Publications
PUBLICATIONS
2021 |
|
1. | Radoglou-Grammatikis, Panagiotis; Rompolos, Konstantinos; Sarigiannidis, Panagiotis; Argyriou, Vasileios; Lagkas, Thomas; Sarigiannidis, Antonios; Goudos, Sotirios; Wan, Shaohua Modeling, detecting, and mitigating threats against industrial healthcare systems: a combined software defined networking and reinforcement learning approach (Journal Article) In: IEEE Transactions on Industrial Informatics, vol. 18, no. 3, pp. 2041–2052, 2021. (Abstract | Links | BibTeX | Tags: Cybersecurity, IEC-60870- 5-104, Internet of Things (IoT), Intrusion detection, Machine Learning, Software Defined Networks) @article{radoglou2021modeling, The rise of the Internet of Medical Things introduces the healthcare ecosystem in a new digital era with multiple benefits, such as remote medical assistance, real-time monitoring, and pervasive control. However, despite the valuable healthcare services, this progression raises significant cybersecurity and privacy concerns. In this article, we focus our attention on the IEC 60 870-5-104 protocol, which is widely adopted in industrial healthcare systems. First, we investigate and assess the severity of the IEC 60 870-5-104 cyberattacks by providing a quantitative threat model, which relies on Attack Defence Trees and Common Vulnerability Scoring System v3.1. Next, we introduce an intrusion detection and prevention system (IDPS), which is capable of discriminating and mitigating automatically the IEC 60 870-5-104 cyberattacks. The proposed IDPS takes full advantage of the machine learning (ML) and software defined networking (SDN) technologies. ML is used to detect the IEC 60 870-5-104 cyberattacks, utilizing 1) Transmission Control Protocol/Internet Protocol network flow statistics and 2) IEC 60 870-5-104 payload flow statistics. On the other side, the automated mitigation is transformed into a multiarmed bandit problem, which is solved through a reinforcement learning method called Thomson sampling and SDN. The evaluation analysis demonstrates the efficiency of the proposed IDPS in terms of intrusion detection accuracy and automated mitigation performance. The detection accuracy and the F1 score of the proposed IDPS reach 0.831 and 0.8258, respectively, while the mitigation accuracy is calculated at 0.923. |
2020 |
|
2. | Grammatikis, Panagiotis Radoglou; Sarigiannidis, Panagiotis; Sarigiannidis, Antonios; Margounakis, Dimitrios; Tsiakalos, Apostolos; Efstathopoulos, Georgios An Anomaly Detection Mechanism for IEC 60870-5-104 (Inproceedings) In: 2020 9th International Conference on Modern Circuits and Systems Technologies (MOCAST), 2020. (Abstract | Links | BibTeX | Tags: Anomaly Detection, Cybersecurity, Data Acquisition, IEC-60870- 5-104) @inproceedings{inproceedingsb, The transformation of the conventional electricity grid into a new paradigm called smart grid demands the appropriate cybersecurity solutions. In this paper, we focus on the security of the IEC 60870-5-104 (IEC-104) protocol which is commonly used by Supervisory Control and Data Acquisition (SCADA) systems in the energy domain. In particular, after investigating its security issues, we provide a multivariate Intrusion Detection System (IDS) which adopts both access control and outlier detection mechanisms in order to detect timely possible anomalies against IEC-104. The efficiency of the proposed IDS is reflected by the Accuracy and F1 metrics that reach 98% and 87%, respectively. |