Cristian Souza

Description: Malware presents a significant threat to computer systems security, especially in ARM and MIPS architectures, driven by the rise of the Internet of Things (IoT). This work introduces a hybrid approach that integrates YARA signatures and machine learning in programmable switches for efficient malware detection in SDN-enabled IoT environments.

Description: The growing number of malware infections is causing a lot of concerns regarding the protection of computer systems. The advent of IoT and 5G brings new challenges when it comes to malware detection and mitigation in heterogeneous networks, where traditional solutions may not be resilient enough to contain the advancement of new threats. In this scenario, new software solutions for malware detection, mitigation, and analysis in modern networks are essential. Therefore, the SDN paradigm presents itself as a facilitator for developing modern solutions against malware threats since the SDN controller has a holistic traffic view and it is highly programmable, allowing the development of agnostic and adaptative solutions in the fight against malicious software. Due to the absence of a systematic review compromised to classify SDN-based solutions in the fight against malicious software, this work advances the state of the art by presenting a systematic review of SDN-based strategies for malware analysis and detection, highlighting the advantages and facilities that the use of this paradigm can bring to these research fields.

Description: SDN networks provide a holistic view of the infrastructure, making it extremely useful for DDoS detection and mitigation. Moving Target Defense (MTD) techniques have been the subject of numerous studies given their effectiveness in preventing and mitigating numerous attacks. Through a practical approach, we propose to carry out a broad investigation of the effectiveness of MTD techniques combined with the main SDN controllers against DDoS attacks.

Description: The expansion of the Internet provided human beings with numerous facilities, such as the possibility of communicating over long distances, shopping, and online banking. However, this expansion also brought new possibilities for fraudulent actions. Among these actions, we highlight phishing attacks, created to capture user credentials through a page similar to the original one. Therefore, the purpose of this work is to develop a mechanism to prevent this type of attack and ensure the security of users' data.

Description: The Software-Defined Networking paradigm revolutionized the way of managing computer network infrastructures since it is possible to obtain a higher degree of programmability in it, due to the separation of the data plane from the control plane. However, the memory used to store the rules by the switches, called Ternary Content-Addressable Memory (TCAM) has a high cost and, therefore, there is little storage space available. Several attacks have been developed to consume the resources of this memory and cause unavailability on the network, such as saturation attacks. Also, slow attacks have been occurring frequently in recent years, the main characteristic of this kind of attack is to open several sessions with the target device and keep them open for a long time, generating almost imperceptible malicious traffic and making it difficult to identify the threat. Therefore, the present work aims to study the main techniques of slow attacks and develop a mechanism for their detection and mitigation.

Description: With the rise in crime nowadays, especially in less developed countries, accurate identification of wrongdoers is a recurring problem. Therefore, every day human beings seek automated ways to identify unique patterns in each individual, to increase the accuracy of searches, and reduce error rates. Inevitably, the use of facial recognition becomes an important ally for the identification of offenders, as it is a discreet, fast, and highly accurate method. However, systems of this size still have high prices and violations of citizens' privacy. Therefore, the purpose of this work is to develop a low cost and high-performance system for identifying criminals using advanced machine learning algorithms for facial recognition.

Description: Cloud slicing allows the existence of multiple virtual infrastructures, called virtual slices, on top of the physical infrastructure of federated data centers, each one specially adapted to the needs of the tenants. Although cloud-slicing makes services and networks more agile and responsive to users' business requirements, it adds new security concerns because of how physical resources are shared between slices and how isolation is held. Therefore, the purpose of this work is to propose a methodology to increase security levels in federated cloud platforms defined by resource slices, which exploits virtualization technologies to enable secure resource sharing and isolation, management of heterogeneous security policies, and the provision of risk mitigation actions using the Software-Defined Networking (SDN) and Network Functions Virtualization (NFV) technologies.

Description: With the constant technological evolution, every day human beings look for automated ways to guarantee the safety of certain places. Inevitably, the use of face recognition becomes an important mechanism for access control, since each person has practically unique facial features. However, it is also necessary to develop tools together for validation of these faces, to ensure that the present user is authentic, not just an image or video being transmitted. Besides, we note the high cost of such products in the market. Therefore, this work proposes to develop an embedded system for access control with low cost, and that meets all the requirements for correct identification and validation of faces.

Description: This project proposes an embedded system capable of extracting the text of a license plate through Optical Character Recognition (OCR) using low-cost hardware. The developed system is also able to query a Brazilian national database to identify the status of the vehicle and driver.