Search results

Today, online shopping and online business has become a new norm especially in the current pandemic scenario. With more businesses running online, cyber criminals are coming up with different tactics to steal identity and sensitive information such as credit card and banking credentials either for personal monetary gain or to sell in the dark Web. One form of such attack that is seen in the recent times is formjacking attack. This paper aims to review the current scenario of formjacking attack and its modus operandi. The paper also provides certain counter measures that can be adopted by the users and website owners.

The paper mainly focuses on the modus operandi of formjacking attack to understand the severity of the problem. Based on the way the attack is carried out, some guidelines to be followed are provided. Later, a brief review of machine learning techniques is furnished to understand how it may help as secure defense mechanism.

Formjacking attacks are on a rise in the past two years, especially during the holiday season. Cyber criminals have been using smart tactics to carry out these attacks which are very difficult to detect. Machine learning techniques may prove to be effective in combating these attacks.

Formjacking attack is not just a concern of the customers who may lose their sensitive data, but the onus also lies on the companies itself to ensure they protect their customer’s data from theft. Not much research is found regarding formjacking attack, as it is relatively a new form of attack. The paper reviews this attack and provides some measure that can be followed. It also provides few guidelines which can be used for further research in devising a security tool to mitigate this problem.

Denial-of-service (DoS) attacks develop unauthorized entry to various network services and user information by building traffic that creates multiple requests simultaneously making the system unavailable to users. Protection of internet services requires effective DoS attack detection to keep an eye on traffic passing across protected networks, freeing the protected internet servers from surveillance threats and ensuring they can focus on offering high-quality services with the fewest response times possible.

This paper aims to develop a hybrid optimization-based deep learning model to precisely detect DoS attacks.

The designed Aquila deer hunting optimization-enabled deep belief network technique achieved improved performance with an accuracy of 92.8%, a true positive rate of 92.8% and a true negative rate of 93.6.

The introduced detection approach effectively detects DoS attacks available on the internet.

The main purpose of this study was to determine the basic aerodynamic characteristics of the airliner Tu-154M at the wide range of the overcritical angles of attack and sideslip angles, i.e. α = −900° ÷ 900° and β = −900° ÷ 900°.

Wind tunnel tests of the Tu-154M aircraft model at the scale 1:20 were performed in a low-speed wind tunnel T-3 by using a six-component internal aerodynamic balance. Several model configurations were also investigated.

The results of the presented studies showed that at the wide range of the overcritical angles of attack and sideslip angles, i.e. α = −900° ÷ 900° and β = −900° ÷ 900°, the Tu-154M aircraft flap deflection affected the values of the drag and lift coefficients and generally had no major effect on the values of the side force and pitching moment coefficients.

The model vibration which was the result of flow separation at high angles of attack was the wind tunnel test limitation.

Studies of the airliner aerodynamic characteristics at the wide range of the overcritical angles of attack and sideslip angles allow assessment of the aircraft aerodynamic properties during possible unexpected situations when the passenger aircraft is found to have gone beyond the conventional flight envelope.

There are no social implications of this study to report.

The presented wind tunnel test results of the airliner aerodynamic characteristics at overcritical angles of attack and sideslip angles is an original contribution to the existing not-too-extensive database available in the literature.

With the rapid development of Internet technology, cybersecurity threats such as security loopholes, data leaks, network fraud, and ransomware have become increasingly prominent, and organized and purposeful cyberattacks have increased, posing more challenges to cybersecurity protection. Therefore, reliable network risk assessment methods and effective network security protection schemes are urgently needed.

Based on the dynamic behavior patterns of attackers and defenders, a Bayesian network attack graph is constructed, and a multitarget risk dynamic assessment model is proposed based on network availability, network utilization impact and vulnerability attack possibility. Then, the self-organizing multiobjective evolutionary algorithm based on grey wolf optimization is proposed. And the authors use this algorithm to solve the multiobjective risk assessment model, and a variety of different attack strategies are obtained.

The experimental results demonstrate that the method yields 29 distinct attack strategies, and then attacker's preferences can be obtained according to these attack strategies. Furthermore, the method efficiently addresses the security assessment problem involving multiple decision variables, thereby providing constructive guidance for the construction of security network, security reinforcement and active defense.

A method for network risk assessment methods is given. And this study proposed a multiobjective risk dynamic assessment model based on network availability, network utilization impact and the possibility of vulnerability attacks. The example demonstrates the effectiveness of the method in addressing network security risks.

Recently, deep learning (DL) has been widely applied in various aspects of human endeavors. However, studies have shown that DL models may also be a primary cause of data leakage, which raises new data privacy concerns. Membership inference attacks (MIAs) are prominent threats to user privacy from DL model training data, as attackers investigate whether specific data samples exist in the training data of a target model. Therefore, the aim of this study is to develop a method for defending against MIAs and protecting data privacy.

One possible solution is to propose an MIA defense method that involves adjusting the model’s output by mapping the output to a distribution with equal probability density. This approach effectively preserves the accuracy of classification predictions while simultaneously preventing attackers from identifying the training data.

Experiments demonstrate that the proposed defense method is effective in reducing the classification accuracy of MIAs to below 50%. Because MIAs are viewed as a binary classification model, the proposed method effectively prevents privacy leakage and improves data privacy protection.

The method is only designed to defend against MIA in black-box classification models.

The proposed MIA defense method is effective and has a low cost. Therefore, the method enables us to protect data privacy without incurring significant additional expenses.

In vehicular ad hoc networks (VANETs), the information transmitted is broadcast in a free access environment. Therefore, VANETs are vulnerable against attacks that can directly perturb the performance of the networks and then provoke big fall of capability. Black hole attack is an example such attack, where the attacker node pretends that having the shortest path to the destination node and then drops the packets. This paper aims to present a new method to detect the black hole attack in real-time in a VANET network.

This method is based on capability indicators that are widely used in industrial production processes. If the different capability indicators are greater than 1.33 and the stability ratio (S_r) is greater than 75%, the network is stable and the vehicles are communicating in an environment without the black hole attack. When the malicious nodes representing the black hole attacks are activated one by one, the fall of capability becomes more visible and the network is unstable, out of control and unmanaged, due to the presence of the attacks. The simulations were conducted using NS-3 for the network simulation and simulation of urban mobility for generating the mobility model.

The proposed mechanism does not impose significant overheads or extensive modifications in the standard Institute of Electrical and Electronics Engineers 802.11p or in the routing protocols. In addition, it can be implemented at any receiving node which allows identifying malicious nodes in real-time. The simulation results demonstrated the effectiveness of proposed scheme to detect the impact of the attack very early, especially with the use of the short-term capability indicators (Cp, Cpk and Cpm) of each performance metrics (throughput and packet loss ratio), which are more efficient at detecting quickly and very early the small deviations over a very short time. This study also calculated another indicator of network stability which is S_r, which allows to make a final decision if the network is under control and that the vehicles are communicating in an environment without the black hole attack.

According to the best of the authors’ knowledge, the method, using capability indicators for detecting the black hole attack in VANETs, has not been presented previously in the literature.

Various organizational landscapes have evolved to improve their business processes, increase production speed and reduce the cost of distribution and have integrated their Internet with small and medium scale enterprises (SMEs) and third-party vendors to improve business growth and increase global market share, including changing organizational requirements and business process collaborations. Benefits include a reduction in the cost of production, online services, online payments, product distribution channels and delivery in a supply chain environment. However, the integration has led to an exponential increase in cybercrimes, with adversaries using various attack methods to penetrate and exploit the organizational network. Thus, identifying the attack vectors in the event of cyberattacks is very important in mitigating cybercrimes effectively and has become inevitable. However, the invincibility nature of cybercrimes makes it challenging to detect and predict the threat probabilities and the cascading impact in an evolving organization landscape leading to malware, ransomware, data theft and denial of service attacks, among others. The paper explores the cybercrime threat landscape, considers the impact of the attacks and identifies mitigating circumstances to improve security controls in an evolving organizational landscape.

The approach follows two main cybercrime framework design principles that focus on existing attack detection phases and proposes a cybercrime mitigation framework (CCMF) that uses detect, assess, analyze, evaluate and respond phases and subphases to reduce the attack surface. The methods and implementation processes were derived by identifying an organizational goal, attack vectors, threat landscape, identification of attacks and models and validation of framework standards to improve security. The novelty contribution of this paper is threefold: first, the authors explore the existing threat landscapes, various cybercrimes, models and the methods that adversaries are deploying on organizations. Second, the authors propose a threat model required for mitigating the risk factors. Finally, the authors recommend control mechanisms in line with security standards to improve security.

The results show that cybercrimes can be mitigated using a CCMF to detect, assess, analyze, evaluate and respond to cybercrimes to improve security in an evolving organizational threat landscape.

The paper does not consider the organizational size between large organizations and SMEs. The challenges facing the evolving organizational threat landscape include vulnerabilities brought about by the integrations of various network nodes. Factor influencing these vulnerabilities includes inadequate threat intelligence gathering, a lack of third-party auditing and inadequate control mechanisms leading to various manipulations, exploitations, exfiltration and obfuscations.

Attack methods are applied to a case study for the implementation to evaluate the model based on the design principles. Inadequate cyber threat intelligence (CTI) gathering, inadequate attack modeling and security misconfigurations are some of the key factors leading to practical implications in mitigating cybercrimes.

There are no social implications; however, cybercrimes have severe consequences for organizations and third-party vendors that integrate their network systems, leading to legal and reputational damage.

The paper’s originality considers mitigating cybercrimes in an evolving organization landscape that requires strategic, tactical and operational management imperative using the proposed framework phases, including detect, assess, analyze, evaluate and respond phases and subphases to reduce the attack surface, which is currently inadequate.

The Denial of Service (DoS) attack is a category of intrusion that devours various services and resources of the organization by the dispersal of unusable traffic, so that reliable users are not capable of getting benefit from the services. In general, the DoS attackers preserve their independence by collaborating several victim machines and following authentic network traffic, which makes it more complex to detect the attack. Thus, these issues and demerits faced by existing DoS attack recognition schemes in cloud are specified as a major challenge to inventing a new attack recognition method.

This paper aims to detect DoS attack detection scheme, termed as sine cosine anti coronavirus optimization (SCACVO)-driven deep maxout network (DMN). The recorded log file is considered in this method for the attack detection process. Significant features are chosen based on Pearson correlation in the feature selection phase. The over sampling scheme is applied in the data augmentation phase, and then the attack detection is done using DMN. The DMN is trained by the SCACVO algorithm, which is formed by combining sine cosine optimization and anti-corona virus optimization techniques.

The SCACVO-based DMN offers maximum testing accuracy, true positive rate and true negative rate of 0.9412, 0.9541 and 0.9178, respectively.

The DoS attack detection using the proposed model is accurate and improves the effectiveness of the detection.

This study aims to focus on security measures for protecting transportation buildings from vehicle bomb attacks. It discusses ways to mitigate the effects of vehicle bomb terrorist attacks through architectural design decisions on transportation buildings.

The main research topic is the evaluation of architectural design decisions for vehicle bomb attacks at transportation buildings with the multi-criteria decision-making method. First, it was investigated which characteristics the impact of the explosion on the structures depended on. The measures for vehicle bomb attacks regarding the relationship between the urban scale and the building were determined by four main criteria and 17 sub-criteria. Due to the complex and ambiguous nature of architectural design, these criteria were evaluated by the analytic hierarchy processes. After the criteria weights were obtained, the alternative sample buildings, including the train stations and airports, were evaluated with the Technique for Order Preference by Similarity to an Ideal Solution method.

The site security design was determined as the most effective component for vehicle bomb attacks among the main criteria. The most important sub-criterion was the perimeter firewall. In the evaluations of the alternatives, it was determined that airports performed better against vehicle bomb attacks in terms of architectural design requirements than train stations.

This research contributes to the literature for the countries where explosions occur intensively by determining the importance of architectural design parameters for the transportation buildings and surroundings against vehicle bomb attacks. This study provides an evaluation model based on transportation buildings considering the relationship between the urban scale and the building itself.

Cyber terrorism poses a serious technology risk to businesses and the economies they operate in. Cyber terrorism is a digital attack on computers, networks or digital information systems, carried out to coerce people or governments to further the social or political objectives of the attacker. Cyber terrorism is costly in terms of impaired operations and damaged assets. Cyber terrorism harms a firm’s reputation, thereby negatively affecting a firm’s stock market valuation. This poses grave worries to company management, financial analysts, creditors and investors. This study aims to evaluate the effect of cyber terrorism on the market value of publicly traded firms.

Financial information was obtained on business firms that were featured in news stories as targets of cyber terrorism. The firm’s stock price was recorded for 1, 3 and 7 days before and after the news article. Percentage changes in the firm’s stock price were compared to percentage changes in the Dow Jones Index to ascertain whether the firm’s stock price went up or down matching the market overall.

Results indicate that stock prices are significantly negatively affected by news of cyber terrorist attacks on companies. In all three time periods after the cyber terrorist attack, there was a significant negative decline in the stock value relative to the Dow Jones Index. Thus, the market valuation of the firm is damaged. As a result, the shareholders and institutions are financially damaged. Furthermore, exposed system vulnerability may lead to loss of business from consumers who have reduced confidence in the firm’s operations.

This paper examines the risks posed by cyber terrorism, including its impact on individual business firms, which in turn affect entire national economic systems. This makes clear the high value of cybersecurity in safeguarding computer systems. Taking steps to avoid being a victim of cyber terrorism is an important aspect of cybersecurity. Preventative steps are normally far less costly than rebuilding an information system after a cyber terrorist attack.

This study is original in examining the effect of cyber terrorism on the stock value of a company.