-
Sensors (Basel, Switzerland) Jun 2024Cyber-physical systems (CPS) are vital in automating complex tasks across various sectors, yet they face significant vulnerabilities due to the rising threats of...
Cyber-physical systems (CPS) are vital in automating complex tasks across various sectors, yet they face significant vulnerabilities due to the rising threats of cybersecurity attacks. The recent surge in cyber-attacks on critical infrastructure (CI) and industrial control systems (ICSs), with a 150% increase in 2022 affecting over 150 industrial operations, underscores the urgent need for advanced cybersecurity strategies and education. To meet this requirement, we develop a specialised cyber-physical testbed (CPT) tailored for transportation CI, featuring a simplified yet effective automated level-crossing system. This hybrid CPT serves as a cost-effective, high-fidelity, and safe platform to facilitate cybersecurity education and research. High-fidelity networking and low-cost development are achieved by emulating the essential ICS components using single-board computers (SBC) and open-source solutions. The physical implementation of an automated level-crossing visualised the tangible consequences on real-world systems while emphasising their potential impact. The meticulous selection of sensors enhances the CPT, allowing for the demonstration of analogue transduction attacks on this physical implementation. Incorporating wireless access points into the CPT facilitates multi-user engagement and an infrared remote control streamlines the reinitialization effort and time after an attack. The SBCs overwhelm as traffic surges to 12 Mbps, demonstrating the consequences of denial-of-service attacks. Overall, the design offers a cost-effective, open-source, and modular solution that is simple to maintain, provides ample challenges for users, and supports future expansion.
PubMed: 38931707
DOI: 10.3390/s24123923 -
Sensors (Basel, Switzerland) Jun 2024Cyber-physical systems (CPSs), which combine computer science, control systems, and physical elements, have become essential in modern industrial and societal contexts.... (Review)
Review
Cyber-physical systems (CPSs), which combine computer science, control systems, and physical elements, have become essential in modern industrial and societal contexts. However, their extensive integration presents increasing security challenges, particularly due to recurring cyber attacks. Therefore, it is crucial to explore CPS security control. In this review, we systematically examine the prevalent cyber attacks affecting CPSs, such as denial of service, false data injection, and replay attacks, explaining their impacts on CPSs' operation and integrity, as well as summarizing classic attack detection methods. Regarding CPSs' security control approaches, we comprehensively outline protective strategies and technologies, including event-triggered control, switching control, predictive control, and optimal control. These approaches aim to effectively counter various cyber threats and strengthen CPSs' security and resilience. Lastly, we anticipate future advancements in CPS security control, envisioning strategies to address emerging cyber risks and innovations in intelligent security control techniques.
PubMed: 38931599
DOI: 10.3390/s24123815 -
Sensors (Basel, Switzerland) Jun 2024With the escalation in the size and complexity of modern Denial of Service attacks, there is a need for research in the context of Machine Learning (ML) used in attack...
With the escalation in the size and complexity of modern Denial of Service attacks, there is a need for research in the context of Machine Learning (ML) used in attack execution and defense against such attacks. This paper investigates the potential use of ML in generating behavioral telemetry data using Long Short-Term Memory network and spoofing requests for the analyzed traffic to look legitimate. For this research, a custom testing environment was built that listens for mouse and keyboard events and analyzes them accordingly. While the economic feasibility of this attack currently limits its immediate threat, advancements in technology could make it more cost-effective for attackers in the future. Therefore, proactive development of countermeasures remains essential to mitigate potential risks and stay ahead of evolving attack methods.
Topics: Machine Learning; Computer Security; Memory, Short-Term; Humans; Telemetry; Computer Communication Networks; Algorithms
PubMed: 38931520
DOI: 10.3390/s24123735 -
Sensors (Basel, Switzerland) Jun 2024In order to reduce the position errors of the Global Positioning System/Strapdown Inertial Navigation System (GPS/SINS) integrated navigation system during GPS denial,...
In order to reduce the position errors of the Global Positioning System/Strapdown Inertial Navigation System (GPS/SINS) integrated navigation system during GPS denial, this paper proposes a method based on the Particle Swarm Optimization-Back Propagation Neural Network (PSO-BPNN) to replace the GPS for positioning. The model relates the position information, velocity information, attitude information output by the SINS, and the navigation time to the position errors between the position information output by the SINS and the actual position information. The performance of the model is compared with the BPNN through an actual ship experiment. The results show that the PSO-BPNN can obviously reduce the position errors in the case of GPS signal denial.
PubMed: 38931505
DOI: 10.3390/s24123722 -
Risk Management and Healthcare Policy 2024Growing cyberattacks have made it more challenging to maintain healthcare information system (HIS) security in medical institutes, especially for hospitals that provide...
BACKGROUND
Growing cyberattacks have made it more challenging to maintain healthcare information system (HIS) security in medical institutes, especially for hospitals that provide patient portals to access patient information, such as electronic health record (EHR).
OBJECTIVE
This work aims to evaluate the patient portal security risk of Taiwan's EEC (EMR Exchange Center) member hospitals and analyze the association between patient portal security, hospital location, contract category and hospital type.
METHODS
We first collected the basic information of EEC member hospitals, including hospital location, contract category and hospital type. Then, the patient portal security of individual hospitals was evaluated by a well-known vulnerability scanner, UPGUARD, to assess website if vulnerable to high-level attacks such as denial of service attacks or ransomware attacks. Based on their UPSCAN scores, hospitals were classified into four security ratings: absolute low risk, low to medium risk, medium to high risk and high risk. Finally, the associations between security rating, contract category and hospital type were analyzed using chi-square tests.
RESULTS
We surveyed a total of 373 EEC member hospitals. Among them, 20 hospital patient portals were rated as "absolute low risk", 104 hospital patient portals as "low to medium risk", 99 hospital patient portals as "medium to high risk" and 150 hospital patient portals as "high risk". Further investigation revealed that the patient portal security of EEC member hospitals was significantly associated with the contract category and hospital type (<0.001).
CONCLUSION
The analysis results showed that large-scale hospitals generally had higher security levels, implying that the security of low-tier and small-scale hospitals may warrant reinforcement or strengthening. We suggest that hospitals should pay attention to the security risk assessment of their patient portals to preserve patient information privacy.
PubMed: 38910900
DOI: 10.2147/RMHP.S463408 -
BMC Public Health Jun 2024Social desirability can negatively affect the validity of self-reported measures, including underreporting of stigmatized behaviors like alcohol consumption. The...
BACKGROUND
Social desirability can negatively affect the validity of self-reported measures, including underreporting of stigmatized behaviors like alcohol consumption. The Marlowe-Crowne Social Desirability Scale (SDS) is widely implemented and comprised of Denial and Attribution Domains (i.e., tendencies to deny undesirable traits or attribute socially desirable traits to oneself, respectively). Yet, limited psychometric research has been conducted in sub-Saharan Africa, where the prevalence of unhealthy alcohol consumption is high as well as religiosity and hierarchical social norms. To address this gap, we (a) conducted an exploratory study assessing certain psychometric properties of the 28-item SDS (Runyankole-translated) among persons with HIV (PWH) in Uganda, and (b) examined the relationship between social desirability and self-reported alcohol use.
METHODS
We pooled baseline data (N = 1153) from three studies of PWH engaged in alcohol use from 2017 to 2021. We assessed the translated scale's construct validity (via confirmatory factor analysis), internal consistency, item performance, differential item functioning by gender, concurrent validity with the DUREL religiosity index domains, and the association between social desirability and self-reported alcohol use.
RESULTS
Participants had a mean age of 40.42 years, 63% were men, and 91% had an undetectable HIV viral load. The 28-item SDS had satisfactory construct validity (Model fit indices: RMSEA = 0.07, CFI = 0.84, TLI = 0.82) and internal consistency (Denial Domain Ω = 0.82, Attribution Domain Ω = 0.69). We excluded Item 14 ("I never hesitate to help someone in trouble") from the Attribution Domain, which mitigated differential measurement error by gender and slightly improved the construct validity (Model fit indices: RMSEA = 0.06, CFI = 0.86, TLI = 0.85) and reliability (Attribution Domain Ω = 0.72) of the 27-item modified SDS. Using the 27-item SDS, we found that social desirability was weakly correlated with religiosity and inversely associated with self-reported alcohol use after adjusting for biomarker-measured alcohol use and other confounders (β = -0.05, 95% confidence interval: -0.09 to -0.01, p-value = 0.03).
CONCLUSIONS
We detected and mitigated measurement error in the 28-item Runyankole-translated SDS, and found that the modified 27-item scale had satisfactory construct validity and internal consistency in our sample. Future studies should continue to evaluate the psychometric properties of the Runyankole-translated SDS, including retranslating Item 14 and reevaluating its performance.
Topics: Humans; Psychometrics; Male; Female; Social Desirability; HIV Infections; Adult; Uganda; Middle Aged; Self Report; Alcohol Drinking; Reproducibility of Results; Surveys and Questionnaires
PubMed: 38898463
DOI: 10.1186/s12889-024-18886-z -
Sensors (Basel, Switzerland) Jun 2024Internet of Things (IoT) technology has become an inevitable part of our daily lives. With the increase in usage of IoT Devices, manufacturers continuously develop IoT... (Review)
Review
Internet of Things (IoT) technology has become an inevitable part of our daily lives. With the increase in usage of IoT Devices, manufacturers continuously develop IoT technology. However, the security of IoT devices is left behind in those developments due to cost, size, and computational power limitations. Since these IoT devices are connected to the Internet and have low security levels, one of the main risks of these devices is being compromised by malicious malware and becoming part of IoT botnets. IoT botnets are used for launching different types of large-scale attacks including Distributed Denial-of-Service (DDoS) attacks. These attacks are continuously evolving, and researchers have conducted numerous analyses and studies in this area to narrow security vulnerabilities. This paper systematically reviews the prominent literature on IoT botnet DDoS attacks and detection techniques. Architecture IoT botnet DDoS attacks, evaluations of those attacks, and systematically categorized detection techniques are discussed in detail. The paper presents current threats and detection techniques, and some open research questions are recommended for future studies in this field.
PubMed: 38894365
DOI: 10.3390/s24113571 -
Sensors (Basel, Switzerland) May 2024The healthcare industry went through reformation by integrating the Internet of Medical Things (IoMT) to enable data harnessing by transmission mediums from different...
The healthcare industry went through reformation by integrating the Internet of Medical Things (IoMT) to enable data harnessing by transmission mediums from different devices, about patients to healthcare staff devices, for further analysis through cloud-based servers for proper diagnosis of patients, yielding efficient and accurate results. However, IoMT technology is accompanied by a set of drawbacks in terms of security risks and vulnerabilities, such as violating and exposing patients' sensitive and confidential data. Further, the network traffic data is prone to interception attacks caused by a wireless type of communication and alteration of data, which could cause unwanted outcomes. The advocated scheme provides insight into a robust Intrusion Detection System (IDS) for IoMT networks. It leverages a honeypot to divert attackers away from critical systems, reducing the attack surface. Additionally, the IDS employs an ensemble method combining Logistic Regression and K-Nearest Neighbor algorithms. This approach harnesses the strengths of both algorithms to improve attack detection accuracy and robustness. This work analyzes the impact, performance, accuracy, and precision outcomes of the used model on two IoMT-related datasets which contain multiple attack types such as Man-In-The-Middle (MITM), Data Injection, and Distributed Denial of Services (DDOS). The yielded results showed that the proposed ensemble method was effective in detecting intrusion attempts and classifying them as attacks or normal network traffic, with a high accuracy of 92.5% for the first dataset and 99.54% for the second dataset and a precision of 96.74% for the first dataset and 99.228% for the second dataset.
Topics: Computer Security; Internet of Things; Humans; Algorithms; Delivery of Health Care; Wireless Technology; Cloud Computing; Confidentiality
PubMed: 38894166
DOI: 10.3390/s24113375 -
Open Forum Infectious Diseases Jun 2024A vaccine for coccidioidomycosis is likely to undergo trials in the near future. In this paper, we raise 4 questions that should be answered before its use and offer our...
A vaccine for coccidioidomycosis is likely to undergo trials in the near future. In this paper, we raise 4 questions that should be answered before its use and offer our solutions to these questions. These include defining the goals of vaccination, determining who should be vaccinated, how to measure vaccine immunity and protection, and how to address vaccine hesitancy and denial.
PubMed: 38887487
DOI: 10.1093/ofid/ofae095 -
Scientific Reports Jun 2024In the rapidly evolving landscape of Internet of Things (IoT), Zigbee networks have emerged as a critical component for enabling wireless communication in a variety of...
In the rapidly evolving landscape of Internet of Things (IoT), Zigbee networks have emerged as a critical component for enabling wireless communication in a variety of applications. Despite their widespread adoption, Zigbee networks face significant security challenges, particularly in key management and network resilience against cyber attacks like distributed denial of service (DDoS). Traditional key rotation strategies often fall short in dynamically adapting to the ever-changing network conditions, leading to vulnerabilities in network security and efficiency. To address these challenges, this paper proposes a novel approach by implementing a reinforcement learning (RL) model for adaptive key rotation in Zigbee networks. We developed and tested this model against traditional periodic, anomaly detection-based, heuristic-based, and static key rotation methods in a simulated Zigbee network environment. Our comprehensive evaluation over a 30-day period focused on key performance metrics such as network efficiency, response to DDoS attacks, network resilience under various simulated attacks, latency, and packet loss in fluctuating traffic conditions. The results indicate that the RL model significantly outperforms traditional methods, demonstrating improved network efficiency, higher intrusion detection rates, faster response times, and superior resource management. The study underscores the potential of using artificial intelligence (AI)-driven, adaptive strategies for enhancing network security in IoT environments, paving the way for more robust and intelligent Zigbee network security solutions.
PubMed: 38886241
DOI: 10.1038/s41598-024-64895-8