Biblio

In recent years, cyber attackers are targeting the power system and imposing different damages to the national economy and public safety. False Data Injection Attack (FDIA) is one of the main types of Cyber-Physical attacks that adversaries can manipulate power system measurements and modify system data. Consequently, it may result in incorrect decision-making and control operations and lead to devastating effects. In this paper, we propose a two-stage detection method. In the first step, Gated Recurrent Unit (GRU), as a deep learning algorithm, is employed to forecast the data for the future horizon. Meanwhile, hyperparameter optimization is implemented to find the optimum parameters (i.e., number of layers, epoch, batch size, β1, β2, etc.) in the supervised learning process. In the second step, an unsupervised scoring algorithm is employed to find the sequences of false data. Furthermore, two penalty factors are defined to prevent the objective function from greedy behavior. We assess the capability of the proposed false data detection method through simulation studies on a real-world data set (ComEd. dataset, Northern Illinois, USA). The results demonstrate that the proposed method can detect different types of attacks, i.e., scaling, simple ramp, professional ramp, and random attacks, with good performance metrics (i.e., recall, precision, F1 Score). Furthermore, the proposed deep learning method can mitigate false data with the estimated true values.

In recent years web applications that are hacked every day estimated to be 30 000, and in most cases, web developers or website owners do not even have enough knowledge about what is happening on their sites. Web hackers can use many attacks to gain entry or compromise legitimate web applications, they can also deceive people by using phishing sites to collect their sensitive and private information. In response to this, the need is raised to take proper measures to understand the risks and be aware of the vulnerabilities that may affect the website and hence the normal business flow. In the scope of this study, mitigations against the most common web application attacks are set, and the web administrator is provided with ways to detect phishing links which is a social engineering attack, the study also demonstrates the generation of web application logs that simplifies the process of analyzing the actions of abnormal users to show when behavior is out of bounds, out of scope, or against the rules. The methods of mitigation are accomplished by secure coding techniques and the methods for phishing link detection are performed by various machine learning algorithms and deep learning techniques. The developed application has been tested and evaluated against various attack scenarios, the outcomes obtained from the test process showed that the website had successfully mitigated these dangerous web application attacks, and for the detection of phishing links part, a comparison is made between different algorithms to find the best one, and the outcome of the best model gave 98% accuracy.

Recently, as a result of the COVID-19 pandemic, the internet service has seen an upsurge in use. As a result, the usage of cloud computing apps, which offer services to end users on a subscription basis, rises in this situation. However, the availability and efficiency of cloud computing resources are impacted by DDoS attacks, which are designed to disrupt the availability and processing power of cloud computing services. Because there is no effective way for detecting or filtering DDoS attacks, they are a dependable weapon for cyber-attackers. Recently, researchers have been experimenting with machine learning (ML) methods in order to create efficient machine learning-based strategies for detecting DDoS assaults. In this context, we propose a technique for detecting DDoS attacks in a cloud computing environment using big data and deep learning algorithms. The proposed technique utilises big data spark technology to analyse a large number of incoming packets and a deep learning machine learning algorithm to filter malicious packets. The KDDCUP99 dataset was used for training and testing, and an accuracy of 99.73% was achieved.

The Internet of Battlefield Things is a relatively new cyberphysical system and even though it shares a lot of concepts from the Internet of Things and wireless ad hoc networking in general, a lot of research is required to address its scale and peculiarities. In this article we examine a fundamental problem pertaining to the routing/dissemination of information, namely the construction of a backbone. We model an IoBT ad hoc network as a multilayer network and employ the concept of domination for multilayer networks which is a complete departure from the volume of earlier works, in order to select sets of nodes that will support the routing of information. Even though there is huge literature on similar topics during the past many years, the problem in military (IoBT) networks is quite different since these wireless networks are multilayer networks and treating them as a single (flat) network or treating each layer in isolation and calculating dominating set produces submoptimal or bad solutions; thus all the past literature which deals with single layer (flat) networks is in principle inappropriate. We design a new, distributed algorithm for calculating connected dominating sets which produces dominating sets of small cardinality. We evaluate the proposed algorithm on synthetic topologies, and compare it against the only two existing competitors. The proposed algorithm establishes itself as the clear winner in all experiments.

The rapid advancement of IoT technologies has led to its flexible adoption in battle field networks, known as Internet of Battlefield Things (IoBT) networks. One important application of IoBT networks is the weather sensory network characterized with a variety of weather, land and environmental sensors. This data contains hidden trends and correlations, needed to provide situational awareness to soldiers and commanders. To interpret the incoming data in real-time, machine learning algorithms are required to automate strategic decision-making. Existing solutions are not well-equipped to provide the fine-grained feedback to military personnel and cannot facilitate a scalable, end-to-end platform for fast unlabeled data collection, cleaning, querying, analysis and threats identification. In this work, we present a scalable end-to-end IoBT data driven platform for SVAD (Storage, Visualization, Anomaly Detection) analysis of heterogeneous weather sensor data. Our SVAD platform includes extensive data cleaning techniques to denoise efficiently data to differentiate data from anomalies and noise data instances. We perform comparative analysis of unsupervised machine learning algorithms for multi-variant data analysis and experimental evaluation of different data ingestion pipelines to show the ability of the SVAD platform for (near) real-time processing. Our results indicate impending turbulent weather conditions that can be detected by early anomaly identification and detection techniques.

In order to improve the security and anti-interference ability of industrial control system, this paper proposes an improved industrial neural network defense method based on the PCA dimension reduction and the improved deep neural network. Firstly, the proposed method reduces the dimensionality of the industrial data using the dimension reduction theory of principal component analysis (PCA). Then the deep neural network extracts the features of the network. Finally, the softmax classifier classifies industrial data. Experiment results show that compared with unintegrated algorithm, this method achieves higher recognition accuracy and has great application potential.

Cloud Computing is a favored choice of any IT organization in the current context since that provides flexibility and pay-per-use service to the users. Moreover, due to its open and inclusive architecture which is accessible to attackers. Security and privacy are a big roadblock to its success. For any IT organization, intrusion detection systems are essential to the detection and endurance of effective detection system against attacker aggressive attacks. To recognize minor occurrences and become significant breaches, a fully managed intrusion detection system is required. The most prevalent approach for intrusion detection on the cloud is the Intrusion Detection System (IDS). This research introduces a cloud-based deep learning-LSTM IDS model and evaluates it to a hybrid Stacked Contractive Auto Encoder (SCAE) + Support Vector Machine (SVM) IDS model. Deep learning algorithms like basic machine learning can be built to conduct attack detection and classification simultaneously. Also examine the detection methodologies used by certain existing intrusion detection systems. On two well-known Intrusion Detection datasets (KDD Cup 99 and NSL-KDD), our strategy outperforms current methods in terms of accurate detection.

The industry of telecommunications is being transformed towards 5G technology, because it has to deal with the emerging and existing use cases. Because, 5G wireless networks need rather large data rates and much higher coverage of the dense base station deployment with the bigger capacity, much better Quality of Service - QoS, and the need very low latency [1–3]. The provision of the needed services which are envisioned by 5G technologies need the new service models of deployment, networking architectures, processing technologies and storage to be defined. These technologies will cause the new problems for the cybersecurity of 5G systems and the security of their functionality. The developers and researchers working in this field make their best to secure 5G systems. The researchers showed that 5G systems have the security challenges. The researchers found the vulnerabilities in 5G systems which allow attackers to integrate malicious code into the system and make the different types of the illegitimate actions. MNmap, Battery drain attacks and MiTM can be successfully implemented on 5G. The paper makes the analysis of the existing cyber security problems in 5G technology. Based on the analysis, we suggest the novel Intrusion Detection System - IDS by means of the machine-learning algorithms. In the related papers the scientists offer to use NSL-KDD in order to train IDS. In our paper we offer to train IDS using the big datasets of DOS/DDOS attacks, besides of training using NSL-KDD. The research also offers the methodology of integration of the offered intrusion detection systems into an standard architecture of 5G. The paper also offers the pseudo code of the designed system.

A new round of scientific and technological revolution and industrial reform promote the intelligent development of automobile and promote the deep integration of automobile with Internet, big data, communication and other industries. At the same time, it also brings network and data security problems to automobile, which is very easy to cause national security and social security risks. Intelligent vehicle Ethernet intrusion detection can effectively alleviate the security risk of vehicle network, but the complex attack means and vehicle compatibility have not been effectively solved. This research takes the vehicle Ethernet as the research object, constructs the machine learning samples for neural network, applies the self coding network technology combined with the original characteristics to the network intrusion detection algorithm, and studies a self-learning vehicle Ethernet intrusion detection algorithm. Through the application and test of vehicle terminal, the algorithm generated in this study can be used for vehicle terminal with Ethernet communication function, and can effectively resist 34 kinds of network attacks in four categories. This method effectively improves the network security defense capability of vehicle Ethernet, provides technical support for the network security of intelligent vehicles, and can be widely used in mass-produced intelligent vehicles with Ethernet.

The Internet of vehicles is emerging as an exciting application to improve safety and providing better services in the form of active road signs, pay-as-you-go insurance, electronic toll, and fleet management. Internet connected vehicles are exposed to new attack vectors in the form of cyber threats and with the increasing trend of cyber attacks, the success of autonomous vehicles depends on their security. Existing techniques for IoV security are based on the un-realistic assumption that all the vehicles are equipped with the same hardware (at least in terms of computational capabilities). However, the hardware platforms used by various vehicle manufacturers are highly heterogeneous. Therefore, a security protocol designed for IoVs should be able to detect the computational capabilities of the underlying platform and adjust the security primitives accordingly. To solve this issue, this paper presents a technique for algorithm-hardware separation for IoV security. The proposed technique uses an iterative routine and the corresponding execution time to detect the computational capabilities of a hardware platform using an artificial intelligence based inference engine. The results on three different commonly used micro-controllers show that the proposed technique can effectively detect the type of hardware platform with up to 100% accuracy.

A Cyber Attack is a sudden attempt launched by cybercriminals against multiple computers or networks. According to evolution of cyber space, insider attack is the most serious attack faced by end users, all over the world. Cyber Security reports shows that both US federal Agency as well as different organizations faces insider threat. Machine learning (ML) provide an important technology to secure data from insider threats. Random Forest is the best algorithm that focus on user's action, services and ability for insider attack detection based on data granularity. Substantial raise in the count of decision tree, increases the time consumption and complexity of Random Forest. A novel algorithm Known as Random Forest With Randomized Weighted Fuzzy Feature Set (RF-RWFF) is developed. Fuzzy Membership Function is used for feature aggregation and Randomized Weighted Majority Algorithm (RWMA) is used in the prediction part of Random Forest (RF) algorithm to perform voting. RWMA transform conventional Random Forest, to a perceptron like algorithm and increases the miliage. The experimental results obtained illustrate that the proposed model exhibits an overall improvement in accuracy and recall rate with very much decrease in time complexity compared to conventional Random Forest algorithm. This algorithm can be used in organization and government sector to detect insider fastly and accurately.

IoT applications are changing our daily lives. These innovative applications are supported by new communication technologies and protocols. Particularly, the information-centric network (ICN) paradigm is well suited for many IoT application scenarios that involve large-scale wireless sensor networks (WSNs). Even though the ICN approach can significantly reduce the network traffic by optimizing the process of information recovery from network nodes, it is also possible to apply data aggregation strategies. This paper proposes an unsupervised machine learning-based data aggregation strategy for multi-hop information-centric WSNs. The results show that the proposed algorithm can significantly reduce the ICN data traffic while having reduced information degradation.

We tackle the problem where a server owns a trained Machine Learning (ML) model and a client/user has an unclassified query that he wishes to classify in secure and private fashion using the server’s model. During the process the server learns nothing, while the user learns only his final classification and nothing else. Since several ML classification algorithms, such as deep neural networks, support vector machines-SVM (and hyperplane decisions in general), Logistic Regression, Naïve Bayes, etc., can be expressed in terms of matrix operations, initially we propose novel secure matrix operations as our building blocks. On top of them we build our secure and private ML classification algorithms under strict security and privacy requirements. As our underlying cryptographic primitives are shown to be resilient to quantum computer attacks, our algorithms are also suitable for the post-quantum world. Our theoretical analysis and extensive experimental evaluations show that our secure matrix operations, hence our secure ML algorithms build on top of them as well, outperform the state of the art schemes in terms of computation and communication costs. This makes our algorithms suitable for devices with limited resources that are often found in Industrial IoT (Internet of Things)

In the recent time due to advancement of technology, Malware and its clan have continued to advance and become more diverse. Malware otherwise Malicious Software consists of Virus, Trojan horse, Adware, Spyware etc. This said software leads to extrusion of data (Spyware), continuously flow of Ads (Adware), modifying or damaging the system files (Virus), or access of personal information (Trojan horse). Some of the major factors driving the growth of these attacks are due to poorly secured devices and the ease of availability of tools in the Internet with which anyone can attack any system. The attackers or the developers of Malware usually lean towards blending of malware into the executable file, which makes it hard to detect the presence of malware in executable files. In this paper we have done experimental study on various algorithms of Machine Learning for detecting the presence of Malware in executable files. After testing Naïve Bayes, KNN and SVM, we found out that SVM was the most suited algorithm and had the accuracy of 94%. We then created a web application where the user could upload executable file and test the authenticity of the said executable file if it is a Malware file or a benign file.

Ransomware is one of the most serious threats which constitute a significant challenge in the cybersecurity field. The cybercriminals use this attack to encrypts the victim's files or infect the victim's devices to demand ransom in exchange to restore access to these files and devices. The escalating threat of Ransomware to thousands of individuals and companies requires an urgent need for creating a system capable of proactively detecting and preventing ransomware. In this research, a new approach is proposed to detect and classify ransomware based on three machine learning algorithms (Random Forest, Support Vector Machines , and Näive Bayes). The features set was extracted directly from raw byte using static analysis technique of samples to improve the detection speed. To offer the best detection accuracy, CF-NCF (Class Frequency - Non-Class Frequency) has been utilized for generate features vectors. The proposed approach can differentiate between ransomware and goodware files with a detection accuracy of up to 98.33 percent.

Smart grid architecture and Software-defined Networking (SDN) have evolved into a centrally controlled infrastructure that captures and extracts data in real-time through sensors, smart-meters, and virtual machines. These advances pose a risk and increase the vulnerabilities of these infrastructures to sophisticated cyberattacks like distributed denial of service (DDoS), false data injection attack (FDIA), and Data replay. Integrating machine learning with a network intrusion detection system (NIDS) can improve the system's accuracy and precision when detecting suspicious signatures and network anomalies. Analyzing data in real-time using trained and tested hyperparameters on a network traffic dataset applies to most network infrastructures. The NSL-KDD dataset implemented holds various classes, attack types, protocol suites like TCP, HTTP, and POP, which are critical to packet transmission on a smart grid network. In this paper, we leveraged existing machine learning (ML) algorithms, Support vector machine (SVM), K-nearest neighbor (KNN), Random Forest (RF), Naïve Bayes (NB), and Bagging; to perform a detailed performance comparison of selected classifiers. We propose a multi-level hybrid model of SVM integrated with RF for improved accuracy and precision during network filtering. The hybrid model SVM-RF returned an average accuracy of 94% in 10-fold cross-validation and 92.75%in an 80-20% split during class classification.

Computer network and virtual machine security is very essential in today's era. Various architectures have been proposed for network security or prevent malicious access of internal or external users. Various existing systems have already developed to detect malicious activity on victim machines; sometimes any external user creates some malicious behavior and gets unauthorized access of victim machines to such a behavior system considered as malicious activities or Intruder. Numerous machine learning and soft computing techniques design to detect the activities in real-time network log audit data. KKDDCUP99 and NLSKDD most utilized data set to detect the Intruder on benchmark data set. In this paper, we proposed the identification of intruders using machine learning algorithms. Two different techniques have been proposed like a signature with detection and anomaly-based detection. In the experimental analysis, demonstrates SVM, Naïve Bayes and ANN algorithm with various data sets and demonstrate system performance on the real-time network environment.

Cloud computing is one of the greatest innovations and emerging technologies of the century. It incorporates networks, databases, operating systems, and virtualization technologies thereby bringing the security challenges associated with these technologies. Security Measures such as two-factor authentication, intrusion detection systems, and data backup are already in place to handle most of the security threats and vulnerabilities associated with these technologies but there are still other threats that may not be easily detected. Such a threat is a malicious user gaining access to the Virtual Machines (VMs) of other genuine users and using the Virtual Machine resources for their benefits without the knowledge of the user or the cloud service provider. This research proposes a model for proactive monitoring and detection of anomalies in VM resource usage. The proposed model can detect and pinpoint the time such anomaly occurred. Isolation Forest and One-Class Support Vector Machine (OCSVM) machine learning algorithms were used to train and test the model on sampled virtual machine workload trace using a combination of VM resource metrics together. OCSVM recorded an average F1-score of 0.97 and 0.89 for hourly and daily time series respectively while Isolation Forest has an average of 0.93 and 0.80 for hourly and daily time series. This result shows that both algorithms work for the model however OCSVM had a higher classification success rate than Isolation Forest.

Conventional Security Systems are improving with the advancement of Internet of Things (IoT) based technology. For better security, in addition to the currently available technology, surveillance systems are used. In this research, a Smart Surveillance System with machine-learning capabilities is designed to detect security breaches and it will resolve safety concerns. Machine learning algorithms are implemented to detect intruders as well as suspicious activities. Enery efficiency is the major concern for constant monitoring systems. As a result, the designed system focuses on power consumption by calibrating the system so that it can work on bare minimum power and additionally provides the required output. Fire sensor has also been integrated to detect fire for safety purposes. By adding upon the security infrastructure, next-generation smart surveillance systems can be created for a safe future. The developed system contains the necessary tools to recognize intruders by face recognition. Also using the ambient sensors (PIR sensor, fire detecting sensor), a secure environment is provided during working and non-working hours. The system shows high accuracy in human & flame detection. A more reliable security system can be created with the further development of this research.

With the development of network, network security has become a topic of increasing concern. Recent years, machine learning technology has become an effective means of network intrusion detection. However, machine learning technology requires a large amount of data for training, and training data often contains privacy information, which brings a great risk of privacy leakage. At present, there are few researches on data privacy protection in the field of intrusion detection. Regarding the issue of privacy and security, we combine differential privacy and machine learning algorithms, including One-class Support Vector Machine (OCSVM) and Local Outlier Factor(LOF), to propose an hybrid intrusion detection system (IDS) with privacy protection. We add Laplacian noise to the original network intrusion detection data set to get differential privacy data sets with different privacy budgets, and proposed a hybrid IDS model based on machine learning to verify their utility. Experiments show that while protecting data privacy, the hybrid IDS can achieve detection accuracy comparable to traditional machine learning algorithms.

Noise has been used as a way of protecting privacy of users in public datasets for many decades now. Differential privacy is a new standard to add noise, so that user privacy is protected. When this technique is applied for a single end user data, it's called local differential privacy. In this study, we evaluate the effects of adding noise to generate randomized responses on machine learning models. We generate randomized responses using Gaussian, Laplacian noise on singular end user data as well as correlated end user data. Finally, we provide results that we have observed on a few data sets for various machine learning use cases.

Advances in machine learning, deep learning, and Artificial Intelligence(AI) allows people to exchange other people's faces and voices in videos to make it look like what they did or say whatever you want to say. These videos and photos are called “deepfake” and are getting more complicated every day and this has lawmakers worried. This technology uses machine learning technology to provide computers with real data about images, so that we can make forgeries. The creators of Deepfake use artificial intelligence and machine learning algorithms to mimic the work and characteristics of real humans. It differs from counterfeit traditional media because it is difficult to identify. As In the 2020 elections loomed, AI-generated deepfakes were hit the news cycle. DeepFakes threatens facial recognition and online content. This deception can be dangerous, because if used incorrectly, this technique can be abused. Fake video, voice, and audio clips can do enormous damage. This paper examines the algorithms used to generate deepfakes as well as the methods proposed to detect them. We go through the threats, research patterns, and future directions for deepfake technologies in detail. This research provides a detailed description of deep imitation technology and encourages the creation of new and more powerful methods to deal with increasingly severe deep imitation by studying the history of deep imitation.

Digitization has pioneered to drive exceptional changes across all industries in the advancement of analytics, automation, and Artificial Intelligence (AI) and Machine Learning (ML). However, new business requirements associated with the efficiency benefits of digitalization are forcing increased connectivity between IT and OT networks, thereby increasing the attack surface and hence the cyber risk. Cyber threats are on the rise and securing industrial networks are challenging with the shortage of human resource in OT field, with more inclination to IT/OT convergence and the attackers deploy various hi-tech methods to intrude the control systems nowadays. We have developed an innovative real-time ICS cyber test kit to obtain the OT industrial network traffic data with various industrial attack vectors. In this paper, we have introduced the industrial datasets generated from ICS test kit, which incorporate the cyber-physical system of industrial operations. These datasets with a normal baseline along with different industrial hacking scenarios are analyzed for research purposes. Metadata is obtained from Deep packet inspection (DPI) of flow properties of network packets. DPI analysis provides more visibility into the contents of OT traffic based on communication protocols. The advancement in technology has led to the utilization of machine learning/artificial intelligence capability in IDS ICS SCADA. The industrial datasets are pre-processed, profiled and the abnormality is analyzed with DPI. The processed metadata is normalized for the easiness of algorithm analysis and modelled with machine learning-based latest deep learning ensemble LSTM algorithms for anomaly detection. The deep learning approach has been used nowadays for enhanced OT IDS performances.

With the rapid growth of data exfiltration carried out by cyber attacks, Covert Timing Channels (CTC) have become an imminent network security risk that continues to grow in both sophistication and utilization. These types of channels utilize inter-arrival times to steal sensitive data from the targeted networks. CTC detection relies increasingly on machine learning techniques, which utilize statistical-based metrics to separate malicious (covert) traffic flows from the legitimate (overt) ones. However, given the efforts of cyber attacks to evade detection and the growing column of CTC, covert channels detection needs to improve in both performance and precision to detect and prevent CTCs and mitigate the reduction of the quality of service caused by the detection process. In this article, we present an innovative image-based solution for fully automated CTC detection and localization. Our approach is based on the observation that the covert channels generate traffic that can be converted to colored images. Leveraging this observation, our solution is designed to automatically detect and locate the malicious part (i.e., set of packets) within a traffic flow. By locating the covert parts within traffic flows, our approach reduces the drop of the quality of service caused by blocking the entire traffic flows in which covert channels are detected. We first convert traffic flows into colored images, and then we extract image-based features for detection covert traffic. We train a classifier using these features on a large data set of covert and overt traffic. This approach demonstrates a remarkable performance achieving a detection accuracy of 95.83% for cautious CTCs and a covert traffic accuracy of 97.83% for 8 bit covert messages, which is way beyond what the popular statistical-based solutions can achieve.

The main purpose to ensure the security for confidential medical data is to develop and implement the architecture of a medical cloud system, for storage, systematization, and processing of survey results (for example EEG) jointly with an algorithm for ensuring the protection of confidential data based on a fully homomorphic cryptosystem. The most optimal algorithm based on the test results (analysis of the time of encryption, decryption, addition, multiplication, the ratio of the signal-to-noise of the ciphertext to the open text), has been selected between two potential applicants for using (BFV and CKKS schemes). As a result, the CKKS scheme demonstrates maximal effectiveness in the context of the criticality of the requirements for an important level of security.