Igor Ruiz-Agundez

Fraud detection for voice over IP services on next-generation networks

The deployment of Next-Generation Networks (NGN) is a challenge that requires integrating heterogeneous services into a global system of All-IP telecommunications. These networks carry voice, data, and multimedia traffic over the Internet, providing users with the information they want in any format, amount, device, place or moment. Still, there are certain issues, such as the emerging security risks or the billing paradigms of the services offered, which demand deeper research in order to guarantee the stability and the revenue of such systems. Against this background, we analyse the security requirements of NGN and introduce a fraud management system based on misuse detection for Voice over IP services. Specifically, we address a fraud detection framework consisting of a rule engine built over a knowledge base. We detail the architecture of our model and describe a case study illustrating a possible fraud and how our system detects it, proving in this way, its feasibility in this task.

Service Authentication via Electronic Identification Cards: VoIP Service Authentication through the DNIe

User authentication is one of the most popular techniques used in access control systems. It provides with trustful confirmation about the identity of a person when she attempts to use a service. It ensures that a user is who she claims to be verifying by that she is allowed to use a certain service. Different governments and agencies have attempted to create a universal authentication device to allow easy access to e-government services and potentially to any corporative service. Authentication contributes to the unequivocal identification of the user. In this research, we focus on the Spanish electronic identification card (also known as DNIe). In our research we focus on authentication through the DNIe because it provides with two levels of security. Authenticating with the DNIe implies having the electronic identification card (eID card) and knowing the card holders verification password. We implement a methodology that integrates DNIe authentication in any application through a service library component seamlessly. This authentication methodology takes advantage of all the DNIe capabilities and includes the following steps: connection to the eID card, load of user certificates, generation of a verification challenge, signing and verification of this challenge by using cryptographic techniques, and finally, accepting or rejecting user identification. In order to validate this methodology, we integrate our seamless authentication library in a Voice over IP application. Currently, this methodology is being used in call-centres that need to unequivocally validate the identity of the operators in each call and operation they perform.

Recognizing Banknote Patterns for Protecting Economic Transactions

In this paper, we describe the functionality and operational features of a system for recognizing and authenticating EURion constellation in Euro bank notes. This system will be showcased in a demonstration showroom of the IMPRESS workshop at DEXA 2010, presenting the specific coding and processing requirements of this pattern.

Integral Misuse and Anomaly Detection and Prevention System

Nowadays hardly anyone will dare to deny the serious security problems that computer networks must cope with. Old-fashioned techniques for isolating the network and providing a secure access control are just impotent to stop the attack flood since the production of code with harmful intentions grows not only in number but in quality as well. Network Intrusion Detection Systems (NIDS) were developed with this scenario in mind. Historically, the first efficient methodology was misuse detection, consisting on recognising malicious behaviours based upon a knowledge base. This technique successes on discovering threads already registered in its database but fails when detecting new, unknown menaces. Anomaly detection was specifically designed to address this shortcoming. This kind of techniques model the legitimate usage of the system in order to afterwards notice, evaluate and, if applies, avoid deviations from that normal profile. Still, its efficiency decreases dramatically when handling well-known attacks, specially if compared to misuse detections systems. As the reader may note, both do flop when applied to each other’s natural domain. More in detail, misuse detection is currently the most extended approach for intrusion prevention, mainly due to its efficiency and easy administration. It’s philosophy is quite simple: based on a rule base that models a high number of network attacks, the system compares incoming traffic with the registered patterns to identify any of these attacks. Hence, it does not produce any false positive (since it always finds exactly what is registered) but it cannot detect any new threat. Further, any slightly-modified attack will pass unnoticed. And, finally, the knowledge base itself poses one of the biggest problems to misuse detection: as it grows, the time to search on it increases as well and, after some time, it may require too long to be used on real-time. Anomaly detection systems, on the contrary, start not from malicious but from legitimate behaviour in order to model what it is allowed to do. Any deviation from this conduct will be seen as a potential menace. Unfortunately, this methodology is a two-sided sword since, though it allows to discover new unknown risks, it also produces false positives (i.e. packets or situations marked as attack when they are not). Moreover, anomaly detection presents a constant throughput since its knowledge base does not grow uncontrollably but gets adapted to new situations or behaviours. Again, an advantage is also source of problems because it is theoretically possible to make use of this continuous learning to little by little modify the knowledge so it ends seeing attacks as proper traffic (in NIDS jargon, this phenomenon is known as session creeping). This is, its knowledge tends to be unstable. Finally, anomaly detection, unlike misuse, demands high maintenance efforts (and costs). In sum, Integral Misuse and Anomaly Detection and Prevention System

Knowledge Mining from the Twitter Social Network: The Case of Barack Obama

Social networks build up a representation of the social structure on the Internet by enabling new ways of communication and understanding of human relations. These networks generate big amounts of information on which we can apply mining techniques in order to extract knowledge. Different works have studied many aspects of social networks, but just a few of them focused on text mining in social networks. In this work, we focus on the Twitter social network features and specifically on the use of this network by a representative, and well-known, user’s behaviour. We extracted all the contents that previously Senator and then President Barack Obama has shared in this service in the course of the last 3 years and applied a text-analysis knowledge discovery methodology to it. This methodology allowed us to build a meaning-making process on our dataset. In this process, we successfully conducted a cluster analysis that helped collecting Barack Obama’s Twitter contents in groups. Studying the results, we perceived that these clusters could be interpreted as a mirror of his political strategy. Finally, we discuss the application of this method for other social networks.

Optimal Bayesian network design for efficient Intrusion Detection

Computer networks are nowadays subject to an increasing number of attacks. Intrusion Detection Systems (IDS) are designed to protect them by identifying malicious behaviours or improper uses. Since the scope is different in each case (register already-known menaces to later recognise them or model legitimate uses to trigger when a variation is detected), IDS have failed so far to respond against both kind of attacks. Lately, Bayesian networks (BN) have provided an innovative solution to fill this gap by integrating both domains within a common knowledge representation model. Still, the huge computational effort that has to be invested in the BN with such knowledge model makes them not feasible and not practical for real-world scenarios. Against this background, we propose the use of expert knowledge to enhance and optimise the design of the IDS, shortening subsequently the training process. This expert knowledge is represented as a set of hypotheses that must be verified to justify their utility. In this way, we have tested our approach with several samples of data showing that all the hypotheses assumed were true and, therefore, that the proposed methodology to trim down the design and training processes yields an optimal Bayesian network for Intrusion Detection.