Journal of Cyber Security and Mobility

Developing Adaptive Homomorphic Encryption through Exploration of Differential Privacy

Yulliwas Ameur — 2024-09-03

Machine Learning (ML) classifiers are pivotal in various applied ML domains. The accuracy of these classifiers requires meticulous training, making the exposure of training datasets a critical concern, especially concerning privacy. This study identifies a significant trade-off between accuracy, computational efficiency, and security of the classifiers. Integrating classical Homomorphic Encryption (HE) and Differential Privacy (DP) highlights the challenges in parameter tuning inherent to such hybrid methodologies. These challenges concern the analytical components of the HE algorithm’s privacy budget and simultaneously affect the sensitivity to noise in the subjected ML hybrid classifiers.

This paper explores these areas and proposes a hybrid model using a basic client-server architecture to combine HE and DP algorithms. It then examines the sensitivity analysis of the aforementioned trade-off features. Additionally, the paper outlines initial observations after deploying the proposed algorithm, contributing to the ongoing discourse on optimizing the balance between accuracy, computational efficiency, and security in ML classifiers.

Application of Genetic Algorithm-Grey Wolf Optimization-Support Vector Machine Algorithm in Network Security Services Assessment and Prediction

Guoying Han — 2024-09-03

The continuous development of information technology has also promoted the progress of the Internet. More people are joining the Internet. The amount of data stored in the network is also increasing, including some important information, which leads to criminals launching attacks on network security. In order to solve the large error in network security situation assessment and poor progress in network security prediction, the study uses spectrum clustering analysis to evaluate the network security situation. Then genetic algorithm, grey wolf optimization algorithm and support vector machine fusion algorithm are used to predict the Network Security Service (NSS). The genetic algorithm is used to optimize the global search ability of the gray wolf optimization algorithm and the parameters of the support vector machine are optimized to evaluate and predict the NSS. The results showed that the maximum error of the proposed model was 0.4112, and the maximum error was 0.5896. The absolute percentage error of this algorithm was 0.0270, while the other algorithms were 0.0745 and 0.0952, respectively. The proposed model has lower errors and time consumption in training and simulation testing compared with other current methods. The network situation assessment and prediction method proposed in the study can effectively improve network security services, ensure the personal information security, and enhance the security of the Internet.

Adaptive Incremental Modeling Combined with Hidden Markov Modeling in Cyber Security

Liwen Xu — 2024-09-03

This study examines the limitations of traditional CS technology, which relies heavily on labeled data and is unable to detect new types of attacks in real time. It proposes an optimization and improvement of CS technology through the use of hidden Markov models and adaptive incremental models. The research is conducted from three perspectives: the actual collection of security information, the extraction of unknown protocol features, and the development of detection models. Firstly, a unified method of collecting safety information is established, and a safety information database is obtained by combining information filtering, integration, and association analysis. Secondly, the modified hidden Markov model is used to parse the unknown protocol messages and extract the appropriate features. Finally, the extracted information features are applied to the adaptive incremental model for intrusion detection. The experimental results indicated that the average time cost of the data processing method is 25.841 ms, and the identification accuracy of the intrusion detection model for new attack types reaches 91.15%. The model designed by the research can adapt to the complex and changeable network environment and accurately detect network intrusion while ensuring operational efficiency, which provides a new research direction for the field of CS.

Intelligent Analysis and Dynamic Security of Network Traffic in Context of Big Data

Guo Yunhong — 2024-09-03

The socialization and informatization of social life and enterprises have brought about explosive growth in network traffic. Enterprises and operators need to timely understand the operation status of network traffic and discover whether there are malicious traffic such as worms and DDOS in the traffic in a short period of time. This has brought unprecedented security challenges to individuals, enterprises, and countries. This article proposes an intelligent analysis and dynamic security detection framework, and introduces its principles, implementation methods, and applications in network traffic anomaly detection. A dynamic security strategy incorporating intrusion detection systems for enhanced vigilance and protection. This article proposes a dynamic security architecture design based on micro services and deep learning. Through the method proposed in this article, 100% of known malware attacks have been successfully identified and prevented, with a significant improvement in recognition rate compared to the previous . This means that our system can more effectively protect users from potential threats. The accuracy of traffic anomaly detection has reached 99.9%, the page loading speed has increased by 30%, and user satisfaction has also increased to 90%. The research results will provide useful references for research and practice in related fields.

Construction and Application of Internet of Things Network Security Situation Prediction Model Based on BiLSTM Algorithm

Yubao Wu — 2024-09-03

IIoT is more and more extensive. However, security problem of IIoT is increasing. Traditional network security strategies can not fully evaluate the security situation of IIoT. In view of the incomplete selection of situation elements and the single dimension of evaluation system, we selected 14 secondary indicators from four dimensions: operation dimension, fragility dimension, stability dimension and threat dimension, and constructed the evaluation index system of IIoT. In the experiment, we selected 50 enterprises as samples, measured the IIoT system and collected data, and determined weight of each index. This article proposes an improved arithmetic optimization algorithm. Evaluate the performance of the model using a 10x cross validation method. The results show that our model reaches 92% accuracy, which is higher than existing models. Optimize parameters of the BiLSTM network by improving the sparrow search algorithm. The experimental results show that the optimized model also outperforms existing models in prediction accuracy. The MSE and MAE of our model are 0.023 and 0.018, respectively, which are reduced by 30% and 25% compared to existing models.

Optimization of Information Security Management Mechanism for Distribution Network Information Storage Based on RBAC and Development of Visual Operation and Maintenance Platform

Lv Zheng — 2024-09-03

Facing the challenge of information storage security brought by the rapid development of distribution network technology, this paper analyzes the essential requirements and current security problems of distribution network information storage and designs. It implements a set of security management schemes based on the RBAC model. User authentication and authorization processes are emphasized to ensure only authorized users can access critical information resources. The application in the actual distribution network environment shows that the scheme can improve the security performance of the system, reduce unauthorized access attempts by up to 40%, and improve data processing efficiency by about 30%. The scheme also reduces the complexity of system maintenance, and the number of security events that administrators need to deal with is reduced by about 50% compared to traditional security mechanisms. These data fully prove that the security management mechanism based on RBAC is efficacious in improving the distribution network’s information storage security and operational efficiency. This article proposes and studies an optimization scheme for information security management mechanisms based on RBAC in distribution network information storage technology. This scheme effectively improves the security and reliability of the distribution network information storage system through refined permission management and access control. This study provides innovative strategies, empirical data for distribution network information storage security management, and valuable references for future research on power grid information security.

Comparative Analysis of Popular Supervised Machine Learning Algorithms for Detecting Malicious Universal Resource Locators

Zambia Diko — 2024-09-03

Malicious Universal Resource Locators (URLs), also referred to as malicious websites have become a serious cause for concern for cyber security administrators of various organisations, institutions, Agencies, businesses and companies. These websites host malware, spam, drive by links and phishing. Unfortunately, Internet users worldwide visit such malicious sites and become the victims of cybercrimes like credit card credentials theft, theft of personal information, monetary savings or investments. Multitudes of researchers have embarked on attempts to design and implement response solutions to malicious URLs threat. The approaches are largely divided into two groups, the traditional approaches (Blacklising and Heuristics) and the data driven approaches (statistical methods, machine learning methods, data mining methods, and deep learning methods). In some instances, there are divergent views on which algorithm is the best to be used for building models. To our knowledge, there are still few works that have taken an initiative to comparatively analyse the performance of machine learning algorithms which have been identified by various authors as being the most suitable to use for building detection models. This study therefore focused on the Light Gradient Boost, Extreme Gradient Boost and the Random Forest algorithms. For the study’s experiments, a malicious URLs dataset was downloaded from Kaggle.com databases. The study’s results demonstrated that the hostname_length was the most important feature to focus on when building malicious URL detection models using the three above mentioned algorithms. The results also revealed two more features that had importance; the count_www and the count_dir, when using Extreme Gradient Boosting and the Random Forest. The study will in future explore hybrid models where advantages of various algorithms will be exploited to be combined in order to improve performance. Other models that will be considered include Support Vector Machine, Neural Networks and Deep learning models.

Industrial Internet of Things ARP Virus Attack Detection Method Based on Improved CNN BiLSTM

Jianhua Wang — 2024-09-03

In order to improve the performance of industrial Internet of Things ARP virus attack detection methods, this paper proposes an improved CNN BiLSTM based industrial Internet of Things ARP virus attack detection method. Firstly, analyze the data flow of normal data, construct an industrial Internet of Things ARP virus intrusion dataset, and obtain the sample distribution of the ETI dataset. Secondly, based on the domain knowledge of ETCN, a preliminary manual selection was performed on all extracted head features, and a feature correlation discrimination algorithm was designed to further screen the features. Then, the Pearson correlation coefficient is used to calculate its linear correlation, the distance correlation coefficient is used to calculate its nonlinear correlation, and a comprehensive calculation formula is designed based on the principle of “maximum correlation and minimum redundancy” to establish a comprehensive measurement coefficient. The value of the features selected in the first stage is ranked using this coefficient, and different feature subsets are constructed through sequential search. Effective features are selected based on the performance of the intrusion detection models trained on different feature subsets. Implement industrial Internet of Things (IoT) ARP feature extraction through feature extraction, data cleaning, feature transformation, and feature selection. Finally, an improved CNN BiLSTM structure is constructed by using CNN to filter out a large number of packets that are not related to the attack and have weak correlation in the data. Significant features are extracted from the data, and the feature data extracted by CNN is timestamped through timeDistribution. After flattening into one-dimensional data through the flat layer, it is used as input to the BILSTM layer. We used a bidirectional long short-term memory network (BILSTM) to train industrial IoT ARP virus attacks and output the final ARP virus attack detection results. The experimental results show that in the first 10 rounds of training, the training accuracy and validation accuracy of the model rapidly increase, indicating that the model learns a large amount of information in this stage of iteration. We achieved high F1 score (94.42%), high accuracy (94.58%), and low false alarm rate (5.33%) on the ETI dataset. The model consumed very little training time (8.0746s) and testing time (0.1664s). Verified the effectiveness of the design model.

Improved RF Fingerprint-based Identity Verification in the Presence of an SEI Mimicking Adversary

Donald R. Reising — 2024-09-03

Specific Emitter Identification (SEI) is advantageous for its ability to passively identify emitters by exploiting distinct, unique, and organic features unintentionally imparted upon every signal during formation and transmission. These features are attributed to the slight variations and imperfections in the Radio Frequency (RF) front end; thus, SEI is being proposed as a physical layer security technique. Most SEI work assumes the targeted emitter is a passive source with immutable and difficult-to-mimic signal features. However, Software-Defined Radio (SDR) proliferation and Deep Learning (DL) advancements require a reassessment of these assumptions because DL can learn SEI features directly from an emitter’s signals, and SDR enables signal manipulation. This paper investigates a strong adversary that uses SDR and DL to mimic an authorized emitter’s signal features to circumvent SEI-based identity verification. The investigation considers three SEI mimicry approaches, two different SDR platforms, the application of matched filtering before SEI feature extraction, and selecting the most informative portions of the signals’ time-frequency representation using entropy. The results show that “off-the-shelf” DL achieves effective SEI mimicry. Additionally, SDR constraints impact SEI mimicry effectiveness and suggest an adversary’s minimum requirements. Our results show matched filtering results in the identity of all authorized emitters being correctly verified at a rate of 90% or higher, the rejection of all other authorized emitters–whose IDs are not being verified–at a rate of 97% or higher, and rejection of forty-five out of forty-eight SEI mimicry attacks. Based on the results presented herein, future SEI research must consider adversaries capable of mimicking another emitter’s SEI features or manipulating their own.

Network Security Behavior Anomaly Detection Based on Improved Empirical Mode Decomposition

Xiaowu Li — 2024-09-03

The current network behavior features have high latitude and complex components, making it difficult for existing temporal analysis techniques to perform temporal analysis and anomaly detection. To this end, a multi-scale decomposition module based on improved empirical mode decomposition is proposed and combined with generalized likelihood theory to construct a time series analysis model. The dataset decomposition experiment showed that the improved empirical mode decomposition proposed in the study had certain advantages in the decomposition performance of the three datasets, but it was difficult to judge the difference between normal time series and time series data with anomalies only from the perspective of periodicity. The validation experiment of anomaly detection in the time series analysis model showed that applying data augmentation effectively improved the detection performance of the time series analysis model. Compared with other methods, the proposed time series analysis model had an increase in true class rate of 1.23%–5.13%, and a decrease in false positive class rate of 19.05%–4.00%. Feature selection effectively improved the anomaly detection ability of temporal analysis technology, and the true class rate of temporal analysis technology based on feature selection increased by 1.27%–8.96%. Ranking temporal data according to feature importance for anomaly detection effectively increased the effectiveness of anomaly detection. The True Positive Rate (TPR) value of anomaly detection for temporal data with the highest feature importance was as high as 0.93. The results indicate that improved empirical mode decomposition can effectively meet the temporal data decomposition of high latitude network behavior characteristics, and the proposed temporal analysis model has better applicability and efficiency in temporal data anomaly detection. The temporal analysis model based on improved empirical mode has a more accurate recognition rate and lower false alarm rate in dealing with temporal data anomaly detection in different network environments, and has certain practical value in the field of network security behavior anomaly detection.

Legal Challenges and Perspectives of Cybersecurity in the System of State Governance of Educational Institutions in Ukraine

Herasym Dei — 2024-09-03

The aim of this research is to provide a detailed analysis of the basics of cybersecurity, define the essence of cybersecurity and its characteristics in the system of state governance of educational institutions, determine the prospects for such provision, and take into account all possible legal challenges facing such provision. The study used a number of general and special methods of scientific knowledge, such as the method of systematic analysis and synthesis, the dialectical method, the normative method and the method of studying legal documents. In general, the author identifies the peculiarities of cybersecurity, analyses in detail the current state of cybersecurity in the system of public administration of educational institutions and provides examples of large-scale hacker attacks on universities, the conclusions from which are important for improving the protection of the educational system; outlines the main legal challenges that arise in the course of ensuring cybersecurity of educational institutions and which must be overcome in order to effectively identify and neutralise potential threats; highlights the prospects that arise in this light and which are likely to bring the desired result within the framework of Ukraine’s future European integration.

A Secure and Efficient Optimized Image Encryption Using Block Compressive Sensing and Logistic Map Method

Qutaiba Kadhim Abed — 2024-09-03

Recently, multimedia has developed and become very important for transferring images securely through public networks. This paper uses the COOT optimization algorithm with compressive sensing (CS) for image encryption. A good method was proposed for encryption using compressive sensing with COOT optimization and chaos to encrypt images and obtain optimal encryption with the least correlation between pixels. This method will strengthen the encryption against various types of attacks. The natural image was sparsed using discreet wavelet transform (DWT) and the FAN transform. The image is divided into several blocks, and CS is applied to each block. The best measurement matrix was obtained using a COOT-optimized algorithm. All blocks are masked to get the compressed image, and the pixels are quantified. Next, the COOT optimization is used to Shuffle the image pixels to achieve the minimum correlation between the pixels. Then, a logistic map will be used to uniform the image pixel values by diffusion to get the final encrypted image. Chen’s chaotic and logistic map initial values are obtained from the input image after its division into four parts by taking a value from each part. The evaluation results obtained for this algorithm showed that it performs highly compared to other conventional methods. The average PSNR for the reconstructed images was 35.244, the average NPCR and UACI were 90.53 and 29.54, respectively, and the average correlation was (D $=$ 0.0018, V $=$ 0.0031, H $=$ 0.0039). The results proved that the method is strong enough and very efficient to withstand attacks.

A Comprehensive Survey on Vehicular Communication Security

Tayssir Ismail — 2024-09-03

Significant advancements in Cooperative and Autonomous Driving via Vehicle-to-everything (V2X) communications owe much to the rapid expansion and technological progress in vehicular communications, promising benefits like enhanced traffic flow and reduced energy consumption. However, this reliance on connected vehicles opens new security vulnerabilities.

This study provides a comprehensive overview of challenges in existing vehicular communications, with a specific focus on security attacks categorised by their impact on MAC, routing, and cross-layer levels. To ensure secure vehicular communication, we analyse existing solutions for both single and cross-layer attacks, evaluating their strengths and limitations from a security standpoint. Additionally, we innovate by addressing vulnerabilities across MAC, routing, and cross-layer interactions, offering practical insights and a unique approach to mitigating their combined impact. Our findings suggest that enhancements are needed for MAC layer security in TDMA protocols, and that routing protocols must be designed with better security features to manage high overheads and real-time requirements.

Partially Observable Stochastic Game for Analysing Complex Attacks in IoT Networks

Lamia Hamza — 2024-09-03

The Internet of Things (IoT) has transformed interactions with the world around us. This technology encompasses a network of connected physical devices often vulnerable to attack. Recently, with billions of devices connected, protecting sensitive data and preventing cyber-attacks are becoming more and more paramount. In this paper, a new technique is proposed to enable the administrator to be aware of the various vulnerabilities threatening his system and to choose the most appropriate remediation method based on his cost constraints. This solution adapts to the specific needs of IoT networks. The approach, AGA-POSG, consists of transforming an IoT network security problem into a finite two-player Partially Observable Stochastic Game (POSG) and extracting the best strategies by Analysing an Attack Graph (AGA). To obtain a good solution, the game is presented in normal form, and the method of eliminating dominated strategies is used to determine the best defense strategies. Efficient security measures were implemented to eliminate or mitigate identified attack paths with costs incurred in the attack graph to the target for each of the two players.

Wireless Sensor Networks Security Enhancement Approach Based on Single Path Secure Routing Algorithm

Xiaoyan Luo — 2024-09-03

To improve the security of wireless sensor networks, the experiment proposes a network security improvement method based on multi-objective ant colony optimization and single-path secure routing protocol. First, LEAP is used to improve the single-path secure routing algorithm to enhance the security of data during transmission; then, a multi-objective ant colony optimization algorithm is introduced to find the optimal network parameter path. The detection accuracy shows that when the time reaches 62.23 ms, the method proposed in the study has a maximum detection accuracy of 99.89%; at this time, the detection accuracy of the other three schemes is significantly less than 95.00%. When the system running time is 57.41 ms, the detection accuracy of wormhole attacks by this method begins to reach a stable state, and the detection accuracy has been infinitely close to 100% in the future. This method is applied to the Internet of Vehicles and the Enterprise Office Network respectively. When the number of intrusion nodes is 1,780 and 2,000 respectively, external intrusion can damage the key space and steal secrets. The above results show that the proposed method can not only improve network security and ensure energy efficiency, but also optimize network performance.

Enhanced Hyperchaotic Image Encryption with CAW Transform and Sea-Lion Optimizer

Qutaiba Kadhim Abed — 2024-09-03

One of the most effective methods for ensuring data security in the communication and information fields is encryption. There is an important role for multi-chaotic systems in the field of data encryption, due to its wide advantages and its sensitivity to the values of the coefficients and ergodicity. However, some multi-chaotic systems possess low complexity and randomness, which results in unacceptable security behaviour of the current data encryption systems. In this study, we introduce a novel hyperchaotic encryption scheme that enhances image security using a three-phase approach. First, SHA512 is combined with URUK chaos to generate plain-related random sequences. Next, a hybrid CAW transform (Cosine, Arnold, and Wavelet) improves randomness. Finally, the Sea Lion optimization algorithm shuffles pixels to achieve robust encryption. Our experimental results demonstrate that the proposed scheme effectively resists statistical attacks, with superior performance in NPCR, UACI, correlation coefficient, and information entropy tests

Design of a Lightweight Network Intrusion Detection System Based on Artificial Intelligence Technology

Li He — 2024-09-03

Network security issues have become crucial with the boost of Internet of Things technology. To detect lightweight network intrusion, this research improves the population initialization mode of given the genetic algorithm given the Pearson correlation coefficient and constructs a feature selection model. In view of the one-dimensional convolutional neural network model, it introduces the gated cyclic unit neural network model. It uses pruning operations to realize the lightweight of the model and build an intrusion detection model. The results showed that the accuracy, detection rate, and time average of the improved genetic algorithm were 79.55%, 90.32%, and 189.4 s, which were 14.87%, 30.35%, and 33.05% higher than the traditional genetic algorithm model, respectively. The intrusion detection model has achieved an accuracy of 95.0%, and the loss function value is 0.15. Compared with other deep learning models, it is more robust and performs better in intrusion detection. The average accuracy of the model testing after lightweight is 88.6%, the average detection rate is 98.12%, and the average testing time is 82 s, which improves the model’s performance compared to before lightweight. This study could markedly enhance the accuracy and detection rate of lightweight network intrusion detection, with higher detection efficiency and better performance, and possesses an essential influence in improving network security.