Your search keyword '"Enrico Bocchi"' showing total 5 results

1. MAGMA: Network Behavior Classifier for Malware Traffic

Author

Enrico Bocchi, Gaspar Modelo-Howard, Luigi Grimaudo, Elena Baralis, Stanislav Miskovic, Sung-Ju Lee, Sabyasachi Saha, Marco Mellia, Politecnico di Torino = Polytechnic of Turin (Polito), Laboratory of Information, Network and Communication Sciences (LINCS), Université Pierre et Marie Curie - Paris 6 (UPMC)-Institut National de Recherche en Informatique et en Automatique (Inria)-Institut Mines-Télécom [Paris] (IMT), Réseaux, Mobilité et Services (RMS), Laboratoire Traitement et Communication de l'Information (LTCI), Institut Mines-Télécom [Paris] (IMT)-Télécom Paris-Institut Mines-Télécom [Paris] (IMT)-Télécom Paris, Département Informatique et Réseaux (INFRES), Télécom ParisTech, Symantec Corporation, Department of Computer Science [KAIST] (CS), and Korea Advanced Institute of Science and Technology (KAIST)

Subjects

Malware characterization, Computer science, Computer Networks and Communications, Network traffic modeling, Big data, 02 engineering and technology, computer.software_genre, Oracle, [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], Robustness (computer science), 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, False positive paradox, business.industry, Malicious behaviors detection, Malware, 020201 artificial intelligence & image processing, The Internet, Graph networks, Automatic classification, Data mining, business, Communications protocol, computer, Classifier (UML)

Abstract

International audience; Malware is a major threat to security and privacy of network users. A large variety of malware is typically spread over the Internet, hiding in benign traffic. New types of malware appear every day, challenging both the research community and security companies to improve malware identification techniques. In this paper we present MAGMA, MultilAyer Graphs for MAlware detection, a novel malware behavioral classifier. Our system is based on a Big Data methodology, driven by real-world data obtained from traffic traces collected in an operational network. The methodology we propose automatically extracts patterns related to a specific input event, i.e., a seed, from the enormous amount of events the network carries. By correlating such activities over (i) time, (ii) space, and (iii) network protocols, we build a Network Connectivity Graph that captures the overall “network behavior” of the seed. We next extract features from the Connectivity Graph and design a supervised classifier. We run MAGMA on a large dataset collected from a commercial Internet Provider where 20,000 Internet users generated more than 330 million events. Only 42,000 are flagged as malicious by a commercial IDS, which we consider as an oracle. Using this dataset, we experimentally evaluate MAGMA accuracy and robustness to parameter settings. Results indicate that MAGMA reaches 95% accuracy, with limited false positives. Furthermore, MAGMA proves able to identify suspicious network events that the IDS ignored.

Published

2016

2. Personal Cloud Storage: Usage, Performance and Impact of Terminals

Author

Enrico Bocchi, Marco Mellia, Idilio Drago, Politecnico di Torino = Polytechnic of Turin (Polito), Laboratory of Information, Network and Communication Sciences (LINCS), Université Pierre et Marie Curie - Paris 6 (UPMC)-Institut National de Recherche en Informatique et en Automatique (Inria)-Institut Mines-Télécom [Paris] (IMT), Réseaux, Mobilité et Services (RMS), Laboratoire Traitement et Communication de l'Information (LTCI), Institut Mines-Télécom [Paris] (IMT)-Télécom Paris-Institut Mines-Télécom [Paris] (IMT)-Télécom Paris, Département Informatique et Réseaux (INFRES), Télécom ParisTech, and Télécom Paristech, Admin

Subjects

Exploit, Network Measurements, Computer science, Cloud computing, 02 engineering and technology, Computer security, computer.software_genre, World Wide Web, [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], Backup, 0202 electrical engineering, electronic engineering, information engineering, Android (operating system), Computer Networks, Internet, [INFO.INFO-NI] Computer Science [cs]/Networking and Internet Architecture [cs.NI], business.industry, Cloud Computing, 020206 networking & telecommunications, Workload, Personal cloud, 020201 artificial intelligence & image processing, The Internet, business, Cloud storage, computer

Abstract

International audience; Personal cloud storage services such as Dropbox and OneDrive are popular among Internet users. They help in sharing content and backing up data by relying on the cloud to store files. The rise of mobile terminals and the presence of new providers question whether the usage of cloud storage is evolving. This knowledge is essential to understand the workload these services need to handle, their performance, and implications. In this paper we present a comprehensive characterization of personal cloud storage services. Relying on traces collected for one month in an operational network, we show that users of each service present distinct behaviors. Dropbox is now threatened by competitors, with OneDrive and Google Drive reaching large market shares. However, the popularity of the latter services seems to be driven by their integration into Windows and Android. Indeed, around 50% of their users do not produce any workload. Considering performance, providers show distinct trade-offs, with bottlenecks that hardly allow users to fully exploit their access line bandwidth. Finally, usage of cloud services is now ordinary among mobile users, thanks to the automatic backup of pictures and media files.

Published

2015

3. Macroscopic View of Malware in Home Networks

Author

Marco Mellia, Alessandro Finamore, Gaspar Modelo-Howard, Enrico Bocchi, Luigi Grimaudo, Sung-Ju Lee, Elena Baralis, Sabyasachi Saha, Politecnico di Torino = Polytechnic of Turin (Polito), Symantec Corporation, Laboratory of Information, Network and Communication Sciences (LINCS), Université Pierre et Marie Curie - Paris 6 (UPMC)-Institut National de Recherche en Informatique et en Automatique (Inria)-Institut Mines-Télécom [Paris] (IMT), Réseaux, Mobilité et Services (RMS), Laboratoire Traitement et Communication de l'Information (LTCI), Institut Mines-Télécom [Paris] (IMT)-Télécom Paris-Institut Mines-Télécom [Paris] (IMT)-Télécom Paris, Département Informatique et Réseaux (INFRES), and Télécom ParisTech

Subjects

Computer Networks and Communications, Malware, Network Measurement, Computer science, business.industry, Internet privacy, 020206 networking & telecommunications, 010103 numerical & computational mathematics, 02 engineering and technology, Computer security, computer.software_genre, 01 natural sciences, Cryptovirology, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Identification (information), [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], Server, 0202 electrical engineering, electronic engineering, information engineering, The Internet, 0101 mathematics, business, computer

Abstract

International audience; Malicious activities on the Web are increasingly threatening users in the Internet. Home networks are one of the prime targets of the attackers to host malwares, commonly exploited as a stepping stone to further launch a variety of attacks. Due to diversification, existing security solutions often fail to detect malicious activities which remain hidden and pose threats to users security and privacy. Characterizing behavioral patterns of known malwares can help to improve the classification accuracy of known threats. More important, since different malwares can share some commonalities, study the behavior of known malwares can enable the detection of previously unknown malicious activities. We pose the research question if it is possible to characterize such behavioral patterns analyzing the traffic from known infected clients. In this paper, we present our quest to discover such characterizations. Results show that commonalities arise but their identification may require some ingenuity. Also, more malicious activities can be found out from this analysis.

Published

2015

4. Impact of Carrier-Grade NAT on Web Browsing

Author

Ali Safari Khatouni, Maurizio Matteo Munafo, Enrico Bocchi, Valeria Di Gennaro, Dario Rossi, Alessandro Finamore, Stefano Traverso, Marco Mellia, Télécom Paristech, Admin, Politecnico di Torino = Polytechnic of Turin (Polito), Laboratory of Information, Network and Communication Sciences (LINCS), Université Pierre et Marie Curie - Paris 6 (UPMC)-Institut National de Recherche en Informatique et en Automatique (Inria)-Institut Mines-Télécom [Paris] (IMT), Réseaux, Mobilité et Services (RMS), Laboratoire Traitement et Communication de l'Information (LTCI), Institut Mines-Télécom [Paris] (IMT)-Télécom Paris-Institut Mines-Télécom [Paris] (IMT)-Télécom Paris, Département Informatique et Réseaux (INFRES), and Télécom ParisTech

Subjects

computer.internet_protocol, Computer science, 02 engineering and technology, Computer security, computer.software_genre, Carrier-grade NAT, Network Measurement, Internet, computer networks, [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Web navigation, IP address management, IPv4 address exhaustion, [INFO.INFO-NI] Computer Science [cs]/Networking and Internet Architecture [cs.NI], business.industry, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, 020206 networking & telecommunications, Bogon filtering, IPv4, IPv6 deployment, NAT traversal, The Internet, business, Telecommunications, computer, Network address translation

Abstract

International audience; Public IPv4 addresses are a scarce resource. WhileIPv6 adoption is lagging, Network Address Translation (NAT)technologies have been deployed over the last years to alleviateIPv4 exiguity and their high rental cost. In particular, Carrier-Grade NAT (CGN) is a well known solution to mask a wholeISP network behind a limited amount of public IP addresses,significantly reducing expenses.Despite its economical benefits, CGN can introduce connectivityissues which have sprouted a considerable effort in research,development and standardization. However, to the best of ourknowledge, little effort has been dedicated to investigate theimpact that CGN deployment may have on users’ traffic. Thispaper fills the gap. We leverage passive measurements froman ISP network deploying CGN and, by means of the Jensen-Shannon divergence, we contrast several performance metricsconsidering customers being offered public or private addresses.In particular, we gauge the impact of CGN presence on users’web browsing experience.Our results testify that CGN is a mature and stable technologyas, if properly deployed, it does not harm users’ web browsingexperience. Indeed, while our analysis lets emerge expectedstochastic differences of certain indexes (e.g., the difference inthe path hop count), the measurements related to the qualityof users’ browsing are otherwise unperturbed. Interestingly, wealso observe that CGN protects customers from unsolicited, oftenmalicious, traffic.

Published

2015

5. Cloud Storage Service Benchmarking: Methodologies and Experimentations

Author

Enrico Bocchi, Sofiane Sarni, Marco Mellia, Politecnico di Torino = Polytechnic of Turin (Polito), Laboratory of Information, Network and Communication Sciences (LINCS), Université Pierre et Marie Curie - Paris 6 (UPMC)-Institut National de Recherche en Informatique et en Automatique (Inria)-Institut Mines-Télécom [Paris] (IMT), Réseaux, Mobilité et Services (RMS), Laboratoire Traitement et Communication de l'Information (LTCI), Institut Mines-Télécom [Paris] (IMT)-Télécom Paris-Institut Mines-Télécom [Paris] (IMT)-Télécom Paris, Département Informatique et Réseaux (INFRES), and Télécom ParisTech

Subjects

Service (business), Cloud storage, Web services, Amazon S3, Windows Azure, Performance measurement, Benchmarking, Comparison, Database, computer.internet_protocol, business.industry, Computer science, Cloud computing, Service-oriented architecture, Service provider, computer.software_genre, [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], Data center, Web service, business, computer

Abstract

International audience; Data storage is one of today's fundamental services with companies, universities and research centers having the need of storing large amounts of data every day. Cloud storage services are emerging as strong alternative to local storage, allowing customers to save costs of buying and maintaining expensive hardware. Several solutions are available on the market, the most famous being Amazon S3. However it is rather difficult to access information about each service architecture, performance, and pricing. To shed light on storage services from the customer perspective, we propose a benchmarking methodology, apply it to four popular offers (Amazon S3, Amazon Glacier, Windows Azure Blob and Rackspace Cloud Files), and compare their performance. Each service is analysed as a black box and benchmarked through crafted workloads.We take the perspective of a customer located in Europe, looking for possible service providers and the optimal data center where to deploy its applications. At last, we complement the analysis by comparing the actual and forecast costs faced when using each service. According to collected results, all services show eventual weaknesses related to some workload, with no all-round eligible winner, e.g., some offers providing excellent or poor performance when exchanging large or small files. For all services, it is of paramount importance to accurately select the data center to where deploy the applications, with throughput that varies by factors from 2x to 10x. The methodology (and tools implementing it) here presented is instrumental for potential customers to identify the most suitable offer for their needs.

Published

2014