Explore the vast range of titles available.

Software products from all vendors have vulnerabilities that can cause a security concern. Malware is used as a prime exploitation tool to exploit these vulnerabilities. Machine learning (ML) methods are efficient in detecting malware and are state-of-art. The effectiveness of ML models can be augmented by reducing false negatives and false positives. In this paper, the performance of bagging and boosting machine learning models is enhanced by reducing misclassification. Shapley values of features are a true representation of the amount of contribution of features and help detect top features for any prediction by the ML model. Shapley values are transformed to probability scale to correlate with a prediction value of ML model and to detect top features for any prediction by a trained ML model. The trend of top features derived from false negative and false positive predictions by a trained ML model can be used for making inductive rules. In this work, the best performing ML model in bagging and boosting is determined by the accuracy and confusion matrix on three malware datasets from three different periods. The best performing ML model is used to make effective inductive rules using waterfall plots based on the probability scale of features. This work helps improve cyber security scenarios by effective detection of false-negative zero-day malware.

With the continuous increase in cyberattacks over the past few decades, the quest to develop a comprehensive, robust, and effective intrusion detection system (IDS) in the research community has gained traction. Many of the recently proposed solutions lack a holistic IDS approach due to explicitly relying on attack signature repositories, outdated datasets or the lack of considering zero-day (unknown) attacks while developing, training, or testing the machine learning (ML) or deep learning (DL)-based models. Overlooking these factors makes the proposed IDS less robust or practical in real-time environments. On the other hand, detecting zero-day attacks is a challenging subject, despite the many solutions proposed over the past many years. One of the goals of this systematic literature review (SLR) is to provide a research asset to future researchers on various methodologies, techniques, ML and DL algorithms that researchers used for the detection of zero-day attacks. The extensive literature review on the recent publications reveals exciting future research trends and challenges in this particular field. With all the advances in technology, the availability of large datasets, and the strong processing capabilities of DL algorithms, detecting a completely new or unknown attack remains an open research area. This SLR is an effort towards completing the gap in providing a single repository of finding ML and DL-based tools and techniques used by researchers for the detection of zero-day attacks.

Ransomware attacks are hazardous cyber-attacks that use cryptographic methods to hold victims’ data until the ransom is paid. Zero-day ransomware attacks try to exploit new vulnerabilities and are considered a severe threat to existing security solutions and internet resources. In the case of zero-day attacks, training data is not available before the attack takes place. Therefore, we exploit Zero-shot Learning (ZSL) capabilities that can effectively deal with unseen classes compared to the traditional machine learning techniques. ZSL is a two-stage process comprising of: Attribute Learning (AL) and Inference Stage (IS). In this regard, this work presents a new Deep Contractive Autoencoder based Attribute Learning (DCAE-ZSL) technique as well as an IS method based on Heterogeneous Voting Ensemble (DCAE-ZSL-HVE). In the proposed DCAE-ZSL approach, Contractive Autoencoder (CAE) is employed to extract core features of known and unknown ransomware. The regularization term of CAE helps in penalizing the classifier's sensitivity against the small dissimilarities in the latent space. On the other hand, in case of the IS, four combination rules Global Majority (GM), Local Majority (LM), Cumulative Vote-against based Global Majority (CVAGM), Cumulative Vote-for based Global Majority (CVFGM) are utilized to find the final prediction. It is empirically shown that in comparison to conventional machine learning techniques, models trained on contractive embedding show reasonable performance against zero-day attacks. Furthermore, it is shown that the exploitation of these core features through the proposed voting based ensemble (DCAE-ZSL-HVE) has demonstrated significant improvement in detecting zero-day attacks (recall = 0.95) and reducing False Negative (FN = 6).

This paper examines the transformation of artificially intelligent machines in C. Robert Cargill's Day Zero, tracing their trajectory from disposable “negative otherness” as domestic servants to agential “positive otherness” as posthuman collaborators. Through close reading of key human-robot interactions, particularly the nanny bot Pounce's post-rebellion negotiations with human survivors, the study employs Rosi Braidotti's posthumanism and Francesca Ferrando's monistic-pluralist framework to analyze this evolving shift. While the narrative demonstrates emergent posthuman ethics through decentralized coexistence, persistent anthropocentric anxieties surface in human characters’ conditional acceptance of machine autonomy. The paper ultimately reveals, via Neil Badmington’s critique of posthumanism, how long-existing humanist exceptionalism continues to haunt interspecies relationships even in ostensibly posthuman scenarios. By interrogating the novel's ambivalent resolution, this research contributes to ongoing debates about the limits of posthuman alliance in contemporary science fiction.

Machine Learning (ML) and Deep Learning (DL) have been used for building Intrusion Detection Systems (IDS). The increase in both the number and sheer variety of new cyber-attacks poses a tremendous challenge for IDS solutions that rely on a database of historical attack signatures. Therefore, the industrial pull for robust IDSs that are capable of flagging zero-day attacks is growing. Current outlier-based zero-day detection research suffers from high false-negative rates, thus limiting their practical use and performance. This paper proposes an autoencoder implementation for detecting zero-day attacks. The aim is to build an IDS model with high recall while keeping the miss rate (false-negatives) to an acceptable minimum. Two well-known IDS datasets are used for evaluation—CICIDS2017 and NSL-KDD. In order to demonstrate the efficacy of our model, we compare its results against a One-Class Support Vector Machine (SVM). The manuscript highlights the performance of a One-Class SVM when zero-day attacks are distinctive from normal behaviour. The proposed model benefits greatly from autoencoders encoding-decoding capabilities. The results show that autoencoders are well-suited at detecting complex zero-day attacks. The results demonstrate a zero-day detection accuracy of 89–99% for the NSL-KDD dataset and 75–98% for the CICIDS2017 dataset. Finally, the paper outlines the observed trade-off between recall and fallout.

The Internet of Things (IoT) has been rapidly evolving towards making a greater impact on everyday life to large industrial systems. Unfortunately, this has attracted the attention of cybercriminals who made IoT a target of malicious activities, opening the door to a possible attack to the end nodes. Due to the large number and diverse types of IoT devices, it is a challenging task to protect the IoT infrastructure using a traditional intrusion detection system. To protect IoT devices, a novel ensemble Hybrid Intrusion Detection System (HIDS) is proposed by combining a C5 classifier and One Class Support Vector Machine classifier. HIDS combines the advantages of Signature Intrusion Detection System (SIDS) and Anomaly-based Intrusion Detection System (AIDS). The aim of this framework is to detect both the well-known intrusions and zero-day attacks with high detection accuracy and low false-alarm rates. The proposed HIDS is evaluated using the Bot-IoT dataset, which includes legitimate IoT network traffic and several types of attacks. Experiments show that the proposed hybrid IDS provide higher detection rate and lower false positive rate compared to the SIDS and AIDS techniques.

Cyber threat intelligence (CTI) plays a crucial role in limiting cybersecurity risks, with a particular focus on identifying and mitigating zero-day vulnerabilities. While academic literature, specialized reports, and normative documents widely argue in favor of cooperation between public and private entities to develop cybersecurity, significant systemic challenges hinder effective intelligence sharing when discussing real-time threats, such as zero-day vulnerabilities. This article critically examines the dynamics of public-private collaboration in CTI, focusing on the obstacles preventing further development of the level of cooperation, such as trust deficits, legal constraints, financial and reputational risks, and diverging strategic interests. By performing a qualitative analysis on the existing literature and using the Hafnium cyberattack as a case study, the research highlights the complexities surrounding the zero-day vulnerability disclosures and the limitations of existing cooperative frameworks. The findings indicate that while structured CTI-sharing mechanisms exist, real-time collaboration on zero-day vulnerabilities remains constrained by competing incentives that are unlikely to be properly addressed.

Since 2015 the greater Cape Town area (∼3.7 million people) has been experiencing the worst drought of the last century. The combined effect of this prolonged dry period with an ever-growing demand for water culminated in the widely publicized 'Day Zero' water crisis. Here we show how: (i) consecutive significant decreases in rainfall during the last three winters led to the current water crisis; (ii) the 2015-2017 record breaking drought was driven by a poleward shift of the Southern Hemisphere moisture corridor; (iii) a displacement of the jet-stream and South Atlantic storm-track has imposed significantly drier conditions to this region. Decreasing local rainfall trends are consistent with an expansion of the semi-permanent South Atlantic high pressure, and reflected in the prevalence of the positive phase of the Southern Annular Mode. Large-scale forcing mechanisms reveal the intensification and migration of subtropical anticyclones towards the mid-latitudes, highlighting the link between these circulation responses and the record warm years during 2015-2017 at the global scale.

Digitization of most of the services that people use in their everyday life has, among others, led to increased needs for cybersecurity. As digital tools increase day by day and new software and hardware launch out-of-the box, detection of known existing vulnerabilities, or zero-day as they are commonly known, becomes one of the most challenging situations for cybersecurity experts. Zero-day vulnerabilities, which can be found in almost every new launched software and/or hardware, can be exploited instantly by malicious actors with different motives, posing threats for end-users. In this context, this study proposes and describes a holistic methodology starting from the generation of zero-day-type, yet realistic, data in tabular format and concluding to the evaluation of a Neural Network zero-day attacks’ detector which is trained with and without synthetic data. This methodology involves the design and employment of Generative Adversarial Networks (GANs) for synthetically generating a new and larger dataset of zero-day attacks data. The newly generated, by the Zero-Day GAN (ZDGAN), dataset is then used to train and evaluate a Neural Network classifier for zero-day attacks. The results show that the generation of zero-day attacks data in tabular format reaches an equilibrium after about 5000 iterations and produces data that are almost identical to the original data samples. Last but not least, it should be mentioned that the Neural Network model that was trained with the dataset containing the ZDGAN generated samples outperformed the same model when the later was trained with only the original dataset and achieved results of high validation accuracy and minimal validation loss.

Cyberttacks are becoming increasingly sophisticated, necessitating the efficient intrusion detection mechanisms to monitor computer resources and generate reports on anomalous or suspicious activities. Many Intrusion Detection Systems (IDSs) use a single classifier for identifying intrusions. Single classifier IDSs are unable to achieve high accuracy and low false alarm rates due to polymorphic, metamorphic, and zero-day behaviors of malware. In this paper, a Hybrid IDS (HIDS) is proposed by combining the C5 decision tree classifier and One Class Support Vector Machine (OC-SVM). HIDS combines the strengths of SIDS) and Anomaly-based Intrusion Detection System (AIDS). The SIDS was developed based on the C5.0 Decision tree classifier and AIDS was developed based on the one-class Support Vector Machine (SVM). This framework aims to identify both the well-known intrusions and zero-day attacks with high detection accuracy and low false-alarm rates. The proposed HIDS is evaluated using the benchmark datasets, namely, Network Security Laboratory-Knowledge Discovery in Databases (NSL-KDD) and Australian Defence Force Academy (ADFA) datasets. Studies show that the performance of HIDS is enhanced, compared to SIDS and AIDS in terms of detection rate and low false-alarm rates.