Manuel Gil Pérez

RepCIDN: A Reputation-based Collaborative Intrusion Detection Network to Lessen the Impact of Malicious Alarms

Distributed and coordinated attacks in computer networks are causing considerable economic losses worldwide in recent years. This is mainly due to the transition of attackers’ operational patterns towards a more sophisticated and more global behavior. This fact is leading current intrusion detection systems to be more likely to generate false alarms. In this context, this paper describes the design of a collaborative intrusion detection network (CIDN) that is capable of building and sharing collective knowledge about isolated alarms in order to efficiently and accurately detect distributed attacks. It has been also strengthened with a reputation mechanism aimed to improve the detection coverage by dropping false or bogus alarms that arise from malicious or misbehaving nodes. This model will enable a CIDN to detect malicious behaviors according to the trustworthiness of the alarm issuers, calculated from previous interactions with the system. Experimental results will finally demonstrate how entities are gradually isolated as their behavior worsens throughout the time.Distributed and coordinated attacks in computer networks are causing considerable economic losses worldwide in recent years. This is mainly due to the transition of attackers’ operational patterns towards a more sophisticated and more global behavior. This fact is leading current intrusion detection systems to be more likely to generate false alarms. In this context, this paper describes the design of a collaborative intrusion detection network (CIDN) that is capable of building and sharing collective knowledge about isolated alarms in order to efficiently and accurately detect distributed attacks. It has been also strengthened with a reputation mechanism aimed to improve the detection coverage by dropping false or bogus alarms that arise from malicious or misbehaving nodes. This model will enable a CIDN to detect malicious behaviors according to the trustworthiness of the alarm issuers, calculated from previous interactions with the system. Experimental results will finally demonstrate how entities are gradually isolated as their behavior worsens throughout the time.

PKI-based trust management in inter-domain scenarios

Hierarchical cross-certification fits well within large organizations that want their root CA to have direct control over all subordinate CAs. However, both Peer-to-Peer and Bridge CA cross-certification models suits better than the hierarchical one with organizations where a certain level of flexibility is needed to form and revoke trust relationships with other organizations as changing policy or business needs dictate. It seems that this second approach better fits the current and next-generation inter-domain networking models existing in both the wired and wireless Internet. In this context, this paper analyses some relevant inter-domain scenarios and derives the main requirements in terms of cross-certification from them. It then describes the design and lab implementation of a pan-European scenario which is based on a research network composed by a set of organizations that may have their own PKIs running, and that are interested to link with others in terms of certification services. It provides a complete design, implementation and performance analysis for this complex scenario, including a procedure and practical recommendations for building and validating certification paths.

Trustworthy placements: Improving quality and resilience in collaborative attack detection

In distributed and collaborative attack detection systems decisions are made on the basis of the events reported by many sensors, e.g., Intrusion Detection Systems placed across various network locations. In some cases such events originate at locations over which we have little control, for example because they belong to an organisation that shares information with us. Blindly accepting such reports as real encompasses several risks, as sensors might be dishonest, unreliable or simply having been compromised. In these situations trust plays an important role in deciding whether alerts should be believed or not. In this work we present an approach to maximise the quality of the information gathered in such systems and the resilience against dishonest behaviours. We introduce the notion of trust diversity amongst sensors and argue that detection configurations with such a property perform much better in many respects. Using reputation as a proxy for trust, we introduce an adaptive scheme to dynamically reconfigure the network of detection sensors. Experiments confirm an overall increase both in detection quality and resilience against compromise and misbehaviour.

Mobility in collaborative alert systems: building trust through reputation

Collaborative Intrusion Detection Networks (CIDN) are usually composed by a set of nodes working together to detect distributed intrusions that cannot be easily recognized with traditional intrusion detection architectures. In this approach every node could potentially collaborate to provide its vision of the system and report the alarms being detected at the network, service and/or application levels. This approach includes considering mobile nodes that will be entering and leaving the network in an ad hoc manner. However, for this alert information to be useful in the context of CIDN networks, certain trust and reputation mechanisms determining the credibility of a particular mobile node, and the alerts it provides, are needed. This is the main objective of this paper, where an inter-domain trust and reputation model, together with an architecture for inter-domain collaboration, are presented with the main aim of improving the detection accuracy in CIDN systems while users move from one security domain to another.

Advanced Policies for the Administrative Delegation in Federated Environments

In existing federated identity management systems it is more and more necessary new set of advanced policies, such as policies for the administrative delegation. They allow administrators to delegate a subset of the system policies management to other users, who will have a much wider knowledge in the application area where these policies will be applied. In this paper, we present an infrastructure that manages the complete life cycle of the administrative delegation policies, as well as a way for reducing the complexity in their management for some scenarios, where these users do not have to be experts in the subject area. These users will only have to fill in a simple template, which is automatically generated from the administrative policy created by the administrator.

Design of a recommender system based on users’ behavior and collaborative location and tracking

Abstract During the last years, mobile devices allow incorporating users’ location and movements into recommendations to potentially suggest most valuable information. In this context, this paper presents a hybrid recommender algorithm that combines users’ location and preferences and the content of the items located close to such users. This algorithm also includes a way of providing implicit ratings considering the users’ movements after receiving recommendations, aimed at measuring the users’ interest for the recommended items. Conducted experiments measure the effectiveness and the efficiency of our recommender algorithm, as well as the impact of implicit ratings.

Secure overlay networks for federated service provision and management

This paper presents the components and formal information model enabling the dynamic creation and management of secure overlay networks. Special attention will be paid to the solution provided to two important open issues: the definition of a certificate path building and validation algorithm (to ease the trust establishment and negotiation processes) and the definition and negotiation of SLAs in inter-domain secure overlay scenarios. Given a set of already existing domains with certain trust relationships, each overlay network allows the secure sharing of some (or all) of its services. For this, the administrator of each administrative domain will define using a formal information model which services he wants to share with any other domain, and which ones is he expecting from these other domains. Time and other networking conditions can also be indicated allowing secure overlay networks to be dynamically and automatically established and managed.

Dynamic Reconfiguration in 5G Mobile Networks to Proactively Detect and Mitigate Botnets

Botnets are one of the most powerful cyberthreats affecting continuity and delivery of existing network services. Detecting and mitigating attacks promoted by botnets become a greater challenge with the advent of 5G networks, as the number of connected devices with high mobility capabilities, the volume of exchange data, and the transmission rates increase significantly. Here, a 5G-oriented solution is proposed for proactively detecting and mitigating botnets in a highly dynamic 5G network. 5G subscribers’ mobility requires dynamic network reconfiguration, which is handled by combining software-defined network and network function virtualization techniques.

A Linguistic Fuzzy-XCS classifier system

Data-driven construction of fuzzy systems has followed two different approaches. One approach is termed precise (or approximative) fuzzy modelling, that aims at numerical approximation of functions by rules, but that pays little attention to the interpretability of the resulting rule base. On the other side is linguistic (or descriptive) fuzzy modelling, that aims at automatic rule extraction but that uses fixed human provided and linguistically labelled fuzzy sets. This work follows the linguistic fuzzy modelling approach. It uses an extended Classifier System (XCS) as mechanism to extract linguistic fuzzy rules. XCS is one of the most successful accuracy-based learning classifier systems. It provides several mechanisms for rule generalization and also allows for online training if necessary. It can be used in sequential and non-sequential tasks. Although originally applied in discrete domains it has been extended to continuous and fuzzy environments. The proposed Linguistic Fuzzy XCS has been applied to several well-known classification problems and the results compared with both, precise and linguistic fuzzy models.

I Don’t Trust ICT: Research Challenges in Cyber Security

Can we trust ICT (Information & Communication Technology) systems? Every single day a handful of previously unknown security vulnerabilities on these environments are published, dangerously feeding the lack of trust feeling that many end users already exhibit with respect to ICT. In order to disrupt and even invert such a perilous tendency (hindering the wide adoption of ICT and all its associated benefits), a number of research challenges in the field of cyber security need to be addressed. This paper presents some of these key challenges, offering initial thoughts on how to tackle each of them.