Alejandro Zunino

An empirical comparison of botnet detection methods

The results of botnet detection methods are usually presented without any comparison. Although it is generally accepted that more comparisons with third-party methods may help to improve the area, few papers could do it. Among the factors that prevent a comparison are the difficulties to share a dataset, the lack of a good dataset, the absence of a proper description of the methods and the lack of a comparison methodology. This paper compares the output of three different botnet detection methods by executing them over a new, real, labeled and large botnet dataset. This dataset includes botnet, normal and background traffic. The results of our two methods (BClus and CAMNEP) and BotHunter were compared using a methodology and a novel error metric designed for botnet detections methods. We conclude that comparing methods indeed helps to better estimate how good the methods are, to improve the algorithms, to build better datasets and to build a comparison methodology.

Easy web service discovery: A query-by-example approach

Web services have acquired enormous popularity among software developers. This popularity has motivated developers to publish a large number of Web service descriptions in UDDI registries. Although these registries provide search facilities, they are still rather difficult to use and often require service consumers to spend too much time manually browsing and selecting service descriptions. This paper presents a novel search method for Web services called WSQBE that aims at both easing query specification and assisting discoverers by returning a short and accurate list of candidate services. In contrast with previous approaches, WSQBE discovery process is based on an automatic search space reduction mechanism that makes this approach more efficient. Empirical evaluations of WSQBE search space reduction mechanism, retrieval performance, processing time and memory usage, using a registry with 391 service descriptions, are presented.

A Survey of Approaches to Web Service Discovery in Service-Oriented Architectures

Discovering services acquires importance as Service-Oriented Computing SOC becomes an adopted paradigm. SOCs most popular materializations, namely Web Services technologies, have different challenges related to service discovery and, in turn, many approaches have been proposed. As these approaches are different, one solution may be better than another according to certain requirements. In consequence, choosing a service discovery system is a hard task. To alleviate this task, this paper proposes eight criteria, based on the requirements for discovering services within common service-oriented environments, allowing the characterization of discovery systems. These criteria cover functional and non-functional aspects of approaches to service discovery. The results of the characterization of 22 contemporary approaches and potential research directions for the area are also shown.

Improving Web Service descriptions for effective service discovery

Service-Oriented Computing (SOC) is a new paradigm that replaces the traditional way to develop distributed software with a combination of discovery, engagement and reuse of third-party services. Web Service technologies are currently the most adopted alternative for implementing the SOC paradigm. However, Web Service discovery presents many challenges that, in the end, hinder service reuse. This paper reports frequent practices present in a body of public services that attempt to prevent the discovery of any service. In addition, we have studied how to solve the discoverability problems that these bad practices cause. Accordingly, this paper presents a novel catalog of eight Web Service discoverability anti-patterns. We conducted a comparative analysis of the retrieval effectiveness of three discovery systems by using the original body of Web Services versus their corrected version. This experiment shows that the removal of the identified anti-patterns eases the discovery process by allowing the employed discovery systems to rank more relevant services before non-relevant ones, with the same queries. Moreover, we conducted a survey to collect the opinions from 26 individuals about whether the improved descriptions are more intelligible than the original ones. This experiment provides more evidence of the importance of correcting the observed problems.

RESTful service composition at a glance

In the last years, Web Service composition has undoubtedly become the most promising way to integrate business-to-business applications. However, the industry and the academia often disagree on materializing current solutions, which are based on either SOAP Web Services or semantic Web Services. Besides, any service composition mechanism entails multiple and complex factors such as adaptability, scalability and lightweightness. Recently, RESTful services have shown their potential to compose reliable and visible Web-scale applications based on the so-called mashups. In this paper, we survey a comprehensive set of RESTful composition approaches, i.e., the most promising in their area, totaling 29 approaches. Then, we propose two sets of features to analyze, characterize and compare such approaches: features inherent to SOAP services composition approaches and RESTful services composition features. Lastly, we discuss research challenges and open research problems in the area.

Introducing mobile devices into Grid systems: a survey

Mobile device capabilities have been steadily increasing in the past years. Therefore, mobile Grids potential benefits have encouraged research on this topic. Researchers have identified several issues, such as energy consumption and limited resources, that steam from using mobile devices because they are small computers that run on battery and can move outside of the wireless coverage area. This paper analyses these issues discusses proposed solutions to them in the different Grid abstraction levels from Grid fabric layer to Grid user application layer. Finally, we propose a taxonomy that considers the use of mobile devices and discuss future research opportunities.

Survey on network-based botnet detection methods

Botnets are an important security problem on the Internet. They continuously evolve their structure, protocols and attacks. This survey analyzes and compares the most important efforts carried out in a network-based detection area. It accomplishes four tasks: first, the comparison of previous surveys and the proposal of four new dimensions to analyze their classification schemes; second, a new classification and comparison of network-based botnet detection proposals, which includes the definition of 20 desired properties of every botnet detection paper; third, an extensive comparison between the most representative detection proposals; and fourth, the description of the most important problems and highlights in the area. We conclude that the area has achieved great advances so far, but there are still many open problems. Copyright

Automatically Detecting Opportunities for Web Service Descriptions Improvement

Mostly e-business and e-applications rely on the Service Oriented Computing paradigm and its most popular implementation, namely Web Services. When properly implemented and described, Web Services can be dynamically discovered and reused using Internet technologies, pushing interoperability to unprecedented levels. However, poorly described Web Services are rather difficult to be discovered, understood, and reused. This paper presents heuristics for automatically detecting common pitfalls that should be avoided when creating Web Service descriptions. Experimental results with ca. 400 real-world Web Services, empirically show the feasibility of the proposed heuristics.

Best practices for describing, consuming, and discovering web services: a comprehensive toolset

The service‐oriented computing (SOC) paradigm has recently gained a lot of attention in the software industry because SOC represents a novel and a fresh way of architecting distributed applications. SOC is usually materialized via web services, which allows developers to structure applications exposing a clear, public interface to their capabilities. Although conceptually and technologically mature, SOC still lacks adequate development support from a methodological point of view. In this paper, we present the EasySOC project, a set of guidelines to simplify the development of service‐oriented applications and services. EasySOC is a synthesized catalog of best SOC development practices that arise as a result of several years of research in fundamental Services Computing topics, that is, Web Service Description Language‐based technical specification, Web Service discovery, and Web Service outsourcing. In addition, we describe a materialization of the guidelines for the Java language, which has been implemented as a plug‐in for the Eclipse IDE. We believe that both the practical nature of the guidelines and the availability of this software that enforces them may help software practitioners to rapidly exploit our ideas for building real SOC applications. Copyright

A tool to improve code-first Web services discoverability through text mining techniques

Service‐oriented development is challenging mainly because Web service developers tend to disregard the importance of the exposed service APIs, which are specified using Web Service Description Language (WSDL) documents. Methodologically, WSDL documents can be either manually generated or inferred from service implementations using WSDL generation tools. The latter option, called code first, is the most used approach in the industry. However, it is known that there are some bad practices in service implementations or defects in WSDL generation tools that may cause WSDL documents to present WSDL anti‐patterns, which in turn compromise the chances of documents of being discovered and understood. In this paper, we present a software tool that assists developers in obtaining WSDL documents with as few WSDL anti‐patterns as possible. The tool combines text mining and meta‐programming techniques to process service implementations and is developed as an Eclipse plug‐in. An evaluation of the tool by using a data‐set of real service implementations in terms of anti‐pattern avoidance accuracy and discovery performance by using classical Information Retrieval metrics—Precision‐at‐n, Recall and Normalized Discounted Cumulative Gain—is also reported.Copyright