Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
4.5
2.7
Journals
Applied Sciences
Special Issues
Applied AI for cybersecurity in smart enterprises
share announcement

Applied AI for cybersecurity in smart enterprises

A special issue of Applied Sciences (ISSN 2076-3417). This special issue belongs to the section "Computing and Artificial Intelligence".

Deadline for manuscript submissions: closed (20 July 2022) | Viewed by 15212

Special Issue Editors

Dr. Donato Impedovo

E-Mail Website
Guest Editor
Department of Computer Science, University of Bari, 70121 Bari, Italy
Interests: artificial intelligence; pattern recognition; signal processing; biometrics; automatic signature verification
Special Issues, Collections and Topics in MDPI journals
Prof. Giuseppe PIRLO

E-Mail Website
Guest Editor
Department of Computer Science, University of Bari, Bari, Italy
Interests: biometrics; automatic signature verification; artificial intelligence; pattern recognition; signal processing
Special Issues, Collections and Topics in MDPI journals

Special Issue Information

Dear Colleagues,

Modern enterprises are complex systems that include humans, machines, items, and procedures. The COVID-19 pandemic situation has introduced and boosted the smart working modality in which, in many cases, workers use their own devices and, more in general, mobile devices. These devices can be used in a promiscuous way also considering multiple users within the same cohabiting set. As a result, items and procedures are prone to many attacks. Machine learning and artificial intelligence can be used to detect malicious activities at central level as well as at mobile endpoints. This Special Issue is aimed at reporting methods for traffic analysis and modeling. Threat intelligence can identify patterns in data to enable systems to learn from experience. Moreover, it must be considered that attack schemes can be modeled to some extent and zero-day attacks are a major issue. Lightweight portable intrusion detection system is a desirable element in such scenario. Enterprises are managing a large amount of vulnerabilities on a daily basis. In many cases, user behavior understanding plays a crucial role. This SI, according to the NIST framework for cybersecurity, calls for articles related to the application of artificial intelligence in enterprises in the five concurrent and continuous functions: Identity, Protect, Detect, Respond and Recover.

This Special Issue is part of the activities of the project "Suite products CyberSecurity and SOC" co-funded by BV TECH S.p.A. within the call "Fondo Europeo di Sviluppo Regionale Puglia POR Puglia 2014 - 2020 - Axis I - Specific Objective 1a - Action 1.1 (R&D)"

Dr. Donato Impedovo
Prof. Giuseppe PIRLO
Guest Editors

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Applied Sciences is an international peer-reviewed open access semimonthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 2400 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • Shallow Learning and deep learning for cybersecurity
  • Traffic modelling
  • Adversarial machine learning
  • Attacks against machine learning
  • Cybersecurity
  • Intrusion detection
  • Application, deployment, testbed, and experiences in smart enterprises
  • Big data for cybersecurity
  • Cloud computing and network infrastructure
  • Cyber modelling and simulation
  • Cyber incident analysis
  • Environment monitoring
  • One-shot learning
  • Continuous learning
  • Fault tolerance and reliability
  • Human behavior modeling and analytics
  • Software defined networking (SDN) and network function virtualization (NFV)
  • Smart grid
  • Security, and privacy
  • Smartphone and mobile systems and applications
  • Collaboration and Negotiation Technologies
  • Multi-Agent Systems and Artificial Intelligence
  • e-Business and e-Commerce
  • Ubiquitous Computing
  • Cloud Computing
  • Biometric authentication
  • AI for cyber defence

Published Papers (4 papers)

Download All Papers
Order results
Result details
Show export options expand_more Show export options expand_less
Select all
Export citation of selected articles as:

Research

16 pages, 1013 KiB  
Article
DoH Tunneling Detection System for Enterprise Network Using Deep Learning Technique
by Tuan Anh Nguyen and Minho Park
Appl. Sci. 2022, 12(5), 2416; https://0-doi-org.brum.beds.ac.uk/10.3390/app12052416 - 25 Feb 2022
Cited by 14 | Viewed by 4136
Abstract
In spite of protection mechanisms for Domain Name System (DNS), such as IP blacklist and DNS Firewall, DNS still has privacy issues in reality, since DNS is a plain-text protocol. Recently, to resolve this problem, an encrypted DNS, called DNS-over-HTTPS (DoH), has been [...] Read more.
In spite of protection mechanisms for Domain Name System (DNS), such as IP blacklist and DNS Firewall, DNS still has privacy issues in reality, since DNS is a plain-text protocol. Recently, to resolve this problem, an encrypted DNS, called DNS-over-HTTPS (DoH), has been developed, and is becoming more widespread. As the secured version of DNS, DoH guarantees privacy and security to prevent various attacks such as eavesdropping and manipulating DNS data by using the HTTPS protocol to encrypt the data between the DoH client and the DoH-based DNS resolver. DoH is one of the best security options for an enterprise network where more sensitive data protection is required. However, DoH may cause an unintended security breach, i.e., information leakage via malicious DoH tunneling. Since the DoH traffic is encrypted and indistinguishable from other HTTPS traffic, data hidden inside DoH packets can be easily leaked out of an enterprise network. Although some countermeasures to detect DoH tunneling attacks have been proposed, they still have limitations. Previous research used Supervised Machine Learning methods to detect DoH tunneling, which required a high volume of labeled data. In practice, collecting and labeling all of the data is an impossible task, especially in DoH, when all of the data are encrypted. Furthermore, Supervised Machine Learning methods rely heavily on human-engineered feature extraction, which makes classifying encrypted DoH traffic difficult. Furthermore, no previous research has mentioned a complete functional DoH detection applied to network infrastructure. Therefore, we propose a detection system for DoH tunneling attacks based on Transformer to detect a malicious DoH tunneling and build a fully functional DoH detection system that can be integrated with the security operation system of an enterprise network. The experiment results show a significant improvement compared with previous works. Full article
(This article belongs to the Special Issue Applied AI for cybersecurity in smart enterprises)
Show Figures

Figure 1

20 pages, 660 KiB  
Article
Combining Unsupervised Approaches for Near Real-Time Network Traffic Anomaly Detection
by Francesco Carrera, Vincenzo Dentamaro, Stefano Galantucci, Andrea Iannacone, Donato Impedovo and Giuseppe Pirlo
Appl. Sci. 2022, 12(3), 1759; https://0-doi-org.brum.beds.ac.uk/10.3390/app12031759 - 08 Feb 2022
Cited by 17 | Viewed by 3346
Abstract
The 0-day attack is a cyber-attack based on vulnerabilities that have not yet been published. The detection of anomalous traffic generated by such attacks is vital, as it can represent a critical problem, both in a technical and economic sense, for a smart [...] Read more.
The 0-day attack is a cyber-attack based on vulnerabilities that have not yet been published. The detection of anomalous traffic generated by such attacks is vital, as it can represent a critical problem, both in a technical and economic sense, for a smart enterprise as for any system largely dependent on technology. To predict this kind of attack, one solution can be to use unsupervised machine learning approaches, as they guarantee the detection of anomalies regardless of their prior knowledge. It is also essential to identify the anomalous and unknown behaviors that occur within a network in near real-time. Three different approaches have been proposed and benchmarked in exactly the same condition: Deep Autoencoding with GMM and Isolation Forest, Deep Autoencoder with Isolation Forest, and Memory Augmented Deep Autoencoder with Isolation Forest. These approaches are thus the result of combining different unsupervised algorithms. The results show that the addition of the Isolation Forest improves the accuracy values and increases the inference time, although this increase does not represent a relevant problematic factor. This paper also explains the features that the various models consider most important for classifying an event as an attack using the explainable artificial intelligence methodology called Shapley Additive Explanations (SHAP). Experiments were conducted on KDD99, NSL-KDD, and CIC-IDS2017 datasets. Full article
(This article belongs to the Special Issue Applied AI for cybersecurity in smart enterprises)
Show Figures

Figure 1

16 pages, 274 KiB  
Article
Comparing Deep Learning and Shallow Learning Techniques for API Calls Malware Prediction: A Study
by Angelo Cannarile, Vincenzo Dentamaro, Stefano Galantucci, Andrea Iannacone, Donato Impedovo and Giuseppe Pirlo
Appl. Sci. 2022, 12(3), 1645; https://0-doi-org.brum.beds.ac.uk/10.3390/app12031645 - 04 Feb 2022
Cited by 12 | Viewed by 3084
Abstract
Recognition of malware is critical in cybersecurity as it allows for avoiding execution and the downloading of malware. One of the possible approaches is to analyze the executable’s Application Programming Interface (API) calls, which can be done using tools that work in sandboxes, [...] Read more.
Recognition of malware is critical in cybersecurity as it allows for avoiding execution and the downloading of malware. One of the possible approaches is to analyze the executable’s Application Programming Interface (API) calls, which can be done using tools that work in sandboxes, such as Cuckoo or CAPEv2. This chain of calls can then be used to classify if the considered file is benign or malware. This work aims to compare six modern shallow learning and deep learning techniques based on tabular data, using two datasets of API calls containing malware and goodware, where the corresponding chain of API calls is expressed for each instance. The results show the quality of shallow learning approaches based on tree ensembles, such as CatBoost, both in terms of F1-macro score and Area Under the ROC curve (AUC ROC), and training time, making them optimal for making inferences on Edge AI solutions. The results are then analyzed with the explainable AI SHAP technique, identifying the API calls that most influence the process, i.e., those that are particularly afferent to malware and goodware. Full article
(This article belongs to the Special Issue Applied AI for cybersecurity in smart enterprises)
13 pages, 557 KiB  
Article
Notarization and Anti-Plagiarism: A New Blockchain Approach
by Tonino Palmisano, Vito Nicola Convertini, Lucia Sarcinella, Luigia Gabriele and Mariangela Bonifazi
Appl. Sci. 2022, 12(1), 243; https://0-doi-org.brum.beds.ac.uk/10.3390/app12010243 - 27 Dec 2021
Cited by 5 | Viewed by 3775
Abstract
In traditional notarization processes, the correctness of the activities between the parties is guaranteed by a central authority or guaranteeing institution. In this case, the authority is not able to quickly establish the originality of the content to be notarized, or at least [...] Read more.
In traditional notarization processes, the correctness of the activities between the parties is guaranteed by a central authority or guaranteeing institution. In this case, the authority is not able to quickly establish the originality of the content to be notarized, or at least to have a large degree of certainty without the use of automated systems. This paper presents a new notarization platform that uses blockchain technology and integrates advanced anti-plagiarism approaches able to effectively detect copyright violations of documents that users want to notarize. In addition, our proposal includes the use of models, methods, and techniques, through which a very high level of privacy and information security can be guaranteed. Full article
(This article belongs to the Special Issue Applied AI for cybersecurity in smart enterprises)
Show Figures

Figure 1

Show export options expand_more Show export options expand_less
Select all
Export citation of selected articles as:
 
Displaying articles 1-4
Back to TopTop