Member

Abstract
Within both the cyber kill chain and MITRE ATT&CK frameworks, Lateral Movement (LM) is defined as any activity that allows adversaries to progressively move deeper into a system in seek of high-value assets. Although this timely subject has been studied in the cybersecurity literature to a significant degree, so far, no work provides a comprehensive survey regarding the identification of LM from mainly an Intrusion Detection System (IDS) viewpoint. To cover this noticeable gap, this work provides a systematic, holistic overview of the topic, not neglecting new communication paradigms, such as the Internet of Things (IoT). The survey part, spanning a time window of eight years and 53 articles, is split into three focus areas, namely, Endpoint Detection and Response (EDR) schemes, machine learning oriented solutions, and graph-based strategies. On top of that, we bring to light interrelations, mapping the progress in this field over time, and offer key observations that may propel LM research forward.

Abstract
This work provides an answer to the following key question: Are the Web-based management interfaces of the contemporary off-the-shelf wireless access points (WAP) free of flaws and vulnerabilities? The short answer is not very much. That is, after performing a vulnerability assessment on the Web interfaces of six different WAPs by an equal number of diverse renowned vendors, we reveal a significant number of assorted medium to high severity vulnerabilities that are straightforwardly or indirectly exploitable. Overall, 13 categories of vulnerabilities translated to 28 zero-day attacks are exposed. Our findings range from legacy path traversal, cross-site scripting, and clickjacking attacks to HTTP request smuggling and splitting, replay, denial of service, and information leakage among others. In the worst case, the attacker can acquire the administrator's (admin) credentials and the WAP's Wi-Fi passphrases or permanently lock the admin out of accessing the WAP's Web interface. On top of everything else, we identify the already applied hardening measures by these devices and elaborate on extra countermeasures which are required to tackle the identified weaknesses. To our knowledge, this work contributes the first wholemeal appraisal of the security level of this kind of Web-based interfaces that go hand and glove with the myriads of WAPs out there, and it is therefore anticipated to serve as a basis for further research in this timely and challenging field.

Abstract
Wi-Fi is arguably the most proliferated wireless technology today. Due to its massive adoption, Wi-Fi deployments always remain in the epicenter of attackers and evildoers. Surprisingly, research regarding machine learning driven intrusion detection systems (IDS) that are specifically optimized to detect Wi-Fi attacks is lagging behind. On top of that, the field is dominated by false or half-true assumptions that potentially can lead to corresponding models being overfilled to certain validation datasets, simply giving the impression or illusion of high efficiency. This work attempts to provide concrete answers to the following key questions regarding IEEE 802.11 machine learning driven IDS. First, from an expert's viewpoint and with reference to the relevant literature, what are the criteria for determining the smallest possible set of classification features, which are also common and potentially transferable to virtually any deployment types/versions of 802.11? And second, based on these features, what is the detection performance across different network versions and diverse machine learning techniques, i.e., shallow versus deep learning ones? To answer these questions, we rely on the renowned 802.11 security-oriented AWID family of datasets. In a nutshell, our experiments demonstrate that with a rather small set of 16 features and without the use of any optimization or ensemble method, shallow and deep learning classification can achieve an average F1 score of up to 99.55\% and 97.55\%, respectively. We argue that the suggested human expert driven feature selection leads to lightweight, deployment-agnostic detection systems, and therefore can be used as a basis for future work in this interesting and rapidly evolving field.

Abstract
Intrusion detection in wireless and, more specifically, Wi-Fi networks is lately increasingly under the spotlight of the research community. However, the literature currently lacks a comprehensive assessment of the potential to detect application layer attacks based on both 802.11 and non-802.11 network protocol features. The investigation of this capacity is of paramount importance, since Wi-Fi domains are often used as a stepping stone by threat actors for unleashing an ample variety of application layer assaults. In this setting, by exploiting the contemporary AWID3 benchmark dataset along with both shallow and deep learning machine learning techniques, this work attempts to provide concrete answers to a dyad of principal matters. First, what is the competence of 802.11-specific and non-802.11 features when used separately and in tandem in detecting application layer attacks, say, website spoofing? Second, which network protocol features are the most informative to the machine learning model for detecting application layer attacks? Without relying on any optimization or dimensionality reduction technique, our experiments, indicatively exploiting an engineered feature, demonstrate a detection performance up to 96.7% in terms of the Area under the ROC Curve (AUC) metric.

Abstract
WPA3-Personal renders the Simultaneous Authentication of Equals (SAE) password-authenticated key agreement method mandatory. The scheme achieves forward secrecy and is highly resistant to offline brute-force dictionary attacks. Given that SAE is based on the Dragonfly handshake, essentially a simple password exponential key exchange, it remains susceptible to clogging type of attacks at the Access Point side. To resist such attacks, SAE includes an anti-clogging scheme. To shed light on this contemporary and high-stakes issue, this work offers a full-fledged empirical study on Denial of Service (DoS) against SAE. By utilizing both real-life modern Wi-Fi 6 certified and non-certified equipment and the OpenBSD's hostapd, we expose a significant number of novel DoS assaults affecting virtually any AP. No less important, more than a dozen of vendor-depended and severe zero-day DoS assaults are manifested, showing that the implementation of the protocol by vendors is not yet mature enough. The fallout of the introduced attacks to the associated stations ranges from a temporary loss of Internet connectivity to outright disconnection. To our knowledge, this work provides the first wholemeal appraisal of SAE's mechanism endurance against DoS, and it is therefore anticipated to serve as a basis for further research in this timely and intriguing area.

Abstract
Critical infrastructures and industrial organizations aggressively move towards integrating elements of modern Information Technology (IT) into their monolithic Operational Technology (OT) architectures. Yet, as OT systems progressively become more and more interconnected, they silently have turned into alluring targets for diverse groups of adversaries. Meanwhile, the inherent complexity of these systems, along with their advanced-in-age nature, prevents defenders from fully applying contemporary security controls in a timely manner. Forsooth, the combination of these hindering factors has led to some of the most severe cybersecurity incidents of the past years. This work contributes a full-fledged and up-to-date survey of the most prominent threats and attacks against Industrial Control Systems and critical infrastructures, along with the communication protocols and devices adopted in these environments. Our study highlights that threats against critical infrastructure follow an upward spiral due to the mushrooming of commodity tools and techniques that can facilitate either the early or late stages of attacks. Furthermore, our survey exposes that existing vulnerabilities in the design and implementation of several of the OT-specific network protocols and devices may easily grant adversaries the ability to decisively impact physical processes. We provide a categorization of such threats and the corresponding vulnerabilities based on various criteria. As far as we are aware, this is the first time an exhaustive and detailed survey of this kind is attempted.

Abstract
No nontrivial software system can be built without regard for security. Even noncritical software systems can be used as an entry point to the critical systems to which they are connected, for example, exploiting system vulnerabilities to steal passwords for login and network access. This article describes one such attack.

Abstract
This work serves two key objectives. First, it markedly supplements and extends the well-known AWID corpus by capturing and studying traces of a wide variety of attacks hurled in the IEEE 802.1X Extensible Authentication Protocol (EAP) environment. Second, given that all the 802.11-oriented attacks have been carried out when the defenses introduced by Protected Management Frames (PMF) were operative, it offers the first to our knowledge full-fledged empirical study regarding the robustness of the IEEE 802.11w amendment, which is mandatory for WPA3 certified devices. Under both the aforementioned settings, the dataset, and study at hand are novel and are anticipated to be of significant aid towards designing and evaluating intrusion detection systems. Moreover, in an effort to deliver a well-rounded dataset of greater lifespan, and under the prism of an attacker escalating their assault from the wireless MAC layer to higher ones, we have additionally included several assaults that are common to IEEE 802.3 networks. Since the corpus is publicly offered in the form of raw cleartext pcap files, future research can straightforwardly exploit any subset of features, depending on the particular application scenario.

Abstract
Protocol stacks specifically designed for the Internet of Things (IoT) have become commonplace. At the same time, security and privacy concerns regarding IoT technologies are also attracting significant attention given the risks that are inherently associated with the respective devices and their numerous applications, ranging from healthcare, smart homes and cities, to intelligent transportation systems and industrial automation. Considering the still heterogeneous nature of the majority of IoT protocols, a major concern is to find common references for investigating and analysing their security and privacy threats. To this end, and on top of the current literature, this work provides a comprehensive, vis-à-vis comparison of the security aspects of the so far most widespread IoT Wireless Personal Area Network (WPAN) protocols, namely, BLE, Z-Wave, Zigbee, Thread, and EnOcean. A succinct but exhaustive review of the relevant literature from 2013 up to now is offered as a side contribution.

Abstract
The critical process of hiring has relatively recently been ported to the cloud. Specifically, the automated systems responsible for completing the recruitment of new employees in an online fashion, aim to make the hiring process more immediate, accurate and cost-efficient. However, the online exposure of such traditional business procedures has introduced new points of failure that may lead to privacy loss for applicants and harm the reputation of organizations. So far, the most common case of Online Recruitment Frauds (ORF), is employment scam. Unlike relevant online fraud problems, the tackling of ORF has not yet received the proper attention, remaining largely unexplored until now. Responding to this need, the work at hand defines and describes the characteristics of this severe and timely novel cyber security research topic. At the same time, it contributes and evaluates the first to our knowledge publicly available dataset of 17,880 annotated job ads, retrieved from the use of a real-life system.

Abstract
The Mirai botnet and its variants and imitators are a wake-up call to the industry to better secure Internet of Things (IoT) devices or risk exposing the Internet infrastructure to increasingly disruptive distributed denial-of-service (DDoS) attacks.

Abstract
With the mushrooming of wireless access infrastructures, the amount of data generated, transferred and consumed by the users of such networks has taken enormous proportions. This fact further complicates the task of network intrusion detection, especially when advanced Machine Learning (ML) operations are involved in the process. In wireless environments, the monitored data are naturally distributed among the numerous sensor nodes of the system. Therefore, the analysis of data must either happen in a central location after first collecting it from the sensors or locally through collaboration by viewing the problem through a distributed ML perspective. In both cases, concerns are risen regarding the requirements of this demanding task in matters of required network resources and achieved security/privacy. This paper proposes TermID, a distributed network intrusion detection system that is well-suited for wireless networks. The system is based on classification rule induction and Swarm Intelligence principles to achieve efficient model training for intrusion detection purposes, without exchanging sensitive data. An additional achievement is that the produced model is easily readable by humans. While these are the main design principles of our approach the accuracy of the produced model is not compromised by the distribution of the tasks and remains at competitive levels. Both the aforementioned claims are verified by the results of detailed experiments withheld with the use of a publicly available security-focused wireless dataset.

Abstract
WiFi has become the de facto wireless technology for achieving short to medium-range device connectivity. While early attempts to secure this technology have been proved inadequate in several respects, the current, more robust, security amendments will inevitably get outperformed in the future too. In any case, several security vulnerabilities have been spotted in virtually any version of the protocol rendering the integration of external protection mechanisms a necessity. In this context, the contribution of this paper is multi-fold. First, it gathers, categorizes, thoroughly evaluates the most popular attacks on 802.11, and analyzes their signatures. Second, it offers a publicly available dataset containing a rich blend of normal and attack traffic against 802.11 networks. A quite extensive first-hand evaluation of this dataset using several machine learning algorithms and data features is also provided. Given that to the best of our knowledge the literature lacks such a rich and well-tailored dataset, it is anticipated that the results of the work at hand will offer a solid basis for intrusion detection in the current as well as, next generation wireless networks.

Abstract
Corporate hiring has recently been ported to the cloud, mainly through the use of Applicant Tracking Systems (ATS). However, the online exposure fueled a new type of online scam, namely Employment Scam, that jeopardizes job seekers privacy and harms the reputation of organizations. Employment Scam remains largely unexplored until now. It shares common characteristics with relevant fraud detection problems such as email spam and phishing but its own peculiarities can intrigue researchers to delve deeper into the field. To this direction, this article also presents a preliminary empirical analysis of real-life fraudulent job ads.

Abstract
The IEEE 802.16 technology, commonly referred to as WiMAX, gains momentum as an option for broadband wireless communication access. So far, several research works focus on the security of the 802.16 family of standards. In this context, the contribution of this paper is twofold. First, it provides a comprehensive taxonomy of attacks and countermeasures on 802.16. Each attack is classified based on several factors, e.g. its type, likelihood of occurrence, impact upon the system etc. and its potential is reviewed with reference to the standard. Possible countermeasures and remedies proposed for each category of attacks are also discussed to assess their effectiveness. Second, a full-scale assessment study of indicative attacks that belong to broader attack classes is conducted in an effort to better comprehend their impact on the 802.16 realm. As far as we are aware of, this is the first time an exhaustive and detailed survey of this kind is attempted.

Abstract
Intrusion Detection Systems (IDS) have nowadays become a necessary component of almost every security infrastructure. So far, many different approaches have been followed in order to increase the efficiency of IDS. Swarm Intelligence (SI), a relatively new bioinspired family of methods, seeks inspiration in the behavior of swarms of insects or other animals. After applied in other fields with success SI started to gather the interest of researchers working in the field of intrusion detection. In this paper we explore the reasons that led to the application of SI in intrusion detection, and present SI methods that have been used for constructing IDS. A major contribution of this work is also a detailed comparison of several SI-based IDS in terms of efficiency. This gives a clear idea of which solution is more appropriate for each particular case.

Abstract
The Universal Mobile Telecommunication Standard (UMTS) is continuously evolving to meet the growing demand of modern mobile and Internet applications for high capacity and advanced features in security and quality of service. Although admittedly enhanced in terms of security when compared to 2G systems, UMTS still has weaknesses that can lead to security incidents. In this paper, we investigate the vulnerabilities of the UMTS security architecture that can be exploited by a malicious individual to mount Denial of Service (DoS) attacks. Our focus is on signaling-oriented attacks above the physical layer. We describe and analyze several novel attacks that can be triggered against both core UMTS architecture as well as hybrid UMTS/WLAN realms. An additional contribution of this paper is the presentation of an extensive survey of similar attacks in UMTS and related protocol infrastructures such as IP Multimedia Subsystem (IMS). Finally, we offer some suggestions that would provide greater tolerance to the system against DoS attacks.

Abstract
During the last decade the academic world is continuously capitalizing on the use of Internet and web-based learning solutions, because of the simplicity and immediacy in creating, organizing and managing educational material and student data. However, the delivery of educational content to the end-user is characterized by visual presentation and the requirement of some sort of access either wired or wireless to the Internet, which blocks visually impaired individuals or people who don’t have access to the Internet in one way or another from accessing educational content. In this paper we describe the design and implementation of the Internet Telephony Learning System (TELS). Besides all other, TELS exploits mature Internet/ web standards and the most popular communication mean in the world, the telephone, to provide audio interactivity between an otherwise traditional web application and the end-user. Unlike other similar applications, TELS does not need any special software or hardware to be accessed and since it is an open source traditional web application it can be custom-tailored to the individual needs of each institution. Since it is accessible to almost every communication device, we argue that it is useful for visually impaired, technologically uneducated, and underprivileged people for accessing information originally intended to be accessed visually via a Personal Computer.

Abstract
In this paper, we describe the design and implementation of an audio wiki application accessible via both the Public Switched Telephone Network and the Internet. The application exploits mature World Wide Web Consortium standards, such as VoiceXML, Speech Synthesis Markup Language, and Speech Recognition Grammar Specification toward achieving our goals. The purpose of such an application is to assist visually impaired, technologically uneducated, and underprivileged people in accessing information originally intended to be accessed visually via a personal computer (PC). Users may access wiki content via fixed or mobile phones, or via a PC using a Web Browser or a Voice over IP service. This feature promotes pervasiveness to collaboratively created content to an extremely large population, i.e., those who simply own a telephone line.

Abstract
It has been generally agreed that the security of electronic patient records and generally e-health applications must meet or exceed the standard security that should be applied to paper medical records, yet the absence of clarity on the proper goals of protection has led to confusion. The primary purpose of this study was to investigate appropriate security mechanisms, which will help clinical professionals and patients discharge their ethical and legal responsibilities by selecting suitable systems and operating them safely and in short order. Thus, in this paper we propose a security model based on XML with the intention of developing a fast security policy mostly intended for mobile healthcare information systems. The proposed schema consists of a set of principles based on XML security models through the use of partial encryption, signature and integrity services and it was implemented by means of a web-based m-health application in a centralized three-tier architecture utilizing wireless networks environment. Several experiments took place with the aim of measuring the client response time implementing a number of m-health scenarios. The results showed that the response times required for the fulfillment of a client request with the XML security model are smaller compared to those corresponding to the conventional security mechanisms such as the application of SSL. By selectively applying confidentiality and integrity services either to the medical information as a whole or to some sensitive parts of it, the obtained results clearly demonstrate that XML security mechanisms overwhelm those of SSL and they are suitable for deployment in m-health applications.

Abstract
The rapidly growing presence of Internet of Things (IoT) devices is becoming a continuously alluring playground for malicious actors who try to harness their vast numbers and diverse locations. One of their primary goals is to assemble botnets that can serve their nefarious purposes from Denial of Service (DoS) to spam and advertisement fraud. The most recent example that highlights the severity of the problem is the Mirai family of malware, which is accountable for a plethora of massive DDoS attacks of unprecedented volume and diversity. The aim of this paper is to offer a comprehensive state-of-the-art review of the state of IoT malware and the underlying reasons of its success with a particular focus on Mirai and major similar worms. To that end, we provide extensive details on the internal workings of IoT malware, examine their interrelationships, and elaborate on the possible strategies for defending against them.

Abstract
This paper focuses on network anomaly-detection and especially the effectiveness of Machine Learning (ML) techniques in detecting Denial of Service (DoS) in SIP-based VoIP ecosystems. It is true that until now several works in the literature have been devoted to this topic, but only a small fraction of them have done so in an elaborate way. Even more, none of them takes into account high and low-rate Distributed DoS (DDoS) when assessing the efficacy of such techniques in SIP intrusion detection. To provide a more complete estimation of this potential, we conduct extensive experimentations involving 5 different classifiers and a plethora of realistically simulated attack scenarios representing a variety of (D)DoS incidents. Moreover, for DDoS ones, we compare our results with those produced by two other anomaly-based detection methods, namely Entropy and Hellinger Distance. Our results show that ML-powered detection scores a promising false alarm rate in the general case, and seems to outperform similar methods when it comes to DDoS.

Abstract
At the onset of the ubiquitous computing era, systems need to respond to a variety of challenges, in order to capitalize on the benefits of pervasiveness. One of the pivotal enablers of pervasive computing is the RFID technology which can be successfully applied in numerous applications. However, the interaction of such applications with sensitive personal data renders the need for assuring confidentiality a sine qua non. The native limitations in computing resources, i.e., computational power, memory etc, that characterize nearly all classes of RFID tags make the development of custom-tailored RFID security protocols a troublesome yet challenging task. In this paper we propose a mutual authentication protocol for low cost RFID tags and readers. We also demonstrate that our scheme is more efficient in terms of resource utilization on the backend server, and under identical conditions, more secure when compared with existing congruent protocols.

Abstract
The Universal Mobile Telecommunication Standard (UMTS) is the Third Generation (3G) mobile technology with the widest public acceptance. Although, enhanced in matters of security, comparing to its predecessor i.e., the GSM, it still has vulnerabilities that can lead to security breach. In this paper we investigate the vulnerabilities of the UMTS architecture that can be exploited by a malicious entity to launch Denial of Service (DoS) attacks. We examine the methodologies that an attacker would possibly follow, as well as the possible outcome of such class of attacks. We also give some suggestions that would provide greater tolerance to the system against DoS attacks.

Abstract
Web personalization is an elegant and flexible process of making a web site responsive to the unique needs of each individual user. Data that reflects user preferences and likings, comprising therefore a user profile, are gathered to an adaptive web site in a non transparent manner. This situation however raises serious privacy concerns to the end user. When browsing a web site, users are not aware of several important privacy parameters i.e., which behavior will be monitored and logged, how it will be processed, how long it will be kept, and with whom it will be shared in the long run. In this paper we propose an abstract architecture that enhances user privacy during interaction with adaptive web sites. This architecture enables users to create and update their personal privacy preferences for the adaptive web sites they visit by holding their (user) profiles in the client side instead of the server side. By doing so users will be able to self-confine the personalization experience the adaptive sites offer, thus enhancing privacy.

Abstract
With the proliferation of Web 2.0 applications, collaborative learning has gathered a lot of attention due its potentiality in the e-learning field. Forums, Wikis and Blogs for example are only some of the applications that exploit the collaborative nature of e-learning. However, these applications are originally designed for access from desktop systems and access to them when on the move can prove a challenging task. This paper elaborates on the design and implementation of an assistive collaborative platform for educational purposes that can be accessed by heterogeneous hardware platforms such as PCs, PDAs, mobile or traditional phones due to its capability of representing data in vocal manner. Its main purpose is to provide a platform for collaboration between university students and teachers in a way that enhances students’ access to educational resources and their overall learning experience. This is achieved by personalizing its content at least to some degree. Furthermore, its acoustic/vocal characteristics may also prove valuable for learners with visual or kinetic impairments.

Abstract
In this paper, we describe the design and implementation of an audio wiki application accessible via the Public Switched Telephone Network (PSTN) and the Internet for educational purposes. The application exploits mature World Wide Web Consortium standards such as VoiceXML, Speech Synthesis Markup Language (SSML) and Speech Recognition Grammar Specification (SRGS). The purpose of such an application is to assist visually impaired, technologically uneducated, and underprivileged people in accessing information originally intended to be accessed visually via a Personal Computer. Users may access wiki content via wired or mobile phones, or via a Personal Computer using a Web Browser or a Voice over IP service. This feature promotes pervasiveness to educational material to an extremely large population, i.e. those who simply own a telephone line.

Abstract
During the last few years wikis have emerged as one of the most popular tool shells. Wikipedia has boosted their popularity, but they also keep a significant share in elearning, intranet-based applications such as defect tracking, requirements management, test-case management, and project portals. However, existing wiki systems cannot fully support mobile clients due to several incompatibilities that exist. On the top of that, an effective secure mobile wiki system must be lightweight enough to support low-end mobile devices having several limitations. In this paper we analyze the requirements for a novel multiplatform secure wiki implementation. XML Encryption and Signature specifications are employed to realize endto- end confidentiality and integrity services. Our scheme can be applied selectively and only to sensitive wiki content, thus diminishing by far computational resources needed at both ends; the server and the client. To address authentication of wiki clients a simple one-way authentication and session key agreement protocol is also introduced. The proposed solution can be easily applied to both centralized and forthcoming P2P wiki implementations.