Search

Your search keyword '"Emmanouil Vasilomanolakis"' showing total 92 results
Start Over Author "Emmanouil Vasilomanolakis" Publication Year Range Last 50 years
92 results on '"Emmanouil Vasilomanolakis"'

1. Sphinx: a Colluder-Resistant Trust Mechanism for Collaborative Intrusion Detection

Author

Carlos Garcia Cordero, Giulia Traverso, Mehrdad Nojoumian, Sheikh Mahbub Habib, Max Muhlhauser, Johannes Buchmann, and Emmanouil Vasilomanolakis

Subjects
Clustering, collaborative intrusion detection, machine learning, mixture models, sensor reliability, trust management, Electrical engineering. Electronics. Nuclear engineering, TK1-9971
Abstract

The destructive effects of cyber-attacks demand more proactive security approaches. One such promising approach is the idea of collaborative intrusion detection systems (CIDSs). These systems combine the knowledge of multiple sensors (e.g., intrusion detection systems, honeypots, or firewalls) to create a holistic picture of a monitored network. Sensors monitor parts of a network and exchange alert data to learn from each other, improve their detection capabilities and ultimately identify sophisticated attacks. Nevertheless, if one or a group of sensors is unreliable (due to incompetence or malice), the system might miss important information needed to detect attacks. In this paper, we propose Sphinx, an evidence-based trust mechanism capable of detecting unreliable sensors within a CIDS. The Sphinx detects, both, single sensors or coalitions of dishonest sensors that lie about the reliability of others to boost or worsen their trust score. Our evaluation shows that, given an honest majority of sensors, dishonesty is punished in a timely manner. Moreover, if several coalitions exist, even when more than 50% of all sensors are dishonest, dishonesty is punished.

Published
2018
Full Text
View/download PDF

28. COVID-19 Vaccination Certificates in the Darkweb

Author

Morten Falch, Jens Myrup Pedersen, Dimitrios Georgoulias, and Emmanouil Vasilomanolakis

Subjects
FOS: Computer and information sciences, Computer Science - Cryptography and Security, Additional Key Words and PhrasesCOVID-19, Computer Networks and Communications, digital certificates, electronic crime, Computer Science Applications, Computer Science - Computers and Society, Hardware and Architecture, darkweb, Computers and Society (cs.CY), Cryptography and Security (cs.CR), Safety Research, Software, Information Systems
Abstract

COVID-19 vaccines have been rolled out in many countries and with them a number of vaccination certificates. For instance, the EU is utilizing a digital certificate in the form of a QR-code that is digitally signed and can be easily validated throughout all EU countries. In this article, we document the current state of the COVID-19 vaccination certificate market in the darkweb with a focus on the EU Digital Green Certificate (DGC) . We investigate 17 marketplaces and 10 vendor shops that include vaccination certificates in their listings, and discover that a multitude of sellers in both types of platforms are advertising forging capabilities. According to their claims, it is possible to buy fake vaccination certificates issued in many countries worldwide. We demonstrate some examples of such sellers, including how they advertise their services, and we develop a taxonomy of EU COVID-19 certificate forging capabilities, describing the potential methods that the vendors are utilizing to generate certificates. We highlight two particular cases of vendor shops, with one of them showing an elevated degree of professionalism, showcasing forged valid certificates, the validity of which we verify using two different national mobile COVID-19 applications.

Published
2023

42. A decentralized honeypot for IoT Protocols based on Android devices

Author

Irini Lygerou, Shreyas Srinivasa, Emmanouil Vasilomanolakis, George Stergiopoulos, and Dimitris Gritzalis

Subjects
IoT, Android, Computer Networks and Communications, Honeypots, Safety, Risk, Reliability and Quality, Software, Information Systems
Abstract

The exponential growth of internet connected devices in this past year has led to a significant increase in IoT targeted attacks. The lack of proper integration of security in IoT development life cycle along with a plethora of different protocols (e.g., Zigbee, LoRa, MQTT, etc.) have greatly impacted the resilience of such devices against cyber-attacks, a fact also exacerbated by the size and physical hardware structure of these devices. Thus, it is imperative to develop effective and efficient countermeasures that can also be applied post-production to help build resilience in modern IoT systems. Honeypots are prime example of this notion. Being designed to act as vulnerable computer components or systems, they provide useful intelligence regarding potential attackers. Nevertheless, honeypots have seen little use in protection IoT systems and their underlying protocols, especially in cases where honeypots can leverage the decentralized nature of IoT. In this research, we enhance the HosTaGe honeypot to build an IoT protocol honeypot that runs over mobile devices. The purpose of this paper is to introduce a honeypot specifically for IoT communication protocols over public networks that is easy-to-use and utilizes Android devices. The protocol honeypot utilizes the cellular network to establish decentralized, simulated infrastructures of IoT systems over different types of IoT network protocols. We test four IoT network implementations, one for each of the newly implemented MQTT, CoAP and AMQP protocols. Additionally, we upgrade existing Telnet and SSH protocols used in IoT systems to work over the simulated mobile honeypot. We use the virtualized honeypot networks to capture log, and analyze real-world public attacks on these protocols from the internet and provide an interface for interaction with the implemented honeypot.

Published
2022

45. Botnet Business Models, Takedown Attempts, and the Darkweb Market:A Survey

Author

Dimitrios Georgoulias, Jens Myrup Pedersen, Morten Falch, and Emmanouil Vasilomanolakis

Subjects
Additional Key Words and PhrasesCybercrime, botnets, General Computer Science, Cybercrime, SDG 16 - Peace, Justice and Strong Institutions, forum, marketplace, economics, Theoretical Computer Science, takedowns, attacks, darkweb, business models
Abstract

Botnets account for a substantial portion of cybercrime. Botmasters utilize darkweb marketplaces to promote and provide their services, which can vary from renting or buying a botnet (or parts of it) to hiring services (e.g., distributed denial of service attacks). At the same time, botnet takedown attempts have proven to be challenging, demanding a combination of technical and legal methods, and often requiring the collaboration of a plethora of entities with varying jurisdictions. In this article, we map the elements associated with the business aspect of botnets and utilize them to develop adaptations of two widely used business models. Furthermore, we analyze the 28 most notable botnet takedown operations carried out from 2008 to 2021, in regard to the methods employed, and illustrate the correlation between these methods and the segments of our adapted business models. Our analysis suggests that the botnet takedown methods have been mainly focused on the technical side, but not on the botnet economic components. We aim to shed light on new takedown vectors and incentivize takedown actors to expand their efforts to methods oriented more toward the business side of botnets, which could contribute toward eliminating some of the challenges that surround takedown operations.

Published
2023

46. Gotta catch ’em all: a Multistage Framework for honeypot fingerprinting

Author

Shreyas Srinivasa, Jens Myrup Pedersen, and Emmanouil Vasilomanolakis

Subjects
FOS: Computer and information sciences, Software_OPERATINGSYSTEMS, Computer Science - Cryptography and Security, Computer Networks and Communications, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Computer Science Applications, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, fingerprinting, Hardware and Architecture, Honeypot, Cryptography and Security (cs.CR), Safety Research, Software, Information Systems
Abstract

Honeypots are decoy systems that lure attackers by presenting them with a seemingly vulnerable system. They provide an early detection mechanism as well as a method for learning how adversaries work and think. However, over the last years a number of researchers have shown methods for fingerprinting honeypots. This significantly decreases the value of a honeypot; if an attacker is able to recognize the existence of such a system, they can evade it. In this article, we revisit the honeypot identification field, by providing a holistic framework that includes state of the art and novel fingerprinting components. We decrease the probability of false positives by proposing a rigid multi-step approach for labeling a system as a honeypot. We perform extensive scans covering 2.9 billion addresses of the IPv4 space and identify a total of 21,855 honeypot instances. Moreover, we present a number of interesting side-findings such as the identification of around 355,000 non-honeypot systems that represent potentially misconfigured or unpatched vulnerable servers (e.g. SSH servers with default password configurations and vulnerable versions). We ethically disclose our findings to network administrators about the default configuration and the honeypot developers about the gaps in implementation that lead to possible honeypot fingerprinting. Lastly, we discuss countermeasures against honeypot fingerprinting techniques.

Published
2023

48. Detecting DNS hijacking by using NetFlow data

Author

Jens Myrup Pedersen, Emmanouil Vasilomanolakis, and Martin Fejrskov

Subjects
hijacking, DNS, malware, NetFlow, IPFix
Abstract

DNS hijacking represents a security threat to users because it enables bypassing existing DNS security measures. Several malware families exploit this by changing the client DNS configuration to point to a malicious DNS resolver. Following the assumption that users will never actively choose to use a resolver that is not well-known, our paper introduces the idea of detecting client-based DNS hijacking by classifying public resolvers based on whether they are well-known or not. Furthermore, we propose to use NetFlow-based features to classify a resolver as well-known or malicious. By characterizing and manually labelling the 405 resolvers seen in four weeks of NetFlow data from a national ISP, we show that classification of both well-known and malicious servers can be made with an AUROC of 0.85.

Published
2022

49. Deceptive directories and 'vulnerable' logs: a honeypot study of the LDAP and log4j attack landscape

Author

Jens Myrup Pedersen, Emmanouil Vasilomanolakis, and Shreyas Srinivasa

Subjects
LDAP attacks, Deception, LDAP, Honeypots
Abstract

The Lightweight Directory Access Protocol (LDAP) has been widely used to query directory services. It is mainly utilized for reading, writing, and searching directory services like the Active Directory. The vast adoption of LDAP for authentication has entailed several attack attempts like injection attacks and unauthorized access due to third-party key storage. Furthermore, recent vulnerabilities discovered in libraries like the Log4j can lead adversaries to obtain unauthorized information from the directory services through pivoting attacks. Moreover, the LDAP can be configured to operate on UDP, motivating adversaries to exploit it for Distributed Reflection Denial of Service attacks (DRDoS). This paper presents a study of attacks on the LDAP by deploying honeypots that simulate multiple profiles that support the LDAP service and correlating the attack datasets obtained from honeypots deployed by the Honeynet Project community. We observe a total of 39,388 malicious events targeting the honeypots and discover 273 unique attack sources performing pivot attacks in a period of one month.

Published
2022

50. A Bad IDEa: Weaponizing uncontrolled online-IDEs in availability attacks

Author

Jens Myrup Pedersen, Dimitrios Georgoulias, Emmanouil Vasilomanolakis, and Shreyas Srinivasa

Subjects
uncontrolled execution, online IDE
Abstract

Botnets are an ongoing threat to the cyber world and can be utilized to carry out DDoS attacks of high magnitude. From the botmaster's perspective, there is a constant need for deploying more effective botnets and discovering new ways to bolster their bot ranks. Integrated Development Environments (IDEs) have been essential for software developers to write and compile source code. The increasing need for remote work and collaborative workspaces have led to the IDE-as-a-service paradigm that offers online code editing and compilation with multiple language support. In this paper, we show that a multitude of online IDEs do not run control checks on the user code and can be therefore lever-aged by a botnet. We examine the concept of uncontrolled execution environments and present a proof of concept to show how uncontrolled online-IDEs can be weaponized to perform large-scale attacks by a botnet. Overall, we detect a total of 719 online-IDEs with uncontrolled execution environments and limited sandboxing. Lastly, as ethical disclosure, we inform the IDE developers and service providers of the vulnerabilities and propose countermeasures.

Published
2022

Catalog

Books, media, physical & digital resources
See catalog results