Mateus Nogueira

Felipe Moreno-Vera, Mateus Nogueira, Cainã Figueiredo et al.

This paper proposes a machine learning-based approach for detecting the exploitation of vulnerabilities in the wild by monitoring underground hacking forums. The increasing volume of posts discussing exploitation in the wild calls for an automatic approach to process threads and posts that will eventually trigger alarms depending on their content. To illustrate the proposed system, we use the CrimeBB dataset, which contains data scraped from multiple underground forums, and develop a supervised machine learning model that can filter threads citing CVEs and label them as Proof-of-Concept, Weaponization, or Exploitation. Leveraging random forests, we indicate that accuracy, precision and recall above 0.99 are attainable for the classification task. Additionally, we provide insights into the difference in nature between weaponization and exploitation, e.g., interpreting the output of a decision tree, and analyze the profits and other aspects related to the hacking communities. Overall, our work sheds insight into the exploitation of vulnerabilities in the wild and can be used to provide additional ground truth to models such as EPSS and Expected Exploitability.

Vilc Rufino, Mateus Nogueira, Alberto Avritzer et al.

Anomaly detection systems aim to detect and report attacks or unexpected behavior in networked systems. Previous work has shown that anomalies have an impact on system performance, and that performance signatures can be effectively used for implementing an IDS. In this paper, we present an analytical and an experimental study on the trade-off between anomaly detection based on performance signatures and system scalability. The proposed approach combines analytical modeling and load testing to find optimal configurations for the signature-based IDS. We apply a heavy-tail bi-modal modeling approach, where "long" jobs represent large resource consuming transactions, e.g., generated by DDoS attacks; the model was parametrized using results obtained from controlled experiments. For performance purposes, mean response time is the key metric to be minimized, whereas for security purposes, response time variance and classification accuracy must be taken into account. The key insights from our analysis are: (i) there is an optimal number of servers which minimizes the response time variance, (ii) the sweet-spot number of servers that minimizes response time variance and maximizes classification accuracy is typically smaller than or equal to the one that minimizes mean response time. Therefore, for security purposes, it may be worth slightly sacrificing performance to increase classification accuracy.

Pavlos Sermpezis, Savvas Kastanakis, João Ismael Pinheiro et al.

In this paper we propose that recommendation systems (RSs) for multimedia services should be "QoS-aware", i.e., take into account the expected QoS with which a content can be delivered, to increase the user satisfaction. Network-aware recommendations have been very recently proposed as a promising solution to improve network performance. However, the idea of QoS-aware RSs has been studied from the network perspective. Its feasibility and performance performance advantages for the content-provider or user perspective have only been speculated. Hence, in this paper we aim to provide initial answers for the feasibility of the concept of QoS-aware RS, by investigating its impact on real user experience. To this end, we conduct experiments with real users on a testbed, and present initial experimental results. Our analysis demonstrates the potential of the idea: QoS-aware RSs could be beneficial for both the users (better experience) and content providers (higher user engagement). Moreover, based on the collected dataset, we build statistical models to (i) predict the user experience as a function of QoS, relevance of recommendations (QoR) and user interest, and (ii) provide useful insights for the design of QoS-aware RSs. We believe that our study is an important first step towards QoS-aware recommendations, by providing experimental evidence for their feasibility and benefits, and can help open a future research direction.