Papers by Christos Tachtatzis
With the world moving towards being increasingly dependent on computers and automation, one of th... more With the world moving towards being increasingly dependent on computers and automation, one of the main challenges in the current decade has been to build secure applications, systems and networks. Alongside these challenges, the number of threats is rising exponentially due to the attack surface increasing through numerous interfaces offered for each service. To alleviate the impact of these threats, researchers have proposed numerous solutions; however, current tools often fail to adapt to ever-changing architectures, associated threats and 0-days. This manuscript aims to provide researchers with a taxonomy and survey of current dataset composition and current Intrusion Detection Systems (IDS) capabilities and assets. These taxonomies and surveys aim to improve both the efficiency of IDS and the creation of datasets to build the next generation IDS as well as to reflect networks threats more accurately in future datasets. To this end, this manuscript also provides a taxonomy and survey or network threats and associated tools. The manuscript highlights that current IDS only cover 25% of our threat taxonomy, while current datasets demonstrate clear lack of real-network threats and attack representation, but rather include a large number of deprecated threats, hence limiting the accuracy of current machine learning IDS. Moreover, the taxonomies are open-sourced to allow public contributions through a Github repository.
International Journal of Distributed Sensor Networks, 2015
— The Internet of things (IoT) is still in its infancy and has attracted much interest in many in... more — The Internet of things (IoT) is still in its infancy and has attracted much interest in many industrial sectors including medical fields, logistics tracking, smart cities and automobiles. However as a paradigm, it is susceptible to a range of significant intrusion threats. This paper presents a threat analysis of the IoT and uses an Artificial Neural Network (ANN) to combat these threats. A multi-level perceptron, a type of supervised ANN, is trained using internet packet traces, then is assessed on its ability to thwart Distributed Denial of Service (DDoS/DoS) attacks. This paper focuses on the classification of normal and threat patterns on an IoT Network. The ANN procedure is validated against a simulated IoT network. The experimental results demonstrate 99.4% accuracy and can successfully detect various DDoS/DoS attacks.
The Internet of Things (IoT) and the number of sensors integrated within safety critical environm... more The Internet of Things (IoT) and the number of sensors integrated within safety critical environments is increasing exponentially. System designers employ off-the-shelf hardware to reduce development time and cost, however, the early adoption of consumer hardware and software raises numerous security questions. Several successful attacks and threats to critical infrastructures have been reported. This paper reviews safety-critical applications in aviation, connected cars and power plants. An engineering development roadmap is proposed with cyber-security in mind from " cradle-to-grave " rather than an afterthought. The development roadmap introduces a cyber-security review at each design step to strengthen the robustness of IoT hardware and software. However, considering these systems have an extremely long lifetime (>20 years), secure maintenance and integrity of ageing infrastructure is usually a secondary consideration. The paper proposes the use of a cyclic cyber-physical security model after system commissioning that allows knowledge transfer between regulatory bodies through sharing of best practices. The sharing will enable system operators to identify exploits encountered from other industries and maintain high security levels and improve the IoT architectures.
Recent advances in the massively parallel computational abilities of graphical processing units (... more Recent advances in the massively parallel computational abilities of graphical processing units (GPUs) have increased their use for general purpose computation, as companies look to take advantage of big data processing techniques. This has given rise to the potential for malicious software targeting GPUs, which is of interest to forensic investigators examining the operation of software. The ability to carry out reverse-engineering of software is of great importance within the security and forensics fields, particularly when investigating malicious software or carrying out forensic analysis following a successful security breach. Due to the complexity of the Nvidia CUDA (Compute Unified Device Architecture) framework, it is not clear how best to approach the reverse engineering of a piece of CUDA software. We carry out a review of the different binary output formats which may be encountered from the CUDA compiler, and their implications on reverse engineering. We then demonstrate the process of carrying out disassembly of an example CUDA application, to establish the various techniques available to forensic investigators carrying out black-box disas-sembly and reverse engineering of CUDA binaries. We show that the Nvidia compiler, using default settings, leaks useful information. Finally, we demonstrate techniques to better protect intellectual property in CUDA algorithm implementations from reverse engineering.
2009 Sixth International Conference on Networked Sensing Systems (INSS), 2009
2009 Sixth International Conference on Networked Sensing Systems (INSS), 2009
Smart Materials and Structures, 2015
Hydraulic structures constitute the most vulnerable elements of transportation infrastructure. Re... more Hydraulic structures constitute the most vulnerable elements of transportation infrastructure. Recent increases in precipitation have resulted in severe and more frequent flash flooding incidents. This has put bridges over waterways at higher risk of failure due to scour. This study presents a new sensor for measuring scour depth variation and sediment deposition processes in the vicinity of the foundations to underpin systems for early warning of impending structural failure. The monitoring system consists of a probe with integrated electromagnetic sensors designed to detect changes in the dielectric permittivity of the surrounding bridge foundation. The probe is equipped with a wireless interface and was evaluated to assess its ability to detect scour and sediment deposition in various soil types and under temperature and water salinity conditions that would commonly occur in a practical installation environment. A novel methodology is also developed enabling discrimination between in situ and re-deposited sediment delivering vital information about the load bearing capacity of the foundation. The experimental approach was validated using 'static' scour simulations and real-time open channel flume experiments. Results indicate that the sensor is highly sensitive to underwater bed level variations and can provide an economical and accurate structural health monitoring alternative to existing instruments.
Large industrial systems that combine services and applications,
have become targets for cyber cr... more Large industrial systems that combine services and applications,
have become targets for cyber criminals and are
challenging from the security, monitoring and auditing perspectives. Security log analysis is a key step for uncovering
anomalies, detecting intrusion, and enabling incident response.
The constant increase of link speeds, threats and users, produce large volumes of log data and become increasingly difficult to analyse on a Central Processing Unit (CPU). This paper presents a massively parallel Graphics Processing Unit (GPU) Log Processing (GLoP) library and can also be used for Deep Packet Inspection (DPI), using a prefix matching technique, harvesting the full power of off-the-shelf technologies. GLoP implements two different algorithm using different GPU memory and is compared against
CPU counterpart implementations. The library can be used
for processing nodes with single or multiple GPUs as well as
GPU cloud farms. The results show throughput of 20 Gbps
and demonstrate that modern GPUs can be utilised to increase
the operational speed of large scale log processing
scenarios, saving precious time before and after an intrusion
has occurred.
Wireless Body Area Networks have recently received much attention due their application to assi... more Wireless Body Area Networks have recently received much attention due their application to assisted living and remote patient monitoring. For these applications, energy minimisation is a critical issue since, in many cases, batteries cannot be easily replaced or recharged. Reducing energy expenditure by avoiding unnecessary high transmission power and minimising frame retransmissions is therefore crucial.
In this paper, a transmit power control scheme suitable for IEEE 802.15.6 networks operating in beacon mode with superframe boundaries is proposed. The transmission power is modulated, frame-by-frame, according to a run-time estimation of the channel conditions. Power measurements using the beacon frames are made periodically, providing reverse channel gain and an opportunistic fade margin, set on the basis of prior power fluctuations, is added. This approach allows tracking of the highly variable on-body to on-body propagation channel without the need to transmit additional probe frames. An experimental study based on test cases demonstrates the effectiveness of the scheme and compares its performance with alternative solutions presented in literature.
Fouling or encrustation is a significant problem in continuous crystallisation processes where cr... more Fouling or encrustation is a significant problem in continuous crystallisation processes where crystal deposits at surfaces impede heat transfer, increase flow resistance and reduce product quality. This paper proposes an automatic algorithm to detect early stages of fouling using images of vessel surfaces from commodity cameras. Statistical analysis of the pixel intensity variation offers the ability to distinguish appearance of crystals in the bulk solution and on the crystalliser walls. This information is used to develop a fouling metric indicator and determine separately induction times for appearance of first crystals at the surfaces and in the bulk. A method to detect process state changes using Bayesian online change point detection is also proposed, where the first change point is used to determine induction time either at the surface or in the bulk, based on real-time online measurements without using any predetermined threshold which usually varies between experiments and depends on data acquisition equipment. This approach can be used for in situ monitoring of early signs of encrustation to allow early warning for corrective actions to be taken when operating continuous crystallisation processes.
Body Area Networks (BANs) are an emerging area of wireless personal communications. The IEEE 802.... more Body Area Networks (BANs) are an emerging area of wireless personal communications. The IEEE 802.15.6 working group aims to develop a communications standard optimised for low power devices operating on, in or around the human body. IEEE 802.15.6 specifically targets low power medical application areas. The IEEE 802.15.6 draft defines two main channel access modes; contention based and contention free. This paper examines the energy lifetime performance of contention free access and in particular of periodic scheduled allocations. This paper presents an overview of the IEEE 802.15.6 and an analytical model for estimating the device lifetime. The analysis determines the maximum device lifetime for a range of scheduled allocations. It also shows that the higher the data rate of frame transfers the longer the device lifetime. Finally, the energy savings provided by block transfers are quantified and compared to immediately acknowledged alternatives.
Interest in on-body communication channels is growing as the use of wireless devices increases in... more Interest in on-body communication channels is growing as the use of wireless devices increases in medical, consumer and military sensor applications. This paper presents an experimental investigation and analysis of the narrowband on-body propagation channel. This analysis considers each of the factors affecting the channel during a range of stationary and motion activities in different environments with actual wireless mote devices on the body. Use of such motes allows greater freedom in the subject's movements and the inclusion of real-world indoor and outdoor environments in a test sequence. This paper identifies and analyses the effect of the different components of the signal propagation (mean propagation path gain, large-scale fading and small-scale fading) and the cause of the losses and variation due to activities, positions or environmental factors. Our results show the effect on the received signal and the impact of voluntary and involuntary movements, which cause shadowing effects. The analysis also allows us to identify sensor positions on the body that are more reliable and those positions that may require a relay or those that may be suitable for acting as a relay.
The emerging area of body area networks (BAN) imposes challenging requirements on hardware and so... more The emerging area of body area networks (BAN) imposes challenging requirements on hardware and software to achieve the desired lifetimes for certain devices such as long term medical implants. In this paper, we propose a novel approach to the measurement and characterisation of the energy consumption of BAN devices. The approach uses a low cost energy auditing circuit and addresses the problem of accurately measuring low-level current consumption. This new technique will allow precise and analytical measurements of systems and components in terms of energy. This will help circuit designers minimise power consumption in BAN devices. Software engineers might use this approach to validate and optimise embedded code. Network engineers can optimise network parameters to reduce the power consumption of a single node. Adoption of the proposed technique will aid the development of ultra-low power wireless BANs. Results are presented on current characterisation for two wireless motes.
Uploads
Papers by Christos Tachtatzis
have become targets for cyber criminals and are
challenging from the security, monitoring and auditing perspectives. Security log analysis is a key step for uncovering
anomalies, detecting intrusion, and enabling incident response.
The constant increase of link speeds, threats and users, produce large volumes of log data and become increasingly difficult to analyse on a Central Processing Unit (CPU). This paper presents a massively parallel Graphics Processing Unit (GPU) Log Processing (GLoP) library and can also be used for Deep Packet Inspection (DPI), using a prefix matching technique, harvesting the full power of off-the-shelf technologies. GLoP implements two different algorithm using different GPU memory and is compared against
CPU counterpart implementations. The library can be used
for processing nodes with single or multiple GPUs as well as
GPU cloud farms. The results show throughput of 20 Gbps
and demonstrate that modern GPUs can be utilised to increase
the operational speed of large scale log processing
scenarios, saving precious time before and after an intrusion
has occurred.
In this paper, a transmit power control scheme suitable for IEEE 802.15.6 networks operating in beacon mode with superframe boundaries is proposed. The transmission power is modulated, frame-by-frame, according to a run-time estimation of the channel conditions. Power measurements using the beacon frames are made periodically, providing reverse channel gain and an opportunistic fade margin, set on the basis of prior power fluctuations, is added. This approach allows tracking of the highly variable on-body to on-body propagation channel without the need to transmit additional probe frames. An experimental study based on test cases demonstrates the effectiveness of the scheme and compares its performance with alternative solutions presented in literature.
have become targets for cyber criminals and are
challenging from the security, monitoring and auditing perspectives. Security log analysis is a key step for uncovering
anomalies, detecting intrusion, and enabling incident response.
The constant increase of link speeds, threats and users, produce large volumes of log data and become increasingly difficult to analyse on a Central Processing Unit (CPU). This paper presents a massively parallel Graphics Processing Unit (GPU) Log Processing (GLoP) library and can also be used for Deep Packet Inspection (DPI), using a prefix matching technique, harvesting the full power of off-the-shelf technologies. GLoP implements two different algorithm using different GPU memory and is compared against
CPU counterpart implementations. The library can be used
for processing nodes with single or multiple GPUs as well as
GPU cloud farms. The results show throughput of 20 Gbps
and demonstrate that modern GPUs can be utilised to increase
the operational speed of large scale log processing
scenarios, saving precious time before and after an intrusion
has occurred.
In this paper, a transmit power control scheme suitable for IEEE 802.15.6 networks operating in beacon mode with superframe boundaries is proposed. The transmission power is modulated, frame-by-frame, according to a run-time estimation of the channel conditions. Power measurements using the beacon frames are made periodically, providing reverse channel gain and an opportunistic fade margin, set on the basis of prior power fluctuations, is added. This approach allows tracking of the highly variable on-body to on-body propagation channel without the need to transmit additional probe frames. An experimental study based on test cases demonstrates the effectiveness of the scheme and compares its performance with alternative solutions presented in literature.