Packet analysis for network forensics: A comprehensive survey

Packet analysis is a primary traceback technique in network forensics, which, providing that the packet details captured are sufficiently detailed, can play back even the entire network traffic for a particular point in time. This can be used to find traces of nefarious online behavior, data breaches, unauthorized website access, malware infection, and intrusion attempts, and to reconstruct image files, documents, email attachments, etc. sent over the network. This paper is a comprehensive survey of the utilization of packet analysis, including deep packet inspection, in network forensics, and provides a review of AI-powered packet analysis methods with advanced network traffic classification and pattern identification capabilities. Considering that not all network information can be used in court, the types of digital evidence that might be admissible are detailed. The properties of both hardware appliances and packet analyzer software are reviewed from the perspective of their potential use in network forensics

Provenance-aware knowledge representation: A survey of data models and contextualized knowledge graphs

Expressing machine-interpretable statements in the form of subject-predicate-object triples is a well-established practice for capturing semantics of structured data. However, the standard used for representing these triples, RDF, inherently lacks the mechanism to attach provenance data, which would be crucial to make automatically generated and/or processed data authoritative. This paper is a critical review of data models, annotation frameworks, knowledge organization systems, serialization syntaxes, and algebras that enable provenance-aware RDF statements. The various approaches are assessed in terms of standard compliance, formal semantics, tuple type, vocabulary term usage, blank nodes, provenance granularity, and scalability. This can be used to advance existing solutions and help implementers to select the most suitable approach (or a combination of approaches) for their applications. Moreover, the analysis of the mechanisms and their limitations highlighted in this paper can serve as the basis for novel approaches in RDF-powered applications with increasing provenance needs

Going beyond: Cyber security curriculum in Western Australian primary and secondary schools. Final Report

There is no doubt cyber security is of national interest given the rife nature of cyber crime and the alarming increase of victims who have endured identify theft, fraud and scams. Curriculum within K-12 schools tends to be fixed and any modifications are subject to extensive consultation within a prolonged review cycle. Therefore, this report has gone beyond curriculum to explore the potential of national awareness campaigns and dynamic digital cyber security licences as alternative possibilities for instigation. The role of leaders in various school sectors and systems is critical for a successful roll out. This final report culminates from a ten-month project involving the mapping of national (Australian) and Western Australian (WA) curriculum to identify cyber security content, knowledge, and skills, that is, where and if it is being taught. After the researchers released an interim report in late 2022, stakeholders were invited to read and respond to the report and its considerations. This final report includes a presentation of the findings collected during four stakeholder consultation workshops in December 2022..

Developing resilient cyber-physical systems: A review of state-of-the-art malware detection approaches, gaps, and future directions

Cyber-physical systems (CPSes) are rapidly evolving in critical infrastructure (CI) domains such as smart grid, healthcare, the military, and telecommunication. These systems are continually threatened by malicious software (malware) attacks by adversaries due to their improvised tactics and attack methods. A minor configuration change in a CPS through malware has devastating effects, which the world has seen in Stuxnet, BlackEnergy, Industroyer, and Triton. This paper is a comprehensive review of malware analysis practices currently being used and their limitations and efficacy in securing CPSes. Using well-known real-world incidents, we have covered the significant impacts when a CPS is compromised. In particular, we have prepared exhaustive hypothetical scenarios to discuss the implications of false positives on CPSes. To improve the security of critical systems, we believe that nature-inspired metaheuristic algorithms can effectively counter the overwhelming malware threats geared toward CPSes. However, our detailed review shows that these algorithms have not been adapted to their full potential to counter malicious software. Finally, the gaps identified through this research have led us to propose future research directions using nature-inspired algorithms that would help in bringing optimization by reducing false positives, thereby increasing the security of such systems

A novel penalty-based wrapper objective function for feature selection in big data using cooperative co-evolution

The rapid progress of modern technologies generates a massive amount of high-throughput data, called Big Data, which provides opportunities to find new insights using machine learning (ML) algorithms. Big Data consist of many features (also called attributes); however, not all these are necessary or relevant, and they may degrade the performance of ML algorithms. Feature selection (FS) is an essential preprocessing step to reduce the dimensionality of a dataset. Evolutionary algorithms (EAs) are widely used search algorithms for FS. Using classification accuracy as the objective function for FS, EAs, such as the cooperative co-evolutionary algorithm (CCEA), achieve higher accuracy, even with a higher number of features. Feature selection has two purposes: reducing the number of features to decrease computations and improving classification accuracy, which are contradictory but can be achieved using a single objective function. For this very purpose, this paper proposes a penalty-based wrapper objective function. This function can be used to evaluate the FS process using CCEA, hence called Cooperative Co-Evolutionary Algorithm-Based Feature Selection (CCEAFS). An experiment was performed using six widely used classifiers on six different datasets from the UCI ML repository with FS and without FS. The experimental results indicate that the proposed objective function is efficient at reducing the number of features in the final feature subset without significantly reducing classification accuracy. Based on different performance measures, in most cases, naïve Bayes outperforms other classifiers when using CCEAFS

Cooperative co-evolution for feature selection in big data with random feature grouping

© 2020, The Author(s). A massive amount of data is generated with the evolution of modern technologies. This high-throughput data generation results in Big Data, which consist of many features (attributes). However, irrelevant features may degrade the classification performance of machine learning (ML) algorithms. Feature selection (FS) is a technique used to select a subset of relevant features that represent the dataset. Evolutionary algorithms (EAs) are widely used search strategies in this domain. A variant of EAs, called cooperative co-evolution (CC), which uses a divide-and-conquer approach, is a good choice for optimization problems. The existing solutions have poor performance because of some limitations, such as not considering feature interactions, dealing with only an even number of features, and decomposing the dataset statically. In this paper, a novel random feature grouping (RFG) has been introduced with its three variants to dynamically decompose Big Data datasets and to ensure the probability of grouping interacting features into the same subcomponent. RFG can be used in CC-based FS processes, hence called Cooperative Co-Evolutionary-Based Feature Selection with Random Feature Grouping (CCFSRFG). Experiment analysis was performed using six widely used ML classifiers on seven different datasets from the UCI ML repository and Princeton University Genomics repository with and without FS. The experimental results indicate that in most cases [i.e., with naïve Bayes (NB), support vector machine (SVM), k-Nearest Neighbor (k-NN), J48, and random forest (RF)] the proposed CCFSRFG-1 outperforms an existing solution (a CC-based FS, called CCEAFS) and CCFSRFG-2, and also when using all features in terms of accuracy, sensitivity, and specificity

Toward a sustainable cybersecurity ecosystem

© 2020 by the authors. Licensee MDPI, Basel, Switzerland. Cybersecurity issues constitute a key concern of today’s technology-based economies. Cybersecurity has become a core need for providing a sustainable and safe society to online users in cyberspace. Considering the rapid increase of technological implementations, it has turned into a global necessity in the attempt to adapt security countermeasures, whether direct or indirect, and prevent systems from cyberthreats. Identifying, characterizing, and classifying such threats and their sources is required for a sustainable cyber-ecosystem. This paper focuses on the cybersecurity of smart grids and the emerging trends such as using blockchain in the Internet of Things (IoT). The cybersecurity of emerging technologies such as smart cities is also discussed. In addition, associated solutions based on artificial intelligence and machine learning frameworks to prevent cyber-risks are also discussed. Our review will serve as a reference for policy-makers from the industry, government, and the cybersecurity research community

Correction to: Cooperative co‑evolution for feature selection in big data with random feature grouping (Journal of Big Data, (2020), 7, 1, (107), 10.1186/s40537-020-00381-y)

© 2020, The Author(s). Following publication of the original article [1], the author reported that the 2nd author affiliation was incorrect. It should only be “School of Science, Edith Cowan University, Joondalup, WA, Australia”. The affiliation is presented correctly in this correction article. The original article [1] has been corrected

DoS/DDoS-MQTT-IoT: A dataset for evaluating intrusions in IoT networks using the MQTT protocol

Adversaries may exploit a range of vulnerabilities in Internet of Things (IoT) environments. These vulnerabilities are typically exploited to carry out attacks, such as denial-of-service (DoS) attacks, either against the IoT devices themselves, or using the devices to perform the attacks. These attacks are often successful due to the nature of the protocols used in the IoT. One popular protocol used for machine-to-machine IoT communications is the Message Queueing Telemetry Protocol (MQTT). Countermeasures for attacks against MQTT include testing defenses with existing datasets. However, there is a lack of real-world test datasets in this area. For this reason, this paper introduces a DoS/DDoS-MQTT-IoT dataset—that contains various DoS/DDoS attack scenarios using MQTT traffic—to help develop and test countermeasures against such attacks. To this end, a physical IoT testbed was constructed and a large volume of IoT data was generated that included standard MQTT traffic as well as 10 DoS scenarios. The usability of the dataset has been evaluated via machine learning

CamDec: Advancing axis P1435-LE video camera security using honeypot-based deception

The explosion of online video streaming in recent years resulted in advanced services both in terms of efficiency and convenience. However, Internet-connected video cameras are prone to exploitation, leading to information security issues and data privacy concerns. The proliferation of video-capable Internet of Things devices and cloud-managed surveillance systems further extend these security issues and concerns. In this paper, a novel approach is proposed for video camera deception via honeypots, offering increased security measures compared to what is available on conventional Internet-enabled video cameras