The motive of this paper is to detect the malware from computer systems in order to protect the confidential data, information, documents etc. from being accessing. The detection of malware is necessary because it steals the data from that system which is affected by malware. There are different malware detection techniques (cloud-based, signature-based, Iot-based, heuristic based etc.) and different malware detection tools (static, dynamic) area used in this paper to detect new generation malware. It is necessary to detect malware because the attacks of malware badly affect our economy and no one sector is untouched by it. The detection of malware is compulsory because it exploits goal devices vulnerabilities, along with a Trojan horse in valid software e.g. browser that may be hijacked. There are also different tools used for detection of malware like static or dynamic that we see in this paper. We also see different methods of detection of malware in android.

With the development of network technologies, network intrusion has become increasing complex which makes the intrusion detection challenging. Traditional intrusion detection algorithms detect intrusion traffic through intrusion traffic characteristics or machine learning. These methods are inefficient due to the dependence of manual work. Therefore, in order to improve the efficiency and the accuracy, we propose an intrusion detection method based on deep learning. We integrate the Transformer and LSTM module with intrusion detection model to automatically detect network intrusion. The Transformer and LSTM can capture the temporal information of the traffic data which benefits to distinguish the abnormal data from normal data. We conduct experiments on the publicly available NSL-KDD dataset to evaluate the performance of our proposed model. The experimental results show that the proposed model outperforms other deep learning based models.

In the ever-evolving landscape of cybersecurity threats, Intrusion detection systems are critical in protecting network and server infrastructure in the ever-changing spectrum ofcybersecurity threats. This research introduces a hybrid detection approach that uses deep learning techniques to improve intrusion detection accuracy and efficiency. The proposed prototype combines the strength of the XGBoost and MaxPooling1D algorithms within an ensemble model, resulting in a stable and effective solution. Through the fusion of these methodologies, the hybrid detection system achieves superior performance in identifying and mitigating various types of intrusions. This paper provides an overview of the prototype s architecture, discusses the benefits of using deep learning in intrusion detection, and presents experimental results showcasing the system s efficacy.

Network intrusion detection is a crucial task in ensuring the security and reliability of computer networks. In recent years, machine learning algorithms have shown promising results in identifying anomalous activities indicative of network intrusions. In the context of intrusion detection systems, novelty detection often receives limited attention within machine learning communities. This oversight can be attributed to the historical emphasis on optimizing performance metrics using established datasets, which may not adequately represent the evolving landscape of cyber threats. This research aims to compare four widely used novelty detection algorithms for network intrusion detection, namely SGDOneClassSVM, LocalOutlierDetection, EllipticalEnvelope Covariance, and Isolation Forest. Our experiments with the UNSW-NB15 dataset show that Isolation Forest was the best-performing algorithm with an F1-score of 0.723. The result shows that network-based intrusion detection systems are still challenging for novelty detection algorithms.

In cybersecurity, Intrusion Detection Systems (IDS) protect against emerging cyber threats. Combining signature-based and anomaly-based detection methods may improve IDS accuracy and reduce false positives. This research analyzes hybrid intrusion detection systems signature-based components performance and limitations. The paper begins with a detailed history of signature-based detection methods responding to changing threat situations. This research analyzes signature databases to determine their capacity to identify and guard against current threats and cover known vulnerabilities. The paper also examines the intricate relationship between signature-based detection and anomalybased techniques in hybrid IDS systems. This investigation examines how these two methodologies work together to uncover old and new attack strategies, focusing on zero-day vulnerabilities and polymorphic malware. A diverse dataset of network traffic and attack scenarios is used to test. Detection, false positives, and response times assess signature-based components. Comparative examinations investigate how signature-based detection affects system accuracy and efficiency. This research illuminates the role of signature-based aspects in hybrid intrusion detection systems. This study recommends integrating signature-based detection techniques with anomaly-based methods to improve hybrid intrusion detection systems (IDS) at recognizing and mitigating various cyber threats.

The network intrusion detection system capably safeguards our network environment from attacks. Yet, the relentless surge in bandwidth and inherent constraints within these systems often hinder detection, particularly in confrontations with substantial traffic volume. Hence, this paper introduces the IP-filtered multi-channel convolutional neural networks (IP-MCCLSTM), which filters traffic by IP, curtails system loading, and notably enhances detection efficiency. IP-MCCLSTM outperforms comparison methods in tests using the 2017CICIDS data set. The result shows IPMCCLSTM obtains 98.9\% accuracy and 99.7\% Macro-Recall rate, showcasing its potential as an avant-garde solution in intrusion detection.

Due to its adaptability and pay-per-use services, cloud computing has grown in popularity among businesses, but security and privacy issues are still very much present. Intruders can exploit vulnerabilities in the open and dispersed nature of cloud environments, leading to attacks that can damage entire projects within a short period of time. To address this issue, organizations need to implement effective intrusion detection systems (IDS) that can detect and alert administrators of any suspicious activities. There are three widely used methods for IDS: signature-based detection, anomaly-based detection, and hybrid detection. Hybrid detection, which combines the strengths of signature-based and anomaly-based detection, has been shown to produce superior results. IDS can be categorized into host- based IDS (HIDS), network-based IDS (NIDS), hypervisor-based IDS, and distributed IDS (DIDS), each with their own unique characteristics and benefits. The CICIDS2017 dataset provides a diverse set of attacks and benign traffic for researchers and practitioners to develop and evaluate IDS systems. Overall, putting in place a strong intrusion detection system is critical for maintaining the security and privacy of cloud-based projects, as well as ensuring their availability.

The advancement of information technology is closely associated with various aspects of daily life, providing people with services for a comfortable life. As the network infrastructure expands to accommodate these services, it inevitably creates several vulnerable points susceptible to cyberattacks. Researchers have gained significant momentum by focusing on deep learning-based network intrusion detection. The development of a robust network intrusion detection system based on deep learning necessitates a substantial volume of data. Traditionally, collected data for centralized learning were transmitted to a central server for training the model. However, this approach causes concern regarding the potential compromise of the personal information contained within the raw data, thereby precipitating legal implications for vendors. Therefore, this paper proposes an ImprovedFedAvg, which enhances the existing FedAvg algorithm for network intrusion detection model. This method uses the full advantages of federated learning for data privacy preservation and significantly reduces the transmission of model weights while improving the performance of the model.

In the face of a large number of network attacks, intrusion detection system can issue early warning, indicating the emergence of network attacks. In order to improve the traditional machine learning network intrusion detection model to identify the behavior of network attacks, improve the detection accuracy and accuracy. Convolutional neural network is used to construct intrusion detection model, which has better ability to solve complex problems and better adaptability of algorithm. In order to solve the problems such as dimension explosion caused by input data, the albino PCA algorithm is used to extract data features and reduce data dimensions. For the common problem of convolutional neural networks in intrusion detection such as overfitting, Dropout layers are added before and after the fully connected layer of CNN, and Sigmoid is selected as the intrusion classification prediction function. This reduces the overfitting, improves the robustness of the intrusion detection model, and enhances the fault tolerance and generalization ability of the model to improve the accuracy of the intrusion detection model. The effectiveness of the proposed method in intrusion detection is verified by comparison and analysis of numerical examples.

The use of computers and the internet has spread rapidly over the course of the past few decades. Every day, more and more peopleare coming to rely heavily on the internet. When it comes to the field of information security, the subject of security is one that is becoming an increasingly important focus. It is vital to design a powerful intrusion detection system in order to prevent computer hackers and other intruders from effectively getting into computer networks or systems. This can be accomplished by: (IDS). The danger and attack detection capabilities of the computer system are built into the intrusion detection system. Abuse has occurred and can be used to identify invasions when there is a deviation between a preset pattern of intrusion and an observedpattern of intrusion. An intrusion detection system (IDS) is a piece of hardware (or software) that is used to generate reports for a Management Station as well as monitor network and/or system activities for unethical behaviour or policy violations. In the current study, an approach known as machine learning is suggested as a possible paradigm for the development of a network intrusion detection system. The results of the experiment show that the strategy that was suggested improves the capability of intrusion detection.

In modern conditions, the relevance of the problem of assessing the information security risks for automated systems is increasing. Risk assessment is defined as a complex multi-stage task. Risk assessment requires prompt decision-making for effective information protection. To solve this problem, a method for automating risk assessment based on fuzzy cognitive maps is proposed. A fuzzy cognitive map is a model that can be represented as a directed graph in which concepts and connections between them have own weights. The automation process allows evaluate complex relationships between factors and threats, providing a more comprehensive risk assessment. The application of fuzzy cognitive maps proved to be an effective tool for automation, promptness, and quality in risk assessment.

The role of principals of schools facing digital transformation in and for the 21st century is to assure and promote effective use of digital technologies in all aspects of school functioning.

The increase in the usage of various computing and mobile devices has resulted in implementing large scale ad hoc networks as the user demand is on the rise and companies’ find it difficult to invest more in the IT infrastructure to meet the surging demand. The traditional model of networking enables the mobile devices to face various issues like lower bandwidth, mobility, security and storage et. Hence, in order to meet the overall service requirement and to enhance the overall efficiency of the network, cloud computing was introduced. The implementation of these devices tends to support in every node, it enhances better communication in a better range towards another nodes. There is a critical administration and support devices from everywhere in an effective manner.

In this paper, we present a novel statistical approach to assess and model data of water distribution network (WDN) failures which contain only few pieces of information, namely the number of failures in a month. The applied statistical method is known as the circular (directional) statistics. It concerns with angular/cyclical data in degrees or radians. The sample space is typically a circle or a sphere and due to the nature of the circular data, they cannot be analysed with commonly used statistical techniques. Circular data approaches can be adapted to analyse time-of-year data and year cycles. Using the methods of descriptive and inferential statistics for circular data, we show that the WDN failure data show a deviation from the uniform model and cannot be modelled by the parametric models. Therefore, we apply the nonparametric circular kernel density estimates to assess and model the data and predict the expected numbers of failures in the respective months of a year.

The growth of Electric Vehicles (EVs), coupled with the deployment of large-scale extreme fast charging stations (XFCSs), has increased the attack surface for EV ecosystems. To secure such critical cyber-physical systems (CPSs), it is imperative for the system defenders to perform an in-depth analysis of potential attack vectors, evaluate possible countermeasures, and analyze attack-defense scenarios quantitatively to implement a defense strategy that will provide maximum utilization of their limited resources. Therefore, a systematic framework is essential, relying on modeling tools that security experts are familiar with. In this paper, we propose a comprehensive methodology for enabling the defender to perform a high-level attack surface analysis of an XFCS and determine the defense strategy with the highest utility value. We apply STRIDE threat modeling and attack defense tree (ADT) to enumerate realizable attack paths and identify possible defense measures. We then employ analytic hierarchy process (AHP) as a multi-criteria decisionmaking algorithm to obtain the highest utility strategy for the defender to adopt. The proposed methodology is validated by demonstrating its real-world feasibility through a case study, using sample attack paths for an XFCS.

With technological advances, Cyber-Physical Systems (CPS), specifically critical infrastructures, have become strongly connected. Their exposure to cyber adversaries is higher than ever. The number of cyber-attacks perpetrated against critical infrastructure is growing in number and sophistication. The protection of such complex systems became of paramount importance. Resilience applied to critical infrastructures aims at protecting these vital systems from cyber-attacks and making them continue to deliver a certain level of performance, even when attacks occur. In this work, we explore new advances related to cyber-resilience applied to CPSs. We also explore the use of a metric to quantify the resilience of critical infrastructures. As a use case, we consider a water treatment system.

Modern day cyber-infrastructures are critically dependent on each other to provide essential services. Current frameworks typically focus on the risk analysis of an isolated infrastructure. Evaluation of potential disruptions taking the heterogeneous cyber-infrastructures is vital to note the cascading disruption vectors and determine the appropriate interventions to limit the damaging impact. This paper presents a cyber-security risk assessment framework for the interconnected cyberinfrastructures. Our methodology is designed to be comprehensive in terms of accommodating accidental incidents and malicious cyber threats. Technically, we model the functional dependencies between the different architectures using reliability block diagrams (RBDs). RBDs are convenient, yet powerful graphical diagrams, which succinctly describe the functional dependence between the system components. The analysis begins by selecting a service from the many services that are outputted by the synchronized operation of the architectures whose disruption is deemed critical. For this service, we design an attack fault tree (AFT). AFT is a recent graphical formalism that combines the two popular formalisms of attack trees and fault trees. We quantify the attack-fault tree and compute the risk metrics – the probability of a disruption and the damaging impact. For this purpose, we utilize the open source ADTool. We show the efficacy of our framework with an example outage incident.

In this paper, a quantitative analysis method is proposed to calculate the risks from cyber-attacks focused on the domain of data security in the financial sector. Cybersecurity risks have increased in organizations due to the process of digital transformation they are going through, reflecting in a notorious way in the financial sector, where a considerable percentage of the attacks carried out on the various industries are concentrated. In this sense, risk assessment becomes a critical point for their proper management and, in particular, for organizations to have a risk analysis method that allows them to make cost-effective decisions. The proposed method integrates a layered architecture, a list of attacks to be prioritized, and a loss taxonomy to streamline risk analysis over the data security domain including: encryption, masking, deletion, and resiliency. The layered architecture considers: presentation layer, business logic layer, and data management layer. The method was validated and tested by 6 financial companies in Lima, Peru. The preliminary results identified the applicability of the proposed method collected through surveys of experts from the 6 entities surveyed, obtaining 85.7\% who consider that the proposed three-layer architecture contains the assets considered critical.

For modern industrial automation and control systems (IACS), it is a cybersecurity risk that provokes the most growing anxiety among other potential hazards. In order to manage the risk efficiently, a risk assessment is necessary. A standard CIA approach explores the confidentiality, integrity, and availability properties of assets. However, for IACS dealing with critical infrastructures, it is more crucial to investigate separately the availability part of the risk. Moreover, not assets but functions are particularly important. One of the major problems arising during the assessment is how to assign values for the availability property of IACS functions. For establishing the CIA values, techniques related to confidentiality and integrity seem to be quite evident and make just a minor issue to develop and employ. However, methods for assessing the availability property happen to be not obvious and not widely used. The article presents a metric helpful for the availability valuation. Inherently constructed to be applicable particularly to functions, not to assets, the metric will be found especially effective for IACS. Essentially based on delay as a measure, the metric is proved to be conformant to the IEC 62443 series availability interpretation and the general requirements for the cybersecurity metrics. For the metric to be accurately calculated, the availability reference model, dependency theory, and a theory of deterministic queuing systems Network calculus are proposed to be utilized. Applying Network calculus to the metric calculation, the article reveals that this problem can be reduced to the problem of obtaining sets of service curves.

Cyber physical system (CPS) Critical infrastructures (CIs) like the power and energy systems are increasingly becoming vulnerable to cyber attacks. Mitigating cyber risks in CIs is one of the key objectives of the design and maintenance of these systems. These CPS CIs commonly use legacy devices for remote monitoring and control where complete upgrades are uneconomical and infeasible. Therefore, risk assessment plays an important role in systematically enumerating and selectively securing vulnerable or high-risk assets through optimal investments in the cybersecurity of the CPS CIs. In this paper, we propose a CPS CI security framework and software tool, CySec Game, to be used by the CI industry and academic researchers to assess cyber risks and to optimally allocate cybersecurity investments to mitigate the risks. This framework uses attack tree, attackdefense tree, and game theory algorithms to identify high-risk targets and suggest optimal investments to mitigate the identified risks. We evaluate the efficacy of the framework using the tool by implementing a smart grid case study that shows accurate analysis and feasible implementation of the framework and the tool in this CPS CI environment.

Dynamic Infrastructural Distributed Denial of Service (I-DDoS) attacks constantly change attack vectors to congest core backhaul links and disrupt critical network availability while evading end-system defenses. To effectively counter these highly dynamic attacks, defense mechanisms need to exhibit adaptive decision strategies for real-time mitigation. This paper presents a novel Autonomous DDoS Defense framework that employs model-based reinforcement agents. The framework continuously learns attack strategies, predicts attack actions, and dynamically determines the optimal composition of defense tactics such as filtering, limiting, and rerouting for flow diversion. Our contributions include extending the underlying formulation of the Markov Decision Process (MDP) to address simultaneous DDoS attack and defense behavior, and accounting for environmental uncertainties. We also propose a fine-grained action mitigation approach robust to classification inaccuracies in Intrusion Detection Systems (IDS). Additionally, our reinforcement learning model demonstrates resilience against evasion and deceptive attacks. Evaluation experiments using real-world and simulated DDoS traces demonstrate that our autonomous defense framework ensures the delivery of approximately 96 – 98% of benign traffic despite the diverse range of attack strategies.

Due to the concern on cloud security, digital encryption is applied before outsourcing data to the cloud for utilization. This introduces a challenge about how to efficiently perform queries over ciphertexts. Crypto-based solutions currently suffer from limited operation support, high computational complexity, weak generality, and poor verifiability. An alternative method that utilizes hardware-assisted Trusted Execution Environment (TEE), i.e., Intel SGX, has emerged to offer high computational efficiency, generality and flexibility. However, SGX-based solutions lack support on multi-user query control and suffer from security compromises caused by untrustworthy TEE function invocation, e.g., key revocation failure, incorrect query results, and sensitive information leakage. In this article, we leverage SGX and propose a secure and efficient SQL-style query framework named QShield. Notably, we propose a novel lightweight secret sharing scheme in QShield to enable multi-user query control; it effectively circumvents key revocation and avoids cumbersome remote attestation for authentication. We further embed a trust-proof mechanism into QShield to guarantee the trustworthiness of TEE function invocation; it ensures the correctness of query results and alleviates side-channel attacks. Through formal security analysis, proof-of-concept implementation and performance evaluation, we show that QShield can securely query over outsourced data with high efficiency and scalable multi-user support.

One of the important characteristics envisioned for 6G is security function virtualization (SFV). Similar to network function virtualization (NFV) in 5G networks, SFV provides new opportunities for improving security while reducing the security overhead. In particular, it provides an attractive way of solving compatibility issues related to security. Malware in Internet of Things (IoT) systems is gaining popularity among cyber-criminals because of the expected number of IoT devices in 5G and 6G networks. To solve this issue, this article proposes a security framework that exploits softwarization of security functions via SFV to improve trust in IoT systems and contain the propagation of malware. IoT devices are categorized into trusted, vulnerable, and compromised levels using remote attestation. To isolate the devices in the three distinct categories, NFV is used to create separate networks for each category, and a distributed ledger is used to store the state of each device. Virtualized remote attestation routines are employed to avoid any compatibility issues among heterogeneous IoT devices and effectively contain malware propagation. The results show that the proposed framework can reduce the number of infected devices by 66 percent in only 10 seconds.

Advances in wireless networking, such as 5G, continue to enable the vision of the Internet of Things (IoT), where everything is connected, and much data is collected by IoT devices and made available to interested parties (i.e., application servers). However, events such as botnet attacks (e.g., [1]) demonstrate that there are important challenges in this evolution.

The releases of Intel SGX and AMD SEV mark the transition of hardware-based enclaves from research prototypes to mainstream products. These two paradigms of secure enclaves are attractive to both the cloud providers and tenants, since security is one of the key pillars of cloud computing. However, it is found that current hardware-defined enclaves are not flexible and efficient enough for the cloud. For example, although SGX can provide strong memory protection with both confidentiality and integrity, the size of secure memory is tightly restricted. On the contrary, SEV enables enclaves to use more memory but has critical security flaws due to no memory integrity protection. Meanwhile, both types of enclaves have relatively long booting latency, which makes them not suitable for short-term tasks like serverless workloads. After an in-depth analysis, we find that there are some intrinsic tradeoffs between security and performance due to the limitation of architectural designs. In this article, we investigate a novel hardware-software co-design of enclaves to meet the requirements of cloud by placing a part of the logic of the enclave mechanism into a lightweight software layer, named Enclavisor, to achieve a balance between security, performance, and flexibility. Specifically, our implementation is based on AMD’s SEV and, Enclavisor is placed in the guest kernel mode of SEV’s secure virtual machines. Enclavisor inherently supports memory encryption with no memory limitation and also achieves efficient booting, multiple enclave granularities, and post-launch remote attestation. Meanwhile, we also propose hardware/ software solutions to mitigate the security flaws caused by the lack of memory integrity. We implement a prototype of Enclavisor on an AMD SEV server. The experiments on both micro-benchmarks and application benchmarks show that enclaves on Enclavisor can have close-to-native performance.