Cookies
O website necessita de alguns cookies e outros recursos semelhantes para funcionar. Caso o permita, o INESC TEC irá utilizar cookies para recolher dados sobre as suas visitas, contribuindo, assim, para estatísticas agregadas que permitem melhorar o nosso serviço. Ver mais
Aceitar Rejeitar
  • Menu
Tópicos
de interesse
Detalhes

Detalhes

  • Nome

    João Soares Resende
  • Cargo

    Investigador Sénior
  • Desde

    01 outubro 2016
Publicações

2023

Online Influence Forest for Streaming Anomaly Detection

Autores
Martins, I; Resende, JS; Gama, J;

Publicação
ADVANCES IN INTELLIGENT DATA ANALYSIS XXI, IDA 2023

Abstract
As the digital world grows, data is being collected at high speed on a continuous and real-time scale. Hence, the imposed imbalanced and evolving scenario that introduces learning from streaming data remains a challenge. As the research field is still open to consistent strategies that assess continuous and evolving data properties, this paper proposes an unsupervised, online, and incremental anomaly detection ensemble of influence trees that implement adaptive mechanisms to deal with inactive or saturated leaves. This proposal features the fourth standardized moment, also known as kurtosis, as the splitting criteria and the isolation score, Shannon's information content, and the influence function of an instance as the anomaly score. In addition to improving interpretability, this proposal is also evaluated on publicly available datasets, providing a detailed discussion of the results.

2022

IoT security certifications: Challenges and potential approaches

Autores
Cirne, A; Sousa, PR; Resende, JS; Antunes, L;

Publicação
COMPUTERS & SECURITY

Abstract
The Internet of Things (IoT) has changed how we interact with the world around us. Many devices are moving from offline to online mode, connecting between them and the Internet, offering more functionality to users. Despite the increase in the quality of life for users provided by IoT devices, it is also necessary to establish trust in the privacy and security of end-users. With this level of connectivity, the amount of data exchanged between devices also increases, inducing malicious activities. One of the main problems is the lack of regulation in the IoT industry, especially between different manufacturers. There are no formal security rules, and manufacturers may not choose to install security mechanisms. Therefore, it is necessary to promote the adoption of security measures. One way to do this is by using IoT devices and systems certification. In recent years, IoT certifications have emerged. Meanwhile, the European Union has passed the Cyber Security Act to unify and regulate security certifications in member states. Our work collects the requirements that different IoT environments and application scenarios impose on certifications and discusses the current certifications' status according to those requirements. In addition, we also explored how EU measures apply to IoT and, where applicable, how certifications implement them, highlighting future research challenges.

2022

Host-based IDS: A review and open issues of an anomaly detection system in IoT

Autores
Martins, I; Resende, JS; Sousa, PR; Silva, S; Antunes, L; Gama, J;

Publicação
FUTURE GENERATION COMPUTER SYSTEMS-THE INTERNATIONAL JOURNAL OF ESCIENCE

Abstract
The Internet of Things (IoT) envisions a smart environment powered by connectivity and heterogeneity where ensuring reliable services and communications across multiple industries, from financial fields to healthcare and fault detection systems, is a top priority. In such fields, data is being collected and broadcast at high speed on a continuous and real-time scale, including IoT in the streaming processing paradigm. Intrusion Detection Systems (IDS) rely on manually defined security policies and signatures that fail to design a real-time solution or prevent zero-day attacks. Therefore, anomaly detection appears as a prominent solution capable of recognizing patterns, learning from experience, and detecting abnormal behavior. However, most approaches do not fit the urged requirements, often evaluated on deprecated datasets not representative of the working environment. As a result, our contributions address an overview of cybersecurity threats in IoT, important recommendations for a real-time IDS, and a real-time dataset setting to evaluate a security system covering multiple cyber threats. The dataset used to evaluate current host-based IDS approaches is publicly available and can be used as a benchmark by the community.

2022

Threat Detection and Mitigation with Honeypots: A Modular Approach for IoT

Autores
Silva, S; Sousa, PR; Resende, JS; Coelho Antunes, LF;

Publicação
Trust, Privacy and Security in Digital Business - 19th International Conference, TrustBus 2022, Vienna, Austria, August 24, 2022, Proceedings

Abstract
A honeypot is a controlled and secure environment to examine different threats and understand attack patterns. Due to the highly dynamic environments, the growing adoption and use of Internet of Things (IoT) devices make configuring honeypots complex. One of the current literature challenges is the need for a honeypot not to be detected by attackers, namely due to the delays that are required to make requests to external and remote servers. This work focuses on deploying honeypots virtually on IOT devices. With this technology, we can use endpoints to send specific honeypots on recent known vulnerabilities on IOT devices to find and notify attacks within the network, as much of this information is verified and made freely available by government entities. Unlike other approaches, the idea is not to have a fixed honeypot but a set of devices that can be used at any time as a honeypot (adapted to the latest threat) to test the network for a possible problem and then report to Threat Sharing Platform (TSP). © 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.

2022

The case for blockchain in IoT identity management

Autores
Sousa, PR; Resende, JS; Martins, R; Antunes, L;

Publicação
JOURNAL OF ENTERPRISE INFORMATION MANAGEMENT

Abstract
Purpose The aim of this paper is to evaluate the use of blockchain for identity management (IdM) in the context of the Internet of things (IoT) while focusing on privacy-preserving approaches and its applications to healthcare scenarios. Design/methodology/approach The paper describes the most relevant IdM systems focusing on privacy preserving with or without blockchain and evaluates them against ten selected features grouped into three categories: privacy, usability and IoT. Then, it is important to analyze whether blockchain should be used in all scenarios, according to the importance of each feature for different use cases. Findings Based on analysis of existing systems, Sovrin is the IdM system that covers more features and is based on blockchain. For each of the evaluated use cases, Sovrin and UniquID were the chosen systems. Research limitations/implications This paper opens new lines of research for IdM systems in IoT, including challenges related to device identity definition, privacy preserving and new security mechanisms. Originality/value This paper contributes to the ongoing research in IdM systems for IoT. The adequacy of blockchain is not only analyzed considering the technology; instead the authors analyze its application to real environments considering the required features for each use case.

Teses
supervisionadas

2019

Android Security by Introspection

Autor
João Vasco Bispo Estrela

Instituição
INESCTEC