Ensemble Learning based Anomaly Detection for IoT Cybersecurity via Bayesian Hyperparameters Sensitivity Analysis

The Internet of Things (IoT) integrates more than billions of intelligent devices over the globe with the capability of communicating with other connected devices with little to no human intervention. IoT enables data aggregation and analysis on a large scale to improve life quality in many domains. In particular, data collected by IoT contain a tremendous amount of information for anomaly detection. The heterogeneous nature of IoT is both a challenge and an opportunity for cybersecurity. Traditional approaches in cybersecurity monitoring often require different kinds of data pre-processing and handling for various data types, which might be problematic for datasets that contain heterogeneous features. However, heterogeneous types of network devices can often capture a more diverse set of signals than a single type of device readings, which is particularly useful for anomaly detection. In this paper, we present a comprehensive study on using ensemble machine learning methods for enhancing IoT cybersecurity via anomaly detection. Rather than using one single machine learning model, ensemble learning combines the predictive power from multiple models, enhancing their predictive accuracy in heterogeneous datasets rather than using one single machine learning model. We propose a unified framework with ensemble learning that utilises Bayesian hyperparameter optimisation to adapt to a network environment that contains multiple IoT sensor readings. Experimentally, we illustrate their high predictive power when compared to traditional methods

An interpretable artificial intelligence based smart agriculture system

With increasing world population the demand of food production has increased exponentially. Internet of Things (IoT) based smart agriculture system can play a vital role in optimising crop yield by managing crop requirements in real-time. Interpretability can be an important factor to make such systems trusted and easily adopted by farmers. In this paper, we propose a novel artificial intelligence-based agriculture system that uses IoT data to monitor the environment and alerts farmers to take the required actions for maintaining ideal conditions for crop production. The strength of the proposed system is in its interpretability which makes it easy for farmers to understand, trust and use it. The use of fuzzy logic makes the system customisable in terms of types/number of sensors, type of crop, and adaptable for any soil types and weather conditions. The proposed system can identify anomalous data due to security breaches or hardware malfunction using machine learning algorithms. To ensure the viability of the system we have conducted thorough research related to agricultural factors such as soil type, soil moisture, soil temperature, plant life cycle, irrigation requirement and water application timing for Maize as our target crop. The experimental results show that our proposed system is interpretable, can detect anomalous data, and triggers actions accurately based on crop requirements

Behind the Code: Identifying Zero-Day Exploits in WordPress

The rising awareness of cybersecurity among governments and the public underscores the importance of effectively managing security incidents, especially zero-day attacks that exploit previously unknown software vulnerabilities. These zero-day attacks are particularly challenging because they exploit flaws that neither the public nor developers are aware of. In our study, we focused on dynamic application security testing (DAST) to investigate cross-site scripting (XSS) attacks. We closely examined 23 popular WordPress plugins, especially those requiring user or admin interactions, as these are frequent targets for XSS attacks. Our testing uncovered previously unknown zero-day vulnerabilities in three of these plugins. Through controlled environment testing, we accurately identified and thoroughly analyzed these XSS vulnerabilities, revealing their mechanisms, potential impacts, and the conditions under which they could be exploited. One of the most concerning findings was the potential for admin-side attacks, which could lead to multi-site insider threats. Specifically, we found vulnerabilities that allow for the insertion of malicious scripts, creating backdoors that unauthorized users can exploit. We demonstrated the severity of these vulnerabilities by employing a keylogger-based attack vector capable of silently capturing and extracting user data from the compromised plugins. Additionally, we tested a zero-click download strategy, allowing malware to be delivered without any user interaction, further highlighting the risks posed by these vulnerabilities. The National Institute of Standards and Technology (NIST) recognized these vulnerabilities and assigned them CVE numbers: CVE-2023-5119 for the Forminator plugin, CVE-2023-5228 for user registration and contact form issues, and CVE-2023-5955 for another critical plugin flaw. Our study emphasizes the critical importance of proactive security measures, such as rigorous input validation, regular security testing, and timely updates, to mitigate the risks posed by zero-day vulnerabilities. It also highlights the need for developers and administrators to stay vigilant and adopt strong security practices to defend against evolving threats

Public perceptions on climate change : a sentiment analysis approach

Public perception on climate change is a paramount component that affects the implementation of adaptation and mitigation measures. Taking into account the public perceptions on the issue may assist decision-makers in producing appropriate strategies to ameliorate the impacts of climate change. A corpus-driven sentiment analysis approach was done to classify the polarity of Malaysian public perceptions, identify the sentiment lexicon, and analyse the public sentiments. A part of a specialised corpus namely the Malaysian Diachronic Climate Change Corpus (MyDCCC) was developed from The Sun Daily and was used as the data for this study. The methodology involved the employment of Azure Machine Learning software to conduct sentiment analysis to explore the polarity of public sentiments, corpus analysis approach to identify the sentiment lexicon and discourse analysis to analyse public sentiments based on the identified sentiment lexicon. The results revealed that the majority of public sentiments appeared to be negative, depicting sentiment words such as long, critical, and serious. Positive sentiment words also prevailed such as better, best and hope. The discourse analysis revealed that the public is reasonably insightful of climate change although their sentiments appeared to be negative. However, the negative stance was largely influenced by the public's indignation with how decision-makers handle the climate change issue. Ironically, the negative sentiments may be an indication for the decision-makers to improve their approach in addressing climatechange. This study has contributed significantly to research on public perceptions of climate change in the Malaysian context

Two-Level Dynamic Programming-Enabled Non-Metric Data Aggregation Technique for the Internet of Things

The Internet of Things (IoT) has become a transformative technological infrastructure, serving as a benchmark for automating and standardizing various activities across different domains to reduce human effort, especially in hazardous environments. In these networks, devices with embedded sensors capture valuable information about activities and report it to the nearest server. Although IoT networks are exceptionally useful in solving real-life problems, managing duplicate data values, often captured by neighboring devices, remains a challenging issue. Despite various methodologies reported in the literature to minimize the occurrence of duplicate data, it continues to be an open research problem. This paper presents a sophisticated data aggregation approach designed to minimize the ratio of duplicate data values in the refined set with the least possible information loss in IoT networks. First, at the device level, a local data aggregation process filters out outliers and duplicates data before transmission. Second, at the server level, a dynamic programming-based non-metric method identifies the longest common subsequence (LCS) among data from neighboring devices, which is then shared with the edge module. Simulation results confirm the approach’s exceptional performance in optimizing the bandwidth, energy consumption, and response time while maintaining high accuracy and precision, thus significantly reducing overall network congestion

Media report about climate change in an English online Malaysian newspaper through thematic and discourse analysis approaches

Climate change studies are mainly focused on disaster management and inundated with scientific jargons that the public could not fathom. Thus, the dissemination of climate change discourse to the public has been less effective due to lack of information and understanding which explains the lack of public engagement and participation. Studies on climate change that consider linguistics aspects are beginning to emerge, but are still lacking. Therefore, the present study intends to conduct a linguistic analysis by identifying themes in news on climate change and by analysing the extent of media propagation about climate change. 922 news articles from Malaysiakini were analysed using a corpusdriven approach through frequency and collocation analysis. This enabled us to identify themes on climate change. Discourse analysis was then conducted to find out about the linguistic manifestations of the identified themes. The findings reveal that governance is the most propagated theme, followed by mitigation and adaptation, contributor and impacts, and threats, which may polarise the public’s understanding of climate change. Instead, the themes of contributors and impacts, and threats are those which should be put forward as they may provide facts on the causal relationship of climate change that may help in assisting the public in understanding what to do, what to avoid, and the consequences of not acting on climate change. An understanding of the temporal aspects of public involvement in engaging with climate change issues through thematic analysis could assist in identifying the types of public participation in this issue

A novel resource scheduling algorithm for QoS-aware services on the Internet

Sabrina, F ORCiD: 0000-0002-8455-2499The popularity and availability of Internet connection has opened up the opportunity for network-centric collaborative work that was impossible a few years ago. Contending traffic flows in this collaborative scenario share different kinds of resources such as network links, buffers, and router CPU. The goal should hence be overall fairness in the allocation of multiple resources rather than a specific resource. In this paper, firstly, we present a novel QoS-aware resource scheduling algorithm called Weighted Composite Bandwidth and CPU Scheduler (WCBCS), which jointly allocates the fair share of the link bandwidth as well as processing resource to all competing flows. WCBCS also uses a simple and adaptive online prediction scheme for reliably estimating the processing times of the incoming data packets. Secondly, we present some analytical results, extensive NS-2 simulation work, and experimental results from our implementation on Intel IXP2400 network processor. The simulation and implementation results show that our low complexity scheduling algorithm can efficiently maximise the CPU and bandwidth utilisation while maintaining guaranteed Quality of Service (QoS) for each individual flow. © 2008 Elsevier Ltd. All rights reserved

Improving performance of multimedia applications in distributed collaborative environment

Sabrina, F ORCiD: 0000-0002-8455-2499This work proposes a novel priority based resource management framework for multimedia applications in distributed collaborative environment. Due to the dynamic nature of the collaborative environment, sometimes the network could be lightly loaded and sometimes highly congested. Moreover, application priority might be changed by the user dynamically. In this dynamic environment, Quality of Experience (QoE) of the end users would not be satisfactory without any resource management mechanism. Our proposed framework comprises of (i) a bandwidth estimation technique which efficiently calculates the total allowable bandwidth dynamically based on the network condition and the current application rate, and (ii) a priority based resource allocation algorithm which can dynamically control the individual flow rate according to the flow priority. Our extensive NS2 simulation work demonstrates the effectiveness of our proposed system. ©2010 IEEE

Blockchain and structural relationship based access control for IoT: A smart city use case

Sabrina, F ORCiD: 0000-0002-8455-2499Smart city is one of the major Internet of Things (IoT) applications and has become an emerging paradigm with the recent advancements of IoT devices and sensors. But the heterogenous nature of a smart city IoT environment makes it vulnerable to many privacy and security concerns and introduces significant challenges for access control of IoT resources especially where access needs to be provided to third parties and external organizations. This paper proposes a new structural relationships-based access control (SRBAC) model that can be used to delegate resource access rights to users in a large scale IoT scenario like smart city while keeping the resource owner in full control. The proposed architecture uses smart contracts and public blockchain for managing access control for external users and a local off-block chain storage for managing access control for organization’s internal users and enforcing fine-grained access control for the resources