Publications – SIDROCO Holdings Ltd

PublicationsadminMay 18, 2021May 24, 2021

Publications

PUBLICATIONS

2021
1.	Radoglou-Grammatikis, Panagiotis; Rompolos, Konstantinos; Sarigiannidis, Panagiotis; Argyriou, Vasileios; Lagkas, Thomas; Sarigiannidis, Antonios; Goudos, Sotirios; Wan, Shaohua Modeling, detecting, and mitigating threats against industrial healthcare systems: a combined software defined networking and reinforcement learning approach (Journal Article) In: IEEE Transactions on Industrial Informatics, vol. 18, no. 3, pp. 2041–2052, 2021. (Abstract \| Links \| BibTeX \| Tags: Cybersecurity, IEC-60870- 5-104, Internet of Things (IoT), Intrusion detection, Machine Learning, Software Defined Networks) @article{radoglou2021modeling, title = {Modeling, detecting, and mitigating threats against industrial healthcare systems: a combined software defined networking and reinforcement learning approach}, author = {Panagiotis Radoglou-Grammatikis and Konstantinos Rompolos and Panagiotis Sarigiannidis and Vasileios Argyriou and Thomas Lagkas and Antonios Sarigiannidis and Sotirios Goudos and Shaohua Wan}, url = {https://ieeexplore.ieee.org/abstract/document/9470933}, doi = {10.1109/TII.2021.3093905}, year = {2021}, date = {2021-01-01}, urldate = {2021-01-01}, journal = {IEEE Transactions on Industrial Informatics}, volume = {18}, number = {3}, pages = {2041--2052}, publisher = {IEEE}, abstract = {The rise of the Internet of Medical Things introduces the healthcare ecosystem in a new digital era with multiple benefits, such as remote medical assistance, real-time monitoring, and pervasive control. However, despite the valuable healthcare services, this progression raises significant cybersecurity and privacy concerns. In this article, we focus our attention on the IEC 60 870-5-104 protocol, which is widely adopted in industrial healthcare systems. First, we investigate and assess the severity of the IEC 60 870-5-104 cyberattacks by providing a quantitative threat model, which relies on Attack Defence Trees and Common Vulnerability Scoring System v3.1. Next, we introduce an intrusion detection and prevention system (IDPS), which is capable of discriminating and mitigating automatically the IEC 60 870-5-104 cyberattacks. The proposed IDPS takes full advantage of the machine learning (ML) and software defined networking (SDN) technologies. ML is used to detect the IEC 60 870-5-104 cyberattacks, utilizing 1) Transmission Control Protocol/Internet Protocol network flow statistics and 2) IEC 60 870-5-104 payload flow statistics. On the other side, the automated mitigation is transformed into a multiarmed bandit problem, which is solved through a reinforcement learning method called Thomson sampling and SDN. The evaluation analysis demonstrates the efficiency of the proposed IDPS in terms of intrusion detection accuracy and automated mitigation performance. The detection accuracy and the F1 score of the proposed IDPS reach 0.831 and 0.8258, respectively, while the mitigation accuracy is calculated at 0.923.}, keywords = {Cybersecurity, IEC-60870- 5-104, Internet of Things (IoT), Intrusion detection, Machine Learning, Software Defined Networks}, pubstate = {published}, tppubtype = {article} } Close The rise of the Internet of Medical Things introduces the healthcare ecosystem in a new digital era with multiple benefits, such as remote medical assistance, real-time monitoring, and pervasive control. However, despite the valuable healthcare services, this progression raises significant cybersecurity and privacy concerns. In this article, we focus our attention on the IEC 60 870-5-104 protocol, which is widely adopted in industrial healthcare systems. First, we investigate and assess the severity of the IEC 60 870-5-104 cyberattacks by providing a quantitative threat model, which relies on Attack Defence Trees and Common Vulnerability Scoring System v3.1. Next, we introduce an intrusion detection and prevention system (IDPS), which is capable of discriminating and mitigating automatically the IEC 60 870-5-104 cyberattacks. The proposed IDPS takes full advantage of the machine learning (ML) and software defined networking (SDN) technologies. ML is used to detect the IEC 60 870-5-104 cyberattacks, utilizing 1) Transmission Control Protocol/Internet Protocol network flow statistics and 2) IEC 60 870-5-104 payload flow statistics. On the other side, the automated mitigation is transformed into a multiarmed bandit problem, which is solved through a reinforcement learning method called Thomson sampling and SDN. The evaluation analysis demonstrates the efficiency of the proposed IDPS in terms of intrusion detection accuracy and automated mitigation performance. The detection accuracy and the F1 score of the proposed IDPS reach 0.831 and 0.8258, respectively, while the mitigation accuracy is calculated at 0.923. Close https://ieeexplore.ieee.org/abstract/document/9470933 doi:10.1109/TII.2021.3093905 Close
2020
2.	Grammatikis, Panagiotis Radoglou; Sarigiannidis, Panagiotis; Sarigiannidis, Antonios; Margounakis, Dimitrios; Tsiakalos, Apostolos; Efstathopoulos, Georgios An Anomaly Detection Mechanism for IEC 60870-5-104 (Inproceedings) In: 2020 9th International Conference on Modern Circuits and Systems Technologies (MOCAST), 2020. (Abstract \| Links \| BibTeX \| Tags: Anomaly Detection, Cybersecurity, Data Acquisition, IEC-60870- 5-104) @inproceedings{inproceedingsb, title = {An Anomaly Detection Mechanism for IEC 60870-5-104}, author = {Panagiotis Radoglou Grammatikis and Panagiotis Sarigiannidis and Antonios Sarigiannidis and Dimitrios Margounakis and Apostolos Tsiakalos and Georgios Efstathopoulos}, url = {https://www.researchgate.net/publication/344386495_An_Anomaly_Detection_Mechanism_for_IEC_60870-5-104}, doi = {10.1109/MOCAST49295.2020.9200285}, year = {2020}, date = {2020-01-01}, booktitle = {2020 9th International Conference on Modern Circuits and Systems Technologies (MOCAST)}, abstract = {The transformation of the conventional electricity grid into a new paradigm called smart grid demands the appropriate cybersecurity solutions. In this paper, we focus on the security of the IEC 60870-5-104 (IEC-104) protocol which is commonly used by Supervisory Control and Data Acquisition (SCADA) systems in the energy domain. In particular, after investigating its security issues, we provide a multivariate Intrusion Detection System (IDS) which adopts both access control and outlier detection mechanisms in order to detect timely possible anomalies against IEC-104. The efficiency of the proposed IDS is reflected by the Accuracy and F1 metrics that reach 98% and 87%, respectively.}, keywords = {Anomaly Detection, Cybersecurity, Data Acquisition, IEC-60870- 5-104}, pubstate = {published}, tppubtype = {inproceedings} } Close The transformation of the conventional electricity grid into a new paradigm called smart grid demands the appropriate cybersecurity solutions. In this paper, we focus on the security of the IEC 60870-5-104 (IEC-104) protocol which is commonly used by Supervisory Control and Data Acquisition (SCADA) systems in the energy domain. In particular, after investigating its security issues, we provide a multivariate Intrusion Detection System (IDS) which adopts both access control and outlier detection mechanisms in order to detect timely possible anomalies against IEC-104. The efficiency of the proposed IDS is reflected by the Accuracy and F1 metrics that reach 98% and 87%, respectively. Close https://www.researchgate.net/publication/344386495_An_Anomaly_Detection_Mechanis[...] doi:10.1109/MOCAST49295.2020.9200285 Close

We’d love to hear about your projectStart a Project