Learn More
In July 2008, the Kaminsky attack showed that DNS is sensitive to cache poisoning, and DNSSEC is considered the long term solution to mitigate this attack. A lot of technical documents provide configuration and security guide lines to deploy DNSSEC on organization's servers. However, such documents do not provide ISP or network administrators inputs to plan(More)
Network packet transport services (namely the Internet) are subject to significant security issues. This paper aims to apply Machine Learning methods based on Neural Networks (Extreme Learning Machines or ELM) to analyze the Internet traffic in order to detect specific malicious activities. This is performed by classifying traffic for a key service run over(More)
To manage the huge demand on traffic, the Internet Service Providers (ISP) are offloading its mobile data from Radio Access Networks (RAN) to Wireless Access Networks (WLAN). While these RANs are considered trusted networks, WLANs need to build a similar trusted zone in order to offer the same security level and Quality of Service (QoS) to End-Users (EU).(More)
Operators are mainly using IPsec Virtual Private Networks (VPNs) to extend a security domain over untrusted networks. A VPN is usually established when an End-User (EU) and a Security Gateway (SG) negotiate security associations (SA). For a better QoS, the SGs are geographically distributed so they are as close as possible to EU. As such, the higher is the(More)
DNSSEC deployment for large Internet Service Provider (ISP) is an important issue. With the current architecture, the migration of current DNS resolving platforms requires 5 times more nodes. This paper introduces alternative architectures where the DNS traffic is split between the nodes of the platform according to the queried Fully Qualified Domain Names(More)
—To face the huge demand on mobile traffic, ISPs are looking to offload traffic of their Radio Access Network to WLAN. Currently I-WLAN is the proposed offload architecture by 3GPP which tunnels the traffic to a Security Gateway. This paper proposes for ISPs an ISP Offload Infrastructure which minimizes the infrastructure cost deployment, and which can be(More)
Although there is a strong need to deploy secure communications in home networks and for Machine-to-Machine (M2M) environment, to our knowledge the impact of authenticated encryption migration has not been evaluated yet. As the security performance issue is especially critical for wireless environment, this paper measures the effect of the security settings(More)
This paper introduces a behavioral model for botnet detection that leverages the Domain Name System (DNS) traffic in large Internet Service Provider (ISP) networks. More particularly, we are interested in botnets that locate and connect to their command and control servers thanks to Domain Generation Algorithms (DGAs). We demonstrate that the DNS traffic(More)