DECEPTION BASED TECHNIQUES AGAINST RANSOMWARES: A SYSTEMATIC REVIEW

Ransomware is the most prevalent emerging business risk nowadays. It seriously affects business continuity and operations. According to Deloitte Cyber Security Landscape 2022, up to 4000 ransomware attacks occur daily, while the average number of days an organization takes to identify a breach is 191. Sophisticated cyber-attacks such as ransomware typically must go through multiple consecutive phases (initial foothold, network propagation, and action on objectives) before accomplishing its final objective. This study analyzed decoy-based solutions as an approach (detection, prevention, or mitigation) to overcome ransomware. A systematic literature review was conducted, in which the result has shown that deception-based techniques have given effective and significant performance against ransomware with minimal resources. It is also identified that contrary to general belief, deception techniques mainly involved in passive approaches (i.e., prevention, detection) possess other active capabilities such as ransomware traceback and obstruction (thwarting), file decryption, and decryption key recovery. Based on the literature review, several evaluation methods are also analyzed to measure the effectiveness of these deception-based techniques during the implementation process

Study and analysis of innovative network protocols and architectures

In the last years, some new paradigms are emerging in the networking area as inspiring models for the definition of future communications networks. A key example is certainly the Content Centric Networking (CCN) protocol suite, namely a novel network architecture that aims to supersede the current TCP/IP stack in favor of a name based routing algorithm, also introducing in-network caching capabilities. On the other hand, much interest has been placed on Software Defined Networking (SDN), namely the set of protocols and architectures designed to make network devices more dynamic and programmable. Given this complex arena, the thesis focuses on the analysis of these innovative network protocols, with the aim of exploring possible design flaws and hence guaranteeing their proper operation when actually deployed in the network. Particular emphasis is given to the security of these protocols, for its essential role in every wide scale application. Some work has been done in this direction, but all these solutions are far to be considered fully investigated. In the CCN case, a closer investigation on problems related to possible DDoS attacks due to the stateful nature of the protocol, is presented along with a full-fledged proposal to support scalable PUSH application on top of CCN. Concerning SDN, instead, we present a tool for the verification of network policies in complex graphs containing dynamic network functions. In order to obtain significant results, we leverage different tools and methodologies: on the one hand, we assess simulation software as very useful tools for representing the most common use cases for the various technologies. On the other hand, we exploit more sophisticated formal methods to ensure a higher level of confidence for the obtained results

Secure Diagnostics And Forensics With Network Provenance

In large-scale networks, many things can go wrong: routers can be misconfigured, programs can be buggy, and computers can be compromised by an attacker. As a result, there is a constant need to perform network diagnostics and forensics. In this dissertation, we leverage the concept of provenance to build better support for diagnostic and forensic tasks. At a high level, provenance tracks causality between network states and events, and produces a detailed explanation of any event of interest, which makes it a good starting point for investigating network problems. However, in order to use provenance for network diagnostics and forensics, several challenges need to be addressed. First, existing provenance systems cannot provide security properties on high-speed network traffic, because the cryptographic operations would cause enormous overhead when the data rates are high. To address this challenge, we design secure packet provenance, a system that comes with a novel lightweight security protocol, to maintain secure provenance with low overhead. Second, in large-scale distributed systems, the provenance of a network event can be quite complex, so it is still challenging to identify the problem root cause from the complex provenance. To address this challenge, we design differential provenance, which can identify a symptom event’s root cause by reasoning about the differences between its provenance and the provenance of a similar “reference” event. Third, provenance can only explain why a current network state came into existence, but by itself, it does not reason about changes to the network state to fix a problem. To provide operators with more diagnostic support, we design causal networks – a generalization of network provenance – to reason about network repairs that can avoid undesirable side effects in the network. Causal networks can encode multiple diagnostic goals in the same data structure, and, therefore, generate repairs that satisfy multiple constraints simultaneously. We have applied these techniques to Software-Defined Networks, Hadoop MapReduce, as well as the Internet’s data plane. Our evaluation with real-world traffic traces and network topologies shows that our systems can run with reasonable overhead, and that they can accurately identify root causes of practical problems and generate repairs without causing collateral damage

A situational awareness model for data analysis on 5G mobile networks : the SELFNET analyzer framework

Tesis inédita de la Universidad Complutense de Madrid, Facultad de Informática, Departamento de Ingeniería del Software e Inteligencia Artificial, leída el 14-07-2017Se espera que las redes 5G provean un entorno seguro, con able y de alto rendimiento con interrupciones m nimas en la provisi on de servicios avanzados de red, sin importar la localizaci on del dispositivo o cuando el servicio es requerido. Esta nueva generaci on de red ser a capaz de proporcionar altas velocidades, baja latencia y mejor Calidad de Servicio (QoS) comparado con las redes actuales Long Term Evolution (LTE). Para proveer estas capacidades, 5G propone la combinaci on de tecnolog as avanzadas tales como Redes De nidas por Software (SDN), Virtualizaci on de las Funciones de Red (NFV), Redes auto-organizadas (SON) e Inteligencia Arti cial. De manera especial, 5G ser a capaz de solucionar o mitigar cambios inesperados o problemas t picos de red a trav es de la identi caci on de situaciones espec cas, tomando en cuenta las necesidades del usuario y los Acuerdos de Nivel de Servicio (SLAs). Actualmente, los principales operadores de red y la comunidad cient ca se encuentran trabajando en estrategias para facilitar el an alisis de datos y el proceso de toma de decisiones cuando eventos espec cos comprometen la salud de las redes 5G. Al mismo tiempo, el concepto de Conciencia Situacional (SA) y los modelos de gesti on de incidencias aplicados a redes 5G est an en etapa temprana de desarrollo. La idea principal detr as de estos conceptos es prevenir o mitigar situaciones nocivas de manera reactiva y proactiva. En este contexto, el proyecto Self-Organized Network Management in Virtualized and Software De ned Networks (SELFNET) combina los conceptos de SDN, NFV and SON para proveer un marco de gesti on aut onomo e inteligente para redes 5G. SELFNET resuelve problemas comunes de red, mientras mejora la calidad de servicio (QoS) y la Calidad de Experiencia (QoE) de los usuarios nales...5G networks hope to provide a secure, reliable and high-performance environment with minimal disruptions in the provisioning of advanced network services, regardless the device location or when the service is required. This new network generation will be able to deliver ultra-high capacity, low latency and better Quality of Service (QoS) compared with current Long Term Evolution (LTE) networks. In order to provide these capabilities, 5G proposes the combination of advanced technologies such as Software De ned Networking (SDN), Network Function Virtualization (NFV), Self-organized Networks (SON) or Arti cial Intelligence. In particular, 5G will be able to face unexpected changes or network problems through the identi cation of speci c situations, taking into account the user needs and the Service Level Agreements (SLAs). Nowadays, the main telecommunication operators and community research are working in strategies to facilitate the data analysis and decision-making process when unexpected events compromise the health in 5G Networks. Meanwhile, the concept of Situational Awareness (SA) and incident management models applied to 5G Networks are also in an early stage. The key idea behind these concepts is to mitigate or prevent harmful situations in a reactive and proactive way. In this context, Self-Organized Network Management in Virtualized and Software De ned Networks Project (SELFNET) combines SDN, NFV and SON concepts to provide a smart autonomic management framework for 5G networks. SELFNET resolves common network problems, while improving the QoS and Quality of Experience (QoE) of end users...Depto. de Ingeniería de Software e Inteligencia Artificial (ISIA)Fac. de InformáticaTRUEunpu