2021
|
| 1. | Radoglou-Grammatikis, Panagiotis; Liatifis, Athanasios; Grigoriou, Elisavet; Saoulidis, Theocharis; Sarigiannidis, Antonios; Lagkas, Thomas; Sarigiannidis, Panagiotis TRUSTY: A solution for threat Hunting Using Data Analysis in Critical Infrastructures (Conference) IEEE International Conference on Cyber Security and Resilience (CSR), IEEE, 2021. @conference{Radoglou-Grammatikis2021,
title = {TRUSTY: A solution for threat Hunting Using Data Analysis in Critical Infrastructures},
author = {Radoglou-Grammatikis, Panagiotis and Liatifis, Athanasios and Grigoriou, Elisavet and Saoulidis, Theocharis and Sarigiannidis, Antonios and Lagkas, Thomas and Sarigiannidis, Panagiotis},
url = {https://ieeexplore.ieee.org/document/9527936/keywords#keywords},
doi = {10.1109/CSR51186.2021.9527936},
year = {2021},
date = {2021-07-28},
urldate = {2021-07-28},
booktitle = {IEEE International Conference on Cyber Security and Resilience (CSR)},
publisher = {IEEE},
abstract = {The rise of the Industrial Internet of Things (IIoT) plays a crucial role in the era of hyper-connected digital economies. Despite the valuable benefits, such as increased resiliency, self-monitoring and pervasive control, IIoT raises severe cybersecurity and privacy risks, allowing cyberattackers to exploit a plethora of vulnerabilities and weaknesses that can lead to disastrous consequences. Although the Intrusion Detection and Prevention Systems (IDPS) constitute valuable solutions, they suffer from several gaps, such as zero-day attacks, unknown anomalies and false positives. Therefore, the presence of supporting mechanisms is necessary. To this end, honeypots can protect the real assets and trap the cyberattackers. In this paper, we provide a web-based platform called TRUSTY , which is capable of aggregating, storing and analysing the detection results of multiple industrial honeypots related to Modbus/Transmission Control Protocol (TCP), IEC 60870-5-104, BACnet, Message Queuing Telemetry Transport (MQTT) and EtherNet/IP. Based on this analysis, we provide a dataset related to honeypot security events. Moreover, this paper provides a Reinforcement Learning (RL) method, which decides about the number of honeypots that can be deployed in an industrial environment in a strategic way. In particular, this decision is converted into a Multi-Armed Bandit (MAB), which is solved with the Thompson Sampling (TS) method. The evaluation analysis demonstrates the efficiency of the proposed method.},
keywords = {Anomaly Detection, Intrusion detection, Privacy, Telemetry},
pubstate = {published},
tppubtype = {conference}
}
The rise of the Industrial Internet of Things (IIoT) plays a crucial role in the era of hyper-connected digital economies. Despite the valuable benefits, such as increased resiliency, self-monitoring and pervasive control, IIoT raises severe cybersecurity and privacy risks, allowing cyberattackers to exploit a plethora of vulnerabilities and weaknesses that can lead to disastrous consequences. Although the Intrusion Detection and Prevention Systems (IDPS) constitute valuable solutions, they suffer from several gaps, such as zero-day attacks, unknown anomalies and false positives. Therefore, the presence of supporting mechanisms is necessary. To this end, honeypots can protect the real assets and trap the cyberattackers. In this paper, we provide a web-based platform called TRUSTY , which is capable of aggregating, storing and analysing the detection results of multiple industrial honeypots related to Modbus/Transmission Control Protocol (TCP), IEC 60870-5-104, BACnet, Message Queuing Telemetry Transport (MQTT) and EtherNet/IP. Based on this analysis, we provide a dataset related to honeypot security events. Moreover, this paper provides a Reinforcement Learning (RL) method, which decides about the number of honeypots that can be deployed in an industrial environment in a strategic way. In particular, this decision is converted into a Multi-Armed Bandit (MAB), which is solved with the Thompson Sampling (TS) method. The evaluation analysis demonstrates the efficiency of the proposed method. |
| 2. | Grammatikis, Panagiotis Radoglou; Sarigiannidis, Panagiotis; Iturbe, Eider; Rios, Erkuden; Martinez, Saturnino; Sarigiannidis, Antonios; Efstathopoulos, Georgios; Spyridis, Yannis; Sesis, Achilleas; Vakakis, Nikolaos; Tzovaras, Dimitrios; Kafetzakis, Emmanouil; Giannoulakis, Ioannis; Tzifas, Michalis; Giannakoulias, Alkiviadis; Angelopoulos, Michail; Ramos, Francisco SPEAR SIEM: A Security Information and Event Management system for the Smart Grid (Journal Article) In: Computer Networks, 2021. @article{article,
title = {SPEAR SIEM: A Security Information and Event Management system for the Smart Grid},
author = {Panagiotis Radoglou Grammatikis and Panagiotis Sarigiannidis and Eider Iturbe and Erkuden Rios and Saturnino Martinez and Antonios Sarigiannidis and Georgios Efstathopoulos and Yannis Spyridis and Achilleas Sesis and Nikolaos Vakakis and Dimitrios Tzovaras and Emmanouil Kafetzakis and Ioannis Giannoulakis and Michalis Tzifas and Alkiviadis Giannakoulias and Michail Angelopoulos and Francisco Ramos},
url = {https://www.researchgate.net/publication/350287201_SPEAR_SIEM_A_Security_Information_and_Event_Management_system_for_the_Smart_Grid},
doi = {10.1016/j.comnet.2021.108008},
year = {2021},
date = {2021-01-01},
journal = {Computer Networks},
abstract = {The technological leap of smart technologies has brought the conventional electrical grid in a new digital era called Smart Grid (SG), providing multiple benefits, such as two-way communication, pervasive control and self-healing. However, this new reality generates significant cybersecurity risks due to the heterogeneous and insecure nature of SG. In particular, SG relies on legacy communication protocols that have not been implemented having cybersecurity in mind. Moreover, the advent of the Internet of Things (IoT) creates severe cybersecurity challenges. The Security Information and Event Management (SIEM) systems constitute an emerging technology in the cybersecurity area, having the capability to detect, normalise and correlate a vast amount of security events. They can orchestrate the entire security of a smart ecosystem, such as SG. Nevertheless, the current SIEM systems do not take into account the unique SG peculiarities and characteristics like the legacy communication protocols. In this paper, we present the Secure and PrivatE smArt gRid (SPEAR) SIEM, which focuses on SG. The main contribution of our work is the design and implementation of a SIEM system capable of detecting, normalising and correlating cyberattacks and anomalies against a plethora of SG application-layer protocols. It is noteworthy that the detection performance of the SPEAR SIEM is demonstrated with real data originating from four real SG use case (a) hydropower plant, (b) substation, (c) power plant and (d) smart home.},
keywords = {Anomaly Detection, Auto-encoder, Cybersecurity, Deep Learning, Generative Adversarial Network, Machine Learning, Modbus, Smart Grid},
pubstate = {published},
tppubtype = {article}
}
The technological leap of smart technologies has brought the conventional electrical grid in a new digital era called Smart Grid (SG), providing multiple benefits, such as two-way communication, pervasive control and self-healing. However, this new reality generates significant cybersecurity risks due to the heterogeneous and insecure nature of SG. In particular, SG relies on legacy communication protocols that have not been implemented having cybersecurity in mind. Moreover, the advent of the Internet of Things (IoT) creates severe cybersecurity challenges. The Security Information and Event Management (SIEM) systems constitute an emerging technology in the cybersecurity area, having the capability to detect, normalise and correlate a vast amount of security events. They can orchestrate the entire security of a smart ecosystem, such as SG. Nevertheless, the current SIEM systems do not take into account the unique SG peculiarities and characteristics like the legacy communication protocols. In this paper, we present the Secure and PrivatE smArt gRid (SPEAR) SIEM, which focuses on SG. The main contribution of our work is the design and implementation of a SIEM system capable of detecting, normalising and correlating cyberattacks and anomalies against a plethora of SG application-layer protocols. It is noteworthy that the detection performance of the SPEAR SIEM is demonstrated with real data originating from four real SG use case (a) hydropower plant, (b) substation, (c) power plant and (d) smart home. |
2020
|
| 3. | Protopsaltis, Antonis; Sarigiannidis, Panagiotis; Margounakis, Dimitrios; Lytos, Anastasios Data Visualization in Internet of Things: Tools, Methodologies, and Challenges (Inproceedings) In: ARES 2020: The 15th International Conference on Availability, Reliability and Security, 2020. @inproceedings{inproceedingsb,
title = {Data Visualization in Internet of Things: Tools, Methodologies, and Challenges},
author = {Antonis Protopsaltis and Panagiotis Sarigiannidis and Dimitrios Margounakis and Anastasios Lytos},
url = {https://www.researchgate.net/publication/343935293_Data_Visualization_in_Internet_of_Things_Tools_Methodologies_and_Challenges},
doi = {10.1145/3407023.3409228},
year = {2020},
date = {2020-01-01},
booktitle = {ARES 2020: The 15th International Conference on Availability, Reliability and Security},
abstract = {As the Internet of Things (IoT) grows rapidly, huge amounts of wireless sensor networks emerged monitoring a wide range of infrastructure, in various domains such as healthcare, energy, transportation, smart city, building automation, agriculture, and industry producing continuously streamlines of data. Big Data technologies play a significant role within IoT processes, as visual analytics tools, generating valuable knowledge in real-time in order to support critical decision making. This paper provides a comprehensive survey of visualization methods, tools, and techniques for the IoT. We position data visualization inside the visual analytics process by reviewing the visual analytics pipeline. We provide a study of various chart types available for data visualization and analyze rules for employing each one of them, taking into account the special conditions of the particular use case. We further examine some of the most promising visualization tools. Since each IoT domain is isolated in terms of Big Data approaches, we investigate visualization issues in each domain. Additionally, we review visualization methods oriented to anomaly detection. Finally, we provide an overview of the major challenges in IoT visualizations.},
keywords = {Anomaly Detection, Big Data, Data Visualization, Internet of Things (IoT)},
pubstate = {published},
tppubtype = {inproceedings}
}
As the Internet of Things (IoT) grows rapidly, huge amounts of wireless sensor networks emerged monitoring a wide range of infrastructure, in various domains such as healthcare, energy, transportation, smart city, building automation, agriculture, and industry producing continuously streamlines of data. Big Data technologies play a significant role within IoT processes, as visual analytics tools, generating valuable knowledge in real-time in order to support critical decision making. This paper provides a comprehensive survey of visualization methods, tools, and techniques for the IoT. We position data visualization inside the visual analytics process by reviewing the visual analytics pipeline. We provide a study of various chart types available for data visualization and analyze rules for employing each one of them, taking into account the special conditions of the particular use case. We further examine some of the most promising visualization tools. Since each IoT domain is isolated in terms of Big Data approaches, we investigate visualization issues in each domain. Additionally, we review visualization methods oriented to anomaly detection. Finally, we provide an overview of the major challenges in IoT visualizations. |
| 4. | Radoglou-Grammatikis, Panagiotis; Sarigiannidis, Panagiotis; Efstathopoulos, George; Karypidis, Paris-Alexandros; Sarigiannidis, Antonios DIDEROT: An Intrusion Detection and Prevention System for DNP3-Based SCADA Systems (Inproceedings) In: Proceedings of the 15th International Conference on Availability, Reliability and Security, Association for Computing Machinery, Virtual Event, Ireland, 2020, ISBN: 9781450388337. @inproceedings{10.1145/3407023.3409314,
title = {DIDEROT: An Intrusion Detection and Prevention System for DNP3-Based SCADA Systems},
author = {Panagiotis Radoglou-Grammatikis and Panagiotis Sarigiannidis and George Efstathopoulos and Paris-Alexandros Karypidis and Antonios Sarigiannidis},
url = {https://doi.org/10.1145/3407023.3409314},
doi = {10.1145/3407023.3409314},
isbn = {9781450388337},
year = {2020},
date = {2020-01-01},
booktitle = {Proceedings of the 15th International Conference on Availability, Reliability and Security},
publisher = {Association for Computing Machinery},
address = {Virtual Event, Ireland},
series = {ARES '20},
abstract = {In this paper, an Intrusion Detection and Prevention System (IDPS) for the Distributed Network Protocol 3 (DNP3) Supervisory Control and Data Acquisition (SCADA) systems is presented. The proposed IDPS is called DIDEROT (Dnp3 Intrusion DetEction pReventiOn sysTem) and relies on both supervised Machine Learning (ML) and unsupervised/outlier ML detection models capable of discriminating whether a DNP3 network flow is related to a particular DNP3 cyberattack or anomaly. First, the supervised ML detection model is applied, trying to identify whether a DNP3 network flow is related to a specific DNP3 cyberattack. If the corresponding network flow is detected as normal, then the unsupervised/outlier ML anomaly detection model is activated, seeking to recognise the presence of a possible anomaly. Based on the DIDEROT detection results, the Software Defined Networking (SDN) technology is adopted in order to mitigate timely the corresponding DNP3 cyberattacks and anomalies. The performance of DIDEROT is demonstrated using real data originating from a substation environment.},
keywords = {Anomaly Detection, Autonencoder, Intrusion detection, Machine Learning, SCADA, SDN, Smart Grid},
pubstate = {published},
tppubtype = {inproceedings}
}
In this paper, an Intrusion Detection and Prevention System (IDPS) for the Distributed Network Protocol 3 (DNP3) Supervisory Control and Data Acquisition (SCADA) systems is presented. The proposed IDPS is called DIDEROT (Dnp3 Intrusion DetEction pReventiOn sysTem) and relies on both supervised Machine Learning (ML) and unsupervised/outlier ML detection models capable of discriminating whether a DNP3 network flow is related to a particular DNP3 cyberattack or anomaly. First, the supervised ML detection model is applied, trying to identify whether a DNP3 network flow is related to a specific DNP3 cyberattack. If the corresponding network flow is detected as normal, then the unsupervised/outlier ML anomaly detection model is activated, seeking to recognise the presence of a possible anomaly. Based on the DIDEROT detection results, the Software Defined Networking (SDN) technology is adopted in order to mitigate timely the corresponding DNP3 cyberattacks and anomalies. The performance of DIDEROT is demonstrated using real data originating from a substation environment. |
| 5. | Grammatikis, Panagiotis Radoglou; Sarigiannidis, Panagiotis; Sarigiannidis, Antonios; Margounakis, Dimitrios; Tsiakalos, Apostolos; Efstathopoulos, Georgios An Anomaly Detection Mechanism for IEC 60870-5-104 (Inproceedings) In: 2020 9th International Conference on Modern Circuits and Systems Technologies (MOCAST), 2020. @inproceedings{inproceedingsb,
title = {An Anomaly Detection Mechanism for IEC 60870-5-104},
author = {Panagiotis Radoglou Grammatikis and Panagiotis Sarigiannidis and Antonios Sarigiannidis and Dimitrios Margounakis and Apostolos Tsiakalos and Georgios Efstathopoulos},
url = {https://www.researchgate.net/publication/344386495_An_Anomaly_Detection_Mechanism_for_IEC_60870-5-104},
doi = {10.1109/MOCAST49295.2020.9200285},
year = {2020},
date = {2020-01-01},
booktitle = {2020 9th International Conference on Modern Circuits and Systems Technologies (MOCAST)},
abstract = {The transformation of the conventional electricity grid into a new paradigm called smart grid demands the appropriate cybersecurity solutions. In this paper, we focus on the security of the IEC 60870-5-104 (IEC-104) protocol which is commonly used by Supervisory Control and Data Acquisition (SCADA) systems in the energy domain. In particular, after investigating its security issues, we provide a multivariate Intrusion Detection System (IDS) which adopts both access control and outlier detection mechanisms in order to detect timely possible anomalies against IEC-104. The efficiency of the proposed IDS is reflected by the Accuracy and F1 metrics that reach 98% and 87%, respectively.},
keywords = {Anomaly Detection, Cybersecurity, Data Acquisition, IEC-60870- 5-104},
pubstate = {published},
tppubtype = {inproceedings}
}
The transformation of the conventional electricity grid into a new paradigm called smart grid demands the appropriate cybersecurity solutions. In this paper, we focus on the security of the IEC 60870-5-104 (IEC-104) protocol which is commonly used by Supervisory Control and Data Acquisition (SCADA) systems in the energy domain. In particular, after investigating its security issues, we provide a multivariate Intrusion Detection System (IDS) which adopts both access control and outlier detection mechanisms in order to detect timely possible anomalies against IEC-104. The efficiency of the proposed IDS is reflected by the Accuracy and F1 metrics that reach 98% and 87%, respectively. |
| 6. | Grammatikis, Panagiotis Radoglou; Sarigiannidis, Panagiotis; Iturbe, Eider; Rios, Erkuden; Sarigiannidis, Antonios; Nikolis, Odysseas; Ioannidis, Dimosthenis; Machamint, Vasileios; Tzifas, Michalis; Giannakoulias, Alkiviadis; Angelopoulos, Michail; Papadopoulos, Anastasios; Ramos, Francisco Secure and Private Smart Grid: The SPEAR Architecture (Inproceedings) In: 2020 6th IEEE International Conference on Network Softwarization (NetSoft), pp. 450-456, 2020. @inproceedings{inproceedingsb,
title = {Secure and Private Smart Grid: The SPEAR Architecture},
author = {Panagiotis Radoglou Grammatikis and Panagiotis Sarigiannidis and Eider Iturbe and Erkuden Rios and Antonios Sarigiannidis and Odysseas Nikolis and Dimosthenis Ioannidis and Vasileios Machamint and Michalis Tzifas and Alkiviadis Giannakoulias and Michail Angelopoulos and Anastasios Papadopoulos and Francisco Ramos},
url = {https://www.researchgate.net/publication/343621502_Secure_and_Private_Smart_Grid_The_SPEAR_Architecture},
doi = {10.1109/NetSoft48620.2020.9165420},
year = {2020},
date = {2020-01-01},
booktitle = {2020 6th IEEE International Conference on Network Softwarization (NetSoft)},
pages = {450-456},
abstract = {Information and Communication Technology (ICT) is an integral part of Critical Infrastructures (CIs), bringing both significant pros and cons. Focusing our attention on the energy sector, ICT converts the conventional electrical grid into a new paradigm called Smart Grid (SG), providing crucial benefits such as pervasive control, better utilisation of the existing resources, self-healing, etc. However, in parallel, ICT increases the attack surface of this domain, generating new potential cyberthreats. In this paper, we present the Secure and PrivatE smArt gRid (SPEAR) architecture which constitutes an overall solution aiming at protecting SG, by enhancing situational awareness, detecting timely cyberattacks, collecting appropriate forensic evidence and providing an anonymous cybersecurity information-sharing mechanism. Operational characteristics and technical specifications details are analysed for each component, while also the communication interfaces among them are described in detail.},
keywords = {Anomaly Detection, Anonymity, Cybersecurity, Forensics, Honeypots, Intrusion detection, Privacy, Smart Grid},
pubstate = {published},
tppubtype = {inproceedings}
}
Information and Communication Technology (ICT) is an integral part of Critical Infrastructures (CIs), bringing both significant pros and cons. Focusing our attention on the energy sector, ICT converts the conventional electrical grid into a new paradigm called Smart Grid (SG), providing crucial benefits such as pervasive control, better utilisation of the existing resources, self-healing, etc. However, in parallel, ICT increases the attack surface of this domain, generating new potential cyberthreats. In this paper, we present the Secure and PrivatE smArt gRid (SPEAR) architecture which constitutes an overall solution aiming at protecting SG, by enhancing situational awareness, detecting timely cyberattacks, collecting appropriate forensic evidence and providing an anonymous cybersecurity information-sharing mechanism. Operational characteristics and technical specifications details are analysed for each component, while also the communication interfaces among them are described in detail. |
2019
|
| 7. | Efstathopoulos, Georgios; Grammatikis, Panagiotis Radoglou; Sarigiannidis, Panagiotis; Argyriou, Vasilis; Sarigiannidis, Antonios; Stamatakis, Konstantinos; Angelopoulos, Michail K; Athanasopoulos, Solon K Operational Data Based Intrusion Detection System for Smart Grid (Inproceedings) In: 2019 IEEE 24th International Workshop on Computer Aided Modeling and Design of Communication Links and Networks (CAMAD), pp. 1-6, 2019. @inproceedings{8858503,
title = {Operational Data Based Intrusion Detection System for Smart Grid},
author = {Georgios Efstathopoulos and Panagiotis Radoglou Grammatikis and Panagiotis Sarigiannidis and Vasilis Argyriou and Antonios Sarigiannidis and Konstantinos Stamatakis and Michail K Angelopoulos and Solon K Athanasopoulos},
url = {https://ieeexplore.ieee.org/document/8858503},
doi = {10.1109/CAMAD.2019.8858503},
year = {2019},
date = {2019-01-01},
booktitle = {2019 IEEE 24th International Workshop on Computer Aided Modeling and Design of Communication Links and Networks (CAMAD)},
pages = {1-6},
abstract = {With the rapid progression of Information and Communication Technology (ICT) and especially of Internet of Things (IoT), the conventional electrical grid is transformed into a new intelligent paradigm, known as Smart Grid (SG). SG provides significant benefits both for utility companies and energy consumers such as the two-way communication (both electricity and information), distributed generation, remote monitoring, self-healing and pervasive control. However, at the same time, this dependence introduces new security challenges, since SG inherits the vulnerabilities of multiple heterogeneous, co-existing legacy and smart technologies, such as IoT and Industrial Control Systems (ICS). An effective countermeasure against the various cyberthreats in SG is the Intrusion Detection System (IDS), informing the operator timely about the possible cyberattacks and anomalies. In this paper, we provide an anomaly-based IDS especially designed for SG utilising operational data from a real power plant. In particular, many machine learning and deep learning models were deployed, introducing novel parameters and feature representations in a comparative study. The evaluation analysis demonstrated the efficacy of the proposed IDS and the improvement due to the suggested complex data representation.},
keywords = {Anomaly Detection, Cybersecurity, Intrusion Detection System, Machine Learning, Operational Data, Smart Grid},
pubstate = {published},
tppubtype = {inproceedings}
}
With the rapid progression of Information and Communication Technology (ICT) and especially of Internet of Things (IoT), the conventional electrical grid is transformed into a new intelligent paradigm, known as Smart Grid (SG). SG provides significant benefits both for utility companies and energy consumers such as the two-way communication (both electricity and information), distributed generation, remote monitoring, self-healing and pervasive control. However, at the same time, this dependence introduces new security challenges, since SG inherits the vulnerabilities of multiple heterogeneous, co-existing legacy and smart technologies, such as IoT and Industrial Control Systems (ICS). An effective countermeasure against the various cyberthreats in SG is the Intrusion Detection System (IDS), informing the operator timely about the possible cyberattacks and anomalies. In this paper, we provide an anomaly-based IDS especially designed for SG utilising operational data from a real power plant. In particular, many machine learning and deep learning models were deployed, introducing novel parameters and feature representations in a comparative study. The evaluation analysis demonstrated the efficacy of the proposed IDS and the improvement due to the suggested complex data representation. |