Mayall:a framework for desktop JavaScript auditing and post-exploitation analysis

Writing desktop applications in JavaScript offers developers the opportunity to write cross-platform applications with cutting edge capabilities. However in doing so, they are potentially submitting their code to a number of unsanctioned modifications from malicious actors. Electron is one such JavaScript application framework which facilitates this multi-platform out-the-box paradigm and is based upon the Node.js JavaScript runtime --- an increasingly popular server-side technology. In bringing this technology to the client-side environment, previously unrealized risks are exposed to users due to the powerful system programming interface that Node.js exposes. In a concerted effort to highlight previously unexposed risks in these rapidly expanding frameworks, this paper presents the Mayall Framework, an extensible toolkit aimed at JavaScript security auditing and post-exploitation analysis. The paper also exposes fifteen highly popular Electron applications and demonstrates that two thirds of applications were found to be using known vulnerable elements with high CVSS scores. Moreover, this paper discloses a wide-reaching and overlooked vulnerability within the Electron Framework which is a direct byproduct of shipping the runtime unaltered with each application, allowing malicious actors to modify source code and inject covert malware inside verified and signed applications without restriction. Finally, a number of injection vectors are explored and appropriate remediations are proposed

Reducing risky security behaviours:utilising affective feedback to educate users

Despite the number of tools created to help end-users reduce risky security behaviours, users are still falling victim to online attacks. This paper proposes a browser extension utilising affective feedback to provide warnings on detection of risky behaviour. The paper provides an overview of behaviour considered to be risky, explaining potential threats users may face online. Existing tools developed to reduce risky security behaviours in end-users have been compared, discussing the success rate of various methodologies. Ongoing research is described which attempts to educate users regarding the risks and consequences of poor security behaviour by providing the appropriate feedback on the automatic recognition of risky behaviour. The paper concludes that a solution utilising a browser extension is a suitable method of monitoring potentially risky security behaviour. Ultimately, future work seeks to implement an affective feedback mechanism within the browser extension with the aim of improving security awareness

Artificial intelligence in the cyber domain: Offense and defense

Artificial intelligence techniques have grown rapidly in recent years, and their applications in practice can be seen in many fields, ranging from facial recognition to image analysis. In the cybersecurity domain, AI-based techniques can provide better cyber defense tools and help adversaries improve methods of attack. However, malicious actors are aware of the new prospects too and will probably attempt to use them for nefarious purposes. This survey paper aims at providing an overview of how artificial intelligence can be used in the context of cybersecurity in both offense and defense.Web of Science123art. no. 41

Cybersecurity in Health Systems: Challenges, And Proposals

The new rise in network safety breaks in medical care organizations has put patients' security at a higher risk of being uncovered. In spite of this danger and the extra danger posed by such incidents to patients' safety, as well as functional and monetary dangers to medical care organizations, few studies have deliberately analysed the cyber security risks in medical care. To establish a strong starting point for medical services organizations and policymakers in better comprehension the intricacy of the issue of cyber security, this study investigates the significant sort of cyber security risks for health care organizations and makes sense of the roles of the four keys (cyber attackers, cyber defenders, developers, and end users) in cyber security. Finally, the paper studies a group of recommendations for the policymakers and health care organizations to reinforce cybersecurity in their organizations

A Hybrid Model for Android Malware Detection using Decision Tree and KNN

Malwares are becoming a major problem nowadays all around the world in android operating systems. The malware is a piece of software developed for harming or exploiting certain other hardware as well as software. The term Malware is also known as malicious software which is utilized to define Trojans, viruses, as well as other kinds of spyware. There have been developed many kinds of techniques for protecting the android operating systems from malware during the last decade. However, the existing techniques have numerous drawbacks such as accuracy to detect the type of malware in real-time in a quick manner for protecting the android operating systems. In this article, the authors developed a hybrid model for android malware detection using a decision tree and KNN (k-nearest neighbours) technique. First, Dalvik opcode, as well as real opcode, was pulled out by using the reverse procedure of the android software. Secondly, eigenvectors of sampling were produced by utilizing the n-gram model. Our suggested hybrid model efficiently combines KNN along with the decision tree for effective detection of the android malware in real-time. The outcome of the proposed scheme illustrates that the proposed hybrid model is better in terms of the accurate detection of any kind of malware from the Android operating system in a fast and accurate manner. In this experiment, 815 sample size was selected for the normal samples and the 3268-sample size was selected for the malicious samples. Our proposed hybrid model provides pragmatic values of the parameters namely precision, ACC along with the Recall, and F1 such as 0.93, 0.98, 0.96, and 0.99 along with 0.94, 0.99, 0.93, and 0.99 respectively. In the future, there are vital possibilities to carry out more research in this field to develop new methods for Android malware detection

Detection Of Insider Attacks In Block Chain Network Using The Trusted Two Way Intrusion Detection System

For data privacy, system reliability, and security, Blockchain technologies have become more popular in recent years. Despite its usefulness, the blockchain is vulnerable to cyber assaults; for example, in January 2019 a 51% attack on Ethereum Classic successfully exposed flaws in the platform's security. From a statistical point of view, attacks represent a highly unusual occurrence that deviates significantly from the norm. Blockchain attack detection may benefit from Deep Learning, a field of study whose aim is to discover insights, patterns, and anomalies within massive data repositories. In this work, we define an trusted two way intrusion detection system based on a Hierarchical weighed fuzzy algorithm and self-organized stacked network (SOSN) deep learning model, that is trained exploiting aggregate information extracted by monitoring blockchain activities. Here initially the smart contract handles the node authentication. The purpose of authenticating the node is to ensure that only specific nodes can submit and retrieve the information. We implement Hierarchical weighed fuzzy algorithm to evaluate the trust ability of the transaction nodes. Then the transaction verification step ensures that all malicious transactions or activities on the submitted transaction by self-organized stacked network deep learning model. The whole experimentation was carried out under matlab environment. Extensive experimental results confirm that our suggested detection method has better performance over important indicators such as Precision, Recall, F-Score, overhead

Current Cyber Security Challenges

We have experienced exponential technical improvement during the last ten years. Cybersecurity issues are a result of the cyber world\u27s increasing growth. Due to the way cybercriminals have adjusted their tactics to the new environment, there are now significant CS challenges. More than 20 years later, the quantity and severity of cybercrimes have skyrocketed in just a few years as a result of previously unheard-of occurrences like the COVID-19 epidemic, contested elections, and rising geopolitical upheaval. Over time, it is likely that security risks will advance in sophistication and cost us more money: according to analysts, the worldwide cost of cybercrime will rise from $3 trillion in 2015 to$10.5 trillion in 2025, a 15% increase. The secret to averting a CS assault is proactive protection. Discover the top CS risks that, according to experts, the globe will face in 2022, along with what you can do to prevent yourself and your company from becoming a target. As a result, the sector is seeing an increase in demand for specialists who can decisively address security issues, creating the foundation for a safer cyberspace. If you are interested in developing a career in this field, you might think about checking out these CS courses. You could also look at the premium selection of CS courses

Intellectual Feature Ranking Model with Correlated Feature Set based Malware Detection in Cloud environment using Machine Learning

Malware detection for cloud systems has been studied extensively, and many different approaches have been developed and implemented in an effort to stay ahead of this ever-evolving threat. Malware refers to any programme or defect that is designed to duplicate itself or cause damage to the system's hardware or software. These attacks are designed specifically to cause harm to operational systems, but they are invisible to the human eye. One of the most exciting developments in data storage and service delivery today is cloud computing. There are significant benefits to be gained over more conventional protection methods by making use of this fast evolving technology to protect computer-based systems from cyber-related threats. Assets to be secured may reside in any networked computing environment, including but not limited to Cyber Physical Systems (CPS), critical systems, fixed and portable computers, mobile devices, and the Internet of Things (IoT). Malicious software or malware refers to any programme that intentionally compromises a computer system in order to compromise its security, privacy, or availability. A cloud-based intelligent behavior analysis model for malware detection system using feature set is proposed to identify the ever-increasing malware attacks. The suggested system begins by collecting malware samples from several virtual machines, from which unique characteristics can be extracted easily. Then, the malicious and safe samples are separated using the features provided to the learning-based and rule-based detection agents. To generate a relevant feature set for accurate malware detection, this research proposes an Intellectual Feature Ranking Model with Correlated Feature Set (IFR-CFS) model using enhanced logistic regression model for accurate detection of malware in the cloud environment. The proposed model when compared to the traditional feature selection model, performs better in generation of feature set for accurate detection of malware