{"id":1211,"date":"2023-04-06T19:50:24","date_gmt":"2023-04-06T17:50:24","guid":{"rendered":"https:\/\/dtstc.ugr.es\/neus-cslab\/?page_id=1211"},"modified":"2023-06-15T15:36:54","modified_gmt":"2023-06-15T13:36:54","slug":"cei2","status":"publish","type":"page","link":"https:\/\/dtstc.ugr.es\/neus-cslab\/proyectos-idi\/cei2\/","title":{"rendered":"Cei2"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-page\" data-elementor-id=\"1211\" class=\"elementor elementor-1211\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-d4c7e28 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"d4c7e28\" data-element_type=\"section\" data-e-type=\"section\" id=\"inicio\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-33 elementor-top-column elementor-element elementor-element-3c409f5\" data-id=\"3c409f5\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-4030b9a elementor-widget elementor-widget-image\" data-id=\"4030b9a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"656\" height=\"410\" src=\"https:\/\/dtstc.ugr.es\/neus-cslab\/wp-content\/uploads\/2022\/03\/portada_prediccciones_0.jpg\" class=\"attachment-large size-large wp-image-499\" alt=\"\" srcset=\"https:\/\/dtstc.ugr.es\/neus-cslab\/wp-content\/uploads\/2022\/03\/portada_prediccciones_0.jpg 656w, https:\/\/dtstc.ugr.es\/neus-cslab\/wp-content\/uploads\/2022\/03\/portada_prediccciones_0-300x188.jpg 300w\" sizes=\"(max-width: 656px) 100vw, 656px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-257cd65 elementor-position-inline-start elementor-view-default elementor-mobile-position-block-start elementor-widget elementor-widget-icon-box\" data-id=\"257cd65\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"icon-box.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-icon-box-wrapper\">\n\n\t\t\t\t\t\t<div class=\"elementor-icon-box-icon\">\n\t\t\t\t<span  class=\"elementor-icon\">\n\t\t\t\t<i aria-hidden=\"true\" class=\"far fa-calendar-alt\"><\/i>\t\t\t\t<\/span>\n\t\t\t<\/div>\n\t\t\t\n\t\t\t\t\t\t<div class=\"elementor-icon-box-content\">\n\n\t\t\t\t\t\t\t\t\t<h3 class=\"elementor-icon-box-title\">\n\t\t\t\t\t\t<span  >\n\t\t\t\t\t\t\tPeriodo\t\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/h3>\n\t\t\t\t\n\t\t\t\t\t\t\t\t\t<p class=\"elementor-icon-box-description\">\n\t\t\t\t\t\t1-ENE-2021 a 31-DIC-2022  (+4 meses)\t\t\t\t\t<\/p>\n\t\t\t\t\n\t\t\t<\/div>\n\t\t\t\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-73c1b5f elementor-widget elementor-widget-progress\" data-id=\"73c1b5f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"progress.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t<span class=\"elementor-title\" id=\"elementor-progress-bar-73c1b5f\">\n\t\t\t\tProgreso\t\t\t<\/span>\n\t\t\n\t\t<div aria-labelledby=\"elementor-progress-bar-73c1b5f\" class=\"elementor-progress-wrapper\" role=\"progressbar\" aria-valuemin=\"0\" aria-valuemax=\"100\" aria-valuenow=\"100\">\n\t\t\t<div class=\"elementor-progress-bar\" data-max=\"100\">\n\t\t\t\t<span class=\"elementor-progress-text\"><\/span>\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-progress-percentage\">100%<\/span>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-66 elementor-top-column elementor-element elementor-element-58baba8\" data-id=\"58baba8\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-a662cc8 elementor-widget elementor-widget-heading\" data-id=\"a662cc8\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Sistema para la detecci\u00f3n temprana de ciberataques en industria conectada e IoT mediante detecci\u00f3n de anomal\u00edas multiplanta<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-53bd27e2 elementor-position-inline-start elementor-view-default elementor-mobile-position-block-start elementor-widget elementor-widget-icon-box\" data-id=\"53bd27e2\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"icon-box.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-icon-box-wrapper\">\n\n\t\t\t\t\t\t<div class=\"elementor-icon-box-icon\">\n\t\t\t\t<span  class=\"elementor-icon\">\n\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-barcode\"><\/i>\t\t\t\t<\/span>\n\t\t\t<\/div>\n\t\t\t\n\t\t\t\t\t\t<div class=\"elementor-icon-box-content\">\n\n\t\t\t\t\t\t\t\t\t<h3 class=\"elementor-icon-box-title\">\n\t\t\t\t\t\t<span  >\n\t\t\t\t\t\t\tReferencia \t\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/h3>\n\t\t\t\t\n\t\t\t\t\t\t\t\t\t<p class=\"elementor-icon-box-description\">\n\t\t\t\t\t\tPYC20-RE-087-USE\t\t\t\t\t<\/p>\n\t\t\t\t\n\t\t\t<\/div>\n\t\t\t\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8656e0b elementor-position-inline-start elementor-view-default elementor-mobile-position-block-start elementor-widget elementor-widget-icon-box\" data-id=\"8656e0b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"icon-box.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-icon-box-wrapper\">\n\n\t\t\t\t\t\t<div class=\"elementor-icon-box-icon\">\n\t\t\t\t<span  class=\"elementor-icon\">\n\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-landmark\"><\/i>\t\t\t\t<\/span>\n\t\t\t<\/div>\n\t\t\t\n\t\t\t\t\t\t<div class=\"elementor-icon-box-content\">\n\n\t\t\t\t\t\t\t\t\t<h3 class=\"elementor-icon-box-title\">\n\t\t\t\t\t\t<span  >\n\t\t\t\t\t\t\tOrganismos \/ empresas\t\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/h3>\n\t\t\t\t\n\t\t\t\t\t\t\t\t\t<p class=\"elementor-icon-box-description\">\n\t\t\t\t\t\t<span style=\"color: #888888\"><\/span><i>Universidad de Sevilla \u2013 Junta de Andaluc\u00eda<\/i> \u2013 Proyectos singulares de actuaciones de transferencia en los CEI en las \u00e1reas RIS3 (CEI20)<br>Wellness Telecom S.L.\t\t\t\t\t<\/p>\n\t\t\t\t\n\t\t\t<\/div>\n\t\t\t\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-901bf72 elementor-position-inline-start elementor-view-default elementor-mobile-position-block-start elementor-widget elementor-widget-icon-box\" data-id=\"901bf72\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"icon-box.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-icon-box-wrapper\">\n\n\t\t\t\t\t\t<div class=\"elementor-icon-box-icon\">\n\t\t\t\t<span  class=\"elementor-icon\">\n\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-graduation-cap\"><\/i>\t\t\t\t<\/span>\n\t\t\t<\/div>\n\t\t\t\n\t\t\t\t\t\t<div class=\"elementor-icon-box-content\">\n\n\t\t\t\t\t\t\t\t\t<h3 class=\"elementor-icon-box-title\">\n\t\t\t\t\t\t<span  >\n\t\t\t\t\t\t\tInvestigadores\t\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/h3>\n\t\t\t\t\n\t\t\t\t\t\t\t\t\t<p class=\"elementor-icon-box-description\">\n\t\t\t\t\t\t \t\t\t\t\t<\/p>\n\t\t\t\t\n\t\t\t<\/div>\n\t\t\t\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-019f81b elementor-icon-list--layout-traditional elementor-list-item-link-full_width elementor-widget elementor-widget-icon-list\" data-id=\"019f81b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"icon-list.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul class=\"elementor-icon-list-items\">\n\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t<a href=\"\/neus-cslab\/personal\/rea\">\n\n\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"far fa-user\"><\/i>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text\">Rafael Estepa Alonso  - IP<\/span>\n\t\t\t\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t<\/ul>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-451544e elementor-icon-list--layout-traditional elementor-list-item-link-full_width elementor-widget elementor-widget-icon-list\" data-id=\"451544e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"icon-list.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul class=\"elementor-icon-list-items\">\n\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t<a href=\"\/neus-cslab\/personal\/jedv\">\n\n\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-user\"><\/i>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text\">Jes\u00fas E. D\u00edaz Verdejo<\/span>\n\t\t\t\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t<a href=\"\/neus-cslab\/personal\/aea\">\n\n\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-user\"><\/i>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text\">Antonio Estepa Alonso<\/span>\n\t\t\t\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t<a href=\"\/neus-cslab\/personal\/gm\">\n\n\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-user\"><\/i>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text\">Germ\u00e1n  Madinabeitia Luque<\/span>\n\t\t\t\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t<\/ul>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-05ca179 elementor-position-inline-start elementor-view-default elementor-mobile-position-block-start elementor-widget elementor-widget-icon-box\" data-id=\"05ca179\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"icon-box.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-icon-box-wrapper\">\n\n\t\t\t\t\t\t<div class=\"elementor-icon-box-icon\">\n\t\t\t\t<span  class=\"elementor-icon\">\n\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-graduation-cap\"><\/i>\t\t\t\t<\/span>\n\t\t\t<\/div>\n\t\t\t\n\t\t\t\t\t\t<div class=\"elementor-icon-box-content\">\n\n\t\t\t\t\t\t\t\t\t<h3 class=\"elementor-icon-box-title\">\n\t\t\t\t\t\t<span  >\n\t\t\t\t\t\t\tEquipo de trabajo\t\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/h3>\n\t\t\t\t\n\t\t\t\t\t\t\t\t\t<p class=\"elementor-icon-box-description\">\n\t\t\t\t\t\t \t\t\t\t\t<\/p>\n\t\t\t\t\n\t\t\t<\/div>\n\t\t\t\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e8c18df elementor-icon-list--layout-traditional elementor-list-item-link-full_width elementor-widget elementor-widget-icon-list\" data-id=\"e8c18df\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"icon-list.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul class=\"elementor-icon-list-items\">\n\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-user\"><\/i>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text\">Vicente Mayor<\/span>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-user\"><\/i>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text\">Agust\u00edn Lara<\/span>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-user\"><\/i>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text\">Fernando Ruiz Robles<\/span>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t<\/ul>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-687ad42 elementor-position-right elementor-vertical-align-bottom elementor-widget elementor-widget-image-box\" data-id=\"687ad42\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image-box.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-image-box-wrapper\"><figure class=\"elementor-image-box-img\"><img decoding=\"async\" width=\"451\" height=\"110\" src=\"https:\/\/dtstc.ugr.es\/neus-cslab\/wp-content\/uploads\/2023\/04\/us-ja.png\" class=\"attachment-full size-full wp-image-1281\" alt=\"\" \/><\/figure><div class=\"elementor-image-box-content\"><p class=\"elementor-image-box-description\">Este proyecto est\u00e1 financiado por  FEDER\/ Junta de Andaluc\u00eda<\/p><\/div><\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-cb48536 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"cb48536\" data-element_type=\"section\" data-e-type=\"section\" id=\"resumen\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-5bceb0f\" data-id=\"5bceb0f\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-inner-section elementor-element elementor-element-73881d1 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"73881d1\" data-element_type=\"section\" data-e-type=\"section\" id=\"resumen\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-16 elementor-inner-column elementor-element elementor-element-a2e6fc9\" data-id=\"a2e6fc9\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-a452ea5 elementor-align-center full-btn elementor-widget elementor-widget-button\" data-id=\"a452ea5\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-md\" href=\"#inicio\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">Inicio<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-16 elementor-inner-column elementor-element elementor-element-b8ffa6c\" data-id=\"b8ffa6c\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-a103a3d elementor-align-center full-btn elementor-widget elementor-widget-button\" data-id=\"a103a3d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-md\" href=\"#resumen\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">Resumen<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-16 elementor-inner-column elementor-element elementor-element-be95d67\" data-id=\"be95d67\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-c85fd2f elementor-align-center full-btn elementor-widget elementor-widget-button\" data-id=\"c85fd2f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-md\" href=\"#antecedentes\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">antecedentes<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-16 elementor-inner-column elementor-element elementor-element-297ba9c\" data-id=\"297ba9c\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-0fbcf4f elementor-align-center full-btn elementor-widget elementor-widget-button\" data-id=\"0fbcf4f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-md\" href=\"#objetivos\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">Objetivos<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-16 elementor-inner-column elementor-element elementor-element-7ba089c\" data-id=\"7ba089c\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-49b4a68 elementor-align-center full-btn elementor-widget elementor-widget-button\" data-id=\"49b4a68\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-md\" href=\"#propuesta\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">Propuesta<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-16 elementor-inner-column elementor-element elementor-element-2a87b13\" data-id=\"2a87b13\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-5cb754a elementor-align-center full-btn elementor-widget elementor-widget-button\" data-id=\"5cb754a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-md\" href=\"#resultados\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">Resultados<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-b2c7ff4 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"b2c7ff4\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-e52ea1f\" data-id=\"e52ea1f\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-372944a elementor-widget elementor-widget-heading\" data-id=\"372944a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Resumen<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c8c5ece elementor-widget__width-initial elementor-widget elementor-widget-text-editor\" data-id=\"c8c5ece\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"text-align: justify; text-indent: 20pt; line-height: 150%; font-family: 'Lato',serif; font-style: normal; font-weight: 300; justify-content: align;\">La propuesta presentada, <strong>Sistema para la Detecci\u00f3n Temprana de Ciberataques en Industria Conectada e IoT mediante Detecci\u00f3n de Anomal\u00edas Multiplanta<\/strong>, se integra\u00a0 en los proyectos de inter\u00e9s colaborativo en el \u00e1mbito de los ecosistemas de innovaci\u00f3n de los Centros de Excelencia Internacional (CEI). En concreto, dentro del proyecto singular de actuaciones transferencia del conocimiento titulado \u00abCampus de Excelencia Internacional Andaluci\u0301a TECH. Ecosistema Innovador con Inteligencia Artificial para Andaluci\u0301a 2025\u00bb.<\/p>\n<p style=\"text-align: justify; text-indent: 20pt; line-height: 150%; font-family: 'Lato',serif; font-style: normal; font-weight: 300; justify-content: align;\">Esta propuesta da continuidad y ampl\u00eda una l\u00ednea de investigaci\u00f3n iniciada en una de las actuaciones de este ecosistema innovador sobre Detecci\u00f3n Inteligente de Incidentes de Ciberseguridad en redes IoT a trav\u00e9s de n-gram\u00e1ticas adaptativas. El foco de la presente propuesta se desplaza a otras t\u00e9cnicas de Inteligencia Artificial (IA) m\u00e1s adecuadas a un nuevo escenario de trabajo, multiplanta, donde se analizan las correlaciones espacio-temporales de los comportamientos observados en distintas plantas de IoT en b\u00fasqueda de patrones an\u00f3malos que permitan detectar ciberamenazas en sus estadios iniciales (ver anexo 1)<span style=\"font-family: NewsGotT; mso-bidi-font-family: NewsGotT; mso-bidi-font-weight: bold;\">. <\/span><span style=\"font-size: 11.0pt; font-family: 'Arial',sans-serif; mso-ascii-theme-font: minor-latin; mso-hansi-theme-font: minor-latin; mso-bidi-theme-font: minor-latin; mso-bidi-font-weight: bold;\">Por ello, esta propuesta aporta soluciones a los retos sociales de Andaluc\u00eda y asimismo est\u00e1 alineada con la prioridad P8 (TIC y econom\u00eda digital) de la Estrategia de Investigaci\u00f3n e Innovaci\u00f3n para la Especializaci\u00f3n Inteligente (RIS3) de Andaluc\u00eda.<\/span><\/p>\n<p style=\"text-align: justify; text-indent: 20pt; line-height: normal;\"><\/p>\n<br>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-9b840cb elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"9b840cb\" data-element_type=\"section\" data-e-type=\"section\" id=\"antecedentes\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-c276ca9\" data-id=\"c276ca9\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-inner-section elementor-element elementor-element-cb9ae38 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"cb9ae38\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-16 elementor-inner-column elementor-element elementor-element-3adf3ec\" data-id=\"3adf3ec\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-3278ab9 elementor-align-center full-btn elementor-widget elementor-widget-button\" data-id=\"3278ab9\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-md\" href=\"#inicio\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">Inicio<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-16 elementor-inner-column elementor-element elementor-element-7022c20\" data-id=\"7022c20\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-542334d elementor-align-center full-btn elementor-widget elementor-widget-button\" data-id=\"542334d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-md\" href=\"#resumen\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">Resumen<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-16 elementor-inner-column elementor-element elementor-element-e185880\" data-id=\"e185880\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-f545738 elementor-align-center full-btn elementor-widget elementor-widget-button\" data-id=\"f545738\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-md\" href=\"#antecedentes\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">antecedentes<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-16 elementor-inner-column elementor-element elementor-element-0d83437\" data-id=\"0d83437\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-6dd8b92 elementor-align-center full-btn elementor-widget elementor-widget-button\" data-id=\"6dd8b92\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-md\" href=\"#objetivos\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">Objetivos<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-16 elementor-inner-column elementor-element elementor-element-1e2cc34\" data-id=\"1e2cc34\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-5da4883 elementor-align-center full-btn elementor-widget elementor-widget-button\" data-id=\"5da4883\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-md\" href=\"#propuesta\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">Propuesta<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-16 elementor-inner-column elementor-element elementor-element-dd9f3f7\" data-id=\"dd9f3f7\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-66332f8 elementor-align-center full-btn elementor-widget elementor-widget-button\" data-id=\"66332f8\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-md\" href=\"#resultados\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">Resultados<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-5c9a277 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"5c9a277\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-a1e06d4\" data-id=\"a1e06d4\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-889ab34 elementor-widget elementor-widget-heading\" data-id=\"889ab34\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Antecedentes<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d01fe50 elementor-widget elementor-widget-text-editor\" data-id=\"d01fe50\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"text-align: justify; text-indent: 20pt; line-height: 150%; font-family: 'Lato',serif; font-style: normal; font-weight: 300; justify-content: align;\">La propuesta plantea una soluci\u00f3n de ciberseguridad espec\u00edfica para plantas industriales (Industrial Control Systems o ICS) con elementos del Internet of Things (IoT) y, m\u00e1s concretamente en uno de sus usos verticales: la SmartCity. Las instalaciones que pueden beneficiarse de la soluci\u00f3n objeto de este proyecto son aquellas que permiten el control y monitorizaci\u00f3n de parques de dispositivos inteligentes (IoT, SmartCity), desde una aplicaci\u00f3n o servicio Web que se utiliza como interfaz de usuario para la gesti\u00f3n de servicios inteligentes. A fin de ilustrarlo, en la<br \/>Fig. 1 se muestra el esquema de una instalaci\u00f3n t\u00edpica de SmartCity para el control inteligente de iluminaci\u00f3n de varias ciudades.<\/p><p>\u00a0<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5ddf3e1 elementor-widget elementor-widget-image\" data-id=\"5ddf3e1\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t<figure class=\"wp-caption\">\n\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"768\" height=\"531\" src=\"https:\/\/dtstc.ugr.es\/neus-cslab\/wp-content\/uploads\/2022\/03\/coincide-2-768x531.jpg\" class=\"attachment-medium_large size-medium_large wp-image-802\" alt=\"\" srcset=\"https:\/\/dtstc.ugr.es\/neus-cslab\/wp-content\/uploads\/2022\/03\/coincide-2-768x531.jpg 768w, https:\/\/dtstc.ugr.es\/neus-cslab\/wp-content\/uploads\/2022\/03\/coincide-2-300x208.jpg 300w, https:\/\/dtstc.ugr.es\/neus-cslab\/wp-content\/uploads\/2022\/03\/coincide-2.jpg 983w\" sizes=\"(max-width: 768px) 100vw, 768px\" \/>\t\t\t\t\t\t\t\t\t\t\t<figcaption class=\"widget-image-caption wp-caption-text\">Fig. 1: Diagrama de una red de control de iluminaci\u00f3n t\u00edpica.<\/figcaption>\n\t\t\t\t\t\t\t\t\t\t<\/figure>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-02a18e9 elementor-widget elementor-widget-text-editor\" data-id=\"02a18e9\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"text-align: justify; text-indent: 20pt; line-height: 150%; font-family: 'Lato',serif; font-style: normal; font-weight: 300; justify-content: align;\">El parque de sensores IoT de la figura anterior est\u00e1 compuesto por 2 plantas o redes de campo con sensores (denominados S en la figura) que se corresponden con puntos de iluminaci\u00f3n inteligentes controlados remotamente desde un sistema de gesti\u00f3n (Servidor IoT en la figura) al que se accede a trav\u00e9s de una aplicaci\u00f3n Web que permite administrar y operar remotamente uno o varios parques. El Centro de Control, muchas veces ubicado en la nube, consta de varios nodos y bases de datos (BBDD en la figura) que almacenan toda la informaci\u00f3n del sistema. El Servidor IoT se encarga a su vez de la comunicaci\u00f3n con los nodos IoT empleando para ello los protocolos de aplicaci\u00f3n habituales en IoT (MQTT o CoAP). La operaci\u00f3n del sistema es realizada desde Internet por la entidad gestora de los parques e incluye la gesti\u00f3n de los nodos IoT (p.ej., suministro de consignas o puntos de funcionamiento), y se realiza a trav\u00e9s de un navegador Web que utiliza un protocolo seguro (https con TLS 1.2 o superior. Las redes de acceso que usan los nodos IoT pueden ser del \u00e1mbito privado (p.ej. Lora, Sigfox, redes NBWLAN con una pasarela a Internet \/un operador) o subcontratadas a un operador de red (GPRS o 3G), y se comunican con el centro de control mediante una red privada virtual (VPN) ofrecida habitualmente por el operador de red.<\/p>\n<p style=\"text-align: justify; text-indent: 20pt; line-height: 150%; font-family: 'Lato',serif; font-style: normal; font-weight: 300; justify-content: align;\">De forma general, podemos distinguir una serie de caracter\u00edsticas propias de este tipo de instalaciones:<\/p>\n<p style=\"text-align: justify; text-indent: -20pt; line-height: normal; margin: 5.0pt 20pt 1pt 40pt;\">&#8211; Escaso caudal en el enlace de datos de acceso a los nodos IoT: cobertura 2,5G en muchos casos, e incluso caudales de datos inferiores (p.ej., SigFox, Lora)<\/p>\n<p style=\"text-align: justify; text-indent: -20pt; line-height: normal; margin: 5.0pt 20pt 1pt 40pt;\">&#8211; Operaci\u00f3n remota de la instalaci\u00f3n: el Centro de Control est\u00e1 protegido con una VPN suministrada por el operador de red, pero el acceso al servidor IoT se suele ofrece mediante Internet con usuario y contrase\u00f1a (a fin de no resultar inc\u00f3modo al operador o gestor de los parques) contra una aplicaci\u00f3n https.<\/p>\n<p style=\"text-align: justify; text-indent: -20pt; line-height: normal; margin: 5.0pt 20pt 1pt 40pt;\">&#8211; Uso de aplicaciones y protocolos IoT que suelen implementarse con un nivel bajo de seguridad (sin cifrado de comunicaciones).<\/p>\n<p style=\"text-align: justify; text-indent: -20pt; line-height: normal; margin: 5.0pt 20pt 1pt 40pt;\">&#8211; Resulta peculiar la posibilidad de obtener un mismo patr\u00f3n del comportamiento entre 2 plantas de iluminaci\u00f3n inteligente similares y geogr\u00e1ficamente cercanas, algunas variables de la aplicaci\u00f3n (por ejemplo, potencia instant\u00e1nea consumida) deber\u00edan tener un comportamiento s\u00edncrono.<\/p>\n<p style=\"text-align: justify; text-indent: 20pt; line-height: 150%; font-family: 'Lato',serif; font-style: normal; font-weight: 300; justify-content: align;\">En este tipo de escenarios, propios de la Industria Conectada (Industria 4.0), adem\u00e1s de las ciberamenazas habituales de una red IT (p.ej., control de acceso f\u00edsico, control de usuarios\/permisos, pol\u00edticas de autenticaci\u00f3n -contrase\u00f1as-, etc.), podemos destacar las siguientes ciberamenazas particulares del escenario mostrado en la figura:<\/p>\n<p style=\"text-align: justify; text-indent: -20pt; line-height: normal; margin: 5.0pt 20pt 1pt 40pt;\">&#8211; Suplantaci\u00f3n de sesi\u00f3n web o de identidad del operador de planta.<\/p>\n<p style=\"text-align: justify; text-indent: -20pt; line-height: normal; margin: 5.0pt 20pt 1pt 40pt;\">&#8211; Ataque al servidor\/aplicaci\u00f3n Web de la aplicaci\u00f3n de gesti\u00f3n o al servidor VPN para operar la infraestructura IoT.<\/p>\n<p style=\"text-align: justify; text-indent: -20pt; line-height: normal; margin: 5.0pt 20pt 1pt 40pt;\">&#8211; Ataques de dif\u00edcil detecci\u00f3n por equipos de detecci\u00f3n de intrusiones convencionales (IDS, Intrusion Detection Systems -podr\u00eda ser un firewall de nivel de aplicaci\u00f3n-). Este tipo de ataques ser\u00edan los conocidos como: 0-day y APT (Advanced Persistent Threat) para el control de sistemas y robo de informaci\u00f3n sensible.<\/p>\n<p style=\"text-align: justify; text-indent: -20pt; line-height: normal; margin: 5.0pt 20pt 1pt 40pt;\">&#8211; Ataques a los dispositivos e infraestructura IoT en la red de campo.<\/p>\n<p style=\"text-align: justify; text-indent: 20pt; line-height: 150%; font-family: 'Lato',serif; font-style: normal; font-weight: 300; justify-content: align;\">Las consecuencias de un ciberataque en una planta industrial, adem\u00e1s del perjuicio econ\u00f3mico para la empresa (p.ej., coste de reposici\u00f3n, p\u00e9rdida de producci\u00f3n o reputaci\u00f3n), pueden conllevar riesgos para las personas (pensemos, por ejemplo, en que se apagaran todas las luces de la ciudad, y los sistemas de control de peatones a las 22:00).<\/p>\n<p style=\"text-align: justify; text-indent: 20pt; line-height: 150%; font-family: 'Lato',serif; font-style: normal; font-weight: 300; justify-content: align;\">Debido a las peculiaridades mencionadas, las posibles soluciones comerciales para la detecci\u00f3n temprana de ciberataques en plantas industriales\/IoT gestionadas remotamente tienen caracter\u00edsticas diferenciales respecto a los sistemas de ciberseguridad convencionales (orientados a IT -Information Technology-) y deber\u00edan cumplir los siguientes requisitos:<\/p>\n<p style=\"text-align: justify; text-indent: -20pt; line-height: normal; margin: 5.0pt 20pt 1pt 40pt;\">\u2022 REQ1: No afectar al normal funcionamiento de los equipos instalados en la planta. Esto implica: utilizar s\u00f3lo herramientas de seguridad pasivas (que no inyecten tr\u00e1fico) y un consumo m\u00ednimo del ancho de banda de red disponible en la instalaci\u00f3n.<\/p>\n<p style=\"text-align: justify; text-indent: -20pt; line-height: normal; margin: 5.0pt 20pt 1pt 40pt;\">\u2022 REQ2: No afectar de forma significativa al coste de la instalaci\u00f3n. Para ello, adem\u00e1s del precio asociado a la adquisici\u00f3n y puesta en marcha del sistema de ciberseguridad, la soluci\u00f3n debe tener un bajo consumo de recursos computacionales, de almacenamiento, y de red, pudiendo idealmente integrarse en equipos existentes en planta como una m\u00e1quina virtual.<\/p>\n<p style=\"text-align: justify; text-indent: -20pt; line-height: normal; margin: 5.0pt 20pt 1pt 40pt;\">\u2022 REQ3: Capacidad de detecci\u00f3n amplia. La soluci\u00f3n debe cubrir la detecci\u00f3n de eventos significativos de seguridad ligados a las amenazas descritas anteriormente, tanto existentes como 0-day, as\u00ed como tambi\u00e9n permitir el cumplimiento de la normativa y pol\u00edticas aplicables en cada caso.<\/p>\n<p style=\"text-align: justify; text-indent: 20pt; line-height: 150%; font-family: 'Lato',serif; font-style: normal; font-weight: 300; justify-content: align;\">Actualmente existen multitud de soluciones comerciales de ciberseguridad aplicables en distintos campos, como la seguridad web, seguridad en redes e infraestructuras, seguridad en IoT, seguridad en dispositivos finales, seguridad en la nube, etc&#8230;.(ver informe de Cyberscape 2019 , que clasifica a los 133 mayores fabricantes y consultoras de productos de ciberseguridad en 18 campos distintos). Dentro de los campos de seguridad en red e infraestructuras, y seguridad en (IoT), podemos encontrar unas 30 empresas que ofrecen soluciones, la mayor\u00eda de las cuales est\u00e1n orientadas al cifrado de las comunicaciones y a la detecci\u00f3n de ataques conocidos en protocolos industriales (p.ej., ModBus, IEC104, CoaP, MQTT,&#8230;). Sin embargo, las soluciones existentes (adem\u00e1s de afectar significativamente al coste de la instalaci\u00f3n) exigen para su configuraci\u00f3n, puesta a punto y operaci\u00f3n, un alto grado de especializaci\u00f3n que implica la dedicaci\u00f3n de grandes recursos (normalmente no disponibles). Adem\u00e1s, la integraci\u00f3n del sistema de ciberseguridad en los Centros de Operaciones existentes suele se compleja para los operarios, habituados exclusivamente a la operaci\u00f3n del parque IoT. Por otro lado, muchas de las soluciones comerciales existentes inyectan tr\u00e1fico en la red (bien para el escaneo de vulnerabilidades, consultas de patrones y\/o actualizaciones con sus servidores). Por \u00faltimo cabe se\u00f1alar que la capacidad de detecci\u00f3n de estos dispositivos est\u00e1 mayormente basada en firmas o patrones, por lo que los ataques de mayor complejidad en detecci\u00f3n como los 0-days o los APT, muy empleados en entornos industriales para el robo de informaci\u00f3n sensible, suelen pasar desapercibidos para estos sistemas est\u00e1ndar. Ello explica que mercado est\u00e1 actualmente tendiendo a soluciones de EPS (End Point Security), basadas en el an\u00e1lisis del comportamiento del usuario (PUB -Per User Behaviour-, uso del rat\u00f3n, interrupciones de en el acceso a disco, programas ejecutados, etc.), que no son de aplicaci\u00f3n directa en este proyecto, pues suelen modelar el comportamiento sobre los recursos de un PC en el contexto IT. Todo esto nos lleva a la conclusi\u00f3n de que no existen productos en el mercado que satisfagan los requisitos identificados anteriormente para plantas industriales conectadas y de IoT gestionadas remotamente, lo que supone un reto y, a la vez, una oportunidad que pretende ser aprovechada en este proyecto.<\/p>\n<p style=\"text-align: justify; text-indent: 20pt; line-height: 150%; font-family: 'Lato',serif; font-style: normal; font-weight: 300; justify-content: align;\">En la literatura cient\u00edfica, los art\u00edculos dedicados a detecci\u00f3n de ataques o amenazas en entornos ICS e IoT basados en sensorizaci\u00f3n, proponen en general m\u00e9todos no invasivos. En [Kauok] podemos encontrar una reciente revisi\u00f3n de los principales trabajos de detecci\u00f3n de ataques en ICS, se\u00f1alando adem\u00e1s las oportunidades de investigaci\u00f3n y retos existentes, entre los que destacan el uso de t\u00e9cnicas de detecci\u00f3n por anomal\u00edas sobre comportamientos peri\u00f3dicos de las distintas aplicaciones que implementan los sistemas SCADA. En [Yang2] podemos tambi\u00e9n encontrar una revisi\u00f3n del estado de la investigaci\u00f3n y retos espec\u00edficos de IoT, donde se se\u00f1ala hacia la detecci\u00f3n de anomal\u00edas de comportamiento como uno de los campos m\u00e1s prometedores. Sin embargo, la detecci\u00f3n de anomal\u00edas en ICS (o en IoT) presenta dos facetas conceptualmente diferenciadas: la relativa a la propia supervisi\u00f3n del proceso industrial monitorizado y\/o de las variables de control, y la relativa a la ciberseguridad en el tr\u00e1fico de red. La primera, se ha venido abordando desde el punto de vista de la detecci\u00f3n de fallos o la supervisi\u00f3n de los procesos aplicando t\u00e9cnicas de an\u00e1lisis de series temporales [Sridhar]. No obstante, el nuevo escenario de IoT aumenta los riesgos, apareciendo nuevas tipolog\u00edas de ataques [Zhu] como la inyecci\u00f3n de datos falsos, la generaci\u00f3n de comandos fraudulentos, y la suplantaci\u00f3n de identidad en el servidor Web. Por tanto, se requieren t\u00e9cnicas orientadas al an\u00e1lisis de los datos de la aplicaci\u00f3n IoT correspondiente, pudi\u00e9ndose para ello utilizar aproximaciones cl\u00e1sicas como el modelado bayesiano junto con EWMA [Kallistis], t\u00e9cnicas de regresi\u00f3n [Sandor], u otras del campo de la Inteligencia Artificial [Beaver]. La caracter\u00edstica distintiva de nuestro escenario de trabajo, multiplanta, permite cotejar el comportamiento de la aplicaci\u00f3n IoT en diversas plantas similares y buscar correlaciones espacio-temporales que permitan identificar anomal\u00edas como evidencias de posibles ciberataques.<\/p>\n<p style=\"text-align: justify; text-indent: 20pt; line-height: 150%; font-family: 'Lato',serif; font-style: normal; font-weight: 300; justify-content: align;\">Esto nos lleva a la necesidad de enfrentar el reto de dise\u00f1ar una nueva soluci\u00f3n para la detecci\u00f3n de ciberataques en entornos IoT que cumpla los requisitos anteriores e integre en un sistema \u00fanico las capacidades de detecci\u00f3n basadas en patrones de ataques conocidos y aquellos identificados como anomal\u00edas en la operaci\u00f3n de una planta o de varias plantas.<\/p>\n<span style=\"color: #038daa; font-size: 120%;\"><strong>Referencias<\/strong><\/span>\n<table style=\"border-spacing: 0px;\" border=\"0\" width=\"100%\">\n<tbody>\n<tr style=\"border-bottom-width: 0px;\">\n<td style=\"border-bottom-width: 0px; padding-bottom: 0px; padding-top: 0px;\"><span style=\"font-family: 'Lato',serif; font-style: normal; font-weight: 300; justify-content: align; line-height: 0.8rem; font-size: 90%;\">[Kaouk]\n<\/span><\/td>\n<td style=\"border-bottom-width: 0px; padding-bottom: 0px; padding-top: 0px;\"><span style=\"font-family: 'Lato',serif; font-style: normal; font-weight: 300; justify-content: align; line-height: 0.8rem; font-size: 90%;\"> M. Kaouk, et.al. , <i>A Review of Intrusion Detection Systems for Industrial\nControl Systems<\/i>,\u00a02019 6th International Conference on Control,\nDecision and Information Technologies (CoDIT), Paris, France, 2019, pp.\n1699-1704<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"border-bottom-width: 0px; padding-bottom: 0px; padding-top: 0px;\"><span style=\"font-family: 'Lato',serif; font-style: normal; font-weight: 300; justify-content: align; line-height: 0.8rem; font-size: 90%;\"> [Sridhar]<\/span><\/td>\n<td style=\"border-bottom-width: 0px; padding-bottom: 0px; padding-top: 0px;\"><span style=\"font-family: 'Lato',serif; font-style: normal; font-weight: 300; justify-content: align; line-height: 0.8rem; font-size: 90%;\"> Sridhar, et.al. (2014). <i>Model-based attack detection and\nmitigation for automatic generation control<\/i>, IEEE Transactions on Smart Grid, 5(2), 580\u2013591. <\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"border-bottom-width: 0px; padding-bottom: 0px; padding-top: 0px;\"><span style=\"font-family: 'Lato',serif; font-style: normal; font-weight: 300; justify-content: align; line-height: 0.8rem; font-size: 90%;\">\n[Zhu]<\/span><\/td>\n<td style=\"border-bottom-width: 0px; padding-bottom: 0px; padding-top: 0px;\"><span style=\"font-family: 'Lato',serif; font-style: normal; font-weight: 300; justify-content: align; line-height: 0.8rem; font-size: 90%;\"> Zhu,\nB., Joseph, A., &amp; Sastry, S. (2011). <i> A taxonomy of cyber attacks on SCADA systems<\/i>. Proceedings &#8211; 2011 IEEE International Conferences on Internet of\nThings and Cyber, Physical and Social Computing, IThings\/CPSCom 2011<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"border-bottom-width: 0px; padding-bottom: 0px; padding-top: 0px;\"><span style=\"font-family: 'Lato',serif; font-style: normal; font-weight: 300; justify-content: align; line-height: 0.8rem; font-size: 90%;\"> [Kallitsis]<\/span><\/td>\n<td style=\"border-bottom-width: 0px; padding-bottom: 0px; padding-top: 0px;\"><span style=\"font-family: 'Lato',serif; font-style: normal; font-weight: 300; justify-content: align; line-height: 0.8rem; font-size: 90%;\">\nKallitsis, M. G., Michailidis, G., &amp; Tout, S. (2016). <i>Correlative\nmonitoring for detection of false data injection attacks in smart grids<\/i>. 2015\nIEEE International Conference on Smart Grid Communications, SmartGridComm 2015, 386\u2013391<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"border-bottom-width: 0px; padding-bottom: 0px; padding-top: 0px;\"><span style=\"font-family: 'Lato',serif; font-style: normal; font-weight: 300; justify-content: align; line-height: 0.8rem; font-size: 90%;\"> [Sandor]<\/span><\/td>\n<td style=\"border-bottom-width: 0px; padding-bottom: 0px; padding-top: 0px;\"><span style=\"font-family: 'Lato',serif; font-style: normal; font-weight: 300; justify-content: align; line-height: 0.8rem; font-size: 90%;\">\nSandor, H., Genge, B., &amp; Szanto, Z. (2017). <i>Sensor data validation and\nabnormal behavior detection in the internet of things<\/i>. 16th Networking in Education and Research RoEduNet International Conference, RoEduNet 2017 &#8211;\nProceedings<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"border-bottom-width: 0px; padding-bottom: 0px; padding-top: 0px;\"><span style=\"font-family: 'Lato',serif; font-style: normal; font-weight: 300; justify-content: align; line-height: 0.8rem; font-size: 90%;\"> [Beaver]<\/span><\/td>\n<td style=\"border-bottom-width: 0px; padding-bottom: 0px; padding-top: 0px;\"><span style=\"font-family: 'Lato',serif; font-style: normal; font-weight: 300; justify-content: align; line-height: 0.8rem; font-size: 90%;\">\nJ. Beaver, R. Borges-Hink, and M. Buckner. <i>An evaluation of machine learning methods to detect malicious scada communications<\/i>. In International Conference on Machine Learning and Applications, volume 2, pages 54\u201359, Dec 2013<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"border-bottom-width: 0px; padding-bottom: 0px; padding-top: 0px;\"><span style=\"font-family: 'Lato',serif; font-style: normal; font-weight: 300; justify-content: align; line-height: 0.8rem; font-size: 90%;\"> [Yang] <\/span><\/td>\n<td style=\"border-bottom-width: 0px; padding-bottom: 0px; padding-top: 0px;\"><span style=\"font-family: 'Lato',serif; font-style: normal; font-weight: 300; justify-content: align; line-height: 0.8rem; font-size: 90%;\">Yang, A., Wang, X., Sun, Y., Hu, Y.\n&amp; Sun, L. (2018). <i>Multi-Dimensional Data Fusion Intrusion Detection for Stealthy Attacks on Industrial Control Systems<\/i>. 2018\nIEEE Global Communications Conference, GLOBECOM 2018 &#8211; Proceedings,\n1\u20137<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"border-bottom-width: 0px; padding-bottom: 0px; padding-top: 0px;\"><span style=\"font-family: 'Lato',serif; font-style: normal; font-weight: 300; justify-content: align; line-height: 0.8rem; font-size: 90%;\"> [Yang2]<\/span><\/td>\n<td style=\"border-bottom-width: 0px; padding-bottom: 0px; padding-top: 0px;\"><span style=\"font-family: 'Lato',serif; font-style: normal; font-weight: 300; justify-content: align; line-height: 0.8rem; font-size: 90%;\">\nLu, Yang, and Li Da Xu. <i>Internet of things (iot) cybersecurity research:\nA review of current research topics<\/i>. IEEE Internet of Things Journal\n6.2 (2018): 2103-2115.<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<br>\n<span style=\"color: #038daa; font-size: 120%;\"><strong>Agente agregado<\/strong><\/span>\n<p style=\"text-align: justify; text-indent: 20pt; line-height: 150%; font-family: 'Lato',serif; font-style: normal; font-weight: 300; justify-content: align;\">El agente agregado es WellnessTechGroup, empresa tecnol\u00f3gica con sede en Andaluc\u00eda, con la que el presente grupo de investigaci\u00f3n ha compartido ya varios proyectos de investigaci\u00f3n de \u00e1mbito regional en ciberseguridad apoyados por la CTA como SIVA (PI-1669\/22\/2017)  o CorrelaSeg (PI-1453\/2015). Los resultados de dichos proyectos han sido en su mayor\u00eda transformados en productos o servicios de su actual cat\u00e1logo. Cabe resaltar que esta empresa Andaluza participa como agente agregado en el Ecosistema Innovador de Andaluc\u00eda Tech y que tuvo una facturaci\u00f3n superior a los 20 millones de Euros el pasado a\u00f1o.<\/p>\n<p style=\"text-align: justify; text-indent: 20pt; line-height: 150%; font-family: 'Lato',serif; font-style: normal; font-weight: 300; justify-content: align;\">Wellness TecgGroup  tiene un marcado car\u00e1cter Internacional con m\u00faltiples proyectos de IoT, SmartSensors y ciberseguridad desarrollados en m\u00e1s de 60 pa\u00edses, por lo que el objetivo de la colaboraci\u00f3n es doble: (a) proveer al proyecto un escenario IoT real (por ejemplo, gracias a su gama de productos de iluminaci\u00f3n inteligente) lo que permite validar el piloto desarrollado en condiciones cercanas a la realidad, y (b) facilitar la explotaci\u00f3n industrial y transferencia de los resultados. La empresa se compromete a definir el contexto de la aplicaci\u00f3n, y proporcionar tr\u00e1fico con caracter\u00edsticas reales a emplear en el proyecto. As\u00ed mismo la empresa se compromete a colaborar en la toma de requisitos del sistema (su experiencia permitir\u00e1 dise\u00f1ar un sistema que pueda integrarse en una planta real) as\u00ed como en la elaboraci\u00f3n del plan de pruebas. Finalmente, la empresa se compromete a dar visibilidad al proyecto y sus resultados en su p\u00e1gina web y redes sociales. El grupo de investigaci\u00f3n, a su vez, se compromete a firmar un acuerdo de explotaci\u00f3n gratuita de las patentes derivadas del proyecto, que podr\u00e1n ser empleadas por la empresa para el desarrollo de un producto comercial incorporado a su cat\u00e1logo. <\/p>\n<br>\n\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-0aa630f elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"0aa630f\" data-element_type=\"section\" data-e-type=\"section\" id=\"objetivos\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-31b1e3d\" data-id=\"31b1e3d\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-inner-section elementor-element elementor-element-b0caf62 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"b0caf62\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-16 elementor-inner-column elementor-element elementor-element-74222d5\" data-id=\"74222d5\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-9371191 elementor-align-center full-btn elementor-widget elementor-widget-button\" data-id=\"9371191\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-md\" href=\"#inicio\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">Inicio<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-16 elementor-inner-column elementor-element elementor-element-ceb08ab\" data-id=\"ceb08ab\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-4a6f8a6 elementor-align-center full-btn elementor-widget elementor-widget-button\" data-id=\"4a6f8a6\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-md\" href=\"#resumen\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">Resumen<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-16 elementor-inner-column elementor-element elementor-element-d8a0d72\" data-id=\"d8a0d72\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-4afbf00 elementor-align-center full-btn elementor-widget elementor-widget-button\" data-id=\"4afbf00\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-md\" href=\"#antecedentes\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">antecedentes<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-16 elementor-inner-column elementor-element elementor-element-cbaa29f\" data-id=\"cbaa29f\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-85c50af elementor-align-center full-btn elementor-widget elementor-widget-button\" data-id=\"85c50af\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-md\" href=\"#objetivos\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">Objetivos<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-16 elementor-inner-column elementor-element elementor-element-b38e4cb\" data-id=\"b38e4cb\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-a7a9028 elementor-align-center full-btn elementor-widget elementor-widget-button\" data-id=\"a7a9028\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-md\" href=\"#propuesta\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">Propuesta<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-16 elementor-inner-column elementor-element elementor-element-876e11c\" data-id=\"876e11c\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-9cb9c98 elementor-align-center full-btn elementor-widget elementor-widget-button\" data-id=\"9cb9c98\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-md\" href=\"#resultados\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">Resultados<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-9977b72 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"9977b72\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-e807cfe\" data-id=\"e807cfe\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-ad3643c elementor-widget elementor-widget-heading\" data-id=\"ad3643c\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Objetivos<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-149fd5e elementor-widget elementor-widget-text-editor\" data-id=\"149fd5e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"text-align: justify; text-indent: 20pt; line-height: 150%; font-family: 'Lato',serif; font-style: normal; font-weight: 300; justify-content: align;\">El objetivo principal del proyecto es el dise\u00f1o e implementaci\u00f3n de un innovador sistema de detecci\u00f3n temprana de ciberataques espec\u00edfico para entornos industriales IoT gestionados remotamente similares a lo mostrado en el anterior apartado. La implementaci\u00f3n incluye un piloto de pruebas que permita validar o reajustar el dise\u00f1o en una planta real, en base a una bater\u00eda final de pruebas sobre la que medir el desempe\u00f1o y consumo de recursos de la soluci\u00f3n aportada. Para que sea adecuada para su explotaci\u00f3n comercial, esta soluci\u00f3n de seguridad debe cumplir los siguientes objetivos parciales:<\/p>\n<p style=\"text-align: justify; text-indent: -20pt; line-height: normal; margin: 5.0pt 20pt 1pt 40pt;\">\u2022 El sistema debe ser pasivo para no afectar a los sistemas existentes.<\/p>\n<p style=\"text-align: justify; text-indent: -20pt; line-height: normal; margin: 5.0pt 20pt 1pt 40pt;\">\u2022 El sistema debe ofrecer una amplia capacidad de detecci\u00f3n de amenazas de diversos tipos (p.ej. debe incorporar el conocimiento existente de ataques conocidos definidos, y debe incorporar tambi\u00e9n la capacidad de detecci\u00f3n de ataques tipo 0-day o APT a trav\u00e9s de anomal\u00edas en el comportamiento tanto a nivel de tr\u00e1fico como a nivel de la aplicaci\u00f3n IoT. En el caso de instalaciones multiplanta, el sistema realizar\u00e1 una correlaci\u00f3n espacio-temporal con plantas similares a fin de identificar comportamientos an\u00f3malos. Para detectar ataques de tipo suplantaci\u00f3n de identidad o el robo de credenciales, se buscar\u00e1n anomal\u00edas tambi\u00e9n en el patr\u00f3n de acciones que el usuario lleva a cabo en la operaci\u00f3n del parque IoT.<\/p>\n<p style=\"text-align: justify; text-indent: -20pt; line-height: normal; margin: 5.0pt 20pt 1pt 40pt;\">\u2022 El sistema debe integrarse en la consola de operaciones de un sistema de gesti\u00f3n de eventos del centro de operaciones, ofreciendo informaci\u00f3n de ciberataques a los operadores del sistema IoT. \u00c9stos podr\u00e1n tomar acciones correctivas y realimentar de forma simple al sistema de detecci\u00f3n a fin de minimizar la tasa de falsos positivos y llevar al sistema a un punto \u00f3ptimo de funcionamiento.<\/p>\n<p style=\"text-align: justify; text-indent: 20pt; line-height: 150%; font-family: 'Lato',serif; font-style: normal; font-weight: 300; justify-content: align;\">El sistema propuesto se ubicar\u00eda en el Centro de Control, por lo que no consumir\u00eda recursos en los dispositivos IoT ni ancho de banda en la red de acceso, y tomar\u00eda como entrada principal el tr\u00e1fico del servidor de la aplicaci\u00f3n Web, as\u00ed como posibles ficheros de <em>log<\/em> que incluyan las comunicaciones con los nodos IoT y las acciones del operador de planta.<\/p>\n&nbsp;\n<h4 style=\"color: #038daa;\">Finalidad de la propuesta<\/h4>\n<p style=\"text-align: justify; text-indent: 20pt; line-height: 150%; font-family: 'Lato',serif; font-style: normal; font-weight: 300; justify-content: align;\">La finalidad de la propuesta es doble:<\/p>\n<p style=\"text-align: justify; text-indent: -20pt; line-height: normal; margin: 5.0pt 20pt 1pt 40pt;\">\u2022 Avanzar en el conocimiento cient\u00edfico y de trasferencia tecnol\u00f3gica con una propuesta novedosa que aplique los conceptos de PUB y la correlaci\u00f3n espacio-temporal de plantas similares en la detecci\u00f3n de anomal\u00edas que permiten identificar ciberataques espec\u00edficos de este tipo de instalaciones en estad\u00edos tempranos.<\/p>\n<p style=\"text-align: justify; text-indent: -20pt; line-height: normal; margin: 5.0pt 20pt 1pt 40pt;\">\u2022 Permitir al agente agregado la evaluaci\u00f3n del rendimiento del sistema piloto y la posible evoluci\u00f3n de la soluci\u00f3n hacia un producto propio de su cat\u00e1logo de ciberseguridad en IoT, cubriendo un hueco que actualmente est\u00e1 disponible en el mercado.<\/p>\n<p style=\"text-align: justify; text-indent: 20pt; line-height: 150%; font-family: 'Lato',serif; font-style: normal; font-weight: 300; justify-content: align;\">Para ello, se desarrollar\u00e1 un piloto demostrador TRL6 de un sistema de detecci\u00f3n de ciberataques en parques de industria conectada en entornos multiplanta de IoT.<\/p>\n&nbsp;\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-4620e4f elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"4620e4f\" data-element_type=\"section\" data-e-type=\"section\" id=\"propuesta\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-68dfd8d\" data-id=\"68dfd8d\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-inner-section elementor-element elementor-element-a5d479b elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"a5d479b\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-16 elementor-inner-column elementor-element elementor-element-a5413c5\" data-id=\"a5413c5\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-9a53fd3 elementor-align-center full-btn elementor-widget elementor-widget-button\" data-id=\"9a53fd3\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-md\" href=\"#inicio\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">Inicio<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-16 elementor-inner-column elementor-element elementor-element-01c3062\" data-id=\"01c3062\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-c459898 elementor-align-center full-btn elementor-widget elementor-widget-button\" data-id=\"c459898\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-md\" href=\"#resumen\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">Resumen<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-16 elementor-inner-column elementor-element elementor-element-bab7b23\" data-id=\"bab7b23\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-be94696 elementor-align-center full-btn elementor-widget elementor-widget-button\" data-id=\"be94696\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-md\" href=\"#antecedentes\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">antecedentes<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-16 elementor-inner-column elementor-element elementor-element-24ff558\" data-id=\"24ff558\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-30d47f1 elementor-align-center full-btn elementor-widget elementor-widget-button\" data-id=\"30d47f1\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-md\" href=\"#objetivos\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">Objetivos<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-16 elementor-inner-column elementor-element elementor-element-e9409d1\" data-id=\"e9409d1\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-21e7aac elementor-align-center full-btn elementor-widget elementor-widget-button\" data-id=\"21e7aac\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-md\" href=\"#propuesta\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">Propuesta<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-16 elementor-inner-column elementor-element elementor-element-ad14fb5\" data-id=\"ad14fb5\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-42461f0 elementor-align-center full-btn elementor-widget elementor-widget-button\" data-id=\"42461f0\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-md\" href=\"#resultados\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">Resultados<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-a35e76f elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"a35e76f\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-4341625\" data-id=\"4341625\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-2c715a4 elementor-widget elementor-widget-heading\" data-id=\"2c715a4\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Propuesta<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b68dcc7 elementor-widget elementor-widget-text-editor\" data-id=\"b68dcc7\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"text-align: justify; text-indent: 20pt; line-height: 150%; font-family: 'Lato',serif; font-style: normal; font-weight: 300; justify-content: align;\">Aunque el dise\u00f1o de la soluci\u00f3n forma parte de la propuesta, es posible partir de un diagrama de bloques simple que sirva de punto de partida y ayude a la estructuraci\u00f3n y planificaci\u00f3n de la propuesta. Este diagrama preliminar se muestra en la Fig. 1.<\/p><p>\u00a0<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b76332b elementor-widget elementor-widget-image\" data-id=\"b76332b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t<figure class=\"wp-caption\">\n\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"768\" height=\"430\" src=\"https:\/\/dtstc.ugr.es\/neus-cslab\/wp-content\/uploads\/2023\/04\/cei2-arq-768x430.png\" class=\"attachment-medium_large size-medium_large wp-image-1401\" alt=\"\" srcset=\"https:\/\/dtstc.ugr.es\/neus-cslab\/wp-content\/uploads\/2023\/04\/cei2-arq-768x430.png 768w, https:\/\/dtstc.ugr.es\/neus-cslab\/wp-content\/uploads\/2023\/04\/cei2-arq-300x168.png 300w, https:\/\/dtstc.ugr.es\/neus-cslab\/wp-content\/uploads\/2023\/04\/cei2-arq.png 896w\" sizes=\"(max-width: 768px) 100vw, 768px\" \/>\t\t\t\t\t\t\t\t\t\t\t<figcaption class=\"widget-image-caption wp-caption-text\">Fig. 2: Arquitectura preliminar propuesta para el sistema.<\/figcaption>\n\t\t\t\t\t\t\t\t\t\t<\/figure>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7622d44 elementor-widget elementor-widget-text-editor\" data-id=\"7622d44\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"text-align: justify; text-indent: 20pt; line-height: 150%; font-family: 'Lato',serif; font-style: normal; font-weight: 300; justify-content: align;\">La soluci\u00f3n debe monitorizar el flujo de tr\u00e1fico que ve el Servidor de IoT, as\u00ed como los eventos m\u00e1s significativos del servidor de la aplicaci\u00f3n (p.ej., log con las acciones de control de los usuarios, alarmas, conexiones realizadas, etc.). El flujo de informaci\u00f3n monitorizada es procesado por dos bloques distintos: un bloque (1) generador de una matriz de tr\u00e1fico tras el procesamiento de flujos enriquecidos a trav\u00e9s de t\u00e9cnicas de inspecci\u00f3n profunda de paquetes, y otro bloque (2) generador de series temporales de eventos de la aplicaci\u00f3n IoT.<\/p><p style=\"text-align: justify; text-indent: 20pt; line-height: 150%; font-family: 'Lato',serif; font-style: normal; font-weight: 300; justify-content: align;\">La salida del primer bloque permite encontrar anomal\u00edas a nivel de tr\u00e1fico de red en el bloque 3 (lo que permite detectar f\u00e1cilmente ataques de <em>scanning<\/em>, DDoS, etc.), mientras que la salida del segundo bloque permitir\u00eda detectar en el bloque 4 anomal\u00edas a nivel de aplicaci\u00f3n o planta para encontrar anomal\u00edas de comportamiento que pudieran corresponderse con errores o problemas de funcionamiento o con ciberataques. Dichas anomal\u00edas pueden provenir tanto de la comparaci\u00f3n de la serie temporal con un patr\u00f3n de normalidad autoaprendido, as\u00ed como de la correlaci\u00f3n espacio-temporal de esta serie con otras series que pudieran estar correladas (por ejemplo, nivel de luz detectado con hora del d\u00eda, o nivel de luz detectado por el nodo IoT con el nivel de luz detectado por otro nodo IoT en ubicaci\u00f3n cercana.). Esta segunda correlaci\u00f3n resulta especialmente interesante en el caso de sistemas IoT multiplanta. \u00a0El tr\u00e1fico de entrada al servidor IoT puede ser tambi\u00e9n protegido de ataques con patrones conocidos por un WAF (<em>Web Application Firewall<\/em>).<\/p><p style=\"text-align: justify; text-indent: 20pt; line-height: 150%; font-family: 'Lato',serif; font-style: normal; font-weight: 300; justify-content: align;\">Finalmente, los eventos generados por los sistemas detectores se env\u00edan a un m\u00f3dulo SIEM de correlaci\u00f3n de eventos (bloque 5), que a su vez realiza una estimaci\u00f3n del riesgo de las distintas amenazas\u00a0 en base al modelo de Mitre ATT&amp;CK para la detecci\u00f3n de ataques en estadios tempranos en entornos ICS y filtrado de errores de sistema (que no impliquen ciberataques). Esto \u00faltimo permite priorizar las alarmas generadas a fin de que las de mayor severidad sean atendidas a la mayor brevedad o se tomen las medidas protectoras oportunas.<\/p><p style=\"text-align: justify; text-indent: 20pt; line-height: 150%; font-family: 'Lato',serif; font-style: normal; font-weight: 300; justify-content: align;\">La integraci\u00f3n del sistema objeto de este proyecto con la operaci\u00f3n de la planta IoT se realiza tanto en el dise\u00f1o inicial de la soluci\u00f3n, como durante la operaci\u00f3n de dicha soluci\u00f3n por parte del centro del control. A trav\u00e9s de par\u00e1metros de configuraci\u00f3n (p.ej., especificaci\u00f3n de activos, flujos de comunicaci\u00f3n autorizados, etc.), el operador podr\u00e1 realizar ajustes finos que permitan reducir falsos positivos mediante la especificaci\u00f3n de equipos a filtrar, parametrizaci\u00f3n de los detectores de anomal\u00eda, filtrado de alarmas y opciones del SIEM, etc.<\/p><p>\u00a0<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-4c26c1f elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"4c26c1f\" data-element_type=\"section\" data-e-type=\"section\" id=\"resultados\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-d4c3a91\" data-id=\"d4c3a91\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-inner-section elementor-element elementor-element-8929305 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"8929305\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-16 elementor-inner-column elementor-element elementor-element-45a6808\" data-id=\"45a6808\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-8cd092d elementor-align-center full-btn elementor-widget elementor-widget-button\" data-id=\"8cd092d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-md\" href=\"#inicio\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">Inicio<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-16 elementor-inner-column elementor-element elementor-element-0873296\" data-id=\"0873296\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-26266ee elementor-align-center full-btn elementor-widget elementor-widget-button\" data-id=\"26266ee\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-md\" href=\"#resumen\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">Resumen<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-16 elementor-inner-column elementor-element elementor-element-2d06c3a\" data-id=\"2d06c3a\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-8aac79e elementor-align-center full-btn elementor-widget elementor-widget-button\" data-id=\"8aac79e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-md\" href=\"#antecedentes\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">antecedentes<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-16 elementor-inner-column elementor-element elementor-element-43d5afa\" data-id=\"43d5afa\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-ac0190f elementor-align-center full-btn elementor-widget elementor-widget-button\" data-id=\"ac0190f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-md\" href=\"#objetivos\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">Objetivos<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-16 elementor-inner-column elementor-element elementor-element-5163a5b\" data-id=\"5163a5b\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-25d7eda elementor-align-center full-btn elementor-widget elementor-widget-button\" data-id=\"25d7eda\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-md\" href=\"#propuesta\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">Propuesta<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-16 elementor-inner-column elementor-element elementor-element-afe3b51\" data-id=\"afe3b51\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-397439f elementor-align-center full-btn elementor-widget elementor-widget-button\" data-id=\"397439f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-md\" href=\"#resultados\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">Resultados<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-933ebda elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"933ebda\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-d991e93\" data-id=\"d991e93\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-192c75d elementor-widget elementor-widget-heading\" data-id=\"192c75d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Resultados<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-92a7332 elementor-widget elementor-widget-text-editor\" data-id=\"92a7332\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h3><span style=\"color: #038daa;\">Publicaciones<\/span><\/h3><div><div class=\"teachpress_pub_list\"><form name=\"tppublistform\" method=\"get\"><a name=\"tppubs\" id=\"tppubs\"><\/a><\/form><div class=\"teachpress_publication_list\"><div class=\"tp_publication tp_publication_article\"><div class=\"tp_pub_info\"><p class=\"tp_pub_author\"> Walabonso Lara, Agust\u00edn;  Mayor, Vicente;  Estepa Alonso, Rafael;  Estepa Alonso, Antonio;  D\u00edaz-Verdejo, Jes\u00fas E.<\/p><p class=\"tp_pub_title\"><a class=\"tp_title_link\" onclick=\"teachpress_pub_showhide('265','tp_links')\" style=\"cursor:pointer;\">Smart home anomaly-based IDS: Architecture proposal and case study<\/a> <span class=\"tp_pub_type tp_  article\">Art\u00edculo de revista<\/span> <\/p><p class=\"tp_pub_additional\"><span class=\"tp_pub_additional_in\">En: <\/span><span class=\"tp_pub_additional_journal\">Internet of Things, <\/span><span class=\"tp_pub_additional_volume\">vol. 22, <\/span><span class=\"tp_pub_additional_pages\">pp. 100773, <\/span><span class=\"tp_pub_additional_year\">2023<\/span>, <span class=\"tp_pub_additional_issn\">ISSN: 2542-6605<\/span>.<\/p><p class=\"tp_pub_menu\"><span class=\"tp_abstract_link\"><a id=\"tp_abstract_sh_265\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('265','tp_abstract')\" title=\"Mostrar resumen\" style=\"cursor:pointer;\">Resumen<\/a><\/span> | <span class=\"tp_resource_link\"><a id=\"tp_links_sh_265\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('265','tp_links')\" title=\"Mostrar enlaces y recursos\" style=\"cursor:pointer;\">Enlaces<\/a><\/span> | <span class=\"tp_bibtex_link\"><a id=\"tp_bibtex_sh_265\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('265','tp_bibtex')\" title=\"Mostrar entrada BibTeX \" style=\"cursor:pointer;\">BibTeX<\/a><\/span><\/p><div class=\"tp_bibtex\" id=\"tp_bibtex_265\" style=\"display:none;\"><div class=\"tp_bibtex_entry\"><pre>@article{Lara2023,<br \/>\r\ntitle = {Smart home anomaly-based IDS: Architecture proposal and case study},<br \/>\r\nauthor = { {Walabonso Lara}, Agust\u00edn and Vicente Mayor and {Estepa Alonso}, Rafael and {Estepa Alonso} , Antonio and Jes\u00fas E. {D\u00edaz-Verdejo}},<br \/>\r\nurl = {https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S2542660523000963},<br \/>\r\ndoi = {10.1016\/J.IOT.2023.100773},<br \/>\r\nissn = {2542-6605},<br \/>\r\nyear  = {2023},<br \/>\r\ndate = {2023-07-01},<br \/>\r\nurldate = {2023-07-01},<br \/>\r\njournal = {Internet of Things},<br \/>\r\nvolume = {22},<br \/>\r\npages = {100773},<br \/>\r\npublisher = {Elsevier},<br \/>\r\nabstract = {The complexity and diversity of the technologies involved in the Internet of Things (IoT) challenge the generalization of security solutions based on anomaly detection, which should fit the particularities of each context and deployment and allow for performance comparison. In this work, we provide a flexible architecture based on building blocks suited for detecting anomalies in the network traffic and the application-layer data exchanged by IoT devices in the context of Smart Home. Following this architecture, we have defined a particular Intrusion Detector System (IDS) for a case study that uses a public dataset with the electrical consumption of 21 home devices over one year. In particular, we have defined ten Indicators of Compromise (IoC) to detect network attacks and two anomaly detectors to detect false command or data injection attacks. We have also included a signature-based IDS (Snort) to extend the detection range to known attacks. We have reproduced eight network attacks (e.g., DoS, scanning) and four False Command or Data Injection attacks to test our IDS performance. The results show that all attacks were successfully detected by our IoCs and anomaly detectors with a false positive rate lower than 0.3%. Signature detection was able to detect only 4 out of 12 attacks. Our architecture and the IDS developed can be a reference for developing future IDS suited to different contexts or use cases. Given that we use a public dataset, our contribution can also serve as a baseline for comparison with new techniques that improve detection performance.},<br \/>\r\nkeywords = {},<br \/>\r\npubstate = {published},<br \/>\r\ntppubtype = {article}<br \/>\r\n}<br \/>\r\n<\/pre><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('265','tp_bibtex')\">Cerrar<\/a><\/p><\/div><div class=\"tp_abstract\" id=\"tp_abstract_265\" style=\"display:none;\"><div class=\"tp_abstract_entry\">The complexity and diversity of the technologies involved in the Internet of Things (IoT) challenge the generalization of security solutions based on anomaly detection, which should fit the particularities of each context and deployment and allow for performance comparison. In this work, we provide a flexible architecture based on building blocks suited for detecting anomalies in the network traffic and the application-layer data exchanged by IoT devices in the context of Smart Home. Following this architecture, we have defined a particular Intrusion Detector System (IDS) for a case study that uses a public dataset with the electrical consumption of 21 home devices over one year. In particular, we have defined ten Indicators of Compromise (IoC) to detect network attacks and two anomaly detectors to detect false command or data injection attacks. We have also included a signature-based IDS (Snort) to extend the detection range to known attacks. We have reproduced eight network attacks (e.g., DoS, scanning) and four False Command or Data Injection attacks to test our IDS performance. The results show that all attacks were successfully detected by our IoCs and anomaly detectors with a false positive rate lower than 0.3%. Signature detection was able to detect only 4 out of 12 attacks. Our architecture and the IDS developed can be a reference for developing future IDS suited to different contexts or use cases. Given that we use a public dataset, our contribution can also serve as a baseline for comparison with new techniques that improve detection performance.<\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('265','tp_abstract')\">Cerrar<\/a><\/p><\/div><div class=\"tp_links\" id=\"tp_links_265\" style=\"display:none;\"><div class=\"tp_links_entry\"><ul class=\"tp_pub_list\"><li><i class=\"fas fa-globe\"><\/i><a class=\"tp_pub_list\" href=\"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S2542660523000963\" title=\"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S2542660523000963\" target=\"_blank\">https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S2542660523000963<\/a><\/li><li><i class=\"ai ai-doi\"><\/i><a class=\"tp_pub_list\" href=\"https:\/\/dx.doi.org\/10.1016\/J.IOT.2023.100773\" title=\"DOI de seguimiento:10.1016\/J.IOT.2023.100773\" target=\"_blank\">doi:10.1016\/J.IOT.2023.100773<\/a><\/li><\/ul><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('265','tp_links')\">Cerrar<\/a><\/p><\/div><\/div><\/div><div class=\"tp_publication tp_publication_inproceedings\"><div class=\"tp_pub_info\"><p class=\"tp_pub_author\"> Lara, Agust\u00edn W.;  Ternero, J. A.;  Estepa Alonso, Rafael;  Estepa Alonso, Antonio;  Ruiz-Robles, Fernando;  D\u00edaz-Verdejo, Jes\u00fas E.<\/p><p class=\"tp_pub_title\"><a class=\"tp_title_link\" onclick=\"teachpress_pub_showhide('478','tp_links')\" style=\"cursor:pointer;\">HTTP Cyberattacks Detection through Automatic Signature Generation in multi-site IoT Deployments<\/a> <span class=\"tp_pub_type tp_  inproceedings\">Proceedings Article<\/span> <\/p><p class=\"tp_pub_additional\"><span class=\"tp_pub_additional_in\">En: <\/span><span class=\"tp_pub_additional_booktitle\">Proc. European Interdisciplinary Cybersecurity Conference (EICC 2023)\r\n, <\/span><span class=\"tp_pub_additional_pages\">pp. 6, <\/span><span class=\"tp_pub_additional_year\">2023<\/span>.<\/p><p class=\"tp_pub_menu\"><span class=\"tp_abstract_link\"><a id=\"tp_abstract_sh_478\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('478','tp_abstract')\" title=\"Mostrar resumen\" style=\"cursor:pointer;\">Resumen<\/a><\/span> | <span class=\"tp_resource_link\"><a id=\"tp_links_sh_478\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('478','tp_links')\" title=\"Mostrar enlaces y recursos\" style=\"cursor:pointer;\">Enlaces<\/a><\/span> | <span class=\"tp_bibtex_link\"><a id=\"tp_bibtex_sh_478\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('478','tp_bibtex')\" title=\"Mostrar entrada BibTeX \" style=\"cursor:pointer;\">BibTeX<\/a><\/span><\/p><div class=\"tp_bibtex\" id=\"tp_bibtex_478\" style=\"display:none;\"><div class=\"tp_bibtex_entry\"><pre>@inproceedings{eicc2-firmas,<br \/>\r\ntitle = {HTTP Cyberattacks Detection through Automatic Signature Generation in multi-site IoT Deployments},<br \/>\r\nauthor = {Agust\u00edn W. Lara and J.A. Ternero and {Estepa Alonso}, Rafael and {Estepa Alonso}, Antonio and Fernando Ruiz-Robles and Jes\u00fas E. D\u00edaz-Verdejo<br \/>\r\n},<br \/>\r\ndoi = {10.1145\/3590777.3590788},<br \/>\r\nyear  = {2023},<br \/>\r\ndate = {2023-06-14},<br \/>\r\nurldate = {2023-06-14},<br \/>\r\nbooktitle = {Proc. European Interdisciplinary Cybersecurity Conference (EICC 2023)<br \/>\r\n},<br \/>\r\npages = {6},<br \/>\r\nabstract = { IoT deployments often include a web-interface server for managerial purposes. Signature-based Intrusion Detection Systems are commonly used to detect HTTP attacks on these web servers. The standard signature repositories used by these defensive systems can be enhanced with new signatures generated automatically from attacks detected with anomaly detection techniques. <br \/>\r\n  This work presents a scheme for generating such anomaly-based signatures from HTTP attacks in a way that avoids excessive false positives. The signatures generated are distributed to peer sites in a multi-site environment. We also present a case study based on an IoT real-life dataset collected at four different SmartLight deployments from the same organization. Our results show a notable performance improvement (from $24.1%$ to $66.7%$) when anomaly-based signatures are added to the standard default Snort ruleset and distributed to the other three sites.},<br \/>\r\nkeywords = {},<br \/>\r\npubstate = {published},<br \/>\r\ntppubtype = {inproceedings}<br \/>\r\n}<br \/>\r\n<\/pre><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('478','tp_bibtex')\">Cerrar<\/a><\/p><\/div><div class=\"tp_abstract\" id=\"tp_abstract_478\" style=\"display:none;\"><div class=\"tp_abstract_entry\"> IoT deployments often include a web-interface server for managerial purposes. Signature-based Intrusion Detection Systems are commonly used to detect HTTP attacks on these web servers. The standard signature repositories used by these defensive systems can be enhanced with new signatures generated automatically from attacks detected with anomaly detection techniques. <br \/>\r\n  This work presents a scheme for generating such anomaly-based signatures from HTTP attacks in a way that avoids excessive false positives. The signatures generated are distributed to peer sites in a multi-site environment. We also present a case study based on an IoT real-life dataset collected at four different SmartLight deployments from the same organization. Our results show a notable performance improvement (from $24.1%$ to $66.7%$) when anomaly-based signatures are added to the standard default Snort ruleset and distributed to the other three sites.<\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('478','tp_abstract')\">Cerrar<\/a><\/p><\/div><div class=\"tp_links\" id=\"tp_links_478\" style=\"display:none;\"><div class=\"tp_links_entry\"><ul class=\"tp_pub_list\"><li><i class=\"ai ai-doi\"><\/i><a class=\"tp_pub_list\" href=\"https:\/\/dx.doi.org\/10.1145\/3590777.3590788\" title=\"DOI de seguimiento:10.1145\/3590777.3590788\" target=\"_blank\">doi:10.1145\/3590777.3590788<\/a><\/li><\/ul><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('478','tp_links')\">Cerrar<\/a><\/p><\/div><\/div><\/div><div class=\"tp_publication tp_publication_article\"><div class=\"tp_pub_info\"><p class=\"tp_pub_author\"> D\u00edaz-Verdejo, Jes\u00fas E.;  Estepa Alonso, Rafael;  Estepa Alonso, Antonio;  Madinabeitia, German<\/p><p class=\"tp_pub_title\"><a class=\"tp_title_link\" onclick=\"teachpress_pub_showhide('264','tp_links')\" style=\"cursor:pointer;\">A critical review of the techniques used for anomaly detection of HTTP-based attacks: taxonomy, limitations and open challenges<\/a> <span class=\"tp_pub_type tp_  article\">Art\u00edculo de revista<\/span> <\/p><p class=\"tp_pub_additional\"><span class=\"tp_pub_additional_in\">En: <\/span><span class=\"tp_pub_additional_journal\">Computers and Security, <\/span><span class=\"tp_pub_additional_volume\">vol. 124, <\/span><span class=\"tp_pub_additional_pages\">pp. 102997, <\/span><span class=\"tp_pub_additional_year\">2023<\/span>, <span class=\"tp_pub_additional_issn\">ISSN: 01674048<\/span>.<\/p><p class=\"tp_pub_menu\"><span class=\"tp_abstract_link\"><a id=\"tp_abstract_sh_264\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('264','tp_abstract')\" title=\"Mostrar resumen\" style=\"cursor:pointer;\">Resumen<\/a><\/span> | <span class=\"tp_resource_link\"><a id=\"tp_links_sh_264\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('264','tp_links')\" title=\"Mostrar enlaces y recursos\" style=\"cursor:pointer;\">Enlaces<\/a><\/span> | <span class=\"tp_bibtex_link\"><a id=\"tp_bibtex_sh_264\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('264','tp_bibtex')\" title=\"Mostrar entrada BibTeX \" style=\"cursor:pointer;\">BibTeX<\/a><\/span><\/p><div class=\"tp_bibtex\" id=\"tp_bibtex_264\" style=\"display:none;\"><div class=\"tp_bibtex_entry\"><pre>@article{Diaz-Verdejo2023,<br \/>\r\ntitle = {A critical review of the techniques used for anomaly detection of HTTP-based attacks: taxonomy, limitations and open challenges},<br \/>\r\nauthor = {Jes\u00fas E. D\u00edaz-Verdejo and {Estepa Alonso}, Rafael and {Estepa Alonso}, Antonio and German Madinabeitia},<br \/>\r\ndoi = {10.1016\/j.cose.2022.102997},<br \/>\r\nissn = {01674048},<br \/>\r\nyear  = {2023},<br \/>\r\ndate = {2023-01-01},<br \/>\r\nurldate = {2023-01-01},<br \/>\r\njournal = {Computers and Security},<br \/>\r\nvolume = {124},<br \/>\r\npages = {102997},<br \/>\r\nabstract = {Intrusion Detection Systems (IDSs) and Web Application Firewalls (WAFs) offer a crucial layer of defense that allows organizations to detect cyberattacks on their web servers. Academic research overwhelmingly suggests using anomaly detection techniques to improve the performance of these defensive systems. However, analyzing and comparing the wide range of solutions in the scientific literature is challenging since they are typically presented as isolated (unrelated) contributions, and their results cannot be generalized. We believe that this impairs the industry&#039;s adoption of academic results and the advancement of research in this field. This paper aims to shed light on the literature on anomaly-based detection of attacks that use HTTP request messages. We define a novel framework for anomaly detection based on six data processing steps grouped into two sequential phases: preprocessing and classification. Based on this framework, we provide a taxonomy and critical review of the techniques surveyed, emphasizing their limitations and applicability. Future approaches should take advantage of the syntax and semantics of the Uniform Resource Locator (URL), be scalable, and address their obsolescence. These aspects are frequently overlooked in the literature and pose a significant challenge in the current era of web services. For better comparability, authors should use adequate public datasets, follow a thorough methodology, and use appropriate metrics that fully show the pros and cons of the approach.},<br \/>\r\nkeywords = {},<br \/>\r\npubstate = {published},<br \/>\r\ntppubtype = {article}<br \/>\r\n}<br \/>\r\n<\/pre><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('264','tp_bibtex')\">Cerrar<\/a><\/p><\/div><div class=\"tp_abstract\" id=\"tp_abstract_264\" style=\"display:none;\"><div class=\"tp_abstract_entry\">Intrusion Detection Systems (IDSs) and Web Application Firewalls (WAFs) offer a crucial layer of defense that allows organizations to detect cyberattacks on their web servers. Academic research overwhelmingly suggests using anomaly detection techniques to improve the performance of these defensive systems. However, analyzing and comparing the wide range of solutions in the scientific literature is challenging since they are typically presented as isolated (unrelated) contributions, and their results cannot be generalized. We believe that this impairs the industry&#039;s adoption of academic results and the advancement of research in this field. This paper aims to shed light on the literature on anomaly-based detection of attacks that use HTTP request messages. We define a novel framework for anomaly detection based on six data processing steps grouped into two sequential phases: preprocessing and classification. Based on this framework, we provide a taxonomy and critical review of the techniques surveyed, emphasizing their limitations and applicability. Future approaches should take advantage of the syntax and semantics of the Uniform Resource Locator (URL), be scalable, and address their obsolescence. These aspects are frequently overlooked in the literature and pose a significant challenge in the current era of web services. For better comparability, authors should use adequate public datasets, follow a thorough methodology, and use appropriate metrics that fully show the pros and cons of the approach.<\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('264','tp_abstract')\">Cerrar<\/a><\/p><\/div><div class=\"tp_links\" id=\"tp_links_264\" style=\"display:none;\"><div class=\"tp_links_entry\"><ul class=\"tp_pub_list\"><li><i class=\"ai ai-doi\"><\/i><a class=\"tp_pub_list\" href=\"https:\/\/dx.doi.org\/10.1016\/j.cose.2022.102997\" title=\"DOI de seguimiento:10.1016\/j.cose.2022.102997\" target=\"_blank\">doi:10.1016\/j.cose.2022.102997<\/a><\/li><\/ul><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('264','tp_links')\">Cerrar<\/a><\/p><\/div><\/div><\/div><div class=\"tp_publication tp_publication_inproceedings\"><div class=\"tp_pub_info\"><p class=\"tp_pub_author\"> Alonso, Antonio Estepa;  Alonso, Rafael Estepa;  Wideberg, Johan;  D\u00edaz-Verdejo, Jes\u00fas;  Marquez, Adolfo Crespo<\/p><p class=\"tp_pub_title\">Smart Detection of Cyberattacks in IoT servers: Application to smart lighting and other smart city applications <span class=\"tp_pub_type tp_  inproceedings\">Proceedings Article<\/span> <\/p><p class=\"tp_pub_additional\"><span class=\"tp_pub_additional_in\">En: <\/span> Leva, Maria Chiara;  Petelli, Edoardo;  Podofillini, Luca;  Wilson, Simon (Ed.): <span class=\"tp_pub_additional_booktitle\">European Conference on Safety and Reliability (ESREL 2022), <\/span><span class=\"tp_pub_additional_pages\">pp. 3-4, <\/span><span class=\"tp_pub_additional_year\">2022<\/span>.<\/p><p class=\"tp_pub_menu\"><span class=\"tp_bibtex_link\"><a id=\"tp_bibtex_sh_481\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('481','tp_bibtex')\" title=\"Mostrar entrada BibTeX \" style=\"cursor:pointer;\">BibTeX<\/a><\/span><\/p><div class=\"tp_bibtex\" id=\"tp_bibtex_481\" style=\"display:none;\"><div class=\"tp_bibtex_entry\"><pre>@inproceedings{esrel22,<br \/>\r\ntitle = {Smart Detection of Cyberattacks in IoT servers: Application to smart lighting and other smart city applications},<br \/>\r\nauthor = {Antonio {Estepa Alonso} and Rafael {Estepa Alonso} and Johan Wideberg and Jes\u00fas {D\u00edaz-Verdejo} and Adolfo {Crespo Marquez}},<br \/>\r\neditor = {Maria {Chiara Leva} and Edoardo Petelli and Luca Podofillini and Simon Wilson},<br \/>\r\nyear  = {2022},<br \/>\r\ndate = {2022-08-31},<br \/>\r\nurldate = {2022-08-31},<br \/>\r\nbooktitle = {European Conference on Safety and Reliability (ESREL 2022)},<br \/>\r\njournal = {European Conference on Safety and Reliability (ESREL 2022)},<br \/>\r\npages = {3-4},<br \/>\r\nkeywords = {},<br \/>\r\npubstate = {published},<br \/>\r\ntppubtype = {inproceedings}<br \/>\r\n}<br \/>\r\n<\/pre><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('481','tp_bibtex')\">Cerrar<\/a><\/p><\/div><\/div><\/div><div class=\"tp_publication tp_publication_inproceedings\"><div class=\"tp_pub_info\"><p class=\"tp_pub_author\"> Mu\u00f1oz, Javier;  Bueno, Felipe;  Estepa, Rafael;  Estepa, Antonio;  D\u00edaz-Verdejo, Jes\u00fas E.<\/p><p class=\"tp_pub_title\">Ataques a servidores web: estudio experimental de la capacidad de detecci\u00f3n de algunos SIDS gratuitos <span class=\"tp_pub_type tp_  inproceedings\">Proceedings Article<\/span> <\/p><p class=\"tp_pub_additional\"><span class=\"tp_pub_additional_in\">En: <\/span><span class=\"tp_pub_additional_booktitle\">Actas de las VII Jornadas Nacionales de Investigaci\u00f3n en Ciberseguridad (JNIC&#039;22), <\/span><span class=\"tp_pub_additional_pages\">pp. 22\u201325, <\/span><span class=\"tp_pub_additional_year\">2022<\/span>, <span class=\"tp_pub_additional_isbn\">ISBN: 9878488734136<\/span>.<\/p><p class=\"tp_pub_menu\"><span class=\"tp_abstract_link\"><a id=\"tp_abstract_sh_266\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('266','tp_abstract')\" title=\"Mostrar resumen\" style=\"cursor:pointer;\">Resumen<\/a><\/span> | <span class=\"tp_bibtex_link\"><a id=\"tp_bibtex_sh_266\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('266','tp_bibtex')\" title=\"Mostrar entrada BibTeX \" style=\"cursor:pointer;\">BibTeX<\/a><\/span><\/p><div class=\"tp_bibtex\" id=\"tp_bibtex_266\" style=\"display:none;\"><div class=\"tp_bibtex_entry\"><pre>@inproceedings{Munoz-jnic22,<br \/>\r\ntitle = {Ataques a servidores web: estudio experimental de la capacidad de detecci\u00f3n de algunos SIDS gratuitos},<br \/>\r\nauthor = {Javier Mu\u00f1oz and Felipe Bueno and Rafael Estepa and Antonio Estepa and Jes\u00fas E. D\u00edaz-Verdejo},<br \/>\r\nisbn = {9878488734136},<br \/>\r\nyear  = {2022},<br \/>\r\ndate = {2022-01-01},<br \/>\r\nurldate = {2022-01-01},<br \/>\r\nbooktitle = {Actas de las VII Jornadas Nacionales de Investigaci\u00f3n en Ciberseguridad (JNIC&#039;22)},<br \/>\r\npages = {22--25},<br \/>\r\nabstract = {Este trabajo cuantifica de forma experimental la capacidad de detecci\u00f3n de ataques a servidores web ofrecida por algunos de los detectores de intrusiones basados en firmas (SIDS) disponibles de forma gratuita. Para ello, se ha realizado una b\u00fasqueda y selecci\u00f3n de 28 herramientas actuales para la generaci\u00f3n de ataques y an\u00e1lisis de seguridad del servicio web. Con ellas, se han realizado casi 150 ataques a dos escenarios de uso de un servidor web (una web est\u00e1tica y una din\u00e1mica). Las peticiones HTTP registradas durante los ataques han sido utilizadas para crear un dataset de ataques que ser\u00e1 utilizado como entrada a tres SIDS gratuitos seleccionados por su amplio uso, de forma que se podr\u00e1 determinar la capacidad de detecci\u00f3n de los mismos frente a los ataques generados. Este trabajo se encuentra a\u00fan en desarrollo, por lo que en esta contribuci\u00f3n se muestran los primeros resultados relativos a la recolecci\u00f3n y selecci\u00f3n de herramientas para la generaci\u00f3n de los ataques, la generaci\u00f3n del dataset de ataques de forma que sea representativo de los ataques actuales y la evaluaci\u00f3n preliminar de las capacidades de detecci\u00f3n.},<br \/>\r\nkeywords = {},<br \/>\r\npubstate = {published},<br \/>\r\ntppubtype = {inproceedings}<br \/>\r\n}<br \/>\r\n<\/pre><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('266','tp_bibtex')\">Cerrar<\/a><\/p><\/div><div class=\"tp_abstract\" id=\"tp_abstract_266\" style=\"display:none;\"><div class=\"tp_abstract_entry\">Este trabajo cuantifica de forma experimental la capacidad de detecci\u00f3n de ataques a servidores web ofrecida por algunos de los detectores de intrusiones basados en firmas (SIDS) disponibles de forma gratuita. Para ello, se ha realizado una b\u00fasqueda y selecci\u00f3n de 28 herramientas actuales para la generaci\u00f3n de ataques y an\u00e1lisis de seguridad del servicio web. Con ellas, se han realizado casi 150 ataques a dos escenarios de uso de un servidor web (una web est\u00e1tica y una din\u00e1mica). Las peticiones HTTP registradas durante los ataques han sido utilizadas para crear un dataset de ataques que ser\u00e1 utilizado como entrada a tres SIDS gratuitos seleccionados por su amplio uso, de forma que se podr\u00e1 determinar la capacidad de detecci\u00f3n de los mismos frente a los ataques generados. Este trabajo se encuentra a\u00fan en desarrollo, por lo que en esta contribuci\u00f3n se muestran los primeros resultados relativos a la recolecci\u00f3n y selecci\u00f3n de herramientas para la generaci\u00f3n de los ataques, la generaci\u00f3n del dataset de ataques de forma que sea representativo de los ataques actuales y la evaluaci\u00f3n preliminar de las capacidades de detecci\u00f3n.<\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('266','tp_abstract')\">Cerrar<\/a><\/p><\/div><\/div><\/div><div class=\"tp_publication tp_publication_article\"><div class=\"tp_pub_info\"><p class=\"tp_pub_author\"> D\u00edaz-Verdejo, J. E.;  Mu\u00f1oz-Calle, F. J.;  Estepa Alonso, A.;  Estepa Alonso, R.;  Madinabeitia, G.<\/p><p class=\"tp_pub_title\"><a class=\"tp_title_link\" onclick=\"teachpress_pub_showhide('263','tp_links')\" style=\"cursor:pointer;\">On the Detection Capabilities of Signature-Based Intrusion Detection Systems in the Context of Web Attacks<\/a> <span class=\"tp_pub_type tp_  article\">Art\u00edculo de revista<\/span> <\/p><p class=\"tp_pub_additional\"><span class=\"tp_pub_additional_in\">En: <\/span><span class=\"tp_pub_additional_journal\">Applied Sciences, <\/span><span class=\"tp_pub_additional_volume\">vol. 12, <\/span><span class=\"tp_pub_additional_number\">no 2, <\/span><span class=\"tp_pub_additional_pages\">pp. 852, <\/span><span class=\"tp_pub_additional_year\">2022<\/span>, <span class=\"tp_pub_additional_issn\">ISSN: 20763417<\/span>.<\/p><p class=\"tp_pub_menu\"><span class=\"tp_abstract_link\"><a id=\"tp_abstract_sh_263\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('263','tp_abstract')\" title=\"Mostrar resumen\" style=\"cursor:pointer;\">Resumen<\/a><\/span> | <span class=\"tp_resource_link\"><a id=\"tp_links_sh_263\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('263','tp_links')\" title=\"Mostrar enlaces y recursos\" style=\"cursor:pointer;\">Enlaces<\/a><\/span> | <span class=\"tp_bibtex_link\"><a id=\"tp_bibtex_sh_263\" class=\"tp_show\" onclick=\"teachpress_pub_showhide('263','tp_bibtex')\" title=\"Mostrar entrada BibTeX \" style=\"cursor:pointer;\">BibTeX<\/a><\/span><\/p><div class=\"tp_bibtex\" id=\"tp_bibtex_263\" style=\"display:none;\"><div class=\"tp_bibtex_entry\"><pre>@article{Diaz-Verdejo2022,<br \/>\r\ntitle = {On the Detection Capabilities of Signature-Based Intrusion Detection Systems in the Context of Web Attacks},<br \/>\r\nauthor = {J. E. D\u00edaz-Verdejo and F. J. Mu\u00f1oz-Calle and {Estepa Alonso}, A. and {Estepa Alonso}, R. and G. Madinabeitia},<br \/>\r\nurl = {https:\/\/www.mdpi.com\/2076-3417\/12\/2\/852\/htm https:\/\/www.mdpi.com\/2076-3417\/12\/2\/852},<br \/>\r\ndoi = {10.3390\/app12020852},<br \/>\r\nissn = {20763417},<br \/>\r\nyear  = {2022},<br \/>\r\ndate = {2022-01-01},<br \/>\r\nurldate = {2022-01-01},<br \/>\r\njournal = {Applied Sciences},<br \/>\r\nvolume = {12},<br \/>\r\nnumber = {2},<br \/>\r\npages = {852},<br \/>\r\npublisher = {Multidisciplinary Digital Publishing Institute},<br \/>\r\nabstract = {Signature-based Intrusion Detection Systems (SIDS) play a crucial role within the arsenal of security components of most organizations. They can find traces of known attacks in the network traffic or host events for which patterns or signatures have been pre-established. SIDS include standard packages of detection rulesets, but only those rules suited to the operational environment should be activated for optimal performance. However, some organizations might skip this tuning process and instead activate default off-the-shelf rulesets without understanding its implications and trade-offs. In this work, we help gain insight into the consequences of using predefined rulesets in the performance of SIDS. We experimentally explore the performance of three SIDS in the context of web attacks. In particular, we gauge the detection rate obtained with predefined subsets of rules for Snort, ModSecurity and Nemesida using seven attack datasets. We also determine the precision and rate of alert generated by each detector in a real-life case using a large trace from a public webserver. Results show that the maximum detection rate achieved by the SIDS under test is insufficient to protect systems effectively and is lower than expected for known attacks. Our results also indicate that the choice of predefined settings activated on each detector strongly influences its detection capability and false alarm rate. Snort and ModSecurity scored either a very poor detection rate (activating the less-sensitive predefined ruleset) or a very poor precision (activating the full ruleset). We also found that using various SIDS for a cooperative decision can improve the precision or the detection rate, but not both. Consequently, it is necessary to reflect upon the role of these open-source SIDS with default configurations as core elements for protection in the context of web attacks. Finally, we provide an efficient method for systematically determining which rules deactivate from a ruleset to significantly reduce the false alarm rate for a target operational environment. We tested our approach using Snort&rsquo;s ruleset in our real-life trace, increasing the precision from 0.015 to 1 in less than 16 h of work.},<br \/>\r\nkeywords = {},<br \/>\r\npubstate = {published},<br \/>\r\ntppubtype = {article}<br \/>\r\n}<br \/>\r\n<\/pre><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('263','tp_bibtex')\">Cerrar<\/a><\/p><\/div><div class=\"tp_abstract\" id=\"tp_abstract_263\" style=\"display:none;\"><div class=\"tp_abstract_entry\">Signature-based Intrusion Detection Systems (SIDS) play a crucial role within the arsenal of security components of most organizations. They can find traces of known attacks in the network traffic or host events for which patterns or signatures have been pre-established. SIDS include standard packages of detection rulesets, but only those rules suited to the operational environment should be activated for optimal performance. However, some organizations might skip this tuning process and instead activate default off-the-shelf rulesets without understanding its implications and trade-offs. In this work, we help gain insight into the consequences of using predefined rulesets in the performance of SIDS. We experimentally explore the performance of three SIDS in the context of web attacks. In particular, we gauge the detection rate obtained with predefined subsets of rules for Snort, ModSecurity and Nemesida using seven attack datasets. We also determine the precision and rate of alert generated by each detector in a real-life case using a large trace from a public webserver. Results show that the maximum detection rate achieved by the SIDS under test is insufficient to protect systems effectively and is lower than expected for known attacks. Our results also indicate that the choice of predefined settings activated on each detector strongly influences its detection capability and false alarm rate. Snort and ModSecurity scored either a very poor detection rate (activating the less-sensitive predefined ruleset) or a very poor precision (activating the full ruleset). We also found that using various SIDS for a cooperative decision can improve the precision or the detection rate, but not both. Consequently, it is necessary to reflect upon the role of these open-source SIDS with default configurations as core elements for protection in the context of web attacks. Finally, we provide an efficient method for systematically determining which rules deactivate from a ruleset to significantly reduce the false alarm rate for a target operational environment. We tested our approach using Snort&amp;rsquo;s ruleset in our real-life trace, increasing the precision from 0.015 to 1 in less than 16 h of work.<\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('263','tp_abstract')\">Cerrar<\/a><\/p><\/div><div class=\"tp_links\" id=\"tp_links_263\" style=\"display:none;\"><div class=\"tp_links_entry\"><ul class=\"tp_pub_list\"><li><i class=\"fas fa-globe\"><\/i><a class=\"tp_pub_list\" href=\"https:\/\/www.mdpi.com\/2076-3417\/12\/2\/852\/htm https:\/\/www.mdpi.com\/2076-3417\/12\/2\/852\" title=\"https:\/\/www.mdpi.com\/2076-3417\/12\/2\/852\/htm https:\/\/www.mdpi.com\/2076-3417\/12\/2\/[...]\" target=\"_blank\">https:\/\/www.mdpi.com\/2076-3417\/12\/2\/852\/htm https:\/\/www.mdpi.com\/2076-3417\/12\/2\/[&#8230;]<\/a><\/li><li><i class=\"ai ai-doi\"><\/i><a class=\"tp_pub_list\" href=\"https:\/\/dx.doi.org\/10.3390\/app12020852\" title=\"DOI de seguimiento:10.3390\/app12020852\" target=\"_blank\">doi:10.3390\/app12020852<\/a><\/li><\/ul><\/div><p class=\"tp_close_menu\"><a class=\"tp_close\" onclick=\"teachpress_pub_showhide('263','tp_links')\">Cerrar<\/a><\/p><\/div><\/div><\/div><\/div><\/div><\/div><div>\u00a0<\/div><div><h3><span style=\"color: #038daa;\">Datos<\/span><\/h3><ul><li><b>Biblio <\/b>&#8211; Base de datos de peticiones HTTP reales etiquetada (42 M de registros) <a href=\"\/neus-cslab\/recursos\/ds-biblio\/\"><span class=\"tp_pub_type\">M\u00e1s informaci\u00f3n<\/span><\/a><\/li><li><b>Wellness <\/b> &#8211; Dataset real de tr\u00e1fico en Smart City (control de iluminaci\u00f3n)<a href=\"\/neus-cslab\/recursos\/ds-wellness\/\"><span class=\"tp_pub_type\">M\u00e1s informaci\u00f3n<\/span><\/a><\/li><\/ul><h3><span style=\"color: #038daa;\">Software \/ sistemas<\/span><\/h3><ul><li><b>Inspectorlog <\/b>&#8211; Herramienta de an\u00e1lisis de trazas HTTP basada en firmas <a href=\"\/neus-cslab\/recursos\/inspectorlog\/\"><span class=\"tp_pub_type\">M\u00e1s informaci\u00f3n<\/span><\/a><\/li><li><b>NE-SIEM<\/b> &#8211; Prototipo de sistema integral de detecci\u00f3n con capacidad multifuente y multiplanta\u00a0<\/li><\/ul><h3><span style=\"color: #038daa;\">Productos<\/span><\/h3><ul><li><b>Registro de software<\/b> &#8211; Sistema SIEM para redes industriales\u00a0\u00a0<\/li><\/ul><\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-440aaea elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"440aaea\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-db8fdc1\" data-id=\"db8fdc1\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap\">\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Periodo 1-ENE-2021 a 31-DIC-2022 (+4 meses) Progreso 100% Sistema para la detecci\u00f3n temprana de ciberataques en industria conectada e IoT mediante detecci\u00f3n de anomal\u00edas multiplanta Referencia PYC20-RE-087-USE Organismos \/ empresas Universidad de Sevilla \u2013 Junta de Andaluc\u00eda \u2013 Proyectos singulares de actuaciones de transferencia en los CEI en las \u00e1reas RIS3 (CEI20) Wellness Telecom S.L. [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":500,"parent":735,"menu_order":1,"comment_status":"closed","ping_status":"closed","template":"","meta":{"ocean_post_layout":"full-screen","ocean_both_sidebars_style":"","ocean_both_sidebars_content_width":0,"ocean_both_sidebars_sidebars_width":0,"ocean_sidebar":"0","ocean_second_sidebar":"0","ocean_disable_margins":"enable","ocean_add_body_class":"","ocean_shortcode_before_top_bar":"","ocean_shortcode_after_top_bar":"","ocean_shortcode_before_header":"","ocean_shortcode_after_header":"","ocean_has_shortcode":"","ocean_shortcode_after_title":"","ocean_shortcode_before_footer_widgets":"","ocean_shortcode_after_footer_widgets":"","ocean_shortcode_before_footer_bottom":"","ocean_shortcode_after_footer_bottom":"","ocean_display_top_bar":"off","ocean_display_header":"on","ocean_header_style":"","ocean_center_header_left_menu":"0","ocean_custom_header_template":"0","ocean_custom_logo":0,"ocean_custom_retina_logo":0,"ocean_custom_logo_max_width":0,"ocean_custom_logo_tablet_max_width":0,"ocean_custom_logo_mobile_max_width":0,"ocean_custom_logo_max_height":0,"ocean_custom_logo_tablet_max_height":0,"ocean_custom_logo_mobile_max_height":0,"ocean_header_custom_menu":"0","ocean_menu_typo_font_family":"0","ocean_menu_typo_font_subset":"","ocean_menu_typo_font_size":0,"ocean_menu_typo_font_size_tablet":0,"ocean_menu_typo_font_size_mobile":0,"ocean_menu_typo_font_size_unit":"px","ocean_menu_typo_font_weight":"","ocean_menu_typo_font_weight_tablet":"","ocean_menu_typo_font_weight_mobile":"","ocean_menu_typo_transform":"","ocean_menu_typo_transform_tablet":"","ocean_menu_typo_transform_mobile":"","ocean_menu_typo_line_height":0,"ocean_menu_typo_line_height_tablet":0,"ocean_menu_typo_line_height_mobile":0,"ocean_menu_typo_line_height_unit":"","ocean_menu_typo_spacing":0,"ocean_menu_typo_spacing_tablet":0,"ocean_menu_typo_spacing_mobile":0,"ocean_menu_typo_spacing_unit":"","ocean_menu_link_color":"","ocean_menu_link_color_hover":"","ocean_menu_link_color_active":"","ocean_menu_link_background":"","ocean_menu_link_hover_background":"","ocean_menu_link_active_background":"","ocean_menu_social_links_bg":"","ocean_menu_social_hover_links_bg":"","ocean_menu_social_links_color":"","ocean_menu_social_hover_links_color":"","ocean_disable_title":"enable","ocean_disable_heading":"enable","ocean_post_title":"","ocean_post_subheading":"","ocean_post_title_style":"","ocean_post_title_background_color":"","ocean_post_title_background":0,"ocean_post_title_bg_image_position":"","ocean_post_title_bg_image_attachment":"","ocean_post_title_bg_image_repeat":"","ocean_post_title_bg_image_size":"","ocean_post_title_height":0,"ocean_post_title_bg_overlay":0.5,"ocean_post_title_bg_overlay_color":"","ocean_disable_breadcrumbs":"default","ocean_breadcrumbs_color":"","ocean_breadcrumbs_separator_color":"","ocean_breadcrumbs_links_color":"","ocean_breadcrumbs_links_hover_color":"","ocean_display_footer_widgets":"on","ocean_display_footer_bottom":"on","ocean_custom_footer_template":"0","footnotes":""},"class_list":["post-1211","page","type-page","status-publish","has-post-thumbnail","hentry","entry","has-media"],"_links":{"self":[{"href":"https:\/\/dtstc.ugr.es\/neus-cslab\/wp-json\/wp\/v2\/pages\/1211","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dtstc.ugr.es\/neus-cslab\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/dtstc.ugr.es\/neus-cslab\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/dtstc.ugr.es\/neus-cslab\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dtstc.ugr.es\/neus-cslab\/wp-json\/wp\/v2\/comments?post=1211"}],"version-history":[{"count":11,"href":"https:\/\/dtstc.ugr.es\/neus-cslab\/wp-json\/wp\/v2\/pages\/1211\/revisions"}],"predecessor-version":[{"id":2848,"href":"https:\/\/dtstc.ugr.es\/neus-cslab\/wp-json\/wp\/v2\/pages\/1211\/revisions\/2848"}],"up":[{"embeddable":true,"href":"https:\/\/dtstc.ugr.es\/neus-cslab\/wp-json\/wp\/v2\/pages\/735"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dtstc.ugr.es\/neus-cslab\/wp-json\/wp\/v2\/media\/500"}],"wp:attachment":[{"href":"https:\/\/dtstc.ugr.es\/neus-cslab\/wp-json\/wp\/v2\/media?parent=1211"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}