Advanced Attacks Research Articles

A Survey of Advanced Border Gateway Protocol Attack Detection Techniques.

The Internet's default inter-domain routing system, the Border Gateway Protocol (BGP), remains insecure. Detection techniques are dominated by approaches that involve large numbers of features, parameters, domain-specific tuning, and training, often contributing to an unacceptable computational cost. Efforts to detect anomalous activity in the BGP have been almost exclusively focused on single observable monitoring points and Autonomous Systems (ASs). BGP attacks can exploit and evade these limitations. In this paper, we review and evaluate categories of BGP attacks based on their complexity. Previously identified next-generation BGP detection techniques remain incapable of detecting advanced attacks that exploit single observable detection approaches and those designed to evade public routing monitor infrastructures. Advanced BGP attack detection requires lightweight, rapid capabilities with the capacity to quantify group-level multi-viewpoint interactions, dynamics, and information. We term this approach advanced BGP anomaly detection. This survey evaluates 178 anomaly detection techniques and identifies which are candidates for advanced attack anomaly detection. Preliminary findings from an exploratory investigation of advanced BGP attack candidates are also reported.

CLOUD DATA PROTECTION USING WEIBULL DISTRIBUTED RECURRENT NEURAL ERGODIC SIGNCRYPTION

Cloud computing has become an integral part of modern computing, offering scalable storage and processing resources. However, the security of data stored in the cloud remains a major concern, especially when dealing with sensitive information. Traditional encryption schemes, while effective, often face limitations in terms of computational overhead and vulnerability to advanced attacks. To address these challenges, we propose a novel Weibull Distributed Recurrent Neural Ergodic Skewed Certificateless Signcryption scheme aimed at enhancing data protection in cloud environments. The key problem addressed by this work is the inherent inefficiency of existing cryptographic solutions that either rely on certificate-based systems or suffer from high computational and communication costs. This is especially crucial in cloud systems where real-time data processing is essential. Our approach integrates Weibull distribution for key management and optimization, recurrent neural networks (RNNs) for secure data transmission prediction, and ergodic skewed signcryption to eliminate the need for certificate authorities. This results in improved security, reduced computational overhead, and efficient communication, ensuring that the data remains secure even in dynamic cloud environments. The proposed scheme was tested using various metrics, including encryption/decryption time, data throughput, and attack resistance. Results demonstrate a significant reduction in computational cost by approximately 28% compared to traditional certificateless encryption. Furthermore, encryption times decreased from an average of 1.8 ms to 1.2 ms, and the scheme showed robustness against man-in-the-middle and chosen-ciphertext attacks with a detection accuracy of 98.6%. These results confirm the efficacy of the proposed system for enhancing security in cloud computing environments while maintaining high performance.

Time-Varying Cypher Assignment Based on Secrecy Capacity

Wireless communication is a convenient but not secure transmission media. For internet application, such as E-commerce, there are a lot of private information existed. To protect the secret information inside and to set up a secure communication becomes an urgent topic. The purpose of a perfect communication system is to ensure the authentic destination could correctly and successfully receive the exact desired information from the transmitter. Also, the system with authorization and authentication could protect the transmitted information away from the eavesdroppers. Generally, the encryption scheme is applied to. Although these methods have been employed in the system for the security, those unexpected and advanced attackers have been continuously developing. Error-free cryptogram based on Shannon’s theorem could provide a solution for the information security. It could be implemented with physical-layer security coding scheme. In this paper, the cypher generator is proposed with physical-layer coding scheme. The cypher format includes two parts. One is the prefixed code and the other is error-control code. The major purpose of prefixed code is the key to find the position indexing of code in the cypher. In this cypher generator, the interleaver plays a role to disturb the original data. It increases the degree of difficulty to break the cypher. With cryptanalysis, the practical example of LDPC is given. With AI technology, the advanced algorithm might be developed for cypher coding and decoding.

Domain knowledge free cloud-IDS with lightweight embedding method

The expansion of the cloud computing market has provided a breakthrough in efficiently storing and managing data for individuals and companies. As personal and corporate data move to the cloud, diverse attacks targeting the cloud have also increased for heist beneficial information. Therefore, cloud service providers offer protective environments through diverse security solutions. However, security solutions are limited in preventing advanced attacks because it is challenging to reflect the environment of each user. This paper proposes a Cloud Intrusion Detection System (C-IDS) that adapts to each user’s cloud environment and performs real-time attack detection using Natural Language Processing (NLP). Notably, the C-IDS learns the deployed client environment logs and detects anomalies using the Seq2Seq model with BI-LSTM and Bahdanau attention. We used multiple domain datasets, Linux, Windows, Hadoop, OpenStack, Apache, OpenSSH, and CICIDS2018 to verify the performance of the C-IDS. C-IDS consists of a ‘recognition’ that identifies logs in the deployed environment and a ‘detection’ that discovers anomalies. The recognition results showed an average accuracy of 98.2% for multiple domain datasets. Moreover, the detection results based on the trained model exhibited an average accuracy of 94.2% for the Hadoop, OpenStack, Apache, and CICIDS2018 datasets.

Clop Ransomware in Action: A Comprehensive Analysis of Its Multi-Stage Tactics

Recently, Clop ransomware attacks targeting non-IT fields such as distribution, logistics, and manufacturing have been rapidly increasing. These advanced attacks are particularly concentrated on Active Directory (AD) servers, causing significant operational and financial disruption to the affected organizations. In this study, the multi-step behavior of Clop ransomware was deeply investigated to decipher the sequential techniques and strategies of attackers. One of the key insights uncovered is the vulnerability in AD administrator accounts, which are often used as a primary point of exploitation. This study aims to provide a comprehensive analysis that enables organizations to develop a deeper understanding of the multifaceted threats posed by Clop ransomware and to build more strategic and robust defenses against them.

An effective attack detection framework using multi-scale depth-wise separable 1DCNN via fused grasshopper-based lemur optimizer in IoT routing system

A secured IoT routing model against different attacks has been implemented to detect attacks like replay attacks, version attacks, and rank attacks. These attacks cause certain issues like energy depletion, minimized packet delivery, and loop creation. By mitigating these issues, an advanced attack detection approach for secured IoT routing techniques with a deep structured scheme is promoted to attain an efficient attack detection rate over the routing network. In the starting stage, the aggregation of data is done with the help of IoT networks. Then, the selected weighted features are subjected to the Multiscale Depthwise Separable 1-Dimensional Convolutional Neural Networks (MDS-1DCNN) approach for attack detection, in which the parameters in the 1-DCNN are tuned with the aid of Fused Grasshopper-aided Lemur Optimization Algorithm (FG-LOA). The parameter optimization of the FG-LOA algorithm is used to enlarge the efficacy of the approach. Especially, the MDS-1DCNN model is used to detect different attacks in the detection phase. The attack nodes are mitigated during the routing process using the developed FG-LOA by formulating the fitness function based on certain variables such as shortest distance, energy, path loss and delay, and so on in the routing process. Finally, the performances are examined through the comparison with different traditional methods. From the validation of outcomes, the accuracy value of the developed attack detection model is 96.87%, which seems to be better than other comparative techniques. Also, the delay analysis of the routing model based on FG-LOA is 17.3%, 12.24%, 10.41%, and 15.68% more efficient than the classical techniques like DHOA, HBA, GOA, and LOA, respectively. Hence, the effectualness of the offered approach is more enriched than the baseline approaches and also it has mitigated diverse attacks using secured IoT routing and different attack models.

Blockchain Security:"Botnets and Bitcoin Mining” - A Study on the Impacts and Countermeasures

Introduction: Botnets have become a significant threat to cybersecurity, as they can be used for a wide range of malicious activities, including Distributed Denial-of-Service (DDoS) attacks, spamming, and cryptocurrency mining. Bitcoin Mining, in particular, has become a lucrative target for cybercriminals, as it requires massive computing power and can generate significant profits. Method: In this paper, the author presents a study on a botnet that uses an HTA file to gain initial access and execute code on a victim's device, followed by the installation of mining software to infect the device and bitcoins. Result: The author analyzes the botnet's behaviour, including its evasion techniques and Bitcoin Mining activities, and discusses the implications of current findings for cybersecurity and Bitcoin Mining. Conclusion: Future research should also investigate the use of different command and control servers and other advanced attack frameworks in botnet operations and examine the potential connections between botnets and other cybercrime activities, such as ransomware and espionage.

DeepOpt: a deep learning optimized privacy preservation framework for cyber-physical systems

Privacy preservation and security enhancement are the key components of any network architecture due to advanced attack procedures. Cyber-Physical Systems (CPS) also need a mitigation and prevention strategy to deal with cyber threats. The existing approaches majorly deal with attack detection and focus on one or two attacks at a time. With this focus and demand of the CPS, this work proposes a deep learning optimized privacy preservation framework called DeepOpt. This proposed framework prevents the network from attackers and maintains security by classifying multiple attackers simultaneously using deep learning architecture. The proposed framework initializes privacy preservation using the trust-based approach and a hybrid optimization algorithm. In this, the network is divided into different zones, and each zone is secured using trust parameters with additional verification by secure hash function. The hybrid optimization selects the communication path using trust and energy that returns the attack-free path. This proposed architecture is simulated over different network scenarios with or without attacker nodes, and their traces are labeled to train the proposed deep convolutional neural network architecture. Finally, these models are integrated, and their performance is analyzed in different network scenarios and the presence of five different attackers such as blackhole, wormhole, man-in-the-middle attack, spoofing, and distributed denial of service. The simulation results, with improvement in detection accuracy, packet delivery ratio, and other performance factors, indicate the effectiveness of the proposed framework for both prevention and mitigation. Hence, this overall architecture preserves the privacy of CPS even in multifarious dynamic network scenarios.

DDoS detection in electric vehicle charging stations: A deep learning perspective via CICEV2023 dataset

Distributed Denial of Service (DDoS) attacks have always been an important research topic in the field of information security. Regarding specialized infrastructures such as electric vehicle charging stations, detecting and preventing such attacks becomes even more critical. In the existing literature, most studies on DDoS attack detection focus on traditional methods that analyze network metrics such as network traffic, packet rates, and number of connections. These approaches attempt to detect attacks by identifying anomalies and irregularities in the network, but can have high error rates and fail to identify advanced attacks. Conversely though, detection methods based on system metrics use deeper and more insightful parameters such as processor utilization, memory usage, disk I/O operations, and system behavior. Such metrics provide a more detailed perspective than network-based approaches, allowing for more accurate detection of attacks. However, work in this area is not yet widespread enough further research and improvement are needed. The adoption of advanced system metrics-based methods can significantly improve the effectiveness of DDoS defense strategies, especially in next-generation and specialized infrastructures. This paper evaluates the applicability and effectiveness of Long Short-Term Memory (LSTM) and Feed-Forward Network (FFN) in detecting DDoS attacks against electric vehicle charging stations through system metrics using CICEV2023 dataset. Experimental results show that the LSTM based model offers advantages in terms of speed and processing capacity, while the FFN is superior in terms of the accuracy.

Proactive threat hunting to detect persistent behaviour-based advanced adversaries

Persistence behavior is a tactic advanced adversaries use to maintain unauthorized access and control of compromised assets over extended periods. Organizations can efficiently detect persistent adversaries and reduce the growing risks posed by highly skilled cyber threats by embracing creative techniques and utilizing sophisticated tools. By taking a proactive stance, businesses may increase their entire cybersecurity posture by anticipating and mitigating possible risks before they escalate. Security analysts perform thorough investigations and extract meaningful insights from large datasets with greater technical advantage by using Elasticsearch in conjunction with a variety of linguistic tools. This research presents a novel methodology for proactive threat intelligence to identify and mitigate advanced adversaries that use persistent behaviors. The authors designed and set up an Elasticsearch-based advanced Security Information and Event Management platform to offer a proactive threat-hunting strategy. This enables comprehensive analysis and detection by integrating Lucene, Kibana, and domain-specific languages. The goal of this research is to locate hidden advanced enemies who exhibit persistent behavior during cyberattacks. The framework can help improve the organization’s resilience to identify and respond to threats by closely examining activities like boot or logon auto-start execution in registry keys, tampering with system processes and services, and unauthorized creation of local accounts on compromised assets. This study emphasizes proactive actions over reactive reactions, which advances danger detection techniques. This technical study provides security practitioners seeking to improve defenses against new advanced attacks to stay ahead in a dynamic threat landscape.

Intelligent Advanced Attack Detection Technology based on Multi-modal Data Fusion

This paper proposes an adaptive Wedman intrusion detection algorithm (AID-DFS) for data fusion. Firstly, feature extraction of abnormal text detection is carried out using a BI-gated loop (Bi-GRU). Multi-branch convolutional recurrent neural network (CNN-RNN) extracts hierarchical features from abnormal images. The multi-mode dynamic fusion uses the intermodal and intramodal attention mechanisms. In this way, a joint representation of multiple modes is obtained. The visual perception mechanism is used to realize multichannel integration and strengthen the function of original information in multichannel. The experimental results show that the proposed method has 99.6% accuracy and 94.9% accuracy. Compared with other algorithms, the proposed method can improve the performance of the intrusion system by about 10.2%.

Improving query efficiency of black-box attacks via the preference of deep learning models

Black-box query attacks are effective at compromising deep-learning models using only the model's output. These attacks typically face challenges with low attack success rates (ASRs) when limited to fewer than ten queries per example. Recent approaches have improved ASRs due to the transferability of initial perturbations, yet they still suffer from inefficient querying. Our study introduces the Gradient-Aligned Attack (GAA) to enhance ASRs with minimal perturbation by focusing on the model's preference. We define a preference property where the generated adversarial example prefers to be misclassified as the wrong category with a high initial confidence. This property is further elucidated by the gradient preference, suggesting a positive correlation between the magnitude of a coefficient in a partial derivative and the norm of the derivative itself. Utilizing this, we devise the gradient-aligned CE (GACE) loss to precisely estimate gradients by aligning these coefficients between the surrogate and victim models, with coefficients assessed by the victim model's outputs. GAA, based on the GACE loss, also aims to achieve the smallest perturbation. Our tests on ImageNet, CIFAR10, and Imagga API show that GAA can increase ASRs by 25.7% and 40.3% for untargeted and targeted attacks respectively, while only needing minimally disruptive perturbations. Furthermore, the GACE loss reduces the number of necessary queries by up to 2.5x and enhances the transferability of advanced attacks by up to 14.2%, especially when using an ensemble surrogate model. Code is available at https://github.com/HaloMoto/GradientAlignedAttack.

Intelligent model for the detection and classification of encrypted network traffic in cloud infrastructure

This article explores detecting and categorizing network traffic data using machine-learning (ML) methods, specifically focusing on the Domain Name Server (DNS) protocol. DNS has long been susceptible to various security flaws, frequently exploited over time, making DNS abuse a major concern in cybersecurity. Despite advanced attack, tactics employed by attackers to steal data in real-time, ensuring security and privacy for DNS queries and answers remains challenging. The evolving landscape of internet services has allowed attackers to launch cyber-attacks on computer networks. However, implementing Secure Socket Layer (SSL)-encrypted Hyper Text Transfer Protocol (HTTP) transmission, known as HTTPS, has significantly reduced DNS-based assaults. To further enhance security and mitigate threats like man-in-the-middle attacks, the security community has developed the concept of DNS over HTTPS (DoH). DoH aims to combat the eavesdropping and tampering of DNS data during communication. This study employs a ML-based classification approach on a dataset for traffic analysis. The AdaBoost model effectively classified Malicious and Non-DoH traffic, with accuracies of 75% and 73% for DoH traffic. The support vector classification model with a Radial Basis Function (SVC-RBF) achieved a 76% accuracy in classifying between malicious and non-DoH traffic. The quadratic discriminant analysis (QDA) model achieved 99% accuracy in classifying malicious traffic and 98% in classifying non-DoH traffic.

Application Study on the Reinforcement Learning Strategies in the Network Awareness Risk Perception and Prevention

The intricacy of wireless network ecosystems and Internet of Things (IoT) connected devices have increased rapidly as technology advances and cyber threats increase. The existing methods cannot make sequential decisions in complex network environments, particularly in scenarios with partial observability and non-stationarity. Network awareness monitors and comprehends the network's assets, vulnerabilities, and ongoing activities in real-time. Advanced analytics, machine learning algorithms, and artificial intelligence are used to improve risk perception by analyzing massive amounts of information, identifying trends, and anticipating future security breaches. Hence, this study suggests the Deep Reinforcement Learning-assisted Network Awareness Risk Perception and Prevention Model (DRL-NARPP) for detecting malicious activity in cybersecurity. The proposed system begins with the concept of network awareness, which uses DRL algorithms to constantly monitor and evaluate the condition of the network in terms of factors like asset configurations, traffic patterns, and vulnerabilities. DRL provides autonomous learning and adaptation to changing network settings, revealing the ever-changing nature of network awareness risks in real time. Incorporating DRL into risk perception increases the system's capacity to recognize advanced attack methods while simultaneously decreasing the number of false positives and enhancing the reliability of risk assessments. DRL algorithms drive dynamic and context-aware response mechanisms, making up the adaptive network prevention component of the development. Predicting new threats and proactively deploying preventive measures, such as changing firewall rules, isolating compromised devices, or dynamically reallocating resources to reduce developing risks, is made possible by the system's ability to learn from historical data and prevailing network activity. The suggested DRL-NARPP model increases the anomaly detection rate by 98.3%, the attack prediction accuracy rate by 97.4%, and the network risk assessment ratio by 96.4%, reducing the false positive ratio by 11.2% compared to other popular methodologies.

Audio-deepfake detection: Adversarial attacks and countermeasures

Audio has always been a powerful resource for biometric authentication: thus, numerous AI-based audio authentication systems (classifiers) have been proposed. While these classifiers are effective in identifying legitimate human-generated input their security, to the best of our knowledge, has not been explored thoroughly when confronted with advanced attacks that leverage AI-generated deepfake audio. This issue presents a serious concern regarding the security of these classifiers because, e.g., samples generated using adversarial attacks might fool such classifiers, resulting in incorrect classification. In this study, we prove the point: we demonstrate that state-of-the-art audio deepfake classifiers are vulnerable to adversarial attacks. In particular, we design two adversarial attacks on a state-of-the-art audio-deepfake classifier, i.e., the Deep4SNet classification model, which achieves 98.5% accuracy in detecting fake audio samples. The designed adversarial attacks11The code of the attacks will be released open-source in the camera ready. leverage a generative adversarial network architecture and reduce the detector’s accuracy to nearly 0%. In particular, under graybox attack scenarios, we demonstrate that when starting from random noise, we can reduce the accuracy of the state-of-the-art detector from 98.5% to only 0.08%. To mitigate the effect of adversarial attacks on audio-deepfake detectors, we propose a highly generalizable, lightweight, simple, and effective add-on defense mechanism that can be implemented in any audio-deepfake detector. Finally, we discuss promising research directions.

Wifi Pentesting Roadmap for Classic-Future Attacks and Defenses

The most advanced attack on the Wireless Fidelity (WIFI) network uses social engineering. The hacker makes portal captive and forces the victim for disconnecting to internet instead of entering the real password of the WIFI. In normal actions, asking WIFI password on the web interface is not the real process, but sometimes the victim is not experience enough on security and thinks that it is a technical problem. Also, the victim didn’t have internet connection due to the hard deauthentication and the select open access, which is not his WIFI network. The future generation of WIFI could be use a secure deauthentication. So, this article proposed how the actual attack will be processed, how is the secure deauthentication and how hacker could use this same attack with more secure network. Like conclusion, solutions to resolve this problem will be proposed. New hacking arsenal for replacing the deauthentication is the smart-jamming. With the secure deauthentication, reforging the packet for telling the victim to deauthenticate to the network will not be possible anymore. The smart-jamming select the frequency of the access point of the victim and jam only this specific frequency by sending a noise. In this scenario, the same effect of the first attack is still possible. For the best security of network, two solutions will be proposed: secure deauthentication and hopping frequency. A defensive proposition about secure deauthentication will be found in this article by using cryptographic key exchange like Diffie Hellman (DH), Elliptic Curve Diffie Hellman (ECDH) and Super Isogenies Diffie Hellman (CSIDH).

SCADvanceXP—an intelligent Polish system for threat detection and monitoring of industrial networks

SCADvanceXP is an industrial network intrusion detection system that scans and monitors data exchange between engineering stations, field divides, controllers, supervisory control and data acquisition (SCADA), and other elements of the operational technology network in detail. SCADvanceXP has the potential to detect advanced attacks on industrial infrastructures with the use of rulebased, signature-based, and behavioural detection methods, which are supported by sophisticated machine and deep learning models. As a system developed in Poland, it addresses the needs of industry in that region of Europe. The goal of this work was to assess SCADvanceXP’s potential to detect common industrial threats. In order to check SCADvanceXP’s potential, an effort was undertaken to evaluate its functionality on major industrial threats. For that purpose, twelve malware strains interfering with industrial systems were described. Later, the SCADvanceXP functionality was overlapped on malware behavioural and detection markers, pointing out exact mechanisms in SCADvanceXP that would detect analysed threats. The results show that SCADvanceXP is able to detect a wide range of attacks on industrial networks. SCADvanceXP’s rich functionality is able to provide a high standard of security. However, if a threat is affecting systems not directly connected with industrial networks, SCADvanceXP will not be able to detect it. SCADvanceXP only monitors industrial systems; hence, corporate networks must be protected by a different solution to provide the required level of security. Nonetheless, SCADvanceXP is dedicated to operating within industrial networks and does not have access to regular IT networks. It can be concluded that SCADvanceXP is a specialist tool providing desired security for industrial networks.

Penetralium: Privacy-preserving and memory-efficient neural network inference at the edge

The proliferation of artificial intelligence and edge computing has led to an increase in the deployment of proprietary deep learning models on third-party edge servers or devices to power mission-critical applications. However, this trend raises concerns about model privacy, particularly on untrusted edge platforms. Protecting model privacy in such scenarios requires addressing challenges such as untrustworthy model deployment environments, resource-constrained Trusted Execution Environments (TEE), and vulnerability to privacy inference attacks. To address these challenges, this paper proposes Penetralium, a system-algorithm jointly optimized model inference system on edge computing platforms. Penetralium runs models in the TEE by building an underlying computational engine. We propose an adaptive decomposition algorithm that builds a computing pipeline for models, which adapts to the underlying trusted components. Additionally, Penetralium uses a lightweight confidence score perturbation policy to protect against advanced privacy inference attacks on deep learning models. Experimental results demonstrate that Penetralium provides strong security guarantees with reasonable performance. The system not only reduces inference latency and memory consumption overhead but also improves the overall robustness of the system against advanced attacks.

ADVANCES IN NETWORK SECURITY FOR A RESILIENT DIGITAL CYBERSPACE INFRASTRUCTURE

In network security, safeguarding digital cyberspace infrastructure against malicious intrusions remains a paramount concern. This study addresses this imperative by proposing a novel approach that integrates digital watermarking, Huffman coding, and sophisticated attack classification techniques within the Controller Area Network (CAN) protocol framework. The proliferation of interconnected systems and the increasing sophistication of cyber threats necessitate novel strategies to fortify network defenses and ensure resilience in the face of adversarial activities. The research problem revolves around the need to develop an effective method for detecting and categorizing reconnaissance and violent attacks within cyberspace networks, particularly those utilizing the CAN protocol. Despite advancements in security protocols and intrusion detection systems, existing methodologies often fall short in accurately distinguishing between benign and malicious network activities, leaving critical infrastructure vulnerable to exploitation. This research uses digital watermarking to embed metadata within network packets, Huffman coding for efficient data compression, and advanced attack classification algorithms for real-time threat identification. The experimental results demonstrate the efficacy of the proposed approach in accurately differentiating between reconnaissance probes and violent attacks, thereby enabling timely and targeted responses to mitigate security threats.

Towards a Hybrid Security Framework for Phishing Awareness Education and Defense

The rise in generative Artificial Intelligence (AI) has led to the development of more sophisticated phishing email attacks, as well as an increase in research on using AI to aid the detection of these advanced attacks. Successful phishing email attacks severely impact businesses, as employees are usually the vulnerable targets. Defense against such attacks, therefore, requires realizing defense along both technological and human vectors. Security hardening research work along the technological vector is few and focuses mainly on the use of machine learning and natural language processing to distinguish between machine- and human-generated text. Common existing approaches to harden security along the human vector consist of third-party organized training programmes, the content of which needs to be updated over time. There is, to date, no reported approach that provides both phishing attack detection and progressive end-user training. In this paper, we present our contribution, which includes the design and development of an integrated approach that employs AI-assisted and generative AI platforms for phishing attack detection and continuous end-user education in a hybrid security framework. This framework supports scenario-customizable and evolving user education in dealing with increasingly advanced phishing email attacks. The technological design and functional details for both platforms are presented and discussed. Performance tests showed that the phishing attack detection sub-system using the Convolutional Neural Network (CNN) deep learning model architecture achieved the best overall results: above 94% accuracy, above 95% precision, and above 94% recall.