Kamal Raj Sharma,Wei-Yang Chiu,Weizhi Meng

2023-03-23

Abstract:Security associated threats are often increased for online social media during a pandemic, such as COVID-19, along with changes in a work environment. For example, employees in many companies and organizations have started to work from home due to the COVID-19 pandemic. Such working style has increased many remote activities and further relied on email for communication, thus creating an ideal condition for email fraud schemes. Motivated by this observation, the main purpose of this work is to evaluate the privacy policy of online social media and identify potential security associated problems. First, we perform a risk analysis of online social media networks such as Facebook, Twitter and LinkedIn by using the STRIDE model. This aims to find threats and vulnerabilities in the online social media. Then in this analysis, the phishing attack was found to be a main threat in online social media, which is a social engineering attack, where users are convinced through some fake messages or emails to extract their personal credentials.

Cryptography and Security

Benjamin M. Ampel

DOI: https://doi.org/10.48550/arXiv.2012.14425

2020-12-26

Abstract:Cyberattacks conducted by malicious hackers cause irreparable damage to organizations, governments, and individuals every year. Hackers use exploits found on hacker forums to carry out complex cyberattacks, making exploration of these forums vital. We propose a hacker forum entity recognition framework (HackER) to identify exploits and the entities that the exploits target. HackER then uses a bidirectional long short-term memory model (BiLSTM) to create a predictive model for what companies will be targeted by exploits. The results of the algorithm will be evaluated using a manually labeled gold-standard test dataset, using accuracy, precision, recall, and F1-score as metrics. We choose to compare our model against state of the art classical machine learning and deep learning benchmark models. Results show that our proposed HackER BiLSTM model outperforms all classical machine learning and deep learning models in F1-score (79.71%). These results are statistically significant at 0.05 or lower for all benchmarks except LSTM. The results of preliminary work suggest our model can help key cybersecurity stakeholders (e.g., analysts, researchers, educators) identify what type of business an exploit is targeting.

Cryptography and Security,Machine Learning

Heng Zhang,Yinchu Wang,Yawen Xue,Ruilong Deng,Hongran Li,Jian Zhang

DOI: https://doi.org/10.23919/ccc63176.2024.10662787

2024-01-01

Abstract:Industrial network control systems (INCSs) are easy to be targeted by attackers due to their high economic value. Most of the existing defense methods are deployed at the network boundary, which causes high-security risks to INCS once an attacker enters the system. In addition, many existing intrusion detection systems (IDSs) build detection models based on historical data. When INCS lacks sufficient historical data, it is difficult to build detection models with high accuracy. In this paper, we propose a trust assessment model for INCS based on Fourier series fitting employing concept of zero trust to assess the real-time trust of INCS. The model alerts when INCS has low trust. We test two data injection attacks in the experiment to prove the effectiveness of our approach.

Soumajyoti Sarkar,Mohammad Almukaynizi,Jana Shakarian,Paulo Shakarian

DOI: https://doi.org/10.48550/arXiv.1811.06537

2018-11-16

Abstract:With rise in security breaches over the past few years, there has been an increasing need to mine insights from social media platforms to raise alerts of possible attacks in an attempt to defend conflict during competition. We use information from the darkweb forums by leveraging the reply network structure of user interactions with the goal of predicting enterprise cyber attacks. We use a suite of social network features on top of supervised learning models and validate them on a binary classification problem that attempts to predict whether there would be an attack on any given day for an organization. We conclude from our experiments using information from 53 forums in the darkweb over a span of 12 months to predict real world organization cyber attacks of 2 different security events that analyzing the path structure between groups of users is better than just studying network centralities like Pagerank or relying on the user posting statistics in the forums.

Social and Information Networks

Jay Jacobs,Sasha Romanosky,Octavian Suciu,Benjamin Edwards,Armin Sarabi

2023-06-16

Abstract:The number of disclosed vulnerabilities has been steadily increasing over the years. At the same time, organizations face significant challenges patching their systems, leading to a need to prioritize vulnerability remediation in order to reduce the risk of attacks. Unfortunately, existing vulnerability scoring systems are either vendor-specific, proprietary, or are only commercially available. Moreover, these and other prioritization strategies based on vulnerability severity are poor predictors of actual vulnerability exploitation because they do not incorporate new information that might impact the likelihood of exploitation. In this paper we present the efforts behind building a Special Interest Group (SIG) that seeks to develop a completely data-driven exploit scoring system that produces scores for all known vulnerabilities, that is freely available, and which adapts to new information. The Exploit Prediction Scoring System (EPSS) SIG consists of more than 170 experts from around the world and across all industries, providing crowd-sourced expertise and feedback. Based on these collective insights, we describe the design decisions and trade-offs that lead to the development of the next version of EPSS. This new machine learning model provides an 82\% performance improvement over past models in distinguishing vulnerabilities that are exploited in the wild and thus may be prioritized for remediation.

Cryptography and Security

Mariam Ibrahim,Abdallah Al-Wadi,Ruba Elhafiz

DOI: https://doi.org/10.3390/s24113375

IF: 3.9

2024-05-25

Sensors

Abstract:The healthcare industry went through reformation by integrating the Internet of Medical Things (IoMT) to enable data harnessing by transmission mediums from different devices, about patients to healthcare staff devices, for further analysis through cloud-based servers for proper diagnosis of patients, yielding efficient and accurate results. However, IoMT technology is accompanied by a set of drawbacks in terms of security risks and vulnerabilities, such as violating and exposing patients' sensitive and confidential data. Further, the network traffic data is prone to interception attacks caused by a wireless type of communication and alteration of data, which could cause unwanted outcomes. The advocated scheme provides insight into a robust Intrusion Detection System (IDS) for IoMT networks. It leverages a honeypot to divert attackers away from critical systems, reducing the attack surface. Additionally, the IDS employs an ensemble method combining Logistic Regression and K-Nearest Neighbor algorithms. This approach harnesses the strengths of both algorithms to improve attack detection accuracy and robustness. This work analyzes the impact, performance, accuracy, and precision outcomes of the used model on two IoMT-related datasets which contain multiple attack types such as Man-In-The-Middle (MITM), Data Injection, and Distributed Denial of Services (DDOS). The yielded results showed that the proposed ensemble method was effective in detecting intrusion attempts and classifying them as attacks or normal network traffic, with a high accuracy of 92.5% for the first dataset and 99.54% for the second dataset and a precision of 96.74% for the first dataset and 99.228% for the second dataset.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

A. Khlobystova,M. Abramov,A. Tulupyev

DOI: https://doi.org/10.1007/978-3-030-50097-9_20

2020-01-01

Abstract:AbstractIn this research we present the hybrid model of finding the most critical distribution trajectories of multipath Social engineering attacks, passing through which by the malefactor on a global basis has the topmost degree of probability and will bring the greatest loss to the company. The solution of search problem concerning the most critical trajectories rests upon the assumption that the estimated probabilities of the direct Social engineering attack on user, degree evaluation of documents’ criticality, the estimated probabilities of Social engineering attack’s distribution from user to user are premised on linguistic indistinct variables are already calculated. The described model finds its application at creation when constructing the estimates of information systems users’ safety against Social engineering attacks and promotes well-timed informing of decision-makers on the vulnerabilities which being available in system.

Mohamed Abushwereb,Mouhammd Alkasassbeh,Mohammad Almseidin,Muhannad Mustafa

DOI: https://doi.org/10.48550/arXiv.2203.04347

2022-02-21

Abstract:The internet has caused tremendous changes since its appearance in the 1980s, and now, the Internet of Things (IoT) seems to be doing the same. The potential of IoT has made it the center of attention for many people, but, where some see an opportunity to contribute, others may see IoT networks as a target to be exploited. The high number of IoT devices makes them the perfect setup for staging denial-of-service attacks (DoS) that can have devastating consequences. This renders the need for cybersecurity measures such as intrusion detection systems (IDSs) evident. The aim of this paper is to build an IDS using the big data platform, Apache Spark. Apache Spark was used along with its ML library (MLlib) and the BoT-IoT dataset. The IDS was then tested and evaluated based on F-Measure (f1), as was the standard when evaluating imbalanced data. Two rounds of tests were performed, a partial dataset for minimizing bias, and the full BoT-IoT dataset for exploring big data and ML capabilities in a security setting. For the partial dataset, the Random Forest algorithm had the highest performance for binary classification at an average f1 measure of 99.7%, as well as 99.6% for main category classification, and an 88.5% f1 measure for sub category classification. As for the complete dataset, the Decision Tree algorithm scored the highest f1 measures for all conducted tests; 97.9% for binary classification, 79% for main category classification, and 77% for sub category classification.

Cryptography and Security,Networking and Internet Architecture

Benjamin L. Bullough,Anna K. Yanchenko,Christopher L. Smith,Joseph R. Zipkin

DOI: https://doi.org/10.1145/3041008.3041009

2017-07-25

Abstract:Each year, thousands of software vulnerabilities are discovered and reported to the public. Unpatched known vulnerabilities are a significant security risk. It is imperative that software vendors quickly provide patches once vulnerabilities are known and users quickly install those patches as soon as they are available. However, most vulnerabilities are never actually exploited. Since writing, testing, and installing software patches can involve considerable resources, it would be desirable to prioritize the remediation of vulnerabilities that are likely to be exploited. Several published research studies have reported moderate success in applying machine learning techniques to the task of predicting whether a vulnerability will be exploited. These approaches typically use features derived from vulnerability databases (such as the summary text describing the vulnerability) or social media posts that mention the vulnerability by name. However, these prior studies share multiple methodological shortcomings that inflate predictive power of these approaches. We replicate key portions of the prior work, compare their approaches, and show how selection of training and test data critically affect the estimated performance of predictive models. The results of this study point to important methodological considerations that should be taken into account so that results reflect real-world utility.

Cryptography and Security,Applications,Machine Learning

Fatama Tuz Johora,Md Shahedul Islam Khan,Esrath Kanon,Mohammad Abu Tareq Rony,Md Zubair,Iqbal H. Sarker

2024-03-28

Abstract:Cyber risk refers to the risk of defacing reputation, monetary losses, or disruption of an organization or individuals, and this situation usually occurs by the unconscious use of cyber systems. The cyber risk is unhurriedly increasing day by day and it is right now a global threat. Developing countries like Bangladesh face major cyber risk challenges. The growing cyber threat worldwide focuses on the need for effective modeling to predict and manage the associated risk. This paper exhibits a Machine Learning(ML) based model for predicting individuals who may be victims of cyber attacks by analyzing socioeconomic factors. We collected the dataset from victims and non-victims of cyberattacks based on socio-demographic features. The study involved the development of a questionnaire to gather data, which was then used to measure the significance of features. Through data augmentation, the dataset was expanded to encompass 3286 entries, setting the stage for our investigation and modeling. Among several ML models with 19, 20, 21, and 26 features, we proposed a novel Pertinent Features Random Forest (RF) model, which achieved maximum accuracy with 20 features (95.95\%) and also demonstrated the association among the selected features using the Apriori algorithm with Confidence (above 80\%) according to the victim. We generated 10 important association rules and presented the framework that is rigorously evaluated on real-world datasets, demonstrating its potential to predict cyberattacks and associated risk factors effectively. Looking ahead, future efforts will be directed toward refining the predictive model's precision and delving into additional risk factors, to fortify the proposed framework's efficacy in navigating the complex terrain of cybersecurity threats.

Cryptography and Security,Machine Learning

Chadia E. L. Asry,Ibtissam Benchaji,Samira Douzi,Bouabid E. L. Ouahidi

DOI: https://doi.org/10.1371/journal.pone.0295801

IF: 3.7

2024-01-25

PLoS ONE

Abstract:The escalating prevalence of cybersecurity risks calls for a focused strategy in order to attain efficient resolutions. This study introduces a detection model that employs a tailored methodology integrating feature selection using SHAP values, a shallow learning algorithm called PV-DM, and machine learning classifiers like XGBOOST. The efficacy of our suggested methodology is highlighted by employing the NSL-KDD and UNSW-NB15 datasets. Our approach in the NSL-KDD dataset exhibits exceptional performance, with an accuracy of 98.92%, precision of 98.92%, recall of 95.44%, and an F1-score of 96.77%. Notably, this performance is achieved by utilizing only four characteristics, indicating the efficiency of our approach. The proposed methodology achieves an accuracy of 82.86%, precision of 84.07%, recall of 77.70%, and an F1-score of 80.20% in the UNSW-NB15 dataset, using only six features. Our research findings provide substantial evidence of the enhanced performance of the proposed model compared to a traditional deep-learning model across all performance metrics.

multidisciplinary sciences

Ashok Deb,Kristina Lerman,Emilio Ferrara

DOI: https://doi.org/10.3390/info9110280

2018-04-15

Abstract:Recent high-profile cyber attacks exemplify why organizations need better cyber defenses. Cyber threats are hard to accurately predict because attackers usually try to mask their traces. However, they often discuss exploits and techniques on hacking forums. The community behavior of the hackers may provide insights into groups' collective malicious activity. We propose a novel approach to predict cyber events using sentiment analysis. We test our approach using cyber attack data from 2 major business organizations. We consider 3 types of events: malicious software installation, malicious destination visits, and malicious emails that surpassed the target organizations' defenses. We construct predictive signals by applying sentiment analysis on hacker forum posts to better understand hacker behavior. We analyze over 400K posts generated between January 2016 and January 2018 on over 100 hacking forums both on surface and Dark Web. We find that some forums have significantly more predictive power than others. Sentiment-based models that leverage specific forums can outperform state-of-the-art deep learning and time-series models on forecasting cyber attacks weeks ahead of the events.

Computation and Language

Raj Pokhrel Nawa,P. Tsokos Chris,Nawa Raj Pokhrel,Chris P. Tsokos

DOI: https://doi.org/10.4236/jis.2017.82007

2017-01-01

Journal of Information Security

Abstract:There are several security metrics developed to protect the computer networks. In general, common security metrics focus on qualitative and subjective aspects of networks lacking formal statistical models. In the present study, we propose a stochastic model to quantify the risk associated with the overall network using Markovian process in conjunction with Common Vulnerability Scoring System (CVSS) framework. The model we developed uses host access graph to represent the network environment. Utilizing the developed model, one can filter the large amount of information available by making a priority list of vulnerable nodes existing in the network. Once a priority list is prepared, network administrators can make software patch decisions. Gaining in depth understanding of the risk and priority level of each host helps individuals to implement decisions like deployment of security products and to design network topologies.

Manuel Egele,Gianluca Stringhini,Christopher Kruegel,Giovanni Vigna

DOI: https://doi.org/10.48550/arXiv.1509.03531

2015-09-11

Abstract:Compromising social network accounts has become a profitable course of action for cybercriminals. By hijacking control of a popular media or business account, attackers can distribute their malicious messages or disseminate fake information to a large user base. The impacts of these incidents range from a tarnished reputation to multi-billion dollar monetary losses on financial markets. In our previous work, we demonstrated how we can detect large-scale compromises (i.e., so-called campaigns) of regular online social network users. In this work, we show how we can use similar techniques to identify compromises of individual high-profile accounts. High-profile accounts frequently have one characteristic that makes this detection reliable -- they show consistent behavior over time. We show that our system, were it deployed, would have been able to detect and prevent three real-world attacks against popular companies and news agencies. Furthermore, our system, in contrast to popular media, would not have fallen for a staged compromise instigated by a US restaurant chain for publicity reasons.

Cryptography and Security,Social and Information Networks

Soumajyoti Sarkar,Mohammad Almukaynizi,Jana Shakarian,Paulo Shakarian

DOI: https://doi.org/10.1007/s13278-019-0603-9

2019-09-30

Social Network Analysis and Mining

Abstract:With the rise in security breaches over the past few years, there has been an increasing need to mine insights from social media platforms to raise alerts of possible attacks in an attempt to defend conflict during competition. In this study, we attempt to build a framework that utilizes unconventional signals from the darkweb forums by leveraging the reply network structure of user interactions with the goal of predicting enterprise-related external cyber attacks. We use both unsupervised and supervised learning models that address the challenges that come with the lack of enterprise attack metadata for ground-truth validation as well as insufficient data for training the models. We validate our models on a binary classification problem that attempts to predict cyber attacks on a daily basis for an organization. Using several controlled studies on features leveraging the network structure, we measure the extent to which the indicators from the darkweb forums can be successfully used to predict attacks. We use information from 53 forums in the darkweb over a span of 17 months for the task. Our framework to predict real-world organization cyber attacks of three different security events suggests that focusing on the reply path structure between groups of users based on random walk transitions and community structures has an advantage in terms of better performance solely relying on forum or user posting statistics prior to attacks.

Yair Meidan,Daniel Benatar,Ron Bitton,Dan Avraham,Asaf Shabtai

DOI: https://doi.org/10.1016/j.cose.2022.103073

2023-03-02

Abstract:IoT devices are known to be vulnerable to various cyber-attacks, such as data exfiltration and the execution of flooding attacks as part of a DDoS attack. When it comes to detecting such attacks using network traffic analysis, it has been shown that some attack scenarios are not always equally easy to detect if they involve different IoT models. That is, when targeted at some IoT models, a given attack can be detected rather accurately, while when targeted at others the same attack may result in too many false alarms. In this research, we attempt to explain this variability of IoT attack detectability and devise a risk assessment method capable of addressing a key question: how easy is it for an anomaly-based network intrusion detection system to detect a given cyber-attack involving a specific IoT model? In the process of addressing this question we (a) investigate the predictability of IoT network traffic, (b) present a novel taxonomy for IoT attack detection which also encapsulates traffic predictability aspects, (c) propose an expert-based attack detectability estimation method which uses this taxonomy to derive a detectability score (termed `D-Score') for a given combination of IoT model and attack scenario, and (d) empirically evaluate our method while comparing it with a data-driven method.

Cryptography and Security

Yan Zhang,Degang Zhu,Menglin Wang,Junhan Li,Jie Zhang

DOI: https://doi.org/10.1016/j.ijcip.2023.100658

IF: 3.683

2023-12-25

International Journal of Critical Infrastructure Protection

Abstract:Due to the proliferation of network devices and the presence of sensitive information, healthcare systems have become prime targets for cyber attackers. Therefore, it is crucial to design an efficient and accurate intrusion detection system (IDS) specifically tailored for healthcare systems. In this regard, we conducted a comprehensive comparative study on network security intrusion detection in healthcare systems. In order to tackle the challenges arising from information redundancy and noise in feature selection, we developed the Maximum Information Coefficient (MIC) method to effectively analyse the nonlinear relationships among traffic features. This method was utilized in a comparative analysis involving ten models on three datasets. The experiments demonstrated that the detection models using MIC-based feature selection outperformed other feature selection approaches, especially when applied to the WUSTL-EHMS-2020 dataset, which includes patients' biometric features. The MIC-enhanced Extreme Gradient Boosting detection model achieved remarkable results, attaining an accuracy of 95.01%, precision of 94.94%, and recall of 95.01%. These findings underscore the efficacy of our comparative study in safeguarding healthcare systems against cyber attacks. Furthermore, our study highlights the importance of feature selection and the incorporation of patient biometric features in healthcare IDS. It is imperative for medical managers to consider these factors when making informed decisions regarding cyber security measures.

engineering, multidisciplinary,computer science, information systems

Daniel Alves de Sousa,Elaine Ribeiro de Faria,Rodrigo Sanches Miani

DOI: https://doi.org/10.48550/arXiv.2011.03113

2020-11-05

Cryptography and Security

Abstract:Patch prioritization is a crucial aspect of information systems security, and knowledge of which vulnerabilities were exploited in the wild is a powerful tool to help systems administrators accomplish this task. The analysis of social media for this specific application can enhance the results and bring more agility by collecting data from online discussions and applying machine learning techniques to detect real-world exploits. In this paper, we use a technique that combines Twitter data with public database information to classify vulnerabilities as exploited or not-exploited. We analyze the behavior of different classifying algorithms, investigate the influence of different antivirus data as ground truth, and experiment with various time window sizes. Our findings suggest that using a Light Gradient Boosting Machine (LightGBM) can benefit the results, and for most cases, the statistics related to a tweet and the users who tweeted are more meaningful than the text tweeted. We also demonstrate the importance of using ground-truth data from security companies not mentioned in previous works.

Jiang Shan,Chen Changai

DOI: https://doi.org/10.2991/isrme-15.2015.109

2015-01-01

Abstract:The security of software applications, from web-based applications to mobile services, is always at risk because of the open society of internet. With the increase in the number of network throughput and security threats, intrusion detection system has attracted much attention in recent years. In this paper, we undertake the research on the principle techniques for network intrusion detection based on data mining and analysis approach. We adopt the prior knowledge on Bayesian network which is a directed acyclic graph, each node represents a random variable and an edge said direct probabilistic dependencies between two connected nodes. Then, we use the traditional risk assessment model to measure the possibility of being hearted. The numeric analysis and experimental illustration indicates the effectiveness of our method compared with other popular adopted state-of-the-art methodologies. In the future, we plan to introduce the graph and complex network theory into our prototype system to enhance the performance.

Ying He,Efpraxia Zamani,Iryna Yevseyeva,Cunjin Luo

DOI: https://doi.org/10.2196/41748

2023-04-25

Abstract:Background: Health information systems (HISs) are continuously targeted by hackers, who aim to bring down critical health infrastructure. This study was motivated by recent attacks on health care organizations that have resulted in the compromise of sensitive data held in HISs. Existing research on cybersecurity in the health care domain places an imbalanced focus on protecting medical devices and data. There is a lack of a systematic way to investigate how attackers may breach an HIS and access health care records. Objective: This study aimed to provide new insights into HIS cybersecurity protection. We propose a systematic, novel, and optimized (artificial intelligence-based) ethical hacking method tailored specifically for HISs, and we compared it with the traditional unoptimized ethical hacking method. This allows researchers and practitioners to identify the points and attack pathways of possible penetration attacks on the HIS more efficiently. Methods: In this study, we propose a novel methodological approach to ethical hacking in HISs. We implemented ethical hacking using both optimized and unoptimized methods in an experimental setting. Specifically, we set up an HIS simulation environment by implementing the open-source electronic medical record (OpenEMR) system and followed the National Institute of Standards and Technology's ethical hacking framework to launch the attacks. In the experiment, we launched 50 rounds of attacks using both unoptimized and optimized ethical hacking methods. Results: Ethical hacking was successfully conducted using both optimized and unoptimized methods. The results show that the optimized ethical hacking method outperforms the unoptimized method in terms of average time used, the average success rate of exploit, the number of exploits launched, and the number of successful exploits. We were able to identify the successful attack paths and exploits that are related to remote code execution, cross-site request forgery, improper authentication, vulnerability in the Oracle Business Intelligence Publisher, an elevation of privilege vulnerability (in MediaTek), and remote access backdoor (in the web graphical user interface for the Linux Virtual Server). Conclusions: This research demonstrates systematic ethical hacking against an HIS using optimized and unoptimized methods, together with a set of penetration testing tools to identify exploits and combining them to perform ethical hacking. The findings contribute to the HIS literature, ethical hacking methodology, and mainstream artificial intelligence-based ethical hacking methods because they address some key weaknesses of these research fields. These findings also have great significance for the health care sector, as OpenEMR is widely adopted by health care organizations. Our findings offer novel insights for the protection of HISs and allow researchers to conduct further research in the HIS cybersecurity domain.