In today s digital landscape, the task of identifying various types of malicious files has become progressively challenging. Modern malware exhibits increasing sophistication, often evading conventional anti-malware solutions. The scarcity of data on distinct and novel malware strains further complicates effective detection. In response, this research presents an innovative approach to malware detection, specifically targeting multiple distinct categories of malicious software. In the initial stage, Principal Component Analysis (PCA) is performed and achieved a remarkable accuracy rate of 95.39\%. Our methodology revolves around leveraging features commonly accessible from user-uploaded files, aligning with the contextual behavior of typical users seeking to identify malignancy. This underscores the efficacy of the unique featurebased detection strategy and its potential to enhance contemporary malware identification methodologies. The outcomes achieved attest to the significance of addressing emerging malware threats through inventive analytical paradigms.
Authored by Sanyam Jain, Sumaiya Thaseen
Malwares have been being a major security threats to enterprises, government organizations and end-users. Beside traditional malwares, such as viruses, worms and trojans, new types of malwares, such as botnets, ransomwares, IoT malwares and crypto-jackings are released daily. To cope with malware threats, several measures for monitoring, detecting and preventing malwares have been developed and deployed in practice, such as signature-based detection, static and dynamic file analysis. This paper proposes 2 malware detection models based on statistics and machine learning using opcode n-grams. The proposed models aim at achieving high detection accuracy as well as reducing the amount of time for training and detection. Experimental results show that our proposed models give better performance measures than previous proposals. Specifically, the proposed statistics-based model is very fast and it achieves a high detection accuracy of 92.75\% and the random forest-based model produces the highest detection accuracy of 96.29\%.
Authored by Xuan Hoang, Ba Nguyen, Thi Ninh
With the rapid development of science and technology, information security issues have been attracting more attention. According to statistics, tens of millions of computers around the world are infected by malicious software (Malware) every year, causing losses of up to several USD billion. Malware uses various methods to invade computer systems, including viruses, worms, Trojan horses, and others and exploit network vulnerabilities for intrusion. Most intrusion detection approaches employ behavioral analysis techniques to analyze malware threats with packet collection and filtering, feature engineering, and attribute comparison. These approaches are difficult to differentiate malicious traffic from legitimate traffic. Malware detection and classification are conducted with deep learning and graph neural networks (GNNs) to learn the characteristics of malware. In this study, a GNN-based model is proposed for malware detection and classification on a renewable energy management platform. It uses GNN to analyze malware with Cuckoo Sandbox malware records for malware detection and classification. To evaluate the effectiveness of the GNN-based model, the CIC-AndMal2017 dataset is used to examine its accuracy, precision, recall, and ROC curve. Experimental results show that the GNN-based model can reach better results.
Authored by Hsiao-Chung Lin, Ping Wang, Wen-Hui Lin, Yu-Hsiang Lin, Jia-Hong Chen
Cybersecurity concerns have arisen due to extensive information exchange among networked smart grid devices which also employ seamless firmware update. An outstanding issue is the presence of malware-injected malicious devices at the grid edge which can cause severe disturbances to grid operations and propagate malware on the power grid. This paper proposes a cloud-based, device-specific malware file detection system for smart grid devices. In the proposed system, a quantum-convolutional neural network (QCNN) with a deep transfer learning (DTL) is designed and implemented in a cloud platform to detect malware files targeting various smart grid devices. The proposed QCNN algorithm incorporates quantum circuits to extract more features from the malware image files than the filter in conventional CNNs and the DTL method to improve detection accuracy for different types of devices (e.g., processor architecture and operating systems). The proposed algorithm is implemented in the IBM Watson Studio cloud platform that utilizes IBM Quantum processor. The experimental results validate that the proposed malware file detection method significantly improves the malware file detection rates compared to the conventional CNN-based method.
Authored by Alve Akash, BoHyun Ahn, Alycia Jenkins, Ameya Khot, Lauren Silva, Hugo Tavares-Vengas, Taesic Kim
The term Internet of Things(IoT) describes a network of real-world items, gadgets, structures, and other things that are equipped with communication and sensors for gathering and exchanging data online. The likelihood of Android malware attacks on IoT devices has risen due to their widespread use. Regular security precautions might not be practical for these devices because they frequently have limited resources. The detection of malware attacks on IoT environments has found hope in ML approaches. In this paper, some machine learning(ML) approaches have been utilized to detect IoT Android malware threats. This method uses a collection of Android malware samples and good apps to build an ML model. Using the Android Malware dataset, many ML techniques, including Naive Bayes (NB), K-Nearest Neighbour (KNN), Decision Tree (DT), and Random Forest (RF), are used to detect malware in IoT. The accuracy of the DT model is 95\%, which is the highest accuracy rate, while that of the NB, KNN, and RF models have accuracy rates of 84\%, 89\%, and 92\%, respectively.
Authored by Anshika Sharma, Himanshi Babbar
The motive of this paper is to detect the malware from computer systems in order to protect the confidential data, information, documents etc. from being accessing. The detection of malware is necessary because it steals the data from that system which is affected by malware. There are different malware detection techniques (cloud-based, signature-based, Iot-based, heuristic based etc.) and different malware detection tools (static, dynamic) area used in this paper to detect new generation malware. It is necessary to detect malware because the attacks of malware badly affect our economy and no one sector is untouched by it. The detection of malware is compulsory because it exploits goal devices vulnerabilities, along with a Trojan horse in valid software e.g. browser that may be hijacked. There are also different tools used for detection of malware like static or dynamic that we see in this paper. We also see different methods of detection of malware in android.
Authored by P.A. Selvaraj, M. Jagadeesan, T.M. Saravanan, Aniket Kumar, Anshu Kumar, Mayank Singh
With the development of network technologies, network intrusion has become increasing complex which makes the intrusion detection challenging. Traditional intrusion detection algorithms detect intrusion traffic through intrusion traffic characteristics or machine learning. These methods are inefficient due to the dependence of manual work. Therefore, in order to improve the efficiency and the accuracy, we propose an intrusion detection method based on deep learning. We integrate the Transformer and LSTM module with intrusion detection model to automatically detect network intrusion. The Transformer and LSTM can capture the temporal information of the traffic data which benefits to distinguish the abnormal data from normal data. We conduct experiments on the publicly available NSL-KDD dataset to evaluate the performance of our proposed model. The experimental results show that the proposed model outperforms other deep learning based models.
Authored by Zhipeng Zhang, Xiaotian Si, Linghui Li, Yali Gao, Xiaoyong Li, Jie Yuan, Guoqiang Xing
In the ever-evolving landscape of cybersecurity threats, Intrusion detection systems are critical in protecting network and server infrastructure in the ever-changing spectrum ofcybersecurity threats. This research introduces a hybrid detection approach that uses deep learning techniques to improve intrusion detection accuracy and efficiency. The proposed prototype combines the strength of the XGBoost and MaxPooling1D algorithms within an ensemble model, resulting in a stable and effective solution. Through the fusion of these methodologies, the hybrid detection system achieves superior performance in identifying and mitigating various types of intrusions. This paper provides an overview of the prototype s architecture, discusses the benefits of using deep learning in intrusion detection, and presents experimental results showcasing the system s efficacy.
Authored by Vishnu Kurnala, Swaraj Naik, Dhanush Surapaneni, Ch. Reddy
Network intrusion detection is a crucial task in ensuring the security and reliability of computer networks. In recent years, machine learning algorithms have shown promising results in identifying anomalous activities indicative of network intrusions. In the context of intrusion detection systems, novelty detection often receives limited attention within machine learning communities. This oversight can be attributed to the historical emphasis on optimizing performance metrics using established datasets, which may not adequately represent the evolving landscape of cyber threats. This research aims to compare four widely used novelty detection algorithms for network intrusion detection, namely SGDOneClassSVM, LocalOutlierDetection, EllipticalEnvelope Covariance, and Isolation Forest. Our experiments with the UNSW-NB15 dataset show that Isolation Forest was the best-performing algorithm with an F1-score of 0.723. The result shows that network-based intrusion detection systems are still challenging for novelty detection algorithms.
Authored by Maxmilian Halim, Baskoro Pratomo, Bagus Santoso
In cybersecurity, Intrusion Detection Systems (IDS) protect against emerging cyber threats. Combining signature-based and anomaly-based detection methods may improve IDS accuracy and reduce false positives. This research analyzes hybrid intrusion detection systems signature-based components performance and limitations. The paper begins with a detailed history of signature-based detection methods responding to changing threat situations. This research analyzes signature databases to determine their capacity to identify and guard against current threats and cover known vulnerabilities. The paper also examines the intricate relationship between signature-based detection and anomalybased techniques in hybrid IDS systems. This investigation examines how these two methodologies work together to uncover old and new attack strategies, focusing on zero-day vulnerabilities and polymorphic malware. A diverse dataset of network traffic and attack scenarios is used to test. Detection, false positives, and response times assess signature-based components. Comparative examinations investigate how signature-based detection affects system accuracy and efficiency. This research illuminates the role of signature-based aspects in hybrid intrusion detection systems. This study recommends integrating signature-based detection techniques with anomaly-based methods to improve hybrid intrusion detection systems (IDS) at recognizing and mitigating various cyber threats.
Authored by Moorthy Agoramoorthy, Ahamed Ali, D. Sujatha, Michael F, G. Ramesh
The network intrusion detection system capably safeguards our network environment from attacks. Yet, the relentless surge in bandwidth and inherent constraints within these systems often hinder detection, particularly in confrontations with substantial traffic volume. Hence, this paper introduces the IP-filtered multi-channel convolutional neural networks (IP-MCCLSTM), which filters traffic by IP, curtails system loading, and notably enhances detection efficiency. IP-MCCLSTM outperforms comparison methods in tests using the 2017CICIDS data set. The result shows IPMCCLSTM obtains 98.9\% accuracy and 99.7\% Macro-Recall rate, showcasing its potential as an avant-garde solution in intrusion detection.
Authored by Qin Feng, Zhang Lin, Liang Bing
Due to its adaptability and pay-per-use services, cloud computing has grown in popularity among businesses, but security and privacy issues are still very much present. Intruders can exploit vulnerabilities in the open and dispersed nature of cloud environments, leading to attacks that can damage entire projects within a short period of time. To address this issue, organizations need to implement effective intrusion detection systems (IDS) that can detect and alert administrators of any suspicious activities. There are three widely used methods for IDS: signature-based detection, anomaly-based detection, and hybrid detection. Hybrid detection, which combines the strengths of signature-based and anomaly-based detection, has been shown to produce superior results. IDS can be categorized into host- based IDS (HIDS), network-based IDS (NIDS), hypervisor-based IDS, and distributed IDS (DIDS), each with their own unique characteristics and benefits. The CICIDS2017 dataset provides a diverse set of attacks and benign traffic for researchers and practitioners to develop and evaluate IDS systems. Overall, putting in place a strong intrusion detection system is critical for maintaining the security and privacy of cloud-based projects, as well as ensuring their availability.
Authored by N Maheswaran, S Bose, Sourabh Sonny, M Araventh, Ganagaraju Tharun, Rajkumar J
The advancement of information technology is closely associated with various aspects of daily life, providing people with services for a comfortable life. As the network infrastructure expands to accommodate these services, it inevitably creates several vulnerable points susceptible to cyberattacks. Researchers have gained significant momentum by focusing on deep learning-based network intrusion detection. The development of a robust network intrusion detection system based on deep learning necessitates a substantial volume of data. Traditionally, collected data for centralized learning were transmitted to a central server for training the model. However, this approach causes concern regarding the potential compromise of the personal information contained within the raw data, thereby precipitating legal implications for vendors. Therefore, this paper proposes an ImprovedFedAvg, which enhances the existing FedAvg algorithm for network intrusion detection model. This method uses the full advantages of federated learning for data privacy preservation and significantly reduces the transmission of model weights while improving the performance of the model.
Authored by Beom-Su Lee, Jong-Wouk Kim, Mi-Jung Choi
In the face of a large number of network attacks, intrusion detection system can issue early warning, indicating the emergence of network attacks. In order to improve the traditional machine learning network intrusion detection model to identify the behavior of network attacks, improve the detection accuracy and accuracy. Convolutional neural network is used to construct intrusion detection model, which has better ability to solve complex problems and better adaptability of algorithm. In order to solve the problems such as dimension explosion caused by input data, the albino PCA algorithm is used to extract data features and reduce data dimensions. For the common problem of convolutional neural networks in intrusion detection such as overfitting, Dropout layers are added before and after the fully connected layer of CNN, and Sigmoid is selected as the intrusion classification prediction function. This reduces the overfitting, improves the robustness of the intrusion detection model, and enhances the fault tolerance and generalization ability of the model to improve the accuracy of the intrusion detection model. The effectiveness of the proposed method in intrusion detection is verified by comparison and analysis of numerical examples.
Authored by Peiqing Zhang, Guangke Tian, Haiying Dong
The use of computers and the internet has spread rapidly over the course of the past few decades. Every day, more and more peopleare coming to rely heavily on the internet. When it comes to the field of information security, the subject of security is one that is becoming an increasingly important focus. It is vital to design a powerful intrusion detection system in order to prevent computer hackers and other intruders from effectively getting into computer networks or systems. This can be accomplished by: (IDS). The danger and attack detection capabilities of the computer system are built into the intrusion detection system. Abuse has occurred and can be used to identify invasions when there is a deviation between a preset pattern of intrusion and an observedpattern of intrusion. An intrusion detection system (IDS) is a piece of hardware (or software) that is used to generate reports for a Management Station as well as monitor network and/or system activities for unethical behaviour or policy violations. In the current study, an approach known as machine learning is suggested as a possible paradigm for the development of a network intrusion detection system. The results of the experiment show that the strategy that was suggested improves the capability of intrusion detection.
Authored by Ajmeera Kiran, Wilson Prakash, Anand Kumar, Likhitha, Tammana Sameeratmaja, Ungarala Charan
In modern conditions, the relevance of the problem of assessing the information security risks for automated systems is increasing. Risk assessment is defined as a complex multi-stage task. Risk assessment requires prompt decision-making for effective information protection. To solve this problem, a method for automating risk assessment based on fuzzy cognitive maps is proposed. A fuzzy cognitive map is a model that can be represented as a directed graph in which concepts and connections between them have own weights. The automation process allows evaluate complex relationships between factors and threats, providing a more comprehensive risk assessment. The application of fuzzy cognitive maps proved to be an effective tool for automation, promptness, and quality in risk assessment.
Authored by Andrey Shaburov, Anna Ozhgibesova, Vsevolod Alekseev
The role of principals of schools facing digital transformation in and for the 21st century is to assure and promote effective use of digital technologies in all aspects of school functioning.
Authored by Valentina Kirinić, Nikolina Hrustek, Renata Mekovec
The increase in the usage of various computing and mobile devices has resulted in implementing large scale ad hoc networks as the user demand is on the rise and companies’ find it difficult to invest more in the IT infrastructure to meet the surging demand. The traditional model of networking enables the mobile devices to face various issues like lower bandwidth, mobility, security and storage et. Hence, in order to meet the overall service requirement and to enhance the overall efficiency of the network, cloud computing was introduced. The implementation of these devices tends to support in every node, it enhances better communication in a better range towards another nodes. There is a critical administration and support devices from everywhere in an effective manner.
Authored by Gowtham S, A. Shenbagharaman, B. Shunmugapriya, Sateesh Nagavarapu, Antonyuk Olga
In this paper, we present a novel statistical approach to assess and model data of water distribution network (WDN) failures which contain only few pieces of information, namely the number of failures in a month. The applied statistical method is known as the circular (directional) statistics. It concerns with angular/cyclical data in degrees or radians. The sample space is typically a circle or a sphere and due to the nature of the circular data, they cannot be analysed with commonly used statistical techniques. Circular data approaches can be adapted to analyse time-of-year data and year cycles. Using the methods of descriptive and inferential statistics for circular data, we show that the WDN failure data show a deviation from the uniform model and cannot be modelled by the parametric models. Therefore, we apply the nonparametric circular kernel density estimates to assess and model the data and predict the expected numbers of failures in the respective months of a year.
Authored by Kamila Hasilová, David Vališ
The growth of Electric Vehicles (EVs), coupled with the deployment of large-scale extreme fast charging stations (XFCSs), has increased the attack surface for EV ecosystems. To secure such critical cyber-physical systems (CPSs), it is imperative for the system defenders to perform an in-depth analysis of potential attack vectors, evaluate possible countermeasures, and analyze attack-defense scenarios quantitatively to implement a defense strategy that will provide maximum utilization of their limited resources. Therefore, a systematic framework is essential, relying on modeling tools that security experts are familiar with. In this paper, we propose a comprehensive methodology for enabling the defender to perform a high-level attack surface analysis of an XFCS and determine the defense strategy with the highest utility value. We apply STRIDE threat modeling and attack defense tree (ADT) to enumerate realizable attack paths and identify possible defense measures. We then employ analytic hierarchy process (AHP) as a multi-criteria decisionmaking algorithm to obtain the highest utility strategy for the defender to adopt. The proposed methodology is validated by demonstrating its real-world feasibility through a case study, using sample attack paths for an XFCS.
Authored by Souradeep Bhattacharya, Manimaran Govindarasu, Mansi Girdhar, Junho Hong
With technological advances, Cyber-Physical Systems (CPS), specifically critical infrastructures, have become strongly connected. Their exposure to cyber adversaries is higher than ever. The number of cyber-attacks perpetrated against critical infrastructure is growing in number and sophistication. The protection of such complex systems became of paramount importance. Resilience applied to critical infrastructures aims at protecting these vital systems from cyber-attacks and making them continue to deliver a certain level of performance, even when attacks occur. In this work, we explore new advances related to cyber-resilience applied to CPSs. We also explore the use of a metric to quantify the resilience of critical infrastructures. As a use case, we consider a water treatment system.
Authored by Romain Dagnas, Michel Barbeau, Maxime Boutin, Joaquin Garcia-Alfaro, Reda Yaich
Modern day cyber-infrastructures are critically dependent on each other to provide essential services. Current frameworks typically focus on the risk analysis of an isolated infrastructure. Evaluation of potential disruptions taking the heterogeneous cyber-infrastructures is vital to note the cascading disruption vectors and determine the appropriate interventions to limit the damaging impact. This paper presents a cyber-security risk assessment framework for the interconnected cyberinfrastructures. Our methodology is designed to be comprehensive in terms of accommodating accidental incidents and malicious cyber threats. Technically, we model the functional dependencies between the different architectures using reliability block diagrams (RBDs). RBDs are convenient, yet powerful graphical diagrams, which succinctly describe the functional dependence between the system components. The analysis begins by selecting a service from the many services that are outputted by the synchronized operation of the architectures whose disruption is deemed critical. For this service, we design an attack fault tree (AFT). AFT is a recent graphical formalism that combines the two popular formalisms of attack trees and fault trees. We quantify the attack-fault tree and compute the risk metrics – the probability of a disruption and the damaging impact. For this purpose, we utilize the open source ADTool. We show the efficacy of our framework with an example outage incident.
Authored by Rajesh Kumar
In this paper, a quantitative analysis method is proposed to calculate the risks from cyber-attacks focused on the domain of data security in the financial sector. Cybersecurity risks have increased in organizations due to the process of digital transformation they are going through, reflecting in a notorious way in the financial sector, where a considerable percentage of the attacks carried out on the various industries are concentrated. In this sense, risk assessment becomes a critical point for their proper management and, in particular, for organizations to have a risk analysis method that allows them to make cost-effective decisions. The proposed method integrates a layered architecture, a list of attacks to be prioritized, and a loss taxonomy to streamline risk analysis over the data security domain including: encryption, masking, deletion, and resiliency. The layered architecture considers: presentation layer, business logic layer, and data management layer. The method was validated and tested by 6 financial companies in Lima, Peru. The preliminary results identified the applicability of the proposed method collected through surveys of experts from the 6 entities surveyed, obtaining 85.7\% who consider that the proposed three-layer architecture contains the assets considered critical.
Authored by Alberto Alegria, Jorge Loayza, Arnaldo Montoya, Jimmy Armas-Aguirre
For modern industrial automation and control systems (IACS), it is a cybersecurity risk that provokes the most growing anxiety among other potential hazards. In order to manage the risk efficiently, a risk assessment is necessary. A standard CIA approach explores the confidentiality, integrity, and availability properties of assets. However, for IACS dealing with critical infrastructures, it is more crucial to investigate separately the availability part of the risk. Moreover, not assets but functions are particularly important. One of the major problems arising during the assessment is how to assign values for the availability property of IACS functions. For establishing the CIA values, techniques related to confidentiality and integrity seem to be quite evident and make just a minor issue to develop and employ. However, methods for assessing the availability property happen to be not obvious and not widely used. The article presents a metric helpful for the availability valuation. Inherently constructed to be applicable particularly to functions, not to assets, the metric will be found especially effective for IACS. Essentially based on delay as a measure, the metric is proved to be conformant to the IEC 62443 series availability interpretation and the general requirements for the cybersecurity metrics. For the metric to be accurately calculated, the availability reference model, dependency theory, and a theory of deterministic queuing systems Network calculus are proposed to be utilized. Applying Network calculus to the metric calculation, the article reveals that this problem can be reduced to the problem of obtaining sets of service curves.
Authored by A.A. Baybulatov, V.G. Promyslov
Cyber physical system (CPS) Critical infrastructures (CIs) like the power and energy systems are increasingly becoming vulnerable to cyber attacks. Mitigating cyber risks in CIs is one of the key objectives of the design and maintenance of these systems. These CPS CIs commonly use legacy devices for remote monitoring and control where complete upgrades are uneconomical and infeasible. Therefore, risk assessment plays an important role in systematically enumerating and selectively securing vulnerable or high-risk assets through optimal investments in the cybersecurity of the CPS CIs. In this paper, we propose a CPS CI security framework and software tool, CySec Game, to be used by the CI industry and academic researchers to assess cyber risks and to optimally allocate cybersecurity investments to mitigate the risks. This framework uses attack tree, attackdefense tree, and game theory algorithms to identify high-risk targets and suggest optimal investments to mitigate the identified risks. We evaluate the efficacy of the framework using the tool by implementing a smart grid case study that shows accurate analysis and feasible implementation of the framework and the tool in this CPS CI environment.
Authored by Burhan Hyder, Harrison Majerus, Hayden Sellars, Jonathan Greazel, Joseph Strobel, Nicholas Battani, Stefan Peng, Manimaran Govindarasu