sensors-logo

Journal Browser

Journal Browser

Intelligent Solutions for Cybersecurity

A special issue of Sensors (ISSN 1424-8220). This special issue belongs to the section "Internet of Things".

Deadline for manuscript submissions: 30 June 2024 | Viewed by 25860

Special Issue Editors

Computer Engineering Department, San José State University, 1 Washington Sq, San Jose, CA 95192, USA
Interests: hardware security; Biometrics; side-channel analysis
Special Issues, Collections and Topics in MDPI journals
Department of Computer Engineering & Computer Science California State University, Long Beach, CA, USA
Interests: computer systems cybersecurity; machine learning; hardware security
Special Issues, Collections and Topics in MDPI journals

Special Issue Information

Dear Colleagues,

Cybersecurity for the past decades has gained massive attention from researchers and practitioners in both academia and industry. The rapid development of modern computing devices and IT infrastructures in different domains such as cloud computing, embedded systems, Internet-of-Things (IoT), edge computing, and blockchain has made cybersecurity even more challenging. Artificial intelligence and machine learning techniques have found their pathways in the field of cybersecurity to enhance the robustness of the computing systems and protect the users against emerging cyber-attacks. This Special Issue highlights the importance and challenges of using AI/ML in cybersecurity, and explores the recent technologies and solutions that focus on theory and/or application of machine learning and deep learning techniques in securing modern computing systems.

Dr. Nima Karimian
Dr. Hossein Sayadi
Guest Editors

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Sensors is an international peer-reviewed open access semimonthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 2600 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • Cybersecurity
  • Artificial Intelligence
  • Machine Learning
  • Deep Learning
  • Malware Detection
  • Adversarial Attacks
  • Blockchain and Cryptocurrencies
  • Embedded Systems Security
  • Cloud Security
  • Side-Channel Attacks
  • Hardware Obfuscation
  • Biometric Security

Published Papers (10 papers)

Order results
Result details
Select all
Export citation of selected articles as:

Research

18 pages, 3370 KiB  
Article
Multi-Stage Learning Framework Using Convolutional Neural Network and Decision Tree-Based Classification for Detection of DDoS Pandemic Attacks in SDN-Based SCADA Systems
by Onur Polat, Muammer Türkoğlu, Hüseyin Polat, Saadin Oyucu, Hüseyin Üzen, Fahri Yardımcı and Ahmet Aksöz
Sensors 2024, 24(3), 1040; https://0-doi-org.brum.beds.ac.uk/10.3390/s24031040 - 05 Feb 2024
Viewed by 822
Abstract
Supervisory Control and Data Acquisition (SCADA) systems, which play a critical role in monitoring, managing, and controlling industrial processes, face flexibility, scalability, and management difficulties arising from traditional network structures. Software-defined networking (SDN) offers a new opportunity to overcome the challenges traditional SCADA [...] Read more.
Supervisory Control and Data Acquisition (SCADA) systems, which play a critical role in monitoring, managing, and controlling industrial processes, face flexibility, scalability, and management difficulties arising from traditional network structures. Software-defined networking (SDN) offers a new opportunity to overcome the challenges traditional SCADA networks face, based on the concept of separating the control and data plane. Although integrating the SDN architecture into SCADA systems offers many advantages, it cannot address security concerns against cyber-attacks such as a distributed denial of service (DDoS). The fact that SDN has centralized management and programmability features causes attackers to carry out attacks that specifically target the SDN controller and data plane. If DDoS attacks against the SDN-based SCADA network are not detected and precautions are not taken, they can cause chaos and have terrible consequences. By detecting a possible DDoS attack at an early stage, security measures that can reduce the impact of the attack can be taken immediately, and the likelihood of being a direct victim of the attack decreases. This study proposes a multi-stage learning model using a 1-dimensional convolutional neural network (1D-CNN) and decision tree-based classification to detect DDoS attacks in SDN-based SCADA systems effectively. A new dataset containing various attack scenarios on a specific experimental network topology was created to be used in the training and testing phases of this model. According to the experimental results of this study, the proposed model achieved a 97.8% accuracy rate in DDoS-attack detection. The proposed multi-stage learning model shows that high-performance results can be achieved in detecting DDoS attacks against SDN-based SCADA systems. Full article
(This article belongs to the Special Issue Intelligent Solutions for Cybersecurity)
Show Figures

Figure 1

27 pages, 1365 KiB  
Article
E2E-RDS: Efficient End-to-End Ransomware Detection System Based on Static-Based ML and Vision-Based DL Approaches
by Iman Almomani, Aala Alkhayer and Walid El-Shafai
Sensors 2023, 23(9), 4467; https://0-doi-org.brum.beds.ac.uk/10.3390/s23094467 - 04 May 2023
Cited by 4 | Viewed by 1696
Abstract
Nowadays, ransomware is considered one of the most critical cyber-malware categories. In recent years various malware detection and classification approaches have been proposed to analyze and explore malicious software precisely. Malware originators implement innovative techniques to bypass existing security solutions. This paper introduces [...] Read more.
Nowadays, ransomware is considered one of the most critical cyber-malware categories. In recent years various malware detection and classification approaches have been proposed to analyze and explore malicious software precisely. Malware originators implement innovative techniques to bypass existing security solutions. This paper introduces an efficient End-to-End Ransomware Detection System (E2E-RDS) that comprehensively utilizes existing Ransomware Detection (RD) approaches. E2E-RDS considers reverse engineering the ransomware code to parse its features and extract the important ones for prediction purposes, as in the case of static-based RD. Moreover, E2E-RDS can keep the ransomware in its executable format, convert it to an image, and then analyze it, as in the case of vision-based RD. In the static-based RD approach, the extracted features are forwarded to eight various ML models to test their detection efficiency. In the vision-based RD approach, the binary executable files of the benign and ransomware apps are converted into a 2D visual (color and gray) images. Then, these images are forwarded to 19 different Convolutional Neural Network (CNN) models while exploiting the substantial advantages of Fine-Tuning (FT) and Transfer Learning (TL) processes to differentiate ransomware apps from benign apps. The main benefit of the vision-based approach is that it can efficiently detect and identify ransomware with high accuracy without using data augmentation or complicated feature extraction processes. Extensive simulations and performance analyses using various evaluation metrics for the proposed E2E-RDS were investigated using a newly collected balanced dataset that composes 500 benign and 500 ransomware apps. The obtained outcomes demonstrate that the static-based RD approach using the AB (Ada Boost) model achieved high classification accuracy compared to other examined ML models, which reached 97%. While the vision-based RD approach achieved high classification accuracy, reaching 99.5% for the FT ResNet50 CNN model. It is declared that the vision-based RD approach is more cost-effective, powerful, and efficient in detecting ransomware than the static-based RD approach by avoiding feature engineering processes. Overall, E2E-RDS is a versatile solution for end-to-end ransomware detection that has proven its high efficiency from computational and accuracy perspectives, making it a promising solution for real-time ransomware detection in various systems. Full article
(This article belongs to the Special Issue Intelligent Solutions for Cybersecurity)
Show Figures

Figure 1

20 pages, 1461 KiB  
Article
An Insight into the Machine-Learning-Based Fileless Malware Detection
by Osama Khalid, Subhan Ullah, Tahir Ahmad, Saqib Saeed, Dina A. Alabbad, Mudassar Aslam, Attaullah Buriro and Rizwan Ahmad
Sensors 2023, 23(2), 612; https://0-doi-org.brum.beds.ac.uk/10.3390/s23020612 - 05 Jan 2023
Cited by 7 | Viewed by 6866
Abstract
In recent years, massive development in the malware industry changed the entire landscape for malware development. Therefore, cybercriminals became more sophisticated by advancing their development techniques from file-based to fileless malware. As file-based malware depends on files to spread itself, on the other [...] Read more.
In recent years, massive development in the malware industry changed the entire landscape for malware development. Therefore, cybercriminals became more sophisticated by advancing their development techniques from file-based to fileless malware. As file-based malware depends on files to spread itself, on the other hand, fileless malware does not require a traditional file system and uses benign processes to carry out its malicious intent. Therefore, it evades conventional detection techniques and remains stealthy. This paper briefly explains fileless malware, its life cycle, and its infection chain. Moreover, it proposes a detection technique based on feature analysis using machine learning for fileless malware detection. The virtual machine acquired the memory dumps upon executing the malicious and non-malicious samples. Then the necessary features are extracted using the Volatility memory forensics tool, which is then analyzed using machine learning classification algorithms. After that, the best algorithm is selected based on the k-fold cross-validation score. Experimental evaluation has shown that Random Forest outperforms other machine learning classifiers (Decision Tree, Support Vector Machine, Logistic Regression, K-Nearest Neighbor, XGBoost, and Gradient Boosting). It achieved an overall accuracy of 93.33% with a True Positive Rate (TPR) of 87.5% at zeroFalse Positive Rate (FPR) for fileless malware collected from five widely used datasets (VirusShare, AnyRun, PolySwarm, HatchingTriage, and JoESadbox). Full article
(This article belongs to the Special Issue Intelligent Solutions for Cybersecurity)
Show Figures

Figure 1

20 pages, 548 KiB  
Article
Robust Financial Fraud Alerting System Based in the Cloud Environment
by Branka Stojanović and Josip Božić
Sensors 2022, 22(23), 9461; https://0-doi-org.brum.beds.ac.uk/10.3390/s22239461 - 03 Dec 2022
Cited by 5 | Viewed by 1878
Abstract
The digitalisation of finance influenced the emergence of new technological concepts for existing user needs. Financial technology, or fintech, provides improved services for customers and new economic value for businesses. As such, fintech services require on-demand availability on a 24/7 basis. For this [...] Read more.
The digitalisation of finance influenced the emergence of new technological concepts for existing user needs. Financial technology, or fintech, provides improved services for customers and new economic value for businesses. As such, fintech services require on-demand availability on a 24/7 basis. For this reason, they are often deployed in cloud environments that allow connectivity with ubiquitous devices. This allows customers to perform online transactions, which are overseen by the respective financial institutions. However, such cloud-based systems introduce new challenges for information security. On one hand, they represent attractive targets for cyberattacks. On the other, financial frauds can still go unnoticed by the financial institutions in charge. This paper contributes to both challenges by introducing the concept for a cloud-based system architecture for fraud detection and client profiling in the banking domain. Therefore, a systematic risk assessment was conducted in this context, and exploitation probabilities were inferred for multiple attack scenarios. In addition, formal verification was accomplished in order to determine the effects of successful vulnerability exploits. The consequences of such security violations are discussed, and considerations are given for improving the resilience of fintech systems. Full article
(This article belongs to the Special Issue Intelligent Solutions for Cybersecurity)
Show Figures

Figure 1

30 pages, 639 KiB  
Article
Evaluation of Machine Learning Techniques for Traffic Flow-Based Intrusion Detection
by María Rodríguez, Álvaro Alesanco, Lorena Mehavilla and José García
Sensors 2022, 22(23), 9326; https://0-doi-org.brum.beds.ac.uk/10.3390/s22239326 - 30 Nov 2022
Cited by 7 | Viewed by 2583
Abstract
Cybersecurity is one of the great challenges of today’s world. Rapid technological development has allowed society to prosper and improve the quality of life and the world is more dependent on new technologies. Managing security risks quickly and effectively, preventing, identifying, or mitigating [...] Read more.
Cybersecurity is one of the great challenges of today’s world. Rapid technological development has allowed society to prosper and improve the quality of life and the world is more dependent on new technologies. Managing security risks quickly and effectively, preventing, identifying, or mitigating them is a great challenge. The appearance of new attacks, and with more frequency, requires a constant update of threat detection methods. Traditional signature-based techniques are effective for known attacks, but they are not able to detect a new attack. For this reason, intrusion detection systems (IDS) that apply machine learning (ML) techniques represent an alternative that is gaining importance today. In this work, we have analyzed different machine learning techniques to determine which ones permit to obtain the best traffic classification results based on classification performance measurements and execution times, which is decisive for further real-time deployments. The CICIDS2017 dataset was selected in this work since it contains bidirectional traffic flows (derived from traffic captures) that include benign traffic and different types of up-to-date attacks. Each traffic flow is characterized by a set of connection-related attributes that can be used to model the traffic and distinguish between attacks and normal flows. The CICIDS2017 also contains the raw network traffic captures collected during the dataset creation in a packet-based format, thus permitting to extract the traffic flows from them. Various classification techniques have been evaluated using the Weka software: naive Bayes, logistic, multilayer perceptron, sequential minimal optimization, k-nearest neighbors, adaptive boosting, OneR, J48, PART, and random forest. As a general result, methods based on decision trees (PART, J48, and random forest) have turned out to be the most efficient with F1 values above 0.999 (average obtained in the complete dataset). Moreover, multiclass classification (distinguishing between different types of attack) and binary classification (distinguishing only between normal traffic and attack) have been compared, and the effect of reducing the number of attributes using the correlation-based feature selection (CFS) technique has been evaluated. By reducing the complexity in binary classification, better results can be obtained, and by selecting a reduced set of the most relevant attributes, less time is required (above 30% of decrease in the time required to test the model) at the cost of a small performance loss. The tree-based techniques with CFS attribute selection (six attributes selected) reached F1 values above 0.990 in the complete dataset. Finally, a conventional tool like Zeek has been used to process the raw traffic captures to identify the traffic flows and to obtain a reduced set of attributes from these flows. The classification results obtained using tree-based techniques (with 14 Zeek-based attributes) were also very high, with F1 above 0.997 (average obtained in the complete dataset) and low execution times (allowing several hundred thousand flows/s to be processed). These classification results obtained on the CICIDS2017 dataset allow us to affirm that the tree-based machine learning techniques may be appropriate in the flow-based intrusion detection problem and that algorithms, such as PART or J48, may offer a faster alternative solution to the RF technique. Full article
(This article belongs to the Special Issue Intelligent Solutions for Cybersecurity)
Show Figures

Figure 1

15 pages, 785 KiB  
Article
On Detecting Cryptojacking on Websites: Revisiting the Use of Classifiers
by Fredy Andrés Aponte-Novoa, Daniel Povedano Álvarez, Ricardo Villanueva-Polanco, Ana Lucila Sandoval Orozco and Luis Javier García Villalba
Sensors 2022, 22(23), 9219; https://0-doi-org.brum.beds.ac.uk/10.3390/s22239219 - 27 Nov 2022
Cited by 4 | Viewed by 2296
Abstract
Cryptojacking or illegal mining is a form of malware that hides in the victim’s computer and takes the computational resources to extract cryptocurrencies in favor of the attacker. It generates significant computational consumption, reducing the computational efficiency of the victim’s computer. This attack [...] Read more.
Cryptojacking or illegal mining is a form of malware that hides in the victim’s computer and takes the computational resources to extract cryptocurrencies in favor of the attacker. It generates significant computational consumption, reducing the computational efficiency of the victim’s computer. This attack has increased due to the rise of cryptocurrencies and their profitability and its difficult detection by the user. The identification and blocking of this type of malware have become an aspect of research related to cryptocurrencies and blockchain technology; in the literature, some machine learning and deep learning techniques are presented, but they are still susceptible to improvement. In this work, we explore multiple Machine Learning classification models for detecting cryptojacking on websites, such as Logistic Regression, Decision Tree, Random Forest, Gradient Boosting Classifier, k-Nearest Neighbor, and XGBoost. To this end, we make use of a dataset, composed of network and host features’ samples, to which we apply various feature selection methods such as those based on statistical methods, e.g., Test Anova, and other methods as Wrappers, not only to reduce the complexity of the built models but also to discover the features with the greatest predictive power. Our results suggest that simple models such as Logistic Regression, Decision Tree, Random Forest, Gradient Boosting, and k-Nearest Neighbor models, can achieve success rate similar to or greater than that of advanced algorithms such as XGBoost and even those of other works based on Deep Learning. Full article
(This article belongs to the Special Issue Intelligent Solutions for Cybersecurity)
Show Figures

Figure 1

15 pages, 3618 KiB  
Article
Security Concerns in MMO Games—Analysis of a Potent Application Layer DDoS Threat
by Nikola Gavrić and Živko Bojović
Sensors 2022, 22(20), 7791; https://0-doi-org.brum.beds.ac.uk/10.3390/s22207791 - 14 Oct 2022
Cited by 1 | Viewed by 1235
Abstract
The application layer in the Internet protocol suite offers a significant degree of freedom regarding the orchestration of distributed denial-of-service attacks due to many different and unstandardized protocols. The primary focus of defending against application-layer distributed denial-of-service attacks has traditionally been Hypertext Transfer [...] Read more.
The application layer in the Internet protocol suite offers a significant degree of freedom regarding the orchestration of distributed denial-of-service attacks due to many different and unstandardized protocols. The primary focus of defending against application-layer distributed denial-of-service attacks has traditionally been Hypertext Transfer Protocols oriented while observing individual users’ actions independently from one another. In this paper, we present and analyze a novel application-layer DDoS attack in massively multiplayer online games that utilize the cooperative efforts of the attackers to deplete the server’s or players’ bandwidth. The attack exploits in-game dependencies between players to cause a massive spike in bandwidth while the attackers’ traffic remains legitimate. We introduce a multiplayer-relations graph to model user behavior on a game server. Additionally, we demonstrate the attack’s devastating capabilities on an emulated World of Warcraft server. Lastly, we discuss flaws of the existing defense mechanisms and possible approaches for the detection of these attacks using graph theory and multiplayer-relations graphs. Full article
(This article belongs to the Special Issue Intelligent Solutions for Cybersecurity)
Show Figures

Figure 1

13 pages, 379 KiB  
Article
PassTCN-PPLL: A Password Guessing Model Based on Probability Label Learning and Temporal Convolutional Neural Network
by Junbin Ye, Min Jin, Guoliang Gong, Rongxuan Shen and Huaxiang Lu
Sensors 2022, 22(17), 6484; https://0-doi-org.brum.beds.ac.uk/10.3390/s22176484 - 29 Aug 2022
Cited by 1 | Viewed by 2017
Abstract
The frequent incidents of password leakage have increased people’s attention and research on password security. Password guessing is an essential part of password cracking and password security research. The progression of deep learning technology provides a promising way to improve the efficiency of [...] Read more.
The frequent incidents of password leakage have increased people’s attention and research on password security. Password guessing is an essential part of password cracking and password security research. The progression of deep learning technology provides a promising way to improve the efficiency of password guessing. However, the mainstream models proposed for password guessing, such as RNN (or other variants, such as LSTM, GRU), GAN and VAE still face some problems, such as the low efficiency and high repetition rate of the generated passwords. In this paper, we propose a password-guessing model based on the temporal convolutional neural network (PassTCN). To further improve the performance of the generated passwords, we propose a novel password probability label-learning method, which reconstructs labels based on the password probability distribution of the training set and deduplicates the training set when training. Experiments on the RockYou dataset showed that, when generating 108 passwords, the coverage rate of PassTCN with password probability label learning (PassTCN-PPLL) reached 12.6%, which is 87.2%, 72.6% and 42.9% higher than PassGAN (a password-guessing model based on GAN), VAEPass (a password-guessing model based on VAE) and FLA (a password-guessing model based on LSTM), respectively. The repetition rate of our model is 25.9%, which is 45.1%, 31.7% and 17.4% lower than that of PassGAN, VAEPass and FLA, respectively. The results confirm that our approach not only improves the coverage rate but also reduces the repetition rate. Full article
(This article belongs to the Special Issue Intelligent Solutions for Cybersecurity)
Show Figures

Figure 1

18 pages, 696 KiB  
Article
CBD: A Deep-Learning-Based Scheme for Encrypted Traffic Classification with a General Pre-Training Method
by Xinyi Hu, Chunxiang Gu, Yihang Chen and Fushan Wei
Sensors 2021, 21(24), 8231; https://0-doi-org.brum.beds.ac.uk/10.3390/s21248231 - 09 Dec 2021
Cited by 6 | Viewed by 3069
Abstract
With the rapid increase in encrypted traffic in the network environment and the increasing proportion of encrypted traffic, the study of encrypted traffic classification has become increasingly important as a part of traffic analysis. At present, in a closed environment, the classification of [...] Read more.
With the rapid increase in encrypted traffic in the network environment and the increasing proportion of encrypted traffic, the study of encrypted traffic classification has become increasingly important as a part of traffic analysis. At present, in a closed environment, the classification of encrypted traffic has been fully studied, but these classification models are often only for labeled data and difficult to apply in real environments. To solve these problems, we propose a transferable model called CBD with generalization abilities for encrypted traffic classification in real environments. The overall structure of CBD can be generally described as a of one-dimension CNN and the encoder of Transformer. The model can be pre-trained with unlabeled data to understand the basic characteristics of encrypted traffic data, and be transferred to other datasets to complete the classification of encrypted traffic from the packet level and the flow level. The performance of the proposed model was evaluated on a public dataset. The results showed that the performance of the CBD model was better than the baseline methods, and the pre-training method can improve the classification ability of the model. Full article
(This article belongs to the Special Issue Intelligent Solutions for Cybersecurity)
Show Figures

Figure 1

14 pages, 278 KiB  
Article
A Novel Probability-Based Logic-Locking Technique: ProbLock
by Michael Yue and Sara Tehranipoor
Sensors 2021, 21(23), 8126; https://0-doi-org.brum.beds.ac.uk/10.3390/s21238126 - 04 Dec 2021
Cited by 4 | Viewed by 1918
Abstract
Integrated circuit (IC) piracy and overproduction are serious issues that threaten the security and integrity of a system. Logic locking is a type of hardware obfuscation technique where additional key gates are inserted into the circuit. Only the correct key can unlock the [...] Read more.
Integrated circuit (IC) piracy and overproduction are serious issues that threaten the security and integrity of a system. Logic locking is a type of hardware obfuscation technique where additional key gates are inserted into the circuit. Only the correct key can unlock the functionality of that circuit; otherwise, the system produces the wrong output. In an effort to hinder these threats on ICs, we have developed a probability-based logic-locking technique to protect the design of a circuit. Our proposed technique, called “ProbLock”, can be applied to both combinational and sequential circuits through a critical selection process. We used a filtering process to select the best location of key gates based on various constraints. Each step in the filtering process generates a subset of nodes for each constraint. We also analyzed the correlation between each constraint and adjusted the strength of the constraints before inserting key gates. We tested our algorithm on 40 benchmarks from the ISCAS ’85 and ISCAS ’89 suites. We evaluated ProbLock against a SAT attack and measured how long the attack took to successfully generate a key value. The SAT attack took longer for most benchmarks using ProbLock which proves viable security in hardware obfuscation. Full article
(This article belongs to the Special Issue Intelligent Solutions for Cybersecurity)
Show Figures

Figure 1

Back to TopTop