Ines Ortega-Fernandez

Ines Ortega-Fernandez

PhD | Technical Manager of Data Analytics & AI - Security and Privacy Department (GRADIANT)

Sitemap

A list of all the posts and pages found on the site. For you robots out there is an XML version available for digesting as well.

Pages

Posts

projects

ÉGIDA - Red de Excelencia en Tecnologías de Seguridad y Privacidad

Call: CDTI Cervera Network

Dates: -

Abstract

ÉGIDA focused on the development of advanced cybersecurity and privacy technologies through a collaborative Spanish research network involving academia, research centers, and industry partners. The project aimed to strengthen research and innovation capabilities in trustworthy artificial intelligence, cybersecurity analytics, privacy-preserving technologies, and industrial security systems.

INFINITECH - Tailored IoT & BigData Sandboxes and Testbeds for Smart, Autonomous and Personalized Services in the European Finance and Insurance Services Ecosystem

Call: ICT-11-2018-2019 - HPC and Big Data enabled Large-scale Test-beds and Applications

Dates: -

Abstract

Big data, artificial intelligence (AI) and Internet-of-Things (IoT) are essential in our data-driven environment – in all facets of daily life. However, many financial or insurance institutions still face difficulties using big data technology due to complicated regulations and the lack of testbed resources. The EU-funded INFINITECH project will undertake an innovative effort to boost regulatory compliance and enhance directed investments. Leaders in finance and ICT will aim to provide novel Big Data/IoT/AI technologies for managing and querying all kinds of data along with data governance capabilities. These disruptive tools will enhance innovations in business sectors and support nine novelty testbeds and sandboxes to offer open application programming interfaces (APIs).

PERSIST - Patients-centered SurvivorShIp care plan after Cancer treatments based on Big Data and Artificial Intelligence technologies

Call: SC1-DTH-01-2019 - Big data and Artificial Intelligence for monitoring health status and quality of life after the cancer treatment

Dates: -

Abstract

The transition from cancer patient to cancer survivor should be planned and coordinated to ensure patients receive high-quality, coordinated and personalised care. The EU-funded PERSIST project is developing a system that supports self-care and can identify outcomes that require professional intervention. Its system uses big data technology and novel analysis algorithms that can be easily integrated into electronic health records and other sources of clinical data. Overall, the project aims to improve the management, intervention and prevention strategies to reduce side effects and prevent secondary diseases. Its long-term goal is to reduce the socio-economic burden related to cancer survivors’ care by creating a dynamic decision support system and making maximum use of predictive models.

BIECO - Building Trust in Ecosystems and Ecosystem Components

Call: H2020

Dates: -

Abstract

BIECO aimed to improve trust and resilience in complex ICT supply-chain ecosystems through advanced cybersecurity analysis and risk-assessment methodologies. The project investigated vulnerability propagation, dependency analysis, and cyber-risk management techniques for interconnected digital infrastructures.

SmartNOC - Investigación en tecnologías emergentes para la gestión inteligente de centros de control de redes de comunicación

Call: Programa Estratégico de Consorcios de Investigación Empresarial Nacional (CIEN) (IDI-20210861)

Dates: -

Abstract

El objetivo del proyecto SmartNOC es investigar en diversas tecnologías, técnicas, herramientas, metodologías y conocimientos dirigidos a desarrollar soluciones tecnológicas para la gestión inteligente y segura de los centros de control de redes de comunicaciones (NOC por sus siglas en inglés, Network Operation Center), tanto de operadores de comunicaciones como redes privadas de la Industria 4.0, las Smart Cities o las Infraestructuras críticas; para hacerlas más eficientes, fiables y seguras. Este proyecto facilitará la adopción de soluciones tecnológicas para una nueva generación de los centros de control de redes que proporcionen seguridad, eficacia, eficiencia y fiabilidad a los sistemas de información; mediante la investigación en tecnologías tales como IA, Big data, interfaces innovadoras o sistemas de almacenamiento.

SABOT - Sistema inteligente AntiBOTs

Call: Red.es del Centro de Desarrollo Tecnologico e Industrial (2020/0720/000100025)

Dates: -

Abstract

En SABOT se propone el desarrollo de una solución basada en técnicas de aprendizaje automático y estadísticas para, mediante el modelado del comportamiento de bots y usuarios legítimos poder detectar a los primeros y bloquear o minimizar su impacto. El modelado del comportamiento se realizará mediante la caracterización del mismo en base a un gran número de variables obtenidas, entre otras formas, por la ejecución de pequeños fragmentos de código, insertados en la web de comercio electrónico, tanto por los usuarios legítimos como por los bots. Tras la fase de desarrollo, la solución se pilotará en una pequeña empresa especializada en venta de material deportivo que en la actualidad sufre un grave impacto por los bots, tanto en recursos informáticos como en su estrategia comercial. La solución estará especialmente orientada al comercio electrónico de pequeñas y medianas empresas ya que se proporcionará como un producto, no como un servicio, y se licenciará en empresas ya que se proporcionará como un producto, no como un servicio, y se licenciará en base al tráfico legítimo, no en base al tráfico de los bots. De este modo se contribuirá al aumento de canales de venta online por parte de este tipo de empresas reduciendo la brecha con las grandes organizaciones.

TRUMPET - TRUstworthy Multi-site Privacy Enhancing Technologies

Call: HORIZON-CL3-2021-CS-01-04 - Scalable privacy-preserving technologies for cross-border federated computation in Europe involving personal data

Dates: -

Abstract

In recent years, Federated Learning (FL) has emerged as a revolutionary privacy-enhancing technology and, consequently, has quickly expanded to other applications. However, further research has cast a shadow of doubt on the strength of privacy protection provided by FL. Potential vulnerabilities and threats pointed out by researchers included a curious aggregator threat; susceptibility to man-in-the-middle and insider attacks that disrupt the convergence of global and local models or cause convergence to fake minima; and, most importantly, inference attacks that aim to re-identify data subjects from FL’s AI model parameter updates. The goal of TRUMPET is to research and develop novel privacy enhancement methods for Federated Learning, and to deliver a highly scalable Federated AI service platform for researchers, that will enable AI-powered studies of siloed, multi-site, cross-domain, cross border European datasets with privacy guarantees that exceed the requirements of GDPR. The generic TRUMPET platform will be piloted, demonstrated and validated in the specific use case of European cancer hospitals, allowing researchers and policymakers to extract AI-driven insights from previously inaccessible cross-border, cross-organization cancer data, while ensuring the patients’ privacy. The strong privacy protection accorded by the platform will be verified through the engagement of external experts for independent privacy leakage and re-identification testing. A secondary goal is to research, develop and promote with EU data protection authorities a novel metric and tool for the certification of GDPR compliance of FL implementations. The consortium is composed of 9 interdisciplinary partners: 3 Research Organizations, 1 University, 3 SMEs and 2 Clinical partners with extensive experience and expertise to guarantee the correct performance of the activities and the achievement of the results.

SecBluRed - Aproximación Holística a la Ciberseguridad en el IoT Industrial (IIOT)

Call: Programa de Misiones de Ciencia e Innovación (MIG-20221051)

Dates: -

Abstract

Debido a la tendencia actual de los ataques que sufre la industria y considerando las tecnologías inalámbricas que se deben ir progresivamente implantando (ahorro cuantioso en el despliegue de nuevos sistemas), el proyecto SecBluRed plantea una aproximación de investigación holística a la ciberseguridad para la IoT Industrial (IIoT, de ahora en adelante), que podría ser extensible a otros entornos tecnológicos industriales. Para ello, se proponen tres ejes de investigación:

SafeNet UEBA - Centro de Operaciones de Seguridad basado en UEBA explicable

Call: Compra Pública Precomercial CPP001/23. (CPP001-23-R006_SAFENET_UEBA)

Dates: -

Abstract

The primary objective of the SafeNet UEBA project is the design and implementation of a Security Operations Center (SOC) that allows the detection of cyberattacks based on UEBA using statistical techniques and artificial intelligence (AI). The solution will enable the incorporation of a wide variety of data sources, which, once normalized and aggregated, will be used to construct a robust pattern of the behavior of users, devices, or entities. The detected threats will be enriched with external sources such as Indicators of Compromise using the MISP threat intelligence platform.

CICERO - Contramedidas inteligentes de ciberseguridad para la red del futuro

Call: Ayudas Cervera para Centros Tecnológicos (CER-20231019)

Dates: -

Abstract

La adopción masiva de tecnologías de la información y telecomunicaciones está cambiando cómo nos relacionamos e interactuamos. Esto ha provocado, además de múltiples beneficios, un aumento de los riesgos asociados a la adopción de nuevas tecnologías, principalmente los generados por amenazas a la seguridad de la información o ciberamenazas que ponen en riesgo el crecimiento, sostenibilidad y modo de vida.

PRESERVE - Ethics and Privacy preserving Big Data platform for Supporting criminal investigations

Call: HORIZON-CL3-2023-FCT-01 - Fighting Crime and Terrorism 2023

Dates: -

Abstract

This project aims to develop an innovative and privacy-preserving decision-support system for European law enforcement authorities leveraging advanced Big Data and AI technologies to effectively combat crimes and terrorism. The proposed system integrates Federated Learning, User and Entity Behavior Analytics (UEBA), and other Big Data and AI techniques to monitor social network data, deep and shallow web information, and police databases in a secure, collaborative, privacy-aware and ethical manner. The primary objective is to help Law Enforcement Authorities (LEAs) fighting cybercrime and terrorism by identifying key communities and users involved in activities such as hate speech, child sexual abuse, terrorism, or drug trafficking and to use this information to better allocate police resources.

SPICE - Smart Data Pipelines for the Cognitive Compute Continuum

Call: Recovery and Resilience Plan of the Slovak Republic

Dates: -

Abstract

SPICE focuses on the development of intelligent and privacy-aware data pipelines for the Cognitive Compute Continuum, enabling secure and efficient data processing across cloud, edge, and distributed computing infrastructures. The project aims to facilitate trustworthy data sharing and interoperability within emerging European data spaces while ensuring compliance with privacy and security requirements.

FAIR - Explainability in Neural Networks for Image Classification Tasks

Call: INCIBE - Spanish Cybersecurity Institute

Dates: -

Abstract

FAIR investigates explainability and transparency mechanisms for deep neural networks applied to image-classification tasks, with a particular focus on trustworthy artificial intelligence for cybersecurity and high-risk AI applications. The project aims to improve the interpretability, robustness, and accountability of modern AI systems by developing methodologies that allow better understanding of neural-network decision-making processes.

publications

How to implement EU data protection regulation for R&D on personal data

Published in 2017 International Carnahan Conference on Security Technology (ICCST), 2017

Biometric R&D has to deal with personal data. From the Universal Declaration of Human Rights, privacy of a human being shall be protected, and this is addressed in different forms in each region of the world. In the case of the European Union, Data Protection Directives, Laws and Regulation have been established, and interpreted in different ways by each European Member State. Such a diversity has pushed the European Union to generate an improved regulation that will be mandatory in 2018. Biometric R&D shall not only comply with the current Directive, but also has to adapt its work to the new Regulation. This work is intended to describe the situation and provide a recommended procedure when having to acquire personal data.

Recommended citation: R. Sanchez-Reillo, I. Ortega-Fernandez, W. Ponce-Hernandez, and H. C. Quiros-Sandoval, “How to implement EU data protection regulation for R&D on personal data,” in Proceedings - International Carnahan Conference on Security Technology, 2017, vol. 2017-Octob, doi: 10.1109/CCST.2017.8167797. https://ieeexplore.ieee.org/abstract/document/8167797

How to implement EU data protection regulation for R&D in biometrics

Published in Computer Standards & Interfaces, 2019

Biometrics R&D has to deal with personal data. From the Universal Declaration of Human Rights, privacy of a human being shall be protected, and this is addressed in different ways in each region of the world. In the case of the European Union, Data Protection Directives, Laws and Regulations have been established, and interpreted in different ways by each European Member State. Such a diversity has pushed the European Union to generate an improved regulation that will be mandatory from May 2018. Biometric R&D shall not only comply with the current Directive, but also has to adapt its work to the new Regulation. This work is intended to describe the situation and provide a recommended procedure when having to acquire personal data. The recommended procedure is illustrated by the implementation of a Biometric Data Acquisition Platform, used to acquire fingerprints from nearly 600 citizens using different sensors.

Recommended citation: R. Sanchez-Reillo, I. Ortega-Fernandez, W. Ponce-Hernandez, and H. C. Quiros-Sandoval, “How to implement EU data protection regulation for R&D in biometrics,” Comput. Stand. Interfaces, vol. 61, 2019, doi: 10.1016/j.csi.2018.01.007. https://doi.org/10.1016/j.csi.2018.01.007

Large Scale Data Anonymisation for GDPR Compliance

Published in Big Data and Artificial Intelligence in Digital Finance, 2022

General Data Protection Regulation (GDPR) has been in place since May 2018 to give EU citizens more control over their personal data, applying principles like security and privacy by design. One of the most powerful tools to allow data processing while being compliant with data protection regulations is anonymisation, a procedure that consists of transforming data in such a way that makes no longer possible the re-identification of the data subjects. This chapter describes how anonymisation can be performed at a large scale, addressing common challenges to become GDPR compliant.

Recommended citation: Ortega-Fernandez, I., Martinez, S.E.K., Orellana, L.A. (2022). Large Scale Data Anonymisation for GDPR Compliance. In: Soldatos, J., Kyriazis, D. (eds) Big Data and Artificial Intelligence in Digital Finance. Springer, Cham. https://doi.org/10.1007/978-3-030-94590-9_19 https://doi.org/10.1007/978-3-030-94590-9_19

A Review of Denial of Service Attack and Mitigation in the Smart Grid Using Reinforcement Learning

Published in Energies (MDPI), 2023

The smart grid merges cyber-physical systems (CPS) infrastructure with information and communication technologies (ICT) to ensure efficient power generation, smart energy distribution in real-time, and optimisation, and it is rapidly becoming the current standard for energy generation and distribution. However, the use of ICT has increased the attack surface against the electricity grid, which is vulnerable to a wider range of cyberattacks. In particular, Denial-of-Service (DoS) attacks might impact both the communication network and the cyber-physical layer. DoS attacks have become critical threats against the smart grid due to their ability to impact the normal operation of legitimate smart-grid devices and their ability to target different smart grid systems and applications. This paper presents a comprehensive and methodical discussion of DoS attacks in the smart grid, analysing the most common attack vectors and their effect on the smart grid. The paper also presents a survey of detection and mitigation techniques against DoS attacks in the smart grid using reinforcement learning (RL) algorithms, analysing the strengths and limitations of the current approaches and identifying the prospects for future research.

Recommended citation: Ortega-Fernandez, Ines, and Francesco Liberati. 2023. "A Review of Denial of Service Attack and Mitigation in the Smart Grid Using Reinforcement Learning" Energies 16, no. 2: 635. https://www.mdpi.com/1996-1073/16/2/635 https://www.mdpi.com/1996-1073/16/2/635

Network intrusion detection system for DDoS attacks in ICS using deep autoencoders

Published in Wireless Networks (Springer), 2023

Anomaly detection in industrial control and cyber-physical systems has gained much attention over the past years due to the increasing modernisation and exposure of industrial environments. Current dangers to the connected industry include the theft of industrial intellectual property, denial of service, or the compromise of cloud components; all of which might result in a cyber-attack across the operational network. However, most scientific work employs device logs, which necessitate substantial understanding and preprocessing before they can be used in anomaly detection. In this paper, we propose a network intrusion detection system (NIDS) architecture based on a deep autoencoder trained on network flow data, which has the advantage of not requiring prior knowledge of the network topology or its underlying architecture. Experimental results show that the proposed model can detect anomalies, caused by distributed denial of service attacks, providing a high detection rate and low false alarms, outperforming the state-of-the-art and a baseline model in an unsupervised learning environment. Furthermore, the deep autoencoder model can detect abnormal behaviour in legitimate devices after an attack. We also demonstrate the suitability of the proposed NIDS in a real industrial plant from the alimentary sector, analysing the false positive rate and the viability of the data generation, filtering and preprocessing procedure for a near real time scenario. The suggested NIDS architecture is a low-cost solution that uses only fifteen network-based features, requires minimal processing, operates in unsupervised mode, and is straightforward to deploy in real-world scenarios.

Recommended citation: Ortega-Fernandez, I., Sestelo, M., Burguillo, J.C. et al. Network intrusion detection system for DDoS attacks in ICS using deep autoencoders. Wireless Netw (2023). https://doi.org/10.1007/s11276-022-03214-3 https://link.springer.com/article/10.1007/s11276-022-03214-3

Hexanonymity: a scalable geo-positioned data clustering algorithm for anonymisation purposes

Published in 2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), 2023

Advances in sensors, trackers and positioning systems had led to the emergence of multiple locationbased services (LBS), resulting in multiple devices and users reporting their precise position and raising many privacy concerns. Anonymisation of geo-positioned data can provide a high level of privacy to the end users, but usually at the cost of introducing high levels of information loss on the location reported to the LBS. This paper presents Hexanonymity, a new algorithm for the anonymisation of geo-positioned data which introduces a limited amount of information loss while providing k-anonymity. Hexanonymity leverages the Uber H3 geo-indexing system, which subdivides the earth into hexagonal meshes. We take advantage of a property of hexagon meshes, where for any of them, the distance from its centre to the centre of the six surrounding hexagons is always the same. This property allows the algorithm to generate high-quality clusters of geo-positioned data points, introducing a limited information loss. This new algorithm improves the current state-of-the-art in terms of the quality of the anonymised data points while providing a similar level of privacy, with a percentage of anonymised locations reduced by only 0.503% when compared to Adaptive Interval Cloaking. Hexanonymity leverages geo-indexing systems to offer a scalable approach to the anonymisation of geo-positioned data in linear time, suitable for big data and real-time scenarios.

Recommended citation: J. Rodriguez-Viñas, I. Ortega-Fernandez and E. S. Martínez, "Hexanonymity: a scalable geo-positioned data clustering algorithm for anonymisation purposes," 2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), Delft, Netherlands, 2023, pp. 396-404, doi: 10.1109/EuroSPW59978.2023.00050. https://ieeexplore.ieee.org/abstract/document/10190642

Explainable Generalized Additive Neural Networks with Independent Neural Network Training

Published in 16th International Conference of the ERCIM WG on Computational and Methodological Statistics (CFE-CMStatistics 2023), 2023

This work introduces a Generalized Additive Neural Network framework designed to improve explainability in deep-learning models through independent neural-network training for feature-effect estimation.

Recommended citation: Ortega-Fernández, I., & Sestelo, M. (2023). Explainable Generalized Additive Neural Networks with Independent Neural Network Training. Poster presentation at CFE-CMStatistics 2023. https://cmstatistics.org/

Detección de bots avanzados en comercio electrónico: un caso de uso real

Published in 2023 JNIC Cybersecurity Conference (JNIC), 2026

En la actualidad, los bots generan una gran cantidad de trafico en las páginas web, lo que causa problemas como denegaciones de servicio a usuarios legítimos y dificulta su operacion normal. Este trabajo presenta un caso de éxito de transferencia tecnologica en el que se utilizan m ´ etodos de ´ deteccion de anomalías basados en Deep Autoencoders para desarrollar un modulo de detección de bots para paginas web de comercio electronico. El objetivo es identificar comportamientos anómalos que puedan ser causados por bots maliciosos. Se utiliza un modulo de captura en Javascript para recopilar datos de manera transparente al usuario y alimentar el modulo de detección casi en tiempo real, utilizando características bio-estadísticas que modelan el comportamiento de los usuarios al navegar por la web. El modulo se ha evaluado formalmente utilizando diferentes metricas, incluyendo la tasa de falsos positivos y el porcentaje de instancias identificadas como bot, demostrando su efectividad en la deteccion de bots avanzados.

Recommended citation: Mauro Saavedra-Golán, Ines Ortega-Fernandez (2023, 22 de junio). Detección de bots avanzados en comercio electrónico: un caso de uso real. Jornadas Nacionales de Investigación en Ciberseguridad [Conferencia]. Vigo, España. ISBN 978-84-8158-970-2, págs. 229-235 https://dialnet.unirioja.es/servlet/articulo?codigo=9041365

Detecting Anomalies in Industrial Control Systems with LSTM Neural Networks and UEBA

Published in 2023 JNIC Cybersecurity Conference (JNIC), 2023

The increasing adoption of the Industrial Internet of Things and integration of operational technology with information technology networks have made industrial control systems (ICS) more vulnerable to cyber-attacks, which can cause severe consequences such as disruption of critical infrastructure, loss of data, and significant financial losses. To enhance the security and resilience of these systems, anomaly detection in ICS has gained significant attention in recent years. This paper introduces ongoing research focused on using Long Short-Term Memory (LSTM) neural networks for forecasting and subsequent anomaly detection over device logs. This approach involves User and Entity Behaviour Analytics (UEBA) to analyze and define entities of interest from a real industrial plant and extract a baseline behaviour model through features that are fed into the LSTM model for predicting future events and detecting anomalies. The proposed solution has the potential to provide real-time detection of cyber and physical threats, thereby enhancing the security and resilience of industrial control systems.

Recommended citation: C. Piñón-Blanco, F. Otero-Vázquez, I. Ortega-Fernandez and M. Sestelo, "Detecting Anomalies in Industrial Control Systems with LSTM Neural Networks and UEBA," 2023 JNIC Cybersecurity Conference (JNIC), Vigo, Spain, 2023, pp. 1-8, doi: 10.23919/JNIC58574.2023.10205609. https://ieeexplore.ieee.org/abstract/document/10205609/

Explainable generalized additive neural networks with independent neural network training

Published in Statistics & Computing (Springer), 2023

Neural Networks are one of the most popular methods nowadays given their high performance on diverse tasks, such as computer vision, anomaly detection, computer-aided disease detection and diagnosis or natural language processing. While neural networks are known for their high performance, they often suffer from the so-called “black-box” problem, which means that it is difficult to understand how the model makes decisions. We introduce a neural network topology based on Generalized Additive Models. By training an independent neural network to estimate the contribution of each feature to the output variable, we obtain a highly accurate and explainable deep learning model, providing a flexible framework for training Generalized Additive Neural Networks which does not impose any restriction on the neural network architecture. The proposed algorithm is evaluated through different simulation studies with synthetic datasets, as well as a real-world use case of Distributed Denial of Service cyberattack detection on an Industrial Control System. The results show that our proposal outperforms other GAM-based neural network implementations while providing higher interpretability, making it a promising approach for high-risk AI applications where transparency and accountability are crucial.

Recommended citation: Ortega-Fernandez, I., Sestelo, M. & Villanueva, N.M. Explainable generalized additive neural networks with independent neural network training. Stat Comput 34, 6 (2024). https://doi.org/10.1007/s11222-023-10320-5 https://link.springer.com/article/10.1007/s11222-023-10320-5

Development of a modular virtual Industrial Control System prototype for cybersecurity research

Published in IX Jornadas Nacionales de Investigación En Ciberseguridad (JNIC 2024), 2024

As the landscape of industrial control systems (ICS) evolves, the security vulnerabilities inherent in these systems have become increasingly important. In response to this escalating situation, in this paper, we present the development of a virtualised cybersecurity research testbed tailored for these environments. Addressing the challenge of limited access to proprietary OT network data for research purposes, our work proposes a comprehensive framework for simulating industrial environments, aiming to facilitate the development and testing of cybersecurity solutions by providing functionalities for network traffic logging, attack impact simulation, generation of labelled multivariate time series sensor datasets, among others, bridging the gap between theoretical research and practical application needs.

Recommended citation: Carnero Ortega, D., Piñón Blanco, C., Pintos Castro, B., & Ortega Fernández, I. (2024). Development of a modular virtual Industrial Control System prototype for cybersecurity research. IX Jornadas Nacionales de Investigación En Ciberseguridad, 534-539. https://dialnet.unirioja.es/servlet/articulo?codigo=9633511

WhatTheFile, análisis forense basado en Inteligencia Artificial

Published in IX Jornadas Nacionales de Investigación En Ciberseguridad (JNIC 2024), 2024

En el actual contexto de la era de la información, los analistas forenses se enfrentan al desafío de equilibrar la obtención de evidencia crucial en un vasto conjunto de archivos con la protección del derecho a la intimidad de las partes involucradas, ya sean empresas o usuarios individuales. Este equilibrio plantea un dilema: la búsqueda exhaustiva de evidencia puede comprometer la privacidad, mientras que un enfoque excesivamente cauteloso puede limitar la obtención de pruebas relevantes. En respuesta a esta problemática, en este trabajo proponemos una solución que emplea algoritmos de Inteligencia Artificial (IA) para identificar y extraer información relevante de cada archivo. Esta técnica permite llevar a cabo búsquedas heurísticas sobre los datos, lo que facilita la focalización en los archivos pertinentes del caso sin comprometer la privacidad de las personas investigadas. Además, esta metodología optimiza el tiempo empleado en el análisis forense al evitar la revisión minuciosa de archivos irrelevantes, logrando un enfoque más eficiente y preciso, y garantizando tanto la obtención de evidencia necesaria como el respeto a la privacidad de los individuos involucrados.

Recommended citation: Pintos, B., & Ortega-Fernandez, I. (2024). WhatTheFile, análisis forense basado en Inteligencia Artificial. In IX Jornadas Nacionales de Investigación En Ciberseguridad (pp. 600-605). Antonia M. Reina Quintero. https://dialnet.unirioja.es/servlet/articulo?codigo=9633521

Explainable deep learning: A methodology to train Generalized Additive Models with deep neural networks

Published in International Symposium on Nonparametric Statistics (ISNPS 2024), 2024

Deep neural networks often suffer from limited interpretability despite their high predictive performance. This work presents a methodology for training Generalized Additive Models using deep neural-network architectures to obtain accurate and explainable machine-learning systems.

Recommended citation: Ortega-Fernandez, I., & Sestelo, M. (2024). Explainable deep learning: A methodology to train Generalized Additive Models with deep neural networks. Poster presentation at ISNPS 2024. https://isnps.unipa.it/

Enhancing Privacy in Federated Learning: A Practical Assessment of Combined PETs in a Cross-Silo Setting

Published in 2024 ACM Workshop on Information Hiding and Multimedia Security, 2024

Federated Learning (FL) has emerged as a revolutionary machine learning setting to enable collaborative training in a privacy-preserving way. However, recent research has showcased significant privacy attacks that pose a serious threat to the proliferation of FL as a technology designed to safeguard privacy during training with sensitive data from multiple entities. The rapid evolution of Privacy Enhancing Technologies offers promising methods for securing data inputs and outputs in FL scenarios. This paper evaluates and benchmarks the practical application of two PET methods, which has been integrated within a custom-built FL platform. The work conducts a comparative analysis of several privacy techniques applied to Federated Learning scenarios, with a primary focus on computational and communication performance.

Recommended citation: Loureiro-Acuña, J., Martínez-Luaña, X., Padín-Torrente, H., Jiménez-Balsa, G., García-Pagán, C., & Ortega-Fernandez, I. (2024). Enhancing Privacy in Federated Learning: A Practical Assessment of Combined PETs in a Cross-Silo Setting. Proceedings of the 2024 ACM Workshop on Information Hiding and Multimedia Security, 265–270. doi:10.1145/3658664.3659661 https://dl.acm.org/doi/abs/10.1145/3658664.3659661

Cybersecurity threat detection based on a UEBA framework using deep autoencoders

Published in AIMS Mathematics, 2025

User and Entity Behavior Analytics (UEBA) has emerged as a promising approach for detecting advanced cybersecurity threats by modeling behavioral patterns of users and systems. This paper presents a cybersecurity threat-detection framework based on deep autoencoders integrated within a UEBA architecture for anomaly detection in enterprise environments.

Recommended citation: Fuentes, J., Ortega-Fernandez, I., Villanueva, N. M., & Sestelo, M. (2025). Cybersecurity threat detection based on a UEBA framework using deep autoencoders. AIMS Mathematics, 10(10), 23496–23517. https://doi.org/10.3934/math.20251043 https://doi.org/10.3934/math.20251043

The future of law enforcement: How PRESERVE’s AI and big data solutions benefit public safety

Published in 6th International Conference in Electronic Engineering & Information Technology (EEITE), 2025

This presentation introduces the PRESERVE project and its approach to supporting law-enforcement authorities through privacy-preserving AI and Big Data technologies. The project combines Federated Learning, behavioral analytics, natural-language processing, and computer vision to support secure and ethical criminal-investigation workflows.

Recommended citation: Makri, F., Spantideas, S., Kokkinis, G., Ortega-Fernandez, I., Alonso Doval, P., & Varveris, M. (2025). The future of law enforcement: How PRESERVE’s AI and big data solutions benefit public safety. Poster presentation at the 6th International Conference in Electronic Engineering & Information Technology (EEITE). https://eeite.org/

Combining Neural Networks and Generalized Additive Models for Explainable AI

Published in XVII Congreso Galego de Estatística e Investigación de Operacións, 2025

This work explores the integration of neural networks and Generalized Additive Models to develop explainable artificial intelligence methodologies that maintain high predictive performance while improving interpretability and transparency.

Recommended citation: Ortega-Fernandez, I., Sestelo, M., & Villanueva, N. M. (2025). Combining Neural Networks and Generalized Additive Models for Explainable AI. Poster presentation at XVII Congreso Galego de Estatística e Investigación de Operacións. https://sgapeio.es/

Advanced Detection of Suspicious Activity within UEBA Framework using Deep Autoencoders

Published in XVII Congreso Galego de Estatística e Investigación de Operacións, 2025

User and Entity Behavior Analytics (UEBA) systems are increasingly used to identify suspicious activities and cybersecurity threats in complex infrastructures. This work presents a deep-learning-based anomaly-detection framework leveraging deep autoencoders to model behavioral patterns and identify anomalous activities within cybersecurity environments.

Recommended citation: Fuentes Rodríguez, J., Ortega-Fernandez, I., Villanueva, N. M., & Sestelo, M. (2025). Advanced Detection of Suspicious Activity within UEBA Framework using Deep Autoencoders. Oral communication at XVII Congreso Galego de Estatística e Investigación de Operacións. https://sgapeio.es/

Towards Explainable AI: Neural Network-Based Training of Generalized Additive Models

Published in Royal Statistical Society International Conference (RSS 2025), 2025

This work presents a methodology for training explainable neural-network models based on Generalized Additive Models (GAMs), combining the predictive power of deep learning with the interpretability of additive statistical models. The proposed framework independently trains neural networks to estimate feature contributions, providing transparent and accountable AI systems suitable for high-risk applications.

Recommended citation: Ortega-Fernández, I., Sestelo, M., & Villanueva, N. M. (2025). Towards Explainable AI: Neural Network-Based Training of Generalized Additive Models. Reviewed contribution accepted for conference presentation at RSS 2025. https://rss.org.uk/training-events/conference-2025/

Toward human-centered explainability: Natural language explanations for anomaly detection

Published in Information Systems Frontiers (Springer), 2026

Anomaly-detection systems based on artificial intelligence are increasingly used in cybersecurity and industrial environments, but their outputs are often difficult for human analysts to interpret. This paper explores human-centered explainability approaches for anomaly detection through the generation of natural-language explanations that help analysts understand model predictions and anomalous behaviors.

Recommended citation: Padín-Torrente, H., Carneiro-Diaz, V., & Ortega-Fernandez, I. (2026). Toward human-centered explainability: Natural language explanations for anomaly detection. Information Systems Frontiers, 1–17. https://doi.org/10.1007/s10796-026-10717-3 https://doi.org/10.1007/s10796-026-10717-3

neuralGAM: An R Package for fitting Generalized Additive Neural Networks

Published in The R Journal, 2026

Generalized Additive Models (GAMs) are widely used because of their interpretability and flexibility, while neural networks provide strong predictive performance for complex tasks. This paper introduces neuralGAM, an open-source R package implementing Generalized Additive Neural Networks that combine the interpretability of GAMs with the representational power of deep learning architectures.

Recommended citation: Ortega-Fernandez, I., & Sestelo, M. (2026). neuralGAM: An R Package for fitting Generalized Additive Neural Networks. The R Journal. https://doi.org/10.5281/zenodo.10964608 https://doi.org/10.5281/zenodo.10964608

On the Practical Viability of Local Agentic Language Models for Android Security Analysis

Published in Jornadas Nacionales de Investigación en Ciberseguridad (JNIC 2026), 2026

Large Language Models (LLMs) are increasingly being explored for cybersecurity applications, including malware analysis, vulnerability discovery, and mobile-security assessment. This work investigates the practical feasibility of using local agentic language models for Android security analysis, with a focus on privacy-preserving and resource-efficient deployment scenarios.

Recommended citation: Padín-Torrente, H., & Ortega-Fernandez, I. (2026). On the Practical Viability of Local Agentic Language Models for Android Security Analysis. Poster presentation at Jornadas Nacionales de Investigación en Ciberseguridad (JNIC 2026). https://2026.jnic.es/

software

Hexanonymity: a scalable geo-positioned data clustering algorithm for anonymisation purposes

Hexanonymity is a new algorithm for the anonymisation of geo-positioned data which introduces a limited amount of information loss while providing k-anonymity. Hexanonymity leverages the Uber H3 geo-indexing system, which subdivides the earth into hexagonal meshes. We take advantage of a property of hexagon meshes, where for any of them, the distance from its centre to the centre of the six surrounding hexagons is always the same. This property allows the algorithm to generate high-quality clusters of geo-positioned data points, introducing a limited information loss.

Recommended citation: Rodriguez-Viñas, J., & Ortega-Fernandez, I. (2023). Hexanonymity: a scalable geo-positioned data clustering algorithm for anonymisation purposes (Version 1.0.0) [Computer software].

talks

Detectando ciberataques y comportamientos anómalos mediante UEBA - Un caso de uso real en Abanca

En esta ponencia presentamos los resultados obtenidos en un caso de uso real de aplicación de técnicas UEBA y Deep Learning para la detección de ciberataques y comportamientos anómalos en la infraestructura de Abanca. Entre las principales ventajas de nuestra metodología se encuentra la capacidad de incorporar una amplia variedad de fuentes de datos, el carácter no supervisado de los modelos, y una mayor interpretabilidad respecto a otros enfoques.

teaching

External Academic Practices Supervision

Academic practices advisor, University of Santiago de Compostela, BSc in Computer Science, 2021

Supervision of external academic practices (225 hours) for Javier Rodríguez Viñas within the Bachelor’s Degree in Computer Science at the University of Santiago de Compostela.

Implementation and Demonstration of Anonymization Algorithms for Geopositioned Data

Academic thesis advisor, Universidade de Santiago de Compostela, BSc in Computer Engineering, 2022

Co-supervision of the Bachelor’s thesis “Implementation and Demonstration of Anonymization Algorithms for Geopositioned Data” by Javier Rodríguez Viñas. The work focused on scalable anonymization methodologies and clustering algorithms for privacy-preserving processing of geo-positioned datasets.

Cyberattack Detection via User and Entity Behavior Analytics

Academic thesis advisor, Universidade de Santiago de Compostela, MSc in Big Data Analytics, 2022

Co-supervision of the MSc thesis “Cyberattack Detection via User and Entity Behavior Analytics” by Mauro Saavedra Golán. The work focused on cybersecurity anomaly detection using UEBA methodologies and machine-learning techniques for behavioral analytics.

Study and Implementation of Practical Privacy Attacks on Machine Learning in Federated Learning Settings

Academic thesis advisor, University of Vigo, BSc in Computer Engineering, 2024

Co-supervision of the Bachelor’s thesis “Study and Implementation of Practical Privacy Attacks on Machine Learning in Federated Learning Settings” by Roy Covelo Vázquez. The work explored practical privacy attacks against Federated Learning systems, including inference attacks and privacy-risk analysis. The thesis received Honors and was awarded Best Bachelor’s Thesis in Cybersecurity.

Statistics - Bachelor’s Degree in Business Administration and Management

Teaching, University of Vigo, Department of Statistics and Operative Research, 2024

Teaching the Statistics course at the Bachelor’s Degree in Business Administration and Management, including basic statistical concepts such as descriptive statistics, calculation of probabilities, random variables, and parametric inference.

Explainable Artificial Intelligence for Anomaly Detection in Cybersecurity

Academic thesis advisor, Universidade da Coruña, PhD Programme in Information and Communication Technologies (In progress), 2028

Co-supervision of the PhD thesis “Explainable Artificial Intelligence for Anomaly Detection in Cybersecurity” by Héctor Padín Torrente, focused on interpretable and trustworthy machine-learning methodologies for cybersecurity anomaly detection.