Scientific Papers

Open Access scolar publications featured in scientific conferences, workshops and journals related to SPHINNX research areas

2022

Gioulekas, F., Stamatiadis, E., Tzikas, A., Gounaris, K., Georgiadou, A., Michalitsi-Psarrou, A., Doukas, G., et al. (2022). A Cybersecurity Culture Survey Targeting Healthcare Critical Infrastructures. Healthcare, 10(2), 327. MDPI AG. Retrieved from http://dx.doi.org/10.3390/healthcare10020327

Recent studies report that cybersecurity breaches noticed in hospitals are associated with low levels of personnel’s cybersecurity awareness. This work aims to assess the cybersecurity culture in healthcare institutions from middle- to low-income EU countries. The evaluation process was designed and performed via anonymous online surveys targeting individually ICT (internet and communication technology) departments and healthcare professionals. The study was conducted in 2019 for a health region in Greece, with a significant number of hospitals and health centres, a large hospital in Portugal, and a medical clinic in Romania, with 53.6% and 6.71% response rates for the ICT and healthcare professionals, respectively. Its findings indicate the necessity of establishing individual cybersecurity departments to monitor assets and attitudes while underlying the importance of continuous security awareness training programs. The analysis of our results assists in comprehending the countermeasures, which have been implemented in the healthcare institutions, and consequently enhancing cybersecurity defence while reducing the risk surface.

View Full-Text

2021

Karagiannis, S., Tokatlis, A., Pelekis, S., Kontoulis, M., Doukas, G., Ntanos, C., & Magkos, E. (2021). A-DEMO: ATT&CK Documentation, Emulation and Mitigation Operations: Deploying and Documenting Realistic Cyberattack Scenarios-A Rootkit Case Study. In 25th Pan-Hellenic Conference on Informatics (pp. 328-333).

Cyberattacks aimed at critical infrastructures are a tangible threat. Malicious actors can execute sequences of adversarial tactics, aiming to steal sensitive medical data or cause significant damage. The detection of such actions requires a thorough analysis of adversary behaviour and constant validation of security controls and mechanisms. Those can be achieved through realistic adversary emulations in safe testbed environments. This research paper proposes A-DEMO, a framework aimed at researchers and security analysts, that provides a structured methodology for the proper analysis, documentation and emulation of real-world cyberattacks along with mitigation actions. As a case study for validation of A-DEMO, a rootkit attack emulation against a replicated healthcare infrastructure is implemented and documented.

View Full-Text

Georgiadou, A., Michalitsi-Psarrou, A., Gioulekas, F., Stamatiadis, E., Tzikas, A., Gounaris, K., Doukas, G., et al. (2021). Hospitals’ Cybersecurity Culture during the COVID-19 Crisis. Healthcare, 9(10), 1335. MDPI AG. Retrieved from http://dx.doi.org/10.3390/healthcare9101335

The coronavirus pandemic led to an unprecedented crisis affecting all aspects of the concurrent reality. Its consequences vary from political and societal to technical and economic. These side effects provided fertile ground for a noticeable cyber-crime increase targeting critical infrastructures and, more specifically, the health sector; the domain suffering the most during the pandemic. This paper aims to assess the cybersecurity culture readiness of hospitals’ workforce during the COVID-19 crisis. Towards that end, a cybersecurity awareness webinar was held in December 2020 targeting Greek Healthcare Institutions. Concepts of cybersecurity policies, standards, best practices, and solutions were addressed. Its effectiveness was evaluated via a two-step procedure. Firstly, an anonymous questionnaire was distributed at the end of the webinar and voluntarily answered by attendees to assess the comprehension level of the presented cybersecurity aspects. Secondly, a post-evaluation phishing campaign was conducted approximately four months after the webinar, addressing non-medical employees. The main goal was to identify security awareness weaknesses and assist in drafting targeted assessment campaigns specifically tailored to the health domain needs. This paper analyses in detail the results of the aforementioned approaches while also outlining the lessons learned along with the future scientific routes deriving from this research.

View Full-Text

Doukas, G., Kontoulis, M., Pelekis, S., Ntanos, C., Askounis, D., Nikoloudakis, Y., Kefaloukos, I., Pallis, E. & Markakis, E. K. (2021). An Intuitive Distributed Cyber Situational Awareness Framework Within a Healthcare Environment. CYBER-PHYSICAL THREAT INTELLIGENCE FOR CRITICAL INFRASTRUCTURES SECURITY, 433.

Modern ICT ecosystems are complex, distributed infrastructures with multiple ingress and egress points. Countless network interactions, through different endpoints and terminals, such as IoT devices, web services, specialized appliances, etc., produce heterogeneous data with different context. This complexity and ever-increasing volume and heterogeneity of data renders the threat identification process rather difficult, or even impossible. Since traditional threat detection systems utilize only one type of data toprovide their predictions, systems that are able to ingest and analyse multiple, diverse types of data, to achieve a holistic awareness of the underlying system’s status, are required to effectively fortify such infrastructures. This work, which has been conducted within the context of the EU-funded project, SPHINX, elaborates on the design and development of a Machine Learning-based distributed Situational Awareness system, that collects several diverse information from its surrounding ICT environment, such as vulnerability assessment reports, Intrusion Detection System output, etc., and produces a risk assessment, correlated with the infrastructure’s assets’ value and safety status, concerning possible imminent security-related situations, such as cyber-attacks.

View Full-Text

Abie, H., Ferraro, D., Troiano, E., Soldatos, J., Di Peppo, F., Jovanović, A., Gkotsis, I. & Markakis, E. (Eds.) (2021). Consolidated Proceedings of the first ECSCI Workshop on Critical Infrastructure Protection Virtual Workshop, June 24–25, 2020. Steinbeis-Edition

Modern critical infrastructures (“critical entities” in the terminology of the new EU-CER Directive) are becoming increasingly complex, turning into distributed, large-scale cyber-physical systems. Cyberphysical attacks are increasing in number, scope, and sophistication, making it difficult to predict their total impact. Thus, addressing cyber security and physical security separately is no longer effective, but more integrated approaches, that consider both physical security risks and cyber-security risks, along with their interrelationships, interactions and cascading effects, are needed to face the challenge of combined cyber-physical attacks. To face them successfully, aligned and integrated responses are needed, and this workshop has provided a great opportunity to do it: aligning and integrating not only the positions of single projects but also of many intended users of their results.

This workshop presented the different approaches on integrated (i.e., cyber and physical) security in seven different industrial sectors, such as finance, healthcare, energy, air transport, communications, industrial plants, gas, and water. The peculiarities of critical infrastructure protection in each one of these sectors have been discussed and addressed by the different projects of the ECSCI cluster that presented their outcomes, discussing the technical, ethical and societal aspects and the underlying technologies.

Specifically, novel techniques have been presented for integrated security modelling, IoT security, artificial intelligence for securing critical infrastructures, resilience of critical infrastructures, distributed ledger technologies for security information sharing and increased automation for detection, prevention and mitigation measures.

The workshop included two opening remarks, two keynote speeches, 11 project presentations, 2 roundtable and panel discussions and 10 thematic presentations. The audience included scientists and experts in the field of critical infrastructure protection, CISOs, CIOs, CERTs, CSIRTs, CSOs, cyber and physical security experts representing different sector and policy makers for Critical Infrastructure protection.

View Full-Text

Panagiotidis, P., Angelidis, C., Karalis, I., Spyropoulos, G., & Liapis, A. (2021, July). Act Proactively: An Intrusion Prediction Approach for Cyber Security. In 2021 IEEE International Conference on Cyber Security and Resilience (CSR) (pp. 8-13). IEEE.

Despite the multitude of approaches proposed for intrusion detection, cyberattacks are still a timeless issue for the research community and industry as they cause various devastating effects to companies and organisations. There are limited intrusion prediction approaches in the literature, as the main bulk of methods focuses on cyberattack detection rather than prediction, which would allow the defenders (attack’s targets) to restrain/stop the attack. This work aims to identify known DoS and Probe attack patterns at their very beginning. Specifically, we use machine learning algorithms to predict the malicious packets of DoS and Probe attacks, raising the defender’s awareness to act proactively and stop the attack. To the best of our knowledge, this is the first time that time series analysis and machine learning techniques are used to model the intrusion prediction problem effectively. An extensive experimental study confirms the efficacy of the proposed approach according to multiple evaluation measures.

View Full-Text

Karagiannis, S., Manso, M., Magkos, E., Ribeiro, L. L., & Campos, L. (2021). Automated and On-Demand Cybersecurity Certification. In 2021 IEEE International Conference on Cyber Security and Resilience (CSR) (pp. 174-179). IEEE.

The digital world nowadays consists of a very high number of devices and software services that are being used and constantly exposed to the Internet. Furthermore, with the evolution of the Internet of Things (IoT), the cybersecurity threat landscape has overall increased. Consequently, various certification frameworks have been developed for maintaining the overall security posture and supporting the required security tests. This paper describes an approach for conducting automated and on-demand cybersecurity certification on systems and software components. Taking the existing cybersecurity frameworks and guidelines into consideration, the developed software/service component aims to provide auditing information and insights from the systems-on-the-test, to certify newly entering components that could increase the security risk. The recommended approach can be used for collecting, extracting, and generating reports regarding the security aspects of the submitted digital assets by deploying automated security tests and auditing processes that will contribute to the certification process.

View Full-Text

Grguric, A., Khan, O., Ortega-Gil, A., Markakis, E. K., Pozdniakov, K., Kloukinas, C., Medrano-Gil, M. A., Gaeta, E., Fico, G. & Koloutsou, K. (2021). Reference architectures, platforms, and pilots for european smart and healthy living—analysis and comparison. Electronics, 10(14), 1616.

The digital world nowadays consists of a very high number of devices and software services that are being used and constantly exposed to the Internet. Furthermore, with the evolution of the Internet of Things (IoT), the cybersecurity threat landscape has overall increased. Consequently, various certification frameworks have been developed for maintaining the overall security posture and supporting the required security tests. This paper describes an approach for conducting automated and on-demand cybersecurity certification on systems and software components. Taking the existing cybersecurity frameworks and guidelines into consideration, the developed software/service component aims to provide auditing information and insights from the systems-on-the-test, to certify newly entering components that could increase the security risk. The recommended approach can be used for collecting, extracting, and generating reports regarding the security aspects of the submitted digital assets by deploying automated security tests and auditing processes that will contribute to the certification process.

View Full-Text

Markopoulou, D., & Papakonstantinou, V. (2021). The regulatory framework for the protection of critical infrastructures against cyberthreats: Identifying shortcomings and addressing future challenges: The case of the health sector in particular. Computer law & security review, 41, 105502.

The concept of “Critical Infrastructures” is constantly evolving in order to reflect current concerns and to respond to new challenges, especially in terms of (cyber)security and resilience. Protection of critical infrastructures against numerous threats has therefore developed into a high priority at national and EU level. During the last two decades a new type of threat has prevailed in the Critical Infrastructure threat landscape, that of cyberattacks; Protection against them is the primary focus of this paper. In order to do so the analysis first aims to drop some light into the differences between Critical Infrastructures and Critical Information Infrastructures, terms that are often confused, and to indicate possible inadequacies in the applicable protection regulatory regime. Finally, the health sector has been chosen as a sector-specific case in an effort to demonstrate how protection of a Critical Infrastructure, challenged as it has been with a constantly increasing number of cyber incidents, could be sufficiently protected in the new digitalised era.

View Full-Text

2020

Karagiannis, S., Magkos, E., Ntantogian, C., & Ribeiro, L. L. (2020, September). Sandboxing the cyberspace for cybersecurity education and learning. In European Symposium on Research in Computer Security (pp. 181-196). Springer, Cham.

Deploying the appropriate digital environment for conducting cybersecurity exercises can be challenging and typically requires a lot of effort and system resources. Usually, for deploying vulnerable web services and setting up labs for hands-on cybersecurity exercises to take place, more configuration is required along with technical expertise. Containerization techniques and solutions provide less overhead and can be used instead of virtualization techniques to revise the existing approaches. Furthermore, it is important to sandbox or replicate existing systems or services for the cybersecurity exercises to be realistic. To address such challenges, we conducted a performance evaluation of some of the existing deployment techniques to analyze their benefits and drawbacks. We tested techniques relevant to containerization or MicroVMs that include less overhead instead of the regular virtualization techniques to provide meaningful and comparable results from the deployment of scalable solutions, demonstrating their benefits and drawbacks. Towards this direction, we present a use case for deploying cybersecurity exercises that requires less effort and moderate system resources. By using the deployed components, we provide a baseline proposal for monitoring the progress of the participants using a host-based intrusion system.

View Full-Text

Moustakidis, S., & Karlsson, P. (2020). A novel feature extraction methodology using Siamese convolutional neural networks for intrusion detection. Cybersecurity, 3(1), 1-13.

Intrusion detection systems (IDS) can play a significant role in detecting security threats or malicious attacks that aim to steal information and/or corrupt network protocols. To deal with the dynamic and complex nature of cyber-attacks, advanced intelligent tools have been applied resulting into powerful and automated IDS that rely on the latest advances of machine learning (ML) and deep learning (DL). Most of the reported effort has been devoted on building complex ML/DL architectures adopting a brute force approach towards the maximization of their detection capacity. However, just a limited number of studies have focused on the identification or extraction of user-friendly risk indicators that could be easily used by security experts. Many papers have explored various dimensionality reduction algorithms, however a large number of selected features is still required to detect the attacks successfully, which humans cannot intuitively or immediately understand. To enhance user’s trust and understanding on data without sacrificing on accuracy, this paper contributes to the transformation of the available data collected by IDS into a single actionable and easy-to-understand risk indicator. To achieve this, a novel feature extraction pipeline was implemented consisting of the following components: (i) a fuzzy allocation scheme that transforms raw data to fuzzy class memberships, (ii) a novel modality transformation mechanism for converting feature vectors to images (Vec2im) and (iii) a dimensionality reduction module that makes use of Siamese convolutional neural networks that finally reduces the input data dimensionality into a 1-d feature space. The performance of the proposed methodology was validated with respect to detection accuracy, dimensionality reduction performance and execution time on the NSL-KDD dataset via a thorough comparative analysis that demonstrated its effectiveness (86.64% testing accuracy using only one feature) over a number of well-known feature selection (FS) and extraction techniques. The output of the proposed feature extraction pipeline could be potentially used by security experts as an indicator of malicious activity, whereas the generated images could be further utilized and/or integrated as a visual analytics tool in existing IDS.

View Full-Text

Manso, M., Guerra, B., Doukas, G., & Moumtzi, V. (2020). Innovative toolkit to assess and mitigate cyber threats in the healthcare sector. CYBER-PHYSICAL THREAT INTELLIGENCE FOR CRITICAL INFRASTRUCTURES SECURITY, 206.

Cybersecurity is an increasingly critical aspect of healthcare information technology infrastructure. Nowadays, the rapid digitisation of healthcare delivery, from electronic health records and telehealth (eHealth services) to mobile health (mHealth) and network-enabled medical devices, introduces risks related to cybersecurity vulnerabilities that are particularly worrisome because cyber attacks in a healthcare setting may result in the exposure of highly sensitive personal information, cause disruptions in clinical care or affect the safety of patients, for example, by compromising the integrity of data or impairing medical device functionality. The threat is real and growing in tandem with the pace of the healthcare industry digitisation [1]. Yet, cybersecurity capacities currently remain behind the pressing needs, lagging the robust pace of adoption of digital networks by threat actors. This disconnect places the multitrillion-euro healthcare sector at risk of even more significant cyberattacks. A new generation of cybersecurity tools, specifically designed for the healthcare domain, takes on the challenge of surpassing that disconnect and setting higher standards on cybersecurity for healthcare organisations. The proposed architecture combines a smart and robust security awareness layer, equipped with a wide range of tools that build a personalised data security management platform. The combined use of state-of-the-art technologies to effectively prevent, respond and recover from cyber attacks, while managing to raise awareness and provide timely actionable information is a promising compound for enhancing cybersecurity within the healthcare IT ecosystem.

View Full-Text

Stoyanova, M., Nikoloudakis, Y., Panagiotakis, S., Pallis, E., & Markakis, E. K. (2020). A survey on the internet of things (IoT) forensics: challenges, approaches, and open issues. IEEE Communications Surveys & Tutorials, 22(2), 1191-1221.

Today is the era of the Internet of Things (IoT). The recent advances in hardware and information technology have accelerated the deployment of billions of interconnected, smart and adaptive devices in critical infrastructures like health, transportation, environmental control, and home automation. Transferring data over a network without requiring any kind of human-to-computer or human-to-human interaction, brings reliability and convenience to consumers, but also opens a new world of opportunity for intruders, and introduces a whole set of unique and complicated questions to the field of Digital Forensics. Although IoT data could be a rich source of evidence, forensics professionals cope with diverse problems, starting from the huge variety of IoT devices and non-standard formats, to the multi-tenant cloud infrastructure and the resulting multi-jurisdictional litigations. A further challenge is the end-to-end encryption which represents a trade-off between users’ right to privacy and the success of the forensics investigation. Due to its volatile nature, digital evidence has to be acquired and analyzed using validated tools and techniques that ensure the maintenance of the Chain of Custody. Therefore, the purpose of this paper is to identify and discuss the main issues involved in the complex process of IoT-based investigations, particularly all legal, privacy and cloud security challenges. Furthermore, this work provides an overview of the past and current theoretical models in digital forensics science. Special attention is paid to frameworks that aim to extract data in a privacy-preserving manner or secure the evidence integrity using decentralized blockchain-based solutions. In addition, the present paper addresses the ongoing Forensics-as-a-Service (FaaS) paradigm, as well as some promising cross-cutting data reduction and forensics intelligence techniques. Finally, several other research trends and open issues are presented, with emphasis on the need for proactive Forensics Readiness strategies and generally agreed-upon standards.

View Full-Text

2019

de Diego, S., Gonçalves, C., Lage, O., Mansell, J., Kontoulis, M., Moustakidis, S., ... & Liapis, A. (2019, October). Blockchain-Based Threat Registry Platform. In 2019 IEEE 10th Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON) (pp. 0892-0898). IEEE.

This document presents a reference architecture for a Blockchain-based Threat Registry platform, named BBTR, to share information about treats among different actors. The design of the BBTR guarantees integrity and availability of the data stored in it and is also compatible with privacy requirements, allowing different actors to participate as users of this shared BaaS (Blockchain as a Service). The paper also shows how this approach can be combined with AI techniques to extract valuable information from the threats directly from the Blockchain, empowering the final solution with a decision-making engine. It also includes its validation in a use case in the Health care domain.

View Full-Text

Markakis, E., Nikoloudakis, Y., Pallis, E., & Manso, M. (2019). Security assessment as a service cross-layered system for the adoption of digital, personalised and trusted healthcare. In 2019 IEEE 5th World Forum on Internet of Things (WF-IoT) (pp. 91-94). IEEE.

The healthcare sector is exploring the incorporation of digital solutions in order to improve access, reduce costs, increase quality and enhance their capacity in reaching a higher number of citizens. However, this opens healthcare organisations’ systems to external elements used within or beyond their premises, new risks and vulnerabilities in what regards cyber threats and incidents. We propose the creation of a Security Assessment as a Service (SAaaS) crosslayered system that is able to identify vulnerabilities and proactively assess and mitigate threats in an IT healthcare ecosystem exposed to external devices and interfaces, considering that most users are not experts (even technologically illiterate”) in cyber security and, thus, unaware of security tactics or policies whatsoever. The SAaaS can be integrated in an IT healthcare environment allowing the monitoring of existing and new devices, the limitation of connectivity and privileges to new devices, assess a device’s cybersecurity risk and – based on the device’s behaviour – the assignment and revoking of privileges. The SAaaS brings a controlled cyber aware environment that assures security, confidentiality and trust, even in the presence of non-trusted devices and environments.

View Full-Text