applsci-logo

Journal Browser

Journal Browser

Recent Advances in Cybersecurity and Computer Networks

A special issue of Applied Sciences (ISSN 2076-3417). This special issue belongs to the section "Computing and Artificial Intelligence".

Deadline for manuscript submissions: closed (20 July 2023) | Viewed by 115060

Special Issue Editors


E-Mail Website
Guest Editor
School of Computer Science & Engineering, Pusan National University, Busan 46241, Korea
Interests: AI; AI security; cryptography; intrusion detection system; information security; IoT security; blockchain and security
Special Issues, Collections and Topics in MDPI journals

E-Mail Website
Guest Editor
IoT Research Center, Pusan National University, Busan 46241, Korea
Interests: machine learning; deep learning; AI security; intrusion detection system; IoT security; signal processing; XAI

Special Issue Information

Dear Colleagues,

We are inviting submissions to the Special Issue on “Recent Advances in Cybersecurity and Computer Networks”.

The great development of computer networks and communication has allowed easier access to information. However, governments and businesses have been facing difficulties in developing their cybersecurity network issues, such as novel attacks, hackers, internet criminals, etc. Therefore, a large amount of money is being spent on protecting data and avoiding theft or intrusion. Along with the continuous development of artificial intelligence, this has helped researchers to propose effective attack and defense methods in cybersecurity to prevent attacks from hackers.

In this Special issue, we invite submissions related to cutting-edge topics in computer network security, including information security, privacy, IoT security, blockchain security, etc.  Both theoretical and experimental studies are welcome, as well as comprehensive review and survey papers.

Prof. Dr. Howon Kim
Dr. Thi-Thu-Huong Le
Guest Editors

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Applied Sciences is an international peer-reviewed open access semimonthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 2400 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • cybersecurity
  • information security
  • security and privacy
  • network security
  • IoT security
  • blockchain security
  • intrusion detection system
  • adversarial example
  • defense system
  • physical aversarial attack
  • machine-learning-based security
  • deep-learning-based security

Benefits of Publishing in a Special Issue

  • Ease of navigation: Grouping papers by topic helps scholars navigate broad scope journals more efficiently.
  • Greater discoverability: Special Issues support the reach and impact of scientific research. Articles in Special Issues are more discoverable and cited more frequently.
  • Expansion of research network: Special Issues facilitate connections among authors, fostering scientific collaborations.
  • External promotion: Articles in Special Issues are often promoted through the journal's social media, increasing their visibility.
  • e-Book format: Special Issues with more than 10 articles can be published as dedicated e-books, ensuring wide and rapid dissemination.

Further information on MDPI's Special Issue polices can be found here.

Published Papers (33 papers)

Order results
Result details
Select all
Export citation of selected articles as:

Research

Jump to: Review

16 pages, 408 KiB  
Article
Machine Learning and Deep Learning Based Model for the Detection of Rootkits Using Memory Analysis
by Basirah Noor and Sana Qadir
Appl. Sci. 2023, 13(19), 10730; https://doi.org/10.3390/app131910730 - 27 Sep 2023
Cited by 2 | Viewed by 1926
Abstract
Rootkits are malicious programs designed to conceal their activities on compromised systems, making them challenging to detect using conventional methods. As the threat landscape continually evolves, rootkits pose a serious threat by stealthily concealing malicious activities, making their early detection crucial to prevent [...] Read more.
Rootkits are malicious programs designed to conceal their activities on compromised systems, making them challenging to detect using conventional methods. As the threat landscape continually evolves, rootkits pose a serious threat by stealthily concealing malicious activities, making their early detection crucial to prevent data breaches and system compromise. A promising strategy for monitoring system activities involves analyzing volatile memory. This study proposes a rootkit detection model that combines memory analysis with Machine Learning (ML) and Deep Learning (DL) techniques. The model aims to identify suspicious patterns and behaviors associated with rootkits by analyzing the contents of a system’s volatile memory. To train the model, a diverse dataset of known rootkit samples is employed, and ML and deep learning algorithms are utilized. Through extensive experimentation and evaluation using SVM, RF, DT, k-NN, and LSTM algorithms, it is determined that SVM achieves the highest accuracy rate of 96.2%, whereas Execution Time (ET) shows that k-NN depicts the best performance, and LSTM (a DL model) shows the worst performance among the tested algorithms. This research contributes to the development of advanced defense mechanisms and enhances system security against the constantly evolving threat of rootkit attacks. Full article
(This article belongs to the Special Issue Recent Advances in Cybersecurity and Computer Networks)
Show Figures

Figure 1

18 pages, 6190 KiB  
Article
An Efficient NIDPS with Improved Salp Swarm Feature Optimization Method
by Amerah Alabrah
Appl. Sci. 2023, 13(12), 7002; https://doi.org/10.3390/app13127002 - 10 Jun 2023
Cited by 4 | Viewed by 1682
Abstract
Network security problems arise these days due to many challenges in cyberspace. The malicious attacks on installed wide networks are rapidly spreading due to their vulnerability. Therefore, the user and system information are at high risk due to network attacks. To protect networks [...] Read more.
Network security problems arise these days due to many challenges in cyberspace. The malicious attacks on installed wide networks are rapidly spreading due to their vulnerability. Therefore, the user and system information are at high risk due to network attacks. To protect networks against these attacks, Network Intrusion Detection and Prevention Systems (NIDPS) are installed on them. These NIDPS can detect malicious attacks by monitoring abnormal behavior and patterns in network traffic. These systems were mainly developed using Artificial Intelligence (AI) algorithms. These intelligent NIDPS are also able to detect the attack type while detecting network attacks. Previous studies have proposed many NIDPS for network security. However, many challenges exist so far such as limited available data for training AI algorithms, class imbalance problems, and automated selection of the most important features. These problems need to be solved first, which will lead to the precise detection of network attacks. Therefore, the proposed framework used the highly imbalanced UNSW-NB15 dataset for binary and multiclass classification of network attacks. In this framework, firstly dataset normalization is applied using standard deviation and the mean of feature columns; secondly, an Improved Salp Swarm Algorithm (ISSA) is applied for automated feature selection separately on binary and multiclass subsets. Thirdly, after applying feature selection, the SMOTE–Tomek class balancing method is applied where at least four different ML classifiers are used for binary and multiclass classification. The achieved results outperformed as compared to previous studies and improved the overall performance of NIDPS. Full article
(This article belongs to the Special Issue Recent Advances in Cybersecurity and Computer Networks)
Show Figures

Figure 1

16 pages, 3319 KiB  
Article
Optimizing BiLSTM Network Attack Prediction Based on Improved Gray Wolf Algorithm
by Shaoming Qiu, Yahui Wang, Yana Lv, Fen Chen and Jiancheng Zhao
Appl. Sci. 2023, 13(12), 6871; https://doi.org/10.3390/app13126871 - 6 Jun 2023
Cited by 3 | Viewed by 1402
Abstract
Aiming at the problems of low accuracy of network attack prediction and long response time of attack detection, bidirectional long short-term memory (BiLSTM) was used to predict network attacks. However, BiLSTM has the problems of difficulty in parameter setting and low accuracy of [...] Read more.
Aiming at the problems of low accuracy of network attack prediction and long response time of attack detection, bidirectional long short-term memory (BiLSTM) was used to predict network attacks. However, BiLSTM has the problems of difficulty in parameter setting and low accuracy of the prediction model. This paper first proposes the Improved Grey Wolf algorithm (IGWO) to optimize the BiLSTM (IGWO-BiLSTM). First, IGWO uses Dimension Learning Hunting (DLH) strategy to construct the wolf neighborhood. In the established wolf neighborhood, the BiLSTM parameters are iteratively optimized to obtain a prediction model with fast convergence speed and small reconstruction error. Secondly, the dataset is preprocessed, and the IP packet statistical signature (IPDCF) is defined according to the characteristics of denial of service (DOS) and distributed denial of service (DDOS) attacks. IPDCF was used to establish the time series model and network traffic time series data were input into IGWO-BiLSTM to get the prediction results. Finally, the DOS and DDOS network packets were input into the trained prediction model to obtain the prediction results of attack data. By comparing the predicted values of IGWO-BiLSTM normal network packets and attack packets, a reasonable threshold is set to provide the basis for the subsequent attack prediction. Experiments show that the IGWO-BiLSTM can reach 99.05% of the fitting degree and accurately distinguish network attacks from normal network demand increases. Full article
(This article belongs to the Special Issue Recent Advances in Cybersecurity and Computer Networks)
Show Figures

Figure 1

23 pages, 5091 KiB  
Article
Security Ontology OntoSecRPA for Robotic Process Automation Domain
by Anastasiya Kurylets and Nikolaj Goranin
Appl. Sci. 2023, 13(9), 5568; https://doi.org/10.3390/app13095568 - 30 Apr 2023
Cited by 2 | Viewed by 2181
Abstract
Robotic process automation (RPA)* based on the use of software robots has proven to be one of the most demanded technologies to emerge in recent years used for automating daily IT routines in many sectors, such as banking and finance. As with any [...] Read more.
Robotic process automation (RPA)* based on the use of software robots has proven to be one of the most demanded technologies to emerge in recent years used for automating daily IT routines in many sectors, such as banking and finance. As with any new technology, RPA has a number of potential cyber security weaknesses, caused either by fundamental logical mistakes in the approach or by cyber-human mistakes made during the implementation, configuration, and operation phases. It is important to have an extensive understanding of the related risks before RPA integration into enterprise IT infrastructure. The main asset operated by RPA is confidential enterprise data. Data leakage and theft are the two main threats. The wide application of RPA technology in information security-sensitive sectors makes the protection of RPA against cyber-attacks an important task. Still, this topic is not yet adequately investigated in the scientific press and existing articles mainly concentrate on stating the RPA security importance and describing some threats. In this article, we present a flexible tool, security-oriented ontology OntoSecRPA*, which systematically describes RPA-specific assets, risks, security, threats, vulnerabilities, and countermeasures. To the best of our knowledge, there are currently no ontologies available that are specific to the RPA domain, and existing security ontologies lack RPA-related features. In the future, the proposed ontology can be updated and used in different ways, for example, as a checklist for risk management tasks in RPA solutions and a source of information for an expert system or a concentrated domain-specific source of information, which indicates its wide practical application. The proposed ontology was formally verified by applying ontology completeness assessment and used for risk assessment in a sample scenario. Full article
(This article belongs to the Special Issue Recent Advances in Cybersecurity and Computer Networks)
Show Figures

Figure 1

16 pages, 551 KiB  
Article
Identifying Key Activities, Artifacts and Roles in Agile Engineering of Secure Software with Hierarchical Clustering
by Anže Mihelič, Tomaž Hovelja and Simon Vrhovec
Appl. Sci. 2023, 13(7), 4563; https://doi.org/10.3390/app13074563 - 4 Apr 2023
Cited by 1 | Viewed by 1933
Abstract
Different activities, artifacts, and roles can be found in the literature on the agile engineering of secure software (AESS). The purpose of this paper is to consolidate them and thus identify key activities, artifacts, and roles that can be employed in AESS. To [...] Read more.
Different activities, artifacts, and roles can be found in the literature on the agile engineering of secure software (AESS). The purpose of this paper is to consolidate them and thus identify key activities, artifacts, and roles that can be employed in AESS. To gain initial sets of activities, artifacts, and roles, the literature was first extensively reviewed. Activities, artifacts, and roles were then cross-evaluated with similarity matrices. Finally, similarity matrices were converted into distance matrices, enabling the use of Ward’s hierarchical clustering method for consolidating activities, artifacts, and roles into clusters. Clusters of activities, artifacts, and roles were then named as key activities, artifacts, and roles. We identified seven key activities (i.e., security auditing, security analysis and testing, security training, security prioritization and monitoring, risk management, security planning and threat modeling; and security requirements engineering), five key artifacts (i.e., security requirement artifacts, security repositories, security reports, security tags, and security policies), and four key roles (i.e., security guru, security developer, penetration tester, and security team) in AESS. The identified key activities, artifacts, and roles can be used by software development teams to improve their software engineering processes in terms of software security. Full article
(This article belongs to the Special Issue Recent Advances in Cybersecurity and Computer Networks)
Show Figures

Figure 1

18 pages, 836 KiB  
Article
Trust-Aware Fog-Based IoT Environments: Artificial Reasoning Approach
by Mustafa Ghaleb and Farag Azzedin
Appl. Sci. 2023, 13(6), 3665; https://doi.org/10.3390/app13063665 - 13 Mar 2023
Cited by 5 | Viewed by 1763
Abstract
Establishing service-driven IoT systems that are reliable, efficient, and stable requires building trusted IoT environments to reduce catastrophic and unforeseen damages. Hence, building trusted IoT environments is of great importance. However, we cannot assume that every node in wide-area network is aware of [...] Read more.
Establishing service-driven IoT systems that are reliable, efficient, and stable requires building trusted IoT environments to reduce catastrophic and unforeseen damages. Hence, building trusted IoT environments is of great importance. However, we cannot assume that every node in wide-area network is aware of every other node, nor can we assume that all nodes are trustworthy and honest. As a result, prior to any collaboration, we need to develop a trust model that can evolve and establish trust relationships between nodes. Our proposed trust model uses subjective logic as a default artificial reasoning over uncertain propositions to collect recommendations from other nodes in the IoT environment. It also manages and maintains existing trust relationships established during direct communications. Furthermore, it resists dishonest nodes that provide inaccurate ratings for malicious reasons. Unlike existing trust models, our trust model is scalable as it leverages a Fog-based hierarchy architecture which allows IoT nodes to report/request the trust values of other nodes. We conducted extensive performance studies, and confirm the efficiency of our proposed trust model. The results show that at an early stage of the simulation time (i.e., within the first 2% of the number of transactions), our trust model accurately captures and anticipates the behavior of nodes. Results further demonstrate that our proposed trust model isolates untrustworthy behavior within the same FCD and prevents untrustworthy nodes from degrading trustworthy nodes’ reputations. Full article
(This article belongs to the Special Issue Recent Advances in Cybersecurity and Computer Networks)
Show Figures

Figure 1

13 pages, 713 KiB  
Article
False Alarm Reduction Method for Weakness Static Analysis Using BERT Model
by Dinh Huong Nguyen, Aria Seo, Nnubia Pascal Nnamdi and Yunsik Son
Appl. Sci. 2023, 13(6), 3502; https://doi.org/10.3390/app13063502 - 9 Mar 2023
Cited by 3 | Viewed by 2591
Abstract
In the era of the fourth Industrial Revolution, software has recently been applied in many fields. As the size and complexity of software increase, security attack problems continue to arise owing to potential software defects, resulting in significant social losses. To reduce software [...] Read more.
In the era of the fourth Industrial Revolution, software has recently been applied in many fields. As the size and complexity of software increase, security attack problems continue to arise owing to potential software defects, resulting in significant social losses. To reduce software defects, a secure software development life cycle (SDLC) should be systematically developed and managed. In particular, a software weakness analyzer that uses a static analysis tool to check software weaknesses at the time of development is a very effective tool for solving software weaknesses. However, because numerous false alarms can be reported even when they are not real weaknesses, programmers and reviewers must review them, resulting in a decrease in the productivity of development. In this study, we present a system that uses the BERT model to determine the reliability of the weakness analysis results generated by the static analysis tool and to reduce false alarms by reclassifying the derived results into a decision tree model. Thus, it is possible to maintain the advantages of static analysis tools and increase productivity by reducing the cost of program development and the review process. Full article
(This article belongs to the Special Issue Recent Advances in Cybersecurity and Computer Networks)
Show Figures

Figure 1

20 pages, 2529 KiB  
Article
NFT Image Plagiarism Check Using EfficientNet-Based Deep Neural Network with Triplet Semi-Hard Loss
by Aji Teguh Prihatno, Naufal Suryanto, Sangbong Oh, Thi-Thu-Huong Le and Howon Kim
Appl. Sci. 2023, 13(5), 3072; https://doi.org/10.3390/app13053072 - 27 Feb 2023
Cited by 6 | Viewed by 3728
Abstract
Blockchain technology is used to support digital assets such as cryptocurrencies and tokens. Commonly, smart contracts are used to generate tokens on top of the blockchain network. There are two fundamental types of tokens: fungible and non-fungible (NFTs). This paper focuses on NFTs [...] Read more.
Blockchain technology is used to support digital assets such as cryptocurrencies and tokens. Commonly, smart contracts are used to generate tokens on top of the blockchain network. There are two fundamental types of tokens: fungible and non-fungible (NFTs). This paper focuses on NFTs and offers a technique to spot plagiarism in NFT images. NFTs are information that is appended to files to produce distinctive signatures. It can be found in image files, real artifacts, literature published online, and various other digital media. Plagiarism and fraudulent NFT images are becoming a big concern for artists and customers. This paper proposes an efficient deep learning-based approach for NFT image plagiarism detection using the EfficientNet-B0 architecture and the Triplet Semi-Hard Loss function. We trained our model using a dataset of NFT images and evaluated its performance using several metrics, including loss and accuracy. The results showed that the EfficientNet-B0-based deep neural network with triplet semi-hard loss outperformed other models such as Resnet50, DenseNet, and MobileNetV2 in detecting plagiarized NFTs. The experimental results demonstrate sufficient to be implemented in various NFT marketplaces. Full article
(This article belongs to the Special Issue Recent Advances in Cybersecurity and Computer Networks)
Show Figures

Figure 1

13 pages, 866 KiB  
Article
Secure Data Distribution Architecture in IoT Using MQTT
by Farag Azzedin and Turki Alhazmi
Appl. Sci. 2023, 13(4), 2515; https://doi.org/10.3390/app13042515 - 15 Feb 2023
Cited by 18 | Viewed by 3015
Abstract
Message Queuing Telemetry Transport (MQTT) is one of the standard application layer protocols for the Internet of Things. It uses a publish/subscribe mechanism which organizes a set of clients around a server called the broker, which delivers published data to its intended recipients. [...] Read more.
Message Queuing Telemetry Transport (MQTT) is one of the standard application layer protocols for the Internet of Things. It uses a publish/subscribe mechanism which organizes a set of clients around a server called the broker, which delivers published data to its intended recipients. This article proposes an architecture that allows MQTT brokers to cooperate and share their data with other interested MQTT brokers. It is a service-oriented architecture that wraps an MQTT broker with a well defined WebSockets-based interface which allows it to offer its topic space and published data to other MQTT brokers. The wrapped MQTT broker is called a broker service, and it discovers other broker services through a discovery service. Each broker service only connects to services that have data its clients are interested. Furthermore, these services are authenticated by obtaining tokens from an authentication service that registers and issues JSON Web Tokens for them. These tokens contain the identity and claims of their owners and they can be verified without contacting the authentication service. The proposed architecture simplifies data sharing and improves the security in scenarios with multiple MQTT brokers where clients can move between them. In these scenarios, the MQTT brokers need to obtain data based on their clients interests, which are constantly changing. It does so by isolating MQTT brokers into services that can be discovered and consumed over well-defined interfaces. The architecture was implemented in javascript using MQTT 3.1.1 standard complaint library. We demonstrate the performance characteristics of our architecture using our implementation through three scenarios, which are designed to compare the delay from publisher to subscriber when they operate within the same MQTT broker and different MQTT brokers. The results show that the overhead of our architecture is around 50% in two synthetic scenarios (performed on a single machine) and around 27% in a third scenario performed on the cloud with multiple virtual machines hosting the broker services and simulated clients. Full article
(This article belongs to the Special Issue Recent Advances in Cybersecurity and Computer Networks)
Show Figures

Figure 1

12 pages, 1238 KiB  
Article
Features of the Practical Implementation of the Method for Managing Observations of the State of Monitored Objects in Intrusion Detection Systems
by Nikolay V. Boldyrikhin, Olga A. Safaryan, Denis A. Korochentsev, Irina V. Reshetnikova, Irina A. Alferova and Anastasia N. Manakova
Appl. Sci. 2023, 13(3), 1831; https://doi.org/10.3390/app13031831 - 31 Jan 2023
Cited by 3 | Viewed by 1186
Abstract
This article discusses the possibility of generalizing the existing methods of optimization of observations to the problems of resource management of intrusion detection systems. The aim of this work is to study the applied aspects of the application of the surveillance optimization method, [...] Read more.
This article discusses the possibility of generalizing the existing methods of optimization of observations to the problems of resource management of intrusion detection systems. The aim of this work is to study the applied aspects of the application of the surveillance optimization method, which increases the efficiency of using the resources of intrusion detection systems. The set goal of the work was achieved through the following tasks: (1) on the basis of experimental data, the development of a dynamic model of the controlled object and the observation model was carried out; and (2) numerical modeling of the solution to the problem of optimizing observations of the state of monitored objects in the intrusion detection system was carried out. As a result of this research, modern approaches to the management of resources of intrusion detection systems have been analyzed. A practical study of the possibility of using the mathematical apparatus for optimizing observations in relation to the problems of resource management of intrusion detection systems has been carried out. The most important scientific findings are as follows: (1) model of the dynamics of the controlled object; (2) model for monitoring the state of controlled objects; and (3) procedure for optimizing the plan for monitoring the state of monitored objects in intrusion detection systems. The significance of the results obtained is confirmed by a numerical experiment, within the framework of which a relative gain in the accuracy of assessing the state of controlled objects of 99.9% was obtained in comparison with a uniform observation plan. Full article
(This article belongs to the Special Issue Recent Advances in Cybersecurity and Computer Networks)
Show Figures

Figure 1

22 pages, 9971 KiB  
Article
Evaluating Secure Methodology for Photo Sharing in Online Social Networks
by Athar A. Alwabel and Suliman A. Alsuhibany
Appl. Sci. 2022, 12(23), 11889; https://doi.org/10.3390/app122311889 - 22 Nov 2022
Viewed by 1711
Abstract
Social media has now become a part of people’s lives. That is, today people interact on social media in a way that never happened before, and its important feature is to share photos and events with friends and family. However, there are risks [...] Read more.
Social media has now become a part of people’s lives. That is, today people interact on social media in a way that never happened before, and its important feature is to share photos and events with friends and family. However, there are risks associated with posting pictures on social media by unauthorized users. One of these risks is the privacy violation, where the published pictures can reveal more details and personal information. Since this issue has not yet investigated, this paper thus evaluates a methodology to address this issue, which is a precedent of its kind. In particular, our methodology relies on effective systems for detecting faces and recognizing faces in published images using facial recognition techniques. To evaluate the proposed idea, we developed an application using convolutional neural network (CNN) and the results showed that the proposed methodology can protect privacy and reduce its violation on online social networks. Full article
(This article belongs to the Special Issue Recent Advances in Cybersecurity and Computer Networks)
Show Figures

Figure 1

15 pages, 1591 KiB  
Article
Securely Computing the Manhattan Distance under the Malicious Model and Its Applications
by Xin Liu, Xiaomeng Liu, Ruiling Zhang, Dan Luo, Gang Xu and Xiubo Chen
Appl. Sci. 2022, 12(22), 11705; https://doi.org/10.3390/app122211705 - 17 Nov 2022
Cited by 4 | Viewed by 1753
Abstract
Manhattan distance is mainly used to calculate the total absolute wheelbase of two points in the standard coordinate system. The secure computation of Manhattan distance is a new geometric problem of secure multi-party computation. At present, the existing research secure computing protocols for [...] Read more.
Manhattan distance is mainly used to calculate the total absolute wheelbase of two points in the standard coordinate system. The secure computation of Manhattan distance is a new geometric problem of secure multi-party computation. At present, the existing research secure computing protocols for Manhattan distance cannot resist the attack of malicious participants. In the real scene, the existence of malicious participants makes it necessary to study a solution that can resist malicious attacks. This paper first analyzes malicious attacks of the semi-honest model protocol of computing Manhattan distance and then designs an advanced protocol under the malicious model by using the Goldwasser–Micali encryption system and Paillier encryption algorithm, and utilizing some cryptographic tools such as the cut-choose method and zero-knowledge proof. Finally, the real/ideal model paradigm method is used to prove the security of the malicious model protocol. Compared with existing protocols, the experimental simulation shows that the proposed protocol can resist malicious participant attacks while maintaining high efficiency. It has practical value. Full article
(This article belongs to the Special Issue Recent Advances in Cybersecurity and Computer Networks)
Show Figures

Figure 1

24 pages, 1166 KiB  
Article
Security Analysis of the MQTT-SN Protocol for the Internet of Things
by José Roldán-Gómez, Javier Carrillo-Mondéjar, Juan Manuel Castelo Gómez and Sergio Ruiz-Villafranca
Appl. Sci. 2022, 12(21), 10991; https://doi.org/10.3390/app122110991 - 30 Oct 2022
Cited by 20 | Viewed by 4139
Abstract
The expansion of the Internet of Things (IoT) paradigm has brought with it the challenge of promptly detecting and evaluating attacks against the systems coexisting in it. One of the most recurrent methods used by cybercriminals is to exploit the vulnerabilities found in [...] Read more.
The expansion of the Internet of Things (IoT) paradigm has brought with it the challenge of promptly detecting and evaluating attacks against the systems coexisting in it. One of the most recurrent methods used by cybercriminals is to exploit the vulnerabilities found in communication protocols, which can lead to them accessing, altering, and making data inaccessible and even bringing down a device or whole infrastructure. In the case of the IoT, the Message Queuing Telemetry Transport (MQTT) protocol is one of the most-used ones due to its lightness, allowing resource-constrained devices to communicate with each other. Improving its effectiveness, a lighter version of this protocol, namely MQTT for Sensor Networks (MQTT-SN), was especially designed for embedded devices on non-TCP/IP networks. Taking into account the importance of these protocols, together with the significance that security has when it comes to protecting the high-sensitivity data exchanged in IoT networks, this paper presents an exhaustive assessment of the MQTT-SN protocol and describes its shortcomings. In order to do so, seven different highly heterogeneous attacks were designed and tested, evaluating the different security impacts that they can have on a real MQTT-SN network and its performance. Each one of them was compared with a non-attacked implemented reference scenario, which allowed the comparison of an attacked system with that of a system without attacks. Finally, using the knowledge extracted from this evaluation, a threat detector is proposed that can be deployed in an IoT environment and detect previously unmodeled attacks. Full article
(This article belongs to the Special Issue Recent Advances in Cybersecurity and Computer Networks)
Show Figures

Figure 1

37 pages, 3618 KiB  
Article
Integration of Machine Learning-Based Attack Detectors into Defensive Exercises of a 5G Cyber Range
by Alberto Mozo, Antonio Pastor, Amit Karamchandani, Luis de la Cal, Diego Rivera and Jose Ignacio Moreno
Appl. Sci. 2022, 12(20), 10349; https://doi.org/10.3390/app122010349 - 14 Oct 2022
Cited by 4 | Viewed by 2737
Abstract
Cybercrime has become more pervasive and sophisticated over the years. Cyber ranges have emerged as a solution to keep pace with the rapid evolution of cybersecurity threats and attacks. Cyber ranges have evolved to virtual environments that allow various IT and network infrastructures [...] Read more.
Cybercrime has become more pervasive and sophisticated over the years. Cyber ranges have emerged as a solution to keep pace with the rapid evolution of cybersecurity threats and attacks. Cyber ranges have evolved to virtual environments that allow various IT and network infrastructures to be simulated to conduct cybersecurity exercises in a secure, flexible, and scalable manner. With these training environments, organizations or individuals can increase their preparedness and proficiency in cybersecurity-related tasks while helping to maintain a high level of situational awareness. SPIDER is an innovative cyber range as a Service (CRaaS) platform for 5G networks that offer infrastructure emulation, training, and decision support for cybersecurity-related tasks. In this paper, we present the integration in SPIDER of defensive exercises based on the utilization of machine learning models as key components of attack detectors. Two recently appeared network attacks, cryptomining using botnets of compromised devices and vulnerability exploit of the DoH protocol (DNS over HTTP), are used as the support use cases for the proposed exercises in order to exemplify the way in which other attacks and the corresponding ML-based detectors can be integrated into SPIDER defensive exercises. The two attacks were emulated, respectively, to appear in the control and data planes of a 5G network. The exercises use realistic 5G network traffic generated in a new environment based on a fully virtualized 5G network. We provide an in-depth explanation of the integration and deployment of these exercises and a complete walkthrough of them and their results. The machine learning models that act as attack detectors are deployed using container technology and standard interfaces in a new component called Smart Traffic Analyzer (STA). We propose a solution to integrate STAs in a standardized way in SPIDER for the use of trainees in exercises. Finally, this work proposes the application of Generative Adversarial Networks (GANs) to obtain on-demand synthetic flow-based network traffic that can be seamlessly integrated into SPIDER exercises to be used instead of real traffic and attacks. Full article
(This article belongs to the Special Issue Recent Advances in Cybersecurity and Computer Networks)
Show Figures

Figure 1

18 pages, 718 KiB  
Article
Improved Deep Recurrent Q-Network of POMDPs for Automated Penetration Testing
by Yue Zhang, Jingju Liu, Shicheng Zhou, Dongdong Hou, Xiaofeng Zhong and Canju Lu
Appl. Sci. 2022, 12(20), 10339; https://doi.org/10.3390/app122010339 - 14 Oct 2022
Cited by 8 | Viewed by 2623
Abstract
With the development of technology, people’s daily lives are closely related to networks. The importance of cybersecurity protection draws global attention. Automated penetration testing is the novel method to protect the security of networks, which enhances efficiency and reduces costs compared with traditional [...] Read more.
With the development of technology, people’s daily lives are closely related to networks. The importance of cybersecurity protection draws global attention. Automated penetration testing is the novel method to protect the security of networks, which enhances efficiency and reduces costs compared with traditional manual penetration testing. Previous studies have provided many ways to obtain a better policy for penetration testing paths, but many studies are based on ideal penetration testing scenarios. In order to find potential vulnerabilities from the perspective of hackers in the real world, this paper models the process of black-box penetration testing as a Partially Observed Markov Decision Process (POMDP). In addition, we propose a new algorithm named ND3RQN, which is applied to the automated black-box penetration testing. In the POMDP model, an agent interacts with a network environment to choose a better policy without insider information about the target network, except for the start points. To handle this problem, we utilize a Long Short-Term Memory (LSTM) structure empowering agent to make decisions based on historical memory. In addition, this paper enhances the current algorithm using the structure of the neural network, the calculation method of the Q-value, and adding noise parameters to the neural network to advance the generalization and efficiency of this algorithm. In the last section, we conduct comparison experiments of the ND3RQN algorithm and other recent state-of-the-art (SOTA) algorithms. The experimental results vividly show that this novel algorithm is able to find a greater attack-path strategy for all vulnerable hosts in the automated black-box penetration testing. Additionally, the generalization and robustness of this algorithm are far superior to other SOTA algorithms in different size simulation scenarios based on the CyberBattleSim simulation developed by Microsoft. Full article
(This article belongs to the Special Issue Recent Advances in Cybersecurity and Computer Networks)
Show Figures

Figure 1

15 pages, 4626 KiB  
Article
Impersonation Attack Detection in Mobile Edge Computing by Levering SARSA Technique in Physical Layer Security
by Xiaodan Yan, Ke Yan, Meezan Ur Rehman and Sami Ullah
Appl. Sci. 2022, 12(20), 10225; https://doi.org/10.3390/app122010225 - 11 Oct 2022
Cited by 7 | Viewed by 2070
Abstract
Smart health systems typically integrate sensor technology with the Internet of Things, enabling healthcare systems to monitor patients. These biomedical applications collect healthcare data through remote sensors and transfer the data to a centralized system for analysis. However, the communication between the edge [...] Read more.
Smart health systems typically integrate sensor technology with the Internet of Things, enabling healthcare systems to monitor patients. These biomedical applications collect healthcare data through remote sensors and transfer the data to a centralized system for analysis. However, the communication between the edge node and the mobile user is susceptible to impersonation attacks in mobile edge computing (MEC) for the biomedical application. For this purpose, we propose a detection mechanism for medical and healthcare services, i.e., reinforcement learning for impersonation attacks. We construct a system model of MEC, a key generation model (KGM), and an impersonation attack model (IAM). In addition, we also design an impersonation attack detection algorithm based on the SARSA technique under the IAM. In our proposed work, the SARSA-based method outplays the detection of impersonation attacks in the dynamic environment compared to the traditional Q-learning technique. Finally, we evaluate the false alarm rate (FAR), miss detection rate (MDR), and average error rate (AER) in the hypothesis tests to compare the performance of our proposed method with the traditional Q-learning. In comparison to the classic Q-learning based technique, simulation experiments show that the suggested approach can avoid impersonation attacks in a dynamic environment for medical and healthcare services. The results also indicate that the SARSA technique has a high detection accuracy and low average error rate compared to the conventional Q-learning based approach. Full article
(This article belongs to the Special Issue Recent Advances in Cybersecurity and Computer Networks)
Show Figures

Figure 1

20 pages, 20700 KiB  
Article
SA-UBA: Automatically Privileged User Behavior Auditing for Cloud Platforms with Securely Accounts Management
by Hezhong Pan, Peiyi Han, Xiayu Xiang, Shaoming Duan and Chuanyi Liu
Appl. Sci. 2022, 12(17), 8763; https://doi.org/10.3390/app12178763 - 31 Aug 2022
Cited by 1 | Viewed by 2117
Abstract
Cloud platforms allow administrators or management applications with privileged accounts to remotely perform privileged operations for specific tasks, such as deleting virtual hosts. When privileged accounts are leaked and conduct dangerous privileged operations, severe security problems will appear on cloud platforms. To solve [...] Read more.
Cloud platforms allow administrators or management applications with privileged accounts to remotely perform privileged operations for specific tasks, such as deleting virtual hosts. When privileged accounts are leaked and conduct dangerous privileged operations, severe security problems will appear on cloud platforms. To solve these problems, researchers focus on auditing privileged users’ behaviors. However, it is difficult to automatically audit fine-grained privileged behaviors for graphical operating systems. Moreover, it is hard to prevent users from bypassing the audit system or to prevent hackers from attacking audit system. In this paper, we propose a Secure and Automatic Behavior Audit system named SA-UBA. It provides advanced deep learning models to automatically achieve fine-grained user behavior audits for graphical operating systems. Furthermore, it adopts cryptography-based account storage and sharing methods to securely manage privileged accounts. In particular, privileged accounts cannot be leaked even if SA-UBA is compromised by attackers. We built a threat model of a cloud platform to evaluate the security of the SA-UBA and conduct extensive experiments with SA-UBA in real scenarios. The results show SA-UBA introduces a small overhead on securely managing privileged accounts and accurately recognizes fine-grained user behaviors. Full article
(This article belongs to the Special Issue Recent Advances in Cybersecurity and Computer Networks)
Show Figures

Figure 1

15 pages, 4363 KiB  
Article
Planet Optimization with Deep Convolutional Neural Network for Lightweight Intrusion Detection in Resource-Constrained IoT Networks
by Khalid A. Alissa, Fatma S. Alrayes, Khaled Tarmissi, Ayman Yafoz, Raed Alsini, Omar Alghushairy, Mahmoud Othman and Abdelwahed Motwakel
Appl. Sci. 2022, 12(17), 8676; https://doi.org/10.3390/app12178676 - 30 Aug 2022
Cited by 4 | Viewed by 1636
Abstract
Cyber security is becoming a challenging issue, because of the growth of the Internet of Things (IoT), in which an immense quantity of tiny smart gadgets push trillions of bytes of data over the Internet. Such gadgets have several security flaws, due to [...] Read more.
Cyber security is becoming a challenging issue, because of the growth of the Internet of Things (IoT), in which an immense quantity of tiny smart gadgets push trillions of bytes of data over the Internet. Such gadgets have several security flaws, due to a lack of hardware security support and defense mechanisms, thus, making them prone to cyber-attacks. Moreover, IoT gateways present limited security features for identifying such threats, particularly the absence of intrusion detection techniques powered by deep learning (DL). Certainly, DL methods need higher computational power that exceeds the capability of such gateways. This article focuses on the development of Planet Optimization with a deep convolutional neural network for lightweight intrusion detection (PODCNN-LWID) in a resource-constrained IoT environment. The presented PODCNN-LWID technique primarily aims to identify and categorize intrusions. In the presented PODCNN-LWID model, two major processes are involved, namely, classification and parameter tuning. At the primary stage, the PODCNN-LWID technique applies a DCNN model for the intrusion identification process. Next, in the second stage, the PODCNN-LWID model utilizes the PO algorithm as a hyperparameter tuning process. The experimental validation of the PODCNN-LWID model is carried out on a benchmark dataset, and the results are assessed using varying measures. The comparison study reports the enhancements of the PODCNN-LWID model over other approaches. Full article
(This article belongs to the Special Issue Recent Advances in Cybersecurity and Computer Networks)
Show Figures

Figure 1

15 pages, 1823 KiB  
Article
Improving Adversarial Robustness of CNNs via Maximum Margin
by Jiaping Wu, Zhaoqiang Xia and Xiaoyi Feng
Appl. Sci. 2022, 12(15), 7927; https://doi.org/10.3390/app12157927 - 8 Aug 2022
Cited by 4 | Viewed by 2330
Abstract
In recent years, adversarial examples have aroused widespread research interest and raised concerns about the safety of CNNs. We study adversarial machine learning inspired by a support vector machine (SVM), where the decision boundary with maximum margin is only determined by examples close [...] Read more.
In recent years, adversarial examples have aroused widespread research interest and raised concerns about the safety of CNNs. We study adversarial machine learning inspired by a support vector machine (SVM), where the decision boundary with maximum margin is only determined by examples close to it. From the perspective of margin, the adversarial examples are the clean examples perturbed in the margin direction and adversarial training (AT) is equivalent to a data augmentation method that moves the input toward the decision boundary, the purpose also being to increase the margin. So we propose adversarial training with supported vector machine (AT-SVM) to improve the standard AT by inserting an SVM auxiliary classifier to learn a larger margin. In addition, we select examples close to the decision boundary through the SVM auxiliary classifier and train only on these more important examples. We prove that the SVM auxiliary classifier can constrain the high-layer feature map of the original network to make its margin larger, thereby improving the inter-class separability and intra-class compactness of the network. Experiments indicate that our proposed method can effectively improve the robustness against adversarial examples. Full article
(This article belongs to the Special Issue Recent Advances in Cybersecurity and Computer Networks)
Show Figures

Figure 1

20 pages, 606 KiB  
Article
SGXDump: A Repeatable Code-Reuse Attack for Extracting SGX Enclave Memory
by HanJae Yoon and ManHee Lee
Appl. Sci. 2022, 12(15), 7655; https://doi.org/10.3390/app12157655 - 29 Jul 2022
Cited by 4 | Viewed by 2552
Abstract
Intel SGX (Software Guard Extensions) is a hardware-based security solution that provides a trusted computing environment. SGX creates an isolated memory area called enclave and prevents any illegal access from outside of the enclave. SGX only allows executables already linked statically to the [...] Read more.
Intel SGX (Software Guard Extensions) is a hardware-based security solution that provides a trusted computing environment. SGX creates an isolated memory area called enclave and prevents any illegal access from outside of the enclave. SGX only allows executables already linked statically to the enclave when compiling executables to access its memory, so code injection attacks to SGX are not effective. However, as a previous study has demonstrated, Return-Oriented Programming (ROP) attacks can overcome this defense mechanism by injecting a series of addresses of executable codes inside the enclave. In this study, we propose a novel ROP attack, called SGXDump, which can repeat the attack payload. SGXDump consists only of gadgets in the enclave and unlike previous ROP attacks, the SGXDump attack can repeat the attack payload, communicate with other channels, and implement conditional statements. We successfully attacked two well-known SGX projects, mbedTLS-SGX and Graphene-SGX. Based on our attack experiences, it seems highly probable that an SGXDump attack can leak the entire enclave memory if there is an exploitable memory corruption vulnerability in the target SGX application. Full article
(This article belongs to the Special Issue Recent Advances in Cybersecurity and Computer Networks)
Show Figures

Figure 1

20 pages, 575 KiB  
Article
Toward an Efficient Automatic Self-Augmentation Labeling Tool for Intrusion Detection Based on a Semi-Supervised Approach
by Basmah Alsulami, Abdulmohsen Almalawi and Adil Fahad
Appl. Sci. 2022, 12(14), 7189; https://doi.org/10.3390/app12147189 - 17 Jul 2022
Cited by 5 | Viewed by 1606
Abstract
Intrusion detection systems (IDSs) based on machine learning algorithms represent a key component for securing computer networks, where normal and abnormal behaviours of network traffic are automatically learned with no or limited domain experts’ interference. Most of existing IDS approaches rely on labeled [...] Read more.
Intrusion detection systems (IDSs) based on machine learning algorithms represent a key component for securing computer networks, where normal and abnormal behaviours of network traffic are automatically learned with no or limited domain experts’ interference. Most of existing IDS approaches rely on labeled predefined classes which require domain experts to efficiently and accurately identify anomalies and threats. However, it is very hard to acquire reliable, up-to-date, and sufficient labeled data for an efficient traffic intrusion detection model. To address such an issue, this paper aims to develop a novel self-automatic labeling intrusion detection approach (called SAL) which utilises only small labeled network traffic data to potentially detect most types of attacks including zero-day attacks. In particular, the proposed SAL approach has three phases including: (i) an ensemble-based decision-making phase to address the limitations of a single classifier by relying on the predictions of multi-classifiers, (ii) a function agreement phase to assign the class label based on an adaptive confidence threshold to unlabeled observations, and (iii) an augmentation labeling phase to maximise the accuracy and the efficiency of the intrusion detection systems in a classifier model and to detect new attacks and anomalies by utilising a hybrid voting-based ensemble learning approach. Experimental results on available network traffic data sets demonstrate that the proposed SAL approach achieves high performance in comparison to two well-known baseline IDSs based on machine learning algorithms. Full article
(This article belongs to the Special Issue Recent Advances in Cybersecurity and Computer Networks)
Show Figures

Figure 1

14 pages, 715 KiB  
Article
SPEEDY Quantum Circuit for Grover’s Algorithm
by Gyeongju Song, Kyoungbae Jang, Hyunjun Kim, Siwoo Eum, Minjoo Sim, Hyunji Kim, Waikong Lee and Hwajeong Seo
Appl. Sci. 2022, 12(14), 6870; https://doi.org/10.3390/app12146870 - 7 Jul 2022
Cited by 7 | Viewed by 2207
Abstract
In this paper, we propose a quantum circuit for the SPEEDY block cipher for the first time and estimate its security strength based on the post-quantum security strength presented by NIST. The strength of post-quantum security for symmetric key cryptography is estimated at [...] Read more.
In this paper, we propose a quantum circuit for the SPEEDY block cipher for the first time and estimate its security strength based on the post-quantum security strength presented by NIST. The strength of post-quantum security for symmetric key cryptography is estimated at the cost of the Grover key retrieval algorithm. Grover’s algorithm in quantum computers reduces the n-bit security of block ciphers to n2 bits. The implementation of a quantum circuit is required to estimate the Grover’s algorithm cost for the target cipher. We estimate the quantum resource required for Grover’s algorithm by implementing a quantum circuit for SPEEDY in an optimized way and show that SPEEDY provides either 128-bit security (i.e., NIST security level 1) or 192-bit security (i.e., NIST security level 3) depending on the number of rounds. Based on our estimated cost, increasing the number of rounds is insufficient to satisfy the security against quantum attacks on quantum computers. Full article
(This article belongs to the Special Issue Recent Advances in Cybersecurity and Computer Networks)
Show Figures

Figure 1

18 pages, 1266 KiB  
Article
APT-Attack Detection Based on Multi-Stage Autoencoders
by Helmut Neuschmied, Martin Winter, Branka Stojanović, Katharina Hofer-Schmitz, Josip Božić and Ulrike Kleb
Appl. Sci. 2022, 12(13), 6816; https://doi.org/10.3390/app12136816 - 5 Jul 2022
Cited by 14 | Viewed by 4185
Abstract
In the face of emerging technological achievements, cyber security remains a significant issue. Despite the new possibilities that arise with such development, these do not come without a drawback. Attackers make use of the new possibilities to take advantage of possible security defects [...] Read more.
In the face of emerging technological achievements, cyber security remains a significant issue. Despite the new possibilities that arise with such development, these do not come without a drawback. Attackers make use of the new possibilities to take advantage of possible security defects in new systems. Advanced-persistent-threat (APT) attacks represent sophisticated attacks that are executed in multiple steps. In particular, network systems represent a common target for APT attacks where known or yet undiscovered vulnerabilities are exploited. For this reason, intrusion detection systems (IDS) are applied to identify malicious behavioural patterns in existing network datasets. In recent times, machine-learning (ML) algorithms are used to distinguish between benign and anomalous activity in such datasets. The application of such methods, especially autoencoders, has received attention for achieving good detection results for APT attacks. This paper builds on this fact and applies several autoencoder-based methods for the detection of such attack patterns in two datasets created by combining two publicly available benchmark datasets. In addition to that, statistical analysis is used to determine features to supplement the anomaly detection process. An anomaly detector is implemented and evaluated on a combination of both datasets, including two experiment instances–APT-attack detection in an independent test dataset and in a zero-day-attack test dataset. The conducted experiments provide promising results on the plausibility of features and the performance of applied algorithms. Finally, a discussion is provided with suggestions of improvements in the anomaly detector. Full article
(This article belongs to the Special Issue Recent Advances in Cybersecurity and Computer Networks)
Show Figures

Figure 1

17 pages, 4630 KiB  
Article
Automatic False Alarm Detection Based on XAI and Reliability Analysis
by Eungyu Lee, Yongsoo Lee and Teajin Lee
Appl. Sci. 2022, 12(13), 6761; https://doi.org/10.3390/app12136761 - 4 Jul 2022
Cited by 4 | Viewed by 2233
Abstract
Many studies attempt to apply artificial intelligence (AI) to cyber security to effectively cope with the increasing number of cyber threats. However, there is a black box problem such that it is difficult to understand the basis for AI prediction. False alarms for [...] Read more.
Many studies attempt to apply artificial intelligence (AI) to cyber security to effectively cope with the increasing number of cyber threats. However, there is a black box problem such that it is difficult to understand the basis for AI prediction. False alarms for malware or cyberattacks can cause serious side effects. Due to this limitation, all AI predictions must be confirmed by an expert, which is a considerable obstacle to AI expansion. Compared to the increasing number of cyberattack alerts, the number of alerts that can be analyzed by experts is limited. This paper provides explainability through an interpretation of AI prediction results and a reliability analysis of AI predictions based on explainable artificial intelligence (XAI). In addition, we propose a method for screening high-quality data that can efficiently detect false predictions based on reliability indicators. Through this, even a small security team can quickly respond to false predictions. To validate the proposed method, experiments were conducted using the IDS dataset and the malware dataset. AI errors were detected better than they could be by the existing AI models, with about 262% in the IDS dataset and 127% in the malware dataset from the top 10% of analysis targets. Therefore, the ability to respond to cyberattacks can be improved using the proposed method. Full article
(This article belongs to the Special Issue Recent Advances in Cybersecurity and Computer Networks)
Show Figures

Figure 1

16 pages, 4770 KiB  
Article
Design of Platforms for Experimentation in Industrial Cybersecurity
by Manuel Domínguez, Juan J. Fuertes, Miguel A. Prada, Serafín Alonso, Antonio Morán and Daniel Pérez
Appl. Sci. 2022, 12(13), 6520; https://doi.org/10.3390/app12136520 - 27 Jun 2022
Cited by 8 | Viewed by 2767
Abstract
The connectivity advances in industrial control systems have also increased the possibility of cyberattacks in industry. Thus, security becomes crucial in critical infrastructures, whose services are considered essential in fields such as manufacturing, energy or public health. Although theoretical and formal approaches are [...] Read more.
The connectivity advances in industrial control systems have also increased the possibility of cyberattacks in industry. Thus, security becomes crucial in critical infrastructures, whose services are considered essential in fields such as manufacturing, energy or public health. Although theoretical and formal approaches are often proposed to advance in the field of industrial cybersecurity, more experimental efforts in realistic scenarios are needed to understand the impact of incidents, assess security technologies or provide training. In this paper, an approach for cybersecurity experimentation is proposed for several industrial areas. Aiming at a high degree of flexibility, the Critical Infrastructure Cybersecurity Laboratory (CICLab) is designed to integrate both real physical equipment with computing and networking infrastructure. It provides a platform for performing security experiments in control systems of diverse sectors such as industry, energy and building management. They allow researchers to perform security experimentation in realistic environments using a wide variety of technologies that are common in these control systems, as well as in the protection or security analysis of industrial networks. Furthermore, educational developments can be made to meet the growing demand of security-related professionals. Full article
(This article belongs to the Special Issue Recent Advances in Cybersecurity and Computer Networks)
Show Figures

Figure 1

21 pages, 3111 KiB  
Article
Extended Chaotic-Map-Based User Authentication and Key Agreement for HIPAA Privacy/Security Regulations
by Yi-Pei Hsieh, Kuo-Chang Lee, Tian-Fu Lee and Guo-Jun Su
Appl. Sci. 2022, 12(11), 5701; https://doi.org/10.3390/app12115701 - 3 Jun 2022
Cited by 4 | Viewed by 2278
Abstract
Background: The US government has enacted the Health Insurance Portability and Accountability Act (HIPAA), in which patient control over electronic protected health information is a major issue of concern. The two main goals of the Act are the privacy and security regulations in [...] Read more.
Background: The US government has enacted the Health Insurance Portability and Accountability Act (HIPAA), in which patient control over electronic protected health information is a major issue of concern. The two main goals of the Act are the privacy and security regulations in the HIPAA and the availability and confidentiality of electronic protected health information. The most recent authenticated key-agreement schemes for HIPAA privacy/security have been developed using time-consuming modular exponential computations or scalar multiplications on elliptic curves to provide higher security. However, these authenticated key-agreement schemes either have a heavy computational cost or suffer from authorization problems. Methods: Recent studies have demonstrated that cryptosystems using chaotic-map operations are more efficient than those that use modular exponential computations and scalar multiplications on elliptic curves. Additionally, enhanced Chebyshev polynomials exhibit the semigroup property and the commutative property. Hence, this paper develops a secure and efficient certificate-based authenticated key-agreement scheme for HIPAA privacy/security regulations by using extended chaotic maps. Results and Conclusions: This work develops a user-authentication and key-agreement scheme that solves security problems that afflict related schemes. This proposed key-agreement scheme depends on a certificate-management center to enable doctors, patients and authentication servers to realize mutual authentication through certificates and thereby reduce the number of rounds of communications that are required. The proposed scheme not only provides more security functions, but also has a lower computational cost than related schemes. Full article
(This article belongs to the Special Issue Recent Advances in Cybersecurity and Computer Networks)
Show Figures

Figure 1

10 pages, 1457 KiB  
Article
Area-Time Efficient Hardware Architecture for CRYSTALS-Kyber
by Tuy Tan Nguyen, Sungjae Kim, Yongjun Eom and Hanho Lee
Appl. Sci. 2022, 12(11), 5305; https://doi.org/10.3390/app12115305 - 24 May 2022
Cited by 8 | Viewed by 4887
Abstract
This paper presents a novel area-time efficient hardware architecture of the lattice-based CRYSTALS-Kyber, which has entered the third round of the post-quantum cryptography standardization competition hosted by the National Institute of Standards and Technology. By developing a dual-path delay feedback number theoretic transform [...] Read more.
This paper presents a novel area-time efficient hardware architecture of the lattice-based CRYSTALS-Kyber, which has entered the third round of the post-quantum cryptography standardization competition hosted by the National Institute of Standards and Technology. By developing a dual-path delay feedback number theoretic transform multiplier dedicating for Kyber parameter set and deploying this multiplier in the Kyber architecture, the key generation, encryption, and decryption operations are accelerated substantially. Furthermore, the proposed architecture offers the best value of area-time product in comparison with existing approaches. The implementation results on Xilinx Vivado targeted for Virtex-7 FPGA board demonstrate that the proposed Kyber cryptoprocessor completes encryption and decryption operations in approximately 57.5 μs at the highest frequency of 226 MHz. Furthermore, the area-time product value when using the proposed Kyber architecture is improved by at least twofold compared with existing architectures. Full article
(This article belongs to the Special Issue Recent Advances in Cybersecurity and Computer Networks)
Show Figures

Figure 1

23 pages, 551 KiB  
Article
A Comparison of an Adaptive Self-Guarded Honeypot with Conventional Honeypots
by Sereysethy Touch and Jean-Noël Colin
Appl. Sci. 2022, 12(10), 5224; https://doi.org/10.3390/app12105224 - 21 May 2022
Cited by 7 | Viewed by 3270
Abstract
To proactively defend computer systems against cyber-attacks, a honeypot system—purposely designed to be prone to attacks—is commonly used to detect attacks, discover new vulnerabilities, exploits or malware before they actually do real damage to real systems. Its usefulness lies in being able to [...] Read more.
To proactively defend computer systems against cyber-attacks, a honeypot system—purposely designed to be prone to attacks—is commonly used to detect attacks, discover new vulnerabilities, exploits or malware before they actually do real damage to real systems. Its usefulness lies in being able to operate without being identified as a trap by adversaries; otherwise, its values are significantly reduced. A honeypot is commonly classified by the degree of interactions that they provide to the attacker: low, medium and high-interaction honeypots. However, these systems have some shortcomings of their own. First, the low and medium-interaction honeypots can be easily detected due to their limited and simulated functions of a system. Second, the usage of real systems in high-interaction honeypots has a high risk of security being compromised due to its unlimited functions. To address these problems, we developed Asgard an adaptive self-guarded honeypot, which leverages reinforcement learning to learn and record attacker’s tools and behaviour while protecting itself from being deeply compromised. In this paper, we compare Asgard and its variant Midgard with two conventional SSH honeypots: Cowrie and a real Linux system. The goal of the paper is (1) to demonstrate the effectiveness of the adaptive honeypot that can learn to compromise between collecting attack data and keeping the honeypot safe, and (2) the benefit of coupling of the environment state and the action in reinforcement learning to define the reward function to effectively learn its objectives. The experimental results show that Asgard could collect higher-quality attacker data compared to Cowrie while evading the detection and could also protect the system for as long as it can through blocking or substituting the malicious programs and some other commands, which is the major problem of the high-interaction honeypot. Full article
(This article belongs to the Special Issue Recent Advances in Cybersecurity and Computer Networks)
Show Figures

Figure 1

23 pages, 4714 KiB  
Article
A Secured Industrial Internet-of-Things Architecture Based on Blockchain Technology and Machine Learning for Sensor Access Control Systems in Smart Manufacturing
by Hichem Mrabet, Adeeb Alhomoud, Abderrazek Jemai and Damien Trentesaux
Appl. Sci. 2022, 12(9), 4641; https://doi.org/10.3390/app12094641 - 5 May 2022
Cited by 34 | Viewed by 4987
Abstract
In this paper, a layered architecture incorporating Blockchain technology (BCT) and Machine Learning (ML) is proposed in the context of the Industrial Internet-of-Things (IIoT) for smart manufacturing applications. The proposed architecture is composed of five layers covering sensing, network/protocol, transport enforced with BCT [...] Read more.
In this paper, a layered architecture incorporating Blockchain technology (BCT) and Machine Learning (ML) is proposed in the context of the Industrial Internet-of-Things (IIoT) for smart manufacturing applications. The proposed architecture is composed of five layers covering sensing, network/protocol, transport enforced with BCT components, application and advanced services (i.e., BCT data, ML and cloud) layers. BCT enables gathering sensor access control information, while ML brings its effectivity in attack detection such as DoS (Denial of Service), DDoS (Distributed Denial of Service), injection, man in the middle (MitM), brute force, cross-site scripting (XSS) and scanning attacks by employing classifiers differentiating between normal and malicious activity. The design of our architecture is compared to similar ones in the literature to point out potential benefits. Experiments, based on the IIoT dataset, have been conducted to evaluate our contribution, using four metrics: Accuracy, Precision, Sensitivity and Matthews Correlation Coefficient (MCC). Artificial Neural Network (ANN), Decision Tree (DT), Random Forest, Naive Bayes, AdaBoost and Support Vector Machine (SVM) classifiers are evaluated regarding these four metrics. Even if more experiments are required, it is illustrated that the proposed architecture can reduce significantly the number of DDoS, injection, brute force and XSS attacks and threats within an advanced framework for sensor access control in IIoT networks based on a smart contract along with ML classifiers. Full article
(This article belongs to the Special Issue Recent Advances in Cybersecurity and Computer Networks)
Show Figures

Figure 1

15 pages, 1603 KiB  
Article
A Client-Centered Information Security and Cybersecurity Auditing Framework
by Mário Antunes, Marisa Maximiano and Ricardo Gomes
Appl. Sci. 2022, 12(9), 4102; https://doi.org/10.3390/app12094102 - 19 Apr 2022
Cited by 11 | Viewed by 6194
Abstract
Information security and cybersecurity management play a key role in modern enterprises. There is a plethora of standards, frameworks, and tools, ISO 27000 and the NIST Cybersecurity Framework being two relevant families of international Information Security Management Standards (ISMSs). Globally, these standards are [...] Read more.
Information security and cybersecurity management play a key role in modern enterprises. There is a plethora of standards, frameworks, and tools, ISO 27000 and the NIST Cybersecurity Framework being two relevant families of international Information Security Management Standards (ISMSs). Globally, these standards are implemented by dedicated tools to collect and further analyze the information security auditing that is carried out in an enterprise. The overall goal of the auditing is to evaluate and mitigate the information security risk. The risk assessment is grounded by auditing processes, which examine and assess a list of predefined controls in a wide variety of subjects regarding cybersecurity and information security. For each control, a checklist of actions is applied and a set of corrective measures is proposed, in order to mitigate the flaws and to increase the level of compliance with the standard being used. The auditing process can apply different ISMSs in the same time frame. However, as these processes are time-consuming, involve on-site interventions, and imply specialized consulting teams, the methodology usually adopted by enterprises consists of applying a single ISMS and its existing tools and frameworks. This strategy brings overall less flexibility and diversity to the auditing process and, consequently, to the assessment results of the audited enterprise. In a broad sense, the auditing needs of Small and Medium-sized Enterprises (SMEs) are different from large companies and do not fit with all the existing ISMSs’ frameworks, that is a set of controls of a particular ISMS is not suitable to be applied in an auditing process, in an SME. In this paper, we propose a generic and client-centered web-integrated cybersecurity auditing information system. The proposed system can be widely used in a myriad of auditing processes, as it is flexible and it can load a set of predefined controls’ checklist assessment and their corresponding mitigation tasks’ list. It was designed to meet both SMEs’ and large enterprises’ requirements and stores auditing and intervention-related data in a relational database. The information system was tested within an ISO 27001:2013 information security auditing project, in which fifty SMEs participated. The overall architecture and design are depicted and the global results are detailed in this paper. Full article
(This article belongs to the Special Issue Recent Advances in Cybersecurity and Computer Networks)
Show Figures

Figure 1

Review

Jump to: Research

12 pages, 1361 KiB  
Review
How to Isolate Non-Public Networks in B5G: A Review
by Qian Sun, Ning Hui, Yiqing Zhou, Lin Tian, Jie Zeng and Xiaohu Ge
Appl. Sci. 2022, 12(19), 9771; https://doi.org/10.3390/app12199771 - 28 Sep 2022
Cited by 2 | Viewed by 1908
Abstract
Non-public networks (NPNs) have drawn much attention due to their flexibility and efficiency with B5G. According to the requirements of various application scenarios, NPNs can be tailored to a number of deployments, sharing the B5G system totally or in part. The isolation of [...] Read more.
Non-public networks (NPNs) have drawn much attention due to their flexibility and efficiency with B5G. According to the requirements of various application scenarios, NPNs can be tailored to a number of deployments, sharing the B5G system totally or in part. The isolation of NPNs is a critical issue. This paper provides a survey of isolation schemes for B5G NPNs. First, we present an overview of various deployments and the corresponding isolation demands for B5G NPNs. To meet these isolation demands, three kinds of NPN isolation—i.e., spectrum isolation, RAN isolation and CN isolation—are discussed. Then, the corresponding isolation technologies are introduced and analyzed. Finally, open research challenges, such as wireless throughput capacity with spectrum isolation, operation with isolation requirements and data isolation of software-defined CN for B5G NPNs, are discussed. Full article
(This article belongs to the Special Issue Recent Advances in Cybersecurity and Computer Networks)
Show Figures

Figure 1

19 pages, 7749 KiB  
Review
A Study on the Psychology of Social Engineering-Based Cyberattacks and Existing Countermeasures
by Murtaza Ahmed Siddiqi, Wooguil Pak and Moquddam A. Siddiqi
Appl. Sci. 2022, 12(12), 6042; https://doi.org/10.3390/app12126042 - 14 Jun 2022
Cited by 34 | Viewed by 24302
Abstract
As cybersecurity strategies become more robust and challenging, cybercriminals are mutating cyberattacks to be more evasive. Recent studies have highlighted the use of social engineering by criminals to exploit the human factor in an organization’s security architecture. Social engineering attacks exploit specific human [...] Read more.
As cybersecurity strategies become more robust and challenging, cybercriminals are mutating cyberattacks to be more evasive. Recent studies have highlighted the use of social engineering by criminals to exploit the human factor in an organization’s security architecture. Social engineering attacks exploit specific human attributes and psychology to bypass technical security measures for malicious acts. Social engineering is becoming a pervasive approach used for compromising individuals and organizations (is relatively more convenient to compromise a human compared to discovering a vulnerability in the security system). Social engineering-based cyberattacks are extremely difficult to counter as they do not follow specific patterns or approaches for conducting an attack, making them highly effective, efficient, easy, and obscure approaches for compromising any organization. To counter such attacks, a better understanding of the attack tactics is highly essential. Hence, this paper provides an in-depth analysis of the approaches used to conduct social engineering-based cyberattacks. This study discusses human vulnerabilities employed by criminals in recent security breaches. Further, the paper highlights the existing approaches, including machine learning-based methods, to counter social engineering-based cyberattacks. Full article
(This article belongs to the Special Issue Recent Advances in Cybersecurity and Computer Networks)
Show Figures

Figure 1

18 pages, 1415 KiB  
Review
Blockchain-based Multifactor Authentication for Future 6G Cellular Networks: A Systematic Review
by Jamil Asim, Adnan Shahid Khan, Rashad Mahmood Saqib, Johari Abdullah, Zeeshan Ahmad, Shehla Honey, Shehroz Afzal, Malak S. Alqahtani and Mohamed Abbas
Appl. Sci. 2022, 12(7), 3551; https://doi.org/10.3390/app12073551 - 31 Mar 2022
Cited by 17 | Viewed by 4364
Abstract
There are continued advances in the internet and communication fields regarding the deployment of 5G-based applications. It is expected that by 2030, 6G applications will emerge as a continued evolution of the mobile network. Blockchain technology is one of the leading supporting technologies [...] Read more.
There are continued advances in the internet and communication fields regarding the deployment of 5G-based applications. It is expected that by 2030, 6G applications will emerge as a continued evolution of the mobile network. Blockchain technology is one of the leading supporting technologies predicted to provide a secure and unique network to 6G-enabled devices, transactions, and applications. It is anticipated that the 6G mobile networks will be virtualized, have cloud-based systems, and aim to be the foundation for the Internet of Everything. However, along with the development of communication technologies, threats from malicious parties have become more sophisticated, making security a significant concern for the 6G era in the future. Despite enormous efforts by researchers to improve security and authentication protocols, systems still face novel intrusion and attacks. Recently, multifactor authentication techniques (MFA) have been deployed as potential solutions to attacks in blockchains. The 6G applications and the cellular network have specific vulnerabilities that need to be addressed using blockchain-based MFA technologies. The current paper is a systematic review that discusses the three technologies under consideration; then, several studies are reviewed that discuss MFA techniques in general and use blockchains as potential solutions to future security and authentication issues that may arise for 6G applications. Full article
(This article belongs to the Special Issue Recent Advances in Cybersecurity and Computer Networks)
Show Figures

Figure 1

Back to TopTop