Εκπαίδευση - Σπουδές

Ερευνητικά Ενδιαφέροντα

Διδασκαλία

Δημοσιεύσεις σε Διεθνή Περιοδικά (Journals)


Copyright Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted or mass reproduced without the explicit permission of the copyright holder.


V. Kouliaridis, G. Kambourakis, D. Geneiatakis, N. Potha, Two anatomists are better than one: Dual-level Android malware detection, Symmetry, Vol. 12, No. 7, 2020, MDPI, https://www.mdpi.com/2073-8994/12/7..., indexed in SCI-E, IF = 2.645
 

Abstract
The openness of the Android operating system and its immense penetration into the market makes it a hot target for malware writers. This work introduces Androtomist, a novel tool capable of symmetrically applying static and dynamic analysis of applications on the Android platform. Unlike similar hybrid solutions, Androtomist capitalizes on a wealth of features stemming from static analysis along with rigorous dynamic instrumentation to dissect applications and decide if they are benign or not. The focus is on anomaly detection using machine learning, but the system is able to autonomously conduct signature-based detection as well. Furthermore, Androtomist is publicly available as open source software and can be straightforwardly installed as a web application. The application itself is dual mode, i.e., fully automated for the novice user and configurable for the expert one. As a proof-of-concept, we meticulously assess the detection accuracy of Androtomist against three different popular malware datasets and a handful of machine learning classifiers. We particularly concentrate on the classification performance achieved when the results of static analysis are combined with dynamic instrumentation vis-`a-vis static analysis only. Our study also introduces an ensemble approach by averaging the output of all base classification models per malware instance separately, and provides a deeper insight on the most influencing features regarding the classification process. Depending on the employed dataset, for hybrid analysis, we report notably promising to excellent results in terms of the accuracy, F1, and AUC metrics.

N. Potha, V. Kouliaridis, G. Kambourakis, An Extrinsic Random-based Ensemble Approach for Android Malware Detection, Connection Science, 2020, Taylor and Francis, https://www.tandfonline.com/toc/cco..., indexed in SCI-E, IF = 1.042
 

Abstract
Malware detection is a fundamental task and associated with significant applications in humanities, cybersecurity, and social media analytics. In some of the relevant studies, there is substantial evidence that heterogeneous ensembles can provide very reliable solutions, better than any individual verification model. However, so far, there is no systematic study of examining the application of ensemble methods in this task. This paper introduces a sophisticated Extrinsic Random-based Ensemble(ERBE) method where in a predetermined set of repetitions, a subset of external instances (either malware or benign) as well as classification features are randomly selected, and an aggregation function is adopted to combine the output of all base models for each test case separately. By utilising static analysis only, we demonstrate that the proposed method is capable of taking advantage of the availability of multiple external instances of different size and genre. The experimental results in AndroZoo benchmark corpora verify the suitability of a random-based heterogeneous ensemble for this task and exhibit the effectiveness of our method, in some cases improving the hitherto best reported results by more than 5%.

V. Kouliaridis, K. Barbatsalou, G. Kambourakis, S. Chen, A Survey on Mobile Malware Detection Techniques, IEICE Transactions on Information & Systems, 2020, IEICE, https://search.ieice.org/, indexed in SCI-E, IF = 0.770
 

Abstract
Modern mobile devices are equipped with a variety of tools and services, and handle increasing amounts of sensitive information. In the same trend, the number of vulnerabilities exploiting mobile devices are also augmented on a daily basis and, undoubtedly, popular mobile platforms, such as Android and iOS, represent an alluring target for malware writers. While researchers strive to find alternative detection approaches to fight against mobile malware, recent reports exhibit an alarming increase in mobile malware exploiting victims to create revenues, climbing towards a billion-dollar industry. Current approaches to mobile malware analysis and detection cannot always keep up with future malware sophistication [2][4]. The aim of this work is to provide a structured and comprehensive overview of the latest research on mobile malware detection techniques and pinpoint their benefits and limitations.

Επιστημονικά Συνέδρια (Conferences)


Copyright Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted or mass reproduced without the explicit permission of the copyright holder.


V. Kouliaridis, G. Kambourakis, T. Peng, Feature importance in Android malware detection, The 11th International Workshop on Collaborative Computing with Cloud and Client (C4W 2020) in conjunction with The 19th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom 2020), Dec, 2020, Guangzhou, China, IEEE Press,
 

Abstract
The topic of mobile malware detection on the Android platform has attracted significant attention over the last several years. However, while much research has been conducted toward mobile malware detection techniques, little attention has been devoted to feature selection and feature importance. That is, which app feature matters more when it comes to machine learning classification. After succinctly surveying all major, dated from 2012 to 2020, datasets used by state-of-the-art malware detection works in the literature, we analyse a critical mass of apps from the most contemporary and prevailing datasets, namely Drebin, VirusShare, and AndroZoo. Next, we rank the importance of app classification features pertaining to permissions and intents using the Information Gain algorithm for all the three above-mentioned datasets.

V. Kouliaridis, N. Potha, G. Kambourakis, Improving Android malware detection through dimensionality reduction techniques, The 3rd International Conference on Machine Learning for Networking (MLN 2020), Nov, 2020, Paris, France, Springer LNCS,
 

Abstract
Mobile malware poses undoubtedly a major threat to the continuously increasing number of mobile users worldwide. While researchers have been trying vigorously to find optimal detection solutions, mobile malware is becoming more sophisticated and its writers are getting more and more skilled in hiding malicious code. In this paper, we examine the usefulness of two known dimensionality reduction transformations namely, Principal Component Analysis (PCA) and t-distributed stochastic neighbor embedding (t-SNE) in malware detection. Starting from a large set of base prominent classifiers, we study how they can be combined to build an accurate ensemble. We propose a simple ensemble aggregated base model of similar feature type as well as a complex ensemble that can use multiple and possibly heterogeneous base models. The experimental results in contemporary Androzoo benchmark corpora verify the suitability of ensembles for this task and clearly demonstrate the effectiveness of our method.

V. Kouliaridis, K. Barbatsalou, G. Kambourakis, G. Wang, Mal-warehouse: A data collection-as-a-service of mobile malware behavioral patterns, The 15th IEEE International Conference on Ubiquitous Intelligence and Computing (UIC 2018), Dec, 2018, Guangzhou, China, IEEE Press,
 

Abstract
Smartphones are pervasively used in many everyday life extents, and have been both targets and victims of malware. While there are many anti-malware applications available in mobile markets, so far there are no public services that collect mobile usage data, so as to observe malware effects on mobile devices. The main contribution of this paper is the Mal-warehouse, an open-source tool performing data collection-as-a-service for Android malware behavioral patterns. During its initial development and experimentation phase, the tool extracts mobile device statistics, including CPU, memory and battery usage, process reports, and network statistics for 14 Android malware applications from a target device. It then stores them in a classified manner on a cloud database. Despite the fact that the work at hand is still in an early stage, the detection model is enhanced with a preliminary detection module. Machine learning techniques are used as a proof-of-concept so as to evaluate the detection capabilities of the detection model, when compared to a clean snapshot of the target device. Mal-warehouse is publicly available, meaning that anyone can download and use it locally and then upload their findings to the cloud service for further evaluation and processing by others.

[4]
V. Kouliaridis, V. Vlachos, I. Savvas, I. Androulidakis, SIRTOS: A simple real-time operating system, Information and Digital Technologies (IDT), 2016 International Conference on, Jul, 2016, Rzeszow, Poland, IEEE, https://ieeexplore.ieee.org/documen...

Βιβλία


Copyright Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted or mass reproduced without the explicit permission of the copyright holder.


Κεφάλαια σε Βιβλία


Copyright Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted or mass reproduced without the explicit permission of the copyright holder.


Επιμέλεια Πρακτικών Διεθνών Συνεδρίων


Copyright Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted or mass reproduced without the explicit permission of the copyright holder.