Cyber Threats Research Articles

DELM: Deep Ensemble Learning Model for Anomaly Detection in Malicious Network Traffic-based Adaptive Feature Aggregation and Network Optimization

With the rapid advancements in internet technology, the complexity and sophistication of network traffic attacks are increasing, making it challenging for traditional anomaly detection systems to analyze and detect malicious network attacks. The increasing advancedness of cyber threats calls for innovative approaches to identify malicious patterns within network traffic precisely. The primary issue lies in the fact that these approaches do not focus on the essential adaptive features of network traffic. We proposed an effective anomaly detection system for malicious network traffic attacks called the Deep Ensemble Learning Model (DELM). We leverage the structure of the Feedforward Deep Neural Network (FDNN), and Deep Belief Network (DBN), incorporating multiple hidden layers with non-linear activation functions. Integrating Adaptive Feature Aggregation (AFA) with the FDNN algorithm dynamically adjusts the feature aggregation process based on incoming traffic characteristics to improve adaptability. The Conditional Generative Network was employed to enhance DELM for generating data for minority classes. To improve the model’s accuracy, we applied batch normalization and data augmentation techniques for preprocessing, utilized n-gram, one-hot encoding, and feature aggregation methods for effective feature extraction. This study significantly contributes to network security by enhancing systems for detecting malicious network traffic. With its interpretability and adaptability, our proposed model shows promise in addressing the evolving cyber threat and fortifying critical network infrastructure. The experimental results demonstrate that our model performs with higher stability than the existing state-of-the-art detection approaches, as reflected by its higher accuracy, precision, recall, F1-score, and AUC-ROC.

Decentralized Integrity: Blockchain-Based Frameworks for Enhancing Software Update Security

This article examines the application of blockchain technology as a solution for secure and transparent software update distribution. As cyber threats evolve, traditional centralized update mechanisms face increasing vulnerabilities to tampering and unauthorized modifications. We propose a blockchain-based framework that leverages distributed ledger technology to create an immutable, decentralized environment for software updates. Our article demonstrates how this approach can eliminate single points of failure, ensure update integrity through cryptographic signing and network-wide verification, and enhance transparency in the update process. We discuss the system architecture, including update creation, distribution, and verification mechanisms, and evaluate its integration with existing software ecosystems. While acknowledging challenges such as scalability and implementation costs, we argue that blockchain-based solutions significantly advance securing software distribution. Our findings suggest that this approach has the potential to become a standard practice in the industry, substantially improving trust and reliability in software update systems. This article contributes to the growing body of research on blockchain applications in cybersecurity and provides insights for future developments in secure software distribution methods.

Opportunities and Challenges of Intelligent Computer Network Configuration and Security with its Technologies

This paper explores the dual aspects of opportunities and challenges posed by intelligent computer network configuration and security, highlighting the role of emerging technologies while emphasizing the need for robust strategies to address the accompanying risks. Intelligent network configuration utilizes technologies like artificial intelligence (AI), machine learning (ML) and software-defined networking (SDN) to automate and optimize network management. This automation enhances efficiency, scalability and adaptability, allowing networks to respond dynamically to traffic patterns and emerging threats. AI-powered security mechanisms further bolster defenses against sophisticated cyberattacks by enabling real-time monitoring, threat detection and proactive mitigation strategies. However, alongside these opportunities come challenges. Implementing intelligent technologies requires addressing issues like system complexity, interoperability and the need for continuous updates to handle evolving cyber threats. Additionally, privacy concerns, the integration of legacy systems and ensuring compliance with regulatory standards are key hurdles in adopting these technologies

Proactive strategies to mitigate emerging cybersecurity risks in IoT devices for smart homes

This work proposes strategies to mitigate emerging risks in smart Internet of Things (IoT) devices within homes. With the significant increase in these devices, cybersecurity became a primary concern. Therefore, this study focused on identifying potential risks and vulnerabilities, using surveys to assess current security practices and knowledge about protective measures among other aspects related to cybersecurity. Based on these results, recommendations were made for users, to strengthen security in their IoT devices and promote good practices to create a safer and more protected home environment against possible cyber threats.

Enhancing Cybersecurity: Ransomware Detection - A Proof of Concept Study

Presently, our digital landscape faces a pervasive onslaught of diverse cyber threats, encompassing distributed denial of service (DDoS), phishing, ransomware, and smishing, all orchestrated with malicious intent. Counteracting these malicious incursions poses a formidable challenge, particularly in devising efficacious detection solutions. Ransomware incidents are on the ascent, particularly within critical sectors such as healthcare, finance, and telecommunications. Consequently, this paper introduces a proof of concept (POC) aimed at detecting ransomware activities targeting Internet of Medical Things (IoMT) devices. The primary objective of this paper revolves around the identification and evaluation of factors correlating with ransomware attacks on IoMT and then developing a ransomware detector. The experimental framework involves the utilization of a simulated environment mirroring real-world IoMT devices and networks. The methodology integrates diverse approaches, encompassing data collection from IoMT devices, analysis of ransomware behaviour through the study of encryption patterns, and anomaly detection. The POC assesses the efficacy of these methodologies in detecting and responding to ransomware threats, with the experimentation conducted through hybrid analysis within a controlled laboratory setting. The dataset consists of 13 families with a total malware of 9251 taken from GitHub. For POC, a total of 3459 ransomware dataset samples have been selected. As a result of the experiment, thirteen (13) distinct features have been identified as trigger factors for ransomware attacks. These features are obtained by capturing of the processes initiated by the ransomware samples using a process monitor (procmon). A temporal pattern of the processes which include the file system, API, and access based on their frequency of occurrence were used to develop a ransomware detection model. The proposed approach achieved an accuracy of 99.2% and an error rate of 0.8 %, when evaluated on temporal pattern dataset and by using an enhanced artificial neural network (EANN).

Addressing cybersecurity challenges in robotics: A comprehensive overview

As robotics technology becomes increasingly integrated into various sectors, ensuring the cybersecurity of robotic systems is paramount. This article provides an in-depth exploration of the cybersecurity challenges confronting robotics and offers strategies to address these concerns. With the growing connectivity and networking capabilities of robots, vulnerabilities such as unauthorized access, data breaches, and network attacks are significant threats [1]. Protecting sensitive data collected and processed by robots is crucial to preserving privacy and trust. Remote access features, while enhancing operational flexibility, also pose security risks if not adequately secured. Weak authentication mechanisms and insecure interfaces could allow malicious actors to compromise robot functionality. Furthermore, robots are susceptible to malware and cyber-attacks, including viruses, worms, and ransomware. To mitigate these risks, a comprehensive approach is necessary, incorporating secure design principles, robust authentication mechanisms, encryption techniques, and cybersecurity training. Collaboration among industry stakeholders, researchers, policymakers, and cybersecurity experts is essential to develop resilient robotic systems capable of withstanding evolving cyber threats. This article underscores the importance of addressing cybersecurity challenges in robotics to ensure the safety and security of robotic deployments across diverse domains. As robotics technology evolves and becomes integral across various sectors, prioritizing cybersecurity [2] is crucial to protect these systems from unauthorized access, data breaches, and network attacks. The interconnected nature and remote access features of robots pose significant vulnerabilities. Comprehensive measures, including secure design, encryption, and cybersecurity training, are essential. Collaboration among industry stakeholders, researchers, policymakers, and cybersecurity experts is vital for developing resilient robotic systems. This article highlights the urgent need to address cybersecurity challenges to ensure the safety and integrity of robotic deployments.

RCLNet: an effective anomaly-based intrusion detection for securing the IoMT system.

The Internet of Medical Things (IoMT) has revolutionized healthcare with remote patient monitoring and real-time diagnosis, but securing patient data remains a critical challenge due to sophisticated cyber threats and the sensitivity of medical information. Traditional machine learning methods struggle to capture the complex patterns in IoMT data, and conventional intrusion detection systems often fail to identify unknown attacks, leading to high false positive rates and compromised patient data security. To address these issues, we propose RCLNet, an effective Anomaly-based Intrusion Detection System (A-IDS) for IoMT. RCLNet employs a multi-faceted approach, including Random Forest (RF) for feature selection, the integration of Convolutional Neural Networks (CNN) and Long Short-Term Memory (LSTM) models to enhance pattern recognition, and a Self-Adaptive Attention Layer Mechanism (SAALM) designed specifically for the unique challenges of IoMT. Additionally, RCLNet utilizes focal loss (FL) to manage imbalanced data distributions, a common challenge in IoMT datasets. Evaluation using the WUSTL-EHMS-2020 healthcare dataset demonstrates that RCLNet outperforms recent state-of-the-art methods, achieving a remarkable accuracy of 99.78%, highlighting its potential to significantly improve the security and confidentiality of patient data in IoMT healthcare systems.

THE ROLE OF THE EUROPEAN UNION IN ACHIEVING SUSTAINABLE DEVELOPMENT AT THE GLOBAL LEVEL

In the context of globalization and demographic change, states are currently more vulnerable to non-military, asymmetric, hybrid and cyber threats and threats from non-state actors. Russia's war on Ukraine, Hamas's military attack on Israel indicate the likelihood of armed aggression against the sovereignty and territorial integrity of the state in modern global conditions. In the introductory part of the paper, the author analyzes the notion of national security as the ability of states, taking into account global changes and development, to protect their own identity, survival and interests. Furthermore, the author analyzes the need to achieve Sustainable Development at the global level. In the final part of the paper, the author states that Investing in the common future with its closest neighbors is fundamental for the long-term political stability of the European Union itself. Therefore, the enlargement of the European Union is based on development programs aimed at achieving political stability, secure economic conditions, social cohesion and environmental sustainability. The content will be created based on the analysis of foreign literature and using electronic content. In preparing the content of the paper, the author will apply the general scientific methods: the descriptive method, the normative method, the comparative method and the content analysis method as a special scientific method.

Cybersecurity activities for education and curriculum design: A survey

Cyber threats are one of the main concerns in this growing technology epoch. To tackle this issue, highly skilled and motivated cybersecurity professionals are increasingly in demand to prevent, detect, respond to, or even mitigate the effects of such threats. However, the world faces a workforce shortage of qualified cybersecurity professionals and practitioners. To address this dilemma, several cybersecurity educational programs have been introduced, such as specialized cybersecurity courses in computer science graduate programs. With the increasing demand, different cybersecurity courses are introduced at the high school level, undergraduate computer science and information systems programs, and even at the government level. Due to the peculiar nature of cybersecurity, educational institutions face many issues when designing a curriculum or cybersecurity activities. In this paper, we study existing cybersecurity curriculum approaches and activities. We also present case studies on cybersecurity education around the globe.

Impact of Internet and mobile communication on cyber resilience: a multivariate adaptive regression spline modeling approach

The spread of broadband Internet and the availability of mobile communication services expand access to digital services for businesses and the public alike. However, at the same time, it aggravates the problem of ensuring digital space security, protection against cyber threats, and the fight against cybercrime. This research aims to calculate the index of a country's resilience to cyber-hacking for 143 countries, to divide these countries into groups based on this resilience (high, above-average, average, below-average, and low), compare these results with those obtained on the basis of National Cyber Security Index (NCSI), and to identify the impact of the Internet and mobile communication prevalence in a country on this level. The selection of the countries is based on the availability of statistical data for 2022 in the databases of the Surfshark VPN service, and the International Telecommunication Union. The integral index of a country's resilience to cyber-hacking is calculated through the multiplicative convolution (with weighted geometric mean) of the number of breached accounts, the Internet penetration probability (penetration into users’ data through the Internet), and the breach density per thousand users. The influence of active mobile broadband subscriptions (per 100 inhabitants), mobile broadband basket (% of Gross National Income Per Capita), mobile cellular subscriptions (per 100 inhabitants), and total fixed broadband subscriptions on the integral index of a country's resilience to cyber-hacking is investigated using multivariate adaptive regression spline. According to the calculations, France, Iceland, Montenegro, the United States, and the United Arab Emirates were the least resistant to cyber hacking in 2022. For countries with high, above-average, and below-average levels of resilience to cyber-hacking, the most relevant factor is the number of active mobile broadband subscriptions (per 100 inhabitants). For countries with an average level, it is total fixed broadband subscriptions.

SeCTIS: A framework to Secure CTI Sharing

The rise of IT-dependent operations in modern organizations has heightened their vulnerability to cyberattacks. Organizations are inadvertently enlarging their vulnerability to cyber threats by integrating more interconnected devices into their operations, which makes these threats both more sophisticated and more common. Consequently, organizations have been compelled to seek innovative approaches to mitigate the menaces inherent in their infrastructure. In response, considerable research efforts have been directed towards creating effective solutions for sharing Cyber Threat Intelligence (CTI). Current information-sharing methods lack privacy safeguards, leaving organizations vulnerable to proprietary and confidential data leaks. To tackle this problem, we designed a novel framework called SeCTIS (Secure Cyber Threat Intelligence Sharing), integrating Swarm Learning and Blockchain technologies to enable businesses to collaborate, preserving the privacy of their CTI data. Moreover, our approach provides a way to assess the data and model quality and the trustworthiness of all the participants leveraging some validators through Zero Knowledge Proofs. Extensive experimentation has confirmed the accuracy and performance of our framework. Furthermore, our detailed attack model analyzes its resistance to attacks that could impact data and model quality.

Real-time phishing URL detection framework using knowledge distilled ELECTRA

The rise of cyber threats, particularly URL-based phishing attacks, has tarnished the digital age despite its unparalleled access to information. These attacks often deceive users into disclosing confidential information by redirecting them to fraudulent websites. Existing browser-based methods, predominantly relying on blacklist approaches, have failed to effectively detect phishing attacks. To counteract this issue, we propose a novel system that integrates a deep learning model with a user-centric Chrome browser extension to detect and alert users about potential phishing URLs instantly. Our approach introduces a Knowledge Distilled ELECTRA model for URL detection and achieves remarkable performance metrics of 99.74% accuracy and a 99.43% F1-score on a diverse dataset of 450,176 URLs. Coupled with the browser extension, our system provides real-time feedback, empowering users to make informed decisions about the websites they visit. Additionally, we incorporate a user feedback loop for continuous model enhancement. This work sets a precedent by offering a seamless, robust, and efficient solution to mitigate phishing threats for internet users.

Simulation-Based Evaluation of Advanced Threat Detection and Response in Financial Industry Networks Using Zero Trust and Blockchain Technology

The financial sector is increasingly facing advanced cyber threats, necessitating a shift from traditional security measures to more dynamic frameworks. This study presents a novel integration of Zero Trust architecture with hybrid access control system and blockchain technology to enhance security in financial institutions. Zero Trust enforces continuous authentication and dynamic access controls, while blockchain secures digital identities and transaction logs through its immutable ledger, ensuring data integrity and non-repudiation. The proposed framework, evaluated using OMNeT++ simulations enhanced by Ethereum-Ganache, shows improved detection accuracy, reduced false positives, and increased resistance to insider threats and other attacks. It also strengthens compliance with regulatory requirements through robust audit trails, providing enhanced protection for sensitive financial data.

Hypothesis Generation Model for Cyber Threat Hunting

Hypothesis Generation Model for Cyber Threat Hunting

Towards Superior Android Ransomware Detection: An Ensemble Machine Learning Perspective

Ransomware remains a pervasive threat to Android devices, with its ability to encrypt critical data and demand ransoms causing significant disruptions to users and organizations alike. This research proposes a novel ensemble-based machine learning approach for the detection of Android ransomware, leveraging the strengths of multiple classifiers to enhance detection accuracy and robustness. Utilizing a comprehensive dataset comprising 203,556 network traffic records across 10 distinct ransomware types and benign traffic, we meticulously preprocess and feature-engineer the data to ensure optimal model performance. The methodology integrates various ensemble classifiers, evaluating each through rigorous cross-validation. Feature importance analysis using Random Forest identifies key indicators of ransomware activity, enabling us to refine our models and focus on the most predictive features. The results demonstrate that the ensemble models, particularly Bagging, achieve near-perfect detection rates, with precision, recall, and F1 scores consistently exceeding 99% for different binary attacks and multi-class classification. Finally, in-depth statistical analysis further validates the superiority of our approach, showcasing significant improvements over traditional machine learning methods. This research sets a new benchmark for Android ransomware detection, offering a robust, scalable, and highly accurate solution that enhances the security and resilience of mobile networks against evolving cyber threats.

Preface

Remote sensing technology and global positioning system (GPS), as the two pillars of modern space information technology, are changing the way we perceive and manage the Earth at an unprecedented speed. In order to promote academic exchanges and cooperation in this field, and to promote the transformation of scientific research and academic achievements, the 2024 International Conference on Remote Sensing and Global Positioning Algorithm (RSGPA 2024) was successfully held from June 28th to 30th, 2024 in Beijing, China via virtual form. The conference not only focused on the latest achievements of remote sensing mapping technology, but also discussed in depth the innovation and application of global positioning algorithms, aiming at promoting the transformation of scientific research and academic achievements through experience sharing and wisdom collision, promoting the gathering of talents, technology and capital, and injecting new kinetic energy into the development of related fields. It attracted a number of paper submissions related to remote sensing technology and global positioning system, and featured a variety of research directions, including Remote Sensing Mapping, Positioning Algorithms, AI-Assisted Localization, Hyperspectral Image Processing, Optical Remote Sensing, Microwave Remote Sensing, Remote Sensing Information Engineering, Image Processing Techniques, Geospatial Data Modeling and so on. The conference’s agenda covered a wide range of topics and presentations, mainly falling into keynote speeches, oral presentations, poster presentations, and academic discussion. Keynote speakers shared their latest research results and innovative ideas in the fields of remote sensing technology and global positioning system and their relevant domains, providing participants with valuable academic resources and inspiration. Professor Tao Chen (China University of Geosciences, Wuhan) talked about landslide recognition based on deep learning; Professor Muhammad Bilal (Henan Polytechnic University) presented a novel method for aerosol retrievals from multisensor remote sensing data over urban areas; Professor Kannimuthu Subramaniyam (Karpagam College of Engineering) illuminated the advancements and challenges in utilizing machine learning for cyber threat detection and mitigation. By fostering an environment of academic exchange and collaboration, RSGPA 2024 promoted the exploration of new ideas, the formation of partnerships, and the dissemination of research findings, ultimately contributing to the advancement of remote sensing and positioning technologies. All of the submissions received from the conference were exhaustively reviewed by the program committee members and peer-reviewers, who took into account the breadth and depth of the research topics that fall under the scope of RSGPA. The most promising contributions have been selected for inclusion in this Proceedings, which present innovative original ideas or results of general significance supported by clear and rigorous reasoning and compelling new evidence, as well as methods. This Proceedings not only provides participants with valuable academic resources, but also provides important references and insights for researchers in related fields. We would like to acknowledge all the speakers, authors, supporters, committee members and anonymous reviewers for their efforts in making RSGPA 2024 a complete success. We’d also appreciate the support from the staff of Journal of Physics: Conference Series for making this Proceedings published. The Committee of RSGPA 2024 List of Committee Member is available in this pdf.

TIMFuser: A Multi-granular fusion framework for cyber threat intelligence

Cyber attack campaigns with multiple technical variants are becoming increasingly sophisticated and diverse, posing great threats to institutions and every individual. Cyber Threat Intelligence (CTI) offers a novel technical solution to transition from passive to active defense against cyber attacks. To counter these attacks, security practitioners need to condense CTIs from extensive CTI sources, primarily in the form of unstructured CTI reports. Unstructured CTI reports provide detailed threat information and describe multi-step attack behaviors, which are essential for uncovering complete attack scenarios. Nevertheless, automatic analysis of unstructured CTI reports is challenging. Furthermore, manual analysis is often limited to a few CTI sources. In this paper, we propose a multi-granular fusion framework for CTIs from massive CTI sources, comprising a comprehensive pipeline with six subtasks. Many current CTI extraction systems are limited by mining intelligence from a single source, thereby leading to challenges such as producing a fragmented view of attack campaigns and lower value density. We fuse the attack behaviors and attack techniques of the attack campaigns using innovative and improved multi-granular fusion methods and offer a comprehensive view of the attack. TIMFuser fills a critical gap in the automated analysis and fusion of multi-source CTIs, especially in the multi-granularity aspect. In our evaluation of 739 real-world CTI reports from 542 sources, experimental results demonstrate that TIMFuser can enable security analysts to obtain a complete view of real-world attack campaigns, in terms of fused attack behaviors and attack techniques.

Cybersecurity in a Scalable Smart City Framework Using Blockchain and Federated Learning for Internet of Things (IoT)

Smart cities increasingly rely on the Internet of Things (IoT) to enhance infrastructure and public services. However, many existing IoT frameworks face challenges related to security, privacy, scalability, efficiency, and low latency. This paper introduces the Blockchain and Federated Learning for IoT (BFLIoT) framework as a solution to these issues. In the proposed method, the framework first collects real-time data, such as traffic flow and environmental conditions, then normalizes, encrypts, and securely stores it on a blockchain to ensure tamper-proof data management. In the second phase, the Data Authorization Center (DAC) uses advanced cryptographic techniques to manage secure data access and control through key generation. Additionally, edge computing devices process data locally, reducing the load on central servers, while federated learning enables distributed model training, ensuring data privacy. This approach provides a scalable, secure, efficient, and low-latency solution for IoT applications in smart cities. A comprehensive security proof demonstrates BFLIoT’s resilience against advanced cyber threats, while performance simulations validate its effectiveness, showing significant improvements in throughput, reliability, energy efficiency, and reduced delay for smart city applications.

Scientometric analysis of global cyber security research output based on Web of Science

Objective. This study aims to analyze global cyber security research using various scientometric indicators for 25 years, from 1999 to 2023. Design/Methodology/Approach. The study used the Web of Science international citation database to retrieve a total of 5,640 records. The records were extracted in the CSV file format and further analyzed using an MS-Excel spreadsheet, VosViewer, and Biblioshiny software. Findings. The findings revealed that a 300% annual growth rate was recorded for the publications in 2002. The USA emerged as the top contributor (31.15%) among the countries. The authors affiliated with the State University System of Florida have more publications (107 contributions). Authors Lingfeng Wang of the University of Wisconsin-Milwaukee and Kim-Kwang Raymond Choo of the University of Texas at San Antonio have contributed the equal and highest number of (21) papers. Originality/Value. Cyber security research helps to guardian the individual or nation’s digital sovereignty, protecting it against sophisticated cyber threats and potential attacks. The discipline has become the subject of global research. This study helps cyber security experts, software or web developers, and researchers identify the primary research evidence and its impact on the research community and policymakers for evidence-based policymaking to combat invisible global threats.

Assessing student readiness for mobile learning from a cybersecurity perspective

This research aims to measure student readiness in implementing mobile learning from a cybersecurity perspective. Using a quantitative method with a survey approach, the participants in this research were 150 students of the electrical engineering study program at Padang State University in Indonesia, who were randomly stratified to ensure a balanced representation of the academic year. The research is an online objective test related to cybersecurity topics. The data analysis technique used is quantitative descriptive. The analysis results show that system updates are the only indicator with a “good” awareness level, while other indicators are at the “sufficient” and “poor” levels, indicating the need for further improvement. These findings underscore the importance of integrating cyber security education in mobile learning curricula to increase student readiness to face evolving cyber threats. Thus, this research recommends developing specific training programs and adding comprehensive cybersecurity material to the curriculum to equip students with the skills necessary to maintain cybersecurity effectively.