Education

  • Ph.D. degree on Information Security software and Critical Infrastructure Protection from the Department of Informatics, Athens University of Economics and Business, Greece
  • M.Sc. degree on Information Technology from Athens University of Economics and Business, Greece
  • B.Sc. degree on Computer Science from the University of Piraeus.

Research Interests

His cur­rent re­search in­te­­rests focus on Industrial Systems Security, Cri­­ti­cal In­fra­structure Pro­­tection, IT and Network Security, Risk Assessment and Security in Software Engineering. He has published more than 30 articles in journals and conference proceedings.

 

Research and Implementation positions include being the Principal Investigator and Lead Researcher for various projects and funds, including a project from the Google DNI Fund alongside University of Piraeus, Piraeus (Greece), the Hellenic ministry of Digital Governance and various industries from the private and public sector. 

Teaching Activities

Information Systems Securty (BSc)

Network and Communication Security (MSc)

Journals


Copyright Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted or mass reproduced without the explicit permission of the copyright holder.


[1]
G. Stergiopoulos, P. Dedousis, D. Gritzalis, Automatic analysis of attack graphs for risk mitigation and prioritization on large-scale and complex networks in Industry 4.0, International Journal of Information Security (IJIS), 2022, Springer, (to_appear), , IF =
[2]
P. Dedousis, G. Stergiopoulos, G. Arampatzis, D. Gritzalis, A security-aware framework for designing in-dustrial engineering processes, IEEE ACCESS, 2021, IEEE, (to_appear), , IF =
[3]
C. Xarhoulacos , A. Anagnostopoulou, G. Stergiopoulos, D. Gritzalis, Misinformation vs. situational awareness: The art of deception and the need for cross-domain detection, Sensors (Special Issue: Cyber Situational Awareness), 2021, MDPI, (to_appear), , IF =
[4]
C. Xarhoulacos , A. Anagnostopoulou, G. Stergiopoulos, D. Gritzalis, Misinformation vs. situational awareness: The art of deception and the need for cross-domain detection, Sensors (Special Issue: Cyber Situational Awareness), 2021, MDPI, (to_appear), , IF =
[5]
V. Malamas, F. Chantzis, T. Dasaklis, G. Stergiopoulos, P. Kotzanikolaou, C. Douligeris, Risk Assessment Methodologies for the Internet of Medical Things: A Survey and Comparative Appraisal, IEEE ACCESS, Vol. 9, 2021, IEEE , (to_appear), , IF =
[6]
G. Stergiopoulos, D. Gritzalis, A. Anagnostopoulou, E. Vasilellis , Dropping malware through sound injection: A comparative analysis on Android operating systems, Computers & Security, 2021, (to_appear), , IF =
[7]
P. Dedousis, G. Stergiopoulos, D. Gritzalis, An improved bit masking technique to enhance covert channel attacks in everyday IT systems, ICETE 2020: E-Business and Telecommunications, 2021, Springer, (to_appear), , IF =
[8]
G. Lykou, P. Dedousis, G. Stergiopoulos, D. Gritzalis, Assessing Interdependencies and Congestion Delays in the Aviation Network, IEEE ACCESS, 2020, IEEE , (to_appear), , IF =
[9]
D. Koutras, G. Stergiopoulos, T. Dasaklis, P. Kotzanikolaou, D. Glynos, C. Douligeris, Security in IoMT Communications: A survey, SENSORS Journal, 2020, MDPI, (to_appear), , IF =
[10]
G. Stergiopoulos, D. Gritzalis, V. Limnaios, Cyber-attacks on the Oil & Gas sector: A survey on incident assessment and attack patterns, IEEE ACCESS, 2020, IEEE , (to_appear), , IF =
[11]
D. Gritzalis, G. Stergiopoulos, E. Vasilellis , A. Anagnostopoulou, Readiness exercises: Are risk assessment methodologies ready for the Cloud?, Learning and Analytics in Intelligent Systems, 2020, Springer, (to_appear), , IF =
[12]
G. Stergiopoulos, P. Dedousis, D. Gritzalis, Αutomatic network restructuring and risk mitigation through business process asset dependency analysis, Computers and Security , Vol. 96, 2020, Elsevier, (to_appear), , IF =
[13]
G. Stergiopoulos, G. Chronopoulou, E. Bitsikas, N. Tsalis, D. Gritzalis, Using side channel TCP features for real-time detection of malware connections, Journal of Computer Security, 2019, (to_appear), , IF =
[14]
G. Stergiopoulos, N. Kapetanas, E. Vasilellis , D. Gritzalis, Leaking SCADA commands over unpadded TCP/IP encryption through differential packet size analysis, Security & Privacy, 2019, (to_appear), , IF =
[15]
G. Stergiopoulos, E. Valvis, D. Mitrodimas, D. Lekkas, D. Gritzalis, Analyzing congestion interdependencies of ports and container ship routes in the maritime network infrastructure, IEEE ACCESS, Vol. 6, 2018, IEEE , (to_appear), , IF =
[16]
G. Stergiopoulos, D. Gritzalis, V. Kouktzoglou, Using formal distributions for threat likelihood estimation in cloud-enabled IT risk assessment, Computer Networks, 2018, Elsevier, (to_appear), , IF =
[17]
G. Stergiopoulos, E. Valvis, F. Anagnou - Misyris, N. Bozovic, D. Gritzalis, Interdependency analysis of junctions for congestion mitigation in transportation infrastructure, ACM SIGMETRICS Performance Evaluation Review, Vol. 45, 2017, ACM , (to_appear), , IF =
[18]
G. Stergiopoulos, V. Kouktzoglou, M. Theoharidou, D. Gritzalis, A process-based dependency risk analysis methodology for critical infrastructures, International Journal of Critical Infrastructures (Special Issue), Vol. 13, 2017, (to_appear), , IF =
[19]
G. Stergiopoulos, P. Katsaros, D. Gritzalis, Program analysis with risk-based classification of dynamic invariants for logical error detection, Computers & Security (CoSe), Vol. 71, 2017, Elsevier, (to_appear), , IF =
[20]
G. Stergiopoulos, P. Kotzanikolaou, M. Theoharidou, G. Lykou, D. Gritzalis, Time-based critical infrastructure dependency analysis for large-scale and cross-sectoral failures, International Journal of Critical Infrastructure Protection, Vol. 12, 2016, Elsevier, (to_appear), , IF =
[21]
G. Stergiopoulos, P. Kotzanikolaou, M. Theoharidou, D. Gritzalis, Risk mitigation strategies for critical infrastructures based on graph centrality analysis, International Journal of Critical Infrastructure Protection, Vol. 10, 2015, Elsevier, (to_appear), , IF =

Conferences


Copyright Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted or mass reproduced without the explicit permission of the copyright holder.


[1]
P. Dedousis, M. Raptaki, G. Stergiopoulos, D. Gritzalis, Towards an automated business process model risk assessment: A process mining approach", in Proc. of the 19th International Conference on Security & Cryptography (SECRYPT-2022), 19th International Conference on Security & Cryptography (SECRYPT-2022), (ed), (eds), (to_appear), Jul, 2022,
[2]
C. Konstantinou, G. Stergiopoulos, M. Parvania, P. Esteves-Verissimo, Chaos engineering for enhanced resilience of cyber-physical systems. Resilience Week (RWS) , Resilience Week (RWS) 2021, (ed), (eds), (to_appear), Oct, 2021, INL Idaho National Laboratory,
[3]
P. Dedousis, G. Stergiopoulos, D. Gritzalis, Towards integrating security in industrial engineering design practices, 18th International Conference on Security & Cryptography (SECRYPT-2021), 18th International Conference on Security & Cryptography (SECRYPT-2021), (ed), (eds), (to_appear), Jul, 2021,
[4]
K. Nomikos, A. Papadimitriou, G. Stergiopoulos, D. Koutras, M. Psarakis, P. Kotzanikolaou, On a Security-oriented Design Framework for Medical IoT Devices: The Hardware Security Perspective, 2020 23rd Euromicro Conference on Digital System Design (DSD), (ed), (eds), (to_appear), pp. 230, Jul, 2020, DSD,
[5]
G. Stergiopoulos, E. Lygerou, N. Tsalis, D. Tomaras, D. Gritzalis, Avoiding network and host detection using packet bit-masking, 17th International Conference Security and Cryptography (SECRYPT-2020), (ed), (eds), (to_appear), Mar, 2020,
[6]
G. Stergiopoulos, A. Talavari, E. Bitsikas, D. Gritzalis, Automatic detection of multiple types of malicious traffic using timing attacks and differential size analysis, 23rd European Symposium on Research in Computer Security (ESORICS-2018), (ed), (eds), (to_appear), Jul, 2018, Spain, Springer,
[7]
N. Tsalis, G. Stergiopoulos, E. Bitsikas, D. Gritzalis, Apostolopoulos T., Side Channel Attacks over Encrypted TCP/IP Modbus Reveal Functionality Leaks, 15th International Conference Security and Cryptography (SECRYPT-2018), (ed), (eds), (to_appear), Mar, 2018, ICETE ,
[8]
G. Lykou, A. Anagnostopoulou, G. Stergiopoulos, D. Gritzalis, Cybersecurity Self-assessment Tools: Evaluating the Importance for Securing Industrial Control Systems in Critical Infrastructures, International Conference on Critical Information Infrastructures Security (CRITIS 2018), Springer, (ed), (eds), (to_appear), Jan, 2018,
[9]
G. Stergiopoulos, E. Valvis, F. Anagnou - Misyris, N. Bozovic, D. Gritzalis, Interdependency analysis of junctions for congestion mitigation in Transportation Infrastructures, ACM SIGMETRICS International Workshop on Critical Infrastructure Network Security (CINS-2017), (ed), (eds), (to_appear), Jun, 2017, USA,
[10]
G. Lykou, G. Stergiopoulos, A. Papachrysanthou , D. Gritzalis, Climate adaption: Addressing risks and impacts of climate change on Transport Sector, 11th International Conference on Critical Infrastructure Protection (IFIP WG 11.0 2017), (ed), (eds), (to_appear), Jan, 2017, IFIP WG,
[11]
D. Gritzalis, G. Stergiopoulos, P. Kotzanikolaou, E. Magkos, G. Lykou, Critical infrastructure protection: a holistic methodology for Greece, International Workshop on the Security of Industrial Control Systems and Cyber-Physical Systems, (ed), (eds), (to_appear), Sep, 2016, Springer,
[12]
G. Stergiopoulos, P. Katsaros, D. Gritzalis, Apostolopoulos T., Combining invariant violation with execution path classification for detecting multiple types of logical errors and race conditions, 13th International Conference on Security & Cryptography (SECRYPT-2016), (ed), (eds), (to_appear), Jul, 2016,
[13]
G. Stergiopoulos, E. Vasilellis , G. Lykou, P. Kotzanikolaou, D. Gritzalis, Critical Infrastructure Protection tools: Classification and comparison, 10th International Conference on Critical Infrastructure Protection (IFIP WG 11.10 2016), (ed), (eds), (to_appear), Mar, 2016, IFIP WG,
[14]
S. Faily, G. Stergiopoulos, V. Katos, D. Gritzalis, Water, water, everywhere: Nuances for a Water Industry Critical Infrastructure specification exemplar, 10th International Conference on Critical Infrastructures Security (CRITIS-2015), (ed), (eds), (to_appear), Oct, 2015, Springer,
[15]
G. Stergiopoulos, M. Theoharidou, D. Gritzalis, Using logical error detection in Remote-Terminal Units to predict initiating events of Critical Infrastructures failures, 3rd International Conference on Human Aspects of Information Security, Privacy and Trust (HCI-2015), (ed), (eds), (to_appear), Aug, 2015, Springer,
[16]
G. Stergiopoulos, P. Petsanas, P. Katsaros, D. Gritzalis, Automated exploit detection using path profiling: The disposition should matter, not the position, 12th International Conference on Security and Cryptography (SECRYPT-2015), (ed), (eds), (to_appear), Jul, 2015,
[17]
G. Stergiopoulos, P. Kotzanikolaou, M. Theoharidou, D. Gritzalis, Using centrality metrics in CI dependency risk graphs for efficient risk mitigation, 9th IFIP International Conference on Critical Infrastructure Protection (IFIP WG 11.0 2015), (ed), (eds), (to_appear), Mar, 2015, Springer,
[18]
G. Stergiopoulos, P. Katsaros, D. Gritzalis, Automated detection of logical errors in programs, International Conference on Risks and Security of Internet and Systems , (ed), (eds), (to_appear), Aug, 2014, Springer,
[19]
D. Gritzalis, V. Stavrou, M. Kandias , G. Stergiopoulos, Insider threat: enhancing BPM through social media, 6th International Conference on New Technologies, Mobility and Security (NTMS), (ed), (eds), (to_appear), Mar, 2014, IEEE,
[20]
G. Stergiopoulos, V. Tsoumas, D. Gritzalis, On business logic vulnerabilities hunting: the APP_LogGIC framework, International Conference on Network and System Security , (ed), (eds), (to_appear), Jun, 2013, Springer,
[21]
G. Stergiopoulos, M. Kandias , D. Gritzalis, Approaching encryption through complex number logarithms, International Conference on Security and Cryptography (SECRYPT), (ed), (eds), (to_appear), Mar, 2013, IEEE,
[22]
G. Stergiopoulos, V. Tsoumas, D. Gritzalis, Hunting application-level logical errors, International Symposium on Engineering Secure Software and Systems (ESSOS), (ed), (eds), (to_appear), Feb, 2012, Springer,

Books


Copyright Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted or mass reproduced without the explicit permission of the copyright holder.


Chapters in Books


Copyright Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted or mass reproduced without the explicit permission of the copyright holder.


Conferences Proceedings Editor


Copyright Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted or mass reproduced without the explicit permission of the copyright holder.