Postgraduate Research
|
| Researcher: | Dr Maria Papadaki PhD |
|---|
| Email: | mpapadaki@cscan.org |
|---|
| Director of studies: | Dr Steven M. Furnell |
|---|
| Other supervisors: | Dr Benn Lines, Prof. Paul Reynolds |
|---|
| Research title: | Classifying and responding to network intrusions |
|---|
| Thesis abstract: | Intrusion detection systems (IDS) have been widely adopted within the IT community, as passive monitoring tools that report security related problems to system administrators. However, the increasing number and evolving complexity of attacks, along with the growth and complexity of networking infrastructures, has led to overwhelming numbers of IDS alerts, which allow significantly smaller timeframe for a human to respond. The need for automated response is therefore very much evident. However, the adoption of such approaches has been constrained by practical limitations and administrators’ consequent mistrust of systems’ abilities to issue appropriate responses.
The thesis presents a thorough analysis of the problem of intrusions, and identifies false alarms as the main obstacle to the adoption of automated response. A critical examination of existing automated response systems is provided, along with a discussion of why a new solution is needed. The thesis determines that, while the detection capabilities remain imperfect, the problem of false alarms cannot be eliminated. Automated response technology must take this into account, and instead focus upon avoiding the disruption of legitimate users and services in such scenarios. The overall aim of the research has therefore been to enhance the automated response process, by considering the context of an attack, and investigate and evaluate a means of making intelligent response decisions.
The realisation of this objective has included the formulation of a response-oriented taxonomy of intrusions, which is used as a basis to systematically study intrusions and understand the threats detected by an IDS. From this foundation, a novel Flexible Automated and Intelligent Responder (FAIR) architecture has been designed, as the basis from which flexible and escalating levels of response are offered, according to the context of an attack. The thesis describes the design and operation of the architecture, focusing upon the contextual factors influencing the response process, and the way they are measured and assessed to formulate response decisions. The architecture is underpinned by the use of response policies which provide a means to reflect the changing needs and characteristics of organisations.
The main concepts of the new architecture were validated via a proof-of-concept prototype system. A series of test scenarios were used to demonstrate how the context of an attack can influence the response decisions, and how the response policies can be customised and used to enable intelligent decisions. This helped to prove that the concept of flexible automated response is indeed viable, and that the research has provided a suitable contribution to knowledge in this important domain. |
|---|
|
Publications
Journal papersIncident prioritisation using analytic hierarchy process (AHP): Risk Index Model (RIM)
Anuar NB, Papadaki M, Furnell SM, Clarke NL
Security and Communication Networks, , 2012
 More details & download link (if available)...
| Evaluation of anomaly-based IDS for mobile devices using machine learning classifiers
Damopoulos D, Menesidou SA, Kambourakis G, Papadaki M, Clarke NL, Gritzalis S
Security and Communication Networks, vol. 5, issue 1, 2012
More details & download link (if available)...
| Misuse Detection for Mobile Devices Using Behaviour Profiling
Li F, Clarke NL, Papadaki M, Dowland PS
International Journal of Cyber Warfare & Terrorism, Volume 1, Issue 1, pp43-55, ISSN: 1947-3435, 2011
More details & download link (if available)...
| Online Addiction: A Cultural Comparison of Privacy Risks in Online Gaming Environments
Sanders B, Dowland PS, Atkinson S, Zahra D, Furnell SM, Papadaki M
Journal of Multimedia Processing Technologies, vol. 1, no. 3, September, pp181-193, ISSN: 0976-4127, 2010
More details & download link (if available)...
| A preliminary two-stage alarm correlation and filtering system using SOM neural network and K-means algorithm
Tjhai GC, Furnell SM, Papadaki M, Clarke NL
Computers & Security, Volume 29, Issue 6, pp712-723 , 2010
More details & download link (if available)...
| Social engineering: assessing vulnerabilities in practice
Bakhshi T, Papadaki M, Furnell SM
Information Management and Computer Security, vol. 17, no. 1, pp53-63, 2009
More details & download link (if available)...
| Scare tactics – A viable weapon in the security war?
Furnell SM, Papadaki M, Thomson KL
Computer Fraud & Security, Volume 2009, Issue 12, December, pp6-10, 2009
More details & download link (if available)...
| Testing our defences or defending our tests: the obstacles to performing security assessment
Furnell SM, Papadaki M
Computer Fraud & Security, Volume 2008, Issue 5, May, pp8-12, 2008
More details & download link (if available)...
| Considering the potential of criminal profiling to combat hacking
Preuss J, Furnell SM, Papadaki M
Journal in Computer Virology, vol. 3, no. 2 pp135-141, 2007
More details & download link (if available)...
| Informing the decision process in an automated intrusion response system
Papadaki M, Furnell SM
Information Security Technical Report, vol. 10, no. 3, pp150-161, 2005
More details & download link (if available)...
| IDS or IPS: what is best?
Papadaki M, Furnell SM
Network Security, July, pp15-19, 2004
More details & download link (if available)...
| Enhancing Response in Intrusion Detection Systems
Papadaki M, Furnell SM, Lee SJ, Lines BL, Reynolds PL
Journal of Information Warfare, vol. 2, no. 1, pp90-102, 2002
More details & download link (if available)...
| An experimental comparison of secret-based user authentication
technologies
Irakleous I, Furnell SM, Dowland PS, Papadaki M
Information Management and Computer Security, vol. 10, no. 3, pp100-108, 2002
More details & download link (if available)...
|
13 Journal papers Conference papersA Response Strategy Model for Intrusion Response Systems
Anuar NB, Papadaki M, Furnell SM, Clarke NL
27th IFIP International Information Security and Privacy Conference - SEC2012, Heraklion, Crete, Greece, 4-6 June, pp573-578, 2012
More details & download link (if available)...
| Education in the 'Virtual' Community: Can beating Malware Man teach users about Social Networking Security?
Sercombe AA, Papadaki M
Proceedings of the Sixth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2012), Crete, Greece, ISBN: 978-1-84102-317-5, pp33-39, 2012
Can be ordered on-line.
More details & download link (if available)...
| A Risk Index Model for Security Incident Prioritisation
Anuar NB, Furnell SM, Papadaki M, Clarke NL
Proceedings of the 9th Australian Information Security Management Conference (ASIM 2011), Perth, Australia, 5-7 December, 2011
More details & download link (if available)...
| Emerging risks in massively multiplayer online role playing games
Sanders B, Atkinson S, Dowland PS, Furnell SM, Papadaki M
EU Kids Online Conference, Friday 23 September, New Academic Building LSE, 2011
More details & download link (if available)...
| Behaviour Profiling for Transparent Authentication for Mobile Devices
Li F, Clarke NL, Papadaki M, Dowland PS
Proceedings of the 10th European Conference on Information Warfare and Security (ECIW), Tallinn, Estonia 7-8 July, pp307-314, 2011
Awarded best PhD paper.
More details & download link (if available)...
| LUARM – An Audit Engine for Insider Misuse Detection
Magklaras GB, Furnell SM, Papadaki M
Proceedings of the Sixth International Workshop on Digital Forensics & Incident Analysis (WDFIA 2011), London, UK, ISBN: 978-1-84102-285-7, pp133-148, 2011
Can be ordered on-line.
More details & download link (if available)...
| Online Addiction: Privacy Risks in Online Gaming Environments
Sanders B, Chen V, Zahra D, Dowland PS, Atkinson S, Papadaki M, Furnell SM
Proceedings of the International Conference on Management of Emergent Digital EcoSystems (MEDES), October 26-29, Bangkok, Thailand, 2010
More details & download link (if available)...
| Behaviour Profiling on Mobile Devices
Li F, Clarke NL, Papadaki M, Dowland PS
International Conference on Emerging Security Technologies, 6-8 September, Canterbury, UK, pp77-82, 2010
More details & download link (if available)...
| Assessing the Usability of End-User Security Software
Ibrahim T, Furnell SM, Papadaki M, Clarke NL
Lecture Notes in Computer Science, Volume 6264/2010, pp177-189, 2010
More details & download link (if available)...
| An investigation and survey of response options for Intrusion Response Systems (IRSs)
Anuar NB, Papadaki M, Furnell SM, Clarke NL
Proceedings of the 9th Annual Information Security South Africa Conference, Sandton, South Africa, 2 - 4 August, pp1-8, ISBN: 978-1-4244-5493-8, 2010
More details & download link (if available)...
| ITO Success Factor Model - First Steps Towards a Guide for IT Outsourcing (ITO) Success
Kronawitter K, Wentzel C, Papadaki M
Proceedings of the Eighth International Network Conference (INC 2010), Heidelberg, Germany, 8-10 July, ISBN: 978-1-84102-259-8, pp355-359, 2010
Can be ordered on-line.
More details & download link (if available)...
| Improving Awareness of Social Engineering Attacks
Smith A, Papadaki M, Furnell SM
Proceedings of the 9th IFIP World Congress on Computer Education (WCCE 2009), Bento Gonclaves, Brazil, 27-31 July, 2009
More details & download link (if available)...
| Assessing the Usability of Personal Internet Security Tools
Ibrahim T, Furnell SM, Papadaki M, Clarke NL
8th European Conference on Information Warfare and Security (ECIW), Military Academy, Lisbon & the University of Minho, Braga, Portugal, 6-7 July, 2009
More details & download link (if available)...
| Intrusion Detection System for Mobile Devices: Investigation on Calling Activity
Li F, Clarke NL, Papadaki M
Proceedings of the 8th Security Conference, April, Las Vegas, USA, 2009
More details & download link (if available)...
| Evaluating the usability impacts of security interface adjustments in Word
Helala M, Furnell SM, Papadaki M
Proceedings of 6th Australian Information Security Management Conference, Perth, Western Australia, 1-3 December, pp48-55, 2008
More details & download link (if available)...
| The Problem of False Alarms: Evaluation with Snort and DARPA 1999 Dataset
Tjhai GC, Papadaki M, Furnell SM, Clarke NL
Lecture Notes in Computer Science, Volume 5185/2008, ISBN: 978-3-540-85734-1, pp139-150, 2008
More details & download link (if available)...
| Investigating the problem of IDS false alarms: An experimental study using Snort
Tjhai GC, Papadaki M, Furnell SM, Clarke NL
Proceeding of the 23rd International Information Security Conference (SEC 2008), Milan, Italy, 8-10 September, pp253-267, 2008
More details & download link (if available)...
| A Practical Assessment of Social Engineering Vulnerabilities
Bakhshi T, Papadaki M, Furnell SM
Proceedings of the Second International Symposium on Human Aspects of Information Security & Assurance (HAISA 2008), Plymouth, UK, pp12-23, 2008
Can be ordered on-line.
More details & download link (if available)...
| Assessing the challenges of Intrusion Detection Systems
Ibrahim T, Furnell SM, Papadaki M, Clarke NL
Proceedings of the 7th Security Conference, Las Vegas, USA, 2nd-3rd June, 2008
More details & download link (if available)...
| Investigating the Evasion Resilience of Network Intrusion Detection Systems
Ytreberg JA, Papadaki M
Proceedings of the 6th European Conference on Information Warfare and Security, Shrivenham, UK, 2-3 July, pp327-334, 2007
More details & download link (if available)...
| Attack Pattern Analysis: Trends in Malware Variant Development
Papadaki M, Furnell SM, Clarke NL, Abu-Bakar UA, Pinkney G
Proceedings of the 5th Security Conference, Las Vegas, April 19 -20, , 2006
More details & download link (if available)...
| Automating the process of intrusion response
Papadaki M, Furnell SM
Proceedings of the 5th Australian Information Warfare Security Conference, Perth, Australia, 25-26 November, CDROM, pp32-41, 2004
More details & download link (if available)...
| Operational Characteristics of an Automated Intrusion Response System
Papadaki M, Furnell SM, Lines BL, Reynolds PL
Communications and Multmedia Security: Advanced Techniques for Network and Data Protection, pp65-75, 2003
More details & download link (if available)...
| Keystroke Analysis as a Method of Advanced User Authentication and
Response
Dowland PS, Furnell SM, Papadaki M
Proceedings of IFIP/SEC 2002 - 17th International Conference on Information
Security, Cairo, Egypt, 7-9 May, pp215-226, 2002
 View presentation...
More details & download link (if available)...
| A Response-Oriented Taxonomy of IT System Intrusions
Papadaki M, Furnell SM, Lines BL, Reynolds PL
Proceedings of
Euromedia 2002, Modena, Italy, 15-17 April, pp87-95, 2002
More details & download link (if available)...
| Security Vulnerabilities and System Intrusions ? The need for Automatic Response Frameworks
Papadaki M, Magklaras GB, Furnell SM, Alayed A
Proceedings of the IFIP 8th Annual Working Conference on Information Security Management & Small Systems Security, Las Vegas, 27-28 September, 2001
More details & download link (if available)...
| A Generic Taxonomy for Intrusion Specification and Response
Furnell SM, Magklaras GB, Papadaki M, Dowland PS
Proceedings of Euromedia 2001, Valencia, Spain, 18-20 April, 2001
More details & download link (if available)...
|
27 Conference papers PostersEnhancing Intrusion Response in Networked System
Papadaki M, Furnell SM, Dowland PS, Lines BL, Reynolds PL
Poster presentation at Britain's Younger Engineers in 2002, House of Commons, London, 9 December, 2002
More details & download link (if available)...
| Advanced Authentication and Intrusion Detection Technologies
Dowland PS, Furnell SM, Magklaras GB, Papadaki M, Reynolds PL, Rodwell PM, Singh H
Poster presentation at Britain's Younger Engineers in 2000, House of Commons, London, 4 December, 2000
More details & download link (if available)...
|
2 Posters Internal publicationsEvading Intrusion Detection Systems
AlRobria I, Papadaki M
Advances in Communications, Computing, Networks and Security Volume 8, ISBN: 978-1-84102-293-2, pp61-67, 2011
Can be ordered on-line.
More details & download link (if available)...
| Comparing Anti-Spyware Products – A different approach
Saqib M, Papadaki M
Advances in Communications, Computing, Networks and Security 6, ISBN: 978-1-84102-258-1, pp294-301, 2009
Can be ordered on-line.
More details & download link (if available)...
| Response of Software Vendors to Vulnerabilities
Erebor G, Papadaki M
Advances in Communications, Computing, Networks and Security 6, ISBN: 978-1-84102-258-1, pp160-168, 2009
Can be ordered on-line.
More details & download link (if available)...
| Improving Awareness on Social Engineering Attacks
Smith A, Papadaki M
Advances in Communications, Computing, Networks and Security 6, ISBN: 978-1-84102-258-1, pp144-151, 2009
Can be ordered on-line.
More details & download link (if available)...
| Guidelines/Recommendations on Best Practices in Fine Tuning IDS Alarms
Obi CA, Papadaki M
Advances in Communications, Computing, Networks and Security 6, ISBN: 978-1-84102-258-1, pp107-114, 2009
Can be ordered on-line.
More details & download link (if available)...
| Home Users Vulnerabilities in Audio/Video Players
Jain R, Papadaki M
Advances in Communications, Computing, Networks and Security 6, ISBN: 978-1-84102-258-1, pp73-82, 2009
Can be ordered on-line.
More details & download link (if available)...
| Vulnerability Awareness
Edu A, Papadaki M
Advances in Communications, Computing, Networks and Security 6, ISBN: 978-1-84102-258-1, pp32-39, 2009
Can be ordered on-line.
More details & download link (if available)...
| Social Engineering Vulnerabilities
Bakhshi T, Papadaki M
Advances in Communications, Computing, Networks and Security 6, ISBN: 978-1-84102-258-1, pp23-31, 2009
Can be ordered on-line.
More details & download link (if available)...
| Critical Success Factors in IT-Outsourcing: a Literature Analysis
Kronawitter K, Wentzel C, Turetschek G, Papadaki M
Proceedings of the Fifth Collaborative Research Symposium on Security, E-learning, Internet and Networking (SEIN 2009), Darmstadt, Germany, ISBN: 978-1-84102-236-9, pp110-122, 2009
Can be ordered on-line.
More details & download link (if available)...
| Response Mechanisms for Intrusion Response Systems (IRSs)
Anuar NB, Furnell SM, Papadaki M, Clarke NL
Proceedings of the Fifth Collaborative Research Symposium on Security, E-learning, Internet and Networking (SEIN 2009), Darmstadt, Germany, ISBN: 978-1-84102-236-9, pp3-14, 2009
Can be ordered on-line.
More details & download link (if available)...
| The Dark Side of Google
Ly T, Papadaki M
Advances in Communications, Computing, Networks and Security 5, ISBN: 978-1-84102-257-4, pp135-142, 2008
Can be ordered on-line.
More details & download link (if available)...
| Tracking Botnets
Freydefont M, Papadaki M
Advances in Communications, Computing, Networks and Security 5, ISBN: 978-1-84102-257-4, pp116-125, 2008
Can be ordered on-line.
More details & download link (if available)...
| Security Risks Associated With the Use of Web Browsing, Instant Messaging and File Sharing software
Bitsanis D, Papadaki M
Advances in Communications, Computing, Networks and Security 5, ISBN: 978-1-84102-257-4, pp99-107, 2008
Can be ordered on-line.
More details & download link (if available)...
| Network Intrusion Detection Systems Evasion Techniques – an Investigation Using Snort
Ytreberg JA, Papadaki M
Advances in Communications, Computing, Networks and Security 5, ISBN: 978-1-84102-257-4, pp49-58, 2008
Can be ordered on-line.
More details & download link (if available)...
| Intrusion Detection System for Mobile Devices: Preliminary Investigation
Li F, Clarke NL, Papadaki M
Proceedings of the Fourth Collaborative Research Symposium on Security, E-learning, Internet and Networking (SEIN 2008), Wrexham, UK, ISBN: 978-1-84102-196-6, pp21-31, 2008
Can be ordered on-line.
More details & download link (if available)...
| User security awareness of social engineering and phishing
Karakasiliotis A, Furnell SM, Papadaki M
Advances in Network & Communication Engineering 4, ISBN: 978-1-84102-180-5, pp191-198, 2007
Can be ordered on-line.
More details & download link (if available)...
| Uses and dangers of peer-to-peer and instant messaging in a business environment
Quaden T, Furnell SM, Papadaki M, Pinkney G
Advances in Network & Communication Engineering 3, pp203-211, 2006
Can be ordered on-line.
More details & download link (if available)...
| Changing Trends in Vulnerability Discovery
Tope SW, Furnell SM, Papadaki M, Pinkney G
Advances in Network & Communication Engineering 3, pp193-202, 2006
Can be ordered on-line.
More details & download link (if available)...
| Social Engineering: A growing threat, with diverging directions
Chelleth JV, Furnell SM, Papadaki M, Pinkney G, Dowland PS
Advances in Network & Communication Engineering 3, pp179-184, 2006
Can be ordered on-line.
More details & download link (if available)...
| Attack Pattern Analysis: Trends in Malware Variant Development
Abu-Bakar UA, Furnell SM, Papadaki M, Pinkney G
Advances in Network & Communication Engineering 3, pp90-99, 2006
Can be ordered on-line.
More details & download link (if available)...
|
20 Internal publications PresentationsSocial Engineering: How vulnerable are we?
Papadaki M
Invited Presentation for Special Financial Investigation Service, Operational Directorate of Special Cases of Athens, , 2008
Sector of Information Technology, Electronic Trade & Electronic Crime, Ministry of Economy and Finance, Athens, Greece, 31 March 2008.
More details & download link (if available)...
|
1 Presentations Other publications2 Other publications 65 Publication(s) - all categories.
|
