2022
Athanasios Liatifis; Pedro Ruzafa Alcazar; Panagiotis Radoglou Grammatikis; Dimitris Papamartzivanos; Sofianna Menesidou; Thomas Krousarlis; Molinuevo Martin Alberto; Iñaki Angulo; Antonios Sarigiannidis; Thomas Lagkas; Vasileios Argyriou; Antonio Skarmeta; Panagiotis Sarigiannidis
Dynamic Risk Assessment and Certification in the Power Grid: A Collaborative Approach Conference
2022 IEEE 8th International Conference on Network Softwarization (NetSoft), 2022, ISBN: 978-1-6654-0694-9.
Abstract | BibTeX | Tags: certification, Cybersecurity, energy, Honeypot, Power Grid, Risk Assessment, Software Defined Networking | Links:
@conference{9844034,
title = {Dynamic Risk Assessment and Certification in the Power Grid: A Collaborative Approach},
author = {Athanasios Liatifis and Pedro Ruzafa Alcazar and Panagiotis Radoglou Grammatikis and Dimitris Papamartzivanos and Sofianna Menesidou and Thomas Krousarlis and Molinuevo Martin Alberto and Iñaki Angulo and Antonios Sarigiannidis and Thomas Lagkas and Vasileios Argyriou and Antonio Skarmeta and Panagiotis Sarigiannidis},
url = {https://www.researchgate.net/publication/362464616_Dynamic_Risk_Assessment_and_Certification_in_the_Power_Grid_A_Collaborative_Approach},
doi = {10.1109/NetSoft54395.2022.9844034},
isbn = {978-1-6654-0694-9},
year = {2022},
date = {2022-06-27},
booktitle = {2022 IEEE 8th International Conference on Network Softwarization (NetSoft)},
pages = {462-467},
abstract = {The digitisation of the typical electrical grid introduces valuable services, such as pervasive control, remote monitoring and self-healing. However, despite the benefits, cybersecurity and privacy issues can result in devastating effects or even fatal accidents, given the interdependence between the energy sector and other critical infrastructures. Large-scale cyber attacks, such as Indostroyer and DragonFly have already demonstrated the weaknesses of the current electrical grid with disastrous consequences. Based on the aforementioned remarks, both academia and industry have already designed various cybersecurity standards, such as IEC 62351. However, dynamic risk assessment and certification remain crucial aspects, given the sensitive nature of the electrical grid. On the one hand, dynamic risk assessment intends to re-compute the risk value of the affected assets and their relationships in a dynamic manner based on the relevant security events and alarms. On the other hand, based on the certification process, new approach for the dynamic management of the security need to be defined in order to provide adaptive reaction to new threats. This paper presents a combined approach, showing how both aspects can be applied in a collaborative manner in the smart electrical grid.},
keywords = {certification, Cybersecurity, energy, Honeypot, Power Grid, Risk Assessment, Software Defined Networking},
pubstate = {published},
tppubtype = {conference}
}
The digitisation of the typical electrical grid introduces valuable services, such as pervasive control, remote monitoring and self-healing. However, despite the benefits, cybersecurity and privacy issues can result in devastating effects or even fatal accidents, given the interdependence between the energy sector and other critical infrastructures. Large-scale cyber attacks, such as Indostroyer and DragonFly have already demonstrated the weaknesses of the current electrical grid with disastrous consequences. Based on the aforementioned remarks, both academia and industry have already designed various cybersecurity standards, such as IEC 62351. However, dynamic risk assessment and certification remain crucial aspects, given the sensitive nature of the electrical grid. On the one hand, dynamic risk assessment intends to re-compute the risk value of the affected assets and their relationships in a dynamic manner based on the relevant security events and alarms. On the other hand, based on the certification process, new approach for the dynamic management of the security need to be defined in order to provide adaptive reaction to new threats. This paper presents a combined approach, showing how both aspects can be applied in a collaborative manner in the smart electrical grid.
Panagiotis Radoglou Grammatikis; Panagiotis Sarigiannidis; Panagiotis Diamantoulakis; Thomas Lagkas; Theocharis Saoulidis; Eleftherios Fountoukidis; George Karagiannidis
Strategic Honeypot Deployment in Ultra-Dense Beyond 5G Networks: A Reinforcement Learning Approach Journal Article
In: IEEE Transactions on Emerging Topics in Computing, 2022, ISSN: 2168-6750.
Abstract | BibTeX | Tags: Honeypot, Intrusion detection, ReinforcementLearning, Wireless communication | Links:
@article{articledb,
title = {Strategic Honeypot Deployment in Ultra-Dense Beyond 5G Networks: A Reinforcement Learning Approach},
author = {Panagiotis Radoglou Grammatikis and Panagiotis Sarigiannidis and Panagiotis Diamantoulakis and Thomas Lagkas and Theocharis Saoulidis and Eleftherios Fountoukidis and George Karagiannidis},
url = {https://www.researchgate.net/publication/361139812_Strategic_Honeypot_Deployment_in_Ultra-Dense_Beyond_5G_Networks_A_Reinforcement_Learning_Approach},
doi = {10.1109/TETC.2022.3184112},
issn = {2168-6750},
year = {2022},
date = {2022-06-01},
urldate = {2022-01-01},
journal = {IEEE Transactions on Emerging Topics in Computing},
abstract = {The progression of Software Defined Networking (SDN) and the virtualisation technologies lead to the beyond 5G era, providing multiple benefits in the smart economies. However, despite the advantages, security issues still remain. In particular, SDN/NFV and cloud/edge computing are related to various security issues. Moreover, due to the wireless nature of the entities, they are prone to a wide range of cyberthreats. Therefore, the presence of appropriate intrusion detection mechanisms is critical. Although both Machine Learning (ML) and Deep Learning (DL) have optimised the typical rule-based detection systems, the use of ML and DL requires labelled pre-existing datasets. However, this kind of data varies based on the nature of the respective environment. Another smart solution for detecting intrusions is to use honeypots. A honeypot acts as a decoy with the goal to mislead the cyberatatcker and protect the real assets. In this paper, we focus on Wireless Honeypots (WHs) in ultradense networks. In particular, we introduce a strategic honeypot deployment method, using two Reinforcement Learning (RL) techniques: (a) e−Greedy and (b) Q−Learning. Both methods aim to identify the optimal number of honeypots that can be deployed for protecting the actual entities. The experimental results demonstrate the efficacy of both methods.},
keywords = {Honeypot, Intrusion detection, ReinforcementLearning, Wireless communication},
pubstate = {published},
tppubtype = {article}
}
The progression of Software Defined Networking (SDN) and the virtualisation technologies lead to the beyond 5G era, providing multiple benefits in the smart economies. However, despite the advantages, security issues still remain. In particular, SDN/NFV and cloud/edge computing are related to various security issues. Moreover, due to the wireless nature of the entities, they are prone to a wide range of cyberthreats. Therefore, the presence of appropriate intrusion detection mechanisms is critical. Although both Machine Learning (ML) and Deep Learning (DL) have optimised the typical rule-based detection systems, the use of ML and DL requires labelled pre-existing datasets. However, this kind of data varies based on the nature of the respective environment. Another smart solution for detecting intrusions is to use honeypots. A honeypot acts as a decoy with the goal to mislead the cyberatatcker and protect the real assets. In this paper, we focus on Wireless Honeypots (WHs) in ultradense networks. In particular, we introduce a strategic honeypot deployment method, using two Reinforcement Learning (RL) techniques: (a) e−Greedy and (b) Q−Learning. Both methods aim to identify the optimal number of honeypots that can be deployed for protecting the actual entities. The experimental results demonstrate the efficacy of both methods.
2021
P. Radoglou-Grammatikis; A. Liatifis; E. Grigoriou; T. Saoulidis; A. Sarigiannidis; T. Lagkas; P. Sarigiannidis
TRUSTY: A solution for threat hunting using data analysis in critical infrastructures Conference
2021.
Abstract | BibTeX | Tags: Cybersecurity, Dataset, Honeypot, Industrial Internet of Things, Multi-Armed Bandit, Reinforcement Learning, Thompson Sampling | Links:
@conference{Radoglou-Grammatikis2021485,
title = {TRUSTY: A solution for threat hunting using data analysis in critical infrastructures},
author = { P. Radoglou-Grammatikis and A. Liatifis and E. Grigoriou and T. Saoulidis and A. Sarigiannidis and T. Lagkas and P. Sarigiannidis},
url = {https://www.researchgate.net/publication/354396254_TRUSTY_A_Solution_for_Threat_Hunting_Using_Data_Analysis_in_Critical_Infrastructures},
doi = {10.1109/CSR51186.2021.9527936},
year = {2021},
date = {2021-01-01},
journal = {Proceedings of the 2021 IEEE International Conference on Cyber Security and Resilience, CSR 2021},
pages = {485-490},
abstract = {The rise of the Industrial Internet of Things (IIoT) plays a crucial role in the era of hyper-connected digital economies. Despite the valuable benefits, such as increased resiliency, self-monitoring and pervasive control, IIoT raises severe cybersecurity and privacy risks, allowing cyberattackers to exploit a plethora of vulnerabilities and weaknesses that can lead to disastrous consequences. Although the Intrusion Detection and Prevention Systems (IDPS) constitute valuable solutions, they suffer from several gaps, such as zero-day attacks, unknown anomalies and false positives. Therefore, the presence of supporting mechanisms is necessary. To this end, honeypots can protect the real assets and trap the cyberattackers. In this paper, we provide a web-based platform called TRUSTY , which is capable of aggregating, storing and analysing the detection results of multiple industrial honeypots related to Modbus/Transmission Control Protocol (TCP), IEC 60870-5-104, BACnet, Message Queuing Telemetry Transport (MQTT) and EtherNet/IP. Based on this analysis, we provide a dataset related to honeypot security events. Moreover, this paper provides a Reinforcement Learning (RL) method, which decides about the number of honeypots that can be deployed in an industrial environment in a strategic way. In particular, this decision is converted into a Multi-Armed Bandit (MAB), which is solved with the Thompson Sampling (TS) method. The evaluation analysis demonstrates the efficiency of the proposed method. © 2021 IEEE.},
keywords = {Cybersecurity, Dataset, Honeypot, Industrial Internet of Things, Multi-Armed Bandit, Reinforcement Learning, Thompson Sampling},
pubstate = {published},
tppubtype = {conference}
}
The rise of the Industrial Internet of Things (IIoT) plays a crucial role in the era of hyper-connected digital economies. Despite the valuable benefits, such as increased resiliency, self-monitoring and pervasive control, IIoT raises severe cybersecurity and privacy risks, allowing cyberattackers to exploit a plethora of vulnerabilities and weaknesses that can lead to disastrous consequences. Although the Intrusion Detection and Prevention Systems (IDPS) constitute valuable solutions, they suffer from several gaps, such as zero-day attacks, unknown anomalies and false positives. Therefore, the presence of supporting mechanisms is necessary. To this end, honeypots can protect the real assets and trap the cyberattackers. In this paper, we provide a web-based platform called TRUSTY , which is capable of aggregating, storing and analysing the detection results of multiple industrial honeypots related to Modbus/Transmission Control Protocol (TCP), IEC 60870-5-104, BACnet, Message Queuing Telemetry Transport (MQTT) and EtherNet/IP. Based on this analysis, we provide a dataset related to honeypot security events. Moreover, this paper provides a Reinforcement Learning (RL) method, which decides about the number of honeypots that can be deployed in an industrial environment in a strategic way. In particular, this decision is converted into a Multi-Armed Bandit (MAB), which is solved with the Thompson Sampling (TS) method. The evaluation analysis demonstrates the efficiency of the proposed method. © 2021 IEEE.
Address
Internet of Things and Applications Lab
Department of Electrical and Computer Engineering
University of Western Macedonia Campus
ZEP Area, Kozani 50100
Greece
Contact Information
tel: +30 2461 056527
Email: ithaca@uowm.gr
