Cyber-XAI-Block: an end-to-end cyber threat detection & fl-based risk assessment framework for iot enabled smart organization using xai and blockchain technologies

IF 3 4区 计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS
Omar Abboosh Hussein Gwassi, Osman Nuri Uçan, Enrique A. Navarro
{"title":"Cyber-XAI-Block: an end-to-end cyber threat detection & fl-based risk assessment framework for iot enabled smart organization using xai and blockchain technologies","authors":"Omar Abboosh Hussein Gwassi, Osman Nuri Uçan, Enrique A. Navarro","doi":"10.1007/s11042-024-20059-4","DOIUrl":null,"url":null,"abstract":"<p>The growing integration of the Internet of Things (IoT) in smart organizations is increasing the vulnerability of cyber threats, necessitating advanced frameworks for effective threat detection and risk assessment. Existing works provide achievable results but lack effective solutions, such as detecting Social Engineering Attacks (SEA). Using Deep Learning (DL) and Machine Learning (ML) methods whereas they are limited to validating user behaviors. Like high false positive rates, attack reoccurrence, and increases in numerous attacks. To overcome this problem, we use explainable (DL) techniques to increase cyber security in an IoT-enabled smart organization environment. This paper firstly, implements Capsule Network (CapsNet) to process employee fingerprints and blink patterns. Secondly, the Quantum Key Secure Communication Protocol (QKSCP) was also used to decrease communication channel vulnerabilities like Man In The Middle (MITM) and reply attacks. After Dual Q Network-based Asynchronous Advantage Actor-Critic algorithm DQN-A3C algorithm detects and prevents attacks. Thirdly, employed the explainable DQN-A3C model and the Siamese Inter Lingual Transformer (SILT) transformer for natural language explanations to boost social engineering security by ensuring the Artificial Intelligence (AI) model and human trustworthiness. After, we built a Hopping Intrusion Detection &amp; Prevention System (IDS/IPS) using an explainable Harmonized Google Net (HGN) model with SHAP and SILT explanations to appropriately categorize dangerous external traffic flows. Finally, to improve global, cyberattack comprehension, we created a Federated Learning (FL)-based knowledge-sharing mechanism between Cyber Threat Repository (CTR) and cloud servers, known as global risk assessment. To evaluate the suggested approach, the new method is compared to the ones that already exist in terms of malicious traffic (65 bytes/sec), detection rate (97%), false positive rate (45%), prevention accuracy (98%), end-to-end response time (97 s), recall (96%), false negative rate (42%) and resource consumption (41). Our strategy's performance is examined using numerical analysis, and the results demonstrate that it outperforms other methods in all metrics.</p>","PeriodicalId":18770,"journal":{"name":"Multimedia Tools and Applications","volume":null,"pages":null},"PeriodicalIF":3.0000,"publicationDate":"2024-09-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Multimedia Tools and Applications","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1007/s11042-024-20059-4","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

Abstract

The growing integration of the Internet of Things (IoT) in smart organizations is increasing the vulnerability of cyber threats, necessitating advanced frameworks for effective threat detection and risk assessment. Existing works provide achievable results but lack effective solutions, such as detecting Social Engineering Attacks (SEA). Using Deep Learning (DL) and Machine Learning (ML) methods whereas they are limited to validating user behaviors. Like high false positive rates, attack reoccurrence, and increases in numerous attacks. To overcome this problem, we use explainable (DL) techniques to increase cyber security in an IoT-enabled smart organization environment. This paper firstly, implements Capsule Network (CapsNet) to process employee fingerprints and blink patterns. Secondly, the Quantum Key Secure Communication Protocol (QKSCP) was also used to decrease communication channel vulnerabilities like Man In The Middle (MITM) and reply attacks. After Dual Q Network-based Asynchronous Advantage Actor-Critic algorithm DQN-A3C algorithm detects and prevents attacks. Thirdly, employed the explainable DQN-A3C model and the Siamese Inter Lingual Transformer (SILT) transformer for natural language explanations to boost social engineering security by ensuring the Artificial Intelligence (AI) model and human trustworthiness. After, we built a Hopping Intrusion Detection & Prevention System (IDS/IPS) using an explainable Harmonized Google Net (HGN) model with SHAP and SILT explanations to appropriately categorize dangerous external traffic flows. Finally, to improve global, cyberattack comprehension, we created a Federated Learning (FL)-based knowledge-sharing mechanism between Cyber Threat Repository (CTR) and cloud servers, known as global risk assessment. To evaluate the suggested approach, the new method is compared to the ones that already exist in terms of malicious traffic (65 bytes/sec), detection rate (97%), false positive rate (45%), prevention accuracy (98%), end-to-end response time (97 s), recall (96%), false negative rate (42%) and resource consumption (41). Our strategy's performance is examined using numerical analysis, and the results demonstrate that it outperforms other methods in all metrics.

Abstract Image

Cyber-XAI-Block:利用 xai 和区块链技术为启用了 iot 的智能组织提供端到端网络威胁检测和基于 fl 的风险评估框架
物联网(IoT)在智能组织中的集成度越来越高,增加了网络威胁的脆弱性,因此需要先进的框架来进行有效的威胁检测和风险评估。现有作品提供了可实现的结果,但缺乏有效的解决方案,如检测社交工程攻击(SEA)。深度学习(DL)和机器学习(ML)方法仅限于验证用户行为。例如,误报率高、攻击重复发生以及攻击次数增多。为了克服这一问题,我们使用可解释(DL)技术来提高物联网智能组织环境中的网络安全性。本文首先实现了胶囊网络(CapsNet)来处理员工指纹和眨眼模式。其次,还使用了量子密钥安全通信协议(QKSCP)来减少中间人(MITM)和回复攻击等通信信道漏洞。在基于双 Q 网络的异步优势行动者批评算法 DQN-A3C 算法检测和防止攻击之后。第三,采用可解释的 DQN-A3C 模型和用于自然语言解释的 SILT 变换器(Siamese Inter Lingual Transformer),通过确保人工智能(AI)模型和人类的可信度来提高社会工程学的安全性。之后,我们利用可解释的统一谷歌网络(HGN)模型,结合 SHAP 和 SILT 解释,构建了一个跳转式入侵检测与防范系统(IDS/IPS),对危险的外部流量进行适当分类。最后,为了提高对全球网络攻击的理解能力,我们在网络威胁库(CTR)和云服务器之间创建了一种基于联合学习(FL)的知识共享机制,即全球风险评估。为了评估所建议的方法,我们将新方法与现有方法在恶意流量(65 字节/秒)、检测率(97%)、误报率(45%)、预防准确率(98%)、端到端响应时间(97 秒)、召回率(96%)、误报率(42%)和资源消耗(41)方面进行了比较。我们通过数值分析检验了该策略的性能,结果表明它在所有指标上都优于其他方法。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
Multimedia Tools and Applications
Multimedia Tools and Applications 工程技术-工程:电子与电气
CiteScore
7.20
自引率
16.70%
发文量
2439
审稿时长
9.2 months
期刊介绍: Multimedia Tools and Applications publishes original research articles on multimedia development and system support tools as well as case studies of multimedia applications. It also features experimental and survey articles. The journal is intended for academics, practitioners, scientists and engineers who are involved in multimedia system research, design and applications. All papers are peer reviewed. Specific areas of interest include: - Multimedia Tools: - Multimedia Applications: - Prototype multimedia systems and platforms
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信