Publications

(2023). Stranger VPNs: Investigating the Geo-Unblocking Capabilities of Commercial VPN Providers. Passive and Active Measurement Conference, PAM 2023.

(2022). Saving Brian's privacy: the perils of privacy exposure through reverse DNS. Internet Measurement Conference (IMC 2022).

PDF

(2022). Mirrors in the Sky: On the Potential of Clouds in DNS Reflection-based Denial-of-Service Attacks. 25th International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2022).

PDF

(2022). Investigating the impact of DDoS attacks on DNS infrastructure. Internet Measurement Conference (IMC 2022).

PDF

(2022). Addressing the challenges of modern DNS: a comprehensive tutorial. Computer science review, 45.

PDF

(2022). A matter of degree: characterizing the amplification power of open DNS resolvers. Passive and Active Measurement Conference (PAM 2022).

PDF

(2021). ANYway: Measuring the Amplification DDoS Potential of Domains. 17th International Conference on Network and Service Management (CNSM 2021).

PDF

(2021). Characterization of Anycast Adoption in the DNS Authoritative Infrastructure. Network Traffic Measurement and Analysis Conference (TMA’21).

PDF Best Paper Award

(2020). Manycast2 -- Using Anycast to Measure Anycast. ACM Internet Measurements Conference 2020 (IMC 2020).

PDF

(2020). A Responsible Internet to Increase Trust in the Digital World. Journal of Network and Systems Management, 28, pages 882–922 (2020).

PDF

(2020). Update on ACM SIGCOMM CCR reviewing process: towards a more open review process. ACM Computer Communication Review, Vol. 50, No. 3, 2020.

PDF

(2020). Lessons learned organizing the PAM 2020 virtual conference. ACM Computer Communication Review, Vol. 50, No. 3, 2020.

PDF

(2020). When Parents and Children Disagree: Diving into DNS Delegation Inconsistency. Passive and Active Measurements Conference (PAM 2020), Eugene, Oregon, US, March 30-31, 2020.

PDF

(2020). TXTing 101: Finding Security Issues in the Long Tail of DNS TXT Records. 5th International Workshop on Traffic Measurements for Cybersecurity (WTMC 2020).

PDF

(2020). Towards Adversarial Resilience in Proactive Detection of Botnet Domain Names by using MTD . IEEE/IFIP Network Operations and Management Symposium (NOMS 2020).

(2020). The Forgotten Side of DNS: Orphan and Abandoned Records. 5th International Workshop on Traffic Measurements for Cybersecurity (WTMC 2020).

PDF

(2020). Distributed DDoS Defense: A Collaborative Approach at Internet Scale . IEEE/IFIP Network Operations and Management Symposium (NOMS 2020).

(2020). DDoS Mitigation: A Measurement-Based Approach . IEEE/IFIP Network Operations and Management Symposium (NOMS 2020).

(2020). A Case of Identity: Detection of Suspicious IDN Homograph Domains Using Active DNS Measurements. 5th International Workshop on Traffic Measurements for Cybersecurity (WTMC 2020).

PDF

(2019). Looking Beyond the Horizon: Thoughts on Proactive Detection of Threats. Digital Threats: Research and Practice, March 2020.

PDF

(2018). Melting the Snow: Using Active DNS Measurements to Detect Snowshoe Spam Domains. 2018 IEEE/IFIP Network Operations and Management Symposium (NOMS 2018).

PDF

(2018). IoT-Botnet Detection and Isolation by Access Routers. 2018 9th International Conference on the Network of the Future, (NOF 2018).

PDF

(2018). DDoS Defense using MTD and SDN. 2018 IEEE/IFIP Network Operations and Management Symposium (NOMS 2018).

PDF

(2018). A First Joint Look at DoS Attacks and BGP Blackholing in the Wild. ACM Internet Measurements Conference 2018 (IMC 2018).

PDF

(2017). Millions of targets under attack: a macroscopic characterization of the DoS ecosystem. ACM Internet Measurements Conference 2017 (IMC 2017).

PDF

(2017). TIDE - Threat Identification using Active DNS Measurements. In Proceedings of ACM SIGCOMM 2017 Posters and Demos, Los Angeles, CA, USA, 22-24 August.

PDF

(2017). Challenges with Reproducibility. In ACM SIGCOMM 2017 Reproducibility Workshop (Reproducibility ’17).

PDF

(2017). The Performance Impact of Elliptic Curve Cryptography on DNSSEC Validation. In IEEE/ACM Transactions on Networking, Volume 25, Issue 2, April.

PDF ANRP 2017

(2017). Quiet Dogs Can Bite: Which Booters Should We Go After? And What Are Our Mitigation Options?. IEEE Communications Magazine, vol. 55, no. 7, pp. 50-56, July 2017.

PDF

(2017). Measuring exposure in DDoS protection services. In Proceedings of the 13th International Conference on Network and Service Management (CNSM 2017).

PDF

(2017). Flow-Based Web Application Brute-Force Attack and Compromise Detection. Journal of network and systems management, 25(4), 735-758..

PDF

(2017). Flow-based Compromise Detection: Lessons Learned. IEEE Security & Privacy, vol. 16, no. 1, pp. 82-89.

PDF

(2016). Measuring the Adoption of DDoS Protection Services. In Proceedings of the ACM Internet Measurement Conference 2016 (IMC 2016), Santa Monica, CA, USA, 14-16 November.

PDF

(2016). On the Adoption of the Elliptic Curve Digital Signature Algorithm (ECDSA) in DNSSEC. In Proceedings of the 12th International Conference on Network and Service Management (CNSM 2016), Montréal, QB, Canada, October 31-November 4.

PDF

(2016). A High-Performance, Scalable Infrastructure for Active DNS Measurements. In IEEE Journal on Selected Areas in Communications (JSAC), Volume 34, Issue 7, May.

PDF

(2016). Ludo – kids playing Distributed Denial of Service. TERENA Networking Conference (TNC 2016).

PDF

(2016). In whom do we trust – sharing security events. In Proceedings of 10th International Conference on Autonomous Infrastructure, Management and Security (AIMS 2016).

PDF

(2016). How to Achieve Early Botnet Detection at the Provider Level?. In Proceedings of 10th International Conference on Autonomous Infrastructure, Management and Security (AIMS 2016).

PDF

(2016). DDoS 3.0 – How Terrorists Bring Down the Internet (Invited). Proceedings of the 18th International GI/ITG Conference on Measurement, Modelling and Evaluation of Computing Systems and Dependability and Fault-Tolerance.

PDF

(2016). Collaborative DDoS Defense using Flow-based Security Event Information. In Proceedings of 10th International Conference on Autonomous Infrastructure, Management and Security (AIMS 2016).

PDF

(2015). Making the Case for Elliptic Curves in DNSSEC. In ACM SIGCOMM Computer Communication Review (CCR), Volume 45, Issue 5, October.

PDF

(2015). The Internet of Names: A DNS Big Dataset. In Proceedings of ACM SIGCOMM 2015, London, UK, 17-21 August.

PDF Poster

(2015). Unveiling Flat Traffic on the Internet: An SSH Attack Case Study. 14th IFIP/IEEE Symposium on Integrated Network and Service Management (IM 2015).

PDF

(2015). Report on the 8th International Conference on Autonomous Infrastructure, Management, and Security (AIMS 2014). Journal of Network and Systems Management, 23 (3). pp. 794-802.

PDF

(2015). Real-time DDoS Attack Detection for Cisco IOS using NetFlow. 14th IFIP/IEEE Symposium on Integrated Network and Service Management (IM 2015).

PDF

(2015). Mitigating DDoS Attacks using OpenFlow-based Software Defined Networking. 9th International Conference on Autonomous Infrastructure, Management and Security (AIMS 2015).

PDF

(2015). Inside Booters: an analysis on operational databases. 14th IFIP/IEEE Symposium on Integrated Network and Service Management (IM 2015).

PDF

(2015). Impact of packet sampling on link dimensioning. IEEE Transactions on Network and Service Management, 12 (3). pp. 392-405.

PDF

(2015). How to Exchange Security Events? Overview and Evaluation of Formats and Protocols. 14th IFIP/IEEE Symposium on Integrated Network and Service Management (IM 2015).

PDF

(2015). How asymmetric is the Internet? A Study to Support the use of Traceroute. 9th International Conference on Autonomous Infrastructure, Management and Security (AIMS 2015).

PDF Best Paper award

(2015). Exchanging security events of flow-based intrusion detection systems at internet scale. Proceedings of the Internet Architecture Board and Internet Society Coordinating Attack Response at Internet Scale Workshop (CARIS 2015).

PDF

(2015). Editorial special issue on measure, detect and mitigate – challenges and trends in network security. International journal of network management, 25 (5). pp. 261-262.

PDF

(2015). Collaborative Attack Mitigation and Response: A survey. 14th IFIP/IEEE Symposium on Integrated Network and Service Management (IM 2015).

PDF

(2015). Characterizing the IPv6 security landscape by large-scale measurements. 9th International Conference on Autonomous Infrastructure, Management and Security (AIMS 2015).

PDF

(2015). Booters – An Analysis of DDoS-as-a-Service Attacks. 14th IFIP/IEEE Symposium on Integrated Network and Service Management (IM 2015).

PDF

(2015). Booter classification methodology – Towards a comprehensive list of threats. XXXIII Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos (SBRC 2015).

PDF

(2015). A First Look at HTTP(S) Intrusion Detection using NetFlow/IPFIX. 14th IFIP/IEEE Symposium on Integrated Network and Service Management (IM 2015).

PDF

(2014). Software Defined Networking to Improve Mobility Management Performance. 8th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security (AIMS 2014).

PDF

(2014). Characterizing and Mitigating the DDoS-as-a-Service Phenomenon. 8th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security (AIMS 2014).

PDF

(2014). Characterisation of the Kelihos.B Botnet. 8th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security (AIMS 2014).

PDF

(2014). DNSSEC meets real world: dealing with unreachability caused by fragmentation. IEEE Communications Magazine, vol. 52(4).

PDF

(2014). Towards real-time intrusion detection for NetFlow and IPFIX. 2nd Cyber-security Research Ethics Dialog & Strategy (CREDS II), co-located with the 35th IEEE Symposium on Security and Privacy (IEEE S&P).

PDF

(2014). SSHCure: SSH Intrusion Detection using NetFlow and IPFIX (Poster). TERENA Networking Conference (TNC 2014).

PDF

(2014). ReFlow – Statistics on Internet Traffic (Poster). TERENA Networking Conference (TNC 2014).

PDF

(2014). Real-time DDoS Defense: A collaborative Approach at Internet Scale (Poster). TERENA Networking Conference (TNC 2014).

PDF

(2014). A hybrid procedure for efficient link dimensioning. Computer Networks 67: 252-269.

PDF

(2014). Flow-based Approaches in Network Management: Recent Advances and Future Trends (Editorial). Int. Journal of Network Management 24(4): 219-220 (2014).

PDF

(2014). Flow Monitoring Explained: From Packet Capture to Data Analysis With NetFlow and IPFIX. IEEE Communications Surveys & Tutorials , vol.16, no.4, 2014.

PDF

(2014). Compromise Detection using NetFlow/IPFIX. ACM Computer Communication Review, Vol. 44, No. 5, 2014.

PDF

(2013). Report on the 7th International Conference on Autonomous Infrastructure, Management, and Security (AIMS 2013): Emerging Management Mechanisms for the Future Internet. J. Network Syst. Manage. 22(2): 289-296.

PDF

(2013). Networking for the Cloud: Challenges and Trends. PIK – Praxis der Informationsverarbeitung und Kommunikation, 36 (4). pp. 207-214.

PDF

(2013). Towards real-time intrusion detection for NetFlow and IPFIX. Proceedings of the 9th International Conference on Network and Services Management (CNSM 2013).

PDF

(2013). Lightweight link dimensioning using sFlow sampling . Proceedings of the 9th International Conference on Network and Services Management (CNSM 2013).

PDF

(2013). Measuring Cloud Service Health Using NetFlow/IPFIX: The WikiLeaks Case. Journal of Network and Systems Management, 23(1).

PDF

(2013). Reports on internet traffic statistics. TERENA Networking Conference (TNC 2013).

PDF

(2013). Flow-based detection of DNS tunnels. 7th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security (AIMS 2013).

PDF

(2013). Evaluating Third- Party Bad Neighborhood Blacklists for Spam Detection . 13th IFIP/IEEE International Symposium on Integrated Network Management (IM 2013).

PDF

(2013). Measurement Artifacts in NetFlow Data. Proceedings of the Passive and Active Measurement conference (PAM 2013).

PDF Best Paper Award

(2012). Towards Bandwidth Estimation using Flow-level Measurements. 6th International Conference on Autonomous Infrastructure, Management and Security (AIMS 2012).

PDF

(2012). The Effects of DDoS Attacks on Flow Monitoring Applications. IEEE/IFIP Network Operations and Management Symposium (NOMS 2012).

PDF

(2012). SSHCure: A Flow-Based SSH Intrusion Detection System . 6th International Conference on Autonomous Infrastructure, Management and Security (AIMS 2012).

PDF Best Paper Award

(2012). Internet Bad Neighborhoods Aggregation. IEEE/IFIP Network Operations and Management Symposium (NOMS 2012).

PDF

(2012). Inside Dropbox: Understanding Personal Cloud Storage Services. IEEE/IFIP Network Operations and Management Symposium (NOMS 2012).

PDF IRTF Applied Networking Research Prize 2013

(2011). Flow-Based Intrusion Detection. IFIP/IEEE International Symposium on Integrated Network Management (IM 2011).

PDF

(2011). Flow Monitoring Experiences at the Ethernet-Layer. EUNICE 2011.

PDF

(2011). Autonomic Parameter Tuning of Anomaly-Based IDSs: an SSH Case Study. IEEE Transactions on Network and Service Management, 9(2).

PDF

(2010). The Network Data Handling War: MySQL vs NfDump. EUNICE 2010.

PDF

(2010). Attacks by Anonymous WikiLeaks Proponents not Anonymous. Technical Report TR-CTIT-10-41, Centre for Telematics and Information Technology, University of Twente, Enschede.

PDF

(2010). An Overview of IP Flow-based Intrusion Detection. IEEE Communications Surveys & Tutorials, 12 (3). pp. 343-356.

PDF

(2009). Using NetFlow/IPFIX for Network Management. Journal of Network and System Management 17(4).

PDF

(2009). Self-management of Hybrid Networks: can we trust NetFlow data?. IFIP/IEEE International Symposium on Integrated Network Management (IM 2009).

PDF

(2009). Hidden Markov Model modeling of SSH brute-force attacks. 20th IEEE/IFIP International Workshop on Distributed Systems: Operation and Management (DSOM 09).

PDF Best Paper Award

(2009). Detecting spam at the network level. EUNICE 2009.

PDF

(2009). A Labeled Data Set For Flow-based Intrusion Detection. 9th IEEE International Workshop on IP Operations and Management (IPOM 09).

PDF

(2008). Anomaly characterization in flow-based traffic time series. 8th IEEE International Workshop on IP Operations and Management (IPOM 08).

PDF

(2007). Szemeredi’s Regularity Lemma and Its Applications to Pairwise Clustering and Segmentation. 6th International Conference on Energy Minimization Methods in Computer Vision and Pattern Recognition (EMMCVPR 2007).

PDF

(2007). A Survey of the High-Speed Self-Learning Intrusion Detection Research Area. First International Conference on Autonomous Infrastructure, Management and Security (AIMS 2007).

PDF