Antonis Papadogiannakis - Profile on Academia.edu (original) (raw)

Papers by Antonis Papadogiannakis

Research paper thumbnail of Proof Explanation for the Semantic Web Using Defeasible Logic

In this work we present the desing and implementation of a new system for proof explanation in th... more In this work we present the desing and implementation of a new system for proof explanation in the Semantic Web, using defeasible logic. Trust is a vital feature for Semantic Web. If users (humans and agents) are to use and integrate system answers, they must trust them. Thus, systems should be able to explain their actions, sources, and beliefs. Our system produces automatically proof explanations using a popular logic programming system (XSB), by interpreting the output from the proof's trace and convert it to a meaningfull representation. It presents the explanation of an answer for a user's query back to him using a graphical interface, and also it can use an XML representation for agent communication, that is a common scenario in the Semantic Web. One of the main benefits of our system is that it supports explanations in defeasible logic for both positive and negative answers in user queries. In the remaining of this report we present the design and implementation of the system, a novel XML language for the represantation of a proof explanation, and we give a variety of examples and use cases of our system. 1

Research paper thumbnail of Available bandwidth measurement as simple as running wget

Proc. of the Passive …, 2006

Available bandwidth measurement as simple as running wget Demetres Antoniades1, Manos Athanatos1,... more Available bandwidth measurement as simple as running wget Demetres Antoniades1, Manos Athanatos1, Antonis Papadogiannakis1, Evangelos P. Markatos1, Constantine Dovrolis2 1 Institute of Computer Science (ICS) Foundation for Research & Technology Hellas (FORTH) ...

Research paper thumbnail of Improving the performance of passive network monitoring applications with memory locality enhancements

Computer Communications, 2012

Passive network monitoring is the basis for a multitude of systems that support the robust, effic... more Passive network monitoring is the basis for a multitude of systems that support the robust, efficient, and secure operation of modern computer networks. Emerging network monitoring applications are more demanding in terms of memory and CPU resources due to the increasingly complex analysis operations that are performed on the inspected traffic. At the same time, as the traffic throughput in modern network links increases, the CPU time that can be devoted for processing each network packet decreases. This leads to a growing demand for more efficient passive network monitoring systems in which runtime performance becomes a critical issue.

Research paper thumbnail of LOBSTER: A European Platform for Passive Network Traffic Monitoring

Proceedings of the 4th International ICST Conference on Testbeds and Research Infrastructures for the Development of Networks and Communities, 2008

Over the past few years we have been witnessing a large number of new programs and applications w... more Over the past few years we have been witnessing a large number of new programs and applications which generate prolific amounts of questionable, if not illegal, traffic that dominates our networks. Hoping from one port to another and using sophisticated encoding mechanisms, such applications have managed to evade traditional monitoring tools and confuse system administrators.

Research paper thumbnail of End-to-end Network Monitoring Infrastructure

The capability of dynamically monitoring the performance of the communication infrastructure is o... more The capability of dynamically monitoring the performance of the communication infrastructure is one of the emerging requirements for a Grid. We claim that such a capability is in fact orthogonal to the more popular collection of data for scheduling and diagnosis, which needs large storage and indexing capabilities, but may disregard real-time performance issues. We discuss such claim analyzing the

Research paper thumbnail of LOBSTER: A European Platform for Passive Network Traffic Monitoring

Proceedings of the 4th International ICST Conference on Testbeds and Research Infrastructures for the Development of Networks and Communities, 2008

Over the past few years we have been witnessing a large number of new programs and applications w... more Over the past few years we have been witnessing a large number of new programs and applications which generate prolific amounts of questionable, if not illegal, traffic that dominates our networks. Hoping from one port to another and using sophisticated encoding mechanisms, such applications have managed to evade traditional monitoring tools and confuse system administrators.

Research paper thumbnail of LEoNIDS: a Low-latency and Energy-efficient Network-level Intrusion Detection System

IEEE Transactions on Emerging Topics in Computing, 2014

Over the past decade, design and implementation of low-power systems has received significant att... more Over the past decade, design and implementation of low-power systems has received significant attention. Started with data centers and battery-operated mobile devices, it has recently branched to core network devices such as routers. However, this emerging need for low-power system design has not been studied for security systems, which are becoming increasingly important today. Towards this direction, we aim to reduce the power consumption of Network-level Intrusion Detection Systems (NIDS), which are used to improve the secure operation of modern computer networks. Unfortunately, traditional approaches to low-power system design, such as frequency scaling lead to a disproportionate increase in packet processing and queuing times. In this work, we show that this increase has a negative impact on the detection latency and impedes a timely reaction. To address this issue, we present LEoNIDS: an architecture that resolves the energy-latency tradeoff by providing both low power consumption and low detection latency at the same time. The key idea is to identify the packets that are more likely to carry an attack and give them higher priority so as to achieve low attack detection latency. Our results indicate that LEoNIDS consumes comparable power to a state-of-the-art low-power design, while, at the same time, achieving up to an order of magnitude faster attack detection.

Research paper thumbnail of A Demand Driven Network Monitoring Architecture

The capability of dynamically monitoring the performance of the communication infrastructure is o... more The capability of dynamically monitoring the performance of the communication infrastructure is one of the emerging requirements for a Grid. We claim that such a capability is in fact orthogonal to the more popular collection of data for scheduling and diagnosis, which needs large storage and indexing capabilities, but may disregard real-time performance issues. We discuss such claim analyzing the gLite NPM architecture, and we describe a novel network monitoring infrastructure specifically designed for demand driven monitoring, named gd2, that can be potentially integrated in the gLite framework. We describe a Java implementation of gd2 on a virtual testbed.

Research paper thumbnail of NETWORK MONITORING SESSION

NETWORK MONITORING SESSION

Research paper thumbnail of Scap: stream-oriented network traffic capture and analysis for high-speed networks

Scap: stream-oriented network traffic capture and analysis for high-speed networks

Research paper thumbnail of Rise of the planet of the apps: A systematic study of the mobile app ecosystem

Mobile applications (apps) have been gaining rising popularity due to the advances in mobile tech... more Mobile applications (apps) have been gaining rising popularity due to the advances in mobile technologies and the large increase in the number of mobile users. Consequently, several app distribution platforms, which provide a new way for developing, downloading, and updating software applications in modern mobile devices, have recently emerged. To better understand the download patterns, popularity trends, and development strategies in this rapidly evolving mobile app ecosystem, we systematically monitored and analyzed four popular third-party Android app marketplaces. Our study focuses on measuring, analyzing, and modeling the app popularity distribution, and explores how pricing and revenue strategies affect app popularity and developers' income.

Research paper thumbnail of Stream-Oriented Network Traffic Capture and Analysis for High-Speed Networks

Stream-Oriented Network Traffic Capture and Analysis for High-Speed Networks

IEEE Journal on Selected Areas in Communications, 2014

Research paper thumbnail of Automated generation of models for fast and precise detection of HTTP-based malware

Automated generation of models for fast and precise detection of HTTP-based malware

2014 Twelfth Annual International Conference on Privacy, Security and Trust, 2014

Research paper thumbnail of Scap

Scap

Proceedings of the 2013 conference on Internet measurement conference - IMC '13, 2013

Research paper thumbnail of Improving the accuracy of network intrusion detection systems under load using selective packet discarding

Improving the accuracy of network intrusion detection systems under load using selective packet discarding

Proceedings of the Third European Workshop on System Security - EUROSEC '10, 2010

... In our approach one can start with an unsupervised anomaly detector and, in principle, collec... more ... In our approach one can start with an unsupervised anomaly detector and, in principle, collect the training set for the optimizer during the operation of the IDS. ... [10] KK Gupta, B. Nath and K. Ramamohanarao, Layered Ap-proach using Conditional Random Fields for Intrusion ...

Research paper thumbnail of RRDtrace: Long-term Raw Network Traffic Recording using Fixed-size Storage

2010 IEEE International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems, 2010

Recording raw network traffic for long-term periods can be extremely beneficial for a multitude o... more Recording raw network traffic for long-term periods can be extremely beneficial for a multitude of monitoring and security applications. However, storing all traffic of high volume networks is infeasible even for short-term periods due to the increased storage requirements. Traditional approaches for data reduction like aggregation and sampling either require knowing the traffic features of interest in advance, or reduce the traffic volume by selecting a representative set of packets uniformly over the collecting period. In this work we present RRDtrace, a technique for storing full-payload packets for arbitrary long periods using fixed-size storage. RRDtrace divides time into intervals and retains a larger number of packets for most recent intervals. As traffic ages, an aging daemon is responsible for dynamically reducing its storage space by keeping smaller representative groups of packets, adapting the sampling rate accordingly. We evaluate the accuracy of RRDtrace on inferring the flow size distribution, distribution of traffic among applications, and percentage of malicious population. Our results show that RRDtrace can accurately estimate these properties using the suitable sampling strategy, some of them for arbitrary long time and others only for a recent period.

Research paper thumbnail of ASIST

ASIST

Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security - CCS '13, 2013

ABSTRACT Code injection attacks continue to pose a threat to today's computing systems, a... more ABSTRACT Code injection attacks continue to pose a threat to today's computing systems, as they exploit software vulnerabilities to inject and execute arbitrary, malicious code. Instruction Set Randomization (ISR) is able to protect a system against remote machine code injection attacks by randomizing the instruction set of each process. This way, the attacker will inject invalid code that will fail to execute on the randomized processor. However, all the existing implementations of ISR are based on emulators and binary instrumentation tools that (i) incur a significant runtime performance overhead, (ii) limit the ease of deployment of ISR, (iii) cannot protect the underlying operating system kernel, and (iv) are vulnerable to evasion attempts trying to bypass ISR protection. To address these issues we propose ASIST: an architecture with hardware and operating system support for ISR. We present the design and implementation of ASIST by modifying and mapping a SPARC processor onto an FPGA board and running our modified Linux kernel to support the new features. The operating system loads the randomization key of each running process into a newly defined register, and the modified processor decodes the process's instructions with this key before execution. Moreover, ASIST protects the system against attacks that exploit kernel vulnerabilities to run arbitrary code with elevated privileges, by using a separate randomization key for the operating system. We show that ASIST transparently protects all applications and the operating system kernel from machine code injection attacks with less than 1.5% runtime overhead, while only requiring 0.7% additional hardware.

Research paper thumbnail of DiMAPI: An Application Programming Interface for Distributed Network Monitoring

2006 IEEE/IFIP Network Operations and Management Symposium NOMS 2006, 2006

Network monitoring and measurement is commonly regarded as an essential function for understandin... more Network monitoring and measurement is commonly regarded as an essential function for understanding, managing and improving the performance and security of network infrastructures. Traditional passive network monitoring approaches are not adequate for fine-grained performance measurements nor for security applications. In addition, many applications would benefit from monitoring data gathered at multiple vantage points within a network infrastructure.

Research paper thumbnail of Network Monitoring Session Description

Grid Middleware and Services, 2008

Network Monitoring is a complex distributed activity: we distinguish agents that issue requests a... more Network Monitoring is a complex distributed activity: we distinguish agents that issue requests and use of the results, other that operate the monitoring activity and produce observations, glued together by other agents that are in charge of routing requests and results.

Research paper thumbnail of Prototype Implementation Of A Demand Driven Network Monitoring Architecture

Grid Computing, 2008

The capability of dynamically monitoring the perfomance of the communication infrastructure is on... more The capability of dynamically monitoring the perfomance of the communication infrastructure is one of the emerging requirements for a Grid. We claim that such a capability is in fact orthogonal to the more popular collection of data for scheduling and diagnosis, which needs large storage and indexing capabilities, but may disregard real-time performance issues. We discuss such claim analyzing the gLite NPM architecture, and we describe a novel network monitoring infrastructure specifically designed for demand driven monitoring, named gd2, that can be potentially integrated in the gLite framework. We describe a Java implementation of gd2 on a virtual testbed.

Research paper thumbnail of Proof Explanation for the Semantic Web Using Defeasible Logic

In this work we present the desing and implementation of a new system for proof explanation in th... more In this work we present the desing and implementation of a new system for proof explanation in the Semantic Web, using defeasible logic. Trust is a vital feature for Semantic Web. If users (humans and agents) are to use and integrate system answers, they must trust them. Thus, systems should be able to explain their actions, sources, and beliefs. Our system produces automatically proof explanations using a popular logic programming system (XSB), by interpreting the output from the proof's trace and convert it to a meaningfull representation. It presents the explanation of an answer for a user's query back to him using a graphical interface, and also it can use an XML representation for agent communication, that is a common scenario in the Semantic Web. One of the main benefits of our system is that it supports explanations in defeasible logic for both positive and negative answers in user queries. In the remaining of this report we present the design and implementation of the system, a novel XML language for the represantation of a proof explanation, and we give a variety of examples and use cases of our system. 1

Research paper thumbnail of Available bandwidth measurement as simple as running wget

Proc. of the Passive …, 2006

Available bandwidth measurement as simple as running wget Demetres Antoniades1, Manos Athanatos1,... more Available bandwidth measurement as simple as running wget Demetres Antoniades1, Manos Athanatos1, Antonis Papadogiannakis1, Evangelos P. Markatos1, Constantine Dovrolis2 1 Institute of Computer Science (ICS) Foundation for Research & Technology Hellas (FORTH) ...

Research paper thumbnail of Improving the performance of passive network monitoring applications with memory locality enhancements

Computer Communications, 2012

Passive network monitoring is the basis for a multitude of systems that support the robust, effic... more Passive network monitoring is the basis for a multitude of systems that support the robust, efficient, and secure operation of modern computer networks. Emerging network monitoring applications are more demanding in terms of memory and CPU resources due to the increasingly complex analysis operations that are performed on the inspected traffic. At the same time, as the traffic throughput in modern network links increases, the CPU time that can be devoted for processing each network packet decreases. This leads to a growing demand for more efficient passive network monitoring systems in which runtime performance becomes a critical issue.

Research paper thumbnail of LOBSTER: A European Platform for Passive Network Traffic Monitoring

Proceedings of the 4th International ICST Conference on Testbeds and Research Infrastructures for the Development of Networks and Communities, 2008

Over the past few years we have been witnessing a large number of new programs and applications w... more Over the past few years we have been witnessing a large number of new programs and applications which generate prolific amounts of questionable, if not illegal, traffic that dominates our networks. Hoping from one port to another and using sophisticated encoding mechanisms, such applications have managed to evade traditional monitoring tools and confuse system administrators.

Research paper thumbnail of End-to-end Network Monitoring Infrastructure

The capability of dynamically monitoring the performance of the communication infrastructure is o... more The capability of dynamically monitoring the performance of the communication infrastructure is one of the emerging requirements for a Grid. We claim that such a capability is in fact orthogonal to the more popular collection of data for scheduling and diagnosis, which needs large storage and indexing capabilities, but may disregard real-time performance issues. We discuss such claim analyzing the

Research paper thumbnail of LOBSTER: A European Platform for Passive Network Traffic Monitoring

Proceedings of the 4th International ICST Conference on Testbeds and Research Infrastructures for the Development of Networks and Communities, 2008

Over the past few years we have been witnessing a large number of new programs and applications w... more Over the past few years we have been witnessing a large number of new programs and applications which generate prolific amounts of questionable, if not illegal, traffic that dominates our networks. Hoping from one port to another and using sophisticated encoding mechanisms, such applications have managed to evade traditional monitoring tools and confuse system administrators.

Research paper thumbnail of LEoNIDS: a Low-latency and Energy-efficient Network-level Intrusion Detection System

IEEE Transactions on Emerging Topics in Computing, 2014

Over the past decade, design and implementation of low-power systems has received significant att... more Over the past decade, design and implementation of low-power systems has received significant attention. Started with data centers and battery-operated mobile devices, it has recently branched to core network devices such as routers. However, this emerging need for low-power system design has not been studied for security systems, which are becoming increasingly important today. Towards this direction, we aim to reduce the power consumption of Network-level Intrusion Detection Systems (NIDS), which are used to improve the secure operation of modern computer networks. Unfortunately, traditional approaches to low-power system design, such as frequency scaling lead to a disproportionate increase in packet processing and queuing times. In this work, we show that this increase has a negative impact on the detection latency and impedes a timely reaction. To address this issue, we present LEoNIDS: an architecture that resolves the energy-latency tradeoff by providing both low power consumption and low detection latency at the same time. The key idea is to identify the packets that are more likely to carry an attack and give them higher priority so as to achieve low attack detection latency. Our results indicate that LEoNIDS consumes comparable power to a state-of-the-art low-power design, while, at the same time, achieving up to an order of magnitude faster attack detection.

Research paper thumbnail of A Demand Driven Network Monitoring Architecture

The capability of dynamically monitoring the performance of the communication infrastructure is o... more The capability of dynamically monitoring the performance of the communication infrastructure is one of the emerging requirements for a Grid. We claim that such a capability is in fact orthogonal to the more popular collection of data for scheduling and diagnosis, which needs large storage and indexing capabilities, but may disregard real-time performance issues. We discuss such claim analyzing the gLite NPM architecture, and we describe a novel network monitoring infrastructure specifically designed for demand driven monitoring, named gd2, that can be potentially integrated in the gLite framework. We describe a Java implementation of gd2 on a virtual testbed.

Research paper thumbnail of NETWORK MONITORING SESSION

NETWORK MONITORING SESSION

Research paper thumbnail of Scap: stream-oriented network traffic capture and analysis for high-speed networks

Scap: stream-oriented network traffic capture and analysis for high-speed networks

Research paper thumbnail of Rise of the planet of the apps: A systematic study of the mobile app ecosystem

Mobile applications (apps) have been gaining rising popularity due to the advances in mobile tech... more Mobile applications (apps) have been gaining rising popularity due to the advances in mobile technologies and the large increase in the number of mobile users. Consequently, several app distribution platforms, which provide a new way for developing, downloading, and updating software applications in modern mobile devices, have recently emerged. To better understand the download patterns, popularity trends, and development strategies in this rapidly evolving mobile app ecosystem, we systematically monitored and analyzed four popular third-party Android app marketplaces. Our study focuses on measuring, analyzing, and modeling the app popularity distribution, and explores how pricing and revenue strategies affect app popularity and developers' income.

Research paper thumbnail of Stream-Oriented Network Traffic Capture and Analysis for High-Speed Networks

Stream-Oriented Network Traffic Capture and Analysis for High-Speed Networks

IEEE Journal on Selected Areas in Communications, 2014

Research paper thumbnail of Automated generation of models for fast and precise detection of HTTP-based malware

Automated generation of models for fast and precise detection of HTTP-based malware

2014 Twelfth Annual International Conference on Privacy, Security and Trust, 2014

Research paper thumbnail of Scap

Scap

Proceedings of the 2013 conference on Internet measurement conference - IMC '13, 2013

Research paper thumbnail of Improving the accuracy of network intrusion detection systems under load using selective packet discarding

Improving the accuracy of network intrusion detection systems under load using selective packet discarding

Proceedings of the Third European Workshop on System Security - EUROSEC '10, 2010

... In our approach one can start with an unsupervised anomaly detector and, in principle, collec... more ... In our approach one can start with an unsupervised anomaly detector and, in principle, collect the training set for the optimizer during the operation of the IDS. ... [10] KK Gupta, B. Nath and K. Ramamohanarao, Layered Ap-proach using Conditional Random Fields for Intrusion ...

Research paper thumbnail of RRDtrace: Long-term Raw Network Traffic Recording using Fixed-size Storage

2010 IEEE International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems, 2010

Recording raw network traffic for long-term periods can be extremely beneficial for a multitude o... more Recording raw network traffic for long-term periods can be extremely beneficial for a multitude of monitoring and security applications. However, storing all traffic of high volume networks is infeasible even for short-term periods due to the increased storage requirements. Traditional approaches for data reduction like aggregation and sampling either require knowing the traffic features of interest in advance, or reduce the traffic volume by selecting a representative set of packets uniformly over the collecting period. In this work we present RRDtrace, a technique for storing full-payload packets for arbitrary long periods using fixed-size storage. RRDtrace divides time into intervals and retains a larger number of packets for most recent intervals. As traffic ages, an aging daemon is responsible for dynamically reducing its storage space by keeping smaller representative groups of packets, adapting the sampling rate accordingly. We evaluate the accuracy of RRDtrace on inferring the flow size distribution, distribution of traffic among applications, and percentage of malicious population. Our results show that RRDtrace can accurately estimate these properties using the suitable sampling strategy, some of them for arbitrary long time and others only for a recent period.

Research paper thumbnail of ASIST

ASIST

Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security - CCS '13, 2013

ABSTRACT Code injection attacks continue to pose a threat to today's computing systems, a... more ABSTRACT Code injection attacks continue to pose a threat to today's computing systems, as they exploit software vulnerabilities to inject and execute arbitrary, malicious code. Instruction Set Randomization (ISR) is able to protect a system against remote machine code injection attacks by randomizing the instruction set of each process. This way, the attacker will inject invalid code that will fail to execute on the randomized processor. However, all the existing implementations of ISR are based on emulators and binary instrumentation tools that (i) incur a significant runtime performance overhead, (ii) limit the ease of deployment of ISR, (iii) cannot protect the underlying operating system kernel, and (iv) are vulnerable to evasion attempts trying to bypass ISR protection. To address these issues we propose ASIST: an architecture with hardware and operating system support for ISR. We present the design and implementation of ASIST by modifying and mapping a SPARC processor onto an FPGA board and running our modified Linux kernel to support the new features. The operating system loads the randomization key of each running process into a newly defined register, and the modified processor decodes the process's instructions with this key before execution. Moreover, ASIST protects the system against attacks that exploit kernel vulnerabilities to run arbitrary code with elevated privileges, by using a separate randomization key for the operating system. We show that ASIST transparently protects all applications and the operating system kernel from machine code injection attacks with less than 1.5% runtime overhead, while only requiring 0.7% additional hardware.

Research paper thumbnail of DiMAPI: An Application Programming Interface for Distributed Network Monitoring

2006 IEEE/IFIP Network Operations and Management Symposium NOMS 2006, 2006

Network monitoring and measurement is commonly regarded as an essential function for understandin... more Network monitoring and measurement is commonly regarded as an essential function for understanding, managing and improving the performance and security of network infrastructures. Traditional passive network monitoring approaches are not adequate for fine-grained performance measurements nor for security applications. In addition, many applications would benefit from monitoring data gathered at multiple vantage points within a network infrastructure.

Research paper thumbnail of Network Monitoring Session Description

Grid Middleware and Services, 2008

Network Monitoring is a complex distributed activity: we distinguish agents that issue requests a... more Network Monitoring is a complex distributed activity: we distinguish agents that issue requests and use of the results, other that operate the monitoring activity and produce observations, glued together by other agents that are in charge of routing requests and results.

Research paper thumbnail of Prototype Implementation Of A Demand Driven Network Monitoring Architecture

Grid Computing, 2008

The capability of dynamically monitoring the perfomance of the communication infrastructure is on... more The capability of dynamically monitoring the perfomance of the communication infrastructure is one of the emerging requirements for a Grid. We claim that such a capability is in fact orthogonal to the more popular collection of data for scheduling and diagnosis, which needs large storage and indexing capabilities, but may disregard real-time performance issues. We discuss such claim analyzing the gLite NPM architecture, and we describe a novel network monitoring infrastructure specifically designed for demand driven monitoring, named gd2, that can be potentially integrated in the gLite framework. We describe a Java implementation of gd2 on a virtual testbed.