Félix Iglesias VázquezTU Wien | TU Wien · Institute of Telecommunications
Félix Iglesias Vázquez
Doctor of Engineering
About
54
Publications
26,035
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
1,145
Citations
Publications
Publications (54)
We study the impact and stability of the neighborhood parameter for a selection of popular outlier detection algorithms: kNN, LOF, ABOD, LoOP and SDO. We conduct a sensitivity analysis with data undergoing controlled changes related to: cardinality, dimension-ality, global outliers ratio, local outliers ratio, layers of density, density differences...
Streaming data analysis is increasingly required in applications, e.g., IoT, cybersecurity, robotics, mechatronics or cyber-physical systems. Despite its relevance, it is still an emerging field with open challenges. SDO is a recent anomaly detection method designed to meet requirements of speed, interpretability and intuitive parameterization. In...
We introduce dSalmon, a highly efficient framework for outlier detection on streaming data. dSalmon can be used with both Python and C++, meeting the requirements of modern data science research. It provides an intuitive interface and has almost no package dependencies. dSalmon implements main stream outlier detection approaches from literature. By...
Stream clustering is required in applications where data is generated continuously or periodically and must be processed considering its temporal nature. In the absence of a ground truth, internal validation is the only option to evaluate the quality of performances. Traditional internal validation is commonly used also in stream clustering, even i...
Sparse Data Observers (SDO) is an unsupervised learning approach developed to cover the need for fast, highly interpretable and intuitively parameterizable anomaly detection. We present SDOclust, an extension that performs clustering while preserving the simplicity and applicability of the original approach. In a nutshell, SDOclust considers observ...
Covert channels are methods to convey information clandestinely by exploiting the inherent capabilities of common communication protocols. They can be used to hide malware communication as part of cyber attacks. Here, we present CCgen, a framework for injecting covert channels into network traffic that includes modules for common covert channels at...
Compact data models have become relevant due to the massive, ever-increasing generation of data. We propose Observers-based Data Modeling (ODM), a lightweight algorithm to extract low density data models (aka coresets) that are suitable for both static and stream data analysis. ODM coresets keep data internal structures while alleviating computatio...
Advanced validation of cluster analysis is expected to increase confidence and allow reliable implementations. In this work, we describe and test CluReAL, an algorithm for refining clustering irrespective of the method used in the first place. Moreover, we present ideograms that enable summarizing and properly interpreting problem spaces that have...
The increased interest in secure and reliable communications has turned the analysis of network traffic data into a predominant topic. A high number of research papers propose methods to classify traffic, detect anomalies, or identify attacks. Although the goals and methodologies are commonly similar, we lack initiatives to categorize the data, met...
Among network analysts, “anomaly” and “outlier” are terms commonly associated to network attacks. Attacks are outliers (or anomalies) in the sense that they exploit communication protocols with novel infiltration techniques against which there are no defenses yet. But due to the dynamic and heterogeneous nature of network traffic, attacks may look...
We present a tool for generating multidimensional synthetic datasets for testing, evaluating, and benchmarking unsupervised classification algorithms. Our proposal fills a gap observed in previous approaches with regard to underlying distributions for the creation of multidimensional clusters. As a novelty, normal and non-normal distributions can b...
The application of clustering involves the interpretation of objects placed in multi-dimensional spaces. The task of clustering itself is inherently submitted to subjectivity, the optimal solution can be extremely costly to discover and sometimes even unreachable or nonexistent. This fact introduces a trade-off between accuracy and computational ef...
Clock synchronization has become essential to modern societies since many critical infrastructures depend on a precise notion of time. This paper analyzes security aspects of high-precision clock synchronization protocols, particularly their alleged protection against delay attacks when clock synchronization traffic is encrypted using standard netw...
The consolidation of encryption and big data in network communications have made deep packet inspection no longer feasible in large networks. Early attack detection requires feature vectors which are easy to extract, process, and analyze, allowing their generation also from encrypted traffic. So far, experts have selected features based on their in...
Adversarial machine learning copes with the development of methods to prevent machine learning algorithms from being misled by malicious users. This field is especially relevant for applications where machine learning lies in the core of security systems. In the field of network security, adversarial samples are actually novel network attacks or ol...
Covert timing channels are security threats that have concerned the expert community from the beginnings of secure computer networks. In this paper we explore the nature of covert timing channels by studying the behavior of a selection of features used for their detection. Insights are obtained from experimental studies based on ten covert timing c...
Covert channels exploit communication protocols to clandestinely transfer information. They enable criminals to hide malicious activities and can be used for secret data exfiltration, malware spreading or for the stealthy establishment of command and control structures. In this paper we study covert timing channels from a statistical perspective an...
The detection of covert channels in communication networks is a current security challenge. By clandestinely transferring information, covert channels are able to circumvent security barriers, compromise systems, and facilitate data leakage. A set of statistical methods called DAT (Descriptive Analytics of Traffic) has been previously proposed as a...
The selection of features for network traffic analysis and anomaly detection is a challenge for experts who aim to build systems that discover traffic patterns, characterize networks, and improve security. There are no major guidelines or best practices for feature selection in the field. The literature is full of different proposals that ultimatel...
Internet Background Radiation (IBR) is observed in empty network address spaces. No traffic should arrive there, but it does in overwhelming quantities, gathering evidences of attacks, malwares and misconfigurations. The study of IBR helps to detect spreading network problems, common vulnerabilities and attack trends. However, network traffic data...
Covert timing channels are security threats that have concerned the expert community from the beginnings of secure computer networks. In this paper we explore the nature of covert timing channels by studying the behavior of a selection of features used for their detection. Insights are obtained from experimental studies based on ten covert timing c...
Differential power analysis (DPA) is a powerful side-channel key recovery attack that efficiently breaks cryptographic algorithm implementations. In order to prevent these types of attacks, hardware designers and software programmers make use of masking and hiding techniques. DPA contest is an international framework that allows researchers to comp...
Covert channels provide means to conceal information transfer between hosts and bypass security barriers in communication networks. Hidden communication is of paramount concern for governments and companies, because it can conceal data leakage and malware communication, which are crucial building blocks used in cyber crime. We propose detectors bas...
This paper studies the temporal behavior of communication flows in the Internet. Characterization of flows by temporal patterns supports traffic classification and filtering for network management and network security in situations where full packet data is not accessible (e.g. obfuscated or encrypted traffic) or cannot be analyzed due to privacy c...
This paper presents a network security laboratory to teach data analysis for detecting TCP/IP covert channels. The laboratory is mainly designed for students of electrical engineering, but is open to students of other technical disciplines with similar background. Covert channels provide a method for leaking data from protected systems, which is a...
This paper presents a network security laboratory project for teaching network traffic anomaly detection methods to electrical engineering students. The project design follows a research-oriented teaching principle, enabling students to make their own discoveries in real network traffic, using data captured from a large IP darkspace monitor operate...
Anomaly detection in communication networks provides the basis for the uncovering of novel attacks, misconfigurations and network failures. Resource constraints for data storage, transmission and processing make it beneficial to restrict input data to features that are (a) highly relevant for the detection task and (b) easily derivable from network...
Network security requires real-time monitoring of network traffic in order to detect new and unexpected attacks. Attack detection methods based on deep packet inspection are time consuming and costly, due to their high computational demands. This paper proposes a fast, lightweight method to distinguish different attack types observed in an IP darks...
An IP darkspace is an unused IP address range. Addresses are announced by routing, but no hosts are attached. Therefore all traffic directed to IP darkspace addresses is unsolicited and usually originates from attacks, attack preparation activities or misconfigurations. Most of the observed traffic belongs to known phenomena (e.g. horizontal scanni...
A main goal of hot water distribution research is to improve the system's efficiency, i.e., to fulfill hot water requirements while minimizing energy and water losses. Central domestic hot water (CDHW) systems represent an important part of current installations worldwide, e.g., hotels, hospitals, sports centers, social facilities, and multifamily...
Smart homes and Ambient Intelligence Environments require embedded technologies able to work and think jointly. Indeed, home technologies are expected to form together an individual supportive system whose cooperation and context awareness capabilities make it more than the sum of the different parts (equipments, functionalities, services, applianc...
Forecasting and modeling building energy profiles require tools able to discover patterns within large amounts of collected information. Clustering is the main technique used to partition data into groups based on internal and a priori unknown schemes inherent of the data. The adjustment and parameterization of the whole clustering task is complex...
The field of home and building automation is an extensive technological application area that inherently includes a high diversity and a strong interaction with users. Concepts like ubiquity and cooperativeness are of undeniable importance and demand a coherent top-down focus and holistic perspectives. The present paper describes the application of...
Within the field of Distributed Generation (DG), stand-alone Hybrid Power Systems (HPS) are a suitable solution to provide energy to isolated facilities where the connection to a centralized grid is not affordable. The logical evolution of such systems involves the optimization of power resources and related control strategies, but also enhancement...
One of the reasons that explains the slow uptake of smart home technologies has been addressed several times due to a lack of designs better aware of usability and the real context when families experience their daily life. The present paper introduces a system model for ambient intelligence (AmI) environments that boosts a friendly system-user's a...
The main goal of smart home applications can be summarized as improving (or keeping) users' comfort maximizing energy savings. Holistic management and awareness about users' habits play fundamental roles in this achievement, as they add predictive, adaptive and conflict resolution capabilities to the home automation system. The present paper presen...
Lifestyle and habits of users have a direct effect on the energy performance of dwellings and facilities. Hence, in the built environment, advanced control strategies must adapt to user behaviors trying to keep a commitment between energy consumption and comfort requirements. In previous works, the suitability of predictive control based on occupan...
Clustering methods are deployed to extract patterns from large amounts of data. For home and building automation, usage patterns and their resulting profiles allow improving control systems with prediction capabilities. This paper shows how different clustering methods identify patterns representing the occupancy of inhabitants. Regarding the occup...
Smart homes have been viewed with increasing interest by both home owners and the research community in the past few years. One reason for this development is that the use of modern automation technology in the home or building promises considerable savings of energy, therefore, simultaneously reducing the operational costs of the building over its...
The identification of user and usage profiles in the built environment is of vital importance both for energy performance analysis and smart control purposes. Clustering tools are a suitable means as they are able to discover representative patterns from a myriad of collected data. In this work, the methodology of an eXclusive Self-Organizing Map (...
The achievement of sustainable goals in the home environment demands an optimized management of electricity loads from the control side. The present work proposes a control approach based on an appropriate load definition, context awareness regarding user behaviours and the persuasive capabili-ties of pervasive systems. Beyond further benefits, the...
The ultimate goal of sustainable homes and buildings is to work towards energy efficiency automatically taking into account user comfort always acknowledging the residents' desires. Such environments demand for a friendly coexistence between technology and usability to assure an optimized reality in terms of comfort, economic and energy savings. Th...
The user's action is a decisive factor in the energ y performance of a building. In this paper is demonstrated the necessity of using more specific user's profiles (UPs) in simulations of building's energy performance (EP). The Spanish Technical Code for Buildings (CTE) offers a unique generic residential UP for all site s in the country. With the...