D. Papamartzivanos, Félix Gómez Mármol, G. Kambourakis, Introducing Deep Learning Self-Adaptive Misuse Network Intrusion Detection Systems, IEEE Access, Vol. 7, No. 1, pp. 13546-13560, 2019, IEEE Press, https://ieeexplore.ieee.org/abstrac...
, indexed in SCI-E, IF = TBD before next July
Intrusion detection systems (IDSs) are essential elements when it comes to the protection of
an ICT infrastructure. Misuse IDSs a stable method that can achieve high attack detection rates (ADR), while keeping false alarm rates under acceptable levels. However, misuse IDSs suffer from the lack of agility, as they are unqualified to adapt to new and "unknown" environments. That is, such an IDS puts a security administrator into an intensive engineering task for keeping the IDS up-to-date every time it faces efficiency drops. Considering the extended size of modern networks and the complexity of big network traffic data, the problem exceeds by far the limits of human managing capabilities. In this regard, we propose a novel methodology which combines the benefits of self-taught learning and MAPE-K frameworks to deliver a scalable, self-adaptive and autonomous misuse IDS. Our methodology enables a misuse IDS to sustain a high ADR even if it is imposed to consecutive and drastic environmental changes. Through the utilization of deep-learning based methods, the IDS is able to grasp an attack’s nature based on generalized features reconstructions stemming directly from the unknown environment and its unlabeled data. The experimental results reveal that our methodology can breathe new life into the IDS without the constant need of manually refreshing its training set. We evaluate our proposal under several classification metrics, and we show that it is able to increase the ADR of the IDS up to 73.37% in critical situations where a statically trained IDS is rendered totally ineffective.
M. Zago, P. Nespoli, D. Papamartzivanos, M. G. Perez, Félix Gómez Mármol, G. Kambourakis, G. M. Perez, Screening out social bots interference: are there any silver bullets?, IEEE Communications Magazine, 2019, IEEE Press, https://www.comsoc.org/publications...
, indexed in SCI-E, IF = TBD before next July
Social networks are nowadays a primary source of news and information that can be steered,
distorted, and influenced. Recent scandals such as the Cambridge Analytics proved that social media users are prone to such direct manipulation. Among the weapons available to perform these antidemocracy attacks, Social Bots are beyond question the most powerful one. These autonomous entities constitute
coordinated armies which sneakily manipulate and deceive real users. Thus, our research identifies five major challenges that the research community needs to face toward tackling Social Bots activities in four individual but comparable scenarios. To address these key challenges, we propose, elaborate, and evaluate on a mix of remedies in the form of a proof-of-concept platform combining the agility of Artificial Intelligence with the expertise of human analysts to detect and shield against Social Bots interference
D. Papamartzivanos, Félix Gómez Mármol, G. Kambourakis, Dendron: Genetic Trees driven Rule Induction for Network Intrusion Detection Systems, Future Generation Computer Systems, Vol. 79, No. 2, pp. 558-574, 2018, Elsevier, http://www.sciencedirect.com/scienc...
, indexed in SCI-E
Intrusion detection systems (IDSs) are essential entities in a network topology aiming to safeguard the integrity and availability of sensitive assets in the protected systems. In misuse detection systems, which is the topic of the paper at hand, the detection process relies on specific attack signatures (rules) in an effort to distinguish between legitimate and malicious network traffic. Generally, three major challenges are associated with any IDS of this category: identifying patterns of new attacks with high accuracy, ameliorating the human-readability of the detection rules, and rightly designating the category these attacks belong to. To this end, we propose Dendron, a methodology for generating new detection rules which are able to classify both common and rare types of attacks. Our methodology takes advantage of both Decision Trees and Genetic Algorithms for the sake of evolving linguistically interpretable and accurate detection rules. It also integrates heuristic methods in the evolutionary process aiming to deal with the challenging nature of the network traffic, which generally biases machine learning techniques to neglect the minority classes of a dataset. The experimental results, using KDDCup'99, NSL-KDD and UNSW-NB15 datasets, reveal that Dendron is able to achieve superior results over other state-of-the-art and legacy techniques under several classification metrics, while at the same time is able to significantly detect rare intrusive incidents.
Pantaleone Nespoli, D. Papamartzivanos, Félix Gómez Mármol, G. Kambourakis, Optimal countermeasures selection against cyber attacks: A comprehensive survey on reaction frameworks, IEEE Communications Surveys and Tutorials, Vol. 20, No. 2, pp. 1361-1396, 2018, IEEE Press, http://ieeexplore.ieee.org/document...
, indexed in SCI-E, IF = 17.188
It is without doubt that today the volume and sophistication of cyber attacks keeps consistently growing, militating an endless arm race between attackers and defenders. In this context, full-fledged frameworks, methodologies, or strategies that are able to offer optimal or near-optimal reaction in terms of countermeasure selection, preferably in a fully or semi-automated way, are of high demand. This is reflected in the literature, which encompasses a significant number of major works on this topic spanning over a time period of 5 years, that is, from 2012 to 2016. The survey at hand has a dual aim, namely: first, to critically analyze all the pertinent works in this field, and second to offer an in-depth discussion and side-by-side comparison among them based on 7 common criteria. Also, a quite extensive discussion is offered to highlight on the shortcomings and future research challenges and directions in this timely area.
G. Kambourakis, D. Damopoulos, D. Papamartzivanos, M. Pavlidakis, Introducing Touchstroke: Keystroke-based Authentication System for Smartphones, Security and Communication Networks, Vol. 9, No. 6, pp. 542-554, 2016, Wiley, http://onlinelibrary.wiley.com/doi/...
, indexed in SCI-E, IF = 1.067
Keystroke dynamics is a well-investigated behavioral biometric based on the way and rhythm in which someone interacts with a keyboard or keypad when typing characters. This paper explores the potential of this modality but for touchscreen- equipped smartphones. The main research question posed is whether “touchstroking” can be effective in building the biometric profile of a user, in terms of typing pattern, for future authentication. To reach this goal, we implemented a touchstroke system in the Android platform and executed different scenarios under disparate methodologies to estimate its effectiveness in authenticating the end-user. Apart from typical classification features used in legacy keystroke systems, we introduce two novel ones, namely, speed and distance. From the experiments, it can be argued that touchstroke dynamics can be quite competitive, at least, when compared to similar results obtained from keystroke evaluation studies. As far as we are aware of, this is the first time this newly arisen behavioral trait is put into focus.
Z. Tsiatsikas, A. Fakis, D. Papamartzivanos, D. Geneiatakis, G. Kambourakis, C. Kolias, Battling against DDoS in SIP. Is machine learning-based detection an effective weapon?, The 12th International Conference on Security and Cryptography (SECRYPT 2015) , 2015, SCITEPRESS, http://www.secrypt.icete.org/
This paper focuses on network anomaly-detection and especially the effectiveness of Machine Learning (ML)
techniques in detecting Denial of Service (DoS) in SIP-based VoIP ecosystems. It is true that until now several
works in the literature have been devoted to this topic, but only a small fraction of them have done so in an
elaborate way. Even more, none of them takes into account high and low-rate Distributed DoS (DDoS) when
assessing the efficacy of such techniques in SIP intrusion detection. To provide a more complete estimation
of this potential, we conduct extensive experimentations involving 5 different classifiers and a plethora of
realistically simulated attack scenarios representing a variety of (D)DoS incidents. Moreover, for DDoS ones,
we compare our results with those produced by two other anomaly-based detection methods, namely Entropy
and Hellinger Distance. Our results show that ML-powered detection scores a promising false alarm rate in
the general case, and seems to outperform similar methods when it comes to DDoS.
D. Papamartzivanos, D. Damopoulos, G. Kambourakis, A cloud-based architecture to crowdsource mobile app privacy leaks, The 18th Panhellenic Conference on Informatics (PCI 2014), special session on Security and Privacy Issues in the Cloud Computing Era, pp. 1-6, 2014, ACM press, http://dl.acm.org/citation.cfm?id=2...
Most would agree that modern app-markets have been flooded with applications that not only threaten the security of the OS uperficially, but also in their majority, trample on user’s privacy through the exposure of sensitive information not necessarily needed for their operation. In this context, the current work revolves around 3 key questions: Is there a way for the end-user to easily track - the many times - hidden privacy leaks occurring due to the way mobile apps operate? Can crowdsourcing provide the end-user with a quantitative assessment per app in terms of privacy exposure level? And if yes, in which way a cloud-based crowdsourcing mechanism can detect and alert for changes in the apps’ behavior? Motivated by the aforementioned questions, we design a cloud-based system that operates under a crowdsourcing logic, with the aim to provide i) a real-time privacy-flow tracking service, ii) a collaborative infrastructure for exchanging information related to apps’ privacy exposure level, and iii) potentially a behavior-driven detection mechanism in an effort to take advantage of the crowdsourcing data to its maximum efficasy.