Throughout human evolutionary history, snakes have been associated with danger and threat. Research has shown that snakes are prioritized by our attentional system, despite many of us rarely ...encountering them in our daily lives. We conducted two high-powered, pre-registered experiments (total N = 224) manipulating target prevalence to understand this heightened prioritization of threatening targets. Target prevalence refers to the proportion of trials wherein a target is presented; reductions in prevalence consistently reduce the likelihood that targets will be found. We reasoned that snake targets in visual search should experience weaker effects of low target prevalence compared to non-threatening targets (rabbits) because they should be prioritized by searchers despite appearing rarely. In both experiments, we found evidence of classic prevalence effects but (contrasting prior work) we also found that search for threatening targets was slower and less accurate than for nonthreatening targets. This surprising result is possibly due to methodological issues common in prior studies, including comparatively smaller sample sizes, fewer trials, and a tendency to exclusively examine conditions of relatively high prevalence. Our findings call into question accounts of threat prioritization and suggest that prior attention findings may be constrained to a narrow range of circumstances.
The increasing popularity and widespread use of Internet of Things (IoT) and Cyber-Physical Systems (CPS) technologies have produced a significant need for the integration of cloud and edge computing ...with distributed detection solutions to handle the growing volume of distributed security threats. While deep learning-based approaches have been used to detect anomalous behaviors in complex data patterns, the heterogeneity in IoT networks still poses paramount challenges to update synchronization across learning nodes in distributed training. Particularly, the non-independent and identically distributed (non-IID) data patterns over remote nodes significantly affect the performance of model training provisioned on cloud and edge computing servers, and most existing works have assumed a homogeneous setting. The heterogeneity brings the gradient delay problem, causing the gradient inconsistency in the barrier-free asynchronous mode. In this paper, we propose a Delay Compensated Adam (DC-Adam) approach, an asynchronous federated learning-based detection approach, for IoT devices with limited resources. To overcome the notorious gradient delay problem, we develop a Taylor Expansion-based scheme to compensate for the inconsistency caused by asynchronous communication. Moreover, a pre-shared data training strategy for non-IID data is developed to avoid the convergence divergence under the non-IID patterns. After the collaborative model training procedure, we append an additional local training process at each client to fit respective patterns. Via a combination of theoretical analysis of convergence and practical experimental results, we validate the efficacy of our proposed approach compared to the other state-of-the-art approaches. Compared with benchmark approaches, we demonstrate that our proposed method can converge stably, and that it outperforms the barrier-free asynchronous federated learning by 12.8% (accuracy), 14% (precision). 8.71% (recall), and 11.16% (F1 score) on average.
Efficient change control and configuration management is imperative for addressing the emerging security threats in cloud infrastructure. These threats majorly exploit misconfiguration ...vulnerabilities e.g. excessive permissions, disabled logging features and publicly accessible cloud storage buckets. Traditional security tools and mechanisms are unable to effectively and continuously track changes in cloud infrastructure owing to transience and unpredictability of cloud events. Therefore, novel tools that are proactive, agile and continuous are imperative. This article proposes CSBAuditor, a novel cloud security system that continuously monitors cloud infrastructure, to detect malicious activities and unauthorized changes. CSBAuditor leverages two concepts: state transition analysis and reconciler pattern to overcome the aforementioned security issues. Furthermore, security metrics are used to compute severity scores for detected vulnerabilities using a novel scoring system: Cloud Security Scoring System. CSBAuditor has been evaluated using various strategies including security chaos engineering (fault injection) strategies on Amazon Web Services and Google Cloud Platform. CSBAuditor effectively detects misconfigurations in real-time with a detection rate of over 98%. Also, the performance overhead is within acceptable limits.
Using appropriate antipredatory responses is crucial for survival. While slowing down reduces the chances of being detected from distant predators, fleeing away is advantageous in front of an ...approaching predator. Whether appropriate responses depend on experience with moving objects is still an open question. To clarify whether adopting appropriate fleeing or freezing responses requires previous experience, we investigated responses of chicks naive to movement. When exposed to the moving cues mimicking an approaching predator (a rapidly expanding, looming stimulus), chicks displayed a fast escape response. In contrast, when presented with a distal threat (a small stimulus sweeping overhead) they decreased their speed, a maneuver useful to avoid detection. The fast expansion of the stimulus toward the subject, rather than its size per se or change in luminance, triggered the escape response. These results show that young animals, in the absence of previous experience, can use motion cues to select the appropriate responses to different threats. The adaptive needs of young preys are thus matched by spontaneous defensive mechanisms that do not require learning.
Insider threats are malicious acts that can be carried out by an authorized employee within an organization. Insider threats represent a major cybersecurity challenge for private and public ...organizations, as an insider attack can cause extensive damage to organization assets much more than external attacks. Most existing approaches in the field of insider threat focused on detecting general insider attack scenarios. However, insider attacks can be carried out in different ways, and the most dangerous one is a data leakage attack that can be executed by a malicious insider before his/her leaving an organization. This paper proposes a machine learning-based model for detecting such serious insider threat incidents. The proposed model addresses the possible bias of detection results that can occur due to an inappropriate encoding process by employing the feature scaling and one-hot encoding techniques. Furthermore, the imbalance issue of the utilized dataset is also addressed utilizing the synthetic minority oversampling technique (SMOTE). Well known machine learning algorithms are employed to detect the most accurate classifier that can detect data leakage events executed by malicious insiders during the sensitive period before they leave an organization. We provide a proof of concept for our model by applying it on CMU-CERT Insider Threat Dataset and comparing its performance with the ground truth. The experimental results show that our model detects insider data leakage events with an AUC-ROC value of 0.99, outperforming the existing approaches that are validated on the same dataset. The proposed model provides effective methods to address possible bias and class imbalance issues for the aim of devising an effective insider data leakage detection system.
Due to the increasing security needs, X-ray devices have started to be used more and more in security systems. Dual-energy X-ray devices are preferred to conventional ones since they enable Effective ...Atomic Number (Zeff) estimation that cannot be provided by traditional devices, which use density-based segmentation. In this paper, pure material samples are used to obtain system characteristics. Linear mass attenuation coefficients (μ) of the materials can be calculated by using two leveled images, and these coefficients provide information about the Zeff of substances. After that, they can be classified as organic and inorganic via the effective atomic number method and explicitly identified. As well as this, organic explosives can be detected thanks to this simple and effective approach.
With the rapidly evolving technological landscape, the huge development of the Internet of Things, and the embracing of digital transformation, the world is witnessing an explosion in data generation ...and a rapid evolution of new applications that lead to new, wider, and more sophisticated threats that are complex and hard to be detected. Advanced persistence threats use continuous, clandestine, and sophisticated techniques to gain access to a system and remain hidden for a prolonged period of time, with potentially destructive consequences. Those stealthy attacks are often not detectable by advanced intrusion detection systems (e.g., LightBasin attack was detected in 2022 and has been active since 2016). Indeed, threat actors are able to quickly and intelligently alter their tactics to avoid being detected by security defense lines (e.g., prevention and detection mechanisms). In response to these evolving threats, organizations need to adopt new proactive defense approaches. Threat hunting is a proactive security line exercised to uncover stealthy attacks, malicious activities, and suspicious entities that could circumvent standard detection mechanisms. Additionally, threat hunting is an iterative approach to generate and revise threat hypotheses endeavoring to provide early attack detection in a proactive way. The proactiveness consists of testing and validating the initial hypothesis using various manual and automated tools/techniques with the objective of confirming/refuting the existence of an attack. This survey studies the threat hunting concept and provides a comprehensive review of the existing solutions for Enterprise networks. In particular, we provide a threat hunting taxonomy based on the used technique and a sub-classification based on the detailed approach. Furthermore, we discuss the existing standardization efforts. Finally, we provide a qualitative discussion on current advances and identify various research gaps and challenges that may be considered by the research community to design concrete and efficient threat hunting solutions.
Attention orienting towards a gazed-at location is fundamental to social attention. Whether gaze cues can interact with emotional expressions other than those signalling environmental threat to ...modulate this gaze cueing, and whether this integration changes over time, remains unclear. With four experiments we demonstrate that, when perceived motion inherent to dynamic displays is controlled for, gaze cueing is enhanced by both fearful and happy faces compared to neutral faces. This enhancement is seen with stimulus-onset asynchronies ranging from 200-700 ms. Thus, gaze cueing can be reliably modulated by positive expressions, albeit to a smaller degree than fearful ones, and this gaze-emotion integration impacts behaviour as early as 200 ms post-cue onset.
Dark Net Marketplaces (DNMs), online selling platforms on the dark web, constitute a major component of the underground economy. Due to the anonymity and increasing accessibility of these platforms, ...they are rich sources of cyber threats such as hacking tools, data breaches, and personal account information. As the number of products offered on DNMs increases, researchers have begun to develop automated machine learning-based threat identification approaches. A major challenge in adopting such an approach is that the task typically requires manually labeled training data, which is expensive and impractical. We propose a novel semi-supervised labeling technique for leveraging unlabeled data based on the lexical and structural characteristics of DNMs using transductive learning. Empirical results show that the proposed approach leads to an approximately 3-5% increase in classification performance measured by F
1
-score, while increasing both precision and recall. To further improve the identification performance, we adopt Long Short-Term Memory (LSTM) as a deep learning structure on top of the proposed labeling method. The results are evaluated against a large collection of 79K product listings obtained from the most popular DNMs. Our method outperforms the state-of-the-art methods in threat identification and is considered as an important step toward lowering the human supervision cost in realizing automated threat detection within cyber threat intelligence organizations.
Maritime ships and ports have become increasingly digital and intelligent. While intelligent maritime transportation systems bring convenience to the maritime industry, ship operation and management ...are also confronted with network risks. The Internet of Things (IoT) installed in the shipborne network collects and monitors the environmental data of the whole ship. It uses the collected data to make decisions to control the ship. The threat of Local Area Network (LAN) of IoT in ships has become an emerging issue. The DNS rebinding attack is a typical attack, which can bypass firewalls and seriously threaten the marine network in security and privacy of the local IoT. DNS rebinding attacks are difficult to model and detect, due to their sophisticated characteristics. In this work, we define threat models of DNS rebinding attacks and propose an effective method for the detection of and the defense against these attacks. First, we define threat models for DNS rebinding attacks. We employ a Markov chain to model the process of DNS rebinding attacks. With the threat modeling, the attack behaviors are clearly characterized and the most relevant attributes are thus extracted. Second, we propose an effective method for the detection of DNS rebinding attacks in the marine transportation system. The detection method includes the initialization method and the verification method, which manages and verifies access permission of equipment information and the service interface of the IoT in the shipborn network. Finally, we simulate the DNS rebinding attacks on the marine IoT. We analyze and test the security and the performance of the initialization method and the verification method in the simulated environment. The extensive experimental results demonstrate that the IoT in marine networks is vulnerable to DNS rebinding. Our method is effective and efficient to detect and defend against DNS rebinding attacks. It thus secures security and privacy in the local IoT on shipboard.