Catálogo de publicaciones - revistas

<jats:p>Deep Learning (DL) is a disruptive technology that has changed the landscape of cyber security research. Deep learning models have many advantages over traditional Machine Learning (ML) models, particularly when there is a large amount of data available. Android malware detection or classification qualifies as a big data problem because of the fast booming number of Android malware, the obfuscation of Android malware, and the potential protection of huge values of data assets stored on the Android devices. It seems a natural choice to apply DL on Android malware detection. However, there exist challenges for researchers and practitioners, such as choice of DL architecture, feature extraction and processing, performance evaluation, and even gathering adequate data of high quality. In this survey, we aim to address the challenges by systematically reviewing the latest progress in DL-based Android malware detection and classification. We organize the literature according to the DL architecture, including FCN, CNN, RNN, DBN, AE, and hybrid models. The goal is to reveal the research frontier, with the focus on representing code semantics for Android malware detection. We also discuss the challenges in this emerging field and provide our view of future research opportunities and directions.</jats:p>

<jats:p>Smart Home Personal Assistants (SPA) are an emerging innovation that is changing the means by which home users interact with technology. However, several elements expose these systems to various risks: (i) the open nature of the voice channel they use, (ii) the complexity of their architecture, (iii) the AI features they rely on, and (iv) their use of a wide range of underlying technologies. This article presents an in-depth review of SPA’s security and privacy issues, categorizing the most important attack vectors and their countermeasures. Based on this, we discuss open research challenges that can help steer the community to tackle and address current security and privacy issues in SPA. One of our key findings is that even though the attack surface of SPA is conspicuously broad and there has been a significant amount of recent research efforts in this area, research has so far focused on a small part of the attack surface, particularly on issues related to the interaction between the user and the SPA devices. To the best of our knowledge, this is the first article to conduct such a comprehensive review and characterization of the security and privacy issues and countermeasures of SPA.</jats:p>

<jats:p>In recent years, cybersecurity certification is gaining momentum as the baseline to build a structured approach to mitigate cybersecurity risks in the Internet of Things (IoT). This initiative is driven by industry, governmental institutions, and research communities, which have the goal to make IoT more secure for the end-users. In this survey, we analyze the current cybersecurity certification schemes, as well as the potential challenges to make them applicable for the IoT ecosystem. We also examine current efforts related to risk assessment and testing processes, which are widely recognized as the processes to build a cybersecurity certification framework. Our work provides a multidisciplinary perspective of a possible IoT cybersecurity certification framework by integrating research and technical tools and processes with policies and governance structures, which are analyzed against a set of identified challenges. This survey is intended to give a comprehensive overview of cybersecurity certification to facilitate the definition of a framework that fits in emerging scenarios, such as the IoT paradigm.</jats:p>

<jats:p>The abnormal energy consumption of Android applications is a significant problem faced by developers and users. In recent years, researchers have invested their efforts to develop energy diagnosis tools that pinpoint and fix the energy bugs from source code automatically. These tools use traditional software engineering methods such as program analysis, refactoring, software repair, and bug localization to diagnose energy inefficiencies. Existing surveys focus only on energy measurement techniques and profiling tools and do not consider automated energy diagnosis tools. Therefore, this article organizes state of the art by surveying 25 relevant studies on Android applications’ automatic energy diagnosis. Further, this survey presents a systematic thematic taxonomy of existing approaches from a software engineering perspective. The taxonomy presented in this article would serve as a body of knowledge and help researchers and developers to understand the state of the field better. The future research directions discussed in this article might help prospective researchers to identify suitable topics to improve the current research work in this field.</jats:p>

<jats:p> The data structure at the core of large-scale search engines is the <jats:italic>inverted index</jats:italic> , which is essentially a collection of sorted integer sequences called <jats:italic>inverted lists</jats:italic> . Because of the many documents indexed by such engines and stringent performance requirements imposed by the heavy load of queries, the inverted index stores billions of integers that must be searched efficiently. In this scenario, <jats:italic>index compression</jats:italic> is essential because it leads to a better exploitation of the computer memory hierarchy for faster query processing and, at the same time, allows reducing the number of storage machines. </jats:p> <jats:p>The aim of this article is twofold: first, surveying the encoding algorithms suitable for inverted index compression and, second, characterizing the performance of the inverted index through experimentation.</jats:p>

<jats:p>Over the past few years, there has been an exponential increase in the percentage of people owning and using a smart phone. These devices have sensor-rich touchscreens that can capture sensitive biometric features such as keystroke typing and finger-swiping patterns. Touch-dynamics based behavioural biometrics is a time-based assessment of how a user performs a particular touch task on a mobile device. Several performance-focused surveys already exist. In this article, building upon the existing reviews, we have examined studies on touch-dynamics based behavioural biometrics based on usability and its impact on authentication performance. We also emphasize the need for shifting the focus on usability during performance evaluations by presenting a consolidated list of usability and ergonomic-based factors that influence user interaction and cause performance variations. In this article, we report and review the usability evaluations: user acceptance studies and performance-based studies influencing the user interaction process on three specific touch-dynamics based modalities—signature, keystroke, and swipe. With regards to performance, we present a comparative analysis of error rates and accuracy of various research works undertaken. Additionally, we present a consolidated list of public datasets and discuss evolving vulnerabilities of touch-dynamics based behavioural biometrics, their adopted attack models, and their feasibility. Finally, we present our assessment of this domain's existing unresolved problems that could pave the way for future research.</jats:p>

<jats:p>The working set model for program behavior was invented in 1965. It has stood the test of time in virtual memory management for over 50 years. It is considered the ideal for managing memory in operating systems and caches. Its superior performance was based on the principle of locality, which was discovered at the same time; locality is the observed tendency of programs to use distinct subsets of their pages over extended periods of time. This tutorial traces the development of working set theory from its origins to the present day. We will discuss the principle of locality and its experimental verification. We will show why working set memory management resists thrashing and generates near-optimal system throughput. We will present the powerful, linear-time algorithms for computing working set statistics and applying them to the design of memory systems. We will debunk several myths about locality and the performance of memory systems. We will conclude with a discussion of the application of the working set model in parallel systems, modern shared CPU caches, network edge caches, and inventory and logistics management.</jats:p>

<jats:p>Healthcare cognitive assistants (HCAs) are intelligent systems or agents that interact with users in a context-aware and adaptive manner to improve their health outcomes by augmenting their cognitive abilities or complementing a cognitive impairment. They assist a wide variety of users ranging from patients to their healthcare providers (e.g., general practitioner, specialist, surgeon) in several situations (e.g., remote patient monitoring, emergency response, robotic surgery). While HCAs are critical to ensure personalized, scalable, and efficient healthcare, there exists a knowledge gap in finding the emerging trends, key challenges, design guidelines, and state-of-the-art technologies suitable for developing HCAs. This survey aims to bridge this gap for researchers from multiple domains, including but not limited to cyber-physical systems, artificial intelligence, human-computer interaction, robotics, and smart health. It provides a comprehensive definition of HCAs and outlines a novel, practical categorization of existing HCAs according to their target user role and the underlying application goals. This survey summarizes and assorts existing HCAs based on their characteristic features (i.e., interactive, context-aware, and adaptive) and enabling technological aspects (i.e., sensing, actuation, control, and computation). Finally, it identifies critical research questions and design recommendations to accelerate the development of the next generation of cognitive assistants for healthcare.</jats:p>

<jats:p>Networks play a central role in cyber-security: networks deliver security attacks, suffer from them, defend against them, and sometimes even cause them. This article is a concise tutorial on the large subject of networks and security, written for all those interested in networking, whether their specialty is security or not. To achieve this goal, we derive our focus and organization from two perspectives. The first perspective is that, although mechanisms for network security are extremely diverse, they are all instances of a few patterns. Consequently, after a pragmatic classification of security attacks, the main sections of the tutorial cover the four patterns for providing network security, of which the familiar three are cryptographic protocols, packet filtering, and dynamic resource allocation. Although cryptographic protocols hide the data contents of packets, they cannot hide packet headers. When users need to hide packet headers from adversaries, which may include the network from which they are receiving service, they must resort to the pattern of compound sessions and overlays. The second perspective comes from the observation that security mechanisms interact in important ways, with each other and with other aspects of networking, so each pattern includes a discussion of its interactions.</jats:p>

<jats:p>Security and privacy of users have become significant concerns due to the involvement of the Internet of Things (IoT) devices in numerous applications. Cyber threats are growing at an explosive pace making the existing security and privacy measures inadequate. Hence, everyone on the Internet is a product for hackers. Consequently, Machine Learning (ML) algorithms are used to produce accurate outputs from large complex databases, where the generated outputs can be used to predict and detect vulnerabilities in IoT-based systems. Furthermore, Blockchain (BC) techniques are becoming popular in modern IoT applications to solve security and privacy issues. Several studies have been conducted on either ML algorithms or BC techniques. However, these studies target either security or privacy issues using ML algorithms or BC techniques, thus posing a need for a combined survey on efforts made in recent years addressing both security and privacy issues using ML algorithms and BC techniques. In this article, we provide a summary of research efforts made in the past few years, from 2008 to 2019, addressing security and privacy issues using ML algorithms and BC techniques in the IoT domain. First, we discuss and categorize various security and privacy threats reported in the past 12 years in the IoT domain. We then classify the literature on security and privacy efforts based on ML algorithms and BC techniques in the IoT domain. Finally, we identify and illuminate several challenges and future research directions using ML algorithms and BC techniques to address security and privacy issues in the IoT domain.</jats:p>