Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
4.0
2.3
Journals
Mathematics
Special Issues
Models and Algorithms in Cybersecurity
share announcement

Models and Algorithms in Cybersecurity

A special issue of Mathematics (ISSN 2227-7390). This special issue belongs to the section "Mathematics and Computer Science".

Deadline for manuscript submissions: closed (31 October 2023) | Viewed by 15302

Special Issue Editors

Prof. Dr. Oliviu Matei

E-Mail Website
Guest Editor
1. Electric, Electronic and Computer Engineering Department, Technical University of Cluj-Napoca, 400114 Cluj-Napoca, Romania
2. HOLISUN, 430397 Baia-Mare, Romania
Interests: evolutionary computation; data mining
Special Issues, Collections and Topics in MDPI journals
Dr. Rudolf Erdei

E-Mail Website
Guest Editor
1. Electric, Electronic and Computer Engineering Department, Technical University of Cluj-Napoca, 400114 Cluj-Napoca, Romania
2. HOLISUN, 430397 Baia-Mare, Romania
Interests: software architecture; software integration; distributed systems; genetic algorithms; data mining

Special Issue Information

Dear Colleagues,

With cyber attacks rising in both importance and volume every year, it is paramount to ensure that deployed code is free of known problems and audited for possible software problems, including interactions between software and hardware components. Digital Twins can be used, along with Data Mining and Deep Learning approaches, to predict and mitigate hardware interactions and a whole ecosystem of other tools that have grown in time into a full software platform and framework for cybersecurity assessment and predictions.

These tools have been the subject of intense research and development to raise their TRL levels to high, market-ready values that can already be used by end-user companies that are actively developing software and hardware components. The framework, composed of a set of tools and methodologies, will address the challenges related to vulnerability management, resilience, auditing of complex systems, risk analysis, mitigation strategies, and security certification harmonization.

Prof. Dr. Oliviu Matei
Dr. Rudolf Erdei
Guest Editors

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Mathematics is an international peer-reviewed open access semimonthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 2600 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • machine learning in cybersecurity
  • data mining methods for security
  • novelty detection algorithms
  • intrusion detection algorithms
  • adaptive defense of network infrastructure
  • adaptive reasoning
  • information forensics
  • ontologies and conceptual information processing
  • semantic information representation
  • web semantics in intelligence and law enforcement
  • industrial and commercial applications of intelligent methods for security
  • adaptive planning for strategic reasoning
  • biometric identification and recognition
  • biometric surveillance
  • biometric access control
  • extraction of biometric features (fingerprint, iris, face, voice, palm, gait)
  • cryptography
  • applied cryptography and provably secure cryptographic protocols
  • design and analysis of efficient cryptographic primitives
  • security aspects of using virtualization in a distributed environment
  • fault tolerance in virtualized environments
  • virtualization-based adaptive/autonomic systems

Benefits of Publishing in a Special Issue

  • Ease of navigation: Grouping papers by topic helps scholars navigate broad scope journals more efficiently.
  • Greater discoverability: Special Issues support the reach and impact of scientific research. Articles in Special Issues are more discoverable and cited more frequently.
  • Expansion of research network: Special Issues facilitate connections among authors, fostering scientific collaborations.
  • External promotion: Articles in Special Issues are often promoted through the journal's social media, increasing their visibility.
  • e-Book format: Special Issues with more than 10 articles can be published as dedicated e-books, ensuring wide and rapid dissemination.

Further information on MDPI's Special Issue polices can be found here.

Published Papers (6 papers)

Download All Papers
Order results
Result details
Show export options expand_more Show export options expand_less
Select all
Export citation of selected articles as:

Research

14 pages, 6419 KiB  
Article
A Novel Neural Network Architecture Using Automated Correlated Feature Layer to Detect Android Malware Applications
by Amerah Alabrah
Mathematics 2023, 11(20), 4242; https://doi.org/10.3390/math11204242 - 11 Oct 2023
Cited by 4 | Viewed by 982
Abstract
Android OS devices are the most widely used mobile devices globally. The open-source nature and less restricted nature of the Android application store welcome malicious apps, which present risks for such devices. It is found in the security department report that static features [...] Read more.
Android OS devices are the most widely used mobile devices globally. The open-source nature and less restricted nature of the Android application store welcome malicious apps, which present risks for such devices. It is found in the security department report that static features such as Android permissions, manifest files, and API calls could significantly reduce malware app attacks on Android devices. Therefore, an automated method for malware detection should be installed on Android devices to detect malicious apps. These automated malware detection methods are developed using machine learning methods. Previously, many studies on Android OS malware detection using different feature selection approaches have been proposed, indicating that feature selection is a widely used concept in Android malware detection. The feature dependency and the correlation of the features enable the malicious behavior of an app to be detected. However, more robust feature selection using automated methods is still needed to improve Android malware detection methods. Therefore, this study proposed an automated ANN-method-based Android malware detection method. To validate the proposed method, two public datasets were used in this study, namely the CICInvestAndMal2019 and Drebin/AMD datasets. Both datasets were preprocessed via their static features to normalize the features as binary values. Binary values indicate that certain permissions in any app are enabled (1) or disabled (0). The transformed feature sets were given to the ANN classifier, and two main experiments were conducted. In Experiment 1, the ANN classifier used a simple input layer, whereas a five-fold cross-validation method was applied for validation. In Experiment 2, the proposed ANN classifier used a proposed feature selection layer. It includes selected features only based on correlation or dependency with respect to benign or malware apps. The proposed ANN-method-based results are significant, improved, and robust and were better than those presented in previous studies. The overall results of using the five-fold method on the CICInvestAndMal2019 dataset were a 95.30% accuracy, 96% precision, 98% precision, and 92% F1-score. Likewise, on the AMD/Drebin dataset, the overall scores were a 99.60% accuracy, 100% precision and recall, and 99% F1-score. Furthermore, the computational cost of both experiments was calculated to prove the performance improvement brought about by the proposed ANN classifier compared to the simple ANN method with the same time of training and prediction. Full article
(This article belongs to the Special Issue Models and Algorithms in Cybersecurity)
Show Figures

Figure 1

16 pages, 2350 KiB  
Article
Similarity-Based Hybrid Malware Detection Model Using API Calls
by Asma A. Alhashmi, Abdulbasit A. Darem, Abdullah M. Alashjaee, Sultan M. Alanazi, Tareq M. Alkhaldi, Shouki A. Ebad, Fuad A. Ghaleb and Aloyoun M. Almadani
Mathematics 2023, 11(13), 2944; https://doi.org/10.3390/math11132944 - 30 Jun 2023
Cited by 4 | Viewed by 2123
Abstract
This study presents a novel Similarity-Based Hybrid API Malware Detection Model (HAPI-MDM) aiming to enhance the accuracy of malware detection by leveraging the combined strengths of static and dynamic analysis of API calls. Faced with the pervasive challenge of obfuscation techniques used by [...] Read more.
This study presents a novel Similarity-Based Hybrid API Malware Detection Model (HAPI-MDM) aiming to enhance the accuracy of malware detection by leveraging the combined strengths of static and dynamic analysis of API calls. Faced with the pervasive challenge of obfuscation techniques used by malware authors, the conventional detection models often struggle to maintain robust performance. Our proposed model addresses this issue by deploying a two-stage learning approach where the XGBoost algorithm acts as a feature extractor feeding into an Artificial Neural Network (ANN). The key innovation of HAPI-MDM is the similarity-based feature, which further enhances the detection accuracy of the dynamic analysis, ensuring reliable detection even in the presence of obfuscation. The model was evaluated using seven machine learning techniques with 10 K-fold cross-validation. Experimental results demonstrated HAPI-MDM’s superior performance, achieving an overall accuracy of 97.91% and the lowest false-positive and false-negative rates compared to related works. The findings suggest that integrating dynamic and static API-based features and utilizing a similarity-based feature significantly improves malware detection performance, thereby offering an effective tool to fortify cybersecurity measures against escalating malware threats. Full article
(This article belongs to the Special Issue Models and Algorithms in Cybersecurity)
Show Figures

Figure 1

23 pages, 3151 KiB  
Article
Dynamic Extraction of Initial Behavior for Evasive Malware Detection
by Faitouri A. Aboaoja, Anazida Zainal, Abdullah Marish Ali, Fuad A. Ghaleb, Fawaz Jaber Alsolami and Murad A. Rassam
Mathematics 2023, 11(2), 416; https://doi.org/10.3390/math11020416 - 12 Jan 2023
Cited by 6 | Viewed by 2941
Abstract
Recently, malware has become more abundant and complex as the Internet has become more widely used in daily services. Achieving satisfactory accuracy in malware detection is a challenging task since malicious software exhibit non-relevant features when they change the performed behaviors as a [...] Read more.
Recently, malware has become more abundant and complex as the Internet has become more widely used in daily services. Achieving satisfactory accuracy in malware detection is a challenging task since malicious software exhibit non-relevant features when they change the performed behaviors as a result of their awareness of the analysis environments. However, the existing solutions extract features from the entire collected data offered by malware during the run time. Accordingly, the actual malicious behaviors are hidden during the training, leading to a model trained using unrepresentative features. To this end, this study presents a feature extraction scheme based on the proposed dynamic initial evasion behaviors determination (DIEBD) technique to improve the performance of evasive malware detection. To effectively represent evasion behaviors, the collected behaviors are tracked by examining the entropy distributions of APIs-gram features using the box-whisker plot algorithm. A feature set suggested by the DIEBD-based feature extraction scheme is used to train machine learning algorithms to evaluate the proposed scheme. Our experiments’ outcomes on a dataset of benign and evasive malware samples show that the proposed scheme achieved an accuracy of 0.967, false positive rate of 0.040, and F1 of 0.975. Full article
(This article belongs to the Special Issue Models and Algorithms in Cybersecurity)
Show Figures

Figure 1

19 pages, 3337 KiB  
Article
Detection of Unknown DDoS Attack Using Reconstruct Error and One-Class SVM Featuring Stochastic Gradient Descent
by Chin-Shiuh Shieh, Thanh-Tuan Nguyen, Chun-Yueh Chen and Mong-Fong Horng
Mathematics 2023, 11(1), 108; https://doi.org/10.3390/math11010108 - 26 Dec 2022
Cited by 10 | Viewed by 1965
Abstract
The network system has become an indispensable component of modern infrastructure. DDoS attacks and their variants remain a potential and persistent cybersecurity threat. DDoS attacks block services to legitimate users by incorporating large amounts of malicious traffic in a short period or depleting [...] Read more.
The network system has become an indispensable component of modern infrastructure. DDoS attacks and their variants remain a potential and persistent cybersecurity threat. DDoS attacks block services to legitimate users by incorporating large amounts of malicious traffic in a short period or depleting system resources through methods specific to each client, causing the victim to lose reputation, finances, and potential customers. With the advancement and maturation of artificial intelligence technology, machine learning and deep learning are widely used to detect DDoS attacks with significant success. However, traditional supervised machine learning must depend on the categorized training sets, so the recognition rate plummets when the model encounters patterns outside the dataset. In addition, DDoS attack techniques continue to evolve, rendering training based on conventional data models unable to meet contemporary requirements. Since closed-set classifiers have excellent performance in cybersecurity and are quite mature, this study will investigate the identification of open-set recognition issues where the attack pattern does not accommodate the distribution learned by the model. This research proposes a framework that uses reconstruction error and distributes hidden layer characteristics to detect unknown DDoS attacks. This study will employ deep hierarchical reconstruction nets (DHRNet) architecture and reimplement it with a 1D integrated neural network employing loss function combined with spatial location constraint prototype loss (SLCPL) as a solution for open-set risks. At the output, a one-class SVM (one-class support vector machine) based on a random gradient descent approximation is used to recognize the unknown patterns in the subsequent stage. The model achieves an impressive detection rate of more than 99% in testing. Furthermore, the incremental learning module utilizing unknown traffic labeled by telecom technicians during tracking has enhanced the model’s performance by 99.8% against unknown threats based on the CICIDS2017 Friday open dataset. Full article
(This article belongs to the Special Issue Models and Algorithms in Cybersecurity)
Show Figures

Figure 1

30 pages, 1336 KiB  
Article
Design and Evaluation of Unsupervised Machine Learning Models for Anomaly Detection in Streaming Cybersecurity Logs
by Carmen Sánchez-Zas, Xavier Larriva-Novo, Víctor A. Villagrá, Mario Sanz Rodrigo and José Ignacio Moreno
Mathematics 2022, 10(21), 4043; https://doi.org/10.3390/math10214043 - 31 Oct 2022
Cited by 4 | Viewed by 3262
Abstract
Companies, institutions or governments process large amounts of data for the development of their activities. This knowledge usually comes from devices that collect data from various sources. Processing them in real time is essential to ensure the flow of information about the current [...] Read more.
Companies, institutions or governments process large amounts of data for the development of their activities. This knowledge usually comes from devices that collect data from various sources. Processing them in real time is essential to ensure the flow of information about the current state of infrastructure, as this knowledge is the basis for management and decision making in the event of an attack or anomalous situations. Therefore, this article exposes three unsupervised machine learning models based on clustering techniques and threshold definitions to detect anomalies from heterogeneous streaming cybersecurity data sources. After evaluation, this paper presents a case of heterogeneous cybersecurity devices, comparing WSSSE, Silhouette and training time metrics for all models, where K-Means was defined as the optimal algorithm for anomaly detection in streaming data processing. The anomaly detection’s accuracy achieved is also significantly high. A comparison with other research studies is also performed, against which the proposed method proved its strong points. Full article
(This article belongs to the Special Issue Models and Algorithms in Cybersecurity)
Show Figures

Figure 1

11 pages, 302 KiB  
Article
Scalability of k-Tridiagonal Matrix Singular Value Decomposition
by Andrei Tănăsescu, Mihai Carabaş, Florin Pop and Pantelimon George Popescu
Mathematics 2021, 9(23), 3123; https://doi.org/10.3390/math9233123 - 3 Dec 2021
Cited by 5 | Viewed by 2169
Abstract
Singular value decomposition has recently seen a great theoretical improvement for k-tridiagonal matrices, obtaining a considerable speed up over all previous implementations, but at the cost of not ordering the singular values. We provide here a refinement of this method, proving that [...] Read more.
Singular value decomposition has recently seen a great theoretical improvement for k-tridiagonal matrices, obtaining a considerable speed up over all previous implementations, but at the cost of not ordering the singular values. We provide here a refinement of this method, proving that reordering singular values does not affect performance. We complement our refinement with a scalability study on a real physical cluster setup, offering surprising results. Thus, this method provides a major step up over standard industry implementations. Full article
(This article belongs to the Special Issue Models and Algorithms in Cybersecurity)
Show Figures

Figure 1

Show export options expand_more Show export options expand_less
Select all
Export citation of selected articles as:
 
Displaying articles 1-6
Back to TopTop