I am a scientific project manager at the Cyber-Defence Campus interested in the security and privacy of computer networks and their users.
In the fall of 2022, I finished my doctorate in the Networked Systems Group at ETH Zürich, advised by Laurent Vanbever and Vincent Lenders.
My PhD research focused on the security of computer networks. In particular, I worked on solutions which leverage recent advances in network programmability to make networks able to detect and mitigate attacks and to provide more security and privacy.
I joined the Cyber-Defence Campus as a scientific project manager.
I successfully defended my PhD thesis entitled "Improving Network Security through Obfuscation"
Allard Dijk, Emre Halisdemir, Cosimo Melella, Alari Schu, Mauno Pihelgas, Roland Meier
Elsevir Journal of Information Security and Applications (September 2024).
Cybersecurity threats are constantly evolving and becoming increasingly sophisticated, automated, adaptive, and intelligent. This makes it difficult for organizations to defend their digital assets. Industry professionals are looking for solutions to improve the efficiency and effectiveness of cybersecurity operations, adopting different strategies. In cybersecurity, the importance of developing new intrusion detection systems (IDSs) to address these threats has emerged. Most of these systems today are based on machine learning. But these systems need high-quality data to “learn” the characteristics of malicious traffic. Such datasets are difficult to obtain and therefore rarely available. This paper advances the state of the art and presents a new high-quality IDS dataset. The dataset originates from Locked Shields, one of the world’s most extensive live-fire cyber defense exercises. This ensures that (i) it contains realistic behavior of attackers and defenders; (ii) it contains sophisticated attacks; and (iii) it contains labels, as the actions of the attackers are well-documented. The dataset includes approximately 16 million network flows, of which approximately 1.6 million were labeled malicious. What is unique about this dataset is the use of a new labeling technique that increases the accuracy level of data labeling. We evaluate the robustness of our dataset using both quantitative and qualitative methodologies. We begin with a quantitative examination of the Suricata IDS alerts based on signatures and anomalies. Subsequently, we assess the reproducibility of machine learning experiments conducted by Känzig et al., who used a private Locked Shields dataset. We also apply the quality criteria outlined by the evaluation framework proposed by Gharib et al. Using our dataset with an existing classifier, we demonstrate comparable results (F1 score of 0.997) to the original paper where the classifier was evaluated on a private dataset (F1 score of 0.984)
Yannick Merkli, Roland Meier, Martin Strohmeier, Vincent Lenders
NATO CCDCOE CyCon 2024, Tallinn, Estonia (May 2024).
Recent work has shown that machine learning models can be vulnerable to an adversary crafting targeted inputs designed to cause mispredictions. This is critical in security-related applications such as network intrusion detection systems. While past attacks such as mimicry or gradient-based attacks are able to efficiently generate adversarial examples, they require potentially large input modifications, which is not effective at defeating network flow classifiers. In this work, we show that small modifications to the input (e.g., the traffic that the attacker generates) are enough to manipulate the outcome of a classifier. We focus on minimally evasive adversarial examples to defeat tree-ensemble-based network flow classifiers. We develop an attack that builds on a previous attack introduced by Kantchelian et al. in 2016, which formulates evasion for tree ensembles as a Mixed Integer Linear Program, and which we extend by supporting discrete and categorical features, implementing per-feature evasion costs and modeling interfeature dependencies. This makes our attack more applicable to the network flow classification problem, which typically uses diverse and interdependent input features. We demonstrate our attack on the network flow classifier developed by Känzig et al. in 2019, which was trained to detect command and control (C&C) channels in the Locked Shields cyber defense exercise. Our evaluation shows that minor perturbations of 1 to 4 flow features suffice to successfully fool the classifier. We further retrain the network flow classifier using state-of-the-art adversarial boosting and robust decision tree training published by Chen et al. in 2019. For example, using adversarial boosting, the resulting robust classifier shows a 62.5% increased median evasion distance while achieving equivalent precision and recall on unperturbed samples as the original classifier.
Marc Wyss, Roland Meier, Llorenç Romá, Cyrill Krähenbühl, Adrian Perrig, Vincent Lenders
NATO CCDCOE CyCon 2024, Tallinn, Estonia (May 2024).
Many public and private organizations use wide-area networks (WANs) to connect their geographically distributed sites. Given that these WANs are often critical for the organization’s operations, their security with respect to confidentiality, integrity, and availability is crucial. A high level of security can be reached if the WAN is built with a dedicated network infrastructure, with the organization operating its own layer-2/3 routing, for example, multiprotocol label switching on top of dedicated fibers or leased lines. Unfortunately, this approach is often slow to deploy, requires high operational effort, and is too expensive for many use cases. A cheaper alternative is to construct the WAN as an overlay network on the infrastructure of public Internet service providers (ISPs), for example, using virtual private network tunnels between the sites. Unfortunately, the security of such a WAN is suboptimal. For instance, traffic analysis attacks (on encrypted traffic) can reveal sensitive information transmitted over these public networks, compromised routers between the sites can alter packets, and network-layer distributed denial-of-service (DDoS) attacks can disrupt connectivity. In this paper, we explore a novel inter-ISP network architecture that provides the desired level of control and security for WAN operators, achieving the best of the two above approaches: strong security properties on a cost-efficient public Internet fabric. Our architecture builds on the SCION next-generation Internet architecture and adds extensions for fine-grained path control, connectivity guarantees in the presence of DDoS attacks, and traffic analysis prevention. With this architecture, WAN operators can build on public layer-3 network connectivity services to deploy secure WANs.
Lina Gehri, Roland Meier, Daniel Hulliger, Vincent Lenders
NATO CCDCOE CyCon 2023, Tallinn, Estonia (May 2023).
Identifying compromised hosts from network traffic traces has become challenging because benign and malicious traffic is encrypted, and both use the same protocols and ports. Machine learning-based anomaly detection models have been proposed to address this challenge by classifying malicious traffic based on network flow features learned from historical patterns. Previous work has shown that such models successfully identify compromised hosts in the same network environment in which they were trained. However, cyber incidence response teams often have to look for intrusions in foreign networks, and we have found that learned models often fail to generalize to different network conditions. In this paper, we analyse the root cause of this problem using five network traces collected from different years and teams of Locked Shields, the world’s largest live-fire cyber defence exercise. We then explore techniques to make machine learning models generalize better to unknown network environments and evaluate their accuracy.
Ege Cem Kirci, Maria Apostolaki, Roland Meier, Ankit Singla, Laurent Vanbever
ACM SOSR 2022, Online (October 2022).
Over the last decade, programmable data planes have enabled highly customizable and efficient packet processing in commercial off-the-shelf hardware. Although researchers have demonstrated various use cases of this technology, its potential misuse has gained much less traction. This work investigates a typical surveillance scenario, VoIP call identification and monitoring, through a tailored data-plane attack.We introduce DELTA, a network-level side-channel attack that can efficiently identify VoIP calls and their hosting services. DELTA achieves this by tracking the inherent network footprint of VoIP services in the data plane. Specifically, DELTA stores the user addresses recently connected to VoIP services and links potential call flows with these addresses.We implement DELTA on existing hardware and conduct high-throughput tests based on representative traffic. DELTA can simultaneously store around 100 000 VoIP connections per service and identify call streams in-path, at line-rate, inside terabits of Internet traffic per second, immediately revealing users' communication patterns.
Roland Meier
ETH Zürich (September 2022).
While it is impressive that many of the prevalent protocols and algorithms intoday's networks and the Internet have remained essentially unchanged since thevery first computer networks in the Sixties, they were not designed for today'ssecurity environment. Only thanks to protocol extensions and new technologies,today's network users are protected against many threats. For example, mosthosts are behind firewalls that prevent some malicious traffic from reachingthem, and most traffic is encrypted to prevent eavesdropping. However, today'sprotections are not enough. For example, denial-of-service attacks can cut ahost's connection even if their traffic does not reach it, and encrypted trafficstill leaks information about its contents.In this dissertation, we explore how obfuscation can help to prevent suchweak points. To this end, we present two solutions:First, we present NetHide, a system that mitigates denial-of-service attacksagainst the network infrastructure by obfuscating the network topology. The keyidea behind NetHide is to formulate topology obfuscation as a multi-objectiveoptimization problem that allows for a flexible trade-off between the securityof the topology and the usability of network debugging tools. NetHide thenintercepts and modifies path-tracing probes in the data plane to ensure thatattackers can only learn the obfuscated topology.Second, we present ditto, a system that prevents traffic-analysis attacks byobfuscating the timing and size of packets. The key idea behind ditto is to addpadding to packets and to introduce chaff packets such that the resultingtraffic is independent of production traffic with respect to packet sizes andtiming. ditto provides high throughput without requiring changes at hosts, whichmakes it ideal for protecting wide area networks.Both systems leverage recent advances in network programmability. They show thatprogrammable switches can increase the security of high-throughput networkswithout degrading their performance.However, programmable switches do not only provide high performance forobfuscation, but they also allow analyzing traffic at scale. We complete thisdissertation with a discussion of four use cases where programmable switchesanalyze traffic – for both benign and malicious purposes.
Roland Meier, Vincent Lenders, Laurent Vanbever
NDSS Symposium 2022, San Diego, CA, USA (April 2022).
Many large organizations operate dedicated wide area networks (WANs) distinct from the Internet to connect their data centers and remote sites through high-throughput links. While encryption generally protects these WANs well against content eavesdropping, they remain vulnerable to traffic analysis attacks that infer visited websites, watched videos or contents of VoIP calls from analysis of the traffic volume, packet sizes or timing information. Existing techniques to obfuscate Internet traffic are not well suited for WANs as they are either highly inefficient or require modifications to the communication protocols used by end hosts. This paper presents ditto, a traffic obfuscation system adapted to the requirements of WANs: achieving high-throughput traffic obfuscation at line rate without modifications of end hosts. ditto adds padding to packets and introduces chaff packets to make the resulting obfuscated traffic independent of production traffic with respect to packet sizes, timing and traffic volume. We evaluate a full implementation of ditto running on programmable switches in the network data plane. Our results show that ditto runs at 100 Gbps line rate and performs with negligible performance overhead up to a realistic traffic load of 70 Gbps per WAN link.
Roland Meier, Artūrs Lavrenovs, Kimmo Heinäaro, Luca Gambazzi, Vincent Lenders
NATO CCDCOE CyCon 2021, Tallinn, Estonia (May 2021).
Cyber attacks are becoming increasingly frequent, sophisticated, and stealthy. This makes it harder for cyber defence teams to keep up, forcing them to automate their defence capabilities in order to improve their reactivity and efficiency. Therefore, we propose a fully automated cyber defence framework that no longer needs support from humans to detect and mitigate attacks within a complex infrastructure. We design our framework based on a real-world case – Locked Shields – the world’s largest cyber defence exercise. In this exercise, teams have to defend their networked infrastructure against attacks, while maintaining operational services for their users. Our framework architecture connects various cyber sensors with network, device, application, and user actuators through an artificial intelligence (AI)-powered automated team in order to dynamically secure the cyber environment. To the best of our knowledge, our framework is the first attempt towards a fully automated cyber defence team that aims at protecting complex environments from sophisticated attacks.
Roland Meier, Thomas Holterbach, Stephan Keck, Matthias Stähli, Vincent Lenders, Ankit Singla, Laurent Vanbever
ACM HotNets 2019, Princeton, NJ, USA (November 2019).
<p class=""> Traditional network control planes can be slow and require manual tinkering from operators to change their behavior. There is thus great interest in a faster, data-driven approach that uses signals from real-time traffic instead. However, the promise of fast and automatic reaction to data comes with new risks: malicious inputs designed towards negative outcomes for the network, service providers, users, and operators. </p><p class=""> Adversarial inputs are a well-recognized problem in other areas; we show that networking applications are susceptible to them too. We characterize the attack surface of data-driven networks and examine how attackers with different privileges—from infected hosts to operator-level access—may target network infrastructure, applications, and protocols. To illustrate the problem, we present case studies with concrete attacks on recently proposed data-driven systems. </p><p class=""> Our analysis urgently calls for a careful study of attacks and defenses in data-driven networking, with a view towards ensuring that their promise is not marred by oversights in robust design. </p>
Coralie Busse-Grawitz, Roland Meier, Alexander Dietmüller, Tobias Bühler, Laurent Vanbever
arXiv Preprint (September 2019).
When classifying network traffic, a key challenge is deciding when to perform the classification, i.e., after how many packets. Too early, and the decision basis is too thin to classify a flow confidently; too late, and the tardy labeling delays crucial actions (e.g., shutting down an attack) and invests computational resources for too long (e.g., tracking and storing features). Moreover, the optimal decision timing varies across flows. We present pForest, a system for "As Soon As Possible" (ASAP) in-network classification according to supervised machine learning models on top of programmable data planes. pForest automatically classifies each flow as soon as its label is sufficiently established, not sooner, not later. A key challenge behind pForest is finding a strategy for dynamically adapting the features and the classification logic during the lifetime of a flow. pForest solves this problem by: (i) training random forest models tailored to different phases of a flow; and (ii) dynamically switching between these models in real time, on a per-packet basis. pForest models are tuned to fit the constraints of programmable switches (e.g., no floating points, no loops, and limited memory) while providing a high accuracy. We implemented a prototype of pForest in Python (training) and P4 (inference). Our evaluation shows that pForest can classify traffic ASAP for hundreds of thousands of flows, with a classification score that is on-par with software-based solutions.
Pierre Dumont, Roland Meier, David Gugelmann, Vincent Lenders
NATO CCDCOE CyCon 2019, Tallinn, Estonia (May 2019).
Remote shell sessions via protocols such as SSH are essential for managing systems, deploying applications, and running experiments. However, combined with weak passwords or flaws in the authentication process, remote shell access becomes a major security risk, as it allows an attacker to run arbitrary commands in the name of an impersonated user or even a system administrator. For example, remote shells of weakly protected systems are often exploited in order to build large botnets, to send spam emails, or to launch distributed denial of service attacks. Also, malicious insiders in organizations often use shell sessions to access and transfer restricted data. In this work, we tackle the problem of detecting malicious shell sessions based on session logs, i.e., recorded sequences of commands that were executed over time. Our approach is to classify sessions as benign or malicious by analyzing the sequence of commands that the shell users executed. We model such sequences of commands as n-grams and use them as features to train a supervised machine learning classifier. Our evaluation, based on freely available data and data from our own honeypot infrastructure, shows that the classifier reaches a true positive rate of 99.4% and a true negative rate of 99.7% after observing only four shell commands.
Nicolas Känzig, Roland Meier, Luca Gambazzi, Vincent Lenders, Laurent Vanbever
NATO CCDCOE CyCon 2019, Tallinn, Estonia (May 2019).
The diversity of applications and devices in enterprise networks combined with large traffic volumes make it inherently challenging to quickly identify malicious traffic. When incidents occur, emergency response teams often lose precious time in reverse-engineering the network topology and configuration before they can focus on malicious activities and digital forensics. In this paper, we present a system that quickly and reliably identifies Command and Control (C&C) channels without prior network knowledge. The key idea is to train a classifier using network traffic from attacks that happened in the past and use it to identify C&C connections in the current traffic of other networks. Specifically, we leverage the fact that – while benign traffic differs – malicious traffic bears similarities across networks (e.g., devices participating in a botnet act in a similar manner irrespective of their location).To ensure performance and scalability, we use a random forest classifier based on a set of computationally-efficient features tailored to the detection of C&C traffic. In order to prevent attackers from outwitting our classifier, we tune the model parameters to maximize robustness. We measure high resilience against possible attacks – e.g.,attempts to camouflaging C&C flows as benign traffic – and packet loss during the inference. We have implemented our approach and we show its practicality on a real use case:Locked Shields, the world’s largest cyber defense exercise. In Locked Shields, defenders have limited resources to protect a large, heterogeneous network against unknown attacks. Using recorded datasets (from 2017 and 2018) from a participating team, we show that our classifier is able to identify C&C channels with 99% precision and over 90% recall in near real time and with realistic resource requirements. If the team had used our system in 2018, it would have discovered 10 out of 12 C&C servers p.p1 in the first hours of the exercise.
Roland Meier, Petar Tsankov, Vincent Lenders, Laurent Vanbever, Martin Vechev
USENIX Security 2018, Baltimore, MD, USA (August 2018).
<p class=""> Simple path tracing tools such as traceroute allow malicious users to infer network topologies remotely and use that knowledge to craft advanced denial-of-service (DoS) attacks such as Link-Flooding Attacks (LFAs). Yet, despite the risk, most network operators still allow path tracing as it is an essential network debugging tool. </p> <p> In this paper, we present NetHide, a network topology obfuscation framework that mitigates LFAs while preserving the practicality of path tracing tools. The key idea behind NetHide is to formulate network obfuscation as a multi-objective optimization problem that allows for a flexible tradeoff between security (encoded as hard constraints) and usability (encoded as soft constraints). While solving this problem exactly is hard, we show that NetHide can obfuscate topologies at scale by only considering a subset of the candidate solutions and without reducing obfuscation quality. In practice, NetHide obfuscates the topology by intercepting and modifying path tracing probes directly in the data plane. We show that this process can be done at line-rate, in a stateless fashion, by leveraging the latest generation of programmable network devices. </p> <p> We fully implemented NetHide and evaluated it on realistic topologies. Our results show that NetHide is able to obfuscate large topologies (> 150 nodes) while preserving near-perfect debugging capabilities. In particular, we show that operators can still precisely trace back >90% of link failures despite obfuscation. </p>
Roland Meier, Cornelia Scherrer, David Gugelmann, Vincent Lenders, Laurent Vanbever
NATO CCDCOE CyCon 2018, Tallinn, Estonia (May 2018).
<p>Organizations increasingly rely on cyber threat intelligence feeds to protect their infrastructure from attacks. These feeds typically list IP addresses or domains associated with malicious activities such as spreading malware or participating in a botnet. Today, there is a rich ecosystem of commercial and free cyber threat intelligence feeds, making it difficult, yet essential, for network defenders to quantify the quality and to select the optimal set of feeds to follow. Selecting too many or low-quality feeds results in many false alerts, while considering too few feeds increases the risk of missing relevant threats. Naïve individual metrics like size and update rate give a somewhat good overview about a feed, but they do not allow conclusions about its quality and they can easily be manipulated by feed providers.</p> <p>In this paper, we present FeedRank, a novel ranking approach for cyber threat intelligence feeds. In contrast to individual metrics, FeedRank is robust against tampering attempts by feed providers. FeedRank’s key insight is to rank feeds according to the originality of their content and the reuse of entries by other feeds. Such correlations between feeds are modelled in a graph, which allows FeedRank to find temporal and spatial correlations without requiring any ground truth or an operator’s feedback.</p> <p>We illustrate FeedRank’s usefulness with two characteristic examples: (i) selecting the best feeds that together contain as many distinct entries as possible; and (ii) selecting the best feeds that list new entries before they appear on other feeds. We evaluate FeedRank based on a large set of real feeds. The evaluation shows that FeedRank identifies dishonest feeds as outliers and that dishonest feeds do not achieve a better FeedRank score than the top-rated real feeds.</p>
Roland Meier, David Gugelmann, Laurent Vanbever
ACM SOSR 2017, Santa Clara, CA, USA (April 2017).
Advances in layer 2 networking technologies have fostered the deployment of large, geographically distributed LANs. Due to their large diameter, such LANs provide many vantage points for wiretapping. As an example, Google's internal network was reportedly tapped by governmental agencies, forcing the Web giant to encrypt its internal traffic. While using encryption certainly helps, eavesdroppers can still access traffic metadata which often reveals sensitive information, such as who communicates with whom and which are the critical hubs in the infrastructure. This paper presents iTAP, a system for providing strong anonymity guarantees within a network. iTAP is network-based and can be partially deployed. Akin to onion routing, iTAP rewrites packet headers at the network edges by leveraging SDN devices. As large LANs can see millions of flows, the key challenge is to rewrite headers in a way that guarantees strong anonymity while, at the same time, scaling the control-plane (number of events) and the data-plane (number of flow rules). iTAP addresses these challenges by adopting a hybrid rewriting scheme. Specifically, iTAP scales by reusing rewriting rules across distinct flows and by distributing them on multiple switches. As reusing headers leaks information, iTAP monitors this leakage and adapts the rewriting rules before any eavesdropper could provably de-anonymize any host. We implemented iTAP and evaluated it using real network traffic traces. We show that iTAP works in practice, on existing hardware, and that deploying few SDN switches is enough to protect a large share of the network traffic.
Roland Meier, David Gugelmann (Advisor), Laurent Vanbever (Supervisor)
ETH Zürich (September 2015).
Awarded with the NATO CCD COE Student Award 2017 (June 2017)
Awarded with an ETH medal for outstanding Master's theses (June 2016)
NATO CCDCOE CyCon 2024, Tallinn, Estonia (May 2024). Slides Talk
SCION Day 2024, Zürich, CH (October 2024). Slides Talk
Locked Shields 2024, Tallinn, Estonia (April 2024).
NATO CCDCOE CyCon 2024 (Workshop), Tallinn, Estonia (May 2024). Slides
NATO CCDCOE CyCon 2023, Tallinn, Estonia (May 2023). Slides Talk
NDSS Symposium 2022, San Diego, CA, USA (April 2022). Slides Talk
Cyber Group Open Port Event, Zurich, CH (April 2022). Slides
NATO CCDCOE CyCon 2021, Tallinn, Estonia (May 2021). Slides Talk
ACM HotNets 2019, Princeton, NJ, USA (November 2019). Slides
USENIX HotSec 2019, Santa Clara, CA, USA (August 2019). Slides
NATO CCDCOE CyCon 2019, Tallinn, Estonia (May 2019). Slides Talk
USENIX Security 2018, Baltimore, MD, USA (August 2018). Slides Talk
NATO CCDCOE CyCon 2018, Tallinn, Estonia (May 2018). Slides Talk
ACM SOSR 2017, Santa Clara, CA, USA (April 2017). Slides
SDN Switzerland 8th SDN Workshop, Zürich, CH (June 2017). Slides
D-ITET Master Ceremony, ETH Zürich (June 2016). Slides
NATO CCDCOE CyCon 2017, Tallinn, Estonia (June 2017). Slides Talk