The Greater The Power, The More Dangerous The Abuse: Facing Malicious Insiders in The Cloud

Pitropakis, Nick; Lyvas, Christos; Lambrinoudakis, Costas

TRUSTEE: Towards the creation of secure, trustworthy and privacy-preserving framework (2023)
Conference Proceeding
Sayeed, S., Pitropakis, N., Buchanan, W. J., Markakis, E., Papatsaroucha, D., & Politis, I. (2023). TRUSTEE: Towards the creation of secure, trustworthy and privacy-preserving framework. In ARES '23: Proceedings of the 18th International Conference on Availability, Reliability and Security. https://doi.org/10.1145/3600160.3604997

Digital transformation is a method where new technologies replace the old to meet essential organisational requirements and enhance the end-user experience. Technological transformation often improvises the manner in which a facility or resources are... Read More about TRUSTEE: Towards the creation of secure, trustworthy and privacy-preserving framework.

SRSS: A New Chaos-Based Single-Round Single S-Box Image Encryption Scheme for Highly Auto-Correlated Data (2023)
Conference Proceeding
Shahbaz Khan, M., Ahmad, J., Ali, H., Pitropakis, N., Al-Dubai, A., Ghaleb, B., & Buchanan, W. J. (in press). SRSS: A New Chaos-Based Single-Round Single S-Box Image Encryption Scheme for Highly Auto-Correlated Data.

With the advent of digital communication, securing digital images during transmission and storage has become a critical concern. The traditional s-box substitution methods often fail to effectively conceal the information within highly auto-correlate... Read More about SRSS: A New Chaos-Based Single-Round Single S-Box Image Encryption Scheme for Highly Auto-Correlated Data.

Progressive Web Apps to Support (Critical) Systems in Low or No Connectivity Areas (2023)
Conference Proceeding
Josephe, A. O., Chrysoulas, C., Peng, T., El Boudani, B., Iatropoulos, I., & Pitropakis, N. (2023). Progressive Web Apps to Support (Critical) Systems in Low or No Connectivity Areas. In 2023 IEEE IAS Global Conference on Emerging Technologies (GlobConET). https://doi.org/10.1109/GlobConET56651.2023.10150058

Web applications are popular in our world today and every organization or individual either build or access at least one each day. It’s important for every application user to continue accessing contents of a web application irrespective of the netwo... Read More about Progressive Web Apps to Support (Critical) Systems in Low or No Connectivity Areas.

Forensic Investigation Using RAM Analysis on the Hadoop Distributed File System (2023)
Conference Proceeding
Laing, S., Ludwiniak, R., El Boudani, . B., Chrysoulas, C., Ubakanma, G., & Pitropakis, N. (2023). Forensic Investigation Using RAM Analysis on the Hadoop Distributed File System. In 2023 19th International Conference on the Design of Reliable Communication Networks (DRCN). https://doi.org/10.1109/DRCN57075.2023.10108330

The usage of cloud systems is at an all-time high, and with more organizations reaching for Big Data the forensic implications must be analyzed. The Hadoop Distributed File System is widely used both as a cloud service and with organizations implemen... Read More about Forensic Investigation Using RAM Analysis on the Hadoop Distributed File System.

Post Quantum Cryptography Analysis of TLS Tunneling on a Constrained Device (2022)
Conference Proceeding
Barton, J., Pitropakis, N., Buchanan, W., Sayeed, S., & Abramson, W. (2022). Post Quantum Cryptography Analysis of TLS Tunneling on a Constrained Device. In Proceedings of the 8th International Conference on Information Systems Security and Privacy - ICISSP (551-561). https://doi.org/10.5220/0010903000003120

Advances in quantum computing make Shor’s algorithm for factorising numbers ever more tractable. This threatens the security of any cryptographic system which often relies on the difficulty of factorisation. It also threatens methods based on discret... Read More about Post Quantum Cryptography Analysis of TLS Tunneling on a Constrained Device.

Privacy-preserving and Trusted Threat Intelligence Sharing using Distributed Ledgers (2022)
Conference Proceeding
Ali, H., Papadopoulos, P., Ahmad, J., Pit, N., Jaroucheh, Z., & Buchanan, W. J. (2022). Privacy-preserving and Trusted Threat Intelligence Sharing using Distributed Ledgers. In IEEE SINCONF: 14th International Conference on Security of Information and Networks. https://doi.org/10.1109/SIN54109.2021.9699366

Threat information sharing is considered as one of the proactive defensive approaches for enhancing the overall security of trusted partners. Trusted partner organizations can provide access to past and current cybersecurity threats for reducing the... Read More about Privacy-preserving and Trusted Threat Intelligence Sharing using Distributed Ledgers.

PAN-DOMAIN: Privacy-preserving Sharing and Auditing of Infection Identifier Matching (2022)
Conference Proceeding
Abramson, W., Buchanan, W. J., Sayeed, S., Pitropakis, N., & Lo, O. (2022). PAN-DOMAIN: Privacy-preserving Sharing and Auditing of Infection Identifier Matching. In 14th International Conference on Security of Information and Networks. https://doi.org/10.1109/SIN54109.2021.9699138

The spread of COVID-19 has highlighted the need for a robust contact tracing infrastructure that enables infected individuals to have their contacts traced, and followed up with a test. The key entities involved within a contact tracing infrastructur... Read More about PAN-DOMAIN: Privacy-preserving Sharing and Auditing of Infection Identifier Matching.

GLASS: Towards Secure and Decentralized eGovernance Services using IPFS (2022)
Conference Proceeding
Chrysoulas, C., Thomson, A., Pitropakis, N., Papadopoulos, P., Lo, O., Buchanan, W. J., …Tsolis, D. (2022). GLASS: Towards Secure and Decentralized eGovernance Services using IPFS. In Computer Security. ESORICS 2021 International Workshops. https://doi.org/10.1007/978-3-030-95484-0_3

The continuously advancing digitization has provided answers to the bureaucratic problems faced by eGovernance services. This innovation led them to an era of automation, broadened the attack surface and made them a popular target for cyber attacks.... Read More about GLASS: Towards Secure and Decentralized eGovernance Services using IPFS.

Launching Adversarial Label Contamination Attacks Against Malicious URL Detection (2021)
Conference Proceeding
Marchand, B., Pitropakis, N., Buchanan, W. J., & Lambrinoudakis, C. (2021). Launching Adversarial Label Contamination Attacks Against Malicious URL Detection. In Trust, Privacy and Security in Digital Business: 18th International Conference, TrustBus 2021, Virtual Event, September 27–30, 2021, Proceedings (69-82). https://doi.org/10.1007/978-3-030-86586-3_5

Web addresses, or Uniform Resource Locators (URLs), represent a vector by which attackers are able to deliver a multitude of unwanted and potentially harmful effects to users through malicious software. The ability to detect and block access to such... Read More about Launching Adversarial Label Contamination Attacks Against Malicious URL Detection.

Towards An SDN Assisted IDS (2021)
Conference Proceeding
Sutton, R., Ludwiniak, R., Pitropakis, N., Chrysoulas, C., & Dagiuklas, T. (2021). Towards An SDN Assisted IDS. In 2021 11th IFIP International Conference on New Technologies, Mobility and Security (NTMS). https://doi.org/10.1109/NTMS49979.2021.9432651

Modern Intrusion Detection Systems are able to identify and check all traffic crossing the network segments that they are only set to monitor. Traditional network infrastructures use static detection mechanisms that check and monitor specific types o... Read More about Towards An SDN Assisted IDS.

Privacy-preserving Surveillance Methods using Homomorphic Encryption (2020)
Conference Proceeding
Bowditch, W., Abramson, W., Buchanan, W. J., Pitropakis, N., & Hall, A. J. (2020). Privacy-preserving Surveillance Methods using Homomorphic Encryption. In ICISSP: Proceedings of the 6th International Conference on Information Systems Security and Privacy (240-248). https://doi.org/10.5220/0008864902400248

Data analysis and machine learning methods often involve the processing of cleartext data, and where this could breach the rights to privacy. Increasingly, we must use encryption to protect all states of the data: in-transit, at-rest, and in-memory.... Read More about Privacy-preserving Surveillance Methods using Homomorphic Encryption.

Phishing URL Detection Through Top-Level Domain Analysis: A Descriptive Approach (2020)
Conference Proceeding
Christou, O., Pitropakis, N., Papadopoulos, P., Mckeown, S., & Buchanan, W. J. (2020). Phishing URL Detection Through Top-Level Domain Analysis: A Descriptive Approach. In Proceedings of the 6th International Conference on Information Systems Security and Privacy (289-298). https://doi.org/10.5220/0008902202890298

Phishing is considered to be one of the most prevalent cyber-attacks because of its immense flexibility and alarmingly high success rate. Even with adequate training and high situational awareness, it can still be hard for users to continually be awa... Read More about Phishing URL Detection Through Top-Level Domain Analysis: A Descriptive Approach.

Microtargeting or Microphishing? Phishing Unveiled (2020)
Conference Proceeding
Khursheed, B., Pitropakis, N., McKeown, S., & Lambrinoudakis, C. (2020). Microtargeting or Microphishing? Phishing Unveiled. In Trust, Privacy and Security in Digital Business (89-105). https://doi.org/10.1007/978-3-030-58986-8_7

Online advertisements delivered via social media platforms function in a similar way to phishing emails. In recent years there has been a growing awareness that political advertisements are being microtargeted and tailored to specific demographics, w... Read More about Microtargeting or Microphishing? Phishing Unveiled.

A Distributed Trust Framework for Privacy-Preserving Machine Learning (2020)
Conference Proceeding
Abramson, W., Hall, A. J., Papadopoulos, P., Pitropakis, N., & Buchanan, W. J. (2020). A Distributed Trust Framework for Privacy-Preserving Machine Learning. In Trust, Privacy and Security in Digital Business (205-220). https://doi.org/10.1007/978-3-030-58986-8_14

When training a machine learning model, it is standard procedure for the researcher to have full knowledge of both the data and model. However, this engenders a lack of trust between data owners and data scientists. Data owners are justifiably reluct... Read More about A Distributed Trust Framework for Privacy-Preserving Machine Learning.

Testing And Hardening IoT Devices Against the Mirai Botnet (2020)
Conference Proceeding
Kelly, C., Pitropakis, N., McKeown, S., & Lambrinoudakis, C. (2020). Testing And Hardening IoT Devices Against the Mirai Botnet. . https://doi.org/10.1109/CyberSecurity49315.2020.9138887

A large majority of cheap Internet of Things (IoT) devices that arrive brand new, and are configured with out-of-the-box settings, are not being properly secured by the manufactures, and are vulnerable to existing malware lurking on the Internet. Amo... Read More about Testing And Hardening IoT Devices Against the Mirai Botnet.

Towards The Creation of A Threat Intelligence Framework for Maritime Infrastructures (2020)
Conference Proceeding
Pitropakis, N., Logothetis, M., Andrienko, G., Karapistoli, I., Stephanatos, J., & Lambrinoudakis, C. (2020). Towards The Creation of A Threat Intelligence Framework for Maritime Infrastructures. In Computer Security: ESORICS 2019 International Workshops, CyberICPS, SECPRE, SPOSE, and ADIoT (53-68). https://doi.org/10.1007/978-3-030-42048-2_4

The maritime ecosystem has undergone through changes due to the increasing use of information systems and smart devices. The newly introduced technologies give rise to new attack surface in maritime infrastructures. In this position paper, we propose... Read More about Towards The Creation of A Threat Intelligence Framework for Maritime Infrastructures.

Predicting Malicious Insider Threat Scenarios Using Organizational Data and a Heterogeneous Stack-Classifier (2019)
Conference Proceeding
Hall, A. J., Pitropakis, N., Buchanan, W. J., & Moradpoor, N. (2019). Predicting Malicious Insider Threat Scenarios Using Organizational Data and a Heterogeneous Stack-Classifier. In 2018 IEEE International Conference on Big Data (Big Data). https://doi.org/10.1109/BigData.2018.8621922

Insider threats continue to present a major challenge for the information security community. Despite constant research taking place in this area; a substantial gap still exists between the requirements of this community and the solutions that are cu... Read More about Predicting Malicious Insider Threat Scenarios Using Organizational Data and a Heterogeneous Stack-Classifier.

An Enhanced Cyber Attack Attribution Framework (2018)
Conference Proceeding
Pitropakis, N., Panaousis, E., Giannakoulias, A., Kalpakis, G., Rodriguez, R. D., & Sarigiannidis, P. (2018). An Enhanced Cyber Attack Attribution Framework. In S. Furnell, H. Mouratidis, & G. Pernul (Eds.), Trust, Privacy and Security in Digital Business. TrustBus 2018 (213-228). https://doi.org/10.1007/978-3-319-98385-1_15

Advanced Persistent Threats (APTs) are considered as the threats that are the most challenging to detect and defend against. As APTs use sophisticated attack methods, cyber situational awareness and especially cyber attack attribution are necessary f... Read More about An Enhanced Cyber Attack Attribution Framework.

Hiding in Plain Sight: A Longitudinal Study of Combosquatting Abuse (2017)
Conference Proceeding
Kintis, P., Miramirkhani, N., Lever, C., Chen, Y., Romero-Gómez, R., Pitropakis, N., …Antonakakis, M. (2017). Hiding in Plain Sight: A Longitudinal Study of Combosquatting Abuse. In CCS '17 Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. https://doi.org/10.1145/3133956.3134002

Domain squatting is a common adversarial practice where attackers register domain names that are purposefully similar to popular domains. In this work, we study a specific type of domain squatting called "combosquatting," in which attackers register... Read More about Hiding in Plain Sight: A Longitudinal Study of Combosquatting Abuse.

The Greater The Power, The More Dangerous The Abuse: Facing Malicious Insiders in The Cloud (2017)
Conference Proceeding
Pitropakis, N., Lyvas, C., & Lambrinoudakis, C. (2017). The Greater The Power, The More Dangerous The Abuse: Facing Malicious Insiders in The Cloud. In C. Becker Westphall, Y. Woo Lee, B. Duncan, A. Olmsted, M. Vassilakopoulos, C. Lambrinoudakis, …R. Ege (Eds.), CLOUD COMPUTING 2017 - The Eighth International Conference on Cloud Computing, GRIDs, and Virtualization

The financial crisis made companies around the world search for cheaper and more efficient solutions to cover their needs in terms of computational power and storage. Their quest came to end with the birth of Cloud Computing infrastructures. However,... Read More about The Greater The Power, The More Dangerous The Abuse: Facing Malicious Insiders in The Cloud.

All Outputs (25)