Threat hunting has become very popular due to the present dynamic cyber security environment. As there remains increase in attacks’ landscape, the traditional way of monitoring threats is not scalable anymore. Consequently, threat hunting modeling technique is implemented as an emergent activity using machine learning (ML) paradigms. ML predictive analytics was carried out on OSTO-CID dataset using four algorithms to develop the model. Cross validation ratio of 80:20 was used to train and test the model. Decision tree classifier (DTC) gives the best metrics results among the four ML algorithms with 99.30\% accuracy. Therefore, DTC can be used for developing threat hunting model to mitigate cyber-attacks using data mining approach.

Aiming at the problem of threat assessment of air and space target, a new algorithm for target threat assessment and ranking in intelligent aided decision system is proposed. The algorithm uses the radar characteristics of the targets, such as velocity, acceleration, altitude, heading and electronic interference, as target threat assessment features. Then the Analytic Hierarchy Process (AHP) method of multi-attribute decision is used to fuse information, and the judgment matrix of attribute importance is constructed by fuzzy dynamic interval method, which effectively solves the problem of attribute weight changing with time. Finally, the threat degree is determined by sorting the fusion results. The simulation results show that the algorithm is effective.

An Intrusion detection system (IDS) plays a role in network intrusion detection through network data analysis, and high detection accuracy, precision, and recall are required to detect intrusions. Also, various techniques such as expert systems, data mining, and state transition analysis are used for network data analysis. The paper compares the detection effects of the two IDS methods using data mining. The first technique is a support vector machine (SVM), a machine learning algorithm; the second is a deep neural network (DNN), one of the artificial neural network models. The accuracy, precision, and recall were calculated and compared using NSL-KDD training and validation data, which is widely used in intrusion detection to compare the detection effects of the two techniques. DNN shows slightly higher accuracy than the SVM model. The risk of recognizing an actual intrusion as normal data is much greater than the risk of considering normal data as an intrusion, so DNN proves to be much more effective in intrusion detection than SVM.

This study aimed to recognize threats by recognizing the assailant pose, victim pose, and the threat object used by the assailant in one frame in a threat emergency situation using a 2D camera and by applying YOLOv5s algorithm. The system s ability to correctly identify threats depends heavily on the training and labeling in YOLOv5s. Thus, the bounding boxes were carefully assigned, and the labels were arranged properly. Through the application of YOLOv5s algorithm, supervised learning was implemented. Recognized threats were identified by recognizing the three variables including, victim pose, assailant pose, and threat object in one frame. The YOLOv5s were able to localize the pose and object and avoid misclassification by setting the appropriate Intersection over Union (IoU) and confidence threshold. Using a truth table, YOLOv5s was able to identify threats by removing possibilities that were not even threats. As for the result, the system was able to recognize each of the assailant poses, victim poses, and threat objects in one frame. Thus, the system was able to obtain an overall reliability of 98.125\%.

Topic modeling algorithms from the natural language processing (NLP) discipline have been used for various applications. For instance, topic modeling for the product recommendation systems in the e-commerce systems. In this paper, we briefly reviewed topic modeling applications and then described our proposed idea of utilizing topic modeling approaches for cyber threat intelligence (CTI) applications. We improved the previous work by implementing BERTopic and Top2Vec approaches, enabling users to select their preferred pretrained text/sentence embedding model, and supporting various languages. We implemented our proposed idea as the new topic modeling module for the Open Web Application Security Project (OWASP) Maryam: Open-Source Intelligence (OSINT) framework. We also described our experiment results using a leaked hacker forum dataset (nulled.io) to attract more researchers and open-source communities to participate in the Maryam project of OWASP Foundation.

Cyber Threat Intelligence has been demonstrated to be an effective element of defensive security and cyber protection with examples dating back to the founding of the Financial Sector Information Sharing and Analysis Center (FS ISAC) in 1998. Automated methods are needed today in order to stay current with the magnitude of attacks across the globe. Threat information must be actionable, current and credibly validated if they are to be ingested into computer operated defense systems. False positives degrade the value of the system. This paper outlines some of the progress made in applying artificial intelligence techniques as well as the challenges associated with utilizing machine learning to refine the flow of threat intelligence. A variety of methods have been developed to create learning models that can be integrated with firewalls, rules and heuristics. In addition more work is needed to effectively support the limited number of expert human hours available to evaluate the prioritized threat landscape flagged as malicious in a (Security Operations Center) SOC environment.

In order to solve the problem of intelligent multi-target threat assessment in Information land battlefield, The SVM nonlinear classification can be effectively solved through the high-dimensional mapping of complex features. The land battlefield target threat assessment index system is selected, the sample data is standardized and standardized, and the target threat assessment SVM classifier is designed, Four commonly kernel functions and penalty coefficients are applied to estimate the threat of targets in land battlefield. The example shows that this method has high classification accuracy and suitable for dealing with complex and changeable battlefield threat data, and has high practical value. The correctness of the conclusion is validated by Python.

To improve the judging and decision-making ability on air target threats in air defense operations, an air target threat assessment method is proposed based on Relevance Vector Machine (RVM) and Artificial Bee Colony (ABC) algorithm. From the reality of air defense operations, the air target threat index system is firstly constructed according to mathematical statistical analysis, and then ABC algorithm is used to optimize the parameters involved in the multi-kernel RVM to establish an air target threat assessment model. Simulation analysis shows that, the proposed method is a high-precision air target threat assessment method, and it is better than RVM method with single Gauss kernel or single Sigmoid kernel in all accuracy indices, thus confirming its effectiveness and feasibility.

Due to the rise of severe and acute infections called Coronavirus 19, contact tracing has become a critical subject in medical science. A system for automatically detecting diseases aids medical professionals in disease diagnosis to lessen the death rate of patients. To automatically diagnose COVID-19 from contact tracing, this research seeks to offer a deep learning technique based on integrating a Bayesian Network and K-anonymity. In this system, data classification is done using the Bayesian Network Model. For privacy concerns, the K-anonymity algorithm is utilized to prevent malicious users from accessing patients personal information. The dataset for this system consisted of 114 patients. The researchers proposed methods such as the Kanonymity model to remove personal information. The age group and occupations were replaced with more extensive categories such as age range and numbers of employed and unemployed. Further, the accuracy score for the Bayesian Network with kanonymity is 97.058\%, which is an exceptional accuracy score. On the other hand, the Bayesian Network without k-anonymity has an accuracy score of 97.1429\%. These two have a minimal percent difference, indicating that they are both excellent and accurate models. The system produced the desired results on the currently available dataset. The researchers can experiment with other approaches to address the problem statements in the future by utilizing other algorithms besides the Bayesian one, observing how they perform on the dataset, and testing the algorithm with undersampled data to evaluate how it performs. In addition, researchers should also gather more information from various sources to improve the sample size distribution and make the model sufficiently fair to generate accurate predictions.

Data anonymization is one of the most important directions in privacy-preserving. However, research shows that simple anonymization of data does not protect privacy. To solve this problem, we present a novel and effective algorithm named tree-based K-degree anonymity (TKDA). We devise a new anonymity sequence generation method to reduce the information loss for social graphs. Then, the dynamic anonymization process is implemented by a depth-first search (DFS) traversal algorithm. Finally, the graph modification algorithm based on the anonymous sequence can keep the original graph structure stable. Average Path Length (APL), Average Clustering Coefficient (ACC), and Transitivity (T) are employed to evaluate the method. Experimental results on several datasets show that TKDA is closer to the values of the original graphs on the correlated three experimental metrics, which indicates that TKDA portrays the real data in more detail and improves the utility of the released data.

The Internet as a whole is a large network of interconnected computer networks and their supporting infrastructure which is divided into 3 parts. The web is a list of websites that can be accessed using search engines like Google, Firefox, and others, this is called as Surface Web. The Internet’s layers stretch well beyond the surface material that many people can quickly reach in their everyday searches. The Deep Web material, which cannot be indexed by regular search engines like Google, is a subset of the internet. The Dark Web, which extends to the deepest reaches of the Deep Web, contains data that has been purposefully hidden. Tor may be used to access the dark web. Tor employs a network of volunteer devices to route users web traffic via a succession of other users computers, making it impossible to track it back to the source. We will analyze and include results about the Dark Web’s presence in various spheres of society in this paper. Further we take dive into about the Tor metrics how the relay list is revised after users are determined based on client requests for directories (using TOR metrics). Other way we can estimate the number of users in anonymous networks. This analysis discusses the purposes for which it is frequently used, with a focus on cybercrime, as well as how law enforcement plays the adversary position. The analysis discusses these secret Dark Web markets, what services they provide, and the events that take place there such as cybercrime, illegal money transfers, sensitive communication etc. Before knowing anything about Dark Web, how a rookie can make mistake of letting any threat or malware into his system. This problem can be tackled by knowing whether to use Windows, or any other OS, or any other service like VPN to enter Dark world. The paper also goes into the agenda of how much of illegal community is involved from India in these markets and what impact does COVID-19 had on Dark Web markets. Our analysis is carried out by searching scholarly journal databases for current literature. By acting as a reference guide and presenting a research agenda, it contributes to the field of the dark web in an efficient way. This paper is totally built for study purposes and precautionary measures for accessing Dark Web.

E-voting plays a vital role in guaranteeing and promoting social fairness and democracy. However, traditional e-voting schemes rely on a centralized organization, leading to a crisis of trust in the vote-counting results. In response to this problem, researchers have introduced blockchain to realize decentralized e-voting, but the adoption of blockchain also brings new issues in terms of flexibility, anonymity, and usability. To this end, in this paper, we propose WeVoting, which provides weightbased flexibility with solid anonymity and enhances usability by designing a voter-independent on-chain counting mechanism. Specifically, we use distributed ElGamal homomorphic encryption and zero-knowledge proof to achieve voting anonymity with weight. Besides, WeVoting develops a counter-based counting mechanism to enhance usability compared with those self-tallying schemes. By critically designing an honesty-and-activity-based incentive algorithm, WeVoting can guarantee a correct counting result even in the presence of malicious counters. Our security and performance analyses elaborate that WeVoting achieves high anonymity in weighed voting under the premise of meeting the basic security requirements of e-voting. And meanwhile, its counting mechanism is sufficient for practical demands with reasonable overheads.

According to the idea of zero trust, this paper proposed an anonymous identity authentication scheme based on hash functions and pseudo-random number generators, which effectively increased the anonymity and confidentiality when users use the mobile networks, and ensure the security of the server. This scheme first used single-packet authentication technology to realize the application stealth. Secondly, hash functions and pseudo-random number generators were used to replace public key cryptosystems and time synchronization systems, which improved system performance. Thirdly, different methods were set to save encrypted information on the user s mobile device and the server, which realized different forms of anonymous authentication and negotiates a secure session key. Through security analysis, function and performance comparison, the results showed that the scheme had better security, flexibility and practicality, while maintained good communication efficiency.

The development of science and technology has led to the construction of smart cities, and in this scenario, there are many applications that need to provide their real-time location information, which is very likely to cause the leakage of personal location privacy. To address this situation, this paper designs a location privacy protection scheme based on graph anonymity, which is based on the privacy protection idea of K-anonymity, and represents the spatial distribution among APs in the form of a graph model, using the method of finding clustered noisy fingerprint information in the graph model to ensure a similar performance to the real location fingerprint in the localization process, and thus will not be distinguished by the location providers. Experiments show that this scheme can improve the effectiveness of virtual locations and reduce the time cost using greedy strategy, which can effectively protect location privacy.

The paper presents a Tbps-class anonymity router that supports both an anonymity protocol and IP by leveraging a programmable switch. The key design issue is to place both the compute-intensive header decryption function for anonymity protocol forwarding and the memory-intensive IP forwarding function on the processing pipes of a switch with satisfying its hardware requirements. A prototype router on a programmable switch achieves Tbps-scale forwarding.

Anonymity systems are widely used nowadays to protect user identity, but there are various threats currently in the anonymity network, such as virtual private networks, onion routing, and proxy servers. This paper looked at the different anonymity networks that are already out there and proposed a new model to stay anonymous on the internet by using open source tools and methods. This eliminates the current threats. It works by creating a virtual instance on the cloud server and configuring it using open source technologies such as OpenVPN. This model uses elastic cloud computing technology running over existing technologies such as virtual private networks and onion routing. The framework is a new way to stay anonymous on the internet. It is made up of only open source technologies.

The infrastructure required for data storage and processing has become increasingly feasible, and hence, there has been a massive growth in the field of data acquisition and analysis. This acquired data is published, empowering organizations to make informed data-driven decisions based on previous trends. However, data publishing has led to the compromise of privacy as a result of the release of entity-specific information. PrivacyPreserving Data Publishing [1] can be accomplished by methods such as Data S wapping, Differential Privacy, and the likes of k-Anonymity. k-Anonymity is a well-established method used to protect the privacy of the data published. We propose a clustering-based novel algorithm named SAC or the S core, Arrange, and Cluster Algorithm to pre serve privacy based on k-Anonymity. This method outperforms existing methods such as the Mondrian Algorithm by K. LeFevre and the One-pass K-means Algorithm by Jun-Lin Lin from a data quality perspective. S AC can be used to overcome temporal attack across subsequent releases of published data. To measure data quality post anonymization we present a metric that takes into account the relative loss in the information, that occurs while generalizing attribute values.

State-of-the-art template reconstruction attacks assume that an adversary has access to a part or whole of the functionality of a target model. However, in a practical scenario, rigid protection of the target system prevents them from gaining knowledge of the target model. In this paper, we propose a novel template reconstruction attack method utilizing a feature converter. The feature converter enables an adversary to reconstruct an image from a corresponding compromised template without knowledge about the target model. The proposed method was evaluated with qualitative and quantitative measures. We achieved the Successful Attack Rate(SAR) of 0.90 on Labeled Faces in the Wild Dataset(LFW) with compromised templates of only 1280 identities.

Satellite technologies are used for both civil and military purposes in the modern world, and typical applications include Communication, Navigation and Surveillance (CNS) services, which have a direct impact several economic, social and environmental protection activity. The increasing reliance on satellite services for safety-of-life and mission-critical applications (e.g., transport, defense and public safety services) creates a severe, although often overlooked, security problem, particularly when it comes to cyber threats. Like other increasingly digitized services, satellites and space platforms are vulnerable to cyberattacks. Thus, the existence of cybersecurity flaws may pose major threats to space-based assets and associated key infrastructure on the ground. These dangers could obstruct global economic progress and, by implication, international security if they are not properly addressed. Mega-constellations make protecting space infrastructure from cyberattacks much more difficult. This emphasizes the importance of defensive cyber countermeasures to minimize interruptions and ensure efficient and reliable contributions to critical infrastructure operations. Very importantly, space systems are inherently complex Cyber-Physical System (CPS) architectures, where communication, control and computing processes are tightly interleaved, and associated hardware/software components are seamlessly integrated. This represents a new challenge as many known physical threats (e.g., conventional electronic warfare measures) can now manifest their effects in cyberspace and, vice-versa, some cyber-threats can have detrimental effects in the physical domain. The concept of cyberspace underlies nearly every aspect of modern society s critical activities and relies heavily on critical infrastructure for economic advancement, public safety and national security. Many governments have expressed the desire to make a substantial contribution to secure cyberspace and are focusing on different aspects of the evolving industrial ecosystem, largely under the impulse of digital transformation and sustainable development goals. The level of cybersecurity attained in this framework is the sum of all national and international activities implemented to protect all actions in the cyber-physical ecosystem. This paper focuses on cybersecurity threats and vulnerabilities in various segments of space CPS architectures. More specifically, the paper identifies the applicable cyber threat mechanisms, conceivable threat actors and the associated space business implications. It also presents metrics and strategies for countering cyber threats and facilitating space mission assurance.

Recommender systems are powerful tools which touch on numerous aspects of everyday life, from shopping to consuming content, and beyond. However, as other machine learning models, recommender system models are vulnerable to adversarial attacks and their performance could drop significantly with a slight modification of the input data. Most of the studies in the area of adversarial machine learning are focused on the image and vision domain. There are very few work that study adversarial attacks on recommender systems and even fewer work that study ways to make the recommender systems robust and reliable. In this study, we explore two stateof-the-art adversarial attack methods proposed by Tang et al. [1] and Christakopoulou et al. [2] and we report our proposed defenses and experimental evaluations against these attacks. In particular, we observe that low-rank reconstructions and/or transformation of the attacked data has a significant alleviating effect on the attack, and we present extensive experimental evidence to demonstrate the effectiveness of this approach. We also show that a simple classifier is able to learn to detect fake users from real users and can successfully discard them from the dataset. This observation elaborates the fact that the threat model does not generate fake users that mimic the same behavior of real users and can be easily distinguished from real users’ behavior. We also examine how transforming latent factors of the matrix factorization model into a low-dimensional space impacts its performance. Furthermore, we combine fake users from both attacks to examine how our proposed defense is able to defend against multiple attacks at the same time. Local lowrank reconstruction was able to reduce the hit ratio of target items from 23.54\% to 15.69\% while the overall performance of the recommender system was preserved.

Probabilistic model checking is a useful technique for specifying and verifying properties of stochastic systems including randomized protocols and reinforcement learning models. However, these methods rely on the assumed structure and probabilities of certain system transitions. These assumptions may be incorrect, and may even be violated by an adversary who gains control of some system components.

With the increased commercialization of deep learning (DL) models, there is also a growing need to protect them from illicit usage. For cost- and ease of deployment reasons it is becoming increasingly common to run DL models on the hardware of third parties. Although there are some hardware mechanisms, such as Trusted Execution Environments (TEE), to protect sensitive data, their availability is still limited and not well suited to resource demanding tasks, like DL models, that benefit from hardware accelerators. In this work, we make model stealing more difficult, presenting a novel way to divide up a DL model, with the main part on normal infrastructure and a small part in a remote TEE, and train it using adversarial techniques. In initial experiments on image classification models for the Fashion MNIST and CIFAR 10 datasets, we observed that this obfuscation protection makes it significantly more difficult for an adversary to leverage the exposed model components.

Proactive approaches to security, such as adversary emulation, leverage information about threat actors and their techniques (Cyber Threat Intelligence, CTI). However, most CTI still comes in unstructured forms (i.e., natural language), such as incident reports and leaked documents. To support proactive security efforts, we present an experimental study on the automatic classification of unstructured CTI into attack techniques using machine learning (ML). We contribute with two new datasets for CTI analysis, and we evaluate several ML models, including both traditional and deep learning-based ones. We present several lessons learned about how ML can perform at this task, which classifiers perform best and under which conditions, which are the main causes of classification errors, and the challenges ahead for CTI analysis.

In recent days, security and privacy is becoming a challenge due to the rapid development of technology. In 2021, Khan et al. proposed an authentication and key agreement framework for smart grid network and claimed that the proposed protocol provides security against all well-known attacks. However, in this paper, we present the analysis and shows that the protocol proposed by Khan et al has failed to protect the secrecy of the shared session key between the user and service provider. An adversary can derive the session key (online) by intercepting the communicated messages under the Dolev-Yao threat model. We simulated Khan et al.’s protocol for formal security verification using Tamarin Prover and found a trace for deriving the temporary key. It is used to encrypt the login request that includes the user’s secret credentials. Hence, it also fails to preserve the privacy of the user’s credentials, and therefore any adversary can impersonate the user. As a result, the protocol proposed by Khan et al. is not suitable for practical applications.

Security evaluation can be performed using a variety of analysis methods, such as attack trees, attack graphs, threat propagation models, stochastic Petri nets, and so on. These methods analyze the effect of attacks on the system, and estimate security attributes from different perspectives. However, they require information from experts in the application domain for properly capturing the key elements of an attack scenario: i) the attack paths a system could be subject to, and ii) the different characteristics of the possible adversaries. For this reason, some recent works focused on the generation of low-level security models from a high-level description of the system, hiding the technical details from the modeler.