Constantinos Kolias

Swarm intelligence in intrusion detection: A survey

Intrusion Detection Systems (IDS) have nowadays become a necessary component of almost every security infrastructure. So far, many different approaches have been followed in order to increase the efficiency of IDS. Swarm Intelligence (SI), a relatively new bio-inspired family of methods, seeks inspiration in the behavior of swarms of insects or other animals. After applied in other fields with success SI started to gather the interest of researchers working in the field of intrusion detection. In this paper we explore the reasons that led to the application of SI in intrusion detection, and present SI methods that have been used for constructing IDS. A major contribution of this work is also a detailed comparison of several SI-based IDS in terms of efficiency. This gives a clear idea of which solution is more appropriate for each particular case.

DDoS in the IoT: Mirai and Other Botnets

The Mirai botnet and its variants and imitators are a wake-up call to the industry to better secure Internet of Things devices or risk exposing the Internet infrastructure to increasingly disruptive distributed denial-of-service attacks.

Intrusion Detection in 802.11 Networks: Empirical Evaluation of Threats and a Public Dataset

Wi-Fi has become the de facto wireless technology for achieving short- to medium-range device connectivity. While early attempts to secure this technology have been proved inadequate in several respects, the current more robust security amendments will inevitably get outperformed in the future, too. In any case, several security vulnerabilities have been spotted in virtually any version of the protocol rendering the integration of external protection mechanisms a necessity. In this context, the contribution of this paper is multifold. First, it gathers, categorizes, thoroughly evaluates the most popular attacks on 802.11 and analyzes their signatures. Second, it offers a publicly available dataset containing a rich blend of normal and attack traffic against 802.11 networks. A quite extensive first-hand evaluation of this dataset using several machine learning algorithms and data features is also provided. Given that to the best of our knowledge the literature lacks such a rich and well-tailored dataset, it is anticipated that the results of the work at hand will offer a solid basis for intrusion detection in the current as well as next-generation wireless networks.

Learning Internet-of-Things Security "Hands-On"

What can you glean from using inexpensive, off-the-shelf parts to create Internet of Things (IoT) use cases? As it turns out, a lot. The fast productization of IoT technologies is leaving users vulnerable to security and privacy risks.

Attacks and Countermeasures on 802.16: Analysis and Assessment

The IEEE 802.16 technology, commonly referred to as WiMAX, gains momentum as an option for broadband wireless communication access. So far, several research works focus on the security of the 802.16 family of standards. In this context, the contribution of this paper is twofold. First, it provides a comprehensive taxonomy of attacks and countermeasures on 802.16. Each attack is classified based on several factors, e.g. its type, likelihood of occurrence, impact upon the system etc. and its potential is reviewed with reference to the standard. Possible countermeasures and remedies proposed for each category of attacks are also discussed to assess their effectiveness. Second, a full-scale assessment study of indicative attacks that belong to broader attack classes is conducted in an effort to better comprehend their impact on the 802.16 realm. As far as we are aware of, this is the first time an exhaustive and detailed survey of this kind is attempted.

DoS attacks exploiting signaling in UMTS and IMS

The Universal Mobile Telecommunication Standard (UMTS) is continuously evolving to meet the growing demand of modern mobile and Internet applications for high capacity and advanced features in security and quality of service. Although admittedly enhanced in terms of security when compared to 2G systems, UMTS still has weaknesses that can lead to security incidents. In this paper, we investigate the vulnerabilities of the UMTS security architecture that can be exploited by a malicious individual to mount Denial of Service (DoS) attacks. Our focus is on signaling-oriented attacks above the physical layer. We describe and analyze several novel attacks that can be triggered against both core UMTS architecture as well as hybrid UMTS/WLAN realms. An additional contribution of this paper is the presentation of an extensive survey of similar attacks in UMTS and related protocol infrastructures such as IP Multimedia Subsystem (IMS). Finally, we offer some suggestions that would provide greater tolerance to the system against DoS attacks.

Design and implementation of a VoiceXML-driven wiki application for assistive environments on the web

In this paper, we describe the design and implementation of an audio wiki application accessible via both the Public Switched Telephone Network and the Internet. The application exploits mature World Wide Web Consortium standards, such as VoiceXML, Speech Synthesis Markup Language, and Speech Recognition Grammar Specification toward achieving our goals. The purpose of such an application is to assist visually impaired, technologically uneducated, and underprivileged people in accessing information originally intended to be accessed visually via a personal computer (PC). Users may access wiki content via fixed or mobile phones, or via a PC using a Web Browser or a Voice over IP service. This feature promotes pervasiveness to collaboratively created content to an extremely large population, i.e., those who simply own a telephone line.

Signaling-Oriented DoS Attacks in UMTS Networks

The Universal Mobile Telecommunication Standard (UMTS) is the Third Generation (3G) mobile technology with the widest public acceptance. Although, enhanced in matters of security, comparing to its predecessor i.e., the GSM, it still has vulnerabilities that can lead to security breach. In this paper we investigate the vulnerabilities of the UMTS architecture that can be exploited by a malicious entity to launch Denial of Service (DoS) attacks. We examine the methodologies that an attacker would possibly follow, as well as the possible outcome of such class of attacks. We also give some suggestions that would provide greater tolerance to the system against DoS attacks.

A pervasive wiki application based on VoiceXML

In this paper, we describe the design and implementation of an audio wiki application accessible via the Public Switched Telephone Network (PSTN) and the Internet for educational purposes. The application exploits mature World Wide Web Consortium standards such as VoiceXML, Speech Synthesis Markup Language (SSML) and Speech Recognition Grammar Specification (SRGS). The purpose of such an application is to assist visually impaired, technologically uneducated, and underprivileged people in accessing information originally intended to be accessed visually via a Personal Computer. Users may access wiki content via wired or mobile phones, or via a Personal Computer using a Web Browser or a Voice over IP service. This feature promotes pervasiveness to educational material to an extremely large population, i.e. those who simply own a telephone line.

TermID: a distributed swarm intelligence-based approach for wireless intrusion detection

With the mushrooming of wireless access infrastructures, the amount of data generated, transferred and consumed by the users of such networks has taken enormous proportions. This fact further complicates the task of network intrusion detection, especially when advanced machine learning (ML) operations are involved in the process. In wireless environments, the monitored data are naturally distributed among the numerous sensor nodes of the system. Therefore, the analysis of data must either happen in a central location after first collecting it from the sensors or locally through collaboration by viewing the problem through a distributed ML perspective. In both cases, concerns are risen regarding the requirements of this demanding task in matters of required network resources and achieved security/privacy. This paper proposes TermID, a distributed network intrusion detection system that is well suited for wireless networks. The system is based on classification rule induction and swarm intelligence principles to achieve efficient model training for intrusion detection purposes, without exchanging sensitive data. An additional achievement is that the produced model is easily readable by humans. While these are the main design principles of our approach, the accuracy of the produced model is not compromised by the distribution of the tasks and remains at competitive levels. Both the aforementioned claims are verified by the results of detailed experiments withheld with the use of a publicly available security-focused wireless dataset.