Cybersecurity Research Research Articles

Cybersecurity research from a management perspective: A systematic literature review and future research agenda

Firms continue to face increasing threats of financial and reputational damage from cybersecurity events. Despite increasing scholarly attention, our 25-year review of studies published in leading academic business journals demonstrates that extant research has generally examined antecedents (e.g., technological defenses), with more limited research focusing on managerial responses to or long-term performance outcomes from these events. Accordingly, we chronicle the current state of knowledge of these threats from a management (rather than from an information systems) perspective. We then highlight important future research opportunities for management scholars interested in developing or testing theory related to critical cybersecurity issues.

Did a USB drive disrupt a nuclear program? A Defense in Depth (DiD) teaching case

Defense in Depth (DiD) has become an industry buzzword. But practicing DiD is easier said than done. While cybersecurity researchers have predominantly focused on securing corporate networks, there remains a serious gap in endpoint-threat awareness. Yet endpoint threats were the progenitor of 68% of breaches and hacks in 2019 (Computers Nationwide, 2022), a vulnerability that increased during the COVID-19 lockdown with relaxed BYOD (Bring Your Own Device) policies, more IoTs, and cheaper and larger USB flash drives. This teaching case uses the 2009 Stuxnet attack on Iran’s nuclear facilities to exemplify how a single USB drive was used as an endpoint threat to disrupt a nuclear infrastructure, drawing attention to the need for and how to practice DiD to counter towering complexities ushered in burgeoning endpoints cyberattacks, from hacks to ransomware. The case shows the need for DiD to simultaneously pay heed toward physical, technical, and processual (administrative) measures to prevent, defend, and mitigate cyberattacks, from hacks to ransomware. The case and its teaching notes highlight the opportunities and challenges of practicing DiD for endpoints, from flash drives to IoTs.

NETWORK INTRUSION DETECTION USING HYBRID MACHINE LEARNING METHODS

Network intrusion detection is a relevant cybersecurity research field. The growing number of intrusions requires more sophisticated methods to protect computer networks. Various machine learning algorithms are used to detect network intrusions and anomalies, but their accuracy is limited. In this research, we address the problem of improving network-level intrusion detection by applying hybrid machine-learning algorithms. The paper proposes three new hybrid machine learning methods and investigates their accuracy using two publicly available datasets CSE-CIC-IDS2018 and NSW-NB-15. In order to increase the accuracy of the classification models, hyperparameter optimization was performed. The iteration method and the Chi-square χ2 test were used to identify significant features of the data set. Analyzing the research results, it was found that the highest network anomaly recognition accuracy of 99.34% was achieved by applying a hybrid algorithm consisting of a decision tree, naive Bayesian, and multilayer perceptron algorithms. Achieved result is 3.13% higher than the best accuracy achieved by individual machine learning algorithms. In order to comprehensively evaluate the studied machine learning algorithms and their suitability for detecting intrusions in a computer network, the algorithms were ranked using the SCR, DR, FR ranking methods.

Impact of Covid-19 Pandemic Circumstances on Cyber Hygiene of University Students

The covid-19 pandemic has motivated the cyber security research activities mainly at national and organizational level, but broader assessment of cyber security at individual level is undoubtedly lacking. Cyber security at individual level refers to humans and their personal cyber security practices that is called cyber hygiene. This study aims to evaluate the impact of the covid-19 pandemic circumstances on cyber hygiene outcomes, i.e., awareness, behavior, and knowledge. The intention was to estimate and compare the cyber hygiene of university students prior to and during the covid-19 pandemic. The results of the survey study indicate that covid-19 pandemic circumstances have caused the change of level of cyber hygiene awareness, behavior, and knowledge of university students. The covid-19 pandemic has improved all these cyber hygiene outcomes and that could be the consequence of intense use of digital space and mirroring of strict covid-19 pandemic protection measures. However, it is evident trend of cyber hygiene knowledge decline which coincides with covid-19 pandemic protection measures relaxation and less utilization of digital services. The findings of this study can be used to improve cyber hygiene worldwide and create a better extraordinary event response as digital space is expected to be increasingly used in future extraordinary circumstances.

Editorial special issue: Russian research in cybersecurity

Editorial special issue: Russian research in cybersecurity

Botnet DGA Domain Name Classification Using Transformer Network with Hybrid Embedding

One of the severest threats to cyber security is botnet, which typically uses domain names generated by Domain Generation Algorithms (DGAs) to communicate with their Command and Control (C&C) infrastructure. DGA detection and classification play an important role of assisting cyber security researchers to detect botnet C&C servers. However, many of the existing DGA detection models only focus on single scale word embedding method, and very few models are specially designed to extract more effective features for DGA detection from multiple scales word embedding. To alleviate above questions, first we propose a hybrid word embedding method, which combines character level embedding and bigram level embedding to make full use of the domain names information, and then, we design a deep neural network with hybrid embedding method to distinguish DGA domains from known legitimate domains. Finally, we evaluate our hybrid embedding method and the proposed model on ONIST dataset and compare our methods with several state-of-the-art DGA classification methods.

A Global Perspective of Cybersecurity Research: Publication Trends and Research Directions

Makale, Web of Science'ın veritabanında indekslenen siber güvenlik ve bilgi güvenliği araştırmalarının kapsamlı bir bibliyometrik analizini sunmaktadır. Siber güvenlik, son zamanların ilgi odağı olan popüler bir araştırma konusudur. Alandaki küresel araştırma verimliliğini ve gelişimini incelemek için 1980 ve 2021 yılları arasında yayınlanan 4252 makale R tabanlı Biblioshiny paket programı ile analiz edilmiştir. Siber güvenlik alanındaki yayınlanan araştırmalar yıllara göre giderek artan bir eğilim gösterirken bilgi güvenliği ile ilgili olan yayınlar giderek azalan bir eğim göstermiştir. Alanın kavramsal yapısı incelediğinde, son dönemin en dikkat çekici araştırma konuları “siber güvenlik farkındalığı” ve “siber fiziksel sistemler” olduğu bulunmuştur. Ek olarak alanın tematik ağ haritası incelendiğinde, bilgi güvenliği alanının sosyal boyutunu ifade eden bilgi güvenliği farkındalığı, bilgi güvenliği yönetimi, bilgi güvenliği politikaları, bilgi güvenliği kültürü gibi konularla daha çok çalışılmıştır. Siber güvenlik alanının teknik tarafını ifade eden yapay zeka, büyük veri, blokzincir, makine öğrenmesi ve derin öğrenme gibi konularla daha çok çalışıldığı ortaya çıkmıştır. Çalışmanın bulguları, araştırmacılara, bilgi teknolojisi uzmanlarına ve bilgi uzmanlarına, siber güvenlik alanındaki araştırma ilerlemesine ve yeni araştırma konularını belirlemede yardımcı olabileceği ön görülmektedir.

VitroBench: Manipulating in-vehicle networks and COTS ECUs on your bench: A comprehensive test platform for automotive cybersecurity research

With the increasing connectivity employed in automotive systems, remote cyber attacks have now become a possibility and concrete threat. Prior works on automotive cyber security solutions have primarily focused evaluation either on real cars or via emulations of electronic control units (ECUs). Evaluation on real cars offers limited flexibility in manoeuvring the packets communicated through in-vehicle network (IVN). Meanwhile, emulations of ECUs rely on assumptions that may not correspond to the exact features in an IVN.In this paper, we present VitroBench, a comprehensive test platform involving commercial off-the-shelf (COTS) ECUs that allows arbitrary packet control over IVN. In contrast to existing automotive testbed, an appealing feature of VitroBench is that it allows replication of driving use cases and scenarios directly on the testbed involving COTS ECUs. This, in turn, allows us to design and evaluate concrete attacks that are directly related to a driving scenario. We present the design of VitroBench that allows us to sniff, inject packets to and isolate targeted ECU via bridging. The isolation of ECUs also offers fuzzing the respective ECUs. We evaluate the capability of VitroBench via launching concrete attacks and demonstrating the impact of such attacks. We discuss the careful design choices involved in VitroBench that inspire automotive cybersecurity research in future.

DEFIA: Evaluate defense effectiveness by fusing behavior information of cyberattacks

The existing researches point to a lack of studies addressing the quantitative evaluation of the effectiveness of cyber defense. This difficult matter has been plaguing cyber security researchers and managers. This paper provides a quantitative method to evaluate defense effectiveness, called DEFIA. DEFIA records information about attack behavior in a formatted way and evaluates the defense effectiveness based on the utility of attack behaviors. By calculating the probability features of the attack behavior in the attack sample, the physical space structure of the attack behavior information is constructed. In particular, we define the utility calculation principle of attack behaviors and regard it as the benchmark for evaluating defensive capabilities. DEFIA can quantitatively assess the defense effectiveness of defense methods deployed in computer systems. We explain how the method works by simulating some real attack scenarios and based on the information provided by Virustotal to prove that DEFIA is reasonable and feasible.

CRGB_Mem: At the intersection of memory forensics and machine learning

Mobile malware’s alarming sophistication and pervasiveness have continued to draw the attention of many cybersecurity researchers. Particularly on the Android platform, malware trojans designed to steal user PIIs, crypto miners, ransomware, and on-device fraud continue to infiltrate the primary Google store market and other secondary markets. While much effort has been put in place by the research community and industry to curb this menace since 2012, malware authors have consistently found ways to circumvent the existing detection and prevention mechanisms. Largely this remains so because of the restrictiveness of the feature set used in building the current classification models. Thus, the overarching objective of this paper is to bridge the gap between static and dynamic analysis by exploring the use of in-memory artifacts generated from the concrete execution of Android apps for effective malware classification. Our proposed approach, called RGB_Mem trains RGB images generated from in-memory allocation patterns in a Convolutional Neural Network. The result of our classification algorithm achieved an accuracy of 95.98% for samples with known objects and 84.48% for samples with unknown features. These results indicate that artifacts recovered from post-mortem memory forensics can provide a new dimension for training Android malware classification. The post-execution features, which are not impeded by any obfuscation and hooking constraints, provide a more accurate characterization of an app and are, therefore more suitable for classification.

Reconfigurable Digital Twin to Support Research, Education, and Training in the Defense of Critical Infrastructure

A digital twin is a virtual system designed to reproduce the operation of a physical object. This work describes the architecture, deployment, and use of a reconfigurable digital twin to support research, education, and training in cybersecurity in the context of Industrial Control Systems.

Anomaly Based Intrusion Detection through Efficient Machine Learning Model

Machine learning is commonly utilised to construct an intrusion detection system (IDS) that automatically detects and classifies network intrusions and host-level threats. Malicious assaults change and occur in high numbers, needing a scalable solution. Cyber security researchers may use public malware databases for research and related work. No research has examined machine learning algorithm performance on publicly accessible datasets. Data and physical level security and analysis for Data protection have become more important as data volumes grow. IDSs collect and analyse data to identify system or network intrusions for data prevention. The amount, diversity, and speed of network data make data analysis to identify assaults challenging. IDS uses machine learning methods for precise and efficient development of data security mechanism. This work presented intrusion detection model using machine learning, which utilised feature extraction, feature selection and feature modelling for intrusion detection classifier.

A Deep-Learning-Based Approach to Keystroke-Injection Payload Generation

Investigation and detection of cybercrimes has been in the spotlight of cybersecurity research for as long as the topic has existed. Modern methods are required to keep up with the pace of the technology and toolset used to facilitate these crimes. Keystroke-injection attacks have been an issue due to the limitations of hardware and software up until recently. This paper presents comprehensive research on keystroke-injection payload generation that proposes the use of deep learning to bypass the security of keystroke-based authentication systems focusing on both fixed-text and free-text scenarios. In addition, it specifies the potential risks associated with keystroke-injection attacks. To ensure the legitimacy of the investigation, a model is proposed and implemented within this context. The results of the implemented implant model inside the keyboard indicate that deep learning can significantly improve the accuracy of keystroke dynamics recognition as well as help to generate effective payload from a locally collected dataset. The results demonstrate favorable accuracy rates, with reported performance of 93–96% for fixed-text scenarios and 75–92% for free-text. Accuracy across different text scenarios was achieved using a small dataset collected with the proposed implant model. This dataset enabled the generation of synthetic keystrokes directly within a low-computation-power device. This approach offers efficient and almost real-time keystroke replication. The results obtained show that the proposed model is sufficient not only to bypass the fixed-text keystroke dynamics system, but also to remotely control the victim’s device at the appropriate time. However, such a method poses high security risks when deploying adaptive keystroke injection with impersonated payload in real-world scenarios.

Developing Cybersecurity in an Industrial Environment by Using a Testbed Environment

Critical infrastructure protection requires a testing environment that allows the testing of different kinds of equipment, software, networks, and tools to develop vital functions of the critical industrial environment. Used electrical equipment must be reliable, capable and maintain a stable critical industrial ecosystem. An industrial business needs to develop cybersecurity capabilities that detect and prevent IT/ICT and OT/ICS threats in an industrial environment. The emerging trend has been to create security operations center (SOC) services to detect ICS-related threats in enterprise networks. The energy supply sector must consist of crucial elements for safe business continuity and supply chain management in the industrial sector. Threats have changed into a combination of threat types. Hybrid threats may prevent everyday industrial activities, processes, and procedures so that supply chain problems may become long-lasting and affects business continuity management. The project CSG belongs to the (Cybersecurity governance of operational technology in the sector connected smart energy) research project consortium of Business Finland’s Digital Trust Programme. The first research paper regarding the CSG (Cyber Security Governance) project concentrates on the applied theory background of this project. The research provides a research approach for investigating cyber security at the operational and technical levels. It answers the questions of where to concentrate on OT-related cyber security research and how we aim to deploy a testbed to develop a governance model in the CSG project. The study's primary purpose is to describe the operating OT-SOC environment and analyze system requirements for optimizing situational awareness in the testbed environment.

Cyberspace Geography and Cyber Terrain: Challenges Producing a Universal map of Cyberspace

Much in the same way that cyber has become the fifth military domain, cyberspace has also brought forth the research area of Cyberspace Geography. The challenge of producing a universal map of cyberspace however still exists. Cybersecurity specialists, military personnel and researchers still begin with a blank sheet on which the wanted elements of cyberspace are arranged before solving their actual problem. The abundance of elements in cyberspace requires a careful selection of factors to include in one's map, depending on how it will be used. However, a complex and ever-changing environment such as cyberspace could make use of a generally acknowledged starting point, facilitating this work. In previous research cyberspace has been described as a combination of the physical world, the social world and the information world. The multidisciplinary research in Cyberspace Geography has developed models for mapping and displaying cyberspace. This is often done by creating topological maps, much like the map of the New York subway system. Military cybersecurity researchers have through the concept of Cyber Terrain presented similar models of cyberspace for military operations. Research has also been produced on the techniques and methods for mapping cyberspace as well as the different presentations of the mapped information. Graph theory has for instance been used as a mathematical model of cyberspace. It is nonetheless unclear if there is some degree of universality in the elements that the different research presents. Which are e.g. the similar features between the cyberspace maps that are used for military operations, that describe the cyber environment of a country or between the elements used for modelling a cybersecurity system? This paper aims to present a solution to this challenge by systematically reviewing the research on Cyberspace Geography and Cyber Terrain using thematic analysis. The different elements of the maps of cyberspace are reviewed. The research will answer if a universal map, that can be used as a starting point for solving multiple challenges in cyberspace, can at present be prepared.

Advancements in the Clinical Outcomes of Functional Neurosurgery With Deep Brain Stimulation for Movement Disorders: A Literature Review.

This literature review explores recent advancements in deep brain stimulation (DBS) surgery for movement disorders. It highlights notable improvements, including closed-loop stimulation techniques, optogenetics, and improved surgical targeting. Positive clinical outcomes with low complication rates and improved motor symptoms are consistently reported. The review emphasizes the importance of minimizing risks through meticulous surgical practices and discussespotentialcomplications associated with DBS surgery. Future prospects focus on enhancing technology, refining surgical techniques, and conducting further research. Closed-loop stimulation optimizes DBS efficacy by tailoring stimulation parameters to individual patient needs. Optogenetics offers precise modulation of neural activity with light-sensitive proteins, enabling more targeted treatments. Cybersecurity measures are essential due to the integration of wireless and digital technologies in DBS systems. DBS surgery has significantly improved the management of movement disorders with its safety and effectiveness. Ongoing research in closed-loop stimulation, optogenetics, and cybersecurity is expected to further enhance DBS technology and outcomes, benefiting patients with treatment-resistant movement disorders.

A Study on Security Requirements of Shipboard Combat System based on Threat Modelling

The shipboard combat system is a key system for naval combat that supports a command and control process cycle consisting of Detect - Control - Engage in real time to ensure ship viability and conduct combat missions. Modern combat systems were developed on the basis of Open Architecture(OA) to maximize acceptance of latest technology and interoperability between systems, and actively introduced the COTS(Commercial-of-the-shelf). However, as a result of that, vulnerabilities inherent in COTS SW and HW also occurred in the combat system. The importance of combat system cybersecurity is being emphasized but cybersecurity research reflecting the characteristics of the combat system is still lacking in Korea. Therefore, in this paper, we systematically identify combat system threats by applying Data Flow Diagram, Microsoft STRIDE threat modelling methodology. The threats were analyzed using the Attack Tree & Misuse case. Finally we derived the applicable security requirements which can be used at stages of planning and designing combat system and verified security requirements through NIST 800-53 security control items.

The impacts of the cyber-trust program on the cybersecurity maturity of government entities in the Kingdom of Bahrain

PurposeThis study aims to determine the impacts of the Bahrain Government framework [cyber-trust program (CTP)] on the cybersecurity maturity of government entities and how the CTP can impact the cybersecurity of government entities in the Kingdom of Bahrain.Design/methodology/approachThe authors used a quantitative and qualitative approach. The data were collected by conducting semi-structured interviews with the information technology experts in the Bahrain Government entities participating in the CTP. Also, quantitative data was obtained through a questionnaire distributed to relevant people in the information technology field.FindingsThe findings of this study suggest that the CTP had a significant impact on the cybersecurity assurance of the government entities that participated in the CTP; it increased the employees’ awareness, reduced the number of cyberattacks and optimized the available resources. The findings also highlighted the role of top management in the success of the implementation of the CTP. The results also ensure that the CTP’s maturity model affected the cybersecurity compliance of an organization and the implementation of cybersecurity policies and controls.Practical implicationsThis study enhances cybersecurity researchers’ and practitioners’ understanding of the impact of the CTP and its components and evaluates its influence on Bahrain’s cybersecurity assurance.Originality/valueThis study implies that to achieve better cybersecurity, managers should focus on implementing the policies and controls provided by cybersecurity frameworks to enhance cybersecurity assurance.

Analysis of Efficient Intrusion Detection System using Ensemble Learning

Abstract: Our increasingly connected world continues to face an ever-growing amount of network-based attacks. Intrusion detection systems (IDS) are essential security technology for detecting these attacks. Although numerous machine learningbased IDS have been proposed for detecting malicious network traffic, most have difficulty properly detecting and classifying the more uncommon attack types. The research in Cyber Security has raised the need to address the cybercrimes that have caused the requisition of intellectual properties such as the breakdown of computer systems and impairment of important data compromising the confidentiality authenticity and integrity of the user. Considering these scenarios, securing the computer systems and the user using an Intrusion Detection System (IDS) is essential. The performance of IDS was studied by developing an IDS dataset consisting of network traffic features to learn the attack patterns. Intrusion detection is a classification problem wherein various Ensemble Learning (ML) and Data Mining (DM) techniques are applied to classify the network data into normal and attack traffic. Moreover, the types of network attacks changed over the years, so updating the datasets used for evaluating IDS is necessary.

Mathematical Approaches Transform Cybersecurity from Protoscience to Science

The area of cybersecurity problems has reached the stage of becoming a science. This raises questions about the connection between the mathematical theories used in cybersecurity research and their relation to the methodology for experiments and conceptual models synthesized from the academic community. This research proposes an analytical review of the mathematical ideas used in applied cyber-security and theoretical explorations. This meta viewpoint is dedicated to standard mathematical theories applied in cybersecurity issues. The ground of the work is methodological problems relating to the validation of experiments and models with mathematical ideas in the cybersecurity exploration of digital space. This research emphasizes the application of game theory, catastrophe theory, queuing systems, and Markov chains. The methods are shown without claiming to be exhaustive. The goal is to review the currently established implementation of mathematical approaches to cybersecurity. A spectrum of possibilities for applying mathematical apparatus in future research for cybersecurity is given. After a review of the literature for each presented mathematical approach, we expose a list of problematic areas in which this has already been implemented.