ChamaleoNet: Programmable Passive Probe for Enhanced Visibility on Erroneous Traffic

• URL: http://arxiv.org/abs/2508.12496v1
• Date: Sun, 17 Aug 2025 20:54:41 GMT
• Title: ChamaleoNet: Programmable Passive Probe for Enhanced Visibility on Erroneous Traffic
• Authors: Zhihao Wang, Alessandro Cornacchia, Andrea Bianco, Idilio Drago, Paolo Giaccone, Dingde Jiang, Marco Mellia,
• Abstract summary: ChamaleoNet transforms any production network into a transparent monitor to let administrators collect unsolicited and erroneous traffic directed to hosts.<n>ChamaleoNet is programmed to ignore well-formed traffic and collect only erroneous packets.<n>Simple analytics unveil internal and infected hosts, identify temporary failures, and enhance visibility on external radiation produced by attackers looking for vulnerable services.
• Score: 48.87214752144106
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Traffic visibility remains a key component for management and security operations. Observing unsolicited and erroneous traffic, such as unanswered traffic or errors, is fundamental to detect misconfiguration, temporary failures or attacks. ChamaleoNet transforms any production network into a transparent monitor to let administrators collect unsolicited and erroneous traffic directed to hosts, whether offline or active, hosting a server or a client, protected by a firewall, or unused addresses. ChamaleoNet is programmed to ignore well-formed traffic and collect only erroneous packets, including those generated by misconfigured or infected internal hosts, and those sent by external actors which scan for services. Engineering such a system poses several challenges, from scalability to privacy. Leveraging the SDN paradigm, ChamaleoNet processes the traffic flowing through a campus/corporate network and focuses on erroneous packets only, lowering the pressure on the collection system while respecting privacy regulations by design. ChamaleoNet enables the seamless integration with active deceptive systems like honeypots that can impersonate unused hosts/ports/services and engage with senders. The SDN in-hardware filtering reduces the traffic to the controller by 96%, resulting in a scalable solution, which we offer as open source. Simple analytics unveil internal misconfigured and infected hosts, identify temporary failures, and enhance visibility on external radiation produced by attackers looking for vulnerable services.

Related papers

• Securing the Model Context Protocol (MCP): Risks, Controls, and Governance [1.4072883206858737]
  We focus on three types of adversaries that take advantage of MCP s flexibility.<n>Based on early incidents and proof-of-concept attacks, we describe how MCP can increase the attack surface.<n>We propose a set of practical controls, including per-user authentication with scoped authorization.
  arXiv  Detail & Related papers  (2025-11-25T23:24:26Z)
• VisualTrap: A Stealthy Backdoor Attack on GUI Agents via Visual Grounding Manipulation [68.30039719980519]
  This work reveals that the visual grounding of GUI agent-mapping textual plans to GUI elements can introduce vulnerabilities.<n>With backdoor attack targeting visual grounding, the agent's behavior can be compromised even when given correct task-solving plans.<n>We propose VisualTrap, a method that can hijack the grounding by misleading the agent to locate textual plans to trigger locations instead of the intended targets.
  arXiv  Detail & Related papers  (2025-07-09T14:36:00Z)
• Poison Once, Control Anywhere: Clean-Text Visual Backdoors in VLM-based Mobile Agents [34.286224884047385]
  This work introduces VIBMA, the first clean-text backdoor attack targeting VLM-based mobile agents.<n>The attack injects malicious behaviors into the model by modifying only the visual input.<n>We show that our attack achieves high success rates while preserving clean-task behavior.
  arXiv  Detail & Related papers  (2025-06-16T08:09:32Z)
• DRIFT: Dynamic Rule-Based Defense with Injection Isolation for Securing LLM Agents [52.92354372596197]
  Large Language Models (LLMs) are increasingly central to agentic systems due to their strong reasoning and planning capabilities.<n>This interaction also introduces the risk of prompt injection attacks, where malicious inputs from external sources can mislead the agent's behavior.<n>We propose a Dynamic Rule-based Isolation Framework for Trustworthy agentic systems, which enforces both control and data-level constraints.
  arXiv  Detail & Related papers  (2025-06-13T05:01:09Z)
• QUIC-Exfil: Exploiting QUIC's Server Preferred Address Feature to Perform Data Exfiltration Attacks [0.259990372084357]
  We show the feasibility of a QUIC-based data exfiltration attack using the server preferred address feature of the QUIC protocol.<n>A novel method leveraging the server preferred address feature of the QUIC protocol allows an attacker to exfiltrate sensitive data from an infected machine to a malicious server.<n>The attack is implemented as a proof of concept tool in Rust.
  arXiv  Detail & Related papers  (2025-05-08T14:31:28Z)
• Intelligent Detection of Non-Essential IoT Traffic on the Home Gateway [45.70482328441101]
  This work presents ML-IoTrim, a system for detecting and mitigating non-essential IoT traffic by analyzing network behavior at the edge.<n>We test our framework in a consumer smart home setup with IoT devices from five categories, demonstrating that the model can accurately identify and block non-essential traffic.<n>This research advances privacy-aware traffic control in smart homes, paving the way for future developments in IoT device privacy.
  arXiv  Detail & Related papers  (2025-04-22T09:40:05Z)
• A Decentralized and Self-Adaptive Approach for Monitoring Volatile Edge Environments [40.96858640950632]
  We propose DEMon, a decentralized self-adaptive monitoring system for edge. We implement the proposed system as a lightweight and portable container-based system and evaluate it through experiments. The results show that DEMon efficiently disseminates and retrieves the monitoring information, addressing the challenges of edge monitoring.
  arXiv  Detail & Related papers  (2024-05-13T14:47:34Z)
• Self-adaptive Traffic Anomaly Detection System for IoT Smart Home Environments [0.664115309304513]
  This paper proposes a self-adaptive anomaly detection system for IoT traffic, including unknown attacks. The proposed system can adapt to unknown attacks to reflect pattern changes in anomalous traffic based on real-time captured traffic.
  arXiv  Detail & Related papers  (2024-03-05T07:58:02Z)
• Secure Routing for Mobile Ad hoc Networks [2.965855310793378]
  We present a route discovery protocol that mitigates the effects of malicious behavior in MANET networks. Our protocol guarantees that fabricated, compromised, or replayed route replies would either be rejected or never reach back the querying node. The scheme is robust in the presence of a number of non-colluding nodes.
  arXiv  Detail & Related papers  (2024-03-01T09:50:00Z)
• Erasing, Transforming, and Noising Defense Network for Occluded Person Re-Identification [36.91680117072686]
  We propose Erasing, Transforming, and Noising Defense Network (ETNDNet) to solve occluded person re-ID. In the proposed ETNDNet, we randomly erase the feature map to create an adversarial representation with incomplete information. Thirdly, we perturb the feature map with random values to address noisy information introduced by obstacles and non-target pedestrians.
  arXiv  Detail & Related papers  (2023-07-14T06:42:21Z)
• OblivIO: Securing reactive programs by oblivious execution with bounded traffic overheads [0.0]
  Traffic analysis attacks remain a significant problem for online security.<n>Despite online services increasingly using encrypted traffic, the shape of the traffic is not hidden.<n>We present OblivIO, a secure language for writing reactive programs driven by network events.
  arXiv  Detail & Related papers  (2023-01-19T15:59:33Z)
• TANTRA: Timing-Based Adversarial Network Traffic Reshaping Attack [46.79557381882643]
  We present TANTRA, a novel end-to-end Timing-based Adversarial Network Traffic Reshaping Attack. Our evasion attack utilizes a long short-term memory (LSTM) deep neural network (DNN) which is trained to learn the time differences between the target network's benign packets. TANTRA achieves an average success rate of 99.99% in network intrusion detection system evasion.
  arXiv  Detail & Related papers  (2021-03-10T19:03:38Z)
• Challenges in Net Neutrality Violation Detection: A Case Study of Wehe Tool and Improvements [0.0]
  We focus on Wehe,' the most recent tool developed to detect net-neutrality violations. We highlight critical weaknesses in Wehe where its replay traffic is not being correctly classified as intended services. We propose a new method in which the SNI parameter is set appropriately in the initial TLS handshake.
  arXiv  Detail & Related papers  (2021-01-12T15:42:30Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.