Πλοήγηση ανά Συγγραφέας "Markakis, Evangelos"

Τώρα δείχνει 1 - 2 of 2
  • Μικρογραφία εικόνας
    Τεκμήριο
    Automated network data-driven seed generation for gray-box fuzzers based on generative adversarial network.
    (ΕΛΜΕΠΑ, Σχολή Μηχανικών (ΣΜΗΧ), ΠΜΣ Μηχανικών Πληροφορικής, 2024-09-03) Kefaloukos, Ioannis-Georgios; Κεφαλούκος, Ιωάννης-Γεώργιος; Markakis, Evangelos; Μαρκάκης, Ευάγγελος
    Cyber-attacks are assaults launched by cybercriminals utilizing network-enabled entities. Nowadays, the ever-increasing number of heterogeneous internet-connected entities has resulted in a wider cyber-threat landscape due to the exposure of their resources, services, and interfaces, potentially rendering the network prone to malicious attacks. With the introduction of new and the updation of existing architectural paradigms and methodologies such as Cloud Computing (CC), Fog Computing (FC), Extreme Edge Computing (EC), Internet of Things (loT), and Machine Learning (ML) and with the abundance of Information and Communications Technology (ICT) resources the attackers have devised more sophisticated ways to achieve their objectives. In our current era, the complexity that occurs in an ICT environment leads to new vulnerabilities within a network. At the same time, modern cybersecurity tools such as Intrusion Detection Systems (IDS), Anomaly Detection (AD), etc. focus on generic vulnerability categories. These issues, combined with the increase in variety and volume of cyber-attacks, pose an immense threat to everyone. Securing every connected entity within a network is a time-consuming, tedious, and challenging task, thus, a way to detect and address new vulnerabilities and bugs that each device and service contains had to be devised. Evidently, the detection of these vulnerabilities and bugs has to be automated, considering the number of services that co-exist in an entity and the vast number of different entities that co-exist within a network, thus guaranteeing its smooth operation. For that reason. fuzzing, an automated software testing technique, has gained traction for its potential to identify known and unknown vulnerabilities. However, prevailing fuzzing approaches often require human intervention in various steps of the process such as seed file generation, provide limited code coverage, and are resource-intensive. This work aims to explore automating and fine-tuning the seed file generation within grey-box fuzzers. To overcome these challenges, we propose a solution that automates seed refinement utilising a Generative Adversarial Network (GAN) in conjunction with dynamic network monitoring. By producing refined seed files and prioritizing them for testing, our approach aims to enhance vulnerability detection capabilities, deepening coverage while reducing processing time.
  • Μικρογραφία εικόνας
    Τεκμήριο
    Complete near-real-time machine learning - based network intrusion detection system.
    (ΕΛΜΕΠΑ, Σχολή Μηχανικών (ΣΜΗΧ), Τμήμα Ηλεκτρολόγων Μηχανικών και Μηχανικών Υπολογιστών, 2024-10-15) Sygletos, Dimitrios; Συγλέτος, Δημήτριος; Markakis, Evangelos; Μαρκάκης, Ευάγγελος
    The rapid growth of the Internet in recent years has allowed technological advancements, including communication fields by enabling global connectivity in real time, which has broken down geographical barriers and allows communication with anyone, anywhere, at any time. The size of the network data and the corresponding information that gets transmitted though communication channels have significantly increased as a result of these improvements, while technological advancement creates concerns regarding the security of data during transactions, since even the simplest transactions contain sensitive information. The security of the data is constantly under threat, while cyber-crimes are evolving to be more effective and complicated to detect. However, cyber security techniques are under constant enhancement as well. Researchers are investigating and employing a variety of approaches to secure computers and networks in order to protect systems and data. Among the suggested approaches resides the development of systems that analyze the network, monitor for signs of malicious activity, and trigger an alert when they detect potential threats, namely Network Intrusion Detection Systems (NIDSs). Initially, these systems were signature-based detection systems. The signature-based technique refers to maintaining indicative malicious traffic, which may constitute cyber-attacks, in a database and comparing incoming traffic with the stored traffic. Nonetheless, this technique has a drawback: it cannot recognize intrusions if they don't exist in the database, i.e., unknown attacks. To compensate for this problem, Machine Learning (ML) and Deep Learning (DL) techniques were introduced into NIDSs to enhance detection efficacy and potentially identify unknown attacks, namely zero-day attacks, which is among the main reasons why researchers are concentrating increasingly on this appealing method. ML and DL models are trained with network traffic data in order to learn to identify patterns of malicious and benign activity. A challenge of this approach is that ML and DL models should always be trained and tested with modern network traffic in order to achieve improved detection results, while models should also be evaluated in realistic network environments. Although there are numerous studies across the literature that propose and develop NIDS solutions, the majority of them don’t deploy the model after training into a realistic network for validation or they use outdated datasets for the training of the model. This thesis proposes a NIDS that incorporates a model that was developed to detect intrusions with the utilization of the DL method and an in-house dataset developed in our laboratory, which portrays modern network traffic. The dataset was typically divided into training and testing sets and ML metrics such as Accuracy, Recall, Precision and F1-score were used to evaluate the models’ performance during the training and testing phase while the NIDS was also deployed in a realistic network and was evaluated in near-real time conditions. The proposed model showcased promising results, by achieving over 97% rate on the accuracy evaluation metric during the training phase and over 90% when deployed in a realistic network environment and evaluated during a near-real time scenario. By using the proposed NIDS to detect network intrusions, a system administrator may monitor and possibly prevent intrusions in near real-time.