Martin Andreoni

Technology Innovation Institute (TII) | TII · Secure Systems Research Centre

The evolution of next-generation communication systems demands that wireless networks possess the attributes of awareness, adaptability, and intelligence. Wireless sensing techniques provide valuable information about the radio signals in the environment. However, hostile threats, such as jamming, eavesdropping, and manipulation, pose significant c...

This paper proposes a physical layer-based authentication scheme that exploits multiple features from the RF-frontend for wireless mesh networks. Specifically, we engineer the in-phase and quadrature-phase (IQ) samples of the legitimate nodes by generating specific ranges of carrier frequency offset (CFO), phase offset (PO), and DC offset (DCO). Th...

The IEEE 802.11mc standard introduces fine time measurement (Wi-Fi FTM), allowing high-precision synchronization between peers and round-trip time calculation (Wi-Fi RTT) for location estimation - typically with a precision of one to two meters. This has considerable advantages over received signal strength (RSS)-based trilateration, which is prone...

The effectiveness of network intrusion detection systems, predominantly based on machine learning, is highly influenced by the dataset they are trained on. Ensuring an accurate reflection of the multifaceted nature of benign and malicious traffic in these datasets is paramount for creating IDS models capable of recognizing and responding to a wide...

p>Future wireless networks must incorporate awareness, adaptability, and intelligence as fundamental building elements in order to meet the wide range of requirements of the next-generation communication systems. Wireless sensing techniques can be used to gather awareness from the radio signals present in the surroundings. However, threats from hos...

p>Future wireless networks must incorporate awareness, adaptability, and intelligence as fundamental building elements in order to meet the wide range of requirements of the next-generation communication systems. Wireless sensing techniques can be used to gather awareness from the radio signals present in the surroundings. However, threats from hos...

Network-based intrusion detection is a widely explored topic in the literature. Yet, despite the promising reported results, designed schemes are rarely used in production environments. Apart from evolving as time passes, the behavior of network traffic varies significantly, rendering proposed schemes unreliable for real-world application. This pap...

p>Jamming attacks significantly degrade the performance of wireless communication systems and can lead to significant overhead in terms of re-transmissions and increased power consumption. Although different jamming techniques are discussed in the literature, numerous open-source implementations have used expensive equipment in the range of thousan...

p>Jamming attacks significantly degrade the performance of wireless communication systems and can lead to significant overhead in terms of re-transmissions and increased power consumption. Although different jamming techniques are discussed in the literature, numerous open-source implementations have used expensive equipment in the range of thousan...

Blockchain has challenged many of the conventions around digital security. In essence, blockchain supports a decentralized platform maintained by peers instead of a single entity. Furthermore, the data in the blockchain is immutable and is being held in a secure and encrypted way. However, running the blockchain on resource-limited devices, such as...

As the number of heterogenous IP-connected devices and traffic volume increase, so does the potential for security breaches. The undetected exploitation of these breaches can bring severe cybersecurity and privacy risks. In this paper, we present a practical unsupervised anomaly-based deep learning detection system called ARCADE (Adversarially Regu...

Machine learning mechanisms for network intrusion detection systems lack accurate evaluation, comparison, and deployment due to the scarcity of well-constructed datasets. In this paper, we propose a statistical analysis of the features contained in four highly used security datasets. We conclude that the analyzed datasets should not be used as a be...

As the number of heterogenous IP-connected devices and traffic volume increase, so does the potential for security breaches. The undetected exploitation of these breaches can bring severe cybersecurity and privacy risks. Anomaly-based IDS play an essential role in network security. In this paper, we present a practical unsupervised anomaly-based de...

Jamming attacks significantly degrade the performance of wireless communication systems and can lead to significant overhead in terms of re-transmissions and increased power consumption. Although different jamming techniques are discussed in the literature, numerous open-source implementations have used expensive equipment in the range of thousands...

This paper proposes a novel lightweight authentication protocol for fast and efficient continuous authentication of constrained Internet of Things (IoT) mesh network devices. An initial static authentication takes place at the beginning of a session, during which the secret is securely shared between two parties. Once the session is established, th...

Este artigo propõe a aplicação de filtros de Bloom para a geração de resumos de dados bidimensionais a partir de fluxos em uma janela de uso da rede formando um mapa de bits. Após a geração dos resumos, o artigo aplica o aprendizado profundo, composto por camadas de rede neural convolucional, para a segmentação do mapa de bits. A segmentação do mapa...

Late detection of security breaches increases the risk of irreparable damages and limits any mitigation attempts. We propose a fast and accurate threat detection and prevention architecture that combines the advantages of real-time streaming with batch processing over a historical database. We create a dataset by capturing both legitimate and malic...

UAVs are increasingly appearing in swarms or formations to leverage cooperative behavior, forming flying ad hoc networks. These UAV-enabled networks can meet several complex mission requirements and are seen as a potential enabler for many of the emerging use-cases in future communication networks. Such networks, however, are characterized by a hig...

The epidemic spread of fake news is a side effect of the expansion of social networks to circulate news, in contrast to traditional mass media such as newspapers, magazines, radio, and television. Human inefficiency to distinguish between true and false facts exposes fake news as a threat to logical truth, democracy, journalism, and credibility in...

In this paper we focus on knowledge extraction from large-scale wireless networks through stream processing. We present the primary methods for sampling, data collection, and monitoring of wireless networks and we characterize knowledge extraction as a machine learning problem on big data stream processing. We show the main trends in big data strea...

that explore the applications without executing its code. Such analysis includes examining the source or binary code, or even evaluating the APK requested permissions. Sophisticated malware, however, uses code obfuscation techniques to avoid static analysis detection. On the other hand, the dynamic analysis relies on monitoring malware behavior by...

In this paper we focus on knowledge extraction from large-scale wireless networks through stream processing. We present the primary methods for sampling, data collection, and monitoring of wireless networks and we characterize knowledge extraction as a machine learning problem on big data stream processing. We show the main trends in big data strea...

In this paper we focus on knowledge extraction from large-scale wireless networks through stream processing. We present the primary methods for sampling, data collection, and monitoring of wireless networks and we characterize knowledge extraction as a machine learning problem on big data stream processing. We show the main trends in big data strea...

The funding information in the original manuscript is incorrect, the correct information should be the below:

Covert mining of cryptocurrency implies the use of valuable computing resources and high energy consumption. In this paper, we propose MineCap, a dynamic online mechanism for detecting and blocking covert cryptocurrency mining flows, using machine learning on software-defined networking. The proposed mechanism relies on Spark Streaming for online p...

The late detection of security threats causes a significant increase in the risk of irreparable damages, disabling any defense attempt. As a consequence, fast real-time threat detection is mandatory for security guarantees. In addition, Network Function Virtualization (NFV) provides new opportunities for efficient and low-cost security solutions. W...

Covert mining of cryptocurrency implies the use of valuable computing resources and high energy consumption. In this paper, we propose MineCap, a dynamic online mechanism for detecting and blocking covert cryptocurrency mining flows, using machine learning on software-defined networking. MineCap uses a novel technique called super incremental learn...

A mineração não autorizada de criptomoedas implica o uso de valiosos recursos de computação e o alto consumo de energia. Este artigo propõe o mecanismo MineCap, um mecanismo dinâmico e em linha para detectar e bloquear fluxos de mineração não autorizada de criptomoedas, usando o aprendizado de máquina em redes definidas por software. O MineCap desenv...

The late detection of security threats causes a significant increase in the risk of irreparable damages and restricts any defense attempt. In this paper, we propose a sCAlable TRAffic Classifier and Analyzer (CATRACA). CATRACA works as an efficient online Intrusion Detection and Prevention System implemented as a Virtualized Network Function. CATRA...

In this chapter, we focus on knowledge extraction from large wireless networks through stream processing. We present the primary methods of sampling, data collection and monitoring of wireless networks and we characterize knowledge extraction as a machine learning problem on big data stream processing. The Apache Spark and Apache Flink are the main...

Identifying a network misuse takes days or even weeks, and network administrators usually neglect zero-day threats until a large number of malicious users exploit them. Besides, security applications, such as anomaly detection and attack mitigation systems, must apply real-time monitoring to reduce the impacts of security incidents. Thus, informati...

The late detection of security threats causes a significant increase in the risk of irreparable damages, disabling any defense attempt. As a consequence, fast realtime threat detection is mandatory for security guarantees. In addition, Network Function Virtualization (NFV) provides new opportunities for efficient and low-cost security solutions. We...

The late detection of security threats causes a significant increase in the risk of irreparable damages, disabling any defense attempt. As a consequence, fast real-time threat detection is mandatory for security administration. In addition, Network Function Virtualization (NFV) provides new opportunities for efficient and low-cost security solution...

O aumento de dispositivos conectados à Internet das Coisas resulta em ataques de exploração de vulnerabilidades em escalas inimagináveis. Portanto, detectar com eficiência varredura de portas e ataques distribuídos de negação de serviço torna-se essencial. Este artigo propõe um sistema de detecção, em linha (online), de ameaças distribuídas de rede...

A Virtualização de Funções de Rede (Network Function Virtualization-NFV) possibilita o provisionamento e a composição sob demanda de uma cadeia de função de rede criada sob medida para atender requisitos de uma aplicação ou serviço. Esta funcionalidade é necessária para prover segurança de redes empresariais e infraestruturas críticas que dependem...

The late detection of security threats causes a significant increase in the risk of irreparable damages, restricting any defense attempt. In this paper, we propose the CATRACA tool, an efficient online Intrusion Detection and Prevention System implemented as a Network Virtualized Function. The tool is based on a Big Data Streaming processing system...

Atacantes criam novas ameaças e constantemente mudam seu comportamento para enganar os sistemas de segurança atuais. Aliás, as ameaças são detectadas em dias ou semanas, enquanto uma contramedida deve ser imediatamente efetuada para evitar ou reduzir prejuízos. Este artigo propõe um sistema adaptativo de detecção de ameaças que possui um esquema ba...

Security applications such as anomaly detection and attack mitigation need real-time monitoring to reduce risk. Information processing time should be as small as possible to enable an effective defense against attacks. In this paper, we present a fast and efficient feature-selection algorithm for network traffic classification based on the correlat...

Universidade Federal do Rio de Janeiro (UFRJ) Rio de Janeiro – RJ – Brasil Resumo. A segurança do acesso à Internet banda larga reside na implantação de políticas de perímetro e na adoção de listas de controle de acesso. Essas me-didas são precárias, pois se baseiam em perfis comuns e pouco atualizados de ameaças aos usuários residenciais. Este art...

The late detection of security threats causes a significant increase of the risk of irreparable damages, disabling any defense attempt. Although very hard to analyze, attacks always leave traces that can be detected. This paper proposes a real time streaming threat detection system based on machine learning algorithms. The system architecture combi...

Real-time stream processing extracts knowledge from large continuous streams of data in applications such as Internet of things and traffic monitoring. This article proposes a structural analysis and a performance evaluation of native stream processing systems Storm and Flink and the micro-batch processing Spark Streaming. These systems process con...

Internal users are the main causes of anomalous and suspicious behaviors in a communication network. Even when traditional security middleboxes are present, internal attacks may lead the network to outages or to leakage of sensitive information. In this article, we propose BroFlow, an Intrusion Detection and Prevention System based on Bro traffic a...

This paper presents BroFlow, an Intrusion Detection and Prevention System based on Bro traffic analyzer, and on the global network-view feature of OpenFlow Application Programming Interface. BroFlow main contributions are: i) dynamic and elastic resource provision of machines under demand; ii) real-time detection of DoS attacks through simple algor...

Internal users are the main causes of anomalous and suspicious behavior of a network. Even when traditional security middleboxes are present, internal attacks can lead the network to an outage or to a leakage of security information. This paper introduces BroFlow+, an Intrusion Detection and Prevention System (IDPS) that employs multiple sensors wh...

Intrusion Detection and Prevention Systems are fundamental to in-spect real-time network traffic, seeking abnormal patterns caused by intruders or insider misuse, to ensure communication systems security. Moreover, this is the only effective mechanism to detect attacks from internal authenticated users. This paper proposes BroFlow, an Intrusion Det...

The technique of network virtualization allows multiple networks to coexist on the same physical substrate, catering to different requirements. However, network virtualization still presents major challenges in security and resources management. This paper proposes an elastic architecture for intru-sion prevention in virtual networks. The proposal...

Intrusion Detection and Prevention Systems are fundamental to inspect real-time network traffic, seeking abnormal patterns caused by intruders or insider misuse, to ensure communication systems security. Moreover, this is the only effective mecha- nism to detect attacks from internal authenticated users. We propose BroFlow, an Intrusion Detection a...

Most of current attacks comes from trusted hosts and cannot be detected or prevented by firewall, access control, and cryptographic mechanisms. Therefore, Intrusion Detection and Prevention Systems (IDPS) are mandatory to monitor and inspect real-time network traffic, looking for abnormal patterns caused by intruders or insider abuses. In this pape...

Future Internet Testbed with Security (FITS) is a testbed for experimenting Next-Generation Internet proposals that provides two virtualization schemes based on Xen and on OpenFlow. Experimenting new protocol proposals for the Future Internet requires a realistic condition environment for packet forwarding. FITS nodes are spread in Brazilian and Eu...

Smart grids represent an evolution of the current electrical system. Their key idea is to add intelligence to the power grid, through computing and communication technologies which enable real-time data collection, and autonomous monitoring and control of the grid. The main goal is to ensure greater reliability, efficiency, and quality to the power...

This paper describes the implementation of a wireless remote monitoring and control system of a solar photovoltaic distributed generator (PV-DG) for microgrids applications. To this aim, a small-scale PV-DG system is implemented using a 1.28 kWp assembly of PV polycrystalline modules connected to a single-phase utility grid through a commercial inv...