International Journal of Information Security最新文献

Internet of Things (IoT) as an emerging technology is based on the idea that smart things can connect to the Internet and exchange the collected data in a peer-to-peer paradigm. Due to its inherent features, IoT can be utilized in real-world scenarios and its expansion can improve human well-being. Internet of things is applied quite closely to humans and transmits serious information such as healthcare information, financial data, and private information through an insecure communication platform. Since almost all tasks are performed with minimal human intervention, and adversary may deploy its nodes among other legitimate elements of IoT, providing an effective mutual authentication is vital. In this Systematic Literature Review, authentication of IoT and its literature are reviewed systematically. In particular, it has endeavored that the collected literature covers the papers conducted from 2018 to 2022. Moreover, this study seeks to provide a comprehensive answer to six important Research Questions in the context of authentication of IoT that often engage the minds of scholars. It is hoped that this survey will be an effective guide for future research by addressing the relevant challenges, analyzing open issues, and providing future research directions.

SQL injection (SQLi) attacks are one of the oldest and most serious security threats, consistently ranking among the top ten critical web security risks. Traditional defense mechanisms against SQL injection predominantly use blacklists to disallow common injection characters or terms. However, the major challenge for these systems is to create a comprehensive list of potential SQLi characters, terms, and multi-terms that encompass various types of SQLi attacks (time-based, error-based, etc.), taking into account various SQL datasets (such as MySQL, Oracle, and NoSQL). Recently, some research studies have concentrated on feature learning from SQL queries by applying some well-known deep architectures to detect SQLi attacks. Motivated by a similar objective, this research introduces a novel deep learning-based SQLi detection system named “Bidirectional LSTM-CNN based on Multi-View Consensus” (MVC-BiCNN). The proposed method implements a pre-processing step that generates multiple views from SQL data by semantically encoding SQL statements into their corresponding SQL tags. By utilizing two different main layers, which are bidirectional long short-term memory (LSTM) and convolutional neural network (CNN), the proposed method learns a joint latent space from multi-view representations. In the detection phase, the proposed method yields separate predictions for each representation and assesses whether the query constitutes an SQLi attack based on a consensus function’s output. Moreover, Interpretable Model-Agnostic Annotations (LIME), one of the methods of Explainable Artificial Intelligence (XAI), is employed for the purpose of interpreting the model’s results and analyzing the SQL injection (SQLi) inputs. The experimental results demonstrate that MVC-BiCNN outperforms the baseline methods, yielding 99.96% detection rate.

The Internet of Things (IoT) has garnered considerable attention from academic and industrial circles as a pivotal technology in recent years. The escalation of security risks is observed to be associated with the growing interest in IoT applications. Intrusion detection systems (IDS) have been devised as viable instruments for identifying and averting malicious actions in this context. Several techniques described in academic papers are thought to be very accurate, but they cannot be used in the real world because the datasets used to build and test the models do not accurately reflect and simulate the IoT network. Existing methods, on the other hand, deal with these issues, but they are not good enough for commercial use because of their lack of precision, low detection rate, receiver operating characteristic (ROC), and false acceptance rate (FAR). The effectiveness of these solutions is predominantly dependent on individual learners and is consequently influenced by the inherent limitations of each learning algorithm. This study introduces a new approach for detecting intrusion attacks in an IoT network, which involves the use of an ensemble learning technique based on gray wolf optimizer (GWO). The novelty of this study lies in the proposed voting gray wolf optimizer (GWO) ensemble model, which incorporates two crucial components: a traffic analyzer and a classification phase engine. The model employs a voting technique to combine the probability averages of the base learners. Secondly, the combination of feature selection and feature extraction techniques is to reduce dimensionality. Thirdly, the utilization of GWO is employed to optimize the parameters of ensemble models. Similarly, the approach employs the most authentic intrusion detection datasets that are accessible and amalgamates multiple learners to generate ensemble learners. The hybridization of information gain (IG) and principal component analysis (PCA) was employed to reduce dimensionality. The study utilized a novel GWO ensemble learning approach that incorporated a decision tree, random forest, K-nearest neighbor, and multilayer perceptron for classification. To evaluate the efficacy of the proposed model, two authentic datasets, namely, BoT-IoT and UNSW-NB15, were scrutinized. The GWO-optimized ensemble model demonstrates superior accuracy when compared to other machine learning-based and deep learning models. Specifically, the model achieves an accuracy rate of 99.98%, a DR of 99.97%, a precision rate of 99.94%, an ROC rate of 99.99%, and an FAR rate of 1.30 on the BoT-IoT dataset. According to the experimental results, the proposed ensemble model optimized by GWO achieved an accuracy of 100%, a DR of 99.9%, a precision of 99.59%, an ROC of 99.40%, and an FAR of 1.5 when tested on the UNSW-NB15 dataset.

In the healthcare sector, cyberattack detection systems are crucial for ensuring the privacy of patient data and building trust in the increasingly connected world of medical devices and patient monitoring systems. In light of the increasing prevalence of Internet of Medical Things (IoMT) technologies, it is essential to establish an efficient intrusion detection system (IDS). IDSs are crucial for protecting patient data and ensuring medical device reliability. Federated learning (FL) has emerged as an effective technique for enhancing distributed cyberattack detection systems. By distributing the learning process across multiple IoMT gateways, FL-based IDS offers several benefits, such as improved detection accuracy, reduced network latency, and minimized data leakage. However, as client data may not exhibit a uniform independent and identically distributed (IID) pattern, the heterogeneity of data distribution poses a significant challenge in implementing FL-based IDS for IoMT applications. In this paper, we propose a collaborative learning framework for IDS in IoMT applications. Specifically, we introduce a Federated Transfer Learning (FTL) IDS that enables clients to obtain their personalized FL model while benefiting from the knowledge of other clients. Our methodology enables clients to obtain a personalized model that addresses the challenges posed by the heterogeneity of data distribution. The experimental results show that the proposed model achieves superior detection performance with 95–99% accuracy. Moreover, our model exhibits strong performance in identifying zero-day attacks.

Abstract

Cyber ranges have gained significant importance in cybersecurity training in recent years, and they are still playing a role of paramount importance, thanks to their ability to give trainees hands-on experience with real-world exercises. This paper presents the motivation and objective of the AERAS project, including a thorough analysis of data from ad hoc interviews and surveys specifically designed and administered for the project’s goals. AERAS aims to apply the cyber range concept to the critical healthcare sector. The AERAS platform will be a virtual cyberwarfare solution that will simulate the operation and effects of security controls and offer hands-on training on their development, assessment, use, and management.

In recent years, there has been a remarkable surge in the adoption of open-source software (OSS). However, with the growing usage of OSS components in both free and proprietary software, vulnerabilities that are present within them can be spread to a vast array of underlying applications. Even worse, a myriad of vulnerabilities are fixed secretly via patch commits, which causes other software re-using the vulnerable code snippets to be left in the dark. Thus, source code patch commit mining toward vulnerability discovery is receiving immense attention, and a variety of approaches are proposed. Despite that, there is no comprehensive survey summarizing and discussing the current progress within this field. To fill this gap, we survey, evaluate, and systematize a list of literature and provide the community with our insights on both successes and remaining issues in this space. Special attention is paid on the work toward vulnerability discovery. In this paper, we also provide an introductory panorama with our replicable hands-on experience, which can help readers quickly understand and step into the pertinent field. Our empirical study reveals noteworthy challenges which need to be highlighted and addressed in this field. We also discuss potential directions for the future work. To the best of knowledge, we provide the first literature review to study source code patch commit mining in the vulnerability discovery context. The systematic framework, hands-on practices, and list of potential challenges provide new knowledge for mining source code patch commit toward a more robust software eco-system. The research gaps found in this literature review show the need for future research, such as the concern on data quality, high false alarms, and the significance of textual information.

The global maritime industry is continuing the rapid digitization of systems and dependency on advancing technology, in a trend akin to other industrial domains. One of the main issues that this integration has brought is an increased vulnerability to a growing number of cyber threats. While several security measures are being implemented to prevent or respond to cyber attacks, the human element is still one of the main weaknesses. Many of today’s cyber attacks take advantage of human personnel’s lack of awareness, which makes cyber security awareness and training activities of critical importance. Unfortunately, current research is still limited in its offerings for cyber security training specific to maritime personnel. Moreover, such training programmes for the professionals should be developed role-based in accordance with the suggestions of many credited maritime organizations. For this reason, we developed a modular cyber security training programme for the maritime domain called Maritime Cyber Security (MarCy) by implementing Critical Events Model (CEM). Then, we evaluated the MarCy programme by utilizing the Delphi technique with the participation of 19 experts from academia and industry. In this study, we offer cyber security training for seafarers and office employees in shipping companies. We proposed eleven elective modules to improve the knowledge, skills, and attitude of learners against cyber risks. The MarCy programme can be implemented by universities, shipping companies, training institutes, and governmental organizations for maritime cyber security training purposes.

The advent of new technologies and applications coupled with the COVID-19 pandemic tremendously increased cloud computing adoption in private and public institutions (government) and raised the demand for communication and access to a shared pool of resources and storage capabilities. Governments across the globe are moving to the cloud to improve services, reduce costs, and increase effectiveness and efficiency while fostering innovation and citizen engagement. However, information security and privacy concerns raised in the past remain significant to government adoption and utilisation of cloud computing. The study conducts a systematic literature review (SLR) using the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) approach to examine information security and privacy as the fundamental challenges to government intention to adopt cloud computing. This study screened 758 articles and included 33 articles that revealed information security and privacy as critical factors and barriers to adopting cloud computing through a systematic evaluation (PRISMA approach). The combined two factors contributed 70% of the significant gaps to the cloud computing adoption challenges. In contrast, the individual contribution of information security and privacy as a significant gap to the challenges of cloud adoption yielded 9% and 12%, respectively. Furthermore, 9% of the authors recognised the need for a framework to address the challenges but could not attempt to develop the framework. The study contributes to the information security body of knowledge, PRISMA studies and provides direction in proposing strategies and frameworks to tackle information security and privacy challenges as future research.

Increasing digitisation in the maritime domain and the intensive use of information technologies have become essential for the effective functioning of systems that manage navigation, communications, sensors and weapons throughout the maritime chain. In this context, the issuance and enforcement of international standards and policies are seeking to mitigate the appearance of threats and vulnerabilities that aim to compromise access to functionalities, on-board systems and network integrity. Thus, in this article, we first review the main proposals for guidelines, frameworks and other solutions related to cybersecurity in the maritime environment. Subsequently, we analyse the way in which cybersecurity challenges specific to systems and equipment in this particular environment are addressed, identifying the main cybersecurity weaknesses and needs in the maritime environment that are not completely addressed. Based on this analysis, we then propose the structure of POSEIDON, a comprehensive framework for managing cybersecurity in maritime environments that addresses the identified gaps. This cybersecurity management framework takes into account existing proposals and is complemented by a set of new elements to provide a comprehensive approach to addressing the weaknesses identified.