Gueltoum Bendiab

Faisal Alsakran, Gueltoum Bendiab, Stavros Shiaeles et al.

Smart homes are one of the most promising applications of the emerging Internet of Things (IoT) technology. With the growing number of IoT related devices such as smart thermostats, smart fridges, smart speaker, smart light bulbs and smart locks, smart homes promise to make our lives easier and more comfortable. However, the increased deployment of such smart devices brings an increase in potential security risks and home privacy breaches. In order to overcome such risks, Intrusion Detection Systems are presented as pertinent tools that can provide network-level protection for smart devices deployed in home environments. These systems monitor the network activities of the smart home-connected de-vices and focus on alerting suspicious or malicious activity. They also can deal with detected abnormal activities by hindering the impostors in accessing the victim devices. However, the employment of such systems in the context of a smart home can be challenging due to the devices hardware limitations, which may restrict their ability to counter the existing and emerging attack vectors. Therefore, this paper proposes an experimental comparison between the widely used open-source NIDSs namely Snort, Suricata and Bro IDS to find the most appropriate one for smart homes in term of detection accuracy and resources consumption including CP and memory utilization. Experimental Results show that Suricata is the best performing NIDS for smart homes

Christopher Braker, Stavros Shiaeles, Gueltoum Bendiab et al.

The openness feature of Twitter allows programs to generate and control Twitter accounts automatically via the Twitter API. These accounts, which are known as bots, can automatically perform actions such as tweeting, re-tweeting, following, unfollowing, or direct messaging other accounts, just like real people. They can also conduct malicious tasks such as spreading of fake news, spams, malicious software and other cyber-crimes. In this paper, we introduce a novel bot detection approach using deep learning, with the Multi-layer Perceptron Neural Networks and nine features of a bot account. A web crawler is developed to automatically collect data from public Twitter accounts and build the testing and training datasets, with 860 samples of human and bot accounts. After the initial training is done, the Multilayer Perceptron Neural Networks achieved an overall accuracy rate of 92%, which proves the performance of the proposed approach.

Sotirios Brotsis, Nicholas Kolokotronis, Konstantinos Limniotis et al.

In the last few years, a countless number of permissioned blockchain solutions have been proposed, with each one to claim that it revolutionizes the way of the transaction processing along with the security and privacy preserving mechanisms that it provides. Hyperledger Fabric is one of the most popular permissioned blockchain architectures that has made a significant impact on the market. However, there are only few papers of finding architectural risks regarding the security and the privacy preserving mechanisms of Hyperledger Fabric. This paper separates the attack surface of the blockchain platform into four components, namely, consensus, chaincode, network and privacy preserving mechanisms, in all of which an attacker (from inside or outside the network) can exploit the platform's design and gain access to or misuse the network. In addition, we highlight the appropriate counter-measures that can be taken in each component to address the corresponding risks and provide a significantly secure and enhanced privacy preserving Fabric network. We hope that by bringing this paper into light, we can aid developers to avoid security flaws and implementations that can be exploited by attackers but also to motivate further research to harden the platform's security and the client's privacy.

Matthew Swann, Joseph Rose, Gueltoum Bendiab et al.

Network traffic generators are invaluable tools that allow for applied experimentation to evaluate the performance of networks, infrastructure, and security controls, by modelling and simulating the communication packets and payloads that would be produced by machines and devices on the network. Specifically for security applications, these tools can be used to consistently simulate malicious activity on the network and test the components designed to detect and mitigate malicious activities, in a highly reliable and customisable way. However, despite the promising features, most of these tools have some problems that can undermine the correctness of experiments. The accuracy of the simulation results depends strongly on the performance and reliability of the used generator. Thus, in this paper, we investigate the performance and accuracy of three of the most reviewed network traffic generators in literature, namely Cisco TRex, Ostinato and Genesids. Mainly, the comparative experiments examine the strengths and limitations of these tools, which can help the research community to choose the most suitable one to assess the performance of their networks and security controls

Efthimios Pantelidis, Gueltoum Bendiab, Stavros Shiaeles et al.

Insider attacks are one of the most challenging cybersecurity issues for companies, businesses and critical infrastructures. Despite the implemented perimeter defences, the risk of this kind of attack is still very high. In fact, the detection of insider attacks is a very complicated security task and presents a serious challenge to the research community. In this paper, we aim to address this issue by using deep learning algorithms Autoencoder and Variational Autoencoder deep. We will especially investigate the usefulness of applying these algorithms to automatically defend against potential internal threats, without human intervention. The effectiveness of these two models is evaluated on the public dataset CERT dataset (CERT r4.2). This version of the CERT Insider Threat Test dataset includes both benign and malicious activities generated from 1000 simulated users. The comparison results with other models show that the Variational Autoencoder neural network provides the best overall performance with a greater detection accuracy and a reasonable false positive rate

Joseph Rose, Matthew Swann, Gueltoum Bendiab et al.

The rapid increase in the use of IoT devices brings many benefits to the digital society, ranging from improved efficiency to higher productivity. However, the limited resources and the open nature of these devices make them vulnerable to various cyber threats. A single compromised device can have an impact on the whole network and lead to major security and physical damages. This paper explores the potential of using network profiling and machine learning to secure IoT against cyber-attacks. The proposed anomaly-based intrusion detection solution dynamically and actively profiles and monitors all networked devices for the detection of IoT device tampering attempts as well as suspicious network transactions. Any deviation from the defined profile is considered to be an attack and is subject to further analysis. Raw traffic is also passed on to the machine learning classifier for examination and identification of potential attacks. Performance assessment of the proposed methodology is conducted on the Cyber-Trust testbed using normal and malicious network traffic. The experimental results show that the proposed anomaly detection system delivers promising results with an overall accuracy of 98.35% and 0.98% of false-positive alarms.

Richard Brown, Gueltoum Bendiab, Stavros Shiaeles et al.

Traditional authentication systems that rely on simple passwords, PIN numbers or tokens have many security issues, like easily guessed passwords, PIN numbers written on the back of cards, etc. Thus, biometric authentication methods that rely on physical and behavioural characteristics have been proposed as an alternative for those systems. In real-world applications, authentication systems that involve a single biometric faced many issues, especially lack of accuracy and noisy data, which boost the research community to create multibiometric systems that involve a variety of biometrics. Those systems provide better performance and higher accuracy compared to other authentication methods. However, most of them are inconvenient and requires complex interactions from the user. Thus, in this paper, we introduce a novel multimodal authentication system that relies on machine learning and blockchain, with the aim of providing a more secure, transparent, and convenient authentication mechanism. The proposed system combines four important biometrics, fingerprint, face, age, and gender. The supervised learning algorithm Decision Tree has been used to combine the results of the biometrics verification process and produce a confidence level related to the user. The initial experimental results show the efficiency and robustness of the proposed multimodal systems.

Vasileios Koutsouvelis, Stavros Shiaeles, Bogdan Ghita et al.

Insider threats are one of the most damaging risk factors for the IT systems and infrastructure of a company or an organization; identification of insider threats has prompted the interest of the world academic research community, with several solutions having been proposed to alleviate their potential impact. For the implementation of the experimental stage described in this study, the Convolutional Neural Network (from now on CNN) algorithm was used and implemented via the Google TensorFlow program, which was trained to identify potential threats from images produced by the available dataset. From the examination of the images that were produced and with the help of Machine Learning, the question of whether the activity of each user is classified as malicious or not for the Information System was answered.

Sotirios Brotsis, Konstantinos Limniotis, Gueltoum Bendiab et al.

Blockchain and distributed ledger technologies have received significant interest in various areas beyond the financial sector, with profound applications in the Internet of Things (IoT), providing the means for creating truly trustless and secure solutions for IoT applications. Taking into account the weak security defences that the majority of IoT devices have, it is critical that a blockchain-based solution targeting the IoT is not only capable of addressing the many challenges IoT is facing, but also does not introduce other defects, in terms of performance, making its adoption hard to achieve. This paper aims at addressing the above needs by providing a comprehensive and coherent review of the available blockchain solutions to determine their ability to meet the requirements and tackle the challenges of the IoT, using the smart home as the reference domain. Key architectural aspects of blockchain solutions are examined in terms of their ability to withstand various types of common IoT and blockchain attacks, deliver enhanced privacy features, and assure adequate performance levels while processing large amounts of transactions being generated in an IoT environment. The analysis carried out identified that the defences currently provided by blockchain platforms are not sufficient to thwart all the prominent attacks against blockchains, with blockchain 1.0 and 2.0 platforms being susceptible to the majority of them. On the other side, privacy related mechanisms are being supported, to varying degrees, by all platforms investigated; however, each of the them tackles specific only privacy aspects, thus rendering the overall privacy evaluation a challenging task which needs to be considered in an ad-hoc basis. If the underlying consensus protocols performance and fault tolerance is also considered, then only a small number of platforms meet the requirements of our reference IoT domain.

Betty Saridou, Gueltoum Bendiab, Stavros N. Shiaeles et al.

Data centres are experiencing significant growth in their scale, especially, with the ever-increasing demand for cloud and IoT services. However, this rapid growth has raised numerous security issues and vulnerabilities; new types of strategic cyber-attacks are aimed at specific physical components of data centres that keep them operating. Attacks against temperature monitoring and cooling systems of data centres, also known as thermal attacks, can cause a complete meltdown and are generally considered difficult to address. In this paper, we focus on this issue by analysing the potential security threats to these systems and their impact on the overall data center safety and performance. We also present current thermal anomaly detection methods and their limitations. Finally, we propose a hybrid method that uses multi-variant anomaly detection to prevent thermal attacks, as well as a fuzzy-based health factor to enhance data center thermal awareness and security

David Buckley, Gueltoum Bendiab, Stavros Shiaeles et al.

The rise of the subscription-based business model has led to a corresponding increase in the number of subscriptions where a customer needs to manage their payments. This management of payments for multiple subscriptions has become a very complicated and insecure task for customers, especially when it comes to renewing payment details when the card is lost, stolen, or expires. In addition, this, mostly manual, process is vulnerable to human error, digital frauds, and data breaches, according to security reports. Thus, in this paper, we propose a novel approach to automate, manage and simplify the Financial Supply Chain involved in the process of updating and managing payments to user subscriptions. This is done by utilising the Hyperledger Sawtooth blockchain framework, that allows a consumer to enter their payment card details in a central digital wallet and link their subscriptions to their cards. The card being updated triggers an event on the blockchain, which allow for the payment details to be updated on subscription systems automatically. The verification tests performed on the prototype of the proposed system shows that its current implementation has been securely achieved.

Gueltoum Bendiab, Konstantinos-Panagiotis Grammatikakis, Ioannis Koufos et al.

Energy providers are moving to the smart meter era, encouraging consumers to install, free of charge, these devices in their homes, automating consumption readings submission and making consumers life easier. However, the increased deployment of such smart devices brings a lot of security and privacy risks. In order to overcome such risks, Intrusion Detection Systems are presented as pertinent tools that can provide network-level protection for smart devices deployed in home environments. In this context, this paper is exploring the problems of Advanced Metering Infrastructures (AMI) and proposing a novel Machine Learning (ML) Intrusion Prevention System (IPS) to get optimal decisions based on a variety of factors and graphical security models able to tackle zero-day attacks.

Gueltoum Bendiab, Stavros Shiaeles, Abdulrahman Alruban et al.

With the increase of IoT devices and technologies coming into service, Malware has risen as a challenging threat with increased infection rates and levels of sophistication. Without strong security mechanisms, a huge amount of sensitive data is exposed to vulnerabilities, and therefore, easily abused by cybercriminals to perform several illegal activities. Thus, advanced network security mechanisms that are able of performing a real-time traffic analysis and mitigation of malicious traffic are required. To address this challenge, we are proposing a novel IoT malware traffic analysis approach using deep learning and visual representation for faster detection and classification of new malware (zero-day malware). The detection of malicious network traffic in the proposed approach works at the package level, significantly reducing the time of detection with promising results due to the deep learning technologies used. To evaluate our proposed method performance, a dataset is constructed which consists of 1000 pcap files of normal and malware traffic that are collected from different network traffic sources. The experimental results of Residual Neural Network (ResNet50) are very promising, providing a 94.50% accuracy rate for detection of malware traffic.