Stavros Shiaeles

Stylianos Monogios, Konstantinos Limniotis, Nicholas Kolokotronis et al.

The Android unrestricted application market, being of open source nature, has made it a popular platform for third-party applications reaching millions of smart devices in the world. This tremendous increase in applications with an extensive API that includes access to phone hardware, settings, and user data raises concerns regarding users privacy, as the information collected from the apps could be used for profiling purposes. In this respect, this paper focuses on the geolocation data and analyses five GPS applications to identify the privacy risks if no appropriate safeguards are present. Our results show that GPS navigation apps have access to several types of device data, while they may allow for personal data leakage towards third parties such as library providers or tracking services without providing adequate or precise information to the users. Moreover, as they are using third-party libraries, they suffer from the intra-library collusion issue, that could be exploited from advertising and analytics companies through apps and gather large amount of personal information without the explicit consent of the user.

Faisal Alsakran, Gueltoum Bendiab, Stavros Shiaeles et al.

Smart homes are one of the most promising applications of the emerging Internet of Things (IoT) technology. With the growing number of IoT related devices such as smart thermostats, smart fridges, smart speaker, smart light bulbs and smart locks, smart homes promise to make our lives easier and more comfortable. However, the increased deployment of such smart devices brings an increase in potential security risks and home privacy breaches. In order to overcome such risks, Intrusion Detection Systems are presented as pertinent tools that can provide network-level protection for smart devices deployed in home environments. These systems monitor the network activities of the smart home-connected de-vices and focus on alerting suspicious or malicious activity. They also can deal with detected abnormal activities by hindering the impostors in accessing the victim devices. However, the employment of such systems in the context of a smart home can be challenging due to the devices hardware limitations, which may restrict their ability to counter the existing and emerging attack vectors. Therefore, this paper proposes an experimental comparison between the widely used open-source NIDSs namely Snort, Suricata and Bro IDS to find the most appropriate one for smart homes in term of detection accuracy and resources consumption including CP and memory utilization. Experimental Results show that Suricata is the best performing NIDS for smart homes

Aimilia Panagiotou, Bogdan Ghita, Stavros Shiaeles et al.

Facebook represents the current de-facto choice for social media, changing the nature of social relationships. The increasing amount of personal information that runs through this platform publicly exposes user behaviour and social trends, allowing aggregation of data through conventional intelligence collection techniques such as OSINT (Open Source Intelligence). In this paper, we propose a new method to detect and diagnose variations in overall Facebook user psychology through Open Source Intelligence (OSINT) and machine learning techniques. We are aggregating the spectrum of user sentiments and views by using N-Games charts, which exhibit noticeable variations over time, validated through long term collection. We postulate that the proposed approach can be used by security organisations to understand and evaluate the user psychology, then use the information to predict insider threats or prevent insider attacks.

Ievgeniia Kuzminykh, Dan Shevchuk, Stavros Shiaeles et al.

Modern streaming services are increasingly labeling videos based on their visual or audio content. This typically augments the use of technologies such as AI and ML by allowing to use natural speech for searching by keywords and video descriptions. Prior research has successfully provided a number of solutions for speech to text, in the case of a human speech, but this article aims to investigate possible solutions to retrieve sound events based on a natural language query, and estimate how effective and accurate they are. In this study, we specifically focus on the YamNet, AlexNet, and ResNet-50 pre-trained models to automatically classify audio samples using their respective melspectrograms into a number of predefined classes. The predefined classes can represent sounds associated with actions within a video fragment. Two tests are conducted to evaluate the performance of the models on two separate problems: audio classification and intervals retrieval based on a natural language query. Results show that the benchmarked models are comparable in terms of performance, with YamNet slightly outperforming the other two models. YamNet was able to classify single fixed-size audio samples with 92.7% accuracy and 68.75% precision while its average accuracy on intervals retrieval was 71.62% and precision was 41.95%. The investigated method may be embedded into an automated event marking architecture for streaming services.

Levgeniia Kuzminykh, Bogdan Ghita, Stavros Shiaeles

Managing cryptographic keys can be a complex task for an enterprise and particularly difficult to scale when an increasing number of users and applications need to be managed. In order to address scalability issues, typical IT infrastructures employ key management systems that are able to handle a large number of encryption keys and associate them with the authorized requests. Given their necessity, recent years have witnessed a variety of key management systems, aligned with the features, quality, price and security needs of specific organisations. While the spectrum of such solutions is welcome and demonstrates the expanding nature of the market, it also makes it time consuming for IT managers to identify the appropriate system for their respective company needs. This paper provides a list of key management tools which include a minimum set of features, such as availability of secure database for managing keys, an authentication, authorization, and access control model for restricting and managing access to keys, effective logging of actions with keys, and the presence of an API for accessing functions directly from the application code. Five systems were comprehensively compared by evaluating the attributes related to complexity of the implementation, its popularity, linked vulnerabilities and technical performance in terms of response time and network usage. These were Pinterest Knox, Hashicorp Vault, Square Keywhiz, OpenStack Barbican, and Cyberark Conjur. Out of these five, Hachicorp Vault was determined to be the most suitable system for small businesses.

Muhammad Ali, Stavros Shiaeles, Nathan Clarke et al.

Digital investigators often get involved with cases, which seemingly point the responsibility to the person to which the computer belongs, but after a thorough examination malware is proven to be the cause, causing loss of precious time. Whilst Anti-Virus (AV) software can assist the investigator in identifying the presence of malware, with the increase in zero-day attacks and errors that exist in AV tools, this is something that cannot be relied upon. The aim of this paper is to investigate the behaviour of malware upon various Windows operating system versions in order to determine and correlate the relationship between malicious software and OS artifacts. This will enable an investigator to be more efficient in identifying the presence of new malware and provide a starting point for further investigation.

Christos Constantinides, Stavros Shiaeles, Bogdan Ghita et al.

Attack vectors are continuously evolving in order to evade Intrusion Detection systems. Internet of Things (IoT) environments, while beneficial for the IT ecosystem, suffer from inherent hardware limitations, which restrict their ability to implement comprehensive security measures and increase their exposure to vulnerability attacks. This paper proposes a novel Network Intrusion Prevention System that utilises a SelfOrganizing Incremental Neural Network along with a Support Vector Machine. Due to its structure, the proposed system provides a security solution that does not rely on signatures or rules and is capable to mitigate known and unknown attacks in real-time with high accuracy. Based on our experimental results with the NSL KDD dataset, the proposed framework can achieve on-line updated incremental learning, making it suitable for efficient and scalable industrial applications.

Stavros Shiaeles, Nicholas Kolokotronis, Emanuele Bellini

Internet of Things (IoT) is a whole new ecosystem comprised of heterogeneous connected devices -i.e. computers, laptops, smart-phones and tablets as well as embedded devices and sensors-that communicate to deliver capabilities making our living, cities, transport, energy, and many other areas more intelligent. The main concerns raised from the IoT ecosystem are the devices poor support for patching/updating and the poor on-board computational power. A number of issues stem from this: inherent vulnerabilities and the inability to detect and defend against external attacks. Also, due to the nature of their operation, the devices tend to be rather open to communication, which makes attacks easy to spread once reaching a network. The aim of this research is to investigate if it is possible to extract useful results regarding attacks' trends and be able to predict them, before it is too late, by crawling Deep/Dark and Surface web. The results of this work show that is possible to find the trend and be able to act proactively in order to protect the IoT ecosystem.

Christopher Braker, Stavros Shiaeles, Gueltoum Bendiab et al.

The openness feature of Twitter allows programs to generate and control Twitter accounts automatically via the Twitter API. These accounts, which are known as bots, can automatically perform actions such as tweeting, re-tweeting, following, unfollowing, or direct messaging other accounts, just like real people. They can also conduct malicious tasks such as spreading of fake news, spams, malicious software and other cyber-crimes. In this paper, we introduce a novel bot detection approach using deep learning, with the Multi-layer Perceptron Neural Networks and nine features of a bot account. A web crawler is developed to automatically collect data from public Twitter accounts and build the testing and training datasets, with 860 samples of human and bot accounts. After the initial training is done, the Multilayer Perceptron Neural Networks achieved an overall accuracy rate of 92%, which proves the performance of the proposed approach.

Nicholas Kolokotronis, Sotirios Brotsis, Georgios Germanos et al.

This paper considers the use of novel technologies for mitigating attacks that aim at compromising intrusion detection systems (IDSs). Solutions based on collaborative intrusion detection networks (CIDNs) could increase the resilience against such attacks as they allow IDS nodes to gain knowledge from each other by sharing information. However, despite the vast research in this area, trust management issues still pose significant challenges and recent works investigate whether these could be addressed by relying on blockchain and related distributed ledger technologies. Towards that direction, the paper proposes the use of a trust-based blockchain in CIDNs, referred to as trust-chain, to protect the integrity of the information shared among the CIDN peers, enhance their accountability, and secure their collaboration by thwarting insider attacks. A consensus protocol is proposed for CIDNs, which is a combination of a proof-of-stake and proof-of-work protocols, to enable collaborative IDS nodes to maintain a reliable and tampered-resistant trust-chain.

Sotirios Brotsis, Nicholas Kolokotronis, Konstantinos Limniotis et al.

The blockchain has found numerous applications in many areas with the expectation to significantly enhance their security. The Internet of things (IoT) constitutes a prominent application domain of blockchain, with a number of architectures having been proposed for improving not only security but also properties like transparency and auditability. However, many blockchain solutions suffer from inherent constraints associated with the consensus protocol used. These constraints are mostly inherited by the permissionless setting, e.g. computational power in proof-of-work, and become serious obstacles in a resource-constrained IoT environment. Moreover, consensus protocols with low throughput or high latency are not suitable for IoT networks where massive volumes of data are generated. Thus, in this paper we focus on permissioned blockchain platforms and investigate the consensus protocols used, aiming at evaluating their performance and fault tolerance as the main selection criteria for (in principle highly insecure) IoT ecosystem. The results of the paper provide new insights on the essential differences of various consensus protocols and their capacity to meet IoT needs.

Sotirios Brotsis, Nicholas Kolokotronis, Konstantinos Limniotis et al.

In the last few years, a countless number of permissioned blockchain solutions have been proposed, with each one to claim that it revolutionizes the way of the transaction processing along with the security and privacy preserving mechanisms that it provides. Hyperledger Fabric is one of the most popular permissioned blockchain architectures that has made a significant impact on the market. However, there are only few papers of finding architectural risks regarding the security and the privacy preserving mechanisms of Hyperledger Fabric. This paper separates the attack surface of the blockchain platform into four components, namely, consensus, chaincode, network and privacy preserving mechanisms, in all of which an attacker (from inside or outside the network) can exploit the platform's design and gain access to or misuse the network. In addition, we highlight the appropriate counter-measures that can be taken in each component to address the corresponding risks and provide a significantly secure and enhanced privacy preserving Fabric network. We hope that by bringing this paper into light, we can aid developers to avoid security flaws and implementations that can be exploited by attackers but also to motivate further research to harden the platform's security and the client's privacy.

Robert Shire, Stavros Shiaeles, Keltoum Bendiab et al.

Internet of Things devices have seen a rapid growth and popularity in recent years with many more ordinary devices gaining network capability and becoming part of the ever growing IoT network. With this exponential growth and the limitation of resources, it is becoming increasingly harder to protect against security threats such as malware due to its evolving faster than the defence mechanisms can handle with. The traditional security systems are not able to detect unknown malware as they use signature-based methods. In this paper, we aim to address this issue by introducing a novel IoT malware traffic analysis approach using neural network and binary visualisation. The prime motivation of the proposed approach is to faster detect and classify new malware (zero-day malware). The experiment results show that our method can satisfy the accuracy requirement of practical application.

Matthew Swann, Joseph Rose, Gueltoum Bendiab et al.

Network traffic generators are invaluable tools that allow for applied experimentation to evaluate the performance of networks, infrastructure, and security controls, by modelling and simulating the communication packets and payloads that would be produced by machines and devices on the network. Specifically for security applications, these tools can be used to consistently simulate malicious activity on the network and test the components designed to detect and mitigate malicious activities, in a highly reliable and customisable way. However, despite the promising features, most of these tools have some problems that can undermine the correctness of experiments. The accuracy of the simulation results depends strongly on the performance and reliability of the used generator. Thus, in this paper, we investigate the performance and accuracy of three of the most reviewed network traffic generators in literature, namely Cisco TRex, Ostinato and Genesids. Mainly, the comparative experiments examine the strengths and limitations of these tools, which can help the research community to choose the most suitable one to assess the performance of their networks and security controls

Efthimios Pantelidis, Gueltoum Bendiab, Stavros Shiaeles et al.

Insider attacks are one of the most challenging cybersecurity issues for companies, businesses and critical infrastructures. Despite the implemented perimeter defences, the risk of this kind of attack is still very high. In fact, the detection of insider attacks is a very complicated security task and presents a serious challenge to the research community. In this paper, we aim to address this issue by using deep learning algorithms Autoencoder and Variational Autoencoder deep. We will especially investigate the usefulness of applying these algorithms to automatically defend against potential internal threats, without human intervention. The effectiveness of these two models is evaluated on the public dataset CERT dataset (CERT r4.2). This version of the CERT Insider Threat Test dataset includes both benign and malicious activities generated from 1000 simulated users. The comparison results with other models show that the Variational Autoencoder neural network provides the best overall performance with a greater detection accuracy and a reasonable false positive rate

Joseph Rose, Matthew Swann, Gueltoum Bendiab et al.

The rapid increase in the use of IoT devices brings many benefits to the digital society, ranging from improved efficiency to higher productivity. However, the limited resources and the open nature of these devices make them vulnerable to various cyber threats. A single compromised device can have an impact on the whole network and lead to major security and physical damages. This paper explores the potential of using network profiling and machine learning to secure IoT against cyber-attacks. The proposed anomaly-based intrusion detection solution dynamically and actively profiles and monitors all networked devices for the detection of IoT device tampering attempts as well as suspicious network transactions. Any deviation from the defined profile is considered to be an attack and is subject to further analysis. Raw traffic is also passed on to the machine learning classifier for examination and identification of potential attacks. Performance assessment of the proposed methodology is conducted on the Cyber-Trust testbed using normal and malicious network traffic. The experimental results show that the proposed anomaly detection system delivers promising results with an overall accuracy of 98.35% and 0.98% of false-positive alarms.

Richard Brown, Gueltoum Bendiab, Stavros Shiaeles et al.

Traditional authentication systems that rely on simple passwords, PIN numbers or tokens have many security issues, like easily guessed passwords, PIN numbers written on the back of cards, etc. Thus, biometric authentication methods that rely on physical and behavioural characteristics have been proposed as an alternative for those systems. In real-world applications, authentication systems that involve a single biometric faced many issues, especially lack of accuracy and noisy data, which boost the research community to create multibiometric systems that involve a variety of biometrics. Those systems provide better performance and higher accuracy compared to other authentication methods. However, most of them are inconvenient and requires complex interactions from the user. Thus, in this paper, we introduce a novel multimodal authentication system that relies on machine learning and blockchain, with the aim of providing a more secure, transparent, and convenient authentication mechanism. The proposed system combines four important biometrics, fingerprint, face, age, and gender. The supervised learning algorithm Decision Tree has been used to combine the results of the biometrics verification process and produce a confidence level related to the user. The initial experimental results show the efficiency and robustness of the proposed multimodal systems.

Vasileios Koutsouvelis, Stavros Shiaeles, Bogdan Ghita et al.

Insider threats are one of the most damaging risk factors for the IT systems and infrastructure of a company or an organization; identification of insider threats has prompted the interest of the world academic research community, with several solutions having been proposed to alleviate their potential impact. For the implementation of the experimental stage described in this study, the Convolutional Neural Network (from now on CNN) algorithm was used and implemented via the Google TensorFlow program, which was trained to identify potential threats from images produced by the available dataset. From the examination of the images that were produced and with the help of Machine Learning, the question of whether the activity of each user is classified as malicious or not for the Information System was answered.

Sotirios Brotsis, Konstantinos Limniotis, Gueltoum Bendiab et al.

Blockchain and distributed ledger technologies have received significant interest in various areas beyond the financial sector, with profound applications in the Internet of Things (IoT), providing the means for creating truly trustless and secure solutions for IoT applications. Taking into account the weak security defences that the majority of IoT devices have, it is critical that a blockchain-based solution targeting the IoT is not only capable of addressing the many challenges IoT is facing, but also does not introduce other defects, in terms of performance, making its adoption hard to achieve. This paper aims at addressing the above needs by providing a comprehensive and coherent review of the available blockchain solutions to determine their ability to meet the requirements and tackle the challenges of the IoT, using the smart home as the reference domain. Key architectural aspects of blockchain solutions are examined in terms of their ability to withstand various types of common IoT and blockchain attacks, deliver enhanced privacy features, and assure adequate performance levels while processing large amounts of transactions being generated in an IoT environment. The analysis carried out identified that the defences currently provided by blockchain platforms are not sufficient to thwart all the prominent attacks against blockchains, with blockchain 1.0 and 2.0 platforms being susceptible to the majority of them. On the other side, privacy related mechanisms are being supported, to varying degrees, by all platforms investigated; however, each of the them tackles specific only privacy aspects, thus rendering the overall privacy evaluation a challenging task which needs to be considered in an ad-hoc basis. If the underlying consensus protocols performance and fault tolerance is also considered, then only a small number of platforms meet the requirements of our reference IoT domain.

Konstantinos Panagiotis Grammatikakis, Ioannis Koufos, Nicholas Kolokotronis et al.

Banking Trojans came a long way in the past decade, and the recent case of Emotet showed their enduring relevance. The evolution of the modern computing landscape can be traced through Emotet and Zeus, both representative examples from the end of the past decade. As an example of earlier malware, Zeus only needed to employ simple anti-analysis techniques to stay undetected, while the more recent Emotet had to constantly evolve to stay a step ahead. Current host-based antimalware solutions face an increasing number of obstacles to perform their function. A multi-layer approach to network security is necessary for network-based intrusion response systems to secure modern networks of heterogeneous devices. A system based on a combination of a graphical network security model and a game theoretic model of cyber attacks was tested on a testbed with Windows machines infected with Trojans, experimental results showed that the proposed system effectively blocked Trojans network communications effectively preventing data leakage and yielding encouraging results for future work.

David Buckley, Gueltoum Bendiab, Stavros Shiaeles et al.

The rise of the subscription-based business model has led to a corresponding increase in the number of subscriptions where a customer needs to manage their payments. This management of payments for multiple subscriptions has become a very complicated and insecure task for customers, especially when it comes to renewing payment details when the card is lost, stolen, or expires. In addition, this, mostly manual, process is vulnerable to human error, digital frauds, and data breaches, according to security reports. Thus, in this paper, we propose a novel approach to automate, manage and simplify the Financial Supply Chain involved in the process of updating and managing payments to user subscriptions. This is done by utilising the Hyperledger Sawtooth blockchain framework, that allows a consumer to enter their payment card details in a central digital wallet and link their subscriptions to their cards. The card being updated triggers an event on the blockchain, which allow for the payment details to be updated on subscription systems automatically. The verification tests performed on the prototype of the proposed system shows that its current implementation has been securely achieved.

Gueltoum Bendiab, Konstantinos-Panagiotis Grammatikakis, Ioannis Koufos et al.

Energy providers are moving to the smart meter era, encouraging consumers to install, free of charge, these devices in their homes, automating consumption readings submission and making consumers life easier. However, the increased deployment of such smart devices brings a lot of security and privacy risks. In order to overcome such risks, Intrusion Detection Systems are presented as pertinent tools that can provide network-level protection for smart devices deployed in home environments. In this context, this paper is exploring the problems of Advanced Metering Infrastructures (AMI) and proposing a novel Machine Learning (ML) Intrusion Prevention System (IPS) to get optimal decisions based on a variety of factors and graphical security models able to tackle zero-day attacks.

Gueltoum Bendiab, Stavros Shiaeles, Abdulrahman Alruban et al.

With the increase of IoT devices and technologies coming into service, Malware has risen as a challenging threat with increased infection rates and levels of sophistication. Without strong security mechanisms, a huge amount of sensitive data is exposed to vulnerabilities, and therefore, easily abused by cybercriminals to perform several illegal activities. Thus, advanced network security mechanisms that are able of performing a real-time traffic analysis and mitigation of malicious traffic are required. To address this challenge, we are proposing a novel IoT malware traffic analysis approach using deep learning and visual representation for faster detection and classification of new malware (zero-day malware). The detection of malicious network traffic in the proposed approach works at the package level, significantly reducing the time of detection with promising results due to the deep learning technologies used. To evaluate our proposed method performance, a dataset is constructed which consists of 1000 pcap files of normal and malware traffic that are collected from different network traffic sources. The experimental results of Residual Neural Network (ResNet50) are very promising, providing a 94.50% accuracy rate for detection of malware traffic.

Irina Baptista, Stavros Shiaeles, Nicholas Kolokotronis

The continued evolution and diversity of malware constitutes a major threat in modern systems. It is well proven that security defenses currently available are ineffective to mitigate the skills and imagination of cyber-criminals necessitating the development of novel solutions. Deep learning algorithms and artificial intelligence (AI) are rapidly evolving with remarkable results in many application areas. Following the advances of AI and recognizing the need for efficient malware detection methods, this paper presents a new approach for malware detection based on binary visualization and self-organizing incremental neural networks. The proposed method's performance in detecting malicious payloads in various file types was investigated and the experimental results showed that a detection accuracy of 91.7% and 94.1% was achieved for ransomware in .pdf and .doc files respectively. With respect to other formats of malicious code and other file types, including binaries, the proposed method behaved well with an incremental detection rate that allows efficiently detecting unknown malware at real-time.

Olga Gkotsopoulou, Elisavet Charalambous, Konstantinos Limniotis et al.

The present paper deals with the elucidation and implementation of the Data Protection by Design (DPbD) principle as recently introduced in the European Union data protection law, specifically with regards to cybersecurity systems in a Smart Home environment, both from a legal and a technical perspective. Starting point constitutes the research conducted in the Cyber-Trust project, which endeavours the development of an innovative and customisable cybersecurity platform for cyber-threat intelligence gathering, detection and mitigation within the Internet of Things ecosystem. During the course of the paper, the requirements of DPbD with regards to the conceptualisation, design and actual development of the system are presented as prescribed in law. These requirements are then translated into technical solutions, as envisaged in the Cyber-Trust system. For trade-offs are not foreign to the DPbD context, technical limitations and legal challenges are also discussed in this interdisciplinary dialogue.

Sotirios Brotsis, Nicholas Kolokotronis, Konstantinos Limniotis et al.

The technological evolution brought by the Internet of things (IoT) comes with new forms of cyber-attacks exploiting the complexity and heterogeneity of IoT networks, as well as, the existence of many vulnerabilities in IoT devices. The detection of compromised devices, as well as the collection and preservation of evidence regarding alleged malicious behavior in IoT networks emerge as a areas of high priority. This paper presents a blockchain-based solution, which is designed for the smart home domain, dealing with the collection and preservation of digital forensic evidence. The system utilizes a private forensic evidence database, where the captured evidence is stored, along with a permissioned blockchain that allows providing security services like integrity, authentication, and non-repudiation, so that the evidence can be used in a court of law. The blockchain stores evidences' metadata, which are critical for providing the aforementioned services, and interacts via smart contracts with the different entities involved in an investigation process, including Internet service providers, law enforcement agencies and prosecutors. A high-level architecture of the blockchain-based solution is presented that allows tackling the unique challenges posed by the need for digitally handling forensic evidence collected from IoT networks.

Muhammad Ali, Stavros Shiaeles, Maria Papadaki et al.

Malicious software is detected and classified by either static analysis or dynamic analysis. In static analysis, malware samples are reverse engineered and analyzed so that signatures of malware can be constructed. These techniques can be easily thwarted through polymorphic, metamorphic malware, obfuscation and packing techniques, whereas in dynamic analysis malware samples are executed in a controlled environment using the sandboxing technique, in order to model the behavior of malware. In this paper, we have analyzed Petya, Spyeye, VolatileCedar, PAFISH etc. through Agent-based and Agentless dynamic sandbox systems in order to investigate and benchmark their efficiency in advanced malware detection.

Michael Siracusano, Stavros Shiaeles, Bogdan Ghita

Low-rate application layer distributed denial of service (LDDoS) attacks are both powerful and stealthy. They force vulnerable webservers to open all available connections to the adversary, denying resources to real users. Mitigation advice focuses on solutions that potentially degrade quality of service for legitimate connections. Furthermore, without accurate detection mechanisms, distributed attacks can bypass these defences. A methodology for detection of LDDoS attacks, based on characteristics of malicious TCP flows, is proposed within this paper. Research will be conducted using combinations of two datasets: one generated from a simulated network, the other from the publically available CIC DoS dataset. Both contain the attacks slowread, slowheaders and slowbody, alongside legitimate web browsing. TCP flow features are extracted from all connections. Experimentation was carried out using six supervised AI algorithms to categorise attack from legitimate flows. Decision trees and k-NN accurately classified up to 99.99% of flows, with exceptionally low false positive and false negative rates, demonstrating the potential of AI in LDDoS detection.

Nicholas Kolokotronis, Konstantinos Limniotis, Stavros Shiaeles et al.

Blockchain is a disruptive technology that has been characterised to be the next big thing and has already gained a broad recognition by experts in diverse fields. In this paper, we consider possible use cases and applications of the blockchain for the consumer electronics (CE) industry and its interplay with the Internet of things. Instead of discussing how the blockchain can revolutionise the supply chain, we focus on how it could be employed for enhancing the security of networked CE devices. This work is motivated by the large number of recent attacks that use easily hackable devices as a weaponry. Towards this direction, privacy and data protection aspects of blockchain solutions are also presented and are linked to regulatory framework provisions. Information on existing blockchain solutions is also provided.

Konstantinos-Panagiotis Grammatikakis, Angela Ioannou, Stavros Shiaeles et al.

Android is among the popular platforms running on millions of smart devices, like smartphones and tablets, whose widespread adoption is seen as an opportunity for spreading malware. Adding malicious payloads to cracked applications, often popular ones, downloaded from untrusted third markets is a prevalent way for achieving the aforementioned goal. In this paper, we compare 25 applications from the official and third-party application stores delivering cracked applications. The behavioral analysis of applications is carried out on three real devices equipped with different Android versions by using five indicators: requested permissions, CPU usage, RAM usage and the number of opened ports for TCP and HTTP. Based on these indicators, we compute an application intention score and classify cracked applications as malicious or benign. The experimental results show that cracked applications utilize on average more resources and request access to more (dangerous) permissions than their official counterparts.

Keltoum Bendiab, Nicholas Kolokotronis, Stavros Shiaeles et al.

Secure and reliable management of identities has become one of the greatest challenges facing cloud computing today, mainly due to the huge number of new cloud-based applications generated by this model, which means more user accounts, passwords, and personal information to provision, monitor, and secure. Currently, identity federation is the most useful solution to overcome the aforementioned issues and simplify the user experience by allowing efficient authentication mechanisms and use of identity information from data distributed across multiple domains. However, this approach creates considerable complexity in managing trust relationships for both the cloud service providers and their clients. Poor management of trust in federated identity management systems brings with it many security, privacy and interoperability issues, which contributes to the reluctance of organizations to move their critical identity data to the cloud. In this paper, we aim to address these issues by introducing a novel trust and identity management model based on the Blockchain for cloud identity management with security and privacy improvements.