-
Identity and Access Management for the Computing Continuum
Authors:
Chalima Dimitra Nassar Kyriakidou,
Athanasia Maria Papathanasiou,
Vasilios A. Siris,
Nikos Fotiou,
George C. Polyzos,
Eduardo Cánovas Martínez,
Antonio Skarmeta
Abstract:
The computing continuum introduces new challenges for access control due to its dynamic, distributed, and heterogeneous nature. In this paper, we propose a Zero-Trust (ZT) access control solution that leverages decentralized identification and authentication mechanisms based on Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs). Additionally, we employ Relationship-Based Access Cont…
▽ More
The computing continuum introduces new challenges for access control due to its dynamic, distributed, and heterogeneous nature. In this paper, we propose a Zero-Trust (ZT) access control solution that leverages decentralized identification and authentication mechanisms based on Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs). Additionally, we employ Relationship-Based Access Control (ReBAC) to define policies that capture the evolving trust relationships inherent in the continuum. Through a proof-of-concept implementation, we demonstrate the feasibility and efficiency of our solution, highlighting its potential to enhance security and trust in decentralized environments.
△ Less
Submitted 11 June, 2025;
originally announced June 2025.
-
On Automating Security Policies with Contemporary LLMs
Authors:
Pablo Fernández Saura,
K. R. Jayaram,
Vatche Isahagian,
Jorge Bernal Bernabé,
Antonio Skarmeta
Abstract:
The complexity of modern computing environments and the growing sophistication of cyber threats necessitate a more robust, adaptive, and automated approach to security enforcement. In this paper, we present a framework leveraging large language models (LLMs) for automating attack mitigation policy compliance through an innovative combination of in-context learning and retrieval-augmented generatio…
▽ More
The complexity of modern computing environments and the growing sophistication of cyber threats necessitate a more robust, adaptive, and automated approach to security enforcement. In this paper, we present a framework leveraging large language models (LLMs) for automating attack mitigation policy compliance through an innovative combination of in-context learning and retrieval-augmented generation (RAG). We begin by describing how our system collects and manages both tool and API specifications, storing them in a vector database to enable efficient retrieval of relevant information. We then detail the architectural pipeline that first decomposes high-level mitigation policies into discrete tasks and subsequently translates each task into a set of actionable API calls. Our empirical evaluation, conducted using publicly available CTI policies in STIXv2 format and Windows API documentation, demonstrates significant improvements in precision, recall, and F1-score when employing RAG compared to a non-RAG baseline.
△ Less
Submitted 5 June, 2025;
originally announced June 2025.
-
Advancing Towards a Marine Digital Twin Platform: Modeling the Mar Menor Coastal Lagoon Ecosystem in the South Western Mediterranean
Authors:
Yu Ye,
Aurora González-Vidal,
Alejandro Cisterna-García,
Angel Pérez-Ruzafa,
Miguel A. Zamora Izquierdo,
Antonio F. Skarmeta
Abstract:
Coastal marine ecosystems face mounting pressures from anthropogenic activities and climate change, necessitating advanced monitoring and modeling approaches for effective management. This paper pioneers the development of a Marine Digital Twin Platform aimed at modeling the Mar Menor Coastal Lagoon Ecosystem in the Region of Murcia. The platform leverages Artificial Intelligence to emulate comple…
▽ More
Coastal marine ecosystems face mounting pressures from anthropogenic activities and climate change, necessitating advanced monitoring and modeling approaches for effective management. This paper pioneers the development of a Marine Digital Twin Platform aimed at modeling the Mar Menor Coastal Lagoon Ecosystem in the Region of Murcia. The platform leverages Artificial Intelligence to emulate complex hydrological and ecological models, facilitating the simulation of what-if scenarios to predict ecosystem responses to various stressors. We integrate diverse datasets from public sources to construct a comprehensive digital representation of the lagoon's dynamics. The platform's modular design enables real-time stakeholder engagement and informed decision-making in marine management. Our work contributes to the ongoing discourse on advancing marine science through innovative digital twin technologies.
△ Less
Submitted 16 September, 2024;
originally announced September 2024.
-
Federated Learning for Misbehaviour Detection with Variational Autoencoders and Gaussian Mixture Models
Authors:
Enrique Mármol Campos,
Aurora González Vidal,
José Luis Hernández Ramos,
Antonio Skarmeta
Abstract:
Federated Learning (FL) has become an attractive approach to collaboratively train Machine Learning (ML) models while data sources' privacy is still preserved. However, most of existing FL approaches are based on supervised techniques, which could require resource-intensive activities and human intervention to obtain labelled datasets. Furthermore, in the scope of cyberattack detection, such techn…
▽ More
Federated Learning (FL) has become an attractive approach to collaboratively train Machine Learning (ML) models while data sources' privacy is still preserved. However, most of existing FL approaches are based on supervised techniques, which could require resource-intensive activities and human intervention to obtain labelled datasets. Furthermore, in the scope of cyberattack detection, such techniques are not able to identify previously unknown threats. In this direction, this work proposes a novel unsupervised FL approach for the identification of potential misbehavior in vehicular environments. We leverage the computing capabilities of public cloud services for model aggregation purposes, and also as a central repository of misbehavior events, enabling cross-vehicle learning and collective defense strategies. Our solution integrates the use of Gaussian Mixture Models (GMM) and Variational Autoencoders (VAE) on the VeReMi dataset in a federated environment, where each vehicle is intended to train only with its own data. Furthermore, we use Restricted Boltzmann Machines (RBM) for pre-training purposes, and Fedplus as aggregation function to enhance model's convergence. Our approach provides better performance (more than 80 percent) compared to recent proposals, which are usually based on supervised techniques and artificial divisions of the VeReMi dataset.
△ Less
Submitted 16 May, 2024;
originally announced May 2024.
-
FedRDF: A Robust and Dynamic Aggregation Function against Poisoning Attacks in Federated Learning
Authors:
Enrique Mármol Campos,
Aurora González Vidal,
José Luis Hernández Ramos,
Antonio Skarmeta
Abstract:
Federated Learning (FL) represents a promising approach to typical privacy concerns associated with centralized Machine Learning (ML) deployments. Despite its well-known advantages, FL is vulnerable to security attacks such as Byzantine behaviors and poisoning attacks, which can significantly degrade model performance and hinder convergence. The effectiveness of existing approaches to mitigate com…
▽ More
Federated Learning (FL) represents a promising approach to typical privacy concerns associated with centralized Machine Learning (ML) deployments. Despite its well-known advantages, FL is vulnerable to security attacks such as Byzantine behaviors and poisoning attacks, which can significantly degrade model performance and hinder convergence. The effectiveness of existing approaches to mitigate complex attacks, such as median, trimmed mean, or Krum aggregation functions, has been only partially demonstrated in the case of specific attacks. Our study introduces a novel robust aggregation mechanism utilizing the Fourier Transform (FT), which is able to effectively handling sophisticated attacks without prior knowledge of the number of attackers. Employing this data technique, weights generated by FL clients are projected into the frequency domain to ascertain their density function, selecting the one exhibiting the highest frequency. Consequently, malicious clients' weights are excluded. Our proposed approach was tested against various model poisoning attacks, demonstrating superior performance over state-of-the-art aggregation methods.
△ Less
Submitted 15 February, 2024;
originally announced February 2024.
-
PhenoLinker: Phenotype-Gene Link Prediction and Explanation using Heterogeneous Graph Neural Networks
Authors:
Jose L. Mellina Andreu,
Luis Bernal,
Antonio F. Skarmeta,
Mina Ryten,
Sara Álvarez,
Alejandro Cisterna García,
Juan A. Botía
Abstract:
The association of a given human phenotype to a genetic variant remains a critical challenge for biology. We present a novel system called PhenoLinker capable of associating a score to a phenotype-gene relationship by using heterogeneous information networks and a convolutional neural network-based model for graphs, which can provide an explanation for the predictions. This system can aid in the d…
▽ More
The association of a given human phenotype to a genetic variant remains a critical challenge for biology. We present a novel system called PhenoLinker capable of associating a score to a phenotype-gene relationship by using heterogeneous information networks and a convolutional neural network-based model for graphs, which can provide an explanation for the predictions. This system can aid in the discovery of new associations and in the understanding of the consequences of human genetic variation.
△ Less
Submitted 2 February, 2024;
originally announced February 2024.
-
European 5G Security in the Wild: Reality versus Expectations
Authors:
Oscar Lasierra,
Gines Garcia-Aviles,
Esteban Municio,
Antonio Skarmeta,
Xavier Costa-Pérez
Abstract:
5G cellular systems are slowly being deployed worldwide delivering the promised unprecedented levels of throughput and latency to hundreds of millions of users. At such scale security is crucial, and consequently, the 5G standard includes a new series of features to improve the security of its predecessors (i.e., 3G and 4G). In this work, we evaluate the actual deployment in practice of the promis…
▽ More
5G cellular systems are slowly being deployed worldwide delivering the promised unprecedented levels of throughput and latency to hundreds of millions of users. At such scale security is crucial, and consequently, the 5G standard includes a new series of features to improve the security of its predecessors (i.e., 3G and 4G). In this work, we evaluate the actual deployment in practice of the promised 5G security features by analysing current commercial 5G networks from several European operators. By collecting 5G signalling traffic in the wild in several cities in Spain, we i) fact-check which 5G security enhancements are actually implemented in current deployments, ii) provide a rich overview of the implementation status of each 5G security feature in a wide range of 5G commercial networks in Europe and compare it with previous results in China, iii) analyse the implications of optional features not being deployed, and iv) discuss on the still remaining 4G-inherited vulnerabilities. Our results show that in European 5G commercial networks, the deployment of the 5G security features is still on the works. This is well aligned with results previously reported from China [16] and keeps these networks vulnerable to some 4G attacks, during their migration period from 4G to 5G.
△ Less
Submitted 15 May, 2023;
originally announced May 2023.
-
QoS and Resource aware Security Orchestration System
Authors:
M. Bagaa,
T. Taleb,
J. B. Bernabe,
A. Skarmeta
Abstract:
Network Function Virtualization (NFV) and Software Distributed Networking (SDN) technologies play a crucial role in enabling 5G system and beyond. A synergy between these both technologies has been identified for enabling a new concept dubbed service function chains (SFC) that aims to reduce both the capital expenditures (CAPEX) and operating expenses (OPEX). The SFC paradigm considers different c…
▽ More
Network Function Virtualization (NFV) and Software Distributed Networking (SDN) technologies play a crucial role in enabling 5G system and beyond. A synergy between these both technologies has been identified for enabling a new concept dubbed service function chains (SFC) that aims to reduce both the capital expenditures (CAPEX) and operating expenses (OPEX). The SFC paradigm considers different constraints and key performance indicators (KPIs), that includes QoS and different resources, for enabling network slice services. However, the large-scale, complexity and security issues brought by these technologies create an extra overhead for ensuring secure network slicing. To cope with these challenges, this paper proposes a cost-efficient optimized SFC management system that enables the creation of SFCs for enabling efficient and secure network slices. The proposed system considers the network and computational resources and current network security levels to ensure trusted deployments. The simulation results demonstrated the efficiency of the proposed solution for achieving its designed objectives. The proposed solution efficiently manages the SFCs by optimizing deployment costs and reducing overall end-to-end delay
△ Less
Submitted 5 January, 2022;
originally announced January 2022.
-
Evaluating Federated Learning for Intrusion Detection in Internet of Things: Review and Challenges
Authors:
Enrique Mármol Campos,
Pablo Fernández Saura,
Aurora González-Vidal,
José L. Hernández-Ramos,
Jorge Bernal Bernabe,
Gianmarco Baldini,
Antonio Skarmeta
Abstract:
The application of Machine Learning (ML) techniques to the well-known intrusion detection systems (IDS) is key to cope with increasingly sophisticated cybersecurity attacks through an effective and efficient detection process. In the context of the Internet of Things (IoT), most ML-enabled IDS approaches use centralized approaches where IoT devices share their data with data centers for further an…
▽ More
The application of Machine Learning (ML) techniques to the well-known intrusion detection systems (IDS) is key to cope with increasingly sophisticated cybersecurity attacks through an effective and efficient detection process. In the context of the Internet of Things (IoT), most ML-enabled IDS approaches use centralized approaches where IoT devices share their data with data centers for further analysis. To mitigate privacy concerns associated with centralized approaches, in recent years the use of Federated Learning (FL) has attracted a significant interest in different sectors, including healthcare and transport systems. However, the development of FL-enabled IDS for IoT is in its infancy, and still requires research efforts from various areas, in order to identify the main challenges for the deployment in real-world scenarios. In this direction, our work evaluates a FL-enabled IDS approach based on a multiclass classifier considering different data distributions for the detection of different attacks in an IoT scenario. In particular, we use three different settings that are obtained by partitioning the recent ToN\_IoT dataset according to IoT devices' IP address and types of attack. Furthermore, we evaluate the impact of different aggregation functions according to such setting by using the recent IBMFL framework as FL implementation. Additionally, we identify a set of challenges and future directions based on the existing literature and the analysis of our evaluation results.
△ Less
Submitted 2 August, 2021;
originally announced August 2021.
-
SDN enabled Information Centric Networking (ICN) as a Service prefetching mechanism for HyperText Transfer Protocol (HTTP) based services. The scalable video streaming case
Authors:
Jordi Ortiz,
Antonio Skarmeta
Abstract:
The importance of HTTP in today's networks isundisputed. As a solution to enhance QoS and enhance scalability CDN networks have been designed and deployed. Recently, anew paradigm known as ICN has been envisioned focusing the network routing on the content itself instead of the geographical attachment of addresses. Software Defined Networkings (SDNs) have been researched for the last 10 years as e…
▽ More
The importance of HTTP in today's networks isundisputed. As a solution to enhance QoS and enhance scalability CDN networks have been designed and deployed. Recently, anew paradigm known as ICN has been envisioned focusing the network routing on the content itself instead of the geographical attachment of addresses. Software Defined Networkings (SDNs) have been researched for the last 10 years as enablers of FutureInternet (FI) architectures in general and of ICN in particular. We have already proposed the Information Centric Network as a Service (ICNaaS) architecture to provide with end-to-endHTTP ICN alike transmission with HTTP in-network caching which has been thoroughly evaluated in this paper. This paper also proposes a nouveau mechanism, which we have named prefetching mechanism, to enhance data transmission rates for first requesters that can usually not benefit from previous access to the same content. To evaluate and demonstrate the possibilities offered by the proposal H.264/SVC video streaming with DASH has been employed.
△ Less
Submitted 15 May, 2020;
originally announced May 2020.
-
Toward a Blockchain-based Platform to Manage Cybersecurity Certification of IoT devices
Authors:
Ricardo Neisse,
José L. Hernández-Ramos,
Sara N. Matheu,
Gianmarco Baldini,
Antonio Skarmeta
Abstract:
The goal of this paper is to propose a blockchain-based platform to enhance transparency and traceability of cybersecurity certification information motivated by the recently adopted EU Cybersecurity Act. The proposed platform is generic and intended to support the trusted exchange of cybersecurity certification information for any electronic product, service, or process. However, for the purposes…
▽ More
The goal of this paper is to propose a blockchain-based platform to enhance transparency and traceability of cybersecurity certification information motivated by the recently adopted EU Cybersecurity Act. The proposed platform is generic and intended to support the trusted exchange of cybersecurity certification information for any electronic product, service, or process. However, for the purposes of this paper, we focus on the case study of the cybersecurity certification of IoT devices, which are explicitly referenced in the recently adopted Cybersecurity Act as one of the main domains where it is highlighted the need for an increased level of trust.
△ Less
Submitted 16 September, 2019;
originally announced September 2019.
-
Data Aggregation, Fusion and Recommendations for Strengthening Citizens Energy-aware Behavioural Profiles
Authors:
Eleni Fotopoulou,
Anastasios Zafeiropoulos,
Fernando Terroso,
Aurora Gonzalez,
Antonio Skarmeta,
Umutcan Şimşek,
Anna Fensel
Abstract:
In this paper, ENTROPY platform, an IT ecosystem for supporting energy efficiency in buildings through behavioural change of the occupants is provided. The ENTROPY platform targets at providing a set of mechanisms for accelerating the adoption of energy efficient practices through the increase of the energy awareness and energy saving potential of the occupants. The platform takes advantage of nov…
▽ More
In this paper, ENTROPY platform, an IT ecosystem for supporting energy efficiency in buildings through behavioural change of the occupants is provided. The ENTROPY platform targets at providing a set of mechanisms for accelerating the adoption of energy efficient practices through the increase of the energy awareness and energy saving potential of the occupants. The platform takes advantage of novel sensor networking technologies for supporting efficient sensor data aggregation mechanisms, semantic web technologies for unified data representation, machine learning mechanisms for getting insights from the available data and recommendation mechanisms for providing personalised content to end users. These technologies are combined and provided through an integrated platform, targeting at leading to occupants' behavioural change with regards to their energy consumption profiles.
△ Less
Submitted 20 July, 2017;
originally announced July 2017.
