Percorrer por autor "Santos, Leonel"
A mostrar 1 - 8 de 8
Resultados por página
Opções de ordenação
- CoAP Flow Signatures for the Internet of ThingsPublication . Canuto, Luis; Santos, Leonel; Vieira, Leandro; Goncalves, Ramiro; Rabadão, CarlosThe development of technology brought an exponential evolution of IoT networks, and with a number of different devices connected to the Internet, meaning, more IP addresses, traffic and devices susceptible to attacks. These types of networks are characterized by their interoperability and low resources, making it a complex ecosystem and making it difficult to implement management and monitoring measures, leading to a lack of security. Considering the impact that IoT networks have on the market, their protection is essential and, is now one of the themes in constant evolution. With the focus on security, this work aims to characterize a CoAP and CoAPS signatures, through the analysis of a flow in a test scenario and recognize the types of messages of the signature and what is their impact on the network and later creating rules that could help an IDS, in order to save resources and time. When analyzing the flows, it was concluded that it is possible to identify some characteristics of a signature, such as identifying Confirmable and Non-Confirmable messages.
- Engineering the application of machine learning in an IDS based on IoT traffic flowPublication . Prazeres, Nuno; Costa, Rogério Luís de C.; Santos, Leonel; Rabadão, CarlosInternet of Things (IoT) devices are now widely used, enabling intelligent services that, in association with new communication technologies like the 5G and broadband internet, boost smart-city environments. Despite their limited resources, IoT devices collect and share large amounts of data and are connected to the internet, becoming an attractive target for malicious actors. This work uses machine learning combined with an Intrusion Detection System (IDS) to detect possible attacks. Due to the limitations of IoT devices and low latency services, the IDS must have a specialized architecture. Furthermore, although machine learning-based solutions have high potential, there are still challenges related to training and generalization, which may impose constraints on the architecture. Our proposal is an IDS with a distributed architecture that relies on Fog computing to run specialized modules and use deep neural networks to identify malicious traffic inside IoT data flows. We compare our IoT-Flow IDS with three other architectures. We assess model generalization using test data from different datasets and evaluate their performance in terms of Recall, Precision, and F1-Score. Results confirm the feasibility of flowbased anomaly detection and the importance of network traffic segmentation and specialized models in the AI-based IDS for IoT.
- Evaluation of AI-based Malware Detection in IoT Network TrafficPublication . Prazeres, Nuno; Costa, Rogério Luís de C.; Santos, Leonel; Rabadão, CarlosInternet of Things (IoT) devices have become day-to-day technologies. They collect and share a large amount of data, including private data, and are an attractive target of potential attackers. On the other hand, machine learning has been used in several contexts to analyze and classify large volumes of data. Hence, using machine learning to classify network traffic data and identify anomalous traffic and potential attacks promises. In this work, we use deep and traditional machine learning to identify anomalous traffic in the IoT-23 dataset, which contains network traffic from real-world equipment. We apply feature selection and encoding techniques and expand the types of networks evaluated to improve existing results from the literature. We compare the performance of algorithms in binary classification, which separates normal from anomalous traffic, and in multiclass classification, which aims to identify the type of attack.
- GPT and Interpolation-Based Data Augmentation for Multiclass Intrusion Detection in IIoTPublication . Melicias, Francisco S.; Ribeiro, Tiago F. R.; Rabadão, Carlos; Santos, Leonel; Costa, Rogério Luís de C.The absence of essential security protocols in Industrial Internet of Things (IIoT) networks introduces cybersecurity vulnerabilities and turns them into potential targets for various attack types. Although machine learning has been used for intrusion detection in the IIoT, datasets with representative data of common attacks of IIoT network traffic are limited and often imbalanced. Data augmentation techniques address these problems by creating artificial data in classes with fewer samples. In this work, we evaluate the use of data augmentation when training intrusion detection models based on IIoT traffic data. We compare Generative Pre-trained Transformers (GPT) and variations on the Synthetic Minority Over-sampling TEchnique (SMOTE) and evaluate their capability to enhance intrusion detection performance. We examine the performance of five intrusion detection algorithms when trained with augmented datasets to models trained with the original non-augmented dataset. To ensure a fair comparison, we evaluated the algorithms’ performance in the different scenarios using the same test dataset, which does not contain synthetic data. The results show the need for a systematic evaluation before employing data augmentation, as its impact on classification performance depends on the algorithm, data, and used technique. While deep neural networks benefit from data augmentation, the eXtreme Gradient Boosting (XGBoost), which achieved superior performance in intrusion detection between all evaluated classifiers (with F1-Score over 91%), didn’t have any performance improvement when trained with augmented data. The evaluation of data generated by GPT-based methods shows such methods (especially GReaT) generate invalid data for both numerical and categorical features in a way that leads to performance degradation in multiclass classification.
- Identifying Attack Signatures for the Internet of Things: An IP Flow Based ApproachPublication . Vieira, Leandro; Santos, Leonel; Goncalves, Ramiro; Rabadão, CarlosAt the time of more and more devices being connected to the internet, personal and sensitive information is going around the network more than ever. Thus, security and privacy regarding IoT communications, devices, and data are a concern due to the diversity of the devices and protocols used. Since traditional security mechanisms cannot always be adequate due to the heterogeneity and resource limitations of IoT devices, we conclude that there are still several improvements to be made to the 2nd line of defense mechanisms like Intrusion Detection Systems. Using a collection of IP flows, we can monitor the network and identify properties of the data that goes in and out. Since network flows collection have a smaller footprint than packet capturing, it makes it a better choice towards the Internet of Things networks. This paper aims to study IP flow properties of certain network attacks, with the goal of identifying an attack signature only by observing those properties.
- Log pseudonymization: Privacy maintenance in practicePublication . Varanda, Artur; Santos, Leonel; Costa, Rogério Luís de C.; Oliveira, Adail; Rabadão, CarlosMobile phones, social media, and Internet of Things (IoT) devices are examples of day-to-day technologies that collect large amounts of data, including people's location, habits, and preferences. The first regulations on digital data collection and processing privacy were created decades ago, but such an increased amount of collected digital data and the risks associated with the illegal processing and exposure of personal information led to several new regulations, including the European General Data Protection Regulation. Recent regulations require that personal data controllers implement several technical and organizational measures to protect data privacy. Much attention was given to data gathering, storage, and processing at system and database levels. But at the system administration level, log files usually store data that can lead to the identification of an individual, which means they must be processed to guarantee personal data privacy. In this work, we deal with pseudonymization. We discuss log sources, formats and data, log management architectures, and the log processing pipeline, considering pseudonymization and security requirements. We describe an architecture for log pseudonymization during the ingestion phase and present its implementation using Elasticsearch, Logstash, and Kibana, providing conclusions and helpful insights on log pseudonymization for privacy protection.
- MQTT Flow Signatures for the Internet of ThingsPublication . Leal, Roberto; Santos, Leonel; Vieira, Leandro; Gonçalves, Ramiro; Rabadão, CarlosThe number of IoT devices and the volume of network traffic has grown continuously during the past years. IoT devices are smart devices designed with simple functions in mind, like collecting the temperature or opening a door. However, IoT devices lack a good security layer due to lack of resources: small memory, processor and/or battery. Consequently, new potential attacks and security problems have arisen. In order to detect and mitigate these security problems Intrusion Detection Systems (IDS) can be used, However, abnormal traffic must be distinguished from normal IoT patterns. In this article, a study was done on characterization of traffic signatures of two typical IoT application protocols - MQTT and MQTTS - with the objective of generating and collecting IP flows of said traffic. An IoT application scenario was simulated and using the traffic collected, an analysis of MQTT and MQTTS flows were elaborated to identify flow-based signatures that could be used to identify the network traffic of IoT application protocols.
- Soluções SIEM open source: um estudo comparativoPublication . Vazão, Ana; Santos, Leonel; Piedade, Maria Beatriz; Rabadão, CarlosOs ataques informáticos estão a aumentar de complexidade e de número de ocorrências, tornando primordial implementar ferramentas como o Security Information and Event Management (SIEM) para mitigar os riscos, uma vez que as Organizações dependem cada vez mais dos sistemas informáticos para o desenvolvimento das suas atividades. O presente trabalho compara várias soluções SIEM open source, recorrendo à pesquisa bibliográfica e à implementação de vários cenários de testes, com o objetivo de criar um protótipo e de efetuar a avaliação do mesmo em contexto de produção. A solução escolhida vai ter de ter em consideração as exigências legais do Regulamento Geral de Proteção de Dados, como é o caso da anonimização e da pseudoanonimização dos dados sensíveis, o tempo de retenção dos logs e a sua encriptação.