Special Issue "Advanced Cybersecurity Services Design"

A special issue of Electronics (ISSN 2079-9292). This special issue belongs to the section "Networks".

Deadline for manuscript submissions: 15 April 2021.

Special Issue Editor

Prof. Dr. Victor A. Villagrá
Website
Guest Editor
Universidad Politécnica de Madrid, Madrid, Spain
Interests: cybersecurity services; application of AI to cybersecurity; cybersecurity awareness

Special Issue Information

Dear Colleagues,

Cybersecurity technologies have been researched extensively in the last few years in order to face the current threat landscape, which has shown a continuous growth in the quality and quantity of attacks, which have been oriented toward any potentially vulnerable item (people, software, firmware, hardware, etc.). Thus, there is a need for more sophisticated cybersecurity services that are able to combine different technologies to cover all the different aspects that such attacks may utilize.

In this Special Issue, we are gathering original contributions in this area, where different technologies are combined and integrated in order to provide heterogeneous cybersecurity services.

Potential topics include, but are not limited to, the following:

  • Data analysis applied to cybersecurity;
  • Generative adversarial models;
  • Adversarial training with machine learning technologies;
  • Attacks against machine learning technologies;
  • Applications of transfer learning to cybersecurity;
  • Application of ontologies and formal behavior representation to cybersecurity;
  • Knowledge inference for incident response and decision making;
  • Visual analytics for cybersecurity awareness;
  • New HCI approaches for cybersecurity services;
  • New cybersecurity services and approaches for social engineering attacks;
  • New approaches for modeling and detecting insider threats;
  • Modeling the work climate for detecting potential insider threats;
  • User behavior modeling for cybersecurity;
  • User-centered cybersecurity;
  • Integration of heterogeneous data sources and sensors for cybersecurity awareness;
  • Modeling cyber threat intelligence;
  • Integrating cyber threat intelligence for enhanced cybersecurity awareness;
  • Dynamic risk management.

Prof. Dr. Victor A. Villagrá
Guest Editor

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All papers will be peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Electronics is an international peer-reviewed open access monthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 1500 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • Technologies integration for cybersecurity
  • Cybersecurity awareness advances services
  • Dynamic risk management
  • AI applications to cybersecurity
  • Cyber threat intelligence

Published Papers (6 papers)

Order results
Result details
Select all
Export citation of selected articles as:

Research

Open AccessArticle
Combining K-Means and XGBoost Models for Anomaly Detection Using Log Datasets
Electronics 2020, 9(7), 1164; https://doi.org/10.3390/electronics9071164 - 17 Jul 2020
Abstract
Computing and networking systems traditionally record their activity in log files, which have been used for multiple purposes, such as troubleshooting, accounting, post-incident analysis of security breaches, capacity planning and anomaly detection. In earlier systems those log files were processed manually by system [...] Read more.
Computing and networking systems traditionally record their activity in log files, which have been used for multiple purposes, such as troubleshooting, accounting, post-incident analysis of security breaches, capacity planning and anomaly detection. In earlier systems those log files were processed manually by system administrators, or with the support of basic applications for filtering, compiling and pre-processing the logs for specific purposes. However, as the volume of these log files continues to grow (more logs per system, more systems per domain), it is becoming increasingly difficult to process those logs using traditional tools, especially for less straightforward purposes such as anomaly detection. On the other hand, as systems continue to become more complex, the potential of using large datasets built of logs from heterogeneous sources for detecting anomalies without prior domain knowledge becomes higher. Anomaly detection tools for such scenarios face two challenges. First, devising appropriate data analysis solutions for effectively detecting anomalies from large data sources, possibly without prior domain knowledge. Second, adopting data processing platforms able to cope with the large datasets and complex data analysis algorithms required for such purposes. In this paper we address those challenges by proposing an integrated scalable framework that aims at efficiently detecting anomalous events on large amounts of unlabeled data logs. Detection is supported by clustering and classification methods that take advantage of parallel computing environments. We validate our approach using the the well known NASA Hypertext Transfer Protocol (HTTP) logs datasets. Fourteen features were extracted in order to train a k-means model for separating anomalous and normal events in highly coherent clusters. A second model, making use of the XGBoost system implementing a gradient tree boosting algorithm, uses the previous binary clustered data for producing a set of simple interpretable rules. These rules represent the rationale for generalizing its application over a massive number of unseen events in a distributed computing environment. The classified anomaly events produced by our framework can be used, for instance, as candidates for further forensic and compliance auditing analysis in security management. Full article
(This article belongs to the Special Issue Advanced Cybersecurity Services Design)
Show Figures

Figure 1

Open AccessFeature PaperArticle
A Comparative Analysis of Cyber-Threat Intelligence Sources, Formats and Languages
Electronics 2020, 9(5), 824; https://doi.org/10.3390/electronics9050824 - 16 May 2020
Cited by 1
Abstract
The sharing of cyber-threat intelligence is an essential part of multi-layered tools used to protect systems and organisations from various threats. Structured standards, such as STIX, TAXII and CybOX, were introduced to provide a common means of sharing cyber-threat intelligence and have been [...] Read more.
The sharing of cyber-threat intelligence is an essential part of multi-layered tools used to protect systems and organisations from various threats. Structured standards, such as STIX, TAXII and CybOX, were introduced to provide a common means of sharing cyber-threat intelligence and have been subsequently much-heralded as the de facto industry standards. In this paper, we investigate the landscape of the available formats and languages, along with the publicly available sources of threat feeds, how these are implemented and their suitability for providing rich cyber-threat intelligence. We also analyse at a sample of cyber-threat intelligence feeds, the type of data they provide and the issues found in aggregating and sharing the data. Moreover, the type of data supported by various formats and languages is correlated with the data needs for several use cases related to typical security operations. The main conclusions drawn by our analysis suggest that many of the standards have a poor level of adoption and implementation, with providers opting for custom or traditional simple formats. Full article
(This article belongs to the Special Issue Advanced Cybersecurity Services Design)
Show Figures

Figure 1

Open AccessArticle
Intrusion Detection Based on Spatiotemporal Characterization of Cyberattacks
Electronics 2020, 9(3), 460; https://doi.org/10.3390/electronics9030460 - 09 Mar 2020
Abstract
As attack techniques become more sophisticated, detecting new and advanced cyberattacks with traditional intrusion detection techniques based on signature and anomaly is becoming challenging. In signature-based detection, not only do attackers bypass known signatures, but they also exploit unknown vulnerabilities. As the number [...] Read more.
As attack techniques become more sophisticated, detecting new and advanced cyberattacks with traditional intrusion detection techniques based on signature and anomaly is becoming challenging. In signature-based detection, not only do attackers bypass known signatures, but they also exploit unknown vulnerabilities. As the number of new signatures is increasing daily, it is also challenging to scale the detection mechanisms without impacting performance. For anomaly detection, defining normal behaviors is challenging due to today’s complex applications with dynamic features. These complex and dynamic characteristics cause much false positives with a simple outlier detection. In this work, we detect intrusion behaviors by looking at number of computing elements together in time and space, whereas most of existing intrusion detection systems focus on a single element. In order to define the spatiotemporal intrusion patterns, we look at fundamental behaviors of cyberattacks that should appear in any possible attacks. We define these individual behaviors as basic cyberattack action (BCA) and develop a stochastic graph model to represent combination of BCAs in time and space. In addition, we build an intrusion detection system to demonstrate the detection mechanism based on the graph model. We inject numerous known and possible unknown attacks comprising BCAs and show how the system detects these attacks and how to locate the root causes based on the spatiotemporal patterns. The characterization of attacks in spatiotemporal patterns with expected essential behaviors would present a new effective approach to the intrusion detection. Full article
(This article belongs to the Special Issue Advanced Cybersecurity Services Design)
Show Figures

Figure 1

Open AccessArticle
Practical Implementation of Privacy Preserving Clustering Methods Using a Partially Homomorphic Encryption Algorithm
Electronics 2020, 9(2), 229; https://doi.org/10.3390/electronics9020229 - 31 Jan 2020
Cited by 1
Abstract
The protection and processing of sensitive data in big data systems are common problems as the increase in data size increases the need for high processing power. Protection of the sensitive data on a system that contains multiple connections with different privacy policies, [...] Read more.
The protection and processing of sensitive data in big data systems are common problems as the increase in data size increases the need for high processing power. Protection of the sensitive data on a system that contains multiple connections with different privacy policies, also brings the need to use proper cryptographic key exchange methods for each party, as extra work. Homomorphic encryption methods can perform similar arithmetic operations on encrypted data in the same way as a plain format of the data. Thus, these methods provide data privacy, as data are processed in the encrypted domain, without the need for a plain form and this allows outsourcing of the computations to cloud systems. This also brings simplicity on key exchange sessions for all sides. In this paper, we propose novel privacy preserving clustering methods, alongside homomorphic encryption schemes that can run on a common high performance computation platform, such as a cloud system. As a result, the parties of this system will not need to possess high processing power because the most power demanding tasks would be done on any cloud system provider. Our system offers a privacy preserving distance matrix calculation for several clustering algorithms. Considering both encrypted and plain forms of the same data for different key and data lengths, our privacy preserving training method’s performance results are obtained for four different data clustering algorithms, while considering six different evaluation metrics. Full article
(This article belongs to the Special Issue Advanced Cybersecurity Services Design)
Show Figures

Figure 1

Open AccessArticle
A Two Stage Intrusion Detection System for Industrial Control Networks Based on Ethernet/IP
Electronics 2019, 8(12), 1545; https://doi.org/10.3390/electronics8121545 - 15 Dec 2019
Cited by 1
Abstract
Standard Ethernet (IEEE 802.3 and the TCP/IP protocol suite) is gradually applied in industrial control system (ICS) with the development of information technology. It breaks the natural isolation of ICS, but contains no security mechanisms. An improved intrusion detection system (IDS), which is [...] Read more.
Standard Ethernet (IEEE 802.3 and the TCP/IP protocol suite) is gradually applied in industrial control system (ICS) with the development of information technology. It breaks the natural isolation of ICS, but contains no security mechanisms. An improved intrusion detection system (IDS), which is strongly correlated to specific industrial scenarios, is necessary for modern ICS. On one hand, this paper outlines three kinds of attack models, including infiltration attacks, creative forging attacks, and false data injection attacks. On the other hand, a two stage IDS is proposed, which contains a traffic prediction model and an anomaly detection model. The traffic prediction model, which is based on the autoregressive integrated moving average (ARIMA), can forecast the traffic of the ICS network in the short term and detect infiltration attacks precisely according to the abnormal changes in traffic patterns. Furthermore, the anomaly detection model, using a one class support vector machine (OCSVM), is able to detect malicious control instructions by analyzing the key field in Ethernet/IP packets. The confusion matrix is selected to testify to the effectiveness of the proposed method, and two other innovative IDSs are used for comparison. The experiment results show that the proposed two stage IDS in this paper has an outstanding performance in detecting infiltration attacks, forging attacks, and false data injection attacks compared with other IDSs. Full article
(This article belongs to the Special Issue Advanced Cybersecurity Services Design)
Show Figures

Figure 1

Open AccessArticle
Intelligent On-Off Web Defacement Attacks and Random Monitoring-Based Detection Algorithms
Electronics 2019, 8(11), 1338; https://doi.org/10.3390/electronics8111338 - 13 Nov 2019
Abstract
Recent cyberattacks armed with various ICT (information and communication technology) techniques are becoming advanced, sophisticated and intelligent. In security research field and practice, it is a common and reasonable assumption that attackers are intelligent enough to discover security vulnerabilities of security defense mechanisms [...] Read more.
Recent cyberattacks armed with various ICT (information and communication technology) techniques are becoming advanced, sophisticated and intelligent. In security research field and practice, it is a common and reasonable assumption that attackers are intelligent enough to discover security vulnerabilities of security defense mechanisms and thus avoid the defense systems’ detection and prevention activities. Web defacement attacks refer to a series of attacks that illegally modify web pages for malicious purposes, and are one of the serious ongoing cyber threats that occur globally. Detection methods against such attacks can be classified into either server-based approaches or client-based approaches, and there are pros and cons for each approach. From our extensive survey on existing client-based defense methods, we found a critical security vulnerability which can be exploited by intelligent attackers. In this paper, we report the security vulnerability in existing client-based detection methods with a fixed monitoring cycle and present novel intelligent on-off web defacement attacks exploiting such vulnerability. Next, we propose to use a random monitoring strategy as a promising countermeasure against such attacks, and design two random monitoring defense algorithms: (1) Uniform Random Monitoring Algorithm (URMA), and (2) Attack Damage-Based Random Monitoring Algorithm (ADRMA). In addition, we present extensive experiment results to validate our idea and show the detection performance of our random monitoring algorithms. According to our experiment results, our random monitoring detection algorithms can quickly detect various intelligent web defacement on-off attacks (AM1, AM2, and AM3), and thus do not allow huge attack damage in terms of the number of defaced slots when compared with an existing fixed periodic monitoring algorithm (FPMA). Full article
(This article belongs to the Special Issue Advanced Cybersecurity Services Design)
Show Figures

Figure 1

Back to TopTop