Actividades prácticas para la asignatura de Seguridad de sistemas de información

La gran mayoría de los nuevos planes de estudios están incorporando nuevas asignaturas dedicadas a la Seguridad de Sistemas Informáticos. Un aspecto clave de estas asignaturas es el trabajo práctico y determinar qué actividades pueden ser las más idóneas para mostrar a los alumnos los diferentes aspectos de la Seguridad. En este artículo presentamos dos actividades prácticas que combinan los conceptos relativos a la autenticación basada en tarjetas inteligentes y el control de acceso en sistemas operativos Windows y Linux.Peer Reviewe

A Systematic Literature Review of Digital Game-based Assessment Empirical Studies: Current Trends and Open Challenges

Technology has become an essential part of our everyday life, and its use in educational environments keeps growing. In addition, games are one of the most popular activities across cultures and ages, and there is ample evidence that supports the benefits of using games for assessment. This field is commonly known as game-based assessment (GBA), which refers to the use of games to assess learners' competencies, skills, or knowledge. This paper analyzes the current status of the GBA field by performing the first systematic literature review on empirical GBA studies, based on 66 research papers that used digital GBAs to determine: (1) the context where the study has been applied, (2) the primary purpose, (3) the knowledge domain of the game used, (4) game/tool availability, (5) the size of the data sample, (6) the data science techniques and algorithms applied, (7) the targeted stakeholders of the study, and (8) what limitations and challenges are reported by authors. Based on the categories established and our analysis, the findings suggest that GBAs are mainly used in formal education and for assessment purposes, and most GBAs focus on assessing STEM content and cognitive skills. Furthermore, the current limitations indicate that future GBA research would benefit from the use of bigger data samples and more specialized algorithms. Based on our results, we discuss the status of the field with the current trends and the open challenges (including replication and validation problems) providing recommendations for the future research agenda of the GBA field.Comment: 23 pages, 12 figures, 1 tabl

Aprendizaje de tecnologías informáticas en titulaciones de Ciencias de la Comunicación mediante ABP

La inclusión de contenidos tecnológicos informáticos en titulaciones de posgrado en Ciencias de la Comunicación es un reto desde el punto de vista docente. En este sentido nos encontramos con alumnos que carecen de una base tecnológica suficiente que permita profundizar en detalles sobre el desarrollo o explotación de las nuevas tecnologías de la información y las comunicaciones, especialmente las relativas a las innovaciones tecnológicas en el entorno móvil. Partiendo de la dificultad que supone enfrentarse a este reto, el presente artículo presenta la experiencia docente con la asignatura Innovación Tecnológica en Contenidos Digitales del Máster Interuniversitario en Comunicación Móvil y Contenidos Digitales de la Facultad de Comunicación y Documentación de la Universidad de Murcia. En esta asignatura encontramos alumnos con distinta formación, como Publicidad, Comunicación Audivisual, Periodismo y Documentación. Hemos puesto en práctica, de forma exitosa, una experiencia docente de Aprendizaje Basado en Proyectos (ABP) y en este artículo incluimos detalles sobre la metodología, los recursos docentes y los resultados de aprendizaje obtenidos. Además mostramos un resumen de los proyectos desarrollados y la valoración de los alumnos, así como unas reflexiones acerca de la idoneidad de esta clase de enfoques docentes para estos marcos de aprendizaje de la informática.Teaching about information technologies (IT) for students of Communication Sciences is a challenging task. Those students do not usually have enough skills and knowledge about technological innovation in order to deal with some details about the development and deployment of information technologies, especially those related to the mobile ecosystem. Based on this fact, this paper presents the teaching experience in the subject Technology Innovation in Digital Contents of the Master's Degree in Mobile Communication and Digital Contents of the Faculty of Communication Sciences at our university. It is a subject with students from different degrees, like Advertising, Audiovisual Communication, Journalism, and Documentation. As we will see, we have successfully implemented a teaching experience based on Project- Based Learning (PBL). We include details about the process, the teaching resources and the obtained results. Moreover, the paper includes a summary of the projects and the evaluation of the students, as well as a discussion about the suitability of this approach

VAASI: Crafting valid and abnormal adversarial samples for anomaly detection systems in industrial scenarios

In the realm of industrial anomaly detection, machine and deep learning models face a critical vulnerability to adversarial attacks. In this context, existing attack methodologies primarily target continuous features, often in the context of images, making them unsuitable for the categorical or discrete features prevalent in industrial systems. To fortify the cybersecurity of industrial environments, this paper introduces a groundbreaking adversarial attack approach tailored to the unique demands of these settings. Our novel technique enables the creation of targeted adversarial samples that are valid within the framework of supervised cyberattack detection models in industrial scenarios, preserving the consistency of discrete values and correcting cases where an adversarial sample transitions into a normal one. Our approach leverages the SHAP interpretability method to identify the most salient features for each sample. Subsequently, the Projected Gradient Descent technique is employed to perturb continuous features, ensuring adversarial sample generation. To handle categorical features for a specific adversarial sample, our method scrutinizes the closest sample within the normal training dataset and replicates its categorical feature values. Additionally, Decision Trees trained within a Random Forest are utilized to ensure that the resulting adversarial samples maintain the essential abnormal behavior required for detection. The validation of our proposal was conducted using the WADI dataset obtained from a water distribution plant, providing a realistic industrial context. During validation, we assessed the mean error and the total number of adversarial samples generated by our approach, comparing it with the original Projected Gradient Descent method and the Carlini & Wagner attack across various parameter configurations. Remarkably, our proposal consistently achieved the best trade-off between mean error and the number of generated adversarial samples, showcasing its superiority in safeguarding industrial systems

An interpretable semi‐supervised system for detecting cyberattacks using anomaly detection in industrial scenarios

When detecting cyberattacks in Industrial settings, it is not sufficient to determine whether the system is suffering a cyberattack. It is also fundamental to explain why the system is under a cyberattack and which are the assets affected. In this context, the Anomaly Detection based on Machine Learning (ML) and Deep Learning (DL) techniques showed great performance when detecting cyberattacks in industrial scenarios. However, two main limitations hinder using them in a real environment. Firstly, most solutions are trained using a supervised approach, which is impractical in the real industrial world. Secondly, the use of black‐box ML and DL techniques makes it impossible to interpret the decision made by the model. This article proposes an interpretable and semi‐supervised system to detect cyberattacks in Industrial settings. Besides, our proposal was validated using data collected from the Tennessee Eastman Process. To the best of our knowledge, this system is the only one that offers interpretability together with a semi‐supervised approach in an industrial setting. Our system discriminates between causes and effects of anomalies and also achieved the best performance for 11 types of anomalies out of 20 with an overall recall of 0.9577, a precision of 0.9977, and a F1‐score of 0.9711

A Methodology for Evaluating the Robustness of Anomaly Detectors to Adversarial Attacks in Industrial Scenarios

Anomaly Detection systems based on Machine and Deep learning are the most promising solutions to detect cyberattacks in the industry. However, these techniques are vulnerable to adversarial attacks that downgrade prediction performance. Several techniques have been proposed to measure the robustness of Anomaly Detection in the literature. However, they do not consider that, although a small perturbation in an anomalous sample belonging to an attack, i.e., Denial of Service, could cause it to be misclassified as normal while retaining its ability to damage, an excessive perturbation might also transform it into a truly normal sample, with no real impact on the industrial system. This paper presents a methodology to calculate the robustness of Anomaly Detection models in industrial scenarios. The methodology comprises four steps and uses a set of additional models called support models to determine if an adversarial sample remains anomalous. We carried out the validation using the Tennessee Eastman process, a simulated testbed of a chemical process. In such a scenario, we applied the methodology to both a Long-Short Term Memory (LSTM) neural network and 1-dimensional Convolutional Neural Network (1D-CNN) focused on detecting anomalies produced by different cyberattacks. The experiments showed that 1D-CNN is significantly more robust than LSTM for our testbed. Specifically, a perturbation of 60% (empirical robustness of 0.6) of the original sample is needed to generate adversarial samples for LSTM, whereas in 1D-CNN the perturbation required increases up to 111% (empirical robustness of 1.11)

Forced Solid-State Interactions for the Selective “Turn-On” Fluorescence Sensing of Aluminum Ions in Water Using a Sensory Polymer Substrate

Selective and sensitive solid sensory substrates for detecting Al(III) in pure water are reported. The material is a flexible polymer film that can be handled and exhibits gel behavior and membrane performance. The film features a chemically anchored salicylaldehyde benzoylhydrazone derivative as an aluminum ion fluorescence sensor. A novel procedure for measuring Al(III) at the ppb level using a single solution drop in 20 min was developed. In this procedure, a drop was allowed to enter the hydrophilic material for 15 min before a 5 min drying period. The process forced the Al(III) to interact with the sensory motifs within the membrane before measuring the fluorescence of the system. The limit of detection of Al(III) was 22 ppm. Furthermore, a water-soluble sensory polymer containing the same sensory motifs was developed with a limit of detection of Al(III) of 1.5 ppb, which was significantly lower than the Environmental Protection Agency recommendations for drinking water.Spanish Ministerio de Economía y Competitividad-Feder (MAT2011-22544) and by the Consejería de Educación - Junta de Castilla y León (BU232U13)