Journal of Cybersecurity and Information Management

Journal DOI

https://doi.org/10.54216/JCIM

Submit Your Paper

2690-6775ISSN (Online) 2769-7851ISSN (Print)

A Hybrid Intrusion Detection Approach for Cyber Attacks

Amrita Bhatnagar , Arun Giri , Aditi Sharma

The field of cybersecurity constantly evolves as attackers develop new methods and technologies. Defending against cyberattacks involves a combination of robust security measures, regular updates, user education, and the use of advanced technologies, such as intrusion detection systems and artificial intelligence, to find out the threats in real-time. IDS are designed to identify and address any unauthorized actions or potential security threats within a computer network or system. A hybrid intrusion detection system (IDS) combines many detection techniques and strategies from different IDS types into a single, coherent solution. Combining the benefits of each approach should result in more comprehensive and effective intrusion detection. This paper outlines a proposed anomaly intrusion detection system (AIDS) framework that leverages a hybrid of deep learning strategies. It incorporates Long Short-Term Memory (LSTM) and Gated Recurrent Unit (GRU) models, which were developed using XGBoost, and their efficacy was assessed with the NSL-KDD dataset. The evaluation of the suggested model focused on its accuracy, detection capabilities, and the rate of false positives. The outcomes of this research are noteworthy within the cybersecurity field. In this paper, a framework of an Anomaly IDS is proposed. The purpose of an anomaly IDS, or AIDS, is to spot odd behavior on a network or system that might point to a security breach or malevolent attempt to hack it. Anomaly-based IDSs concentrate on finding departures from accepted typical behavior, in contrast to signature-based detection systems, which depend on a predefined database of known attack patterns.

Read More

Doi: https://doi.org/10.54216/JCIM.130201

Vol. 13 Issue. 2 PP. 08-18, (2024)

Enhanced Intrusion Detection Using Stacked FT-Transformer Architecture

S. Phani Praveen , Thulasi Bikku , P. Muthukumar , K. Sandeep , Jampani Chandra Sekhar , V. Krishna Pratap

The function of network intrusion detection systems (NIDS) in protecting networks from cyberattacks is crucial. Many of the more conventional techniques rely on signature-based approaches, which have a hard time distinguishing between various types of assaults. Using stacked FT-Transformer architecture, this research suggests a new way to identify intrusions in networks. When it comes to dealing with complicated tabular data, FT-Transformers—a variant of the Transformer model—have shown outstanding performance. Because of the inherent tabular nature of network traffic data, FT-Transformers are an attractive option for intrusion detection jobs. In this area, our study looks at how FT-Transformers outperform more conventional machine learning (ML) methods. Our working hypothesis is that, in comparison to single-layered ML models, FT-Transformers will achieve better detection accuracy due to their intrinsic capacity to grasp long-range correlations in network traffic data. We also test the FT-Transformer model on several network traffic datasets that include various protocols and attack kinds to see how well it performs and how generalizable it is. The purpose of this research is to shed light on how well and how versatile FT-Transformers perform for detecting intrusions in networks. We aim to prove that FT-Transformers can secure networks from ever-changing cyber threats by comparing their performance to that of classic ML models and by testing their generalizability.

Read More

Doi: https://doi.org/10.54216/JCIM.130202

Vol. 13 Issue. 2 PP. 19-29, (2024)

Optimizing AI-Based Automated Security Patch Deployment in IoT Devices to Combat Zero-Day Exploits and Advanced Cyber Attacks

Abedallah Zaid Abualkishik , Nodira Zikrillaeva , Gulyamova Gulnora

This research shows a complete security design for Internet of Things (IoT) devices. It improves security by using five methods that work together. At the beginning of the process, a machine learning-based method for ranking changes is used. Then, architectures are put in place for scalable patch distribution, anomaly detection, dynamic risk assessment, and integrating threat data. Using five connected algorithms, the purpose of this research is to create a complete security framework for Internet of Things devices. Dynamic risk assessment, scalable patch delivery, integration with threat intelligence, and anomaly detection for zero-day vulnerabilities are among its characteristics. It also identifies zero-day vulnerabilities. Furthermore, it prioritises repairs using machine learning data. Every solution seeks to address a specific component of IoT security, such as dynamic risk assessments, effective patch distribution, and patch prioritisation based on vulnerability data. It is critical to maintain the Internet of Things ecosystem's safety, flexibility, and efficiency. An integrated approach provides a strong defence against cyberattacks, which is crucial for ecosystem preservation.With this system, you can get better accuracy, flexibility, and resource use than with other methods. To help explain how the methods work, charts and flowcharts are used. The ablation study indicates that each method is important because it shows how they all help keep IoT devices safe. The suggested design considers how cyber risks are always changing to protect connected devices in a lot of different places from hackers.

Read More

Doi: https://doi.org/10.54216/JCIM.130203

Vol. 13 Issue. 2 PP. 30-49, (2024)

Development of Digital Twin Technology in Hydraulics Based on Simulating and Enhancing System Performance

R. Uma Maheshwari , D. Jayasutha , Indu Nair V. , R. Senthilraja , Subash Thanappan , Ramya S.

DT digital twin technology has become an essential tool in hydraulic systems. It not only offers a virtual representation of the actual plant, but also real-time monitoring and optimization of that same machinery. Digital Twin (DT) technology has become a cornerstone in the optimization of industrial processes, particularly in the domain of hydraulic systems. For example, this research aims to use digital twin technology to detect and fix leaks in hydraulic systems. By integrating advanced simulation algorithms for accurate leak detection and performance enhancement, this study presents a comprehensive framework. Combining techniques developed from both data-driven and state-of-the-art optimization methods our approach looks to change how leaks are detected in hydraulics. Our test introduces a comprehensive framework that not only accurately identifies leaks but also employs advanced simulation algorithms for subsequent performance enhancement. By bringing together data-driven insights and cutting-edge optimization methods, our work at the frontier of revolutionizing leak detection in hydraulic systems.

Read More

Doi: https://doi.org/10.54216/JCIM.130204

Vol. 13 Issue. 2 PP. 50-65, (2024)

Boosting Financial Fraud Detection Using Parameter Tuned Ensemble Machine Learning Model

Reem Atassi , Aziz Zikriyoev , Nurbek Turayev , Sagdullayeva Gulnora Botırovna

Fraud detection in the financial industry is a challenging area as financial transactions gradually shift to digital platforms. More and more businesses such as the financial industry are operationalizing their services online as the usage of the internet is growing exponentially. Accordingly, financial fraud can increase in number and forms worldwide leading to remarkable financial losses that make financial fraud a main challenge. Threats such as irregular attacks and unauthorized access must be identified through a financial fraud detection system. Over the past few years, data mining and machine learning (ML) approaches have been widely used to address these issues. However, this technique has yet to be enhanced in terms of speed computation, identifying unknown attack patterns, and dealing with big data. This study presents Financial Fraud Detection using the Parameter Tuned Ensemble Machine Learning (FFD-PTEML) method. The FFD-PTEML incorporates multiple advanced components, such as z-score normalization for feature scaling and ensemble classification employing Artificial Neural Networks (ANN), Multilayer Perceptron (MLP), and Radial Basis Function (RBF) networks. The use of z-score normalization ensures uniformity in feature distribution, improving the effectiveness and interpretability of the fraud detection technique. Furthermore, the ensemble classification model combines the strength of different neural network architectures to enhance the detection performance and resilience to complicated fraud patterns. FFD-PTEML demonstrates better performance than the classical technique through extensive experimentation on real-time financial datasets, exhibiting high sensitivity and specificity in fraudulent activity detection.

Read More

Doi: https://doi.org/10.54216/JCIM.130205

Vol. 13 Issue. 2 PP. 66-74, (2024)

Discovering Unknown Non-Consecutive Double Byte Biases in RC4 Stream Cipher Algorithm

Sura Mahroos , Rihab Hazim , AbdulRahman Kareem Oliwe , Nadia Mohammed , Yaqeen Saad , Ali Makki , Ibrahiem El Emary

RC4 is one of the most widely used stream cipher algorithms. It is fast, easy and suitable for hardware and software. It is used in various applications, but it has a weakness in the distribution of generated key bytes. The first few bytes of Pseudo-Random Generation Algorithm (PRGA) key stream are biased or attached to some private key bytes and thus the analysis of key stream bytes makes it potential to attack RC4, and there is connection between the key stream bytes that make it weak and breakable by single- and double-byte biases attack. This work shows the analysis of RC4 key stream based on its non-consecutive double byte biases by using newly designed algorithm that calculates the bias in a standard time (seconds). The results are shown that the bias of RC4 keystream is proved and got the same results that were shown in the literature with less time and discover a set of new non-consecutive double byte biases in the positions (i) and (i+n). The analysis of 256 positions is required additional requirements such as supercomputer and the message passing interface environment that are not available in Iraq, therefore; the analysis is done for 32 positions.

Read More

Doi: https://doi.org/10.54216/JCIM.130206

Vol. 13 Issue. 2 PP. 75-83, (2024)