ABSTRACT
Health care is always a top priority, and that has not changed no matter how far we have come in terms of technology. Since the coronavirus epidemic broke out, almost every country has made health care a top priority. Therefore, the best way to deal with the coronavirus pandemic and other urgent health problems is through the use of IoHT. The tremendous growth of IoT devices and networks especially in the healthcare domain generates massive amounts of data, necessitating careful authentication and security. Other domains include agriculture, smart homes, industry, etc. These massive data streams can be evaluated to determine undesirable patterns. It has the potential to reduce functional risks, avoid problems that are not visible, and eliminate system downtime. Past systematic and comprehensive reviews have significantly aided the field of cybersecurity. However, this research focuses on IoT issues relating to the medical or healthcare domain, using the systematic literature review method. The current literature in health care is not enough to analyze the anomaly of IoHT. This research has revealed that fact. In our subsequent work, we will discuss the architecture of IoHT and use AI techniques such as CNN and SVM to detect intrusions in IoHT. In the interest of advancing scientific knowledge, this study identifies and suggests potential new lines of inquiry that may be pursued in this area of study. © 2023, The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
ABSTRACT
The COVID-19 pandemic has impacted everyday life, the global economy, travel, and commerce. In many cases, the tight measures put in place to stop COVID-19 have caused depression and other diseases. As many medical systems over the world are unable to hospitalize all the patients, some of them may get home healthcare assistance, while the government and healthcare organizations have access to substantial sickness management data. It allows patients to routinely update their health status and have it sent to distant hospitals. In certain cases, the medical authorities may designate quarantine stations and provide supervision equipment and platforms (such as Internet of Medical Things (IoMT) devices) for performing an infection-free treatment, whereas IoMT devices often lack enough protection, making them vulnerable to many threats. In this paper, we present an intrusion detection system (IDS) for IoMTs based on the following gradient boosting machines approaches: XGBoost, LightGBM, and CatBoost. With more than 99% in many evaluation measures, these approaches had a high detection rate and could be an effective solution in preventing attacks on IoMT devices. © 2023, The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
ABSTRACT
Outlier is a value that lies outside most of the other values in a dataset. Outlier exploration has a huge importance in almost all the industry applications like medical diagnosis, credit card fraudulence and intrusion detection systems. Similarly, in economic domain, it can be applied to analyse many unexpected events to harvest new knowledge like sudden crash of stock market, mismatch between country's per capita incomes and overall development, abrupt change in unemployment rate and steep falling of bank interest. These situations can arise due to several reasons, out of which the present COVID-19 pandemic is a leading one. This motivates the present researchers to identify a few such vulnerable areas in the economic sphere and ferret out the most affected countries for each of them. Two well-known machine-learning techniques DBSCAN and Z-score are utilised to get these insights, which can serve as a guideline towards improving the overall scenario subsequently. Copyright © 2023 Inderscience Enterprises Ltd.
ABSTRACT
As social media use increases, the number of users has risen also. This has increased the volume of data carried over the network, making it more important to secure users' data and privacy from threats. As users are unaware of hackers, social media's security flaws and new forms of attack will persist. Intrusion detection systems, therefore, are vital to identifying intrusion risks. This paper examines a variety of intrusion detection techniques used to detect cyberattacks on social media networks. The paper provides a summary of the prevalent attacks on social media networks, such as phishing, fake profiles, account compromise, and cyberbullying. Then, the most prevalent techniques for classifying network traffic, including statistical and artificial intelligence (AI) techniques, are addressed. The literature also demonstrates that because AI can manage vast, scalable networks, AI-based IDSs are more effective at classifying network traffic and detecting intrusions in complex social media networks. However, AI-based IDSs exhibit high computational and space complexities;therefore, despite their remarkable performance, they are more suitable for high computing power systems. Hybrid IDSs, utilizing statistical feature selection and shallow neural networks, may provide a compromise between computational requirements and efficiency. This investigation shows that accuracies of statistical techniques range from 90% to 97.5%. In contrast, AI and ML technique detection accuracy ranges from 78% to 99.95%. Similarly, swarm and evolutionary techniques achieved from 84% to 99.95% and deep learning-based detection techniques achieved from 45% to more than 99% detection rates. Convolutional neural network deep learning systems outperformed other methods due to their ability to automatically craft the features that would classify the network traffic with high accuracy.
ABSTRACT
Applications of internet-of-things (IoT) are increasingly being used in many facets of our daily life, which results in an enormous volume of data. Cloud computing and fog computing, two of the most common technologies used in IoT applications, have led to major security concerns. Cyberattacks are on the rise as a result of the usage of these technologies since present security measures are insufficient. Several artificial intelligence (AI) based security solutions, such as intrusion detection systems (IDS), have been proposed in recent years. Intelligent technologies that require data preprocessing and machine learning algorithm-performance augmentation require the use of feature selection (FS) techniques to increase classifica-tion accuracy by minimizing the number of features selected. On the other hand, metaheuristic optimization algorithms have been widely used in feature selection in recent decades. In this paper, we proposed a hybrid optimization algorithm for feature selection in IDS. The proposed algorithm is based on grey wolf (GW), and dipper throated optimization (DTO) algorithms and is referred to as GWDTO. The proposed algorithm has a better balance between the exploration and exploitation steps of the optimization process and thus could achieve better performance. On the employed IoT-IDS dataset, the performance of the proposed GWDTO algorithm was assessed using a set of evaluation metrics and compared to other optimization approaches in the literature to validate its superiority. In addition, a statistical analysis is performed to assess the stability and effectiveness of the proposed approach. Experimental results confirmed the superiority of the proposed approach in boosting the classification accuracy of the intrusion in IoT-based networks.
ABSTRACT
Wireless sensor networks (WSN) playa significant role in the collection and transmission of data. The principal data collectors and broadcasters are small wireless sensor nodes. As a result of their disorganized layout, the nodes in this network are vulnerable to intrusion. Every aspect of human life includes some form of technological interaction. While the Covid-19 pandemic has been ongoing, the whole corporate and academic world has gone digital. As a direct result of digitization, there has been a rise in the frequency with which Internet-based systems are attacked and breached. The Distributed Denial of Service (DDoS) and Distributed Reflective Denial of Service (DRDoS) assaults are new and dangerous type of cyberattacks that can quickly bring down any service or application that relies on the Internet's infrastructure. Cybercriminals are always refining their methods of attack and evading detection by using techniques that are out of date. Traditional detection systems are not suited to identify novel DDoS attacks since the volume of data created and stored has expanded exponentially in recent years. This research provides a comprehensive overview of the relevant literature, focusing on deep learning for DDoS and DRDoS detection. Due to the expanding number of loT gadgets, distributed DDoS and DRDoS attacks are becoming more likely and more damaging. Due to their lack of generalizability, current attack detection methods cannot be used for early detection of DDoS and DRDoS, resulting in significant load or service degradation when implemented at the endpoint. In this research, a brief review is performed on the models that are used for identification of DDoS and DRDoS attacks. The working of the existing models and the limitations of the models are briefly analyzed in this research. © 2023 IEEE.
ABSTRACT
Over recent years, the outbreak of Covid-19 has infected more than a billion people. Due to this crisis, the healthcare industry is revolutionizing using the Internet of Health Things (IoHT). As a result, the increasing number of distributed connected objects, their heterogeneity, and mobility have led to a dramatic expansion in the volume of medical data, consequently, a considerable increase in cybercrime. However, the security of the healthcare system must be considered a top priority. According to the policy principles of cybersecurity intrusion detection systems (IDS) are effective and indispensable security tools. We propose in this paper a collaborative distributed fog-based intrusion detection system reinforced by using blockchain to ensure trust and reliability between Fog nodes, and machine learning (ML) approaches with the effective open-source Catboost benefiting from the GPU library to get a record detection and computation time. © 2023, The Author(s), under exclusive license to Springer Nature Switzerland AG.
ABSTRACT
In the era of COVID19, the world has shifted to an online presence and is now forced to embrace the usage of digital technology in their daily lives. With the meteoric rise of internet-based devices, there is a requirement for a protocol for secure communication between these devices. Message Queueing Telemetry Transport (MQTT) is the standard protocol for IoT devices. The MQTT implementation with IDS have very prominent usability and has huge potential for increasing efficiency. Therefore, in this paper, an IDS has been proposed with MQTT as a protocol for IoT devices, using machine learning to improve the pattern recognition of the IDS. The proposed system has been tested with three machine learning algorithms, namely, and the results show that they are adequate for the MQTT protocol © 2022 IEEE.
ABSTRACT
After the COVID-19 pandemic, cyberattacks are increasing as non-face-to-face environments such as telecommuting and telemedicine proliferate. Cyberattackers exploit vulnerabilities in remote systems and endpoint devices in major enterprises and infrastructures. To counter these attacks, fast detection and response are essential because advanced persistent threat (APT) attacks intelligently infiltrate endpoint devices for long periods and spread to large-scale environments. However, because conventional security systems are signature-based, fast detection of APT attacks is challenging, and it is difficult to respond flexibly to the environment. In this study, we propose an APT fast detection and response technique using open-source tools that improves the efficiency of existing endpoint information protection systems and swiftly detects the APT attack process. Performance test results based on realistic scenarios using the open-source APT attack library and MITER ATT&CK indicated that fast detection was possible with higher accuracy for the early stages of APT attacks in scenarios where endpoint attack detectors are interworking environments. © 2022 The Authors
ABSTRACT
The Internet of Things (IoT) industry is growing with the high-quality collaboration with Cloud Computing. The data generated by the IoT devices is quite large which can be efficiently stored and processed by the cloud. Further, the scenario like COVID-19 led to an unexpected flood of IoT devices on enabling networks to facilitate online services, which increases the potential threats to the companies fighting to remain operational during the crises. Still, the problem with the IoT devices is their weak security implications because vendors prioritize other factors like energy-saving and efficiency at the cost of security. The Attacker can send malicious requests through the vulnerable IoT device to the network and exploit the cloud in various ways. So, to address this issue, a Game Theoretic Approach to enhance IDS detection (GTA-IDS) in Cloud Environment has been devised that helps the Defender system to be more efficient, accurate in decision-making and save energy. The algorithm based on relative information entropy has been developed to defend against such attacks. The Bayesian Nash Equilibrium (BNE) has been used to make the Defender's strategies and perform actions to maximize its payoffs. The model has been tested on the NSL-KDD dataset and the results have been compared to the existing techniques. The results show that despite efforts made by the Attacker, the Defender always gets a better gain and ultimately eliminates the attack.
ABSTRACT
With the rapid growth of cloud or on-premises storage, widespread networking and other physical devices, complex IT infrastructure and processes for creating, processing, and storing all forms of electronic data, securing data that too in the initial compromise phase is critical, so it doesn't translate back into a cyber-attack. During the covid pandemic where the whole world was working from open networks, data breaches and cyber security issues have gone to their peak. Intruders are moving laterally compromising data intelligently following various techniques like delaying the attack cycle where the intruder enters the network, gathers information, and stays away for a couple of days so that their previous interaction goes faded. This article describes the collaborative pattern analysis and event chaining of the compromised data during the reconnaissance phase of the attack chain and enables deception technology by enhancing predictability and planning to place decoys in the network dynamically. Deception technology can understand instantaneous data and provide verdicts based on real-time interactions. If any suspicious behaviour encountered by the decoys for that instance is co-related well with the attack matrix an alarm is being raised where decoys generate lures which create a false information stream that leads attackers exposed while protecting real enterprise network and assets. However, the current setup is not enabled to a level where it can track attackers who are working from multiple endpoints at the same time or using the gained data from the scans to access in the future. We are proposing a new and efficient Event chaining-based solution (named as DT-Chains) that overcomes the limitations in earlier proposed solutions. As part of this framework, we propose to design and develop a solution that will do an analysis on reconnaissance Attack Data. This newly proposed solution is expected to enable existing deception Technology to reduce false positives and helps to track attackers which are working from multiple endpoints at the same time or using the gained data from the scans to access in the future. This will also help in predicting the attack critical path which enables automated deception triggers for decoys.
ABSTRACT
Network security has benefited from intrusion detection, which may spot unexpected threats from network traffic. Modern methods for detecting network anomalies typically rely on conventional machine learning models. The human construction of traffic features that these systems mainly rely on, which is no longer relevant in the age of big data, results in relatively low accuracy and certain exceptional features. A storage authentication and access control model based on Interplanetary File System (IPFS) and a network intrusion detection system based on Chronological Anticorona Virus Optimization are hence the main goals of this research (CACVO-based DRN).The setup, user registration, initialization, data encryption and storage, authentication, testing, access control, and decryption stages are used here to perform the blockchain authentication and access control. After then, DRN is used to perform network intrusion detection. To do this, the recorded data log file is initially sent to the feature fusion module, which uses Deep Belief Network and hybrid correlation factors (DBN). After the feature fusion is complete, the proposed optimization technique, CACVO, which was recently developed by fusing the Chronological Concept with Anti Corona virus Optimization (ACVO) algorithm, is used to perform intrusion detection utilizing DRN. The experimental outcome shows that, based on the f-measure value of 0.939 and 0.938, respectively, the developed model achieved greater performance.
ABSTRACT
During the COVID-19 pandemic, the need for digitalization of business processes has increased. Consequently, the number of cyberattacks has also increased, which has a negative impact on businesses. One way to detect cyber threats in a system is to perform network traffic analysis using automated techniques. Machine learning algorithms are able to ensure data analysis automation. This research was conducted to understand how to select the most suitable classifiers for network traffic analysis machine learning ensemble. The CICIDS-2017 intrusion detection evaluation dataset was selected for training and testing of the created approach. The binary classification machine learning ensemble consisted of random forest (RF), 3 types of decision trees (DT), XGBoost, and extremely randomized trees (ET) classifiers. The multiclass classification machine learning ensemble consisted of all the classifiers mentioned above, except the XGBoost classifier. In the case of binary classification, the machine learning ensemble reached an accuracy of 0.9997 using test data. The training time is 449.5 seconds, while the testing rate is 32768 records per second. The multiclass machine learning ensemble reached 0.9991 accuracy using test data, training time 1671.39 seconds, and testing rate 7695 records per second. © 2022 IEEE.
ABSTRACT
The current computing context has developed important opportunities and challenges by the new attacks that occurred recently due to the pandemic situation (COVID-19), cybersecurity has crossed and still passing through significant changes by the technology and its operation. Many computer security incident response teams (CSIRT) and cybersecurity centers had reported significant behaviors of the attacks and they raised multiple warning signs, some of them being ignored by different third parties and others were taken into consideration and new frameworks started to be translated into research directions as a cross-collaboration between researchers and professionals. As a conclusion of CSIRTs, data science is the leader and gives the tone of the change. Identifying properly the security incident patterns or different types of insights within the cybersecurity data and implementing the right data-driven model, represents the main task is to achieve for an automated and intelligent security system. In this paper, we will propose a machine learning framework for cybersecurity, focusing on data science for cybersecurity, where the data collected from trusted sources t are relevant for cybersecurity. Our work will kickstart discussion on various research challenges which are open for improvements and will also point out the most challenging future research directions. Altogether, our purpose is not limited to discussing data science within the cybersecurity context and relevant methods/algorithms, but also to focus on the applicability of taking the most intelligent decisions based on data to protect the systems against cyber attacks. © 2023, The Author(s), under exclusive license to Springer Nature Switzerland AG.
ABSTRACT
Still in many countries COVID19 virus is changing its structure and creating damages in terms of economy and education. In India during the period of January 2022 third wave is on its high peak. Many colleges and schools are still forced to teach online. This paper describes how cyber security actionable or practical fundamental were taught by school or college teachers. Various cyber security tools are used to explain the actionable insight of the subject. Main Topics or concepts covered are MITM (Man In the Middle Attack) using ethercap tool in Kali Linux, spoofing methods like ARP (Address Resolution Protocol) spoofing and DNS (Domain Name System) spoofing, network intrusion detection using snort , finding information about packets using wireshark tool and other tools like nmap and netcat for finding the vulnerability. Even brief details were given about how to crack password using wireshark. © 2022 IEEE.
ABSTRACT
Intrusion detection/prevention systems have attracted much interest in recent years due to increased online connectivity. In recent years due to COVID pandemic and due to the increased number of online users, online data has become more and more exposed to different types of attacks. Hence, in order to keep data safe, it has become quite important to detect/prevent such attacks. An IDS is a sensor that is used for the observation of such attacks on the nodes or the network itself, and in this way, it tries to keep the information safe from possible attacks. However, accurately identifying such attacks so that they can be prevented effectively is a concern. This accuracy is measured by the number of false positive & false negative in a dataset. These days ML/DL algorithms are being significantly utilized for improving the accuracy of different systems (e.g., health care, stock market, forecasting etc.). Considering its importance, the work presented here studies the impact of using ML/DL algorithms on the accuracy of IDS/IPS. The impact of these algorithms is studied by using evaluation metrics for classification of network assaults in the intrusion detection system using different datasets. These algorithms are subject to further changes for improving the accuracy parameters based on evaluation metrics. © 2022 IEEE.
ABSTRACT
Cyber security is the implementation of smart technologies to safeguard computer systems, mobile devices, communication networks or most importantly the sensitive and confidential data saved in those systems or devices from various types of cyber-attacks, unauthorized access, hackers or intruders. Cyber security can also be considered as a subset of information security because information security is a general term. It aims to protect a wider domain which includes all kinds of information assets either hard copy or soft copy. The recent accelerating rise in digitalization due to Covid-19 has brought in many new challenges. The amount of personal data present on the web due to the same has raised concerns among users. However, it's not only the personal data that is a matter of concern but also the dataset which is given as input to numerous machine learning and deep learning models. Local networks are prone to attacks and intrusion activities now more than ever. As a result, cyber security experts have been working on the development of more complex monitoring systems and algorithms for the detection and prevention of such activities. Various technologies like machine learning and deep learning might play a significant role in improving cyber security. It can help in analyzing patterns and improving the models for recognizing similar attacks in future. This research work aims to study intrusion detection systems in detail and differentiate between intrusion detection systems, intrusion prevention systems and firewalls as IDS and IPS are commonly regarded as the same thing. It also highlights the previous works related to this subject along with their suggested methods. © 2022 IEEE.
ABSTRACT
Detecting and intercepting malicious requests are some of the most widely used ways against attacks in the network security, especially in the severe COVID-19 environment. Most existing detecting approaches, including matching blacklist characters and machine learning algorithms have all shown to be vulnerable to sophisticated attacks. To address the above issues, a more general and rigorous detection method is required. In this paper, we formulate the problem of detecting malicious requests as a temporal sequence classification problem, and propose a novel deep learning model namely GBLNet, girdling bidirectional LSTM with multi-granularity CNNs. By connecting the shadow and deep feature maps of the convolutional layers, the malicious feature extracting ability is improved on more detailed functionality. Experimental results on HTTP dataset CSIC 2010 demonstrate that GBLNet can efficiently detect intrusion traffic with superior accuracy and evaluating speed, compared with the state-of-the-arts. © 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.
ABSTRACT
All around the world, the rapid spread of the pandemic (COVID-19) has brought an enormous challenge, especially to the ICT industry. The total lockdown which prevailed had increased the use of the internet, which is a challenge to safety and security. Thus, an Intrusion Detection System (IDS) is needed to maintain this emergence of the boundless communication paradigm. This paper proposed an optimized Network IDS by applying two machine learning algorithms in intrusion dataset and feature selection techniques to optimize the IDS model. The viability of this work is shown by comparing, the result of the model with existing work. The decision tree applied outperformed the Naïve Bayes algorithm with 89.27% and 75.09% accuracy, respectively. © 2022 IEEE.
ABSTRACT
With more devices being inter- or intra-connected, Internet of Things (IoT) has gradually been adopted in many disciplines, such as healthcare industry, coined as Internet of Medical Things (IoMT). The purpose of IoMT is to facilitate the efficiency and effectiveness of medical operations, i.e., remotely monitoring the status of patients. In such healthcare environments, smartphones have become an important device to communicate with others and update the information of patients, resulting in a special type of IoMT called Medical Smartphone Networks (MSNs). To reinforce the distributed architecture, trust management schemes are often implemented to defend against insider attacks. However, how to maintain the robustness of trust management in heavy traffic networks still remains a challenge, i.e., COVID-19 incident would cause excessive traffic for healthcare organizations and increase the difficulty of validating trustworthiness among MSN nodes. In this work, we focus on this issue and propose a blockchain-enabled adaptive traffic sampling method to help enhance the robustness of trust management under high traffic environments. The use of blockchain technology aims to build a verified database of malicious traffic among all nodes. The evaluation in a real healthcare environment demonstrates the viability and effectiveness of our approach.