Advances in Cybersecurity and Reliability

In recent years, the significant increase in financial and data losses impacting individuals and businesses has highlighted the pressing need to tackle cybersecurity challenges in today’s digital environment. As cyber threats continue to evolve, robust defence mechanisms are crucial for both government bodies and private sectors. The growing sophistication of such attacks requires the continual improvement of detection strategies to ensure their efficacy against evolving threats. Thorough assessments and regular updates of cybersecurity measures are vital in order to stay ahead of cybercriminals. This Special Issue explores the recent approaches that address cybersecurity-related issues, from countering cyberattacks to malware analysis strategies, as well as developing secure computer communication methods using cryptography and artificial intelligence techniques. Our objective is to raise awareness of these issues and to improve mitigation efforts. By fostering collaboration between businesses and law enforcement agencies, we can collectively protect against advanced cyber threats and safeguard sensitive information and financial assets.

The paper titled “Automated Mapping of Common Vulnerabilities and Exposures to MITRE ATT&CK Tactics” by Ioana Branescu, Octavian Grigorescu, and Mihai Dascalu addresses the challenge of linking Common Vulnerabilities and Exposures (CVEs) to MITRE ATT&CK tactics. The authors propose an automated approach using state-of-the-art transformer-based models, and the methodology involves training various architectures, including SecRoBERTa, SecBERT, CyBERT, TARS, and GPT-4, to map CVEs to one of the fourteen corresponding ATT&CK tactics. The results are promising, with SecRoBERTa achieving the highest F1 score (77.81%), and an in-depth error analysis was conducted to understand the model’s limitations. The code used for experiments is released as open source, contributing to bridging the gap between vulnerabilities and defence strategies in the cybersecurity landscape.

The paper “Countermeasure Strategies to Address Cybersecurity Challenges Amidst Major Crises in the Higher Education and Research Sector: An Organisational Learning Perspective” by Samreen Mahmood, Mehmood Chadhar, and Selena Firmin analyses counterstrategies to address cybersecurity challenges during major crises in the Higher Education and Research Sector (HERS); this is carried out using organizational learning loops. Through qualitative analysis and semi-structured interviews with cybersecurity experts and top managers, the study proposes a learning loop framework. Significant counterstrategies include introducing new policies, changing existing systems, partnering with other companies, integrating new software, enhancing employee learning, improving security, and monitoring and evaluating security measures. These counterstrategies not only address current crises, but also prepare the HERS for future cybersecurity challenges. The proposed model offers both theoretical and practical insights, aiding efficient cybersecurity mitigation during and after major crises.

The paper entitled “Identifying Malware Packers through Multilayer Feature Engineering in Static Analysis” by Ehab Alkhateeb, Ali Ghorbani, and Arash Habibi Lashkari addresses the critical challenge of identifying both known and unknown malware packers using static analysis. Packed malicious programs employ encryption and advanced techniques to obfuscate their payloads, rendering them elusive to antivirus (AV) scanners and security analysts. To tackle this problem, the authors propose an innovative malware packer classifier that has been specifically designed to adeptly identify packer families and to detect unknown packers in real-world scenarios. Their approach involves meticulous feature engineering, employing multiple layers of analysis to extract the salient features that are input into the classifier. This method not only demonstrates a remarkable accuracy rate of 99.6% for known packers, but also achieves a notable rate of 91% for unknown packers, providing cybersecurity professionals and antivirus engines with a powerful weapon against the relentless threat of packed malware.

In the paper titled “Industry 4.0 Innovation: A Systematic Literature Review on the Role of Blockchain Technology in Creating Smart and Sustainable Manufacturing Facilities”, the authors Moutaz Alazab and Salah Alhyari look into how blockchain technology (BCT) affects smart and sustainable manufacturing processes. Three crucial areas are highlighted via their thorough comprehensive analysis of research publications, of which BCT makes a major contribution. First and foremost, BCT promotes environmentally responsible manufacturing practices by endorsing effective resource management, waste minimization plans, and eco-friendly production processes. Second, utilizing BCT technologies enables businesses to implement intelligent and environmentally responsible production practices. Furthermore, by improving visibility, traceability, and cooperation amongst participants in supply chain operations, BCT improves supply chain management. The review does, however, also recognize certain drawbacks such as the requirement for standardized protocols, in addition to scaling issues. Future research should address these limitations and further explore the potential of BCT in the context of Industry 4.0.

In “CapGAN: Text-to-Image Synthesis Using Capsule GANs”, Maryam Omar, Hafeez Ur Rehman, Omar Samin, Moutaz Alazab, Gianfranco Politano, and Alfredo Benso propose an innovative model called CapGAN that addresses the challenge of globally coherent structures in complex scenes during text-to-image synthesis. The model employs skip-thought vectors to transform input text into vector representations, creating a rich and nuanced foundation for image generation. CapGAN employs an adversarial process with two concurrently trained models—a generator (G) and a discriminator (D). Notably, the discriminator integrates capsules to understand the relative spatial and orientational relationships between different entities within an image. Quantitative evaluation metrics, including the inception score (IS) and Fréchet inception distance (FID), demonstrate the effectiveness of CapGAN; the IS for images generated using CapGAN is 4.05 ± 0.050, approximately 34% higher than traditional GANs, while the FID score is 44.38, representing an almost 9% improvement over previous state-of-the-art models. This breakthrough approach enhances text-to-image synthesis by considering scene understanding and coherent structures. The proposed method holds promise for advancing generative modelling and automatic learning in image creation, modification, analysis, and optimization.

In the paper titled “A Deep Learning Methodology for Predicting Cybersecurity Attacks on the Internet of Things” by Omar Azib Alkhudaydi, Moez Krichen, and Ans D. Alghamdi, the authors propose an AI model-based deep learning (DL) approach combined with various machine learning (ML) and ensemble learning classifiers to detect cyberattacks targeting IoT networks. The study addresses the challenge of defending IoT devices from security breaches, especially given the vast communication traffic data between these devices. The authors leverage a realistic network traffic BoT-IoT dataset to extract essential features using machine and deep learning algorithms. They evaluate ten distinct ML models, including single classifiers (KNN and SVM), ensemble classifiers (e.g., Random Forest, Extra Trees, AdaBoost, and LGBM), and deep learning architectures (LSTM, GRU, and RNN). Notably, the CatBoost and XGBoost classifiers achieve remarkable accuracy rates of 98.19% and 98.50%, respectively. Additionally, the study enhances model generalization by addressing class imbalance issues through the Synthetic Minority Over-sampling Technique (SMOTE). This work contributes to improving IoT security by preventing unauthorized access, data breaches, and service interruptions through accurate and reliable predictions of cybersecurity attacks.

“Enhancing Organizational Data Security on Employee-Connected Devices Using BYOD Policy” by Manal AlShalaan and Suliman Fati addresses the need for secure data management in organizations that allow employees to use their personal devices (bring your own device—BYOD) for work-related tasks. The study investigates security risks associated with BYOD policies and proposes an innovative encryption approach. This approach combines both symmetric and asymmetric algorithms, leveraging digital signatures and organization-specific digital certificates. By employing the Advanced Encryption Standard (AES), Blowfish, RSA, and El-Gamal algorithms, their approach ensures robust encryption, alongside user authentication, confidentiality, and data integrity. Their experimental results reveal the superior performance of AES and Blowfish in terms of execution speed, showcasing the method’s efficiency and practicality. The study provides essential insights and a viable solution for organizations striving to safeguard sensitive data in the increasingly prevalent BYOD environments.

In the paper entitled, “A Multi-Key with Partially Homomorphic Encryption Scheme for Low-End Devices Ensuring Data Integrity”, Saci Medileh, Abdelkader Laouid, Mohammad Hammoudeh, Mostefa Kara, Tarek Bejaoui, Amna Eleyan, and Mohammed Al-Khalidi delve into the urgent issues of security and privacy within cloud-based Internet of Things (IoT) systems. These systems often rely on untrusted clouds, necessitating robust encryption methods that allow for secure data operations. The proposed asymmetric multi-key and partially homomorphic encryption scheme achieves this by separately encrypting each decimal digit of an integer using a special key. Additionally, the scheme ensures data integrity when untrusted third parties perform homomorphic operations on encrypted data. Notably, the ciphertext size closely matches the plaintext size, and order-preserving capabilities are maintained using an the first version of an asymmetrical encryption. This work extends and improves upon previous research, making it suitable for IoT-constrained devices.

In the paper titled “Usable Security: A Systematic Literature Review”, Francesco Di Nocera, Giorgia Tempestini, and Matteo Orsini explore the intricate balance between usability and security. Usable security involves designing security measures that accommodate users’ needs and behaviours. As systems become more secure by implementing authentication mechanisms and encryption protocols, they also become more complex and less intuitive for users. This complexity can result in a steeper learning curve, a greater effort required to perform tasks, and potential frustration. Conversely, prioritizing usability may sacrifice some security measures, making systems more susceptible to cyber-attacks. The authors systematically reviewed articles on usable security from 2005 to 2022, selecting 55 research studies for evaluation. These studies were broadly categorized into the following four main clusters: (1) usability of authentication methods, (2) strategies to improve usability for security developers, (3) design approaches influencing user security behaviour, and (4) formal models for usable security evaluation. The review highlights the field’s current immaturity, with studies often focusing on system comparisons rather than establishing robust design guidelines based on thorough analyses of user behaviours. Additionally, the absence of requirements for usable security in developmental contexts discourages the implementation of good practices early on in the development process.

In the paper titled “A Comprehensive Study of ChatGPT: Advancements, Limitations, and Ethical Considerations in Natural Language Processing and Cybersecurity” by Moatsum Alawida, Sami Mejri, Abid Mehmood, Belkacem Chikhaoui, and Oludare Abiodun, the authors present an in-depth examination of ChatGPT, a state-of-the-art language model that has significantly impacted generative text. The study provides a comprehensive analysis of ChatGPT’s architecture, training data, and evaluation metrics, highlighting its advancements and enhancements over time. They offer a balanced critique of ChatGPT’s prowess in natural language processing tasks such as language translation, text summarization, and dialogue generation, juxtaposing its capabilities against other language generation models. The study also addressed ethical and privacy concerns with proposed mitigation strategies, and further explores the unsettling potential of ChatGPT in facilitating cyberattacks, underscoring significant security threats. By examining ChatGPT’s applications across diverse industries and its performance in various languages and domains, the authors provide a thorough analysis of its strengths and limitations, painting a comprehensive picture of this revolutionary technology.