Εκπαίδευση - Σπουδές

  • Υποψήφιος Διδάκτορας στην περιοχή των εφαρμογών της Μηχανικής μάθησης και τεχνικών Deep Learning σε προηγμένα σενάρια mobile και end-point forensics, Τμήμα Μηχανικών Πληροφοριακών και Επικοινωνιακών Συστημάτων, Πανεπιστήμιο Αιγαίου.
  • Μεταπτυχιακών Πρόγραμμα Σπουδών στην "Ασφάλεια Πληροφοριακών και Επικοινωνιακών Συστημάτων", Τμήμα Μηχανικών Πληροφοριακών και Επικοινωνιακών Συστημάτων, Πανεπιστήμιο Αιγαίου.
  • Cisco Certified Network Associate (CCNA).
  • BSc (Honours) Computing and IT, Open University UK.
  • Πτυχίο Στρατιωτικής Σχολής Ευελπίδων.

Ερευνητικά Ενδιαφέροντα

  • Ασφάλεια Πληροφοριακών και Επικοινωνιακών Συστημάτων.
  • Συστήματα Ανίχνευσης Εισβολών και Κακόβουλο λογισμικό για πλατφόρμες κινητών συσκευών και τερματικών δικτυακών συσκευών.
  • Ψηφιακή Εγκληματολογία Φορητών - Κινητών και Τερματικών δικτυακών συσκευών.
  • Νευρωνικά Δίκτυα.
  • Μηχανική Μάθηση.
  • Τεχνικές Deep Learning.
  • Ανάπτυξη Εφαρμογών Android - iOS.

Διδασκαλία

Δημοσιεύσεις σε Διεθνή Περιοδικά (Journals)


Copyright Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted or mass reproduced without the explicit permission of the copyright holder.


C. Smiliotopoulos, G. Kambourakis, C. Kolias, Detecting Lateral Movement: A Systematic Survey, Heliyon Computer Science, 2024, Cell Press, https://doi.org/10.1016/j.heliyon.2024.e..., indexed in SCI-E, IF = 4
 

Abstract
Within both the cyber kill chain and MITRE ATT&CK frameworks, Lateral Movement (LM) is defined as any activity that allows adversaries to progressively move deeper into a system in seek of high-value assets. Although this timely subject has been studied in the cybersecurity literature to a significant degree, so far, no work provides a comprehensive survey regarding the identification of LM from mainly an Intrusion Detection System (IDS) viewpoint. To cover this noticeable gap, this work provides a systematic, holistic overview of the topic, not neglecting new communication paradigms, such as the Internet of Things (IoT). The survey part, spanning a time window of eight years and 53 articles, is split into three focus areas, namely, Endpoint Detection and Response (EDR) schemes, machine learning oriented solutions, and graph-based strategies. On top of that, we bring to light interrelations, mapping the progress in this field over time, and offer key observations that may propel LM research forward.

C. Smiliotopoulos, G. Kambourakis, K. Barmpatsalou, On the Detection of Lateral Movement Through Supervised Machine Learning and an Open-Source Tool To Create Turnkey Datasets From Sysmon Logs, International Journal of Information Security, 2023, Springer, https://doi.org/10.1007/s10207-023-00725..., indexed in SCI-E, IF = 3.2
 

Abstract
Lateral movement (LM) is a principal, increasingly common, tactic in the arsenal of advanced persistent threat (APT) groups and other less or more powerful threat actors. It concerns techniques that enable a cyberattacker, after establishing a foothold, to maintain ongoing access and penetrate further into a network in quest of prized booty. This is done by moving through the infiltrated network and gaining elevated privileges using an assortment of tools. Concentrating on the MS Windows platform, this work provides the first to our knowledge holistic methodology supported by an abundance of experimental results towards the detection of LM via supervised machine learning (ML) techniques. We specifically detail feature selection, data preprocessing, and feature importance processes, and elaborate on the configuration of the ML models used. A plethora of ML techniques are assessed, including 10 base estimators, one ensemble meta-estimator, and five deep learning models. Vis-à-vis the relevant literature, and by considering a highly unbalanced dataset and a multiclass classification problem, we report superior scores in terms of the F1 and AUC metrics, 99.41% and 99.84%, respectively. Last but not least, as a side contribution, we offer a publicly available, open-source tool, which can convert Windows system monitor logs to turnkey datasets, ready to be fed into ML models.

E. Chatzoglou, G. Kambourakis, C. Smiliotopoulos, Let the cat out of the bag: Popular Android IoT apps under security scrutiny, Sensors, Vol. 22, No. 2:513, pp. 1-41, 2022, MDPI, https://www.mdpi.com/1424-8220/22/2/513, indexed in SCI-E, IF = 3.576
 

Abstract
The impact that IoT technologies have on our everyday life is indisputable. Wearables, smart appliances, lighting, security controls, and others make our life simpler and more comfortable. For the sake of easy monitoring and administration, such devices are typically accompanied by smartphone apps, which are becoming increasingly popular, and sometimes are even required to operate the device. Nevertheless, the use of such apps may indirectly augment the attack surface of the IoT device itself and expose the end-user to security and privacy breaches. Therefore, a key question arises: Do these apps curtail their functionality to the minimum needed, and additionally, are they secure against known vulnerabilities and flaws? In seek of concrete answers to the aforesaid question, this work scrutinizes more than forty chart-topping Android official apps belonging to six diverse mainstream categories of IoT devices. We attentively analyze each app statically, and almost half of them dynamically, after pairing them with real-life IoT devices. The results collected span several axes, namely sensitive permissions, misconfigurations, weaknesses, vulnerabilities, and other issues, including trackers, manifest data, shared software, and more. The short answer to the posed question is that the majority of such apps still remain susceptible to a range of security and privacy issues, which in turn, and at least to a significant degree, reflects the general proclivity in this ecosystem.

E. Chatzoglou, G. Kambourakis, C. Kolias, C. Smiliotopoulos, Pick quality over quantity: Expert feature selection and data preprocessing for 802.11 Intrusion Detection Systems, IEEE Access, Vol. 10, pp. 64761-64784, 2022, IEEE Press, https://ieeexplore.ieee.org/document/979..., indexed in SCI-E, IF = 3.367
 

Abstract
Wi-Fi is arguably the most proliferated wireless technology today. Due to its massive adoption, Wi-Fi deployments always remain in the epicenter of attackers and evildoers. Surprisingly, research regarding machine learning driven intrusion detection systems (IDS) that are specifically optimized to detect Wi-Fi attacks is lagging behind. On top of that, the field is dominated by false or half-true assumptions that potentially can lead to corresponding models being overfilled to certain validation datasets, simply giving the impression or illusion of high efficiency. This work attempts to provide concrete answers to the following key questions regarding IEEE 802.11 machine learning driven IDS. First, from an expert's viewpoint and with reference to the relevant literature, what are the criteria for determining the smallest possible set of classification features, which are also common and potentially transferable to virtually any deployment types/versions of 802.11? And second, based on these features, what is the detection performance across different network versions and diverse machine learning techniques, i.e., shallow versus deep learning ones? To answer these questions, we rely on the renowned 802.11 security-oriented AWID family of datasets. In a nutshell, our experiments demonstrate that with a rather small set of 16 features and without the use of any optimization or ensemble method, shallow and deep learning classification can achieve an average F1 score of up to 99.55\% and 97.55\%, respectively. We argue that the suggested human expert driven feature selection leads to lightweight, deployment-agnostic detection systems, and therefore can be used as a basis for future work in this interesting and rapidly evolving field.

E. Chatzoglou, G. Kambourakis, C. Smiliotopoulos, C. Kolias, Best of both worlds: Detecting application layer attacks through 802.11 and non-802.11 features, Sensors, Vol. 2022, No. 15, pp. 1-19, 2022, MDPI, https://www.mdpi.com/1424-8220/22/15/563..., indexed in SCI-E, IF = 3.847
 

Abstract
Intrusion detection in wireless and, more specifically, Wi-Fi networks is lately increasingly under the spotlight of the research community. However, the literature currently lacks a comprehensive assessment of the potential to detect application layer attacks based on both 802.11 and non-802.11 network protocol features. The investigation of this capacity is of paramount importance, since Wi-Fi domains are often used as a stepping stone by threat actors for unleashing an ample variety of application layer assaults. In this setting, by exploiting the contemporary AWID3 benchmark dataset along with both shallow and deep learning machine learning techniques, this work attempts to provide concrete answers to a dyad of principal matters. First, what is the competence of 802.11-specific and non-802.11 features when used separately and in tandem in detecting application layer attacks, say, website spoofing? Second, which network protocol features are the most informative to the machine learning model for detecting application layer attacks? Without relying on any optimization or dimensionality reduction technique, our experiments, indicatively exploiting an engineered feature, demonstrate a detection performance up to 96.7% in terms of the Area under the ROC Curve (AUC) metric.

C. Smiliotopoulos, K. Barbatsalou, G. Kambourakis, Revisiting the detection of Lateral Movement through Sysmon, Applied Sciences, Vol. 12, No. 15, pp. 1-30, 2022, MDPI, https://doi.org/10.3390/app12157746, indexed in SCI-E, IF = 2.838
 

Abstract
This work attempts to answer in a clear way the following key questions regarding the optimal initialization of the Sysmon tool for the identification of Lateral Movement in the MS Windows ecosystem. First, from an expert’s standpoint and with reference to the relevant literature, what are the criteria for determining the possibly optimal initialization features of the Sysmon event monitoring tool, which are also applicable as custom rules within the config.xml configuration file? Second, based on the identified features, how can a functional configuration file, able to identify as many LM variants as possible, be generated? To answer these questions, we relied on the MITRE ATT and CK knowledge base of adversary tactics and techniques and focused on the execution of the nine commonest LM methods. The conducted experiments, performed on a properly configured testbed, suggested a great number of interrelated networking features that were implemented as custom rules in the Sysmon’s config.xml file. Moreover, by capitalizing on the rich corpus of the 870K Sysmon logs collected, we created and evaluated, in terms of TP and FP rates, an extensible Python .evtx file analyzer, dubbed PeX, which can be used towards automatizing the parsing and scrutiny of such voluminous files. Both the .evtx logs dataset and the developed PeX tool are provided publicly for further propelling future research in this interesting and rapidly evolving field.

Επιστημονικά Συνέδρια (Conferences)


Copyright Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted or mass reproduced without the explicit permission of the copyright holder.


Βιβλία


Copyright Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted or mass reproduced without the explicit permission of the copyright holder.


Κεφάλαια σε Βιβλία


Copyright Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted or mass reproduced without the explicit permission of the copyright holder.


Επιμέλεια Πρακτικών Διεθνών Συνεδρίων


Copyright Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted or mass reproduced without the explicit permission of the copyright holder.