Pub Date : 2024-12-07DOI: 10.1016/j.cose.2024.104253
Sushree Padhan, Ashok Kumar Turuk
The advancement in communication, computation, and control technology has led to the integration of the cyber-world and physical-world. This has also increased the incidence of malicious attacks in Cyber–Physical Systems (CPSs), of which false data injection (FDI) attacks are critical. FDI attacks can simultaneously modify the cyber-data and physical data in CPSs. An attacker can guess the system parameters and disrupt the system’s operation by designing stealthy attack sequences. There must be more than a detection scheme to defend against FDI attacks. Therefore, a combined detection and mitigation mechanism is required to secure the CPSs against FDI attacks. This paper discusses a technique for detecting and mitigating FDI attacks where the physical system, sensor measurements, and actuator inputs are compromised simultaneously. We use a watermarking scheme for attack detection, and we use the control input synthesis and operating region concept for attack mitigation. The defender can detect the attacks and reduce the attacker’s effectiveness. A numerical example from a trajectory tracking control system is taken to evaluate the efficacy of the proposed security scheme.
{"title":"A technique to detect and mitigate false data injection attacks in Cyber–Physical Systems","authors":"Sushree Padhan, Ashok Kumar Turuk","doi":"10.1016/j.cose.2024.104253","DOIUrl":"10.1016/j.cose.2024.104253","url":null,"abstract":"<div><div>The advancement in communication, computation, and control technology has led to the integration of the cyber-world and physical-world. This has also increased the incidence of malicious attacks in Cyber–Physical Systems (CPSs), of which false data injection (FDI) attacks are critical. FDI attacks can simultaneously modify the cyber-data and physical data in CPSs. An attacker can guess the system parameters and disrupt the system’s operation by designing stealthy attack sequences. There must be more than a detection scheme to defend against FDI attacks. Therefore, a combined detection and mitigation mechanism is required to secure the CPSs against FDI attacks. This paper discusses a technique for detecting and mitigating FDI attacks where the physical system, sensor measurements, and actuator inputs are compromised simultaneously. We use a watermarking scheme for attack detection, and we use the control input synthesis and operating region concept for attack mitigation. The defender can detect the attacks and reduce the attacker’s effectiveness. A numerical example from a trajectory tracking control system is taken to evaluate the efficacy of the proposed security scheme.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"150 ","pages":"Article 104253"},"PeriodicalIF":4.8,"publicationDate":"2024-12-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143142377","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-12-06DOI: 10.1016/j.cose.2024.104250
Hui Tian , Mengcheng Wang , Hanyu Quan , Chin-Chen Chang , Athanasios V. Vasilakos
Driven by the rising popularity of multi-replica backups for enhanced data reliability and availability in cloud storage, multi-replica data auditing, which guarantees that cloud service providers (CSPs) securely store all designated replicas, has become a prominent research area in cloud data security. However, existing multi-replica auditing schemes pose a notable challenge: users incur additional computation and communication overheads to generate and upload multiple replicas. This approach also diverges from the conventional multi-replica storage model, where users typically submit a single copy and the CSP handles replica creation. To address this issue, this paper presents a novel multi-replica data auditing scheme based on Trusted execution environments (TEEs), named TEEMRDA. TEEMRDA is designed to align with real-world practices where users upload a single copy, significantly reducing user burden. To guarantee reliable multi-replica storage, we propose a random mask-based strategy implemented by TEEs to securely generate a predetermined number of data copies. For auditability, we introduce an impartial dual authentication mechanism using replica and data block index-independent signatures, employing both online and offline procedures. This approach substantially reduces the TEE’s computation overhead in generating tags for multiple-replica blocks and enhances efficiency for third-party auditors conducting data audits. Finally, we conduct comprehensive security validation and performance comparison of TEEMRDA with state-of-the-art schemes. The results demonstrate that TEEMRDA achieves secure and efficient auditing for multi-replica data, outperforming existing schemes in terms of computation and communication overheads.
{"title":"TEEMRDA: Leveraging trusted execution environments for multi-replica data auditing in cloud storage","authors":"Hui Tian , Mengcheng Wang , Hanyu Quan , Chin-Chen Chang , Athanasios V. Vasilakos","doi":"10.1016/j.cose.2024.104250","DOIUrl":"10.1016/j.cose.2024.104250","url":null,"abstract":"<div><div>Driven by the rising popularity of multi-replica backups for enhanced data reliability and availability in cloud storage, multi-replica data auditing, which guarantees that cloud service providers (CSPs) securely store all designated replicas, has become a prominent research area in cloud data security. However, existing multi-replica auditing schemes pose a notable challenge: users incur additional computation and communication overheads to generate and upload multiple replicas. This approach also diverges from the conventional multi-replica storage model, where users typically submit a single copy and the CSP handles replica creation. To address this issue, this paper presents a novel multi-replica data auditing scheme based on Trusted execution environments (TEEs), named TEEMRDA. TEEMRDA is designed to align with real-world practices where users upload a single copy, significantly reducing user burden. To guarantee reliable multi-replica storage, we propose a random mask-based strategy implemented by TEEs to securely generate a predetermined number of data copies. For auditability, we introduce an impartial dual authentication mechanism using replica and data block index-independent signatures, employing both online and offline procedures. This approach substantially reduces the TEE’s computation overhead in generating tags for multiple-replica blocks and enhances efficiency for third-party auditors conducting data audits. Finally, we conduct comprehensive security validation and performance comparison of TEEMRDA with state-of-the-art schemes. The results demonstrate that TEEMRDA achieves secure and efficient auditing for multi-replica data, outperforming existing schemes in terms of computation and communication overheads.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"150 ","pages":"Article 104250"},"PeriodicalIF":4.8,"publicationDate":"2024-12-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143142378","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Recently, APT attacks have frequently happened, which are increasingly complicated. Research on dynamic detection and tracing of APT via audit logs has been widely of concern. For Windows, ETW(events tracing for Windows) is a well-known built-in kernel-level logs collection framework. However, existing log collection tools built on ETW suffer from working shortages, including data loss, high overhead, and weak real-time performance. Therefore, It is still challenging to directly apply ETW-based Windows tools to analyze APT attack scenarios. To address these challenges, this paper proposes an efficient and lossless kernel log collector based on ETW called Kellect. The collector dynamically optimizes the number of cache and processing threads through a multi-level cache for lossless collecting and significantly enhances analysis performance by replacing the native TDH library with a sliding pointer. Furthermore, Kellect enhances log semantics understanding by maintaining event mappings and application callstacks which provide more comprehensive characteristics for security event behavior analysis. Additionally, Kellect has compatibility with different OS versions.
With plenty of experiments, Kellect demonstrates its capability to achieve non-destructive, real-time, and full collection of kernel log data generated from events with a comprehensive efficiency of 9 times greater than existing tools. It only takes extra CPU usage with approximately 2%–3% and about 40MB memory consumption. As a killer illustration to show how Kellect can work for APT, full data logs have been collected as a dataset Kellect4APT, generated by implementing diversity TTPs from the latest ATT&CK. To our best knowledge, it is the first open benchmark dataset representing ATT&CK technique-specific behaviors, which could be highly expected to improve more extensive research on APT studies.
{"title":"Kellect: A Kernel-based efficient and lossless event log collector for windows security","authors":"Tieming Chen, Qijie Song, Tiantian Zhu, Xuebo Qiu, Zhiling Zhu, Mingqi Lv","doi":"10.1016/j.cose.2024.104203","DOIUrl":"10.1016/j.cose.2024.104203","url":null,"abstract":"<div><div>Recently, APT attacks have frequently happened, which are increasingly complicated. Research on dynamic detection and tracing of APT via audit logs has been widely of concern. For Windows, ETW(events tracing for Windows) is a well-known built-in kernel-level logs collection framework. However, existing log collection tools built on ETW suffer from working shortages, including data loss, high overhead, and weak real-time performance. Therefore, It is still challenging to directly apply ETW-based Windows tools to analyze APT attack scenarios. To address these challenges, this paper proposes an efficient and lossless kernel log collector based on ETW called Kellect. The collector dynamically optimizes the number of cache and processing threads through a multi-level cache for lossless collecting and significantly enhances analysis performance by replacing the native TDH library with a sliding pointer. Furthermore, Kellect enhances log semantics understanding by maintaining event mappings and application callstacks which provide more comprehensive characteristics for security event behavior analysis. Additionally, Kellect has compatibility with different OS versions.</div><div>With plenty of experiments, Kellect demonstrates its capability to achieve non-destructive, real-time, and full collection of kernel log data generated from events with a comprehensive efficiency of 9 times greater than existing tools. It only takes extra CPU usage with approximately 2%–3% and about 40MB memory consumption. As a killer illustration to show how Kellect can work for APT, full data logs have been collected as a dataset Kellect4APT, generated by implementing diversity TTPs from the latest ATT&CK. To our best knowledge, it is the first open benchmark dataset representing ATT&CK technique-specific behaviors, which could be highly expected to improve more extensive research on APT studies.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"150 ","pages":"Article 104203"},"PeriodicalIF":4.8,"publicationDate":"2024-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143142361","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-12-04DOI: 10.1016/j.cose.2024.104226
Gaoli Mu , Hanlin Zhang , Jie Lin , Fanyu Kong
With the rapid development of the Internet, malicious code has been continuously exposing security issues, posing a significant threat to people’s online lives. Deep learning has shown significant impact in the field of malicious code detection, multiple providers of malicious code data can offer more diverse data for deep learning, thereby improving the accuracy of malicious code detection models. However, this may raise privacy and security concerns regarding the training data and models. To address this challenge, our paper introduces an advanced, secure deep learning framework collaboratively trained across multiple parties. We first use privacy set intersection techniques to align the provided malicious code data from the participants, ensuring that they have the same attributes. The aligned data from each data provider is then securely shared with three cloud servers through secret sharing. The three cloud servers implemented a secure model training process through secure multiparty computation. Our experiment demonstrates that our secure malicious code detection protocol exhibits satisfactory performance.
{"title":"SMCD: Privacy-preserving deep learning based malicious code detection","authors":"Gaoli Mu , Hanlin Zhang , Jie Lin , Fanyu Kong","doi":"10.1016/j.cose.2024.104226","DOIUrl":"10.1016/j.cose.2024.104226","url":null,"abstract":"<div><div>With the rapid development of the Internet, malicious code has been continuously exposing security issues, posing a significant threat to people’s online lives. Deep learning has shown significant impact in the field of malicious code detection, multiple providers of malicious code data can offer more diverse data for deep learning, thereby improving the accuracy of malicious code detection models. However, this may raise privacy and security concerns regarding the training data and models. To address this challenge, our paper introduces an advanced, secure deep learning framework collaboratively trained across multiple parties. We first use privacy set intersection techniques to align the provided malicious code data from the participants, ensuring that they have the same attributes. The aligned data from each data provider is then securely shared with three cloud servers through secret sharing. The three cloud servers implemented a secure model training process through secure multiparty computation. Our experiment demonstrates that our secure malicious code detection protocol exhibits satisfactory performance.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"150 ","pages":"Article 104226"},"PeriodicalIF":4.8,"publicationDate":"2024-12-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143142430","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-12-03DOI: 10.1016/j.cose.2024.104251
Liang Liu , Silin Peng , Zhijun Wu
The efficient forwarding mechanism of Named Data Networking (NDN) has attracted many scholars' attention. However, the threat of network attacks still exists in NDN, just like other networks. Among them, the Collusive Interest Flooding Attacks (CIFA) has an extremely significant attack effect in NDN. CIFA attackers send malicious interests in the form of periodic pulses with the help of collusive producers, which will affect the quality of NDN network services. Through simulating CIFA in ndnSIM, the network traffic features under CIFA and normal network state are extracted, including PIT occupancy rate, throughput, satisfaction of Interests and received data packets. Furthermore, a detection method using SMOTEBoost and LSTM is proposed by making in-depth analysis of the impact of CIFA based on the CIFA attack features. Finally, experiments show that the proposed detection method achieves 99.2 % detection rate, 0.5 % false alarm rate and 0.6 % missed alarm rate, which is far superior to other methods.
{"title":"Detection of CIFA using SMOTEBoost and LSTM in NDN","authors":"Liang Liu , Silin Peng , Zhijun Wu","doi":"10.1016/j.cose.2024.104251","DOIUrl":"10.1016/j.cose.2024.104251","url":null,"abstract":"<div><div>The efficient forwarding mechanism of Named Data Networking (NDN) has attracted many scholars' attention. However, the threat of network attacks still exists in NDN, just like other networks. Among them, the Collusive Interest Flooding Attacks (CIFA) has an extremely significant attack effect in NDN. CIFA attackers send malicious interests in the form of periodic pulses with the help of collusive producers, which will affect the quality of NDN network services. Through simulating CIFA in ndnSIM, the network traffic features under CIFA and normal network state are extracted, including PIT occupancy rate, throughput, satisfaction of Interests and received data packets. Furthermore, a detection method using SMOTEBoost and LSTM is proposed by making in-depth analysis of the impact of CIFA based on the CIFA attack features. Finally, experiments show that the proposed detection method achieves 99.2 % detection rate, 0.5 % false alarm rate and 0.6 % missed alarm rate, which is far superior to other methods.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"150 ","pages":"Article 104251"},"PeriodicalIF":4.8,"publicationDate":"2024-12-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143142422","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-12-02DOI: 10.1016/j.cose.2024.104228
Xiaomin Wei , Yizhen Xu , Haibin Zhang , Cong Sun , Xinghua Li , Fenghua Huang , Jianfeng Ma
Unmanned Aerial Vehicle (UAV) sensors play a vital role in maintaining flight safety and stability. However, the increasing frequency and complexity of sensor attacks have emerged as a critical threat to UAV systems. The current lack of robust multi-classification methods for detecting sensor attacks limits the effectiveness and completeness of existing defense strategies. This research addresses these challenges by leveraging machine learning (ML) techniques to classify various sensor attacks using heterogeneous sensor data and control parameters, thereby enhancing UAV system security. In this study, we design and implement multiple sensor attack scenarios targeting gyroscopes, accelerometers, barometers, and GPS. Comprehensive datasets are collected during UAV flight, integrating diverse sensor readings, flight states, and control parameters. By analyzing the characteristics of sensor attacks and their impact on position estimation and attitude control, we identify and extract key features. To optimize the classification model, we employ feature importance analysis, correlation analysis, and ablation experiments, significantly reducing data dimensionality and enhancing model training efficiency. The experimental results demonstrate the proposed ML-based multi-classification model’s superior performance, achieving a detection rate of 89.38%, significantly outperforming traditional single-attack detection methods in terms of generalization capability. Our approach efficiently handles complex multi-sensor attack scenarios. Moreover, deploying the optimized model on UAV firmware enables real-time monitoring and classification, achieving an online detection rate of 74% with a response time of approximately 0.495 ms per detection. The model’s lightweight design, requiring only 48 KB of storage, makes it ideal for resource-constrained UAV environments. These contributions highlight the potential of our approach to enhance real-time anomaly detection and improve UAV system resilience against diverse sensor attacks.
{"title":"Sensor attack online classification for UAVs using machine learning","authors":"Xiaomin Wei , Yizhen Xu , Haibin Zhang , Cong Sun , Xinghua Li , Fenghua Huang , Jianfeng Ma","doi":"10.1016/j.cose.2024.104228","DOIUrl":"10.1016/j.cose.2024.104228","url":null,"abstract":"<div><div>Unmanned Aerial Vehicle (UAV) sensors play a vital role in maintaining flight safety and stability. However, the increasing frequency and complexity of sensor attacks have emerged as a critical threat to UAV systems. The current lack of robust multi-classification methods for detecting sensor attacks limits the effectiveness and completeness of existing defense strategies. This research addresses these challenges by leveraging machine learning (ML) techniques to classify various sensor attacks using heterogeneous sensor data and control parameters, thereby enhancing UAV system security. In this study, we design and implement multiple sensor attack scenarios targeting gyroscopes, accelerometers, barometers, and GPS. Comprehensive datasets are collected during UAV flight, integrating diverse sensor readings, flight states, and control parameters. By analyzing the characteristics of sensor attacks and their impact on position estimation and attitude control, we identify and extract key features. To optimize the classification model, we employ feature importance analysis, correlation analysis, and ablation experiments, significantly reducing data dimensionality and enhancing model training efficiency. The experimental results demonstrate the proposed ML-based multi-classification model’s superior performance, achieving a detection rate of 89.38%, significantly outperforming traditional single-attack detection methods in terms of generalization capability. Our approach efficiently handles complex multi-sensor attack scenarios. Moreover, deploying the optimized model on UAV firmware enables real-time monitoring and classification, achieving an online detection rate of 74% with a response time of approximately 0.495 ms per detection. The model’s lightweight design, requiring only 48 KB of storage, makes it ideal for resource-constrained UAV environments. These contributions highlight the potential of our approach to enhance real-time anomaly detection and improve UAV system resilience against diverse sensor attacks.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"150 ","pages":"Article 104228"},"PeriodicalIF":4.8,"publicationDate":"2024-12-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143142367","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-12-02DOI: 10.1016/j.cose.2024.104233
Pham Sy Nguyen , Tran Nhat Huy , Tong Anh Tuan , Pham Duy Trung , Hoang Viet Long
The escalating prevalence of malware necessitates a proactive and vigilant approach to its detection and mitigation. The ramifications of a successful malware attack on cloud services can be severe, underscoring the critical importance of effective malware detection mechanisms in cloud environments. To address this pressing need, we propose a comprehensive methodology for creating a novel cloud-based malware dataset, namely the CMD_2024 dataset. This dataset integrates static and dynamic attributes, providing a robust framework for malware analysis. The CMD_2024 dataset, comprising 20,850 samples meticulously labeled into various malware categories such as Virus, Trojan, Worm, Ransomware, Adware, Miner, PUA, and Downloader, is designed to facilitate the testing and evaluation of diverse analysis tools, machine learning models, deep learning models, and security systems. We enhance the dataset’s utility and effectiveness by focusing on dynamic features, particularly system calls within the cloud, in conjunction with static attributes. To address the challenges of the imbalance towards less common malware categories in the dataset, we employed the Conditional Tabular Generative Adversarial Network to generate synthetic data, significantly improving the detection capability for these rare malware samples. The application of various machine learning and deep learning classifiers, including our proposed integrated deep learning models, yielded remarkable results, achieving 99.42% accuracy in binary classification and 86.97% in multi-class classification. These outcomes demonstrate the CMD_2024 dataset’s substantial efficacy in supporting robust malware detection within cloud environments.
{"title":"Hybrid feature extraction and integrated deep learning for cloud-based malware detection","authors":"Pham Sy Nguyen , Tran Nhat Huy , Tong Anh Tuan , Pham Duy Trung , Hoang Viet Long","doi":"10.1016/j.cose.2024.104233","DOIUrl":"10.1016/j.cose.2024.104233","url":null,"abstract":"<div><div>The escalating prevalence of malware necessitates a proactive and vigilant approach to its detection and mitigation. The ramifications of a successful malware attack on cloud services can be severe, underscoring the critical importance of effective malware detection mechanisms in cloud environments. To address this pressing need, we propose a comprehensive methodology for creating a novel cloud-based malware dataset, namely the CMD_2024 dataset. This dataset integrates static and dynamic attributes, providing a robust framework for malware analysis. The CMD_2024 dataset, comprising 20,850 samples meticulously labeled into various malware categories such as Virus, Trojan, Worm, Ransomware, Adware, Miner, PUA, and Downloader, is designed to facilitate the testing and evaluation of diverse analysis tools, machine learning models, deep learning models, and security systems. We enhance the dataset’s utility and effectiveness by focusing on dynamic features, particularly system calls within the cloud, in conjunction with static attributes. To address the challenges of the imbalance towards less common malware categories in the dataset, we employed the Conditional Tabular Generative Adversarial Network to generate synthetic data, significantly improving the detection capability for these rare malware samples. The application of various machine learning and deep learning classifiers, including our proposed integrated deep learning models, yielded remarkable results, achieving 99.42% accuracy in binary classification and 86.97% in multi-class classification. These outcomes demonstrate the CMD_2024 dataset’s substantial efficacy in supporting robust malware detection within cloud environments.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"150 ","pages":"Article 104233"},"PeriodicalIF":4.8,"publicationDate":"2024-12-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143142364","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-11-30DOI: 10.1016/j.cose.2024.104242
M. Rajkumar , J. Karthika , S․ S․ Abinayaa
Improving security in Mobile Ad hoc Networks (MANETs) requires an effective intrusion detection and prevention scheme that addresses some research issues, such as energy efficacy, delay, detection rate, false positive rate. However, many existing solutions have faced challenges in achieving accurate detection rates while minimizing execution time and energy consumption. In this manuscript, a Multi-View Consistent Generative Adversarial Network for Enhancing Intrusion Detection with Prevention Systems in MANET Against Security Attacks (IDPS-MANET-MVCGAN) is proposed. Initially, the mobile users are registered in Trusted Authority under One Way Hash Chain Function. The intrusion detection is executed using four entities. In the packet analyzer, it is verified regarding if any attack is identified or not. The implementation is done in Type 2 Fuzzy Controller that takes data through packet header. The collected data is fed to improved splice Kalman filtering for data normalization. Then it is supplied to the feature extraction using Multi-Scale Ternary Pattern Mutual Information to extract the optimum set of features for packets classifcation. During classifcation, Multi-View Consistent Generative Adversarial Network (MVCGAN) is used for packets classification as DoS, Probe, U2R, R2L, Normal. To improve the accuracy of the method, Fire hawk optimization algorithm (FHOA) is used. The proposed IDPS-MANET-MVCGAN method attains 13.88 %, 25.75 %, 16.16 % better accuracy when compared with the existing models: Adaptive Marine Predator Optimization Algorithm Deep Supervised Learning Classification dependent Intrusion Detection Scheme for MANET Security (IDPS-MANET-DSLC), An Intrusion Detection Scheme utilizing Exponential Henry Gas Solubility Optimization based Deep Neural Fuzzy Network in MANET (IDPS-MANET-DNFN) and Adaptive Activation Functions along Deep Kronecker Neural Network optimized with Bear Smell Search Algorithm to prevent Cyber security attacks in MANET (IDPS-MANET-ADKNN) respectively.
{"title":"Multi-view consistent generative adversarial network for enhancing intrusion detection with prevention systems in mobile ad hoc networks against security attacks","authors":"M. Rajkumar , J. Karthika , S․ S․ Abinayaa","doi":"10.1016/j.cose.2024.104242","DOIUrl":"10.1016/j.cose.2024.104242","url":null,"abstract":"<div><div>Improving security in Mobile Ad hoc Networks (MANETs) requires an effective intrusion detection and prevention scheme that addresses some research issues, such as energy efficacy, delay, detection rate, false positive rate. However, many existing solutions have faced challenges in achieving accurate detection rates while minimizing execution time and energy consumption. In this manuscript, a Multi-View Consistent Generative Adversarial Network for Enhancing Intrusion Detection with Prevention Systems in MANET Against Security Attacks (IDPS-MANET-MVCGAN) is proposed. Initially, the mobile users are registered in Trusted Authority under One Way Hash Chain Function. The intrusion detection is executed using four entities. In the packet analyzer, it is verified regarding if any attack is identified or not. The implementation is done in Type 2 Fuzzy Controller that takes data through packet header. The collected data is fed to improved splice Kalman filtering for data normalization. Then it is supplied to the feature extraction using Multi-Scale Ternary Pattern Mutual Information to extract the optimum set of features for packets classifcation. During classifcation, Multi-View Consistent Generative Adversarial Network (MVCGAN) is used for packets classification as DoS, Probe, U2R, R2L, Normal. To improve the accuracy of the method, Fire hawk optimization algorithm (FHOA) is used. The proposed IDPS-MANET-MVCGAN method attains 13.88 %, 25.75 %, 16.16 % better accuracy when compared with the existing models: Adaptive Marine Predator Optimization Algorithm Deep Supervised Learning Classification dependent Intrusion Detection Scheme for MANET Security (IDPS-MANET-DSLC), An Intrusion Detection Scheme utilizing Exponential Henry Gas Solubility Optimization based Deep Neural Fuzzy Network in MANET (IDPS-MANET-DNFN) and Adaptive Activation Functions along Deep Kronecker Neural Network optimized with Bear Smell Search Algorithm to prevent Cyber security attacks in MANET (IDPS-MANET-ADKNN) respectively.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"150 ","pages":"Article 104242"},"PeriodicalIF":4.8,"publicationDate":"2024-11-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143142360","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-11-30DOI: 10.1016/j.cose.2024.104229
Nhung H. Nguyen , Mengmeng Ge , Jin-Hee Cho , Terrence J. Moore , Seunghyun Yoon , Hyuk Lim , Frederica Nelson , Guangdong Bai , Dan Dongseong Kim
Autonomous Vehicles (AVs) integrate numerous control units, network components, and protocols to operate effectively and interact with their surroundings, such as pedestrians and other vehicles. While these technologies enhance vehicle capabilities and enrich the driving experience, they also introduce new attack surfaces, making AVs vulnerable to cyber-attacks. Such cyber-attacks can lead to severe consequences, including traffic disruption and even threats to human life. Security modelling is crucial to safeguarding AVs as it enables the simulation and analysis of an AV’s security before any potential attacks. However, the existing research on AV security modelling methods for analysing security risks and evaluating the effectiveness of security measures remains limited. In this work, we introduce a novel graphical security model and metrics to assess the security of AV systems. The proposed model utilizes initial network information to build attack graphs and attack trees at different layers of network depth. From this, various metrics are automatically calculated to analyse the security and safety of the AV network. The proposed model is designed to identify potential attack paths, analyse security and safety with precise metrics, and evaluate various defence strategies. We demonstrate the effectiveness of our framework by applying it to two AV networks and distinct AV attack scenarios, showcasing its capability to enhance the security of AVs.
{"title":"Graphical security modelling for Autonomous Vehicles: A novel approach to threat analysis and defence evaluation","authors":"Nhung H. Nguyen , Mengmeng Ge , Jin-Hee Cho , Terrence J. Moore , Seunghyun Yoon , Hyuk Lim , Frederica Nelson , Guangdong Bai , Dan Dongseong Kim","doi":"10.1016/j.cose.2024.104229","DOIUrl":"10.1016/j.cose.2024.104229","url":null,"abstract":"<div><div>Autonomous Vehicles (AVs) integrate numerous control units, network components, and protocols to operate effectively and interact with their surroundings, such as pedestrians and other vehicles. While these technologies enhance vehicle capabilities and enrich the driving experience, they also introduce new attack surfaces, making AVs vulnerable to cyber-attacks. Such cyber-attacks can lead to severe consequences, including traffic disruption and even threats to human life. Security modelling is crucial to safeguarding AVs as it enables the simulation and analysis of an AV’s security before any potential attacks. However, the existing research on AV security modelling methods for analysing security risks and evaluating the effectiveness of security measures remains limited. In this work, we introduce a novel graphical security model and metrics to assess the security of AV systems. The proposed model utilizes initial network information to build attack graphs and attack trees at different layers of network depth. From this, various metrics are automatically calculated to analyse the security and safety of the AV network. The proposed model is designed to identify potential attack paths, analyse security and safety with precise metrics, and evaluate various defence strategies. We demonstrate the effectiveness of our framework by applying it to two AV networks and distinct AV attack scenarios, showcasing its capability to enhance the security of AVs.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"150 ","pages":"Article 104229"},"PeriodicalIF":4.8,"publicationDate":"2024-11-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143142363","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-11-30DOI: 10.1016/j.cose.2024.104206
Julia Prümmer, Tommy van Steen, Bibi van den Berg
Cybersecurity behaviour of end-users continues to be a growing topic of conversation, both in organisations and in academia, as end-users are often said to be the last line of defence against cyberattacks. Unfortunately, end-users are often not aware that they engage in risky cyber behaviours and can, in turn, make themselves and the organisations that they work for vulnerable. Attempting to change end-user behaviour through training programs has become common practice in many organisations, a trend that is reflected in the academic literature as well. While a variety of literature reviews on the topic are available, an assessment of the effectiveness of these training programs through a meta-analysis has so far not been conducted. We carried out a meta-analysis based on a systematic literature review on the topic and an updated literature search in order to assess the overall effectiveness of cybersecurity training programs. We identified 69 studies that were eligible for inclusion.
Our analysis shows that training overall has a positive effect on end-users (d = 0.75, 95%CI [0.58, 0.92]), particularly when assessing predictors of behaviour such as attitudes or knowledge (d = 1.02, 95%CI [0.58, 1.46]). Interestingly, studies assessing changes in behaviour are not able to match these results (d = 0.36, 95%CI [-0.09, 0.80]), showcasing a clear inability of current training approaches to change behaviour. The effect sizes obtained in this meta-analysis can act as smallest effect sizes of interest (SESOIs) for future research on end-user cybersecurity training. Further findings with regards to the effectiveness of individual training methods and other moderators are discussed.
{"title":"Assessing the effect of cybersecurity training on End-users: A Meta-analysis","authors":"Julia Prümmer, Tommy van Steen, Bibi van den Berg","doi":"10.1016/j.cose.2024.104206","DOIUrl":"10.1016/j.cose.2024.104206","url":null,"abstract":"<div><div>Cybersecurity behaviour of end-users continues to be a growing topic of conversation, both in organisations and in academia, as end-users are often said to be the last line of defence against cyberattacks. Unfortunately, end-users are often not aware that they engage in risky cyber behaviours and can, in turn, make themselves and the organisations that they work for vulnerable. Attempting to change end-user behaviour through training programs has become common practice in many organisations, a trend that is reflected in the academic literature as well. While a variety of literature reviews on the topic are available, an assessment of the effectiveness of these training programs through a meta-analysis has so far not been conducted. We carried out a meta-analysis based on a systematic literature review on the topic and an updated literature search in order to assess the overall effectiveness of cybersecurity training programs. We identified 69 studies that were eligible for inclusion.</div><div>Our analysis shows that training overall has a positive effect on end-users (<em>d</em> = 0.75, 95%CI [0.58, 0.92]), particularly when assessing predictors of behaviour such as attitudes or knowledge (<em>d</em> = 1.02, 95%CI [0.58, 1.46]). Interestingly, studies assessing changes in behaviour are not able to match these results (<em>d</em> = 0.36, 95%CI [-0.09, 0.80]), showcasing a clear inability of current training approaches to change behaviour. The effect sizes obtained in this meta-analysis can act as smallest effect sizes of interest (SESOIs) for future research on end-user cybersecurity training. Further findings with regards to the effectiveness of individual training methods and other moderators are discussed.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"150 ","pages":"Article 104206"},"PeriodicalIF":4.8,"publicationDate":"2024-11-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143142733","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
扫码关注我们
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号