Dr. Márk Félegyházi

Avatao

mark.felegyhazi (at) avatao.com

Publications

Short Bio

Márk received the M.Sc. degree in Electrical Engineering from the Budapest University of Technology and Economics (BME), Hungary in 2001, and earned the Ph.D. degree from EPFL (Swiss Federal Institute of Technology -- Lausanne), Switzerland in 2007. From 1999 to 2001, he was a student member of the Traffic Lab at Ericsson Research, Hungary working with Dr. György Miklós, Dr. András Rácz and Dr. Andras Valkó. From 2001 to 2007, he worked in the group of Prof. Jean-Pierre Hubaux in the Laboratory of Computer Communications and Applications at EPFL. In 2008, he was a postdoctoral researcher in the network economics group led by Prof. Jean Walrand at the Department of Electrical Engineering and Computer Science at UC Berkeley. In 2009-2010, he was a postdoctoral researcher in the network security group of Prof. Vern Paxson at the International Computer Science Institute (ICSI) Since 2006, he is an associate member of the Laboratory of Cryptography and Systems Security (CrySyS) at Budapest University of Technology and Economics (BME), Hungary, where he currently holds the title of assistant professor.

Publications

2015

The design and implementation of a PLC honeypot for detecting cyber attacks against industrial control systems

T. Holczer, M. Felegyhazi, L. Buttyán

Proceedings of International Conference on Computer Security in a Nuclear World: Expert Discussion and Exchange, IAEA, 2015.

Bibtex

@inproceedings {
   author = {Tamas Holczer, Mark Felegyhazi, Levente BUTTYÁN},
   title = {The design and implementation of a PLC honeypot for detecting cyber attacks against industrial control systems},
   booktitle = {Proceedings of International Conference on Computer Security in a Nuclear World: Expert Discussion and Exchange},
   publisher = {IAEA},
   year = {2015}
}

Abstract

2014

CryPLH: Intelligens ipari rendszerek célzott támadások elleni védelme PLC honeyp

D. Buza, F. Juhasz, Gy. Miru, M. Felegyhazi, T. Holczer

Kiss Natália Nagy Bálint Németh István Péter (Eds), Tudományos terek, pp. 9-20, DUF Press, 2014, ISBN: 9789632870755.

Bibtex

@inbook {
   author = {Daniel Buza, Ferenc Juhasz, Gyorgy Miru, Mark Felegyhazi, Tamas Holczer},
   editor = {Kiss Natália Nagy Bálint Németh István Péter (Eds)},
   title = {CryPLH: Intelligens ipari rendszerek célzott támadások elleni védelme PLC honeyp},
   chapter = {Tudományos terek},
   pages = {9-20},
   publisher = {DUF Press},
   year = {2014},
   note = {ISBN: 9789632870755}
}

Abstract

CryPLH: Protecting smart energy systems from targeted attacks with a PLC honeypot

D. Buza, F. Juhasz, Gy. Miru, M. Felegyhazi, T. Holczer

in Proceedings of SmartGridSec 2014, February 26, 2014.

Bibtex | Abstract | PDF

@article {
   author = {Daniel Buza, Ferenc Juhasz, Gyorgy Miru, Mark Felegyhazi, Tamas Holczer},
   title = {CryPLH: Protecting smart energy systems from targeted attacks with a PLC honeypot},
   journal = {in Proceedings of SmartGridSec 2014},
   month = {February 26},
   year = {2014}
}

Keywords

PLC honeypot, critical infrastructures, advanced threat monitoring, industrial control systems security

Abstract

Smart grids consist of suppliers, consumers, and other parts. The main suppliers are normally supervised by industrial control sys- tems. These systems rely on programmable logic controllers (PLCs) to control industrial processes and communicate with the supervisory sys- tem. Until recently, industrial operators relied on the assumption that these PLCs are isolated from the online world and hence cannot be the target of attacks. Recent events, such as the infamous Stuxnet attack [15] directed the attention of the security and control system community to the vulnerabilities of control system elements, such as PLCs. In this paper, we design and implement the Crysys PLC honeypot (CryPLH) system to detect targeted attacks against industrial control systems. This PLC honeypot can be implemented as part of a larger security monitoring system. Our honeypot implementation improves upon existing solutions in several aspects: most importantly in level of interaction and ease of configuration. Results of an evaluation show that our honeypot is largely indistinguishable from a real device from the attacker’s perspective. As a collateral of our analysis, we were able to identify some security issues in the real PLC device we tested and implemented specific firewall rules to protect the device from targeted attacks.

2013

Technical Trends in Recent Targeted Attacks

G. Pék, B. Bencsáth, L. Buttyán, M. Felegyhazi

Presentation at Power of Community (POC 2013, Seoul, South Korea), November, 2013.

Bibtex

@misc {
   author = {Gábor PÉK, Boldizsár Bencsáth, Levente BUTTYÁN, Mark Felegyhazi},
   title = {Technical Trends in Recent Targeted Attacks },
   howpublished = {Presentation at Power of Community (POC 2013, Seoul, South Korea)},
   month = {November},
   year = {2013}
}

Abstract

2012

A Survey of Interdependent Security Games

A. Laszka, M. Felegyhazi, L. Buttyán

no. CRYSYS-TR-2012-11-15, CrySyS Lab, BME, Nov, 2012.

Bibtex | Abstract | PDF

@techreport {
   author = {Aron Laszka, Mark Felegyhazi, Levente BUTTYÁN},
   title = {A Survey of Interdependent Security Games},
   number = {CRYSYS-TR-2012-11-15},
   institution = {CrySyS Lab, BME},
   month = {Nov},
   year = {2012}
}

Keywords

interdependent security, security economics, security games

Abstract

Interdependence of information systems is a fundamental property that shapes the problems in information security. The risks faced by system operators and users is not only determined by their own security posture, but is heavily affected by the security-related decisions of other connected systems. Therefore, defending networked systems relies on the correlated action of the system operators or users. In this survey, we summarize game-theoretic interdependence models, characterize the emerging security inefficiencies and present solution methods. Our goal is to distill the main insights from the state-of-the-art and to identify the areas that need more attention from the research community.

Célzott informatikai támadások napjainkban

B. Bencsáth, G. Pék, L. Buttyán, M. Felegyhazi

Budapest New Tech Meetup, Budapest, Hungary., December, 2012.

Bibtex

@misc {
   author = {Boldizsár Bencsáth, Gábor PÉK, Levente BUTTYÁN, Mark Felegyhazi},
   title = {Célzott informatikai támadások napjainkban},
   howpublished = {Budapest New Tech Meetup, Budapest, Hungary.},
   month = {December},
   year = {2012}
}

Abstract

Duqu, Flame, Gauss - new challenges for a new era

B. Bencsáth, L. Buttyán, M. Felegyhazi, G. Pék

EuroNOG 2012 conference, Budapest, 10-11 Sept 2012, September, 2012.

Bibtex

@misc {
   author = {Boldizsár Bencsáth, Levente BUTTYÁN, Mark Felegyhazi, Gábor PÉK},
   title = {Duqu, Flame, Gauss - new challenges for a new era },
   howpublished = {EuroNOG 2012 conference, Budapest, 10-11 Sept 2012},
   month = {September},
   year = {2012}
}

Abstract

Duqu: Analysis, Detection, and Lessons Learned

B. Bencsáth, G. Pék, L. Buttyán, M. Felegyhazi

ACM European Workshop on System Security (EuroSec), ACM, 2012.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Boldizsár Bencsáth, Gábor PÉK, Levente BUTTYÁN, Mark Felegyhazi},
   title = {Duqu: Analysis, Detection, and Lessons Learned},
   booktitle = {ACM European Workshop on System Security (EuroSec)},
   publisher = {ACM},
   year = {2012}
}

Abstract

In September 2011, a European company sought our help to investigate a security incident that happened in their IT system. During the investigation, we discovered a new malware that was unknown to all mainstream anti-virus products, however, it showed striking similarities to the infamous Stuxnet worm. We named the new malware Duqu, and we carried out its rst analysis. Our ndings led to the hypothesis that Duqu was probably created by the same people who developed Stuxnet, but with a di erent purpose: unlike Stuxnet whose mission was to attack industrial equipment, Duqu is an information stealer rootkit. Nevertheless, both pieces of malware have a modular structure, and they can be re-con gured remotely from a Command and Control server to include virtually any kind of functionality. In this paper, we present an abridged version of our initial Duqu analysis, which is available in a longer format as a technical report. We also describe the Duqu detector toolkit, a set of heuristic tools that we developed to detect Duqu and its variants. Finally, we discuss a number of issues that we learned, observed, or identi ed during our Duqu analysis project concerning the problems of preventing, detecting, and handling targeted malware attacks; we believe that solving these issues represents a great challenge to the system security community.

sKyWIper (a.k.a. Flame a.k.a. Flamer): A complex malware for targeted attacks

B. Bencsáth, G. Pék, L. Buttyán, M. Felegyhazi

In collaboration with the sKyWIper Analysis Team , 2012.

Bibtex | PDF

@techreport {
   author = {Boldizsár Bencsáth, Gábor PÉK, Levente BUTTYÁN, Mark Felegyhazi},
   title = {sKyWIper (a.k.a. Flame a.k.a. Flamer): A complex malware for targeted attacks},
   institution = {In collaboration with the sKyWIper Analysis Team },
   year = {2012}
}

Abstract

Targeted attacks against Critical infrastructure: Stuxnet and beyond

B. Bencsáth, G. Pék, L. Buttyán, M. Felegyhazi

SCADA and Smart Grid Cyber Security Summit, 26-27 April 2012, April, 2012, London.

Bibtex

@misc {
   author = {Boldizsár Bencsáth, Gábor PÉK, Levente BUTTYÁN, Mark Felegyhazi},
   title = {Targeted attacks against Critical infrastructure: Stuxnet and beyond},
   howpublished = {SCADA and Smart Grid Cyber Security Summit, 26-27 April 2012},
   month = {April},
   year = {2012},
   note = {London}
}

Abstract

Targeted Attacks of Recent Times

B. Bencsáth, L. Buttyán, G. Pék, M. Felegyhazi

Kaspersky SAS 2012 - Security Analyst Summit, Cancun, Mexico, February, 2012.

Bibtex

@misc {
   author = {Boldizsár Bencsáth, Levente BUTTYÁN, Gábor PÉK, Mark Felegyhazi},
   title = {Targeted Attacks of Recent Times },
   howpublished = {Kaspersky SAS 2012 - Security Analyst Summit, Cancun, Mexico},
   month = {February},
   year = {2012}
}

Abstract

Technical analysis and information sharing in the handling of high-profile targeted attacks

B. Bencsáth, L. Buttyán, G. Pék, M. Felegyhazi

2012 Workshop on Cyber Security and Global Affairs and Global Security Forum, 1-3 June 2012, June, 2012, Barcelona, Spain.

Bibtex

@misc {
   author = {Boldizsár Bencsáth, Levente BUTTYÁN, Gábor PÉK, Mark Felegyhazi},
   title = {Technical analysis and information sharing in the handling of high-profile targeted attacks },
   howpublished = {2012 Workshop on Cyber Security and Global Affairs and Global Security Forum, 1-3 June 2012},
   month = {June},
   year = {2012},
   note = {Barcelona, Spain}
}

Abstract

The BIZ Top-Level Domain: Ten Years Later

T. Halvorson, J. Szurdi, G. Maier, M. Felegyhazi, C. Kreibich, N. Weaver, K. Levchenko, V. Paxson

in Proceedings of Passive Active Measurements (PAM 2012), PAM 2012, Vienna, Austria, March 12-14, 2012.

Bibtex | Abstract

@inproceedings {
   author = {, Szurdi János, Gregor Maier, Mark Felegyhazi, , , , },
   title = {The BIZ Top-Level Domain: Ten Years Later},
   booktitle = {in Proceedings of Passive Active Measurements (PAM 2012)},
   publisher = {PAM 2012},
   address = {Vienna, Austria},
   month = {March 12-14},
   year = {2012}
}

Abstract

On May 15, 2001 ICANN announced the introduction of the biz and info generic top-level domains (gTLDs)—the first new gTLDs since the inception of the Domain Name System—aiming to “increase consumer choice and create opportunities for entities that have been shut out under the current name structure.” The biz gTLD, in particular, was to become an alternative to the popular com top-level domain. In this paper we examine the current usage of the biz gTLD in order to determine whether it has evolved into the role intended by ICANN, and whether concerns expressed in the early discussions of this expansion have been justified. In particular, using DNS zone files, DNS probing, and Web crawler data, we attempt to answer the question of whether biz has become a viable alternative to com, giving trademark holders who find themselves unable to register a com name an attractive alternative; or whether it has merely induced defensive registrations by existing trademark holders who already had equivalent com domains

The cousins of Stuxnet: Duqu, Flame, Gauss, …

L. Buttyán, B. Bencsáth, G. Pék, M. Felegyhazi

ISCD 2012, Balatonöszöd, 3-4 Sep., September, 2012.

Bibtex

@misc {
   author = {Levente BUTTYÁN, Boldizsár Bencsáth, Gábor PÉK, Mark Felegyhazi},
   title = {The cousins of Stuxnet: Duqu, Flame, Gauss, …},
   howpublished = {ISCD 2012, Balatonöszöd, 3-4 Sep.},
   month = {September},
   year = {2012}
}

Abstract

The Cousins of Stuxnet: Duqu, Flame, and Gauss

B. Bencsáth, G. Pék, L. Buttyán, M. Felegyhazi

Future Internet 2012, 4(4), doi:10.3390/fi4040971, 2012, pp. 971-1003, doi:10.3390/fi4040971, http://www.mdpi.com/journal/futureinternet/special_issues/stuxnet.

Bibtex | Abstract

@article {
   author = {Boldizsár Bencsáth, Gábor PÉK, Levente BUTTYÁN, Mark Felegyhazi},
   title = {The Cousins of Stuxnet: Duqu, Flame, and Gauss},
   journal = {Future Internet 2012, 4(4), doi:10.3390/fi4040971},
   year = {2012},
   pages = {971-1003},
   note = {doi:10.3390/fi4040971, http://www.mdpi.com/journal/futureinternet/special_issues/stuxnet}
}

Abstract

Stuxnet was the first targeted malware that received worldwide attention forcausing physical damage in an industrial infrastructure seemingly isolated from the onlineworld. Stuxnet was a powerful targeted cyber-attack, and soon other malware samples were discovered that belong to this family. In this paper, we will first present our analysis of Duqu, an information-collecting malware sharing striking similarities with Stuxnet. Wedescribe our contributions in the investigation ranging from the original detection of Duquvia finding the dropper file to the design of a Duqu detector toolkit. We then continue with the analysis of the Flame advanced information-gathering malware. Flame is unique in thesense that it used advanced cryptographic techniques to masquerade as a legitimate proxyfor the Windows Update service. We also present the newest member of the family, called Gauss, whose unique feature is that one of its modules is encrypted such that it can onlybe decrypted on its target system; hence, the research community has not yet been able to analyze this module. For this particular malware, we designed a Gauss detector serviceand we are currently collecting intelligence information to be able to break its very specialencryption mechanism. Besides explaining the operation of these pieces of malware, wealso examine if and how they could have been detected by vigilant system administrators manually or in a semi-automated manner using available tools. Finally, we discuss lessonsthat the community can learn from these incidents. We focus on technical issues, and avoidspeculations on the origin of these threats and other geopolitical questions.

2011

Duqu: A Stuxnet-like malware found in the wild

B. Bencsáth, G. Pék, L. Buttyán, M. Felegyhazi

BME CrySyS Lab., October, 2011., First published in cut-down form as appendix to the Duqu report of Symantec.

Bibtex

@techreport {
   author = {Boldizsár Bencsáth, Gábor PÉK, Levente BUTTYÁN, Mark Felegyhazi},
   title = {Duqu: A Stuxnet-like malware found in the wild},
   institution = {BME CrySyS Lab.},
   month = {October},
   year = {2011.},
   note = {First published in cut-down form as appendix to the Duqu report of Symantec}
}

Abstract

CLEARER: CrySyS Laboratory Security and Privacy Research Roadmap

L. Buttyán, M. Felegyhazi, B. Bencsáth

Proceedings of the First SysSec Workshop SysSec 2011, SysSec, Amsterdam, The Netherlands, July 6, 2011, pp. 73-76.

Bibtex | PDF

@inproceedings {
   author = {Levente BUTTYÁN, Mark Felegyhazi, Boldizsár Bencsáth},
   title = {CLEARER: CrySyS Laboratory Security and Privacy Research Roadmap},
   booktitle = {Proceedings of the First SysSec Workshop SysSec 2011},
   publisher = {SysSec},
   address = { Amsterdam, The Netherlands},
   month = {July 6},
   year = {2011},
   pages = {73-76}
}

Abstract

Network Regulation and Market Entry

G. Schwartz, J. Musacchio, M. Felegyhazi, J. Walrand

GameNets 2011, 2011, , Shanghai, China, April 16-18.

Bibtex | Abstract

@conference {
   author = {, , Mark Felegyhazi, },
   title = {Network Regulation and Market Entry},
   booktitle = {GameNets 2011},
   year = {2011},
   address = {, Shanghai, China},
   month = { April 16-18}
}

Abstract

This paper uses a two-sided market model to study if lastmile access providers (ISPs), should charge content providers (CPs), who derive revenue from advertisers, for the right to access ISP’s end-users. We compare two-sided pricing (ISPs could charge CPs for content delivery) with one-sided pricing (neutrality regulations prohibit such charges). Our analysis indicates that number of CPs is lower, and the number of ISPs often higher, with two- rather than one-sided pricing. From our results the superiority of one regime over the other depends on parameters of advertising rates, end-user demand, CPs’ and ISPs’ costs, and relative importance of their investments. Thus, caution should be taken in designing neutrality regulations

On the Effects of Registrar-level Intervention

H. Liu, K. Levchenko, M. Felegyhazi, C. Kreibich, G. Maier, G. M. Voelker, S. Savage

In Proceedings of LEET 2011, LEET 2011 (USENIX), Boston, MA, USA, March 29, 2011 .

Bibtex | Abstract

@inproceedings {
   author = {, , Mark Felegyhazi, , Gregor Maier, , },
   title = {On the Effects of Registrar-level Intervention},
   booktitle = {In Proceedings of LEET 2011},
   publisher = {LEET 2011 (USENIX)},
   address = {Boston, MA, USA},
   month = {March 29},
   year = {2011 }
}

Abstract

Virtually all Internet scams make use of domain name resolution as a critical part of their execution (e.g., resolving a spam-advertised URL to its Web site). Consequently, defenders have initiated a range of efforts to intervene within the DNS ecosystem to block such activity (e.g., by blacklisting “known bad” domain names at the client). Recently, there has been a push for domain registrars to take a more active role in this conflict, and it is this class of intervention that is the focus of our work. In particular, this paper characterizes the impact of two recent efforts to counter scammers’ use of domain registration: CNNIC’s blanket policy changes for the .cn ccTLD made in late 2009 and the late 2010 agreement between eNom and LegitScript to reactively take down “rogue” Internet pharmacy domains. Using a combination of historic WHOIS data and co-temporal spam feeds, we measure the impact of these interventions on both the registration and use of spam-advertised domains. We use these examples to illustrate the key challenges in making registrar-level intervention an effective tool.

Recent advances in targeted malware attacks

B. Bencsáth, L. Buttyán, G. Pék, M. Felegyhazi

Schönherz - Simonyi Szakkollégium ., December 13, 2011.

Bibtex

@misc {
   author = {Boldizsár Bencsáth, Levente BUTTYÁN, Gábor PÉK, Mark Felegyhazi},
   title = {Recent advances in targeted malware attacks },
   howpublished = {Schönherz - Simonyi Szakkollégium .},
   month = {December 13},
   year = {2011}
}

Abstract

Recent advances in targeted malware attacks

B. Bencsáth, L. Buttyán, G. Pék, M. Felegyhazi

Fókuszban a CrySyS Lab. , December 14, 2011.

Bibtex

@misc {
   author = {Boldizsár Bencsáth, Levente BUTTYÁN, Gábor PÉK, Mark Felegyhazi},
   title = {Recent advances in targeted malware attacks },
   howpublished = {Fókuszban a CrySyS Lab. },
   month = {December 14},
   year = {2011}
}

Abstract

Click Trajectories: End-to-End Analysis of the Spam Value Chain

K. Levchenko, G. M. Voelker, V. Paxson, N. Weaver, A. Pitsillidis, D. McCoy, H. Liu, C. Kreibich, C. Kanich, T. Halvorson, C. Grier, M. Felegyhazi, B. Enright, N. Chachra, S. Savage

in Proceedings of IEEE Symposium on Security& Privacy (Oakland 2011), IEEE, Oakland, CA, USA, May 22-25, 2011 , pp. 1-16.

Bibtex | Abstract

@inproceedings {
   author = {, , , , , , , , , , , Mark Felegyhazi, , , },
   title = {Click Trajectories: End-to-End Analysis of the Spam Value Chain},
   booktitle = {in Proceedings of IEEE Symposium on Security& Privacy (Oakland 2011)},
   publisher = {IEEE},
   address = {Oakland, CA, USA},
   month = {May 22-25},
   year = { 2011 },
   pages = {1-16}
}

Abstract

Spam-based advertising is a business. While it has engendered both widespread antipathy and a multi-billion dollar anti-spam industry, it continues to exist because it fuels a profitable enterprise. We lack, however, a solid understanding of this enterprise’s full structure, and thus most anti-spam interventions focus on only one facet of the overall spam value chain (e.g., spam filtering, URL blacklisting, site takedown). In this paper we present a holistic analysis that quantifies the full set of resources employed to monetize spam email— including naming, hosting, payment and fulfillment—using extensive measurements of three months of diverse spam data, broad crawling of naming and hosting infrastructures, and over 100 purchases from spam-advertised sites. We relate these resources to the organizations who administer them and then use this data to characterize the relative prospects for defensive interventions at each link in the spam value chain. In particular, we provide the first strong evidence of payment bottlenecks in the spam value chain; 95% of spam-advertised pharmaceutical, replica and software products are monetized using merchant services from just a handful of banks.

2010

Competitive Cyber-Insurance and Internet Security

N. Shetty, G. Schwartz, M. Felegyhazi, J. Walrand

T. Moore, D. Pym, and C. Ioannidis, editors, Economics of Information Security and Privacy, Springer-Verlag, pages 229-247,, 2010. .

Bibtex | Abstract

@article {
   author = {, , Mark Felegyhazi, },
   title = {Competitive Cyber-Insurance and Internet Security},
   journal = {T. Moore, D. Pym, and C. Ioannidis, editors, Economics of Information Security and Privacy, Springer-Verlag},
   month = {pages 229-247,},
   year = {2010. }
}

Abstract

This paper investigates how competitive cyber-insurers affect network security and welfare of the networked society. In our model, a user’s probability to incur damage (from being attacked) depends on both his security and the network security, with the latter taken by individual users as given. First, we consider cyberinsurers who cannot observe (and thus, affect) individual user security. This asymmetric information causes moral hazard. Then, for most parameters, no equilibrium exists: the insurance market is missing. Even if an equilibrium exists, the insurance contract covers only a minor fraction of the damage; network security worsens relative to the no-insurance equilibrium. Second, we consider insurers with perfect information about their users’ security. Here, user security is perfectly enforceable (zero cost); each insurance contract stipulates the required user security. The unique equilibrium contract covers the entire user damage. Still, for most parameters, network security worsens relative to the no-insurance equilibrium. Although cyber-insurance improves user welfare, in general, competitive cyber-insurers fail to improve network security.

On the Potential of Proactive Domain Blacklisting,

M. Felegyhazi, C. Kreibich, V. Paxson

at LEET 2010, 2010., San Jose, USA , April 27.

Bibtex | Abstract

@conference {
   author = {Mark Felegyhazi, , },
   title = {On the Potential of Proactive Domain Blacklisting, },
   booktitle = {at LEET 2010},
   year = {2010.},
   address = {San Jose, USA },
   month = {April 27}
}

Abstract

In this paper we explore the potential of leveraging properties inherent to domain registrations and their appearance in DNS zone files to predict the malicious use of domains proactively, using only minimal observation of known-bad domains to drive our inference. Our analysis demonstrates that our inference procedure derives on average 3.5 to 15 new domains from a given known-bad domain. 93% of these inferred domains subsequently appear suspect (based on third-party assessments), and nearly 73% eventually appear on blacklists themselves. For these latter, proactively blocking based on our predictions provides a median headstart of about 2 days versus using a reactive blacklist, though this gain varies widely for different domains.

Barter Trade Improves Message Delivery in Opportunistic Networks

L. Buttyán, L. Dóra, M. Felegyhazi, I. Vajda

Elsevier Ad Hoc Networks, vol. 8, no. 1, January 10, 2010, pp. 1-14.

Bibtex | Abstract | PDF

@article {
   author = {Levente BUTTYÁN, László DÓRA, Mark Felegyhazi, István VAJDA},
   title = {Barter Trade Improves Message Delivery in Opportunistic Networks},
   journal = {Elsevier Ad Hoc Networks},
   volume = {8},
   number = {1},
   month = {January 10},
   year = {2010},
   pages = {1-14}
}

Abstract

In opportunistic networks, selfish nodes can exploit the services provided by other nodes by downloading messages that interest them, but refusing to store and distribute messages for the benefit of other nodes. We propose a mechanism to discourage selfish behavior based on the principles of barter. We develop a game-theoretic model in which we show that the proposed approach indeed stimulates cooperation of the nodes. The results show that, in practical scenarios, the message delivery rate considerably increases, if the mobile nodes follow the Nash Equilibrium strategy in the proposed mechanism compared to the data dissemination protocol when no encouraging mechanism is present.

Optimal Security Investment with Penetration Testing

R. Böhme, M. Felegyhazi

GameSec 2010, 2010. , Berlin, Germany, Nov 22-23.

Bibtex | Abstract

@conference {
   author = {, Mark Felegyhazi},
   title = {Optimal Security Investment with Penetration Testing},
   booktitle = {GameSec 2010},
   year = { 2010. },
   address = {Berlin, Germany},
   month = {Nov 22-23}
}

Abstract

Penetration testing, the deliberate search for potential vulnerabilities in a system by using attack techniques, is a relevant tool of information security practitioners. This paper adds penetration testing to the realm of information security investment. Penetration testing is modeled as an information gathering option to reduce uncertainty in a discrete time, nite horizon, player-versus-nature, weakest-link security game. We prove that once started, it is optimal to continue penetration testing until a secure state is reached. Further analysis using a new metric for the return on penetration testing suggests that penetration testing almost always increases the per-dollar eciency of security investment.

2009

Competitive Cyber-Insurance and Internet Security,

N. Shetty, G. Schwartz, M. Felegyhazi, J. Walrand

in Proceedings of WEIS 2009, WEIS 2009, London, England,, June 24-25 , 2009..

Bibtex | Abstract

@inproceedings {
   author = {, , Mark Felegyhazi, },
   title = {Competitive Cyber-Insurance and Internet Security, },
   booktitle = {in Proceedings of WEIS 2009},
   publisher = {WEIS 2009},
   address = {London, England,},
   month = { June 24-25 },
   year = {2009.}
}

Abstract

This paper investigates how competitive cyber-insurers affect network security and welfare of the networked society. In our model, a user’s probability to incur damage (from being attacked) depends on both his security and the network security, with the latter taken by individual users as given. First, we consider cyber-insurers who cannot observe (and thus, affect) individual user security. This asymmetric information causes moral hazard. Then, for most parameters, no equilibrium exists: the insurance market is missing. Even if an equilibrium exists, the insurance contract covers only a minor fraction of the damage; network security worsens relative to the no-insurance equilibrium. Second, we consider insurers with perfect information about their users’ security. Here, user security is perfectly enforceable (zero cost); each insurance contract stipulates the required user security. The unique equilibrium contract covers the entire user damage. Still, for most parameters, network security worsens relative to the no-insurance equilibrium. Although cyber-insurance improves user welfare, in general, competitive cyber-insurers fail to improve network security.

Efficient MAC in Cognitive Radio Networks: A Game-Theoretic Approach

M. Felegyhazi, M. Cagalj, J. P. Hubaux

Transactions on Wireless Communications (TWC), , vol. 8, no. 4, April , 2009.

Bibtex | Abstract

@article {
   author = {Mark Felegyhazi, Mario Cagalj, Jean-Pierre Hubaux},
   title = {Efficient MAC in Cognitive Radio Networks: A Game-Theoretic Approach},
   journal = {Transactions on Wireless Communications (TWC), },
   volume = {8},
   number = {4},
   month = {April },
   year = {2009}
}

Abstract

In this paper, we study the problem of efficient medium access control (MAC) among cognitive radio devices that are equipped with multiple radios and thus are capable of transmitting simultaneously at different frequencies (channels). We assume that radios contend on each channel using the Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA) protocol. We study two MAC problems: (i) the allocation of the available channels among radios, and (ii) the optimal usage of each allocated channel by the radios occupying it. Both problems are studied in a game-theoretic setting, where devices aim to selfishly maximize their share of the available bandwidth. As for the first problem, we show that the ”price of anarchy” is close to 1, that is, Nash equilibria imply nearly system optimal allocations of the available channels. For the second problem, we design a game such that it admits a unique Nash equilibrium that is is both fair and Pareto-optimal. Furthermore, we propose simple mechanisms that enable selfish cognitive radio devices not only to coordinate efficiently on the available channels but also to optimally use every single allocated channel.

2008

Revocation Games in Ephemeral Networks

M. Raya, M. H. Manshaei, M. Felegyhazi, J. P. Hubaux

in Proceedings of ACM CCS , ACM, Alexandria, VA, USA, Oct. 27-31, 2008. .

Bibtex | Abstract

@inproceedings {
   author = {Maxim Raya, , Mark Felegyhazi, Jean-Pierre Hubaux},
   title = {Revocation Games in Ephemeral Networks},
   booktitle = {in Proceedings of ACM CCS },
   publisher = {ACM},
   address = {Alexandria, VA, USA},
   month = {Oct. 27-31},
   year = {2008. }
}

Abstract

A frequently proposed solution to node misbehavior in mo- bile ad hoc networks is to use reputation systems. But in ephemeral networks - a new breed of mobile networks where contact times between nodes are short and neighbors change frequently - reputations are hard to build. In this case, local revocation is a faster and more e±cient alterna- tive. In this paper, we de¯ne a game-theoretic model to analyze the various local revocation strategies. We establish and prove the conditions leading to subgame-perfect equilib- ria. We also derive the optimal parameters for voting-based schemes. Then we design a protocol based on our analy- sis and the practical aspects that cannot be captured in the model. With realistic simulations on ephemeral networks we compare the performance and economic costs of the diŸerent techniques.

Optimal Pricing Strategy for Wireless Social Community Networks

A. Mazloumian, M. H. Manshaei, M. Felegyhazi, J. P. Hubaux

in Proceedings of the Economics of Networks, Systems, and Computation (NetEcon 2008), NetEcon, Seattle, August 22, 2008.

Bibtex | Abstract

@inproceedings {
   author = {, , Mark Felegyhazi, Jean-Pierre Hubaux},
   title = {Optimal Pricing Strategy for Wireless Social Community Networks},
   booktitle = {in Proceedings of the Economics of Networks, Systems, and Computation (NetEcon 2008)},
   publisher = {NetEcon},
   address = {Seattle},
   month = {August 22},
   year = {2008}
}

Abstract

Wireless social community operators rely on subscribers who constitute a community of users. The pricing strategy of the provided wireless access is an open problem for this new generation of wireless access providers. In this paper, using both analytical and simulation approaches, we study the problem comprised of modeling user subscription and mobility behavior and of coverage evolution with the objective of finding optimal subscription fees. We compute optimal prices with both static and semi-dynamic pricing. Coping with an incomplete knowledge about users, we calculate the best static price and prove that optimal fair pricing is the optimal semidynamic pricing. Moreover, we have developed a simulator to verify optimal prices of social community operators with complete and incomplete knowledge. Our results show that the optimal fair pricing strategy significantly improves the cumulative payoff of social community operators.

2007

Barter-based cooperation in delay-tolerant personal wireless networks

L. Buttyán, L. Dóra, M. Felegyhazi, I. Vajda

In Proceedings of the First IEEE WoWMoM Workshop on Autonomic and Opportunistic Communications, IEEE Computer Society Press, Helsinki, Finland, June 18 , 2007, pp. 1-6.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Levente BUTTYÁN, László DÓRA, Mark Felegyhazi, István VAJDA},
   title = {Barter-based cooperation in delay-tolerant personal wireless networks},
   booktitle = {In Proceedings of the First IEEE WoWMoM Workshop on Autonomic and Opportunistic Communications},
   publisher = {IEEE Computer Society Press},
   address = {Helsinki, Finland},
   month = {June 18 },
   year = {2007},
   pages = {1-6}
}

Abstract

In this paper, we consider the application of delay-tolerant networks to personal wireless communications. In these networks, selfish nodes can exploit the services provided by other nodes by downloading messages that interest them, but refusing to store and distribute messages for the benefit of other nodes. We propose a mechanism to discourage selfish behavior based on the principles of barter. We develop a game-theoretic model in which we show that the proposed approach indeed stimulates cooperation of the nodes. In addition, the results show that the individually most beneficial behavior leads to the social optimum of the system.

2005

Cooperative Packet Forwarding in Multi-Domain Sensor Networks

M. Felegyhazi, J. P. Hubaux, L. Buttyán

Proceedings of the First International Workshop on Sensor Networks and Systems for Pervasive Computing (PerSeNS 2005), March, 2005.

Bibtex

@inproceedings {
   author = {Mark Felegyhazi, , Levente BUTTYÁN},
   title = {Cooperative Packet Forwarding in Multi-Domain Sensor Networks},
   booktitle = {Proceedings of the First International Workshop on Sensor Networks and Systems for Pervasive Computing (PerSeNS 2005)},
   month = {March},
   year = {2005}
}

Abstract

Nash Equilibria of Packet Forwarding Strategies in Wireless Ad Hoc Networks

M. Felegyhazi, J. P. Hubaux, L. Buttyán

IEEE Transactions on Mobile Computing, to appear, 2005.

Bibtex

@article {
   author = {Mark Felegyhazi, , Levente BUTTYÁN},
   title = {Nash Equilibria of Packet Forwarding Strategies in Wireless Ad Hoc Networks},
   journal = {IEEE Transactions on Mobile Computing},
   month = {to appear},
   year = {2005}
}

Abstract

2004

Equilibrium Analysis of Packet Forwarding Strategies in Wireless Ad Hoc Networks -- the Dynamic Case

M. Felegyhazi, J. P. Hubaux, L. Buttyán

Proceedings of the 2nd Workshop on Modeling and Optimization in Mobile, Ad Hoc and Wireless Networks (WiOpt 2004), March, 2004.

Bibtex

@inproceedings {
   author = {Mark Felegyhazi, , Levente BUTTYÁN},
   title = {Equilibrium Analysis of Packet Forwarding Strategies in Wireless Ad Hoc Networks -- the Dynamic Case},
   booktitle = {Proceedings of the 2nd Workshop on Modeling and Optimization in Mobile, Ad Hoc and Wireless Networks (WiOpt 2004)},
   month = {March},
   year = {2004}
}

Abstract

2003

Equilibrium Analysis of Packet Forwarding Strategies in Wireless Ad Hoc Networks -- the Static Case

M. Felegyhazi, L. Buttyán, J. P. Hubaux

8th International Conference on Personal Wireless Communications (PWC 2003), September, 2003.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Mark Felegyhazi, Levente BUTTYÁN, },
   title = {Equilibrium Analysis of Packet Forwarding Strategies in Wireless Ad Hoc Networks -- the Static Case},
   booktitle = {8th International Conference on Personal Wireless Communications (PWC 2003)},
   month = {September},
   year = {2003}
}

Abstract

In multi-hop wireless networks, every node is expected to forward packets for the benefit of other nodes. Yet, if each node is its own authority, then it may selfishly deny packet forwarding in order to save its own resources. Some researchers have proposed to introduce an incentive mechanism in the network that motivates the nodes to cooperate. In this paper, we address the question of whether such an incentive mechanism is necessary or cooperation between the nodes exists in the absence of it. We define a model in a game theoretic framework and identify the conditions under which cooperative strategies can form an equilibrium. As the problem is somewhat involved, we deliberately restrict ourselves to a static configuration.

2000

Traffic Dependent Bluetooth Scatternet Optimization Procedure

Gy. Miklós, M. Felegyhazi

US patent, May, 2000, Nr: 09/666529.

Bibtex

@misc {
   author = {György Miklós, Mark Felegyhazi},
   title = {Traffic Dependent Bluetooth Scatternet Optimization Procedure},
   howpublished = {US patent},
   month = {May},
   year = {2000},
   note = {Nr: 09/666529}
}

Abstract

1999

An Experimental Analysis of Mobile IP in a Wireless Environment

M. Felegyhazi, Cs. Szabó, V. Tímár

Students' Scientific Conference, TU Budapest, October, 1999, in Hungarian.

Bibtex | Abstract | PDF

@misc {
   author = {Mark Felegyhazi, Csanád Szabó, Veronika Tímár},
   title = {An Experimental Analysis of Mobile IP in a Wireless Environment},
   howpublished = {Students' Scientific Conference, TU Budapest},
   month = {October},
   year = {1999},
   note = {in Hungarian}
}

Abstract

Dolgozatunkban egy vezeték nélküli hálózaton mértük a Mobile IP szabvány egyes teljesítményjellemzõit. Elsõsorban arra voltunk kiváncsiak, hogy a handoverek milyen hatással vannak a TCP-t használó alkalmazásokra. Az eredményekbõl azt a következtetést vonhatjuk le, hogy a Mobile IP fõleg a lassú handover vagyis a hordozhatóság kezelésére alkalmas, mert belsõ késleltetései nagyok. Gyakori handoverek esetén a Mobile IP-t használó TCP alkalmazások átviteli sebessége a nagy csomagvesztés miatt rohamosan csökken. A jövõben várható a cellák méretének csökkenése. Átmérõjük egészen néhány tíz méterig lecsökkenhet [HAA98]. Vegyünk egy példát, ahol a cellák 30 méter átmérõjûek és a felhasználó 1 m/s sebességgel halad, közben laptopjával kapcsolódik az Internetre. Ekkor percenként két handover történik. Az átviteli sebesség kétharmadára csökken ahhoz képest, mintha egyhelyben állna, azaz megállapíthatjuk, hogy a Mobile IP-t nem a gyakori handover kezelésére tervezték. Már léteznek javaslatok a szabvány kiegészítésére gyors cellaváltás esetén [RAM99], [MAL99], [MCA99]. A jövõben ezekkel fogunk foglalkozni.