Your search keyword '"Berrocal, Julio"' showing total 3 results

1. Leveraging Explainable Artificial Intelligence in Real-Time Cyberattack Identification: Intrusion Detection System Approach.

Author

Larriva-Novo, Xavier, Sánchez-Zas, Carmen, Villagrá, Víctor A., Marín-Lopez, Andrés, and Berrocal, Julio

Subjects

ARTIFICIAL intelligence, MACHINE learning, COMPUTER science, CYBERTERRORISM, RANDOM forest algorithms, INTRUSION detection systems (Computer security)

Abstract

Cyberattacks are part of the continuous race, where research in computer science both contributes to discovering new threats and vulnerabilities and also mitigates them. When new vulnerabilities are not reported but sold to attackers, they are called "zero-days," and are particularly difficult to identify. Modern intrusion detection systems (IDS) that leverage artificial intelligence (AI) and machine learning (ML) are becoming essential in identifying these cyber threats. This study presents the design of an IDS using ML and Explainable AI (XAI) techniques for real-time classification of various detected cyberattacks. By utilizing frameworks such as Apache Kafka and Spark, along with libraries such as Scikit-learn and SHAP, the system identifies and classifies normal or anomalous network traffic in real-time. The XAI offers the IDS the option to explain the rationale behind each classification. The primary aim of this research is to develop a flexible and scalable IDS that can provide clear explanations for its decisions. The second aim is to compare and analyze different ML models to achieve the best results in terms of accuracy, f1, recall, and precision. Random Forest models proposed in this research article obtained the best results in figuring out the key features identified by the XAI model, which includes Ct_state_ttl, Sttl, Dmean, and Dbytes from the UNSW-NB15 dataset. Finally, this research work introduces different machine learning algorithms with superior performance metrics compared to other real-time classification methods. [ABSTRACT FROM AUTHOR]

Published

2023

2. Efficient Distributed Preprocessing Model for Machine Learning-Based Anomaly Detection over Large-Scale Cybersecurity Datasets.

Author

Larriva-Novo, Xavier, Vega-Barbas, Mario, Villagrá, Víctor A., Rivera, Diego, Álvarez-Campana, Manuel, and Berrocal, Julio

Subjects

ANOMALY detection (Computer security), COMPUTER performance, DISTRIBUTED computing, INTERNET security, DECISION trees, MULTILAYER perceptrons

Abstract

New computational and technological paradigms that currently guide developments in the information society, i.e., Internet of things, pervasive technology, or Ubicomp, favor the appearance of new intrusion vectors that can directly affect people's daily lives. This, together with advances in techniques and methods used for developing new cyber-attacks, exponentially increases the number of cyber threats which affect the information society. Because of this, the development and improvement of technology that assists cybersecurity experts to prevent and detect attacks arose as a fundamental pillar in the field of cybersecurity. Specifically, intrusion detection systems are now a fundamental tool in the provision of services through the internet. However, these systems have certain limitations, i.e., false positives, real-time analytics, etc., which require their operation to be supervised. Therefore, it is necessary to offer architectures and systems that favor an efficient analysis of the data handled by these tools. In this sense, this paper presents a new model of data preprocessing based on a novel distributed computing architecture focused on large-scale datasets such as UGR'16. In addition, the paper analyzes the use of machine learning techniques in order to improve the response and efficiency of the proposed preprocessing model. Thus, the solution developed achieves good results in terms of computer performance. Finally, the proposal shows the adequateness of decision tree algorithms for training a machine learning model by using a large dataset when compared with a multilayer perceptron neural network. [ABSTRACT FROM AUTHOR]

Published

2020

3. Ontology-Based System for Dynamic Risk Management in Administrative Domains.

Author

Vega-Barbas, Mario, Villagrá, Víctor A., Monje, Fernando, Riesco, Raúl, Larriva-Novo, Xavier, and Berrocal, Julio

Subjects

DYNAMICAL systems, RISK management in business, ONTOLOGIES (Information retrieval), ARCHITECTURAL design, INFORMATION resources, INTERNET security

Abstract

Featured Application: The proposed system will allow for dynamic measurement and calculation of cybersecurity risk metrics in an administrative domain with just some asset estimations. With the increasing complexity of cyberthreats, it is necessary to have tools to understand the changing context in real-time. This document will present architecture and a prototype designed to model the risk of administrative domains, exemplifying the case of a country in real-time, specifically, Spain. In order to carry out this task, a modeling of the assets and threats detected by various sources of information has been carried out. All this information is stored as knowledge making use of ontologies, which enables the application of reasoning engines in order to infer new knowledge that can be used later in the following reasoning. This modeling and reasoning have been enriched with a dynamic system for managing the trust of the different sources of information and capabilities for increased reliability with the inclusion of additional threat intelligence information. [ABSTRACT FROM AUTHOR]

Published

2019