Annals of Telecommunications最新文献

{"title":"A review on lexical based malicious domain name detection methods","authors":"Cherifa Hamroun,&nbsp;Ahmed Amamou,&nbsp;Kamel Haddadou,&nbsp;Hayat Haroun,&nbsp;Guy Pujolle","doi":"10.1007/s12243-024-01043-3","DOIUrl":"10.1007/s12243-024-01043-3","url":null,"abstract":"<div><p>Nowadays, domain names are becoming crucial digital assets for any business. However, the media never stopped reporting phishing and identity theft attacks held by third-party entities that rely on domain names to mislead Internet users. Thus, Palo Alto Networks revealed in their studies 20 largely cyber-squatted domain names targeting popular brands. Based on their behavior, domain names appear in public lists that objectively evaluate their reputation. Blacklists contain domain names that have previously committed suspicious acts, whereas whitelists include the most popular and trustworthy domain names. For a long time, this listing technique has been used as a reactive approach to counter domain name-based attacks. However, it suffers from the limitation of responding late to attacks. Nowadays, techniques tend to be much more proactive. They operate before any attack occurs. As part of the CSNET conference, we published a short paper that describes a plethora of domain name attacks and their associated detection techniques using their lexical features (Hamroun et al. 2022). In this paper, we present an extended version of the original one which discusses the previously mentioned points in more detail and adds some elements of understanding when it comes to malicious domain name detection. Hence, we provide a literature review of malicious domain name detection techniques that use only the lexical features of domain names. These features are available, privacy-preserving, and highly improve detection results. The review covers recent works that report relevant performance categorized according to a new taxonomy. Moreover, we introduce a new criterion for comparing all the existing works based on targeted maliciousness type before discussing the limitations and the newly emerging research directions in this field.</p></div>","PeriodicalId":50761,"journal":{"name":"Annals of Telecommunications","volume":"79 7-8","pages":"457 - 473"},"PeriodicalIF":1.8,"publicationDate":"2024-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141507292","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A distributed platform for intrusion detection system using data stream mining in a big data environment","authors":"Fábio César Schuartz,&nbsp;Mauro Fonseca,&nbsp;Anelise Munaretto","doi":"10.1007/s12243-024-01046-0","DOIUrl":"10.1007/s12243-024-01046-0","url":null,"abstract":"<div><p>With the growth of computer networks worldwide, there has been a greater need to protect local networks from malicious data that travel over the network. The increase in volume, speed, and variety of data requires a more robust, accurate intrusion detection system capable of analyzing a huge amount of data. This work proposes the creation of an intrusion detection system using stream classifiers and three classification layers—with and without a reduction in the number of features of the records and three classifiers in parallel with a voting system. The results obtained by the proposed system are compared against other models proposed in the literature, using two datasets to validate the proposed system. In all cases, gains in accuracy of up to 18.52% and 3.55% were obtained, using the datasets NSL-KDD and CICIDS2017, respectively. Reductions in classification time up to 35.51% and 94.90% were also obtained using the NSL-KDD and CICIDS2017 datasets, respectively.</p></div>","PeriodicalId":50761,"journal":{"name":"Annals of Telecommunications","volume":"79 7-8","pages":"507 - 521"},"PeriodicalIF":1.8,"publicationDate":"2024-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141553139","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Reliable feature selection for adversarially robust cyber-attack detection","authors":"João Vitorino,&nbsp;Miguel Silva,&nbsp;Eva Maia,&nbsp;Isabel Praça","doi":"10.1007/s12243-024-01047-z","DOIUrl":"10.1007/s12243-024-01047-z","url":null,"abstract":"<div><p>The growing cybersecurity threats make it essential to use high-quality data to train machine learning (ML) models for network traffic analysis, without noisy or missing data. By selecting the most relevant features for cyber-attack detection, it is possible to improve both the robustness and computational efficiency of the models used in a cybersecurity system. This work presents a feature selection and consensus process that combines multiple methods and applies them to several network datasets. Two different feature sets were selected and were used to train multiple ML models with regular and adversarial training. Finally, an adversarial evasion robustness benchmark was performed to analyze the reliability of the different feature sets and their impact on the susceptibility of the models to adversarial examples. By using an improved dataset with more data diversity, selecting the best time-related features and a more specific feature set, and performing adversarial training, the ML models were able to achieve a better adversarially robust generalization. The robustness of the models was significantly improved without their generalization to regular traffic flows being affected, without increases of false alarms, and without requiring too many computational resources, which enables a reliable detection of suspicious activity and perturbed traffic flows in enterprise computer networks.</p></div>","PeriodicalId":50761,"journal":{"name":"Annals of Telecommunications","volume":"80 3-4","pages":"341 - 355"},"PeriodicalIF":1.8,"publicationDate":"2024-06-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://link.springer.com/content/pdf/10.1007/s12243-024-01047-z.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141553196","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A dynamic AI-based algorithm selection for Virtual Network Embedding","authors":"Abdelmounaim Bouroudi,&nbsp;Abdelkader Outtagarts,&nbsp;Yassine Hadjadj-Aoul","doi":"10.1007/s12243-024-01040-6","DOIUrl":"10.1007/s12243-024-01040-6","url":null,"abstract":"<div><p>With the increasing sophistication and heterogeneity of network infrastructures, the need for Virtual Network Embedding (VNE) is becoming more critical than ever. VNE consists of mapping virtual networks on top of the physical infrastructure to optimize network resource use and improve overall network performance. Considered as one of the most important bricks of network slicing, it has been proven to be an NP-hard problem with no exact solution. Several heuristics and meta-heuristics were proposed to solve it. As heuristics do not provide satisfactory solutions, meta-heuristics allow a good exploration of the solutions’ space, though they require testing several solutions, which is generally unfeasible in a real world environment. Other methods relying on deep reinforcement learning (DRL) and combined with heuristics yield better performance without revealing issues such as sticking at local minima or poor space exploration limits. Nevertheless, these algorithms present varied performances according to the employed approach and the problem to be treated, resulting in robustness problems. To overcome these limits, we propose a robust placement approach based on the Algorithm Selection paradigm. The main idea is to dynamically select the best algorithm from a set of learning strategies regarding reward and sample efficiency at each time step. The proposed strategy acts as a meta-algorithm that brings more robustness to the network since it dynamically selects the best solution for a specific scenario. We propose two selection algorithms. First, we consider an offline selection in which the placement strategies are updated outside the selection period. In the second algorithm, the different agents are updated simultaneously with the selection process, which we call an online selection. Both solutions proved their efficiency and managed to dynamically select the best algorithm regarding acceptance ratio of the deployed services. Besides, the proposed solutions succeed in commuting to the best placement strategy depending on the strategies’ strengths while outperforming all standalone algorithms.</p></div>","PeriodicalId":50761,"journal":{"name":"Annals of Telecommunications","volume":"80 3-4","pages":"265 - 281"},"PeriodicalIF":1.8,"publicationDate":"2024-06-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141255332","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Impact of NLPA and imperfect CSI on ASER performance of QAM schemes for two-way 3P-ANC multiple-relay network","authors":"Nagendra Kumar","doi":"10.1007/s12243-024-01042-4","DOIUrl":"10.1007/s12243-024-01042-4","url":null,"abstract":"<div><p>In this study, we examine the performance of higher-order quadrature amplitude modulation (QAM) schemes in a two-way multiple-relay network. This network employs three-phase analog network coding and an opportunistic relay selection algorithm while dealing with imperfect channel state information (CSI) and nonlinear power amplifiers (NLPA). Specifically, we derive lower-bound expressions for general-order rectangular QAM, hexagonal QAM, and cross QAM schemes. We assess performance over Nakagami-<i>m</i> fading channels with integer-valued fading parameters that are independently and non-identically distributed. Our analysis focuses on variable-gain amplify-and-forward relaying combined with maximal ratio combining receivers. To calculate closed-form average symbol error rate (ASER) expressions, we utilize a well-established approach based on cumulative distribution functions. We validate the accuracy of our derived expressions by comparing them to results obtained through Monte Carlo simulations. Furthermore, we investigate how fading parameters, the number of relay nodes, imperfect CSI, and NLPA affect the network’s performance.</p></div>","PeriodicalId":50761,"journal":{"name":"Annals of Telecommunications","volume":"80 1-2","pages":"139 - 151"},"PeriodicalIF":1.8,"publicationDate":"2024-05-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141169274","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"RIOT-ML: toolkit for over-the-air secure updates and performance evaluation of TinyML models","authors":"Zhaolan Huang,&nbsp;Koen Zandberg,&nbsp;Kaspar Schleiser,&nbsp;Emmanuel Baccelli","doi":"10.1007/s12243-024-01041-5","DOIUrl":"10.1007/s12243-024-01041-5","url":null,"abstract":"<div><p>Practitioners in the field of TinyML lack so far a comprehensive, “batteries-included” toolkit to streamline continuous integration, continuous deployment and performance assessments of executing diverse machine learning models on various low-power IoT hardware. Addressing this gap, our paper introduces RIOT-ML, a versatile toolkit crafted to assist IoT designers and researchers in these tasks. To this end, we designed RIOT-ML based on an integration of an array of functionalities from a low-power embedded OS, a universal model transpiler and compiler, a toolkit for TinyML performance measurement, and a low-power over-the-air secure update framework—all of which usable on an open-access IoT testbed available to the community. Our open-source implementation of RIOT-ML and the initial experiments we report on showcase its utility in experimentally evaluating TinyML model performance across fleets of low-power IoT boards under test in the field, featuring a wide spectrum of heterogeneous microcontroller architectures and fleet network connectivity configurations. The existence of an open-source toolkit such as RIOT-ML is essential to expedite research combining artificial intelligence and IoT and to foster the full realization of edge computing’s potential.</p></div>","PeriodicalId":50761,"journal":{"name":"Annals of Telecommunications","volume":"80 3-4","pages":"283 - 297"},"PeriodicalIF":1.8,"publicationDate":"2024-05-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://link.springer.com/content/pdf/10.1007/s12243-024-01041-5.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141111289","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Towards efficient conflict mitigation in the converged 6G Open RAN control plane","authors":"Marius Corici,&nbsp;Ramona Modroiu,&nbsp;Fabian Eichhorn,&nbsp;Eric Troudt,&nbsp;Thomas Magedanz","doi":"10.1007/s12243-024-01036-2","DOIUrl":"10.1007/s12243-024-01036-2","url":null,"abstract":"<div><p>With the centralization of the RAN control functionality, a very large number of near real-time network optimization use cases have emerged. Until now, each of them has been implemented and validated as isolated network management functions, named xApps in Open RAN terminology. To be able to progress towards realistic, commercially deployable functionality, comprehensive conflict mitigation is needed, because the complete isolation of these xApps would result in conflicting decisions and instability. In this article, we study how the majority of these use cases can be implemented harmoniously, to create an enhanced RAN control plane, underlining the functionality required from the central units of the RAN, the grouping, and the interaction of the network management decision. Analyzing the gap existing in the O-RAN architecture, we identify the functionality needed and propose a management framework. Furthermore, we present an implementation roadmap for the development of such functionality as part of the Fraunhofer FOKUS Open5GCore toolkit, as a reference for how such functionality can be prototyped, validated, and integrated with external algorithms easily, to benefit from the large body of academic research.</p></div>","PeriodicalId":50761,"journal":{"name":"Annals of Telecommunications","volume":"79 9-10","pages":"621 - 631"},"PeriodicalIF":1.8,"publicationDate":"2024-05-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://link.springer.com/content/pdf/10.1007/s12243-024-01036-2.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140969437","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Implementing the principle of least administrative privilege on operating systems: challenges and perspectives","authors":"Eddie Billoir,&nbsp;Romain Laborde,&nbsp;Ahmad Samer Wazan,&nbsp;Yves Rütschlé,&nbsp;Abdelmalek Benzekri","doi":"10.1007/s12243-024-01033-5","DOIUrl":"10.1007/s12243-024-01033-5","url":null,"abstract":"<div><p>With the new personal data protection or export control regulations, the principle of least privilege is mandatory and must be applied even for system administrators. This article explores the different approaches implemented by the main operating systems (namely Linux, Windows, FreeBSD, and Solaris) to control the privileges of system administrators in order to enforce the principle of least privilege. We define a set of requirements to manage these privileges properly, striving to balance adherence to the principle of least privilege and usability. We also present a deep analysis of each administrative privilege system based on these requirements and exhibit their benefits and limitations. This evaluation also covers the efficiency of the currently available solutions to assess the difficulty of performing administrative privileges management tasks. Following the results, the article presents the RootAsRole project, which aims to simplify Linux privilege management. We describe the new features introduced by the project and the difficulties we faced. This concrete experience allows us to highlight research challenges.</p></div>","PeriodicalId":50761,"journal":{"name":"Annals of Telecommunications","volume":"79 11-12","pages":"857 - 880"},"PeriodicalIF":1.8,"publicationDate":"2024-05-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140968647","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Fixed-text keystroke dynamics authentication data set—collection and analysis","authors":"Halvor Nybø Risto,&nbsp;Olaf Hallan Graven","doi":"10.1007/s12243-024-01039-z","DOIUrl":"10.1007/s12243-024-01039-z","url":null,"abstract":"<div><p>Keystroke dynamics authentication is a method of authenticating a user and could be an alternative or addition to one-time codes, with minimal user inconvenience. In this study, a new data set was collected for 6 unique passwords, adding to the limited available data sets for keystroke dynamics available for researchers. Data was collected by emulating legitimate users familiar with the passwords and a wider range of attackers with limited login attempts. The data set is analyzed with the use of various methods, and the effects of password length and complexity are investigated. Two algorithms were employed, one achieving an average equal error rate varying between 10.2 and 18.1% depending on the password, and the other method achieving an average true accept rate of 98% and true reject rate of 90.4% by comparing across multiple individuals in the data set. These results provide a benchmark for further studies on this data set.</p></div>","PeriodicalId":50761,"journal":{"name":"Annals of Telecommunications","volume":"79 11-12","pages":"731 - 743"},"PeriodicalIF":1.8,"publicationDate":"2024-05-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://link.springer.com/content/pdf/10.1007/s12243-024-01039-z.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140975659","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Towards intent-based management for Open Radio Access Networks: an agile framework for detecting service-level agreement conflicts","authors":"Nicollas R. de Oliveira,&nbsp;Dianne S. V. Medeiros,&nbsp;Igor M. Moraes,&nbsp;Martin Andreonni,&nbsp;Diogo M. F. Mattos","doi":"10.1007/s12243-024-01035-3","DOIUrl":"10.1007/s12243-024-01035-3","url":null,"abstract":"<div><p>Radio Access Networks (RAN) management and orchestration are challenging due to the network’s complexity and dynamics. Management and orchestration rely on enforcing complex policies derived from mapping high-level intents, expressed as Service-Level Agreements (SLAs), into low-level actions to be deployed on the network. Such mapping is human-made and frequently leads to errors. This paper proposes the AGility in Intent-based management of service-level agreement Refinements (AGIR) system for implementing automated intent-based management in Open Radio Access Networks (Open RAN). The proposed system is modular and relies on Natural Language Processing (NLP) to allow operators to specify Service-Level Objectives (SLOs) for the RAN to fulfill without explicitly defining how to achieve these SLOs. It is possible because the AGIR system translates imprecise intents into configurable network instructions, detecting conflicts among the received intents. To develop the conflict detection module, we propose to use two deep neural network models, Long Short-Term Memory (LSTM) and Gated Recurrent Unit (GRU). The deep neural network model determines whether intents and policies are conflicting. Our results reveal that the proposed system reaches more than 80% recall in detecting conflicting intents when deploying an LSTM model with 256 neurons.</p></div>","PeriodicalId":50761,"journal":{"name":"Annals of Telecommunications","volume":"79 9-10","pages":"693 - 706"},"PeriodicalIF":1.8,"publicationDate":"2024-05-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140925789","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}