Search Results (97)

Advanced Persistent Threat (APT) attacks pose a serious challenge to traditional detection methods. These methods often suffer from high false-alarm rates and limited accuracy due to the multi-stage and covert nature of APT attacks. In this paper, we propose TSE-APT, a time-series ensemble model that addresses these two limitations. It combines multiple machine-learning models, such as Random Forest (RF), Multi-Layer Perceptron (MLP), and Bidirectional Long Short-Term Memory Network (BiLSTM) models, to dynamically capture correlations between multiple stages of the attack process based on time-series features. It discovers hidden features through the integration of multiple machine-learning models to significantly improve the accuracy and robustness of APT detection. First, we extract a collection of dynamic time-series features such as traffic mean, flow duration, and flag frequency. We fuse them with static contextual features, including the port service matrix and protocol type distribution, to effectively capture the multi-stage behaviors of APT attacks. Then, we utilize an ensemble-learning model with a dynamic weight-allocation mechanism using a self-attention network to adaptively adjust the sub-model contribution. The experiments showed that using time-series feature fusion significantly enhanced the detection performance. The RF, MLP, and BiLSTM models achieved 96.7% accuracy, considerably enhancing recall and the false positive rate. The adaptive mechanism optimizes the model’s performance and reduces false-alarm rates. This study provides an analytical method for APT attack detection, considering both temporal dynamics and context static characteristics, and provides new ideas for security protection in complex networks. Full article

The covert nature of DNS covert channels makes them a widely utilized method for data exfiltration by malicious attackers. In response to this challenge, the present study proposes a detection methodology for DNS covert channels that employs a Deep Boltzmann Machine with Enhanced Security (DBM-ENSec). This approach entails the creation of a dataset through the collection of malicious traffic associated with various DNS covert channel attacks. Time-dependent grouping features are excluded, and feature optimization is conducted on individual traffic data through feature selection and normalization to minimize redundancy, enhancing the differentiation and stability of the features. The result of this process is the extraction of 23-dimensional features for each DNS packet. The extracted features are converted to gray scale images to improve the interpretability of the model and then fed into an improved Deep Boltzmann Machine for further optimization. The optimized features are then processed by an ensemble of classifiers (including Random Forest, XGBoost, LightGBM, and CatBoost) for detection purposes. Experimental results show that the proposed method achieves 99.92% accuracy in detecting DNS covert channels, with a validation accuracy of up to 98.52% on publicly available datasets. Full article

Steganography has long served as a powerful tool for covert communication, particularly through image-based techniques that embed secret information within innocuous cover images. With the increasing adoption of deep learning, researchers have sought more secure and efficient methods for image steganography. This study builds upon and extends the DeepWaveletFusion approach by integrating convolutional neural networks (CNNs) with the discrete wavelet transform (DWT) to enhance both embedding and recovery performance. The proposed method, DeepWaveletFusionToo, is a lightweight architecture that employs a custom-built DWT image dataset and leverages the mean squared error (MSE) loss function during training, significantly reducing model complexity and computational cost. Experimental results demonstrate that DeepWaveletFusionToo achieves improved imperceptibility compared to its predecessor and delivers competitive recovery accuracy over existing deep learning-based steganographic techniques, establishing its simplicity and effectiveness. Full article

The massive use of end information in the end hopping system not only significantly improves the proactive defense capability but also reveals great potential for covert communication. However, the development of existing network covert channels is hindered by various elimination techniques and a lack of robustness guarantees. In this paper, we first present a novel network covert channel model based on end spreading (CCES) in the end hopping system. We then propose a CCES-based scheme using m-sequence in the hypothetical scenario and theoretically analyze its characteristics, including eavesdropping resistance, loss tolerance, and robust synchronization. To evaluate the performance of the CCES scheme, three evaluation metrics are adopted: non-detectability, robustness, and transmission efficiency. Experimental results show that CCES achieves a bit error rate (BER) below 5% under 30% packet loss, entropy values ranging from 0.15 to 0.82 (comparable to normal traffic), and a transmission efficiency of up to 800 bits per second. These results confirm the CCES scheme’s strong robustness and practical applicability, outperforming traditional covert channels in both reliability and stealth. Full article

This paper addresses the optimization problem for mobile jamming assistance schemes in cognitive covert communication (CR-CC), where cognitive users adopt the underlying mode for spectrum access, while an unmanned aerial vehicle (UAV) transmits the same-frequency noise signals to interfere with eavesdroppers. Leveraging the inherent dynamic game-theoretic characteristics of covert communication (CC) systems, we propose a novel covert communication optimization algorithm based on generative adversarial networks (GAN-CCs) to achieve system-wide optimization under the constraint of maximum detection error probability. In GAN-CC, the generator simulates legitimate users to generate UAV interference assistance schemes, while the discriminator simulates the optimal signal detection of eavesdroppers. Through the alternating iterative optimization of these two components, the dynamic game process in CC is simulated, ultimately achieving the Nash equilibrium. The numerical results show that, compared with the commonly used multi-objective optimization algorithm or nonlinear programming algorithm at present, this algorithm exhibits faster and more stable convergence, enabling the derivation of optimal mobile interference assistance schemes for cognitive CC systems. Full article

Advanced persistent threat (APT) attacks present significant challenges to cybersecurity due to their covert nature, high complexity, and ability to operate across multiple temporal and spatial scales. Existing detection techniques often struggle with issues like class imbalance, insufficient feature extraction, and the inability to capture complex attack dependencies. To address these limitations, we propose a dual-phase framework for APT detection, combining multi-feature-conditioned generative adversarial networks (MF-CGANs) for data reconstruction and a multi-scale convolution and channel attention-enhanced graph convolutional network (MC-GCN) for improved attack detection. The MF-CGAN model generates minority-class samples to resolve the class imbalance problem, while MC-GCN leverages advanced feature extraction and graph convolution to better model the intricate relationships within network traffic data. Experimental results show that the proposed framework achieves significant improvements over baseline models. Specifically, MC-GCN outperforms traditional CNN-based IDS models, with accuracy, precision, recall, and F1-score improvements ranging from 0.47% to 13.41%. The MC-GCN model achieves an accuracy of 99.87%, surpassing CNN (86.46%) and GCN (99.24%), while also exhibiting high precision (99.87%) and recall (99.88%). These results highlight the proposed model’s superior ability to handle class imbalance and capture complex attack behaviors, establishing it as a leading approach for APT detection. Full article

Image steganography is a research field that focuses on covert storage and transmission technologies. However, current image hiding methods based on invertible neural networks (INNs) have limitations in extracting image features. Additionally, after experiencing the complex noise environment in the actual transmission channel, the quality of the recovered secret image drops significantly. The robustness of image steganography remains to be enhanced. To address the above challenges, this paper proposes a Mamba-based Robust Invertible Network (MRIN). Firstly, in order to fully utilize the global features of the image and improve the image quality, we adopted an innovative affine module, VMamba. Additionally, to enhance the robustness against joint attacks, we introduced an innovative multimodal adversarial training strategy, integrating fidelity constraints, adversarial games, and noise resistance into a composite optimization framework. Finally, our method achieved a maximum PSNR value of 50.29 dB and an SSIM value of 0.996 on multiple datasets (DIV2K, COCO, ImageNet). The PSNR of the recovered image under resolution scaling (0.5×) was 31.6 dB, which was 11.3% higher than with other methods. These results show that our method outperforms other current state-of-the-art (SOTA) image steganography techniques in terms of robustness on different datasets. Full article

The exponential growth of interconnected devices in the Internet of Things (IoT) has raised significant concerns about data security, especially when transmitting sensitive information over wireless channels. Traditional encryption techniques often fail to meet the energy and processing constraints of resource-limited IoT devices. This paper proposes a novel hybrid security framework that integrates chaotic encryption and steganography to enhance confidentiality, integrity, and resilience in audio communication. Chaotic systems generate unpredictable keys for strong encryption, while steganography conceals the existence of sensitive data within audio signals, adding a covert layer of protection. The proposed approach is evaluated within an Orthogonal Frequency Division Multiplexing (OFDM)-based wireless communication system, widely recognized for its robustness against interference and channel impairments. By combining secure encryption with a practical transmission scheme, this work demonstrates the effectiveness of the proposed hybrid method in realistic IoT environments, achieving high performance in terms of signal integrity, security, and resistance to noise. Simulation results indicate that the OFDM system incorporating chaotic algorithm modes alongside steganography outperforms the chaotic algorithm alone, particularly at higher Eb/No values. Notably, with DCT-OFDM, the chaotic-CFB based on steganography algorithm achieves a performance gain of approximately 30 dB compared to FFT-OFDM and DWT-based systems at Eb/No = 8 dB. These findings suggest that steganography plays a crucial role in enhancing secure transmission, offering greater signal deviation, reduced correlation, a more uniform histogram, and increased resistance to noise, especially in high BER scenarios. This highlights the potential of hybrid cryptographic-steganographic methods in safeguarding sensitive audio information within IoT networks and provides a foundation for future advancements in secure IoT communication systems. Full article

Image steganalysis detects hidden information in digital images by identifying statistical anomalies, serving as a forensic tool to reveal potential covert communication. The field of deep learning-based image steganography has relatively scarce effective steganalysis methods, particularly those designed to extract hidden information. This paper introduces an innovative image steganalysis method based on generative adaptive Gabor residual networks with density-peak guidance (SG-ResNet). SG-ResNet employs a dual-stream collaborative architecture to achieve precise detection and reconstruction of steganographic information. The classification subnet utilizes dual-frequency adaptive Gabor convolutional kernels to decouple high-frequency texture and low-frequency contour components in images. It combines a density peak clustering with three quantization and transformation-enhanced convolutional blocks to generate steganographic covariance matrices, enhancing the weak steganographic signals. The reconstruction subnet synchronously constructs multi-scale features, preserves steganographic spatial fingerprints with channel-separated residual spatial rich model and pixel reorganization operators, and achieves sub-pixel-level steganographic localization via iterative optimization mechanism of feedback residual modules. Experimental results obtained with datasets generated by several public steganography algorithms demonstrate that SG-ResNet achieves State-of-the-Art results in terms of detection accuracy, with 0.94, and with a PSNR of 29 between reconstructed and original secret images. Full article

Advanced Persistent Threat (APT) refers to a highly targeted, sophisticated, and prolonged form of cyberattack, typically directed at specific organizations or individuals. The primary objective of such attacks is the theft of sensitive information or the disruption of critical operations. APT attacks are characterized by their stealth and complexity, often resulting in significant economic losses. Furthermore, these attacks may lead to intelligence breaches, operational interruptions, and even jeopardize national security and political stability. Given the covert nature and extended durations of APT attacks, current detection solutions encounter challenges such as high detection difficulty and insufficient accuracy. To address these limitations, this paper proposes an innovative high-accuracy APT attack detection model, CNN-KOA-BiGRU, which integrates Convolutional Neural Networks (CNN), Bidirectional Gated Recurrent Units (BiGRU), and the Kepler optimization algorithm (KOA). The model first utilizes CNN to extract spatial features from network traffic data, followed by the application of BiGRU to capture temporal dependencies and long-term memory, thereby forming comprehensive temporal features. Simultaneously, the Kepler optimization algorithm is employed to optimize the BiGRU network structure, achieving globally optimal feature weights and enhancing detection accuracy. Additionally, this study employs a combination of sampling techniques, including Synthetic Minority Over-sampling Technique (SMOTE) and Tomek links, to mitigate classification bias caused by dataset imbalance. Evaluation results on the CSE-CIC-IDS2018 experimental dataset demonstrate that the CNN-KOA-BiGRU model achieves superior performance in detecting APT attacks, with an average accuracy of 98.68%. This surpasses existing methods, including CNN (93.01%), CNN-BiGRU (97.77%), and Graph Convolutional Network (GCN) (95.96%) on the same dataset. Specifically, the proposed model demonstrates an accuracy improvement of 5.67% over CNN, 0.91% over CNN-BiGRU, and 2.72% over GCN. Overall, the proposed model achieves an average improvement of 3.1% compared to existing methods. Full article

The aerial–terrestrial integrated Internet of Things (ATI-IoT) utilizes both aerial platforms (e.g., drones and high-altitude platform stations) and terrestrial networks to establish comprehensive and seamless connectivity across diverse geographical regions. The integration offers significant advantages, including expanded coverage in remote and underserved areas, enhanced reliability of data transmission, and support for various applications such as emergency communications, vehicular ad hoc networks, and intelligent agriculture. However, due to the inherent openness of wireless channels, ATI-IoT faces potential network threats and attacks, and its security issues cannot be ignored. In this regard, incorporating physical layer security techniques into ATI-IoT is essential to ensure data integrity and confidentiality. Motivated by the aforementioned factors, this review presents the latest advancements in ATI-IoT that facilitate physical layer security. Specifically, we elucidate the endogenous safety and security of wireless communications, upon which we illustrate the current status of aerial–terrestrial integrated architectures along with the functions of their components. Subsequently, various emerging techniques (e.g., intelligent reflective surfaces-assisted networks, device-to-device communications, covert communications, and cooperative transmissions) for ATI-IoT enabling physical layer security are demonstrated and categorized based on their technical principles. Furthermore, given that aerial platforms offer flexible deployment and high re-positioning capabilities, comprehensive discussions on practical applications of ATI-IoT are provided. Finally, several significant unresolved issues pertaining to technical challenges as well as security and sustainability concerns in ATI-IoT enabling physical layer security are outlined. Full article

Traditional command and control (C2) frameworks struggle with evasion, automation, and resilience against modern detection techniques. This paper introduces covert C2 (C3), a novel C2 framework designed to enhance operational security and minimize detection. C3 employs a decentralized architecture, enabling independent victim communication with the C2 server for covert persistence. Its adaptable design supports diverse post-exploitation and lateral movement techniques for optimized results across various environments. Through optimized performance and the use of the native messaging API, C3 agents achieve a demonstrably low detection rate against prevalent Endpoint Detection and Response (EDR) solutions. A publicly available proof-of-concept implementation demonstrates C3’s effectiveness in real-world adversarial simulations, specifically in direct code execution for privilege escalation and lateral movement. Our findings indicate that integrating novel techniques, such as the native messaging API, and a decentralized architecture significantly improves the stealth, efficiency, and reliability of offensive operations. The paper further analyzes C3’s post-exploitation behavior, explores relevant defense strategies, and compares it with existing C2 solutions, offering practical insights for enhancing network security. Full article

The Amazon biome is frequently targeted by illegal activities, with clandestine mining being one of the most prominent. Due to the dense forest cover, criminals often rely on covert aviation as a logistical tool to supply remote locations and sustain these activities. This work presents an enhancement to a previously developed landing strip detection algorithm tailored for the Amazon biome. The initial algorithm utilized satellite images combined with the use of Convolutional Neural Networks (CNNs) to find the targets’ spatial locations (latitude and longitude). By addressing the limitations identified in the initial approach, this refined algorithm aims to improve detection accuracy and operational efficiency in complex rainforest environments. Tests in a selected area of the Amazon showed that the modified algorithm resulted in a recall drop of approximately 1% while reducing false positives by 26.6%. The recall drop means there was a decrease in the detection of true positives, which is balanced by the reduction in false positives. When applied across the entire biome, the recall decreased by 1.7%, but the total predictions dropped by 17.88%. These results suggest that, despite a slight reduction in recall, the modifications significantly improved the original algorithm by minimizing its limitations. Additionally, the improved solution demonstrates a 25.55% faster inference time, contributing to more rapid target identification. This advancement represents a meaningful step toward more effective detection of clandestine airstrips, supporting ongoing efforts to combat illegal activities in the region. Full article

Task offloading strategies for unmanned aerial vehicle (UAV) -assisted mobile edge computing (MEC) systems have emerged as a promising solution for computationally intensive applications. However, the broadcast and open nature of radio transmissions makes such systems vulnerable to eavesdropping threats. Therefore, developing strategies that can perform task offloading in a secure communication environment is critical for both ensuring the security and optimizing the performance of MEC systems. In this paper, we first design an architecture that utilizes covert communication techniques to guarantee that a UAV-assisted MEC system can securely offload highly confidential tasks from the relevant user equipment (UE) and calculations. Then, utilizing the Markov Decision Process (MDP) as a framework and incorporating the Prioritized Experience Replay (PER) mechanism into the Deep Deterministic Policy Gradient (DDPG) algorithm, a PER-DDPG algorithm is proposed, aiming to minimize the maximum processing delay of the system and the correct detection rate of the warden by jointly optimizing resource allocation, the movement of the UAV base station (UAV-BS), and the transmit power of the jammer. Simulation results demonstrate the convergence and effectiveness of the proposed approach. Compared to baseline algorithms such as Deep Q-Network (DQN) and DDPG, the PER-DDPG algorithm achieves significant performance improvements, with an average reward increase of over 16% compared to DDPG and over 53% compared to DQN. Furthermore, PER-DDPG exhibits the fastest convergence speed among the three algorithms, highlighting its efficiency in optimizing task offloading and communication security. Full article

As Unmanned Aerial Vehicle (UAV) technology advances, UAVs have attracted widespread attention across military and civilian fields due to their low cost and flexibility. In unknown environments, UAVs can significantly reduce the risk of casualties and improve the safety and covertness when performing missions. Reinforcement Learning allows agents to learn optimal policies through trials in the environment, enabling UAVs to respond autonomously according to the real-time conditions. Due to the limitation of the observation range of UAV sensors, UAV target search missions face the challenge of partial observation. Based on this, Partially Observable Deep Q-Network (PODQN), which is a DQN-based algorithm is proposed. The PODQN algorithm utilizes the Gated Recurrent Unit (GRU) to remember the past observation information. It integrates the target network and decomposes the action value for better evaluation. In addition, the artificial potential field is introduced to solve the potential collision problem. The simulation environment for UAV target search is constructed through the custom Markov Decision Process. By comparing the PODQN algorithm with random strategy, DQN, Double DQN, Dueling DQN, VDN, QMIX, it is demonstrated that the proposed PODQN algorithm has the best performance under different agent configurations. Full article