The constant increase of devices connected to the Internet, and therefore of cyber-attacks, makes it necessary to analyse network traffic in order to recognize malicious activity. Traditional packet-based analysis methods are insufficient because in large networks the amount of traffic is so high that it is unfeasible to review all communications. For this reason, network flows is a suitable approach for this situation, which in future 5G networks will have to be used, as the number of packets will increase dramatically. If this is also combined with unsupervised learning models, it can detect new threats for which it has not been trained. This paper presents a systematic review of the literature on unsupervised learning algorithms for detecting anomalies in network flows, following the PRISMA guideline. A total of 63 scientific articles have been reviewed, analysing 15 of them in depth. The results obtained show that autoencoder is the most used option, followed by SVM, ALAD, or SOM. On the other hand, all the datasets used for anomaly detection have been collected, including some specialised in IoT or with real data collected from honeypots.
@article{systematicreviewunsupervisedanomalydetection,author={Miguel-Diez, Alberto and Campazas-Vega, Adrián and Álvarez-Aparicio, Claudia and Esteban-Costales, Gonzalo and Guerrero-Higueras, Ángel Manuel},title={A systematic literature review of unsupervised learning algorithms for anomalous traffic detection based on flows},journal={Logic Journal of the IGPL},volume={34},number={1},pages={jzaf020},year={2025},month=dec,issn={1367-0751},doi={10.1093/jigpal/jzaf020},url={https://doi.org/10.1093/jigpal/jzaf020},eprint={https://academic.oup.com/jigpal/article-pdf/34/1/jzaf020/65735847/jzaf020.pdf},}
2024
CISIS 2024
Exploring the Landscape of Honeypots in the Fight Against Cyber Threats: A Systematic Mapping of Literature
Alberto Miguel-Diez, Rodrigo González-Fernández, Gonzalo Esteban-Costales, and 4 more authors
The steady increase in cyber threats highlights the need to strengthen cybersecurity defenses. In this context, honeypots emerge as crucial tools for detecting and mitigating such threats. A honeypot is a computer decoy that simulates having certain vulnerabilities that are attractive to a cybercriminal, allowing observation and analysis of the attack and the techniques used on the decoy. This article presents a systematic literature review of honeypots, analyzing the most commonly used characteristics and protocols following the PRISMA guidelines. A total of 258 scientific articles were reviewed, with 17 of them analyzed in depth. The results showed that the most commonly used protocols were HTTP and HTTPS, and the areas with the most available honeypots are those related to web applications and IoT devices. Additionally, lists have been compiled grouping honeypots by field of action, type of interaction, and protocol, with the aim of identifying aspects of honeypot development that require further investigation in future researches.
@inproceedings{10.1007/978-3-031-75016-8_17,author={Miguel-Diez, Alberto and Gonz{\'a}lez-Fern{\'a}ndez, Rodrigo and Esteban-Costales, Gonzalo and Vega-Gonz{\'a}lez, Christian and Campazas-Vega, Adri{\'a}n and Matell{\'a}n-Olivera, Vicente and Guerrero-Higueras, {\'A}ngel Manuel},editor={},title={Exploring the Landscape of Honeypots in the Fight Against Cyber Threats: A Systematic Mapping of Literature},booktitle={International Joint Conferences},year={2024},publisher={Springer Nature Switzerland},address={Cham},pages={179--190},isbn={978-3-031-75016-8},doi={10.1007/978-3-031-75016-8_17},}
CEUR
Cybersecurity Issues in Robotic Platforms
A. Campazas-Vega, A. Miguel-Diez, M. Hermida-López, and 3 more authors
CEUR Workshop Proceedings, Dec 2024
2023
JNIC 2023
Evaluación de la seguridad en el robot cuadrúpedo A1 de Unitree Robotics
Alberto Miguel Díez, Adrián Campazas Vega, Beatriz Castro, and 3 more authors
In Actas de las VIII Jornadas Nacionales de Investigación en Ciberseguridad: Vigo, 21 a 23 de junio de 2023, Dec 2023
Evaluación de la seguridad en el robot cuadrúpedo A1 de Unitree RoboticsIn Actas de las VIII Jornadas Nacionales de Investigación en Ciberseguridad: Vigo, 21 a 23 de junio de 2023, Dec 2023