BZPEERReading, trust and collaboration for research
Menu

Discover

GraphFollow connections around a paper, topic or saved view.

Workspaces

HomePick up where your research flow left off.InboxHandle requests, replies and notifications from one place.CollectionsCurate reading lists, evidence sets and shareable dossiers.ResearchSee your private provenance graph, trail and imports.CollaborationMove from discovery into focused discussion rooms.PublishDraft, preview and publish full-text research articles.

Network

ExpertsFind specialists worth following or asking for help.CommunitiesJoin research circles organized around shared work.PartnersSee external organizations active around the same topics.

Opportunities

ListingsBrowse roles, calls and collaborations with clearer fit signals.

Account

Log inReturn to your reading and collaboration workspace.Create accountStart saving work, following people and joining teams.
Log inCreate account

Researcher profile

Ricardo Morla

Ricardo Morla contributes to research discovery and scholarly infrastructure.

ResearcherAffiliation not importedOpen to collaborate
Networking and Internet ArchitectureCryptography and SecurityArtificial IntelligenceComputer VisionMachine Learning

Trust snapshot

Quick read

Trust 19 - Baseline
5works
0followers
5topics
4close collaborators

Actions

Decide how to stay connected

Follow researcher0

Research graph

See the researcher in context

Open full explorer

Inspect adjacent work, topics, institutions and collaborators without jumping out to a separate graph page.

Building this graph slice

BZPEER is loading the nearby papers, people, topics and institutions for this page.

Published work

5 published item(s)

preprint2022arXiv

Tweaking Metasploit to Evade Encrypted C2 Traffic Detection

Command and Control (C2) communication is a key component of any structured cyber-attack. As such, security operations actively try to detect this type of communication in their networks. This poses a problem for legitimate pentesters that try to remain undetected, since commonly used pentesting tools, such as Metasploit, generate constant traffic patterns that are easily distinguishable from regular web traffic. In this paper we start with these identifiable patterns in Metasploit's C2 traffic and show that a machine learning-based detector is able to detect the presence of such traffic with high accuracy, even when encrypted. We then outline and implement a set of modifications to the Metasploit framework in order to decrease the detection rates of such classifier. To evaluate the performance of these modifications, we use two threat models with increasing awareness of these modifications. We look at the detection evasion performance and at the byte count and runtime overhead of the modifications. Our results show that for the second, increased-awareness threat model the framework-side traffic modifications yield a better detection avoidance rate (90%) than payload-side only modifications (50%). We also show that although the modifications use up to 3 times more TLS payload bytes than the original, the runtime does not significantly change and the total number of bytes (including TLS payload) reduces.

0 citations0 reviewsNo code linkedOpen access
preprint2016arXiv

An initial study of the effect of pipelining in hiding HTTP/2.0 response sizes

HTTP response size is a well-known side channel attack. With the deployment of HTTP/2.0, response size attacks are generally dismissed with the argument that pipelining and response multiplexing prevent eavesdroppers from finding out response sizes. Yet the extent to which pipelining and response multiplexing actually hide HTTP response sizes has not been adequately investigated. In this paper we set out to help understand the effect of pipelining in hiding the size of web objects on the Internet. We conduct an experiment that provides browser-side HTTP response sizes and network-captured TLS record sizes and show how the model that we propose for estimating response sizes from TLS record sizes improves response matching and attack performance. In this process we gather evidence on how different implementations of HTTP/2.0 web servers generate different side- channel information and the limited amount of pipelining and response multiplexing used on the Internet today.

0 citations0 reviewsNo code linkedOpen access
preprint2015arXiv

Long-Range Trajectories from Global and Local Motion Representations

Motion is a fundamental cue for scene analysis and human activity understan- ding in videos. It can be encoded in trajectories for tracking objects and for action recognition, or in form of flow to address behaviour analysis in crowded scenes. Each approach can only be applied on limited scenarios. We propose a motion-based system that represents the spatial and temporal features of the flow in terms of long-range trajectories. The novelty resides on the system formulation, its generic approach to handle scene variability and motion variations, motion integration from local and global representations, and the resulting long-range trajectories that overcome trajectory-based approach problems. We report the results and conclusions that state its pertinence on different scenarios, comparing and correlating the extracted trajectories of individual pedestrians, manually annotated. We also propose an evaluation framework and stress the diverse system characteristics that can be used for human activity tasks, namely on motion segmentation.

0 citations0 reviewsNo code linkedOpen access
preprint2015arXiv

Power Interference Modeling for CSMA/CA based Networks using Directional Antenna

In IEEE 802.11 based wireless networks adding more access points does not always guarantee an increase of network capacity. In some cases, additional access points may contribute to degrade the aggregated network throughput as more interference is introduced. This paper characterizes the power interference in CSMA/CA based networks consisting of nodes using directional antenna. The severity of the interference is quantized via an improved form of the Attacking Case metric as the original form of this metric was developed for nodes using omnidirectional antenna. The proposed metric is attractive because it considers nodes using directional or omnidirectional antenna, and it enables the quantization of interference in wireless networks using multiple transmission power schemes. The improved Attacking Case metric is useful to study the aggregated throughput of IEEE 802.11 based networks; reducing Attacking Case probably results in an increase of aggregated throughput. This reduction can be implemented using strategies such as directional antenna, transmit power control, or both.

0 citations0 reviewsNo code linkedOpen access
preprint2014arXiv

Event and Anomaly Detection Using Tucker3 Decomposition

Failure detection in telecommunication networks is a vital task. So far, several supervised and unsupervised solutions have been provided for discovering failures in such networks. Among them unsupervised approaches has attracted more attention since no label data is required. Often, network devices are not able to provide information about the type of failure. In such cases the type of failure is not known in advance and the unsupervised setting is more appropriate for diagnosis. Among unsupervised approaches, Principal Component Analysis (PCA) is a well-known solution which has been widely used in the anomaly detection literature and can be applied to matrix data (e.g. Users-Features). However, one of the important properties of network data is their temporal sequential nature. So considering the interaction of dimensions over a third dimension, such as time, may provide us better insights into the nature of network failures. In this paper we demonstrate the power of three-way analysis to detect events and anomalies in time-evolving network data.

0 citations0 reviewsNo code linkedOpen access