Publications
The work described in this website has been conducted within the project NeCS. This project has received funding from the European Union’s Horizon 2020 (H2020) research and innovation programme under the Grant Agreement no 675320. This website and the content displayed in it do not represent the opinion of the European Union, and the European Union is not responsible for any use that might be made of its content.
MAL2IMAGE: Hybrid Image Transformation for Malware Classification
Poster
Existing image transformation approaches (e.g. Nataraj et al. [1], Liu 2016 [2]) for malware detection only perform simple transformation methods that have not considered color encoding and pixel rendering techniques on the performance of machine learning classifiers.
Aims of the research: We propose a new approach to encode and arrange bytes from a binary file into images. These developed images contain statistical (e.g., entropy) and syntactic artifacts (e.g., strings) and their pixels are filled up using Hilbert curves.
Towards Explainable Machine Learning in Intrusion Detection Systems
Poster
The lacking of semantics or reasonable explanations for machine learning predictions is one of the main reasons for its adoption barrier in the field of intrusion detection. In fact, without explanations, one machine learning approach fails to gain users’ trust in its predictions, especially after having wasted their effort for examining false-positives. Therefore, we are motivated to study a novel approach of applying machine learning such that it not only efficiently detects intrusions but also provides explanations for those decisions.
Mac-A-Mal: macOS malware analysis framework resistant to anti evasion techniques
With macOS increasing popularity, the number, and variety of macOS malware are rising as well. Yet, very few tools exist for dynamic analysis of macOS malware. In this paper, we propose a macOS malware analysis framework called Mac-A-Mal. We develop a kernel extension to monitor malware behavior and mitigate several anti-evasion techniques used in the wild. Our framework exploits the macOS features of XPC service invocation that typically escape traditional mechanisms for detection of children processes.
Sharing Cyber Threat Intelligence Under the General Data Protection Regulation
Sharing Cyber Threat Intelligence (CTI) is a key strategy for improving cyber defense, but there are risks of breaching regulations and laws regarding privacy. With regulations such as the General Data Protection Regulation (GDPR) that are designed to protect citizens’ data privacy, the managers of CTI datasets need clear guidance on how and when it is legal to share such information. This paper defines the impact that GDPR legal aspects may have on the sharing of CTI. In addition, we define adequate protection levels for sharing CTI to ensure compliance with the GDPR.
A Model Specification for the Design of Trust Negotiations
Trust negotiation is a type of trust management model for establishing trust between entities by a mutual exchange of credentials. This approach was designed for online environments, where the attributes of users, such as skills, habits, behaviour and experience are unknown. Required criteria of trust negotiation must be supported by a trust negotiation model in order to provide a functional, adequately robust and efficient application. Such criteria were identified previously.
TrUStAPIS: A Trust Requirements Elicitation Method for IoT
The Internet of Things (IoT) is an environment of interconnected entities, which are identifiable, usable and controllable via the Internet. Trust is useful for a system such as the IoT as the entities involved would like to know how the other entities they have to interact with are going to perform.
When developing an IoT entity, it will be desirable to guarantee trust during its whole life cycle. Trust domain is strongly dependent on other domains such as security and privacy.
SmartHandle: A Novel Behavioral Biometric-based Authentication Scheme for Smart Lock Systems
Over recent years, smart locks have evolved as cyber-physical devices that can be operated by digital keypads, physiological biometrics sensors, smart-card readers, or mobile devices pairing, to secure door access. However, the underlying authentication schemes, i.e., knowledge-based (e.g., PIN/passwords), possession-based (e.g., smartphones, smart cards), or physiological biometric-based (e.g., fingerprint, face), utilized in smart locks, have shown several drawbacks. Studies have determined that these authentication schemes are vulnerable to various attacks as well as lack usability.
GDPR Privacy Implications for the Internet of Things
Starting on May 25th of 2018 all EU countries begin to apply the General Data Protection Regulation (GDPR). This aims to protect and regulate data privacy and applies to any organization that holds or processes data on EU citi-zens, regardless of where it is headquartered. The penalties for non-compliance can be as high as 4% of global revenue for companies. As a result, compliance with GDPR is a must for companies who deal with users’ data. The hallmark for data collection nowadays is Internet of Things devices.
A Segregated Architecture for a Trust-based Network of Internet of Things
With the ever-increasing number of smart home devices, the issues related to these environments are also growing. With an ever-growing attack surface, there is no standard way to protect homes and their inhabitants from new threats. The inhabitants are rarely aware of the increased security threats that they are exposed to and how to manage them. To tackle this problem, we propose a solution based on segmented architectures similar to the ones used in industrial systems.