[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
You seem to have javascript disabled. Please note that many of the page functionalities won't work as expected without javascript enabled.
 
 
Sign in to use this feature.

Years

Between: -

Subjects

remove_circle_outline
remove_circle_outline
remove_circle_outline
remove_circle_outline
remove_circle_outline
remove_circle_outline
remove_circle_outline
remove_circle_outline
remove_circle_outline

Journals

remove_circle_outline
remove_circle_outline
remove_circle_outline
remove_circle_outline

Article Types

Countries / Regions

remove_circle_outline
remove_circle_outline
remove_circle_outline
remove_circle_outline
remove_circle_outline

Search Results (821)

Search Parameters:
Keywords = cyber-threats

Order results
Result details
Results per page
Select all
Export citation of selected articles as:
29 pages, 8028 KiB  
Article
Developing a Hybrid Approach with Whale Optimization and Deep Convolutional Neural Networks for Enhancing Security in Smart Home Environments’ Sustainability Through IoT Devices
by Kavitha Ramaswami Jothi and Balamurugan Vaithiyanathan
Sustainability 2024, 16(24), 11040; https://doi.org/10.3390/su162411040 - 16 Dec 2024
Viewed by 277
Abstract
Even while living circumstances and construction techniques have generally improved, occupants of these spaces frequently feel unsatisfied with the sense of security they provide, which leads to looking for and eventually enacting ever-more-effective safety precautions. The continuous uncertainty that contemporary individuals experience, particularly [...] Read more.
Even while living circumstances and construction techniques have generally improved, occupants of these spaces frequently feel unsatisfied with the sense of security they provide, which leads to looking for and eventually enacting ever-more-effective safety precautions. The continuous uncertainty that contemporary individuals experience, particularly with regard to their protection in places like cities, prompted the field of computing to design smart devices that attempt to reduce threats and ultimately strengthen people’s sense of protection. Intelligent apps were developed to provide protection and make a residence a smart and safe home. The proliferation of technology for smart homes necessitates the implementation of rigorous safety precautions to protect users’ personal information and avoid illegal access. The importance of establishing cyber security has been recognized by academic and business institutions all around the globe. Providing reliable computation for the Internet of Things (IoT) is also crucial. A new method for enhancing safety in smart home environments’ sustainability using IoT devices is presented in this paper, combining the Whale Optimization Algorithm (WOA) with Deep Convolutional Neural Networks (DCNNs). WOA-DCNN hybridization seeks to enhance safety measures by efficiently identifying and averting possible attacks in real time. We show how effective the proposed approach is in defending smart home systems from a range of safety risks via in-depth testing and analysis. By providing a potential path for protecting smart home surroundings in a world that is growing more linked, this research advances the state of the art in IoT security. Full article
Show Figures

Figure 1

Figure 1
<p>Smart home system.</p>
Full article ">Figure 2
<p>Smart home environment.</p>
Full article ">Figure 3
<p>Proposed architecture of the smart home system.</p>
Full article ">Figure 4
<p>Demand-side load management strategies.</p>
Full article ">Figure 5
<p>Overall layout of smart home architecture.</p>
Full article ">Figure 6
<p>Humpback whale bubble-net feeding.</p>
Full article ">Figure 7
<p>Step-by-step procedure of the WOA.</p>
Full article ">Figure 8
<p>Smart home device registration.</p>
Full article ">Figure 9
<p>Smart home security based on WOA-DCNN.</p>
Full article ">Figure 10
<p>Intruder detection system architecture based on WOA-DCNN.</p>
Full article ">Figure 11
<p>Proposed system-trained confusion matrix of detecting smart home appliances from the intrusion detection system.</p>
Full article ">Figure 12
<p>Cloud federated authentication.</p>
Full article ">Figure 13
<p>(<b>a</b>) EED (<b>b</b>) Throughput of various scenarios.</p>
Full article ">Figure 14
<p>Comparison of proposed and existing systems.</p>
Full article ">Figure 14 Cont.
<p>Comparison of proposed and existing systems.</p>
Full article ">Figure 15
<p>Proposed system training and validation loss.</p>
Full article ">Figure 16
<p>Proposed system training and validation accuracy.</p>
Full article ">Figure 17
<p>QoE after 88 iterations with <math display="inline"><semantics> <mrow> <mi>α</mi> <mo>=</mo> <mn>20</mn> </mrow> </semantics></math>.</p>
Full article ">Figure 18
<p>QoE after 88 iterations with <math display="inline"><semantics> <mrow> <mi>α</mi> <mo>=</mo> <mn>15</mn> </mrow> </semantics></math>.</p>
Full article ">Figure 19
<p>QoE after 88 iterations with <math display="inline"><semantics> <mrow> <mi>α</mi> <mo>=</mo> <mn>10</mn> </mrow> </semantics></math>.</p>
Full article ">Figure 20
<p>Reliability analysis.</p>
Full article ">Figure 21
<p>Overall system stability.</p>
Full article ">Figure 22
<p>Message cost comparisons.</p>
Full article ">
18 pages, 3287 KiB  
Article
Characterising Payload Entropy in Packet Flows—Baseline Entropy Analysis for Network Anomaly Detection
by Anthony Kenyon, Lipika Deka and David Elizondo
Future Internet 2024, 16(12), 470; https://doi.org/10.3390/fi16120470 - 16 Dec 2024
Viewed by 225
Abstract
The accurate and timely detection of cyber threats is critical to keeping our online economy and data safe. A key technique in early detection is the classification of unusual patterns of network behaviour, often hidden as low-frequency events within complex time-series packet flows. [...] Read more.
The accurate and timely detection of cyber threats is critical to keeping our online economy and data safe. A key technique in early detection is the classification of unusual patterns of network behaviour, often hidden as low-frequency events within complex time-series packet flows. One of the ways in which such anomalies can be detected is to analyse the information entropy of the payload within individual packets, since changes in entropy can often indicate suspicious activity—such as whether session encryption has been compromised, or whether a plaintext channel has been co-opted as a covert channel. To decide whether activity is anomalous, we need to compare real-time entropy values with baseline values, and while the analysis of entropy in packet data is not particularly new, to the best of our knowledge, there are no published baselines for payload entropy across commonly used network services. We offer two contributions: (1) we analyse several large packet datasets to establish baseline payload information entropy values for standard network services, and (2) we present an efficient method for engineering entropy metrics from packet flows from real-time and offline packet data. Such entropy metrics can be included within feature subsets, thus making the feature set richer for subsequent analysis and machine learning applications. Full article
(This article belongs to the Special Issue Privacy and Security Issues with Edge Learning in IoT Systems)
Show Figures

Figure 1

Figure 1
<p>Simplified illustration of information entropy for a fixed set of eight symbols. Lowest entropy is achieved with a monotonic set of repeating symbols (each with probability 1 of being predicted). Highest entropy is achieved when the full symbol set is used, with each symbol appearing randomly with equal probability.</p>
Full article ">Figure 2
<p>Common well-known TCP and UDP, ‘well-known’ ports for plaintext and cryptographic services. Here, y = yes, n = no, and p = partial. Client applications that wish to use encrypted services typically start by exchanging cryptographic keys so that the rest of the conversation is secure. Note that some protocols use partially encrypted messaging, where typically the initial exchange is in plaintext. These variations in use will be clearly reflected in payload entropy values.</p>
Full article ">Figure 3
<p>Early analysis of entropy values from several content types, derived from [<a href="#B6-futureinternet-16-00470" class="html-bibr">6</a>]. <math display="inline"><semantics> <mrow> <msubsup> <mrow> <mi>H</mi> </mrow> <mrow> <mi>N</mi> </mrow> <mrow> <mi>M</mi> <mi>L</mi> <mi>E</mi> </mrow> </msubsup> </mrow> </semantics></math> is the sample entropy of a word of length N, MLE stands for Maximum Likelihood Estimator, and H<sub>N</sub> is the sample entropy. As a point of reference, <a href="#futureinternet-16-00470-f004" class="html-fig">Figure 4</a> and <a href="#futureinternet-16-00470-f005" class="html-fig">Figure 5</a> provide a more recent analysis of similar content types, where for example, email has an average entropy ranging between 5.40 (POP3) and 5.92 (SMTP).</p>
Full article ">Figure 4
<p>Two phase analysis for calculating service baseline metrics for payload entropy. Packets are first grouped into logical flows to ensure that we are tracking entropy changes for each discrete flow duration. All flow entropy values are then grouped by service types, and overall baseline entropy metrics are calculated. Note that the contribution of each dataset is weighted by sample size (to avoid the case where a smaller anomalous dataset distorts the overall metrics).We also ignore samples that are clearly labelled as anomalous in datasets such as those used in intrusion detection, since these samples may include values outside the expected baseline range.</p>
Full article ">Figure 5
<p>Datasets used in entropy calculations. The majority of samples were taken from the full UNB 2017 dataset (containing over 56 million packets), although several other datasets were tested to assess consistency. These datasets are documented in [KEN20]. The original flow summaries provided with some of these sources were not used since they lacked essential payload features, and in some, there were issues with the original flow recovery. Therefore, we reconstructed all flows and exposed additional entropy metadata. In the table, ‘samples’ indicates observations that matched a specific service type. Note that by ‘sample’, we mean the number of actual packets used in the analysis, given that network packet traces may contain packets that are either in error or not relevant to analysis.</p>
Full article ">Figure 6
<p>Mean and standard deviation for payload entropy values averaged over multiple traffic sources, by flow direction (outbound and inbound, with respect to session initiation). Note that encrypted services such as SSH, SSL, and HTTPS have average entropy values closer to 8.0, whereas unencrypted services such as Telnet, LDAP, and NetBios have low entropy values, indicating that the payload has a larger proportion of plaintext data. These data were aggregated across multiple deployment contexts (enterprise, network backbone, industrial, etc.). To account for the wide variations in sample sizes for specific protocols between packet traces, we weighed the means by sample size, so that potential outliers in small packet traces do not influence the overall mean results disproportionately.</p>
Full article ">Figure 7
<p>Illustrates the effects of symbolic content on entropy values using four raw text files. The three special ‘symbol_test’ files have limited symbolic alphabets. symbol_test_mono comprises only 1 repeated symbol, with a corresponding entropy close to zero. symbol_test_duo contains two repeated symbols, with a corresponding entropy close to 1. symbol_test_full contains a richer alphabet of 96 symbols (A–Z, a–z, plus punctuation, etc.), with corresponding entropy rising above 6. The final example is a text representation of a book, which has a lower entropy than symbol_test_full because of the frequent symbol repetitions typical in written language (some letters and sequences are far more common than others). Encrypted versions of these files also exhibit wide entropy variations in lower values due to the lack of symbol variety in the source data.</p>
Full article ">Figure 8
<p>Common file types and entropy values. ‘Plaintext’ here means unencrypted. On the right, we also see corresponding entropies for AES 256 encrypted files. We use just the 256 block size as an illustrative, since a larger block size does not significantly improve the results, given these are close to 8.0 already. Note that zip compressed files and encrypted files tend to have entropies close to 8.</p>
Full article ">
34 pages, 10226 KiB  
Article
The Improved Network Intrusion Detection Techniques Using the Feature Engineering Approach with Boosting Classifiers
by Hari Mohan Rai, Joon Yoo and Saurabh Agarwal
Mathematics 2024, 12(24), 3909; https://doi.org/10.3390/math12243909 - 11 Dec 2024
Viewed by 416
Abstract
In the domain of cybersecurity, cyber threats targeting network devices are very crucial. Because of the exponential growth of wireless devices, such as smartphones and portable devices, cyber risks are becoming increasingly frequent and common with the emergence of new types of threats. [...] Read more.
In the domain of cybersecurity, cyber threats targeting network devices are very crucial. Because of the exponential growth of wireless devices, such as smartphones and portable devices, cyber risks are becoming increasingly frequent and common with the emergence of new types of threats. This makes the automatic and accurate detection of network-based intrusion very essential. In this work, we propose a network-based intrusion detection system utilizing the comprehensive feature engineering approach combined with boosting machine-learning (ML) models. A TCP/IP-based dataset with 25,192 data samples from different protocols has been utilized in our work. To improve the dataset, we used preprocessing methods such as label encoding, correlation analysis, custom label encoding, and iterative label encoding. To improve the model’s accuracy for prediction, we then used a unique feature engineering methodology that included novel feature scaling and random forest-based feature selection techniques. We used three conventional models (NB, LR, and SVC) and four boosting classifiers (CatBoostGBM, LightGBM, HistGradientBoosting, and XGBoost) for classification. The 10-fold cross-validation methods were employed to train each model. After an assessment using numerous metrics, the best-performing model emerged as XGBoost. With mean metric values of 99.54 ± 0.0007 for accuracy, 99.53 ± 0.0013 for precision, 99.54 ± 0.001 for recall, and an F1-score of 99.53 ± 0.0014, the XGBoost model produced the best performance overall. Additionally, we showed the ROC curve for evaluating the model, which demonstrated that all boosting classifiers obtained a perfect AUC value of one. Our suggested methodologies show effectiveness and accuracy in detecting network intrusions, setting the stage for the model to be used in real time. Our method provides a strong defensive measure against malicious intrusions into network infrastructures while cyber threats keep varying. Full article
Show Figures

Figure 1

Figure 1
<p>The schematic diagram of (<b>a</b>) signature-based NIDSs and (<b>b</b>) anomaly-based NIDSs.</p>
Full article ">Figure 2
<p>The schematic diagram of (<b>a</b>) Hybrid NIDSs and (<b>b</b>) AI-powered NIDSs.</p>
Full article ">Figure 3
<p>The block diagram of the proposed methodology utilized for the NIDS using the ML approach.</p>
Full article ">Figure 4
<p>Comparative distribution of dataset in (<b>a</b>) normal and anomaly classes and (<b>b</b>) protocol types.</p>
Full article ">Figure 5
<p>Distribution patterns of destination, host, and service count in the dataset.</p>
Full article ">Figure 6
<p>Visualization of feature importance in NIDSs using the proposed approach.</p>
Full article ">Figure 7
<p>Training performance using 10-fold cross-validation of the NB classifier.</p>
Full article ">Figure 8
<p>Training performance using 10-fold cross-validation of the LR classifier.</p>
Full article ">Figure 9
<p>Training performance using 10-fold cross-validation of the SVC classifier.</p>
Full article ">Figure 10
<p>Training performance with 10-fold cross-validation using CatBoost classifier.</p>
Full article ">Figure 11
<p>Training performance with 10-fold cross-validation using LightGBM classifier.</p>
Full article ">Figure 12
<p>Training performance with 10-fold cross-validation using HistGradientBoosting classifier.</p>
Full article ">Figure 13
<p>Training performance with 10-fold cross-validation using XGBoost classifier.</p>
Full article ">Figure 14
<p>Confusion matrix for testing results: (<b>a</b>) NB classifier and (<b>b</b>) LR classifier.</p>
Full article ">Figure 15
<p>Confusion matrix for testing results: (<b>a</b>) SVC classifier and (<b>b</b>) CatBoost classifier.</p>
Full article ">Figure 16
<p>Confusion matrix for testing results: (<b>a</b>) LightGBM classifier and (<b>b</b>) HistGradientBoosing classifier.</p>
Full article ">Figure 17
<p>Confusion matrix for testing results with XGBoost classifier.</p>
Full article ">Figure 18
<p>ROC-AUC curves comparing the performance of utilized models.</p>
Full article ">
18 pages, 572 KiB  
Article
Infrastructure and Tools for Testing the Vulnerability of Control Systems to Cyberattacks: A Coal Mine Industrial Facility Case
by Sebastian Plamowski, Patryk Chaber, Maciej Ławryńczuk, Robert Nebeluk, Ewa Niewiadomska-Szynkiewicz, Jakub Suchorab, Krzysztof Zarzycki, Adam Kozakiewicz and Andrzej Stachurski
Appl. Sci. 2024, 14(23), 11325; https://doi.org/10.3390/app142311325 - 4 Dec 2024
Viewed by 622
Abstract
Testing the vulnerability of information systems to cyberattacks is essential to ensure the operational security of organizations and industrial processes. In particular, it is essential to ensure the resilience of industrial processes, as a possible cyberattack can lead to process malfunctions and even [...] Read more.
Testing the vulnerability of information systems to cyberattacks is essential to ensure the operational security of organizations and industrial processes. In particular, it is essential to ensure the resilience of industrial processes, as a possible cyberattack can lead to process malfunctions and even process shutdowns, which can lead to substantial economic losses. The possibility of various attacks, e.g., ransomware, phishing, or advanced persistent threats (APTs), requires the evaluation of the effectiveness of cyberattack detection and incident response mechanisms. In industry, it is often impossible to carry out this type of test without risking system disruption, making it difficult to assess the true effectiveness of security features. This article discusses the issues concerned with testing the cyber resilience of a system operating in a real coal mine. First, this work briefly presents the hardware and software architecture used in the coal mine. Secondly, it describes the problem of replicating a real system in the laboratory and the necessary tools and methods used to implement a resilient system architecture. Finally, the scenarios of cyberattacks are detailed, and the obtained results are discussed. Full article
(This article belongs to the Special Issue Intelligent Systems and Information Security)
Show Figures

Figure 1

Figure 1
<p>Three-layer industrial control infrastructure.</p>
Full article ">Figure 2
<p>IT/OT infrastructure in mines.</p>
Full article ">Figure 3
<p>Laboratory test infrastructure.</p>
Full article ">Figure 4
<p>Traffic as a function of the number of registers; the sleep time is 0.1 s.</p>
Full article ">Figure 5
<p>CPU usage as a function of the number of registers; the sleep time is 0.1 s.</p>
Full article ">Figure 6
<p>Traffic as a function of sleep time; the number of registers is 100.</p>
Full article ">Figure 7
<p>CPU usage as a function of the sleep time; the number of registers is 100.</p>
Full article ">
34 pages, 645 KiB  
Review
Survey of Transformer-Based Malicious Software Detection Systems
by Mohammed Alshomrani, Aiiad Albeshri, Badraddin Alturki, Fouad Shoie Alallah and Abdulaziz A. Alsulami
Electronics 2024, 13(23), 4677; https://doi.org/10.3390/electronics13234677 - 27 Nov 2024
Viewed by 685
Abstract
In the recent past, the level of cyber threats has changed drastically, leading to the current transformation of the cybersecurity landscape. For example, emerging threats like Zero-day and polymorphic malware cannot be detected by conventional detection methods like heuristic and signature-based methods, which [...] Read more.
In the recent past, the level of cyber threats has changed drastically, leading to the current transformation of the cybersecurity landscape. For example, emerging threats like Zero-day and polymorphic malware cannot be detected by conventional detection methods like heuristic and signature-based methods, which have proven useful in the identification of malware. In view of this shift in the cybersecurity paradigm, this study proposes to discuss the utilization of transformer models to improve malware detection effectiveness and the accuracy and efficiency in detecting malicious software. In this regard, this study adopts the application of transformers in identifying different forms of malicious software: ransomware, spyware, and trojans. Transformers are endowed with the ability to handle sequential data and capture intricate patterns. By employing deep learning techniques and conducting thorough contextual analysis, these models enhance the detection process by identifying subtle indications of compromise, which traditional methods may overlook. This research also explains the challenges and limitations related to the application of transformer-based models in real-world cybersecurity settings, which include computing requirements and large-scale labeled datasets’ requirements. By the end, the article suggests potential future research avenues in order to improve and integrate these models into cybersecurity systems. Full article
(This article belongs to the Special Issue AI-Based Solutions for Cybersecurity)
Show Figures

Figure 1

Figure 1
<p>Generic methodology for malware detection system using transformer.</p>
Full article ">Figure 2
<p>Workflow of vision transformer-based malware detection.</p>
Full article ">Figure 3
<p>Workflow of graph transformer-based malware detection.</p>
Full article ">Figure 4
<p>Workflow of text transformer-based malware detection.</p>
Full article ">
21 pages, 3699 KiB  
Article
A Distributed RF Threat Sensing Architecture
by Georgios Michalis, Andreas Rousias, Loizos Kanaris, Akis Kokkinis , Pantelis Kanaris  and Stavros Stavrou
Information 2024, 15(12), 752; https://doi.org/10.3390/info15120752 - 26 Nov 2024
Viewed by 427
Abstract
The scope of this work is to propose a distributed RF sensing architecture that interconnects and utilizes a cyber security operations center (SOC) to support long-term RF threat monitoring, alerting, and further centralized processing. For the purpose of this work, RF threats refer [...] Read more.
The scope of this work is to propose a distributed RF sensing architecture that interconnects and utilizes a cyber security operations center (SOC) to support long-term RF threat monitoring, alerting, and further centralized processing. For the purpose of this work, RF threats refer mainly to RF jamming, since this can jeopardize multiple wireless systems, either directly as a Denial of Service (DoS) attack, or as a means to force a cellular or WiFi wireless client to connect to a malicious system. Furthermore, the possibility of the suggested architecture to monitor signals from malicious drones in short distances is also examined. The work proposes, develops, and examines the performance of RF sensing sensors that can monitor any frequency band within the range of 1 MHz to 8 GHz, through selective band pass RF filtering, and subsequently these sensors are connected to a remote SOC. The proposed sensors incorporate an automatic calibration and time-depended environment RF profiling algorithm and procedure for optimizing RF jamming detection in a dense RF spectrum, occupied by heterogeneous RF technologies, thus minimizing false-positive alerts. The overall architecture supports TCP/IP interconnections of multiple RF jamming detection sensors through an efficient MQTT protocol, allowing the collaborative operation of sensors that are distributed in different areas of interest, depending on the scenario of interest, offering holistic monitoring by the centralized SOC. The incorporation of the centralized SOC in the overall architecture allows also the centralized application of machine learning algorithms on all the received data. Full article
(This article belongs to the Special Issue Emerging Information Technologies in the Field of Cyber Defense)
Show Figures

Figure 1

Figure 1
<p>RF sensor connectivity outline.</p>
Full article ">Figure 2
<p>RF sensor to SOC connectivity outline.</p>
Full article ">Figure 3
<p>RF sensor system calibration.</p>
Full article ">Figure 4
<p>Vivaldi directional antenna.</p>
Full article ">Figure 5
<p>Min and Max RF input levels.</p>
Full article ">Figure 6
<p>Visualized sensor data in a SOC.</p>
Full article ">Figure 7
<p>Small city airfield.</p>
Full article ">Figure 8
<p>High-power sweep jamming detection at 2.4 GHz band.</p>
Full article ">Figure 9
<p>High-power sweep jamming detection at 5.8 GHz band.</p>
Full article ">Figure 10
<p>Low-power jamming detection at 5.8 GHz band.</p>
Full article ">Figure 11
<p>DJI Mavic 3 Pro RF signals at 150 m.</p>
Full article ">
16 pages, 1110 KiB  
Systematic Review
Antimicrobial Resistance Surveillance in Post-Soviet Countries: A Systematic Review
by Dariga Zhazykhbayeva, Dinagul Bayesheva, Zhanar Kosherova and Yuliya Semenova
Antibiotics 2024, 13(12), 1129; https://doi.org/10.3390/antibiotics13121129 - 25 Nov 2024
Viewed by 697
Abstract
Background: Antimicrobial resistance (AMR) is a global health threat. AMR surveillance is crucial for understanding and controlling the spread of AMR. Surveillance systems can inform clinicians, guide health policymakers, and support effective AMR interventions. AMR surveillance data from former Soviet region countries are [...] Read more.
Background: Antimicrobial resistance (AMR) is a global health threat. AMR surveillance is crucial for understanding and controlling the spread of AMR. Surveillance systems can inform clinicians, guide health policymakers, and support effective AMR interventions. AMR surveillance data from former Soviet region countries are often limited, resulting in gaps in up-to-date knowledge. Methods: This systematic review was registered under the PROSPERO protocol CRD42024537799 and followed the PRISMA guidelines. Data from five databases (PubMed, MEDLINE, Embase, CINAHL, and CyberLeninka) and official sources were searched according to the inclusion criteria. Results: In total, 30 publications describing AMR surveillance and National Action Plans (NAPs) were included. Among the 15 countries, 14 (93.3%) have either developed a NAP or are in the process of implementing one; and 7 (46.7%) countries have a standardized AMR surveillance system. Almost all countries have reference laboratory centers, but nine (60%) countries have established standard testing methods in all sites. Only three (20%) countries have fully implemented quality assessment. There is an increasing tendency to involve and report AMR data to international networks, and countries will strengthen their AMR systems by adhering to international standards. The subgroup analysis revealed that Central and Western Asian countries are less developed in terms of AMR surveillance, which may encourage proactive engagement in AMR governance in these regions. Conclusions: This review is crucial for understanding the current efforts and improving AMR surveillance in former Soviet countries. The findings are promising and indicate that AMR surveillance is established in all reviewed countries, although at different levels. Full article
Show Figures

Figure 1

Figure 1
<p>Map of countries under review. (<b>a</b>) The income level is categorized according to World Bank definitions as a high-income country (HIC), upper-middle-income country (UMIC), and lower-middle-income country (LMIC), with the population in parenthesis as of 2023 [<a href="#B12-antibiotics-13-01129" class="html-bibr">12</a>]; (<b>b</b>) Level of national AMR surveillance and estimated population coverage in parenthesis as of the latest CAESAR report [<a href="#B35-antibiotics-13-01129" class="html-bibr">35</a>]; n/d—no data available.</p>
Full article ">Figure 2
<p>PRISMA 2020 flow diagram. NA—not applicable (all identified publications successfully retrieved).</p>
Full article ">
20 pages, 4057 KiB  
Article
Cybersecurity in Smart Grids: Detecting False Data Injection Attacks Utilizing Supervised Machine Learning Techniques
by Anwer Shees, Mohd Tariq and Arif I. Sarwat
Energies 2024, 17(23), 5870; https://doi.org/10.3390/en17235870 - 22 Nov 2024
Viewed by 627
Abstract
By integrating advanced technologies and data-driven systems in smart grids, there has been a significant revolution in the energy distribution sector, bringing a new era of efficiency and sustainability. Nevertheless, with this advancement comes vulnerability, particularly in the form of cyber threats, which [...] Read more.
By integrating advanced technologies and data-driven systems in smart grids, there has been a significant revolution in the energy distribution sector, bringing a new era of efficiency and sustainability. Nevertheless, with this advancement comes vulnerability, particularly in the form of cyber threats, which have the potential to damage critical infrastructure. False data injection attacks are among the threats to the cyber–physical layer of smart grids. False data injection attacks pose a significant risk, manipulating the data in the control system layer to compromise the grid’s integrity. An early detection and mitigation of such cyberattacks are crucial to ensuring the smart grid operates securely and reliably. In this research paper, we demonstrate different machine learning classification models for detecting false data injection attacks, including the Extra Tree, Random Forest, Extreme Gradient Boosting, Logistic Regression, Decision Tree, and Bagging Classifiers, to secure the integrity of smart grids. A comprehensive dataset of various attack scenarios provides insights to explore and develop effective detection models. Results show that the Extra Tree, Random Forest, and Extreme Gradient Boosting models’ accuracy in detecting the attack outperformed the existing literature, an achieving accuracy of 98%, 97%, and 97%, respectively. Full article
(This article belongs to the Section A1: Smart Grids and Microgrids)
Show Figures

Figure 1

Figure 1
<p>Smart grid under FDIA scenario in the Cyber Layer.</p>
Full article ">Figure 2
<p>Flow diagram of the work conducted.</p>
Full article ">Figure 3
<p>Process of decision-making by Extra Tree Classifier.</p>
Full article ">Figure 4
<p>Comparison of ROC curves with different classifiers.</p>
Full article ">Figure 5
<p>Confusion matrix showing TP, TN, FP, and FN.</p>
Full article ">Figure 6
<p>Line graph of performance.</p>
Full article ">Figure 7
<p>Depicts the performance of different techniques.</p>
Full article ">Figure 8
<p>The network topology.</p>
Full article ">Figure 9
<p>Comparison of accuracy of different states of the art, from left [<a href="#B44-energies-17-05870" class="html-bibr">44</a>,<a href="#B45-energies-17-05870" class="html-bibr">45</a>,<a href="#B46-energies-17-05870" class="html-bibr">46</a>,<a href="#B47-energies-17-05870" class="html-bibr">47</a>,<a href="#B48-energies-17-05870" class="html-bibr">48</a>,<a href="#B49-energies-17-05870" class="html-bibr">49</a>], and our proposed models.</p>
Full article ">
22 pages, 1621 KiB  
Article
Intelligent Energy Management Systems in Industry 5.0: Cybersecurity Applications in Examples
by Barbara Wyrzykowska, Hubert Szczepaniuk, Edyta Karolina Szczepaniuk, Anna Rytko and Marzena Kacprzak
Energies 2024, 17(23), 5871; https://doi.org/10.3390/en17235871 - 22 Nov 2024
Viewed by 493
Abstract
The article examines modern approaches to energy management in the context of the development of Industry 5.0 with a particular focus on cybersecurity. Key tenets of Industry 5.0 are discussed, including the integration of advanced technologies with intelligent energy management systems (IEMSs) and [...] Read more.
The article examines modern approaches to energy management in the context of the development of Industry 5.0 with a particular focus on cybersecurity. Key tenets of Industry 5.0 are discussed, including the integration of advanced technologies with intelligent energy management systems (IEMSs) and the growing need to protect data in the face of increasing cyber threats. The challenges faced by small and medium-sized enterprises (SMEs) using solutions based on renewable energy sources, such as photovoltaic farms, are also analyzed. The article presents examples of IEMS applications and discusses methods for securing these systems, offering an overview of cyber threat protection tools in the context of modern energy management. The analysis carried out provided information that will help businesses make rational decisions and contribute to shaping the state’s macroeconomic policy on cybersecurity and energy savings. The results of this research can also help develop more effective strategies for managing technology and IT infrastructure, which is crucial in the digital age of Industry 5.0. Full article
(This article belongs to the Section F5: Artificial Intelligence and Smart Energy)
Show Figures

Figure 1

Figure 1
<p>Research algorithm. Source: own work.</p>
Full article ">Figure 2
<p>Energy production from photovoltaic panels at company (A) in 2023. Source: own compilation based on research.</p>
Full article ">Figure 3
<p>Energy production from photovoltaic panels at company (B) in 2023. Source: own compilation based on research.</p>
Full article ">Figure 4
<p>Data protection and cybersecurity methods used in surveyed companies. Source: own compilation, based on research.</p>
Full article ">
12 pages, 408 KiB  
Article
Privacy-Preserving Data Sharing in Telehealth Services
by Ammar Odeh, Eman Abdelfattah and Walid Salameh
Appl. Sci. 2024, 14(23), 10808; https://doi.org/10.3390/app142310808 - 22 Nov 2024
Viewed by 629
Abstract
In today’s healthcare industry, safeguarding patient data is critical due to the increasing digitization of medical records, which makes them vulnerable to cyber threats. Telehealth services, while providing immense benefits in terms of accessibility and efficiency, introduce complex challenges in maintaining data privacy [...] Read more.
In today’s healthcare industry, safeguarding patient data is critical due to the increasing digitization of medical records, which makes them vulnerable to cyber threats. Telehealth services, while providing immense benefits in terms of accessibility and efficiency, introduce complex challenges in maintaining data privacy and security. This paper proposes a privacy-preserving framework for secure data sharing within telehealth services, employing blockchain technology and advanced cryptographic techniques. The framework ensures that all patient health data are encrypted using homomorphic encryption before storage on the blockchain, guaranteeing confidentiality and protecting data from unauthorized access. Secure multi-party computation (SMPC) is integrated for encrypted data computations, maintaining data confidentiality even during operations. Smart contracts enforce access control, ensuring that patient preferences and regulatory requirements such as the HIPAA and the GDPR are met. Furthermore, the framework includes auditing and verifying data integrity mechanisms, making it resilient against cyber threats such as impersonation, replay, and Man-In-The-Middle attacks. The analysis demonstrates the framework’s superior performance in addressing these challenges compared to that of existing systems. Future work suggests integrating AI-driven threat detection and quantum-resistant cryptographic techniques to enhance security further and adapt to the evolving telehealth landscape. Full article
(This article belongs to the Section Computing and Artificial Intelligence)
Show Figures

Figure 1

Figure 1
<p>Sequence diagram for the proposed algorithm.</p>
Full article ">
25 pages, 2657 KiB  
Article
Domain-Specific Modeling Language for Security Analysis of EV Charging Infrastructure
by Anas Motii, Mahmoud El Hamlaoui and Robert Basmadjian
Energies 2024, 17(23), 5832; https://doi.org/10.3390/en17235832 - 21 Nov 2024
Viewed by 583
Abstract
Electric vehicles (EVs) and their ecosystem have unquestionably made significant technological strides. Indeed, EVs have evolved into sophisticated computer systems with extensive internal and external communication capabilities. This interconnection raises concerns about security, privacy, and the expanding risk of cyber-attacks within the electric [...] Read more.
Electric vehicles (EVs) and their ecosystem have unquestionably made significant technological strides. Indeed, EVs have evolved into sophisticated computer systems with extensive internal and external communication capabilities. This interconnection raises concerns about security, privacy, and the expanding risk of cyber-attacks within the electric vehicle landscape. In particular, the charging infrastructure plays a crucial role in the electric mobility ecosystem. With the proliferation of charging points, new attack vectors are opened up for cybercriminals. The threat landscape targeting charging systems encompasses various types of attacks ranging from physical attacks to data breaches including customer information. In this paper, we aim to leverage the power of model-driven engineering to model and analyze EV charging systems at early stages. We employ domain-specific modeling language (DSML) techniques for the early security modeling and analysis of EV charging infrastructure. We accomplish this by integrating the established EMSA model for electric mobility, which encapsulates all key stakeholders in the ecosystem. To our knowledge, this represents the first instance in the literature of applying DSML within the electric mobility ecosystem, highlighting its innovative nature. Moreover, as our formalization based on DSML is an iterative, continuous, and evolving process, this approach guarantees that our proposed framework adeptly tackles the evolving cyber threats confronting the EV industry. Specifically, we use the Object Constraint Language (OCL) for precise specification and verification of security threats as properties of a modeled system. To validate our framework, we explore a set of representative threats targeting EV charging systems from real-world scenarios. To the best of our knowledge, this is the first attempt to provide a comprehensive security modeling framework for the electric mobility ecosystem. Full article
(This article belongs to the Section E: Electric Vehicles)
Show Figures

Figure 1

Figure 1
<p>On the left side of the figure lies the component layer within the EMSA model, delineating the diverse zones and domains constituting the electric mobility ecosystem. Represented by blue boxes are the actors and stakeholders, interconnected by arrows to showcase the dynamic relationships among them. On the right side, the EMSA model unfolds its five interoperability layers, commencing from the uppermost tier, business, and cascading down to the lowermost tier, component. Each layer embodies distinct functionalities and interactions crucial for seamless operations within the electric mobility landscape.</p>
Full article ">Figure 2
<p>A methodology to analyze EV infrastructure.</p>
Full article ">Figure 3
<p>The considered extraction process based on a threat identified in [<a href="#B15-energies-17-05832" class="html-bibr">15</a>].</p>
Full article ">Figure 4
<p>E-mobility metamodel kernel.</p>
Full article ">Figure 5
<p>E-mobility metamodel—energy transfer element view.</p>
Full article ">Figure 6
<p>E-mobility metamodel—EV user element view.</p>
Full article ">Figure 7
<p>E-mobility metamodel—data view.</p>
Full article ">Figure 8
<p>EV charging infrastructure model instance and security analysis results.</p>
Full article ">Figure 9
<p>Excerpt of the grammar implemented with Xtext.</p>
Full article ">Figure 10
<p>Screenshot of our prototype showing the textual editor, the auto completion, and the result.</p>
Full article ">Figure 11
<p>Threats formalization with OCL in Obeo Designer.</p>
Full article ">Figure 12
<p>At the upper part of the figure, security needs for each component, communication and data are described. Threats, STRIDE category, risk level, and mitigations are shown at the lower part.</p>
Full article ">Figure 13
<p>Risk matrix showing the risks, their likelihood, severity, and risk level.</p>
Full article ">Figure 14
<p>ISO 21434 [<a href="#B36-energies-17-05832" class="html-bibr">36</a>] standard components highlighting in the red colored box the positioning of our approach.</p>
Full article ">
29 pages, 5030 KiB  
Article
The Design and Implementation of Kerberos-Blockchain Vehicular Ad-Hoc Networks Authentication Across Diverse Network Scenarios
by Maya Rahayu, Md. Biplob Hossain, Samsul Huda, Yuta Kodera, Md. Arshad Ali and Yasuyuki Nogami
Sensors 2024, 24(23), 7428; https://doi.org/10.3390/s24237428 - 21 Nov 2024
Viewed by 564
Abstract
Vehicular Ad-Hoc Networks (VANETs) play an essential role in the intelligent transportation era, furnishing users with essential roadway data to facilitate optimal route selection and mitigate the risk of accidents. However, the network exposure makes VANETs susceptible to cyber threats, making authentication crucial [...] Read more.
Vehicular Ad-Hoc Networks (VANETs) play an essential role in the intelligent transportation era, furnishing users with essential roadway data to facilitate optimal route selection and mitigate the risk of accidents. However, the network exposure makes VANETs susceptible to cyber threats, making authentication crucial for ensuring security and integrity. Therefore, joining entity verification is essential to ensure the integrity and security of communication in VANETs. However, to authenticate the entities, authentication time should be minimized to guarantee fast and secure authentication procedures. We propose an authentication system for VANETs using blockchain and Kerberos for storing authentication messages in a blockchain ledger accessible to Trusted Authentication Servers (TASs) and Roadside Units (RSUs). We evaluate the system in three diverse network scenarios: suburban, urban with 1 TAS, and urban with 2 TASs. The findings reveal that this proposal is applicable in diverse network scenarios to fulfill the network requirements, including authentication, handover, and end-to-end delay, considering an additional TAS for an increasing number of vehicles. The system is also practicable in storing the authentication message in blockchain considering the gas values and memory size for all scenarios. Full article
(This article belongs to the Section Sensor Networks)
Show Figures

Figure 1

Figure 1
<p>The vulnerability of VANET.</p>
Full article ">Figure 2
<p>Resume of initial authentication phase and handover process.</p>
Full article ">Figure 3
<p>Main parts of the Kerberos-blockchain VANETs system.</p>
Full article ">Figure 4
<p>Experiment case scenarios: (<b>a</b>) suburban, (<b>b</b>) urban with 1 TAS, and (<b>c</b>) urban with 2 TASs.</p>
Full article ">Figure 5
<p>Maps for the scenario of (<b>a</b>) suburban and (<b>b</b>) urban with 1 TAS and (<b>c</b>) urban with 2 TASs.</p>
Full article ">Figure 6
<p>Initial authentication phase.</p>
Full article ">Figure 7
<p>Handover signaling procedure.</p>
Full article ">Figure 8
<p>Off-chain and on-chain environment of the proposed system.</p>
Full article ">Figure 9
<p>Comparison of several delays of different scenarios.</p>
Full article ">Figure 10
<p>Signalling overhead.</p>
Full article ">Figure 11
<p>Number of vehicles vs. gas values.</p>
Full article ">Figure 12
<p>Memory size required for the block to store various authentication message.</p>
Full article ">
25 pages, 1580 KiB  
Review
Near-Field Communication (NFC) Cyber Threats and Mitigation Solutions in Payment Transactions: A Review
by Princewill Onumadu and Hossein Abroshan
Sensors 2024, 24(23), 7423; https://doi.org/10.3390/s24237423 - 21 Nov 2024
Viewed by 1109
Abstract
Today, many businesses use near-field communications (NFC) payment solutions, which allow them to receive payments from customers quickly and smoothly. However, this technology comes with cyber security risks which must be analyzed and mitigated. This study explores the cyber risks associated with NFC [...] Read more.
Today, many businesses use near-field communications (NFC) payment solutions, which allow them to receive payments from customers quickly and smoothly. However, this technology comes with cyber security risks which must be analyzed and mitigated. This study explores the cyber risks associated with NFC transactions and examines strategies for mitigating these risks, focusing on payment devices. This paper provides an overview of NFC technology, related security vulnerabilities, privacy concerns, and fraudulent activities. It then investigates payment devices such as smartphones, contactless cards, and wearables, highlighting their features and vulnerabilities. The study also examines encryption, authentication, tokenization, biometric authentication, and fraud detection methods as risk mitigation strategies. The paper synthesizes theoretical frameworks to provide insights into NFC transaction security and offers stakeholder recommendations. Full article
(This article belongs to the Section Communications)
Show Figures

Figure 1

Figure 1
<p>Number of selected studies by year.</p>
Full article ">Figure 2
<p>Schematic diagram PRISMA Literature Review.</p>
Full article ">Figure 3
<p>High-resolution block diagram of key NFC security technologies.</p>
Full article ">
22 pages, 945 KiB  
Review
Resilience in the Internet of Medical Things: A Review and Case Study
by Vikas Tomer, Sachin Sharma and Mark Davis
Future Internet 2024, 16(11), 430; https://doi.org/10.3390/fi16110430 - 20 Nov 2024
Viewed by 836
Abstract
The Internet of Medical Things (IoMT), an extension of the Internet of Things (IoT), is still in its early stages of development. Challenges that are inherent to IoT, persist in IoMT as well. The major focus is on data transmission within the healthcare [...] Read more.
The Internet of Medical Things (IoMT), an extension of the Internet of Things (IoT), is still in its early stages of development. Challenges that are inherent to IoT, persist in IoMT as well. The major focus is on data transmission within the healthcare domain due to its profound impact on health and public well-being. Issues such as latency, bandwidth constraints, and concerns regarding security and privacy are critical in IoMT owing to the sensitive nature of patient data, including patient identity and health status. Numerous forms of cyber-attacks pose threats to IoMT networks, making the reliable and secure transmission of critical medical data a challenging task. Several other situations, such as natural disasters, war, construction works, etc., can cause IoMT networks to become unavailable and fail to transmit the data. The first step in these situations is to recover from failure as quickly as possible, resume the data transfer, and detect the cause of faults, failures, and errors. Several solutions exist in the literature to make the IoMT resilient to failure. However, no single approach proposed in the literature can simultaneously protect the IoMT networks from various attacks, failures, and faults. This paper begins with a detailed description of IoMT and its applications. It considers the underlying requirements of resilience for IoMT networks, such as monitoring, control, diagnosis, and recovery. This paper comprehensively analyzes existing research efforts to provide IoMT network resilience against diverse causes. After investigating several research proposals, we identify that the combination of software-defined networks (SDNs), machine learning (ML), and microservices architecture (MSA) has the capabilities to fulfill the requirements for achieving resilience in the IoMT networks. It mainly focuses on the analysis of technologies, such as SDN, ML, and MSA, separately, for meeting the resilience requirements in the IoMT networks. SDN can be used for monitoring and control, and ML can be used for anomaly detection and diagnosis, whereas MSA can be used for bringing distributed functionality and recovery into the IoMT networks. This paper provides a case study that describes the remote patient monitoring (RPM) of a heart patient in IoMT networks. It covers the different failure scenarios in IoMT infrastructure. Finally, we provide a proposed methodology that elaborates how distributed functionality can be achieved during these failures using machine learning, software-defined networks, and microservices technologies. Full article
(This article belongs to the Special Issue The Future Internet of Medical Things II)
Show Figures

Figure 1

Figure 1
<p>Possible issues of remote patient monitoring.</p>
Full article ">Figure 2
<p>Functional components of IoMT.</p>
Full article ">Figure 3
<p>Mapping of critical requirements into key technologies for resilient IoMT networks.</p>
Full article ">Figure 4
<p>Failure scenario in a general layerwise architecture.</p>
Full article ">Figure 5
<p>A single-point-of-failure issue in an IoMT network.</p>
Full article ">Figure 6
<p>An expected framework of IoMT networks with distributed functionality and resilience.</p>
Full article ">Figure 7
<p>Proposed architecture by using the combination of SDN, ML, and MSA.</p>
Full article ">
24 pages, 4561 KiB  
Article
Dual-Frequency Multi-Constellation Global Navigation Satellite System/Inertial Measurements Unit Tight Hybridization for Urban Air Mobility Applications
by Gianluca Corraro, Federico Corraro, Andrea Flora, Giovanni Cuciniello, Luca Garbarino and Roberto Senatore
Aerospace 2024, 11(11), 955; https://doi.org/10.3390/aerospace11110955 - 20 Nov 2024
Viewed by 546
Abstract
A global navigation satellite system (GNSS) for remotely piloted aircraft systems (RPASs) positioning is essential, thanks to the worldwide availability and continuity of this technology in the provision of positioning services. This makes the GNSS technology a critical element as malfunctions impacting on [...] Read more.
A global navigation satellite system (GNSS) for remotely piloted aircraft systems (RPASs) positioning is essential, thanks to the worldwide availability and continuity of this technology in the provision of positioning services. This makes the GNSS technology a critical element as malfunctions impacting on the determination of the position, velocity and timing (PVT) solution could determine safety issues. Such an aspect is particularly challenging in urban air mobility (UAM) scenarios, where low satellite visibility, multipath, radio frequency interference and cyber threats can dangerously affect the PVT solution. So, to meet integrity requirements, GNSS receiver measurements are augmented/fused with other aircraft sensors that can supply position and/or velocity information on the aircraft without relying on any other satellite and/or ground infrastructures. In this framework, in this paper, the algorithms of a hybrid navigation unit (HNU) for UAM applications are detailed, implementing a tightly coupled sensor fusion between a dual-frequency multi-constellation GNSS receiver, an inertial measurements unit and the barometric altitude from an air data computer. The implemented navigation algorithm is integrated with autonomous fault detection and exclusion of GPS/Galileo/BeiDou satellites and the estimation of navigation solution integrity/accuracy (i.e., protection level and figures of merit). In-flight tests were performed to validate the HNU functionalities demonstrating its effectiveness in UAM scenarios even in the presence of cyber threats. In detail, the navigation solution, compared with a real-time kinematic GPS receiver used as the reference centimetre-level position sensor, demonstrated good accuracy, with position errors below 15 m horizontally and 10 m vertically under nominal conditions (i.e., urban scenarios characterized by satellite low visibility and multipath). It continued to provide a valid navigation solution even in the presence of off-nominal events, such as spoofing attacks. The cyber threats were correctly detected and excluded by the system through the indication of the valid/not valid satellite measurements. However, the results indicate a need for fine-tuning the EKF to improve the estimation of figures of merit and protection levels associated to the navigation solution during the cyber-attacks. In contrast, solution accuracy and integrity indicators are well estimated in nominal conditions. Full article
Show Figures

Figure 1

Figure 1
<p>Functional architecture of HNU system.</p>
Full article ">Figure 2
<p>Inertial integration algorithm in ENU frame, where <span class="html-italic">L</span>, <b><span class="html-italic">λ</span></b> and <span class="html-italic">h</span> represent latitude, longitude and altitude values at time step <span class="html-italic">k</span> and <span class="html-italic">k</span> − 1, respectively.</p>
Full article ">Figure 3
<p>KF update algorithm.</p>
Full article ">Figure 4
<p>Detailed architecture of the in-flight test rig.</p>
Full article ">Figure 5
<p>Internal and external view of the experimental flight vehicle (modified TECNAM P92-Echo S) highlighting the locations of the equipment installed on board.</p>
Full article ">Figure 6
<p>Actual (flight) vs. virtual operational area.</p>
Full article ">Figure 7
<p>Comparison among the GNSS-received satellites, the satellites provided by the GTS and the validated ones from the FDE algorithm.</p>
Full article ">Figure 8
<p>Terrain elevation along the RPAS flight plan in Rome operational area (virtual area). The spoofer/jammer position is highlighted in green.</p>
Full article ">Figure 9
<p>Horizontal (<b>a</b>) and vertical (<b>b</b>) trajectory performed by the vehicle from the take-off to landing (i.e., HNU recorded data) demonstrating the proper HNU behaviour compared to the RTK horizontal centimetric position recorded (i.e., GCS recorded data).</p>
Full article ">Figure 10
<p>FDE status indication (0, no failure; 1, failure detected and excluded; 2, failure detected and not excluded; 3, test not possible due to wrong GNSS or KF data; 4, sanity check failed, i.e., all satellites seem to be invalid).</p>
Full article ">Figure 11
<p>HNU position performance on the horizontal (<b>a</b>) and on the vertical (<b>b</b>) plane.</p>
Full article ">Figure 12
<p>HNU velocity performance on the horizontal (<b>a</b>) and on the vertical (<b>b</b>) plane.</p>
Full article ">
Back to TopTop