Advanced Cyber Attacks Research Articles

Digital Sentinels and Antagonists: The Dual Nature of Chatbots in Cybersecurity

Advancements in artificial intelligence, machine learning, and natural language processing have culminated in sophisticated technologies such as transformer models, generative AI models, and chatbots. Chatbots are sophisticated software applications created to simulate conversation with human users. Chatbots have surged in popularity owing to their versatility and user-friendly nature, which have made them indispensable across a wide range of tasks. This article explores the dual nature of chatbots in the realm of cybersecurity and highlights their roles as both defensive tools and offensive tools. On the one hand, chatbots enhance organizational cyber defenses by providing real-time threat responses and fortifying existing security measures. On the other hand, adversaries exploit chatbots to perform advanced cyberattacks, since chatbots have lowered the technical barrier to generate phishing, malware, and other cyberthreats. Despite the implementation of censorship systems, malicious actors find ways to bypass these safeguards. Thus, this paper first provides an overview of the historical development of chatbots and large language models (LLMs), including their functionality, applications, and societal effects. Next, we explore the dualistic applications of chatbots in cybersecurity by surveying the most representative works on both attacks involving chatbots and chatbots’ defensive uses. We also present experimental analyses to illustrate and evaluate different offensive applications of chatbots. Finally, open issues and challenges regarding the duality of chatbots are highlighted and potential future research directions are discussed to promote responsible usage and enhance both offensive and defensive cybersecurity strategies.

A machine learning-enhanced endpoint detection and response framework for fast and proactive defense against advanced cyber attacks

A machine learning-enhanced endpoint detection and response framework for fast and proactive defense against advanced cyber attacks

Design Procedure for Real-Time Cyber–Physical Systems Tolerant to Cyberattacks

Modern industrial automation supported by Cyber–Physical Systems (CPSs) requires high flexibility, which is achieved through increased interconnection between modules. This interconnection introduces a layer of symmetry into the design and operation of CPSs, balancing the distribution of tasks and resources across the system and streamlining the flow of information. However, this adaptability also exposes control systems to security threats, particularly through novel communication links that are vulnerable to cyberattacks. Traditional strategies may have limitations in these applications. This research proposes a design approach for control applications supported by CPSs that incorporates cyberattack detection and tolerance strategies. Using a modular and adaptive approach, the system is partitioned into microservices for scalability and resilience, allowing structural symmetry to be maintained. Schedulability assessments ensure that critical timing constraints are met, improving overall system symmetry and performance. Advanced cyberattack detection and isolation systems generate alarms and facilitate rapid response with replicas of affected components. These replicas enable the system to recover from and tolerate cyberattacks, maintaining uninterrupted operation and preserving the balanced structure of the system. In conclusion, the proposed approach addresses the security challenges in CPS-based control applications and provides an integrated and robust approach to protect industrial automation systems from cyber threats. A case study conducted at a juice production facility in Colima, México, demonstrated how the architecture can be applied to complex processes such as pH control, from simulation to industrial implementation. The study highlighted a plug-and-play approach, starting with component definitions and relationships, and extending to technology integration, thereby reinforcing symmetry and efficiency within the system.

SMRD: A Novel Cyber Warfare Modeling Framework for Social Engineering, Malware, Ransomware, and Distributed Denial-of-Service Based on a System of Nonlinear Differential Equations

Cyber warfare has emerged as a critical aspect of modern conflict, as state and non-state actors increasingly leverage cyber capabilities to achieve strategic objectives. The rapidly evolving cyber threat landscape demands robust and adaptive approaches to protect against advanced cyberattacks and mitigate their impact on national security. Traditional cyber defense strategies often struggle to keep pace with the rapidly changing threat landscape, resulting in the need for more robust and adaptive approaches to protect against advanced cyberattacks. This paper presents a novel cyber warfare modeling framework, Social Engineering, Malware, Ransomware, and Distributed Denial-of-Service (SMRD), capturing the interactions and interdependencies between these core components. The SMRD framework offers insights for enhancing cyber defense, threat prediction, and proactive measures. A mathematical model consisting of a system of nonlinear differential equations is proposed to quantify the relationships and dynamics between the components.

Blockchain-Enhanced Privacy Protection in Social Network Research and Applications

While social networks offer users unprecedented convenience and connectivity, they inadvertently risk exposing sensitive user data. To address the juxtaposition of utility and vulnerability, this paper delves into the potential of blockchain technology as a tool for enhancing privacy protection within social networks. By first critiquing the limitations of current protective measures, it becomes clear where traditional methods fall short in counteracting common avenues of privacy breaches. This paves the way for the integration of blockchain technology into the privacy infrastructure of social networks. The paper elucidates the core cryptographic principles underpinning blockchain and, by drawing from real-world applications such as ShoCard, underscores the advantages that this nascent technology brings to the fore. Despite the evident merits, challenges remain, especially as the technology becomes a potential target for advanced cyber-attacks. The incorporation of elements like smart contracts, digital signatures, and decentralized storage manifests blockchain's promise in building a robust digital fortress, safeguarding user privacy. However, as the technology is still in its evolutionary phase, ongoing research must address vulnerabilities and ensure a holistic defense against potential threats.

Кибератаки: иммерсионная образовательная среда и ее формирование

The article discusses the features of the formation of an immersion educational environment using a controlled simulator of computer attacks. The use of a controlled simulator of computer attacks as a method of teaching students disciplines related to information security is considered. This tool allows you to simulate various types of attacks on an information system and conduct training to improve its protection skills. Immersion educational environment in the field of information security – allows you to implement the principle of interactive learning with a nonlinear learning scenario and involvement in the process of the teacher and the student using information technology. The use of controlled simulators makes it possible to check the stability of computer networks and other systems to advanced cyber attacks and develop effective methods to combat them. To organize such an immersive educational environment, it is advisable to involve software manufacturers on the principles of strategic partnership.

Enhanced Intrusion Detection with LSTM-Based Model, Feature Selection, and SMOTE for Imbalanced Data

This study introduces a sophisticated intrusion detection system (IDS) that has been specifically developed for internet of things (IoT) networks. By utilizing the capabilities of long short-term memory (LSTM), a deep learning model renowned for its proficiency in modeling sequential data, our intrusion detection system (IDS) effectively discerns between regular network traffic and potential malicious attacks. In order to tackle the issue of imbalanced data, which is a prevalent concern in the development of intrusion detection systems (IDSs), we have integrated the synthetic minority over-sampling technique (SMOTE) into our approach. This incorporation allows our model to accurately identify infrequent incursion patterns. The rebalancing of the dataset is accomplished by SMOTE through the generation of synthetic samples belonging to the minority class. Various strategies, such as the utilization of generative adversarial networks (GANs), have been put forth in order to tackle the issue of data imbalance. However, SMOTE (synthetic minority over-sampling technique) presents some distinct advantages when applied to intrusion detection. The SMOTE is characterized by its simplicity and proven efficacy across diverse areas, including in intrusion detection. The implementation of this approach is straightforward and does not necessitate intricate adversarial training techniques such as generative adversarial networks (GANs). The interpretability of SMOTE lies in its ability to generate synthetic samples that are aligned with the properties of the original data, rendering it well suited for security applications that prioritize transparency. The utilization of SMOTE has been widely embraced in the field of intrusion detection research, demonstrating its effectiveness in augmenting the detection capacities of intrusion detection systems (IDSs) in internet of things (IoT) networks and reducing the consequences of class imbalance. This study conducted a thorough assessment of three commonly utilized public datasets, namely, CICIDS2017, NSL-KDD, and UNSW-NB15. The findings indicate that our LSTM-based intrusion detection system (IDS), in conjunction with the implementation of SMOTE to address data imbalance, outperforms existing methodologies in accurately detecting network intrusions. The findings of this study provide significant contributions to the domain of internet of things (IoT) security, presenting a proactive and adaptable approach to safeguarding against advanced cyberattacks. Through the utilization of LSTM-based deep learning techniques and the mitigation of data imbalance using SMOTE, our AI-driven intrusion detection system (IDS) enhances the security of internet of things (IoT) networks, hence facilitating the wider implementation of IoT technologies across many industries.

Optimizing AI-Based Automated Security Patch Deployment in IoT Devices to Combat Zero-Day Exploits and Advanced Cyber Attacks

This research shows a complete security design for Internet of Things (IoT) devices. It improves security by using five methods that work together. At the beginning of the process, a machine learning-based method for ranking changes is used. Then, architectures are put in place for scalable patch distribution, anomaly detection, dynamic risk assessment, and integrating threat data. Using five connected algorithms, the purpose of this research is to create a complete security framework for Internet of Things devices. Dynamic risk assessment, scalable patch delivery, integration with threat intelligence, and anomaly detection for zero-day vulnerabilities are among its characteristics. It also identifies zero-day vulnerabilities. Furthermore, it prioritises repairs using machine learning data. Every solution seeks to address a specific component of IoT security, such as dynamic risk assessments, effective patch distribution, and patch prioritisation based on vulnerability data. It is critical to maintain the Internet of Things ecosystem's safety, flexibility, and efficiency. An integrated approach provides a strong defence against cyberattacks, which is crucial for ecosystem preservation.With this system, you can get better accuracy, flexibility, and resource use than with other methods. To help explain how the methods work, charts and flowcharts are used. The ablation study indicates that each method is important because it shows how they all help keep IoT devices safe. The suggested design considers how cyber risks are always changing to protect connected devices in a lot of different places from hackers.

Advanced Cyber Attack Detection Using Generative Adversarial Networks and NLP

A key difficulty in the ever-changing cybersecurity scene is the detection of sophisticated cyber-attacks. Because new threats are so much more sophisticated and difficult to detect, traditional tactics typically fail. A new technique to improving cyber-attack detection skills is explored in this study. It uses Generative Adversarial Networks (GANs) and Natural Language Processing (NLP). Using GANs' realistic data generation capabilities, possible attack paths are simulated, creating a strong dataset for training detection systems. At the same time, natural language processing (NLP) methods are used to decipher the mountain of textual information produced by cyberspace, including incident reports, communication patterns, and logs. Our approach is based on building a fake dataset using GANs that mimics the features of advanced cyberattacks. A detection model is then trained using this dataset. Simultaneously, we improve the detection model's capacity to spot intricate and nuanced assault patterns by processing and analysing text-based data using natural language processing approaches. We use a benchmark cybersecurity dataset to test the integrated method. The experimental findings show that our GAN-NLP based detection system outperforms existing systems, which have an average accuracy of 85.3%, by a wide margin. It achieves a recall of 93.2%, precision of 92.5%, and accuracy of 94.7%. These findings prove that GANs and NLP work well together to identify complex cyberattacks. Finally, GANs and NLP together provide a potent instrument for better cyber-attack detection. A scalable solution that can adapt to the ever-changing nature of cyber threats is offered by this integrated approach, which also increases detection accuracy and efficiency. Improving the models and investigating their use in a real-world cybersecurity setting will be the primary goals of future research.

HTTPSmell: A Deep Learning Approach on Malicious HTTP Traffic Detection via Data Augmentation and Label Refactoring

Anomaly detection is essential to ensuring system security and reliability. As one of the basic techniques in the cyberattack, the existing malicious traffic classification method has been facing diverse challenges such as insufficient samples, poor denoising ability, and weak generalization of the classification model. In this paper, we propose a novel method for detecting malicious HTTP traffic based on a framework (HTTPSmell; it refers to the sniffing of some network attacks launched by exploiting the HTTP protocol.)), and XSS dataset obtained from GitHub that automatically applies a deep learning model with high generalization ability even under a small training dataset. With HTTPSmell, we are able to achieve positive results from a semisupervised model that leverages the unsupervised data augmentation (UDA) and the keywords library avoidance (KLA)‐based data augmentation method that holds higher learning generalization, higher scenario coverage rate, and better detection efficiency in the smaller training samples. Finally, we demonstrate through comprehensive experiments in the realistic enterprise environment that HTTPSmell can achieve an accuracy of 96.77% for identifying complex and advanced cyberattacks, while only maintaining a constant 60 MB of memory and sustaining up to 27 k/s throughput.

Modified Of Evaluating Shallow And Deep Neural Networks For Network Intrusion Detection Systems In Cyber Security

Abstract—Intrusion Detection Systems (IDS) have developed into a crucial layer in all contemporary Information and Communication Technology (ICT) systems as a result of a demand for cyber safety in real-world situations. IDS advises integrating Deep Neural Networks (DNN) because, among other things, it might be challenging to identify certain types of assaults and advanced cyberattacks are complex (DNNs). DNNs were employed in this study to anticipate Network Intrusion Detection System attacks (N-IDS). The network has been trained and benchmarked using the KDDCup-'99 dataset, and a DNN with a learning rate of 0.001 is used, running for 10 epochs for using the activation model experiment and 8 epochs for using the TensorFlow experiment. Keywords—Intrusion detection system, deep neural networks, machine learning, deep learning

Cyber threat assessment of machine learning driven autonomous control systems of nuclear power plants

Advanced cyber-attacks against critical infrastructure and the energy sector are becoming more common. With the invention of autonomous control systems (ACS) within advanced nuclear reactor designs, system designers, reactor operators, and regulators must consider cybersecurity during the design and operational phases. This article provides a cyber threat assessment of machine learning (ML)-based digital twinning (DT) technologies in the context of advanced reactor ACS. A cyber–physical testbed was created to emulate nuclear reactor digital instrumentation and controls (I&C) and act as a basis for the ACS. The ACS was designed as two plant-level DTs predicting reactor malfunctions and determining control actions and two component-level DTs responsible for classifying component states and forecasting component inputs and outputs (I/O). Two duplicate ACS designs– one using a traditional ML framework and one using an automated ML (AutoML) framework– were created and tested against cyber-attacks on training data, real-time process data, and ML model architectures to determine their respective qualitative cyber-risk in terms of likelihood and impact. Both frameworks showed similar cyber-resilience against training, real-time, and ML architecture attacks, proving that neither is inherently more secure. Recommended safeguard and security measures are posed to system designers, reactor operators, and regulators to maintain the cybersecurity of ML-based DT technologies such as ACS, prompting a holistic view of shared responsibility for maintaining cyber-secure ML-based systems.

Beyond detection: Uncovering unknown threats

Threat management is essential for ensuring an organisation’s security, but traditional strategies often only address known threats, leaving the organisation vulnerable to unknown threats. To be well equipped against advanced cyberattacks, a proactive approach beyond detection that uncovers unknown and emerging threats is necessary. This paper proposes a comprehensive approach to threat management involving the partnership between the threat detection, threat hunting, threat intelligence and threat exposure teams. Various approaches for hunting unknown threats are explored, including simulation, forensics, threat modelling, incident pivoting, deception, and a process to hunt once and automate. Insights detailed in this paper will also help organisations make informed decisions on resources and practices around threat hunting. The proposed strategy emphasises the need for a proactive and iterative approach to threat management, allowing organisations to stay ahead of adversaries and be prepared for unknown threats.

Applications of Deep Learning Approaches to Detect Advanced Cyber Attacks

The number and sophistication of cyber attacks have grown, making it tougher to detect and prevent them using traditional security technologies. Improving cyber threat identification and response has been greatly enhanced by deep learning, a subset of machine learning. Learn how to spot advanced cyberattacks with the help of Deep Learning algorithms in this article. The proposed approach collects, categorises, and arranges network traffic data using convolutional neural networks (CNNs) and intermittent neural networks (RNNs). Combining the RNN with the CNN allows us to capture temporal dependencies and derive spatial properties from the network data. In order to find the most important qualities for classification, the proposed method also incorporates a feature selection stage. To demonstrate that the proposed system outperforms signature-based and example AI systems in terms of exactness, accuracy, review, and F1-score, we conduct an exhibition survey using various datasets. An effective tool for improving cyber defences, the proposed method can detect zero-day and previously unknown attacks.

AI-based quantum-safe cybersecurity automation and orchestration for edge intelligence in future networks

The AIQUSEC (AI-based quantum secure cyber security automation and orchestration in the edge intelligence of future networks) brings measurable advances to the cyber security of access and edge networks and their services, as well as Operational Service Technologies (OT). The research aims for significant cybersecurity scalability, efficiency, and effectiveness of operations through improved and enhanced device and sensor securities, security assurance, quantum security, and Artificial Intelligence (AI) based automation solutions. The new application scenarios of near future, the multiple stakeholders within each scenario, and the higher data volumes raise the need for novel cybersecurity solutions. Recently, OT cybersecurity threat landscape has become wider, due to the increase digitalization of services, the increase in virtualization and slicing of networks, as well as the increase in advanced cyber-attacks. Because of recent advances in computing power, AI in cybersecurity analyzing and validations is now becoming a reality. A significant part of currently used encryption technologies which secures communications and infrastructures might become instantly penetrable when quantum computing becomes available. Enabling quantum-safety migration development is a clear goal to the project. The research develops a state-of-the-art information security verification and validation environment that supports the integration of cyber security systems as a reference model, focusing on architectural choices and network connection from different vertical use cases. With the help of the platform and the reference model, common cybersecurity capabilities and requirements can be built, tested, and validated, as well as their fulfillment. In addition to the environment mentioned above, the results of the research are demonstrated and utilized in critical communication systems, water utilities, industrial environments, in physical access solutions and remote work. The developed platform can also be used for auditing devices, systems, and software’s in the future. The research integrates new quantum-safe artificial intelligence-based, hardware-hardened, and scalable cybersecurity solutions that have been validated in a standardized way. In this research, we also deal with the requirements of the EU sustainable growth program - issues related to the green transition.

DKaaS: DARK-KERNEL as a service for active cyber threat intelligence

Cyber Threat Intelligence(CTI) plays an indispensable role in providing evidence-based knowledge to plan defensive strategies against advanced cyber attacks. Most threat intelligence data originate from security researchers, vendor blogs, list of threat indicators, and commercial cyber security firms. However, as attack surfaces become more dynamic and threat actors shift towards organization/sector-specific attacks, generic threat information is no longer adequate to safeguard against these targeted attacks. In such scenarios, darknet data can be an invaluable source of threat information at the enterprise level as in darknet, the traffic is destined for a range of unused IP addresses. As these IP addresses are unused, the traffic destined for them is considered suspicious and can serve as a valuable source for threat intelligence. Darknet monitoring is done in either active or passive mode. Passive darknet monitoring gives generic information without active engagement with the attacker devices. So, we developed a novel method for gathering threat intelligence via active darknet monitoring by designing a kernel-level darknet sensor that engages incoming traffic by establishing a 3-way handshake. We called it DARK-KERNEL in our previous work. This work aims to implement DARK-KERNEL as a Service (DKaaS) for organization-level threat intelligence. To achieve this, we deploy the DARK-KERNEL by assigning four unused public IP addresses. We gather 37 days of traffic and provide a comprehensive analysis of captured data using Security Onion and several automated scripts. In addition, we highlight a few attacks to define the effectiveness of DKaaS. Finally, we propose a novel framework that integrates DKaaS with a customizable Security Orchestration and Response (SOAR) engine to deploy behavioral honeypots to lure sophisticated attackers.

Security Model for a Central Bank in Latin America using Blockchain

Banking institutions in Latin America are the target of increasingly sophisticated and advanced cyber-attacks and threats, which increase every year and leave substantial economic losses, due to the high level of global interconnection and digitization of their operations. The objective of this work is to design a model to guarantee information security in a Central Bank in Latin America using Blockchain technology. Exploratory research, observation and inductive and deductive methods are used to propose Blockchain solutions in a Central Bank. The results are a model for secure transactions in Blockchain, Smart Contract functions and a data management process. It was concluded that the security model for a central bank provides high level of information management and storage of transactions in a secure and immutable way.

Using Deep Reinforcement Learning for Assessing the Consequences of Cyber Mitigation Techniques on Industrial Control Systems

This paper discusses an in-progress study involving the use of deep reinforcement learning (DRL) to mitigate the effects of an advanced cyber-attack against industrial control systems (ICS). The research is a qualitative, exploratory study which emerged as a gap during the execution of two rapid prototyping studies. During these studies, cyber defensive procedures, known as “Mitigation, were characterized as actions taken to minimize the impact of ongoing advanced cyber-attacks against an ICS while enabling primary operations to continue. To execute Mitigation procedures, affected ICS components required rapid isolation and quarantining from “healthy” system segments. However today, with most attacks leveraging automation, mitigation also requires rapid decision-making capabilities operating at the speed of automation yet with human-like refinement. The authors settled on the choice of DRL as a viable solution to this problem due to the algorithm’s designs which involves “intelligent” decisions based upon continuous learning achieved through a rewards system. The primary theory of this study posits that processes informed by data sources relative to the execution path of an advanced cyber-attack as well as the consequences of deploying a particular Mitigation procedure evolve the system into an ever-improving defensive capability. This study seeks to produce a defensive DLR based software agent trained by a DRL based offensive software agent that generates policy refinements based upon extrapolations from a corrupted network state as reported by an IDS and baseline data. Results include an estimation rule that would quantify impacts of various mitigation actions while protecting the operational critical path and isolating an in-progress attack. This study is in a conceptual phase and development has not started.
 This research questions for this study are:
 RQ1: Can this software agent categorize correctly an in-progress cyber-attack and extrapolate the potential ICS assets affected?
 RQ2: Can this software agent categorize novel cyber-attacks and extrapolate a probable attack vector while enumerating affected assets?
 RQ3: Can this software agent characterize how operations are affected by quarantine actions?
 RQ4: Can this software agent generate a set of ranked recommended courses of action by effectiveness, and least negative effects on the operational critical path?

Mitigating the Risk of Advanced Cyber Attacks: The Role of Quality, Covertness and Intensity of Use of Cyber Weapons

ABSTRACT Modern countries employ computer networks that manage organizations in the private and public sectors. Cyber-attacks aim to disrupt, block, delete, manipulate or steal the data held in these networks, which challenge these countries’ national security. Consequently, cybersecurity programs must be developed to protect these networks from cyber-attacks in a manner that is similar to operations against terrorism. This study presents several models that analyze a contest between a network operator (defender) that deploys costly detectors to protect the network and a capable cyber attacker. Generally, when the deployed detectors become more potent or the defender exhibits higher vigilance, the attacker allocates more resources to R&D to ensure that the attack remains covert. We show that detectors may be substitutes, complements, or even degrade each other, implying that defenders must account for the cyber weapons’ characteristics and the attacker’s profile and strategic behavior. We derive the optimal number of detectors when the attacker’s R&D process features R&D spillovers and show that targeted detectors act as deterrents against high-quality weapons only if the attacker’s budget is not substantial. Finally, we demonstrate that common cybersecurity practices may be detrimental from a social-welfare perspective by enhancing an arms race with the attacker.

Security defense against long-term and stealthy cyberattacks

Modern cyberattacks such as advanced persistent threats have become sophisticated. Hackers can stay undetected for an extended time and defenders do not have sufficient countermeasures to prevent advanced cyberattacks. Reflecting on this phenomenon, we propose a game-theoretic model to analyze strategic decisions made by a hacker and a defender in equilibrium. In our game model, the hacker launches stealthy cyberattacks for a long time and the defender decides when to disable a suspicious user based on noisy observations of the user’s activities. Damages caused by the hacker can be enormous if the defender does not immediately ban a suspicious user under certain circumstances, which can explain the emerging sophisticated cyberattacks with detrimental consequences. Our model also predicts that the hacker may opt to be behavioral to avoid worst cases. This is because behavioral cyberattacks are less threatening and the defender decides not to immediately block a suspicious user to reduce cost of false detection.