In the dynamic and ever-changing domain of Unmanned Aerial Vehicles (UAVs), the utmost importance lies in guaranteeing resilient and lucid security measures. This study highlights the necessity of implementing a Zero Trust Architecture (ZTA) to enhance the security of unmanned aerial vehicles (UAVs), hence departing from conventional perimeter defences that may expose vulnerabilities. The Zero Trust Architecture (ZTA) paradigm requires a rigorous and continuous process of authenticating all network entities and communications. The accuracy of our methodology in detecting and identifying unmanned aerial vehicles (UAVs) is 84.59\%. This is achieved by utilizing Radio Frequency (RF) signals within a Deep Learning framework, a unique method. Precise identification is crucial in Zero Trust Architecture (ZTA), as it determines network access. In addition, the use of eXplainable Artificial Intelligence (XAI) tools such as SHapley Additive exPlanations (SHAP) and Local Interpretable Model-agnostic Explanations (LIME) contributes to the improvement of the model s transparency and interpretability. Adherence to Zero Trust Architecture (ZTA) standards guarantees that the classifications of unmanned aerial vehicles (UAVs) are verifiable and comprehensible, enhancing security within the UAV field.

Zero Day Threats (ZDT) are novel methods used by malicious actors to attack and exploit information technology (IT) networks or infrastructure. In the past few years, the number of these threats has been increasing at an alarming rate and have been costing organizations millions of dollars to remediate. The increasing expansion of network attack surfaces and the exponentially growing number of assets on these networks necessitate the need for a robust AI-based Zero Day Threat detection model that can quickly analyze petabyte-scale data for potentially malicious and novel activity. In this paper, the authors introduce a deep learning based approach to Zero Day Threat detection that can generalize, scale, and effectively identify threats in near real-time. The methodology utilizes network flow telemetry augmented with asset-level graph features, which are passed through a dual-autoencoder structure for anomaly and novelty detection respectively. The models have been trained and tested on four large scale datasets that are representative of real-world organizational networks and they produce strong results with high precision and recall values. The models provide a novel methodology to detect complex threats with low false positive rates that allow security operators to avoid alert fatigue while drastically reducing their mean time to response with near-real-time detection. Furthermore, the authors also provide a novel, labelled, cyber attack dataset generated from adversarial activity that can be used for validation or training of other models. With this paper, the authors’ overarching goal is to provide a novel architecture and training methodology for cyber anomaly detectors that can generalize to multiple IT networks with minimal to no retraining while still maintaining strong performance.

Developing network intrusion detection systems (IDS) presents significant challenges due to the evolving nature of threats and the diverse range of network applications. Existing IDSs often struggle to detect dynamic attack patterns and covert attacks, leading to misidentified network vulnerabilities and degraded system performance. These requirements must be met via dependable, scalable, effective, and adaptable IDS designs. Our IDS can recognise and classify complex network threats by combining the Deep Q-Network (DQN) algorithm with distributed agents and attention techniques.. Our proposed distributed multi-agent IDS architecture has many advantages for guiding an all-encompassing security approach, including scalability, fault tolerance, and multi-view analysis. We conducted experiments using industry-standard datasets including NSL-KDD and CICIDS2017 to determine how well our model performed. The results show that our IDS outperforms others in terms of accuracy, precision, recall, F1-score, and false-positive rate. Additionally, we evaluated our model s resistance to black-box adversarial attacks, which are commonly used to take advantage of flaws in machine learning. Under these difficult circumstances, our model performed quite well.We used a denoising autoencoder (DAE) for further model strengthening to improve the IDS s robustness. Lastly, we evaluated the effectiveness of our zero-day defenses, which are designed to mitigate attacks exploiting unknown vulnerabilities. Through our research, we have developed an advanced IDS solution that addresses the limitations of traditional approaches. Our model demonstrates superior performance, robustness against adversarial attacks, and effective zero-day defenses. By combining deep reinforcement learning, distributed agents, attention techniques, and other enhancements, we provide a reliable and comprehensive solution for network security.

Network intrusion detection technology has developed for more than ten years, but due to the network intrusion is complex and variable, it is impossible to determine the function of network intrusion behaviour. Combined with the research on the intrusion detection technology of the cluster system, the network security intrusion detection and mass alarms are realized. Method: This article starts with an intrusion detection system, which introduces the classification and workflow. The structure and working principle of intrusion detection system based on protocol analysis technology are analysed in detail. Results: With the help of the existing network intrusion detection in the network laboratory, the Synflood attack has successfully detected, which verified the flexibility, accuracy, and high reliability of the protocol analysis technology. Conclusion: The high-performance cluster-computing platform designed in this paper is already available. The focus of future work will strengthen the functions of the cluster-computing platform, enhancing stability, and improving and optimizing the fault tolerance mechanism.

Cloud computing (CC) is vulnerable to existing information technology attacks, since it extends and utilizes information technology infrastructure, applications and typical operating systems. In this manuscript, an Enhanced capsule generative adversarial network (ECGAN) with blockchain based Proof of authority consensus procedure fostered Intrusion detection (ID) system is proposed for enhancing cyber security in CC. The data are collected via NSL-KDD benchmark dataset. The input data is fed to proposed Z-Score Normalization process to eliminate the redundancy including missing values. The pre-processing output is fed to feature selection. During feature selection, extracting the optimum features on the basis of univariate ensemble feature selection (UEFS). Optimum features basis, the data are classified as normal and anomalous utilizing Enhanced capsule generative adversarial networks. Subsequently, blockchain based Proof of authority (POA) consensus process is proposed for improving the cyber security of the data in cloud computing environment. The proposed ECGAN-BC-POA-IDS method is executed in Python and the performance metrics are calculated. The proposed approach has attained 33.7\%, 25.7\%, 21.4\% improved accuracy, 24.6\%, 35.6\%, 38.9\% lower attack detection time, and 23.8\%, 18.9\%, 15.78\% lower delay than the existing methods, like Artificial Neural Network (ANN) with blockchain framework, Integrated Architecture with Byzantine Fault Tolerance consensus, and Blockchain Random Neural Network (RNN-BC) respectively.

Network intrusion detection technology has developed for more than ten years, but due to the network intrusion is complex and variable, it is impossible to determine the function of network intrusion behaviour. Combined with the research on the intrusion detection technology of the cluster system, the network security intrusion detection and mass alarms are realized. Method: This article starts with an intrusion detection system, which introduces the classification and workflow. The structure and working principle of intrusion detection system based on protocol analysis technology are analysed in detail. Results: With the help of the existing network intrusion detection in the network laboratory, the Synflood attack has successfully detected, which verified the flexibility, accuracy, and high reliability of the protocol analysis technology. Conclusion: The high-performance cluster-computing platform designed in this paper is already available. The focus of future work will strengthen the functions of the cluster-computing platform, enhancing stability, and improving and optimizing the fault tolerance mechanism.

As the network security landscape changes with time and market, organizations seek different and innovative approaches to strengthen their security defenses. This paper gives a theoretical explanation, highlighting the combination of honeypots and network monitoring tools as a dynamic strategy for enhancing security within networking environments. By using honeypots along with network monitoring tools, we bring out a multilayered defense strategy aimed at identifying and examining potential attack patterns. Our research dives into the theory of honeypots, their role in diverting malicious attacks, and their relationship with network monitoring tools. This combined framework helps organizations to detect, analyze, and ultimately reduce security threats. Through theoretical inputs and suggestions, this paper presents a framework for organizations seeking to enhance their cybersecurity defenses by exploring the complications of attacks through advanced network monitoring, along with honeypot security mechanisms.

The Internet of Things (IoT) refers to the growing network of connected physical objects embedded with sensors, software and connectivity. While IoT has potential benefits, it also introduces new cyber security risks. This paper provides an overview of IoT security issues, vulnerabilities, threats, and mitigation strategies. The key vulnerabilities arising from IoT s scale, ubiquity and connectivity include inadequate authentication, lack of encryption, poor software security, and privacy concerns. Common attacks against IoT devices and networks include denial of service, ransom-ware, man-in-the-middle, and spoofing. An analysis of recent literature highlights emerging attack trends like swarm-based DDoS, IoT botnets, and automated large-scale exploits. Recommended techniques to secure IoT include building security into architecture and design, access control, cryptography, regular patching and upgrades, activity monitoring, incident response plans, and end-user education. Future technologies like blockchain, AI-enabled defense, and post-quantum cryptography can help strengthen IoT security. Additional focus areas include shared threat intelligence, security testing, certification programs, international standards and collaboration between industry, government and academia. A robust multilayered defense combining preventive and detective controls is required to combat rising IoT threats. This paper provides a comprehensive overview of the IoT security landscape and identifies areas for continued research and development.

Anomaly detection is a challenge well-suited to machine learning and in the context of information security, the benefits of unsupervised solutions show significant promise. Recent attention to Graph Neural Networks (GNNs) has provided an innovative approach to learn from attributed graphs. Using a GNN encoder-decoder architecture, anomalous edges between nodes can be detected during the reconstruction phase. The aim of this research is to determine whether an unsupervised GNN model can detect anomalous network connections in a static, attributed network. Network logs were collected from four corporate networks and one artificial network using endpoint monitoring tools. A GNN-based anomaly detection system was designed and employed to score and rank anomalous connections between hosts. The model was validated against four realistic experimental scenarios against the four large corporate networks and the smaller artificial network environment. Although quantitative metrics were affected by factors including the scale of the network, qualitative assessments indicated that anomalies from all scenarios were detected. The false positives across each scenario indicate that this model in its current form is useful as an initial triage, though would require further improvement to become a performant detector. This research serves as a promising step for advancing this methodology in detecting anomalous network connections. Future work to improve results includes narrowing the scope of detection to specific threat types and a further focus on feature engineering and selection.

Anomaly detection is a challenge well-suited to machine learning and in the context of information security, the benefits of unsupervised solutions show significant promise. Recent attention to Graph Neural Networks (GNNs) has provided an innovative approach to learn from attributed graphs. Using a GNN encoder-decoder architecture, anomalous edges between nodes can be detected during the reconstruction phase. The aim of this research is to determine whether an unsupervised GNN model can detect anomalous network connections in a static, attributed network. Network logs were collected from four corporate networks and one artificial network using endpoint monitoring tools. A GNN-based anomaly detection system was designed and employed to score and rank anomalous connections between hosts. The model was validated against four realistic experimental scenarios against the four large corporate networks and the smaller artificial network environment. Although quantitative metrics were affected by factors including the scale of the network, qualitative assessments indicated that anomalies from all scenarios were detected. The false positives across each scenario indicate that this model in its current form is useful as an initial triage, though would require further improvement to become a performant detector. This research serves as a promising step for advancing this methodology in detecting anomalous network connections. Future work to improve results includes narrowing the scope of detection to specific threat types and a further focus on feature engineering and selection.

Multiple smart operations, similar as smart technologies in homes, smart metropolises, smart husbandry, and smart health and fitness centres, use a new technology known as the Internet of effects. They correspond of an multifariousness of multiple networked bias that link to multiple detectors and the internet. Among the layers that comprise an IoT armature are the perception subcaste, network subcaste, and operation subcaste. Due to their wide use, these smart biases have fairly minimum protection and are vulnerable to attacks. Comprehensive explanations of operation subcaste security issues and protocols, similar as Advance Message Queuing Protocol(AMQP) in application layer protocol, Constrained operation protocol(CoAP), and REST(Emblematic State Transport).

Risk assessors and managers face many difficult challenges related to the new network system. These challenges include the continuous changes in the nature of network systems caused by technological progress, their distribution in the fields of physics, information and social cognition, and the complex network structure that usually includes thousands of nodes. Here, we review the probability and risk-based decision technology applied to network systems, and conclude that the existing methods can not solve all the components of the risk assessment triad (threat, vulnerability, consequence), and lack the ability to integrate across multiple areas of network systems, thus providing guidance for enhancing network security. We propose a cloud native security chain architecture and network topology reconstruction technology link based on the full link of microservices. The network security performance is quantified by multi-layer filtering mechanism and setting different fitness index functions. The method proposed in this paper solves the problems of packet loss, load balancing and distributed delay of network security mechanism in the global network to a certain extent.

Risk assessors and managers face many difficult challenges related to the new network system. These challenges include the continuous changes in the nature of network systems caused by technological progress, their distribution in the fields of physics, information and social cognition, and the complex network structure that usually includes thousands of nodes. Here, we review the probability and risk-based decision technology applied to network systems, and conclude that the existing methods can not solve all the components of the risk assessment triad (threat, vulnerability, consequence), and lack the ability to integrate across multiple areas of network systems, thus providing guidance for enhancing network security. We propose a cloud native security chain architecture and network topology reconstruction technology link based on the full link of microservices. The network security performance is quantified by multi-layer filtering mechanism and setting different fitness index functions. The method proposed in this paper solves the problems of packet loss, load balancing and distributed delay of network security mechanism in the global network to a certain extent.

Multiple smart operations, similar as smart technologies in homes, smart metropolises, smart husbandry, and smart health and fitness centres, use a new technology known as the Internet of effects. They correspond of an multifariousness of multiple networked bias that link to multiple detectors and the internet. Among the layers that comprise an IoT armature are the perception subcaste, network subcaste, and operation subcaste. Due to their wide use, these smart biases have fairly minimum protection and are vulnerable to attacks. Comprehensive explanations of operation subcaste security issues and protocols, similar as Advance Message Queuing Protocol(AMQP) in application layer protocol, Constrained operation protocol( CoAP), and REST( Emblematic State Transport).

The adoption of IoT in a multitude of critical infrastructures revolutionizes several sectors, ranging from smart healthcare systems to financial organizations and thermal and nuclear power plants. Yet, the progressive growth of IoT devices in critical infrastructure without considering security risks can damage the user’s privacy, confidentiality, and integrity of both individuals and organizations. To overcome the aforementioned security threats, we proposed an AI and onion routing-based secure architecture for IoT-enabled critical infrastructure. Here, we first employ AI classifiers that classify the attack and non-attack IoT data, where attack data is discarded from further communication. In addition, the AI classifiers are secure from data poisoning attacks by incorporating an isolation forest algorithm that efficiently detects the poisoned data and eradicates it from the dataset’s feature space. Only non-attack data is forwarded to the onion routing network, which offers triple encryption to encrypt IoT data. As the onion routing only processes non-attack data, it is less computationally expensive than other baseline works. Moreover, each onion router is associated with blockchain nodes that store the verifying tokens of IoT data. The proposed architecture is evaluated using performance parameters, such as accuracy, precision, recall, training time, and compromisation rate. In this proposed work, SVM outperforms by achieving 97.7\% accuracy.

Wireless Sensor Networks (WSN s) have gained prominence in technology for diverse applications, such as environmental monitoring, health care, smart agriculture, and industrial automation. Comprising small, low-power sensor nodes that sense and collect data from the environment, process it locally, and communicate wirelessly with a central sink or gateway, WSN s face challenges related to limited energy resources, communication constraints, and data processing requirements. This paper presents a comprehensive review of the current state of research in WSN s, focusing on aspects such as network architecture, communication protocols, energy management techniques, data processing and fusion, security and privacy, and applications. Existing solutions are critically analysed regarding their strengths, weaknesses, research gaps, and future directions for WSNs.

Intelligent security system is an important part of intelligent site construction, which directly affects the life safety of operators and the level of engineering supervision. Traditional security communication systems for construction, mineral mining and other fields have problems such as small network coverage, low capacity, short terminal life and relatively simple function. According to the application scenarios and business requirements of intelligent security system, this paper uses LoRa AD-hoc networking technology to carry out the network architecture research and key technology design of intelligent security AD-hoc networking system. Further, the detailed design of the embedded software of the system terminal and gateway is completed, and the functions of physical sign monitoring, danger warning and terminal positioning are realized.

Named Data Networking (NDN) has been considered a promising network architecture for Vehicular Ad Hoc Networks (VANETs), what became known as Vehicular Named-Data Networking (VNDN). This new paradigm brings the potential to improve Vehicle-to-Vehicle (V2V) and Vehicle-to-Infrastructure (V2I) that are inefficient in urban intelligent transport scenarios. Despite the advantages, VNDN brings inherent problems, such as the routing interest packages on NDN, which causes serious problem in the vehicular environment. The broadcast storm attack results in a huge amount of packet loss, provoking transmission overload. In addition, the link disconnection caused by the highly dynamic topology leads to a low package delivery rate. In this article, we propose a strategy for forwarding packages of interest in VNDN networks, using fuzzy logic to mitigate the broadcast storm. The proposal also aims to avoid packet collision and efficient data recovery, which the approach is based on metrics such as the nodes distance, the link stability and the signal quality. The results show a reduction in the number of Interest and Data packets without disrupting network performance maintaining adequate Interest delays.

IoT technology establishes a platform for automating services by connecting diverse objects through the Internet backbone. However, the integration of IoT networks also introduces security challenges, rendering IoT infrastructure susceptible to cyber-attacks. Notably, Distributed Denial of Service (DDoS) attacks breach the authorization conditions and these attacks have the potential to disrupt the physical functioning of the IoT infrastructure, leading to significant financial losses and even endangering human lives. Yet, maintaining availability even when networking elements malfunction has not received much attention. This research paper introduces a novel Twin eye Architecture, which includes dual gateway connecting every IoT access network to provide reliability even with the failure or inaccessibility of connected gateway. It includes the module called DDoS Manager that is molded into the gateway to recognize the dangling of the gateway. The effectiveness of the proposed model is evaluated using dataset simulated in NS3 environment. The results highlight the outstanding performance of the proposed model, achieving high accuracy rates. These findings demonstrate the proposed network architecture continues to provide critical authentication services even upon the failure of assigned gateway.

The computing capability of the embedded systems and bandwidth of the home network increase rapidly due to the rapid development of information and communication technologies. Many home appliances such as TVs, refrigerators, or air conditioners are now connected to the internet, then, the controlling firmware modules are automatically updatable via the network. TR-069 is a widely adopted standard for automatic appliance management and firmware update. Maintaining a TR069 network usually involves the design and deployment of the overall security and trust infrastructure, the update file repository and the update audit mechanisms. Thus, maintaining a dedicated TR-069 network is a heavy burden for the vendors of home appliances. Blockchain is an emerging technology that provides a secure and trust infrastructure based on distributed consensus. This paper reports the results of our initial attempt to design a prototype of a multitenant TR-069 platform based on the blockchain. The core idea is to reify each automatic deployment task as a smart contract instance whose transactions are recorded in the append-only distributed ledger and verified by the peers. Also, the overall design should be transparent to the original TR069 entities. We have built a prototype based on the proposed architecture to verify the feasibility in three key scenarios. The experimental results show that the proposed approach is feasible and is able to scale linearly in proportion to the number of managed devices.

The computing capability of the embedded systems and bandwidth of the home network increase rapidly due to the rapid development of information and communication technologies. Many home appliances such as TVs, refrigerators, or air conditioners are now connected to the internet, then, the controlling firmware modules are automatically updatable via the network. TR-069 is a widely adopted standard for automatic appliance management and firmware update. Maintaining a TR069 network usually involves the design and deployment of the overall security and trust infrastructure, the update file repository and the update audit mechanisms. Thus, maintaining a dedicated TR-069 network is a heavy burden for the vendors of home appliances. Blockchain is an emerging technology that provides a secure and trust infrastructure based on distributed consensus. This paper reports the results of our initial attempt to design a prototype of a multitenant TR-069 platform based on the blockchain. The core idea is to reify each automatic deployment task as a smart contract instance whose transactions are recorded in the append-only distributed ledger and verified by the peers. Also, the overall design should be transparent to the original TR069 entities. We have built a prototype based on the proposed architecture to verify the feasibility in three key scenarios. The experimental results show that the proposed approach is feasible and is able to scale linearly in proportion to the number of managed devices.

The continuously growing importance of today’s technology paradigms such as the Internet of Things (IoT) and the new 5G/6G standard open up unique features and opportunities for smart systems and communication devices. Famous examples are edge computing and network slicing. Generational technology upgrades provide unprecedented data rates and processing power. At the same time, these new platforms must address the growing security and privacy requirements of future smart systems. This poses two main challenges concerning the digital processing hardware. First, we need to provide integrated trustworthiness covering hardware, runtime, and the operating system. Whereas integrated means that the hardware must be the basis to support secure runtime and operating system needs under very strict latency constraints. Second, applications of smart systems cover a wide range of requirements where "one- chip-fits-all" cannot be the cost and energy effective way forward. Therefore, we need to be able to provide a scalable hardware solution to cover differing needs in terms of processing resource requirements.In this paper, we discuss our research on an integrated design of a secure and scalable hardware platform including a runtime and an operating system. The architecture is built out of composable and preferably simple components that are isolated by default. This allows for the integration of third-party hardware/software without compromising the trusted computing base. The platform approach improves system security and provides a viable basis for trustworthy communication devices.

Network security isolation technology is an important means to protect the internal information security of enterprises. Generally, isolation is achieved through traditional network devices, such as firewalls and gatekeepers. However, the security rules are relatively rigid and cannot better meet the flexible and changeable business needs. Through the double sandbox structure created for each user, each user in the virtual machine is isolated from each other and security is ensured. By creating a virtual disk in a virtual machine as a user storage sandbox, and encrypting the read and write of the disk, the shortcomings of traditional network isolation methods are discussed, and the application of cloud desktop network isolation technology based on VMwarer technology in universities is expounded.

The digital transformation brought on by 5G is redefining current models of end-to-end (E2E) connectivity and service reliability to include security-by-design principles necessary to enable 5G to achieve its promise. 5G trustworthiness highlights the importance of embedding security capabilities from the very beginning while the 5G architecture is being defined and standardized. Security requirements need to overlay and permeate through the different layers of 5G systems (physical, network, and application) as well as different parts of an E2E 5G architecture within a risk-management framework that takes into account the evolving security-threats landscape. 5G presents a typical use-case of wireless communication and computer networking convergence, where 5G fundamental building blocks include components such as Software Defined Networks (SDN), Network Functions Virtualization (NFV) and the edge cloud. This convergence extends many of the security challenges and opportunities applicable to SDN/NFV and cloud to 5G networks. Thus, 5G security needs to consider additional security requirements (compared to previous generations) such as SDN controller security, hypervisor security, orchestrator security, cloud security, edge security, etc. At the same time, 5G networks offer security improvement opportunities that should be considered. Here, 5G architectural flexibility, programmability and complexity can be harnessed to improve resilience and reliability. The working group scope fundamentally addresses the following: •5G security considerations need to overlay and permeate through h the different layers of the 5G systems (physical, network, and application) as well as different parts of an E2E 5G architecture including a risk management framework that takes into account the evolving security threats landscape. •5G exemplifies a use-case of heterogeneous access and computer networking convergence, which extends a unique set of security challenges and opportunities (e.g., related to SDN/NFV and edge cloud, etc.) to 5G networks. Similarly, 5G networks by design offer potential security benefits and opportunities through harnessing the architecture flexibility, programmability and complexity to improve its resilience and reliability. •The IEEE FNI security WG s roadmap framework follows a taxonomic structure, differentiating the 5G functional pillars and corresponding cybersecurity risks. As part of cross collaboration, the security working group will also look into the security issues associated with other roadmap working groups within the IEEE Future Network Initiative.

5G core network introduces service based architecture, software defined network, network function virtualization and other new technologies, showing the characteristics of IT and Internet. The new architecture and new technologies not only bring convenience to 5G but also introduce new security threats, especially the unknown security threats caused by unknown vulnerabilities or backdoors. This paper mainly introduces the security threats after the application of software defined network, network function virtualization and other technologies to 5G, summarizes the security solutions proposed by standardization organizations and academia, and puts forward a new idea of building a high-level secure 5G core network based on the endogenous safety and security.