Advanced persistent threats detection based on deep learning approach.

Advanced Persistent Threats (APTs) have been a major challenge in securing both Information Technology (IT) and Operational Technology (OT) systems. APT is a sophisticated attack that masquerade their actions to navigates around defenses, breach networks, often, over multiple network hosts and evades detection. It also uses "low-and-slow" approach over a long period of time. Resource availability, integrity, and confidentiality of the operational cyber-physical systems (CPS) state and control is highly impacted by the safety and security measures in place. A framework multi-stage detection approach termed "APTDASAC" to detect different tactics, techniques, and procedures (TTPs) used during various APT steps is proposed. Implementation was carried out in three stages: (i) Data input and probing layer - this involves data gathering and preprocessing, (ii) Data analysis layer; applies the core process of "APTDASAC" to learn the behaviour of attack steps from the sequence data, correlate and link the related output and, (iii) Decision layer; the ensemble probability approach is utilized to integrate the output and make attack prediction. The framework was validated with three different datasets and three case studies. The proposed approach achieved a significant attacks detection capability of 86.36% with loss as 0.32%, demonstrating that attack detection techniques applied that performed well in one domain may not yield the same good result in another domain. This suggests that robustness and resilience of operational systems state to withstand attack and maintain system performance are regulated by the safety and security measures in place, which is specific to the system in question

Handling minority class problem in threats detection based on heterogeneous ensemble learning approach.

Multiclass problem, such as detecting multi-steps behaviour of Advanced Persistent Threats (APTs) have been a major global challenge, due to their capability to navigates around defenses and to evade detection for a prolonged period of time. Targeted APT attacks present an increasing concern for both cyber security and business continuity. Detecting the rare attack is a classification problem with data imbalance. This paper explores the applications of data resampling techniques, together with heterogeneous ensemble approach for dealing with data imbalance caused by unevenly distributed data elements among classes with our focus on capturing the rare attack. It has been shown that the suggested algorithms provide not only detection capability, but can also classify malicious data traffic corresponding to rare APT attacks

Detection of false command and response injection attacks for cyber physical systems security and resilience.

The operational cyber-physical system (CPS) state, safety and resource availability is impacted by the safety and security measures in place. This paper focused on i) command injection (CI) attack that alters the system behaviour through injection of false control and configuration commands into a control system and ii) response injection (RI) attacks that modifies the response from server to client, thereby providing false information about system state. In this project, we implemented deep learning (DL) multi-layered security model approach for securing industrial control system (ICS) against malicious CI and RI attacks. We validated this approach with two case studies: i) network transactions between a Remote Terminal Unit (RTU) and a Master Control Unit (MTU) in-house SCADA gas pipeline control system and ii) a case study of command and response injection attacks. Based on this project result, we show that the proposed approach achieved a significant attacks detection capability of 96.50%. Also, demonstrated that performance of attack detection techniques applied can be influences by the nature of network transactions with respect to the domain of application. Hence, robustness and resilience of operational CPS state and performance are influenced by the safety and security measures in place which is specific to the CPS device in question

Securing information systems against advanced persistent threats (APTs).

Advanced Persistent Threats (APTs) have been a major challenge in securing both Information Technology (IT) and Operational Technology (OT) systems. APTs are sophisticated attacks that masquerade their actions to navigate around defenses, breach networks, often over multiple network hosts, and evade detection. APTs also use a "low-and-slow" approach over a long period of time. While APTs have drawn increasing attention from the industrial security community, recent security products are inadequate at helping companies defend against APTs attacks due to APTs' prolonged, stealthy characteristics, sophisticated levels of expertise and significant resources. The current best practice for dealing with APTs requires a wide range of security countermeasures, resulting in a multi-step detection approach that opens new research directions. The detection of a single step of APT lifecycle does not infer detection of a complete APT full scenario. The accurate detection and prevention of APT in real time is an ongoing challenge. This research aims to investigate APT attack detection and develop a novel multi-step APT attack detection framework to detect APT attack steps. An APT steps analysis and correlation framework termed "APTDASAC" is proposed. This approach takes into consideration the distributed and multi-level nature of industrial control system (ICS) architecture, and reflects on multi-step APT attack lifecycles. The implementation is carried out in three stages: stage one is "Data input and probing layer", which involves data gathering and processing; the second stage is "Data analysis and Correlation layer", which applies the core process of APTDASAC to learn the behaviour of attack steps from the sequence data, correlate and link the related output; and stage three "Decision layer", in which the ensemble probability approach is utilized to integrate the output and make attack prediction. The framework was validated with four different datasets and four case studies: i) network transactions between a remote terminal unit (RTU) and a master control unit (MTU) in-house supervisory control and data acquisition (SCADA) gas pipeline control system; ii) a case study of command and response injection attack; iii) a scenario based on network traffic containing hybrid of the real modern normal and the contemporary synthesized attack activities of the network traffic; and iv) APT_alerts - a historic record of APT alerts generated through a monitored network. The system achieved the probability average prediction accuracy of 86.73%. It also achieved a significant detection rate of 93.50%, 80.98%, 85.19% and 80.90% for each individual APT lifecycle detectable steps (A, B, C and D). Experimentally, APTDASAC achieved a significant attacks detection capability, but also demonstrated that attack detection techniques that performed very well in one domain may not yield the same good result in another domain. This suggests that the robustness and resilience of operational systems to withstand attack and maintain system performance and resilience are determined by the safety and security measures in place, which are specific to the system in question

The use of machine learning algorithms for detecting advanced persistent threats.

Advanced Persistent Threats (APTs) have been a major challenge in securing both Information Technology (IT) and Operational Technology (OT) systems. Due to their capability to navigates around defenses and to evade detection for a prolonged period of time, targeted APT attacks present an increasing concern for both cyber security and business continuity personnel. This paper explores the application of Artificial Immune System (AIS) and Recurrent Neural Networks (RNNs) variants for APT detection. It has been shown that the variants of the suggested algorithms provide not only detection capability, but can also classify malicious data traffic with respect to the type of APT attacks

Factors Associated with Revision Surgery after Internal Fixation of Hip Fractures

Background: Femoral neck fractures are associated with high rates of revision surgery after management with internal fixation. Using data from the Fixation using Alternative Implants for the Treatment of Hip fractures (FAITH) trial evaluating methods of internal fixation in patients with femoral neck fractures, we investigated associations between baseline and surgical factors and the need for revision surgery to promote healing, relieve pain, treat infection or improve function over 24 months postsurgery. Additionally, we investigated factors associated with (1) hardware removal and (2) implant exchange from cancellous screws (CS) or sliding hip screw (SHS) to total hip arthroplasty, hemiarthroplasty, or another internal fixation device. Methods: We identified 15 potential factors a priori that may be associated with revision surgery, 7 with hardware removal, and 14 with implant exchange. We used multivariable Cox proportional hazards analyses in our investigation. Results: Factors associated with increased risk of revision surgery included: female sex, [hazard ratio (HR) 1.79, 95% confidence interval (CI) 1.25-2.50; P = 0.001], higher body mass index (fo

Framework for detecting APTs based on steps analysis and correlation.

An advanced persistent threatAdvanced persistent threat, (APTAPT), is an attack that uses multiple attack behavior to penetrate a system, achieve specifically targeted and highly valuable goals within a system. This type of attack has presented an increasing concern for cyber-security and business continuity. The resource availability, integrity, and confidentiality of the operational cyber-physical systems' (CPS) state and control are highly impacted by the safety and security measures adopted. In this study, we propose a framework based on deep APT steps analysis and correlation, of APTs approach abbreviated as ``APT-DASACAPT-DASAC'', for securing industrial control systems (ICSs) against APTs. This approach takes into consideration the distributed and multi-level nature of ICS architecture and reflects on multi-step APT attack lifecycle. We validated the framework with three case studies: (i) network transactions between a remote terminal unit (RTU)Remote Terminal Unit (RTU) and a master control unit (MTU)Master Control Unit (MTU) within a supervisory control and data acquisition (SCADASCADA) gas pipeline control system, (ii) a case study of command and response injection attacks, and (iii) a scenario based on network traffic containing hybrid of the real modern normal and the contemporary synthesized attack activities of the network traffic. Based on the achieved result, we show that the proposed approach achieves a significant attack detection capability and demonstrates that attack detection techniques that performed very well in one application domain may not yield the same result in another. Hence, robustness and resilience of operational CPS state or any system and performance are determined by the security measures in place, which is specific to the application system and domain

How Moral Distress Contributes to Depression Varies by Gender in a Sample of Sub-Saharan African Nurses

Although research has shown that moral distress harms mental health in diverse populations, information on potential moderators of such associations is scarce. In a sample of sub-Saharan African nurses, we examined the link between moral distress and depressive symptoms. We explored for whom and when such relationships may hold with regard to gender, age, and work experience. Participants consisted of 398 nurses drawn from a tertiary healthcare institution in southeastern Nigeria. Data were collected using the Moral Distress Questionnaire (MDQ) for clinical nurses, and the Center for Epidemiological Studies Depression Scale Revised (CEDS-R). Hayes regression-based macro results for the moderation effects indicated that the association of high moral distress with increased depressive symptoms was robust for women but not significant for men. Although older age and higher years of nursing experience were associated with reduced symptoms of depression, nurses’ age and years of work experience did not moderate the relationship between moral distress and depressive symptoms. To promote mental well-being and preserve the integrity of nurses, gender-based differentials in how morals contribute depressive symptoms should be considered in policy and practice