Your search keyword '"Emmanouil Vasilomanolakis"' showing total 8 results

1. A Study on the Use of 3rd Party DNS Resolvers for Malware Filtering or Censorship Circumvention

Author

Jens Myrup Pedersen, Emmanouil Vasilomanolakis, and Martin Fejrskov

Published

2022

2. Computer Security – ESORICS 2021

Author

Jens Myrup Pedersen, Emmanouil Vasilomanolakis, and Shreyas Srinivasa

Published

2021

3. Using NetFlow to Measure the Impact of Deploying DNS-based Blacklists

Author

Martin Fejrskov, Emmanouil Vasilomanolakis, and Jens Myrup Pedersen

Subjects

Measure (data warehouse), Web server, Software_OPERATINGSYSTEMS, Computer science, InformationSystems_INFORMATIONSYSTEMSAPPLICATIONS, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, computer.software_genre, Computer security, Blacklist, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, ComputingMethodologies_PATTERNRECOGNITION, Software deployment, Web traffic, Web page, NetFlow, Malware, computer

Abstract

To prevent user exposure to a wide range of cyber security threats, organizations and companies often resort to deploying blacklists in DNS resolvers or DNS firewalls. The impact of such a deployment is often measured by comparing the coverage of individual blacklists, by counting the number of blocked DNS requests, or by counting the number of flows redirected to a benign web page that contains a warning to the user. This paper suggests an alternative to this by using NetFlow data to measure the effect of a DNS-based blacklist deployment. Our findings suggest that only 38–40% of blacklisted flows are web traffic. Furthermore, the paper analyzes the flows blacklisted by IP address, and it is shown that the majority of these are potentially benign, such as flows towards a web server hosting both benign and malicious sites. Finally, the flows blacklisted by domain name are categorized as either spam or malware, and it is shown that less than 6% are considered malicious.

Published

2021

4. Towards Blockchain-Based Collaborative Intrusion Detection Systems

Author

Nikolaos Alexopoulos, Natalia Reka Ivanko, Emmanouil Vasilomanolakis, and Max Mühlhäuser

Subjects

Computer science, Intersection (set theory), 02 engineering and technology, Intrusion detection system, Data science, Field (computer science), Task (project management), Work (electrical), 020204 information systems, Accountability, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Architecture, Implementation

Abstract

In an attempt to cope with the increased number of cyber-attacks, research in Intrusion Detection System IDSs is moving towards more collaborative mechanisms. Collaborative IDSs (CIDSs) are such an approach; they combine the knowledge of a plethora of monitors to generate a holistic picture of the monitored network. Despite the research done in this field, CIDSs still face a number of fundamental challenges, especially regarding maintaining trust among the collaborating parties. Recent advances in distributed ledger technologies, e.g. various implementations of blockchain protocols, are a good fit to the problem of enhancing trust in collaborative environments. This paper touches the intersection of CIDSs and blockchains. Particularly, it introduces the idea of utilizing blockchain technologies as a mechanism for improving CIDSs. We argue that certain properties of blockchains can be of significant benefit for CIDSs; namely for the improvement of trust between monitors, and for providing accountability and consensus. For this, we study the related work and highlight the research gaps and challenges towards such a task. Finally, we propose a generic architecture for the incorporation of blockchains into the field of CIDSs and an analysis of the design decisions that need to be made to implement such an architecture.

Published

2018

5. Community-Based Collaborative Intrusion Detection

Author

Carlos Garcia Cordero, Emmanouil Vasilomanolakis, Max Mühlhäuser, and Mathias Fischer

Subjects

Computer science, business.industry, Botnet, Intrusion detection system, Computer security, computer.software_genre, Partition (database), Information technology management, Overhead (computing), Anomaly detection, Isolation (database systems), Set (psychology), business, computer

Abstract

The IT infrastructure of today needs to be ready to defend against massive cyber-attacks which often originate from distributed attackers such as Botnets. Most Intrusion Detection Systems (IDSs), nonetheless, are still working in isolation and cannot effectively detect distributed attacks. Collaborative IDSs (CIDSs) have been proposed as a collaborative defense against the ever more sophisticated distributed attacks. However, collaboration by exchanging suspicious alarms among all interconnected sensors in CIDSs does not scale with the size of the IT infrastructure; hence, detection performance and communication overhead, required for collaboration, must be traded off. We propose to partition the set of considered sensors into subsets, or communities, as a lever for this trade off. The novelty of our approach is the application of ensemble based learning, a machine learning paradigm suitable for distributed intrusion detection. In our approach, community members exchange data features used to train models of normality, not bare alarms, thereby further reducing the communication overhead of our approach. Our experiments show that we can achieve detection rates close to those based on global information exchange with smaller subsets of collaborating sensors.

Published

2015

6. Security Perspectives for Collaborative Data Acquisition in the Internet of Things

Author

Carlos Garcia Cordero, Alexander Wiesmaier, Emmanouil Vasilomanolakis, Panayotis Kikiras, and Vangelis Gazis

Subjects

World Wide Web, Data acquisition, Computer science, business.industry, Data analysis, Context (language use), Layer (object-oriented design), Internet of Things, business, Data modeling

Abstract

The Internet of Things (IoT) is an increasingly important topic, bringing together many different fields of computer science. Nevertheless, beside the advantages (IoT) has to offer, many challenges exist, not at least in terms of security and privacy. In addition, the large number of heterogeneous devices in (IoT) produces a vast amount of data, and therefore efficient mechanisms are required that are capable of handling the data, analyze them and produce meaningful results. In this paper, we discuss the challenges that have to be addressed, when data analytics are applied in the context of the (IoT). For this, we propose a data acquisition architecture, named CoDA, that focuses on bringing together heterogeneous things to create distributed global data models. For each layer of the proposed architecture we discuss the upcoming challenges from the security perspective.

Published

2015

7. Next Generation P2P Botnets: Monitoring Under Adverse Conditions

Author

Emmanouil Vasilomanolakis, Max Mühlhäuser, Leon Böck, and Shankar Karuppayah

Subjects

Intelligence gathering, Adverse conditions, Computer science, Botnet, 020206 networking & telecommunications, Denial-of-service attack, Context (language use), 02 engineering and technology, Computer security, computer.software_genre, Resistance monitoring, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Ransomware, Resilience (network), computer

Abstract

The effects of botnet attacks, over the years, have been devastating. From high volume Distributed Denial of Service (DDoS) attacks to ransomware attacks, it is evident that defensive measures need to be taken. Indeed, there has been a number of successful takedowns of botnets that exhibit a centralized architecture. However, this is not the case with distributed botnets that are more resilient and armed with countermeasures against monitoring. In this paper, we argue that monitoring countermeasures, applied by botmasters, will only become more sophisticated; to such an extent that monitoring, under these adverse conditions, may become infeasible. That said, we present the most detailed analysis, to date, of parameters that influence a P2P botnet’s resilience and monitoring resistance. Integral to our analysis, we introduce BotChurn (BC) a realistic and botnet-focused churn generator that can assist in the analysis of botnets. Our experimental results suggest that certain parameter combinations greatly limit intelligence gathering operations. Furthermore, our analysis highlights the need for extensive collaboration between defenders. For instance, we show that even the combined knowledge of 500 monitoring instances is insufficient to fully enumerate some of the examined botnets. In this context, we also raise the question of whether botnet monitoring will still be feasible in the near future.

8. Towards Trust-Aware Collaborative Intrusion Detection: Challenges and Solutions

Author

Emmanouil Vasilomanolakis, Max Mühlhäuser, Rabee Sohail Malik, Sheikh Mahbub Habib, and Pavlos Milaszewicz

Subjects

Computer science, 020206 networking & telecommunications, 02 engineering and technology, Intrusion detection system, Data science, Field (computer science), Identification (information), Work (electrical), 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Trust management (information system), State (computer science), Computational trust, Set (psychology)

Abstract

Collaborative Intrusion Detection Systems (CIDSs) are an emerging field in cyber-security. In such an approach, multiple sensors collaborate by exchanging alert data with the goal of generating a complete picture of the monitored network. This can provide significant improvements in intrusion detection and especially in the identification of sophisticated attacks. However, the challenge of deciding to which extend a sensor can trust others, has not yet been holistically addressed in related work. In this paper, we firstly propose a set of requirements for reliable trust management in CIDSs. Afterwards, we carefully investigate the most dominant CIDS trust schemes. The main contribution of the paper is mapping the results of the analysis to the aforementioned requirements, along with a comparison of the state of the art. Furthermore, this paper identifies and discusses the research gaps and challenges with regard to trust and CIDSs.