Cyber-attack Identification Research Articles

Enhancing trustworthiness among iot network nodes with ensemble deep learning-based cyber attack detection

A lot of machine learning methods and expert systems are used in network intrusion detection automation. When different industrial control systems merge with the Internet of Things (IoT) environment, they become vulnerable to cyber-attacks in critical infrastructure situations requiring communication technologies. Conventional machine learning techniques used for network anomaly detection are ineffective due to the substantial amount of network traffic within important Cyber-Physical Systems (CPSs). In this manuscript, Cyberattack Identification Through Ensemble Deep Learning in an IoT environment is proposed. Initially, the input network traffic data are taken from the IoT-23 dataset. Then the network traffic data are preprocessed using Z-Score normalization to reduce any irrelevant or erroneous data from the input dataset. Then the relevant features are selected using the Gorilla Troops Optimization (GTO) algorithm. Afterwards, the selected features are fed into the ensemble classification model based on Random Space (RS), Random Tree (RT), Extreme Gradient Boosting (XGBoost), and Graph Convolutional Neural Network (GCNN). Among the several ensembling techniques, GCNN can achieve better performance. Python is used to accomplish the suggested technique. The performance of the proposed GCNN method provides 12.09%, 4.34%, and 3.21% higher accuracy than the other models like RS, RT and XGBoost respectively.

Unsupervised Anomaly Detection Approach for Cyberattack Identification

Unsupervised Anomaly Detection Approach for Cyberattack Identification

Empowering Cyberattack Identification in IoHT Networks With Neighborhood-Component-Based Improvised Long Short-Term Memory

Empowering Cyberattack Identification in IoHT Networks With Neighborhood-Component-Based Improvised Long Short-Term Memory

Spotted hyena optimizer with ensemble deep learning based intrusion detection in internet of things environment

The Internet of Things (IoT) has many potential uses in the day-to-day operations of individuals, companies, and governments. It makes linking all devices to the internet a realistic possibility. Convincing IoT devices to work together to implement several real-world applications is a challenging feat. Security issues impact innovative platform applications due to the current security state in IoT-based operations. As a result, intrusion detection systems (IDSs) tailored to IoT platforms are essential for protecting against security breaches caused by the Internet of Things (IoT) that exploit its vulnerabilities. Issues with data loss, dangers, service interruption, and external hostile assaults are all part of the IoT security landscape. Designing and implementing appropriate security solutions for IoT environments is the main emphasis of this research. Within the Internet of Things (IoT) context, this research creates a Spotted Hyena Optimizer (SHO-EDLID) method for intrusion detection using ensemble deep learning. The main goal of the demonstrated SHO-EDLID method was to detect and categorize intrusions in an Internet of Things setting. It comprises many subprocesses, including feature selection, categorization, and pre-processing. The SHO-EDLID method uses a SHO-based feature selection strategy to identify the best feature subsets. It then used an ensemble of three DL models— a deep belief network (DBN), a stacked autoencoder (SAE), and a bidirectional recurrent neural network (BiRNN)— to detect and name cyberattacks. Finally, the DL models’ parameters are tuned using the Adabelief optimizer. A comprehensive simulation was run to illustrate that the offered model performed better. According to a thorough comparative analysis, the suggested method outperformed other recent approaches. Purpose of the Manuscript: To identify the best feature subsets, the SHO-EDLID method used the SHO-based feature selection method... Afterward, cyberattack identification and tracking were carried out using an ensemble of three DL models: DBN, SAE, and BiRNN. The final step in optimizing the DL models’ parameters is the Adabelief optimizer. The main comparative results: The proposed model present the Comparative analysis of SHO-EDLID algorithm with other existing systems and its outperform the performance in precision 97.50, accuracy 99.56, Recall 98.42, F-Measure.97.95.

Digital Twin-Based Cyber-Attack Detection Framework for Cyber-Physical Manufacturing Systems

Smart manufacturing (SM) systems utilize run-time data to improve productivity via intelligent decision-making and analysis mechanisms on both machine and system levels. The increased adoption of cyber-physical systems in SM leads to the comprehensive framework of cyber-physical manufacturing systems (CPMS) where data-enabled decision-making mechanisms are coupled with cyber-physical resources on the plant floor. Due to their cyber-physical nature, CPMS are susceptible to cyber-attacks that may cause harm to the manufacturing system, products, or even the human workers involved in this context. Therefore, detecting cyber-attacks efficiently and timely is a crucial step toward implementing and securing high-performance CPMS in practice. This paper addresses two key challenges to CPMS cyber-attack detection. The first challenge is distinguishing expected anomalies in the system from cyber-attacks. The second challenge is the identification of cyber-attacks during the transient response of CPMS due to closed-loop controllers. Digital twin (DT) technology emerges as a promising solution for providing additional insights into the physical process (twin) by leveraging run-time data, models, and analytics. In this work, we propose a DT framework for detecting cyber-attacks in CPMS during controlled transient behavior as well as expected anomalies of the physical process. We present a DT framework and provide details on structuring the architecture to support cyber-attack detection. Additionally, we present an experimental case study on off-the-shelf 3D printers to detect cyber-attacks utilizing the proposed DT framework to illustrate the effectiveness of our proposed approach. <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">Note to Practitioners</i> —This work is motivated by developing a general-purpose and extensible digital twin-enabled cyber-attack detection framework for manufacturing systems. Existing works in the field consider specialized attack scenarios and models that may not be extensible in practical manufacturing scenarios. We utilize digital twin (DT) technology as a key enabler to develop a systematic and extensible framework where we identify the abnormality of a resource and detect if the abnormality is due to an attack or an expected anomaly. We provide several remarks on how our proposed framework can extend existing industrial control systems (ICS) and can accommodate further extensions. The presented DTs utilize data-driven machine learning models, physics-based models, and subject matter expert knowledge to perform detection and differentiation tasks in the context of expected anomalies and model-based controllers that control the manufacturing process between multiple setpoints. We utilize a model predictive controller on an off-the-shelf 3D printer to run the process, and stage anomalies and cyber-attacks that are successfully detected by the proposed framework.

Utilization and Sharing of Cyber Threat Intelligence Produced by Open-Source Intelligence

Open-source intelligence (OSINT) is crucial for enhancing organizational cybersecurity by proactively identifying and mitigating potential threats using publicly available information. This study, part of the DYNAMO project, explores the production of cyber threat information (CTI) through OSINT, its application in safeguarding against cyber threats, and the necessary elements for secure information exchange between organizations. The authors employed an integrative literature review of various sources, including industry literature, articles, blog posts, studies, and organizational websites, which were then systematically analyzed using content analysis. The research focuses on OSINT tools and techniques emphasizing the need for expertise in discerning relevant data and respecting privacy rights. Human judgment is highlighted as crucial in ethical decision-making despite the significant role of technology in data collection. Platforms like the Malware Information Sharing Platform (MISP) facilitate the sharing of threat information, promoting prevention and identification of cyber-attacks. Ethical considerations, adherence to data protection legislation, and compliance with directives like the revision of the Network and Information Security Directive (NIS2) and artificial intelligence regulations are paramount. In conclusion, OSINT is a valuable tool for cybersecurity, requiring expertise, transparent processes, and a balanced integration of technology and human skills. The ethical dimensions of OSINT and the role of artificial intelligence merit separate in-depth studies.

Analyse and Predict the Detection of the Cyber - Attack Process by Using a Machine-Learning Approach

Crimes committed online rank among the most critical global concerns. Daily, they cause country and citizen economies to suffer massive financial losses. With the proliferation of cyber-attacks, cybercrime has also been on the rise. To effectively combat cybercrime, it is essential to identify its perpetrators and understand their methods. Identifying and preventing cyber-attacks are difficult tasks. To combat these concerns, however, new research has produced safety models and forecast tools grounded on artificial intelligence. Numerous methods for predicting criminal behaviour are available in the literature. While they may not be perfect, they may help in cybercrime and cyber-attack tactic prediction. To find out whether an attack happened and, if so, who was responsible, one way to look at this problem is by using real-world data. There is data about the crime, the perpetrator's demographics, the amount of property damaged, and the entry points for the assault. Potentially, by submitting applications to forensics teams, victims of cyber-attacks may get information. This study uses ML methods to analyse cyber-crime consuming two patterns and to forecast how the specified characteristics will furnish to the detection of the cyber-attack methodology and perpetrator. Based on the comparison of eight distinct machine-learning methods, one can say that their accuracy was quite comparable. The Support Vector Machine (SVM) Linear outperformed all other cyber-attack tactics in terms of accuracy. The initial model gave us a decent notion of the assaults that the victims would face. The most successful technique for detecting malevolent actors was logistic regression, according to the success rate. To anticipate who the perpetrator and victim would be, the second model compared their traits. A person’s chances of being a victim of a cyber-attack decrease as their income and level of education rise. The proposed idea is expected to be used by departments dealing with cybercrime. Cyber-attack identification will also be made easier, and the fight against them will be more efficient.

Coordinated control and energy management combined with cyberattack identification in multi‐microgrid integrated with hybrid renewable‐storage

AbstractA comprehensive model is developed for coordinated control of voltage‐frequency‐inertia and identifying multiple cyberattacks simultaneously in two microgrids (MGs). The MGs are integrated with solar units, Wind turbine (WT), hybrid supercapacitor‐battery, and fuelcell. The MGs are modelled and controlled for operation under both an island and connected states. In the proposed method, a data centre is designed in which all the electrical and control signals related to the solar, wind, hybrid supercapacitor‐battery, and Fuel cell (FC) are collected, evaluated, and matched. The data centre comprises the following blocks: voltage‐frequency control, inertia control of WT, and identification of false data injection (FDI) cyberattacks on frequency, power, power/frequency, and voltage. The technique used in this article to identify FDI attacks is based on the real‐time method coupled with logical comparisons conducted in the time domain. This methodology provides prompt and precise detection, allowing for timely preventive measures and strategic responses. After FDI attacks occur, the implemented control system effectively manages and regulates the voltage and frequency at the desired levels, efficiently differentiating between ordinary functioning, faulty states, and potential cyber‐attacks. The unhealthy MG can transfer its load to the healthy MG for safety reasons. The healthy MG is then connected to the external grid and the synchronisation conditions are checked by the proposed control system. The results of the non‐linear simulation performed in MATLAB‐Simulink software confirm that the proposed model successfully operates and controls all resources (i.e. solar/wind/battery/FC), regulates the voltage/frequency under various loading conditions, and identifies FDI cyberattacks.

Detection and Identification of Cyberattacks and Physical Faults in Multi-Agent Systems: A Distributed Disturbance Decoupling Observer

Detection and Identification of Cyberattacks and Physical Faults in Multi-Agent Systems: A Distributed Disturbance Decoupling Observer

A Review of Smart Grid Anomaly Detection Approaches Pertaining to Artificial Intelligence

The size of power grids and a complex technological infrastructure with higher levels of automation, connectivity, and remote access make it necessary to be able to detect anomalies of various kinds using optimal and intelligent methods. This paper is a review of studies related to the detection of anomalies in smart grids using AI. Digital repositories were explored considering publications between the years 2011 and 2023. Iterative searches were carried out to consider studies with different approaches, propose experiments, and help identify the most applied methods. Seven objects of study related to anomalies in SG were identified: attacks on data integrity, unusual measurements and consumptions, intrusions, network infrastructure, electrical data, identification of cyber-attacks, and use of detection devices. The issues relating to cybersecurity prove to be widely studied, especially to prevent intrusions, fraud, data falsification, and uncontrolled changes in the network model. There is a clear trend towards the conformation of anomaly detection frameworks or hybrid solutions. Machine learning, regression, decision trees, deep learning, support vector machines, and neural networks are widely used. Other proposals are presented in novel forms, such as federated learning, hyperdimensional computing, and graph-based methods. More solutions are needed that do not depend on a lot of data or knowledge of the network model. The use of AI to solve SG problems is generating an evolution towards what could be called next-generation smart grids. At the end of this document is a list of acronyms and terminology.

Enhancing Cybersecurity in Financial Services using Single Value Neutrosophic Fuzzy Soft Expert Set

Cybersecurity has become a primary concern as the financial sectors generally handle increasing cyber-attacks and an increasing danger of financial crime. Recently, ransomware attacks have intensified, affecting enterprises, and crucial infrastructure worldwide. Ransomware employs sophisticated encryption techniques to encrypt data on the targeted device, then requests payment for decrypting the data. Artificial intelligence (AI) approaches involving ML were progressively employed in the domain of cybersecurity and significantly subsidized to preventing and detecting variety of threats. On the other hand, the several researchers that employed ML to identify ransomware are still constrained by the accuracy of models, the complication of malware, the high false-positive rate, and the lack of setting up the appropriate analysis environment. Therefore, there is a need to design efficient ransomware detection based on ML algorithms. This work introduces a modified Single Value Neutrosophic Fuzzy Soft Expert Set (M-SVNFSES) technique for cyberattack detection. The main purpose of the M-SVNFSES system is to detect and recognize the existence of cyberattacks in the financial sectors. In the M-SVNFSES technique, min-max normalization is used as an initial pre-processing stage. For the identification of cyberattacks in the financial sectors, the M-SVNFSES technique uses the SVNFSES model. To enhance its performance, the M-SVNFSES technique makes use of a bat optimization algorithm (BOA). The performance of the M-SVNFSES methodology was extensively studied using financial datasets. The experimental outcomes depicted that the M-SVNFSES method reaches optimal detection performance in attack detection process

НЕЙРОННІ МЕРЕЖІ УВИЯВЛЕННІ АТАК НА РОЗПОДІЛЕНІ СИСТЕМИ

Modern challenges in processing vast amounts of data are solved with the help of complex distributed systems, which in turn require cyber protection, that has the instruments for managing security riskssuch as information acquisition, espionage, reduction of system productivity, etc. This article provides an overview of some approaches to detecting cyberattacks, which in particular use machine learning. Their advantages, disadvantages, work methods, vulnerabilities, and approaches to their protection are given. Approaches to using various machine learning modelsfor pre-processing input data, which is subsequently analyzed by intrusion detectors, and ways of improving the accuracy and effectiveness of cyberattack identification were also investigated.As a result of the analysis of research, it is shown that there is a need to combine data from various attack detection systems used at different layers of cyber defense. The use of attack detection systems in different layers of the system allows the detection of such attacks as SQL insertion, obtaining administrator rights, acquiring access to the node, DDoS, and Probe. This can be done by analyzing logs, or network packets in case of SQL insertion, or by monitoring Internet traffic during a DDoS attack. Taking into account the growing variety of attacks on distributed systems and the increase in the amount of information being processed, the use of machine learning in attack detection systems is becoming an increasingly attractive direction for study. Artificial intelligence can be involved in selecting the necessary features for analysis, detecting interven-tions, reducing the level of false attack detections, and improving the accuracy of their recognition. The ability to retrainthe model on new data is a significant advantage due to the small number of available test datasets dedicated to attacks on dis-tributed systems. There is a need to investigate the feasibility of using certain machine learning models and neural networks, based on available input data and requirements for accuracy and speed.It has been determined that anomaly detection is the most common approach to recognizing attacks using machine learning in the commercial product market. Analysis of attacks against machine learning-based defenses that use an anomaly detection approach has shown that there are weaknesses that can be minimized with additional protection; for example, time-distributed attacks can adapt to acceptable ranges of deviation of network indicators. An overview of the mechanisms for ensuring the resistance of protection systems tosuch influences, including the addition of various noises during training, range reduction of system parameter values, variations in retraining the model on misleading data, and the use of special classifiers, was performed

An approach to identification and forensic analysis of DNS attacks

Domain name resolution servers (DNS) perform a key function in establishing access to web pages. Because of their importance, they are constant targets for cyber-attacks, which aim to erase or replace some of their records, causing huge losses for users, companies and institutions worldwide. In Brazil, to prevent such attacks, a legal provision is established that criminally typifies the invasion of computer devices connected to the World Wide Web, which includes attacks on the DNS service. Still, cyber-attack identification is difficult as it depends on the correct application of means of protection, monitoring of network services and extraction and interpretation of data that allow the identification of criminal factors. The present work proposes a computational forensics approach to automatically detect the occurrence of a DNS cache poisoning attack, subsuming the elements that constitute the attack to the legal device, thus identifying the occurrence of a crime.

Leveraging Explainable Artificial Intelligence in Real-Time Cyberattack Identification: Intrusion Detection System Approach

Cyberattacks are part of the continuous race, where research in computer science both contributes to discovering new threats and vulnerabilities and also mitigates them. When new vulnerabilities are not reported but sold to attackers, they are called “zero-days,” and are particularly difficult to identify. Modern intrusion detection systems (IDS) that leverage artificial intelligence (AI) and machine learning (ML) are becoming essential in identifying these cyber threats. This study presents the design of an IDS using ML and Explainable AI (XAI) techniques for real-time classification of various detected cyberattacks. By utilizing frameworks such as Apache Kafka and Spark, along with libraries such as Scikit-learn and SHAP, the system identifies and classifies normal or anomalous network traffic in real-time. The XAI offers the IDS the option to explain the rationale behind each classification. The primary aim of this research is to develop a flexible and scalable IDS that can provide clear explanations for its decisions. The second aim is to compare and analyze different ML models to achieve the best results in terms of accuracy, f1, recall, and precision. Random Forest models proposed in this research article obtained the best results in figuring out the key features identified by the XAI model, which includes Ct_state_ttl, Sttl, Dmean, and Dbytes from the UNSW-NB15 dataset. Finally, this research work introduces different machine learning algorithms with superior performance metrics compared to other real-time classification methods.

Real-Time Grid Monitoring and Protection: A Comprehensive Survey on the Advantages of Phasor Measurement Units

The emerging smart-grid and microgrid concept implementation into the conventional power system brings complexity due to the incorporation of various renewable energy sources and non-linear inverter-based devices. The occurrence of frequent power outages may have a significant negative impact on a nation’s economic, societal, and fiscal standing. As a result, it is essential to employ sophisticated monitoring and measuring technology. Implementing phasor measurement units (PMUs) in modern power systems brings about substantial improvement and beneficial solutions, mainly to protection issues and challenges. PMU-assisted state estimation, phase angle monitoring, power oscillation monitoring, voltage stability monitoring, fault detection, and cyberattack identification are a few prominent applications. Although substantial research has been carried out on the aspects of PMU applications to power system protection, it can be evolved from its current infancy stage and become an open domain of research to achieve further improvements and novel approaches. The three principal objectives are emphasized in this review. The first objective is to present all the methods on the synchro-phasor-based PMU application to estimate the power system states and dynamic phenomena in frequent time intervals to observe centrally, which helps to make appropriate decisions for better protection. The second is to discuss and analyze the post-disturbance scenarios adopted through better protection schemes based on accurate and synchronized measurements through GPS synchronization. Thirdly, this review summarizes current research on PMU applications for power system protection, showcasing innovative breakthroughs, addressing existing challenges, and highlighting areas for future research to enhance system resilience against catastrophic events.

Cyber Attacks : Detection and Prevention

Tens of millions of cyber-attacks (Emails, online transactions, live video streaming, online games, and navigation are all examples of fraudulent Internet-based intelligence gathering.) are launched every day against Internet users throughout the world. Various defences have been developed by researchers in response to these attacks. At present, the techniques that cyber attackers use to perpetrate attacks are related to human exploitation. These attacks are more frequent than before, and they are harder to contain. In the area of information management, cybersecurity is essential. In today's world, protecting privacy has been one of the most difficult tasks. "Cyber-crimes" is the first thing that has come to me when I think about cyber security, which are on the rise at an alarming rate. Various governments and corporations are taking various actions to tackle cybercrime. Despite different initiatives, cyber security remains a major issue for many people. Traditional non-confidence counter-measures are unable to prevent violations against individuals. This paper explains the current state of cybersecurity threats, counter-measures and non-confidence tools that are relevant to day-to-day online operations. It offers a valuable cyber-attack taxonomy and classification that aids in the identification of cyber-attacks and cyber-security initiatives.

Deep Learning Based Attack Detection for Cyber-Physical System Cybersecurity: A Survey

With the booming of cyber attacks and cyber criminals against cyber-physical systems (CPSs), detecting these attacks remains challenging. It might be the worst of times, but it might be the best of times because of opportunities brought by machine learning (ML), in particular deep learning (DL). In general, DL delivers superior performance to ML because of its layered setting and its effective algorithm for extract useful information from training data. DL models are adopted quickly to cyber attacks against CPS systems. In this survey, a holistic view of recently proposed DL solutions is provided to cyber attack detection in the CPS context. A six-step DL driven methodology is provided to summarize and analyze the surveyed literature for applying DL methods to detect cyber attacks against CPS systems. The methodology includes CPS scenario analysis, cyber attack identification, ML problem formulation, DL model customization, data acquisition for training, and performance evaluation. The reviewed works indicate great potential to detect cyber attacks against CPS through DL modules. Moreover, excellent performance is achieved partly because of several high-quality datasets that are readily available for public use. Furthermore, challenges, opportunities, and research trends are pointed out for future research.

Cyber-Attack Identification of Synchrophasor Data Via VMD and Multifusion SVM

A large amount of synchrophasor data in the wide area measurement system (WAMS) needs to be collected and transmitted to the phasor data concentrator, thereby increasing the possibility of being attacked by hackers. The attacked data are therefore hidden into the normal synchrophasor data so that the synchrophasor data based application will be affected. To remedy this problem, an identification framework is proposed to detect the data cyber-attack in WAMS utilizing variational mode decomposition (VMD) and multifusion support vector machine (MSVM). First, VMD is used to transform the attacked data into multiple modal components. Thereafter, a novel MSVM is employed to classify the deterministic features using the proposed linear combined multikernel (LCM). This LCM can fuse multiple types of features, including the time, frequency, and statistical domains of the synchrophasor data. Utilizing the actual data from FNET/GridEye, different experiments are conducted under multiple attack strengths and types. The results demonstrate that the identification framework has higher precision and robustness compared with other conventional classifiers.

Intelligent and Secure Detection of Cyber-attacks in Industrial Internet of Things: A Federated Learning Framework

The increasing integration of traditional industrial systems with smart networking and communications technology (such as fifth-generation networks, software-defined networking, and digital twin), has drastically widened the security vulnerabilities of the industrial internet of things (IIoT). Nevertheless, owing to the lack of sufficient instances of high-quality attacks, it has been incredibly difficult to resist the cyberattacks that directed at such a substantial, complicated, and dynamic IIoT. This work introduces an intelligent federated deep learning framework, termed FED-SEC, for automatic and early identification of cyber-attacks against IIoT infrastructure. In particular, a new convolutional recurrent network designed to detect cyberattacks within IIoT data. Then, a secure federated learning scheme presented to promote making use of mobile edge computing to enable the distributed IIoT entities to cooperate together to train a unified model for cyberattack detection in a privacy-preserved manner. More, a safe communication channel constructed via an improved Homomorphic Encryption scheme aiming to keep the model parameters secure against any leakage of inferential attacks, especially throughout the training procedure. Massive experimentations on multiple public datasets of IIoT cyberattacks proved the high-level efficacy of the FED-SEC in discovering different categories of cyber-attacks against IIoT and the superiorities over cutting-edge approaches.

Identification of cyber attacks using machine learning in smart IoT networks

The Internet of Things (IoT) combines billions of physical objects that can communicate with each device without minimal human interaction. IoT has grown to be one of the most popular technologies and an attractive field of interest in the business world. The demand and usage of IoT are expanding rapidly. Several organizations are funding in this domain for their business use and giving it as a service for other organizations. The result of IoT development is the rise of different security difficulties to both organizations and buyers. Cyber Security gives excellent services to preserve internet privacy and business interventions such as disguising communication intrusions, denial of service interventions, blocked, and unauthorized real-time communication. Performing safety measures, such as authentication, encryption, network protection, access power, and application protection to IoT devices and their natural vulnerabilities are less effective. Therefore, security should improve to protect the IoT ecosystem efficiently. Machine Learning algorithms are proposed to secure the data from cyber security risks. Machine-learning algorithms that can apply in different ways to limit and identify the outbreaks and security gaps in networks. The main goal of this article ability to understand the efficiency of machine learning (ML) algorithms in opposing Network-related cyber security Assault, with a focus on Denial of Service (DoS) attacks. We also address the difficulties that require to be discussed to implement these Machine Learning (ML) security schemes in practical physical object (IoT) systems. In this research, our main aim is to provide security by multiple machine-learning (ML) algorithms that are mostly used to recognise the interrelated (IoT) network Assault immediately. Unique metadata, Bot-IoT, is accustomed to estimate different recognition algorithms. In this execution stage, several kinds of Machine-Learning (ML) algorithms were handled and mostly reached extraordinary achievement. Novel factors were gathered from the Bot-IoT metadata while implementation and the latest features contributed more reliable outcomes.