Despite providing unparalleled connectivity and convenience, the exponential growth of the Internet of Things (IoT) ecosystem has triggered significant cybersecurity concerns. These concerns stem ...from various factors, including the heterogeneity of IoT devices, widespread deployment, and inherent computational limitations. Integrating emerging technologies to address these concerns becomes imperative as the dynamic IoT landscape evolves. Machine Learning (ML), a rapidly advancing technology, has shown considerable promise in addressing IoT security issues. It has significantly influenced and advanced research in cyber threat detection. This survey provides a comprehensive overview of current trends, methodologies, and challenges in applying machine learning for cyber threat detection in IoT environments. Specifically, we further perform a comparative analysis of state-of-the-art ML-based Intrusion Detection Systems (IDSs) in the landscape of IoT security. In addition, we shed light on the pressing unresolved issues and challenges within this dynamic field. We provide a future vision with Generative AI and large language models to enhance IoT security. The discussions present an in-depth understanding of different cyber threat detection methods, enhancing the knowledge base of researchers and practitioners alike. This paper is a valuable resource for those keen to delve into the evolving world of cyber threat detection leveraging ML and IoT security.
Unraveled is a novel cybersecurity dataset capturing Advanced Persistent Threat (APT) attacks not available in the public domain. Existing cybersecurity datasets lack coherent information about ...sophisticated and persistent cyber-attack features, including attack planning and deployment, stealthiness of the attacker(s), longer dorm period between attack activities, etc. Our APT attack scenario in Unraveled is implemented on a real network system established on a cloud platform to emulate an organization’s network system. The new dataset provides a comprehensive network flow and host-level log information about the normal user(s) traffic and the cyber attacks traffic. To emulate realistic network traffic scenarios, Unraveled also includes attacks at different skills reflecting a typical organization’s threat posture, and by utilizing APT attack information from one of the well-known APT attack databases, i.e., MITRE’s APT-group database. Furthermore, we design and develop an Employee Behavior Generation (EBG) model to emulate multiple normal employees’ traffic and activities during a 6-week time period based on their pre-defined business functions. Using well-known machine learning models for anomaly detection, we show that the APT attack activities in Unraveled are hardly detected, indicating the need for more effective solutions that are based on datasets representing real world APT attacks.
The safeguarding of critical zones aboard a marine vehicle, such as the engine room, wheelhouse, and pump room, assumes crucial significance while navigating through the open sea. Despite the ...existing pre-boarding security measures, Concealed Threat Detection (CTD) systems have emerged as a pressing need to prevent the ship from post-boarding damage with concealed dangers. Due to concerns regarding deployment cost and privacy, mmWave-based CTD systems have received significant attention. However, current solutions are not easily adapted to work in ships because of the large number of ghost targets resulting from multipath reflections in full metal cabins. To address these challenges, this paper proposes a new CTD system, called mmCTD, which utilizes two mmWave commercial radars. The proposed system addresses the multipath challenge by unifying multi-view perceptions with two distinct designs. First, we propose a ghost-point elimination algorithm that extracts the point clouds from real objects. Then, we design a multi-view domain adversarial framework to predict concealed threats in the human body using the extracted RF features. mmCTD is validated by both simulations and real ship experiments, and results demonstrate that the recognition accuracy in three scenarios reaches 89% with a low false alarm rate.
With the prevalence of Internet of Things (IoT) technologies, the huge growth of IoT devices has also brought attention of cyber attackers. IoT botnets are rapidly spreading and evolving worldwide, ...causing serious risks to users and data. Machine learning (ML) has shown its effectiveness on threat detection. However, existing feature encoding and learning methods are unsuitable for resource constrained edge devices like the IoT gateway. In this paper, we propose a lightweight threat detection scheme called FlowSpotter. The flow imaging mechanism requires less feature extraction but preserves more spatial and temporal information. A lite convolution neural network architecture based on the state-of-the-art efficient building blocks is devised. For performance evaluation, we develop an IoT honeypot system that captures hundreds of thousands of IoT intrusions in the wild. Besides, FlowSpotter is implemented on Raspberry Pi for measuring the efficiency. Experimental results show that FlowSpotter not only outperforms 8 baseline models by achieving 99.8% accuracy and 0.07% false positive rate, but also consumes the least computing resources by taking less than 11 ms and 61 MiB memory for each detection.
Abstract Insider threats refer to harmful actions carried out by authorized users within an organization, posing the most damaging risks. The increasing number of these threats has revealed the ...inadequacy of traditional methods for detecting and mitigating insider threats. These existing approaches lack the ability to analyze activity-related information in detail, resulting in delayed detection of malicious intent. Additionally, current methods lack advancements in addressing noisy datasets or unknown scenarios, leading to under-fitting or over-fitting of the models. To address these, our paper presents a hybrid insider threat detection framework. We not only enhance prediction accuracy by incorporating a layer of statistical criteria on top of machine learning-based classification but also present optimal parameters to address over/under-fitting of models. We evaluate the performance of our framework using a real-life threat test dataset (CERT r4.2) and compare it to existing methods on the same dataset (Glasser and Lindauer 2013). Our initial evaluation demonstrates that our proposed framework achieves an accuracy of 98.48% in detecting insider threats, surpassing the performance of most of the existing methods. Additionally, our framework effectively handles potential bias and data imbalance issues that can arise in real-life scenarios.
Detecting cluttered and overlapping contraband items from baggage scans is one of the most challenging tasks, even for human experts. Recently, considerable literature has grown up around the theme ...of deep learning-based X-ray screening for localizing contraband data. However, the existing threat detection systems are still vulnerable to high occlusion, clutter, and concealment. Furthermore, they require exhaustive training routines on large-scale and well-annotated data in order to produce accurate results. To overcome the above-mentioned limitations, this paper presents a novel convolutional transformer system that recognizes different overlapping instances of prohibited objects in complex baggage X-ray scans via a distillation-driven incremental instance segmentation scheme. Furthermore, unlike its competitors, the proposed framework allows an incremental integration of new item instances while avoiding costly training routines. In addition to this, the proposed framework also outperforms state-of-the-art approaches by achieving a mean average precision score of 0.7896, 0.5974, and 0.7569 on publicly available GDXray, SIXray, and OPIXray datasets for detecting concealed and cluttered baggage threats.
•This paper presents a novel incremental convolutional transformer model.•A β hyperparameter is introduced in the paper to control catastrophic forgetting.•A unique segmentation scheme is proposed to extract cluttered object instances.•The proposed system is thoroughly tested on three public X-ray datasets.
Phishing threats are real and are ever increasing in their reach and devastating effects. This study delves into the role of cognitive processing in detecting and curtailing phishing attacks. The ...proposed model is grounded on the Elaboration Likelihood Model and is tested empirically using data from 192 cases. Data was collected through direct observations of phishing susceptibility and self-reported questionnaires after staging a phishing attack targeting a university population in Nairobi, Kenya. The model was found to have excellent fit and was able to account for 50.8% of a person's cognitive processing of a phishing attack, 69.5% of their ability to detect phishing threats and could predict 28% of their actual phishing susceptibility. Analysis was done to test 25 hypothesis, and to examine the mediating effects of cognitive processing and threat detection. In addition, multi-group moderation analysis was done to examine if the model was invariant based on the level of knowledge. Results indicate that threat detection has the strongest effect in reducing phishing susceptibility. Threat detection was found to be what explains why people who expend cognitive effort processing phishing communication are less likely to fall for phishing threats.
•The model is theoretically grounded on the Elaboration Likelihood Model and examines more constructs than previous work.•Excellent fit achieved.•Analysis involves hypothesis testing and also examining of mediation and moderation effects.•Accounts for 69.5% of an individual's Threat Detection, 50.8% of Elaboration can predict 28% of Phishing Susceptibility.•Threat Detection accounts for strongest effect with regards to reducing phishing susceptibility as compared to Elaboration.
This paper delves into the transformative role of machine learning (ML) techniques in revolutionizing the security of electric and flying vehicles (EnFVs). By exploring key domains such as predictive ...maintenance, cyberattack detection, and intelligent decision-making, the study uncovers pivotal insights that will shape the future of this technology.
From a theoretical perspective, ML emerges as a cornerstone for fortifying EnFV safety, offering real-time threat detection, predictive maintenance capabilities, and enhanced anomaly detection. In practical terms, ML-based solutions are envisioned as instrumental in preventing cyberattacks, reducing downtime, and improving overall safety.
The research contributions of this study encompass a comprehensive overview of ML applications in EnFV security, identification of challenges, and paving the way for future research directions. While acknowledging research limitations, particularly the need for real-world implementation, the study emphasizes the crucial yet underexplored ethical considerations in ML for EnFV security. Future research suggestions focus on Explainable AI techniques, real-time ML algorithms for resource-constrained environments, and privacy-preserving ML techniques, aiming for a transparent, efficient, and privacy-aware integration of ML in EnFV security. By addressing key security challenges, ML can potentially revolutionize the EnFV domain, paving the way for a future of efficient, sustainable, and connected transportation systems.
Vision Transformers (ViTs) denote a family of attention-based deep learning techniques that have recently achieved amazing results in various problems related to the field of computer vision. In this ...paper, we explore the use of ViTs in problems of cyber-threat detection related to malware and network intrusion detection. In particular, we propose VINCENT, that is a novel deep neural method, which resorts to a color imagery representation of cyber-data by encoding related cyber-data features into neighboring color pixels. ViTs are trained from cyber-data images as teacher models, to extract explainable imagery signatures of cyber-data classes. This knowledge is extracted by leveraging the self-attention mechanism to give paired attention values between pairs of imagery patches. The signature knowledge, extracted through the ViT teacher, is, finally, used to train a smaller neural student model according to the knowledge distillation theory. Experiments with various benchmark cybersecurity datasets assess the accuracy of the student model VINCENT also compared to that of several state-of-the-art methods. In addition, it shows that VINCENT can obtain insights from explanations recovered through the self-attention mechanism of the ViT teacher.
•ViTs trained on cyber-data images.•Explanation information distilled from ViTs to CNNs.•Experiments with four benchmark cybersecurity datasets.•The proposed method outperforms many state-of-the-art competitors.