Search Results (229)

Cyber threats are continually evolving and becoming increasingly complex, affecting various industries. Healthcare institutions are the second most targeted industry, preceded by manufacturing. The industry is on the lookout for a reliable cybersecurity system. This research analyzed the feasibility and reality of implementing a Zero Trust Architecture (ZTA) framework within a large healthcare enterprise with a workforce within the range of 45 k to 50 k personnel. It utilizes a baseline concept centered on the widely used Perimeter-Based Security Model (PBSM) in production environments. The focus is on assessing the feasibility of transitioning from a PBSM to a ZTA framework and specifically aims to assess the effects of such a transition on security, control, cost-effectiveness, supportability, risk, operational aspects, and the extent to which ZTA is applicable across different applications. Company X was used as a case study and provided data for analysis in support engagements and host traffic telemetry values. Findings indicated that a PBSM remains effective in providing defense measures for an organization mainly when a significant financial incentive is involved. On the other hand, ZTA offers a more secure environment with a notable reduction in risk, albeit at an additional cost and with added support variables. Full article

The concept of intelligence has many applications, such as in coatings and cyber security. Smart coatings have the ability to sense and/or respond to external stimuli and generally interact with their environment. Self-healing coatings represent a significant advance in improving material durability and performance using microcapsules and nanocontainers loaded with self-healing agents, catalysts, corrosion inhibitors, and water-repellents. These smart coatings can repair damage on their own and restore mechanical properties without external intervention and are inspired by biological systems. Properties that are affected by either momentary or continuous external stimuli in smart coatings include corrosion, fouling, fungal, self-healing, piezoelectric, and microbiological properties. These coating properties can be obtained via combinations of either organic or inorganic polymer phases, additives, and pigments. In this article, a review of the advancements in micro/nanocapsules for self-healing coatings is reported from the aspect of extrinsic self-healing ability. The concept of extrinsic self-healing coatings is based on the use of capsules or multichannel vascular systems loaded with healing agents/inhibitors. The result is that self-healing coatings exhibit improved properties compared to traditional coatings. Self-healing anticorrosive coating not only enhances passive barrier function but also realizes active defense. As a result, there is a significant improvement in the service life and overall performance of the coating. Future research should be devoted to refining self-healing mechanisms and developing cost-effective solutions for a wide range of industrial applications. Full article

As network technology evolves, cyberattacks are not only increasing in frequency but also becoming more sophisticated. To proactively detect and prevent these cyberattacks, researchers are developing intrusion detection systems (IDSs) leveraging machine learning and deep learning techniques. However, a significant challenge with these advanced models is the increased training time as model complexity grows, and the symmetry between performance and training time must be taken into account. To address this issue, this study proposes a fast-persistent-contrastive-divergence-based deep belief network (FPCD-DBN) that offers both high accuracy and rapid training times. This model combines the efficiency of contrastive divergence with the powerful feature extraction capabilities of deep belief networks. While traditional deep belief networks use a contrastive divergence (CD) algorithm, the FPCD algorithm improves the performance of the model by passing the results of each detection layer to the next layer. In addition, the mix of parameter updates using fast weights and continuous chains makes the model fast and accurate. The performance of the proposed FPCD-DBN model was evaluated on several benchmark datasets, including NSL-KDD, UNSW-NB15, and CIC-IDS-2017. As a result, the proposed method proved to be a viable solution as the model performed well with an accuracy of 89.4% and an F1 score of 89.7%. By achieving superior performance across multiple datasets, the approach shows great potential for enhancing network security and providing a robust defense against evolving cyber threats. Full article

This study investigates the efficacy of machine learning models for intrusion detection in the Internet of Medical Things, aiming to enhance cybersecurity defenses and protect sensitive healthcare data. The analysis focuses on evaluating the performance of ensemble learning algorithms, specifically Stacking, Bagging, and Boosting, using Random Forest and Support Vector Machines as base models on the WUSTL-EHMS-2020 dataset. Through a comprehensive examination of performance metrics such as accuracy, precision, recall, and F1-score, Stacking demonstrates exceptional accuracy and reliability in detecting and classifying cyber attack incidents with an accuracy rate of 98.88%. Bagging is ranked second, with an accuracy rate of 97.83%, while Boosting yielded the lowest accuracy rate of 88.68%. Full article

Mobile ad hoc networks (MANETs) have revolutionized wireless communications by enabling dynamic, infrastructure-free connectivity across various applications, from disaster recovery to military operations. However, these networks are highly vulnerable to security threats, particularly black hole and gray hole attacks, which can severely disrupt network performance and reliability. This study addresses the critical challenge of detecting and mitigating these attacks within the framework of the dynamic source routing (DSR) protocol. To tackle this issue, we propose a robust hybrid detection method that significantly enhances the identification and mitigation of black hole and gray hole attacks. Our approach integrates anomaly detection, advanced data mining techniques, and cryptographic verification to establish a multi-layered defense mechanism. Extensive simulations demonstrate that the proposed hybrid method achieves superior detection accuracy, reduces false positives, and maintains high packet delivery ratios even under attack conditions. Compared to existing solutions, this method provides more reliable and resilient network performance, dynamically adapting to evolving threats. This research represents a significant advancement in MANET security, offering a scalable and effective solution for safeguarding critical MANET applications against sophisticated cyber-attacks. Full article

Achieving cyber-security has grown increasingly tricky because of the rising concern for internet connectivity and the significant growth in software-related applications. It also needs a robust defense system to defend itself from multiple cyberattacks. Therefore, there is a need to generate a method for detecting and classifying cyber-attacks. The developed model can be integrated into three phases: pre-processing, feature selection, and classification. Initially, the min-max normalization of original data was performed to eliminate the impact of maximum or minimum values on the overall characteristics. After that, synthetic minority oversampling techniques (SMOTEs) were developed to reduce the number of minority attacks. The significant features were selected using a Hybrid Genetic Fire Hawk Optimizer (HGFHO). An optimized residual dense-assisted multi-attention transformer (Op-ReDMAT) model was introduced to classify selected features accurately. The proposed model’s performance was evaluated using the UNSW-NB15 and CICIDS2017 datasets. A performance analysis was carried out to demonstrate the effectiveness of the proposed model. The experimental results showed that the UNSW-NB15 dataset attained a higher precision, accuracy, F1-score, error rate, and recall of 97.2%, 98.82%, 97.8%, 2.58, and 98.5%, respectively. On the other hand, the CICIDS 2017 achieved a higher precision, accuracy, F1-score, and recall of 98.6%, 99.12%, 98.8%, and 98.2%, respectively. Full article

Cybercriminals have become an imperative threat because they target the most valuable resource on earth, data. Organizations prepare against cyber attacks by creating Cyber Security Incident Response Teams (CSIRTs) that use various technologies to monitor and detect threats and to help perform forensics on machines and networks. Testing the limits of defense technologies and the skill of a CSIRT can be performed through adversary emulation performed by so-called “red teams”. The red team’s work is primarily manual and requires high skill. We propose SpecRep, a system to ease the testing of the detection capabilities of defenses in complex, heterogeneous infrastructures. SpecRep uses previously known attack specifications to construct attack scenarios based on attacker objectives instead of the traditional attack graphs or a list of actions. We create a metalanguage to describe objectives to be achieved in an attack together with a compiler that can build multiple attack scenarios that achieve the objectives. We use text processing tools aided by large language models to extract information from freely available white papers and convert them to plausible attack specifications that can then be emulated by SpecRep. We show how our system can emulate attacks against a smart home, a large enterprise, and an industrial control system. Full article

Extracting knowledge from cyber threat intelligence is essential for understanding cyber threats and implementing proactive defense measures. However, there is a lack of open datasets in the Chinese cybersecurity field that support both entity and relation extraction tasks. This paper addresses this gap by analyzing vulnerability description texts, which are standardized and knowledge-dense, to create a vulnerability knowledge ontology comprising 13 entities and 15 relations. We annotated 27,311 unique vulnerability description sentences from the China National Vulnerability Database, resulting in a dataset named BVTED for cybersecurity knowledge triple extraction tasks. BVTED contains 97,391 entities and 69,614 relations, with entities expressed in a mix of Chinese and English. To evaluate the dataset’s value, we trained five deep learning-based named entity recognition models, two relation extraction models, and two joint entity–relation extraction models on BVTED. Experimental results demonstrate that models trained on this dataset achieve excellent performance in vulnerability knowledge extraction tasks. This work enhances the extraction of cybersecurity knowledge triples from mixed Chinese and English threat intelligence corpora by providing a comprehensive ontology and a new dataset, significantly aiding in the mining, analysis and utilization of the knowledge embedded in cyber threat intelligence. Full article

The global rise in cybercrime is fueled by the pervasive digitization of work and personal life, compounded by the shift to online formats during the COVID-19 pandemic. As digital channels flourish, so too do the opportunities for cyberattacks, particularly those exposing small and medium-sized enterprises (SMEs) to potential economic devastation. These businesses often lack comprehensive defense strategies and/or the necessary resources to implement effective cybersecurity measures. The authors have addressed this issue by developing an Educational Escape Room (EER) that supports scenario-based learning to enhance cybersecurity awareness among SME employees, enabling them to handle cyber threats more effectively. By integrating hands-on scenarios based on real-life examples, the authors aimed to improve the knowledge retention and the operational performance of SME staff in terms of cybersafe practices. The results achieved during pilot testing with more than 200 participants suggest that the EER approach engaged the trainees and boosted their cybersecurity awareness, marking a step forward in cybersecurity education. Full article

The focus of this review is the long and broad history of attacker–defender games as a foundation for the narrower and shorter history of cyber security. The purpose is to illustrate the role of game theory in cyber security and which areas have received attention and to indicate future research directions. The methodology uses the search terms game theory, attack, defense, and cyber security in Web of Science, augmented with the authors’ knowledge of the field. Games may involve multiple attackers and defenders over multiple periods. Defense involves security screening and inspection, the detection of invaders, jamming, secrecy, and deception. Incomplete information is reviewed due to its inevitable presence in cyber security. The findings pertain to players sharing information weighted against the security investment, influenced by social planning. Attackers stockpile zero-day cyber vulnerabilities. Defenders build deterrent resilient systems. Stochastic cyber security games play a role due to uncertainty and the need to build probabilistic models. Such games can be further developed. Cyber security games based on traffic and transportation are reviewed; they are influenced by the more extensive communication of GPS data. Such games should be extended to comprise air, land, and sea. Finally, cyber security education and board games are reviewed, which play a prominent role. Full article

The rise of grid modernization has been prompted by the escalating demand for power, the deteriorating state of infrastructure, and the growing concern regarding the reliability of electric utilities. The smart grid encompasses recent advancements in electronics, technology, telecommunications, and computer capabilities. Smart grid telecommunication frameworks provide bidirectional communication to facilitate grid operations. Software-defined networking (SDN) is a proposed approach for monitoring and regulating telecommunication networks, which allows for enhanced visibility, control, and security in smart grid systems. Nevertheless, the integration of telecommunications infrastructure exposes smart grid networks to potential cyberattacks. Unauthorized individuals may exploit unauthorized access to intercept communications, introduce fabricated data into system measurements, overwhelm communication channels with false data packets, or attack centralized controllers to disable network control. An ongoing, thorough examination of cyber attacks and protection strategies for smart grid networks is essential due to the ever-changing nature of these threats. Previous surveys on smart grid security lack modern methodologies and, to the best of our knowledge, most, if not all, focus on only one sort of attack or protection. This survey examines the most recent security techniques, simultaneous multi-pronged cyber attacks, and defense utilities in order to address the challenges of future SDN smart grid research. The objective is to identify future research requirements, describe the existing security challenges, and highlight emerging threats and their potential impact on the deployment of software-defined smart grid (SD-SG). Full article

Advancements in artificial intelligence, machine learning, and natural language processing have culminated in sophisticated technologies such as transformer models, generative AI models, and chatbots. Chatbots are sophisticated software applications created to simulate conversation with human users. Chatbots have surged in popularity owing to their versatility and user-friendly nature, which have made them indispensable across a wide range of tasks. This article explores the dual nature of chatbots in the realm of cybersecurity and highlights their roles as both defensive tools and offensive tools. On the one hand, chatbots enhance organizational cyber defenses by providing real-time threat responses and fortifying existing security measures. On the other hand, adversaries exploit chatbots to perform advanced cyberattacks, since chatbots have lowered the technical barrier to generate phishing, malware, and other cyberthreats. Despite the implementation of censorship systems, malicious actors find ways to bypass these safeguards. Thus, this paper first provides an overview of the historical development of chatbots and large language models (LLMs), including their functionality, applications, and societal effects. Next, we explore the dualistic applications of chatbots in cybersecurity by surveying the most representative works on both attacks involving chatbots and chatbots’ defensive uses. We also present experimental analyses to illustrate and evaluate different offensive applications of chatbots. Finally, open issues and challenges regarding the duality of chatbots are highlighted and potential future research directions are discussed to promote responsible usage and enhance both offensive and defensive cybersecurity strategies. Full article

The proliferation of information and communication technologies (ICTs) within smart cities has not only enhanced the capabilities and efficiencies of urban energy systems but has also introduced significant cyber threats that can compromise these systems. To mitigate the financial risks associated with cyber intrusions in smart city infrastructures, this study introduces a two-stage hierarchical planning model for ICT-integrated multi-energy systems, emphasizing the economic role of cyber insurance. By adopting cyber insurance, smart city operators can mitigate the financial impact of unforeseen cyber incidents, transferring these economic risks to the insurance provider. The proposed two-stage optimization model strategically balances the economic implications of urban energy system operations with cyber insurance coverage. This approach allows city managers to make economically informed decisions about insurance procurement in the first stage and implement cost-effective defense strategies against potential cyberattacks in the second stage. Utilizing a distributionally robust approach, the study captures the emergent and uncertain nature of cyberattacks through a moment-based ambiguity set and resolves the reformulated linear problem using a dynamic cutting plane method. This work offers a distinct perspective on managing the economic risks of cyber incidents in smart cities and provides a valuable framework for decision making regarding cyber insurance procurement, ultimately aiming to enhance the financial stability of smart city energy operations. Full article

In modern network security setups, Intrusion Detection Systems (IDS) are crucial elements that play a key role in protecting against unauthorized access, malicious actions, and policy breaches. Despite significant progress in IDS technology, two of the most major obstacles remain: how to avoid false alarms due to imbalanced data and accurately forecast the precise type of attacks before they even happen to minimize the damage caused. To deal with two problems in the most optimized way possible, we propose a two-task regression and classification strategy called Hybrid Regression–Classification (HRC), a deep learning-based strategy for developing an intrusion detection system (IDS) that can minimize the false alarm rate and detect and predict potential cyber-attacks before they occur to help the current wireless network in dealing with the attacks more efficiently and precisely. The experimental results show that our HRC strategy accurately predicts the incoming behavior of the IP data traffic in two different datasets. This can help the IDS to detect potential attacks sooner with high accuracy so that they can have enough reaction time to deal with the attack. Furthermore, our proposed strategy can also deal with imbalanced data. Even when the imbalance is large between categories. This will help significantly reduce the false alarm rate of IDS in practice. These strengths combined will benefit the IDS by making it more active in defense and help deal with the intrusion detection problem more effectively. Full article

Due to the rapid increase in Internet of Things (IoT) devices in entrepreneurial environments, innovative cybersecurity advancements are needed to defend against escalating cyber threats. The present paper proposes an approach involving univariate feature selection leading to Sustainable IoT security. This method aims at increasing the efficiency and accuracy of the deep Convolutional Neural Network (CNN) model concerning botnet attack detection and mitigation. The approach to obtaining Sustainable IoT Security goes beyond the focus on technical aspects by proving that increased cybersecurity in IoT environments also fosters entrepreneurship in terms of stimulation, knowledge increase, and innovation. This approach is a major step towards providing entrepreneurs with the necessary tools to protect them in this digital era, which will enable and support the defense against cyber threats. A secure, innovative, and knowledgeable entrepreneurial environment is the result of Sustainable IoT security. Full article