Thomas Dübendorfer

Learn More
Companies that rely on the Internet for their daily business are challenged by uncontrolled massive worm spreading and the lurking threat of large-scale distributed denial of service attacks. We present a new model and methodology , which allows a company to qualitatively and quantitatively estimate possible financial losses due to partial or complete(More)
We present our results in the conceptual design and the implementation of ubiquitous computing applications using smart identification technologies. First, we describe such technologies and their potential application areas, followed by an overview of some applications we have developed. Based on the experiences we gained from the development of these(More)
We developed an open source Internet backbone monitoring and traffic analysis framework named UPFrame. It captures UDP NetFlow packets, buffers it in shared memory and feeds it to customised plug-ins. UPFrame is highly tolerant to misbehaving plug-ins and provides a watchdog mechanism for restarting crashed plug-ins. This makes UP-Frame an ideal platform(More)
Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this document, and the author was aware of a trademark claim, the designations have been marked with the trademark symbol. While every precaution has been taken in the preparation of this documentation , the(More)
Fast Internet worms are a relatively new threat to Internet infrastructure and hosts. We discuss motivation and possibilities to study the behaviour of such worms and degrees of freedom that worm writers have. To facilitate the study of fast worms we have designed a simulator. We describe the design of this simulator and discuss practical experiences we(More)
Although there is an increasing trend for attacks against popular Web browsers, only little is known about the actual patch level of daily used Web browsers on a global scale. We conjecture that users in large part do not actually patch their Web browsers based on recommendations, perceived threats, or any security warnings. Based on HTTP useragent header(More)
We propose a novel near real-time method for early detection of worm outbreaks in high-speed Internet backbones. Our method attributes several behavioural properties to individual hosts like ratio of outgoing to incoming traffic, responsiveness and number of connections. These properties are used to group hosts into distinct behaviour classes. We use(More)
We present an extensive flow-level traffic analysis of the network worm Blaster.A and of the e-mail worm Sobig.F. Based on packet-level measurements with these worms in a testbed we defined flow-level filters. We then extracted the flows that carried malicious worm traffic from AS559 (SWITCH) border router backbone traffic that we had captured in the(More)