificaci\u00f3n de Tr\u00e1fico An\u00f3malo mediante Modelado Estad\u00edstico de Protocolos. Aplicaci\u00f3n a la Detecci\u00f3n de Intrusiones en Redes <span class=\"tp_pub_type tp_  inproceedings\">Proceedings Article<\/span> <\/p><p class=\"tp_pub_additional\"><span class=\"tp_pub_additional_in\">En: <\/span><span class=\"tp_pub_additional_booktitle\">Actas de las IV Jornadas de Ingenier\u00eda Telem\u00e1tica (JITEL '03), <\/span><span class=\"tp_pub_additional_pages\">pp. 17\u201324, <\/span><span class=\"tp_pub_additional_year\">2003<\/span>.<\/p><p class=\"tp_pub_menu\"><span class=\"tp_abstract_link\"><a id=\"tp_abstract_sh_360\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('360','tp_abstract')\" title=\"Mostrar resumen\" style=\"cursor:pointer;\">Resumen<\/a><\/span> | <span class=\"tp_bibtex_link\"><a id=\"tp_bibtex_sh_360\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('360','tp_bibtex')\" title=\"Mostrar entrada BibTeX \" style=\"cursor:pointer;\">BibTeX<\/a><\/span><\/p><div class=\"tp_bibtex\" id=\"tp_bibtex_360\" style=\"display:none;\"><div class=\"tp_bibtex_entry\"><pre>@inproceedings{Estevez-tapiador-jitel2003,<br \/>\r\ntitle = {Identificaci\u00f3n de Tr\u00e1fico An\u00f3malo mediante Modelado Estad\u00edstico de Protocolos. Aplicaci\u00f3n a la Detecci\u00f3n de Intrusiones en Redes},<br \/>\r\nauthor = {Juan M. Est\u00e9vez-Tapiador and Pedro Garc\u00eda-Teodoro and Jes\u00fas E. D\u00edaz-Verdejo},<br \/>\r\nyear  = {2003},<br \/>\r\ndate = {2003-01-01},<br \/>\r\nbooktitle = {Actas de las IV Jornadas de Ingenier\u00eda Telem\u00e1tica (JITEL '03)},<br \/>\r\npages = {17--24},<br \/>\r\nabstract = {This paper presents a new method for detecting anomalies in the usage of protocols in computer networks. The proposed approach is illustrated through its application to TCP and disposed in two steps. First, a quantization of the protocol header space is accomplished, so that a unique symbol is associated with each protocol instance. Network traffic is thus captured and represented by a sequence of symbols. The modeling of these temporal sequences by means of a Markov chain constitutes the second step in our approach. Once the model is built it is possible to use it as a representation of the \u201cnormal\u201d usage of the protocol, so that deviations from the behavior provided by the model can be considered as a sign of protocol misusage. Preliminary experimental results reveal that several protocol misusages used in certain network attacks are detected through the introduced scheme. Additionally, anomaly-based protocol modeling can be used in conjunction with other intrusion detection techniques for improving the performance of current detection technology.},<br \/>\r\nkeywords = {},<br \/>\r\npubstate = {published},<br \/>\r\ntppubtype = {inproceedings}<br \/>\r\n}<br \/>\r\n<\/pre><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('360','tp_bibtex')\">Cerrar<\/a><\/p><\/div><div class=\"tp_abstract\" id=\"tp_abstract_360\" style=\"display:none;\"><div class=\"tp_abstract_entry\">This paper presents a new method for detecting anomalies in the usage of protocols in computer networks. The proposed approach is illustrated through its application to TCP and disposed in two steps. First, a quantization of the protocol header space is accomplished, so that a unique symbol is associated with each protocol instance. Network traffic is thus captured and represented by a sequence of symbols. The modeling of these temporal sequences by means of a Markov chain constitutes the second step in our approach. Once the model is built it is possible to use it as a representation of the \u201cnormal\u201d usage of the protocol, so that deviations from the behavior provided by the model can be considered as a sign of protocol misusage. Preliminary experimental results reveal that several protocol misusages used in certain network attacks are detected through the introduced scheme. Additionally, anomaly-based protocol modeling can be used in conjunction with other intrusion detection techniques for improving the performance of current detection technology.<\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('360','tp_abstract')\">Cerrar<\/a><\/p><\/div><\/div><\/div><\/div><div class=\"tablenav\"><div class=\"tablenav-pages\"><span class=\"displaying-num\">51 registros<\/span> <a class=\"page-numbers button disabled\">&laquo;<\/a> <a class=\"page-numbers button disabled\">&lsaquo;<\/a> 1 de 2 <a href=\"https:\/\/dtstc.ugr.es\/neus-cslab\/publicaciones\/actas\/?limit=2&amp;tgid=&amp;yr=&amp;type=&amp;usr=&amp;auth=&amp;tsr=#tppubs\" title=\"p\u00e1gina siguiente\" class=\"page-numbers button\">&rsaquo;<\/a> <a href=\"https:\/\/dtstc.ugr.es\/neus-cslab\/publicaciones\/actas\/?limit=2&amp;tgid=&amp;yr=&amp;type=&amp;usr=&amp;auth=&amp;tsr=#tppubs\" title=\"\u00faltima p\u00e1gina\" class=\"page-numbers button\">&raquo;<\/a> <\/div><\/div><\/div><\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Revistas Actas congresos libros Cap. libros<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":908,"menu_order":2,"comment_status":"closed","ping_status":"closed","template":"","meta":{"ocean_post_layout":"full-width","ocean_both_sidebars_style":"","ocean_both_sidebars_content_width":0,"ocean_both_sidebars_sidebars_width":0,"ocean_sidebar":"0","ocean_second_sidebar":"0","ocean_disable_margins":"enable","ocean_add_body_class":"","ocean_shortcode_before_top_bar":"","ocean_shortcode_after_top_bar":"","ocean_shortcode_before_header":"","ocean_shortcode_after_header":"","ocean_has_shortcode":"","ocean_shortcode_after_title":"","ocean_shortcode_before_footer_widgets":"","ocean_shortcode_after_footer_widgets":"","ocean_shortcode_before_footer_bottom":"","ocean_shortcode_after_footer_bottom":"","ocean_display_top_bar":"default","ocean_display_header":"default","ocean_header_style":"","ocean_center_header_left_menu":"0","ocean_custom_header_template":"0","ocean_custom_logo":0,"ocean_custom_retina_logo":0,"ocean_custom_logo_max_width":0,"ocean_custom_logo_tablet_max_width":0,"ocean_custom_logo_mobile_max_width":0,"ocean_custom_logo_max_height":0,"ocean_custom_logo_tablet_max_height":0,"ocean_custom_logo_mobile_max_height":0,"ocean_header_custom_menu":"0","ocean_menu_typo_font_family":"0","ocean_menu_typo_font_subset":"","ocean_menu_typo_font_size":0,"ocean_menu_typo_font_size_tablet":0,"ocean_menu_typo_font_size_mobile":0,"ocean_menu_typo_font_size_unit":"px","ocean_menu_typo_font_weight":"","ocean_menu_typo_font_weight_tablet":"","ocean_menu_typo_font_weight_mobile":"","ocean_menu_typo_transform":"","ocean_menu_typo_transform_tablet":"","ocean_menu_typo_transform_mobile":"","ocean_menu_typo_line_height":0,"ocean_menu_typo_line_height_tablet":0,"ocean_menu_typo_line_height_mobile":0,"ocean_menu_typo_line_height_unit":"","ocean_menu_typo_spacing":0,"ocean_menu_typo_spacing_tablet":0,"ocean_menu_typo_spacing_mobile":0,"ocean_menu_typo_spacing_unit":"","ocean_menu_link_color":"","ocean_menu_link_color_hover":"","ocean_menu_link_color_active":"","ocean_menu_link_background":"","ocean_menu_link_hover_background":"","ocean_menu_link_active_background":"","ocean_menu_social_links_bg":"","ocean_menu_social_hover_links_bg":"","ocean_menu_social_links_color":"","ocean_menu_social_hover_links_color":"","ocean_disable_title":"default","ocean_disable_heading":"default","ocean_post_title":"","ocean_post_subheading":"","ocean_post_title_style":"","ocean_post_title_background_color":"","ocean_post_title_background":0,"ocean_post_title_bg_image_position":"","ocean_post_title_bg_image_attachment":"","ocean_post_title_bg_image_repeat":"","ocean_post_title_bg_image_size":"","ocean_post_title_height":0,"ocean_post_title_bg_overlay":0.5,"ocean_post_title_bg_overlay_color":"","ocean_disable_breadcrumbs":"default","ocean_breadcrumbs_color":"","ocean_breadcrumbs_separator_color":"","ocean_breadcrumbs_links_color":"","ocean_breadcrumbs_links_hover_color":"","ocean_display_footer_widgets":"default","ocean_display_footer_bottom":"default","ocean_custom_footer_template":"0","footnotes":""},"class_list":["post-1470","page","type-page","status-publish","hentry","entry"],"_links":{"self":[{"href":"https:\/\/dtstc.ugr.es\/neus-cslab\/wp-json\/wp\/v2\/pages\/1470","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dtstc.ugr.es\/neus-cslab\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/dtstc.ugr.es\/neus-cslab\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/dtstc.ugr.es\/neus-cslab\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dtstc.ugr.es\/neus-cslab\/wp-json\/wp\/v2\/comments?post=1470"}],"version-history":[{"count":3,"href":"https:\/\/dtstc.ugr.es\/neus-cslab\/wp-json\/wp\/v2\/pages\/1470\/revisions"}],"predecessor-version":[{"id":3470,"href":"https:\/\/dtstc.ugr.es\/neus-cslab\/wp-json\/wp\/v2\/pages\/1470\/revisions\/3470"}],"up":[{"embeddable":true,"href":"https:\/\/dtstc.ugr.es\/neus-cslab\/wp-json\/wp\/v2\/pages\/908"}],"wp:attachment":[{"href":"https:\/\/dtstc.ugr.es\/neus-cslab\/wp-json\/wp\/v2\/media?parent=1470"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}