Your search keyword '"cyber security"' showing total 9,134 results

1. BehaMiner: System Behavior Mining for Audit Log Based on Graph Learning

Author

Ma, Xiu, Liu, Xiaoze, Li, Ce, Yu, Ziyang, Zhang, Qi, Lv, Qiujian, Wang, Yan, Jiang, Jianguo, Goos, Gerhard, Series Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Cai, Zhipeng, editor, Takabi, Daniel, editor, Guo, Shaoyong, editor, and Zou, Yifei, editor

Published

2025

2. Hacking Using Social Engineering Detection and Prevention Methods

Author

Salama, Ramiz, Mostarda, Leonardo, Cacciagrano, Diletta, Al-Turjman, Fadi, Xhafa, Fatos, Series Editor, and Barolli, Leonard, editor

Published

2025

3. An Ensemble Machine Learning-Based Approach for Detecting Malicious Websites Using URL Features

Author

Uddin, Khandaker Mohammad Mohi, Islam, Md. Ashraful, Hasan, Md. Nahid, Ahmad, Kawsar, Haque, Mir Aminul, Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Mahmud, Mufti, editor, Kaiser, M. Shamim, editor, Bandyopadhyay, Anirban, editor, Ray, Kanad, editor, and Al Mamun, Shamim, editor

Published

2025

4. Comparison of Machine Learning Based Anomaly Detection Methods for ADS-B System

Author

Çevik, Nurşah, Akleylek, Sedat, Ghosh, Ashish, Editorial Board Member, Zhou, Lizhu, Editorial Board Member, Mammadova, Gulchohra, editor, Aliev, Telman, editor, and Aida-zade, Kamil, editor

Published

2025

5. Quantum-Enhanced Cyber Security Framework for E-Commerce Platforms

Author

Fauziyah, Wang, Zhaoshun, Tabassum, Mujahid, Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Hassanien, Aboul Ella, editor, Anand, Sameer, editor, Jaiswal, Ajay, editor, and Kumar, Prabhat, editor

Published

2025

6. MEGA-PT: A Meta-game Framework for Agile Penetration Testing

Author

Ge, Yunfei, Zhu, Quanyan, Goos, Gerhard, Series Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Sinha, Arunesh, editor, Fu, Jie, editor, Zhu, Quanyan, editor, and Zhang, Tao, editor

Published

2025

7. Implementation of Recent Advancements in Cyber Security Practices and Laws in India

Author

Kumar, Bura Vijay, Singh, Manvendra, Arora, Vaishali, Malik, Khushboo, Nomani, M. Z. M., Kapila, Dhiraj, Angrisani, Leopoldo, Series Editor, Arteaga, Marco, Series Editor, Chakraborty, Samarjit, Series Editor, Chen, Shanben, Series Editor, Chen, Tan Kay, Series Editor, Dillmann, Rüdiger, Series Editor, Duan, Haibin, Series Editor, Ferrari, Gianluigi, Series Editor, Ferre, Manuel, Series Editor, Jabbari, Faryar, Series Editor, Jia, Limin, Series Editor, Kacprzyk, Janusz, Series Editor, Khamis, Alaa, Series Editor, Kroeger, Torsten, Series Editor, Li, Yong, Series Editor, Liang, Qilian, Series Editor, Martín, Ferran, Series Editor, Ming, Tan Cher, Series Editor, Minker, Wolfgang, Series Editor, Misra, Pradeep, Series Editor, Mukhopadhyay, Subhas, Series Editor, Ning, Cun-Zheng, Series Editor, Nishida, Toyoaki, Series Editor, Oneto, Luca, Series Editor, Panigrahi, Bijaya Ketan, Series Editor, Pascucci, Federica, Series Editor, Qin, Yong, Series Editor, Seng, Gan Woon, Series Editor, Speidel, Joachim, Series Editor, Veiga, Germano, Series Editor, Wu, Haitao, Series Editor, Zamboni, Walter, Series Editor, Tan, Kay Chen, Series Editor, Kumar, Amit, editor, Gunjan, Vinit Kumar, editor, Senatore, Sabrina, editor, and Hu, Yu-Chen, editor

Published

2025

8. Blockchain for data protection and cyber fraud reduction: systematic literature review and technology adoption dynamics among gen Y and Z

Author

Suri, Ankit, Sharma, Yogesh, Jindal, Lokesh, and Sijariya, Rajeev

Published

2024

9. To secure an e‐commerce system using epidemic mathematical modeling with neural network.

Author

Yadav, Kumar Sachin and Keshri, Ajit Kumar

Subjects

EPIDEMIOLOGICAL models, RECURRENT neural networks, FAKE news, INTERNET security, INFECTIOUS disease transmission

Abstract

Summary: Securing an e‐commerce system using epidemic mathematical modeling with neural networks involves adapting epidemiological principles to combat the spread of misinformation. Just like how epidemiologists track the spread of diseases through populations, we can track the dissemination of fake news through online platforms. By modeling how fake news spreads, we gain insights into its propagation patterns, enabling us to develop more effective countermeasures. Neural networks, with their ability to learn from data, play a crucial role in this process by analyzing vast amounts of information to identify and mitigate the impact of fake news. One potential disadvantage of using epidemic mathematical modeling with neural networks to secure e‐commerce systems is the complexity of the approach. The epidemic‐based recurrent long short‐term memory (E‐RLSTM) technique addresses the complexity and evolving nature of fake news propagation by leveraging the strengths of recurrent neural networks (RNNs), specifically long short‐term memory (LSTM) units, within an epidemic modeling framework. One advantage of using epidemic mathematical modeling with neural networks to secure e‐commerce systems is its proactive nature. One significant finding in employing this approach is the ability to uncover hidden connections and correlations within the data. E‐RLSTM stands out by capturing temporal dynamics and integrating epidemic parameters into its LSTM architecture, ensuring robustness and adaptability in detecting and combating fake news within e‐commerce systems, outperforming other techniques in accuracy and performance. Description of the NSL‐KDD dataset offers easy access to a valuable repository for benchmarking cyber security. Contained within are more than 120,000 authentic samples of cyber‐attacks across 41 distinct categories, providing an excellent environment for testing intrusion detection systems. [ABSTRACT FROM AUTHOR]

Published

2024

10. A data-driven multi-perspective approach to cybersecurity knowledge discovery through topic modelling.

Author

Alqurashi, Fahad and Ahmad, Istiak

Abstract

Cybersecurity is crucial for protecting the privacy of digital systems, maintaining economic stability, and ensuring national security. This study presents a comprehensive approach to cybersecurity knowledge discovery through topic modelling, using a multi-perspective analysis of academic and industry sources. The datasets include 15,751 articles from the Web of Science (WoS) database and 5,831 articles from Security Magazine, spanning from 2011 to 2023. We employed BERTopic for topic modelling, UMAP for dimensionality reduction, and HDBSCAN clustering algorithm for grouping and analysing distinct article clusters to uncover latent topics, enhancing the understanding of the evolving cybersecurity landscape. This study found 12 micro-clusters and three macro-clusters, namely technology, smart city and education, from the WoS database and 12 more micro-clusters and four macro-clusters, including organization, public security, governance, and education, from magazines. This study reveals key cybersecurity research and practice trends, such as the increasing focus on malware, ransomware, and cyber-attack mitigation. Additionally, temporal analysis indicates a significant rise in cybersecurity interest around 2020, followed by a diversification of topics. The results highlight the importance of integrating diverse data sources to capture a holistic view of cybersecurity developments. Future work will aim to refine the clustering algorithms to further improve topic extraction and analysis and expand the datasets to include more diverse sources and perspectives. This approach helps discover current cybersecurity trends and provides a foundation for more targeted and effective cybersecurity strategies. [ABSTRACT FROM AUTHOR]

Published

2024

11. An approach for real-time implementation of cyber security in power system network.

Author

Bhatt, Kunal A., Iyer, Jyoti R., Gupta, Shailendra, Pandya, Vaibhav, Thawani, Raj, and Bhalja, Bhavesh R.

Subjects

*INTERNET security, *COMPUTER network security, *WIRELESS channels, *SWITCHING systems (Telecommunication), *INTERNET of things, *CYBER physical systems

Abstract

In this era of Web World-3, usage of the Internet of Things (IoT) in power system networks has attained scalable altitude. By using this technology, data can be transferred and monitored from the far end. Further, the suggested corrective actions are also executed. However, recently, many cyber-attacks have been observed on the power system in which activities such as injection of false data, unwanted switching operations, formation of sub-system layers, and false indication of failure of cyber-physical components (CpC) are experienced. In the worst case, it leads to invite cascade tripping of the power system. Utmost care is taken for the selection of CpC for the power system. However, it is observed that the cyber attackers mostly take entry into the network using the CpC of the power system. Cyber attackers perform false switching operations and false data injection. This article suggests a cyber security concept to minimize the false switching operations and false data injection in the power system network. A hardware model is prepared and the working scheme is implemented using IoT technology. The hardware result suggests that the un-authentic attempt/cyber-attack has been identified and the alarm is generated. It also does not permit the un-authentic person to access the real-time data. A wide range of applicability of the suggested scheme has been verified by hardware results. In addition to this, the power factor correction algorithm also works satisfactorily in the hardware along with the cyber security constraints. In order to prove wide range of applicability of the suggested scheme, additional features such as controlling of multiple switching devices and interlock between CB and earthing switch has been successfully implemented in developed hardware. [ABSTRACT FROM AUTHOR]

Published

2024

12. Cyber risk logics and their implications for cybersecurity.

Author

Backman, Sarah and Stevens, Tim

Subjects

*INTERNATIONAL relations theory, *IMPLICATION (Logic), *INTERNATIONAL security, *INTERNET security, *NATIONAL security, *INSTITUTIONAL logic

Abstract

Cybersecurity in national and international security is frequently discussed in an existential register. However, most cybersecurity activities are normal and routine, including diverse practices of cyber risk management. The intricacies of cyber risk and its connection to security and threat politics have received surprisingly little attention in the cyber politics literature. This article addresses this gap through a twofold theoretical proposition. The first argues that cyber risk in policy and practice inhabits a continuum between 'classical' risk and security postures. The second proposes the existence of multiple risk logics, located at different points along this continuum. To illustrate this, we outline two distinct cyber risk logics: 'risk as potential threats' and 'risk as uncertainty'. Through an exploratory case-study of cyber risk policy and guidance in the United Kingdom, we find indications of the simultaneous existence of these risk logics, including in specific organizational contexts. We propose that the 'risk as potential threats' logic, in particular, acts as a 'bridge' between conventional risk and security. We conclude by discussing how differentiating cyber risk logics facilitates a more finely grained appreciation of cybersecurity policy and practice and provides opportunities for disciplinary engagement with the organizational and institutional politics of cybersecurity and 'the international'. [ABSTRACT FROM AUTHOR]

Published

2024

13. Digital recognition: cybersecurity and internet infrastructure in UAE–Israel diplomacy.

Author

Hassib, Bassant and Shires, James

Subjects

*INTERNATIONAL relations theory, *DIGITAL technology, *INTERNET security, *CLOUD computing, *SOLE proprietorship

Abstract

The 2020 Israel–UAE Abraham Accords normalized these states' relations, with heavy emphasis on digital technologies. International Relations theories of recognition, however, hardly consider the role digital technologies play in establishing recognition between states. What role, then, did digital technologies play in this landmark shift in UAE–Israel recognition? This article uses three aspects of digital technologies in the UAE–Israel case—cybersecurity cooperation, cloud computing, and subsea cables—to inductively develop three propositions regarding the role of digital technologies in state recognition. First, states use digital technologies—and private sector companies that own and operate them—as diplomatic lubrication: a means to navigate around and overcome difficult diplomatic relationships, building momentum towards recognition. Second, digital competition between states leads them to conform their national economic structures towards global technology companies in similar ways, thereby recognizing each other as equal participants in a global market—which we term market-oriented homogenization. Third, states involved in transnational internet infrastructure projects together develop technical working practices, interests, and dependencies that facilitate diplomatic recognition—which we term infrastructural integration. Building on these three propositions, we put forward an overall concept of 'digital recognition' to capture their common theme: the influence of digital technologies, their owners or their operators on state recognition. [ABSTRACT FROM AUTHOR]

Published

2024

14. The new geopolitics of EU cybersecurity: security, economy and sovereignty.

Author

Farrand, Benjamin, Carrapico, Helena, and Turobov, Aleksei

Subjects

*ECONOMIC security, *MANUFACTURED products, *INTERNET security, *POLICY analysis, *INDUSTRIAL policy

Abstract

The European Union (EU) is currently experiencing significant geopolitical shifts and is concerned that its dependence on externally produced or foreign-owned technologies risks its strategic autonomy, with implications for its security and economy. In response, it has placed sovereignty at the forefront of its agenda and at the centre of its relations with the world. Academic literature has so far paid limited attention to understanding the interactions between geopolitics, perceptions of technological dependence, and the impact on policy governance in cybersecurity. Bearing this gap in mind, the article asks how the EU's discourse of sovereignty and reducing external dependencies is shaping its approach to cybersecurity. Applying regulatory mercantilism and policy analysis to three case-studies—focusing on control of semiconductors, data server location, and cybersecurity certification— the article finds that the EU's depiction of its cybersecurity as impacted by dependence on externally manufactured products resulted in the merging of security and economic rationales. This has translated into efforts for greater control, either through promoting production within the European physical space through security-influenced industrial policies or—when this is not possible—by exerting regulatory influence beyond Europe's borders. Where globalization is believed to have failed, regulatory mercantilism becomes more likely as a policy approach. [ABSTRACT FROM AUTHOR]

Published

2024

15. A cutting-edge intelligent cyber model for intrusion detection in IoT environments leveraging future generations networks.

Author

Mughaid, Ala, Alnajjar, Asma, El-Salhi, Subhieh M., Almakadmeh, Khaled, and AlZu'bi, Shadi

Subjects

*DENIAL of service attacks, *MACHINE learning, *SMART cities, *COMPUTER network security, *5G networks

Abstract

With 5G technology driving its expansion as the main infrastructure for pervasive connection, the Internet of Things (IoT) symbolises a paradigm-shifting interconnectivity of objects and devices. The increasing integration of IoT devices into our daily lives poses serious security and privacy risks. Every smart object in an urban setting is connected, which increases the vulnerability of IoT-based smart cities to various security risks. It is crucial to guarantee these digital urban settings' security and resilience, especially as cities become more computerised and have a dense population of linked devices. Ensuring the integrity and functionality of smart cities requires immediate attention to detecting and mitigating potential cyberattacks. This research presents an intrusion detection model derived from data extracted by simulating the SYNFLOOD attack scenario, a prominent form of Denial of Service attack in IoT security. The suggested detection model classifies, trains, and validates the imported data using the k-folds method and creates a unique detection model. The proposed model is fast and effectively enables all IoT networks to communicate information without compromising privacy. The model enhances the detection process by employing data preprocessing and balancing. In this work, the experiments' accuracy is stable, proving the model's success for the six used machine learning algorithms resulted in an excellent performance with an accuracy of 92.3% for the Decision Tree and Neural Network. [ABSTRACT FROM AUTHOR]

Published

2024

16. Enhanced DDoS Detection Using Advanced Machine Learning and Ensemble Techniques in Software Defined Networking.

Author

Butt, Hira Akhtar, Harthy, Khoula Said Al, Shah, Mumtaz Ali, Hussain, Mudassar, Amin, Rashid, and Rehman, Mujeeb Ur

Abstract

Detecting sophisticated cyberattacks, mainly Distributed Denial of Service (DDoS) attacks, with unexpected patterns remains challenging in modern networks. Traditional detection systems often struggle to mitigate such attacks in conventional and software-defined networking (SDN) environments. While Machine Learning (ML) models can distinguish between benign and malicious traffic, their limited feature scope hinders the detection of new zero-day or low-rate DDoS attacks requiring frequent retraining. In this paper, we propose a novel DDoS detection framework that combines Machine Learning (ML) and Ensemble Learning (EL) techniques to improve DDoS attack detection and mitigation in SDN environments. Our model leverages the "DDoS SDN" dataset for training and evaluation and employs a dynamic feature selection mechanism that enhances detection accuracy by focusing on the most relevant features. This adaptive approach addresses the limitations of conventional ML models and provides more accurate detection of various DDoS attack scenarios. Our proposed ensemble model introduces an additional layer of detection, increasing reliability through the innovative application of ensemble techniques. The proposed solution significantly enhances the model's ability to identify and respond to dynamic threats in SDNs. It provides a strong foundation for proactive DDoS detection and mitigation, enhancing network defenses against evolving threats. Our comprehensive runtime analysis of Simultaneous Multi-Threading (SMT) on identical configurations shows superior accuracy and efficiency, with significantly reduced computational time, making it ideal for real-time DDoS detection in dynamic, rapidly changing SDNs. Experimental results demonstrate that our model achieves outstanding performance, outperforming traditional algorithms with 99% accuracy using Random Forest (RF) and K-Nearest Neighbors (KNN) and 98% accuracy using XGBoost. [ABSTRACT FROM AUTHOR]

Published

2024

17. Total Power Factor Smart Contract with Cyber Grid Guard Using Distributed Ledger Technology for Electrical Utility Grid with Customer-Owned Wind Farm.

Author

Piesciorovsky, Emilio C., Hahn, Gary, Borges Hink, Raymond, and Werth, Aaron

Subjects

ELECTRIC power distribution grids, BLOCKCHAINS, POWER resources, INTERNET security, DATA integrity

Abstract

In modern electrical grids, the numbers of customer-owned distributed energy resources (DERs) have increased, and consequently, so have the numbers of points of common coupling (PCC) between the electrical grid and customer-owned DERs. The disruptive operation of and out-of-tolerance outputs from DERs, especially owned DERs, present a risk to power system operations. A common protective measure is to use relays located at the PCC to isolate poorly behaving or out-of-tolerance DERs from the grid. Ensuring the integrity of the data from these relays at the PCC is vital, and blockchain technology could enhance the security of modern electrical grids by providing an accurate means to translate operational constraints into actions/commands for relays. This study demonstrates an advanced power system application solution using distributed ledger technology (DLT) with smart contracts to manage the relay operation at the PCC. The smart contract defines the allowable total power factor (TPF) of the DER output, and the terms of the smart contract are implemented using DLT with a Cyber Grid Guard (CGG) system for a customer-owned DER (wind farm). This article presents flowcharts for the TPF smart contract implemented by the CGG using DLT. The test scenarios were implemented using a real-time simulator containing a CGG system and relay in-the-loop. The data collected from the CGG system were used to execute the TPF smart contract. The desired TPF limits on the grid-side were between +0.9 and +1.0, and the operation of the breakers in the electrical grid and DER sides was controlled by the relay consistent with the provisions of the smart contract. The events from the real-time simulator, CGG, and relay showed a successful implementation of the TPF smart contract with CGG using DLT, proving the efficacy of this approach in general for implementing electrical grid applications for utilities with connections to customer-owned DERs. [ABSTRACT FROM AUTHOR]

Published

2024

18. A Novel Cloud-Enabled Cyber Threat Hunting Platform for Evaluating the Cyber Risks Associated with Smart Health Ecosystems.

Author

Alabdulatif, Abdullah and Thilakarathne, Navod Neranjan

Subjects

CYBERTERRORISM, DATA privacy, CYBER intelligence (Computer security), INTERNET security, HEALTH care industry

Abstract

The fast proliferation of Internet of Things (IoT) devices has dramatically altered healthcare, increasing the efficiency and efficacy of smart health ecosystems. However, this expansion has created substantial security risks, as cybercriminals increasingly target IoT devices in order to exploit their weaknesses and relay critical health information. The rising threat landscape poses serious concerns across various domains within healthcare, where the protection of patient information and the integrity of medical devices are paramount. Smart health systems, while offering numerous benefits, are particularly vulnerable to cyber-attacks due to the integration of IoT devices and the vast amounts of data they generate. Healthcare providers, although unable to control the actions of cyber adversaries, can take proactive steps to secure their systems by adopting robust cybersecurity measures, such as strong user authentication, regular system updates, and the implementation of advanced security technologies. This research introduces a groundbreaking approach to addressing the cybersecurity challenges in smart health ecosystems through the deployment of a novel cloud-enabled cyber threat-hunting platform. This platform leverages deception technology, which involves creating decoys, traps, and false information to divert cybercriminals away from legitimate health data and systems. By using this innovative approach, the platform assesses the cyber risks associated with smart health systems, offering actionable recommendations to healthcare stakeholders on how to minimize cyber risks and enhance the security posture of IoT-enabled healthcare solutions. Overall, this pioneering research represents a significant advancement in safeguarding the increasingly interconnected world of smart health ecosystems, providing a promising strategy for defending against the escalating cyber threats faced by the healthcare industry. [ABSTRACT FROM AUTHOR]

Published

2024

19. A Survey of Advanced Border Gateway Protocol Attack Detection Techniques.

Author

Scott, Ben A., Johnstone, Michael N., and Szewczyk, Patryk

Subjects

*BGP (Computer network protocol), *ANOMALY detection (Computer security), *ROUTING systems, *INTERNET security, *DEFAULT (Finance)

Abstract

The Internet's default inter-domain routing system, the Border Gateway Protocol (BGP), remains insecure. Detection techniques are dominated by approaches that involve large numbers of features, parameters, domain-specific tuning, and training, often contributing to an unacceptable computational cost. Efforts to detect anomalous activity in the BGP have been almost exclusively focused on single observable monitoring points and Autonomous Systems (ASs). BGP attacks can exploit and evade these limitations. In this paper, we review and evaluate categories of BGP attacks based on their complexity. Previously identified next-generation BGP detection techniques remain incapable of detecting advanced attacks that exploit single observable detection approaches and those designed to evade public routing monitor infrastructures. Advanced BGP attack detection requires lightweight, rapid capabilities with the capacity to quantify group-level multi-viewpoint interactions, dynamics, and information. We term this approach advanced BGP anomaly detection. This survey evaluates 178 anomaly detection techniques and identifies which are candidates for advanced attack anomaly detection. Preliminary findings from an exploratory investigation of advanced BGP attack candidates are also reported. [ABSTRACT FROM AUTHOR]

Published

2024

20. The awareness of operators: a goal-directed task analysis in SOCs for critical infrastructure.

Author

Ofte, Håvard Jakobsen

Subjects

*INFRASTRUCTURE (Economics), *SITUATIONAL awareness, *TASK analysis, *HUMAN error, *INTERNET security

Abstract

Security operation centers (SOCs) are increasingly established to meet the growing threat against cyber security. The operators of SOCs respond to complex incidents under time constraints. Within critical infrastructure, the consequences of human error or low performance in SOCs may be detrimental. In other domains, situation awareness (SA) has proven useful to understand and measure how operators use information and decide the correct actions. Until now, SA research in SOCs has been restricted by a lack of in-depth studies of SA mechanisms. Therefore, this study is the first to conduct a goal-directed task analysis in a SOC for critical infrastructure. The study was conducted through a targeted series of unstructured and semi-structured interviews with SOC operators and their leaders complemented by a review of documents, incident reports, and in situ observation of work within the SOC and real incidents. Among the presented findings is a goal hierarchy alongside a complete overview of the decisions the operators make during escalated incidents. How the operators gain and use SA in these decisions is presented as a complete set of SA requirements. The findings are accompanied by an analysis of contextual differences in how the operators prioritize goals and use information in network incidents and security incidents. This enables a discussion of what SA processes might be automated and which would benefit from different SA models. The study provides a unique insight into the SA of SOC operators and is thus a steppingstone for bridging the knowledge gap of Cyber SA. [ABSTRACT FROM AUTHOR]

Published

2024

21. Robust Federated Learning for Mitigating Advanced Persistent Threats in Cyber-Physical Systems.

Author

Hallaji, Ehsan, Razavi-Far, Roozbeh, and Saif, Mehrdad

Subjects

FEDERATED learning, CYBER physical systems, CYBERTERRORISM, INTERNET security, SECURITY systems

Abstract

Malware triage is essential for the security of cyber-physical systems, particularly against Advanced Persistent Threats (APTs). Proper data for this task, however, are hard to come by, as organizations are often reluctant to share their network data due to security concerns. To tackle this issue, this paper presents a secure and distributed framework for the collaborative training of a global model for APT triage without compromising privacy. Using this framework, organizations can share knowledge of APTs without disclosing private data. Moreover, the proposed design employs robust aggregation protocols to safeguard the global model against potential adversaries. The proposed framework is evaluated using real-world data with 15 different APT mechanisms. To make the simulations more challenging, we assume that edge nodes have partial knowledge of APTs. The obtained results demonstrate that participants in the proposed framework can privately share their knowledge, resulting in a robust global model that accurately detects APTs with significant improvement across different model architectures. Under optimal conditions, the designed framework detects almost all APT scenarios with an accuracy of over 90 percent. [ABSTRACT FROM AUTHOR]

Published

2024

22. A Digital Twin-Based Approach for Detecting Cyber–Physical Attacks in ICS Using Knowledge Discovery.

Author

Lucchese, Marco, Salerno, Giuseppe, and Pugliese, Andrea

Subjects

INDUSTRIAL controls manufacturing, INDUSTRIAL robots, MANUFACTURING processes, DIGITAL twins, PROCESS mining

Abstract

The integration and automation of industrial processes has brought significant gains in efficiency and productivity but also elevated cybersecurity risks, especially in the process industry. This paper introduces a methodology utilizing process mining and digital twins to enhance anomaly detection in Industrial Control Systems (ICS). By converting raw device logs into event logs, we uncover patterns and anomalies indicative of cyberattacks even when such attacks are masked by normal operational data. We present a detailed case study replicating an industrial process to demonstrate the practical application of our approach. Experimental results confirm the effectiveness of our method in identifying cyber–physical attacks within a realistic industrial setting. [ABSTRACT FROM AUTHOR]

Published

2024

23. A Hybrid Genetic Algorithm and Neural Network-Based Cyber Security Approach for Enhanced Detection of DDoS and Malware Attacks in Wide Area Networks.

Author

S., Anusooya, Revathi, N., P., Sivakamasundari, Duraivel, A. N., and Prabu, S.

Subjects

DISCRETE wavelet transforms, WIDE area networks, SWARM intelligence, GENETIC algorithms, INTERNET security, DENIAL of service attacks

Abstract

This study addresses the growing threat of network attacks by exploring their types and analyzing the challenges associated with their precise detection. To mitigate these threats, we propose a novel cyber security approach that integrates Genetic Algorithm (GA) and neural network architecture. The GA is employed for the selection and optimization of attributes that represent DDoS and malware attack features. These optimized features are then fed into a neural network for training and classification. The effectiveness of the proposed approach was evaluated through precision, recall, and F-measure analyses, demonstrating superior detection capabilities for DDoS and malware attacks compared to existing methods. Furthermore, we introduce a hybrid approach that combines Swarm Intelligence (SI) and nature-inspired techniques. The GA is utilized to select features and reduce the dataset size, followed by the application of Discrete Wavelet Transform (DWT) with Artificial Bee Colony (ABC) to further filter irrelevant features. The results show that this hybrid approach significantly enhances the accuracy and efficiency of network attack detection in wide area networks. [ABSTRACT FROM AUTHOR]

Published

2024

24. Detection of DDoS Attacks using Fine-Tuned Multi-Layer Perceptron Models.

Author

Sanmorino, Ahmad, Marnisah, Luis, and Di Kesuma, Hendra

Subjects

COMPUTER network security, DENIAL of service attacks, INTERNET security, MACHINE learning

Abstract

This study addresses a major cybersecurity challenge by focusing on the detection of Distributed Denial of Service (DDoS) attacks. These attacks pose a major threat to online services by overwhelming targets with traffic from multiple sources. Traditional detection approaches often fail to adapt to changing attack patterns, necessitating advanced machine-learning techniques. This study proposes a fine-tuned Multi- Layer Perceptron (MLP) model to improve DDoS detection accuracy while reducing false positives. This study uses fine-tuning techniques, such as hyperparameter optimization and transfer learning, to build a robust and adaptive detection framework. After extensive experiments with multiple data splits and cross- validation, the fine-tuned MLP model exhibited strong performance metrics with an average accuracy of 98.5%, precision of 98.1%, recall of 97.8%, and F1 score of 97.9%. These findings demonstrate the model's ability to successfully distinguish between benign and malicious traffic, enhancing network security and resilience. By overcoming the limitations of existing detection methods, this study adds new insights to the field of cybersecurity, providing a more precise and efficient approach to DDoS detection. [ABSTRACT FROM AUTHOR]

Published

2024

25. Enhancing Internet of Things Intrusion Detection Using Artificial Intelligence.

Author

Bar, Shachar, Prasad, P. W. C., and Sayeed, Md Shohel

Subjects

GRAPH neural networks, ARTIFICIAL intelligence, FEDERATED learning, COMPUTER network traffic, MACHINE learning

Abstract

Escalating cyber security threats and the increased use of Internet of Things (IoT) devices require utilisation of the latest technologies available to supply adequate protection. The aim of Intrusion Detection Systems (IDS) is to prevent malicious attacks that corrupt operations and interrupt data flow, which might have significant impact on critical industries and infrastructure. This research examines existing IDS, based on Artificial Intelligence (AI) for IoT devices, methods, and techniques. The contribution of this study consists of identification of the most effective IDS systems in terms of accuracy, precision, recall and F1-score; this research also considers training time. Results demonstrate that Graph Neural Networks (GNN) have several benefits over other traditional AI frameworks through their ability to achieve in excess of 99% accuracy in a relatively short training time, while also capable of learning from network traffic the inherent characteristics of different cyber-attacks. These findings identify the GNN (a Deep Learning AI method) as the most efficient IDS system. The novelty of this research lies also in the linking between high yielding AI-based IDS algorithms and the AI-based learning approach for data privacy protection. This research recommends Federated Learning (FL) as the AI training model, which increases data privacy protection and reduces network data flow, resulting in a more secure and efficient IDS solution. [ABSTRACT FROM AUTHOR]

Published

2024

26. Domain knowledge free cloud-IDS with lightweight embedding method.

Author

Kim, Yongsik, Park, Gunho, and Kim, Huy Kang

Subjects

NATURAL language processing, CLOUD computing security measures, ANOMALY detection (Computer security), PERSONALLY identifiable information, SAWLOGS

Abstract

The expansion of the cloud computing market has provided a breakthrough in efficiently storing and managing data for individuals and companies. As personal and corporate data move to the cloud, diverse attacks targeting the cloud have also increased for heist beneficial information. Therefore, cloud service providers offer protective environments through diverse security solutions. However, security solutions are limited in preventing advanced attacks because it is challenging to reflect the environment of each user. This paper proposes a Cloud Intrusion Detection System (C-IDS) that adapts to each user's cloud environment and performs real-time attack detection using Natural Language Processing (NLP). Notably, the C-IDS learns the deployed client environment logs and detects anomalies using the Seq2Seq model with BI-LSTM and Bahdanau attention. We used multiple domain datasets, Linux, Windows, Hadoop, OpenStack, Apache, OpenSSH, and CICIDS2018 to verify the performance of the C-IDS. C-IDS consists of a 'recognition' that identifies logs in the deployed environment and a 'detection' that discovers anomalies. The recognition results showed an average accuracy of 98.2% for multiple domain datasets. Moreover, the detection results based on the trained model exhibited an average accuracy of 94.2% for the Hadoop, OpenStack, Apache, and CICIDS2018 datasets. [ABSTRACT FROM AUTHOR]

Published

2024

27. A novel approach of botnet detection using hybrid deep learning for enhancing security in IoT networks.

Author

Ali, Shamshair, Ghazal, Rubina, Qadeer, Nauman, Saidani, Oumaima, Alhayan, Fatimah, Masood, Anum, Saleem, Rabia, Khan, Muhammad Attique, and Gupta, Deepak

Subjects

PATTERN recognition systems, COMPUTER network security, MULTILAYER perceptrons, CYBER physical systems, DEEP learning, BOTNETS

Abstract

In an era dominated by the Internet of Things (IoT), protecting interconnected devices from botnets has become essential. This study introduces an innovative hybrid deep learning model that synergizes LSTM Auto Encoders and Multilayer Perceptrons in detecting botnets in IoTs. The fusion of these technologies facilitates the analysis of sequential data and pattern recognition, enabling the model to detect intricate botnet activities within IoT networks. The proposed model's performance was carefully evaluated on two large IoT traffic datasets, N-BAIoT2018 and UNSW-NB15, where it demonstrated exceptional accuracy of 99.77 % and 99.67 % respectively for botnet detection. These results not only demonstrate the model's superior performance over existing botnet detection systems but also highlight its potential as a robust solution for IoT network security. [ABSTRACT FROM AUTHOR]

Published

2024

28. Clop Ransomware in Action: A Comprehensive Analysis of Its Multi-Stage Tactics.

Author

Lee, Yongjoon, Lee, Jaeil, Ryu, Dojin, Park, Hansol, and Shin, Dongkyoo

Subjects

INTERNET security, RANSOMWARE, COMPUTER hacking, DIRECTORIES, LOGISTICS

Abstract

Recently, Clop ransomware attacks targeting non-IT fields such as distribution, logistics, and manufacturing have been rapidly increasing. These advanced attacks are particularly concentrated on Active Directory (AD) servers, causing significant operational and financial disruption to the affected organizations. In this study, the multi-step behavior of Clop ransomware was deeply investigated to decipher the sequential techniques and strategies of attackers. One of the key insights uncovered is the vulnerability in AD administrator accounts, which are often used as a primary point of exploitation. This study aims to provide a comprehensive analysis that enables organizations to develop a deeper understanding of the multifaceted threats posed by Clop ransomware and to build more strategic and robust defenses against them. [ABSTRACT FROM AUTHOR]

Published

2024

29. An improved transformer‐based model for detecting phishing, spam and ham emails: A large language model approach.

Author

Jamal, Suhaima, Wimmer, Hayden, and Sarker, Iqbal H.

Subjects

*SOCIAL engineering (Fraud), *LANGUAGE models, *ARTIFICIAL intelligence, *CYBER intelligence (Computer security), *PHISHING, *SPAM email

Abstract

Phishing and spam have been a cybersecurity threat with the majority of breaches resulting from these types of social engineering attacks. Therefore, detection has been a long‐standing challenge for both academic and industry researcher. New and innovative approaches are required to keep up with the growing sophistication of threat actors. One such illumination which has vast potential are large language models (LLM). LLM emerged and already demonstrated their potential to transform society and provide new and innovative approaches to solve well‐established challenges. Phishing and spam have caused financial hardships and lost time and resources to email users all over the world and frequently serve as an entry point for ransomware threat actors. While detection approaches exist, especially heuristic‐based approaches, LLMs offer the potential to venture into a new unexplored area for understanding and solving this challenge. LLMs have rapidly altered the landscape from business, consumers, and throughout academia and demonstrate transformational potential to profoundly impact the society. Based on this, applying these new and innovative approaches to email detection is a rational next step in academic research. In this work, we present IPSDM, an improved phishing spam detection model based on fine‐tuning the BERT family of models to specifically detect phishing and spam emails. We demonstrate our fine‐tuned version, IPSDM, is able to better classify emails in both unbalanced and balanced datasets. Moreover, IPSDM consistently outperforms the baseline models in terms of classification accuracy, precision, recall, and F1‐score, while concurrently mitigating overfitting concerns. [ABSTRACT FROM AUTHOR]

Published

2024

30. Applications of Fuzzy Logic and Probabilistic Neural Networks in E-Service for Malware Detection.

Author

Kuk, Kristijan, Stanojević, Aleksandar, Čisar, Petar, Popović, Brankica, Jovanović, Mihailo, Stanković, Zoran, and Pronić-Rančić, Olivera

Subjects

*ARTIFICIAL neural networks, *FEATURE selection, *APRIORI algorithm, *FUZZY logic, *INTERNET security

Abstract

The key point in the process of agent-based management in e-service for malware detection (according to accuracy criteria) is a decision-making process. To determine the optimal e-service for malware detection, two concepts were investigated: Fuzzy Logic (FL) and Probabilistic Neural Networks (PNN). In this study, three evolutionary variants of fuzzy partitioning, including regular, hierarchical fuzzy partitioning, and k-means, were used to automatically process the design of the fuzzy partition. Also, this study demonstrates the application of a feature selection method to reduce the dimensionality of the data by removing irrelevant features to create fuzzy logic in a dataset. The behaviors of malware are analyzed by fuzzifying relevant features for pattern recognition. The Apriori algorithm was applied to the fuzzified features to find the fuzzy-based rules, and these rules were used for predicting the output of malware detection e-services. Probabilistic neural networks were also used to find the ideal agent-based model for numerous classification problems. The numerical results show that the agent-based management performances trained with the clustering method achieve an accuracy of 100% with the PNN-MCD model. This is followed by the FL model, which classifies on the basis of linguistic variables and achieves an average accuracy of 82%. [ABSTRACT FROM AUTHOR]

Published

2024

31. Evading Cyber-Attacks on Hadoop Ecosystem: A Novel Machine Learning-Based Security-Centric Approach towards Big Data Cloud.

Author

Sharma, Neeraj A., Kumar, Kunal, Khorshed, Tanzim, Ali, A B M Shawkat, Khalid, Haris M., Muyeen, S. M., and Jose, Linju

Subjects

*VIRTUAL machine systems, *CLOUD computing security measures, *BIG data, *CYBERTERRORISM, *HYPERVISOR (Computer software)

Abstract

The growing industry and its complex and large information sets require Big Data (BD) technology and its open-source frameworks (Apache Hadoop) to (1) collect, (2) analyze, and (3) process the information. This information usually ranges in size from gigabytes to petabytes of data. However, processing this data involves web consoles and communication channels which are prone to intrusion from hackers. To resolve this issue, a novel machine learning (ML)-based security-centric approach has been proposed to evade cyber-attacks on the Hadoop ecosystem while considering the complexity of Big Data in Cloud (BDC). An Apache Hadoop-based management interface "Ambari" was implemented to address the variation and distinguish between attacks and activities. The analyzed experimental results show that the proposed scheme effectively (1) blocked the interface communication and retrieved the performance measured data from (2) the Ambari-based virtual machine (VM) and (3) BDC hypervisor. Moreover, the proposed architecture was able to provide a reduction in false alarms as well as cyber-attack detection. [ABSTRACT FROM AUTHOR]

Published

2024

32. BRL-ETDM: Bayesian reinforcement learning-based explainable threat detection model for industry 5.0 network.

Author

Dey, Arun Kumar, Gupta, Govind P., and Sahu, Satya Prakash

Subjects

*CYBERTERRORISM, *FEATURE selection, *PLURALITY voting, *INTERNET security, *SWARMING (Zoology)

Abstract

To enhance the universal adaptability of the Real-Time deployment of Industry 5.0, various machine learning-based cyber threat detection models are given in the literature. Most of the existing threat detection models may not be able to detect zero-day cyber threats and are prone to producing a high False Positive Rate (FPR) due to irrelevant features and imbalanced class samples. Furthermore, its predictive decisions are also difficult to comprehend even by security experts. Consequently, an intelligent and more robust model is needed to mitigate zero-day cyber threats. This study proposes an explainable model named BRL-ETDM for detecting cyber threats in Industry 5.0. In this model, features are optimized by Bayesian Reinforcement Learning (BRL)-based Bee Swarm Optimization (BSO) technique in which the exploitation phase of BSO is improved by the BRL technique. Then, an improved weighted majority voting-based ensemble technique is designed to enhance threat detection performance. Additionally, an explainable AI technique is employed to explain the threat predictions. This model is tested and validated using two realistic datasets named Edge-IIoTset and ToN-IoT. Experimental results show that the proposed model achieved a maximum accuracy of 96.15% with a minimum number of features and FPR of 0.27% as compared to existing techniques. [ABSTRACT FROM AUTHOR]

Published

2024

33. Operational cyber incident coordination revisited: providing cyber situational awareness across organizations and countries.

Author

Leitner, Maria, Skopik, Florian, and Pahi, Timea

Subjects

*SITUATIONAL awareness, *COMPUTER security, *INTERNET security, *KNOWLEDGE management, *WEB-based user interfaces

Abstract

Cyber situational awareness (CSA) is a prerequisite for justified decision-making and to maintain cyber security. This becomes particularly complex when establishing inter-organizational awareness across sectors. For example, computer security incident response teams (CSIRTs) and national cyber security centers need to establish CSA among countries when coordinating regional cyber incident response. Today's state of the art of information sharing across larger numbers of organizations is often still the least common denominator in the shape of web-based forms and email reports. These are easily applicable by almost everyone who wants to report findings even in stressful situations. However, these do not prove to be efficient for the coordinator that aggregates and merges the data. Therefore, a cyber coordination platform using online surveys is proposed. This approach uses surveys to collect, aggregate and visualize data in a dashboard to support cyber coordination and knowledge management. Furthermore, the online surveys are easy to use and respond to and therefore simplify the participation of stakeholders. We propose an architecture and implement a prototype using popular web application frameworks. The evaluation in a user study revealed promising results with respect to increased efficiency and decreased resource requirements for establishing situational awareness. [ABSTRACT FROM AUTHOR]

Published

2024

34. ДО ПРОБЛЕМИ ВИЗНАЧЕННЯ ТА РОЗМЕЖУВАННЯ ДЕФІНІЦІЙ «ІНФОРМАЦІЙНА БЕЗПЕКА» І «КІБЕРБЕЗПЕКА»

Author

Г. А., Гончаренко

Abstract

The article is devoted to the problem of definition and comparison of definitions, in particular in the context of information and cyber security. The main emphasis is placed on the analysis of existing scientific approaches to the definition of these concepts, with the aim of identifying common and distinctive features between them. Different interpretations of terms in domestic and international scientific literature are studied, paying attention to their development in connection with modern challenges in the information space. Taking into account the different approaches to the definition of the terms «information security» and «cyber security» available both in science and in practice, this study compares domestic and international definitions, analyzes legislative and scientific literature, taking into account the impact of new technologies on the formation of modern definitions in the field information security. The main attention is paid to methodological approaches to the construction of definitions, their accuracy, comprehensibility and applicability in different contexts. Emphasis is placed on the need to agree on a terminology that would adequately reflect the modern challenges and risks that the state faces in the field of information and cyber security. The importance of a clear demarcation of concepts for effective legal regulation and practical application is also emphasized, emphasis is placed on the need to unify terminology and the development of standards for the construction of clear and unambiguous definitions, attention is drawn to the importance of an interdisciplinary approach in the process of creating definitions, which allows taking into account the specifics of various scientific areas. The novelty of the work lies in a comprehensive approach to the analysis of definitions, which makes it possible not only to identify key differences and similarities between different interpretations, but also to offer recommendations for their improvement. Having analyzed examples from various fields, demonstrating how ambiguous or incorrect definitions can lead to misunderstandings and errors in scientific research and practical application, the author offers his own methodology for assessing the quality of these definitions, which can be used to improve scientific communication and increase the accuracy of terminology, in the author's vision of the definitions of «information security» and «cyber security» is published for the first time in the article, taking into account the security component and interdisciplinary nature. This makes the article an important contribution to the scientific debate on the development of terminology in the field of information and cyber security. The main aspects of the article are the analysis of different approaches to the definition of information and cyber security, the comparison of definitions by national and international researchers, the proposal of new, integrated approaches to understanding these concepts, and the discussion of practical aspects of the application of these definitions in the field of national security. [ABSTRACT FROM AUTHOR]

Published

2024

35. ПИТАННЯ ЗАХИСТУ ПЕРСОНАЛЬНИХ ДАНИХ ПРИ ВИКОРИСТАННІ ХМАРНИХ ТЕХНОЛОГІЙ

Author

Н. Т., Головацький

Abstract

It is indicated that in today's digital world, where the amount of stored and processed data is growing at a frantic pace, issues of personal data protection are becoming increasingly important. With the proliferation of cloud technologies that allow companies and individuals to store and process information on remote servers, a new spectrum of threats to data privacy and security is emerging. The article examines the issue of personal data protection when using cloud technologies, in particular, the need to integrate legal and technological aspects to ensure comprehensive protection. The impact of international regulatory acts, such as GDPR (General Data Protection Regulation) and CCPA (California Consumer Privacy Protection Act), on cloud data protection processes is analyzed. Particular attention is paid to problems arising from differences in the legal regimes of different countries, which complicate data management at the international level. The article examines in detail modern technical solutions, such as data encryption and multifactor authentication, which are key elements in protecting confidential information. These technologies have been found to provide a high level of protection, but also have their vulnerabilities. Based on this, it is proposed to invest in the latest technologies, in particular quantum encryption and artificial intelligence, to improve the effectiveness of data protection. Practical cases of data leaks are separately considered, which emphasize the importance of proper configuration of security systems and regular monitoring. Analysis of the results of empirical research shows the need to adapt business processes to changes in the regulatory environment and introduce new technologies to reduce risks. Based on the received data, recommendations for organizations are formulated, which include reviewing data protection policies, investing in modern technologies and training employees. The conclusions of the article emphasize the need for a comprehensive approach to ensuring the protection of personal data in cloud environments. This involves taking into account both modern technologies and current legal requirements to ensure adequate data protection and minimize possible risks. [ABSTRACT FROM AUTHOR]

Published

2024

36. DEEP LEARNING BASED NETWORK INTRUSION DETECTION.

Author

HARMAN, Güneş and CENGİZ, Emine

Subjects

CONVOLUTIONAL neural networks, TECHNOLOGICAL innovations, COMPUTER network security, INTERNET security, STATISTICAL sampling, INTRUSION detection systems (Computer security), DEEP learning

Abstract

Copyright of SDU Journal of Engineering Sciences & Design / Mühendislik Bilimleri ve Tasarım Dergisi is the property of Journal of Engineering Sciences & Design and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2024

37. Surveillance and Five Eyes: Changing Dimensions of India's Cyber Security.

Author

Santhosh, Krishnapriya, Kurian, Anju Lis, and Sebastian, Jobin

Subjects

INTERNET security, DIGITAL technology, DATA protection, ASSETS (Accounting), CONVERSATION

Abstract

Cyber security becomes more challenging in the interconnected global environment when digital borders surpass physical boundaries. This study closely looks into the dynamic interactions that exist between the Five Eyes Alliance's widespread surveillance tactics and India's cyber security resilience. Amid this complex web of international data protection dynamics, the tactics used by India provide insights into the difficulties faced and the creative solutions advancing the country's digital defence. A thorough understanding of India's response to the evolving threats posed by the cooperative intelligence efforts of Five Eyes' alliance is shedding light on the multifaceted dimensions of the country's cyber security posture as it navigates this challenging terrain. This investigation adds significant information to the larger conversation on global cyber security by highlighting the necessity of flexible tactics and creative solutions for protecting digital assets, both globally and domestically in India. [ABSTRACT FROM AUTHOR]

Published

2024

38. Protecting Digital Assets: Government Initiatives and NGOs Participation.

Author

Sharma, Anupam

Subjects

INTERNET security, CYBERTERRORISM, INTERNET in public administration, NONGOVERNMENTAL organizations, GOVERNMENT agencies

Abstract

Digital assets are an indispensable part of human life and have taken shape as valuable assets in sentimental and monetary forms. Being valuable, these digital assets need to be protected with a specific security set-up including a trained army of technocrats, government machinery, NGOs and experts engaged in similar activities. This army of all stakeholders will help to protect the people and motivate them to protect their digital assets. The number and role of NGOs have grown dramatically in a welfare society and they have become a bridge between government and the common people. These NGOs are generally formed by like-minded persons and organisations such as government machinery, technocrats, private organisations, lawyers, academicians, techno-savvy people, police personnel and students to bring awareness to the common people on protecting digital assets. The present research article shows that in future, a new set of institutional linkage between state agencies and NGOs needs to be explored and researched into. [ABSTRACT FROM AUTHOR]

Published

2024

39. Network Intrusion Detection Method Based on Improved Multi-factorial Optimization Bat Algorithm.

Author

ZHANG Zhen, ZHANG Siyuan, and TIAN Hongpeng

Abstract

In addressing the challenge of diminished intrusion detection accuracy resulting from the abundance of redundant and irrelevant features in high-dimensional network data, an improved multi-factorial optimization bat algorithm (IMFBA) was introduced for precise data feature selection, with the ultimate goal of improving network intrusion detection accuracy. Within the multi-factorial optimization framework, global and local feature selection tasks were formulated. Information exchange between these tasks was facilitated by selection and vertical cultural transmission operators, strategically designed based on the bat algorithm. The global feature selection task was accelerated in identifying optimal solution spaces, thereby enhancing the algorithm's convergence speed and stability. By incorporating the reverse learning strategy and differential evolution into the bat algorithm, the initial solution selection stage and individual updating process were refined to address the absence of a mutation mechanism, fostering solution diversity and aiding the algorithm in escaping local optima. An adaptive parameter adjustment strategy was introduced, determining weightings for guiding individual updates based on potential optimal solution quality. This could mitigate the risk of knowledge negative transfer during multi-task feature selection, achieving a balance between global exploration and local exploitation. The feature subsets selected by IMFBA demonstrate classification accuracy of 95.37% and 85.14% on the KDD CUP 99 and NSL-KDD intrusion detection datasets, respectively. This reflected increased by 3.01 percentage points and 9.78 percentage points compared to the complete dataset. Experiment results confirm the efficacy of EMFBA in selecting higher-quality feature subsets and, consequently, enhancing network intrusion detection accuracy. [ABSTRACT FROM AUTHOR]

Published

2024

40. Building capability and community through cyber-incident response exercises.

Author

Ricks, Matthew

Subjects

INFORMATION technology security, DISASTER resilience, CYBERTERRORISM, INTERNET security, INDUSTRIAL management

Abstract

While a natural disaster or related threat may impact an organisation at some point, it is more likely (even inevitable) that it will be the victim of a cyber attack. The solution to being better prepared for these imminent attacks is to undertake more lightweight and frequent incident response (IR) exercises to help build capabilities and community through a tighter, recurring cycle of planning, conducting and assessing. To boost the facilitation of IR exercises, organisations must leverage the established relationships between business continuity management (BCM) or resilience staff (both of which are familiar with business continuity and disaster recovery exercises), and their information security office. As BCM will ultimately be involved in response and recovery after a cyber attack, it is intuitively more effective to collaborate with BCM in advance. Indeed, it has been substantiated that BCM engagement improves incident response time and reduces incident response costs. This paper concludes that involving BCM or resilience departments in IR exercises contributes to more effective responses to actual incidents. [ABSTRACT FROM AUTHOR]

Published

2024

41. A hierarchical hybrid intrusion detection model for industrial internet of things.

Author

Wang, Zhendong, Yang, Xin, Zeng, Zhiyuan, He, Daojing, and Chan, Sammy

Subjects

FEATURE selection, DEEP learning, INTERNET of things, INTERNET security, INTRUSION detection systems (Computer security), FALSE alarms

Abstract

With the continual evolution of network technologies, the Internet of Things (IoT) has permeated various sectors of society. However, over the past decade, the annual discovery of cyberattacks has shown an exponential surge, inflicting severe damage to economic development. Aiming at the high false alarm rate, poor classification performance and overfitting problems in current intrusion detection systems, this paper proposes an efficient hierarchical intrusion detection model named ET-DCANET. Initially, the extreme random tree algorithm is employed for feature selection to meticulously curate the optimal feature subset. Subsequently, the dilated convolution and dual attention mechanism (including channel attention and spatial attention) are introduced, and a strategy of gradual transition from coarse-grained learning to fine-grained learning is proposed by gradually narrowing the expansion rate of cavity convolution, and the DCNN and dual attention modules are progressively refined to effectively utilize the synergy of DCNN and Attention to extract spatial and temporal features. This gradual transition from coarse-grained learning to fine-grained learning helps to better balance global and local information when dealing with complex data, and improves the performance and generalization ability of the model. To confront the class imbalance issue within the dataset, a novel loss function, EQLv2, is introduced as a substitute for the conventional cross-entropy (CE) loss. This innovation directs the model's focus toward minority class samples, ultimately enhancing the overall performance of the model. The proposed model shows excellent intrusion detection on the NSL-KDD, UNSW-NB15, and X-IIoTID datasets with accuracy rates of 99.68%, 98.50%, and 99.85%, respectively. [ABSTRACT FROM AUTHOR]

Published

2024

42. X-Detect: explainable adversarial patch detection for object detectors in retail.

Author

Hofman, Omer, Giloni, Amit, Hayun, Yarin, Morikawa, Ikuya, Shimizu, Toshiya, Elovici, Yuval, and Shabtai, Asaf

Subjects

OBJECT recognition (Computer vision), COMPUTER vision, DIGITAL technology, INTERNET security, FALSE alarms

Abstract

Object detection models, which are widely used in various domains (such as retail), have been shown to be vulnerable to adversarial attacks. Existing methods for detecting adversarial attacks on object detectors have had difficulty detecting new real-life attacks. We present X-Detect, a novel adversarial patch detector that can: (1) detect adversarial samples in real time, allowing the defender to take preventive action; (2) provide explanations for the alerts raised to support the defender's decision-making process, and (3) handle unfamiliar threats in the form of new attacks. Given a new scene, X-Detect uses an ensemble of explainable-by-design detectors that utilize object extraction, scene manipulation, and feature transformation techniques to determine whether an alert needs to be raised. X-Detect was evaluated in both the physical and digital space using five different attack scenarios (including adaptive attacks) and the benchmark COCO dataset and our new Superstore dataset. The physical evaluation was performed using a smart shopping cart setup in real-world settings and included 17 adversarial patch attacks recorded in 1700 adversarial videos. The results showed that X-Detect outperforms the state-of-the-art methods in distinguishing between benign and adversarial scenes for all attack scenarios while maintaining a 0% FPR (no false alarms) and providing actionable explanations for the alerts raised. A demo is available. [ABSTRACT FROM AUTHOR]

Published

2024

43. Anomaly Detection Using Data Rate of Change on Medical Data.

Author

Rim, Kwang-Cheol, Yoon, Young-Min, Kim, Sung-Uk, and Kim, Jeong-In

Subjects

ANOMALY detection (Computer security), NON-fungible tokens, INTERNET security, SHARED virtual environments, RESEARCH & development

Abstract

The identification and mitigation of anomaly data, characterized by deviations from normal patterns or singularities, stand as critical endeavors in modern technological landscapes, spanning domains such as Non-Fungible Tokens (NFTs), cyber-security, and the burgeoning metaverse. This paper presents a novel proposal aimed at refining anomaly detection methodologies, with a particular focus on continuous data streams. The essence of the proposed approach lies in analyzing the rate of change within such data streams, leveraging this dynamic aspect to discern anomalies with heightened precision and efficacy. Through empirical evaluation, our method demonstrates a marked improvement over existing techniques, showcasing more nuanced and sophisticated result values. Moreover, we envision a trajectory of continuous research and development, wherein iterative refinement and supplementation will tailor our approach to various anomaly detection scenarios, ensuring adaptability and robustness in real-world applications. [ABSTRACT FROM AUTHOR]

Published

2024

44. The Impact of Artificial Intelligence on Cyber Security.

Author

STOICA, Andrei-Alexandru, GHENADE, Adrian, and PICA, Aurel Stefan

Subjects

ARTIFICIAL intelligence, CYBER intelligence (Computer security), INTERNET security, DATA protection, PUBLIC law

Abstract

This article aims to present a broad analysis of the impact that artificial intelligence has on cyber security and the advantages and disadvantages that its implementation can bring regarding national security and data protection. The paper aims to describe the current usages of artificial intelligence in civilian and state applications as well as to identify potential future uses for technology. It will focus on how important its employment can help security overall. We will also analyse current levels of cyber security from a legal, technical and administrative point of view and the focus will be on how important artificial intelligence is towards handling specific tasks regarding security in the European Union, United States of America and the People's Republic of China. Furthermore, we will present advantages and disadvantages concerning artificial intelligence in different key domains such as cyberspace and intelligence surveillance and reconnaissance (ISR), mostly on how these are impacted by unmanned devices. [ABSTRACT FROM AUTHOR]

Published

2024

45. 面向稳控系统E1通道的网络靶场实验台的 设计与实现.

Author

童和钦, 许剑冰, 梁师哲, 麦成, and 徐海波

Abstract

Copyright of Electric Power is the property of Electric Power Editorial Office and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2024

46. FinSafeNet: securing digital transactions using optimized deep learning and multi-kernel PCA(MKPCA) with Nyström approximation

Author

Ahmad Raza Khan, Shaik Shakeel Ahamad, Shailendra Mishra, Mohd Abdul Rahim Khan, Sunil Kumar Sharma, Abdullah AlEnizi, Osama Alfarraj, Majed Alowaidi, and Manoj Kumar

Subjects

Digital banking, Cyber security, Deep learning, FinSafeNet, I-SLOA, MKPCA with Nyström approximation, Medicine, Science

Abstract

Abstract With the swift advancement of technology and growing popularity of internet in business and communication, cybersecurity posed a global threat. This research focuses new Deep Learning (DL) model referred as FinSafeNet to secure loose cash transactions over the digital banking channels. FinSafeNet is based on a Bi-Directional Long Short-Term Memory (Bi-LSTM), a Convolutional Neural Network (CNN) and an additional dual attention mechanism to study the transaction data and influence the observation of various security threats. One such aspect is, relying these databases in most of the cases imposes a great technical challenge towards effective real time transaction security. FinSafeNet draws attention to the attack and reproductive phases of Hierarchical Particle Swarm Optimization (HPSO) feature selection technique simulating it in a battle for extreme time performance called the Improved Snow-Lion optimization Algorithm (I-SLOA). Upon that, the model then applies the Multi-Kernel Principal Component Analysis (MKPCA) accompanied by Nyström Approximation for handling the MKPCA features. MKPCA seeks to analyze and understand a non-linear structure of data whereas, Nyström Approximation reduces the burden on computational power hence allows the model to work in situations where large sizes of datasets are available but with no loss of efficiency of the model. This causes FinSafeNet to work easily and still be able to make accurate forecasts. Besides tackling feature selection and dimensionality reduction, the model presents advanced correlation measures as well as Joint Mutual Information Maximization to enhance variable correlation analysis. These improvements further help the model to detect the relevant features in transaction data that may present a threat to the security of the system. When tested on commonly used database for testing banks performance, for instance the Paysim database, FinSafeNet significantly improves upon the previous and fundamental approaches, achieving accuracy of 97.8%.

Published

2024

47. Data Leakage of the Indonesian Elections Commission in Legal Aspects of Personal Data Protection

Author

Frendika suda utama, Didik Endro Purwoleksono, and Taufik Rachman

Subjects

data leaks, cyber security, privacy, personal data, Law in general. Comparative and uniform law. Jurisprudence, K1-7720

Abstract

Hackers illegally accessed the Indonesian General Elections Commission’s (KPU) voter data system to collect voter data to sell to third parties. The regulation requires accountability for voter data leakage to protect people’s privacy rights in Indonesia’s personal data protection concept. Legal analysis of the modus operandi of personal data sales cases results in patterns of information system vulnerabilities, which can then be used to prevent personal data leakage and improve voter data protection in Indonesian elections. One of the reasons for passing the personal data protection law is the rampant cases of confidential data leakage that occur in government and private institutions in Indonesia. Hackers of voter data systems aim to profit from personal data sold to third parties. The role of the cybersecurity task force team needs to be improved with more concrete arrangements in law enforcement, and mitigating voter data leakage can provide legitimacy for the implementation of credible, reliable, and professional elections in Indonesia. Establishing the task force will optimize the application of voter data systems in conducting general elections in Indonesia and improve personal data protection.

Published

2024

48. ARTIFICIAL INTELLIGENCE TECHNOLOGIES: A NEW ERA FOR CRIME PREVENTION

Author

George ȚICAL

Subjects

artificial intelligence, public order, crime prevention, predictive analytics, intelligent video surveillance, algorithmic discrimination, cyber security, ethics in technology, civil rights, intersectoral collaboration, protecting critical infrastructures, emergency and disaster management, Military Science

Abstract

In recent decades, technological progress and the development of Artificial Intelligence (AI) have profoundly transformed the way modern societies operate, interact and ensure security. AI has become an essential tool in the field of public order, providing innovative solutions that have enabled law enforcement to accomplish their mission with increased efficiency and precision. This text explores the possible possibilities of AI in public policy, highlighting its use in crime prevention, predictive analytics, intelligent video surveillance, assisting in investigations, protecting critical infrastructure, managing emergencies and contributing to citizen engagement. Ethical and legal challenges associated with the integration of AI are also discussed, such as privacy and protection of personal data, algorithmic discrimination, impact on civil liberties, and cybersecurity vulnerabilities. The paper highlights the need for a balanced approach to the adoption of AI in public policy, which includes the development of responsible policies and regulations, ensuring transparency and accountability of authorities, as well as collaboration between policy makers, technical experts, human rights organizations and citizens, to promote . a just and secure society.

Published

2024

49. Domain knowledge free cloud-IDS with lightweight embedding method

Author

Yongsik Kim, Gunho Park, and Huy Kang Kim

Subjects

Cloud computing, Cyber security, Natural language processing, Intrusion detection system, Anomaly detection, CICIDS-2018 dataset, Computer engineering. Computer hardware, TK7885-7895, Electronic computers. Computer science, QA75.5-76.95

Abstract

Abstract The expansion of the cloud computing market has provided a breakthrough in efficiently storing and managing data for individuals and companies. As personal and corporate data move to the cloud, diverse attacks targeting the cloud have also increased for heist beneficial information. Therefore, cloud service providers offer protective environments through diverse security solutions. However, security solutions are limited in preventing advanced attacks because it is challenging to reflect the environment of each user. This paper proposes a Cloud Intrusion Detection System (C-IDS) that adapts to each user’s cloud environment and performs real-time attack detection using Natural Language Processing (NLP). Notably, the C-IDS learns the deployed client environment logs and detects anomalies using the Seq2Seq model with BI-LSTM and Bahdanau attention. We used multiple domain datasets, Linux, Windows, Hadoop, OpenStack, Apache, OpenSSH, and CICIDS2018 to verify the performance of the C-IDS. C-IDS consists of a ‘recognition’ that identifies logs in the deployed environment and a ‘detection’ that discovers anomalies. The recognition results showed an average accuracy of 98.2% for multiple domain datasets. Moreover, the detection results based on the trained model exhibited an average accuracy of 94.2% for the Hadoop, OpenStack, Apache, and CICIDS2018 datasets.

Published

2024

50. A novel approach of botnet detection using hybrid deep learning for enhancing security in IoT networks

Author

Shamshair Ali, Rubina Ghazal, Nauman Qadeer, Oumaima Saidani, Fatimah Alhayan, Anum Masood, Rabia Saleem, Muhammad Attique Khan, and Deepak Gupta

Subjects

Cyber security, IoT Botnets, Unknown cyber-attacks, IoT networks, Cyber-physical systems, Zero-day vulnerability, Engineering (General). Civil engineering (General), TA1-2040

Abstract

In an era dominated by the Internet of Things (IoT), protecting interconnected devices from botnets has become essential. This study introduces an innovative hybrid deep learning model that synergizes LSTM Auto Encoders and Multilayer Perceptrons in detecting botnets in IoTs. The fusion of these technologies facilitates the analysis of sequential data and pattern recognition, enabling the model to detect intricate botnet activities within IoT networks. The proposed model's performance was carefully evaluated on two large IoT traffic datasets, N-BAIoT2018 and UNSW-NB15, where it demonstrated exceptional accuracy of 99.77 % and 99.67 % respectively for botnet detection. These results not only demonstrate the model's superior performance over existing botnet detection systems but also highlight its potential as a robust solution for IoT network security.

Published

2024