Special Issue "Advanced Cybersecurity Services Design"

A special issue of Electronics (ISSN 2079-9292). This special issue belongs to the section "Networks".

Deadline for manuscript submissions: closed (15 April 2021).

Special Issue Editor

Prof. Dr. Victor A. Villagrá
E-Mail Website
Guest Editor
Department of Telematic Engineering, Universidad Politécnica de Madrid, 28040 Madrid, Spain
Interests: cybersecurity services; application of AI to cybersecurity; cybersecurity awareness

Special Issue Information

Dear Colleagues,

Cybersecurity technologies have been researched extensively in the last few years in order to face the current threat landscape, which has shown a continuous growth in the quality and quantity of attacks, which have been oriented toward any potentially vulnerable item (people, software, firmware, hardware, etc.). Thus, there is a need for more sophisticated cybersecurity services that are able to combine different technologies to cover all the different aspects that such attacks may utilize.

In this Special Issue, we are gathering original contributions in this area, where different technologies are combined and integrated in order to provide heterogeneous cybersecurity services.

Potential topics include, but are not limited to, the following:

  • Data analysis applied to cybersecurity;
  • Generative adversarial models;
  • Adversarial training with machine learning technologies;
  • Attacks against machine learning technologies;
  • Applications of transfer learning to cybersecurity;
  • Application of ontologies and formal behavior representation to cybersecurity;
  • Knowledge inference for incident response and decision making;
  • Visual analytics for cybersecurity awareness;
  • New HCI approaches for cybersecurity services;
  • New cybersecurity services and approaches for social engineering attacks;
  • New approaches for modeling and detecting insider threats;
  • Modeling the work climate for detecting potential insider threats;
  • User behavior modeling for cybersecurity;
  • User-centered cybersecurity;
  • Integration of heterogeneous data sources and sensors for cybersecurity awareness;
  • Modeling cyber threat intelligence;
  • Integrating cyber threat intelligence for enhanced cybersecurity awareness;
  • Dynamic risk management.

Prof. Dr. Victor A. Villagrá
Guest Editor

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All papers will be peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Electronics is an international peer-reviewed open access semimonthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 1800 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • Technologies integration for cybersecurity
  • Cybersecurity awareness advances services
  • Dynamic risk management
  • AI applications to cybersecurity
  • Cyber threat intelligence

Published Papers (14 papers)

Order results
Result details
Select all
Export citation of selected articles as:

Research

Jump to: Review

Article
Resilience Evaluation of Multi-Path Routing against Network Attacks and Failures
Electronics 2021, 10(11), 1240; https://doi.org/10.3390/electronics10111240 - 24 May 2021
Viewed by 513
Abstract
The current state of security and availability of the Internet is far from being commensurate with its importance. The number and strength of DDoS attacks conducted at the network layer have been steadily increasing. However, the single path (SP) routing used in today’s [...] Read more.
The current state of security and availability of the Internet is far from being commensurate with its importance. The number and strength of DDoS attacks conducted at the network layer have been steadily increasing. However, the single path (SP) routing used in today’s Internet lacks a mitigation scheme to rapidly recover from network attacks or link failure. In case of a link failure occurs, it can take several minutes until failover. In contrast, multi-path routing can take advantage of multiple alternative paths and rapidly switch to another working path. According to the level of available path control, we classfy the multi-path routing into two types, first-hop multi-path (FMP) and multi-hop multi-path (MMP) routing. Although FMP routing supported by networks, such as SD-WAN, shows marginal improvements over the current SP routing of the Internet, MMP routing supported by a global Internet architecture provides strong improvement under network attacks and link failure. MMP routing enables changing to alternate paths to mitigate the network problem in other hops, which cannot be controlled by FMP routing. To show this comparison with practical outcome, we evaluate network performance in terms of latency and loss rate to show that MMP routing can mitigate Internet hazards and provide high availability on global networks by 18 participating ASes in six countries. Our evaluation of global networks shows that, if network attacks or failures occur in other autonomous systems (ASes) that FMP routing cannot avoid, it is feasible to deal with such problems by switching to alternative paths by using MMP routing. When the global evaluation is under a transit-link DDoS attack, the loss rates of FMP that pass the transit-link are affected significantly by a transit-link DDoS attack, but the other alternative MMP paths show stable status under the DDoS attack with proper operation. Full article
(This article belongs to the Special Issue Advanced Cybersecurity Services Design)
Show Figures

Figure 1

Article
Security Information Sharing in Smart Grids: Persisting Security Audits to the Blockchain
Electronics 2020, 9(11), 1865; https://doi.org/10.3390/electronics9111865 - 06 Nov 2020
Cited by 1 | Viewed by 844
Abstract
With the transformation in smart grids, power grid companies are becoming increasingly dependent on data networks. Data networks are used to transport information and commands for optimizing power grid operations: Planning, generation, transportation, and distribution. Performing periodic security audits is one of the [...] Read more.
With the transformation in smart grids, power grid companies are becoming increasingly dependent on data networks. Data networks are used to transport information and commands for optimizing power grid operations: Planning, generation, transportation, and distribution. Performing periodic security audits is one of the required tasks for securing networks, and we proposed in a previous work autoauditor, a system to achieve automatic auditing. It was designed according to the specific requirements of power grid companies, such as scaling with the huge number of heterogeneous equipment in power grid companies. Though pentesting and security audits are required for continuous monitoring, collaboration is of utmost importance to fight cyber threats. In this paper we work on the accountability of audit results and explore how the list of audit result records can be included in a blockchain, since blockchains are by design resistant to data modification. Moreover, blockchains endowed with smart contracts functionality boost the automation of both digital evidence gathering, audit, and controlled information exchange. To our knowledge, no such system exists. We perform throughput evaluation to assess the feasibility of the system and show that the system is viable for adaptation to the inventory systems of electrical companies. Full article
(This article belongs to the Special Issue Advanced Cybersecurity Services Design)
Show Figures

Figure 1

Article
C3-Sex: A Conversational Agent to Detect Online Sex Offenders
Electronics 2020, 9(11), 1779; https://doi.org/10.3390/electronics9111779 - 27 Oct 2020
Cited by 1 | Viewed by 3026
Abstract
Prevention of cybercrime is one of the missions of Law Enforcement Agencies (LEA) aiming to protect and guarantee sovereignty in the cyberspace. In this regard, online sex crimes are among the principal ones to prevent, especially those where a child is abused. The [...] Read more.
Prevention of cybercrime is one of the missions of Law Enforcement Agencies (LEA) aiming to protect and guarantee sovereignty in the cyberspace. In this regard, online sex crimes are among the principal ones to prevent, especially those where a child is abused. The paper at hand proposes C3-Sex, a smart chatbot that uses Natural Language Processing (NLP) to interact with suspects in order to profile their interest regarding online child sexual abuse. This solution is based on our Artificial Conversational Entity (ACE) that connects to different online chat services to start a conversation. The ACE is designed using generative and rule-based models in charge of generating the posts and replies that constitute the conversation from the chatbot side. The proposed solution also includes a module to analyze the conversations performed by the chatbot and calculate a set of 25 features that describes the suspect’s behavior. After 50 days of experiments, the chatbot generated a dataset with 7199 profiling vectors with the features associated to each suspect. Afterward, we applied an unsupervised method to describe the results that differentiate three groups, which we categorize as indifferent, interested, and pervert. Exhaustive analysis is conducted to validate the applicability and advantages of our solution. Full article
(This article belongs to the Special Issue Advanced Cybersecurity Services Design)
Show Figures

Figure 1

Article
An Approach for the Application of a Dynamic Multi-Class Classifier for Network Intrusion Detection Systems
Electronics 2020, 9(11), 1759; https://doi.org/10.3390/electronics9111759 - 23 Oct 2020
Cited by 2 | Viewed by 705
Abstract
Currently, the use of machine learning models for developing intrusion detection systems is a technology trend which improvement has been proven. These intelligent systems are trained with labeled datasets, including different types of attacks and the normal behavior of the network. Most of [...] Read more.
Currently, the use of machine learning models for developing intrusion detection systems is a technology trend which improvement has been proven. These intelligent systems are trained with labeled datasets, including different types of attacks and the normal behavior of the network. Most of the studies use a unique machine learning model, identifying anomalies related to possible attacks. In other cases, machine learning algorithms are used to identify certain type of attacks. However, recent studies show that certain models are more accurate identifying certain classes of attacks than others. Thus, this study tries to identify which model fits better with each kind of attack in order to define a set of reasoner modules. In addition, this research work proposes to organize these modules to feed a selection system, that is, a dynamic classifier. Finally, the study shows that when using the proposed dynamic classifier model, the detection range increases, improving the detection by each individual model in terms of accuracy. Full article
(This article belongs to the Special Issue Advanced Cybersecurity Services Design)
Show Figures

Figure 1

Article
InSight2: A Modular Visual Analysis Platform for Network Situational Awareness in Large-Scale Networks
Electronics 2020, 9(10), 1747; https://doi.org/10.3390/electronics9101747 - 21 Oct 2020
Viewed by 717
Abstract
The complexity and throughput of computer networks are rapidly increasing as a result of the proliferation of interconnected devices, data-driven applications, and remote working. Providing situational awareness for computer networks requires monitoring and analysis of network data to understand normal activity and identify [...] Read more.
The complexity and throughput of computer networks are rapidly increasing as a result of the proliferation of interconnected devices, data-driven applications, and remote working. Providing situational awareness for computer networks requires monitoring and analysis of network data to understand normal activity and identify abnormal activity. A scalable platform to process and visualize data in real time for large-scale networks enables security analysts and researchers to not only monitor and study network flow data but also experiment and develop novel analytics. In this paper, we introduce InSight2, an open-source platform for manipulating both streaming and archived network flow data in real time that aims to address the issues of existing solutions such as scalability, extendability, and flexibility. Case-studies are provided that demonstrate applications in monitoring network activity, identifying network attacks and compromised hosts and anomaly detection. Full article
(This article belongs to the Special Issue Advanced Cybersecurity Services Design)
Show Figures

Figure 1

Article
Utilising Deep Learning Techniques for Effective Zero-Day Attack Detection
Electronics 2020, 9(10), 1684; https://doi.org/10.3390/electronics9101684 - 14 Oct 2020
Cited by 7 | Viewed by 1790
Abstract
Machine Learning (ML) and Deep Learning (DL) have been used for building Intrusion Detection Systems (IDS). The increase in both the number and sheer variety of new cyber-attacks poses a tremendous challenge for IDS solutions that rely on a database of historical attack [...] Read more.
Machine Learning (ML) and Deep Learning (DL) have been used for building Intrusion Detection Systems (IDS). The increase in both the number and sheer variety of new cyber-attacks poses a tremendous challenge for IDS solutions that rely on a database of historical attack signatures. Therefore, the industrial pull for robust IDSs that are capable of flagging zero-day attacks is growing. Current outlier-based zero-day detection research suffers from high false-negative rates, thus limiting their practical use and performance. This paper proposes an autoencoder implementation for detecting zero-day attacks. The aim is to build an IDS model with high recall while keeping the miss rate (false-negatives) to an acceptable minimum. Two well-known IDS datasets are used for evaluation—CICIDS2017 and NSL-KDD. In order to demonstrate the efficacy of our model, we compare its results against a One-Class Support Vector Machine (SVM). The manuscript highlights the performance of a One-Class SVM when zero-day attacks are distinctive from normal behaviour. The proposed model benefits greatly from autoencoders encoding-decoding capabilities. The results show that autoencoders are well-suited at detecting complex zero-day attacks. The results demonstrate a zero-day detection accuracy of 89–99% for the NSL-KDD dataset and 75–98% for the CICIDS2017 dataset. Finally, the paper outlines the observed trade-off between recall and fallout. Full article
(This article belongs to the Special Issue Advanced Cybersecurity Services Design)
Show Figures

Figure 1

Article
Combining K-Means and XGBoost Models for Anomaly Detection Using Log Datasets
Electronics 2020, 9(7), 1164; https://doi.org/10.3390/electronics9071164 - 17 Jul 2020
Cited by 4 | Viewed by 2851
Abstract
Computing and networking systems traditionally record their activity in log files, which have been used for multiple purposes, such as troubleshooting, accounting, post-incident analysis of security breaches, capacity planning and anomaly detection. In earlier systems those log files were processed manually by system [...] Read more.
Computing and networking systems traditionally record their activity in log files, which have been used for multiple purposes, such as troubleshooting, accounting, post-incident analysis of security breaches, capacity planning and anomaly detection. In earlier systems those log files were processed manually by system administrators, or with the support of basic applications for filtering, compiling and pre-processing the logs for specific purposes. However, as the volume of these log files continues to grow (more logs per system, more systems per domain), it is becoming increasingly difficult to process those logs using traditional tools, especially for less straightforward purposes such as anomaly detection. On the other hand, as systems continue to become more complex, the potential of using large datasets built of logs from heterogeneous sources for detecting anomalies without prior domain knowledge becomes higher. Anomaly detection tools for such scenarios face two challenges. First, devising appropriate data analysis solutions for effectively detecting anomalies from large data sources, possibly without prior domain knowledge. Second, adopting data processing platforms able to cope with the large datasets and complex data analysis algorithms required for such purposes. In this paper we address those challenges by proposing an integrated scalable framework that aims at efficiently detecting anomalous events on large amounts of unlabeled data logs. Detection is supported by clustering and classification methods that take advantage of parallel computing environments. We validate our approach using the the well known NASA Hypertext Transfer Protocol (HTTP) logs datasets. Fourteen features were extracted in order to train a k-means model for separating anomalous and normal events in highly coherent clusters. A second model, making use of the XGBoost system implementing a gradient tree boosting algorithm, uses the previous binary clustered data for producing a set of simple interpretable rules. These rules represent the rationale for generalizing its application over a massive number of unseen events in a distributed computing environment. The classified anomaly events produced by our framework can be used, for instance, as candidates for further forensic and compliance auditing analysis in security management. Full article
(This article belongs to the Special Issue Advanced Cybersecurity Services Design)
Show Figures

Figure 1

Article
A Comparative Analysis of Cyber-Threat Intelligence Sources, Formats and Languages
Electronics 2020, 9(5), 824; https://doi.org/10.3390/electronics9050824 - 16 May 2020
Cited by 7 | Viewed by 2331
Abstract
The sharing of cyber-threat intelligence is an essential part of multi-layered tools used to protect systems and organisations from various threats. Structured standards, such as STIX, TAXII and CybOX, were introduced to provide a common means of sharing cyber-threat intelligence and have been [...] Read more.
The sharing of cyber-threat intelligence is an essential part of multi-layered tools used to protect systems and organisations from various threats. Structured standards, such as STIX, TAXII and CybOX, were introduced to provide a common means of sharing cyber-threat intelligence and have been subsequently much-heralded as the de facto industry standards. In this paper, we investigate the landscape of the available formats and languages, along with the publicly available sources of threat feeds, how these are implemented and their suitability for providing rich cyber-threat intelligence. We also analyse at a sample of cyber-threat intelligence feeds, the type of data they provide and the issues found in aggregating and sharing the data. Moreover, the type of data supported by various formats and languages is correlated with the data needs for several use cases related to typical security operations. The main conclusions drawn by our analysis suggest that many of the standards have a poor level of adoption and implementation, with providers opting for custom or traditional simple formats. Full article
(This article belongs to the Special Issue Advanced Cybersecurity Services Design)
Show Figures

Figure 1

Article
Intrusion Detection Based on Spatiotemporal Characterization of Cyberattacks
Electronics 2020, 9(3), 460; https://doi.org/10.3390/electronics9030460 - 09 Mar 2020
Cited by 2 | Viewed by 1237
Abstract
As attack techniques become more sophisticated, detecting new and advanced cyberattacks with traditional intrusion detection techniques based on signature and anomaly is becoming challenging. In signature-based detection, not only do attackers bypass known signatures, but they also exploit unknown vulnerabilities. As the number [...] Read more.
As attack techniques become more sophisticated, detecting new and advanced cyberattacks with traditional intrusion detection techniques based on signature and anomaly is becoming challenging. In signature-based detection, not only do attackers bypass known signatures, but they also exploit unknown vulnerabilities. As the number of new signatures is increasing daily, it is also challenging to scale the detection mechanisms without impacting performance. For anomaly detection, defining normal behaviors is challenging due to today’s complex applications with dynamic features. These complex and dynamic characteristics cause much false positives with a simple outlier detection. In this work, we detect intrusion behaviors by looking at number of computing elements together in time and space, whereas most of existing intrusion detection systems focus on a single element. In order to define the spatiotemporal intrusion patterns, we look at fundamental behaviors of cyberattacks that should appear in any possible attacks. We define these individual behaviors as basic cyberattack action (BCA) and develop a stochastic graph model to represent combination of BCAs in time and space. In addition, we build an intrusion detection system to demonstrate the detection mechanism based on the graph model. We inject numerous known and possible unknown attacks comprising BCAs and show how the system detects these attacks and how to locate the root causes based on the spatiotemporal patterns. The characterization of attacks in spatiotemporal patterns with expected essential behaviors would present a new effective approach to the intrusion detection. Full article
(This article belongs to the Special Issue Advanced Cybersecurity Services Design)
Show Figures

Figure 1

Article
Practical Implementation of Privacy Preserving Clustering Methods Using a Partially Homomorphic Encryption Algorithm
Electronics 2020, 9(2), 229; https://doi.org/10.3390/electronics9020229 - 31 Jan 2020
Cited by 8 | Viewed by 1291
Abstract
The protection and processing of sensitive data in big data systems are common problems as the increase in data size increases the need for high processing power. Protection of the sensitive data on a system that contains multiple connections with different privacy policies, [...] Read more.
The protection and processing of sensitive data in big data systems are common problems as the increase in data size increases the need for high processing power. Protection of the sensitive data on a system that contains multiple connections with different privacy policies, also brings the need to use proper cryptographic key exchange methods for each party, as extra work. Homomorphic encryption methods can perform similar arithmetic operations on encrypted data in the same way as a plain format of the data. Thus, these methods provide data privacy, as data are processed in the encrypted domain, without the need for a plain form and this allows outsourcing of the computations to cloud systems. This also brings simplicity on key exchange sessions for all sides. In this paper, we propose novel privacy preserving clustering methods, alongside homomorphic encryption schemes that can run on a common high performance computation platform, such as a cloud system. As a result, the parties of this system will not need to possess high processing power because the most power demanding tasks would be done on any cloud system provider. Our system offers a privacy preserving distance matrix calculation for several clustering algorithms. Considering both encrypted and plain forms of the same data for different key and data lengths, our privacy preserving training method’s performance results are obtained for four different data clustering algorithms, while considering six different evaluation metrics. Full article
(This article belongs to the Special Issue Advanced Cybersecurity Services Design)
Show Figures

Figure 1

Article
A Two Stage Intrusion Detection System for Industrial Control Networks Based on Ethernet/IP
Electronics 2019, 8(12), 1545; https://doi.org/10.3390/electronics8121545 - 15 Dec 2019
Cited by 4 | Viewed by 1180
Abstract
Standard Ethernet (IEEE 802.3 and the TCP/IP protocol suite) is gradually applied in industrial control system (ICS) with the development of information technology. It breaks the natural isolation of ICS, but contains no security mechanisms. An improved intrusion detection system (IDS), which is [...] Read more.
Standard Ethernet (IEEE 802.3 and the TCP/IP protocol suite) is gradually applied in industrial control system (ICS) with the development of information technology. It breaks the natural isolation of ICS, but contains no security mechanisms. An improved intrusion detection system (IDS), which is strongly correlated to specific industrial scenarios, is necessary for modern ICS. On one hand, this paper outlines three kinds of attack models, including infiltration attacks, creative forging attacks, and false data injection attacks. On the other hand, a two stage IDS is proposed, which contains a traffic prediction model and an anomaly detection model. The traffic prediction model, which is based on the autoregressive integrated moving average (ARIMA), can forecast the traffic of the ICS network in the short term and detect infiltration attacks precisely according to the abnormal changes in traffic patterns. Furthermore, the anomaly detection model, using a one class support vector machine (OCSVM), is able to detect malicious control instructions by analyzing the key field in Ethernet/IP packets. The confusion matrix is selected to testify to the effectiveness of the proposed method, and two other innovative IDSs are used for comparison. The experiment results show that the proposed two stage IDS in this paper has an outstanding performance in detecting infiltration attacks, forging attacks, and false data injection attacks compared with other IDSs. Full article
(This article belongs to the Special Issue Advanced Cybersecurity Services Design)
Show Figures

Figure 1

Article
Intelligent On-Off Web Defacement Attacks and Random Monitoring-Based Detection Algorithms
Electronics 2019, 8(11), 1338; https://doi.org/10.3390/electronics8111338 - 13 Nov 2019
Cited by 1 | Viewed by 808
Abstract
Recent cyberattacks armed with various ICT (information and communication technology) techniques are becoming advanced, sophisticated and intelligent. In security research field and practice, it is a common and reasonable assumption that attackers are intelligent enough to discover security vulnerabilities of security defense mechanisms [...] Read more.
Recent cyberattacks armed with various ICT (information and communication technology) techniques are becoming advanced, sophisticated and intelligent. In security research field and practice, it is a common and reasonable assumption that attackers are intelligent enough to discover security vulnerabilities of security defense mechanisms and thus avoid the defense systems’ detection and prevention activities. Web defacement attacks refer to a series of attacks that illegally modify web pages for malicious purposes, and are one of the serious ongoing cyber threats that occur globally. Detection methods against such attacks can be classified into either server-based approaches or client-based approaches, and there are pros and cons for each approach. From our extensive survey on existing client-based defense methods, we found a critical security vulnerability which can be exploited by intelligent attackers. In this paper, we report the security vulnerability in existing client-based detection methods with a fixed monitoring cycle and present novel intelligent on-off web defacement attacks exploiting such vulnerability. Next, we propose to use a random monitoring strategy as a promising countermeasure against such attacks, and design two random monitoring defense algorithms: (1) Uniform Random Monitoring Algorithm (URMA), and (2) Attack Damage-Based Random Monitoring Algorithm (ADRMA). In addition, we present extensive experiment results to validate our idea and show the detection performance of our random monitoring algorithms. According to our experiment results, our random monitoring detection algorithms can quickly detect various intelligent web defacement on-off attacks (AM1, AM2, and AM3), and thus do not allow huge attack damage in terms of the number of defaced slots when compared with an existing fixed periodic monitoring algorithm (FPMA). Full article
(This article belongs to the Special Issue Advanced Cybersecurity Services Design)
Show Figures

Figure 1

Review

Jump to: Research

Review
Autonomous Haulage Systems in the Mining Industry: Cybersecurity, Communication and Safety Issues and Challenges
Electronics 2021, 10(11), 1357; https://doi.org/10.3390/electronics10111357 - 07 Jun 2021
Viewed by 725
Abstract
The current advancement of robotics, especially in Cyber-Physical Systems (CPS), leads to a prominent combination between the mining industry and connected-embedded technologies. This progress has arisen in the form of state-of-the-art automated giant vehicles with Autonomous Haulage Systems (AHS) that can transport ore [...] Read more.
The current advancement of robotics, especially in Cyber-Physical Systems (CPS), leads to a prominent combination between the mining industry and connected-embedded technologies. This progress has arisen in the form of state-of-the-art automated giant vehicles with Autonomous Haulage Systems (AHS) that can transport ore without human intervention. Like CPS, AHS enable autonomous and/or remote control of physical systems (e.g., mining trucks). Thus, similar to CPS, AHS are also susceptible to cyber attacks such as Wi-Fi De-Auth and GPS attacks. With the use of the AHS, several mining activities have been strengthened due to increasing the efficiency of operations. Such activities require ensuring accurate data collection from which precise information about the state of the mine should be generated in a timely and consistent manner. Consequently, the presence of secure and reliable communications is crucial in making AHS mines safer, productive, and sustainable. This paper aims to identify and discuss the relation between safety of AHS in the mining environment and both cybersecurity and communication as well as highlighting their challenges and open issues. We survey the literature that addressed this aim and discuss its pros and cons and then highlight some open issues. We conclude that addressing cybersecurity issues of AHS can ensure the safety of operations in the mining environment as well as providing reliable communication, which will lead to better safety. Additionally, it was found that new communication technologies, such 5G and LTE, could be adopted in AHS-based systems for mining, but further research is needed to considered related cybersecurity issues and attacks. Full article
(This article belongs to the Special Issue Advanced Cybersecurity Services Design)
Review
Systematic Review and Quantitative Comparison of Cyberattack Scenario Detection and Projection
Electronics 2020, 9(10), 1722; https://doi.org/10.3390/electronics9101722 - 19 Oct 2020
Cited by 1 | Viewed by 683
Abstract
Intrusion Detection Systems (IDSs) automatically analyze event logs and network traffic in order to detect malicious activity and policy violations. Because IDSs have a large number of false positives and false negatives and the technical nature of their alerts requires a lot of [...] Read more.
Intrusion Detection Systems (IDSs) automatically analyze event logs and network traffic in order to detect malicious activity and policy violations. Because IDSs have a large number of false positives and false negatives and the technical nature of their alerts requires a lot of manual analysis, the researchers proposed approaches that automate the analysis of alerts to detect large-scale attacks and predict the attacker’s next steps. Unfortunately, many such approaches use unique datasets and success metrics, making comparison difficult. This survey provides an overview of the state of the art in detecting and projecting cyberattack scenarios, with a focus on evaluation and the corresponding metrics. Representative papers are collected while using Google Scholar and Scopus searches. Mutually comparable success metrics are calculated and several comparison tables are provided. Our results show that commonly used metrics are saturated on popular datasets and cannot assess the practical usability of the approaches. In addition, approaches with knowledge bases require constant maintenance, while data mining and ML approaches depend on the quality of available datasets, which, at the time of writing, are not representative enough to provide general knowledge regarding attack scenarios, so more emphasis needs to be placed on researching the behavior of attackers. Full article
(This article belongs to the Special Issue Advanced Cybersecurity Services Design)
Show Figures

Figure 1

Back to TopTop