Constantinos Patsakis

Constantinos Patsakis
  • Professor (Associate) at University of Piraeus

About

229
Publications
195,701
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
7,432
Citations
Current institution
University of Piraeus
Current position
  • Professor (Associate)
Education
October 2003 - October 2008
University of Piraeus
Field of study
  • Computer Security
September 2002 - September 2003
Royal Holloway University of London
Field of study
  • Information Security
September 1998 - September 2002

Publications

Publications (229)
Preprint
The InterPlanetary File System~(IPFS) offers a decentralized approach to file storage and sharing, promising resilience and efficiency while also realizing the Web3 paradigm. Simultaneously, the offered anonymity raises significant questions about potential misuse. In this study, we explore methods that malicious actors can exploit IPFS to upload a...
Article
Full-text available
The double-edged sword of continuous digitization of services and systems opens the door to a myriad of beneficial opportunities, as well as challenging threats. Currently, ransomware is catalogued as the first threat in cybersecurity due to its impact on organizations, critical infrastructure, industry, and society as a whole. Thus, devoting effor...
Preprint
The continuous increase in malware samples, both in sophistication and number, presents many challenges for organizations and analysts, who must cope with thousands of new heterogeneous samples daily. This requires robust methods to quickly determine whether a file is malicious. Due to its speed and efficiency, static analysis is the first line of...
Preprint
Full-text available
The proliferation of malware, particularly through the use of packing, presents a significant challenge to static analysis and signature-based malware detection techniques. The application of packing to the original executable code renders extracting meaningful features and signatures challenging. To deal with the increasing amount of malware in th...
Preprint
The significant increase in software production driven by automation and faster development lifecycles has resulted in a corresponding surge in software vulnerabilities. In parallel, the evolving landscape of software vulnerability detection, highlighting the shift from traditional methods to machine learning and large language models (LLMs), provi...
Chapter
Full-text available
The goal of this chapter is to illuminate the operational frameworks, key actors, and significant cybersecurity implications of the malware as a service (MaaS) ecosystem. Highlighting the transformation of malware proliferation into a service-oriented model, the chapter discusses how MaaS democratises access to sophisticated cyberattack capabilitie...
Chapter
The constant arms race between malware authors and defenders has significantly raised the bar for both sides in terms of sophistication. One of the results of the above is that the bulk of modern malware comes in an obfuscated and packed form, armoured with several anti-analysis features. This is to prevent, or at least delay, their analysis, extra...
Article
Full-text available
The escalating complexity and impact of cyber threats require organisations to rehearse responses to cyber-attacks by routinely conducting cyber security exercises. However, the effectiveness of these exercises is limited by the exercise planners’ ability to replicate real-world scenarios in a timely manner that is, most importantly, tailored to th...
Article
Full-text available
The hospital at home concept integrates key digital medicine technologies and concepts in a single platform approach, with telemedicine, wearables, and sensors. It could bring benefits to patients, who face lower risks from hospital infections and who want to be at home with their loved ones. Moreover, it may lead to efficiency savings, through its...
Chapter
The COVID-19 epidemic has caused a significant and profound change in the worldwide tourism sector, leading to a transition from excessive tourism to a state of non-tourism. Consequently, previously bustling tourist locations have exhibited for years a haunting emptiness. Given the aforementioned circumstances, the present chapter explores the deep...
Chapter
Artificial intelligence (AI) is widely employed with efficacy across diverse domains. The field of smart tourism has the potential to be significantly transformed through the utilisation of AI. This is not surprising given that AI provides autonomous decision-making similar to that of humans, which in the travel industry enables personalized recomm...
Chapter
Although “smart tourism” has become a catchphrase, multiple interpretations and understandings exist, making it more of a nebulous term than a field with firm foundations. Aiming to contribute to the smart tourism literature, we have located, selected, categorised, and evaluated recent articles in computer science journals, proceedings, and confere...
Chapter
Currently, there are 6.8 billion smartphone users worldwide while, at the same time, people of all ages actively engage with social networking sites for business, socialising, dating, politics, and simple day-to-day communication. As of April 2022, approximately 4.65 billion individuals were accessing social media, according to Statista [48]. As th...
Chapter
Considering that Artificial Intelligence is a game-changer in the smart tourism business, one of our key contributions is the formal presentation of frameworks that leverage AI technologies in the context of smart tourism. The utilisation of user-captured photographs in the smart tourism context is one novel approach shared by both frameworks that...
Chapter
At the time of writing, there are 6.8 billion smartphone users worldwide and projections indicate that this number will surpass seven billion by 2024 [21]. That being the case, we focused on investigating how this portable technology could contribute to the development of smart cities and smart tourism. This extensive research led to a significant...
Chapter
As this book has delved deeply into the realm of smart tourism, with a secondary focus on smart cities, addressing key facets and intricacies within these domains, we now stand at a pivotal juncture, a chapter dedicated to “Open Questions and Future Directions.” Within this specific chapter, we explore the questions that remain unanswered, the gaps...
Chapter
Blockchain, also known as Distributed Ledger Technology (DLT), has garnered significant interest from scholars and professionals in various industries. Given this circumstance, our primary objective was to make a scholarly contribution by conducting a comprehensive analysis of the current state of blockchain technology in the smart tourism business...
Article
Full-text available
The fast pace of blockchain technology and cryptocurrencies’ evolution makes people vulnerable to financial fraud and provides a relatively straightforward monetisation mechanism for cybercriminals, in particular ransomware groups which exploit crypto’s pseudo-anonymity properties. At the same time, regulatory efforts for addressing crimes related...
Article
Full-text available
The collection and use of personal data are becoming more common in today’s data-driven culture. While there are many advantages to this, including better decision-making and service delivery, it also poses significant ethical issues around confidentiality and privacy. Text anonymisation tries to prune and/or mask identifiable information from a te...
Preprint
Typical users are known to use and reuse weak passwords. Yet, as cybersecurity concerns continue to rise, understanding the password practices of software developers becomes increasingly important. In this work, we examine developers' passwords on public repositories. Our dedicated crawler collected millions of passwords from public GitHub reposito...
Preprint
Full-text available
InterPlanetary File System~(IPFS) is one of the most promising decentralized off-chain storage mechanisms, particularly relevant for blockchains, aiming to store the content forever, thus it is crucial to understand its composition, deduce actor intent and investigate its operation and impact. Beyond the network functionality that IPFS offers, asse...
Article
Full-text available
Content generation that is both relevant and up to date with the current threats of the target audience is a critical element in the success of any cyber security exercise (CSE). Through this work, we explore the results of applying machine learning techniques to unstructured information sources to generate structured CSE content. The corpus of our...
Preprint
Full-text available
The collection and use of personal data are becoming more common in today's data-driven culture. While there are many advantages to this, including better decision-making and service delivery, it also poses significant ethical issues around confidentiality and privacy. Text anonymisation tries to prune and/or mask identifiable information from a te...
Preprint
Full-text available
The radical advances in telecommunications and computer science have enabled a myriad of applications and novel seamless interaction with computing interfaces. Voice Assistants (VAs) have become a norm for smartphones, and millions of VAs incorporated in smart devices are used to control these devices in the smart home context. Previous research ha...
Preprint
Despite the numerous pompous statements regarding 5G, it is indisputable that 5G creates a radical shift in telecommunications. The main reason is that 5G is an enabler of numerous applications we have long envisioned and either simulated or implemented in test environments, partially or on a smaller scale. 5G will soon unlock the potential of smar...
Article
Full-text available
Digital evidence underpin the majority of crimes as their analysis is an integral part of almost every criminal investigation. Even if we temporarily disregard the numerous challenges in the collection and analysis of digital evidence, the exchange of the evidence among the different stakeholders has many thorny issues. Of specific interest are cro...
Book
Full-text available
After the completion of its third year of operation in 2022, the CyberSec4Europe pilot project (https://cybersec4europe.eu/) produced this ”Blue Book” (and delivered it as Deliverable D4.7) to serve as a Horizon Research Roadmap in the area of cyber security. To make this book a reality, the project put together a ”Task Force” of young and senior r...
Preprint
Full-text available
Content generation that is both relevant and up to date with the current threats of the target audience is a critical element in the success of any Cyber Security Exercise (CSE). Through this work, we explore the results of applying machine learning techniques to unstructured information sources to generate structured CSE content. The corpus of our...
Article
Malware authors continuously evolve their code base to include counter-analysis methods that can significantly hinder their detection and blocking. While malware execution in a sandboxed environment may provide insightful feedback about what the malware does in a machine, anti-virtualisation and hooking evasion methods may allow malware to bypass s...
Preprint
Full-text available
Digital evidence underpin the majority of crimes as their analysis is an integral part of almost every criminal investigation. Even if we temporarily disregard the numerous challenges in the collection and analysis of digital evidence, the exchange of the evidence among the different stakeholders has many thorny issues. Of specific interest are cro...
Preprint
Malware authors are continuously evolving their code base to include counter-analysis methods that can significantly hinder their detection and blocking. While the execution of malware in a sandboxed environment may provide a lot of insightful feedback about what the malware actually does in a machine, anti-virtualisation and hooking evasion method...
Article
Many malware campaigns use Microsoft (MS) Office documents as droppers to download and execute their malicious payload. Such campaigns often use these documents because MS Office is installed on billions of devices and that these files allow the execution of arbitrary VBA code. Recent versions of MS Office prevent the automatic execution of VBA mac...
Article
The technological advance of drone technology has augmented the existing capabilities of flying vehicles rendering them a valuable asset of the modern society. As more drones are expected to occupy the airspace in the near future, security-related incidents, either malicious acts or accidents, will increase as well. The forensics analysis of a secu...
Chapter
In these last years, we are witnessing the constant evolution of technologies such as artificial intelligence, machine learning, blockchain, IoT, and cloud computing. At the same time, before the COVID-19 crisis, the tourism sector steadily increased its growth yearly, raising to be one of the dominant sectors worldwide, generating a wide number of...
Article
Full-text available
Due to its critical role in cybersecurity, digital forensics has received significant attention from researchers and practitioners alike. The ever increasing sophistication of modern cyberattacks is directly related to the complexity of evidence acquisition, which often requires the use of several technologies. To date, researchers have presented m...
Article
Full-text available
Cybersecurity is a never-ending battle against attackers, who try to identify and exploit misconfigurations and software vulnerabilities before being patched. In this ongoing conflict, it is important to analyse the properties of the vulnerability time series to understand when information systems are more vulnerable. We study computer systems’ sof...
Article
Full-text available
Microsoft Office may be by far the most widely used suite for processing documents, spreadsheets, and presentations. Due to its popularity, it is continuously utilised to carry out malicious campaigns. Threat actors, exploiting the platform’s dynamic features, use it to launch their attacks and penetrate millions of hosts in their campaigns. This w...
Article
Coronavirus has radically changed the world and our lives in many and various ways. During this crisis, the tourism sector was severely damaged globally, as, within some weeks, popular touristic places worldwide changed from over-tourism to non-tourism destinations. In order to address new challenges in this sector, a novel cloud-based framework is...
Chapter
The InterPlanetary File System (IPFS) is employed extensively nowadays by many blockchain projects to store personal data off-chain in order to comply with the Right to be Forgotten (RtbF) provision of the General Data Protection Regulation (GDPR). Nevertheless, upon an erasure request under the RtbF, the onus of removing the actual personal inform...
Chapter
In the previous chapter we analysed the impact of implementing the GDPR, and in particular the RtbF, in established IT environments and business processes. However, two advanced technological trends of our times used increasingly nowadays for storing and processing personal data, have been emerged in parallel and independently of the GDPR: the ubiq...
Chapter
The GDPR, being a legal document, follows a technology-agnostic approach so as not to bind the provisions of the law with current trends and state-of-the-art technologies in computer science and information technology. Yet, the technical challenges of aligning modern systems and processes with the GDPR provisions, and mainly with the Right to be Fo...
Chapter
The sudden outbreak of COVID-19 at the late 2019 has brought enormous hurdles globally to our everyday lives and to our society. In order to mitigate the impact of the pandemic and to control the dissemination of the coronavirus, governments worldwide have taken extreme surveillance measures which most of the times invade to individuals’ privacy an...
Chapter
Privacy in blockchains is rather complicated as it contradicts with some highly praised properties of blockchain such as immutability. Immutability is considered a cornerstone of blockchains’ security and, therefore, an indisputable property according to which transactional blockchain data cannot be edited nor deleted. However, blockchain’s immutab...
Chapter
Privacy nowadays is commonly discussed in the context of data protection. While privacy and data protection are not synonymous, they overlap to a great extent. In consequence, privacy —besides data protection—is always within the scope of contemporary data protection legislations. As both terms derive from well established fundamental human rights...
Chapter
Mobile sensing applications exploit big data to measure and assess human-behavioural modelling. However, big data profiling and automated decision practices, albeit powerful and pioneering, they are also highly unregulated and thereby unfair and intrusive. Their risk to privacy has been indeed identified as one of the biggest challenges faced by mo...
Chapter
The enforcement of the GDPR on the 25th of May 2018 has caused prolonged controversy due to the severe impact on the processing of personal data under this new regulation. Of its provisions, the most radical and controversial one is the “Right to be Forgotten” (RtbF). In simple terms, the RtbF—along with the provisions for withdrawing consent—allow...
Chapter
Modern technological advancements such as mobile ubiquitous computing and decentralized p2p networks rely on the collection, processing and sharing of vast amount of personal information which—when combined with big data and machine learning techniques—pose significant challenges to the rights of privacy and data protection. The GDPR, seeking to re...
Article
Blockchain DNS has emerged as an alternative solution to traditional DNS to address many of its inherent drawbacks. In this regard, a blockchain DNS approach is decentralised, resilient, provides high availability, and prevents censorship. Unfortunately, despite these desirable features, the major blockchain DNS solutions to date, Namecoin and Emer...
Preprint
Full-text available
Advanced persistent threats pose a significant challenge for blue teams as they apply various attacks over prolonged periods, impeding event correlation and their detection. In this work, we leverage various diverse attack scenarios to assess the efficacy of EDRs and other endpoint security solutions against detecting and preventing APTs. Our resul...
Preprint
Full-text available
Due to its critical role in cybersecurity, digital forensics has received much focus from researchers and practitioners. The ever increasing sophistication of modern cyberattacks is directly related to the complexity of evidence acquisition, which often requires the use of different technologies. To date, researchers have presented many surveys and...
Article
Programming errors in Ethereum smart contracts can result in catastrophic financial losses from stolen cryptocurrency. While vulnerability detectors can prevent vulnerable contracts from being deployed, this does not mean that such contracts will not be deployed. Once a vulnerable contract is instantiated on the blockchain and becomes the target of...
Article
Full-text available
Advanced persistent threats pose a significant challenge for blue teams as they apply various attacks over prolonged periods, impeding event correlation and their detection. In this work, we leverage various diverse attack scenarios to assess the efficacy of EDRs against detecting and preventing APTs. Our results indicate that there is still a lot...
Chapter
As the digitization of information-intensive processes gains momentum in nowadays, the concern is growing about how to deal with the ever-growing problem of cybercrime. To this end, law enforcement officials and security firms use sophisticated digital forensics techniques for analysing and investigating cybercrimes. However, multi-jurisdictional m...
Article
Full-text available
A crucial technical challenge for cybercriminals is to keep control over the potentially millions of infected devices that build up their botnets, without compromising the robustness of their attacks. A single, fixed C&C server, for example, can be trivially detected either by binary or traffic analysis and immediately sink-holed or taken-down by s...
Preprint
Full-text available
Cybercrime is continuously growing in numbers and becoming more sophisticated. Currently, there are various monetisation and money laundering methods, creating a huge, underground economy worldwide. A clear indicator of these activities is online marketplaces which allow cybercriminals to trade their stolen assets and services. While traditionally...
Preprint
The technological advance of drone technology has augmented the existing capabilities of flying vehicles rendering them a valuable asset of the modern society. As more drones are expected to occupy the airspace in the near future, security-related incidents, either malicious acts or accidents, will increase as well. The forensics analysis of a secu...
Preprint
Full-text available
With the continuous rise of malicious campaigns and the exploitation of new attack vectors, it is necessary to assess the efficacy of the defensive mechanisms used to detect them. To this end, the contribution of our work is twofold. First, it introduces a new method for obfuscating malicious code to bypass all static checks of multi-engine scanner...
Article
Nowadays, malware campaigns have reached a high level of sophistication, thanks to the use of cryptography and covert communication channels over traditional protocols and services. In this regard, a typical approach to evade botnet identification and takedown mechanisms is the use of domain fluxing through the use of Domain Generation Algorithms (...
Article
Web applications are widely used, and new ways for easier and cost-effective methods to develop them are constantly introduced. A common omission among the new development and implementation techniques when designing them is security; Node.js is no exception, as Server-Side JavaScript Injection (SSJI) attacks are possible due to the use of vulnerab...
Preprint
Full-text available
Programming errors in Ethereum smart contracts can result in catastrophic financial losses from stolen cryptocurrency. While vulnerability detectors can prevent vulnerable contracts from being deployed, this does not mean that such contracts will not be deployed. Once a vulnerable contract is instantiated on the blockchain and becomes the target of...
Preprint
Many malware campaigns use Microsoft (MS) Office documents as droppers to download and execute their malicious payload. Such campaigns often use these documents because MS Office is installed in billions of devices and that these files allow the execution of arbitrary VBA code. Recent versions of MS Office prevent the automatic execution of VBA mac...
Article
Dynamic malware analysis involves the debugging of the associated binary files and the monitoring of changes in sandboxed environments. This allows the investigator to manipulate the code execution path and environment to develop an understanding of the malware’s internal workings, aims and modus operandi. However, the malware may incorporate anti-...
Article
Full-text available
Social networks are evolving to engage their users more by providing them with more functionalities. One of the most attracting ones is streaming. Users may broadcast part of their daily lives to thousands of others world-wide and interact with them in real-time. Unfortunately, this feature is reportedly exploited for grooming. In this work, we pro...
Chapter
Full-text available
Ubiquitous computing systems are commonplace. They have opened the door to great benefits for society as a whole. However, they have to be used with care, otherwise they can cause serious risks for their users. In this chapter, we analyze the privacy risks of ubiquitous computing systems from a new individual-centred perspective based on five priva...
Chapter
Mobile devices have become an indispensable part of our daily lives. Practically, most of our everyday communication is performed through mobile devices which host third party apps and provide for various means of interaction with diverse levels of security. Android is by far the most widely used mobile operating system, with a user base in the sca...
Preprint
Full-text available
In this report, we analyse the latest campaign of Emotet that had a significant impact in several countries worldwide. We leverage the data of a specifically crafted dataset, which contains emails, documents, executables and domains from the latest campaign. The goal is to analyse the attack vector, map the infrastructure used in various stages of...
Chapter
Full-text available
During the last few years, there has been an upsurge of social media influencers who are part of the adult entertainment industry, referred to as Performers. To monetize their online presence, Performers often engage in practices which violate community guidelines of social media, such as selling subscriptions for accessing their private “premium”...
Preprint
Full-text available
During the last few years, there has been an upsurge of social media influencers who are part of the adult entertainment industry, referred to as Performers. To monetize their online presence, Performers often engage in practices which violate community guidelines of social media, such as selling subscriptions for accessing their private "premium"...
Preprint
Full-text available
A crucial technical challenge for cybercriminals is to keep control over the potentially millions of infected devices that build up their botnets, without compromising the robustness of their attacks. A single, fixed C&C server, for example, can be trivially detected either by binary or traffic analysis and immediately sink-holed or taken-down by s...
Chapter
Full-text available
Smartphone and smart devices, in general, have penetrated modern life, accompanying humans in the majority of their daily activities, realizing the era of IoT. This tight bond between mobile devices and humans has introduced numerous solutions and automation in people’s everyday living, however, it also comes with a cost, since we are more exposed...
Article
Full-text available
The current landscape of the core Internet technologies shows considerable centralisation with the big tech companies controlling the vast majority of traffic and services. This situation has sparked a wide range of decentralisation initiatives with blockchain technology being among the most prominent and successful innovations. At the same time, o...
Article
The InterPlanetary File System (IPFS) is employed extensively nowadays by many blockchain projects to store personal data off-chain to comply with the Right to be Forgotten (RtbF) requirement of the General Data Protection Regulation (GDPR), the new regulatory regime for personal data protection in the EU. In such a way, when a request for content...
Chapter
The YAKSHA project aims at reinforcing EU-ASEAN cooperation and building partnerships in cybersecurity domain by developing a solution tailored to specific national needs leveraging EU know-how and local knowledge. YAKSHA enhances cybersecurity readiness levels for its end-users, helps better prevent cyber-attacks, reduces cyber-risks and better go...
Preprint
Full-text available
As the digitization of information-intensive processes gains momentum in nowadays, the concern is growing about how to deal with the ever-growing problem of cybercrime. To this end, law enforcement officials and security firms use sophisticated digital forensics techniques for analyzing and investigating cybercrimes. However, multi-jurisdictional m...
Preprint
Full-text available
Human beings produce electronic waste (e-waste) at an unprecedented pace. Mobile phones and other inter-connected smart devices make a significant contribution to the generation of e-waste. Reverse logistics (RL) activities play an essential role in managing mobile phones during their end-of-life. However, remanufacturing and/or refurbishing of mob...

Network

Cited By