Cookies
O website necessita de alguns cookies e outros recursos semelhantes para funcionar. Caso o permita, o INESC TEC irá utilizar cookies para recolher dados sobre as suas visitas, contribuindo, assim, para estatísticas agregadas que permitem melhorar o nosso serviço. Ver mais
Aceitar Rejeitar
  • Menu
Sobre

Sobre

Professor Coordenador no Departamento de Engenharia Informática da ESTG-Leiria (Instituto Politécnico de Leiria) e investigador no CRACS.

É doutorado em Ciência dos Computadores pela Universidade do Porto; mestre em Informática, ramo de sistemas e redes, também pela Universidade do Porto; licenciado em Engenharia Informática pelo Instituto Superior de Engenharia do Porto.

Coordena atualmente o Mestrado em Cibersegurança e Informática Forense no IPLeiria e é responsável pela lecionação de unidades curriculares na área das redes de computadores, administração de sistemas e redes, segurança de redes, tecnologias de cloud e infraestruturas de datacenters.

As principais áreas de investigação incluem os algoritmos imuno-inspirados para a deteção automática de anomalias, algoritmos de classificação e deteção usando ensembles, aprendizagem em sistemas dinâmicos e com base temporal.

Detém igualmente experiência empresarial como gestor de projetos TI e administrador de sistemas.

Tópicos
de interesse
Detalhes

Detalhes

  • Nome

    Mário João Antunes
  • Cargo

    Investigador Sénior
  • Desde

    01 janeiro 2009
Publicações

2024

Uncovering Manipulated Files Using Mathematical Natural Laws

Autores
Fernandes, P; Ciardhuáin, SO; Antunes, M;

Publicação
PROGRESS IN PATTERN RECOGNITION, IMAGE ANALYSIS, COMPUTER VISION, AND APPLICATIONS, CIARP 2023, PT I

Abstract
The data exchange between different sectors of society has led to the development of electronic documents supported by different reading formats, namely portable PDF format. These documents have characteristics similar to those used in programming languages, allowing the incorporation of potentially malicious code, which makes them a vector for cyberattacks. Thus, detecting anomalies in digital documents, such as PDF files, has become crucial in several domains, such as finance, digital forensic analysis and law enforcement. Currently, detection methods are mostly based on machine learning and are characterised by being complex, slow and mainly inefficient in detecting zero-day attacks. This paper aims to propose a Benford Law (BL) based model to uncover manipulated PDF documents by analysing potential anomalies in the first digit extracted from the PDF document's characteristics. The proposed model was evaluated using the CIC Evasive PDFMAL-2022 dataset, consisting of 1191 documents (278 benign and 918 malicious). To classify the PDF documents, based on BL, into malicious or benign documents, three statistical models were used in conjunction with the mean absolute deviation: the parametric Pearson and the non-parametric Spearman and Cramer-Von Mises models. The results show a maximum F1 score of 87.63% in detecting malicious documents using Pearson's model, demonstrating the suitability and effectiveness of applying Benford's Law in detecting anomalies in digital documents to maintain the accuracy and integrity of information and promoting trust in systems and institutions.

2024

Dvorak: A Browser Credential Dumping Malware

Autores
Areia, J; Santos, B; Antunes, M;

Publicação
Proceedings of the 21st International Conference on Security and Cryptography, SECRYPT 2024, Dijon, France, July 8-10, 2024.

Abstract
Memorising passwords poses a significant challenge for individuals, leading to the increasing adoption of password managers, particularly browser password managers. Despite their benefits to users’ daily routines, the use of these tools introduces new vulnerabilities to web and network security. This paper aims to investigate these vulnerabilities and analyse the security mechanisms of browser-based password managers integrated into Google Chrome, Microsoft Edge, Opera GX, Mozilla Firefox, and Brave. Through malware development and deployment, Dvorak is capable of extracting essential files from the browser’s password manager for subsequent decryption. To assess Dvorak functionalities we conducted a controlled security analysis across all aforementioned browsers. Our findings reveal that the designed malware successfully retrieves all stored passwords from the tested browsers when no master password is used. However, the results differ depending on whether a master password is used. A comparison between browsers is made, based on the results of the malware. The paper ends with recommendations for potential strategies to mitigate these security concerns. © 2024 by SCITEPRESS – Science and Technology Publications, Lda.

2024

Unveiling Malicious Network Flows Using Benford's Law

Autores
Fernandes, P; Ciardhuáin, SO; Antunes, M;

Publicação
MATHEMATICS

Abstract
The increasing proliferation of cyber-attacks threatening the security of computer networks has driven the development of more effective methods for identifying malicious network flows. The inclusion of statistical laws, such as Benford's Law, and distance functions, applied to the first digits of network flow metadata, such as IP addresses or packet sizes, facilitates the detection of abnormal patterns in the digits. These techniques also allow for quantifying discrepancies between expected and suspicious flows, significantly enhancing the accuracy and speed of threat detection. This paper introduces a novel method for identifying and analyzing anomalies within computer networks. It integrates Benford's Law into the analysis process and incorporates a range of distance functions, namely the Mean Absolute Deviation (MAD), the Kolmogorov-Smirnov test (KS), and the Kullback-Leibler divergence (KL), which serve as dispersion measures for quantifying the extent of anomalies detected in network flows. Benford's Law is recognized for its effectiveness in identifying anomalous patterns, especially in detecting irregularities in the first digit of the data. In addition, Bayes' Theorem was implemented in conjunction with the distance functions to enhance the detection of malicious traffic flows. Bayes' Theorem provides a probabilistic perspective on whether a traffic flow is malicious or benign. This approach is characterized by its flexibility in incorporating new evidence, allowing the model to adapt to emerging malicious behavior patterns as they arise. Meanwhile, the distance functions offer a quantitative assessment, measuring specific differences between traffic flows, such as frequency, packet size, time between packets, and other relevant metadata. Integrating these techniques has increased the model's sensitivity in detecting malicious flows, reducing the number of false positives and negatives, and enhancing the resolution and effectiveness of traffic analysis. Furthermore, these techniques expedite decisions regarding the nature of traffic flows based on a solid statistical foundation and provide a better understanding of the characteristics that define these flows, contributing to the comprehension of attack vectors and aiding in preventing future intrusions. The effectiveness and applicability of this joint method have been demonstrated through experiments with the CICIDS2017 public dataset, which was explicitly designed to simulate real scenarios and provide valuable information to security professionals when analyzing computer networks. The proposed methodology opens up new perspectives in investigating and detecting anomalies and intrusions in computer networks, which are often attributed to cyber-attacks. This development culminates in creating a promising model that stands out for its effectiveness and speed, accurately identifying possible intrusions with an F1 of nearly 80%, a recall of 99.42%, and an accuracy of 65.84%.

2023

Benford's law applied to digital forensic analysis

Autores
Fernandes, P; Antunes, M;

Publicação
FORENSIC SCIENCE INTERNATIONAL-DIGITAL INVESTIGATION

Abstract
Tampered digital multimedia content has been increasingly used in a wide set of cyberattacks, chal-lenging criminal investigations and law enforcement authorities. The motivations are immense and range from the attempt to manipulate public opinion by disseminating fake news to digital kidnapping and ransomware, to mention a few cybercrimes that use this medium as a means of propagation.Digital forensics has recently incorporated a set of computational learning-based tools to automatically detect manipulations in digital multimedia content. Despite the promising results attained by machine learning and deep learning methods, these techniques require demanding computational resources and make digital forensic analysis and investigation expensive. Applied statistics techniques have also been applied to automatically detect anomalies and manipulations in digital multimedia content by statisti-cally analysing the patterns and features. These techniques are computationally faster and have been applied isolated or as a member of a classifier committee to boost the overall artefact classification.This paper describes a statistical model based on Benford's Law and the results obtained with a dataset of 18000 photos, being 9000 authentic and the remaining manipulated.Benford's Law dates from the 18th century and has been successfully adopted in digital forensics, namely in fraud detection. In the present investigation, Benford's law was applied to a set of features (colours, textures) extracted from digital images. After extracting the first digits, the frequency with which they occurred in the set of values obtained from that extraction was calculated. This process allowed focusing the investigation on the behaviour with which the frequency of each digit occurred in comparison with the frequency expected by Benford's law.The method proposed in this paper for applying Benford's Law uses Pearson's and Spearman's corre-lations and Cramer-Von Mises (CVM) fitting model, applied to the first digit of a number consisting of several digits, obtained by extracting digital photos features through Fast Fourier Transform (FFT) method.The overall results obtained, although not exceeding those attained by machine learning approaches, namely Support Vector Machines (SVM) and Convolutional Neural Networks (CNN), are promising, reaching an average F1-score of 90.47% when using Pearson correlation. With non-parametric approaches, namely Spearman correlation and CVM fitting model, an F1-Score of 56.55% and 76.61% were obtained respec-tively. Furthermore, the Pearson's model showed the highest homogeneity compared to the Spearman's and CVM models in detecting manipulated images, 8526, and authentic ones, 7662, due to the strong correlation between the frequencies of each digit and the frequency expected by Benford's law.The results were obtained with different feature sets length, ranging from 3000 features to the totality of the features available in the digital image. However, the investigation focused on extracting 1000 features since it was concluded that increasing the features did not imply an improvement in the results.The results obtained with the model based on Benford's Law compete with those obtained from the models based on CNN and SVM, generating confidence regarding its application as decision support in a criminal investigation for the identification of manipulated images.& COPY; 2023 Elsevier Ltd. All rights reserved.

2023

The use of gamification on cybersecurity awareness of healthcare professionals

Autores
Carreiro, A; Silva, C; Antunes, M;

Publicação
CENTERIS 2023 - International Conference on ENTERprise Information Systems / ProjMAN - International Conference on Project MANagement / HCist - International Conference on Health and Social Care Information Systems and Technologies 2023, Porto, Portugal, November 8-10, 2023.

Abstract
Cybersecurity has a major impact on the healthcare sector, mainly due to the sensitive data and vital medical devices that, when an attack occurs, may compromise the life, safety, and well-being of the patients. However, those institutions fail on implementing correct system protection policies and providing adequate programs for cybersecurity training and raising cybersecurity awareness. Healthcare professionals develop their academic courses focusing on providing the best care for the patients, studying guidelines, treatment protocols, and diagnostic criteria. However, there are insufficient subjects dedicated to the development of digital literacy to match the requisites of the daily challenges of those professionals, with human error being the main cause of data breaches worldwide. So, developing training programs to face the cybersecurity day-to-day threats is mandatory. Broadly speaking, traditional training programs seem to fail on retaining students' motivation, engagement, and long-term knowledge acquisition, being time-consuming and challenging in scheduling and planning. To face this situation, new techniques, such as gamification, have emerged, with promising results on motivation and engagement, allowing the users to be the center of the training programs, matching the strategy to their levels of knowledge and preferences. This paper aims to identify the existing gamified approaches available, review the state-of-the-art related to gamification and cybersecurity training, and elaborates on how they can be successfully applied to training programs for healthcare professionals. © 2024 Elsevier B.V.. All rights reserved.

Teses
supervisionadas

Using telemedicine WebRTC tests in hospital environment

Autor
Dário Gabriel da Cruz Santos

Instituição
IPLeiria

Uma implementação open source de um serviço de cloud do tipo IaaS

Autor
João Vitoria Santos

Instituição
IPLeiria