Feature trade-off analysis for reconnaissance detection.

An effective cyber early warning system (CEWS) should pick up threat activity at an early stage, with an emphasis on establishing hypotheses and predictions as well as generating alerts on (unclassified) situations based on preliminary indications. The design and implementation of such early warning systems involve numerous challenges such as generic set of indicators, intelligence gathering, uncertainty reasoning and information fusion. This chapter begins with an understanding of the behaviours of intruders and then related literature is followed by the proposed methodology using a Bayesian inference-based system. It also includes a carefully deployed empirical analysis on a data set labelled for reconnaissance activity. Finally, the chapter concludes with a discussion on results, research challenges and necessary suggestions to move forward in this research line

C-NEST: cloudlet based privacy preserving multidimensional data stream approach for healthcare electronics.

The Medical Internet of Things (MIoT) facilitates extensive connections between cyber and physical "things" allowing for effective data fusion and remote patient diagnosis and monitoring. However, there is a risk of incorrect diagnosis when data is tampered with from the cloud or a hospital due to third-party storage services. Most of the existing systems use an owner-centric data integrity verification mechanism, which is not computationally feasible for lightweight wearable-sensor systems because of limited computing capacity and privacy leakage issues. In this regard, we design a 2-step Privacy-Preserving Multidimensional Data Stream (PPMDS) approach based on a cloudlet framework with an Uncertain Data-integrity Optimization (UDO) model and Sparse-Centric SVM (SCS) model. The UDO model enhances health data security with an adaptive cryptosystem called Cloudlet-Nonsquare Encryption Secret Transmission (C-NEST) strategy by avoiding medical disputes during data streaming based on novel signature and key generation strategies. The SCS model effectively classifies incoming queries for easy access to data by solving scalability issues. The cloudlet server measures data integrity and authentication factors to optimize third-party verification burden and computational cost. The simulation outcomes show that the proposed system optimizes average data leakage error rate by 27%, query response time and average data transmission time are reduced by 31%, and average communication-computation cost are reduced by 61% when measured against state-of-the-art approaches

Memory efficient federated deep learning for intrusion detection in IoT networks.

Deep Neural Networks (DNNs) methods are widely proposed for cyber security monitoring. However, training DNNs requires a lot of computational resources. This restricts direct deployment of DNNs to resource-constrained environments like the Internet of Things (IoT), especially in federated learning settings that train an algorithm across multiple decentralized edge devices. Therefore, this paper proposes a memory efficient method of training a Fully Connected Neural Network (FCNN) for IoT security monitoring in federated learning settings. The model‘s performance was evaluated against eleven realistic IoT benchmark datasets. Experimental results show that the proposed method can reduce memory requirement by up to 99.46 percentage points when compared to its benchmark counterpart, while maintaining the state-of-the-art accuracy and F1 score

Resource efficient boosting method for IoT security monitoring.

Machine learning (ML) methods are widely proposed for security monitoring of Internet of Things (IoT). However, these methods can be computationally expensive for resource constraint IoT devices. This paper proposes an optimized resource efficient ML method that can detect various attacks on IoT devices. It utilizes Light Gradient Boosting Machine (LGBM). The performance of this approach was evaluated against four realistic IoT benchmark datasets. Experimental results show that the proposed method can effectively detect attacks on IoT devices with limited resources, and outperforms the state of the art techniques

Towards a robust, effective and resource efficient machine learning technique for IoT security monitoring.

The application of Deep Neural Networks (DNNs) for monitoring cyberattacks in Internet of Things (IoT) systems has gained significant attention in recent years. However, achieving optimal detection performance through DNN training has posed challenges due to computational intensity and vulnerability to adversarial samples. To address these issues, this paper introduces an optimization method that combines regularization and simulated micro-batching. This approach enables the training of DNNs in a robust, efficient, and resource-friendly manner for IoT security monitoring. Experimental results demonstrate that the proposed DNN model, including its performance in Federated Learning (FL) settings, exhibits improved attack detection and resistance to adversarial perturbations compared to benchmark baseline models and conventional Machine Learning (ML) methods typically employed in IoT security monitoring. Notably, the proposed method achieves significant reductions of 79.54% and 21.91% in memory and time usage, respectively, when compared to the benchmark baseline in simulated virtual worker environments. Moreover, in realistic testbed scenarios, the proposed method reduces memory footprint by 6.05% and execution time by 15.84%, while maintaining accuracy levels that are superior or comparable to state-of-the-art methods. These findings validate the feasibility and effectiveness of the proposed optimization method for enhancing the efficiency and robustness of DNN-based IoT security monitoring

Towards a threat assessment framework for apps collusion

App collusion refers to two or more apps working together to achieve a malicious goal that they otherwise would not be able to achieve individually. The permissions based security model of Android does not address this threat as it is rather limited to mitigating risks of individual apps. This paper presents a technique for quantifying the collusion threat, essentially the first step towards assessing the collusion risk. The proposed method is useful in finding the collusion candidate of interest which is critical given the high volume of Android apps available. We present our empirical analysis using a classified corpus of over 29,000 Android apps provided by Intel SecurityTM

ETAREE: an effective trend-aware reputation evaluation engine for wireless medical sensor networks.

Wireless Medical Sensor Networks (WMSN) will play a significant role in the advancements of modern healthcare applications. Security concerns are still the main obstacle to the widespread adoption of this technology. Conventional security approaches, such as authentication and encryption, are able to defend against external attacks effectively. However, internally launched threats, either by compromised or selfish nodes, require further security measures to be detected. In this paper, an Effective Trend-Aware Reputation Engine (ETAREE) is proposed for WMSN. ETAREE uses a novel updating mechanism to evaluate the reputation value, which makes it effective in detecting malicious nodes. Moreover, the proposed updating mechanism of ETAREE can efficiently detect on-off attacks. ETAREE security evaluations have been presented and compared with different reputation evaluation models, demonstrating faster detection of malicious behaviours

RRP: a reliable reinforcement learning based routing protocol for wireless medical sensor networks.

Wireless medical sensor networks (WMSNs) offer innovative healthcare applications that improve patients' quality of life, provide timely monitoring tools for physicians, and support national healthcare systems. However, despite these benefits, widespread adoption of WMSN advancements is still hampered by security concerns and limitations of routing protocols. Routing in WMSNs is a challenging task due to the fact that some WMSN requirements are overlooked by existing routing proposals. To overcome these challenges, this paper proposes a reliable multi-agent reinforcement learning based routing protocol (RRP). RRP is a lightweight attacks-resistant routing protocol designed to meet the unique requirements of WMSN. It uses a novel Q-learning model to reduce resource consumption combined with an effective trust management system to defend against various packet-dropping attacks. Experimental results prove the lightweightness of RRP and its robustness against blackhole, selective forwarding, sinkhole and complicated on-off attacks