Cookies Policy
The website need some cookies and similar means to function. If you permit us, we will use those means to collect data on your visits for aggregated statistics to improve our service. Find out More
Accept Reject
  • Menu
Publications

Publications by CRACS

2025

An Automated Repository for the Efficient Management of Complex Documentation

Authors
Frade, J; Antunes, M;

Publication
INFORMATION

Abstract
The accelerating digitalization of the public and private sectors has made information technologies (IT) indispensable in modern life. As services shift to digital platforms and technologies expand across industries, the complexity of legal, regulatory, and technical requirement documentation is growing rapidly. This increase presents significant challenges in managing, gathering, and analyzing documents, as their dispersion across various repositories and formats hinders accessibility and efficient processing. This paper presents the development of an automated repository designed to streamline the collection, classification, and analysis of cybersecurity-related documents. By harnessing the capabilities of natural language processing (NLP) models-specifically Generative Pre-Trained Transformer (GPT) technologies-the system automates text ingestion, extraction, and summarization, providing users with visual tools and organized insights into large volumes of data. The repository facilitates the efficient management of evolving cybersecurity documentation, addressing issues of accessibility, complexity, and time constraints. This paper explores the potential applications of NLP in cybersecurity documentation management and highlights the advantages of integrating automated repositories equipped with visualization and search tools. By focusing on legal documents and technical guidelines from Portugal and the European Union (EU), this applied research seeks to enhance cybersecurity governance, streamline document retrieval, and deliver actionable insights to professionals. Ultimately, the goal is to develop a scalable, adaptable platform capable of extending beyond cybersecurity to serve other industries that rely on the effective management of complex documentation.

2025

A Risk Manager for Intrusion Tolerant Systems: Enhancing HAL 9000 With New Scoring and Data Sources

Authors
Freitas, T; Novo, C; Dutra, I; Soares, J; Correia, ME; Shariati, B; Martins, R;

Publication
SOFTWARE-PRACTICE & EXPERIENCE

Abstract
Background Intrusion Tolerant Systems (ITS) aim to maintain system security despite adversarial presence by limiting the impact of successful attacks. Current ITS risk managers rely heavily on public databases like NVD and Exploit DB, which suffer from long delays in vulnerability evaluation, reducing system responsiveness.Objective This work extends the HAL 9000 Risk Manager to integrate additional real-time threat intelligence sources and employ machine learning techniques to automatically predict and reassess vulnerability risk scores, addressing limitations of existing solutions.Methods A custom-built scraper collects diverse cybersecurity data from multiple Open Source Intelligence (OSINT) platforms, such as NVD, CVE, AlienVault OTX, and OSV. HAL 9000 uses machine learning models for CVE score prediction, vulnerability clustering through scalable algorithms, and reassessment incorporating exploit likelihood and patch availability to dynamically evaluate system configurations.Results Integration of newly scraped data significantly enhances the risk management capabilities, enabling faster detection and mitigation of emerging vulnerabilities with improved resilience and security. Experiments show HAL 9000 provides lower risk and more resilient configurations compared to prior methods while maintaining scalability and automation.Conclusions The proposed enhancements position HAL 9000 as a next-generation autonomous Risk Manager capable of effectively incorporating diverse intelligence sources and machine learning to improve ITS security posture in dynamic threat environments. Future work includes expanding data sources, addressing misinformation risks, and real-world deployments.

2025

Anomaly Detection and Root Cause Analysis in Cloud-Native Environments Using Large Language Models and Bayesian Networks

Authors
Pedroso, DF; Almeida, L; Pulcinelli, LEG; Aisawa, WAA; Dutra, I; Bruschi, SM;

Publication
IEEE ACCESS

Abstract
Cloud computing technologies offer significant advantages in scalability and performance, enabling rapid deployment of applications. The adoption of microservices-oriented architectures has introduced an ecosystem characterized by an increased number of applications, frameworks, abstraction layers, orchestrators, and hypervisors, all operating within distributed systems. This complexity results in the generation of vast quantities of logs from diverse sources, making the analysis of these events an inherently challenging task, particularly in the absence of automation. To address this issue, Machine Learning techniques leveraging Large Language Models (LLMs) offer a promising approach for dynamically identifying patterns within these events. In this study, we propose a novel anomaly detection framework utilizing a microservices architecture deployed on Kubernetes and Istio, enhanced by an LLM model. The model was trained on various error scenarios, with Chaos Mesh employed as an error injection tool to simulate faults of different natures, and Locust used as a load generator to create workload stress conditions. After an anomaly is detected by the LLM model, we employ a dynamic Bayesian network to provide probabilistic inferences about the incident, proving the relationships between components and assessing the degree of impact among them. Additionally, a ChatBot powered by the same LLM model allows users to interact with the AI, ask questions about the detected incident, and gain deeper insights. The experimental results demonstrated the model's effectiveness, reliably identifying all error events across various test scenarios. While it successfully avoided missing any anomalies, it did produce some false positives, which remain within acceptable limits.

2025

Use of Mobile Health Applications by Family and General Medicine Physicians in Portugal: An Observational Cross- Sectional Quantitative Study (Preprint)

Authors
Taveira, É; Rêgo, S; Dutra, I;

Publication

Abstract
BACKGROUND

The digitalization of health care has accelerated the adoption of mobile health applications (mHealth apps) in Family and General Medicine in Portugal. These tools may support chronic disease management and clinical decision-making. However, limited high-quality scientific evidence and the absence of a national framework for certification and quality standards create uncertainty about their safe integration into clinical practice.

OBJECTIVE

This study aimed to characterize mHealth apps use among Family and General Medicine residents and physicians in Portugal. It also examined factors influencing app selection, barriers to adoption, and clinicians’ perceptions regarding the integration of Artificial Intelligence (AI) into clinical practice.

METHODS

An observational, cross-sectional, quantitative study was conducted using an online survey developed in LimeSurvey®. The questionnaire was distributed to residents and physicians registered in the Ordem dos Médicos® (Portuguese Medical Association) with active clinical practice. The final sample included 141 participants (73.8% female; 26.2% male). Data analysis used descriptive statistics, reporting absolute and relative frequencies.

RESULTS

Most clinicians were aware of mHealth apps (97.9%), and 85.1% reported using them in clinical practice. Among users (n=120), 74.5% regularly used 2 to 5 apps. A total of 69 unique apps were identified, with 13 accounting for 63.0% of mentions, including Tonic®, UpToDate®, Cardio4all®, and PEM Móvel®. Apps were mainly used during clinical consultations (92.5%). The most frequent factors influencing app choice were ease of use (95.0%) and evidence-based clinical effectiveness (65.8%). Reported barriers included lack of knowledge about available apps (84.2%) and the absence of national evaluation standards (47.5%). Among non-users (n=21), the main structural barrier was poor integration with clinical information systems (71.4%). Regarding AI, 56.0% reported awareness of AI-integrated apps, mainly Tonic® and ChatGPT®. The same proportion considered AI use beneficial, especially for clinical decision support (80.9%) and administrative automation (62.4%). Key concerns included ethics, data security, privacy (74.5%), and limited interoperability.

CONCLUSIONS

mHealth app adoption in Portugal is high but fragmented and largely driven by personal initiative (81.7%) and informal recommendations, with limited institutional guidance. Tonic was the only app identified by respondents as reporting compliance with ISO 13485 (medical software quality), ISO/IEC 42001 (AI management systems), and UEMS-EACCME clinical accreditation. Most clinicians perceive national regulatory guidance as insufficient (51.7%). Future progress requires urgent development of national framework for the curation and recommendation of mHealth apps aligned with international frameworks such as DiGA (Germany) and DTAC (England), increased digital health training, and improved interoperability with clinical systems to ensure safe, effective, and equitable use in Primary Health Care.

2025

EVSOAR: Security Orchestration, Automation and Response via EV Charging Stations

Authors
Freitas, T; Silva, E; Yasmin, R; Shoker, A; Correia, ME; Martins, R; Esteves Verissimo, P;

Publication
2025 IEEE 101ST VEHICULAR TECHNOLOGY CONFERENCE, VTC2025-SPRING

Abstract
Vehicle cybersecurity has emerged as a critical concern, driven by innovation in the automotive industry, e.g., autonomous, electric, or connected vehicles. Current efforts to address these challenges are constrained by the limited computational resources of vehicles and the reliance on connected infrastructures. This motivated the foundation of Vehicle Security Operations Centers (VSOCs) that extend IT-based Security Operations Centers (SOCs) to cover the entire automotive ecosystem, both the in-vehicle and off-vehicle scopes. Security Orchestration, Automation, and Response (SOAR) tools are considered key for implementing an effective cybersecurity solution. However, existing state-of-the-art solutions depend on infrastructure networks such as 4G, 5G, and WiFi, which often face scalability and congestion issues. To address these limitations, we propose a novel SOAR architecture EVSOAR that leverages the EV charging stations for connectivity and computing to enhance vehicle cybersecurity. Our EV-speci.c SOAR architecture enables real-time analysis and automated responses to cybersecurity threats closer to the EV, reducing cellular latency, bandwidth, and interference limitations. Our experimental results demonstrate a signi.cant improvement in latency, stability, and scalability through the infrastructure and the capacity to deploy computationally intensive applications that are otherwise infeasible within the resource constraints of individual vehicles.

2025

LegionITS: A Federated Intrusion-Tolerant System Architecture

Authors
Freitas, T; Novo, C; Correia, ME; Martins, R;

Publication
CoRR

Abstract

  • 7
  • 207