Intelligent Security and Privacy Approaches against Cyber Threats

Editor

School of Engineering and Information Technology, University of New South Wales at ADFA, Canberra, ACT 2612, Australia
Interests: intrusion detection; threat intelligence; privacy preservation; digital forensics; machine/deep learning; network systems; IoT; cloud
Special Issues, Collections and Topics in MDPI journals

Topical Collection Information

Dear Colleagues,

As many organizations have moved to work from home, cyber attackers have expanded their advanced persistent threats (APT), such as phishing, spear-phishing and zero-day attacks, to exploit vulnerabilities of home networks. It is urgent to develop well-designed privacy security approaches, algorithms, protocols, standards and policies for safeguarding home and organization networks against new cyber threats.

The reason for this challenge is that the policy of Bring your Own device (BYOD) allows individuals to use various Internet of Things (IoT) devices, operating systems and tools, which are different in the settings of security and privacy. The technical and humanized practices of ‘Security-Based Organization’ and ‘Security-Based Home’ will enrich individuals' knowledge for protecting their home networks and securing their organizations’ assets. ‘Security-Based Organization’ denotes that organizations often provide security services and tools and training to employees with less effort from the employees and high visibility of security services, while ‘Security-Based Home’ denotes that individuals need new cyber practices which adapt security to home networks. The transition to work from home needs new security and privacy models that would employ Artificial Intelligence (AI), blockchain, human factor models, cognitive models. and secure big data analytics to secure home networks and safeguard organization assets.

Topics of interest include but are not limited to:

- Intelligent security practices and model-based AI against COVID-19 threats;

- Privacy-enabled human factor models against COVID-19 cyberattacks;

- AI-based Intrusion Detection Systems for discovering COVID-19 cyberattacks;

- AI-based cognitive models against COVID-19 cyberattacks;

- Privacy-driven human analytical behaviours in home networks;

- Privacy-preserving algorithms and approaches for protecting data of home networks;

- Secure Big Data analytics to analyze heterogeneous IoT and home elements;

- Secure and distributed semantic techniques for modeling home networks;

- Blockchain technologies for trusting home and organization systems and networks;

- Threat intelligence for pivoting COVID-19 cyber-attacks.

Dr. Nour Moustafa
Guest Editor

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the collection website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Journal of Cybersecurity and Privacy is an international peer-reviewed open access quarterly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 1000 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • security
  • privacy
  • artificial intelligence
  • intrusion detection
  • human factors
  • privacy preservation

Published Papers (21 papers)

2024

Jump to: 2023, 2022, 2021, 2020

25 pages, 579 KiB  
Article
An Integrated Approach to Cyber Risk Management with Cyber Threat Intelligence Framework to Secure Critical Infrastructure
by Habib El Amin, Abed Ellatif Samhat, Maroun Chamoun, Lina Oueidat and Antoine Feghali
J. Cybersecur. Priv. 2024, 4(2), 357-381; https://doi.org/10.3390/jcp4020018 - 9 Jun 2024
Viewed by 2799
Abstract
Emerging cyber threats’ sophistication, impact, and complexity rapidly evolve, confronting organizations with demanding challenges. This severe escalation requires a deeper understanding of adversary dynamics to develop enhanced defensive strategies and capabilities. Cyber threat actors’ advanced techniques necessitate a proactive approach to managing organizations’ [...] Read more.
Emerging cyber threats’ sophistication, impact, and complexity rapidly evolve, confronting organizations with demanding challenges. This severe escalation requires a deeper understanding of adversary dynamics to develop enhanced defensive strategies and capabilities. Cyber threat actors’ advanced techniques necessitate a proactive approach to managing organizations’ risks and safeguarding cyberspace. Cyber risk management is one of the most efficient measures to anticipate cyber threats. However, it often relies on organizations’ contexts and overlooks adversaries, their motives, capabilities, and tactics. A new cyber risk management framework incorporating emergent information about the dynamic threat landscape is needed to overcome these limitations and bridge the knowledge gap between adversaries and security practitioners. Such information is the product of a cyber threat intelligence process that proactively delivers knowledge about cyber threats to inform decision-making and strengthen defenses. In this paper, we overview risk management and threat intelligence frameworks. Then, we highlight the necessity of integrating cyber threat intelligence and assessment in cyber risk management. After that, we propose a novel risk management framework with integrated threat intelligence on top of EBIOS Risk Manager. Finally, we apply the proposed framework in the scope of a national telecommunications organization. Full article
Show Figures

Figure 1

2023

Jump to: 2024, 2022, 2021, 2020

18 pages, 1396 KiB  
Article
The Privacy Flag Observatory: A Crowdsourcing Tool for Real Time Privacy Threats Evaluation
by Vasileios Vlachos, Yannis C. Stamatiou and Sotiris Nikoletseas
J. Cybersecur. Priv. 2023, 3(1), 26-43; https://doi.org/10.3390/jcp3010003 - 29 Jan 2023
Cited by 3 | Viewed by 2631
Abstract
Instilling good privacy practices to developers and users appears to be a difficult and daunting task. The World Wide Web encompasses a panspermia of different technologies, commercial and open source apis, evolving security standards and protocols that can be deployed towards the [...] Read more.
Instilling good privacy practices to developers and users appears to be a difficult and daunting task. The World Wide Web encompasses a panspermia of different technologies, commercial and open source apis, evolving security standards and protocols that can be deployed towards the implementation of complex, powerful, web applications. At the same time, the proliferation of applications and services on all types of devices has also increased the attack surface for privacy threats. In this paper, we present the Privacy Flag Observatory, a platform which is one of the main tools produced by the Privacy Flag eu funded research project. The goal of this initiative is to raise awareness among European citizens of the potential privacy threats that beset the software and services they trust and use every day, including websites and smartphone applications. The Privacy Flag Observatory is one of the components that contributed to a large extent, to the success of the project’s goals. It is a real-time security and privacy threat monitoring platform whose aim is to collect, archive, analyze and present security and privacy-related information to the broader public as well as experts. Although the platform relies on crowdsourcing information gathering strategies and interacts with several other components installed on users’ devices or remote servers and databases, in this paper, we focus on the observatory platform referring only cursorily to other components such as the mobile phone add-on. Full article
Show Figures

Figure 1

2022

Jump to: 2024, 2023, 2021, 2020

9 pages, 243 KiB  
Article
Cybersecurity in Hospitals: An Evaluation Model
by Mohammed A. Ahmed, Hatem F. Sindi and Majid Nour
J. Cybersecur. Priv. 2022, 2(4), 853-861; https://doi.org/10.3390/jcp2040043 - 26 Oct 2022
Cited by 6 | Viewed by 5857
Abstract
Hospitals have been historically known for their strong risk mitigation policies and designs, which are not becoming easier or simpler to plan and operate. Currently, new technologies and devices are developed every day in the medical industry. These devices, systems, and personnel are [...] Read more.
Hospitals have been historically known for their strong risk mitigation policies and designs, which are not becoming easier or simpler to plan and operate. Currently, new technologies and devices are developed every day in the medical industry. These devices, systems, and personnel are in an ever-higher state of connection to the network and servers, which necessitates the use of stringent cybersecurity policies. Therefore, this work aims to comprehensively identify, quantify, and model the cybersecurity status quo in healthcare facilities. The developed model is going to allow healthcare organizations to understand the imminent operational risks and to identify which measures to improve or add to their system in order to mitigate those risks. Thus, in this work we will develop a novel assessment tool to provide hospitals with a proper reflection of their status quo, which will assist hospital designers in adding the suggested cyber risk mitigation measures to the design itself before operation. Full article
11 pages, 492 KiB  
Article
MOCA: A Network Intrusion Monitoring and Classification System
by Jessil Fuhr, Feng Wang and Yongning Tang
J. Cybersecur. Priv. 2022, 2(3), 629-639; https://doi.org/10.3390/jcp2030032 - 15 Aug 2022
Cited by 5 | Viewed by 3587
Abstract
Optimizing the monitoring of network traffic features to detect abnormal traffic is critical. We propose a two-stage monitoring and classification (MOCA) system requiring fewer features to detect and classify malicious network attacks. The first stage monitors abnormal traffic, and the anomalous traffic is [...] Read more.
Optimizing the monitoring of network traffic features to detect abnormal traffic is critical. We propose a two-stage monitoring and classification (MOCA) system requiring fewer features to detect and classify malicious network attacks. The first stage monitors abnormal traffic, and the anomalous traffic is forwarded for processing in the second stage. A small subset of features trains both classifiers. We demonstrate MOCA’s effectiveness in identifying attacks in the CICIDS2017 dataset with an accuracy of 99.84% and in the CICDDOS2019 dataset with an accuracy of 93%, which significantly outperforms previous methods. We also found that MOCA can use a pre-trained classifier with one feature to distinguish DDoS and Botnet attacks from normal traffic in four different datasets. Our measurements show that MOCA can distinguish DDoS attacks from normal traffic in the CICDDOS2019 dataset with an accuracy of 96% and DDoS attacks in non-IoT and IoT traffic with an accuracy of 99.94%. The results emphasize the importance of using connection features to discriminate new DDoS and Bot attacks from benign traffic, especially with insufficient training samples. Full article
Show Figures

Figure 1

29 pages, 640 KiB  
Review
Cybersecurity Threats and Their Mitigation Approaches Using Machine Learning—A Review
by Mostofa Ahsan, Kendall E. Nygard, Rahul Gomes, Md Minhaz Chowdhury, Nafiz Rifat and Jayden F Connolly
J. Cybersecur. Priv. 2022, 2(3), 527-555; https://doi.org/10.3390/jcp2030027 - 10 Jul 2022
Cited by 58 | Viewed by 41792
Abstract
Machine learning is of rising importance in cybersecurity. The primary objective of applying machine learning in cybersecurity is to make the process of malware detection more actionable, scalable and effective than traditional approaches, which require human intervention. The cybersecurity domain involves machine learning [...] Read more.
Machine learning is of rising importance in cybersecurity. The primary objective of applying machine learning in cybersecurity is to make the process of malware detection more actionable, scalable and effective than traditional approaches, which require human intervention. The cybersecurity domain involves machine learning challenges that require efficient methodical and theoretical handling. Several machine learning and statistical methods, such as deep learning, support vector machines and Bayesian classification, among others, have proven effective in mitigating cyber-attacks. The detection of hidden trends and insights from network data and building of a corresponding data-driven machine learning model to prevent these attacks is vital to design intelligent security systems. In this survey, the focus is on the machine learning techniques that have been implemented on cybersecurity data to make these systems secure. Existing cybersecurity threats and how machine learning techniques have been used to mitigate these threats have been discussed. The shortcomings of these state-of-the-art models and how attack patterns have evolved over the past decade have also been presented. Our goal is to assess how effective these machine learning techniques are against the ever-increasing threat of malware that plagues our online community. Full article
Show Figures

Figure 1

21 pages, 411 KiB  
Review
The State of Ethereum Smart Contracts Security: Vulnerabilities, Countermeasures, and Tool Support
by Haozhe Zhou, Amin Milani Fard and Adetokunbo Makanju
J. Cybersecur. Priv. 2022, 2(2), 358-378; https://doi.org/10.3390/jcp2020019 - 27 May 2022
Cited by 35 | Viewed by 13435
Abstract
Smart contracts are self-executing programs that run on the blockchain and make it possible for peers to enforce agreements without a third-party guarantee. The smart contract on Ethereum is the fundamental element of decentralized finance with billions of US dollars in value. Smart [...] Read more.
Smart contracts are self-executing programs that run on the blockchain and make it possible for peers to enforce agreements without a third-party guarantee. The smart contract on Ethereum is the fundamental element of decentralized finance with billions of US dollars in value. Smart contracts cannot be changed after deployment and hence the code needs to be verified for potential vulnerabilities. However, smart contracts are far from being secure and attacks exploiting vulnerabilities that have led to losses valued in the millions. In this work, we explore the current state of smart contracts security, prevalent vulnerabilities, and security-analysis tool support, through reviewing the latest advancement and research published in the past five years. We study 13 vulnerabilities in Ethereum smart contracts and their countermeasures, and investigate nine security-analysis tools. Our findings indicate that a uniform set of smart contract vulnerability definitions does not exist in research work and bugs pertaining to the same mechanisms sometimes appear with different names. This inconsistency makes it difficult to identify, categorize, and analyze vulnerabilities. We explain some safeguarding approaches and best practices. However, as technology improves new vulnerabilities may emerge. Regarding tool support, SmartCheck, DefectChecker, contractWard, and sFuzz tools are better choices in terms of more coverage of vulnerabilities; however, tools such as NPChecker, MadMax, Osiris, and Sereum target some specific categories of vulnerabilities if required. While contractWard is relatively fast and more accurate, it can only detect pre-defined vulnerabilities. The NPChecker is slower, however, can find new vulnerability patterns. Full article
Show Figures

Figure 1

23 pages, 2222 KiB  
Article
HEAD Access Control Metamodel: Distinct Design, Advanced Features, and New Opportunities
by Nadine Kashmar, Mehdi Adda and Hussein Ibrahim
J. Cybersecur. Priv. 2022, 2(1), 42-64; https://doi.org/10.3390/jcp2010004 - 14 Feb 2022
Cited by 2 | Viewed by 5713
Abstract
Access control (AC) policies are a set of rules administering decisions in systems and they are increasingly used for implementing flexible and adaptive systems to control access in today’s internet services, networks, security systems, and others. The emergence of the current generation of [...] Read more.
Access control (AC) policies are a set of rules administering decisions in systems and they are increasingly used for implementing flexible and adaptive systems to control access in today’s internet services, networks, security systems, and others. The emergence of the current generation of networking environments, with digital transformation, such as the internet of things (IoT), fog computing, cloud computing, etc., with their different applications, bring out new trends, concepts, and challenges to integrate more advanced and intelligent systems in critical and heterogeneous structures. This fact, in addition to the COVID-19 pandemic, has prompted a greater need than ever for AC due to widespread telework and the need to access resources and data related to critical domains such as government, healthcare, industry, and others, and any successful cyber or physical attack can disrupt operations or even decline critical services to society. Moreover, various declarations have announced that the world of AC is changing fast, and the pandemic made AC feel more essential than in the past. To minimize security risks of any unauthorized access to physical and logical systems, before and during the pandemic, several AC approaches are proposed to find a common specification for security policy where AC is implemented in various dynamic and heterogeneous computing environments. Unfortunately, the proposed AC models and metamodels have limited features and are insufficient to meet the current access control requirements. In this context, we have developed a Hierarchical, Extensible, Advanced, and Dynamic (HEAD) AC metamodel with substantial features that is able to encompass the heterogeneity of AC models, overcome the existing limitations of the proposed AC metamodels, and follow the various technology progressions. In this paper, we explain the distinct design of the HEAD metamodel, starting from the metamodel development phase and reaching to the policy enforcement phase. We describe the remaining steps and how they can be employed to develop more advanced features in order to open new opportunities and answer the various challenges of technology progressions and the impact of the pandemic in the domain. As a result, we present a novel approach in five main phases: metamodel development, deriving models, generating policies, policy analysis and assessment, and policy enforcement. This approach can be employed to assist security experts and system administrators to design secure systems that comply with the organizational security policies that are related to access control. Full article
Show Figures

Figure 1

2021

Jump to: 2024, 2023, 2022, 2020

26 pages, 3324 KiB  
Article
Polymorphic Adversarial Cyberattacks Using WGAN
by Ravi Chauhan, Ulya Sabeel, Alireza Izaddoost and Shahram Shah Heydari
J. Cybersecur. Priv. 2021, 1(4), 767-792; https://doi.org/10.3390/jcp1040037 - 12 Dec 2021
Cited by 10 | Viewed by 6486
Abstract
Intrusion Detection Systems (IDS) are essential components in preventing malicious traffic from penetrating networks and systems. Recently, these systems have been enhancing their detection ability using machine learning algorithms. This development also forces attackers to look for new methods for evading these advanced [...] Read more.
Intrusion Detection Systems (IDS) are essential components in preventing malicious traffic from penetrating networks and systems. Recently, these systems have been enhancing their detection ability using machine learning algorithms. This development also forces attackers to look for new methods for evading these advanced Intrusion Detection Systemss. Polymorphic attacks are among potential candidates that can bypass the pattern matching detection systems. To alleviate the danger of polymorphic attacks, the IDS must be trained with datasets that include these attacks. Generative Adversarial Network (GAN) is a method proven in generating adversarial data in the domain of multimedia processing, text, and voice, and can produce a high volume of test data that is indistinguishable from the original training data. In this paper, we propose a model to generate adversarial attacks using Wasserstein GAN (WGAN). The attack data synthesized using the proposed model can be used to train an IDS. To evaluate the trained IDS, we study several techniques for updating the attack feature profile for the generation of polymorphic data. Our results show that by continuously changing the attack profiles, defensive systems that use incremental learning will still be vulnerable to new attacks; meanwhile, their detection rates improve incrementally until the polymorphic attack exhausts its profile variables. Full article
Show Figures

Figure 1

39 pages, 16225 KiB  
Article
Modeling Correlation between Android Permissions Based on Threat and Protection Level Using Exploratory Factor Plane Analysis
by Moses Ashawa and Sarah Morris
J. Cybersecur. Priv. 2021, 1(4), 704-742; https://doi.org/10.3390/jcp1040035 - 30 Nov 2021
Cited by 3 | Viewed by 5214
Abstract
The evolution of mobile technology has increased correspondingly with the number of attacks on mobile devices. Malware attack on mobile devices is one of the top security challenges the mobile community faces daily. While malware classification and detection tools are being developed to [...] Read more.
The evolution of mobile technology has increased correspondingly with the number of attacks on mobile devices. Malware attack on mobile devices is one of the top security challenges the mobile community faces daily. While malware classification and detection tools are being developed to fight malware infection, hackers keep deploying different infection strategies, including permissions usage. Among mobile platforms, Android is the most targeted by malware because of its open OS and popularity. Permissions is one of the major security techniques used by Android and other mobile platforms to control device resources and enhance access control. In this study, we used the t-Distribution stochastic neighbor embedding (t-SNE) and Self-Organizing Map techniques to produce a visualization method using exploratory factor plane analysis to visualize permissions correlation in Android applications. Two categories of datasets were used for this study: the benign and malicious datasets. Dataset was obtained from Contagio, VirusShare, VirusTotal, and Androzoo repositories. A total of 12,267 malicious and 10,837 benign applications with different categories were used. We demonstrate that our method can identify the correlation between permissions and classify Android applications based on their protection and threat level. Our results show that every permission has a threat level. This signifies those permissions with the same protection level have the same threat level. Full article
Show Figures

Figure 1

15 pages, 529 KiB  
Article
New Semi-Prime Factorization and Application in Large RSA Key Attacks
by Anthony Overmars and Sitalakshmi Venkatraman
J. Cybersecur. Priv. 2021, 1(4), 660-674; https://doi.org/10.3390/jcp1040033 - 12 Nov 2021
Cited by 4 | Viewed by 7251
Abstract
Semi-prime factorization is an increasingly important number theoretic problem, since it is computationally intractable. Further, this property has been applied in public-key cryptography, such as the Rivest–Shamir–Adleman (RSA) encryption systems for secure digital communications. Hence, alternate approaches to solve the semi-prime factorization problem [...] Read more.
Semi-prime factorization is an increasingly important number theoretic problem, since it is computationally intractable. Further, this property has been applied in public-key cryptography, such as the Rivest–Shamir–Adleman (RSA) encryption systems for secure digital communications. Hence, alternate approaches to solve the semi-prime factorization problem are proposed. Recently, Pythagorean tuples to factor semi-primes have been explored to consider Fermat’s Christmas theorem, with the two squares having opposite parity. This paper is motivated by the property that the integer separating these two squares being odd reduces the search for semi-prime factorization by half. In this paper, we prove that if a Pythagorean quadruple is known and one of its squares represents a Pythagorean triple, then the semi-prime is factorized. The problem of semi-prime factorization is reduced to the problem of finding only one such sum of three squares to factorize a semi-prime. We modify the Lebesgue identity as the sum of four squares to obtain four sums of three squares. These are then expressed as four Pythagorean quadruples. The Brahmagupta–Fibonacci identity reduces these four Pythagorean quadruples to two Pythagorean triples. The greatest common divisors of the sides contained therein are the factors of the semi-prime. We then prove that to factor a semi-prime, it is sufficient that only one of these Pythagorean quadruples be known. We provide the algorithm of our proposed semi-prime factorization method, highlighting its complexity and comparative advantage of the solution space with Fermat’s method. Our algorithm has the advantage when the factors of a semi-prime are congruent to 1 modulus 4. Illustrations of our method for real-world applications, such as factorization of the 768-bit number RSA-768, are established. Further, the computational viabilities, despite the mathematical constraints and the unexplored properties, are suggested as opportunities for future research. Full article
Show Figures

Figure 1

22 pages, 4693 KiB  
Review
Insights into Organizational Security Readiness: Lessons Learned from Cyber-Attack Case Studies
by Faisal Quader and Vandana P. Janeja
J. Cybersecur. Priv. 2021, 1(4), 638-659; https://doi.org/10.3390/jcp1040032 - 11 Nov 2021
Cited by 11 | Viewed by 18267
Abstract
This paper focuses on understanding the characteristics of multiple types of cyber-attacks through a comprehensive evaluation of case studies of real-world cyber-attacks. For each type of attack, we identify and link the attack type to the characteristics of that attack and the factors [...] Read more.
This paper focuses on understanding the characteristics of multiple types of cyber-attacks through a comprehensive evaluation of case studies of real-world cyber-attacks. For each type of attack, we identify and link the attack type to the characteristics of that attack and the factors leading up to the attack, as observed from the review of case studies for that type of attack. We explored both the quantitative and qualitative characteristics for the types of attacks, including the type of industry, the financial intensity of the attack, non-financial intensity impacts, the number of impacted customers, and the impact on users’ trust and loyalty. In addition, we investigated the key factors leading up to an attack, including the human behavioral aspects; the organizational–cultural factors at play; the security policies adapted; the technology adoption and investment by the business; the training and awareness of all stakeholders, including users, customers and employees; and the investments in cybersecurity. In our study, we also analyzed how these factors are related to each other by evaluating the co-occurrence and linkage of factors to form graphs of connected frequent rules seen across the case studies. This study aims to help organizations take a proactive approach to the study of relevant cyber threats and aims to educate organizations to become more knowledgeable through lessons learned from other organizations experiencing cyber-attacks. Our findings indicate that the human behavioral aspects leading up to attacks are the weakest link in the successful prevention of cyber threats. We focus on human factors and discuss mitigation strategies. Full article
Show Figures

Figure 1

27 pages, 7856 KiB  
Article
Clone Node Detection Attacks and Mitigation Mechanisms in Static Wireless Sensor Networks
by Jean Rosemond Dora and Karol Nemoga
J. Cybersecur. Priv. 2021, 1(4), 553-579; https://doi.org/10.3390/jcp1040028 - 24 Sep 2021
Cited by 8 | Viewed by 6507
Abstract
The development of the wireless sensor networks technology commonly named WSNs has been gaining a significantly increased amount of attention from researchers over the last few decades. Its large number of sensor nodes is one of the features that makes it beneficial to [...] Read more.
The development of the wireless sensor networks technology commonly named WSNs has been gaining a significantly increased amount of attention from researchers over the last few decades. Its large number of sensor nodes is one of the features that makes it beneficial to the technology. The sensors can communicate with each other to form a network. These sensor nodes are generally used for diverse applications, such as pressure monitoring, fire detection, target tracking, and health monitoring, etc. However, the downside is that WSNs are often deployed in hostile, critical environments where they do not restrain physical access. This reality makes them incredibly vulnerable to clone node attacks or node replication attacks. The adversary can capture the legitimate sensor nodes, extract them and then collect some sensitive information, such as node ID, keys and perform a replication attack. This possibility will afterward facilitate the attacker to be able to take control of the whole network and execute the same functions as that of the authorized nodes. Based on this vulnerability, it is of great importance for researchers to invent a detection protocol for the clone attacks as well as a mitigation method. From all of the researches that have been published, a lot of them proposed some techniques to detect the clone node attacks and also to mitigate the attacks. However, almost none of them semantically focused on the security layer establishment. Based on this fact, we proposed an ontology-based approach Ontology for Replication Attacks in Static Wireless Sensor Networks “ORASWSN”, which can semantically be used for the detection and mitigation of the attacks by taking into consideration the importance of using security layers. Full article
Show Figures

Figure 1

35 pages, 5600 KiB  
Article
An Empirical Assessment of Endpoint Detection and Response Systems against Advanced Persistent Threats Attack Vectors
by George Karantzas and Constantinos Patsakis
J. Cybersecur. Priv. 2021, 1(3), 387-421; https://doi.org/10.3390/jcp1030021 - 9 Jul 2021
Cited by 31 | Viewed by 81401
Abstract
Advanced persistent threats pose a significant challenge for blue teams as they apply various attacks over prolonged periods, impeding event correlation and their detection. In this work, we leverage various diverse attack scenarios to assess the efficacy of EDRs against detecting and preventing [...] Read more.
Advanced persistent threats pose a significant challenge for blue teams as they apply various attacks over prolonged periods, impeding event correlation and their detection. In this work, we leverage various diverse attack scenarios to assess the efficacy of EDRs against detecting and preventing APTs. Our results indicate that there is still a lot of room for improvement as state-of-the-art EDRs fail to prevent and log the bulk of the attacks that are reported in this work. Additionally, we discuss methods to tamper with the telemetry providers of EDRs, allowing an adversary to perform a more stealth attack. Full article
Show Figures

Figure 1

21 pages, 1933 KiB  
Article
Ontology for Cross-Site-Scripting (XSS) Attack in Cybersecurity
by Jean Rosemond Dora and Karol Nemoga
J. Cybersecur. Priv. 2021, 1(2), 319-339; https://doi.org/10.3390/jcp1020018 - 25 May 2021
Cited by 9 | Viewed by 9527
Abstract
In this work, we tackle a frequent problem that frequently occurs in the cybersecurity field which is the exploitation of websites by XSS attacks, which are nowadays considered a complicated attack. These types of attacks aim to execute malicious scripts in a web [...] Read more.
In this work, we tackle a frequent problem that frequently occurs in the cybersecurity field which is the exploitation of websites by XSS attacks, which are nowadays considered a complicated attack. These types of attacks aim to execute malicious scripts in a web browser of the client by including code in a legitimate web page. A serious matter is when a website accepts the “user-input” option. Attackers can exploit the web application (if vulnerable), and then steal sensitive data (session cookies, passwords, credit cards, etc.) from the server and/or from the client. However, the difficulty of the exploitation varies from website to website. Our focus is on the usage of ontology in cybersecurity against XSS attacks, on the importance of the ontology, and its core meaning for cybersecurity. We explain how a vulnerable website can be exploited, and how different JavaScript payloads can be used to detect vulnerabilities. We also enumerate some tools to use for an efficient analysis. We present detailed reasoning on what can be done to improve the security of a website in order to resist attacks, and we provide supportive examples. Then, we apply an ontology model against XSS attacks to strengthen the protection of a web application. However, we note that the existence of ontology does not improve the security itself, but it has to be properly used and should require a maximum of security layers to be taken into account. Full article
Show Figures

Figure 1

22 pages, 1023 KiB  
Article
Launching Adversarial Attacks against Network Intrusion Detection Systems for IoT
by Pavlos Papadopoulos, Oliver Thornewill von Essen, Nikolaos Pitropakis, Christos Chrysoulas, Alexios Mylonas and William J. Buchanan
J. Cybersecur. Priv. 2021, 1(2), 252-273; https://doi.org/10.3390/jcp1020014 - 23 Apr 2021
Cited by 40 | Viewed by 9032
Abstract
As the internet continues to be populated with new devices and emerging technologies, the attack surface grows exponentially. Technology is shifting towards a profit-driven Internet of Things market where security is an afterthought. Traditional defending approaches are no longer sufficient to detect both [...] Read more.
As the internet continues to be populated with new devices and emerging technologies, the attack surface grows exponentially. Technology is shifting towards a profit-driven Internet of Things market where security is an afterthought. Traditional defending approaches are no longer sufficient to detect both known and unknown attacks to high accuracy. Machine learning intrusion detection systems have proven their success in identifying unknown attacks with high precision. Nevertheless, machine learning models are also vulnerable to attacks. Adversarial examples can be used to evaluate the robustness of a designed model before it is deployed. Further, using adversarial examples is critical to creating a robust model designed for an adversarial environment. Our work evaluates both traditional machine learning and deep learning models’ robustness using the Bot-IoT dataset. Our methodology included two main approaches. First, label poisoning, used to cause incorrect classification by the model. Second, the fast gradient sign method, used to evade detection measures. The experiments demonstrated that an attacker could manipulate or circumvent detection with significant probability. Full article
Show Figures

Figure 1

13 pages, 424 KiB  
Communication
Marine Network Protocols and Security Risks
by Ky Tran, Sid Keene, Erik Fretheim and Michail Tsikerdekis
J. Cybersecur. Priv. 2021, 1(2), 239-251; https://doi.org/10.3390/jcp1020013 - 14 Apr 2021
Cited by 15 | Viewed by 8218
Abstract
Marine network protocols are domain-specific network protocols that aim to incorporate particular features within the specialized marine context that devices are implemented in. Devices implemented in such vessels involve critical equipment; however, limited research exists for marine network protocol security. In this paper, [...] Read more.
Marine network protocols are domain-specific network protocols that aim to incorporate particular features within the specialized marine context that devices are implemented in. Devices implemented in such vessels involve critical equipment; however, limited research exists for marine network protocol security. In this paper, we provide an analysis of several marine network protocols used in today’s vessels and provide a classification of attack risks. Several protocols involve known security limitations, such as Automated Identification System (AIS) and National Marine Electronic Association (NMEA) 0183, while newer protocols, such as OneNet provide more security hardiness. We further identify several challenges and opportunities for future implementations of such protocols. Full article
Show Figures

Figure 1

20 pages, 1288 KiB  
Article
Information Security and Cybersecurity Management: A Case Study with SMEs in Portugal
by Mário Antunes, Marisa Maximiano, Ricardo Gomes and Daniel Pinto
J. Cybersecur. Priv. 2021, 1(2), 219-238; https://doi.org/10.3390/jcp1020012 - 8 Apr 2021
Cited by 39 | Viewed by 20559
Abstract
Information security plays a key role in enterprises management, as it deals with the confidentiality, privacy, integrity, and availability of one of their most valuable resources: data and information. Small and Medium-sized enterprises (SME) are seen as a blind spot in information security [...] Read more.
Information security plays a key role in enterprises management, as it deals with the confidentiality, privacy, integrity, and availability of one of their most valuable resources: data and information. Small and Medium-sized enterprises (SME) are seen as a blind spot in information security and cybersecurity management, which is mainly due to their size, regional and familiar scope, and financial resources. This paper presents an information security and cybersecurity management project, in which a methodology based on the well-known ISO-27001:2013 standard was designed and implemented in fifty SMEs that were located in the center region of Portugal. The project was conducted by a business association located at the center of Portugal and mainly participated by SMEs. The Polytechnic of Leiria and an IT auditing/consulting team were the other two entities that participated on the project. The characterisation of the participating enterprises, the ISO-27001:2013 based methodology developed and implemented in SMEs, as well as the results obtained in this case study, are depicted and analysed in the paper. The attained results show a clear benefit to the audited and intervened SMEs, being mainly attested by the increasing of their information security management robustness and collaborators’ cyberawareness. Full article
Show Figures

Figure 1

31 pages, 3520 KiB  
Review
Secure and Privacy-Aware Blockchain Design: Requirements, Challenges and Solutions
by Sidra Aslam, Aleksandar Tošić and Michael Mrissa
J. Cybersecur. Priv. 2021, 1(1), 164-194; https://doi.org/10.3390/jcp1010009 - 14 Mar 2021
Cited by 12 | Viewed by 7678
Abstract
During the last decade, distributed ledger solutions such as blockchain have gained significant attention due to their decentralized, immutable, and verifiable features. However, the public availability of data stored on the blockchain and its link to users may raise privacy and security issues. [...] Read more.
During the last decade, distributed ledger solutions such as blockchain have gained significant attention due to their decentralized, immutable, and verifiable features. However, the public availability of data stored on the blockchain and its link to users may raise privacy and security issues. In some cases, addressing these issues requires blockchain data to be secured with mechanisms that allow on-demand (as opposed to full) disclosure. In this paper, we give a comprehensive overview of blockchain privacy and security requirements, and detail how existing mechanisms answer them. We provide a taxonomy of current attacks together with related countermeasures. We present a thorough comparative analysis based on various parameters of state-of the-art privacy and security mechanisms, we provide recommendations to design secure and privacy-aware blockchain, and we suggest guidelines for future research. Full article
Show Figures

Figure 1

24 pages, 776 KiB  
Article
Sharing Machine Learning Models as Indicators of Compromise for Cyber Threat Intelligence
by Davy Preuveneers and Wouter Joosen
J. Cybersecur. Priv. 2021, 1(1), 140-163; https://doi.org/10.3390/jcp1010008 - 26 Feb 2021
Cited by 36 | Viewed by 13435
Abstract
Cyber threat intelligence (CTI) sharing is the collaborative effort of sharing information about cyber attacks to help organizations gain a better understanding of threats and proactively defend their systems and networks from cyber attacks. The challenge that we address is the fact that [...] Read more.
Cyber threat intelligence (CTI) sharing is the collaborative effort of sharing information about cyber attacks to help organizations gain a better understanding of threats and proactively defend their systems and networks from cyber attacks. The challenge that we address is the fact that traditional indicators of compromise (IoC) may not always capture the breath or essence of a cyber security threat or attack campaign, possibly leading to false alert fatigue and missed detections with security analysts. To tackle this concern, we designed and evaluated a CTI solution that complements the attribute and tagging based sharing of indicators of compromise with machine learning (ML) models for collaborative threat detection. We implemented our solution on top of MISP, TheHive, and Cortex—three state-of-practice open source CTI sharing and incident response platforms—to incrementally improve the accuracy of these ML models, i.e., reduce the false positives and false negatives with shared counter-evidence, as well as ascertain the robustness of these models against ML attacks. However, the ML models can be attacked as well by adversaries that aim to evade detection. To protect the models and to maintain confidentiality and trust in the shared threat intelligence, we extend our previous research to offer fine-grained access to CP-ABE encrypted machine learning models and related artifacts to authorized parties. Our evaluation demonstrates the practical feasibility of the ML model based threat intelligence sharing, including the ability of accounting for indicators of adversarial ML threats. Full article
Show Figures

Figure 1

21 pages, 1613 KiB  
Article
The Cybersecurity Focus Area Maturity (CYSFAM) Model
by Bilge Yigit Ozkan, Sonny van Lingen and Marco Spruit
J. Cybersecur. Priv. 2021, 1(1), 119-139; https://doi.org/10.3390/jcp1010007 - 13 Feb 2021
Cited by 14 | Viewed by 8271
Abstract
The cost of recovery after a cybersecurity attack is likely to be high and may result in the loss of business at the extremes. Evaluating the acquired cybersecurity capabilities and evolving them to a desired state in consideration of risks are inevitable. This [...] Read more.
The cost of recovery after a cybersecurity attack is likely to be high and may result in the loss of business at the extremes. Evaluating the acquired cybersecurity capabilities and evolving them to a desired state in consideration of risks are inevitable. This research proposes the CYberSecurity Focus Area Maturity (CYSFAM) Model for assessing cybersecurity capabilities. In this design science research, CYSFAM was evaluated at a large financial institution. From the many cybersecurity standards, 11 encompassing focus areas were identified. An assessment instrument—containing 144 questions—was developed. The in-depth single case study demonstrates how and to what extent cybersecurity related deficiencies can be identified. The novel scoring metric has been proven to be adequate, but can be further improved upon. The evaluation results show that the assessment questions suit the case study target audience; the assessment can be performed within four hours; the organization recognizes itself in the result. Full article
Show Figures

Figure 1

2020

Jump to: 2024, 2023, 2022, 2021

15 pages, 1085 KiB  
Review
Blockchain Technology: Emerging Applications and Use Cases for Secure and Trustworthy Smart Systems
by Danda B. Rawat, Vijay Chaudhary and Ronald Doku
J. Cybersecur. Priv. 2021, 1(1), 4-18; https://doi.org/10.3390/jcp1010002 - 10 Nov 2020
Cited by 74 | Viewed by 12424
Abstract
Blockchain, also known as a distributed ledger technology, stores different transactions/operations in a chain of blocks in a distributed manner without needing a trusted third-party. Blockchain is proven to be immutable, which helps with integrity and accountability, and, to some extent, confidentiality through [...] Read more.
Blockchain, also known as a distributed ledger technology, stores different transactions/operations in a chain of blocks in a distributed manner without needing a trusted third-party. Blockchain is proven to be immutable, which helps with integrity and accountability, and, to some extent, confidentiality through a pair of public and private keys. Blockchain has been in the spotlight after successful boom of the Bitcoin. There have been efforts to leverage salient features of Blockchain for different applications and use cases. This paper presents a comprehensive survey of applications and use cases of Blockchain technology for making smart systems secure and trustworthy. Specifically, readers of this paper can have thorough understanding of applications and use cases of Blockchain technology. Full article
Show Figures

Figure 1

Back to TopTop