Research

Traffic Measurements

Network monitoring, packet dissection and DPI tools, data analysis and visualization using complete data-science stacks.

Internet Infrastructure

Data and control-plane analysis at regional and worlds-largest Internet Exchange Points as well as transnational Internet Service Providers.

Network Security

Deployment of honepyots, DDoS attack detection and mitigation, overall network health assessment and novel protocol analysis.

News

Selected Publications

SoK: A Data-driven View on Methods to Detect Reflective Amplification DDoS Attacks Using Honeypots

Our Systematization of Knowledge paper on reflective amplification attacks has been accepted at Euro S&P. Will be also presented at [Cambridge Cybercrime]. Great collaboration with [John] and [Netscout]!
Read Paper

On the Interplay between TLS Certificates and QUIC Performance

Our paper on QUIC and TLS received the [Best Paper and Community] award at CoNEXT 2022. We run a [QUIC handshake API]. Prior work at [RIPE 84]. Featured by [APNIC], shown at IETF [maprg] & [quicwg].
Read Paper

Spoki: Unveiling a New Wave of Scanners through a Reactive Network Telescope

I had the pleasure to support [Raphael] with IXP & ISP measurements to create a large-scale characterization of malicious two-phase scanners. Accepted at USENIX Sec ‘22 conference.
Read Paper

Transparent Forwarders: An Unnoticed Component of the Open DNS Infrastructure

Our paper on hidden but [open] DNS infrastructures has been accepted without revision at CoNEXT 2021, where I received the [best presentation] award. We have also presented at [APRICOT 2022].
Read Paper

QUICsand: Quantifying QUIC Reconnaissance Scans and DoS Flooding Events

Our paper on quantifying QUIC DoS attacks has been accepted at the IMC 2021 conference. We have also presented our work at [DUST2021] and an update at [IETF maprg 113].
Read Paper

The Far Side of DNS Amplification: Tracing the DDoS Attack Ecosystem from the Internet Core

Our paper about the DNS amplification ecosystem and the limitations of honeypot platforms has been accepted at the IMC conference 2021. We have been featured by [APNIC].
Read Paper

Uncovering Vulnerable Industrial Control Systems from the Internet Core

Our paper on vulnerable industrial control systems has been accepted at NOMS 2020. As 1 of the best 15 papers, we fast-tracked a [journal extension] and were featured by [MIT Technology Review].
Read Paper

Down the Black Hole: Dismantling Operational Practices of BGP Blackholing at IXPs

Our paper on BGP Blackholing at IXPs was accepted at IMC 2019. I have presented our findings at [RIPE79] as well as [MIX Salottino] and have been featured by [Rule11], [RIPE] and [APNIC].
Read Paper

On the Potential of BGP Flowspec for DDoS Mitigation at Two Sources: ISP and IXP

Our poster on fine-grained DDoS mitigation was accepted at the ACM SIGCOMM 2018 conference. I was awarded a [silver medal] at the SIGCOMM Student Research Competition (SRC).
Read Paper