Your search keyword '"Cyber intelligence (Computer security)"' showing total 2,626 results

1. Open hearing : advancing intelligence in the era of artificial intelligence : addressing the national security implications of AI : hearing before the Select Committee on Intelligence of the United States Senate, One Hundred Eighteenth Congress, first session, September 19, 2023.

Subjects

Legislative hearings., Artificial intelligence -- Military applications -- United States., Electronic intelligence -- Technological innovations., Cyber intelligence (Computer security), National security -- Technological innovations -- United States., Armed Forces and National Security.

Published

2024

2. The threat of artificial intelligence in cyber security: Risk and countermeasures.

Author

Jadoun, Gautami Singh, Bhatt, Devershi Pallavi, Mathur, Vinita, and Kaur, Amritpal

Subjects

*CYBER intelligence (Computer security), *ARTIFICIAL intelligence, *RIGHT of privacy, *SECURITY systems, *INTERNET security

Abstract

As we all know, artificial intelligence (AI) continues to progress and becomes more widespread throughout the world, it has the capability to develop many aspects of society, where cybersecurity is the major part, providing new ways to detect and counter AI threats. Even though the rising use of AI in cyberattacks also gives rise to vital risks present. It also helps identify and govern potential impacts on privacy and civil liberties, guaranteeing the safety and security of individuals or an entity, organizations, and citizens in an AI-driven world. Research in this article suggests that AI threats in cybersecurity are needed to keep up and compete with current trends and threats to develop powerful security methods. AI is the most effective way to recognize and manage the impacts that can occur on privacy and public rights. This can improve technical reliability and security. Investing in research and development to bypass the AI threat breach in cybersecurity and anticipate the latest threats is crucial. This includes applying AI-driven mitigation strategies and the best security and data privacy approaches as well as methods. Association between education, industry, and government can help identify and manage emerging threats and develop or create effective countermeasures. By addressing some major issues, research can provide valuable understanding into powerful mitigation strategies and support a more secure, resilient, and strong cybernated economy or society. This abstract will explore and inspect the feasibility and provide an extensive overview and outline of the threats that AI uses in cybersecurity, including the challenges of safeguarding against AI threats with the risks of AI-powered attacks and including security measures. [ABSTRACT FROM AUTHOR]

Published

2025

3. Improving Threat Mitigation Through a Cybersecurity Risk Management Framework: A Computational Design Science Approach.

Author

Ampel, Benjamin M., Samtani, Sagar, Zhu, Hongyi, Chen, Hsinchun, and Nunamaker Jr., Jay F.

Subjects

DESIGN science, INFORMATION technology, CYBER intelligence (Computer security), INTERNET security, TEXT mining, HAZARD mitigation

Abstract

Cyberattacks have been increasing in volume and intensity, necessitating proactive measures. Cybersecurity risk management frameworks are deployed to provide actionable intelligence to mitigate potential threats by analyzing the available cybersecurity data. Existing frameworks, such as MITRE ATT&CK, provide timely mitigation strategies against attacker capabilities yet do not account for hacker data when developing cyber threat intelligence. Therefore, we developed a novel information technology artifact, ATT&CK-Link, which incorporates a novel transformer and multi-teacher knowledge distillation design, to link hacker threats to this broadly used framework. Here, we illustrated how hospital systems can use this framework to proactively protect their cyberinfrastructure against hacker threats. Our ATT&CK-Link framework has practical implications for cybersecurity professionals, who can implement our framework to generate strategic, operational, and tactical cyber threat intelligence. ATT&CK-Link also contributes to the information systems knowledge base by providing design principles to pursue targeted cybersecurity analytics, risk management, and broader text analytics research through simultaneous multi-modal (e.g., text and code) distillation and classification. [ABSTRACT FROM AUTHOR]

Published

2024

4. Intelligence Collection Disciplines—A Systematic Review.

Author

Henrico, Susan and Putter, Dries

Subjects

*GEOGRAPHIC information systems, *CYBER intelligence (Computer security), *SOCIAL intelligence, *MILITARY science, *OPEN source intelligence

Abstract

Intelligence collection is an integral part of the intelligence cycle. In fact, some authors declare that it is at the heart of the intelligence discipline. Intelligence collection is typically done by a variety of intelligence collection disciplines and is as old as the Bible. In the past, intelligence collection consisted mainly of human intelligence (HUMINT). However, as technologies evolved, so too did collection methods, and the number of collection disciplines, therefore, increased substantially. Some of these intelligence collection disciplines also underwent some significant modifications because of these technological advances. An example of this is Image Intelligence (IMINT) which was previously seen as a collection discipline on its own. IMINT is nowadays considered a subdiscipline under Geospatial Intelligence (GEOINT)—the addition of geographical information systems (GIS) in the 1980s is one of the reasons for this change. These and many other changes resulted in many authors not agreeing on the main disciplines (and subdisciplines) in the intelligence collection domain. Furthermore, different organizations may only perform certain intelligence collection tasks and therefore only consider a certain spectrum of the intelligence collection domain. In 2021, the South African National Defence Force started a new degree programme in Defence Intelligence Studies under the auspices of the Faculty of Military Science, Stellenbosch University. It was, therefore, necessary to first establish what is globally considered the main intelligence collection disciplines and subdisciplines and secondly, which of these must be included when presenting intelligence collection as part of the degree programme in South Africa. The research entailed a two-phased approach, the first part entailed the PRISMA model to find relevant material that was analyzed with ATLAS.ti software during the second phase. The research is interesting since it suggests an expansion of the traditional list of intelligence collection disciplines by adding newer intelligence collection disciplines such as Social Media Intelligence (SOCMINT) and Cyber Intelligence (CYBINT). These additions can also be applied to other educational institutions offering intelligence studies elsewhere in the world. [ABSTRACT FROM AUTHOR]

Published

2025

5. 网络威胁技战术情报识别提取生成式技术研究.

Author

于丰瑞 and 杜彦辉

Subjects

LANGUAGE models, DATA augmentation, CYBER intelligence (Computer security), CHATGPT, CYBERTERRORISM, DEEP learning, SUPERVISED learning

Abstract

Copyright of Journal of Frontiers of Computer Science & Technology is the property of Beijing Journal of Computer Engineering & Applications Journal Co Ltd. and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2025

6. Facets of security and safety problems and paradigms for smart aerial mobility and intelligent logistics.

Author

Ajakwe, Simeon Okechukwu and Kim, Dong‐Seong

Subjects

TECHNOLOGICAL innovations, DRONE warfare, ARTIFICIAL intelligence, CYBER intelligence (Computer security), CYBERTERRORISM

Abstract

The use of unmanned aerial vehicles (UAVs) for smart and speedy logistics is still relatively nascent compared to traditional delivery methods. However, it is witnessing sporadic and steady growth due to booming demands, technological advancement, and regulatory support. The intelligence and integrity of UAV systems depend largely on the underlying cognitive and cybersecurity models, which serve as both eyes and brains to perceive and respond to the myriad of scenarios around them. Smart mobility and intelligent logistic ecosystems (SMiLE) are complex and advanced technological networks which are exposed to several issues. The incorporation of UAVs for priority logistics, thereby extending the coverage and capacity of SMiLE, further heightens these vulnerabilities and questions its security, safety, and sustainability. This review scrutinizes the significant security disruptions, smartness dynamics, and sundry developments for the sustainable deployment of UAVs as an aerial logistics‐based vehicle. Using the PRISMA‐SPIDER methodology, 157 articles were selected for quantitative analysis and 20 review articles for qualitative evaluation. Security and safety issues in UAVs cut across all the layers of logistics operations: components, communication, network architecture, navigation, supply chain etc. Expanding the capacity of SMiLE using UAV demands an intentional and incremental convergence‐based integration of an agile explainable artificial framework for reliable and safety‐conscious smart mobility, a scalable and tamperproof blockchain for multi‐factor authentication, and a zero trust cybersecurity paradigm for inclusive enterprise‐based authorization. [ABSTRACT FROM AUTHOR]

Published

2024

7. Cyber intelligence and international security: breaking the legal and diplomatic silence?

Author

Broeders, Dennis

Subjects

*CYBERSPACE operations (Military science), *DIGITAL technology, *CYBER intelligence (Computer security), *INTERNATIONAL security, *CYBERSPACE

Abstract

In cyberspace intelligence agencies, rather than militaries, are the most prominent security actors. However, many cyber operations conducted by intelligence agencies are not 'classic' espionage activities, but may be best described as digital covert action (sabotage, subversion, information operations). Given the fact that international law and diplomacy traditionally do not address espionage, cyber operations conducted by intelligence agencies have developed in a legal grey zone that gets stretched by the behaviour of the intelligence agencies of the most brazen cyber powers. The digital age has significantly transformed the capabilities and the role of intelligence agencies, which raises the question if the traditional international consensus that 'intelligence is not discussed' is still useful in state-to-state relations. The theoretically underdefined role and activities of intelligence agencies are affected by four big changes in the digital age: increase in scale of their activities and effects, heightened ambiguity, massive expansion of the attack surface and trickle-down insecurity, which point to a need to rethink how cyber intelligence agencies should operate. Some states will continue to push the boundaries of what is possible in cyberspace, unless other states break with the legal and diplomatic silence to discuss 'guardrails' to cyber intelligence activities. [ABSTRACT FROM AUTHOR]

Published

2024

8. REDUCE Your Risk: BEST PRACTICES TO STRENGTHEN YOUR CYBERSECURITY DEFENSES.

Author

LINDEN, LUKE VANDER

Subjects

INTERNET security, PHISHING, CYBERTERRORISM, BEST practices, SOCIAL engineering (Fraud), CYBER intelligence (Computer security), HOME improvement centers, COMPUTER user identification

Abstract

The article discusses best practices to help home improvement retailers strengthen their cybersecurity defenses. Topics discussed include cybersecurity threats faced by retailers in 2024, the top cybersecurity mistakes committed by retailers, and tips to deter cybersecurity threats including cultivating an organizational culture of cybersecurity awareness, focusing on security monitoring and data backups, and making cybersecurity an organization-wide priority.

Published

2024

9. A Unified Model for Chinese Cyber Threat Intelligence Flat Entity and Nested Entity Recognition.

Author

Yu, Jiayi, Lu, Yuliang, Zhang, Yongheng, Xie, Yi, Cheng, Mingjie, and Yang, Guozheng

Subjects

LANGUAGE models, CYBER intelligence (Computer security), CYBERTERRORISM, CHINESE language, TRANSFORMER models

Abstract

In recent years, as cybersecurity threats have become increasingly severe and cyberattacks have occurred frequently, higher requirements have been put forward for cybersecurity protection. Therefore, the Named Entity Recognition (NER) technique, which is the cornerstone of Cyber Threat Intelligence (CTI) analysis, is particularly important. However, most existing NER studies are limited to recognizing single-layer flat entities, ignoring the possible nested entities in CTI. On the other hand, most of the existing studies focus on English CTIs, and the existing models performed poorly in a limited number of Chinese CTI studies. Given the above challenges, we propose in this paper a novel unified model, RBTG, which aims to identify flat and nested entities in Chinese CTI effectively. To overcome the difficult boundary recognition problem and the direction-dependent and distance-dependent properties in Chinese CTI NER, we use Global Pointer as the decoder and TENER as the encoder layer, respectively. Specifically, the Global Pointer layer solves the problem of the insensitivity of general NER methods to entity boundaries by utilizing the relative position information and the multiplicative attention mechanism. The TENER layer adapts to the Chinese CTI NER task by introducing an attention mechanism with direction awareness and distance awareness. Meanwhile, to cope with the complex feature capture of hierarchical structure and dependencies among Chinese CTI nested entities, the TENER layer solves the problem by following the structure of multiple self-attention layers and feed-forward network layers superimposed on each other in the Transformer. In addition, to fill the gap in the Chinese CTI nested entity dataset, we further apply the Large Language Modeling (LLM) technique and domain knowledge to construct a high-quality Chinese CTI nested entity dataset, CDTinee, which consists of six entity types selected from STIX, including nearly 4000 entity types extracted from more than 3000 threatening sentences. In the experimental session, we conduct extensive experiments on multiple datasets, and the results show that the proposed model RBTG outperforms the baseline model in both flat NER and nested NER. [ABSTRACT FROM AUTHOR]

Published

2024

10. Application of Generative Artificial Intelligence in Minimizing Cyber Attacks on Vehicular Networks.

Author

Guntuka, Sony and Shakshuki, Elhadi

Subjects

GENERATIVE artificial intelligence, CYBER intelligence (Computer security), CYBERTERRORISM, INTERNET security, AUTONOMOUS vehicles

Abstract

This paper explores the innovative applications of Generative Artificial Intelligence (GenAI) for strengthening the cybersecurity of vehicular networks. With the advent of intelligent transport systems and autonomous vehicles, the cybersecurity landscape has evolved significantly, which necessitating new strategies to tackle sophisticated threats. GenAI provides advanced capabilities for automating defenses, enhancing threat intelligence, and fostering dynamic security frameworks in vehicular networks. However, the incorporation of GenAI also introduces new risks, requiring robust ethical, legal, and technical oversight. This research paper outlines the current state of GenAI in vehicular network cybersecurity, showcases the Vehicular Threat Intelligence Flowchart (VTIF), focuses on the threat detection rule algorithm in VTIF, highlights the potential benefits and challenges, and proposes future research directions for developing resilient and ethical cybersecurity mechanisms. [ABSTRACT FROM AUTHOR]

Published

2024

11. A Novel Cloud-Enabled Cyber Threat Hunting Platform for Evaluating the Cyber Risks Associated with Smart Health Ecosystems.

Author

Alabdulatif, Abdullah and Thilakarathne, Navod Neranjan

Subjects

CYBERTERRORISM, DATA privacy, CYBER intelligence (Computer security), INTERNET security, HEALTH care industry

Abstract

The fast proliferation of Internet of Things (IoT) devices has dramatically altered healthcare, increasing the efficiency and efficacy of smart health ecosystems. However, this expansion has created substantial security risks, as cybercriminals increasingly target IoT devices in order to exploit their weaknesses and relay critical health information. The rising threat landscape poses serious concerns across various domains within healthcare, where the protection of patient information and the integrity of medical devices are paramount. Smart health systems, while offering numerous benefits, are particularly vulnerable to cyber-attacks due to the integration of IoT devices and the vast amounts of data they generate. Healthcare providers, although unable to control the actions of cyber adversaries, can take proactive steps to secure their systems by adopting robust cybersecurity measures, such as strong user authentication, regular system updates, and the implementation of advanced security technologies. This research introduces a groundbreaking approach to addressing the cybersecurity challenges in smart health ecosystems through the deployment of a novel cloud-enabled cyber threat-hunting platform. This platform leverages deception technology, which involves creating decoys, traps, and false information to divert cybercriminals away from legitimate health data and systems. By using this innovative approach, the platform assesses the cyber risks associated with smart health systems, offering actionable recommendations to healthcare stakeholders on how to minimize cyber risks and enhance the security posture of IoT-enabled healthcare solutions. Overall, this pioneering research represents a significant advancement in safeguarding the increasingly interconnected world of smart health ecosystems, providing a promising strategy for defending against the escalating cyber threats faced by the healthcare industry. [ABSTRACT FROM AUTHOR]

Published

2024

12. Automating shareable cyber threat intelligence production for closed source software vulnerabilities: a deep learning based detection system.

Author

Arıkan, Süleyman Muhammed, Koçak, Aynur, and Alkan, Mustafa

Subjects

*COMPUTER security vulnerabilities, *MACHINE learning, *CYBER intelligence (Computer security), *CYBERTERRORISM, *RESOURCE management

Abstract

Software can be vulnerable to various types of interference. The production of cyber threat intelligence for closed source software requires significant effort, experience, and many manual steps. The objective of this study is to automate the process of producing cyber threat intelligence, focusing on closed source software vulnerabilities. To achieve our goal, we have developed a system called cti-for-css. Deep learning algorithms were used for detection. To simplify data representation and reduce pre-processing workload, the study proposes the function-as-sentence approach. The MLP, OneDNN, LSTM, and Bi-LSTM algorithms were trained using this approach with the SOSP and NDSS18 binary datasets, and their results were compared. The aforementioned datasets contain buffer error vulnerabilities (CWE-119) and resource management error vulnerabilities (CWE-399). Our results are as successful as the studies in the literature. The system achieved the best performance using Bi-LSTM, with F1 score of 82.4%. Additionally, AUC score of 93.0% was acquired, which is the best in the literature. The study concluded by producing cyber threat intelligence using closed source software. Shareable intelligence was produced in an average of 0.1 s, excluding the detection process. Each record, which was represented using our approach, was classified in under 0.32 s on average. [ABSTRACT FROM AUTHOR]

Published

2024

13. ENERGY SECURITY IN THE CONTEXT OF CONTEMPORARY GEOPOLITICAL CHALLENGES.

Author

RUSZEL, MARIUSZ and TUROWSKI, PAWEŁ

Subjects

RUSSIA-Ukraine Conflict, 2014-, FEDERAL aid to renewable energy, COMPUTER security, CYBER intelligence (Computer security)

Abstract

Copyright of Annals of Social Sciences / Roczniki Nauk Społecznych is the property of Towarzystwo Naukowe KUL & Katolicki Uniwersytet Lubelski Jana Pawla II and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2024

14. Advanced Cyber Attack Detection Using Generative Adversarial Networks and NLP.

Author

Ramya, P. and Guntupalli, Himagiri Chandra

Subjects

NATURAL language processing, GENERATIVE adversarial networks, COMPUTATIONAL linguistics, ARTIFICIAL intelligence, CYBER intelligence (Computer security), CYBERTERRORISM

Abstract

A key difficulty in the ever-changing cybersecurity scene is the detection of sophisticated cyber-attacks. Because new threats are so much more sophisticated and difficult to detect, traditional tactics typically fail. A new technique to improving cyber-attack detection skills is explored in this study. It uses Generative Adversarial Networks (GANs) and Natural Language Processing (NLP). Using GANs' realistic data generation capabilities, possible attack paths are simulated, creating a strong dataset for training detection systems. At the same time, natural language processing (NLP) methods are used to decipher the mountain of textual information produced by cyberspace, including incident reports, communication patterns, and logs. Our approach is based on building a fake dataset using GANs that mimics the features of advanced cyberattacks. A detection model is then trained using this dataset. Simultaneously, we improve the detection model's capacity to spot intricate and nuanced assault patterns by processing and analysing text-based data using natural language processing approaches. We use a benchmark cybersecurity dataset to test the integrated method. The experimental findings show that our GANNLP based detection system outperforms existing systems, which have an average accuracy of 85.3%, by a wide margin. It achieves a recall of 93.2%, precision of 92.5%, and accuracy of 94.7%. These findings prove that GANs and NLP work well together to identify complex cyberattacks. Finally, GANs and NLP together provide a potent instrument for better cyber-attack detection. A scalable solution that can adapt to the ever-changing nature of cyber threats is offered by this integrated approach, which also increases detection accuracy and efficiency. Improving the models and investigating their use in a real-world cybersecurity setting will be the primary goals of future research. [ABSTRACT FROM AUTHOR]

Published

2024

15. A Survey on the Integration of Cyber Threat Feeds and Blockchain Technology.

Author

El-Kosairy, Ahmed, AbdelBaki, Nashwa, and Aslan, Heba

Subjects

CYBER intelligence (Computer security), BLOCKCHAINS, SCALABILITY, INTERNET security, COMPARATIVE studies, CYBERTERRORISM

Abstract

Cybersecurity attacks have significantly increased in recent years. Cybersecurity/Alert Threat Intelligence (CTI) has been introduced to ensure systems are secure against these attacks. CTI must be both swift and capable of protecting the sender's identity to mitigate threats immediately. It is crucial because it enhances understanding of attacks. However, a paradox arises between the necessity of generating Cyber Threat Intelligence (CTI) for community sharing and the need to address other challenges not encompassed by CTI, such as privacy concerns This paper aims to explore how blockchain technology can be integrated with CTI to overcome challenges in traditional CTI. This integration has attracted substantial interest in recent years. We evaluate how these studies recently address the relationship between CTI and blockchain integration. Each contribution is scrutinized based on set criteria, highlighting areas where information is lacking, through a comprehensive comparison. We have gathered and compared the latest contributions that employ blockchain to resolve CTI issues. Additionally, we identify gaps in each paper to provide a broad overview of areas requiring further investigation. Additionally, we examine the potential challenges associated with this integration and provide a comparative analysis of recent studies that have investigated the subject. The principal contribution of this paper lies in the integration of all aspects related to both CTI feed sharing and blockchain technology, such as consensus types, CTI sharing mechanisms, mining rewards, CTI standards, and the challenges and limitations of combining these two approaches. This integration could aid in designing a secure system for sharing CTI feeds while preserving privacy and mitigating the threats posed by attackers. In addition, this paper highlights the future research directions, particularly in improving privacy, scalability, and participation incentives in blockchain-based CTI systems. [ABSTRACT FROM AUTHOR]

Published

2024

16. OPTIMIZATION OF MANAGEMENT PROCESSES IN CENTRAL GOVERNMENT BODIES THROUGH THE INTEGRATION OF ARTIFICIAL INTELLIGENCE.

Author

Bashuk, Alla and Chechel, Oleh

Subjects

PUBLIC administration, PUBLIC services, LOCAL government, ARTIFICIAL intelligence, CYBER intelligence (Computer security)

Abstract

The primary object of analysis in this study is the impact of artificial intelligence (AI) on various departments of a district state administration. The problem addressed by the research was to evaluate the key benefits and challenges of using AI to optimize management processes. The results demonstrated a significant increase in the efficiency of handling citizen inquiries, reducing the processing time from seven days to two days, indicating the high productivity of the implemented systems. These results can be explained by the application of automating routine tasks and optimizing workflows, which lead to the rapid processing of inquiries and reduction of administrative burdens. Moreover, the increased internal consistency of the data, confirmed by Cronbach’s alpha, indicates the reliability of the metrics and assessment tools used. The distinctive features of the results, such as high transparency and efficiency of processes, became possible through the integration of the latest AI technologies, which helped solve the identified problem. These features allow AI to serve as an important tool in public administration reform. The scope of practical application of the results includes the use of AI to enhance the quality of public services and optimize internal processes in public administration. Owing to the implementation of best practices in data management and cybersecurity, departments can achieve better interaction and efficiency, promoting the development of a transparent and effective management system. The practical application of the proposed innovations could significantly improve the quality of interaction with citizens, ensuring greater satisfaction with services and compliance with modern efficiency requirements. [ABSTRACT FROM AUTHOR]

Published

2024

17. SIFT: Sifting file types—application of explainable artificial intelligence in cyber forensics.

Author

Alam, Shahid and Demir, Alper Kamil

Subjects

DIGITAL forensics, FORENSIC sciences, ARTIFICIAL intelligence, CYBER intelligence (Computer security), DEEP learning

Abstract

Artificial Intelligence (AI) is being applied to improve the efficiency of software systems used in various domains, especially in the health and forensic sciences. Explainable AI (XAI) is one of the fields of AI that interprets and explains the methods used in AI. One of the techniques used in XAI to provide such interpretations is by computing the relevance of the input features to the output of an AI model. File fragment classification is one of the vital issues of file carving in Cyber Forensics (CF) and becomes challenging when the filesystem metadata is missing. Other major challenges it faces are: proliferation of file formats, file embeddings, automation, We leverage and utilize interpretations provided by XAI to optimize the classification of file fragments and propose a novel sifting approach, named SIFT (Sifting File Types). SIFT employs TF-IDF to assign weight to a byte (feature), which is used to select features from a file fragment. Threshold-based LIME and SHAP (the two XAI techniques) feature relevance values are computed for the selected features to optimize file fragment classification. To improve multinomial classification, a Multilayer Perceptron model is developed and optimized with five hidden layers, each layer with i × n neurons, where i = the layer number and n = the total number of classes in the dataset. When tested with 47,482 samples of 20 file types (classes), SIFT achieves a detection rate of 82.1% and outperforms the other state-of-the-art techniques by at least 10%. To the best of our knowledge, this is the first effort of applying XAI in CF for optimizing file fragment classification. [ABSTRACT FROM AUTHOR]

Published

2024

18. An improved transformer‐based model for detecting phishing, spam and ham emails: A large language model approach.

Author

Jamal, Suhaima, Wimmer, Hayden, and Sarker, Iqbal H.

Subjects

*SOCIAL engineering (Fraud), *LANGUAGE models, *ARTIFICIAL intelligence, *CYBER intelligence (Computer security), *PHISHING, *SPAM email

Abstract

Phishing and spam have been a cybersecurity threat with the majority of breaches resulting from these types of social engineering attacks. Therefore, detection has been a long‐standing challenge for both academic and industry researcher. New and innovative approaches are required to keep up with the growing sophistication of threat actors. One such illumination which has vast potential are large language models (LLM). LLM emerged and already demonstrated their potential to transform society and provide new and innovative approaches to solve well‐established challenges. Phishing and spam have caused financial hardships and lost time and resources to email users all over the world and frequently serve as an entry point for ransomware threat actors. While detection approaches exist, especially heuristic‐based approaches, LLMs offer the potential to venture into a new unexplored area for understanding and solving this challenge. LLMs have rapidly altered the landscape from business, consumers, and throughout academia and demonstrate transformational potential to profoundly impact the society. Based on this, applying these new and innovative approaches to email detection is a rational next step in academic research. In this work, we present IPSDM, an improved phishing spam detection model based on fine‐tuning the BERT family of models to specifically detect phishing and spam emails. We demonstrate our fine‐tuned version, IPSDM, is able to better classify emails in both unbalanced and balanced datasets. Moreover, IPSDM consistently outperforms the baseline models in terms of classification accuracy, precision, recall, and F1‐score, while concurrently mitigating overfitting concerns. [ABSTRACT FROM AUTHOR]

Published

2024

19. AI-Powered Cyber Threats: A Systematic Review.

Author

Alanezi, Mafaz and Alyas AL-Azzawi, Ruah Mouad

Subjects

CYBER intelligence (Computer security), ARTIFICIAL intelligence, MACHINE learning, INTERNET security, HONESTY, CYBERTERRORISM

Abstract

Copyright of Mesopotamian Journal of CyberSecurity is the property of Mesopotamian Academic Press and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2024

20. The Impact of Artificial Intelligence on Cyber Security.

Author

STOICA, Andrei-Alexandru, GHENADE, Adrian, and PICA, Aurel Stefan

Subjects

ARTIFICIAL intelligence, CYBER intelligence (Computer security), INTERNET security, DATA protection, PUBLIC law

Abstract

This article aims to present a broad analysis of the impact that artificial intelligence has on cyber security and the advantages and disadvantages that its implementation can bring regarding national security and data protection. The paper aims to describe the current usages of artificial intelligence in civilian and state applications as well as to identify potential future uses for technology. It will focus on how important its employment can help security overall. We will also analyse current levels of cyber security from a legal, technical and administrative point of view and the focus will be on how important artificial intelligence is towards handling specific tasks regarding security in the European Union, United States of America and the People's Republic of China. Furthermore, we will present advantages and disadvantages concerning artificial intelligence in different key domains such as cyberspace and intelligence surveillance and reconnaissance (ISR), mostly on how these are impacted by unmanned devices. [ABSTRACT FROM AUTHOR]

Published

2024

21. Securing the Final Frontier: United States Space Force Cybersecurity Capabilities.

Author

Ahumada, Abraham and Del Canto Viterale, Francisco

Subjects

UNITED States armed forces, CYBERTERRORISM, COMPUTER crimes, INTERNET security, PRIVATE sector, CYBER intelligence (Computer security)

Abstract

Since the beginning of the 21st century, a notable increase in cyber-attack occurrences has led to a central focus on discussion of cybersecurity capabilities and the national organizations responsible for them. The United States Space Force (USSF) was established in 2019 to consolidate organizational capabilities for addressing national security threats to U.S. military assets in the space domain. The principal aim of this research is to examine the USSF and its mission to safeguard U.S. space infrastructure from cyber-attacks in the context of the emerging domain of space-based security. To accomplish this goal, this paper examines the USSF and the distinctive cybersecurity challenges confronted by comprehensive U.S. space infrastructure. In this analysis, the cybersecurity strategies currently employed by the USSF. are identified as to their strengths and weaknesses, and how the strategies interact with the private sector, government agencies, and universities. An extensive review of cybersecurity experts in the space domain is conducted to gain an understanding of the military space cyber domain. The paper evaluates the increasing risk of cyberattacks by exploring cases of recent cybercrimes against the United States perpetrated by national adversaries, organizations, and cybercriminals. [ABSTRACT FROM AUTHOR]

Published

2024

22. Modeling Scenarios Combining Cyber Intelligence Procedures, Methods, Technologies and Techniques.

Author

Atanasov, Atanas, Gagamova, Veselina, Hristozov, Ivan, and Pavlova, Elitsa

Subjects

CYBER intelligence (Computer security), ARTIFICIAL intelligence, COMPUTER security, CRISIS management, DIGITAL technology

Abstract

This paper presents the capabilities of specialized simulation software to develop a visual model that represents a cyber intelligence scenario. The architecture development method is applied to create an operational view for the tactics to conduct an intelligence attack by a team in the Computer Security Incident Response Centre in the structures related to crisis management and response. For this purpose, a prognostic scenario for reconnaissance attack tactics was developed using the toolkit of the simulation software, in which the Gather information about the victim's network techniques are applied. [ABSTRACT FROM AUTHOR]

Published

2024

23. Pirates of the cyber seas: Are state-sponsored hackers modern-day privateers?

Author

Dwan, Josephine Helen, Paige, Tamsin Phillipa, and McLaughlin, Rob

Published

2022

24. Pirates of the cyber seas: Are state-sponsored hackers modern-day privateers?

Author

Paige, Tamsin Phillipa, Dwan, Josephine Helen, and McLaughlin, Rob

Published

2022

25. Managing risks to the media from emerging networked technologies

Author

Shere, Anjuli Radhika Kumar, Martin, Andrew, and Nurse, Jason

Subjects

Espionage, Internet in espionage, Computer crimes, Mass media, Computer security, Cyber intelligence (Computer security)

Abstract

The consumer Internet of Things (IoT) poses unprecedented security challenges to certain sections of society, including the news media. Many consider the press to be a branch of critical national infrastructure in democracies, as attacks on journalists have implications for individual human rights and national and international security. Focussing on democratic countries, this research considers how members of the press can improve their identification of, protection from, and resilience against threats from the IoT. This interdisciplinary research utilises mixed methods and qualitative and quantitative thematic analysis, including literature reviews, comparative case study methodologies, online surveys, and interviews. Participants include experts in journalism, cyber security, law, technology, relevant policy, and states' capabilities relating to technological exploitation. This research includes the findings from an exploratory study to scope the novelty of focusing on journalists as a specific population threatened by the IoT. This mini-study interviewed and surveyed journalists and cyber security experts to determine how high-risk members of the media might perceive and combat consumer device threats to their work and wellbeing. This research found a sizeable gap between cyber security expertise and journalistic practice regarding risk assessment and management. Specifically, although journalists are at particularly high risks of many forms of attack, their awareness of, and protections against, IoT threats were clearly found to be limited. Therefore, this thesis comprises a multi-piece toolkit that enables members of the press to identify threats from IoT devices to themselves and their work, and then identify the countermeasures best suited to their context. The toolkit includes: A conceptual model to categorise IoT devices by environment (location), via systematic literature review. This model demonstrated to members of the media the scope and scale of where IoT devices may present threats. A second conceptual categorisation, also created by literature review of currently feasible capabilities and validated by surveying states' capabilities experts, explores threats to information, as well as related legal and physical threats to journalists and their work from the IoT. The main contribution of this thesis is an interactive framework of countermeasures to these IoT threats to enable members of the media to decide how to protect themselves. The countermeasures are linked to phases of the overarching editorial workflow, to ensure that their implementation is feasible and that they are clearly useful by and for specific role categories within the media. This toolkit is also informed by the thesis' comparative profiling of the privacy, security, and data protection policy and law environments in the United Kingdom, the United States of America, Taiwan, and Australia. These profiles, combined with the recommendations of academic, governmental and non-governmental experts, and synthesis of multiple disciplines of academic literature, ensure that the toolkit created and presented in this thesis is versatile and realistic to help members of the media combat threats posed by the IoT to their societal function.

Published

2023

26. Blockchain-Based Model for Incentivized Cyber Threat Intelligence Sharing.

Author

Venčkauskas, Algimantas, Jusas, Vacius, Barisas, Dominykas, and Misnevs, Boriss

Subjects

CYBER intelligence (Computer security), INTELLIGENCE sharing, CYBERTERRORISM, REPUTATION, INCENTIVE (Psychology)

Abstract

Sharing cyber threat intelligence (CTI) can significantly improve the security of information technology (IT) in organizations. However, stakeholders and practitioners are not keen on sharing CTI data due to the risk of exposing their private data and possibly losing value as an organization on the market. We present a model for CTI data sharing that maintains trust and confidentiality and incentivizes the sharing process. The novelty of the proposed model is that it combines two incentive mechanisms: money and reputation. The reputation incentive is important for ensuring trust in the shared CTI data. The monetary incentive is important for motivating the sharing and consumption of CTI data. The incentives are based on a subscription fee and a reward score for activities performed by a user. User activities are considered in the following three fields: producing CTI data, consuming CTI data, and reviewing CTI data. Each instance of user activity is rewarded with a score, and this score generates some value for reputation. An algorithm is proposed for assigning reward scores and for recording the accumulated reputation of the user. This model is implemented on the Hyperledger Fabric blockchain and the Interplanetary File System for storing data off-chain. The implemented prototype demonstrates the feasibility of the proposed model. The provided simulation shows that the selected values and the proposed algorithm used to calculate the reward scores are in accordance with economic laws. [ABSTRACT FROM AUTHOR]

Published

2024

27. When You Think You Are About to Hesitate, Step Forward. Increase Freedom and Trust People in the Field.

Author

Shinichi Yokohama

Subjects

*CYBERSPACE, *INTERNET security, *COMPUTER security, *CYBER intelligence (Computer security)

Abstract

In today's connected society, ensuring safety and security in cyberspace is an extremely tough challenge. NTT Security Holdings provides security services to clients on the basis of its proprietary cyber intelligence and threat-detection-and-response capabilities. We asked Shinichi Yokohama, chief executive officer of NTT Security Holdings and chief information security officer of the NTT Group, about the company's mission and strategy as well as his attitude as a top management. [ABSTRACT FROM AUTHOR]

Published

2024

28. Swarm-intelligence for the modern ICT ecosystems.

Author

Hatzivasilis, George, Lakka, Eftychia, Athanatos, Manos, Ioannidis, Sotiris, Kalogiannis, Grigoris, Chatzimpyrros, Manolis, Spanoudakis, George, Papastergiou, Spyros, Karagiannis, Stylianos, Alexopoulos, Andreas, Amelin, Dimitry, and Kiefer, Stephan

Subjects

*SWARM intelligence, *ARTIFICIAL intelligence, *CYBER intelligence (Computer security), *INFRASTRUCTURE (Economics), *CYBERTERRORISM

Abstract

Digitalization is continuing facilitating our daily lives. The world is interconnected as never before, bringing close people, businesses, or other organizations. However, hackers are also coming close. New business and operational models require the collection and processing of massive amounts of data in real-time, involving utilization of complex information systems, large supply-chains, personal devices, etc. These impose several advantages for adversaries on the one hand (e.g., poorly protected or monitored elements, slow fashion of security updates/upgrades in components that gain little attention, etc.), and many difficulties for defenders on the other hand (e.g., administrate large and complex systems with high dynamicity) in this cyber-security interplay. Impactful attacks on ICT systems, critical infrastructures, and supply networks, as well as cyber-warfare are deriving the necessity for more effective defensives. This paper presents a swarm-intelligence solution for incident handling and response. Cyber Threat Intelligence (CTI) is continuously integrated in the system (i.e., MISP, CVEs, STIX, etc.), and Artificial Intelligence (AI)/Machine Learning (ML) are incorporated in the risk assessment and event evaluation processes. Several incident handling and response sub-procedures are automated, improving effectiveness and decreasing response time. Information concerning identified malicious activity is circulated back to the community (i.e., via the MISP information sharing platform) in an open loop. The proposal is applied in the supply-chain of healthcare organizations in Europe (considering also EU data protection regulations). Nevertheless, it is a generic solution that can be applied in any domain. [ABSTRACT FROM AUTHOR]

Published

2024

29. Integrating AI-driven threat intelligence and forecasting in the cyber security exercise content generation lifecycle.

Author

Zacharis, Alexandros, Katos, Vasilios, and Patsakis, Constantinos

Subjects

*INTERNET security, *FORECASTING methodology, *CYBERTERRORISM, *EXPERT evidence, *EVALUATION methodology, *COMPUTER crime prevention, *CYBER intelligence (Computer security)

Abstract

The escalating complexity and impact of cyber threats require organisations to rehearse responses to cyber-attacks by routinely conducting cyber security exercises. However, the effectiveness of these exercises is limited by the exercise planners' ability to replicate real-world scenarios in a timely manner that is, most importantly, tailored to the training audience and sector impacted. To address this issue, we propose the integration of AI-driven sectorial threat intelligence and forecasting to identify emerging and relevant threats and anticipate their impact in different industries. By incorporating such automated analysis and forecasting into the design of cyber security exercises, organisations can simulate real-world scenarios more accurately and assess their ability to respond to emerging threats. Fundamentally, our approach enhances the effectiveness of cyber security exercises by tailoring the scenarios to reflect the threats that are more relevant and imminent to the sector of the targeted organisation, thereby enhancing its preparedness for cyber attacks. To assess the efficacy of our forecasting methodology, we conducted a survey with domain experts and report their feedback and evaluation of the proposed methodology. [ABSTRACT FROM AUTHOR]

Published

2024

30. Advancing cybersecurity: a comprehensive review of AI-driven detection techniques.

Author

Salem, Aya H., Azzam, Safaa M., Emam, O. E., and Abohany, Amr A.

Subjects

CYBERTERRORISM, METAHEURISTIC algorithms, ARTIFICIAL intelligence, MACHINE learning, CYBER intelligence (Computer security)

Abstract

As the number and cleverness of cyber-attacks keep increasing rapidly, it's more important than ever to have good ways to detect and prevent them. Recognizing cyber threats quickly and accurately is crucial because they can cause severe damage to individuals and businesses. This paper takes a close look at how we can use artificial intelligence (AI), including machine learning (ML) and deep learning (DL), alongside metaheuristic algorithms to detect cyber-attacks better. We've thoroughly examined over sixty recent studies to measure how effective these AI tools are at identifying and fighting a wide range of cyber threats. Our research includes a diverse array of cyberattacks such as malware attacks, network intrusions, spam, and others, showing that ML and DL methods, together with metaheuristic algorithms, significantly improve how well we can find and respond to cyber threats. We compare these AI methods to find out what they're good at and where they could improve, especially as we face new and changing cyber-attacks. This paper presents a straightforward framework for assessing AI Methods in cyber threat detection. Given the increasing complexity of cyber threats, enhancing AI methods and regularly ensuring strong protection is critical. We evaluate the effectiveness and the limitations of current ML and DL proposed models, in addition to the metaheuristic algorithms. Recognizing these limitations is vital for guiding future enhancements. We're pushing for smart and flexible solutions that can adapt to new challenges. The findings from our research suggest that the future of protecting against cyber-attacks will rely on continuously updating AI methods to stay ahead of hackers' latest tricks. [ABSTRACT FROM AUTHOR]

Published

2024

31. VeriBin: A Malware Authorship Verification Approach for APT Tracking through Explainable and Functionality-Debiasing Adversarial Representation Learning.

Author

Ou, Weihan, Ding, Steven, Zulkernine, Mohammad, Li, Li Tao, and Labrosse, Sarah

Subjects

CYBERTERRORISM, ATTRIBUTION of authorship, CYBER intelligence (Computer security), EVIDENCE gaps, REVERSE engineering

Abstract

Malware attacks are posing a significant threat to national security, cooperate network, and public endpoint security. Identifying the Advanced Persistent Threat (APT) groups behind the attacks and grouping their activities into attack campaigns help security investigators trace their activities thus providing better security protections against future attacks. Existing Cyber Threat Intelligent (CTI) components mainly focus on malware family identification and behavior characterization, which cannot solve the APT tracking problem: while APT tracking needs one to link malware binaries of multiple families to a single threat actor, these behavior or function-based techniques are tightened up to a specific attack technique and would fail on connecting different families. Binary Authorship Attribution (AA) solutions could discriminate against threat actors based on their stylometric traits. However, AA solutions assume that the author of a binary is within a fixed candidate author set. However, real-world malware binaries may be created by a new unknown threat actor. To address this research gap, we propose VeriBin for the Binary Authorship Verification (BAV) problem. VeriBin is a novel adversarial neural network that extracts functionality-agnostic style representations from assembly code for the AV task. The extracted style representations can be visualized and are explainable with VeriBin's multi-head attention mechanism. We benchmark VeriBin with state-of-the-art coding style representations on a standard dataset and a recent malware-APT dataset. Given two anonymous binaries of out-of-sample authors, VeriBin can accurately determine whether they belong to the same author or not. VeriBin is resilient to compiler optimizations and robust against malware family variants. [ABSTRACT FROM AUTHOR]

Published

2024

32. A Survey on Supply Chain Management: Exploring Physical and Cyber Security Challenges, Threats, Critical Applications, and Innovative Technologies.

Author

Khokhar, Rashid Hussain, Rankothge, Windhya, Rashidi, Leila, Mohammadian, Hesamodin, Ghorbani, Ali, Frei, Brian, Ellis, Shawn, and Freitas, Iago

Subjects

SUPPLY chain management, TECHNOLOGICAL innovations, INTERNET security, LITERATURE reviews, CYBERTERRORISM, COMPUTER crime prevention, CYBER intelligence (Computer security)

Abstract

Supply chain cybersecurity has become a critical concern for organizations due to the increasing frequency of cyber threats that endanger sensitive information, disrupt operations, and cause financial harm. This survey article presents the outcomes of a comprehensive study aimed at deepening our understanding of the challenges and best practices in supply chain cybersecurity. It provides a comprehensive review of critical applications that are susceptible to cyber threats across various sectors of the supply chain. The literature review identifies two distinct categories of approaches utilized to secure the supply chain: traditional and innovative methods. Both categories are extensively examined, providing valuable insights into the current state of supply chain cybersecurity. The findings of this study serve as a valuable resource for organizations seeking to enhance their cybersecurity strategies and fortify their resilience against evolving cyber threats. Furthermore, this research contributes to the knowledge base of supply chain management by facilitating the development of robust and efficient supply chain cybersecurity frameworks. By understanding vulnerabilities and best practices, organizations can proactively tackle cybersecurity challenges and safeguard their supply chains effectively. This survey article empowers organizations with practical insights and guidance to enhance their cybersecurity posture in the dynamic landscape of supply chain operations. [ABSTRACT FROM AUTHOR]

Published

2024

33. Transforming Cybersecurity: Leveraging Blockchain for Enhanced Threat Intelligence Sharing.

Author

El-Kosairy, Ahmed, Aslan, Heba, and Abdelbaki, Nashwa

Subjects

HYBRID systems, CYBER intelligence (Computer security), DIGITAL signatures, COMPUTER network security, INTELLIGENCE sharing

Abstract

The number of cyberattacks has increased significantly, necessitating the establishment of robust safeguards. To protect networks from intrusion, Cybersecurity Threat Intelligence (CTI) has been employed. CTI must effectively counter these attacks. Sharing CTI is essential for understanding threats, safeguarding assets, and blocking attack vectors. However, conventional CTI faces challenges related to privacy concerns, negative publicity, and issues with quality, which hinder the sharing of threats within the CTI community. This paper introduces a new framework that leverages Blockchain technology to enhance CTI frameworks. We developed a consensus algorithm combining Proof of Work (PoW) and Proof of Stake (PoS) methodologies to maintain CTI network security. This hybrid system requires miners to stake tokens in proportion to their hashing power, aligning incentives with network integrity and defending against double spending attacks. Our framework employs Blockchain features such as privacy, and digital signatures to create a secure and private environment for CTI sharing. We evaluated the effective hash power distribution and discussed the advantages, limitations, and potential improvements for the CTIB mode. The model was tested against 51% attacks, proving its effectiveness statistically. Implementing this Blockchain & CTI algorithm will pave the way for a more resilient and equitable cybersecurity defense mechanism. [ABSTRACT FROM AUTHOR]

Published

2024

34. An Email Cyber Threat Intelligence Method Using Domain Ontology and Machine Learning.

Author

Venčkauskas, Algimantas, Toldinas, Jevgenijus, Morkevičius, Nerijus, and Sanfilippo, Filippo

Subjects

NATURAL language processing, MACHINE learning, CYBER intelligence (Computer security), CYBERTERRORISM, ANALYSIS of variance, SPAM email

Abstract

Email is an excellent technique for connecting users at low cost. Spam emails pose the risk of collecting a user's personal information by fooling them into clicking on a link or engaging in other fraudulent activities. Furthermore, when a spam message is delivered, the user may read the entire message before deciding it is spam and deleting it. Most approaches to email classification proposed by other authors use natural language processing (NLP) methods to analyze the content of email messages. One of the biggest shortcomings of NLP-based methods is their dependence on the language in which a message is written. To construct an effective email cyber threat intelligence (CTI) sharing framework, the privacy of a message's content must be preserved. This article proposes a novel domain-specific ontology and method for emails that require only the metadata of email messages to be shared to preserve their privacy, making them applicable to solutions for sharing email CTI. To preserve privacy, a new semantic parser was developed for the proposed email domain-specific ontology to populate email metadata and create a dataset. Machine learning algorithms were examined, and experiments were conducted to identify and classify spam messages using the newly created dataset. Feature-ranking algorithms, chi-squared, ANOVA (analysis of variance), and Kruskal–Wallis tests were used. In all experiments, the kernel naïve Bayes model demonstrated acceptable results. The highest accuracy of 92.28% and an F1 score of 95.92% for recognizing spam email messages were obtained using the proposed domain-specific ontology, the newly developed semantic parser, and the created metadata dataset. [ABSTRACT FROM AUTHOR]

Published

2024

35. Defending Smart Grid Infrastructure--A Scenario-Based Analysis of Cyber-security and Privacy Rules in China, France, Russia, UK, and USA.

Author

Toftegaard, Ø A. A., Sun, L., and Hämmerli, B.

Subjects

ENERGY infrastructure, INFRASTRUCTURE (Economics), ELECTRIC power distribution grids, THRESHOLD energy, TERRORISM, CYBER intelligence (Computer security)

Abstract

The digitization of the electric energy grid enlarges its attack surface and makes the infrastructure increasingly vulnerable to digital warfare. Therefore, national legislation is central to defending critical energy infrastructure against terrorist and nation-state attacks in cyberspace. Still, previous studies have found shortcomings in cybersecurity legislation. To support smaller countries in their policymaking, this study describes a normative ideal in the form of a consolidated security policy framework. The framework consists of 25 policies that are based on cybersecurity and privacy rules of five countries with strong cyber defence capabilities; the framework addresses five cyberattack scenarios with a very high consequence potential. This study shows that the consolidated policies provide a holistic cyber defence framework, covering strategic, tactical, and operational levels, including obligations on both authority and industry levels. [ABSTRACT FROM AUTHOR]

Published

2024

36. Survey on Automated Recognition and Extraction of TTPs.

Author

YU Fengrui

Subjects

LANGUAGE models, LITERATURE reviews, DATA mining, CYBERTERRORISM, MACHINE learning, CYBER intelligence (Computer security), NATURAL language processing

Abstract

In the ever-evolving landscape of cyber threats, tactics, techniques and procedures (TTPs) play a crucial role in understanding malicious activities, providing a fine-grained perspective on the status of cybersecurity, and comprehensively illustrating cyber attack behaviors. Despite significant research efforts in the field of automated identification and extraction of TTPs, a comprehensive systematic review is currently lacking. This paper presents an in-depth analysis of the progress in this area by employing three principal approaches : traditional natural language processing, machine learning, and large language models. The study categorizes the tasks into information extraction, text classification, and text generation, and presents a summary of the general framework for identification and extraction processes. It offers a clear scope of unstructured text and TTPs, while refining the processing and analysis procedures, as well as innovative directions for each approaches. Moreover, building upon existing research, the paper identifies current challenges and proposes future research directions and development opportunities. This comprehensive survey serves as a valuable literature review to support readers in applying advanced technologies and methods for advancing research in this field. [ABSTRACT FROM AUTHOR]

Published

2024

37. Evaluation of ChatGPT's Configuration Support for Network Connectivity and Security.

Author

QasMarrogy, Ghassan A., Nahi, Abdullah A., and Yousif, Rose M. S.

Subjects

CYBER intelligence (Computer security), ARTIFICIAL intelligence, CHATGPT, COMPUTER network security, SOCIAL networks

Abstract

Copyright of Cihan University-Erbil Scientific Journal is the property of Cihan University-Erbil and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2024

38. SMET: Semantic mapping of CTI reports and CVE to ATT&CK for advanced threat intelligence.

Author

Abdeen, Basel, Al-Shaer, Ehab, Singhal, Anoop, Khan, Latifur, and Hamlen, Kevin W.

Subjects

*ARTIFICIAL neural networks, *CYBERSPACE, *CYBER intelligence (Computer security), *CYBERTERRORISM, *SECURITIES analysts, *LOGISTIC regression analysis

Abstract

With the rapid increase in the robustness and impact of cyber-attacks, a counter-evolution in defense efforts is essential to ensure a safer cyberspace. A critical aspect of cyber defense is the experts’ ability to understand, analyze, and share knowledge of attacks and vulnerabilities in a timely and intelligible manner that facilitates the detection and mitigation of emerging threats. Cyber threat intelligence (CTI) reports, and Common Vulnerabilities and Exposures (CVEs) are two primary sources of information that security analysts use to defend against cyber attacks. Analyzing the tactics, techniques, and procedures (TTPs) of attackers from these sources by mapping them to the ATT&CK framework provides valuable insights to defenders and aids them in countering various threats.Unfortunately, due to the complexity of this mapping and the rapid growth of these frameworks, mapping CTI reports and CVEs to ATT&CK is a daunting and time-intensive undertaking. Multiple studies have proposed models that automatically achieve this mapping. However, due to their reliance on annotated datasets, these models exhibit limitations in quality and coverage. To overcome these challenges, we present SMET – a tool that automatically maps text to ATT&CK techniques based on textual similarity. SMET achieves this mapping by leveraging ATT&CK BERT, a model we trained using the SIAMESE network to learn semantic similarity among attack actions. In inference, SMET utilizes semantic extraction, ATT&CK BERT, and a logistic regression model to achieve ATT&CK mapping. As a result, SMET has demonstrated superior performance compared to other state-of-the-art models. [ABSTRACT FROM AUTHOR]

Published

2024

39. Secure IoT Communication: Implementing a One-Time Pad Protocol with True Random Numbers and Secure Multiparty Sums.

Author

Fenner, Julio, Galeas, Patricio, Escobar, Francisco, and Neira, Rail

Subjects

RANDOM numbers, CYBERTERRORISM, INTERNET of things, DISTRIBUTED computing, PROCESS capability, CYBER intelligence (Computer security)

Abstract

We introduce an innovative approach for secure communication in the Internet of Things (IoT) environment using a one-time pad (OTP) protocol. This protocol is augmented by incorporating a secure multiparty sum protocol to produce OTP keys from genuine random numbers obtained from the physical phenomena observed in each device. We have implemented our method using ZeroC-Ice v.3.7, dependable middleware for distributed computing, demonstrating its practicality in various hybrid IoT scenarios, particularly in devices with limited processing capabilities. The security features of our protocol are evaluated under the Dolev–Yao threat model, providing a thorough assessment of its defense against potential cyber threats. [ABSTRACT FROM AUTHOR]

Published

2024

40. Perceptions and dilemmas around cyber-security in a Spanish research center after a cyber-attack.

Author

Navajas-Adán, Joaquín, Badia-Gelabert, Eulàlia, Jiménez-Saurina, Laura, Marijuán-Martín, Mª Jesús, and Mayo-García, Rafael

Subjects

*CYBERTERRORISM, *RESEARCH institutes, *CYBER intelligence (Computer security), *INFORMATION & communication technologies, *TELECOMMUNICATION systems, *EMPLOYEE psychology

Abstract

Information and Communication Technologies and Internet networks are present in all aspects of social reality and are essential elements in research, development and innovation centers (R&D&I). Cyber-security is crucial for the progress of the research activities developed in these centers, especially given the exponential growth of cyber-attacks and incidents. The present study aims to assess from a socio-technical approach, how a serious cyber-attack on a Spanish research center has affected staff's perceptions of information and communication systems (ICT) security. This study employed a mixed-methods research strategy, combining quantitative and qualitative methods to provide a comprehensive and nuanced understanding of ICT security perceptions among employees. First a quantitative scale was administered to 1,321 employees 3 years before the cyber-attack and 4 months afterward, to measure ICT security perceptions. Then, qualitative techniques (semi-structured interviews, focus groups, and micro-ethnography) were applied to gain a deeper understanding of the arguments underpinning cyber-security at the center after the attack. The results show that the event had an impact on employees' perceptions, increasing the perceived importance of ICT security, with positive behavioral changes noted, but with doubts about their sustainability over time. Also, the need for cyber-security governance was critically contrasted with organizational reality. Finally, the compatibility of science and cyber-security was a central dilemma, which seems to confront antagonistic poles (research and security ICT) and justify the non-compliance with security protocols by part of the staff. [ABSTRACT FROM AUTHOR]

Published

2024

41. Mapping Automated Cyber Attack Intelligence to Context-Based Impact on System-Level Goals.

Author

Burnap, Pete, Anthi, Eirini, Reineckea, Philipp, Williams, Lowri, Cao, Fengnian, Aldmoura, Rakan, and Jones, Kevin

Subjects

CYBERTERRORISM, AUTOMATION, CYBER intelligence (Computer security), DATA science, MACHINE learning

Abstract

Traditionally, cyber risk assessment considers system-level risk separately from individual component-level risk, i.e., devices, data, people. This separation prevents effective impact assessment where attack intelligence for a specific device can be mapped to its impact on the entire system, leading to cascading failures. Furthermore, risk assessments typically follow a failure or attack perspective, focusing on potential problems, which means they need to be updated as attacks evolve. This approach does not scale to modern digital ecosystems. In this paper, we present a Data Science approach, which involves using machine learning algorithms and statistical models to analyse and predict the impact of cyber attacks. Specifically, this approach integrates automated attack detection on specific devices with a systems view of risk. By mapping operational goals in a top-down manner, we transform attack intelligence on individual components into system success probabilities. [ABSTRACT FROM AUTHOR]

Published

2024

42. Towards an AI-Enhanced Cyber Threat Intelligence Processing Pipeline.

Author

Alevizos, Lampis and Dekker, Martijn

Subjects

CYBERTERRORISM, DATA privacy, ETHICAL problems, ARTIFICIAL intelligence, CYBER intelligence (Computer security)

Abstract

Cyber threats continue to evolve in complexity, thereby traditional cyber threat intelligence (CTI) methods struggle to keep pace. AI offers a potential solution, automating and enhancing various tasks, from data ingestion to resilience verification. This paper explores the potential of integrating artificial intelligence (AI) into CTI. We provide a blueprint of an AI-enhanced CTI processing pipeline and detail its components and functionalities. The pipeline highlights the collaboration between AI and human expertise, which is necessary to produce timely and high-fidelity cyber threat intelligence. We also explore the automated generation of mitigation recommendations, harnessing AI's capabilities to provide real-time, contextual, and predictive insights. However, the integration of AI into CTI is not without its challenges. Thereby, we discuss the ethical dilemmas, potential biases, and the imperative for transparency in AI-driven decisions. We address the need for data privacy, consent mechanisms, and the potential misuse of technology. Moreover, we highlight the importance of addressing biases both during CTI analysis and within AI models, warranting their transparency and interpretability. Lastly, our work points out future research directions, such as the exploration of advanced AI models to augment cyber defenses, and human–AI collaboration optimization. Ultimately, the fusion of AI with CTI appears to hold significant potential in the cybersecurity domain. [ABSTRACT FROM AUTHOR]

Published

2024

43. Bytes, bombs, and spies : the strategic dimensions of offensive cyber operations.

Author

Lin, Herbert and Zegart, Amy B.

Subjects

Cyber intelligence (Computer security), Cyberspace operations (Military science), Internet in espionage

Abstract

Summary: A new era of war fighting is emerging for the U.S. military. Hi-tech weapons have given way to hi tech in a number of instances recently: A computer virus is unleashed that destroys centrifuges in Iran, slowing that country's attempt to build a nuclear weapon. ISIS, which has made the internet the backbone of its terror operations, finds its network-based command and control systems are overwhelmed in a cyber attack. A number of North Korean ballistic missiles fail on launch, reportedly because their systems were compromised by a cyber campaign. Offensive cyber operations like these have become important components of U.S. defense strategy and their role will grow larger. But just what offensive cyber weapons are and how they could be used remains clouded by secrecy. This new volume by Amy Zegart and Herb Lin is a groundbreaking discussion and exploration of cyber weapons with a focus on their strategic dimensions. It brings together many of the leading specialists in the field to provide new and incisive analysis of what former CIA director Michael Hayden has called "digital combat power" and how the United States should incorporate that power into its national security strategy. -- Provided by publisher.

Published

2018

44. Challenges and opportunities facing emerging fields in intelligence

Author

Venn, Khan

Published

2021

45. NATO’s New Mission: Keep America in, Russia Down, and China Out.

Author

Novotna, Tereza, Kim, Youngjun, and Menegazzi, Silvia

Subjects

CYBERSPACE operations (Military science), CYBER intelligence (Computer security), GOVERNMENT policy, INTELLIGENCE sharing, BALLISTIC missiles

Abstract

NATO is shifting its focus to the Indo-Pacific region in order to address challenges posed by Russia, North Korea, and China. The organization is expanding cooperation with countries in the region, particularly South Korea, to maintain global stability and counteract these threats. Concrete actions, such as joint cyber operations and intelligence sharing, are being considered to enhance cybersecurity and counter hybrid threats. However, there are challenges within NATO regarding its role in the Indo-Pacific, and differing relationships with China among member countries complicate strategic priorities. Establishing a NATO office in Tokyo or Seoul would signal long-term commitment to the region and facilitate closer coordination with partners. The cooperation between NATO and South Korea is crucial for addressing evolving threats and maintaining a rules-based international order. [Extracted from the article]

Published

2024

46. Trusted computing shields military computers from cyber thieves.

Author

Whitney, Jamie

Subjects

*TRUST, *THIEVES, *COMPUTERS, *MILITARY electronics, *REAL estate business, *CYBER intelligence (Computer security)

Abstract

The article discusses advancements in trusted computing technology aimed at securing military computers and networks against cyber threats. Topics discussed include the implementation of hardware-based security with Trusted Platform Modules (TPMs), the adoption of zero trust architecture to enhance network security, and the integration of secure boot and separation kernels to protect system integrity.

Published

2024

47. Building a cyber intelligence capability with the future in mind

Author

Ngan, Thalia, Fenlon, Jocelyn, and Oakley, Celia

Published

2024

48. IPAttributor: Cyber Attacker Attribution with Threat Intelligence-Enriched Intrusion Data.

Author

Xiang, Xiayu, Liu, Hao, Zeng, Liyi, Zhang, Huan, and Gu, Zhaoquan

Subjects

*CYBER intelligence (Computer security), *CYBERTERRORISM, *INTRUSION detection systems (Computer security), *CYBERSPACE, *MALWARE, *ALGORITHMS

Abstract

In the dynamic landscape of cyberspace, organizations face a myriad of coordinated advanced threats that challenge the traditional defense paradigm. Cyber Threat Intelligence (CTI) plays a crucial role, providing in-depth insights into adversary groups and enhancing the detection and neutralization of complex cyber attacks. However, attributing attacks poses significant challenges due to over-reliance on malware samples or network detection data alone, which falls short of comprehensively profiling attackers. This paper proposes an IPv4-based threat attribution model, IPAttributor, that improves attack characterization by merging a real-world network behavior dataset comprising 39,707 intrusion entries with commercial threat intelligence from three distinct sources, offering a more nuanced context. A total of 30 features were utilized from the enriched dataset for each IP to create a feature matrix to assess the similarities and linkage of associated IPs, and a dynamic weighted threat segmentation algorithm was employed to discern attacker communities. The experiments affirm the efficacy of our method in pinpointing attackers sharing a common origin, achieving the highest accuracy of 88.89%. Our study advances the relatively underexplored line of work of cyber attacker attribution, with a specific interest in IP-based attribution strategies, thereby enhancing the overall understanding of the attacker's group regarding their capabilities and intentions. [ABSTRACT FROM AUTHOR]

Published

2024

49. Improvement of Distributed Denial of Service Attack Detection through Machine Learning and Data Processing.

Author

Becerra-Suarez, Fray L., Fernández-Roman, Ismael, and Forero, Manuel G.

Subjects

*DENIAL of service attacks, *ELECTRONIC data processing, *MACHINE learning, *DIGITAL technology, *RESEARCH integrity, *PEARSON correlation (Statistics), *CYBER intelligence (Computer security)

Abstract

The early and accurate detection of Distributed Denial of Service (DDoS) attacks is a fundamental area of research to safeguard the integrity and functionality of organizations' digital ecosystems. Despite the growing importance of neural networks in recent years, the use of classical techniques remains relevant due to their interpretability, speed, resource efficiency, and satisfactory performance. This article presents the results of a comparative analysis of six machine learning techniques, namely, Random Forest (RF), Decision Tree (DT), AdaBoost (ADA), Extreme Gradient Boosting (XGB), Multilayer Perceptron (MLP), and Dense Neural Network (DNN), for classifying DDoS attacks. The CICDDoS2019 dataset was used, which underwent data preprocessing to remove outliers, and 22 features were selected using the Pearson correlation coefficient. The RF classifier achieved the best accuracy rate (99.97%), outperforming other classifiers and even previously published neural network-based techniques. These findings underscore the feasibility and effectiveness of machine learning algorithms in the field of DDoS attack detection, reaffirming their relevance as a valuable tool in advanced cyber defense. [ABSTRACT FROM AUTHOR]

Published

2024

50. Combining Cyber Security Intelligence to Refine Automotive Cyber Threats.

Author

Sommer, Florian, Gierl, Mona, Kriesten, Reiner, Kargl, Frank, and Sax, Eric

Subjects

CYBERTERRORISM, INTERNET security, DATABASES, ROAD safety measures, TELECOMMUNICATION, COMPUTER crime prevention, CYBER intelligence (Computer security)

Abstract

Modern vehicles increasingly rely on electronics, software, and communication technologies (cyber space) to perform their driving task. Over-The-Air (OTA) connectivity further extends the cyber space by creating remote access entry points. Accordingly, the vehicle is exposed to security attacks that are able to impact road safety. A profound understanding of security attacks, vulnerabilities, and mitigations is necessary to protect vehicles against cyber threats. While automotive threat descriptions, such as in UN R155, are still abstract, this creates a risk that potential vulnerabilities are overlooked and the vehicle is not secured against them. So far, there is no common understanding of the relationship of automotive attacks, the concrete vulnerabilities they exploit, and security mechanisms that would protect the system against these attacks. In this article, we aim at closing this gap by creating a mapping between UN R155, Microsoft STRIDE classification, Common Attack Pattern Enumeration and Classification (CAPEC), and Common Weakness Enumeration (CWE). In this way, already existing detailed knowledge of attacks, vulnerabilities, and mitigations is combined and linked to the automotive domain. In practice, this refines the list of UN R155 threats and therefore supports vehicle manufacturers, suppliers, and approval authorities to meet and assess the requirements for vehicle development in terms of cybersecurity. Overall, 204 mappings between UN threats, STRIDE, CAPEC attack patterns, and CWE weaknesses were created. We validated these mappings by applying our Automotive Attack Database (AAD) that consists of 361 real-world attacks on vehicles. Furthermore, 25 additional attack patterns were defined based on automotive-related attacks. [ABSTRACT FROM AUTHOR]

Published

2024