Security Researchers Research Articles

ICS-LTU2022: A dataset for ICS vulnerabilities

Industrial control systems (ICS) are a collection of control systems and associated instrumentation for controlling and monitoring industrial processes. Critical infrastructure relies on supervisory control and data acquisition (SCADA), a subset of ICS specifically designed for monitoring and controlling industrial processes over large geographic areas. Cyberattacks like the Colonial Pipeline ransomware case have demonstrated how an adversary may compromise critical infrastructure. The Colonial Pipeline ransomware attack led to a week’s pipeline shutdown, causing a gas shortage in the United States. As existing vulnerability assessment tools cannot be used in the context of ICS systems, vulnerability datasets specified for ICSs are needed to evaluate the security weaknesses. Our secondary metadata, ICS-LTU2022, consists of multiple features that can be used for vulnerability assessment and risk evaluation in industrial control systems. A description of the dataset, its characteristics, and data analysis are also presented in this paper. Vulnerability analysis was conducted based on the top 10 vulnerabilities in terms of severity, frequency by year, impact, components of the ICS, and common weaknesses. The ICS-LTU2022 vulnerabilities dataset is updated biannually. Our proposed dataset provides security researchers with the most recent ICS critical vulnerabilities.

A context-aware zero trust-based hybrid approach to IoT-based self-driving vehicles security

With the speedy progression and adoption of IoT devices in modern self-driving vehicles (SDVs), autonomous driving industry is gradually reforming its capabilities to provide better transportation services. However, this domain faces enormous security and privacy challenges and thus has become an attractive target for attackers due to its rapid growth and market worth. Furthermore, the rapid transformation in technological tools in transport industry and speedy evolution of cyber-attacks paved the way for designing efficient IDSs. Motivated by these challenges, we put forward a new secure and efficient IDS approach for the security of SDVs. The propose approach utilizes an emerging strategy to mitigate security vulnerabilities and cyber attacks detection using zero trust (ZT) model. Through this work, we put forward a context-aware zero trust security framework for IoT-based SDVs. The proposed framework utilizes a context-aware design to evaluate the trustworthiness of the devices using multi-source trust and reputation model. Then, to make the framework more effective and reliable, we introduce crawler system into the context of the IoT-devices in SDVs to make the system unbiased. Additionally, an observer module is developed that employs state-of-the-art machine learning algorithm to detect malicious actions. Empirical results on two standard benchmark datasets (i.e., Car Hacking and ToN_IoT) validate the practicality and robustness of propose framework in real-world transport systems with enhanced security and trust management against evolving cyber-threats. Detection results demonstrate that the proposed framework secured the best performance by achieving 99.43% and 99.52% accuracy for Car Hacking and ToN_IoT, respectively. The findings of this study will help the security professionals and researchers to comprehend the importance of ZT architecture in developing effective and robust security solutions for modern IoT-based SDVs.

How to Make My Bug Bounty Cost-Effective? A Game-Theoretical Model

A bug bounty program (BBP) is an innovative crowdsourcing security solution increasingly adopted by organizations. We use a game-theoretical model to analyze how key characteristics impact BBPs and offer practical insights into managing a BBP as part of an organization’s vulnerability management for better cost-effectiveness. Our findings indicate that organizations with high patching complexity should announce lower bounties, especially if they face limited security resources. BBPs should complement, not substitute, an organization’s security characteristics. Evaluating patching complexity and security posture is crucial when designing a BBP. Furthermore, security researchers drive BBP performance. Higher productivity in researchers doesn’t always require higher bounties even with high postdiscovery costs. Novice productivity can increase total costs if unit postdiscovery costs are high, whereas expert productivity consistently reduces costs. Organizations should disclose high-level product and information technology (IT) features to increase expert productivity. The number of security researchers in a BBP is important, but increasing their numbers doesn’t always necessitate higher bounties. A larger crowd may not always be cost-effective. Lastly, enhanced legal protection for security researchers might not increase organizational risks, especially in organizations with robust security or less sophisticated IT infrastructure. Industrial associations and policymakers should consider these factors in standards and legal frameworks.

“Just Food doesn’t Do It”: Understanding Food Insecurity Among Rural Veterans in the United States

ABSTRACT Food security among rural veteran populations is an understudied subject. This study uses qualitative data from 106 semi-structured interviews conducted with staff from programs at the United States Department of Veterans Affairs (VA) and other federal agencies, staff from non-governmental organizations (NGOs), food security researchers, and food insecure veterans to identify the barriers to and facilitators for rural veteran food security. Barriers identified included external, structural barriers that exist in rural areas; internal barriers to using food assistance, such as feeling stigmatized; and barriers related to other social determinants of health, including a lack of education, employment, or housing stability.

Elicitation of security threats and vulnerabilities in Insurance chatbots using STRIDE

Although chatbots are used a lot for customer relationship management (CRM), there needs to be more data security and privacy control strategies in chatbots, which has become a security concern for financial services institutions. Chatbots gain access to large amounts of vital company information and clients’ personal information, which makes them a target of security attacks. The loss of data stored in chatbots can cause major harm to companies and customers. In this study, STRIDE (viz. Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege) modelling was applied to identify the data security vulnerabilities and threats that pertain to chatbots used in the insurance industry. To do this, we conducted a case study of a South African insurance organisation. The adopted methodology involved data collection from stakeholders in the insurance organisation to identify chatbot use cases and understand chatbot operations. After that, we conducted a STRIDE-based analysis of the chatbot use cases to elicit security threats and vulnerabilities in the insurance chatbots in the organisation. The results reveal that security vulnerabilities associated with Spoofing, Denial of Service, and Elevation of privilege are more relevant to insurance chatbots. The most security threats stem from Tampering, Elevation of privilege, and Spoofing. The study extends the discussion on chatbot security. It fosters an understanding of security threats and vulnerabilities that pertain to insurance chatbots, which is beneficial for security researchers and practitioners working on the security of chatbots and the insurance industry.

A survey of large language models for cyber threat detection

With the increasing complexity of cyber threats and the expanding scope of cyberspace, there exist progressively more challenges in cyber threat detection. It is proven that most previous threat detection models may become inadequate due to the escalation of hacker attacks. However, recent research has shown that some of these problems can be effectively addressed by Large Language Models (LLMs) directly or indirectly. Nowadays, a growing number of security researchers are adopting LLMs for analyzing various cyber threats. According to the investigation, we found that while there are numerous emerging reviews on the utilization of LLMs in some fields of cyber security, there is currently a lack of a comprehensive review on the application of LLMs in the threat detection stage. Through retrieving and collating existing works in recent years, we examined various threat detection and monitoring tasks for which LLMs may be well-suited, including cyber threat intelligence, phishing email detection, threat prediction, logs analysis, and so on. Additionally, the review explored the specific stages of different detection tasks in which LLMs are involved, evaluating the points at which LLMs are optimized. For instance, LLMs have been found to enhance the interpretability of log analysis in real-time anomaly event discovery. Additionally, we discussed some tasks where LLMs may not be suitable and explored future directions and challenges in this field. By providing a detailed status update and comprehensive insights, this review aims to assist security researchers in leveraging LLMs to enhance existing detection frameworks or develop domain-specific LLMs.

Strategi Pengembangan Sistem Keamanan Terpadu untuk Melindungi Sistem Operasi Windows dari Ancaman Cyber

The Windows operating system has become one of the main targets for cyber attackers because of its popularity among computer users. Therefore, developing an effective integrated security system is essential to protect the Windows operating system from various cyber threats. This journal discusses integrated security system development strategies that include the use of encryption technology, firewalls, malware scanning, system updates, and user awareness. Apart from that, this journal also discusses the implementation of an integrated security strategy to protect the Windows operating system from increasingly complex cyber attacks. The goal of this journal is to provide strategic guidance for IT security professionals and researchers in developing an effective integrated security system to protect the Windows operating system from ever-evolving cyber threats.

Features, Analysis Techniques, and Detection Methods of Cryptojacking Malware: A Survey

Various types of malwares are capable of bringing harm to users. The list of types are root exploits, botnets, trojans, spyware, worms, viruses, ransomware, and cryptojacking. Cryptojacking is a significant proportion of cyberattacks in which exploiters mine cryptocurrencies using the victim’s devices, for instance, smartphones, tablets, servers, or computers. It is also defined as the illegal utilization of victim resources (CPU, RAM, and GPU) to mine cryptocurrencies without detection. The purpose of cryptojacking, along with numerous other forms of cybercrime, is monetary gain. Furthermore, it also intended to stay concealed from the victim's viewpoint. Following this crime, to the author's knowledge, a paper focusing solely on a review of cryptojacking research is still unavailable. This paper presents cryptojacking detection information to address this deficiency, including methods, detection, analysis techniques, and features. As cryptojacking malware is a type that executes its activities using the network, most of the analysis and features fall into dynamic activities. However, static analysis is also included in the security researcher’s option. The codes that are involved are opcode and JavaScript. This demonstrates that these two languages are vital programming languages to focus on to detect cryptojacking. Moreover, the researchers also begin to adopt deep learning in their experiments to detect cryptojacking malware. This paper also examines potential future developments in the detection of cryptojacking.

The Trajectory of International and National Anti‐Terrorism Laws: An Appraisal of Counter‐terrorism Legislation in Kurdistan, Iraq

ABSTRACTTerrorism is not a new phenomenon. Nevertheless, since September 11, 2001, it appears that there has been a global consensus on the need for a more uniform and comprehensive response to terrorism. Thus, countries develop their counter‐terrorism strategy that comprises different approaches, including using the criminal justice system. The criminal justice response to terrorism covers special legislation, strategies, policies, investigation, prosecution, and sentencing. To combat terrorism and improve the criminal justice system in response to existing threats of terrorism, KRI legislated a special anti‐terrorism law. This paper investigates the trajectory of international and national terrorism law in the Kurdistan Region of Iraq (KRI). Accordingly, this research was set to examine international and national terrorism law critically. The focus is placed on the Anti‐terrorism Act No. 3 of 2006, emphasizing the principle of legality. As such, this paper adopted the doctrinal legal methodology that utilized qualitative techniques in analyzing the secondary data. The gathered information and data were then analyzed thematically. Based on the legal analysis, this study found that local circumstances and international pressure influence the trajectory of the counter‐terrorism laws in KRI. The absence of uniformity in the definition indicates the complexity of conceptualizing the phenomenon. The KRI anti‐terrorism law did not define international terrorism and may affect the principle of legality in counter‐terrorism strategy. Consequently, the study will benefit law, security, and international relations researchers. It serves as a basis for future empirical research examining the effects of anti‐terrorism laws in KRI or other jurisdictions.

Quantization Backdoors to Deep Learning Commercial Frameworks

Due to their low latency and high privacy preservation, there is currently a burgeoning demand for deploying deep learning (DL) models on ubiquitous edge Internet of Things (IoT) devices. However, DL models are often large in size and require large-scale computation, which prevents them from being placed directly onto IoT devices, where resources are constrained, and 32-bit floating-point (float-32) operations are unavailable. Commercial framework (i.e., a set of toolkits) empowered model quantization is a pragmatic solution that enables DL deployment on mobile devices and embedded systems by effortlessly post-quantizing a large high-precision model (e.g., float-32) into a small low-precision model (e.g., int-8) while retaining the model inference accuracy. However, their usability might be threatened by security vulnerabilities. This work reveals that standard quantization toolkits can be abused to activate a backdoor. We demonstrate that a full-precision backdoored model which does not have any backdoor effect in the presence of a trigger—as the backdoor is dormant—can be activated by (i) TensorFlow-Lite (TFLite) quantization, the only <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">product-ready</i> quantization framework to date, and (ii) the <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">beta released</i> PyTorch Mobile framework. In our experiments, we employ three popular model architectures (VGG16, ResNet18, and ResNet50), and train each across three popular datasets: MNIST, CIFAR10 and GTSRB. We ascertain that all trained float-32 backdoored models exhibit no backdoor effect <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">even in the presence of trigger inputs</i> . Particularly, four influential backdoor defenses are evaluated, and they fail to identify a backdoor in the float-32 models. When each of the float-32 models is converted into an int-8 format model through the standard TFLite or PyTorch Mobile framework's post-training quantization, the backdoor is activated in the quantized model, which shows a stable attack success rate close to 100% upon inputs with the trigger, while it usually behaves upon non-trigger inputs. This work highlights that a stealthy security threat occurs when an end-user utilizes the on-device post-training model quantization frameworks, informing security researchers of a cross-platform overhaul of DL models post-quantization even if these models pass security-aware front-end backdoor inspections. Significantly, we have identified Gaussian noise injection into the malicious full-precision model as an easy-to-use preventative defense against the PQ backdoor. The attack source code is released at <uri xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">https://github.com/quantization-backdoor</uri> .

Intel TDX Demystified: A Top-Down Approach

Intel Trust Domain Extensions (TDX) is an architectural extension in the 4th Generation Intel Xeon Scalable Processor that supports confidential computing. TDX allows the deployment of virtual machines in the Secure-Arbitration Mode (SEAM) with encrypted CPU state and memory, integrity protection, and remote attestation. TDX aims at enforcing hardware-assisted isolation for virtual machines and minimize the attack surface exposed to host platforms, which are considered to be untrustworthy or adversarial in the confidential computing’s new threat model. TDX can be leveraged by regulated industries or sensitive data holders to outsource their computations and data with end-to-end protection in public cloud infrastructures. This article aims at providing a comprehensive understanding of TDX to potential adopters, domain experts, and security researchers looking to leverage the technology for their own purposes. We adopt a top-down approach, starting with high-level security principles and moving to low-level technical details of TDX. Our analysis is based on publicly available documentation and source code, offering insights from security researchers outside of Intel.

Human-centric cyber security: Applying protection motivation theory to analyse micro business owners’ security behaviours

Purpose The current advancements in technologies and the internet industry provide users with many innovative digital devices for entertainment, communication and trade. However, simultaneous development and the rising sophistication of cybercrimes bring new challenges. Micro businesses use technology like how people use it at home, but face higher cyber risks during riskier transactions, with human error playing a significant role. Moreover, information security researchers have often studied individuals’ adherence to compliance behaviour in response to cyber threats. The study aims to examine the protection motivation theory (PMT)-based model to understand individuals’ tendency to adopt secure behaviours. Design/methodology/approach The study focuses on Australian micro businesses since they are more susceptible to cyberattacks due to the least security measures in place. Out of 877 questionnaires distributed online to Australian micro business owners through survey panel provider “Dynata,” 502 (N = 502) complete responses were included. Structural equational modelling was used to analyse the relationships among the variables. Findings The results indicate that all constructs of the protection motivation, except threat susceptibility, successfully predict the user protective behaviours. Also, increased cybersecurity costs negatively impact users’ safe cyber practices. Originality/value The study has critical implications for understanding micro business owners’ cyber security behaviours. The study contributes to the current knowledge of cyber security in micro businesses through the lens of PMT.

A General Framework for Account Risk Rating on Ethereum: Toward Safer Blockchain Technology

As the largest blockchain platform that supports smart contracts, Ethereum has attracted wide attention from both academia and industry in recent years. Along with the prosperous development of Ethereum, the high-risk illegal practices on it are becoming more and more rampant, seriously jeopardizing the system’s trading security and long-term development. Therefore, the detection and quantification of account risk are of great importance for both cryptocurrency investors and blockchain security researchers. In this article, we propose the first general framework for account risk rating on Ethereum, which includes a devisable suspiciousness metric to adapt to various illicit fraud detection and a network propagation mechanism to formulate the relations between accounts and transactions. By conducting extensive experiments on a real-world dataset from Ethereum, we show the universality of the account risk rating framework. Particularly, statistical analyses on different risk levels of accounts demonstrate that the risk rating framework has access to detect various illicit accounts. And the metric analysis of risk rating results put forward some insights. Moreover, visualization of a suspicious transaction chain reveals the process of illicit activities on Ethereum, enabling investors to obtain an understanding of the risky accounts and avoid significant financial losses.

Making vulnerability prediction more practical: Prediction, categorization, and localization

Context:Due to the prevalence of software vulnerabilities, vulnerability detection becomes a fundamental problem in system security. Objective:To solve this problem, academics and industries have made great efforts to propose deep-learning-based (DL-based) approaches but these attempts have three main limitations: (1) perform poorly on real-world projects (e.g., Accuracy below 74.33% and F1 below 73.55%); (2) perform poorly in catching vulnerable patterns due to incomplete code representations; (3) mostly perform coarse-grained function-level prediction and lack interpretability analysis. Methods:In this paper, we propose VulPCL, a BLSTM and CodeBERT based approach, which makes the first attempt to perform vulnerability prediction, categorization, and localization automatically within a framework. To alleviate the above-mentioned limitations, our VulPCL considers multi-dimension (i.e., text-based, sequence-based, and graph-based) representations to catch latent vulnerable patterns and multi-model training to learn high-level semantics. Results:Through experiments on four real-world datasets containing 114+ CWE (Common Weakness Enumeration) types spanning from 2005 to 2022, we find that our VulPCL outperforms the baselines by (1) 13.51%∼60.64% and 14.34%∼180.23% on Accuracy, and F1 respectively on vulnerability prediction; (2) 10.32%∼46.79%, and 10.71%∼127.80% on Accuracy, and macro-F1 respectively on vulnerability categorization; (3) 9.23%∼36.54% on Top-10 Accuracy on vulnerability localization. Conclusion:These results indicate that our VulPCL is considerably more accurate, effective, fine-grained, and practical than previous studies. Besides, our further analyses show that VulPCL is indeed capable of capturing all vulnerability lines, and the result of line-level vulnerability localization is consistent with the function-level vulnerability prediction as the increase of predicted lines. Thus making VulPCL more interpretable than previous studies. Our additional investigation also shows that VulPCL effectively detects the Most Dangerous 25 CWEs in 2022, which is instructive for security researchers.

KnowCTI: Knowledge-based cyber threat intelligence entity and relation extraction

Structured cyber threat intelligence enables security researchers to know the occurrence of cyber threats in time, thereby improving the efficiency of security defense and analysis. Previous works usually use general deep learning and NLP techniques to extract intelligence. Such methods suffer from insufficient semantic understanding in the field of security. To address these issues, we propose a novel method called Knowledge-based Cyber Threat Intelligence Entity and Relation Extraction (KnowCTI), which incorporates cybersecurity knowledge into the model to enhance the understanding of the realm of cybersecurity and has a full picture of threats with the threat intelligence graph generation. Specifically, we first build a cybersecurity knowledge base and train cybersecurity-aware knowledge embeddings based on the base. Secondly, we refine the most related knowledge triples by attention mechanism and gate mechanism, and then construct a sentence tree through these triples. Next, we employ graph attention networks to incorporate knowledge information into the sentence by considering the sentence tree as a graph. Finally, we consider entity extraction as a sequence labeling problem and relation extraction as a classification problem to decode the entities and relation triples according to the threat intelligence ontology we designed. Experimental results demonstrate the superior performance with the F1 score exceeding 90.16 and 81.83 on entity and relation extraction separately.

Deep learning-powered malware detection in cyberspace: a contemporary review

This article explores deep learning models in the field of malware detection in cyberspace, aiming to provide insights into their relevance and contributions. The primary objective of the study is to investigate the practical applications and effectiveness of deep learning models in detecting malware. By carefully analyzing the characteristics of malware samples, these models gain the ability to accurately categorize them into distinct families or types, enabling security researchers to swiftly identify and counter emerging threats. The PRISMA 2020 guidelines were used for paper selection and the time range of review study is January 2015 to Dec 2023. In the review, various deep learning models such as Recurrent Neural Networks, Deep Autoencoders, LSTM, Deep Neural Networks, Deep Belief Networks, Deep Convolutional Neural Networks, Deep Generative Models, Deep Boltzmann Machines, Deep Reinforcement Learning, Extreme Learning Machine, and others are thoroughly evaluated. It highlights their individual strengths and real-world applications in the domain of malware detection in cyberspace. The review also emphasizes that deep learning algorithms consistently demonstrate exceptional performance, exhibiting high accuracy and low false positive rates in real-world scenarios. Thus, this article aims to contribute to a better understanding of the capabilities and potential of deep learning models in enhancing cybersecurity efforts.

Homomorphic encrypted Yara rules evaluation

Malware signatures represent a powerful tool for malware detection and classification, widely used by security researchers and security solution providers. Yara rules describe malware based on string patterns that are evaluated on targeted files. Generally, the security provider sends signatures to the client endpoints and the rule evaluation is performed locally, such that the scanned files do not leave the client machines. However, if a zero-day vulnerability is discovered and the security provider exposes the corresponding signature, there is a considerable risk to also disclose the unpatched vulnerability. A solution is represented by homomorphic encrypted Yara rules, which can be evaluated on targeted files without being decrypted. In this article, we propose a homomorphic Yara rules evaluation method and do a comparative analysis with the HENFA method (Homomorphic Encryption for Finite Automata (Genise et al., 2019)). For our method, we propose a fully homomorphic exact string matching algorithm based on the TFHE scheme (Fully Homomorphic Encryption over the Torus (Chillotti et al., 2020)). In order to determine how suitable is the exact string matching approach in practice, we analyze a public Yara rules repository and generate various statistics about the patterns used in the Yara rules. For the two homomorphic Yara rules matching methods, both theoretical and experimental comparative evaluations are presented. Our proposed method implies ciphertexts with smaller sizes and has better efficiency in the average testing scenarios compared to the HENFA method.

Production Choices and Food Security: A Review of Studies Based on a Micro-Diversity Perspective.

Given the 'subsistence' character of smallholder production, agricultural production diversification is often seen as an effective strategy for smallholders to improve their diets' diversity and nutritional status, yet the existing evidence remains inadequate. The study applies bibliometric data from the "Web of Science" database to synthesize 46 papers from developing countries to explore the relationship between production diversity, dietary diversity, and nutrition in smallholder households. The study identifies the most influential journals, authors, organizations, and countries and reveals research themes related to agricultural production and food security. This data analysis can help researchers target potential collaborators and access influential literature in agricultural production diversity and dietary diversity research. In addition, the results showed that agricultural production diversity potentially influences households' dietary diversity, with mixed results: Agricultural production diversification is the primary way to improve food and nutritional security among smallholder families with low socio-economic status, inaccessible transportation, and poverty; market access and trade have more potential to improve dietary diversity among smallholder households with well-developed markets and higher income levels; the significant measures of agricultural production diversity include Crop Counts, FGPD, SI, and SWDI; the significant measures of dietary diversity include HDDS and IDDS. This paper provides a roadmap for agricultural production and food security researchers by conducting a systematic review of the literature, summarizing some research methods and perspectives applicable to local socio-economic development.

Statistical performance assessment of supervised machine learning algorithms for intrusion detection system

&lt;span lang="EN-US"&gt;Several studies have shown that an ensemble classifier's effectiveness is directly correlated with the diversity of its members. However, the algorithms used to build the base learners are one of the issues encountered when using a stacking ensemble. Given the number of options, choosing the best ones might be challenging. In this study, we selected some of the most extensively applied supervised machine learning algorithms and performed a performance evaluation in terms of well-known metrics and validation methods using two internet of things (IoT) intrusion detection datasets, namely network-based anomaly internet of things (N-BaIoT) and internet of things intrusion detection dataset (IoTID20). Friedman and Dunn's tests are used to statistically examine the significant differences between the classifier groups. The goal of this study is to encourage security researchers to develop an intrusion detection system (IDS) using ensemble learning and to propose an appropriate method for selecting diverse base classifiers for a stacking-type ensemble. The performance results indicate that adaptive boosting, and gradient boosting (GB), gradient boosting machines (GBM), light gradient boosting machines (LGBM), extreme gradient boosting (XGB) and deep neural network (DNN) classifiers exhibit better trade-off between the performance parameters and classification time making them ideal choices for developing anomaly-based IDSs.&lt;/span&gt;

An early discovery of intrusion attack using novel optimized deep learning for internet of things

In the past couple of years, neural networks have gained widespread use in network security analysis. This type of analysis is usually performed in a nonlinear and highly correlated manner. Due to the immense amount of data traffic, the current models are prone to false alarms and poor detection. Deep-learning models can help security researchers identify and extract data features that are related to an attack. They can also minimize the data’s dimensionality and detect intrusions. Unfortunately, the complexity of the network structure and hidden neurons of a deep-learning model can be set by error-prone procedures. In order to improve the performance of deep learning models, a new algorithm is proposed. This method combines a gradient boost regression and particle swarm optimization. The proposes a method called the Spark-DBN-SVM-GBR algorithm. The simulations conducted proposed algorithm revealed that it has a better accuracy rate than other deep learning models and the experiments conducted on the PSO-GBR algorithm revealed that it performed better than the current optimization technique when detecting unauthorized attack activities.