applsci-logo

Journal Browser

Journal Browser

Cyber Security of Critical Infrastructures

A special issue of Applied Sciences (ISSN 2076-3417). This special issue belongs to the section "Computing and Artificial Intelligence".

Deadline for manuscript submissions: closed (20 August 2021) | Viewed by 72326

Printed Edition Available!
A printed edition of this Special Issue is available here.

Special Issue Editors


E-Mail Website
Guest Editor
Department of Informatics & Computer Engineering, University of West Attica, Egaleo, 122 43 Athens, Greece
Interests: IT security; cybersecurity; intrusion detection in information and communication systems; attacker profiling; attack modeling; game theory
Special Issues, Collections and Topics in MDPI journals

Special Issue Information

Critical infrastructures are vital assets for public safety, economic welfare, and the national security of countries. Vulnerabilities of critical infrastructures have increased with the widespread use of information technologies. As Critical National Infrastructures are becoming more vulnerable to cyberattacks, their protection becomes a significant issue for any organization as well as nation. The risks to continued operations from failing to upgrade aging infrastructure or not meeting mandated regulatory regimes are considered higher given the demonstrable impact of such circumstances.

Due to the rapid increase of sophisticated cyber threats targeting critical infrastructures with significant destructive effects, the cyber security of critical infrastructures has become an agenda item for academics, practitioners, and policy makers. A holistic view which covers technical, policy, human, and behavioral aspects is essential to handle cyber security of critical infrastructures effectively. Moreover, the ability to attribute crimes to criminals is a vital element of avoiding impunity in cyberspace.

In this Special Issue, both research and practical aspects of cyber security considerations in critical infrastructures are of interest. Aligned with the interdisciplinary nature of cyber security, authors from academia, government, and industry are welcome to contribute.

We seek original and high-quality submissions on, but not limited to, one or more of the following topics:

  • Security of the smart grid;
  • Security of supervisory control and data acquisition (SCADA) systems;
  • Cyber security of complex and distributed critical infrastructures;
  • Cyber security of industrial control systems;
  • Cyber security modeling and simulation;
  • Cyber threat modeling and analysis;
  • Safety-security interactions;
  • Cyber security engineering;
  • Behavioral modeling;
  • Network security and protocols;
  • Security, privacy, and legal issues of big data and the Internet of Things;
  • Cyber threat intelligence;
  • Situational awareness;
  • Attack modeling, prevention, mitigation, and defense;
  • Cyberphysical systems security approaches and algorithms;
  • Critical infrastructure security policies, standards and regulations;
  • Vulnerability and risk assessment methodologies for distributed critical infrastructures;
  • Risk management and cyber insurance;
  • Simulation and test beds for the security evaluation of critical infrastructures;
  • Resiliency and security of cyber systems;
  • Cyber security and privacy policy;
  • Hardware security solutions;
  • Incident response;
  • Encryption, authentication, availability assurance;
  • Human awareness and training;
  • Intrusion detection;
  • Trust and privacy;
  • Secure communication protocols;
  • Malware analysis;
  • Attribution of cyberattacks;
  • Cyber warfare, peacekeeping;
  • Hybrid war…
Dr. Leandros Maglaras
Asst. Prof. Ioanna Kantzavelou
Dr. Mohamed Amine Ferrag
Guest Editors

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Applied Sciences is an international peer-reviewed open access semimonthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 2400 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Related Special Issue

Published Papers (14 papers)

Order results
Result details
Select all
Export citation of selected articles as:

Editorial

Jump to: Research

5 pages, 167 KiB  
Editorial
Digital Transformation and Cybersecurity of Critical Infrastructures
by Leandros Maglaras, Ioanna Kantzavelou and Mohamed Amine Ferrag
Appl. Sci. 2021, 11(18), 8357; https://doi.org/10.3390/app11188357 - 9 Sep 2021
Cited by 2 | Viewed by 2393
Abstract
Critical infrastructures are vital assets for public safety, economic welfare, and the national security of nations [...] Full article
(This article belongs to the Special Issue Cyber Security of Critical Infrastructures)

Research

Jump to: Editorial

21 pages, 834 KiB  
Article
Cyber-Attack Scoring Model Based on the Offensive Cybersecurity Framework
by Kyounggon Kim, Faisal Abdulaziz Alfouzan and Huykang Kim
Appl. Sci. 2021, 11(16), 7738; https://doi.org/10.3390/app11167738 - 23 Aug 2021
Cited by 18 | Viewed by 10468
Abstract
Cyber-attacks have become commonplace in the world of the Internet. The nature of cyber-attacks is gradually changing. Early cyber-attacks were usually conducted by curious personal hackers who used simple techniques to hack homepages and steal personal information. Lately, cyber attackers have started using [...] Read more.
Cyber-attacks have become commonplace in the world of the Internet. The nature of cyber-attacks is gradually changing. Early cyber-attacks were usually conducted by curious personal hackers who used simple techniques to hack homepages and steal personal information. Lately, cyber attackers have started using sophisticated cyber-attack techniques that enable them to retrieve national confidential information beyond the theft of personal information or defacing websites. These sophisticated and advanced cyber-attacks can disrupt the critical infrastructures of a nation. Much research regarding cyber-attacks has been conducted; however, there has been a lack of research related to measuring cyber-attacks from the perspective of offensive cybersecurity. This motivated us to propose a methodology for quantifying cyber-attacks such that they are measurable rather than abstract. For this purpose, we identified each element of offensive cybersecurity used in cyber-attacks. We also investigated the extent to which the detailed techniques identified in the offensive cyber-security framework were used, by analyzing cyber-attacks. Based on these investigations, the complexity and intensity of cyber-attacks can be measured and quantified. We evaluated advanced persistent threats (APT) and fileless cyber-attacks that occurred between 2010 and 2020 based on the methodology we developed. Based on our research methodology, we expect that researchers will be able to measure future cyber-attacks. Full article
(This article belongs to the Special Issue Cyber Security of Critical Infrastructures)
Show Figures

Figure 1

33 pages, 2687 KiB  
Article
Cybersecurity against the Loopholes in Industrial Control Systems Using Interval-Valued Complex Intuitionistic Fuzzy Relations
by Abdul Nasir, Naeem Jan, Abdu Gumaei, Sami Ullah Khan and Fahad R. Albogamy
Appl. Sci. 2021, 11(16), 7668; https://doi.org/10.3390/app11167668 - 20 Aug 2021
Cited by 20 | Viewed by 2119
Abstract
Technology is rapidly advancing and every aspect of life is being digitalized. Since technology has made life much better and easier, so organizations, such as businesses, industries, companies and educational institutes, etc., are using it. Despite the many benefits of technology, several risks [...] Read more.
Technology is rapidly advancing and every aspect of life is being digitalized. Since technology has made life much better and easier, so organizations, such as businesses, industries, companies and educational institutes, etc., are using it. Despite the many benefits of technology, several risks and serious threats, called cyberattacks, are associated with it. The method of neutralizing these cyberattacks is known as cybersecurity. Sometimes, there are uncertainties in recognizing a cyberattack and nullifying its effects using righteous cybersecurity. For that reason, this article introduces interval-valued complex intuitionistic fuzzy relations (IVCIFRs). For the first time in the theory of fuzzy sets, we investigated the relationships among different types of cybersecurity and the sources of cyberattacks. Moreover, the Hasse diagram for the interval-valued complex intuitionistic partial order set and relation is defined. The concepts of the Hasse diagram are used to inspect different cybersecurity techniques and practices. Then, using the properties of Hasse diagrams, the most beneficial technique is identified. Furthermore, the best possible selection of types of cybersecurity is made after putting some restrictions on the selection. Lastly, the advantages of the proposed methods are illuminated through comparison tests. Full article
(This article belongs to the Special Issue Cyber Security of Critical Infrastructures)
Show Figures

Figure 1

25 pages, 5587 KiB  
Article
Privacy Preserving Face Recognition in Cloud Robotics: A Comparative Study
by Chiranjeevi Karri, Omar Cheikhrouhou, Ahmed Harbaoui, Atef Zaguia and Habib Hamam
Appl. Sci. 2021, 11(14), 6522; https://doi.org/10.3390/app11146522 - 15 Jul 2021
Cited by 10 | Viewed by 1829
Abstract
Real-time robotic applications encounter the robot on board resources’ limitations. The speed of robot face recognition can be improved by incorporating cloud technology. However, the transmission of data to the cloud servers exposes the data to security and privacy attacks. Therefore, encryption algorithms [...] Read more.
Real-time robotic applications encounter the robot on board resources’ limitations. The speed of robot face recognition can be improved by incorporating cloud technology. However, the transmission of data to the cloud servers exposes the data to security and privacy attacks. Therefore, encryption algorithms need to be set up. This paper aims to study the security and performance of potential encryption algorithms and their impact on the deep-learning-based face recognition task’s accuracy. To this end, experiments are conducted for robot face recognition through various deep learning algorithms after encrypting the images of the ORL database using cryptography and image-processing based algorithms. Full article
(This article belongs to the Special Issue Cyber Security of Critical Infrastructures)
Show Figures

Figure 1

31 pages, 1769 KiB  
Article
Threat Modelling and Beyond-Novel Approaches to Cyber Secure the Smart Energy System
by Heribert Vallant, Branka Stojanović, Josip Božić and Katharina Hofer-Schmitz
Appl. Sci. 2021, 11(11), 5149; https://doi.org/10.3390/app11115149 - 1 Jun 2021
Cited by 8 | Viewed by 4317
Abstract
Smart Grids (SGs) represent electrical power systems that incorporate increased information processing and efficient technological solutions. The integration of local prosumers, demand response systems and storage allows novel possibilities with regard to energy balancing and optimization of grid operations. Unfortunately, the dependence on [...] Read more.
Smart Grids (SGs) represent electrical power systems that incorporate increased information processing and efficient technological solutions. The integration of local prosumers, demand response systems and storage allows novel possibilities with regard to energy balancing and optimization of grid operations. Unfortunately, the dependence on IT leaves the SG exposed to security violations. In this paper, we contribute to this challenge and provide a methodology for systematic risk assessment of cyber attacks in SG systems. We propose a threat model and identify possible vulnerabilities in low-voltage distribution grids. Then, we calculate exploitation probabilities from realistic attack scenarios. Lastly, we apply formal verification to check the stochastic model against attack properties. The obtained results provide insight into potential threats and the likeliness of successful attacks. We elaborate on the effects of a security violation with regard to security and privacy of energy clients. In the aftermath, we discuss future considerations for improving security in the critical energy sector. Full article
(This article belongs to the Special Issue Cyber Security of Critical Infrastructures)
Show Figures

Figure 1

12 pages, 2174 KiB  
Article
Sisyfos: A Modular and Extendable Open Malware Analysis Platform
by Dimitrios Serpanos, Panagiotis Michalopoulos, Georgios Xenos and Vasilios Ieronymakis
Appl. Sci. 2021, 11(7), 2980; https://doi.org/10.3390/app11072980 - 26 Mar 2021
Cited by 9 | Viewed by 2857
Abstract
Sisyfos is a modular and extensible platform for malware analysis; it addresses multiple operating systems, including critical infrastructure ones. Its purpose is to enable the development and evaluation of new tools as well as the evaluation of malware classifiers. Sisyfos has been developed [...] Read more.
Sisyfos is a modular and extensible platform for malware analysis; it addresses multiple operating systems, including critical infrastructure ones. Its purpose is to enable the development and evaluation of new tools as well as the evaluation of malware classifiers. Sisyfos has been developed based on open software for feature extraction and is available as a stand-alone tool with a web interface but can be integrated into an operational environment with a continuous sample feed. We present the structure and implementation of Sisyfos, which accommodates analysis for Windows, Linux and Android malware. Full article
(This article belongs to the Special Issue Cyber Security of Critical Infrastructures)
Show Figures

Figure 1

20 pages, 1879 KiB  
Article
Post Quantum Cryptographic Keys Generated with Physical Unclonable Functions
by Bertrand Cambou, Michael Gowanlock, Bahattin Yildiz, Dina Ghanaimiandoab, Kaitlyn Lee, Stefan Nelson, Christopher Philabaum, Alyssa Stenberg and Jordan Wright
Appl. Sci. 2021, 11(6), 2801; https://doi.org/10.3390/app11062801 - 21 Mar 2021
Cited by 13 | Viewed by 3499
Abstract
Lattice and code cryptography can replace existing schemes such as elliptic curve cryptography because of their resistance to quantum computers. In support of public key infrastructures, the distribution, validation and storage of the cryptographic keys is then more complex for handling longer keys. [...] Read more.
Lattice and code cryptography can replace existing schemes such as elliptic curve cryptography because of their resistance to quantum computers. In support of public key infrastructures, the distribution, validation and storage of the cryptographic keys is then more complex for handling longer keys. This paper describes practical ways to generate keys from physical unclonable functions, for both lattice and code-based cryptography. Handshakes between client devices containing the physical unclonable functions (PUFs) and a server are used to select sets of addressable positions in the PUFs, from which streams of bits called seeds are generated on demand. The public and private cryptographic key pairs are computed from these seeds together with additional streams of random numbers. The method allows the server to independently validate the public key generated by the PUF, and act as a certificate authority in the network. Technologies such as high performance computing, and graphic processing units can further enhance security by preventing attackers from making this independent validation when only equipped with less powerful computers. Full article
(This article belongs to the Special Issue Cyber Security of Critical Infrastructures)
Show Figures

Figure 1

23 pages, 459 KiB  
Article
Cyber Ranges and TestBeds for Education, Training, and Research
by Nestoras Chouliaras, George Kittes, Ioanna Kantzavelou, Leandros Maglaras, Grammati Pantziou and Mohamed Amine Ferrag
Appl. Sci. 2021, 11(4), 1809; https://doi.org/10.3390/app11041809 - 18 Feb 2021
Cited by 48 | Viewed by 6855
Abstract
In recent years, there has been a growing demand for cybersecurity experts, and, according to predictions, this demand will continue to increase. Cyber Ranges can fill this gap by combining hands-on experience with educational courses, and conducting cybersecurity competitions. In this paper, we [...] Read more.
In recent years, there has been a growing demand for cybersecurity experts, and, according to predictions, this demand will continue to increase. Cyber Ranges can fill this gap by combining hands-on experience with educational courses, and conducting cybersecurity competitions. In this paper, we conduct a systematic survey of ten Cyber Ranges that were developed in the last decade, with a structured interview. The purpose of the interview is to find details about essential components, and especially the tools used to design, create, implement and operate a Cyber Range platform, and to present the findings. Full article
(This article belongs to the Special Issue Cyber Security of Critical Infrastructures)
Show Figures

Figure 1

14 pages, 2282 KiB  
Article
Detecting Vulnerabilities in Critical Infrastructures by Classifying Exposed Industrial Control Systems Using Deep Learning
by Pablo Blanco-Medina, Eduardo Fidalgo, Enrique Alegre, Roberto A. Vasco-Carofilis, Francisco Jañez-Martino and Victor Fidalgo Villar
Appl. Sci. 2021, 11(1), 367; https://doi.org/10.3390/app11010367 - 1 Jan 2021
Cited by 7 | Viewed by 3036
Abstract
Industrial control systems depend heavily on security and monitoring protocols. Several tools are available for this purpose, which scout vulnerabilities and take screenshots of various control panels for later analysis. However, they do not adequately classify images into specific control groups, which is [...] Read more.
Industrial control systems depend heavily on security and monitoring protocols. Several tools are available for this purpose, which scout vulnerabilities and take screenshots of various control panels for later analysis. However, they do not adequately classify images into specific control groups, which is crucial for security-based tasks performed by manual operators. To solve this problem, we propose a pipeline based on deep learning to classify snapshots of industrial control panels into three categories: internet technologies, operation technologies, and others. More specifically, we compare the use of transfer learning and fine-tuning in convolutional neural networks (CNNs) pre-trained on ImageNet to select the best CNN architecture for classifying the screenshots of industrial control systems. We propose the critical infrastructure dataset (CRINF-300), which is the first publicly available information technology (IT)/operational technology (OT) snapshot dataset, with 337 manually labeled images. We used the CRINF-300 to train and evaluate eighteen different pipelines, registering their performance under CPU and GPU environments. We found out that the Inception-ResNet-V2 and VGG16 architectures obtained the best results on transfer learning and fine-tuning, with F1-scores of 0.9832 and 0.9373, respectively. In systems where time is critical and the GPU is available, we recommend using the MobileNet-V1 architecture, with an average time of 0.03 s to process an image and with an F1-score of 0.9758. Full article
(This article belongs to the Special Issue Cyber Security of Critical Infrastructures)
Show Figures

Figure 1

24 pages, 6044 KiB  
Article
On Combining Static, Dynamic and Interactive Analysis Security Testing Tools to Improve OWASP Top Ten Security Vulnerability Detection in Web Applications
by Francesc Mateo Tudela, Juan-Ramón Bermejo Higuera, Javier Bermejo Higuera, Juan-Antonio Sicilia Montalvo and Michael I. Argyros
Appl. Sci. 2020, 10(24), 9119; https://doi.org/10.3390/app10249119 - 20 Dec 2020
Cited by 12 | Viewed by 8266
Abstract
The design of the techniques and algorithms used by the static, dynamic and interactive security testing tools differ. Therefore, each tool detects to a greater or lesser extent each type of vulnerability for which they are designed for. In addition, their different designs [...] Read more.
The design of the techniques and algorithms used by the static, dynamic and interactive security testing tools differ. Therefore, each tool detects to a greater or lesser extent each type of vulnerability for which they are designed for. In addition, their different designs mean that they have different percentages of false positives. In order to take advantage of the possible synergies that different analysis tools types may have, this paper combines several static, dynamic and interactive analysis security testing tools—static white box security analysis (SAST), dynamic black box security analysis (DAST) and interactive white box security analysis (IAST), respectively. The aim is to investigate how to improve the effectiveness of security vulnerability detection while reducing the number of false positives. Specifically, two static, two dynamic and two interactive security analysis tools will be combined to study their behavior using a specific benchmark for OWASP Top Ten security vulnerabilities and taking into account various scenarios of different criticality in terms of the applications analyzed. Finally, this study analyzes and discuss the values of the selected metrics applied to the results for each n-tools combination. Full article
(This article belongs to the Special Issue Cyber Security of Critical Infrastructures)
Show Figures

Figure 1

28 pages, 5506 KiB  
Article
A Study on the Concept of Using Efficient Lightweight Hash Chain to Improve Authentication in VMF Military Standard
by Dohoon Kim, Sang Seo, Heesang Kim, Won Gi Lim and Youn Kyu Lee
Appl. Sci. 2020, 10(24), 8999; https://doi.org/10.3390/app10248999 - 16 Dec 2020
Cited by 6 | Viewed by 2637
Abstract
Authentication algorithms in the form of cryptographic schemes, such as the Secure Hash Algorithm 1 (SHA-1) and the digital signature algorithm (DSA), specified in the current variable message format (VMF) military standard have numerous reliability-related limitations when applied to tactical data link (TDL) [...] Read more.
Authentication algorithms in the form of cryptographic schemes, such as the Secure Hash Algorithm 1 (SHA-1) and the digital signature algorithm (DSA), specified in the current variable message format (VMF) military standard have numerous reliability-related limitations when applied to tactical data link (TDL) and multi-TDL networks (MTN). This is because TDL and MTN require maximum tactical security, communication integrity, and low network overhead based on many protocol header bits for rapid communication with limited network resources. The application of such authentication algorithms to TDL and MTN in a rapidly changing battlefield environment without reinforcement measures will lead to functional weaknesses and vulnerabilities when high-level digital-covert activities and deception tactics are implemented. Consequently, the existing VMF authentication scheme must be improved to secure transmission integrity, lower network transaction, and receive authentication tactical information in VMF-based combat network radio (CNR) networks. Therefore, in this study, a tactical wireless ad hoc network topology, similar to that of the existing CNRs, is considered, and a lightweight multi-factor hash chain-based authentication scheme that includes a time-based one-time password (T-OTP) for network overhead reduction and terminal authentication is proposed, coupled with exception handling. The proposed method enhances the confidentiality of tactical message exchanges and reduces unnecessary network transactions and transmission bits for authentication flows between real-time military terminals owned by squads, while ensuring robustness in limited battlefields. Based on these approaches, in the future, we intend to increase the authentication reliability between wireless terminals in the Korean variable message format (KVMF)-based CNR networks based on the Korean Army Corps network scenarios. Full article
(This article belongs to the Special Issue Cyber Security of Critical Infrastructures)
Show Figures

Figure 1

26 pages, 5466 KiB  
Article
Modern Aspects of Cyber-Security Training and Continuous Adaptation of Programmes to Trainees
by George Hatzivasilis, Sotiris Ioannidis, Michail Smyrlis, George Spanoudakis, Fulvio Frati, Ludger Goeke, Torsten Hildebrandt, George Tsakirakis, Fotis Oikonomou, George Leftheriotis and Hristo Koshutanski
Appl. Sci. 2020, 10(16), 5702; https://doi.org/10.3390/app10165702 - 17 Aug 2020
Cited by 26 | Viewed by 8018
Abstract
Nowadays, more-and-more cyber-security training is emerging as an essential process for the lifelong personnel education in organizations, especially for those which operate critical infrastructures. This is due to security breaches on popular services that become publicly known and raise people’s security awareness. Except [...] Read more.
Nowadays, more-and-more cyber-security training is emerging as an essential process for the lifelong personnel education in organizations, especially for those which operate critical infrastructures. This is due to security breaches on popular services that become publicly known and raise people’s security awareness. Except from large organizations, small-to-medium enterprises and individuals need to keep their knowledge on the related topics up-to-date as a means to protect their business operation or to obtain professional skills. Therefore, the potential target-group may range from simple users, who require basic knowledge on the current threat landscape and how to operate the related defense mechanisms, to security experts, who require hands-on experience in responding to security incidents. This high diversity makes training and certification quite a challenging task. This study combines pedagogical practices and cyber-security modelling in an attempt to support dynamically adaptive training procedures. The training programme is initially tailored to the trainee’s needs, promoting the continuous adaptation to his/her performance afterwards. As the trainee accomplishes the basic evaluation tasks, the assessment starts involving more advanced features that demand a higher level of understanding. The overall method is integrated in a modern cyber-ranges platform, and a pilot training programme for smart shipping employees is presented. Full article
(This article belongs to the Special Issue Cyber Security of Critical Infrastructures)
Show Figures

Figure 1

15 pages, 1262 KiB  
Article
A Holistic Cybersecurity Maturity Assessment Framework for Higher Education Institutions in the United Kingdom
by Aliyu Aliyu, Leandros Maglaras, Ying He, Iryna Yevseyeva, Eerke Boiten, Allan Cook and Helge Janicke
Appl. Sci. 2020, 10(10), 3660; https://doi.org/10.3390/app10103660 - 25 May 2020
Cited by 37 | Viewed by 10488
Abstract
As organisations are vulnerable to cyberattacks, their protection becomes a significant issue. Capability Maturity Models can enable organisations to benchmark current maturity levels against best practices. Although many maturity models have been already proposed in the literature, a need for models that integrate [...] Read more.
As organisations are vulnerable to cyberattacks, their protection becomes a significant issue. Capability Maturity Models can enable organisations to benchmark current maturity levels against best practices. Although many maturity models have been already proposed in the literature, a need for models that integrate several regulations exists. This article presents a light, web-based model that can be used as a cybersecurity assessment tool for Higher Education Institutes (HEIs) of the United Kingdom. The novel Holistic Cybersecurity Maturity Assessment Framework incorporates all security regulations, privacy regulations, and best practices that HEIs must be compliant to, and can be used as a self assessment or a cybersecurity audit tool. Full article
(This article belongs to the Special Issue Cyber Security of Critical Infrastructures)
Show Figures

Figure 1

23 pages, 4542 KiB  
Article
A Multi-Tier Streaming Analytics Model of 0-Day Ransomware Detection Using Machine Learning
by Hiba Zuhair, Ali Selamat and Ondrej Krejcar
Appl. Sci. 2020, 10(9), 3210; https://doi.org/10.3390/app10093210 - 4 May 2020
Cited by 16 | Viewed by 3067
Abstract
Desktop and portable platform-based information systems become the most tempting target of crypto and locker ransomware attacks during the last decades. Hence, researchers have developed anti-ransomware tools to assist the Windows platform at thwarting ransomware attacks, protecting the information, preserving the users’ privacy, [...] Read more.
Desktop and portable platform-based information systems become the most tempting target of crypto and locker ransomware attacks during the last decades. Hence, researchers have developed anti-ransomware tools to assist the Windows platform at thwarting ransomware attacks, protecting the information, preserving the users’ privacy, and securing the inter-related information systems through the Internet. Furthermore, they utilized machine learning to devote useful anti-ransomware tools that detect sophisticated versions. However, such anti-ransomware tools remain sub-optimal in efficacy, partial to analyzing ransomware traits, inactive to learn significant and imbalanced data streams, limited to attributing the versions’ ancestor families, and indecisive about fusing the multi-descent versions. In this paper, we propose a hybrid machine learner model, which is a multi-tiered streaming analytics model that classifies various ransomware versions of 14 families by learning 24 static and dynamic traits. The proposed model classifies ransomware versions to their ancestor families numerally and fuses those of multi-descent families statistically. Thus, it classifies ransomware versions among 40K corpora of ransomware, malware, and good-ware versions through both semi-realistic and realistic environments. The supremacy of this ransomware streaming analytics model among competitive anti-ransomware technologies is proven experimentally and justified critically with the average of 97% classification accuracy, 2.4% mistake rate, and 0.34% miss rate under comparative and realistic test. Full article
(This article belongs to the Special Issue Cyber Security of Critical Infrastructures)
Show Figures

Figure 1

Back to TopTop