3,929 research outputs found
Artificial intelligence in the cyber domain: Offense and defense
Artificial intelligence techniques have grown rapidly in recent years, and their applications in practice can be seen in many fields, ranging from facial recognition to image analysis. In the cybersecurity domain, AI-based techniques can provide better cyber defense tools and help adversaries improve methods of attack. However, malicious actors are aware of the new prospects too and will probably attempt to use them for nefarious purposes. This survey paper aims at providing an overview of how artificial intelligence can be used in the context of cybersecurity in both offense and defense.Web of Science123art. no. 41
Machine Learning-Enabled IoT Security: Open Issues and Challenges Under Advanced Persistent Threats
Despite its technological benefits, Internet of Things (IoT) has cyber
weaknesses due to the vulnerabilities in the wireless medium. Machine learning
(ML)-based methods are widely used against cyber threats in IoT networks with
promising performance. Advanced persistent threat (APT) is prominent for
cybercriminals to compromise networks, and it is crucial to long-term and
harmful characteristics. However, it is difficult to apply ML-based approaches
to identify APT attacks to obtain a promising detection performance due to an
extremely small percentage among normal traffic. There are limited surveys to
fully investigate APT attacks in IoT networks due to the lack of public
datasets with all types of APT attacks. It is worth to bridge the
state-of-the-art in network attack detection with APT attack detection in a
comprehensive review article. This survey article reviews the security
challenges in IoT networks and presents the well-known attacks, APT attacks,
and threat models in IoT systems. Meanwhile, signature-based, anomaly-based,
and hybrid intrusion detection systems are summarized for IoT networks. The
article highlights statistical insights regarding frequently applied ML-based
methods against network intrusion alongside the number of attacks types
detected. Finally, open issues and challenges for common network intrusion and
APT attacks are presented for future research.Comment: ACM Computing Surveys, 2022, 35 pages, 10 Figures, 8 Table
Secure Distributed Dynamic State Estimation in Wide-Area Smart Grids
Smart grid is a large complex network with a myriad of vulnerabilities,
usually operated in adversarial settings and regulated based on estimated
system states. In this study, we propose a novel highly secure distributed
dynamic state estimation mechanism for wide-area (multi-area) smart grids,
composed of geographically separated subregions, each supervised by a local
control center. We firstly propose a distributed state estimator assuming
regular system operation, that achieves near-optimal performance based on the
local Kalman filters and with the exchange of necessary information between
local centers. To enhance the security, we further propose to (i) protect the
network database and the network communication channels against attacks and
data manipulations via a blockchain (BC)-based system design, where the BC
operates on the peer-to-peer network of local centers, (ii) locally detect the
measurement anomalies in real-time to eliminate their effects on the state
estimation process, and (iii) detect misbehaving (hacked/faulty) local centers
in real-time via a distributed trust management scheme over the network. We
provide theoretical guarantees regarding the false alarm rates of the proposed
detection schemes, where the false alarms can be easily controlled. Numerical
studies illustrate that the proposed mechanism offers reliable state estimation
under regular system operation, timely and accurate detection of anomalies, and
good state recovery performance in case of anomalies
APT Adversarial Defence Mechanism for Industrial IoT Enabled Cyber-Physical System
The objective of Advanced Persistent Threat (APT) attacks is to exploit Cyber-Physical Systems (CPSs) in combination with the Industrial Internet of Things (I-IoT) by using fast attack methods. Machine learning (ML) techniques have shown potential in identifying APT attacks in autonomous and malware detection systems. However, detecting hidden APT attacks in the I-IoT-enabled CPS domain and achieving real-time accuracy in detection present significant challenges for these techniques. To overcome these issues, a new approach is suggested that is based on the Graph Attention Network (GAN), a multi-dimensional algorithm that captures behavioral features along with the relevant information that other methods do not deliver. This approach utilizes masked self-attentional layers to address the limitations of prior Deep Learning (DL) methods that rely on convolutions. Two datasets, the DAPT2020 malware, and Edge I-IoT datasets are used to evaluate the approach, and it attains the highest detection accuracy of 96.97% and 95.97%, with prediction time of 20.56 seconds and 21.65 seconds, respectively. The GAN approach is compared to conventional ML algorithms, and simulation results demonstrate a significant performance improvement over these algorithms in the I-IoT-enabled CPS realm
A critical review of cyber-physical security for building automation systems
Modern Building Automation Systems (BASs), as the brain that enables the
smartness of a smart building, often require increased connectivity both among
system components as well as with outside entities, such as optimized
automation via outsourced cloud analytics and increased building-grid
integrations. However, increased connectivity and accessibility come with
increased cyber security threats. BASs were historically developed as closed
environments with limited cyber-security considerations. As a result, BASs in
many buildings are vulnerable to cyber-attacks that may cause adverse
consequences, such as occupant discomfort, excessive energy usage, and
unexpected equipment downtime. Therefore, there is a strong need to advance the
state-of-the-art in cyber-physical security for BASs and provide practical
solutions for attack mitigation in buildings. However, an inclusive and
systematic review of BAS vulnerabilities, potential cyber-attacks with impact
assessment, detection & defense approaches, and cyber-secure resilient control
strategies is currently lacking in the literature. This review paper fills the
gap by providing a comprehensive up-to-date review of cyber-physical security
for BASs at three levels in commercial buildings: management level, automation
level, and field level. The general BASs vulnerabilities and protocol-specific
vulnerabilities for the four dominant BAS protocols are reviewed, followed by a
discussion on four attack targets and seven potential attack scenarios. The
impact of cyber-attacks on BASs is summarized as signal corruption, signal
delaying, and signal blocking. The typical cyber-attack detection and defense
approaches are identified at the three levels. Cyber-secure resilient control
strategies for BASs under attack are categorized into passive and active
resilient control schemes. Open challenges and future opportunities are finally
discussed.Comment: 38 pages, 7 figures, 6 tables, submitted to Annual Reviews in Contro
Advances in Cybercrime Prediction: A Survey of Machine, Deep, Transfer, and Adaptive Learning Techniques
Cybercrime is a growing threat to organizations and individuals worldwide,
with criminals using increasingly sophisticated techniques to breach security
systems and steal sensitive data. In recent years, machine learning, deep
learning, and transfer learning techniques have emerged as promising tools for
predicting cybercrime and preventing it before it occurs. This paper aims to
provide a comprehensive survey of the latest advancements in cybercrime
prediction using above mentioned techniques, highlighting the latest research
related to each approach. For this purpose, we reviewed more than 150 research
articles and discussed around 50 most recent and relevant research articles. We
start the review by discussing some common methods used by cyber criminals and
then focus on the latest machine learning techniques and deep learning
techniques, such as recurrent and convolutional neural networks, which were
effective in detecting anomalous behavior and identifying potential threats. We
also discuss transfer learning, which allows models trained on one dataset to
be adapted for use on another dataset, and then focus on active and
reinforcement Learning as part of early-stage algorithmic research in
cybercrime prediction. Finally, we discuss critical innovations, research gaps,
and future research opportunities in Cybercrime prediction. Overall, this paper
presents a holistic view of cutting-edge developments in cybercrime prediction,
shedding light on the strengths and limitations of each method and equipping
researchers and practitioners with essential insights, publicly available
datasets, and resources necessary to develop efficient cybercrime prediction
systems.Comment: 27 Pages, 6 Figures, 4 Table
Digital Twins and the Future of their Use Enabling Shift Left and Shift Right Cybersecurity Operations
Digital Twins (DTs), optimize operations and monitor performance in Smart
Critical Systems (SCS) domains like smart grids and manufacturing. DT-based
cybersecurity solutions are in their infancy, lacking a unified strategy to
overcome challenges spanning next three to five decades. These challenges
include reliable data accessibility from Cyber-Physical Systems (CPS),
operating in unpredictable environments. Reliable data sources are pivotal for
intelligent cybersecurity operations aided with underlying modeling
capabilities across the SCS lifecycle, necessitating a DT. To address these
challenges, we propose Security Digital Twins (SDTs) collecting realtime data
from CPS, requiring the Shift Left and Shift Right (SLSR) design paradigm for
SDT to implement both design time and runtime cybersecurity operations.
Incorporating virtual CPS components (VC) in Cloud/Edge, data fusion to SDT
models is enabled with high reliability, providing threat insights and
enhancing cyber resilience. VC-enabled SDT ensures accurate data feeds for
security monitoring for both design and runtime. This design paradigm shift
propagates innovative SDT modeling and analytics for securing future critical
systems. This vision paper outlines intelligent SDT design through innovative
techniques, exploring hybrid intelligence with data-driven and rule-based
semantic SDT models. Various operational use cases are discussed for securing
smart critical systems through underlying modeling and analytics capabilities.Comment: IEEE Submitted Paper: Trust, Privacy and Security in Intelligent
Systems, and Application
LogShield: A Transformer-based APT Detection System Leveraging Self-Attention
Cyber attacks are often identified using system and network logs. There have
been significant prior works that utilize provenance graphs and ML techniques
to detect attacks, specifically advanced persistent threats, which are very
difficult to detect. Lately, there have been studies where transformer-based
language models are being used to detect various types of attacks from system
logs. However, no such attempts have been made in the case of APTs. In
addition, existing state-of-the-art techniques that use system provenance
graphs, lack a data processing framework generalized across datasets for
optimal performance. For mitigating this limitation as well as exploring the
effectiveness of transformer-based language models, this paper proposes
LogShield, a framework designed to detect APT attack patterns leveraging the
power of self-attention in transformers. We incorporate customized embedding
layers to effectively capture the context of event sequences derived from
provenance graphs. While acknowledging the computational overhead associated
with training transformer networks, our framework surpasses existing LSTM and
Language models regarding APT detection. We integrated the model parameters and
training procedure from the RoBERTa model and conducted extensive experiments
on well-known APT datasets (DARPA OpTC and DARPA TC E3). Our framework achieved
superior F1 scores of 98% and 95% on the two datasets respectively, surpassing
the F1 scores of 96% and 94% obtained by LSTM models. Our findings suggest that
LogShield's performance benefits from larger datasets and demonstrates its
potential for generalization across diverse domains. These findings contribute
to the advancement of APT attack detection methods and underscore the
significance of transformer-based architectures in addressing security
challenges in computer systems
A False Sense of Security — Organizations Need a Paradigm Shift on Protecting Themselves against APTs
Advanced Persistent Threats (APTs) are among the most complex cyberattacks and are generally executed by cyber-attackers linked to nation-states. An organization may have security strategies to prevent APTs. However, a false sense of security may exist when the focus is on implementing security strategies but not on the effectiveness of implemented security strategies. This research aims to find out 1) if organizations are in a false sense of security while preventing APT attacks, 2) what factors influence the false sense of security, and 3) whether organizational culture influence factors contributing to the false sense of security. A theoretical model is developed to evaluate the sense of security to answer the three research questions. The initial model includes seven independent variables, one moderator variable, and one dependent variable. We designed and conducted a survey among cybersecurity professionals to test 14 hypotheses on the sense of security. We further refined and finalized the model based on the data analysis from the survey data. This research confirms that employees are not confident about organizations‟ cybersecurity posture despite all the awareness training, technological advancements, and massive investment. We also identified key factors which influence the employee perception of cybersecurity posture. Based on the research findings, we provided recommendations that can be followed to improve the effectiveness of implemented security strategies
- …