Search

Your search keyword '"Fernández Maimó, Lorenzo"' showing total 21 results
Start Over Author "Fernández Maimó, Lorenzo"
21 results on '"Fernández Maimó, Lorenzo"'

5. Securing Smart Offices Through an Intelligent and Multi-device Continuous Authentication System

Author

Sánchez Sánchez, Pedro Miguel, Huertas Celdrán, Alberto, Fernández Maimó, Lorenzo, Martínez Pérez, Gregorio, Wang, Guojun, Barbosa, Simone Diniz Junqueira, Editorial Board Member, Filipe, Joaquim, Editorial Board Member, Ghosh, Ashish, Editorial Board Member, Kotenko, Igor, Editorial Board Member, Zhou, Lizhu, Editorial Board Member, Wang, Guojun, editor, El Saddik, Abdulmotaleb, editor, Lai, Xuejia, editor, Martinez Perez, Gregorio, editor, and Choo, Kim-Kwang Raymond, editor

Published
2019
Full Text
View/download PDF

9. VAASI: Crafting valid and abnormal adversarial samples for anomaly detection systems in industrial scenarios

Author

Perales Gómez, Angel Luis; https://orcid.org/0000-0003-1004-881X, Fernández Maimó, Lorenzo; https://orcid.org/0000-0003-2027-4239, Huertas Celdran, Alberto; https://orcid.org/0000-0001-7125-1710, García Clemente, Félix J; https://orcid.org/0000-0001-6181-5033, Perales Gómez, Angel Luis; https://orcid.org/0000-0003-1004-881X, Fernández Maimó, Lorenzo; https://orcid.org/0000-0003-2027-4239, Huertas Celdran, Alberto; https://orcid.org/0000-0001-7125-1710, and García Clemente, Félix J; https://orcid.org/0000-0001-6181-5033

Abstract

In the realm of industrial anomaly detection, machine and deep learning models face a critical vulnerability to adversarial attacks. In this context, existing attack methodologies primarily target continuous features, often in the context of images, making them unsuitable for the categorical or discrete features prevalent in industrial systems. To fortify the cybersecurity of industrial environments, this paper introduces a groundbreaking adversarial attack approach tailored to the unique demands of these settings. Our novel technique enables the creation of targeted adversarial samples that are valid within the framework of supervised cyberattack detection models in industrial scenarios, preserving the consistency of discrete values and correcting cases where an adversarial sample transitions into a normal one. Our approach leverages the SHAP interpretability method to identify the most salient features for each sample. Subsequently, the Projected Gradient Descent technique is employed to perturb continuous features, ensuring adversarial sample generation. To handle categorical features for a specific adversarial sample, our method scrutinizes the closest sample within the normal training dataset and replicates its categorical feature values. Additionally, Decision Trees trained within a Random Forest are utilized to ensure that the resulting adversarial samples maintain the essential abnormal behavior required for detection. The validation of our proposal was conducted using the WADI dataset obtained from a water distribution plant, providing a realistic industrial context. During validation, we assessed the mean error and the total number of adversarial samples generated by our approach, comparing it with the original Projected Gradient Descent method and the Carlini & Wagner attack across various parameter configurations. Remarkably, our proposal consistently achieved the best trade-off between mean error and the number of generated adversarial samples, showcasi

Published
2023

10. An interpretable semi‐supervised system for detecting cyberattacks using anomaly detection in industrial scenarios

Author

Perales Gómez, Angel Luis; https://orcid.org/0000-0003-1004-881X, Fernández Maimó, Lorenzo; https://orcid.org/0000-0003-2027-4239, Huertas Celdran, Alberto; https://orcid.org/0000-0001-7125-1710, García Clemente, Félix J; https://orcid.org/0000-0001-6181-5033, Perales Gómez, Angel Luis; https://orcid.org/0000-0003-1004-881X, Fernández Maimó, Lorenzo; https://orcid.org/0000-0003-2027-4239, Huertas Celdran, Alberto; https://orcid.org/0000-0001-7125-1710, and García Clemente, Félix J; https://orcid.org/0000-0001-6181-5033

Abstract

When detecting cyberattacks in Industrial settings, it is not sufficient to determine whether the system is suffering a cyberattack. It is also fundamental to explain why the system is under a cyberattack and which are the assets affected. In this context, the Anomaly Detection based on Machine Learning (ML) and Deep Learning (DL) techniques showed great performance when detecting cyberattacks in industrial scenarios. However, two main limitations hinder using them in a real environment. Firstly, most solutions are trained using a supervised approach, which is impractical in the real industrial world. Secondly, the use of black‐box ML and DL techniques makes it impossible to interpret the decision made by the model. This article proposes an interpretable and semi‐supervised system to detect cyberattacks in Industrial settings. Besides, our proposal was validated using data collected from the Tennessee Eastman Process. To the best of our knowledge, this system is the only one that offers interpretability together with a semi‐supervised approach in an industrial setting. Our system discriminates between causes and effects of anomalies and also achieved the best performance for 11 types of anomalies out of 20 with an overall recall of 0.9577, a precision of 0.9977, and a F1‐score of 0.9711.

Published
2023

12. 31 Review of MADICS: A Methodology for Anomaly Detection in Industrial Control Systems

Author

Perales Gómez, Ángel Luis, Fernández Maimó, Lorenzo, Huertas Celdrán, Alberto, and García Clemente, Félix J.

Subjects
critical infrastructures, machine learning, industrial control systems, deep learning, anomaly detection
Abstract

Diverse cyberattack detection systems have been proposed over the years in the context of Industrial Control Systems (ICS). However, the lack of standard methodologies to detect cyberattacks in industrial scenarios prevents researchers from accurately comparing proposals and results. In this work, we present MADICS, a methodology to detect cyberattacks in industrial scenarios that intends to be a guideline for future works in the field. In order to validate MADICS, we used the popular SWaT dataset, which was collected from a fully operational water treatment plant. The experiments showed that following MADICS, we achieved state-of-the-art precision of 0.984, as well as a recall of 0.750 and F1-score of 0.851, above the average of other works, proofing that the proposed methodology is suitable to be used in real industrial scenarios.

Published
2021

15. BEHACOM - a dataset modelling users’ behaviour in computers

Author

Sánchez Sánchez, Pedro M., primary, Jorquera Valero, José M., additional, Zago, Mattia, additional, Huertas Celdrán, Alberto, additional, Fernández Maimó, Lorenzo, additional, López Bernal, Eduardo, additional, López Bernal, Sergio, additional, Martínez Valverde, Javier, additional, Nespoli, Pantaleone, additional, Pastor Galindo, Javier, additional, Perales Gómez, Ángel L., additional, Gil Pérez, Manuel, additional, and Martínez Pérez, Gregorio, additional

Published
2020
Full Text
View/download PDF

16. Detección de botnets y ransomware en redes de datos mediante técnicas de aprendizaje automático

Author

Fernández Maimó, Lorenzo, García Clemente, Félix Jesús, and Escuela Internacional de Doctorado

Subjects
0 - Generalidades.::00 - Ciencia y conocimiento. Investigación. Cultura. Humanidades.::004 - Ciencia y tecnología de los ordenadores. Informática.::004.2 - Arquitectura informática [CDU], Redes de ordenadores, Inteligencia artificial
Abstract

Los sistemas de ciberdefensa existentes basados en Sistemas de Detección de Intrusiones (IDS en inglés) incluyen enfoques proactivos para anticipar ataques que exploran vulnerabilidades en sistemas informáticos y así poder ejecutar acciones de mitigación. Sin embargo, existen entornos en los que los IDS tienen dificultades para alcanzar su objetivo. Por ejemplo, en el entorno de las redes de comunicaciones móviles, la próxima tecnología 5G impondrá velocidades de transmisión y volúmenes de datos tan altos que examinar todos los paquetes que circulen por la red será un reto inalcanzable para los IDS actuales. A esto hay que añadir que el volumen de datos que circulan cifrados por la red es cada día mayor, lo que impide el examen de la carga útil del paquete. Dos de los problemas de ciberserguridad más relevantes actualmente por su impacto y difusión son las botnets y el ransomware. Ambos tienen en común que generan tráfico de red siguiendo unos patrones característicos. Todos estos patrones pueden interpretarse como anomalías en el tráfico normal de la red, donde una anomalía puede definirse como un patrón que no se ajusta al comportamiento esperado o normal. El principal objetivo de esta tesis consiste en investigar la forma de aplicar métodos de aprendizaje automático a la detección de anomalías en redes de datos con restricciones motivadas, por ejemplo, por el volumen de tráfico circulante (redes 5G), tener que trabajar con tráfico cifrado (entornos clínicos), o la necesidad de una detección y mitigación automática y en tiempo real. Esta tesis plantea que un flujo por sí solo, sin acceso a la carga útil de los paquetes, no aporta suficiente información, y se propone estudiar si un contexto para ese flujo, formado por los flujos recibidos previamente durante un periodo de tiempo, permitiría una detección más precisa. Dada la pérdida de información, los patrones a detectar serán más complejos, siendo necesario emplear métodos de aprendizaje automático tanto clásicos como profundos. Esta tesis además defiende que la evaluación del tráfico podrá hacerse a la velocidad de las exigentes redes 5G, y que el tiempo de detección/mitigación permitirá impedir la propagación de ransomware. Todo esto de forma dinámica, inteligente, en tiempo real, e integrado dentro de una arquitectura adecuada. Para llevar a cabo estos objetivos se ha seguido la siguiente metodología: • Estudio de los sistemas de detección de anomalías basados en aprendizaje automático aplicados a redes de datos existentes en la literatura. • Identificación de escenarios donde la detección de anomalías suponga un reto, analizando la viabilidad del enfoque basado en flujos de red en estos contextos. • Estudio y selección de los algoritmos de aprendizaje automático más adecuados a cada escenario. • Planteamiento de una arquitectura basada en NFV/SDN para cada escenario que integre de forma dinámica y flexible detección y mitigación de anomalías en tiempo real. • Utilización de un conjunto de datos público existente adecuado para evaluar la propuesta o creación de uno para ponerlo a disposición de la comunidad científica. • Evaluación experimental de las arquitecturas propuestas en clasificación, consumo de recursos y velocidad de detección/mitigación. A continuación se enumeran los principales resultados obtenidos en el desarrollo de esta tesis doctoral. • Se presentó una forma novedosa de calcular un vector de características asociado a un flujo, incorporando información agregada de los flujos recibidos durante un tiempo antes para proporcionar a dicho flujo un contexto. • Se propuso un sistema adaptativo basado en NFV/SDN para la detección de anomalías en el contexto de las redes de datos sobre 5G. Integrado en este sistema se incluye un modelo de detección basado en aprendizaje profundo en dos niveles, donde el nivel inferior se ejecuta en el borde de la red detectando síntomas de anomalías que el nivel superior utiliza para identificar una posible anomalía global. • Se obtuvieron medidas del rendimiento en tiempo de ejecución al evaluar la implementación del modelo en el borde (una red neuronal profunda), con las bibliotecas de desarrollo para aprendizaje profundo más populares. Estos tiempos se emplearon para demostrar la adaptabilidad de la arquitectura propuesta para 5G. • Se determinó que dicha red neuronal profunda, usando el vector de características mencionado, es capaz de detectar tanto botnets conocidas como desconocidas. • Se presentó un segundo sistema basado en NFV/SDN, capaz de detectar, clasificar y mitigar ataques de ransomware en las habitaciones de hospital del futuro de forma automática, inteligente y en tiempo real. Este sistema se apoya en el vector de características diseñado e incorpora todo un ciclo de vida que incluye unas etapas fuera de línea para la adquisición de datos y entrenamiento junto con otras en tiempo real para la detección y mitigación. • Se ha mostrado la efectividad de esta propuesta para la detección y mitigación de ransomware conocido y desconocido, en tiempo suficientemente corto como para evitar su propagación, mediante experimentos realizados en un entorno virtualizado. Para ello se generó un conjunto de datos a partir de tráfico capturado en dicho entorno y se ha puesto a disposición de la comunidad científica The existing cyberdefense systems based on Intrusion Detection Systems (IDS) include (pro-)active approaches to anticipate and mitigate attacks that exploit vulnerabilities in computing systems. However, there exist environments in which IDS have difficulties in reaching their goal. For example, in the context of mobile communications, the high transmission rates and large data volumes expected in the future 5G technology will prevent actual IDS from examining every packet in the network. Additionally, the use of encrypted traffic is increasingly frequent, preventing payload examination. Two of the most relevant cybersecurity threats are botnets and ransomware. Both of them generate rather characteristic network traffic patterns which can be interpreted as anomalies in the normal network traffic. In general, an anomaly can be defined as a pattern that does not follow an expected behavior considered as normal. The main objective of this doctoral thesis is to research how to use machine learning techniques for anomaly detection in data networks with constraints. These constraints can be motivated, for example, by an enormous traffic volume (5G networks), encrypted traffic (clinical environments), or the requirement of automatic and real-time detection and mitigation, among others. This doctoral thesis argues that one only netflow, without accessing to the packet payload, does not provide sufficient information; therefore, it proposes adding a context to the netflow to allow a more accurate detection. This context will be obtained from the netflows received in a given period of time preceding the netflow in question. By using netflows, the detection must be done with less information; thus, the patterns to be detected will be more complex and it is necessary to utilize machine learning algorithms to identify them. Moreover, this work argues that this netflow evaluation can be done at the rate of the demanding 5G networks, and that the detection/mitigation time can prevent ransomware spread. All this is integrated into a suitable architecture, and it is done in real time, and in a dynamic and intelligent way. In order to achieve these goal, the following methodology has been applied: • Critical analysis of the machine learning-based anomaly detection systems applied to data networks in literature. • Identification of scenarios where anomaly detection is challenging by means of analyzing the feasibility of a netflow-based solution in these contexts. • Thorough study of a selected set of suitable machine learning algorithms for each scenario. • Design of an architecture based on NFV/SDN for each scenario, integrating anomaly detection and mitigation in a dynamic and flexible way, as well as in real time. • Use of an existing public data set appropriate to evaluate the proposal or creation of one to make it available to the scientific community. • Experimental evaluation of the proposed architectures in classification, resource consumption and detection/mitigation time. The main results obtained in the development of this doctoral thesis are listed below. • A novel way of calculating a feature vector associated to a netflow was presented. This feature vector incorporates aggregated information of the preceding netflows received in a time interval to provide a context to this netflow. • An adaptive system based on NFV/SDN was proposed for the detection of anomalies in the context of 5G data networks. Integrated into this system is a detection model based on deep learning at two levels. The lower level runs at the edge of the network, detecting symptoms of anomalies that the upper level uses to identify a potential global anomaly. • Runtime performance measures were obtained by evaluating the implementation of the model at the edge (a deep neural network), with the most popular deep learning development libraries. These measured times were used to demonstrate the adaptability of the proposed 5G architecture. • It was determined that this deep neural network, using the feature vector mentioned above, is capable of detecting both known and unknown botnets. • A second system based on NFV/SDN was introduced, capable of detecting, classifying and mitigating ransomware attacks in the hospital rooms of the future automatically, intelligently and in real time. This system builds on the designed feature vector and incorporates an entire life cycle that includes offline data acquisition and training, along with real-time detection and mitigation. • The effectiveness of this proposal has been shown for detection and mitigation of known and unknown ransomware, through extensive experiments carried out in a virtualized environment. To this end, a new dataset was generated from traffic captured in that environment and has been made available to the scientific community. Our experiments demonstrated that the proposed method is able to avoid the ransomware spread.

Published
2019

17. Proyecto Tetris: aprendizaje de la programación en ensamblador por piezas

Author

Acacio, Manuel E., Fernández-Maimó, Lorenzo, Fernández-Pascual, Ricardo, González-Férez, Pilar, Ros, Alberto, and Titos-Gil, Rubén

Subjects
Tetris, Aprendizaje Basado en Proyectos, MARS, Ensamblador MIPS, Aprendizaje Experimental, Arquitectura de computadores
Abstract

El aprendizaje del lenguaje ensamblador constituye con frecuencia uno de los objetivos formativos de alguna de las primeras asignaturas de Arquitectura de Computadores del Grado en Ingeniería Informática. Si bien el desarrollo y la depuración de programas en lenguaje ensamblador resultan esenciales para ayudar a comprender el funcionamiento básico de un procesador, son aspectos que presentan especial dificultad y/o falta de atractivo para el alumnado. En este trabajo presentamos nuestra experiencia con la enseñanza del lenguaje ensamblador MIPS a través de la codificación del videojuego Tetris. El proyecto Tetris se desarrolla en el contexto de una asignatura de primer curso y segundo cuatrimestre. Para que resulte asequible a este nivel, se proporciona al alumno una versión incompleta del programa, que habrá de completar mediante la traducción directa a ensamblador de funciones escritas en lenguaje C (también proporcionadas), y mediante la codificación del resto de la funcionalidad directamente en ensamblador. El resultado es una versión del juego plenamente operativa. El desarrollo se realiza utilizando una versión extendida del simulador MARS. Los resultados obtenidos por los alumnos muestran que este proyecto les facilita el aprendizaje del ensamblador, pues el 85.6% de los que superan el proyecto Tetris aprueban también el examen de prácticas. Learning assembly language represents typically one of the formative objectives of some of the first courses related to computer architecture in Computer Engineering degrees. Although the development and debugging of programs written in assembly language are essential to help students understand the basic operation of a processor, they are also aspects that present special difficulty and/or lack of attractiveness for students. In this work we present our experience in the teaching of the MIPS assembly language through the coding of the videogame Tetris. The Tetris project is developed in the context of a first-year and second-term course. In order to be affordable at this level, the student is provided with an incomplete version of the program, which must be completed through the direct translation to the MIPS assembly language of functions written in the C language (also provided), and through the implementation of additional functionality directly in assembly language. The result is a fully operational version of the game. The development is done using an extended version of the MARS simulator. The results obtained by the students show that this project facilitates the learning of the assembly, since 85.6% of those who pass the Tetris project also pass the practicum exam.

Published
2019

19. SafeMan: A unified framework to manage cybersecurity and safety in manufacturing industry.

Author

Perales Gómez, Ángel Luis, Fernández Maimó, Lorenzo, Huertas Celdrán, Alberto, García Clemente, Félix J., Gil Pérez, Manuel, and Martínez Pérez, Gregorio

Subjects
INDUSTRIAL safety, INTRUSION detection systems (Computer security), INDUSTRIAL controls manufacturing, MANUFACTURING processes, DEEP learning, MANUFACTURING industries
Abstract

Summary: Industrial control systems (ICS) are considered cyber‐physical systems that join both cyber and physical worlds. Due to their tight interaction, where humans and robots co‐work and co‐inhabit in the same workspaces and production lines, cyber‐attacks targeting ICS can alter production processes and even bypass safety procedures. As an example, these cyber‐attacks could interrupt physical industrial processes and cause potential injuries to workers. In this article, we present SafeMan, a unified management framework based on the Edge Computing paradigm that provides high‐performance applications for the detection and mitigation of both cyber‐attacks and safety threats in industrial scenarios. Three use cases show specific threats in manufacturing as well as the SafeMan actions carried out to detect and mitigate them. In order to validate our proposal, a pool of experiments was performed with Electra, an industrial dataset with normal network traffic and different cyber‐attacks by using a given number of Modbus TCP and S7Comm devices. The experiments measured the runtime performance of anomaly detection techniques based on machine learning and deep learning to detect cyber‐attacks in control networks. The experimental results show that Neural Networks report the best performance, being able to examine 217 feature vectors per second over Electra, and therefore demonstrating that it can be used as detection model for SafeMan in real scenarios. [ABSTRACT FROM AUTHOR]

Published
2021
Full Text
View/download PDF

Catalog

Books, media, physical & digital resources
See catalog results