Classification of malware attacks using machine learning in decision tree

Predicting cyberattacks using machine learning has become imperative since cyberattacks have increased exponentially due to the stealthy and sophisticated nature of adversaries. To have situational awareness and achieve defence in depth, using machine learning for threat prediction has become a prerequisite for cyber threat intelligence gathering. Some approaches to mitigating malware attacks include the use of spam filters, firewalls, and IDS/IPS configurations to detect attacks. However, threat actors are deploying adversarial machine learning techniques to exploit vulnerabilities. This paper explores the viability of using machine learning methods to predict malware attacks and build a classifier to automatically detect and label an event as “Has Detection or No Detection”. The purpose is to predict the probability of malware penetration and the extent of manipulation on the network nodes for cyber threat intelligence. To demonstrate the applicability of our work, we use a decision tree (DT) algorithms to learn dataset for evaluation. The dataset was from Microsoft Malware threat prediction website Kaggle. We identify probably cyberattacks on smart grid, use attack scenarios to determine penetrations and manipulations. The results show that ML methods can be applied in smart grid cyber supply chain environment to detect cyberattacks and predict future trends

Software reliability and quality assurance challenges in cyber physical systems security

Software Reliability is the probability of failure-free software operation for a specified period of time in a specified environment. Cyber threats on software security have been prevailing and have increased exponentially, posing a major challenge on software reliability in the cyber physical systems (CPS) environment. Applying patches after the software has been developed is outdated and a major security flaw. However, this has posed a major software reliability challenge as threat actors are exploiting unpatched and insecure software configuration vulnerabilities that are not identified at the design phase. This paper aims to investigate the SDLC approach to software reliability and quality assurance challenges in CPS security. To demonstrate the applicability of our work, we review existing security requirements engineering concepts and methodologies such as TROPOS, I*, KAOS, Tropos and Secure Tropos to determine their relevance in software security. We consider how the methodologies and function points are used to implement constraints to improve software reliability. Finally, the function points concepts are implemented into the CPS security components. The results show that software security threats in CPS can be addressed by integrating the SRE approach and function point analysis in the development to improve software reliability

Evil Twin Attacks on Smart Home IoT Devices for Visually Impaired Users

Securing the Internet of Things (IoT) devices in a smart home has become inevitable due to the recent surge in the use of smart devices by the visually impaired. The visually impaired users rely heavily on these IoT devices and assistive technologies for guidance, medical usage, mobility help, voice recognition, news feeds and emergency communications. However, cyber attackers are deploying Evil Twin and Man-in-the-middle (MITM) attacks, among others, to penetrate the network, establish rogue Wi-Fi access points and trick victims into connecting to it, leading to interceptions, manipulation, exploitation, compromising the smart devices and taking command and control. The paper aims to explore the Evil Twin attack on smart devices and provide mitigating techniques to improve privacy and trust. The novelty contribution of the paper is three-fold: First, we identify the various IoT device vulnerabilities and attacks. We consider the state-of-the-art IoT cyberattacks on Smart TVs, Smart Door Lock, and cameras. Secondly, we created a virtual environment using Kali Linux (Raspberry Pi) and NetGear r7000 as the home router for our testbed. We deployed an Evil Twin attack to penetrate the network to identify the vulnerable spots on the IoT devices. We consider the Kill Chain attack approach for the attack pattern. Finally, we recommend a security mechanism in a table to improve security, privacy and trust. Our results show how vulnerabilities in smart home appliances are susceptible to attacks. We have recommended mitigation techniques to enhance the security for visually impaired users

Malware attack predictive analytics in a cyber supply chain context using machine learning

Due to the invincibility nature of cyber attacks on the cyber supply chain (CSC), and the cascading effects ofmalware infections, we use machine learning to predictattacks. As organizations have become more reliant on CSC systems for business continuity, so are the increase invulnerabilities and the threat landscapes. Some traditionalapproach to detecting and defending malware attack haslargely been antimalware or antivirus software such as spam filters, firewall, and IDS/IPS. These tools largelysucceed, however, as threat actors get more intelligent, theyare able to circumvent and affect nodes on systems which then propagates. In our previous work, we characterizedthreat actor activities, including presumed intent and historically observed behaviour, for the purpose of ascertaining the current threats that could be exploited. Inthis paper, we use ML techniques to learn dataset and predict which CSC nodes have detection or no detection. The purpose is to predict which modes are venerable to cyberattacks and for predicting future trends. Todemonstrate the applicability of our approach, we used adataset from Microsoft Malware Prediction website. Further, an ensemble is used to link Logistic Regression, and Decision Tree and SVM algorithms in Majority Votingand run on the training data and then use 10-fold crossvalidation to test the parameter estimation, accurate results and predictions. The results show that ML algorithms in Decision Trees methods can be used in cyber supply chainpredict analytics to detect and predict future cyber attacktrends

Effects of Cyberattacks on Virtual Reality and Augmented Reality Technologies for People with Disabilities

Virtual Reality (VR) and Augmented Reality (AR) technologies offer transformative solutions for individuals with disabilities, empowering them with enhanced accessibility and immersive experiences. The importance of VR and AR for accessibility provides assistive solutions for disabled users through accessibility enhancements, personalized assistive technologies to support education, rehabilitation support, and social inclusion and empathy building. However, limitations and security challenges are inherent in the current integration of VR and AR. That includes inadequate authentication, insecure communication channels, software errors, device incompatibilities, keystroke errors on controllers, poor network speed, and cyberattacks, potentially jeopardising vulnerable users' safety and well-being. The paper explores the impact of cyberattacks on VR and AR technologies for disabled users. The novelty contribution of the paper is threefold. First, we analyze existing VR and AR technologies and their immersive environments, including their vulnerabilities. Secondly, we consider the various cyberattacks being deployed to exploit the vulnerabilities in the settings and their impact on users with disabilities. Finally, we implement an attack to exploit a vulnerability in the AR and VR environment to determine security and recommend control mechanisms. The paper raises awareness of the importance of securing VR and AR to safeguard the inclusivity and independence of disabled users

Big Data Security Using RSA Algorithms in A VPN Domain

Big Data security using encryption algorithms has become imperative due to the increased reliance on the volume, velocity, veracity, and value of data that organizations require to manage business processes, information sharing, and vulnerabilities that can be exploited. VPN tunneling ensures the confidentiality of data transmission over the network and remains secure from unauthorized parties. Big Data security within a VPN environment using RSA encryption to secure the data traversing between the established VPN tunnel. However, recent attacks on Big Data such as Man-in-the-middle, Evil twin attacks, DNS cache poisoning, phishing, injection, and DoS attacks, among others, have impacted greatly on organizations, leading to financial losses, data breaches, reputational damage, litigation issues, and trust. This paper explores how Big Data Security uses the RSA Algorithms in the VPN environment to establish secure tunneling and enhance security. The contribution of this paper is threefold. The foremost objective is to explore existing literature and state of the art to identify and analyze the prevalent Big Data challenges, threats, risks, and vulnerabilities that can compromise Big Data. In addition, we would compare encryption algorithms, such as AES, RSA, and DES, to determine secure features and relevance during data transmission in a VPN environment. Furthermore, we implement a VPN tunnel and encrypt the end-to-end network infrastructure for configuration and to secure the data traversing the network. Finally, we recommend security mechanisms to improve Big Data security in a VPN environment. The results highlight issues of improper data storage, inadequate authentication, and insufficient data protection mechanisms; it also discusses examples of Big Data security challenges and how RSA encryption could improve security on the VPN

Agent Based Simulation of Botnet Volumetric and Amplification Attack Scenarios Applied to Smart Grid Systems

All industries rely on smart grid infrastructures and systems to energy systems to provide power supply to industries and individual users for innovation, economic growth and sustainability as part of SGD goals. However, recent attacks on the smart grid using various attack methods have made it inevitable to provide security implementation for sustainable development infrastructures and economic growth. Agent-based simulation (ABS) considers modelling complex adaptive systems in a heterogeneous environment to detect their interactive behaviours and attacks. Agents can represent people, households, and business entities in a smart grid system. ABSs are created with three core attributes, the declaration of the agent’s architectures and associated agent classes, an agent environment, and the software modules to establish communication protocols between agents. However, threat actors can use these attributes to cause Distributed Denial of Service (DDoS) and False Data Injection Attacks (FDIA) on the smart grid. The paper presents an agent-based simulation of offensive botnet interactions within a smart grid system and considers amplification attack scenarios of DDoS and FDIA on the smart grid. The contribution of the paper is threefold. First, we explore how botnet agent attacks systems using ABS impact of cooperative defence during DDoS and FDIA attacks. Secondly, we implement attack models using GAMA tool to determine offensive botnet interactions within a smart grid system. Finally, we recommend control mechanisms to prevent offensive botnets on the smart grid network. The results show that ABS could be used to detect offensive botnet interactions within smart grid systems to improve cybersecurity

Cyber threat intelligence for improving cyber supply chain security

Cyber supply chain (CSC) systems provide operational efficiency and business continuity due to the integrated nature of various network system nodes. Such integration has made the overall system vulnerable to various cyber attacks and malware propagation is one of the common attacks for CSC. Cyber threat intelligence (CTI) provides an organization the capability to identify, gather, analyze threats and the associated risks so that CSC organization can forecast the existing and future threat trends and manage the cybersecurity risk in a proactive manner. A threat actor may attack the system and propagate a malware. The purpose is to manipulate, alter, or change delivery mechanisms. It is imperative to integrate CTI into the existing cybersecurity practice to detect and understand the threat actor's intents and motive. In our previous paper, we used threat analysis gathering to provide us an understanding of the adversaries' capabilities, actions, and intents. This paper contributes to improving the cybersecurity of CSC by using CTI. In particular, we extend our previous work which identifies and analysis CSC attacks and adopts CTI approach to understand the attack trends so that appropriate control can determine proactively. We use the malware a smart grid case study as CSC context to demonstrate our approach. The result demonstrations how CTI approach is applied to assist in preventing cyberattacks and to disseminate threat information sharing

Mitigating cyber supply chain risks in cyber physical systems organizational landscape

Cyber supply chain (CSC) provide an organization with the ability to align its business processes, information flows and data structures with other organization. However, the increase interdependencies have brought about inherent, threats, risks, attacks and vulnerabilities that adversaries maybe able to exploit when not properly mitigated. Additionally, every cyberattack on each organization increases the probability of the risk cascading to others. The CSC risk has increased exponentially due to uncertainties surrounding cyberattacks and the cyber threat landscape. Recent CSC threats have been disruptive and impacting on the smooth flow of delivery of products and services. CSC risk has been observed as one of the areas that impact greatly and causes budget overruns. The aim of this paper is to mitigate CSC risks in an organizational landscape. In particular, the paper identifies supply inbound and outbound chain threat landscape using a risk breakdown structure. Further, weassess the risk to gather cyber threat intelligence. Furthermore, we use the probability distribution method to determine the CSC risks and analyze the risk probabilities and likelihood of risk cascading impact. Our results show that CSC risk can be neutralized using probability distribution methods to detect and mitigate the risks and their impact levels

Detecting cyber supply chain attacks on cyber physical systems using Bayesian belief network

Identifying cyberattack vectors on cyber supply chains (CSC) in the event of cyberattacks are very important in mitigating cybercrimes effectively on Cyber Physical Systems CPS. However, in the cyber security domain, the invincibility nature of cybercrimes makes it difficult and challenging to predict the threat probability and impact of cyber attacks. Although cybercrime phenomenon, risks, and treats contain a lot of unpredictability's, uncertainties and fuzziness, cyberattack detection should be practical, methodical and reasonable to be implemented. We explore Bayesian Belief Networks (BBN) as knowledge representation in artificial intelligence to be able to be formally applied probabilistic inference in the cyber security domain. The aim of this paper is to use Bayesian Belief Networks to detect cyberattacks on CSC in the CPS domain. We model cyberattacks using DAG method to determine the attack propagation. Further, we use a smart grid case study to demonstrate the applicability of attack and the cascading effects. The results show that BBN could be adapted to determine uncertainties in the event of cyberattacks in the CSC domain