short bioJoao Ceron is a network security researcher engineer at SIDN labs. He has a degree in computer science, a masters degree in computer security and a Ph.D. in computer engineering. He has worked for more than 10 years in computer emergency teams dealing with real-world attacks and fraudsters. Recently, he was commissioned by the Ministry of Justice and Security in the Netherlands to investigate the vulnerability of critical infrastructure equipment.
My background is in applied network security research, in particular, to investigate malware behaviors. In my master s degree, I studied botnet tracking mechanisms using network flows and malware analysis. You can find my master's thesis [here] (in Portuguese only), however, we have published few papers with the result of that research, see papers section.
During my Ph.D. I developed a malware analysis environment based on SDN (Software-Defined Networking). The idea is to manipulate the flows originated from malware to triggers unseen malware behaviors. You can find my Ph.D. thesis [here] (also in Portuguese), if you are interested check it out the papers section that we published associated with this subject.
Besides my research background, I used to work as a Security Analyst at Brazilian National CERT where we handle computer security incidents associated with Brazilian network address space, including phishing, DDoS, malware, and misconfigured services used in amplification attacks.
You can find a list of projects that I'm working on.
Concordia - DDoS Clearing House for Europe - Piloting a DDoS Clearing House for Europe
NoMore DDoS - Dutch anti-DDoS coalition is a partnership against DDoS attacks.
PAADDoS - Plannning for Anycast as Anti-DDoS [colaborator] - Perform applied research in Anycast services aiming to provide tools and recomendations for DNS operators.
SAND [ended 2020] - Perform applied research in Anycast services aiming to provide tools and recomendations for DNS operators.
MARS [ended 2018] - Malware analysis system based on SDN
IoT malware investigation - Investigate IoT malware characteristics.
Online discoverability and vulnerabilities of ICS/SCADA devices in the Netherlands - Online discoverability and vulnerabilities a report to Dutch Ministry of Defence
Are Darknets All The Same? On Darknet Visibility for Security Monitoring.
2019 IEEE International Symposium on Local and Metropolitan Area Networks
Improving IoT Botnet Investigation Using an Adaptive Network Layer
2019 Threat Identification and Defence for Internet-of-Things - Sensors - MDPI AG, Basel, Switzerland
An sdn-based malware analysis solution
2016 IEEE Symposium on Computers and Communication (ISCC)
MARS: From traffic containment to network reconfiguration in malware-analysis systems
2017 Computer Networks: The International Journal of Computer and Telecommunications Networking - Elsevier
Botnet master detection using a mashup-based approach
2010 International Conference on Network and Service Management
Anatomy of SIP Attacks
; login:: the magazine of USENIX & SAGE, 2012
On using mashups for composing network management applications
IEEE Communications Magazine Year: 2010, Volume: 48, Issue: 12
Identifying botnet communications using a mashup-based approach
2011 7th Latin American Network Operations and Management Symposium
Honeypots as a security mechanism
MonAm (2006 set.: Tübingen, Germany). Proceedings of the IEEE/IST. Tubingen: IEEE, 200
Dzul Dzulqarnain (Master) - IoT Botnet
Christodoulos Tziampazis (Bachelor) - Medical devices discoverability
Christian Scholten (Bachelor) - Characterizing low-cost routers attacks