Advances in Cyber Security

Education not only means acquiring knowledge or skills, but it also includes acquiring morals, beliefs and values. Nowadays, most people think that gaining an educational certificate means that they are qualified, and because of that, some people make fake certificates to get the job. There is no easy way to validate these certificates, mainly when people belong to different countries. With the spread of coronavirus worldwide, travel restrictions were imposed between nations and within the nation itself. As a result, numerous educational activities, such as conferences, seminars etc., have been postponed. However, the organisers opted to hold these events over the Internet due to the pandemic's numerous limitations. Many of these activities offer certificates of participation, but it is not easy to verify the authenticity of these certificates and the coordinating institutes and attendees. Similarly, there are problems with attending several events at the same time. Many such challenges are explored thoroughly. Then a framework is proposed along with the algorithms that will explain in detail how these challenges can be solved using blockchain technology. As a result, a comparison of the proposed framework is made with the frameworks discussed in the literature and found that the proposed framework is much better in solving the discussed challenges. The article concludes with the future directions for implementing such a framework in the real world.

Soon after its inception in 2009, Bitcoin was used as a tool by malicious attackers who exploit its pseudo-anonymity to establish untraceable frauds. Recently, several Bitcoin users and institutions have confirmed that thousands of Bitcoins were lost due to the failure to implement a fraud detection system, causing significant damage to individuals or institutions and resulting in bankruptcy. The anonymous nature of the Bitcoin system makes it a desirable option for malicious people to carry out illegal activities, making it difficult for law enforcement to detect suspicious behavior and making the current fraud detection techniques impractical. Thus, identifying illegal activities becomes an important factor to protect the reputation of the Bitcoin system. In this paper, we propose a model to identify illegal transactions in the Bitcoin system. Firstly, we collect illegal addresses for data labeling purposes from different sources such as online public bitcoin forums and related datasets from previous papers and then verify them with a raw Bitcoin dataset. Secondly, we introduce new types of features by using a time-based approach to segment transactions into time slices over a period in addition to the most meaningful features of the prior studies. Thirdly, we evaluate the proposed model on five popular supervised classifiers (KNN, SVM, RF, XGB, and KNN). Finally, this paper considers the problem of class imbalance and attained better optimization when using an adaptive oversampling technique (ADASYN). Results obtained from this study demonstrate that RF and XGB outperform KNN, SVM, and NN in terms of detection rate.

This paper investigates the efficiency of consolidating the stream cipher Salsa20 with chaos theory. Subsequently, an enhanced Salsa20 is presented in this paper using two kinds of chaotic maps (1D logistic map and Chebyshev map). The proposed enhanced Salsa20 (ESalsa20) algorithm is developed to be utilized as a lightweight stream cipher that can be implemented in such a way that the speed of encryption is as important as the security. This enhancement is based on the 1D logistic and Chebyshev functions. The XOR-Boolean operation is used in the chaotic layer of the propped encryption algorithm to increase the scrambling of the secret keys. Generally, histogram analysis of the ESalsa20 algorithm shows robust performance against static attacks. According to the obtained results, the ESalsa20 algorithm achieves the best values of NCC 0.3890752653, NAD 0.3689770561, and UQI 0.3777468183 as compared with the original Salsa20 algorithm. Moreover, it achieves the best values of MSE 6957.49, PSN R 9.7224, and AD 78.3394. and UQI. The proposed ESalsa20 also achieves a fast execution time than the Salsa20. As a result, adding the 1D logistic and Chebyshev functions facilitates achieving an accurate diffusion level and making the cipher faster.

Hadoop framework has been developed to manage Big Data on the Cloud. The main components of this framework are MapReduce and Hadoop Distributed File System (HDFS), but Hadoop does not provide any mechanism for robust authentication. The existing authentication protocols are vulnerable to many security threats. Therefore, we suggest an authentication model based on “Inverse Hyperbolic Functions” in this paper. This model is followed by a mechanism that verifies the identity of the user and determines whether the user is permitted for access or not. The security study takes into account both functionality and security needs. Furthermore, (AVISPA) is used to verify the proposed system. Finally, the suggested scheme defends against a variety of attacks, including replay, MITM, DOS, password guessing, insider attack, and phishing.

With advancing technology, social media sites have become narratives for news surfacing the digital world. Social media users generally have no qualm for forwarding whatever comes their way. The flexibility of social media platforms offers no way to prove the credibility of a shared piece of information. The authenticity of the news and maintaining netiquette over social media sites have become precedence areas. This has challenged the technology in maintaining the ethics and objectivity of journalism. This paper proposes a shared, decentralized framework that implements an alternate vision to the customary way people share information. In particular, we provide an innovative blockchain and crowd sourcing-based framework for demonstrating the provenance of news surfacing through digital media. Under this platform, the truth is sourced from the crowd, stored, and consequently transformed into a real-time interface. Moreover, using the immutable feature of blockchain, all users are made accountable and valued based on their reputation. Further, nodes are provided with incentives for their rightful behavior and are penalized for their malicious actions. Thus, in this paper, we aim to offer a much-needed layer for secure, reliable information exchange in our present-day social media infrastructure that does not rely on a single source of truth.

Cryptography is the art of presenting secret information under code obfuscation. This can be achieved by various algorithms which convert human readable text into non-legible text. This paper presents a cryptosystem that adopts the Gamma function and tabular modeling to carry out both the encryption and decryption using two common keys namely Primary Common Key (PCK) and Secondary Common Key (SCK). The encryption outputs two ciphers when a message P and PCK is given as input. The value Key VK is generated by Value Key Generator (VKG). Cipher $$C_1$$ C 1 uses modular arithmetic followed by Gamma function and Cipher $$C_2$$ C 2 uses Gamma function in Gamma Cryptor Module (GCM). The result of VKG is given to GCM. During decryption, it requires both the ciphers $$C_1 C_2$$ C 1 C 2 and a Value key VK for generating the plaintext back.

Digital image cryptography has the greatest priority with the rise and authenticity of the multimodal data. Encryption is known to be a very critical step in the security of multimedia applications. This paper proposes the Playfair, and OTP based image encryption-compression method using integer Haar transform. Initially, the proposed method encrypts the image using integer Haar transform with the One Time Pad (OTP) algorithm and the Playfair encoding. Finally, Inverse Discrete Wavelet Transform (IDWT) is applied to get the ciphered encoded image. The decoding part is driven automatically by inverting the operations of the encoding part. The quality of encrypted-decrypted images is assessed using Histogram Analysis, NPCR, UACI, PSNR, SSIM, GLCM correlation coefficient and Entropy. It is evident from visual inspection of the images and quality assessment parameters that the proposed method works effectively.

While cloud computing is gaining widespread adoption these days, some challenges are emerging around security, performance, and reliability of centralized cloud resources. Decentralized services are introduced as an effective way to overcome the limitations of cloud services. Blockchain technology with its associated decentralization is used to develop decentralized application platforms. The InterPlanetary File System (IPFS) is built on top of a distributed system consisting of a group of nodes that shares the data and takes advantage of blockchain to permanently store the data. The IPFS is very useful in transferring remote data. This work focuses on applying blockchain technology onto the IPFS for improving its security and performance. It illustrates different types of blockchain and their advantages and challenges; it also describes the proposed design and its detailed implementation. For performance evaluation, we show the performance gains, analyze security enhancements, and discuss the tradeoffs between security and performance. We believe that the presented work is significant towards more secured, efficient web applications utilizing the emerging blockchain technologies.

The Internet of Things (IoT), often known as the Internet of Everything, is a new technological paradigm visualized as a worldwide network of interconnected machines. IoT brings another dimension into Information Technology (IT), where machines can communicate with various machines and humans. Researchers and IT industry produced various IoT devices, architectures. Different ways are introduced to implement and use IoT concepts. IoT is getting more intention in ideas like smart homes and smart cities, raising security concerns. This article aims to gather the reported security issues, the classification of those issues, and the solutions that were provided against those IoT security issues.

Pluggable authentication modules (PAMs) primarily provide authentication services to system software on a machine. PAM simplifies the job for both software developers and system administrators by providing a unified method to manage user access to the system. Therefore, software developers do not need to write user authentication subroutines because they can safely rely on well-studied and tested modules to provide the required services. The default authentication mechanism provided by PAM is password-based; while this is sufficient, the security is highly dependent on the strength of the password, which can vary based on the individual or the organization setting the associated password policies. To address this problem, we present an identity-based identification (IBI) module that works as a PAM, specifically for Linux-PAM. The security of the authentication mechanism provided by our work is only dependent on the fixed cryptographic strength of the user keys, which is generally much more secure than passwords. In addition, IBI also has comparatively simpler operations and provides easier ways to manage users compared to existing cryptographic alternatives.

The mass implementation of the Internet of Things (IoT) creates a new computing paradigm where ubiquitous networks of devices with embedded sensors and actuators support innovative business models. This research uses a combination of natural language processing and corpus linguistics techniques to support identification of the risk factors present in multi-dimensional industrial IoT assets (IIoT). The methods reviewed are found to streamline the manual stages traditionally associated with robust knowledge synthesis processes such as PRISMA. The methods explored can help decision makers and researchers to systematically identify trends and directions in the literature across the broad domain of IoT. The resulting findings can then contribute to risk management planning in what is an emerging and complex field, particularly the industrial use of IoT, and for which historic risk data is immature.

The opportunities offered by Industry 4.0 for manufacturing companies are enormous but are in danger of remaining unexploited due to inadequate IT security measures. Increasing networking in the production environment leads to a growing number of attack surfaces that need to be protected by appropriate security measures. The overarching goal of this paper is therefore to provide companies with an easy-to-use tool with which they can self-assess their own cybersecurity maturity level, identify vulnerabilities and, based on this, implement secure, digitally networked production themselves. The Fraunhofer IPT has therefore developed the “Production Security Readiness Check”, which is presented in this article and the result of a study of 28 companies that have carried out the check is highlighted.

With the growth of internet encryption to protect users’ privacy, malware has evolved to employ encryption protocols such as TLS/SSL to obfuscate the contents of malicious communications. Unfortunately, decrypting network data before it reaches the signature-based Intrusion Detection System (IDS) to identify TLS-based malware is impractical since it adds infrastructure complexity and compromises user privacy. As a result, various studies have moved to investigate anomaly-based detection without decryption using different TLS features and techniques such as Machine Learning (ML). This paper aims to review TLS-based malware anomaly detection studies and analyze the employment of TLS features and machine learning in these works to understand the field’s current state better. Furthermore, this study highlights the strengths of the related research and offers several recommendations on its shortcomings and TLS features for future effective detection systems.

SCADA systems are commonly used to track and manage utilities in vital national infrastructures including electricity generation and delivery, transportation networks, water supply and manufacturing, and manufacturing facilities. Cyber-attacks that threaten data privacy in SCADA networks, such as unauthorised misuse of sensor or control signals, may have a significant effect on the functioning of sensitive national infrastructure by causing device operators to make incorrect decisions, which could result in disastrous outcomes. Therefore, the cyber-security of SCADA systems has been an active topic of research for the past decades due to the potentially disastrous impact on the environment, public safety, and economy when these systems are breached or compromised. This paper examines the current security posture of SCADA systems from the perspective of data and cybersecurity and to propose recommendations for enhancing protection measures.

In Stateless Address Auto Configuration (SLAAC) in the IPv6 network, the host obtain the network prefix using Router Discovery (RD) protocol. The standard RD by design do not have trust mechanism to authenticate the legitimate host and router. This design flaw within RD protocol has led to Fake Router Advertisement (Fake RA) attack where the host is denied of the legitimate gateway. In order to address this issue, several prevention techniques such as Trust Neighbour Discovery (Trust-ND), CGA + Internet Protocol Security (IPSec) Authentication Header (AH) NDP mechanism and others have been proposed in the past. However, these techniques also face other vulnerabilities such as high computation cost, hash collision attacks and bootstrapping problem. Hence, this paper review shortcoming of these mechanisms and proposes an improved secure RD mechanism i.e. the SecMac-Secure Router Discovery (SecMac-SRD) mechanism to overcome the Fake RA attacks. SecMac-SRD mechanism provides 60.8% reduction of processing time compare to Trust-ND while preventing Fake RA attacks during the RD process in the link local communication of the IPv6 network.

Digital forensics is a crucial process of identifying, conserving, retrieving, evaluating, and documenting digital evidence obtained on computers and other electronic devices. Data restoration and analysis on file systems is one of digital forensic science’s most fundamental practices. There is a lot of research being done in developing file carving approaches and different researches focused on different aspects. With the increasing numbers of literature that are covering this research area, there is a need to review this literature for further reference. A review is carried out reviewing different works of literature covering various aspects of carving approaches from multiple digital data sources including IEEE Xplore, Google Scholar, Web of Science, etc. This analysis is done to consider several perspectives which are the current research direction of the file carving approach, the classification for the file carving approaches, and also the challenges are to be highlighted. Based on the analysis, we are able to state the current state of the art of file carving. We classify the carving approach into five classifications which are general carving, carving by specific file type, carving by structure, carving by the file system, and carving by fragmentation. We are also able to highlight several of the challenges for file carving mentioned in the past research. This study will serve as a reference for scientists to evaluate different strategies and obstacles for carving so that they may choose the suitable carving approaches for their study and also future developments.

The advent of the web and internet space has seen its adoption for rendering various services -from financial to medical services. This has brought an increase in the rate of cybersecurity issues over the years and a prominent one is the phishing attack where malicious websites mimic the appearance and functionalities of another legitimate website to collect users’ credentials required for access to services. Several measures have been proposed to mitigate this attack; blacklisting and variants of machine learning approaches have been employed, yielding good performance results. However, there is a need to increase the rate of identification of phishing attacks and reduce the rate of false positives. This study proposes the use of a functional tree (FT) machine learning approach to mitigate phishing attacks. FT, a hybridization of multivariate decision trees and discriminant function using constructive induction, uses logistic regression for splitting tree nodes and leaf prediction, unlike the conventional decision tree that simply split nodes based on the data. Furthermore, a variant of the FT is proposed based on cascade generalization (CG-FT). Three datasets with varied instance distributions, both balanced and imbalanced, are used in the empirical investigation of the performance of the proposed CG-FT. The results showed that FT has improved performances over some selected baseline classifiers. Relative to FT, the CG-FT techniques showed improvement in the detection of a phishing attack with Area Under the Curve (AUC) and True Positive rate (TP-rate) ranging from 98–99.6% and 92–97% respectively in the datasets. Also, the false-positive rate is reduced with values ranging from 1.7 to 6.1%. The proposed CG-FT showed improvement over all the other reviewed approaches based on studied performance metrics. The use of FT and its hybridization with cascade generalization (CG-FT) showed an improvement in performance in the mitigation of phishing attacks.

Short Message Service (SMS) is a very popular service used for communication by mobile users. However, this popular service can be abused by executing illegal activities and influencing security risks. Nowadays, many automatic machine learning (AutoML) tools exist which can help domain experts and lay users to build high-quality ML models with little or no machine learning knowledge. In this work, a classification performance comparison was conducted between three automatic ML tools for SMS spam message filtering. These tools are mljar-supervised AutoML, H2O AutoML, and Tree-based Pipeline Optimization Tool (TPOT) AutoML. Experimental results showed that ensemble models achieved the best classification performance. The Stacked Ensemble model, which was built using H2O AutoML, achieved the best performance in terms of Log Loss (0.8370), true positive (1088/1116), and true negative (281/287) metrics. There is a 19.05% improvement in Log Loss with respect to TPOT AutoML and 5.56% improvement with respect to mljar-supervised AutoML. The satisfactory filtering performance achieved with AutoML tools provides a potential application for AutoML tools to automatically determine the best ML model that can perform best for SMS spam message filtering.

The impacts of Distributed-Denial-of-Service (DDoS) are doubtlessly major and continue to grow along with the growth of Internet-of-Things (IoT) devices. So many solutions have been contributed to detecting and mitigating this attack, specifically in IoT devices, yet the threat still exists and is bigger than ever. Denial of service attacks are often carried out by flooding a targeted computer or resource with phony requests in an attempt to overwhelm systems and prevent a few or all genuine requests from being completed; this is known as botnet attacks. There have been so many attempts to solve such puzzle-like middle-box and Artificial Intelligence (AI) solutions through machine learning (ML). The new botnets are so complex where for example, the Mirai botnet can mutate on a daily basis. This paper proposes a deep learning (DL) approach that consists of three DL algorithms, namely, recurrent neural network (RNN), convolutional neural network (CNN), and Long short-term memory (LSTM)-RNN to counter DDoS attacks targeting IoT networks. These algorithms are tested by implementing a real-world N-BaIoT dataset that has been collected by infecting nine IoT devices with two of the most dangerous DDoS botnets (Mirai and Bashlite). Subsequently, the three algorithms are compared in terms of accuracy, precision, recall, and f-measure. The results show that the RNN has achieved the highest accuracy of 89.75% among the three algorithms, followed by the LSTM-RNN and the CNN.

In the last decade, the use of Machine Learning techniques in anomaly-based intrusion detection systems has seen much success. However, recent studies have shown that Machine learning in general and deep learning specifically are vulnerable to adversarial attacks where the attacker attempts to fool models by supplying deceptive input. Research in computer vision, where this vulnerability was first discovered, has shown that adversarial images designed to fool a specific model can deceive other machine learning models. In this paper, we investigate the transferability of adversarial network traffic against multiple machine learning-based intrusion detection systems. Furthermore, we analyze the robustness of the ensemble intrusion detection system, which is notorious for its better accuracy compared to a single model, against the transferability of adversarial attacks. Finally, we examine Detect & Reject as a defensive mechanism to limit the effect of the transferability property of adversarial network traffic against machine learning-based intrusion detection systems.

The Internet of Things (IoTs) is regarded as a future trend following the Internet revolution. Many of us now use physical and electronic devices in our daily lives to perform and deliver specific services. All physical and electronic devices are linked together in IoT networks. Some of these devices, known as constrained devices, are battery-powered and operate in low-energy mode. Therefore, to allow communication and forward packets between constrained devices. The routing protocol for a low-power and lossy network (RPL) is proposed. RPL, on the other hand, is not an energy-aware protocol, making it vulnerable to a wide range of security threats. Denial of Service (DDoS) flooding attacks were the most significant attacks that targeted RPL. Hence, a reliable method for detecting DDoS flooding-based RPL attacks is required. In this paper, an ensemble Feature Selection (FS) approach for detecting DDoS attacks in RPL networks is presented. The proposed approach employs three bio-inspired algorithms to select the optimal subset of features that contribute to high detection accuracy. Furthermore, Support Vector Machine (SVM) is used as a classification algorithm to evaluate the subset of features produced by bio-inspired algorithms. Finally, the proposed approach is expected to significantly detect and identify DDoS flooding attack patterns in RPL networks.

Dynamic environments such as networks prone to various types of attacks, therefore fast and robust solutions are needed to deal with rapidly changing attacks. Intrusion Detection Systems (IDSs) play a vital role in cybersecurity to detect any attack or threat in the network. This paper introduced the IDS model using the Synthetic Minority Oversampling Technique and Random Forest algorithm (IDS-SMOTE-RF) to detect different types of attacks. In this model, we have used SMOTE Technique to deal with a class imbalanced problem and RF classifier that has improved performance to detect types of attack. In the experiment, we used the NSL-KDD dataset to train and test the model and introduced a comparison between the IDS-SMOTE-RF model with Adaboost (AB), Logistic Regression (LR), and Support Vector Machine (SVM) classifiers based on accuracy, precision, recall, f1-score, and time metrics for both binary and multi-class classification. The results of the experiment showed that the IDS-SMOTE-RF model achieved high accuracy compared with previous relevant work and was efficient for Big Data.

Phishing attacks are security attacks that do not affect only individuals or organisations websites, but it may affect Internet of Things (IoT) devices and networks. IoT environment is an exposed environment for such attacks. Attackers may use thingbots software for dispersal hidden junk emails that not noticed by users. Machine and deep learning and other methods were used to design detection methods for these attacks. However, there still a need to enhance the detection accuracy. An optimized ensemble classification method for phishing website detection is proposed in this study. A Genetic Algorithm (GA) was used to optimize the ensemble classification method by tuning the parameters of several ensemble Machine Learning (ML) methods, including Random Forest, AdaBoost, and XGBoost. These were accomplished by ranking the optimized classifiers to pick out the best classifiers as a base for stacking ensemble method. A phishing website dataset that made up of 4898 phishing websites and 6157 legitimate websites was used for this study experiments. As a result, detection accuracy was enhanced and reached 97.16%.

The Internet has had a profound impact on our daily lives since its inception. It has become a determining element in how we interact and do business, particularly in terms of our ability to access information, jobs, our ability to stay connected, our company’s chances of survival, our ability to thrive in the workplace, and education, etc. There are several everyday problems for which the Internet provides resources, such as software and hardware solutions that we may rely on in times of crisis. The abundance of software and computational services offered by the Internet has introduced new challenges for what was previously unknown, i.e., within the plethora of resources available, users cannot work out which tool to use to solve the problem. The collection and review of freely accessible material, often from online sources that are freely accessible to the general public, is referred to as open-source intelligence (OSINT). With the plethora of OSINT tools available, it has become difficult for users to choose the best tool for the given problem. This article presents a framework for identifying OSINT tools that are most appropriate for solving given problems. The proposed framework is user-friendly and provides tools based on MIME types or advanced search features. The framework has been evaluated by subject experts and has shown to be an invaluable resource for end-user tool recommendations.

Neighbour Discovery Protocol is vulnerable to various attacks, such as DoS flooding attack that uses excessive amount of Router Advertisement (RA) and Neighbour Solicitation (NS) messages to flood the network, causing congestion and breaking down the network. There are several existing approaches to detect RA and NS DoS flooding attacks. However, these approaches either rely on a packet-based traffic representation, which is inefficient for high-speed networks; or static threshold, which leads to high false-positive rate. Thus, this work proposes a flow-based approach with innovative design to detect RA and NS DoS flooding attacks. The proposed approach utilizes flow-based traffic representation to accommodate high-speed networks. Also, the proposed approach utilizes three algorithms to address the existing approaches’ drawbacks: Entropy-Based Algorithm (EBA), Adaptive Threshold algorithm, and rule-based technique. The EBA is more sensitive and more appropriate for detecting abnormal network traffic. The Adaptive Threshold algorithm can be defined as dynamic values that are used as a baseline for NDP abnormal behavior. Finally, the rule-based technique can operate as a classifier of network traffic behavior and generate specific rules for detecting abnormal NDP-based attacks.

For the time being, the advances of the Internet technologies in respect of a wide-spread development and the fixed nature of traditional networks have the restricted capacity to satisfy organizational business requirements. Software-Defined Networking (SDN) as a new network architecture presented to overcome these challenges and issues of the existing network topologies and provide peculiar features. However, these programmable and centralized architectures of SDN suffer from new security threats, which require innovative security approaches and techniques such as Intrusion Detection Systems (IDSs). Currently, most of the IDS of SDN are implemented with a machine learning method; however, a deep learning method is also being utilized to satisfy better detection performance. Still, no recent comprehensive review of IDS has been conducted; therefore, this article provides an inclusive and detailed overview and analysis of the SDN with its security issues and attacks and IDS-based on deep learning as a solution for the security issue, to highlight their strengths and weaknesses, and then derive future research directions from these shortcomings.

Phishing attacks are security attacks that affect individuals and organisations websites. I addition, it may also devices and networks such as Internet of Things (IoT) devices and networks. IoT networks are exposed environment for phishing attacks. Thingbots software in IoT devices can be utilized by attackers for spreading hidden and unnoticed spam emails. Several approaches such as machine learning, deep learning and others were used to create and design detection methods for phishing attacks. However, these methods detection accuracy still not enough and need to be enhanced. Anew proposed method for phishing website detection that based on optimized ensemble classification method is suggested in the present study. in this proposed method, A Genetic Algorithm (GA) was used to optimize the ensemble classification method by tuning the parameters of several ensemble machine learning methods, including Bagging, GradientBoost, and LightGBM. These were accomplished by ranking the optimized classifiers to pick out the best three models as base classifiers of a stacking ensemble method. A dataset of websites that made up of 44% phishing websites (4898) and 5\% legitimate websites (6157) was used for the present study experiments. As a come out, with the proposed detection method, detection accuracy was enhanced and reached 97.16%.

Signaling System No. 7 (SS7) network standard was designed and built only for the networks of credible partners. By design, the signalling communication network neither protects the communication channel nor validates the network peers. The SS7 signalling network protocol has shortcomings such as the inability to verify the identity of the subscriber and their location, as well as the lack of an illegitimate message filtering system. Thus, an attackers could use these vulnerabilities to impose threats including intercepting mobile communications, performing account frauds, tracking subscribers and denial of service attacks. This study aims to develop a defensive model for anomaly detection by estimating the origin and destination with travel time correlation of incoming update location requests. The proposed method’s performance is assessed using synthetic datasets, and the findings exhibit that the suggested model has higher anomaly detection accuracy with a low false alarm rate compared to existing methods.

With the unprecedented worldwide crisis of Covid-19, people with no choice have to change their lives, behaviours and the nature of their works. They have to adopt technology to continue their work, education, and communication. While more data are being uploaded, shared, processed, managed, and saved over the internet, there would be huge data generated frequently. Therefore, there is a big demand to use extra cloud capacity to access these data from everywhere at any time without restrictions. Also, to ensure use them safely and securely. Technology plays a vital role to overcome some of the challenges caused by Covid-19. For example, adopting cloud computing during pandemic has become double to handle the highest accelerating of process data through the cloud. However, the sudden and heavy use of cloud computing alerts the attack of cyber security. Therefore, this adds a threat to the security for different organisations around the world. Attackers are targeting vulnerable people who work, study, do personal business over the internet. In this research, we mainly analyse two types of data sources that have heavily uploaded to the cloud during Covid-19 time. These include data from educational institutes and business organisations. We propose a protocol with a sequence of steps-based a level of security required. We present three levels of security: high, medium, and low. Once a user or organisation identifies the desired security, the best match level of the security required will be easily selected accordingly. Our protocol is easy, affordable, and can be modified and adjusted. It can be used by a large popularity of people with different background and knowledge.

With the growing volume of network throughput, packet transmission and security threats and attacks in Fog computing, the study of Intrusion Detection Systems (IDSs) in this environment has grabbed a lot of attention in the computer science field in general, and security field in particular. Since Fog, computing can be depicted as an emerging cloud-like platform holding similar data, information, computation, storage resources and application services, but is principally distinct in that it is decentralized platform. Besides, as aforementioned, Fog Computing is capable of processing huge volume of data locally, operate on premise, that is totally portable, and can be installed on several heterogeneous hardware devices; thus these characteristics make it highly vulnerable for time and location-sensitive applications; and therefore vulnerable to security attacks targeting sensitive data, virtualization technique, segregation, network resources and others. Existing IDSs pose challenges and shortcomings such as consumption of huge computational resources, capricious intrusion categories, and so forth. However, there is a number of prior studies to highlight the existing IDS issues in Fog Computing, but still there is a need to provide more comprehensive review of the most recent studies conducted in the same area to provide a more elaborated clear image for a comprehensive review. Through the inclusive review and advanced organization of this article, a new taxonomy is provided to categorize recent IDSs in Fog Computing.

In recent years, edge computing has emerged as a promising technology due to its unique feature of real-time computing and parallel processing. They provide computing and storage capability closer to the data source and bypass the distant links to the cloud. The edge data analytics process the ubiquitous data on the edge layer to offer real-time interactions for the application. However, this process can be prone to security threats like gaining malicious access or manipulate sensitive data. This can lead to the intruder's control, alter, or add erroneous data affecting the integrity and data analysis efficiency. Due to the lack of transparency of stakeholders processing edge data, it is challenging to identify the vulnerabilities. Many reviews are available on data security issues on the edge layer; however, they do not address integrity issues exclusively. Therefore, this paper concentrates only on data integrity threats that directly influence edge data analysis. Further shortcomings in existing work are identified with few research directions.

Software Defined Network SDN is a programmable network with the new architecture of separating control functions from the switching devices. The new paradigm of SDN still not secured enough due to the differences in compared to the legacy network. SDN security is considered as key concern and challenge while it’s unproven in regard to the single point of controlling and management – centralized controller - which it may become a target for attackers. This paper surveys the overview of SDN, and its characteristics, as well as, APIs interface in order to understand the background of SDN. The security issues and threats are surveyed with proposed solutions to those issues.

Deep Fakes are the media that takes the person’s image in an existing photograph, audio recording, or video and replaces them with another person’s likeness by making use of synthetic intelligence and device mastering. In this era, everybody can get easy access to software packages and tools to create deep fake videos. Existing techniques are constructed with the usage of the lip synchronization, mouth features artifacts and are commonly designed for detection of single frames. The proposed model, CLH (CNN+LSTM hybrid model) considers various parameters such as eye blinking, blurriness, skin tone, skin color, changes in lighting, lip syncing, and position to detect the fake videos. The CLH model employs “Convolutional Neural Networks (CNN)” and “Long Short-Term Memory (LSTM)” for detecting a deep fake video. The original videos and deep fake (high quality + low quality) videos were used in training the model. Datasets such as Celeb-DF, face forensics ++, Deep fake TIMIT, and fake videos developed by Facebook were used to train and evaluate the model, so that an efficient model is constructed. The proposed CLH model achieved a high accuracy of more than 90% and a low false positive rate of less than 5%. The CLH model is also compared with other models on the market and analyzed to understand the significance of the work.

The growth of social commerce has opened a new business model and enhanced electronic word-of-mouth sharing. However, how the information is shared and exchanged and how to improve consumers’ benefits based on their information sharing on social commerce is still an unexplored path. Therefore, this paper aims to identify the key factors affecting consumer information sharing on Facebook and propose solutions to improving customer engagement with the brand through information sharing on Facebook. Data were collected through a survey of 200 Facebook users in Vietnam. SPSS software was adopted to analyze the survey data. Finding reveals that extraversion, neuroticism, hedonic value, arousal, and brand love positively impact customer information sharing, and perceived privacy risk has a negative effect on the customer information sharing on the Facebook brand page. There are managerial implications regarding social media strategies for companies or brand managers to achieve better customer engagement on Facebook brand pages through information sharing.

A web application is a software system that provides its users with an interface via a web browser on any operating system. Despite the increasing popularity of web applications, the security threat in web applications has become more diverse, resulting in more severe damage. In poorly designed web applications, malware attacks, particularly SQL injection attacks, are common. This vulnerability has been known for over two decades and remains a source of concern to this day. In this paper, we summarize fourteen different types of SQL injection attacks and their consequences for web applications. The primary goal of our research is to examine the various methods for preventing SQL injection. This paper presents an analysis of the best preventative mechanism against SQL injection attacks.

With the huge services provided by machine learning systems in our daily life, the attacks on these services are increasing every day. The attackers are trying to distort the functionality of these services and change their real duty by falsifying the function using the principle of intoxication. The poisoned system gives the unauthorized person the right to enter and exit the system as a legal person at anytime and anywhere. This could degrade the credibility of systems built using intelligent technologies. The paper extensively introduces the mechanisms of a data poisoning attack. Data poisoning attacks target systems based on machine learning technology, with explanations of the attack mechanisms targeting data sources and the intelligence model during either the training or testing phases. Defense methods presented by researchers in this field have also been described by defense strategies presented in the literature. The risks and effects caused by this attack are also described, and what are the future solutions that give opportunities for researchers working in this field to avoid and repel this attack perfectly.