Computers & Security最新文献

Amidst the rapid development of the software industry and the burgeoning open-source culture, vulnerability detection within the software security domain has emerged as an ever-expanding area of focus. In recent years, the rapid advancement of artificial intelligence, particularly the notable progress in deep learning for pattern recognition and natural language processing, has catalyzed a surge in research endeavors exploring the integration of deep learning for the enhancement of vulnerability detection techniques. In this paper, we investigate contemporary deep learning-based source code analysis methods, with a concentrated emphasis on those pertaining to static code vulnerability detection. We categorize these methods based on various representations of source code employed during the preprocessing stage, including token-based and graph-based representations of source code, and further subdivided based on the types of deep learning algorithms or graph representations employed. We summarize the basic processes of model training and vulnerability detection under these different representation formats. Furthermore, we explore the limitations inherent in current approaches and provide insights into future trends and challenges for research in this field.

Cyber-physical systems (CPSs) are essential to the contemporary industrial landscape, performing a central role in improving productivity, mechanization, and innovation across several sectors. These systems are the conflux of physical processes and digital mechanics, developing a symbiotic integration with numerous benefits. Communication technologies play a very significant role in CPSs by facilitating real-time data exchange, coordination, and coherent integration. 5G and Beyond communication technologies are contributing significantly to CPS by facilitating ultra-fast, low-latency connectedness. They also improve real-time transfer, enabling better control and supervision of physical processes. In this paper, the authors emphasized the security aspects of 5G and beyond CPSs. The significance of the domain is derived by studying the various application domains of the CPSs and literature published on CPS security. The major threats attempted on 5G and beyond CPS are discussed in detail along with the taxonomy of the exiting security solutions by covering the aspects of assessment of cyber-attacks emanation, CPS attack prototyping, attack identification, and development of security architectures. The authors also presented the major challenges occurring in the deployment of CPS applications, key research domains, and major issues in 5G and beyond CPS security. The security landscape of 6G CPS applications is also discussed in brief with key challenges.

Wireless Sensor Networks (WSNs) are susceptible to various security threats owing to its deployment in hostile environments. Intrusion detection system (IDS) contributes a critical role on securing WSNs by identifying malevolent activities and ensuring data integrity. Traditional IDS techniques often struggle with the dynamic and resource-constrained nature of WSNs. In this paper, Dynamically Stabilized Recurrent Neural Network Optimized with Intensified Sand Cat Swarm Optimization for Wireless Sensor Network Intrusion identification (DSRNN-ISCOA-ID-WSN) is proposed. Initially, the input data is amassed from WSN-DS dataset. After that, the pre-processing segment receives the data. In pre-processing stage, redundant and biased records are removed from input data with the help of Adaptive multi-scale improved differential filter (AMSIDF). Then the optimal are selected by utilizing Wolf-Bird Optimization Algorithm (WBOA). DSRNN is used to classify the data as Normal, Grey hole, Black hole, Time division multiple access (TDMA), and Flooding attacks. Then Intensified Sand Cat Swarm Optimization (ISCOA) is employed to optimize the weight parameters of DSRNN for accuracte classification. The proposed DSRNN-ISCOA-ID-WSN technique is implemented Python. The performance of the proposed DSRNN-ISCOA-ID-WSN approach attains 29.24 %, 33.45 %, and 28.73 % high accuracy; 30.53 %, 27.64 %, and 26.25 % higher precision when compared with existing method such as Machine Learning-Powered Stochastic Gradient Descent Intrusions Detection System for WSN Attacks (SGDA-ID-WSN), An updated dataset to identify threats in WSN (CNN-ID-WSN) and Denial-of-Service attack detection in WSN: a Low-Complexity Machine Learning Model (DTA-ID-WSN) respectively.

The domain name system (DNS) serves as a fundamental component of the Internet infrastructure, but it is also exploited by attackers in various cyber-crimes, underscoring the significance of malicious domain detection (MDD). Recent advances show that graph-based models exhibit potential for inferring malicious domains and demonstrate superior performance. However, acquiring large-scale and high-quality graph datasets for MDD proves challenging for individual security institutes. Hence, a promising research direction involves employing vertical federated graph learning scheme to unite diverse security institutes and enhance local datasets resulting in more robust and powerful detection models. Nonetheless, directly applying vertical federated graph neural networks for MDD confronts challenges posed by noisy labels and noisy edges among security institutes, which ultimately diminish detection performance. This paper introduces a novel vertical federated learning framework, called MDD-FedGNN, that applies contrastive learning with two different encoders to deal with noisy labels and employs a new loss function based on the information bottleneck theory to handle noisy edges. Comparative experiments are conducted on a publicly available DNS dataset to evaluate the effectiveness of MDD-FedGNN in addressing the challenges of noisy labels and edges in vertical federated graph learning. The results demonstrate that MDD-FedGNN outperforms baseline methods, confirming the feasibility of training more powerful malicious domain detection models through data sharing and vertical federated learning among different security agencies.

With the increasing size and complexity of network, network traffic becomes more and more correlated with each other, and the traditional manner of presenting network traffic in a Euclidean structure is difficult to effectively capture the correlation information of network traffic. In contrast, graph structured data has gained much attention in recent years due to its ability to represent the correlation between different traffic flows; In addition, models and algorithms related to Graph Convolution Neural network (GCN) have been used for malicious traffic detection. However, existing GCN-based malicious traffic detection methods still suffer from incomplete description of the flow-level features of network traffic, imperfect traffic correlation establishment mechanism and failure to distinguish the importance of features during model training. Based on this, this study proposes a malicious traffic detection method called GCN-MHSA based on Graph Convolutional Neural network and Multi-Head Self-Attention mechanism. Firstly, the flow-level features of network traffic are populated and more information close to the features are selected to describe the network traffic; And then, the link homogeneity is used to establish the correlations between network traffic; Moreover, multi-head self-attention mechanism is introduced in the GCN model to provide larger weight to important features; Finally, an improved GCN is used as a deep learning model to detect malicious traffic. Extensive experimental results on three publicly available network traffic datasets and a real network traffic dataset show that the proposed GCN-MHSA method performs better than five baselines in terms of detection effect and stability, with an improvement of about 2.4% in accuracy, recall and F1-measure as well as an improvement of about 2.1% in precision.

In light of the rising threats of cyberattacks on critical infrastructures, cybersecurity has become a high priority for government agencies worldwide. In particular, the severity of cyberattacks could lead to devastating consequences for national security, economic growth, and public health and safety. While earlier studies have examined several factors related to detecting, preventing, and predicting cyberattacks on critical infrastructures, they have largely neglected to consider the severity aspect of these attacks. This study aims to bridge this research gap by examining the factors that influence the severity of cyberattacks on critical infrastructures. To achieve this, we analyze 897 reported attacks on critical infrastructures to examine the impact of incident type, ransomware, zero-day vulnerability, attacker type, conflict type, initial access vector, and the number of targeted countries on the severity of these cyberattacks. The results show that cyberattacks employing ransomware and initiated by nation-state actors have the most impact on severity. On the contrary, cyberattacks that include data theft, disruption, hijacking with or without misuse, involve multiple types of conflict, and target the energy and finance sectors have the least impact on the severity of attacks. To gain further insight into these results, we perform sub-analyses on the metrics that makeup severity. Findings show that cyberattacks on the health sector are more vulnerable to data theft of sensitive information compared to other sectors. Also, nation-state-led attacks are more likely to involve data theft of sensitive information and long-term disruptions. Finally, as years progress, the results generally indicate a decreasing likelihood of attacks involving data theft of sensitive information and hijacking with misuse.

To prevent tracking, the Bluetooth Low Energy (BLE) protocol integrates privacy mechanisms such as address randomization. However, as highlighted by previous researches address randomization is not a silver bullet and can be circumvented by exploiting other types of information disclosed by the protocol such as counters or timing. In this work, we propose two novel attack to break address randomization in BLE exploiting side information in the form of Received Signal Strength Indication (RSSI). More precisely, we demonstrate how RSSI measurements, extracted from received BLE advertising packets, can be used to link together the traces emitted by the same device or directly re-identify it despite address randomization. The proposed attacks leverage the distribution of RSSI to create a fingerprint of devices with an empirical evaluation on various scenarios demonstrating their effectiveness. For instance in the static context, in which devices remain at the same position, the proposed approach yields a re-identification accuracy of up to 97%, which can even be boosted to perfect accuracy by increasing the number of receivers controlled by the adversary. We also discuss the factors influencing the success of the attacks and evaluate two possible countermeasures whose effectiveness is limited, highlighting the difficulty in mitigating this threat.

Artificial Intelligence (AI) technology is revolutionizing the digital world and becoming the cornerstone of the modern digital systems. The capabilities of cybercriminals are expanding as they adopt new technologies like zero-day exploits or new business models such as hacker-as-a-service. While AI capabilities can improve cybersecurity measures, this same technology can also be utilized as an offensive cyber weapon to create sophisticated and intricate cyber-attacks. This paper describes an AI-powered mechanism for the automatic generation of attack techniques, ranging from initial attack vectors to impact-related actions. It presents a comprehensive analysis of simulated attacks by highlighting the attack tactics and techniques that are more likely to be generated using AI technology, specifically Large Language Model (LLM) technology. The work empirically demonstrates that LLM technology can be easily used by cybercriminals for attack execution. Moreover, the solution can complement Breach and Attack Simulation (BAS) platforms and frameworks that automate the security assessment in a controlled manner. BAS could be enhanced with AI-powered attack simulation by bringing forth new ways to automatically program multiple attack techniques, even multiple versions of the same attack technique. Therefore, AI-enhanced attack simulation can assist in ensuring digital systems are bulletproof and protected against a great variety of attack vectors and actions.

The evolution of cloud computing has revolutionized how users access services, simplifying the development and deployment of applications across various industries. With its pervasive adoption, robust security measures become imperative. Integrating Intrusion Detection Systems (IDSs) into cloud computing and Wireless Sensor Networks (WSNs) addresses these challenges. IDSs serve as attentive protectors, monitoring network traffic and responding to breaches promptly, enhancing security across industries reliant on cloud services. Similarly, IDS integration in WSNs ensures the security of mission-critical operations, despite resource constraints and dynamic topologies, facilitated by cloud computing. This research proposes a hybrid IDS approach, leveraging the NSL-KDD dataset and methodologies like Intrusion Support Scalar Impact Rate (ISSIR), Optimized Support Vector Machine (OSVM), Extended Long-Short-Term Memory (ELSTM), and Multilayer Perceptron Neural Network (MLPNN), enhancing intrusion detection efficacy. ISSIR aids in feature selection, OSVM mitigates localization errors, ELSTM enables precise anomaly detection, and MLPNN provides robust defense mechanisms. Each method is integrated into a collaborative framework to address specific challenges in detecting intrusions with higher accuracy and reduced false positives. The interplay between these methodologies strengthens the overall intrusion detection framework, addressing the dynamic nature of cybersecurity threats. Results demonstrate the superior performance of MLPNN across various metrics, showcasing its effectiveness in accurately predicting outcomes compared to other models. The proposed MLPNN hybrid system achieves an accuracy of 99.9%, surpassing state-of-the-art methods. This study underscores the significance of advancing IDSs in cloud computing and WSNs, offering insights into enhancing security and mitigating vulnerabilities in an interconnected digital landscape.

In the digitally connected world cybersecurity is paramount, phishing where attackers pose as trusted entities to steal sensitive data, looms large. The proliferation of phishing attacks on the internet poses a substantial threat to individuals and organizations, compromising sensitive information and causing financial and reputational damage. This study's goal is to establish an automated system for the early detection and prevention of phishing websites, thereby enhancing online security and protecting users from cyber threats. This research initially employs One Hot Encoding (OHE) mechanism-based pre-processing mechanism that converts every URL string into a numerical vector with a particular dimension. This study utilizes two feature selection techniques which are transfer learning-based feature extraction using DarkNet19 and Variational Autoencoder (VAE) to select the value of the most important feature. The robust security mechanisms are presented to prevent phishing attacks and safeguard personal information on websites. List-based deep learning-based systems to prevent and detect phishing URLs more efficiently. The study proposes a transformer-based Deep Belief Network (TB-DBN), a veritable pre-trained deep transformer network model for phishing behaviour detection. A cross-validation technique with grid search hyper-parameter tuning based on the Intelligence Binary Bat Algorithm (IBBA) was designed using the proposed hybrid model. Predictions were made to classify the phishing URLs using a probabilistic estimation guided boosting classifier model and evaluate their performance in terms of accuracy, precision, recall, specificity, and F1- score. The risk level associated with the URL will be assessed based on various factors, such as the source's reputation, content analysis results, and behavioural anomalies. The computational complexity of DL model training is influenced by various factors, such as the model's complexity, the training data's size, and the optimization algorithm exploited, for training. The outcome demonstrates that tweaking variables increases the effectiveness of Python-based deep learning systems. The findings of the proposed method excel, achieving an accuracy of 99.4 %, precision of 99.2 %, recall of 99.3 %, and an F1-score of 99.2 %. This innovative automatic phishing website detection and prevention model, based on a Transformer-based Deep Belief Network, offers advanced accuracy and adaptability, strengthening cybersecurity measures to safeguard sensitive user information and mitigate the substantial threat of phishing attacks in the digitally connected world.