George Loukas

• PhD in Network Security, Imperial College London
• Head of Centre at University of Greenwich

The increasing number of domestic Internet of Things (IoT) devices in our lives leads to numerous benefits, but also comes with an increased risk of cybersecurity breaches. These breaches have psychological consequences for the users. We examined the nature of the psychological impact of cybersecurity breaches on domestic IoT by investigating emoti...

Over the last two decades, there has been growing realisation that the user is not the weakest link in cybersecurity. Involving the user in a human-in-the-loop fashion in the process of security can have benefits in several aspects, including in cyber intrusion detection. The human-as-a-security-sensor paradigm has shown that it is possible to invo...

In this paper we present results from a qualitative field study on explainable AI (XAI) for lay users (n = 18) who were subjected to AI cyberattacks. The study was based on a custom-built smart heating application called Squid and was conducted over seven weeks in early 2023. Squid combined a smart radiator valve installed in participant homes with...

With the emergence of technology and the usage of a large number of smart devices, cyber threats are increasing. Therefore, research studies have shifted their attention to detecting Android malware in recent years. As a result, a reliable and large-scale malware dataset is essential to build effective malware classifiers. In this paper, we have cr...

With the Internet of Things (IoT) becoming increasingly prevalent in people’s homes, new threats to residents are emerging such as the cyber-physical attack, i.e. a cyber-attack with physical consequences. In this study, we aimed to gain insights into how people experience and respond to cyber-physical attacks to their IoT devices. We conducted a n...

The Internet of Things (IoT) continues to grow at a rapid pace, becoming integrated into the daily operations of individuals and organisations. IoT systems automate crucial services within daily life that users may rely on, which makes the assurance of security towards entities such as devices and information even more significant. In this paper, w...

The Internet of Things (IoT) continues to grow at a rapid pace, becoming integrated into the daily operations of individuals and organisations. IoT systems automate crucial services within daily life that users may rely on, which makes the assurance of security towards entities such as devices and information even more significant. In this paper, w...

The MITRE ATT&CK framework, a comprehensive knowledge base of adversary tactics and techniques, has been widely adopted by the cybersecurity industry as well as by academic researchers. Its broad range of industry applications include threat intelligence, threat detection, and incident response, some of which go beyond what it was originally design...

The increase in the complexity and sophistication of multi-stage cyber attacks, such as advanced persistent threats, paired with the large volume of data produced by modern systems and networks, have made forensic investigations more demanding in knowledge and resources. Thus, it is essential that cyber forensic investigators are supported to opera...

Although Virtual Reality (VR) is certainly not a new technology, its recent adoption across several sectors beyond entertainment has led the information security research community to take note of the new cyber threats that come with it. The variety of system components presents an extensive attack surface that can be exploited. At the same time, V...

The articles in this special section focus on efforts to combat misinformation in the news and media. With misinformation spreading more rapidly and more broadly than reliable information, the serious impact of the resulting “infodemic” is evident globally, in areas ranging from health to politics and even invasion and war. Although the originators...

The Internet of Vehicles (IoV), whereby interconnected vehicles that communicate with each other and with road infrastructure on a common network, has promising socio-economic benefits but also poses new cyber-physical threats. To protect these entities and learn about adversaries, data on attackers can be realistically gathered using decoy systems...

The Internet of Vehicles (IoV), whereby interconnected vehicles communicate with each other and with road infrastructure on a common network, has promising socio-economic benefits but also poses new cyber-physical threats. Data on vehicular attackers can be realistically gathered through cyber threat intelligence using systems like honeypots. Admit...

Virtual Reality (VR) is expected to become an enabling technology for training in realistic conditions, data visualisation, education and many other applications. However, there is still limited research on cyber threats to VR environments and even less on technical protections against them. We are currently developing a VR testbed specifically des...

The use of anti-forensic techniques is a very common practice that stealthy adversaries may deploy to minimise their traces and make the investigation of an incident harder by evading detection and attribution. In this paper, we study the interaction between a cyber forensic Investigator and a strategic Attacker using a game-theoretic framework. Th...

Identifying the origin of information posted on social media and how this may have changed over time can be very helpful to users in determining whether they trust it or not. This currently requires disproportionate effort for the average social media user, who instead has to rely on fact-checkers or other intermediaries to identify information pro...

Cyber attacks consisting of several attack actions can present considerable challenge to forensic investigations. Consider the case where a cybersecurity breach is suspected following the discovery of one attack action, for example by observing the modification of sensitive registry keys, suspicious network traffic patterns, or the abuse of legitim...

The modern Internet of Things (IoT)-based smart home is a challenging environment to secure: devices change, new vulnerabilities are discovered and often remain unpatched, and different users interact with their devices differently and have different cyber risk attitudes. A security breach’s impact is not limited to cyberspace, as it can also affec...

The use of Internet of Things (IoT) devices within the home has become more popular in recent years and with the COVID-19 pandemic more employees are working from home. Risk management has become decentralised, which is problematic for organisations since potential risks towards the company can not be controlled in a standardised and formal way. On...

Background: With the ever-expanding interconnectedness through internet, and especially with the recent development of the Internet of Things (IoT), people are increasingly at risk for cybersecurity breaches that can have far-reaching consequences for one’s personal and professional lives, with psychological and mental health ramifications. Objecti...

Background With the ever-expanding interconnectedness of the internet and especially with the recent development of the Internet of Things, people are increasingly at risk for cybersecurity breaches that can have far-reaching consequences for their personal and professional lives, with psychological and mental health ramifications. Objective We aim...

Identifying the provenance of information posted on social media and how this information may have changed over time can be very helpful in assessing its trustworthiness. Here, we introduce a novel mechanism for discovering "post-based" information cascades, including the earliest relevant post and how its information has evolved over subsequent po...

Using the “technology as the solution” line of thought but with the added twist of putting a human in the loop, a team of eight coauthors led by Greek academic Panagiotis Monachelis proposes to combine peer-to-peer decentralized networks and blockchain technology to address the challenge of misinformation in social media. The authors provide a deta...

The increasing adoption of IoT devices in households has the potential to make life easier and more convenient, but it also poses a greater challenge to system security since several IoT devices are not yet adequately protected against cybersecurity breaches. Understanding the psychological impact of cybersecurity breaches from the user’s perspecti...

Proxy signature is a very useful technique which allows the original signer to delegate the signing capability to a proxy signer to perform the signing operation. It finds wide applications especially in the distributed environment where the entities such as the wireless sensors are short of computational power and needed to be convinced to the aut...

An important motivation for research in location privacy has been to protect against user profiling, i.e., inferring a user's political affiliation, wealth level, sexual preferences, religious beliefs and other sensitive attributes. Existing approaches focus on distorting or suppressing individual locations, but we argue that, for directly protecti...

Phishing, user account takeovers, and other computing-related threats have made it easy for criminals to deceive people for financial and other gain. It is now considered standard practice for an advanced cyberattack, even a highly technical one, to start in a nontechnical manner: a spearphishing email deceiving an organization’s employees into pro...

Cyber hygiene measures are often recommended for strengthening an organization’s security posture, especially for protecting against social engineering attacks that target the human element. However, the related recommendations are typically the same for all organizations and their employees, regardless of the nature and the level of risk for diffe...

Cyber hygiene measures are often recommended for strengthening an organization's security posture, especially for protecting against social engineering attacks that target the human element. However, the related recommendations are typically the same for all organizations and their employees, regardless of the nature and the level of risk for diffe...

Users of traditional centralised social media networks have limited knowledge about the original source of information and even less about its trustworthiness and how this information has spread and been modified. Existing media verification tools include websites or browser add-ons that are closed-source or centralised, or they do not include user...

Once diagnosed with cancer, a patient goes through a series of diagnosis and tests, which are referred to as "after cancer treatment". Due to the nature of the treatment and side effects, maintaining quality of life (QoL) in the home environment is a challenging task. Sometimes, a cancer patient's situation changes abruptly as the functionality of...

The majority of machine learning methodologies operate with the assumption that their environment is benign. However, this assumption does not always hold, as it is often advantageous to adversaries to maliciously modify the training (poisoning attacks) or test data (evasion attacks). Such attacks can be catastrophic given the growth and the penetr...

Computation offloading is one of the primary technological enablers of the Internet of Things (IoT), as it helps address individual devices’ resource restrictions. In the past, offloading would always utilise remote cloud infrastructures, but the increasing size of IoT data traffic and the real-time response requirements of modern and future IoT ap...

The increasing adoption of IoT devices in households has the potential to make life easier and more convenient, but it also poses a greater challenge to system security as many IoT devices are not yet well protected against cybersecurity breaches. Understanding the psychological impact of cybersecurity breaches from the user's perspective is releva...

Crowdsourcing has been pursued as a way to leverage the power of the crowd for many different purposes in diverse sectors from collecting information, aggregating funds, and gathering employees to perform tasks of different sizes among other targets. Data integrity and nonrepudiation are of utmost importance in these systems and are currently not g...

Blockchain's properties in addressing trust in highly decentralized environments can make it an enabler for novel sharing economy services. In this paper, we demonstrate the practicality of blockchain-based Secure IoT as a Service (SIoTaaS), where an IoT device can be rented from a service provider, securely and in a privacy-preserving fashion. Our...

Social networks are the prime channel for the spreading of computer viruses. Yet the study of their propagation neglects the temporal nature of social interactions and the heterogeneity of users' susceptibility. Here, we introduce a theoretical framework that captures both properties. We study two realistic types of viruses propagating on temporal...

Encryption technologies have become one of the most prevalent solutions to safeguard data confidentiality in may real-world applications, e.g., cloud-based data storage systems. Encryption outputting a relatively “static” format of encrypted data, however, may hinder further data operations, for example, encrypted data may need to be “transformed”...

Social networks have gradually turned into prime means for the spreading of computer viruses, especially of those that employ social engineering deception strategies. Yet the study of their propagation typically neglects the temporal nature of social interactions, as well as that the susceptibility of online users is not homogenous. Conversely, the...

Mobile edge computing (MEC) is being introduced and leveraged in many domains, but few studies have addressed MEC for secure in-home therapy management. To this end, this paper presents an in-home therapy management framework, which leverages the IoT nodes and the blockchain-based decentralized MEC paradigm to support low-latency, secure, anonymous...

Phishing, drive-by downloads, file and multimedia masquerading, domain typosquatting, malvertising and other semantic social engineering attacks aim to deceive the user rather than exploit a technical flaw to breach a system's security. We start with a chronological overview to illustrate the growing prevalence of such attacks from their early ince...

With the growing threat of cyber and cyber-physical attacks against automobiles, drones, ships, driverless pods and other vehicles, there is also a growing need for intrusion detection approaches that can facilitate defence against such threats. Vehicles tend to have limited processing resources and are energy-constrained. So, any security provisio...

In the past, home automation was a small market for technology enthusiasts. Interconnectivity between devices was down to the owner's technical skills and creativity, while security was non-existent or primitive, because cyber threats were also largely non-existent or primitive. This is not the case any more. The adoption of Internet of Things tech...

The notion that the human user is the weakest link in information security has been strongly, and, we argue, rightly contested in recent years. Here, we take a step further showing that the human user can, in fact, be the strongest link for detecting attacks that involve deception, such as application masquerading, spearphishing, WiFi evil twin and...

Detection of cyber attacks against vehicles is of growing interest. As vehicles typically afford limited processing resources, proposed solutions are rule-based or lightweight machine learning techniques. We argue that this limitation can be lifted with computational offloading commonly used for resource-constrained mobile devices. The increased pr...

The use of serious games to introduce the police and the public to the use of social media tools in community policing.

Occupancy detection is beneficial for applications such as emergency management and building energy management, as it provides information on the location of occupants. Internet of Things (IoT) devices such as Bluetooth Low Energy (BLE) beacons installed in a building can benefit the performance of occupancy detection systems, by providing informat...

Internet connection records can be very useful to digital forensic analysts in producing Internet history timelines and making deductions about the cause and effect of activity. However, the available data may include only a subset of the data that would be available from physical extraction. For example, the new UK legislation allows the collectio...

Robotic vehicles and especially autonomous robotic vehicles can be attractive targets for attacks that cross the cyber-physical divide, that is cyber attacks or sensory channel attacks affecting the ability to navigate or complete a mission. Detection of such threats is typically limited to knowledge-based and vehicle-specific methods, which are ap...

In a number of information security scenarios, human beings can be better than technical security measures at detecting threats. This is particularly the case when a threat is based on deception of the user rather than exploitation of a specific technical flaw, as is the case of spear-phishing, application spoofing, multimedia masquerading and other s...

The Human-as-a-Sensor (HaaS) paradigm, where it is human users rather than automated sensor systems that detect and report events or incidents has gained considerable traction over the last decades, especially as Internet-connected smartphones have helped develop an information sharing culture in society. In the law enforcement and civil protection...

Occupancy detection of a building has a wide range of applications. Areas such as emergency management, home automation and building energy management can benefit from the knowledge of occupants' locations to provide better results and improve their efficiency. Bluetooth Low Energy (BLE) beacons installed inside a building are able to provide infor...

Activity recognition in indoor spaces benefits context awareness and improves the efficiency of applications related to personalised health monitoring, building energy management, security and safety. The majority of activity recognition frameworks, however, employ a network of specialised building sensors or a network of body-worn sensors. As this...

Security is one of the key challenges in cyber-physical systems, because by their nature, any cyber attack against them can have physical repercussions. This is a critical issue for autonomous vehicles; if compromised in terms of their communications or computation they can cause considerable physical damage due to their mobility. Our aim here is t...

Being able to detect in real-time the activity performed by a user in a home setting provides highly valuable context. It can allow more effective use of novel technologies in a large variety of applications, from comfort and safety to energy efficiency, remote health monitoring and assisted living. In a home setting, activity recognition has been...

A reliable estimation of an area's occupancy can be beneficial to a large variety of applications, and especially in relation to emergency management. For example, it can help detect areas of priority and assign emergency personnel in an efficient manner. However, occupancy detection can be a major challenge in indoor environments. A recent technol...

While the human as a sensor concept has been utilised extensively for the detection of threats to safety and security in physical space, especially in emergency response and crime reporting, the concept is largely unexplored in the area of cyber security. Here, we evaluate the potential of utilising users as human sensors for the detection of cyber...

Being able to reliable estimate the occupancy of areas inside a building can prove beneficial for managing an emergency situation, as it allows for more efficient allocation of resources such as emergency personnel. In indoor environments, however, occupancy detection can be a very challenging task. A solution to this can be provided by the use of...

Semantic social engineering attacks are a pervasive threat to computer and communication systems. By employing deception rather than by exploiting technical vulnerabilities, spear-phishing, obfuscated URLs, drive-by downloads, spoofed websites, scareware and other attacks are able to circumvent traditional technical security controls and target the...

Computation offloading has been used and studied extensively in relation to mobile devices. That is because their relatively limited processing power and reliance on a battery render the concept of offloading any processing/energy-hungry tasks to a remote server, cloudlet or cloud infrastructure particularly attractive. However, the mobile device's...

Autonomous cyber physical systems are increasingly common in a wide variety of application domains, with a correspondingly wide range of functionalities and types of sensing and actuation. At the same time, the variety and frequency of cyber attacks is increasing in correspondence with the increasing popularity and functionality of these systems, f...

While the human as a sensor concept has been utilised extensively for the detection of threats to safety and security in physical space, especially in emergency response and crime reporting, the concept is largely unexplored in the area of cyber security. Here, we evaluate the potential of utilising users as human sensors for the detection of cyber...

This paper proposes a new approach to the forensic investigation of Internet history artefacts by aggregating the history from a recovered device into sessions and comparing those sessions to other sessions to determine whether they are one-time events or form a repetitive or habitual pattern. We describe two approaches for performing the session a...

Social engineering is used as an umbrella term for a broad spectrum of computer exploitations that employ a variety of attack vectors and strategies to psychologically manipulate a user. Semantic attacks are the specific type of social engineering attacks that bypass technical defences by actively manipulating object characteristics, such as platfo...

Successfully performing a meaningful cyber-physical attack requires research, reconnaissance, and an ability to discover exploitable vulnerabilities and appropriate entry points, in the process ensuring to hide one’s traces and evade detection. In this chapter, we provide examples for each stage of the attack process, with a particular emphasis on...

The traditional families of protection mechanisms used in cyberspace are largely applicable on cyber-physical systems but not always in the same manner or with the same effectiveness as on conventional computer systems. For example, whitelisting approaches tend to be more effective than blacklisting ones, protection of integrity and availability ma...

Although the concept of a cyber-physical attack is not new, in recent years we have become so dependent on computerized and networked systems that such attacks are now considered a key threat to critical national infrastructures and a realistic threat to private cars, home automation devices, and even pacemakers. Cyber-physical security incidents c...

Being an area of engineering that the information security community had largely ignored in the past, industrial control systems traditionally have been built with an emphasis on efficiency and safety but not on security. In recent years, scientific experiments, such as the Aurora Generator Test, and high-profile real-world attacks, such as Stuxnet...

Conventional cyber attacks affect primarily the confidentiality, integrity, and availability of data and services in cyberspace. Cyber-physical attacks are the particular category of cyber attacks that, whether intentionally or not, also adversely affect physical space by targeting the computational and communication infrastructure that allows peop...

Cyber-physical attacks are not the only attacks that exploit interactions between cyberspace and physical space. The reverse, where an attack in physical space aims to affect the availability, integrity, or confidentiality of information in cyberspace, is by no means new or uncommon. During war, telecommunication cables have always been a prime tar...

For reasons of performance, functionality, energy efficiency, and convenience, modern cyber-physical systems are highly automated and heavily dependent on a variety of sensing, computational, and communication technologies. These advantages, however, come at the expense of security. In this chapter, we explore the cyber-physical vulnerabilities of...

Mobile cyber-physical systems, such as automobiles, drones and robotic vehicles, are gradually becoming attractive targets for cyber attacks. This is a challenge because intrusion detection systems built for conventional computer systems tend to be unsuitable. They can be too demanding for resource-restricted cyber-physical systems or too inaccurat...

Intrusion detection systems designed for conventional computer systems and networks are not necessarily suitable for mobile cyber-physical systems, such as robots, drones and automobiles. They tend to be geared towards attacks of different nature and do not take into account mobility, energy consumption and other physical aspects that are vital to...

Computer security would arguably benefit from more information on the characteristics of the particular human attacker behind a security incident. Nevertheless, technical security mechanisms have always focused on the at-tack's characteristics rather than the attacker's. The latter is a challenging problem , as relevant data cannot easily be found....

A modern Digital Forensic examination, even on a small-scale home computer typically involves searching large-size hard disk drive storage, a variety of host and web-based applications which may or may not be known to the investigator, and a proliferation of web-based Internet history artefacts that may be highly significant to showing the motivati...

Route selection in cognitive packet networks CPNs occurs continuously for active flows and is driven by the users' choice of a quality of service QoS goal. Because routing occurs concurrently to packet forwarding, CPN flows are able to better deal with unexpected variations in network status, while still achieving the desired QoS. Random neural net...

Responding to an emergency situation is a challenging and time critical procedure. The primary goal is to save lives and this is directly related to the speed and efficiency at which help is provided to the victims. Rescue robots are able to benefit an emergency response procedure by searching for survivors, providing access to inaccessible areas a...

The first hurdle for carrying out research on cloud computing is the development of a suitable research platform. While cloud computing is primarily commercially-driven and commercial clouds are naturally realistic as research platforms, they do not provide to the scientist enough control for dependable experiments. On the other hand, research carr...

Emergency planners, first responders and relief workers increasingly rely on computational and communication systems that support all aspects of emergency management, from mitigation and preparedness to response and recovery. Failure of these systems, whether accidental or because of malicious action, can have severe implications for emergency mana...

Emergency management is increasingly dependent on networks for information gathering, coordination and physical system control, and consequently is increasingly vulnerable to network failures. A cyber attack could cause such network failures intentionally, so as to impede the work of first responders and maximise the impact of a physical emergency....

In this chapter we first consider what constitutes cyber terrorism, to distinguish such events from other forms of cybercrime, and to establish a rationale for that distinction. We discuss some of the characteristics of cyber terrorist events in comparison with cybercriminal events, and the changes that have occurred, socially and technologically,...

Emergency planners, first responders and relief workers increasingly rely on computational and communication systems that support all aspects of emergency management, from mitigation and preparedness to response and recovery. Failure of these systems, whether accidental or because of malicious action, can have severe implications for emergency manag...

While existing security mechanisms often work well against most known attack types, they are typically incapable of addressing semantic attacks. Such attacks bypass technical protection systems by exploiting the emotional response of the users in unusual technical configurations rather than by focussing on specific technical vulnerabilities. We sho...

This paper addresses the approach taken by the C-SAFE (Cyber-Security, Auditing, Forensics, Education) team at the University of Greenwich when asked to produce a one week course for physical security experts who wished to know more about cyber security technologies. This paper discusses the expectations of both teachers and learners and their resu...