Ladon: A Cyber-Threat Bio-Inspired Intelligence...
Transcript of Ladon: A Cyber-Threat Bio-Inspired Intelligence...
Journal of Applied Mathematics & Bioinformatics, vol.6, no.3, 2016, 45-64 ISSN: 1792-6602 (print), 1792-6939 (online) Scienpress Ltd, 2016
Ladon: A Cyber-Threat Bio-Inspired Intelligence
Management System
Konstantinos Demertzis1 and Lazaros Iliadis
2
Abstract
According to the Greek mythology, Ladon was the huge dragon with the 100
heads, which had the ability to stay continuously up, in order to guard the golden
“Esperides” apples in the tree of life. Alike the ancient one, digital Ladon is an
advanced information systems’ security mechanism, which uses Artificial
Intelligence to protect, control and offer early warning in cases of detour or
misleading of the digital security measures. It is an effective cross-layer system of
network supervision, which enriches the lower layers of the system (Transport,
Network and Data). It amplifies in an intelligent manner the upper layers (Session,
Presentation and Application) with capabilities of automated control. This is done
to enhance the energetic security and the mechanisms of reaction of the general
system, without special requirements in computational resources. This paper
describes the development of Ladon which is an advanced, incredibly fast and low
1 Democritus University of Thrace, Department of Forestry & Management of the Environment & Natural Resources, 193 Pandazidou st., 68200 N. Orestiada, Greece.
E-mail: [email protected] 2 Democritus University of Thrace, Department of Forestry & Management of the
Environment & Natural Resources, 193 Pandazidou st., 68200 N. Orestiada, Greece. E-mail: [email protected]
Article Info: Received : October 12, 2015. Revised : December 28, 2015.
Published online : December 20, 2016.
46 Ladon: A Cyber-Threat Bio-Inspired Intelligence Management System
requirements’ effective filter, which performs analysis of network flow. Ladon
uses Online Sequential Extreme Learning Machine with Gaussian Radial Basis
Function kernel in order to perform network traffic classification, malware traffic
analysis and fast-flux botnets localization.
Mathematics Subject Classification: 94C99
Keywords: Network Traffic Classification; Malware Traffic Analysis; Fast-Flux
Botnets; SSH Traffic; Online Sequential Learning; Extreme Learning Machine;
Gaussian Radial Basis Function Κernel
1 Introduction
1.1 Network security vulnerabilities and threats
Vulnerability is a weak spot in a network that might be exploited by a security
threat. Risks are the potential consequences and impacts of unaddressed
vulnerabilities. The combined network attacks and the highly intelligent detour
methods of the digital security mechanisms constitute a new framework of
vulnerabilities and threats. This is done by creating extremely complicated
localization conditions. For example, the functional complexity combined with the
chaotic architecture of the botnets [1], constitute an extremely dangerous case of
electronic crime very hard to trace, which is related to a number of illegal actions
namely: money mule recruitment sites, phishing websites, illicit online
pharmacies, extreme or illegal adult content sites, malicious browser exploit sites
and web traps for distributing virus.
K. Demertzis and L. Iliadis 47
1.1.1 Traffic classification
The supervision and categorization of network traffic is a specialized solution
and a valuable tool used not only for the effective confrontation of planning,
management and supervision of the networks, but also for the trace of attacks and
for the study of electronic crimes. Traffic Classification is an automated process
which categorizes network traffic according to various parameters into a number
of traffic classes. Each resulting traffic class can be treated differently in order to
differentiate the service implied for the user. A proper understanding of the
applications and protocols in the traffic class is essential for any network manager
to implement appropriate security policies [2]. There are two basic approaches to
classifying traffic:
a) Classification based on a Payload method in which the packets are classified
based on the fields of the payload, such as Layer 2 (Mac address), Layer 3 (IP
address) and Layer 4 ports (source or destination or both) and Protocols.
b) Classification based on a Statistical method that uses statistical analysis of the
traffic behavior like inter-packet arrival, session time and so on.
A serious drawback of the applications used for the study and characterization of
network traffic and especially for the cases of encrypted traffic, which imposes the
reconstruction of messages and entities in higher levels, is the complexity of these
applications and their requirements in terms of computational resources. These
requirements increase exponentially in cases of big volume network traffic
analysis which come from broadband high speed networks and especially in cases
of forensic analysis. Advanced classification techniques which rely on Deep
Packet Inspection (DPI) are much more reliable methods. Also another important
weakness of the traditional mechanisms of network flow analysis, related to the
determination and phasing of vulnerabilities is the fact that they create high
percentages of false alarms, they do not have sophisticated forecasting methods of
respective threats and in most of the cases they fail completely to spot zero-day
vulnerabilities [2].
48 Ladon: A Cyber-Threat Bio-Inspired Intelligence Management System
1.1.2 Malware traffic analysis
Malware is a kind of software used to disrupt computer operation, gather
sensitive information, or gain access to private computer systems. It can appear in
the form of code, scripts, active content, or any other. Recent malware
developments have the ability to remain hidden during infection and operation.
They prevent analysis and removal, using various techniques, namely: obscure
filenames, modification of file attributes, or operation under the pretense of
legitimate programs and services and obfuscation attacks. Also, the malware
might attempt to subvert modern detection software, by hiding running processes,
network connections and strings with malicious URLs or registry keys. Malware
Traffic Analysis is the primary method of malware and attacks identification and
discovery the malware command-and control (C&C) communications related to
these attacks. Furthermore it is an important method to estimate the behavior of
malware, the purpose of attacks and the damage caused by malware activity [3].
1.1.3 Fast-flux botnets
The most common malware types, aim in the recovery of communication with
the Command & Control (C2) remote servers and its retention on a regular basis.
This is done in order for the botmasters to gather or distribute information and
upgrades towards the undermined devices (bots). More specifically, the
communication is achieved by the use of custom distributed dynamic DNS
services which are executed in high port numbers. This is done in order to avoid to
be traced by security programs located in the gateway of networks. In this way
fast-flux botnets are created, whose target is the mapping of a fully qualified
domain name to hundreds of IP addresses. These IPs are interchanged too fast,
with a combination of random IP addresses and a very small Time-To-Live (TTL)
for each partial DNS Resource Record. In this way a domain name can change its
corresponding IP address very often (e.g. every 3 minutes). Another usual
K. Demertzis and L. Iliadis 49
approach is the blind proxy redirection (BPR) technique. The BPR continuously
redirects the applications received by frontend systems to backend servers, in
order to spoil the traces and the data that designate an attack. In this way the
complexity of the fast-flux botnets increases [1].
Figure 1: Normal Network vs Fast-Flux Network
The simplest type of fast flux, named single-flux, is characterized by multiple
individual nodes within the network registering and de-registering their addresses
as part of the DNS A (address) record list for a single DNS name. This combines
round robin DNS with very short TTL values to create a constantly changing list
of destination addresses for that single DNS name. The list can be hundreds or
thousands of entries long. A more sophisticated type of fast flux, referred to itself
as double-flux, is characterized by multiple nodes within the network registering
and de-registering their addresses as part of the DNS Name Server record list for
the DNS zone. This provides an additional layer of redundancy and survivability
within the malware network [1].
50 Ladon: A Cyber-Threat Bio-Inspired Intelligence Management System
Figure 2: Single-Flux and Double-Flux Network
2 The Ladon system and literature
2.1 Ladon
This paper proposes the development of Ladon, a cyber-threat bio-inspired
intelligence management system. Ladon is an innovative Network Traffic
Classification, Malware Traffic Analysis and localization Fast-Flux Botnets.
Unlike other techniques that have been proposed from time to time and focus in
single traffic analysis approaches [4]-[6], Ladon is an efficient network
supervision system which provides smart mechanisms for the supervision and
categorization of networks. It provides intelligent approaches for the above task
and tit is capable of defending over sophisticated attacks and of exploiting
effectively the hardware capabilities with minimum computational and resources
cost.
It is a biologically inspired artificial intelligence computer security technique
[7]-[12] that use Online Sequential Extreme Learning Machine with Gaussian
K. Demertzis and L. Iliadis 51
Radial Basis Function kernel (OSEL_RBF) [13]-[15]. ELM is one of the most
advanced artificial intelligence method which simlulates rationaly the function of
the human brain by using the synaptic randomness and its dynamics.
A comparative study has been performed between the proposed approach and
other evolving and bio-inspired learning methods. Based on the classification
accuracy we have verified that the proposed approach has the optimal
performance and reliability. More specifically this is achieved by using Radial
Basis Function Neural Network (RBFNN), Group Methods of Data Handling
(GMDH), Polynomial Artificial Neural Network (PANN) and Feed Forward
Neural Networks (FFNN) trained under heuristic techniques such as Genetic
Algorithm (FFNNGA), Particle Swarm Optimization (FFNNPSO), Ant Colony
Optimization (FFNNACO) and Evolutionary Strategy (FFNNES) [16].
2.2 Literature review
It is a fact that a lot and significant work has been published in the literature,
in applying machine learning (ML) techniques, to network traffic classification
[17]-[19], malware traffic analysis [20]-[22] and fast-flux botnets [23]-[25]
localization. In parallel, several other authors [26]-[28], have also summarized
scientific effort of detecting the botnets while proposing novel taxonomies of
detection methods, introducing different classes of botnet detection and presenting
some of the most prominent methods within the defined classes. The authors have
acknowledged the potential of machine learning-based approaches in providing
efficient and effective detection, but they have not provided a deeper insight on
specific methods, neither the comparison of the approaches by detection
performances and evaluation practice.
On the other hand, Cheng et al. [29] proposed the use of ELM methods to
classify binary and multi-class network traffic for intrusion detection with high
accuracy. Hsu et al. [30] proposed a real-time system for detecting flux domains
52 Ladon: A Cyber-Threat Bio-Inspired Intelligence Management System
based on anomalous delays in HTTP/HTTPS requests from a given client with
very promising results. Also, Haffner et. al. [31] employed AdaBoost, Hidden
Markov, Nave Bayesian and Maximum Entropy models to classify network traffic
into different applications with vary high SSH detection rate and vary low false
positive rate respectively, but they employed only few bytes of the payload.
Furthermore Alshammari et al. [32] employed Repeated Incremental Pruning to
Produce Error Reduction (RIPPER) and AdaBoost algorithms for classifying SSH
traffic from offline log files without using any payload, IP addresses or port
numbers. Finally, Holz et al. [33] proposed a passive method to locate fast-flux
botnets by identifying potential fast-flux domain names in the URLs found in the
body of spam emails (typically captured by spam traps and filters).
3 Literature methodologies employed by Ladon
3.1 Extreme Learning Machines
The Extreme Learning Machine (ELM) as an emerging biologically inspired
learning technique provides efficient unified solutions to “generalized” Single-
hidden Layer feed forward Networks (SLFNs) but the hidden layer (or called
feature mapping) in ELM need not be tuned [14]. Such SLFNs include but are not
limited to support vector machine, polynomial network, RBF networks, and the
conventional feed forward neural networks. All the hidden node parameters are
independent from the target functions or the training datasets and the output
weights of ELMs may be determined in different ways (with or without iterations,
with or without incremental implementations, etc.). ELM has several advantages,
ease of use, faster learning speed, higher generalization performance, suitable for
many nonlinear activation function and kernel functions.
According to the ELM theory [14], the ELM with Gaussian Radial Basis
Function kernel (GRBFk) K(u,v)=exp(-γ||u-v||2) used in this approach. The hidden
K. Demertzis and L. Iliadis 53
neurons are k=20. Subsequently assigned random input weights wi and biases bi,
i=1,…,N. To calculate the hidden layer output matrix H used the function (1):
𝐻 = �ℎ(𝑥1)⋮
ℎ(𝑥𝑁)� = �
ℎ1(𝑥1) ⋯ ℎ𝐿(𝑥1)⋮ ⋮
ℎ1(𝑥𝑁) ⋯ ℎ𝐿(𝑥𝑁)� (1)
h(x) = [h1(x), . . . , hL(x)] is the output (row) vector of the hidden layer with
respect to the input x. h(x) actually maps the data from the d-dimensional input
space to the L-dimensional hidden-layer feature space (ELM feature space) H, and
thus, h(x) is indeed a feature mapping. ELM is to minimize the training error as
well as the norm of the output weights:
Minimize : ||Hβ – T||2 and ||β|| (2)
where H is the hidden-layer output matrix of the function (1). To minimize the
norm of the output weights ||β|| is actually to maximize the distance of the
separating margins of the two different classes in the ELM feature space 2/||β||.
To calculate the output weights β used the function (3):
β=( 𝐼𝐶
+ 𝐻𝑇𝐻)−1 𝐻𝑇𝑇 (3)
where C is a positive constant is obtained and T resulting from the Function
Approximation of SLFNs with additive neurons in which is an arbitrary
distinct
samples with ti=[ti1, ti2,…,tim]T ∈ Rm and 𝑇 = �𝑡1𝑇⋮𝑡𝑁𝑇�. [14].
3.2 Online Sequential Extreme Learning Machines
The Online Sequential ELM (OS-ELM) [13] [15] is an alternative technique
for large-scale computing and machine learning approaches that used when data
becomes available in a sequential order to determine a mapping from data set
54 Ladon: A Cyber-Threat Bio-Inspired Intelligence Management System
corresponding labels. The main difference between online learning and batch
learning techniques is that in online learning the mapping is updated after the
arrival of every new data point in a scale fashion, whereas batch techniques are
used when one has access to the entire training data set at once. It is a versatile
sequential learning algorithm because of the training observations are sequentially
(one-by-one or chunk-by-chunk with varying or fixed chunk length) presented to
the learning algorithm. At any time, only the newly arrived single or chunk of
observations (instead of the entire past data) are seen and learned. A single or a
chunk of training observations is discarded as soon as the learning procedure for
that particular (single or chunk of) observation(s) is completed. The learning
algorithm has no prior knowledge as to how many training observations will be
presented. Unlike other sequential learning algorithms which have many control
parameters to be tuned, OSEL_RBF only requires the number of hidden nodes to
be specified [13], [15].
3.3 OSEL_RBF classification approach
The proposed method uses an OSEL_RBF classification approach in order to
perform network traffic classification, malware traffic analysis and fast-flux
botnets localization in an energetic security mode, that needs minimum
computational resources and time. The OS-ELM consists of two main phases
namely: Boosting Phase (BPh) and Sequential Learning Phase (SLPh). The BPh
used to train the SLFNs using the primitive ELM method with some batch of
training data in the initialization stage and these boosting training data will be
discarded as soon as boosting phase is completed. The required batch of training
data is very small, which can be equal to the number of hidden neurons [13]-[15].
The general classification process with OSEL_RBF classifier described below:
Phase 1 (BPh) [13], [15]
K. Demertzis and L. Iliadis 55
The process of BPh for a small initial training set N={(xi, ti)|xi ∈ Rn, ti ∈ Rm, i=1,
··· , 𝑁�} described as follow:
a) Assign arbitrary input weight wi and bias bi or center µi and impact width
σi, i=1, ··· 𝑁�, where 𝑁� number for hidden neuron or RBF kernel for a
specific application.
b) Calculate the initial hidden layer output matrix 𝐻0 = [ℎ1,··· , ℎ𝑁� ]T, where
ℎ𝑖 = [𝑔(𝑤1 · 𝑥𝑖 + 𝑏1), ··· , 𝑔(𝑤𝑁� · 𝑥𝑖 + 𝑏𝑁� )]T, 𝑖 = 1, ··· , 𝑁�, where 𝑔
activation function or RBF kernel.
c) Estimate the initial output weight 𝛽(0) = 𝑀0𝐻0𝑇𝑇0, where 𝑀0 =
(𝐻0𝑇𝐻0)−1
and 𝑇0 = [𝑡1, … , 𝑡𝑁�]𝑇.
d) Set 𝑘 = 0.
Phase 2 (SLPh) [13], [15]
In the SLPh the OS-ELM will then learn the train data one-by-one or chunk-by-
chunk and all the training data will be discarded once the learning procedure on
these data is completed. The essentials step of this phase for each further coming
observation (𝑥𝑖 , 𝑡1), where xi ∈ Rn, ti ∈ Rm and 𝑖 = 𝑁 � + 1, 𝑁 � + 2, 𝑁 � + 3,
described as follow:
a) Calculate the hidden layer output vector ℎ(𝑘+1) = [𝑔(𝑤1 · 𝑥𝑖 + 𝑏1), ··· ,
𝑔(𝑤𝑁� · 𝑥𝑖 + 𝑏𝑁� )]T
b) Calculate latest output weight 𝛽(𝑘+1) by the algorithm �̂� = (𝐻𝑇𝐻)−1𝐻𝑇𝑇
which is called the Recursive Least-Squares (RLS) algorithm.
c) Set 𝑘 = 𝑘 + 1
56 Ladon: A Cyber-Threat Bio-Inspired Intelligence Management System
4 The Ladon algorithm
The proposed Ladon algorithm includes the following ruleset which is the
core of its reasoning.
1: Performs malware traffic analysis by OSEL_RBF with MTAD dataset
If the malware analysis gives a positive result (Malware) the network traffic
blocked and the process terminated.
If the malware analysis gives a negative result (Benign), no action is required
and go to step 2.
2: Performs network traffic analysis by OSEL_RBF with NTCD dataset
If the network traffic classification result is not a HTTP, no action is required.
If the network traffic classification result is a HTTP, go to step 3.
3: Performs botnet analysis by OSEL_RBF with F2BLD dataset
If the botnet classification result gives a positive result (Botnet) the network
traffic blocked and the process terminated.
If the botnet classification result gives a negative result (Benign), no action is
required.
The overall algorithmic approach of Ladon that is proposed herein is described
clearly and in details in the following Figure 3.
Trying a comprehensive analysis of the way the above architecture works,
we clearly realize that in the proposed method, the detection and disposal of the
malware or botnet is done in dead time, before disturb the operation of entire
system. This innovation creates new perspectives in the design architecture of the
network operating systems, which adopt smart defense mechanisms against
sophisticated attacks and zero-day exploits. In this way it adds a higher degree of
integrity to the rest of the security infrastructures.
K. Demertzis and L. Iliadis 57
Figure 3: Graphical depiction of Ladon methodology
5 Dataset used for testing the Ladon system
Three datasets with high complexity were constructed and used for testing by
Ladon. The first Malware Traffic Analysis Dataset (MTAD) comprised of 32
independent variables and 2 classes (benign or malware). This dataset containing
73,469 patterns (37,127 benign samples they were chosen from the Pcaps from
National CyberWatch Mid-Atlantic Collegiate Cyber Defense Competition and
36,342 malicious samples they were chosen from http://malware-traffic-
analysis.net/) [34].
The second Network Traffic Classification Dataset (NTCD) comprised of 22
independent variables and 11 network traffic classes (TELNET, FTP, HTTP,
DNS, Lime, Local Forwarding, Remote Forwarding, SCP, SFTP, x11 and Shell).
58 Ladon: A Cyber-Threat Bio-Inspired Intelligence Management System
This dataset containing 137,050 patterns they were chosen from the Pcaps from
Information Technology Operations Center (ITOC), US Military Academy [35].
Finally, the third Fast-Flux Botnet Localization Dataset (F2BLD) comprised of 15
independent variables and 2 classes (benign or botnet). This dataset containing
131,374 patterns (100,000 URLs they were chosen randomly from the database
with the 1 million most popular domain names of Alexa, 16,374 malicious URLs
from the Black Hole DNS database and 15,000 malicious URLs they were created
based on the timestamp DGA algorithm) [11].
In the preprocessing process the duplicate records and records with
incompatible characters were removed. Also the datasets are determined and
normalized to the interval [-1,1] in order to phase the problem of prevalence of
features with wider range over the ones with a narrower range, without being more
important [36].
6 Results and comparative analysis
The performance of the proposed OSEL_RBF is evaluated by comparing it
with RBFANN, GMDH, PANN, FNNGA, FNNPSO, FNNACO and FNNES
learning algorithms. Regarding the overall efficiency of the methods, the results
show that the OSEL_RBF has much better generalization performance and more
accurate classification output from the other compared algorithms.
The detailed accuracy by class comparison of the other algorithms is shown in
Table 1. In all cases the hold out approach was used (70% training, 15% validation
and 15% testing).
According to this comparative analysis, it appears that OSEL_RBF is highly
suitable method for applications with huge amounts of data such that traditional
learning approaches that use the entire data set in aggregate are computationally
infeasible. This algorithm successfully reduces the problem of entrapment in local
K. Demertzis and L. Iliadis 59
minima in training process, with very fast convergence rates. These improvements
are accompanied by high classification rates and low test errors as well. The
performance of proposed model was evaluated in three network security datasets
and the real-world sophisticated scenarios. The experimental results showed that
the OSEL_RBF has better generalization performance at a very fast learning speed
and more accurate and reliable classification results. The final conclusion is that
the proposed method has proven to be reliable and efficient and has outperformed
at least for this security problem the other approaches.
Table 1: Comparison between algorithms
MTADataset NTCDataset F2BLDatset
Classifier ACC RMSE ACC RMSE ACC RMSE
OSEL_RBF 98,2% 0.3284 99,6% 0.2951 95,8% 0.4882
RBFNN 89,8% 0.5766 91,3% 0.5514 82,9% 0.6244
GMDH 94,4% 0.5017 97,8% 0.3983 88,8% 0.5831
PANN 90,9% 0.5633 96,6% 0.4512 87,3% 0.5937
FFNNGA 96,7% 0.4972 99,1% 0.3048 95,3% 0.4899
FFNNPSO 96,2% 0.4911 99,2% 0.3009 95,1% 0.4907
FFNNACO 89,4% 0.5791 92,7% 0.5336 80,6% 0.6389
FFNNES 90,1% 0.5716 93,5% 0.5125 79,7% 0.6419
7 Discussion – Conclusions
A novel bio-inspired intelligence cyber-threat management system namely
Ladon, has been introduced. It performs classification by using OSEL_RBF
algorithm. The classification performance and the accuracy of the proposed model
were experimentally explored based on several scenarios and reported very
60 Ladon: A Cyber-Threat Bio-Inspired Intelligence Management System
promising results. Moreover, Ladon is an effective cross-layer system of network
supervision, which enriches the lower layers of the system (Transport, Network
and Data). It amplifies in an intelligent manner the upper layers (Session,
Presentation and Application) with capabilities of automated control. This is done
to enhance the energetic security and the mechanisms of reaction of the general
system, without special requirements. In this way it adds a higher degree of
integrity to the rest of the security infrastructure of Network Operating Systems.
The most significant innovation of this methodology is that it offers high learning
speed, ease of implementation, minimal human intervention and minimum
computational power and resources to properly classify network traffic, label
malware traffic and identify fast-flux botnets with high accuracy and
generalization.
Future research could involve its model under a hybrid scheme, which will
combine semi supervised methods and online learning for the trace and
exploitation of hidden knowledge between the inhomogeneous data that might
emerge. Also, Ladon could be improved towards a better online learning with self-
modified the number of hidden nodes. Moreover, additional computational
intelligence methods could be explored, tested and compared on the same security
task in an ensemble approach. Finally, the ultimate challenge would be the
scalability of Ladon with other kernels in parallel and distributed computing in a
real-time system.
References
[1] Nazario J., Holz T.: As the net churns: Fast-flux botnet observations,
MALWARE ’08, 3rd International Conference on Malicious and Unwanted
Software, (2008).
K. Demertzis and L. Iliadis 61
[2] CISCO: WAN and Application Optimization Solution Guide, Cisco Validated
Design Document, Version 1.1, (2008),
http://www.cisco.com/c/en/us/td/docs/nsite/enterprise/wan/wan_optimization/
wan_opt_sg.pdf, CISCO press.
[3] http://www.malware-traffic-analysis.net/
[4] Perdisci R., Corona I., Giacinto G., Early Detection of Malicious Flux
Networks via Large-Scale Passive DNS Traffic Analysis, (2012), Published
by the IEEE Computer Society.
[5] Xie Y., Yu F., Achan K., Panigrahy R., Hulten G., Osipkov I., Spamming
botnets: Signatures and characteristics, (2008), ACM SIGCOMM Computer
Communication Review.
[6] Zhao D., Traore I., Sayed B., Lu W., Saad S., Ghorbani A., Botnet detection
based on traffic behavior analysis and flow intervals (2013), Journal
Computer Security, 39, (2016).
[7] Demertzis K., Iliadis L.: A Hybrid Network Anomaly and Intrusion Detection
Approach Based on Evolving Spiking Neural Network Classification, (2014),
Communications in Computer and Information Science, 441, (2014), 11-23,
10.1007/978-3-319-11710-2_2.
[8] Demertzis K., Iliadis L.: Evolving Computational Intelligence System for
Malware Detection, Lecture Notes in Business Information Processing, 178,
(2014), 322-334.
[9] Demertzis K., Iliadis L.: Bio-Inspired Hybrid Artificial Intelligence
Framework for Cyber Security, Computation, Cryptography, and Network
Security, (2014), 161-193, Computation, Cryptography, and Network
Security, DOI 10.1007/978-3-319-18275-9_7, Springer.
[10] Demertzis K., Iliadis L.: Bio-Inspired Hybrid Intelligent Method for Detecting
Android Malware (2014), Proceedings of 9th International Conference on
Knowledge, Information and Creativity Support Systems (KICSS 2014),
ISBN: 978-9963-700-84-4.
62 Ladon: A Cyber-Threat Bio-Inspired Intelligence Management System
[11] Demertzis K., Iliadis L.: Evolving Smart URL Filter in a Zone-based Policy
Firewall for Detecting Algorithmically Generated Malicious Domains,
Statistical Learning and Data Sciences Volume 9047 of the series Lecture
Notes in Computer Science pp 223-233, Third International Symposium,
SLDS 2015, Egham, UK, (April 20-23, 2015), Proceedings, DOI
10.1007/978-3-319-17091-6_17, Springer.
[12] Demertzis K., Iliadis L.: SAME: An Intelligent Anti-Malware Extension for
Android ART Virtual Machine, Computational Collective Intelligence,
Lecture Notes in Computer Science, 9330, (2015), 235-245, 7th International
Conference, ICCCI 2015, Madrid, Spain, Proceedings, Part II, DOI
10.1007/978-3-319-24306-1_23, Springer.
[13] Liang N.-Y., Huang G.-B., Saratchandran P., Sundararajan N.: A Fast and
Accurate On-line Sequential Learning Algorithm for Feedforward Networks,
IEEE Transactions on Neural Networks, 17(6), (2006), 1411-1423.
[14] Cambria E., Guang-Bin H.: Extreme Learning Machines, (2013), IEEE
InTeLLIGenT SYSTemS, 541-1672/13.
[15] Huang G.-B. , Liang N.-Y., Rong H.-J., Saratchandran P., Sundararajan N.:
On-line sequential extreme learning machine, (2005), IASTED.
[16] Mirjalili S., Mirjalili S. M., Lewis A., Let A Biogeography-Based Optimizer
Train Your Multi-Layer Perceptron, (2014), Information Sciences, In press,
DOI: http://dx.doi.org/10.1016/j.ins.2014.01.038
[17] Yingqiu L., Wei L., Yunchun L., Network Traffic Classification Using K-
means Clustering, Computer and Computational Sciences, IMSCCS 2007,
(2007), DOI:10.1109/IMSCCS.2007.52.
[18] Bereket M., Carvalho M.M., Ham F.M., Network Traffic Classification Using
A Parallel Neural Network Classifier Architecture, (2011), CSIIRW '11,
October 12-14, ACM, 978-1-4503-0945-5.
[19] Quoc D. L., D'Alessandro V., Park B., Romano L., Fetzer C., Scalable
Network Traffic Classification Using Distributed Support Vector Machines,
K. Demertzis and L. Iliadis 63
(2015), IEEE 8th International Conference on Cloud Computing (CLOUD),
(2015), 1008 - 1012, DOI:10.1109/CLOUD.2015.138.
[20] Comar P.M., Lei L., Saha S., Pang-Ning Tan N., Combining supervised and
unsupervised learning for zero-day malware detection, INFOCOM, 2013
Proceedings IEEE, (2013), 2022 - 2030,
DOI:10.1109/INFCOM.2013.6567003.
[21] Bailey M., Oberheide J., Andersen J., Mao Z. M., Jahanian F., Nazario J.,
Automated classification and analysis of internet malware, in: C. KrÃijgel, R.
Lippmann, A. Clark (Eds.), RAID, Lecture Notes in Computer Science of
Springer, 4637, (2007), 178–197.
[22] Langin C., Zhou H., Rahimi S., Gupta B., Zargham M., Sayeh M., A self-
organizing map and its modeling for discovering malignant network traffic,
(2009), in: Computational Intelligence in Cyber Security, IEEE, 122 –129,
doi:10.1109/CICYBS.2009.4925099.
[23] Brezo F., Gaviria de la Puerta J., Ugarte-Pedrero X., Santos I., Bringas P.G.,
Barroso D., Supervised classification of packets coming from a HTTP botnet,
(2012), Informatica, XXXVIII Conferencia Latinoamericana En, 1 - 8, DOI:
10.1109/CLEI.2012.6427168.
[24] Stevanovic M., Pedersen J. M.: Machine learning for identifying botnet
network traffic, Technical report, (2013), Aalborg Universitet,
http://vbn.aau.dk/files/75720938/paper.pdf.
[25] Perdisci R., Corona I., Dagon D., Lee W., Detecting malicious flux service
networks through passive analysis of recursive dns traces, (2009), in: ACSAC
’09, IEEE Computer Society, Washington, DC, USA, (2009), 311–320.
doi:10.1109/ACSAC.2009.36.
[26] Bailey M., Cooke E., Jahanian F., Xu Y., Karir M., A survey of botnet
technology and defenses, Cybersecurity Applications Technology, (2009),
299–304.
64 Ladon: A Cyber-Threat Bio-Inspired Intelligence Management System
[27] Feily M., Shahrestani, A survey of botnet and botnet detection, Emerging
Security Information, SECURWARE ’09, (2009), 268-273,
doi:10.1109/SECURWARE.2009.48.
[28] Zeidanloo H., Shooshtari M., Amoli P., Safari M., Zamani M., A taxonomy of
botnet detection techniques, ICCSIT, 2, (2010), 158–162.
[29] Cheng C., Peng T. W., Guang-Bin H., Extreme learning machines for
intrusion detection, IJCNN, International Joint Conference, (2012),DOI:
10.1109/IJCNN.2012.6252449.
[30] Hsu C.-H., C.-Y. Huang, Chen K.-T., Fast-flux bot detection in real time,
(2010), in 13th international conference on Recent advances in intrusion
detection, ser. RAID’10.
[31] Haffner P., Sen S., Spatscheck O., Wang D., ACAS, Auto-mated
Construction of Application Signatures, Proceedings of the ACM
SIGCOMM, (2005),197-202.
[32] Alshammari R., Zincir-Heywood N. A., A flow based approach for SSH
traffic detection, IEEE International Conference on Cy-bernetics, ISIC,
(2007), 296-301.
[33] Holz T., Gorecki C., Rieck K., Freiling F.: Measuring and detecting fast-flux
service networks, (2008), in NDSS ’08: Proceedings of the Network &
Distributed System Security Symposium.
[34] http://malware-traffic-analysis.net/
[35] http://www.netresec.com/?page=PcapFiles
[36] Iliadis L., Intelligent Information Systems and applications in risk estimation,
A. Stamoulis publication, Thessaloniki, Greece, 2008.
My Publications
1. Anezakis, V.-D., Demertzis, K., Iliadis, L., 2018. Classifying with fuzzy chi-square test:
The case of invasive species. AIP Conference Proceedings 1978, 290003.
https://doi.org/10/gdtm5q
2. Anezakis, V.-D., Demertzis, K., Iliadis, L., Spartalis, S., 2017a. Hybrid intelligent
modeling of wild fires risk. Evolving Systems 1–17. https://doi.org/10/gdp863
3. Anezakis, V.-D., Demertzis, K., Iliadis, L., Spartalis, S., 2016a. A Hybrid Soft Computing
Approach Producing Robust Forest Fire Risk Indices, in: Artificial Intelligence
Applications and Innovations, IFIP Advances in Information and Communication
Technology. Presented at the IFIP International Conference on Artificial Intelligence
Applications and Innovations, Springer, Cham, pp. 191–203.
https://doi.org/10.1007/978-3-319-44944-9_17
4. Anezakis, V.-D., Dermetzis, K., Iliadis, L., Spartalis, S., 2016b. Fuzzy Cognitive Maps for
Long-Term Prognosis of the Evolution of Atmospheric Pollution, Based on Climate
Change Scenarios: The Case of Athens, in: Computational Collective Intelligence,
Lecture Notes in Computer Science. Presented at the International Conference on
Computational Collective Intelligence, Springer, Cham, pp. 175–186.
https://doi.org/10.1007/978-3-319-45243-2_16
5. Anezakis, V.-D., Iliadis, L., Demertzis, K., Mallinis, G., 2017b. Hybrid Soft Computing
Analytics of Cardiorespiratory Morbidity and Mortality Risk Due to Air Pollution, in:
Information Systems for Crisis Response and Management in Mediterranean
Countries, Lecture Notes in Business Information Processing. Presented at the
International Conference on Information Systems for Crisis Response and
Management in Mediterranean Countries, Springer, Cham, pp. 87–105.
https://doi.org/10.1007/978-3-319-67633-3_8
6. Anezakis, V.D., Mallinis, G., Iliadis, L., Demertzis, K., 2018. Soft computing forecasting
of cardiovascular and respiratory incidents based on climate change scenarios, in:
2018 IEEE Conference on Evolving and Adaptive Intelligent Systems (EAIS). Presented
at the 2018 IEEE Conference on Evolving and Adaptive Intelligent Systems (EAIS), pp.
1–8. https://doi.org/10.1109/EAIS.2018.8397174
7. Bougoudis, I., Demertzis, K., Iliadis, L., 2016a. Fast and low cost prediction of extreme
air pollution values with hybrid unsupervised learning. Integrated Computer-Aided
Engineering 23, 115–127. https://doi.org/10/f8dt4t
8. Bougoudis, I., Demertzis, K., Iliadis, L., 2016b. HISYCOL a hybrid computational
intelligence system for combined machine learning: the case of air pollution modeling
in Athens. Neural Comput & Applic 27, 1191–1206. https://doi.org/10/f8r7vf
9. Bougoudis, I., Demertzis, K., Iliadis, L., Anezakis, V.-D., Papaleonidas, A., 2018.
FuSSFFra, a fuzzy semi-supervised forecasting framework: the case of the air pollution
in Athens. Neural Computing and Applications 29. https://doi.org/10/gc9bbf
10. Bougoudis, I., Demertzis, K., Iliadis, L., Anezakis, V.-D., Papaleonidas, A., 2016c. Semi-
supervised Hybrid Modeling of Atmospheric Pollution in Urban Centers, in:
Engineering Applications of Neural Networks, Communications in Computer and
Information Science. Presented at the International Conference on Engineering
Applications of Neural Networks, Springer, Cham, pp. 51–63.
https://doi.org/10.1007/978-3-319-44188-7_4
11. Demertzis, K., Iliadis, L., 2018a. A Computational Intelligence System Identifying
Cyber-Attacks on Smart Energy Grids, in: Modern Discrete Mathematics and Analysis,
Springer Optimization and Its Applications. Springer, Cham, pp. 97–116.
https://doi.org/10.1007/978-3-319-74325-7_5
12. Demertzis, K., Iliadis, L., 2018b. The Impact of Climate Change on Biodiversity: The
Ecological Consequences of Invasive Species in Greece, in: Handbook of Climate
Change Communication: Vol. 1, Climate Change Management. Springer, Cham, pp.
15–38. https://doi.org/10.1007/978-3-319-69838-0_2
13. Demertzis, K., Iliadis, L., 2017. Detecting invasive species with a bio-inspired semi-
supervised neurocomputing approach: the case of Lagocephalus sceleratus. Neural
Computing and Applications 28. https://doi.org/10/gbkgb7
14. Demertzis, K., Iliadis, L., 2016a. Bio-inspired Hybrid Intelligent Method for Detecting
Android Malware, in: Knowledge, Information and Creativity Support Systems,
Advances in Intelligent Systems and Computing. Springer, Cham, pp. 289–304.
https://doi.org/10.1007/978-3-319-27478-2_20
15. Demertzis, K., Iliadis, L., 2016b. Adaptive Elitist Differential Evolution Extreme
Learning Machines on Big Data: Intelligent Recognition of Invasive Species, in:
Advances in Big Data, Advances in Intelligent Systems and Computing. Presented at
the INNS Conference on Big Data, Springer, Cham, pp. 333–345.
https://doi.org/10.1007/978-3-319-47898-2_34
16. Demertzis, K., Iliadis, L., 2015a. A Bio-Inspired Hybrid Artificial Intelligence Framework
for Cyber Security, in: Computation, Cryptography, and Network Security. Springer,
Cham, pp. 161–193. https://doi.org/10.1007/978-3-319-18275-9_7
17. Demertzis, K., Iliadis, L., 2015b. SAME: An Intelligent Anti-malware Extension for
Android ART Virtual Machine, in: Computational Collective Intelligence, Lecture Notes
in Computer Science. Springer, Cham, pp. 235–245. https://doi.org/10.1007/978-3-
319-24306-1_23
18. Demertzis, K., Iliadis, L., 2015c. Evolving Smart URL Filter in a Zone-Based Policy
Firewall for Detecting Algorithmically Generated Malicious Domains, in: Statistical
Learning and Data Sciences, Lecture Notes in Computer Science. Presented at the
International Symposium on Statistical Learning and Data Sciences, Springer, Cham,
pp. 223–233. https://doi.org/10.1007/978-3-319-17091-6_17
19. Demertzis, K., Iliadis, L., 2015d. Intelligent Bio-Inspired Detection of Food Borne
Pathogen by DNA Barcodes: The Case of Invasive Fish Species Lagocephalus
Sceleratus, in: Engineering Applications of Neural Networks, Communications in
Computer and Information Science. Presented at the International Conference on
Engineering Applications of Neural Networks, Springer, Cham, pp. 89–99.
https://doi.org/10.1007/978-3-319-23983-5_9
20. Demertzis, K., Iliadis, L., 2014. Evolving Computational Intelligence System for
Malware Detection, in: Advanced Information Systems Engineering Workshops,
Lecture Notes in Business Information Processing. Presented at the International
Conference on Advanced Information Systems Engineering, Springer, Cham, pp. 322–
334. https://doi.org/10.1007/978-3-319-07869-4_30
21. Demertzis, K., Iliadis, L., 2013. A Hybrid Network Anomaly and Intrusion Detection
Approach Based on Evolving Spiking Neural Network Classification, in: E-Democracy,
Security, Privacy and Trust in a Digital World, Communications in Computer and
Information Science. Presented at the International Conference on e-Democracy,
Springer, Cham, pp. 11–23. https://doi.org/10.1007/978-3-319-11710-2_2
22. Demertzis, Konstantinos, Iliadis, L., Anezakis, V.-D., 2017a. Commentary: Aedes
albopictus and Aedes japonicus—two invasive mosquito species with different
temperature niches in Europe. Front. Environ. Sci. 5. https://doi.org/10/gdp865
23. Demertzis, Kostantinos, Iliadis, L., Avramidis, S., El-Kassaby, Y.A., 2017. Machine
learning use in predicting interior spruce wood density utilizing progeny test
information. Neural Comput & Applic 28, 505–519. https://doi.org/10/gdp86z
24. Demertzis, Konstantinos, Iliadis, L., Spartalis, S., 2017b. A Spiking One-Class Anomaly
Detection Framework for Cyber-Security on Industrial Control Systems, in:
Engineering Applications of Neural Networks, Communications in Computer and
Information Science. Presented at the International Conference on Engineering
Applications of Neural Networks, Springer, Cham, pp. 122–134.
https://doi.org/10.1007/978-3-319-65172-9_11
25. Demertzis, K., Iliadis, L.S., Anezakis, V.-D., 2018a. An innovative soft computing system
for smart energy grids cybersecurity. Advances in Building Energy Research 12, 3–24.
https://doi.org/10/gdp862
26. Demertzis, K., Iliadis, L.S., Anezakis, V.-D., 2018b. Extreme deep learning in
biosecurity: the case of machine hearing for marine species identification. Journal of
Information and Telecommunication 0, 1–19. https://doi.org/10/gdwszn
27. Dimou, V., Anezakis, V.-D., Demertzis, K., Iliadis, L., 2018. Comparative analysis of
exhaust emissions caused by chainsaws with soft computing and statistical
approaches. Int. J. Environ. Sci. Technol. 15, 1597–1608. https://doi.org/10/gdp864
28. Anezakis, VD., Demertzis, K., Iliadis, L. et al. Evolving Systems (2017).
https://doi.org/10.1007/s12530-017-9196-6, Hybrid intelligent modeling of wild fires
risk, Springer.
29. Demertzis K., Anezakis VD., Iliadis L., Spartalis S. (2018) Temporal Modeling of Invasive
Species’ Migration in Greece from Neighboring Countries Using Fuzzy Cognitive Maps.
In: Iliadis L., Maglogiannis I., Plagianakos V. (eds) Artificial Intelligence Applications
and Innovations. AIAI 2018. IFIP Advances in Information and Communication
Technology, vol 519. Springer, Cham.
30. Konstantinos Rantos, George Drosatos, Konstantinos Demertzis, Christos I lioudis and
Alexandros Papanikolaou. Blockchain-based Consents Management for Personal Data
Processing in the IoT Ecosystem. In proceedings of the 15th International Conference
on Security and Cryptography (SECRYPT 2018), part of ICETE, pages 572-577,
SCITEPRESS, Porto, Portugal, 26-28 July 2018.
My Publications
Cyber Security informatics
1. Demertzis, K., Iliadis, L., 2018. A Computational Intelligence System Identifying Cyber-
Attacks on Smart Energy Grids, in: Daras, N.J., Rassias, T.M. (Eds.), Modern Discrete
Mathematics and Analysis: With Applications in Cryptography, Information Systems
and Modeling, Springer Optimization and Its Applications. Springer International
Publishing, Cham, pp. 97–116. https://doi.org/10.1007/978-3-319-74325-7_5
2. Demertzis, K., Iliadis, L., 2017. Computational intelligence anti-malware framework
for android OS. Vietnam J Comput Sci 4, 245–259. https://doi.org/10/gdp86x
3. Demertzis, K., Iliadis, L., 2016. Bio-inspired Hybrid Intelligent Method for Detecting
Android Malware, in: Kunifuji, S., Papadopoulos, G.A., Skulimowski, A.M.J., Kacprzyk,
J. (Eds.), Knowledge, Information and Creativity Support Systems, Advances in
Intelligent Systems and Computing. Springer International Publishing, pp. 289–304.
4. Demertzis, K., Iliadis, L., 2015. A Bio-Inspired Hybrid Artificial Intelligence Framework
for Cyber Security, in: Daras, N.J., Rassias, M.T. (Eds.), Computation, Cryptography,
and Network Security. Springer International Publishing, Cham, pp. 161–193.
https://doi.org/10.1007/978-3-319-18275-9_7
5. Demertzis, K., Iliadis, L., 2015. Evolving Smart URL Filter in a Zone-Based Policy Firewall
for Detecting Algorithmically Generated Malicious Domains, in: Gammerman, A.,
Vovk, V., Papadopoulos, H. (Eds.), Statistical Learning and Data Sciences, Lecture
Notes in Computer Science. Springer International Publishing, pp. 223–233.
6. Demertzis, K., Iliadis, L., 2015. SAME: An Intelligent Anti-malware Extension for
Android ART Virtual Machine, in: Núñez, M., Nguyen, N.T., Camacho, D., Trawiński, B.
(Eds.), Computational Collective Intelligence, Lecture Notes in Computer Science.
Springer International Publishing, pp. 235–245.
7. Demertzis, K., Iliadis, L., 2014. A Hybrid Network Anomaly and Intrusion Detection
Approach Based on Evolving Spiking Neural Network Classification, in: Sideridis, A.B.,
Kardasiadou, Z., Yialouris, C.P., Zorkadis, V. (Eds.), E-Democracy, Security, Privacy and
Trust in a Digital World, Communications in Computer and Information Science.
Springer International Publishing, pp. 11–23.
8. Demertzis, K., Iliadis, L., 2014. Evolving Computational Intelligence System for
Malware Detection, in: Iliadis, L., Papazoglou, M., Pohl, K. (Eds.), Advanced
Information Systems Engineering Workshops, Lecture Notes in Business Information
Processing. Springer International Publishing, pp. 322–334.
9. Demertzis, K., Iliadis, L., Anezakis, V., 2018. MOLESTRA: A Multi-Task Learning
Approach for Real-Time Big Data Analytics, in: 2018 Innovations in Intelligent Systems
and Applications (INISTA). Presented at the 2018 Innovations in Intelligent Systems
and Applications (INISTA), pp. 1–8. https://doi.org/10.1109/INISTA.2018.8466306
10. Demertzis, Konstantinos, Iliadis, L., Anezakis, V.-D., 2018. A Dynamic Ensemble
Learning Framework for Data Stream Analysis and Real-Time Threat Detection, in:
Kůrková, V., Manolopoulos, Y., Hammer, B., Iliadis, L., Maglogiannis, I. (Eds.), Artificial
Neural Networks and Machine Learning – ICANN 2018, Lecture Notes in Computer
Science. Springer International Publishing, pp. 669–681.
11. Demertzis, Konstantinos, Iliadis, L., Spartalis, S., 2017. A Spiking One-Class Anomaly
Detection Framework for Cyber-Security on Industrial Control Systems, in: Boracchi,
G., Iliadis, L., Jayne, C., Likas, A. (Eds.), Engineering Applications of Neural Networks,
Communications in Computer and Information Science. Springer International
Publishing, pp. 122–134.
12. Demertzis, Konstantinos, Iliadis, L.S., Anezakis, V.-D., 2018. An innovative soft
computing system for smart energy grids cybersecurity. Advances in Building Energy
Research 12, 3–24. https://doi.org/10/gdp862
13. Demertzis, Konstantinos, Kikiras, P., Tziritas, N., Sanchez, S.L., Iliadis, L., 2018. The
Next Generation Cognitive Security Operations Center: Network Flow Forensics Using
Cybersecurity Intelligence. Big Data and Cognitive Computing 2, 35.
https://doi.org/10/gfkhpp
14. Rantos, K., Drosatos, G., Demertzis, K., Ilioudis, C., Papanikolaou, A., 2018. Blockchain-
based Consents Management for Personal Data Processing in the IoT Ecosystem.
Presented at the International Conference on Security and Cryptography, pp. 572–
577.
15. Demertzis, Konstantinos, Iliadis, L.S., 2018. Real-time Computational Intelligence
Protection Framework Against Advanced Persistent Threats. Book entitled "Cyber-
Security and Information Warfare", Series: Cybercrime and Cybersecurity Research,
NOVA science publishers, ISBN: 978-1-53614-385-0, Chapter 5.
16. Demertzis, Konstantinos, Iliadis, L.S., 2016. Ladon: A Cyber Threat Bio-Inspired
Intelligence Management System. Journal of Applied Mathematics & Bioinformatics,
vol.6, no.3, 2016, 45-64, ISSN: 1792-6602 (print), 1792-6939 (online), Scienpress Ltd,
2016.
17. Demertzis, K.; Tziritas, N.; Kikiras, P.; Sanchez, S.L.; Iliadis, L. The Next Generation
Cognitive Security Operations Center: Adaptive Analytic Lambda Architecture for
Efficient Defense against Adversarial Attacks. Big Data Cogn. Comput. 2019, 3, 6.
18. Rantos K., Drosatos G., Demertzis K., Ilioudis C., Papanikolaou A., Kritsas A. (2019)
ADvoCATE: A Consent Management Platform for Personal Data Processing in the IoT
Using Blockchain Technology. In: Lanet JL., Toma C. (eds) Innovative Security Solutions
for Information Technology and Communications. SECITC 2018. Lecture Notes in
Computer Science, vol 11359. Springer, Cham.
19. Demertzis, K.; Iliadis, L.. Cognitive Web Application Firewall to Critical Infrastructures
Protection from Phishing Attacks, Journal of Computations & Modelling, vol.9, no.2,
2019, 1-26, ISSN: 1792-7625 (print), 1792-8850 (online), Scienpress Ltd, 2019.
20. Demertzis K., Iliadis L., Kikiras P., Tziritas N. (2019) Cyber-Typhon: An Online Multi-
task Anomaly Detection Framework. In: MacIntyre J., Maglogiannis I., Iliadis L.,
Pimenidis E. (eds) Artificial Intelligence Applications and Innovations. AIAI 2019. IFIP
Advances in Information and Communication Technology, vol 559. Springer, Cham
21. Xing, L., Demertzis, K. & Yang, J. Neural Comput & Applic (2019).
https://doi.org/10.1007/s00521-019-04288-5.
Environmental informatics
22. Anezakis, V., Mallinis, G., Iliadis, L., Demertzis, K., 2018. Soft computing forecasting of
cardiovascular and respiratory incidents based on climate change scenarios, in: 2018
IEEE Conference on Evolving and Adaptive Intelligent Systems (EAIS). Presented at the
2018 IEEE Conference on Evolving and Adaptive Intelligent Systems (EAIS), pp. 1–8.
https://doi.org/10.1109/EAIS.2018.8397174
23. Anezakis, V.-D., Demertzis, K., Iliadis, L., 2018. Classifying with fuzzy chi-square test:
The case of invasive species. AIP Conference Proceedings 1978, 290003.
https://doi.org/10/gdtm5q
24. Anezakis, V.-D., Demertzis, K., Iliadis, L., Spartalis, S., 2018. Hybrid intelligent modeling
of wild fires risk. Evolving Systems 9, 267–283. https://doi.org/10/gdp863
25. Anezakis, V.-D., Demertzis, K., Iliadis, L., Spartalis, S., 2016. A Hybrid Soft Computing
Approach Producing Robust Forest Fire Risk Indices, in: Iliadis, L., Maglogiannis, I.
(Eds.), Artificial Intelligence Applications and Innovations, IFIP Advances in
Information and Communication Technology. Springer International Publishing, pp.
191–203.
26. Anezakis, V.-D., Dermetzis, K., Iliadis, L., Spartalis, S., 2016. Fuzzy Cognitive Maps for
Long-Term Prognosis of the Evolution of Atmospheric Pollution, Based on Climate
Change Scenarios: The Case of Athens, in: Nguyen, N.-T., Iliadis, L., Manolopoulos, Y.,
Trawiński, B. (Eds.), Computational Collective Intelligence, Lecture Notes in Computer
Science. Springer International Publishing, pp. 175–186.
27. Anezakis, V.-D., Iliadis, L., Demertzis, K., Mallinis, G., 2017. Hybrid Soft Computing
Analytics of Cardiorespiratory Morbidity and Mortality Risk Due to Air Pollution, in:
Dokas, I.M., Bellamine-Ben Saoud, N., Dugdale, J., Díaz, P. (Eds.), Information Systems
for Crisis Response and Management in Mediterranean Countries, Lecture Notes in
Business Information Processing. Springer International Publishing, pp. 87–105.
28. Bougoudis, I., Demertzis, K., Iliadis, L., 2016. Fast and low cost prediction of extreme
air pollution values with hybrid unsupervised learning. Integrated Computer-Aided
Engineering 23, 115–127. https://doi.org/10/f8dt4t
29. Bougoudis, I., Demertzis, K., Iliadis, L., 2016. HISYCOL a hybrid computational
intelligence system for combined machine learning: the case of air pollution modeling
in Athens. Neural Comput & Applic 27, 1191–1206. https://doi.org/10/f8r7vf
30. Bougoudis, I., Demertzis, K., Iliadis, L., Anezakis, V.-D., Papaleonidas, A., 2018.
FuSSFFra, a fuzzy semi-supervised forecasting framework: the case of the air pollution
in Athens. Neural Comput & Applic 29, 375–388. https://doi.org/10/gc9bbf
31. Bougoudis, I., Demertzis, K., Iliadis, L., Anezakis, V.-D., Papaleonidas, A., 2016. Semi-
supervised Hybrid Modeling of Atmospheric Pollution in Urban Centers, in: Jayne, C.,
Iliadis, L. (Eds.), Engineering Applications of Neural Networks, Communications in
Computer and Information Science. Springer International Publishing, pp. 51–63.
32. Demertzis, Konstantinos, Anezakis, V.-D., Iliadis, L., Spartalis, S., 2018. Temporal
Modeling of Invasive Species’ Migration in Greece from Neighboring Countries Using
Fuzzy Cognitive Maps, in: Iliadis, L., Maglogiannis, I., Plagianakos, V. (Eds.), Artificial
Intelligence Applications and Innovations, IFIP Advances in Information and
Communication Technology. Springer International Publishing, pp. 592–605.
33. Demertzis, K., Iliadis, L., 2018. The Impact of Climate Change on Biodiversity: The
Ecological Consequences of Invasive Species in Greece, in: Leal Filho, W., Manolas, E.,
Azul, A.M., Azeiteiro, U.M., McGhie, H. (Eds.), Handbook of Climate Change
Communication: Vol. 1: Theory of Climate Change Communication, Climate Change
Management. Springer International Publishing, Cham, pp. 15–38.
https://doi.org/10.1007/978-3-319-69838-0_2
34. Demertzis, K., Iliadis, L., 2017. Adaptive Elitist Differential Evolution Extreme Learning
Machines on Big Data: Intelligent Recognition of Invasive Species, in: Angelov, P.,
Manolopoulos, Y., Iliadis, L., Roy, A., Vellasco, M. (Eds.), Advances in Big Data,
Advances in Intelligent Systems and Computing. Springer International Publishing, pp.
333–345.
35. Demertzis, K., Iliadis, L., 2015. Intelligent Bio-Inspired Detection of Food Borne
Pathogen by DNA Barcodes: The Case of Invasive Fish Species Lagocephalus
Sceleratus, in: Iliadis, L., Jayne, C. (Eds.), Engineering Applications of Neural Networks,
Communications in Computer and Information Science. Springer International
Publishing, pp. 89–99.
36. Demertzis, K., Iliadis, L., Anezakis, V., 2017. A deep spiking machine-hearing system
for the case of invasive fish species, in: 2017 IEEE International Conference on
INnovations in Intelligent SysTems and Applications (INISTA). Presented at the 2017
IEEE International Conference on INnovations in Intelligent SysTems and Applications
(INISTA), pp. 23–28. https://doi.org/10.1109/INISTA.2017.8001126
37. Demertzis, Konstantinos, Iliadis, L., Anezakis, V.-D., 2017. Commentary: Aedes
albopictus and Aedes japonicus—two invasive mosquito species with different
temperature niches in Europe. Front. Environ. Sci. 5. https://doi.org/10/gdp865
38. Demertzis, K., Iliadis, L., Avramidis, S., El-Kassaby, Y.A., 2017. Machine learning use in
predicting interior spruce wood density utilizing progeny test information. Neural
Comput & Applic 28, 505–519. https://doi.org/10/gdp86z
39. Demertzis, Konstantinos, Iliadis, L.S., Anezakis, V.-D., 2018. Extreme deep learning in
biosecurity: the case of machine hearing for marine species identification. Journal of
Information and Telecommunication 2, 492–510. https://doi.org/10/gdwszn
40. Dimou, V., Anezakis, V.-D., Demertzis, K., Iliadis, L., 2018. Comparative analysis of
exhaust emissions caused by chainsaws with soft computing and statistical
approaches. Int. J. Environ. Sci. Technol. 15, 1597–1608. https://doi.org/10/gdp864
41. Iliadis, L., Anezakis, V.-D., Demertzis, K., Mallinis, G., 2017. Hybrid Unsupervised
Modeling of Air Pollution Impact to Cardiovascular and Respiratory Diseases.
IJISCRAM 9, 13–35. https://doi.org/10/gfkhpm
42. Iliadis, L., Anezakis, V.-D., Demertzis, K., Spartalis, S., 2018. Hybrid Soft Computing for
Atmospheric Pollution-Climate Change Data Mining, in: Thanh Nguyen, N., Kowalczyk,
R. (Eds.), Transactions on Computational Collective Intelligence XXX, Lecture Notes in
Computer Science. Springer International Publishing, Cham, pp. 152–177.
https://doi.org/10.1007/978-3-319-99810-7_8
43. Demertzis, K., Iliadis, L., 2017. Detecting invasive species with a bio-inspired semi-
supervised neurocomputing approach: the case of Lagocephalus sceleratus. Neural
Comput & Applic 28, 1225–1234. https://doi.org/10/gbkgb7
44. Κωνσταντίνος Δεμερτζής, Λάζαρος Ηλιάδης, 2015, Γενετική Ταυτοποίηση
Χωροκατακτητικών Ειδών με Εξελιγμένες Μεθόδους Τεχνητής Νοημοσύνης: Η
Περίπτωση του Ασιατικού Κουνουπιού Τίγρης (Aedes Αlbopictus). Θέματα
Δασολογίας & Διαχείρισης Περιβάλλοντος & Φυσικών Πόρων, 7ος τόμος, Κλιματική
Αλλαγή: Διεπιστημονικές Προσεγγίσεις, ISSN: 1791-7824, ISBN: 978-960-9698-11-5,
Eκδοτικός Oίκος: Δημοκρίτειο Πανεπιστήμιο Θράκης
45. Βαρδής-Δημήτριος Ανεζάκης, Κωνσταντίνος Δεμερτζής, Λάζαρος Ηλιάδης. Πρόβλεψη
Χαλαζοπτώσεων Μέσω Μηχανικής Μάθησης. 3o Πανελλήνιο Συνέδριο Πολιτικής
Προστασίας «SafeEvros 2016: Οι νέες τεχνολογίες στην υπηρεσία της Πολιτικής
Προστασίας», Proceedings, ISBN : 978-960-89345-7-3, Ιούνιος 2017, Eκδοτικός Oίκος:
∆ημοκρίτειο Πανεπιστήμιο Θράκης.
46. Demertzis K., Iliadis L., Anezakis VD. (2019) A Machine Hearing Framework for Real-
Time Streaming Analytics Using Lambda Architecture. In: Macintyre J., Iliadis L.,
Maglogiannis I., Jayne C. (eds) Engineering Applications of Neural Networks. EANN
2019. Communications in Computer and Information Science, vol 1000. Springer,
Cham
Other
47. Κωνσταντίνος Δεμερτζής. Ενίσχυση της Διοικητικής Ικανότητας των Δήμων Μέσω της
Ηλεκτρονικής Διακυβέρνησης: Η Στρατηγική των «Έξυπνων Πόλεων» με Σκοπό την
Αειφόρο Ανάπτυξη. Θέματα Δασολογίας και Διαχείρισης Περιβάλλοντος και
Φυσικών Πόρων, 10ος Τόμος: Περιβαλλοντική Πολιτική: Καλές Πρακτικές,
Προβλήματα και Προοπτικές, σελ. 84 - 100, ISSN: 1791-7824, ISBN: 978-960-9698-14-
6, Νοέμβριος 2018, Eκδοτικός Oίκος: Δημοκρίτειο Πανεπιστήμιο Θράκης.