-
Anomaly-Flow: A Multi-domain Federated Generative Adversarial Network for Distributed Denial-of-Service Detection
Authors:
Leonardo Henrique de Melo,
Gustavo de Carvalho Bertoli,
Michele Nogueira,
Aldri Luiz dos Santos,
Lourenço Alves Pereira Junior
Abstract:
Distributed denial-of-service (DDoS) attacks remain a critical threat to Internet services, causing costly disruptions. While machine learning (ML) has shown promise in DDoS detection, current solutions struggle with multi-domain environments where attacks must be detected across heterogeneous networks and organizational boundaries. This limitation severely impacts the practical deployment of ML-b…
▽ More
Distributed denial-of-service (DDoS) attacks remain a critical threat to Internet services, causing costly disruptions. While machine learning (ML) has shown promise in DDoS detection, current solutions struggle with multi-domain environments where attacks must be detected across heterogeneous networks and organizational boundaries. This limitation severely impacts the practical deployment of ML-based defenses in real-world settings.
This paper introduces Anomaly-Flow, a novel framework that addresses this critical gap by combining Federated Learning (FL) with Generative Adversarial Networks (GANs) for privacy-preserving, multi-domain DDoS detection. Our proposal enables collaborative learning across diverse network domains while preserving data privacy through synthetic flow generation. Through extensive evaluation across three distinct network datasets, Anomaly-Flow achieves an average F1-score of $0.747$, outperforming baseline models. Importantly, our framework enables organizations to share attack detection capabilities without exposing sensitive network data, making it particularly valuable for critical infrastructure and privacy-sensitive sectors.
Beyond immediate technical contributions, this work provides insights into the challenges and opportunities in multi-domain DDoS detection, establishing a foundation for future research in collaborative network defense systems. Our findings have important implications for academic research and industry practitioners working to deploy practical ML-based security solutions.
△ Less
Submitted 18 March, 2025;
originally announced March 2025.
-
Design and implementation of intelligent packet filtering in IoT microcontroller-based devices
Authors:
Gustavo de Carvalho Bertoli,
Gabriel Victor C. Fernandes,
Pedro H. Borges Monici,
César H. de Araujo Guibo,
Lourenço Alves Pereira Jr.,
Aldri Santos
Abstract:
Internet of Things (IoT) devices are increasingly pervasive and essential components in enabling new applications and services. However, their widespread use also exposes them to exploitable vulnerabilities and flaws that can lead to significant losses. In this context, ensuring robust cybersecurity measures is essential to protect IoT devices from malicious attacks. However, the current solutions…
▽ More
Internet of Things (IoT) devices are increasingly pervasive and essential components in enabling new applications and services. However, their widespread use also exposes them to exploitable vulnerabilities and flaws that can lead to significant losses. In this context, ensuring robust cybersecurity measures is essential to protect IoT devices from malicious attacks. However, the current solutions that provide flexible policy specifications and higher security levels for IoT devices are scarce. To address this gap, we introduce T800, a low-resource packet filter that utilizes machine learning (ML) algorithms to classify packets in IoT devices. We present a detailed performance benchmarking framework and demonstrate T800's effectiveness on the ESP32 system-on-chip microcontroller and ESP-IDF framework. Our evaluation shows that T800 is an efficient solution that increases device computational capacity by excluding unsolicited malicious traffic from the processing pipeline. Additionally, T800 is adaptable to different systems and provides a well-documented performance evaluation strategy for security ML-based mechanisms on ESP32-based IoT systems. Our research contributes to improving the cybersecurity of resource-constrained IoT devices and provides a scalable, efficient solution that can be used to enhance the security of IoT systems.
△ Less
Submitted 30 May, 2023;
originally announced May 2023.
-
How effective is multifactor authentication at deterring cyberattacks?
Authors:
Lucas Augusto Meyer,
Sergio Romero,
Gabriele Bertoli,
Tom Burt,
Alex Weinert,
Juan Lavista Ferres
Abstract:
This study investigates the effectiveness of multifactor authentication (MFA) in protecting commercial accounts from unauthorized access, with an additional focus on accounts with known credential leaks. We employ the benchmark-multiplier method, coupled with manual account review, to evaluate the security performance of various MFA methods in a large dataset of Microsoft Azure Active Directory us…
▽ More
This study investigates the effectiveness of multifactor authentication (MFA) in protecting commercial accounts from unauthorized access, with an additional focus on accounts with known credential leaks. We employ the benchmark-multiplier method, coupled with manual account review, to evaluate the security performance of various MFA methods in a large dataset of Microsoft Azure Active Directory users exhibiting suspicious activity. Our findings reveal that MFA implementation offers outstanding protection, with over 99.99% of MFA-enabled accounts remaining secure during the investigation period. Moreover, MFA reduces the risk of compromise by 99.22% across the entire population and by 98.56% in cases of leaked credentials. We further demonstrate that dedicated MFA applications, such as Microsoft Authenticator, outperform SMS-based authentication, though both methods provide significantly enhanced security compared to not using MFA. Based on these results, we strongly advocate for the default implementation of MFA in commercial accounts to increase security and mitigate unauthorized access risks.
△ Less
Submitted 1 May, 2023;
originally announced May 2023.
-
Generalizing intrusion detection for heterogeneous networks: A stacked-unsupervised federated learning approach
Authors:
Gustavo de Carvalho Bertoli,
Lourenço Alves Pereira Junior,
Aldri Luiz dos Santos,
Osamu Saotome
Abstract:
The constantly evolving digital transformation imposes new requirements on our society. Aspects relating to reliance on the networking domain and the difficulty of achieving security by design pose a challenge today. As a result, data-centric and machine-learning approaches arose as feasible solutions for securing large networks. Although, in the network security domain, ML-based solutions face a…
▽ More
The constantly evolving digital transformation imposes new requirements on our society. Aspects relating to reliance on the networking domain and the difficulty of achieving security by design pose a challenge today. As a result, data-centric and machine-learning approaches arose as feasible solutions for securing large networks. Although, in the network security domain, ML-based solutions face a challenge regarding the capability to generalize between different contexts. In other words, solutions based on specific network data usually do not perform satisfactorily on other networks. This paper describes the stacked-unsupervised federated learning (FL) approach to generalize on a cross-silo configuration for a flow-based network intrusion detection system (NIDS). The proposed approach we have examined comprises a deep autoencoder in conjunction with an energy flow classifier in an ensemble learning task. Our approach performs better than traditional local learning and naive cross-evaluation (training in one context and testing on another network data). Remarkably, the proposed approach demonstrates a sound performance in the case of non-iid data silos. In conjunction with an informative feature in an ensemble architecture for unsupervised learning, we advise that the proposed FL-based NIDS results in a feasible approach for generalization between heterogeneous networks. To the best of our knowledge, our proposal is the first successful approach to applying unsupervised FL on the problem of network intrusion detection generalization using flow-based data.
△ Less
Submitted 28 November, 2022; v1 submitted 1 September, 2022;
originally announced September 2022.
-
Bridging the gap to real-world for network intrusion detection systems with data-centric approach
Authors:
Gustavo de Carvalho Bertoli,
Lourenço Alves Pereira Junior,
Filipe Alves Neto Verri,
Aldri Luiz dos Santos,
Osamu Saotome
Abstract:
Most research using machine learning (ML) for network intrusion detection systems (NIDS) uses well-established datasets such as KDD-CUP99, NSL-KDD, UNSW-NB15, and CICIDS-2017. In this context, the possibilities of machine learning techniques are explored, aiming for metrics improvements compared to the published baselines (model-centric approach). However, those datasets present some limitations a…
▽ More
Most research using machine learning (ML) for network intrusion detection systems (NIDS) uses well-established datasets such as KDD-CUP99, NSL-KDD, UNSW-NB15, and CICIDS-2017. In this context, the possibilities of machine learning techniques are explored, aiming for metrics improvements compared to the published baselines (model-centric approach). However, those datasets present some limitations as aging that make it unfeasible to transpose those ML-based solutions to real-world applications. This paper presents a systematic data-centric approach to address the current limitations of NIDS research, specifically the datasets. This approach generates NIDS datasets composed of the most recent network traffic and attacks, with the labeling process integrated by design.
△ Less
Submitted 8 January, 2022; v1 submitted 25 October, 2021;
originally announced October 2021.
-
A-star path planning simulation for UAS Traffic Management (UTM) application
Authors:
Carlos Augusto Pötter Neto,
Gustavo de Carvalho Bertoli,
Osamu Saotome
Abstract:
This paper presents a Robot Operating System and Gazebo application to calculate and simulate an optimal route for a drone in an urban environment by developing new ROS packages and executing them along with open-source tools. Firstly, the current regulations about UAS are presented to guide the building of the simulated environment, and multiple path planning algorithms are reviewed to guide the…
▽ More
This paper presents a Robot Operating System and Gazebo application to calculate and simulate an optimal route for a drone in an urban environment by developing new ROS packages and executing them along with open-source tools. Firstly, the current regulations about UAS are presented to guide the building of the simulated environment, and multiple path planning algorithms are reviewed to guide the search method selection. After selecting the A-star algorithm, both the 2D and 3D versions of them were implemented in this paper, with both Manhattan and Euclidean distances heuristics. The performance of these algorithms was evaluated considering the distance to be covered by the drone and the execution time of the route planning method, aiming to support algorithm's choice based on the environment in which it will be applied. The algorithm execution time was 3.2 and 17.2 higher when using the Euclidean distance for the 2D and 3D A-star algorithm, respectively. Along with the performance analysis of the algorithm, this paper is also the first step for building a complete UAS Traffic Management (UTM) system simulation using ROS and Gazebo.
△ Less
Submitted 27 July, 2021;
originally announced July 2021.
-
Superconvergence of the Strang splitting when using the Crank-Nicolson scheme for parabolic PDEs with Dirichlet and oblique boundary conditions
Authors:
Guillaume Bertoli,
Christophe Besse,
Gilles Vilmart
Abstract:
We show that the Strang splitting method applied to a diffusion-reaction equation with inhomogeneous general oblique boundary conditions is of order two when the diffusion equation is solved with the Crank-Nicolson method, while order reduction occurs in general if using other Runge-Kutta schemes or even the exact flow itself for the diffusion part. We prove these results when the source term only…
▽ More
We show that the Strang splitting method applied to a diffusion-reaction equation with inhomogeneous general oblique boundary conditions is of order two when the diffusion equation is solved with the Crank-Nicolson method, while order reduction occurs in general if using other Runge-Kutta schemes or even the exact flow itself for the diffusion part. We prove these results when the source term only depends on the space variable, an assumption which makes the splitting scheme equivalent to the Crank-Nicolson method itself applied to the whole problem. Numerical experiments suggest that the second order convergence persists with general nonlinearities.
△ Less
Submitted 22 April, 2021; v1 submitted 10 November, 2020;
originally announced November 2020.
-
Strang splitting method for semilinear parabolic problems with inhomogeneous boundary conditions: a correction based on the flow of the nonlinearity
Authors:
Guillaume Bertoli,
Gilles Vilmart
Abstract:
The Strang splitting method, formally of order two, can suffer from order reduction when applied to semilinear parabolic problems with inhomogeneous boundary conditions. The recent work [L .Einkemmer and A. Ostermann. Overcoming order reduction in diffusion-reaction splitting. Part 1. Dirichlet boundary conditions. SIAM J. Sci. Comput., 37, 2015. Part 2: Oblique boundary conditions, SIAM J. Sci. C…
▽ More
The Strang splitting method, formally of order two, can suffer from order reduction when applied to semilinear parabolic problems with inhomogeneous boundary conditions. The recent work [L .Einkemmer and A. Ostermann. Overcoming order reduction in diffusion-reaction splitting. Part 1. Dirichlet boundary conditions. SIAM J. Sci. Comput., 37, 2015. Part 2: Oblique boundary conditions, SIAM J. Sci. Comput., 38, 2016] introduces a modification of the method to avoid the reduction of order based on the nonlinearity. In this paper we introduce a new correction constructed directly from the flow of the nonlinearity and which requires no evaluation of the source term or its derivatives. The goal is twofold. One, this new modification requires only one evaluation of the diffusion flow and one evaluation of the source term flow at each step of the algorithm and it reduces the computational effort to construct the correction. Second, numerical experiments suggest it is well suited in the case where the nonlinearity is stiff. We provide a convergence analysis of the method for a smooth nonlinearity and perform numerical experiments to illustrate the performances of the new approach.
△ Less
Submitted 1 July, 2020; v1 submitted 18 April, 2019;
originally announced April 2019.
-
Many-body localization in continuum systems: two-dimensional bosons
Authors:
G. Bertoli,
B. L. Altshuler,
G. V. Shlyapnikov
Abstract:
We demonstrate that many-body localization of two-dimensional weakly interacting bosons in disorder remains stable in the thermodynamic limit at sufficiently low temperatures. Highly energetic particles destroy the localized state only above a critical temperature, which increases with the strength of the disorder. If the particle distribution is truncated at high energies, as it does for cold ato…
▽ More
We demonstrate that many-body localization of two-dimensional weakly interacting bosons in disorder remains stable in the thermodynamic limit at sufficiently low temperatures. Highly energetic particles destroy the localized state only above a critical temperature, which increases with the strength of the disorder. If the particle distribution is truncated at high energies, as it does for cold atom systems, the localization can be stable at any temperature.
△ Less
Submitted 18 March, 2019;
originally announced March 2019.
-
Identification of microRNA clusters cooperatively acting on Epithelial to Mesenchymal Transition in Triple Negative Breast Cancer
Authors:
Laura Cantini,
Gloria Bertoli,
Claudia Cava,
Thierry Dubois,
Andrei Zinovyev,
Michele Caselle,
Isabella Castiglioni,
Emmanuel Barillot,
Loredana Martignetti
Abstract:
MicroRNAs play important roles in many biological processes. Their aberrant expression can have oncogenic or tumor suppressor function directly participating to carcinogenesis, malignant transformation, invasiveness and metastasis. Indeed, miRNA profiles can distinguish not only between normal and cancerous tissue but they can also successfully classify different subtypes of a particular cancer. H…
▽ More
MicroRNAs play important roles in many biological processes. Their aberrant expression can have oncogenic or tumor suppressor function directly participating to carcinogenesis, malignant transformation, invasiveness and metastasis. Indeed, miRNA profiles can distinguish not only between normal and cancerous tissue but they can also successfully classify different subtypes of a particular cancer. Here, we focus on a particular class of transcripts encoding polycistronic miRNA genes that yields multiple miRNA components. We describe clustered MiRNA Master Regulator Analysis (ClustMMRA), a fully redesigned release of the MMRA computational pipeline (MiRNA Master Regulator Analysis), developed to search for clustered miRNAs potentially driving cancer molecular subtyping. Genomically clustered miRNAs are frequently co-expressed to target different components of pro-tumorigenic signalling pathways. By applying ClustMMRA to breast cancer patient data, we identified key miRNA clusters driving the phenotype of different tumor subgroups. The pipeline was applied to two independent breast cancer datasets, providing statistically concordant results between the two analysis. We validated in cell lines the miR-199/miR-214 as a novel cluster of miRNAs promoting the triple negative subtype phenotype through its control of proliferation and EMT.
△ Less
Submitted 5 April, 2018;
originally announced April 2018.
-
Finite temperature disordered bosons in two dimensions
Authors:
G. Bertoli,
V. P. Michal,
B. L. Altshuler,
G. V. Shlyapnikov
Abstract:
We study phase transitions in a two dimensional weakly interacting Bose gas in a random potential at finite temperatures. We identify superfluid, normal fluid, and insulator phases and construct the phase diagram. At T=0 one has a tricritical point where the three phases coexist. The truncation of the energy distribution at the trap barrier, which is a generic phenomenon in cold atom systems, limi…
▽ More
We study phase transitions in a two dimensional weakly interacting Bose gas in a random potential at finite temperatures. We identify superfluid, normal fluid, and insulator phases and construct the phase diagram. At T=0 one has a tricritical point where the three phases coexist. The truncation of the energy distribution at the trap barrier, which is a generic phenomenon in cold atom systems, limits the growth of the localization length and in contrast to the thermodynamic limit the insulator phase is present at any temperature.
△ Less
Submitted 25 July, 2018; v1 submitted 11 August, 2017;
originally announced August 2017.
-
Searches for the Higgs boson decaying to W^{+} W^{-} -> l^{+}nu l^{-}nubar with the CDF II detector
Authors:
CDF Collaboration,
T. Aaltonen,
S. Amerio,
D. Amidei,
A. Anastassov,
A. Annovi,
J. Antos,
G. Apollinari,
J. A. Appel,
T. Arisawa,
A. Artikov,
J. Asaadi,
W. Ashmanskas,
B. Auerbach,
A. Aurisano,
F. Azfar,
W. Badgett,
T. Bae,
A. Barbaro-Galtieri,
V. E. Barnes,
B. A. Barnett,
P. Barria,
P. Bartos,
M. Bauce,
F. Bedeschi
, et al. (397 additional authors not shown)
Abstract:
We present a search for a standard model Higgs boson decaying to two $W$ bosons that decay to leptons using the full data set collected with the CDF II detector in $\sqrt{s}=1.96$ TeV $p\bar{p}$ collisions at the Fermilab Tevatron, corresponding to an integrated luminosity of 9.7 fb${}^{-1}$. We obtain no evidence for production of a standard model Higgs boson with mass between 110 and 200 GeV/…
▽ More
We present a search for a standard model Higgs boson decaying to two $W$ bosons that decay to leptons using the full data set collected with the CDF II detector in $\sqrt{s}=1.96$ TeV $p\bar{p}$ collisions at the Fermilab Tevatron, corresponding to an integrated luminosity of 9.7 fb${}^{-1}$. We obtain no evidence for production of a standard model Higgs boson with mass between 110 and 200 GeV/$c^2$, and place upper limits on the production cross section within this range. We exclude standard model Higgs boson production at the 95% confidence level in the mass range between 149 and 172 GeV/$c^2$, while expecting to exclude, in the absence of signal, the range between 155 and 175 GeV/$c^2$. We also interpret the search in terms of standard model Higgs boson production in the presence of a fourth generation of fermions and within the context of a fermiophobic Higgs boson model. For the specific case of a standard model-like Higgs boson in the presence of fourth-generation fermions, we exclude at the 95% confidence level Higgs boson production in the mass range between 124 and 200 GeV/$c^2$, while expecting to exclude, in the absence of signal, the range between 124 and 221 GeV/$c^2$.
△ Less
Submitted 31 May, 2013;
originally announced June 2013.
