2021
P. Radoglou-Grammatikis; A. Liatifis; E. Grigoriou; T. Saoulidis; A. Sarigiannidis; T. Lagkas; P. Sarigiannidis
TRUSTY: A solution for threat hunting using data analysis in critical infrastructures Conference
2021.
Περίληψη | BibTeX | Ετικέτες: Cybersecurity, Dataset, Honeypot, Industrial Internet of Things, Multi-Armed Bandit, Reinforcement Learning, Thompson Sampling | Σύνδεσμοι:
@conference{Radoglou-Grammatikis2021485,
title = {TRUSTY: A solution for threat hunting using data analysis in critical infrastructures},
author = { P. Radoglou-Grammatikis and A. Liatifis and E. Grigoriou and T. Saoulidis and A. Sarigiannidis and T. Lagkas and P. Sarigiannidis},
url = {https://www.researchgate.net/publication/354396254_TRUSTY_A_Solution_for_Threat_Hunting_Using_Data_Analysis_in_Critical_Infrastructures},
doi = {10.1109/CSR51186.2021.9527936},
year = {2021},
date = {2021-01-01},
journal = {Proceedings of the 2021 IEEE International Conference on Cyber Security and Resilience, CSR 2021},
pages = {485-490},
abstract = {The rise of the Industrial Internet of Things (IIoT) plays a crucial role in the era of hyper-connected digital economies. Despite the valuable benefits, such as increased resiliency, self-monitoring and pervasive control, IIoT raises severe cybersecurity and privacy risks, allowing cyberattackers to exploit a plethora of vulnerabilities and weaknesses that can lead to disastrous consequences. Although the Intrusion Detection and Prevention Systems (IDPS) constitute valuable solutions, they suffer from several gaps, such as zero-day attacks, unknown anomalies and false positives. Therefore, the presence of supporting mechanisms is necessary. To this end, honeypots can protect the real assets and trap the cyberattackers. In this paper, we provide a web-based platform called TRUSTY , which is capable of aggregating, storing and analysing the detection results of multiple industrial honeypots related to Modbus/Transmission Control Protocol (TCP), IEC 60870-5-104, BACnet, Message Queuing Telemetry Transport (MQTT) and EtherNet/IP. Based on this analysis, we provide a dataset related to honeypot security events. Moreover, this paper provides a Reinforcement Learning (RL) method, which decides about the number of honeypots that can be deployed in an industrial environment in a strategic way. In particular, this decision is converted into a Multi-Armed Bandit (MAB), which is solved with the Thompson Sampling (TS) method. The evaluation analysis demonstrates the efficiency of the proposed method. © 2021 IEEE.},
keywords = {Cybersecurity, Dataset, Honeypot, Industrial Internet of Things, Multi-Armed Bandit, Reinforcement Learning, Thompson Sampling},
pubstate = {published},
tppubtype = {conference}
}
2020
P. Radoglou-Grammatikis; P. Sarigiannidis; E. Iturbe; E. Rios; A. Sarigiannidis; O. Nikolis; D. Ioannidis; V. Machamint; M. Tzifas; A. Giannakoulias; M. Angelopoulos; A. Papadopoulos; F. Ramos
Secure and private smart grid: The SPEAR architecture Conference
2020 6th IEEE Conference on Network Softwarization (NetSoft), IEEE, 2020.
Περίληψη | BibTeX | Ετικέτες: Anomaly Detection, Anonymity, Cybersecurity, Forensics, Honeypots, Intrusion detection, Privacy, Smart Grid | Σύνδεσμοι:
@conference{Grammatikis2020450,
title = {Secure and private smart grid: The SPEAR architecture},
author = { P. Radoglou-Grammatikis and P. Sarigiannidis and E. Iturbe and E. Rios and A. Sarigiannidis and O. Nikolis and D. Ioannidis and V. Machamint and M. Tzifas and A. Giannakoulias and M. Angelopoulos and A. Papadopoulos and F. Ramos},
url = {https://www.researchgate.net/publication/343621502_Secure_and_Private_Smart_Grid_The_SPEAR_Architecture?_sg=ajSET8e8bb-KvKba1e9QHd7a7IFuKtI-72RhxDMcm-yozF1Q-5Jx4b8jAVrAhVncE1vtLBx2eVdgcx4},
doi = {10.1109/NetSoft48620.2020.9165420},
year = {2020},
date = {2020-06-01},
booktitle = {2020 6th IEEE Conference on Network Softwarization (NetSoft)},
journal = {Proceedings of the 2020 IEEE Conference on Network Softwarization: Bridging the Gap Between AI and Network Softwarization, NetSoft 2020},
pages = {450-456},
publisher = {IEEE},
abstract = {Information and Communication Technology (ICT) is an integral part of Critical Infrastructures (CIs), bringing both significant pros and cons. Focusing our attention on the energy sector, ICT converts the conventional electrical grid into a new paradigm called Smart Grid (SG), providing crucial benefits such as pervasive control, better utilisation of the existing resources, self-healing, etc. However, in parallel, ICT increases the attack surface of this domain, generating new potential cyberthreats. In this paper, we present the Secure and PrivatE smArt gRid (SPEAR) architecture which constitutes an overall solution aiming at protecting SG, by enhancing situational awareness, detecting timely cyberattacks, collecting appropriate forensic evidence and providing an anonymous cybersecurity information-sharing mechanism. Operational characteristics and technical specifications details are analysed for each component, while also the communication interfaces among them are described in detail. © 2020 IEEE.},
keywords = {Anomaly Detection, Anonymity, Cybersecurity, Forensics, Honeypots, Intrusion detection, Privacy, Smart Grid},
pubstate = {published},
tppubtype = {conference}
}
D. Pliatsios; P. Sarigiannidis; G. Efstathopoulos; A. Sarigiannidis; A. Tsiakalos
Trust Management in Smart Grid: A Markov Trust Model Conference
2020.
Περίληψη | BibTeX | Ετικέτες: Advanced Metering Infrastructure, Cybersecurity, Markov Model, Smart Grid, Trust Model | Σύνδεσμοι:
@conference{Pliatsios2020b,
title = {Trust Management in Smart Grid: A Markov Trust Model},
author = { D. Pliatsios and P. Sarigiannidis and G. Efstathopoulos and A. Sarigiannidis and A. Tsiakalos},
url = {https://www.researchgate.net/publication/345186037_Trust_Management_in_Smart_Grid_A_Markov_Trust_Model},
doi = {10.1109/MOCAST49295.2020.9200256},
year = {2020},
date = {2020-01-01},
journal = {2020 9th International Conference on Modern Circuits and Systems Technologies, MOCAST 2020},
abstract = {By leveraging the advancements in Information and Communication Technologies (ICT), Smart Grid (SG) aims to modernize the traditional electric power grid towards efficient distribution and reliable management of energy in the electrical domain. The SG Advanced Metering Infrastructure (AMI) contains numerous smart meters, which are deployed throughout the distribution grid. However, these smart meters are susceptible to cyberthreats that aim to disrupt the normal operation of the SG. Cyberattacks can have various consequences in the smart grid, such as incorrect customer billing or equipment destruction. Therefore, these devices should operate on a trusted basis in order to ensure the availability, confidentiality, and integrity of the metering data. In this paper, we propose a Markov chain trust model that determines the Trust Value (TV) for each AMI device based on its behavior. Finally, numerical computations were carried out in order to investigate the reaction of the proposed model to the behavior changes of a device. © 2020 IEEE.},
keywords = {Advanced Metering Infrastructure, Cybersecurity, Markov Model, Smart Grid, Trust Model},
pubstate = {published},
tppubtype = {conference}
}
P.R. Grammatikis; P. Sarigiannidis; A. Sarigiannidis; D. Margounakis; A. Tsiakalos; G. Efstathopoulos
An Anomaly Detection Mechanism for IEC 60870-5-104 Conference
2020.
Περίληψη | BibTeX | Ετικέτες: Anomaly Detection, Cybersecurity, IEC-60870-5-104, Supervisory Control and Data Acquisition | Σύνδεσμοι:
@conference{Grammatikis2020,
title = {An Anomaly Detection Mechanism for IEC 60870-5-104},
author = { P.R. Grammatikis and P. Sarigiannidis and A. Sarigiannidis and D. Margounakis and A. Tsiakalos and G. Efstathopoulos},
url = {https://www.researchgate.net/publication/344386495_An_Anomaly_Detection_Mechanism_for_IEC_60870-5-104},
doi = {10.1109/MOCAST49295.2020.9200285},
year = {2020},
date = {2020-01-01},
journal = {2020 9th International Conference on Modern Circuits and Systems Technologies, MOCAST 2020},
abstract = {The transformation of the conventional electricity grid into a new paradigm called smart grid demands the appropriate cybersecurity solutions. In this paper, we focus on the security of the IEC 60870-5-104 (IEC-104) protocol which is commonly used by Supervisory Control and Data Acquisition (SCADA) systems in the energy domain. In particular, after investigating its security issues, we provide a multivariate Intrusion Detection System (IDS) which adopts both access control and outlier detection mechanisms in order to detect timely possible anomalies against IEC-104. The efficiency of the proposed IDS is reflected by the Accuracy and F1 metrics that reach 98% and 87%, respectively. © 2020 IEEE.},
keywords = {Anomaly Detection, Cybersecurity, IEC-60870-5-104, Supervisory Control and Data Acquisition},
pubstate = {published},
tppubtype = {conference}
}
D. Pliatsios; P. Sarigiannidis; T. Lagkas; A.G. Sarigiannidis
A Survey on SCADA Systems: Secure Protocols, Incidents, Threats and Tactics Journal Article
In: IEEE Communications Surveys and Tutorials, vol. 22, no. 3, pp. 1942-1976, 2020.
Περίληψη | BibTeX | Ετικέτες: Cybersecurity, protocols, SCADA, security, Smart Grid, trends | Σύνδεσμοι:
@article{Pliatsios20201942,
title = {A Survey on SCADA Systems: Secure Protocols, Incidents, Threats and Tactics},
author = { D. Pliatsios and P. Sarigiannidis and T. Lagkas and A.G. Sarigiannidis},
url = {https://www.researchgate.net/publication/340453361_A_Survey_on_SCADA_Systems_Secure_Protocols_Incidents_Threats_and_Tactics},
doi = {10.1109/COMST.2020.2987688},
year = {2020},
date = {2020-01-01},
journal = {IEEE Communications Surveys and Tutorials},
volume = {22},
number = {3},
pages = {1942-1976},
abstract = {Supervisory Control and Data Acquisition (SCADA) systems are the underlying monitoring and control components of critical infrastructures, such as power, telecommunication, transportation, pipelines, chemicals and manufacturing plants. Legacy SCADA systems operated on isolated networks, that made them less exposed to Internet threats. However, the increasing connection of SCADA systems to the Internet, as well as corporate networks, introduces severe security issues. Security considerations for SCADA systems are gaining higher attention, as the number of security incidents against these critical infrastructures is increasing. In this survey, we provide an overview of the general SCADA architecture, along with a detailed description of the SCADA communication protocols. Additionally, we discuss certain high-impact security incidents, objectives, and threats. Furthermore, we carry out an extensive review of the security proposals and tactics that aim to secure SCADA systems. We also discuss the state of SCADA system security. Finally, we present the current research trends and future advancements of SCADA security. © 1998-2012 IEEE.},
keywords = {Cybersecurity, protocols, SCADA, security, Smart Grid, trends},
pubstate = {published},
tppubtype = {article}
}
P. Diamantoulakis; C. Dalamagkas; P. Radoglou-Grammatikis; P. Sarigiannidis; G. Karagiannidis
Game theoretic honeypot deployment in smart grid Journal Article
In: Sensors (Switzerland), vol. 20, no. 15, pp. 1-24, 2020.
Περίληψη | BibTeX | Ετικέτες: Cybersecurity, Game theory, Honeypots, Smart Grid | Σύνδεσμοι:
@article{Diamantoulakis20201,
title = {Game theoretic honeypot deployment in smart grid},
author = { P. Diamantoulakis and C. Dalamagkas and P. Radoglou-Grammatikis and P. Sarigiannidis and G. Karagiannidis},
url = {https://www.researchgate.net/publication/343188880_Game_Theoretic_Honeypot_Deployment_in_Smart_Grid},
doi = {10.3390/s20154199},
year = {2020},
date = {2020-01-01},
journal = {Sensors (Switzerland)},
volume = {20},
number = {15},
pages = {1-24},
abstract = {The smart grid provides advanced functionalities, including real-time monitoring, dynamic energy management, advanced pricing mechanisms, and self-healing, by enabling the two-way flow of power and data, as well as the use of Internet of Things (IoT) technologies and devices. However, converting the traditional power grids to smart grids poses severe security challenges and makes their components and services prone to cyber attacks. To this end, advanced techniques are required to mitigate the impact of the potential attacks. In this paper, we investigate the use of honeypots, which are considered to mimic the common services of the smart grid and are able to detect unauthorized accesses, collect evidence, and help hide the real devices. More specifically, the interaction of an attacker and a defender is considered, who both optimize the number of attacks and the defending system configuration, i.e., the number of real devices and honeypots, respectively, with the aim to maximize their individual payoffs. To solve this problem, game theoretic tools are used, considering an one-shot game and a repeated game with uncertainty about the payoff of the attacker, where the Nash Equilibrium (NE) and the Bayesian NE are derived, respectively. Finally, simulation results are provided, which illustrate the effectiveness of the proposed framework. © 2020 by the authors. Licensee MDPI, Basel, Switzerland.},
keywords = {Cybersecurity, Game theory, Honeypots, Smart Grid},
pubstate = {published},
tppubtype = {article}
}
P. Radoglou Grammatikis; P. Sarigiannidis; G. Efstathopoulos; E. Panaousis
ARIES: A Novel Multivariate Intrusion Detection System for Smart Grid Journal Article
In: Sensors (Basel, Switzerland), vol. 20, no. 18, 2020.
Περίληψη | BibTeX | Ετικέτες: Cybersecurity, intrusion detection system, machine learning, Modbus, SCADA, Smart Grid | Σύνδεσμοι:
@article{RadoglouGrammatikis2020,
title = {ARIES: A Novel Multivariate Intrusion Detection System for Smart Grid},
author = { P. Radoglou Grammatikis and P. Sarigiannidis and G. Efstathopoulos and E. Panaousis},
url = {https://www.researchgate.net/publication/344176314_ARIES_A_Novel_Multivariate_Intrusion_Detection_System_for_Smart_Grid},
doi = {10.3390/s20185305},
year = {2020},
date = {2020-01-01},
journal = {Sensors (Basel, Switzerland)},
volume = {20},
number = {18},
abstract = {The advent of the Smart Grid (SG) raises severe cybersecurity risks that can lead to devastating consequences. In this paper, we present a novel anomaly-based Intrusion Detection System (IDS), called ARIES (smArt gRid Intrusion dEtection System), which is capable of protecting efficiently SG communications. ARIES combines three detection layers that are devoted to recognising possible cyberattacks and anomalies against (a) network flows, (b) Modbus/Transmission Control Protocol (TCP) packets and (c) operational data. Each detection layer relies on a Machine Learning (ML) model trained using data originating from a power plant. In particular, the first layer (network flow-based detection) performs a supervised multiclass classification, recognising Denial of Service (DoS), brute force attacks, port scanning attacks and bots. The second layer (packet-based detection) detects possible anomalies related to the Modbus packets, while the third layer (operational data based detection) monitors and identifies anomalies upon operational data (i.e., time series electricity measurements). By emphasising on the third layer, the ARIES Generative Adversarial Network (ARIES GAN) with novel error minimisation functions was developed, considering mainly the reconstruction difference. Moreover, a novel reformed conditional input was suggested, consisting of random noise and the signal features at any given time instance. Based on the evaluation analysis, the proposed GAN network overcomes the efficacy of conventional ML methods in terms of Accuracy and the F1 score.},
keywords = {Cybersecurity, intrusion detection system, machine learning, Modbus, SCADA, Smart Grid},
pubstate = {published},
tppubtype = {article}
}
2019
G. Efstathopoulos; P.R. Grammatikis; P. Sarigiannidis; V. Argyriou; A. Sarigiannidis; K. Stamatakis; M.K. Angelopoulos; S.K. Athanasopoulos
Operational data based intrusion detection system for smart grid Conference
vol. 2019-September, 2019.
Περίληψη | BibTeX | Ετικέτες: Anomaly Detection, Cybersecurity, intrusion detection system, machine learning, Operational Data, Smart Grid | Σύνδεσμοι:
@conference{Efstathopoulos2019,
title = {Operational data based intrusion detection system for smart grid},
author = { G. Efstathopoulos and P.R. Grammatikis and P. Sarigiannidis and V. Argyriou and A. Sarigiannidis and K. Stamatakis and M.K. Angelopoulos and S.K. Athanasopoulos},
url = {https://www.researchgate.net/publication/335866997_Operational_Data_Based_Intrusion_Detection_System_for_Smart_Grid},
doi = {10.1109/CAMAD.2019.8858503},
year = {2019},
date = {2019-01-01},
journal = {IEEE International Workshop on Computer Aided Modeling and Design of Communication Links and Networks, CAMAD},
volume = {2019-September},
abstract = {With the rapid progression of Information and Communication Technology (ICT) and especially of Internet of Things (IoT), the conventional electrical grid is transformed into a new intelligent paradigm, known as Smart Grid (SG). SG provides significant benefits both for utility companies and energy consumers such as the two-way communication (both electricity and information), distributed generation, remote monitoring, self-healing and pervasive control. However, at the same time, this dependence introduces new security challenges, since SG inherits the vulnerabilities of multiple heterogeneous, co-existing legacy and smart technologies, such as IoT and Industrial Control Systems (ICS). An effective countermeasure against the various cyberthreats in SG is the Intrusion Detection System (IDS), informing the operator timely about the possible cyberattacks and anomalies. In this paper, we provide an anomaly-based IDS especially designed for SG utilising operational data from a real power plant. In particular, many machine learning and deep learning models were deployed, introducing novel parameters and feature representations in a comparative study. The evaluation analysis demonstrated the efficacy of the proposed IDS and the improvement due to the suggested complex data representation. © 2019 IEEE.},
keywords = {Anomaly Detection, Cybersecurity, intrusion detection system, machine learning, Operational Data, Smart Grid},
pubstate = {published},
tppubtype = {conference}
}
Διεύθυνση
Internet of Things and Applications Lab
Department of Electrical and Computer Engineering
University of Western Macedonia Campus
ZEP Area, Kozani 50100
Greece
Πληροφορίες Επικοινωνίας
tel: +30 2461 056527
Email: ithaca@uowm.gr