Ph.D.
There exists a growing interest in the research on networks security. In a fully connected world like the one where we live, threats against security lead to widespread identity spoofing, information stealing and financial fraud. Spam, spyware, malware and other attacks can cause serious problems to companies and clients, being able to irreparably ruin the reputation or image of a given brand. All these reasons make this kind of attacks against information a lucrative business, so they keep evolving and progressing even faster than the more advanced defenses, anticipating them and leading to an increasing number of sophisticated cybercrime-related business models.
Thus, it is essential to perform the detection of intrusions and anomalies in network systems. Understanding intrusion as a successful execution of an attack, the goal of Intrusion Detection Systems (IDS's) is the determination of those events and activities that pose a risk to the environment being protected. Having detected the existence of a malicious / anomalous circumstance, it should be provided an adequate response to this event, for which it is necessary to develop mechanisms for the interoperation between different defensive modules.
In this general framework, the research I've developed primarily focuses on the design, development and implementation of systems for detecting and responding against intrusions. Specifically, systems for a particular kind of wireless networks, the so-called ad hoc networks. Under this communication paradigm, networks have no fixed infrastructure or centralized administration, being composed of different mobile devices (usually called nodes), placed in a given area and employing a multi-hop strategy to communicate. Because of their own nature, there exists a number of security threats inherent to such environments, some of them specific to these networks and other more generic, but equally harmful.
Specifically, I've developed detection schemes against dropping attacks, in which malicious node drops received traffic (fully, partially, selectively, ...). For this purpose, the retransmission process in these networks is analytically modeled, which allows, by calculating a simple heuristic, to distinguish actual attacks from other possible legitimate causes for the discarding, as collisions, channel errors or mobility.
I have also developed systems for detecting sinkhole attacks, where nodes send false routing information in order to attract the surrounding traffic. These systems are based on a distributed process for the collection of information provided by the node's vicinity. This process allow to discover route inconsistencies, and therefore, to detect such sinkhole attacks.
Regarding the interoperability between defensive modules, I have actively participated (with other NESG fellows) in the development of NETA (NETwork Attacks), a simulation framework based on the OMNeT++ tool designed to ease the implementation of attacks and defenses and for their evaluation under the same conditions, being a useful benchmarking tool. NETA has been released by open source and is freely available on the OMNeT++ website.
Leovigildo Sánchez-Casado, "Anomaly-based Multi-layer Intrusion Detection for MANET Environments"
A. Ruiz-Heras, P. García-Teodoro and L. Sánchez-Casado. ADroid: anomaly-based detection of malicious events in Android platforms. International Journal of Information Security (Springer), online (DOI: 10.1007/s10207-016-0333-1)
S. Salah, G. Maciá-Fernández, J.E. Díaz-Verdejo and L. Sánchez-Casado. A Model for Incident Tickets Correlation in Network Management. Journal of Network and Systems Management (Springer), Vol. 24:1, pp. 57-91 (DOI: 10.1007/s10922-014-9340-6)
R.A. Rodríguez-Gómez, G. Maciá-Fernández, L. Sánchez-Casado and P. García-Teodoro. Analysis and Modeling of Resources Shared in the BitTorrent Network. Transactions on Emerging Telecommunications Technologies (Wiley), Vol. 25:10, pp. 1189-1200 (DOI: 10.1002/ett.2859)
L. Sánchez-Casado, G. Maciá-Fernández, P. García-Teodoro and N. Aschenbruck. Identification of Contamination Zones for Sinkhole Detection in MANETs. Journal of Network and Computer Applications (Elsevier), Vol. 54, pp. 62-77 (DOI: 10.1016/j.jnca.2015.04.008)
L. Sánchez-Casado, G. Maciá-Fernández and P. García-Teodoro. A Model of Data Forwarding in MANETs for Lightweight Detection of Malicious Packet Dropping. Computer Networks (Elsevier), Vol. 87, pp. 44-58 (DOI: 10.1016/j.comnet.2015.05.012)
P. García-Teodoro, J.E. Díaz-Verdejo, G. Maciá-Fernández, L. Sánchez-Casado. Network-based Hybrid Detection and Honeysystems as Active Reaction Scheme. International Journal of Computer Science and Network Security (IJCSNS), Vol. 7:10, pp. 62-70 (Web: ijcsns-oct-2007)
P. García-Teodoro, L. Sánchez-Casado and G. Maciá-Fernández. Taxonomy and Holistic Detection of Security Attacks in MANETs. Security for Multihop Wireless Networks, S. Khan y J. Lloret (Eds.), CRC Press, pp. 1-12, 2014 (DOI: 10.1201/b16754-3)
L. Sánchez-Casado, R. Magán-Carrión, P. García-Teodoro and J.E. Díaz-Verdejo. Defenses Against Packet Dropping Attacks in Wireless Multihop Ad Hoc Networks. Security for Multihop Wireless Networks, S. Khan y J. Lloret (Eds.), CRC Press, pp. 377-400, 2014 (DOI: 10.1201/b16754-18)
L. Sánchez-Casado, G. Maciá-Fernández, P. García-Teodoro and N. Aschenbruck.
A Novel Collaborative Approach for Sinkhole Detection in MANETs.
Workshop on Security in Ad-Hoc Networks (SecAN), in conjunction with AdHocNow,
Benidorm (Spain), June 2014.
Springer Lecture Notes in Computer Science, Vol. 8629, pp. 123-136 (DOI: 10.1007/978-3-662-46338-3_11)
L. Sánchez-Casado, R.A. Rodríguez-Gómez, R. Magán-Carrión and G. Maciá-Fernández.
NETA: Evaluating the effects of NETwork Attacks. MANETs as a case study.
Advances in Security of Information and Communication Networks (SecNet),
El Cairo (Egypt), Sept. 2013.
Springer Communications in Computer and Information Science, Vol. 381, pp. 1-10 (DOI: 10.1007/978-3-642-40597-6_1)
L. Sánchez-Casado, G. Maciá-Fernández and P. García-Teodoro. An Efficient Cross-Layer Approach for Malicious Packet Dropping Detection in MANETs. 11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 231-238, Liverpool (United Kingdom), June 2012 (DOI: 10.1109/TrustCom.2012.75)
L. Sánchez-Casado, R. Magán-Carrión, P. Garrido-Sánchez and P. García-Teodoro. Protocolo para la Notificación y Alerta de Eventos de Seguridad en Redes Ad-hoc. XIII Reunión Española sobre Criptología y Seguridad de la Información (RECSI), pp. 321-326, Alicante (Spain), Sept. 2014.
L. Sánchez-Casado, G. Maciá-Fernández and P. García-Teodoro. Indicadores de Ataques Sinkhole en MANETs. XI Jornadas de Ingeniería Telemática (JITEL), pp. 475-480, Granada (Spain), Oct. 2013.
L. Sánchez-Casado, R.A. Rodríguez-Gómez, R. Magán-Carrión and G. Maciá-Fernández. NETA: un Framework para Simular y Evaluar Ataques en Redes Heterogéneas. MANETs como Caso de Estudio. XI Jornadas de Ingeniería Telemática (JITEL), pp. 487-492, Granada (Spain), Oct. 2013.
L. Sánchez-Casado, G. Maciá-Fernández and P. García-Teodoro. Multi-Layer Information for Detecting Malicious Packet Dropping Behaviors in MANETs. XII Reunión Española sobre Criptología y Seguridad de la Información (RECSI), pp. 57-62, San Sebastián (Spain), Sept. 2012.
L. Sánchez-Casado, G. Maciá-Fernández and P. García-Teodoro. Caracterización de Servicios en Redes Ad-Hoc Inalámbricas mediante Métricas Cross-Layer. X Jornadas de Ingeniería Telemática (JITEL), pp. 381-384, Santander (Spain), Sept. 2011.
L. Sánchez-Casado, P. García-Teodoro J.E. Díaz-Verdejo and G. Maciá-Fernández. Parametrización de Anomalías en NIDS Híbridos Mediante Etiquetado Selectivo de Contenidos. VII Jornadas de Ingeniería Telemática (JITEL), pp. 49-56, Alcalá de Henares (Spain), Sept. 2008.
