main-content

## Über dieses Buch

This book provides a concise overview of the current state of the art in cybersecurity and shares novel and exciting ideas and techniques, along with specific cases demonstrating their practical application. It gathers contributions by both academic and industrial researchers, covering all aspects of cybersecurity and addressing issues in secure information systems as well as other emerging areas.

The content comprises high-quality research articles and reviews that promote a multidisciplinary approach and reflect the latest advances, challenges, requirements and methodologies. Thus, the book investigates e.g. security vulnerabilities, cybercrime, and privacy issues related to big data analysis, as well as advances in digital forensics, secure smart city services, and risk mitigation strategies for devices employing cyber-physical systems.

Given its scope, the book offers a valuable resource for students, researchers, IT professionals and providers, citizens, consumers and policymakers involved or interested in the modern security procedures needed to protect our information and communication resources. Its goal is to foster a community committed to further research and education, and one that can also translate its findings into concrete practices.

## Inhaltsverzeichnis

### Security and Privacy in Smart City Applications and Services: Opportunities and Challenges

Abstract
A Smart City can be described as an urbanized town, wherein Information and Communication Technology are at the core of its infrastructure. Smart cities serve several innovative and advanced services for its citizens in order to improve the quality of their life. A Smart City must encompass all the forthcoming and highly advanced and integrated technology, the essence of which is the Internet of Things (IoT). Smart technologies like smart governance, smart communication, smart environment, smart transportation, smart energy, waste and water management applications promise the smart growth of the city, but at the same time, it needs to enforce pervasive security and privacy of the large volume of data associated with these smart applications. Special smart measures are required to cover urbanization trends in the innovative administration of urban transference and various smart services to the residents, visitors and local government to meet the ever expanding and manifold demands. When the city goes urban, its residents may suffer from various privacy and security issues due to smart city applications vulnerabilities. This chapter delivers a comprehensive overview of the security and privacy threats, vulnerabilities, and challenges of a smart city project; and suggests solutions in order to facilitate smart city development and governance.
Alka Verma, Abhirup Khanna, Amit Agrawal, Ashraf Darwish, Aboul Ella Hassanien

### A Lightweight Multi-level Encryption Model for IoT Applications

Abstract
The Internet of Things (IoT) envisions connected, smart and pervasive nodes communicating while giving all kinds of assistance. Openness, comparatively colossal processing speed and wide distribution of IoT objects offered them an absolute destination for cyber-attacks. With the vast potential of IoT, there happen to all sorts of difficulties. In this article, an IoT environment has classified into three primary layers (i) Device layer, (ii) Communication Layer, (iii) Cloud Layer. Users, Devices, Gateway, Connection, Cloud, and Application are combined to create the various layers for IoT environment. The security issues in the cloud layer for IoT has addressed by a multilevel encryption scheme has proposed with flexible key management in the cloud environment.
M. Durairaj, K. Muthuramalingam

### An Efficient Image Encryption Scheme Based on Signcryption Technique with Adaptive Elephant Herding Optimization

Abstract
IoT makes incorporated communication circumstances of interconnected devices and stages by drawing in both practical and substantial worlds simultaneously. The researchers of the study distinguished and examined the vital open difficulties in fortifying the security in IoT that combines encryption strategies to offer security to exchanged images between connected networks of the two parties. The device is primarily based on a hybrid algorithm that applies the strategies of encryption and optimization techniques are used. This proposed image safety model signcryption with elephant based optimization method used. The purpose of the use of optimization in encryption method is to pick the most advantageous keys in encryption algorithms, here Adaptive Elephant Herding Optimization (AEHO) used. This technique Signcryption is the technique that mixes the functionality of encryption and digital signature in a single logical step. From the implementation, the results are evaluated through the usage of the Peak Signal to Noise Ratio (PSNR) and Mean square errors (MSE).
K. Shankar, Mohamed Elhoseny, Eswaran Perumal, M. Ilayaraja, K. Sathesh Kumar

### Time Split Based Pre-processing with a Data-Driven Approach for Malicious URL Detection

Abstract
Malicious uniform resource locator (URL) host unsolicited content and are a serious threat and are used to commit cyber crime. Malicious URL’s are responsible for various cyber attacks like spamming, identity theft, financial fraud, etc. The internet growth has also resulted in increase of fraudulent activities in the web. The classical methods like blacklisting is ineffective in detecting newly generated malicious URL’s. So there arises a need to develop an effective algorithm to detect and classify the malicious URL’s. At the same time the recent advancement in the field of machine learning had shown promising results in areas like image processing, Natural language processing (NLP) and other domains. This motivates us to move in the direction of machine learning based techniques for detecting and classifying URL’s. However, there are significant challenges in detecting malicious URL’s that needs to be answered. First and foremost any available data used in detecting malicious URL’s is outdated. This makes the model difficult to be deployed in real time scenario. Secondly the inability to capture semantic and sequential information affects the generalization to the test data. In order to overcome these shortcomings we introduce the concept of time split and random split on the training data. Random split will randomly split the data for training and testing. Whereas time split will split the data based on time information of the URL’s. This in turn is followed by different representation of the data. These representation are passed to the classical machine learning and deep learning techniques to evaluate the performance. The analysis for data set from Sophos Machine Learning building blocks tutorial shows better performance for time split based grouping of data with decision tree classifier and an accuracy of 88.5%. Additionally, highly scalable framework is designed to collect data from various data sources in a passive way inside an Ethernet LAN. The proposed framework can collect data in real time and process in a distributed way to provide situational awareness. The proposed framework can be easily extended to handle vary large amount of cyber events by adding additional resources to the existing system.
N. B. Harikrishnan, R. Vinayakumar, K. P. Soman, Prabaharan Poornachandran

### Optimal Wavelet Coefficients Based Steganography for Image Security with Secret Sharing Cryptography Model

Abstract
Image security on web exchanges is the major concern of the hour as the breaching attacks into the image databases are rising every year. Numerous researchers are investigated the image security with Steganography, cryptography, encryption, watermarking et cetera, our proposed model image Steganography with Secret Share cryptography (SSC) is considered to upgrade the security level, here Medical images are considered for stego image creation process. In the wake of inserting of secret data with cover image Optimal Discrete Wavelet Transform (DWT) used to transform the area, here Daubechies (db2) coefficients are utilized, in addition upgrading the PSNR Continues Harmony Search (CHS) used to enhance those coefficients. At last, SS are made for lower band stego images with high security process. Visual Cryptography is utilized to encrypt a secret image into redid adaptations of the first image which prompts computational unpredictability and furthermore create share. In view of above process the secret data or image hided and anchored, finally apply converse procedure to recover the first image. From the execution results, PSNR, hiding capacity, error rate is computed, its contrasted with existing Techniques.
A. Sivasankari, S. Krishnaveni

### Deep Learning Framework for Cyber Threat Situational Awareness Based on Email and URL Data Analysis

Abstract
Spamming and Phishing attacks are the most common security challenges we face in today’s cyber world. The existing methods for the Spam and Phishing detection are based on blacklisting and heuristics technique. These methods require human intervention to update if any new Spam and Phishing activity occurs. Moreover, these are completely inefficient in detecting new Spam and Phishing activities. These techniques can detect malicious activity only after the attack has occurred. Machine learning has the capability to detect new Spam and Phishing activities. This requires extensive domain knowledge for feature learning and feature representation. Deep learning is a method of machine learning which has the capability to extract optimal feature representation from various samples of benign, Spam and Phishing activities by itself. To leverage, this work uses various deep learning architectures for both Spam and Phishing detection with electronic mail (Email) and uniform resource locator (URL) data sources. Because in recent years both Email and URL resources are the most commonly used by the attackers to spread malware. Various datasets are used for conducting experiments with deep learning architectures. For comparative study, classical machine learning algorithms are used. These datasets are collected using public and private data sources. All experiments are run till 1,000 epochs with varied learning rate 0.01–0.5. For comparative study various classical machine learning classifiers are used with domain level feature extraction. For deep learning architectures and classical machine learning algorithms to convert text data into numeric representation various natural language processing text representation methods are used. As far as anyone is concerned, this is the first attempt, a framework that can examine and connect the occasions of Spam and Phishing activities from Email and URL sources at scale to give cyber threat situational awareness. The created framework is exceptionally versatile and fit for distinguishing the malicious activities in close constant. In addition, the framework can be effectively reached out to deal with vast volume of other cyber security events by including extra resources. These qualities have made the proposed framework emerge from some other arrangement of comparative kind.
R. Vinayakumar, K. P. Soman, Prabaharan Poornachandran, S. Akarsh, Mohamed Elhoseny

### Application of Deep Learning Architectures for Cyber Security

Abstract
Machine learning has played an important role in the last decade mainly in natural language processing, image processing and speech recognition where it has performed well in comparison to the classical rule based approach. The machine learning approach has been used in cyber security use cases namely, intrusion detection, malware analysis, traffic analysis, spam and phishing detection etc. Recently, the advancement of machine learning typically called as ‘deep learning’ outperformed humans in several long standing artificial intelligence tasks. Deep learning has the capability to learn optimal feature representation by itself and more robust in an adversarial environment in compared to classical machine learning algorithms. This approach is in early stage in cyber security. In this work, to leverage the application of deep learning architectures towards cyber security, we consider intrusion detection, traffic analysis and Android malware detection. In all the experiments of intrusion detection, deep learning architectures performed well in compared to classical machine learning algorithms. Moreover, deep learning architectures have achieved good performance in traffic analysis and Android malware detection too.
R. Vinayakumar, K. P. Soman, Prabaharan Poornachandran, S. Akarsh

### Improved DGA Domain Names Detection and Categorization Using Deep Learning Architectures with Classical Machine Learning Algorithms

Abstract
Recent families of malware have largely adopted domain generation algorithms (DGAs). This is primarily due to the fact that the DGA can generate a large number of domain names after that utilization a little subset for real command and control (C&C) server communication. DNS blacklist based on blacklisting and sink-holing is the most commonly used approach to block DGA C&C traffic. This is a daunting task because the network admin has to continuously update the DNS blacklist to control the constant updating behaviors of DGA. Another significant direction is to predict the domain name as DGA generated by intercepting the DNS queries in DNS traffic. Most of the existing methods are based on identifying groupings based on clustering, statistical properties are estimated for groupings and classification is done using statistical tests. This approach takes larger time-window and moreover can’t be used in real-time DGA domain detection. Additionally, these techniques use passive DNS and NXDomain information. Integration of all these various information charges high-cost and in some case is highly impossible to obtain all these information because of real-time constraints. Detecting DGA on per domain basis is an alternative approach which requires no additional information. The existing methods on detecting DGA per domain basis is based on machine learning. This approach relies on feature engineering which is a time-consuming process and can be easily circumvented by malware authors. In recent days, the application of deep learning is leveraged for DGA detection on per domain basis. This requires no feature engineering and easily can’t be circumvented. In all the existing studies of DGA detection, the deep learning architectures performed well in comparison to the classical machine learning algorithms (CMLAs). Following, in this chapter we propose a deep learning based framework named as I-DGA-DC-Net, which composed of Domain name similarity checker and Domain name statistical analyzer modules. The Domain name similarity checker uses deep learning architecture and compared with the classical string comparison methods. These experiments are run on the publically available data set. Following, the domains which are not detected by similar are passed into statistical analyzer. This takes the raw domain names as input and captures the optimal features implicitly by passing into character level embedding followed by deep learning layers and classify them using the CMLAs. Moreover, the effectiveness of the CMLAs are studied for categorizing algorithmically generated malware to its corresponding malware family over fully connected layer with $$\textit{softmax}$$ non-linear activation function using AmritaDGA data set. All experiments related deep learning architectures are run till 100 epochs with learning rate 0.01. The experiments with deep learning architectures-CMLs showed highest test accuracy in comparison to deep learning architectures-$$\textit{softmax}$$ model. This is due to the reason that the deep learning architectures are good at obtaining high level features and SVM good at constructing decision surfaces from optimal features. SVM generally can’t learn complicated abstract and invariant features whereas the hidden layers in deep learning architectures facilitate to capture them.
R. Vinayakumar, K. P. Soman, Prabaharan Poornachandran, S. Akarsh, Mohamed Elhoseny

### Secure Data Transmission Through Reliable Vehicles in VANET Using Optimal Lightweight Cryptography

Abstract
Vehicular Ad Hoc Networks (VANETs) is an important communication paradigm in modern mobile computing for transferring message for either condition, road conditions. A protected data can be transmitted through VANET, LEACH protocol based clustering and Light Weight cryptographically Model is considered. At first, grouping the vehicles into clusters and sorting out the network by clusters are a standout amongst the most comprehensive and most adequate ways. This in mechanism gives a solution to control the assaults over the VANET security. Improve the security dimension of data transmission through network framework the inspired Random Firefly (RFF) enhancement used to discover the reliable vehicles in created VNET topology. Once it’s identified the Lightweight Cryptography (LWC) with a Hash function which is used to secure the information in sender to receiver. The procedure utilized for encryption in which plain data is changed over into a cipher data alongside private and public keys. This security demonstrates it actualized in NS2 simulator with a simulation parameter, and furthermore, our proposed secure data transmission contrasted with existing security methods.
P. Manickam, K. Shankar, Eswaran Perumal, M. Ilayaraja, K. Sathesh Kumar

### Some Specific Examples of Attacks on Information Systems and Smart Cities Applications

Abstract
In this chapter, are enlisted some specific examples of attacks in information systems and smart cities applications. The chapter consists of five parts. In the first and second part, the basic introductory considerations and some of our previous research in the field of security of information systems and security management in the cyberspace are listed. In the third part, are given specific examples of XSS and CSRF attacks. In addition, is given a specific implementation of the executive script, which has a task for the collection of confidential information in smart environments. In the fourth part, is listed the procedure for attacking hash digest data as well as the procedure for hiding information using the Python programming language and the Kali Linux environment. Finally, lists the final considerations and gives suggestions for further research in the field of cybersecurity attacks on smart cities.
Muzafer Saračević, Aybeyan Selimi, Šemsudin Plojović

### Clustering Based Cybersecurity Model for Cloud Data

Abstract
Due to the inexorable notoriety of ubiquitous mobile devices and cloud processing, storing of data (for example photographs, recordings, messages, and texts) in the cloud has turned into a pattern among individual and hierarchical clients. Be that as it may, cloud service providers can’t be trusted entirely to guarantee the accessibility or honesty of client data re-appropriated/transferred to the cloud. Consequently, to enhance the cybersecurity level of cloud data, a new security model is introduced along with optimal key selection. In the proposed study, first cluster the secret information which we are taken using K-Mediod clustering algorithm based on a data distance measure. Then, the clustered data are encrypted using Blowfish Encryption (BE) and stored in the cloud. To improve the cybersecurity level, the optimal key is chosen based on the maximum key breaking time; for that, we presented a technique called Improved Dragonfly Algorithm (IDA). The result demonstrates that the optimal blowfish algorithm improves the accuracy of cybersecurity for all secret information compared to existing algorithms.
A. Bhuvaneshwaran, P. Manickam, M. Ilayaraja, K. Sathesh Kumar, K. Shankar

### A Detailed Investigation and Analysis of Deep Learning Architectures and Visualization Techniques for Malware Family Identification

Abstract
At present time, malware is one of the biggest threats to Internet service security. This chapter propose a novel file agnostic deep learning architecture for malware family identification which converts malware binaries into gray scale images and then identifies their families by a hybrid in-house model, Convolutional Neural Network and Long Short Term Memory (CNN-LSTM). The significance of the hybrid model enables the network to capture the spatial and temporal features which can be used effectively to distinguish among malwares. In this novel method, usual methods like disassembly, de-compiling, de-obfuscation or execution of the malware binary need not be done. Various experiments were run to identify an optimal deep learning network parameters and network structure on benchmark and well-known data set. All experiments were run at a learning rate 0.1 for 1,000 epochs. To select a model which is generalizable, various test-train splits were done during experimentation. Additionally. this facilitates to find how well the models perform on imbalanced data sets. Experimental results shows that the hybrid model is very effective for malware family classification in all the train-test splits. It indicates that the model can work in unevenly distributed samples too. The classification accuracy obtained by deep learning architectures on all train-test splits performed better than other compared classical machine learning algorithms and existing method based on deep learning. Finally, a scalable framework based on deep learning and visualization approach is proposed which can be used in real time for malware family identification.
S. Akarsh, Prabaharan Poornachandran, Vijay Krishna Menon, K. P. Soman

### Design and Implementation of a Research and Education Cybersecurity Operations Center

Abstract
The growing number and severity of cybersecurity threats, combined with a shortage of skilled security analysts, has led to an increased focus on cybersecurity research and education. In this article, we describe the design and implementation of an education and research Security Operations Center (SOC) to address these issues. The design of a SOC to meet educational goals as well as perform cloud security research is presented, including a discussion of SOC components created by our lab, including honeypots, visualization tools, and a lightweight cloud security dashboard with autonomic orchestration. Experimental results of the honeypot project are provided, including analysis of SSH brute force attacks (aggregate data over time, attack duration, and identification of well-known botnets), geolocation and attack pattern visualization, and autonomic frameworks based on the observe, orient, decide, act methodology. Directions for future work are also be discussed.
C. DeCusatis, R. Cannistra, A. Labouseur, M. Johnson

### Backmatter

Weitere Informationen