The Method for Identifying the Scope of Cyberattack Stages in Relation to Their Impact on Cyber-Sustainability Control over a System

Industry X.0 is the new age of digitization, when information and communication systems are strongly linked to other systems and processes and are accessed remotely from anywhere at any time. The existing information systems’ security methods are ineffective because they should focus on and assess a broader range of factors in physical and digital spaces, especially because tactics of cybercrimes are always evolving and attackers are getting more inventive in searching for holes that might be exploited. To fight it, it is a need to be one step ahead of the attacker, including understanding the nature, stages and scope of the upcoming cyberattack. The objective of our research is to identify the impact of the scope of a cyberattack’s stages on the cyber resilience of an information and communication system, assessing the level of cybersecurity based on existing technical and operational measures. The research methodology includes a numerical simulation, an analytical comparison and experimental validation. The achieved results allow for the identification of up to 18 attack stages based on the aggregation of technical and organizational security metrics and detection sources. The analytical comparison proved the proposed method to be 13% more effective in identifying the stage of a cyberattack and its scope. Based on this research, the extensive scoping flexibility of the proposed method will enable additional control measures and methods that would reduce the impact of an attack on the robustness while increasing the cyber-sustainability of a system

Ensemble-Based Classification Using Neural Networks and Machine Learning Models for Windows PE Malware Detection

The security of information is among the greatest challenges facing organizations and institutions. Cybercrime has risen in frequency and magnitude in recent years, with new ways to steal, change and destroy information or disable information systems appearing every day. Among the types of penetration into the information systems where confidential information is processed is malware. An attacker injects malware into a computer system, after which he has full or partial access to critical information in the information system. This paper proposes an ensemble classification-based methodology for malware detection. The first-stage classification is performed by a stacked ensemble of dense (fully connected) and convolutional neural networks (CNN), while the final stage classification is performed by a meta-learner. For a meta-learner, we explore and compare 14 classifiers. For a baseline comparison, 13 machine learning methods are used: K-Nearest Neighbors, Linear Support Vector Machine (SVM), Radial basis function (RBF) SVM, Random Forest, AdaBoost, Decision Tree, ExtraTrees, Linear Discriminant Analysis, Logistic, Neural Net, Passive Classifier, Ridge Classifier and Stochastic Gradient Descent classifier. We present the results of experiments performed on the Classification of Malware with PE headers (ClaMP) dataset. The best performance is achieved by an ensemble of five dense and CNN neural networks, and the ExtraTrees classifier as a meta-learner

Leveraging Taxonomical Engineering for Security Baseline Compliance in International Regulatory Frameworks

A surge in successful Information Security (IS) breaches targeting Research and Education (R&E) institutions highlights a pressing need for enhanced protection. Addressing this, a consortium of European National Research and Education Network (NREN) organizations has developed a unified IS framework. This paper aims to introduce the Security Baseline for NRENs and a security maturity model tailored for R&E entities, derived from established security best practices to meet the specific needs of NRENs, universities, and various research institutions. The models currently in existence do not possess a system to smoothly correlate varying requirement tiers with distinct user groups or scenarios, baseline standards, and existing legislative actions. This segmentation poses a significant hurdle to the community’s capacity to guarantee consistency, congruency, and thorough compliance with a cohesive array of security standards and regulations. By employing taxonomical engineering principles, a mapping of baseline requirements to other security frameworks and regulations has been established. This reveals a correlation across most regulations impacting R&E institutions and uncovers an overlap in the high-level requirements, which is beneficial for the implementation of multiple standards. Consequently, organizations can systematically compare diverse security requirements, pinpoint gaps in their strategy, and formulate a roadmap to bolster their security initiatives

A Novel Approach for Network Intrusion Detection Using Multistage Deep Learning Image Recognition

The current rise in hacking and computer network attacks throughout the world has heightened the demand for improved intrusion detection and prevention solutions. The intrusion detection system (IDS) is critical in identifying abnormalities and assaults on the network, which have grown in size and pervasiveness. The paper proposes a novel approach for network intrusion detection using multistage deep learning image recognition. The network features are transformed into four-channel (Red, Green, Blue, and Alpha) images. The images then are used for classification to train and test the pre-trained deep learning model ResNet50. The proposed approach is evaluated using two publicly available benchmark datasets, UNSW-NB15 and BOUN Ddos. On the UNSW-NB15 dataset, the proposed approach achieves 99.8% accuracy in the detection of the generic attack. On the BOUN DDos dataset, the suggested approach achieves 99.7% accuracy in the detection of the DDos attack and 99.7% accuracy in the detection of the normal traffic

Sustainable and Security Focused Multimodal Models for Distance Learning

The COVID-19 pandemic has forced much education to move into a distance learning (DL) model. The problem addressed in the paper is related to the increased necessity for the capacity of data, secure infrastructure, Wi-Fi possibilities, and equipment, learning resources which are needed when students connect to systems managed by institutional, national, and international organizations. Meanwhile, there have been cases when learners were not able to use technology in a secure manner, since they were requested to connect to external learning objects or systems. The research aims to develop a sustainable strategy based on a security concept model that consists of three main components: (1) security assurance; (2) users, including administration, teachers, and learners; and (3) DL organizational processes. The security concept model can be implemented at different levels of security. We modelled all the possible levels of security. To implement the security concept model, we introduce a framework that consists of the following activities: plan, implement, review, and improve. These activities were performed in a never-ending loop. We provided the technical measures required to implement the appropriate security level of DL infrastructure. The technical measures were provided at the level of a system administrator. We enriched the framework by joining technical measures into appropriate activities within the framework. The models were validated by 10 experts from different higher education institutions. The feasibility of the data collection instrument was determined by a Cronbach’s alpha coefficient that was above 0.9

Educational Organization’s Security Level Estimation Model

During the pandemic, distance learning gained its necessity. Most schools and universities were forced to use e-learning tools. The fast transition to distance learning increased the digitalization of the educational system and influenced the increase of security incident numbers as there was no time to estimate the security level change by incorporating new e-learning systems. Notably, preparation for distance learning was accompanied by several limitations: lack of time, lack of resources to manage the information technologies and systems, lack of knowledge on information security management, and security level modeling. In this paper, we propose a security level estimation model for educational organizations. This model takes into account distance learning specifics and allows quantitative estimation of an organization’s security level. It is based on 49 criteria values, structured into an AHP (Analytic Hierarchy Process) tree, and arranged to final security level metric by incorporating experts’ opinion-based criteria importance coefficients. The research proposed a criteria tree and obtained experts’ opinions lead to educational organization security level evaluation model, resulting in one quantitative metric. It can be used to model different situations and find the better alternative in case of security level, without external security experts usage. Use case analysis results and their similarity to security experts’ evaluation are presented in this paper as validation of the proposed model. It confirms the model meets experts-based information security level ranking, therefore, can be used for simpler security modeling in educational organizations

Models for Administration to Ensure the Successful Transition to Distance Learning during the Pandemic

Lack of guidelines for implementing distance learning, lack of infrastructure, lack of competencies, and security-related problems were the challenges met during the pandemic. These challenges firstly fall on the administration of a higher education institution. To assist in solving the challenges of the pandemic for the administration of a higher education institution, the paper presents several models for the organization of the processes of distance learning. These models are as follows: a conceptual model of distance learning, a model of strategic planning of distance learning, a model of the assessment before the start of distance learning, a model of the preparation for distance learning, and a model of the process of distance learning and remote work. Student profile, lecturer profile, organizational environment, assessment, and planning of the infrastructure of information and communication technology (ICT), assessment and planning of the virtual learning environment, and assessment of distance learning competencies of participants of the study process are also considered. The developed models are based on five main processes of instructional design, i.e., analysis, design, development, implementation, and evaluation. The models provide guidelines for the administration of higher education institutions on the preparation and delivery of distance learning during the pandemic. The models were validated by 10 experts from different higher education institutions. The feasibility of the data collection instrument was determined by Cronbach’s alpha coefficient that is above 0.9

Sustainable and Security Focused Multimodal Models for Distance Learning

The COVID-19 pandemic has forced much education to move into a distance learning (DL) model. The problem addressed in the paper is related to the increased necessity for the capacity of data, secure infrastructure, Wi-Fi possibilities, and equipment, learning resources which are needed when students connect to systems managed by institutional, national, and international organizations. Meanwhile, there have been cases when learners were not able to use technology in a secure manner, since they were requested to connect to external learning objects or systems. The research aims to develop a sustainable strategy based on a security concept model that consists of three main components: (1) security assurance; (2) users, including administration, teachers, and learners; and (3) DL organizational processes. The security concept model can be implemented at different levels of security. We modelled all the possible levels of security. To implement the security concept model, we introduce a framework that consists of the following activities: plan, implement, review, and improve. These activities were performed in a never-ending loop. We provided the technical measures required to implement the appropriate security level of DL infrastructure. The technical measures were provided at the level of a system administrator. We enriched the framework by joining technical measures into appropriate activities within the framework. The models were validated by 10 experts from different higher education institutions. The feasibility of the data collection instrument was determined by a Cronbach’s alpha coefficient that was above 0.9