The concept drift phenomenon describes how the statistical properties of a data distribution chan... more The concept drift phenomenon describes how the statistical properties of a data distribution change over time. In cybersecurity domain, where data arrives continuously and rapidly in a sequential manner, concept drift can be a significant challenge. Identifying concept drift, it enables security analysts to detect emerging attacks, respond promptly, and make informed decisions based on the changing nature of the data being analyzed. The Adaptive Reservoir Neural Gas (AR-NG) clustering algorithm is proposed in this paper to handle concept drift in real-time data streams. It is a novel approach that combines reservoir computing power with the neural gas algorithm, allowing the algorithm to automatically update its clustering structure as new data arrives. Furthermore, in order to effectively handle evolving data streams that significantly change over time in unexpected ways, the proposed method incorporates a density-based clustering mechanism (DBCM) to concept drift detection. Experiments on real-time data streams show that the proposed algorithm is effective at mitigating the impact of concept drift, making it a useful tool for real-time data analysis and decision-making in dynamic environments.
The concept drift phenomenon describes how the statistical properties of a data distribution chan... more The concept drift phenomenon describes how the statistical properties of a data distribution change over time. In cybersecurity domain, where data arrives con-tinuously and rapidly in a sequential manner, concept drift can be a significant challenge. Identifying concept drift, it enables security analysts to detect emerging attacks, respond promptly, and make informed decisions based on the changing nature of the data being analyzed. The Adaptive Reservoir Neural Gas (AR-NG) clustering algorithm is proposed in this paper to handle concept drift in real-time data streams. It is a novel approach that combines reservoir computing power with the neural gas algorithm, allowing the algorithm to automatically update its clustering structure as new data arrives. Furthermore, in order to effectively han-dle evolving data streams that significantly change over time in unexpected ways, the proposed method incorporates a density-based clustering mechanism (DBCM) to concept drift detection. Experiments on real-time data streams show that the proposed algorithm is effective at mitigating the impact of concept drift, making it a useful tool for real-time data analysis and decision-making in dynamic environments.
It is well known that cyber criminal gangs are already using advanced and especially intelligent ... more It is well known that cyber criminal gangs are already using advanced and especially intelligent types of Android malware, in order to overcome the out-of-band security measures. This is done in order to broaden and enhance their attacks which mainly target financial and credit foundations and their transactions. It is a fact that most applications used under the Android system are written in Java. The research described herein, proposes the development of an innovative active security system that goes beyond the limits of the existing ones. The developed system acts as an extension on the ART (Android Run Time) Virtual Machine architecture, used by the Android Lolipop 5.0 version.
Climate change combined with the increase of extreme weather phenomena, has significantly influen... more Climate change combined with the increase of extreme weather phenomena, has significantly influenced marine ecosystems, resulting in water overheating, increase of sea level and rising of the acidity of surface waters. The potential impacts in the biodiversity of sensitive ecosystems (such as Mediterranean sea) are obvious. Many organisms are under extinction, whereas other dangerous invasive species are multiplied and thus they are destroying the ecological equilibrium. This research paper presents the development of a sophisticated, fast and accurate Food Pathogen Detection (FPD) system, which uses the biologically inspired Artificial Intelligence algorithm of Extreme Learning Machines. The aim is the automated identification and control of the extremely dangerous for human health invasive fish species "Lagocephalus Sceleratus". The matching is achieved through extensive comparisons of protein and DNA sequences, known also as DNA barcodes following an ensemble learning approach.
The analysis of air quality and the continuous monitoring of air pollution levels are important s... more The analysis of air quality and the continuous monitoring of air pollution levels are important subjects of the environmental science and research. This problem actually has real impact in the human health and quality of life. The determination of the conditions which favor high concentration of pollutants and most of all the timely forecast of such cases is really crucial, as it facilitates the imposition of specific protection and prevention actions by civil protection. This research paper discusses an innovative threefold intelligent hybrid system of combined machine learning algorithms HISYCOL (henceforth). First, it deals with the correlation of the conditions under which high pollutants concentrations emerge. On the other hand, it proposes and presents an ensemble system using combination of machine learning algorithms capable of forecasting the values of air pollutants. What is really important and gives this modeling effort a hybrid nature is the fact that it uses clustered datasets. Moreover, this approach improves the accuracy of existing forecasting models by using unsupervised machine learning to cluster the data vectors and trace hidden knowledge. Finally, it employs a Mamdani fuzzy inference system for each air pollutant in order to forecast even more effectively its concentrations.
Air pollution is the problem of adding harmful substances or other agents into the atmosphere and... more Air pollution is the problem of adding harmful substances or other agents into the atmosphere and it is caused by industrial, transport or household activities. It is one of the most serious problems of our times and the determination of the conditions under which we have extreme pollutants' values is a crucial challenge for the modern scientific community. The innovative and effective hybrid algorithm designed and employed in this research effort is entitled Easy Hybrid Forecasting (EHF). The main advantage of the EHF is that each forecasting does not require measurements from sensors, other hardware devices or data that require the use of expensive software. This was done intentionally because the motivation for this work was the development of a hybrid application that can be downloaded for free and used easily by everyday common people with no additional financial cost, running in devices like smart phones. From this point of view it does not require data from sensors or specialized software and it can offer people reliable information about extreme cases.
According to the Greek mythology, Ladon was the huge dragon with the 100 heads, which had the abi... more According to the Greek mythology, Ladon was the huge dragon with the 100 heads, which had the ability to stay continuously up, in order to guard the golden "Esperides" apples in the tree of life. Alike the ancient one, digital Ladon is an advanced information systems' security mechanism, which uses Artificial Intelligence to protect, control and offer early warning in cases of detour or misleading of the digital security measures. It is an effective cross-layer system of network supervision, which enriches the lower layers of the system (Transport, Network and Data). It amplifies in an intelligent manner the upper layers (Session, Presentation and Application) with capabilities of automated control. This is done to enhance the energetic security and the mechanisms of reaction of the general system, without special requirements in computational resources. This paper describes the development of Ladon which is an advanced, incredibly fast and low
Domain Generation Algorithm (DGA) has evolved as one of the most dangerous and "undetectable" dig... more Domain Generation Algorithm (DGA) has evolved as one of the most dangerous and "undetectable" digital security deception methods. The complexity of this approach (combined with the intricate function of the fastflux "botnet" networks) is the cause of an extremely risky threat which is hard to trace. In most of the cases it should be faced as zero-day vulnerability. This kind of combined attacks is responsible for malware distribution and for the infection of Information Systems. Moreover it is related to illegal actions, like money mule recruitment sites, phishing websites, illicit online pharmacies, extreme or illegal adult content sites, malicious browser exploit sites and web traps for distributing virus. Traditional digital security mechanisms face such vulnerabilities in a conventional manner, they create often false alarms and they fail to forecast them. This paper proposes an innovative fast and accurate evolving Smart URL Filter (eSURLF) in a Zone-based Policy Firewall (ZFW) which uses evolving Spiking Neural Networks (eSNN) for detecting algorithmically generated malicious domains names.
Several machine learning models were used to predict interior spruce wood density using data from... more Several machine learning models were used to predict interior spruce wood density using data from open-pollinated progeny testing trial. The data set consists of growth (height and diameter which were used to estimate individual tree volume) and wood quality (wood density determined by X-ray densitometry, resistance to drilling, and acoustic velocity) attributes for a total of 1146 trees growing on comparable sites in interior British Columbia. Various machine learning models were developed for estimating wood density. The multilayer feed-forward artificial neural networks and gene expression programming provided the highest predictability as compared to the other methods tested, including those based on classical multiple regression which was considered as the comparisons benchmark. The utilization of machine learning models as a credible method for estimating wood density using available growth data as an indirect method for determining trees wood density is expected to become increasingly helpful to forest managers and tree breeders.
Confidentiality, Integrity, and Availability of Military information is a crucial and critical fa... more Confidentiality, Integrity, and Availability of Military information is a crucial and critical factor for a country's national security. The security of military information systems (MIS) and Networks (MNET) is a subject of continuous research and design, due to the fact that they manage, store, manipulate, and distribute the information. This study presents a bio-inspired hybrid artificial intelligence framework for cyber security (bioHAIFCS). This framework combines timely and bio-inspired Machine Learning methods suitable for the protection of critical network applications, namely military information systems, applications and networks. More specifically, it combines (a) the hybrid evolving spiking anomaly detection model (HESADM), which is used in order to prevent in time and accurately , cyber-attacks, which cannot be avoided by using passive security measures, namely: Firewalls, (b) the evolving computational intelligence system for malware detection (ECISMD) that spots and isolates malwares located in packed executables untraceable by antivirus, and (c) the evolutionary prevention system from SQL injection (ePSSQLI) attacks, which early and smartly forecasts the attacks using SQL Injections methods.
Today's smartphones are capable of doing much more than the previous generation of mobile phones.... more Today's smartphones are capable of doing much more than the previous generation of mobile phones. However this extended range of capabilities is coming together with some new security risks. Also, mobile platforms often contain small, insecure and less well controlled applications from various single developers. Due to the open usage model of the Android market, malicious applications cannot be avoided completely. Especially pirated applications or multimedia content in popular demand, targeting user groups with typically low awareness levels are predestined to spread too many devices before being identified as malware. Generally malware applications utilizing root exploits to escalate their privileges can inject code and place binaries outside applications storage locations. This paper proposes a novel approach, which uses minimum computational power and resources, to indentify Android malware or malicious applications. It is a bio-inspired Hybrid Intelligent Method for Detecting Android Malware (HIM-DAM). This approach performs classification by employing Extreme Learning Machines (ELM) in order to properly label malware applications. At the same time, Evolving Spiking Neural Networks (eSNNs) are used to increase the accuracy and generalization of the entire model.
Recent malware developments have the ability to remain hidden during infection and operation. The... more Recent malware developments have the ability to remain hidden during infection and operation. They prevent analysis and removal, using various techniques, namely: obscure filenames, modification of file attributes, or operation under the pretense of legitimate programs and services. Also, the malware might attempt to subvert modern detection software, by hiding running processes, network connections and strings with malicious URLs or registry keys. The malware can go a step further and obfuscate the entire file with a packer, which is special software that takes the original malware file and compresses it, thus making all the original code and data unreadable. This paper proposes a novel approach, which uses minimum computational power and resources, to indentify Packed Executable (PEX), so as to spot the existence of malware software. It is an Evolving Computational Intelligence System for Malware Detection (ECISMD) which performs classification by Evolving Spiking Neural Networks (eSNN), in order to properly label a packed executable. On the other hand, it uses an Evolving Classification Function (ECF) for the detection of malwares and applies Genetic Algorithms to achieve ECF Optimization.
The evolution of network services is closely connected to the understanding and modeling of their... more The evolution of network services is closely connected to the understanding and modeling of their corresponding traffic. The obtained conclusions are related to a wide range of applications, like the design of the transfer lines' capacity, the scalar taxing of customers, the security violations and the spotting of errors and anomalies. Intrusion Detection Systems (IDS) monitor and analyze the events in traffic, to locate indications for potential intrusion and integrity violation attacks, resulting in the violation of trust and availability of information resources. They act in a complimentary mode with the existing security infrastructure, aiming in the early warning of the administrator, offering him details that will let him reach proper decisions and correction actions. This paper proposes a network-based online system, which uses minimum computational power to analyze only the basic characteristics of network flow, so as to spot the existence and the type of a potential network anomaly. It is a Hybrid Machine Learning Anomaly Detection System (HMLADS), which employs classification performed by Evolving Spiking Neural Networks (eSNN), in order to properly label a Potential Anomaly (PAN) in the net. On the other hand it uses a Multi-Layer Feed Forward (MLFF) ANN to classify the exact type of the intrusion. Keywords (separated by '-') Security-Network intrusion and anomalies-Machine learning-Evolving spiking neural networks-Multi-layer neural network Abstract. The evolution of network services is closely connected to the understanding and modeling of their corresponding traffic. The obtained conclusions are related to a wide range of applications, like the design of the transfer lines' capacity, the scalar taxing of customers, the security violations and the spotting of errors and anomalies. Intrusion Detection Systems (IDS) monitor and analyze the events in traffic, to locate indications for potential intrusion and integrity violation attacks, resulting in the violation of trust and availability of information resources. They act in a complimentary mode with the existing security infrastructure, aiming in the early warning of the administrator, offering him details that will let him reach proper decisions and correction actions. This paper proposes a network-based online system, which uses minimum computational power to analyze only the basic characteristics of network flow, so as to spot the existence and the type of a potential network anomaly. It is a Hybrid Machine Learning Anomaly Detection System (HMLADS), which employs classification performed by Evolving Spiking Neural Networks (eSNN), in order to properly label a Potential Anomaly (PAN) in the net. On the other hand it uses a Multi-Layer Feed Forward (MLFF) ANN to classify the exact type of the intrusion.
It is a fact that more and more users are adopting the online digital payment systems via mobile ... more It is a fact that more and more users are adopting the online digital payment systems via mobile devices for everyday use. This attracts powerful gangs of cybercriminals, which use sophisticated and highly intelligent types of mal-ware to broaden their attacks. Malicious software is designed to run quietly and to remain unsolved for a long time. It manages to take full control of the device and to communicate (via the Tor network) with its Command & Control servers of fast-flux botnets' networks to which it belongs. This is done to achieve the malicious objectives of the botmasters. This paper proposes the development of the computational intelligence anti-malware framework (CIantiMF) which is innovative, ultra-fast and has low requirements. It runs under the android operating system (OS) and its reasoning is based on advanced computational intelligence approaches. The selection of the android OS was based on its popularity and on the number of critical applications available for it. The CIantiMF uses two advanced technology extensions for the ART java virtual machine which is the default in the recent versions of android. The first is the smart anti-malware extension, which can recognize whether the java classes of an android application are benign or malicious using an optimized multi-layer per-ceptron. The optimization is done by the employment of the biogeography-based optimizer algorithm. The second is the Tor online traffic identification extension, which is capable of achieving malware localization, Tor traffic identification and botnets prohibition, with the use of the online sequential extreme learning machine algorithm.
ABSTRACT Several machine learning models were used to predict interior spruce wood density using ... more ABSTRACT Several machine learning models were used to predict interior spruce wood density using data from open-pollinated progeny testing trial. The data set consists of growth (height and diameter which were used to estimate individual tree volume) and wood quality (wood density determined by X-ray densitometry, resistance to drilling, and acoustic velocity) attributes for a total of 1,146 trees growing on comparable sites in interior British Columbia. Various machine learning models were developed for estimating wood density. The Multi Layer Feed Forward (MLFF) artificial neural networks and Gene Expression Programming (GEP) provided the highest predictability as compared to the other methods tested, including those based on classical multiple regression which was considered as the comparisons benchmark. The utilization of machine learning models as a credible method for estimating wood density using available growth data as an indirect method for determining trees wood density is expected to become increasingly helpful to forest managers and tree breeders.
The need to protect the environment, biodiversity and to safeguard public health requires the dev... more The need to protect the environment, biodiversity and to safeguard public health requires the development of timely and reliable methods for the identification of particularly dangerous invasive species, before they become regulators of ecosystems. These species appear morphologically similar, despite their strong biological differences, something that complicates their identification process. Additionally, the localization of the broader space of dispersion and development of invasive species is considered of critical importance, in an effort to take the proper management measures. The aim of this research is to create an advanced computational intelligence system for the automatic recognition, of invasive or other unknown species. The identification is performed based on the analysis of environmental DNA (eDNA) by employing machine learning methods. More specifically, this research effort proposes a hybrid bio-inspired computational intelligence detection approach. It employs Extreme Learning Machines combined with an evolving Izhikevich spiking neuron model, for the automated identification of the extremely dangerous for human health invasive fish species “Lagocephalus Sceleratus”
An Advanced Persistent Threat (APT) is a set of stealthy and continuous computer hacking processe... more An Advanced Persistent Threat (APT) is a set of stealthy and continuous computer hacking processes in which an unauthorized person gains access to a network and stays there undetected for a long period of time. The "advanced" process signifies sophisticated techniques using zero-days malware to exploit vulnerabilities in systems. The "persistent" process suggests that an external command and control system is continuously monitoring and extracting data from a specific target. The "threat" process indicates human involvement in orchestrating the attack. APT attacks target organizations in sectors with high-value information, such as military networks, national defense, manufacturing and the financial industry. Traditional digital security mechanisms face such vulnerabilities in a conventional manner, they create often false alarms and they fail to forecast them. As APT activities are stealthy because they use Tor anonymity network, the command and control network traffic associated with APT can be undetected at the network layer level. Deep log analyses and log correlation from various sources cannot be useful in detecting APT activities and network agents can be useless to collect logs (TCP and UDP) directly from assets into a syslog server. This paper proposes an innovative fast and accurate Real-time Computational Intelligence Protection Framework against Advanced Persistent Threats (CIPFaAPT). It is about an automate forensic analysis system that use Semi-Supervised Online Sequential Extreme Learning Machines. It can process millions of data points in real-time, establishing, or learning a “normal” baseline, comparing data points to past behavior and identifying anomalous differences in values over time, differences in rates over time, and population outliers. Using computational intelligence and machine learning algorithms, user transactions, server processes, internet traffic, IPS alerts and traffic flow can all be analyzed for unusual activities. The CIPFaAPT is a next generation security platform that uses sophisticated analytics to monitor, track and classify risk across critical network infrastructures in order to identify APT
According to the latest projections of the International Energy Agency, smart grid technologies h... more According to the latest projections of the International Energy Agency, smart grid technologies have become essential to handling the radical changes expected in international energy portfolios through 2030. A smart grid is an energy transmission and distribution network enhanced through digital control, monitoring and telecommunications capabilities. It provides a real-time, two-way flow of energy and information to all stakeholders in the electricity chain, from the generation plant to the commercial, industrial and residential end user. New digital equipment and devices can be strategically deployed to complement existing equipment. Using a combination of centralized IT and distributed intelligence within critical system control nodes ranging from thermal and renewable plant controls to grid and distribution utility servers to cities, commercial and industrial infrastructures, and homes a smart grid can bring unprecedented efficiency and stability to the energy system. Information and communication infrastructures will play an important role in connecting and optimizing the available grid layers. Grid operation depends on control systems called Supervisory Control and Data Acquisition (SCADA) that monitor and control the physical infrastructure. At the heart of these SCADA systems are specialized computers known as Programmable Logic Controllers (PLCs). There are destructive cyber-attacks against SCADA systems as Advanced Persistent Threats (APT), were able to take over the PLCs controlling the centrifuges, reprogramming them in order to speed up the centrifuges, leading to the destruction of many and yet displaying a normal operating speed in order to trick the centrifuge operators and finally can not only shut things down but can alter their function and permanently damage industrial equipment. This paper proposes a computational intelligence System for Identification Cyber-Attacks on the Smart Energy Grids (SICASEG). It is a big data network forensics tool which can capture, record and analyze the smart energy grid network events to find the source of an attack to both prevent future attacks and perhaps for prosecution
The concept drift phenomenon describes how the statistical properties of a data distribution chan... more The concept drift phenomenon describes how the statistical properties of a data distribution change over time. In cybersecurity domain, where data arrives continuously and rapidly in a sequential manner, concept drift can be a significant challenge. Identifying concept drift, it enables security analysts to detect emerging attacks, respond promptly, and make informed decisions based on the changing nature of the data being analyzed. The Adaptive Reservoir Neural Gas (AR-NG) clustering algorithm is proposed in this paper to handle concept drift in real-time data streams. It is a novel approach that combines reservoir computing power with the neural gas algorithm, allowing the algorithm to automatically update its clustering structure as new data arrives. Furthermore, in order to effectively handle evolving data streams that significantly change over time in unexpected ways, the proposed method incorporates a density-based clustering mechanism (DBCM) to concept drift detection. Experiments on real-time data streams show that the proposed algorithm is effective at mitigating the impact of concept drift, making it a useful tool for real-time data analysis and decision-making in dynamic environments.
The concept drift phenomenon describes how the statistical properties of a data distribution chan... more The concept drift phenomenon describes how the statistical properties of a data distribution change over time. In cybersecurity domain, where data arrives con-tinuously and rapidly in a sequential manner, concept drift can be a significant challenge. Identifying concept drift, it enables security analysts to detect emerging attacks, respond promptly, and make informed decisions based on the changing nature of the data being analyzed. The Adaptive Reservoir Neural Gas (AR-NG) clustering algorithm is proposed in this paper to handle concept drift in real-time data streams. It is a novel approach that combines reservoir computing power with the neural gas algorithm, allowing the algorithm to automatically update its clustering structure as new data arrives. Furthermore, in order to effectively han-dle evolving data streams that significantly change over time in unexpected ways, the proposed method incorporates a density-based clustering mechanism (DBCM) to concept drift detection. Experiments on real-time data streams show that the proposed algorithm is effective at mitigating the impact of concept drift, making it a useful tool for real-time data analysis and decision-making in dynamic environments.
It is well known that cyber criminal gangs are already using advanced and especially intelligent ... more It is well known that cyber criminal gangs are already using advanced and especially intelligent types of Android malware, in order to overcome the out-of-band security measures. This is done in order to broaden and enhance their attacks which mainly target financial and credit foundations and their transactions. It is a fact that most applications used under the Android system are written in Java. The research described herein, proposes the development of an innovative active security system that goes beyond the limits of the existing ones. The developed system acts as an extension on the ART (Android Run Time) Virtual Machine architecture, used by the Android Lolipop 5.0 version.
Climate change combined with the increase of extreme weather phenomena, has significantly influen... more Climate change combined with the increase of extreme weather phenomena, has significantly influenced marine ecosystems, resulting in water overheating, increase of sea level and rising of the acidity of surface waters. The potential impacts in the biodiversity of sensitive ecosystems (such as Mediterranean sea) are obvious. Many organisms are under extinction, whereas other dangerous invasive species are multiplied and thus they are destroying the ecological equilibrium. This research paper presents the development of a sophisticated, fast and accurate Food Pathogen Detection (FPD) system, which uses the biologically inspired Artificial Intelligence algorithm of Extreme Learning Machines. The aim is the automated identification and control of the extremely dangerous for human health invasive fish species "Lagocephalus Sceleratus". The matching is achieved through extensive comparisons of protein and DNA sequences, known also as DNA barcodes following an ensemble learning approach.
The analysis of air quality and the continuous monitoring of air pollution levels are important s... more The analysis of air quality and the continuous monitoring of air pollution levels are important subjects of the environmental science and research. This problem actually has real impact in the human health and quality of life. The determination of the conditions which favor high concentration of pollutants and most of all the timely forecast of such cases is really crucial, as it facilitates the imposition of specific protection and prevention actions by civil protection. This research paper discusses an innovative threefold intelligent hybrid system of combined machine learning algorithms HISYCOL (henceforth). First, it deals with the correlation of the conditions under which high pollutants concentrations emerge. On the other hand, it proposes and presents an ensemble system using combination of machine learning algorithms capable of forecasting the values of air pollutants. What is really important and gives this modeling effort a hybrid nature is the fact that it uses clustered datasets. Moreover, this approach improves the accuracy of existing forecasting models by using unsupervised machine learning to cluster the data vectors and trace hidden knowledge. Finally, it employs a Mamdani fuzzy inference system for each air pollutant in order to forecast even more effectively its concentrations.
Air pollution is the problem of adding harmful substances or other agents into the atmosphere and... more Air pollution is the problem of adding harmful substances or other agents into the atmosphere and it is caused by industrial, transport or household activities. It is one of the most serious problems of our times and the determination of the conditions under which we have extreme pollutants' values is a crucial challenge for the modern scientific community. The innovative and effective hybrid algorithm designed and employed in this research effort is entitled Easy Hybrid Forecasting (EHF). The main advantage of the EHF is that each forecasting does not require measurements from sensors, other hardware devices or data that require the use of expensive software. This was done intentionally because the motivation for this work was the development of a hybrid application that can be downloaded for free and used easily by everyday common people with no additional financial cost, running in devices like smart phones. From this point of view it does not require data from sensors or specialized software and it can offer people reliable information about extreme cases.
According to the Greek mythology, Ladon was the huge dragon with the 100 heads, which had the abi... more According to the Greek mythology, Ladon was the huge dragon with the 100 heads, which had the ability to stay continuously up, in order to guard the golden "Esperides" apples in the tree of life. Alike the ancient one, digital Ladon is an advanced information systems' security mechanism, which uses Artificial Intelligence to protect, control and offer early warning in cases of detour or misleading of the digital security measures. It is an effective cross-layer system of network supervision, which enriches the lower layers of the system (Transport, Network and Data). It amplifies in an intelligent manner the upper layers (Session, Presentation and Application) with capabilities of automated control. This is done to enhance the energetic security and the mechanisms of reaction of the general system, without special requirements in computational resources. This paper describes the development of Ladon which is an advanced, incredibly fast and low
Domain Generation Algorithm (DGA) has evolved as one of the most dangerous and "undetectable" dig... more Domain Generation Algorithm (DGA) has evolved as one of the most dangerous and "undetectable" digital security deception methods. The complexity of this approach (combined with the intricate function of the fastflux "botnet" networks) is the cause of an extremely risky threat which is hard to trace. In most of the cases it should be faced as zero-day vulnerability. This kind of combined attacks is responsible for malware distribution and for the infection of Information Systems. Moreover it is related to illegal actions, like money mule recruitment sites, phishing websites, illicit online pharmacies, extreme or illegal adult content sites, malicious browser exploit sites and web traps for distributing virus. Traditional digital security mechanisms face such vulnerabilities in a conventional manner, they create often false alarms and they fail to forecast them. This paper proposes an innovative fast and accurate evolving Smart URL Filter (eSURLF) in a Zone-based Policy Firewall (ZFW) which uses evolving Spiking Neural Networks (eSNN) for detecting algorithmically generated malicious domains names.
Several machine learning models were used to predict interior spruce wood density using data from... more Several machine learning models were used to predict interior spruce wood density using data from open-pollinated progeny testing trial. The data set consists of growth (height and diameter which were used to estimate individual tree volume) and wood quality (wood density determined by X-ray densitometry, resistance to drilling, and acoustic velocity) attributes for a total of 1146 trees growing on comparable sites in interior British Columbia. Various machine learning models were developed for estimating wood density. The multilayer feed-forward artificial neural networks and gene expression programming provided the highest predictability as compared to the other methods tested, including those based on classical multiple regression which was considered as the comparisons benchmark. The utilization of machine learning models as a credible method for estimating wood density using available growth data as an indirect method for determining trees wood density is expected to become increasingly helpful to forest managers and tree breeders.
Confidentiality, Integrity, and Availability of Military information is a crucial and critical fa... more Confidentiality, Integrity, and Availability of Military information is a crucial and critical factor for a country's national security. The security of military information systems (MIS) and Networks (MNET) is a subject of continuous research and design, due to the fact that they manage, store, manipulate, and distribute the information. This study presents a bio-inspired hybrid artificial intelligence framework for cyber security (bioHAIFCS). This framework combines timely and bio-inspired Machine Learning methods suitable for the protection of critical network applications, namely military information systems, applications and networks. More specifically, it combines (a) the hybrid evolving spiking anomaly detection model (HESADM), which is used in order to prevent in time and accurately , cyber-attacks, which cannot be avoided by using passive security measures, namely: Firewalls, (b) the evolving computational intelligence system for malware detection (ECISMD) that spots and isolates malwares located in packed executables untraceable by antivirus, and (c) the evolutionary prevention system from SQL injection (ePSSQLI) attacks, which early and smartly forecasts the attacks using SQL Injections methods.
Today's smartphones are capable of doing much more than the previous generation of mobile phones.... more Today's smartphones are capable of doing much more than the previous generation of mobile phones. However this extended range of capabilities is coming together with some new security risks. Also, mobile platforms often contain small, insecure and less well controlled applications from various single developers. Due to the open usage model of the Android market, malicious applications cannot be avoided completely. Especially pirated applications or multimedia content in popular demand, targeting user groups with typically low awareness levels are predestined to spread too many devices before being identified as malware. Generally malware applications utilizing root exploits to escalate their privileges can inject code and place binaries outside applications storage locations. This paper proposes a novel approach, which uses minimum computational power and resources, to indentify Android malware or malicious applications. It is a bio-inspired Hybrid Intelligent Method for Detecting Android Malware (HIM-DAM). This approach performs classification by employing Extreme Learning Machines (ELM) in order to properly label malware applications. At the same time, Evolving Spiking Neural Networks (eSNNs) are used to increase the accuracy and generalization of the entire model.
Recent malware developments have the ability to remain hidden during infection and operation. The... more Recent malware developments have the ability to remain hidden during infection and operation. They prevent analysis and removal, using various techniques, namely: obscure filenames, modification of file attributes, or operation under the pretense of legitimate programs and services. Also, the malware might attempt to subvert modern detection software, by hiding running processes, network connections and strings with malicious URLs or registry keys. The malware can go a step further and obfuscate the entire file with a packer, which is special software that takes the original malware file and compresses it, thus making all the original code and data unreadable. This paper proposes a novel approach, which uses minimum computational power and resources, to indentify Packed Executable (PEX), so as to spot the existence of malware software. It is an Evolving Computational Intelligence System for Malware Detection (ECISMD) which performs classification by Evolving Spiking Neural Networks (eSNN), in order to properly label a packed executable. On the other hand, it uses an Evolving Classification Function (ECF) for the detection of malwares and applies Genetic Algorithms to achieve ECF Optimization.
The evolution of network services is closely connected to the understanding and modeling of their... more The evolution of network services is closely connected to the understanding and modeling of their corresponding traffic. The obtained conclusions are related to a wide range of applications, like the design of the transfer lines' capacity, the scalar taxing of customers, the security violations and the spotting of errors and anomalies. Intrusion Detection Systems (IDS) monitor and analyze the events in traffic, to locate indications for potential intrusion and integrity violation attacks, resulting in the violation of trust and availability of information resources. They act in a complimentary mode with the existing security infrastructure, aiming in the early warning of the administrator, offering him details that will let him reach proper decisions and correction actions. This paper proposes a network-based online system, which uses minimum computational power to analyze only the basic characteristics of network flow, so as to spot the existence and the type of a potential network anomaly. It is a Hybrid Machine Learning Anomaly Detection System (HMLADS), which employs classification performed by Evolving Spiking Neural Networks (eSNN), in order to properly label a Potential Anomaly (PAN) in the net. On the other hand it uses a Multi-Layer Feed Forward (MLFF) ANN to classify the exact type of the intrusion. Keywords (separated by '-') Security-Network intrusion and anomalies-Machine learning-Evolving spiking neural networks-Multi-layer neural network Abstract. The evolution of network services is closely connected to the understanding and modeling of their corresponding traffic. The obtained conclusions are related to a wide range of applications, like the design of the transfer lines' capacity, the scalar taxing of customers, the security violations and the spotting of errors and anomalies. Intrusion Detection Systems (IDS) monitor and analyze the events in traffic, to locate indications for potential intrusion and integrity violation attacks, resulting in the violation of trust and availability of information resources. They act in a complimentary mode with the existing security infrastructure, aiming in the early warning of the administrator, offering him details that will let him reach proper decisions and correction actions. This paper proposes a network-based online system, which uses minimum computational power to analyze only the basic characteristics of network flow, so as to spot the existence and the type of a potential network anomaly. It is a Hybrid Machine Learning Anomaly Detection System (HMLADS), which employs classification performed by Evolving Spiking Neural Networks (eSNN), in order to properly label a Potential Anomaly (PAN) in the net. On the other hand it uses a Multi-Layer Feed Forward (MLFF) ANN to classify the exact type of the intrusion.
It is a fact that more and more users are adopting the online digital payment systems via mobile ... more It is a fact that more and more users are adopting the online digital payment systems via mobile devices for everyday use. This attracts powerful gangs of cybercriminals, which use sophisticated and highly intelligent types of mal-ware to broaden their attacks. Malicious software is designed to run quietly and to remain unsolved for a long time. It manages to take full control of the device and to communicate (via the Tor network) with its Command & Control servers of fast-flux botnets' networks to which it belongs. This is done to achieve the malicious objectives of the botmasters. This paper proposes the development of the computational intelligence anti-malware framework (CIantiMF) which is innovative, ultra-fast and has low requirements. It runs under the android operating system (OS) and its reasoning is based on advanced computational intelligence approaches. The selection of the android OS was based on its popularity and on the number of critical applications available for it. The CIantiMF uses two advanced technology extensions for the ART java virtual machine which is the default in the recent versions of android. The first is the smart anti-malware extension, which can recognize whether the java classes of an android application are benign or malicious using an optimized multi-layer per-ceptron. The optimization is done by the employment of the biogeography-based optimizer algorithm. The second is the Tor online traffic identification extension, which is capable of achieving malware localization, Tor traffic identification and botnets prohibition, with the use of the online sequential extreme learning machine algorithm.
ABSTRACT Several machine learning models were used to predict interior spruce wood density using ... more ABSTRACT Several machine learning models were used to predict interior spruce wood density using data from open-pollinated progeny testing trial. The data set consists of growth (height and diameter which were used to estimate individual tree volume) and wood quality (wood density determined by X-ray densitometry, resistance to drilling, and acoustic velocity) attributes for a total of 1,146 trees growing on comparable sites in interior British Columbia. Various machine learning models were developed for estimating wood density. The Multi Layer Feed Forward (MLFF) artificial neural networks and Gene Expression Programming (GEP) provided the highest predictability as compared to the other methods tested, including those based on classical multiple regression which was considered as the comparisons benchmark. The utilization of machine learning models as a credible method for estimating wood density using available growth data as an indirect method for determining trees wood density is expected to become increasingly helpful to forest managers and tree breeders.
The need to protect the environment, biodiversity and to safeguard public health requires the dev... more The need to protect the environment, biodiversity and to safeguard public health requires the development of timely and reliable methods for the identification of particularly dangerous invasive species, before they become regulators of ecosystems. These species appear morphologically similar, despite their strong biological differences, something that complicates their identification process. Additionally, the localization of the broader space of dispersion and development of invasive species is considered of critical importance, in an effort to take the proper management measures. The aim of this research is to create an advanced computational intelligence system for the automatic recognition, of invasive or other unknown species. The identification is performed based on the analysis of environmental DNA (eDNA) by employing machine learning methods. More specifically, this research effort proposes a hybrid bio-inspired computational intelligence detection approach. It employs Extreme Learning Machines combined with an evolving Izhikevich spiking neuron model, for the automated identification of the extremely dangerous for human health invasive fish species “Lagocephalus Sceleratus”
An Advanced Persistent Threat (APT) is a set of stealthy and continuous computer hacking processe... more An Advanced Persistent Threat (APT) is a set of stealthy and continuous computer hacking processes in which an unauthorized person gains access to a network and stays there undetected for a long period of time. The "advanced" process signifies sophisticated techniques using zero-days malware to exploit vulnerabilities in systems. The "persistent" process suggests that an external command and control system is continuously monitoring and extracting data from a specific target. The "threat" process indicates human involvement in orchestrating the attack. APT attacks target organizations in sectors with high-value information, such as military networks, national defense, manufacturing and the financial industry. Traditional digital security mechanisms face such vulnerabilities in a conventional manner, they create often false alarms and they fail to forecast them. As APT activities are stealthy because they use Tor anonymity network, the command and control network traffic associated with APT can be undetected at the network layer level. Deep log analyses and log correlation from various sources cannot be useful in detecting APT activities and network agents can be useless to collect logs (TCP and UDP) directly from assets into a syslog server. This paper proposes an innovative fast and accurate Real-time Computational Intelligence Protection Framework against Advanced Persistent Threats (CIPFaAPT). It is about an automate forensic analysis system that use Semi-Supervised Online Sequential Extreme Learning Machines. It can process millions of data points in real-time, establishing, or learning a “normal” baseline, comparing data points to past behavior and identifying anomalous differences in values over time, differences in rates over time, and population outliers. Using computational intelligence and machine learning algorithms, user transactions, server processes, internet traffic, IPS alerts and traffic flow can all be analyzed for unusual activities. The CIPFaAPT is a next generation security platform that uses sophisticated analytics to monitor, track and classify risk across critical network infrastructures in order to identify APT
According to the latest projections of the International Energy Agency, smart grid technologies h... more According to the latest projections of the International Energy Agency, smart grid technologies have become essential to handling the radical changes expected in international energy portfolios through 2030. A smart grid is an energy transmission and distribution network enhanced through digital control, monitoring and telecommunications capabilities. It provides a real-time, two-way flow of energy and information to all stakeholders in the electricity chain, from the generation plant to the commercial, industrial and residential end user. New digital equipment and devices can be strategically deployed to complement existing equipment. Using a combination of centralized IT and distributed intelligence within critical system control nodes ranging from thermal and renewable plant controls to grid and distribution utility servers to cities, commercial and industrial infrastructures, and homes a smart grid can bring unprecedented efficiency and stability to the energy system. Information and communication infrastructures will play an important role in connecting and optimizing the available grid layers. Grid operation depends on control systems called Supervisory Control and Data Acquisition (SCADA) that monitor and control the physical infrastructure. At the heart of these SCADA systems are specialized computers known as Programmable Logic Controllers (PLCs). There are destructive cyber-attacks against SCADA systems as Advanced Persistent Threats (APT), were able to take over the PLCs controlling the centrifuges, reprogramming them in order to speed up the centrifuges, leading to the destruction of many and yet displaying a normal operating speed in order to trick the centrifuge operators and finally can not only shut things down but can alter their function and permanently damage industrial equipment. This paper proposes a computational intelligence System for Identification Cyber-Attacks on the Smart Energy Grids (SICASEG). It is a big data network forensics tool which can capture, record and analyze the smart energy grid network events to find the source of an attack to both prevent future attacks and perhaps for prosecution
Book entitled "Cyber-Security and Information Warfare", Series: Cybercrime and Cybersecurity Research, 2018
An Advanced Persistent Threat (APT) is a set of stealthy and continuous com-puter hacking process... more An Advanced Persistent Threat (APT) is a set of stealthy and continuous com-puter hacking processes in which an unauthorized person gains access to a network and stays there undetected for a long period of time. The “advanced” process sig-nifies sophisticated techniques using zero-days malware to exploit vulnerabilities in systems. The “persistent” process suggests that an external command and control sys-tem is continuously monitoring and extracting data from a specific target. The “threat” process indicates human involvement in orchestrating the attack. APT attacks target organizations in sectors with high-value information, such as military networks, na-tional defense, manufacturing and the financial industry. Traditional digital security mechanisms face such vulnerabilities in a conventional manner, they create often false alarms and they fail to forecast them. As APT activities are stealthy because they use Tor anonymity network, the command and control network traffic associated with APT can be undetected at the network layer level. Deep log analyses and log correlation from various sources cannot be useful in detecting APT activities and network agents are not able to collect logs TCP (Transfer Control Protocol) and UDP (User Datagram Protocol) directly from assets into a syslog server. This paper proposes an innovative fast and accurate Real-time Computational Intelligence Protection Framework against Advanced Persistent Threats (CIPFaAPT). It is about an automate forensic analysis system that uses Online Sequential Extreme Learning Machines. It can process mil-lions of data points in real-time, establishing, or learning a “normal” baseline, com-paring data points to past behavior and identifying anomalous differences in values over time, differences in rates over time and population outliers. Using computational intelligence and machine learning algorithms, all user transactions, server processes, internet traffic, alerts caused by the IPS (Intrusion Prevention Systems) and traffic flow can all be analyzed for unusual activities. The CIPFaAPT is a next generation security platform that uses sophisticated analytics to monitor, track and classify risk across critical network infrastructures in order to identify APT.
Protecting critical infrastructure is of utmost importance for national security since any kind o... more Protecting critical infrastructure is of utmost importance for national security since any kind of future miss (e.g. terrorist attack or system failure) can create complex and dynamic interdependencies, with potentially incalculable consequences. The sectors with the most significant Critical Infrastructures are Energy production and distribution, Information Technology, Transportation, National Defense, Government’s Infrastructure, and Industry. Today, in the 21st-century era, automation and remote control are the most important methods by which critical infrastructure improves the productivity and quality of services provided. From this point of view, the efficient management of the IT systems of critical infrastructures requires sophisticated Network Control Devices that operate with precision, reliability, and security. These systems comprise interconnected active devices, embedded in real-time networks that allow remote monitoring and process control, even in cases where devices are distributed in remote locations. The amount of stored data, which optimizes the effectiveness of decisions, implies the need to manage and analyze big data volumes, which come from heterogeneous and often non-interoperable sources. The management of these big volumes is further complicated by the need for high-security policies and privacy under the recent General Data Protection Regulation (GDPR). The data analysis systems receive a continuous, unlimited inflow of observations where, in the typical case, the newer data is the most important, as the concept of aging is based on their timing. These data streams are characterized by high volatility, as their characteristics can change drastically and in an unpredictable way over time, altering their typical, normal behavior. Given the increasing complexity of threats, the changing environment, and the weakness of traditional systems, which in most cases fail to adapt to modern challenges, the need for alternative more active, and more effective security methods keeps increasing. Such approaches are the adoption of intelligent solutions to protect sensitive data and infrastructures. Intelligent systems are capable, of displaying logical, empirical, and non-human decision-making since they are trained appropriately by historical data representative of the problem they are trying to solve. In most cases, it is either not possible or it is inappropriate to centrally store all historical data. Thus, we should perform real-time knowledge mining and we should obtain a subset of a data flow containing a small but recent percentage of observations. This fact raises serious objections to the accuracy and reliability of the employed intelligent system algorithms, which have been tame over time and they become incapable of detecting serious threats. Based on the gap in the ways of handling and securing critical infrastructures, the postdoc proposes a Blockchained Αdaptive Federated Auto MetaLearning Big Data Architecture for CyberSecurity and Privacy. The architecture combines, under an optimal and efficient framework, the most modern and efficient technologies in order to protect the critical infrastructures, while ensuring privacy and secrecy.
In computer security, a threat is a possible danger that might exploit a vulnerability to breach ... more In computer security, a threat is a possible danger that might exploit a vulnerability to breach security and therefore cause possible harm.
Malware forensics has turned out to be progressively more significant as the cybercrime community... more Malware forensics has turned out to be progressively more significant as the cybercrime community cause destruction to retail, technology and financial institutions. Cybercrime can cause danger to governmental and private organizations alike, and malware is a frequently used tool of the cybercriminal that installs things such as Trojans, worms, and botnets to the infected device. The only way for organizations processing sensitive information to defend company and client data is to respond to malware with speed and accuracy.
Network forensics is a sub-branch of digital forensics relating to the monitoring and analysis of... more Network forensics is a sub-branch of digital forensics relating to the monitoring and analysis of computer network traffic for the purposes of information gathering, legal evidence, or intrusion detection. Unlike other areas of digital forensics, network investigations deal with volatile and dynamic information. Network traffic is transmitted and then lost, so network forensics is often a pro-active investigation.
The proposed platform, while following the practices of Integrated Security Information and Event... more The proposed platform, while following the practices of Integrated Security Information and Event Management, goes one step further by offering a personalized security solution that combines multiple control mechanisms and corresponding digital security technologies for modern computing systems and networks. Essentially, through a sophisticated collaborative framework, it is able to identify an organization's digital risks and threats, meeting the ongoing needs of securing the valuable information it manages, by offering security services and crisis remedies.
Uploads
Papers by Kostantinos Demertzis