{"title":"Unleashing offensive artificial intelligence: Automated attack technique code generation","authors":"Eider Iturbe , Oscar Llorente-Vazquez , Angel Rego , Erkuden Rios , Nerea Toledo","doi":"10.1016/j.cose.2024.104077","DOIUrl":"10.1016/j.cose.2024.104077","url":null,"abstract":"<div><p>Artificial Intelligence (AI) technology is revolutionizing the digital world and becoming the cornerstone of the modern digital systems. The capabilities of cybercriminals are expanding as they adopt new technologies like zero-day exploits or new business models such as hacker-as-a-service. While AI capabilities can improve cybersecurity measures, this same technology can also be utilized as an offensive cyber weapon to create sophisticated and intricate cyber-attacks. This paper describes an AI-powered mechanism for the automatic generation of attack techniques, ranging from initial attack vectors to impact-related actions. It presents a comprehensive analysis of simulated attacks by highlighting the attack tactics and techniques that are more likely to be generated using AI technology, specifically Large Language Model (LLM) technology. The work empirically demonstrates that LLM technology can be easily used by cybercriminals for attack execution. Moreover, the solution can complement Breach and Attack Simulation (BAS) platforms and frameworks that automate the security assessment in a controlled manner. BAS could be enhanced with AI-powered attack simulation by bringing forth new ways to automatically program multiple attack techniques, even multiple versions of the same attack technique. Therefore, AI-enhanced attack simulation can assist in ensuring digital systems are bulletproof and protected against a great variety of attack vectors and actions.</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":null,"pages":null},"PeriodicalIF":4.8,"publicationDate":"2024-08-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S0167404824003821/pdfft?md5=50584419d0d6a55d9170eea75a91154b&pid=1-s2.0-S0167404824003821-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142122065","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
K. Sundaramoorthy , K.E. Purushothaman , J. Jeba Sonia , N. Kanthimathi
{"title":"Enhancing cybersecurity in cloud computing and WSNs: A hybrid IDS approach","authors":"K. Sundaramoorthy , K.E. Purushothaman , J. Jeba Sonia , N. Kanthimathi","doi":"10.1016/j.cose.2024.104081","DOIUrl":"10.1016/j.cose.2024.104081","url":null,"abstract":"<div><p>The evolution of cloud computing has revolutionized how users access services, simplifying the development and deployment of applications across various industries. With its pervasive adoption, robust security measures become imperative. Integrating Intrusion Detection Systems (IDSs) into cloud computing and Wireless Sensor Networks (WSNs) addresses these challenges. IDSs serve as attentive protectors, monitoring network traffic and responding to breaches promptly, enhancing security across industries reliant on cloud services. Similarly, IDS integration in WSNs ensures the security of mission-critical operations, despite resource constraints and dynamic topologies, facilitated by cloud computing. This research proposes a hybrid IDS approach, leveraging the NSL-KDD dataset and methodologies like Intrusion Support Scalar Impact Rate (ISSIR), Optimized Support Vector Machine (OSVM), Extended Long-Short-Term Memory (ELSTM), and Multilayer Perceptron Neural Network (MLPNN), enhancing intrusion detection efficacy. ISSIR aids in feature selection, OSVM mitigates localization errors, ELSTM enables precise anomaly detection, and MLPNN provides robust defense mechanisms. Each method is integrated into a collaborative framework to address specific challenges in detecting intrusions with higher accuracy and reduced false positives. The interplay between these methodologies strengthens the overall intrusion detection framework, addressing the dynamic nature of cybersecurity threats. Results demonstrate the superior performance of MLPNN across various metrics, showcasing its effectiveness in accurately predicting outcomes compared to other models. The proposed MLPNN hybrid system achieves an accuracy of 99.9%, surpassing state-of-the-art methods. This study underscores the significance of advancing IDSs in cloud computing and WSNs, offering insights into enhancing security and mitigating vulnerabilities in an interconnected digital landscape.</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":null,"pages":null},"PeriodicalIF":4.8,"publicationDate":"2024-08-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142149983","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Automatic phishing website detection and prevention model using transformer deep belief network","authors":"Amol Babaso Majgave , Nitin L. Gavankar","doi":"10.1016/j.cose.2024.104071","DOIUrl":"10.1016/j.cose.2024.104071","url":null,"abstract":"<div><p>In the digitally connected world cybersecurity is paramount, phishing where attackers pose as trusted entities to steal sensitive data, looms large. The proliferation of phishing attacks on the internet poses a substantial threat to individuals and organizations, compromising sensitive information and causing financial and reputational damage. This study's goal is to establish an automated system for the early detection and prevention of phishing websites, thereby enhancing online security and protecting users from cyber threats. This research initially employs One Hot Encoding (OHE) mechanism-based pre-processing mechanism that converts every URL string into a numerical vector with a particular dimension. This study utilizes two feature selection techniques which are transfer learning-based feature extraction using DarkNet19 and Variational Autoencoder (VAE) to select the value of the most important feature. The robust security mechanisms are presented to prevent phishing attacks and safeguard personal information on websites. List-based deep learning-based systems to prevent and detect phishing URLs more efficiently. The study proposes a transformer-based Deep Belief Network (TB-DBN), a veritable pre-trained deep transformer network model for phishing behaviour detection. A cross-validation technique with grid search hyper-parameter tuning based on the Intelligence Binary Bat Algorithm (IBBA) was designed using the proposed hybrid model. Predictions were made to classify the phishing URLs using a probabilistic estimation guided boosting classifier model and evaluate their performance in terms of accuracy, precision, recall, specificity, and F1- score. The risk level associated with the URL will be assessed based on various factors, such as the source's reputation, content analysis results, and behavioural anomalies. The computational complexity of DL model training is influenced by various factors, such as the model's complexity, the training data's size, and the optimization algorithm exploited, for training. The outcome demonstrates that tweaking variables increases the effectiveness of Python-based deep learning systems. The findings of the proposed method excel, achieving an accuracy of 99.4 %, precision of 99.2 %, recall of 99.3 %, and an F1-score of 99.2 %. This innovative automatic phishing website detection and prevention model, based on a Transformer-based Deep Belief Network, offers advanced accuracy and adaptability, strengthening cybersecurity measures to safeguard sensitive user information and mitigate the substantial threat of phishing attacks in the digitally connected world.</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":null,"pages":null},"PeriodicalIF":4.8,"publicationDate":"2024-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142136840","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Anomaly detection for multivariate time series in IoT using discrete wavelet decomposition and dual graph attention networks","authors":"Shujiang Xie , Lian Li , Yian Zhu","doi":"10.1016/j.cose.2024.104075","DOIUrl":"10.1016/j.cose.2024.104075","url":null,"abstract":"<div><p>Effective anomaly detection in multivariate time series data is critical to ensuring the security of Internet of Things (IoT) devices and systems. However, building a high precision and low false positive rate anomaly detection model for the complex and volatile IoT environment is a challenging task. This is often due to issues such as a lack of anomaly labeling, high data volatility, and the complexity of device mechanisms. Traditional machine learning algorithms and sequence models frequently fail to account for feature correlation and temporal dependency in anomaly detection. Although deep learning-based anomaly detection methods have progressed, there is still room for improvement in precision, recall, and generalization ability. In this paper, we propose an anomaly detection model called Meta-MWDG to address these issues. The model is based on a multi-scale discrete wavelet decomposition and a dual graph attention network, which can effectively extract feature correlation and temporal dependency in multivariate time series data. Additionally, model-agnostic meta-learning (MAML) is introduced to improve the model’s generalization performance, enabling it to perform well on new tasks even with a few samples. A gated recurrent unit (GRU) is combined with a multi-head self-attention network to output both prediction and reconstruction results in a joint optimization strategy, improving the precision of anomaly detection. Extensive experimental studies demonstrate that Meta-MWDG outperforms the state-of-the-art methods in anomaly detection.</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":null,"pages":null},"PeriodicalIF":4.8,"publicationDate":"2024-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142076668","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Caixia Gao , Yao Du , Fan Ma , Qiuyan Lan , Jianying Chen , Jingjing Wu
{"title":"A new adversarial malware detection method based on enhanced lightweight neural network","authors":"Caixia Gao , Yao Du , Fan Ma , Qiuyan Lan , Jianying Chen , Jingjing Wu","doi":"10.1016/j.cose.2024.104078","DOIUrl":"10.1016/j.cose.2024.104078","url":null,"abstract":"<div><p>With the gradual expansion of Android systems from mobile phones to intelligent devices, a huge amount of malware has been found every year. To improve the malware detection performance and reduce its reliance on expert experience, deep learning technology has been widely used. However, as the complexity of deep learning models continues to increase, it rapidly increases the consumption of hardware resources. At the same time, anti-detection technology such as Generative Adversarial Networks (GANs) are widely used to evade Artificial Intelligence (AI)-based detection methods. In this paper, we propose a new classification model based on an improved lightweight neural network that can effectively improve the execution efficiency and detection performance of malware detection methods against adversarial malware samples. First, our method uses local-information-entropy-based image generation technology to construct effective image feature vectors. Then, the performance of the lightweight neural network model ESPNetV2 is improved from four aspects. Finally, a new adversarial malware generation model called Mal-WGANGP is proposed. It can automatically generate a large number of adversarial samples to robust our model. In order to evaluate our method, we construct several experiments and compare the detection performance of our method with 19 other novel efficient neural network detection models. Experimental results show that our image enhancement method and detection model have the highest detection accuracy of adversarial samples.</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":null,"pages":null},"PeriodicalIF":4.8,"publicationDate":"2024-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142095790","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Jiaru Song, Guihe Qin, Yanhua Liang, Jie Yan, Minghui Sun
{"title":"DGIDS: Dynamic graph-based intrusion detection system for CAN","authors":"Jiaru Song, Guihe Qin, Yanhua Liang, Jie Yan, Minghui Sun","doi":"10.1016/j.cose.2024.104076","DOIUrl":"10.1016/j.cose.2024.104076","url":null,"abstract":"<div><p>The Controller Area Network (CAN) is widely used in automobiles to interconnect safety-critical electronic control units (ECUs). Unfortunately, CAN does not have inherent security mechanisms as originally designed, which has drawn significant attention from the research community. Currently, the mainstream CAN protection strategy is the Intrusion Detection System (IDS). However, many statistics-based IDSs are unable to identify the identifier (ID) of the attacked message; they can only identify anomalies within a specific time window. Moreover, these systems are often tested solely on public datasets, lacking theoretical validation of their effectiveness. To address these shortcomings, we propose a real-time intrusion detection system based on a dynamic graph. The graph is dynamically constructed based on the arrival of messages, and features are extracted concurrently. By utilizing the distribution of features extracted during the offline phase, our system achieves real-time detection of incoming messages and identifies the ID of the attacked message. Additionally, we introduce a method to theoretically validate the detection system through permutation and probabilistic statistical analysis. Experiments and theoretical analysis demonstrate that our proposed IDS can effectively detect a wide range of attacks with reduced detection time and memory usage.</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":null,"pages":null},"PeriodicalIF":4.8,"publicationDate":"2024-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142095791","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Exploring the factors influencing information security policy compliance and violations: A systematic literature review","authors":"Balagopal N, Saji K Mathew","doi":"10.1016/j.cose.2024.104062","DOIUrl":"10.1016/j.cose.2024.104062","url":null,"abstract":"<div><p>Despite advancements in security technology, the prevalence of insider threats has been on the rise in recent years. Organizations implement Information Security Policies (ISPs) that outline the expected security-related behavior and compliance standards for employees. Ensuring and enhancing ISP compliance and reducing violations is crucial for organizations to maintain their security posture. This Systematic Literature Review (SLR) aims to synthesize the existing research on ISP compliance and violations to identify the underlying factors behind employee policy violations and delve into the factors that promote compliance with ISPs. In order to provide a theoretical foundation for understanding these behaviors, this SLR identifies the prominent theories used to explain ISP compliance and violation. A comprehensive search is conducted across different academic databases, applying defined inclusion and exclusion criteria to select the relevant studies between 2012 and 2023. To understand intentional violations, we categorize and analyze studies on ISP violations based on Moral Disengagement, Neutralization and Deterrence, Stress, and Monitoring mechanisms. For ISP compliance, we categorize and analyze studies based on individual-level decision-making and organizational-level factors. We identified forty-seven factors that influence compliance behavior and forty-one factors that determine non-compliance behavior. Fourteen common factors were identified from prior literature, which were determinants of both compliance and violation behaviors, with opposite directions of influence. By considering both compliance and noncompliance simultaneously, organizations can develop more effective strategies for enhancing compliance and mitigating noncompliance.</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":null,"pages":null},"PeriodicalIF":4.8,"publicationDate":"2024-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142095794","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Kun Huang , Rundong Xian , Ming Xian , Huimei Wang , Lin Ni
{"title":"A comprehensive intrusion detection method for the internet of vehicles based on federated learning architecture","authors":"Kun Huang , Rundong Xian , Ming Xian , Huimei Wang , Lin Ni","doi":"10.1016/j.cose.2024.104067","DOIUrl":"10.1016/j.cose.2024.104067","url":null,"abstract":"<div><p>Cybersecurity breaches within the Internet of Vehicles (IoV) have been increasingly reported annually with the proliferation of intelligent connected vehicles. Two primary obstacles are faced by current intrusion detection systems: substantial computational demands and stringent data privacy regulations, complicating both efficient deployment and the safeguarding of data privacy. Consequently, there is a pressing need for intrusion detection solutions that are both efficient and considerate of privacy concerns. This paper introduces FED-IoV, an innovative intrusion detection method tailored for the IoV, leveraging a federated learning architecture. FED-IoV aims to collaboratively perform detection tasks across distributed edge devices, thereby minimizing data privacy risks. Vehicular communication traffic data is transformed into images, and a bespoke, efficient model, MobileNet-Tiny, is employed for feature extraction, rendering FED-IoV capable of achieving high detection accuracy whilst being viable for deployment on devices with limited resources. Through evaluation against the authoritative datasets CAN-Intrusion and CICIDS2017, exceptional accuracy rates of 98.51 % and 97.74 %, respectively, were demonstrated by FED-IoV within a federated learning context, and excellent detection capabilities on imbalanced datasets were also shown. Moreover, a prediction latency of under 10 milliseconds per sample was maintained on devices with limited computational power, such as the Raspberry Pi 4 8GB, showcasing significantly better accuracy and real-time performance relative to existing approaches. The successful deployment of FED-IoV ushers in a novel, privacy-preserving, and efficient intrusion detection solution for IoV security.</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":null,"pages":null},"PeriodicalIF":4.8,"publicationDate":"2024-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142095797","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Alessandro Palma , Giacomo Acitelli , Andrea Marrella , Silvia Bonomi , Marco Angelini
{"title":"A compliance assessment system for Incident Management process","authors":"Alessandro Palma , Giacomo Acitelli , Andrea Marrella , Silvia Bonomi , Marco Angelini","doi":"10.1016/j.cose.2024.104070","DOIUrl":"10.1016/j.cose.2024.104070","url":null,"abstract":"<div><p>The Incident Management (IM) process is one of the core activities for increasing the overall security level of organizations and better responding to cyber attacks. Different security frameworks (such as ITIL and ISO 27035) provide guidelines for designing and properly implementing an effective IM process. Currently, assessing the compliance of the actual process implemented by an organization with such frameworks is a complex task. The assessment is mainly manually performed and requires much effort in the analysis and evaluation. In this paper, we first propose a taxonomy of compliance deviations to classify and prioritize the impacts of non-compliant causes. We combine trace alignment techniques with a new proposed cost model for the analysis of process deviations rather than process traces to prioritize interventions. We put these contributions into use in a system that automatically assesses the IM process compliance with a reference process model (e.g., the one described in the chosen security framework). It supports the auditor with increased awareness of process issues to make more focused decisions and improve the process’s effectiveness. We propose a benchmark validation for the model, and we show the system’s capability through a usage scenario based on a publicly available dataset of a real IM log. The source code of all components, including the code used for benchmarking, is publicly available as open source on GitHub.</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":null,"pages":null},"PeriodicalIF":4.8,"publicationDate":"2024-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S0167404824003754/pdfft?md5=b3b5304f2a718e77435c1532cd78e1b9&pid=1-s2.0-S0167404824003754-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142048445","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Ivano Bongiovanni , David M. Herold , Simon J. Wilde
{"title":"Protecting the play: An integrative review of cybersecurity in and for sports events","authors":"Ivano Bongiovanni , David M. Herold , Simon J. Wilde","doi":"10.1016/j.cose.2024.104064","DOIUrl":"10.1016/j.cose.2024.104064","url":null,"abstract":"<div><p>Although sport has become an important topic in management research, academics have not fully examined the area of cybersecurity and its strategic relevance in sports management, in particular in and for sports events. In the present study, we examined the relationship between sports and cybersecurity and conducted an integrative literature review that categorizes the research that has been published to date, based on technology-organisation-environment (TOE) framework. The findings show that the role of cybersecurity in and for sports events is a heavily under-researched area that provides an abundance of scientific opportunities. It is also one that deserves further attention, because cyber-attacks on sports events and associated organisations are increasing. Our integrative literature review offers a more structured understanding of this field of investigation and led to the development of a comprehensive research agenda at the intersection between sports management and information security. As one of the first studies to use a literature review that specifically focuses on cybersecurity in and for sports events, we advance the state-of-the-art scholarship in this critical space, and we take the first step to disseminate best practices in cybersecurity and sports management.</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":null,"pages":null},"PeriodicalIF":4.8,"publicationDate":"2024-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S0167404824003699/pdfft?md5=eab90756a72f0127c1806bd68897f585&pid=1-s2.0-S0167404824003699-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142076669","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}