Cyber Security and Applications最新文献

{"title":"CNN Based Deep Learning Modeling with Explainability Analysis for Detecting Fraudulent Blockchain Transactions","authors":"Mohammad Hasan ,&nbsp;Mohammad Shahriar Rahman ,&nbsp;Mohammad Jabed Morshed Chowdhury ,&nbsp;Iqbal H. Sarker","doi":"10.1016/j.csa.2025.100101","DOIUrl":"10.1016/j.csa.2025.100101","url":null,"abstract":"<div><div>In the era of growing cryptocurrency adoption, Blockchain has emerged as a leading player in the digital payment landscape. However, this widespread popularity also brings forth various security challenges, including the need to safeguard against fraudulent activities. One of the paramount challenges in this regard is the detection of fraudulent transactions within the realm of Bitcoin data. This task significantly influences the trust and security of digital payments. Yet, it’s a formidable challenge given the relatively low occurrence of fraudulent Bitcoin transactions. While deep learning techniques have demonstrated their prowess in fraud detection, there remains a scarcity of studies exploring their potential, particularly in Blockchain. This study aims to fill that gap, focusing on our 1D Convolutional Neural Network (CNN) model, which combines the power of eXplainable Artificial Intelligence (XAI) techniques. To understand how our model works and explain its decisions, we use the Shapley Additive exPlanation (SHAP) method, which measures each feature’s impact. We also deal with data imbalance by exploring various methods to balance fraudulent and benign Bitcoin transaction data. Our findings are significant, indicating that the proposed 1D CNN model achieves higher accuracy while simultaneously reducing the False Positive Rate (FPR).</div></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"3 ","pages":"Article 100101"},"PeriodicalIF":0.0,"publicationDate":"2025-05-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144222692","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Intelligent phishing website detection: A CNN-SVM approach with nature-inspired hyperparameter tuning","authors":"Santosh Kumar Birthriya,&nbsp;Priyanka Ahlawat,&nbsp;Ankit Kumar Jain","doi":"10.1016/j.csa.2025.100100","DOIUrl":"10.1016/j.csa.2025.100100","url":null,"abstract":"<div><div>Phishing attacks represent a growing threat to online users and software developers, necessitating the development of advanced detection strategies. This study proposes a hybrid framework that integrates convolutional neural networks (CNN) for feature extraction and support vector machines (SVM) for classification, with the SVM optimized using the grey wolf optimizer (GWO). The CNN component is responsible for capturing complex and discriminative patterns from website data, enabling more effective differentiation between phishing and legitimate websites. Hyperparameter tuning via GWO enhances the classification performance of the SVM by generating an optimal decision boundary. Evaluation was conducted using established datasets, including those from Kaggle, the UCI Machine Learning Repository, Phishtank, 5000 Best Websites, and Alexa. Experimental results show that the CNN–SVM model, with GWO optimization, achieved an accuracy of 99.18 %, indicating its practical utility in phishing detection applications. The findings suggest that the proposed framework, supported by additional security mechanisms, contributes to a reduction in false positives while maintaining reliable detection of phishing threats.</div></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"3 ","pages":"Article 100100"},"PeriodicalIF":0.0,"publicationDate":"2025-05-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144895372","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Survey of deep learning approaches for securing industrial control systems: A comparative analysis","authors":"Muhammad Muzamil Aslam ,&nbsp;Ali Tufail ,&nbsp;Muhammad Nauman Irshad","doi":"10.1016/j.csa.2025.100096","DOIUrl":"10.1016/j.csa.2025.100096","url":null,"abstract":"<div><div>In an era where critical infrastructure (CI) underpins our daily lives spanning electric and thermal plants, water treatment facilities, and essential health and transportation systems, robust security has never been more urgent. The fourth industrial revolution has broadened the attack surface, making anomaly detection in Industrial Control Systems (ICS) a paramount concern for maintaining operational integrity. This research delves into the potential of cutting-edge deep learning techniques like CNNs, LSTM networks, AE, linear models (LIN), Gated Recurrent Units (GRU), and DNN—to effectively identify anomalies within the ICS environment using the SWaT dataset. Each approach underwent rigorous evaluation based on critical performance metrics such as accuracy, precision, recall, and F1 score. Through insightful visualizations of confusion matrices, we reveal the intricacies of model decision-making, including the nature of false positives and negatives. Our findings highlight the capabilities of advanced neural networks for anomaly detection and lay the groundwork for implementing robust security measures, enhancing the resilience of industrial systems against emerging threats. This work is a significant step toward safeguarding our vital infrastructure.</div></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"3 ","pages":"Article 100096"},"PeriodicalIF":0.0,"publicationDate":"2025-05-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144168886","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Leveraging federated learning for DoS attack detection in IoT networks based on ensemble feature selection and deep learning models","authors":"Tasneem Qasem Al-Ghadi ,&nbsp;Selvakumar Manickam ,&nbsp;I. Dewa Made Widia ,&nbsp;Eka Ratri Noor Wulandari ,&nbsp;Shankar Karuppayah","doi":"10.1016/j.csa.2025.100098","DOIUrl":"10.1016/j.csa.2025.100098","url":null,"abstract":"<div><div>The Internet of Things (IoT) seamlessly integrates into daily life, enhancing decision-making and simplifying everyday tasks across various domains, including organizations, healthcare, the military, and industry. However, IoT systems face numerous security threats, making data protection against cyberattacks essential. While deploying an Intrusion Detection System (IDS) in a centralized framework can lead to data leakage, Federated Learning (FL) offers a privacy-preserving alternative by training models locally and transmitting only the updated model weights to a central server for aggregation. Detecting Denial-of-Service (DoS) attacks in IoT networks is critical for ensuring cybersecurity. This study compares the performance of centralized and federated learning (FL) approaches in detecting DoS attacks using four deep learning models: Recurrent Neural Network (RNN), Long Short-Term Memory (LSTM), Gated Recurrent Unit (GRU), and Convolutional Neural Network (CNN). To enhance model efficiency, we apply filter-based feature selection techniques, including Variance Threshold, Mutual Information, Chi-square, ANOVA, and L1-based methods, and employ an ensemble feature selection approach by combining them through a union operation. Additionally, a wrapper-based Recursive Feature Elimination (RFE) method is used to refine feature selection by removing redundant and irrelevant features. Experiments were conducted using the IoT Intrusion Dataset (IoTID20), and model performance was evaluated based on accuracy, precision, recall, F1-score, and ROC-AUC metrics. In the centralized learning scenario, the highest accuracy was achieved with GRU using Mutual Information (MI) at 99.91 %, followed by RNN with MI at 99.90 %. In the FL scenario, the highest accuracy was achieved with CNN using the ANOVA method at 99.73 %, followed by GRU with Chi2 at 99.61 %. These findings underscore the significant impact of feature selection on learning performance and provide valuable insights into optimizing deep learning-based DoS detection in IoT networks.</div></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"3 ","pages":"Article 100098"},"PeriodicalIF":0.0,"publicationDate":"2025-04-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143947206","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Security analysis of the open banking account and transaction API protocol","authors":"Paolo Modesti ,&nbsp;Leo Freitas ,&nbsp;Qudus Shotomiwa ,&nbsp;Abdulaziz Almehrej","doi":"10.1016/j.csa.2025.100097","DOIUrl":"10.1016/j.csa.2025.100097","url":null,"abstract":"<div><div>The Second Payment Services Directive (PSD2) of the European Union aims to create a consumer-friendly financial market by mandating secure and standardised data sharing between banking operators and third parties. Consequently, EU countries and the United Kingdom have adopted Open Banking, a standardised data-sharing API. This paper presents a formal modelling and security analysis of the UK Open Banking Standard’s APIs, with a specific focus on the Account and Transaction API protocol. Our methodology employs the extended Alice and Bob notation (AnBx) to create a formal model of the protocol, which is then verified using the OFMC symbolic model checker and the ProVerif cryptographic protocol verifier. We extend previous work by enabling verification for unlimited sessions with a strongly typed model. Additionally, we integrate our formal analysis with practical security testing of some necessary conditions to demonstrate verified security-goals in the NatWest Open Banking sandbox, evaluating mechanisms such as authorisation and authentication procedures.</div></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"3 ","pages":"Article 100097"},"PeriodicalIF":0.0,"publicationDate":"2025-04-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144253791","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A novel approach based on XGBoost classifier and Bayesian optimization for credit card fraud detection","authors":"Mohammed Tayebi,&nbsp;Said El Kafhali","doi":"10.1016/j.csa.2025.100093","DOIUrl":"10.1016/j.csa.2025.100093","url":null,"abstract":"<div><div>Nowadays, detecting fraudulent transactions has become increasingly important due to the rise of online businesses and the increasing use of sophisticated techniques by fraudsters to make fraudulent transactions appear similar to genuine ones. Researchers have explored a lot of machine learning classifiers, such as random forest, decision tree, support vector machine, logistic regression, artificial neural network, and recurrent neural network, to secure these systems. This study proposes an enhanced XGBoost algorithm for detecting fraudulent transactions using an intelligent technique that tunes the hyperparameters of the algorithm through Bayesian optimization. To test the performance of our solution, several experiments are conducted on two credit card datasets consisting of both legitimate and fraudulent transactions. To prevent overfitting on imbalanced datasets, we employed cross-validation, SMOTE, and Random under-sampling techniques. For Data 1, the best performance using SMOTE achieved an accuracy of 0.9996, precision of 0.9406, recall of 0.8740, F-measure of 0.8740, and AUC of 0.9879. For Data 2, the Random Under-sampling technique yielded the highest performance with an accuracy of 0.8325, precision of 0.8294, recall of 0.8378, F-measure of 0.8336, and AUC of 0.9088. Our proposed solution outperforms other machine learning models, as demonstrated by these experimental results.</div></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"3 ","pages":"Article 100093"},"PeriodicalIF":0.0,"publicationDate":"2025-04-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144115144","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Multimodal deep neural network for UAV GPS jamming attack detection","authors":"Fargana Abdullayeva,&nbsp;Orkhan Valikhanli","doi":"10.1016/j.csa.2025.100094","DOIUrl":"10.1016/j.csa.2025.100094","url":null,"abstract":"<div><div>Despite the progress in Unmanned Aerial Vehicles, various issues remain related to their cybersecurity. One of these issues is GPS jamming attacks. GPS jamming attacks can cause UAVs to lose control and crash. These crashes may result in injuries or fatalities. In this paper, we propose a novel multimodal UAV GPS jamming attack detection framework capable of recognizing attacks from visual and tabular data using deep convolutional neural networks and a multi-layer perceptron, respectively. The proposed multimodal model is capable of not only detecting the presence of jamming attacks but also identifying five different types of such attacks. As a result of the experiments conducted, high results were obtained compared to the existing methods. Thus, MLP was able to detect GPS jamming attacks with 96.25 % accuracy, CNN with 94.66 % accuracy, and the proposed multimodal deep learning (MLP+CNN) with 99 % accuracy.</div></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"3 ","pages":"Article 100094"},"PeriodicalIF":0.0,"publicationDate":"2025-04-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143876502","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Design of distributed denial-of-service attack prevention mechanism for IoT-driven data fusion system","authors":"Siddhant Thapliyal,&nbsp;Mohammad Wazid,&nbsp;D.P. Singh","doi":"10.1016/j.csa.2025.100092","DOIUrl":"10.1016/j.csa.2025.100092","url":null,"abstract":"<div><div>In the current era, informatics systems technology is advancing at a rapid pace, and as a result, the Internet of Things (IoT) has become increasingly important to daily life in many ways. Multisensor fusion is the integration of data from several sensors/ sensing devices (i.e., smart IoT devices) to produce a more accurate and reliable representation of the environment. It is a crucial technology across numerous fields, including robotics, autonomous vehicles, smart cities, and other IoT-driven applications. The availability of several devices that serve as IoT enablers, such as smartwatches, smartphones, security cameras, and smart sensors, has led to an increase in the popularity of IoT applications compared to earlier times. In order to create a bidirectional distributed denial-of-service (DDoS) detection mechanism for an IoT-driven data fusion system, this study proposed a scheme by making use of three deep/ machine learning algorithms, K-Nearest neighbor (KNN), Gaussian Mixture Model (GMM), and Support Vector Machine (SVM). In order to identify the most efficient model against DDoS attacks that can precisely detect and discriminate DDoS from legal traffic, the KNN, GMM, SVM are tested and put into practice using SVM model for highest accuracy. An SDN-specific data set created with Mini Net emulator involves designing a network topology, generating traffic, and collecting data to evaluate SDN applications and controllers. Confusion Matrix is used to test and evaluate the three models in relation to four widely-used criteria: accuracy, precision, recall, and F-measure. Network simulation is used to analyze malicious traffic, which consists of a combination of ICMP, UDP Flood, and TCP Syn attack, as well as benign TCP, UDP, and ICMP traffic.</div></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"3 ","pages":"Article 100092"},"PeriodicalIF":0.0,"publicationDate":"2025-04-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144895352","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Blockchain-integrated image steganography using xDoG edge detection for authentication","authors":"Biswajit Patwari ,&nbsp;Utpal Nandi ,&nbsp;Srishti Dey ,&nbsp;Sayani Dhar ,&nbsp;Sudipta Kr Ghosal ,&nbsp;Tapas Si","doi":"10.1016/j.csa.2025.100091","DOIUrl":"10.1016/j.csa.2025.100091","url":null,"abstract":"<div><div>The fusion of image steganography with blockchain technology have brought about novel prospects for safe and decentralized authentication systems in recent years. In this paper, we propose a blockchain-based authentication system that makes use of eXtended Difference of Gaussians (xDoG) edge detection in steganography domain. Here, the xDoG edge detection captures both major and subtle edges for a more detailed and nuanced edge map. Other parameters viz. edge thickness, contrast and brightness etc. may be fine-tuned, making it more prominent. The principle behind embedding the secret image inside the cover image is to conceal more secret bits in the edge pixels and fewer bits in the non-edge pixels. The Stego-image obtained through the process is conveyed to the intended recipient using a public channel. The sender computes a hash value from the Stego-image and records the same in the blockchain network which makes illegal access and data tampering more stimulating. Blockchain's intrinsic immutability and decentralized structure are exploited to verify the authenticity and integrity of the Stego-image, allows the receiver to extract out the hidden content and, thereby firming resistance against attacks. Simulation result ensures that the proposed method attain an average payload of up to 3.43 bpp. The average PSNR in this trial consistently stays above 34 dB, and the SSIM never falls below 0.93, guaranteeing that the Stego-images' image quality is both very acceptable and better than that of the state-of-the-art techniques. To confirm the findings, the StegExpose and SR-Net are also used to assess the security of the Stego-image.</div></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"3 ","pages":"Article 100091"},"PeriodicalIF":0.0,"publicationDate":"2025-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144867017","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"An explainable ensemble-based intrusion detection system for software-defined vehicle ad-hoc networks","authors":"Shakil Ibne Ahsan ,&nbsp;Phil Legg ,&nbsp;S.M. Iftekharul Alam","doi":"10.1016/j.csa.2025.100090","DOIUrl":"10.1016/j.csa.2025.100090","url":null,"abstract":"<div><div>Intrusion Detection Systems (IDS) are widely employed to detect and mitigate external network security events. Vehicle ad-hoc Networks (VANETs) continue to evolve, especially with developments related to Connected Autonomous Vehicles (CAVs). In this study, we explore the detection of cyber threats in vehicle networks through ensemble-based machine learning, to strengthen the performance of the learnt model compared to relying on a single model. We propose a model that uses Random Forest and CatBoost as our main ’investigators’, with Logistic Regression used to then reason on their outputs to make a final decision. To further aid analysis, we use SHAP (SHapley Additive exPlanations) analysis to examine feature importance towards the final decision stage. We use the Vehicular Reference Misbehavior (VeReMi) dataset for our experimentation and observe that our approach improves classification accuracy, and results in fewer misclassifications compared to previous works. Overall, this layered approach to decision-making - combining teamwork among models with an explainable view of why they act as they do - can help to achieve a more reliable and easy-to-understand cyber security solution for smart transportation networks.</div></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"3 ","pages":"Article 100090"},"PeriodicalIF":0.0,"publicationDate":"2025-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143816874","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}