Um Middleware Markoviano Incremental para Detecção de Anomalias em Sistemas de Controle de Acesso Físico
Resumo
A detecção de anomalias comportamentais em Sistemas de Controle de Acesso Físico (PACS) ainda é predominantemente baseada em regras estáticas de autorização, o que cria uma lacuna na identificação de desvios sutis de deslocamento que não violam permissões explícitas, mas podem indicar uso indevido de credenciais ou privilégios. Para sanar esse problema, este trabalho propõe um middleware não supervisionado e incremental para detecção de anomalias em PACS, capaz de operar em tempo real sobre grandes volumes de registros sequenciais. O middleware modela o deslocamento individual de cada usuário por Cadeias de Markov em Tempo Discreto, nas quais os estados representam pontos de acesso físicos e as probabilidades de transição capturam rotinas espaciais legítimas. O middleware foi avaliado em mais de cinco anos de dados reais de um PACS corporativo (≈13,9 milhões de transições) e, em uma avaliação prospectiva com 44.329 eventos não vistos, rotulou cerca de 1,75% dos registros como anômalos, distinguindo anomalias parciais e fortes, com baixo custo computacional e suporte quantitativo à priorização operacional de alertas.
Referências
Alhakami, W., Alharbi, A. I., Bourouis, S., Alroobaea, R. S., and Bouguila, N. (2019). Network anomaly intrusion detection using a nonparametric bayesian approach and feature selection. IEEE Access, 7:52181 – 52190. Cited by: 120; All Open Access; Gold Open Access.
Bitirgen, K. and Basaran FILIK, U. (2023). A hybrid deep learning model for discrimination of physical disturbance and cyber-attack detection in smart grid. International Journal of Critical Infrastructure Protection, 40. Cited by: 81.
Cai, T., Jia, T., Adepu, S., Li, Y., and Yang, Z. (2023). Adam: An adaptive ddos attack mitigation scheme in software-defined cyber-physical system. IEEE Transactions on Industrial Informatics, 19(6):7802 – 7813. Cited by: 54.
de Moura, A. C., Caetano, M. F., Gondim, J. J., Araujo, A., Marotta, M. A., Bondan, L., et al. (2024). Anomaly detection in logs: A comparative analysis of unsupervised algorithms. In 13th Symposium on Languages, Applications and Technologies (SLATE 2024), pages 12–1. Schloss Dagstuhl–Leibniz-Zentrum für Informatik.
Dutta, V., Choraś, M., Pawlicki, M., and Kozik, R. (2020). A deep learning ensemble for network anomaly and cyber-attack detection. Sensors, 20(16):1 – 20. Cited by: 147; All Open Access; Gold Open Access; Green Final Open Access; Green Open Access.
Feng, C. and Tian, P. (2021). Time series anomaly detection for cyber-physical systems via neural system identification and bayesian filtering. In Proceedings of the 27th ACM SIGKDD Conference on Knowledge Discovery & Data Mining, KDD ’21, page 2858–2867, New York, NY, USA. Association for Computing Machinery.
Fernandes, R., Dalmazo, B. L., Riker, A., Rocha Filho, G. P., Meneguette, R., Júnior, L. P., and Immich, R. (2026). A computational intelligence-driven reference architecture for anomaly detection in software-defined networking (sdn). In Simpósio Brasileiro de Sistemas de Informação (SBSI), pages 811–830. SBC.
Franze’, G., Lucia, W., and Tedesco, F. (2022). Resilient model predictive control for constrained cyber-physical systems subject to severe attacks on the communication channels. IEEE Transactions on Automatic Control, 67(4):1822 – 1836. Cited by: 60.
Geepalla, E. and Asharif, S. (2020). Analysis of physical access control system for understanding users behavior and anomaly detection using neo4j. In Proceedings of the 6th International Conference on Engineering & MIS 2020, pages 1–6.
Guo, Z., Shi, D., Johansson, K. H., and Shi, L. (2018). Worst-case stealthy innovation-based linear attack on remote state estimation. Automatica, 89:117 – 124. Cited by: 277.
Han, S. and Woo, S. S. (2022). Learning sparse latent graph representations for anomaly detection in multivariate time series. In Proceedings of the 28th ACM SIGKDD Conference on Knowledge Discovery and Data Mining, KDD ’22, page 2977–2986, New York, NY, USA. Association for Computing Machinery.
Huang, X., Hu, Z., and Yun, P. (2023). A survey of collective anomaly detection on sequence dataset. Int. J. Data Warehous. Min., 19(1):1–22.
Kwon, S., Yoo, H., and Shon, T. (2020). Ieee 1815.1-based power system security with bidirectional rnn-based network anomalous attack detection for cyber-physical system. IEEE Access, 8:77572 – 77586. Cited by: 83; All Open Access; Gold Open Access.
Li, D., Chen, D., Jin, B., Shi, L., Goh, J., and Ng, S. K. (2019). Mad-gan: Multivariate anomaly detection for time series data with generative adversarial networks. Lecture Notes in Computer Science, 11730 LNCS:703 – 716. Cited by: 987.
Molina, A. L., Gonçalves, V. P., De Sousa, R. T., Pividal, M., Meneguette, R. I., and Rocha Filho, G. P. (2022). A lightweight unsupervised learning architecture to enhance user behavior anomaly detection. In 2022 IEEE Latin-American Conference on Communications (LATINCOM), pages 1–6. IEEE.
Moustafa, N., Adi, E., Turnbull, B., and Hu, J. (2018). A new threat intelligence scheme for safeguarding industry 4.0 systems. IEEE Access, 6:32910 – 32924. Cited by: 131; All Open Access; Gold Open Access.
Nevat, I., Divakaran, D. M., Nagarajan, S. G., Zhang, P., Su, L., Ko, L., and Thing, V. L. (2018). Anomaly detection and attribution in networks with temporally correlated traffic. IEEE/ACM Transactions on Networking, 26(1):131 – 144. Cited by: 68.
Saheed, Y. K. and Sanjay, M. (2025). Cps-iot-ppdnn: A new explainable privacy preserving dnn for resilient anomaly detection in cyber-physical systems-enabled iot networks. Chaos, Solitons and Fractals, 191. Cited by: 42.
Skopik, F., Wurzenberger, M., Höld, G., Landauer, M., and Kuhn, W. (2022). Behavior-based anomaly detection in log data of physical access control systems. IEEE Transactions on Dependable and Secure Computing, 20(4):3158–3175.
Zamanzadeh Darban, Z., Webb, G. I., Pan, S., Aggarwal, C., and Salehi, M. (2024). Deep learning for time series anomaly detection: A survey. ACM Comput. Surv., 57(1).
Bitirgen, K. and Basaran FILIK, U. (2023). A hybrid deep learning model for discrimination of physical disturbance and cyber-attack detection in smart grid. International Journal of Critical Infrastructure Protection, 40. Cited by: 81.
Cai, T., Jia, T., Adepu, S., Li, Y., and Yang, Z. (2023). Adam: An adaptive ddos attack mitigation scheme in software-defined cyber-physical system. IEEE Transactions on Industrial Informatics, 19(6):7802 – 7813. Cited by: 54.
de Moura, A. C., Caetano, M. F., Gondim, J. J., Araujo, A., Marotta, M. A., Bondan, L., et al. (2024). Anomaly detection in logs: A comparative analysis of unsupervised algorithms. In 13th Symposium on Languages, Applications and Technologies (SLATE 2024), pages 12–1. Schloss Dagstuhl–Leibniz-Zentrum für Informatik.
Dutta, V., Choraś, M., Pawlicki, M., and Kozik, R. (2020). A deep learning ensemble for network anomaly and cyber-attack detection. Sensors, 20(16):1 – 20. Cited by: 147; All Open Access; Gold Open Access; Green Final Open Access; Green Open Access.
Feng, C. and Tian, P. (2021). Time series anomaly detection for cyber-physical systems via neural system identification and bayesian filtering. In Proceedings of the 27th ACM SIGKDD Conference on Knowledge Discovery & Data Mining, KDD ’21, page 2858–2867, New York, NY, USA. Association for Computing Machinery.
Fernandes, R., Dalmazo, B. L., Riker, A., Rocha Filho, G. P., Meneguette, R., Júnior, L. P., and Immich, R. (2026). A computational intelligence-driven reference architecture for anomaly detection in software-defined networking (sdn). In Simpósio Brasileiro de Sistemas de Informação (SBSI), pages 811–830. SBC.
Franze’, G., Lucia, W., and Tedesco, F. (2022). Resilient model predictive control for constrained cyber-physical systems subject to severe attacks on the communication channels. IEEE Transactions on Automatic Control, 67(4):1822 – 1836. Cited by: 60.
Geepalla, E. and Asharif, S. (2020). Analysis of physical access control system for understanding users behavior and anomaly detection using neo4j. In Proceedings of the 6th International Conference on Engineering & MIS 2020, pages 1–6.
Guo, Z., Shi, D., Johansson, K. H., and Shi, L. (2018). Worst-case stealthy innovation-based linear attack on remote state estimation. Automatica, 89:117 – 124. Cited by: 277.
Han, S. and Woo, S. S. (2022). Learning sparse latent graph representations for anomaly detection in multivariate time series. In Proceedings of the 28th ACM SIGKDD Conference on Knowledge Discovery and Data Mining, KDD ’22, page 2977–2986, New York, NY, USA. Association for Computing Machinery.
Huang, X., Hu, Z., and Yun, P. (2023). A survey of collective anomaly detection on sequence dataset. Int. J. Data Warehous. Min., 19(1):1–22.
Kwon, S., Yoo, H., and Shon, T. (2020). Ieee 1815.1-based power system security with bidirectional rnn-based network anomalous attack detection for cyber-physical system. IEEE Access, 8:77572 – 77586. Cited by: 83; All Open Access; Gold Open Access.
Li, D., Chen, D., Jin, B., Shi, L., Goh, J., and Ng, S. K. (2019). Mad-gan: Multivariate anomaly detection for time series data with generative adversarial networks. Lecture Notes in Computer Science, 11730 LNCS:703 – 716. Cited by: 987.
Molina, A. L., Gonçalves, V. P., De Sousa, R. T., Pividal, M., Meneguette, R. I., and Rocha Filho, G. P. (2022). A lightweight unsupervised learning architecture to enhance user behavior anomaly detection. In 2022 IEEE Latin-American Conference on Communications (LATINCOM), pages 1–6. IEEE.
Moustafa, N., Adi, E., Turnbull, B., and Hu, J. (2018). A new threat intelligence scheme for safeguarding industry 4.0 systems. IEEE Access, 6:32910 – 32924. Cited by: 131; All Open Access; Gold Open Access.
Nevat, I., Divakaran, D. M., Nagarajan, S. G., Zhang, P., Su, L., Ko, L., and Thing, V. L. (2018). Anomaly detection and attribution in networks with temporally correlated traffic. IEEE/ACM Transactions on Networking, 26(1):131 – 144. Cited by: 68.
Saheed, Y. K. and Sanjay, M. (2025). Cps-iot-ppdnn: A new explainable privacy preserving dnn for resilient anomaly detection in cyber-physical systems-enabled iot networks. Chaos, Solitons and Fractals, 191. Cited by: 42.
Skopik, F., Wurzenberger, M., Höld, G., Landauer, M., and Kuhn, W. (2022). Behavior-based anomaly detection in log data of physical access control systems. IEEE Transactions on Dependable and Secure Computing, 20(4):3158–3175.
Zamanzadeh Darban, Z., Webb, G. I., Pan, S., Aggarwal, C., and Salehi, M. (2024). Deep learning for time series anomaly detection: A survey. ACM Comput. Surv., 57(1).
Publicado
25/05/2026
Como Citar
MORAIS, Lucas V.; GONÇALVES, Vinícius P.; MENDONÇA, Fábio Lúcio L. de; MENEGUETTE, Rodolfo I.; SILVA, Francisco A.; ROCHA FILHO, Geraldo P..
Um Middleware Markoviano Incremental para Detecção de Anomalias em Sistemas de Controle de Acesso Físico. In: SIMPÓSIO BRASILEIRO DE REDES DE COMPUTADORES E SISTEMAS DISTRIBUÍDOS (SBRC), 44. , 2026, Praia do Forte/BA.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2026
.
p. 1373-1386.
ISSN 2177-9384.
DOI: https://doi.org/10.5753/sbrc.2026.18625.
