Cyber Security and Applications最新文献

{"title":"Sysmon event logs for machine learning-based malware detection","authors":"Riki Mi’roj Achmad,&nbsp;Dyah Putri Nariswari,&nbsp;Baskoro Adi Pratomo,&nbsp;Hudan Studiawan","doi":"10.1016/j.csa.2025.100110","DOIUrl":"10.1016/j.csa.2025.100110","url":null,"abstract":"<div><div>Malware poses a significant threat to modern computing environments, necessitating advanced detection techniques that can adapt to evolving attack methods. This study focuses on dynamic malware analysis using machine learning models to process detailed data from Sysmon Event Logs, a crucial sources of system information that record both running program activities. Sysmon events contain various information on what a program is doing during execution, such as created processes, initiated network connection, DNS queries, modified file and registry keys, and other type of events. Such information can be used to classify malicious or benign software. In this research, we employed various machine learning algorithms, both classification (supervised learning) and outlier detection (unsupervised learning) approaches, such as Naive Bayes, Decision Tree, Random Forest, Support Vector Machine (SVM) for supervised learning, and Isolation Forest, Local Outlier Factor (LOF), and One-Class SVM for unsupervised learning. An extensive set of experiment were conducted to look for the best approach and the most relevant features. Principal Component Analysis (PCA) was applied to select the most relevant features for both supervised and unsupervised learning models. The experiments showed that the Local Outlier Factor (LOF) model with its twenty best features achieved the best performance, with an F1 score of 0.9873.</div></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"3 ","pages":"Article 100110"},"PeriodicalIF":0.0,"publicationDate":"2025-07-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144724580","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Adaptive steganography based on motion vectors for H.264/AVC","authors":"Rusul Nabeel Al-Mallah ,&nbsp;Mohammed Hazim Al-Jammas","doi":"10.1016/j.csa.2025.100109","DOIUrl":"10.1016/j.csa.2025.100109","url":null,"abstract":"<div><div>In our current era, sending and receiving data securely is a significant challenge. Through data transmission, we must ensure that the data reaches the intended recipients without being compromised by hackers or unauthorized ones. Steganography is one of the best techniques for hiding data within other media without raising suspicion. The goal is to transmit data embedded covertly, making it undetectable to unauthorized. The H.264 Video compression technique provides high-quality video at low bit rates for streaming, recording, and online distribution. This research paper presents a method for hiding data within a cover media (video) using the H.264 technique, which means video steganography. The hiding is done using motion estimation in the encoder of H.264, where the bits are embedded in the motion vectors within the P and B frames for the IBBP sequence format. The hidden data is retrieved and extracted by the H.264 decoder by motion compensation in the receiver. These operations were done using MATLAB and both the secret text and the original cover media were successfully retrieved with an SNR of &gt;34 dB.</div></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"3 ","pages":"Article 100109"},"PeriodicalIF":0.0,"publicationDate":"2025-07-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144686242","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Lyric-based passwords: Enhancing security and recall with AI","authors":"Jared Wise,&nbsp;Md Tamjidul Hoque","doi":"10.1016/j.csa.2025.100108","DOIUrl":"10.1016/j.csa.2025.100108","url":null,"abstract":"<div><div>In the digital age, text-based passwords remain the cornerstone of user authentication. However, the balance between security and memorability remains a significant challenge. Users often face a dilemma between creating complex passwords that are difficult to remember and simpler ones that are vulnerable to attacks.</div><div>This research introduces a novel approach to password generation by leveraging linguistic patterns from song lyrics and advanced machine learning models. By processing over 5 million lyrics from the AZ Lyrics and Genius datasets, we identify memorable linguistic constructs, such as verb phrases, to create secure and user-friendly passwords. Transformer architectures are employed for password generation, while LSTM-based models assess their security.</div><div>A web application integrates these features to enhance usability, offering mnemonic aids such as narrative generation and interactive tools for real-time password creation. This system educates users on best practices and simplifies password management through an engaging interface. Comparative studies demonstrate that lyric-based passwords outperform traditional recall and security metrics methods. By balancing usability and robustness, this approach sets a new standard for password management systems and offers a forward-thinking solution to a persistent cybersecurity challenge.</div></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"3 ","pages":"Article 100108"},"PeriodicalIF":0.0,"publicationDate":"2025-07-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144662346","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Autonomous identity-based threat segmentation for zero trust architecture","authors":"Sina Ahmadi","doi":"10.1016/j.csa.2025.100106","DOIUrl":"10.1016/j.csa.2025.100106","url":null,"abstract":"<div><div>Zero Trust Architecture (ZTA) fundamentally redefine network security by adopting a \"trust nothing, verify everything\" approach requiring identity verification for all access. However, conventional access controls are static and fail to consider evolving user activities and contextual threats, leading to internal risks and breaches. This research proposes an AI-driven, autonomous, identity-based threat segmentation framework for ZTA. Behavioral analytics provide real-time risk scores by analyzing login patterns, access behavior, and resource utilization, while Machine Learning models dynamically adjust permissions based on geolocation, device type, and time of access. Automated threat segmentation enables the real-time isolation of compromised identities, minimizing breach progression. Practical use cases, such as insider threat mitigation across distributed offices, are discussed. Privacy concerns, false positives, and scalability challenges are addressed. Comparative analysis demonstrates the system’s precision and scalability, enhancing dynamic access governance while maintaining user productivity.</div></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"3 ","pages":"Article 100106"},"PeriodicalIF":0.0,"publicationDate":"2025-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144522268","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Public-Key replacement attacks on lightweight authentication schemes for resource-constrained scenarios","authors":"Fei Zhu ,&nbsp;Ying Hu ,&nbsp;Yufei Ren ,&nbsp;Bingfei Han ,&nbsp;Xu Yang","doi":"10.1016/j.csa.2025.100102","DOIUrl":"10.1016/j.csa.2025.100102","url":null,"abstract":"<div><div>Ensuring data integrity and data source trustworthiness during data sharing has always attracted the attention of researchers. Very recently, Zhu et al. designed a lightweight conditional privacy-preserving identity authentication scheme for securing vehicular ad-hoc networks. Feng et al. constructed an authentication transmission mechanism for artificial intelligence generated image content. Zhu et al. and Feng et al. proposed a lightweight certificateless aggregate signature (CLAS) scheme as their respective foundation signature schemes. They claimed that their constructions were provably secure against several types of security attacks. In this work, by analyzing their respective underlying CLAS schemes, we found that their schemes are unable to achieve unforgeability, which is the most critical property that a signature scheme should provide. In particular, for each scheme, we show that a malicious public-key replacement attacker has the ability to forge a valid signature on any false message. Taking Zhu et al.’s scheme as an example, such an attack allows a malicious attacker to impersonate an honest vehicle to broadcast fraudulent information about road conditions, causing traffic congestion or even accidents. We also analyze the reason for such an attack and provide corresponding improvement suggestions.</div></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"3 ","pages":"Article 100102"},"PeriodicalIF":0.0,"publicationDate":"2025-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144307990","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"An ensemble learning framework for enhanced anomaly and failure detection in IoT systems","authors":"Ismail Bibers,&nbsp;Mustafa Abdallah","doi":"10.1016/j.csa.2025.100105","DOIUrl":"10.1016/j.csa.2025.100105","url":null,"abstract":"<div><div>The rapid proliferation of Internet of Things (IoT) devices has revolutionized modern connectivity but also introduced significant cybersecurity challenges due to heterogeneous architectures, resource limitations, and expanding attack surfaces. In this study, we propose a flexible ensemble-based anomaly detection framework tailored for IoT environments. By integrating diverse machine learning models including decision trees, support vector machines, and neural networks through techniques such as bagging, boosting, blending, and stacking, our approach aims to enhance detection accuracy and robustness against evolving threats. We evaluate the framework on two benchmark datasets: one from a smart manufacturing setting using MEMS sensors, and the other from the N-BaIoT dataset, which targets botnet detection in IoT networks. Evaluation results demonstrate that ensemble methods consistently outperform individual classifiers across key metrics, including accuracy, precision, recall, and F1-score. For the MEMS dataset, advanced ensemble methods deliver an absolute increase of approximately 2.0 % in anomaly detection accuracy over the top-performing single AI method. For the N-BaIoT dataset, the average accuracy of all ensemble approaches is 95.53 % while that for single AI models is 73.82 %. Additionally, we assess runtime performance to gauge their suitability for real-time applications. We also show the confusion matrices and ROC curves of different models used in our framework. To promote reproducibility, we have released our codebase, trained models, and processed datasets. This work offers practical insights into building secure and reliable IoT systems and highlights the potential of ensemble learning in this context.</div></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"3 ","pages":"Article 100105"},"PeriodicalIF":0.0,"publicationDate":"2025-06-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144522267","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Secure and efficient drug supply chain management system: Leveraging polymorphic encryption, blockchain, and cloud storage integration","authors":"Muammar Shahrear Famous ,&nbsp;Samia Sayed ,&nbsp;Rashed Mazumder ,&nbsp;Risala T. Khan ,&nbsp;M. Shamim Kaiser ,&nbsp;Mohammad Shahadat Hossain ,&nbsp;Karl Andersson ,&nbsp;Rahamatullah Khondoker","doi":"10.1016/j.csa.2025.100103","DOIUrl":"10.1016/j.csa.2025.100103","url":null,"abstract":"<div><div>The counterfeit medication infiltration within global supply chains poses a major public health threat. To address this, a collaborative effort among governments, regulators, and pharmaceutical companies is essential to secure the global/local supply chain. This paper proposes a novel approach that leverages blockchain technology, polymorphic encryption, and cloud storage to tackle security risks and privacy concerns in medication supply chains. The framework integrates a drug supply chain decentralized application (also called SCMapp) within the Ethereum blockchain, enabling functionalities like secure supplier onboarding, encrypted data management, cloud storage integration, and efficient data retrieval. This approach aims to revolutionize drug supply chain management by enhancing security, transparency, and overall efficiency, ensuring adherence to global health regulations. A safe and effective method for managing drug supply chains is provided by the suggested Drug Supply Chain Management System. The proposed model outperformed existing solutions in terms of security, efficiency, and traceability. The combination of encryption, blockchain, and cloud storage provided a comprehensive approach to address the challenges of drug supply chain management. The comparison analysis highlighted the unique advantages of the proposed model over other methods.</div></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"3 ","pages":"Article 100103"},"PeriodicalIF":0.0,"publicationDate":"2025-06-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144330739","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"CNN Based Deep Learning Modeling with Explainability Analysis for Detecting Fraudulent Blockchain Transactions","authors":"Mohammad Hasan ,&nbsp;Mohammad Shahriar Rahman ,&nbsp;Mohammad Jabed Morshed Chowdhury ,&nbsp;Iqbal H. Sarker","doi":"10.1016/j.csa.2025.100101","DOIUrl":"10.1016/j.csa.2025.100101","url":null,"abstract":"<div><div>In the era of growing cryptocurrency adoption, Blockchain has emerged as a leading player in the digital payment landscape. However, this widespread popularity also brings forth various security challenges, including the need to safeguard against fraudulent activities. One of the paramount challenges in this regard is the detection of fraudulent transactions within the realm of Bitcoin data. This task significantly influences the trust and security of digital payments. Yet, it’s a formidable challenge given the relatively low occurrence of fraudulent Bitcoin transactions. While deep learning techniques have demonstrated their prowess in fraud detection, there remains a scarcity of studies exploring their potential, particularly in Blockchain. This study aims to fill that gap, focusing on our 1D Convolutional Neural Network (CNN) model, which combines the power of eXplainable Artificial Intelligence (XAI) techniques. To understand how our model works and explain its decisions, we use the Shapley Additive exPlanation (SHAP) method, which measures each feature’s impact. We also deal with data imbalance by exploring various methods to balance fraudulent and benign Bitcoin transaction data. Our findings are significant, indicating that the proposed 1D CNN model achieves higher accuracy while simultaneously reducing the False Positive Rate (FPR).</div></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"3 ","pages":"Article 100101"},"PeriodicalIF":0.0,"publicationDate":"2025-05-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144222692","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Survey of deep learning approaches for securing industrial control systems: A comparative analysis","authors":"Muhammad Muzamil Aslam ,&nbsp;Ali Tufail ,&nbsp;Muhammad Nauman Irshad","doi":"10.1016/j.csa.2025.100096","DOIUrl":"10.1016/j.csa.2025.100096","url":null,"abstract":"<div><div>In an era where critical infrastructure (CI) underpins our daily lives spanning electric and thermal plants, water treatment facilities, and essential health and transportation systems, robust security has never been more urgent. The fourth industrial revolution has broadened the attack surface, making anomaly detection in Industrial Control Systems (ICS) a paramount concern for maintaining operational integrity. This research delves into the potential of cutting-edge deep learning techniques like CNNs, LSTM networks, AE, linear models (LIN), Gated Recurrent Units (GRU), and DNN—to effectively identify anomalies within the ICS environment using the SWaT dataset. Each approach underwent rigorous evaluation based on critical performance metrics such as accuracy, precision, recall, and F1 score. Through insightful visualizations of confusion matrices, we reveal the intricacies of model decision-making, including the nature of false positives and negatives. Our findings highlight the capabilities of advanced neural networks for anomaly detection and lay the groundwork for implementing robust security measures, enhancing the resilience of industrial systems against emerging threats. This work is a significant step toward safeguarding our vital infrastructure.</div></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"3 ","pages":"Article 100096"},"PeriodicalIF":0.0,"publicationDate":"2025-05-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144168886","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Leveraging federated learning for DoS attack detection in IoT networks based on ensemble feature selection and deep learning models","authors":"Tasneem Qasem Al-Ghadi ,&nbsp;Selvakumar Manickam ,&nbsp;I. Dewa Made Widia ,&nbsp;Eka Ratri Noor Wulandari ,&nbsp;Shankar Karuppayah","doi":"10.1016/j.csa.2025.100098","DOIUrl":"10.1016/j.csa.2025.100098","url":null,"abstract":"<div><div>The Internet of Things (IoT) seamlessly integrates into daily life, enhancing decision-making and simplifying everyday tasks across various domains, including organizations, healthcare, the military, and industry. However, IoT systems face numerous security threats, making data protection against cyberattacks essential. While deploying an Intrusion Detection System (IDS) in a centralized framework can lead to data leakage, Federated Learning (FL) offers a privacy-preserving alternative by training models locally and transmitting only the updated model weights to a central server for aggregation. Detecting Denial-of-Service (DoS) attacks in IoT networks is critical for ensuring cybersecurity. This study compares the performance of centralized and federated learning (FL) approaches in detecting DoS attacks using four deep learning models: Recurrent Neural Network (RNN), Long Short-Term Memory (LSTM), Gated Recurrent Unit (GRU), and Convolutional Neural Network (CNN). To enhance model efficiency, we apply filter-based feature selection techniques, including Variance Threshold, Mutual Information, Chi-square, ANOVA, and L1-based methods, and employ an ensemble feature selection approach by combining them through a union operation. Additionally, a wrapper-based Recursive Feature Elimination (RFE) method is used to refine feature selection by removing redundant and irrelevant features. Experiments were conducted using the IoT Intrusion Dataset (IoTID20), and model performance was evaluated based on accuracy, precision, recall, F1-score, and ROC-AUC metrics. In the centralized learning scenario, the highest accuracy was achieved with GRU using Mutual Information (MI) at 99.91 %, followed by RNN with MI at 99.90 %. In the FL scenario, the highest accuracy was achieved with CNN using the ANOVA method at 99.73 %, followed by GRU with Chi2 at 99.61 %. These findings underscore the significant impact of feature selection on learning performance and provide valuable insights into optimizing deep learning-based DoS detection in IoT networks.</div></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"3 ","pages":"Article 100098"},"PeriodicalIF":0.0,"publicationDate":"2025-04-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143947206","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}