Loading...
40 results
Search Results
Now showing 1 - 10 of 40
- An SNMP filesystem in userspacePublication . Lopes, Rui Pedro; Pedrosa, Tiago; Pires, LuísModern computer networks are constantly increasing in size and complexity. Despite this, data networks are a critical factor for the success of many organizations. Monitoring their health and operation sta- tus is fundamental, and usually performed through specific network man- agement architectures, developed and standardized in the last decades. On the other hand, file systems have become one of the best well known paradigms of human-computer interaction, and have been around since early days in the personal computer industry. In this paper we propose a file system interface to network management information, allowing users to open, edit and visualize network and systems operation information.
- Malware hash cloudPublication . Ferreira, Paulo; Gonçalo, Rui; Pedrosa, TiagoNowadays, any system on the internet can be a target of cyber-attacks. Many of these attacks, including malware installation, have some specific indicators designated IOCs (Indicators of Compromise) that can be used to detect the same attack on other systems (e.g., hash of a malicious file). The objective of this project is to build a solution that collects and analyse these IOC’s. The first stage of the solution was to research and collect open sources of information (OSINT - Open Source Intelligence), with IOCs related to malware, and also the malware itself. This information was submitted, in turn, to a management and analysis framework designated by Viper, which allows better organization of the information about crucial aspects in a cyber-security research program. In a second phase, some additional modules, designated by bots, were developed, using the IntelMQ platform (responsible for the automatization of the correlation of the information)". These bots allow us to collect and correlate the information previously collected in Viper, with online platforms (via API access) that have additional information, like the creation date of a malicious domain available in Whois service. Finally, all the information collected from a IOC during the process is stored in a database that is a central point for blacklists generation, that can be used for perimeter protection (e.g. firewall) of an organization, and also for the support in security incident analysis.
- Maintenance behaviour-based prediction system using data miningPublication . Bastos, Pedro; Lopes, Rui Pedro; Pires, Luís; Pedrosa, TiagoIn the last years we have assisted to several and deep changes in industrial manufacturing. Induced by the need of increasing efficiency, bigger flexibility, better quality and lower costs, it became more complex. The complexity of this new scenario has caused big pressure under enterprises production systems and consequently in its maintenance systems. Manufacturing systems recognize high level costs due equipment breakdown, motivated by the time spent to repair, which corresponds to no production time and scrapyard, and also money spent in repair actions. Usually, enterprises do not share data produced from their maintenance interventions. This investigation intends to create an organizational architecture that integrates data produced in factories on their activities of reactive, predictive and preventive maintenance. The main idea is to develop a decentralized predictive maintenance system based on data mining concepts. Predicting the possibility of breakdowns with bigger accuracy will increase systems reliability
- ФАЗЗИНГ В КИБЕРБЕЗОПАСНОСТИ – ОБЗОРPublication . Kostandyan, Vladimir; Pedrosa, Tiago; Rodrigues, Pedro João; Margarov, GevorgШироко признано, что программное обеспечение следует тестировать, предпочтительно на этапах разработки и после выпуска. Программное обеспечение может быть простым исполняемым файлом, приложением, службой или даже операционной системой. В настоящее время требования к тестированиям возросли и охватывают практически все технологические области. Тестирование можно рассматривать как способ проверки соответствуют ли функциональность, результаты и поведение программного обеспечения ожидаемым. Тестирование программного обеспечения также помогает выявить ошибки, пробелы или отсутствующие требования в отличие от фактических требований. Тестирование может быть сделано вручную или с помощью автоматизированных инструментов. Ручные тесты медленные, дорогие и требуют много знаний в этой области. Автоматизированные тесты быстрее, дороже, а также до тестирования должны быть сделаны конфигурация, настройка и много работы. Использование подхода фаззинга позволяет обнаруживать новые слабые места в системе защиты, которые не основываются на предыдущих знаниях, сигнатурах или индикаторов компромисса (IoC), как подход традиционных инструментов оценки уязвимости. Эта статья посвящена обзору фаззеров и тому, как исследователи кибербезопасности могут использовать их для проведения тестов уязвимости полуавтоматического программного обеспечения. Кроме того, наиболее используемые фаззеры проанализированы и классифицированы по типу тестов, с целью помочь исследователям выбрать правильный фаззер. Это исследование будет продолжено путем создания виртуального испытательного стенда, состоящего из систем с уязвимыми программными обеспечениями, которые можно будет протестировать комбинированным образом с использованием проанализированных фаззеров и сравнить результаты с традиционными инструментами оценки уязвимости.
- Actively detecting multiscale flooding attacks & attack volumes in resource-constrained ICPSPublication . Zahid, Farzana; Kuo, Matthew M.Y.; Sinha, Roopak; Funchal, Gustavo Silva; Pedrosa, Tiago; Leitão, PauloThe significant growth in modern communication technologies has led to an increase in zero-day vulnerabilities that degrade the performance of cyber-physical systems (ICPS). Distributed denial of service (DDoS) attacks are one such threat that overwhelms a target with floods of packets, posing a severe risk to the normal operations of the ICPS. Current solutions to detect DDoS attacks are unsuitable for resource-constrained ICPS. This study proposes actively detecting multiscale flooding DDoS attacks in resource-constrained ICPS by analyzing network traffic in the frequency domain. A two-phased technique detects attack presence and attack volume. Both phases use a novel combination of light-weight and theoretically sound statistical methods. The effectiveness of the proposed technique is evaluated using mainstream metrics like true and false positive rates, accuracy, and precision using BOUN DDoS 2020 and CICDDoS 2019 datasets. An implementation of the proposed approach on a programmable logic controllers-based ICPS demonstrated improvements in resource usage and detection time compared to the existing state-of-the-art.
- Electronic health records for mobile citizens: a secure and collaborative architecturePublication . Pedrosa, Tiago; Oliveira, José Luís; Lopes, Rui PedroSince their early adoption Electronic Health Records (EHR) have been evolving to cope with increasing requirements from institutions, professionals and, more recently, from patients. Citizens became more involved demanding successively more control over their records and an active role on their content. Mobility brought also new requirements, data become scattered over heterogeneous systems and formats, with increasing di culties on data sharing between distinct providers. To cope with these challenges several solutions appeared, mostly based on service level agreements between entities, regions and countries. They usually required de ning complex federated scenarios and left the patient outside the process. More recent approaches, such as personal health records (PHR), enable patient control although raises clinical integrity doubts to other actors, such as physicians. Also, information security risk increase as data travels outside controlled networks and systems. To overcome this, new solutions are needed to facilitate trustable collaboration between the diverse actors and systems. In this thesis we present a solution that enables a secure and open collaboration between all healthcare actors. It is based on a service-oriented architecture that deals with the clinical data using a closed envelope concept. The architecture was modeled with minimal functionality and privileges bearing in mind strong protection of data during transmission, processing and storing. The access control is made through patient policies and authentication uses electronic identi cation cards or similar certi cates, enabling auto-enrollment. All the components require mutual authentication and uses cyphering mechanisms to assure privacy. We also present a threat model to verify, through our solution, if possible threats were mitigated or if further re nement is needed. The proposed solution solves the problem of patient mobility and data dispersion, and empowers citizens to manage and collaborate in their personal healthcare information. It also permits open and secure collaboration, enabling the patient to have richer and up to date records that can foster new ways to generate and use clinical or complementary information.
- Secure data exchange in Industrial Internet of ThingsPublication . Sukiasyan, Anna; Badikyan, Hasmik; Pedrosa, Tiago; Leitão, PauloThe use of the Industrial Internet of Things (IoT) is widespread, working as an enabler to implement large, scalable, reliable, and secure industrial environments. Although existing deployments do not meet security standards and have limited resources for each component which leads to several security breaches, such as trust between components, partner factories, or remote-control. These security failures can lead to critical outcomes, from theft of production information to forced production stoppages, accidents, including physical and others. The combination of blockchain-based solutions with IIoT environments is gaining momentum due to their resilience and security properties. However, chain-structured classic blockchain solutions are very resource-intensive and are not suitable for power-constrained IoT devices. To mitigate the mentioned security concerns, a secure architecture is proposed using a structured asynchronous blockchain DAG (Directed Acyclic Graph) that simultaneously provides security and transaction efficiency for the solution. The solution was modelled with special details in the use cases and sequence diagrams. Security concerns were integrated from the start, and a threat model was created using the STRIDE approach to test the security of the proposed solution. As a result, a flexible solution was been developed that significantly reduces the attack vectors in IIoT environments. The proposed architecture is versatile and flexible, is supported by an extensive security assessment, which allows it to be deployed in a variety of customizable industrial environments and scenarios, as well as to include future hardware and software extensions.
- Multi-factor graphical user authentication for web applicationsPublication . Badikyan, Hasmik; Pedrosa, Tiago; Lopes, Rui PedroNowadays, there is a current trend that leads people to use web applications, requiring additional concerns for the protection of their accounts with strong authentication methods. In this sense, this work researches the problems and solutions related with the authentication, specially concerning textual and graphical passwords. One common authentication problem is the difficulty users have in remembering textual passwords, especially when they are long and random-looking. In alternative, graphical passwords are easier to remember, because of their visual aspect. This work proposes a recognition and recall based graphical authentication methods that can be used in the challenge phase of user authentication. A security analysis is made to check the correctness of the proposed solution and how it minimizes the vulnerabilities of the authentication process. These analyses will enable us to implement these challenges in future work as an extension to authentication, authorization and accounting services, supporting a multi-factor authentication and combining these challenges with others already available. The idea is to extend an authentication method on Apache Shiro to provide developers with a common framework to develop secure web application with strong authentication, authorization and accounting.
- Parameterization and performance analysis of a scalable, near real-time packet capturing platformPublication . Oliveira, Rafael Cardoso de; Pedrosa, Tiago; Rufino, José; Lopes, Rui PedroThe rapid evolution of technology has fostered an exponential rise in the number of individuals and devices interconnected via the Internet. This interconnectedness has prompted companies to expand their computing and communication infrastructures significantly to accommodate the escalating demands. However, this proliferation of connectivity has also opened new avenues for cyber threats, emphasizing the critical need for Intrusion Detection Systems (IDSs) to adapt and operate efficiently in this evolving landscape. In response, companies are increasingly seeking IDSs characterized by horizontal, modular, and elastic attributes, capable of dynamically scaling with the fluctuating volume of network data flows deemed essential for effective monitoring and threat detection. Yet, the task extends beyond mere data capture and storage; robust IDSs must integrate sophisticated components for data analysis and anomaly detection, ideally functioning in real-time or near real-time. While Machine Learning (ML) techniques present promising avenues for detecting and mitigating malicious activities, their efficacy hinges on the availability of high-quality training datasets, which in turn poses a significant challenge. This paper proposes a comprehensive solution in the form of an architecture and reference implementation for (near) real-time capture, storage, and analysis of network data within a 1 Gbps network environment. Performance benchmarks provided offer valuable insights for prototype optimization, demonstrating the capability of the proposed IDS architecture to meet objectives even under realistic operational scenarios.
- Profiling computer energy consumption on organizationsPublication . Lopes, Rui Pedro; Pires, Luís; Pedrosa, Tiago; Marian, VasileModern organizations depend on computers to work. Text processing, CAD, CAM, simulation, statistical analysis and so on are fundamental for maintaining high degree of productivity and competitiveness. Computers in an organization, consume a considerable percentage of the overall energy and, although a typical computer provides power saving technologies, such as suspending or hibernating components, this feature can be disabled. Moreover, the user can opt for never turning off the workstation. Well defined power saving policies, with appropriate automatic mechanisms to apply them, can provide significant power savings with consequent reduction of the power expense. With several computers in an organization, it is necessary to build the profile of the energy consumption. We propose installing a software probe in each computer to instrument the power consumption, either directly, by using a power meter, or md1rectly, by measuring the processor performance counters. This distributed architecture, with software probes in every computer and a centralized server for persistence and decision making tries to save energy, by defining and applying organization level power saving policies.