Cyber Security and Applications最新文献

{"title":"Survey of deep learning approaches for securing industrial control systems: A comparative analysis","authors":"Muhammad Muzamil Aslam ,&nbsp;Ali Tufail ,&nbsp;Muhammad Nauman Irshad","doi":"10.1016/j.csa.2025.100096","DOIUrl":"10.1016/j.csa.2025.100096","url":null,"abstract":"<div><div>In an era where critical infrastructure (CI) underpins our daily lives spanning electric and thermal plants, water treatment facilities, and essential health and transportation systems, robust security has never been more urgent. The fourth industrial revolution has broadened the attack surface, making anomaly detection in Industrial Control Systems (ICS) a paramount concern for maintaining operational integrity. This research delves into the potential of cutting-edge deep learning techniques like CNNs, LSTM networks, AE, linear models (LIN), Gated Recurrent Units (GRU), and DNN—to effectively identify anomalies within the ICS environment using the SWaT dataset. Each approach underwent rigorous evaluation based on critical performance metrics such as accuracy, precision, recall, and F1 score. Through insightful visualizations of confusion matrices, we reveal the intricacies of model decision-making, including the nature of false positives and negatives. Our findings highlight the capabilities of advanced neural networks for anomaly detection and lay the groundwork for implementing robust security measures, enhancing the resilience of industrial systems against emerging threats. This work is a significant step toward safeguarding our vital infrastructure.</div></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"3 ","pages":"Article 100096"},"PeriodicalIF":0.0,"publicationDate":"2025-05-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144168886","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Leveraging federated learning for DoS attack detection in IoT networks based on ensemble feature selection and deep learning models","authors":"Tasneem Qasem Al-Ghadi ,&nbsp;Selvakumar Manickam ,&nbsp;I. Dewa Made Widia ,&nbsp;Eka Ratri Noor Wulandari ,&nbsp;Shankar Karuppayah","doi":"10.1016/j.csa.2025.100098","DOIUrl":"10.1016/j.csa.2025.100098","url":null,"abstract":"<div><div>The Internet of Things (IoT) seamlessly integrates into daily life, enhancing decision-making and simplifying everyday tasks across various domains, including organizations, healthcare, the military, and industry. However, IoT systems face numerous security threats, making data protection against cyberattacks essential. While deploying an Intrusion Detection System (IDS) in a centralized framework can lead to data leakage, Federated Learning (FL) offers a privacy-preserving alternative by training models locally and transmitting only the updated model weights to a central server for aggregation. Detecting Denial-of-Service (DoS) attacks in IoT networks is critical for ensuring cybersecurity. This study compares the performance of centralized and federated learning (FL) approaches in detecting DoS attacks using four deep learning models: Recurrent Neural Network (RNN), Long Short-Term Memory (LSTM), Gated Recurrent Unit (GRU), and Convolutional Neural Network (CNN). To enhance model efficiency, we apply filter-based feature selection techniques, including Variance Threshold, Mutual Information, Chi-square, ANOVA, and L1-based methods, and employ an ensemble feature selection approach by combining them through a union operation. Additionally, a wrapper-based Recursive Feature Elimination (RFE) method is used to refine feature selection by removing redundant and irrelevant features. Experiments were conducted using the IoT Intrusion Dataset (IoTID20), and model performance was evaluated based on accuracy, precision, recall, F1-score, and ROC-AUC metrics. In the centralized learning scenario, the highest accuracy was achieved with GRU using Mutual Information (MI) at 99.91 %, followed by RNN with MI at 99.90 %. In the FL scenario, the highest accuracy was achieved with CNN using the ANOVA method at 99.73 %, followed by GRU with Chi2 at 99.61 %. These findings underscore the significant impact of feature selection on learning performance and provide valuable insights into optimizing deep learning-based DoS detection in IoT networks.</div></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"3 ","pages":"Article 100098"},"PeriodicalIF":0.0,"publicationDate":"2025-04-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143947206","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A novel approach based on XGBoost classifier and Bayesian optimization for credit card fraud detection","authors":"Mohammed Tayebi,&nbsp;Said El Kafhali","doi":"10.1016/j.csa.2025.100093","DOIUrl":"10.1016/j.csa.2025.100093","url":null,"abstract":"<div><div>Nowadays, detecting fraudulent transactions has become increasingly important due to the rise of online businesses and the increasing use of sophisticated techniques by fraudsters to make fraudulent transactions appear similar to genuine ones. Researchers have explored a lot of machine learning classifiers, such as random forest, decision tree, support vector machine, logistic regression, artificial neural network, and recurrent neural network, to secure these systems. This study proposes an enhanced XGBoost algorithm for detecting fraudulent transactions using an intelligent technique that tunes the hyperparameters of the algorithm through Bayesian optimization. To test the performance of our solution, several experiments are conducted on two credit card datasets consisting of both legitimate and fraudulent transactions. To prevent overfitting on imbalanced datasets, we employed cross-validation, SMOTE, and Random under-sampling techniques. For Data 1, the best performance using SMOTE achieved an accuracy of 0.9996, precision of 0.9406, recall of 0.8740, F-measure of 0.8740, and AUC of 0.9879. For Data 2, the Random Under-sampling technique yielded the highest performance with an accuracy of 0.8325, precision of 0.8294, recall of 0.8378, F-measure of 0.8336, and AUC of 0.9088. Our proposed solution outperforms other machine learning models, as demonstrated by these experimental results.</div></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"3 ","pages":"Article 100093"},"PeriodicalIF":0.0,"publicationDate":"2025-04-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144115144","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Multimodal deep neural network for UAV GPS jamming attack detection","authors":"Fargana Abdullayeva,&nbsp;Orkhan Valikhanli","doi":"10.1016/j.csa.2025.100094","DOIUrl":"10.1016/j.csa.2025.100094","url":null,"abstract":"<div><div>Despite the progress in Unmanned Aerial Vehicles, various issues remain related to their cybersecurity. One of these issues is GPS jamming attacks. GPS jamming attacks can cause UAVs to lose control and crash. These crashes may result in injuries or fatalities. In this paper, we propose a novel multimodal UAV GPS jamming attack detection framework capable of recognizing attacks from visual and tabular data using deep convolutional neural networks and a multi-layer perceptron, respectively. The proposed multimodal model is capable of not only detecting the presence of jamming attacks but also identifying five different types of such attacks. As a result of the experiments conducted, high results were obtained compared to the existing methods. Thus, MLP was able to detect GPS jamming attacks with 96.25 % accuracy, CNN with 94.66 % accuracy, and the proposed multimodal deep learning (MLP+CNN) with 99 % accuracy.</div></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"3 ","pages":"Article 100094"},"PeriodicalIF":0.0,"publicationDate":"2025-04-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143876502","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"An explainable ensemble-based intrusion detection system for software-defined vehicle ad-hoc networks","authors":"Shakil Ibne Ahsan ,&nbsp;Phil Legg ,&nbsp;S.M. Iftekharul Alam","doi":"10.1016/j.csa.2025.100090","DOIUrl":"10.1016/j.csa.2025.100090","url":null,"abstract":"<div><div>Intrusion Detection Systems (IDS) are widely employed to detect and mitigate external network security events. Vehicle ad-hoc Networks (VANETs) continue to evolve, especially with developments related to Connected Autonomous Vehicles (CAVs). In this study, we explore the detection of cyber threats in vehicle networks through ensemble-based machine learning, to strengthen the performance of the learnt model compared to relying on a single model. We propose a model that uses Random Forest and CatBoost as our main ’investigators’, with Logistic Regression used to then reason on their outputs to make a final decision. To further aid analysis, we use SHAP (SHapley Additive exPlanations) analysis to examine feature importance towards the final decision stage. We use the Vehicular Reference Misbehavior (VeReMi) dataset for our experimentation and observe that our approach improves classification accuracy, and results in fewer misclassifications compared to previous works. Overall, this layered approach to decision-making - combining teamwork among models with an explainable view of why they act as they do - can help to achieve a more reliable and easy-to-understand cyber security solution for smart transportation networks.</div></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"3 ","pages":"Article 100090"},"PeriodicalIF":0.0,"publicationDate":"2025-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143816874","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Enhancing security in IIoT: RFID authentication protocol for edge computing and blockchain-enabled supply chain","authors":"Vikash Kumar ,&nbsp;Santosh Kumar Das","doi":"10.1016/j.csa.2025.100087","DOIUrl":"10.1016/j.csa.2025.100087","url":null,"abstract":"<div><div>This paper addresses security challenges, especially in the authentication mechanism of Industrial Internet of Things (IIoT)-enabled supply chain systems by proposing an enhanced Radio Frequency Identification (RFID) authentication protocol. The current system faces significant security risks due to increased connectivity and data exchange within supply chain networks. The proposed protocol integrates edge computing and blockchain to ensure secure, efficient mutual authentication between RFID tags and supply chain nodes. By utilizing the real-time processing capabilities of edge computing and the decentralization and immutability of blockchain, the protocol enhances the security of data transmitted in the system. The proposed protocol utilizes lightweight cryptographic functions optimized for resource-constrained edge devices, ensuring secure authentication and data transmission without compromising scalability or efficiency. Permissioned blockchain technology further strengthens trust and transparency in the supply chain by providing a decentralized, tamper-resistant ledger. The protocol employs cryptographic techniques such as a cryptographically secure one-way hash function, random number generation function, and circular shift operations to ensure data integrity and confidentiality, achieving mutual authentication, forward secrecy, and resistance to cryptographic attacks. Formal security analysis of the proposed authentication protocol is performed using the Real-Or-Random (ROR) model. The results demonstrate that the protocol offers superior trade-offs in term of security, computational cost, and communication efficiency compared to existing authentication protocols in this field. Simulation of the protocol is performed using Automated Validation of Internet Security Protocols and Applications (AVISPA) tools. Its lightweight design makes it suitable for real-world application in resource-constrained IIoT environments.</div></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"3 ","pages":"Article 100087"},"PeriodicalIF":0.0,"publicationDate":"2025-02-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143636745","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Leveraging blockchain for robust and transparent E-voting systems","authors":"Fatima Abo-Akleek ,&nbsp;Moad Mowafi ,&nbsp;Eyad S. Taqieddin ,&nbsp;Ahmed S. Shatnawi","doi":"10.1016/j.csa.2025.100086","DOIUrl":"10.1016/j.csa.2025.100086","url":null,"abstract":"<div><div>Voting is considered one of the most critical actions for proper decision-making in governmental entities, boards of directors, and the financial sector. Many researchers proposed E-voting systems where the voting process is done online or through secure voting stations with high levels of trust for recording and counting the votes. Moreover, with the recent pandemic highlighting the need for remote voting, transitioning to E-voting is becoming even more critical. One way to build such technology is through Blockchain, which can be employed to guarantee the voting system requirements such as reliability, anonymity, decentralization, and privacy. This work proposes a blockchain-based E-voting system that consists of a distributed architecture for the voter, intermediate servers, and blockchain network components. The intermediate servers are mainly used to balance the workload between the voters and the blockchain servers. The system servers apply a scheduling algorithm to distribute the workload amongst themselves. In addition to the distributed architecture, a new algorithm for storing the blocks within each server’s database is introduced. Emphasis is further placed on how these blocks are broadcast to the other servers. Simulation results show a clear difference in execution time when comparing the proposed distributed architecture with the centralized system. In addition, the new proposed blockchain algorithm shows better results in executing the vote-counting task and identifying any corrupted blocks.</div></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"3 ","pages":"Article 100086"},"PeriodicalIF":0.0,"publicationDate":"2025-02-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143508397","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Cyber intrusion detection using ensemble of deep learning with prediction scoring based optimized feature sets for IOT networks","authors":"Deepesh M. Dhanvijay ,&nbsp;Mrinai M. Dhanvijay ,&nbsp;Vaishali H. Kamble","doi":"10.1016/j.csa.2025.100088","DOIUrl":"10.1016/j.csa.2025.100088","url":null,"abstract":"<div><div>Detecting intrusions in Internet of Things (IoT) networks is critical for maintaining cybersecurity. Traditional Intrusion Detection Systems (IDS) often face challenges in identifying unknown attacks and tend to have high false positive rates. To address these issues, we propose the Ensemble of Deep Learning Models with Prediction Scoring-based Optimized Feature Sets (EDLM-PSOFS). Our approach begins with data preprocessing utilizing MissForest imputation and label one-hot encoding, effectively managing incomplete and categorical data.</div><div>For feature selection, we employ the Median-based Shapiro-Wilk test alongside Correlation-Adaptive LASSO Regression (CALR) to ensure robust feature extraction. To capture temporal patterns effectively, our ensemble integrates Global Attention Long Short-Term Memory networks (GA-LSTMs), utilizing layered structures, residual connections, and attention mechanisms. Additionally, to enhance interpretability and support decision-making, we incorporate the Exploit Prediction Scoring System (EPSS), which evaluates prediction scores and provides detailed insights, thereby improving overall model performance. This comprehensive methodology aims to strengthen the detection capabilities of IDS in IoT environments, reducing false positives while effectively identifying unknown threats.</div></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"3 ","pages":"Article 100088"},"PeriodicalIF":0.0,"publicationDate":"2025-02-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143577844","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Deep learning-driven defense strategies for mitigating DDoS attacks in cloud computing environments","authors":"Doaa Mohsin Abd Ali Afraji ,&nbsp;Jaime Lloret ,&nbsp;Lourdes Peñalver","doi":"10.1016/j.csa.2025.100085","DOIUrl":"10.1016/j.csa.2025.100085","url":null,"abstract":"<div><div>The kind of cyber threat prevalent and most dangerous to networked systems is the Distributed Denial of Service (DDoS), especially with expanded connection of Internet of Things (IoT) devices. This article categorizes DDoS attacks into three primary types: volumetric, protocol based and application layer of cyber attacks. It discusses the application of security threats that arise from the use of the DL models, accusing recently introduced ideas and stressing pitfalls: the issues of data and methods scarcity. There is the same need for the greater use of explainable and transparent AI to improve confidence in such security systems as is noted in the review. It also reveals that present detection performance is constrained and frequently obstructed by the poor quality of the datasets. The future work is proposed to build superior datasets and use accurate algorithm to improve the security models. This paper focuses on explainability as a way of making the AI model creation process and any consequent decisions explainable and transparent. The use of deep learning enhances the capability of cybersecurity in handling DDoS attacks and preventing or controlling them. But it has to be a part of a more large-scope platform, based on multiple types of longitudinal or cross-sectional data combined with high efficiency, explainable AI. The article ends with call to proceed with studying and advancing the AI application in response to new threats, and make the most of it to enhance protection of the contemporary networked environment.</div></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"3 ","pages":"Article 100085"},"PeriodicalIF":0.0,"publicationDate":"2025-01-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143178619","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Privacy-preserving security of IoT networks: A comparative analysis of methods and applications","authors":"Abubakar Wakili,&nbsp;Sara Bakkali","doi":"10.1016/j.csa.2025.100084","DOIUrl":"10.1016/j.csa.2025.100084","url":null,"abstract":"<div><div>The Internet of Things (IoT) connects devices to enhance efficiency, productivity, and quality of life. However, deploying IoT networks introduces critical privacy and security challenges, including resource constraints, scalability issues, interoperability gaps, and risks to data privacy. Addressing these challenges is vital to ensure the reliability and trustworthiness of IoT applications. This study provides a comprehensive analysis of privacy-preserving security methods, evaluating cryptography, blockchain, machine learning, and fog/edge computing against performance indicators such as scalability, efficiency, robustness, and usability. Through a structured literature review and thorough data analysis, the study reveals that while cryptography offers high security, it faces scalability challenges; blockchain excels in decentralization but struggles with efficiency; machine learning provides adaptive intelligence but raises privacy concerns; and fog/edge computing delivers low-latency processing yet encounters operational complexities. The findings highlight the importance of adopting a hybrid approach that combines the strengths of various methods to overcome their limitations. This study serves as a valuable resource for academia, industry professionals, and policymakers, providing guidance to strengthen IoT infrastructures and influence the direction of future research.</div></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"3 ","pages":"Article 100084"},"PeriodicalIF":0.0,"publicationDate":"2025-01-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143178618","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}