Cybersecurity is the practice of preventing cyberattacks on vital infrastructure and private data. Government organisations, banks, hospitals, and every other industry sector are increasingly investing in cybersecurity infrastructure to safeguard their operations and the millions of consumers who entrust them with their personal information. Cyber threat activity is alarming in a world where businesses are more interconnected than ever before, raising concerns about how well organisations can protect themselves from widespread attacks. Threat intelligence solutions employ Natural Language Processing to read and interpret the meaning of words and technical data in various languages and find trends in them. It is becoming increasingly precise for machines to analyse various data sources in multiple languages using NLP. This paper aims to develop a system that targets software vulnerability detection as a Natural Language Processing (NLP) problem with source code treated as texts and addresses the automated software vulnerability detection with recent advanced deep learning NLP models. We have created and compared various deep learning models based on their accuracy and the best performer achieved 95\% accurate results. Furthermore we have also made an effort to predict which vulnerability class a particular source code belongs to and also developed a robust dashboard using FastAPI and ReactJS.

The increasing number of security vulnerabilities has become an important problem that needs to be solved urgently in the field of software security, which means that the current vulnerability mining technology still has great potential for development. However, most of the existing AI-based vulnerability detection methods focus on designing different AI models to improve the accuracy of vulnerability detection, ignoring the fundamental problems of data-driven AI-based algorithms: first, there is a lack of sufficient high-quality vulnerability data; second, there is no unified standardized construction method to meet the standardized evaluation of different vulnerability detection models. This all greatly limits security personnel’s in-depth research on vulnerabilities. In this survey, we review the current literature on building high-quality vulnerability datasets, aiming to investigate how state-of-the-art research has leveraged data mining and data processing techniques to generate vulnerability datasets to facilitate vulnerability discovery. We also identify the challenges of this new field and share our views on potential research directions.

Attacks against computer system are viewed to be the most serious threat in the modern world. A zero-day vulnerability is an unknown vulnerability to the vendor of the system. Deep learning techniques are widely used for anomaly-based intrusion detection. The technique gives a satisfactory result for known attacks but for zero-day attacks the models give contradictory results. In this work, at first, two separate environments were setup to collect training and test data for zero-day attack. Zero-day attack data were generated by simulating real-time zero-day attacks. Ranking of the features from the train and test data was generated using explainable AI (XAI) interface. From the collected training data more attack data were generated by applying time series generative adversarial network (TGAN) for top 12 features. The train data was concatenated with the AWID dataset. A hybrid deep learning model using Long short-term memory (LSTM) and Convolutional neural network (CNN) was developed to test the zero-day data against the GAN generated concatenated dataset and the original AWID dataset. Finally, it was found that the result using the concatenated dataset gives better performance with 93.53\% accuracy, where the result from only AWID dataset gives 84.29\% accuracy.

Cyber threats have been a major issue in the cyber security domain. Every hacker follows a series of cyber-attack stages known as cyber kill chain stages. Each stage has its norms and limitations to be deployed. For a decade, researchers have focused on detecting these attacks. Merely watcher tools are not optimal solutions anymore. Everything is becoming autonomous in the computer science field. This leads to the idea of an Autonomous Cyber Resilience Defense algorithm design in this work. Resilience has two aspects: Response and Recovery. Response requires some actions to be performed to mitigate attacks. Recovery is patching the flawed code or back door vulnerability. Both aspects were performed by human assistance in the cybersecurity defense field. This work aims to develop an algorithm based on Reinforcement Learning (RL) with a Convoluted Neural Network (CNN), far nearer to the human learning process for malware images. RL learns through a reward mechanism against every performed attack. Every action has some kind of output that can be classified into positive or negative rewards. To enhance its thinking process Markov Decision Process (MDP) will be mitigated with this RL approach. RL impact and induction measures for malware images were measured and performed to get optimal results. Based on the Malimg Image malware, dataset successful automation actions are received. The proposed work has shown 98\% accuracy in the classification, detection, and autonomous resilience actions deployment.

AssessJet mainly deals with the vulnerability assessment of websites which is passed as the input. The process of detection and assorting the security threats is known as Vulnerability assessment. Security vulnerabilities can be identified by using appropriate security scanning tools on the back-end. This system produces an extensive report that includes various security threats a website in detail which are likely to be faced by the particular website. Report is to be generated in such a way that the client can understand it easily. Using AssessJet, bugs in websites and web applications, including those under development can be identified.

Unlike traditional defense concepts, active defense is an asymmetric defense concept. It can not only identify potential threats in advance and nip them in the bud but also increase the attack cost of unknown threats by using change, interference, deception, or other means. Although active defense can reverse the asymmetric situation between attacks and defenses, current active defense technologies have two shortcomings: (i) they mainly aim at detecting attacks and increasing the cost of attacks without addressing the underlying problem; and (ii) they have problems such as high deployment costs and compromised system operational efficiency. This paper proposes an active defense architecture based on trap vulnerability with vulnerability as the core and introduces its design concept and specific implementation scheme. We deploy “traps” in the system to lure and find attackers while combining built-in detection, rejection, and traceback mechanisms to protect the system and trace the source of the attack.

Vulnerability Detection 2022 - Cross-site scripting attacks, as a means of attack against Web applications, are widely used in phishing, information theft and other fields by unscrupulous people because of their wide targeting and hidden implementation methods. Nevertheless, cross-site scripting vulnerability detection is still in its infancy, with plenty of challenges not yet fully explored. In this paper, we propose Crawler-based Cross Site Scripting Detector, a tool based on crawler technology that can effectively detect stored Cross Site Scripting vulnerabilities and reflected Cross Site Scripting vulnerabilities. Subsequently, in order to verify the effectiveness of the tool, we experim ented this tool with existing tools such as XSSer and Burp Suite by selecting 100 vulnerable websites for the tool s efficiency, false alarm rate and underreporting rate. The results show that our tool can effectively detect Cross Site Scripting vulnerabilities.

Vulnerability Detection 2022 - The power industrial control system is an important part of the national critical Information infrastructure. Its security is related to the national strategic security and has become an important target of cyber attacks. In order to solve the problem that the vulnerability detection technology of power industrial control system cannot meet the requirement of non-destructive, this paper proposes an industrial control vulnerability analysis technology combined with dynamic and static analysis technology. On this basis, an industrial control non-destructive vulnerability detection system is designed, and a simulation verification platform is built to verify the effectiveness of the industrial control non-destructive vulnerability detection system. These provide technical support for the safety protection research of the power industrial control system.

Vulnerability Detection 2022 - Aiming at the fact that the existing source code vulnerability detection methods did not explicitly maintain the semantic information related to the vulnerability in the source code, which made it difficult for the vulnerability detection model to extract the vulnerability sentence features and had a high detection false positive rate, a source code vulnerability detection method based on the vulnerability dependency graph is proposed. Firstly, the candidate vulnerability sentences of the function were matched, and the vulnerability dependency representation graph corresponding to the function was generated by analyzing the multi-layer control dependencies and data dependencies of the candidate vulnerability sentences. Secondly, abstracted the function name and variable name of the code sentences node and generated the initial representation vector of the code sentence nodes in the vulnerability dependency representation graph. Finally, the source code vulnerability detection model based on the heterogeneous graph transformer was used to learn the context information of the code sentence nodes in the vulnerability dependency representation graph. In this paper, the proposed method was verified on three datasets. The experimental results show that the proposed method have better performance in source code vulnerability detection, and the recall rate is increased by 1.50\%\textasciitilde22.27\%, and the F1 score is increased by 1.86\%\textasciitilde16.69\%, which is better than the existing methods.

Vulnerability Detection 2022 - Aiming at the problems of low detection accuracy and poor robustness of the existing zero-speed detection methods, an effective gait cycle segmentation method is adopted and a Bayesian network model based on inertial sensor measurements and kinematics knowledge is introduced to infer the zero-speed interval; The method can effectively reduce the ambiguity of the zero velocity (ZV) boundary. S upport vector machine has the advantages of versatility, simple calculation, high operation efficiency and perfect theory. It is a relatively mature and efficient algorithm in the current network security situation algorithm. And a looped Bayesian network model for probabilistic safety assessment of simple feedback control systems is established.

Vulnerability Detection 2022 - With the booming development of deep learning and machine learning, the use of neural networks for software source code security vulnerability detection has become a hot pot in the field of software security. As a data structure, graphs can adequately represent the complex syntactic information, semantic information, and dependencies in software source code. In this paper, we propose the MPGVD model based on the idea of text classification in natural language processing. The model uses BERT for source code pre-training, transforms graphs into corresponding feature vectors, uses MPNN (Message Passing Neural Networks) based on graph neural networks in the feature extraction phase, and finally outputs the detection results. Our proposed MPGVD, compared with other existing vulnerability detection models on the same dataset CodeXGLUE, obtain the highest detection accuracy of 64.34\%.

Vulnerability Detection 2022 - For the last few decades, the number of security vulnerabilities has been increasing with the development of web applications. The domain of Web Applications is evolving. As a result, many empirical studies have been carried out to address different security vulnerabilities. However, an analysis of existing studies is needed before developing new security vulnerability testing techniques. We perform a systematic mapping study documenting state-of-the-art empirical research in web application security vulnerability detection. The aim is to describe a roadmap for synthesizing the documented empirical research. Existing research and literature have been reviewed using a systematic mapping study. Our study reports on work dating from 2001 to 2021. The initial search retrieved 150 papers from the IEEE Xplore and ACM Digital Libraries, of which 76 were added to the study. A classification scheme is derived based on the primary studies. The study demonstrates that vulnerability detection in web applications is an ongoing field of research and that the number of publications is increasing. Our study helps illuminate research areas that need more consideration.

Vulnerability Detection 2022 - Vulnerability detection has always been an essential part of maintaining information security, and the existing work can significantly improve the performance of vulnerability detection. However, due to the differences in representation forms and deep learning models, various methods still have some limitations. In order to overcome this defect, We propose a vulnerability detection method VDBWGDL, based on weight graphs and deep learning. Firstly, it accurately locates vulnerability-sensitive keywords and generates variant codes that satisfy vulnerability trigger logic and programmer programming style through code variant methods. Then, the control flow graph is sliced for vulnerable code keywords and program critical statements. The code block is converted into a vector containing rich semantic information and input into the weight map through the deep learning model. According to specific rules, different weights are set for each node. Finally, the similarity is obtained through the similarity comparison algorithm, and the suspected vulnerability is output according to different thresholds. VDBWGDL improves the accuracy and F1 value by 3.98\% and 4.85\% compared with four state-of-the-art models. The experimental results prove the effectiveness of VDBWGDL.

Vulnerability Detection 2022 - The increasing number of software vulnerabilities pose serious security attacks and lead to system compromise, information leakage or denial of service. It is a challenge to further improve the vulnerability detection technique. Nowadays most applications are implemented using C/C++. In this paper we focus on the detection of overflow vulnerabilities in C/C++ source code. A novel scheme named VulMiningBGS (Vulnerability Mining Based on Graph Similarity) is proposed. We convert the source code into Top N-Weighted Range Sum Feature Graph (TN-WRSFG), and graph similarity comparisons based on source code level can be effectively carried on to detect possible vulnerabilities. Three categories of vulnerabilities in the Juliet test suite are used, i.e., CWE121, CWE122 and CWE190, with four indicators for performance evaluation (precision, recall, accuracy and F1\_score). Experimental results show that our scheme outperforms the traditional methods, and is effective in the overflow vulnerability detection for C/C++ source code.

Vulnerability Detection 2022 - The increasing number of security vulnerabilities has become an important problem that needs to be solved urgently in the field of software security, which means that the current vulnerability mining technology still has great potential for development. However, most of the existing AI-based vulnerability detection methods focus on designing different AI models to improve the accuracy of vulnerability detection, ignoring the fundamental problems of data-driven AI-based algorithms: first, there is a lack of sufficient high-quality vulnerability data; second, there is no unified standardized construction method to meet the standardized evaluation of different vulnerability detection models. This all greatly limits security personnel’s in-depth research on vulnerabilities. In this survey, we review the current literature on building high-quality vulnerability datasets, aiming to investigate how state-of-the-art research has leveraged data mining and data processing techniques to generate vulnerability datasets to facilitate vulnerability discovery. We also identify the challenges of this new field and share our views on potential research directions.

Network Reconnaissance - Web applications are frequent targets of attack due to their widespread use and round the clock availability. Malicious users can exploit vulnerabilities in web applications to steal sensitive information, modify and destroy data as well as deface web applications. The process of exploiting web applications is a multi-step process and the first step in an attack is reconnaissance, in which the attacker tries to gather information about the target web application. In this step, the attacker uses highly efficient automated scanning tools to scan web applications. Following reconnaissance, the attacker proceeds to vulnerability scanning and subsequently attempts to exploit the vulnerabilities discovered to compromise the web application. Detection of reconnaissance scans by malicious users can be combined with other traditional intrusion detection and prevention systems to improve the security of web applications. In this paper, a method for detecting reconnaissance scans through analysis of web server access logs is proposed. The proposed approach uses an LSTM network based deep learning approach for detecting reconnaissance scans. Experiments conducted show that the proposed approach achieves a mean precision, recall and f1-score of 0.99 over three data sets and precision, recall and f1-score of 0.97, 0.96 and 0.96 over the combined dataset.

Network Coding - Precise binary code vulnerability detection is a significant research topic in software security. Currently, the majority of software is released in binary form, and the corresponding vulnerability detection approaches for binary code are desired. Existing deep learning-based detection techniques can only detect binary code vulnerabilities but cannot precisely identify the types of vulnerabilities. This paper proposes a Binary code-based Hybrid neural network for Multiclass Vulnerability Detection, dubbed BHMVD. BHMVD generates binary slices according to the control dependence and data dependence of library/API function calls, and then extracts syntax features from binary slices to generate type slices, which can help identify vulnerability types. This paper uses a hybrid neural network of CNN-BLSTM to extract vulnerability features from binary and type slices. The former extracts local features, while the latter extracts global features. Experiment results on 19 types of vulnerabilities show that BHMVD is effective for binary code-based multiclass vulnerability detection, and using a hybrid neural network can improve detection ability.

Natural Language Processing - Rule-based Web vulnerability detection is the most common method, usually based on the analysis of the website code and the feedback on detection of the target. In the process, large amount of contaminated data and network pressure will be generated, the false positive rate is high. This study implements a detection platform on the basis of the crawler and NLP. We use the crawler obtain the HTTP request on the target system firstly, classify the dataset according to whether there is parameter and whether the samples get to interact with a database. then we convert text word vector, carries on the dimensionality of serialized, through train dataset by NLP algorithm, finally obtain a model that can accurately predict Web vulnerabilities. Experimental results show that this method can detect Web vulnerabilities efficiently, greatly reduce invalid attack test parameters, and reduce network pressure.

Natural Language Processing - Application code analysis and static rules are the most common methods for Web vulnerability detection, but this process will generate a large amount of contaminated data and network pressure, the false positive rate is high. This study implements a detection system on the basis of the crawler and NLP. The crawler visits page in imitation of a human, we collect the HTTP request and response as dataset, classify the dataset according to parameter characteristic and whether the samples get to interact with a database, then we convert text word vector, reduce the dimension and serialized them, through train dataset by NLP algorithm, finally we obtain a model that can accurately predict Web vulnerabilities. Experimental results show that this method can detect Web vulnerabilities efficiently, greatly reduce invalid attack test parameters, and reduce network pressure.

Measurement and Metrics Testing - Nowadays, attackers are increasingly using UseAfter-Free(UAF) vulnerabilities to create threats against software security. Existing static approaches for UAF detection are capable of finding potential bugs in the large code base. In most cases, analysts perform manual inspections to verify whether the warnings detected by static analysis are real vulnerabilities. However, due to the complex constraints of constructing UAF vulnerability, it is very time and cost-intensive to screen all warnings. In fact, many warnings should be discarded before the manual inspection phase because they are almost impossible to get triggered in real-world, and it is often overlooked by current static analysis techniques.

MANET Attack Prevention - All across the world, majority of humans rely upon wireless ADHOC network. So, it turns into the maximum priority to lessen the vulnerability of wireless network. Wireless networks are exposed to many distinct varieties of attacks out of which wormhole attack is most dangerous. Unlike many different attacks on ad hoc routing, wormhole attack could be very effective and cannot be avoided with cryptographic approach due to the fact intruders do now no longer modify the packet data, it replays the packets. An intentionally positioned wormhole can cause a significant breakdown in communication. An analysis was performed in this study that removed wormhole attacks from MANET using changes to the AODV routing protocol. We have used Smart Packet Detection and Prevention Technique (SPDPT) to remove Wormhole. We have examined simulation parameters such as packet delivery ratio, end-to-end delay, energy consumption, and throughput.

Insider Threat - Among the greatest obstacles in cybersecurity is insider threat, which is a well-known massive issue. This anomaly shows that the vulnerability calls for specialized detection techniques, and resources that can help with the accurate and quick detection of an insider who is harmful. Numerous studies on identifying insider threats and related topics were also conducted to tackle this problem are proposed. Various researches sought to improve the conceptual perception of insider risks. Furthermore, there are numerous drawbacks, including a dearth of actual cases, unfairness in drawing decisions, a lack of self-optimization in learning, which would be a huge concern and is still vague, and the absence of an investigation that focuses on the conceptual, technological, and numerical facets concerning insider threats and identifying insider threats from a wide range of perspectives. The intention of the paper is to afford a thorough exploration of the categories, levels, and methodologies of modern insiders based on machine learning techniques. Further, the approach and evaluation metrics for predictive models based on machine learning are discussed. The paper concludes by outlining the difficulties encountered and offering some suggestions for efficient threat identification using machine learning.

Industrial Control Systems - The power industrial control system is an important part of the national critical Information infrastructure. Its security is related to the national strategic security and has become an important target of cyber attacks. In order to solve the problem that the vulnerability detection technology of power industrial control system cannot meet the requirement of non-destructive, this paper proposes an industrial control vulnerability analysis technology combined with dynamic and static analysis technology. On this basis, an industrial control non-destructive vulnerability detection system is designed, and a simulation verification platform is built to verify the effectiveness of the industrial control non-destructive vulnerability detection system. These provide technical support for the safety protection research of the power industrial control system.

Vehicular Ad-hoc Networks (VANET) are capable of offering inter and intra-vehicle wireless communication among mobility aware computing systems. Nodes are linked by applying concepts of mobile ad hoc networks. VANET uses cases empower vehicles to link to the network to aggregate and process messages in real-time. The proposed paper addresses a security vulnerability known as Sybil attack, in which numerous fake nodes broadcast false data to the neighboring nodes. In VANET, mobile nodes continuously change their network topology and exchange location sensor-generated data in real time. The basis of the presented technique is source testing that permits the scalable identification of Sybil nodes, without necessitating any pre-configuration, which was conceptualized from a comparative analysis of preceding research in the literature.

While digitization of distribution grids through information and communications technology brings numerous benefits, it also increases the grid's vulnerability to serious cyber attacks. Unlike conventional systems, attacks on many industrial control systems such as power grids often occur in multiple stages, with the attacker taking several steps at once to achieve its goal. Detection mechanisms with situational awareness are needed to detect orchestrated attack steps as part of a coherent attack campaign. To provide a foundation for detection and prevention of such attacks, this paper addresses the detection of multi-stage cyber attacks with the aid of a graph-based cyber intelligence database and alert correlation approach. Specifically, we propose an approach to detect multi-stage attacks by lever-aging heterogeneous data to form a knowledge base and employ a model-based correlation approach on the generated alerts to identify multi-stage cyber attack sequences taking place in the network. We investigate the detection quality of the proposed approach by using a case study of a multi-stage cyber attack campaign in a future-orientated power grid pilot.