A Review of Hybrid Cyber Threats Modelling and Detection Using Artificial Intelligence in IIoT

The Industrial Internet of Things(IIoT)has brought numerous benefits,such as improved efficiency,smart analytics,and increased automation.However,it also exposes connected devices,users,applications,and data generated to cyber security threats that need to be addressed.This work investigates hybrid cyber threats(HCTs),which are now working on an entirely new level with the increasingly adopted IIoT.This work focuses on emerging methods to model,detect,and defend against hybrid cyber attacks using machine learning(ML)techniques.Specifically,a novel ML-based HCT modelling and analysis framework was proposed,in which L1 regularisation and Random Forest were used to cluster features and analyse the importance and impact of each feature in both individual threats and HCTs.A grey relation analysis-based model was employed to construct the correlation between IIoT components and different threats.

Beyond Defense: Proactive Approaches to Disaster Recovery and Threat Intelligence in Modern Enterprises

As cyber threats keep changing and business environments adapt, a comprehensive approach to disaster recovery involves more than just defensive measures. This research delves deep into the strategies required to respond to threats and anticipate and mitigate them proactively. Beginning with understanding the critical need for a layered defense and the intricacies of the attacker’s journey, the research offers insights into specialized defense techniques, emphasizing the importance of timely and strategic responses during incidents. Risk management is brought to the forefront, underscoring businesses’ need to adopt mature risk assessment practices and understand the potential risk impact areas. Additionally, the value of threat intelligence is explored, shedding light on the importance of active engagement within sharing communities and the vigilant observation of adversary motivations. “Beyond Defense: Proactive Approaches to Disaster Recovery and Threat Intelligence in Modern Enterprises” is a comprehensive guide for organizations aiming to fortify their cybersecurity posture, marrying best practices in proactive and reactive measures in the ever-challenging digital realm.

Chinese Cyber Threat Intelligence Named Entity Recognition via RoBERTa-wwm-RDCNN-CRF

In recent years,cyber attacks have been intensifying and causing great harm to individuals,companies,and countries.The mining of cyber threat intelligence(CTI)can facilitate intelligence integration and serve well in combating cyber attacks.Named Entity Recognition(NER),as a crucial component of text mining,can structure complex CTI text and aid cybersecurity professionals in effectively countering threats.However,current CTI NER research has mainly focused on studying English CTI.In the limited studies conducted on Chinese text,existing models have shown poor performance.To fully utilize the power of Chinese pre-trained language models(PLMs)and conquer the problem of lengthy infrequent English words mixing in the Chinese CTIs,we propose a residual dilated convolutional neural network(RDCNN)with a conditional random field(CRF)based on a robustly optimized bidirectional encoder representation from transformers pre-training approach with whole word masking(RoBERTa-wwm),abbreviated as RoBERTa-wwm-RDCNN-CRF.We are the first to experiment on the relevant open source dataset and achieve an F1-score of 82.35%,which exceeds the common baseline model bidirectional encoder representation from transformers(BERT)-bidirectional long short-term memory(BiLSTM)-CRF in this field by about 19.52%and exceeds the current state-of-the-art model,BERT-RDCNN-CRF,by about 3.53%.In addition,we conducted an ablation study on the encoder part of the model to verify the effectiveness of the proposed model and an in-depth investigation of the PLMs and encoder part of the model to verify the effectiveness of the proposed model.The RoBERTa-wwm-RDCNN-CRF model,the shared pre-processing,and augmentation methods can serve the subsequent fundamental tasks such as cybersecurity information extraction and knowledge graph construction,contributing to important applications in downstream tasks such as intrusion detection and advanced persistent threat(APT)attack detection.

Attack Behavior Extraction Based on Heterogeneous Cyberthreat Intelligence and Graph Convolutional Networks

The continuous improvement of the cyber threat intelligence sharing mechanism provides new ideas to deal with Advanced Persistent Threats(APT).Extracting attack behaviors,i.e.,Tactics,Techniques,Procedures(TTP)from Cyber Threat Intelligence(CTI)can facilitate APT actors’profiling for an immediate response.However,it is difficult for traditional manual methods to analyze attack behaviors from cyber threat intelligence due to its heterogeneous nature.Based on the Adversarial Tactics,Techniques and Common Knowledge(ATT&CK)of threat behavior description,this paper proposes a threat behavioral knowledge extraction framework that integrates Heterogeneous Text Network(HTN)and Graph Convolutional Network(GCN)to solve this issue.It leverages the hierarchical correlation relationships of attack techniques and tactics in the ATT&CK to construct a text network of heterogeneous cyber threat intelligence.With the help of the Bidirectional EncoderRepresentation fromTransformers(BERT)pretraining model to analyze the contextual semantics of cyber threat intelligence,the task of threat behavior identification is transformed into a text classification task,which automatically extracts attack behavior in CTI,then identifies the malware and advanced threat actors.The experimental results show that F1 achieve 94.86%and 92.15%for the multi-label classification tasks of tactics and techniques.Extend the experiment to verify the method’s effectiveness in identifying the malware and threat actors in APT attacks.The F1 for malware and advanced threat actors identification task reached 98.45%and 99.48%,which are better than the benchmark model in the experiment and achieve state of the art.The model can effectivelymodel threat intelligence text data and acquire knowledge and experience migration by correlating implied features with a priori knowledge to compensate for insufficient sample data and improve the classification performance and recognition ability of threat behavior in text.

Network Security Situation Awareness Framework based on Threat Intelligence

Network security situation awareness is an important foundation for network security management,which presents the target system security status by analyzing existing or potential cyber threats in the target system.In network offense and defense,the network security state of the target system will be affected by both offensive and defensive strategies.According to this feature,this paper proposes a network security situation awareness method using stochastic game in cloud computing environment,uses the utility of both sides of the game to quantify the network security situation value.This method analyzes the nodes based on the network security state of the target virtual machine and uses the virtual machine introspection mechanism to obtain the impact of network attacks on the target virtual machine,then dynamically evaluates the network security situation of the cloud environment based on the game process of both attack and defense.In attack prediction,cyber threat intelligence is used as an important basis for potential threat analysis.Cyber threat intelligence that is applicable to the current security state is screened through the system hierarchy fuzzy optimization method,and the potential threat of the target system is analyzed using the cyber threat intelligence obtained through screening.If there is no applicable cyber threat intelligence,using the Nash equilibrium to make predictions for the attack behavior.The experimental results show that the network security situation awareness method proposed in this paper can accurately reflect the changes in the network security situation and make predictions on the attack behavior.

Research on University’s Cyber Threat Intelligence Sharing Platform Based on New Types of STIX and TAXII Standards

With the systematization of cyber threats, the variety of intrusion tools and intrusion methods has greatly reduced the cost of attackers’ threats to network security. Due to a large number of colleges and universities, teachers and students are highly educated and the Internet access rate is nearly 100%. The social status makes the university network become the main target of threat. The traditional defense method cannot cope with the current complex network attacks. In order to solve this problem, the threat intelligence sharing platform based on various threat intelligence sharing standards is established, which STIX and TAXII It is a widely used sharing standard in various sharing platforms. This paper analyzes the existing standards of STIX and TAXII, improves the STIX and TAXII standards based on the analysis results, and proposes a new type of STIX and TAXII based on the improved results. The standard design scheme of threat intelligence sharing platform suitable for college network environment features. The experimental results show that the threat intelligence sharing platform designed in this paper can be effectively applied to the network environment of colleges and universities.

Cyber Resilience through Real-Time Threat Analysis in Information Security

This paper examines how cybersecurity is developing and how it relates to more conventional information security. Although information security and cyber security are sometimes used synonymously, this study contends that they are not the same. The concept of cyber security is explored, which goes beyond protecting information resources to include a wider variety of assets, including people [1]. Protecting information assets is the main goal of traditional information security, with consideration to the human element and how people fit into the security process. On the other hand, cyber security adds a new level of complexity, as people might unintentionally contribute to or become targets of cyberattacks. This aspect presents moral questions since it is becoming more widely accepted that society has a duty to protect weaker members of society, including children [1]. The study emphasizes how important cyber security is on a larger scale, with many countries creating plans and laws to counteract cyberattacks. Nevertheless, a lot of these sources frequently neglect to define the differences or the relationship between information security and cyber security [1]. The paper focus on differentiating between cybersecurity and information security on a larger scale. The study also highlights other areas of cybersecurity which includes defending people, social norms, and vital infrastructure from threats that arise from online in addition to information and technology protection. It contends that ethical issues and the human factor are becoming more and more important in protecting assets in the digital age, and that cyber security is a paradigm shift in this regard [1].

Artificial Intelligence Based Threat Detection in Industrial Internet of Things Environment

Internet of Things(IoT)is one of the hottest research topics in recent years,thanks to its dynamic working mechanism that integrates physical and digital world into a single system.IoT technology,applied in industries,is termed as Industrial IoT(IIoT).IIoT has been found to be highly susceptible to attacks from adversaries,based on the difficulties observed in IIoT and its increased dependency upon internet and communication network.Intentional or accidental attacks on these approaches result in catastrophic effects like power outage,denial of vital health services,disruption to civil service,etc.,Thus,there is a need exists to develop a vibrant and powerful for identification and mitigation of security vulnerabilities in IIoT.In this view,the current study develops an AI-based Threat Detection and Classification model for IIoT,abbreviated as AITDC-IIoT model.The presented AITDC-IIoT model initially pre-processes the input data to transform it into a compatible format.In addition,WhaleOptimizationAlgorithm based Feature Selection(WOA-FS)is used to elect the subset of features.Moreover,Cockroach Swarm Optimization(CSO)is employed with Random Vector Functional Link network(RVFL)technique for threat classification.Finally,CSO algorithm is applied to appropriately adjust the parameters related to RVFL model.The performance of the proposed AITDC-IIoT model was validated under benchmark datasets.The experimental results established the supremacy of the proposed AITDC-IIoT model over recent approaches.

A Research and Analysis Method of Open Source Threat Intelligence Data

As the form of cyber threats becomes more complex,which leads to a widespread concern about how to promote network security active defense system by using the exploding cyber threat intelligence.Basing on the content analysis method,introduces the precision,recall rate and timely rate on the basis of the change of time dimension,and analyzes the threat intelligence provider from three aspects.The validity of this method is verified by the test of massive source of threat data,which improves the efficiency of CIF analysis and makes it easy to analyze and extract the threat intelligence information quickly.

The Economics of Sharing Unclassified Cyber Threat Intelligence by Government Agencies and Departments

This paper extends the literature on the economics of sharing cybersecurity information by and among profit-seeking firms by modeling the case where a government agency or department publicly shares unclassified cyber threat information with all organizations. In prior cybersecurity information sharing models a common element was reciprocity—i.e., firms receiving shared information are also asked to share their private cybersecurity information with all other firms (via an information sharing arrangement). In contrast, sharing of unclassified cyber threat intelligence (CTI) by a government agency or department is not based on reciprocal sharing by the recipient organizations. After considering the government’s cost of preparing and disseminating CTI, as well as the benefits to the recipients of the CTI, we provide sufficient conditions for sharing of CTI to result in an increase in social welfare. Under a broad set of general conditions, sharing of CTI will increase social welfare gross of the costs to the government agency or department sharing the information. Thus, if the entity can keep the sharing costs low, sharing cybersecurity information will result in an increase in net social welfare.

Unstructured Big Data Threat Intelligence Parallel Mining Algorithm

To efficiently mine threat intelligence from the vast array of open-source cybersecurity analysis reports on the web,we have developed the Parallel Deep Forest-based Multi-Label Classification(PDFMLC)algorithm.Initially,open-source cybersecurity analysis reports are collected and converted into a standardized text format.Subsequently,five tactics category labels are annotated,creating a multi-label dataset for tactics classification.Addressing the limitations of low execution efficiency and scalability in the sequential deep forest algorithm,our PDFMLC algorithm employs broadcast variables and the Lempel-Ziv-Welch(LZW)algorithm,significantly enhancing its acceleration ratio.Furthermore,our proposed PDFMLC algorithm incorporates label mutual information from the established dataset as input features.This captures latent label associations,significantly improving classification accuracy.Finally,we present the PDFMLC-based Threat Intelligence Mining(PDFMLC-TIM)method.Experimental results demonstrate that the PDFMLC algorithm exhibits exceptional node scalability and execution efficiency.Simultaneously,the PDFMLC-TIM method proficiently conducts text classification on cybersecurity analysis reports,extracting tactics entities to construct comprehensive threat intelligence.As a result,successfully formatted STIX2.1 threat intelligence is established.

Threat Modeling and Application Research Based on Multi-Source Attack and Defense Knowledge

Cyber Threat Intelligence(CTI)is a valuable resource for cybersecurity defense,but it also poses challenges due to its multi-source and heterogeneous nature.Security personnel may be unable to use CTI effectively to understand the condition and trend of a cyberattack and respond promptly.To address these challenges,we propose a novel approach that consists of three steps.First,we construct the attack and defense analysis of the cybersecurity ontology(ADACO)model by integrating multiple cybersecurity databases.Second,we develop the threat evolution prediction algorithm(TEPA),which can automatically detect threats at device nodes,correlate and map multisource threat information,and dynamically infer the threat evolution process.TEPA leverages knowledge graphs to represent comprehensive threat scenarios and achieves better performance in simulated experiments by combining structural and textual features of entities.Third,we design the intelligent defense decision algorithm(IDDA),which can provide intelligent recommendations for security personnel regarding the most suitable defense techniques.IDDA outperforms the baseline methods in the comparative experiment.

Multiclass Classification for Cyber Threats Detection on Twitter

The advances in technology increase the number of internet systems usage.As a result,cybersecurity issues have become more common.Cyber threats are one of the main problems in the area of cybersecurity.However,detecting cybersecurity threats is not a trivial task and thus is the center of focus for many researchers due to its importance.This study aims to analyze Twitter data to detect cyber threats using a multiclass classification approach.The data is passed through different tasks to prepare it for the analysis.Term Frequency and Inverse Document Frequency(TFIDF)features are extracted to vectorize the cleaned data and several machine learning algorithms are used to classify the Twitter posts into multiple classes of cyber threats.The results are evaluated using different metrics including precision,recall,F-score,and accuracy.This work contributes to the cyber security research area.The experiments revealed the promised results of the analysis using the Random Forest(RF)algorithm with(F-score=81%).This result outperformed the existing studies in the field of cyber threat detection and showed the importance of detecting cyber threats in social media posts.There is a need for more investigation in the field of multiclass classification to achieve more accurate results.In the future,this study suggests applying different data representations for the feature extraction other than TF-IDF such as Word2Vec,and adding a new phase for feature selection to select the optimum features subset to achieve higher accuracy of the detection process.

Machine Learning Based Cybersecurity Threat Detection for Secure IoT Assisted Cloud Environment

The Internet of Things(IoT)is determine enormous economic openings for industries and allow stimulating innovation which obtain between domains in childcare for eldercare,in health service to energy,and in developed to transport.Cybersecurity develops a difficult problem in IoT platform whereas the presence of cyber-attack requires that solved.The progress of automatic devices for cyber-attack classifier and detection employing Artificial Intelligence(AI)andMachine Learning(ML)devices are crucial fact to realize security in IoT platform.It can be required for minimizing the issues of security based on IoT devices efficiently.Thus,this research proposal establishes novel mayfly optimized with Regularized Extreme Learning Machine technique called as MFO-RELM model for Cybersecurity Threat classification and detection fromthe cloud and IoT environments.The proposed MFORELM model provides the effective detection of cybersecurity threat which occur in the cloud and IoT platforms.To accomplish this,the MFO-RELM technique pre-processed the actual cloud and IoT data as to meaningful format.Besides,the proposed models will receive the pre-processing data and carry out the classifier method.For boosting the efficiency of the proposed models,theMFOtechnique was utilized to it.The experiential outcome of the proposed technique was tested utilizing the standard CICIDS 2017 dataset,and the outcomes are examined under distinct aspects.

网络威胁情报分析框架研究和实现

网络威胁情报基于大量网络威胁数据,通过信息共享和集体协作,实现对网络威胁的快速预警、检测和响应。如何快速、准确地从海量威胁情报报告中自动提取涉及网络安全信息已成为研究的热点和难点。文中提出了一个网络威胁情报分析框架,总结目前对网络威胁情报的全周期处理流程。并给出了在此框架下应用实例:创建公开威胁情报数据集、提出网络威胁情报关键信息抽取算法、实现基于异质信息图的恶意IP⁃域名的关联认知等。文中实现了多种网络威胁情报实体识别深度学习模型,其中基于XLnet和字典相结合进行嵌入表达,模型准确率最好达到95.27%。论文提出的网络威胁情报分析框架可以作为非结构化网络威胁情报分析的指导依据,论文的实验结果可以作为网络威胁情报信息抽取工作的对比基线。

The Role of AI in Cyber Security: Safeguarding Digital Identity

This article signals the use of Artificial Intelligence (AI) in information security where its merits, downsides as well as unanticipated negative outcomes are noted. It considers AI based models that can strengthen or undermine infrastructural functions and organize the networks. In addition, the essay delves into AI’s role in Cyber security software development and the need for AI-resilient strategies that could anticipate and thwart AI-created vulnerabilities. The document also touched on the socioeconomic ramifications of the emergence of AI in Cyber security as well. Looking into AI and security literature, the report outlines benefits including made threat detection precision, extended security ops efficiency, and preventive security tasks. At the same time, it emphasizes the positive side of AI, but it also shows potential limitations such as data bias, lack of interpretability, ethical concerns, and security flaws. The work similarly focuses on the characterized of misuse and sophisticated cyberattacks. The research suggests ways to diminish AI-generating maleficence which comprise ethical AI development, robust safety measures and constant audits and updates. With regard to the AI application in Cyber security, there are both pros and cons in terms of socio-economic issues, for example, job displacement, economic growth and the change in the required workforce skills.

一种基于图注意力机制的威胁情报归因方法

威胁情报关联分析已成为网络攻击溯源的有效方式。从公开威胁情报源爬取了不同高级持续性威胁(APT)组织的威胁情报分析报告,并提出一种基于图注意力机制的威胁情报报告归类的方法,目的是检测新产生的威胁情报分析报告类别是否为已知的攻击组织,从而有助于进一步的专家分析。通过设计威胁情报知识图谱,提取战术和技术情报,对恶意样本、IP和域名进行属性挖掘,构建复杂网络,使用图注意力神经网络进行威胁情报报告节点分类。评估表明:所提方法在考虑类别分布不均衡的情况下,可以达到78%的准确率,达到对威胁情报报告所属组织进行有效判定的目的。

生成式伪造语音安全问题与解决方案

生成式人工智能算法的发展使得生成式伪造语音更加自然流畅,人类听力难以分辨真伪.首先分析了生成式伪造语音不当滥用对社会造成的一系列威胁,如电信诈骗更加泛滥、语音应用程序安全性下降、司法鉴定公正性受到影响、综合多领域的伪造信息欺骗社会大众等.然后从技术发展角度,对生成式伪造语音的生成算法和检测算法分别进行总结与分类,阐述算法流程步骤及其中的关键点,并分析了技术应用的挑战点.最后从技术应用、制度规范、公众教育、国际合作4方面阐述了如何预防以及解决生成式伪造语音带来的安全问题.

基于预训练模型和中英文威胁情报的TTP识别方法研究

TTP情报主要存在于非结构化的威胁报告中,是一种具有重要价值的网络威胁情报。然而,目前开源的TTP分类标签数据集主要集中在英文领域,涵盖的语料来源与TTP种类较为有限,特别是缺乏中文领域的相关数据。针对该情况,文章构建了一个中英文TTP情报数据集BTICD,该数据集包含17700条样本数据与236种对应的TTP。BTICD首次利用了公开的中文威胁报告语料进行TTP标注,且标注了一部分无法映射到任何一种TTP的白样本数据。文章基于预训练模型构建,并在该双语数据集上微调得到双语TTP识别模型SecBiBERT。实验结果表明,SecBiBERT在50种常见TTP分类任务上的Micro F1分数达到86.49%,在全量236类TTP分类任务上Micro F1分数达到73.09%,识别性能表现良好。

隐私保护体系下网络威胁情报共享的研究现状和方案设计

网络威胁情报共享有利于实现网络安全态势感知以应对网络威胁,但网络威胁情报高度敏感,处理不当极易导致共享者利益受损或暴露安全防护弱点等严重后果。因此,网络威胁情报共享的前提是保证数据安全和用户隐私。文章聚焦隐私保护体系下的网络威胁情报共享研究,首先对网络威胁情报、网络威胁情报共享、隐私计算技术等相关内容进行总结分析;然后从网络威胁情报共享面临的安全隐私问题出发,对近年的网络威胁情报共享技术路径和研究现状进行梳理和分析;最后设计一个基于隐私计算技术的网络威胁情报共享平台方案。