This page has only limited features, please log in for full access.
The financial crime landscape is evolving along with the digitisation of financial services. Laws, regulations and forensic methodologies cannot efficiently cope with the growth pace of novel technologies, which translates into late adoption of measures and legal voids, providing a fruitful landscape for malicious actors. In this regard, the features offered by blockchain technology, such as immutability, verifiability, and authentication, enhance the robustness of financial forensics. This paper provides a taxonomy of the prevalent financial investigation techniques and a thorough state-of-the-art of blockchain-based digital forensic approaches. Moreover, we design and implement a forensic investigation framework based on standardised procedures and document the corresponding methodology for embezzlement scheme investigations. The feasibility and adaptability of our approach can be extended and embrace all types of fraud investigations and regular internal audits. We provide a functional Ethereum-based implementation, and we integrate standardised forensic flows and chain of custody preservation mechanisms. Finally, we discuss the challenges of the symbiotic relationship between blockchain and financial investigations, along with the managerial implication and future research directions.
Lamprini Zarpala; Fran Casino. A blockchain-based forensic model for financial crime investigation: the embezzlement scenario. Digital Finance 2021, 1 -32.
AMA StyleLamprini Zarpala, Fran Casino. A blockchain-based forensic model for financial crime investigation: the embezzlement scenario. Digital Finance. 2021; ():1-32.
Chicago/Turabian StyleLamprini Zarpala; Fran Casino. 2021. "A blockchain-based forensic model for financial crime investigation: the embezzlement scenario." Digital Finance , no. : 1-32.
A crucial technical challenge for cybercriminals is to keep control over the potentially millions of infected devices that build up their botnets, without compromising the robustness of their attacks. A single, fixed C&C server, for example, can be trivially detected either by binary or traffic analysis and immediately sink-holed or taken-down by security researchers or law enforcement. Botnets often use Domain Generation Algorithms (DGAs), primarily to evade take-down attempts. DGAs can enlarge the lifespan of a malware campaign, thus potentially enhancing its profitability. They can also contribute to hindering attack accountability. In this work, we introduce HYDRAS, the most comprehensive and representative dataset of Algorithmically-Generated Domains (AGD) available to date. The dataset contains more than 100 DGA families, including both real-world and adversarially designed ones. We analyse the dataset and discuss the possibility of differentiating between benign requests (to real domains) and malicious ones (to AGDs) in real-time. The simultaneous study of so many families and variants introduces several challenges; nonetheless, it alleviates biases found in previous literature employing small datasets which are frequently overfitted, exploiting characteristic features of particular families that do not generalise well. We thoroughly compare our approach with the current state-of-the-art and highlight some methodological shortcomings in the actual state of practice. The outcomes obtained show that our proposed approach significantly outperforms the current state-of-the-art in terms of both classification performance and efficiency.
Fran Casino; Nikolaos Lykousas; Ivan Homoliak; Constantinos Patsakis; Julio Hernandez-Castro. Intercepting Hail Hydra: Real-time detection of Algorithmically Generated Domains. Journal of Network and Computer Applications 2021, 190, 103135 .
AMA StyleFran Casino, Nikolaos Lykousas, Ivan Homoliak, Constantinos Patsakis, Julio Hernandez-Castro. Intercepting Hail Hydra: Real-time detection of Algorithmically Generated Domains. Journal of Network and Computer Applications. 2021; 190 ():103135.
Chicago/Turabian StyleFran Casino; Nikolaos Lykousas; Ivan Homoliak; Constantinos Patsakis; Julio Hernandez-Castro. 2021. "Intercepting Hail Hydra: Real-time detection of Algorithmically Generated Domains." Journal of Network and Computer Applications 190, no. : 103135.
The collection of personal data is exponentially growing and, as a result, individual privacy is endangered accordingly. With the aim to lessen privacy risks whilst maintaining high degrees of data utility, a variety of techniques have been proposed, being microaggregation a very popular one. Microaggregation is a family of perturbation methods, in which its principle is to aggregate personal data records (i.e., microdata) in groups so as to preserve privacy through k-anonymity. The multivariate microaggregation problem is known to be NP-Hard; however, its univariate version could be optimally solved in polynomial time using the Hansen-Mukherjee (HM) algorithm. In this article, we propose a heuristic solution to the multivariate microaggregation problem inspired by the Traveling Salesman Problem (TSP) and the optimal univariate microaggregation solution. Given a multivariate dataset, first, we apply a TSP-tour construction heuristic to generate a Hamiltonian path through all dataset records. Next, we use the order provided by this Hamiltonian path (i.e., a given permutation of the records) as input to the Hansen-Mukherjee algorithm, virtually transforming it into a multivariate microaggregation solver we call Multivariate Hansen-Mukherjee (MHM). Our intuition is that good solutions to the TSP would yield Hamiltonian paths allowing the Hansen-Mukherjee algorithm to find good solutions to the multivariate microaggregation problem. We have tested our method with well-known benchmark datasets. Moreover, with the aim to show the usefulness of our approach to protecting location privacy, we have tested our solution with real-life trajectories datasets, too. We have compared the results of our algorithm with those of the best performing solutions, and we show that our proposal reduces the information loss resulting from the microaggregation. Overall, results suggest that transforming the multivariate microaggregation problem into its univariate counterpart by ordering microdata records with a proper Hamiltonian path and applying an optimal univariate solution leads to a reduction of the perturbation error whilst keeping the same privacy guarantees.
Armando Maya-López; Fran Casino; Agusti Solanas. Improving Multivariate Microaggregation through Hamiltonian Paths and Optimal Univariate Microaggregation. Symmetry 2021, 13, 916 .
AMA StyleArmando Maya-López, Fran Casino, Agusti Solanas. Improving Multivariate Microaggregation through Hamiltonian Paths and Optimal Univariate Microaggregation. Symmetry. 2021; 13 (6):916.
Chicago/Turabian StyleArmando Maya-López; Fran Casino; Agusti Solanas. 2021. "Improving Multivariate Microaggregation through Hamiltonian Paths and Optimal Univariate Microaggregation." Symmetry 13, no. 6: 916.
Nowadays, malware campaigns have reached a high level of sophistication, thanks to the use of cryptography and covert communication channels over traditional protocols and services. In this regard, a typical approach to evade botnet identification and takedown mechanisms is the use of domain fluxing through the use of Domain Generation Algorithms (DGAs). These algorithms produce an overwhelming amount of domain names that the infected device tries to communicate with to find the Command and Control server, yet only a small fragment of them is actually registered. Due to the high number of domain names, the blacklisting approach is rendered useless. Therefore, the botmaster may pivot the control dynamically and hinder botnet detection mechanisms. To counter this problem, many security mechanisms result in solutions that try to identify domains from a DGA based on the randomness of their name. In this work, we explore hard to detect families of DGAs, as they are constructed to bypass these mechanisms. More precisely, they are based on the use of dictionaries or adversarial approaches so the generated domains seem to be user-generated. Therefore, the corresponding generated domains pass many filters that look for, e.g. high entropy strings or n-grams. To address this challenge, we propose an accurate and efficient probabilistic approach to detect them. We test and validate the proposed solution through extensive experiments with a sound dataset containing all the wordlist-based DGA families that exhibit this behaviour, as well as several adversarial DGAs, and compare it with other state-of-the-art methods, practically showing the efficacy and prevalence of our proposal.
Constantinos Patsakis; Fran Casino. Exploiting statistical and structural features for the detection of Domain Generation Algorithms. Journal of Information Security and Applications 2021, 58, 102725 .
AMA StyleConstantinos Patsakis, Fran Casino. Exploiting statistical and structural features for the detection of Domain Generation Algorithms. Journal of Information Security and Applications. 2021; 58 ():102725.
Chicago/Turabian StyleConstantinos Patsakis; Fran Casino. 2021. "Exploiting statistical and structural features for the detection of Domain Generation Algorithms." Journal of Information Security and Applications 58, no. : 102725.
During the last few years, there has been an upsurge of social media influencers who are part of the adult entertainment industry, referred to as Performers. To monetize their online presence, Performers often engage in practices which violate community guidelines of social media, such as selling subscriptions for accessing their private “premium” social media accounts, where they distribute adult content. In this paper, we collect and analyze data from FanCentro, an online marketplace where Performers can sell adult content and subscriptions to private accounts in platforms like Snapchat and Instagram. Our work aims to shed light on the semi-illicit adult content market layered on the top of popular social media platforms and its offerings, as well as to profile the demographics, activity and content produced by Performers.
Nikolaos Lykousas; Fran Casino; Constantinos Patsakis. Inside the X-Rated World of “Premium” Social Media Accounts. Transactions on Petri Nets and Other Models of Concurrency XV 2020, 181 -191.
AMA StyleNikolaos Lykousas, Fran Casino, Constantinos Patsakis. Inside the X-Rated World of “Premium” Social Media Accounts. Transactions on Petri Nets and Other Models of Concurrency XV. 2020; ():181-191.
Chicago/Turabian StyleNikolaos Lykousas; Fran Casino; Constantinos Patsakis. 2020. "Inside the X-Rated World of “Premium” Social Media Accounts." Transactions on Petri Nets and Other Models of Concurrency XV , no. : 181-191.
Traceability has become a critical element in supply chain management, particularly in safety-sensitive sectors like food, pharmaceuticals, etc. Upstream (manufacturers, producers, etc.) and downstream (distributors, wholesalers, etc.) supply chain members need to store and handle traceability-related information for providing proof of regulatory compliance to both state authorities and more demanding customers. Consumers also place high expectations on food supply chains (FSC) with specific emphasis on facets related to safety. However, the complexity of modern FSC networks and their fragmentation act as barriers for the development of sound traceability mechanisms. In this paper a distributed trustless and secure architecture for FSC traceability is developed and tested. For assessing the feasibility of the proposed approach, a food traceability case study from a dairy company is presented. The applicability of the model is further illustrated by the development of fully functional smart contracts and a local private blockchain. Moreover, the various links between the proposed blockchain-based model and its managerial implications are presented. The overall benefits of the proposed model are discussed along with fruitful areas for future research. The results are of significant value to both practitioners and researchers.
Fran Casino; Venetis Kanakaris; Thomas K. Dasaklis; Socrates Moschuris; Spiros Stachtiaris; Maria Pagoni; Nikolaos P. Rachaniotis. Blockchain-based food supply chain traceability: a case study in the dairy sector. International Journal of Production Research 2020, 1 -13.
AMA StyleFran Casino, Venetis Kanakaris, Thomas K. Dasaklis, Socrates Moschuris, Spiros Stachtiaris, Maria Pagoni, Nikolaos P. Rachaniotis. Blockchain-based food supply chain traceability: a case study in the dairy sector. International Journal of Production Research. 2020; ():1-13.
Chicago/Turabian StyleFran Casino; Venetis Kanakaris; Thomas K. Dasaklis; Socrates Moschuris; Spiros Stachtiaris; Maria Pagoni; Nikolaos P. Rachaniotis. 2020. "Blockchain-based food supply chain traceability: a case study in the dairy sector." International Journal of Production Research , no. : 1-13.
The InterPlanetary File System (IPFS) is employed extensively nowadays by many blockchain projects to store personal data off-chain to comply with the Right to be Forgotten (RtbF) requirement of the General Data Protection Regulation (GDPR), the new regulatory regime for personal data protection in the EU. In such a way, when a request for content erasure is to be carried out under the RtbF, the onus of removing the actual personal information moves to the IPFS protocol. Nevertheless, enforcing data erasure across the entire IPFS network is not actually feasible, mainly due to its decentralized nature. Consequently, the implementation of a delegation mechanism for handling content erasure requests within the IPFS would be the most conducive way towards aligning the IPFS with the GDPR. To that end, in this work, we propose an anonymous protocol for delegated content erasure requests in the IPFS. The proposed protocol could be smoothly integrated into the IPFS to distribute an erasure request among all the IPFS nodes and, ultimately, to fulfil the erasure requirements foreseen in the RtbF. Furthermore, the protocol complies with the primary principle of the IPFS to prevent censoring; therefore, erasure is only allowed to the original content provider or her delegates. A formal definition and the security proofs are provided, along with a set of experiments that prove the efficacy of the proposed protocol. We demonstrate that the overhead introduced by the proposed protocol does not affect the system’s efficiency. Our experimental results exhibit a robust performance as the average times for generating the content-dependent keys and for spreading the erasure requests do not affect the overall performance of the IPFS.
Eugenia Politou; Efthimios Alepis; Constantinos Patsakis; Fran Casino; Mamoun Alazab. Delegated content erasure in IPFS. Future Generation Computer Systems 2020, 112, 956 -964.
AMA StyleEugenia Politou, Efthimios Alepis, Constantinos Patsakis, Fran Casino, Mamoun Alazab. Delegated content erasure in IPFS. Future Generation Computer Systems. 2020; 112 ():956-964.
Chicago/Turabian StyleEugenia Politou; Efthimios Alepis; Constantinos Patsakis; Fran Casino; Mamoun Alazab. 2020. "Delegated content erasure in IPFS." Future Generation Computer Systems 112, no. : 956-964.
The current landscape of the core Internet technologies shows considerable centralisation with the big tech companies controlling the vast majority of traffic and services. This situation has sparked a wide range of decentralisation initiatives with blockchain technology being among the most prominent and successful innovations. At the same time, over the past years there have been considerable attempts to address the security and privacy issues affecting the Domain Name System (DNS). To this end, it is claimed that Blockchain-based DNS may solve many of the limitations of traditional DNS. However, such an alternative comes with its own security concerns and issues, as any introduction and adoption of a new technology typically does - let alone a disruptive one. In this work we present the emerging threat landscape of blockchain-based DNS and we empirically validate the threats with real-world data. Specifically, we explore a part of the blockchain DNS ecosystem in terms of the browser extensions using such technologies, the chain itself (Namecoin and Emercoin), the domains, and users who have been registered in these platforms. Our findings reveal several potential domain extortion attempts and possible phishing schemes. Finally, we suggest countermeasures to address the identified threats, and we identify emerging research themes.
Constantinos Patsakis; Fran Casino; Nikolaos Lykousas; Vasilios Katos. Unravelling Ariadne’s Thread: Exploring the Threats of Decentralised DNS. IEEE Access 2020, 8, 118559 -118571.
AMA StyleConstantinos Patsakis, Fran Casino, Nikolaos Lykousas, Vasilios Katos. Unravelling Ariadne’s Thread: Exploring the Threats of Decentralised DNS. IEEE Access. 2020; 8 ():118559-118571.
Chicago/Turabian StyleConstantinos Patsakis; Fran Casino; Nikolaos Lykousas; Vasilios Katos. 2020. "Unravelling Ariadne’s Thread: Exploring the Threats of Decentralised DNS." IEEE Access 8, no. : 118559-118571.
In this paper, an enhancement of a hybrid simulation technique based on combining collaborative filtering with deterministic 3D ray launching algorithm is proposed. Our approach implements a new methodology of data depuration from low definition simulations to reduce noisy simulation cells. This is achieved by processing the maximum number of permitted reflections, applying memory based collaborative filtering, using a nearest neighbors’ approach. The depuration of the low definition ray launching simulation results consists on discarding the estimated values of the cells reached by a number of rays lower than a set value. Discarded cell values are considered noise due to the high error that they provide comparing them to high definition ray launching simulation results. Thus, applying the collaborative filtering technique both to empty and noisy cells, the overall accuracy of the proposed methodology is improved. Specifically, the size of the data collected from the scenarios was reduced by more than 40% after identifying and extracting noisy/erroneous values. In addition, despite the reduced amount of training samples, the new methodology provides an accuracy gain above 8% when applied to the real-world scenario under test, compared with the original approach. Therefore, the proposed methodology provides more precise results from a low definition dataset, increasing accuracy while exhibiting lower complexity in terms of computation and data storage. The enhanced hybrid method enables the analysis of larger complex scenarios with high transceiver density, providing coverage/capacity estimations in the design of heterogeneous IoT network applications.
Fran Casino; Peio Lopez-Iturri; Erik Aguirre; Leyre Azpilicueta; Francisco Falcone; Agusti Solanas. Enhanced Wireless Channel Estimation Through Parametric Optimization of Hybrid Ray Launching-Collaborative Filtering Technique. IEEE Access 2020, 8, 83070 -83080.
AMA StyleFran Casino, Peio Lopez-Iturri, Erik Aguirre, Leyre Azpilicueta, Francisco Falcone, Agusti Solanas. Enhanced Wireless Channel Estimation Through Parametric Optimization of Hybrid Ray Launching-Collaborative Filtering Technique. IEEE Access. 2020; 8 (99):83070-83080.
Chicago/Turabian StyleFran Casino; Peio Lopez-Iturri; Erik Aguirre; Leyre Azpilicueta; Francisco Falcone; Agusti Solanas. 2020. "Enhanced Wireless Channel Estimation Through Parametric Optimization of Hybrid Ray Launching-Collaborative Filtering Technique." IEEE Access 8, no. 99: 83070-83080.
Recent advances in telecommunications and database systems have allowed the scientific community to efficiently mine vast amounts of information worldwide and to extract new knowledge by discovering hidden patterns and correlations. Nevertheless, all this shared information can be used to invade the privacy of individuals through the use of fusion and mining techniques. Simply removing direct identifiers such as name, SSN, or phone number is not anymore sufficient to prevent against these practices. In numerous cases, other fields, like gender, date of birth and/or zipcode, can be used to re-identify individuals and to expose their sensitive details, e.g. their medical conditions, financial statuses and transactions, or even their private connections. The scope of this work is to provide an in-depth overview of the current state of the art in Privacy-Preserving Data Publishing (PPDP) for relational data. To counter information leakage, a number of data anonymisation methods have been proposed during the past few years, including k-anonymity, ℓ-diversity, t-closeness, to name a few. In this study we analyse these methods providing concrete examples not only to explain how each of them works, but also to facilitate the reader to understand the different usage scenarios in which each of them can be applied. Furthermore, we detail several attacks along with their possible countermeasures, and we discuss open questions and future research directions.
Athanasios Zigomitros; Fran Casino; Agusti Solanas; Constantinos Patsakis. A Survey on Privacy Properties for Data Publishing of Relational Data. IEEE Access 2020, 8, 51071 -51099.
AMA StyleAthanasios Zigomitros, Fran Casino, Agusti Solanas, Constantinos Patsakis. A Survey on Privacy Properties for Data Publishing of Relational Data. IEEE Access. 2020; 8 (99):51071-51099.
Chicago/Turabian StyleAthanasios Zigomitros; Fran Casino; Agusti Solanas; Constantinos Patsakis. 2020. "A Survey on Privacy Properties for Data Publishing of Relational Data." IEEE Access 8, no. 99: 51071-51099.
Fran Casino; Eugenia Politou; Efthimios Alepis; Constantinos Patsakis. Immutability and Decentralized Storage: An Analysis of Emerging Threats. IEEE Access 2020, 8, 4737 -4744.
AMA StyleFran Casino, Eugenia Politou, Efthimios Alepis, Constantinos Patsakis. Immutability and Decentralized Storage: An Analysis of Emerging Threats. IEEE Access. 2020; 8 ():4737-4744.
Chicago/Turabian StyleFran Casino; Eugenia Politou; Efthimios Alepis; Constantinos Patsakis. 2020. "Immutability and Decentralized Storage: An Analysis of Emerging Threats." IEEE Access 8, no. : 4737-4744.
Traceability has become a critical element in supply chain management, particularly in safety-sensitive sectors like food, pharmaceuticals, etc. Upstream (manufacturers, producers, etc.) and downstream (distributors, wholesalers, etc.) supply chain members need to store and handle traceability-related information for providing proof of regulatory compliance to both state authorities and more demanding customers. More specifically, European Union regulations mandate food producers to trace all raw materials/ingredients used throughout their supply chain operations. Consumers also place high expectations on food supply chains (FSC) with specific emphasis on facets related to safety. However, the complexity of modern FSC networks and their fragmentation act as barriers for the development of sound traceability mechanisms. This paper aims to develop a distributed functional model to provide decentralized and automated FSC traceability based on blockchain technology and smart contracts. For assessing the feasibility of the proposed modeling approach, a food traceability use-case scenario is presented. The applicability of the model is further illustrated by the development of a fully functional smart contract and a local private blockchain. The overall benefits of the proposed model are assessed based on a set of predefined Key Performance Indicators (KPIs). The results are of significant value to both practitioners and researchers.
Fran Casino; Venetis Kanakaris; Thomas K. Dasaklis; Socrates Moschuris; Nikolaos P. Rachaniotis. Modeling food supply chain traceability based on blockchain technology. IFAC-PapersOnLine 2019, 52, 2728 -2733.
AMA StyleFran Casino, Venetis Kanakaris, Thomas K. Dasaklis, Socrates Moschuris, Nikolaos P. Rachaniotis. Modeling food supply chain traceability based on blockchain technology. IFAC-PapersOnLine. 2019; 52 (13):2728-2733.
Chicago/Turabian StyleFran Casino; Venetis Kanakaris; Thomas K. Dasaklis; Socrates Moschuris; Nikolaos P. Rachaniotis. 2019. "Modeling food supply chain traceability based on blockchain technology." IFAC-PapersOnLine 52, no. 13: 2728-2733.
The amount of available information is growing steadily and, as a result, Internet users benefit from recommender systems, which help them find information, services and products that best fit their needs. A common technique used in recommender systems is Collaborative Filtering, which is based on users’ collaboration to make recommendations. However, users are getting more concerned about their privacy and can be reluctant to disclose their interests and other personal information. Hence, with the aim to foster users collaboration, the development of privacy-aware collaborative filtering methods has become a hot topic in the field. In this article we recall the concept of Privacy-Preserving Collaborative Filtering (PPCF) and introduce a novel approach based on variable-group-size microaggregation, which provides k-anonymity to the users. Also, we introduce several new metrics based on users’ behaviour that overcome the drawbacks of traditional metrics. Extensive experiments show that our approach can provide more accurate recommendations than well-known methods while, at the same time, preserving users’ privacy.
Fran Casino; Constantinos Patsakis; Agusti Solanas. Privacy-preserving collaborative filtering: A new approach based on variable-group-size microaggregation. Electronic Commerce Research and Applications 2019, 38, 100895 .
AMA StyleFran Casino, Constantinos Patsakis, Agusti Solanas. Privacy-preserving collaborative filtering: A new approach based on variable-group-size microaggregation. Electronic Commerce Research and Applications. 2019; 38 ():100895.
Chicago/Turabian StyleFran Casino; Constantinos Patsakis; Agusti Solanas. 2019. "Privacy-preserving collaborative filtering: A new approach based on variable-group-size microaggregation." Electronic Commerce Research and Applications 38, no. : 100895.
Fran Casino; Constantinos Patsakis. An Efficient Blockchain-Based Privacy-Preserving Collaborative Filtering Architecture. IEEE Transactions on Engineering Management 2019, 67, 1501 -1513.
AMA StyleFran Casino, Constantinos Patsakis. An Efficient Blockchain-Based Privacy-Preserving Collaborative Filtering Architecture. IEEE Transactions on Engineering Management. 2019; 67 (4):1501-1513.
Chicago/Turabian StyleFran Casino; Constantinos Patsakis. 2019. "An Efficient Blockchain-Based Privacy-Preserving Collaborative Filtering Architecture." IEEE Transactions on Engineering Management 67, no. 4: 1501-1513.
There is a continuous increase in the sophistication that modern malware exercise in order to bypass the deployed security mechanisms. A typical approach to evade the identification and potential takedown of a botnet command and control server is domain fluxing through the use of Domain Generation Algorithms (DGAs). These algorithms produce a vast amount of domain names that the infected device tries to communicate with to find the C&C server, yet only a small fragment of them is actually registered. This allows the botmaster to pivot the control and make the work of seizing the botnet control rather difficult. Current state of the art and practice considers that the DNS queries performed by a compromised device are transparent to the network administrator and therefore can be monitored, analysed, and blocked. In this work, we showcase that the latter is a strong assumption as malware could efficiently hide its DNS queries using covert and/or encrypted channels bypassing the detection mechanisms. To this end, we discuss possible mitigation measures based on traffic analysis to address the new challenges that arise f
Constantinos Patsakis; Fran Casino; Vasilios Katos. Encrypted and Covert DNS Queries for Botnets: Challenges and Countermeasures. 2019, 1 .
AMA StyleConstantinos Patsakis, Fran Casino, Vasilios Katos. Encrypted and Covert DNS Queries for Botnets: Challenges and Countermeasures. . 2019; ():1.
Chicago/Turabian StyleConstantinos Patsakis; Fran Casino; Vasilios Katos. 2019. "Encrypted and Covert DNS Queries for Botnets: Challenges and Countermeasures." , no. : 1.
There is a continuous increase in the sophistication that modern malware exercise in order to bypass the deployed security mechanisms. A typical approach to evade the identification and potential take down of a botnet command and control server is domain fluxing through the use of Domain Generation Algorithms (DGAs). These algorithms produce a vast amount of domain names that the infected device tries to communicate with to find the C&C server, yet only a small fragment of them is actually registered. This allows the botmaster to pivot the control and make the work of seizing the botnet control rather difficult. Current state of the art and practice considers that the DNS queries performed by a compromised device are transparent to the network administrator and therefore can be monitored, analysed, and blocked. In this work, we showcase that the latter is a strong assumption as malware could efficiently hide its DNS queries using covert and/or encrypted channels bypassing the detection mechanisms. To this end, we discuss possible mitigation measures based on traffic analysis to address the new challenges that arise from this approach.
Constantinos Patsakis; Fran Casino; Vasilios Katos. Encrypted and covert DNS queries for botnets: Challenges and countermeasures. Computers & Security 2019, 88, 101614 .
AMA StyleConstantinos Patsakis, Fran Casino, Vasilios Katos. Encrypted and covert DNS queries for botnets: Challenges and countermeasures. Computers & Security. 2019; 88 ():101614.
Chicago/Turabian StyleConstantinos Patsakis; Fran Casino; Vasilios Katos. 2019. "Encrypted and covert DNS queries for botnets: Challenges and countermeasures." Computers & Security 88, no. : 101614.
Vendor-managed inventory (VMI) is a commonly used collaborative inventory management policy in which manufacturers/vendors manage the inventory of retailers and take responsibility for making decisions related to the timing and extent of inventory replenishment. Several prerequisites exist for successfully implementing a VMI strategy like information sharing, trust, systems integration and long-term collaboration. However, in nowadays supply chain networks are becoming more complex, highly disjointed and geographically spread. As a consequence, the implementation of a VMI strategy may be a difficult task. In this paper, we propose a new interaction mechanism between retailers and vendors, which aims to improve their supply chain strategy and inventory policies based on a trustless and distributed mechanism. In particular, we use an autonomous trustless framework based on smart contracts and blockchain technology for governing the relationship between multiple vendors and multiple retailers. Finally, a use-case VMI scenario is presented along with several functional smart contracts. Tests performed using a local private blockchain illustrate the applicability of the proposed architecture along with the significant benefits for each participant.
Fran Casino; Thomas Dasaklis; Constantinos Patsakis. Enhanced Vendor-managed Inventory through Blockchain. 2019 4th South-East Europe Design Automation, Computer Engineering, Computer Networks and Social Media Conference (SEEDA-CECNSM) 2019, 1 -8.
AMA StyleFran Casino, Thomas Dasaklis, Constantinos Patsakis. Enhanced Vendor-managed Inventory through Blockchain. 2019 4th South-East Europe Design Automation, Computer Engineering, Computer Networks and Social Media Conference (SEEDA-CECNSM). 2019; ():1-8.
Chicago/Turabian StyleFran Casino; Thomas Dasaklis; Constantinos Patsakis. 2019. "Enhanced Vendor-managed Inventory through Blockchain." 2019 4th South-East Europe Design Automation, Computer Engineering, Computer Networks and Social Media Conference (SEEDA-CECNSM) , no. : 1-8.
Modern malware can take various forms and has reached a very high level of sophistication in terms of its penetration, persistence, communication and hiding capabilities. The use of cryptography, and of covert communication channels over public and widely used protocols and services, is becoming a norm. In this work, we start by introducing Resource Identifier Generation Algorithms. These are an extension of a well-known mechanism called domain generation algorithms, which are frequently employed by cybercriminals for bot management and communication. Our extension allows, beyond DNS, the use of other protocols. More concretely, we showcase the exploitation of the InterPlanetary File System (IPFS). This is a solution for the “permanent web”, which enjoys a steadily growing community interest and adoption. The IPFS is, in addition, one of the most prominent solutions for blockchain storage. We go beyond the straightforward case of using the IPFS for hosting malicious content and explore ways in which a botmaster could employ it, to manage her bots, validating our findings experimentally. Finally, we discuss the advantages of our approach for malware authors, its efficacy and highlight its extensibility for other distributed storage services.
Constantinos Patsakis; Fran Casino. Hydras and IPFS: a decentralised playground for malware. International Journal of Information Security 2019, 18, 787 -799.
AMA StyleConstantinos Patsakis, Fran Casino. Hydras and IPFS: a decentralised playground for malware. International Journal of Information Security. 2019; 18 (6):787-799.
Chicago/Turabian StyleConstantinos Patsakis; Fran Casino. 2019. "Hydras and IPFS: a decentralised playground for malware." International Journal of Information Security 18, no. 6: 787-799.
Thomas K. Dasaklis; Fran Casino; Constantinos Patsakis. Defining granularity levels for supply chain traceability based on IoT and blockchain. Proceedings of the International Conference on Omni-Layer Intelligent Systems 2019, 184 -190.
AMA StyleThomas K. Dasaklis, Fran Casino, Constantinos Patsakis. Defining granularity levels for supply chain traceability based on IoT and blockchain. Proceedings of the International Conference on Omni-Layer Intelligent Systems. 2019; ():184-190.
Chicago/Turabian StyleThomas K. Dasaklis; Fran Casino; Constantinos Patsakis. 2019. "Defining granularity levels for supply chain traceability based on IoT and blockchain." Proceedings of the International Conference on Omni-Layer Intelligent Systems , no. : 184-190.
As the size and source of network traffic increase, so does the challenge of monitoring and analysing network traffic. Therefore, sampling algorithms are often used to alleviate these scalability issues. However, the use of high entropy data streams, through the use of either encryption or compression, further compounds the challenge as current state of the art algorithms cannot accurately and efficiently differentiate between encrypted and compressed packets. In this work, we propose a novel traffic classification method named HEDGE (High Entropy DistinGuishEr) to distinguish between compressed and encrypted traffic. HEDGE is based on the evaluation of the randomness of the data streams and can be applied to individual packets without the need to have access to the entire stream. Findings from the evaluation show that our approach outperforms current state of the art. We also make available our statistically sound dataset, based on known benchmarks, to the wider research community.
Fran Casino; Kim-Kwang Raymond Choo; Constantinos Patsakis. HEDGE: Efficient Traffic Classification of Encrypted and Compressed Packets. IEEE Transactions on Information Forensics and Security 2019, 14, 2916 -2926.
AMA StyleFran Casino, Kim-Kwang Raymond Choo, Constantinos Patsakis. HEDGE: Efficient Traffic Classification of Encrypted and Compressed Packets. IEEE Transactions on Information Forensics and Security. 2019; 14 (11):2916-2926.
Chicago/Turabian StyleFran Casino; Kim-Kwang Raymond Choo; Constantinos Patsakis. 2019. "HEDGE: Efficient Traffic Classification of Encrypted and Compressed Packets." IEEE Transactions on Information Forensics and Security 14, no. 11: 2916-2926.