Carlos H. Ganan

Carlos H. Ganan
Delft University of Technology | TU · Department of Multi Actor Systems

About

40
Publications
4,964
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
325
Citations

Publications

Publications (40)
Preprint
Full-text available
Traditional techniques to detect malware infections were not meant to be used by the end-user and current malware removal tools and security software cannot handle the heterogeneity of IoT devices. In this paper, we design, develop and evaluate a tool, called NURSE, to fill this information gap, i.e., enabling end-users to detect IoT-malware infect...
Article
Full-text available
Internet Service Providers (ISPs) are getting involved in remediating Internet of Things (IoT) infections of end users. This endeavor runs into serious usability problems. Given that it is usually unknown what kind of device is infected, they can only provide users with very generic cleanup advice, trying to cover all device types and remediation p...
Conference Paper
Full-text available
This paper presents the first empirical study based on ground-truth data of a major Bullet-Proof Hosting (BPH) provider, a company called Maxided. BPH allows miscreants to host criminal activities in support of various cybercrime business models such as phishing, botnets, DDoS, spam, and counterfeit pharmaceutical websites. Maxided was legally take...
Preprint
Full-text available
Malware family characterization is a challenging problem because ground-truth labels are not known. Anti-virus solutions provide labels for malware samples based on their static analysis. However, these labels are known to be inconsistent, causing the evaluation of analysis methods to depend on unreliable ground truth labels. These analysis methods...
Conference Paper
Full-text available
Researchers have observed the increasing commoditiza-tion of cybercrime, that is, the offering of capabilities, services, and resources as commodities by specialized suppliers in the underground economy. Commoditiza-tion enables outsourcing, thus lowering entry barriers for aspiring criminals, and potentially driving further growth in cybercrime. W...
Conference Paper
Full-text available
Over the past decade, considerable research effort has been devoted to articulating and measuring the various ways through which cyber crime impacts overall society. The large volume of literature on the topic contains few attempts to produce estimates of the financial impact of specific cyber incidents and little agreement on how to derive such es...
Conference Paper
Full-text available
A variety of botnets are used in attacks on financial services. Banks and security firms invest a lot of effort in detecting and combating malware-assisted takeover of customer accounts. A critical resource of these botnets is their command-and-control (C&C) infrastructure. Attackers rent or compromise servers to operate their C&C infrastructure. H...
Article
Internet security and technology policy research regularly uses technical indicators of abuse in order to identify culprits and to tailor mitigation strategies. As a major obstacle, readily available data are often misaligned with actual information needs. They are subject to measurement errors relating to observation, aggregation, attribution, and...
Article
Full-text available
Cybercriminal activity has exploded in the past decade, with diverse threats ranging from phishing attacks to botnets and drive-by-downloads afflicting millions of computers worldwide. In response, a volunteer defense has emerged, led by security companies, infrastructure operators, and vigilantes. This reactionary force does not concern itself wit...
Article
Full-text available
Motivation : Participants on the front lines of abuse reporting have a variety of options to notify intermediaries and resource owners about abuse of their systems and services. These can include emails to personal messages to blacklists to machine-generated feeds. Recipients of these reports have to voluntarily act on this information. We know rem...
Conference Paper
Full-text available
A lot of research has been devoted to understanding the technical properties of amplification DDoS attacks and the emergence of the DDoS-as-a-service economy, especially the so-called booters. Much less is known about the consequences for victimization patterns. We profile victims via data from amplification DDoS honeypots. We develop victimization...
Article
IP address counts are typically used as a surrogate metric for the number of hosts in a network, as in the case of ISP rankings based on botnet infected addresses. However, due to effects of dynamic IP address allocation, such counts tend to overestimate the number of hosts, sometimes by an order of magnitude. In the literature, the rate at which h...
Article
Full-text available
Botnets continue to pose a significant threat to networkbased applications and communications over the Internet. A key mitigation strategy has been to take down command and control infrastructure of the botnets. The efficiency of those mitigation methods has not been extensively studied. In this paper we investigate several observable characteristi...
Conference Paper
Full-text available
Malware is used for online payment fraud that causes millions of Euros in damages each year. Not every payment service provider is equally popular among cybercriminals. This paper explores the incentives and strategies of attackers by analyzing the instructions sent to machines infected with Zeus malware between 2009—2013Q1. We investigated around...
Conference Paper
Vehicular ad hoc networks (VANETs) are emerging as a novel paradigm for safety services, supporting real-time applications (e.g., video-streaming, Internet browsing, online gaming, etc.). However, maintaining ubiquitous connectivity remains a challenge due to both high vehicle speed, and non-homogeneous nature of the network access infrastructure....
Article
Certificate revocation is a challenging task, especially in mobile network environments such as vehicular ad Hoc networks VANETs. According to the IEEE 1609.2 security standard for VANETs, public key infrastructure PKI will provide this functionality by means of certificate revocation lists CRLs. When a certificate authority CA needs to revoke a ce...
Article
Wireless sensor networks (WSNs) are made up of large groups of nodes that perform distributed monitoring services. Since sensor measurements are often sensitive data acquired in hostile environments, securing WSN becomes mandatory. However, WSNs consists of low-end devices and frequently preclude the presence of a centralized security manager. Ther...

Network

Cited By

Projects

Project (1)