With increased cyber attacks over years,information system security assessment becomes more and more important.This paper provides an ontology-based attack model,and then utilizes it to assess the information system s...With increased cyber attacks over years,information system security assessment becomes more and more important.This paper provides an ontology-based attack model,and then utilizes it to assess the information system security from attack angle.We categorize attacks into a taxonomy suitable for security assessment.The proposed taxonomy consists of five dimensions,which include attack impact,attack vector,attack target,vulnerability and defense.Afterwards we build an ontology according to the taxonomy.In the ontology,attack related concepts included in the five dimensions and relationships between them are formalized and analyzed in detail.We also populate our attack ontology with information from national vulnerability database(NVD)about the vulnerabilities,such as common vulnerabilities and exposures(CVE),common weakness enumeration(CWE),common vulnerability scoring system(CVSS),and common platform enumeration(CPE).Finally we propose an ontology-based framework for security assessment of network and computer systems,and describe the utilization of ontology in the security assessment and the method for evaluating attack efect on the system when it is under attack.展开更多
The national grid and other life-sustaining critical infrastructures face an unprecedented threat from prolonged blackouts,which could last over a year and pose a severe risk to national security.Whether caused by phy...The national grid and other life-sustaining critical infrastructures face an unprecedented threat from prolonged blackouts,which could last over a year and pose a severe risk to national security.Whether caused by physical attacks,EMP(electromagnetic pulse)events,or cyberattacks,such disruptions could cripple essential services like water supply,healthcare,communication,and transportation.Research indicates that an attack on just nine key substations could result in a coast-to-coast blackout lasting up to 18 months,leading to economic collapse,civil unrest,and a breakdown of public order.This paper explores the key vulnerabilities of the grid,the potential impacts of prolonged blackouts,and the role of AI(artificial intelligence)and ML(machine learning)in mitigating these threats.AI-driven cybersecurity measures,predictive maintenance,automated threat response,and EMP resilience strategies are discussed as essential solutions to bolster grid security.Policy recommendations emphasize the need for hardened infrastructure,enhanced cybersecurity,redundant power systems,and AI-based grid management to ensure national resilience.Without proactive measures,the nation remains exposed to a catastrophic power grid failure that could have dire consequences for society and the economy.展开更多
Attack surfaces, as one of the security models, can help people to analyse the security of systems in cyberspace, such as risk assessment by utilizing various security metrics or providing a cost-effective network har...Attack surfaces, as one of the security models, can help people to analyse the security of systems in cyberspace, such as risk assessment by utilizing various security metrics or providing a cost-effective network hardening solution. Numerous attack surface models have been proposed in the past decade,but they are not appropriate for describing complex systems with heterogeneous components. To address this limitation, we propose to use a two-layer Hierarchical Attack Surface Network(HASN) that models the data interactions and resource distribution of the system in a component-oriented view. First, we formally define the HASN by extending the entry point and exit point framework. Second, in order to assess data input risk and output risk on the HASN, we propose two behaviour models and two simulation-based risk metrics. Last, we conduct experiments for three network systems. Our experimental results show that the proposed approach is applicable and effective.展开更多
Cyber attacks are continuing to hamper working of Internet services despite increased use of network secu-rity systems such as firewalls and Intrusion protection systems (IPS). Recent Distributed Denial of Service (DD...Cyber attacks are continuing to hamper working of Internet services despite increased use of network secu-rity systems such as firewalls and Intrusion protection systems (IPS). Recent Distributed Denial of Service (DDoS) attacks on Dec 8th, 2010 by Wikileak supporters on Visa and Master Card websites made headlines on prime news channels all over the world. Another famous DDoS attacks on Independence Day weekend, on July 4th, 2009 were launched to debilitate the US and South Korean governments’ websites. These attacks raised questions about the capabilities of the security systems that were used in the network to counteract such attacks. Firewall and IPS security systems are commonly used today as a front line defense mechanism to defend against DDoS attacks. In many deployments, performances of these security devices are seldom evaluated for their effectiveness. Different security devices perform differently in stopping DDoS attacks. In this paper, we intend to drive the point that it is important to evaluate the capability of Firewall or IPS secu-rity devices before they are deployed to protect a network or a server against DDoS attacks. In this paper, we evaluate the effectiveness of a security device called Netscreen 5GT (or NS-5GT) from Juniper Networks under Layer-4 flood attacks at different attack loads. This security device NS-5GT comes with a feature called TCP-SYN proxy protection to protect against TCP-SYN based DDoS attacks, and UDP protection feature to protect against UDP flood attacks. By looking at these security features from the equipments data sheet, one might assume the device to protect the network against such DDoS attacks. In this paper, we con-ducted real experiments to measure the performance of this security device NS-5GT under the TCP SYN and UDP flood attacks and test the performance of these protection features. It was found that the Juniper’s NS-5GT mitigated the effect of DDoS traffic to some extent especially when the attack of lower intensity. However, the device was unable to provide any protection against Layer4 flood attacks when the load ex-ceeded 40Mbps. In order to guarantee a measured level of security, it is important for the network managers to measure the actual capabilities of a security device, using real attack traffic, before they are deployed to protect a critical information infrastructure.展开更多
In order to enhance the accuracy of Air Traffic Control(ATC)cybersecurity attack detection,in this paper,a new clustering detection method is designed for air traffic control network security attacks.The feature set f...In order to enhance the accuracy of Air Traffic Control(ATC)cybersecurity attack detection,in this paper,a new clustering detection method is designed for air traffic control network security attacks.The feature set for ATC cybersecurity attacks is constructed by setting the feature states,adding recursive features,and determining the feature criticality.The expected information gain and entropy of the feature data are computed to determine the information gain of the feature data and reduce the interference of similar feature data.An autoencoder is introduced into the AI(artificial intelligence)algorithm to encode and decode the characteristics of ATC network security attack behavior to reduce the dimensionality of the ATC network security attack behavior data.Based on the above processing,an unsupervised learning algorithm for clustering detection of ATC network security attacks is designed.First,determine the distance between the clustering clusters of ATC network security attack behavior characteristics,calculate the clustering threshold,and construct the initial clustering center.Then,the new average value of all feature objects in each cluster is recalculated as the new cluster center.Second,it traverses all objects in a cluster of ATC network security attack behavior feature data.Finally,the cluster detection of ATC network security attack behavior is completed by the computation of objective functions.The experiment took three groups of experimental attack behavior data sets as the test object,and took the detection rate,false detection rate and recall rate as the test indicators,and selected three similar methods for comparative test.The experimental results show that the detection rate of this method is about 98%,the false positive rate is below 1%,and the recall rate is above 97%.Research shows that this method can improve the detection performance of security attacks in air traffic control network.展开更多
Internet of Things (IoT) has become a prevalent topic in the world of technology. It helps billion of devices to connect to the internet so that they can exchange data with each other. Nowadays, the IoT can be applied...Internet of Things (IoT) has become a prevalent topic in the world of technology. It helps billion of devices to connect to the internet so that they can exchange data with each other. Nowadays, the IoT can be applied in anything, from cellphones, coffee makers, cars, body sensors to smart surveillance, water distribution, energy management system, and environmental monitoring. However, the rapid growth of IoT has brought new and critical threats to the security and privacy of the users. Due to the millions of insecure IoT devices, an adversary can easily break into an application to make it unstable and steal sensitive user information and data. This paper provides an overview of different kinds of cybersecurity attacks against IoT devices as well as an analysis of IoT architecture. It then discusses the security solutions we can take to protect IoT devices against different kinds of security attacks. The main goal of this research is to enhance the development of IoT research by highlighting the different kinds of security challenges that IoT is facing nowadays, and the existing security solutions we can implement to make IoT devices more secure. In this study, we analyze the security solutions of IoT in three forms: secure authentication, secure communications, and application security to find suitable security solutions for protecting IoT devices.展开更多
Due to the long-term goal of bringing about significant changes in the quality of services supplied to smart city residents and urban environments and life, the development and deployment of ICT in city infrastructure...Due to the long-term goal of bringing about significant changes in the quality of services supplied to smart city residents and urban environments and life, the development and deployment of ICT in city infrastructure has spurred interest in smart cities. Applications for smart cities can gather private data in a variety of fields. Different sectors such as healthcare, smart parking, transportation, traffic systems, public safety, smart agriculture, and other sectors can control real-life physical objects and deliver intelligent and smart information to citizens who are the users. However, this smart ICT integration brings about numerous concerns and issues with security and privacy for both smart city citizens and the environments they are built in. The main uses of smart cities are examined in this journal article, along with the security needs for IoT systems supporting them and the identified important privacy and security issues in the smart city application architecture. Following the identification of several security flaws and privacy concerns in the context of smart cities, it then highlights some security and privacy solutions for developing secure smart city systems and presents research opportunities that still need to be considered for performance improvement in the future.展开更多
Blockchain interoperability enables seamless communication and asset transfer across isolated permissioned blockchain systems,but it introduces significant security and privacy vulnerabilities.This review aims to syst...Blockchain interoperability enables seamless communication and asset transfer across isolated permissioned blockchain systems,but it introduces significant security and privacy vulnerabilities.This review aims to systematically assess the security and privacy landscape of interoperability protocols for permissioned blockchains,identifying key properties,attack vectors,and countermeasures.Using PRISMA 2020 guidelines,we analysed 56 peerreviewed studies published between 2020 and 2025,retrieved from Scopus,ScienceDirect,Web of Science,and IEEE Xplore.The review focused on interoperability protocols for permissioned blockchains with security and privacy analyses,including only English-language journal articles and conference proceedings.Risk of bias in the included studies was assessed using the MMAT.Methods for presenting and synthesizing results included descriptive analysis,bibliometric analysis,and content analysis,with findings organized into tables,charts,and comparative summaries.The review classifies interoperability protocols into relay,sidechain,notary scheme,HTLC,and hybrid types and identifies 18 security and privacy properties along with 31 known attack types.Relay-based protocols showed the broadest security coverage,while HTLC and notary schemes demonstrated significant security gaps.Notably,93% of studies examined fewer than four properties or attack types,indicating a fragmented research landscape.The review identifies underexplored areas such as ACID properties,decentralization,and cross-chain attack resilience.It further highlights effective countermeasures,including cryptographic techniques,trusted execution environments,zero-knowledge proofs,and decentralized identity schemes.The findings suggest that despite growing adoption,current interoperability protocols lack comprehensive security evaluations.More holistic research is needed to ensure the resilience,trustworthiness,and scalability of cross-chain operations in permissioned blockchain ecosystems.展开更多
Dear Editor,The attacker is always going to intrude covertly networked control systems(NCSs)by dynamically changing false data injection attacks(FDIAs)strategy,while the defender try their best to resist attacks by de...Dear Editor,The attacker is always going to intrude covertly networked control systems(NCSs)by dynamically changing false data injection attacks(FDIAs)strategy,while the defender try their best to resist attacks by designing defense strategy on the basis of identifying attack strategy,maintaining stable operation of NCSs.To solve this attack-defense game problem,this letter investigates optimal secure control of NCSs under FDIAs.First,for the alterations of energy caused by false data,a novel attack-defense game model is constructed,which considers the changes of energy caused by the actions of the defender and attacker in the forward and feedback channels.展开更多
This study proposes an efficient traffic classification model to address the growing threat of distributed denial-of-service(DDoS)attacks in 5th generation technology standard(5G)slicing networks.The proposed method u...This study proposes an efficient traffic classification model to address the growing threat of distributed denial-of-service(DDoS)attacks in 5th generation technology standard(5G)slicing networks.The proposed method utilizes an ensemble of encoder components from multiple autoencoders to compress and extract latent representations from high-dimensional traffic data.These representations are then used as input for a support vector machine(SVM)-based metadata classifier,enabling precise detection of attack traffic.This architecture is designed to achieve both high detection accuracy and training efficiency,while adapting flexibly to the diverse service requirements and complexity of 5G network slicing.The model was evaluated using the DDoS Datasets 2022,collected in a simulated 5G slicing environment.Experiments were conducted under both class-balanced and class-imbalanced conditions.In the balanced setting,the model achieved an accuracy of 89.33%,an F1-score of 88.23%,and an Area Under the Curve(AUC)of 89.45%.In the imbalanced setting(attack:normal 7:3),the model maintained strong robustness,=achieving a recall of 100%and an F1-score of 90.91%,demonstrating its effectiveness in diverse real-world scenarios.Compared to existing AI-based detection methods,the proposed model showed higher precision,better handling of class imbalance,and strong generalization performance.Moreover,its modular structure is well-suited for deployment in containerized network function(NF)environments,making it a practical solution for real-world 5G infrastructure.These results highlight the potential of the proposed approach to enhance both the security and operational resilience of 5G slicing networks.展开更多
Three kinds of vulnerabilities that may exist in some of current virtualization-based security monitoring systems were proposed: page mapping problem,lack of overall protection,and inherent limitations. Aiming at the...Three kinds of vulnerabilities that may exist in some of current virtualization-based security monitoring systems were proposed: page mapping problem,lack of overall protection,and inherent limitations. Aiming at these vulnerabilities,relative attack methods were presented in detail. Our experiments show that the attack methods,such as page mapping attack,data attack,and non-behavior detection attack,can attack simulated or original security monitors successfully. Defenders,who need to effectively strengthen their security monitors,can get an inspiration from these attack methods and find some appropriate solutions.展开更多
Dear Editor,Industrial Internet of things(IIoT) is a typical application of cyberphysical system(CPS). In the IIoT, wireless communication is an inevitable trend to replace the deployment-limited wired transmission fo...Dear Editor,Industrial Internet of things(IIoT) is a typical application of cyberphysical system(CPS). In the IIoT, wireless communication is an inevitable trend to replace the deployment-limited wired transmission for cases with large-scale and mobile devices. However, wireless communication gives rise to critical issues related to physical security, such as malicious detections and attacks [1].展开更多
Internet of Things(IoT)is vulnerable to data-tampering(DT)attacks.Due to resource limitations,many anomaly detection systems(ADSs)for IoT have high false positive rates when detecting DT attacks.This leads to the misr...Internet of Things(IoT)is vulnerable to data-tampering(DT)attacks.Due to resource limitations,many anomaly detection systems(ADSs)for IoT have high false positive rates when detecting DT attacks.This leads to the misreporting of normal data,which will impact the normal operation of IoT.To mitigate the impact caused by the high false positive rate of ADS,this paper proposes an ADS management scheme for clustered IoT.First,we model the data transmission and anomaly detection in clustered IoT.Then,the operation strategy of the clustered IoT is formulated as the running probabilities of all ADSs deployed on every IoT device.In the presence of a high false positive rate in ADSs,to deal with the trade-off between the security and availability of data,we develop a linear programming model referred to as a security trade-off(ST)model.Next,we develop an analysis framework for the ST model,and solve the ST model on an IoT simulation platform.Last,we reveal the effect of some factors on the maximum combined detection rate through theoretical analysis.Simulations show that the ADS management scheme can mitigate the data unavailability loss caused by the high false positive rates in ADS.展开更多
Spear Phishing Attacks(SPAs)pose a significant threat to the healthcare sector,resulting in data breaches,financial losses,and compromised patient confidentiality.Traditional defenses,such as firewalls and antivirus s...Spear Phishing Attacks(SPAs)pose a significant threat to the healthcare sector,resulting in data breaches,financial losses,and compromised patient confidentiality.Traditional defenses,such as firewalls and antivirus software,often fail to counter these sophisticated attacks,which target human vulnerabilities.To strengthen defenses,healthcare organizations are increasingly adopting Machine Learning(ML)techniques.ML-based SPA defenses use advanced algorithms to analyze various features,including email content,sender behavior,and attachments,to detect potential threats.This capability enables proactive security measures that address risks in real-time.The interpretability of ML models fosters trust and allows security teams to continuously refine these algorithms as new attack methods emerge.Implementing ML techniques requires integrating diverse data sources,such as electronic health records,email logs,and incident reports,which enhance the algorithms’learning environment.Feedback from end-users further improves model performance.Among tested models,the hierarchical models,Convolutional Neural Network(CNN)achieved the highest accuracy at 99.99%,followed closely by the sequential Bidirectional Long Short-Term Memory(BiLSTM)model at 99.94%.In contrast,the traditional Multi-Layer Perceptron(MLP)model showed an accuracy of 98.46%.This difference underscores the superior performance of advanced sequential and hierarchical models in detecting SPAs compared to traditional approaches.展开更多
Recent DDoS attacks against several web sites operated by SONY Playstation caused wide spread outage for several days, and loss of user account information. DDoS attacks by WikiLeaks supporters against VISA, MasterCar...Recent DDoS attacks against several web sites operated by SONY Playstation caused wide spread outage for several days, and loss of user account information. DDoS attacks by WikiLeaks supporters against VISA, MasterCard, and Paypal servers made headline news globally. These DDoS attack floods are known to crash, or reduce the performance of web based applications, and reduce the number of legitimate client connections/sec. TCP SYN flood is one of the common DDoS attack, and latest operating systems have some form of protection against this attack to prevent the attack in reducing the performance of web applications, and user connections. In this paper, we evaluated the performance of the TCP-SYN attack protection provided in Microsoft’s windows server 2003. It is found that the SYN attack protection provided by the server is effective in preventing attacks only at lower loads of SYN attack traffic, however this built-in protection is found to be not effective against high intensity of SYN attack traffic. Measurement results in this paper can help network operators understand the effectiveness of built-in protection mechanism that exists in millions of Windows server 2003 against one of the most popular DDoS attacks, namely the TCP SYN attack, and help enhance security of their network by additional means.展开更多
Enhancing the interconnection of devices and systems,the Internet of Things(IoT)is a paradigm-shifting technology.IoT security concerns are still a substantial concern despite its extraordinary advantages.This paper o...Enhancing the interconnection of devices and systems,the Internet of Things(IoT)is a paradigm-shifting technology.IoT security concerns are still a substantial concern despite its extraordinary advantages.This paper offers an extensive review of IoT security,emphasizing the technology’s architecture,important security elements,and common attacks.It highlights how important artificial intelligence(AI)is to bolstering IoT security,especially when it comes to addressing risks at different IoT architecture layers.We systematically examined current mitigation strategies and their effectiveness,highlighting contemporary challenges with practical solutions and case studies from a range of industries,such as healthcare,smart homes,and industrial IoT.Our results highlight the importance of AI methods that are lightweight and improve security without compromising the limited resources of devices and computational capability.IoT networks can ensure operational efficiency and resilience by proactively identifying and countering security risks by utilizing machine learning capabilities.This study provides a comprehensive guide for practitioners and researchers aiming to understand the intricate connection between IoT,security challenges,and AI-driven solutions.展开更多
There are different types of Cyber Security Attacks that are based on ICMP protocols. Many ICMP protocols are very similar, which may lead security managers to think they may have same impact on victim computer system...There are different types of Cyber Security Attacks that are based on ICMP protocols. Many ICMP protocols are very similar, which may lead security managers to think they may have same impact on victim computer systems or servers. In this paper, we investigate impact of different ICMP based security attacks on two popular server systems namely Microsoft’s Windows Server and Apple’s Mac Server OS running on same hardware platform, and compare their performance under different types of ICMP based security attacks.展开更多
The real-time of network security situation awareness(NSSA)is always affected by the state explosion problem.To solve this problem,a new NSSA method based on layered attack graph(LAG)is proposed.Firstly,network is div...The real-time of network security situation awareness(NSSA)is always affected by the state explosion problem.To solve this problem,a new NSSA method based on layered attack graph(LAG)is proposed.Firstly,network is divided into several logical subnets by community discovery algorithm.The logical subnets and connections between them constitute the logical network.Then,based on the original and logical networks,the selection of attack path is optimized according to the monotonic principle of attack behavior.The proposed method can sharply reduce the attack path scale and hence tackle the state explosion problem in NSSA.The experiments results show that the generation of attack paths by this method consumes 0.029 s while the counterparts by other methods are more than 56 s.Meanwhile,this method can give the same security strategy with other methods.展开更多
Aiming at the industry cyber-physical system(ICPS)where Denial-of-Service(DoS)attacks and actuator failure coexist,the integrated security control problem of ICPS under multi-objective constraints was studied.First,fr...Aiming at the industry cyber-physical system(ICPS)where Denial-of-Service(DoS)attacks and actuator failure coexist,the integrated security control problem of ICPS under multi-objective constraints was studied.First,from the perspective of the defender,according to the differential impact of the system under DoS attacks of different energies,the DoS attacks energy grading detection standard was formulated,and the ICPS comprehensive security control framework was constructed.Secondly,a security transmission strategy based on event triggering was designed.Under the DoS attack energy classification detection mechanism,for large-energy attacks,the method based on time series analysis was considered to predict and compensate for lost data.Therefore,on the basis of passive and elastic response to small energy attacks,the active defense capability against DoS attacks was increased.Then by introducing the conecomplement linearization algorithm,the calculation methods of the state and fault estimation observer and the integrated safety controller were deduced,the goal of DoS attack active and passive hybrid intrusion tolerance and actuator failure active fault tolerance were realized.Finally,a simulation example of a four-capacity water tank system was given to verify the validity of the obtained conclusions.展开更多
Ransomware attacks have been spreading broadly in the last few years,where attackers deny users’access to their systems and encrypt their files until they pay a ransom,usually in Bitcoin.Of course,that is the worst t...Ransomware attacks have been spreading broadly in the last few years,where attackers deny users’access to their systems and encrypt their files until they pay a ransom,usually in Bitcoin.Of course,that is the worst thing that can happen;especially for organizations having sensitive information.In this paper we proposed a cyber security awareness program intended to provide end-users with a rescue checklist in case of being attacked with a ransomware as well as preventing the attack and ways to recover from it.The program aimed at providing cyber security knowledge to 15 employees in a Sudanese trading and investment company.According to their cyber behaviour before the program,the participants showed a low level cyber security awareness that with 72%they are likely of being attacked by a ransomware from a phishing email,which is well known for spreading ransomware attacks.The results revealed that the cyber security awareness program greatly diminished the probability of being attacked by a ransomware with an average of 28%.This study can be used as a real-life ransomware attack rescue plan.展开更多
基金the National Basic Research Program(973)of China(No.2010CB731403)the Information Network Security Key Laboratory Open Project of the Ministry of Public Security of China(No.C09603)the Shanghai Key Scientific and Technological Project(No.11511504302)
文摘With increased cyber attacks over years,information system security assessment becomes more and more important.This paper provides an ontology-based attack model,and then utilizes it to assess the information system security from attack angle.We categorize attacks into a taxonomy suitable for security assessment.The proposed taxonomy consists of five dimensions,which include attack impact,attack vector,attack target,vulnerability and defense.Afterwards we build an ontology according to the taxonomy.In the ontology,attack related concepts included in the five dimensions and relationships between them are formalized and analyzed in detail.We also populate our attack ontology with information from national vulnerability database(NVD)about the vulnerabilities,such as common vulnerabilities and exposures(CVE),common weakness enumeration(CWE),common vulnerability scoring system(CVSS),and common platform enumeration(CPE).Finally we propose an ontology-based framework for security assessment of network and computer systems,and describe the utilization of ontology in the security assessment and the method for evaluating attack efect on the system when it is under attack.
文摘The national grid and other life-sustaining critical infrastructures face an unprecedented threat from prolonged blackouts,which could last over a year and pose a severe risk to national security.Whether caused by physical attacks,EMP(electromagnetic pulse)events,or cyberattacks,such disruptions could cripple essential services like water supply,healthcare,communication,and transportation.Research indicates that an attack on just nine key substations could result in a coast-to-coast blackout lasting up to 18 months,leading to economic collapse,civil unrest,and a breakdown of public order.This paper explores the key vulnerabilities of the grid,the potential impacts of prolonged blackouts,and the role of AI(artificial intelligence)and ML(machine learning)in mitigating these threats.AI-driven cybersecurity measures,predictive maintenance,automated threat response,and EMP resilience strategies are discussed as essential solutions to bolster grid security.Policy recommendations emphasize the need for hardened infrastructure,enhanced cybersecurity,redundant power systems,and AI-based grid management to ensure national resilience.Without proactive measures,the nation remains exposed to a catastrophic power grid failure that could have dire consequences for society and the economy.
基金supported by the Jiangsu Provincial Natural Science Foundation of China(no.BK20150721)the 2017 National Key Research and Development Program of China(no.2017YFB0802900)
文摘Attack surfaces, as one of the security models, can help people to analyse the security of systems in cyberspace, such as risk assessment by utilizing various security metrics or providing a cost-effective network hardening solution. Numerous attack surface models have been proposed in the past decade,but they are not appropriate for describing complex systems with heterogeneous components. To address this limitation, we propose to use a two-layer Hierarchical Attack Surface Network(HASN) that models the data interactions and resource distribution of the system in a component-oriented view. First, we formally define the HASN by extending the entry point and exit point framework. Second, in order to assess data input risk and output risk on the HASN, we propose two behaviour models and two simulation-based risk metrics. Last, we conduct experiments for three network systems. Our experimental results show that the proposed approach is applicable and effective.
文摘Cyber attacks are continuing to hamper working of Internet services despite increased use of network secu-rity systems such as firewalls and Intrusion protection systems (IPS). Recent Distributed Denial of Service (DDoS) attacks on Dec 8th, 2010 by Wikileak supporters on Visa and Master Card websites made headlines on prime news channels all over the world. Another famous DDoS attacks on Independence Day weekend, on July 4th, 2009 were launched to debilitate the US and South Korean governments’ websites. These attacks raised questions about the capabilities of the security systems that were used in the network to counteract such attacks. Firewall and IPS security systems are commonly used today as a front line defense mechanism to defend against DDoS attacks. In many deployments, performances of these security devices are seldom evaluated for their effectiveness. Different security devices perform differently in stopping DDoS attacks. In this paper, we intend to drive the point that it is important to evaluate the capability of Firewall or IPS secu-rity devices before they are deployed to protect a network or a server against DDoS attacks. In this paper, we evaluate the effectiveness of a security device called Netscreen 5GT (or NS-5GT) from Juniper Networks under Layer-4 flood attacks at different attack loads. This security device NS-5GT comes with a feature called TCP-SYN proxy protection to protect against TCP-SYN based DDoS attacks, and UDP protection feature to protect against UDP flood attacks. By looking at these security features from the equipments data sheet, one might assume the device to protect the network against such DDoS attacks. In this paper, we con-ducted real experiments to measure the performance of this security device NS-5GT under the TCP SYN and UDP flood attacks and test the performance of these protection features. It was found that the Juniper’s NS-5GT mitigated the effect of DDoS traffic to some extent especially when the attack of lower intensity. However, the device was unable to provide any protection against Layer4 flood attacks when the load ex-ceeded 40Mbps. In order to guarantee a measured level of security, it is important for the network managers to measure the actual capabilities of a security device, using real attack traffic, before they are deployed to protect a critical information infrastructure.
基金National Natural Science Foundation of China(U2133208,U20A20161)National Natural Science Foundation of China(No.62273244)Sichuan Science and Technology Program(No.2022YFG0180).
文摘In order to enhance the accuracy of Air Traffic Control(ATC)cybersecurity attack detection,in this paper,a new clustering detection method is designed for air traffic control network security attacks.The feature set for ATC cybersecurity attacks is constructed by setting the feature states,adding recursive features,and determining the feature criticality.The expected information gain and entropy of the feature data are computed to determine the information gain of the feature data and reduce the interference of similar feature data.An autoencoder is introduced into the AI(artificial intelligence)algorithm to encode and decode the characteristics of ATC network security attack behavior to reduce the dimensionality of the ATC network security attack behavior data.Based on the above processing,an unsupervised learning algorithm for clustering detection of ATC network security attacks is designed.First,determine the distance between the clustering clusters of ATC network security attack behavior characteristics,calculate the clustering threshold,and construct the initial clustering center.Then,the new average value of all feature objects in each cluster is recalculated as the new cluster center.Second,it traverses all objects in a cluster of ATC network security attack behavior feature data.Finally,the cluster detection of ATC network security attack behavior is completed by the computation of objective functions.The experiment took three groups of experimental attack behavior data sets as the test object,and took the detection rate,false detection rate and recall rate as the test indicators,and selected three similar methods for comparative test.The experimental results show that the detection rate of this method is about 98%,the false positive rate is below 1%,and the recall rate is above 97%.Research shows that this method can improve the detection performance of security attacks in air traffic control network.
文摘Internet of Things (IoT) has become a prevalent topic in the world of technology. It helps billion of devices to connect to the internet so that they can exchange data with each other. Nowadays, the IoT can be applied in anything, from cellphones, coffee makers, cars, body sensors to smart surveillance, water distribution, energy management system, and environmental monitoring. However, the rapid growth of IoT has brought new and critical threats to the security and privacy of the users. Due to the millions of insecure IoT devices, an adversary can easily break into an application to make it unstable and steal sensitive user information and data. This paper provides an overview of different kinds of cybersecurity attacks against IoT devices as well as an analysis of IoT architecture. It then discusses the security solutions we can take to protect IoT devices against different kinds of security attacks. The main goal of this research is to enhance the development of IoT research by highlighting the different kinds of security challenges that IoT is facing nowadays, and the existing security solutions we can implement to make IoT devices more secure. In this study, we analyze the security solutions of IoT in three forms: secure authentication, secure communications, and application security to find suitable security solutions for protecting IoT devices.
文摘Due to the long-term goal of bringing about significant changes in the quality of services supplied to smart city residents and urban environments and life, the development and deployment of ICT in city infrastructure has spurred interest in smart cities. Applications for smart cities can gather private data in a variety of fields. Different sectors such as healthcare, smart parking, transportation, traffic systems, public safety, smart agriculture, and other sectors can control real-life physical objects and deliver intelligent and smart information to citizens who are the users. However, this smart ICT integration brings about numerous concerns and issues with security and privacy for both smart city citizens and the environments they are built in. The main uses of smart cities are examined in this journal article, along with the security needs for IoT systems supporting them and the identified important privacy and security issues in the smart city application architecture. Following the identification of several security flaws and privacy concerns in the context of smart cities, it then highlights some security and privacy solutions for developing secure smart city systems and presents research opportunities that still need to be considered for performance improvement in the future.
基金supported by the International Scientific and Technological Cooperation Project of Huangpu and Development Districts in Guangzhou(2023GH17)the National Science and Technology Council in Taiwan under grant number NSTC-113-2224-E-027-001,Private Funding(PV009-2023)the KW IPPP(Research Maintenance Fee)Individual/Centre/Group(RMF1506-2021)at Universiti Malaya,Malaysia.
文摘Blockchain interoperability enables seamless communication and asset transfer across isolated permissioned blockchain systems,but it introduces significant security and privacy vulnerabilities.This review aims to systematically assess the security and privacy landscape of interoperability protocols for permissioned blockchains,identifying key properties,attack vectors,and countermeasures.Using PRISMA 2020 guidelines,we analysed 56 peerreviewed studies published between 2020 and 2025,retrieved from Scopus,ScienceDirect,Web of Science,and IEEE Xplore.The review focused on interoperability protocols for permissioned blockchains with security and privacy analyses,including only English-language journal articles and conference proceedings.Risk of bias in the included studies was assessed using the MMAT.Methods for presenting and synthesizing results included descriptive analysis,bibliometric analysis,and content analysis,with findings organized into tables,charts,and comparative summaries.The review classifies interoperability protocols into relay,sidechain,notary scheme,HTLC,and hybrid types and identifies 18 security and privacy properties along with 31 known attack types.Relay-based protocols showed the broadest security coverage,while HTLC and notary schemes demonstrated significant security gaps.Notably,93% of studies examined fewer than four properties or attack types,indicating a fragmented research landscape.The review identifies underexplored areas such as ACID properties,decentralization,and cross-chain attack resilience.It further highlights effective countermeasures,including cryptographic techniques,trusted execution environments,zero-knowledge proofs,and decentralized identity schemes.The findings suggest that despite growing adoption,current interoperability protocols lack comprehensive security evaluations.More holistic research is needed to ensure the resilience,trustworthiness,and scalability of cross-chain operations in permissioned blockchain ecosystems.
基金supported in part by the National Science Foundation of China(62373240,62273224,U24A20259).
文摘Dear Editor,The attacker is always going to intrude covertly networked control systems(NCSs)by dynamically changing false data injection attacks(FDIAs)strategy,while the defender try their best to resist attacks by designing defense strategy on the basis of identifying attack strategy,maintaining stable operation of NCSs.To solve this attack-defense game problem,this letter investigates optimal secure control of NCSs under FDIAs.First,for the alterations of energy caused by false data,a novel attack-defense game model is constructed,which considers the changes of energy caused by the actions of the defender and attacker in the forward and feedback channels.
基金supported by an Institute of Information&Communications Technology Planning&Evaluation(IITP)grant funded by the Korean government(MSIT)(RS-2024-00438156,Development of Security Resilience Technology Based on Network Slicing Services in a 5G Specialized Network).
文摘This study proposes an efficient traffic classification model to address the growing threat of distributed denial-of-service(DDoS)attacks in 5th generation technology standard(5G)slicing networks.The proposed method utilizes an ensemble of encoder components from multiple autoencoders to compress and extract latent representations from high-dimensional traffic data.These representations are then used as input for a support vector machine(SVM)-based metadata classifier,enabling precise detection of attack traffic.This architecture is designed to achieve both high detection accuracy and training efficiency,while adapting flexibly to the diverse service requirements and complexity of 5G network slicing.The model was evaluated using the DDoS Datasets 2022,collected in a simulated 5G slicing environment.Experiments were conducted under both class-balanced and class-imbalanced conditions.In the balanced setting,the model achieved an accuracy of 89.33%,an F1-score of 88.23%,and an Area Under the Curve(AUC)of 89.45%.In the imbalanced setting(attack:normal 7:3),the model maintained strong robustness,=achieving a recall of 100%and an F1-score of 90.91%,demonstrating its effectiveness in diverse real-world scenarios.Compared to existing AI-based detection methods,the proposed model showed higher precision,better handling of class imbalance,and strong generalization performance.Moreover,its modular structure is well-suited for deployment in containerized network function(NF)environments,making it a practical solution for real-world 5G infrastructure.These results highlight the potential of the proposed approach to enhance both the security and operational resilience of 5G slicing networks.
基金Supported by National 242 Plan Project(2005C48)the Technology Innovation Programme Major Projects of Beijing Institute of Technology(2011CX01015)
文摘Three kinds of vulnerabilities that may exist in some of current virtualization-based security monitoring systems were proposed: page mapping problem,lack of overall protection,and inherent limitations. Aiming at these vulnerabilities,relative attack methods were presented in detail. Our experiments show that the attack methods,such as page mapping attack,data attack,and non-behavior detection attack,can attack simulated or original security monitors successfully. Defenders,who need to effectively strengthen their security monitors,can get an inspiration from these attack methods and find some appropriate solutions.
基金partly supported by the National Natural Science Foundation of China(62273298,62273295)Hebei Natural Science Foundation(F2023203063,F2022203025)+1 种基金China Scholarship Council(CSC)(202308130180)Provincial Key Laboratory Performance Subsidy Project(22567612H)
文摘Dear Editor,Industrial Internet of things(IIoT) is a typical application of cyberphysical system(CPS). In the IIoT, wireless communication is an inevitable trend to replace the deployment-limited wired transmission for cases with large-scale and mobile devices. However, wireless communication gives rise to critical issues related to physical security, such as malicious detections and attacks [1].
基金This study was funded by the Chongqing Normal University Startup Foundation for PhD(22XLB021)was also supported by the Open Research Project of the State Key Laboratory of Industrial Control Technology,Zhejiang University,China(No.ICT2023B40).
文摘Internet of Things(IoT)is vulnerable to data-tampering(DT)attacks.Due to resource limitations,many anomaly detection systems(ADSs)for IoT have high false positive rates when detecting DT attacks.This leads to the misreporting of normal data,which will impact the normal operation of IoT.To mitigate the impact caused by the high false positive rate of ADS,this paper proposes an ADS management scheme for clustered IoT.First,we model the data transmission and anomaly detection in clustered IoT.Then,the operation strategy of the clustered IoT is formulated as the running probabilities of all ADSs deployed on every IoT device.In the presence of a high false positive rate in ADSs,to deal with the trade-off between the security and availability of data,we develop a linear programming model referred to as a security trade-off(ST)model.Next,we develop an analysis framework for the ST model,and solve the ST model on an IoT simulation platform.Last,we reveal the effect of some factors on the maximum combined detection rate through theoretical analysis.Simulations show that the ADS management scheme can mitigate the data unavailability loss caused by the high false positive rates in ADS.
基金funded by the Deanship of Graduate Studies and Scientific Research at Jouf University under Grant Number(DGSSR-2023-02-02513).
文摘Spear Phishing Attacks(SPAs)pose a significant threat to the healthcare sector,resulting in data breaches,financial losses,and compromised patient confidentiality.Traditional defenses,such as firewalls and antivirus software,often fail to counter these sophisticated attacks,which target human vulnerabilities.To strengthen defenses,healthcare organizations are increasingly adopting Machine Learning(ML)techniques.ML-based SPA defenses use advanced algorithms to analyze various features,including email content,sender behavior,and attachments,to detect potential threats.This capability enables proactive security measures that address risks in real-time.The interpretability of ML models fosters trust and allows security teams to continuously refine these algorithms as new attack methods emerge.Implementing ML techniques requires integrating diverse data sources,such as electronic health records,email logs,and incident reports,which enhance the algorithms’learning environment.Feedback from end-users further improves model performance.Among tested models,the hierarchical models,Convolutional Neural Network(CNN)achieved the highest accuracy at 99.99%,followed closely by the sequential Bidirectional Long Short-Term Memory(BiLSTM)model at 99.94%.In contrast,the traditional Multi-Layer Perceptron(MLP)model showed an accuracy of 98.46%.This difference underscores the superior performance of advanced sequential and hierarchical models in detecting SPAs compared to traditional approaches.
文摘Recent DDoS attacks against several web sites operated by SONY Playstation caused wide spread outage for several days, and loss of user account information. DDoS attacks by WikiLeaks supporters against VISA, MasterCard, and Paypal servers made headline news globally. These DDoS attack floods are known to crash, or reduce the performance of web based applications, and reduce the number of legitimate client connections/sec. TCP SYN flood is one of the common DDoS attack, and latest operating systems have some form of protection against this attack to prevent the attack in reducing the performance of web applications, and user connections. In this paper, we evaluated the performance of the TCP-SYN attack protection provided in Microsoft’s windows server 2003. It is found that the SYN attack protection provided by the server is effective in preventing attacks only at lower loads of SYN attack traffic, however this built-in protection is found to be not effective against high intensity of SYN attack traffic. Measurement results in this paper can help network operators understand the effectiveness of built-in protection mechanism that exists in millions of Windows server 2003 against one of the most popular DDoS attacks, namely the TCP SYN attack, and help enhance security of their network by additional means.
文摘Enhancing the interconnection of devices and systems,the Internet of Things(IoT)is a paradigm-shifting technology.IoT security concerns are still a substantial concern despite its extraordinary advantages.This paper offers an extensive review of IoT security,emphasizing the technology’s architecture,important security elements,and common attacks.It highlights how important artificial intelligence(AI)is to bolstering IoT security,especially when it comes to addressing risks at different IoT architecture layers.We systematically examined current mitigation strategies and their effectiveness,highlighting contemporary challenges with practical solutions and case studies from a range of industries,such as healthcare,smart homes,and industrial IoT.Our results highlight the importance of AI methods that are lightweight and improve security without compromising the limited resources of devices and computational capability.IoT networks can ensure operational efficiency and resilience by proactively identifying and countering security risks by utilizing machine learning capabilities.This study provides a comprehensive guide for practitioners and researchers aiming to understand the intricate connection between IoT,security challenges,and AI-driven solutions.
文摘There are different types of Cyber Security Attacks that are based on ICMP protocols. Many ICMP protocols are very similar, which may lead security managers to think they may have same impact on victim computer systems or servers. In this paper, we investigate impact of different ICMP based security attacks on two popular server systems namely Microsoft’s Windows Server and Apple’s Mac Server OS running on same hardware platform, and compare their performance under different types of ICMP based security attacks.
基金National Natural Science Foundation of China(No.61772478)
文摘The real-time of network security situation awareness(NSSA)is always affected by the state explosion problem.To solve this problem,a new NSSA method based on layered attack graph(LAG)is proposed.Firstly,network is divided into several logical subnets by community discovery algorithm.The logical subnets and connections between them constitute the logical network.Then,based on the original and logical networks,the selection of attack path is optimized according to the monotonic principle of attack behavior.The proposed method can sharply reduce the attack path scale and hence tackle the state explosion problem in NSSA.The experiments results show that the generation of attack paths by this method consumes 0.029 s while the counterparts by other methods are more than 56 s.Meanwhile,this method can give the same security strategy with other methods.
基金supported by Gansu Higher Education Innovation Fund Project(No.2023B-439)。
文摘Aiming at the industry cyber-physical system(ICPS)where Denial-of-Service(DoS)attacks and actuator failure coexist,the integrated security control problem of ICPS under multi-objective constraints was studied.First,from the perspective of the defender,according to the differential impact of the system under DoS attacks of different energies,the DoS attacks energy grading detection standard was formulated,and the ICPS comprehensive security control framework was constructed.Secondly,a security transmission strategy based on event triggering was designed.Under the DoS attack energy classification detection mechanism,for large-energy attacks,the method based on time series analysis was considered to predict and compensate for lost data.Therefore,on the basis of passive and elastic response to small energy attacks,the active defense capability against DoS attacks was increased.Then by introducing the conecomplement linearization algorithm,the calculation methods of the state and fault estimation observer and the integrated safety controller were deduced,the goal of DoS attack active and passive hybrid intrusion tolerance and actuator failure active fault tolerance were realized.Finally,a simulation example of a four-capacity water tank system was given to verify the validity of the obtained conclusions.
文摘Ransomware attacks have been spreading broadly in the last few years,where attackers deny users’access to their systems and encrypt their files until they pay a ransom,usually in Bitcoin.Of course,that is the worst thing that can happen;especially for organizations having sensitive information.In this paper we proposed a cyber security awareness program intended to provide end-users with a rescue checklist in case of being attacked with a ransomware as well as preventing the attack and ways to recover from it.The program aimed at providing cyber security knowledge to 15 employees in a Sudanese trading and investment company.According to their cyber behaviour before the program,the participants showed a low level cyber security awareness that with 72%they are likely of being attacked by a ransomware from a phishing email,which is well known for spreading ransomware attacks.The results revealed that the cyber security awareness program greatly diminished the probability of being attacked by a ransomware with an average of 28%.This study can be used as a real-life ransomware attack rescue plan.
