This systematic literature review scrutinizes the implementation and analysis of zk-SNARK, zk-STARK, and Bulletproof non-interactive zero-knowledge proof (NIZKP) protocols in privacy-preserving applications across diverse sectors. Examining 43 research works published from 2015 to April 2023, we categorized findings into financial, medical, business, general, and other domains. Our analysis highlights significant variations in real-world performance across implementations utilizing NIZKP protocols. However, divergent methodologies in security analyses hindered conclusive comparisons. Addressing research gaps, our future endeavors aim to establish a real-world benchmark for these protocols.
The detection of unknown malicious non-programmable executable Microsoft Office files is essential for maintaining the security of computer systems and networks. Despite implementation and subsequent releases of new security protocols in Microsoft Office, documents-based viruses are still common in 2023. Most of these attacks are carried out using Microsoft Office documents. Recently, Non-Programmable Executable (NPE) in Microsoft Office documents have been used to attack many organizations. With the help of minor changes in the behavior of these office documents, document-based viruses make antivirus useless in detecting them. This paper proposes a machine learning approach, artificial intelligence-based anti-malware that can be used to detect the presence of malicious entities inside Microsoft Office documents. The detection capabilities of the anti-malware enhance over time. With the help of machine learning and hidden feature extraction (HFEM) and analysis, a malware detection model is designed to detect any malicious activity inside a Microsoft Office file. To address that issue, the model proposed in this paper integrates self-learning techniques that can be used by antivirus teams during their research while improving the detection capabilities of the antivirus software. The proposed model detects whether the files are malicious or benign and ensures that no files bypass the antivirus and harm the user. The proposed model achieved 99.9% accuracy in detecting malicious files, which is comparatively better than most existing antivirus software. The processing speed is five files per second which are helpful in terms of saving time.
Phishing attacks are thoroughly engineered attacks where the attackers use emails, messages, and websites of reputed sources as a medium to trick their targets into sharing sensitive content. This sensitive content primarily consists of their financial information, in the case of small attacks whereas some planned advanced attacks also target to obtain their login information. In the past few years, there has been a noticeable shift in attackers’ priorities, moving away from targeting individuals and instead concentrating on the organization’s employees. It is also observed that most cyber-attacks are the result of employee negligence. Due to the widespread availability of phishing kits and the expansion of ransomware as a service (RaaS), aspiring hackers now possess a straightforward method to defraud individuals. What is particularly worrisome about this growing trend is that individuals lacking technical expertise are engaging in such activities using simple tools and online instructional materials. Machine learning can help in recognizing different phishing attacks and patterns. We describe several classical algorithms to detect Phishing attacks. We aim to utilize machine learning techniques like Multilayer perceptron, Random Forest, XG Boost, and different classifiers for detection. This paper will compare various studies for detecting phishing attacks using each Artificial Intelligence technique: Deep Learning and Machine learning. In order to enhance our study, we have also listed various other conventional methods of detection that do not utilize the benefits of training through machine learning models.
Nowadays, Internet of Things applications today use hardware security modules to ensure secure communication. The elliptic curve is a fundamental aspect of contemporary cryptography. Due to its smaller key requirement than other public key algorithms, the elliptic curve is frequently used in wireless installations, mobile networks, and credit cards. Elliptic Curve Cryptography has the advantage of increasing system performance, utilising fewer resources, and providing security for a smaller key than other techniques. The technique of Elliptic Curve is carefully studied in this article by developing a categorization based on previous analyses and evaluations in this subject.
In the ever-evolving landscape of cybersecurity, the application of game theoretic models has emerged as a powerful and innovative approach to enhance our understanding and management of cyber threats. This abstract explores the application of a variant of game theoretic models within the context of a Cyber Threat Intelligence (CTI) framework. With the proliferation of cyber-attacks targeting critical infrastructure, sensitive data, and national security, it has become imperative to develop proactive and adaptive strategies for threat detection, mitigation, and response. The variant of game theoretic models discussed in this abstract departs from traditional game theory by incorporating elements of dynamic adaptation and machine learning. This adaptation enables the framework to model and analyze the intricate and rapidly changing interactions between threat actors and defenders in real-time, thereby providing a more accurate representation of the evolving threat landscape. By leveraging machine learning algorithms, the model can continuously learn and adapt to new threats and tactics, making it a versatile tool for CTI. This abstract also explores the practical applications of the variant model in various aspects of cybersecurity, including threat actor profiling, vulnerability assessment, and decision support for incident response. By considering the strategic motivations and behaviors of threat actors, organizations can make informed decisions regarding resource allocation, risk assessment, and security investments. The integration of this variant of game theoretic models into CTI holds great potential to revolutionize our approach to cybersecurity, enabling organizations to stay one step ahead of adversaries. As the digital world becomes increasingly complex, the ability to predict, mitigate, and adapt to cyber threats is crucial for safeguarding critical assets and ensuring the resilience of digital infrastructure. This paper highlights the significance of this innovative approach and its potential to shape the future of cyber threat intelligence and cybersecurity practices.
In the realm of social media, cyberbullying’s pervasive impact raises urgent concerns about its emotional and psychological toll on victims. This study addresses the imperative of effectively detecting cyberbullying. By leveraging ML and DL techniques, we aim to develop reliable methods that accurately identify instances of cyberbullying in social media data, enhancing detection efficiency and accuracy. This facilitates timely intervention and support for affected individuals. In this comprehensive analysis of existing systems, various ML and DL models are extensively texted for cyberbullying detection. The evaluated models include Random Forest, XgBoost, Naive Bayes, SVM, CNN, RNN, and BERT. Pre-processed datasets are utilized to train and evaluate the models. To evaluate the ability of each model to reliably identify cyberbullying in social media data, performance metrics such as F1 score, recall, precision, and accuracy are used. The findings of this study demonstrate the efficacy of different ML and DL models in monitoring cyberbullying in social media data. Among the models evaluated, the BERT model exhibits exceptional performance, achieving the highest accuracy rates of 88 .8% for binary classification and 86 .6% for multiclass classification.
This paper shows how the Generalized Novel Enhancement Quantum Representation (GNEQR) and the Novel Enhancement Quantum Representation (NEQR) can encrypt color and grayscale healthcare images with quantum algorithms. The proposed method ensures the security of medical media, which is crucial for safeguarding patient confidentiality and safety, and is supported by e-health systems. Healthcare facility staff members send cipher color images to the cloud, which they then receive at a different facility. By decrypting the content of the images, healthcare staff can securely assist users. C# and Asp.net core MVC on Visual Studio 2022 were utilized to implement the proposed encryption approach, and Azure cloud was used. The e-health system gives the proposed method a safe and effective way to be used in real life. The proposed algorithm uses bit-plane scrambling to scramble the original image. Then, a 9D chaotic map is utilized to generate an image key, which is used to produce the key image and the scrambled position. A quantum XOR operation is performed between the scrambled image and the scrambled position of the key image. The final encrypted image is made by mixing up the color channels of the image. A similar approach is followed for grayscale images, but instead of using GNEQR, a Novel Enhancement Quantum Representation (NEQR) is employed. Additionally, the color channels are not scrambled in this case. Analyses of numbers and simulations show that the proposed method is more effective, reliable, and useful than its classical counterpart. The proposed method can be used with different types of medical images, such as those from radiology and pathology, and can be used in telemedicine. It provides a secure way to transmit medical images without compromising patient privacy. Overall, the proposed framework for quantum encryption of healthcare images using GNEQR and NEQR could change how medical images are sent and protected. It is expected to impact the healthcare industry significantly and can be applied in various e-health systems.
An intentional alteration of data stored in a computer through the use of malicious code is a cyber-attack, that exploits networks and computer systems. The data may be compromised and this may have disruptive implications. Cyberattacks can lead to two cybercrimes: information theft and identity theft. Extreme care must be taken to protect sensitive data. Cryptography and steganography are used to protect private information being delivered through a risky channel. These techniques don’t have much power on their own. Combining the two allows us to conceal information. In this paper, we proposed an image data-hiding technique that uses steganographic method along with visual cryptography to provide better security to the images. Even though extensive research work has been done previously, but most of the research works did not provide adequate security to the images even after its encryption. The method proposed in this paper is capable of hiding some secret message in the least significant bits of the original image, thereby hiding the secret message in a way to make its detection difficult. We, then apply visual cryptography algorithms to the resulting secret image. Thereby, creating shares of the secret image, which are noise-like structures. The proposed method hides these shares in the least significant bits of different images so as to create three levels of security for the message. The main motive of the proposed work is to combine the use of data-hiding techniques, steganography, and visual cryptography, for designing a more secure algorithm so that the security, reliability, and efficiency of secret messages can be improved. At last, we implement the designed framework using Matlab simulation
This article looks at Healthcare and the issues that exist with current cybersecurity measures. As attacks, including those related to ransomware become more commonplace it is important to provide safeguards to protect the data of patients and healthcare organizations. Examples of cybersecurity breaches are looked at with insights shared on how they happened and what could have been done to prevent them. Rather than the original perimeter security approach which many organizations took a newer approach known as Zero-Trust looks at how to neutralize attacks even if a hacker has penetrated the perimeter security. Key areas involved in Zero-Trust are reviewed and explained as to how the applicability to healthcare can make a difference in protecting individuals and healthcare organizations.
Ransomware is a menace to the vibrant digital ecosystem. The exponential growth in ransomware attacks, its detrimental impacts, and the ever-changing methods adopted by threat actor groups demands a focused understanding of the evolution of ransomware. This would help the organizations devise novel defensive frameworks and security controls against the modern ransomware. In this work, the impacts and evolution of ransomware through different phases up to its current form are detailed. Further, based on the study and analysis of the most prevalent modern ransomware variants, their most used tactics, techniques and procedures (TTPs) are identified as per the MITRE ATT&CK model. This acts as a platform to propose a generic attack model for ‘modern ransomware’. Building on the existing MITRE mitigation, D3FEND-based approaches and considering the resource and budget constraints of organizations, a simplified three-tier defensive model that is cost-effective and implementable is put forward. Thus, this work aims to open avenues for understanding the TTPs, and attack methodology of ‘modern ransomware’, thereby developing feasible and implementable defensive security controls.