Cybersecurity is the practice of preventing cyberattacks on vital infrastructure and private data. Government organisations, banks, hospitals, and every other industry sector are increasingly investing in cybersecurity infrastructure to safeguard their operations and the millions of consumers who entrust them with their personal information. Cyber threat activity is alarming in a world where businesses are more interconnected than ever before, raising concerns about how well organisations can protect themselves from widespread attacks. Threat intelligence solutions employ Natural Language Processing to read and interpret the meaning of words and technical data in various languages and find trends in them. It is becoming increasingly precise for machines to analyse various data sources in multiple languages using NLP. This paper aims to develop a system that targets software vulnerability detection as a Natural Language Processing (NLP) problem with source code treated as texts and addresses the automated software vulnerability detection with recent advanced deep learning NLP models. We have created and compared various deep learning models based on their accuracy and the best performer achieved 95\% accurate results. Furthermore we have also made an effort to predict which vulnerability class a particular source code belongs to and also developed a robust dashboard using FastAPI and ReactJS.

This paper presents a vulnerability detection scheme for small unmanned aerial vehicle (UAV) systems, aiming to enhance their security resilience. It initiates with a comprehensive analysis of UAV system composition, operational principles, and the multifaceted security threats they face, ranging from software vulnerabilities in flight control systems to hardware weaknesses, communication link insecurities, and ground station management vulnerabilities. Subsequently, an automated vulnerability detection framework is designed, comprising three tiers: information gathering, interaction analysis, and report presentation, integrated with fuzz testing techniques for thorough examination of UAV control systems. Experimental outcomes validate the efficacy of the proposed scheme by revealing weak password issues in the target UAV s services and its susceptibility to abnormal inputs. The study not only confirms the practical utility of the approach but also contributes valuable insights and methodologies to UAV security, paving the way for future advancements in AI-integrated smart gray-box fuzz testing technologies.

The growth of the Internet of Things (IoT) is leading to some restructuring and transformation of everyday lives. The number and diversity of IoT devices have increased rapidly, enabling the vision of a smarter environment and opening the door to further automation, accompanied by the generation and collection of enormous amounts of data. The automation and ongoing proliferation of personal and professional data in the IoT have resulted in countless cyber-attacks enabled by the growing security vulnerabilities of IoT devices. Therefore, it is crucial to detect and patch vulnerabilities before attacks happen in order to secure IoT environments. One of the most promising approaches for combating cybersecurity vulnerabilities and ensuring security is through the use of artificial intelligence (AI). In this paper, we provide a review in which we classify, map, and summarize the available literature on AI techniques used to recognize and reduce cybersecurity software vulnerabilities in the IoT. We present a thorough analysis of the majority of AI trends in cybersecurity, as well as cutting-edge solutions.

The increasing number of security vulnerabilities has become an important problem that needs to be solved urgently in the field of software security, which means that the current vulnerability mining technology still has great potential for development. However, most of the existing AI-based vulnerability detection methods focus on designing different AI models to improve the accuracy of vulnerability detection, ignoring the fundamental problems of data-driven AI-based algorithms: first, there is a lack of sufficient high-quality vulnerability data; second, there is no unified standardized construction method to meet the standardized evaluation of different vulnerability detection models. This all greatly limits security personnel’s in-depth research on vulnerabilities. In this survey, we review the current literature on building high-quality vulnerability datasets, aiming to investigate how state-of-the-art research has leveraged data mining and data processing techniques to generate vulnerability datasets to facilitate vulnerability discovery. We also identify the challenges of this new field and share our views on potential research directions.

In various fields, such as medical engi-neering or aerospace engineering, it is difficult to apply the decisions of a machine learning (ML) or a deep learning (DL) model that do not account for the vast amount of human limitations which can lead to errors and incidents. Explainable Artificial Intelligence (XAI) comes to explain the results of artificial intelligence software (ML or DL) still considered black boxes to understand their decisions and adopt them. In this paper, we are interested in the deployment of a deep neural network (DNN) model able to predict the Remaining Useful Life (RUL) of a turbofan engine of an aircraft. Shapley s method was then applied in the explanation of the DL results. This made it possible to determine the participation rate of each parameter in the RUL and to identify the most decisive parameters for extending or shortening the RUL of the turbofan engine.

Explainable AI (XAI) is a topic of intense activity in the research community today. However, for AI models deployed in the critical infrastructure of communications networks, explainability alone is not enough to earn the trust of network operations teams comprising human experts with many decades of collective experience. In the present work we discuss some use cases in communications networks and state some of the additional properties, including accountability, that XAI models would have to satisfy before they can be widely deployed. In particular, we advocate for a human-in-the-Ioop approach to train and validate XAI models. Additionally, we discuss the use cases of XAI models around improving data preprocessing and data augmentation techniques, and refining data labeling rules for producing consistently labeled network datasets.

Explainable AI (XAI) techniques are used for understanding the internals of the AI algorithms and how they produce a particular result. Several software packages are available implementing XAI techniques however, their use requires a deep knowledge of the AI algorithms and their output is not intuitive for non-experts. In this paper we present a framework, (XAI4PublicPolicy), that provides customizable and reusable dashboards for XAI ready to be used both for data scientists and general users with no code. The models, and data sets are selected dragging and dropping from repositories While dashboards are generated selecting the type of charts. The framework can work with structured data and images in different formats. This XAI framework was developed and is being used in the context of the AI4PublicPolicy European project for explaining the decisions made by machine learning models applied to the implementation of public policies.

DDoS is considered as the most dangerous attack and threat to software defined network (SDN). The existing mitigation technologies include flow capacity method, entropy method and flow analysis method. They rely on traffic sampling to achieve true real-time inline DDoS detection accuracy. However, the cost of the method based on traffic sampling is very high. Early detection of DDoS attacks in the controller is very important, which requires highly adaptive and accurate methods. Therefore, this paper proposes an effective and accurate real-time DDoS attack detection technology based on hurst index. The main detection methods of DDoS attacks and the traffic characteristics when DDoS attacks occur are briefly analyzed. The Hurst exponent estimation method and its application in real-time detection (RTD) of DDoS attacks are discussed. Finally, the simulation experiment test analysis is improved to verify the effectiveness and feasibility of RTD of DDoS attacks based on hurst index.

Healthcare systems have recently utilized the Internet of Medical Things (IoMT) to assist intelligent data collection and decision-making. However, the volume of malicious threats, particularly new variants of malware attacks to the connected medical devices and their connected system, has risen significantly in recent years, which poses a critical threat to patients’ confidential data and the safety of the healthcare systems. To address the high complexity of conventional software-based detection techniques, Hardware-supported Malware Detection (HMD) has proved to be efficient for detecting malware at the processors’ micro-architecture level with the aid of Machine Learning (ML) techniques applied to Hardware Performance Counter (HPC) data. In this work, we examine the suitability of various standard ML classifiers for zero-day malware detection on new data streams in the real-world operation of IoMT devices and demonstrate that such methods are not capable of detecting unknown malware signatures with a high detection rate. In response, we propose a hybrid and adaptive image-based framework based on Deep Learning and Deep Reinforcement Learning (DRL) for online hardware-assisted zero-day malware detection in IoMT devices. Our proposed method dynamically selects the best DNN-based malware detector at run-time customized for each device from a pool of highly efficient models continuously trained on all stream data. It first converts tabular hardware-based data (HPC events) into small-size images and then leverages a transfer learning technique to retrain and enhance the Deep Neural Network (DNN) based model’s performance for unknown malware detection. Multiple DNN models are trained on various stream data continuously to form an inclusive model pool. Next, a DRL-based agent constructed with two Multi-Layer Perceptrons (MLPs) is trained (one acts as an Actor and another acts as a Critic) to align the decision of selecting the most optimal DNN model for highly accurate zero-day malware detection at run-time using a limited number of hardware events. The experimental results demonstrate that our proposed AI-enabled method achieves 99\% detection rate in both F1-score and AUC, with only 0.01\% false positive rate and 1\% false negative rate.

The last decade has shown that networked cyber-physical systems (NCPS) are the future of critical infrastructure such as transportation systems and energy production. However, they have introduced an uncharted territory of security vulnerabilities and a wider attack surface, mainly due to network openness and the deeply integrated physical and cyber spaces. On the other hand, relying on manual analysis of intrusion detection alarms might be effective in stopping run-of-the-mill automated probes but remain useless against the growing number of targeted, persistent, and often AI-enabled attacks on large-scale NCPS. Hence, there is a pressing need for new research directions to provide advanced protection. This paper introduces a novel security paradigm for emerging NCPS, namely Autonomous Cyber-Physical Defense (ACPD). We lay out the theoretical foundations and describe the methods for building autonomous and stealthy cyber-physical defense agents that are able to dynamically hunt, detect, and respond to intelligent and sophisticated adversaries in real time without human intervention. By leveraging the power of game theory and multi-agent reinforcement learning, these self-learning agents will be able to deploy complex cyber-physical deception scenarios on the fly, generate optimal and adaptive security policies without prior knowledge of potential threats, and defend themselves against adversarial learning. Nonetheless, serious challenges including trustworthiness, scalability, and transfer learning are yet to be addressed for these autonomous agents to become the next-generation tools of cyber-physical defense.

Patient’s data security is critical and cannot be undermined. The patient data must always be kept confidential. Any compromise of patient data not only results in loss of trust but can also lead to legal action. To understand data security measures and to prevent data theft, this study evaluates the cyber security position of electronic medical records using Systematic Literature Review (SLR). It primarily studies the various threats the EMRs are exposed to, more specifically in the cloud environment. It also discusses the possible ways to lower the possibility of EMR data breach. The value addition of this study is the proposition of a Risk Assessment Framework (RAF) to make the EMR software secure and safe from cyber-attacks. The cyclic RAF is proposed to manage and mitigate the risks involved in medical data storage and access.

A growing number of attacks and the introduction of new security standards, e.g. ISO 21434, are increasingly shifting the focus of industry and research to the cybersecurity of vehicles. Being cyber-physical systems, compromised vehicles can pose a safety risk to occupants and the environment. Updates over the air and monitoring of the vehicle fleet over its entire lifespan are therefore established in current and future vehicles. Elementary components of such a strategy are security sensors in the form of firewalls and intrusion detection systems, for example, and an operations center where monitoring and response activities are coordinated. A critical step in defending against, detecting, and remediating attacks is providing knowledge about the vehicle and fleet context. Whether a vehicle is driving on the highway or parked at home, what software version is installed, or what security incidents have occurred affect the legitimacy of data and network traffic. However, current security measures lack an understanding of how to operate in an adjusted manner in different contexts. This work is therefore dedicated to a concept to make security measures for vehicles context-aware. We present our approach, which consists of an object-oriented model of relevant context information within the vehicle and a Knowledge Graph for the fleet. With this approach, various use cases can be addressed, according to the different requirements for the use of context knowledge in the vehicle and operations center.

The world has seen a quick transition from hard devices for local storage to massive virtual data centers, all possible because of cloud storage technology. Businesses have grown to be scalable, meeting consumer demands on every turn. Cloud computing has transforming the way we do business making IT more efficient and cost effective that leads to new types of cybercrimes. Securing the data in cloud is a challenging task. Cloud security is a mixture of art and science. Art is to create your own technique and technologies in such a way that the user should be authenticated. Science is because you have to come up with ways of securing your application. Data security refers to a broad set of policies, technologies and controls deployed to protect data application and the associated infrastructure of cloud computing. It ensures that the data has not been accessed by any unauthorized person. Cloud storage systems are considered to be a network of distributed data centers which typically uses cloud computing technologies like virtualization and offers some kind of interface for storing data. Virtualization is the process of grouping the physical storage from multiple network storage devices so that it looks like a single storage device.Storing the important data in the cloud has become an essential argument in the computer territory. The cloud enables the user to store the data efficiently and access the data securely. It avoids the basic expenditure on hardware, software and maintenance. Protecting the cloud data has become one of the burdensome tasks in today’s environment. Our proposed scheme "Certificateless Compressed Data Sharing in Cloud through Partial Decryption" (CCDSPD) makes use of Shared Secret Session (3S) key for encryption and double decryption process to secure the information in the cloud. CC does not use pairing concept to solve the key escrow problem. Our scheme provides an efficient secure way of sharing data to the cloud and reduces the time consumption nearly by 50 percent as compared to the existing mCL-PKE scheme in encryption and decryption process.Distributed Cloud Environment (DCE) has the ability to store the da-ta and share it with others. One of the main issues arises during this is, how safe the data in the cloud while storing and sharing. Therefore, the communication media should be safe from any intruders residing between the two entities. What if the key generator compromises with intruders and shares the keys used for both communication and data? Therefore, the proposed system makes use of the Station-to-Station (STS) protocol to make the channel safer. The concept of encrypting the secret key confuses the intruders. Duplicate File Detector (DFD) checks for any existence of the same file before uploading. The scheduler as-signs the work of generating keys to the key manager who has less task to complete or free of any task. By these techniques, the proposed system makes time-efficient, cost-efficient, and resource efficient compared to the existing system. The performance is analysed in terms of time, cost and resources. It is necessary to safeguard the communication channel between the entities before sharing the data. In this process of sharing, what if the key manager’s compromises with intruders and reveal the information of the user’s key that is used for encryption. The process of securing the key by using the user’s phrase is the key concept used in the proposed system "Secure Storing and Sharing of Data in Cloud Environment using User Phrase" (S3DCE). It does not rely on any key managers to generate the key instead the user himself generates the key. In order to provide double security, the encryption key is also encrypted by the public key derived from the user’s phrase. S3DCE guarantees privacy, confidentiality and integrity of the user data while storing and sharing. The proposed method S3DCE is more efficient in terms of time, cost and resource utilization compared to the existing algorithm DaSCE (Data Security for Cloud Environment with Semi Trusted Third Party) and DACESM (Data Security for Cloud Environment with Scheduled Key Managers).For a cloud to be secure, all of the participating entities must be secure. The security of the assets does not solely depend on an individual s security measures. The neighbouring entities may provide an opportunity to an attacker to bypass the user s defences. The data may compromise due to attacks by other users and nodes within the cloud. Therefore, high security measures are required to protect data within the cloud. Cloudsim allows to create a network that contains a set of Intelligent Sense Point (ISP) spread across an area. Each ISPs will have its own unique position and will be different from other ISPs. Cloud is a cost-efficient solution for the distribution of data but has the challenge of a data breach. The data can be compromised of attacks of ISPs. Therefore, in OSNQSC (Optimized Selection of Nodes for Enhanced in Cloud Environment), an optimized method is proposed to find the best ISPs to place the data fragments that considers the channel quality, distance and the remaining energy of the ISPs. The fragments are encrypted before storing. OSNQSC is more efficient in terms of total upload time, total download time, throughput, storage and memory consumption of the node with the existing Betweenness centrality, Eccentricity and Closeness centrality methods of DROPS (Division and Replication of Data in the Cloud for Optimal Performance and Security).

This paper presents FBA-SDN, a novel Stellar Consensus Protocol (SCP)-based Federated Byzantine Agreement System (FBAS) approach to trustworthy Collaborative Intrusion Detection (CIDS) in Software-Defined Network (SDN) environments. The proposed approach employs the robustness of Byzantine Fault Tolerance (BFT) consensus mechanisms and the decentralized nature of blockchain ledgers to coordinate the Intrusion Detection System (IDS) operation securely. The federated architecture adopted in FBA-SDN facilitates collaborative analysis of low-confidence alert data, reaching system-wide consensus on potential intrusions. Additionally, the Quorum-based nature of the approach reduces the risk of a single point of failure (SPoF) while simultaneously improving upon the scalability offered by existing blockchain-based approaches. Through simulation, we demonstrate promising results concerning the efficacy of reaching rapid and reliable consensus on both binary and multi-class simulated intrusion data compared with the existing approaches.

Different contemporary organisations are using cloud computing application in business operation activities to gain competitive advantages over other competitors. It also helps in promoting flexibility of the business operation activities. Cloud computing involves delivery of different computer resources to data centres over the internet services. Different kinds of delivered computer resources include data storage, servers, database, analytics, software, networking, and other types of data applications etc. In this present era of data breaches, cloud computing ensures security protocols to protect different kinds of sensitive transaction data and confidential information. Use of cloud computing ensures that a third party individual does not tamper the data. Use of cloud computing also provides different kinds of competitive advantages to the organisations. Cloud computing also helps in providing efficiency and a platform for innovation for the contemporary organisations. Theoretical frameworks are usedin the literature review section to determine the important roles of cloud computing in effective data and security management in the organisations. It is also justified in the research work that qualitative methodology is suitable for the researcher to meet the developed research objectives. A secondary data analysis approach has been considered by the researcher in this study to carry out the investigation and meet the developed objectives. From the findings, few challenges associated with the cloud computing system have been identified. Proper recommendations are suggested at the end of the study to help future researchers in overcoming the identified associated challenges.

The innovation introduced by connectivity brings about significant changes in the industrial environment leading to the fourth industrial revolution, known as Industry 4.0. However, the integration and connectivity between industrial systems have significantly increased the risks and cyberattack surfaces. Nowadays, Virtualization is added to the security field to provide maximum protection against toxic attacks at minimum costs. Combining paradigms such as Software Defined Networking (SDN), and Network Function Virtualization (NFV) can improve virtualization performance through Openness (unified control of heterogeneous hardware and software resources), Flexibility (remote management and rapid response to changing demands), and Scalability (a faster cycle of innovative services deployment). The present paper proposes a Virtualized Security for Industry 4.0 (ViSI4.0), based on both SDN and Network Security Function Virtualisation (NSFV), to prevent attacks on Cyber-Physical System (CPS). Since industrial devices are limited in memory and processing, vNSFs are deployed as Docker containers. We conducted experiments to evaluate the performances of IIoT applications when using virtualized security services. Results showed that many real-time IIoT applications are still within their latency tolerance range. However, the additional delays introduced by virtualization have an impact on IIoT applications with very strict delays.

This paper addresses the issues of fault tolerance (FT) and intrusion detection (ID) in the Software-defined networking (SDN) environment. We design an integrated model that combines the FT-Manager as an FT mechanism and an ID-Manager, as an ID technique to collaboratively detect and mitigate threats in the SDN. The ID-Manager employs a machine learning (ML) technique to identify anomalous traffic accurately and effectively. Both techniques in the integrated model leverage the controller-switches communication for real-time network statistics collection. While the full implementation of the framework is yet to be realized, experimental evaluations have been conducted to identify the most suitable ML algorithm for ID-Manager to classify network traffic using a benchmarking dataset and various performance metrics. The principal component analysis method was utilized for feature engineering optimization, and the results indicate that the Random Forest (RF) classifier outperforms other algorithms with 99.9\% accuracy, precision, and recall. Based on these findings, the paper recommended RF as the ideal choice for ID design in the integrated model. We also stress the significance and potential benefits of the integrated model to sustain SDN network security and dependability.

Aiming at the security issues such as data leakage and tampering faced by experimental data sharing, research is conducted on data security sharing under multiple security mechanisms such as mixed encryption and secure storage on the blockchain against leakage, as well as experimental data tampering identification and recovery strategies based on an improved practical Byzantine fault-tolerant (PBFT) consensus algorithm. An integrated scheme for secure storage, sharing, and tamper resistant recovery of test data is proposed to address the contradiction between the security and sharing of sensitive data. Provide support for the security application of blockchain in experimental data management.

Malware, or software designed with harmful intent, is an ever-evolving threat that can have drastic effects on both individuals and institutions. Neural network malware classification systems are key tools for combating these threats but are vulnerable to adversarial machine learning attacks. These attacks perturb input data to cause misclassification, bypassing protective systems. Existing defenses often rely on enhancing the training process, thereby increasing the model’s robustness to these perturbations, which is quantified using verification. While training improvements are necessary, we propose focusing on the verification process used to evaluate improvements to training. As such, we present a case study that evaluates a novel verification domain that will help to ensure tangible safeguards against adversaries and provide a more reliable means of evaluating the robustness and effectiveness of anti-malware systems. To do so, we describe malware classification and two types of common malware datasets (feature and image datasets), demonstrate the certified robustness accuracy of malware classifiers using the Neural Network Verification (NNV) and Neural Network Enumeration (nnenum) tools1, and outline the challenges and future considerations necessary for the improvement and refinement of the verification of malware classification. By evaluating this novel domain as a case study, we hope to increase its visibility, encourage further research and scrutiny, and ultimately enhance the resilience of digital systems against malicious attacks.

Mobile malware is a malicious code specifically designed to target mobile devices to perform multiple types of fraud. The number of attacks reported each day is increasing constantly and is causing an impact not only at the end-user level but also at the network operator level. Malware like FluBot contributes to identity theft and data loss but also enables remote Command & Control (C2) operations, which can instrument infected devices to conduct Distributed Denial of Service (DDoS) attacks. Current mobile device-installed solutions are not effective, as the end user can ignore security warnings or install malicious software. This article designs and evaluates MONDEO-Tactics5G - a multistage botnet detection mechanism that does not require software installation on end-user devices, together with tactics for 5G network operators to manage infected devices. We conducted an evaluation that demonstrates high accuracy in detecting FluBot malware, and in the different adaptation strategies to reduce the risk of DDoS while minimising the impact on the clients satisfaction by avoiding disrupting established sessions.

The rise in autonomous Unmanned Aerial Vehicles (UAVs) for objectives requiring long-term navigation in diverse environments is attributed to their compact, agile, and accessible nature. Specifically, problems exploring dynamic obstacle and collision avoidance are of increasing interest as UAVs become more popular for tasks such as transportation of goods, formation control, and search and rescue routines. Prioritizing safety in the design of autonomous UAVs is crucial to prevent costly collisions that endanger pedestrians, mission success, and property. Safety must be ensured in these systems whose behavior emerges from multiple software components including learning-enabled components. Learning-enabled components, optimized through machine learning (ML) or reinforcement learning (RL) require adherence to safety constraints while interacting with the environment during training and deployment, as well as adaptation to new unknown environments. In this paper, we safeguard autonomous UAV navigation by designing agents based on behavior trees with learning-enabled components, referred to as Evolving Behavior Trees (EBTs). We learn the structure of EBTs with explicit safety components, optimize learning-enabled components with safe hierarchical RL, deploy, and update specific components for transfer to unknown environments. Safe and successful navigation is evaluated using a realistic UAV simulation environment. The results demonstrate the design of an explainable learned EBT structure, incurring near-zero collisions during training and deployment, with safe time-efficient transfer to an unknown environment.

This paper proposes a secure data storage scheme for protecting network privacy. In the system hardware design, it is divided into interface module, basic service module and storage module. The three functional modules work together to improve the security of personal privacy data on the Internet. Establish a personal privacy database in software to ensure the security of personal privacy data. Asymmetric cryptography is used to encrypt and decrypt the data. Finally, the encrypted privacy information data is processed centrally to realize the combined storage of privacy information in the computer network. By comparing the safety and operation effect of the system, it is proved that the system has great advantages in safety and efficiency. The simulation results show that the method is effective.

Intelligent Systems for Personal Data Cyber Security is a critical component of the Personal Information Management of Medicaid Enterprises. Intelligent Systems for Personal Data Cyber Security combines components of Cyber Security Systems with Human-Computer Interaction. It also uses the technology and principles applied to the Internet of Things. The use of software-hardware concepts and solutions presented in this report is, in the authors’ opinion, some step in the working-out of the Intelligent Systems for Personal Data Cyber Security in Medicaid Enterprises. These concepts may also be useful for developers of these types of systems.

This article proposes a technique that establishes the procedure for evaluating the level of efficiency of the information security department (an employee performing information security functions). The technique uses performance evaluation criteria based on the apparatus of fuzzy logic, the composition of fuzzy relations. The technique describes the procedure for evaluating the effectiveness of the information security department (information security officer) during audits in the area of "Organization and state of work on information protection", self-assessment of the effectiveness of work. The method of assessing the level of efficiency consists in presenting with the help of a set of measurements (both at the quantitative and qualitative level) the features collected to build a classification of the effectiveness of the information security department (information security officer). Based on a set of measurements of signs, the decision-maker must determine (classify) the effectiveness of work using the criteria for assessing the quality of their work. In the future, the methodology can be expanded for additional purposes of predicting the level of security of informatization objects.

In response to the advent of software defined world, this Fast Abstract introduces a new notion, information gravitation, with an attempt to unify and expand two related ones, information mass (related to the supposed fifth force) and data gravitation. This is motivated by the following question: is there a new kind of (gravitational) force between any two distinct pieces of information conveying messages. A possibly affirmative answer to this question of information gravitation, which is supposed to explore the theoretically and/or experimentally justified interplay between information and gravitation, might make significant sense for the software defined world being augmented with artificial intelligence and virtual reality in the age of information. Information induces gravitation. Information gravitation should be related to Newton s law of universal gravitation and Einstein s general theory of relativity, and even to gravitational waves and the unified theory of everything.