
Ioannis MavridisUniversity of Macedonia | UOM · Department of Applied Informatics
Ioannis Mavridis
Professor of Information Security
About
166
Publications
45,464
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
1,497
Citations
Introduction
http://infosec.uom.gr/en
Information Security (InfoSec) research & development at University of Macedonia
Additional affiliations
September 2002 - present
Publications
Publications (166)
Electrical grid is a complex system designed to deliver electricity from generation to consumers. The constantly changing energy consumption requirements, along with the technological evolution pave the way for the upgrading of the electrical grid. Internet of Things (IoT) increases the automation and intelligence of devices, reducing the need for...
In light of the ever-increasing complexity of cyber-physical systems (CPSs) and information technology networking systems (ITNs), cyber ranges (CRs) have emerged as a promising solution by providing theoretical and practical cybersecurity knowledge for participants' skill improvement toward a safe work environment. This research adds to the extant...
Despite the advancements in cybersecurity serious gaming, team-centric approaches have not been explored and the effectiveness of such approaches remains largely untapped. In this light, the maindesign trends and considerations of multiplayer and collaborative serious games are analyzed, along with weaknesses we identified in the field. Based on th...
Since its first steps in the cybersecurity field, Cyber Threat Intelligence (CTI) has gained recognition and increased its importance in the daily operations of cybersecurity teams. However, the many forms of CTI exchanged, the vast amount of CTI products, and the plurality of the sources have raised doubts about the CTI quality. This paper discuss...
With the increasing prevalence of chat-based social engineering (CSE) attacks targeting unsuspecting users, the need for robust defenses has never been more critical. In this paper, we introduce Chat-based Social Engineering Attack Recognition System (CSE-ARS), an innovative and effective CSE defense system. CSE-ARS employs a late fusion strategy t...
In this paper, an interactive learning experience is proposed, aiming to involve museum visitors in a personalized experience of the transmittal of cultural knowledge in an active and creative way. The proposed system, called HapticSOUND, consists of three subsystems: (a) the Information, where visitors are informed about the traditional musical in...
The Haptic Puzzle was a 3D gesture-based puzzle game developed to be deployed in a museum of ethnology. The Haptic Puzzle was designed according to the conceptual model for puzzle games, which was based on the four-dimensional framework. In this study, we explored the development process of the Haptic Puzzle, providing insight on the manner in whic...
Human-to-human dialogues constitute an essential research area for linguists, serving as a conduit for knowledge transfer in the study of dialogue systems featuring human-to-machine interaction. Dialogue systems have garnered significant acclaim and rapid growth owing to their deployment in applications such as virtual assistants (e.g., Alexa, Siri...
The need for effective training of cyber security personnel working in critical infrastructures and in the corporate has brought attention to the evolution of Cyber Ranges (CRs) as learning and training tools. Although CRs have been organized for many years, there is a lack of standards and common methodologies that facilitate their development and...
Cyber Threat intelligence (CTI) systems offer new capabilities in the arsenal of information security experts, who can explore new sources of data that were partially exploited during the past decades. This paper deals with the exploitation of discussion forums as a source of raw data for a cyber threat intelligence process. Specifically, it analyz...
Traditional attack detection approaches utilize predefined databases of known signatures about already-seen tools and malicious activities observed in past cyber-attacks to detect future attacks. More sophisticated approaches apply machine learning to detect abnormal behavior. Nevertheless, a growing number of successful attacks and the increasing...
Chat-based social engineering (CSE) attacks are attracting increasing attention in the Small-Medium Enterprise (SME) environment, given the ease and potential impact of such an attack. During a CSE attack, malicious users will repeatedly use linguistic tricks to eventually deceive their victims. Thus, to protect SME users, it would be beneficial to...
The COVID-19 pandemic further outlined the importance of global healthcare services provisioning for diagnosing and treating patients who tend to travel and live for large periods away from home and can be anywhere at any given time. Advances in technology enable healthcare practitioners to access critical data regarding a person’s health status to...
Cyber Threat Intelligence (CTI) is a new but promising field of information security, with many organizations investing in the development of proper tools and services and the integration of CTI related information. However, as a new field, there is a lack of a conceptual framework with corresponding definitions. This paper discusses CTI complexity...
Social engineering is widely recognized as the key to successful cyber-attacks. Chat-based social engineering (CSE) attacks are attracting increasing attention because of recent changes in the digital work environment. Sophisticated CSE attacks target human personality traits, and persuasion is regarded as the catalyst to successful CSE attacks. To...
HackLearn is a scenario-based hacking simulation game for teaching cybersecurity concepts while providing hands-on hacking experiences to the learners. HackLearn design is based on the COFELET framework, which assimilates modern learning theories, well-known cybersecurity standards, and built-in scaffolding and assessment features. Aiming at evalua...
Cyber threat information sharing is an imperative process towards achieving collaborative security, but it poses several challenges. One crucial challenge is the plethora of shared threat information. Therefore, there is a need to advance filtering of such information. While the state-of-the-art in filtering relies primarily on keyword- and domain-...
Consumer preferences for the use of an innovative menu solution in public canteen services in the UK, Greece, France, and Denmark were investigated. Participants from both control and test groups were first introduced to the FoodSMART app through a video clip as well as verbal explanations. The control group filled a questionnaire evaluating their...
Cyber security game-based learning is a new field that lacks design standards and common methodologies. To this end, the Conceptual Framework for eLearning and Training (COFELET) and the COFELET ontology have been proposed. COFELET is a framework that can be used as a guide for the design and evaluation of effective cyber security learning and trai...
Diet-related chronic disease is a global health epidemic giving rise to a high incidence of morbidity and mortality. With the rise of the digital revolution, there has been increased interest in using digital technology for eating behavioural change as a mean of diet-related chronic disease prevention. However, evidence on digital dietary behaviour...
Industry 4.0 adoption demands integrability, interoperability, composability, and security. Currently, integrability, interoperability and composability are addressed by next-generation approaches for enterprise systems integration such as model-based standards, ontology, business process model life cycle management and the context of business proc...
Many companies have cited lack of cyber-security as the main barrier to Industrie 4.0 or digitalization. Security functions include protection, detection, response and investigation. Cyber-attack investigation is important as it can support the mitigation of damages and maturing future prevention approaches. Nowadays, the investigation of cyber-att...
The Conceptual Framework for e-Learning and Training (COFELET) constitutes a design standard for the enhancement of cyber security education by guiding the development of effective game-based approaches (e.g., serious games). The COFELET framework envisages cyber security serious games as highly organized and parameterized learning environments whi...
Purpose
Advances have been made in the provision of nutritional and ingredient information on packaged food, however, there is a need to translate this to eating out reflecting consumer desire for greater transparency and knowledge of menu content. The purpose of this paper is to assess consumer’s preferences for food information presentation in f...
Compared to meals prepared at home, meals eaten out of home tend to contain more energy, total fat and saturated fat and it is here where consumers can have very little knowledge of the nutrient profile of the dish they are eating. The aim of the European Union‐funded FoodSMART project (www.foodsmartproject.net) was to develop an innovative technic...
BACKGROUND
Increasing pressure from governments, public health bodies, and consumers is driving a need for increased food-based information provision in eating-out situations. Meals eaten outside the home are known to be less healthy than meals eaten at home, and consumers can complain of poor information on the health impact and allergen content o...
Background:
Increasing pressure from governments, public health bodies, and consumers is driving a need for increased food-based information provision in eating-out situations. Meals eaten outside the home are known to be less healthy than meals eaten at home, and consumers can complain of poor information on the health impact and allergen content...
The political, social and economic part of society has been affected by the Internet and more broadly by cyberspace. The development and execution of cybersecurity strategies have been raised by country entities across the world because they have recognized the safeguard of cyberspace as crucial international issue. Although, the National Cybersecu...
FoodSMART: A mobile phone application to provide personalised information on the foods available in an eating out situation - Volume 77 Issue OCE3 - K.M. Appleton, J. Bray, I. Mavridis, A. Giboreau, F.J.A. Perez-Cueto, M. Ronge, H. Hartwell
Increase in usage of electronic communication tools (email, IM, Skype, etc.) in enterprise environments has created new attack vectors for social engineers. Billions of people are now using electronic equipment in their everyday workflow which means billions of potential victims of Social Engineering (SE) attacks. Human is considered the weakest li...
The Industrial Internet of Things (IIoT) is an ecosystem that consists of -- among others -- various networked sensors and actuators, achieving mainly advancements related with lowering production costs and providing workflow flexibility. Introducing access control in such environments is considered to be challenging, mainly due to the variety of t...
Increase in usage of electronic communication tools (email, IM, Skype, etc.) in enterprise environments has created new attack vectors for social engineers. Billions of people are now using electronic equipment in their everyday workflow which means billions of potential victims of Social Engineering (SE) attacks. Human is considered the weakest li...
In the current era of continuous technological advancements, new challenges and treats have surfaced regarding business information and information assets, such as information generation, processing, storage and distribution for organizations. Although, previous researches on business planning and Information Systems Planning have identified many i...
The growing concern on children's e-safety constitutes important the need to define innovative teaching approaches on young pupil's education. To this end, we examine the e-safety education provided to young children 9 to 11 years old and we present an analysis of the current e-safety didactic propositions. Based on our findings and the national pr...
Utilizing game based approaches for learning and training on cyber security is a way to foster innovative methods and effectively train learners in highly-motivating settings. In this work, we investigate related works on such approaches. Our study reveals only a limited set of works focusing on diverse target groups and methodologies and a lack of...
div class="title">Important information for the selection of workplace canteen meals: A consumer segmentation study
- Volume 75 Issue OCE3 - S. Price, K.M. Appleton, J. Bray, A. Giboreau, F.J.A. Perez-Cueto, I. Mavridis, M. Ronge, H. Hartwell
div class="title">Reasons for consuming in a workplace canteen, factors affecting meal choice, and the perceived value of additional information on workplace canteen meals
- Volume 75 Issue OCE3 - S. Price, K.M. Appleton, J. Bray, A. Giboreau, F.J.A. Perez-Cueto, I. Mavridis, M. Ronge, H. Hartwell
The integration of the information and communication technologies of cloud computing, Software Defined Networking (SDN) and Internet of Things (IoT) into traditional transportation infrastructures enables the evolution of Intelligent Transportation Systems (ITS). Moreover, the specific requirements for real-time applications and service provision n...
The workplace is a captive environment where the overall contribution of the meal served could be an important element of the overall diet. Despite growing demand little information is available to aid healthy dish selection. This study identifies information valued by consumers in the UK, Greece, Denmark and France using best-worst scaling. Value...
Information systems of modern enterprises are quite complex entities. This fact has influenced the overall information technology (IT) risk profile of the enterprise and it has become all the more critical now to have sound information systems that can maximize business performance of an enterprise. At this point, the practical challenge for enterp...
The protection of information infrastructures is important for the function of other infrastructure sectors. As vital parts for the information infrastructure operation, software-based platforms, face a series of vulnerabilities and threats. This paper aims to provide a complementary approach to existing vulnerability prediction solutions and launc...
In this paper, the Grooming Attack Recognition System (GARS) is presented. The main objectives of GARS are the real-time identification, assessment and control of cyber grooming attacks in favor of child protection. The system utilizes the processes of document classification, personality recognition, user history and exposure time recording to cal...
The cloud is a modern computing paradigm with the ability to support a business model by providing multitenacy, scalability, elasticity, pay as you go and self provisioning of resources by using broad network access. Yet, cloud systems are mostly bounded to single domains and collaboration among different cloud systems is an active area of research...
The increased complexity of modern access control (AC) systems stems partly from the need to support diverse and multiple administrative domains. Systems engineering is a key technology to manage this complexity since it is capable of assuring that an operational system will adhere to the initial conceptual design and defined requirements. Specific...
Cloud computing is an emergent technology that has generated significant interest in the marketplace and is forecasted for high growth. Moreover, Cloud computing has a great impact on different type of users from individual consumers and businesses to small and medium size (SMBs) and enterprise businesses. Although there are many benefits to adopti...
Purpose
– The purpose of this paper is to investigate hazards for minor users while they are exposed to social networks. In particular, it provides the statistical relationship of these hazards with the exposure time as well as the amount of published personal information.
Design/methodology/approach
– An experiment was conducted that has revealed...
The security related characteristics of entities, the contextual information that describes them and the previous or concurrent usages exercised in the system are the criteria that the Usage CONtrol (UCON) family of models utilizes in the usage decision process. In this paper, a detailed classification of the aforementioned criteria along with a re...
The increasing adoption of mobile communication through SMS (Short Message Service) messages by young people, has attracted pedophiles to perform sexual exploitation attacks. Artemis is an Android application that aims to protect minors by recognizing such attacks using advanced classification techniques. In case of high exploitation risk, a warnin...
Usage CONtrol (UCON) is a next generation access control model enhanced with capabilities presented in trust and digital rights management. However, modern computing environments are usually introducing complex usage scenarios. Such a complexity results in involving a large number of entities and in utilizing multi party contextual information duri...
In this paper, a new Use-based usage CONtrol (UseCON) approach that supports recording of usages with the help of a new entity, named use, is presented. Uses provide information for the latest state (requested, active, denied, completed or terminated) of every usage and facilitate the fine-grained definition and proper association of attributes to...
Modern collaborative systems such as the Grid computing paradigm are capable of providing resource sharing between users and platforms. These collaborations need to be done in a transparent way among the participants of a virtual organization (VO). A VO may consist of hundreds of users and heterogeneous resources. In order to have a successful coll...
Completeness of metadata is one of the most essential characteristics of their quality. An incomplete metadata record is a record of degraded quality. Existing approaches to measure metadata completeness limit their scope in counting the existence of values in fields, regardless of the metadata hierarchy as defined in international standards. Such...
In recent years, grid computing has become the focal point of science and enterprise computer environments. Access control in grid computing systems is an active research area given the challenges and complex applications. First, a number of concepts and terminology related to the area of grid access control are provided. Next, an analysis of the R...
Social networks induce several hazards to children, which are correlated with the amount of time that children are exposed to those networks. To this end, this work investigates the relation of the aforementioned hazards with the exposure time. To address this issue, we adopt techniques used in survival analysis. These techniques involve the estima...
Today advancements in information technology have led to multi-user information systems of high complexity, where users can group, collaborate and share resources. The variety of such systems include a wide range of applications such as collaborative document sharing and editing, social networks, work flow management systems, mobile location based...
In recent years, grid computing has become the focal point of science and enterprise computer environments. Access control in grid computing systems is an active research area given the challenges and complex applications. First, a number of concepts and terminology related to the area of grid access control are provided. Next, an analysis of the R...
Although Classical Test Theory has been used by the measurement community for almost a century, Item Response Theory has become commonplace for educational assessment development, evaluation and refinement in recent decades. Its potential for improving test items as well as eliminating the ambiguous or misleading ones is substantial. However, in or...
IEEE 802.11e is the indisputable standard for supporting multimedia traffic in modern Wireless Local Area Networks. However, it has been proven incapable of handling efficiently multimedia flows in congested networks. The main reason for this suboptimal behavior roots from the static nature of resource allocation specified in IEEE 802.11e. Dynamic...
Access control technology holds a central role in achieving trustworthy management of personally identifiable information in modern information systems. In this article, a privacy-sensitive model that extends Role-Based Access Control (RBAC) to provide privacy protection through fine-grained and just-in-time access control in Web information system...
Grooming attack recognition is a complex issue that is difficult to address using simple word matching in order to identify potential hazard for minor users. In this paper, the utilization of document classification to create patterns from real dialogs is proposed. Furthermore, a decision making method that results in generating proper warning sign...
Wireless Local Area Networks (WLANs) supporting
modern streaming multimedia applications constitute a very
challenging and rapidly changing field of research. Towards
implementing effective multimedia wireless networks, the
IEEE has published the “state of the art” IEEE 802.11e
standard, which introduced a QoS-aware MAC-layer along
with a series of...
The evolution of telecommunications, information and multimedia technologies compel for the design of platforms that support the e-learning processes in a multimodal variety. These platforms benefit from the web resources to enhance their courses. However, the structure of the web is labyrinthine and the facilitation of the learner to the personali...
Current research on web-based learning systems focuses on providing adaptation as part of usability and learnability aspects of these systems. Working in this direction, the (asynchronous adaptive learning and evaluation system) has been developed, which provides new opportunities to the transfer of knowledge between educators and learners by widel...
Dynamic inter-domain collaborations and resource sharing comprise two key characteristics of mobile Grid systems. However, interdomain collaborations have proven to be vulnerable to conflicts that can lead to privilege escalation. These conflicts are detectable in interoperation policies, and occur due to cross-domain role relationships. In additio...
CASSIOPEIA), που αποσκοπεί στη βελτίωση των συνθηκών επίβλεψης και ελέγχου ενός διαδικτυακού διακοµιστή από το διαχειριστή του, ώστε να ενισχύεται η δυνατότητα άµεσης αντίδρασης, ακόµη και από απόσταση, σε περίπτωση κρίσιµων για την ασφάλεια του συστήµατος συµβάντων. ΛΕΞΕΙΣ ΚΛΕΙ∆ΙΑ Ασφάλεια πληροφοριών, οπτικοποίηση δεδοµένων, κινητά υπολογιστικά σ...