Malicious Activities Research Articles

Enhancing Malicious Activity Detection in IoT-Enabled Network and IoMT Systems Through Meta-Heuristic Optimization and Machine Learning

Enhancing Malicious Activity Detection in IoT-Enabled Network and IoMT Systems Through Meta-Heuristic Optimization and Machine Learning

Digital forensics architecture for real-time automated evidence collection and centralization: Leveraging security lake and modern data architecture

Abstract In the face of escalating cyber threats, a real-time automated security evidence collection system for cloud-based digital forensics investigations is essential for identifying and mitigating malicious activities. However, the substantial volumes of data generated by modern cloud-based digital systems pose difficulties in collecting and analyzing evidence promptly and systematically. To address these challenges, this research introduces an architecture that combines a security lake and a modern data lake. The primary objective of this architecture is to overcome the obstacles associated with gathering evidence from multiple cloud-based accounts and regions while ensuring the flexibility and scalability required to manage the ever-expanding data volumes encountered in cloud-based digital forensics investigations. This work focuses on gathering security events from multiple accounts and regions within a cloud environment in real-time while maintaining the integrity of the evidence and storing them in lakes, providing investigators with the flexibility to move between these lakes for analysis to get quick results. This is achieved through the utilization of security lake and modern data architecture. To validate the system, we tested it within a university system comprising numerous accounts spread across different regions within an AWS environment. Overall, the proposed system effectively gathers evidence from various sources and consolidates all data lakes into a single account. These lakes were then utilized for analyzing the evidence using Athena and Wazuh.

An Efficient Optimized Neural Network System for Intrusion Detection in Wireless Sensor Networks

In the realm of wireless network security, the role of intrusion detection cannot be overstated in identifying and thwarting malicious activities within communication channels. Despite the existence of various intrusion detection system (IDS) approaches, challenges persist in terms of accurate classification and specification. Consequently, this article introduces a novel and innovative approach, the African Vulture-based Modular Neural System (AVbMNS), to address these issues. This research aims to detect and categorize malicious events in wireless networks effectively. The methodology begins with preprocessing the dataset and extracting relevant features. These extracted features are then subjected to a novel training technique to enhance the detection and classification of network attacks. The integration of African Vulture optimization significantly enhances the detection rate, leading to more precise attack identification. The research's effectiveness is demonstrated through validation using the NSL-KDD dataset, with impressive results. The performance analysis reveals that the developed model achieves a remarkable 99.87% detection rate and 99.92% accuracy when applied to the NSL-KDD dataset. Furthermore, the outcomes of this novel model are compared with existing approaches to gauge the extent of improvement. The comparative assessment affirms that the developed model outperforms its counterparts, underscoring its effectiveness in addressing the challenges of intrusion detection in wireless networks.

MACHINE LEARNING ALGORITHMS FOR TELEGRAM SPAM FILTERING

With unprecedented usage of social media applications to interact in virtual communities, bad entities can now use these platforms to spread their malicious activities such as spam, hate speech, and even phishing to a very large population. Especially, Telegram is suitable for these kinds of activities because it is a new cloud-messenger that is highly popular among bloggers and media around the world, established by Pavel Durov in 2013. As a result, it is necessary for social media platforms to develop algorithms to filter these malicious contents. This paper employs Machine learning algorithms to filter spam messages in Telegram. Dataset obtained from Kaggle was used for the experiments in this paper. Five machine learning models were applied, namely, Extreme Gradient Boosting (XGB), Light Gradient Boosting Machine (LGBM), CatBoosting, Support Vector Machine (SVM) and K-Nearest Neighbours (KNN). Experimental results showed that SVM outperforms other machine learning models used for the study with a classification accuracy of 94%. This is an indication that SVM is a promising algorithm for Spam filtering in Telegram if adopted.

LLM Supply Chain Provenance: A Blockchain-based Approach

The burgeoning size and complexity of Large Language Models (LLMs) introduce significant challenges in ensuring data integrity. The proliferation of "deep fakes" and manipulated information raises concerns about the vulnerability of LLMs to misinformation. Traditional LLM architectures often lack robust mechanisms for tracking the origin and history of training data. This opaqueness can leave LLMs susceptible to manipulation by malicious actors who inject biased or inaccurate data. This research proposes a novel approach integrating Blockchain Technology (BCT) within the LLM data supply chain. With its core principle of a distributed and immutable ledger, BCT offers a compelling solution to address this challenge. By storing the LLM's data supply chain on a blockchain, we establish a verifiable record of data provenance. This allows for tracing the origin of each data point used to train the LLM, fostering greater transparency and trust in the model's outputs. This decentralised approach minimises the risk of single points of failure and manipulation. Additionally, the immutability of blockchain records ensures that the data provenance remains tamper-proof, further enhancing the trustworthiness of the LLM. Our approach leverages three critical features of BCT to strengthen LLM security: 1) Transaction Anonymity: While data provenance is recorded on the blockchain, identities of data contributors can be anonymised, protecting their privacy while ensuring data integrity. 2) Decentralised Repository: Enhances the system's resilience against potential attacks by distributing the data provenance record across the blockchain network. 3) Block Validation: Rigorous consensus mechanisms ensure the validity of each data point added to the LLM's data supply chain - minimising the risk of incorporating inaccurate or manipulated data into the training process. Using the experimental approach, initial evaluations using simulated LLM training data on a blockchain platform demonstrate the feasibility and effectiveness of the proposed approach in enhancing data integrity. This approach has far-reaching implications for ensuring the trustworthiness of LLMs in various applications.

Hydrakon, a Framework for Measuring Indicators of Deception in Emulated Monitoring Systems

The current cybersecurity ecosystem is proving insufficient in today’s increasingly sophisticated cyber attacks. Malware authors and intruders have pursued innovative avenues to circumvent emulated monitoring systems (EMSs) such as honeypots, virtual machines, sandboxes and debuggers to continue with their malicious activities while remaining inconspicuous. Cybercriminals are improving their ability to detect EMS, by finding indicators of deception (IoDs) to expose their presence and avoid detection. It is proving a challenge for security analysts to deploy and manage EMS to evaluate their deceptive capability. In this paper, we introduce the Hydrakon framework, which is composed of an EMS controller and several Linux and Windows 10 clients. The EMS controller automates the deployment and management of the clients and EMS for the purpose of measuring EMS deceptive capabilities. Experiments were conducted by applying custom detection vectors to client real machines, virtual machines and sandboxes, where various artifacts were extracted and stored as csv files on the EMS controller. The experiment leverages the cosine similarity metric to compare and identify similar artifacts between a real system and a virtual machine or sandbox. Our results show that Hydrakon offers a valid approach to assess the deceptive capabilities of EMS without the need to target specific IoD within the target system, thereby fostering more robust and effective emulated monitoring systems.

“Should everyone have access to AI? " Perspectives on Ownership of AI tools for Security

Given the widespread concerns about the integration of Artificial Intelligence (AI) tools into security and law enforcement, it is natural for digital governance to strive for greater inclusivity in both practice and design (Chohan and Hu, 2020). This inclusivity can manifest in several ways, such as advocating for legal frameworks and algorithmic governance (Schuilenburg and Peeters, 2020), allowing individuals choice, and addressing unintended consequences in extensive data management (Peeters and Widlak, 2018). An under-reflected aspect is the question of ownership, i.e., who should be able to possess and deploy AI tools for law enforcement purposes. Our interview findings from 111 participants across seven countries identified five citizens viewpoints with respect to AI ownership of security-related AI: (1) Police and police-governed agencies; (2) Citizens who disassociate themselves; (3) Entities other than the police; (4) All citizens including themselves; and (5) No one or Unsure. The five clusters represent disparate perspectives on who should be responsible for AI technologies, as well as related concerns about data ownership and expertise, and thus link into broader discussions on responsibility for security, i.e., what deserves protection, how and by whom. The findings contribute theoretically to digitalization, smart technology, social inclusion, and security studies. Additionally, it seeks to influence policy by advocating for AI development that addresses citizen concerns, thereby mitigating risks, social, and ethical implications associated with AI. Crucially, it aims to highlight citizens’ concerns around the potential for malicious actors to exploit ownership of such powerful technology for harmful purposes.

Governance Considerations of Adversarial Attacks on AI Systems

Artificial intelligence (AI) is increasingly integrated into various aspects of daily life, but its susceptibility to adversarial attacks poses significant governance challenges. This paper explores the nature of these attacks, where malicious actors manipulate input data to deceive AI algorithms and their profound implications for individuals and society. Adversarial attacks can undermine critical AI applications, such as facial recognition and natural language processing, leading to privacy violations, biased outcomes, and eroding public trust. The discussion emphasizes understanding the threat vectors associated with adversarial attacks and their potential repercussions. It advocates for robust governance frameworks encompassing risk management, oversight, and legislative measures to protect AI systems. Such frameworks should prioritize AI technologies' confidentiality, integrity, and availability (CIA) while ensuring compliance with ethical standards. Furthermore, the paper examines various strategies for mitigating risks associated with adversarial attacks, including training and continuous monitoring of AI systems. It highlights the importance of accountability among developers and researchers in implementing preventive measures that align with principles of transparency and fairness. Organizations can enhance security and foster public trust by integrating legislative frameworks into AI development standards. As AI technologies evolve, continuous review of governance practices is essential to address emerging threats effectively. This paper ultimately focuses on the critical role of comprehensive governance in safeguarding AI systems against adversarial attacks, ensuring that technological advancements benefit society while minimizing risks.

A hybrid dynamic graph neural network framework for real-time anomaly detection

ABSTRACT The timely and robust detection of anomalies is essential for resilient and secure operations of critical water infrastructures against operational faults or malicious actions. However, real-world systems exhibit diverse and evolving spatiotemporal relationships among their components, posing an intricate challenge in anomaly detection task. This study proposes a hybrid dynamic graph neural network (GNN) that jointly maps long- and short-term spatiotemporal relationships in multivariate data streams. Those relationships are encoded via a hybrid graph, comprising an optimally learned static subgraph for persistent structural relationships and a complementary dynamic subgraph for dynamically shifting relationships. Additionally, an attention mechanism captures time-varying relational importances and shifts the model's focus towards significant relationships, while minimising contributions of less importance to the final outputs. The proposed architecture is showcased through a synthetic case study of a water distribution system with multivariate data streams from both on-site and soft sensors, and shows strong detection and localisation accuracy against all scenarios of operational faults and malicious actions explored. A comparative analysis with an equivalent static graph model indicates that the addition of the hybrid dynamic component enhances detection accuracy and reduces false alarm rates through more robust characterisation of behaviours, thus allowing actionable insights for more resilient and secure operations.

Dynamic Arithmetic Optimization Algorithm with Deep Learning-based Intrusion Detection System in Wireless Sensor Networks

A Wireless Sensor Network (WSN) encompasses interconnected Sensor Nodes (SNs) that interact wirelessly to collect and transfer data. Security in the context of WNS refers to protocols and measures implemented for the overall functionality of the network, along with protecting the availability, confidentiality, and integrity of data against tampering, unauthorized access, and other possible security risks. An Intrusion Detection System (IDS) utilizing Deep Learning (DL) and Feature Selection (FS) leverages advanced methods to enhance effectiveness in the detection of malicious activities in a network by enhancing relevant data features and leveraging the power of Deep Neural Networks (DNNs). This study presents a Dynamic Arithmetic Optimization Algorithm within a DL-based IDS (DAOADL-IDS) in WSNs. The purpose of DAOADL-IDS is to recognize and classify intrusions in a WSN using a metaheuristic algorithm and DL models. To accomplish this, the DAOADL-IDS technique utilizes a Z-score data normalization approach to resize the input dataset in a compatible format. In addition, DAOADL-IDS employs a DAOA-based FS (DAOA-FS) model to select an optimum set of features. A Stacked Deep Belief Network (SDBN) model is employed for the Intrusion Detection (ID) process. The hyperparameter selection of the SDBN model is accomplished using the Bird Swarm Algorithm (BSA). A wide experimental analysis of the proposed DAOADL-IDS method was performed on a benchmark dataset. The performance validation of the DAOADL-IDS technique showed an accuracy of 99.68%, demonstrating superior performance over existing techniques under various measures.

Deepfakes in digital media forensics: Generation, AI-based detection and challenges

Deepfake technology presents significant challenges for digital media forensics. As deepfakes become increasingly sophisticated, the ability to detect and attribute manipulated media becomes more difficult. The main challenge lies in the realistic and convincing nature of deepfakes, which can deceive human perception and traditional forensic techniques. Furthermore, the widespread availability of open-source deepfake tools and increasing computational power contribute to the ease with which malicious actors can create and disseminate deepfakes. The challenges posed by deepfakes for digital media forensics are multifaceted. Therefore, the development of sophisticated detection algorithms, the creation of comprehensive datasets, and the establishment of legal frameworks are crucial in addressing these challenges. This paper provides a comprehensive analysis of current methods for deepfake generation and the issues surrounding their detection. It also explores the potential of modern AI-based detection techniques in combating the proliferation of deepfakes. This analysis aims to contribute to advancing deepfake detection by highlighting the limits of current detection techniques, the most relevant issues, the upcoming challenges, and suggesting future directions for research.

Secure Sockets Layer/Transport Layer Security for E-Commerce

Digital commerce has revolutionized the global economy, offering many opportunities for businesses and consumers. The increase in volume and number of online transactions comes the critical need for robust security measures to protect sensitive data from malicious actors. The research paper aims to provide stakeholders with the knowledge and insights necessary to build trust and confidence in online transactions. Specific objectives are: (i) to establish the fundamental principles underpinning Secure Sockets Layer/Transport Layer Security (SSL/TLS) encryption, (ii) to provide SSL/TLS mechanisms for securing online transactions and protecting sensitive customer information, (iii) to determine how SSL/TLS protocols establish secure communication channels between clients and servers, ensuring the confidentiality, integrity, and authenticity of data exchanged in digital marketplaces and (iv) to establish the effectiveness of SSL/TLS in safeguarding sensitive customer information and mitigating the cyber threats. The methodology used to achieve the objectives was a desktop survey. The outcome of the desktop survey includes the fundamental principles underpinning Secure Sockets Layer/Transport Layer Security (SSL/TLS) encryption, the SSL/TLS mechanisms for securing online transactions and protecting sensitive customer information, how SSL/TLS protocols establish secure communication channels between clients and servers, ensuring the confidentiality, integrity, and authenticity of data exchanged in digital marketplaces and the effectiveness of SSL/TLS in safeguarding sensitive customer information and mitigating the cyber threats

Intrusion Detection in IoT using Gaussian Fuzzy Mutual Information-based Feature Selection

The proliferation of Internet of Things (IoT) devices has revolutionized various sectors by enabling real-time monitoring, data collection, and intelligent decision-making. However, the massive volume of data generated by these devices presents significant challenges for data processing and analysis. Intrusion Detection Systems (IDS) for IoT require efficient and accurate identification of malicious activities amidst vast amounts of data. Feature selection is a critical step in this process, aiming to identify the most relevant features that contribute to accurate intrusion detection, thus reducing computational complexity and improving model performance. Traditional Mutual Information-based Feature Selection (MIFS) methods face challenges when applied to IoT data due to their inherent noise, uncertainty, and imprecision. This study introduces a novel Fuzzy Mutual Information-based Feature Selection (Fuzzy-MIFS) method that integrates fuzzy logic with Gaussian membership functions to address these challenges. The proposed method enhances the robustness and effectiveness of the feature selection process, resulting in improved accuracy and efficiency of IDSs in IoT environments. Experimental results demonstrate that the Fuzzy-MIFS method consistently outperformed existing feature selection techniques across various neural network models, such as CNN, LSTM, and DBN, showcasing its superior performance in handling the complexities of IoT data. The results show that Fuzzy-MIFS increased the accuracy from 0.962 to 0.986 for CNN, from 0.96 to 0.968 for LSTM, and from 0.96 to 0.97 for DBN.

Exploring lightweight machine learning models for personal internet of things (IOT) device security

The proliferation of Internet of Things (IoT) devices in personal and household environments has led to a significant increase in security vulnerabilities. These devices, due to their limited computational resources, often struggle to support conventional security solutions, making them prime targets for cyberattacks. This paper explores the potential of lightweight machine learning (ML) models to enhance the security of personal IoT devices. By leveraging the power of AI, lightweight models can offer real-time threat detection and anomaly identification without compromising the device's performance or requiring extensive computational resources. The paper investigates various ML techniques that are well-suited for IoT environments, such as decision trees, k-nearest neighbours (KNN), and support vector machines (SVM), focusing on their ability to detect intrusions, unauthorized access, and other malicious activities while maintaining efficiency. Additionally, the study highlights the trade-offs between model complexity, accuracy, and resource consumption, offering practical insights for deploying ML solutions in resource-constrained IoT systems. Key challenges, including data privacy, model generalization, and the adaptability of models to diverse IoT ecosystems, are addressed. Finally, the paper discusses future directions for the integration of more advanced lightweight models, such as federated learning and edge computing, which could further enhance security capabilities while ensuring minimal impact on IoT device performance. Through this review, the paper advocates for the adoption of lightweight ML models as a feasible and scalable solution to securing personal IoT devices in an increasingly connected world.

Machine Learning Algorithm as a Firewall Decision and Reinforcement in Market Segmentation and Big Data

In the modern digital landscape, vast amounts of data are generated daily, challenging traditional analytical approaches in both data security and market segmentation. This paper presents a machine learning (ML) algorithm designed to serve a dual purpose: as a decision-support firewall system and as a reinforcement tool for market segmentation within big data environments. By integrating supervised and unsupervised learning models, the proposed algorithm effectively detects anomalies and potential security threats while also identifying distinct customer segments with high precision. The firewall decision-making component utilizes predictive models to detect malicious activity in real-time, enhancing cybersecurity by proactively learning from previous threat patterns. Concurrently, the reinforcement learning component analyses customer behaviour and preferences, dynamically adapting segmentation strategies to maximize marketing effectiveness. The dual implementation of ML in these domains demonstrates significant potential in improving both data security and personalized marketing outcomes. Experimental results indicate enhanced firewall accuracy and a refined segmentation process, suggesting that the proposed ML model provides a comprehensive solution for the challenges posed by big data in cybersecurity and market segmentation. s. Keywords Machine Learning; Firewall Decision; Reinforcement Learning; Market Segmentation; Big Data

Detection and Classification of Malicious Websites Using Natural Language Processing (NLP) and Machine Learning (ML) Techniques

The internet, while offering extensive services and information, has also become a platform for malicious activities, particularly through harmful websites that threaten cybersecurity. Detecting and classifying these websites is crucial for protecting users from online threats. Traditional detection methods, primarily based on blacklists and signature-based techniques, struggle to match the pace with the dynamic evolving strategies of cybercriminals. Recent advancements in Machine Learning (ML) show promise, though they remain works in progress. This research addressed this challenge by exploring the usage of Natural Language Processing and Machine Learning techniques used to classify websites as benign or malicious. Unlike many existing studies that relied on URL features alone, this study incorporated a more comprehensive feature set, including URL, content, and additional web attributes, which enhanced classification accuracy. Using an imbalanced dataset skewed towards malicious sites, this study solved using SMOTE (Synthetic Minority Over-sampling Technique) the class imbalance problem, improving model performance. Utilized Hashing Vectorizer (HashingV) and TF-IDF (Term Frequency-Inverse Document Frequency), were adopted to transform textual features into their vector representations while PCA (Principal Component Analysis) and truncated Singular Value Decomposition (truncSVD), were then used to optimize feature representation across different dimensions. Five ML classifiers include Support Vector Machine (SVM), Decision Tree (DT), Random Forest (RF), K-Nearest Neighbors (KNN), and Logistic Regression (LR) were tested for classification, and performance was evaluated using metrics such as precision and recall, accuracy, F1-Score. The results revealed that Random Forest classifier utilizing HashingV recorded the best results, with accuracies of 99.9563% using truncSVD and 99.9561% with PCA.

Intrusion Detection Systems for Smart Tourism Platforms: Safeguarding Food Safety and User Privacy

The rapid evolution of smart tourism platforms has transformed the travel and hospitality industry, enhancing user experiences through personalized services and real-time data access. However, this technological advancement also raises significant concerns regarding food safety and user privacy. By detecting and reacting to malicious activity and unauthorized access, Intrusion Detection Systems (IDS) are essential in reducing these risks. This article examines IDS's current status in relation to smart tourism platforms, emphasizing its technical implementations, efficacy, and difficulties. The study highlights the necessity of flexible, machine learning-based strategies to improve security measures and offers a thorough framework for incorporating IDS into smart tourism systems. The results highlight how crucial strong IDS are to protecting private user information and guaranteeing food safety in a world that is becoming more networked by the day.

A resilience-oriented approach to integrated energy management systems: Addressing energy conversion unit unavailability and cost efficiency

As integrated energy systems become increasingly complex, their vulnerability to energy conversion units unavailability poses a considerable threat to system resilience and cost efficiency. This research is motivated by the need to address the growing threat of energy conversion unit unavailability and its significant impact on both system performance and operational costs. The development of a comprehensive vulnerability assessment framework, coupled with the integration of machine learning techniques, is hypothesized to significantly enhance the resilience and cost-efficiency of integrated energy management systems when faced with various unavailability scenarios. A novel methodology is introduced to enhance integrated energy management systems, focusing on the critical role of diverse energy conversion units. The methodology includes a new vulnerability index to quantify the impact of energy conversion unit unavailability on system performance, alongside an energy conversion unavailability attack model from the malicious actor perspective. Results indicate that under worst-case energy conversion unavailability attack scenarios, integrated energy systems operational costs can increase by up to 26.19%. The proposed solution, incorporating a Deep Q-Network into the integrated energy management system, achieves an 85.24% F1-score and a 96.68% reduction in additional costs associated with energy conversion unavailability attacks. This research demonstrates the varied impacts of different energy conversion units on integrated energy systems and proposes an enhanced integrated energy management system framework that improves system resilience and cost efficiency.

Spotting Sneaky Scammers: Malicious Account Detection from a Chinese Financial Platform

With the rapid development of e-commerce, malicious accounts have become a threat, especially in the business field. Therefore, how to efficiently detect malicious accounts has become one an important issue requiring resolution. Present research on malicious detection mainly uses the basic statistics of the original data to build models, and ignores malicious activities in the business field. To address the context-independent nature of business activities and their lack of social structure, this study constructs an online model for detecting malicious accounts in the business field based on a stacking ensemble strategy with BiGRU-Conv1D-Capsule, XGBoost, and LightGBM as individual learners and AdaBoost as a meta-learner. Experimental results show that the stacking ensemble model constructed in this study has better predictive power than the typical shallow learning and baseline deep learning models. In addition to the basic feature, the behavior sequence of users is also applied in the proposed model. Overall, our experiments based on a real dataset from a financial platform show that the TPR, AUC, and F1 of the stacking ensemble model can reach 0.8258, 0.9860, and 0.8922 respectively, which outperforms all baseline models.

APPROACH TO DETECTION OF ANOMALOUS NETWORK TRAFFIC USING LOF AND HBOS ALGORITHMS

The article is devoted to the problem of detecting anomalies in modern computer networks, which is one of the main threats to cyber security. With the development of Internet technologies, the number of devices and the volume of network traffic are constantly increasing, which leads to an increase in the risk of various cyber threats, such as DDoS attacks, zero-day attacks, and exploitation of protocol vulnerabilities. Abnormal network traffic can result from malicious activity and technical malfunctions, such as configuration errors or hardware failures. Specialised algorithms and methods of analysing large volumes of data are used to detect such threats. The paper considers the main methods of detecting anomalies in network traffic, including classical approaches and modern deep and machine learning methods. Special attention is paid to the efficiency of using methods based on convolutional neural networks, long-term memory and their combinations to detect anomalies. An analysis of the disadvantages and advantages of various approaches to detecting anomalous traffic, such as high computational requirements and the complexity of setting up models, is performed. Still, their effectiveness in analysing large volumes of data is noted. One of the main methods used for anomaly analysis is the local outlier algorithm, which compares the density of objects with their neighbours, allowing for the detection of anomalies in regional segments of the data. Another method is histogram-based outlier estimation, which is faster and more efficient using one-dimensional histograms for each variable. The work also explores the application of unsupervised machine learning methods, which allows for analysing network traffic in real time without the need for prior labelling of data. The article also considers the prospects of further testing the proposed methods in real networks. The combined use of LOF and HBOS balances anomaly detection accuracy and data processing speed, essential to ensure continuous system operation in high-load networks. The implementation of similar solutions in actual conditions requires further research, particularly regarding optimising the use of computing resources and adapting methods to the specific conditions of the network environment. Thus, the paper presents a thorough analysis of modern approaches to detecting anomalies in network traffic and substantiates the feasibility of their application in actual conditions to increase the effectiveness of cyber security.