1
|
Gunduz MZ, Das R. Smart Grid Security: An Effective Hybrid CNN-Based Approach for Detecting Energy Theft Using Consumption Patterns. Sensors (Basel) 2024; 24:1148. [PMID: 38400308 PMCID: PMC10893418 DOI: 10.3390/s24041148] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Subscribe] [Scholar Register] [Received: 01/05/2024] [Revised: 01/30/2024] [Accepted: 02/02/2024] [Indexed: 02/25/2024]
Abstract
In Internet of Things-based smart grids, smart meters record and report a massive number of power consumption data at certain intervals to the data center of the utility for load monitoring and energy management. Energy theft is a big problem for smart meters and causes non-technical losses. Energy theft attacks can be launched by malicious consumers by compromising the smart meters to report manipulated consumption data for less billing. It is a global issue causing technical and financial damage to governments and operators. Deep learning-based techniques can effectively identify consumers involved in energy theft through power consumption data. In this study, a hybrid convolutional neural network (CNN)-based energy-theft-detection system is proposed to detect data-tampering cyber-attack vectors. CNN is a commonly employed method that automates the extraction of features and the classification process. We employed CNN for feature extraction and traditional machine learning algorithms for classification. In this work, honest data were obtained from a real dataset. Six attack vectors causing data tampering were utilized. Tampered data were synthetically generated through these attack vectors. Six separate datasets were created for each attack vector to design a specialized detector tailored for that specific attack. Additionally, a dataset containing all attack vectors was also generated for the purpose of designing a general detector. Furthermore, the imbalanced dataset problem was addressed through the application of the generative adversarial network (GAN) method. GAN was chosen due to its ability to generate new data closely resembling real data, and its application in this field has not been extensively explored. The data generated with GAN ensured better training for the hybrid CNN-based detector on honest and malicious consumption patterns. Finally, the results indicate that the proposed general detector could classify both honest and malicious users with satisfactory accuracy.
Collapse
Affiliation(s)
- Muhammed Zekeriya Gunduz
- Department of Computer Science and Technology, Vocational School of Technical Sciences, Bingöl University, Bingöl 12000, Türkiye
| | - Resul Das
- Department of Software Engineering, Technology Faculty, Firat University, Elazığ 23119, Türkiye;
| |
Collapse
|
2
|
Ji IH, Lee JH, Kang MJ, Park WJ, Jeon SH, Seo JT. Artificial Intelligence-Based Anomaly Detection Technology over Encrypted Traffic: A Systematic Literature Review. Sensors (Basel) 2024; 24:898. [PMID: 38339615 PMCID: PMC10857182 DOI: 10.3390/s24030898] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Grants] [Track Full Text] [Subscribe] [Scholar Register] [Received: 10/31/2023] [Revised: 12/31/2023] [Accepted: 01/26/2024] [Indexed: 02/12/2024]
Abstract
As cyber-attacks increase in unencrypted communication environments such as the traditional Internet, protected communication channels based on cryptographic protocols, such as transport layer security (TLS), have been introduced to the Internet. Accordingly, attackers have been carrying out cyber-attacks by hiding themselves in protected communication channels. However, the nature of channels protected by cryptographic protocols makes it difficult to distinguish between normal and malicious network traffic behaviors. This means that traditional anomaly detection models with features from packets extracted a deep packet inspection (DPI) have been neutralized. Recently, studies on anomaly detection using artificial intelligence (AI) and statistical characteristics of traffic have been proposed as an alternative. In this review, we provide a systematic review for AI-based anomaly detection techniques over encrypted traffic. We set several research questions on the review topic and collected research according to eligibility criteria. Through the screening process and quality assessment, 30 research articles were selected with high suitability to be included in the review from the collected literature. We reviewed the selected research in terms of dataset, feature extraction, feature selection, preprocessing, anomaly detection algorithm, and performance indicators. As a result of the literature review, it was confirmed that various techniques used for AI-based anomaly detection over encrypted traffic were used. Some techniques are similar to those used for AI-based anomaly detection over unencrypted traffic, but some technologies are different from those used for unencrypted traffic.
Collapse
Affiliation(s)
- Il Hwan Ji
- Department of Information Security, Gachon University, Seongnam-si 1342, Republic of Korea; (I.H.J.); (J.H.L.)
| | - Ju Hyeon Lee
- Department of Information Security, Gachon University, Seongnam-si 1342, Republic of Korea; (I.H.J.); (J.H.L.)
| | - Min Ji Kang
- Department of Computer Engineering (Smart Security), Gachon University, Seongnam-si 1342, Republic of Korea; (M.J.K.); (S.H.J.)
| | - Woo Jin Park
- Department of Software, Gachon University, Seongnam-si 1342, Republic of Korea;
| | - Seung Ho Jeon
- Department of Computer Engineering (Smart Security), Gachon University, Seongnam-si 1342, Republic of Korea; (M.J.K.); (S.H.J.)
| | - Jung Taek Seo
- Department of Computer Engineering, Gachon University, Seongnam-si 1342, Republic of Korea
| |
Collapse
|
3
|
Žvanut B, Mihelič A. Qualitative study on domestic social robot adoption and associated security concerns among older adults in Slovenia. Front Psychol 2024; 15:1343077. [PMID: 38333061 PMCID: PMC10850379 DOI: 10.3389/fpsyg.2024.1343077] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 11/22/2023] [Accepted: 01/12/2024] [Indexed: 02/10/2024] Open
Abstract
Introduction Despite the increasing use of domestic social robots by older adults, there remains a significant knowledge gap regarding attitudes, concerns, and potential adoption behavior in this population. This study aims to categorize older adults into distinct technology adoption groups based on their attitudes toward domestic social robots and their behavior in using the existing technology. Methods An exploratory qualitative research design was used, involving semi-structured interviews with 24 retired Slovenian older adults aged 65 years or older, conducted between 26 June and 14 September 2023. Results Four distinct groups of older adults were identified: (1) Cautious Optimists, (2) Skeptical Traditionalists, (3) Positive Optimists, and (4) Technophiles based on eight characteristics. Discussion These groups can be aligned with the categories of the Diffusion of Innovation Theory. Privacy and security concerns, influenced by varying levels of familiarity with the technology, pose barriers to adoption. Perceived utility and ease of use vary considerably between groups, highlighting the importance of taking into account the different older adults. The role of social influence in the adoption process is complex, with some groups being more receptive to external opinions, while others exhibit more autonomous decision-making.
Collapse
Affiliation(s)
- Boštjan Žvanut
- Department of Nursing, Faculty of Health Sciences, University of Primorska, Izola, Slovenia
| | - Anže Mihelič
- Faculty of Criminal Justice and Security, University of Maribor, Ljubljana, Slovenia
| |
Collapse
|
4
|
Sheik AT, Maple C, Epiphaniou G, Dianati M. Securing Cloud-Assisted Connected and Autonomous Vehicles: An In-Depth Threat Analysis and Risk Assessment. Sensors (Basel) 2023; 24:241. [PMID: 38203103 DOI: 10.3390/s24010241] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Subscribe] [Scholar Register] [Received: 10/23/2023] [Revised: 12/04/2023] [Accepted: 12/14/2023] [Indexed: 01/12/2024]
Abstract
As threat vectors and adversarial capabilities evolve, Cloud-Assisted Connected and Autonomous Vehicles (CCAVs) are becoming more vulnerable to cyberattacks. Several established threat analysis and risk assessment (TARA) methodologies are publicly available to address the evolving threat landscape. However, these methodologies inadequately capture the threat data of CCAVs, resulting in poorly defined threat boundaries or the reduced efficacy of the TARA. This is due to multiple factors, including complex hardware-software interactions, rapid technological advancements, outdated security frameworks, heterogeneous standards and protocols, and human errors in CCAV systems. To address these factors, this study begins by systematically evaluating TARA methods and applying the Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, and Elevation of privileges (STRIDE) threat model and Damage, Reproducibility, Exploitability, Affected Users, and Discoverability (DREAD) risk assessment to target system architectures. This study identifies vulnerabilities, quantifies risks, and methodically examines defined data processing components. In addition, this study offers an attack tree to delineate attack vectors and provides a novel defense taxonomy against identified risks. This article demonstrates the efficacy of the TARA in systematically capturing compromised security requirements, threats, limits, and associated risks with greater precision. By doing so, we further discuss the challenges in protecting hardware-software assets against multi-staged attacks due to emerging vulnerabilities. As a result, this research informs advanced threat analyses and risk management strategies for enhanced security engineering of cyberphysical CCAV systems.
Collapse
Affiliation(s)
- Al Tariq Sheik
- Warwick Manufacturing Group (WMG), University of Warwick, Coventry CV4 7AL, UK
| | - Carsten Maple
- Warwick Manufacturing Group (WMG), University of Warwick, Coventry CV4 7AL, UK
| | - Gregory Epiphaniou
- Warwick Manufacturing Group (WMG), University of Warwick, Coventry CV4 7AL, UK
| | - Mehrdad Dianati
- Warwick Manufacturing Group (WMG), University of Warwick, Coventry CV4 7AL, UK
| |
Collapse
|
5
|
Guidetti OA, Speelman CP, Bouhlas P. The WACDT, a modern vigilance task for network defense. Front Neurogenom 2023; 4:1215497. [PMID: 38234483 PMCID: PMC10790921 DOI: 10.3389/fnrgo.2023.1215497] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Figures] [Subscribe] [Scholar Register] [Received: 05/02/2023] [Accepted: 10/23/2023] [Indexed: 01/19/2024]
Abstract
Vigilance decrement refers to a psychophysiological decline in the capacity to sustain attention to monotonous tasks after prolonged periods. A plethora of experimental tasks exist for researchers to study vigilance decrement in classic domains such as driving and air traffic control and baggage security; however, the only cyber vigilance tasks reported in the research literature exist in the possession of the United States Air Force (USAF). Moreover, existent cyber vigilance tasks have not kept up with advances in real-world cyber security and consequently no longer accurately reflect the cognitive load associated with modern network defense. The Western Australian Cyber Defense Task (WACDT) was designed, engineered, and validated. Elements of network defense command-and-control consoles that influence the trajectory of vigilance can be adjusted within the WACDT. These elements included cognitive load, event rate, signal salience and workload transitions. Two forms of the WACDT were tested. In static trials, each element was adjusted to its maximum level of processing difficulty. In dynamic trials, these elements were set to increase from their minimum to their maximum values. Vigilance performance in static trials was shown to improve over time. In contrast, dynamic WACDT trials were characterized by vigilance performance declines. The WACDT provides the civilian human factors research community with an up-to-date and validated vigilance task for network defense accessible to civilian researchers.
Collapse
Affiliation(s)
- Oliver A. Guidetti
- Edith Cowan University, Joondalup, WA, Australia
- Western Australian Department of the Premier and Cabinet, Perth, WA, Australia
- The Cyber Security Research Cooperative, Joondalup, WA, Australia
| | | | - Peter Bouhlas
- Western Australian Department of the Premier and Cabinet, Perth, WA, Australia
| |
Collapse
|
6
|
Gzyl H, ter Horst E, Peña-Garcia N, Torres A. Understanding the Feature Space and Decision Boundaries of Commercial WAFs Using Maximum Entropy in the Mean. Entropy (Basel) 2023; 25:1476. [PMID: 37998168 PMCID: PMC10670514 DOI: 10.3390/e25111476] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Subscribe] [Scholar Register] [Received: 08/10/2023] [Revised: 09/24/2023] [Accepted: 09/26/2023] [Indexed: 11/25/2023]
Abstract
The security of a network requires the correct identification and characterization of the attacks through its ports. This involves the follow-up of all the requests for access to the networks by all kinds of users. We consider the frequency of connections and the type of connections to a network, and determine their joint probability. This leads to the problem of determining a joint probability distribution from the knowledge of its marginals in the presence of errors of measurement. Mathematically, this consists of an ill-posed linear problem with convex constraints, which we solved by the method of maximum entropy in the mean. This procedure is flexible enough to accommodate errors in the data in a natural way. Also, the procedure is model-free and, hence, it does not require fitting unknown parameters.
Collapse
Affiliation(s)
- Henryk Gzyl
- Centro de Finanzas IESA, Caracas 1010, Venezuela;
| | - Enrique ter Horst
- School of Management, Universidad de los Andes, Bogota 111711, Colombia
| | | | - Andres Torres
- School of Management, Universidad de los Andes, Bogota 111711, Colombia
| |
Collapse
|
7
|
Dart M, Ahmed M. Evaluating Staff Attitudes, Intentions, and Behaviors Related to Cyber Security in Large Australian Health Care Environments: Mixed Methods Study. JMIR Hum Factors 2023; 10:e48220. [PMID: 37792450 PMCID: PMC10585427 DOI: 10.2196/48220] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 04/16/2023] [Revised: 06/20/2023] [Accepted: 07/24/2023] [Indexed: 10/05/2023] Open
Abstract
BACKGROUND Previous studies have identified that the effective management of cyber security in large health care environments is likely to be significantly impacted by human and social factors, as well as by technical controls. However, there have been limited attempts to confirm this by using measured and integrated studies to identify specific user motivations and behaviors that can be managed to achieve improved outcomes. OBJECTIVE This study aims to document and analyze survey and interview data from a diverse range of health care staff members, to determine the primary motivations and behaviors that influence their acceptance and application of cyber security messaging and controls. By identifying these issues, recommendations can be made to positively influence future cyber security governance in health care. METHODS An explanatory sequential mixed methods approach was undertaken to analyze quantitative data from a web-based staff survey (N=103), with a concurrent qualitative investigation applied to data gathered via in-depth staff interviews (N=9). Data from both stages of this methodology were mapped to descriptive variables based on a modified version of the Technology Acceptance Model (TAM; TAM2). After normalization, the quantitative data were verified and analyzed using descriptive statistics, distribution and linearity measures, and a bivariate correlation of the TAM variables to identify the Pearson coefficient (r) and significance (P) values. Finally, after confirming Cronbach α, the determinant score for multicollinearity, and the Kaiser-Meyer-Olkin measure, and applying the Bartlett test of sphericity (χ2), an exploratory factor analysis (EFA) was conducted to identify the primary factors with an eigenvalue (λ) >1.0. Comments captured during the qualitative interviews were coded using NVivo software (QSR International) to create an emic-to-etic understanding, which was subsequently integrated with the quantitative results to produce verified conclusions. RESULTS Using the explanatory sequential methodology, this study showed that the perceived usefulness of security controls emerged as the most significant factor influencing staff beliefs and behaviors. This variable represented 24% of all the variances measured in the EFA and was also the most common category identified across all coded interviews (281/692, 40.6%). The word frequency analysis showed that systems, patients, and people represented the top 3 recurring themes reported by the interviewees. CONCLUSIONS To improve cyber security governance in large health care environments, efforts should be focused on demonstrating how confidentiality, integrity, availability, policies, and cloud or vendor-based controls (the main contributors of usefulness measured by the EFA) can directly improve outcomes for systems, staff, and patients. Further consideration also needs to be given to how clinicians should share data and collaborate on patient care, with tools and processes provided to support and manage data sharing securely and to achieve a consistent baseline of secure and normalized behaviors.
Collapse
Affiliation(s)
- Martin Dart
- School of Science, Edith Cowan University, Joondalup, Australia
| | - Mohiuddin Ahmed
- School of Science, Edith Cowan University, Joondalup, Australia
| |
Collapse
|
8
|
Mahalingam A, Perumal G, Subburayalu G, Albathan M, Altameem A, Almakki RS, Hussain A, Abbas Q. ROAST-IoT: A Novel Range-Optimized Attention Convolutional Scattered Technique for Intrusion Detection in IoT Networks. Sensors (Basel) 2023; 23:8044. [PMID: 37836874 PMCID: PMC10575244 DOI: 10.3390/s23198044] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Grants] [Track Full Text] [Subscribe] [Scholar Register] [Received: 09/04/2023] [Revised: 09/17/2023] [Accepted: 09/22/2023] [Indexed: 10/15/2023]
Abstract
The Internet of Things (IoT) has significantly benefited several businesses, but because of the volume and complexity of IoT systems, there are also new security issues. Intrusion detection systems (IDSs) guarantee both the security posture and defense against intrusions of IoT devices. IoT systems have recently utilized machine learning (ML) techniques widely for IDSs. The primary deficiencies in existing IoT security frameworks are their inadequate intrusion detection capabilities, significant latency, and prolonged processing time, leading to undesirable delays. To address these issues, this work proposes a novel range-optimized attention convolutional scattered technique (ROAST-IoT) to protect IoT networks from modern threats and intrusions. This system uses the scattered range feature selection (SRFS) model to choose the most crucial and trustworthy properties from the supplied intrusion data. After that, the attention-based convolutional feed-forward network (ACFN) technique is used to recognize the intrusion class. In addition, the loss function is estimated using the modified dingo optimization (MDO) algorithm to ensure the maximum accuracy of classifier. To evaluate and compare the performance of the proposed ROAST-IoT system, we have utilized popular intrusion datasets such as ToN-IoT, IoT-23, UNSW-NB 15, and Edge-IIoT. The analysis of the results shows that the proposed ROAST technique did better than all existing cutting-edge intrusion detection systems, with an accuracy of 99.15% on the IoT-23 dataset, 99.78% on the ToN-IoT dataset, 99.88% on the UNSW-NB 15 dataset, and 99.45% on the Edge-IIoT dataset. On average, the ROAST-IoT system achieved a high AUC-ROC of 0.998, demonstrating its capacity to distinguish between legitimate data and attack traffic. These results indicate that the ROAST-IoT algorithm effectively and reliably detects intrusion attacks mechanism against cyberattacks on IoT systems.
Collapse
Affiliation(s)
- Anandaraj Mahalingam
- Department of Information Technology, PSNA College of Engineering and Technology, Dindigul 624622, Tamil Nadu, India
| | - Ganeshkumar Perumal
- College of Computer and Information Sciences, Imam Mohammad Ibn Saud Islamic University (IMSIU), Riyadh 11432, Saudi Arabia (M.A.); (A.A.); (R.S.A.)
| | - Gopalakrishnan Subburayalu
- Department of Information Technology, Hindustan Institute of Technology and Science, Chennai 603103, Tamil Nadu, India
| | - Mubarak Albathan
- College of Computer and Information Sciences, Imam Mohammad Ibn Saud Islamic University (IMSIU), Riyadh 11432, Saudi Arabia (M.A.); (A.A.); (R.S.A.)
| | - Abdullah Altameem
- College of Computer and Information Sciences, Imam Mohammad Ibn Saud Islamic University (IMSIU), Riyadh 11432, Saudi Arabia (M.A.); (A.A.); (R.S.A.)
| | - Riyad Saleh Almakki
- College of Computer and Information Sciences, Imam Mohammad Ibn Saud Islamic University (IMSIU), Riyadh 11432, Saudi Arabia (M.A.); (A.A.); (R.S.A.)
| | - Ayyaz Hussain
- Department of Computer Science, Quaid-i-Azam University, Islamabad 44000, Pakistan;
| | - Qaisar Abbas
- College of Computer and Information Sciences, Imam Mohammad Ibn Saud Islamic University (IMSIU), Riyadh 11432, Saudi Arabia (M.A.); (A.A.); (R.S.A.)
| |
Collapse
|
9
|
Aslam MM, Tufail A, Kim KH, Apong RAAHM, Raza MT. A Comprehensive Study on Cyber Attacks in Communication Networks in Water Purification and Distribution Plants: Challenges, Vulnerabilities, and Future Prospects. Sensors (Basel) 2023; 23:7999. [PMID: 37766053 PMCID: PMC10536937 DOI: 10.3390/s23187999] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Subscribe] [Scholar Register] [Received: 08/16/2023] [Revised: 09/14/2023] [Accepted: 09/18/2023] [Indexed: 09/29/2023]
Abstract
In recent years, the Internet of Things (IoT) has had a big impact on both industry and academia. Its profound impact is particularly felt in the industrial sector, where the Industrial Internet of Things (IIoT), also known as Industry 4.0, is revolutionizing manufacturing and production through the fusion of cutting-edge technologies and network-embedded sensing devices. The IIoT revolutionizes several industries, including crucial ones such as oil and gas, water purification and distribution, energy, and chemicals, by integrating information technology (IT) with industrial control and automation systems. Water, a vital resource for life, is a symbol of the advancement of technology, yet knowledge of potential cyberattacks and their catastrophic effects on water treatment facilities is still insufficient. Even seemingly insignificant errors can have serious consequences, such as aberrant pH values or fluctuations in the concentration of hydrochloric acid (HCI) in water, which can result in fatalities or serious diseases. The water purification and distribution industry has been the target of numerous hostile cyber security attacks, some of which have been identified, revealed, and documented in this paper. Our goal is to understand the range of security threats that are present in this industry. Through the lens of IIoT, the survey provides a technical investigation that covers attack models, actual cases of cyber intrusions in the water sector, a range of security difficulties encountered, and preventative security solutions. We also explore upcoming perspectives, illuminating the predicted advancements and orientations in this dynamic subject. For industrial practitioners and aspiring scholars alike, our work is a useful, enlightening, and current resource. We want to promote a thorough grasp of the cybersecurity landscape in the water industry by combining key insights and igniting group efforts toward a safe and dependable digital future.
Collapse
Affiliation(s)
- Muhammad Muzamil Aslam
- School of Digital Science, Universiti Brunei Darussalam, Gadong BE1410, Brunei; (M.M.A.); (A.T.); (R.A.A.H.M.A.)
| | - Ali Tufail
- School of Digital Science, Universiti Brunei Darussalam, Gadong BE1410, Brunei; (M.M.A.); (A.T.); (R.A.A.H.M.A.)
| | - Ki-Hyung Kim
- Department of Cyber Security, Ajou University, Suwon 16499, Republic of Korea
| | | | - Muhammad Taqi Raza
- Department of Electrical and Computer Engineering, The University of Massachusetts Amherst, Amherst, MA 01003, USA;
| |
Collapse
|
10
|
Lilhore UK, Manoharan P, Simaiya S, Alroobaea R, Alsafyani M, Baqasah AM, Dalal S, Sharma A, Raahemifar K. HIDM: Hybrid Intrusion Detection Model for Industry 4.0 Networks Using an Optimized CNN-LSTM with Transfer Learning. Sensors (Basel) 2023; 23:7856. [PMID: 37765912 PMCID: PMC10535139 DOI: 10.3390/s23187856] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Subscribe] [Scholar Register] [Received: 03/06/2023] [Revised: 04/13/2023] [Accepted: 04/25/2023] [Indexed: 09/29/2023]
Abstract
Industrial automation systems are undergoing a revolutionary change with the use of Internet-connected operating equipment and the adoption of cutting-edge advanced technology such as AI, IoT, cloud computing, and deep learning within business organizations. These innovative and additional solutions are facilitating Industry 4.0. However, the emergence of these technological advances and the quality solutions that they enable will also introduce unique security challenges whose consequence needs to be identified. This research presents a hybrid intrusion detection model (HIDM) that uses OCNN-LSTM and transfer learning (TL) for Industry 4.0. The proposed model utilizes an optimized CNN by using enhanced parameters of the CNN via the grey wolf optimizer (GWO) method, which fine-tunes the CNN parameters and helps to improve the model's prediction accuracy. The transfer learning model helps to train the model, and it transfers the knowledge to the OCNN-LSTM model. The TL method enhances the training process, acquiring the necessary knowledge from the OCNN-LSTM model and utilizing it in each next cycle, which helps to improve detection accuracy. To measure the performance of the proposed model, we conducted a multi-class classification analysis on various online industrial IDS datasets, i.e., ToN-IoT and UNW-NB15. We have conducted two experiments for these two datasets, and various performance-measuring parameters, i.e., precision, F-measure, recall, accuracy, and detection rate, were calculated for the OCNN-LSTM model with and without TL and also for the CNN and LSTM models. For the ToN-IoT dataset, the OCNN-LSTM with TL model achieved a precision of 92.7%; for the UNW-NB15 dataset, the precision was 94.25%, which is higher than OCNN-LSTM without TL.
Collapse
Affiliation(s)
- Umesh Kumar Lilhore
- Department of Computer Science and Engineering, Chandigarh University, Gharuan, Mohali 140413, India
| | - Poongodi Manoharan
- College of Science and Engineering, Hamad Bin Khalifa University, Qatar Foundation, Doha P.O Box 5825, Qatar
| | - Sarita Simaiya
- Apex Institute of Technology (CSE), Chandigarh University, Gharuan, Mohali 140413, India
| | - Roobaea Alroobaea
- Department of Computer Science, College of Computers and Information Technology, Taif University, P.O. Box 11099, Taif 21944, Saudi Arabia
| | - Majed Alsafyani
- Department of Computer Science, College of Computers and Information Technology, Taif University, P.O. Box 11099, Taif 21944, Saudi Arabia
| | - Abdullah M. Baqasah
- Department of Information Technology, College of Computers and Information Technology, Taif University, P.O. Box 11099, Taif 21974, Saudi Arabia
| | - Surjeet Dalal
- Amity School of Engineering and Technology, Amity University, Gurugram 122412, India
| | - Ashish Sharma
- Department of Computer Engineering and Applications, GLA University, Mathura 281406, India
| | - Kaamran Raahemifar
- Data Science and Artificial Intelligence Program, College of Information Sciences and Technology, Penn State University, State College, PA 16801, USA
- School of Optometry and Vision Science, Faculty of Science, University of Waterloo, 200 University, Waterloo, ON N2L3G1, Canada
- Faculty of Engineering, University of Waterloo, 200 University Ave W., Waterloo, ON N2L3G1, Canada
| |
Collapse
|
11
|
Nobili M. Review OSINT tool for social engineering. Front Big Data 2023; 6:1169636. [PMID: 37719683 PMCID: PMC10504660 DOI: 10.3389/fdata.2023.1169636] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 02/19/2023] [Accepted: 07/31/2023] [Indexed: 09/19/2023] Open
Abstract
In recent years, we observed an increase in cyber threats, especially social engineering attacks. By social engineering, we mean a set of techniques and tools to collect information about a person or target to extort sensitive information. Such information might be used for (industrial) espionage, to blackmail the user, or represent the starting point to perform malicious cyber attacks against the individual or, more often, against the organization they work for. The human factor is often the most vulnerable element in the security of any system, and the mass of information we disseminate online largely facilitates social engineering activities. To prevent and mitigate social engineering attacks, Open Source INTelligence (OSINT) techniques and tools can be used to evaluate the level of exposition of an individual or an organization. OSINT is the collection of information through open sources, that is, sources not protected by copyright or privacy. The article reviews the main OSINT tools for countering and preventing social engineering attacks. Specifically, it proposes the different tools diving them accordingly to the specific information they allow to track (e-mail, social profiles, phone numbers, etc.).
Collapse
Affiliation(s)
- Martina Nobili
- Unit of Automatic Control, Department of Engineering, Universitá Campus Bio-Medico di Roma, Rome, Italy
| |
Collapse
|
12
|
Sobb T, Turnbull B, Moustafa N. A Holistic Review of Cyber-Physical-Social Systems: New Directions and Opportunities. Sensors (Basel) 2023; 23:7391. [PMID: 37687846 PMCID: PMC10490255 DOI: 10.3390/s23177391] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Subscribe] [Scholar Register] [Received: 07/30/2023] [Revised: 08/15/2023] [Accepted: 08/22/2023] [Indexed: 09/10/2023]
Abstract
A Cyber-Physical-Social System (CPSS) is an evolving subset of Cyber-Physical Systems (CPS), which involve the interlinking of the cyber, physical, and social domains within a system-of-systems mindset. CPSS is in a growing state, which combines secure digital technologies with physical systems (e.g., sensors and actuators) and incorporates social aspects (e.g., human interactions and behaviors, and societal norms) to facilitate automated and secure services to end-users and organisations. This paper reviews the field of CPSS, especially in the scope of complexity theory and cyber security to determine its impact on CPS and social media's influence activities. The significance of CPSS lies in its potential to provide solutions to complex societal problems that are difficult to address through traditional approaches. With the integration of physical, social, and cyber components, CPSS can realize the full potential of IoT, big data analytics, and machine learning, leading to increased efficiency, improved sustainability and better decision making. CPSS presents exciting opportunities for innovation and advancement in multiple domains, improving the quality of life for people around the world. Research challenges to CPSS include the integration of hard and soft system components within all three domains, in addition to sociological metrics, data security, processing optimization and ethical implications. The findings of this paper note key research trends in the fields of CPSS, and recent novel contributions, followed by identified research gaps and future work.
Collapse
Affiliation(s)
| | - Benjamin Turnbull
- School of Systems and Computing, University of New South Wales, Canberra 2612, Australia; (T.S.); (N.M.)
| | | |
Collapse
|
13
|
Jang W, Kim H, Seo H, Kim M, Yoon M. SELID: Selective Event Labeling for Intrusion Detection Datasets. Sensors (Basel) 2023; 23:6105. [PMID: 37447954 DOI: 10.3390/s23136105] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Grants] [Track Full Text] [Subscribe] [Scholar Register] [Received: 06/07/2023] [Revised: 06/26/2023] [Accepted: 06/29/2023] [Indexed: 07/15/2023]
Abstract
A large volume of security events, generally collected by distributed monitoring sensors, overwhelms human analysts at security operations centers and raises an alert fatigue problem. Machine learning is expected to mitigate this problem by automatically distinguishing between true alerts, or attacks, and falsely reported ones. Machine learning models should first be trained on datasets having correct labels, but the labeling process itself requires considerable human resources. In this paper, we present a new selective sampling scheme for efficient data labeling via unsupervised clustering. The new scheme transforms the byte sequence of an event into a fixed-size vector through content-defined chunking and feature hashing. Then, a clustering algorithm is applied to the vectors, and only a few samples from each cluster are selected for manual labeling. The experimental results demonstrate that the new scheme can select only 2% of the data for labeling without degrading the F1-score of the machine learning model. Two datasets, a private dataset from a real security operations center and a public dataset from the Internet for experimental reproducibility, are used.
Collapse
Affiliation(s)
- Woohyuk Jang
- Department of Computer Science, Kookmin University, 77, Jeongneung-ro, Seongbuk-gu, Seoul 02707, Republic of Korea
| | - Hyunmin Kim
- Department of Computer Science, Kookmin University, 77, Jeongneung-ro, Seongbuk-gu, Seoul 02707, Republic of Korea
| | - Hyungbin Seo
- Department of Computer Science, Kookmin University, 77, Jeongneung-ro, Seongbuk-gu, Seoul 02707, Republic of Korea
| | - Minsong Kim
- Department of Computer Science, Kookmin University, 77, Jeongneung-ro, Seongbuk-gu, Seoul 02707, Republic of Korea
| | - Myungkeun Yoon
- Department of Computer Science, Kookmin University, 77, Jeongneung-ro, Seongbuk-gu, Seoul 02707, Republic of Korea
| |
Collapse
|
14
|
Sheikh ZA, Singh Y, Singh PK, Gonçalves PJS. Defending the Defender: Adversarial Learning Based Defending Strategy for Learning Based Security Methods in Cyber-Physical Systems (CPS). Sensors (Basel) 2023; 23:5459. [PMID: 37420626 DOI: 10.3390/s23125459] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Grants] [Track Full Text] [Subscribe] [Scholar Register] [Received: 05/09/2023] [Revised: 05/26/2023] [Accepted: 06/06/2023] [Indexed: 07/09/2023]
Abstract
Cyber-Physical Systems (CPS) are prone to many security exploitations due to a greater attack surface being introduced by their cyber component by the nature of their remote accessibility or non-isolated capability. Security exploitations, on the other hand, rise in complexities, aiming for more powerful attacks and evasion from detections. The real-world applicability of CPS thus poses a question mark due to security infringements. Researchers have been developing new and robust techniques to enhance the security of these systems. Many techniques and security aspects are being considered to build robust security systems; these include attack prevention, attack detection, and attack mitigation as security development techniques with consideration of confidentiality, integrity, and availability as some of the important security aspects. In this paper, we have proposed machine learning-based intelligent attack detection strategies which have evolved as a result of failures in traditional signature-based techniques to detect zero-day attacks and attacks of a complex nature. Many researchers have evaluated the feasibility of learning models in the security domain and pointed out their capability to detect known as well as unknown attacks (zero-day attacks). However, these learning models are also vulnerable to adversarial attacks like poisoning attacks, evasion attacks, and exploration attacks. To make use of a robust-cum-intelligent security mechanism, we have proposed an adversarial learning-based defense strategy for the security of CPS to ensure CPS security and invoke resilience against adversarial attacks. We have evaluated the proposed strategy through the implementation of Random Forest (RF), Artificial Neural Network (ANN), and Long Short-Term Memory (LSTM) on the ToN_IoT Network dataset and an adversarial dataset generated through the Generative Adversarial Network (GAN) model.
Collapse
Affiliation(s)
- Zakir Ahmad Sheikh
- Department of Computer Science and Information Technology, Central University of Jammu, Rahya Suchani, Bagla, Jammu 181143, India
| | - Yashwant Singh
- Department of Computer Science and Information Technology, Central University of Jammu, Rahya Suchani, Bagla, Jammu 181143, India
| | - Pradeep Kumar Singh
- STME, Narsee Monjee Institute of Management Studies (NMIMS) Deemed to be University, Maharashtra 400056, India
| | | |
Collapse
|
15
|
Kutschera S, Slany W, Ratschiller P, Gursch S, Dagenborg H. MRNG: Accessing Cosmic Radiation as an Entropy Source for a Non-Deterministic Random Number Generator. Entropy (Basel) 2023; 25:854. [PMID: 37372198 DOI: 10.3390/e25060854] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Subscribe] [Scholar Register] [Received: 03/28/2023] [Revised: 05/17/2023] [Accepted: 05/23/2023] [Indexed: 06/29/2023]
Abstract
Privacy and security require not only strong algorithms but also reliable and readily available sources of randomness. To tackle this problem, one of the causes of single-event upsets is the utilization of a non-deterministic entropy source, specifically ultra-high energy cosmic rays. An adapted prototype based on existing muon detection technology was used as the methodology during the experiment and tested for its statistical strength. Our results show that the random bit sequence extracted from the detections successfully passed established randomness tests. The detections correspond to cosmic rays recorded using a common smartphone during our experiment. Despite the limited sample, our work provides valuable insights into the use of ultra-high energy cosmic rays as an entropy source.
Collapse
Affiliation(s)
- Stefan Kutschera
- Institute of Software Technology, Graz University of Technology, 8010 Graz, Austria
| | - Wolfgang Slany
- Institute of Software Technology, Graz University of Technology, 8010 Graz, Austria
| | - Patrick Ratschiller
- Institute of Software Technology, Graz University of Technology, 8010 Graz, Austria
| | - Sarina Gursch
- Institute of Software Technology, Graz University of Technology, 8010 Graz, Austria
| | - Håvard Dagenborg
- Department of Computer Science, UiT the Arctic University of Norway, 9037 Tromsø, Norway
| |
Collapse
|
16
|
Reeves A, Ashenden D. Understanding decision making in security operations centres: building the case for cyber deception technology. Front Psychol 2023; 14:1165705. [PMID: 37292498 PMCID: PMC10245128 DOI: 10.3389/fpsyg.2023.1165705] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 02/14/2023] [Accepted: 05/09/2023] [Indexed: 06/10/2023] Open
Abstract
Introduction A Security Operations Centre (SOC) is a command centre where analysts monitor network activity, analyse alerts, investigate potential threats, and respond to incidents. By analysing data activities around the clock, SOC teams are crucial in ensuring the prompt detection and response to security incidents. SOC analysts work under considerable pressure to triage and respond to alerts in very short time frames. Cyber deception technology offers the promise of buying SOC analysts more time to respond by wasting the resources and time of attackers, yet such technology remains underutilised. Method We carried out a series of interviews with experts to uncover the barriers which prevent the effective implementation of cyber deception in SOCs. Results By using thematic analysis on the data, it was clear that while cyber deception technology is promising it is hindered by a lack of use cases, limited empirical research that demonstrates the efficacy of the technology, hesitancy to embrace a more active form of cyber defence, issues surrounding the over promising of results by off-the-shelf vendors, and an aversion to interrupting the decision-making processes of SOC analysts. Discussion Taking this last point about the decision-making processes of SOC analysts we make the case that naturalistic decision making (NDM) would help us better understand how SOC analysts make decisions and how cyber deception technology could be used to best effect.
Collapse
|
17
|
Darwish SM, Farhan DA, Elzoghabi AA. Building an Effective Classifier for Phishing Web Pages Detection: A Quantum-Inspired Biomimetic Paradigm Suitable for Big Data Analytics of Cyber Attacks. Biomimetics (Basel) 2023; 8:biomimetics8020197. [PMID: 37218783 DOI: 10.3390/biomimetics8020197] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 03/11/2023] [Revised: 05/01/2023] [Accepted: 05/05/2023] [Indexed: 05/24/2023] Open
Abstract
To combat malicious domains, which serve as a key platform for a wide range of attacks, domain name service (DNS) data provide rich traces of Internet activities and are a powerful resource. This paper presents new research that proposes a model for finding malicious domains by passively analyzing DNS data. The proposed model builds a real-time, accurate, middleweight, and fast classifier by combining a genetic algorithm for selecting DNS data features with a two-step quantum ant colony optimization (QABC) algorithm for classification. The modified two-step QABC classifier uses K-means instead of random initialization to place food sources. In order to overcome ABCs poor exploitation abilities and its convergence speed, this paper utilizes the metaheuristic QABC algorithm for global optimization problems inspired by quantum physics concepts. The use of the Hadoop framework and a hybrid machine learning approach (K-mean and QABC) to deal with the large size of uniform resource locator (URL) data is one of the main contributions of this paper. The major point is that blacklists, heavyweight classifiers (those that use more features), and lightweight classifiers (those that use fewer features and consume the features from the browser) may all be improved with the use of the suggested machine learning method. The results showed that the suggested model could work with more than 96.6% accuracy for more than 10 million query-answer pairs.
Collapse
Affiliation(s)
- Saad M Darwish
- Department of Information Technology, Institute of Graduate Studies and Research, Alexandria University, 163 Horreya Avenue, El Shatby 21526, Alexandria P.O. Box 832, Egypt
| | - Dheyauldeen A Farhan
- Department of Computer Science, Al-Maarif University College, Ramadi 31001, Iraq
| | - Adel A Elzoghabi
- Department of Information Technology, Institute of Graduate Studies and Research, Alexandria University, 163 Horreya Avenue, El Shatby 21526, Alexandria P.O. Box 832, Egypt
| |
Collapse
|
18
|
Fatani A, Dahou A, Abd Elaziz M, Al-Qaness MAA, Lu S, Alfadhli SA, Alresheedi SS. Enhancing Intrusion Detection Systems for IoT and Cloud Environments Using a Growth Optimizer Algorithm and Conventional Neural Networks. Sensors (Basel) 2023; 23:s23094430. [PMID: 37177634 PMCID: PMC10181590 DOI: 10.3390/s23094430] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Subscribe] [Scholar Register] [Received: 02/12/2023] [Revised: 04/07/2023] [Accepted: 04/18/2023] [Indexed: 05/15/2023]
Abstract
Intrusion detection systems (IDS) play a crucial role in securing networks and identifying malicious activity. This is a critical problem in cyber security. In recent years, metaheuristic optimization algorithms and deep learning techniques have been applied to IDS to improve their accuracy and efficiency. Generally, optimization algorithms can be used to boost the performance of IDS models. Deep learning methods, such as convolutional neural networks, have also been used to improve the ability of IDS to detect and classify intrusions. In this paper, we propose a new IDS model based on the combination of deep learning and optimization methods. First, a feature extraction method based on CNNs is developed. Then, a new feature selection method is used based on a modified version of Growth Optimizer (GO), called MGO. We use the Whale Optimization Algorithm (WOA) to boost the search process of the GO. Extensive evaluation and comparisons have been conducted to assess the quality of the suggested method using public datasets of cloud and Internet of Things (IoT) environments. The applied techniques have shown promising results in identifying previously unknown attacks with high accuracy rates. The MGO performed better than several previous methods in all experimental comparisons.
Collapse
Affiliation(s)
- Abdulaziz Fatani
- School of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan 430074, China
- Computer Science Department, Umm Al-Qura University, Makkah 24381, Saudi Arabia
| | - Abdelghani Dahou
- Faculty of Computer Sciences and Mathematics, Ahmed Draia University, Adrar 01000, Algeria
| | - Mohamed Abd Elaziz
- Department of Mathematics, Faculty of Science, Zagazig University, Zagazig 44519, Egypt
- Artificial Intelligence Research Center (AIRC), Ajman University, Ajman 346, United Arab Emirates
- Department of Artificial Intelligence Science and Engineering, Galala University, Suze 435611, Egypt
- Department of Electrical and Computer Engineering, Lebanese American University, Byblos 13-5053, Lebanon
| | - Mohammed A A Al-Qaness
- College of Physics and Electronic Information Engineering, Zhejiang Normal University, Jinhua 321004, China
| | - Songfeng Lu
- Hubei Engineering Research Center on Big Data Security, School of Cyber Science and Engineering, Huazhong University of Science and Technology, Wuhan 430074, China
- Shenzhen Huazhong University of Science and Technology Research Institute, Shenzhen 518057, China
| | - Saad Ali Alfadhli
- Department of Computer Techniques Engineering, Imam Al-Kadhum College, Baghdad 10081, Iraq
| | | |
Collapse
|
19
|
Kotak J, Habler E, Brodt O, Shabtai A, Elovici Y. Information Security Threats and Working from Home Culture: Taxonomy, Risk Assessment and Solutions. Sensors (Basel) 2023; 23:4018. [PMID: 37112359 PMCID: PMC10142274 DOI: 10.3390/s23084018] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Figures] [Subscribe] [Scholar Register] [Received: 02/13/2023] [Revised: 04/09/2023] [Accepted: 04/13/2023] [Indexed: 06/19/2023]
Abstract
During the COVID-19 pandemic, most organizations were forced to implement a work-from-home policy, and in many cases, employees have not been expected to return to the office on a full-time basis. This sudden shift in the work culture was accompanied by an increase in the number of information security-related threats which organizations were unprepared for. The ability to effectively address these threats relies on a comprehensive threat analysis and risk assessment and the creation of relevant asset and threat taxonomies for the new work-from-home culture. In response to this need, we built the required taxonomies and performed a thorough analysis of the threats associated with this new work culture. In this paper, we present our taxonomies and the results of our analysis. We also examine the impact of each threat, indicate when it is expected to occur, describe the various prevention methods available commercially or proposed in academic research, and present specific use cases.
Collapse
|
20
|
Bilal M, Khan A, Jan S, Musa S, Ali S. Roman Urdu Hate Speech Detection Using Transformer-Based Model for Cyber Security Applications. Sensors (Basel) 2023; 23:3909. [PMID: 37112249 PMCID: PMC10143294 DOI: 10.3390/s23083909] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Figures] [Subscribe] [Scholar Register] [Received: 11/26/2022] [Revised: 01/17/2023] [Accepted: 01/19/2023] [Indexed: 06/19/2023]
Abstract
Social media applications, such as Twitter and Facebook, allow users to communicate and share their thoughts, status updates, opinions, photographs, and videos around the globe. Unfortunately, some people utilize these platforms to disseminate hate speech and abusive language. The growth of hate speech may result in hate crimes, cyber violence, and substantial harm to cyberspace, physical security, and social safety. As a result, hate speech detection is a critical issue for both cyberspace and physical society, necessitating the development of a robust application capable of detecting and combating it in real-time. Hate speech detection is a context-dependent problem that requires context-aware mechanisms for resolution. In this study, we employed a transformer-based model for Roman Urdu hate speech classification due to its ability to capture the text context. In addition, we developed the first Roman Urdu pre-trained BERT model, which we named BERT-RU. For this purpose, we exploited the capabilities of BERT by training it from scratch on the largest Roman Urdu dataset consisting of 173,714 text messages. Traditional and deep learning models were used as baseline models, including LSTM, BiLSTM, BiLSTM + Attention Layer, and CNN. We also investigated the concept of transfer learning by using pre-trained BERT embeddings in conjunction with deep learning models. The performance of each model was evaluated in terms of accuracy, precision, recall, and F-measure. The generalization of each model was evaluated on a cross-domain dataset. The experimental results revealed that the transformer-based model, when directly applied to the classification task of the Roman Urdu hate speech, outperformed traditional machine learning, deep learning models, and pre-trained transformer-based models in terms of accuracy, precision, recall, and F-measure, with scores of 96.70%, 97.25%, 96.74%, and 97.89%, respectively. In addition, the transformer-based model exhibited superior generalization on a cross-domain dataset.
Collapse
Affiliation(s)
- Muhammad Bilal
- Department of Computer Science, Islamia College Peshawar, Peshawar 25130, Pakistan
| | - Atif Khan
- Department of Computer Science, Islamia College Peshawar, Peshawar 25130, Pakistan
| | - Salman Jan
- Malaysian Institute of Information Technology, Universiti Kuala Lumpur, Kuala Lumpur 50250, Malaysia
- Department of Computer Science, Bacha Khan University Charsadda, Charsadda 24420, Pakistan
| | - Shahrulniza Musa
- Malaysian Institute of Information Technology, Universiti Kuala Lumpur, Kuala Lumpur 50250, Malaysia
| | - Shaukat Ali
- Department of Computer Science, Islamia College Peshawar, Peshawar 25130, Pakistan
| |
Collapse
|
21
|
Khan J, Lim DW, Kim YS. Intrusion Detection System CAN-Bus In-Vehicle Networks Based on the Statistical Characteristics of Attacks. Sensors (Basel) 2023; 23:3554. [PMID: 37050613 PMCID: PMC10098590 DOI: 10.3390/s23073554] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Figures] [Subscribe] [Scholar Register] [Received: 01/27/2023] [Revised: 03/15/2023] [Accepted: 03/23/2023] [Indexed: 06/19/2023]
Abstract
For in-vehicle network communication, the controller area network (CAN) broadcasts to all connected nodes without address validation. Therefore, it is highly vulnerable to all sorts of attack scenarios. This research proposes a novel intrusion detection system (IDS) for CAN to identify in-vehicle network anomalies. The statistical characteristics of attacks provide valuable information about the inherent intrusion patterns and behaviors. We employed two real-world attack scenarios from publicly available datasets to record a real-time response against intrusions with increased precision for in-vehicle network environments. Our proposed IDS can exploit malicious patterns by calculating thresholds and using the statistical properties of attacks, making attack detection more efficient. The optimized threshold value is calculated using brute-force optimization for various window sizes to minimize the total error. The reference values of normality require a few legitimate data frames for effective intrusion detection. The experimental findings validate that our suggested method can efficiently detect fuzzy, merge, and denial-of-service (DoS) attacks with low false-positive rates. It is also demonstrated that the total error decreases with an increasing attack rate for varying window sizes. The results indicate that our proposed IDS minimizes the misclassification rate and is hence better suited for in-vehicle networks.
Collapse
Affiliation(s)
- Junaid Khan
- Department of Information and Communication Engineering, Dongguk University, Seoul 04620, Republic of Korea
| | - Dae-Woon Lim
- Department of Information and Communication Engineering, Dongguk University, Seoul 04620, Republic of Korea
| | - Young-Sik Kim
- Department of Information and Communication Engineering, Chosun University, Gwangju 61452, Republic of Korea
| |
Collapse
|
22
|
Sivamohan S, Sridhar SS. An optimized model for network intrusion detection systems in industry 4.0 using XAI based Bi-LSTM framework. Neural Comput Appl 2023; 35:11459-11475. [PMID: 37155462 PMCID: PMC9999327 DOI: 10.1007/s00521-023-08319-0] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 05/23/2022] [Accepted: 01/16/2023] [Indexed: 03/12/2023]
Abstract
Industry 4.0 enable novel business cases, such as client-specific production, real-time monitoring of process condition and progress, independent decision making and remote maintenance, to name a few. However, they are more susceptible to a broad range of cyber threats because of limited resources and heterogeneous nature. Such risks cause financial and reputational damages for businesses, well as the theft of sensitive information. The higher level of diversity in industrial network prevents the attackers from such attacks. Therefore, to efficiently detect the intrusions, a novel intrusion detection system known as Bidirectional Long Short-Term Memory based Explainable Artificial Intelligence framework (BiLSTM-XAI) is developed. Initially, the preprocessing task using data cleaning and normalization is performed to enhance the data quality for detecting network intrusions. Subsequently, the significant features are selected from the databases using the Krill herd optimization (KHO) algorithm. The proposed BiLSTM-XAI approach provides better security and privacy inside the industry networking system by detecting intrusions very precisely. In this, we utilized SHAP and LIME explainable AI algorithms to improve interpretation of prediction results. The experimental setup is made by MATLAB 2016 software using Honeypot and NSL-KDD datasets as input. The analysis result reveals that the proposed method achieves superior performance in detecting intrusions with a classification accuracy of 98.2%.
Collapse
Affiliation(s)
- S. Sivamohan
- grid.412742.60000 0004 0635 5080Department of Computing Technologies, SRM Institute of Science & Technology, Kattankulathur, India
| | - S. S. Sridhar
- grid.412742.60000 0004 0635 5080Department of Computing Technologies, SRM Institute of Science & Technology, Kattankulathur, India
| |
Collapse
|
23
|
Naghshvarianjahromi M, Kumar S, Deen MJ. Natural Intelligence as the Brain of Intelligent Systems. Sensors (Basel) 2023; 23:2859. [PMID: 36905061 PMCID: PMC10007130 DOI: 10.3390/s23052859] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Figures] [Subscribe] [Scholar Register] [Received: 01/20/2023] [Revised: 02/22/2023] [Accepted: 03/01/2023] [Indexed: 06/18/2023]
Abstract
This article discusses the concept and applications of cognitive dynamic systems (CDS), which are a type of intelligent system inspired by the brain. There are two branches of CDS, one for linear and Gaussian environments (LGEs), such as cognitive radio and cognitive radar, and another one for non-Gaussian and nonlinear environments (NGNLEs), such as cyber processing in smart systems. Both branches use the same principle, called the perception action cycle (PAC), to make decisions. The focus of this review is on the applications of CDS, including cognitive radios, cognitive radar, cognitive control, cyber security, self-driving cars, and smart grids for LGEs. For NGNLEs, the article reviews the use of CDS in smart e-healthcare applications and software-defined optical communication systems (SDOCS), such as smart fiber optic links. The results of implementing CDS in these systems are very promising, with improved accuracy, performance, and lower computational costs. For example, CDS implementation in cognitive radars achieved a range estimation error that is as good as 0.47 (m) and a velocity estimation error of 3.30 (m/s), outperforming traditional active radars. Similarly, CDS implementation in smart fiber optic links improved the quality factor by 7 dB and the maximum achievable data rate by 43% compared to those of other mitigation techniques.
Collapse
|
24
|
Alabdulatif A, Thilakarathne NN, Lawal ZK, Fahim KE, Zakari RY. Internet of Nano-Things (IoNT): A Comprehensive Review from Architecture to Security and Privacy Challenges. Sensors (Basel) 2023; 23:2807. [PMID: 36905010 PMCID: PMC10007150 DOI: 10.3390/s23052807] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Figures] [Subscribe] [Scholar Register] [Received: 01/29/2023] [Revised: 02/07/2023] [Accepted: 02/20/2023] [Indexed: 06/18/2023]
Abstract
Throughout the course of human history, owing to innovations that shape the future of mankind, many technologies have been innovated and used towards making people's lives easier. Such technologies have made us who we are today and are involved with every domain that is vital for human survival such as agriculture, healthcare, and transportation. The Internet of Things (IoT) is one such technology that revolutionizes almost every aspect of our lives, found early in the 21st century with the advancement of Internet and Information Communication (ICT) Technologies. As of now, the IoT is served in almost every domain, as we mentioned above, allowing the connectivity of digital objects around us to the Internet, thus allowing the remote monitoring, control, and execution of actions based on underlying conditions, making such objects smarter. Over time, the IoT has progressively evolved and paved the way towards the Internet of Nano-Things (IoNT) which is the use of nano-size miniature IoT devices. The IoNT is a relatively new technology that has lately begun to establish a name for itself, and many are not aware of it, even in academia or research. The use of the IoT always comes at a cost, owing to the connectivity to the Internet and the inherently vulnerable nature of IoT, wherein it paves the way for hackers to compromise security and privacy. This is also applicable to the IoNT, which is the advanced and miniature version of IoT, and brings disastrous consequences if such security and privacy violations were to occur as no one can notice such issues pertaining to the IoNT, due to their miniaturized nature and novelty in the field. The lack of research in the IoNT domain has motivated us to synthesize this research, highlighting architectural elements in the IoNT ecosystem and security and privacy challenges pertaining to the IoNT. In this regard, in the study, we provide a comprehensive overview of the IoNT ecosystem and security and privacy pertaining to the IoNT as a reference to future research.
Collapse
Affiliation(s)
- Abdullah Alabdulatif
- Department of Computer, College of Sciences and Arts in Al-Rass, Qassim University, Al-Rass 720223, Saudi Arabia
| | | | | | - Khairul Eahsun Fahim
- Department of Computer Science, Federal University Dutse, Dutse 720102, Nigeria
- ZNRF University of Management Sciences, Dhaka 1212, Bangladesh
| | - Rufai Yusuf Zakari
- Department of Computer Science, Federal University Dutse, Dutse 720102, Nigeria
- Department of Computer Science, Skyline University Nigeria, Kano 700103, Nigeria
| |
Collapse
|
25
|
Ibrahim M, Elhafiz R. Security Analysis of Cyber-Physical Systems Using Reinforcement Learning. Sensors (Basel) 2023; 23:1634. [PMID: 36772676 PMCID: PMC9920547 DOI: 10.3390/s23031634] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Figures] [Subscribe] [Scholar Register] [Received: 12/15/2022] [Revised: 01/22/2023] [Accepted: 01/30/2023] [Indexed: 06/18/2023]
Abstract
Future engineering systems with new capabilities that far exceed today's levels of autonomy, functionality, usability, dependability, and cyber security are predicted to be designed and developed using cyber-physical systems (CPSs). In this paper, the security of CPSs is investigated through a case study of a smart grid by using a reinforcement learning (RL) augmented attack graph to effectively highlight the subsystems' weaknesses. In particular, the state action reward state action (SARSA) RL technique is used, in which the agent is taken to be the attacker, and an attack graph created for the system is built to resemble the environment. SARSA uses rewards and penalties to identify the worst-case attack scenario; with the most cumulative reward, an attacker may carry out the most harm to the system with the fewest available actions. Results showed successfully the worst-case attack scenario with a total reward of 26.9 and identified the most severely damaged subsystems.
Collapse
|
26
|
Akhtar MS, Feng T. Evaluation of Machine Learning Algorithms for Malware Detection. Sensors (Basel) 2023; 23:946. [PMID: 36679741 PMCID: PMC9862094 DOI: 10.3390/s23020946] [Citation(s) in RCA: 2] [Impact Index Per Article: 2.0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Figures] [Subscribe] [Scholar Register] [Received: 11/26/2022] [Revised: 01/03/2023] [Accepted: 01/06/2023] [Indexed: 06/17/2023]
Abstract
This research study mainly focused on the dynamic malware detection. Malware progressively changes, leading to the use of dynamic malware detection techniques in this research study. Each day brings a new influx of malicious software programmes that pose a threat to online safety by exploiting vulnerabilities in the Internet. The proliferation of harmful software has rendered manual heuristic examination of malware analysis ineffective. Automatic behaviour-based malware detection using machine learning algorithms is thus considered a game-changing innovation. Threats are automatically evaluated based on their behaviours in a simulated environment, and reports are created. These records are converted into sparse vector models for use in further machine learning efforts. Classifiers used to synthesise the results of this study included kNN, DT, RF, AdaBoost, SGD, extra trees and the Gaussian NB classifier. After reviewing the test and experimental data for all five classifiers, we found that the RF, SGD, extra trees and Gaussian NB Classifier all achieved a 100% accuracy in the test, as well as a perfect precision (1.00), a good recall (1.00), and a good f1-score (1.00). Therefore, it is reasonable to assume that the proof-of-concept employing autonomous behaviour-based malware analysis and machine learning methodologies might identify malware effectively and rapidly.
Collapse
Affiliation(s)
| | - Tao Feng
- Correspondence: (M.S.A.); (T.F.)
| |
Collapse
|
27
|
Balla A, Habaebi MH, Elsheikh EAA, Islam MR, Suliman FM. The Effect of Dataset Imbalance on the Performance of SCADA Intrusion Detection Systems. Sensors (Basel) 2023; 23:s23020758. [PMID: 36679553 PMCID: PMC9865947 DOI: 10.3390/s23020758] [Citation(s) in RCA: 2] [Impact Index Per Article: 2.0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Subscribe] [Scholar Register] [Received: 11/27/2022] [Revised: 12/23/2022] [Accepted: 01/03/2023] [Indexed: 05/14/2023]
Abstract
Integrating IoT devices in SCADA systems has provided efficient and improved data collection and transmission technologies. This enhancement comes with significant security challenges, exposing traditionally isolated systems to the public internet. Effective and highly reliable security devices, such as intrusion detection system (IDSs) and intrusion prevention systems (IPS), are critical. Countless studies used deep learning algorithms to design an efficient IDS; however, the fundamental issue of imbalanced datasets was not fully addressed. In our research, we examined the impact of data imbalance on developing an effective SCADA-based IDS. To investigate the impact of various data balancing techniques, we chose two unbalanced datasets, the Morris power dataset, and CICIDS2017 dataset, including random sampling, one-sided selection (OSS), near-miss, SMOTE, and ADASYN. For binary classification, convolutional neural networks were coupled with long short-term memory (CNN-LSTM). The system's effectiveness was determined by the confusion matrix, which includes evaluation metrics, such as accuracy, precision, detection rate, and F1-score. Four experiments on the two datasets demonstrate the impact of the data imbalance. This research aims to help security researchers in understanding imbalanced datasets and their impact on DL SCADA-IDS.
Collapse
Affiliation(s)
- Asaad Balla
- Department of Electrical and Computer Engineering, International Islamic University Malaysia, Kuala Lumpur 53100, Malaysia
| | - Mohamed Hadi Habaebi
- Department of Electrical and Computer Engineering, International Islamic University Malaysia, Kuala Lumpur 53100, Malaysia
- Correspondence:
| | - Elfatih A. A. Elsheikh
- Department of Electrical Engineering, College of Engineering, King Khalid University, Abha 61421, Saudi Arabia
| | - Md. Rafiqul Islam
- Department of Electrical and Computer Engineering, International Islamic University Malaysia, Kuala Lumpur 53100, Malaysia
| | - F. M. Suliman
- Department of Electrical Engineering, College of Engineering, King Khalid University, Abha 61421, Saudi Arabia
| |
Collapse
|
28
|
Khan IU, Aslam N, AlShedayed R, AlFrayan D, AlEssa R, AlShuail NA, Al Safwan A. A Proactive Attack Detection for Heating, Ventilation, and Air Conditioning (HVAC) System Using Explainable Extreme Gradient Boosting Model (XGBoost). Sensors (Basel) 2022; 22:9235. [PMID: 36501938 PMCID: PMC9740645 DOI: 10.3390/s22239235] [Citation(s) in RCA: 2] [Impact Index Per Article: 1.0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Figures] [Subscribe] [Scholar Register] [Received: 08/17/2022] [Revised: 11/07/2022] [Accepted: 11/07/2022] [Indexed: 06/17/2023]
Abstract
The advent of Industry 4.0 has revolutionized the life enormously. There is a growing trend towards the Internet of Things (IoT), which has made life easier on the one hand and improved services on the other. However, it also has vulnerabilities due to cyber security attacks. Therefore, there is a need for intelligent and reliable security systems that can proactively analyze the data generated by these devices and detect cybersecurity attacks. This study proposed a proactive interpretable prediction model using ML and explainable artificial intelligence (XAI) to detect different types of security attacks using the log data generated by heating, ventilation, and air conditioning (HVAC) attacks. Several ML algorithms were used, such as Decision Tree (DT), Random Forest (RF), Gradient Boosting (GB), Ada Boost (AB), Light Gradient Boosting (LGBM), Extreme Gradient Boosting (XGBoost), and CatBoost (CB). Furthermore, feature selection was performed using stepwise forward feature selection (FFS) technique. To alleviate the data imbalance, SMOTE and Tomeklink were used. In addition, SMOTE achieved the best results with selected features. Empirical experiments were conducted, and the results showed that the XGBoost classifier has produced the best result with 0.9999 Area Under the Curve (AUC), 0.9998, accuracy (ACC), 0.9996 Recall, 1.000 Precision and 0.9998 F1 Score got the best result. Additionally, XAI was applied to the best performing model to add the interpretability in the black-box model. Local and global explanations were generated using LIME and SHAP. The results of the proposed study have confirmed the effectiveness of ML for predicting the cyber security attacks on IoT devices and Industry 4.0.
Collapse
Affiliation(s)
- Irfan Ullah Khan
- SAUDI ARAMCO Cybersecurity Chair, Department of Computer Science, College of Computer Science and Information Technology, Imam Abdulrahman Bin Faisal University, P.O. Box 1982, Dammam 31441, Saudi Arabia
| | - Nida Aslam
- SAUDI ARAMCO Cybersecurity Chair, Department of Computer Science, College of Computer Science and Information Technology, Imam Abdulrahman Bin Faisal University, P.O. Box 1982, Dammam 31441, Saudi Arabia
| | - Rana AlShedayed
- Department of Computer Science, College of Computer Science and Information Technology, Imam Abdulrahman Bin Faisal University, P.O. Box 1982, Dammam 31441, Saudi Arabia
| | - Dina AlFrayan
- Department of Computer Science, College of Computer Science and Information Technology, Imam Abdulrahman Bin Faisal University, P.O. Box 1982, Dammam 31441, Saudi Arabia
| | - Rand AlEssa
- Department of Computer Science, College of Computer Science and Information Technology, Imam Abdulrahman Bin Faisal University, P.O. Box 1982, Dammam 31441, Saudi Arabia
| | - Noura A. AlShuail
- Department of Computer Science, College of Computer Science and Information Technology, Imam Abdulrahman Bin Faisal University, P.O. Box 1982, Dammam 31441, Saudi Arabia
| | - Alhawra Al Safwan
- Department of Computer Science, College of Computer Science and Information Technology, Imam Abdulrahman Bin Faisal University, P.O. Box 1982, Dammam 31441, Saudi Arabia
| |
Collapse
|
29
|
Ren R, Su J, Yang B, Lau RYK, Liu Q. Novel Low-Power Construction of Chaotic S-Box in Multilayer Perceptron. Entropy (Basel) 2022; 24:1552. [PMID: 36359642 PMCID: PMC9688956 DOI: 10.3390/e24111552] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Figures] [Subscribe] [Scholar Register] [Received: 09/30/2022] [Revised: 10/24/2022] [Accepted: 10/26/2022] [Indexed: 06/16/2023]
Abstract
Multilayer perceptron is composed of massive distributed neural processors interconnected. The nonlinear dynamic components in these processors expand the input data into a linear combination of synapses. However, the nonlinear mapping ability of original multilayer perceptron is limited when processing high complexity information. The introduction of more powerful nonlinear components (e.g., S-box) to multilayer perceptron can not only reinforce its information processing ability, but also enhance the overall security. Therefore, we combine the methods of cryptography and information theory to design a low-power chaotic S-box (LPC S-box) with entropy coding in the hidden layer to make the multilayer perceptron process information more efficiently and safely. In the performance test, our S-box architecture has good properties, which can effectively resist main known attacks (e.g., Berlekamp Massey-attack and Ronjom-Helleseth attack). This interdisciplinary work can attract more attention from academia and industry to the security of multilayer perceptron.
Collapse
Affiliation(s)
- Runtao Ren
- School of Modern Post, Xi’an University of Posts and Telecommunications, Xi’an 710061, China
- School of Management and Economics, Xi’an University of Posts and Telecommunications, Xi’an 710061, China
- Department of Information Systems, City University of Hong Kong, Kowloon Tong, Hong Kong, China
| | - Jinqi Su
- School of Management and Economics, Xi’an University of Posts and Telecommunications, Xi’an 710061, China
| | - Ban Yang
- School of Cyberspace Security, Xi’an University of Posts and Telecommunications, Xi’an 710121, China
| | - Raymond Y. K. Lau
- Department of Information Systems, City University of Hong Kong, Kowloon Tong, Hong Kong, China
| | - Qilei Liu
- School of Management and Economics, Xi’an University of Posts and Telecommunications, Xi’an 710061, China
| |
Collapse
|
30
|
Liu X, Ahmad SF, Anser MK, Ke J, Irshad M, Ul-Haq J, Abbas S. Cyber security threats: A never-ending challenge for e-commerce. Front Psychol 2022; 13:927398. [PMID: 36337532 PMCID: PMC9629147 DOI: 10.3389/fpsyg.2022.927398] [Citation(s) in RCA: 2] [Impact Index Per Article: 1.0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Grants] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 04/27/2022] [Accepted: 07/20/2022] [Indexed: 08/01/2023] Open
Abstract
This study explores the challenge of cyber security threats that e-commerce technology and business are facing. Technology applications for e-commerce are attracting attention from both academia and industry. It has made what was not possible before for the business community and consumers. But it did not come all alone but has brought some challenges, and cyber security challenge is one of them. Cyber security concerns have many forms, but this study focuses on social engineering, denial of services, malware, and attacks on personal data. Firms worldwide spend a lot on addressing cybersecurity issues, which grow each year. However, it seems complicated to overcome the challenge because the attackers continuously search for new vulnerabilities in humans, organizations, and technology. This paper is based on the conceptual analysis of social engineering, denial of services, malware, and attacks on personal data. We argue that implementing modern technology for e-commerce and cybersecurity issues is a never-ending game of cat and mouse. To reduce risks, reliable technology is needed, training of employees and consumer is necessary for using the technology, and a strong policy and regulation is needed at the firm and governmental level.
Collapse
Affiliation(s)
- Xiang Liu
- School of Economics and Management, Fuzhou University of International Studies and Trade, Fuzhou, China
| | - Sayed Fayaz Ahmad
- Department of Engineering Management, Institute of Business Management, Karachi, Pakistan
| | - Muhammad Khalid Anser
- Faculty of Business and Management Sciences, Superior University, Lahore, Pakistan
- School of Public Administration, Xi’an University of Architecture and Technology, Xi’an, China
| | - Jingying Ke
- School of Business, Xiamen Institute of Technology, Xiamen, China
| | - Muhammad Irshad
- Department of Management Sciences, University of Gwadar, Gwadar, Pakistan
| | - Jabbar Ul-Haq
- Department of Economics, University of Sargodha, Sargodha, Pakistan
| | - Shujaat Abbas
- Graduate School of Economics and Management, Ural Federal University, Yekaterinburg, Russia
| |
Collapse
|
31
|
Rathore RS, Hewage C, Kaiwartya O, Lloret J. In-Vehicle Communication Cyber Security: Challenges and Solutions. Sensors (Basel) 2022; 22:s22176679. [PMID: 36081138 PMCID: PMC9460802 DOI: 10.3390/s22176679] [Citation(s) in RCA: 4] [Impact Index Per Article: 2.0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Subscribe] [Scholar Register] [Received: 07/18/2022] [Revised: 08/28/2022] [Accepted: 08/31/2022] [Indexed: 06/01/2023]
Abstract
In-vehicle communication has become an integral part of today's driving environment considering the growing add-ons of sensor-centric communication and computing devices inside a vehicle for a range of purposes including vehicle monitoring, physical wiring reduction, and driving efficiency. However, related literature on cyber security for in-vehicle communication systems is still lacking potential dedicated solutions for in-vehicle cyber risks. Existing solutions are mainly relying on protocol-specific security techniques and lacking an overall security framework for in-vehicle communication. In this context, this paper critically explores the literature on cyber security for in-vehicle communication focusing on technical architecture, methodologies, challenges, and possible solutions. In-vehicle communication network architecture is presented considering key components, interfaces, and related technologies. The protocols for in-vehicle communication have been classified based on their characteristics, and usage type. Security solutions for in-vehicle communication have been critically reviewed considering machine learning, cryptography, and port-centric techniques. A multi-layer secure framework is also developed as a protocol and use case-independent in-vehicle communication solution. Finally, open challenges and future dimensions of research for in-vehicle communication cyber security are highlighted as observations and recommendations.
Collapse
Affiliation(s)
- Rajkumar Singh Rathore
- Department of Computer Science, Cardiff School of Technologies, Cardiff Metropolitan University, Cardiff Llandaff Campus, Cardiff CF5 2YB, UK
| | - Chaminda Hewage
- Department of Computer Science, Cardiff School of Technologies, Cardiff Metropolitan University, Cardiff Llandaff Campus, Cardiff CF5 2YB, UK
| | - Omprakash Kaiwartya
- Department of Computer Science, Nottingham Trent University, Clifton Campus, Nottingham NG11 8NS, UK
| | - Jaime Lloret
- Department of Communications, Universitat Politècnica de València, 46022 Valencia, Spain
| |
Collapse
|
32
|
Awad M, Fraihat S, Salameh K, Al Redhaei A. Examining the Suitability of NetFlow Features in Detecting IoT Network Intrusions. Sensors (Basel) 2022; 22:6164. [PMID: 36015924 PMCID: PMC9412997 DOI: 10.3390/s22166164] [Citation(s) in RCA: 2] [Impact Index Per Article: 1.0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Figures] [Subscribe] [Scholar Register] [Received: 06/29/2022] [Revised: 08/08/2022] [Accepted: 08/16/2022] [Indexed: 06/15/2023]
Abstract
The past few years have witnessed a substantial increase in cyberattacks on Internet of Things (IoT) devices and their networks. Such attacks pose a significant threat to organizational security and user privacy. Utilizing Machine Learning (ML) in Intrusion Detection Systems (NIDS) has proven advantageous in countering novel zero-day attacks. However, the performance of such systems relies on several factors, one of which is prediction time. Processing speed in anomaly-based NIDS depends on a few elements, including the number of features fed to the ML model. NetFlow, a networking industry-standard protocol, offers many features that can be used to predict malicious attacks accurately. This paper examines NetFlow features and assesses their suitability in classifying network traffic. Our paper presents a model that detects attacks with (98-100%) accuracy using as few as 13 features. This study was conducted using a large dataset of over 16 million records released in 2021.
Collapse
Affiliation(s)
- Mohammed Awad
- Department of Computer Science and Engineering, American University of Ras Al Khaimah, Ras Al Khaimah P.O. Box 72603, United Arab Emirates
| | - Salam Fraihat
- Artificial Intelligence Research Center (AIRC), College of Engineering and Information Technology, Ajman University, Ajman P.O. Box 346, United Arab Emirates
| | - Khouloud Salameh
- Department of Computer Science and Engineering, American University of Ras Al Khaimah, Ras Al Khaimah P.O. Box 72603, United Arab Emirates
| | - Aneesa Al Redhaei
- Department of Computer Science and Engineering, American University of Ras Al Khaimah, Ras Al Khaimah P.O. Box 72603, United Arab Emirates
| |
Collapse
|
33
|
Ullah F, Ullah S, Naeem MR, Mostarda L, Rho S, Cheng X. Cyber-Threat Detection System Using a Hybrid Approach of Transfer Learning and Multi-Model Image Representation. Sensors (Basel) 2022; 22:5883. [PMID: 35957440 PMCID: PMC9371416 DOI: 10.3390/s22155883] [Citation(s) in RCA: 2] [Impact Index Per Article: 1.0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Figures] [Subscribe] [Scholar Register] [Received: 06/14/2022] [Revised: 07/20/2022] [Accepted: 08/04/2022] [Indexed: 06/15/2023]
Abstract
Currently, Android apps are easily targeted by malicious network traffic because of their constant network access. These threats have the potential to steal vital information and disrupt the commerce, social system, and banking markets. In this paper, we present a malware detection system based on word2vec-based transfer learning and multi-model image representation. The proposed method combines the textual and texture features of network traffic to leverage the advantages of both types. Initially, the transfer learning method is used to extract trained vocab from network traffic. Then, the malware-to-image algorithm visualizes network bytes for visual analysis of data traffic. Next, the texture features are extracted from malware images using a combination of scale-invariant feature transforms (SIFTs) and oriented fast and rotated brief transforms (ORBs). Moreover, a convolutional neural network (CNN) is designed to extract deep features from a set of trained vocab and texture features. Finally, an ensemble model is designed to classify and detect malware based on the combination of textual and texture features. The proposed method is tested using two standard datasets, CIC-AAGM2017 and CICMalDroid 2020, which comprise a total of 10.2K malware and 3.2K benign samples. Furthermore, an explainable AI experiment is performed to interpret the proposed approach.
Collapse
Affiliation(s)
- Farhan Ullah
- School of Software, Northwestern Polytechnical University, 127 West Youyi Road, Beilin District, Xi’an 710072, China
| | - Shamsher Ullah
- School of Software, Northwestern Polytechnical University, 127 West Youyi Road, Beilin District, Xi’an 710072, China
| | - Muhammad Rashid Naeem
- School of Electronic Information and Artificial Intelligence, Leshan Normal University, Leshan 614000, China
| | - Leonardo Mostarda
- Computer Science Department, Camerino University, 62032 Camerino, Italy
| | - Seungmin Rho
- Department of Industrial Security, Chung-Ang University, Seoul 06974, Korea
| | - Xiaochun Cheng
- Department of Computer Science, Middlesex University, London NW4 4BT, UK
| |
Collapse
|
34
|
Nerini M, Favarelli E, Chiani M. Augmented PIN Authentication through Behavioral Biometrics. Sensors (Basel) 2022; 22:4857. [PMID: 35808354 PMCID: PMC9269565 DOI: 10.3390/s22134857] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Figures] [Subscribe] [Scholar Register] [Received: 05/28/2022] [Revised: 06/24/2022] [Accepted: 06/24/2022] [Indexed: 06/15/2023]
Abstract
Personal Identification Numbers (PINs) are widely used today for user authentication on mobile devices. However, this authentication method can be subject to several attacks such as phishing, smudge, and side-channel. In this paper, we increase the security of PIN-based authentication by considering behavioral biometrics, specifically the smartphone movements typical of each user. To this end, we propose a method based on anomaly detection that is capable of recognizing whether the PIN is inserted by the smartphone owner or by an attacker. This decision is taken according to the smartphone movements, which are recorded during the PIN insertion through the built-in motion sensors. For each digit in the PIN, an anomaly score is computed using Machine Learning (ML) techniques. Subsequently, these scores are combined to obtain the final decision metric. Numerical results show that our authentication method can achieve an Equal Error Rate (EER) as low as 5% in the case of 4-digit PINs, and 4% in the case of 6-digit PINs. Considering a reduced training set, composed of solely 50 samples, the EER only slightly worsens, reaching 6%. The practicality of our approach is further confirmed by the low processing time required, on the order of fractions of milliseconds.
Collapse
Affiliation(s)
- Matteo Nerini
- Department of Electrical and Electronic Engineering, Imperial College London, London SW7 2AZ, UK;
| | - Elia Favarelli
- Department of Electrical, Electronic and Information Engineering (DEI), University of Bologna, 40136 Bologna, Italy;
| | - Marco Chiani
- Department of Electrical, Electronic and Information Engineering (DEI), University of Bologna, 40136 Bologna, Italy;
| |
Collapse
|
35
|
Kumar R, Subbiah G. Zero-Day Malware Detection and Effective Malware Analysis Using Shapley Ensemble Boosting and Bagging Approach. Sensors (Basel) 2022; 22:2798. [PMID: 35408413 PMCID: PMC9002855 DOI: 10.3390/s22072798] [Citation(s) in RCA: 3] [Impact Index Per Article: 1.5] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Figures] [Subscribe] [Scholar Register] [Received: 02/15/2022] [Revised: 03/28/2022] [Accepted: 03/28/2022] [Indexed: 06/14/2023]
Abstract
Software products from all vendors have vulnerabilities that can cause a security concern. Malware is used as a prime exploitation tool to exploit these vulnerabilities. Machine learning (ML) methods are efficient in detecting malware and are state-of-art. The effectiveness of ML models can be augmented by reducing false negatives and false positives. In this paper, the performance of bagging and boosting machine learning models is enhanced by reducing misclassification. Shapley values of features are a true representation of the amount of contribution of features and help detect top features for any prediction by the ML model. Shapley values are transformed to probability scale to correlate with a prediction value of ML model and to detect top features for any prediction by a trained ML model. The trend of top features derived from false negative and false positive predictions by a trained ML model can be used for making inductive rules. In this work, the best performing ML model in bagging and boosting is determined by the accuracy and confusion matrix on three malware datasets from three different periods. The best performing ML model is used to make effective inductive rules using waterfall plots based on the probability scale of features. This work helps improve cyber security scenarios by effective detection of false-negative zero-day malware.
Collapse
|
36
|
Kim YJ, Park CH, Yoon M. FILM: Filtering and Machine Learning for Malware Detection in Edge Computing. Sensors (Basel) 2022; 22:2150. [PMID: 35336322 DOI: 10.3390/s22062150] [Citation(s) in RCA: 1] [Impact Index Per Article: 0.5] [Reference Citation Analysis] [What about the content of this article? (0)] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 02/04/2022] [Revised: 03/07/2022] [Accepted: 03/08/2022] [Indexed: 01/27/2023]
Abstract
Machine learning with static-analysis features extracted from malware files has been adopted to detect malware variants, which is desirable for resource-constrained edge computing and Internet-of-Things devices with sensors; however, this learned model suffers from a misclassification problem because some malicious files have almost the same static-analysis features as benign ones. In this paper, we present a new detection method for edge computing that can utilize existing machine learning models to classify a suspicious file into either benign, malicious, or unpredictable categories while existing models make only a binary decision of either benign or malicious. The new method can utilize any existing deep learning models developed for malware detection after appending a simple sigmoid function to the models. When interpreting the sigmoid value during the testing phase, the new method determines if the model is confident about its prediction; therefore, the new method can take only the prediction of high accuracy, which reduces incorrect predictions on ambiguous static-analysis features. Through experiments on real malware datasets, we confirm that the new scheme significantly enhances the accuracy, precision, and recall of existing deep learning models. For example, the accuracy is enhanced from 0.96 to 0.99, while some files are classified as unpredictable that can be entrusted to the cloud for further dynamic or human analysis.
Collapse
|
37
|
Liu G, Su X, Hong F, Zhong X, Liang Z, Wu X, Huang Z. A Novel Epidemic Model Base on Pulse Charging in Wireless Rechargeable Sensor Networks. Entropy (Basel) 2022; 24:302. [PMID: 35205596 DOI: 10.3390/e24020302] [Citation(s) in RCA: 2] [Impact Index Per Article: 1.0] [Reference Citation Analysis] [What about the content of this article? (0)] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 01/07/2022] [Revised: 02/14/2022] [Accepted: 02/14/2022] [Indexed: 02/05/2023]
Abstract
As wireless rechargeable sensor networks (WRSNs) are gradually being widely accepted and recognized, the security issues of WRSNs have also become the focus of research discussion. In the existing WRSNs research, few people introduced the idea of pulse charging. Taking into account the utilization rate of nodes’ energy, this paper proposes a novel pulse infectious disease model (SIALS-P), which is composed of susceptible, infected, anti-malware and low-energy susceptible states under pulse charging, to deal with the security issues of WRSNs. In each periodic pulse point, some parts of low energy states (LS nodes, LI nodes) will be converted into the normal energy states (S nodes, I nodes) to control the number of susceptible nodes and infected nodes. This paper first analyzes the local stability of the SIALS-P model by Floquet theory. Then, a suitable comparison system is given by comparing theorem to analyze the stability of malware-free T-period solution and the persistence of malware transmission. Additionally, the optimal control of the proposed model is analyzed. Finally, the comparative simulation analysis regarding the proposed model, the non-charging model and the continuous charging model is given, and the effects of parameters on the basic reproduction number of the three models are shown. Meanwhile, the sensitivity of each parameter and the optimal control theory is further verified.
Collapse
|
38
|
Kotenko I, Izrailov K, Buinevich M. Static Analysis of Information Systems for IoT Cyber Security: A Survey of Machine Learning Approaches. Sensors (Basel) 2022; 22:s22041335. [PMID: 35214237 PMCID: PMC8963110 DOI: 10.3390/s22041335] [Citation(s) in RCA: 6] [Impact Index Per Article: 3.0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 12/19/2021] [Revised: 01/29/2022] [Accepted: 02/05/2022] [Indexed: 02/01/2023]
Abstract
Ensuring security for modern IoT systems requires the use of complex methods to analyze their software. One of the most in-demand methods that has repeatedly been proven to be effective is static analysis. However, the progressive complication of the connections in IoT systems, the increase in their scale, and the heterogeneity of elements requires the automation and intellectualization of manual experts’ work. A hypothesis to this end is posed that assumes the applicability of machine-learning solutions for IoT system static analysis. A scheme of this research, which is aimed at confirming the hypothesis and reflecting the ontology of the study, is given. The main contributions to the work are as follows: systematization of static analysis stages for IoT systems and decisions of machine-learning problems in the form of formalized models; review of the entire subject area publications with analysis of the results; confirmation of the machine-learning instrumentaries applicability for each static analysis stage; and the proposal of an intelligent framework concept for the static analysis of IoT systems. The novelty of the results obtained is a consideration of the entire process of static analysis (from the beginning of IoT system research to the final delivery of the results), consideration of each stage from the entirely given set of machine-learning solutions perspective, as well as formalization of the stages and solutions in the form of “Form and Content” data transformations.
Collapse
Affiliation(s)
- Igor Kotenko
- Computer Security Problems Laboratory, St. Petersburg Federal Research Center of the Russian Academy of Sciences, 199178 Saint-Petersburg, Russia
- Correspondence:
| | - Konstantin Izrailov
- Department of Secure Communication Systems, The Bonch-Bruevich Saint-Petersburg State University of Telecommunications, 193232 Saint-Petersburg, Russia;
| | - Mikhail Buinevich
- Department of Applied Mathematics and Information Technologies, Saint-Petersburg University of State Fire Service of EMERCOM of Russia, 196105 Saint-Petersburg, Russia;
| |
Collapse
|
39
|
Monoscalco L, Simeoni R, Maccioni G, Giansanti D. Information Security in Medical Robotics: A Survey on the Level of Training, Awareness and Use of the Physiotherapist. Healthcare (Basel) 2022; 10:159. [PMID: 35052322 PMCID: PMC8775601 DOI: 10.3390/healthcare10010159] [Citation(s) in RCA: 1] [Impact Index Per Article: 0.5] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 11/03/2021] [Revised: 01/03/2022] [Accepted: 01/06/2022] [Indexed: 01/27/2023] Open
Abstract
Cybersecurity is becoming an increasingly important aspect to investigate for the adoption and use of care robots, in term of both patients' safety, and the availability, integrity and privacy of their data. This study focuses on opinions about cybersecurity relevance and related skills for physiotherapists involved in rehabilitation and assistance thanks to the aid of robotics. The goal was to investigate the awareness among insiders about some facets of cybersecurity concerning human-robot interactions. We designed an electronic questionnaire and submitted it to a relevant sample of physiotherapists. The questionnaire allowed us to collect data related to: (i) use of robots and its relationship with cybersecurity in the context of physiotherapy; (ii) training in cybersecurity and robotics for the insiders; (iii) insiders' self-assessment on cybersecurity and robotics in some usage scenarios, and (iv) their experiences of cyber-attacks in this area and proposals for improvement. Besides contributing some specific statistics, the study highlights the importance of both acculturation processes in this field and monitoring initiatives based on surveys. The study exposes direct suggestions for continuation of these types of investigations in the context of scientific societies operating in the rehabilitation and assistance robotics. The study also shows the need to stimulate similar initiatives in other sectors of medical robotics (robotic surgery, care and socially assistive robots, rehabilitation systems, training for health and care workers) involving insiders.
Collapse
Affiliation(s)
- Lisa Monoscalco
- Faculty of Engineering, Tor Vergata University, Via Cracovia, 00133 Rome, Italy;
| | - Rossella Simeoni
- Facoltà di Medicina e Chirurgia, Università Cattolica del Sacro Cuore, Largo Francesco Vito, 1, 00168 Rome, Italy;
| | | | | |
Collapse
|
40
|
Rocha-Jácome C, Carvajal RG, Chavero FM, Guevara-Cabezas E, Hidalgo Fort E. Industry 4.0: A Proposal of Paradigm Organization Schemes from a Systematic Literature Review. Sensors (Basel) 2021; 22:66. [PMID: 35009609 PMCID: PMC8747394 DOI: 10.3390/s22010066] [Citation(s) in RCA: 1] [Impact Index Per Article: 0.3] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Figures] [Subscribe] [Scholar Register] [Received: 11/03/2021] [Revised: 12/18/2021] [Accepted: 12/21/2021] [Indexed: 06/14/2023]
Abstract
Currently, the concept of Industry 4.0 is well known; however, it is extremely complex, as it is constantly evolving and innovating. It includes the participation of many disciplines and areas of knowledge as well as the integration of many technologies, both mature and emerging, but working in collaboration and relying on their study and implementation under the novel criteria of Cyber-Physical Systems. This study starts with an exhaustive search for updated scientific information of which a bibliometric analysis is carried out with results presented in different tables and graphs. Subsequently, based on the qualitative analysis of the references, we present two proposals for the schematic analysis of Industry 4.0 that will help academia and companies to support digital transformation studies. The results will allow us to perform a simple alternative analysis of Industry 4.0 to understand the functions and scope of the integrating technologies to achieve a better collaboration of each area of knowledge and each professional, considering the potential and limitations of each one, supporting the planning of an appropriate strategy, especially in the management of human resources, for the successful execution of the digital transformation of the industry.
Collapse
|
41
|
Giansanti D, Gulino RA. The Cybersecurity and the Care Robots: A Viewpoint on the Open Problems and the Perspectives. Healthcare (Basel) 2021; 9:healthcare9121653. [PMID: 34946379 PMCID: PMC8702125 DOI: 10.3390/healthcare9121653] [Citation(s) in RCA: 1] [Impact Index Per Article: 0.3] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 11/05/2021] [Revised: 11/23/2021] [Accepted: 11/24/2021] [Indexed: 11/16/2022] Open
Abstract
Care robots represent an opportunity for the health domain. The use of these robots has important implications. They can be used in surgery, rehabilitation, assistance, therapy, and other medical fields. Therefore, care robots (CR)s, have both important physical and psychological implications during their use. Furthermore, these devices, meet important data in clinical applications. These data must be protected. Therefore, cybersecurity (CS) has become a crucial characteristic that concerns all the involved actors. The study investigated the collocation of CRs in the context of CS studies in the health domain. Problems and peculiarities of these devices, with reference to the CS, were faced, investigating in different scientific databases. Highlights, ranging also from ethics implications up to the regulatory legal framework (ensuring safety and cybersecurity) have been reported. Models and cyber-attacks applicable on the CRs have been identified.
Collapse
Affiliation(s)
- Daniele Giansanti
- Centre Tisp, Istituto Superiore di Sanità, 00161 Rome, Italy
- Correspondence: ; Tel.: +39-06-49902701
| | - Rosario Alfio Gulino
- Faculty of Engineering, Tor Vergata University, Via Cracovia, 00133 Roma, Italy;
| |
Collapse
|
42
|
Vida Z, Vissi B, Palicz T, Lám J. Smart & Safe – digitization strategy from a patient safety perspective. Orv Hetil 2021; 162:1876-1884. [PMID: 34801981 DOI: 10.1556/650.2021.32289] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 04/21/2021] [Accepted: 05/16/2021] [Indexed: 11/19/2022]
Abstract
Összefoglaló. Bevezetés és célkitűzés: Az egészségügyi intézmények digitalizációs fejlesztése kapcsán célszerű egy digitális szervezeti stratégia megalkotása a betegbiztonsági és kiberbiztonsági szempontok figyelembevételével. E tanulmány célja az egészségügyi intézményi digitalizáció betegbiztonságra gyakorolt hatásainak átfogó szakirodalmi megismerése és a nemzetközi szakirodalmi közlések tapasztalatai alapján összeállított, a hazai gyakorlatban használható intézményi stratégiai javaslat megalkotása és bemutatása. Módszer: A szerzők irodalomkutatást végeztek, angol és német nyelvű közleményeket kerestek több adatbázisban. A közlemények tartalmát előre meghatározott szempontok szerint gyűjtötték. Eredmények: A szerzők 39 közleményt értékeltek, 12 közleményt részletesen mutatnak be. A digitalizációs fejlesztések gyakorlati tapasztalatait és veszélyeit tárgyalják. Az ajánlások főként stratégiai és kiberbiztonsági szempontokat, oktatás- és kompetenciafejlesztést javasolnak. Következtetés: A szerzők hazai egészségügyi intézmények számára javasolják betegbiztonsági és kiberbiztonsági szempontokat figyelembe vevő digitalizációs fejlesztési stratégia megalkotását, amellyel a betegellátással foglalkozók szakmai szempontjainak érvényesülését segítik. Orv Hetil. 2021; 162(47): 1876-1884. SUMMARY INTRODUCTION AND OBJECTIVE In connection with the digitalisation development of healthcare institutions, it is desirable to create a digital organizational strategy, which takes into account patient safety and cyber security aspects. The aim of this study is to familiarize doctors with the comprehensive study of the effects of the digitalisation of healthcare institutions on patient safety and to create and present an institutional strategic proposal, which has been compiled based on the experience of international literature publications. METHOD A study of the relevant literature was conducted, searching through publications in English and German in several databases. The content of the publications was collected according to pre-defined criteria. RESULTS 39 articles were evaluated out of which 12 are presented in detail. The practical experiences and risks of the digitalisation developments are discussed. The recommendations principally suggest strategic and cyber security aspects, education and competency improvement. CONCLUSION The creation of a digitalisation development strategy, which considers patient safety and cyber security aspects, should be considered also in Hungarian healthcare institutions. This strategy would also help the justification and realization of the professional priorities of healthcare providers. Orv Hetil. 2021; 162(47): 1876-1884.
Collapse
Affiliation(s)
- Zoltán Vida
- 1 Budapesti Szent Ferenc Kórház, Budapest, Széher út 73., 1021.,2 Semmelweis Egyetem, Egészségügyi Közszolgálati Kar, Egészségügyi Menedzserképző Központ, Budapest
| | - Borbála Vissi
- 3 Magyarországi Református Egyház Bethesda Gyermekkórháza, Budapest
| | - Tamás Palicz
- 2 Semmelweis Egyetem, Egészségügyi Közszolgálati Kar, Egészségügyi Menedzserképző Központ, Budapest
| | - Judit Lám
- 2 Semmelweis Egyetem, Egészségügyi Közszolgálati Kar, Egészségügyi Menedzserképző Központ, Budapest.,4 NEVES Egyesület a Betegbiztonságért, Budapest
| |
Collapse
|
43
|
Xie Y, Guo Y, Yang S, Zhou J, Chen X. Security-Related Hardware Cost Optimization for CAN FD-Based Automotive Cyber-Physical Systems. Sensors (Basel) 2021; 21:s21206807. [PMID: 34696020 PMCID: PMC8537982 DOI: 10.3390/s21206807] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 09/02/2021] [Revised: 10/06/2021] [Accepted: 10/11/2021] [Indexed: 11/16/2022]
Abstract
The introduction of various networks into automotive cyber-physical systems (ACPS) brings great challenges on security protection of ACPS functions, the auto industry recommends to adopt the hardware security module (HSM)-based multicore ECU to secure in-vehicle networks while meeting the delay constraint. However, this approach incurs significant hardware cost. Consequently, this paper aims to reduce security enhancing-related hardware cost by proposing two efficient design space exploration (DSE) algorithms, namely, stepwise decreasing-based heuristic algorithm (SDH) and interference balancing-based heuristic algorithm (IBH), which explore the task assignment, task scheduling, and message scheduling to minimize the number of required HSMs. Experiments on both synthetical and real data sets show that the proposed SDH and IBH are superior than state-of-the-art algorithm, and the advantage of SDH and IBH becomes more obvious as the increase about the percentage of security-critical tasks. For synthetic data sets, the hardware cost can be reduced by 61.4% and 45.6% averagely for IBH and SDH, respectively; for real data sets, the hardware cost can be reduced by 64.3% and 54.4% on average for IBH and SDH, respectively. Furthermore, IBH is better than SDH in most cases, and the runtime of IBH is two or three orders of magnitude smaller than SDH and state-of-the-art algorithm.
Collapse
Affiliation(s)
- Yong Xie
- School of Computer Science, Nanjing University of Posts and Telecommunications, Nanjing 210023, China; (J.Z.); (X.C.)
- Correspondence:
| | - Yili Guo
- School of Computer and Information Engineering, Xiamen University of Technology, Xiamen 361024, China; (Y.G.); (S.Y.)
| | - Sheng Yang
- School of Computer and Information Engineering, Xiamen University of Technology, Xiamen 361024, China; (Y.G.); (S.Y.)
| | - Jian Zhou
- School of Computer Science, Nanjing University of Posts and Telecommunications, Nanjing 210023, China; (J.Z.); (X.C.)
| | - Xiaobai Chen
- School of Computer Science, Nanjing University of Posts and Telecommunications, Nanjing 210023, China; (J.Z.); (X.C.)
| |
Collapse
|
44
|
Mohammed GDF, Chandran P, Mansoor Z, Mohaddis M. Locked the Car, Why Not the Computer: A Qualitative and Quantitative Study on Data Safety Compliance. Cureus 2021; 13:e17513. [PMID: 34595080 PMCID: PMC8473945 DOI: 10.7759/cureus.17513] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Accepted: 08/27/2021] [Indexed: 11/07/2022] Open
Abstract
Information technology has become an integral part of health care in the United Kingdom National Health Service (NHS). All health care professionals are required to have a certain level of cyber ethics and knowledge of computers. This is assured by regular mandatory training. The government of the United Kingdom has charted out a course to strengthen cyber security and prevent any crises like Wannacry. Simple things like leaving a computer unlocked can pose a potential threat to the cyber security of the whole NHS. These cannot be addressed with money alone, as they involve complex interactions of human factors. Such seemingly simple non-compliance results often in harm to the patient or breach of confidentiality. We tried to find out the compliance among junior doctors to the Trust Information Technology (IT) Safe Usage Policy. We made interventions and interviewed junior doctors to find out the reasons for non-compliance. We re-audited in order to see if our interventions helped. We also audited compliance in another Trust independently, which showed that this problem is not specific to a particular trust. Here we suggest the changes that all Trusts can make and follow our model to audit their compliance.
Collapse
Affiliation(s)
| | - Prakash Chandran
- Trauma and Orthopaedics, Warrington and Halton NHS Foundation Trust, Warrington, GBR
| | - Zaina Mansoor
- Anaesthesia, Gandhi Hospital and Medical College, Hyderabad, IND
| | | |
Collapse
|
45
|
Kim K, Shin Y, Lee J, Lee K. Automatically Attributing Mobile Threat Actors by Vectorized ATT&CK Matrix and Paired Indicator. Sensors (Basel) 2021; 21:6522. [PMID: 34640841 DOI: 10.3390/s21196522] [Citation(s) in RCA: 6] [Impact Index Per Article: 2.0] [Reference Citation Analysis] [What about the content of this article? (0)] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 09/01/2021] [Revised: 09/23/2021] [Accepted: 09/27/2021] [Indexed: 11/17/2022]
Abstract
During the past decade, mobile attacks have been established as an indispensable attack vector adopted by Advanced Persistent Threat (APT) groups. The ubiquitous nature of the smartphone has allowed users to use mobile payments and store private or sensitive data (i.e., login credentials). Consequently, various APT groups have focused on exploiting these vulnerabilities. Past studies have proposed automated classification and detection methods, while few studies have covered the cyber attribution. Our study introduces an automated system that focuses on cyber attribution. Adopting MITRE's ATT&CK for mobile, we performed our study using the tactic, technique, and procedures (TTPs). By comparing the indicator of compromise (IoC), we were able to help reduce the false flags during our experiment. Moreover, we examined 12 threat actors and 120 malware using the automated method for detecting cyber attribution.
Collapse
|
46
|
Henn F, Zowalla R, Mayer A. The Security State of the German Health Web: An Exploratory Study. Stud Health Technol Inform 2021; 283:180-185. [PMID: 34545834 DOI: 10.3233/shti210558] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/15/2022]
Abstract
The internet has become an important resource for health information and for interactions with healthcare providers. However, information of all types can go through many servers and networks before reaching its intended destination and any of these has the potential to intercept or even manipulate the exchanged information if data's transfer is not adequately protected. As trust is a fundamental concept in healthcare relationships, it is crucial to offer a secure medical website to maintain the same level of trust as provided in a face-to-face meeting. This study provides a first analysis of the SSL/TLS security of and the security headers used within the health-related web limited to web pages in German, the German health web (GHW). METHODS testssl.sh and TLS-Scanner were used to analyze the URLs of the 1,000 top-ranked health-related web sites (according to PageRank) for each of the country- code top level domains: ".de", ".at" and ".ch". RESULTS Our study revealed that most websites in the GHW are potentially vulnerable to common SSL/TLS security vulnerabilities, offer deprecated SSL/TLS protocol versions and mostly do not implement HTTP security headers at all. CONCLUSIONS These findings question the concept of trust within the GHW. Website owners should reconsider the use of outdated SSL/TLS protocol versions for compatibility reasons. Additionally, HTTP security headers should be implemented more consequently to provide additional security aspects. In future work, the authors intend to repeat this study and to incorporate a website's category, i.e. governmental or public health, to get a more detailed view of the GHW's security.
Collapse
Affiliation(s)
- Frederic Henn
- Department of Software Engineering, Heilbronn University, Germany
| | - Richard Zowalla
- Department of Medical Informatics, Heilbronn University, Germany.,Center for Machine Learning, Heilbronn University, Germany
| | - Andreas Mayer
- Department of Software Engineering, Heilbronn University, Germany.,Department of Medical Informatics, Heilbronn University, Germany
| |
Collapse
|
47
|
Dodson CTJ, Soldera J, Scharcanski J. Some Information Geometric Aspects of Cyber Security by Face Recognition. Entropy (Basel) 2021; 23:e23070878. [PMID: 34356419 PMCID: PMC8307538 DOI: 10.3390/e23070878] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 05/04/2021] [Revised: 06/28/2021] [Accepted: 06/29/2021] [Indexed: 12/05/2022]
Abstract
Secure user access to devices and datasets is widely enabled by fingerprint or face recognition. Organization of the necessarily large secure digital object datasets, with objects having content that may consist of images, text, video or audio, involves efficient classification and feature retrieval processing. This usually will require multidimensional methods applicable to data that is represented through a family of probability distributions. Then information geometry is an appropriate context in which to provide for such analytic work, whether with maximum likelihood fitted distributions or empirical frequency distributions. The important provision is of a natural geometric measure structure on families of probability distributions by representing them as Riemannian manifolds. Then the distributions are points lying in this geometrical manifold, different features can be identified and dissimilarities computed, so that neighbourhoods of objects nearby a given example object can be constructed. This can reveal clustering and projections onto smaller eigen-subspaces which can make comparisons easier to interpret. Geodesic distances can be used as a natural dissimilarity metric applied over data described by probability distributions. Exploring this property, we propose a new face recognition method which scores dissimilarities between face images by multiplying geodesic distance approximations between 3-variate RGB Gaussians representative of colour face images, and also obtaining joint probabilities. The experimental results show that this new method is more successful in recognition rates than published comparative state-of-the-art methods.
Collapse
Affiliation(s)
- C. T. J. Dodson
- School of Mathematics, University of Manchester, Manchester M13 9PL, UK
- Correspondence:
| | - John Soldera
- Federal Institute of Education, Science and Technology Farroupilha, Santo Ângelo 98806-700, Brazil;
| | - Jacob Scharcanski
- Institute of Informatics, Federal University of Rio Grande do Sul, Porto Alegre 91501-970, Brazil;
| |
Collapse
|
48
|
Abstract
Information security has for long time been a field of study in computer science, software engineering, and information communications technology. The term 'information security' has recently been replaced with the more generic term cybersecurity. The goal of this paper is to show that, in addition to computer science studies, behavioural sciences focused on user behaviour can provide key techniques to help increase cyber security and mitigate the impact of attackers' social engineering and cognitive hacking methods (i.e., spreading false information). Accordingly, in this paper, we identify current research on psychological traits and individual differences among computer system users that explain vulnerabilities to cyber security attacks and crimes. Our review shows that computer system users possess different cognitive capabilities which determine their ability to counter information security threats. We identify gaps in the existing research and provide possible psychological methods to help computer system users comply with security policies and thus increase network and information security.
Collapse
Affiliation(s)
- Ahmed A Moustafa
- School of Psychology, Western Sydney University, Sydney, NSW, Australia.,The Marcs Institute for Brain, Behaviour and Development, Western Sydney University, Sydney, NSW, Australia.,Department of Human Anatomy and Physiology, Faculty of Health Sciences, University of Johannesburg, Johannesburg, South Africa
| | - Abubakar Bello
- School of Social Sciences, Western Sydney University, Sydney, NSW, Australia
| | - Alana Maurushat
- School of Social Sciences, Western Sydney University, Sydney, NSW, Australia
| |
Collapse
|
49
|
Abstract
The effectiveness of cyber security measures are often questioned in the wake of hard hitting security events. Despite much work being done in the field of cyber security, most of the focus seems to be concentrated on system usage. In this paper, we survey advancements made in the development and design of the human centric cyber security domain. We explore the increasing complexity of cyber security with a wider perspective, defining user, usage and usability (3U’s) as three essential components for cyber security consideration, and classify developmental efforts through existing research works based on the human centric security design, implementation and deployment of these components. Particularly, the focus is on studies that specifically illustrate the shift in paradigm from functional and usage centred cyber security, to user centred cyber security by considering the human aspects of users. The aim of this survey is to provide both users and system designers with insights into the workings and applications of human centric cyber security.
Collapse
Affiliation(s)
- Marthie Grobler
- CSIRO's Data61, Distributed Systems Security, Melbourne, VIC, Australia
| | - Raj Gaire
- CSIRO's Data61, Distributed Systems Security, Canberra, ACT, Australia
| | - Surya Nepal
- CSIRO's Data61, Distributed Systems Security, Sydney, NSW, Australia
| |
Collapse
|
50
|
Min M, Lee JJ, Park H, Lee K. Detecting Anomalous Transactions via an IoT Based Application: A Machine Learning Approach for Horse Racing Betting. Sensors (Basel) 2021; 21:2039. [PMID: 33805841 DOI: 10.3390/s21062039] [Citation(s) in RCA: 1] [Impact Index Per Article: 0.3] [Reference Citation Analysis] [What about the content of this article? (0)] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 01/31/2021] [Revised: 03/02/2021] [Accepted: 03/08/2021] [Indexed: 11/24/2022]
Abstract
During the past decade, the technological advancement have allowed the gambling industry worldwide to deploy various platforms such as the web and mobile applications. Government agencies and local authorities have placed strict regulations regarding the location and amount allowed for gambling. These efforts are made to prevent gambling addictions and monitor fraudulent activities. The revenue earned from gambling provides a considerable amount of tax revenue. The inception of internet gambling have allowed professional gamblers to par take in unlawful acts. However, the lack of studies on the technical inspections and systems to prohibit unlawful internet gambling has caused incidents such as the Walkerhill Hotel incident in 2016, where fraudsters placed bets abnormally by modifying an Internet of Things (IoT)-based application called “MyCard”. This paper investigates the logic used by smartphone IoT applications to validate the location of users and then confirm continuous threats. Hence, our research analyzed transactions made on applications that operated using location authentication through IoT devices. Drawing on gambling transaction data from the Korea Racing Authority, this research used time series machine learning algorithms to identify anomalous activities and transactions. In our research, we propose a method to detect and prevent these anomalies by conducting a comparative analysis of the results of existing anomaly detection techniques and novel techniques.
Collapse
|