Narrow Results

Network security situational awareness is gaining increasing attention due to its capability to globally and dynamically detect potential network security risks. However, traditional security situational awareness models often exhibit poor classification performance, resulting in lower-than-expected acceleration and scalability ratios. In this paper, we propose a novel security situational awareness approach for wireless communication networks based on a decision tree model. First, reconfigure the category division module to categorize the attack data into four different types. Then, using time windows to segment the data flow between the network and the host promotes the design of effective security event detection mechanisms in the model. Finally, a comprehensive network security situational awareness model was constructed at the joint level using decision tree algorithm. The experimental results show that the proposed method can significantly improve the acceleration ratio, and the space occupancy ratio can reach 80, indicating that the proposed method can have a high level of processing capability and accurate perception in network security situations, providing a guarantee for the security of wireless communication networks.

The rapid advancement and integration of renewable energy systems (RES) such as solar, wind, and hydropower have intensified the need for robust network security solutions to protect against emerging cyber vulnerabilities. These systems are increasingly interconnected with digital grids and IoT devices, heightening their exposure to cyber threats that, if exploited, could disrupt energy supply and lead to severe socio-economic repercussions. This paper proposes an artificial intelligence (AI)-driven approach to enhance network security specifically for renewable energy (RE) infrastructures, targeting vulnerabilities that affect data integrity and operational stability. This research introduces an Adaptive Spider Wasp optimizer-mutated Extreme Gradient Boosting (ASW-XGBoost) model as a novel solution designed to improve detection accuracy and enhance resilience across diverse RE networks. The proposed method initiates the creation of a dataset representative of both power system behaviors and potential cyber-attacks, pre-processed using a normalization algorithm to improve data quality. Feature extraction leverages a scalable approach to identify critical indicators unique to RE environments. The ASW-XGBoost model combines the optimization advantages of adaptive spider wasp algorithms with the classification robustness of XGBoost, allowing precise identification of attack signatures even within fluctuating renewable power outputs. Performance evaluations, conducted in simulated power networks with high renewable penetration, demonstrate that ASW-XGBoost surpasses conventional methods in both detection rate and operational efficiency. The findings underscore the model’s capacity to adapt to dynamic, renewable-intensive environments, offering a more responsive solution to evolving cyber threats. This paper concludes with a discussion on the implications of AI-enhanced security protocols for the RE sector, highlighting ASW-XGBoost’s potential as a foundation for further research and application in sustainable energy cybersecurity.

With the rapid development of the Internet, network user behavior data shows explosive growth. How to accurately identify abnormal users from massive data is of great significance for maintaining network security and preventing network crimes. This study first comprehensively collected multimodal data from users, including text data, behavioral data and possible image data. These data form the foundation of the research and provide rich materials for subsequent feature extraction and model construction. In the feature extraction stage, we adopted different processing methods for data of different modalities. For text data, natural language processing techniques are used to extract features such as keywords and emotional tendencies. Mining patterns and anomalies in user behavior through statistical analysis, time series analysis and other methods for behavioral data. By using computer vision technology to extract image features from image data, these features collectively constitute a multimodal feature set of user behavior. The experimental results show that the anomaly network user detection method based on multimodal data fusion and hybrid neural networks (HNN) has high accuracy and robustness. Compared with single modal data or traditional detection methods, this method shows significant advantages in identifying abnormal users. In addition, this method can provide rich user behavior characteristic information, which provides strong support for network security analysis.

With the advent and worldwide development of Internet, the study and control of malware spreading has become very important. In this sense, some mathematical models to simulate malware propagation have been proposed in the scientific literature, and usually they are based on differential equations exploiting the similarities with mathematical epidemiology. The great majority of these models study the behavior of a particular type of malware called computer worms; indeed, to the best of our knowledge, no model has been proposed to simulate the spreading of a computer virus (the traditional type of malware which differs from computer worms in several aspects). In this sense, the purpose of this work is to introduce a new mathematical model not based on continuous mathematics tools but on discrete ones, to analyze and study the epidemic behavior of computer virus. Specifically, cellular automata are used in order to design such model.

Maintaining computer network security has long been an essential component of computer administration. Network security has become essential to companies’ safety and steady development in real-time implementation for diverse physical domains employing computers. Establishing a specific physical domain has consistently included a priority job of improving the safety of computer systems management. Study results on the practical implementation of machine intelligence in network security maintenance. Specifically, this paper examines and offers security management techniques for computer network data protection to establish an all-encompassing security shield for networked computers, with the ultimate goal of improving the safety and reliability of the net-worked computers used in commercial settings. Furthermore, the comprehensive research analysis determines an architectural model for machine intelligence-based network security maintenance (MI-NSM), implying an intrusion detection scheme with a novel neural network system. Labelling important properties of objects or data points and searching for commonalities allows the auto-mobile’s AI to distinguish between a human, the street, another car, and the sky. The simulation evaluation is performed using the NS2 simulator and observes the security maintenance efficiency over the current security solutions.

In the past decade, ontology has been actively researched in various domains. The different ontological tasks range from simple language modeling in the linguistic domain, to semantic integration in the semantic web, and recently to application-specific tasks such as financial fraud management. We follow the trend and attempt to tackle some of the ontological problems in security management. The most complicated problem out of all is the semantic interoperability problem that is evident in the existence of various types of security elements such as IDS, firewall and virus scanner. Another problem is related to the semantic modeling tasks required for autonomous and intelligent reasoning. Semantic modeling of security events is essential for automatic and intelligent event correlation tasks that analyze semantically the different sources of security information to more accurately present the holistic network security status. We present in this paper a novel and formal ontology mapping approach and security ontology for the supporting and possibly resolution of these problems.

Based on the analysis of the self-similarity of network traffic, a network anomaly detection technology is proposed by combining with the fuzzy logic so as to explore the fractal characteristics of network traffic. The concepts of network traffic and network security are introduced. Then, a network traffic model of network traffic is proposed based on the fractal theory and wavelet analysis. Finally, a distributed denial of service (DDoS) that attacks the monitoring and intensity judgment method is put forward based on the fuzzy logic theory. The results show that the autocorrelation function of the multifractal wavelet model constructed based on the local Hurst exponent (LHE) can reach a mean square error (MSE) of $4.762\times 10^{-4}$, which proves that the network traffic model proposed can reduce the impact of the non-stationary characteristics of the network traffic on the modeling accuracy. The network security detection method proposed can monitor the DDoS attacks and can accurately judge the attack intensity in real time. The research in this study provides an important reference for the scientific operation of the network.

The purposes are to accurately perceive the network security situations and predict the development trend and effectively defend against network attacks during the operation of the Internet. The Long Short-Term Memory (LSTM) network is adopted as the subject of the network security situation awareness and prediction model. Moreover, it is optimized by the Genetic Algorithm (GA) to improve its global search capability. Then, a Fractal Neural Network (FNN) is constructed in combination with fractal theory, which is utilized in network security situation awareness to avoid the exploding or vanishing gradient problems. The KDD CUP 99 standard dataset is applied to verify the performance of the proposed GA-LSTM FNN; results demonstrate that its accuracy of network security situation awareness can reach 90.22%. The experimental results confirm that using the fractal difference function as the activation function can deliver the gradient variation in a balanced and stable manner. Besides, it can improve the feasibility and effectiveness of the neural network structure for network security situation awareness and prediction. The FNN studied is of practical significance for assessing the current network security situation and predicting its evolution trend, providing a reference for protecting the operation of the Internet from network attacks.

With networks increasingly moving into virtually every aspect of our daily life, security is gaining importance, not only from the traditional perspective of communication but the network's growing role in modern automation and control. The traditional, certification based approach attempts to guarantee the security of a network through certification. Certified networks are generally confined to a limited domain and, as a result, they are isolated, costly, and under-utilized. In contrast, this paper presents a new principle – user-level, security-on-demand system, wherein the network allocates, where possible, the security resources commensurate with the user's request for transporting message(s) through the network securely. This principle is successfully demonstrated for the current Asynchronous Transfer Mode (ATM) networks, and is the result of an integration of the fundamental framework for network security, recently proposed by the authors in the literature, with the unique characteristics of ATM networks. The framework encapsulates the fundamental knowledge and set of relationships in network security and permits scientific and systematic reasoning about network security. It also enables all user groups – military, government, industry, and academia, to define their security requirements in a uniform manner. The security-on-demand approach promises the development of a "mixed use" class of networks in the future that may be simultaneously shared by different groups of users, with the system sustaining the diverse security requirements of each user. A unique characteristic in ATM network design is the dynamic call setup process. Under it, a network first establishes a virtual path or route for a user's call, guided by the user's requirements, and then transports the messages when a route has been successfully determined. This unique ATM characteristic is integrated with the framework to yield a successful demonstration of the proposed, user-level, security-on-demand approach. Utilizing the security framework as the foundation, every element of the network – node and link, is characterized by a security matrix that reflects its security resources. Every user is permitted to specify the security requirement for the call through a matrix, which expresses the limits of the security resources that the traffic cells must encounter during their transport through the network. Thus, during the dynamic establishment of the virtual path, every node and link is examined to ensure that the user-specified security is met, in addition to bandwidth and other Quality of Service (QoS) requirements. Traffic is launched when the call setup succeeds, otherwise, the call fails. Like all networks, the ATM network inherently consists of geographically dispersed entities and, as a result, the resource allocation strategy is necessarily distributed. Furthermore, as the network operation progresses, the resource availability scene changes dynamically. This paper proposes a unique function that reduces the key network resource parameters at a node to a single value, termed Node Status Indicator (NSI). The NSI value is computed dynamically at every node and disseminated across the network to be utilized by a node to refine its determination of a virtual path for a user call. The aim of the NSI is to improve the resource utilization in the network. The proposed approach is modeled for a large-scale, representative, 40-node ATM network. Utilizing stochastic input traffic that is synthesized to reflect realistic operating conditions, the model is simulated extensively on a testbed of 35+ Pentium workstations, under Linux, configured as a loosely-coupled parallel processor, utilizing an accurate, asynchronous, distributed simulator. The simulator implements the key characteristics of the ATM Forum proposed P-NNI 1.0 and UNI 3.0 standards. While the simulation results reflect a successful realization of the proposed approach, analysis reveals minimal impact of incorporating security on ATM network performance, as measured through call success rates and call setup times. In contrast, the tradition has been to incorporate security into large-scale systems and networks as an afterthought, i.e. adding hardware and software devices after the design has been completed, resulting in performance degradation. Also, while the use of NSI is observed to yield slightly lower average call setup rates and slightly higher average call setup times, a careful analysis of the trace of the calls as they progress through the system, reveals that, in general, calls are dispersed throughout the network, seeking to utilize all available resources of the network more evenly.

The design of the IP protocol makes it difficult to reliably identify the originator of an IP packet, causing the defense against Distributed Denial of Service attacks to become one of the hardest problems on the Internet today. Previous solutions for this problem try to traceback to the exact origin of the attack by requiring every router's participation. For many reasons this requirement is impractical and the victim results with an approximate location of the attacker. Reconstruction of the whole path is also very difficult due to the sheer size of the Internet. This paper presents lightweight schemes for tracing back to the attack-originating AS instead to the exact origin itself. Once the attack-originating AS is determined, all further routers in the path to the attacker are within that AS and under the control of a single entity; which can presumably monitor local traffic in a more direct way than a generalized, Internet scale, packet marking scheme can. We furthermore, provide a scheme to prevent compromised routers from forging markings.

With a steady increase in the population of Internet users, a plethora of network services have emerged on the global level. As an offshoot of this phenomenal rise in network services and their capabilities riding on the wave of internet, we are witnessing a massive risk of attacks on network security. Many security vulnerabilities are exposed and exploited by attackers, endangering the safety of massive amounts of data. To improve a network’s effectiveness, it’s critical to detect network traffic anomalies accurately and quickly. A new hybrid model that effectively detects anomalies in network services is proposed in this work. The genetic phase and NN phase represent the 2-phased approach making each one dependent on the other for weight assignment and prediction. The genetic phase generates optimal weights for classification of normal and anomaly patterns. The NN phase learns the input output relationship of network patterns employing GA in the training phase. Detection is accomplished using trained NN and it utilizes pre-processed KDD dataset containing normal and abnormal samples for training. The outcomes demonstrated that the suggested approach outperforms all other algorithms.

For the accuracy of network security management, an ISM-based analysis method on the influencing factors of network security situation (NSS) is proposed. The 17 factors of NSS were constructed first, the ISM of NSS influencing factors was established, and Matlab2019 was used for simulation. The results showed that the offensive and defensive game factors, such as attack method, attack tool, attack path, and defense strategy, are the direct influencing factors of NSS; the internal environmental factors such as operating system, application service, network bandwidth, network security device, user security awareness, and network topology are the necessary influencing factors; the external environmental factors such as legal environment, institutional environment, technical environment and business importance (economic environment) are the indirect influencing factors; the vulnerability factors such as asset value, vulnerability and open port are the fundamental influencing factors. The corresponding advice for management was put forward at the end of the paper.

In this paper we introduce and develop a framework for visual data-hiding technologies that aim at resolving emerging problems of modern multimedia networking. First, we introduce the main open issues of public network security, quality of services control and secure communications. Secondly, we formulate digital data-hiding into visual content as communications with side information and advocate an appropriate information-theoretic framework for the analysis of different data-hiding methods in various applications. In particular, Gel'fand-Pinsker channel coding with side information at the encoder and Wyner-Ziv source coding with side information at the decoder are used for this purpose. Finally, we demonstrate the possible extensions of this theory for watermark-assisted multimedia processing and indicate its perspectives for distributed communications.

Cybersecurity has received greater attention in modern times due to the emergence of IoT (Internet-of-Things) and CNs (Computer Networks). Because of the massive increase in Internet access, various malicious malware have emerged and pose significant computer security threats. The numerous computing processes across the network have a high risk of being tampered with or exploited, which necessitates developing effective intrusion detection systems. Therefore, it is essential to build an effective cybersecurity model to detect the different anomalies or cyber-attacks in the network. This work introduces a new method known as Wavelet Deep Convolutional Neural Network (WDCNN) to classify cyber-attacks. The presented network combines WDCNN with Enhanced Rain Optimization Algorithm (EROA) to minimize the loss in the network. This proposed algorithm is designed to detect attacks in large-scale data and reduces the complexities of detection with maximum detection accuracy. The proposed method is implemented in PYTHON. The classification process is completed with the help of the two most famous datasets, KDD cup 1999 and CICMalDroid 2020. The performance of WDCNN_EROA can be assessed using parameters like specificity, accuracy, precision F-measure and recall. The results showed that the proposed method is about 98.72% accurate for the first dataset and 98.64% for the second dataset.

Software-defined network (SDN) is a new network structure, which has the characteristics of centralized management and programmable, and is widely used in the field of Internet of things. Distributed denial of service (DDoS) attack is one of the most threatening attacks in SDN network. How to effectively detect DDoS attacks has become a research hotspot in the field of SDN security management. Aiming at the above problems, this paper proposes a DDoS attack detection method based on Deep belief network (DBN) in SDN network architecture. By extracting the characteristics of OpenFlow switch flow table entries, DBN algorithm is trained to detect whether there are DDoS attacks. The experimental results show that the method is better than the other algorithms in accuracy, precision and recall.

Security issues in information management are increasingly moving towards the centre of corporate interests. This paper presents a multiobjective modelling approach that interactively assists IT managers in their attempts to reduce a given risk by evaluating and selecting portfolios (i.e. bundles) of security measures. The proposed multi-step procedure identifies attractive portfolio candidates and finally establishes the "best" one with respect to the decision-maker's preferences. Our model and its possible application are demonstrated by means of a numerical example based on real-world data that evaluates the risk of hacking faced by a Local Area Network in an academic environment.

There are two statistical decision making questions regarding statistically detecting sings of denial-of-service flooding attacks. One is how to represent the distributions of detection probability, false alarm probability and miss probability. The other is how to quantitatively express a decision region within which one may make a decision that has high detection probability, low false alarm probability and low miss probability. This paper gives the answers to the above questions. In addition, a case study is demonstrated.

With the advent of the Internet of Things (IoT), the security of the network layer in IoT is getting more attention in recent decades. Various intrusion detection methods were developed in the existing research works, but the capability to detect malicious and intrusion activities in the complex Internet environment poses a challenging task in IoT. Hence, an effective and optimal intrusion detection mechanism, named Harmony Search Hawks Optimization-based Deep Reinforcement Learning (HSHO-based Deep RL), is proposed in this research to detect malicious network activities. The proposed Harmony Search Hawks Optimization (HSHO) algorithm is designed by integrating Harmony Search (HS) with the Harris Hawks Optimization (HHO) algorithm. However, the optimal detection result that is effectively achieved through the fitness measures such that the minimum fitness value is only declared as the optimal solution. The Deep Reinforcement Learning (Deep RL) classifier effectively detects the malicious or intruder behaviors and generates a satisfactory result. By reducing the dimensionality of data using nonnegative matrix factorization, the data is optimally fit to perform intrusion detection process in the IoT environment. The proposed HSHO-based Deep RL obtained better performance in terms of the metrics like accuracy (96.925%), True Positive Rate (TPR; 96.90%), and True Negative Rate (TNR; 97.920%) with respect to $K$-fold.

Quantum Key Distribution (QKD) networks are the trends toward multiple users' unconditional secure communication. Based on several passive optical devices, such as beam splitter, optical switch or wavelength divided multiplexer, various types of fiber-based QKD networks have been proposed. However, it is still hard to accurately assess these networks. To find the optimal solution, a general assessment that would not involve detailed schemes is quite necessary. In this paper, we introduce an evaluation method and analyze optical-device-based QKD networks including two rational aspects: (i) network connectivity and network bandwidth which reflect the network's flexibility and performance in theory; (ii) network cost that brings pragmatic restriction on the network construction in practice. Applying this model, we compare five typical types of optical-device-based QKD networks. The explicit results demonstrate the above networks' characteristics and some valuable conclusions.

In recent years, the use of security gateways (SG) located within the electrical grid distribution network has become pervasive. SGs in substations and renewable distributed energy resource aggregators (DERAs) protect power distribution control devices from cyber and cyber-physical attacks. When encrypted communications within a DER network is used, TCP/IP packet inspection is restricted to packet header behavioral analysis which in most cases only allows the SG to perform anomaly detection of blocks of time-series data (event windows). Packet header anomaly detection calculates the probability of the presence of a threat within an event window, but fails in such cases where the unreadable encrypted payload contains the attack content. The SG system log (syslog) is a time-series record of behavioral patterns of network users and processes accessing and transferring data through the SG network interfaces. Threatening behavioral pattern in the syslog are measurable using both anomaly detection and graph theory. In this paper, it will be shown that it is possible to efficiently detect the presence of and classify a potential threat within an SG syslog using light-weight anomaly detection and graph theory.