Bruno Bogaz Zarpelão

Bio: Bruno Bogaz Zarpelão is an academic researcher from Universidade Estadual de Londrina. The author has contributed to research in topics: Botnet & Network administrator. The author has an hindex of 12, co-authored 59 publications receiving 430 citations. Previous affiliations of Bruno Bogaz Zarpelão include University College London & University of East London.

Authorship verification applied to detection of compromised accounts on online social networks

Abstract: Compromising legitimate accounts has been the most used strategy to spread malicious content on OSN (Online Social Network). To address this problem, we propose a pure text mining approach to check if an account has been compromised based on its posts content. In the first step, the proposed approach extracts the writing style from the user account. The second step comprehends the k-Nearest Neighbors algorithm (k-NN) to evaluate the post content and identify the user. Finally, Baseline Updating (third step) consists of a continuous updating of the user baseline to support the current trends and seasonality issues of user's posts. Experiments were carried out using a dataset from Twitter composed by tweets of 1000 users. All the three steps were individually evaluated, and the results show that the developed method is stable and can detect the compromised accounts. An important observation is the Baseline Updating contribution, which leads to an enhancement of accuracy superior of 60 %. Regarding average accuracy, the developed method achieved results over 93 %.

IoTDS: A One-Class Classification Approach to Detect Botnets in Internet of Things Devices.

Abstract: Internet of Things (IoT) devices have become increasingly widespread. Despite their potential of improving multiple application domains, these devices have poor security, which can be explored by attackers to build large-scale botnets. In this work, we propose a host-based approach to detect botnets in IoT devices, named IoTDS (Internet of Things Detection System). It relies on one-class classifiers, which model only the legitimate device behaviour for further detection of deviations, avoiding the manual labelling process. The proposed solution is underpinned by a novel agent-manager architecture based on HTTPS, which prevents the IoT device from being overloaded by the training activities. To analyse the device's behaviour, the approach extracts features from the device's CPU utilisation and temperature, memory consumption, and number of running tasks, meaning that it does not make use of network traffic data. To test our approach, we used an experimental IoT setup containing a device compromised by bot malware. Multiple scenarios were made, including three different IoT device profiles and seven botnets. Four one-class algorithms (Elliptic Envelope, Isolation Forest, Local Outlier Factor, and One-class Support Vector Machine) were evaluated. The results show the proposed system has a good predictive performance for different botnets, achieving a mean F1-score of 94% for the best performing algorithm, the Local Outlier Factor. The system also presented a low impact on the device's energy consumption, and CPU and memory utilisation.

Modelling the Spread of Botnet Malware in IoT-Based Wireless Sensor Networks

Abstract: The propagation approach of a botnet largely dictates its formation, establishing a foundation of bots for future exploitation. The chosen propagation method determines the attack surface and, consequently, the degree of network penetration, as well as the overall size and the eventual attack potency. It is therefore essential to understand propagation behaviours and influential factors in order to better secure vulnerable systems. Whilst botnet propagation is generally well studied, newer technologies like IoT have unique characteristics which are yet to be thoroughly explored. In this paper, we apply the principles of epidemic modelling to IoT networks consisting of wireless sensor nodes. We build IoT-SIS , a novel propagation model which considers the impact of IoT-specific characteristics like limited processing power, energy restrictions, and node density on the formation of a botnet. Focusing on worm-based propagation, this model is used to explore the dynamics of spread using numerical simulations and the Monte Carlo method to discuss the real-life implications of our findings.

Anomaly detection using baseline and K-means clustering

Abstract: Anomaly detection refers to methods that provide warnings of unusual behaviors which may compromise the security and performance of communication networks. In this paper it is proposed a novel model for network anomaly detection combining baseline, K-means clustering and particle swarm optimization (PSO). The baseline consists of network traffic normal behavior profiles, generated by the application of Baseline for Automatic Backbone Management (BLGBA) model in SNMP historical network data set, while K-means is a supervised learning clustering algorithm used to recognize patterns or features in data sets. In order to escape from local optima problem, the K-means is associated to PSO, which is a meta-heuristic whose main characteristics include low computational complexity and small number of input parameters dependence. The proposed anomaly detection approach classifies data clusters from baseline and real traffic using the K-means combined with PSO. Anomalous behaviors can be identified by comparing the distance between real traffic and cluster centroids. Tests were performed in the network of State University of Londrina and the obtained detection and false alarm rates are promising.

A survey on nature inspired metaheuristic algorithms for partitional clustering

Abstract: The partitional clustering concept started with K-means algorithm which was published in 1957. Since then many classical partitional clustering algorithms have been reported based on gradient descent approach. The 1990 kick started a new era in cluster analysis with the application of nature inspired metaheuristics. After initial formulation nearly two decades have passed and researchers have developed numerous new algorithms in this field. This paper embodies an up-to-date review of all major nature inspired metaheuristic algorithms employed till date for partitional clustering. Further, key issues involved during formulation of various metaheuristics as a clustering problem and major application areas are discussed.

Strategic planning for information systems

Abstract: Want to get experience? Want to get any ideas to create new things in your life? Read strategic planning for information systems now! By reading this book as soon as possible, you can renew the situation to get the inspirations. Yeah, this way will lead you to always think more and more. In this case, this book will be always right for you. When you can observe more about the book, you will know why you need this.

Smart Cities: A Survey on Data Management, Security, and Enabling Technologies

Abstract: Integrating the various embedded devices and systems in our environment enables an Internet of Things (IoT) for a smart city. The IoT will generate tremendous amount of data that can be leveraged for safety, efficiency, and infotainment applications and services for city residents. The management of this voluminous data through its lifecycle is fundamental to the realization of smart cities. Therefore, in contrast to existing surveys on smart cities we provide a data-centric perspective, describing the fundamental data management techniques employed to ensure consistency, interoperability, granularity, and reusability of the data generated by the underlying IoT for smart cities. Essentially, the data lifecycle in a smart city is dependent on tightly coupled data management with cross-cutting layers of data security and privacy, and supporting infrastructure. Therefore, we further identify techniques employed for data security and privacy, and discuss the networking and computing technologies that enable smart cities. We highlight the achievements in realizing various aspects of smart cities, present the lessons learned, and identify limitations and research challenges.

A Survey of Random Forest Based Methods for Intrusion Detection Systems

Abstract: Over the past decades, researchers have been proposing different Intrusion Detection approaches to deal with the increasing number and complexity of threats for computer systems. In this context, Random Forest models have been providing a notable performance on their applications in the realm of the behaviour-based Intrusion Detection Systems. Specificities of the Random Forest model are used to provide classification, feature selection, and proximity metrics. This work provides a comprehensive review of the general basic concepts related to Intrusion Detection Systems, including taxonomies, attacks, data collection, modelling, evaluation metrics, and commonly used methods. It also provides a survey of Random Forest based methods applied in this context, considering the particularities involved in these models. Finally, some open questions and challenges are posed combined with possible directions to deal with them, which may guide future works on the area.

Passban IDS: An Intelligent Anomaly-Based Intrusion Detection System for IoT Edge Devices

Abstract: Cyber-threat protection is today’s one of the most challenging research branches of information technology, while the exponentially increasing number of tiny, connected devices able to push personal data to the Internet is doing nothing but exacerbating the battle between the involved parties. Thus, this protection becomes crucial with a typical Internet-of-Things (IoT) setup, as it usually involves several IoT-based data sources interacting with the physical world within various application domains, such as agriculture, health care, home automation, critical industrial processes, etc. Unfortunately, contemporary IoT devices often offer very limited security features, laying themselves open to always new and more sophisticated attacks and also inhibiting the expected global adoption of IoT technologies, not to mention millions of IoT devices already deployed without any hardware security support. In this context, it is crucial to develop tools able to detect such cyber threats. In this article, we present Passban, an intelligent intrusion detection system (IDS) able to protect the IoT devices that are directly connected to it. The peculiarity of the proposed solution is that it can be deployed directly on very cheap IoT gateways (e.g., single-board PCs currently costing few tens of U.S. dollars), hence taking full advantage of the edge computing paradigm to detect cyber threats as close as possible to the corresponding data sources. We will demonstrate that Passban is able to detect various types of malicious traffic, including Port Scanning, HTTP and SSH Brute Force, and SYN Flood attacks with very low false positive rates and satisfactory accuracies.