Explore the vast range of titles available.

With the rapid advancement of network technologies, cyberthreats have become increasingly sophisticated, posing significant challenges to traditional intrusion detection systems. Conventional machine learning and deep learning approaches frequently experience performance degradation when confronted with imbalanced datasets and novel attack vectors. To address these limitations, this study proposes a deep learning-based intrusion detection framework that employs feature fusion through incremental transfer learning between source and target domains. The proposed architecture integrates convolutional neural networks (CNNs) with an attention mechanism to extract and aggregate salient features, thereby enhancing the model’s discriminative capacity between normal traffic and various network attack categories. Experimental results demonstrate that the proposed model achieves a detection accuracy of 94.21% even when trained on only 33% of the available data, outperforming conventional models. These findings underscore the effectiveness of the proposed feature fusion strategy via transfer learning in improving detection capabilities within dynamic and evolving cyberthreat environments.

Anomaly detection involves identifying data that deviates from normal patterns. Two primary strategies are used: one-class classification and binary classification. In Industrial Control Systems (ICS), where anomalies can cause significant damage, timely and accurate detection is essential, often requiring analysis of time-series data. One-class classification is commonly used but tends to have a high false alarm rate. To address this, binary classification is explored, which can better differentiate between normal and anomalous data, though it struggles with class imbalance in ICS datasets. This paper proposes a mutation-based technique for generating ICS time-series anomalies. The method maps ICS time-series data into a latent space using a variational recurrent autoencoder, applies mutation operations, and reconstructs the time-series, introducing plausible anomalies that reflect multivariate correlations. Evaluations of ICS datasets show that these synthetic anomalies are visually and statistically credible. Training a binary classifier on data augmented with these anomalies effectively mitigates the class imbalance problem.

We propose a novel dynamic host mutation (DHM) architecture based on moving target defense (MTD) that can actively cope with cyberattacks. The goal of the DHM is to break the cyber kill chain, expand the attack surface to increase the attacker’s target analysis cost, and disrupt the attacker’s fingerprinting to disable the server trace. We define the participating entities that share the MTD policy within the enterprise network or the critical infrastructure, and define functional modules of each entity for DHM enforcement. The threat model of this study is an insider threat of a type not considered in previous studies. We define an attack model considering an insider threat and propose a decoy injection mechanism to confuse the attacker. In addition, we analyze the security of the proposed structure and mechanism based on the security requirements and propose a trade-off considering security and availability.

Internet of Things (IoT) brings telemedicine a new chance. This enables the specialist to consult the patient’s condition despite the fact that they are in different places. Medical image segmentation is needed for analysis, storage, and protection of medical image in telemedicine. Therefore, a variety of methods have been researched for fast and accurate medical image segmentation. Performing segmentation in various organs, the accurate judgment of the region is needed in medical image. However, the removal of region occurs by the lack of information to determine the region in a small region. In this paper, we researched how to reconstruct segmentation region in a small region in order to improve the segmentation results. We generated predicted segmentation of slices using volume data with linear equation and proposed improvement method for small regions using the predicted segmentation. In order to verify the performance of the proposed method, lung region by chest CT images was segmented. As a result of experiments, volume data segmentation accuracy rose from 0.978 to 0.981 and from 0.281 to 0.187 with a standard deviation improvement confirmed.

With the expansion of the Cyber-Physical System (CPS) concept, smartphones have come to constitute a competitive platform that connects humans and the surrounding physical world. Along with the communication functions and mobility of cellular phones, smartphones have various sensors in addition to greatly enhanced performances and storage space compared with existing cellular phones. However the “unlock” process of smartphones and the need for user passwords when accessing SNSs prove to be great weaknesses in smartphone security. Therefore, smartphone security should be enhanced through biometrics, which can make up for the shortcomings of passwords. The present study proposes minutiae-ridge based fingerprint verification for enhancing the security of fingerprint verification, a biometrics, to improve smartphone security. To evaluate the proposed minutiae-ridge based fingerprint verification performance in smartphones, its performance was compared with existing fingerprint verification methods in terms of Equal Error Rate (EER), False Non-Match Rate (FNMR), and required number of cycles. The results show that although the required number of cycles increased by 1.5% with the proposed method, EER and FNMR improved by 53% and 92%, respectively.

Machine learning classifiers are currently the state of the art for spammer detection tasks in SNSs. Note, however, that these classifiers fail to detect adaptive spammers that dynamically change their spamming strategies or behaviors and attempt to pose as legitimate users. In this paper, we propose an efficient spammer detection system (which we call MTD-Spamguard) wherein the notion of MTD is applied to increase the robustness of well-known machine learning classifiers against the adaptive spammers in SNSs. The system introduces a new method of MTD wherein the concept of differential immunity of different classifiers is employed to detect the spammers. To classify a single user in the test dataset, we pick one of the appropriate trained classifiers from multiple classifiers and then use its classification output. To choose the appropriate classifier, we design an effective classifier switching strategy by formulating the interaction of users (normal users and spammers) and detector (which hosts the machine learning classifier) as a repeated Bayesian Stackelberg game. The classifier switching strategy provides strong Stackelberg equilibrium between users and detector, maximizing the accuracy of classification and reducing the misclassification of spammers. The system achieves 30% gain in classification accuracy over the Facebook dataset (constructed in our recent work).

As VLSI technology has been improved, a smart card employing 32-bit processors has been released, and more personal information such as medical, financial data can be stored in the card. Thus, it becomes important to protect personal information stored in the card. Verification of the card holder's identity using a fingerprint has advantages over the present practices of Personal Identification Numbers (PINs) and passwords. However, the computational workload of fingerprint verification is much heavier than that of the typical PIN-based solution. In this paper, we consider three strategies to implement fingerprint verification in a smart card environment and how to distribute the modules of fingerprint verification between the smart card and the card reader. We first evaluate the number of instructions of each step of a typical fingerprint verification algorithm, and estimate the execution time of several cryptographic algorithms to guarantee the security/privacy of the fingerprint data transmitted in the smart card with the client-server environment. Based on the evaluation results, we analyze each scenario with respect to the security level and the real-time execution requirements in order to implement fingerprint verification in the smart card with the client-server environment.

Advanced persistent threats (APTs) are target-oriented and advanced cyber-attacks which often leverage the bot control and customized malware techniques in order to control and remotely access valuable information. APTs generally use various attack techniques to gain access to the unauthorized system and then progressively spread throughout the network. The prime objectives of APT attacks are to steal intellectual property, legal documents, sensitive internal business and other data. If an attack is successfully launched on a system, the timely detection of attack is extremely important to stop APTs from further spreading and for mitigating its impact. On the other hand, internet of things (IoT) devices quickly become ubiquitous while IoT services become pervasive. Their prosperity has not gone unnoticed, and the number of attacks and threats against IoT devices and services are also increasing. Cyber-attacks are not new to IoT, but as the IoT will be deeply intertwined in our societies and lives, it becomes essential to take cyber defense seriously. In this paper, we propose a novel distributed framework architecture for the detection of APTs named as distributed framework architecture for APTs detection (DFA-AD), which is a promising basis for modern intrusion detection systems. In contrast to other approaches, the DFA-AD technique for detecting APT attack is based on multiple parallel classifiers, which classify the events in a distributed environment and event correlation among those events. Each classifier method is focused on detecting the APT’s attack technique independently. The evaluation results show that the proposed approach achieves greater effectiveness and accuracy.

Recently, with the discovery of various security threats, diversification of hacking attacks, and changes in the network environment such as the Internet of Things, security threats on the network are increasing. Attack graph is being actively studied to cope with the recent increase in cyber threats. However, the conventional attack graph generation method is costly and time-consuming. In this paper, we propose a cheap and simple method for generating the attack graph. The proposed approach consists of learning and generating stages. First, it learns how to generate an attack path from the attack graph, which is created based on the vulnerability database, using machine learning and deep learning. Second, it generates the attack graph using network topology and system information with a machine learning model that is trained with the attack graph generated from the vulnerability database. We construct the dataset for attack graph generation with topological and system information. The attack graph generation problem is recast as a multi-output learning and binary classification problem. It shows attack path detection accuracy of 89.52% in the multi-output learning approach and 80.68% in the binary classification approach using the in-house dataset, respectively.

Here we report on the issue of Advanced Persistent Threats (APT), which use malware for the purpose of leaking the data of large corporations and government agencies. APT attacks target systems continuously by utilizing intelligent and complex technologies. To overthrow the elaborate security network of target systems, it conducts an attack after undergoing a pre-reconnaissance phase. An APT attack causes financial loss, information leakage, etc. They can easily bypass the antivirus system of a target system. In this paper, we propose a Multi-Layer Defense System (MLDS) that can defend against APT. This system applies a reinforced defense system by collecting and analyzing log information and various information from devices, by installing the agent on the network appliance, server and end-user. It also discusses how to detect an APT attack when one cannot block the initial intrusion while continuing to conduct other activities. Thus, this system is able to minimize the possibility of initial intrusion and damages of the system by promptly responding through rapid detection of an attack when the target system is attacked.