Abstract
Huge efforts and resources are spent every year on prevention and recovery of cyberattacks targeting users, services and network infrastructures. Software-Defined Networking (SDN) is a technology providing advances to the field of security with the ability of programming the network, promoting high-performance solutions and efficient resource utilization at low costs, as the use of specialized hardware is avoided. The present paper aims at exploring the SDN paradigm to develop an SDN-based framework for prevention and mitigation of malicious attacks throuhgt the network. The framework design and proposal has concerns regarding the efficient use of network and computational resources, distributing the inspection of suspicious flows by distinct Intrusion Detection Systems. For this purpose, a load-balancing strategy for traffic inspection is devised, allowing to balance both the usage of resources and the analysis of traffic flows. In this way, this paper also sheds light on the usage of OpenFlow messages to build distributed SDN-based applications with the mentioned properties.

Abstract
With continuous technological advancement, multihomed devices are becoming common. They can connect simultaneously to multiple networks through different interfaces. However, since TCP sessions are bound to one interface per device, it hampers applications from taking advantage of all the available connected networks. This has been solved by MPTCP, introduced as a seamless extension to TCP, allowing more reliable sessions and enhanced throughput. However, MPTCP comes with an inherent risk, as it becomes easier to fragment attacks towards evading NIDS. This paper presents a study of how MPTCP can be used to evade NIDS through simple cross-path attacks. It also introduces tools to facilitate assessing MPTCP-based services in diverse network topologies using an emulation environment. Finally, a new solution is proposed to prevent cross-path attacks through uncoordinated networks. This solution consists of a hostlevel plugin that allows MPTCP sessions only through trusted networks, even in the presence of a NAT.

Abstract
To address the challenge of detecting stealthy port scans in high-speed networks, this paper introduces p4SD, a lightweight anomaly detection system that identifies reconnaissance activities directly within programmable data planes. Leveraging the P4 language, p4SD uses a cyclic fingerprint buffer and frequency analysis to monitor for anomalous traffic without relying on attack signatures. The system is designed to detect both fast and slow port scans, as its method of measuring relative changes in distinct fingerprints between cycles effectively identifies both the rapid spikes from fast scans and the gradual increases from slow scans. The proof-of-concept demonstrates resource efficiency, achieving throughput close to the hardware's theoretical limits, detecting scan activity in near real-time, and enabling timely responses to potential threats. With over 99% detection accuracy for slow scans, these findings establish p4SD as a practical and scalable solution for real-time, in-network threat detection in modern SDN environments. © 2025 University of Split, FESB.

Abstract
The fast global expansion of online public services has transformed how governments interact with citizens, offering convenience and efficiency. However, this digital transformation also introduces significant security risks, as sensitive data exchanged between users and service providers over public networks are exposed to cyber threats. Thus, ensuring the security and trustworthiness of these services is critical to the success of Electronic Government (EGOV) initiatives. This study evaluates the information security posture of 3068 public service platforms across all 193 UN Member States through non-intrusive assessments conducted in 2023 and 2024. The evaluation focuses on three key dimensions: (i) the adoption of secure end-to-end communication protocols, (ii) the trustworthiness of digital certificate chains, and (iii) the exposure of hosting servers to known vulnerabilities. The findings reveal that while some progress has been made in securing online public services, substantial gaps remain in the implementation of international security standards and best practices. Many platforms continue to rely on outdated cryptographic protocols, misconfigured certificates, and unpatched vulnerabilities, leaving citizens and services vulnerable to cyber threats due to weaknesses that malicious actors can easily and inconspicuously identify. These insights emphasize the need for effective implementation of more comprehensive cybersecurity policies, proactive security assessments, and improved regulatory compliance checks. Additionally, this work provides actionable guidance for governments and system administrators to enhance the security of EGOV infrastructures by addressing persistent vulnerabilities and adopting robust cybersecurity practices.

Abstract
This article delves into the pivotal role of expert systems in bolstering information security, with a specific emphasis on their effectiveness in awareness and training programs aimed at thwarting social engineering attacks. Employing a snowball methodology, the research expands upon seminal works, highlighting the intersection between expert systems and cybersecurity. The study identifies a gap in current understanding and aims to contribute valuable insights to the field. By analyzing five key articles as seeds, the research explores the landscape of expert systems in information security, emphasizing their potential impact on cultivating robust defenses against evolving cyber threats.

Abstract
Network traffic sampling is an effective method for understanding the behavior and dynamics of a network, being essential to assist network planning and management. Tasks such as controlling Service Level Agreements or Quality of Service, as well as planning the capacity and the safety of a network can benefit from traffic sampling advantages. The main objective of this paper is focused on evaluating the impact of sampling network traffic on: (i) achieving a low-overhead estimation of the network state and (ii) assessing the statistical properties that sampled network traffic presents regarding the eventual persistence of LongRange Dependence (LRD). For that, different Hurst parameter estimators have been used. Facing the impact of LRD on network congestion and traffic engineering, this work will help clarify the suitability of distinct sampling techniques in accurate network analysis.