Altair Olivo SantinPontifícia Universidade Católica do Paraná (PUC-PR) · Graduare Program in Computer Science (PPGIa)
Altair Olivo Santin
PhD
I have worked with big data, and machine learning applied to cybersecurity for various technologies.
About
143
Publications
42,684
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
1,304
Citations
Introduction
I have been working with big data (including streaming) and machine learning (including adversarial settings) for cybersecurity, applying these techniques to IoT, smart grid, cloud computing, email spam, intrusion detection, and so on. I am also using deep learning for pornography detection (including child sexual abuse) for parental control. I have been working with Identity Management and Access Control for a long time, recently applying them to Industrial Critical System.
Additional affiliations
August 1995 - present
Publications
Publications (143)
The literature does not present integral solutions to allow using the same credential to access the smart meter and smart house from an electric utility and vice-versa. The main reason being the technology gap in the communication between the Advanced Metering Infrastructure (AMI) and the Internet. The technology used in the Internet domain to comm...
Nowadays, a significant part of all network accesses comes from embedded and battery-powered devices, which must be energy efficient. This paper demonstrates that a hardware (HW) implementation of network security algorithms can significantly reduce their energy consumption compared to an equivalent software (SW) version. The paper has four main co...
The business-driven access control used in cloud computing is not well suited for tracking fine-grained user service consumption. UCONABC applies continuous authorization reevaluation, which requires usage accounting that enables fine-grained access control for cloud computing. However, it was not designed to work in distributed and dynamic authori...
A MapReduce framework abstracts distributed system issues, integrating a distributed file system with an application's needs. However, the lack of determinism in distributed system components and reliability in the network may cause applications errors that are difficult to identify, find, and correct. This paper presents a method to create a set o...
Phishing is a kind of embezzlement that uses social engineering in order to obtain personal information from its victims, aiming to cause losses. In the technical literature only the hit rate of the classifiers is mentioned to justify the effectiveness of the phishing detecting techniques. Aspects such as the accuracy of the classifier results (fal...
Este trabalho apresenta um novo método para atualizar modelos de detecção de intrusão usando aprendizado de fluxo, reduzindo eventos para atualização e custos computacionais. Instâncias rejeitadas na classificação são armazenadas para atualização incremental, permitindo rotulação automática a partir de repositórios públicos. Experimentos mostraram...
Redes Neurais Profundas (DNN) representam o estado da arte em detecção de intrusões, mas aumentam os custos computacionais, tornando-as impraticáveis para dispositivos com recursos limitados. Apresentamos uma nova DNN com saída antecipada para inferência rápida e detecção confiável de intrusões. Nossa abordagem divide a DNN em ramificações, classif...
Este trabalho apresenta um novo método para atualizar modelos de detecção de intrusões usando aprendizado de fluxo, reduzindo eventos para atualização e custos computacionais. Instâncias rejeitadas na classificação são armazenadas para atualização incremental, permitindo rotulação automática a partir de repositórios públicos. Experimentos mostraram...
Despite the promising results reported in the literature , the adoption of Machine Learning (ML) techniques for network-based intrusion detection remains limited in production environments. The behavior of network traffic exhibits significant variability and evolves over time, requiring periodic model updates to be conducted. This paper proposes a...
Despite the promising results reported in the literature , the adoption of Machine Learning (ML) techniques for network-based intrusion detection remains limited in production environments. The behavior of network traffic exhibits significant variability and evolves over time, requiring periodic model updates to be conducted. This paper proposes a...
Apesar dos sucessos relatados na literatura, a aplicação de Apren-dizado de Máquina (ML) para detecção de intrusões em redes no mundo reaĺ e limitada. Este artigo apresenta um novo modelo que utiliza Redes Neurais Convolucionais (CNN) e transferência de aprendizagem para lidar com desa-fios de atualização. A CNN usa uma expansão de características...
Multi-factor authentication (MFA) is recommended to access sensitive data applications. A password Vault protects secrets by storing privileged user credentials and access codes. The combination of MFA and Trusted Execution Environment (TEE) by multiple communication channels reduces the attack surface of secrets and enables secure periodic code up...
Due to their critical nature, Industrial Control Systems (ICS) are frequently targeted by highly motivated attackers aiming to disrupt their services.
Even with the implementation of multiple security mechanisms such as firewalls and Network-based Intrusion Detection Systems (NIDS), traditional cybersecurity solutions often fail to deliver the nece...
Industrial Control Systems (ICS) play a crucial role in managing and controlling industrial assets. Due to their critical importance, adversaries are often highly motivated to target these systems, as a successful attack can disrupt the entire industry's operations. In general, to improve the system's security, proposed intrusion detection schemes...
Many issues are faced in the email environment due to Spam, such as bottlenecks in the email gateways despite substantial investments in servers' infrastructure, wasted computational resources, and ineffective detection despite the demand for frequent spam model updates. This paper proposes a reliable detection model to deal with the non-stationary...
Several works have proposed highly accurate machine learning (ML) techniques for network-based intrusion detection over the past years. However, despite the promising results, proposed schemes must address the high variability of network traffic and need more reliability when facing new network traffic behavior. This paper proposes a new dynamic an...
Several works have proposed highly accurate machine learning (ML) techniques for network-based intrusion detection over the past years. However, despite the promising results, proposed schemes must address the high variability of network traffic and need more reliability when facing new network traffic behavior. This paper proposes a new dynamic an...
The number of Android malicious applications keeps growing as time passes, even paving their way to official app markets. In recent years, a promising malware detection approach makes use of the compiled app source codes (dex), through convolutional neural networks (CNN) as an image classification task. Unfortunately, current proposals often rely o...
The deployment of container-based services continues to increase as time passes, mainly due to its fast provision time and lower allocation overheads. Yet, the literature still neglects the performance degradation in containers due to multi-tenancy and service provider hardware over-commitment. This paper proposes a new hardware over-commitment det...
Current machine learning techniques for network-based intrusion detection cannot handle the evolving behavior of network traffic, requiring periodic model updates to be conducted. Besides requiring huge amounts of labeled network traffic to be provided, traditional model updates demand expressive computational costs. This paper proposes a new feasi...
Over the last years, the engine calibration task has mostly been conducted based on the engineers' knowledge. As a result, considering the complexity of modern engines, finding the most suitable configuration for each situation has become an impractical and expensive task. Apart from causing engines to be produced with inadequate calibration config...
Neste artigo apresentamos uma abordagem para atualização do mo-delo de aprendizagem de máquina para detecção de intrusão. Inicialmente, o tráfego de redeé aumentando por uma Redes Adversárias Generativas (GANs). Depois, as atualizações de modelos são realizadas por meio de Transferência de Aprendizagem sobre o conjunto de dados aumentado. O número...
Over the last years, several works have proposed highly accurate Android malware detection techniques. Surprisingly , modern malware apps can still pave their way to official markets, thus, demanding the provision of more robust and accurate detection approaches. This paper proposes a new multi-view Android malware detection through image-based dee...
O artigo propõe um modelo de aprendizado de máquina para detectar ambientes Kubernetes com overbook de recursos em um contêiner do Docker. As métricas do aplicativo e do sistema foram coletadas continuamente, as quais fo-ram usadas como entrada para o modelo para identificar interferência causada por multi-tenancy. Os experimentos foram executados...
In recent years, several works have proposed highly accurate CNN-based pornography video detection approaches.
However, current techniques are unable to cope with the context-dependent nature of pornography content, wherein the analyzed video frame class may change according to its context, whether it is pornographic related or not.
This paper pro...
Several works have used machine learning techniques for network-based intrusion detection over the past few years. While proposed schemes have been able to provide high detection accuracies, they do not adequately handle the changes in network traffic behavior as time passes. Researchers often assume that model updates can be performed periodically...
Despite the promising results reported in the literature , the intrusion detection schemes cannot deal with new network traffic behaviors making such proposals unfeasible to be deployed in production environments. This paper presents an intrusion detection model that relies on a moving target defense strategy to face new network traffic behavior in...
Machine learning techniques for network-based intrusion detection often assume that network traffic does not change over time or that model updates can be easily performed. This paper proposes a novel, reminiscent intrusion detection model based on deep autoencoders and transfer learning to ease the model update burden in a twofold implementation....
Over the last years, several works have proposed highly accurate machine learning (ML) techniques for network-based intrusion detection systems (NIDS), that are hardly used in production environments. In practice, current intrusion detection schemes cannot easily handle network traffic’s changing behavior over time, requiring frequent and complex m...
Current machine learning techniques for indoor localization of wireless devices assume a single wireless propagation loss setting, making them unfeasible for reliable production deployment. This paper proposes a new indoor localization technique designed for variable propagation loss environments based on deep autoencoder and recurrent neural netwo...
As técnicas de aprendizado de máquina para detecção de intrusão baseada na rede geralmente pressupõem que o tráfego da rede não muda com o tempo ou que as atualizações do modelo podem ser realizadas facilmente. Neste artigo, propomos um novo modelo de detecção de intrusão baseado em deep autoencoders e transfer learning para facilitar a atualização...
Redes elétricas inteligentes (SG, Smart Grid) são compostas por dispositivos da internet das coisas (IoT, Internet of Things) que possuem restrições computacionais que impedem a adoção de protocolos tradicionais de comunicação e segurança. Assim, esse trabalho propõem uma abordagem de segurança fim-a-fim na comunicação entre os elementos da SG, per...
Enforcing Service Level Agreements (SLA) on service provisioning is a challenge in cloud computing environments. This paper proposes an architecture for multiparty (provider and client) auditing in cloud computing to identify SLA deviations. The architecture uses inspectors (software agents) and an independent auditor (third party) to collect SLA m...
Resource allocation overbooking is an approach used by cloud providers that allocates more virtual resources than available on physical hardware, which may imply service quality degradation. Docker in cloud computing environments is being increasingly used due to their fast provisioning and deployment, while the impact of overbooking of resources a...
Changes in network traffic behavior over time are neglected by authors who use machine learning techniques applied to intrusion detection. In general, it is assumed that periodic model updates are performed, regardless of the challenges related to such a task. This paper proposes a new multi-view intrusion detection model capable of reliably perfor...
Electronic messages are still considered the most significant tools in business and personal applications due to their low cost and easy access. However, e-mails have become a major problem owing to the high amount of junk mail, named spam, which fill the e-mail boxes of users. Several approaches have been proposed to detect spam, such as filters i...
Despite highly accurate intrusion detection schemes based on machine learning (ML) reported in the literature, changes in network traffic behavior quickly yield low accuracy rates. An intrusion detection model update is not easily feasible due to the enormous amount of network traffic to be processed in near real-time for high-speed networks, in pa...
Intrusion detection schemes must be able to detect intrusion attempts at a high network bandwidth, besides having to deal with the lack of realistic training/testing data, changes traffic behavior, unreliable classifications over time and adversarial settings. In this work a new intrusion detection model, namely reliable intrusion detection, is int...
Existing machine learning solutions for network-based intrusion detection cannot maintain their reliability over time in production environments. In such context, detection schemes must be able to detect intrusion attempts at a high network bandwidth, besides having to deal with the lack of realistic training/testing data, changes in network traffi...
Intrusion detection systems through machine learning techniques have been extensively used in the literature. However, although the promising reported results, due to the lack of reliability in the accuracy of the system, such techniques are hardly used in production. In this paper, we propose a reliable intrusion detection model through stream lea...
Nos últimos anos foram propostas diversas técnicas para detecção de intrusão em rede. Porém, apesar dos resultados promissores reportados, essas técnicas não lidam com as mudanças de tráfego de rede ao longo do tempo. Neste artigo, uma abordagem baseada em aprendizagem por reforço e avaliação da confiabilidade das classificações é proposta para man...
Este artigo apresenta a ferramenta Private Parts Censor (PPCensor) para detecção de objetos de natureza pornográfica implementado como um proxy. Para tanto, a ferramenta efetua a análise em tempo real de maneira transparente dos frames de vídeos que estão sendo visualizados por usuários. Para a detecção dos objetos pornográficos, um detector de obj...
Convolutional neural network (CNN) models are typically composed of several gigabytes of data, requiring dedicated hardware and significant processing capabilities for proper handling. In addition, video-detection tasks are typically performed offline, and each video frame is analyzed individually, meaning that the video’s categorization (class ass...
A smart grid (SG) is a complex system that comprises distributed servers and Internet-of-Things (IoT) devices. IoT devices are resource-constrained and are unable to cope with traditional communication and security protocols. In light of this limitation, this work proposes a novel method for end-to-end secure communication between the elements in t...
Several works have proposed highly accurate network-based intrusion detection schemes through machine learning techniques. However, they are unable to address changes in network traffic behavior over time. Authors often assume periodic model updates, but without taking into account the challenges they entail. This paper proposes a long-lasting rein...
Current machine learning approaches for network-based intrusion detection do not cope with new network traffic behavior, which requires periodic computationally and time-consuming model updates. In light of this limitation, this paper proposes a novel stream learning intrusion detection model that maintains system accuracy, even in the presence of...
Intrusion detection schemes must be able to detect intrusion attempts at a high network bandwidth, besides having to deal with the lack of realistic training/testing data, changes in network traffic behavior, unreliable classifications over time and adversarial settings. In this work a new intrusion detection model, namely reliable intrusion detect...
Critical infrastructure (CI) systems are increasingly common today, with some of their features being exposed via the internet for remote use. However, such exposure involves risks that can cause serious damage to CI. An alternative to this is to consider the user's location as an authentication attribute, blocking location-based remote attack...
A CNN (Convolutional Neural Network) tem sido frequentemente usada para solução de problemas, gerando um modelo que pode prever a classe da imagem. Neste trabalho, a ausência de integridade na CNN é verificada usando uma GAN (Generative Adversarial Network). Para isso, modelamos um classificador de autenticidade baseado no algoritmo NB (Naive Bayes...
In recent years, measuring instruments have become quite complex due to the integration of embedded systems and software components and the increasing aggregation of new features. Consequently, metrological regulation and control require more efforts from notified bodies, becoming slower and more expensive. In this paper, we evaluate the use of blo...
Existing machine learning solutions for network-based intrusion detection cannot maintain their reliability over time when facing high-speed networks and evolving attacks. In this paper, we propose BigFlow, an approach capable of processing evolving network traffic while being scalable to large packet rates. BigFlow employs a verification method th...
Cloud computing provides elastic on-demand resource allocation, enabling big data systems to process large amounts of streaming data in real time. However, a shared cloud infrastructure (multitenant at the hypervisor level) may reduce system performance or even resource availability, particularly when big data processing demands significantly incre...
Fintechs are technology companies that, in contrast to traditional banks, are engaged in digital solutions for payment, money transfers, and real-time notifications. Taking advantage of digital means of communication, most of the service interactions between fintechs and customers occurs via chats or posts in social media. In this work, our goal is...
Embedded systems (electronic systems with a dedicated purpose that are part of larger devices) are increasing their relevance with the rise of the Internet of Things (IoT). Such systems are often resource constrained, battery powered, connected to the internet, and exposed to an increasing number of threats. An approach to detect such threats is th...
In the last years, measuring instruments have become quite complex due to the integration of embedded hardware and software components and the increasing aggregation of new features. Consequently, metrological regulation and control require more efforts from notified bodies, becoming slower and more expensive. In this work, we evaluate how blockcha...
Spam detection is very costly when compared to the simple task of spreading spam. Most approaches aim to reach higher accuracy percentages, leaving the classification performance in background, what may cause many problems, such as bottlenecks in the e-mail system, huge infrastructure investments and waste of resources pooling. To avoid these probl...
A popular approach for detecting network intrusion attempts is to monitor the network traffic for anomalies. Extensive research effort has been invested in anomaly-based network intrusion detection using machine learning techniques; however, in general these techniques remain a research topic, rarely being used in real-world environments. In genera...
Apesar da existência de diversos trabalhos que utilizam técnicas de detecção de intrusão baseada em anomalia, dificilmente tais técnicas são utilizadas em produção. Percebe-se que, em geral, a literatura não considera o ambiente do adversário, em que um atacante tenta evadir o mecanismo de detecção. Neste artigo é proposto e avaliado uma
abordagem...
Software components are a means of achieving software reuse, aiming at improvements in the quality and productivity of the development team. One of the main concerns of component development is related to information security. One way to make a component more secure is to improve the security of its internal characteristics. Software quality models...
The Advanced Metering Infrastructure (AMI) is a fundamental component of the Smart Grid architecture. The AMI consists of a collection of Neighborhood Area Networks (NANs), which interconnects the smart meters to the utility company. In this paper, we address two important performance metrics regarding the NAN design, the topology's resilience and...
O processamento massivo de dados é uma realidade para diversos sistemas computacionais. A segurança dos dados processados é de grande importância, uma vez que o ambiente normalmente é compartilhado entre múltiplos usuários. Este artigo apresenta uma avaliação do controle de acesso de múltiplos usuários a múltiplos arquivos, considerando os diferent...
The Advanced Metering Infrastructure (AMI) is a key component of the Smart Grid architecture. The Neighborhood Area Network (NAN) is the portion of the AMI that enables two-way communication between electric, gas and water meters and City Utilities. Many companies are currently deploying wireless NAN architectures based on the IEEE 802.15.4g techno...