Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
5.8
3.1
Journals
Information
Special Issues
Advances in Cybersecurity and Reliability
share announcement

Advances in Cybersecurity and Reliability

A special issue of Information (ISSN 2078-2489). This special issue belongs to the section "Information Security and Privacy".

Deadline for manuscript submissions: closed (20 January 2024) | Viewed by 30063

Special Issue Editors

Dr. Moutaz Alazab

E-Mail Website
Guest Editor
Faculty of Artificial Intelligence, Al-Balqa Applied University, Al-Salt 19117, Jordan
Interests: cybersecurity; malware analysis; data and network security artificial intelligence; mobile security; IoT security; cloud security
Dr. Ammar Alazab

E-Mail Website
Guest Editor
School of IT, Melbourne Institute of Technology, Melbourne, VIC 3000, Australia
Interests: cybercrime and cyber security; network security; data science; digital forensics; machine learning and data mining; mobile computing; cloud computing; IoT security
Special Issues, Collections and Topics in MDPI journals

Special Issue Information

Dear Colleagues,

The financial loss caused to individuals and businesses has increased dramatically, causing millions of users to have financial and data loss every year. With the dramatic growth in the number of sophisticated attacks, it is critical that both governments and private sectors constantly enhance their detection strategies and validate the sufficiency of their efforts. This Special Issue aims to discuss recent approaches for solving problems related to the current countermeasures and development of innovative solutions and techniques to stand against cyberattacks, recent digital forensics strategies, and the design of secure computer communications using cryptography to ascertain that business and law enforcement agencies are aware of security breaches and to mitigate against advanced cyberattacks.

We encourage original submissions that either consider the characteristics of cybersecurity, cybercrime or propose innovative solutions to real-world scenarios. In particular, we encourage the submission of the articles offering research results, experimental solutions, and case studies and describe the current state of the art of cybersecurity. The submitted articles must discuss innovative research which has not been published nor is currently under review by other journals, conferences or books. Editors will make an initial assessment of the contributions, originality, and scope of all submissions. Papers that either lack originality and clarity in presentation or fall outside the scope of the Special Issue will not be sent for review, and authors will be swiftly contacted in such cases.

Dr. Moutaz Alazab
Dr. Ammar Alazab
Guest Editors

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Information is an international peer-reviewed open access monthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 1600 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • blockchain
  • cloud security
  • computer forensics
  • cyber warfare
  • cybercrime and digital laws
  • data analytics
  • data pre-processing
  • data security and privacy
  • deep learning
  • evolutionary computing
  • information retrieval
  • intelligent systems
  • IoT security
  • machine and deep learning
  • malware analysis
  • predictive analysis
  • security and privacy
  • terrorism and the internet
  • threat profiling

Published Papers (10 papers)

Download All Papers
Order results
Result details
Show export options expand_more Show export options expand_less
Select all
Export citation of selected articles as:

Research

Jump to: Review

19 pages, 336 KiB  
Article
Automated Mapping of Common Vulnerabilities and Exposures to MITRE ATT&CK Tactics
by Ioana Branescu, Octavian Grigorescu and Mihai Dascalu
Information 2024, 15(4), 214; https://doi.org/10.3390/info15040214 - 10 Apr 2024
Viewed by 501
Abstract
Effectively understanding and categorizing vulnerabilities is vital in the ever-evolving cybersecurity landscape, since only one exposure can have a devastating effect on the entire system. Given the increasingly massive number of threats and the size of modern infrastructures, the need for structured, uniform [...] Read more.
Effectively understanding and categorizing vulnerabilities is vital in the ever-evolving cybersecurity landscape, since only one exposure can have a devastating effect on the entire system. Given the increasingly massive number of threats and the size of modern infrastructures, the need for structured, uniform cybersecurity knowledge systems arose. To tackle this challenge, the MITRE Corporation set up two powerful sources of cyber threat and vulnerability information, namely the Common Vulnerabilities and Exposures (CVEs) list focused on identifying and fixing software vulnerabilities, and the MITRE ATT&CK Enterprise Matrix, which is a framework for defining and categorizing adversary actions and ways to defend against them. At the moment, the two are not directly linked, even if such a link would have a significant positive impact on the cybersecurity community. This study aims to automatically map CVEs to the corresponding 14 MITRE ATT&CK tactics using state-of-the-art transformer-based models. Various architectures, from encoders to generative large-scale models, are employed to tackle this multilabel classification problem. Our results are promising, with a SecRoBERTa model performing best with an F1 score of 77.81%, which is closely followed by SecBERT (78.77%), CyBERT (78.54%), and TARS (78.01%), while GPT-4 showed a weak performance in zero-shot settings (22.04%). In addition, we perform an in-depth error analysis to better understand the models’ performance and limitations. We release the code used for all experiments as open source. Full article
(This article belongs to the Special Issue Advances in Cybersecurity and Reliability)
Show Figures

Figure 1

22 pages, 1370 KiB  
Article
Countermeasure Strategies to Address Cybersecurity Challenges Amidst Major Crises in the Higher Education and Research Sector: An Organisational Learning Perspective
by Samreen Mahmood, Mehmood Chadhar and Selena Firmin
Information 2024, 15(2), 106; https://doi.org/10.3390/info15020106 - 09 Feb 2024
Viewed by 1322
Abstract
Purpose: The purpose of this research paper was to analyse the counterstrategies to mitigate cybersecurity challenges using organisational learning loops amidst major crises in the Higher Education and Research Sector (HERS). The authors proposed the learning loop framework revealing several counterstrategies to mitigate [...] Read more.
Purpose: The purpose of this research paper was to analyse the counterstrategies to mitigate cybersecurity challenges using organisational learning loops amidst major crises in the Higher Education and Research Sector (HERS). The authors proposed the learning loop framework revealing several counterstrategies to mitigate cybersecurity issues in HERS. The counterstrategies are explored, and their implications for research and practice are discussed. Methodology: The qualitative methodology was adopted, and semi-structured interviews with cybersecurity experts and top managers were conducted. Results: This exploratory paper proposed the learning loop framework revealing introducing new policies and procedures, changing existing systems, partnership with other companies, integrating new software, improving employee learning, enhancing security, and monitoring and evaluating security measures as significant counterstrategies to ensure the cyber-safe working environment in HERS. These counterstrategies will help to tackle cybersecurity in HERS, not only during the current major crisis but also in the future. Implications: The outcomes provide insightful implications for both theory and practice. This study proposes a learning framework that prioritises counterstrategies to mitigate cybersecurity challenges in HERS amidst a major crisis. The proposed model can help HERS be more efficient in mitigating cybersecurity issues in future crises. The counterstrategies can also be tested, adopted, and implemented by practitioners working in other sectors to mitigate cybersecurity issues during and after major crises. Future research can focus on addressing the shortcomings and limitations of the proposed learning framework adopted by HERS. Full article
(This article belongs to the Special Issue Advances in Cybersecurity and Reliability)
Show Figures

Figure 1

26 pages, 2875 KiB  
Article
Identifying Malware Packers through Multilayer Feature Engineering in Static Analysis
by Ehab Alkhateeb, Ali Ghorbani and Arash Habibi Lashkari
Information 2024, 15(2), 102; https://doi.org/10.3390/info15020102 - 09 Feb 2024
Viewed by 1447
Abstract
This research addresses a critical need in the ongoing battle against malware, particularly in the form of obfuscated malware, which presents a formidable challenge in the realm of cybersecurity. Developing effective antivirus (AV) solutions capable of combating packed malware remains a crucial endeavor. [...] Read more.
This research addresses a critical need in the ongoing battle against malware, particularly in the form of obfuscated malware, which presents a formidable challenge in the realm of cybersecurity. Developing effective antivirus (AV) solutions capable of combating packed malware remains a crucial endeavor. Packed malicious programs employ encryption and advanced techniques to obfuscate their payloads, rendering them elusive to AV scanners and security analysts. The introduced research presents an innovative malware packer classifier specifically designed to adeptly identify packer families and detect unknown packers in real-world scenarios. To fortify packer identification performance, we have curated a meticulously crafted dataset comprising precisely packed samples, enabling comprehensive training and validation. Our approach employs a sophisticated feature engineering methodology, encompassing multiple layers of analysis to extract salient features used as input to the classifier. The proposed packer identifier demonstrates remarkable accuracy in distinguishing between known and unknown packers, while also ensuring operational efficiency. The results reveal an impressive accuracy rate of 99.60% in identifying known packers and 91% accuracy in detecting unknown packers. This novel research not only significantly advances the field of malware detection but also equips both cybersecurity practitioners and AV engines with a robust tool to effectively counter the persistent threat of packed malware. Full article
(This article belongs to the Special Issue Advances in Cybersecurity and Reliability)
Show Figures

Figure 1

33 pages, 2722 KiB  
Article
Industry 4.0 Innovation: A Systematic Literature Review on the Role of Blockchain Technology in Creating Smart and Sustainable Manufacturing Facilities
by Moutaz Alazab and Salah Alhyari
Information 2024, 15(2), 78; https://doi.org/10.3390/info15020078 - 31 Jan 2024
Cited by 2 | Viewed by 1261
Abstract
Industry 4.0 has revolutionized manufacturing processes and facilities through the creation of smart and sustainable production facilities. Blockchain technology (BCT) has emerged as an invaluable asset within Industrial Revolution 4.0 (IR4.0), offering increased transparency, security, and traceability across supply chains. This systematic literature [...] Read more.
Industry 4.0 has revolutionized manufacturing processes and facilities through the creation of smart and sustainable production facilities. Blockchain technology (BCT) has emerged as an invaluable asset within Industrial Revolution 4.0 (IR4.0), offering increased transparency, security, and traceability across supply chains. This systematic literature review explores the role of BCT in creating smart and sustainable manufacturing facilities, while exploring its implications for supply chain management (SCM). Through a detailed examination of 82 research articles, this review highlights three areas where BCT can have a dramatic effect on smart and sustainable manufacturing: firstly, BCT can promote green production methods by supporting efficient resource use, waste reduction strategies and eco-friendly production methods; and secondly, it allows companies to implement smart and eco-friendly manufacturing practices through BCT solutions. BCT promotes intelligent manufacturing systems by facilitating real-time data sharing, predictive maintenance, and automated decision-making. Furthermore, BCT strengthens SCM by increasing visibility, traceability, and collaboration between partners of SC operations. The review also highlights the potential limitations of BCT, such as scalability challenges and the need for standardized protocols. Future research should focus on addressing these limitations and further exploring the potential of BCT in IR4.0. Full article
(This article belongs to the Special Issue Advances in Cybersecurity and Reliability)
Show Figures

Figure 1

20 pages, 15885 KiB  
Article
CapGAN: Text-to-Image Synthesis Using Capsule GANs
by Maryam Omar, Hafeez Ur Rehman, Omar Bin Samin, Moutaz Alazab, Gianfranco Politano and Alfredo Benso
Information 2023, 14(10), 552; https://doi.org/10.3390/info14100552 - 09 Oct 2023
Viewed by 2164
Abstract
Text-to-image synthesis is one of the most critical and challenging problems of generative modeling. It is of substantial importance in the area of automatic learning, especially for image creation, modification, analysis and optimization. A number of works have been proposed in the past [...] Read more.
Text-to-image synthesis is one of the most critical and challenging problems of generative modeling. It is of substantial importance in the area of automatic learning, especially for image creation, modification, analysis and optimization. A number of works have been proposed in the past to achieve this goal; however, current methods still lack scene understanding, especially when it comes to synthesizing coherent structures in complex scenes. In this work, we propose a model called CapGAN, to synthesize images from a given single text statement to resolve the problem of global coherent structures in complex scenes. For this purpose, skip-thought vectors are used to encode the given text into vector representation. This encoded vector is used as an input for image synthesis using an adversarial process, in which two models are trained simultaneously, namely: generator (G) and discriminator (D). The model G generates fake images, while the model D tries to predict what the sample is from training data rather than generated by G. The conceptual novelty of this work lies in the integrating capsules at the discriminator level to make the model understand the orientational and relative spatial relationship between different entities of an object in an image. The inception score (IS) along with the Fréchet inception distance (FID) are used as quantitative evaluation metrics for CapGAN. IS recorded for images generated using CapGAN is 4.05 ± 0.050, which is around 34% higher than images synthesized using traditional GANs, whereas the FID score calculated for synthesized images using CapGAN is 44.38, which is ab almost 9% improvement from the previous state-of-the-art models. The experimental results clearly demonstrate the effectiveness of the proposed CapGAN model, which is exceptionally proficient in generating images with complex scenes. Full article
(This article belongs to the Special Issue Advances in Cybersecurity and Reliability)
Show Figures

Figure 1

19 pages, 5043 KiB  
Article
A Deep Learning Methodology for Predicting Cybersecurity Attacks on the Internet of Things
by Omar Azib Alkhudaydi, Moez Krichen and Ans D. Alghamdi
Information 2023, 14(10), 550; https://doi.org/10.3390/info14100550 - 07 Oct 2023
Cited by 3 | Viewed by 3043
Abstract
With the increasing severity and frequency of cyberattacks, the rapid expansion of smart objects intensifies cybersecurity threats. The vast communication traffic data between Internet of Things (IoT) devices presents a considerable challenge in defending these devices from potential security breaches, further exacerbated by [...] Read more.
With the increasing severity and frequency of cyberattacks, the rapid expansion of smart objects intensifies cybersecurity threats. The vast communication traffic data between Internet of Things (IoT) devices presents a considerable challenge in defending these devices from potential security breaches, further exacerbated by the presence of unbalanced network traffic data. AI technologies, especially machine and deep learning, have shown promise in detecting and addressing these security threats targeting IoT networks. In this study, we initially leverage machine and deep learning algorithms for the precise extraction of essential features from a realistic-network-traffic BoT-IoT dataset. Subsequently, we assess the efficacy of ten distinct machine learning models in detecting malware. Our analysis includes two single classifiers (KNN and SVM), eight ensemble classifiers (e.g., Random Forest, Extra Trees, AdaBoost, LGBM), and four deep learning architectures (LSTM, GRU, RNN). We also evaluate the performance enhancement of these models when integrated with the SMOTE (Synthetic Minority Over-sampling Technique) algorithm to counteract imbalanced data. Notably, the CatBoost and XGBoost classifiers achieved remarkable accuracy rates of 98.19% and 98.50%, respectively. Our findings offer insights into the potential of the ML and DL techniques, in conjunction with balancing algorithms such as SMOTE, to effectively identify IoT network intrusions. Full article
(This article belongs to the Special Issue Advances in Cybersecurity and Reliability)
Show Figures

Figure 1

20 pages, 4722 KiB  
Article
Enhancing Organizational Data Security on Employee-Connected Devices Using BYOD Policy
by Manal Rajeh AlShalaan and Suliman Mohamed Fati
Information 2023, 14(5), 275; https://doi.org/10.3390/info14050275 - 05 May 2023
Viewed by 1874
Abstract
To address a business need, most organizations allow employees to use their own devices to enhance productivity and job satisfaction. For this purpose, the Bring Your Own Device (BYOD) policy provides controllable access for employees to organize data through their personal devices. Although [...] Read more.
To address a business need, most organizations allow employees to use their own devices to enhance productivity and job satisfaction. For this purpose, the Bring Your Own Device (BYOD) policy provides controllable access for employees to organize data through their personal devices. Although the BYOD practice implies plenty of advantages, this also opens the door to a variety of security risks. This study investigates these security risks and proposes a complementary encryption approach with a digital signature that uses symmetric and asymmetric algorithms, depending on the organization’s digital certificate, to secure sensitive information stored in employees’ devices within the framework of BYOD policies. The method uses Advanced Encryption System (AES), Blowfish, RSA and ElGamal with a digital signature to achieve strong encryption and address critical security considerations such as user authentication, confidentiality and data integrity. The proposed encryption approach offers a robust and effective cryptographic solution for securing sensitive information in organizational settings that involve BYOD policies. The study includes experimental results demonstrating the proposed approach’s efficiency and performance, with reasonable encryption and decryption times for different key and file sizes. The results of the study revealed that AES and Blowfish have the best execution time. AES has a good balance of security and performance. RSA performs better than ElGamal in encryption and signature verification, while RSA is slower than ElGamal in decryption. The study also provides a comparative analysis with previous studies of the four encryption algorithms, highlighting the strengths and weaknesses of each approach. Full article
(This article belongs to the Special Issue Advances in Cybersecurity and Reliability)
Show Figures

Figure 1

20 pages, 736 KiB  
Article
A Multi-Key with Partially Homomorphic Encryption Scheme for Low-End Devices Ensuring Data Integrity
by Saci Medileh, Abdelkader Laouid, Mohammad Hammoudeh, Mostefa Kara, Tarek Bejaoui, Amna Eleyan and Mohammed Al-Khalidi
Information 2023, 14(5), 263; https://doi.org/10.3390/info14050263 - 28 Apr 2023
Cited by 3 | Viewed by 2220
Abstract
In today’s hyperconnected world, the Internet of Things and Cloud Computing complement each other in several areas. Cloud Computing provides IoT systems with an efficient and flexible environment that supports application requirements such as real-time control/monitoring, scalability, fault tolerance, and numerous security services. [...] Read more.
In today’s hyperconnected world, the Internet of Things and Cloud Computing complement each other in several areas. Cloud Computing provides IoT systems with an efficient and flexible environment that supports application requirements such as real-time control/monitoring, scalability, fault tolerance, and numerous security services. Hardware and software limitations of IoT devices can be mitigated using the massive on-demand cloud resources. However, IoT cloud-based solutions pose some security and privacy concerns, specifically when an untrusted cloud is used. This calls for strong encryption schemes that allow operations on data in an encrypted format without compromising the encryption. This paper presents an asymmetric multi-key and partially homomorphic encryption scheme. The scheme provides the addition operation by encrypting each decimal digit of the given integer number separately using a special key. In addition, data integrity processes are performed when an untrusted third party performs homomorphic operations on encrypted data. The proposed work considers the most widely known issues like the encrypted data size, slow operations at the hardware level, and high computing costs at the provider level. The size of generated ciphertext is almost equal to the size of the plaintext, and order-preserving is ensured using an asymmetrical encryption version. Full article
(This article belongs to the Special Issue Advances in Cybersecurity and Reliability)
Show Figures

Figure 1

Review

Jump to: Research

19 pages, 1197 KiB  
Review
Usable Security: A Systematic Literature Review
by Francesco Di Nocera, Giorgia Tempestini and Matteo Orsini
Information 2023, 14(12), 641; https://doi.org/10.3390/info14120641 - 30 Nov 2023
Viewed by 2442
Abstract
Usable security involves designing security measures that accommodate users’ needs and behaviors. Balancing usability and security poses challenges: the more secure the systems, the less usable they will be. On the contrary, more usable systems will be less secure. Numerous studies have addressed [...] Read more.
Usable security involves designing security measures that accommodate users’ needs and behaviors. Balancing usability and security poses challenges: the more secure the systems, the less usable they will be. On the contrary, more usable systems will be less secure. Numerous studies have addressed this balance. These studies, spanning psychology and computer science/engineering, contribute diverse perspectives, necessitating a systematic review to understand strategies and findings in this area. This systematic literature review examined articles on usable security from 2005 to 2022. A total of 55 research studies were selected after evaluation. The studies have been broadly categorized into four main clusters, each addressing different aspects: (1) usability of authentication methods, (2) helping security developers improve usability, (3) design strategies for influencing user security behavior, and (4) formal models for usable security evaluation. Based on this review, we report that the field’s current state reveals a certain immaturity, with studies tending toward system comparisons rather than establishing robust design guidelines based on a thorough analysis of user behavior. A common theoretical and methodological background is one of the main areas for improvement in this area of research. Moreover, the absence of requirements for Usable security in almost all development contexts greatly discourages implementing good practices since the earlier stages of development. Full article
(This article belongs to the Special Issue Advances in Cybersecurity and Reliability)
Show Figures

Figure 1

23 pages, 431 KiB  
Review
A Comprehensive Study of ChatGPT: Advancements, Limitations, and Ethical Considerations in Natural Language Processing and Cybersecurity
by Moatsum Alawida, Sami Mejri, Abid Mehmood, Belkacem Chikhaoui and Oludare Isaac Abiodun
Information 2023, 14(8), 462; https://doi.org/10.3390/info14080462 - 16 Aug 2023
Cited by 13 | Viewed by 11937
Abstract
This paper presents an in-depth study of ChatGPT, a state-of-the-art language model that is revolutionizing generative text. We provide a comprehensive analysis of its architecture, training data, and evaluation metrics and explore its advancements and enhancements over time. Additionally, we examine the capabilities [...] Read more.
This paper presents an in-depth study of ChatGPT, a state-of-the-art language model that is revolutionizing generative text. We provide a comprehensive analysis of its architecture, training data, and evaluation metrics and explore its advancements and enhancements over time. Additionally, we examine the capabilities and limitations of ChatGPT in natural language processing (NLP) tasks, including language translation, text summarization, and dialogue generation. Furthermore, we compare ChatGPT to other language generation models and discuss its applicability in various tasks. Our study also addresses the ethical and privacy considerations associated with ChatGPT and provides insights into mitigation strategies. Moreover, we investigate the role of ChatGPT in cyberattacks, highlighting potential security risks. Lastly, we showcase the diverse applications of ChatGPT in different industries and evaluate its performance across languages and domains. This paper offers a comprehensive exploration of ChatGPT’s impact on the NLP field. Full article
(This article belongs to the Special Issue Advances in Cybersecurity and Reliability)
Show Figures

Figure 1

Show export options expand_more Show export options expand_less
Select all
Export citation of selected articles as:
 
Displaying articles 1-10
Back to TopTop