Papers by Francesco Gringoli
IEEE Networking Letters
We present a game-theoretic analysis of the interaction between a malicious node, attempting to p... more We present a game-theoretic analysis of the interaction between a malicious node, attempting to perform unauthorized radio transmission, and friendly jammers trying to disrupt the malicious communications. We investigate the strategic behavior of the jammers against a rational malicious node and highlight counterintuitive results for this conflict. We also analyze the impact of multiple friendly jammers sharing the same goal but acting without coordination; we find out that this scenario offers a better payoff for the jammers, which has some strong implications on how to implement friendly jamming.
Proceedings of the 6th International Wireless Communications and Mobile Computing Conference, 2010
Supervised statistical approaches for the classification of network traffic are quickly moving fr... more Supervised statistical approaches for the classification of network traffic are quickly moving from research laboratories to advanced prototypes, which in turn will become actual products in the next few years. While the research on the classification algorithms themselves has made quite significant progress in the recent past, few papers have examined the problem of determining the optimum working parameters for statistical classifiers in a straightforward and foolproof way. Without such optimization, it becomes very difficult to put into practice any classification algorithm for network traffic, no matter how advanced it may be. In this paper we present a simple but effective procedure for the optimization of the working parameters of a statistical network traffic classifier. We put the optimization procedure into practice, and examine its effects when the classifier is run in very different scenarios, ranging from medium and large local area networks to Internet backbone links. Experimental results show not only that an automatic optimization procedure like the one presented in this paper is necessary for the classifier to work at its best, but they also shed some light on some of the properties of the classification algorithm that deserve further study.
2009 Ieee International Conference on Communications, 2009
When employing cryptographic tunnels such as the ones provided by Secure Shell (SSH) to protect t... more When employing cryptographic tunnels such as the ones provided by Secure Shell (SSH) to protect their privacy on the Internet, users expect two forms of protection. First, they aim at preserving the privacy of their data. Second, they expect that their behavior, e.g., the type of applications they use, also remains private. In this paper we report on two statistical traffic analysis techniques that can be used to break the second type of protection when applied to SSH tunnels, at least under some restricting hypothesis. Experimental results show how current implementations of SSH can be susceptible to this type of analysis, and illustrate the effectiveness of our two classifiers both in terms of their capabilities in analyzing encrypted traffic and in terms of their relative computational complexity.
2008 Proceedings of 17th International Conference on Computer Communications and Networks, 2008
Secure Shell (SSH) tunnels are commonly used to provide two types of privacy protection to clear-... more Secure Shell (SSH) tunnels are commonly used to provide two types of privacy protection to clear-text application protocols. First and foremost, they aim at protecting the privacy of the data being exchanged between two peers, such as passwords, details of monetary transactions and so on. Second, they are supposed to protect the privacy of the behavior of end-users, by preventing an unauthorized observer from detecting which application protocol is being transported by an SSH tunnel. In this paper we introduce a GMM-based (Gaussian Mixture Model) technique that, under a set of reasonable assumptions, can be used to identify which application is being tunneled inside an SSH session by simply observing the stream of encrypted packets. This technique can therefore break the presumption of privacy in its second incarnation as described above. Although still preliminary, experimental results show that the technique can be quite effective, and that the standard bodies might need to take this approach under consideration when designing new obfuscation techniques for SSH.
Computer Networks, Apr 1, 2011
Ground truth information for Internet traffic traces is often derived by means of port analysis a... more Ground truth information for Internet traffic traces is often derived by means of port analysis and payload inspection (Deep Packet Inspection-DPI). In this paper we analyze the errors that DPI and port analysis commit when assigning protocol labels to traffic traces. We compare the ground truth provided by these approaches with that derived by gt, a tool that we developed, which provides error-free ground truth at the application level by construction. Experimental results demonstrate that, depending on the protocols composing a trace, ground truth information from port analysis and DPI can be incorrect for up to 91% and 26% of the labeled bytes, respectively.
Rate adaptation algorithms for reliable multicast transmissions in wireless LANs
Modeling and Simulation of Computer Networks and Systems, 2015
A Testbed to Evaluate Frequency-Hopping Anti-Jamming Techniques in IEEE 802.11
Wireless communication is inherently prone to disruption by interference. Frequency Hopping (FH) ... more Wireless communication is inherently prone to disruption by interference. Frequency Hopping (FH) can counter interference and promises to enable communication again even in the presence of intentional interference by jammers. Evaluations of this anti-jamming technique and of corresponding strategies are, however, often limited to theoretical or simulation studies. This demo presents an IEEE 802.11 testbed for a practical FH-jammer game: an STA-AP pair synchronously changes channel to evade a (variable) number of reactive jammers, which try block their communications.
Proceedings of the 2014 ACM conference on Security and privacy in wireless & mobile networks - WiSec '14, 2014
Frequency jamming is the fiercest attack tool to disrupt wireless communication and its malicious... more Frequency jamming is the fiercest attack tool to disrupt wireless communication and its malicious aspects have received much attention in the literature. Yet, several recent works propose to turn the table and employ so-called friendly jamming for the benefit of a wireless network. For example, recently proposed friendly jamming applications include hiding communication channels, injection attack defense, and access control. This work investigates the practical viability of friendly jamming by applying it in a real-world network. To that end, we implemented a reactive and frame-selective jammer on a consumer grade IEEE 802.11 access point. Equipped with this, we conducted a three weeks real-world study on the jammer's performance and side-effects on legitimate traffic (the cost of jamming) in a university office environment. Our results provide detailed insights on crucial factors governing the trade-off between the effectiveness of friendly jamming (we evaluated up to 13 jammers) and its cost. In particular, we observed-what we call the power amplification phenomenon-an effect that aggravates the known hidden station problem when the number of jammers increases. However, we also find evidence that this effect can be alleviated by collaboration between jammers, which again enables effective and minimally invasive friendly jamming.
Démonstration expérimentale d'un régime de guidage induit par un faisceau soliton dans un milieu à non linéarité d'ordre II
Journal de Physique IV (Proceedings), 2002
Nous avons démontré de manière numérique et expérimentale le guidage d'un champ à l0... more Nous avons démontré de manière numérique et expérimentale le guidage d'un champ à l061nm faiblement énergétique par un faisceau soliton à 1064nm dans un milieux à non linéarité quadratique (KTP).
Comparing traffic classifiers
ACM SIGCOMM Computer Communication Review, 2007
... Francesco Gringoli DEA, Universit`a degli Studi di Brescia, Italy francesco.gringoli@ing.unib... more ... Francesco Gringoli DEA, Universit`a degli Studi di Brescia, Italy francesco.gringoli@ing.unibs. it Thomas Karagiannis Microsoft Research, Cambridge, UK thomas.karagiannis@microsoft.com This article is an editorial note submitted to CCR. It has NOT been peer reviewed. ...
System and method for multi-channel packet transmission
Temporal trapping of ultra-short pulses at 1400nm in bulk PPSLT
CLEO/Europe. 2005 Conference on Lasers and Electro-Optics Europe, 2005., 2005
We studied experimentally and numerically, around 1400 nm, the excitation of quadratic temporally... more We studied experimentally and numerically, around 1400 nm, the excitation of quadratic temporally self-trapped ultra-short pulses in a bulk periodically poled stoichiometric lithium tantalate (PPSLT) crystal in presence of large group velocity mismatch.
Reverse proton exchange for frequency doubling in lithium niobate waveguides
Proceedings of IEEE/LEOS Workshop on Fibres and Optical Passive Components, 2002
Reverse proton exchange is a promising technique for the fabrication of nonlinear waveguides in u... more Reverse proton exchange is a promising technique for the fabrication of nonlinear waveguides in unpoled lithium niobate (LN). We have investigated nonlinear processes in these waveguides for the frequency doubling of near infrared light at 1319 nm. After summarizing the technological processes adopted for the fabrication of planar and channel structures in z-cut LN, we report the preliminary experimental results
Experimental demonstration of the selftrapping of a weak probe induced by a quadratic spatial soliton
Nonlinear Guided Waves and Their Applications, 2001
Optics Communications, 2002
We propose and demonstrate the guiding of a weak field through parametric mixing with a quadratic... more We propose and demonstrate the guiding of a weak field through parametric mixing with a quadratic spatial soliton at a different fundamental frequency. Experimental demonstrations are reported with a 1061 nm probe and a 1064 nm/ 532 nm soliton in KTP. Ó
PP2db: A Privacy-Preserving, P2P-Based Scalable Storage System for Mobile Networks
Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, 2012
2008 The Fourth International Conference on Information Assurance and Security, 2008
The Secure Shell protocol strives to protect the privacy of its users in several ways. On one han... more The Secure Shell protocol strives to protect the privacy of its users in several ways. On one hand, the strong encryption and authentication algorithms that it adopts provide guarantees that the data exchanged between two SSH endpoints remain private to third parties. On the other hand, the type of traffic that each SSH channel transports, such as e-mail, remote shell activity, etc., is also supposed to be hidden from any observer that does not possess the necessary keys. This paper introduces a simple but accurate model of the SSH channel which can be used to study the level of privacy that SSH-protected traffic can achieve with respect to the users' activities. We think that the model can facilitate several types of projects. For example, network managers can detect traffic anomalies hidden by SSH connections more easily by relying on the output of our model. Another example, which we present in this paper, is the use of this model to derive accurate fingerprints of the type of applications run through an SSH channel by simply starting from the statistics of captured clear-text traffic. Such fingerprints can then be used to detect what type of activity, i.e., what type of traffic, is going on within an SSH channel, thereby breaking user privacy.
On-line SVM traffic classification
2011 7th International Wireless Communications and Mobile Computing Conference, 2011
ABSTRACT A wide range of traffic classification approaches has been proposed in the last few year... more ABSTRACT A wide range of traffic classification approaches has been proposed in the last few years by the scientific community. However, the development of complete classification architectures that work directly in real-time on high capacity links is limited. In this paper we present the implementation of a machine-learning technique (SVM), one of the most accurate but most computationally expensive mechanisms, on the CoMo project infrastructure. We show the computational time required to process different traffic traces and the optimization steps we adopted to improve the performance of the system and achieve real-time classification on high-speed links.
2006 IEEE International Conference on Communications, 2006
Correct classification of traffic flows according to the application layer protocols that generat... more Correct classification of traffic flows according to the application layer protocols that generated them is essential for most network-management, resource allocation and intrusion detection systems in TCP/IP networks. With the ever increasing number of network protocols and services running on non-standard TCP ports, the classification methods based on the analysis of the transport layer header are rapidly becoming ineffective. On
MTCLASS: Traffic classification on high-speed links with commodity hardware
2012 IEEE International Conference on Communications (ICC), 2012
ABSTRACT Statistical traffic classification on high-speed, multi-Gb/s links has up to now been po... more ABSTRACT Statistical traffic classification on high-speed, multi-Gb/s links has up to now been possible only with specialized, often proprietary, always quite costly hardware. In this paper we present MTCLASS, a new, multi-threaded, modular Internet statistical traffic analysis engine capable of running in real-time on commodity hardware processing multi-Gb/s traffic aggregates. Experimental results show that our engine, running on a low cost dual Xeon PC with a total of 12 cores at 2.6GHz can classify in real time using a Support Vector Machine (SVM) algorithm aggregates of up to 1.14 million packets per second, corresponding in the traces we used to a bit rate of 5.3 Gbps. We make MTCLASS' source code available to the community under an open source license.
Uploads
Papers by Francesco Gringoli