Πλοήγηση ανά Συγγραφέας "Markakis, Evangelos"

Τώρα δείχνει 1 - 4 of 4
  • Μικρογραφία εικόνας
    Τεκμήριο
    Automated network data-driven seed generation for gray-box fuzzers based on generative adversarial network.
    (ΕΛΜΕΠΑ, Σχολή Μηχανικών (ΣΜΗΧ), ΠΜΣ Μηχανικών Πληροφορικής, 2024-09-03) Kefaloukos, Ioannis-Georgios; Κεφαλούκος, Ιωάννης-Γεώργιος; Markakis, Evangelos; Μαρκάκης, Ευάγγελος
    Cyber-attacks are assaults launched by cybercriminals utilizing network-enabled entities. Nowadays, the ever-increasing number of heterogeneous internet-connected entities has resulted in a wider cyber-threat landscape due to the exposure of their resources, services, and interfaces, potentially rendering the network prone to malicious attacks. With the introduction of new and the updation of existing architectural paradigms and methodologies such as Cloud Computing (CC), Fog Computing (FC), Extreme Edge Computing (EC), Internet of Things (loT), and Machine Learning (ML) and with the abundance of Information and Communications Technology (ICT) resources the attackers have devised more sophisticated ways to achieve their objectives. In our current era, the complexity that occurs in an ICT environment leads to new vulnerabilities within a network. At the same time, modern cybersecurity tools such as Intrusion Detection Systems (IDS), Anomaly Detection (AD), etc. focus on generic vulnerability categories. These issues, combined with the increase in variety and volume of cyber-attacks, pose an immense threat to everyone. Securing every connected entity within a network is a time-consuming, tedious, and challenging task, thus, a way to detect and address new vulnerabilities and bugs that each device and service contains had to be devised. Evidently, the detection of these vulnerabilities and bugs has to be automated, considering the number of services that co-exist in an entity and the vast number of different entities that co-exist within a network, thus guaranteeing its smooth operation. For that reason. fuzzing, an automated software testing technique, has gained traction for its potential to identify known and unknown vulnerabilities. However, prevailing fuzzing approaches often require human intervention in various steps of the process such as seed file generation, provide limited code coverage, and are resource-intensive. This work aims to explore automating and fine-tuning the seed file generation within grey-box fuzzers. To overcome these challenges, we propose a solution that automates seed refinement utilising a Generative Adversarial Network (GAN) in conjunction with dynamic network monitoring. By producing refined seed files and prioritizing them for testing, our approach aims to enhance vulnerability detection capabilities, deepening coverage while reducing processing time.
  • Μικρογραφία εικόνας
    Τεκμήριο
    Complete near-real-time machine learning - based network intrusion detection system.
    (ΕΛΜΕΠΑ, Σχολή Μηχανικών (ΣΜΗΧ), Τμήμα Ηλεκτρολόγων Μηχανικών και Μηχανικών Υπολογιστών, 2024-10-15) Sygletos, Dimitrios; Συγλέτος, Δημήτριος; Markakis, Evangelos; Μαρκάκης, Ευάγγελος
    The rapid growth of the Internet in recent years has allowed technological advancements, including communication fields by enabling global connectivity in real time, which has broken down geographical barriers and allows communication with anyone, anywhere, at any time. The size of the network data and the corresponding information that gets transmitted though communication channels have significantly increased as a result of these improvements, while technological advancement creates concerns regarding the security of data during transactions, since even the simplest transactions contain sensitive information. The security of the data is constantly under threat, while cyber-crimes are evolving to be more effective and complicated to detect. However, cyber security techniques are under constant enhancement as well. Researchers are investigating and employing a variety of approaches to secure computers and networks in order to protect systems and data. Among the suggested approaches resides the development of systems that analyze the network, monitor for signs of malicious activity, and trigger an alert when they detect potential threats, namely Network Intrusion Detection Systems (NIDSs). Initially, these systems were signature-based detection systems. The signature-based technique refers to maintaining indicative malicious traffic, which may constitute cyber-attacks, in a database and comparing incoming traffic with the stored traffic. Nonetheless, this technique has a drawback: it cannot recognize intrusions if they don't exist in the database, i.e., unknown attacks. To compensate for this problem, Machine Learning (ML) and Deep Learning (DL) techniques were introduced into NIDSs to enhance detection efficacy and potentially identify unknown attacks, namely zero-day attacks, which is among the main reasons why researchers are concentrating increasingly on this appealing method. ML and DL models are trained with network traffic data in order to learn to identify patterns of malicious and benign activity. A challenge of this approach is that ML and DL models should always be trained and tested with modern network traffic in order to achieve improved detection results, while models should also be evaluated in realistic network environments. Although there are numerous studies across the literature that propose and develop NIDS solutions, the majority of them don’t deploy the model after training into a realistic network for validation or they use outdated datasets for the training of the model. This thesis proposes a NIDS that incorporates a model that was developed to detect intrusions with the utilization of the DL method and an in-house dataset developed in our laboratory, which portrays modern network traffic. The dataset was typically divided into training and testing sets and ML metrics such as Accuracy, Recall, Precision and F1-score were used to evaluate the models’ performance during the training and testing phase while the NIDS was also deployed in a realistic network and was evaluated in near-real time conditions. The proposed model showcased promising results, by achieving over 97% rate on the accuracy evaluation metric during the training phase and over 90% when deployed in a realistic network environment and evaluated during a near-real time scenario. By using the proposed NIDS to detect network intrusions, a system administrator may monitor and possibly prevent intrusions in near real-time.
  • Μικρογραφία εικόνας
    Τεκμήριο
    Towards a cybersecurity risk assessment procedure incorporating human vulnerabilities
    (ΕΛΜΕΠΑ, Σχολή Μηχανικών (ΣΜΗΧ), ΠΜΣ Μηχανικών Πληροφορικής, 2025-02-26) Papacharoucha, Dimitra; Παπατσαρούχα, Δήμητρα; Markakis, Evangelos; Μαρκάκης, Ευάγγελος
    In cybersecurity, risk assessment models investigate the possibility of a system experiencing various cyberattack scenarios, as well as the impact these scenarios may have if they are realized. As a result of the evaluation, a risk level or score is determined, and the insight gained aids in the development of effective mitigation strategies. Risk assessment in cybersecurity often refers to the assessment of digital assets and their technical vulnerabilities. Recently, the need for shifting the attention towards human factor vulnerabilities and including them in holistic risk assessment processes has become a demand in the realm of cybersecurity, since they are more often than not the focus of cyber criminals, as opposed to exploiting the flaws of machines. Human vulnerabilities include not only factors affecting susceptibility to cyber threats, rather any aspect of human factors that may – intentionally or unintentionally – pose a serious threat to the security and integrity of computer systems and data. Currently, there are several approaches towards human vulnerability assessment; nonetheless, some major factors are yet to be included in the assessment process, such as the likelihood of a legitimate user behaving deliberately as an insider threat (e.g., level of maliciousness). The level of a user’s maliciousness may not be a vulnerability for the user per se; however, it is considered a vulnerability for the environment in which the malicious user operates. Furthermore, human vulnerability assessment is still neglected from many frameworks aiming to assess the cybersecurity capacity or risk level of an environment. Through an extensive review of related literature and drawing inspiration from current vulnerability and risk assessment methodologies, this thesis aims to design and propose two frameworks: a Human Vulnerability Assessment (HVA) Framework that will offer a continuous and multi-factor end-user vulnerability assessment, in which maliciousness assessment will also be included; a Holistic Cybersecurity Risk Assessment (HCRA) Framework that will consider both technical and human vulnerabilities in the risk assessment and calculation process. The two proposed frameworks are evaluated against a realistic use-case that reflects the holistic cybersecurity risk assessment of an organization comprising two departments and several digital assets and their human operators.
  • Μικρογραφία εικόνας
    Τεκμήριο
    Towards a situational awareness-oriented network intrusion detection system
    (ΕΛΜΕΠΑ, Σχολή Μηχανικών (ΣΜΗΧ), ΠΜΣ Μηχανικών Πληροφορικής, 2025-02-26) Klados, Stylianos; Κλάδος, Στυλιανός; Markakis, Evangelos; Μαρκάκης, Ευάγγελος
    In recent years, cyber-attacks have rapidly increased and become more and more sophisticated. As a result, the detection of malicious activity in cyberspace has become a complex task. Machine learning (ML)-based Network Intrusion Detection Systems (NIDS) are one of the most promising areas of study that can aid in discovering and assessing malicious activities. Such systems utilize specially created datasets to train their ML algorithms and eventually predict if an attack is occurring or not. Most ML-based NIDSs are trained on network-only data, therefore system or firewall logs, which may give critical cybersecurity incident information, are seldom used. To the best of our knowledge, a dataset that fuses such heterogeneous data for ML-based NIDS applications is not yet proposed. This thesis proposes a heterogeneous dataset that consists of three different types of data, namely: network traffic data, information stemming from a vulnerability assessment tool, and system logs. The network part of the dataset comprises NetFlow network protocol data [1]. Regarding the vulnerability part, an extra feature has been added to the dataset indicating the existence or not of any system vulnerability. Moreover, the system logs that have been added to the dataset were interpreted into numerical scores, through sentiment analysis by using Natural Language Processing (NLP). The aforementioned different types of data were time-correlated and fused into a single heterogeneous dataset. The proposed dataset was used to train six (6) ML algorithms, and the prediction results from this procedure were used to evaluate it as a training dataset. KDD'99 and CCD-IDSv1 were also utilized to train the same ML algorithms, and their prediction results were compared to those of the proposed dataset. Finally, the findings showed that the ML models trained with the suggested heterogeneous dataset had higher post-training accuracy predictions.