Papers by Christos Tachtatzis
With the world moving towards being increasingly dependent on computers and automation, one of th... more With the world moving towards being increasingly dependent on computers and automation, one of the main challenges in the current decade has been to build secure applications, systems and networks. Alongside these challenges, the number of threats is rising exponentially due to the attack surface increasing through numerous interfaces offered for each service. To alleviate the impact of these threats, researchers have proposed numerous solutions; however, current tools often fail to adapt to ever-changing architectures, associated threats and 0-days. This manuscript aims to provide researchers with a taxonomy and survey of current dataset composition and current Intrusion Detection Systems (IDS) capabilities and assets. These taxonomies and surveys aim to improve both the efficiency of IDS and the creation of datasets to build the next generation IDS as well as to reflect networks threats more accurately in future datasets. To this end, this manuscript also provides a taxonomy and survey or network threats and associated tools. The manuscript highlights that current IDS only cover 25% of our threat taxonomy, while current datasets demonstrate clear lack of real-network threats and attack representation, but rather include a large number of deprecated threats, hence limiting the accuracy of current machine learning IDS. Moreover, the taxonomies are open-sourced to allow public contributions through a Github repository.
International Journal of Distributed Sensor Networks, 2015
A wireless sensor network (WSN) with the potential to monitor and locate partial discharge (PD) i... more A wireless sensor network (WSN) with the potential to monitor and locate partial discharge (PD) in high-voltage electricity substations using only received signal strength (RSS) is proposed. The advantages of an RSS-based operating principle over more traditional methods (e.g., time-of-arrival and time-difference-of-arrival) are described. Laboratory measurements of PD that emulate the operation of a PD WSN are presented. The hardware architecture of a prototype PD WSN is described and the particular challenges of an RSS-based location approach in an environment with an unknown, and spatially varying, path-loss index are discussed. It is concluded that an RSS-based PD WSN is a plausible solution for the monitoring of insulation integrity in electricity substations.
— The Internet of things (IoT) is still in its infancy and has attracted much interest in many in... more — The Internet of things (IoT) is still in its infancy and has attracted much interest in many industrial sectors including medical fields, logistics tracking, smart cities and automobiles. However as a paradigm, it is susceptible to a range of significant intrusion threats. This paper presents a threat analysis of the IoT and uses an Artificial Neural Network (ANN) to combat these threats. A multi-level perceptron, a type of supervised ANN, is trained using internet packet traces, then is assessed on its ability to thwart Distributed Denial of Service (DDoS/DoS) attacks. This paper focuses on the classification of normal and threat patterns on an IoT Network. The ANN procedure is validated against a simulated IoT network. The experimental results demonstrate 99.4% accuracy and can successfully detect various DDoS/DoS attacks.
The Internet of Things (IoT) and the number of sensors integrated within safety critical environm... more The Internet of Things (IoT) and the number of sensors integrated within safety critical environments is increasing exponentially. System designers employ off-the-shelf hardware to reduce development time and cost, however, the early adoption of consumer hardware and software raises numerous security questions. Several successful attacks and threats to critical infrastructures have been reported. This paper reviews safety-critical applications in aviation, connected cars and power plants. An engineering development roadmap is proposed with cyber-security in mind from " cradle-to-grave " rather than an afterthought. The development roadmap introduces a cyber-security review at each design step to strengthen the robustness of IoT hardware and software. However, considering these systems have an extremely long lifetime (>20 years), secure maintenance and integrity of ageing infrastructure is usually a secondary consideration. The paper proposes the use of a cyclic cyber-physical security model after system commissioning that allows knowledge transfer between regulatory bodies through sharing of best practices. The sharing will enable system operators to identify exploits encountered from other industries and maintain high security levels and improve the IoT architectures.
Recent advances in the massively parallel computational abilities of graphical processing units (... more Recent advances in the massively parallel computational abilities of graphical processing units (GPUs) have increased their use for general purpose computation, as companies look to take advantage of big data processing techniques. This has given rise to the potential for malicious software targeting GPUs, which is of interest to forensic investigators examining the operation of software. The ability to carry out reverse-engineering of software is of great importance within the security and forensics fields, particularly when investigating malicious software or carrying out forensic analysis following a successful security breach. Due to the complexity of the Nvidia CUDA (Compute Unified Device Architecture) framework, it is not clear how best to approach the reverse engineering of a piece of CUDA software. We carry out a review of the different binary output formats which may be encountered from the CUDA compiler, and their implications on reverse engineering. We then demonstrate the process of carrying out disassembly of an example CUDA application, to establish the various techniques available to forensic investigators carrying out black-box disas-sembly and reverse engineering of CUDA binaries. We show that the Nvidia compiler, using default settings, leaks useful information. Finally, we demonstrate techniques to better protect intellectual property in CUDA algorithm implementations from reverse engineering.
2009 Sixth International Conference on Networked Sensing Systems (INSS), 2009
In recent years, wireless sensor networks (WSN) have received considerable attention within agric... more In recent years, wireless sensor networks (WSN) have received considerable attention within agriculture and farming as a means to reduce operational costs and enhance animal health care. This paper examines the application of WSNs to livestock monitoring and the issues related to hardware realization. The core of this study is to overcome the aforementioned drawbacks by using alternative cheap, low power consumption sensor nodes capable of providing real-time communication at a reasonable hardware cost. In this paper, various factors i.e. radio frequency selection, channel bandwidth, etc. have been evaluated to provide a solution which can obtain real-time data from diary cattle whilst conforming to the limitations associated with WSNs implementations.
2009 Sixth International Conference on Networked Sensing Systems (INSS), 2009
In recent years, wireless sensor networks (WSN) have received considerable attention within agric... more In recent years, wireless sensor networks (WSN) have received considerable attention within agriculture and farming as a means to reduce operational costs and enhance animal health care. This paper examines the application of WSNs to livestock monitoring and the issues related to hardware realization. The core of this study is to overcome the aforementioned drawbacks by using alternative cheap, low power consumption sensor nodes capable of providing real-time communication at a reasonable hardware cost. In this paper, various factors i.e. radio frequency selection, channel bandwidth, etc. have been evaluated to provide a solution which can obtain real-time data from diary cattle whilst conforming to the limitations associated with WSNs implementations.
Smart Materials and Structures, 2015
Hydraulic structures constitute the most vulnerable elements of transportation infrastructure. Re... more Hydraulic structures constitute the most vulnerable elements of transportation infrastructure. Recent increases in precipitation have resulted in severe and more frequent flash flooding incidents. This has put bridges over waterways at higher risk of failure due to scour. This study presents a new sensor for measuring scour depth variation and sediment deposition processes in the vicinity of the foundations to underpin systems for early warning of impending structural failure. The monitoring system consists of a probe with integrated electromagnetic sensors designed to detect changes in the dielectric permittivity of the surrounding bridge foundation. The probe is equipped with a wireless interface and was evaluated to assess its ability to detect scour and sediment deposition in various soil types and under temperature and water salinity conditions that would commonly occur in a practical installation environment. A novel methodology is also developed enabling discrimination between in situ and re-deposited sediment delivering vital information about the load bearing capacity of the foundation. The experimental approach was validated using 'static' scour simulations and real-time open channel flume experiments. Results indicate that the sensor is highly sensitive to underwater bed level variations and can provide an economical and accurate structural health monitoring alternative to existing instruments.
Large industrial systems that combine services and applications,
have become targets for cyber cr... more Large industrial systems that combine services and applications,
have become targets for cyber criminals and are
challenging from the security, monitoring and auditing perspectives. Security log analysis is a key step for uncovering
anomalies, detecting intrusion, and enabling incident response.
The constant increase of link speeds, threats and users, produce large volumes of log data and become increasingly difficult to analyse on a Central Processing Unit (CPU). This paper presents a massively parallel Graphics Processing Unit (GPU) Log Processing (GLoP) library and can also be used for Deep Packet Inspection (DPI), using a prefix matching technique, harvesting the full power of off-the-shelf technologies. GLoP implements two different algorithm using different GPU memory and is compared against
CPU counterpart implementations. The library can be used
for processing nodes with single or multiple GPUs as well as
GPU cloud farms. The results show throughput of 20 Gbps
and demonstrate that modern GPUs can be utilised to increase
the operational speed of large scale log processing
scenarios, saving precious time before and after an intrusion
has occurred.
This paper investigates the practicality of memory attacks on commercial Graphics Processing Unit... more This paper investigates the practicality of memory attacks on commercial Graphics Processing Units (GPUs). With recent advances in the performance and viability of using GPUs for various highly-parallelised data processing tasks, a number of security challenges are raised. Unscrupulous software running subsequently on the same GPU, either by the same user, or another user, in a multi-user system, may be able to gain access to the contents of the GPU memory. This contains data from previous program executions. In certain use-cases, where the GPU is used to offload intensive parallel processing such as pattern matching for an intrusion detection system, financial systems, or cryptographic algorithms, it may be possible for the GPU memory to contain privileged data, which would ordinarily be inaccessible to an unprivileged application running on the host computer. With GPUs potentially yielding access to confidential information, existing research in the field is built upon, to investigate the practicality of extracting data from global, shared and texture memory, and retrieving this data for further analysis. These techniques are also implemented on various GPUs using three different Nvidia CUDA versions. A novel methodology for digital forensic examination of GPU memory for remanent data is then proposed, along with some suggestions and considerations towards countermeasures and anti-forensic techniques.
Wireless Body Area Networks have recently received much attention due their application to assi... more Wireless Body Area Networks have recently received much attention due their application to assisted living and remote patient monitoring. For these applications, energy minimisation is a critical issue since, in many cases, batteries cannot be easily replaced or recharged. Reducing energy expenditure by avoiding unnecessary high transmission power and minimising frame retransmissions is therefore crucial.
In this paper, a transmit power control scheme suitable for IEEE 802.15.6 networks operating in beacon mode with superframe boundaries is proposed. The transmission power is modulated, frame-by-frame, according to a run-time estimation of the channel conditions. Power measurements using the beacon frames are made periodically, providing reverse channel gain and an opportunistic fade margin, set on the basis of prior power fluctuations, is added. This approach allows tracking of the highly variable on-body to on-body propagation channel without the need to transmit additional probe frames. An experimental study based on test cases demonstrates the effectiveness of the scheme and compares its performance with alternative solutions presented in literature.
Fouling or encrustation is a significant problem in continuous crystallisation processes where cr... more Fouling or encrustation is a significant problem in continuous crystallisation processes where crystal deposits at surfaces impede heat transfer, increase flow resistance and reduce product quality. This paper proposes an automatic algorithm to detect early stages of fouling using images of vessel surfaces from commodity cameras. Statistical analysis of the pixel intensity variation offers the ability to distinguish appearance of crystals in the bulk solution and on the crystalliser walls. This information is used to develop a fouling metric indicator and determine separately induction times for appearance of first crystals at the surfaces and in the bulk. A method to detect process state changes using Bayesian online change point detection is also proposed, where the first change point is used to determine induction time either at the surface or in the bulk, based on real-time online measurements without using any predetermined threshold which usually varies between experiments and depends on data acquisition equipment. This approach can be used for in situ monitoring of early signs of encrustation to allow early warning for corrective actions to be taken when operating continuous crystallisation processes.
The construction of onshore wind turbines has been increasing rapidly as the UK attempts to meet ... more The construction of onshore wind turbines has been increasing rapidly as the UK attempts to meet its renewable energy targets. As the UK's future energy depends increasingly on wind farms, safety and security are critical to the success of this renewable energy source. Structural integrity of the tower and its components is a critical element of this security of supply. With the stochastic nature of the load regime, a bespoke structural health monitoring system is required to monitor the integrity of the concrete foundations supporting the tower. This paper presents an assessment of 'embedded can'-style foundation failure modes in large onshore wind turbines and proposes a novel condition-based monitoring solution to aid in early warning of failure.
Body Area Networks (BANs) are an emerging area of wireless personal communications. The IEEE 802.... more Body Area Networks (BANs) are an emerging area of wireless personal communications. The IEEE 802.15.6 working group aims to develop a communications standard optimised for low power devices operating on, in or around the human body. IEEE 802.15.6 specifically targets low power medical application areas. The IEEE 802.15.6 draft defines two main channel access modes; contention based and contention free. This paper examines the energy lifetime performance of contention free access and in particular of periodic scheduled allocations. This paper presents an overview of the IEEE 802.15.6 and an analytical model for estimating the device lifetime. The analysis determines the maximum device lifetime for a range of scheduled allocations. It also shows that the higher the data rate of frame transfers the longer the device lifetime. Finally, the energy savings provided by block transfers are quantified and compared to immediately acknowledged alternatives.
Medical body area networks will employ a range of implantable and body worn devices to support a ... more Medical body area networks will employ a range of implantable and body worn devices to support a wide range of applications with diverse QoS requirements. The IEEE 802.15.6 working group is developing a communications standard for low power devices operating on, in and around the body and medical devices are a key application area of the standard. The ISO/IEEE 11073 standard addresses medical device interoperability and specifies the required QoS for medical applications. This paper investigates the lifetime of devices using the scheduled access modes proposed by IEEE 802.15.6, while satisfying the throughput and latency constraints of the ISO/IEEE 11073 applications. It computes the optimum superframe structure and number of superframes that the device can sleep to achieve maximum lifetime. The results quantify the maximum expected achievable lifetime for these applications and show that scheduled access mode is not appropriate for all application classes such as those with intermittent transfer patterns.
Wireless Sensor Networks (WSNs) are gaining an increasing industry wide adoption. However there r... more Wireless Sensor Networks (WSNs) are gaining an increasing industry wide adoption. However there remain major challenges such as network dimensioning and node placement especially in Built Environment Networks (BENs). Decisions on the node placement, orientation, and the number of nodes to cover the area of interest are usually ad-hoc, which leads either to poor coverage or over-provisioned, over sized networks. Ray tracing tools are traditionally employed to predict RF signal propagation however such tools are primarily intended for outdoor environments and do not accurately predict RF performance in buildings. RF signal propagation varies greatly indoors due to building materials and infrastructure, obstacles, node placement, antenna orientation and human presence. Because of the complexity of signal prediction these factors are usually ignored or given little weight when such networks are analyzed. The contributions of the paper are multi-fold. The results show the effects of the building size and layout, building materials, human presence and mobility on the signal propagation of a BEN. Additionally, they show that antenna radiation pattern is a key factor in the RF propagation performance, and appropriate device orientation and placement can improve the network reliability. Further, the RSS facility in RF transceivers can be exploited to detect the presence and motion of humans in the environment. The results presented are obtained and analyzed from a real BEN deployment and illustrate that such parameters must be considered when planning and deploying BENs.
Technological advancements have made possible the emergence of Body Area Networks (BANs). There a... more Technological advancements have made possible the emergence of Body Area Networks (BANs). There are numerous onbody channel characterizations in the literature performed on a phantom or a single human subject. In this paper, using multiple subjects, we consider the effect of body shape and gender on the onbody channel.
Interest in on-body communication channels is growing as the use of wireless devices increases in... more Interest in on-body communication channels is growing as the use of wireless devices increases in medical, consumer and military sensor applications. This paper presents an experimental investigation and analysis of the narrowband on-body propagation channel. This analysis considers each of the factors affecting the channel during a range of stationary and motion activities in different environments with actual wireless mote devices on the body. Use of such motes allows greater freedom in the subject's movements and the inclusion of real-world indoor and outdoor environments in a test sequence. This paper identifies and analyses the effect of the different components of the signal propagation (mean propagation path gain, large-scale fading and small-scale fading) and the cause of the losses and variation due to activities, positions or environmental factors. Our results show the effect on the received signal and the impact of voluntary and involuntary movements, which cause shadowing effects. The analysis also allows us to identify sensor positions on the body that are more reliable and those positions that may require a relay or those that may be suitable for acting as a relay.
The emerging area of body area networks (BAN) imposes challenging requirements on hardware and so... more The emerging area of body area networks (BAN) imposes challenging requirements on hardware and software to achieve the desired lifetimes for certain devices such as long term medical implants. In this paper, we propose a novel approach to the measurement and characterisation of the energy consumption of BAN devices. The approach uses a low cost energy auditing circuit and addresses the problem of accurately measuring low-level current consumption. This new technique will allow precise and analytical measurements of systems and components in terms of energy. This will help circuit designers minimise power consumption in BAN devices. Software engineers might use this approach to validate and optimise embedded code. Network engineers can optimise network parameters to reduce the power consumption of a single node. Adoption of the proposed technique will aid the development of ultra-low power wireless BANs. Results are presented on current characterisation for two wireless motes.
Uploads
Papers by Christos Tachtatzis
have become targets for cyber criminals and are
challenging from the security, monitoring and auditing perspectives. Security log analysis is a key step for uncovering
anomalies, detecting intrusion, and enabling incident response.
The constant increase of link speeds, threats and users, produce large volumes of log data and become increasingly difficult to analyse on a Central Processing Unit (CPU). This paper presents a massively parallel Graphics Processing Unit (GPU) Log Processing (GLoP) library and can also be used for Deep Packet Inspection (DPI), using a prefix matching technique, harvesting the full power of off-the-shelf technologies. GLoP implements two different algorithm using different GPU memory and is compared against
CPU counterpart implementations. The library can be used
for processing nodes with single or multiple GPUs as well as
GPU cloud farms. The results show throughput of 20 Gbps
and demonstrate that modern GPUs can be utilised to increase
the operational speed of large scale log processing
scenarios, saving precious time before and after an intrusion
has occurred.
In this paper, a transmit power control scheme suitable for IEEE 802.15.6 networks operating in beacon mode with superframe boundaries is proposed. The transmission power is modulated, frame-by-frame, according to a run-time estimation of the channel conditions. Power measurements using the beacon frames are made periodically, providing reverse channel gain and an opportunistic fade margin, set on the basis of prior power fluctuations, is added. This approach allows tracking of the highly variable on-body to on-body propagation channel without the need to transmit additional probe frames. An experimental study based on test cases demonstrates the effectiveness of the scheme and compares its performance with alternative solutions presented in literature.
have become targets for cyber criminals and are
challenging from the security, monitoring and auditing perspectives. Security log analysis is a key step for uncovering
anomalies, detecting intrusion, and enabling incident response.
The constant increase of link speeds, threats and users, produce large volumes of log data and become increasingly difficult to analyse on a Central Processing Unit (CPU). This paper presents a massively parallel Graphics Processing Unit (GPU) Log Processing (GLoP) library and can also be used for Deep Packet Inspection (DPI), using a prefix matching technique, harvesting the full power of off-the-shelf technologies. GLoP implements two different algorithm using different GPU memory and is compared against
CPU counterpart implementations. The library can be used
for processing nodes with single or multiple GPUs as well as
GPU cloud farms. The results show throughput of 20 Gbps
and demonstrate that modern GPUs can be utilised to increase
the operational speed of large scale log processing
scenarios, saving precious time before and after an intrusion
has occurred.
In this paper, a transmit power control scheme suitable for IEEE 802.15.6 networks operating in beacon mode with superframe boundaries is proposed. The transmission power is modulated, frame-by-frame, according to a run-time estimation of the channel conditions. Power measurements using the beacon frames are made periodically, providing reverse channel gain and an opportunistic fade margin, set on the basis of prior power fluctuations, is added. This approach allows tracking of the highly variable on-body to on-body propagation channel without the need to transmit additional probe frames. An experimental study based on test cases demonstrates the effectiveness of the scheme and compares its performance with alternative solutions presented in literature.