Identification Of Attacks Research Articles

Comprehensive Review of Security Requirements for Mitigating Threats and Attacks on IoT Assets

Machine learning and artificial intelligence are increasingly being utilized to automate identifying and defining security requirements (SR) and addressing diverse IoT security issues. Despite its extensive environment, IoT-focused cyberattacks had the largest attack surface. IoT security requirements include data confidentiality, integrity, authentication, access control, and privacy. Inadequate emphasis on assessing security requirements leads to attacks and threats. To address the security issues that threaten the IoT environment, additional security measures are required to protect IoT-based applications from threats and other vulnerabilities. However, the absence of the security requirement assessment in IoT systems architecture jeopardizes security, exposing the system to vulnerabilities and risking organizational assets and reputation while also escalating the cost and time required to address security issues. In this study major threats and attacks are identified relevant to the assets of IoT security requirements. To systematically identify, analyze, and address potential security threats and attacks related to IoT assets, this research proposes a three-step methodology: (1) analysis of the IoT security requirements, (2) Identification of threats and attacks in IoT, and (3) IoT assets centric security threats and attacks. An illustrative example of IoT asset security is provided to highlight potential attacks and threats relevant to IoT assets. This approach offers a practical and clear foundation for the early identification of IoT security requirements and their seamless integration into requirements engineering (RE) activities, contributing to a more secure and resilient IoT system architecture.

SFACIF: A safety function attack and anomaly industrial condition identified framework

High-stakes process industries require a harmonious relationship between the Safety Instrumented System (SIS) and the Basic Process Control System (BPCS) to guarantee the safety and stability of operations. As security threats to SIS intensify, the imperative to fortify it against cyber-attacks has never been more critical. SIS activates safety functions to bring the process to a safe state or shut it down under anomaly idustrial conditions. This raises two critical questions for SIS security: (1) how to differentiate between genuine industrial anomalies and data injected by attackers to prevent unnecessary shutdowns and economic losses; and (2) how to distinguish between attackers’ replayed data and normal operational data to avoid casualties resulting from delayed shutdowns. In addressing these challenges, we introduce SFACIF, a framework designed to effectively identify safety function attacks and anomaly industrial conditions. Inspired by advanced two out of three voting mechanisms and process monitoring technologies, our approach encompasses several innovative strategies. Initially, a deep learning-based time series prediction method is employed to generate benchmark data. Next, potential issues are identified by detecting deviations through pairwise comparisons between the predicted benchmark data, SIS observations, and BPCS observations. To account for the higher fault rates in BPCS and the presence of process noise, we apply a modified sliding window residual statistical method for analysis. Lastly, we introduce a novel coding scheme to interpret the results of the three-way comparison, enabling the identification of safety function attacks and anomaly industrial conditions. To validate the efficacy of SFACIF, we devised a physical simulation platform that mirrors real-world industrial environments, facilitating a rigorous assessment of our framework under operational conditions. The performance metrics underscore the superior capability of SFACIF, which achieved 99% accuracy and 1% false alarm rate. These results not only attest to the ability of SFACIF to accurately differentiate between various attack vectors but also highlight its proficiency in discerning between authentic and manipulated data.

Analyzing Zero Attacks Identification and Prevention

All systems with software code are susceptible to an attack called “zero day”, which exploits vulnerabilities that are not yet disclosed or known to the public or vendor. Organizations around the world are often left unprotected against these attacks. Cyber criminals follow zero day vulnerabilities closely to commit malicious actions. The goal of this paper is to design a framework utilizing the most efficient methods to detect and contain zero day exploits, propose improvements, and compare current anti-malware tools (AMTs). Analyzing the ability of multiple AMTs to detect zero day malware will assist cyber security professionals in selecting the most compatible for their respective environments and defend against these attacks.

Privacy-Preserving Detection of Tampered Radio-Frequency Transmissions Utilizing Federated Learning in LoRa Networks.

LoRa networks, widely adopted for low-power, long-range communication in IoT applications, face critical security concerns as radio-frequency transmissions are increasingly vulnerable to tampering. This paper addresses the dual challenges of privacy-preserving detection of tampered transmissions and the identification of unknown attacks in LoRa-based IoT networks. Leveraging Federated Learning (FL), our approach enables the detection of tampered RF transmissions while safeguarding sensitive IoT data, as FL allows model training on distributed devices without sharing raw data. We evaluated the performance of multiple FL-enabled anomaly-detection algorithms, including Convolutional Autoencoder Federated Learning (CAE-FL), Isolation Forest Federated Learning (IF-FL), One-Class Support Vector Machine Federated Learning (OCSVM-FL), Local Outlier Factor Federated Learning (LOF-FL), and K-Means Federated Learning (K-Means-FL). Using metrics such as accuracy, precision, recall, and F1-score, CAE-FL emerged as the top performer, achieving 97.27% accuracy and a balanced precision, recall, and F1-score of 0.97, with IF-FL close behind at 96.84% accuracy. Competitive performance from OCSVM-FL and LOF-FL, along with the comparable results of K-Means-FL, highlighted the robustness of clustering-based detection methods in this context. Visual analyses using confusion matrices and ROC curves provided further insights into each model's effectiveness in detecting tampered signals. This research underscores the capability of federated learning to enhance privacy and security in anomaly detection for LoRa networks, even against unknown attacks, marking a significant advancement in securing IoT communications in sensitive applications.

An optimized and efficient multiuser data sharing using the selection scheme design secure approach and federated learning in cloud environment

An optimized and efficient multiuser data sharing using the selection scheme design secure approach and federated learning in cloud environment

Detecting command injection attacks in web applications based on novel deep learning methods

Web command injection attacks pose significant security threats to web applications, leading to potential server information leakage or severe server disruption. Traditional detection methods struggle with the increasing complexity and obfuscation of these attacks, resulting in poor identification of malicious code, complicated feature extraction processes, and low detection efficiency. To address these challenges, a novel detection model, the Convolutional Channel-BiLSTM Attention (CCBA) model, is proposed, leveraging deep learning techniques to enhance the identification of web command injection attacks. The model utilizes dual CNN convolutional channels for comprehensive feature extraction and employs a BiLSTM network for bidirectional recognition of temporal features. An attention mechanism is also incorporated to assign weights to critical features, improving the model’s detection performance. Experimental results demonstrate that the CCBA model achieves 99.3% accuracy and 98.2% recall on a real-world dataset. To validate the robustness and generalization of the model, tests were conducted on two widely recognized public cybersecurity datasets, consistently achieving over 98% accuracy. Compared to existing methods, the proposed model offers a more effective solution for identifying web command injection attacks.

Novel IDS Framework: Integrating GWO Feature Selection with KAN Classification

The past few decades have seen significant lifestyle improvements through cutting-edge innovations like AI and fog computing enabled by the World Wide Web, which are crucial for practical applications involving both symmetrical and asymmetrical information distributions. However, these advancements also come with the risk off requent and dangerous cyber-attacks. To mitigate these unwanted malwares, researchers must develop and implement novel intrusion detection systems (IDSs). Challenges such as inadequate accuracy scores due to numerous unnecessary and ineffective features, poor identification of attacks through specific deep learning classification methods, the costly and inefficient use of labeled training databases, and the excessive time required for system development and evaluation hinder there liability and efficiency of IDSs.This paper proposes a hybrid approach that combines the Grey Wolf Optimizer (GWO) for feature selection and the Kolmogorov-Arnold Network(KAN) algorithm for classification to address these challenges.The GWO is utilized to extract important features through meta-heuristic methods, demonstrating its effectiveness in feature selection. The proposed model achieves a high accuracy score, precision, recall, and F1-score of 92.09%, indicating its capability to accurately identify both normal and intrusive activities. The Matthews Correlation Coefficient (MCC) of 0.9019 further validates the model's robustness.

Data Mining Approach for Evil Twin Attack Identification in Wi-Fi Networks

Recent cyber security solutions for wireless networks during internet open access have become critically important for personal data security. The newest WPA3 network security protocol has been used to maximize this protection; however, attackers can use an Evil Twin attack to replace a legitimate access point. The article is devoted to solving the problem of intrusion detection at the OSI model’s physical layers. To solve this, a hardware–software complex has been developed to collect information about the signal strength from Wi-Fi access points using wireless sensor networks. The collected data were supplemented with a generative algorithm considering all possible combinations of signal strength. The k-nearest neighbor model was trained on the obtained data to distinguish the signal strength of legitimate from illegitimate access points. To verify the authenticity of the data, an Evil Twin attack was physically simulated, and a machine learning model analyzed the data from the sensors. As a result, the Evil Twin attack was successfully identified based on the signal strength in the radio spectrum. The proposed model can be used in open access points as well as in large corporate and home Wi-Fi networks to detect intrusions aimed at substituting devices in the radio spectrum where IEEE 802.11 networking equipment operates.

Collaborative Intrusion Detection System with Snort Machine Learning Plugin

The increasing prevalence of cybercrime and cyber-attacks underscores the imperative need for organizations to implement robust network security measures. Nevertheless, current Intrusion Detection Systems (IDS) often rely on single-sensor or multi-sensor in the same type of IDS, including Host-Based IDS (HIDS) or Network-Based IDS (NIDS), which inherently possess limited detection capabilities. To address this limitation, this research combines NIDS and HIDS components into a collaborative-IDS system, thus expanding the scope of intrusion detection and enhancing the efficacy of the established attack mitigation system. However, the integration of NIDS and HIDS introduces formidable challenges, notably the elevated rates of False Positive and False Negative alerts. To surmount these challenges, the researcher employs machine learning techniques in the form of Snort plugins and comparison methods to heighten the precision of attack detection. The obtained results unequivocally illustrate the effectiveness of this approach. Using a Support Vector Machine for static analysis of the NSL-KDD dataset attains an outstanding 99% detection rate for Denial of Service (DoS) attacks and an impressive 98% detection rate for Probe attacks. Furthermore, in dynamic real-time attack simulations, the machine learning plugins exhibit remarkable proficiency in detecting various types of DoS attacks, concurrently offering more comprehensive identification of SYN Flooding DoS attacks compared to the Snort community rules set. These findings signify a significant advancement in intrusion detection, paving the way for more robust and accurate network security systems in an era of escalating cyber threats.

Impact Analysis of Filter and Wrapper-Based Feature Selection Techniques for Webpages Phishing Attacks Identification

Phishing, which involves fraudulently gaining access to sensitive assets of unsuspecting individuals through deceptive and malicious emails, is a major global threat to internet users. The proliferation of phishing sites and their operations is occurring at an alarming rate, raising significant concerns about how to forestall them. Numerous research efforts are underway to detect phishing attempts before they can compromise important information and cause damage. Compared to conventional methods, machine learning has proven highly effective at detecting phishing attacks by analyzing different features. This study analyzed the behaviors of seven classification data mining algorithms on optimal subset features selection using Wrapper (Boruta) and Filter-based (Mutual-Information). Real-life phishing webpage datasets were used for the analysis. Ensemble classifiers such as Voting, Gradient Boosting, and Random Forest were used in the experiments. Two experiments were conducted. In the first experiment, K-Nearest Neighbor (K-NN) yielded the highest accuracy among single classifiers, with a score of 94.1%, while Random Forest (RF) ensemble achieved 96.7%. In the second experiment, using another baseline feature set, RF performed excellently under the Boruta method with an accuracy of 97.25%, while K-NN retained the highest accuracy of 95.20% among single classifiers. This study provides empirical evidence that feature selection techniques have a great impact on the performance of ML models, for both single and ensemble classifiers, in the detection of phishing attacks.

Attack-resilient framework for wind power forecasting against civil and adversarial attacks

Forecasting wind power generation accurately is crucial for reliable, economical, and efficient integrations in smart grids, promoting applications of cleaner energy sources. Although effective wind power forecasting methods exist, power grids still require resilient schemes enabling accurate predictions under cyber-attacks. This paper introduces civil attack (CA) and fast gradient sign method (FGSM) attacks to wind power forecasting to analyze their impacts with countermeasures. The impacts of CA and FGSM attacks on a deep learning-based forecasting method are evaluated, finding FGSM attacks more severe. Also, an attack identification and corrupted data replacement-based pre-processing robust framework is proposed, outperforming other countermeasures. To detect and classify attacks, random forest (RF) has outperformed extreme gradient boosting (XGBoost), decision tree (DT), support vector machine (SVM), and k-nearest neighbors (KNN). Experimental results on two different zones during CA and FGSM attacks indicate that the decrease in accuracy can be up to 0.4103, 0.3152, and 0.1683 in terms of root mean square error (RMSE), mean absolute error (MAE), and mean squared error (MSE), respectively. The proposed framework successfully achieves an accuracy of 0.1204, 0.0835, and 0.0145 for the worst case in terms of RMSE, MAE, and MSE, respectively, signifying its importance for academic and industrial applications.

A Complete EDA and DL Pipeline for Softwarized 5G Network Intrusion Detection

The rise of 5G networks is driven by increasing deployments of IoT devices and expanding mobile and fixed broadband subscriptions. Concurrently, the deployment of 5G networks has led to a surge in network-related attacks, due to expanded attack surfaces. Machine learning (ML), particularly deep learning (DL), has emerged as a promising tool for addressing these security challenges in 5G networks. To that end, this work proposed an exploratory data analysis (EDA) and DL-based framework designed for 5G network intrusion detection. The approach aimed to better understand dataset characteristics, implement a DL-based detection pipeline, and evaluate its performance against existing methodologies. Experimental results using the 5G-NIDD dataset showed that the proposed DL-based models had extremely high intrusion detection and attack identification capabilities (above 99.5% and outperforming other models from the literature), while having a reasonable prediction time. This highlights their effectiveness and efficiency for such tasks in softwarized 5G environments.

Botnet Attack Identification and Mitigation condition Software-Defined Networks Utilizing CNN Algorithm

One new design that makes managing and communicating across large-scale networks easier and more flexible is software-defined networking, or SDN. It allows for the smooth and dynamic execution of complicated network choices via programmable and centralized interfaces. But SDN opens doors for people and companies to tailor network apps to their needs, allowing them to enhance services. On the other hand, it began to encounter a host of new privacy and security issues and brought the dangers of one point of failure all at once. In most cases, hackers use OpenFlow switches to conduct botnets or distributed Denial of Service (DDoS) assaults against the controller. Popular security apps that use deep learning (DL) to quickly identify and counteract attacks are on the rise. Here, we examine botnet-based DDoS attack detection using DL approaches in an SDN-supported context and demonstrate their performance. For the assessment, we utilize a dataset that we just created ourselves. In order to choose the most useful subset of characteristics, we used weighting of features and tuning techniques. Using both a synthetic dataset and actual testbed conditions, we validate the measurements or simulation results. The primary objective of this research is to identify botnet-based DDoS assaults using easily-obtained characteristics and data using a lightweight DL approach with baseline hyper-parameters. We found that the DL technique's performance is affected by the optimal subset of features, and that the accuracy of predictions of the same approach may be varied with a different collection of features. Lastly, our empirical findings show that the CNN approach works better than both the dataset and the actual testbed environments. With CNN, the detection rate for typical flows is 99% and for malicious flows it drops to 97%.

DPKnob: A visual analysis approach to risk-aware formulation of differential privacy schemes for data query scenarios

Differential privacy is an essential approach for privacy preservation in data queries. However, users face a significant challenge in selecting an appropriate privacy scheme, as they struggle to balance the utility of query results with the preservation of diverse individual privacy. Customizing a privacy scheme becomes even more complex in dealing with queries that involve multiple data attributes. When adversaries attempt to breach privacy firewalls by conducting multiple regular data queries with various attribute values, data owners must arduously discern unpredictable disclosure risks and construct suitable privacy schemes. In this paper, we propose a visual analysis approach for formulating privacy schemes of differential privacy. Our approach supports the identification and simulation of potential privacy attacks in querying statistical results of multi-dimensional databases. We also developed a prototype system, called DPKnob, which integrates multiple coordinated views. DPKnob not only allows users to interactively assess and explore privacy exposure risks by browsing high-risk attacks, but also facilitates an iterative process for formulating and optimizing privacy schemes based on differential privacy. This iterative process allows users to compare different schemes, refine their expectations of privacy and utility, and ultimately establish a well-balanced privacy scheme. The effectiveness of this study is verified by a user study and two case studies with real-world datasets.

Enhancing IoT network defense: advanced intrusion detection via ensemble learning techniques

The Internet of Things (IoT) has evolved significantly, automating daily activities by connecting numerous devices. However, this growth has increased cybersecurity threats, compromising data integrity. To address this, intrusion detection systems (IDSs) have been developed, mainly using predefined attack patterns. With rising cyber-attacks, improving IDS effectiveness is crucial, and machine learning is a key solution. This research enhances IDS capabilities by introducing binary attack identification and multiclass attack categorization for IoT traffic, aiming to improve IDS performance. Our framework uses the ‘BoT-IoT’ and ‘TON-IoT’ datasets, which include various IoT network traffic and cyber-attack scenarios, such as DDoS and data infiltration, to train machine learning and ensemble models. Specifically, it combines three machine learning models-decision tree, resilient backpropagation (RProp) multilayer perceptron (MLP), and logistic regression-into ensemble methods like voting and stacking to improve prediction accuracy and reduce detection errors. These ensemble classifiers outperform individual models, demonstrating the benefit of diverse learning techniques. Our framework achieves high accuracy, with 99.99% for binary classification on the BoT-IoT dataset and 97.31% on the ToN-IoT dataset. For multiclass classification, it achieves 99.99% on BoT-IoT and 96.32% on ToN-IoT, significantly enhancing IDS effectiveness against IoT cybersecurity threats.

GSAAN with War Strategy Optimization Algorithm for Cyber Security in a 5G Wireless Communication Network

In this paper, the graph sample and aggregate-attention network with war strategy optimization algorithm for cyber security in the 5G wireless communication network (CS-5GWCN-GSAAN-WSOA) is proposed in 5G mobile networks to identify cyber threats. Initially, the input data are amassed from the 5G-NIDD dataset. Then the input data are fed to preprocessing, here redundancy elimination and missing value replacement are performed utilizing the contrast limited adaptive histogram equalization filtering (CLAHEF) method. After preprocessing, optimal features are selected by the stochastic gradient boosting based recursive feature elimination process. The selected features are fed to the graph sample and aggregate-attention network (GSAAN) to detect cyber-attacks in 5G wireless communication. Generally, the GSAAN approach does not adopt any optimization techniques for determining optimal parameters and guaranteeing accurate attack detection. Therefore, the war strategy optimization algorithm (WSOA) contemplates to optimize the GSAAN weight parameters. The CS-5GWCN-GSAAN-WSOA method is activated on Python. The CS-5GWCN-GSAAN-WSOA method attains 22.51%, 20.35%, and 35.54% higher accuracy, 19.45%, 27.80%, and 18.93% higher sensitivity analysed with existing models, like cyber security attack identification in 5G wireless systems utilizing machine learning (CS-5GWCN-SVM), enhanced dropping attacks detection in 5G networks depending on deep learning models (CS-5GWCN-KNN), and cyber security issues in 5G enabled attack detection through deep learning (CS-5GWCN-RNN), respectively.

From virus to viral: content analysis of HIV-related Twitter messages among young men in the U.S.

BackgroundAdolescents and young adults account for over 21% of new HIV infections in the U.S. with most new cases among young men. As an important information source for this group, social media can uniquely reveal the perspectives and communicative patterns of this key population. We identified 6,439 young male Twitter users (ages 13–24) in the U.S. using an NLP pipeline with geolocations. From their Twitter timelines, we collected 24,600 HIV-related tweets, among which the most retweeted and favorited tweets (n = 472) were analyzed through a content analysis.ResultsThree themes arose in this online viral discourse around HIV among young men: (i) othering, (ii) politics and activism, (iii) risk and wellness. Othering tweets contained stigmatizing jokes and insults alienating individuals who identify as lesbian, gay, bisexual, transgender, queer or questioning, intersex, asexual, or being elsewhere on the gender and sexuality spectrum (LGBTQIA +), and people with HIV. Politics and activism tweets discussed awareness, stigma, HIV criminalization, violence, LGBTQIA + , and women’s rights. Risk and wellness tweets discussed risk behaviors for sexually transmitted infections (STIs) (e.g., condomless sex, transactional sex, multiple sexual partners), or safer sex and preventive practices (e.g., pre-exposure prophylaxis [PrEP], condom use, achieving undetectable viral load, medication adherence, and STI testing).ConclusionThe social acceptability of high-risk sex behaviors is high among young male Twitter users. Given the double-edged nature of social media—health-promoting (e.g., awareness, health activism) as well as risk-promoting (e.g., risky behavior endorsement, identity attacks)— this population may benefit from targeted health communication intervention. Future HIV prevention efforts should counter the stigma, misinformation, and risk-promoting viral messages prevalent on social media.

Unmasking Malicious Stance Indicators and Attitudinal Priming: An ‘Evaluative Textbite’ Approach to Identity Attacks in Violent Extremist Discourse

The article explores the patterning and functioning of attitude semantics in the practice of identity attacks within terrorist communications. Positioned in facework and stance-taking research (e.g. Tracy & Tracy, 1998, 2008, 2017), it introduces the concepts of ‘evaluative textbites’ and ‘attitudinal priming’ to linguistic examinations, advocating a functional approach to unravelling identity attacks, drawing on corpus analysis methods (e.g. word frequency, and concordance-line qualitative analysis) and the Appraisal framework (Martin & White, 2005). Findings reveal that, linked with stance-taking activity, attitudinal priming offers insights into how specific ideational targets are primed for particular attitudinal, evaluative functions. Evaluative textbites provide linguistic evidence of an author’s encoded hostile attitude and the nuanced patterning and functioning of ‘ideation-attitude’ co-occurrences in these attacks. Identity attacks are a rhetorical tool, normative and valuation-based, targeting individuals’ or out-groups’ immoral behaviours and devaluing victims by reference to their personal traits, power-distance relationships, interactional roles, and master identities. This article offers implications for future study of identity attacks in hate crimes, genocidal rhetoric, and defamation texts, and strengthens counter-extremism efforts by illuminating the investigative value of identity work.

MP-GUARD: A novel multi-pronged intrusion detection and mitigation framework for scalable SD-IoT networks using cooperative monitoring, ensemble learning, and new P4-extracted feature set

The ever-increasing complexity of the Internet of Things (IoT) environment demands robust and adaptable intrusion detection frameworks, as existing approaches struggle with real-time traffic analysis, limited scalability, and static feature sets. This paper introduces MP-GUARD, a novel framework that leverages Software-Defined Networking (SDN), machine learning (ML), and a multi-controller architecture to address these challenges. MP-GUARD tackles multi-pronged intrusion attacks in IoT networks by offering real-time intrusion detection, collaborative traffic monitoring, and multi-layered attack mitigation. It achieves this through two core modules: P4-Assisted Cooperative Traffic Monitoring (CTM-P4) and Multi-Pronged Intrusion Detection and Mitigation (MPIDM). CTM-P4 facilitates real-time communication among multiple controllers, enabling dynamic feature extraction leveraging the interconnected state tables within P4-enabled switches. This module introduces a new 22-feature set (12 extracted and 10 computed) for comprehensive network analysis. MPIDM leverages the detailed network insights from CTM-P4 for attack identification and prevention. It introduces Stacked Ensemble Learning with Dynamic P4-Based Feature Selection (SELDP4-FS), achieving exceptional performance with 99.32 % accuracy, 99.24 % F1-score, and 0.49 % false positive rate. Additionally, MPIDM boasts efficient response and detection times of 16ms and 11ms, respectively. Beyond accuracy, MP-GUARD demonstrates significant advantages in terms of scalability and efficiency. The multi-controller architecture offers a 65 % reduction in overhead compared to single-controller setups. Furthermore, this work introduces the Mean Accuracy Steadiness Level (MASL) metric to assess model stability under varying traffic conditions. By combining P4-based feature extraction, dynamic feature selection, cooperative monitoring, ensemble learning, and a multi-controller architecture, MP-GUARD presents a significant contribution to IoT security, offering a scalable and adaptable solution for securing future SD-IoT deployments against evolving threats.

A novel framework for identification of cyber-physical attacks in additive manufacturing

A novel framework for identification of cyber-physical attacks in additive manufacturing