applsci-logo

Journal Browser

Journal Browser

Advances in Cybersecurity: Challenges and Solutions

A special issue of Applied Sciences (ISSN 2076-3417). This special issue belongs to the section "Computing and Artificial Intelligence".

Deadline for manuscript submissions: closed (31 January 2024) | Viewed by 41203

Printed Edition Available!
A printed edition of this Special Issue is available here.

Special Issue Editors

Special Issue Information

Dear Colleagues,

This Special Issue is dedicated to developments in cyber security from an interdisciplinary and multidisciplinary perspective and focuses on challenges in relation to (i) companies; (ii) governments; and (iii) society. The Issue will establish how technology and human-technology interaction enhances cyber security from a holistic perspective so that society is better protected from sustained cyber attacks. We welcome all kinds of contributions, including empirical papers, practitioner-oriented papers, theoretical papers and conceptual papers, with an emphasis on linking theory with practice.

The areas to be addressed include:

Trustworthiness, software, cloud computing, artificial intelligence vulnerabilities and solutions, the use of the advanced biometrics, issues in blockchain technology, improving cyber security systems and networks, cyber security models, management policy and new business models, ethical hacking, the protection of critical national infrastructure and the protection of critical information infrastructure, smart cities, the consumer and privacy, counteracting fake news and disinformation, social media networks, online advertising, the Internet of Things, educational policy, the psychology of cyber crime, ransomware, and government policy.

A range of related bodies of knowledge can be drawn on, including business continuity management, crisis and emergency management, organizational resilience, and risk management. In addition, the Special Issue will be open to a range of authors, including scientists and social scientists.

Dr. Peter R.J. Trim
Dr. Yang-Im Lee
Guest Editors

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Applied Sciences is an international peer-reviewed open access semimonthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 2400 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • artificial intelligence
  • critical infrastructure
  • education
  • security frameworks
  • social media networks
  • strategic threat detection

Benefits of Publishing in a Special Issue

  • Ease of navigation: Grouping papers by topic helps scholars navigate broad scope journals more efficiently.
  • Greater discoverability: Special Issues support the reach and impact of scientific research. Articles in Special Issues are more discoverable and cited more frequently.
  • Expansion of research network: Special Issues facilitate connections among authors, fostering scientific collaborations.
  • External promotion: Articles in Special Issues are often promoted through the journal's social media, increasing their visibility.
  • e-Book format: Special Issues with more than 10 articles can be published as dedicated e-books, ensuring wide and rapid dissemination.

Further information on MDPI's Special Issue polices can be found here.

Published Papers (17 papers)

Order results
Result details
Select all
Export citation of selected articles as:

Editorial

Jump to: Research, Review

5 pages, 170 KiB  
Editorial
Advances in Cybersecurity: Challenges and Solutions
by Peter R. J. Trim and Yang-Im Lee
Appl. Sci. 2024, 14(10), 4300; https://doi.org/10.3390/app14104300 - 19 May 2024
Viewed by 2287
Abstract
Cyberattacks have increased in intensity and sophistication in recent years, resulting in defensive actions to safeguard company assets and vulnerable people [...] Full article
(This article belongs to the Special Issue Advances in Cybersecurity: Challenges and Solutions)

Research

Jump to: Editorial, Review

17 pages, 675 KiB  
Article
Can Windows 11 Stop Well-Known Ransomware Variants? An Examination of Its Built-in Security Features
by Yousef Mahmoud Al-Awadi, Ali Baydoun and Hafeez Ur Rehman
Appl. Sci. 2024, 14(8), 3520; https://doi.org/10.3390/app14083520 - 22 Apr 2024
Viewed by 1790
Abstract
The ever-evolving landscape of cyber threats, with ransomware at its forefront, poses significant challenges to the digital world. Windows 11 Pro, Microsoft’s latest operating system, claims to offer enhanced security features designed to tackle such threats. This paper aims to comprehensively evaluate the [...] Read more.
The ever-evolving landscape of cyber threats, with ransomware at its forefront, poses significant challenges to the digital world. Windows 11 Pro, Microsoft’s latest operating system, claims to offer enhanced security features designed to tackle such threats. This paper aims to comprehensively evaluate the effectiveness of these Windows 11 Pro, built-in security measures against prevalent ransomware strains, with a particular emphasis on crypto-ransomware. Utilizing a meticulously crafted experimental environment, the research adopted a two-phased testing approach, examining both the default and a hardened configuration of Windows 11 Pro. This dual examination offered insights into the system’s inherent and potential defenses against ransomware threats. The study’s findings revealed that Windows 11 Pro does present formidable defenses. This paper not only contributes valuable insights into cybersecurity, but also furnishes practical recommendations for both technology developers and end-users in the ongoing battle against ransomware. The significance of these findings extends beyond the immediate evaluation of Windows 11 Pro, serving as a reference point for the broader discourse on enhancing digital security measures. Full article
(This article belongs to the Special Issue Advances in Cybersecurity: Challenges and Solutions)
Show Figures

Figure 1

12 pages, 515 KiB  
Article
Time Aware F-Score for Cybersecurity Early Detection Evaluation
by Manuel López-Vizcaíno, Francisco J. Nóvoa, Diego Fernández and Fidel Cacheda
Appl. Sci. 2024, 14(2), 574; https://doi.org/10.3390/app14020574 - 9 Jan 2024
Cited by 1 | Viewed by 1140
Abstract
With the increase in the use of Internet interconnected systems, security has become of utmost importance. One key element to guarantee an adequate level of security is being able to detect the threat as soon as possible, decreasing the risk of consequences derived [...] Read more.
With the increase in the use of Internet interconnected systems, security has become of utmost importance. One key element to guarantee an adequate level of security is being able to detect the threat as soon as possible, decreasing the risk of consequences derived from those actions. In this paper, a new metric for early detection system evaluation that takes into account the delay in detection is defined. Time aware F-score (TaF) takes into account the number of items or individual elements processed to determine if an element is an anomaly or if it is not relevant to be detected. These results are validated by means of a dual approach to cybersecurity, Operative System (OS) scan attack as part of systems and network security and the detection of depression in social media networks as part of the protection of users. Also, different approaches, oriented towards studying the impact of single item selection, are applied to final decisions. This study allows to establish that nitems selection method is usually the best option for early detection systems. TaF metric provides, as well, an adequate alternative for time sensitive detection evaluation. Full article
(This article belongs to the Special Issue Advances in Cybersecurity: Challenges and Solutions)
Show Figures

Figure 1

20 pages, 713 KiB  
Article
Not All Seeds Are Important: Fuzzing Guided by Untouched Edges
by Chen Xie, Peng Jia, Pin Yang, Chi Hu, Hongbo Kuang, Genzuo Ye and Xuanquan Hong
Appl. Sci. 2023, 13(24), 13172; https://doi.org/10.3390/app132413172 - 12 Dec 2023
Viewed by 1782
Abstract
Coverage-guided greybox fuzzing (CGF) has become the mainstream technology used in the field of vulnerability mining, which has been proven to be effective. Seed scheduling, the process of selecting seeds from the seeds pool for subsequent fuzzing iterations, is a critical component of [...] Read more.
Coverage-guided greybox fuzzing (CGF) has become the mainstream technology used in the field of vulnerability mining, which has been proven to be effective. Seed scheduling, the process of selecting seeds from the seeds pool for subsequent fuzzing iterations, is a critical component of CGF. While many seed scheduling strategies have been proposed in academia, they all focus on the explored regions within programs. In response to the inefficiencies of traditional seed scheduling strategies, which often allocate resources to ineffective seeds, we introduce a novel seed scheduling strategy guided by untouched edges. The strategy generates the optional seed set according to the information on the untouched edges. We also present a new instrumentation method to capture unexplored areas and guide the fuzzing process toward them. We implemented the prototype UntouchFuzz on top of American Fuzzy Lop (AFL) and conducted evaluation experiments against the most advanced seed scheduling strategies. Our results demonstrate that UntouchFuzz has improved in code coverage and unique vulnerabilities. Furthermore, the method proposed is transplanted into the fuzzer MOpt, which further proves the scalability of the method. In particular, 13 vulnerabilities were found in the open-source projects, with 7 of them having assigned CVEs. Full article
(This article belongs to the Special Issue Advances in Cybersecurity: Challenges and Solutions)
Show Figures

Figure 1

15 pages, 953 KiB  
Article
Secure Control of Linear Controllers Using Fully Homomorphic Encryption
by Jingshan Pan, Tongtong Sui, Wen Liu, Jizhi Wang, Lingrui Kong, Yue Zhao and Zhiqiang Wei
Appl. Sci. 2023, 13(24), 13071; https://doi.org/10.3390/app132413071 - 7 Dec 2023
Viewed by 1064
Abstract
In actual operation, there are security risks to the data of the network control system, mainly in the form of possible eavesdropping of signals in the transmission channel and parameters in the controller leading to data leakage. In this paper, we propose a [...] Read more.
In actual operation, there are security risks to the data of the network control system, mainly in the form of possible eavesdropping of signals in the transmission channel and parameters in the controller leading to data leakage. In this paper, we propose a scheme for encrypting linear controllers using fully homomorphic encryption, which effectively removes these security risks and substantially improves the security of networked control systems. Meanwhile, this paper uses precomputation to handle data encryption, which eliminates the encryption time and solves the drawback of fully homomorphic encryption that it is difficult to apply due to the efficiency problem. Compared to previous schemes with precomputation, for the first time, we propose two methods to mitigate the problem of the slight security degradation caused by precomputation, which makes our scheme more secure. Finally, we provide numerical simulation results to support our scheme, and the data show that the encrypted controller achieves normal control and improves safety and efficiency. Full article
(This article belongs to the Special Issue Advances in Cybersecurity: Challenges and Solutions)
Show Figures

Figure 1

21 pages, 7115 KiB  
Article
Intelligent Anomaly Detection System through Malware Image Augmentation in IIoT Environment Based on Digital Twin
by Hyun-Jong Cha, Ho-Kyung Yang, You-Jin Song and Ah Reum Kang
Appl. Sci. 2023, 13(18), 10196; https://doi.org/10.3390/app131810196 - 11 Sep 2023
Cited by 3 | Viewed by 1465
Abstract
Due to the recent rapid development of the ICT (Information and Communications Technology) field, the industrial sector is also experiencing rapid informatization. As a result, malware targeting information leakage and financial gain are increasingly found within IIoT (the Industrial Internet of Things). Moreover, [...] Read more.
Due to the recent rapid development of the ICT (Information and Communications Technology) field, the industrial sector is also experiencing rapid informatization. As a result, malware targeting information leakage and financial gain are increasingly found within IIoT (the Industrial Internet of Things). Moreover, the number of malware variants is rapidly increasing. Therefore, there is a pressing need for a safe and preemptive malware detection method capable of responding to these rapid changes. The existing malware detection method relies on specific byte sequence inclusion in a binary file. However, this method faces challenges in impacting the system or detecting variant malware. In this paper, we propose a data augmentation method based on an adversarial generative neural network to maintain a secure system and acquire necessary learning data. Specifically, we introduce a digital twin environment to safeguard systems and data. The proposed system creates fixed-size images from malware binaries in the virtual environment of the digital twin. Additionally, it generates new malware through an adversarial generative neural network. The image information produced in this manner is then employed for malware detection through deep learning. As a result, the detection performance, in preparation for the emergence of new malware, demonstrated high accuracy, exceeding 97%. Full article
(This article belongs to the Special Issue Advances in Cybersecurity: Challenges and Solutions)
Show Figures

Figure 1

24 pages, 2510 KiB  
Article
A Cross-Modal Dynamic Attention Neural Architecture to Detect Anomalies in Data Streams from Smart Communication Environments
by Konstantinos Demertzis, Konstantinos Rantos, Lykourgos Magafas and Lazaros Iliadis
Appl. Sci. 2023, 13(17), 9648; https://doi.org/10.3390/app13179648 - 25 Aug 2023
Viewed by 948
Abstract
Detecting anomalies in data streams from smart communication environments is a challenging problem that can benefit from novel learning techniques. The Attention Mechanism is a very promising architecture for addressing this problem. It allows the model to focus on specific parts of the [...] Read more.
Detecting anomalies in data streams from smart communication environments is a challenging problem that can benefit from novel learning techniques. The Attention Mechanism is a very promising architecture for addressing this problem. It allows the model to focus on specific parts of the input data when processing it, improving its ability to understand the meaning of specific parts in context and make more accurate predictions. This paper presents a Cross-Modal Dynamic Attention Neural Architecture (CM-DANA) by expanding on state-of-the-art techniques. It is a novel dynamic attention mechanism that can be trained end-to-end along with the rest of the model using multimodal data streams. The attention mechanism calculates attention weights for each position in the input data based on the model’s current state by a hybrid method called Cross-Modal Attention. Specifically, the proposed model uses multimodal learning tasks where the input data comes from different cyber modalities. It combines the relevant input data using these weights to produce an attention vector in order to detect suspicious abnormal behavior. We demonstrate the effectiveness of our approach on a cyber security anomalies detection task using multiple data streams from smart communication environments. Full article
(This article belongs to the Special Issue Advances in Cybersecurity: Challenges and Solutions)
Show Figures

Figure 1

15 pages, 6201 KiB  
Article
Location-Aware Measurement for Cyber Mimic Defense: You Cannot Improve What You Cannot Measure
by Zhe Huang, Yali Yuan, Jiale Fu, Jiajun He, Hongyu Zhu and Guang Cheng
Appl. Sci. 2023, 13(16), 9213; https://doi.org/10.3390/app13169213 - 13 Aug 2023
Viewed by 1494
Abstract
Cyber mimic defense is designed to ensure endogenous security, effectively countering unknown vulnerabilities and backdoors, thereby addressing a significant challenge in cyberspace. However, the immense scale of real-world networks and their intricate topology pose challenges for measuring the efficacy of cyber mimic defense. [...] Read more.
Cyber mimic defense is designed to ensure endogenous security, effectively countering unknown vulnerabilities and backdoors, thereby addressing a significant challenge in cyberspace. However, the immense scale of real-world networks and their intricate topology pose challenges for measuring the efficacy of cyber mimic defense. To capture and quantify defense performance within specific segments of these expansive networks, we embrace a partitioning approach that subdivides large networks into smaller regions. Metrics are then established within an objective space constructed on these smaller regions. This approach enables the establishment of several fine-grained metrics that offer a more nuanced measurement of cyber mimic defense deployed in complex networks. For example, the common-mode index is introduced to highlight shared vulnerabilities among diverse nodes, the transfer probability computes the likelihood of risk propagation among nodes, and the failure risk assesses the likelihood of cyber mimic defense technology failure within individual nodes or entire communities. Furthermore, we provide proof of the convergence of the transfer probability. A multitude of simulations are conducted to validate the reliability and applicability of the proposed metrics. Full article
(This article belongs to the Special Issue Advances in Cybersecurity: Challenges and Solutions)
Show Figures

Figure 1

21 pages, 7485 KiB  
Article
Machine Learning Algorithms for Raw and Unbalanced Intrusion Detection Data in a Multi-Class Classification Problem
by Mantas Bacevicius and Agne Paulauskaite-Taraseviciene
Appl. Sci. 2023, 13(12), 7328; https://doi.org/10.3390/app13127328 - 20 Jun 2023
Cited by 11 | Viewed by 2847
Abstract
Various machine learning algorithms have been applied to network intrusion classification problems, including both binary and multi-class classifications. Despite the existence of numerous studies involving unbalanced network intrusion datasets, such as CIC-IDS2017, a prevalent approach is to address the issue by either merging [...] Read more.
Various machine learning algorithms have been applied to network intrusion classification problems, including both binary and multi-class classifications. Despite the existence of numerous studies involving unbalanced network intrusion datasets, such as CIC-IDS2017, a prevalent approach is to address the issue by either merging the classes to optimize their numbers or retaining only the most dominant ones. However, there is no consistent trend showing that accuracy always decreases as the number of classes increases. Furthermore, it is essential for cybersecurity practitioners to recognize the specific type of attack and comprehend the causal factors that contribute to the resulting outcomes. This study focuses on tackling the challenges associated with evaluating the performance of multi-class classification for network intrusions using highly imbalanced raw data that encompasses the CIC-IDS2017 and CSE-CIC-IDS2018 datasets. The research concentrates on investigating diverse machine learning (ML) models, including Logistic Regression, Random Forest, Decision Trees, CNNs, and Artificial Neural Networks. Additionally, it explores the utilization of explainable AI (XAI) methods to interpret the obtained results. The results obtained indicated that decision trees using the CART algorithm performed best on the 28-class classification task, with an average macro F1-score of 0.96878. Full article
(This article belongs to the Special Issue Advances in Cybersecurity: Challenges and Solutions)
Show Figures

Figure 1

14 pages, 795 KiB  
Article
Phishing Node Detection in Ethereum Transaction Network Using Graph Convolutional Networks
by Zhen Zhang, Tao He, Kai Chen, Boshen Zhang, Qiuhua Wang and Lifeng Yuan
Appl. Sci. 2023, 13(11), 6430; https://doi.org/10.3390/app13116430 - 24 May 2023
Cited by 3 | Viewed by 2179
Abstract
As the use of digital currencies, such as cryptocurrencies, increases in popularity, phishing scams and other cybercriminal activities on blockchain platforms (e.g., Ethereum) have also risen. Current methods of detecting phishing in Ethereum focus mainly on the transaction features and local network structure. [...] Read more.
As the use of digital currencies, such as cryptocurrencies, increases in popularity, phishing scams and other cybercriminal activities on blockchain platforms (e.g., Ethereum) have also risen. Current methods of detecting phishing in Ethereum focus mainly on the transaction features and local network structure. However, these methods fail to account for the complexity of interactions between edges and the handling of large graphs. Additionally, these methods face significant issues due to the limited number of positive labels available. Given this, we propose a scheme that we refer to as the Bagging Multiedge Graph Convolutional Network to detect phishing scams on Ethereum. First, we extract the features from transactions and transform the complex Ethereum transaction network into three simple inter-node graphs. Then, we use graph convolution to generate node embeddings that leverage the global structural information of the inter-node graphs. Further, we apply the bagging strategy to overcome the issues of data imbalance and the Positive Unlabeled (PU) problem in transaction data. Finally, to evaluate our approach’s effectiveness, we conduct experiments using actual transaction data. The results demonstrate that our Bagging Multiedge Graph Convolutional Network (0.877 AUC) outperforms all of the baseline classification methods in detecting phishing scams on Ethereum. Full article
(This article belongs to the Special Issue Advances in Cybersecurity: Challenges and Solutions)
Show Figures

Figure 1

31 pages, 1886 KiB  
Article
Risk-Based Cybersecurity Compliance Assessment System (RC2AS)
by Afnan Alfaadhel, Iman Almomani and Mohanned Ahmed
Appl. Sci. 2023, 13(10), 6145; https://doi.org/10.3390/app13106145 - 17 May 2023
Cited by 5 | Viewed by 3606
Abstract
Cybersecurity attacks are still causing significant threats to individuals and organizations, affecting almost all aspects of life. Therefore, many countries worldwide try to overcome this by introducing and applying cybersecurity regularity frameworks to maintain organizations’ information and digital resources. Saudi Arabia has taken [...] Read more.
Cybersecurity attacks are still causing significant threats to individuals and organizations, affecting almost all aspects of life. Therefore, many countries worldwide try to overcome this by introducing and applying cybersecurity regularity frameworks to maintain organizations’ information and digital resources. Saudi Arabia has taken practical steps in this direction by developing the essential cybersecurity control (ECC) as a national cybersecurity regulation reference. Generally, the compliance assessment processes of different international cybersecurity standards and controls (ISO2700x, PCI, and NIST) are generic for all organizations with different scopes, business functionality, and criticality level, where the overall compliance score is absent with no consideration of the security control risk. Therefore, to address all of these shortcomings, this research takes the ECC as a baseline to build a comprehensive and customized risk-based cybersecurity compliance assessment system (RC2AS). ECC has been chosen because it is well-defined and inspired by many international standards. Another motive for this choice is the limited related works that have deeply studied ECC. RC2AS is developed to be compatible with the current ECC tool. It offers an offline self-assessment tool that helps the organization expedite the assessment process, identify current weaknesses, and provide better planning to enhance its level based on its priorities. Additionally, RC2AS proposes four methods to calculate the overall compliance score with ECC. Several scenarios are conducted to assess these methods and compare their performance. The goal is to reflect the accurate compliance score of an organization while considering its domain, needs, resources, and risk level of its security controls. Finally, the outputs of the assessment process are displayed through rich dashboards that comprehensively present the organization’s cybersecurity maturity and suggest an improvement plan for its level of compliance. Full article
(This article belongs to the Special Issue Advances in Cybersecurity: Challenges and Solutions)
Show Figures

Figure 1

20 pages, 2326 KiB  
Article
A Multi-Model Proposal for Classification and Detection of DDoS Attacks on SCADA Systems
by Esra Söğüt and O. Ayhan Erdem
Appl. Sci. 2023, 13(10), 5993; https://doi.org/10.3390/app13105993 - 13 May 2023
Cited by 8 | Viewed by 2422
Abstract
Industrial automation and control systems have gained increasing attention in the literature recently. Their integration with various systems has triggered considerable developments in critical infrastructure systems. With different network structures, these systems need to communicate with each other, work in an integrated manner, [...] Read more.
Industrial automation and control systems have gained increasing attention in the literature recently. Their integration with various systems has triggered considerable developments in critical infrastructure systems. With different network structures, these systems need to communicate with each other, work in an integrated manner, be controlled, and intervene effectively when necessary. Supervision Control and Data Acquisition (SCADA) systems are mostly utilized to achieve these aims. SCADA systems, which control and monitor the connected systems, have been the target of cyber attackers. These systems are subject to cyberattacks due to the openness to external networks, remote controllability, and SCADA-architecture-specific cyber vulnerabilities. Protecting SCADA systems on critical infrastructure systems against cyberattacks is an important issue that concerns governments in many aspects such as economics, politics, transport, communication, health, security, and reliability. In this study, we physically demonstrated a scaled-down version of a real water plant via a Testbed environment created including a SCADA system. In order to disrupt the functioning of the SCADA system in this environment, five attack scenarios were designed by performing various DDoS attacks, i.e., TCP, UDP, SYN, spoofing IP, and ICMP Flooding. Additionally, we evaluated a scenario with the baseline behavior of the SCADA system that contains no attack. During the implementation of the scenarios, the SCADA system network was monitored, and network data flow was collected and recorded. CNN models, LSTM models, hybrid deep learning models that amalgamate CNN and LSTM, and traditional machine learning models were applied to the obtained data. The test results of various DDoS attacks demonstrated that the hybrid model and the decision tree model are the most suitable for such environments, reaching the highest test accuracy of 95% and 99%, respectively. Moreover, we tested the hybrid model on a dataset that is used commonly in the literature which resulted in 98% accuracy. Thus, it is suggested that the security of the SCADA system can be effectively improved, and we demonstrated that the proposed models have a potential to work in harmony on real field systems. Full article
(This article belongs to the Special Issue Advances in Cybersecurity: Challenges and Solutions)
Show Figures

Figure 1

13 pages, 1466 KiB  
Article
PDF Malware Detection Based on Fuzzy Unordered Rule Induction Algorithm (FURIA)
by Sobhi Mejjaouli and Sghaier Guizani
Appl. Sci. 2023, 13(6), 3980; https://doi.org/10.3390/app13063980 - 21 Mar 2023
Cited by 5 | Viewed by 1938
Abstract
The number of cyber-attacks is increasing daily, and attackers are coming up with new ways to harm their target by disseminating viruses and other malware. With new inventions and technologies appearing daily, there is a chance that a system might be attacked and [...] Read more.
The number of cyber-attacks is increasing daily, and attackers are coming up with new ways to harm their target by disseminating viruses and other malware. With new inventions and technologies appearing daily, there is a chance that a system might be attacked and its weaknesses taken advantage of. Malware is distributed through Portable Document Format (PDF) files, among other methods. These files’ adaptability makes them a prime target for attackers who can quickly insert malware into PDF files. This study proposes a model based on the Fuzzy Unordered Rule Induction Algorithm (FURIA) to detect PDF malware. The proposed model outperforms currently used methods in terms of reducing error rates and increasing accuracy. Other models, such as Naïve Bayes (NB), Decision Tree (J48), Hoeffding Tree (HT), and Quadratic Discriminant Analysis (QDA), were compared to the proposed model. The accuracy achieved by the proposed model is 99.81%, with an error rate of 0.0022. Full article
(This article belongs to the Special Issue Advances in Cybersecurity: Challenges and Solutions)
Show Figures

Figure 1

23 pages, 5153 KiB  
Article
Squill: Testing DBMS with Correctness Feedback and Accurate Instantiation
by Shihao Wen, Peng Jia, Pin Yang and Chi Hu
Appl. Sci. 2023, 13(4), 2519; https://doi.org/10.3390/app13042519 - 15 Feb 2023
Cited by 2 | Viewed by 2478
Abstract
Database Management Systems (DBMSs) are the core of management information systems. Thus, detecting security bugs or vulnerabilities of DBMSs is an essential task. In recent years, grey-box fuzzing has been adopted to detect DBMS bugs for its high effectiveness. However, the seed scheduling [...] Read more.
Database Management Systems (DBMSs) are the core of management information systems. Thus, detecting security bugs or vulnerabilities of DBMSs is an essential task. In recent years, grey-box fuzzing has been adopted to detect DBMS bugs for its high effectiveness. However, the seed scheduling strategy of existing fuzzing techniques does not consider the seeds’ correctness, which is inefficient in finding vulnerabilities in DBMSs. Moreover, current tools cannot correctly generate SQL statements with nested structures, which limits their effectiveness. This paper proposes a fuzzing solution named Squill to address these challenges. First, we propose correctness-guided mutation to utilize the correctness of seeds as feedback to guide fuzzing. Second, Squill embeds semantics-aware instantiation to correctly fill semantics to SQL statements with nested structures by collecting the context information of AST nodes. We implemented Squill based on Squirrel and evaluated it on three popular DBMSs: MySQL, MariaDB, and OceanBase. In our experiment, Squill explored 29% more paths and found 3.4× more bugs than the existing tool. In total, Squill detected 30 bugs in MySQL, 27 in MariaDB, and 6 in OceanBase. Overall, 19 of the bugs are fixed with 9 CVEs assigned. The results show that Squill outperforms the previous fuzzer in terms of both code coverage and bug discovery. Full article
(This article belongs to the Special Issue Advances in Cybersecurity: Challenges and Solutions)
Show Figures

Figure 1

18 pages, 5484 KiB  
Article
Design and Implementation of Multi-Cyber Range for Cyber Training and Testing
by Moosung Park, Hyunjin Lee, Yonghyun Kim, Kookjin Kim and Dongkyoo Shin
Appl. Sci. 2022, 12(24), 12546; https://doi.org/10.3390/app122412546 - 7 Dec 2022
Cited by 7 | Viewed by 2927
Abstract
It is essential to build a practical environment of the training/test site for cyber training and weapon system test evaluation. In a military environment, cyber training sites should be continuously developed according to the characteristics of the military. Weapons with cyber security capabilities [...] Read more.
It is essential to build a practical environment of the training/test site for cyber training and weapon system test evaluation. In a military environment, cyber training sites should be continuously developed according to the characteristics of the military. Weapons with cyber security capabilities should be deployed through cyber security certification. Recently, each military has been building its own cyber range that simulates its battlefield environment. However, since the actual battlefield is an integrated operation environment, the cyber range built does not reflect the integrated battlefield environment that is interconnected. This paper proposes a configuration plan and operation function to construct a multi-cyber range reflecting the characteristics of each military to overcome this situation. In order to test the multi-cyber range, which has scenario authoring and operation functions, and can faithfully reflect reality, the impact of DDoS attacks is tested. It is a key to real-world mission-based test evaluation to ensure interoperability between military systems. As a result of the experiment, it was concluded that if a DDoS attack occurs due to the infiltration of malicious code into the military network, it may have a serious impact on securing message interoperability between systems in the military network. Cyber range construction technology is being developed not only in the military, but also in school education and businesses. The proposed technology can also be applied to the construction of cyber ranges in industries where cyber-physical systems are emphasized. In addition, it is a field that is continuously developing with the development of technology, such as being applied as an experimental site for learning machine learning systems. Full article
(This article belongs to the Special Issue Advances in Cybersecurity: Challenges and Solutions)
Show Figures

Figure 1

19 pages, 4996 KiB  
Article
Deep Learning Model with Sequential Features for Malware Classification
by Xuan Wu, Yafei Song, Xiaoyi Hou, Zexuan Ma and Chen Chen
Appl. Sci. 2022, 12(19), 9994; https://doi.org/10.3390/app12199994 - 5 Oct 2022
Cited by 4 | Viewed by 2092
Abstract
Currently, malware shows an explosive growth trend. Demand for classifying malware is also increasing. The problem is the low accuracy of both malware detection and classification. From the static features of malicious families, a new deep learning method of TCN-BiGRU was proposed in [...] Read more.
Currently, malware shows an explosive growth trend. Demand for classifying malware is also increasing. The problem is the low accuracy of both malware detection and classification. From the static features of malicious families, a new deep learning method of TCN-BiGRU was proposed in this study, which combined temporal convolutional network (TCN) and bidirectional gated recurrent unit (BiGRU). First, we extracted the features of malware assembly code sequences and byte code sequences. Second, we shortened the opcode sequences by TCN to explore the features in the data and then used the BiGRU network to capture the opcode sequences in both directions to achieve deep extraction of the features of the opcode sequences. Finally, the fully connected and softmax layers were used to output predictions of the deep features. Multiple comparisons and ablation experiments demonstrated that the accuracy of malware detection and classification were effectively improved by our method. Our overall performance was 99.72% for samples comprising nine different classes, and our overall performance was 96.54% for samples comprising two different classes. Full article
(This article belongs to the Special Issue Advances in Cybersecurity: Challenges and Solutions)
Show Figures

Figure 1

Review

Jump to: Editorial, Research

37 pages, 1945 KiB  
Review
Systematic Literature Review on Security Access Control Policies and Techniques Based on Privacy Requirements in a BYOD Environment: State of the Art and Future Directions
by Aljuaid Turkea Ayedh M, Ainuddin Wahid Abdul Wahab and Mohd Yamani Idna Idris
Appl. Sci. 2023, 13(14), 8048; https://doi.org/10.3390/app13148048 - 10 Jul 2023
Cited by 3 | Viewed by 6792
Abstract
The number of devices connected within organisational networks through ”Bring Your Own Device” (BYOD) initiatives has steadily increased. BYOD security risks have resulted in significant privacy and security issues impacting organisational security. Many researchers have reviewed security and privacy issues in BYOD policies. [...] Read more.
The number of devices connected within organisational networks through ”Bring Your Own Device” (BYOD) initiatives has steadily increased. BYOD security risks have resulted in significant privacy and security issues impacting organisational security. Many researchers have reviewed security and privacy issues in BYOD policies. However, not all of them have fully investigated security and privacy requirements. In addition to describing a system’s capabilities and functions, these requirements also reflect the system’s ability to eliminate various threats. This paper aims to conduct a comprehensive review of privacy and security criteria in BYOD security policies, as well as the various technical policy methods used to mitigate these threats, to identify future research opportunities. This study reviews existing research and highlights the following points: (1) classification of privacy and security requirements in the context of BYOD policies; (2) comprehensive analyses of proposed state-of-the-art security policy technologies based on three layers of security BYOD policies, followed by analyses of these technologies in terms of the privacy requirements they satisfy; (3) technological trends; (4) measures employed to assess the efficacy of techniques to enhance privacy and security; and (5) future research in the area of BYOD security and privacy. Full article
(This article belongs to the Special Issue Advances in Cybersecurity: Challenges and Solutions)
Show Figures

Figure 1

Back to TopTop