Young adults aged between 18 and 30 are likely to encounter increasing cyber threats. Understanding the cybersecurity behaviors of young adults, and identifying the measures and factors that can help ...reduce cyber threats is thus crucial. Since the existing studies have not sufficiently explored these factors, this study adopted a socio-behavioral perspective. It employed the primary constructs of the theory of planned behavior (TPB) with other factors, including perceived awareness and knowledge of cyber threats, to predict young adults' behavioral intent to practice cybersecurity behaviors. Data were collected from a random sample of 1581 young adults studying at Technical and Vocational Training Corporation (TVTC) colleges in Saudi Arabia through an online survey and were analyzed using the least-squares partial structural equation modeling (SEM). The results revealed that attitude (ATT), subjective norm (SN), and perceived behavioral control (PBC) strongly influenced young adults’ intentions to practice cybersecurity behavior (IPC). Also important for IPC was the perceived awareness of the consequences of the risks of cyber threats and the need for cybersecurity behavior (PCST). Moreover, while PCST and IPC were directly related to practicing cybersecurity behaviors, PBC was not. Future studies may benefit from examining cultural, and socio-demographic aspects that may influence CSB.
•Planned behavior theory is used to model cybersecurity practices online.•A nuanced understanding of young adults' cybersecurity behaviors is obtained.•Factors are found that affect young adults' motivation to adopt certain behaviors.•The value of cyber risk awareness of in predicting online behavior is shown.•Knowledge of cyber threats is shown to enhance security practices.
Vehicles are currently being developed and sold with increasing levels of connectivity and automation. As with all networked computing devices, increased connectivity often results in a heightened ...risk of a cyber security attack. Furthermore, increased automation exacerbates any risk by increasing the opportunities for the adversary to implement a successful attack. In this paper, a large volume of publicly accessible literature is reviewed and compartmentalized based on the vulnerabilities identified and mitigation techniques developed. This review highlighted that the majority of studies are reactive and vulnerabilities are often discovered by friendly adversaries (white-hat hackers). Many gaps in the knowledge base were identified. Priority should be given to address these knowledge gaps to minimize future cyber security risks in the connected and autonomous vehicle sector.
Cyber-attacks represent a potential threat to information security. As rates of data usage and internet consumption continue to increase, cyber awareness turned to be increasingly urgent. This study ...focuses on the relationships between cyber security awareness, knowledge and behavior with protection tools among individuals in general and across four countries: Israel, Slovenia, Poland and Turkey in particular. Results show that internet users possess adequate cyber threat awareness but apply only minimal protective measures usually relatively common and simple ones. The study findings also show that higher cyber knowledge is connected to the level of cyber awareness, beyond the differences in respondent country or gender. In addition, awareness is also connected to protection tools, but not to information they were willing to disclose. Lastly, findings exhibit differences between the explored countries that affect the interaction between awareness, knowledge, and behaviors. Results, implications, and recommendations for effective based cyber security training programs are presented and discussed.
•SCADA systems are designed with availability as top priority.•Vulnerabilities in SCADA systems are more critical and far reaching than IT systems.•Random forest achieved the highest accuracy rate in ...UNSW NB15 dataset.•Some existing IT solutions and mechanisms cannot be deployed over the SCADA system.•Datasets need further development for vulnerability analysis.
Supervisory control and data acquisition (SCADA) serves as the backbone of several critical infrastructures, including water supply systems, oil pipelines, transportation and electricity. It accomplishes essential functions, such as monitoring data from pumps, valves and transmitters. Across different generations, SCADA has undergone a significant evolution from a typically isolated environment to a highly interconnected network. Although this conversion has benefits for SCADA, such as enhanced performance efficiency and the cost reduction of heavy equipment, it has made SCADA more vulnerable to various cyber-attacks. Several SCADA security approaches are still provided by IT-based systems that are possibly not efficient enough to deflect the risks and threats originating from SCADA field operations. As a result, it is critically important to analyse cyber risks associated with the industrial SCADA system. The goal of this survey is to explore the security vulnerabilities of SCADA systems and classify the threats accordingly. In this project, we initially reviewed SCADA systems from different scopes, including architecture, vulnerabilities, attacks, intrusion detection techniques (IDS) and testbeds. We proposed taxonomies of vulnerabilities, attacks, IDS and testbeds according to predefined criteria. We concluded the survey by highlighting the research challenges and open issues for future research in the field of SCADA security.
The banking industry faces increased risks based on cyber threats, mostly through mobile applications and web portals, and to a lesser extent through other communication channels. Cyberattacks ...continue to increase, and the banking sector can be particularly vulnerable, especially in the context of the Covid-19 pandemic. The subject of the paper is to analyze the views of respondents of users of banking services in the Republic of Serbia on the problem of cyber threats as a risk factor in the banking sector. The main conclusion is that the largest number of respondents, as much as 70% of them, are not concerned or not very concerned about security in the banking services' sector. This indicates the existence of a high degree of trust in the security of banking services and the activities that banks undertake to protect data and deposited financial assets. In addition, banks should still emphasize preventive activities to reduce the risks based on cyber threats to an acceptably low level. Some of the preventive activities can be engaging in the education of internal auditors and increasing the effectiveness of information security audits.
Social Internet of Things (SIoT) is a new paradigm where Internet of Things (IoT) merges with social networks, allowing people and devices to interact, and facilitating information sharing. However, ...security and privacy issues are a great challenge for IoT but they are also enabling factors to create a "trust ecosystem." In fact, the intrinsic vulnerabilities of IoT devices, with limited resources and heterogeneous technologies, together with the lack of specifically designed IoT standards, represent a fertile ground for the expansion of specific cyber threats. In this paper, we try to bring order on the IoT security panorama providing a taxonomic analysis from the perspective of the three main key layers of the IoT system model: 1) perception; 2) transportation; and 3) application levels. As a result of the analysis, we will highlight the most critical issues with the aim of guiding future research directions.
SDN-based cyber defense: A survey Yurekten, Ozgur; Demirci, Mehmet
Future generation computer systems,
February 2021, 2021-02-00, Letnik:
115
Journal Article
Recenzirano
The growth and ubiquity of the Internet have changed the world in numerous ways, one of which is giving rise to the necessity of being vigilant about information security and cyber threats. As threat ...actors have become more sophisticated and new threats are emerging constantly, meeting information security objectives requires taking advantage of the latest technologies and tools. This paper focuses on a popular technology that can improve the way security is achieved: software-defined networking (SDN). Thanks to its flexibility, cost efficiency, and suitability for incremental deployment, SDN provides a practical means of developing effective security solutions. Through an extensive survey of the literature, we develop a taxonomy for SDN-based solutions to common attack types, identify the security primitives utilized in these studies, and categorize proposals by cyber threat category. Furthermore, we present a quantitative evaluation of the reviewed studies according to threat category, defense type, strategy, techniques, and deployment details. Finally, we discuss various challenges and potential research questions to be investigated in this area.
•We develop a taxonomy for SDN-based solutions to common attack types.•We categorize proposals by cyber threat category.•We identify the security primitives utilized in the reviewed studies.•We present a quantitative evaluation of these studies.•We discuss challenges and potential research questions.
The Internet of Things (IoT) has revolutionized modern tech with interconnected smart devices. While these innovations offer unprecedented opportunities, they also introduce complex security ...challenges. Cybersecurity is a pivotal concern for intrusion detection systems (IDS). Deep Learning has shown promise in effectively detecting and preventing cyberattacks on IoT devices. Although IDS is vital for safeguarding sensitive information by identifying and mitigating suspicious activities, conventional IDS solutions grapple with challenges in the IoT context. This paper delves into the cutting-edge intrusion detection methods for IoT security, anchored in Deep Learning. We review recent advancements in IDS for IoT, highlighting the underlying deep learning algorithms, associated datasets, types of attacks, and evaluation metrics. Further, we discuss the challenges faced in deploying Deep Learning for IoT security and suggest potential areas for future research. This survey will guide researchers and industry experts in adopting Deep Learning techniques in IoT security and intrusion detection.
•Proposing a new deep learning model for accurately detecting cyber threats to extract a feature representation and learn temporal information from cybersecurity data sequences.•Decreasing the ...learning rate of the Adam optimizer exponentially to improve its exploitation operator when it cannot improve in the validation loss within several epochs.•Evaluating the proposed model’s performance, DeepAK-IoT uses three datasets, two of which are aggregated using heterogeneous data sources, to assess its ability to detect the malicious code that can threaten IoT sources.•Refining DeepAK-IoT provides greater accuracy for the validated datasets, superior to three contemporary models.
Our daily lives have been profoundly changed over the past few years owing to the growing presence of the Internet of Things (IoT). Importantly, IoT makes our lives more convenient, simpler, and more efficient; however, gadgets are vulnerable to a wide variety of cyberattacks due to the lack of robust security mechanisms and hardware security support. This paper presents an alternative deep learning model known as DeepAK-IoT to detect cyberattacks against IoT devices. DeepAK-IoT uses three blocks as its foundation: the residual-based-spatial representation (RSR) block, the temporal representation block (TRB), and the detection block (DB). The RSR block uses five residual blocks to extract a feature representation from the output of the preceding layer. The four convolutional layers are connected in parallel with a skip connection within each block to avoid vanishing or exploding gradients. Then, the second block uses the extracted spatial representation to learn a temporal representation to detect cyber threats. The final block decides how to classify the input record. We evaluated the accuracy and generalization ability of DeepAK-IoT using three well-known public datasets: TON-IoT, Edge-IIoTset, and UNSW-NB15. The proposed model was compared to three state-of-the-art deep learning models to demonstrate its effectiveness in detecting cyber threats in IoT systems. According to the experimental results, DeepAK-IoT was found to be a powerful alternative model for managing cyber threats in IoT networks, as it provided 90.57% accuracy for TON IoT, 94.96% for Edge-IIoTset, and 98.41% for UNSW NB15.
The exponential growth of the Internet interconnections has led to a significant growth of cyber attack incidents often with disastrous and grievous consequences. Malware is the primary choice of ...weapon to carry out malicious intents in the cyberspace, either by exploitation into existing vulnerabilities or utilization of unique characteristics of emerging technologies. The development of more innovative and effective malware defense mechanisms has been regarded as an urgent requirement in the cybersecurity community. To assist in achieving this goal, we first present an overview of the most exploited vulnerabilities in existing hardware, software, and network layers. This is followed by critiques of existing state-of-the-art mitigation techniques as why they do or don't work. We then discuss new attack patterns in emerging technologies such as social media, cloud computing, smartphone technology, and critical infrastructure. Finally, we describe our speculative observations on future research directions.
•A comprehensive overview of existing security vulnerabilities.•Critical analysis of the state-of-the-art mitigation techniques and their pros and cons.•Analysis of new cyber attack patterns in emerging technologies.•Potential future research directions in cyber security.