Research

Jump to: Review

Open AccessArticle

Swarm Optimization and Machine Learning Applied to PE Malware Detection towards Cyber Threat Intelligence

by

Santosh Jhansi Kattamuri

,

Ravi Kiran Varma Penmatsa

,

Sujata Chakravarty

and

Venkata Sai Pavan Madabathula

Electronics 2023, 12(2), 342; https://doi.org/10.3390/electronics12020342 - 09 Jan 2023

Cited by 2 | Viewed by 1012

Abstract

Cyber threat intelligence includes analysis of applications and their metadata for potential threats. Static malware detection of Windows executable files can be done through the analysis of Portable Executable (PE) application file headers. Benchmark datasets are available with PE file attributes; however, there [...] Read more.

Cyber threat intelligence includes analysis of applications and their metadata for potential threats. Static malware detection of Windows executable files can be done through the analysis of Portable Executable (PE) application file headers. Benchmark datasets are available with PE file attributes; however, there is scope for updating the data and also to research novel attribute reduction and performance improvement algorithms. The existing benchmark dataset contains non-PE header attributes, and few ignored attributes. In this work, a critical analysis was conducted to develop a new dataset called SOMLAP (Swarm Optimization and Machine Learning Applied to PE Malware Detection) with a value addition to the existing benchmark dataset. The SOMLAP data contains 51,409 samples that include both benign and malware files, with a total of 108 pure PE file header attributes. Further research was carried out to improve the performance of the Malware Detection System (MDS) by feature minimization using swarm optimization tools, viz., Ant Colony Optimization (ACO), Cuckoo Search Optimization (CSO), and Grey Wolf Optimization (GWO) wrapped with machine learning tools. The dataset was evaluated, and an accuracy of 99.37% with an optimized set of 12 features (ACO) proves the efficiency of the dataset, its attributes, and the algorithms used. Full article

(This article belongs to the Special Issue New Advances and Challenges in Communication Networks)

► Show Figures

Figure 1

Open AccessArticle

Denial of Service Attack Classification Using Machine Learning with Multi-Features

by

Furqan Rustam

,

Muhammad Faheem Mushtaq

,

Ameer Hamza

,

Muhammad Shoaib Farooq

,

Anca Delia Jurcut

and

Imran Ashraf

Electronics 2022, 11(22), 3817; https://doi.org/10.3390/electronics11223817 - 20 Nov 2022

Cited by 2 | Viewed by 1929

Abstract

The exploitation of internet networks through denial of services (DoS) attacks has experienced a continuous surge over the past few years. Despite the development of advanced intrusion detection and protection systems, network security remains a challenging problem and necessitates the development of efficient [...] Read more.

The exploitation of internet networks through denial of services (DoS) attacks has experienced a continuous surge over the past few years. Despite the development of advanced intrusion detection and protection systems, network security remains a challenging problem and necessitates the development of efficient and effective defense mechanisms to detect these threats. This research proposes a machine learning-based framework to detect distributed DOS (DDoS)/DoS attacks. For this purpose, a large dataset containing the network traffic of the application layer is utilized. A novel multi-feature approach is proposed where the principal component analysis (PCA) features and singular value decomposition (SVD) features are combined to obtain higher performance. The validation of the multi-feature approach is determined by extensive experiments using several machine learning models. The performance of machine learning models is evaluated for each class of attack and results are discussed regarding the accuracy, recall, and F1 score, etc., in the context of recent state-of-the-art approaches. Experimental results confirm that using multi-feature increases the performance and RF obtains a 100% accuracy. Full article

(This article belongs to the Special Issue New Advances and Challenges in Communication Networks)

► Show Figures

Figure 1

Open AccessFeature PaperArticle

A New Scheme for Ransomware Classification and Clustering Using Static Features

by

,

,

,

and

Electronics 2022, 11(20), 3307; https://doi.org/10.3390/electronics11203307 - 14 Oct 2022

Cited by 3 | Viewed by 1461

Abstract

Ransomware is a strain of malware that disables access to the user’s resources after infiltrating a victim’s system. Ransomware is one of the most dangerous malware organizations face by blocking data access or publishing private data over the internet. The major challenge of [...] Read more.

Ransomware is a strain of malware that disables access to the user’s resources after infiltrating a victim’s system. Ransomware is one of the most dangerous malware organizations face by blocking data access or publishing private data over the internet. The major challenge of any entity is how to decrypt the files encrypted by ransomware. Ransomware’s binary analysis can provide a means to characterize the relationships between different features used by ransomware families to track the ransomware encryption mechanism routine. In this paper, we compare the different ransomware detection approaches and techniques. We investigate the criteria, parameters, and tools used in the ransomware detection ecosystem. We present the main recommendations and best practices for ransomware mitigation. In addition, we propose an efficient ransomware indexing system that provides search functionalities, similarity checking, sample classification, and clustering. The new system scheme mainly targets native ransomware binaries, and the indexing engine depends on hybrid data from the static analyzer system. Our scheme tracks and classifies ransomware based on static features to find the similarity between different ransomware samples. This is done by calculating the absolute Jaccard index. Results have shown that Import Address Table (IAT) feature can be used to classify different ransomware more accurately than the Strings feature. Full article

(This article belongs to the Special Issue New Advances and Challenges in Communication Networks)

► Show Figures

Figure 1

Open AccessArticle

An Empirical Comparison of Pen-Testing Tools for Detecting Web App Vulnerabilities

by

Marwan Albahar

,

Dhoha Alansari

and

Anca Jurcut

Electronics 2022, 11(19), 2991; https://doi.org/10.3390/electronics11192991 - 21 Sep 2022

Cited by 2 | Viewed by 2145

Abstract

Today, one of the most popular ways organizations use to provide their services, or broadly speaking, interact with their customers, is through web applications. Those applications should be protected and meet all security requirements. Penetration testers need to make sure that the attacker [...] Read more.

Today, one of the most popular ways organizations use to provide their services, or broadly speaking, interact with their customers, is through web applications. Those applications should be protected and meet all security requirements. Penetration testers need to make sure that the attacker cannot find any weaknesses to destroy, exploit, or disclose information on the Web. Therefore, using automated vulnerability assessment tools is the best and easiest part of web application pen-testing, but these tools have strengths and weaknesses. Thus, using the wrong tool may lead to undetected, expected, or known vulnerabilities that may open doors for cyberattacks. This research proposes an empirical comparison of pen-testing tools for detecting web app vulnerabilities using approved standards and methods to facilitate the selection of appropriate tools according to the needs of penetration testers. In addition, we have proposed an enhanced benchmarking framework that combines the latest research into benchmarking and evaluation criteria in addition to new criteria to cover more ground with benchmarking metrics as an enhancement for web penetration testers and penetration testers in real life. In addition, we measure the tool’s abilities using a score-based comparative analysis. Moreover, we conducted simulation tests of both commercial and non-commercial pen-testing tools. The results showed that Burp Suite Professional scored the highest out of the commercial tools, while OWASP ZAP scored the highest out of the non-commercial tools. Full article

(This article belongs to the Special Issue New Advances and Challenges in Communication Networks)

► Show Figures

Figure 1

Open AccessArticle

Active Directory Attacks—Steps, Types, and Signatures

by

Basem Ibrahim Mokhtar

,

Anca D. Jurcut

,

Mahmoud Said ElSayed

and

Marianne A. Azer

Electronics 2022, 11(16), 2629; https://doi.org/10.3390/electronics11162629 - 22 Aug 2022

Viewed by 2649

Abstract

Active Directory Domain is a Microsoft service that allows and facilitates the centralized administration of all workstations and servers in any environment. Due to the wide use and adoption of this service, it has become a target for many attackers. Active Directory attacks [...] Read more.

Active Directory Domain is a Microsoft service that allows and facilitates the centralized administration of all workstations and servers in any environment. Due to the wide use and adoption of this service, it has become a target for many attackers. Active Directory attacks have evolved through years. The attacks target different functions and features provided by Active Directory. In this paper, we provide insights on the criticality, impact, and detection of Active Directory attacks. We review the different Active Directory attacks. We introduce the steps of the Active Directory attack and the Kerberos authentication workflow, which is abused in most attacks to compromise the Active Directory environment. Further, we conduct experiments on two attacks that are based on privilege escalation in order to examine the attack signatures on Windows event logs. The content designed in this paper may serve as a baseline for organizations implementing detection mechanisms for their Active Directory environments. Full article

(This article belongs to the Special Issue New Advances and Challenges in Communication Networks)

► Show Figures

Figure 1

Open AccessArticle

A Review on Autonomous Vehicles: Progress, Methods and Challenges

by

,

,

,

,

,

Gyanendra Prasad Joshi

and

Woong Cho

Electronics 2022, 11(14), 2162; https://doi.org/10.3390/electronics11142162 - 11 Jul 2022

Cited by 23 | Viewed by 8637

Abstract

Vehicular technology has recently gained increasing popularity, and autonomous driving is a hot topic. To achieve safe and reliable intelligent transportation systems, accurate positioning technologies need to be built to factor in the different types of uncertainties such as pedestrian behavior, random objects, [...] Read more.

Vehicular technology has recently gained increasing popularity, and autonomous driving is a hot topic. To achieve safe and reliable intelligent transportation systems, accurate positioning technologies need to be built to factor in the different types of uncertainties such as pedestrian behavior, random objects, and types of roads and their settings. In this work, we look into the other domains and technologies required to build an autonomous vehicle and conduct a relevant literature analysis. In this work, we look into the current state of research and development in environment detection, pedestrian detection, path planning, motion control, and vehicle cybersecurity for autonomous vehicles. We aim to study the different proposed technologies and compare their approaches. For a car to become fully autonomous, these technologies need to be accurate enough to gain public trust and show immense accuracy in their approach to solving these problems. Public trust and perception of auto vehicles are also explored in this paper. By discussing the opportunities as well as the obstacles of autonomous driving technology, we aim to shed light on future possibilities. Full article

(This article belongs to the Special Issue New Advances and Challenges in Communication Networks)

► Show Figures

Figure 1

Open AccessArticle

High Performance Classification Model to Identify Ransomware Payments for Heterogeneous Bitcoin Networks

by

Qasem Abu Al-Haija

and

Abdulaziz A. Alsulami

Electronics 2021, 10(17), 2113; https://doi.org/10.3390/electronics10172113 - 31 Aug 2021

Cited by 16 | Viewed by 2723

Abstract

The Bitcoin cryptocurrency is a worldwide prevalent virtualized digital currency conceptualized in 2008 as a distributed transactions system. Bitcoin transactions make use of peer-to-peer network nodes without a third-party intermediary, and the transactions can be verified by the node. Although Bitcoin networks have [...] Read more.

The Bitcoin cryptocurrency is a worldwide prevalent virtualized digital currency conceptualized in 2008 as a distributed transactions system. Bitcoin transactions make use of peer-to-peer network nodes without a third-party intermediary, and the transactions can be verified by the node. Although Bitcoin networks have exhibited high efficiency in the financial transaction systems, their payment transactions are vulnerable to several ransomware attacks. For that reason, investigators have been working on developing ransomware payment identification techniques for bitcoin transactions’ networks to prevent such harmful cyberattacks. In this paper, we propose a high performance Bitcoin transaction predictive system that investigates the Bitcoin payment transactions to learn data patterns that can recognize and classify ransomware payments for heterogeneous bitcoin networks. Specifically, our system makes use of two supervised machine learning methods to learn the distinguishing patterns in Bitcoin payment transactions, namely, shallow neural networks (SNN) and optimizable decision trees (ODT). To validate the effectiveness of our solution approach, we evaluate our machine learning based predictive models on a recent Bitcoin transactions dataset in terms of classification accuracy as a key performance indicator and other key evaluation metrics such as the confusion matrix, positive predictive value, true positive rate, and the corresponding prediction errors. As a result, our superlative experimental result was registered to the model-based decision trees scoring 99.9% and 99.4% classification detection (two-class classifier) and accuracy (multiclass classifier), respectively. Hence, the obtained model accuracy results are superior as they surpassed many state-of-the-art models developed to identify ransomware payments in bitcoin transactions. Full article

(This article belongs to the Special Issue New Advances and Challenges in Communication Networks)

► Show Figures

Figure 1

Open AccessArticle

Derogation of Physical Layer Security Breaches in Maturing Heterogeneous Optical Networks

by

Ammar Armghan

Electronics 2021, 10(16), 2021; https://doi.org/10.3390/electronics10162021 - 21 Aug 2021

Viewed by 1254

Abstract

The evolution journey of optical network (ON) towards heterogeneous and flexible frameworks with high order of applications is continued from the last decade. Furthermore, the prominence of optical security, amount of transmitted data, bandwidth, and dependable presentation are heightened. The performance of ON [...] Read more.

The evolution journey of optical network (ON) towards heterogeneous and flexible frameworks with high order of applications is continued from the last decade. Furthermore, the prominence of optical security, amount of transmitted data, bandwidth, and dependable presentation are heightened. The performance of ON is degraded in view of various natures of attacks at the physical layer, such as service disrupting and access to carrier data. In order to deal with such security breaches, new and efficient ON must be identified. So, this paper elaborates a detailed structure on physical layer security for heterogeneous ON. Possible mechanisms, such as Elliptic-curve Diffie–Hellman (ECDH), are used to treat a physical layer attack, and an efficient framework is proposed in this paper for 64 quadrature amplitude modulation-based orthogonal frequency division multiplex (64QAM-OFDM) ONs. Finally, theoretical and simulation validations are presented, and the effective results of the proposed method and viewpoint are concluded. Full article

(This article belongs to the Special Issue New Advances and Challenges in Communication Networks)

► Show Figures

Figure 1

Review

Jump to: Research

Open AccessReview

On the Dependability of 6G Networks

by

,

,

and

Electronics 2023, 12(6), 1472; https://doi.org/10.3390/electronics12061472 - 20 Mar 2023

Viewed by 805

Abstract

Sixth-generation communication networks must be highly dependable due to the foreseen connectivity of critical infrastructures through them. Dependability is a compound metric of four well-known concepts—reliability, availability, safety, and security. Each of these concepts have unique consequences for the success of 6G technologies [...] Read more.

Sixth-generation communication networks must be highly dependable due to the foreseen connectivity of critical infrastructures through them. Dependability is a compound metric of four well-known concepts—reliability, availability, safety, and security. Each of these concepts have unique consequences for the success of 6G technologies and applications. Using these concepts, we explore the dependability of 6G networks in this article. Due to the vital role of machine learning in 6G, the dependability of federated learning, as a distributed machine learning technique, has been studied. Since mission-critical applications (MCAs) are highly sensitive in nature, needing highly dependable connectivity, the dependability of MCAs in 6G is explored. Henceforth, this article provides important research directions to promote further research in strengthening the dependability of 6G networks. Full article

(This article belongs to the Special Issue New Advances and Challenges in Communication Networks)

► Show Figures