Your search keyword '"Internet security"' showing total 156,688 results

1. Supply chain cybersecurity investments with interdependent risks under different information exchange modes.

Author

Xu, Lu, Li, Yanhui, Lin, Yanwei, Tang, Chaofeng, and Yao, Qi

Subjects

SUPPLY chains, INFORMATION sharing, INVESTMENT risk, INTERNET security, SUPPLY & demand

Abstract

Cybersecurity presents non-negligible challenges for firm collaboration and supply chain viability, as information exchange among nodes introduces potential interdependent risks. How to make appropriate decisions on security investments and information exchange modes is a significant issue for supply chain members. Considering two information exchange modes: system interconnection and system independence, this study develops two game models to investigate the cybersecurity investments in a vertical supply chain composed of a retailer and n suppliers. Initial analysis shows that although firms learn investment decisions mutually in the face of a changing cybersecurity environment, suppliers always take a free ride on the efforts of retailer in two cases and the increased interdependent risks will damp nodes enthusiasm for security investments. Next, to compare the two cases, we introduce information exchange efficiency as the mediate parameter to link degree of system interconnection and proportion of information shared. We found that under the system independence mode, firms with high information-exchanging demand in the large-scale supply chain are more motivated to invest in cybersecurity. Furthermore, we extend our models to a centralised decision-making scenario. We find that security investment efficiency is greatly improved, and the free-riding behaviour of supplier is significantly reduced when systems are interconnected. [ABSTRACT FROM AUTHOR]

Published

2024

2. Improving Threat Mitigation Through a Cybersecurity Risk Management Framework: A Computational Design Science Approach.

Author

Ampel, Benjamin M., Samtani, Sagar, Zhu, Hongyi, Chen, Hsinchun, and Nunamaker Jr., Jay F.

Subjects

DESIGN science, INFORMATION technology, CYBER intelligence (Computer security), INTERNET security, TEXT mining, HAZARD mitigation

Abstract

Cyberattacks have been increasing in volume and intensity, necessitating proactive measures. Cybersecurity risk management frameworks are deployed to provide actionable intelligence to mitigate potential threats by analyzing the available cybersecurity data. Existing frameworks, such as MITRE ATT&CK, provide timely mitigation strategies against attacker capabilities yet do not account for hacker data when developing cyber threat intelligence. Therefore, we developed a novel information technology artifact, ATT&CK-Link, which incorporates a novel transformer and multi-teacher knowledge distillation design, to link hacker threats to this broadly used framework. Here, we illustrated how hospital systems can use this framework to proactively protect their cyberinfrastructure against hacker threats. Our ATT&CK-Link framework has practical implications for cybersecurity professionals, who can implement our framework to generate strategic, operational, and tactical cyber threat intelligence. ATT&CK-Link also contributes to the information systems knowledge base by providing design principles to pursue targeted cybersecurity analytics, risk management, and broader text analytics research through simultaneous multi-modal (e.g., text and code) distillation and classification. [ABSTRACT FROM AUTHOR]

Published

2024

3. Disinformation 2.0 in the Age of AI: A Cybersecurity Perspective.

Author

Mazurczyk, Wojciech, Lee, Dongwon, and Vlachos, Andreas

Subjects

*DISINFORMATION, *ARTIFICIAL intelligence, *INTERNET security, *INTERNET service providers, *SECURITY systems

Abstract

This article explores disinformation as a threat to cybersecurity. Topics include an overview of disinformation, with a detailed look at disinformation 2.0 which utilizes artificial intelligence for more personalized and targeted false information, and a layered approach to countermeasures against disinformation 2.0.

Published

2024

4. INSURANCE HACKERS.

Author

KAUFLIN, JEFF

Subjects

INTERNET security, INSURANCE companies, EFFECT of technological innovations on financial institutions, CYBERTERRORISM, INSURANCE premiums

Abstract

The article discusses the efforts of financial technology firms Coalition and At-Bay to promote cybersecurity while transforming the cyber insurance market. Topics explored include the recorded increase in cyberattack incidents and demand for cyber insurance from 2019 to 2023, the cost and coverage of the cyber insurance policies being offered by Coalition, and the development of security software by At-Bay under the leadership of chief executive officer (CEO) Rotem Iram.

Published

2024

5. The Perils of Leveraging Evil Digital Twins as Security-Enhancing Enablers: Seeking more secure and effective digital representations.

Author

Suhail, Sabah, Iqbal, Mubashar, and Jurdak, Raja

Subjects

*DIGITAL twins, *INTERNET security, *CYBER physical systems

Abstract

The article looks at challenges that may occur when digital twins (DTs) are used to enhance network security in cyber-physical systems (CPSs).

Published

2024

6. Reflecting on Research Practices.

Author

Pochat, Victor Le

Subjects

*INTERNET security, *RESEARCH methodology evaluation, *REPRODUCIBLE research, *RESEARCH bias, *SCIENTIFIC communication

Abstract

This article looks at the current state of employing meta-research in the practice of cyber-security research. Topics include a look at how meta-research can improve quality, reliability and repeatability of research, the progress already made in the security research community to incorporate meta-research and next steps to further its incorporation.

Published

2024

7. The Dangers of Digitization, and the Importance of Data Backup.

Author

Bruderer, Herbert and Vakulov, Alex

Subjects

*DIGITIZATION, *DIGITAL preservation, *DATA protection, *BACK up systems, *INFORMATION technology & society, *INTERNET security

Abstract

The article presents an excerpt from the Association for Computing Machinery (ACM) blog, in which computer scientist Herbert Bruderer discusses the societal downsides of digital technologies and digitization and cybersecurity researcher Alex Vakulov discusses how to protect data and the importance of data backup.

Published

2024

8. Beat the scammers: Protect yourself with the help of your Mac and iPhone

Author

Peers, Nick

Subjects

Trend Micro Inc. (Tokyo, Japan), Internet/Web advertising, Internet/Web search services, Computer software industry, Internet fraud, Phishing, Spyware, Smart phones, Internet -- Safety and security measures, Computer hackers, Social networks, Text search and retrieval software, Internet security, Smart phone, Internet search software, Internet/Web advertising, Hacker, Internet/Web search service, Science and technology

Abstract

EVERYWHERE YOU TURN, it seems like someone is out to scam you. Online ads promoting deals too good to be true, suspicious web links lurking in prominent paid--for search engine [...]

Published

2024

9. Beat the scammers: Protect yourself with the help of I your Mac and iPhone

Author

Peers, Nick

Subjects

Trend Micro Inc. (Tokyo, Japan), Internet/Web advertising, Internet/Web search services, Computer software industry, Internet fraud, Phishing, Spyware, Smart phones, Internet -- Safety and security measures, Computer hackers, Social networks, Text search and retrieval software, Internet security, Smart phone, Internet search software, Internet/Web advertising, Hacker, Internet/Web search service, Science and technology

Abstract

Everywhere you turn, it seems like someone is out to scam you. Online ads promoting deals too good to be true, dodgy web links lurking in prominent paid-for search engine [...]

Published

2024

10. New Demands On The Audit Committee

Author

Ward, Ralph D.

Subjects

Financial disclosure, Internet -- Safety and security measures, Internet security, Business, general, Business

Abstract

As fresh oversight and assurance demands have been piled upon boards, much of the new workload has ended up on the audit committee's agenda. How are committees handling new duties such as cybersecurity, risk, compliance, finance talent, and technology? How is audit evolving to adapt?, As the regulatory environment grows in complexity and companies address new and continuing challenges, new expectations are placed on audit committees. The scope of their responsibilities continues to expand beyond [...]

Published

2024

11. A multi-objective framework for the identification and optimisation of factors affecting cybersecurity in the Industry 4.0 supply chain.

Author

Shukla, Mayank, Sarmah, S.P., and Tiwari, Manoj Kumar

Subjects

INDUSTRY 4.0, SUPPLY chains, PARETO optimum, INTERNET security, NATURAL language processing, INFORMATION processing, COMPUTER crime prevention

Abstract

Digital assets are highly vulnerable and always prone to malicious intervention. Identification of causes of such intervention for timely support and assistance remains a key challenge for businesses to remain functional and thrive with the competition. A framework is proposed in this paper for identifying cyber risk, threat, and countermeasure, based on breach databases and textual information processing. Alongside, a multi-objective optimisation of a mixed-integer non-linear problem (MINLP) is made post linearisation to find out a suitable trade-off between cyber risk and investment. The model helps in effective decision-making by finding the proneness of suppliers (as nodes) in the sequence of reducing vulnerability and pairing of categorised factors. The web scrapping and historical databases are processed to extract relationships among categorised factors using natural language processing (NLP). Pareto optimal pairs are obtained to explain the application of the current contribution in terms of risk-cost trade-off. It helps in forming preventive strategies with a suitable amount of investment and the required order of precedence or susceptibility. [ABSTRACT FROM AUTHOR]

Published

2023

12. FLOLSTM: Fuzzy logic‐driven optimized LSTM for improved malicious traffic detection in hypervisor environments.

Author

Kumar, Anumukonda Naga Seshu, Yadav, Rajesh Kumar, and Raghava, Nallanthighal Srinivasa

Subjects

TRAFFIC monitoring, HYPERVISOR (Computer software), COMPUTER network security, FUZZY logic, INTERNET security, INTRUSION detection systems (Computer security)

Abstract

Summary: In the ever‐evolving realm of cloud computing, the challenge of intrusion detection has grown increasingly intricate and vital. With the proliferation of cyber‐attacks and the widespread use of virtualized environments, there is a pressing need for network security solutions that are not only innovative and robust but also easily comprehensible. These solutions must possess the ability to effectively detect malicious activities, provide visibility into network operations, adapt to changing requirements, and promptly alert stakeholders to any suspicious behavior. In this study, we introduce a groundbreaking approach known as fuzzy logic‐driven optimized long short‐term memory (LSTM)—FLOLSTM, specifically designed for hypervisor‐based environments. By integrating fuzzy logic with an optimized LSTM neural network, FLOLSTM aims to significantly enhance the detection of attack traffic within hypervisor networks by combining the interpretability and uncertainty management capabilities of fuzzy logic with the temporal pattern recognition prowess of LSTM. The research methodology involves meticulous data collection from hypervisor monitors, followed by rigorous cleaning and preprocessing to enhance data reliability. Subsequently, the preprocessed data is input into the FLOLSTM classifier to identify malicious activities. Furthermore, the performance of the LSTM is fine‐tuned using the waterwheel plant optimization (WPO) algorithm. Experimental evaluations compare the efficiency of the proposed FLOLSTM with existing techniques across various metrics including accuracy, recall, precision, F‐measure, specificity, false‐positive rate (FPR), and false‐negative rate (FNR). Overall, the FLOLSTM model represents a significant advancement in intrusion detection for cloud environments, offering a potent blend of interpretability, accuracy, and efficiency. Its superior performance underscores its capacity to enhance network security and effectively mitigate cyber threats in dynamic and virtualized settings, thereby making a substantial impact on the field of cyber security. [ABSTRACT FROM AUTHOR]

Published

2024

13. Enhancing UAV‐HetNet security through functional encryption framework.

Author

Gupta, Sachin Kumar, Gupta, Parul, and Singh, Pawan

Subjects

INTERNET protocols, INTERNET security, TELECOMMUNICATION systems, DRONE aircraft, SECURITY systems

Abstract

Summary: In the current landscape, the rapid expansion of the internet has brought about a corresponding surge in the number of data consumers. As user volume and diversity have escalated, the shift from conventional, uniform networks to Heterogeneous Networks (HetNets) has emerged. HetNets are designed with a primary objective: enhancing Quality of Service (QoS) standards for users. In the context of HetNets facilitated by Unmanned Aerial Vehicles (UAVs), a substantial influx of users and devices is observed. Within this multifaceted environment, the potential for malicious intruder nodes to efficiently execute and propagate harmful actions across the network is a distinct concern. Consequently, the entirety of network communication becomes susceptible to a multitude of security threats. To address these vulnerabilities and safeguard communication, the Functional Encryption (FE) technique is employed. FE empowers the protection of data against intrusion attacks. This paper presents a comprehensive methodology for implementing FE within UAV‐integrated HetNets, executed in two sequential phases. The initial phase secures communication between User Equipment (UE) and Micro Base Station (MBS), followed by the second phase, which focuses on securing communication among MBS and UAV. The viability of the proposed approach is substantiated through validation using the Automated Validation of Internet Security Protocols and Applications (AVISPA) tool. The validation process involves the development of High‐Level Protocol Specification Language (HLPSL) codes. The successful security validation outcome underscores the capacity of the proposed methodology to provide the intended security measures and robustness to the network environment. [ABSTRACT FROM AUTHOR]

Published

2024

14. BRL-ETDM: Bayesian reinforcement learning-based explainable threat detection model for industry 5.0 network.

Author

Dey, Arun Kumar, Gupta, Govind P., and Sahu, Satya Prakash

Subjects

*CYBERTERRORISM, *FEATURE selection, *PLURALITY voting, *INTERNET security, *SWARMING (Zoology)

Abstract

To enhance the universal adaptability of the Real-Time deployment of Industry 5.0, various machine learning-based cyber threat detection models are given in the literature. Most of the existing threat detection models may not be able to detect zero-day cyber threats and are prone to producing a high False Positive Rate (FPR) due to irrelevant features and imbalanced class samples. Furthermore, its predictive decisions are also difficult to comprehend even by security experts. Consequently, an intelligent and more robust model is needed to mitigate zero-day cyber threats. This study proposes an explainable model named BRL-ETDM for detecting cyber threats in Industry 5.0. In this model, features are optimized by Bayesian Reinforcement Learning (BRL)-based Bee Swarm Optimization (BSO) technique in which the exploitation phase of BSO is improved by the BRL technique. Then, an improved weighted majority voting-based ensemble technique is designed to enhance threat detection performance. Additionally, an explainable AI technique is employed to explain the threat predictions. This model is tested and validated using two realistic datasets named Edge-IIoTset and ToN-IoT. Experimental results show that the proposed model achieved a maximum accuracy of 96.15% with a minimum number of features and FPR of 0.27% as compared to existing techniques. [ABSTRACT FROM AUTHOR]

Published

2024

15. Leveraging deep learning-assisted attacks against image obfuscation via federated learning.

Author

Tekli, Jimmy, Al Bouna, Bechara, Tekli, Gilbert, Couturier, Raphaël, and Charbel, Antoine

Subjects

*FEDERATED learning, *MACHINE learning, *EVALUATION methodology, *PRIVACY, *INTERNET security

Abstract

Obfuscation techniques (e.g., blurring) are employed to protect sensitive information (SI) in images such as individuals' faces. Recent works demonstrated that adversaries can perform deep learning-assisted (DL) attacks to re-identify obfuscated face images. Adversaries are modeled by their goals, knowledge (e.g., background knowledge), and capabilities (e.g., DL-assisted attacks). Nevertheless, enhancing the evaluation methodology of obfuscation techniques and improving the defense strategies against adversaries requires considering more "pessimistic" attacking scenario, i.e., stronger adversaries. According to a 2019 article published by the European Union Agency for Cybersecurity (ENISA), adversaries tend to perform more sophisticated and dangerous attacks when collaborating together. To address these concerns, our paper investigates a novel privacy challenge in the context of image obfuscation. Specifically, we examine whether adversaries, when collaborating together, can amplify their DL-assisted attacks and cause additional privacy breaches against a target dataset of obfuscated images. We empirically demonstrate that federated learning (FL) can be used as a collaborative attack/adversarial strategy to (i) leverage the attacking capabilities of an adversary, (ii) increase the privacy breaches, and (iii) remedy the lack of background knowledge and data shortage without the need to share/disclose the local training datasets in a centralized location. To the best of our knowledge, we are the first to consider collaborative and more specifically FL-based attacks in the context of face obfuscation. [ABSTRACT FROM AUTHOR]

Published

2024

16. Women in Intelligence: A Dynamic and Integrative Literature Review.

Author

Andoko, Djoko, Nurisnaeny, Poppy Setiawati, Wicaksono, Padang, and Widiaty, Isma

Subjects

*INTELLECT, *WOMEN, *INTERNET security, *NATIONAL security, *SEXUAL harassment

Abstract

Despite their pivotal roles across various capacities within the intelligence sector, including cybersecurity, peacekeeping, and national security, women's contributions are often undervalued due to systemic challenges like discrimination, sexual harassment, and mobbing. This study employs Systematic Literature Network Analysis, integrating bibliometric analysis with Systematic Literature Review, to comprehensively examine the underexplored issue of women in intelligence. This innovative methodological approach facilitates a nuanced understanding of the literature, addressing the notable absence of systematic scholarly scrutiny in this area. The findings underscore the intrinsic link between women and intelligence, highlighting their proficiency in addressing not only traditionally feminine-associated issues such as welfare and education but also demonstrating their adeptness in negotiation and socio-emotional intelligence—skills crucial for handling 'masculine' security concerns like terrorism and national threats. Despite these capabilities, women remain significantly underrepresented in intelligence roles, a disparity fueled by enduring gender biases. This research calls for policy reform, advocating for the recognition of women's indispensable contributions to intelligence and the implementation of gender-equal policies within intelligence agencies. By doing so, it aims to foster a more inclusive and diverse intelligence community, leveraging the unique strengths women bring to intelligence work and enhancing overall agency effectiveness. [ABSTRACT FROM AUTHOR]

Published

2024

17. Operational cyber incident coordination revisited: providing cyber situational awareness across organizations and countries.

Author

Leitner, Maria, Skopik, Florian, and Pahi, Timea

Subjects

*SITUATIONAL awareness, *COMPUTER security, *INTERNET security, *KNOWLEDGE management, *WEB-based user interfaces

Abstract

Cyber situational awareness (CSA) is a prerequisite for justified decision-making and to maintain cyber security. This becomes particularly complex when establishing inter-organizational awareness across sectors. For example, computer security incident response teams (CSIRTs) and national cyber security centers need to establish CSA among countries when coordinating regional cyber incident response. Today's state of the art of information sharing across larger numbers of organizations is often still the least common denominator in the shape of web-based forms and email reports. These are easily applicable by almost everyone who wants to report findings even in stressful situations. However, these do not prove to be efficient for the coordinator that aggregates and merges the data. Therefore, a cyber coordination platform using online surveys is proposed. This approach uses surveys to collect, aggregate and visualize data in a dashboard to support cyber coordination and knowledge management. Furthermore, the online surveys are easy to use and respond to and therefore simplify the participation of stakeholders. We propose an architecture and implement a prototype using popular web application frameworks. The evaluation in a user study revealed promising results with respect to increased efficiency and decreased resource requirements for establishing situational awareness. [ABSTRACT FROM AUTHOR]

Published

2024

18. A new early warning system based on metaheuristics in CPS architecture.

Author

Mbiriki, Anwer, Katar, Chaker, and Badreddine, Ahmed

Subjects

*METAHEURISTIC algorithms, *NP-hard problems, *INTERNET security, *INFORMATION technology security, *MILITARY policy

Abstract

Cyber security is the most studied in recent years by the association of metaheuristic techniques thanks to their ability to solve optimization problems in a limited time and NP-hard problems. The Early Warning System (EWS) can identify malicious exercises and anomalies in the CPS and provide robust network systems protection. In addition, grouping attacks in EWS is important for defining defense policies. Information security in the CPS architecture is about securing information during data aggregation, large-scale processing and sharing in the network environment, especially low-linkage open networks. Motivated by these considerations, we propose a new security approach based on the Artificial Bee Colony (ABC) metaheuristic algorithm to strengthen the security framework of the CPS architecture against the system and within CPS attacks. In this work, we propose a new Early Warning System approach based on metaheuristics. Based on two fundamental concepts of clustering, coherence and separation, an integrated index was proposed based on Davies-Bouldin (DB) and Silhouette Index (SI). An improved ABC algorithm was proposed based on these indices. After having identified two different types of an objective function, based on the above concepts, and after having tested the algorithm on DBSI, the results of the experiments found are auspicious. [ABSTRACT FROM AUTHOR]

Published

2024

19. Research on intent-driven resilience network security.

Author

SONG Yanbo, GAO Xianming, YANG Chungang, and LI Pengcheng

Subjects

INTERNET security

Abstract

In the future, network will necessitate flexible, resilient, and scalable frameworks to accommodate evolving and diverse services. Intent-driven network provides a practical and feasible new idea for addressing this challenge. Specifically, intent-driven loop allows network administrators to focus less on intricate configuration details and more on expressing service requirements, facilitating autonomous and reliable services. Firstly, this work analyzes new challenges emerging in the field of cybersecurity. Subsequently, it introduces the methodology and key technologies of intent-driven network, proposing a lifecyle intent-driven architecture based on intent-driven network. Secondly, a method of reasoning for resilience strategies in introduced in intent-driven network security services. The practical application of intent-driven network involves the generation, transition, policy formulation, and deployment of intents, thereby ensuring the continuous online availability of network services even in the event of network failures. This reflects the entire lifecyle of an intent-driven network. [ABSTRACT FROM AUTHOR]

Published

2024

20. Cybersecurity Workforce Landscape, Education, and Industry Growth Prospects in Southeast Asia.

Author

Dillon, Roberto and Tan, Kim-Lim

Subjects

INTERNET security, BACHELOR'S degree, HIGHER education, TECHNOLOGY Acceptance Model

Abstract

Given the chronic lack of qualified professionals in the cybersecurity industry, the present paper seeks to evaluate the current interest in cybersecurity across Southeast Asia nations and then compare it with the available educational offerings of related degrees in each country to identify eventual gaps in the market. The goal is to assess whether there is a need for additional degree programs in cybersecurity and to evaluate the potential for future growth in the industry by providing a solid educational foundation for aspiring professionals. To estimate current interest from prospective students and profesionals in cybersecurity across each country, leaderboards from the popular TryHackMe gamified cybersecurity training platform are referenced. We further discuss issues by considering the related formal education programmes offered by the top universities in each country, identified by their presence in the QS world university rankings. The data are then used to propose two new metrics: the 'Cybersecurity Education Prospects Index' (CEPI) and the 'Cybersecurity Industry Prospects Index' (CIPI), which show how most of the eleven countries in Southeast Asia do have an unmet demand for cybersecurity education and only a few of them have already developed an educational infrastructure that is ready to support the growing needs of the local and international industry. [ABSTRACT FROM AUTHOR]

Published

2024

21. LIVE STREAMING OF COURT PROCEEDINGS IN INDIA: A STEP TOWARDS STRENGTHENING THE ACCESS TO A TRANSPARENT AND AN ACCOUNTABLE JUDICIARY.

Author

Kaur, Harleen

Subjects

CONDUCT of court proceedings, LIVE streaming, CONSTITUTIONALISM, JUSTICE, ACTIONS & defenses (Law), RIGHT of privacy, CASE studies, CYBERTERRORISM, INTERNET security

Abstract

Copyright of Environmental & Social Management Journal / Revista de Gestão Social e Ambiental is the property of Environmental & Social Management Journal and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2024

22. How blockchain manages supply chain risks: evidence from Indian manufacturing companies.

Author

Hong, Leo and Hales, Douglas N.

Subjects

SUPPLY chain management, BLOCKCHAINS, SECURITY management, INTERNET security, SUPPLY chains

Abstract

Purpose: This study aims to investigate the contribution of blockchain technology to supply chain risk management and its impact on performance among Indian manufacturing companies. Design/methodology/approach: Drawing on a resource-based view, dynamic capability and system of systems theory, this study examines the direct relationships between blockchain, supply chain risk management and supply chain performance. The authors validate the mediating effects of three supply chain risk management components, namely supply risk management, demand risk management and cyber security management, on financial transaction reliability and information reliability. Data were collected from 204 Indian manufacturing companies that have adopted blockchain technology. Findings: The results demonstrate that companies adopting blockchain technology have experienced positive outcomes in managing supply chain-related risks, financial transaction reliability and information reliability. These findings provide valuable guidance to managers, highlighting blockchain as a competitive advantage for supply chain management. Originality/value: To the best of the authors' knowledge, no previous research on blockchain-based risk management capabilities has been conducted. [ABSTRACT FROM AUTHOR]

Published

2024

23. X-Detect: explainable adversarial patch detection for object detectors in retail.

Author

Hofman, Omer, Giloni, Amit, Hayun, Yarin, Morikawa, Ikuya, Shimizu, Toshiya, Elovici, Yuval, and Shabtai, Asaf

Subjects

OBJECT recognition (Computer vision), COMPUTER vision, DIGITAL technology, INTERNET security, FALSE alarms

Abstract

Object detection models, which are widely used in various domains (such as retail), have been shown to be vulnerable to adversarial attacks. Existing methods for detecting adversarial attacks on object detectors have had difficulty detecting new real-life attacks. We present X-Detect, a novel adversarial patch detector that can: (1) detect adversarial samples in real time, allowing the defender to take preventive action; (2) provide explanations for the alerts raised to support the defender's decision-making process, and (3) handle unfamiliar threats in the form of new attacks. Given a new scene, X-Detect uses an ensemble of explainable-by-design detectors that utilize object extraction, scene manipulation, and feature transformation techniques to determine whether an alert needs to be raised. X-Detect was evaluated in both the physical and digital space using five different attack scenarios (including adaptive attacks) and the benchmark COCO dataset and our new Superstore dataset. The physical evaluation was performed using a smart shopping cart setup in real-world settings and included 17 adversarial patch attacks recorded in 1700 adversarial videos. The results showed that X-Detect outperforms the state-of-the-art methods in distinguishing between benign and adversarial scenes for all attack scenarios while maintaining a 0% FPR (no false alarms) and providing actionable explanations for the alerts raised. A demo is available. [ABSTRACT FROM AUTHOR]

Published

2024

24. A lightweight distributed ELM-based security framework for the internet of vehicles.

Author

Karimy, Aziz Ullah and Reddy, Putta Chandrasekhar

Subjects

DISTRIBUTED computing, MACHINE learning, FEATURE selection, TRANSPORTATION safety measures, INTERNET security

Abstract

The fast growth of internet of vehicles (IoV) has created a new area of connectedness, with promising safety and efficiency in transportation. However, this advancement in vehicle technology has come with significant cybersecurity risks, specifically through control area network (CAN) protocol and other communication techniques within vehicles. This experimental study suggests a machine learning (ML) based security approach based on the extreme learning machine (ELM) algorithm to address these challenges. Unlike customary neural networks, ELM is known for its fast processing, minimal training time, and high accuracy, making it preferably suitable for dynamic IoV environments. The methodology involves data preprocessing, feature selection, and employing ELM for attack classification; the algorithm’s performance is evaluated using CARHacking, NSL-KDD, and EdgeIIoT datasets. We also examine the significance of distributed processing to enhance the computational efficiency of the model, obtaining 89% accuracy in 3 ms run-time for external networks, and 83% accuracy with 9 ms run-time for intra-vehical networks. This newly proposed security mechanism using ELM shows very accurate results in detecting intrusions with a high recall rate and reduced computation time through distributed processing. [ABSTRACT FROM AUTHOR]

Published

2024

25. Drafting a Cybersecurity Standard for Outer Space Missions: On Critical Infrastructure, China, and the Indispensability of a Global Inclusive Approach.

Author

Segate, Riccardo Vecellio

Subjects

INTERNET security, INTERNATIONAL agencies, JURISDICTION, OUTER space

Abstract

Despite limited progress within international institutions, the need for articulating a regulatory framework for cyber operations in outer space is becoming a pressing concern. One precondition for regulation is to share cybersecurity and outer-space common terminology that can inform the negotiation of standards, policies and laws. While the UN Institute for Disarmament Research has recently issued a baseline policy glossary, binding technical definitions are missing, and the lack of a binding international cybersecurity regime adds to the obsolescence of a binding outer-space regime tracing back to half a century ago. As the IEEE SA embarks on the drafting of the first-ever technical standard for cybersecure-by- design outer-space missions, scoping and conceptual challenges abound. Technical standards are US-centred, non-binding, engineering-intensive exercises, where lawyers and Asian jurisdictions are only marginally involved; nevertheless, as China's framework for cybersecurity is refined and its involvement in outer-space policing deepens, its disengagement from Western-driven standard-setting bodies appears unsustainable. Drawing on the specific challenge of defining what makes a cyber system 'mission-critical', I expose the necessity to examine how domestic cybersecurity laws from a diverse range of States identify 'critical' information infrastructure. Generalising therefrom, I advocate a jurisdictionally inclusive process that combines American supremacy in technical standard-setting for outer-space missions with Chinese normative contributions to cybersecurity regulation, including on data localisation and mandatory multilevel cyber-hygiene requirements. I further argue that involving legal experts from a diverse range of jurisdictions and sociolegal cultures may enhance the global reception of standardisation outputs, thus securing higher degrees of voluntary compliance therewith. This could foster cooperation and promote regional and global satellite cybersecurity. [ABSTRACT FROM AUTHOR]

Published

2024

26. Building capability and community through cyber-incident response exercises.

Author

Ricks, Matthew

Subjects

INFORMATION technology security, DISASTER resilience, CYBERTERRORISM, INTERNET security, INDUSTRIAL management

Abstract

While a natural disaster or related threat may impact an organisation at some point, it is more likely (even inevitable) that it will be the victim of a cyber attack. The solution to being better prepared for these imminent attacks is to undertake more lightweight and frequent incident response (IR) exercises to help build capabilities and community through a tighter, recurring cycle of planning, conducting and assessing. To boost the facilitation of IR exercises, organisations must leverage the established relationships between business continuity management (BCM) or resilience staff (both of which are familiar with business continuity and disaster recovery exercises), and their information security office. As BCM will ultimately be involved in response and recovery after a cyber attack, it is intuitively more effective to collaborate with BCM in advance. Indeed, it has been substantiated that BCM engagement improves incident response time and reduces incident response costs. This paper concludes that involving BCM or resilience departments in IR exercises contributes to more effective responses to actual incidents. [ABSTRACT FROM AUTHOR]

Published

2024

27. GSAAN with War Strategy Optimization Algorithm for Cyber Security in a 5G Wireless Communication Network.

Author

Shobana, D., Priya, B., and Samuthira Pandi, V.

Subjects

*WIRELESS communications security, *OPTIMIZATION algorithms, *INTERNET security, *5G networks, *WIRELESS communications, *DEEP learning

Abstract

In this paper, the graph sample and aggregate-attention network with war strategy optimization algorithm for cyber security in the 5G wireless communication network (CS-5GWCN-GSAAN-WSOA) is proposed in 5G mobile networks to identify cyber threats. Initially, the input data are amassed from the 5G-NIDD dataset. Then the input data are fed to preprocessing, here redundancy elimination and missing value replacement are performed utilizing the contrast limited adaptive histogram equalization filtering (CLAHEF) method. After preprocessing, optimal features are selected by the stochastic gradient boosting based recursive feature elimination process. The selected features are fed to the graph sample and aggregate-attention network (GSAAN) to detect cyber-attacks in 5G wireless communication. Generally, the GSAAN approach does not adopt any optimization techniques for determining optimal parameters and guaranteeing accurate attack detection. Therefore, the war strategy optimization algorithm (WSOA) contemplates to optimize the GSAAN weight parameters. The CS-5GWCN-GSAAN-WSOA method is activated on Python. The CS-5GWCN-GSAAN-WSOA method attains 22.51%, 20.35%, and 35.54% higher accuracy, 19.45%, 27.80%, and 18.93% higher sensitivity analysed with existing models, like cyber security attack identification in 5G wireless systems utilizing machine learning (CS-5GWCN-SVM), enhanced dropping attacks detection in 5G networks depending on deep learning models (CS-5GWCN-KNN), and cyber security issues in 5G enabled attack detection through deep learning (CS-5GWCN-RNN), respectively. [ABSTRACT FROM AUTHOR]

Published

2024

28. The PIM.3 process improvement process—Part of the iNTACS certified process expert training.

Author

Messnarz, Richard, Djordjevic, Vesna, Grémen, Viktor, Menezes, Winifred, Alborae, Ahmed, Dreves, Rainer, Norimatsu, So, Wegner, Thomas, and Sechser, Bernhard

Subjects

*PROCESS capability, *MACHINE learning, *APPRAISERS, *INTERNET security, *ENGINEERING

Abstract

This paper documents the results of the PIM.3 (Process Improvement Management) working group in INTACS (International Assessor Certification Schema) supported by the VDA‐QMC (Verband der Deutschen Automobilindustrie/German Automotive Association–Quality Management Center). INTACS promotes Automotive SPICE, which is an international standard that allows process capability assessment of projects, which implement systems that integrate mechanics, electronics, and software including optionally cybersecurity, functional safety, and machine learning. The paper outlines that for the first time since more than 20 years, the INTACS and VDA‐QMC included a process like PIM.3 Process Improvement Management in the scope for the assessor training. Before that, the assessments focused on the management, engineering, and support processes of series projects, while the improvement management has not been trained or assessed. [ABSTRACT FROM AUTHOR]

Published

2024

29. Navigation safety of Maritime Autonomous Surface Ships.

Author

Nemoto, Yu

Subjects

*MARITIME safety, *RESCUE work, *INCORPORATION, *SHIPS, *INTERNET security

Abstract

Maritime Autonomous Surface Ships (MASS) present numerous advantages that can address various social issues associated with maritime transportation. To advance the realisation of MASS, institutional studies and demonstration tests are being conducted in multiple countries. The introduction of new technologies and systems in MASS will automate many tasks traditionally performed by seafarers, requiring proof that these innovations provide security and reliability on par with or superior to conventional vessels. Given that most vessels are used commercially, MASS must garner user support and demonstrate profitability. This study employs a systematic review methodology to examine the progress of MASS research, identifying its benefits and the challenges to ensure the safety of MASS operations. Additionally, the study assesses the impacts of MASS on various domains, including the economy, employment, vessel operations, cybersecurity, search and rescue, and human resource development. The necessary actions for the successful implementation of MASS are also outlined. This study proposes several key considerations for the safe navigation of MASS. Firstly, practical operations incorporating business aspects must be envisioned. Secondly, MASS should be equipped with automated facilities for accident response. Lastly, the roles and responsibilities of both human operators and automated systems must be clearly defined. [ABSTRACT FROM AUTHOR]

Published

2024

30. Network disruption via continuous batch removal: The case of Sicilian Mafia.

Author

Jia, Mingshan, De Meo, Pasquale, Gabrys, Bogdan, and Musial, Katarzyna

Subjects

*TIME complexity, *MAFIA, *CRIME, *INTERNET security, *EPIDEMICS

Abstract

Network disruption is pivotal in understanding the robustness and vulnerability of complex networks, which is instrumental in devising strategies for infrastructure protection, epidemic control, cybersecurity, and combating crime. In this paper, with a particular focus on disrupting criminal networks, we proposed to impose a within-the-largest-connected-component constraint in a continuous batch removal disruption process. Through a series of experiments on a recently released Sicilian Mafia network, we revealed that the constraint would enhance degree-based methods while weakening betweenness-based approaches. Moreover, based on the findings from the experiments using various disruption strategies, we propose a structurally-filtered greedy disruption strategy that integrates the effectiveness of greedy-like methods with the efficiency of structural-metric-based approaches. The proposed strategy significantly outperforms the longstanding state-of-the-art method of betweenness centrality while maintaining the same time complexity. [ABSTRACT FROM AUTHOR]

Published

2024

31. Cybersecurity vulnerabilities and solutions in Ethiopian university websites.

Author

Eshetu, Ali Yimam, Mohammed, Endris Abdu, and Salau, Ayodeji Olalekan

Subjects

PASSWORD software, HIGHER education, INTERNET security, WEBSITES, STRATEGIC planning

Abstract

This study investigates the causes and countermeasures of cybercrime vulnerabilities, specifically focusing on selected 16 Ethiopian university websites. This study uses a cybersecurity awareness survey, and automated vulnerability assessment and penetration testing (VAPT) technique tools, namely, Nmap, Nessus, and Vega, to identify potential security threats and vulnerabilities. The assessment was performed according to the ISO/IEC 27001 series of standards, ensuring a comprehensive and globally recognized approach to information security. The results of this study provide valuable insights into the current state of cybersecurity in Ethiopian universities and reveals a range of issues, from outdated software and poor password management to a lack of encryption and inadequate access control. Vega vulnerability assessment reports 11,286 total findings, and Nessus identified a total of 1749 vulnerabilities across all the websites of the institutions examined. Based on these findings, the study proposes counteractive measures tailored to the specific needs of each identified defect. These recommendations aim to strengthen the security posture of the university websites, thereby protecting sensitive data and maintaining the trust of students, staff, and other stakeholders. The study emphasizes the need for proactive cybersecurity measures in the realm of higher education and presents a strategic plan for universities to improve their digital security. Highlights: The study investigates the causes of cybersecurity vulnerabilities in university websites, with a focus on Ethiopian Universities. The evaluation was based on ISO/IEC 27001 series standards and utilized three different automatic VAPT evaluation tools: Nmap, NESSUS, and VEGA. The research identified a range of issues contributing to cybersecurity vulnerabilities, including outdated software, poor password management, a lack of encryption, and inadequate access control. The study underscores the importance of proactive cybersecurity practices in the higher education sector and provides a roadmap for universities to enhance their digital security. [ABSTRACT FROM AUTHOR]

Published

2024

32. Predictive digital twin driven trust model for cloud service providers with Fuzzy inferred trust score calculation.

Author

John, Jomina and K, John Singh

Subjects

FUZZY logic, DIGITAL twins, TRUST, FUZZY systems, INTERNET security

Abstract

Cloud computing has become integral to modern computing infrastructure, offering scalability, flexibility, and cost-effectiveness. Trust is a critical aspect of cloud computing, influencing user decisions in selecting Cloud Service Providers (CSPs). This paper provides a comprehensive review of existing trust models in cloud computing, including agreement-based, SLA-based, certificate-based, feedback-based, domain-based, prediction-based, and reputation-based models. Building on this foundation, we propose a novel methodology for creating a trust model in cloud computing using digital twins for CSPs. The digital twin is augmented with a fuzzy inference system, which computes the trust score of a CSP based on trust-related parameters. The architecture of the digital twin with the fuzzy inference system is detailed, outlining how it processes security parameter values obtained through penetration testing mechanisms. These parameter values are transformed into crisp values using a linear ridge regression function and then fed into the fuzzy inference system to calculate a final trust score for the CSP. The paper also presents the outputs of the fuzzy inference system, demonstrating how different security parameter inputs yield various trust scores. This methodology provides a robust framework for assessing CSP trustworthiness and enhancing decision-making processes in cloud service selection. [ABSTRACT FROM AUTHOR]

Published

2024

33. Improving patient centric data retrieval and cyber security in healthcare: privacy preserving solutions for a secure future.

Author

Arunprasath, S. and Annamalai, Suresh

Subjects

INTERNET security, INFORMATION retrieval, HEALTH care industry, DATABASE security, DATA security, REINFORCEMENT learning, ONTOLOGIES (Information retrieval), DATA privacy

Abstract

The healthcare industry is increasingly reliant on access to large volumes of patient data, which is critical for improving patient outcomes, reducing costs, and ensuring regulatory compliance. However, there are significant challenges facing healthcare organizations in retrieving patient data from databases and ensuring the security and privacy of this data. Addressing these challenges is vital to the future success of the healthcare industry. This paper proposes two solutions to these challenges: a simplified ontology-based retrieval algorithm for healthcare multimedia data to enhance the retrieval process, and Hierarchical learning: ensemble model-based reinforcement learning to improve patient data security. An ontology-based retrieval algorithm was a method used to retrieve relevant information from large datasets. It filtered out irrelevant data and provided contextually relevant results. Hierarchical learning involved organizing learning tasks in a hierarchical structure, with higher-level policies guiding lower-level policies. Ensemble model-based reinforcement learning combined multiple models to improve the performance of a reinforcement learning system. The Simplified Ontology-Based Retrieval Algorithm had excellent performance with an accuracy of 92%, making it highly effective in information retrieval tasks. The paper highlights the importance of using advanced technologies and prioritizing cyber security in healthcare to maintain trust and optimal patient care. Cutting-edge technologies transformed healthcare by enhancing patient data retrieval and cyber security. Examples included encrypted computations, multi-party privacy, query result anonymization, real-time monitoring through IoMT, and secure data sharing. Adopting these solutions ultimately contributed to the protection of sensitive patient data and the overall security of healthcare organizations. [ABSTRACT FROM AUTHOR]

Published

2024

34. Roadmap of Adversarial Machine Learning in Internet of Things-Enabled Security Systems.

Author

Harbi, Yasmine, Medani, Khedidja, Gherbi, Chirihane, Aliouat, Zibouda, and Harous, Saad

Subjects

*ARTIFICIAL intelligence, *MACHINE learning, *DIGITAL technology, *INTERNET security, *SECURITY systems

Abstract

Machine learning (ML) represents one of the main pillars of the current digital era, specifically in modern real-world applications. The Internet of Things (IoT) technology is foundational in developing advanced intelligent systems. The convergence of ML and IoT drives significant advancements across various domains, such as making IoT-based security systems smarter and more efficient. However, ML-based IoT systems are vulnerable to lurking attacks during the training and testing phases. An adversarial attack aims to corrupt the ML model's functionality by introducing perturbed inputs. Consequently, it can pose significant risks leading to devices' malfunction, services' interruption, and personal data misuse. This article examines the severity of adversarial attacks and accentuates the importance of designing secure and robust ML models in the IoT context. A comprehensive classification of adversarial machine learning (AML) is provided. Moreover, a systematic literature review of the latest research trends (from 2020 to 2024) of the intersection of AML and IoT-based security systems is presented. The results revealed the availability of various AML attack techniques, where the Fast Gradient Signed Method (FGSM) is the most employed. Several studies recommend the adversarial training technique to defend against such attacks. Finally, potential open issues and main research directions are highlighted for future consideration and enhancement. [ABSTRACT FROM AUTHOR]

Published

2024

35. Effecting mobile security awareness and interest in cybersecurity using the CovertEyeOp mobile app driven user hack based learning approach.

Author

Poe, Tyler and Chattopadhyay, Ankur

Subjects

MOBILE communication systems, INTERNET security, MOBILE apps, MIDDLE schools, INFORMATION technology

Abstract

Existing research literature in computing and IT education shows that there has been limited work on investigating how offense based learning approaches using hacks can enhance learning of mobile security topics. In an effort to fill this research gap, we performed an experimental study with a unique, nifty user hack driven offense based learning strategy to effect mobile security awareness and interest in cybersecurity at the high school and middle school levels, as described in this work. A highlight of our novel study is our original CovertEyeOp mobile app, which was designed and developed strategically to be the driving force towards implementing our hacking based offense driven leaning technique. In this research, we carried out a comparative analysis of our app based offense driven learning approach with other relevant works on mobile security education. To conduct experiments with our user hack driven offense based learning strategy, we created a hands on experiential learning activity using our CovertEyeOp app, which educates users about security and privacy issues in mobile devices by hacking them and enabling them to self-discover issues with user permissions given to mobile apps. We offered this unique mobile app based learning activity to 90 participants (both students and teachers) primarily from the high school community across different states over multiple years and have collected quantitative plus qualitive data in the form of survey responses from these various users. Additionally, we discuss our earlier experiments of hosting an older version of our mobile app based lesson with 100 middle school students. We analyze this gathered learner data from the overall 190 participants' survey responses to determine whether our app driven offense based learning approach works and makes a difference in terms of fostering K-12 learning and engagement through acquired evidence of increased mobile security awareness and interest in cybersecurity. Overall, our study results in unique findings that show the prospects, benefits, and efficacy of including a user hack driven offense based learning strategy in K-12 teaching of mobile security topics. In the process, it advocates for the usage of this unique, non-traditional learning approach in cybersecurity education. [ABSTRACT FROM AUTHOR]

Published

2024

36. BVTED: A Specialized Bilingual (Chinese–English) Dataset for Vulnerability Triple Extraction Tasks.

Author

Liu, Kai, Wang, Yi, Ding, Zhaoyun, Li, Aiping, and Zhang, Weiming

Subjects

CYBERTERRORISM, DATABASES, DATA mining, INTERNET security, ONTOLOGY

Abstract

Extracting knowledge from cyber threat intelligence is essential for understanding cyber threats and implementing proactive defense measures. However, there is a lack of open datasets in the Chinese cybersecurity field that support both entity and relation extraction tasks. This paper addresses this gap by analyzing vulnerability description texts, which are standardized and knowledge-dense, to create a vulnerability knowledge ontology comprising 13 entities and 15 relations. We annotated 27,311 unique vulnerability description sentences from the China National Vulnerability Database, resulting in a dataset named BVTED for cybersecurity knowledge triple extraction tasks. BVTED contains 97,391 entities and 69,614 relations, with entities expressed in a mix of Chinese and English. To evaluate the dataset's value, we trained five deep learning-based named entity recognition models, two relation extraction models, and two joint entity–relation extraction models on BVTED. Experimental results demonstrate that models trained on this dataset achieve excellent performance in vulnerability knowledge extraction tasks. This work enhances the extraction of cybersecurity knowledge triples from mixed Chinese and English threat intelligence corpora by providing a comprehensive ontology and a new dataset, significantly aiding in the mining, analysis and utilization of the knowledge embedded in cyber threat intelligence. [ABSTRACT FROM AUTHOR]

Published

2024

37. Combining Edge Computing-Assisted Internet of Things Security with Artificial Intelligence: Applications, Challenges, and Opportunities.

Author

Rupanetti, Dulana and Kaabouch, Naima

Subjects

ARTIFICIAL intelligence, DATA privacy, COMPUTER network security, MACHINE learning, INTERNET security

Abstract

The integration of edge computing with IoT (EC-IoT) systems provides significant improvements in addressing security and privacy challenges in IoT networks. This paper examines the combination of EC-IoT and artificial intelligence (AI), highlighting practical strategies to improve data and network security. The published literature has suggested decentralized and reliable trust measurement mechanisms and security frameworks designed explicitly for IoT-enabled systems. Therefore, this paper reviews the latest attack models threatening EC-IoT systems and their impacts on IoT networks. It also examines AI-based methods to counter these security threats and evaluates their effectiveness in real-world scenarios. Finally, this survey aims to guide future research by stressing the need for scalable, adaptable, and robust security solutions to address evolving threats in EC-IoT environments, focusing on the integration of AI to enhance the privacy, security, and efficiency of IoT systems while tackling the challenges of scalability and resource limitations. [ABSTRACT FROM AUTHOR]

Published

2024

38. Enhancing internet of things security using entropy-informed RF-DNA fingerprint learning from Gabor-based images.

Author

Taha, Mohamed A., Fadul, Mohamed M. K., Tyler, Joshua H., Reising, Donald R., and Loveless, T. Daniel

Subjects

PHYSICAL layer security, INTERNET security, DEEP learning, ACCESS control, INTERNET of things, BIOMETRIC identification

Abstract

Internet of Things (IoT) deployments are anticipated to reach 29.42 billion by the end of 2030 at an average growth rate of 16% over the next 6 years. These deployments represent an overall growth of 201.4% in operational IoT devices from 2020 to 2030. This growth is alarming because IoT devices have permeated all aspects of our daily lives, and most lack adequate security. IoT-connected systems and infrastructures can be secured using device identification and authentication, two effective identity-based access control mechanisms. Physical Layer Security (PLS) is an alternative or augmentation to cryptographic and other higher-layer security schemes often used for device identification and authentication. PLS does not compromise spectral and energy efficiency or reduce throughput. Specific Emitter Identification (SEI) is a PLS scheme capable of uniquely identifying senders by passively learning emitter-specific features unintentionally imparted on the signals during their formation and transmission by the sender's radio frequency (RF) front end. This work focuses on image-based SEI because it produces deep learning (DL) models that are less sensitive to external factors and better generalize to different operating conditions. More specifically, this work focuses on reducing the computational cost and memory requirements of image-based SEI with little to no reduction in performance by selecting the most informative portions of each image using entropy. These image portions or tiles reduce memory storage requirements by 92.8% and the DL training time by 81% while achieving an average percent correct classification performance of 91% and higher for SNR values of 15 dB and higher with individual emitter performance no lower than 87.7% at the same SNR. Compared with another state-of-the-art time-frequency (TF)-based SEI approach, our approach results in superior performance for all investigated signal-to-noise ratio conditions, the largest improvement being 21.7% at 9 dB and requires 43% less data. [ABSTRACT FROM AUTHOR]

Published

2024

39. Assessing the Effectiveness of Cyber Domain Controls When Conducting Cybersecurity Audits: Insights from Higher Education Institutions in Canada.

Author

Sabillon, Regner, Higuera, Juan Ramon Bermejo, Cano, Jeimy, Higuera, Javier Bermejo, and Montalvo, Juan Antonio Sicilia

Subjects

UNIVERSITIES & colleges, PERSONALLY identifiable information, SCHOOL environment, INTERNET security, MODEL validation

Abstract

This study validates a comprehensive cybersecurity audit model through empirical analysis in three higher education institutions in Canada. The research aims to enhance cybersecurity resilience by assessing the effectiveness of cybersecurity controls across diverse educational environments. Given the increasing frequency and sophistication of cyberattacks targeting educational institutions, this research is essential to ensure the protection of sensitive academic and personal data. Data were collected through detailed audits involving system vulnerabilities, compliance with security policies, and incident response management at each institution. The findings underscore the importance of tailored cybersecurity strategies and continuous auditing to mitigate cyber risks in the Canadian higher education sector. This study contributes to the field by validating a versatile audit tool that can be adapted to various institutional contexts, promoting enhanced cybersecurity practices and evaluating the effectiveness of cybersecurity safeguards across the higher education sector in Canada. The results of the audit model validations provide the cybersecurity maturity rating of each institution. Further research is recommended to refine the model and explore its application in other industries and sectors. [ABSTRACT FROM AUTHOR]

Published

2024

40. A novel optimized neural network model for cyber attack detection using enhanced whale optimization algorithm.

Author

Jyothi, Koganti Krishna, Borra, Subba Reddy, Srilakshmi, Koganti, Balachandran, Praveen Kumar, Reddy, Ganesh Prasad, Colak, Ilhami, Dhanamjayulu, C., Chinthaginjala, Ravikumar, and Khan, Baseem

Subjects

*METAHEURISTIC algorithms, *ARTIFICIAL neural networks, *CYBERTERRORISM, *INTERNET security, *WEBSITES, *COMPUTER passwords

Abstract

Cybersecurity is critical in today's digitally linked and networked society. There is no way to overestimate the importance of cyber security as technology develops and becomes more pervasive in our daily lives. Cybersecurity is essential to people's protection. One type of cyberattack known as "credential stuffing" involves using previously acquired usernames and passwords by attackers to access user accounts on several websites without authorization. This is feasible as a lot of people use the same passwords and usernames on several different websites. Maintaining the security of online accounts requires defence against credential-stuffing attacks. The problems of credential stuffing attacks, failure detection, and prediction can be handled by the suggested EWOA-ANN model. Here, a novel optimization approach known as Enhanced Whale Optimization Algorithm (EWOA) is put on to train the neural network. The effectiveness of the suggested attack identification model has been demonstrated, and an empirical comparison will be carried out with respect to specific security analysis. [ABSTRACT FROM AUTHOR]

Published

2024

41. Identification and prioritization of the challenges faced by vendor organizations in the shape of cyber security: A FUZZY‐AHP ‐based systematic approach.

Author

Khan, Abdul Wahid, Zaib, Shah, Alanazi, Meshari D., and Habib, Shabana

Subjects

*ANALYTIC hierarchy process, *INTERNET security, *COMPUTER software development, *INFORMATION resources management, *CONTINUING education

Abstract

The goal of this research study was to identify and prioritize the significant cybersecurity challenges that vendor firms encounter during software development. Using Systematic Literature Reviews (SLRs), 13 significant challenges were found, including “Security issues/Access of Cyberattacks”, “Lack of Right Knowledge”, “Cost Security Issues”, and “Lack of Confidentiality and Trust” among others. To address these concerns, a multifaceted strategy that prioritizes continuing education, training, and investment in cybersecurity measures, as well as cross‐industry cooperation and coordination with government entities, is required. These challenges were ranked using the Fuzzy Analytic Hierarchy Process (F‐AHP). We obtained the following results after applying the Fuzzy Analytic Hierarchy Process: CSC1 (Cyber Security Challenge‐1) “Security Issues/Access of Cyber Attacks”, CSC2 “Lack of Right Knowledge”, and CSC3 “Framework” are the top most critical cyber security challenges, with weightages of 0.1687, 0.1672, and 0.1194, respectively. This study lays the groundwork for future research and assists vendor organizations in addressing the cybersecurity concerns they face during software development. The study also emphasizes the significance of addressing cybersecurity during the software development process in order to avoid the financial and reputational losses associated with cyber intrusions. [ABSTRACT FROM AUTHOR]

Published

2024

42. When You Think You Are About to Hesitate, Step Forward. Increase Freedom and Trust People in the Field.

Author

Shinichi Yokohama

Subjects

*CYBERSPACE, *INTERNET security, *COMPUTER security, *CYBER intelligence (Computer security)

Abstract

In today's connected society, ensuring safety and security in cyberspace is an extremely tough challenge. NTT Security Holdings provides security services to clients on the basis of its proprietary cyber intelligence and threat-detection-and-response capabilities. We asked Shinichi Yokohama, chief executive officer of NTT Security Holdings and chief information security officer of the NTT Group, about the company's mission and strategy as well as his attitude as a top management. [ABSTRACT FROM AUTHOR]

Published

2024

43. Email bombing attack detection and mitigation using machine learning.

Author

Shukla, Sanjeev, Misra, Manoj, and Varshney, Gaurav

Subjects

*BOMBINGS, *MACHINE learning, *EMAIL security, *EMAIL management, *CYBERTERRORISM

Abstract

Email bombing, a growingly prevalent and destructive cyber attack, involves inundating a target's email inbox with subscription confirmation messages from legitimate services. This type of attack, particularly challenging for conventional spam filters, is not easily detected as the emails often appear benign. In our research, we introduce an innovative real-time technique to identify and mitigate email bombing. Our method leverages a unique time gap threshold for attack detection, proving effective across various bombing types, including mass mailing and subscription bombing. Upon detecting an attack, we utilize a novel mechanism of nine features extracted from email headers to build a machine learning model. This model distinguishes between genuine and bombing emails with approximately 97% accuracy. Our study not only explores email bombing attacks but also offers a comprehensive solution, combining attack detection and a machine learning-based approach to accurately classify emails, thereby effectively mitigating such cyber threats. [ABSTRACT FROM AUTHOR]

Published

2024

44. IoT cybersecurity in 5G and beyond: a systematic literature review.

Author

Pirbhulal, Sandeep, Chockalingam, Sabarathinam, Shukla, Ankur, and Abie, Habtamu

Subjects

*5G networks, *INTERNET of things, *INTERNET security, *SCIENCE databases, *DATABASE searching

Abstract

The 5th generation (5G) and beyond use Internet of Things (IoT) to offer the feature of remote monitoring for different applications such as transportation, healthcare, and energy. There are several advantages of 5G and beyond for IoT applications like high speed and low latency. However, they are prone to cybersecurity threats due to networks softwarization and virtualization, thus raising additional security challenges and complexities. In this paper, we conducted a systematic literature review (SLR) of cybersecurity for 5G and beyond-enabled IoT. By developing a taxonomy to classify and characterize existing research, we identified and analyzed strategies, key patterns, mechanisms, performance evaluation, validation parameters and challenges of cybersecurity and resilience for 5G and beyond-enabled IoT in existing studies. We used "Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA)" recommendations for this SLR. Through our search in scientific databases, 4449 records published between 2017 and 2023 were initially identified, which were then reduced to 558 records after title and abstract screening to be considered for the eligibility check process. After screening the full-text, 79 articles were finalized for thorough analysis. The findings of this study suggest that 35% of the included studies focus on authentication and access control as security aspects, 59% studies are based on combination of both network layer and application layer as main operation layer, and 34% of the included studies use real-time implementation for validation purpose while the remaining studies utilize simulation or theoretical analysis. Our SLR also highlights open research challenges of 5G and beyond-enabled IoT cybersecurity and suggests a tentative solution for each challenge, which can be a focus of future research. Finally, key limitations of our SLR and threats to validity are addressed. [ABSTRACT FROM AUTHOR]

Published

2024

45. Integrating AI-driven threat intelligence and forecasting in the cyber security exercise content generation lifecycle.

Author

Zacharis, Alexandros, Katos, Vasilios, and Patsakis, Constantinos

Subjects

*INTERNET security, *FORECASTING methodology, *CYBERTERRORISM, *EXPERT evidence, *EVALUATION methodology, *COMPUTER crime prevention, *CYBER intelligence (Computer security)

Abstract

The escalating complexity and impact of cyber threats require organisations to rehearse responses to cyber-attacks by routinely conducting cyber security exercises. However, the effectiveness of these exercises is limited by the exercise planners' ability to replicate real-world scenarios in a timely manner that is, most importantly, tailored to the training audience and sector impacted. To address this issue, we propose the integration of AI-driven sectorial threat intelligence and forecasting to identify emerging and relevant threats and anticipate their impact in different industries. By incorporating such automated analysis and forecasting into the design of cyber security exercises, organisations can simulate real-world scenarios more accurately and assess their ability to respond to emerging threats. Fundamentally, our approach enhances the effectiveness of cyber security exercises by tailoring the scenarios to reflect the threats that are more relevant and imminent to the sector of the targeted organisation, thereby enhancing its preparedness for cyber attacks. To assess the efficacy of our forecasting methodology, we conducted a survey with domain experts and report their feedback and evaluation of the proposed methodology. [ABSTRACT FROM AUTHOR]

Published

2024

46. Perceptions of organizational responsibility for cybersecurity in Saudi Arabia: a moderated mediation analysis.

Author

Asfahani, Ahmed M.

Subjects

*PROTECTION motivation theory, *INTERNET security, *PLANNED behavior theory, *ECOLOGY, *EMPLOYEE attitudes, *ORGANIZATIONAL behavior

Abstract

The study aims to explore the crucial interaction between organizational responsibility and employee behavior in cybersecurity, particularly in the distinct setting of Saudi Arabia. It investigates how organizational responsibility perceptions impact employee attitudes and practices towards cybersecurity. The research utilizes a mixed theoretical framework, incorporating stewardship theory, protection motivation theory, and the theory of planned behavior. It examines the intricate link between organizational leadership, policies, and individual responses to cybersecurity threats through a comprehensive survey conducted among Saudi employees. The study discovers that employees' perceptions of organizational responsibility greatly influence their cybersecurity behavior. It also finds that employee attitudes towards cybersecurity act as a mediator in this relationship. Contrary to expectations, personal experiences with cybersecurity incidents do not significantly moderate these relationships. This underlines the complex and culture-specific nature of cybersecurity compliance in organizational contexts. This research uniquely contributes to the understanding of cybersecurity behavior within organizations, particularly highlighting the need for policies that align with both organizational objectives and individual behaviors in culturally specific environments like Saudi Arabia. It offers novel insights into the less pronounced impact of personal cybersecurity experiences on organizational-employee dynamics in cybersecurity compliance. [ABSTRACT FROM AUTHOR]

Published

2024

47. Analysis of security and privacy issues in wearables for minors.

Author

Fúster, Jaime, Solera-Cotanilla, Sonia, Pérez, Jaime, Vega-Barbas, Mario, Palacios, Rafael, Álvarez-Campana, Manuel, and Lopez, Gregorio

Subjects

*INTERNET of things, *PERSONALLY identifiable information, *PRIVACY, *MINORS, *INTERNET security

Abstract

The increased use of wearables in recent years has fostered a great technological development in this area, although without the appropriate supervision usability may go first than security. In addition to this, the fact that wearables have been requiring more and more personal data from the user makes them attractive devices for an attacker. In this paper we propose a set of tests for evaluating the security and privacy of wearables and we apply them to analyse the security and privacy of a set of commercial wearables that are targeted at minors, who represent a group with especially high requirements in this regard. We define the testing scenario, expose the tools to support the research, and specify the testing process to be followed. Based on the obtained results, although the considered low-end devices are broadly speaking less secure than high-end ones, most of them present security and privacy flaws, which illustrates the necessity of regulation that ensures the fulfilment of appropriate security and privacy requirements. [ABSTRACT FROM AUTHOR]

Published

2024

48. A Review of Attacker–Defender Games and Cyber Security.

Author

Hausken, Kjell, Welburn, Jonathan W., and Zhuang, Jun

Subjects

*ROLEPLAYING games, *INTERNET security, *BOARD games, *SCHOOL boards, *EDUCATIONAL games

Abstract

The focus of this review is the long and broad history of attacker–defender games as a foundation for the narrower and shorter history of cyber security. The purpose is to illustrate the role of game theory in cyber security and which areas have received attention and to indicate future research directions. The methodology uses the search terms game theory, attack, defense, and cyber security in Web of Science, augmented with the authors' knowledge of the field. Games may involve multiple attackers and defenders over multiple periods. Defense involves security screening and inspection, the detection of invaders, jamming, secrecy, and deception. Incomplete information is reviewed due to its inevitable presence in cyber security. The findings pertain to players sharing information weighted against the security investment, influenced by social planning. Attackers stockpile zero-day cyber vulnerabilities. Defenders build deterrent resilient systems. Stochastic cyber security games play a role due to uncertainty and the need to build probabilistic models. Such games can be further developed. Cyber security games based on traffic and transportation are reviewed; they are influenced by the more extensive communication of GPS data. Such games should be extended to comprise air, land, and sea. Finally, cyber security education and board games are reviewed, which play a prominent role. [ABSTRACT FROM AUTHOR]

Published

2024

49. Revisión sistemática de la literatura sobre la seguridad digital en estudiantes de educación superior.

Author

Trujillo-Torres, Juan-Manuel, Rodríguez-Jiménez, Carmen, Alonso-García, Santiago, and Berral-Ortiz, Blanca

Subjects

*STUDENT attitudes, *DIGITAL technology, *INTERNET security, *INTERNET safety, *INTERNET privacy

Abstract

This study aims to identify and analyze the main research streams on digital safety and online privacy related to higher education students. Students are at risk of cybercrime, including online harassment, identity theft, and exposure to inappropriate content. A systematic literature review is conducted on digital security, cybersecurity, Internet security, online safety, and use of digital technologies. The results show that publications on digital security for higher education students have increased consistently during the last two decades. The main research streams are: digital risk and student perspectives, digital children, digital teenagers, online harassment, and digital behavior. In conclusion, this study provides a wide assessment on digital security for university students and highlights the importance of future research on improving awareness and safety on digital environments for teenagers. [ABSTRACT FROM AUTHOR]

Published

2024

50. The Role of Cybersecurity Knowledge and Awareness in Cybersecurity Intention and Behavior in the United States.

Author

Lee, Claire Seungeun and Chua, Yi Ting

Subjects

*INTERNET security, *MODERN society, *INTENTION, *CYBERTERRORISM

Abstract

Despite the rapid escalation of cybercrimes in modern society, few viable cybersecurity and cybercrime prevention programs exist. Consequently, this research considers cybersecurity as a key element for mitigating the potential risk and incidents of cybercrime. The study aims to understand the role of individuals' cybersecurity knowledge and awareness in shaping their cybersecurity intention and behavior in the United States. The results reveal that information and communications technology variables, education, income, and gender are contributing predictors of a level of cybersecurity knowledge. The effects of information and communications technology variables varied across gender for both correct and uncertain responses. The findings highlight the importance of a comprehensive understanding of both technical and human/individual factors for cybersecurity knowledge and education. [ABSTRACT FROM AUTHOR]

Published

2024