Щоб переглянути інші типи публікацій з цієї теми, перейдіть за посиланням: Cyber alerts.
Статті в журналах з теми "Cyber alerts"
Оформте джерело за APA, MLA, Chicago, Harvard та іншими стилями
Ознайомтеся з топ-50 статей у журналах для дослідження на тему "Cyber alerts".
Біля кожної праці в переліку літератури доступна кнопка «Додати до бібліографії». Скористайтеся нею – і ми автоматично оформимо бібліографічне посилання на обрану працю в потрібному вам стилі цитування: APA, MLA, «Гарвард», «Чикаго», «Ванкувер» тощо.
Також ви можете завантажити повний текст наукової публікації у форматі «.pdf» та прочитати онлайн анотацію до роботи, якщо відповідні параметри наявні в метаданих.
Переглядайте статті в журналах для різних дисциплін та оформлюйте правильно вашу бібліографію.
1
Chen, Haipeng, Andrew Duncklee, Sushil Jajodia, Rui Liu, Sean Mcnamara, and V. S. Subrahmanian. "PCAM: A Data-driven Probabilistic Cyber-alert Management Framework." ACM Transactions on Internet Technology 22, no. 3 (August 31, 2022): 1–24. http://dx.doi.org/10.1145/3511101.
Повний текст джерелаАнотація:
We propose PCAM , a Probabilistic Cyber-Alert Management framework, that enables chief information security officers to better manage cyber-alerts. Workers in Cyber Security Operation Centers usually work in 8- or 12-hour shifts. Before a shift, PCAM analyzes data about all past alerts and true alerts during the shift time-frame to schedule a given set of analysts in accordance with workplace constraints so that the expected number of “uncovered” true alerts (i.e., true alerts not shown to an analyst) is minimized. PCAM achieves this by formulating the problem as a bi-level non-linear optimization problem and then shows how to linearize and solve this complex problem. We have tested PCAM extensively. Using statistics derived from 44 days of real-world alert data, we are able to minimize the expected number of true alerts that are not manually examined by a team consisting of junior, senior, and principal analysts. We are also able to identify the optimal mix of junior, senior, and principal analysts needed during both day and night shifts given a budget, outperforming some reasonable baselines. We tested PCAM ’s proposed schedule (from statistics on 44 days) on a further 6 days of data, using an off-the-shelf false alarm classifier to predict which alerts are real and which ones are false. Moreover, we show experimentally that PCAM is robust to various kinds of errors in the statistics used.
2
Albasheer, Hashim, Maheyzah Md Siraj, Azath Mubarakali, Omer Elsier Tayfour, Sayeed Salih, Mosab Hamdan, Suleman Khan, Anazida Zainal, and Sameer Kamarudeen. "Cyber-Attack Prediction Based on Network Intrusion Detection Systems for Alert Correlation Techniques: A Survey." Sensors 22, no. 4 (February 15, 2022): 1494. http://dx.doi.org/10.3390/s22041494.
Повний текст джерелаАнотація:
Network Intrusion Detection Systems (NIDS) are designed to safeguard the security needs of enterprise networks against cyber-attacks. However, NIDS networks suffer from several limitations, such as generating a high volume of low-quality alerts. Moreover, 99% of the alerts produced by NIDSs are false positives. As well, the prediction of future actions of an attacker is one of the most important goals here. The study has reviewed the state-of-the-art cyber-attack prediction based on NIDS Intrusion Alert, its models, and limitations. The taxonomy of intrusion alert correlation (AC) is introduced, which includes similarity-based, statistical-based, knowledge-based, and hybrid-based approaches. Moreover, the classification of alert correlation components was also introduced. Alert Correlation Datasets and future research directions are highlighted. The AC receives raw alerts to identify the association between different alerts, linking each alert to its related contextual information and predicting a forthcoming alert/attack. It provides a timely, concise, and high-level view of the network security situation. This review can serve as a benchmark for researchers and industries for Network Intrusion Detection Systems’ future progress and development.
3
Almseidin, Mohammad, Mouhammad Alkasassbeh, Maen Alzubi, and Jamil Al-Sawwa. "Cyber-Phishing Website Detection Using Fuzzy Rule Interpolation." Cryptography 6, no. 2 (May 7, 2022): 24. http://dx.doi.org/10.3390/cryptography6020024.
Повний текст джерелаАнотація:
This paper introduces a novel detection method for phishing website attacks while avoiding the issues associated with the deficiencies of the knowledge-based representation and the binary decision. The suggested detection method was performed using Fuzzy Rule Interpolation (FRI). The FRI reasoning methods added the benefit of enhancing the robustness of fuzzy systems and effectively reducing the system’s complexity. These benefits help the Intrusion Detection System (IDS) to generate more realistic and comprehensive alerts in case of phishing attacks. The proposed method was applied to an open-source benchmark phishing website dataset. The results show that the proposed detection method obtained a 97.58% detection rate and effectively reduced the false alerts. Moreover, it effectively smooths the boundary between normal and phishing attack traffic because of its fuzzy nature. It has the ability to generate the required security alert in case of deficiencies in the knowledge-based representation. In addition, the results obtained from the proposed detection method were compared with other literature results. The results showed that the accuracy rate of this work is competitive with other methods. In addition, the proposed detection method can generate the required anti-phishing alerts even if one of the anti-phishing sparse rules does not cover some input parameters (observations).
4
Cheng, Xiang, Jiale Zhang, and Bing Chen. "Cyber Situation Comprehension for IoT Systems based on APT Alerts and Logs Correlation." Sensors 19, no. 18 (September 19, 2019): 4045. http://dx.doi.org/10.3390/s19184045.
Повний текст джерелаАнотація:
With the emergence of the Advanced Persistent Threat (APT) attacks, many Internet of Things (IoT) systems have faced large numbers of potential threats with the characteristics of concealment, permeability, and pertinence. However, existing methods and technologies cannot provide comprehensive and prompt recognition of latent APT attack activities in the IoT systems. To address this problem, we propose an APT Alerts and Logs Correlation Method, named APTALCM and a framework of deploying APTALCM on the IoT system, where an edge computing architecture was used to achieve cyber situation comprehension without too much data transmission cost. Specifically, we firstly present a cyber situation ontology for modeling the concepts and properties to formalize APT attack activities in the IoT systems. Then, we introduce a cyber situation instance similarity measurement method based on the SimRank mechanism for APT alerts and logs Correlation. Combining with instance similarity, we further propose an APT alert instances correlation method to reconstruct APT attack scenarios and an APT log instances correlation method to detect log instance communities. Through the coalescence of these methods, APTALCM can accomplish the cyber situation comprehension effectively by recognizing the APT attack intentions in the IoT systems. The exhaustive experimental results demonstrate that the two kernel modules, i.e., Alert Instance Correlation Module (AICM) and Log Instance Correlation Module (LICM) in our APTALCM, can achieve both high true-positive rate and low false-positive rate.
5
Gay, Chris, Barry Horowitz, John Elshaw, Philip Bobko, and Inki Kim. "Operator Suspicion and Decision Responses to Cyber-Attacks on Unmanned Ground Vehicle Systems." Proceedings of the Human Factors and Ergonomics Society Annual Meeting 61, no. 1 (September 2017): 226–30. http://dx.doi.org/10.1177/1541931213601540.
Повний текст джерелаАнотація:
Cyber-attacks against cyber-physical systems (CPS), such as unmanned vehicles, are emergent threats with potentially catastrophic impacts, and this issue has drawn considerable interest by military agencies. Abundant body of research has attempted to address the physical security aspects of CPS; however, research addressing the human dimensions of cyber-attack detection and responses from an operator and operational perspective is sparse. This research has provided a novel probe into the human factors affecting operator resilience in responding to cyber-attacks, which are situations characterized by uncertainty and malicious intent. The variability of individual operators makes it improbable to grasp the full range of factors contributing to operator performance; however, the application of Suspicion Theory as proposed by Bobko et al. (2013), provides a starting point to aid in understanding operator performance in situations involving malicious intent (e.g. a cyber-attack). According to the theory, malicious intent is a critical component of operator suspicion, which is a key factor in operator response to cyber-attacks. The current research explored this human dimension through scenario-based, human-in-the-loop simulation experiments with Air Force personnel. It included both abstract and empirical assessments of the application of Suspicion Theory to operator detection and responses to cyber-attacks against an unmanned vehicle system, and it took a systems-oriented approach to the problem by considering the interaction of a Human-Machine Team (HMT) in the response. The HMT here refers to an operator and a Sentinel, which is an automated cyber-attack detection aid. The study evaluated the effects of suspicion, as well as the effects of perceived consequence, on the operator, and the resulting HMT quality of performance in responding to alerts, including both false alarms and properly detected cyber-attack scenarios. The findings show that Sentinel alerts alone do not create operator suspicion. Instead, alerts can serve as a catalyst for a wider information search by the operator, which, on a situational basis can lead to formation of increased operator suspicion. The analysis of experimental results pointed to a negative correlation between operator suspicion and performance score that measured the quality of a response to the given scenario. In addition, a strong correlation between HMT performance score and task response time was noted.
6
Angelini, Marco, and Giuseppe Santucci. "Cyber situational awareness: from geographical alerts to high-level management." Journal of Visualization 20, no. 3 (July 12, 2016): 453–59. http://dx.doi.org/10.1007/s12650-016-0377-3.
Повний текст джерела
7
Yang, Gang, Chaojing Tang, and Xingtong Liu. "DualAC2NN: Revisiting and Alleviating Alert Fatigue from the Detection Perspective." Symmetry 14, no. 10 (October 13, 2022): 2138. http://dx.doi.org/10.3390/sym14102138.
Повний текст джерелаАнотація:
The exponential expansion of Internet interconnectivity has led to a dramatic increase in cyber-attack alerts, which contain a considerable proportion of false positives. The overwhelming number of false positives cause tremendous resource consumption and delay responses to the really severe incidents, namely, alert fatigue. To cope with the challenge from alert fatigue, we focus on enhancing the capability of detectors to reduce the generation of false alerts from the detection perspective. The core idea of our work is to train a machine-learning-based detector to grasp the empirical intelligence of security analysts to estimate the feasibility of an incoming HTTP request to cause substantial threats, and integrate the estimation into the detection stage to reduce false alarms. To this end, we innovatively introduce the concept of attack feasibility to characterize the composition rationality of an inbound HTTP request as a feasible attack under static scrutinization. First, we adopt a fast request-reorganization algorithm to transform an HTTP request into the form of interface:payload pair for further alignment of structural components which can reveal the processing logic of the target program. Then, we build a dual-channel attention-based circulant convolution neural network (DualAC2NN) to integrate the attack feasibility estimation into the alert decision, by comprehensively considering the interface sensitivity, payload maliciousness, and their bipartite compatibility. Experiments on a real-world dataset show that the proposed method significantly reduces invalid alerts by around 86.37% and over 61.64% compared to a rule-based commercial WAF and several state-of-the-art methods, along with retaining a detection rate at 97.89% and a lower time overhead, which indicates that our approach can effectively mitigate alert fatigue from the detection perspective.
8
Priyawati, Diah, Siti Rokhmah, and Ihsan Cahyo Utomo. "Website Vulnerability Testing and Analysis of Website Application Using OWASP." International Journal of Computer and Information System (IJCIS) 3, no. 3 (August 29, 2022): 142–47. http://dx.doi.org/10.29040/ijcis.v3i3.90.
Повний текст джерелаАнотація:
Many businesses, organizations, and social institutions use websites to support their main tasks. The various benefits of the website must be supported by the security aspects of the website in order to avoid hacking. Cyber attacks or hackers can do dangerous things like get more valuable data. So it is necessary to test a good website to find out the level of vulnerability of application features in it. A suitable test for websites where the website is distributed over a network is the grey box penetration test. This study performs a grey box penetration testing technique using the OWASP method and the OWASP ZAP tool. The test steps are collecting test target information, performing automatic scanning with the help of OWASP ZAP, exploiting the scan results, reporting, and providing recommendations. The test results show the target application website has 12 vulnerabilities with 8.3% at the high level vulnerability or 1 alert, 41.7% at the medium level or 5 alerts, 33.3% at the low level or 4 alerts, and 16.7 at the informational level or 2 alerts. These vulnerabilities are related to matters related to A01-Broken Access Control, A03-Injection, A05-Security Misconfiguration, and A08-Software and Data Integrity Failures.
9
Sahu, Abhijeet, and Katherine Davis. "Inter-Domain Fusion for Enhanced Intrusion Detection in Power Systems: An Evidence Theoretic and Meta-Heuristic Approach." Sensors 22, no. 6 (March 9, 2022): 2100. http://dx.doi.org/10.3390/s22062100.
Повний текст джерелаАнотація:
False alerts due to misconfigured or compromised intrusion detection systems (IDS) in industrial control system (ICS) networks can lead to severe economic and operational damage. However, research using deep learning to reduce false alerts often requires the physical and cyber sensor data to be trustworthy. Implicit trust is a major problem for artificial intelligence or machine learning (AI/ML) in cyber-physical system (CPS) security, because when these solutions are most urgently needed is also when they are most at risk (e.g., during an attack). To address this, the Inter-Domain Evidence theoretic Approach for Inference (IDEA-I) is proposed that reframes the detection problem as how to make good decisions given uncertainty. Specifically, an evidence theoretic approach leveraging Dempster–Shafer (DS) combination rules and their variants is proposed for reducing false alerts. A multi-hypothesis mass function model is designed that leverages probability scores obtained from supervised-learning classifiers. Using this model, a location-cum-domain-based fusion framework is proposed to evaluate the detector’s performance using disjunctive, conjunctive, and cautious conjunctive rules. The approach is demonstrated in a cyber-physical power system testbed, and the classifiers are trained with datasets from Man-In-The-Middle attack emulation in a large-scale synthetic electric grid. For evaluating the performance, we consider plausibility, belief, pignistic, and general Bayesian theorem-based metrics as decision functions. To improve the performance, a multi-objective-based genetic algorithm is proposed for feature selection considering the decision metrics as the fitness function. Finally, we present a software application to evaluate the DS fusion approaches with different parameters and architectures.
10
Khosravi, Mehran, and Behrouz Tork Ladani. "Alerts Correlation and Causal Analysis for APT Based Cyber Attack Detection." IEEE Access 8 (2020): 162642–56. http://dx.doi.org/10.1109/access.2020.3021499.
Повний текст джерела
11
Maia, Eva, Norberto Sousa, Nuno Oliveira, Sinan Wannous, Orlando Sousa, and Isabel Praça. "SMS-I: Intelligent Security for Cyber–Physical Systems." Information 13, no. 9 (August 25, 2022): 403. http://dx.doi.org/10.3390/info13090403.
Повний текст джерелаАнотація:
Critical infrastructures are an attractive target for attackers, mainly due to the catastrophic impact of these attacks on society. In addition, the cyber–physical nature of these infrastructures makes them more vulnerable to cyber–physical threats and makes the detection, investigation, and remediation of security attacks more difficult. Therefore, improving cyber–physical correlations, forensics investigations, and Incident response tasks is of paramount importance. This work describes the SMS-I tool that allows the improvement of these security aspects in critical infrastructures. Data from heterogeneous systems, over different time frames, are received and correlated. Both physical and logical security are unified and additional security details are analysed to find attack evidence. Different Artificial Intelligence (AI) methodologies are used to process and analyse the multi-dimensional data exploring the temporal correlation between cyber and physical Alerts and going beyond traditional techniques to detect unusual Events, and then find evidence of attacks. SMS-I’s Intelligent Dashboard supports decision makers in a deep analysis of how the breaches and the assets were explored and compromised. It assists and facilitates the security analysts using graphical dashboards and Alert classification suggestions. Therefore, they can more easily identify anomalous situations that can be related to possible Incident occurrences. Users can also explore information, with different levels of detail, including logical information and technical specifications. SMS-I also integrates with a scalable and open Security Incident Response Platform (TheHive) that enables the sharing of information about security Incidents and helps different organizations better understand threats and proactively defend their systems and networks.
12
Park, Hyunjae, and Young-June Choi. "Frequency-Based Representation of Massive Alerts and Combination of Indicators by Heterogeneous Intrusion Detection Systems for Anomaly Detection." Sensors 22, no. 12 (June 10, 2022): 4417. http://dx.doi.org/10.3390/s22124417.
Повний текст джерелаАнотація:
Although the application of a wide range of sensors has been generalized through the development of technology, the processing of massive alerts generated through data analysis and monitoring remains a challenge. This problem is also found in cyber security because the intrusion detection system (IDS) produces a tremendous number of alerts. Massive alerts not only significantly increase resources for analysis, but also make it difficult to analyze the overall situation of the system. In order to handle massive alerts, we propose using an indicator as a frequency-based representation. The proposed indicator is generated from categorical parameters of alerts that occur within a unit time utilizing frequency and is used for situational awareness with machine learning to detect whether there is a threat or not. The advantage of using indicators is that they can determine the situation for a period without analyzing individual alerts, which helps security experts to recognize the situation in the system and focus on targets that require in-depth analysis. In addition, the conversion from the categorical parameters which is highly related to analysis to numeric parameter allows for applying machine learning. For performance evaluation, we collect data from an HAI testbed similar to real critical infrastructure and conduct experiments using indicators and XGBoost, a classification machine learning algorithm against five famous vulnerability attacks. Consequently, we show that the proposed method can detect attacks with more than 90 percent accuracy, and the performance is enhanced using heterogeneous intrusion detection systems.
13
Panwar, Anupam. "Evaluation of Kernel Based Atanassov's Intuitionistic Fuzzy Clustering for Network Forensics and Intrusion Detection." International Journal of Software Innovation 4, no. 1 (January 2016): 1–15. http://dx.doi.org/10.4018/ijsi.2016010101.
Повний текст джерелаАнотація:
Malware or virus is one of the most significant security threats in Internet. There are mainly two types of successful (partially) solutions available. One is anti-virus and other is backlisting. This kind of detection generally depends on the existing malware or virus signature database. Cyber-criminals bypass defenses by generating variants of their malware program. Traditional approach has limitations such as unable to detect zero day threats or generate so many false alerts et al. To overcome these difficulties, a system is built based on Atanassov's intuitionistic fuzzy set (AIFS) theory based clustering method that takes care of these problems in a robust way. It not only raises an alert for new kind of malware but also decreases the number of false alerts. This is done by giving it decision-making intelligence. There is not much work done in the field of network forensics using AIFS theory. Some clustering techniques are used in these fields but those have limitations like accuracy, performance or difficulty to cluster noisy data. This method clusters the malwares/viruses with high accuracy on the basis of severity. Experiments are performed on several pcap files with malware traffic to assess the performance and accuracy of the method and results are compared with different clustering algorithms.
14
Lee, Eungyu, Yongsoo Lee, and Teajin Lee. "Automatic False Alarm Detection Based on XAI and Reliability Analysis." Applied Sciences 12, no. 13 (July 4, 2022): 6761. http://dx.doi.org/10.3390/app12136761.
Повний текст джерелаАнотація:
Many studies attempt to apply artificial intelligence (AI) to cyber security to effectively cope with the increasing number of cyber threats. However, there is a black box problem such that it is difficult to understand the basis for AI prediction. False alarms for malware or cyberattacks can cause serious side effects. Due to this limitation, all AI predictions must be confirmed by an expert, which is a considerable obstacle to AI expansion. Compared to the increasing number of cyberattack alerts, the number of alerts that can be analyzed by experts is limited. This paper provides explainability through an interpretation of AI prediction results and a reliability analysis of AI predictions based on explainable artificial intelligence (XAI). In addition, we propose a method for screening high-quality data that can efficiently detect false predictions based on reliability indicators. Through this, even a small security team can quickly respond to false predictions. To validate the proposed method, experiments were conducted using the IDS dataset and the malware dataset. AI errors were detected better than they could be by the existing AI models, with about 262% in the IDS dataset and 127% in the malware dataset from the top 10% of analysis targets. Therefore, the ability to respond to cyberattacks can be improved using the proposed method.
15
Tache Buzățoiu, Elena-Simona, Amalia-Magdalena Dănăilă Calafeteanu, and Monica-Mihaela Drăgan Radu. "The role of the chartered accountant in diminishing the effects of cyber fraud." Journal of Financial Studies 6, no. 11 (November 15, 2021): 141–55. http://dx.doi.org/10.55654/jfs.2021.6.11.11.
Повний текст джерелаАнотація:
" In 2017, CERT-RO processed over 138 million cyber security alerts and an exponential increase in cyber fraud is expected. By its nature, the financial sector is in danger, registering an alarming growth in recent years, and about 70% of fraud remains undetected. When we talk about operations and security, financial organizations should use a multi-level, layered approach, focused on both the technical side and the human resource. Many financial institutions have been victims of cyber-attacks and social engineering. It is absolutely obvious that incidents are the result of human error, so prevention requires training, courses, awareness workshops. In the context of the pandemic caused by the new coronavirus, most activities have moved to the online environment, both services, customer-company interactions (browser or application) and employee-company interactions (confidential databases). In order to highlight the above, a comparative analysis is required between entities that have invested in cybersecurity and training of their own employees versus entities that have not been prepared for these exposures. In this sense, what would help the chartered accountant to play a significant role in diminishing the effects of cyber fraud?"
16
Iglesias, Aitziber, Goiuria Sagardui, and Cristobal Arellano. "Industrial Cyber-Physical System Evolution Detection and Alert Generation." Applied Sciences 9, no. 8 (April 17, 2019): 1586. http://dx.doi.org/10.3390/app9081586.
Повний текст джерелаАнотація:
Industrial Cyber-Physical System (ICPS) monitoring is increasingly being used to make decisions that impact the operation of the industry. Industrial manufacturing environments such as production lines are dynamic and evolve over time due to new requirements (new customer needs, conformance to standards, maintenance, etc.) or due to the anomalies detected. When an evolution happens (e.g., new devices are introduced), monitoring systems must be aware of it in order to inform the user and to provide updated and reliable information. In this article, CALENDAR is presented, a software module for a monitoring system that addresses ICPS evolutions. The solution is based on a data metamodel that captures the structure of an ICPS in different timestamps. By comparing the data model in two subsequent timestamps, CALENDAR is able to detect and effectively classify the evolution of ICPSs at runtime to finally generate alerts about the detected evolution. In order to evaluate CALENDAR with different ICPS topologies (e.g., different ICPS sizes), a scalability test was performed considering the information captured from the production lines domain.
17
Ashari, Ilham Firman, Vina Oktarina, Ringgo Galih Sadewo, and Salman Damanhuri. "Analysis of Cross Site Request Forgery (CSRF) Attacks on West Lampung Regency Websites Using OWASP ZAP Tools." Jurnal Sisfokom (Sistem Informasi dan Komputer) 11, no. 2 (August 31, 2022): 276–81. http://dx.doi.org/10.32736/sisfokom.v11i2.1393.
Повний текст джерелаАнотація:
Technological developments in the field of increasingly advanced computers and networks have caused many organizations to use web applications to provide business services. With the increasing popularity of the internet, the number of cyber-attacks has also increased. To overcome these negative impacts, the role of network security is very necessary. The Cross Site Request Forgery (CSRF) method is a penetration technique aimed at exploiting website security vulnerabilities and there is one tool commonly used to find security vulnerabilities on websites, namely OWASP ZAP. The research has succeeded in proving security vulnerabilities on the website of the West Lampung district by conducting attack simulations. From the results of the experiment, it was found that there were 12 alerts with low risk on the website of West Lampung Regency. In 12 alerts there are 53 URL pages that are vulnerable to attack.
18
Győrffy, Krisztina, Ferenc Leitold, and Anthony Arrott. "Individual awareness of cyber-security vulnerability - Citizen and public servant." Central and Eastern European eDem and eGov Days 325 (February 14, 2018): 411–22. http://dx.doi.org/10.24989/ocg.v325.34.
Повний текст джерелаАнотація:
Cyber-security is not concerned so much with average or median vulnerability in an organization. Rather more important is identifying the weakest links. Individual user susceptibility and user behaviour risk assessment are key to measuring the effectiveness of cyber-security awareness programs and policies. Increasingly, it has been demonstrated that managing individual user susceptibility is as critical to organization well-being as maintaining patched IT infrastructure or responding to specific immediate cyber-threat alerts.
Despite IT systems audits, human factor studies, training courses, user policies, and user documentation, managing user cyber-security awareness remains one of the weakest links in protecting organizations from cyber-threats. Most employees are not aware of the cyber-threats they are most likely to encounter while performing their work. They are susceptible to malicious manipulation (social engineering threats) and they tend not to follow standard procedures (either through ignorance or in attempting to circumvent security procedures to achieve more productivity). Typically, employees only recognize the importance of cyber-security policies and practices after an incident has happened to themselves.
With the increasing availability and utility of IT network traffic analysis tools and active user behaviour probes (e.g., fake-phishing), employees can be given direct and individual feedback to increase their cyber-security awareness and improve their cyber-security practices. Beyond an organization’s employees, the same holds for a country’s citizens, or a government’s public servants. At their best, these user behaviour monitoring tools can be used in an open and transparent way to increase awareness of individual vulnerability before actual incidents occur.
In addition to presenting results from the application of user behaviour monitoring tools to cybersecurity, this paper examines the efficacy of the privacy protection safeguards that they incorporate. These results are applied to public sector approaches to: (a) public awareness of citizen cyber-health; (b) securing online pubic services; and (c) public servant awareness of their own vulnerability to cyber-threats.
19
Sweet, Christopher, Stephen Moskal, and Shanchieh Jay Yang. "On the Variety and Veracity of Cyber Intrusion Alerts Synthesized by Generative Adversarial Networks." ACM Transactions on Management Information Systems 11, no. 4 (December 4, 2020): 1–21. http://dx.doi.org/10.1145/3394503.
Повний текст джерела
20
Hulak, Hennadii, Yuliia Zhdanovа, Pavlo Skladannyi, Yevhen Hulak, and Viktor Korniiets. "VULNERABILITIES OF SHORT MESSAGE ENCRYPTION IN MOBILE INFORMATION AND COMMUNICATION SYSTEMS OF CRITICAL INFRASTRUCTURE OBJECTS." Cybersecurity: Education, Science, Technique 1, no. 17 (2022): 145–58. http://dx.doi.org/10.28925/2663-4023.2022.17.145158.
Повний текст джерелаАнотація:
The article considers the possibility of implementing attacks on information exchange in mobile information and communication systems (ICS), which are protected for additional practical cryptographic transformations. Information exchange in the IСS of critical infrastructure objects is often implemented by means of transmission, receiving and paying fees of apparently short notices. Such improvements can be used to formalize control commands and data on the flow mill of objects, alert signals, alerts about suspected activity in computer networks or data for the formation of multiple secrets (keys) in cyber defense systems. Short message services (Short Message Service - SMS) or add-ons on mobile platforms - messengers are analyzed for the exchange of apparently short notifications. Informed about the possibility of an attack on cryptographic systems with a method of designating a streaming station, the object of critical infrastructure and methods of its implementation. Formulated practical recommendations about how to prevent significant attacks, as well as direct further charges.
21
Kumar, Ravi, and Parvesh Kumar Chaudhary. "Network Security Enhancement using CTI and Log Analysis." International Journal of Engineering and Computer Science 7, no. 12 (December 18, 2018): 24430–32. http://dx.doi.org/10.18535/ijecs/v7i12.03.
Повний текст джерелаАнотація:
Cyberattacks, ever increasing in severity, complexity and frequency are impacting the functioning of citizens, government, and businesses around the world. Protecting valuable intellectual property, business and personal information in digital form against theft, misuse, is an increasingly critical concern for everyone in the present digital era. The financial and reputational loss incurred due to Cyber-attacks motivate organizations to improve defensive measures to protect their organizational networks and information stored. This paper proposes an Cyber threat Intelligence (CTI) collection, log analysis and automated Threat alerting platform capable to analyze and respond to incidents that can lead to cyberattacks. The proposed system makes use of CTI received from Open Source intelligence (OSINT), Elasticsearch and Logstash to analyze, observe and generate alerts for malicious traffic/ activity in organization based on log analysis. At the same time an easy to understand visual representation can be made by the use using Kibana.
22
Johnson, Anju P., Hussain Al-Aqrabi, and Richard Hill. "Bio-Inspired Approaches to Safety and Security in IoT-Enabled Cyber-Physical Systems." Sensors 20, no. 3 (February 5, 2020): 844. http://dx.doi.org/10.3390/s20030844.
Повний текст джерелаАнотація:
Internet of Things (IoT) and Cyber-Physical Systems (CPS) have profoundly influenced the way individuals and enterprises interact with the world. Although attacks on IoT devices are becoming more commonplace, security metrics often focus on software, network, and cloud security. For CPS systems employed in IoT applications, the implementation of hardware security is crucial. The identity of electronic circuits measured in terms of device parameters serves as a fingerprint. Estimating the parameters of this fingerprint assists the identification and prevention of Trojan attacks in a CPS. We demonstrate a bio-inspired approach for hardware Trojan detection using unsupervised learning methods. The bio-inspired principles of pattern identification use a Spiking Neural Network (SNN), and glial cells form the basis of this work. When hardware device parameters are in an acceptable range, the design produces a stable firing pattern. When unbalanced, the firing rate reduces to zero, indicating the presence of a Trojan. This network is tunable to accommodate natural variations in device parameters and to avoid false triggering of Trojan alerts. The tolerance is tuned using bio-inspired principles for various security requirements, such as forming high-alert systems for safety-critical missions. The Trojan detection circuit is resilient to a range of faults and attacks, both intentional and unintentional. Also, we devise a design-for-trust architecture by developing a bio-inspired device-locking mechanism. The proposed architecture is implemented on a Xilinx Artix-7 Field Programmable Gate Array (FPGA) device. Results demonstrate the suitability of the proposal for resource-constrained environments with minimal hardware and power dissipation profiles. The design is tested with a wide range of device parameters to demonstrate the effectiveness of Trojan detection. This work serves as a new approach to enable secure CPSs and to employ bio-inspired unsupervised machine intelligence.
23
Thivakaran, T. K., and D. Sasikumar. "Enhanced Biometric Based Automated Teller Machine Authenticate Security System Using Low Power Microcontroller." Journal of Computational and Theoretical Nanoscience 16, no. 2 (February 1, 2019): 759–63. http://dx.doi.org/10.1166/jctn.2019.7805.
Повний текст джерелаАнотація:
Information and communication technology achieved mass improvement on ATMs cyber-security but there is a strong need to strengthen all parts of operation. ATM skimmers are card readers that collect the data from magnetic card stripe that is attached to the real payment terminals; especially criminals can create cloned cards to steal money from the bank account. After these also we think that ATM is the safest place. But, nowadays in ATM, robbery happens easily by damaging the system for money. In this paper we bring an idea about biometric based system to enhance security. There is signal processing which alerts the police and gives information to bank.
24
Nalanagula, Swetha, and Arpita Roy. "Cyber Security Operations Centre: A User-Cantered Machine Learning Framework." International Journal for Research in Applied Science and Engineering Technology 10, no. 6 (June 30, 2022): 4040–43. http://dx.doi.org/10.22214/ijraset.2022.44546.
Повний текст джерелаАнотація:
Abstract: To guarantee an organization's Internet security, SIEM (Security Information and Event Management) framework is about up to disentangle the different preventive advances and banner cautions for security occasions. Examiners (SOC) research admonitions to make a decision whether this is valid or not. Be that because it may, the number of alerts, when all is claimed in done, isn't right with the lion's share and is quite the capacity of SCO to deal with all mindfulness. Along these lines, vindictive chance. Assaults and traded-off hosts won't be right. Machine learning may be a potential way to deal with improving an inappropriate positive rate and improving the profitability of SOC investigators. During this article, we make a client-driven architect learning system for the web Safety Functional Centre in a genuine authoritative setting. We speak about customary information sources in SOC, their work process, and the way to process this information and make a compelling machine learning framework. This text is focused on two gatherings of pursuers. The first gathering is insightful specialists who have no information on information researchers or PC wellbeing fields however architects ought to create machine learning frameworks for machine security. The second gatherings of guests are Internet security specialists that have profound information and skill in Cyber Security yet Machine learning encounters don't exist and I'd like better to make one with them. Toward the finish of the paper, we utilize the record as an example to exhibit full strides from information assortment, mark creation, including designing, machine learning calculation, and test execution assessments utilizing the PC worked within the SOC creation of Seyondike
25
Onchis, Darian, Codruta Istin, and Eduard Hogea. "A Neuro-Symbolic Classifier with Optimized Satisfiability for Monitoring Security Alerts in Network Traffic." Applied Sciences 12, no. 22 (November 12, 2022): 11502. http://dx.doi.org/10.3390/app122211502.
Повний текст джерелаАнотація:
We introduce in this paper a neuro-symbolic predictive model based on Logic Tensor Networks, capable of discriminating and at the same time of explaining the bad connections, called alerts or attacks, and the normal connections. The proposed classifier incorporates both the ability of deep neural networks to improve on their own through learning from experience and the interpretability of the results provided by the symbolic artificial intelligence approach. Compared to other existing solutions, we advance in the discovery of potential security breaches from a cognitive perspective. By introducing the reasoning in the model, our aim is to further reduce the human staff needed to deal with the cyber-threat hunting problem. To justify the need for shifting towards hybrid systems for this task, the design, the implementation, and the comparison of the dense neural network and the neuro-symbolic model is performed in detail. While in terms of standard accuracy, both models demonstrated similar precision, we further introduced for our model the concept of interactive accuracy as a way of querying the model results at any time coupled with deductive reasoning over data. By applying our model on the CIC-IDS2017 dataset, we reached an accuracy of 0.95, with levels of satisfiability around 0.85. Other advantages such as overfitting mitigation and scalability issues are also presented.
26
Kumar, Abhishek, Jyotir Moy Chatterjee, and Vicente García Díaz. "A novel hybrid approach of SVM combined with NLP and probabilistic neural network for email phishing." International Journal of Electrical and Computer Engineering (IJECE) 10, no. 1 (February 1, 2020): 486. http://dx.doi.org/10.11591/ijece.v10i1.pp486-493.
Повний текст джерелаАнотація:
Phishing attacks are one of the slanting cyber-attacks that apply socially engineered messages that are imparted to individuals from expert hackers going for tricking clients to uncover their delicate data, the most mainstream correspondence channel to those messages is through clients' emails. Phishing has turned into a generous danger for web clients and a noteworthy reason for money related misfortunes. Therefore, different arrangements have been created to handle this issue. Deceitful emails, also called phishing emails, utilize a scope of impact strategies to convince people to react, for example, promising a fiscal reward or summoning a feeling of criticalness. Regardless of far reaching alerts and intends to instruct clients to distinguish phishing sends, these are as yet a pervasive practice and a worthwhile business. The creators accept that influence, as a style of human correspondence intended to impact others, has a focal job in fruitful advanced tricks. Cyber criminals have ceaselessly propelling their techniques for assault. The current strategies to recognize the presence of such malevolent projects and to keep them from executing are static, dynamic and hybrid analysis. In this work we are proposing a hybrid methodology for phishing detection incorporating feature extraction and classification of the mails using SVM. At last, alongside the chose features, the PNN characterizes the spam mails from the genuine mails with more exactness and accuracy.
27
Ogogo, Wycliffe Lamech. "Real-Time Monitoring of Network Devices: Its Effectiveness in Enhancing Network Security." East African Journal of Information Technology 3, no. 1 (March 4, 2021): 1–6. http://dx.doi.org/10.37284/eajit.3.1.153.
Повний текст джерелаАнотація:
The business world has been significantly affected by network intrusion leading to infringement of privacy and unprecedented economic losses. Therefore, real-time monitoring of network devices is important due to the enhanced and complex network systems in organizations and associated cyber threats. Real-time monitoring provides adequate alerts and updates regarding specific networks and their performance as soon as they occur. Constant monitoring of devices also makes it possible for organizations to detect any possible challenges that the networks may be encountering. This paper examines the effectiveness of real-time monitoring of network devices in a bid to enhance network security. The study was an empirical review of recently published research papers, journals, internet sites, and books with relevant content. The findings of this study revealed that Real-time device monitoring has many potential advantages to organizations by securing their systems thereby enhancing their overall performance.
28
Javeed, Danish, Muhammad Taimoor Khan, Ijaz Ahmad, Tahir Iqbal, Umar Mohammed Badamasi, Cosmas Obiora Ndubuisi, and Aliyu Umar. "An Efficient Approach of Threat Hunting Using Memory Forensics." International Journal of Computer Networks and Communications Security 8, no. 5 (May 31, 2020): 37–45. http://dx.doi.org/10.47277/ijcncs/8(5)1.
Повний текст джерелаАнотація:
The capacity and occurrence of new cyber-attacks have shattered in recent years. Such measures have very complicated workflows and comprise multiple illegal actors and organizations. Threat hunting demonstrates the process of proactively searching through networks for threats based on zero-day attacks by repeating the hunting process again and again. Unlike threat intelligence, it uses different automated security tools to collect logs in order to provide a pattern for making new intelligence-based tools by following those logs. According to our research findings about “threat hunting tools” there’s a major flaw that the designed tools are limited to the collection of logs. It works completely on logs for generating new patterns avoiding system’s main memory. Codes written directly to memory fail this process to provide proactive hunting. To overcome this major challenge, we are proposing two distinct methods, either by generating malicious code alerts or by binding memory forensics processes with threat hunting tools to make active hunting possible
29
Fotiadou, Konstantina, Terpsichori-Helen Velivassaki, Artemis Voulkidis, Dimitrios Skias, Sofia Tsekeridou, and Theodore Zahariadis. "Network Traffic Anomaly Detection via Deep Learning." Information 12, no. 5 (May 19, 2021): 215. http://dx.doi.org/10.3390/info12050215.
Повний текст джерелаАнотація:
Network intrusion detection is a key pillar towards the sustainability and normal operation of information systems. Complex threat patterns and malicious actors are able to cause severe damages to cyber-systems. In this work, we propose novel Deep Learning formulations for detecting threats and alerts on network logs that were acquired by pfSense, an open-source software that acts as firewall on FreeBSD operating system. pfSense integrates several powerful security services such as firewall, URL filtering, and virtual private networking among others. The main goal of this study is to analyse the logs that were acquired by a local installation of pfSense software, in order to provide a powerful and efficient solution that controls traffic flow based on patterns that are automatically learnt via the proposed, challenging DL architectures. For this purpose, we exploit the Convolutional Neural Networks (CNNs), and the Long Short Term Memory Networks (LSTMs) in order to construct robust multi-class classifiers, able to assign each new network log instance that reaches our system into its corresponding category. The performance of our scheme is evaluated by conducting several quantitative experiments, and by comparing to state-of-the-art formulations.
30
Mhawi, Doaa N., Ammar Aldallal, and Soukeana Hassan. "Advanced Feature-Selection-Based Hybrid Ensemble Learning Algorithms for Network Intrusion Detection Systems." Symmetry 14, no. 7 (July 17, 2022): 1461. http://dx.doi.org/10.3390/sym14071461.
Повний текст джерелаАнотація:
As cyber-attacks become remarkably sophisticated, effective Intrusion Detection Systems (IDSs) are needed to monitor computer resources and to provide alerts regarding unusual or suspicious behavior. Despite using several machine learning (ML) and data mining methods to achieve high effectiveness, these systems have not proven ideal. Current intrusion detection algorithms suffer from high dimensionality, redundancy, meaningless data, high error rate, false alarm rate, and false-negative rate. This paper proposes a novel Ensemble Learning (EL) algorithm-based network IDS model. The efficient feature selection is attained via a hybrid of Correlation Feature Selection coupled with Forest Panelized Attributes (CFS–FPA). The improved intrusion detection involves exploiting AdaBoosting and bagging ensemble learning algorithms to modify four classifiers: Support Vector Machine, Random Forest, Naïve Bayes, and K-Nearest Neighbor. These four enhanced classifiers have been applied first as AdaBoosting and then as bagging, using the aggregation technique through the voting average technique. To provide better benchmarking, both binary and multi-class classification forms are used to evaluate the model. The experimental results of applying the model to CICIDS2017 dataset achieved promising results of 99.7%accuracy, a 0.053 false-negative rate, and a 0.004 false alarm rate. This system will be effective for information technology-based organizations, as it is expected to provide a high level of symmetry between information security and detection of attacks and malicious intrusion.
31
Aliev, Khurshid, and Dario Antonelli. "Proposal of a Monitoring System for Collaborative Robots to Predict Outages and to Assess Reliability Factors Exploiting Machine Learning." Applied Sciences 11, no. 4 (February 10, 2021): 1621. http://dx.doi.org/10.3390/app11041621.
Повний текст джерелаАнотація:
Industry standards pertaining to Human-Robot Collaboration (HRC) impose strict safety requirements to protect human operators from danger. When a robot is equipped with dangerous tools, moves at a high speed or carries heavy loads, the current safety legislation requires the continuous on-line monitoring of the robot’s speed and a suitable separation distance from human workers. The present paper proposes to make a virtue out of necessity by extending the scope of on-line monitoring to predicting failures and safe stops. This has been done by implementing a platform, based on open access tools and technologies, to monitor the parameters of a robot during the execution of collaborative tasks. An automatic machine learning (ML) tool on the edge of the network can help to perform the on-line predictions of possible outages of collaborative robots, especially as a consequence of human-robot interactions. By exploiting the on-line monitoring system, it is possible to increase the reliability of collaborative work, by eliminating any unplanned downtimes during execution of the tasks, by maximising trust in safe interactions and by increasing the robot’s lifetime. The proposed framework demonstrates a data management technique in industrial robots considered as a physical cyber-system. Using an assembly case study, the parameters of a robot have been collected and fed to an automatic ML model in order to identify the most significant reliability factors and to predict the necessity of safe stops of the robot. Moreover, the data acquired from the case study have been used to monitor the manipulator’ joints; to predict cobot autonomy and to provide predictive maintenance notifications and alerts to the end-users and vendors.
32
Elbasi, Ersin, Ahmet E. Topcu, and Shinu Mathew. "Prediction of COVID-19 Risk in Public Areas Using IoT and Machine Learning." Electronics 10, no. 14 (July 14, 2021): 1677. http://dx.doi.org/10.3390/electronics10141677.
Повний текст джерелаАнотація:
COVID-19 is a community-acquired infection with symptoms that resemble those of influenza and bacterial pneumonia. Creating an infection control policy involving isolation, disinfection of surfaces, and identification of contagions is crucial in eradicating such pandemics. Incorporating social distancing could also help stop the spread of community-acquired infections like COVID-19. Social distancing entails maintaining certain distances between people and reducing the frequency of contact between people. Meanwhile, a significant increase in the development of different Internet of Things (IoT) devices has been seen together with cyber-physical systems that connect with physical environments. Machine learning is strengthening current technologies by adding new approaches to quickly and correctly solve problems utilizing this surge of available IoT devices. We propose a new approach using machine learning algorithms for monitoring the risk of COVID-19 in public areas. Extracted features from IoT sensors are used as input for several machine learning algorithms such as decision tree, neural network, naïve Bayes classifier, support vector machine, and random forest to predict the risks of the COVID-19 pandemic and calculate the risk probability of public places. This research aims to find vulnerable populations and reduce the impact of the disease on certain groups using machine learning models. We build a model to calculate and predict the risk factors of populated areas. This model generates automated alerts for security authorities in the case of any abnormal detection. Experimental results show that we have high accuracy with random forest of 97.32%, with decision tree of 94.50%, and with the naïve Bayes classifier of 99.37%. These algorithms indicate great potential for crowd risk prediction in public areas.
33
Jain*, Pratik, Ravikant Kholwal, and Tavneet Singh Khurana. "Reducing the False Alarm Rate in Intrusion Detection System by Providing Authentication and Improving the Efficiency of Intrusion Detection System by using Filtered Clusterer Algorithm using Weka Tool." International Journal of Engineering and Advanced Technology 10, no. 4 (April 30, 2021): 134–42. http://dx.doi.org/10.35940/ijeat.d2413.0410421.
Повний текст джерелаАнотація:
An IDS supervises network traffic by searching for skeptical activities and previously determined threats and sends alerts when detected. In the current times, the splendors of Intrusion detection still prevail censorial in cyber safety, but maybe not as a lasting resolution. To study a plant, one must start with roots, so Cambridge dictionary defines an intrusion as "an occasion when someone goes into an area or situation where they're not wanted or expected to be". For understanding the article, we will characterize interruption as any network movement or unapproved framework identified with one or more PCs or networks. This is an interpretation of permissible use of a system attempting to strengthen his advantages to acquire more noteworthy access to the framework that he is at present endowed, or a similar client attempting to associate with an unapproved far-off port of a server. These are the interruptions which will cause from the surface world, a bothered ex-representative who was terminated recently, or from your reliable staff. In this proviso, the fair information is found as an attack when the case is a false positive. Here they are zeroing in on this issue with a representation and offering one answer for a similar issue. The KDD CUP 1999 informational index is utilized. Here we dropped the number of counts and considered the OTP authentication system. In the result of this test, it may be very well seen that on the off chance that a class has a higher number of checks, at that point this class is believed to be an anomaly class. In any case, it will be considered an oddity if the genuine individual is passing the edge esteem is considered an intruder. One arrangement is proposed to distinguish the genuine individual and to eliminate false positives
34
Jain*, Pratik, Ravikant Kholwal, and Muskan Patidar. "To Decrease the Issue of False Alarm Rate by Providing Authentication & Thus Improving the Efficiency of Intrusion Detection System by Comparing the Result of Filtered Clusterer Algorithm & Make-Density Based Clustering Algorithm without Attribute Count." International Journal of Recent Technology and Engineering 10, no. 1 (May 30, 2021): 110–20. http://dx.doi.org/10.35940/ijrte.a5755.0510121.
Повний текст джерелаАнотація:
The Intrusion Detection System sends alerts when it detects doubtful activities while monitoring the network traffic and other known threats. In today’s time in the field of Cyber security Intrusion Detection is considered a brilliant topic that could be objective. But it might not remain objectionable for a longer period. For understanding Intrusion Detection, the meaning of Intrusion must be clear at first. According to the oxford’s learners dictionary “Intrusion is the act of entering a place that is private or where you may not be wanted”. For this article, here it defines intrusion as any un-possessed system or network festivity on one (or more) computer(s) or network(s). Here is the example of a faithful user trying to access the system taking more than the usual trial counts to complete his access to the particular account or trying to connect to an unauthorized remote port of a server. The ex-employee who was being fired lately can provoke intrusion or any authentic worker can also provoke intrusion or any other person from the outside world could perform it. In this clause, the average data is found as the attack which is considered as the case of false positive. In this paper, the main focus is on the illustration and a solution offered for the same problem. Here we are using the KDD CUP 1999 data set. According to the outcome, the anomaly class is the one that has a higher number of counts than this class. Even if it is the true user trying to get access but the outcome is an anomaly due to the high number of counts in the class. This paper introduces a solution for the detection of a true person and eradicates the false positive.
35
Vieane, Alex, Gregory Funke, Eric Greenlee, Vincent Mancuso, Brett Borghetti, Brent Miller, Lauren Menke, Rebecca Brown, Cyrus K. Foroughi, and Deborah Boehm-Davis. "Task Interruptions Undermine Cyber Defense." Proceedings of the Human Factors and Ergonomics Society Annual Meeting 61, no. 1 (September 2017): 375–79. http://dx.doi.org/10.1177/1541931213601576.
Повний текст джерелаАнотація:
Computer network defense analysts engage a difficult, though critical, task in cyber defense. Anecdotally, these operators complain of frequent task interruptions while they are performing their duties. The goal for the current study was to investigate the effect of a commonly reported interruption, answering email, on accuracy and completion times in a simulated network analyst task. During task trials, participants were interrupted by emails between alert investigations, during alert investigations, or not at all (control). The results indicated that email interruptions increased alert completion times regardless of when they occurred, but interruptions that occurred during an alert investigation also reduced the accuracy of subsequent judgments about alert threat. Overall, the results suggest that task interruptions can potentially undermine cyber defense, and steps should be taken to better quantify and mitigate this threat.
36
Chang, Victor, Lewis Golightly, Paolo Modesti, Qianwen Ariel Xu, Le Minh Thao Doan, Karl Hall, Sreeja Boddu, and Anna Kobusińska. "A Survey on Intrusion Detection Systems for Fog and Cloud Computing." Future Internet 14, no. 3 (March 13, 2022): 89. http://dx.doi.org/10.3390/fi14030089.
Повний текст джерелаАнотація:
The rapid advancement of internet technologies has dramatically increased the number of connected devices. This has created a huge attack surface that requires the deployment of effective and practical countermeasures to protect network infrastructures from the harm that cyber-attacks can cause. Hence, there is an absolute need to differentiate boundaries in personal information and cloud and fog computing globally and the adoption of specific information security policies and regulations. The goal of the security policy and framework for cloud and fog computing is to protect the end-users and their information, reduce task-based operations, aid in compliance, and create standards for expected user actions, all of which are based on the use of established rules for cloud computing. Moreover, intrusion detection systems are widely adopted solutions to monitor and analyze network traffic and detect anomalies that can help identify ongoing adversarial activities, trigger alerts, and automatically block traffic from hostile sources. This survey paper analyzes factors, including the application of technologies and techniques, which can enable the deployment of security policy on fog and cloud computing successfully. The paper focuses on a Software-as-a-Service (SaaS) and intrusion detection, which provides an effective and resilient system structure for users and organizations. Our survey aims to provide a framework for a cloud and fog computing security policy, while addressing the required security tools, policies, and services, particularly for cloud and fog environments for organizational adoption. While developing the essential linkage between requirements, legal aspects, analyzing techniques and systems to reduce intrusion detection, we recommend the strategies for cloud and fog computing security policies. The paper develops structured guidelines for ways in which organizations can adopt and audit the security of their systems as security is an essential component of their systems and presents an agile current state-of-the-art review of intrusion detection systems and their principles. Functionalities and techniques for developing these defense mechanisms are considered, along with concrete products utilized in operational systems. Finally, we discuss evaluation criteria and open-ended challenges in this area.
37
Hidayat, Sutan Emir, Ahmad Rafiki, and Maryam Humood Al Khalifa. "The social media adoption of public sector in the Kingdom of Bahrain." Journal of Advances in Management Research 16, no. 1 (February 4, 2019): 23–37. http://dx.doi.org/10.1108/jamr-11-2017-0105.
Повний текст джерелаАнотація:
Purpose The purpose of this paper is to identify the contemporary implementation of social media within the public sector in the Kingdom of Bahrain by reviewing each of the ministry’s presence in the social media especially on specific social media websites (Twitter, Facebook and YouTube). This study also attempts to identify the types of information that the public is interested to receive from various government social media accounts. Design/methodology/approach A descriptive analysis with frequency distribution and weighted mean was used to analyze the demographic profile of the respondents, internet preferences and government information sources. The study has employed two types of survey methods in collecting data, namely, checklist and questionnaire surveys. A snowball sampling technique was employed for the sampling selection. Among the selected respondents of 500, 384 (76.8 percent) respondents completely responded to the questionnaires. Findings The study has confirmed the fact that most of the Bahrain Government’s ministries have social media platforms with a minimum of at least one official account to reach out to the various segments of the society. It also reveals that the respondents are active internet users who are looking for information in different platforms, i.e. search engines, social media, and have interests in different media forms like blogs, forums, official websites as well as multimedia images and videos. Meanwhile, the respondents are found to be interested in various types of information from the government that ranges from serious topics like emergency alerts, citizens’ rights and healthcare, to lighter topics like ways to protect the environment, science and technology and job seeking advice. Originality/value This clearly declares the inevitability of an increase in the dissemination of information by the Government of Bahrain through social media. The recommendations in this research could be highly beneficial for the Government of Bahrain if implemented as it could improve the cyber relationship between the government and the public.
38
Maia, Eva, Sinan Wannous, Tiago Dias, Isabel Praça, and Ana Faria. "Holistic Security and Safety for Factories of the Future." Sensors 22, no. 24 (December 16, 2022): 9915. http://dx.doi.org/10.3390/s22249915.
Повний текст джерелаАнотація:
The accelerating transition of traditional industrial processes towards fully automated and intelligent manufacturing is being witnessed in almost all segments. This major adoption of enhanced technology and digitization processes has been originally embraced by the Factories of the Future and Industry 4.0 initiatives. The overall aim is to create smarter, more sustainable, and more resilient future-oriented factories. Unsurprisingly, introducing new production paradigms based on technologies such as machine learning (ML), the Internet of Things (IoT), and robotics does not come at no cost as each newly incorporated technique poses various safety and security challenges. Similarly, the integration required between these techniques to establish a unified and fully interconnected environment contributes to additional threats and risks in the Factories of the Future. Accumulating and analyzing seemingly unrelated activities, occurring simultaneously in different parts of the factory, is essential to establish cyber situational awareness of the investigated environment. Our work contributes to these efforts, in essence by envisioning and implementing the SMS-DT, an integrated platform to simulate and monitor industrial conditions in a digital twin-based architecture. SMS-DT is represented in a three-tier architecture comprising the involved data and control flows: edge, platform, and enterprise tiers. The goal of our platform is to capture, analyze, and correlate a wide range of events being tracked by sensors and systems in various domains of the factory. For this aim, multiple components have been developed on the basis of artificial intelligence to simulate dominant aspects in industries, including network analysis, energy optimization, and worker behavior. A data lake was also used to store collected information, and a set of intelligent services was delivered on the basis of innovative analysis and learning approaches. Finally, the platform was tested in a textile industry environment and integrated with its ERP system. Two misuse cases were simulated to track the factory machines, systems, and people and to assess the role of SMS-DT correlation mechanisms in preventing intentional and unintentional actions. The results of these misuse case simulations showed how the SMS-DT platform can intervene in two domains in the first scenario and three in the second one, resulting in correlating the alerts and reporting them to security operators in the multi-domain intelligent correlation dashboard.
39
Wu, Mingtao, and Young Moon. "Alert Correlation for Cyber-Manufacturing Intrusion Detection." Procedia Manufacturing 34 (2019): 820–31. http://dx.doi.org/10.1016/j.promfg.2019.06.197.
Повний текст джерела
40
Bryce, Alan. "LEADERSHIP: Preventing a cyber attack." Children and Young People Now 2017, no. 13 (September 2, 2017): 57. http://dx.doi.org/10.12968/cypn.2017.13.57.
Повний текст джерелаАнотація:
The risk of cyber attack has become a clear and present danger and is an issue charity and children's services leaders must be alert to, but there are various protective steps they can take to strengthen their defences
41
Clarke, Karla, Yair Levy, Laurie Dringus, and Shonda Brown. "How workplace satisfaction affects insider threat detection as a vital variable for the mitigation of malicious cyber insiders." Online Journal of Applied Knowledge Management 7, no. 1 (May 22, 2019): 40–52. http://dx.doi.org/10.36965/ojakm.2019.7(1)40-52.
Повний текст джерелаАнотація:
Insider threat mitigation is a growing challenge within organizations. The development of a novel alert visualization dashboard for the identification of potentially malicious cyber insider threats was identified as necessary to alleviate this challenge. This research developed a cyber insider threat dashboard visualization prototype for detecting potentially malicious cyber insider activities QUICK.v™. This study utilized Subject Matter Experts (SMEs) by applying the Delphi Method to identify the most critical cyber visualization variables and ranking. This paper contains the detailed results of a survey based experimental research study that identified the critical cybersecurity variables also referred to as cybersecurity vital signs. The identified vital signs will aid cybersecurity analysts with triage for potentially malicious insider threats. From a total of 45 analytic variables assessed by 42 cybersecurity SMEs, the top six variables were identified using a comprehensive data collection process. The results indicated that workplace satisfaction is one of the top critical cyber visualization variables that should be measured and visualized to aid cybersecurity analysts in the detection of potentially malicious cyber insider threat activities. The process of the data collection to identify and rank critical cyber visualization variables are described.
42
Sonhera, Naume, and David Mhlanga. "REDUCING CYBER INCIDENTS THROUGH GOOD ONLINE BEHAVIORAL NORMS: LESSONS FROM SOUTH AFRICA." EURASIAN JOURNAL OF SOCIAL SCIENCES 10, no. 1 (2022): 37–48. http://dx.doi.org/10.15604/ejss.2022.10.01.004.
Повний текст джерелаАнотація:
The phenomenon of cyber incidents has grown commonplace in schools throughout the world, including South Africa. Cyber mishaps are becoming more common, affecting both learners and parents, and expecting parents to supervise their children's online activity 24 hours a day is unrealistic. Several studies have highlighted several remedies, however even with such solutions, cyber incidents are still on the rise. As a result, the study aims to use a technical tool to investigate how cyber incidents can be reduced through good online behavioral norms which is an alternative strategy for reducing cyber occurrences among learners. Using the experimental action approach, the findings revealed that if learners are given alert messages that encourage them to consider appropriate behavioral standards, the number of learners who send hurtful messages may be lower than the number of learners who wish to send hurtful messages. As a result, the study suggests that educational institutions should step up their efforts to ensure that learners receive alarm messages that encourage them to consider appropriate behavior norms.
43
Boschee, Pam. "Comments: Complexity of Cyber Crime Skyrockets." Journal of Petroleum Technology 73, no. 06 (June 1, 2021): 8. http://dx.doi.org/10.2118/0621-0008-jpt.
Повний текст джерелаАнотація:
The cyberattack on the Colonial Pipeline system was impossible to “keep on the lowdown” as industrial attacks of limited scale often are. The shutdown of a 2.5 million B/D system of 5,500 miles of pipeline spanning from the US Gulf Coast to the East Coast does not go unnoticed. And early unconfirmed reports of a ransom payment made to decrypt the seized data intensified the spotlight on the incident. (Continental CEO Joseph Blount confirmed a $4.4-million payment on 19 May.) During what surely was a crisis management nightmare involving not only Colonial but also the US Department of Energy, Department of Transportation, Federal Bureau of Investigation (FBI), Federal Energy Regulatory Commission, Department of Homeland Security (DHS), and the Pipeline and Hazardous Materials Safety Administration (all agencies thanked by Colonial in a 15 May tweet), the information made public has heightened concerns about the security of data and critical infrastructure globally. Foremost is the escalation in the multiple layers of bad actors involved in a single attack. The FBI identified the ransomware-as-a-service (RaaS) DarkSide, which it has been investigating since October 2020. Criminal partners conduct attacks and then share the proceeds with the ransomware developers. The agency released a flash alert about DarkSide on 10 May with indicators of compromise and mitigation measures once infected. “Mitigation measures once infected.” The alert may have come too late for Colonial, whose business network was hit rather than its operational technology (OT) networks that control the pipeline. To contain the damage, it took down its own OT network. An example supporting this action of last resort occurred last year when a ransomware attack on an unidentified natural gas company’s business networks moved into its control systems at a compression facility, halting operations for 2 days, according to a DHS alert. DHS said the company did not have a plan to respond to a cyberattack. A report by FireEye, a cybersecurity firm that confirmed its hiring by Colonial, said since initially surfacing in August 2020, the creators of DarkSide and its partners have infiltrated organizations in more than 15 countries. Affiliates retain a portion of each ransom fee, ranging from 25% for fees less than $500,000 to 10% for fees greater than $5 million. Ransomware operators are masters in extortion and are using new tactics to widen their net of exploitation. In April, the DarkSide operators said in a press release that they were targeting organizations listed on the NASDAQ and other stock markets and were willing to give stock traders advance notice of upcoming attacks to allow them to reap profits when stock prices dropped as a result of the breach, according to FireEye. In another example, an attacker obtained the victim’s cyber insurance policy’s coverage limits and used that knowledge during ransom negotiation, refusing to lower the ransom fee. What this means for organizations is that their boards should assess the full spectrum of risk from prevention to detection as a business risk and have a plan in place to execute when an attack occurs. The investment required may be far less than the increasingly exorbitant ransom fees and the costs associated with the theft or destruction of data and disruption to the business.
44
Et.al, Siok Yee Tan. "CYBERGUARD: A Mobile Cyberbullying Detector." Turkish Journal of Computer and Mathematics Education (TURCOMAT) 12, no. 3 (April 11, 2021): 1805–15. http://dx.doi.org/10.17762/turcomat.v12i3.1008.
Повний текст джерелаАнотація:
Social media is something that is used by a lot of people in Malaysia, especially among youths today. Social media can come in many different platforms such as facebook and twitter. However, due to the convenience given, a person can send a message to another person through social media in the blink of an eye. Many cases of bullying occur online, and these cases are known as cyber bullying. Cyber bullying happens when a person bullies and harasses another user online by sending harassing messages such as messages with rude words or messages with sexual harassment elements. Cyber bullying can be dangerous, affecting a person's emotion, especially among youths, because they have no experience with cyber bullying and doesn't know how to overcome this problem. As such, an android-based application named cyber guard has been developed to overcome this problem. This application is developed by connecting the user's twitter profile to retrieve the messages from the user's twitter messages. This application will alert the user if the application detects a negative implication's word retrieved from their twitter account. This application will also explain the meaning of the negative implication's word and their threat level. For users experiencing cyber bullying, the application provides advice and ways to overcome cyber bullying issues. Fifteen users have tested this application and the application has received good feedbacks from the users. This application is vital to everyone, especially youths, to know whether they are being cyber bullied and the steps that can be taken to overcome it.
45
Svilicic, Rudan, Jugović, and Zec. "A Study on Cyber Security Threats in a Shipboard Integrated Navigational System." Journal of Marine Science and Engineering 7, no. 10 (October 12, 2019): 364. http://dx.doi.org/10.3390/jmse7100364.
Повний текст джерелаАнотація:
The integrated navigational system (INS) enhances the effectiveness and safety of ship navigation by providing multifunctional display on the basis of integration of at least two navigational functions, the voyage route monitoring with Electronic Chart Display and Information System (ECDIS) and collision avoidance with radar. The INS is essentially a software platform for fusion of data from the major ECDIS and radar systems with sensors for the additional navigation functions of route planning, status and data display, and alert management. This paper presents a study on cyber security resilience examination of a shipboard INS installed on a RoPax ship engaged in international trade. The study was based on a mixed-method approach, combining an interview of the ship's navigational ranks and cyber security testing of the INS using an industry vulnerability scanner. The identified threats were analyzed qualitatively to study the source of cyber risks threatening the INS. The results obtained point out cyber threats related to weaknesses of the INS underlying operating system, suggesting a need for occasional preventive maintenance in addition to the regulatory compliance required.
46
Syed, Romilla. "Cybersecurity vulnerability management: A conceptual ontology and cyber intelligence alert system." Information & Management 57, no. 6 (September 2020): 103334. http://dx.doi.org/10.1016/j.im.2020.103334.
Повний текст джерела
47
PARASCHIVA, Ion. "WannaCry Ransomware Attack from Romanian Police Perspective." International Journal of Information Security and Cybercrime 8, no. 1 (June 28, 2019): 65–72. http://dx.doi.org/10.19107/ijisc.2019.01.09.
Повний текст джерелаАнотація:
The field of cyber security is evolving at an alert pace and requires constantly updated strategies, and from the IT specialists, extensive knowledge and experience. In addition to the technical knowledge regarding cyber security, IT specialists of the Romanian Police need to understand very well the nature of the activity carried out. It should be made aware that there is no valid general success recipe and that the development of security policies should start from analyzing the particularities of human resources. Once their activity is understood, a dedicated security strategy can be outlined, ensuring a high degree of security for the organization and the information held by it.
48
Kee, Keh-Kim, Simon Lau Boung Yew, Yun Seng Lim, Yip Ping Ting, and Ramli Rashidi. "Universal cyber physical system, a prototype for predictive maintenance." Bulletin of Electrical Engineering and Informatics 11, no. 1 (February 1, 2022): 42–49. http://dx.doi.org/10.11591/eei.v11i1.3216.
Повний текст джерелаАнотація:
Industrial 4.0 technology of cyber-physical system enables real-time monitoring, sensing and actuating of physical machinery for predictive maintenance that replaces the conventional labor-intensive approach. This paper presents the design and development of a universal, cost-effective and internet of thing (IoT)-based proof-of-concept prototype universal cyber-physical system (UniCPS) with a cloud platform with an open and modular-based design of three-tier system architecture. The prototype demonstrates promising precision and accuracy for predictive maintenance on a pilot use case with MAPE of 3.77%, and average RMSE of 0.50. Besides, real-time visualization and detection of anomaly were also demonstrated with a cloud-based solution. The maintenance alert sent out by the actuator serves to notify the authorized personnel immediately for corrective action. As an extension to this work, a wireless sensor network can be incorporated in future work to acquire various data from diverse locations to overcome the limitations of sensor data.
49
Preuveneers, Davy, and Wouter Joosen. "Sharing Machine Learning Models as Indicators of Compromise for Cyber Threat Intelligence." Journal of Cybersecurity and Privacy 1, no. 1 (February 26, 2021): 140–63. http://dx.doi.org/10.3390/jcp1010008.
Повний текст джерелаАнотація:
Cyber threat intelligence (CTI) sharing is the collaborative effort of sharing information about cyber attacks to help organizations gain a better understanding of threats and proactively defend their systems and networks from cyber attacks. The challenge that we address is the fact that traditional indicators of compromise (IoC) may not always capture the breath or essence of a cyber security threat or attack campaign, possibly leading to false alert fatigue and missed detections with security analysts. To tackle this concern, we designed and evaluated a CTI solution that complements the attribute and tagging based sharing of indicators of compromise with machine learning (ML) models for collaborative threat detection. We implemented our solution on top of MISP, TheHive, and Cortex—three state-of-practice open source CTI sharing and incident response platforms—to incrementally improve the accuracy of these ML models, i.e., reduce the false positives and false negatives with shared counter-evidence, as well as ascertain the robustness of these models against ML attacks. However, the ML models can be attacked as well by adversaries that aim to evade detection. To protect the models and to maintain confidentiality and trust in the shared threat intelligence, we extend our previous research to offer fine-grained access to CP-ABE encrypted machine learning models and related artifacts to authorized parties. Our evaluation demonstrates the practical feasibility of the ML model based threat intelligence sharing, including the ability of accounting for indicators of adversarial ML threats.
50
Bognár, Eszter Katalin. "Data Mining in Cyber Threat Analysis : Neural Networks for Intrusion Detection." Academic and Applied Research in Military and Public Management Science 15, no. 2 (August 31, 2016): 187–96. http://dx.doi.org/10.32565/aarms.2016.2.7.
Повний текст джерелаАнотація:
The most important features and constraints of the commercial intrusion detection (IDS) and prevention (IPS) systems and the possibility of application of artificial intelligence and neural networks such as IDS or IPS were investigated. A neural network was trained using the Levenberg-Marquardt backpropagation algorithm and applied on the Knowledge Discovery and Data Mining (KDD)’99 [14] reference dataset. A very high (99.9985%) accuracy and rather low (3.006%) false alert rate was achieved, but only at the expense of high memory consumption and low computation speed. To overcome these limitations, the selection of training data size was investigated. Result shows that a neural network trained on ca. 50,000 data is enough to achieve a detection accuracy of 99.82%.