Jorge Crichigno

Jorge Crichigno
University of South Carolina | USC · Department of Integrated Information Technology

PhD

About

144
Publications
61,726
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
2,261
Citations

Publications

Publications (144)
Conference Paper
Full-text available
With the increasing adoption of the HyperText Transfer Protocol Secure (HTTPS), organizations face new challenges in monitoring traffic to defend against attacks and enforce security policies, such as filtering malicious websites. One widely used technique to monitor HTTPS is by scrutinizing the hostname in the Server Name Identification (SNI) exte...
Preprint
The end of Moore's Law and Dennard Scaling has slowed processor improvements in the past decade. While multi-core processors have improved performance, they are limited by the application's level of parallelism, as prescribed by Amdahl's Law. This has led to the emergence of domain-specific processors that specialize in a narrow range of functions....
Preprint
Full-text available
Identifying heavy hitters is vital for applications like Denial of Service (DoS) detection and traffic engineering. Current solutions fall into hardware or software categories. Hardware solutions (e.g., P4 programmable data plane switches) offer high performance but require adding hardware, which may not be ideal for virtualized environments (e.g.,...
Article
Full-text available
The end of Moore’s Law and Dennard Scaling has slowed processor improvements in the past decade. While multi-core processors have improved performance, they are limited by the application’s level of parallelism, as prescribed by Amdahl’s Law. This has led to the emergence of domain-specific processors that specialize in a narrow range of functions....
Article
Blockchain technology is crucial for cutting-edge demands and aligns with the trend towards decentralized architecture. Interoperability between private and public blockchain technology can revolutionize digital record-keeping and enable automation. Traditional database systems saw major developments when Application Programming Interfaces (API) an...
Chapter
Full-text available
Ransomware is a form of malware that uses encryption methods to prevent legitimate users from accessing their data files. To date, many ransomware families have been released, causing immense damage and financial losses for private users, corporations, and governments. As a result, researchers have proposed a range of ransomware detection schemes u...
Article
Full-text available
The performance of networked applications can be dramatically impacted by the size of the buffer at the bottleneck router. Shallow buffers may increase packet losses and decrease link utilization, while deep buffers may increase the queueing delays for latency-sensitive flows. Operators nowadays configure large buffers statically without considerin...
Preprint
Full-text available
Researchers have proposed a wide range of ransomware detection and analysis schemes. However, most of these efforts have focused on older families targeting Windows 7/8 systems. Hence there is a critical need to develop efficient solutions to tackle the latest threats, many of which may have relatively fewer samples to analyze. This paper presents...
Conference Paper
Full-text available
Congestion Control Algorithms (CCAs) regulate the sending rates of hosts to avoid congestion in the network. Studies have shown that when flows belonging to different CCAs co-exist on the same link, their shares on that link are significantly different. If the CCAs of active flows can be determined on live traffic, then flows belonging to the same...
Preprint
Full-text available
The Internet of Things(IoT) paradigm provides persistent sensing and data collection capabilities and is becoming increasingly prevalent across many market sectors. However, most IoT devices emphasize usability and function over security, making them very vulnerable to malicious exploits. This concern is evidenced by the increased use of compromise...
Preprint
Full-text available
Researchers have proposed a wide range of ransomware detection and analysis schemes. However, most of these efforts have focused on older families targeting Windows 7/8 systems. Hence there is a critical need to develop efficient solutions to tackle the latest threats, many of which may have relatively fewer samples to analyze. This paper presents...
Article
Full-text available
Traditionally, the networking industry has been dominated by closed and proprietary hardware and software. Vendors have been controlling the network by hard-coding how packets should be processed and providing the network operators with a set of predefined protocols. Recently, the industry, operators, and the research community have started to pay...
Preprint
Full-text available
Ransomware uses encryption methods to make data inaccessible to legitimate users. To date a wide range of ransomware families have been developed and deployed, causing immense damage to governments, corporations, and private users. As these cyberthreats multiply, researchers have proposed a range of ransomware detection and classification schemes....
Conference Paper
Full-text available
Domain Generation Algorithms (DGAs) are one of the most effective strategies for malware to obtain a connection with the adversary's Command and Control (C2) server. Moreover, the growing number of DGA families makes it increasingly challenging for defense strategies to promptly identify the DGA family behind a given compromise. State-of-the-art hi...
Article
Full-text available
Data plane programmability has attracted significant attention, permitting network operators to run customized packet processing functions. Unfortunately, networks today are still largely dominated by proprietary fixed-function devices. It is challenging for operators to completely migrate to programmable data planes (PDPs) due to the economical co...
Chapter
Ransomware is currently the leading malware threat propagating throughout today’s networks and is the preeminent attack vector for adversaries aiming to extort a broad array of targets for financial gain. The de facto strategies for combating such maliciousness have long been host-based; however, these strategies are often inconsistently deployed a...
Conference Paper
Full-text available
Ransomware is currently the leading malware threat propagating throughout today's networks and is the preeminent attack vector for adversaries aiming to extort a broad array of targets for nancial gain. The de facto strategies for combating such maliciousness have long been host-based; however, these strategies are often inconsistently deployed and...
Chapter
The ever-increasing botnet presence has enabled attackers to compromise millions of nodes and launch a plethora of Internet-scale coordinated attacks within a very short period of time. While the challenge of identifying and patching the vulnerabilities that these botnets exploit in a timely manner has proven elusive, a more promising solution is t...
Conference Paper
Full-text available
The ever-increasing botnet presence has enabled attackers to compromise millions of nodes and launch a plethora of Internet-scale coordinated attacks within a very short period of time. While the challenge of identifying and patching the vulnerabilities that these botnets exploit in a timely manner has proven elusive, a more promising solution is t...
Conference Paper
Full-text available
This paper describes a cloud infrastructure and virtual laboratories on P4 programmable data plane switches. P4 programmable data planes emerged as a technology that enables innovation in networking. P4 is a programming language used to describe how network packets are processed. This paper explains an entry-level training library on P4. The virtua...
Article
Full-text available
The increasing performance requirements of today’s Internet applications demand a reliable mechanism to transfer data. Many applications rely on the Transmission Control Protocol (TCP) as the transport protocol, due to its ability to adapt to properties of the network and to be robust in the face of many kinds of failures. However, improving the pe...
Conference Paper
Full-text available
One of the main roles of the Domain Name System (DNS) is to map domain names to IP addresses. Despite the importance of this function, DNS traffic often passes without being analyzed, thus making the DNS a center of attacks that keep evolving and growing. Software-based mitigation approaches and dedicated state-of-the-art firewalls can become a bot...
Article
Full-text available
The emergence of the IoT, cloud systems, data centers, and 5G networks is increasing the demand for a rapid development of new applications and protocols at all levels of the protocol stack. However, traditional fixed-function data planes have been characterized by a lengthy and costly development process at the hand of few chip manufacturers. Rece...
Chapter
This chapter provides an overview of two common types of application-layer tools used in high-speed networks and Science DMZs: file transfer tools and monitoring application tools. File transfer tools are used by researchers and practitioners to share data. Historically, applications were built around the File Transport Protocol (FTP). While FTP-ba...
Chapter
Owing to its proven efficiency to move large data sets, the number of deployed Science DMZs has been rapidly increasing in the last few years. However, there are still many challenges and open research issues that must be addressed.
Chapter
Applications can transmit a large amount of data between end devices. Many applications require the data to be correctly delivered from one device to another (e.g., from an instrument to a DTN). This is one of the services provided by TCP and a reason why TCP is the protocol used by data transfer tools. There are several TCP attributes that should...
Chapter
This section discusses security aspects in high-speed networks. The section pays particular attention to operational security, which addresses potential attackers attempting unauthorized access, introducing malware into devices, and conducting denial of service (DoS) attacks. The chapter describes router’s access-control, firewalls, intrusion preve...
Chapter
One of the main functions of routers and switches is forwarding. Forwarding refers to the switching of a packet from the input port to the appropriate output port. This chapter reviews the architecture and forwarding-related attributes of switches and routers. Attributes include forwarding rates, memory for buffering packets, forwarding methods suc...
Chapter
This chapter describes the elements of the cyberinfrastructure supporting Science DMZs and high-speed networks for large data transfers. They include friction-free network paths; dedicated, high-performance end devices, referred to as Data Transfer Nodes (DTNs); end-to-end performance measurement monitoring points; and security mechanisms suitable...
Chapter
This chapter provides a motivation for Science Demilitarized Zones (Science DMZs) and other high-speed network architectures designed for large data transfers. The chapter describes limitation of enterprise networks when used for large data transfers, current applications based on Science DMZs, and access to companion material and website.
Conference Paper
Full-text available
The router's buffer size imposes significant implications on the performance of the network. Network operators nowadays configure the router's buffer size manually and statically. They typically configure large buffers that fill up and never go empty, increasing the Round-trip Time (RTT) of packets significantly, and decreasing the application perf...
Book
This book provides practical knowledge and skills on high-speed networks, emphasizing on Science Demilitarized Zones (Science DMZs). The Science DMZ is a high-speed network designed to facilitate the transfer of big science data which is presented in this book. These networks are increasingly important, as large data sets are now often transferred...
Conference Paper
Full-text available
This paper describes the development of an Academic Cloud and hands-on virtual laboratories that run on this cloud. The system has been deployed by the University of South Carolina, Stanly Community College, and the Network Development Group. The Academic Cloud provides remote-access capability to laboratory equipment via the Internet and seamlessl...
Conference Paper
Mobile cloud computing provides on-demand resources. The architecture of mobile cloud computing is composed of a cluster of mobile devices. It is gaining popularity because of its cost-effectiveness and availability. There are numerous security issues like data breaches due to many data being stored with all of its benefits. According to recent sea...
Conference Paper
Full-text available
Although the importance of router's buffer sizing in network performance is well known, estimating the current size of the bottleneck buffer is an open research problem. This paper presents a method to achieve such estimation, for the case where the bottleneck buffer operates under a finite number of buffer sizing regimes. The scheme uses a supervi...
Article
Full-text available
Traditionally, the data plane has been designed with fixed functions to forward packets using a small set of protocols. This closed-design paradigm has limited the capability of the switches to proprietary implementations which are hard-coded by vendors, inducing a lengthy, costly, and inflexible process. Recently, data plane programmability has at...
Chapter
The extent to which cyber crimes are taking place has reached a frequency that has never been observed before. Moreover, the increasing network traffic rates have made the storing and subsequent analysis of the resultant stockpile of traffic data in order to attribute such crimes increasingly challenging and time consuming. As a result, inadequate...
Preprint
Full-text available
Traditionally, the data plane has been designed with fixed functions to forward packets using a small set of protocols. This closed-design paradigm has limited the capability of the switches to proprietary implementations which are hardcoded by vendors, inducing a lengthy, costly, and inflexible process. Recently, data plane programmability has att...
Article
Full-text available
Google published the first release of the Bottleneck Bandwidth and Round-trip Time (BBR) congestion control algorithm in 2016. Since then, BBR has gained a widespread attention due to its ability to operate efficiently in the presence of packet loss and in scenarios where routers are equipped with small buffers. Such characteristics were not attain...
Conference Paper
The current livestock industry in certain parts of the world still runs on archaic infrastructure. Using dated systems built on inefficient database structures are not ideal moving into the next millennial as the central point of failure. A lack of data sharing and data transfer also limits the methods by which cattle farmers can operate. In this p...
Conference Paper
Full-text available
Ever since the inception of the networking industry, routing and switching devices have been limited to tightly-coupled hardware and software components. Vendors provide closed source proprietary stacks, restraining network operators from utilizing customized features, and hence hindering innovation. This aggregated model is costly, time consuming,...
Conference Paper
Full-text available
The alpha version of Bottleneck Bandwidth and Round-trip Time version 2 (BBRv2) has been recently presented, which aims to mitigate the shortcomings of its predecessor, BBR version 1 (BBRv1). Previous studies show that BBRv1 provides a high link utilization and low queuing delay by estimating the available bottleneck bandwidth. However, its aggress...
Conference Paper
Full-text available
Blockchain technology is the cornerstone of digital trust and systems' decentralization. The necessity of eliminating trust in computing systems has triggered researchers to investigate the applicability of Blockchain to decentralize the conventional security models. Specifically, researchers continuously aim at minimizing trust in the well-known P...
Conference Paper
Full-text available
This paper describes the deployment of a private cloud and the development of virtual laboratories and companion material to teach and train engineering students and Information Technology (IT) professionals in high-throughput networks and cybersecurity. The material and platform, deployed at the University of South Carolina, are also used by other...
Conference Paper
Full-text available
Distributed Denial of Service (DDoS) attacks have terrorized our networks for decades, and with attacks now reaching 1.7 Tbps, even the slightest latency in detection and subsequent remediation is enough to bring an entire network down. Though strides have been made to address such maliciousness within the context of Software Defined Networking (SD...
Conference Paper
Full-text available
According to estimations, approximately 80% of Internet traffic represents media traffic. Much of it is generated by end users communicating with each other (e.g., voice, video sessions). A key element that permits the communication of users that may be behind Network Address Translation (NAT) is the relay server. This paper presents a scheme for o...
Conference Paper
Full-text available
Ransomware attacks cost businesses more than $75 billion/year, and it is predicted to cost $6 trillion/year by 2021. These numbers demonstrate the havoc produced by ransomware on a large number of sectors and urge security researches to tackle it. Several ransomware detection approaches have been proposed in the literature that interchange between...
Article
Full-text available
The insecurity of the Internet-of-Things (IoT) paradigm continues to wreak havoc in consumer and critical infrastructures. The highly heterogeneous nature of IoT devices and their widespread deployments has led to the rise of several key security and measurement-based challenges, significantly crippling the process of collecting, analyzing and corr...
Article
Full-text available
Network Address Translation (NAT) is a method that enables devices with private IP addresses to connect to the Internet by sharing a public IP address. Traversing the NAT device remains a challenge for a wide range of applications such as Voice over IP (VoIP) and Internet of Things (IoT). The Port Control Protocol (PCP) is a relatively new protocol...
Conference Paper
Full-text available
This paper describes a project led by the University of South Carolina (USC) to address the cybersecurity workforce gap. The project creates curricular material based on virtual laboratories (vLabs). As vLabs are developed, they are adopted and tested at USC and Northern New Mexico College (NNMC), the main partnering institution in this project. Th...
Conference Paper
Full-text available
The deployment of Over-The-Top (OTT) Voice over IP (VoIP) applications has been accelerated after the adoption of high-speed communications technologies (e.g.: LTE) by mobile operators. Additionally, the high incurring costs imposed on subscribers who are roaming outside their Home Public Land Mobile Network (HPLMN) has also contributed to the wide...
Conference Paper
Full-text available
Previous studies have observed that TCP pacing-evenly spacing out packets-minimizes traffic burstiness, reduces packet losses, and increases throughput. However, the main drawback of pacing is that the number of flows and the bottleneck link capacity must be known in advance. With this information, pacing is achieved by manually tuning sender nodes...
Conference Paper
Network function virtualization (NFV) allows service provides to implement network processing functionality in software using standard computing servers. As such, this approach precludes the need for deploying costly and proprietary hardware-based networking devices, i.e., black boxes, greatly reducing infrastructure and operational costs. Instead,...