Paulo Freitas de Araujo Filho

Paulo Freitas de Araujo Filho

Ph.D. Candidate in Electrical Engineering and Computer Science with focus on cyber-security, machine learning, and adversarial attacks.

Sitemap

A list of all the posts and pages found on the site. For you robots out there is an XML version available for digesting as well.

Pages

Posts

portfolio

publications

Experimental Evaluation of Cryptography Overhead in Automotive Safety-Critical Communication

Published in 2018 IEEE 87th Vehicular Technology Conference (VTC Spring), 2018

In this paper, cryptographic schemes are applied to Ethernet-based layer-2 communication to provide authenticated encryption to safety- critical automotive control data. Confidentiality, integrity and authenticity are provided by combining AES with HMAC. Experimental results using low-cost hardware show that, despite the introduced cryptographic overhead, latency requirements are comfortably met for this type of communication.

Recommended citation: E. A. Silva Junior, P. F. d. Araujo-Filho and D. R. Campelo, "Experimental Evaluation of Cryptography Overhead in Automotive Safety-Critical Communication," 2018 IEEE 87th Vehicular Technology Conference (VTC Spring), 2018, pp. 1-5, doi: 10.1109/VTCSpring.2018.8417610. #

Adaptive Packet Padding Approach for Smart Home Networks: A Tradeoff Between Privacy and Performance

Published in IEEE Internet of Things Journal, 2021

The presence of connected devices in homes introduces numerous threats to privacy via the analysis of the encrypted traffic these devices generate. Prior works have shown that traffic attributes such as packet size combined with machine learning techniques enable the inference of private information from Internet of Things users. One of the commonly used techniques to mitigate those privacy threats is traffic obfuscation, such as packet padding. Most padding mechanisms that were previously proposed statically select the number of bytes inserted in the packets, which incurs high overhead and ineffective privacy improvement. These static mechanisms are particularly unsuitable for networks whose traffic patterns are significantly dynamic, such as smart homes. This article proposes an adaptive packet padding approach based on software-defined networking (SDN) that adjusts the number of bytes inserted into packets in response to variations in the home network utilization. The proposed technique monitors the network to instruct a padding mechanism through a representational state transfer (REST) interface proposed in this article. This mechanism ensures that the length of packets generated by connected devices is modified. The evaluation includes four supervised learning mechanisms, random forest (RF), support vector machine (SVM), decision tree, and k-nearest neighbors (KNNs), to measure privacy improvement through the metrics accuracy, recall, and F1-score. Goodput, jitter, and packet loss induced by the proposal are also evaluated. Our proposal is shown to overcome the state-of-the-art solutions in privacy preservation with a significantly lower overhead. For instance, the accuracy of RF on identifying devices decreases from 96% to 4.96%.

Recommended citation: A. J. Pinheiro, P. Freitas de Araujo-Filho, J. de M. Bezerra and D. R. Campelo, "Adaptive Packet Padding Approach for Smart Home Networks: A Tradeoff Between Privacy and Performance," in IEEE Internet of Things Journal, vol. 8, no. 5, pp. 3930-3938, 1 March1, 2021, doi: 10.1109/JIOT.2020.3025988. #

An Efficient Intrusion Prevention System for CAN: Hindering Cyber-Attacks With a Low-Cost Platform

Published in IEEE Access, 2021

The controller area network (CAN), which is still today the most used in-vehicle network, does not provide any security or authentication mechanism by design. Since current vehicles, which have numerous connectivity technologies, such as Bluetooth, Wi-Fi, and cellular radio, can be easily accessed from the exterior world, they can be easy targets of cyber-attacks. It is therefore urgently necessary to enhance vehicle security by detecting and stopping cyber-attacks. In this paper, we propose a novel unsupervised intrusion prevention system (IPS) for automotive CANs that detects and hinders attacks without modifying the architecture of the electronic control units (ECUs) or requiring information that is restricted to car manufacturers. We compare two machine learning algorithms’ ability to detect fuzzing and spoofing attacks, and evaluate which of them is most accurate with the fewest number of data bytes. The fewer data bytes required, the sooner detection can start and the sooner attacking frames can be detected. Experiment results show that our proposed detection mechanism achieves accuracy higher than 99%, F1-scores higher than 97%, and detection times shorter than 80 μs for the types of attacks considered. Moreover, when compared to four state-of-the-art intrusion detection systems, it is the only solution that is capable of discarding attacking frames before damage occurs while being deployed on inexpensive Raspberry Pi. Such an inexpensive deployment is particularly desirable, as cost is one of the automotive industry’s primary concerns.

Recommended citation: P. Freitas De Araujo-Filho, A. J. Pinheiro, G. Kaddoum, D. R. Campelo and F. L. Soares, "An Efficient Intrusion Prevention System for CAN: Hindering Cyber-Attacks With a Low-Cost Platform," in IEEE Access, vol. 9, pp. 166855-166869, 2021, doi: 10.1109/ACCESS.2021.3136147. #

Intrusion Detection for Cyber-Physical Systems using Generative Adversarial Networks in Fog Environment

Published in IEEE Internet of Things Journal, 2021

Cyber-attacks cyber-physical systems (CPSs) can lead to sensing and actuation misbehavior, severe damages to physical objects, and safety risks. Machine learning algorithms have been proposed for hindering cyber-attacks on CPSs, but the absence of labeled data from novel attacks makes their detection quite challenging. In this context, generative adversarial networks (GANs) are a promising unsupervised approach to detect cyber-attacks by implicitly modeling the system. However, the detection of cyber-attacks on CPSs has strict latency requirements, since the attacks need to be stopped before the system is compromised. In this article, we propose FID-GAN, a novel fog-based, unsupervised intrusion detection system (IDS) for CPSs using GANs. The IDS is proposed for a fog architecture, which brings computation resources closer to the end nodes and thus contributes to meeting low-latency requirements. In order to achieve higher detection rates, the proposed architecture computes a reconstruction loss based on the reconstruction of data samples mapped to the latent space. Other works that follow a similar approach struggle with the time required to compute the reconstruction loss, which renders them impractical for latency constrained applications. We address this problem by training an encoder that accelerates the reconstruction loss computation. Experiments show that the proposed solution achieves higher detection rates and is at least 5.5 times faster than a baseline approach in the three studied data sets.

Recommended citation: P. Freitas de Araujo-Filho, G. Kaddoum, D. R. Campelo, A. Gondim Santos, D. Macêdo and C. Zanchettin, "Intrusion Detection for Cyber–Physical Systems Using Generative Adversarial Networks in Fog Environment," in IEEE Internet of Things Journal, vol. 8, no. 8, pp. 6247-6256, 15 April15, 2021, doi: 10.1109/JIOT.2020.3024800. #

Multi-Objective GAN-Based Adversarial Attack Technique for Modulation Classifiers

Published in IEEE Communications Letters, 2022

Deep learning is increasingly being used for many tasks in wireless communications, such as modulation classification. However, it has been shown to be vulnerable to adversarial attacks, which introduce specially crafted imperceptible perturbations, inducing models to make mistakes. This letter proposes an input-agnostic adversarial attack technique that is based on generative adversarial networks (GANs) and multi-task loss. Our results show that our technique reduces the accuracy of a modulation classifier more than a jamming attack and other adversarial attack techniques. Furthermore, it generates adversarial samples at least 335 times faster than the other techniques evaluated, which raises serious concerns about using deep learning-based modulation classifiers.

Recommended citation: P. F. De Araujo-Filho, G. Kaddoum, M. Naili, E. T. Fapi and Z. Zhu, "Multi-Objective GAN-Based Adversarial Attack Technique for Modulation Classifiers," in IEEE Communications Letters, doi: 10.1109/LCOMM.2022.3167368. #

talks

teaching

General Physics 1 (Classical Mechanics)

Undergraduate Course, Universidade Federal de Pernambuco, 2011

I was the teacher assistant of the General Physics 1 course between 2010 and 2011. I solved questions and helped students’ with the course project.

Signals and Systems

Undergraduate Course, Universidade Federal de Pernambuco, 2014

I was the teacher assistant of the Signals and Systems course in 2014. I solved questions and helped students’ with the course project.

Probabilistic Systems

Undergraduate Course, Universidade Federal de Pernambuco, 2015

I was the teacher assistant of the Probabilistic Systems course in 2015. I solved questions and helped students’ with the course project.

Automotive Networks

Undergraduate, M.S., and Ph.D. Course, Universidade Federal de Pernambuco, 2019

I taught the Automotive Networks course between 2016 and 2019. I graded undergraduate and graduate students’ homeworks, projects, and exams. In this course, we covered in-vehicle communication protocols, such as controller area network (CAN) and automotive Ethernet.