Insider threat detection approach for tobacco industry based on heterogeneous graph embedding

In the tobacco industry,insider employee attack is a thorny problem that is difficult to detect.To solve this issue,this paper proposes an insider threat detection method based on heterogeneous graph embedding.First,the interrelationships between logs are fully considered,and log entries are converted into heterogeneous graphs based on these relationships.Second,the heterogeneous graph embedding is adopted and each log entry is represented as a low-dimensional feature vector.Then,normal logs and malicious logs are classified into different clusters by clustering algorithm to identify malicious logs.Finally,the effectiveness and superiority of the method is verified through experiments on the CERT dataset.The experimental results show that this method has better performance compared to some baseline methods.

Enhanced Gorilla Troops Optimizer with Deep Learning Enabled Cybersecurity Threat Detection

Recent developments in computer networks and Internet of Things(IoT)have enabled easy access to data.But the government and business sectors face several difficulties in resolving cybersecurity network issues,like novel attacks,hackers,internet criminals,and so on.Presently,malware attacks and software piracy pose serious risks in compromising the security of IoT.They can steal confidential data which results infinancial and reputational losses.The advent of machine learning(ML)and deep learning(DL)models has been employed to accomplish security in the IoT cloud environment.This article pre-sents an Enhanced Artificial Gorilla Troops Optimizer with Deep Learning Enabled Cybersecurity Threat Detection(EAGTODL-CTD)in IoT Cloud Net-works.The presented EAGTODL-CTD model encompasses the identification of the threats in the IoT cloud environment.The proposed EAGTODL-CTD mod-el mainly focuses on the conversion of input binaryfiles to color images,where the malware can be detected using an image classification problem.The EAG-TODL-CTD model pre-processes the input data to transform to a compatible for-mat.For threat detection and classification,cascaded gated recurrent unit(CGRU)model is exploited to determine class labels.Finally,EAGTO approach is employed as a hyperparameter optimizer to tune the CGRU parameters,showing the novelty of our work.The performance evaluation of the EAGTODL-CTD model is assessed on a dataset comprising two class labels namely malignant and benign.The experimental values reported the supremacy of the EAG-TODL-CTD model with increased accuracy of 99.47%.

Machine Learning Based Cybersecurity Threat Detection for Secure IoT Assisted Cloud Environment

The Internet of Things(IoT)is determine enormous economic openings for industries and allow stimulating innovation which obtain between domains in childcare for eldercare,in health service to energy,and in developed to transport.Cybersecurity develops a difficult problem in IoT platform whereas the presence of cyber-attack requires that solved.The progress of automatic devices for cyber-attack classifier and detection employing Artificial Intelligence(AI)andMachine Learning(ML)devices are crucial fact to realize security in IoT platform.It can be required for minimizing the issues of security based on IoT devices efficiently.Thus,this research proposal establishes novel mayfly optimized with Regularized Extreme Learning Machine technique called as MFO-RELM model for Cybersecurity Threat classification and detection fromthe cloud and IoT environments.The proposed MFORELM model provides the effective detection of cybersecurity threat which occur in the cloud and IoT platforms.To accomplish this,the MFO-RELM technique pre-processed the actual cloud and IoT data as to meaningful format.Besides,the proposed models will receive the pre-processing data and carry out the classifier method.For boosting the efficiency of the proposed models,theMFOtechnique was utilized to it.The experiential outcome of the proposed technique was tested utilizing the standard CICIDS 2017 dataset,and the outcomes are examined under distinct aspects.

Artificial Intelligence Based Threat Detection in Industrial Internet of Things Environment

Internet of Things(IoT)is one of the hottest research topics in recent years,thanks to its dynamic working mechanism that integrates physical and digital world into a single system.IoT technology,applied in industries,is termed as Industrial IoT(IIoT).IIoT has been found to be highly susceptible to attacks from adversaries,based on the difficulties observed in IIoT and its increased dependency upon internet and communication network.Intentional or accidental attacks on these approaches result in catastrophic effects like power outage,denial of vital health services,disruption to civil service,etc.,Thus,there is a need exists to develop a vibrant and powerful for identification and mitigation of security vulnerabilities in IIoT.In this view,the current study develops an AI-based Threat Detection and Classification model for IIoT,abbreviated as AITDC-IIoT model.The presented AITDC-IIoT model initially pre-processes the input data to transform it into a compatible format.In addition,WhaleOptimizationAlgorithm based Feature Selection(WOA-FS)is used to elect the subset of features.Moreover,Cockroach Swarm Optimization(CSO)is employed with Random Vector Functional Link network(RVFL)technique for threat classification.Finally,CSO algorithm is applied to appropriately adjust the parameters related to RVFL model.The performance of the proposed AITDC-IIoT model was validated under benchmark datasets.The experimental results established the supremacy of the proposed AITDC-IIoT model over recent approaches.

TDLens:Toward an Empirical Evaluation of Provenance Graph-Based Approach to Cyber Threat Detection

To combat increasingly sophisticated cyber attacks,the security community has proposed and deployed a large body of threat detection approaches to discover malicious behaviors on host systems and attack payloads in network traffic.Several studies have begun to focus on threat detection methods based on provenance data of host-level event tracing.On the other side,with the significant development of big data and artificial intelligence technologies,large-scale graph computing has been widely used.To this end,kinds of research try to bridge the gap between threat detection based on host log provenance data and graph algorithm,and propose the threat detection algorithm based on system provenance graph.These approaches usually generate the system provenance graph via tagging and tracking of system events,and then leverage the characteristics of the graph to conduct threat detection and attack investigation.For the purpose of deeply understanding the correctness,effectiveness,and efficiency of different graph-based threat detection algorithms,we pay attention to mainstream threat detection methods based on provenance graphs.We select and implement 5 state-of-the-art threat detection approaches among a large number of studies as evaluation objects for further analysis.To this end,we collect about 40GB of host-level raw log data in a real-world IT environment,and simulate 6 types of cyber attack scenarios in an isolated environment for malicious provenance data to build our evaluation datasets.The crosswise comparison and longitudinal assessment interpret in detail these detection approaches can detect which attack scenarios well and why.Our empirical evaluation provides a solid foundation for the improvement direction of the threat detection approach.

Multiclass Classification for Cyber Threats Detection on Twitter

The advances in technology increase the number of internet systems usage.As a result,cybersecurity issues have become more common.Cyber threats are one of the main problems in the area of cybersecurity.However,detecting cybersecurity threats is not a trivial task and thus is the center of focus for many researchers due to its importance.This study aims to analyze Twitter data to detect cyber threats using a multiclass classification approach.The data is passed through different tasks to prepare it for the analysis.Term Frequency and Inverse Document Frequency(TFIDF)features are extracted to vectorize the cleaned data and several machine learning algorithms are used to classify the Twitter posts into multiple classes of cyber threats.The results are evaluated using different metrics including precision,recall,F-score,and accuracy.This work contributes to the cyber security research area.The experiments revealed the promised results of the analysis using the Random Forest(RF)algorithm with(F-score=81%).This result outperformed the existing studies in the field of cyber threat detection and showed the importance of detecting cyber threats in social media posts.There is a need for more investigation in the field of multiclass classification to achieve more accurate results.In the future,this study suggests applying different data representations for the feature extraction other than TF-IDF such as Word2Vec,and adding a new phase for feature selection to select the optimum features subset to achieve higher accuracy of the detection process.

Cyber Resilience through Real-Time Threat Analysis in Information Security

This paper examines how cybersecurity is developing and how it relates to more conventional information security. Although information security and cyber security are sometimes used synonymously, this study contends that they are not the same. The concept of cyber security is explored, which goes beyond protecting information resources to include a wider variety of assets, including people [1]. Protecting information assets is the main goal of traditional information security, with consideration to the human element and how people fit into the security process. On the other hand, cyber security adds a new level of complexity, as people might unintentionally contribute to or become targets of cyberattacks. This aspect presents moral questions since it is becoming more widely accepted that society has a duty to protect weaker members of society, including children [1]. The study emphasizes how important cyber security is on a larger scale, with many countries creating plans and laws to counteract cyberattacks. Nevertheless, a lot of these sources frequently neglect to define the differences or the relationship between information security and cyber security [1]. The paper focus on differentiating between cybersecurity and information security on a larger scale. The study also highlights other areas of cybersecurity which includes defending people, social norms, and vital infrastructure from threats that arise from online in addition to information and technology protection. It contends that ethical issues and the human factor are becoming more and more important in protecting assets in the digital age, and that cyber security is a paradigm shift in this regard [1].

Application of Improved PSO-LSSVM on Network Threat Detection

To solve the problem of the design of classifier in network threat detection, we conduct a simulation experiment for the parameters’ optimal on least squares support vector machine （LSSVM） using the classic PSO algorithm, and the experiment shows that uneven distribution of the initial particle swarm exerts a great impact on the results of LSSVM algorithm’s classification. This article proposes an improved PSO-LSSVM algorithm based on Divide-and-Conquer （DCPSO- LSSVM） to split the optimal domain where the parameters of LSSVM are in. It can achieve the purpose of distributing the initial particles uniformly. And using the idea of Divide-and-Conquer, it can split a big problem into multiple sub-problems, thus, completing problems’ modularization Meanwhile, this paper introduces variation factors to make the particles escape from the local optimum. The results of experiment prove that DCPSO-LSSVM has better effect on classification of network threat detection compared with SVM and classic PSOLSSVM.

On designing an unaided authentication service with threat detection and leakage control for defeating opportunistic adversaries

Unaided authentication services provide the flexibility to login without being dependent on any additional device.The power of recording attack resilient unaided authentication services(RARUAS)is undeniable as,in some aspects,they are even capable of offering better security than the biometric based authentication systems.However,high login complexity of these RARUAS makes them far from usable in practice.The adopted information leakage control strategies have often been identified as the primary cause behind such high login complexities.Though recent proposals have made some significant efforts in designing a usable RARUAS by reducing its login complexity,most of them have failed to achieve the desired usability standard.In this paper,we have introduced a new notion of controlling the information leakage rate.By maintaining a good security standard,the introduced idea helps to reduce the login complexity of our proposed mechanism—named as Textual-Graphical Password-based Mechanism or TGPM,by a significant extent.Along with resisting the recording attack,TGPM also achieves a remarkable property of threat detection.To the best of our knowledge,TGPM is the first RARUAS,which can both prevent and detect the activities of the opportunistic recording attackers who can record the complete login activity of a genuine user for a few login sessions.Our study reveals that TGPM assures much higher session resiliency compared to the existing authentication services,having the same or even higher login complexities.Moreover,TGPM stores the password information in a distributed way and thus restricts the adversaries to learn the complete secret from a single compromised server.A thorough theoretical analysis has been performed to prove the strength of our proposal from both the security and usability perspectives.We have also conducted an experimental study to support the theoretical argument made on the usability standard of TGPM.

Securing Cloud-Encrypted Data:Detecting Ransomware-as-a-Service(RaaS)Attacks through Deep Learning Ensemble

Data security assurance is crucial due to the increasing prevalence of cloud computing and its widespread use across different industries,especially in light of the growing number of cybersecurity threats.A major and everpresent threat is Ransomware-as-a-Service(RaaS)assaults,which enable even individuals with minimal technical knowledge to conduct ransomware operations.This study provides a new approach for RaaS attack detection which uses an ensemble of deep learning models.For this purpose,the network intrusion detection dataset“UNSWNB15”from the Intelligent Security Group of the University of New South Wales,Australia is analyzed.In the initial phase,the rectified linear unit-,scaled exponential linear unit-,and exponential linear unit-based three separate Multi-Layer Perceptron(MLP)models are developed.Later,using the combined predictive power of these three MLPs,the RansoDetect Fusion ensemble model is introduced in the suggested methodology.The proposed ensemble technique outperforms previous studieswith impressive performance metrics results,including 98.79%accuracy and recall,98.85%precision,and 98.80%F1-score.The empirical results of this study validate the ensemble model’s ability to improve cybersecurity defenses by showing that it outperforms individual MLPmodels.In expanding the field of cybersecurity strategy,this research highlights the significance of combined deep learning models in strengthening intrusion detection systems against sophisticated cyber threats.

Adaptive Polling Rate for SNMP for Detecting Elusive DDOS

Resilient network infrastructure is pivotal for business entities that are growing reliance on the Internet.Distributed Denial-of-Service(DDOS)is a common network threat that collectively overwhelms and exhausts network resources using coordinated botnets to interrupt access to network services,devices,and resources.IDS is typically deployed to detect DDOS based on Snort rules.Although being fairly accurate,IDS operates on a computeintensive packet inspection technique and lacks rapidDDOSdetection.Meanwhile,SNMP is a comparably lightweight countermeasure for fast detection.However,this SNMP trigger is often circumvented if the DDOS burst rate is coordinated to flood the network smaller than theSNMPpolling rate.Besides,SNMP does not scale well if the poll rate is set extremely fine for improved detection accuracy.In this paper,a lightweight 3D SNMP scaling method is proposed to optimize the SNMP poll rate forDDOSmitigation automatically.The 3D-SNMP uses horizontal scaling to dynamically adjust the optimal poll rate through random packet inspection that is selective.Suppose a sign of DDOS is detected,3D-SNMP scales down the poll rate for finer detection.As DDOS subsides,3D-SNMP scales the poll rate up for faster DDOS detection.The equilibrium between scalability and accuracy is determined on the fly depending on the types of DDOS variants.3D-SNMP also adds a vertical scaling to detect non-salient DDOS that falls below the detection threshold.The experimental results showed that 3D-SNMP achieved DDOS detection of 92%while remaining scalable to different DDOS variants and volumes.

H7N9 virulent mutants detected in chickens in China pose an increased threat to humans

Supported by the Science Fund of the Creative Research Group,the research team led by Prof.Chen Hualan(陈化兰)in Harbin Veterinary Research Institute,Chinese Academy of Agricultural Sciences found that the low pathogenic H7N9viruses emerging in 2013have mutated to highly pathogenic viruses in chickens and are more dangerous to humans,which was published in Cell Research(2017,doi:10.1038/cr.2017.129).