Cyber Defense is becoming a major issue for every organization to keep business continuity intact.The presented paper explores the effectiveness of a meta-heuristic optimization algorithm-Artificial Bees Colony Algori...Cyber Defense is becoming a major issue for every organization to keep business continuity intact.The presented paper explores the effectiveness of a meta-heuristic optimization algorithm-Artificial Bees Colony Algorithm(ABC)as an Nature Inspired Cyber Security mechanism to achieve adaptive defense.It experiments on the Denial-Of-Service attack scenarios which involves limiting the traffic flow for each node.Businesses today have adapted their service distribution models to include the use of the Internet,allowing them to effectively manage and interact with their customer data.This shift has created an increased reliance on online services to store vast amounts of confidential customer data,meaning any disruption or outage of these services could be disastrous for the business,leaving them without the knowledge to serve their customers.Adversaries can exploit such an event to gain unauthorized access to the confidential data of the customers.The proposed algorithm utilizes an Adaptive Defense approach to continuously select nodes that could present characteristics of a probable malicious entity.For any changes in network parameters,the cluster of nodes is selected in the prepared solution set as a probable malicious node and the traffic rate with the ratio of packet delivery is managed with respect to the properties of normal nodes to deliver a disaster recovery plan for potential businesses.展开更多
This article signals the use of Artificial Intelligence (AI) in information security where its merits, downsides as well as unanticipated negative outcomes are noted. It considers AI based models that can strengthen o...This article signals the use of Artificial Intelligence (AI) in information security where its merits, downsides as well as unanticipated negative outcomes are noted. It considers AI based models that can strengthen or undermine infrastructural functions and organize the networks. In addition, the essay delves into AI’s role in Cyber security software development and the need for AI-resilient strategies that could anticipate and thwart AI-created vulnerabilities. The document also touched on the socioeconomic ramifications of the emergence of AI in Cyber security as well. Looking into AI and security literature, the report outlines benefits including made threat detection precision, extended security ops efficiency, and preventive security tasks. At the same time, it emphasizes the positive side of AI, but it also shows potential limitations such as data bias, lack of interpretability, ethical concerns, and security flaws. The work similarly focuses on the characterized of misuse and sophisticated cyberattacks. The research suggests ways to diminish AI-generating maleficence which comprise ethical AI development, robust safety measures and constant audits and updates. With regard to the AI application in Cyber security, there are both pros and cons in terms of socio-economic issues, for example, job displacement, economic growth and the change in the required workforce skills.展开更多
Intrusion Detection System(IDS)is a network security mechanism that analyses all users’and applications’traffic and detectsmalicious activities in real-time.The existing IDSmethods suffer fromlower accuracy and lack...Intrusion Detection System(IDS)is a network security mechanism that analyses all users’and applications’traffic and detectsmalicious activities in real-time.The existing IDSmethods suffer fromlower accuracy and lack the required level of security to prevent sophisticated attacks.This problem can result in the system being vulnerable to attacks,which can lead to the loss of sensitive data and potential system failure.Therefore,this paper proposes an Intrusion Detection System using Logistic Tanh-based Convolutional Neural Network Classification(LTH-CNN).Here,the Correlation Coefficient based Mayfly Optimization(CC-MA)algorithm is used to extract the input characteristics for the IDS from the input data.Then,the optimized features are utilized by the LTH-CNN,which returns the attacked and non-attacked data.After that,the attacked data is stored in the log file and non-attacked data is mapped to the cyber security and data security phases.To prevent the system from cyber-attack,the Source and Destination IP address is converted into a complex binary format named 1’s Complement Reverse Shift Right(CRSR),where,in the data security phase the sensed data is converted into an encrypted format using Senders Public key Exclusive OR Receivers Public Key-Elliptic Curve Cryptography(PXORP-ECC)Algorithm to improve the data security.TheNetwork Security Laboratory-Knowledge Discovery inDatabases(NSLKDD)dataset and real-time sensor are used to train and evaluate the proposed LTH-CNN.The suggested model is evaluated based on accuracy,sensitivity,and specificity,which outperformed the existing IDS methods,according to the results of the experiments.展开更多
As Egyptian oil and gas downstream information technology has grown digitally over the past decade, security breaches against these digitally connected systems have also increased. These cyber security threats could h...As Egyptian oil and gas downstream information technology has grown digitally over the past decade, security breaches against these digitally connected systems have also increased. These cyber security threats could have devastating effects on the operations and reputation of these companies. Preventing such cyberattacks is crucial. Especially, with the significance of the Egyptian oil and gas downstream sector to the local economy and the fact that many of these connected systems are sometimes managed remotely. This paper examines the value of the ISO 27001 standard in mitigating the effect of cyber threat and seeks to inspire decision-makers to the importance of the proactive measures to strengthen their organization’s cybersecurity posture and protect information critical assets. The study stresses the importance of improving the local educational system to bridge the gap between supply and demand for cybersecurity specialists by implementing a structured approach that emphasizes behavior modification to get a high return on investment in cybersecurity awareness.展开更多
Cyber threats and risks are increasing exponentially with time. For preventing and defense against these threats and risks, precise risk perception for effective mitigation is the first step. Risk perception is necess...Cyber threats and risks are increasing exponentially with time. For preventing and defense against these threats and risks, precise risk perception for effective mitigation is the first step. Risk perception is necessary requirement to mitigate risk as it drives the security strategy at the organizational level and human attitude at individual level. Sometime, individuals understand there is a risk that a negative event or incident can occur, but they do not believe there will be a personal impact if the risk comes to realization but instead, they believe that the negative event will impact others. This belief supports the common belief that individuals tend to think of themselves as invulnerable, i.e., optimistically bias about the situation, thus affecting their attitude for taking preventive measures due to inappropriate risk perception or overconfidence. The main motivation of this meta-analysis is to assess that how the cyber optimistic bias or cyber optimism bias affects individual’s cyber security risk perception and how it changes their decisions. Applying a meta-analysis, this study found that optimistic bias has an overall negative impact on the cyber security due to the inappropriate risk perception and considering themselves invulnerable by biasing that the threat will not occur to them. Due to the cyber optimism bias, the individual will sometimes share passwords by considering it will not be maliciously used, lack in adopting of preventive measures, ignore security incidents, wrong perception of cyber threats and overconfidence on themselves in the context of cyber security.展开更多
Since the publication of Satoshi Nakamoto's white paper on Bitcoin in 2008,blockchain has(slowly)become one of the most frequently discussed methods for securing data storage and transfer through decentralized,tru...Since the publication of Satoshi Nakamoto's white paper on Bitcoin in 2008,blockchain has(slowly)become one of the most frequently discussed methods for securing data storage and transfer through decentralized,trustless,peer-to-peer systems.This research identifies peer-reviewed literature that seeks to utilize blockchain for cyber security purposes and presents a systematic analysis of the most frequently adopted blockchain security applications.Our findings show that the Internet of Things(IoT)lends itself well to novel blockchain applications,as do networks and machine visualization,public-key cryptography,web applications,certification schemes and the secure storage of Personally Identifiable Information(PII).This timely systematic review also sheds light on future directions of research,education and practices in the blockchain and cyber security space,such as security of blockchain in IoT,security of blockchain for AI data,and sidechain security.展开更多
Driven by the rapid development of the Internet of Things,cloud computing and other emerging technologies,the connotation of cyberspace is constantly expanding and becoming the fifth dimension of human activities.Howe...Driven by the rapid development of the Internet of Things,cloud computing and other emerging technologies,the connotation of cyberspace is constantly expanding and becoming the fifth dimension of human activities.However,security problems in cyberspace are becoming serious,and traditional defense measures(e.g.,firewall,intrusion detection systems,and security audits)often fall into a passive situation of being prone to attacks and difficult to take effect when responding to new types of network attacks with a higher and higher degree of coordination and intelligence.By constructing and implementing the diverse strategy of dynamic transformation,the configuration characteristics of systems are constantly changing,and the probability of vulnerability exposure is increasing.Therefore,the difficulty and cost of attack are increasing,which provides new ideas for reversing the asymmetric situation of defense and attack in cyberspace.Nonetheless,few related works systematically introduce dynamic defense mechanisms for cyber security.The related concepts and development strategies of dynamic defense are rarely analyzed and summarized.To bridge this gap,we conduct a comprehensive and concrete survey of recent research efforts on dynamic defense in cyber security.Specifically,we firstly introduce basic concepts and define dynamic defense in cyber security.Next,we review the architectures,enabling techniques and methods for moving target defense and mimic defense.This is followed by taxonomically summarizing the implementation and evaluation of dynamic defense.Finally,we discuss some open challenges and opportunities for dynamic defense in cyber security.展开更多
In this paper,we review and analyze intrusion detection systems for Agriculture 4.0 cyber security.Specifically,we present cyber security threats and evaluation metrics used in the performance evaluation of an intrusi...In this paper,we review and analyze intrusion detection systems for Agriculture 4.0 cyber security.Specifically,we present cyber security threats and evaluation metrics used in the performance evaluation of an intrusion detection system for Agriculture 4.0.Then,we evaluate intrusion detection systems according to emerging technologies,including,Cloud computing,Fog/Edge computing,Network virtualization,Autonomous tractors,Drones,Internet of Things,Industrial agriculture,and Smart Grids.Based on the machine learning technique used,we provide a comprehensive classification of intrusion detection systems in each emerging technology.Furthermore,we present public datasets,and the implementation frameworks applied in the performance evaluation of intrusion detection systems for Agriculture 4.0.Finally,we outline challenges and future research directions in cyber security intrusion detection for Agriculture 4.0.展开更多
Vehicular Networks (VANET) are the largest real-life paradigm of ad hoc networks which aim to ensure road safety and enhance drivers’ comfort. In VANET, the vehicles communicate or collaborate with each other and wit...Vehicular Networks (VANET) are the largest real-life paradigm of ad hoc networks which aim to ensure road safety and enhance drivers’ comfort. In VANET, the vehicles communicate or collaborate with each other and with adjacent infrastructure by exchanging significant messages, such as road accident warnings, steep-curve ahead warnings or traffic jam warnings. However, this communication and other assets involved are subject to major threats and provide numerous opportunities for attackers to launch several attacks and compromise security and privacy of vehicular users. This paper reviews the cyber security in VANET and proposes an asset-based approach for VANET security. Firstly, it identifies relevant assets in VANET. Secondly, it provides a detailed taxonomy of vulnerabilities and threats on these assets, and, lastly, it classifies the possible attacks in VANET and critically evaluates them.展开更多
In the last few years,cyber security has been an essential prerequisite for almost every organization to handle the massive number of emerging cyber attacks worldwide.A critical factor in reducing the possibility of b...In the last few years,cyber security has been an essential prerequisite for almost every organization to handle the massive number of emerging cyber attacks worldwide.A critical factor in reducing the possibility of being exploited is cyber security awareness.Not only having the adequate knowledge but how to utilize this knowledge to prevent cyber attacks.In this paper we conducted a survey that focuses on three vital security parameters,which are trust,passwords and defensive attitude respectively.The survey mainly aimed at assessing cyber security knowledge of 200 students and 100 faculty members in a Sudanese college and how secure these participants think they are according to their current cyber behaviour.56%of the participants are males and 44%are females.The results revealed that all participants were having fairly-low level of security awareness and their defensive attitude is considerably weak and doesn’t protect them either individually or at institutional-level.Nevertheless,faculty member showed better cyber security knowledge and skills by 8%higher than students.This study can be used to develop training approaches that bridge the security gaps depicted by the respondents of the survey questions manipulated in this study.展开更多
Digital systems have changed our world and will continue to change it. Supportive government policy, a strong research base and history of industrial success place the benefits of an emerging digital society. Protecti...Digital systems have changed our world and will continue to change it. Supportive government policy, a strong research base and history of industrial success place the benefits of an emerging digital society. Protecting benefits and minimizing risks requires reliable and robust cyber security, backed by a robust research and translation system. Trust is essential for growth and maintenance of participation in the digital community. Organizations gain trust by acting in a trustworthy way leading to building reliable and secure systems, treating people, their privacy and their data with respect, and providing reliable and understandable information to help people understand how safe they are. Research and revolution in industry and academia will continue to make important contributions to create flexible and reliable digital environment. Cyber Security has </span></span><span style="font-family:Verdana;"><span style="font-family:Verdana;"><span style="font-family:Verdana;">a </span></span></span><span style="font-family:Verdana;"><span style="font-family:Verdana;"><span style="font-family:Verdana;">main role in the field of information technology because securing information has become one of the greatest challenges today. When we think about the cyber security, the first thing that comes to our mind is “cyber crimes” which </span></span></span><span style="font-family:Verdana;"><span style="font-family:Verdana;"><span style="font-family:Verdana;">are</span></span></span><span style="font-family:Verdana;"><span style="font-family:Verdana;"><span style="font-family:Verdana;"> increasing exponentially day by day. Many governments and firms are taking many measures to prevent these cybercrimes. Besides the various measures, cyber security remains a major concern. This paper intended to give </span></span></span><span style="font-family:Verdana;"><span style="font-family:Verdana;"><span style="font-family:Verdana;">a </span></span></span><span style="font-family:Verdana;"><span style="font-family:Verdana;"><span style="font-family:Verdana;">deep overview of the concepts and principles of cyber security that affect the safety and security in an international context. It mainly focuses on challenges faced by cyber security on the latest technologies and focuses also on introducing security types, cyber security techniques, cyber security ethics, trends that change the face of cyber security and finally attempting to solve one of the most serious cyber security crimes of violating privacy on the internet by improving the security of sensitive personal information (SPI) in Cyber-physical systems using a selected proposed algorithm that analyzes the user’s information resources and determines the valid data to be encrypted, then uses adaptive acquisition methods to collect the information and finally a new cryptographic method is used to complete SPI secure encryption according to acquisition results as described in details in Section 4.展开更多
Ransomware attacks have been spreading broadly in the last few years,where attackers deny users’access to their systems and encrypt their files until they pay a ransom,usually in Bitcoin.Of course,that is the worst t...Ransomware attacks have been spreading broadly in the last few years,where attackers deny users’access to their systems and encrypt their files until they pay a ransom,usually in Bitcoin.Of course,that is the worst thing that can happen;especially for organizations having sensitive information.In this paper we proposed a cyber security awareness program intended to provide end-users with a rescue checklist in case of being attacked with a ransomware as well as preventing the attack and ways to recover from it.The program aimed at providing cyber security knowledge to 15 employees in a Sudanese trading and investment company.According to their cyber behaviour before the program,the participants showed a low level cyber security awareness that with 72%they are likely of being attacked by a ransomware from a phishing email,which is well known for spreading ransomware attacks.The results revealed that the cyber security awareness program greatly diminished the probability of being attacked by a ransomware with an average of 28%.This study can be used as a real-life ransomware attack rescue plan.展开更多
This paper presents a reliable and secure supervisory control and data acquisition (SCADA) system equipped with advanced communication technologies (ACT) to enhance the operation and cyber security of the communicatio...This paper presents a reliable and secure supervisory control and data acquisition (SCADA) system equipped with advanced communication technologies (ACT) to enhance the operation and cyber security of the communication network in residential microgrid. The proposed approach uses the mobile ad hoc networks (MANET) for collecting data of power consumption from smart meters of residential areas and electric vehicles (EVs), and also for connecting mobile system operators to the network. Moreover, by understanding the dynamic nature of MANET and their exposure to cyber-attacks, we propose an intrusion detection and prevention (IDP) technology with secure knowledge algorithm and anomaly detection for preventing the black hole attacks, and other unknown attacks that result into packet dropping. Test results obtained by using Network Simulator (NS-2) demonstrate the effectiveness of the proposed IDP technology in preventing the cyber-attacks in the proposed residential microgrid communication network.展开更多
As cyber threats and attacks are immensely increasing and broadly spreading catastrophically worldwide,cyber security professionals need to cope up with such a highly demanding environment.Security teams,such as Secur...As cyber threats and attacks are immensely increasing and broadly spreading catastrophically worldwide,cyber security professionals need to cope up with such a highly demanding environment.Security teams,such as Security operation Centre(SOC),Incident Response(IR)and Threat management teams are the people responsible for dealing with cyber security threats and attacks from detection to containment and preventing future incidents;which encompasses some significant challenges that might impose some limitations to the efficiency and effectiveness of activities cyber security professionals conduct,as these processes are time-consuming.In this paper we propose an integrated platform to help cyber security professionals to proactively manage cyber security threats and emerging incidents by providing an automated functionality that can optimize the workflow.The proposed security platform is supposed to diminish the average time taken by cyber security professionals to respond to cyber incidents with an average of 42%.This study can be used as a preliminary design for such an integrated platform.展开更多
Many organizations have datasets which contain a high volume of personal data on individuals,e.g.,health data.Even without a name or address,persons can be identified based on the details(variables)on the dataset.This...Many organizations have datasets which contain a high volume of personal data on individuals,e.g.,health data.Even without a name or address,persons can be identified based on the details(variables)on the dataset.This is an important issue for big data holders such as public sector organizations(e.g.,Public Health Organizations)and social media companies.This paper looks at how individuals can be identified from big data using a mathematical approach and how to apply this mathematical solution to prevent accidental disclosure of a person’s details.The mathematical concept is known as the“Identity Correlation Approach”(ICA)and demonstrates how an individual can be identified without a name or address using a unique set of characteristics(variables).Secondly,having identified the individual person,it shows how a solution can be put in place to prevent accidental disclosure of the personal details.Thirdly,how to store data such that accidental leaks of the datasets do not lead to the disclosure of the personal details to unauthorized users.展开更多
The Kingdom of Saudi Arabia(KSA)has achieved significant milestones in cybersecurity.KSA has maintained solid regulatorymechanisms to prevent,trace,and punish offenders to protect the interests of both individual user...The Kingdom of Saudi Arabia(KSA)has achieved significant milestones in cybersecurity.KSA has maintained solid regulatorymechanisms to prevent,trace,and punish offenders to protect the interests of both individual users and organizations from the online threats of data poaching and pilferage.The widespread usage of Information Technology(IT)and IT Enable Services(ITES)reinforces securitymeasures.The constantly evolving cyber threats are a topic that is generating a lot of discussion.In this league,the present article enlists a broad perspective on how cybercrime is developing in KSA at present and also takes a look at some of the most significant attacks that have taken place in the region.The existing legislative framework and measures in the KSA are geared toward deterring criminal activity online.Different competency models have been devised to address the necessary cybercrime competencies in this context.The research specialists in this domain can benefit more by developing a master competency level for achieving optimum security.To address this research query,the present assessment uses the Fuzzy Decision-Making Trial and Evaluation Laboratory(Fuzzy-DMTAEL),Fuzzy Analytic Hierarchy Process(F.AHP),and Fuzzy TOPSIS methodology to achieve segment-wise competency development in cyber security policy.The similarities and differences between the three methods are also discussed.This cybersecurity analysis determined that the National Cyber Security Centre got the highest priority.The study concludes by perusing the challenges that still need to be examined and resolved in effectuating more credible and efficacious online security mechanisms to offer amoreempowered ITES-driven economy for SaudiArabia.Moreover,cybersecurity specialists and policymakers need to collate their efforts to protect the country’s digital assets in the era of overt and covert cyber warfare.展开更多
Information security and quality management are often considered two different fields. However, organizations must be mindful of how software security may affect quality control. This paper examines and promotes metho...Information security and quality management are often considered two different fields. However, organizations must be mindful of how software security may affect quality control. This paper examines and promotes methods through which secure software development processes can be integrated into the Systems Software Development Life-cycle (SDLC) to improve system quality. Cyber-security and quality assurance are both involved in reducing risk. Software security teams work to reduce security risks, whereas quality assurance teams work to decrease risks to quality. There is a need for clear standards, frameworks, processes, and procedures to be followed by organizations to ensure high-level quality while reducing security risks. This research uses a survey of industry professionals to help identify best practices for developing software with fewer defects from the early stages of the SDLC to improve both the quality and security of software. Results show that there is a need for better security awareness among all members of software development teams.展开更多
The Industrial Internet of Things(IIoT)has brought numerous benefits,such as improved efficiency,smart analytics,and increased automation.However,it also exposes connected devices,users,applications,and data generated...The Industrial Internet of Things(IIoT)has brought numerous benefits,such as improved efficiency,smart analytics,and increased automation.However,it also exposes connected devices,users,applications,and data generated to cyber security threats that need to be addressed.This work investigates hybrid cyber threats(HCTs),which are now working on an entirely new level with the increasingly adopted IIoT.This work focuses on emerging methods to model,detect,and defend against hybrid cyber attacks using machine learning(ML)techniques.Specifically,a novel ML-based HCT modelling and analysis framework was proposed,in which L1 regularisation and Random Forest were used to cluster features and analyse the importance and impact of each feature in both individual threats and HCTs.A grey relation analysis-based model was employed to construct the correlation between IIoT components and different threats.展开更多
Digital assets have boomed over the past few years with the emergence of Non-fungible Tokens(NFTs).To be specific,the total trading volume of digital assets reached an astounding$55.5 billion in 2022.Nevertheless,nume...Digital assets have boomed over the past few years with the emergence of Non-fungible Tokens(NFTs).To be specific,the total trading volume of digital assets reached an astounding$55.5 billion in 2022.Nevertheless,numerous security concerns have been raised by the rapid expansion of the NFT ecosystem.NFT holders are exposed to a plethora of scams and traps,putting their digital assets at risk of being lost.However,academic research on NFT security is scarce,and the security issues have aroused rare attention.In this study,the NFT ecological process is comprehensively explored.This process falls into five different stages encompassing the entire lifecycle of NFTs.Subsequently,the security issues regarding the respective stage are elaborated and analyzed in depth.A matrix model is proposed as a novel contribution to the categorization of NFT security issues.Diverse data are collected from social networks,the Ethereum blockchain,and NFT markets to substantiate our claims regarding the severity of security concerns in the NFT ecosystem.From this comprehensive dataset,nine key NFT security issues are identified from the matrix model and then subjected to qualitative and quantitative analysis.This study aims to shed light on the severity of NFT ecosystem security issues.The findings stress the need for increased attention and proactive measures to safeguard the NFT ecosystem.展开更多
The widespread adoption of QR codes has revolutionized various industries, streamlined transactions and improved inventory management. However, this increased reliance on QR code technology also exposes it to potentia...The widespread adoption of QR codes has revolutionized various industries, streamlined transactions and improved inventory management. However, this increased reliance on QR code technology also exposes it to potential security risks that malicious actors can exploit. QR code Phishing, or “Quishing”, is a type of phishing attack that leverages QR codes to deceive individuals into visiting malicious websites or downloading harmful software. These attacks can be particularly effective due to the growing popularity and trust in QR codes. This paper examines the importance of enhancing the security of QR codes through the utilization of artificial intelligence (AI). The abstract investigates the integration of AI methods for identifying and mitigating security threats associated with QR code usage. By assessing the current state of QR code security and evaluating the effectiveness of AI-driven solutions, this research aims to propose comprehensive strategies for strengthening QR code technology’s resilience. The study contributes to discussions on secure data encoding and retrieval, providing valuable insights into the evolving synergy between QR codes and AI for the advancement of secure digital communication.展开更多
文摘Cyber Defense is becoming a major issue for every organization to keep business continuity intact.The presented paper explores the effectiveness of a meta-heuristic optimization algorithm-Artificial Bees Colony Algorithm(ABC)as an Nature Inspired Cyber Security mechanism to achieve adaptive defense.It experiments on the Denial-Of-Service attack scenarios which involves limiting the traffic flow for each node.Businesses today have adapted their service distribution models to include the use of the Internet,allowing them to effectively manage and interact with their customer data.This shift has created an increased reliance on online services to store vast amounts of confidential customer data,meaning any disruption or outage of these services could be disastrous for the business,leaving them without the knowledge to serve their customers.Adversaries can exploit such an event to gain unauthorized access to the confidential data of the customers.The proposed algorithm utilizes an Adaptive Defense approach to continuously select nodes that could present characteristics of a probable malicious entity.For any changes in network parameters,the cluster of nodes is selected in the prepared solution set as a probable malicious node and the traffic rate with the ratio of packet delivery is managed with respect to the properties of normal nodes to deliver a disaster recovery plan for potential businesses.
文摘This article signals the use of Artificial Intelligence (AI) in information security where its merits, downsides as well as unanticipated negative outcomes are noted. It considers AI based models that can strengthen or undermine infrastructural functions and organize the networks. In addition, the essay delves into AI’s role in Cyber security software development and the need for AI-resilient strategies that could anticipate and thwart AI-created vulnerabilities. The document also touched on the socioeconomic ramifications of the emergence of AI in Cyber security as well. Looking into AI and security literature, the report outlines benefits including made threat detection precision, extended security ops efficiency, and preventive security tasks. At the same time, it emphasizes the positive side of AI, but it also shows potential limitations such as data bias, lack of interpretability, ethical concerns, and security flaws. The work similarly focuses on the characterized of misuse and sophisticated cyberattacks. The research suggests ways to diminish AI-generating maleficence which comprise ethical AI development, robust safety measures and constant audits and updates. With regard to the AI application in Cyber security, there are both pros and cons in terms of socio-economic issues, for example, job displacement, economic growth and the change in the required workforce skills.
文摘Intrusion Detection System(IDS)is a network security mechanism that analyses all users’and applications’traffic and detectsmalicious activities in real-time.The existing IDSmethods suffer fromlower accuracy and lack the required level of security to prevent sophisticated attacks.This problem can result in the system being vulnerable to attacks,which can lead to the loss of sensitive data and potential system failure.Therefore,this paper proposes an Intrusion Detection System using Logistic Tanh-based Convolutional Neural Network Classification(LTH-CNN).Here,the Correlation Coefficient based Mayfly Optimization(CC-MA)algorithm is used to extract the input characteristics for the IDS from the input data.Then,the optimized features are utilized by the LTH-CNN,which returns the attacked and non-attacked data.After that,the attacked data is stored in the log file and non-attacked data is mapped to the cyber security and data security phases.To prevent the system from cyber-attack,the Source and Destination IP address is converted into a complex binary format named 1’s Complement Reverse Shift Right(CRSR),where,in the data security phase the sensed data is converted into an encrypted format using Senders Public key Exclusive OR Receivers Public Key-Elliptic Curve Cryptography(PXORP-ECC)Algorithm to improve the data security.TheNetwork Security Laboratory-Knowledge Discovery inDatabases(NSLKDD)dataset and real-time sensor are used to train and evaluate the proposed LTH-CNN.The suggested model is evaluated based on accuracy,sensitivity,and specificity,which outperformed the existing IDS methods,according to the results of the experiments.
文摘As Egyptian oil and gas downstream information technology has grown digitally over the past decade, security breaches against these digitally connected systems have also increased. These cyber security threats could have devastating effects on the operations and reputation of these companies. Preventing such cyberattacks is crucial. Especially, with the significance of the Egyptian oil and gas downstream sector to the local economy and the fact that many of these connected systems are sometimes managed remotely. This paper examines the value of the ISO 27001 standard in mitigating the effect of cyber threat and seeks to inspire decision-makers to the importance of the proactive measures to strengthen their organization’s cybersecurity posture and protect information critical assets. The study stresses the importance of improving the local educational system to bridge the gap between supply and demand for cybersecurity specialists by implementing a structured approach that emphasizes behavior modification to get a high return on investment in cybersecurity awareness.
文摘Cyber threats and risks are increasing exponentially with time. For preventing and defense against these threats and risks, precise risk perception for effective mitigation is the first step. Risk perception is necessary requirement to mitigate risk as it drives the security strategy at the organizational level and human attitude at individual level. Sometime, individuals understand there is a risk that a negative event or incident can occur, but they do not believe there will be a personal impact if the risk comes to realization but instead, they believe that the negative event will impact others. This belief supports the common belief that individuals tend to think of themselves as invulnerable, i.e., optimistically bias about the situation, thus affecting their attitude for taking preventive measures due to inappropriate risk perception or overconfidence. The main motivation of this meta-analysis is to assess that how the cyber optimistic bias or cyber optimism bias affects individual’s cyber security risk perception and how it changes their decisions. Applying a meta-analysis, this study found that optimistic bias has an overall negative impact on the cyber security due to the inappropriate risk perception and considering themselves invulnerable by biasing that the threat will not occur to them. Due to the cyber optimism bias, the individual will sometimes share passwords by considering it will not be maliciously used, lack in adopting of preventive measures, ignore security incidents, wrong perception of cyber threats and overconfidence on themselves in the context of cyber security.
文摘Since the publication of Satoshi Nakamoto's white paper on Bitcoin in 2008,blockchain has(slowly)become one of the most frequently discussed methods for securing data storage and transfer through decentralized,trustless,peer-to-peer systems.This research identifies peer-reviewed literature that seeks to utilize blockchain for cyber security purposes and presents a systematic analysis of the most frequently adopted blockchain security applications.Our findings show that the Internet of Things(IoT)lends itself well to novel blockchain applications,as do networks and machine visualization,public-key cryptography,web applications,certification schemes and the secure storage of Personally Identifiable Information(PII).This timely systematic review also sheds light on future directions of research,education and practices in the blockchain and cyber security space,such as security of blockchain in IoT,security of blockchain for AI data,and sidechain security.
基金supported by the Financial and Science Technology Plan Project of Xinjiang Production and Construction Corps,under grants No.2020DB005 and No.2017DB005supported by the Priority Academic Program Development of Jiangsu Higher Education Institutions fund.
文摘Driven by the rapid development of the Internet of Things,cloud computing and other emerging technologies,the connotation of cyberspace is constantly expanding and becoming the fifth dimension of human activities.However,security problems in cyberspace are becoming serious,and traditional defense measures(e.g.,firewall,intrusion detection systems,and security audits)often fall into a passive situation of being prone to attacks and difficult to take effect when responding to new types of network attacks with a higher and higher degree of coordination and intelligence.By constructing and implementing the diverse strategy of dynamic transformation,the configuration characteristics of systems are constantly changing,and the probability of vulnerability exposure is increasing.Therefore,the difficulty and cost of attack are increasing,which provides new ideas for reversing the asymmetric situation of defense and attack in cyberspace.Nonetheless,few related works systematically introduce dynamic defense mechanisms for cyber security.The related concepts and development strategies of dynamic defense are rarely analyzed and summarized.To bridge this gap,we conduct a comprehensive and concrete survey of recent research efforts on dynamic defense in cyber security.Specifically,we firstly introduce basic concepts and define dynamic defense in cyber security.Next,we review the architectures,enabling techniques and methods for moving target defense and mimic defense.This is followed by taxonomically summarizing the implementation and evaluation of dynamic defense.Finally,we discuss some open challenges and opportunities for dynamic defense in cyber security.
基金supported in part by the Research Start-Up Fund for Talent Researcher of Nanjing Agricultural University(77H0603)in part by the National Natural Science Foundation of China(62072248)。
文摘In this paper,we review and analyze intrusion detection systems for Agriculture 4.0 cyber security.Specifically,we present cyber security threats and evaluation metrics used in the performance evaluation of an intrusion detection system for Agriculture 4.0.Then,we evaluate intrusion detection systems according to emerging technologies,including,Cloud computing,Fog/Edge computing,Network virtualization,Autonomous tractors,Drones,Internet of Things,Industrial agriculture,and Smart Grids.Based on the machine learning technique used,we provide a comprehensive classification of intrusion detection systems in each emerging technology.Furthermore,we present public datasets,and the implementation frameworks applied in the performance evaluation of intrusion detection systems for Agriculture 4.0.Finally,we outline challenges and future research directions in cyber security intrusion detection for Agriculture 4.0.
文摘Vehicular Networks (VANET) are the largest real-life paradigm of ad hoc networks which aim to ensure road safety and enhance drivers’ comfort. In VANET, the vehicles communicate or collaborate with each other and with adjacent infrastructure by exchanging significant messages, such as road accident warnings, steep-curve ahead warnings or traffic jam warnings. However, this communication and other assets involved are subject to major threats and provide numerous opportunities for attackers to launch several attacks and compromise security and privacy of vehicular users. This paper reviews the cyber security in VANET and proposes an asset-based approach for VANET security. Firstly, it identifies relevant assets in VANET. Secondly, it provides a detailed taxonomy of vulnerabilities and threats on these assets, and, lastly, it classifies the possible attacks in VANET and critically evaluates them.
文摘In the last few years,cyber security has been an essential prerequisite for almost every organization to handle the massive number of emerging cyber attacks worldwide.A critical factor in reducing the possibility of being exploited is cyber security awareness.Not only having the adequate knowledge but how to utilize this knowledge to prevent cyber attacks.In this paper we conducted a survey that focuses on three vital security parameters,which are trust,passwords and defensive attitude respectively.The survey mainly aimed at assessing cyber security knowledge of 200 students and 100 faculty members in a Sudanese college and how secure these participants think they are according to their current cyber behaviour.56%of the participants are males and 44%are females.The results revealed that all participants were having fairly-low level of security awareness and their defensive attitude is considerably weak and doesn’t protect them either individually or at institutional-level.Nevertheless,faculty member showed better cyber security knowledge and skills by 8%higher than students.This study can be used to develop training approaches that bridge the security gaps depicted by the respondents of the survey questions manipulated in this study.
文摘Digital systems have changed our world and will continue to change it. Supportive government policy, a strong research base and history of industrial success place the benefits of an emerging digital society. Protecting benefits and minimizing risks requires reliable and robust cyber security, backed by a robust research and translation system. Trust is essential for growth and maintenance of participation in the digital community. Organizations gain trust by acting in a trustworthy way leading to building reliable and secure systems, treating people, their privacy and their data with respect, and providing reliable and understandable information to help people understand how safe they are. Research and revolution in industry and academia will continue to make important contributions to create flexible and reliable digital environment. Cyber Security has </span></span><span style="font-family:Verdana;"><span style="font-family:Verdana;"><span style="font-family:Verdana;">a </span></span></span><span style="font-family:Verdana;"><span style="font-family:Verdana;"><span style="font-family:Verdana;">main role in the field of information technology because securing information has become one of the greatest challenges today. When we think about the cyber security, the first thing that comes to our mind is “cyber crimes” which </span></span></span><span style="font-family:Verdana;"><span style="font-family:Verdana;"><span style="font-family:Verdana;">are</span></span></span><span style="font-family:Verdana;"><span style="font-family:Verdana;"><span style="font-family:Verdana;"> increasing exponentially day by day. Many governments and firms are taking many measures to prevent these cybercrimes. Besides the various measures, cyber security remains a major concern. This paper intended to give </span></span></span><span style="font-family:Verdana;"><span style="font-family:Verdana;"><span style="font-family:Verdana;">a </span></span></span><span style="font-family:Verdana;"><span style="font-family:Verdana;"><span style="font-family:Verdana;">deep overview of the concepts and principles of cyber security that affect the safety and security in an international context. It mainly focuses on challenges faced by cyber security on the latest technologies and focuses also on introducing security types, cyber security techniques, cyber security ethics, trends that change the face of cyber security and finally attempting to solve one of the most serious cyber security crimes of violating privacy on the internet by improving the security of sensitive personal information (SPI) in Cyber-physical systems using a selected proposed algorithm that analyzes the user’s information resources and determines the valid data to be encrypted, then uses adaptive acquisition methods to collect the information and finally a new cryptographic method is used to complete SPI secure encryption according to acquisition results as described in details in Section 4.
文摘Ransomware attacks have been spreading broadly in the last few years,where attackers deny users’access to their systems and encrypt their files until they pay a ransom,usually in Bitcoin.Of course,that is the worst thing that can happen;especially for organizations having sensitive information.In this paper we proposed a cyber security awareness program intended to provide end-users with a rescue checklist in case of being attacked with a ransomware as well as preventing the attack and ways to recover from it.The program aimed at providing cyber security knowledge to 15 employees in a Sudanese trading and investment company.According to their cyber behaviour before the program,the participants showed a low level cyber security awareness that with 72%they are likely of being attacked by a ransomware from a phishing email,which is well known for spreading ransomware attacks.The results revealed that the cyber security awareness program greatly diminished the probability of being attacked by a ransomware with an average of 28%.This study can be used as a real-life ransomware attack rescue plan.
文摘This paper presents a reliable and secure supervisory control and data acquisition (SCADA) system equipped with advanced communication technologies (ACT) to enhance the operation and cyber security of the communication network in residential microgrid. The proposed approach uses the mobile ad hoc networks (MANET) for collecting data of power consumption from smart meters of residential areas and electric vehicles (EVs), and also for connecting mobile system operators to the network. Moreover, by understanding the dynamic nature of MANET and their exposure to cyber-attacks, we propose an intrusion detection and prevention (IDP) technology with secure knowledge algorithm and anomaly detection for preventing the black hole attacks, and other unknown attacks that result into packet dropping. Test results obtained by using Network Simulator (NS-2) demonstrate the effectiveness of the proposed IDP technology in preventing the cyber-attacks in the proposed residential microgrid communication network.
文摘As cyber threats and attacks are immensely increasing and broadly spreading catastrophically worldwide,cyber security professionals need to cope up with such a highly demanding environment.Security teams,such as Security operation Centre(SOC),Incident Response(IR)and Threat management teams are the people responsible for dealing with cyber security threats and attacks from detection to containment and preventing future incidents;which encompasses some significant challenges that might impose some limitations to the efficiency and effectiveness of activities cyber security professionals conduct,as these processes are time-consuming.In this paper we propose an integrated platform to help cyber security professionals to proactively manage cyber security threats and emerging incidents by providing an automated functionality that can optimize the workflow.The proposed security platform is supposed to diminish the average time taken by cyber security professionals to respond to cyber incidents with an average of 42%.This study can be used as a preliminary design for such an integrated platform.
文摘Many organizations have datasets which contain a high volume of personal data on individuals,e.g.,health data.Even without a name or address,persons can be identified based on the details(variables)on the dataset.This is an important issue for big data holders such as public sector organizations(e.g.,Public Health Organizations)and social media companies.This paper looks at how individuals can be identified from big data using a mathematical approach and how to apply this mathematical solution to prevent accidental disclosure of a person’s details.The mathematical concept is known as the“Identity Correlation Approach”(ICA)and demonstrates how an individual can be identified without a name or address using a unique set of characteristics(variables).Secondly,having identified the individual person,it shows how a solution can be put in place to prevent accidental disclosure of the personal details.Thirdly,how to store data such that accidental leaks of the datasets do not lead to the disclosure of the personal details to unauthorized users.
文摘The Kingdom of Saudi Arabia(KSA)has achieved significant milestones in cybersecurity.KSA has maintained solid regulatorymechanisms to prevent,trace,and punish offenders to protect the interests of both individual users and organizations from the online threats of data poaching and pilferage.The widespread usage of Information Technology(IT)and IT Enable Services(ITES)reinforces securitymeasures.The constantly evolving cyber threats are a topic that is generating a lot of discussion.In this league,the present article enlists a broad perspective on how cybercrime is developing in KSA at present and also takes a look at some of the most significant attacks that have taken place in the region.The existing legislative framework and measures in the KSA are geared toward deterring criminal activity online.Different competency models have been devised to address the necessary cybercrime competencies in this context.The research specialists in this domain can benefit more by developing a master competency level for achieving optimum security.To address this research query,the present assessment uses the Fuzzy Decision-Making Trial and Evaluation Laboratory(Fuzzy-DMTAEL),Fuzzy Analytic Hierarchy Process(F.AHP),and Fuzzy TOPSIS methodology to achieve segment-wise competency development in cyber security policy.The similarities and differences between the three methods are also discussed.This cybersecurity analysis determined that the National Cyber Security Centre got the highest priority.The study concludes by perusing the challenges that still need to be examined and resolved in effectuating more credible and efficacious online security mechanisms to offer amoreempowered ITES-driven economy for SaudiArabia.Moreover,cybersecurity specialists and policymakers need to collate their efforts to protect the country’s digital assets in the era of overt and covert cyber warfare.
文摘Information security and quality management are often considered two different fields. However, organizations must be mindful of how software security may affect quality control. This paper examines and promotes methods through which secure software development processes can be integrated into the Systems Software Development Life-cycle (SDLC) to improve system quality. Cyber-security and quality assurance are both involved in reducing risk. Software security teams work to reduce security risks, whereas quality assurance teams work to decrease risks to quality. There is a need for clear standards, frameworks, processes, and procedures to be followed by organizations to ensure high-level quality while reducing security risks. This research uses a survey of industry professionals to help identify best practices for developing software with fewer defects from the early stages of the SDLC to improve both the quality and security of software. Results show that there is a need for better security awareness among all members of software development teams.
文摘The Industrial Internet of Things(IIoT)has brought numerous benefits,such as improved efficiency,smart analytics,and increased automation.However,it also exposes connected devices,users,applications,and data generated to cyber security threats that need to be addressed.This work investigates hybrid cyber threats(HCTs),which are now working on an entirely new level with the increasingly adopted IIoT.This work focuses on emerging methods to model,detect,and defend against hybrid cyber attacks using machine learning(ML)techniques.Specifically,a novel ML-based HCT modelling and analysis framework was proposed,in which L1 regularisation and Random Forest were used to cluster features and analyse the importance and impact of each feature in both individual threats and HCTs.A grey relation analysis-based model was employed to construct the correlation between IIoT components and different threats.
文摘Digital assets have boomed over the past few years with the emergence of Non-fungible Tokens(NFTs).To be specific,the total trading volume of digital assets reached an astounding$55.5 billion in 2022.Nevertheless,numerous security concerns have been raised by the rapid expansion of the NFT ecosystem.NFT holders are exposed to a plethora of scams and traps,putting their digital assets at risk of being lost.However,academic research on NFT security is scarce,and the security issues have aroused rare attention.In this study,the NFT ecological process is comprehensively explored.This process falls into five different stages encompassing the entire lifecycle of NFTs.Subsequently,the security issues regarding the respective stage are elaborated and analyzed in depth.A matrix model is proposed as a novel contribution to the categorization of NFT security issues.Diverse data are collected from social networks,the Ethereum blockchain,and NFT markets to substantiate our claims regarding the severity of security concerns in the NFT ecosystem.From this comprehensive dataset,nine key NFT security issues are identified from the matrix model and then subjected to qualitative and quantitative analysis.This study aims to shed light on the severity of NFT ecosystem security issues.The findings stress the need for increased attention and proactive measures to safeguard the NFT ecosystem.
文摘The widespread adoption of QR codes has revolutionized various industries, streamlined transactions and improved inventory management. However, this increased reliance on QR code technology also exposes it to potential security risks that malicious actors can exploit. QR code Phishing, or “Quishing”, is a type of phishing attack that leverages QR codes to deceive individuals into visiting malicious websites or downloading harmful software. These attacks can be particularly effective due to the growing popularity and trust in QR codes. This paper examines the importance of enhancing the security of QR codes through the utilization of artificial intelligence (AI). The abstract investigates the integration of AI methods for identifying and mitigating security threats associated with QR code usage. By assessing the current state of QR code security and evaluating the effectiveness of AI-driven solutions, this research aims to propose comprehensive strategies for strengthening QR code technology’s resilience. The study contributes to discussions on secure data encoding and retrieval, providing valuable insights into the evolving synergy between QR codes and AI for the advancement of secure digital communication.
