Showing papers in "Computers & Security in 2021"
TL;DR: The analysis shows how following what appeared to be large gaps between the initial outbreak of the pandemic in China and the first COVID-19 related cyber-attack, attacks steadily became much more prevalent to the point that on some days, three or four unique cyber-attacks were being reported.
Abstract: The COVID-19 pandemic was a remarkable, unprecedented event which altered the lives of billions of citizens globally resulting in what became commonly referred to as the new-normal in terms of societal norms and the way we live and work. Aside from the extraordinary impact on society and business as a whole, the pandemic generated a set of unique cyber-crime related circumstances which also affected society and business. The increased anxiety caused by the pandemic heightened the likelihood of cyber-attacks succeeding corresponding with an increase in the number and range of cyber-attacks. This paper analyses the COVID-19 pandemic from a cyber-crime perspective and highlights the range of cyber-attacks experienced globally during the pandemic. Cyber-attacks are analysed and considered within the context of key global events to reveal the modus-operandi of cyber-attack campaigns. The analysis shows how following what appeared to be large gaps between the initial outbreak of the pandemic in China and the first COVID-19 related cyber-attack, attacks steadily became much more prevalent to the point that on some days, three or four unique cyber-attacks were being reported. The analysis proceeds to utilise the UK as a case study to demonstrate how cyber-criminals leveraged salient events and governmental announcements to carefully craft and execute cyber-crime campaigns.
320 citations
TL;DR: Wang et al. as discussed by the authors proposed an effective intrusion detection framework based on SVM with naive Bayes feature embedding, which takes the data quality into consideration, which is essential for constructing a well-performed intrusion detection system beyond machine learning techniques.
Abstract: Network security has become increasingly important in recent decades, while intrusion detection system plays a critical role in protecting it. Various machine learning techniques have been applied to intrusion detection, among which SVM has been considered as an effective method. However, existing studies rarely take the data quality into consideration, which is essential for constructing a well-performed intrusion detection system beyond machine learning techniques. In this paper, we propose an effective intrusion detection framework based on SVM with naive Bayes feature embedding. Specifically, the naive Bayes feature transformation technique is implemented on the original features to generate new data with high quality; then, an SVM classifier is trained using the transformed data to build the intrusion detection model. Experiments on multiple datasets in intrusion detection domain validate that the proposed detection method can achieve good and robust performances, with 93.75% accuracy on UNSW-NB15 dataset, 98.92% accuracy on CICIDS2017 dataset, 99.35% accuracy on NSL-KDD dataset and 98.58% accuracy on Kyoto 2006+ dataset. Furthermore, our method possesses huge advantages in terms of accuracy, detection rate and false alarm rate when compared to other methods.
94 citations
TL;DR: A new group-agent strategy with trust computing is designed to ensure the reliability of edge devices during interactions and improve transmission efficiency and a stacked task sorting and ranking mechanism which improves resource allocation in each edge device is introduced.
Abstract: In order to meet various needs of people, different Internet of Things (IoT) devices have been developed and applied successfully in recent years. However, the consequent challenges in terms of search efficiency, reliable requirements, and resource allocation appear followed, which attract attention from both academia and industry. Facing this circumstance, it is necessary to establish a new scheme to realize data processing and sharing better. Therefore, a reliable and efficient system based on edge computing and blockchain is proposed in this paper. First, a new group-agent strategy with trust computing is designed to ensure the reliability of edge devices during interactions and improve transmission efficiency. Second, we introduce a stacked task sorting and ranking mechanism which improves resource allocation in each edge device. Third, this paper creates a new content model that uses Zipf distribution to predict context popularity of keywords and encrypt hot data with symmetric searchable encryption (SSE) technology. Finally, simulation results show that the proposed scheme has better computational efficiency and higher reliability compared with existing methods.
89 citations
TL;DR: In this article, the authors analyzed previously conducted attack and defense studies described in 151 papers from 2008 to 2019 for a systematic and comprehensive investigation of autonomous vehicles and classified autonomous attacks into the three categories of autonomous control system, autonomous driving systems components, and vehicle-to-everything communications.
Abstract: As technology has evolved, cities have become increasingly smart. Smart mobility is a crucial element in smart cities, and autonomous vehicles are an essential part of smart mobility. However, vulnerabilities in autonomous vehicles can be damaging to quality of life and human safety. For this reason, many security researchers have studied attacks and defenses for autonomous vehicles. However, there has not been systematic research on attacks and defenses for autonomous vehicles. In this survey, we analyzed previously conducted attack and defense studies described in 151 papers from 2008 to 2019 for a systematic and comprehensive investigation of autonomous vehicles. We classified autonomous attacks into the three categories of autonomous control system, autonomous driving systems components, and vehicle-to-everything communications. Defense against such attacks was classified into security architecture, intrusion detection, and anomaly detection. Due to the development of big data and communication technologies, techniques for detecting abnormalities using artificial intelligence and machine learning are gradually being developed. Lastly, we provide implications based on our systemic survey that future research on autonomous attacks and defenses is strongly combined with artificial intelligence and major component of smart cities.
87 citations
TL;DR: The privacy issues related to the implementation of blockchain in IoT and present privacy preservation techniques to cope with the privacy issues are described and open research gaps are addressed for future work.
Abstract: The role of the Internet of Things (IoT) in the revolutionized society cannot be overlooked. The IoT can leverage advanced machine learning (ML) algorithms for its applications. However, given the fact of massive data, which is stored at a central cloud server, adopting centralized machine learning algorithms is not a viable option due to immense computation cost and privacy leakage issues. Given such conditions, blockchain can be leveraged to enhance the privacy of IoT networks by making them decentralized without any central authority. Nevertheless, the sensitive and massive data that is stored in distributive fashion, leveraged it for application purpose, is still a challenging task. To overcome this challenging task, federated learning (FL), which is a new breed of ML is the most promising solution that brings learning to the end devices without sharing the private data to the central server. In the FL mechanism, the central server act as an orchestrator to start the FL learning process, and only model parameters' updates are shared between end devices and the central orchestrator. Although FL can provide better privacy and data management, it is still in the development phase and has not been adopted by various communities due to its unknown privacy issues. In this paper first, we present the notion of blockchain and its application in IoT systems. Then we describe the privacy issues related to the implementation of blockchain in IoT and present privacy preservation techniques to cope with the privacy issues. Second, we introduce the FL application in IoT systems, devise a taxonomy, and present privacy threats in FL. Afterward, we present IoT-based use cases on envisioned dispersed federated learning and introduce blockchain-based traceability functions to improve privacy. Finally, open research gaps are addressed for future work.
63 citations
TL;DR: This paper surveys existing empirical performance evaluations of different permissioned blockchain platforms published between 2015 and 2019, using a comparative framework and concludes with a number of potential future research directions.
Abstract: Blockchain-based platforms, particularly those based on permissioned blockchain, are increasingly popular in a broad range of settings. In addition to security and privacy concerns, organizations seeking to implement such platforms also need to consider performance, especially in latency- or delay-sensitive applications. Performance is generally less studied in comparison to security and privacy, and therefore in this paper we survey existing empirical performance evaluations of different permissioned blockchain platforms published between 2015 and 2019, using a comparative framework. The framework comprises ten criteria. We then conclude the paper with a number of potential future research directions.
61 citations
TL;DR: This paper proposes a novel approach for Android malware detection and familial classification based on the Graph Convolutional Network (GCN), and is the first study to explore the application of graph neural network in the field of malware classification.
Abstract: The dramatic increase in the number of malware poses a serious challenge to the Android platform and makes it difficult for malware analysis. In this paper, we propose a novel approach for Android malware detection and familial classification based on the Graph Convolutional Network (GCN). The general idea is to map apps and Android APIs into a large heterogeneous graph, converting the original problem into a node classification task. We build the “App-API” and “API-API” edges based on the invocation relationship and the API usage patterns, respectively. The heterogeneous graph is then fed into the GCN model, iteratively generating node embeddings that incorporate topological structure and node features. Eventually, the unlabeled apps are classified by their final embeddings. To our knowledge, this paper is the first study to explore the application of graph neural network in the field of malware classification. We develop a prototype system named GDroid. Experiments show that GDroid can effectively detect 98.99% of Android malware with a low false positive rate of less than 1%, outperforming the existing approaches. It also achieves an average accuracy of almost 97% in the malware familial classification task with surpassing the baselines. Additionally, we cooperate with QI-ANXIN Technology Research Institute to evaluate its real-world impact, and GDroid also maintains satisfactory performance in real-world scenarios.
59 citations
TL;DR: In this article, a hybrid deep learning (HDL) network consisting of CNN and LSTM is used for a better intrusion detection system, and data imbalance processing consisting of Synthetic Minority Oversampling Technique (SMOTE) and Tomek-Links sampling methods called STL is used to reduce the effects of data imbalance on system performance.
Abstract: The ability to process large amounts of data in real time using big data analytics tools brings many advantages that can be used in intrusion detection systems. Deep learning approaches have also been increasingly used in big data analysis and intrusion detection systems in recent years. In this study, a new classification-based network attack detection system is proposed on network flow traffic generating big data. In the proposed system, a Hybrid Deep Learning (HDL) network consisting of Convolutional Neural Network (CNN) and Long Short-Term Memory (LSTM) is used for a better intrusion detection system. In addition, data imbalance processing consisting of Synthetic Minority Oversampling Technique (SMOTE) and Tomek-Links sampling methods called STL was used to reduce the effects of data imbalance on system performance. In the study, PySpark providing Python support on Apache Spark platform in Google Colab environment was used. The multiclass evaluation of the model was made on the CIDDS-001 data set, and the binary classification evaluation was made on the UNS-NB15 data set. Nine different machine learning and deep learning algorithms have been compared to the proposed method. The results obtained were evaluated using the parameters of Accuracy, F-Measure, Precision, Recall, ROC Curve and Precision-Recall Curve. As a result, the proposed method has reached 99.83% accuracy in multiclass classification and 99.17% accuracy in binary classification. According to the results, the proposed method has achieved quite successful results in detecting network attacks in imbalanced data sets compared to current methods.
54 citations
TL;DR: Surveying on the state-of-the-art privacy-preserving techniques which can be employed in FL in a systematic fashion, as well as how these techniques mitigate data security and privacy risks.
Abstract: In recent years, along with the blooming of Machine Learning (ML)-based applications and services, ensuring data privacy and security have become a critical obligation. ML-based service providers not only confront with difficulties in collecting and managing data across heterogeneous sources but also challenges of complying with rigorous data protection regulations such as EU/UK General Data Protection Regulation (GDPR). Furthermore, conventional centralised ML approaches have always come with long-standing privacy risks to personal data leakage, misuse, and abuse. Federated learning (FL) has emerged as a prospective solution that facilitates distributed collaborative learning without disclosing original training data. Unfortunately, retaining data and computation on-device as in FL are not sufficient for privacy-guarantee because model parameters exchanged among participants conceal sensitive information that can be exploited in privacy attacks. Consequently, FL-based systems are not naturally compliant with the GDPR. This article is dedicated to surveying of state-of-the-art privacy-preservation techniques in FL in relations with GDPR requirements. Furthermore, insights into the existing challenges are examined along with the prospective approaches following the GDPR regulatory guidelines that FL-based systems shall implement to fully comply with the GDPR.
53 citations
TL;DR: A systematic review of the literature on ISA and a state-of-the-art collection of ISA methods and factors for enhancing employees’ ISA within both private and public sector organisations are put forward.
Abstract: Preserving the confidentiality, integrity and availability (CIA) of an organisation's sensitive information systems assets against attacks and threats is a challenge in this digital age. Organisations worldwide make huge investments in information security technological countermeasures. Nonetheless, organisations in many cases fail to protect their information assets as they rely mainly on technical solutions which are not contextually compatible and sufficient. As a matter of fact, a significant number of organisational information security incidents are due to the exploitation of human elements that directly and/or indirectly cause the majority of security incidents. Therefore, employees’ information security awareness (ISA) becomes one of the critical aspects of protection against undesirable information security behaviours. However, to date, there is limited synthesised knowledge about methods for enhancing ISA and integrated insights on factors affecting employees’ ISA levels. This study, therefore, provides a systematic review of the literature on ISA and puts forward a state-of-the-art collection of ISA methods and factors for enhancing employees’ ISA within both private and public sector organisations. The results indicate that various methods and factors are used to enhance employees’ ISA in organisations. Theoretical models and gamification are the methods widely used in both private and public organisations, whereas the constructivist approach and violation detections are some of the methods used only in private organisations. Furthermore, this study offers some insights into the latest trends in ISA content development methods and factors, and fosters good ISA practice by disseminating information and knowledge amongst Information Security professionals to help them build an overarching ISA development programme in their organisations.
52 citations
TL;DR: This research presents a practical approach for the integration of Blockchain with FL to provide privacy-preserving and secure big data analytics services and proposes utilizing fuzzy hashing to detect variations and anomalies in FL-trained models against poisoning attacks.
Abstract: Big data enables the optimization of complex supply chains through Machine Learning (ML)-based data analytics. However, data analytics comes with challenges such as the loss of control and privacy leading to increased risk of data breaches. Federated Learning (FL) is an approach in the ML arena that promises privacy-preserving and distributed model training. However, recent attacks on FL algorithms have raised concerns about the security of this approach. In this article, we advocate using Blockchain to mitigate attacks on FL algorithms operating in Internet of Things (IoT) systems. Integrating Blockchain and FL allows securing the trained models’ integrity, thus preventing model poisoning attacks. This research presents a practical approach for the integration of Blockchain with FL to provide privacy-preserving and secure big data analytics services. To protect the security of user data and the trained models, we propose utilizing fuzzy hashing to detect variations and anomalies in FL-trained models against poisoning attacks. The proposed solution is evaluated via simulating attack modes in a quasi-simulated environment.
TL;DR: This paper proposes a method relying on application representation in terms on images used to input an explainable deep learning model designed by authors for Android malware detection and family identification, and demonstrates the effectiveness of the proposed method.
Abstract: Mobile devices are pervading everyday activities of our life. Each day we store a plethora of sensitive and private information in smart devices such as smartphones or tablets, which are typically equipped with an always-on internet connection. These information are of interest for malicious writers that are developing more and more aggressive harmful code for stealing sensitive and private information from mobile devices. Considering the weaknesses exhibited from current antimalware signature-based detection, in this paper we propose a method relying on application representation in terms on images used to input an explainable deep learning model designed by authors for Android malware detection and family identification. Moreover, we show how the explainability can be considered from the analyst to assess different models. Experimental results demonstrated the effectiveness of the proposed method, obtaining an average accuracy ranging from 0.96 to 0.97; we evaluated 8446 Android samples belonging to six different malware families and one more family for trusted samples, by providing also interpretability about the predictions performed by the model.
TL;DR: An enhanced Genetic Algorithm (GA)-based feature selection method, named as GA-based Feature Selection (GbFS), is contributed, to increase the classifiers’ accuracy in the domain of network security and intrusion detection.
Abstract: Availability of suitable and validated data is a key issue in multiple domains for implementing machine learning methods. Higher data dimensionality has adverse effects on the learning algorithm's performance. This work aims to design a method that preserves most of the unique information related to the data with minimum number of features. Addressing the feature selection problem in the domain of network security and intrusion detection, this work contributes an enhanced Genetic Algorithm (GA)-based feature selection method, named as GA-based Feature Selection (GbFS), to increase the classifiers’ accuracy. Securing a network from the cyber-attacks is a critical task and needs to be strengthened. Machine learning, due to its proven results, is widely used in developing firewalls and Intrusion Detection Systems (IDSs) to identify new kinds of attacks. Utilizing machine learning algorithms, IDSs are able to detect the intruder by analyzing the network traffic passing through it. This work presents parameter tuning for the GA-based feature selection along with a novel fitness function. The present work develops an enhanced GA-based feature selection method which is tested over three benchmark network traffic datasets, namely, CIRA-CIC-DOHBrw-2020, UNSW-NB15, and Bot-IoT. A comparison is also performed with the standard feature selection methods. Results show that the accuracies improve using GbFS by achieving a maximum accuracy of 99.80%.
TL;DR: This present study aimed to propose an anomaly-based Web attack detection architecture in a Web application using deep learning methods, and the proposed CNN deep learning architecture presented successful outcomes.
Abstract: Unprotected Web applications are vulnerable places for hackers to attack an organization's network. Statistics show that 42% of Web applications are exposed to threats and hackers. Web requests that Web users request from Web applications are manipulated by hackers to control Web servers. Web queries are detected to prevent manipulations of hacker's attacks. Web attack detection is extremely essential in information distribution over the past decades. Anomaly methods based on machine learning are preferred in the Web application security. This present study aimed to propose an anomaly-based Web attack detection architecture in a Web application using deep learning methods. The architecture structure consists of data preprocess and Convolution Neural Network (CNN) steps. To prove the suitability and success of the proposed CNN architecture, CSIC2010v2 datasets were used. The proposed architecture performed detection of Web attacks, using anomaly-based detection type. Based on the experimental results of the study, the proposed CNN deep learning architecture presented successful outcomes.
TL;DR: A research framework for zero-trust is developed to structure the identified literature and to highlight future research avenues, and economic analyses and user-related studies have been neglected by both academia and practice.
Abstract: In response to weaknesses of current network security solutions, the zero-trust model follows the idea that no network – whether internal or external – is trustworthy. The concept of zero-trust is enjoying increasing attention in both research and practice due to its promise to fulfil complex new network security requirements. Despite zero-trust's advantages over traditional solutions, it has not yet succeeded in replacing existing approaches. Uncertainty remains regarding the concept's distinct benefits and drawbacks for organisations and individuals, which hinders a holistic understanding of zero-trust and wide-spread adoption. Research can make valuable contributions to the field by systematically providing new insights into zero-trust. To support researchers in this endeavour, we aim to consolidate the current state of the knowledge about zero-trust and to identify gaps in the literature. Thus, we conduct a multivocal literature review, analysing both academic and practice-oriented publications. We develop a research framework for zero-trust to structure the identified literature and to highlight future research avenues. Our results show that the academic literature has focused mainly on the architecture and performance improvements of zero-trust. In contrast, the practice-oriented literature has focused on organisational advantages of zero-trust and on potential migration strategies. However, economic analyses and user-related studies have been neglected by both academia and practice. Future research may rely on our findings to advance the field in meaningful ways.
TL;DR: A comprehensive survey of WBAN technology is provided in this article, with a particular focus on the security and privacy concerns along with their countermeasures, followed by proposed research directions and open issues.
Abstract: In the era of communication technologies, wireless healthcare networks enable innovative applications to enhance the quality of patients’ lives, provide useful monitoring tools for caregivers, and allows timely intervention. However, due to the sensitive information within the Wireless Body Area Networks (WBANs), insecure data violates the patients’ privacy and may consequently lead to improper medical diagnosis and/or treatment. Achieving a high level of security and privacy in WBAN involves various challenges due to its resource limitations and critical applications. In this paper, a comprehensive survey of the WBAN technology is provided, with a particular focus on the security and privacy concerns along with their countermeasures, followed by proposed research directions and open issues.
TL;DR: This paper proposes a rule-based approach towards generating AML attack samples and explores how they can be used to target a range of supervised machine learning classifiers used for detecting Denial of Service attacks in an IoT smart home network.
Abstract: Machine learning based Intrusion Detection Systems (IDS) allow flexible and efficient automated detection of cyberattacks in Internet of Things (IoT) networks. However, this has also created an additional attack vector; the machine learning models which support the IDS's decisions may also be subject to cyberattacks known as Adversarial Machine Learning (AML). In the context of IoT, AML can be used to manipulate data and network traffic that traverse through such devices. These perturbations increase the confusion in the decision boundaries of the machine learning classifier, where malicious network packets are often miss-classified as being benign. Consequently, such errors are bypassed by machine learning based detectors, which increases the potential of significantly delaying attack detection and further consequences such as personal information leakage, damaged hardware, and financial loss. Given the impact that these attacks may have, this paper proposes a rule-based approach towards generating AML attack samples and explores how they can be used to target a range of supervised machine learning classifiers used for detecting Denial of Service attacks in an IoT smart home network. The analysis explores which DoS packet features to perturb and how such adversarial samples can support increasing the robustness of supervised models using adversarial training. The results demonstrated that the performance of all the top performing classifiers were affected, decreasing a maximum of 47.2 percentage points when adversarial samples were present. Their performances improved following adversarial training, demonstrating their robustness towards such attacks.
TL;DR: A systematic literature review shows the dimensions of risk assessment techniques today available for the surface, deep, and darknets areas and what website features should be used in order to identify a cyber threat or attack.
Abstract: Significant cybersecurity and threat intelligence analysts agree that online criminal activity is increasing exponentially. To offer an overview of the techniques and indicators to perform cyber crime detection by means of more complex machine- and deep-learning investigations as well as similar threat intelligence and engineering activities over multiple analysis levels (i.e., surface, deep, and darknets), we systematically analyze state of the art in such techniques. First, to aid the engineering and management of such intelligence solutions. We provide (i) a taxonomy of existing methods mapped to (ii) an overview of detectable criminal activities as well as (iii) an overview of the indicators and risk parameters that can be used for such detection. Second, to find the major engineering and management challenges and variables to be addressed. We apply a Topic Modelling Analysis to identify and analyze the most relevant threat concepts both in Surface and in Deep-, Dark-Web. Third, we identify gaps and challenges, defining a roadmap. Practitioners value and conclusions. The analysis mentioned above effectively provided a photograph of the scientific and practice gaps among the Surface Web and the Deep-, Dark-Web cybercrime and threat engineering and management. More specifically, our systematic literature review shows: (i) the dimensions of risk assessment techniques today available for the aforementioned areas—addressing these is vital for Law-enforcement agencies to combat cybercrime and cyber threats effectively; (ii) what website features should be used in order to identify a cyber threat or attack—researchers and non-governmental organizations in support of Law Enforcement Agencies (LEAs) should cover these features with appropriate technologies to aid in the investigative processes; (iii) what (limited) degree of anonymity is possible when crawling in Deep-, Dark-Web—researchers should strive to fill this gap with more and more advanced degrees of anonymity to grant protection to LEAs during their investigations.
TL;DR: Wang et al. as discussed by the authors proposed a network intrusion detection system based on adaptive synthetic (ADASYN) oversampling technology and LightGBM, which can reduce the time complexity of the system while ensuring the accuracy of detection.
Abstract: Network intrusion detection systems play an important role in protecting the network from attacks. However, Existing network intrusion data is imbalanced, which makes it difficult to accurately detect minority attacks, and the training and detection time of deep neural network detection systems is relatively long. According to these problems, this paper proposes a network intrusion detection system based on adaptive synthetic (ADASYN) oversampling technology and LightGBM. First, we normalize and one-hot encode the original data through data preprocessing to avoid the impact of the maximum or minimum value on the overall characteristics. Second, we increase the minority samples by ADASYN oversampling technology to solve the problem of the low detection rate of minority attacks due to the imbalance of the training data. Finally, the LightGBM ensemble learning model is used to further reduce the time complexity of the system while ensuring the accuracy of detection. Through experimental verification on the NSL-KDD, UNSW-NB15 and CICIDS2017 data sets, the results show that the detection rate of minority samples can be improved after ADASYN oversampling, thereby improving the overall accuracy rate. The accuracy of the proposed algorithm is up to 92.57%, 89.56% and 99.91% respectively in the three test sets, and it consumes less time in the training and detection process, which is superior to other existing methods.
TL;DR: A novel Android malware detection scheme based on feature weighting with the joint optimization of weight-mapping and classifier parameters, called JOWMDroid is proposed, which outperforms four state-of-the-artfeature weighting methods and makes the weight-aware classifiers more competitive.
Abstract: Android malware detection is an important problem that must be urgently studied and solved. Machine learning-based methods first extract features from applications and then build a classifier using machine learning algorithms to distinguish malicious and benign applications. In most of the existing work, the difference in feature importance has been ignored, or the calculation of feature weights is irrelevant to the classification model. To address these issues, this paper proposes a novel Android malware detection scheme based on feature weighting with the joint optimization of weight-mapping and classifier parameters, called JOWMDroid. First, features of eight categories are extracted from the Android application package and then a certain number of the most important features are selected using information gain for malware detection. Next, an initial weight is calculated for each selected feature via three machine learning models and then five weight-mapping functions are designed to map the initial weights to the final weights. Finally, the parameters of the weight-mapping function and classifier are jointly optimized by the differential evolution algorithm. The experimental results reveal that the proposed method outperforms four state-of-the-art feature weighting methods and makes the weight-aware classifiers more competitive.
TL;DR: This work proposes a neural network "laundering" algorithm to remove black-box backdoor watermarks from neural networks even when the adversary has no prior knowledge of the structure of the watermark.
Abstract: Creating a state-of-the-art deep-learning system requires vast amounts of data, expertise, and hardware, yet research into copyright protection for neural networks has been limited. One of the main methods for achieving such protection involves relying on the susceptibility of neural networks to backdoor attacks in order to inject a watermark into the network, but the robustness of these tactics has been primarily evaluated against pruning, fine-tuning, and model inversion attacks. In this work, we propose an offensive neural network “laundering” algorithm to remove these backdoor watermarks from neural networks even when the adversary has no prior knowledge of the structure of the watermark. We can effectively remove watermarks used for recent defense or copyright protection mechanisms while retaining test accuracies on the target task above 97% and 80% for both MNIST and CIFAR-10, respectively. For all watermarking methods addressed in this paper, we find that the robustness of the watermark is significantly weaker than the original claims. We also demonstrate the feasibility of our algorithm in more complex tasks as well as in more realistic scenarios where the adversary can carry out efficient laundering attacks using less than 1% of the original training set size, demonstrating that existing watermark-embedding procedures are not sufficient to reach their claims.
TL;DR: Wang et al. as mentioned in this paper designed an integrated deep intrusion detection model based on SDAE-ELM to overcome the long training time and low classification accuracy of existing deep neural network models, and to achieve timely response to intrusion behavior.
Abstract: Intrusion detection system can effectively identify abnormal data in complex network environments, which is an effective method to ensure computer network security. Recently, deep neural networks have been widely used in image recognition, natural language processing, network security and other fields. For network intrusion detection, this paper designs an integrated deep intrusion detection model based on SDAE-ELM to overcome the long training time and low classification accuracy of existing deep neural network models, and to achieve timely response to intrusion behavior. For host intrusion detection, an integrated deep intrusion detection model based on DBN-Softmax is constructed, which effectively improves the detection accuracy of host intrusion data. At the same time, in order to improve the training efficiency and detection performance of the SDAE-ELM and DBN-Softmax models, a small batch gradient descent method is used for network training and optimization. Experiments on the KDD Cup99, NSL-KDD, UNSW-NB15, CIDDS-001, and ADFA-LD datasets show that SDAE-ELM and DBN-Softmax integrated deep inspection models have better performance than other classic machine learning models.
TL;DR: This paper covers the current trends and open challenges in IoHT device authentication mechanisms, such as the physically unclonable function (PUF) and blockchain-based techniques, and offers a comprehensive review of the IoHT or the Internet of Medical Things (IoMT).
Abstract: The Internet of Things (IoT) paradigm serves as an enabler technology in several domains. Healthcare is one of the domains in which the IoT plays a vital role in increasing quality of life. On the one hand, the Internet of Healthcare Things (IoHT) creates smart environments and increases the efficiency and intelligence of the provided services. On the other hand, unfortunately, it suffers from security vulnerabilities inside and outside. There are various techniques used to identify, access, and securely manage IoT devices. Additionally, sensors, monitoring, key confidentiality management, integrity, and sensitive data accessibility are required. This study focuses on the IoT perception layer and offers a comprehensive review of the IoHT or the Internet of Medical Things (IoMT). The paper covers the current trends and open challenges in IoHT device authentication mechanisms, such as the physically unclonable function (PUF) and blockchain-based techniques. In addition, IoT simulators and verification tools are included. Finally, a future vision regarding the evolution of IoHT device authentication in terms of the utilization of different technologies, such as artificial intelligence, cloud computing, and 5G, is provided at end of this review.
TL;DR: In this paper, a wrapper-based feature selection method called "Tabu Search - Random Forest (TS-RF)" was proposed for Network Intrusion Detection Systems (NIDS) to reduce dimensionality of data.
Abstract: The advancements in communication technologies and ubiquitous accessibility to a wide array of services has opened many challenges. Growing numbers of cyberattacks show that current security solutions and technologies do not provide effective safeguard against modern attacks. Intrusion is one of the main issue that has gone viral and can compromise the security of a network of any size. Intrusion Detection / Prevention Systems (IDS / IPS) are used to monitor, inspect and possibly block attacks. However, traditional intrusion detection techniques like signature or anomaly (network behavior) based approaches are prone to many weaknesses. Advancements in machine learning algorithms, data mining and soft computing techniques have shown potential to be used in IDS. All of these technologies, specially machine learning algorithms have to deal with the issue of high dimensionality of data /network traffic data as high dimensional data makes data sparse in hyper-space which restricts different algorithms scaling and generalization capabilities. Secondly, the problem magnitude also grows exponentially when IDS needs to make decision in a real time environment. One of the solution is to tackle this issue is to use feature selection techniques to reduce dimensionality of data. Feature selection is a process of selecting the optimal subset of features from a large feature-set to improve classification accuracy, performance and cost of extracting features. In this paper, we proposed a wrapper-based feature selection method called ’Tabu Search - Random Forest (TS-RF)’. Tabu search is used as a search method while random forest is used as a learning algorithm for Network Intrusion Detection Systems (NIDS). The proposed model is tested on the UNSW-NB15 dataset. The obtained results compared with other feature selection approaches. Results show that TS-RF improves classification accuracy while reducing number of features and false positive rate simultaneously.
TL;DR: Techniques that can be used to enhance the robustness of machine learning-based binary manipulation detectors in various adversarial scenarios are surveyed.
Abstract: Image forensic plays a crucial role in both criminal investigations (e.g., dissemination of fake images to spread racial hate or false narratives about specific ethnicity groups or political campaigns) and civil litigation (e.g., defamation). Increasingly, machine learning approaches are also utilized in image forensics. However, there are also a number of limitations and vulnerabilities associated with machine learning-based approaches (e.g., how to detect adversarial (image) examples), and there are associated real-world consequences (e.g., inadmissible evidence, or wrongful conviction). Therefore, with a focus on image forensics, this paper surveys techniques that can be used to enhance the robustness of machine learning-based binary manipulation detectors in various adversarial scenarios.
TL;DR: A phishing email classifier model that applies deep learning algorithms using a graph convolutional network (GCN) and natural language processing over an email body text to improve phishing detection accuracy is proposed.
Abstract: The growth of online services has been accompanied by increased growth in cyber-attacks. One of the most common effective attacks is phishing, in which attempts are made to steal confidential information by impersonating a legitimate source. The success of phishing emails is based on manipulating human emotions, which leads to concerns and creates an urgent situation by claiming that the recipient should take quick action that may cause great financial and data losses. Therefore, we cannot rely solely on humans to detect phishing, and more effective and automatic phishing detection mechanisms are required. Many detectors have been proposed; however, the high number of phishing emails urges additional effort. Hence, in this study, we propose a phishing email classifier model that applies deep learning algorithms using a graph convolutional network (GCN) and natural language processing over an email body text to improve phishing detection accuracy. The literature has proved GCN success in text classification, and this study proved its success in improving the accuracy of email phishing detection. The classifier was tested in a supervised learning approach. Experimental tests verified that the classifier was effective in detecting phishing emails using body text among the existing detection methods, and it took short time and produced a high accuracy rate of 98.2% and a low false-positive rate of 0.015.
TL;DR: This paper investigates the effectiveness of a new approach that uses malware visualization, for overcoming the problems related to the features selection and extraction, along with deep learning classification, whose performances are less sensitive to a small dataset than machine learning.
Abstract: With the fast growth of malware’s volume circulating in the wild, to obtain a timely and correct classification is increasingly difficult. Traditional approaches to automatic classification suffer from some limitations. The first one concerns the feature extraction: static approaches are hindered by code obfuscation techniques, while dynamic approaches are time consuming and evasion techniques often impede the correct execution of the code. The second limitation regards the building of the prediction models: the adequateness of a training dataset may degrade over time or can not be sufficient for some malware families or instances. With this paper we investigate the effectiveness of a new approach that uses malware visualization, for overcoming the problems related to the features selection and extraction, along with deep learning classification, whose performances are less sensitive to a small dataset than machine learning. The experiments carried out on twelve different neural network architectures and with a dataset of 20,199 malware, demonstrate that the proposed approach is successful as produced an F-measure of 99.97%.
TL;DR: A DDoS attack detection system based on an improved Self-adaptive evolutionary extreme learning machine (SaE-ELM) that can adapt the best suitable crossover operator and automatically determine the appropriate number of hidden layer neurons is presented.
Abstract: Distributed denial of service (DDoS) attack is a serious security threat to cloud computing that affects the availability of cloud services. Therefore, defending against these attacks becomes imperative. In this paper, we present a DDoS attack detection system based on an improved Self-adaptive evolutionary extreme learning machine (SaE-ELM). SaE-ELM model is improved by incorporating two more features. Firstly, it can adapt the best suitable crossover operator. Secondly, it can automatically determine the appropriate number of hidden layer neurons. These features improve the learning and classification capabilities of the model. The proposed system is evaluated using four datasets namely, NSL-KDD, ISCX IDS 2012, UNSW-NB15, and CICIDS 2017. It achieves the detection accuracy of 86.80%, 98.90%, 89.17%, and 99.99% with NSL-KDD, ISCX IDS 2012, UNSW-NB15, and CICIDS 2017 datasets, respectively. The experiments show that the performance of the proposed attack detection system is better than the system based on original SaE-ELM and state-of-the-art techniques. However, it shows a longer training time than SaE-ELM based system.
TL;DR: In this paper, the authors presented a novel approach to recognize malware by capturing the memory dump of suspicious processes which can be represented as a RGB image and applied a state-of-the-art manifold learning scheme named UMAP to improve the detection of unknown malware files through binary classification.
Abstract: The everlasting increase in usage of information systems and online services have triggered the birth of the new type of malware which are more dangerous and hard to detect. In particular, according to the recent reports, the new type of fileless malware infect the victims’ devices without a persistent trace (i.e. file) on hard drives. Moreover, existing static malware detection methods in literature often fail to detect sophisticated malware utilizing various obfuscation and encryption techniques. Our contribution in this study is two-folded. First, we present a novel approach to recognize malware by capturing the memory dump of suspicious processes which can be represented as a RGB image. In contrast to the conventional approaches followed by static and dynamic methods existing in the literature, we aimed to obtain and use memory data to reveal visual patterns that can be classified by employing computer vision and machine learning methods in a multi-class open-set recognition regime. And second, we have applied a state of art manifold learning scheme named UMAP to improve the detection of unknown malware files through binary classification. Throughout the study, we have employed our novel dataset covering 4294 samples in total, including 10 malware families along with the benign executables. Lastly, we obtained their memory dumps and converted them to RGB images by applying 3 different rendering schemes. In order to generate their signatures (i.e. feature vectors), we utilized GIST and HOG (Histogram of Gradients) descriptors as well as their combination. Moreover, the obtained signatures were classified via machine learning algorithms of j48, RBF kernel-based SMO, Random Forest, XGBoost and linear SVM. According to the results of the first phase, we have achieved prediction accuracy up to 96.39% by employing SMO algorithm on the feature vectors combined with GIST+HOG. Besides, the UMAP based manifold learning strategy has improved accuracy of the unknown malware recognition models up to 12.93%, 21.83%, 20.78% on average for Random Forest, linear SVM and XGBoost algorithms respectively. Moreover, on a commercially available standard desktop computer, the suggested approach takes only 3.56 s for analysis on average. The results show that our vision based scheme provides an effective protection mechanism against malicious applications.
TL;DR: In this paper, the authors explored recent advances in ransomware prevention and detection and highlighted future research challenges and directions, and also carried out an analysis of a few popular ransomware samples and developed AESthetic, which was able to evade detection against eight popular antivirus programs.
Abstract: The COVID-19 pandemic has witnessed a huge surge in the number of ransomware attacks. Different institutions such as healthcare, financial, and government have been targeted. There can be numerous reasons for such a sudden rise in attacks, but it appears working remotely in home-based environments (which is less secure compared to traditional institutional networks) could be one of the reasons. Cybercriminals are constantly exploring different approaches like social engineering attacks, such as phishing attacks, to spread ransomware. Hence, in this paper, we explored recent advances in ransomware prevention and detection and highlighted future research challenges and directions. We also carried out an analysis of a few popular ransomware samples and developed our own experimental ransomware, AESthetic, that was able to evade detection against eight popular antivirus programs.