@article{article,

title = {SPEAR SIEM: A Security Information and Event Management system for the Smart Grid},

author = {Panagiotis Radoglou Grammatikis and Panagiotis Sarigiannidis and Eider Iturbe and Erkuden Rios and Saturnino Martinez and Antonios Sarigiannidis and Georgios Efstathopoulos and Yannis Spyridis and Achilleas Sesis and Nikolaos Vakakis and Dimitrios Tzovaras and Emmanouil Kafetzakis and Ioannis Giannoulakis and Michalis Tzifas and Alkiviadis Giannakoulias and Michail Angelopoulos and Francisco Ramos},

url = {https://www.researchgate.net/publication/350287201_SPEAR_SIEM_A_Security_Information_and_Event_Management_system_for_the_Smart_Grid},

doi = {10.1016/j.comnet.2021.108008},

year  = {2021},

date = {2021-01-01},

journal = {Computer Networks},

abstract = {The technological leap of smart technologies has brought the conventional electrical grid in a new digital era called Smart Grid (SG), providing multiple benefits, such as two-way communication, pervasive control and self-healing. However, this new reality generates significant cybersecurity risks due to the heterogeneous and insecure nature of SG. In particular, SG relies on legacy communication protocols that have not been implemented having cybersecurity in mind. Moreover, the advent of the Internet of Things (IoT) creates severe cybersecurity challenges. The Security Information and Event Management (SIEM) systems constitute an emerging technology in the cybersecurity area, having the capability to detect, normalise and correlate a vast amount of security events. They can orchestrate the entire security of a smart ecosystem, such as SG. Nevertheless, the current SIEM systems do not take into account the unique SG peculiarities and characteristics like the legacy communication protocols. In this paper, we present the Secure and PrivatE smArt gRid (SPEAR) SIEM, which focuses on SG. The main contribution of our work is the design and implementation of a SIEM system capable of detecting, normalising and correlating cyberattacks and anomalies against a plethora of SG application-layer protocols. It is noteworthy that the detection performance of the SPEAR SIEM is demonstrated with real data originating from four real SG use case (a) hydropower plant, (b) substation, (c) power plant and (d) smart home.},

keywords = {Anomaly Detection, Auto-encoder, Cybersecurity, Deep Learning, Generative Adversarial Network, Machine Learning, Modbus, Smart Grid},

pubstate = {published},

tppubtype = {article}

}

@article{kelli2021ids,

title = {IDS for industrial applications: a federated learning approach with active personalization},

author = {Vasiliki Kelli and Vasileios Argyriou and Thomas Lagkas and George Fragulis and Elisavet Grigoriou and Panagiotis Sarigiannidis},

url = {https://www.mdpi.com/1424-8220/21/20/6743},

doi = {10.3390/s21206743},

year  = {2021},

date = {2021-01-01},

urldate = {2021-01-01},

journal = {Sensors},

volume = {21},

number = {20},

pages = {6743},

publisher = {MDPI},

abstract = { Internet of Things (IoT) is a concept adopted in nearly every aspect of human life, leading to an explosive utilization of intelligent devices. Notably, such solutions are especially integrated in the industrial sector, to allow the remote monitoring and control of critical infrastructure. Such global integration of IoT solutions has led to an expanded attack surface against IoT-enabled infrastructures. Artificial intelligence and machine learning have demonstrated their ability to resolve issues that would have been impossible or difficult to address otherwise; thus, such solutions are closely associated with securing IoT. Classical collaborative and distributed machine learning approaches are known to compromise sensitive information. In our paper, we demonstrate the creation of a network flow-based Intrusion Detection System (IDS) aiming to protecting critical infrastructures, stemming from the pairing of two machine learning techniques, namely, federated learning and active learning. The former is utilized for privately training models in federation, while the latter is a semi-supervised approach applied for global model adaptation to each of the participant’s traffic. Experimental results indicate that global models perform significantly better for each participant, when locally personalized with just a few active learning queries. Specifically, we demonstrate how the accuracy increase can reach 7.07% in only 10 queries. View Full-Text },

keywords = {Active Learning, Federated Learning, Internet of Things (IoT), Intrusion Detection System, Machine Learning, Personalization},

pubstate = {published},

tppubtype = {article}

}

@article{radoglou2021modeling,

title = {Modeling, detecting, and mitigating threats against industrial healthcare systems: a combined software defined networking and reinforcement learning approach},

author = {Panagiotis Radoglou-Grammatikis and Konstantinos Rompolos and Panagiotis Sarigiannidis and Vasileios Argyriou and Thomas Lagkas and Antonios Sarigiannidis and Sotirios Goudos and Shaohua Wan},

url = {https://ieeexplore.ieee.org/abstract/document/9470933},

doi = {10.1109/TII.2021.3093905},

year  = {2021},

date = {2021-01-01},

urldate = {2021-01-01},

journal = {IEEE Transactions on Industrial Informatics},

volume = {18},

number = {3},

pages = {2041--2052},

publisher = {IEEE},

abstract = {The rise of the Internet of Medical Things introduces the healthcare ecosystem in a new digital era with multiple benefits, such as remote medical assistance, real-time monitoring, and pervasive control. However, despite the valuable healthcare services, this progression raises significant cybersecurity and privacy concerns. In this article, we focus our attention on the IEC 60 870-5-104 protocol, which is widely adopted in industrial healthcare systems. First, we investigate and assess the severity of the IEC 60 870-5-104 cyberattacks by providing a quantitative threat model, which relies on Attack Defence Trees and Common Vulnerability Scoring System v3.1. Next, we introduce an intrusion detection and prevention system (IDPS), which is capable of discriminating and mitigating automatically the IEC 60 870-5-104 cyberattacks. The proposed IDPS takes full advantage of the machine learning (ML) and software defined networking (SDN) technologies. ML is used to detect the IEC 60 870-5-104 cyberattacks, utilizing 1) Transmission Control Protocol/Internet Protocol network flow statistics and 2) IEC 60 870-5-104 payload flow statistics. On the other side, the automated mitigation is transformed into a multiarmed bandit problem, which is solved through a reinforcement learning method called Thomson sampling and SDN. The evaluation analysis demonstrates the efficiency of the proposed IDPS in terms of intrusion detection accuracy and automated mitigation performance. The detection accuracy and the F1 score of the proposed IDPS reach 0.831 and 0.8258, respectively, while the mitigation accuracy is calculated at 0.923.},

keywords = {Cybersecurity, IEC-60870- 5-104, Internet of Things (IoT), Intrusion detection, Machine Learning, Software Defined Networks},

pubstate = {published},

tppubtype = {article}

}

@article{LYTOS2020107147,

title = {Towards smart farming: Systems, frameworks and exploitation of multiple sources},

author = {Anastasios Lytos and Thomas Lagkas and Panagiotis Sarigiannidis and Michalis Zervakis and George Livanos},

url = {https://www.sciencedirect.com/science/article/pii/S1389128620301201},

doi = {https://doi.org/10.1016/j.comnet.2020.107147},

issn = {1389-1286},

year  = {2020},

date = {2020-01-01},

journal = {Computer Networks},

volume = {172},

pages = {107147},

abstract = {Agriculture is by its nature a complicated scientific field, related to a wide range of expertise, skills, methods and processes which can be effectively supported by computerized systems. There have been many efforts towards the establishment of an automated agriculture framework, capable to control both the incoming data and the corresponding processes. The recent advances in the Information and Communication Technologies (ICT) domain have the capability to collect, process and analyze data from different sources while materializing the concept of agriculture intelligence. The thriving environment for the implementation of different agriculture systems is justified by a series of technologies that offer the prospect of improving agricultural productivity through the intensive use of data. The concept of big data in agriculture is not exclusively related to big volume, but also on the variety and velocity of the collected data. Big data is a key concept for the future development of agriculture as it offers unprecedented capabilities and it enables various tools and services capable to change its current status. This survey paper covers the state-of-the-art agriculture systems and big data architectures both in research and commercial status in an effort to bridge the knowledge gap between agriculture systems and exploitation of big data. The first part of the paper is devoted to the exploration of the existing agriculture systems, providing the necessary background information for their evolution until they have reached the current status, able to support different platforms and handle multiple sources of information. The second part of the survey is focused on the exploitation of multiple sources of information, providing information for both the nature of the data and the combination of different sources of data in order to explore the full potential of ICT systems in agriculture.},

keywords = {Agriculture, Big Data, Internet of Things, Machine Learning, Smart farming},

pubstate = {published},

tppubtype = {article}

}