Eduardo Magaña

Eduardo Magaña
Universidad Pública de Navarra | UPNA · Department of Electrical, Electronic and Communications Engineering

PhD

About

86
Publications
30,488
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
489
Citations
Introduction
Received his M.Sc. and Ph.D. degrees in Telecommunications Engineering from Public University of Navarra (Spain), in 1998 and 2001, respectively. He is an associate professor at Public University of Navarra. During 2002 he was a postdoctoral visiting research fellow at the Department of Electrical Engineering and Computer Science, University of California, Berkeley. His main research interests are network monitoring, traffic analysis and performance evaluation of communication networks.
Additional affiliations
January 2002 - December 2002
University of California, Berkeley
Position
  • Postdoctoral visiting research fellow
October 1998 - present
Universidad Pública de Navarra
Position
  • Professor (Associate)

Publications

Publications (86)
Article
Ransomware is considered as a significant threat for home users and enterprises. In corporate scenarios, users’ computers usually store only system and program files, while all the documents are accessed from shared servers. In these scenarios, one crypto-ransomware infected host is capable of locking the access to all shared files it has access to...
Preprint
Full-text available
Ransomware is considered as a significant threat for most enterprises since the past few years. In scenarios wherein users can access all files on a shared server, one infected host can lock the access to all shared files. We propose a tool to detect ransomware infection based on file-sharing traffic analysis. The tool monitors the traffic exchange...
Article
The measurement of response time in hypertext transfer protocol (HTTP) requests is the most basic proxy measurement method for evaluating web browsing quality. It is used in the research literature and in application performance measurement instruments. During the development of a website, response time is obtained from in-browser measurements. Aft...
Article
Full-text available
Network simulation is a tool used to analyse and predict the performance of Industrial Internet of Things deployments while dealing with the complexity of real testbeds. Large network deployments with complex protocols such as Transmission Control Protocol are subject to chaos-theory behaviour, i.e. small changes in the implementation of the protoc...
Article
Full-text available
The growing trend of desktop virtualisation has facilitated the reduction of management costs associated with traditional systems and access to services from devices with different capabilities. However, desktop virtualisation requires controlling the interactivity provided by an infrastructure and the quality of experience perceived by users. This...
Article
Full-text available
The domain name system (DNS) is an Internet network service that is used by hosts to resolve IP addresses from symbolic names. This basic service has been attacked and abused many times, as it is one of the oldest and most vulnerable services on the Internet. Some DNS resolvers conduct DNS manipulation, in which authoritative DNS responses are modi...
Article
Full-text available
The daily deployment of new applications, along with the exponential increase in network traffic, entails a growth in the complexity of network analysis and monitoring. Conversely, the increasing availability and decreasing cost of computational capacity have increased the popularity and usability of machine learning algorithms. In this paper, a sy...
Article
Full-text available
Traffic monitoring involves packet capturing and processing at a very high rate of packets per second. Typically, flow records are generated from the packet traffic, such as TCP flow records that feature the number of bytes and packets in each direction, flow duration, number of different ports, and other metrics. Delivering such flow records, abou...
Article
Full-text available
Before a dense Wi-Fi network is deployed, Wi-Fi providers must be careful with the performance promises they made in their way to win a bidding process. After such deployment takes place, Wi-Fi-network owners—such as public institutions—must verify that the QoS agreements are being fulfilled. We have merged both needs into a low-cost measurement sy...
Article
Full-text available
Crypto-ransomware is a type of malware that encrypts user files, deletes the original data, and asks for ransom to recover the hijacked documents. Several articles have presented detection techniques for this type of malware; these techniques are applied before the ransomware encrypts files or during its action in an infected host. The evaluation o...
Article
Current Internet users are demanding an increased mobility and service ubiquity, which, in turns, requires that Internet services are provided from different datacenters in the cloud. Traffic monitoring in such a mobile scenario, for security and QoS monitoring purposes, is rather challenging, as the sniffing points may be fully distributed in the...
Article
Full-text available
Crypto-ransomware is a type of malware that encrypts user files, deletes the original data, and asks for a ransom to recover the hijacked documents. It is a cyber threat that targets both companies and residential users, and has spread in recent years because of its lucrative results. Several articles have presented classifications of ransomware fa...
Conference Paper
This paper presents a file sharing traffic analysis methodology for Server Message Block (SMB), a common protocol in the corporate environment. The design is focused on improving the traffic analysis rate that can be obtained per CPU core in the analysis machine. SMB is most commonly transported over Transmission Control Protocol (TCP) and therefor...
Article
Full-text available
The use of remote desktop services on virtualized machines is a general trend to reduce the cost of desktop seats. Instead of assigning a physical machine with its operating system and software to each user, it is considerably easier to manage a light client machine that connects to a server where the instance of the user’s desktop machine actually...
Article
Full-text available
The Internet of Things (IoT) contains sets of hundreds of thousands of network-enabled devices communicating with central controlling nodes or information collectors. The correct behaviour of these devices can be monitored by inspecting the traffic that they create. This passive monitoring methodology allows the detection of device failures or secu...
Article
In this paper we analyze the performance issues involved in the generation of automated traffic reports for large IT infrastructures. Such reports allow the IT manager to proactively detect possible abnormal situations and roll out the corresponding cor-rective actions. With the ever-increasing bandwidth of current networks, the design of automated...
Conference Paper
Full-text available
In a scenario where user files are stored in a network shared volume, a single computer infected by ransomware could encrypt the whole set of shared files, with a large impact on user productivity. On the other hand, medium and large companies maintain hardware or software probes that monitor the traffic in critical network links, in order to evalu...
Conference Paper
Current networks are increasingly growing in size, complexity and the amount of monitoring data that they produce, which requires complex data analysis pipelines to handle data collection, centralization and analysis tasks. Literature approaches, include the use of custom agents to harvest information and large data centralization systems based on...
Article
Full-text available
Crypto ransomware is a type of malware that locks access to user files by encrypting them and demands a ransom in order to obtain the decryption key. This type of malware has become a serious threat for most enterprises. In those cases where the infected computer has access to documents in network shared volumes, a single host can lock access to do...
Article
Full-text available
The World Wide Web has evolved rapidly, incorporating new content types and becoming more dynamic. The contents from a website can be distributed between several servers, and as a consequence, web traffic has become increasingly complex. From a network traffic perspective, it can be difficult to ascertain which websites are being visited by a user,...
Article
Full-text available
The Internet is composed of thousands of networks, interconnected to provide end-to-end IP (Internet Protocol) connectivity. However, Very little public information is provided about these networks and their interconnections. The information needed to create an Internet map of the routers and the links between those routers must be derived from tec...
Article
Full-text available
Over the last years websites have evolved rapidly incorporating new content types and becoming more and more dynamic. Users today are able to access a wide variety of content and services through their web browsers. As a consequence, web traffic has become increasingly complex and, from a network perspective it can be difficult to ascertain which w...
Article
This paper presents and studies objective video quality evaluation techniques for a network where frame losses can be considered independent, for example a best effort not heavy loaded packet switching network. The total or partial loss of a frame’s information affects the quality of video playback, as the frame cannot be decoded and other frames t...
Conference Paper
Optical networks are facing increased levels of heterogeneity, from types of services to the range of technologies involved. In this paper, we focus on the inter-domain heterogeneity scenario and consider the case of a set of interconnected network domains, each one using its own optical networking technology (wavelength-routing, optical burst-swit...
Conference Paper
Full-text available
Topology discovery and alias resolution techniques provide a way to obtain IP-level maps with the only collaboration of known behaviors of routers. There is no public information about network topology of Internet Service Providers and resolution techniques, but not in comparing and studying alias resolution with periodical measurements in the same...
Article
This paper considers digital video transport over Optical Burst Switched networks where burst losses cause data loss from one or more adjacent video frames. Analytical approximations for the frame losses and video playback interruptions are derived and validated using simulations. Both parameters require a very limited and static amount of data abo...
Conference Paper
Full-text available
Network traffic monitoring systems have to deal with a challenging problem: the traffic capturing process almost invariably produces duplicate packets. In spite of this, and in contrast with other fields, there is no scientific literature addressing it. This paper establishes the theoretical background concerning data duplication in network traffic...
Conference Paper
Full-text available
An Internet topology map at the router level not only needs to discover IP addresses in Internet paths (traceroute) but also needs to identify IP addresses belonging to the same router (IP aliases). Both processes, discovery and IP alias resolution, have traditionally been independent tasks. In this paper, a new tool called Pamplona-traceroute is p...
Conference Paper
The complexity of web traffic has grown in the past years as websites evolve and new services are provided over the HTTP protocol. When accessing a website, multiple connections to different servers are opened and it is usually difficult to distinguish which servers are related to which sites. However, this information is useful from the perspectiv...
Conference Paper
This paper presents two novel cloning schemes for video delivery in Optical Burst Switching Networks. These schemes take into account the special characteristics of compressed video traffic and dramatically improve received video quality. Analytical and simulation results show up to 40% quality improvement without a substantial increase in the over...
Article
The energy consumption due to information technologies is large and there are many ongoing efforts to cut it down. Previous studies have shown that there is a significant percentage of hosts which are left switched on in office buildings at night and weekend, whose energy consumption is significant. This motivates the development of techniques that...
Conference Paper
Study of high speed networks such as optical next generation burst or packet switched networks require large amounts of synthetic traffic to feed simulators. Methods to generate self-similar long range dependent traffic already exist but they usually work by generating large blocks of traffic of fixed time duration. This limits simulated time or re...
Conference Paper
In the field of traffic classification, previous efforts have been centered on identifying applications (HTTP, SMTP, FTP, etc) rather than the actual services that they provide (email, file transfer, video streaming, etc.). Nowadays, however, a single application as HTTP can provide multiple services for the end-user. Some methods have been propose...
Conference Paper
In the field of traffic classification, previous efforts have been centered on identifying applications (HTTP, SMTP, FTP, etc) rather than the actual services that they provide (email, file transfer, video streaming, etc.). Nowadays, however, a single application as HTTP can provide multiple services for the end-user. Network traffic for a web-base...
Conference Paper
Full-text available
In order to obtain close-to-reality Internet maps, IP aliases resolution allows identifying IP addresses belonging to the same router. Mainly, active probing is used for IP aliases resolution following direct and indirect schemes. Also, different types of probe packets are used (ICMP, UDP, etc.) focusing on different header fields and characteristi...
Conference Paper
Full-text available
This paper presents a method to improve video quality at the receiver side of a streaming service when the network path presents losses in bursts. Technologies that aggregate packets into larger switched data units are typical scenarios for this kind of loss behavior. Optical Burst Switched (OBS) networks and Optical Packet Switched (OPS) networks...
Conference Paper
Full-text available
Obtaining an accurate picture of what is happening inside the Internet can be particularly challenging using end-to-end measurements. The ability to make high-precision timing measurements (one-way delay, interarrival times, ...) using probe packets is key to attain a clear picture of network performance. The European Traffic Observatory Measuremen...
Article
The Internet is a huge interconnection of thousands of networks with different technologies, equipment, configurations, and administrative owners. This, added to the lack of public information about those individual infrastructures, makes it a difficult task to provide a so-called Internet map: a topological map with information of routers, interco...
Conference Paper
Full-text available
Computers connected to Internet are constantly threatened by different types of malware. One of the most important malware are botnets that convert infected computers into agents that follow actions instructed by a command-and-control server. A botmaster can control thousands of agents. This means a significant capacity to accomplish any kind of ne...
Conference Paper
The characteristics of Wi-Fi networks and their ever-growing popularity make them an obvious target for attacks. While intrusion detection systems have been popular in wired networks for a long time, their wireless equivalents are very limited. Anomaly-based detection methods have received an increasing interest by the scientific community in the l...
Conference Paper
Full-text available
Optical Burst Switched (OBS) networks may become a backbone technology for video-on-demand providers. This work addresses the problem of dimen-sioning the access link of an ingress node to the optical core network in a video over OBS scenario. A video-on-demand provider using an OBS transport network will have to deliver traffic to a set of egress...
Conference Paper
Full-text available
ETOMIC is a network traffic measurement platform with high precision GPS-synchronized monitoring nodes. The infrastructure is publicly available to the network research community, supporting advanced experimental techniques by providing high precision hardware equipments and a Central Management System. Researchers can deploy their own active measu...
Conference Paper
Full-text available
Optical Burst Switching (OBS) is an optical switching technology capable of supporting large demands for bandwidth in optical back-bones with Wavelength Division Multiplexing (WDM). This paper presents an OBS simulation model for the discrete event simulator OMNeT++. The performance of this model is compared with the performance of the well-known I...
Conference Paper
Full-text available
Discovery of Internet topology is an important and open task. It is difficulted by the high number of networks and internetworking equipments, and even by the dynamic of those interconnections. Mapping Internet at router-level needs to identify IP addresses that belong to the same router. This is called IP address alias resolution and classical met...
Conference Paper
Full-text available
In order to get a router-level topology in Internet, IP address alias resolution techniques allow to identify IP addresses that belong to the same router. There are several proposals to make this identification, some based on active measurements and others based on inference studies. The former provides more accuracy and completeness, however effic...
Conference Paper
OBS networks offer a highly efficient transport infrastructure for bursty data traffic. Video streaming content distribution networks are a clear candidate to use this promising technology. Traffic injected into an OBS network is a burst arrival process whose characteristics depend not only on input traffic parameters but also on design parameters...
Conference Paper
Full-text available
Resumen—Optical Burst Switching (OBS) es una nueva tec-nología de conmutación óptica capaz de soportar una gran demanda de ancho de banda en backbones ópticos con Wa-velength Division Multiplexing (WDM). Muchos investigadores están interesados en el estudio de esta propuesta emergente y la búsqueda de sus parámetros y entornos de funcionamiento ópt...
Conference Paper
Full-text available
One of the challenging problems related with network topology discovery in Internet is the process of IP address alias identification. Topology information is usually obtained from a set of traceroutes that provide IP addresses of routers in the path from a source to a destination. If these traceroutes are repeated between several source/destinatio...
Conference Paper
Full-text available
Traffic injected into an Optical Burst Switched (OBS) network is a burst arrival process whose characteristics depend not only on input traffic parameters but also on design pa-rameters of the OBS network such as the burst formation timeout value. The properties of this traffic will dictate how it is affected by transmision over the OBS core. If OB...
Conference Paper
Full-text available
This chapter summarises the activities on optical packet switching (OPS) and optical burst switching (OBS) carried out by the COST 291 partners in the last 4 years. It consists of an introduction, five sections with contributions on five different specific topics, and a final section dedicated to the conclusions. Each section contains an introducti...
Conference Paper
Optical burst switching networks offer the capacity needed by bandwidth hungry services like video distribution to home subscribers. This paper shows the effect that the burst formation mechanism and its parameters has on video traffic flows. The dependence among video frames in MPEG flows shows a noticeable effect on the total number of frames tha...
Article
Full-text available
In this paper we present a study about the utilization of one-way delay measurements to detect and characterize network congestion in the european Internet. The experiments have been made using the ETOMIC platform that allows one-way delay measurement with high precision timestamps. We have found a peculiar router behaviour in which the bottleneck...
Article
Full-text available
Recently, preemption techniques have attracted considerable attention as a means to provide differentiated quality of service in optical burst switching (OBS) networks. This paper is focused on the analysis of preemption probabilities for bursts within the same priority class. As proposed by Vokkarane and Jue ((2003)* IEEE J Select Areas Commun 21(...
Article
Full-text available
The optical burst switching (OBS) burstifier delay-throughput curves are analyzed in this paper. The burstifier incorporates a timer-based scheme with minimum burst size, i.e., bursts are subject to padding in light-load scenarios. Precisely, due to this padding effect, the burstifier normalized throughput may not be equal to unity. Conversely, in...
Conference Paper
Full-text available
Nowadays network bandwidth is increasing continuously for end- users and network providers. Network monitoring tools have to be able to support these high-speed networks, processing a high number of packets per second. For this reason, network monitoring tools have to be improved using software or hardware techniques. In this paper we use sampling...