Εκπαίδευση - Σπουδές

Ερευνητικά Ενδιαφέροντα

Διδασκαλία

Δημοσιεύσεις σε Διεθνή Περιοδικά (Journals)


Copyright Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted or mass reproduced without the explicit permission of the copyright holder.


V. Kouliaridis, G. Kambourakis, E. Chatzoglou, D. Geneiatakis, H. Wang, Dissecting contact tracing apps in the Android platform, PLOS One, Vol. 16, No. 5, pp. 1-28, 2021, Public Library of Science, (to_appear), https://journals.plos.org/plosone/a..., indexed in SCI-E, IF = 3.240
 

Abstract
Contact tracing has historically been used to retard the spread of infectious diseases, but if it is exercised by hand in large-scale, it is known to be a resource-intensive and quite deficient process. Nowadays, digital contact tracing has promptly emerged as an indispensable asset in the global fight against the coronavirus pandemic. The work at hand offers a meticulous study of all the official Android contact tracing apps deployed hitherto by European countries. Each app is closely scrutinized both statically and dynamically by means of dynamic instrumentation. Depending on the level of examination, static analysis results are grouped in two axes. The first encompasses permissions, API calls, and possible connections to external URLs, while the second concentrates on potential security weaknesses and vulnerabilities, including the use of trackers, in-depth manifest analysis, shared software analysis, and taint analysis. Dynamic analysis on the other hand collects data pertaining to Java classes and network traffic. The results demonstrate that while overall these apps are well-engineered, they are not free of weaknesses, vulnerabilities, and misconfigurations that may ultimately put the user security and privacy at risk.

V. Kouliaridis, G. Kambourakis, A Comprehensive Survey on Machine Learning Techniques for Android Malware Detection, Information, Vol. 12, No. 5, pp. 1-12, 2021, MDPI, (to_appear), https://www.mdpi.com/2078-2489/12/5..., IF =
 

Abstract
Year after year, mobile malware attacks grow in both sophistication and diffusion. As the open source Android platform continues to dominate the market, malware writers consider it as their preferred target. Almost strictly, state-of-the-art mobile malware detection solutions in the literature capitalize on machine learning to detect pieces of malware. Nevertheless, our findings clearly indicate that the majority of existing works utilize different metrics and models and employ diverse datasets and classification features stemming from disparate analysis techniques, i.e., static, dynamic, or hybrid. This complicates the cross-comparison of the various proposed detection schemes and may also raise doubts about the derived results. To address this problem, spanning a period of the last seven years, this work attempts to schematize the so far ML-powered malware detection approaches and techniques by organizing them under four axes, namely, the age of the selected dataset, the analysis type used, the employed ML techniques, and the chosen performance metrics. Moreover, based on these axes, we introduce a converging scheme which can guide future Android malware detection techniques and provide a solid baseline to machine learning practices in this field.

E. Chatzoglou, G. Kambourakis, V. Kouliaridis, A Multi-Tier Security Analysis of Official Car Management Apps for Android, Future Internet, Vol. 13, No. 3, pp. 1-35, 2021, MDPI, (to_appear), https://www.mdpi.com/1999-5903/13/3..., IF =
 

Abstract
Using automotive smartphone applications (apps) provided by car manufacturers may offer numerous advantages to the vehicle owner, including improved safety, fuel efficiency, anytime monitoring of vehicle data, and timely over-the-air delivery of software updates. On the other hand, the continuous tracking of the vehicle data by such apps may also pose a risk to the car owner, if, say, sensitive pieces of information are leaked to third parties or the app is vulnerable to attacks. This work contributes the first to our knowledge full-fledged security assessment of all the official single-vehicle management apps offered by major car manufacturers who operate in Europe. The apps are scrutinised statically with the purpose of not only identifying surfeits, say, in terms of the permissions requested, but also from a vulnerability assessment viewpoint. On top of that, we run each app to identify possible weak security practices in the owner-to-app registration process. The results reveal a multitude of issues, ranging from an over-claim of sensitive permissions and the use of possibly privacy-invasive API calls, to numerous potentially exploitable CWE and CVE-identified weaknesses and vulnerabilities, the, in some cases, excessive employment of third-party trackers, and a number of other flaws related to the use of third-party software libraries, unsanitised input, and weak user password policies, to mention just a few.

V. Kouliaridis, G. Kambourakis, D. Geneiatakis, N. Potha, Two anatomists are better than one: Dual-level Android malware detection, Symmetry, Vol. 12, No. 7, 2020, MDPI, https://www.mdpi.com/2073-8994/12/7..., indexed in SCI-E, IF = 2.645
 

Abstract
The openness of the Android operating system and its immense penetration into the market makes it a hot target for malware writers. This work introduces Androtomist, a novel tool capable of symmetrically applying static and dynamic analysis of applications on the Android platform. Unlike similar hybrid solutions, Androtomist capitalizes on a wealth of features stemming from static analysis along with rigorous dynamic instrumentation to dissect applications and decide if they are benign or not. The focus is on anomaly detection using machine learning, but the system is able to autonomously conduct signature-based detection as well. Furthermore, Androtomist is publicly available as open source software and can be straightforwardly installed as a web application. The application itself is dual mode, i.e., fully automated for the novice user and configurable for the expert one. As a proof-of-concept, we meticulously assess the detection accuracy of Androtomist against three different popular malware datasets and a handful of machine learning classifiers. We particularly concentrate on the classification performance achieved when the results of static analysis are combined with dynamic instrumentation vis-`a-vis static analysis only. Our study also introduces an ensemble approach by averaging the output of all base classification models per malware instance separately, and provides a deeper insight on the most influencing features regarding the classification process. Depending on the employed dataset, for hybrid analysis, we report notably promising to excellent results in terms of the accuracy, F1, and AUC metrics.

N. Potha, V. Kouliaridis, G. Kambourakis, An Extrinsic Random-based Ensemble Approach for Android Malware Detection, Connection Science, 2020, Taylor and Francis, https://www.tandfonline.com/toc/cco..., indexed in SCI-E, IF = 1.042
 

Abstract
Malware detection is a fundamental task and associated with significant applications in humanities, cybersecurity, and social media analytics. In some of the relevant studies, there is substantial evidence that heterogeneous ensembles can provide very reliable solutions, better than any individual verification model. However, so far, there is no systematic study of examining the application of ensemble methods in this task. This paper introduces a sophisticated Extrinsic Random-based Ensemble(ERBE) method where in a predetermined set of repetitions, a subset of external instances (either malware or benign) as well as classification features are randomly selected, and an aggregation function is adopted to combine the output of all base models for each test case separately. By utilising static analysis only, we demonstrate that the proposed method is capable of taking advantage of the availability of multiple external instances of different size and genre. The experimental results in AndroZoo benchmark corpora verify the suitability of a random-based heterogeneous ensemble for this task and exhibit the effectiveness of our method, in some cases improving the hitherto best reported results by more than 5%.

V. Kouliaridis, K. Barbatsalou, G. Kambourakis, S. Chen, A Survey on Mobile Malware Detection Techniques, IEICE Transactions on Information & Systems, 2020, IEICE, https://search.ieice.org/, indexed in SCI-E, IF = 0.770
 

Abstract
Modern mobile devices are equipped with a variety of tools and services, and handle increasing amounts of sensitive information. In the same trend, the number of vulnerabilities exploiting mobile devices are also augmented on a daily basis and, undoubtedly, popular mobile platforms, such as Android and iOS, represent an alluring target for malware writers. While researchers strive to find alternative detection approaches to fight against mobile malware, recent reports exhibit an alarming increase in mobile malware exploiting victims to create revenues, climbing towards a billion-dollar industry. Current approaches to mobile malware analysis and detection cannot always keep up with future malware sophistication [2][4]. The aim of this work is to provide a structured and comprehensive overview of the latest research on mobile malware detection techniques and pinpoint their benefits and limitations.

Επιστημονικά Συνέδρια (Conferences)


Copyright Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted or mass reproduced without the explicit permission of the copyright holder.


V. Kouliaridis, G. Kambourakis, T. Peng, Feature importance in Android malware detection, The 11th International Workshop on Collaborative Computing with Cloud and Client (C4W 2020) in conjunction with The 19th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom 2020), (ed), (eds), (to_appear), Dec, 2020, Guangzhou, China, IEEE Press, https://ieeexplore.ieee.org/documen...
 

Abstract
The topic of mobile malware detection on the Android platform has attracted significant attention over the last several years. However, while much research has been conducted toward mobile malware detection techniques, little attention has been devoted to feature selection and feature importance. That is, which app feature matters more when it comes to machine learning classification. After succinctly surveying all major, dated from 2012 to 2020, datasets used by state-of-the-art malware detection works in the literature, we analyse a critical mass of apps from the most contemporary and prevailing datasets, namely Drebin, VirusShare, and AndroZoo. Next, we rank the importance of app classification features pertaining to permissions and intents using the Information Gain algorithm for all the three above-mentioned datasets.

V. Kouliaridis, N. Potha, G. Kambourakis, Improving Android malware detection through dimensionality reduction techniques, The 3rd International Conference on Machine Learning for Networking (MLN 2020), (ed), (eds), (to_appear), Nov, 2020, Paris, France, Springer LNCS, https://link.springer.com/chapter/1...
 

Abstract
Mobile malware poses undoubtedly a major threat to the continuously increasing number of mobile users worldwide. While researchers have been trying vigorously to find optimal detection solutions, mobile malware is becoming more sophisticated and its writers are getting more and more skilled in hiding malicious code. In this paper, we examine the usefulness of two known dimensionality reduction transformations namely, Principal Component Analysis (PCA) and t-distributed stochastic neighbor embedding (t-SNE) in malware detection. Starting from a large set of base prominent classifiers, we study how they can be combined to build an accurate ensemble. We propose a simple ensemble aggregated base model of similar feature type as well as a complex ensemble that can use multiple and possibly heterogeneous base models. The experimental results in contemporary Androzoo benchmark corpora verify the suitability of ensembles for this task and clearly demonstrate the effectiveness of our method.

V. Kouliaridis, K. Barbatsalou, G. Kambourakis, G. Wang, Mal-warehouse: A data collection-as-a-service of mobile malware behavioral patterns, The 15th IEEE International Conference on Ubiquitous Intelligence and Computing (UIC 2018), (ed), (eds), (to_appear), Oct, 2018, Guangzhou, China, IEEE Press, https://ieeexplore.ieee.org/documen...
 

Abstract
Smartphones are pervasively used in many everyday life extents, and have been both targets and victims of malware. While there are many anti-malware applications available in mobile markets, so far there are no public services that collect mobile usage data, so as to observe malware effects on mobile devices. The main contribution of this paper is the Mal-warehouse, an open-source tool performing data collection-as-a-service for Android malware behavioral patterns. During its initial development and experimentation phase, the tool extracts mobile device statistics, including CPU, memory and battery usage, process reports, and network statistics for 14 Android malware applications from a target device. It then stores them in a classified manner on a cloud database. Despite the fact that the work at hand is still in an early stage, the detection model is enhanced with a preliminary detection module. Machine learning techniques are used as a proof-of-concept so as to evaluate the detection capabilities of the detection model, when compared to a clean snapshot of the target device. Mal-warehouse is publicly available, meaning that anyone can download and use it locally and then upload their findings to the cloud service for further evaluation and processing by others.

[4]
V. Kouliaridis, V. Vlachos, I. Savvas, I. Androulidakis, SIRTOS: A simple real-time operating system, Information and Digital Technologies (IDT), 2016 International Conference on, Jul, 2016, Rzeszow, Poland, IEEE, https://ieeexplore.ieee.org/documen...

Βιβλία


Copyright Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted or mass reproduced without the explicit permission of the copyright holder.


Κεφάλαια σε Βιβλία


Copyright Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted or mass reproduced without the explicit permission of the copyright holder.


Επιμέλεια Πρακτικών Διεθνών Συνεδρίων


Copyright Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted or mass reproduced without the explicit permission of the copyright holder.