Cybersecurity Architecture Research Articles

Building a Scientific Foundation for Security: Multilayer Network Model Insights for System Security Engineering

AbstractTo help incorporate security into INCOSE's Systems Engineering Vision 2035, the INCOSE systems security engineering working group endorses a paradigmatic shift to reframe systems security as trustworthy, loss‐driven, and capabilities‐based. Similar research out of Sandia National Laboratories has explored cutting‐edge approaches to systems security for national security applications. Together, these efforts highlight the need for—‐and a path toward—‐a scientific foundation for security. Leveraging underlying tenets of systems theory, observed security heuristics, and the concepts emerging from INCOSE's SSE working helps triangulate a set of “first principles” as part of a scientific foundation for security as an emergent systems property that incorporates traditional physical security designs, cyber security architectures, and personnel security programs—‐as well as the (often ignored) interactions between them. These first principles, in turn, are the basis for a set of derived systems security performance axioms that support current INCOSE SSE working efforts. We have demonstrated this approach's logic and designability with a multilayer network model‐based approach for systems security. The structure of this scientific foundation for security offers additional, innovative opportunities to achieve desired levels of trustworthiness, creative mechanisms to meet needs, innovative loss‐driven approaches, and enhanced capabilities—‐all aimed at producing more efficient and effective systems security solutions against current and emerging threats, uncertainties, and complexities.

Assessment of Cybersecurity in Industry 4.0 using Delphi-Based Factor Relationships and Comprehensive Distance-Based Ranking Methods under Uncertainty

Industry 4.0 is a new revolution in which internet connection technologies are interfaced with various components of industrial systems to create the smart factories and manufacturing organizations of the future to achieve a sustainable manufacturing framework. A large number of networked devices presents a significant chance to gather important data for improving the technology of decision-making to enhance product life-cycle management. Industry 4.0 technologies will face significant challenges and obstacles due to the cybersecurity and data privacy problems suffered by current Internet technology. In actuality, cybersecurity poses an important challenge to the advancement of sustainable manufacturing. Cybersecurity architectures are widely employed to prevent intrusions and attacks on computers and networks. As a result, there is a major decrease in the adoption of Industry 4.0 technologies and the sustainable manufacturing framework within organizations. To achieve the implementation of this sustainable manufacturing in companies we suggested five cybersecurity measures and six criteria. The proposed decision-making method aims to rank the cybersecurity procedures. The ranking of these measures used a combination of Delphi-FARE (factor relationship) and COBRA (comprehensive distance-based ranking) methods based on a neutrosophic environment. The result showed that alternative one “Data Encryptions” is the best one, and alternative five “Cloud Servers” is the worst one. We conducted a sensitivity and comparison analysis to verify the stability of the model and its performance with other models and demonstrated impressive results.

Code of silence: cyber security strategies for combating deepfake disinformation

At a time when deepfake technology is extensively employed, this study explores the serious problems produced by deepfake misinformation and recommends a comprehensive cyber security architecture to lessen its effects. Deepfakes are a serious threat to the authenticity of digital information because they use sophisticated artificial intelligence algorithms that have outlived their original novelty. This study examines the psychological effects of manipulated media, sheds light on the intricacies of creating deepfakes, and examines actual incidents that highlight the pervasive effects of deepfake misinformation. Our suggested cyber security plans include cutting-edge detection algorithms, blockchain technologies and extensive outreach programmes. Through promoting a shared dedication to openness and truth, symbolised by the figurative ‘code of silence’, this study seeks to strengthen the digital environment against the ubiquitous impact of misleading content, thereby adding to the larger conversation about preserving authenticity and trust in an increasingly digital age.

An Analysis of Cybersecurity Architectures

The 4th Industrial Revolution has increased high-capacity connectivity, new human-machine interactions largely with IoTs and smart devices. This digital revolution offers incredible conveniences such as the ability for users to access volumes of data, governments can address social challenges, connect remote villages in the country, and more. Once secluded systems are now connected and sharing information. This connectedness also poses some inconveniences as well, whenever a device joins the Internet, it becomes publicly discovered. Once these devices are discovered, they become open to cyberattacks. Cybersecurity has become a crucial part of daily life as cyberattacks have increased over time and have become more and more severe. The challenge that cybersecurity consultants find is the difficulty of measuring cybersecurity efforts in organizations. Another challenge could be finding a cybersecurity architecture that is effective and can fit different situations. The main aim of this study was to develop a comprehensive cybersecurity architecture that can be used by cybersecurity consultants when measuring cybersecurity effectiveness. This study conducted an in-depth literature review on current cybersecurity architectures offered by national and international cybersecurity organizations. The identified cybersecurity architectures that have been developed by other organizations were translated, interpreted, compared, and synthesized and a new cybersecurity architecture is proposed. The proposed cybersecurity architecture has the NIST goals as a foundation and the CIA triad at the center. The proposed cybersecurity architecture has domains such as application and Systems security, Information security, Network security, End-point security, Critical Infrastructure security, Mobile security, Storage security, etc. The proposed cybersecurity architecture seeks to assist cybersecurity consultants in answering questions from executives such as: Are we secure? Are security investments delivering value to the business? What is our preparedness for a cyberattack?

Zero-Trust Architecture (ZTA): Designing an AI-Powered Cloud Security Framework for LLMs’ Black Box Problems

Businesses are becoming more interested in developing and testing Large Language Models (LLMs) in their own settings to support decision-making and growth as a result of the rapid emergence of AI and cloud computing. Here’s the dilemma, though: to what extent do you believe these models and the data they were trained on? We don’t know the feature list of an LLM, which presents the first obstacle when discussing trust and the reasons why there should be zero trust. Although it may seem a bit extreme, this is accurate for two reasons. When it comes to GenAI models nowadays, the more multimodal and more capabilities they have, the better. This way of thinking is great for exploring and confirming if GenAI can address a business problem, but it’s a surefire way to run into trouble when attempting to put things into production in an organizational setting. An enterprise cybersecurity architecture known as a zero-trust architecture (ZTA) is built on the ideas of zero trust and is intended to stop data breaches, enhance privacy, and restrict internal lateral movement. This article discusses ZTA, its logical aspects, probable deployment scenarios, AI rules, threats and limitations in order to provide a detailed understanding of why enterprises must adapt a ZTA framework in a cloud-based environment for AI model deployment.

A zero-trust journey through the threat landscape

Zero trust is being widely adopted as a fundamental concept in cyber security architectures, and its implementation has accelerated due to so many organisations introducing new working practices. But creating a zero-trust environment is not simple, and requires a shift in mindset away from thinking about security in terms of fixed lines of defence. And it's not just a change in technology – it requires you to look deeply at your processes and corporate culture, too. So what are the best ways of embarking on the zero-trust journey?

A Conceptual Architecture Design - Building Cyber Security Architecture for Industrial Control Systems Networks and for Critical Infrastructures

A Conceptual Architecture Design - Building Cyber Security Architecture for Industrial Control Systems Networks and for Critical Infrastructures

ML-based Intrusion Detection for Drone IoT Security

The integration of drones into various industries brings about cybersecurity challenges due to their reliance on internet connectivity. To address this, we propose a comprehensive cybersecurity architecture leveraging machine learning (ML) algorithms and Internet of Things (IoT) technologies within the Internet of Drones (IoD) framework. Our architecture employs IoT-enabled sensors strategically placed across the drone ecosystem to collect and analyze data on system behaviors, communication patterns, and environmental variables. This data is then processed by a centralized platform equipped with sophisticated ML algorithms for pattern identification and anomaly detection. A key feature is the dynamic learning mechanism, enabling real-time intrusion detection by adapting to evolving threats. By combining IoT and ML, the system proactively defends against cyberattacks by distinguishing between typical and abnormal activity. Emphasis is placed on data integrity and confidentiality through secure communication protocols and cryptographic algorithms. Extensive simulations and tests validate the framework's effectiveness in various IoD scenarios, demonstrating its ability to swiftly identify intrusions and informing future enhancements. This comprehensive study meticulously examines the pressing cybersecurity concerns within the burgeoning drone industry. It proposes a robust architectural framework designed to enhance security for drone-enabled applications in our increasingly interconnected world. By harnessing the synergies between Internet of Things (IoT) and Machine Learning (ML) technologies, this innovative approach aims to fortify the integrity and reliability of drone systems.

Securing IoT networks: A fog-based framework for malicious device detection

Ensuring device security is a significant obstacle to effectively implementing the Internet of Things (IoT) and fog computing in today's Information Technology (IT) landscape. Researchers and IT firms have investigated many strategies to safeguard systems against unauthorized device assaults, often known as outside device assaults. Cyber-attacks and data thefts have significantly risen in many corporations, organizations, and sectors due to exploiting vulnerabilities in safeguarding IoT gadgets. The rise in the variety of IoT gadgets and their diverse protocols has increased zero-day assaults. Deep Learning (DL) is very effective in big data and cyber-security. Implementing a DL-based Gated Recurrent Unit (GRU) on IoT devices with constrained resources is unfeasible due to the need for substantial computational power and robust storage capacities. This study introduces an IoT-based Malicious Device Detection (IoT-MDD) that is dispersed, resilient, and has a high detecting rate for identifying various IoT cyber-attacks using deep learning. The suggested design incorporates an Intrusion Detection System (IDS) on fog nodes because of its decentralized structure, substantial processing capabilities, and proximity to edge gadgets. Tests demonstrate that the IoT-MDD model surpasses the performance of the other models. The study found that the cybersecurity architecture effectively detects malicious gadgets and decreases the percentage of false IDS alarms.

Cyber Security Architecture for General Election in India

Cyber Security Architecture for General Election in India

Reducing complexity in cyber security architecture: A practical model for security classifications

Building and running cyber security in both worlds, modern cloud security in combination with legacy on premises, introduces extra complexity. Some of the well-known security patterns and models are not applicable in cloud systems, while modern security models like zero trust (ZT) barely fit into legacy systems. Security technologies and tools are the subject of constant enhancements and adaptions to their environment. They can make security decisions on a very fine-grained basis. The corresponding rule sets and policies are becoming more and more decentralised, detailed and complex. Introducing modern security models such as ZT or micro-perimeter enforces the effect. The overall situation makes it hard for the responsible person to control the cyber security situation and the staff operating cyber security systems and technologies. Both are overwhelmed by the mass of fine-grained, fragmented and distributed security workloads. This paper introduces a practical model for security classifications in cyber security environments. The main goal of the model is to reduce complexity and keep cyber environments manageable. The model delivers not only a cyber risk classification regarding a single business application but works as an integrated view over risks for complete cyber environments.

Self-Aware Cybersecurity Architecture for Autonomous Vehicles: Security through System-Level Accountability.

The inherent dynamism of recent technological advancements in intelligent vehicles has seen multitudes of noteworthy security concerns regarding interactions and data. As future mobility embraces the concept of vehicles-to-everything, it exacerbates security complexities and challenges concerning dynamism, adaptiveness, and self-awareness. It calls for a transition from security measures relying on static approaches and implementations. Therefore, to address this transition, this work proposes a hierarchical self-aware security architecture that effectively establishes accountability at the system level and further illustrates why such a proposed security architecture is relevant to intelligent vehicles. The article provides (1) a comprehensive understanding of the self-aware security concept, with emphasis on its hierarchical security architecture that enables system-level accountability, and (2) a deep dive into each layer supported by algorithms and a security-specific in-vehicle black box with external virtual security operation center (VSOC) interactions. In contrast to the present in-vehicle security measures, this architecture introduces characteristics and properties that enact self-awareness through system-level accountability. It implements hierarchical layers that enable real-time monitoring, analysis, decision-making, and in-vehicle and remote site integration regarding security-related decisions and activities.

Comprehensive cyber security for port and harbor ecosystems

Global maritime transportation and logistics systems are essential parts of critical infrastructures in every society, and a crucial part of maritime logistics processes are seaports. In the coming years, digitalization and increased levels of autonomy in logistic transport chains are expected to take leaps forward. This development can help create safer, more efficient, more sustainable, and more reliable service chains to meet the requirements for a better quality of life and global prosperity. Port and harbor operations connect the maritime transport to other modes of transportation and enable multimodal transportation. Smart ports play a central role in future transport logistics and supply chains. Digitalization helps improve the efficiency of terminal systems in the processes of these ports. In the best cases, digitalization can also promote the reduction of emissions by optimizing port operations and enhancing cargo and people flows while improving the experience for all stakeholders. The improvement of port processes relies on the development of information and communication technology (ICT) as well as on industrial control systems (ICS) and operation technologies (OT). At the same time, the cyber security of maritime logistics also needs to be addressed. This article presents our findings related to the Sea4Value research goal on cyber security, which is a comprehensive cyber security architecture for port services at the system level. The article emphasizes the importance of a system of systems approach in terms of a comprehensive cyber security management process for port ecosystems. The description and recognition of management steps of every stakeholder are the key elements in this kind of process.

Ethical Hacking and Penetration Testing: Securing Digital Assets and Networks

As technology evolves, so does the possibility of assaults on digital assets and networks. In reaction to this growing threat, ethical hacking and penetration testing have developed as key strategies for ensuring enterprises' cybersecurity. Ethical hacking, often known as penetration testing, is the process of attempting to uncover weaknesses in computer systems, applications, and networks with the help of authorized individuals. The relevance of ethical hacking and penetration testing as vital components of a complete cybersecurity architecture are examined in this research study. The presentation begins with an overview of ethical hacking and penetration testing, separating ethical hackers from malevolent hackers and emphasizing the importance of authorized security assessments. The ethical issues and legal elements of ethical hacking operations are studied, with an emphasis on adherence to ethical norms and regulatory frameworks. The study focuses light on the critical role professional hackers perform in identifying possible gaps and establishing security against cyberattacks by digging into their legal responsibilities and duties. Furthermore, the study examines the benefits and drawbacks of ethical hacking, as well as its possible problems and ethical issues concerning hacking activities. Considering the growing cybersecurity landscape and the increasing need for comprehensive cyber threat safety, the consequences of the future of ethical hacking are anticipated

A Holistic Approach to Build a Defensible Cybersecurity Architecture for New Space Missions

A Holistic Approach to Build a Defensible Cybersecurity Architecture for New Space Missions

Assessment of Cyber Security risks: A Smart Terminal Process

In Finland, the connections to global maritime transportation logistics systems are an essential part of the national critical infrastructure. As a part of maritime logistics systems, the port's operations are important elements for global maritime traffic and the transportation supply chain. Digitalization of seaport services makes it possible to increase the efficiency of terminal systems in the logistic processes. At the same time, port logistic processes can notably reduce its CO2 emissions by optimizing port operations. The improvement of port processes relies very much on the development of Information and Communication Technology (ICT) and Industrial Control Systems (ICS) or Operation Technologies (OT) systems. In port environment there are parts that are controlled (ICS/OT) from the cyber environment but directly interact with the physical surroundings. These are called Cyber-Physical Systems (CPS). In this environment, the cyber security aspects of the port logistic need to be addressed. In Finland, the Port SMARTER research program has been on the way since 2021. The aim of the program is to create port services within new technology solutions, and that way improve cargo and people flows while improving the experience for all stakeholders. However, this development increase also complicated system dimensions in the use of ports and makes port operations complex systems of systems environment characterized by a conglomeration of interconnected networks and dependencies. This paper describes a practical approach to risk assessment work regarding the SMARTER research case. It provides a comprehensive cyber security investigation approach to port operations at the system level. In risk assessment work, the paper emphasizes the importation of description of probabilities to defend the system element against estimated probabilities of cyber-attacks at all parts of port processes. The findings of the study are related to the comprehensive cyber security architecture of the SMARTER research goals. The following research interests are related to the issue: "How a comprehensive cyber security investigation can be conducted in smart ports operations?” This paper emphasizes cyber security risks assessment work should be covered from services for operation, information flows in and between systems, as well as electricity supplies to achieve holistic risks assessment in the smart terminal process.

Recommender Systems in Cybersecurity

With the growth of CyberTerrorism, enterprises worldwide have been struggling to stop intruders from obtaining private data. Despite the efforts made by Cybersecurity experts, the shortage of skillful security teams and the usage of intelligent attacks have slowed down the enhancement of defense mechanisms. Furthermore, the pandemic in 2020 forced organizations to work in remote environments with poor security, leading to increased cyberattacks. One possible solution for these problems is the implementation of Recommender Systems to assist Cybersecurity human operators. Our goal is to survey the application of Recommender Systems in Cybersecurity architectures. These decision-support tools deal with information overload through filtering and prioritization methods, allowing businesses to increase revenue, achieve better user satisfaction, and make faster and more efficient decisions in various domains (e-commerce, healthcare, finance, and other fields). Several reports demonstrate the potential of using these recommendation structures to enhance the detection and prevention of cyberattacks and aid Cybersecurity experts in treating client incidents. This survey discusses several studies where Recommender Systems are implemented in Cybersecurity with encouraging results. One promising direction explored by the community is using Recommender Systems as attack predictors and navigation assistance tools. As contributions, we show the recent efforts in this area and summarize them in a table. Furthermore, we provide an in-depth analysis of potential research lines. For example, the inclusion of Recommender Systems in security information event management systems and security orchestration, automation, and response applications could decrease their complexity and information overload.

A novel smart multilevel security approach for secure data outsourcing in crisis.

The Interconnected Network or the Internet has revolutionized digital communications. It has expanded worldwide over the past four decades due to numerous features such as connectivity, transparency, hierarchy, and openness. Several drawbacks, including mobility, scalability, controllability, security, etc., have been presented due to continuous developments. Although several network paradigms exist to address such drawbacks, many issues still persist. This research proposed a future network paradigm that addresses multilevel security shortcomings. It suggested the following: (i) a two-router network-based cyber security architecture for multilevel data sharing; (ii) using a scheduler to deal with the multilevel transmitted packets scheduling problem; (iii) five algorithms for the studied difficult problem; and (iv) providing an experimental result to show the optimal results obtained by the developed algorithms and comparing it with algorithms in the literature. The experimental result shows that the random-grouped classification with shortest scheduling algorithm (RGS) performed the best at 37.7% with a gap of 0.03. This result proves the practicality of our approach in terms of two-machine scheduling problems.

A gradient-based approach for adversarial attack on deep learning-based network intrusion detection systems

Intrusion detection systems are an essential part of any cybersecurity architecture. These systems are critical in defending networks against a variety of security threats. In recent years, deep neural networks have proved their performance and efficiency in various machine learning tasks, including intrusion detection. However, it is shown that deep learning models are highly vulnerable to adversarial attacks. This paper proposes a new approach for performing an adversarial attack against deep learning-based malicious network activity classification. We use the Jacobian Saliency Map to find the best group of features, with different features and perturbation magnitude, to generate adversarial examples. We evaluate our method on three CIC-IDS2017, CIC-IDS2018, and CIC-DDoS2019 datasets. Our experiments show that our proposed method can achieve better performance while using fewer features in adversarial sample generation than other attacks that depend on a higher number of features. Our technique can generate adversarial samples for more than 18% of samples in CIC-IDS2017, 15% of samples in CIC-IDS2018, and 14% of samples in CIC-DDoS2019, using only three features and 0.1 as the perturbation magnitude. We do a deeper analysis of the attack based on its parameters, distance metrics, and the target model performance. Also, an evaluation model with three criteria, including success rates of the best feature sets, average confidence of the adversarial class, and adversarial samples transferability, is used in our analysis.

Basic Elements of Cyber Security for a Smart Terminal Process

Global maritime transportation and logistics systems are essential parts of critical infrastructures in every society, and a crucial part of maritime logistics processes are seaports. Digitalization helps improve the efficiency of terminal systems in the processes of these ports. In Finland this development is going on and it is called SMARTER research program. In the best cases, digitalization can also promote the reduction of emissions by optimizing port operations and enhancing cargo and people flows while improving the experience for all stakeholders. The improvement of port processes relies on the development of Information and Communication Technology (ICT) and as well as on Industrial Control Systems (ICS) or Operation Technologies (OT). At the same time, the cyber security aspects of maritime logistics also need to be addressed. In Finland, the SMARTER research program has been established to create port services by using, among other tools, Industry 4.0 solutions. As critical systems become more complicated in terms of users, processes and technology, the entire port infrastructure becomes a complex system of systems environment characterized by a conglomeration of interconnected networks and dependencies. ICT systems are significant parts of the operations and core processes, and are related to the administration and management of information in the network. The components of process levels include ICS/OT systems as well.This paper presents findings related to the SMARTER research goal on cyber security, which is a comprehensive cyber security architecture for port services at the system level. The paper emphasizes the importance of system description and recognizing basic system elements and their description in the first phase of the research process. The descriptions of these elements are needed to answer the following question at the beginning of the research: “What are the basic elements of cyber security for a smart terminal process?” The main elements identified in this paper are activities, the recognition of every stakeholder and the relationships between them, security dimensions, security capabilities, and system views of organizational criteria for cyber security in the SMARTER system. The solution can be called the Smart Port Cyber Security Management System (PortCSMS).
 Key words: maritime logistics, smart port, cyber security management, SMARTER