Computers & Security最新文献

Effective anomaly detection in multivariate time series data is critical to ensuring the security of Internet of Things (IoT) devices and systems. However, building a high precision and low false positive rate anomaly detection model for the complex and volatile IoT environment is a challenging task. This is often due to issues such as a lack of anomaly labeling, high data volatility, and the complexity of device mechanisms. Traditional machine learning algorithms and sequence models frequently fail to account for feature correlation and temporal dependency in anomaly detection. Although deep learning-based anomaly detection methods have progressed, there is still room for improvement in precision, recall, and generalization ability. In this paper, we propose an anomaly detection model called Meta-MWDG to address these issues. The model is based on a multi-scale discrete wavelet decomposition and a dual graph attention network, which can effectively extract feature correlation and temporal dependency in multivariate time series data. Additionally, model-agnostic meta-learning (MAML) is introduced to improve the model’s generalization performance, enabling it to perform well on new tasks even with a few samples. A gated recurrent unit (GRU) is combined with a multi-head self-attention network to output both prediction and reconstruction results in a joint optimization strategy, improving the precision of anomaly detection. Extensive experimental studies demonstrate that Meta-MWDG outperforms the state-of-the-art methods in anomaly detection.

With the gradual expansion of Android systems from mobile phones to intelligent devices, a huge amount of malware has been found every year. To improve the malware detection performance and reduce its reliance on expert experience, deep learning technology has been widely used. However, as the complexity of deep learning models continues to increase, it rapidly increases the consumption of hardware resources. At the same time, anti-detection technology such as Generative Adversarial Networks (GANs) are widely used to evade Artificial Intelligence (AI)-based detection methods. In this paper, we propose a new classification model based on an improved lightweight neural network that can effectively improve the execution efficiency and detection performance of malware detection methods against adversarial malware samples. First, our method uses local-information-entropy-based image generation technology to construct effective image feature vectors. Then, the performance of the lightweight neural network model ESPNetV2 is improved from four aspects. Finally, a new adversarial malware generation model called Mal-WGANGP is proposed. It can automatically generate a large number of adversarial samples to robust our model. In order to evaluate our method, we construct several experiments and compare the detection performance of our method with 19 other novel efficient neural network detection models. Experimental results show that our image enhancement method and detection model have the highest detection accuracy of adversarial samples.

The Controller Area Network (CAN) is widely used in automobiles to interconnect safety-critical electronic control units (ECUs). Unfortunately, CAN does not have inherent security mechanisms as originally designed, which has drawn significant attention from the research community. Currently, the mainstream CAN protection strategy is the Intrusion Detection System (IDS). However, many statistics-based IDSs are unable to identify the identifier (ID) of the attacked message; they can only identify anomalies within a specific time window. Moreover, these systems are often tested solely on public datasets, lacking theoretical validation of their effectiveness. To address these shortcomings, we propose a real-time intrusion detection system based on a dynamic graph. The graph is dynamically constructed based on the arrival of messages, and features are extracted concurrently. By utilizing the distribution of features extracted during the offline phase, our system achieves real-time detection of incoming messages and identifies the ID of the attacked message. Additionally, we introduce a method to theoretically validate the detection system through permutation and probabilistic statistical analysis. Experiments and theoretical analysis demonstrate that our proposed IDS can effectively detect a wide range of attacks with reduced detection time and memory usage.

Despite advancements in security technology, the prevalence of insider threats has been on the rise in recent years. Organizations implement Information Security Policies (ISPs) that outline the expected security-related behavior and compliance standards for employees. Ensuring and enhancing ISP compliance and reducing violations is crucial for organizations to maintain their security posture. This Systematic Literature Review (SLR) aims to synthesize the existing research on ISP compliance and violations to identify the underlying factors behind employee policy violations and delve into the factors that promote compliance with ISPs. In order to provide a theoretical foundation for understanding these behaviors, this SLR identifies the prominent theories used to explain ISP compliance and violation. A comprehensive search is conducted across different academic databases, applying defined inclusion and exclusion criteria to select the relevant studies between 2012 and 2023. To understand intentional violations, we categorize and analyze studies on ISP violations based on Moral Disengagement, Neutralization and Deterrence, Stress, and Monitoring mechanisms. For ISP compliance, we categorize and analyze studies based on individual-level decision-making and organizational-level factors. We identified forty-seven factors that influence compliance behavior and forty-one factors that determine non-compliance behavior. Fourteen common factors were identified from prior literature, which were determinants of both compliance and violation behaviors, with opposite directions of influence. By considering both compliance and noncompliance simultaneously, organizations can develop more effective strategies for enhancing compliance and mitigating noncompliance.

Cybersecurity breaches within the Internet of Vehicles (IoV) have been increasingly reported annually with the proliferation of intelligent connected vehicles. Two primary obstacles are faced by current intrusion detection systems: substantial computational demands and stringent data privacy regulations, complicating both efficient deployment and the safeguarding of data privacy. Consequently, there is a pressing need for intrusion detection solutions that are both efficient and considerate of privacy concerns. This paper introduces FED-IoV, an innovative intrusion detection method tailored for the IoV, leveraging a federated learning architecture. FED-IoV aims to collaboratively perform detection tasks across distributed edge devices, thereby minimizing data privacy risks. Vehicular communication traffic data is transformed into images, and a bespoke, efficient model, MobileNet-Tiny, is employed for feature extraction, rendering FED-IoV capable of achieving high detection accuracy whilst being viable for deployment on devices with limited resources. Through evaluation against the authoritative datasets CAN-Intrusion and CICIDS2017, exceptional accuracy rates of 98.51 % and 97.74 %, respectively, were demonstrated by FED-IoV within a federated learning context, and excellent detection capabilities on imbalanced datasets were also shown. Moreover, a prediction latency of under 10 milliseconds per sample was maintained on devices with limited computational power, such as the Raspberry Pi 4 8GB, showcasing significantly better accuracy and real-time performance relative to existing approaches. The successful deployment of FED-IoV ushers in a novel, privacy-preserving, and efficient intrusion detection solution for IoV security.

Although sport has become an important topic in management research, academics have not fully examined the area of cybersecurity and its strategic relevance in sports management, in particular in and for sports events. In the present study, we examined the relationship between sports and cybersecurity and conducted an integrative literature review that categorizes the research that has been published to date, based on technology-organisation-environment (TOE) framework. The findings show that the role of cybersecurity in and for sports events is a heavily under-researched area that provides an abundance of scientific opportunities. It is also one that deserves further attention, because cyber-attacks on sports events and associated organisations are increasing. Our integrative literature review offers a more structured understanding of this field of investigation and led to the development of a comprehensive research agenda at the intersection between sports management and information security. As one of the first studies to use a literature review that specifically focuses on cybersecurity in and for sports events, we advance the state-of-the-art scholarship in this critical space, and we take the first step to disseminate best practices in cybersecurity and sports management.

The Incident Management (IM) process is one of the core activities for increasing the overall security level of organizations and better responding to cyber attacks. Different security frameworks (such as ITIL and ISO 27035) provide guidelines for designing and properly implementing an effective IM process. Currently, assessing the compliance of the actual process implemented by an organization with such frameworks is a complex task. The assessment is mainly manually performed and requires much effort in the analysis and evaluation. In this paper, we first propose a taxonomy of compliance deviations to classify and prioritize the impacts of non-compliant causes. We combine trace alignment techniques with a new proposed cost model for the analysis of process deviations rather than process traces to prioritize interventions. We put these contributions into use in a system that automatically assesses the IM process compliance with a reference process model (e.g., the one described in the chosen security framework). It supports the auditor with increased awareness of process issues to make more focused decisions and improve the process’s effectiveness. We propose a benchmark validation for the model, and we show the system’s capability through a usage scenario based on a publicly available dataset of a real IM log. The source code of all components, including the code used for benchmarking, is publicly available as open source on GitHub.

With the development of information technology, many devices are connected and automated by networks. Unmanned Areal Vehicles (UAVs), commonly known as drones, are one of the most popular devices that can perform various tasks. However, the risk of cyberattacks on UAVs is increasing as UAV utilization grows. These cyberattacks can cause serious safety problems, such as crashes. Therefore, it is essential to detect these attacks and take countermeasures. As a countermeasure, intrusion detection system (IDS) is widely adopted. To implement IDS for UAVs, it should be lightweight and be able to detect unknown attacks as a requirement. We propose GAN-based UAV IDS Enhancement (GUIDE) to meet the requirements. The GUIDE employs a generative adversarial network (GAN) for integer-valued sequence data augmentation to enhance an IDS’s performance on known and unknown attacks. We used five GANs: SeqGAN, MaskGAN, RankGAN, StepGAN, and LeakGAN; we used four non-learning augmentation methods for the comparative experiment: oversampling, undersampling, noise addition, and random generation. The experimental results demonstrated that the synthetic data generated by GANs improved the detection of known attacks (up to 37 percentage points) and unknown attacks (up to 30 percentage points) while maintaining stable IDS performance. We also analyzed the synthetic data by employing Jensen–Shannon divergence, synthetic ranking agreement, and visualization; we confirmed that the synthetic data contained the characteristics of real data and could be used for training the IDS.

In the digital transformation of the banking sector, incorporating advanced technologies such as cloud computing, big data analytics, artificial intelligence, and blockchain has revolutionized financial services. However, this rapid digitalization brings significant data privacy and cybersecurity challenges. This study investigates the challenges banks have maintaining data privacy and cybersecurity while implementing new technologies, how they perceive these challenges, and what steps they take to reduce the risks involved. This qualitative study uses thematic analysis to examine interviews conducted with IT specialists in the banking sector. NVivo 14 software is employed to identify key themes and patterns related to the challenges, perceptions, and strategies regarding data privacy and cybersecurity in technology adoption. The findings reveal that the primary challenges faced by banks include integrating legacy systems, evolving compliance management, managing vendor risks, maintaining customer confidence, and mitigating emerging risks. Banks perceive robust data privacy and cybersecurity as critical for competitive advantage, regulatory compliance, and customer trust. Strategies include robust access controls, continuous threat monitoring, employee training, regulatory compliance with governance frameworks, and data encryption. This study provides original insights into the specific challenges and strategies related to data privacy and cybersecurity faced by banks. It contributes to the existing literature by highlighting the unique context of the banking sector and employing qualitative analysis to uncover nuanced perceptions and practices of IT specialists.

The Internet of Things (IoT) is rapidly expanding, bringing unprecedented opportunities and significant security risks. Among the most appealing attacks on IoT are botnets, typically utilized for Distributed Denial of Service (DDoS) attacks, identity theft, malware distribution, fraud, and spamming. Early detection and mitigation are crucial considering the nature of IoT devices and botnets. Many of these methods deploy machine learning, such as supervised, unsupervised, and deep learning. As IoT devices generate a massive amount of data of high dimensions, not all data contain valuable information. Feeding data without preprocessing might degrade the quality of the detection model. Thus, optimization methods are needed to determine the subsets of the most relevant features to the detection process. This study utilized the effectiveness of Equilibrium Optimization (EO), Battle Royale Optimization (BRO), and Adaptive Equilibrium Optimization (AEO) for feature selection in detecting IoT botnets using the N-BaIoT dataset. The performance of the selected features is evaluated using three classifiers: K Nearest Neighbor (KNN), Random Forest (RF), and Gaussian Naive Bayes (GNB) considering metrics such as number of features, accuracy, sensitivity, specificity, True Positive Rate (TPR), False Positive Rate (FPR), and time required for feature selection. Our findings indicate the competitive performance of EO and AEO in terms of runtime, number of features selected, and accuracy, compared to recent works on the same dataset.