Network Intrusion Research Articles

Responding to Cyberattacks: The Persuasiveness of Claiming Victimhood

Evidence shows that, in the aftermath of cyberattacks, organizations usually accept responsibility for having failed to protect stakeholders’ data more effectively. While this strategy is reasonable in many circumstances, research suggests that it would be unsuitable in situations where the data breach is caused exclusively by criminal actors, what scholars refer to as a “victim crisis.” We argue that, in this type of situations, organizations can apologize while claiming victimhood. We present a model of moderated mediation explaining the persuasiveness of this strategy as a response to cyberattacks. In five experiments, we show that an apology claiming victimhood outperforms an apology accepting or rejecting responsibility. However, claiming victimhood is effective only when evidence of harm is provided and when the organization cannot be construed as being partly responsible for the attack. Furthermore, claiming victimhood is more effective if the focal organization is perceived as virtuous and the cybercriminal as very competent. The study contributes to the literature on service failure and recovery by offering the first account of how claims of victimhood can be deployed effectively. Furthermore, the study raises important managerial implications by proposing a novel communication strategy that can be deployed in the aftermath of cyberattacks.

Perlindungan Hukum Terhadap Data Pribadi Nasabah Oleh Bank Dalam Transaksi Melalui Internet Banking

Technological advances have been able to give birth to services that facilitate daily activities such as the presence of internet banking services. However, there are still many problems related to the unprotection of customer personal data. The formulation of the problem from this study is how to legally protect the security of customer personal data by banks in internet banking services and how bank accountability in terms of personal data belonging to customers is not protected due to the use of internet banking services. The research method used in this thesis research is a normative type of legal research with a type of statutory and conceptual approach. The data sources used are prime, secondary, and tertiary data sources. The collection of legal materials is carried out through a library study. The results showed that the form of preventive legal protection was carried out by providing socialization through the platform to inform about the protection of customer personal data and the applicability of the ITE Law and the Telecommunications Law which provides a protection to prevent disputes against customers. The form of repressive legal protection is carried out through the existence of the Consumer Protection Law which is the basis for the fulfilment of consumption rights. The form of bank liability to customers in the event of a data leak is that the bank will provide compensation if it is proven that it is true that the data leak is not caused by the customer's negligence or mistake.

Modelling user notification scenarios in privacy policies

The processing of personal data gives a rise to many privacy concerns, and one of them is to ensure the transparency of data processing to end users. Usually this information is communicated to them using privacy policies. In this paper, the problem of user notification in case of data breaches and policy changes is addressed, besides an ontology-based approach to model them is proposed. To specify the ontology concepts and properties, the requirements and recommendations for the legislative regulations as well as existing privacy policies are evaluated. A set of SPARQL queries to validate the correctness and completeness of the proposed ontology are developed. The proposed approach is applied to evaluate the privacy policies designed by cloud computing providers and IoT device manufacturers. The results of the analysis show that the transparency of user notification scenarios presented in the privacy policies is still very low, and the companies should reconsider the notification mechanisms and provide more detailed information in privacy policies.

Perlindungan Hukum Terhadap Data Pribadi Warga Negara Indonesia Berdasarkan Undang-Undang Nomor 27 Tahun 2022

Personal data is private and must be protected. The number of personal data leakage cases in Indonesia has a detrimental impact on society. The lack of comprehensive legislation has led to a lack of legal protection for data leakage cases. As a result of the many personal data leaks, the government passed the Personal Data Protection Law Number 27 of 2022. The purpose of this research is to find out the legal umbrella that protects personal data including understanding more about the legal policies regulated in Law Number 27 of 2022. This research will discuss the formulation of problems including how is the regulation of personal data protection based on Law Number 27 of 2022 and how is the legal protection of the dissemination of confidential personal data of Indonesian citizens. The method used is normative with a statutory approach. The findings reveal that legal protection against personal data leaks is already comprehensive in Law Number 27 of 2022, preventive efforts to protect personal data do not share data from the community and society also avoid illegal platforms that occur in cybercrime. While the government will conduct a compliance test for Repressive Protection Efforts in the event of a personal data leak, the sanctions contained in the Personal Data Protection Law are Criminal Provisions Articles 67, 68 and 70 which already contain fines and imprisonment.

Fine-grained vulnerability detection for medical sensor systems

The Internet of Things (IoT) has revolutionized the healthcare system by connecting medical sensors to the internet, while also posing challenges to the security of medical sensor networks (MSN). Given the extreme sensitivity of medical data, any vulnerability may result in data breaches and misuse, impacting patient safety and privacy. Therefore, safeguarding MSN security is critical. As medical sensor devices rely on smart healthcare software systems for data management and communication, precisely detecting system code vulnerabilities is essential to ensuring network security. Effective software vulnerability detection targets two key objectives: (i) achieving high accuracy and (ii) directly identifying vulnerable code lines for developers to fix. To address these challenges, we introduce Vulcoder, a novel vulnerability-oriented, encoder-driven model based on the Bidirectional Encoder Representations from Transformers (BERT) architecture. We propose a one-to-one mapping function to capture code semantics through abstract syntax trees (AST). Combined with multi-head attention, Vulcoder achieves precise function- and line-level detection of software vulnerabilities in MSN. This accelerates the vulnerability remediation process, thereby strengthening network security. Experimental results on various datasets demonstrate that Vulcoder outperforms previous models in identifying vulnerabilities within MSN. Specifically, it achieves a 1%–419% improvement in function-level prediction F1 scores and a 12.5%–380% increase in line-level localization precision. Therefore, Vulcoder helps enhance security defenses and safeguard patient privacy in MSN, facilitating the development of smart healthcare.

Issues of Cyber security and its solutions in Nepalese Context

In today's digital age, the internet's expansion has brought great convenience but also raised cyber threats. So, identify the issue of cyber-security and its solution in Nepalese context is significant. Descriptive design and qualitative methods were employed, with data sourced from Google Scholar and analyzed through thematic analysis. The study shows a myriad of issues stemming from inadequate cyber security awareness in Nepal, including increased vulnerability to cyber-attacks, data breaches, and societal, economic, and regulatory consequences. Bridging the gap in cyber security awareness is imperative to mitigate risks effectively and foster a secure digital environment in Nepal. Strategies emphasizing education, training, and regulatory frameworks are vital for addressing these challenges and promoting technological advancement and societal trust. This study proposes AI-driven solutions to address the lack of cyber security awareness in the Nepalese context, offering a unique approach to mitigate cyber threats and foster a secure digital environment.

Residual Dense Optimization-Based Multi-Attention Transformer to Detect Network Intrusion against Cyber Attacks

Achieving cyber-security has grown increasingly tricky because of the rising concern for internet connectivity and the significant growth in software-related applications. It also needs a robust defense system to defend itself from multiple cyberattacks. Therefore, there is a need to generate a method for detecting and classifying cyber-attacks. The developed model can be integrated into three phases: pre-processing, feature selection, and classification. Initially, the min-max normalization of original data was performed to eliminate the impact of maximum or minimum values on the overall characteristics. After that, synthetic minority oversampling techniques (SMOTEs) were developed to reduce the number of minority attacks. The significant features were selected using a Hybrid Genetic Fire Hawk Optimizer (HGFHO). An optimized residual dense-assisted multi-attention transformer (Op-ReDMAT) model was introduced to classify selected features accurately. The proposed model’s performance was evaluated using the UNSW-NB15 and CICIDS2017 datasets. A performance analysis was carried out to demonstrate the effectiveness of the proposed model. The experimental results showed that the UNSW-NB15 dataset attained a higher precision, accuracy, F1-score, error rate, and recall of 97.2%, 98.82%, 97.8%, 2.58, and 98.5%, respectively. On the other hand, the CICIDS 2017 achieved a higher precision, accuracy, F1-score, and recall of 98.6%, 99.12%, 98.8%, and 98.2%, respectively.

An optimized and intelligent metaverse intrusion detection system based on rough sets

The convergence of the Internet of Things (IoT) and the Metaverse is revolutionizing the digital world by providing immersive, interactive environments as well as new data transmission opportunities. However, this rapid integration raises complex security issues, including an increased risk of unlawful access and data breaches. Strong cybersecurity measures are required to identify and prevent these attacks, preserving the security and confidentiality of users. Finding significant features for recognizing malicious attacks and enhancing the accuracy of network intrusion detection in general, and particularly in the virtual environment, are some of the significant research needs. This paper introduces an intelligent intrusion detection system (IIDS) based on rough set-based electric eel foraging optimization (RSEEFO) in conjunction with the AdaBoost-based classification algorithm. The main objective of this system is to detect and recognize different types of attacks on the interaction and connectivity between the IoT and the metaverse. The proposed IIDS-RSEEFO consists of three phases, which are data pre-processing, multi-IoT attack classification, and evaluation. The main problems associated with the adopted dataset are handled in data pre-processing. Then, in the second phase, a one-versus-all approach is employed along with RSEEFO and AdaBoost to handle the multi-class classification problem. Finally, several evaluation metrics are employed to assess the reliability and robustness of the proposed IIDS-RSEEFO. The proposed IIDS was tested on CIC-IoT-2023 and validated on UNSWNB-15. It achieved high accuracy across all attack types of CIC-IoT-2023, with accuracies of 99.7 %, 100 %, 100 %, 99.8 %, 100 %, 100 %, 99.8 %, and 100 % for benign traffic, DDoS, brute force, spoofing, DoS, Mirai, recon, and web-Based respectively, accompanied by robust sensitivity, F1-Score, Specificity, G-Mean, and crossover-error rate metrics demonstrating its effectiveness in accurately predicting each attack type. Additionally, it obtained high accuracy for all attack types of UNSWNB-15, with accuracies of 96.48 %, 99.12 %, 99.24 %, 93.78 %, 92.55 %, 92.55 %, 92.55 %, 94.73 %, 94.73 %, 98.09 %, 98.39 %, 99.50 %, and 99.95 % for analysis, backdoor, DoS, exploits, fuzzers, generic, normal, reconnaissance, shellcode, and worms, respectively. In addition, the results evaluated that the proposed model is superior compared to the existing intrusion detection systems.

Does Sharing Make My Data More Insecure? An Empirical Study on Health Information Exchange and Data Breaches

This paper examines the information security implications of hospitals participating in health information exchanges (HIE). While data security threats may increase when hospitals join HIEs to share data across organizational boundaries, HIEs institute “secure exchange” and promote security practices among participants. Due to these countervailing effects, it is unclear how joining an HIE affects hospitals’ data breach risk. This study seeks to understand the security implications of HIEs from the lens of governance and coordination. We compiled a panel dataset of more than 3,000 hospitals over six years. By leveraging different identification strategies, including difference-in-differences design, matching, and instrumental variables, we found that the likelihood of a hospital experiencing a data breach decreased by more than 35.37 % after joining an HIE. We further show that the effect was more pronounced among HIE member hospitals with more sophisticated clinical IT systems or after HIE security laws were enacted. We discuss the implications for research and practice.

Intrusion detection system for cloud environment based on convolutional neural networks and PSO algorithm

Authentication of clients and their applications to cloud services is a major concern. Network security and the identification of hostile activities are greatly aided by intrusion detection systems (IDS). In general, optimisation strategies can be applied to improve IDS model performance. Convolutional neural networks (CNN) and other deep learning (DL) algorithms is utilised to enhance IDS’s capability to identify and categories intrusions. IDSs can identify prior attacks, adapt to changing threats, and minimise false positives by utilising these strategies. In this work, a lightweight CNN is proposed for intrusion detection in cloud environment. The main contribution of this research is to use particle swarm optimization (PSO), ametaheuristic algorithm to find the CNNs optimal parameters that comprise the number of convolutional layers, the size of the filter utilized in the convolutional procedure, the number of convolutional filters, and the batch size. Heuristic based searches are useful for solving these kinds of problems. The experimental outcomes demonstrate that the proposed method reaches 91.70% of accuracy, 91.82% of precision, 91.99% of recall and 91.90% of F1-score. Cloud providers can gain from improved security measures by incorporating the proposed IDS paradigm into cloud settings, thereby minimizing unauthorized access and any data breaches.

Understanding the Root Cause of Cybersecurity Incidents Through DuPont’s Dirty Dozen Framework

Cybersecurity incidents, such as data breaches, pose a significant threat to organisations. Shockingly, 95% of these incidents occur due to human errors. Despite organisations making substantial efforts to reduce the likelihood of such occurrences through technological and non-technological means, the frequency of these incidents has been increasing. Previously, organisations relied on technology as the primary barrier to minimise cybersecurity incidents and achieve their objectives. Although research indicates that humans are the weakest link in an organisation's efforts to combat cybersecurity incidents, organisations still consider technology as the key to improving security defences. Therefore, the researchers suggest improving human interventions should precede technological means to overcome the problem. They propose that existing information security plans should consider human factors in cybersecurity risk management. Prioritising an understanding of human factors in managing information security can help organisations identify the relationships between various dimensions of human errors and cybersecurity incidents. To achieve this, the paper suggests solving the human factor problem in cybersecurity incidents by explaining how DuPont's Dirty Dozen framework, commonly used in aviation, can help understand why cybersecurity incidents and accidents occur. The framework lists twelve human behaviours that can be used to understand the relationships between various dimensions of human errors and cybersecurity incidents. By understanding these relationships, organisations can improve their cybersecurity strategies by anticipating, mitigating, and resolving issues more effectively and efficiently.

Lessons learned from the IMMREP23 TCR-epitope prediction challenge

Here, we present the findings from IMMREP23, the second benchmark competition focused on predicting the specificity of TCR-pMHC interactions.The interaction of T cell receptors (TCR) towards their pMHC target is a cornerstone of the cellular immune system. Over the last decade, substantial progress has been made within the field of TCR specificity prediction, providing proof of concept for predicting TCR-pMHC interactions in a narrow space of “seen” pMHC targets where substantial training data is available. However, a significant challenge persists in extending the predictive capability to novel “unseen” pMHC targets. Furthermore, the performance of proposed methods is often challenged when evaluated outside the initial publication and data sets.To address these issues, IMMREP23 challenge invited participants to predict, for a given test set of TCR-pMHC pairs, the likelihood that a pair would bind. A total of 53 teams participated, providing a total of 398 submissions.The benchmark confirms that current methods achieve reasonable performance in the "seen" pMHC setting. However, most participating methods had close to random performance on the subset of “unseen” peptides, underlining that this prediction challenge remains essentially unsolved.Finally, another key lesson from the benchmark is the critical issue of data leakage. Specifically, the data set construction procedure employed in IMMREP23 led to biases in the negative test data set. These biases were identified by several participating teams, and complicated the interpretation of the benchmark results. Based on these results, we put forward suggestions on how future competitions could avoid such data leakages and biases.

A Security Analysis Model for IoT-ecosystem Using Machine Learning-(ML) Approach

Introduction: The attacks on IoT systems are increasing as the devices and communication networks are progressively integrated. If no attacks are found in IoT for a long time, it will affect the availability of services that can result in data leaks and can create a significant impact on the associated costs and quality of services. Therefore, the attacks and security vulnerability in the IoT ecosystem must be detected to provide robust security and defensive mechanisms for real-time applications. Method: This paper proposes an analytical design of an intelligent attack detection framework using multiple machine learning techniques to provide cost-effective and efficient security analysis services in the IoT ecosystem. Result: The performance validation of the proposed framework is carried out by multiple performance indicators. Conclusion: The simulation outcome exhibits the effectiveness of the proposed system in terms of accuracy and F1-score for the detection of various types of attacking scenarios.

Snort Versus Suricata in Intrusion Detection

In the contemporary digital age, the increasing complexity and frequency of cyber threats underscore the need for efficient network intrusion detection systems (NIDS). This paper provides a comprehensive comparative analysis of two prominent NIDS, Snort and Suricata, focusing on their architecture, detection capabilities, and performance metrics. It explores the historical development, operational frameworks, and technological foundations of these systems, highlighting their respective benefits and limitations in different network environments. Snort, known for its extensive rule-based detection, and Suricata, which leverages multi-threading for high-speed traffic handling, are evaluated based on specific security requirements, including traffic volumes, processing speeds, and threat types. The paper also discusses future advancements in NIDS, particularly through the integration of machine learning and AI, to enhance predictive and adaptive capabilities. This analysis aims to inform cybersecurity professionals about the qualifications and capabilities of Snort and Suricata, providing insights for their effective deployment in modern network security infrastructures. The discussion on future trends emphasizes the importance of continuous improvement in NIDS to address evolving cyber threats)

Dynamically stabilized recurrent neural network optimized with intensified sand cat swarm optimization for intrusion detection in wireless sensor network

Wireless Sensor Networks (WSNs) are susceptible to various security threats owing to its deployment in hostile environments. Intrusion detection system (IDS) contributes a critical role on securing WSNs by identifying malevolent activities and ensuring data integrity. Traditional IDS techniques often struggle with the dynamic and resource-constrained nature of WSNs. In this paper, Dynamically Stabilized Recurrent Neural Network Optimized with Intensified Sand Cat Swarm Optimization for Wireless Sensor Network Intrusion identification (DSRNN-ISCOA-ID-WSN) is proposed. Initially, the input data is amassed from WSN-DS dataset. After that, the pre-processing segment receives the data. In pre-processing stage, redundant and biased records are removed from input data with the help of Adaptive multi-scale improved differential filter (AMSIDF). Then the optimal are selected by utilizing Wolf-Bird Optimization Algorithm (WBOA). DSRNN is used to classify the data as Normal, Grey hole, Black hole, Time division multiple access (TDMA), and Flooding attacks. Then Intensified Sand Cat Swarm Optimization (ISCOA) is employed to optimize the weight parameters of DSRNN for accuracte classification. The proposed DSRNN-ISCOA-ID-WSN technique is implemented Python. The performance of the proposed DSRNN-ISCOA-ID-WSN approach attains 29.24 %, 33.45 %, and 28.73 % high accuracy; 30.53 %, 27.64 %, and 26.25 % higher precision when compared with existing method such as Machine Learning-Powered Stochastic Gradient Descent Intrusions Detection System for WSN Attacks (SGDA-ID-WSN), An updated dataset to identify threats in WSN (CNN-ID-WSN) and Denial-of-Service attack detection in WSN: a Low-Complexity Machine Learning Model (DTA-ID-WSN) respectively.

Feature level fusion of multi-source data for network intrusion detection

<span lang="EN-US">The generation of data, collecting, and refining in computer networks have increased exponentially in recent years. Network attacks have also grown in prevalence with this proliferation of data and are now an inherent issue in complicated networks. Current network intrusion detection systems (NIDS) have significant issues with regard to anomaly detection. Several machine learning classification approaches are used to create NIDSs, but they are not sufficiently sophisticated to reliably detect complicated or synthetic attacks, especially if working with a lot of multi-scale data. Data fusion has been used in network intrusion detection to address these issues. For network intrusion detection, we suggested a multi-source data fusion technique in this research, which combines specific features from two datasets to produce a single dataset. Also, a machine learning classifier with fewer parameters is utilized for the fused dataset. The random forest shows the best classification accuracy compared to others in this work. For the normal classification, model accuracy is 92.8%, and the proposed fusion model showed 97.3% accuracies. Furthermore, the findings show that, when compared to other cutting-edge techniques, the suggested model is substantially more effective in detecting intrusions.</span>

Enhancing Intrusion Detection Systems Using Metaheuristic Algorithms

In the current network security framework, Intrusion Detection Systems (IDSs) happen to be among the major players in ensuring that the network activity is being monitored round the clock for any intrusions which may occur. The rising degree of cyber threats’ intricacy enforces the constant development of IDS methodologies to maintain effectiveness in detecting and reversing the emergence of any extra risks. Therefore, to settle the matter featured by, this research studies try to incorporate the most powerful metaheuristic algorithms, Lion Optimization Algorithm (LOA) and Grey Wolf Optimizer (GWO) in particular, to develop better detection accuracy and efficiency. The core obstacle recognized in this article is the fact that many systems of IDS send out false alarms and their mechanisms of detection of the true anomalies need to be improved immensely. In a nutshell, the change would unveil a fresh way of using LOA and GWO using them to promote the enhancement of internet defences systems in real-time. These schemes can discover previously unknown weaknesses or stealthy attacks. The core of this undertaking would consist in the conception and implementing of a Hybrid Network Intrusion Detection System, which will be created by blending the Lion Optimization Feature Selection (LOFS) and GWO smelters, denoted as LOFSGWO. Critically, the main purpose is to incorporate the GWO as a tool in the operations to cut down the dangerous parameters favourable towards an intrusion mechanism in the framework of a Hybrid CNN-LSTM Deep Learning system. Model tests reveal over 99.26% accuracy of low negative samples into out of a box that are served as testing as well as NSL-KDD dataset, which are similar to the simulation of WUSTL-EOM 2020 system. The obtained outcomes verify the relevance and efficiency of the suggested strategy, which may be used in the resolution of the issues faced in a network security today.

Managing Cybersecurity: Digital Footprint Threats

Abstract Managing cybersecurity and protecting data assets remain top priorities for businesses. Despite this, numerous data breaches persist due to malicious human actions, resulting in significant financial setbacks. However, many cybersecurity strategies overlook invisible or indirect threats within their scope, such as digital footprints. This paper examines the relationship between personality traits and user behavior concerning cybersecurity. The study suggests that human personality can be predicted using innovative techniques based on the digital hints individuals leave on the internet. Consequently, this information can be exploited for malicious actions against entities. As proposed, an effective strategy for improving behaviors and cultivating a security-oriented culture involves continually identifying relevant sources of cyber risks and implementing continuous awareness initiatives.

Navigating the Digital Twin Network landscape: A survey on architecture, applications, privacy and security

In recent years, immense developments have occurred in the field of Artificial Intelligence (AI) and the spread of broadband and ubiquitous connectivity technologies. This has led to the development and commercialization of Digital Twin (DT) technology. The widespread adoption of DT has resulted in a new network paradigm called Digital Twin Networks (DTNs), which orchestrate through the networks of ubiquitous DTs and their corresponding physical assets. DTNs create virtual twins of physical objects via DT technology and realize the co-evolution between physical and virtual spaces through data processing, computing, and DT modeling. The high volume of user data and the ubiquitous communication systems in DTNs come with their own set of challenges. The most serious issue here is with respect to user data privacy and security because users of most applications are unaware of the data that they are sharing with these platforms and are naive in understanding the implications of the data breaches. Also, currently, there is not enough literature that focuses on privacy and security issues in DTN applications. In this survey, we first provide a clear idea of the components of DTNs and the common metrics used in literature to assess their performance. Next, we offer a standard network model that applies to most DTN applications to provide a better understanding of DTN’s complex and interleaved communications and the respective components. We then shed light on the common applications where DTNs have been adapted heavily and the privacy and security issues arising from the DTNs. We also provide different privacy and security countermeasures to address the previously mentioned issues in DTNs and list some state-of-the-art tools to mitigate the issues. Finally, we provide some open research issues and problems in the field of DTN privacy and security.

Pricing Cyber Insurance: A Geospatial Statistical Approach

ABSTRACTCyberspace is a dynamic ecosystem consisting of interconnected data, devices, and individuals, with multiple network layers comprising identifiable nodes. Location‐based information can significantly improve cyber resilience decision‐making and facilitate the development of innovative cyber risk pricing tools. This article is based on a methodology that uses company geospatial data to accurately estimate the number of expected losses arising from cyberattacks. Our approach aims to build and compare statistical spatial models that allow pricing cyber policies more effectively than traditional non‐spatial methods by incorporating all available data. By accounting for spatial dependence, we can assess the risk of data breaches and contribute to the design of more efficient cyber risk policies for the insurance market.