Search Results (47)

Recent advancements in emerging technologies such as IoT and AI have driven digital innovation, while also accelerating the sophistication of cyberattacks and expanding the attack surface. In particular, inter-state cyber warfare, sophisticated ransomware threats, and insider-led personal data breaches have emerged as significant new security risks. In response, this study proposes a Privacy-Aware Integrated Log System model developed to mitigate diverse security threats. By analyzing logs generated from personal information processing systems and security systems, integrated scenarios were derived. These scenarios are designed to defend against various threats, including insider attempts to leak personal data and the evasion of security systems, enabling scenario-based contextual analysis that goes beyond simple event-driven detection. Furthermore, the Analytic Hierarchy Process (AHP) was applied to quantitatively assess the relative importance of each scenario, demonstrating the model’s practical applicability. This approach supports early identification and effective response to personal data breaches, particularly when time and resources are limited by focusing on the top-ranked scenarios based on relative importance. Therefore, this study is significant in that it goes beyond fragmented log analysis to establish a privacy-oriented integrated log system from a holistic perspective, and it further validates its operational efficiency in field applications by conducting an AHP-based relative importance evaluation. Full article

This paper presents a simulation-based investigation into control strategies for mitigating the consequences of cyber-assault on the steering systems of the Maritime Autonomous Surface Ships (MASS). The study focuses on two simulation experiments conducted within the Simulink/MATLAB environment, utilizing the catamaran “Nymo” MASS mathematical model to represent vessel dynamics. Cyber-attacks are modeled as external disturbances affecting the rudder control signal, emulating realistic interference scenarios. To assess control resilience, two configurations are compared during a representative turning maneuver to a specified heading: (1) a Proportional–Integral–Derivative (PID) regulator augmented with a Least Mean Squares (LMS) adaptive filter, and (2) a Nonlinear Autoregressive Moving Average with Exogenous Input (NARMA-L2) neural network regulator. The PID and LMS configurations aim to enhance the disturbance rejection capabilities of the classical controller through adaptive filtering, while the NARMA-L2 approach represents a data-driven, nonlinear control alternative. Simulation results indicate that although the PID and LMS setups demonstrate improved performance over standalone PID in the presence of cyber-induced disturbances, the NARMA-L2 controller exhibits superior adaptability, accuracy, and robustness under adversarial conditions. These findings suggest that neural network-based control offers a promising pathway for developing cyber-resilient steering systems in autonomous maritime vessels. Full article

Traditional security detection methods struggle to identify zero-day attacks in Industrial Control Systems (ICSs), particularly within critical infrastructures (CIs) integrated with the Industrial Internet of Things (IIoT). These attacks exploit unknown vulnerabilities, leveraging the complexity of physical and digital system interconnections, making them difficult to detect. The integration of legacy ICS networks with modern computing and networking technologies has expanded the attack surface, increasing susceptibility to cyber threats. Anomaly detection systems play a crucial role in safeguarding these infrastructures by identifying deviations from normal operations. This study investigates the effectiveness of deep learning-based anomaly detection models in revealing operational anomalies that could indicate potential cyber-attacks. We implemented and evaluated a hybrid deep learning architecture combining Convolutional Neural Networks (CNNs) and Long Short-Term Memory (LSTM) networks to analyze ICS telemetry data. The CNN-LSTM model excels in identifying time-dependent anomalies and enables near real-time detection of cyber-attacks, significantly improving security monitoring capabilities for IIoT-integrated critical infrastructures. Full article

This study presents one of the most extensive analyses of the lifecycle of leaked authentication credentials to date, bridging the gap between database breaches and real-world cyberattacks. We analyze over 27 billion leaked credentials—nearly 4 billion unique—using a sophisticated data filtering and normalization pipeline to handle breach inconsistencies. Following this analysis, we deploy a distributed sensor network of 39 honeypots running 14 unique services across 9 networks over a one-year-long experiment, capturing one of the most comprehensive authentication datasets in the literature. We analyze leaked credentials, SSH and Telnet session data, and HTTP authentication requests for their composition, characteristics, attack patterns, and occurrence. We comparatively assess whether credentials from leaks surface in real-world attacks. We observe a significant overlap of honeypot logins with common password wordlists (e.g., Nmap, John) and defaultlists (e.g., Piata, Mirai), and limited overlaps between leaked credentials, logins, and dictionaries. We examine generative algorithms (e.g., keywalk patterns, hashcat rules), finding they are widely used by users but not attackers—unless included in wordlists. Our analyses uncover unseen passwords and methods likely designed to detect honeypots, highlighting an adversarial arms race. Our findings offer critical insights into password reuse, mutation, and attacker strategies, with implications for authentication security, attack detection, and digital forensics. Full article

Recently, the IT industry has become larger, and cloud service has rapidly increased; thus cybersecurity to protect sensitive data from attacks has become an important factor. However, cloud services have become larger, making the surface area larger, and a complex cyber environment leads to difficulty managing and defending. With the rise of artificial intelligence, applying artificial intelligence to a cyber environment to automatically detect and respond to cyberattacks has begun to get attention. In order to apply artificial intelligence in cyber environments, a simulation framework that is easily applicable and can represent real situations well is needed. In this study, we introduce the framework Cyber Environment (CYE) that provides useful components that abstract complex and large cloud environments. Additionally, we use CYE to reproduce real-world situations into the scenario and apply reinforcement learning for training automated intelligence defense agents. Full article

Technological advancements have helped all sectors to evolve. This advancement has widened the cyberspace and attack surface, which has led to a drastic increase in cyberattacks. Cybersecurity solutions have also evolved. The advancement is relatively slower in developing countries. However, the financial sector in developing countries has shown resistance to cyberattacks. This paper investigates the reasons for this resistance. Despite using legacy systems, the banking sector in Pakistan has demonstrated resistance to cyberattacks. The research used a qualitative approach. Semi-structured interviews were conducted with nine cybersecurity experts in the banking sector to illustrate the reasons for this cybersecurity resistance. The research focused on cybersecurity experts in the banking sector, recognizing that this industry is particularly prone to cyberattacks on a global scale. The study utilised a thematic analysis technique to find resistance factors. The analysis suggests that the opportunity cost of cyberattacks and lower attack surface in developing countries like Pakistan are the main reasons for the lower financial losses. The findings of this research will encourage the adoption of advanced technologies such as artificial intelligence (AI) and machine learning (ML) for cybersecurity in developing countries’ banking and financial sectors. Full article

The dark web is a part of the deep web that ensures anonymity to users, thus facilitating various malicious activities, such as the sales of drugs, firearms, and personal information or the dissemination of malware and cyberattack tools. These activities extend beyond the dark web and have negative effects on the surface web, which is commonly accessed by internet users. Recent studies on the dark web are limited to the detection and classification of specific malicious activities; that is, they cannot trace or identify the authors of dark web content or the source of a given information Therefore, we herein propose a method for identifying similar authors between the surface and dark webs using BERTopic and authorship attribution. We applied BERTopic to the surface and dark webs to extract previously unidentified topics and measured the similarity between the topics to detect similar topics between the two webs. In addition, we applied authorship attribution to the contents written by the authors of similar topics to extract the unique author characteristics. The similarity between the authors was measured to identify authors with similar characteristics. Thus, we identified authors who had written contents on similar topics on both the surface and dark webs as well as authors who are simultaneously active on both webs. Full article

With the success and commercialization of 5G, 3GPP has started working toward the sixth generation of communication systems. While 5G explored the concept of non-terrestrial networks like satellites and unmanned aerial vehicles working alongside terrestrial networks, 6G is expected to take this integration a step further, aiming to achieve a more coherent network where satellites and terrestrial infrastructure work together seamlessly. However, the complexity and uniqueness of such networks create numerous attack surfaces that make them vulnerable to cyberattacks. The solution to such cyberattacks can be addressed by encryption and other upper-layer authentication methods. However, with the move to higher-frequency bands, such encryption techniques are difficult to scale for low-latency networks. In addition, the recent progress in quantum computing will make networks more vulnerable. To address such challenges, physical layer security (PLS) is proposed as a secure and quantum-resistant way to implement security by taking advantage of the physics of the channel and transceiver. This article reviews the latest trends and progress in PLS in integrated satellite–terrestrial networks (ISTNs) from a signal processing perspective. This work provides a comprehensive survey of the state-of-the-art research conducted, challenges, and future directions in the PLS of ISTNs. Full article

This paper investigates the motion state estimation problem of the unmanned surface vehicle (USV) steering system in wireless sensor networks based on the binary coding scheme (BCS). In response to the presence of bandwidth constraints and mixed cyber-attacks in USV communication networks, this paper proposes an improved set-membership state estimation algorithm based on BCS. This algorithm partially addresses the problem of degraded performance in USV steering motion state estimation caused by mixed cyber-attacks and bandwidth constraints. Furthermore, this paper proposes a robust resilient filtering framework considering the possible occurrence of unknown but bounded (UBB) noises, model parameter uncertainties, and estimator gain perturbations in practical scenarios. The proposed framework can accurately estimate the sway velocity, yaw velocity, and roll velocity of the USV under the concurrent presence situation of mixed cyber-attacks, communication capacity constraints, UBB noises, model parameter uncertainties, and estimator gain perturbations. This paper first utilizes mathematical induction to provide the sufficient conditions for the existence of the desired estimator, and obtains the estimator gain by solving a set of linear matrix inequalities. Then, a recursive optimization algorithm is utilized to achieve optimal estimation performance. Finally, the effectiveness of the proposed estimation algorithm is verified through a simulation experiment. Full article

The emergence of smart technologies and the wide adoption of the Internet of Things (IoT) have revolutionized various sectors, yet they have also introduced significant security challenges due to the extensive attack surface they present. In recent years, many efforts have been made to minimize the attack surface. However, most IoT devices are resource-constrained with limited processing power, memory storage, and energy sources. Such devices lack the sufficient means for running existing resource-hungry security solutions, which in turn makes it challenging to secure IoT networks from sophisticated attacks. Feature Selection (FS) approaches in Machine Learning enabled Intrusion Detection Systems (IDS) have gained considerable attention in recent years for having the potential to detect sophisticated cyber-attacks while adhering to the resource limitations issues in IoT networks. Apropos of that, several researchers proposed FS-enabled IDS for IoT networks with a focus on lightweight security solutions. This work presents a comprehensive study discussing FS-enabled lightweight IDS tailored for resource-constrained IoT devices, with a special focus on the emerging Ensemble Feature Selection (EFS) techniques, portraying a new direction for the research community to inspect. The research aims to pave the way for the effective design of futuristic FS/EFS-enabled lightweight IDS for IoT networks, addressing the critical need for robust security measures in the face of resource limitations. Full article

As security breaches are increasingly widely reported in today’s culture, cybersecurity is gaining attention on a global scale. Threat modeling methods (TMM) are a proactive security practice that is essential for pinpointing risks and limiting their impact. This paper proposes a hybrid threat modeling framework based on system-centric, attacker-centric, and risk-centric approaches to identify threats in Operational Technology (OT) applications. OT is made up of software and hardware used to manage, secure, and control industrial control systems (ICS), and its environments include factories, power plants, oil and gas refineries, and pipelines. To visualize the “big picture” of its infrastructure risk profile and improve understanding of the full attack surface, the proposed framework builds on several threat modeling methodologies: PASTA modeling, STRIDE, and attack tree components. Nevertheless, the continuity and stability of vital infrastructure will continue to depend heavily on legacy equipment. Thus, protecting the availability, security, and safety of industrial environments and vital infrastructure from cyberattacks requires operational technology (OT) cybersecurity. The feasibility of the proposed approach is illustrated with a case study from a real oil and gas production plant control system where numerous significant cyberattacks in recent years have targeted OT networks more frequently as hackers realized the possibility of disruption due to insufficient OT security, particularly for outdated systems. The proposed framework achieved better results in detecting threats and severity in the design of the case study system, helping to increase security and support cybersecurity assessment of legacy control systems. Full article

The modern Internet of Autonomous Vehicles (IoVs) has enabled the development of autonomous vehicles that can interact with each other and their surroundings, facilitating real-time data exchange and communication between vehicles, infrastructure, and the external environment. The lack of security procedures in vehicular networks and Controller Area Network (CAN) protocol leaves vehicles exposed to intrusions. One common attack type is the message injection attack, which inserts fake messages into original Electronic Control Units (ECUs) to trick them or create failures. Therefore, this paper tackles the pressing issue of cyber-attack detection in modern IoV systems, where the increasing connectivity of vehicles to the external world and each other creates a vast attack surface. The vulnerability of in-vehicle networks, particularly the CAN protocol, makes them susceptible to attacks such as message injection, which can have severe consequences. To address this, we propose an intelligent Intrusion detection system (IDS) to detect a wide range of threats utilizing machine learning techniques. However, a significant challenge lies in the inherent imbalance of car-hacking datasets, which can lead to misclassification of attack types. To overcome this, we employ various imbalanced pre-processing techniques, including NearMiss, Random over-sampling (ROS), and TomLinks, to pre-process and handle imbalanced data. Then, various Machine Learning (ML) techniques, including Logistic Regression (LR), Linear Discriminant Analysis (LDA), Naive Bayes (NB), and K-Nearest Neighbors (k-NN), are employed in detecting and predicting attack types on balanced data. We evaluate the performance and efficacy of these techniques using a comprehensive set of evaluation metrics, including accuracy, precision, F1_Score, and recall. This demonstrates how well the suggested IDS detects cyberattacks in external and intra-vehicle vehicular networks using unbalanced data on vehicle hacking. Using k-NN with various resampling techniques, the results show that the proposed system achieves 100% detection rates in testing on the Car-Hacking dataset in comparison with existing work, demonstrating the effectiveness of our approach in protecting modern vehicle systems from advanced threats. Full article

With the advancement in information and communication technology, modern society has relied on various computing systems in areas closely related to human life. However, cyberattacks are also becoming more diverse and intelligent, with personal information and human lives being threatened. The moving target defense (MTD) strategy was designed to protect mission-critical systems from cyberattacks. The MTD strategy shifted the paradigm from passive to active system defense. However, there is a lack of indicators that can be used as a reference when deriving general system components, making it difficult to configure a systematic MTD strategy. Additionally, even when selecting system components, a method to confirm whether the systematic components are selected to respond to actual cyberattacks is needed. Therefore, in this study, we surveyed and analyzed existing cyberattack information and MTD strategy research results to configure a component dataset. Next, we found the correlation between the cyberattack information and MTD strategy component datasets and used this to design and implement the MTD-Diorama data visualization engine to configure a systematic MTD strategy. Through this, researchers can conveniently identify the attack surface contained in cyberattack information and the MTD strategies that can respond to each attack surface. Furthermore, it will allow researchers to configure more systematic MTD strategies that can be used universally without being limited to specific computing systems. Full article

Cybersecurity is becoming an increasingly important aspect in ensuring maritime data protection and operational continuity. Ships, ports, surveillance and navigation systems, industrial technology, cargo, and logistics systems all contribute to a complex maritime environment with a significant cyberattack surface. To that aim, a wide range of cyberattacks in the maritime domain are possible, with the potential to infect vulnerable information and communication systems, compromising safety and security. The use of navigation and surveillance systems, which are considered as part of the maritime OT sensors, can improve maritime cyber situational awareness. This survey critically investigates whether the fusion of OT data, which are used to provide maritime situational awareness, may also improve the ability to detect cyberincidents in real time or near-real time. It includes a thorough analysis of the relevant literature, emphasizing RF but also other sensors, and data fusion approaches that can help improve maritime cybersecurity. Full article

Increasingly disruptive cyber-attacks in the maritime domain have led to more efforts being focused on enhancing cyber resilience. From a regulatory perspective, there is a requirement that maritime stakeholders implement measures that would enable the timely detection of cyber events, leading to the adoption of Maritime Security Operation Centers (M-SOCs). At the same time, Remote Operation Centers (ROCs) are also being discussed to enable increased adoption of highly automated and autonomous technologies, which could further impact the attack surface of vessels. The main objective of this research was therefore to better understand both enabling factors and challenges impacting the effectiveness of M-SOC operations. Semi-structured interviews were conducted with nine M-SOC experts. Informed by grounded theory, incident management emerged as the core category. By focusing on the factors that make M-SOC operations a unique undertaking, the main contribution of this study is that it highlights how maritime connectivity challenges and domain knowledge impact the M-SOC incident management process. Additionally, we have related the findings to a future where M-SOC and ROC operations could be converged. Full article