Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
5.3
2.6
Journals
Electronics
Special Issues
Network Security and Cryptography Applications
share announcement

Network Security and Cryptography Applications

A special issue of Electronics (ISSN 2079-9292). This special issue belongs to the section "Networks".

Deadline for manuscript submissions: 15 July 2025 | Viewed by 17240

Special Issue Editors

Prof. Dr. Li Pan

E-Mail Website
Guest Editor
School of Electronic Information and Electrical Engineering, Shanghai Jiao Tong University, Shanghai 200240, China
Interests: network cyberspace security; big data; network communications
Prof. Dr. Ning Liu

E-Mail Website
Guest Editor
School of Computer Science and Engineering, Sun Yat-Sen University, Guangzhou 510006, China
Interests: network cyberspace security; mobile data analysis; multimodal learning
Dr. Conghui Zheng

E-Mail Website
Guest Editor
School of Electronic Information and Electrical Engineering, Shanghai Jiao Tong University, Shanghai 200240, China
Interests: network cyberspace security; artificial intelligence; social network

Special Issue Information

Dear Colleagues,

The explosive growth in computer systems and their interconnections via networks has increased the dependence of both organizations and individuals on the information stored and communicated using these systems. The proliferation of digital data and the advent of the Internet of Things (IoT) have significantly increased the demand for protecting data and resources from disclosure to guarantee the authenticity of data and messages, and to protect systems from network-based attacks. Data science, as a highly interdisciplinary field, is playing an increasingly critical and central role in the development of cyberspace and various applications, such as Beyond 5G and Meta Universe. Data science in cyberspace and cryptography applications is an integral part of competitive intelligence, a newly emerging field that encompasses a number of activities, such as data mining and data analysis.

The rise of data science and its application in cyberspace have paved the way for significant advancements in the network security field. This Special Issue aims to bring together researchers from academia and industry and present the latest research results in this area. We encourage prospective authors to submit related distinguished research papers on the subject of both theoretical approaches and practical case reviews.

Topics of interest include, but are not limited to, the following:

  • Content-based network security;
  • Industrial internet of things;
  • AI-generated content security;
  • Data security;
  • Cryptography and its applications;
  • Artificial intelligence security
  • Blockchain-based data sharing across domains;
  • Trusted data exchange;
  • Cyberspace security;
  • Knowledge representation and discovery;
  • Intelligent systems;
  • Data security and privacy;
  • Deep learning algorithms and applications;
  • Network attack and defense;
  • Situation awareness;
  • Machine learning

Prof. Dr. Li Pan
Prof. Dr. Ning Liu
Dr. Conghui Zheng
Guest Editors

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Electronics is an international peer-reviewed open access semimonthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 2400 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • network security
  • data science
  • artificial intelligence
  • cyberspace

Benefits of Publishing in a Special Issue

  • Ease of navigation: Grouping papers by topic helps scholars navigate broad scope journals more efficiently.
  • Greater discoverability: Special Issues support the reach and impact of scientific research. Articles in Special Issues are more discoverable and cited more frequently.
  • Expansion of research network: Special Issues facilitate connections among authors, fostering scientific collaborations.
  • External promotion: Articles in Special Issues are often promoted through the journal's social media, increasing their visibility.
  • e-Book format: Special Issues with more than 10 articles can be published as dedicated e-books, ensuring wide and rapid dissemination.

Further information on MDPI's Special Issue policies can be found here.

Published Papers (15 papers)

Download All Papers
Order results
Result details
Show export options expand_more Show export options expand_less
Select all
Export citation of selected articles as:

Research

22 pages, 1068 KiB  
Article
CyberDualNER: A Dual-Stage Approach for Few-Shot Named Entity Recognition in Cybersecurity
by Conghui Zheng, Cheng Lu, Changqing Li, Zeyang Zheng and Li Pan
Electronics 2025, 14(9), 1791; https://doi.org/10.3390/electronics14091791 - 28 Apr 2025
Viewed by 95
Abstract
As the frequency of cyberattacks rises, extracting actionable cyber threat intelligence (CTI) from diverse online sources has become critical for proactive threat detection and defense. Named entity recognition (NER) serves as a foundational task in CTI extraction, supporting downstream applications such as cybersecurity [...] Read more.
As the frequency of cyberattacks rises, extracting actionable cyber threat intelligence (CTI) from diverse online sources has become critical for proactive threat detection and defense. Named entity recognition (NER) serves as a foundational task in CTI extraction, supporting downstream applications such as cybersecurity knowledge graph construction and attack attribution. However, existing NER methods face significant challenges in the cybersecurity domain, including the need to identify highly specialized entity types and adapt to rapidly evolving threats. These challenges are further exacerbated in few-shot scenarios with limited annotated data. In this work, we focus on few-shot NER for CTI extraction in general cyber environments. Our goal is to develop robust and adaptable methods that are not restricted to specific infrastructures (e.g., traditional IT systems), but instead can generalize across diverse cybersecurity contexts. Specifically, to address these issues, we propose CyberDualNER, a novel dual-stage framework for few-shot NER, which includes span detection and entity classification. In the first stage, we proposed a span detector that can utilize data from large-scale general domains to detect possible entity spans. Based on the detected spans, in the second stage, we propose a prompt-enhanced metric-based classifier. We use category descriptions to build prompt templates, extract category anchor representations, and classify entities based on similarity to span representations. By incorporating prior knowledge, we improve performance while reducing data dependency, which ensures generalizability in the face of emerging entities. Extensive experiments on real-world CTI datasets demonstrate the effectiveness of CyberDualNER, with significant performance improvements over baseline methods. Notably, the framework achieves robust results in scenarios with minimal annotated samples, highlighting its potential for practical applications in cybersecurity intelligence extraction. Full article
(This article belongs to the Special Issue Network Security and Cryptography Applications)
Show Figures

Figure 1

24 pages, 10136 KiB  
Article
A Secure Bank Loan Prediction System by Bridging Differential Privacy and Explainable Machine Learning
by Muhammad Minoar Hossain, Mohammad Mamun, Arslan Munir, Mohammad Motiur Rahman and Safiul Haque Chowdhury
Electronics 2025, 14(8), 1691; https://doi.org/10.3390/electronics14081691 - 21 Apr 2025
Viewed by 277
Abstract
Bank loan prediction (BLP) analyzes the financial records of individuals to conclude possible loan status. Financial records always contain confidential information. Hence, privacy is significant in the BLP system. This research aims to generate a privacy-preserving automated BLP scheme. To achieve this, differential [...] Read more.
Bank loan prediction (BLP) analyzes the financial records of individuals to conclude possible loan status. Financial records always contain confidential information. Hence, privacy is significant in the BLP system. This research aims to generate a privacy-preserving automated BLP scheme. To achieve this, differential privacy (DP) is combined with machine learning (ML). Using a benchmark dataset, the proposed method analyzes two different DP techniques, namely Laplacian and Gaussian, with five different ML models: Random Forest (RF), Extreme Gradient Boosting (XGBoost), Adaptive Boosting (AdaBoost), Logistic Regression (LR), and Categorical Boosting (CatBoost). Each of the DP techniques is evaluated by varying distinct privacy parameters with 10-fold cross-validation, and from the outcome analysis, optimal parameters are nominated to balance privacy and security. The analysis indicates that applying the Laplacian mechanism with a DP budget of 2 and the RF model achieves the highest accuracy of 62.31%. For the Gaussian method, the best accuracy of 81.25% is attained by the CatBoost model in privacy budget 1.5. Additionally, the proposed method uses explainable artificial intelligence (XAI) to show the conclusion capability of DP-integrated ML models. The proposed research shows an efficient method for automated BLP while preserving the privacy of personal financial information and, thus, mitigating vulnerability to scams and fraud. Full article
(This article belongs to the Special Issue Network Security and Cryptography Applications)
Show Figures

Figure 1

23 pages, 1175 KiB  
Article
Multi-Scale Feature Fusion-Based Real-Time Anomaly Detection in Industrial Control Systems
by Lin Xu, Kequan Shang, Xiaohan Zhang, Conghui Zheng and Li Pan
Electronics 2025, 14(8), 1645; https://doi.org/10.3390/electronics14081645 - 18 Apr 2025
Viewed by 239
Abstract
Industrial control systems (ICSs) are a critical component of key infrastructure. However, as ICSs transition from isolated systems to modern networked environments, they face increasing security risks. Traditional anomaly detection methods struggle with complex ICS traffic due to their failure to fully utilize [...] Read more.
Industrial control systems (ICSs) are a critical component of key infrastructure. However, as ICSs transition from isolated systems to modern networked environments, they face increasing security risks. Traditional anomaly detection methods struggle with complex ICS traffic due to their failure to fully utilize both low-frequency and high-frequency traffic information, and their poor performance in heterogeneous and non-stationary data environments. Moreover, fixed threshold methods lack adaptability and fail to respond in real time to dynamic changes in traffic, resulting in false positives and false negatives. To address these issues, this paper proposes a deep learning-based traffic anomaly detection algorithm. The algorithm employs the Hilbert–Huang Transform (HHT) to decompose traffic features and extract multi-frequency information. By integrating feature and temporal attention mechanisms, it enhances modeling capabilities and improves prediction accuracy. Additionally, the deep probabilistic estimation approach dynamically adjusts confidence intervals, enabling synchronized prediction and detection, which significantly enhances both real-time performance and accuracy. Experimental results demonstrate that our method outperforms existing baseline models in both prediction and anomaly detection performance on a real-world industrial control traffic dataset collected from an oilfield in China. The dataset consists of approximately 260,000 records covering Transmission Control Protocol/User Datagram Protocol (TCP/UDP) traffic between Remote Terminal Unit (RTU), Programmable Logic Controller (PLC), and Supervisory Control and Data Acquisition (SCADA) devices. This study has practical implications for improving the cybersecurity of ICSs and provides a theoretical foundation for the efficient management of industrial control networks. Full article
(This article belongs to the Special Issue Network Security and Cryptography Applications)
Show Figures

Figure 1

17 pages, 1292 KiB  
Article
A Hybrid Federated Learning Framework for Privacy-Preserving Near-Real-Time Intrusion Detection in IoT Environments
by Glauco Rampone, Taras Ivaniv and Salvatore Rampone
Electronics 2025, 14(7), 1430; https://doi.org/10.3390/electronics14071430 - 2 Apr 2025
Viewed by 536
Abstract
The proliferation of Internet of Things (IoT) devices has introduced significant challenges in cybersecurity, particularly in the realm of intrusion detection. While effective, traditional centralized machine learning approaches often compromise data privacy and scalability due to the need for data aggregation. In this [...] Read more.
The proliferation of Internet of Things (IoT) devices has introduced significant challenges in cybersecurity, particularly in the realm of intrusion detection. While effective, traditional centralized machine learning approaches often compromise data privacy and scalability due to the need for data aggregation. In this study, we propose a federated learning framework for near-real-time intrusion detection in IoT environments. Federated learning enables decentralized model training across multiple devices without exchanging raw data, thereby preserving privacy and reducing communication overhead. Our approach builds upon a previously proposed hybrid model, which combines a machine learning model deployed on IoT devices with a second-level cloud-based analysis. This previous work required all data to be passed to the cloud in aggregate form, limiting security. We extend this model to incorporate federated learning, allowing for distributed training while maintaining high accuracy and privacy. We evaluate the performance of our federated-learning-based model against a traditional centralized model, focusing on accuracy retention, training efficiency, and privacy preservation. Our experiments utilize actual attack data partitioned across multiple nodes. The results demonstrate that this hybrid federated learning not only offers significant advantages in terms of data privacy and scalability but also retains the previous competitive accuracy. This paper also explores the integration of federated learning with cloud-based infrastructure, leveraging platforms such as Databricks and Google Cloud Storage. We discuss the challenges and benefits of implementing federated learning in a distributed environment, including the use of Apache Spark and MLlib for scalable model training. The results show that all the algorithms used maintain an excellent identification accuracy (98% for logistic R=regression, 97% for SVM, and 100% for Random Forest). We also report a very short training time (less than 11 s on a single machine). The previous very low application time is also confirmed (0.16 s for over 1,697,851 packets). Our findings highlight the potential of federated learning as a viable solution for enhancing cybersecurity in IoT ecosystems, paving the way for further research in privacy-preserving machine learning techniques. Full article
(This article belongs to the Special Issue Network Security and Cryptography Applications)
Show Figures

Figure 1

23 pages, 666 KiB  
Article
DS-GAC: A Data-Sharing Scheme Based on Group Attribute Characteristics
by Zhangbing Li, Jiantian Xiao, Mingyu Xiao and Shaobo Zhang
Electronics 2025, 14(4), 702; https://doi.org/10.3390/electronics14040702 - 12 Feb 2025
Viewed by 546
Abstract
Data sharing has dramatically promoted the efficient use of data resources. The target sharing of confidential data is increasingly becoming urgent for enterprises or organizations to solve business problems, such as data sharing between group users with the same attribute characteristics. The confidentiality [...] Read more.
Data sharing has dramatically promoted the efficient use of data resources. The target sharing of confidential data is increasingly becoming urgent for enterprises or organizations to solve business problems, such as data sharing between group users with the same attribute characteristics. The confidentiality and relative privacy of shared data, whether in plaintext or ciphertext, largely depend on the encryption keys used during the sharing process and the storage security of the sharing platform. In order to solve the problem of secure sharing, this paper proposes a data-sharing scheme based on group attribute characteristics. The sharer segments and encrypts the data and stores most of the data and encryption keys on the cloud platform, while a small part of the residual is stored on the edge server. The sharer specifies group users by defining user attribute values and implements access control of encryption keys and shared data through CP-ABE. In particular, the private servers of the organizations involved in data sharing act as the edge servers, which are responsible for the storage of residuals with the final authorization of data access, and try their best to ensure that the data are shared with the target users. The security analysis and data collection time overhead experiments show that the scheme further guarantees data sharing with specified target users, which is one more layer of guarantee than sharing in multi-cloud environment and cloud-encrypted sharing, and the time overhead has about a 15% improvement over sharing in a multi-cloud environment. Full article
(This article belongs to the Special Issue Network Security and Cryptography Applications)
Show Figures

Figure 1

20 pages, 596 KiB  
Article
Enhancing Hospital Data Security: A Blockchain-Based Protocol for Secure Information Sharing and Recovery
by Jihyeon Ryu and Taeseok Kim
Electronics 2025, 14(3), 580; https://doi.org/10.3390/electronics14030580 - 1 Feb 2025
Viewed by 744
Abstract
Hospitals that store sensitive patient medical records have recently faced issues such as the inability to recover medical data and breaches of patient privacy due to hacker attacks. These attacks on medical data often involve ransomware, which obfuscates the entire hospital’s data, making [...] Read more.
Hospitals that store sensitive patient medical records have recently faced issues such as the inability to recover medical data and breaches of patient privacy due to hacker attacks. These attacks on medical data often involve ransomware, which obfuscates the entire hospital’s data, making them inaccessible, and can also occur when hospitals share patient information during transfers of care. In this study, we propose a new authentication protocol to prevent and address such issues within hospital systems. The proposed protocol encrypts medical records on a private blockchain, allowing them to be securely shared among institutions, hospitals, and insurance companies, ensuring data recovery even if a ransomware attack paralyzes the server. Additionally, the protocol facilitates the systematic sharing of patient medical records between hospitals or between hospitals and insurance companies by distributing session keys. In this study, we demonstrate that the proposed protocol provides 11 security properties, including forward and backward secrecy, user untraceability, and resistance to replay attacks. We also evaluate the communication and computational costs, proving that the protocol is feasible for practical use. Full article
(This article belongs to the Special Issue Network Security and Cryptography Applications)
Show Figures

Figure 1

22 pages, 583 KiB  
Article
A Network Attack Surface Evaluation Method Based on Optimal Attack Strategy
by Peng Xie, Lin Zhang, Zhichao Lian and Jianxin Yang
Electronics 2025, 14(2), 274; https://doi.org/10.3390/electronics14020274 - 11 Jan 2025
Viewed by 642
Abstract
In the era of the rapid development of information technology, it is particularly important to ensure the security of information systems. The network attack surface, as an important index for measuring information system security, has become the focus of practitioners. At present, the [...] Read more.
In the era of the rapid development of information technology, it is particularly important to ensure the security of information systems. The network attack surface, as an important index for measuring information system security, has become the focus of practitioners. At present, the accuracy and practicability of network attack surface evaluations are insufficient. In order to solve this problem, this paper proposes a network attack surface evaluation method based on an optimal attack strategy. This method first identifies the main attack targets of network resources and then uses advanced optimization techniques to determine the best attack strategy. Finally, the network resources closely related to system network security are selected, and the network attack surface is calculated according to the filtering results. A series of simulation experiments show that the method proposed in this paper is more closely related to penetration testing results, more sensitive to changes in network attack surfaces, and more consistent with the real situation compared to other methods. The results demonstrate the method’s balance of practicality and effectiveness. Full article
(This article belongs to the Special Issue Network Security and Cryptography Applications)
Show Figures

Figure 1

19 pages, 892 KiB  
Article
Addressing Class Imbalance in Intrusion Detection: A Comprehensive Evaluation of Machine Learning Approaches
by Vaishnavi Shanmugam, Roozbeh Razavi-Far and Ehsan Hallaji
Electronics 2025, 14(1), 69; https://doi.org/10.3390/electronics14010069 - 27 Dec 2024
Viewed by 1352
Abstract
The ever-growing number of cyber attacks in today’s digitally interconnected world requires highly efficient intrusion detection systems (IDSs), which accurately identify both frequent and rare network intrusions. One of the most important challenges in IDSs is the class imbalance problem of network traffic [...] Read more.
The ever-growing number of cyber attacks in today’s digitally interconnected world requires highly efficient intrusion detection systems (IDSs), which accurately identify both frequent and rare network intrusions. One of the most important challenges in IDSs is the class imbalance problem of network traffic flow data, where benign traffic flow significantly outweighs attack instances. This directly affects the ability of machine learning models to identify minority class threats. This paper is intended to evaluate various machine learning algorithms under different levels of class imbalances, using resampling as a strategy for this problem. The paper will provide an experimental comparison by combining various algorithms for classification and class imbalance learning, assessing the performance through the F1-score and geometric mean (G-mean). The work will contribute to creating robust and adaptive IDS through the judicious integration of resampling with machine learning models, thus helping the domain of cybersecurity to become resilient. Full article
(This article belongs to the Special Issue Network Security and Cryptography Applications)
Show Figures

Figure 1

14 pages, 283 KiB  
Article
BSP: Branch Splitting for Unsolvable Path Hybrid Fuzzing
by Cheng Qian, Ling Pang, Xiaohui Kuang, Jiuren Qin, Yujie Zang, Qichao Zhao and Jiapeng Zhang
Electronics 2024, 13(24), 4935; https://doi.org/10.3390/electronics13244935 - 13 Dec 2024
Viewed by 778
Abstract
Hybrid fuzzing leverages the result of the concolic executor for a direct exploration of fuzzing, which has been proven to improve coverage during tests significantly.However, some constraints, such as those related to environments or depending on the host’s status, cannot be solved. Despite [...] Read more.
Hybrid fuzzing leverages the result of the concolic executor for a direct exploration of fuzzing, which has been proven to improve coverage during tests significantly.However, some constraints, such as those related to environments or depending on the host’s status, cannot be solved. Despite many performance optimizations on hybrid fuzzing, we observe that repeatedly constraint solving on unsolvable branches causes significant computational redundancies. This paper focuses on eliminating the unsolvable branches in concolic execution. We propose Branch Splitting for Unsolvable Path Hybrid Fuzzing (BSP), which splits unsolvable branches to achieve higher fuzzing coverage. BSP modifies the target program during concolic execution so that the fuzzer can easily cover initially unsolvable branches. Specifically, it changes the condition of unsolvable branches to constant True (or False), which generates multiple variants of the original program. Then, the fuzzer tests these variants instead. This allows BSP to explore more branches with high performance. The experimental results on real-world programs demonstrate that BSP can explore 46.68% more branches than QSYM. Full article
(This article belongs to the Special Issue Network Security and Cryptography Applications)
Show Figures

Figure 1

13 pages, 285 KiB  
Article
Slicing Through the Noise: Efficient Crash Deduplication via Trace Reconstruction and Fuzzy Hashing
by Ling Pang, Cheng Qian, Xiaohui Kuang, Jiuren Qin, Yujie Zang and Jiapeng Zhang
Electronics 2024, 13(23), 4817; https://doi.org/10.3390/electronics13234817 - 6 Dec 2024
Viewed by 927
Abstract
In contemporary software security testing, fuzzing is a pervasive methodology employed to identify vulnerabilities. However, one of the most significant challenges is the vast number of crash reports, many of which are repetitive, resulting in an increased analysis burden for security researchers. To [...] Read more.
In contemporary software security testing, fuzzing is a pervasive methodology employed to identify vulnerabilities. However, one of the most significant challenges is the vast number of crash reports, many of which are repetitive, resulting in an increased analysis burden for security researchers. To address this issue, we propose a novel method for reducing crash redundancy and grouping similar crashes based on their execution traces. By leveraging the Intel Processor Trace (PT), we can reconstruct the instruction flow of the last executed function in each crash and extract its relevant instruction slice through data dependency backward slicing. The registers are abstracted, and the immediate values are generalized to normalize the instruction sequence. Subsequently, fuzzy hashing is applied to the generalized instruction sequences, and a similarity-based greedy strategy is employed for grouping. The method effectively reduces the workload by clustering crashes with similar root causes, leaving analysts with only representative samples to investigate. Furthermore, compared with conventional stack hashing techniques, our methodology demonstrates an average improvement in accuracy of 15.38% across four programs, with a total of 281 crashes. Full article
(This article belongs to the Special Issue Network Security and Cryptography Applications)
Show Figures

Figure 1

20 pages, 2890 KiB  
Article
Unsupervised Security Threats Identification for Heterogeneous Events
by Young In Jang, Seungoh Choi, Byung-Gil Min and Young-June Choi
Electronics 2024, 13(20), 4061; https://doi.org/10.3390/electronics13204061 - 15 Oct 2024
Viewed by 855
Abstract
As cyberattacks targeting industrial control systems continue to evolve, the development of sophisticated technologies to detect these security threats becomes increasingly essential. In addition, it is necessary to update adversarial information constantly. However, this process is complicated by the deployment of heterogeneous equipment, [...] Read more.
As cyberattacks targeting industrial control systems continue to evolve, the development of sophisticated technologies to detect these security threats becomes increasingly essential. In addition, it is necessary to update adversarial information constantly. However, this process is complicated by the deployment of heterogeneous equipment, which increases the number of indicators and characteristics that must be analyzed by security administrators. Furthermore, security operation centers often struggle to respond promptly to adversaries because of the high number of false alerts caused by unreliable system labels. These challenges make it difficult to construct reliable detection systems. To address these issues, we propose a robust unsupervised threat-identification method. Our approach involves applying a preprocessing technique tailored to the various data types pertinent to alerts, followed by classifying unlabeled alerts using an autoencoder (AE) model. Despite the presence of numerous false positives, we verified that the proposed model could effectively distinguish between different attack types and identify their relationships with only one round of training in homogeneous and heterogeneous environments within industrial control systems. Moreover, our model can filter and display data classified as actual attacks and generate relational tables. Full article
(This article belongs to the Special Issue Network Security and Cryptography Applications)
Show Figures

Figure 1

15 pages, 9858 KiB  
Article
Clop Ransomware in Action: A Comprehensive Analysis of Its Multi-Stage Tactics
by Yongjoon Lee, Jaeil Lee, Dojin Ryu, Hansol Park and Dongkyoo Shin
Electronics 2024, 13(18), 3689; https://doi.org/10.3390/electronics13183689 - 17 Sep 2024
Cited by 2 | Viewed by 3368
Abstract
Recently, Clop ransomware attacks targeting non-IT fields such as distribution, logistics, and manufacturing have been rapidly increasing. These advanced attacks are particularly concentrated on Active Directory (AD) servers, causing significant operational and financial disruption to the affected organizations. In this study, the multi-step [...] Read more.
Recently, Clop ransomware attacks targeting non-IT fields such as distribution, logistics, and manufacturing have been rapidly increasing. These advanced attacks are particularly concentrated on Active Directory (AD) servers, causing significant operational and financial disruption to the affected organizations. In this study, the multi-step behavior of Clop ransomware was deeply investigated to decipher the sequential techniques and strategies of attackers. One of the key insights uncovered is the vulnerability in AD administrator accounts, which are often used as a primary point of exploitation. This study aims to provide a comprehensive analysis that enables organizations to develop a deeper understanding of the multifaceted threats posed by Clop ransomware and to build more strategic and robust defenses against them. Full article
(This article belongs to the Special Issue Network Security and Cryptography Applications)
Show Figures

Figure 1

21 pages, 3115 KiB  
Article
Phishing Webpage Detection via Multi-Modal Integration of HTML DOM Graphs and URL Features Based on Graph Convolutional and Transformer Networks
by Jun-Ho Yoon, Seok-Jun Buu and Hae-Jung Kim
Electronics 2024, 13(16), 3344; https://doi.org/10.3390/electronics13163344 - 22 Aug 2024
Cited by 1 | Viewed by 2403
Abstract
Detecting phishing webpages is a critical task in the field of cybersecurity, with significant implications for online safety and data protection. Traditional methods have primarily relied on analyzing URL features, which can be limited in capturing the full context of phishing attacks. In [...] Read more.
Detecting phishing webpages is a critical task in the field of cybersecurity, with significant implications for online safety and data protection. Traditional methods have primarily relied on analyzing URL features, which can be limited in capturing the full context of phishing attacks. In this study, we propose an innovative approach that integrates HTML DOM graph modeling with URL feature analysis using advanced deep learning techniques. The proposed method leverages Graph Convolutional Networks (GCNs) to model the structure of HTML DOM graphs, combined with Convolutional Neural Networks (CNNs) and Transformer Networks to capture the character and word sequence features of URLs, respectively. These multi-modal features are then integrated using a Transformer network, which is adept at selectively capturing the interdependencies and complementary relationships between different feature sets. We evaluated our approach on a real-world dataset comprising URL and HTML DOM graph data collected from 2012 to 2024. This dataset includes over 80 million nodes and edges, providing a robust foundation for testing. Our method demonstrated a significant improvement in performance, achieving a 7.03 percentage point increase in classification accuracy compared to state-of-the-art techniques. Additionally, we conducted ablation tests to further validate the effectiveness of individual features in our model. The results validate the efficacy of integrating HTML DOM structure and URL features using deep learning. Our framework significantly enhances phishing detection capabilities, providing a more accurate and comprehensive solution to identifying malicious webpages. Full article
(This article belongs to the Special Issue Network Security and Cryptography Applications)
Show Figures

Figure 1

20 pages, 2156 KiB  
Article
Improving Attack Graph Visual Syntax Configurations
by Askhat Sherzhanov, Hany F. Atlam, Muhammad Ajmal Azad and Harjinder Singh Lallie
Electronics 2024, 13(15), 3052; https://doi.org/10.3390/electronics13153052 - 1 Aug 2024
Viewed by 1252
Abstract
As technology advances and cyber threats become increasingly sophisticated, the task of recognising and understanding malicious activities becomes more complex. This persistent issue is widely acknowledged and extensively documented within the cybersecurity community. Attack modelling techniques (AMTs), such as attack graphs, have emerged [...] Read more.
As technology advances and cyber threats become increasingly sophisticated, the task of recognising and understanding malicious activities becomes more complex. This persistent issue is widely acknowledged and extensively documented within the cybersecurity community. Attack modelling techniques (AMTs), such as attack graphs, have emerged as valuable tools in aiding cyberattack perception. These visualisation tools offer crucial insights into the complex relationships between various components within a system or network, shedding light on potential attack paths and vulnerabilities. This paper proposes an attack graph visual syntax method to improve cyberattack perception among experts and non-experts. The proposed approach was developed to streamline complexity and enhance clarity, thus augmenting the interpretability for users by enhancing visual structural components, such as hue, chromaticity, and line parameters. The proposed attack graph (pag) was empirically evaluated against the adapted attack graph (aag) presented in the literature. The empirical evaluation (n = 83) was conducted through a 3 × 2 × 2 factorial design and two-way analysis of variance (ANOVA) with repeated measures. The participants were classified according to their respective background cohorts into expert and non-expert (expert n = 37, non-expert n = 46) and then grouped into two groups: proposed attack graph (pag) and adapted attack graph (aag) (pag n = 41, aag n = 42). The empirical results demonstrated that while the proposed attack graph (pag) implemented various visual modifications such as brighter hues, denser line structures, and varied shapes, these enhancements did not significantly improve the perception of cyberattacks among individuals who lack expertise in the field, including corporate executives. Moreover, the use of variables such as colour, tone, and line width/density/structure did not help objects in the graph be distinguished more effectively. This paper provides significant insights into the impact of visual enhancements on cyberattack perception, highlighting that visual enhancements alone may not be sufficient to improve cyberattack perception for individuals lacking expertise in the field. Full article
(This article belongs to the Special Issue Network Security and Cryptography Applications)
Show Figures

Figure 1

18 pages, 865 KiB  
Article
Clustering Network Traffic Using Semi-Supervised Learning
by Antonina Krajewska and Ewa Niewiadomska-Szynkiewicz
Electronics 2024, 13(14), 2769; https://doi.org/10.3390/electronics13142769 - 14 Jul 2024
Cited by 2 | Viewed by 1221
Abstract
Clustering algorithms play a crucial role in early warning cybersecurity systems. They allow for the detection of new attack patterns and anomalies and enhance system performance. This paper discusses the problem of clustering data collected by a distributed system of network honeypots. In [...] Read more.
Clustering algorithms play a crucial role in early warning cybersecurity systems. They allow for the detection of new attack patterns and anomalies and enhance system performance. This paper discusses the problem of clustering data collected by a distributed system of network honeypots. In the proposed approach, when a network flow matches an attack signature, an appropriate label is assigned to it. This enables the use of semi-supervised learning algorithms and improves the quality of clustering results. The article compares the results of learning algorithms conducted with and without partial supervision, particularly non-negative matrix factorization and semi-supervised non-negative matrix factorization. Our results confirm the positive impact of labeling a portion of flows on the quality of clustering. Full article
(This article belongs to the Special Issue Network Security and Cryptography Applications)
Show Figures

Figure 1

Show export options expand_more Show export options expand_less
Select all
Export citation of selected articles as:
 
Displaying articles 1-15
Back to TopTop