DETECTION AND IDENTIFICATION OF CYBERATTACKS IN CPS BY ‎APPLYING MACHINE LEARNING ALGORITHMS

بشكل عام ، تتكون الأنظمة السيبرانية الفيزيائية (المعروفة أيضًا باسم CPS) من مكونات متصلة بالشبكة تتيح الوصول عن بُعد والمراقبة والفحص. ونظرًا لأنه تم دمج هذه الانظمة في شبكة غير آمنة، قد تتعرض لهجمات إلكترونية متعددة. وفي حالة حدوث خرق لأمن الإنترنت، سيتمكن المخترق من إتلاف النظام ، مما قد يكون له آثار مدمرة. وبالتالي، من المهم للغاية الحفاظ على مصداقية الأنظمة السيبرانية الفيزيائية CPS. لقد أصبح من الصعب بشكل متزايد تحديد الاعتداءات على أنظمة (CPSs) حيث أصبحت هذه الأنظمة أكثر هدفًا للمتسللين والتهديدات الإلكترونية. من الممكن أن يجعل التعلم الآلي (ML) والذكاء الاصطناعي (AI) أيضًا الوضع أكثر أماناً,ويمكن أن تلعب التكنولوجيا القائمة على الذكاء الاصطناعي (AI) دورًا في نمو ونجاح مجموعة واسعة من أنواع المؤسسات المختلفة وبعدة طرق مختلفة. الهدف من هذا البحث وهذا النوع من تحليل البيانات هو تجنب اعتداءات CPS باستخدام تقنيات التعلم الآلي والذكاء الاصطناعي. تم تقديم إطارًا جديدًا لاكتشاف الهجمات الإلكترونية، والذي يستفيد من التعلم الآلي والذكاء الاصطناعي (ML). تبدأعملية تنظيف البيانات في قاعدة بيانات CPS بإجراء التطبيع للتخلص من الأخطاء والتكرارات ويتم ذلك بحيث تكون البيانات متسقة طوال الوقت. التحليل التمييزي الخطي هو الطريقة المستخدمة للحصول على الميزات ، وتعرف باسم (LDA). كآلية لتحديد الهجمات الإلكترونية، كانت العملية المستخدمة المقترحة هي عملية SFL-HMM بالتزامن مع إجراء HMS-ACO. تم تقييم الإستراتيجية الجديدة باستخدام محاكاة MATLAB، ومقارنة المقاييس التي تم الحصول عليها من تلك المحاكاة بالمقاييس الواردة من الطرق السابقة. لقد ثبت أن إطار عمل البحث أكثر فعالية بشكل كبير من التقنيات التقليدية في الحفاظ على درجات عالية من الخصوصية، كما قد اتضح من نتائج عدد من التحقيقات المنفصلة. بالإضافة إلى ذلك، من حيث معدل الاكتشاف، والمعدل الإيجابي الخاطئ، ووقت الحساب، على التوالي ، تتفوق الطريقة المقترحة في البحث على طرق الكشف التقليدية.In general, cyber-physical systems (also known as CPS) consist of networked components that allow for remote access, monitoring, and examination. Because they were integrated into an unsecured network, they have been the target of multiple cyberattacks. In the event that there was a breach in internet security, an adversary would be able to damage the system, which may have devastating effects. Thus, it is extremely important to maintain the credibility of the CPS. It is becoming increasingly difficult to identify assaults on computerised policing systems (CPSs) as these systems become more of a target for hackers and cyberthreats. It is feasible that Machine Learning (ML) as well as Artificial Intelligence (AI), may also make it the finest of times. Both of these outcomes are plausible. Technology based on artificial intelligence (AI) can play a role in the growth and success of a wide range of different types of enterprises in a variety of different ways. The goal of this type of data analysis is to avoid CPS assaults using machine learning and artificial intelligence techniques.   A new framework was offered for the detection of cyberattacks, which makes use of machine learning and artificial intelligence (ML). the process of cleaning up the data in the CPS database is starting by performing normalisation in order to get rid of errors and duplicates. This is done so that the data is consistent throughout. Linear Discriminant Analysis is the method that is used to get the features, and it is known as that (LDA). As a mechanism for the identification of cyberattacks, The suggested used process was the SFL-HMM process in conjunction with the HMS-ACO procedure. The new strategy is evaluated using a MATLAB simulation, and the metrics obtained from that simulation are compared to the metrics received from the earlier methods. The framework is shown to be substantially more effective than traditional techniques in the upkeep of high degrees of privacy, as demonstrated by the outcomes of a number of separate investigations. In addition, in terms of detection rate, false positive rate, and computation time, respectively, the framework beats traditional detection methods

A Review on Cybersecurity based on Machine Learning and Deep Learning Algorithms

Machin learning (ML) and Deep Learning (DL) technique have been widely applied to areas like image processing and speech recognition so far. Likewise, ML and DL plays a critical role in detecting and preventing in the field of cybersecurity. In this review, we focus on recent ML and DL algorithms that have been proposed in cybersecurity, network intrusion detection, malware detection. We also discuss key elements of cybersecurity, main principle of information security and the most common methods used to threaten cybersecurity. Finally, concluding remarks are discussed including the possible research topics that can be taken into consideration to enhance various cyber security applications using DL and ML algorithms

An Efficient Multistage Fusion Approach for Smartphone Security Analysis

Android smartphone ecosystem is inundated with innumerable applications mainly developed by third party contenders leading to high vulnerability of these devices. In addition, proliferation of smartphone usage along with their potential applications in diverse field entice malware community to develop new malwares to attack these devices. In order to overcome these issues, an android malware detection framework is proposed wherein an efficient multistage fusion approach is introduced. For this, a robust unified feature vector is created by fusion of transformed feature matrices corresponding to multi-cue using non-linear graph based cross-diffusion. Unified feature is further subjected to multiple classifiers to obtain their classification scores. Classifier scores are further optimally fused employing Dezert-Smarandache Theory (DSmT). Strength of suggested model is assessed both qualitatively and quantitatively by ten-fold cross-validation on the benchmarked datasets. On an average of outcome, we achieved detection accuracy of 98.97% and F-measure of 0.9936.&nbsp

A model for multi-attack classification to improve intrusion detection performance using deep learning approaches

This proposed model introduces novel deep learning methodologies. The objective here is to create a reliable intrusion detection mechanism to help identify malicious attacks. Deep learning based solution framework is developed consisting of three approaches. The first approach is Long-Short Term Memory Recurrent Neural Network (LSTM-RNN) with seven optimizer functions such as adamax, SGD, adagrad, adam, RMSprop, nadam and adadelta. The model is evaluated on NSL-KDD dataset and classified multi attack classification. The model has outperformed with adamax optimizer in terms of accuracy, detection rate and low false alarm rate. The results of LSTM-RNN with adamax optimizer is compared with existing shallow machine and deep learning models in terms of accuracy, detection rate and low false alarm rate. The multi model methodology consisting of Recurrent Neural Network (RNN), Long-Short Term Memory Recurrent Neural Network (LSTM-RNN), and Deep Neural Network (DNN). The multi models are evaluated on bench mark datasets such as KDD99, NSL-KDD, and UNSWNB15 datasets. The models self-learnt the features and classifies the attack classes as multi-attack classification. The models RNN, and LSTM-RNN provide considerable performance compared to other existing methods on KDD99 and NSL-KDD datase

Graph Mining for Cybersecurity: A Survey

The explosive growth of cyber attacks nowadays, such as malware, spam, and intrusions, caused severe consequences on society. Securing cyberspace has become an utmost concern for organizations and governments. Traditional Machine Learning (ML) based methods are extensively used in detecting cyber threats, but they hardly model the correlations between real-world cyber entities. In recent years, with the proliferation of graph mining techniques, many researchers investigated these techniques for capturing correlations between cyber entities and achieving high performance. It is imperative to summarize existing graph-based cybersecurity solutions to provide a guide for future studies. Therefore, as a key contribution of this paper, we provide a comprehensive review of graph mining for cybersecurity, including an overview of cybersecurity tasks, the typical graph mining techniques, and the general process of applying them to cybersecurity, as well as various solutions for different cybersecurity tasks. For each task, we probe into relevant methods and highlight the graph types, graph approaches, and task levels in their modeling. Furthermore, we collect open datasets and toolkits for graph-based cybersecurity. Finally, we outlook the potential directions of this field for future research

Deep Transfer Learning Applications in Intrusion Detection Systems: A Comprehensive Review

Globally, the external Internet is increasingly being connected to the contemporary industrial control system. As a result, there is an immediate need to protect the network from several threats. The key infrastructure of industrial activity may be protected from harm by using an intrusion detection system (IDS), a preventive measure mechanism, to recognize new kinds of dangerous threats and hostile activities. The most recent artificial intelligence (AI) techniques used to create IDS in many kinds of industrial control networks are examined in this study, with a particular emphasis on IDS-based deep transfer learning (DTL). This latter can be seen as a type of information fusion that merge, and/or adapt knowledge from multiple domains to enhance the performance of the target task, particularly when the labeled data in the target domain is scarce. Publications issued after 2015 were taken into account. These selected publications were divided into three categories: DTL-only and IDS-only are involved in the introduction and background, and DTL-based IDS papers are involved in the core papers of this review. Researchers will be able to have a better grasp of the current state of DTL approaches used in IDS in many different types of networks by reading this review paper. Other useful information, such as the datasets used, the sort of DTL employed, the pre-trained network, IDS techniques, the evaluation metrics including accuracy/F-score and false alarm rate (FAR), and the improvement gained, were also covered. The algorithms, and methods used in several studies, or illustrate deeply and clearly the principle in any DTL-based IDS subcategory are presented to the reader

Threat modelling with UML for cybersecurity risk management in OT-IT integrated infrastructures

A strong cybersecurity threat management can provide a good security situation against malicious attacks designed to access, modify, delete, destroy or capture user or organization systems and sensitive data. In this work, first the issue of cybersecurity is described, then the common attacks of OT-IT integrated systems as target systems are examined. The concentration area of this thesis is about the security of OT-IT systems. The purpose of this thesis is to provide a Cybersecurity risk management solution fundamentally focused on detecting common cybersecurity intrusions which are widely being used by the malicious attacks to forcefully abuse or take advantage of preciously a computer network. The main idea of this project is to providing a solution which can help the cybersecurity experts of OT-IT companies to catch the abnormalities of the network practically by the time a pre-defined intrusion is being executed by an attacker, in order to give more defensive power against the possible threats. In chapter 3 There will be proposed model is designed with UML and SysML in Eclipse Papyrus software which is a great tool to model a system. Here, I presented a threat modeling detection system which is practically an IDS. Finally, the model will be implemented using the PCA methods and the SVM, which are part of machine learning techniques. The Intrusion Detection System is implemented and the results show the high efficiency of the proposed method

Improved Detection for Advanced Polymorphic Malware

Malicious Software (malware) attacks across the internet are increasing at an alarming rate. Cyber-attacks have become increasingly more sophisticated and targeted. These targeted attacks are aimed at compromising networks, stealing personal financial information and removing sensitive data or disrupting operations. Current malware detection approaches work well for previously known signatures. However, malware developers utilize techniques to mutate and change software properties (signatures) to avoid and evade detection. Polymorphic malware is practically undetectable with signature-based defensive technologies. Today’s effective detection rate for polymorphic malware detection ranges from 68.75% to 81.25%. New techniques are needed to improve malware detection rates. Improved detection of polymorphic malware can only be accomplished by extracting features beyond the signature realm. Targeted detection for polymorphic malware must rely upon extracting key features and characteristics for advanced analysis. Traditionally, malware researchers have relied on limited dimensional features such as behavior (dynamic) or source/execution code analysis (static). This study’s focus was to extract and evaluate a limited set of multidimensional topological data in order to improve detection for polymorphic malware. This study used multidimensional analysis (file properties, static and dynamic analysis) with machine learning algorithms to improve malware detection. This research demonstrated improved polymorphic malware detection can be achieved with machine learning. This study conducted a number of experiments using a standard experimental testing protocol. This study utilized three advanced algorithms (Metabagging (MB), Instance Based k-Means (IBk) and Deep Learning Multi-Layer Perceptron) with a limited set of multidimensional data. Experimental results delivered detection results above 99.43%. In addition, the experiments delivered near zero false positives. The study’s approach was based on single case experimental design, a well-accepted protocol for progressive testing. The study constructed a prototype to automate feature extraction, assemble files for analysis, and analyze results through multiple clustering algorithms. The study performed an evaluation of large malware sample datasets to understand effectiveness across a wide range of malware. The study developed an integrated framework which automated feature extraction for multidimensional analysis. The feature extraction framework consisted of four modules: 1) a pre-process module that extracts and generates topological features based on static analysis of machine code and file characteristics, 2) a behavioral analysis module that extracts behavioral characteristics based on file execution (dynamic analysis), 3) an input file construction and submission module, and 4) a machine learning module that employs various advanced algorithms. As with most studies, careful attention was paid to false positive and false negative rates which reduce their overall detection accuracy and effectiveness. This study provided a novel approach to expand the malware body of knowledge and improve the detection for polymorphic malware targeting Microsoft operating systems

Protecting Android Devices from Malware Attacks: A State-of-the-Art Report of Concepts, Modern Learning Models and Challenges

Advancements in microelectronics have increased the popularity of mobile devices like cellphones, tablets, e-readers, and PDAs. Android, with its open-source platform, broad device support, customizability, and integration with the Google ecosystem, has become the leading operating system for mobile devices. While Android's openness brings benefits, it has downsides like a lack of official support, fragmentation, complexity, and security risks if not maintained. Malware exploits these vulnerabilities for unauthorized actions and data theft. To enhance device security, static and dynamic analysis techniques can be employed. However, current attackers are becoming increasingly sophisticated, and they are employing packaging, code obfuscation, and encryption techniques to evade detection models. Researchers prefer flexible artificial intelligence methods, particularly deep learning models, for detecting and classifying malware on Android systems. In this survey study, a detailed literature review was conducted to investigate and analyze how deep learning approaches have been applied to malware detection on Android systems. The study also provides an overview of the Android architecture, datasets used for deep learning-based detection, and open issues that will be studied in the future