Analysis Of Cyber Attacks Research Articles

Analysis of Cyber Attacks Using Honeypot

In the cybersecurity world, the concept of a honeypot is generally referred to as trap systems that have real system behaviors, intentionally leave a security gap, and aim to collect information about cybercriminals who want to access them. It is a computer system that sets itself as a target to attract cyberattacks like bait. It is used to imitate a target such as cyberattackers and to learn about attack attempts, ways of working, or to distract them from other targets. In this study, a VoIP-based honeypot was used to determine the profiles of cyberattacks and attackers. A network environment was created using a low-interaction honeypot to analyze the behavior of cyberattackers and identify the services frequently preferred by these individuals. The honeypot in the network environment was monitored for a period of 90 days. 105,308 events were collected regarding protocols such as Telnet, SIP, SSH, SMB, and HTTP. According to the results obtained, the proposed method performed a detailed analysis of the services from which cyberattacks came and the behaviors of the people who carried out these attacks. In addition, the highest level of understanding of user interaction was achieved thanks to the VoIP-based honeypot.

Common pitfalls when mitigating cyber risk : Addressing socio-behavioural factors

Although humans constitute a pivotal dimension of the cyber security attack surface, prevailing approaches are often ineffective at addressing human risk. From the vantage point of three key socio-behavioural perspectives, a critical analysis of contemporary cyberattacks and cyber security practices offers insights and a range of opportunities to manage the human factor in cyber security. First, the role of metaphors in shaping cyber security discourse, particularly militaristic analogies, is analysed, supported by research advocating for careful metaphor selection to enhance comprehension, foster shared responsibility and reduce counterproductive assumptions. Secondly, the paper explores the significance of psychological safety within organisational cultures. It discusses the concept of a ‘just culture’ and the impact of cultivating an environment that encourages risk reporting. The discussion expands to highlight the interconnectedness of security culture with broader organisational values, emphasising the critical role of leadership in shaping resilient cyber security postures. Finally, an examination of blame-centric practices and associated consequences provides an insight into less visible forms of victim blaming, such as phishing tests and traditional training-centric strategies. It offers a psychological perspective on the distinction between blame and accountability and highlights the need for a shift away from a compliance-based focus towards a positivist approach. In presenting insights from these three key perspectives, this paper offers opportunities to innovatively manage socio-behavioural risk in cyber security, critiquing prevailing approaches that fail to do so. By linking metaphors, psychological safety and blame-centric practices, it contributes to a comprehensive understanding of the human dimension in cyber security and provides a foundation for advancing effective risk management strategies.

Joint relational triple extraction with enhanced representation and binary tagging framework in cybersecurity

The cyber threat intelligence (CTI) knowledge graph is a valuable tool for aiding security practitioners in the identification and analysis of cyberattacks. These graphs are constructed from CTI data, organized into relational triples, where each triple comprises two entities linked by a particular relation. However, as the volume of CTI data is expanding at a faster rate than predicted, existing technologies are unable to extract relational triples quickly and accurately. This work mainly focuses on the extraction of relational triples in CTI data, which is achieved by an enhanced representation and binary tagging framework (ERBTF). Firstly, we introduce embedding representations for relations and concatenate these with word embeddings to obtain the initial hidden representation. Subsequently, we employ a novel dilated convolutional encoder that consists of a dilated convolution neural network, gate mechanism and residual connection to enhance the learned contextual representation. Afterwards, we adopt an attention module that includes multi-head self-attention and position-wise feed-forward neural network to allocate greater attention to words that significantly influence the specific relation. Additionally, we utilize the straightforward yet efficient binary entity tagger to identify subject and object entities under different relations for constructing relational triples. We conduct massive experiments on relational triple extraction from CTI data, the results show that ERBTF is superior to the existing relation extraction models, and achieves state-of-the-art performance.

Enhancing Cybersecurity in Smart Manufacturing: A Comprehensive Approach

The industry 4.0 defines a new era of much efficient and intelligent manufacturing processes that works in integration with other advanced technologies like AI, Big data, Block chain, etc. The smart manufacturing industry has remarkably evolved due to integration of advanced technologies like cyber-physical systems (CPS), Internet of Things (IoT), digital twins that makes up a highly connected infrastructure where data flows in real time. However, the involvement of these technologies has also significantly increased the exposure of manufacturing industry to the cyber threats. This article investigates several security challenges and major threats that are associated with the manufacturing industry. It evaluates various security implementations including digital twins, machine learning, and block chain based on their effectiveness, scalability, and feasibility in terms of security. Through a comprehensive literature review, case study analysis of notable cyberattacks and qualitative exploratory methods, this study explores the best line of defence against the cyber threats. Our findings highlight the critical role of robust and adaptive multiple line of defense mechanisms in mitigating cyber risks. The research concludes by emphasizing the need for an effective security strategy that combines advanced technological solutions with continuous employee education and proactive threat management to safeguard smart manufacturing processes against evolving cyber threats.

Brute forcing on secured shell servers emphasising the role of cyber forensics - a quali-quantitative study.

Increasing numbers of cyber attacks threaten us personally and professionally. Cyber crimes include obtaining sensitive information (medical or financial) but may extend to organising heinous crimes including murders and aggravated sexual assaults. A major vector of cyber crimes is brute force attacks on secured shell servers. This research highlights the prevalence of the intensity of brute force attacks on secured shell servers via quali-quantitative analysis of cyber attacks. The brute force attacks were recorded over a period of 20 days with the help of logs taken from five dedicated servers installed in a production environment. There were a minimum of 6470 and maximum of 22,715 attacks on a server per day. The total number of attacks on all the servers during the study period was 1,065,920. The brute force attacks were mainly targeted at the service network accounts. Growth of the field of cyber forensics is the optimal solution to prevent the malicious use of internet services and the commissioning of crimes by this means.

Interconnected and resilient: A CGE analysis of AI-driven cyberattacks in global trade.

The burgeoning interconnectedness of global trade in the digital age not only presents enticing opportunities but also harbors potent vulnerabilities of artificial intelligence (AI)-driven cyberattacks. This study explores the cascading impacts of these disruptive threats on economies, supply chains, and trade, utilizing the intricate lens of Computable General Equilibrium modeling. Through meticulously designed simulation scenarios, we illuminate the potential economic ramifications of cyberattacks, with a focus on regions heavily reliant on digital technologies and interwoven supply chains. The analysis reveals significant declines in real GDP, trade prices and volumes, and trade route disruptions across regions. Notably, economies like China, the United States, the United Kingdom, and the EU, due to their deep integration in global networks, face pronounced vulnerabilities. However, amidst this bleak landscape, hope emerges in the form of cyber resilience. The study showcases the effectiveness of proactive measures like adaptable production systems, diversified trade partners, and robust cybersecurity infrastructure in mitigating the adverse impacts of cyberattacks. Incorporating cyber resilience significantly dampens the reported negative consequences, highlighting the critical role of preparedness in combating digital warfare. This study underscores the urgent need for a global paradigm shift toward cyber resilience. Collective efforts to bolster cybersecurity infrastructures, foster international cooperation in threat intelligence, and establish open and resilient trade frameworks are crucial in navigating the treacherous labyrinth of AI-driven cyberattacks. By embracing resilience strategies and fostering global collaboration, we can pave the way for a more secure and prosperous digital future, where interconnectedness becomes a tool for progress, not a vulnerability to be exploited.

Speech emotion recognition systems and their security aspects

Speech emotion recognition (SER) systems leverage information derived from sound waves produced by humans to identify the concealed emotions in utterances. Since 1996, researchers have placed effort on improving the accuracy of SER systems, their functionalities, and the diversity of emotions that can be identified by the system. Although SER systems have become very popular in a variety of domains in modern life and are highly connected to other systems and types of data, the security of SER systems has not been adequately explored. In this paper, we conduct a comprehensive analysis of potential cyber-attacks aimed at SER systems and the security mechanisms that may prevent such attacks. To do so, we first describe the core principles of SER systems and discuss prior work performed in this area, which was mainly aimed at expanding and improving the existing capabilities of SER systems. Then, we present the SER system ecosystem, describing the dataflow and interactions between each component and entity within SER systems and explore their vulnerabilities, which might be exploited by attackers. Based on the vulnerabilities we identified within the ecosystem, we then review existing cyber-attacks from different domains and discuss their relevance to SER systems. We also introduce potential cyber-attacks targeting SER systems that have not been proposed before. Our analysis showed that only 30% of the attacks can be addressed by existing security mechanisms, leaving SER systems unprotected in the face of the other 70% of potential attacks. Therefore, we also describe various concrete directions that could be explored in order to improve the security of SER systems.

Artificial Intelligence Predictions in Cyber Security: Analysis and Early Detection of Cyber Attacks

Artificial Intelligence Predictions in Cyber Security: Analysis and Early Detection of Cyber Attacks

Estimating Malware Impact on Network Traffic Analysis by Using Wireshark

With the increasing prevalence of advanced cyber threats, there is a growing need for effective cybersecurity measures that can detect and visualize malware attacks. This research introduces an integrated approach that combines malware detection techniques with geospatial visualization methods to enhance the identification and analysis of cyber-attacks. By analyzing packets in the HTTP protocol, we identify suspicious file transfers and compute their hash values for further examination. To assess the threat level of these transferred files, we utilize the Virus Total platform to conduct comprehensive scans for malware. At the same time, by utilizing geolocation data, we map out both the origins and destinations of these attacks, providing valuable spatial context for understanding global patterns in cyber threats. In addition to enabling the identification of potentially harmful files, the proposed approach also provides a comprehensive visualization of how these threats are spread geographically. Our findings contribute to advancing cybersecurity strategies by facilitating proactive threat mitigation and enhancing incident response capabilities. The integration of malware detection, hash analysis, and geospatial visualization emphasizes the importance of adopting a multidimensional approach in strengthening network security infrastructure.

Impact Analysis of Cyber Attacks against Energy Communities in Distribution Grids

With the advancement of regulations regarding the reduction in carbon emissions, renewable energy communities have come into the picture. However, many implications come with the installation of these communities from a cybersecurity point of view. The software platforms responsible for managing and controlling them handle a lot of crucial information, and therefore, tampering with these data can lead to several impacts on the operation of these communities and, in turn, the power grid as well. This paper examines the plausible impacts that can be caused by altering certain parameters of the system that make it a potential cyber attack target. The analysis is done by observing how the grid responds to these manipulations for both low-voltage as well as medium-voltage systems. These systems are designed along with integrated energy communities and are implemented in MATLAB/Simulink R2022b software. The observations are made by plotting the grid voltage and power profiles in normal as well as attacked conditions.

Proactive Analysis and Detection of Cyber-attacks using Deep Learning Techniques

Objectives: This study objective is to create a proactive forensic framework with a classification model to identify the malicious content to avoid cyber-attacks. Methods: In this proposed work, a novel framework is introduced to analyze and detect network attacks before it happens. It monitors the network packet flow, captures the packets, analyzes the packet flow proactively, and detects cyber-attacks using different machine learning algorithms and Deep Convolution Neural network (CNN) technique. The KDD dataset is used in this experiment with 30% for testing and 80% for training. Findings: The simulation results show that the detection percentage of the proposed framework reaches a maximum of 95.92% in different scenarios. It is approximately 10% higher than the existing proactive frameworks for example Gawand’s model, Ahmetoglu’s model and many more. Novelty and applications: The proposed framework is a proactive model which detects the cyber-attack in prior to avoid cyber-attacks. The deep CNN model highly efficient for detecting cyber-attack. Keywords: Proactive Forensic Framework, Deep CNN, Classification Algorithms, Cyber attack detection, Intrusion Detection System

Law in orbit: International legal perspectives on cyberattacks targeting space systems

Space sector systems enable numerous critical functions and are often integrated into existing telecommunications infrastructure to enhance network connectivity coverage and capacity. Amid escalating cyber threats, this paper examines the application of international law to cyber operations targeting space infrastructure, addressing a critical gap in discourse. While declarations by global entities affirm the applicability of international law to cyberattacks, the complexities of cyberspace, compounded by the unique aspects of space infrastructure, pose challenges in implementation. Recognizing the absence of global cyber law and a lack of customary international law regarding cyber operations on space infrastructure, this study provides one of the first legal examinations via case analysis of cyberattacks on space infrastructures, both terrestrial and orbital, through the lens of international humanitarian law, the law of armed conflict, and outer space law. This paper adopts a comprehensive approach, considering perspectives from differing national stances as we review three main principles of international law: the general principle of sovereignty, the prohibition of intervention, and the prohibition of the use of force. Based on our analysis of three hypothetical but realistic cyber operation scenarios, international law can apply to cyberattacks on space infrastructure, and violations can occur if all conditions of a given law are met and attribution can be made to a state actor. Yet, applying these laws in a cyber context has proven to cause some complexities and disagreements, and it would be a mistake to ignore the reality that there is still significant ambiguity and varying interpretations, which could impede the unequivocal enforcement and application of these laws in such scenarios.

Використання методу верифікації FMEDA/FIT для оцінювання кібербезпеки програмованого логічного контролера: нова інтерпретація принципу SIS

The object of this study is a programmable logic controller (safety PLC), which is part of an information and control system designed for safe management of important technological processes. The subject of this study is the substantiation of the legality of reusing the results obtained during the development of the safety PLC in accordance with the requirements of functional safety to assess the level of its cyber security. The purpose of this work is to investigate the possibility of "cross" evaluation of the safety characteristics of the safety PLC, namely, the possibility of evaluating the level of cyber security of the programmable logic controller based on known data regarding its level of functional safety, in order to optimize the use of available resources in the project. The study tasks are following: to provide a theoretical basis for the relationship between safety PLC characteristics such as functional safety and cybersecurity. Determine the metrics by which it will be possible to assess the degree of reuse of existing results. Perform an analysis of potential cyberattacks depending on the architecture of the information and control system, which performs security functions, as well as on the possible modes of its use. Determine and evaluate the degree of "cross" influence of critical characteristics of the research object. To perform a calculation analysis of the potential financial and time gain from the reuse of already known results for the minimum configuration of the safety PLC. Conclusions. The study demonstrated the relevance of the question of assessing the cybersecurity of a programmable logic controller based on the use of existing data, regarding its level of functional security (SIL). The proposed approach provides opportunities to significantly optimize the use of resources in safety PLC certification projects. However, the main methodological conclusion is that the well-known principle of Security Informed Safety can be developed and used in practice in the opposite direction, as Security supported/assessed by Safety. That is, to the principle of "assessment of functional safety taking into account/on information (cyber) security" the principle of "assessment of information (cyber) security with the support of/taking into account the results of the assessment of functional security" is added.

Кібербезпека в енергетиці на тлі швидкого розвитку штучного інтелекту

The problems of protecting information resources from cyberattacks of public and private en-terprises are considered based on the analysis of data in the USA for 2022, taking into account the type of cyberattack and estimates of the damage caused. The analysis of cyberattacks allows us to conclude that the security of information resources depends on the human factor for more than 90 percent and it is in this direction that maximum efforts should be made. Improving the protection of information resources is not possible without the use of artificial intelligence (AI). The possibilities of the influence of AI on the cyber defense of the energy industry are consid-ered and areas that require attention in the development of systems of protection against cyber attacks, which are "doomed" to attract the achievements of AI, are proposed. At the same time, it is taken into account that AI not only allows you to increase protection against cyber attacks, but can also make computer networks less secure. And the extraordinary capabilities of neural networks require the urgent creation of agreed international protocols for their developers.

Cybersecurity risk analysis of multifunctional UAV fleet systems: a conceptual model and IMECA-based technique

The subject of this study is to ensure the cybersecurity of systems of multifunctional UAV fleets (SMF UAV). The purpose of this study is to identify and analyze the risks associated with the cybersecurity of multi-functional UAV fleets, develop models of threats, vulnerabilities, and attacks, and conduct IMECA analysis of cyber-attacks. Tasks: 1) analyze threats that may affect the security of multifunctional UAV fleets; 2) identify system vulnerabilities and their possible consequences in case of exploitation; 3) develop models of the system infrastructure and threats, vulnerabilities, and attacks, considering the specifics of the functionality and communication between system elements; 4) perform a risk-based analysis, identifying and classifying potential threats and their impact. The following results were obtained. The following results were obtained. 1. Cybersecurity threats to multifunctional UAV fleets are described and classified. 2. Identified and analyzed system vulnerabilities and their potential consequences. 3. Developed models of threats, vulnerabilities, and cyberattacks, considering the specifics of the UAV fleet. 4. Conducted a risk-based analysis, determined the level of threat, and developed recommendations for improving the cybersecurity of the UAV fleet based on the results of the IMECA analysis. Conclusions. The research emphasizes the importance of the developed model and tool for the detection and analysis of cyber threats to the SMF UAV. This allows increasing the cybersecurity and reliability of the system and ensuring timely response to cyber threats. Areas for further research: development of a model and method to consider the specifics of cyber threats and the technological characteristics of the SMF infrastructure; development and implementation of proactive protection tools in the context of combined cyber-attacks; and expansion of the scope of these tools in various industries, including smart cities.

A Hybrid Physical Co-Simulation Smart Grid Testbed for Testing and Impact Analysis of Cyber-Attacks on Power Systems: Framework and Attack Scenarios

With the deployment of numerous innovative smart grid technologies in modern power systems, more real-time communication and control are required due to the complexity and proliferation of grid-connected systems, making a power system a typical cyber-physical system (CPS). However, these systems are also exposed to new cyber vulnerabilities. Therefore, understanding the intricate interplay between the cyber and physical domains and the potential effects on the power system of successful attacks is essential. For cybersecurity experimentation and impact analysis, developing a comprehensive testbed is needed. This paper presents a state-of-the-art Hybrid Physical Co-simulation SG testbed at FIU developed for in-depth studies on the impact of communication system latency and failures, physical events, and cyber-attacks on the grid. The Hybrid SGTB is designed to take full advantage of the benefits of both co-simulation-based and physical-based testbeds. Based on this testbed, various attack strategies are tested, including man-in-the-middle (MitM), denial-of-service (DoS), data manipulation (DM), and setting tampering (change) on various power system topologies to analyze their impacts on grid stability, power flow, and protection reliability. Our research, which is based on extensive testing on several testbeds, shows that using hybrid testbeds is justified as both practical and effective.

Analysis and Mitigation of Cyber-attacks Targeting Infrastructures Operated by IoT Systems

Analysis and Mitigation of Cyber-attacks Targeting Infrastructures Operated by IoT Systems

Minimal Critical Sequences in Model-based Safety and Security Analyses: Commonalities and Differences

Discrete event systems are increasingly used as a modeling tool to assess safety and cybersecurity of complex systems. In both cases, the analysis relies on the extraction of critical sequences. This approach proves to be very powerful. It suffers, however, from the combinatorial explosion of the number of sequences to look at. To push the limits of what is feasible with reasonable computational resources, extraction algorithms use cutoffs and minimality criteria. In this article, we review the principles of extraction algorithms, and we show that there are important differences between critical sequences extracted in the context of safety analyses and those extracted in the context of cybersecurity analyses. Based on this thorough comparison, we introduce a new cutoff criterion, so-called footprint, that aims at capturing the willfulness of an intruder performing a cyberattack. We illustrate our presentation by means of three case studies, one focused on the analysis of failures and two focused on the analysis of cyberattacks and their effects on safety. We show experimentally the interest of the footprint criterion.

Research on Cyber Attacks and Defensive Measures of Power Communication Network

With the wide application of information and communication technologies, a great number of cyber vulnerabilities threaten the security and stability of the power system. Therefore, this paper analyzed the intrusion paths, the invasion mechanisms, and the possible consequences of most potential attacks in power communication networks (PCNs); a method for classifying and evaluating defense measures considering security indexes is also proposed. Firstly, the typical structure and hierarchy of PCNs are sorted out. Secondly, we study the potential cyber-attacks that may occur against PCNs and classify them into hot-spot attacks and non-hot-spot attacks based on academic research and statistical analysis of historical cyber-attacks. Then, the potential target devices, propagation paths, and possible consequences to PCNs are analyzed in detail for different cyber-attacks. Thirdly, a security index system to assess the resistibility, recognizability, and recoverability of different defense measures is proposed. Based on the capability of different measures against cyber-attacks, the defensive measures are classified into resistibility enhancement measures, recognizability enhancement measures, and recoverability enhancement measures. Accordingly, the mechanisms of different defense measures are analyzed. After that, the effectiveness of each defense measure is evaluated based on the degree of correlation between the defense measure and the security indexes.

Artificial Intelligence-Based Cyber Security in the Context of Industry 4.0—A Survey

The increase in cyber-attacks impacts the performance of organizations in the industrial sector, exploiting the vulnerabilities of networked machines. The increasing digitization and technologies present in the context of Industry 4.0 have led to a rise in investments in innovation and automation. However, there are risks associated with this digital transformation, particularly regarding cyber security. Targeted cyber-attacks are constantly changing and improving their attack strategies, with a focus on applying artificial intelligence in the execution process. Artificial Intelligence-based cyber-attacks can be used in conjunction with conventional technologies, generating exponential damage in organizations in Industry 4.0. The increasing reliance on networked information technology has increased the cyber-attack surface. In this sense, studies aiming at understanding the actions of cyber criminals, to develop knowledge for cyber security measures, are essential. This paper presents a systematic literature research to identify publications of artificial intelligence-based cyber-attacks and to analyze them for deriving cyber security measures. The goal of this study is to make use of literature analysis to explore the impact of this new threat, aiming to provide the research community with insights to develop defenses against potential future threats. The results can be used to guide the analysis of cyber-attacks supported by artificial intelligence.