With the continuous development of transportation electrification,the cybersecurity of energy infrastructure has become increasingly prominent.Explicitly,EVs resemble a significant tool to carryout cyberattacks since ...With the continuous development of transportation electrification,the cybersecurity of energy infrastructure has become increasingly prominent.Explicitly,EVs resemble a significant tool to carryout cyberattacks since EVs are not only seen as dynamic loads but also as mobile energy sources that establish two-way communications with several players in the grid.This taxonomy aims to provide a comprehensive overview of cyberattacks against EVs from four distinct perspectives.The first is the research domains of EVs application,which investigates the different fields of research related to the development and application of EVs and how they are susceptible to cyber threats.The second is the CIAbased attacks,which examines the threats to the confidentiality,integrity,and availability of EVs'sensitive information and critical systems.The third taxonomy discusses the countermeasures and defensive mechanisms to secure the EVs against cyberattacks,including preventive measures,detection algorithms,response strategy,and recovery techniques.The fourth taxonomy is the verification and validation methodologies,which explores the software tools and hardware testbeds used to test and evaluate the security of EVs against cyber threats.Finally,this taxonomy presents an understanding of the current state of cyberattacks against EVs and serves as a valuable resource for researchers and practitioners in the fields of cybersecurity and electric mobility.展开更多
The rapid growth and pervasive presence of the Internet of Things(IoT)have led to an unparalleled increase in IoT devices,thereby intensifying worries over IoT security.Deep learning(DL)-based intrusion detection(ID)h...The rapid growth and pervasive presence of the Internet of Things(IoT)have led to an unparalleled increase in IoT devices,thereby intensifying worries over IoT security.Deep learning(DL)-based intrusion detection(ID)has emerged as a vital method for protecting IoT environments.To rectify the deficiencies of current detection methodologies,we proposed and developed an IoT cyberattacks detection system(IoT-CDS)based on DL models for detecting bot attacks in IoT networks.The DL models—long short-term memory(LSTM),gated recurrent units(GRUs),and convolutional neural network-LSTM(CNN-LSTM)were suggested to detect and classify IoT attacks.The BoT-IoT dataset was used to examine the proposed IoT-CDS system,and the dataset includes six attacks with normal packets.The experiments conducted on the BoT-IoT network dataset reveal that the LSTM model attained an impressive accuracy rate of 99.99%.Compared with other internal and external methods using the same dataset,it is observed that the LSTM model achieved higher accuracy rates.LSTMs are more efficient than GRUs and CNN-LSTMs in real-time performance and resource efficiency for cyberattack detection.This method,without feature selection,demonstrates advantages in training time and detection accuracy.Consequently,the proposed approach can be extended to improve the security of various IoT applications,representing a significant contribution to IoT security.展开更多
In the early days of IoT’s introduction, it was challenging to introduce encryption communication due to the lackof performance of each component, such as computing resources like CPUs and batteries, to encrypt and d...In the early days of IoT’s introduction, it was challenging to introduce encryption communication due to the lackof performance of each component, such as computing resources like CPUs and batteries, to encrypt and decryptdata. Because IoT is applied and utilized in many important fields, a cyberattack on IoT can result in astronomicalfinancial and human casualties. For this reason, the application of encrypted communication to IoT has beenrequired, and the application of encrypted communication to IoT has become possible due to improvements inthe computing performance of IoT devices and the development of lightweight cryptography. The applicationof encrypted communication in IoT has made it possible to use encrypted communication channels to launchcyberattacks. The approach of extracting evidence of an attack based on the primary information of a networkpacket is no longer valid because critical information, such as the payload in a network packet, is encrypted byencrypted communication. For this reason, technology that can detect cyberattacks over encrypted network trafficoccurring in IoT environments is required. Therefore, this research proposes an encrypted cyberattack detectionsystem for the IoT (ECDS-IoT) that derives valid features for cyberattack detection from the cryptographic networktraffic generated in the IoT environment and performs cyberattack detection based on the derived features. ECDS-IoT identifies identifiable information from encrypted traffic collected in IoT environments and extracts statistics-based features through statistical analysis of identifiable information. ECDS-IoT understands information aboutnormal data by learning only statistical features extracted from normal data. ECDS-IoT detects cyberattacks basedonly on the normal data information it has trained. To evaluate the cyberattack detection performance of theproposed ECDS-IoT in this research, ECDS-IoT used CICIoT2023, a dataset containing encrypted traffic generatedby normal and seven categories of cyberattacks in the IoT environment and experimented with cyberattackdetection on encrypted traffic using Autoencoder, RNN, GRU, LSTM, BiLSTM, and AE-LSTM algorithms. Asa result of evaluating the performance of cyberattack detection for encrypted traffic, ECDS-IoT achieved highperformance such as accuracy 0.99739, precision 0.99154, recall 1.0, F1 score 0.99575, and ROC_AUC 0.99822when using the AE-LSTM algorithm. As shown by the cyberattack detection results of ECDS-IoT, it is possibleto detect most cyberattacks through encrypted traffic. By applying ECDS-IoT to IoT, it can effectively detectcyberattacks concealed in encrypted traffic, promoting the efficient operation of IoT and preventing financial andhuman damage caused by cyberattacks.展开更多
With recent advancements in information and communication technology,a huge volume of corporate and sensitive user data was shared consistently across the network,making it vulnerable to an attack that may be brought ...With recent advancements in information and communication technology,a huge volume of corporate and sensitive user data was shared consistently across the network,making it vulnerable to an attack that may be brought some factors under risk:data availability,confidentiality,and integrity.Intrusion Detection Systems(IDS)were mostly exploited in various networks to help promptly recognize intrusions.Nowadays,blockchain(BC)technology has received much more interest as a means to share data without needing a trusted third person.Therefore,this study designs a new Blockchain Assisted Optimal Machine Learning based Cyberattack Detection and Classification(BAOML-CADC)technique.In the BAOML-CADC technique,the major focus lies in identifying cyberattacks.To do so,the presented BAOML-CADC technique applies a thermal equilibrium algorithm-based feature selection(TEA-FS)method for the optimal choice of features.The BAOML-CADC technique uses an extreme learning machine(ELM)model for cyberattack recognition.In addition,a BC-based integrity verification technique is developed to defend against the misrouting attack,showing the innovation of the work.The experimental validation of BAOML-CADC algorithm is tested on a benchmark cyberattack dataset.The obtained values implied the improved performance of the BAOML-CADC algorithm over other techniques.展开更多
The Internet of Things(IoT)is considered the next-gen connection network and is ubiquitous since it is based on the Internet.Intrusion Detection System(IDS)determines the intrusion performance of terminal equipment an...The Internet of Things(IoT)is considered the next-gen connection network and is ubiquitous since it is based on the Internet.Intrusion Detection System(IDS)determines the intrusion performance of terminal equipment and IoT communication procedures from IoT environments after taking equivalent defence measures based on the identified behaviour.In this back-ground,the current study develops an Enhanced Metaheuristics with Machine Learning enabled Cyberattack Detection and Classification(EMML-CADC)model in an IoT environment.The aim of the presented EMML-CADC model is to detect cyberattacks in IoT environments with enhanced efficiency.To attain this,the EMML-CADC model primarily employs a data preprocessing stage to normalize the data into a uniform format.In addition,Enhanced Cat Swarm Optimization based Feature Selection(ECSO-FS)approach is followed to choose the optimal feature subsets.Besides,Mayfly Optimization(MFO)with Twin Support Vector Machine(TSVM),called the MFO-TSVM model,is utilized for the detection and classification of cyberattacks.Here,the MFO model has been exploited to fine-tune the TSVM variables for enhanced results.The performance of the proposed EMML-CADC model was validated using a benchmark dataset,and the results were inspected under several measures.The comparative study concluded that the EMML-CADC model is superior to other models under different measures.展开更多
The national grid and other life-sustaining critical infrastructures face an unprecedented threat from prolonged blackouts,which could last over a year and pose a severe risk to national security.Whether caused by phy...The national grid and other life-sustaining critical infrastructures face an unprecedented threat from prolonged blackouts,which could last over a year and pose a severe risk to national security.Whether caused by physical attacks,EMP(electromagnetic pulse)events,or cyberattacks,such disruptions could cripple essential services like water supply,healthcare,communication,and transportation.Research indicates that an attack on just nine key substations could result in a coast-to-coast blackout lasting up to 18 months,leading to economic collapse,civil unrest,and a breakdown of public order.This paper explores the key vulnerabilities of the grid,the potential impacts of prolonged blackouts,and the role of AI(artificial intelligence)and ML(machine learning)in mitigating these threats.AI-driven cybersecurity measures,predictive maintenance,automated threat response,and EMP resilience strategies are discussed as essential solutions to bolster grid security.Policy recommendations emphasize the need for hardened infrastructure,enhanced cybersecurity,redundant power systems,and AI-based grid management to ensure national resilience.Without proactive measures,the nation remains exposed to a catastrophic power grid failure that could have dire consequences for society and the economy.展开更多
The explosive expansion of the Internet of Things(IoT)systems has increased the imperative to have strong and robust solutions to cyber Security,especially to curtail Distributed Denial of Service(DDoS)attacks,which c...The explosive expansion of the Internet of Things(IoT)systems has increased the imperative to have strong and robust solutions to cyber Security,especially to curtail Distributed Denial of Service(DDoS)attacks,which can cripple critical infrastructure.The proposed framework presented in the current paper is a new hybrid scheme that induces deep learning-based traffic classification and blockchain-enabledmitigation tomake intelligent,decentralized,and real-time DDoS countermeasures in an IoT network.The proposed model fuses the extracted deep features with statistical features and trains them by using traditional machine-learning algorithms,which makes them more accurate in detection than statistical features alone,based on the Convolutional Neural Network(CNN)architecture,which can extract deep features.A permissioned blockchain will be included to record the threat cases immutably and automatically execute mitigation measures through smart contracts to provide transparency and resilience.When tested on two test sets,BoT-IoT and IoT-23,the framework obtains a maximum F1-score at 97.5 percent and only a 1.8 percent false positive rate,which compares favorably to other solutions regarding effectiveness and the amount of time required to respond.Our findings support the feasibility of our method as an extensible and secure paradigm of nextgeneration IoT security,which has constrictive utility in mission-critical or resource-constrained settings.The work is a substantial milestone in autonomous and trustful mitigation against DDoS attacks through intelligent learning and decentralized enforcement.展开更多
To warn the cascading failures caused by cyberattacks(CFCAs)in real time and reduce their damage on cyber-physical power systems(CPPSs),a novel early warning method based on attack gains and cost principle(AGCP)is pro...To warn the cascading failures caused by cyberattacks(CFCAs)in real time and reduce their damage on cyber-physical power systems(CPPSs),a novel early warning method based on attack gains and cost principle(AGCP)is proposed.Firstly,according to the CFCA characteristics,the leading role of attackers in the whole evolutionary process is discussed.The breaking out of a CFCA is deduced based on the AGCP from the view of attackers,and the priority order of all CFCAs is then provided.Then,the method to calculate the probability of CFCAs is proposed,and an early warning model for CFCA is designed.Finally,to verify the effectiveness of this method,a variety of CFCAs are simulated in a local CPPS model based on the IEEE 39-bus system.The experimental results demonstrate that this method can be used as a reliable assistant analysis technology to facilitate early warning of CFCAs.展开更多
With the wide integration of various distributed communication and control techniques,the cyber-physical microgrids face critical challenges raised by the emerging cyberattacks.This paper proposes a three-stage defens...With the wide integration of various distributed communication and control techniques,the cyber-physical microgrids face critical challenges raised by the emerging cyberattacks.This paper proposes a three-stage defensive framework for distributed microgrids against denial of service(DoS)and false data injection(FDI)attacks,including resilient control,communication network reconfiguration,and switching of local control.The resilient control in the first stage is capable of tackling simultaneous DoS and FDI attacks when the connectivity of communication network could be maintained under cyberattacks.The communication network reconfiguration method in the second stage and the subsequent switching of local control in the third stage based on the software-defined network(SDN)layer aim to cope with the network partitions caused by cyberattacks.The proposed defensive framework could effectively mitigate the impacts of a wide range of simultaneous DoS and FDI attacks in microgrids without requiring the specific assumptions of attacks and prompt detections,which would not incorporate additional cyberattack risks.Extensive case studies using a 13-bus microgrid system are conducted to validate the effectiveness of the proposed three-stage defensive framework against the simultaneous DoS and FDI attacks.展开更多
In order to ensure the safety of connected and automated vehicles(CAVs)threatened by cyberattack in the confluence area and mitigate the adverse impact of cyberattack propagation,a framework is built to depict the imp...In order to ensure the safety of connected and automated vehicles(CAVs)threatened by cyberattack in the confluence area and mitigate the adverse impact of cyberattack propagation,a framework is built to depict the impact of cyberattacks on traffic operation.Based on this framework,corresponding propagation suppression strategies are proposed for different types of cyberattacks in different periods.Under centralized control,game theory is used to solve the confluence sequence corresponding to the strategies.The results show that the proposed method can effectively inhibit the spread of cyberattacks on the premise of security.The initial control effect is the best.Compared with uncontrolled condition,in the 100 timesteps,11 susceptible vehicles are finally added,and the second is the immunity period,in which 10 susceptible vehicles were protected from cyberattack.Outbreak and latency control strategies also protect some vehicles.Under the control strategy of each stage,the peak value of infected vehicles and the duration of cyberattack are improved compared with the uncontrolled strategy.In addition,the traffic efficiency in the confluence area is also improved.This method can also be extended to such road types as diverging section,weaving section and intersection,so as to reduce the impact of cyberattacks on road network scale.展开更多
The state of the cyberspace portends uncertainty for the future Internet and its accelerated number of users.New paradigms add more concerns with big data collected through device sensors divulging large amounts of in...The state of the cyberspace portends uncertainty for the future Internet and its accelerated number of users.New paradigms add more concerns with big data collected through device sensors divulging large amounts of information,which can be used for targeted attacks.Though a plethora of extant approaches,models and algorithms have provided the basis for cyberattack predictions,there is the need to consider new models and algorithms,which are based on data representations other than task-specific techniques.Deep learning,which is underpinned by representation learning,has found widespread relevance in computer vision,speech recognition,natural language processing,audio recognition,and drug design.However,its non-linear information processing architecture can be adapted towards learning the different data representations of network traffic to classify benign and malicious network packets.In this paper,we model cyberattack prediction as a classification problem.Furthermore,the deep learning architecture was co-opted into a new model using rectified linear units(ReLU)as the activation function in the hidden layers of a deep feed forward neural network.Our approach achieves a greedy layer-by-layer learning process that best represents the features useful for predicting cyberattacks in a dataset of benign and malign traffic.The underlying algorithm of the model also performs feature selection,dimensionality reduction,and clustering at the initial stage,to generate a set of input vectors called hyper-features.The model is evaluated using CICIDS2017 and UNSW_NB15 datasets on a Python environment test bed.Results obtained from experimentation show that our model demonstrates superior performance over similar models.展开更多
The state of the cyberspace portends uncertainty for the future Internet and its accelerated number of users.New paradigms add more concerns with big data collected through device sensors divulging large amounts of in...The state of the cyberspace portends uncertainty for the future Internet and its accelerated number of users.New paradigms add more concerns with big data collected through device sensors divulging large amounts of information,which can be used for targeted attacks.Though a plethora of extant approaches,models and algorithms have provided the basis for cyberattack predictions,there is the need to consider new models and algorithms,which are based on data representations other than task-specific techniques.Deep learning,which is underpinned by representation learning,has found widespread relevance in computer vision,speech recognition,natural language processing,audio recognition,and drug design.However,its non-linear information processing architecture can be adapted towards learning the different data representations of network traffic to classify benign and malicious network packets.In this paper,we model cyberattack prediction as a classification problem.Furthermore,the deep learning architecture was co-opted into a new model using rectified linear units(ReLU)as the activation function in the hidden layers of a deep feed forward neural network.Our approach achieves a greedy layer-by-layer learning process that best represents the features useful for predicting cyberattacks in a dataset of benign and malign traffic.The underlying algorithm of the model also performs feature selection,dimensionality reduction,and clustering at the initial stage,to generate a set of input vectors called hyper-features.The model is evaluated using CICIDS2017 and UNSW_NB15 datasets on a Python environment test bed.Results obtained from experimentation show that our model demonstrates superior performance over similar models.展开更多
When it comes to smart healthcare business systems,network-based intrusion detection systems are crucial for protecting the system and its networks from malicious network assaults.To protect IoMT devices and networks ...When it comes to smart healthcare business systems,network-based intrusion detection systems are crucial for protecting the system and its networks from malicious network assaults.To protect IoMT devices and networks in healthcare and medical settings,our proposed model serves as a powerful tool for monitoring IoMT networks.This study presents a robust methodology for intrusion detection in Internet of Medical Things(IoMT)environments,integrating data augmentation,feature selection,and ensemble learning to effectively handle IoMT data complexity.Following rigorous preprocessing,including feature extraction,correlation removal,and Recursive Feature Elimi-nation(RFE),selected features are standardized and reshaped for deep learning models.Augmentation using the BAT algorithm enhances dataset variability.Three deep learning models,Transformer-based neural networks,self-attention Deep Convolutional Neural Networks(DCNNs),and Long Short-Term Memory(LSTM)networks,are trained to capture diverse data aspects.Their predictions form a meta-feature set for a subsequent meta-learner,which combines model strengths.Conventional classifiers validate meta-learner features for broad algorithm suitability.This comprehensive method demonstrates high accuracy and robustness in IoMT intrusion detection.Evaluations were conducted using two datasets:the publicly available WUSTL-EHMS-2020 dataset,which contains two distinct categories,and the CICIoMT2024 dataset,encompassing sixteen categories.Experimental results showcase the method’s exceptional performance,achieving optimal scores of 100%on the WUSTL-EHMS-2020 dataset and 99%on the CICIoMT2024.展开更多
The rapid expansion of Internet of Things (IoT) devices across various sectors is driven by steadily increasingdemands for interconnected and smart technologies. Nevertheless, the surge in the number of IoT device has...The rapid expansion of Internet of Things (IoT) devices across various sectors is driven by steadily increasingdemands for interconnected and smart technologies. Nevertheless, the surge in the number of IoT device hascaught the attention of cyber hackers, as it provides them with expanded avenues to access valuable data. Thishas resulted in a myriad of security challenges, including information leakage, malware propagation, and financialloss, among others. Consequently, developing an intrusion detection system to identify both active and potentialintrusion traffic in IoT networks is of paramount importance. In this paper, we propose ResNeSt-biGRU, a practicalintrusion detection model that combines the strengths of ResNeSt, a variant of Residual Neural Network, andbidirectionalGated RecurrentUnitNetwork (biGRU).Our ResNeSt-biGRUframework diverges fromconventionalintrusion detection systems (IDS) by employing this dual-layeredmechanism that exploits the temporal continuityand spatial feature within network data streams, a methodological innovation that enhances detection accuracy.In conjunction with this, we introduce the PreIoT dataset, a compilation of prevalent IoT network behaviors, totrain and evaluate IDSmodels with a focus on identifying potential intrusion traffics. The effectiveness of proposedscheme is demonstrated through testing, wherein it achieved an average accuracy of 99.90% on theN-BaIoT datasetas well as on the PreIoT dataset and 94.45% on UNSW-NB15 dataset. The outcomes of this research reveal thepotential of ResNeSt-biGRU to bolster security measures, diminish intrusion-related vulnerabilities, and preservethe overall security of IoT ecosystems.展开更多
The extensive utilization of the Internet in everyday life can be attributed to the substantial accessibility of online services and the growing significance of the data transmitted via the Internet.Regrettably,this d...The extensive utilization of the Internet in everyday life can be attributed to the substantial accessibility of online services and the growing significance of the data transmitted via the Internet.Regrettably,this development has expanded the potential targets that hackers might exploit.Without adequate safeguards,data transmitted on the internet is significantly more susceptible to unauthorized access,theft,or alteration.The identification of unauthorised access attempts is a critical component of cybersecurity as it aids in the detection and prevention of malicious attacks.This research paper introduces a novel intrusion detection framework that utilizes Recurrent Neural Networks(RNN)integrated with Long Short-Term Memory(LSTM)units.The proposed model can identify various types of cyberattacks,including conventional and distinctive forms.Recurrent networks,a specific kind of feedforward neural networks,possess an intrinsic memory component.Recurrent Neural Networks(RNNs)incorporating Long Short-Term Memory(LSTM)mechanisms have demonstrated greater capabilities in retaining and utilizing data dependencies over extended periods.Metrics such as data types,training duration,accuracy,number of false positives,and number of false negatives are among the parameters employed to assess the effectiveness of these models in identifying both common and unusual cyberattacks.RNNs are utilised in conjunction with LSTM to support human analysts in identifying possible intrusion events,hence enhancing their decision-making capabilities.A potential solution to address the limitations of Shallow learning is the introduction of the Eccentric Intrusion Detection Model.This model utilises Recurrent Neural Networks,specifically exploiting LSTM techniques.The proposed model achieves detection accuracy(99.5%),generalisation(99%),and false-positive rate(0.72%),the parameters findings reveal that it is superior to state-of-the-art techniques.展开更多
More businesses are deploying powerful Intrusion Detection Systems(IDS)to secure their data and physical assets.Improved cyber-attack detection and prevention in these systems requires machine learning(ML)approaches.T...More businesses are deploying powerful Intrusion Detection Systems(IDS)to secure their data and physical assets.Improved cyber-attack detection and prevention in these systems requires machine learning(ML)approaches.This paper examines a cyber-attack prediction system combining feature selection(FS)and ML.Our technique’s foundation was based on Correlation Analysis(CA),Mutual Information(MI),and recursive feature reduction with cross-validation.To optimize the IDS performance,the security features must be carefully selected from multiple-dimensional datasets,and our hybrid FS technique must be extended to validate our methodology using the improved UNSW-NB 15 and TON_IoT datasets.Our technique identified 22 key characteristics in UNSW-NB-15 and 8 in TON_IoT.We evaluated prediction using seven ML methods:Decision Tree(DT),Random Forest(RF),Logistic Regression(LR),Naive Bayes(NB),K-Nearest Neighbors(KNN),Support Vector Machines(SVM),and Multilayer Perceptron(MLP)classifiers.The DT,RF,NB,and MLP classifiers helped our model surpass the competition on both datasets.Therefore,the investigational outcomes of our hybrid model may help IDSs defend business assets from various cyberattack vectors.展开更多
基金supported by the Deanship of Postgraduate Studies and Scientific Research at Majmaah University under Project(Grant No R-2024-1183)。
文摘With the continuous development of transportation electrification,the cybersecurity of energy infrastructure has become increasingly prominent.Explicitly,EVs resemble a significant tool to carryout cyberattacks since EVs are not only seen as dynamic loads but also as mobile energy sources that establish two-way communications with several players in the grid.This taxonomy aims to provide a comprehensive overview of cyberattacks against EVs from four distinct perspectives.The first is the research domains of EVs application,which investigates the different fields of research related to the development and application of EVs and how they are susceptible to cyber threats.The second is the CIAbased attacks,which examines the threats to the confidentiality,integrity,and availability of EVs'sensitive information and critical systems.The third taxonomy discusses the countermeasures and defensive mechanisms to secure the EVs against cyberattacks,including preventive measures,detection algorithms,response strategy,and recovery techniques.The fourth taxonomy is the verification and validation methodologies,which explores the software tools and hardware testbeds used to test and evaluate the security of EVs against cyber threats.Finally,this taxonomy presents an understanding of the current state of cyberattacks against EVs and serves as a valuable resource for researchers and practitioners in the fields of cybersecurity and electric mobility.
文摘The rapid growth and pervasive presence of the Internet of Things(IoT)have led to an unparalleled increase in IoT devices,thereby intensifying worries over IoT security.Deep learning(DL)-based intrusion detection(ID)has emerged as a vital method for protecting IoT environments.To rectify the deficiencies of current detection methodologies,we proposed and developed an IoT cyberattacks detection system(IoT-CDS)based on DL models for detecting bot attacks in IoT networks.The DL models—long short-term memory(LSTM),gated recurrent units(GRUs),and convolutional neural network-LSTM(CNN-LSTM)were suggested to detect and classify IoT attacks.The BoT-IoT dataset was used to examine the proposed IoT-CDS system,and the dataset includes six attacks with normal packets.The experiments conducted on the BoT-IoT network dataset reveal that the LSTM model attained an impressive accuracy rate of 99.99%.Compared with other internal and external methods using the same dataset,it is observed that the LSTM model achieved higher accuracy rates.LSTMs are more efficient than GRUs and CNN-LSTMs in real-time performance and resource efficiency for cyberattack detection.This method,without feature selection,demonstrates advantages in training time and detection accuracy.Consequently,the proposed approach can be extended to improve the security of various IoT applications,representing a significant contribution to IoT security.
基金supported by the Institute of Information&Communications Technology Planning&Evaluation(IITP)grant funded by the Korea government(MSIT)(No.2021-0-00493,5G Massive Next Generation Cyber Attack Deception Technology Development).
文摘In the early days of IoT’s introduction, it was challenging to introduce encryption communication due to the lackof performance of each component, such as computing resources like CPUs and batteries, to encrypt and decryptdata. Because IoT is applied and utilized in many important fields, a cyberattack on IoT can result in astronomicalfinancial and human casualties. For this reason, the application of encrypted communication to IoT has beenrequired, and the application of encrypted communication to IoT has become possible due to improvements inthe computing performance of IoT devices and the development of lightweight cryptography. The applicationof encrypted communication in IoT has made it possible to use encrypted communication channels to launchcyberattacks. The approach of extracting evidence of an attack based on the primary information of a networkpacket is no longer valid because critical information, such as the payload in a network packet, is encrypted byencrypted communication. For this reason, technology that can detect cyberattacks over encrypted network trafficoccurring in IoT environments is required. Therefore, this research proposes an encrypted cyberattack detectionsystem for the IoT (ECDS-IoT) that derives valid features for cyberattack detection from the cryptographic networktraffic generated in the IoT environment and performs cyberattack detection based on the derived features. ECDS-IoT identifies identifiable information from encrypted traffic collected in IoT environments and extracts statistics-based features through statistical analysis of identifiable information. ECDS-IoT understands information aboutnormal data by learning only statistical features extracted from normal data. ECDS-IoT detects cyberattacks basedonly on the normal data information it has trained. To evaluate the cyberattack detection performance of theproposed ECDS-IoT in this research, ECDS-IoT used CICIoT2023, a dataset containing encrypted traffic generatedby normal and seven categories of cyberattacks in the IoT environment and experimented with cyberattackdetection on encrypted traffic using Autoencoder, RNN, GRU, LSTM, BiLSTM, and AE-LSTM algorithms. Asa result of evaluating the performance of cyberattack detection for encrypted traffic, ECDS-IoT achieved highperformance such as accuracy 0.99739, precision 0.99154, recall 1.0, F1 score 0.99575, and ROC_AUC 0.99822when using the AE-LSTM algorithm. As shown by the cyberattack detection results of ECDS-IoT, it is possibleto detect most cyberattacks through encrypted traffic. By applying ECDS-IoT to IoT, it can effectively detectcyberattacks concealed in encrypted traffic, promoting the efficient operation of IoT and preventing financial andhuman damage caused by cyberattacks.
基金This work was funded by the Deanship of Scientific Research at Princess Nourah bint Abdulrahman University,through the Research Groups Program Grant No.(RGP-1443-0051)。
文摘With recent advancements in information and communication technology,a huge volume of corporate and sensitive user data was shared consistently across the network,making it vulnerable to an attack that may be brought some factors under risk:data availability,confidentiality,and integrity.Intrusion Detection Systems(IDS)were mostly exploited in various networks to help promptly recognize intrusions.Nowadays,blockchain(BC)technology has received much more interest as a means to share data without needing a trusted third person.Therefore,this study designs a new Blockchain Assisted Optimal Machine Learning based Cyberattack Detection and Classification(BAOML-CADC)technique.In the BAOML-CADC technique,the major focus lies in identifying cyberattacks.To do so,the presented BAOML-CADC technique applies a thermal equilibrium algorithm-based feature selection(TEA-FS)method for the optimal choice of features.The BAOML-CADC technique uses an extreme learning machine(ELM)model for cyberattack recognition.In addition,a BC-based integrity verification technique is developed to defend against the misrouting attack,showing the innovation of the work.The experimental validation of BAOML-CADC algorithm is tested on a benchmark cyberattack dataset.The obtained values implied the improved performance of the BAOML-CADC algorithm over other techniques.
文摘The Internet of Things(IoT)is considered the next-gen connection network and is ubiquitous since it is based on the Internet.Intrusion Detection System(IDS)determines the intrusion performance of terminal equipment and IoT communication procedures from IoT environments after taking equivalent defence measures based on the identified behaviour.In this back-ground,the current study develops an Enhanced Metaheuristics with Machine Learning enabled Cyberattack Detection and Classification(EMML-CADC)model in an IoT environment.The aim of the presented EMML-CADC model is to detect cyberattacks in IoT environments with enhanced efficiency.To attain this,the EMML-CADC model primarily employs a data preprocessing stage to normalize the data into a uniform format.In addition,Enhanced Cat Swarm Optimization based Feature Selection(ECSO-FS)approach is followed to choose the optimal feature subsets.Besides,Mayfly Optimization(MFO)with Twin Support Vector Machine(TSVM),called the MFO-TSVM model,is utilized for the detection and classification of cyberattacks.Here,the MFO model has been exploited to fine-tune the TSVM variables for enhanced results.The performance of the proposed EMML-CADC model was validated using a benchmark dataset,and the results were inspected under several measures.The comparative study concluded that the EMML-CADC model is superior to other models under different measures.
文摘The national grid and other life-sustaining critical infrastructures face an unprecedented threat from prolonged blackouts,which could last over a year and pose a severe risk to national security.Whether caused by physical attacks,EMP(electromagnetic pulse)events,or cyberattacks,such disruptions could cripple essential services like water supply,healthcare,communication,and transportation.Research indicates that an attack on just nine key substations could result in a coast-to-coast blackout lasting up to 18 months,leading to economic collapse,civil unrest,and a breakdown of public order.This paper explores the key vulnerabilities of the grid,the potential impacts of prolonged blackouts,and the role of AI(artificial intelligence)and ML(machine learning)in mitigating these threats.AI-driven cybersecurity measures,predictive maintenance,automated threat response,and EMP resilience strategies are discussed as essential solutions to bolster grid security.Policy recommendations emphasize the need for hardened infrastructure,enhanced cybersecurity,redundant power systems,and AI-based grid management to ensure national resilience.Without proactive measures,the nation remains exposed to a catastrophic power grid failure that could have dire consequences for society and the economy.
文摘The explosive expansion of the Internet of Things(IoT)systems has increased the imperative to have strong and robust solutions to cyber Security,especially to curtail Distributed Denial of Service(DDoS)attacks,which can cripple critical infrastructure.The proposed framework presented in the current paper is a new hybrid scheme that induces deep learning-based traffic classification and blockchain-enabledmitigation tomake intelligent,decentralized,and real-time DDoS countermeasures in an IoT network.The proposed model fuses the extracted deep features with statistical features and trains them by using traditional machine-learning algorithms,which makes them more accurate in detection than statistical features alone,based on the Convolutional Neural Network(CNN)architecture,which can extract deep features.A permissioned blockchain will be included to record the threat cases immutably and automatically execute mitigation measures through smart contracts to provide transparency and resilience.When tested on two test sets,BoT-IoT and IoT-23,the framework obtains a maximum F1-score at 97.5 percent and only a 1.8 percent false positive rate,which compares favorably to other solutions regarding effectiveness and the amount of time required to respond.Our findings support the feasibility of our method as an extensible and secure paradigm of nextgeneration IoT security,which has constrictive utility in mission-critical or resource-constrained settings.The work is a substantial milestone in autonomous and trustful mitigation against DDoS attacks through intelligent learning and decentralized enforcement.
基金supported by the National Key Research and Development Program of China(No.2017YFB0903000)National Natural Science Foundation of China(No.61471328)Natural Science Foundation of Tianjin City(No.15JCQNJC07000).
文摘To warn the cascading failures caused by cyberattacks(CFCAs)in real time and reduce their damage on cyber-physical power systems(CPPSs),a novel early warning method based on attack gains and cost principle(AGCP)is proposed.Firstly,according to the CFCA characteristics,the leading role of attackers in the whole evolutionary process is discussed.The breaking out of a CFCA is deduced based on the AGCP from the view of attackers,and the priority order of all CFCAs is then provided.Then,the method to calculate the probability of CFCAs is proposed,and an early warning model for CFCA is designed.Finally,to verify the effectiveness of this method,a variety of CFCAs are simulated in a local CPPS model based on the IEEE 39-bus system.The experimental results demonstrate that this method can be used as a reliable assistant analysis technology to facilitate early warning of CFCAs.
文摘With the wide integration of various distributed communication and control techniques,the cyber-physical microgrids face critical challenges raised by the emerging cyberattacks.This paper proposes a three-stage defensive framework for distributed microgrids against denial of service(DoS)and false data injection(FDI)attacks,including resilient control,communication network reconfiguration,and switching of local control.The resilient control in the first stage is capable of tackling simultaneous DoS and FDI attacks when the connectivity of communication network could be maintained under cyberattacks.The communication network reconfiguration method in the second stage and the subsequent switching of local control in the third stage based on the software-defined network(SDN)layer aim to cope with the network partitions caused by cyberattacks.The proposed defensive framework could effectively mitigate the impacts of a wide range of simultaneous DoS and FDI attacks in microgrids without requiring the specific assumptions of attacks and prompt detections,which would not incorporate additional cyberattack risks.Extensive case studies using a 13-bus microgrid system are conducted to validate the effectiveness of the proposed three-stage defensive framework against the simultaneous DoS and FDI attacks.
基金supported by Key Research and Development Program of Shaanxi (Grant No.2023-YBGY-118)Scientific Research Project of Department of Transport of Shaanxi Province (Grant No.22-13X)。
文摘In order to ensure the safety of connected and automated vehicles(CAVs)threatened by cyberattack in the confluence area and mitigate the adverse impact of cyberattack propagation,a framework is built to depict the impact of cyberattacks on traffic operation.Based on this framework,corresponding propagation suppression strategies are proposed for different types of cyberattacks in different periods.Under centralized control,game theory is used to solve the confluence sequence corresponding to the strategies.The results show that the proposed method can effectively inhibit the spread of cyberattacks on the premise of security.The initial control effect is the best.Compared with uncontrolled condition,in the 100 timesteps,11 susceptible vehicles are finally added,and the second is the immunity period,in which 10 susceptible vehicles were protected from cyberattack.Outbreak and latency control strategies also protect some vehicles.Under the control strategy of each stage,the peak value of infected vehicles and the duration of cyberattack are improved compared with the uncontrolled strategy.In addition,the traffic efficiency in the confluence area is also improved.This method can also be extended to such road types as diverging section,weaving section and intersection,so as to reduce the impact of cyberattacks on road network scale.
文摘The state of the cyberspace portends uncertainty for the future Internet and its accelerated number of users.New paradigms add more concerns with big data collected through device sensors divulging large amounts of information,which can be used for targeted attacks.Though a plethora of extant approaches,models and algorithms have provided the basis for cyberattack predictions,there is the need to consider new models and algorithms,which are based on data representations other than task-specific techniques.Deep learning,which is underpinned by representation learning,has found widespread relevance in computer vision,speech recognition,natural language processing,audio recognition,and drug design.However,its non-linear information processing architecture can be adapted towards learning the different data representations of network traffic to classify benign and malicious network packets.In this paper,we model cyberattack prediction as a classification problem.Furthermore,the deep learning architecture was co-opted into a new model using rectified linear units(ReLU)as the activation function in the hidden layers of a deep feed forward neural network.Our approach achieves a greedy layer-by-layer learning process that best represents the features useful for predicting cyberattacks in a dataset of benign and malign traffic.The underlying algorithm of the model also performs feature selection,dimensionality reduction,and clustering at the initial stage,to generate a set of input vectors called hyper-features.The model is evaluated using CICIDS2017 and UNSW_NB15 datasets on a Python environment test bed.Results obtained from experimentation show that our model demonstrates superior performance over similar models.
文摘The state of the cyberspace portends uncertainty for the future Internet and its accelerated number of users.New paradigms add more concerns with big data collected through device sensors divulging large amounts of information,which can be used for targeted attacks.Though a plethora of extant approaches,models and algorithms have provided the basis for cyberattack predictions,there is the need to consider new models and algorithms,which are based on data representations other than task-specific techniques.Deep learning,which is underpinned by representation learning,has found widespread relevance in computer vision,speech recognition,natural language processing,audio recognition,and drug design.However,its non-linear information processing architecture can be adapted towards learning the different data representations of network traffic to classify benign and malicious network packets.In this paper,we model cyberattack prediction as a classification problem.Furthermore,the deep learning architecture was co-opted into a new model using rectified linear units(ReLU)as the activation function in the hidden layers of a deep feed forward neural network.Our approach achieves a greedy layer-by-layer learning process that best represents the features useful for predicting cyberattacks in a dataset of benign and malign traffic.The underlying algorithm of the model also performs feature selection,dimensionality reduction,and clustering at the initial stage,to generate a set of input vectors called hyper-features.The model is evaluated using CICIDS2017 and UNSW_NB15 datasets on a Python environment test bed.Results obtained from experimentation show that our model demonstrates superior performance over similar models.
基金supported by the Deanship of Graduate Studies and Scientific Research at Jouf University under grant No.DGSSR-2023-02-02116.
文摘When it comes to smart healthcare business systems,network-based intrusion detection systems are crucial for protecting the system and its networks from malicious network assaults.To protect IoMT devices and networks in healthcare and medical settings,our proposed model serves as a powerful tool for monitoring IoMT networks.This study presents a robust methodology for intrusion detection in Internet of Medical Things(IoMT)environments,integrating data augmentation,feature selection,and ensemble learning to effectively handle IoMT data complexity.Following rigorous preprocessing,including feature extraction,correlation removal,and Recursive Feature Elimi-nation(RFE),selected features are standardized and reshaped for deep learning models.Augmentation using the BAT algorithm enhances dataset variability.Three deep learning models,Transformer-based neural networks,self-attention Deep Convolutional Neural Networks(DCNNs),and Long Short-Term Memory(LSTM)networks,are trained to capture diverse data aspects.Their predictions form a meta-feature set for a subsequent meta-learner,which combines model strengths.Conventional classifiers validate meta-learner features for broad algorithm suitability.This comprehensive method demonstrates high accuracy and robustness in IoMT intrusion detection.Evaluations were conducted using two datasets:the publicly available WUSTL-EHMS-2020 dataset,which contains two distinct categories,and the CICIoMT2024 dataset,encompassing sixteen categories.Experimental results showcase the method’s exceptional performance,achieving optimal scores of 100%on the WUSTL-EHMS-2020 dataset and 99%on the CICIoMT2024.
基金the National Natural Science Foundation of China(No.61662004).
文摘The rapid expansion of Internet of Things (IoT) devices across various sectors is driven by steadily increasingdemands for interconnected and smart technologies. Nevertheless, the surge in the number of IoT device hascaught the attention of cyber hackers, as it provides them with expanded avenues to access valuable data. Thishas resulted in a myriad of security challenges, including information leakage, malware propagation, and financialloss, among others. Consequently, developing an intrusion detection system to identify both active and potentialintrusion traffic in IoT networks is of paramount importance. In this paper, we propose ResNeSt-biGRU, a practicalintrusion detection model that combines the strengths of ResNeSt, a variant of Residual Neural Network, andbidirectionalGated RecurrentUnitNetwork (biGRU).Our ResNeSt-biGRUframework diverges fromconventionalintrusion detection systems (IDS) by employing this dual-layeredmechanism that exploits the temporal continuityand spatial feature within network data streams, a methodological innovation that enhances detection accuracy.In conjunction with this, we introduce the PreIoT dataset, a compilation of prevalent IoT network behaviors, totrain and evaluate IDSmodels with a focus on identifying potential intrusion traffics. The effectiveness of proposedscheme is demonstrated through testing, wherein it achieved an average accuracy of 99.90% on theN-BaIoT datasetas well as on the PreIoT dataset and 94.45% on UNSW-NB15 dataset. The outcomes of this research reveal thepotential of ResNeSt-biGRU to bolster security measures, diminish intrusion-related vulnerabilities, and preservethe overall security of IoT ecosystems.
基金This work was supported partially by the MSIT(Ministry of Science and ICT),Korea,under the ITRC(Information Technology Research Center)Support Program(IITP-2024-2018-0-01431)supervised by the IITP(Institute for Information&Communications Technology Planning&Evaluation).
文摘The extensive utilization of the Internet in everyday life can be attributed to the substantial accessibility of online services and the growing significance of the data transmitted via the Internet.Regrettably,this development has expanded the potential targets that hackers might exploit.Without adequate safeguards,data transmitted on the internet is significantly more susceptible to unauthorized access,theft,or alteration.The identification of unauthorised access attempts is a critical component of cybersecurity as it aids in the detection and prevention of malicious attacks.This research paper introduces a novel intrusion detection framework that utilizes Recurrent Neural Networks(RNN)integrated with Long Short-Term Memory(LSTM)units.The proposed model can identify various types of cyberattacks,including conventional and distinctive forms.Recurrent networks,a specific kind of feedforward neural networks,possess an intrinsic memory component.Recurrent Neural Networks(RNNs)incorporating Long Short-Term Memory(LSTM)mechanisms have demonstrated greater capabilities in retaining and utilizing data dependencies over extended periods.Metrics such as data types,training duration,accuracy,number of false positives,and number of false negatives are among the parameters employed to assess the effectiveness of these models in identifying both common and unusual cyberattacks.RNNs are utilised in conjunction with LSTM to support human analysts in identifying possible intrusion events,hence enhancing their decision-making capabilities.A potential solution to address the limitations of Shallow learning is the introduction of the Eccentric Intrusion Detection Model.This model utilises Recurrent Neural Networks,specifically exploiting LSTM techniques.The proposed model achieves detection accuracy(99.5%),generalisation(99%),and false-positive rate(0.72%),the parameters findings reveal that it is superior to state-of-the-art techniques.
文摘More businesses are deploying powerful Intrusion Detection Systems(IDS)to secure their data and physical assets.Improved cyber-attack detection and prevention in these systems requires machine learning(ML)approaches.This paper examines a cyber-attack prediction system combining feature selection(FS)and ML.Our technique’s foundation was based on Correlation Analysis(CA),Mutual Information(MI),and recursive feature reduction with cross-validation.To optimize the IDS performance,the security features must be carefully selected from multiple-dimensional datasets,and our hybrid FS technique must be extended to validate our methodology using the improved UNSW-NB 15 and TON_IoT datasets.Our technique identified 22 key characteristics in UNSW-NB-15 and 8 in TON_IoT.We evaluated prediction using seven ML methods:Decision Tree(DT),Random Forest(RF),Logistic Regression(LR),Naive Bayes(NB),K-Nearest Neighbors(KNN),Support Vector Machines(SVM),and Multilayer Perceptron(MLP)classifiers.The DT,RF,NB,and MLP classifiers helped our model surpass the competition on both datasets.Therefore,the investigational outcomes of our hybrid model may help IDSs defend business assets from various cyberattack vectors.
