Persona:
Sernández Iglesias, Daniel

Foto de perfil
Dirección de correo electrónico
ORCID
Fecha de nacimiento
Proyectos de investigación
Unidades organizativas
Puesto de trabajo
Apellidos
Sernández Iglesias
Nombre de pila
Daniel
Nombre

Filtros

20252
Restablecer filtros

Ajustes

Autor: Tobarra Abad, María de los Llanos ×

Resultados de la búsqueda

Mostrando 1 - 2 de 2
  • Miniatura
    Publicación
    Automated IoT vulnerability classification using Deep Learning
    (2025-07-01) Enrique Fernández Morales,; García Merino, José Carlos; Tobarra Abad, María de los Llanos; Pastor Vargas, Rafael; Robles Gómez, Antonio; Sarraipa, Joao; Sernández Iglesias, Daniel
    Technological advancements in the development of low-power chips have enabled everyday objects to connect to the Internet, giving rise to the concept known as the Internet of Things (IoT). It is currently estimated that there are approximately 16 billion IoT connections worldwide, a figure expected to double by 2030. However, this rapid growth of the IoT ecosystem has introduced new vulnerabilities that could be exploited by malicious actors. Since many IoT devices handle personal and sensitive information, threats to these devices can have severe consequences. Moreover, a series of cybersecurity incidents could undermine public trust in IoT technology, potentially delaying its widespread adoption across various sectors.Common Vulnerabilities and Exposures records (also known by their acronym as CVEs) is a public cataloging system designed to identify and list known security vulnerabilities in software and hardware products. This system is developed and maintained by MITRE with the support of the cybersecurity community and sponsored by the U.S. Department of Homeland Security (DHS) through the Cybersecurity and Infrastructure Security Agency (CISA). CVE provides a reference database that enables security researchers, manufacturers, and organizational security managers to more effectively identify and address security issues.In our study, we have focused on CVEs exclusively oriented towards IoT systems, with the aim of analyzing the main vulnerabilities detected from 2010 to nowadays as a basis for detecting the main attack vectors in IoT systems. As part of this effort we have created the following dataset. CVEs records include various metrics such as: - Common Weakness Enumeration (CWE), mainly focused on technical classification of vulnerabilities. - Common Vulnerability Scoring System (CVSS), which reports about different metrics such as the attack vector, the severity of the vulnerability or the impact level of the exploitation of the vulnerability. This is one of the most informative metric. - Stakeholder-Specific Vulnerability Categorization (SSVC), oriented towards help cybersecurity team to handle properly the vulnerability. These metrics allow security teams on the one hand to prioritize, such vulnerabilities within their security program, evaluating efforts to mitigate them. But according to our analysis of our dataset, around the 14% of CVEs records do not contain any metric. Around the 83% of CVEs registries contain CWE metric (an ID or its textual description). This metric, as it is explained before, only reports about the type of vulnerability from a technic point of view. Only the 10% of CVEs registries contain SSVC metrics. And CVSS, in its different versions, appears only in the 40% of the studied CVEs registries. Additionally, most of studied records includes metrics a retrospectively, several weeks or months later the vulnerability is disclosed. Thus, cybersecurity teams must trust their previous knowledge in order to distinguish which vulnerabilities are relevant and which not.To tackled this situation, our proposal is focused in the application of Deep Learning techniques in order to classify the severity of CVE records from its textual description. Textual description is a mandatory field that is present in all CVEs records. To achieve this objective, we trained the BiLSTM algorithm using the CVE records with CVSS metrics and its description field; and performed a comparative study of different hyperparameter configurations to find the optimal configuration. The metrics for model evaluation that have been studied are accuracy, loss and F1-score.
  • Miniatura
    Publicación
    Internet of Things Platform for Assessment and Research on Cybersecurity of Smart Rural Environments
    (MDPI, 2025-08-01) Sernández Iglesias, Daniel; Tobarra Abad, María de los Llanos; Pastor Vargas, Rafael; Robles Gómez, Antonio; Vidal Balboa, Pedro; Sarraipa, João; Instituto Nacional de Ciberseguridad (INCIBE); (NextGenerationEU/PRTR) Unión Europea
    Rural regions face significant barriers to adopting IoT technologies, due to limited connectivity, energy constraints, and poor technical infrastructure. While urban environments benefit from advanced digital systems and cloud services, rural areas often lack the necessary conditions to deploy and evaluate secure and autonomous IoT solutions. To help overcome this gap, this paper presents the Smart Rural IoT Lab, a modular and reproducible testbed designed to replicate the deployment conditions in rural areas using open-source tools and affordable hardware. The laboratory integrates long-range and short-range communication technologies in six experimental scenarios, implementing protocols such as MQTT, HTTP, UDP, and CoAP. These scenarios simulate realistic rural use cases, including environmental monitoring, livestock tracking, infrastructure access control, and heritage site protection. Local data processing is achieved through containerized services like Node-RED, InfluxDB, MongoDB, and Grafana, ensuring complete autonomy, without dependence on cloud services. A key contribution of the laboratory is the generation of structured datasets from real network traffic captured with Tcpdump and preprocessed using Zeek. Unlike simulated datasets, the collected data reflect communication patterns generated from real devices. Although the current dataset only includes benign traffic, the platform is prepared for future incorporation of adversarial scenarios (spoofing, DoS) to support AI-based cybersecurity research. While experiments were conducted in an indoor controlled environment, the testbed architecture is portable and suitable for future outdoor deployment. The Smart Rural IoT Lab addresses a critical gap in current research infrastructure, providing a realistic and flexible foundation for developing secure, cloud-independent IoT solutions, contributing to the digital transformation of rural regions.