Biblio

This Innovative Practice Work-in-Progress paper presents a virtual, proactive, and collaborative learning paradigm that can engage learners with different backgrounds and enable effective retention and transfer of the multidisciplinary AI-cybersecurity knowledge. While progress has been made to better understand the trustworthiness and security of artificial intelligence (AI) techniques, little has been done to translate this knowledge to education and training. There is a critical need to foster a qualified cybersecurity workforce that understands the usefulness, limitations, and best practices of AI technologies in the cybersecurity domain. To address this import issue, in our proposed learning paradigm, we leverage multidisciplinary expertise in cybersecurity, AI, and statistics to systematically investigate two cohesive research and education goals. First, we develop an immersive learning environment that motivates the students to explore AI/machine learning (ML) development in the context of real-world cybersecurity scenarios by constructing learning models with tangible objects. Second, we design a proactive education paradigm with the use of hackathon activities based on game-based learning, lifelong learning, and social constructivism. The proposed paradigm will benefit a wide range of learners, especially underrepresented students. It will also help the general public understand the security implications of AI. In this paper, we describe our proposed learning paradigm and present our current progress of this ongoing research work. In the current stage, we focus on the first research and education goal and have been leveraging cost-effective Minecraft platform to develop an immersive learning environment where the learners are able to investigate the insights of the emerging AI/ML concepts by constructing related learning modules via interacting with tangible AI/ML building blocks.

The development of new types of technology actualizes the issues of ensuring their information security. The aim of the work is to increase the security of the collective decision-making process in swarm robotic systems from negative impacts by identifying malicious robots. It is proposed to use confidence in choosing an alternative when reaching a consensus as a criterion for identifying malicious robots - a malicious robot, having a special behavior strategy, does not fully take into account the signs of the external environment and information from other robots, which means that such a robot will change its mind with characteristic features for each malicious strategy, and its degree of confidence will be different from the usual voting robot. The modeling performed and the obtained experimental data on three types of malicious behavioral strategies demonstrate the possibility of using the degree of confidence to identify malicious robots. The advantages of the approach are taking into account a large number of alternatives and universality, which lies in the fact that the method is based on the mechanisms of collective decision-making, which proceed in the same way on various hardware platforms of swarm robotic systems. The proposed method can serve as a basis for the development of more complex security mechanisms in swarm robotic systems.

Machine learning (ML) models are increasingly being used in the development of Malware Detection Systems. Existing research in this area primarily focuses on developing new architectures and feature representation techniques to improve the accuracy of the model. However, recent studies have shown that existing state-of-the art techniques are vulnerable to adversarial machine learning (AML) attacks. Among those, data poisoning attacks have been identified as a top concern for ML practitioners. A recent study on clean-label poisoning attacks in which an adversary intentionally crafts training samples in order for the model to learn a backdoor watermark was shown to degrade the performance of state-of-the-art classifiers. Defenses against such poisoning attacks have been largely under-explored. We investigate a recently proposed clean-label poisoning attack and leverage an ensemble-based Nested Training technique to remove most of the poisoned samples from a poisoned training dataset. Our technique leverages the relatively large sensitivity of poisoned samples to feature noise that disproportionately affects the accuracy of a backdoored model. In particular, we show that for two state-of-the art architectures trained on the EMBER dataset affected by the clean-label attack, the Nested Training approach improves the accuracy of backdoor malware samples from 3.42% to 93.2%. We also show that samples produced by the clean-label attack often successfully evade malware classification even when the classifier is not poisoned during training. However, even in such scenarios, our Nested Training technique can mitigate the effect of such clean-label-based evasion attacks by recovering the model's accuracy of malware detection from 3.57% to 93.2%.

Wireless Sensor networks can be composed of smart buildings, smart homes, smart grids, and smart mobility, and they can even interconnect all these fields into a large-scale smart city network. Software-Defined Networking is an ideal technology to realize Internet-of-Things (IoT) Network and WSN network requirements and to efficiently enhance the security of these networks. Software defines Networking (SDN) is used to support IoT and WSN related networking elements, additional security concerns rise, due to the elevated vulnerability of such deployments to specific types of attacks and the necessity of inter-cloud communication any IoT application would require. This work is a study of different security mechanisms available in SDN for IoT and WSN network secure communication. This work also formulates the problems when existing methods are implemented with different networks parameters.

The latest, modern security camera systems record numerous data at once. With the utilization of artificial intelligence, these systems can even compose an online attendance register of students present during the lectures. Data is primarily recorded on the hard disk of the NVR (Network Video Recorder), and in the long term, it is recommended to save the data in the blockchain. The purpose of the research is to demonstrate how university security cameras can be securely connected to the blockchain. This would be important for universities as this is sensitive student data that needs to be protected from unauthorized access. In my research, as part of the practical implementation, I therefore also use encryption methods and data fragmentation, which are saved at the nodes of the blockchain. Thus, even a DDoS (Distributed Denial of Service) type attack may be easily repelled, as data is not concentrated on a single, central server. To further increase security, it is useful to constitute a blockchain capable of its own data storage at the faculty itself, rather than renting data storage space, so we, ourselves may regulate the conditions of operation, and the policy of data protection. As a practical part of my research, therefore, I created a blockchain called UEDSC (Universities Data Storage Chain) where I saved the student's data.

On the one hand, laparoscopic surgery as medical state-of-the-art method is minimal invasive, and thus less stressful for patients. On the other hand, laparoscopy implies higher demands on physicians, such as mental load or preparation time, hence appropriate technical support is essential for quality and suc-cess. Medical Digital Twins provide an integrated and virtual representation of patients' and organs' data, and thus a generic concept to make complex information accessible by surgeons. In this way, minimal invasive surgery could be improved significantly, but requires also a much more complex software system to achieve the various resulting requirements. The biggest challenges for these systems are the safe and precise mapping of the digital twin to reality, i.e. dealing with deformations, movement and distortions, as well as balance out the competing requirement for intuitive and immersive user access and security. The case study ARAILIS is presented as a proof in concept for such a system and provides a starting point for further research. Based on the insights delivered by this prototype, a vision for future Medical Digital Twins in surgery is derived and discussed.

One of the major threats in the cyber security and networking world is a Distributed Denial of Service (DDoS) attack. With massive development in Science and Technology, the privacy and security of various organizations are concerned. Computer Intrusion and DDoS attacks have always been a significant issue in networked environments. DDoS attacks result in non-availability of services to the end-users. It interrupts regular traffic flow and causes a flood of flooded packets, causing the system to crash. This research presents a Machine Learning-based DDoS attack detection system to overcome this challenge. For the training and testing purpose, we have used the NSL-KDD Dataset. Logistic Regression Classifier, Support Vector Machine, K Nearest Neighbour, and Decision Tree Classifier are examples of machine learning algorithms which we have used to train our model. The accuracy gained are 90.4, 90.36, 89.15 and 82.28 respectively. We have added a feature called BOTNET Prevention, which scans for Phishing URLs and prevents a healthy device from being a part of the botnet.

Cloud computing provides a great platform for the users to utilize the various computational services in order accomplish their requests. However it is difficult to utilize the computational storage services for the file handling due to the increased protection issues. Here Distributed Denial of Service (DDoS) attacks are the most commonly found attack which will prevent from cloud service utilization. Thus it is confirmed that the DDoS attack detection and load balancing in cloud are most extreme issues which needs to be concerned more for the improved performance. This attained in this research work by measuring up the trust factors of virtual machines in order to predict the most trustable VMs which will be combined together to form the trustable source vector. After trust evaluation, in this work Bat algorithm is utilized for the optimal load distribution which will predict the optimal VM resource for the task allocation with the concern of budget. This method is most useful in the process of detecting the DDoS attacks happening on the VM resources. Finally prevention of DDOS attacks are performed by introducing the Fuzzy Extreme Learning Machine Classifier which will learn the cloud resource setup details based on which DDoS attack detection can be prevented. The overall performance of the suggested study design is performed in a Java simulation model to demonstrate the superiority of the proposed algorithm over the current research method.

Intrusion detection systems (IDS) are most efficient way of defending against network-based attacks aimed at system devices, especially wireless devices. These systems are used in almost all large-scale IT infrastructures components, and they effected with different types of network attacks such as DDoS attack. Distributed Denial of-Services (DDoS) attacks the protocols and systems that are intended to provide services (to the public) are inherently vulnerable to attacks like DDoS, which were launched against a number of important Internet sites where security precautions were in place.

This paper mainly explores the detection and defense of DDoS attacks in the SDN architecture of the 5G environment, and proposes a DDoS attack detection method based on the deep learning two-level model CNN-LSTM in the SDN network. Not only can it greatly improve the accuracy of attack detection, but it can also reduce the time for classifying and detecting network traffic, so that the transmission of DDoS attack traffic can be blocked in time to ensure the availability of network services.

From the past few years, DDoS attack incidents are continuously rising across the world. DDoS attackers have also shifted their target towards cloud environments as majority of services have shifted their operations to cloud. Various authors proposed distinct solutions to minimize the DDoS attacks effects on victim services and co-located services in cloud environments. In this work, we propose an approach by utilizing incoming request separation at the container-level. In addition, we advocate to employ scale-inside out [10] approach for all the suspicious requests. In this manner, we achieve the request serving of all the authenticated benign requests even in the presence of an attack. We also improve the usages of scale-inside out approach by applying it to a container which is serving the suspicious requests in a separate container. The results of our proposed technique show a significant decrease in the response time of benign users during the DDoS attack as compared with existing solutions.

Undoubtedly, technology has not only transformed our world of work and lifestyle, but it also carries with it a lot of security challenges. The Distributed Denial-of-Service (DDoS) attack is one of the most prominent attacks witnessed by cyberspace of the current era. This paper outlines several DDoS attacks, their mitigation stages, propagation of attacks, malicious codes, and finally provides redemptions of exhibiting normal and DDoS attacked scenarios. A case study of a SYN flooding attack has been exploited by using Metasploit. The utilization of CPU frame length and rate have been observed in normal and attacked phases. Preliminary results clearly show that in a normal scenario, CPU usage is about 20%. However, in attacked phases with the same CPU load, CPU execution overhead is nearly 90% or 100%. Thus, through this research, the major difference was found in CPU usage, frame length, and degree of data flow. Wireshark tool has been used for network traffic analyzer.

Embedded Systems - the hidden computers in our lives - are deployed in the billionths and are already in the focus of attackers. They pose security risks when not tested and maintained thoroughly. In recent years, fuzzing has become a promising technique for automated security testing of programs, which can generate tons of test inputs for a program. Fuzzing is hardly applied to embedded systems, because of their high diversity and closed character. During my research I want tackle that gap in fuzzing embedded systems - short: “Embedded Fuzzing”. My goal is to obtain insights of the embedded system during execution, by using common debugging interfaces and hardware breakpoints to enable guided fuzzing in a generic and widely applicable way. Debugging interfaces and hardware breakpoints are available for most common microcontrollers, generating a potential industry impact. Preliminary results show that the approach covers basic blocks faster than blackbox fuzzing. Additionally, it is source code agnostic and leaves the embedded firmware unaltered.

As a result of the inherent weaknesses of the wireless medium, ad hoc networks are susceptible to a broad variety of threats and assaults. As a direct consequence of this, intrusion detection, as well as security, privacy, and authentication in ad-hoc networks, have developed into a primary focus of current study. This body of research aims to identify the dangers posed by a variety of assaults that are often seen in wireless ad-hoc networks and provide strategies to counteract those dangers. The Black hole assault, Wormhole attack, Selective Forwarding attack, Sybil attack, and Denial-of-Service attack are the specific topics covered in this thesis. In this paper, we describe a trust-based safe routing protocol with the goal of mitigating the interference of black hole nodes in the course of routing in mobile ad-hoc networks. The overall performance of the network is negatively impacted when there are black hole nodes in the route that routing takes. As a result, we have developed a routing protocol that reduces the likelihood that packets would be lost as a result of black hole nodes. This routing system has been subjected to experimental testing in order to guarantee that the most secure path will be selected for the delivery of packets between a source and a destination. The invasion of wormholes into a wireless network results in the segmentation of the network as well as a disorder in the routing. As a result, we provide an effective approach for locating wormholes by using ordinal multi-dimensional scaling and round trip duration in wireless ad hoc networks with either sparse or dense topologies. Wormholes that are linked by both short route and long path wormhole linkages may be found using the approach that was given. In order to guarantee that this ad hoc network does not include any wormholes that go unnoticed, this method is subjected to experimental testing. In order to fight against selective forwarding attacks in wireless ad-hoc networks, we have developed three different techniques. The first method is an incentive-based algorithm that makes use of a reward-punishment system to drive cooperation among three nodes for the purpose of vi forwarding messages in crowded ad-hoc networks. A unique adversarial model has been developed by our team, and inside it, three distinct types of nodes and the activities they participate in are specified. We have shown that the suggested strategy that is based on incentives prohibits nodes from adopting an individualistic behaviour, which ensures collaboration in the process of packet forwarding. To guarantee that intermediate nodes in resource-constrained ad-hoc networks accurately convey packets, the second approach proposes a game theoretic model that uses non-cooperative game theory. This model is based on the idea that game theory may be used. This game reaches a condition of desired equilibrium, which assures that cooperation in multi-hop communication is physically possible, and it is this state that is discovered. In the third algorithm, we present a detection approach that locates malicious nodes in multihop hierarchical ad-hoc networks by employing binary search and control packets. We have shown that the cluster head is capable of accurately identifying the malicious node by analysing the sequences of packets that are dropped along the path leading from a source node to the cluster head. A lightweight symmetric encryption technique that uses Binary Playfair is presented here as a means of safeguarding the transport of data. We demonstrate via experimentation that the suggested encryption method is efficient with regard to the amount of energy used, the amount of time required for encryption, and the memory overhead. This lightweight encryption technique is used in clustered wireless ad-hoc networks to reduce the likelihood of a sybil attack occurring in such networks

Cyberattack on power system brings new challenges on the development of modern power system. Hackers may implement false data injection attack (FDIA) to cause unstable operating conditions of the power system. However, data from different power internet of things usually contains a lot of redundancy, making it difficult for current efficient discriminant model to precisely identify FDIA. To address this problem, we propose a deep learning network-based data fusion model to handle features from measurement data in power system. Proposed model includes a data enrichment module and a data fusion module. We firstly employ feature engineering technique to enrich features from power system operation in time dimension. Subsequently, a long short-term memory based autoencoder (LSTM-AE) is designed to efficiently avoid feature space explosion problem during data enriching process. Extensive experiments are performed on several classical attack detection models over the load data set from IEEE 14-bus system and simulation results demonstrate that fused data from proposed model shows higher detection accuracy with respect to the raw data.

At present, our English error correction algorithm is slightly general, the error correction ability is also very limited, and its accuracy rate is also low, so it is very necessary to improve. This article will further explore the problem of syntax error correction, and the corresponding algorithm model will also be proposed. Based on deep learning technology to improve the error correction rate of English grammar, put forward the corresponding solution, put forward the Sep2seq-based English grammar error correction system model, and carry out a series of rectifications to improve its efficiency and accuracy. The basic architecture of TensorFLOW is used to implement the model, and the success of the error correction algorithm model is proved, which brings great improvement and progress to the success of error correction.

In the 21st century, world-leading industries are under the accelerated development of digital transformation. Along with information and data resources becoming more transparent on the Internet, many new network technologies were introduced, but cyber-attack also became a severe problem in cyberspace. Over time, industrial control networks are also forced to join the nodes of the Internet. Therefore, cybersecurity is much more complicated than before, and suffering risk of browsing unknown websites also increases. To practice defenses against cyber-attack effectively, Cyber Range is the best platform to emulate all cyber-attacks and defenses. This article will use VMware virtual machine emulation technology, research cyber range systems under industrial control network architecture, and design and implement an industrial control cyber range system. Using the industrial cyber range to perform vulnerability analyses and exploits on web servers, web applications, and operating systems. The result demonstrates the consequences of the vulnerability attack and raises awareness of cyber security among government, enterprises, education, and other related fields, improving the practical ability to defend against cybersecurity threats.

With the development of computer technology and information security technology, computer networks will increasingly become an important means of information exchange, permeating all areas of social life. Therefore, recognizing the vulnerabilities and potential threats of computer networks as well as various security problems that exist in reality, designing and researching computer quality architecture, and ensuring the security of network information are issues that need to be resolved urgently. The purpose of this article is to study the design and realization of information security technology and computer quality system structure. This article first summarizes the basic theory of information security technology, and then extends the core technology of information security. Combining the current status of computer quality system structure, analyzing the existing problems and deficiencies, and using information security technology to design and research the computer quality system structure on this basis. This article systematically expounds the function module data, interconnection structure and routing selection of the computer quality system structure. And use comparative method, observation method and other research methods to design and research the information security technology and computer quality system structure. Experimental research shows that when the load of the computer quality system structure studied this time is 0 or 100, the data loss rate of different lengths is 0, and the correct rate is 100, which shows extremely high feasibility.

As cyber-physical systems are becoming more wide spread, it is imperative to secure these systems. In the real world these systems produce large amounts of data. However, it is generally impractical to test security techniques on operational cyber-physical systems. Thus, there exists a need to have realistic systems and data for testing security of cyber-physical systems [1]. This is often done in testbeds and cyber ranges. Most cyber ranges and testbeds focus on traditional network systems and few incorporate cyber-physical components. When they do, the cyber-physical components are often simulated. In the systems that incorporate cyber-physical components, generally only the network data is analyzed for attack detection and diagnosis. While there is some study in using physical signals to detect and diagnosis attacks, this data is not incorporated into current testbeds and cyber ranges. This study surveys currents testbeds and cyber ranges and demonstrates a prototype testbed that includes cyber-physical components and sensor data in addition to traditional cyber data monitoring.

In today's society, with the continuous development of artificial intelligence, artificial intelligence technology plays an increasingly important role in social and economic development, and hass become the fastest growing, most widely used and most influential high-tech in the world today one. However, at the same time, information technology has also brought threats to network security to the entire network world, which makes information systems also face huge and severe challenges, which will affect the stability and development of society to a certain extent. Therefore, comprehensive analysis and research on information system security is a very necessary and urgent task. Through the security assessment of the information system, we can discover the key hidden dangers and loopholes that are hidden in the information source or potentially threaten user data and confidential files, so as to effectively prevent these risks from occurring and provide effective solutions; at the same time To a certain extent, prevent virus invasion, malicious program attacks and network hackers' intrusive behaviors. This article adopts the experimental analysis method to explore how to apply the most practical, advanced and efficient artificial intelligence theory to the information system security assessment management, so as to further realize the optimal design of the information system security assessment management system, which will protect our country the information security has very important meaning and practical value. According to the research results, the function of the experimental test system is complete and available, and the security is good, which can meet the requirements of multi-user operation for security evaluation of the information system.

Cyber-security incidents have grown significantly in modern networks, far more diverse and highly destructive and disruptive. According to the 2021 Cyber Security Statistics Report [1], cybercrime is up 600% during this COVID pandemic, the top attacks are but are not confined to (a) sophisticated phishing emails, (b) account and DNS hijacking, (c) targeted attacks using stealth and air gap malware, (d) distributed denial of services (DDoS), (e) SQL injection. Additionally, 95% of cyber-security breaches result from human error, according to Cybint Report [2]. The average time to identify a breach is 207 days as per Ponemon Institute and IBM, 2022 Cost of Data Breach Report [3]. However, various preventative controls based on cyber-security risk estimation and awareness results decrease most incidents, but not all. Further, any incident detection delay and passive actions to cyber-security incidents put the organizational assets at risk. Therefore, the cyber-security incident management system has become a vital part of the organizational strategy. Thus, the authors propose a framework to converge a "Security Operation Center" (SOC) and a "Network Operations Center" (NOC) in an "Integrated Network Security Operation Center" (INSOC), to overcome cyber-threat detection and mitigation inefficiencies in the near-real-time scenario. We applied the People, Process, Technology, Governance and Compliance (PPTGC) approach to develop the INSOC conceptual framework, according to the requirements we formulated for its operation [4], [5]. The article briefly describes the INSOC conceptual framework and its usefulness, including the central area of the PPTGC approach while designing the framework.

Malware detection and analysis can be a burdensome task for incident responders. As such, research has turned to machine learning to automate malware detection and malware family classification. Existing work extracts and engineers static and dynamic features from the malware sample to train classifiers. Despite promising results, such techniques assume that the analyst has access to the malware executable file. Self-deleting malware invalidates this assumption and requires analysts to find forensic evidence of malware execution for further analysis. In this paper, we present and evaluate an approach to detecting malware that executed on a Windows target and further classify the malware into its associated family to provide semantic insight. Specifically, we engineer features from the Windows prefetch file, a file system forensic artifact that archives process information. Results show that it is possible to detect the malicious artifact with 99% accuracy; furthermore, classifying the malware into a fine-grained family has comparable performance to techniques that require access to the original executable. We also provide a thorough security discussion of the proposed approach against adversarial diversity.

The object detection tasks based on edge computing have received great attention. A common concern hasn't been addressed is that edge may be unreliable and uploads the incorrect data to cloud. Existing works focus on the consistency of the transmitted data by edge. However, in cases when the inputs and the outputs are inherently different, the authenticity of data processing has not been addressed. In this paper, we first simply model the tampering detection. Then, bases on the feature insertion and game theory, the tampering detection and economic incentives mechanism (TDEI) is proposed. In tampering detection, terminal negotiates a set of features with cloud and inserts them into the raw data, after the cloud determines whether the results from edge contain the relevant information. The honesty incentives employs game theory to instill the distrust among different edges, preventing them from colluding and thwarting the tampering detection. Meanwhile, the subjectivity of nodes is also considered. TDEI distributes the tampering detection to all edges and realizes the self-detection of edge results. Experimental results based on the KITTI dataset, show that the accuracy of detection is 95% and 80%, when terminal's additional overhead is smaller than 30% for image and 20% for video, respectively. The interference ratios of TDEI to raw data are about 16% for video and 0% for image, respectively. Finally, we discuss the advantage and scalability of TDEI.

The issues of development and legal regulation of cybersecurity in Ukraine are considered. The expediency of further improvement of the regulatory framework, its implementation and development of cybersecurity systems is substantiated. Further development of the theoretical base of cyber defense using spline functions is proposed. The characteristics of network traffic are considered from the point of view of detecting DDoS cyber attacks (SYN-Flood, ICMP-Flood, UDP-Flood) and predicting DDoS cyber-attacks using spline functions. The spline extrapolation method makes it possible to predict DDoS cyber attacks with great accuracy.

Wireless sensor networks are used in many areas such as war field surveillance, monitoring of patient, controlling traffic, environmental and building surveillance. Wireless technology, on the other hand, brings a load of new threats with it. Because WSNs communicate across radio frequencies, they are more susceptible to interference than wired networks. The authors of this research look at the goals of WSNs in terms of security as well as DDOS attacks. The majority of techniques are available for detecting DDOS attacks in WSNs. These alternatives, on the other hand, stop the assault after it has begun, resulting in data loss and wasting limited sensor node resources. The study finishes with a new method for detecting the UDP Reflection Amplification Attack in WSN, as well as instructions on how to use it and how to deal with the case.