Survey on Deep Learning Approaches for Detection of Email Security Threat

Emailing is among the cheapest and most easily accessible platforms,and covers every idea of the present century like banking,personal login database,academic information,invitation,marketing,advertisement,social engineering,model creation on cyber-based technologies,etc.The uncontrolled development and easy access to the internet are the reasons for the increased insecurity in email communication.Therefore,this review paper aims to investigate deep learning approaches for detecting the threats associated with e-mail security.This study compiles the literature related to the deep learning methodologies,which are applicable for providing safety in the field of cyber security of email in different organizations.Relevant data were extracted from different research depositories.The paper discusses various solutions for handling these threats.Different challenges and issues are also investigated for e-mail security threats including social engineering,malware,spam,and phishing in the existing solutions to identify the core current problem and set the road for future studies.The review analysis showed that communication media is the common platform for attackers to conduct fraudulent activities via spoofed e-mails and fake websites and this research has combined the merit and demerits of the deep learning approaches adaption in email security threat by the usage of models and technologies.The study highlighted the contrasts of deep learning approaches in detecting email security threats.This review study has set criteria to include studies that deal with at least one of the six machine models in cyber security.

On Development of Platform for Organization Security Threat Analytics and Management (POSTAM) Using Rule-Based Approach

The integration of organisation’s information security policy into threat modeling enhances effectiveness of security strategies for information security management. These security policies are the ones which define the sets of security issues, controls and organisation’s commitment for seamless integration with knowledge based platforms in order to protect critical assets and data. Such platforms are needed to evaluate and share violations which can create security loop-hole. The lack of rules-based approaches for discovering potential threats at organisation’s context, poses a challenge for many organisations in safeguarding their critical assets. To address the challenge, this paper introduces a Platform for Organisation Security Threat Analytic and Management (POSTAM) using rule-based approach. The platform enhances strategies for combating information security threats and thus improves organisations’ commitment in protecting their critical assets. R scripting language for data visualization and java-based scripts were used to develop a prototype to run on web protocol. MySQL database management system was used as back-end for data storage during threat analytic processes.

DL-Powered Anomaly Identification System for Enhanced IoT Data Security

In many commercial and public sectors,the Internet of Things(IoT)is deeply embedded.Cyber security threats aimed at compromising the security,reliability,or accessibility of data are a serious concern for the IoT.Due to the collection of data from several IoT devices,the IoT presents unique challenges for detecting anomalous behavior.It is the responsibility of an Intrusion Detection System(IDS)to ensure the security of a network by reporting any suspicious activity.By identifying failed and successful attacks,IDS provides a more comprehensive security capability.A reliable and efficient anomaly detection system is essential for IoT-driven decision-making.Using deep learning-based anomaly detection,this study proposes an IoT anomaly detection system capable of identifying relevant characteristics in a controlled environment.These factors are used by the classifier to improve its ability to identify fraudulent IoT data.For efficient outlier detection,the author proposed a Convolutional Neural Network(CNN)with Long Short Term Memory(LSTM)based Attention Mechanism(ACNN-LSTM).As part of the ACNN-LSTM model,CNN units are deployed with an attention mechanism to avoid memory loss and gradient dispersion.Using the N-BaIoT and IoT-23 datasets,the model is verified.According to the N-BaIoT dataset,the overall accuracy is 99%,and precision,recall,and F1-score are also 0.99.In addition,the IoT-23 dataset shows a commendable accuracy of 99%.In terms of accuracy and recall,it scored 0.99,while the F1-score was 0.98.The LSTM model with attention achieved an accuracy of 95%,while the CNN model achieved an accuracy of 88%.According to the loss graph,attention-based models had lower loss values,indicating that they were more effective at detecting anomalies.In both the N-BaIoT and IoT-23 datasets,the receiver operating characteristic and area under the curve(ROC-AUC)graphs demonstrated exceptional accuracy of 99%to 100%for the Attention-based CNN and LSTM models.This indicates that these models are capable of making precise predictions.

A Comprehensive Survey for Privacy-Preserving Biometrics: Recent Approaches, Challenges, and Future Directions

The rapid growth of smart technologies and services has intensified the challenges surrounding identity authenti-cation techniques.Biometric credentials are increasingly being used for verification due to their advantages over traditional methods,making it crucial to safeguard the privacy of people’s biometric data in various scenarios.This paper offers an in-depth exploration for privacy-preserving techniques and potential threats to biometric systems.It proposes a noble and thorough taxonomy survey for privacy-preserving techniques,as well as a systematic framework for categorizing the field’s existing literature.We review the state-of-the-art methods and address their advantages and limitations in the context of various biometric modalities,such as face,fingerprint,and eye detection.The survey encompasses various categories of privacy-preserving mechanisms and examines the trade-offs between security,privacy,and recognition performance,as well as the issues and future research directions.It aims to provide researchers,professionals,and decision-makers with a thorough understanding of the existing privacy-preserving solutions in biometric recognition systems and serves as the foundation of the development of more secure and privacy-preserving biometric technologies.

Rethinking National Security Strategies in Africa

The delivery of security to state and citizens will continue to be the daunting task facing nation states in Africa.Many African countries are becoming increasingly unable to deliver security to their citizens and in some instances;states themselves have become sources of insecurity.This is attributed less to the evolving security threats exacerbated by megatrends but more to the governance deficit manifested in weak social contract and strategic leadership that are short supply in many African countries.Despite a well-articulated security and defense policy of the African Union with a call for its member states to do the same,there is a dearth of national security strategies in most African states.This is largely attributed not only to the lack of effective implementation mechanisms of such policy but importantly to the absence of tools to help member states to craft and implement their national security strategies.There is a convincing wealth of evidence that shows a well-designed and inclusive process of developing national security strategies enables decision-makers to better confront the security threats and improve effective delivery of security to all citizens and state.Such a process provides an invaluable opportunity as well for forging a new social contract between state and its people.This article is an attempt to contribute to rethinking of how security could be perceived,planned,and delivered to the citizens in Africa.

A Multilayer Security Framework for Cloud Computing in Internet of Things (IoT) Domain

Cloud computing is a type of emerging computing technology that relies on shared computing resources rather than having local servers or personal devices to handle applications. It is an emerging technology that provides services over the internet: Utilizing the online services of different software. Many works have been carried out and various security frameworks relating to the security issues of cloud computing have been proposed in numerous ways. But they do not propose a quantitative approach to analyze and evaluate privacy and security in cloud computing systems. In this research, we try to introduce top security concerns of cloud computing systems, analyze the threats and propose some countermeasures for them. We use a quantitative security risk assessment model to present a multilayer security framework for the solution of the security threats of cloud computing systems. For evaluating the performance of the proposed security framework we have utilized an Own-Cloud platform using a 64-bit quad-core processor based embedded system. Own-Cloud platform is quite literally as any analytics, machine learning algorithms or signal processing techniques can be implemented using the vast variety of Python libraries built for those purposes. In addition, we have proposed two algorithms, which have been deployed in the Own-Cloud for mitigating the attacks and threats to cloud-like reply attacks, DoS/DDoS, back door attacks, Zombie, etc. Moreover, unbalanced RSA based encryption is used to reduce the risk of authentication and authorization. This framework is able to mitigate the targeted attacks satisfactorily.

Attacks Against Cross-Chain Systems and Defense Approaches:A Contemporary Survey

The blockchain cross-chain is a significant technology for inter-chain interconnection and value transfer among different blockchain networks.Cross-chain overcomes the“information island”problem of the closed blockchain network and is increasingly applied to multiple critical areas such as finance and the internet of things(IoT).Blockchain can be divided into three main categories of blockchain networks:public blockchains,private blockchains,and consortium blockchains.However,there are differences in block structures,consensus mechanisms,and complex working mechanisms among heterogeneous blockchains.The fragility of the cross-chain system itself makes the cross-chain system face some potential security and privacy threats.This paper discusses security defects on the cross-chain implementation mechanism,and discusses the impact of the structural features of blockchain networks on cross-chain security.In terms of cross-chain intercommunication,a cross-chain attack can be divided into a multi-chain combination attack,native chain attack,and inter-chain attack diffusion.Then various security threats and attack paths faced by the cross-chain system are analyzed.At last,the corresponding security defense methods of cross-chain security threats and future research directions for cross-chain applications are put forward.

A Review on Cybersecurity Analysis,Attack Detection,and Attack Defense Methods in Cyber-physical Power Systems

Potential malicious cyber-attacks to power systems which are connected to a wide range of stakeholders from the top to tail will impose significant societal risks and challenges.The timely detection and defense are of crucial importance for safe and reliable operation of cyber-physical power systems(CPPSs).This paper presents a comprehensive review of some of the latest attack detection and defense strategies.Firstly,the vulnerabilities brought by some new information and communication technologies(ICTs)are analyzed,and their impacts on the security of CPPSs are discussed.Various malicious cyber-attacks on cyber and physical layers are then analyzed within CPPSs framework,and their features and negative impacts are discussed.Secondly,two current mainstream attack detection methods including state estimation based and machine learning based methods are analyzed,and their benefits and drawbacks are discussed.Moreover,two current mainstream attack defense methods including active defense and passive defense methods are comprehensively discussed.Finally,the trends and challenges in attack detection and defense strategies in CPPSs are provided.

Poisoning attacks and countermeasures in intelligent networks:Status quo and prospects

Over the past years,the emergence of intelligent networks empowered by machine learning techniques has brought great facilitates to different aspects of human life.However,using machine learning in intelligent networks also presents potential security and privacy threats.A common practice is the so-called poisoning attacks where malicious users inject fake training data with the aim of corrupting the learned model.In this survey,we comprehensively review existing poisoning attacks as well as the countermeasures in intelligent networks for the first time.We emphasize and compare the principles of the formal poisoning attacks employed in different categories of learning algorithms,and analyze the strengths and limitations of corresponding defense methods in a compact form.We also highlight some remaining challenges and future directions in the attack-defense confrontation to promote further research in this emerging yet promising area.

Advanced Authentication Mechanisms for Identity and Access Management inCloud Computing

Identity management is based on the creation and management of useridentities for granting access to the cloud resources based on the user attributes.The cloud identity and access management (IAM) grants the authorization tothe end-users to perform different actions on the specified cloud resources. Theauthorizations in the IAM are grouped into roles instead of granting them directlyto the end-users. Due to the multiplicity of cloud locations where data resides anddue to the lack of a centralized user authority for granting or denying cloud userrequests, there must be several security strategies and models to overcome theseissues. Another major concern in IAM services is the excessive or the lack ofaccess level to different users with previously granted authorizations. This paperproposes a comprehensive review of security services and threats. Based on thepresented services and threats, advanced frameworks for IAM that provideauthentication mechanisms in public and private cloud platforms. A threat modelhas been applied to validate the proposed authentication frameworks with different security threats. The proposed models proved high efficiency in protectingcloud platforms from insider attacks, single sign-on failure, brute force attacks,denial of service, user privacy threats, and data privacy threats.

China’s Security Protection of Chinese Nationals in the Middle East

Strengthening the security protection of overseas Chinese is an important means for China to safeguard its overseas interests.The Middle East is in turmoil with frequent security incidents involving Chinese nationals and their assets.Ensuring the safety of Chinese natioanls is an important part of promoting the sound development of China and the Middle East relations.Drawing on the questionnaire survey,this paper examines the security threats and risks faced by Chinese nationals in some Middle Eastern states,and seeks to explore how China might enhance its security protection capability accordingly for Chinese nationals in the Middle East.It shows that the Chinese government has taken a series of measures to safeguard the legitimate rights and interests of Chinese nationals,by strengthening the top-level design and mechanism coordination,improving the consular protection system and overseas evacuation capabilities,and participating in security governance and non-traditional security cooperation in the Middle East.

Threats,attacks and defenses to federated learning:issues,taxonomy and perspectives

Empirical attacks on Federated Learning(FL)systems indicate that FL is fraught with numerous attack surfaces throughout the FL execution.These attacks can not only cause models to fail in specific tasks,but also infer private information.While previous surveys have identified the risks,listed the attack methods available in the literature or provided a basic taxonomy to classify them,they mainly focused on the risks in the training phase of FL.In this work,we survey the threats,attacks and defenses to FL throughout the whole process of FL in three phases,including Data and Behavior Auditing Phase,Training Phase and Predicting Phase.We further provide a comprehensive analysis of these threats,attacks and defenses,and summarize their issues and taxonomy.Our work considers security and privacy of FL based on the viewpoint of the execution process of FL.We highlight that establishing a trusted FL requires adequate measures to mitigate security and privacy threats at each phase.Finally,we discuss the limitations of current attacks and defense approaches and provide an outlook on promising future research directions in FL.

A cloud-based experimental platform for networked industrial control systems

Today,a large number of information and communication technologies(ICT)and networking technologies are being used in industrial control systems.Thus,networked industrial control systems(NICS)are exposed to many security threats.Moreover,new technologies for NICS also need to be tested.This paper presents a cloud-based experimental platform for NICS to test new technologies and security threats.A cloud platform is used to emulate network devices and Simulink is used to simulate the physical layer.To build this testbed,we modify the cloud platform and add three modules to the testbed.One module is used so that the cloud platform can connect to real devices.By using this module,real devices can be added to the networks in the cloud platform.The second module is used for network connection configurations in the testbed.By using this module,the bandwidth,delay and packet loss rate for networks in the testbed can all be set.The third module is used to connect the Simulink to the testbed.The main features of the proposed platform are high flexibility,high authenticity,and low cost.Advanced persistent threat(APT)attacks are a common threat for NICS nowadays.In order to prove the feasibility of the proposed testbed,a common NICS is established and an APT attack is executed on it.