2024
Technical Report: Performance Comparison of Service Mesh Frameworks: the MTLS Test Case.
CoRR, 2024
Non-uniformity is All You Need: Efficient and Timely Encrypted Traffic Classification With ECHO.
CoRR, 2024
Unveiling Hidden Links Between Unseen Security Entities.
CoRR, 2024
IoT Device Labeling Using Large Language Models.
CoRR, 2024
A Flushing Attack on the DNS Cache.
Proceedings of the 33rd USENIX Security Symposium, 2024
Exploiting Miscoordination of Microservices in Tandem for Effective DDoS Attacks.
Proceedings of the IEEE INFOCOM 2024, 2024
VulnScopper: Unveiling Hidden Links Between Unseen Security Entities.
Proceedings of the 3rd GNNet Workshop on Graph Neural Networking Workshop, 2024
2023
NRDelegationAttack: Complexity DDoS attack on DNS Recursive Resolvers.
Proceedings of the 32nd USENIX Security Symposium, 2023
Next-Generation Security Entity Linkage: Harnessing the Power of Knowledge Graphs and Large Language.
Proceedings of the 16th ACM International Conference on Systems and Storage, 2023
Optimizing Service Selection and Load Balancing in Multi-Cluster Microservice Systems with MCOSS.
Proceedings of the IFIP Networking Conference, 2023
Tandem Attack: DDoS Attack on Microservices Auto-scaling Mechanisms.
Proceedings of the IEEE INFOCOM 2023, 2023
Localhost Detour from Public to Private Networks.
Proceedings of the Cyber Security, Cryptology, and Machine Learning, 2023
The Cost of Retrying: Exploiting Retry-Mechanisms in Cloud Applications by DDoS Attacks.
Proceedings of the Companion of the 19th International Conference on emerging Networking EXperiments and Technologies, 2023
It's Not Where You Are, It's Where You Are Registered: IoT Location Impact on MUD.
Proceedings of the Applied Networking Research Workshop, 2023
2022
It Is Not Where You Are, It Is Where You Are Registered: IoT Location Impact.
CoRR, 2022
Dynamic-Deep: Tune ECG Task Performance and Optimize Compression in IoT Architectures.
Proceedings of the 2022 IEEE/IFIP Network Operations and Management Symposium, 2022
One MUD to Rule Them All: IoT Location Impact.
Proceedings of the 2022 IEEE/IFIP Network Operations and Management Symposium, 2022
MUDIS: MUD Inspection System.
Proceedings of the 2022 IEEE/IFIP Network Operations and Management Symposium, 2022
Preventing the Flood: Incentive-Based Collaborative Mitigation for DRDoS Attacks.
Proceedings of the IFIP Networking Conference, 2022
2021
Dynamic-Deep: ECG Task-Aware Compression.
CoRR, 2021
MUDirect: Protecting P2P IoT Devices with MUD.
Proceedings of the 2021 IEEE International Conferences on Internet of Things (iThings) and IEEE Green Computing & Communications (GreenCom) and IEEE Cyber, 2021
Kubernetes Autoscaling: YoYo Attack Vulnerability and Mitigation.
Proceedings of the 11th International Conference on Cloud Computing and Services Science, 2021
2020
NXNSAttack: Recursive DNS Inefficiencies and Vulnerabilities.
IACR Cryptol. ePrint Arch., 2020
IoT or NoT: Identifying IoT Devices in a Short Time Scale.
Proceedings of the NOMS 2020, 2020
Demo: NFV-based IoT Security at the ISP Level.
Proceedings of the NOMS 2020, 2020
NFV-based IoT Security for Home Networks using MUD.
Proceedings of the NOMS 2020, 2020
2019
Zero-Day Signature Extraction for High-Volume Attacks.
IEEE/ACM Trans. Netw., 2019
IoT or NoT: Identifying IoT Devices in a ShortTime Scale.
CoRR, 2019
Eradicating Attacks on the Internal Network with Internal Network Policy.
CoRR, 2019
DNS Negative Caching in the Wild.
Proceedings of the ACM SIGCOMM 2019 Conference Posters and Demos, 2019
2018
Encoding Short Ranges in TCAM Without Expansion: Efficient Algorithm and Applications.
IEEE/ACM Trans. Netw., 2018
Detecting heavy flows in the SDN match and action model.
Comput. Networks, 2018
2017
Load balancing memcached traffic using software defined networking.
Proceedings of the 2017 IFIP Networking Conference, 2017
DDoS attack on cloud auto-scaling mechanisms.
Proceedings of the 2017 IEEE Conference on Computer Communications, 2017
Network anti-spoofing with SDN data plane.
Proceedings of the 2017 IEEE Conference on Computer Communications, 2017
Mitigating DNS random subdomain DDoS attacks by distinct heavy hitters sketches.
Proceedings of the fifth ACM/IEEE Workshop on Hot Topics in Web Systems and Technologies, 2017
2016
Making DPI Engines Resilient to Algorithmic Complexity Attacks.
IEEE/ACM Trans. Netw., 2016
Efficient Distinct Heavy Hitters for DNS DDoS Attack Detection.
CoRR, 2016
OpenBox: A Software-Defined Framework for Developing, Deploying, and Managing Network Functions.
Proceedings of the ACM SIGCOMM 2016 Conference, Florianopolis, Brazil, August 22-26, 2016, 2016
Scalable URL matching with small memory footprint.
Proceedings of the 2016 IFIP Networking Conference, 2016
Efficient Round-Trip Time monitoring in OpenFlow networks.
Proceedings of the 35th Annual IEEE International Conference on Computer Communications, 2016
2015
Yo-Yo Attack: Vulnerability In Auto-scaling Mechanism.
Proceedings of the 2015 ACM Conference on Special Interest Group on Data Communication, 2015
OpenBox: Enabling Innovation in Middlebox Applications.
Proceedings of the 2015 ACM SIGCOMM Workshop on Hot Topics in Middleboxes and Network Function Virtualization, 2015
Sampling and Large Flow Detection in SDN.
Proceedings of the 2015 ACM Conference on Special Interest Group on Data Communication, 2015
Leveraging traffic repetitions for high-speed deep packet inspection.
Proceedings of the 2015 IEEE Conference on Computer Communications, 2015
Accelerating regular expression matching over compressed HTTP.
Proceedings of the 2015 IEEE Conference on Computer Communications, 2015
Ultra-Fast Similarity Search Using Ternary Content Addressable Memory.
Proceedings of the 11th International Workshop on Data Management on New Hardware, 2015
ORange: Multi Field OpenFlow based Range Classifier.
Proceedings of the Eleventh ACM/IEEE Symposium on Architectures for networking and communications systems, 2015
2014
CompactDFA: Scalable Pattern Matching Using Longest Prefix Match Solutions.
IEEE/ACM Trans. Netw., 2014
Computer and network performance: Graduating from the "Age of Innocence".
Comput. Networks, 2014
Recursive design of hardware priority queues.
Comput. Networks, 2014
Ranges and cross-entrance consistency with OpenFlow.
Proceedings of the third workshop on Hot topics in software defined networking, 2014
Cross-Entrance Consistent Range Classifier with OpenFlow.
Proceedings of the Open Networking Summit 2014 - Research Track, 2014
Deep Packet Inspection as a Service.
Proceedings of the 10th ACM International on Conference on emerging Networking Experiments and Technologies, 2014
2013
Vulnerability of Network Mechanisms to Sophisticated DDoS Attacks.
IEEE Trans. Computers, 2013
On the exploitation of CDF based wireless scheduling.
Comput. Networks, 2013
Automated signature extraction for high volume attacks.
Proceedings of the Symposium on Architecture for Networking and Communications Systems, 2013
2012
Accelerating Multipattern Matching on Compressed HTTP Traffic.
IEEE/ACM Trans. Netw., 2012
Space-Efficient TCAM-Based Classification Using Gray Coding.
IEEE Trans. Computers, 2012
Space efficient deep packet inspection of compressed web traffic.
Comput. Commun., 2012
Layered interval codes for TCAM-based classification.
Comput. Networks, 2012
On the Vulnerability of Hardware Hash Tables to Sophisticated Attacks.
Proceedings of the NETWORKING 2012, 2012
Decompression-free inspection: DPI for shared dictionary compression over HTTP.
Proceedings of the IEEE INFOCOM 2012, Orlando, FL, USA, March 25-30, 2012, 2012
MCA<sup>2</sup>: multi-core architecture for mitigating complexity attacks.
Proceedings of the Symposium on Architecture for Networking and Communications Systems, 2012
2011
On the Stability of Skype Super Nodes.
Proceedings of the Traffic Monitoring and Analysis - Third International Workshop, 2011
Efficient Processing of Multi-connection Compressed Web Traffic.
Proceedings of the NETWORKING 2011, 2011
Network and computer performance in malicious environments: The good, the bad and the ugly.
Proceedings of the 5th International Conference on NETwork Games, COntrol and OPtimization, 2011
Controlling P2P Applications via Address Harvesting: The Skype Story.
Proceedings of the 25th IEEE International Symposium on Parallel and Distributed Processing, 2011
On the vulnerability of the proportional fairness scheduler to retransmission attacks.
Proceedings of the INFOCOM 2011. 30th IEEE International Conference on Computer Communications, 2011
Shift-based pattern matching for compressed web traffic.
Proceedings of the 12th IEEE International Conference on High Performance Switching and Routing, 2011
Space-time tradeoffs in software-based deep Packet Inspection.
Proceedings of the 12th IEEE International Conference on High Performance Switching and Routing, 2011
2010
PEDS: A Parallel Error Detection Scheme for TCAM Devices.
IEEE/ACM Trans. Netw., 2010
On the Dynamics of IP Address Allocation and Availability of End-Hosts
CoRR, 2010
CompactDFA: Generic State Machine Compression for Scalable Pattern Matching.
Proceedings of the INFOCOM 2010. 29th IEEE International Conference on Computer Communications, 2010
2009
Bringing order to BGP: Decreasing time and message complexity.
Comput. Networks, 2009
Accelerating Multi-Patterns Matching on Compressed HTTP Traffic.
Proceedings of the INFOCOM 2009. 28th IEEE International Conference on Computer Communications, 2009
2008
Layered interval codes for tcam-based classification.
Proceedings of the 2008 ACM SIGMETRICS International Conference on Measurement and Modeling of Computer Systems, 2008
Evaluating the Vulnerability of Network Mechanisms to Sophisticated DDoS Attacks.
Proceedings of the INFOCOM 2008. 27th IEEE International Conference on Computer Communications, 2008
2007
Path layout on tree networks: Bounds in different label switching models.
Nord. J. Comput., 2007
Protecting bursty applications against traffic aggressiveness.
Comput. Networks, 2007
2005
Spoofing prevention method.
Proceedings of the INFOCOM 2005. 24th Annual Joint Conference of the IEEE Computer and Communications Societies, 2005
2004
Improved BGP convergence via ghost flushing.
IEEE J. Sel. Areas Commun., 2004
Brief announcement: spoofing prevention method.
Proceedings of the Twenty-Third Annual ACM Symposium on Principles of Distributed Computing, 2004
2003
Predicting and bypassing end-to-end Internet service degradations.
IEEE J. Sel. Areas Commun., 2003
2002
Restoration by path concatenation: fast recovery of MPLS paths.
Distributed Comput., 2002
On the structure and application of BGP policy atoms.
Proceedings of the 2nd ACM SIGCOMM Internet Measurement Workshop, 2002
2001
IEEE/ACM Trans. Netw., 2001
Restoration path concatenation: fast recovery of MPLS paths.
Proceedings of the Joint International Conference on Measurements and Modeling of Computer Systems, 2001
2000
Trainet: A New Label Switching Scheme.
Proceedings of the Proceedings IEEE INFOCOM 2000, 2000
1998
Self-Stabilizing Unidirectional Network Algorithms by Power Supply.
Chic. J. Theor. Comput. Sci., 1998
1997
Self-Stabilizing Unidirectional Network Algorithms by Power-Supply (Extended Abstract).
Proceedings of the Eighth Annual ACM-SIAM Symposium on Discrete Algorithms, 1997