Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
4.7
2.9
Journals
Electronics
Special Issues
Advances in Complex Cyberattack Detection
share announcement

Advances in Complex Cyberattack Detection

A special issue of Electronics (ISSN 2079-9292). This special issue belongs to the section "Networks".

Deadline for manuscript submissions: closed (1 July 2023) | Viewed by 6376

Special Issue Editors

Dr. Jianyi Liu

E-Mail Website
Guest Editor
School of Cyberspace Security, Beijing University of Posts and Telecommunications, Beijing 100876, China
Interests: network security; intelligent information processing; data mining
Special Issues, Collections and Topics in MDPI journals
Prof. Dr. Ru Zhang

E-Mail Website
Guest Editor
School of Cyberspace Security, Beijing University of Posts and Telecommunications, Beijing 100876, China
Interests: network security; intelligent information processing; data mining
Special Issues, Collections and Topics in MDPI journals

Special Issue Information

Dear Colleagues,

The landscape of cyberspace security has undergone vast changes in recent years, and complex cyberattacks have become increasingly intense. In order to steal intellectual property and sensitive information, attacking organizations utilize advanced attack methods to carry out persistent and purposeful attacks on specific targets. It is very common that threats will exist for a long time and invade many hosts before being discovered, only being identified when huge losses have already been suffered. The main reason for this is that network security architectures and related products have large-scale, multi-source, heterogeneous threat dispersion tactics and cross-network intelligence, resulting in a lack of effective threat information exchange and sharing mechanisms.

In order to obtain a deeper understanding of the characteristics of cyberattacks and security threats, it is necessary to focus on life cycle characteristics, such as the occurrence, development, expansion, and outbreak of network security events, and investigate new research methods to deal with complex cyber threats against massive security information. The aim of this Special Issue is to bring together leading academic scientists, researchers and scholars to exchange and share the most recent innovations, trends, and concerns, as well as practical challenges encountered and solutions adopted, in the field of complex cybersecurity threats.

Potential topics include—but are not limited to—the following:

  1. Cyberattack detection, prediction, and association analysis;
  2. Malware analysis and vulnerability detection using deep learning;
  3. Malicious encrypted traffic detection;
  4. Zero-day cyberattack detection using deep learning;
  5. Adversarial attack and defense in cyberattacks;
  6. The construction and reasoning of security knowledge graphs;
  7. Cyber threat intelligence;
  8. Research challenges in complex cyberattack detection;
  9. Novel ideas, algorithms, models, frameworks, and systems for cyberattack detection.

Dr. Jianyi Liu
Prof. Dr. Ru Zhang
Guest Editors

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Electronics is an international peer-reviewed open access semimonthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 2400 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • cyberattack detection
  • malware analysis
  • security knowledge graphs
  • zero-day cyberattack
  • malicious encrypted traffic

Published Papers (4 papers)

Download All Papers
Order results
Result details
Show export options expand_more Show export options expand_less
Select all
Export citation of selected articles as:

Research

21 pages, 6035 KiB  
Article
Scalable Inline Network-Intrusion Detection System with Minimized Memory Requirement
by Taehoon Kim and Wooguil Pak
Electronics 2023, 12(9), 2061; https://doi.org/10.3390/electronics12092061 - 29 Apr 2023
Cited by 1 | Viewed by 884
Abstract
Currently used network-intrusion detection systems (NIDSs) using deep learning have limitations in processing large amounts of data in real time. This is because collecting flow information and creating features are time consuming and require considerable memory. To solve this problem, a novel NIDS [...] Read more.
Currently used network-intrusion detection systems (NIDSs) using deep learning have limitations in processing large amounts of data in real time. This is because collecting flow information and creating features are time consuming and require considerable memory. To solve this problem, a novel NIDS with θ(1) memory complexity for processing a flow is proposed in this study. Owing to its small memory requirement, the proposed model can handle numerous concurrent flows. In addition, it uses raw packet data as input features for the deep learning models, resulting in a lightweight feature-creation process. For fast detection, the proposed NIDS classifies a flow using a received packet, though it is prone to false detection. This weakness is solved through the validation model proposed in this research, resulting in high detection accuracy. Furthermore, real-time detection is possible since intrusion detection can be performed for every received packet using the Inception model. A performance comparison with existing methods confirmed an effectively improved detection time and lower memory requirement by 73% and 77% on average while maintaining high detection accuracy. Thus, the proposed model can effectively overcome the problems with modern deep-learning-based NIDSs. Full article
(This article belongs to the Special Issue Advances in Complex Cyberattack Detection)
Show Figures

Figure 1

16 pages, 553 KiB  
Article
Intrusion Detection System Based on One-Class Support Vector Machine and Gaussian Mixture Model
by Chao Wang, Yunxiao Sun, Sicai Lv, Chonghua Wang, Hongri Liu and Bailing Wang
Electronics 2023, 12(4), 930; https://doi.org/10.3390/electronics12040930 - 13 Feb 2023
Cited by 5 | Viewed by 1669
Abstract
Intrusion detection systems (IDSs) play a significant role in the field of network security, dealing with the ever-increasing number of network threats. Machine learning-based IDSs have attracted a lot of interest owing to their powerful data-driven learning capabilities. However, it is challenging to [...] Read more.
Intrusion detection systems (IDSs) play a significant role in the field of network security, dealing with the ever-increasing number of network threats. Machine learning-based IDSs have attracted a lot of interest owing to their powerful data-driven learning capabilities. However, it is challenging to train the supervised learning algorithms when there are no attack data at hand. Semi-supervised anomaly detection algorithms, which train the model with only normal data, are more suitable. In this study, we propose a novel semi-supervised anomaly detection-based IDS that leverages the capabilities of representation learning and two anomaly detectors. In detail, the autoencoder (AE) is applied to extract representative features of normal data in the first step, and then two semi-supervised detectors, the one-class support vector machine (OCSVM) and Gaussian mixture model (GMM), are trained on the derived features. The two detectors collaborate to detect anomalous samples. The OCSVM predicts the abnormal samples initially, and after that, the GMM is applied to recheck the misclassified samples further. The experiments demonstrate that the AE improves the detection rate, and two detectors are more promising than a single one. Full article
(This article belongs to the Special Issue Advances in Complex Cyberattack Detection)
Show Figures

Figure 1

21 pages, 1736 KiB  
Article
The Method for Identifying the Scope of Cyberattack Stages in Relation to Their Impact on Cyber-Sustainability Control over a System
by Šarūnas Grigaliūnas, Rasa Brūzgienė and Algimantas Venčkauskas
Electronics 2023, 12(3), 591; https://doi.org/10.3390/electronics12030591 - 25 Jan 2023
Cited by 4 | Viewed by 1899
Abstract
Industry X.0 is the new age of digitization, when information and communication systems are strongly linked to other systems and processes and are accessed remotely from anywhere at any time. The existing information systems’ security methods are ineffective because they should focus on [...] Read more.
Industry X.0 is the new age of digitization, when information and communication systems are strongly linked to other systems and processes and are accessed remotely from anywhere at any time. The existing information systems’ security methods are ineffective because they should focus on and assess a broader range of factors in physical and digital spaces, especially because tactics of cybercrimes are always evolving and attackers are getting more inventive in searching for holes that might be exploited. To fight it, it is a need to be one step ahead of the attacker, including understanding the nature, stages and scope of the upcoming cyberattack. The objective of our research is to identify the impact of the scope of a cyberattack’s stages on the cyber resilience of an information and communication system, assessing the level of cybersecurity based on existing technical and operational measures. The research methodology includes a numerical simulation, an analytical comparison and experimental validation. The achieved results allow for the identification of up to 18 attack stages based on the aggregation of technical and organizational security metrics and detection sources. The analytical comparison proved the proposed method to be 13% more effective in identifying the stage of a cyberattack and its scope. Based on this research, the extensive scoping flexibility of the proposed method will enable additional control measures and methods that would reduce the impact of an attack on the robustness while increasing the cyber-sustainability of a system. Full article
(This article belongs to the Special Issue Advances in Complex Cyberattack Detection)
Show Figures

Figure 1

14 pages, 1083 KiB  
Article
Classification of Malware Families Based on Efficient-Net and 1D-CNN Fusion
by Xulei Chong, Yating Gao, Ru Zhang, Jianyi Liu, Xingjie Huang and Jinmeng Zhao
Electronics 2022, 11(19), 3064; https://doi.org/10.3390/electronics11193064 - 26 Sep 2022
Cited by 2 | Viewed by 1331
Abstract
A malware family classification method based on Efficient-Net and 1D-CNN fusion is proposed. Given the problem that some local information of malware itself as one-dimensional data will be lost when the malware is imaged, the malware is converted into an image and one-dimensional [...] Read more.
A malware family classification method based on Efficient-Net and 1D-CNN fusion is proposed. Given the problem that some local information of malware itself as one-dimensional data will be lost when the malware is imaged, the malware is converted into an image and one-dimensional vector and then input into two neural networks. The network of two-dimensional convolution architecture is used to extract the texture features of malware, and the one-dimensional convolution is used to extract the features of local adjacent information, the deep characteristics of different networks are fused, and the two networks are modified at the same time during backpropagation. This method not only extracts the texture features of malware but also saves the features of the malware itself as one-dimensional data, which shows better performance for multiple datasets. Full article
(This article belongs to the Special Issue Advances in Complex Cyberattack Detection)
Show Figures

Figure 1

Show export options expand_more Show export options expand_less
Select all
Export citation of selected articles as:
 
Displaying articles 1-4
Back to TopTop