Research Student Profile

Home People Profile...

Dr Maria Papadaki PhD

Brief biographical information

maria.papdaki@plymouth.ac.uk

Access thesis on-line

Classifying and responding to network intrusions

Intrusion detection systems (IDS) have been widely adopted within the IT community, as passive monitoring tools that report security related problems to system administrators. However, the increasing number and evolving complexity of attacks, along with the growth and complexity of networking infrastructures, has led to overwhelming numbers of IDS alerts, which allow significantly smaller timeframe for a human to respond. The need for automated response is therefore very much evident. However, the adoption of such approaches has been constrained by practical limitations and administrators’ consequent mistrust of systems’ abilities to issue appropriate responses.

The thesis presents a thorough analysis of the problem of intrusions, and identifies false alarms as the main obstacle to the adoption of automated response. A critical examination of existing automated response systems is provided, along with a discussion of why a new solution is needed. The thesis determines that, while the detection capabilities remain imperfect, the problem of false alarms cannot be eliminated. Automated response technology must take this into account, and instead focus upon avoiding the disruption of legitimate users and services in such scenarios. The overall aim of the research has therefore been to enhance the automated response process, by considering the context of an attack, and investigate and evaluate a means of making intelligent response decisions.

The realisation of this objective has included the formulation of a response-oriented taxonomy of intrusions, which is used as a basis to systematically study intrusions and understand the threats detected by an IDS. From this foundation, a novel Flexible Automated and Intelligent Responder (FAIR) architecture has been designed, as the basis from which flexible and escalating levels of response are offered, according to the context of an attack. The thesis describes the design and operation of the architecture, focusing upon the contextual factors influencing the response process, and the way they are measured and assessed to formulate response decisions. The architecture is underpinned by the use of response policies which provide a means to reflect the changing needs and characteristics of organisations.

The main concepts of the new architecture were validated via a proof-of-concept prototype system. A series of test scenarios were used to demonstrate how the context of an attack can influence the response decisions, and how the response policies can be customised and used to enable intelligent decisions. This helped to prove that the concept of flexible automated response is indeed viable, and that the research has provided a suitable contribution to knowledge in this important domain.

Dr Maria Papadaki

Director of studies: Dr Steven M. Furnell
Other supervisors: Dr Benn Lines, Prof. Paul Reynolds

Journal papers

The impact of security and its antecedents in behaviour intention of using e-government services
Alharbi N, Papadaki M, Dowland PS
Journal of Behaviour and Information Technology, ISSN: 0144-929X, Vol 36, Iss 6, pp620-636, 2017
More details | External link available

Graphical One-Time Password (GOTPass): A usability evaluation
Alsaiari H, Papadaki M, Dowland PS, Furnell SM
Information Security Journal: a Global Perspective, ISSN: 1939-3547, Vol 25, Iss 1-3, pp94-108, 2016
More details | External link available

Secure Graphical One Time Password (GOTPass): An Empirical Study
Alsaiari H, Papadaki M, Dowland PS, Furnell SM
Information Security Journal: A Global Perspective, 24, pp207-220, 2015
More details | External link available

Security Factors Influencing End Users' Adoption of E-Government
Alharbi N, Papadaki M, Dowland PS
Journal of Internet Technology and Secured Transaction (JITST), Volume 3, Issues 3/4, pp320-328, 2014
More details | External link available

FHSD: An Improved IP Spoof Detection Method for Web DDoS Attacks
Shiaeles SN, Papadaki M
The Computer Journal, Vol. 58, No.4, pp892-903, 2014
More details | External link available

Active authentication for mobile devices utilising behaviour profiling
Li F, Clarke NL, Papadaki M, Dowland PS
International Journal of Information Security, Volume 13, Issue 3, pp229-244, ISSN:1615-5262, 2014
More details | External link available

A response selection model for intrusion response systems: Response Strategy Model (RSM)
Anuar NB, Papadaki M, Furnell SM, Clarke NL
Security and Communication Networks, 2013
More details | External link available

Application Outsourcing in Europe: Long-term Outcomes, Success Factors and Implications for IT Industrialisation
Kronawitter K, Wentzel C, Papadaki M
Issues in Information Systems, Volume 13, Issue 2, pp. 369 - 379, 2012
More details | External link available

Incident prioritisation using analytic hierarchy process (AHP): Risk Index Model (RIM)
Anuar NB, Papadaki M, Furnell SM, Clarke NL
Security and Communication Networks, 2012
More details | External link available

Evaluation of anomaly-based IDS for mobile devices using machine learning classifiers
Damopoulos D, Menesidou SA, Kambourakis G, Papadaki M, Clarke NL, Gritzalis S
Security and Communication Networks, vol. 5, issue 1, 2012
More details | External link available

Misuse Detection for Mobile Devices Using Behaviour Profiling
Li F, Clarke NL, Papadaki M, Dowland PS
International Journal of Cyber Warfare & Terrorism, Volume 1, Issue 1, pp43-55, ISSN: 1947-3435, 2011
More details | External link available

Online Addiction: A Cultural Comparison of Privacy Risks in Online Gaming Environments
Sanders B, Dowland PS, Atkinson S, Zahra D, Furnell SM, Papadaki M
Journal of Multimedia Processing Technologies, vol. 1, no. 3, September, pp181-193, ISSN: 0976-4127, 2010
More details | External link available

A preliminary two-stage alarm correlation and filtering system using SOM neural network and K-means algorithm
Tjhai GC, Furnell SM, Papadaki M, Clarke NL
Computers & Security, Volume 29, Issue 6, pp712-723 , 2010
More details | External link available

IT-Outsourcing in Banking Industry – Stage of Maturity Model as Strategic Approach
Kronawitter K, Wentzel C, Turetschek G, Papadaki M
Bayreuth Reports on Information Systems Management, No. 40, pp95-104, 2009
More details | External link available

Social engineering: assessing vulnerabilities in practice
Bakhshi T, Papadaki M, Furnell SM
Information Management and Computer Security, vol. 17, no. 1, pp53-63, 2009
More details | External link available

Scare tactics – A viable weapon in the security war?
Furnell SM, Papadaki M, Thomson KL
Computer Fraud & Security, Volume 2009, Issue 12, December, pp6-10, 2009
More details | External link available

Testing our defences or defending our tests: the obstacles to performing security assessment
Furnell SM, Papadaki M
Computer Fraud & Security, Volume 2008, Issue 5, May, pp8-12, 2008
More details | External link available

Considering the potential of criminal profiling to combat hacking
Preuss J, Furnell SM, Papadaki M
Journal in Computer Virology, vol. 3, no. 2 pp135-141, 2007
More details | External link available

Informing the decision process in an automated intrusion response system
Papadaki M, Furnell SM
Information Security Technical Report, vol. 10, no. 3, pp150-161, 2005
More details | External link available

IDS or IPS: what is best?
Papadaki M, Furnell SM
Network Security, July, pp15-19, 2004
More details

Enhancing Response in Intrusion Detection Systems
Papadaki M, Furnell SM, Lee SJ, Lines BL, Reynolds PL
Journal of Information Warfare, vol. 2, no. 1, pp90-102, 2002
More details | Download PDF

An experimental comparison of secret-based user authentication technologies
Irakleous I, Furnell SM, Dowland PS, Papadaki M
Information Management and Computer Security, vol. 10, no. 3, pp100-108, 2002
More details | Download PDF

22 Journal papers

Conference papers

A Review of Graphical Authentication Utilising a Keypad Input Method
Alsaiari H, Papadaki M, Dowland PS, Furnell SM
Proceedings of The 8th Saudi Students Conference, January 31 - February 1, pp359-374, 2015
More details | External link available

Security challenges of e-government adoption based on end users' perspective
Alharbi N, Papadaki M, Dowland PS
Proceedings of the 9th International Conference for Internet Technology and Secured Transactions (ICITST 2014), London, UK, pp78-82, ISBN: 978-1-908320-39-1, 2014
More details | External link available

Alternative Graphical Authentication for Online Banking Environments
Alsaiari H, Papadaki M, Dowland PS, Furnell SM
Proceedings of the Eighth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2014), Plymouth, UK, July 8-9, pp122-136, ISBN: 978-1-84102-375-5, 2014
Can be ordered on-line.
More details | Download PDF

IT Application Outsourcing in Europe: Long-term Outcomes, Success Factors and Implications for ITO Maturity
Kronawitter K, Wentzel C, Papadaki M
Proceedings of the 46th Hawaii International Conference on System Sciences (HICSS-46), pp.4456-4465, 2012
More details | External link available

A Response Strategy Model for Intrusion Response Systems
Anuar NB, Papadaki M, Furnell SM, Clarke NL
27th IFIP International Information Security and Privacy Conference - SEC2012, Heraklion, Crete, Greece, 4-6 June, pp573-578, 2012
More details

Education in the 'Virtual' Community: Can beating Malware Man teach users about Social Networking Security?
Sercombe AA, Papadaki M
Proceedings of the Sixth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2012), Crete, Greece, ISBN: 978-1-84102-317-5, pp33-39, 2012
Can be ordered on-line.
More details | Download PDF

A Risk Index Model for Security Incident Prioritisation
Anuar NB, Furnell SM, Papadaki M, Clarke NL
Proceedings of the 9th Australian Information Security Management Conference (ASIM 2011), Perth, Australia, 5-7 December, 2011
More details

Emerging risks in massively multiplayer online role playing games
Sanders B, Atkinson S, Dowland PS, Furnell SM, Papadaki M
EU Kids Online Conference, Friday 23 September, New Academic Building LSE, 2011
More details | External link available

Behaviour Profiling for Transparent Authentication for Mobile Devices
Li F, Clarke NL, Papadaki M, Dowland PS
Proceedings of the 10th European Conference on Information Warfare and Security (ECIW), Tallinn, Estonia 7-8 July, pp307-314, 2011
Awarded best PhD paper.
More details

LUARM – An Audit Engine for Insider Misuse Detection
Magklaras GB, Furnell SM, Papadaki M
Proceedings of the Sixth International Workshop on Digital Forensics & Incident Analysis (WDFIA 2011), London, UK, ISBN: 978-1-84102-285-7, pp133-148, 2011
Can be ordered on-line.
More details | Download PDF

Online Addiction: Privacy Risks in Online Gaming Environments
Sanders B, Chen V, Zahra D, Dowland PS, Atkinson S, Papadaki M, Furnell SM
Proceedings of the International Conference on Management of Emergent Digital EcoSystems (MEDES), October 26-29, Bangkok, Thailand, 2010
More details

Behaviour Profiling on Mobile Devices
Li F, Clarke NL, Papadaki M, Dowland PS
International Conference on Emerging Security Technologies, 6-8 September, Canterbury, UK, pp77-82, 2010
More details | External link available

Assessing the Usability of End-User Security Software
Ibrahim T, Furnell SM, Papadaki M, Clarke NL
Lecture Notes in Computer Science, Volume 6264/2010, pp177-189, 2010
More details | External link available

An investigation and survey of response options for Intrusion Response Systems (IRSs)
Anuar NB, Papadaki M, Furnell SM, Clarke NL
Proceedings of the 9th Annual Information Security South Africa Conference, Sandton, South Africa, 2 - 4 August, pp1-8, ISBN: 978-1-4244-5493-8, 2010
More details | External link available

ITO Success Factor Model - First Steps Towards a Guide for IT Outsourcing (ITO) Success
Kronawitter K, Wentzel C, Papadaki M
Proceedings of the Eighth International Network Conference (INC 2010), Heidelberg, Germany, 8-10 July, ISBN: 978-1-84102-259-8, pp355-359, 2010
Can be ordered on-line.
More details | Download PDF

Improving Awareness of Social Engineering Attacks
Smith A, Papadaki M, Furnell SM
Proceedings of the 9th IFIP World Congress on Computer Education (WCCE 2009), Bento Gonclaves, Brazil, 27-31 July, 2009
More details

Assessing the Usability of Personal Internet Security Tools
Ibrahim T, Furnell SM, Papadaki M, Clarke NL
8th European Conference on Information Warfare and Security (ECIW), Military Academy, Lisbon & the University of Minho, Braga, Portugal, 6-7 July, 2009
More details | Download PDF

Intrusion Detection System for Mobile Devices: Investigation on Calling Activity
Li F, Clarke NL, Papadaki M
Proceedings of the 8th Security Conference, April, Las Vegas, USA, 2009
More details | Download PDF

Evaluating the usability impacts of security interface adjustments in Word
Helala M, Furnell SM, Papadaki M
Proceedings of 6th Australian Information Security Management Conference, Perth, Western Australia, 1-3 December, pp48-55, 2008
More details | Download PDF

The Problem of False Alarms: Evaluation with Snort and DARPA 1999 Dataset
Tjhai GC, Papadaki M, Furnell SM, Clarke NL
Lecture Notes in Computer Science, Volume 5185/2008, ISBN: 978-3-540-85734-1, pp139-150, 2008
More details | External link available

Investigating the problem of IDS false alarms: An experimental study using Snort
Tjhai GC, Papadaki M, Furnell SM, Clarke NL
Proceeding of the 23rd International Information Security Conference (SEC 2008), Milan, Italy, 8-10 September, pp253-267, 2008
More details

A Practical Assessment of Social Engineering Vulnerabilities
Bakhshi T, Papadaki M, Furnell SM
Proceedings of the Second International Symposium on Human Aspects of Information Security & Assurance (HAISA 2008), Plymouth, UK, pp12-23, 2008
Can be ordered on-line.
More details | Download PDF

Assessing the challenges of Intrusion Detection Systems
Ibrahim T, Furnell SM, Papadaki M, Clarke NL
Proceedings of the 7th Security Conference, Las Vegas, USA, 2nd-3rd June, 2008
More details | Download PDF

Investigating the Evasion Resilience of Network Intrusion Detection Systems
Ytreberg JA, Papadaki M
Proceedings of the 6th European Conference on Information Warfare and Security, Shrivenham, UK, 2-3 July, pp327-334, 2007
More details | Download PDF

Attack Pattern Analysis: Trends in Malware Variant Development
Papadaki M, Furnell SM, Clarke NL, Abu-Bakar UA, Pinkney G
Proceedings of the 5th Security Conference, Las Vegas, April 19 -20, 2006
More details

Automating the process of intrusion response
Papadaki M, Furnell SM
Proceedings of the 5th Australian Information Warfare Security Conference, Perth, Australia, 25-26 November, CDROM, pp32-41, 2004
More details

Operational Characteristics of an Automated Intrusion Response System
Papadaki M, Furnell SM, Lines BL, Reynolds PL
Communications and Multmedia Security: Advanced Techniques for Network and Data Protection, pp65-75, 2003
More details

Keystroke Analysis as a Method of Advanced User Authentication and Response
Dowland PS, Furnell SM, Papadaki M
Proceedings of IFIP/SEC 2002 - 17th International Conference on Information Security, Cairo, Egypt, 7-9 May, pp215-226, 2002
More details

A Response-Oriented Taxonomy of IT System Intrusions
Papadaki M, Furnell SM, Lines BL, Reynolds PL
Proceedings of Euromedia 2002, Modena, Italy, 15-17 April, pp87-95, 2002
More details | Download PDF

Security Vulnerabilities and System Intrusions ? The need for Automatic Response Frameworks
Papadaki M, Magklaras GB, Furnell SM, Alayed A
Proceedings of the IFIP 8th Annual Working Conference on Information Security Management & Small Systems Security, Las Vegas, 27-28 September, 2001
More details | Download PDF

A Generic Taxonomy for Intrusion Specification and Response
Furnell SM, Magklaras GB, Papadaki M, Dowland PS
Proceedings of Euromedia 2001, Valencia, Spain, 18-20 April, 2001
More details | Download PDF

31 Conference papers

Posters

Enhancing Intrusion Response in Networked System
Papadaki M, Furnell SM, Dowland PS, Lines BL, Reynolds PL
Poster presentation at Britain's Younger Engineers in 2002, House of Commons, London, 9 December, 2002
More details | Download PDF

Advanced Authentication and Intrusion Detection Technologies
Dowland PS, Furnell SM, Magklaras GB, Papadaki M, Reynolds PL, Rodwell PM, Singh H
Poster presentation at Britain's Younger Engineers in 2000, House of Commons, London, 4 December, 2000
More details | Download PDF

2 Posters

Internal publications

Education in the 'Virtual' Community: Can beating Malware Man Teach Users about Social Networking Security?
Sercombe AA, Papadaki M
Advances in Communications, Computing, Networks and Security Volume 10, ISBN: 978-1-84102-358-8, pp146-151, 2013
Can be ordered on-line.
More details | Download PDF

Evading IDS Detection
Jarmak P, Papadaki M
Advances in Communications, Computing, Networks and Security Volume 10, ISBN: 978-1-84102-358-8, pp112-119, 2013
Can be ordered on-line.
More details | Download PDF

Snort IDS Ability to Detect Nmap and Metasploit Framework Evasion Techniques
Jammes Z, Papadaki M
Advances in Communications, Computing, Networks and Security Volume 10, ISBN: 978-1-84102-358-8, pp104-111, 2013
Can be ordered on-line.
More details | Download PDF

Evading IDS Detection
Batta M, Papadaki M
Advances in Communications, Computing, Networks and Security Volume 9, ISBN: 978-1-84102-320-5, pp119-126, 2012
Can be ordered on-line.
More details | Download PDF

Educating Social Networking Users
Nair P, Papadaki M
Advances in Communications, Computing, Networks and Security Volume 9, ISBN: 978-1-84102-320-5, pp29-35, 2012
Can be ordered on-line.
More details | Download PDF

Evading Intrusion Detection Systems
AlRobria I, Papadaki M
Advances in Communications, Computing, Networks and Security Volume 8, ISBN: 978-1-84102-293-2, pp61-67, 2011
Can be ordered on-line.
More details | Download PDF

Comparing Anti-Spyware Products – A different approach
Saqib M, Papadaki M
Advances in Communications, Computing, Networks and Security 6, ISBN: 978-1-84102-258-1, pp294-301, 2009
Can be ordered on-line.
More details | Download PDF

Response of Software Vendors to Vulnerabilities
Erebor G, Papadaki M
Advances in Communications, Computing, Networks and Security 6, ISBN: 978-1-84102-258-1, pp160-168, 2009
Can be ordered on-line.
More details | Download PDF

Improving Awareness on Social Engineering Attacks
Smith A, Papadaki M
Advances in Communications, Computing, Networks and Security 6, ISBN: 978-1-84102-258-1, pp144-151, 2009
Can be ordered on-line.
More details | Download PDF

Guidelines/Recommendations on Best Practices in Fine Tuning IDS Alarms
Obi CA, Papadaki M
Advances in Communications, Computing, Networks and Security 6, ISBN: 978-1-84102-258-1, pp107-114, 2009
Can be ordered on-line.
More details | Download PDF

Home Users Vulnerabilities in Audio/Video Players
Jain R, Papadaki M
Advances in Communications, Computing, Networks and Security 6, ISBN: 978-1-84102-258-1, pp73-82, 2009
Can be ordered on-line.
More details | Download PDF

Vulnerability Awareness
Edu A, Papadaki M
Advances in Communications, Computing, Networks and Security 6, ISBN: 978-1-84102-258-1, pp32-39, 2009
Can be ordered on-line.
More details | Download PDF

Social Engineering Vulnerabilities
Bakhshi T, Papadaki M
Advances in Communications, Computing, Networks and Security 6, ISBN: 978-1-84102-258-1, pp23-31, 2009
Can be ordered on-line.
More details | Download PDF

Critical Success Factors in IT-Outsourcing: a Literature Analysis
Kronawitter K, Wentzel C, Turetschek G, Papadaki M
Proceedings of the Fifth Collaborative Research Symposium on Security, E-learning, Internet and Networking (SEIN 2009), Darmstadt, Germany, ISBN: 978-1-84102-236-9, pp110-122, 2009
Can be ordered on-line.
More details | Download PDF

Response Mechanisms for Intrusion Response Systems (IRSs)
Anuar NB, Furnell SM, Papadaki M, Clarke NL
Proceedings of the Fifth Collaborative Research Symposium on Security, E-learning, Internet and Networking (SEIN 2009), Darmstadt, Germany, ISBN: 978-1-84102-236-9, pp3-14, 2009
Can be ordered on-line.
More details | Download PDF

The Dark Side of Google
Ly T, Papadaki M
Advances in Communications, Computing, Networks and Security 5, ISBN: 978-1-84102-257-4, pp135-142, 2008
Can be ordered on-line.
More details | Download PDF

Tracking Botnets
Freydefont M, Papadaki M
Advances in Communications, Computing, Networks and Security 5, ISBN: 978-1-84102-257-4, pp116-125, 2008
Can be ordered on-line.
More details | Download PDF

Security Risks Associated With the Use of Web Browsing, Instant Messaging and File Sharing software
Bitsanis D, Papadaki M
Advances in Communications, Computing, Networks and Security 5, ISBN: 978-1-84102-257-4, pp99-107, 2008
Can be ordered on-line.
More details | Download PDF

Network Intrusion Detection Systems Evasion Techniques – an Investigation Using Snort
Ytreberg JA, Papadaki M
Advances in Communications, Computing, Networks and Security 5, ISBN: 978-1-84102-257-4, pp49-58, 2008
Can be ordered on-line.
More details | Download PDF

Intrusion Detection System for Mobile Devices: Preliminary Investigation
Li F, Clarke NL, Papadaki M
Proceedings of the Fourth Collaborative Research Symposium on Security, E-learning, Internet and Networking (SEIN 2008), Wrexham, UK, ISBN: 978-1-84102-196-6, pp21-31, 2008
Can be ordered on-line.
More details | Download PDF

User security awareness of social engineering and phishing
Karakasiliotis A, Furnell SM, Papadaki M
Advances in Network & Communication Engineering 4, ISBN: 978-1-84102-180-5, pp191-198, 2007
Can be ordered on-line.
More details | Download PDF

Uses and dangers of peer-to-peer and instant messaging in a business environment
Quaden T, Furnell SM, Papadaki M, Pinkney G
Advances in Network & Communication Engineering 3, pp203-211, 2006
Can be ordered on-line.
More details | Download PDF

Changing Trends in Vulnerability Discovery
Tope SW, Furnell SM, Papadaki M, Pinkney G
Advances in Network & Communication Engineering 3, pp193-202, 2006
Can be ordered on-line.
More details | Download PDF

Social Engineering: A growing threat, with diverging directions
Chelleth JV, Furnell SM, Papadaki M, Pinkney G, Dowland PS
Advances in Network & Communication Engineering 3, pp179-184, 2006
Can be ordered on-line.
More details | Download PDF

Attack Pattern Analysis: Trends in Malware Variant Development
Abu-Bakar UA, Furnell SM, Papadaki M, Pinkney G
Advances in Network & Communication Engineering 3, pp90-99, 2006
Can be ordered on-line.
More details | Download PDF

25 Internal publications

Presentations

Social Engineering: How vulnerable are we?
Papadaki M
Invited Presentation for Special Financial Investigation Service, Operational Directorate of Special Cases of Athens, 2008
Sector of Information Technology, Electronic Trade & Electronic Crime, Ministry of Economy and Finance, Athens, Greece, 31 March 2008.
More details

1 Presentations

Technical articles

Threats and Impacts in Maritime Cyber Security
Jones K, Tam K, Papadaki M
Engineering & Technology Reference (Technical Case Studies and Lessons Learned), pp5, ISSN: 2056-4007, 2016
More details | External link available

An unsupervised IDS False Alarm Reduction System – SMART
Tjhai GC, Papadaki M
Hakin9 IT Security Magazine, Starter Kit Vol 2 Iss 1, ISSN 1896-9801, pp 24-28, 2011
More details | External link available

Social Engineering: Exploiting the Weakest Links
Papadaki M, Furnell SM, Dodge RC
Whitepaper, European Network & Information Security Agency (ENISA), October, 2008
More details | External link available

3 Technical articles

84 publication(s) - all categories.