Cookies
O website necessita de alguns cookies e outros recursos semelhantes para funcionar. Caso o permita, o INESC TEC irá utilizar cookies para recolher dados sobre as suas visitas, contribuindo, assim, para estatísticas agregadas que permitem melhorar o nosso serviço. Ver mais
Aceitar Rejeitar
  • Menu
Sobre

Sobre

Professor Coordenador no Departamento de Engenharia Informática da ESTG-Leiria (Instituto Politécnico de Leiria) e investigador no CRACS.

É doutorado em Ciência dos Computadores pela Universidade do Porto; mestre em Informática, ramo de sistemas e redes, também pela Universidade do Porto; licenciado em Engenharia Informática pelo Instituto Superior de Engenharia do Porto.

Coordena atualmente o Mestrado em Cibersegurança e Informática Forense no IPLeiria e é responsável pela lecionação de unidades curriculares na área das redes de computadores, administração de sistemas e redes, segurança de redes, tecnologias de cloud e infraestruturas de datacenters.

As principais áreas de investigação incluem os algoritmos imuno-inspirados para a deteção automática de anomalias, algoritmos de classificação e deteção usando ensembles, aprendizagem em sistemas dinâmicos e com base temporal.

Detém igualmente experiência empresarial como gestor de projetos TI e administrador de sistemas.

Tópicos
de interesse
Detalhes

Detalhes

  • Nome

    Mário João Antunes
  • Cargo

    Investigador Sénior
  • Desde

    01 janeiro 2009
Publicações

2025

An Automated Repository for the Efficient Management of Complex Documentation

Autores
Frade, J; Antunes, M;

Publicação
INFORMATION

Abstract
The accelerating digitalization of the public and private sectors has made information technologies (IT) indispensable in modern life. As services shift to digital platforms and technologies expand across industries, the complexity of legal, regulatory, and technical requirement documentation is growing rapidly. This increase presents significant challenges in managing, gathering, and analyzing documents, as their dispersion across various repositories and formats hinders accessibility and efficient processing. This paper presents the development of an automated repository designed to streamline the collection, classification, and analysis of cybersecurity-related documents. By harnessing the capabilities of natural language processing (NLP) models-specifically Generative Pre-Trained Transformer (GPT) technologies-the system automates text ingestion, extraction, and summarization, providing users with visual tools and organized insights into large volumes of data. The repository facilitates the efficient management of evolving cybersecurity documentation, addressing issues of accessibility, complexity, and time constraints. This paper explores the potential applications of NLP in cybersecurity documentation management and highlights the advantages of integrating automated repositories equipped with visualization and search tools. By focusing on legal documents and technical guidelines from Portugal and the European Union (EU), this applied research seeks to enhance cybersecurity governance, streamline document retrieval, and deliver actionable insights to professionals. Ultimately, the goal is to develop a scalable, adaptable platform capable of extending beyond cybersecurity to serve other industries that rely on the effective management of complex documentation.

2025

Multi-Class Intrusion Detection in Internet of Vehicles: Optimizing Machine Learning Models on Imbalanced Data

Autores
Palma, A; Antunes, M; Bernardino, J; Alves, A;

Publicação
FUTURE INTERNET

Abstract
The Internet of Vehicles (IoV) presents complex cybersecurity challenges, particularly against Denial-of-Service (DoS) and spoofing attacks targeting the Controller Area Network (CAN) bus. This study leverages the CICIoV2024 dataset, comprising six distinct classes of benign traffic and various types of attacks, to evaluate advanced machine learning techniques for instrusion detection systems (IDS). The models XGBoost, Random Forest, AdaBoost, Extra Trees, Logistic Regression, and Deep Neural Network were tested under realistic, imbalanced data conditions, ensuring that the evaluation reflects real-world scenarios where benign traffic dominates. Using hyperparameter optimization with Optuna, we achieved significant improvements in detection accuracy and robustness. Ensemble methods such as XGBoost and Random Forest consistently demonstrated superior performance, achieving perfect accuracy and macro-average F1-scores, even when detecting minority attack classes, in contrast to previous results for the CICIoV2024 dataset. The integration of optimized hyperparameter tuning and a broader methodological scope culminated in an IDS framework capable of addressing diverse attack scenarios with exceptional precision.

2024

Uncovering Manipulated Files Using Mathematical Natural Laws

Autores
Fernandes, P; Ciardhuáin, SO; Antunes, M;

Publicação
PROGRESS IN PATTERN RECOGNITION, IMAGE ANALYSIS, COMPUTER VISION, AND APPLICATIONS, CIARP 2023, PT I

Abstract
The data exchange between different sectors of society has led to the development of electronic documents supported by different reading formats, namely portable PDF format. These documents have characteristics similar to those used in programming languages, allowing the incorporation of potentially malicious code, which makes them a vector for cyberattacks. Thus, detecting anomalies in digital documents, such as PDF files, has become crucial in several domains, such as finance, digital forensic analysis and law enforcement. Currently, detection methods are mostly based on machine learning and are characterised by being complex, slow and mainly inefficient in detecting zero-day attacks. This paper aims to propose a Benford Law (BL) based model to uncover manipulated PDF documents by analysing potential anomalies in the first digit extracted from the PDF document's characteristics. The proposed model was evaluated using the CIC Evasive PDFMAL-2022 dataset, consisting of 1191 documents (278 benign and 918 malicious). To classify the PDF documents, based on BL, into malicious or benign documents, three statistical models were used in conjunction with the mean absolute deviation: the parametric Pearson and the non-parametric Spearman and Cramer-Von Mises models. The results show a maximum F1 score of 87.63% in detecting malicious documents using Pearson's model, demonstrating the suitability and effectiveness of applying Benford's Law in detecting anomalies in digital documents to maintain the accuracy and integrity of information and promoting trust in systems and institutions.

2024

Dvorak: A Browser Credential Dumping Malware

Autores
Areia, J; Santos, B; Antunes, M;

Publicação
Proceedings of the 21st International Conference on Security and Cryptography, SECRYPT 2024, Dijon, France, July 8-10, 2024.

Abstract
Memorising passwords poses a significant challenge for individuals, leading to the increasing adoption of password managers, particularly browser password managers. Despite their benefits to users’ daily routines, the use of these tools introduces new vulnerabilities to web and network security. This paper aims to investigate these vulnerabilities and analyse the security mechanisms of browser-based password managers integrated into Google Chrome, Microsoft Edge, Opera GX, Mozilla Firefox, and Brave. Through malware development and deployment, Dvorak is capable of extracting essential files from the browser’s password manager for subsequent decryption. To assess Dvorak functionalities we conducted a controlled security analysis across all aforementioned browsers. Our findings reveal that the designed malware successfully retrieves all stored passwords from the tested browsers when no master password is used. However, the results differ depending on whether a master password is used. A comparison between browsers is made, based on the results of the malware. The paper ends with recommendations for potential strategies to mitigate these security concerns. © 2024 by SCITEPRESS – Science and Technology Publications, Lda.

2024

Unveiling Malicious Network Flows Using Benford's Law

Autores
Fernandes, P; Ciardhuáin, SO; Antunes, M;

Publicação
MATHEMATICS

Abstract
The increasing proliferation of cyber-attacks threatening the security of computer networks has driven the development of more effective methods for identifying malicious network flows. The inclusion of statistical laws, such as Benford's Law, and distance functions, applied to the first digits of network flow metadata, such as IP addresses or packet sizes, facilitates the detection of abnormal patterns in the digits. These techniques also allow for quantifying discrepancies between expected and suspicious flows, significantly enhancing the accuracy and speed of threat detection. This paper introduces a novel method for identifying and analyzing anomalies within computer networks. It integrates Benford's Law into the analysis process and incorporates a range of distance functions, namely the Mean Absolute Deviation (MAD), the Kolmogorov-Smirnov test (KS), and the Kullback-Leibler divergence (KL), which serve as dispersion measures for quantifying the extent of anomalies detected in network flows. Benford's Law is recognized for its effectiveness in identifying anomalous patterns, especially in detecting irregularities in the first digit of the data. In addition, Bayes' Theorem was implemented in conjunction with the distance functions to enhance the detection of malicious traffic flows. Bayes' Theorem provides a probabilistic perspective on whether a traffic flow is malicious or benign. This approach is characterized by its flexibility in incorporating new evidence, allowing the model to adapt to emerging malicious behavior patterns as they arise. Meanwhile, the distance functions offer a quantitative assessment, measuring specific differences between traffic flows, such as frequency, packet size, time between packets, and other relevant metadata. Integrating these techniques has increased the model's sensitivity in detecting malicious flows, reducing the number of false positives and negatives, and enhancing the resolution and effectiveness of traffic analysis. Furthermore, these techniques expedite decisions regarding the nature of traffic flows based on a solid statistical foundation and provide a better understanding of the characteristics that define these flows, contributing to the comprehension of attack vectors and aiding in preventing future intrusions. The effectiveness and applicability of this joint method have been demonstrated through experiments with the CICIDS2017 public dataset, which was explicitly designed to simulate real scenarios and provide valuable information to security professionals when analyzing computer networks. The proposed methodology opens up new perspectives in investigating and detecting anomalies and intrusions in computer networks, which are often attributed to cyber-attacks. This development culminates in creating a promising model that stands out for its effectiveness and speed, accurately identifying possible intrusions with an F1 of nearly 80%, a recall of 99.42%, and an accuracy of 65.84%.

Teses
supervisionadas

Uma implementação open source de um serviço de cloud do tipo IaaS

Autor
João Vitoria Santos

Instituição
IPLeiria

Using telemedicine WebRTC tests in hospital environment

Autor
Dário Gabriel da Cruz Santos

Instituição
IPLeiria