Altair Olivo Santin

Altair Olivo Santin
Pontifícia Universidade Católica do Paraná (PUC-PR) · Graduare Program in Computer Science (PPGIa)

PhD
I have worked with big data, and machine learning applied to cybersecurity for various technologies.

About

143
Publications
42,684
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
1,304
Citations
Introduction
I have been working with big data (including streaming) and machine learning (including adversarial settings) for cybersecurity, applying these techniques to IoT, smart grid, cloud computing, email spam, intrusion detection, and so on. I am also using deep learning for pornography detection (including child sexual abuse) for parental control. I have been working with Identity Management and Access Control for a long time, recently applying them to Industrial Critical System.
Additional affiliations
August 1995 - present
Pontifícia Universidade Católica do Paraná (PUC-PR)
Position
  • Professor (Full)

Publications

Publications (143)
Article
Full-text available
The literature does not present integral solutions to allow using the same credential to access the smart meter and smart house from an electric utility and vice-versa. The main reason being the technology gap in the communication between the Advanced Metering Infrastructure (AMI) and the Internet. The technology used in the Internet domain to comm...
Article
Full-text available
Nowadays, a significant part of all network accesses comes from embedded and battery-powered devices, which must be energy efficient. This paper demonstrates that a hardware (HW) implementation of network security algorithms can significantly reduce their energy consumption compared to an equivalent software (SW) version. The paper has four main co...
Article
Full-text available
The business-driven access control used in cloud computing is not well suited for tracking fine-grained user service consumption. UCONABC applies continuous authorization reevaluation, which requires usage accounting that enables fine-grained access control for cloud computing. However, it was not designed to work in distributed and dynamic authori...
Article
Full-text available
A MapReduce framework abstracts distributed system issues, integrating a distributed file system with an application's needs. However, the lack of determinism in distributed system components and reliability in the network may cause applications errors that are difficult to identify, find, and correct. This paper presents a method to create a set o...
Article
Full-text available
Phishing is a kind of embezzlement that uses social engineering in order to obtain personal information from its victims, aiming to cause losses. In the technical literature only the hit rate of the classifiers is mentioned to justify the effectiveness of the phishing detecting techniques. Aspects such as the accuracy of the classifier results (fal...
Conference Paper
Este trabalho apresenta um novo método para atualizar modelos de detecção de intrusão usando aprendizado de fluxo, reduzindo eventos para atualização e custos computacionais. Instâncias rejeitadas na classificação são armazenadas para atualização incremental, permitindo rotulação automática a partir de repositórios públicos. Experimentos mostraram...
Conference Paper
Redes Neurais Profundas (DNN) representam o estado da arte em detecção de intrusões, mas aumentam os custos computacionais, tornando-as impraticáveis para dispositivos com recursos limitados. Apresentamos uma nova DNN com saída antecipada para inferência rápida e detecção confiável de intrusões. Nossa abordagem divide a DNN em ramificações, classif...
Conference Paper
Este trabalho apresenta um novo método para atualizar modelos de detecção de intrusões usando aprendizado de fluxo, reduzindo eventos para atualização e custos computacionais. Instâncias rejeitadas na classificação são armazenadas para atualização incremental, permitindo rotulação automática a partir de repositórios públicos. Experimentos mostraram...
Conference Paper
Despite the promising results reported in the literature , the adoption of Machine Learning (ML) techniques for network-based intrusion detection remains limited in production environments. The behavior of network traffic exhibits significant variability and evolves over time, requiring periodic model updates to be conducted. This paper proposes a...
Conference Paper
Despite the promising results reported in the literature , the adoption of Machine Learning (ML) techniques for network-based intrusion detection remains limited in production environments. The behavior of network traffic exhibits significant variability and evolves over time, requiring periodic model updates to be conducted. This paper proposes a...
Conference Paper
Apesar dos sucessos relatados na literatura, a aplicação de Apren-dizado de Máquina (ML) para detecção de intrusões em redes no mundo reaĺ e limitada. Este artigo apresenta um novo modelo que utiliza Redes Neurais Convolucionais (CNN) e transferência de aprendizagem para lidar com desa-fios de atualização. A CNN usa uma expansão de características...
Conference Paper
Multi-factor authentication (MFA) is recommended to access sensitive data applications. A password Vault protects secrets by storing privileged user credentials and access codes. The combination of MFA and Trusted Execution Environment (TEE) by multiple communication channels reduces the attack surface of secrets and enables secure periodic code up...
Conference Paper
Due to their critical nature, Industrial Control Systems (ICS) are frequently targeted by highly motivated attackers aiming to disrupt their services. Even with the implementation of multiple security mechanisms such as firewalls and Network-based Intrusion Detection Systems (NIDS), traditional cybersecurity solutions often fail to deliver the nece...
Conference Paper
Industrial Control Systems (ICS) play a crucial role in managing and controlling industrial assets. Due to their critical importance, adversaries are often highly motivated to target these systems, as a successful attack can disrupt the entire industry's operations. In general, to improve the system's security, proposed intrusion detection schemes...
Preprint
Full-text available
Many issues are faced in the email environment due to Spam, such as bottlenecks in the email gateways despite substantial investments in servers' infrastructure, wasted computational resources, and ineffective detection despite the demand for frequent spam model updates. This paper proposes a reliable detection model to deal with the non-stationary...
Conference Paper
Several works have proposed highly accurate machine learning (ML) techniques for network-based intrusion detection over the past years. However, despite the promising results, proposed schemes must address the high variability of network traffic and need more reliability when facing new network traffic behavior. This paper proposes a new dynamic an...
Chapter
Several works have proposed highly accurate machine learning (ML) techniques for network-based intrusion detection over the past years. However, despite the promising results, proposed schemes must address the high variability of network traffic and need more reliability when facing new network traffic behavior. This paper proposes a new dynamic an...
Conference Paper
Full-text available
The number of Android malicious applications keeps growing as time passes, even paving their way to official app markets. In recent years, a promising malware detection approach makes use of the compiled app source codes (dex), through convolutional neural networks (CNN) as an image classification task. Unfortunately, current proposals often rely o...
Conference Paper
Full-text available
The deployment of container-based services continues to increase as time passes, mainly due to its fast provision time and lower allocation overheads. Yet, the literature still neglects the performance degradation in containers due to multi-tenancy and service provider hardware over-commitment. This paper proposes a new hardware over-commitment det...
Conference Paper
Full-text available
Current machine learning techniques for network-based intrusion detection cannot handle the evolving behavior of network traffic, requiring periodic model updates to be conducted. Besides requiring huge amounts of labeled network traffic to be provided, traditional model updates demand expressive computational costs. This paper proposes a new feasi...
Conference Paper
Full-text available
Over the last years, the engine calibration task has mostly been conducted based on the engineers' knowledge. As a result, considering the complexity of modern engines, finding the most suitable configuration for each situation has become an impractical and expensive task. Apart from causing engines to be produced with inadequate calibration config...
Conference Paper
Full-text available
Neste artigo apresentamos uma abordagem para atualização do mo-delo de aprendizagem de máquina para detecção de intrusão. Inicialmente, o tráfego de redeé aumentando por uma Redes Adversárias Generativas (GANs). Depois, as atualizações de modelos são realizadas por meio de Transferência de Aprendizagem sobre o conjunto de dados aumentado. O número...
Conference Paper
Full-text available
Over the last years, several works have proposed highly accurate Android malware detection techniques. Surprisingly , modern malware apps can still pave their way to official markets, thus, demanding the provision of more robust and accurate detection approaches. This paper proposes a new multi-view Android malware detection through image-based dee...
Conference Paper
Full-text available
O artigo propõe um modelo de aprendizado de máquina para detectar ambientes Kubernetes com overbook de recursos em um contêiner do Docker. As métricas do aplicativo e do sistema foram coletadas continuamente, as quais fo-ram usadas como entrada para o modelo para identificar interferência causada por multi-tenancy. Os experimentos foram executados...
Conference Paper
Full-text available
In recent years, several works have proposed highly accurate CNN-based pornography video detection approaches. However, current techniques are unable to cope with the context-dependent nature of pornography content, wherein the analyzed video frame class may change according to its context, whether it is pornographic related or not. This paper pro...
Article
Full-text available
Several works have used machine learning techniques for network-based intrusion detection over the past few years. While proposed schemes have been able to provide high detection accuracies, they do not adequately handle the changes in network traffic behavior as time passes. Researchers often assume that model updates can be performed periodically...
Conference Paper
Despite the promising results reported in the literature , the intrusion detection schemes cannot deal with new network traffic behaviors making such proposals unfeasible to be deployed in production environments. This paper presents an intrusion detection model that relies on a moving target defense strategy to face new network traffic behavior in...
Conference Paper
Machine learning techniques for network-based intrusion detection often assume that network traffic does not change over time or that model updates can be easily performed. This paper proposes a novel, reminiscent intrusion detection model based on deep autoencoders and transfer learning to ease the model update burden in a twofold implementation....
Article
Over the last years, several works have proposed highly accurate machine learning (ML) techniques for network-based intrusion detection systems (NIDS), that are hardly used in production environments. In practice, current intrusion detection schemes cannot easily handle network traffic’s changing behavior over time, requiring frequent and complex m...
Conference Paper
Current machine learning techniques for indoor localization of wireless devices assume a single wireless propagation loss setting, making them unfeasible for reliable production deployment. This paper proposes a new indoor localization technique designed for variable propagation loss environments based on deep autoencoder and recurrent neural netwo...
Conference Paper
Full-text available
As técnicas de aprendizado de máquina para detecção de intrusão baseada na rede geralmente pressupõem que o tráfego da rede não muda com o tempo ou que as atualizações do modelo podem ser realizadas facilmente. Neste artigo, propomos um novo modelo de detecção de intrusão baseado em deep autoencoders e transfer learning para facilitar a atualização...
Conference Paper
Full-text available
Redes elétricas inteligentes (SG, Smart Grid) são compostas por dispositivos da internet das coisas (IoT, Internet of Things) que possuem restrições computacionais que impedem a adoção de protocolos tradicionais de comunicação e segurança. Assim, esse trabalho propõem uma abordagem de segurança fim-a-fim na comunicação entre os elementos da SG, per...
Article
Full-text available
Enforcing Service Level Agreements (SLA) on service provisioning is a challenge in cloud computing environments. This paper proposes an architecture for multiparty (provider and client) auditing in cloud computing to identify SLA deviations. The architecture uses inspectors (software agents) and an independent auditor (third party) to collect SLA m...
Conference Paper
Full-text available
Resource allocation overbooking is an approach used by cloud providers that allocates more virtual resources than available on physical hardware, which may imply service quality degradation. Docker in cloud computing environments is being increasingly used due to their fast provisioning and deployment, while the impact of overbooking of resources a...
Conference Paper
Full-text available
Changes in network traffic behavior over time are neglected by authors who use machine learning techniques applied to intrusion detection. In general, it is assumed that periodic model updates are performed, regardless of the challenges related to such a task. This paper proposes a new multi-view intrusion detection model capable of reliably perfor...
Article
Full-text available
Electronic messages are still considered the most significant tools in business and personal applications due to their low cost and easy access. However, e-mails have become a major problem owing to the high amount of junk mail, named spam, which fill the e-mail boxes of users. Several approaches have been proposed to detect spam, such as filters i...
Article
Full-text available
Despite highly accurate intrusion detection schemes based on machine learning (ML) reported in the literature, changes in network traffic behavior quickly yield low accuracy rates. An intrusion detection model update is not easily feasible due to the enormous amount of network traffic to be processed in near real-time for high-speed networks, in pa...
Conference Paper
Intrusion detection schemes must be able to detect intrusion attempts at a high network bandwidth, besides having to deal with the lack of realistic training/testing data, changes traffic behavior, unreliable classifications over time and adversarial settings. In this work a new intrusion detection model, namely reliable intrusion detection, is int...
Conference Paper
Full-text available
Existing machine learning solutions for network-based intrusion detection cannot maintain their reliability over time in production environments. In such context, detection schemes must be able to detect intrusion attempts at a high network bandwidth, besides having to deal with the lack of realistic training/testing data, changes in network traffi...
Conference Paper
Full-text available
Intrusion detection systems through machine learning techniques have been extensively used in the literature. However, although the promising reported results, due to the lack of reliability in the accuracy of the system, such techniques are hardly used in production. In this paper, we propose a reliable intrusion detection model through stream lea...
Conference Paper
Full-text available
Nos últimos anos foram propostas diversas técnicas para detecção de intrusão em rede. Porém, apesar dos resultados promissores reportados, essas técnicas não lidam com as mudanças de tráfego de rede ao longo do tempo. Neste artigo, uma abordagem baseada em aprendizagem por reforço e avaliação da confiabilidade das classificações é proposta para man...
Conference Paper
Full-text available
Este artigo apresenta a ferramenta Private Parts Censor (PPCensor) para detecção de objetos de natureza pornográfica implementado como um proxy. Para tanto, a ferramenta efetua a análise em tempo real de maneira transparente dos frames de vídeos que estão sendo visualizados por usuários. Para a detecção dos objetos pornográficos, um detector de obj...
Article
Full-text available
Convolutional neural network (CNN) models are typically composed of several gigabytes of data, requiring dedicated hardware and significant processing capabilities for proper handling. In addition, video-detection tasks are typically performed offline, and each video frame is analyzed individually, meaning that the video’s categorization (class ass...
Chapter
Full-text available
A smart grid (SG) is a complex system that comprises distributed servers and Internet-of-Things (IoT) devices. IoT devices are resource-constrained and are unable to cope with traditional communication and security protocols. In light of this limitation, this work proposes a novel method for end-to-end secure communication between the elements in t...
Chapter
Full-text available
Several works have proposed highly accurate network-based intrusion detection schemes through machine learning techniques. However, they are unable to address changes in network traffic behavior over time. Authors often assume periodic model updates, but without taking into account the challenges they entail. This paper proposes a long-lasting rein...
Chapter
Full-text available
Current machine learning approaches for network-based intrusion detection do not cope with new network traffic behavior, which requires periodic computationally and time-consuming model updates. In light of this limitation, this paper proposes a novel stream learning intrusion detection model that maintains system accuracy, even in the presence of...
Conference Paper
Full-text available
Intrusion detection schemes must be able to detect intrusion attempts at a high network bandwidth, besides having to deal with the lack of realistic training/testing data, changes in network traffic behavior, unreliable classifications over time and adversarial settings. In this work a new intrusion detection model, namely reliable intrusion detect...
Conference Paper
Critical infrastructure (CI) systems are increasingly common today, with some of their features being exposed via the internet for remote use. However, such exposure involves risks that can cause serious damage to CI. An alternative to this is to consider the user's location as an authentication attribute, blocking location-based remote attack...
Conference Paper
A CNN (Convolutional Neural Network) tem sido frequentemente usada para solução de problemas, gerando um modelo que pode prever a classe da imagem. Neste trabalho, a ausência de integridade na CNN é verificada usando uma GAN (Generative Adversarial Network). Para isso, modelamos um classificador de autenticidade baseado no algoritmo NB (Naive Bayes...
Article
In recent years, measuring instruments have become quite complex due to the integration of embedded systems and software components and the increasing aggregation of new features. Consequently, metrological regulation and control require more efforts from notified bodies, becoming slower and more expensive. In this paper, we evaluate the use of blo...
Article
Full-text available
Existing machine learning solutions for network-based intrusion detection cannot maintain their reliability over time when facing high-speed networks and evolving attacks. In this paper, we propose BigFlow, an approach capable of processing evolving network traffic while being scalable to large packet rates. BigFlow employs a verification method th...
Article
Full-text available
Cloud computing provides elastic on-demand resource allocation, enabling big data systems to process large amounts of streaming data in real time. However, a shared cloud infrastructure (multitenant at the hypervisor level) may reduce system performance or even resource availability, particularly when big data processing demands significantly incre...
Conference Paper
Full-text available
Fintechs are technology companies that, in contrast to traditional banks, are engaged in digital solutions for payment, money transfers, and real-time notifications. Taking advantage of digital means of communication, most of the service interactions between fintechs and customers occurs via chats or posts in social media. In this work, our goal is...
Article
Full-text available
Embedded systems (electronic systems with a dedicated purpose that are part of larger devices) are increasing their relevance with the rise of the Internet of Things (IoT). Such systems are often resource constrained, battery powered, connected to the internet, and exposed to an increasing number of threats. An approach to detect such threats is th...
Conference Paper
Full-text available
In the last years, measuring instruments have become quite complex due to the integration of embedded hardware and software components and the increasing aggregation of new features. Consequently, metrological regulation and control require more efforts from notified bodies, becoming slower and more expensive. In this work, we evaluate how blockcha...
Conference Paper
Spam detection is very costly when compared to the simple task of spreading spam. Most approaches aim to reach higher accuracy percentages, leaving the classification performance in background, what may cause many problems, such as bottlenecks in the e-mail system, huge infrastructure investments and waste of resources pooling. To avoid these probl...
Article
Full-text available
A popular approach for detecting network intrusion attempts is to monitor the network traffic for anomalies. Extensive research effort has been invested in anomaly-based network intrusion detection using machine learning techniques; however, in general these techniques remain a research topic, rarely being used in real-world environments. In genera...
Conference Paper
Full-text available
Apesar da existência de diversos trabalhos que utilizam técnicas de detecção de intrusão baseada em anomalia, dificilmente tais técnicas são utilizadas em produção. Percebe-se que, em geral, a literatura não considera o ambiente do adversário, em que um atacante tenta evadir o mecanismo de detecção. Neste artigo é proposto e avaliado uma abordagem...
Conference Paper
Full-text available
Software components are a means of achieving software reuse, aiming at improvements in the quality and productivity of the development team. One of the main concerns of component development is related to information security. One way to make a component more secure is to improve the security of its internal characteristics. Software quality models...
Conference Paper
Full-text available
The Advanced Metering Infrastructure (AMI) is a fundamental component of the Smart Grid architecture. The AMI consists of a collection of Neighborhood Area Networks (NANs), which interconnects the smart meters to the utility company. In this paper, we address two important performance metrics regarding the NAN design, the topology's resilience and...
Conference Paper
O processamento massivo de dados é uma realidade para diversos sistemas computacionais. A segurança dos dados processados é de grande importância, uma vez que o ambiente normalmente é compartilhado entre múltiplos usuários. Este artigo apresenta uma avaliação do controle de acesso de múltiplos usuários a múltiplos arquivos, considerando os diferent...
Conference Paper
Full-text available
The Advanced Metering Infrastructure (AMI) is a key component of the Smart Grid architecture. The Neighborhood Area Network (NAN) is the portion of the AMI that enables two-way communication between electric, gas and water meters and City Utilities. Many companies are currently deploying wireless NAN architectures based on the IEEE 802.15.4g techno...