Papers by Maria Grammatikou
A Distributed Kerberized Access Architecture for Real Time Grids
Proceedings of the 4th International Workshop on Security in Information Systems, 2006
IEEE Transactions on Vehicular Technology, 2007
In this paper, based on principal component analysis (PCA), a comprehensive and efficient inciden... more In this paper, based on principal component analysis (PCA), a comprehensive and efficient incident detection approach that uses probabilistic network and processing methodologies to exploit spatial and temporal correlations and dependencies in vehicular networks, and therefore derive a reliable picture of the driving context, is proposed. The proposed approach provides an integrated way of effectively processing and organizing accumulated spatiotemporal information from a variety of different locations, vehicles, and sources and integrates it into a comprehensive outcome. The use of a PCA-based approach aims at reducing the dimensionality of the data set in which there is a large number of interrelated variables while retaining as much as possible of the variation present in the data set. The operational effectiveness of our proposed incident detection methodology is evaluated via modeling and simulation under different scenarios that represent a wide area of incidents, which range from accident occurrences to alterations in traffic patterns. Index Terms-Principal component analysis (PCA), road traffic incident detection. I. INTRODUCTION O VER the last few years, the automobile industry has been consistently working toward equipping cars with complex sensor arrays that continuously gather information from various systems, including distance detection, tire pressure, collision events, mechanical and electrical parts, position, velocity, etc. While today's car-use systems are able to sense their environment, these systems do not actively exchange information among vehicles and between vehicles and the roadside. However, letting vehicles communicate with each other and with the infrastructure gives the vehicle systems and, thus, drivers a much better awareness of their surroundings so that they can avoid dangerous and unpleasant situations. Therefore, vehicular networks have emerged as the cornerstone of envisioned intelligent transportation systems (ITSs). By enabling the vehicles to communicate with each other via vehicle-to-vehicle (V2V) communication and with roadside base stations via roadside-to-vehicle (R2V) communication, vehicular networks can contribute to safer and more efficient
Intrusion Detection is the problem of identifying unauthorized use, misuse, and abuse of computer... more Intrusion Detection is the problem of identifying unauthorized use, misuse, and abuse of computer systems by both system insiders and external intruders. Intrusion Detection Systems provide in depth packet analysis and application awareness and can be deployed for discovering network attacks. In this scenario a system that gives intelligence about the traffic on your network is necessary. This paper describes a prototype for Distributed Intrusion Detection considering a large-scale network environment in order to monitor multiple hosts connected via a network as well as the network itself. The design and implementation of our Distributed Intrusion Detection prototype relies on Security Agents which monitor network traffic and report intrusion alerts to a central management node. The Intrusion Detection Prototype is comprised of sensor and management elements. Distributed operation is handled through the introduction of multiple sensors and the use of Security Agents that are responsible for incident reporting and message propagation control.
Intrusion Detection Systems (IDS) have been developed to solve the problem of detecting the attac... more Intrusion Detection Systems (IDS) have been developed to solve the problem of detecting the attacks on several network systems. In small-scale networks a single IDS is sufficient to detect attacks but this is inadequate in large-scale networks, where the number of packets across the network is enormous. In this paper, we present an Architectural Framework considering the large-scale network environment. We designed and implemented a Distributed Intrusion Detection system that relies on Smart Agents which monitor network traffic and report intrusion alerts to a central management node. Distribution is handled through the introduction of multiple sensors and the use of Smart Agents who are responsible for reporting and rate limiting of messages. Finally, we extended the IDMEF (Intrusion Detection Message Exchange Format) data model to support digital signatures and to strengthen the authentication of the system.
IEEE Access
Domain Generation Algorithms (DGA's) have been employed by botnet orchestrators for controlling i... more Domain Generation Algorithms (DGA's) have been employed by botnet orchestrators for controlling infected hosts (bots), while evading detection by performing multiple DNS requests, mostly for non-existing domain names. With blacklists ineffective, modern DGA filtering methods rely on Machine Learning (ML). Emerging needs for higher intrusion detection accuracy lead to complex, non-interpretable black-box classifiers, thus requiring eXplainable Artificial Intelligence (XAI) techniques. In this paper, we utilize SHapley Additive exPlanation (SHAP) to derive model-agnostic, post-hoc interpretations on DGA name classifiers. This method is applied to binary supervised tree-based classifiers (e.g. eXtreme Gradient Boosting-XGBoost) and deep neural networks (Multi-Layer Perceptron-MLP) to assess domain name feature importance. SHAP visualization tools (summary, dependence, force plots) are used to rank features, investigate their effect on model decisions and determine their interactions. Specific interpretations are detailed for identifying names belonging to common DGA families pertaining to arithmetic, wordlist, hash and permutation based schemes. Learning and interpretations are based on up-to-date datasets, such as Tranco for benign and DGArchive for malicious names. Domain name features are extracted from dataset instances, thus limiting time-consuming and privacy-invasive database operations on historical data. Our experimental results demonstrate that SHAP enables explanations of XGBoost (the most accurate tree-based model) and MLP classifiers and indicates the characteristics of specific DGA schemes, commonly employed in attacks. In conclusion, we envision that XAI methods will expedite ML deployment in networking environments where justifications for black-box models are required. INDEX TERMS Cybersecurity, domain generation algorithms (DGA's), domain name system (DNS), explainable artificial intelligence (XAI), machine learning, shapley additive explanation (SHAP).
Journal of Network and Systems Management, 2016
This paper presents Policy-based Federation (PBF) architecture for interworked Future Internet Vi... more This paper presents Policy-based Federation (PBF) architecture for interworked Future Internet Virtualized Infrastructures (VIs). Each VI is an individually managed autonomous domain. Users may request slices of virtual resources across the federation, managed and controlled via inter-domain policies that abide by agreed upon federated SLAs. The key component of our PBF architecture is a Policy Service, which provides support for intra-domain policies (Obligation, Authorization, Role-Based Access Control) and for inter-domain Delegation policies. Delegation policies reserve resources in remote domains, update the number of resources exchanged, set alien domain obligations for cross-domain resource provisioning and define the exchange of internal domain information through the execution of remote semantic queries. Key to the architecture is the PBF Policy Ontology that specifies common federation concepts within the context of a user slice and the PBF services that trigger management actions. A prototype of the proposed architecture was developed and deployed in a European Future Internet federated testbed.
A System for Information Management and Electronic Transactions in First Stage Health Care
Internet-based Distributed Framework For Patient Records Management in the Primary Healthcare Environment
Distributed Architectural Framework For Patient Records Management
Annals of the New York Academy of Sciences
IEEE Communications Magazine, 2015
Grid applications require computing, storage and network resources offered from different Resourc... more Grid applications require computing, storage and network resources offered from different Resource Centers (RCs). For the exchange of resources and the data transfers between two RCs an end-to-end path should be created. To provide QoS assurances to this end-to-end path, the complete path should be reserved and configured to offer that particular service and the global network setup should be compliant and aware of the service offered. In this paper we propose a coupled procedure for the establishment of end to end Service Level Agreements (SLAs) along with the service provisioning in order to assure that the service and network providers comply with the level of QoS that the applications expect along the path. These SLAs stipulate the appropriate requirements for service availability and performance providing guarantees for the delay, inter packet delay variation, packet loss and capacity.
Enabling User Service Control on Unified Messaging Systems
Studies in health technology and informatics, 2000
We present a distributed architectural framework for Primary Health Care (PHC) Centres. Distribut... more We present a distributed architectural framework for Primary Health Care (PHC) Centres. Distribution is handled through the introduction of the Roaming Electronic Health Care Record (R-EHCR) and the use of local caching and incremental update of a global index. The proposed architecture is designed to accommodate a specific PHC workflow model. Finally, we discuss a pilot implementation in progress, which is based on CORBA and web-based user interfaces. However, the conceptual architecture is generic and open to other middleware approaches like the DHE or HL7.
A Primary HealthCare Information System (PHeCIS)
Computing Grids that are traditionally used for batch computations are extending their applicatio... more Computing Grids that are traditionally used for batch computations are extending their application on different areas. In GRIDCC [4], we extend the Grid paradigm to support distributed instrumentation that belongs to different organizations. The instrumentation exposes its functionality as Web Services. Quality of Service (QoS) plays an important role to applications of that kind, thus QoS in the design and functionality is required by all the components of the GRIDCC. In order to minimize the impact on server performance of security processing, we have designed and implemented a security architecture that is based on certificates for the initial login, uses Kerberos to distribute symmetric keys and provides message level security implementing the OASIS Kerberos Token Profile [14]. In this paper we present the implementation details and some measurement we have performed that validate our expectations from the architecture.
Interdomain SLAs Enforcement in Real QoS-Enabled Networks
Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, 2011
Autonomic monitoring procedures in multi-service networks provide not only feedback to end users,... more Autonomic monitoring procedures in multi-service networks provide not only feedback to end users, but also self-handling monitoring events to network operators. In this work, we present an autonomic monitoring framework for Quality of Service (QoS) management in multi-service networks. Our framework introduces aggregation mechanisms to deal with the excessive number of alarms, triggered in an autonomic networking environment. The proposed framework was assessed via an early prototype, deployed to IPv6 endsites, distributed across Europe and interconnected via the Internet.
International Conference on Networking and Services (ICNS '07), 2007
Web Services (WS) Security is the set of standards that provides means for applying security to W... more Web Services (WS) Security is the set of standards that provides means for applying security to WS. In this paper we present the performance of the WS Security Kerberos Token profile in contrast to the X.509 Token Profile. The measurements are based on the Apache wss4j library for the X.509 Token Profile and the extensions we have made on the same library in order to support the Kerberos Token Profile. The Kerberos Token profile is based exclusively on symmetric cryptography, whereas the X.509 profile uses Public Key Cryptography for encrypting the symmetric encryption key used for deciphering the message. These differences in the nature of cryptography are reflected and quantified on the measurements we have performed. The performance evaluation and numerical results, demonstrated that Kerberos Token profile has up to 28% packet throughput improvement over the X.509 Token profile, under full CPU load on the server.
On the Characterization and Evaluation of Mobile Attack Strategies in Wireless Ad Hoc Networks
11th IEEE Symposium on Computers and Communications (ISCC'06), 2006
The spread of active attacks has become a frequent cause of vast systems breakdown in modern comm... more The spread of active attacks has become a frequent cause of vast systems breakdown in modern communication networks. In this paper, we first present a probabilistic modeling framework for the propagation of an energy-constrained mobile threat in a wireless ad hoc network. The introduced formulation is used to identify and evaluate different attack strategies and approaches, which in turn can
11th IEEE Symposium on Computers and Communications (ISCC'06), 2006
In this paper, an anomaly detection approach that fuses data gathered from different nodes in a d... more In this paper, an anomaly detection approach that fuses data gathered from different nodes in a distributed wireless sensor network is proposed and evaluated. The emphasis of this work is placed on the data integrity and accuracy problem caused by compromised or malfunctioning nodes. One of the key features of the proposed approach is that it provides an integrated methodology of taking into consideration and combining effectively correlated sensor data, in a distributed fashion, in order to reveal anomalies that span through a number of neighboring sensors. Furthermore, it allows the integration of results from neighboring network areas to detect correlated anomalies/attacks that involve multiple groups of nodes. The efficiency and effectiveness of the proposed approach is demonstrated for a real use case that utilizes meteorological data collected from a distributed set of sensor nodes.
Uploads
Papers by Maria Grammatikou