BUSCADOR RECOLECTA

Ransomware is considered as a significant threat for home users and enterprises. In corporate scenarios, users’
computers usually store only system and program files, while all the documents are accessed from shared
servers. In these scenarios, one crypto-ransomware infected host is capable of locking the access to all shared
files it has access to, which can be the whole set of files from a workgroup of users. We propose a tool
to detect and block crypto-ransomware activity based on file-sharing traffic analysis. The tool monitors the
traffic exchanged between the clients and the file servers and using machine learning techniques it searches
for patterns in the traffic that betray ransomware actions while reading and overwriting files. This is the
first proposal designed to work not only for clear text protocols but also for encrypted file-sharing protocols.
We extract features from network traffic that describe the activity opening, closing, and modifying files. The
features allow the differentiation between ransomware activity and high activity from benign applications. We
train and test the detection model using a large set of more than 70 ransomware binaries from 33 different
strains and more than 2,400 h of ‘not infected’ traffic from real users. The results reveal that the proposed
tool can detect all ransomware binaries described, including those not used in the training phase. This paper
provides a validation of the algorithm by studying the false positive rate and the amount of information from
user files that the ransomware could encrypt before being detected, This work was supported by Spanish Ministry of Science and Innovation through project PID2019-104451RB-C22/AEI/10.13039/ 501100011033. Open access funding provided by Universidad Pública de Navarra.

In recent years, there has been a notable surge in the utilization of remote desktop services, largely driven by the emergence of new remote work models introduced during the pandemic. Traditional evaluation of the quality of experience (QoE) of users in remote desktop environments has relied on measures such as round-trip time (RTT). However, these measures are insufficient to capture all the factors that influence QoE. This study evaluated RTT and interactivity time in an enterprise environment over a period of 6 months and analysed the suitability of using RTT drawing previously unexplored connections between RTT, interactivity, and QoE. The results indicate that RTT is an insufficient indicator of QoE in productive environments with low RTT values. We outline some precise measures of interactivity needed to capture all the factors that contribute to QoE in remote desktop environments., This work was supported by Spanish State Research Agency project number PID2019-104451RB-C22 AEI/10.13039/501100011033.

The measurement of response time in hypertext transfer protocol (HTTP) requests is the most basic proxy measurement method for evaluating web browsing quality. It is used in the research literature and in application performance measurement instruments. During the development of a website, response time is obtained from in-browser measurements. After the website has been deployed, network traffic is used to continuously monitor activity, and the measurement data are used for service management and planning. In this study, we evaluate the accuracy of the measurements obtained from network traffic by comparing them with the in-browser measurement of resource load time. We evaluate the response times for encrypted and clear-text requests in an emulated network environment, in a laboratory deployment equivalent to a data centre network, and accessing popular web sites on the public Internet. The accuracy for response time measurements obtained from network traffic is noticeable higher for Internet long distance paths than for lowdelay paths (below 20 ms round-trip). The overhead of traffic encryption in secure HTTP requests has a negative effect on measurement accuracy, and we find relative measurement errors higher than 70% when using network traffic to infer HTTP response times compared, This work was supported by the Spanish State Agency of Research through project PID2019-104451RB-C22/AEI/10.13039/501100011033

The domain name system (DNS) is an Internet network service that is used by hosts to resolve IP addresses from symbolic names. This basic service has been attacked and abused many times, as it is one of the oldest and most vulnerable services on the Internet. Some DNS resolvers conduct DNS manipulation, in which authoritative DNS responses are modified. This DNS manipulation is sometimes used for legitimate reasons (e.g., parental control) and other times is used to support malicious activities, such as DNS poisoning or data collection. Between these DNS manipulation activities, some Internet service providers (ISPs) are changing the DNS cache timeout of the DNS responses with which their DNS resolvers responded to obtain additional data about their subscribers. These data can be a detailed web browsing profile of the user. This approach does not require a large investment and can yield huge benefits if the information is used or sold. Therefore, user privacy is disputed. We conducted a study in which we analyse how ISPs use this DNS manipulation, propose a method for identifying this DNS manipulation by the end-user and determine the amount of information an ISP can collect by using it. We also developed a public web tool, for which the source code is available, that can help Internet users determine whether their privacy is being compromised by their ISP via the exploitation of DNS cache timeouts. This service can facilitate the collection of data on how many people are victims of this abuse and which ISPs around the world are utilizing this technique., This work was supported by the Spanish State Research Agency with project PID2019-104451RB-C22/AEI/10.13039/501100011033.

Esta tesis doctoral se centra en las Aplicaciones Interactivas Basadas en la Nube (CIAs), también conocidas como Aplicaciones Interactivas Distribuidas Basadas en la Nube (CDIAs) o Aplicaciones Interactivas en Tiempo Real (RIAs). Las CIAs, que requieren respuestas en tiempo real a las interacciones de los usuarios, incluyen servicios de escritorio remoto, servicios de juegos en la nube y aplicaciones web interactivas. La calidad de experiencia (QoE), definida por la ITU-T como la aceptabilidad general de una aplicación o servicio percibida por el usuario, es crucial para las CIAs, donde el tiempo de interactividad —el periodo entre la interacción del usuario y la respuesta gráfica— es una métrica clave.
La pandemia de COVID-19 aceleró la transición al trabajo remoto, aumentando la dependencia de las CIAs para tareas que van desde la ofimática hasta labores para las que se requieren escritorios remotos. Este cambio subraya la importancia de una monitorización precisa de la QoE para garantizar la productividad y la satisfacción del usuario.
En la presente tesis evaluamos las propuestas actuales para la cuantificación de QoE en entornos CIAs, identificando etapas y métricas comunes.
Presentamos la herramienta TeCLA, desarrollada para abordar las limitaciones de las metodologías previas de evaluación de QoE. Gracias al despliegue de TeCLA en escenarios reales, la tesis recopila datos para evaluar su efectividad en comparación con los métodos tradicionales, particularmente el uso del Round Trip Time como aproximación del tiempo de interactividad. Los hallazgos respaldan la idoneidad de la metodología propuesta para medir la QoE en entornos empresariales CIA. La tesis valida este enfoque mediante su implementación en un entorno corporativo, ofreciendo un sistema pionero para la detección de anomalías utilizando redes neuronales LSTM.
Basándonos en el desarrollo previo de TeCLA, proponemos su evolución, TeCLAe, una herramienta mejorada que captura métricas tanto en el cliente ligero como en el servidor remoto gracias a una configuración de doble agente.
TeCLAe proporciona información detallada sobre el comportamiento de la infraestructura y el rendimiento de las aplicaciones, esencial para diagnosticar posibles elementos problemáticos de la infraestructura en despliegues CIAs que pueden degradar la QoE de los usuarios.
Gracias al trabajo realizado, se proporciona un marco integral para medir y mejorar la QoE en CIAs, crucial para la creciente adopción de soluciones de trabajo remoto. Las herramientas y metodologías propuestas permiten un monitoreo preciso de la QoE y la detección proactiva de problemas, mejorando la experiencia del usuario, la productividad y la escalabilidad de las aplicaciones interactivas basadas en la nube., This doctoral thesis focuses on Cloud Interactive Applications (CIAs), also known as Cloud Distributed Interactive Applications (CDIAs) or Real-Time Interactive Applications (RIAs). CIAs, which require real-time responses to user interactions, include remote desktop services, cloud gaming services, and interactive web applications. Quality of Experience (QoE), defined by the ITU-T as the overall acceptability of an application or service as perceived by the user, is crucial for CIAs, where interactivity time — the period between user interaction and graphical response — is a key metric.
The COVID-19 pandemic accelerated the shift to remote work, increasing reliance on CIAs for tasks ranging from office automation to remote desktop requirements. This shift underscores the importance of precise QoE monitoring to ensure productivity and user satisfaction.
In this thesis, we evaluate the current proposals for quantifying QoE in CIA environments, identifying common stages and metrics. We introduce the TeCLA tool, developed to address the limitations of previous QoE assessment methodologies. By deploying TeCLA in real-world scenarios, the thesis gathers data to assess its effectiveness compared to traditional methods, particularly the use of Round Trip Time (RTT) as an approximation of interactivity time.
The findings support the suitability of the proposed methodology for measuring QoE in corporate CIA environments. The thesis validates this approach through its implementation in a corporate setting, offering a pioneering system for anomaly detection using LSTM neural networks.
Building on the previous development of TeCLA, we propose its evolution, TeCLAe, an enhanced tool that captures metrics on both the thin client and the remote server through a dual-agent configuration. TeCLAe provides detailed insights into the infrastructure’s behaviour and application performance, essential for diagnosing potential problematic elements in CIA deployments that may degrade user QoE.
The work conducted provides a comprehensive framework for measuring and improving QoE in CIAs, crucial for the growing adoption of remote work solutions. The proposed tools and methodologies enable precise QoE monitoring and proactive problem detection, enhancing user experience, productivity, and the scalability of cloud-based interactive applications., This thesis has been supported by multiple sources of funding: “Contratos predoctorales SANTANDER UPNA 2021-22”, from the Spanish State Research Agency under the research and development project PID2019-104451RB-C22/AEI/10.13039/501100011033 with the title “Monitorización y Análisis de Redes con Información Parcial”, contracts managed by the Office for the Transfer of Research Results (OTRI) (Contract 2022901102: “Medida de calidad de experiencia en aplicaciones interactivas en la nube”, Contract 2023901119: “Clasificación de servicios en función del tráfico de red” y Contract 2023901243: “5ª renovación del contrato ’Diseño, prototipado y evaluación de sistemas automáticos de caracterización de tráfico en redes de alta velocidad’”)., Programa de Doctorado en Tecnologías de las Comunicaciones, Bioingeniería y de las Energías Renovables (RD 99/2011), Bioingeniaritzako eta Komunikazioen eta Energia Berriztagarrien Teknologietako Doktoretza Programa Ofiziala (ED 99/2011)

In recent years, there has been a notable surge in the utilization of remote desktop services, largely driven by the emergence of new remote work models introduced during the pandemic. These services cater to interactive cloud-based applications (CIAs), whose core functionality operates in the cloud, demanding strict end-user interactivity requirements. This boom has led to a significant increase in their deployment, accompanied by a corresponding increase in associated maintenance costs. Service administrators aim to guarantee a satisfactory Quality of Experience (QoE) by monitoring metrics like interactivity time, particularly in cloud environments where variables such as network performance and shared resources come into play. This paper analyses anomaly detection state of the art and proposes a novel system for detecting interactivity time anomalies in cloud-based remote desktop environments. We employ an automatic model based on LSTM neural networks that achieves an accuracy of up to 99.97%., This work was supported by the Spanish State Research Agency under Project PID2019-104451RB-C22/AEI/10.13039/501100011033

The growing trend of desktop virtualisation has facilitated the reduction of management costs
associated with traditional systems and access to services from devices with different
capabilities. However, desktop virtualisation requires controlling the interactivity provided by
an infrastructure and the quality of experience perceived by users. This paper proposes a
methodology for the quantification of interactivity based on the measurement of the time
elapsed between user interactions and the associated responses. Measurement error is
controlled using a novel mechanism for the detection of screen changes, which can lead to
erroneous measurements. Finally, a campus virtual desktop infrastructure and the Amazon
WorkSpaces solution are analysed using this proposed methodology. The results demonstrate
the importance of the location of virtualisation infrastructure and the types of protocols used
by remote desktop services., This work was supported by Spanish State Research Agency, project number PID2019-104451RB-C22/AEI/https://doi.org/10.13039/501100011033

A cloud-based interactive application (CIA) is an application running in the cloud with stringent interactivity requirements, such as remote desktop and cloud gaming. These services have experienced a surge in usage, primarily due to the adoption of new remote work practices during the pandemic and the emergence of entertainment schemes similar to cloud gaming platforms. Evaluating the quality of experience (QoE) in these applications requires specific metrics, including interactivity time, responsiveness, and the assessment of video- and audio-quality degradation. Despite existing studies that evaluate QoE and compare features of general cloud applications, systematic research into QoE for CIAs is lacking. Previous surveys often narrow their focus, overlooking a comprehensive assessment. They touch on QoE in broader contexts but fall short in detailed metric analysis. Some emphasise areas like mobile cloud computing, omitting CIA-specific nuances. This paper offers a comprehensive survey of QoE measurement techniques in CIAs, providing a taxonomy of input metrics, strategies, and evaluation architectures. State-of-the-art proposals are assessed, enabling a comparative analysis of their strengths and weaknesses and identifying future research directions., This work was supported by the Spanish State Research Agency project number PID2019-104451RB-C22/AEI/10.13039/501100011033.