About Me

I'm a post-doctoral network security researcher in the Design and Analysis of Communication Systems (DACS) group at the Faculty of Electrical Engineering, Maths and Computer Science (EEMCS) at the University of Twente, The Netherlands.

Currently, I coordinate the activities of the SAND project that is supported by SIDN, University of Twente, and NLNETLABS.

My background is in applied network security research, in particular, to investigate malware behaviors. In my master s degree, I studied botnet tracking mechanisms using network flows and malware analysis. You can find my master's thesis [here] (in Portuguese only), however, we have published few papers with the result of that research, see papers section.
During my Ph.D. I developed a malware analysis environment based on SDN (Software-Defined Networking). The idea is to manipulate the flows originated from malware to triggers unseen malware behaviors. You can find my Ph.D. thesis [here] (also in Portuguese), if you are interested check it out the papers section that we published associated with this subject.

Besides my research background, I used to work as a Security Analyst at Brazilian National CERT where we handle computer security incidents associated with Brazilian network address space, including phishing, DDoS, malware, and misconfigured services used in amplification attacks.

Research

You can find a list of projects that I'm working on.

SAND - Perform applied research in Anycast services aiming to provide tools and recommendations for DNS operators.
MARS - Malware analysis system based on SDN
IoT malware investigation - Investigate IoT malware characteristics.

Publications

An sdn-based malware analysis solution
João Marcelo Ceron; Cíntia Borges Margi; Lisandro Zambenedetti Granville
2016 IEEE Symposium on Computers and Communication (ISCC)
MARS: From traffic containment to network reconfiguration in malware-analysis systems
João Marcelo Ceron, Cíntia Borges Margi, Lisandro Zambenedetti Granville
2017 Computer Networks: The International Journal of Computer and Telecommunications Networking - Elsevier
Botnet master detection using a mashup-based approach
Carlos Raniery P. dos Santos; Rafael Santos Bezerra; João Marcelo Ceron; Lisandro Zambenedetti Granville; Liane M. R. Tarouco
2010 International Conference on Network and Service Management
Anatomy of SIP Attacks
João Marcelo Ceron, Klaus Steding-Jessen, Cristine Hoeper
; login:: the magazine of USENIX & SAGE, 2012
On using mashups for composing network management applications
Carlos Raniery Paula dos Santos; Rafael Santos Bezerra; João Marcelo Ceron; Lisandro Zambenedetti Granville; Liane Margarida Rockenbach Tarouco
IEEE Communications Magazine Year: 2010, Volume: 48, Issue: 12
Identifying botnet communications using a mashup-based approach
Carlos Raniery P. dos Santos; Rafael Santos Bezerra; João Marcelo Ceron; Lisandro Zambenedetti Granville; Liane M. R. Tarouco
2011 7th Latin American Network Operations and Management Symposium
Honeypots as a security mechanism
Emerson Salvadori Virti, Liane Margarida Rockenbach Tarouco, Lisandro Zambenedetti Granville, Leandro Márcio Bertholdo,João Marcelo Ceron
MonAm (2006 set.: Tübingen, Germany). Proceedings of the IEEE/IST. Tubingen: IEEE, 200

Students

Dzul Dzulqarnain (Master) - IoT Botnet