2022
Athanasios Liatifis; Christos Dalamagkas; Panagiotis Radoglou-Grammatikis; Thomas Lagkas; Evangelos Markakis; Valeri Mladenov; Panagiotis Sarigiannidis
Fault-Tolerant SDN Solution for Cybersecurity Applications Conference
Proceedings of the 17th International Conference on Availability, Reliability and Security, ARES '22 Association for Computing Machinery, Vienna, Austria, 2022, ISBN: 9781450396707.
Abstract | BibTeX | Tags: Cybersecurity, Smart Grid, Software Defined Networking | Links:
@conference{10.1145/3538969.3544479b,
title = {Fault-Tolerant SDN Solution for Cybersecurity Applications},
author = {Athanasios Liatifis and Christos Dalamagkas and Panagiotis Radoglou-Grammatikis and Thomas Lagkas and Evangelos Markakis and Valeri Mladenov and Panagiotis Sarigiannidis},
url = {https://doi.org/10.1145/3538969.3544479
},
doi = {10.1145/3538969.3544479},
isbn = {9781450396707},
year = {2022},
date = {2022-08-23},
booktitle = {Proceedings of the 17th International Conference on Availability, Reliability and Security},
publisher = {Association for Computing Machinery},
address = {Vienna, Austria},
series = {ARES '22},
abstract = {The rapid growth of computer networks in various sectors has led to new services previously hard or impossible to implement. Internet of Things has also assisted in this evolution offering easy access to data but at the same time imposing constraints on both security and quality of service. In this paper, an SDN fault tolerant and resilient SDN controller design approach is presented. The proposed solution is suitable for a wide range of environments. Benefits stemming from actual scenarios are presented and discussed among other solutions.},
keywords = {Cybersecurity, Smart Grid, Software Defined Networking},
pubstate = {published},
tppubtype = {conference}
}
Vasiliki Kelli; Panagiotis Radoglou-Grammatikis; Thomas Lagkas; Evangelos K Markakis; Panagiotis Sarigiannidis
Risk Analysis of DNP3 Attacks Conference
2022 IEEE International Conference on Cyber Security and Resilience (CSR), 2022, ISBN: 978-1-6654-9952-1.
Abstract | BibTeX | Tags: cyberattacks, Cybersecurity, DNP3, SCADA | Links:
@conference{9850291,
title = {Risk Analysis of DNP3 Attacks},
author = {Vasiliki Kelli and Panagiotis Radoglou-Grammatikis and Thomas Lagkas and Evangelos K Markakis and Panagiotis Sarigiannidis},
url = {https://www.researchgate.net/publication/362741509_Risk_Analysis_of_DNP3_Attacks},
doi = {10.1109/CSR54599.2022.9850291},
isbn = {978-1-6654-9952-1},
year = {2022},
date = {2022-07-27},
booktitle = {2022 IEEE International Conference on Cyber Security and Resilience (CSR)},
pages = {351-356},
abstract = {The integration of intelligent devices in the industry allows the automation and control of industrial processes, in an efficient and effective manner. Such systems have contributed to the rapid evolution of production infrastructures, increasing the reliability, reducing production costs, and automating the entire manufacturing operations. However, the utilization of intelligent devices has led to an increased attack surface in critical infrastructures, threatening to compromise regular operations. Attacks against such environments can have disastrous consequences in case their goal is achieved, due to the critical nature of such infrastructures. Thus, the timely identification of vulnerable spots through high-quality risk assessment, is considered highly important for avoiding or mitigating potential risks. In this paper, we focus on Distributed Network Protocol 3 (DNP3), a protocol with high utility in smart grids. Specifically, we investigate, identify and describe the vulnerabilities-by-design of DNP3 through 8 DNP3-centered cyberattacks. In addition, we present a novel method for conducting risk assessment, stemming from the combination of two techniques, namely, Attack Defence Trees (ADTs) and Common Vulnerability Scoring System v3.1 (CVSS). Through our proposed technique, the risk of a cyberattack occurring is calculated, thus contributing in securing the critical infrastructure.},
keywords = {cyberattacks, Cybersecurity, DNP3, SCADA},
pubstate = {published},
tppubtype = {conference}
}
Elisavet Grigoriou; Athanasios Liatifis; Panagiotis Radoglou Grammatikis; Thomas Lagkas; Ioannis Moscholios; Evangelos Markakis; Panagiotis Sarigiannidis
Protecting IEC 60870-5-104 ICS/SCADA Systems with Honeypots Conference
2022 IEEE International Conference on Cyber Security and Resilience (CSR), 2022, ISBN: 978-1-6654-9952-1.
Abstract | BibTeX | Tags: Cybersecurity, Honeypots, ICS, SCADA | Links:
@conference{9850329,
title = {Protecting IEC 60870-5-104 ICS/SCADA Systems with Honeypots},
author = {Elisavet Grigoriou and Athanasios Liatifis and Panagiotis Radoglou Grammatikis and Thomas Lagkas and Ioannis Moscholios and Evangelos Markakis and Panagiotis Sarigiannidis},
url = {https://www.researchgate.net/publication/362744045_Protecting_IEC_60870-5-104_ICSSCADA_Systems_with_Honeypots},
doi = {10.1109/CSR54599.2022.9850329},
isbn = {978-1-6654-9952-1},
year = {2022},
date = {2022-07-27},
booktitle = {2022 IEEE International Conference on Cyber Security and Resilience (CSR)},
pages = {345-350},
abstract = {Both signature-based and anomaly-based Intrusion Detection and Prevention System (IDPS) have already demonstrated their efficiency towards recognising and mitigating various intrusions. However, the first category cannot detect zero-day attacks, while the second one lacks the presence of appropriate datasets. Therefore, the presence of additional cybersecurity mechanisms is necessary, especially in the area of the Industrial Internet of Things (IIoT), including critical infrastructures, such as the smart electrical grid. Thus, honeypots are used to hide and protect critical assets. IEC 60870-5-104 (IEC104) is a widely used telemetry protocol in Industrial Control Systems (ICS)/Supervisory Control and Data Acquisition (SCADA). However, IEC104 lacks critical security features, such as encryption, integrity protection and authentication. This work presents the IEC104 honeypot, which is capable of hiding the actual IEC104 assets and detecting potential intrusions and anomalies. The experimental results demonstrate the effectiveness of our work.},
keywords = {Cybersecurity, Honeypots, ICS, SCADA},
pubstate = {published},
tppubtype = {conference}
}
Athanasios Liatifis; Pedro Ruzafa Alcazar; Panagiotis Radoglou Grammatikis; Dimitris Papamartzivanos; Sofianna Menesidou; Thomas Krousarlis; Molinuevo Martin Alberto; Iñaki Angulo; Antonios Sarigiannidis; Thomas Lagkas; Vasileios Argyriou; Antonio Skarmeta; Panagiotis Sarigiannidis
Dynamic Risk Assessment and Certification in the Power Grid: A Collaborative Approach Conference
2022 IEEE 8th International Conference on Network Softwarization (NetSoft), 2022, ISBN: 978-1-6654-0694-9.
Abstract | BibTeX | Tags: certification, Cybersecurity, energy, Honeypot, Power Grid, Risk Assessment, Software Defined Networking | Links:
@conference{9844034,
title = {Dynamic Risk Assessment and Certification in the Power Grid: A Collaborative Approach},
author = {Athanasios Liatifis and Pedro Ruzafa Alcazar and Panagiotis Radoglou Grammatikis and Dimitris Papamartzivanos and Sofianna Menesidou and Thomas Krousarlis and Molinuevo Martin Alberto and Iñaki Angulo and Antonios Sarigiannidis and Thomas Lagkas and Vasileios Argyriou and Antonio Skarmeta and Panagiotis Sarigiannidis},
url = {https://www.researchgate.net/publication/362464616_Dynamic_Risk_Assessment_and_Certification_in_the_Power_Grid_A_Collaborative_Approach},
doi = {10.1109/NetSoft54395.2022.9844034},
isbn = {978-1-6654-0694-9},
year = {2022},
date = {2022-06-27},
booktitle = {2022 IEEE 8th International Conference on Network Softwarization (NetSoft)},
pages = {462-467},
abstract = {The digitisation of the typical electrical grid introduces valuable services, such as pervasive control, remote monitoring and self-healing. However, despite the benefits, cybersecurity and privacy issues can result in devastating effects or even fatal accidents, given the interdependence between the energy sector and other critical infrastructures. Large-scale cyber attacks, such as Indostroyer and DragonFly have already demonstrated the weaknesses of the current electrical grid with disastrous consequences. Based on the aforementioned remarks, both academia and industry have already designed various cybersecurity standards, such as IEC 62351. However, dynamic risk assessment and certification remain crucial aspects, given the sensitive nature of the electrical grid. On the one hand, dynamic risk assessment intends to re-compute the risk value of the affected assets and their relationships in a dynamic manner based on the relevant security events and alarms. On the other hand, based on the certification process, new approach for the dynamic management of the security need to be defined in order to provide adaptive reaction to new threats. This paper presents a combined approach, showing how both aspects can be applied in a collaborative manner in the smart electrical grid.},
keywords = {certification, Cybersecurity, energy, Honeypot, Power Grid, Risk Assessment, Software Defined Networking},
pubstate = {published},
tppubtype = {conference}
}
M. Stauch P. Radoglou-Grammatikis P. Sarigiannidis G. Lazaridis A. Drosou I. Nwankwo; D. Tzovaras
Data Protection and Cybersecurity Certification Activities and Schemes in the Energy Sector Journal Article
In: Electronics, vol. 11, no. 6, 2022, ISSN: 2079-9292.
Abstract | BibTeX | Tags: certification, Cybersecurity, data protection, energy | Links:
@article{electronics11060965,
title = {Data Protection and Cybersecurity Certification Activities and Schemes in the Energy Sector},
author = { M. Stauch P. Radoglou-Grammatikis P. Sarigiannidis G. Lazaridis A. Drosou I. Nwankwo and D. Tzovaras},
url = {https://www.researchgate.net/publication/359370929_Data_Protection_and_Cybersecurity_Certification_Activities_and_Schemes_in_the_Energy_Sector},
doi = {10.3390/electronics11060965},
issn = {2079-9292},
year = {2022},
date = {2022-02-12},
journal = {Electronics},
volume = {11},
number = {6},
abstract = {Cybersecurity concerns have been at the forefront of regulatory reform in the European Union (EU) recently. One of the outcomes of these reforms is the introduction of certification schemes for information and communication technology (ICT) products, services and processes, as well as for data processing operations concerning personal data. These schemes aim to provide an avenue for consumers to assess the compliance posture of organisations concerning the privacy and security of ICT products, services and processes. They also present manufacturers, providers and data controllers with the opportunity to demonstrate compliance with regulatory requirements through a verifiable third-party assessment. As these certification schemes are being developed, various sectors, including the electrical power and energy sector, will need to access the impact on their operations and plan towards successful implementation. Relying on a doctrinal method, this paper identifies relevant EU legal instruments on data protection and cybersecurity certification and their interpretation in order to examine their potential impact when applying certification schemes within the Electrical Power and Energy System (EPES) domain. The result suggests that the EPES domain employs different technologies and services from diverse areas, which can result in the application of several certification schemes within its environment, including horizontal, technological and sector-specific schemes. This has the potential for creating a complex constellation of implementation models and would require careful design to avoid proliferation and disincentivising of stakeholders.},
keywords = {certification, Cybersecurity, data protection, energy},
pubstate = {published},
tppubtype = {article}
}
2021
Panagiotis Radoglou Grammatikis; Panagiotis Sarigiannidis; Christos Dalamagkas; Yannis Spyridis; Thomas Lagkas; Georgios Efstathopoulos; Achilleas Sesis; Ignacio Labrador Pavon; Ruben Trapero Burgos; Rodrigo Diaz; Antonios Sarigiannidis; Dimitris Papamartzivanos; Sofia Anna Menesidou; Giannis Ledakis; Achilleas Pasias; Thanasis Kotsiopoulos; Anastasios Drosou; Orestis Mavropoulos; Alba Colet Subirachs; Pol Paradell Sola; José Luis Domínguez-García; Marisa Escalante; Molinuevo Martin Alberto; Benito Caracuel; Francisco Ramos; Vasileios Gkioulos; Sokratis Katsikas; Hans Christian Bolstad; Dan-Eric Archer; Nikola Paunovic; Ramon Gallart; Theodoros Rokkas; Alicia Arce
SDN-Based Resilient Smart Grid: The SDN-microSENSE Architecture Journal Article
In: Digital, vol. 1, no. 4, pp. 173–187, 2021, ISSN: 2673-6470.
Abstract | BibTeX | Tags: Anomaly Detection, Blockchain, Cybersecurity, energy management; honeypots, intrusiondetection, islanding, Privacy, Smart Grid, Software Defined Networking | Links:
@article{digital1040013,
title = {SDN-Based Resilient Smart Grid: The SDN-microSENSE Architecture},
author = { Panagiotis Radoglou Grammatikis and Panagiotis Sarigiannidis and Christos Dalamagkas and Yannis Spyridis and Thomas Lagkas and Georgios Efstathopoulos and Achilleas Sesis and Ignacio Labrador Pavon and Ruben Trapero Burgos and Rodrigo Diaz and Antonios Sarigiannidis and Dimitris Papamartzivanos and Sofia Anna Menesidou and Giannis Ledakis and Achilleas Pasias and Thanasis Kotsiopoulos and Anastasios Drosou and Orestis Mavropoulos and Alba Colet Subirachs and Pol Paradell Sola and José Luis Domínguez-García and Marisa Escalante and Molinuevo Martin Alberto and Benito Caracuel and Francisco Ramos and Vasileios Gkioulos and Sokratis Katsikas and Hans Christian Bolstad and Dan-Eric Archer and Nikola Paunovic and Ramon Gallart and Theodoros Rokkas and Alicia Arce},
url = {https://www.researchgate.net/publication/354992483_SDN-Based_Resilient_Smart_Grid_The_SDN-microSENSE_Architecture},
doi = {10.3390/digital1040013},
issn = {2673-6470},
year = {2021},
date = {2021-09-24},
journal = {Digital},
volume = {1},
number = {4},
pages = {173--187},
abstract = {The technological leap of smart technologies and the Internet of Things has advanced the conventional model of the electrical power and energy systems into a new digital era, widely known as the Smart Grid. The advent of Smart Grids provides multiple benefits, such as self-monitoring, self-healing and pervasive control. However, it also raises crucial cybersecurity and privacy concerns that can lead to devastating consequences, including cascading effects with other critical infrastructures or even fatal accidents. This paper introduces a novel architecture, which will increase the Smart Grid resiliency, taking full advantage of the Software-Defined Networking (SDN) technology. The proposed architecture called SDN-microSENSE architecture consists of three main tiers: (a) Risk assessment, (b) intrusion detection and correlation and (c) self-healing. The first tier is responsible for evaluating dynamically the risk level of each Smart Grid asset. The second tier undertakes to detect and correlate security events and, finally, the last tier mitigates the potential threats, ensuring in parallel the normal operation of the Smart Grid. It is noteworthy that all tiers of the SDN-microSENSE architecture interact with the SDN controller either for detecting or mitigating intrusions.},
keywords = {Anomaly Detection, Blockchain, Cybersecurity, energy management; honeypots, intrusiondetection, islanding, Privacy, Smart Grid, Software Defined Networking},
pubstate = {published},
tppubtype = {article}
}
P. Radoglou; P. Sarigiannidis; G. Efstathopoulos; T. Lagkas; G. Fragulis; A. Sarigiannidis
A Self-Learning Approach for Detecting Intrusions in Healthcare Systems Conference
2021 IEEE International Conference on Communications (ICC), 2021.
Abstract | BibTeX | Tags: Active Learning, Cybersecurity, Healthcare, Intrusion De-tection | Links:
@conference{Radoglou_icc2021,
title = {A Self-Learning Approach for Detecting Intrusions in Healthcare Systems},
author = { P. Radoglou and P. Sarigiannidis and G. Efstathopoulos and T. Lagkas and G. Fragulis and A. Sarigiannidis},
url = {https://www.researchgate.net/publication/349158703_A_Self-Learning_Approach_for_Detecting_Intrusions_in_Healthcare_Systems},
doi = {10.1109/ICC42927.2021.9500354},
year = {2021},
date = {2021-06-14},
booktitle = {2021 IEEE International Conference on Communications (ICC)},
journal = {IEEE International Conference on Communications},
abstract = {The rapid evolution of the Internet of Medical Things (IoMT) introduces the healthcare ecosystem into a new reality consisting of smart medical devices and applications that provide multiple benefits, such as remote medical assistance, timely administration of medication, real-time monitoring, preventive care and health education. However, despite the valuable advantages, this new reality increases the cybersecurity and privacy concerns since vulnerable IoMT devices can access and handle autonomously patients’ data. Furthermore, the continuous evolution of cyberattacks, malware and zero-day vulnerabilities require the development of the appropriate countermeasures. In the light of the aforementioned remarks, in this paper, we present an Intrusion Detection and Prevention System (IDPS), which can protect the healthcare communications that rely on the Hypertext Transfer Protocol (HTTP) and the Modbus/Transmission Control Protocol (TCP). HTTP is commonly adopted by conventional ICT healthcare-related services, such as web-based Electronic Health Record (EHR) applications, while Modbus/TCP is an industrial protocol adopted by IoMT. Although the Machine Learning (ML) and Deep Learning (DL) methods have already demonstrated their efficacy in detecting intrusions, the rarely available intrusion detection datasets (especially in the healthcare sector) complicate their global application. The main contribution of this work lies in the fact that an active learning approach is modelled and adopted in order to re-train dynamically the supervised classifiers behind the proposed IDPS. The evaluation analysis demonstrates the efficiency of this work against HTTP and Modbus/TCP cyberattacks, showing also how the entire accuracy is increased in the various re-training phases. © 2021 IEEE.},
keywords = {Active Learning, Cybersecurity, Healthcare, Intrusion De-tection},
pubstate = {published},
tppubtype = {conference}
}
Ilias Siniosoglou; Panagiotis Radoglou-Grammatikis; Georgios Efstathopoulos; Panagiotis Fouliras; Panagiotis Sarigiannidis
A Unified Deep Learning Anomaly Detection and Classification Approach for Smart Grid Environments Journal Article
In: {IEEE} Transactions on Network and Service Management, vol. 1, no. 1, pp. 1, 2021.
Abstract | BibTeX | Tags: Anomaly Detection, Auto-encoder, Cybersecurity, Deep Learning, Generative Adversarial Network, machine learning, Modbus, Smart Grid | Links:
@article{Siniosoglou2021b,
title = {A Unified Deep Learning Anomaly Detection and Classification Approach for Smart Grid Environments},
author = {Ilias Siniosoglou and Panagiotis Radoglou-Grammatikis and Georgios Efstathopoulos and Panagiotis Fouliras and Panagiotis Sarigiannidis},
url = {https://www.researchgate.net/publication/351344684_A_Unified_Deep_Learning_Anomaly_Detection_and_Classification_Approach_for_Smart_Grid_Environments},
doi = {10.1109/TNSM.2021.3078381},
year = {2021},
date = {2021-05-07},
journal = {{IEEE} Transactions on Network and Service Management},
volume = {1},
number = {1},
pages = {1},
abstract = {The interconnected and heterogeneous nature of the next-generation Electrical Grid (EG), widely known as Smart Grid (SG), bring severe cybersecurity and privacy risks that can also raise domino effects against other Critical Infrastructures (CIs). In this paper, we present an Intrusion Detection System (IDS) specially designed for the SG environments that use Modbus/Transmission Control Protocol (TCP) and Distributed Network Protocol 3 (DNP3) protocols. The proposed IDS called MENSA (anoMaly dEtection aNd claSsificAtion) adopts a novel Autoencoder-Generative Adversarial Network (GAN) architecture for (a) detecting operational anomalies and (b) classifying Modbus/TCP and DNP3 cyberattacks. In particular, MENSA combines the aforementioned Deep Neural Networks (DNNs) in a common architecture, taking into account the adversarial loss and the reconstruction difference. The proposed IDS is validated in four real SG evaluation environments, namely (a) SG lab, (b) substation, (c) hydropower plant and (d) power plant, solving successfully an outlier detection (i.e., anomaly detection) problem as well as a challenging multiclass classification problem consisting of 14 classes (13 Modbus/TCP cyberattacks and normal instances). Furthermore, MENSA can discriminate five cyberattacks against DNP3. The evaluation results demonstrate the efficiency of MENSA compared to other Machine Learning (ML) and Deep Learning (DL) methods in terms of Accuracy, False Positive Rate (FPR), True Positive Rate (TPR) and the F1 score.},
keywords = {Anomaly Detection, Auto-encoder, Cybersecurity, Deep Learning, Generative Adversarial Network, machine learning, Modbus, Smart Grid},
pubstate = {published},
tppubtype = {article}
}
P. Radoglou-Grammatikis; P. Sarigiannidis
Network Threats Book Chapter
In: Kolokotronis, Nicholas; Shiaeles, Stavros (Ed.): Cyber-Security Threats, Actors, and Dynamic Mitigation, Chapter 5, CRC Press, 2021, ISBN: 9780367433314.
BibTeX | Tags: Cybersecurity, network threats
@inbook{cybersecbook2021,
title = {Network Threats },
author = {P. Radoglou-Grammatikis and P. Sarigiannidis},
editor = {Nicholas Kolokotronis and Stavros Shiaeles},
isbn = {9780367433314},
year = {2021},
date = {2021-04-20},
booktitle = {Cyber-Security Threats, Actors, and Dynamic Mitigation},
publisher = {CRC Press},
chapter = {5},
keywords = {Cybersecurity, network threats},
pubstate = {published},
tppubtype = {inbook}
}
P. Radoglou-Grammatikis; P. Sarigiannidis; E. Iturbe; E. Rios; S. Martinez; A. Sarigiannidis; G. Eftathopoulos; I. Spyridis; A. Sesis; N. Vakakis; D. Tzovaras; E. Kafetzakis; I. Giannoulakis; M. Tzifas; A. Giannakoulias; M. Angelopoulos; F. Ramos
SPEAR SIEM: A Security Information and Event Management system for the Smart Grid Journal Article
In: Computer Networks, pp. 108008, 2021.
Abstract | BibTeX | Tags: Anomaly Detection, Cybersecurity, Deep Learning, Intrusion detection, machine learning, SCADA, Security Information and Event Management, Smart Grid | Links:
@article{RadoglouGrammatikis2021,
title = {SPEAR SIEM: A Security Information and Event Management system for the Smart Grid},
author = { P. Radoglou-Grammatikis and P. Sarigiannidis and E. Iturbe and E. Rios and S. Martinez and A. Sarigiannidis and G. Eftathopoulos and I. Spyridis and A. Sesis and N. Vakakis and D. Tzovaras and E. Kafetzakis and I. Giannoulakis and M. Tzifas and A. Giannakoulias and M. Angelopoulos and F. Ramos},
url = {https://www.researchgate.net/publication/350287201_SPEAR_SIEM_A_Security_Information_and_Event_Management_system_for_the_Smart_Grid},
doi = {10.1016/j.comnet.2021.108008},
year = {2021},
date = {2021-04-01},
journal = {Computer Networks},
pages = {108008},
publisher = {Elsevier BV},
abstract = {The technological leap of smart technologies has brought the conventional electrical grid in a new digital era called Smart Grid (SG), providing multiple benefits, such as two-way communication, pervasive control and self-healing. However, this new reality generates significant cybersecurity risks due to the heterogeneous and insecure nature of SG. In particular, SG relies on legacy communication protocols that have not been implemented having cybersecurity in mind. Moreover, the advent of the Internet of Things (IoT) creates severe cybersecurity challenges. The Security Information and Event Management (SIEM) systems constitute an emerging technology in the cybersecurity area, having the capability to detect, normalise and correlate a vast amount of security events. They can orchestrate the entire security of a smart ecosystem, such as SG. Nevertheless, the current SIEM systems do not take into account the unique SG peculiarities and characteristics like the legacy communication protocols. In this paper, we present the Secure and PrivatE smArt gRid (SPEAR) SIEM, which focuses on SG. The main contribution of our work is the design and implementation of a SIEM system capable of detecting, normalising and correlating cyberattacks and anomalies against a plethora of SG application-layer protocols. It is noteworthy that the detection performance of the SPEAR SIEM is demonstrated with real data originating from four real SG use case (a) hydropower plant, (b) substation, (c) power plant and (d) smart home.},
keywords = {Anomaly Detection, Cybersecurity, Deep Learning, Intrusion detection, machine learning, SCADA, Security Information and Event Management, Smart Grid},
pubstate = {published},
tppubtype = {article}
}
Address
Internet of Things and Applications Lab
Department of Electrical and Computer Engineering
University of Western Macedonia Campus
ZEP Area, Kozani 50100
Greece
Contact Information
tel: +30 2461 056527
Email: ithaca@uowm.gr