liu.seSearch for publications in DiVA
Change search
Refine search result
1 - 5 of 5
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Rows per page
  • 5
  • 10
  • 20
  • 50
  • 100
  • 250
Sort
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
Select
The maximal number of hits you can export is 250. When you want to export more records please use the Create feeds function.
  • 1.
    Hiran, Rahul
    et al.
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    Carlsson, Niklas
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    Gill, Phillipa
    University of Toronto, Canada.
    Characterizing Large-scale Routing Anomalies: A Case Study of the China Telecom Incident2013In: Passive and Active Measurement / [ed] Matthew Roughan, Rocky Chang, Springer Berlin/Heidelberg, 2013, p. 229-238Conference paper (Refereed)
    Abstract [en]

    China Telecom’s hijack of approximately 50,000 IP prefixes in April 2010 highlights the potential for traffic interception on the Internet. Indeed, the sensitive nature of the hijacked prefixes, including US government agencies, garnered a great deal of attention and highlights the importance of being able to characterize such incidents after they occur. We use the China Telecom incident as a case study, to understand (1) what can be learned about large-scale routing anomalies using public data sets, and (2) what types of data should be collected to diagnose routing anomalies in the future. We develop a methodology for inferring which prefixes may be impacted by traffic interception using only control-plane data and validate our technique using data-plane traces. The key findings of our study of the China Telecom incident are: (1) The geographic distribution of announced prefixes is similar to the global distribution with a tendency towards prefixes registered in the Asia-Pacific region, (2) there is little evidence for subprefix hijacking which supports the hypothesis that this incident was likely a leak of existing routes, and (3) by preferring customer routes, providers inadvertently enabled interception of their customer’s traffic.

  • 2.
    Hiran, Rahul
    et al.
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Carlsson, Niklas
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Shahmehri, Nahid
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Crowd-based Detection of Routing Anomalies on the Internet2015In: Proc. IEEE Conference on Communications and Network Security (IEEE CNS), Florence, Italy, Sept. 2015., IEEE Computer Society Digital Library, 2015, p. 388-396Conference paper (Refereed)
    Abstract [en]

    The Internet is highly susceptible to routing attacks and there is no universally deployed solution that ensures that traffic is not hijacked by third parties. Individuals or organizations wanting to protect themselves from sustained attacks must therefore typically rely on measurements and traffic monitoring to detect attacks. Motivated by the high overhead costs of continuous active measurements, we argue that passive monitoring combined with collaborative information sharing and statistics can be used to provide alerts about traffic anomalies that may require further investigation. In this paper we present and evaluate a user-centric crowd-based approach in which users passively monitor their network traffic, share information about potential anomalies, and apply combined collaborative statistics to identify potential routing anomalies. The approach uses only passively collected round-trip time (RTT) measurements, is shown to have low overhead, regardless if a central or distributed architecture is used, and provides an attractive tradeoff between attack detection rates (when there is an attack) and false alert rates (needing further investigation) under normal conditions. Our data-driven analysis using longitudinal and distributed RTT measurements also provides insights into detector selection and the relative weight that should be given to candidate detectors at different distances from the potential victim node.

  • 3.
    Hiran, Rahul
    et al.
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Carlsson, Niklas
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Shahmehri, Nahid
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Does Scale, Size, and Locality Matter?: Evaluation of Collaborative BGP Security Mechanisms2016In: 2016 IFIP NETWORKING CONFERENCE (IFIP NETWORKING) AND WORKSHOPS, IEEE , 2016, p. 261-269Conference paper (Refereed)
    Abstract [en]

    The Border Gateway Protocol (BGP) was not designed with security in mind and is vulnerable to many attacks, including prefix/subprefix hijacks, interception attacks, and imposture attacks. Despite many protocols having been proposed to detect or prevent such attacks, no solution has been widely deployed. Yet, the effectiveness of most proposals relies on largescale adoption and cooperation between many large Autonomous Systems (AS). In this paper we use measurement data to evaluate some promising, previously proposed techniques in cases where they are implemented by different subsets of ASes, and answer questions regarding which ASes need to collaborate, the importance of the locality and size of the participating ASes, and how many ASes are needed to achieve good efficiency when different subsets of ASes collaborate. For our evaluation we use topologies and routing information derived from real measurement data. We consider collaborative detection and prevention techniques that use (i) prefix origin information, (ii) route path updates, or (iii) passively collected round-trip time (RTT) information. Our results and answers to the above questions help determine the effectiveness of potential incremental rollouts, incentivized or required by regional legislation, for example. While there are differences between the techniques and two of the three classes see the biggest benefits when detection/prevention is performed close to the source of an attack, the results show that significant gains can be achieved even with only regional collaboration.

  • 4.
    Hiran, Rahul
    et al.
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Carlsson, Niklas
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Shahmehri, Nahid
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    PrefiSec: A Distributed Alliance Framework for Collaborative BGP Monitoring and Prefix-based Security2014In: Proc. ACM CCS Workshop on Information Sharing and Collaborative Security (ACM WISCS @CCS), ACM Digital Library, 2014, p. 3-12Conference paper (Refereed)
    Abstract [en]

    This paper presents the design and data-driven overhead analysis of PrefiSec, a distributed framework that helps collaborating organizations to effectively maintain and share network information in the fight against miscreants. PrefiSec is a novel distributed IP-prefix-based solution, which maintains information about the activities associated with IP prefixes (blocks of IP addresses) and autonomous systems (AS). Within PrefiSec, we design and evaluate simple and scalable mechanisms and policies that allow participating entities to effectively share network information, which helps to protect against prefix/subprefix attacks, interception attacks, and a wide range of edge-based attacks, such as spamming, scanning, and botnet activities. Timely reporting of such information helps participants improve their security, keep their security footprints clean, and incentivizes participation. Public wide-area BGP-announcements, traceroutes, and simulations are used to estimate the overhead, scalability, and alert rates. Our results show that PrefiSec helps improve system security, and can scale to large systems.

  • 5.
    Shahmehri, Nahid
    et al.
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    Byers, David
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, Database and information techniques.
    Hiran, Rahul
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, Database and information techniques.
    TRAP: Open Decentralized Distributed Spam Filtering2011In: Trust, Privacy and Security in Digital Business / [ed] Furnell, Steven; Lambrinoudakis, Costas; Pernul, Günther, Berlin / Heidelberg: Springer , 2011, p. 86-97Chapter in book (Refereed)
    Abstract [en]

    Spam is a significant problem in the day-to-day operations of large networks and information systems, as well as a common conduit for malicious software. The problem of detecting and eliminating spam remains of great interest, both commercially and in a research context. In this paper we present TRAP, a reputation-based open, decentralized and distributed system to aid in detecting unwanted e-mail. In TRAP, all participants are equal, all participants can see how the system works, and there is no reliance on any member or subset of members. This paper outlines the TRAP system itself and shows, through simulation, that the fundamental component of TRAP, a distributed low-overhead trust management system, is efficient and robust under the normal conditions present on the Internet.

1 - 5 of 5
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf