Integrating blockchain into the Internet of Things (IoT) for security is a new development in computational communication systems. While security threats are changing their strategies and ...constructing new threats on blockchain-based IoT systems. Also, in combining blockchain with IoT networks, malicious transactions and active attacks deliver more vulnerabilities, privacy issues, and security threats. The concept of blockchain-based IoT attacks is a hot topic in both IoT and blockchain disciplines. Network attacks are a type of security and privacy threat and cover the exact scope of threats related to the combination of IoT and blockchain. Even though blockchain has potential security benefits, new cyberattacks have emerged that make blockchain alone insufficient to deal with threats and attacks in IoT networks since vagueness and ambiguity issues are unavoidable in IoT data. The heterogeneous nature of IoT sources has made uncertainty a critical issue in IoT networks. Deep Learning (DL) models have difficulty dealing with uncertainty issues and cannot manage them efficiently as an essential tool in security techniques. Thus, we need better security, privacy, and practical approaches, such as efficient threat detection against network attacks in blockchain-based IoT environments. Also helpful to consider fuzzy logic to tackle deterministic issues when DL models face uncertainty. This paper designs and implements a secure, intelligent fuzzy blockchain framework. This framework utilizes a novel fuzzy DL model, optimized adaptive neuro-fuzzy inference system (ANFIS)-based attack detection, fuzzy matching (FM), and fuzzy control system (FCS) for detection of network attacks. The proposed fuzzy DL applies the fuzzy Choquet integral to have a powerful nonlinear aggregation function in the detection. We use metaheuristic algorithms to optimize the attack detection error function in ANFIS. We also validate transactions via FM to tackle fraud detection and efficiency in the blockchain layer. This framework is the first secure, intelligent fuzzy blockchain framework that identifies and detects security threats while considering uncertainty issues in IoT networks and having more flexibility in decision-making and accepting transactions in the blockchain layer. Evaluation results verify the efficiency of the blockchain layer in throughput and latency metrics and the intelligent fuzzy layer in performance metrics (Accuracy, Precision, Recall, and F1-Score) in threat detection on both blockchain and IoT network sides. Additionally, FCS demonstrates that we obtain an effective system (stable model) for threat detection in blockchain-based IoT networks.
•Investigate blockchain-based IoT attacks and tackle cyber threats to blockchain-based IoT systems.•Design and implementation of a secure intelligent fuzzy blockchain framework.•Proposed a novel fuzzy deep learning model for threat detection.•Design the optimized ANFIS-based attack detection system for the IoT networks.•Using the fuzzy matching to validate transactions for fraud detection.
Detecting cluttered and overlapping contraband items from baggage scans is one of the most challenging tasks, even for human experts. Recently, considerable literature has grown up around the theme ...of deep learning-based X-ray screening for localizing contraband data. However, the existing threat detection systems are still vulnerable to high occlusion, clutter, and concealment. Furthermore, they require exhaustive training routines on large-scale and well-annotated data in order to produce accurate results. To overcome the above-mentioned limitations, this paper presents a novel convolutional transformer system that recognizes different overlapping instances of prohibited objects in complex baggage X-ray scans via a distillation-driven incremental instance segmentation scheme. Furthermore, unlike its competitors, the proposed framework allows an incremental integration of new item instances while avoiding costly training routines. In addition to this, the proposed framework also outperforms state-of-the-art approaches by achieving a mean average precision score of 0.7896, 0.5974, and 0.7569 on publicly available GDXray, SIXray, and OPIXray datasets for detecting concealed and cluttered baggage threats.
•This paper presents a novel incremental convolutional transformer model.•A β hyperparameter is introduced in the paper to control catastrophic forgetting.•A unique segmentation scheme is proposed to extract cluttered object instances.•The proposed system is thoroughly tested on three public X-ray datasets.
The Internet of Medical Things (IoMT) is increasingly replacing the traditional healthcare systems. However, less focus has been paid to their security against cyber-threats in the implementation of ...the IoMT and its networks. One of the key reasons can be the challenging task of optimizing typical security solutions to the IoMT networks. And despite the rising admiration of machine learning and deep learning methods in the cyber-security domain (e.g., a threat detection system), most of these methods are acknowledged as a black-box model. The explainable AI (XAI) has become progressively vital to understand the employed learning models to improve trust level and empower security experts to interpret the prediction decisions. The authors propose a highly efficient model named XSRU-IoMT, for effective and timely detection of sophisticated attack vectors in IoMT networks. The proposed model is developed using novel bidirectional simple recurrent units (SRU) using the phenomenon of skip connections to eradicate the vanishing gradient problem and achieve a fast training process in recurrent networks. We also explore the concepts of XAI to improve trust level by providing explanations of the predictive decisions and enabling humans and security experts to understand the causal reasoning and underlying data evidence. The evaluation results on the ToN_IoT dataset demonstrate the effectiveness and superiority of the proposed XSRU-IoMT model as compared to the state-of-the-art compelling detection models, suggesting its usefulness as a viable deployment model in real-IoMT networks.
•The concepts of XAI are explored enabling security experts to interpret underlying data evidence.•The analysis of importance of features is explored for better threat and intrusion discovery.•A novel bidirectional SRU model using skip connections, is proposed for security of IoMT networks.•This technique is capable to alleviate vanishing gradient problem and having fast training time.•Highly effectual in detecting several kinds of cyber-threats against IoMT-driven SHS.
With the prevalence of Internet of Things (IoT) systems, inconspicuous everyday household devices are connected to the Internet, providing automation and real-time services to their users. In spite ...of their light-weight design and low power, their vulnerabilities often give rise to cyber risks that harm their operations over network systems. One of the key challenges of securing IoT networks is tracing sources of cyber-attack events, along with obfuscating and encrypting network traffic. This study proposes a new network forensics framework , called a Particle Deep Framework (PDF), which describes the digital investigation phases for identifying and tracing attack behaviors in IoT networks. The proposed framework includes three new functions: (1) extracting network data flows and verifying their integrity to deal with encrypted networks; (2) utilizing a Particle Swarm Optimization (PSO) algorithm to automatically adapt parameters of deep learning; and (3) developing a Deep Neural Network (DNN) based on the PSO algorithm to discover and trace abnormal events from IoT network of smart homes. The proposed PDF is evaluated using the Bot-IoT and UNSW_NB15 datasets and compared with various deep learning techniques. Experimental results reveal a high performance of the proposed framework for discovering and tracing cyber-attack events compared with the other techniques.
•Particle Deep Framework for Internet of things Network Forensics presented.•Deep Neural Network optimization through Particle Swarm Optimization.•Analysis of experimental results indicate high accuracy, precision and recall.
Vision Transformers (ViTs) denote a family of attention-based deep learning techniques that have recently achieved amazing results in various problems related to the field of computer vision. In this ...paper, we explore the use of ViTs in problems of cyber-threat detection related to malware and network intrusion detection. In particular, we propose VINCENT, that is a novel deep neural method, which resorts to a color imagery representation of cyber-data by encoding related cyber-data features into neighboring color pixels. ViTs are trained from cyber-data images as teacher models, to extract explainable imagery signatures of cyber-data classes. This knowledge is extracted by leveraging the self-attention mechanism to give paired attention values between pairs of imagery patches. The signature knowledge, extracted through the ViT teacher, is, finally, used to train a smaller neural student model according to the knowledge distillation theory. Experiments with various benchmark cybersecurity datasets assess the accuracy of the student model VINCENT also compared to that of several state-of-the-art methods. In addition, it shows that VINCENT can obtain insights from explanations recovered through the self-attention mechanism of the ViT teacher.
•ViTs trained on cyber-data images.•Explanation information distilled from ViTs to CNNs.•Experiments with four benchmark cybersecurity datasets.•The proposed method outperforms many state-of-the-art competitors.
Threat intelligence is the provision of evidence-based knowledge about existing or potential threats. Benefits of threat intelligence include improved efficiency and effectiveness in security ...operations in terms of detective and preventive capabilities. Successful threat intelligence within the cyber domain demands a knowledge base of threat information and an expressive way to represent this knowledge. This purpose is served by the use of taxonomies, sharing standards, and ontologies. This paper introduces the Cyber Threat Intelligence (CTI) model, which enables cyber defenders to explore their threat intelligence capabilities and understand their position against the ever-changing cyber threat landscape. In addition, we use our model to analyze and evaluate several existing taxonomies, sharing standards, and ontologies relevant to cyber threat intelligence. Our results show that the cyber security community lacks an ontology covering the complete spectrum of threat intelligence. To conclude, we argue the importance of developing a multi-layered cyber threat intelligence ontology based on the CTI model and the steps should be taken under consideration, which are the foundation of our future work.
Malicious insiders cause significant loss to organizations. Due to an extremely small number of malicious activities from insiders, insider threat is hard to detect. In this article, we present a ...Dirichlet Marked Hawkes Process (DMHP) to detect malicious activities from insiders in real-time. DMHP combines the Dirichlet process and marked Hawkes processes to model the sequence of user activities. The Dirichlet process is capable of detecting unbounded user modes (patterns) of infinite user activities, while, for each detected user mode, one set of marked Hawkes processes is adopted to model user activities from time and activity type (e.g., WWW visit or send email) information so that different user modes are modeled by different sets of marked Hawkes processes. To achieve real-time malicious insider activity detection, the likelihood of the most recent activity calculated by DMHP is adopted as a score to measure the maliciousness of the activity. Since the majority of user activities are benign, those activities with low likelihoods are labeled as malicious activities. Experimental results on two datasets show the effectiveness of DMHP.
Abstract Ensemble learning is a strategy commonly used to fuse different base models by creating a model ensemble that is expected more accurate on unseen data than the base models. This study ...describes a new cyber-threat detection method, called , that uses ensemble learning coupled with adversarial training in deep learning, in order to gain accuracy with neural models trained in cybersecurity problems. The selection of the base models is one of the main challenges to handle, in order to train accurate ensembles. This study describes a model ensemble pruning approach based on eXplainable AI (XAI) to increase the ensemble diversity and gain accuracy in ensemble classification. We base on the idea that being able to identify base models that give relevance to different input feature sub-spaces may help in improving the accuracy of an ensemble trained to recognise different signatures of different cyber-attack patterns. To this purpose, we use a global XAI technique to measure the ensemble model diversity with respect to the effect of the input features on the accuracy of the base neural models combined in the ensemble. Experiments carried out on four benchmark cybersecurity datasets (three network intrusion detection datasets and one malware detection dataset) show the beneficial effects of the proposed combination of adversarial training, ensemble learning and XAI on the accuracy of multi-class classifications of cyber-data achieved by the neural model ensemble.