Visible to the public Biblio

Filters: Author is Mavridis, Ioannis  [Clear All Filters]
2022-06-06
Dimitriadis, Athanasios, Lontzetidis, Efstratios, Mavridis, Ioannis.  2021.  Evaluation and Enhancement of the Actionability of Publicly Available Cyber Threat Information in Digital Forensics. 2021 IEEE International Conference on Cyber Security and Resilience (CSR). :318–323.

Cyber threat information can be utilized to investigate incidents by leveraging threat-related knowledge from prior incidents with digital forensic techniques and tools. However, the actionability of cyber threat information in digital forensics has not yet been evaluated. Such evaluation is important to ascertain that cyber threat information is as actionable as it can be and to reveal areas of improvement. In this study, a dataset of cyber threat information products was created from well-known cyber threat information sources and its actionability in digital forensics was evaluated. The evaluation results showed a high level of cyber threat information actionability that still needs enhancements in supporting some widely present types of attacks. To further enhance the provision of actionable cyber threat information, the development of the new TREVItoSTIX Autopsy module is presented. TREVItoSTIX allows the expression of the findings of an incident investigation in the structured threat information expression format in order to be easily shared and reused in future digital forensics investigations.

2019-04-05
Tsinganos, Nikolaos, Sakellariou, Georgios, Fouliras, Panagiotis, Mavridis, Ioannis.  2018.  Towards an Automated Recognition System for Chat-Based Social Engineering Attacks in Enterprise Environments. Proceedings of the 13th International Conference on Availability, Reliability and Security. :53:1-53:10.

Increase in usage of electronic communication tools (email, IM, Skype, etc.) in enterprise environments has created new attack vectors for social engineers. Billions of people are now using electronic equipment in their everyday workflow which means billions of potential victims of Social Engineering (SE) attacks. Human is considered the weakest link in cybersecurity chain and breaking this defense is nowadays the most accessible route for malicious internal and external users. While several methods of protection have already been proposed and applied, none of these focuses on chat-based SE attacks while at the same time automation in the field is still missing. Social engineering is a complex phenomenon that requires interdisciplinary research combining technology, psychology, and linguistics. Attackers treat human personality traits as vulnerabilities and use the language as their weapon to deceive, persuade and finally manipulate the victims as they wish. Hence, a holistic approach is required to build a reliable SE attack recognition system. In this paper we present the current state-of-the-art on SE attack recognition systems, we dissect a SE attack to recognize the different stages, forms, and attributes and isolate the critical enablers that can influence a SE attack to work. Finally, we present our approach for an automated recognition system for chat-based SE attacks that is based on Personality Recognition, Influence Recognition, Deception Recognition, Speech Act and Chat History.