Internships and Master's theses

Since 1999, Open Systems offers internships and support in Master's theses to students from ETH Zurich, EPF Lausanne and other universities on a regular basis. This way, students can gain some work experience, while Open Systems benefits from the interesting and innovative ideas of those students.


Extracting Cyber Threat Intelligence from the Internet Background Noise
by Thomas Mizraji

Master's Thesis ETH Lausanne
Network Architecture Lab
School of Computer and Communication Sciences
March 2017

Following the implicit deny model for the deployed firewall policies causes that unsolicited traffic from the internet, also known as Internet Background Radiation (IBR) or Internet Background Noise (IBN), is blocked. The goal of this research is to use the 4000 devices part of the Mission Control Security Services around the world as a global sensor network to monitor and analyze the internet activities by logging, collecting and correlating blocked unsolicited traffic from the internet.

Read more (pdf)

Network Anomaly Detection in Global WAN Environments
by Ketevani Zaridze

Master's Thesis ETH Lausanne
School of Computer and Communication Sciences
March 2017

Modern global Wide Area Networks (WANs) are encountering a growing number of cyber threats. Safe and secure communication along with availability and stability are important factors for today's corporate, private or public networks, but relying only on perimeter security systems is ineffective, as they do not have the capability to prevent all malicious network activity. Network traffic analytics based on collecting logs generated by distributed sensors within the infrastructure and applying anomaly detection and behavioral profiling methods in order to identify potentially malicious activity can be used to compensate the shortcomings of the traditional methods. Network anomaly detectors can help the operator to recognize suspicious network activities that can be caused not only by attacks but also by system misconfiguration or failures.

Read more (pdf)

Automated Risk Score for Large-Scale Network Intrusion Detection
by Pedro Mendez Montejano

Master's Thesis ETH Zurich
Department of Computer Science
September 2016

This master's thesis presents an end-to-end system which predicts the risk value imposed by a host inside a network. The proposed system is composed by two modules: the analysis and the risk prediction module. The former employs unsupervised learning techniques to analyze security events. The latter component uses a random forest classifier to predict the risk value of a host. The input data for both components is a new set of categorical and statistical variables defined in this work. Those variables are extracted from data provided by the intrusion detection system and the network traffic collector. By combining theses two data sources, we are able to extract a risk and network profile of the host.
The proposed system is able to identify hosts with high, medium, low and very low risk levels. An analysis of the accuracy of its predictions is presented. Furthermore, by focusing on hosts with higher predicted risk levels instead of security alerts, the number of alerts and false positives can be reduced, and we present results with the percentage of reduction.

Read more (pdf)

goProbe: a Scalable Distributed Network Monitoring Solution
by Lennart Elsen, Fabian Kohn, Christian Decker and
Roger Wattenhofer

Paper based on Master's Thesis ETH Zurich
Distributed Computing Group
December 2015

This paper describes a decentralized approach, eliminating the need for a central collector and storing local views of network traffic patterns on the respective devices performing the capture. In order to allow for the analysis of captured data, queries formulated by analysts are distributed across all devices. Processing takes place in a parallelized fashion on the respective local data. Consequently, instead of continually transferring raw metadata, significantly smaller aggregate results are sent to a central location which are then combined into the requested final result. The proposed system describes a lightweight and scalable monitoring solution, enabling the efficient use of available system resources on the distributed devices, hence allowing for high performance, real-time traffic analysis on a global scale. The solution was implemented and deployed globally on hosts managed and maintained by a large managed network security services provider.

Read more (pdf)

Passive Collection and Analysis of SSL/TLS Connections and Certificates
by Fabian Zeindler

Master's Thesis ETH Zurich
Department of Computer Science
May 2015

Secure communication on the internet is based upon one of our most security-critical ecosystems, the X.509 Public Key Infrastructure (PKI). In recent years, numerous incidents, attacks and new findings severely weakened the trust in the present system.
By examining 7 months of HTTPS connection data, passively logged at over 600 geographically distributed vantage points on the infrastructure of a globally operating managed security provider, we take a closer look at the current state of the PKI landscape. In our comprehensive analysis we examine the properties of X.509 certificates, HTTPS connections, as well as the PKI and Certificate Authority (CA) system in general.

Read more (pdf)

Source meta-information authentication along adaptive network paths for policy enforcement
by Lukas Limacher

Master's Thesis ETH Zurich
Network Security Group D-INFK
July 2015

Source authentication is an important concept in networking which can be used to construct higher-level secure systems. However, building such systems has proven to be challenging in today’s internet due to the prevalence of IP address spoofing. Proposed solutions attempting to address this problem are not efficient, as they (1) need a lot of computational resources to provide source authentication or (2) do not take into account network properties for efficient routing.

Read more (pdf)

Messaging Challenges in a Globally Distributed Network
by Raphael Thomas Seebacher

Master's Thesis ETH Zurich
Department of Computer Engineering and Networks Laboratory
September 2013

When operating more than 2600 hosts distributed in over 180 countries around the globe, as it is the case for Mission Control Security Services of Open Systems AG, efficient messaging is absolutely crucial in order to be able to monitor hosts, detect and react to incidents and, hence, to remain in control. With the current messaging architecture reaching its limits, this master thesis takes on investigating this architecture's properties to then design, prototype and evaluate a next generation architecture.

Read more (pdf)

Analysis of the SSL-Certificate, Landscape and Proposal for an Extended Validation Method
by Nicolas Rüegg

Master's Thesis ETH Zurich
Department of Computer Science
April 2013

During the past years, adversaries repeatedly induced trusted public key certification authorities (CA) to illegitimately issue certificates for well-known domains to them. This severely weakened trust in the certification authority system. One of the major problems is that domain owners can not restrict which certification authorities can issue their certificates.
This work aims at increasing trust in a domain's authenticity by employing an extended certificate validation method which can be used immediately without changes to the current infrastructure.

Read more (pdf)

Visualization of virtual private networks in network management systems
by Florian S. Gysin

Master's Thesis ETH Lausanne, EPFL
School of Computer and Communication Sciences
March 2013

We employ user centered design techniques to improve the usability of a set of tools for visualizing and configuring VPN networks at Open Systems AG. Through user and task analysis we identify user goals and tasks and uncover issues with the existing platform. This platform uses an adjacency matrix to visualize networks and we show that it does not adequately support users in their tasks. Through rapid prototyping and usability-driven design, we propose a new set of different tools, each responsible for the visualization of a certain aspect of VPN networks important to the user. The proposed designs include a geographical node-link diagram, a node-link based path inspector and a separate editor view. They are evaluated in a user study at Open Systems AG and have been shown to provide good support for users performing tasks on VPN networks. In an outlook on future work, we propose how to proceed from here on and introduce the idea of multiple coordinated views to combine the separate tools into one framework.

Read more (pdf)

Highly available Virtual Machines in Global Wide Area Networks
by Lukas Frelich

Master's Thesis ETH Lausanne, EPFL
School of Computer and Communication Sciences
September 2012

Current virtualization platforms have greatly simplified the implementation of high availability. Instead of specifically designing a particular service, we can set a whole virtual machine, including all its services to be highly available. However, as those solutions require shared storage among the cluster nodes, their use is limited to fast local area networks. In this thesis we look into how these concepts could be extended to clusters, whose nodes are geographically separated and connected only through a slow network. We focus on the core problem of replacing shared storage with synchronized independent storages. To provide an efficient and fast means of synchronization, we have designed and developed SyncedFS - a FUSE file system, which logs activity on the files to speed up the synchronization. To assess the performance of SyncedFS, we compare it in different network setups to DRBD and GlusterFS, which are widely used solutions for this task. The results of our experiments show that SyncedFS performs very well in the setups with the network throughput considerably smaller than the write data transfer rate of the used storage.

Read more (pdf)

Automatic Rating of VPN Links
by Guido Hungerbühler

Master's Thesis ETH Zurich
Department of Computer Engineering and Networks Laboratory
March 2012

Understanding VPN tunnel performance is crucial in helping to improve the quality of globally distributed networks. If we know the performance of every individual tunnel, we are able to spot problems and pinpoint bottlenecks in the network. We present a novel way of analyzing and visualizing the long-term performance of VPN tunnels. By using geographical clustering of VPN endpoints, we found that tunnels which connect similar regions also show performance characteristics that are alike. This makes it possible to define performance baselines with respect to specific regions.
Furthermore, it enables the detection of individual connections that constantly perform below standard. The proposed method takes advantage of globally spread networks with multiple links between distinct regions. We developed a ready-to-use prototype, which rates VPN tunnels and visualizes problems in the network.

Read more (pdf)

Application-Level Network Performance Monitoring
by Manuel Stich

Master's Thesis ETH Lausanne, EPFL
School of Computer and Communication Sciences
September 2011

The end-to-end network performance, in a globally distributed company network, has an important impact on the overall performance of business critical applications. It is, therefore, of high interest to be able to continuously monitor the end-to-end network performance. This thesis proposes a distributed, passive monitoring system, capable of measuring end-to-end performance and finding out what link is responsible for how much delay.

Read more (pdf)

Detection of Bad Performance in VPN Tunnels
by Jonas Wagner

Master's Thesis ETH Lausanne, EPFL
School of Computer and Communication Sciences
March 2011

The quality of these VPN connections is very important for the Mission Control customers as business-critical applications are running over it (e.g. SAP, Voice over IP, Video Conferencing). A broken or a bad connection may lead to a situation where people cannot work efficiently and processes cannot be followed anymore. Therefore, the monitoring of these connections is very important to proactively react and take first steps to fix the problem. This thesis evaluates methodologies for the automatic detection of bad tunnel performance.

Read more (pdf)

Event Correlation Engine
by Andreas Müller

Master's Thesis ETH Zurich
Department of Computer Engineering and Networks Laboratory
August 2009

As modern IT systems running on distributed platforms tend to become more and more complex, the required management effort grows as well, and it is no longer economical to manage a complete system manually. This thesis investigates the use of a correlation engine in the context of a global network offering various services, as a means to facilitate the monitoring of the network and of the individual services.

Read more (pdf)

Rating Autonomous Systems
by Laurent Zimmerli

Master's Thesis ETH Zurich
Department of Computer Engineering and Networks Laboratory
August 2008

The quality of end-to-end connections over the internet depends on the quality of the traversed Autonomous Systems. In this thesis, we developed an approach to rate Autonomous Systems by their quality. The approach is based on traceroute measurement data. Rating Autonomous Systems supports real-time internet debugging and helps determine high quality ISPs.

Read more (pdf)

Signature-based Extrusion Detection
by Cecile Luessi

Master's Thesis ETH Zurich
Department of Computer Engineering and Networks Laboratory
August 2008

An «Intrusion Detection System (IDS)» is an important component for the comprehensive protection of a company network. Unfortunately, a great number of false alarms make the application of an IDS difficult. This thesis investigates whether the outbound traffic of an infected host can be used to detect intrusion and, if so, how this can be done. Its focus lies on the distinction between attempted and successful attacks.

Read more (pdf)

Security Policy Compliance at VPN Sites
by Patrik Bless

Master's Thesis ETH Lausanne, EPFL
October 2006

Computing environments continue to grow more insecure by the day. A myriad of threats of all kinds menace corporate, governmental, and even private information system infrastructures. In order to support security officers and engineers, a policy toolbox was developed for the Mission Control Security Gateway Service.

Read more (pdf)

Automatic Monitoring of Internet Service Provider (ISP) Topologies
by Janneth Malibago

Master's Thesis ETH Zurich
Department of Computer Engineering and Networks Laboratory
August 2006

Manual, real-time debugging is the standard solution for solving internet connectivity problems. In this thesis, a long-term monitoring strategy is pursued that continuously monitors internet routing paths with traceroute. By correlating route changes and latency variations, the reason for connectivity outages, e.g. re-routing via another ISP, can be quickly determined.

Read more (pdf)

Passive Measurement of Network Quality
by Dominique Giger

Project Thesis ETH Zurich
Department of Computer Engineering and Networks Laboratory
May 2006

Traditionally, network latency and packet loss statistics are gathered by doing active ping probes. The passive technique proposed in this thesis calculates these statistics by analyzing the actual VPN traffic in real time. Tests show that this is a viable method for very accurate, non-intrusive statistics measurement.

Read more (pdf)

Scan Detection Based Identification of Worm Infected Hosts
by Christoph Göldi and Roman Hiestand

Master's Thesis ETH Zurich
Department of Computer Engineering and Networks Laboratory
April 2005

The number of new worms on the internet increases rapidly. Worm infections cause traffic overloads in office networks and congestions of internet links, which cost the industry yearly several billion dollars. An implementation of a generic worm detection algorithm has been done based on the analysis of worm scan traffic. Tests have shown that worms are detected in short time and with a very low false positive rate. The developed detection method enables affected companies to quickly react to worm infections and thus helps prevent major financial losses.

Read more (pdf)

Smart Intrusion Detection
by Thomas Singer and Rolf Sigg

Master's Thesis ETH Zurich
Department of Computer Engineering and Networks Laboratory
March 2001

Intrusion detection is the art of detecting inappropriate, incorrect, or anomalous activity on computers and computer networks. Today, the majority of intrusion detection systems try to accomplish this task by acting something like a virus scanner. They look at captured network packets or system logs in order to find occurrences of patterns...

Read more (pdf)
Go to top