Pub Date : 2024-09-03DOI: 10.1016/j.cose.2024.104098
Amidst the rapid development of the software industry and the burgeoning open-source culture, vulnerability detection within the software security domain has emerged as an ever-expanding area of focus. In recent years, the rapid advancement of artificial intelligence, particularly the notable progress in deep learning for pattern recognition and natural language processing, has catalyzed a surge in research endeavors exploring the integration of deep learning for the enhancement of vulnerability detection techniques. In this paper, we investigate contemporary deep learning-based source code analysis methods, with a concentrated emphasis on those pertaining to static code vulnerability detection. We categorize these methods based on various representations of source code employed during the preprocessing stage, including token-based and graph-based representations of source code, and further subdivided based on the types of deep learning algorithms or graph representations employed. We summarize the basic processes of model training and vulnerability detection under these different representation formats. Furthermore, we explore the limitations inherent in current approaches and provide insights into future trends and challenges for research in this field.
{"title":"Survey of source code vulnerability analysis based on deep learning","authors":"","doi":"10.1016/j.cose.2024.104098","DOIUrl":"10.1016/j.cose.2024.104098","url":null,"abstract":"<div><p>Amidst the rapid development of the software industry and the burgeoning open-source culture, vulnerability detection within the software security domain has emerged as an ever-expanding area of focus. In recent years, the rapid advancement of artificial intelligence, particularly the notable progress in deep learning for pattern recognition and natural language processing, has catalyzed a surge in research endeavors exploring the integration of deep learning for the enhancement of vulnerability detection techniques. In this paper, we investigate contemporary deep learning-based source code analysis methods, with a concentrated emphasis on those pertaining to static code vulnerability detection. We categorize these methods based on various representations of source code employed during the preprocessing stage, including token-based and graph-based representations of source code, and further subdivided based on the types of deep learning algorithms or graph representations employed. We summarize the basic processes of model training and vulnerability detection under these different representation formats. Furthermore, we explore the limitations inherent in current approaches and provide insights into future trends and challenges for research in this field.</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":null,"pages":null},"PeriodicalIF":4.8,"publicationDate":"2024-09-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142163025","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-09-02DOI: 10.1016/j.cose.2024.104095
Cyber-physical systems (CPSs) are essential to the contemporary industrial landscape, performing a central role in improving productivity, mechanization, and innovation across several sectors. These systems are the conflux of physical processes and digital mechanics, developing a symbiotic integration with numerous benefits. Communication technologies play a very significant role in CPSs by facilitating real-time data exchange, coordination, and coherent integration. 5G and Beyond communication technologies are contributing significantly to CPS by facilitating ultra-fast, low-latency connectedness. They also improve real-time transfer, enabling better control and supervision of physical processes. In this paper, the authors emphasized the security aspects of 5G and beyond CPSs. The significance of the domain is derived by studying the various application domains of the CPSs and literature published on CPS security. The major threats attempted on 5G and beyond CPS are discussed in detail along with the taxonomy of the exiting security solutions by covering the aspects of assessment of cyber-attacks emanation, CPS attack prototyping, attack identification, and development of security architectures. The authors also presented the major challenges occurring in the deployment of CPS applications, key research domains, and major issues in 5G and beyond CPS security. The security landscape of 6G CPS applications is also discussed in brief with key challenges.
{"title":"A new generation cyber-physical system: A comprehensive review from security perspective","authors":"","doi":"10.1016/j.cose.2024.104095","DOIUrl":"10.1016/j.cose.2024.104095","url":null,"abstract":"<div><p>Cyber-physical systems (CPSs) are essential to the contemporary industrial landscape, performing a central role in improving productivity, mechanization, and innovation across several sectors. These systems are the conflux of physical processes and digital mechanics, developing a symbiotic integration with numerous benefits. Communication technologies play a very significant role in CPSs by facilitating real-time data exchange, coordination, and coherent integration. 5G and Beyond communication technologies are contributing significantly to CPS by facilitating ultra-fast, low-latency connectedness. They also improve real-time transfer, enabling better control and supervision of physical processes. In this paper, the authors emphasized the security aspects of 5G and beyond CPSs. The significance of the domain is derived by studying the various application domains of the CPSs and literature published on CPS security. The major threats attempted on 5G and beyond CPS are discussed in detail along with the taxonomy of the exiting security solutions by covering the aspects of assessment of cyber-attacks emanation, CPS attack prototyping, attack identification, and development of security architectures. The authors also presented the major challenges occurring in the deployment of CPS applications, key research domains, and major issues in 5G and beyond CPS security. The security landscape of 6G CPS applications is also discussed in brief with key challenges.</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":null,"pages":null},"PeriodicalIF":4.8,"publicationDate":"2024-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142148686","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-09-01DOI: 10.1016/j.cose.2024.104094
Wireless Sensor Networks (WSNs) are susceptible to various security threats owing to its deployment in hostile environments. Intrusion detection system (IDS) contributes a critical role on securing WSNs by identifying malevolent activities and ensuring data integrity. Traditional IDS techniques often struggle with the dynamic and resource-constrained nature of WSNs. In this paper, Dynamically Stabilized Recurrent Neural Network Optimized with Intensified Sand Cat Swarm Optimization for Wireless Sensor Network Intrusion identification (DSRNN-ISCOA-ID-WSN) is proposed. Initially, the input data is amassed from WSN-DS dataset. After that, the pre-processing segment receives the data. In pre-processing stage, redundant and biased records are removed from input data with the help of Adaptive multi-scale improved differential filter (AMSIDF). Then the optimal are selected by utilizing Wolf-Bird Optimization Algorithm (WBOA). DSRNN is used to classify the data as Normal, Grey hole, Black hole, Time division multiple access (TDMA), and Flooding attacks. Then Intensified Sand Cat Swarm Optimization (ISCOA) is employed to optimize the weight parameters of DSRNN for accuracte classification. The proposed DSRNN-ISCOA-ID-WSN technique is implemented Python. The performance of the proposed DSRNN-ISCOA-ID-WSN approach attains 29.24 %, 33.45 %, and 28.73 % high accuracy; 30.53 %, 27.64 %, and 26.25 % higher precision when compared with existing method such as Machine Learning-Powered Stochastic Gradient Descent Intrusions Detection System for WSN Attacks (SGDA-ID-WSN), An updated dataset to identify threats in WSN (CNN-ID-WSN) and Denial-of-Service attack detection in WSN: a Low-Complexity Machine Learning Model (DTA-ID-WSN) respectively.
{"title":"Dynamically stabilized recurrent neural network optimized with intensified sand cat swarm optimization for intrusion detection in wireless sensor network","authors":"","doi":"10.1016/j.cose.2024.104094","DOIUrl":"10.1016/j.cose.2024.104094","url":null,"abstract":"<div><p>Wireless Sensor Networks (WSNs) are susceptible to various security threats owing to its deployment in hostile environments. Intrusion detection system (IDS) contributes a critical role on securing WSNs by identifying malevolent activities and ensuring data integrity. Traditional IDS techniques often struggle with the dynamic and resource-constrained nature of WSNs. In this paper, Dynamically Stabilized Recurrent Neural Network Optimized with Intensified Sand Cat Swarm Optimization for Wireless Sensor Network Intrusion identification (DSRNN-ISCOA-ID-WSN) is proposed. Initially, the input data is amassed from WSN-DS dataset. After that, the pre-processing segment receives the data. In pre-processing stage, redundant and biased records are removed from input data with the help of Adaptive multi-scale improved differential filter (AMSIDF). Then the optimal are selected by utilizing Wolf-Bird Optimization Algorithm (WBOA). DSRNN is used to classify the data as Normal, Grey hole, Black hole, Time division multiple access (TDMA), and Flooding attacks. Then Intensified Sand Cat Swarm Optimization (ISCOA) is employed to optimize the weight parameters of DSRNN for accuracte classification. The proposed DSRNN-ISCOA-ID-WSN technique is implemented Python. The performance of the proposed DSRNN-ISCOA-ID-WSN approach attains 29.24 %, 33.45 %, and 28.73 % high accuracy; 30.53 %, 27.64 %, and 26.25 % higher precision when compared with existing method such as Machine Learning-Powered Stochastic Gradient Descent Intrusions Detection System for WSN Attacks (SGDA-ID-WSN), An updated dataset to identify threats in WSN (CNN-ID-WSN) and Denial-of-Service attack detection in WSN: a Low-Complexity Machine Learning Model (DTA-ID-WSN) respectively.</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":null,"pages":null},"PeriodicalIF":4.8,"publicationDate":"2024-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142172865","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-08-31DOI: 10.1016/j.cose.2024.104093
The domain name system (DNS) serves as a fundamental component of the Internet infrastructure, but it is also exploited by attackers in various cyber-crimes, underscoring the significance of malicious domain detection (MDD). Recent advances show that graph-based models exhibit potential for inferring malicious domains and demonstrate superior performance. However, acquiring large-scale and high-quality graph datasets for MDD proves challenging for individual security institutes. Hence, a promising research direction involves employing vertical federated graph learning scheme to unite diverse security institutes and enhance local datasets resulting in more robust and powerful detection models. Nonetheless, directly applying vertical federated graph neural networks for MDD confronts challenges posed by noisy labels and noisy edges among security institutes, which ultimately diminish detection performance. This paper introduces a novel vertical federated learning framework, called MDD-FedGNN, that applies contrastive learning with two different encoders to deal with noisy labels and employs a new loss function based on the information bottleneck theory to handle noisy edges. Comparative experiments are conducted on a publicly available DNS dataset to evaluate the effectiveness of MDD-FedGNN in addressing the challenges of noisy labels and edges in vertical federated graph learning. The results demonstrate that MDD-FedGNN outperforms baseline methods, confirming the feasibility of training more powerful malicious domain detection models through data sharing and vertical federated learning among different security agencies.
{"title":"MDD-FedGNN: A vertical federated graph learning framework for malicious domain detection","authors":"","doi":"10.1016/j.cose.2024.104093","DOIUrl":"10.1016/j.cose.2024.104093","url":null,"abstract":"<div><p>The domain name system (DNS) serves as a fundamental component of the Internet infrastructure, but it is also exploited by attackers in various cyber-crimes, underscoring the significance of malicious domain detection (MDD). Recent advances show that graph-based models exhibit potential for inferring malicious domains and demonstrate superior performance. However, acquiring large-scale and high-quality graph datasets for MDD proves challenging for individual security institutes. Hence, a promising research direction involves employing vertical federated graph learning scheme to unite diverse security institutes and enhance local datasets resulting in more robust and powerful detection models. Nonetheless, directly applying vertical federated graph neural networks for MDD confronts challenges posed by noisy labels and noisy edges among security institutes, which ultimately diminish detection performance. This paper introduces a novel vertical federated learning framework, called MDD-FedGNN, that applies contrastive learning with two different encoders to deal with noisy labels and employs a new loss function based on the information bottleneck theory to handle noisy edges. Comparative experiments are conducted on a publicly available DNS dataset to evaluate the effectiveness of MDD-FedGNN in addressing the challenges of noisy labels and edges in vertical federated graph learning. The results demonstrate that MDD-FedGNN outperforms baseline methods, confirming the feasibility of training more powerful malicious domain detection models through data sharing and vertical federated learning among different security agencies.</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":null,"pages":null},"PeriodicalIF":4.8,"publicationDate":"2024-08-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142150053","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-08-30DOI: 10.1016/j.cose.2024.104083
With the increasing size and complexity of network, network traffic becomes more and more correlated with each other, and the traditional manner of presenting network traffic in a Euclidean structure is difficult to effectively capture the correlation information of network traffic. In contrast, graph structured data has gained much attention in recent years due to its ability to represent the correlation between different traffic flows; In addition, models and algorithms related to Graph Convolution Neural network (GCN) have been used for malicious traffic detection. However, existing GCN-based malicious traffic detection methods still suffer from incomplete description of the flow-level features of network traffic, imperfect traffic correlation establishment mechanism and failure to distinguish the importance of features during model training. Based on this, this study proposes a malicious traffic detection method called GCN-MHSA based on Graph Convolutional Neural network and Multi-Head Self-Attention mechanism. Firstly, the flow-level features of network traffic are populated and more information close to the features are selected to describe the network traffic; And then, the link homogeneity is used to establish the correlations between network traffic; Moreover, multi-head self-attention mechanism is introduced in the GCN model to provide larger weight to important features; Finally, an improved GCN is used as a deep learning model to detect malicious traffic. Extensive experimental results on three publicly available network traffic datasets and a real network traffic dataset show that the proposed GCN-MHSA method performs better than five baselines in terms of detection effect and stability, with an improvement of about 2.4% in accuracy, recall and F1-measure as well as an improvement of about 2.1% in precision.
{"title":"GCN-MHSA: A novel malicious traffic detection method based on graph convolutional neural network and multi-head self-attention mechanism","authors":"","doi":"10.1016/j.cose.2024.104083","DOIUrl":"10.1016/j.cose.2024.104083","url":null,"abstract":"<div><p>With the increasing size and complexity of network, network traffic becomes more and more correlated with each other, and the traditional manner of presenting network traffic in a Euclidean structure is difficult to effectively capture the correlation information of network traffic. In contrast, graph structured data has gained much attention in recent years due to its ability to represent the correlation between different traffic flows; In addition, models and algorithms related to <u>G</u>raph <u>C</u>onvolution <u>N</u>eural network (GCN) have been used for malicious traffic detection. However, existing GCN-based malicious traffic detection methods still suffer from incomplete description of the flow-level features of network traffic, imperfect traffic correlation establishment mechanism and failure to distinguish the importance of features during model training. Based on this, this study proposes a malicious traffic detection method called GCN-MHSA based on <u>G</u>raph <u>C</u>onvolutional <u>N</u>eural network and <u>M</u>ulti-<u>H</u>ead <u>S</u>elf-<u>A</u>ttention mechanism. Firstly, the flow-level features of network traffic are populated and more information close to the features are selected to describe the network traffic; And then, the link homogeneity is used to establish the correlations between network traffic; Moreover, multi-head self-attention mechanism is introduced in the GCN model to provide larger weight to important features; Finally, an improved GCN is used as a deep learning model to detect malicious traffic. Extensive experimental results on three publicly available network traffic datasets and a real network traffic dataset show that the proposed GCN-MHSA method performs better than five baselines in terms of detection effect and stability, with an improvement of about 2.4% in accuracy, recall and F1-measure as well as an improvement of about 2.1% in precision.</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":null,"pages":null},"PeriodicalIF":4.8,"publicationDate":"2024-08-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142128397","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-08-29DOI: 10.1016/j.cose.2024.104074
In light of the rising threats of cyberattacks on critical infrastructures, cybersecurity has become a high priority for government agencies worldwide. In particular, the severity of cyberattacks could lead to devastating consequences for national security, economic growth, and public health and safety. While earlier studies have examined several factors related to detecting, preventing, and predicting cyberattacks on critical infrastructures, they have largely neglected to consider the severity aspect of these attacks. This study aims to bridge this research gap by examining the factors that influence the severity of cyberattacks on critical infrastructures. To achieve this, we analyze 897 reported attacks on critical infrastructures to examine the impact of incident type, ransomware, zero-day vulnerability, attacker type, conflict type, initial access vector, and the number of targeted countries on the severity of these cyberattacks. The results show that cyberattacks employing ransomware and initiated by nation-state actors have the most impact on severity. On the contrary, cyberattacks that include data theft, disruption, hijacking with or without misuse, involve multiple types of conflict, and target the energy and finance sectors have the least impact on the severity of attacks. To gain further insight into these results, we perform sub-analyses on the metrics that makeup severity. Findings show that cyberattacks on the health sector are more vulnerable to data theft of sensitive information compared to other sectors. Also, nation-state-led attacks are more likely to involve data theft of sensitive information and long-term disruptions. Finally, as years progress, the results generally indicate a decreasing likelihood of attacks involving data theft of sensitive information and hijacking with misuse.
{"title":"Examining the factors that impact the severity of cyberattacks on critical infrastructures","authors":"","doi":"10.1016/j.cose.2024.104074","DOIUrl":"10.1016/j.cose.2024.104074","url":null,"abstract":"<div><p>In light of the rising threats of cyberattacks on critical infrastructures, cybersecurity has become a high priority for government agencies worldwide. In particular, the severity of cyberattacks could lead to devastating consequences for national security, economic growth, and public health and safety. While earlier studies have examined several factors related to detecting, preventing, and predicting cyberattacks on critical infrastructures, they have largely neglected to consider the severity aspect of these attacks. This study aims to bridge this research gap by examining the factors that influence the severity of cyberattacks on critical infrastructures. To achieve this, we analyze 897 reported attacks on critical infrastructures to examine the impact of incident type, ransomware, zero-day vulnerability, attacker type, conflict type, initial access vector, and the number of targeted countries on the severity of these cyberattacks. The results show that cyberattacks employing ransomware and initiated by nation-state actors have the most impact on severity. On the contrary, cyberattacks that include data theft, disruption, hijacking with or without misuse, involve multiple types of conflict, and target the energy and finance sectors have the least impact on the severity of attacks. To gain further insight into these results, we perform sub-analyses on the metrics that makeup severity. Findings show that cyberattacks on the health sector are more vulnerable to data theft of sensitive information compared to other sectors. Also, nation-state-led attacks are more likely to involve data theft of sensitive information and long-term disruptions. Finally, as years progress, the results generally indicate a decreasing likelihood of attacks involving data theft of sensitive information and hijacking with misuse.</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":null,"pages":null},"PeriodicalIF":4.8,"publicationDate":"2024-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142148683","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-08-28DOI: 10.1016/j.cose.2024.104080
To prevent tracking, the Bluetooth Low Energy (BLE) protocol integrates privacy mechanisms such as address randomization. However, as highlighted by previous researches address randomization is not a silver bullet and can be circumvented by exploiting other types of information disclosed by the protocol such as counters or timing. In this work, we propose two novel attack to break address randomization in BLE exploiting side information in the form of Received Signal Strength Indication (RSSI). More precisely, we demonstrate how RSSI measurements, extracted from received BLE advertising packets, can be used to link together the traces emitted by the same device or directly re-identify it despite address randomization. The proposed attacks leverage the distribution of RSSI to create a fingerprint of devices with an empirical evaluation on various scenarios demonstrating their effectiveness. For instance in the static context, in which devices remain at the same position, the proposed approach yields a re-identification accuracy of up to 97%, which can even be boosted to perfect accuracy by increasing the number of receivers controlled by the adversary. We also discuss the factors influencing the success of the attacks and evaluate two possible countermeasures whose effectiveness is limited, highlighting the difficulty in mitigating this threat.
为防止跟踪,蓝牙低功耗(BLE)协议集成了地址随机化等隐私机制。然而,正如之前的研究强调的那样,地址随机化并非灵丹妙药,可以通过利用协议披露的其他类型信息(如计数器或定时)来规避。在这项工作中,我们提出了两种新型攻击方法,利用接收信号强度指示(RSSI)形式的侧信息破解 BLE 中的地址随机化。更确切地说,我们演示了如何利用从接收到的 BLE 广告数据包中提取的 RSSI 测量值将同一设备发出的轨迹联系在一起,或在地址随机化的情况下直接重新识别该设备。所提出的攻击利用 RSSI 的分布来创建设备指纹,在各种场景下的经验评估证明了其有效性。例如,在设备保持在同一位置的静态情况下,所提出的方法可获得高达 97% 的重新识别准确率,甚至可以通过增加敌方控制的接收器数量将准确率提高到完美水平。我们还讨论了影响攻击成功的因素,并评估了两种可能的应对措施,这两种措施的有效性有限,凸显了缓解这种威胁的难度。
{"title":"RSSI-based attacks for identification of BLE devices","authors":"","doi":"10.1016/j.cose.2024.104080","DOIUrl":"10.1016/j.cose.2024.104080","url":null,"abstract":"<div><p>To prevent tracking, the Bluetooth Low Energy (BLE) protocol integrates privacy mechanisms such as address randomization. However, as highlighted by previous researches address randomization is not a silver bullet and can be circumvented by exploiting other types of information disclosed by the protocol such as counters or timing. In this work, we propose two novel attack to break address randomization in BLE exploiting side information in the form of Received Signal Strength Indication (RSSI). More precisely, we demonstrate how RSSI measurements, extracted from received BLE advertising packets, can be used to link together the traces emitted by the same device or directly re-identify it despite address randomization. The proposed attacks leverage the distribution of RSSI to create a fingerprint of devices with an empirical evaluation on various scenarios demonstrating their effectiveness. For instance in the static context, in which devices remain at the same position, the proposed approach yields a re-identification accuracy of up to 97%, which can even be boosted to perfect accuracy by increasing the number of receivers controlled by the adversary. We also discuss the factors influencing the success of the attacks and evaluate two possible countermeasures whose effectiveness is limited, highlighting the difficulty in mitigating this threat.</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":null,"pages":null},"PeriodicalIF":4.8,"publicationDate":"2024-08-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S0167404824003857/pdfft?md5=88953779b10e7f0c6639a7004b3ee630&pid=1-s2.0-S0167404824003857-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142136838","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-08-28DOI: 10.1016/j.cose.2024.104077
Artificial Intelligence (AI) technology is revolutionizing the digital world and becoming the cornerstone of the modern digital systems. The capabilities of cybercriminals are expanding as they adopt new technologies like zero-day exploits or new business models such as hacker-as-a-service. While AI capabilities can improve cybersecurity measures, this same technology can also be utilized as an offensive cyber weapon to create sophisticated and intricate cyber-attacks. This paper describes an AI-powered mechanism for the automatic generation of attack techniques, ranging from initial attack vectors to impact-related actions. It presents a comprehensive analysis of simulated attacks by highlighting the attack tactics and techniques that are more likely to be generated using AI technology, specifically Large Language Model (LLM) technology. The work empirically demonstrates that LLM technology can be easily used by cybercriminals for attack execution. Moreover, the solution can complement Breach and Attack Simulation (BAS) platforms and frameworks that automate the security assessment in a controlled manner. BAS could be enhanced with AI-powered attack simulation by bringing forth new ways to automatically program multiple attack techniques, even multiple versions of the same attack technique. Therefore, AI-enhanced attack simulation can assist in ensuring digital systems are bulletproof and protected against a great variety of attack vectors and actions.
{"title":"Unleashing offensive artificial intelligence: Automated attack technique code generation","authors":"","doi":"10.1016/j.cose.2024.104077","DOIUrl":"10.1016/j.cose.2024.104077","url":null,"abstract":"<div><p>Artificial Intelligence (AI) technology is revolutionizing the digital world and becoming the cornerstone of the modern digital systems. The capabilities of cybercriminals are expanding as they adopt new technologies like zero-day exploits or new business models such as hacker-as-a-service. While AI capabilities can improve cybersecurity measures, this same technology can also be utilized as an offensive cyber weapon to create sophisticated and intricate cyber-attacks. This paper describes an AI-powered mechanism for the automatic generation of attack techniques, ranging from initial attack vectors to impact-related actions. It presents a comprehensive analysis of simulated attacks by highlighting the attack tactics and techniques that are more likely to be generated using AI technology, specifically Large Language Model (LLM) technology. The work empirically demonstrates that LLM technology can be easily used by cybercriminals for attack execution. Moreover, the solution can complement Breach and Attack Simulation (BAS) platforms and frameworks that automate the security assessment in a controlled manner. BAS could be enhanced with AI-powered attack simulation by bringing forth new ways to automatically program multiple attack techniques, even multiple versions of the same attack technique. Therefore, AI-enhanced attack simulation can assist in ensuring digital systems are bulletproof and protected against a great variety of attack vectors and actions.</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":null,"pages":null},"PeriodicalIF":4.8,"publicationDate":"2024-08-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S0167404824003821/pdfft?md5=50584419d0d6a55d9170eea75a91154b&pid=1-s2.0-S0167404824003821-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142122065","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-08-27DOI: 10.1016/j.cose.2024.104081
The evolution of cloud computing has revolutionized how users access services, simplifying the development and deployment of applications across various industries. With its pervasive adoption, robust security measures become imperative. Integrating Intrusion Detection Systems (IDSs) into cloud computing and Wireless Sensor Networks (WSNs) addresses these challenges. IDSs serve as attentive protectors, monitoring network traffic and responding to breaches promptly, enhancing security across industries reliant on cloud services. Similarly, IDS integration in WSNs ensures the security of mission-critical operations, despite resource constraints and dynamic topologies, facilitated by cloud computing. This research proposes a hybrid IDS approach, leveraging the NSL-KDD dataset and methodologies like Intrusion Support Scalar Impact Rate (ISSIR), Optimized Support Vector Machine (OSVM), Extended Long-Short-Term Memory (ELSTM), and Multilayer Perceptron Neural Network (MLPNN), enhancing intrusion detection efficacy. ISSIR aids in feature selection, OSVM mitigates localization errors, ELSTM enables precise anomaly detection, and MLPNN provides robust defense mechanisms. Each method is integrated into a collaborative framework to address specific challenges in detecting intrusions with higher accuracy and reduced false positives. The interplay between these methodologies strengthens the overall intrusion detection framework, addressing the dynamic nature of cybersecurity threats. Results demonstrate the superior performance of MLPNN across various metrics, showcasing its effectiveness in accurately predicting outcomes compared to other models. The proposed MLPNN hybrid system achieves an accuracy of 99.9%, surpassing state-of-the-art methods. This study underscores the significance of advancing IDSs in cloud computing and WSNs, offering insights into enhancing security and mitigating vulnerabilities in an interconnected digital landscape.
{"title":"Enhancing cybersecurity in cloud computing and WSNs: A hybrid IDS approach","authors":"","doi":"10.1016/j.cose.2024.104081","DOIUrl":"10.1016/j.cose.2024.104081","url":null,"abstract":"<div><p>The evolution of cloud computing has revolutionized how users access services, simplifying the development and deployment of applications across various industries. With its pervasive adoption, robust security measures become imperative. Integrating Intrusion Detection Systems (IDSs) into cloud computing and Wireless Sensor Networks (WSNs) addresses these challenges. IDSs serve as attentive protectors, monitoring network traffic and responding to breaches promptly, enhancing security across industries reliant on cloud services. Similarly, IDS integration in WSNs ensures the security of mission-critical operations, despite resource constraints and dynamic topologies, facilitated by cloud computing. This research proposes a hybrid IDS approach, leveraging the NSL-KDD dataset and methodologies like Intrusion Support Scalar Impact Rate (ISSIR), Optimized Support Vector Machine (OSVM), Extended Long-Short-Term Memory (ELSTM), and Multilayer Perceptron Neural Network (MLPNN), enhancing intrusion detection efficacy. ISSIR aids in feature selection, OSVM mitigates localization errors, ELSTM enables precise anomaly detection, and MLPNN provides robust defense mechanisms. Each method is integrated into a collaborative framework to address specific challenges in detecting intrusions with higher accuracy and reduced false positives. The interplay between these methodologies strengthens the overall intrusion detection framework, addressing the dynamic nature of cybersecurity threats. Results demonstrate the superior performance of MLPNN across various metrics, showcasing its effectiveness in accurately predicting outcomes compared to other models. The proposed MLPNN hybrid system achieves an accuracy of 99.9%, surpassing state-of-the-art methods. This study underscores the significance of advancing IDSs in cloud computing and WSNs, offering insights into enhancing security and mitigating vulnerabilities in an interconnected digital landscape.</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":null,"pages":null},"PeriodicalIF":4.8,"publicationDate":"2024-08-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142149983","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-08-25DOI: 10.1016/j.cose.2024.104071
In the digitally connected world cybersecurity is paramount, phishing where attackers pose as trusted entities to steal sensitive data, looms large. The proliferation of phishing attacks on the internet poses a substantial threat to individuals and organizations, compromising sensitive information and causing financial and reputational damage. This study's goal is to establish an automated system for the early detection and prevention of phishing websites, thereby enhancing online security and protecting users from cyber threats. This research initially employs One Hot Encoding (OHE) mechanism-based pre-processing mechanism that converts every URL string into a numerical vector with a particular dimension. This study utilizes two feature selection techniques which are transfer learning-based feature extraction using DarkNet19 and Variational Autoencoder (VAE) to select the value of the most important feature. The robust security mechanisms are presented to prevent phishing attacks and safeguard personal information on websites. List-based deep learning-based systems to prevent and detect phishing URLs more efficiently. The study proposes a transformer-based Deep Belief Network (TB-DBN), a veritable pre-trained deep transformer network model for phishing behaviour detection. A cross-validation technique with grid search hyper-parameter tuning based on the Intelligence Binary Bat Algorithm (IBBA) was designed using the proposed hybrid model. Predictions were made to classify the phishing URLs using a probabilistic estimation guided boosting classifier model and evaluate their performance in terms of accuracy, precision, recall, specificity, and F1- score. The risk level associated with the URL will be assessed based on various factors, such as the source's reputation, content analysis results, and behavioural anomalies. The computational complexity of DL model training is influenced by various factors, such as the model's complexity, the training data's size, and the optimization algorithm exploited, for training. The outcome demonstrates that tweaking variables increases the effectiveness of Python-based deep learning systems. The findings of the proposed method excel, achieving an accuracy of 99.4 %, precision of 99.2 %, recall of 99.3 %, and an F1-score of 99.2 %. This innovative automatic phishing website detection and prevention model, based on a Transformer-based Deep Belief Network, offers advanced accuracy and adaptability, strengthening cybersecurity measures to safeguard sensitive user information and mitigate the substantial threat of phishing attacks in the digitally connected world.
在数字互联的世界中,网络安全至关重要,而网络钓鱼(攻击者冒充可信实体窃取敏感数据)则是其中的隐患。网络钓鱼攻击在互联网上的扩散对个人和组织构成了巨大威胁,不仅会泄露敏感信息,还会造成经济和名誉损失。本研究的目标是建立一个自动系统,用于早期检测和预防网络钓鱼网站,从而加强网络安全,保护用户免受网络威胁。本研究最初采用基于 One Hot Encoding(OHE)机制的预处理机制,将每个 URL 字符串转换为具有特定维度的数字向量。本研究采用了两种特征选择技术,即使用 DarkNet19 进行基于迁移学习的特征提取和变异自动编码器(VAE)来选择最重要的特征值。本研究提出了稳健的安全机制,以防止网络钓鱼攻击并保护网站上的个人信息。基于列表的深度学习系统能更有效地预防和检测网络钓鱼网址。该研究提出了一种基于变换器的深度信念网络(TB-DBN),这是一种名副其实的用于网络钓鱼行为检测的预训练深度变换器网络模型。利用所提出的混合模型,设计了一种基于智能二进制蝙蝠算法(IBBA)的网格搜索超参数调整交叉验证技术。利用概率估计引导的提升分类器模型对钓鱼网址进行了预测分类,并从准确度、精确度、召回率、特异性和 F1- 分数等方面评估了其性能。与 URL 相关的风险级别将根据各种因素进行评估,如来源的声誉、内容分析结果和行为异常。DL 模型训练的计算复杂度受多种因素的影响,如模型的复杂度、训练数据的大小以及训练时使用的优化算法。结果表明,对变量进行调整可提高基于 Python 的深度学习系统的有效性。所提方法的结果非常出色,准确率达到 99.4%,精确率达到 99.2%,召回率达到 99.3%,F1 分数达到 99.2%。这种基于变形器深度信念网络的创新型网络钓鱼网站自动检测和预防模型具有先进的准确性和适应性,可加强网络安全措施,保护用户敏感信息,减轻数字互联世界中网络钓鱼攻击的巨大威胁。
{"title":"Automatic phishing website detection and prevention model using transformer deep belief network","authors":"","doi":"10.1016/j.cose.2024.104071","DOIUrl":"10.1016/j.cose.2024.104071","url":null,"abstract":"<div><p>In the digitally connected world cybersecurity is paramount, phishing where attackers pose as trusted entities to steal sensitive data, looms large. The proliferation of phishing attacks on the internet poses a substantial threat to individuals and organizations, compromising sensitive information and causing financial and reputational damage. This study's goal is to establish an automated system for the early detection and prevention of phishing websites, thereby enhancing online security and protecting users from cyber threats. This research initially employs One Hot Encoding (OHE) mechanism-based pre-processing mechanism that converts every URL string into a numerical vector with a particular dimension. This study utilizes two feature selection techniques which are transfer learning-based feature extraction using DarkNet19 and Variational Autoencoder (VAE) to select the value of the most important feature. The robust security mechanisms are presented to prevent phishing attacks and safeguard personal information on websites. List-based deep learning-based systems to prevent and detect phishing URLs more efficiently. The study proposes a transformer-based Deep Belief Network (TB-DBN), a veritable pre-trained deep transformer network model for phishing behaviour detection. A cross-validation technique with grid search hyper-parameter tuning based on the Intelligence Binary Bat Algorithm (IBBA) was designed using the proposed hybrid model. Predictions were made to classify the phishing URLs using a probabilistic estimation guided boosting classifier model and evaluate their performance in terms of accuracy, precision, recall, specificity, and F1- score. The risk level associated with the URL will be assessed based on various factors, such as the source's reputation, content analysis results, and behavioural anomalies. The computational complexity of DL model training is influenced by various factors, such as the model's complexity, the training data's size, and the optimization algorithm exploited, for training. The outcome demonstrates that tweaking variables increases the effectiveness of Python-based deep learning systems. The findings of the proposed method excel, achieving an accuracy of 99.4 %, precision of 99.2 %, recall of 99.3 %, and an F1-score of 99.2 %. This innovative automatic phishing website detection and prevention model, based on a Transformer-based Deep Belief Network, offers advanced accuracy and adaptability, strengthening cybersecurity measures to safeguard sensitive user information and mitigate the substantial threat of phishing attacks in the digitally connected world.</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":null,"pages":null},"PeriodicalIF":4.8,"publicationDate":"2024-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142136840","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}