The current state of development of OS security subsystems is analyzed. Attention is paid to the principles of building centralized security systems for network OSes based on dynamic transfer of control between network nodes. This provides increased resistance to leaks of confidential information as a result of the destructive effects of malicious software and computer attacks. A description of the process of dynamic transfer of control between computer network nodes is presented, and mechanisms for forming centralized security resource bases are considered. The issue of optimizing security resources that are subject to centralized control by the current network control node when using dynamic transfer of control between computer network nodes is also considered. Strategies for forming global privilege bases, security policies, and network connections during each cycle of control transfer from the current computer network node to the next are presented. Several series of experiments were conducted with a network of virtual machines running the FreeBSD 13.1 operating system, the results of which confirmed theoretical calculations and mathematical modeling. A comparative analysis of the effectiveness of full centralization of security resources and their partial centralization with dynamic control transfer between computer network nodes was performed. The advantages of the proposed approach were manifested in a reduction in the time of control transfer between network nodes by 37 percent, a reduction in the attack surface due to the minimization of points of influence of malicious software on the security system.
The sphere of information technologies has become a defining path of development of mankind, transforming not only the ways of its communication, but also the foundations of the world economy in all its directions. Our world and its vital processes have become critically dependent on the stable functioning of complex electronic systems and various software that processes, transmits and protects information. It is already clear that this direction of development is not a temporary phenomenon, but an objective stage of progress that has already determined the trajectory of the future, which has no turning back. We, as a society, have finally entered the information era, in which the dominant value is not material resources, but information.
Technological achievements of mankind are faced with new large-scale challenges, threats to information security, which today have become a constant background of digital life. Now success in any field, beit science, economics, or security is determined by the level of access to reliable information, the speed of its processing and the ability to protect it from external interference.
The relevance of the task of ensuring information protection and increasing the resistance of information systems to leaks of confidential information, despite the large-scale efforts of the planetary economy, does not decrease. The analysis of the state of information systems protection shows that this task remains extremely relevant today. Despite the fact that this problem is in the constant focus of attention of the scientific community and the large number of methods and means of protecting information systems proposed by it, it cannot be considered solved.
This article is aimed at solving the problems of OS resistance to leaks of confidential information processed in computer systems. Its purpose is to develop models of the process of random dynamic transfer of control between network nodes, their study in the direction of optimizing the security resources of the network OS, which are subject to centralized management, which in turn will allow reducing the OS's time spent on transferring control between nodes and, thereby, ensuring the continuity and stability of network management, which ultimately will lead to increasing the OS's resistance to information leaks.
OSs have gone through several technological stages in their development. Together with them, their security systems have also overcome this path, until they have really reached a level that can guarantee the protection of information processed in computer systems under their control. And all this in conditions of constant, ever-growing influence of malicious software, which in turn is constantly being improved. Developing under its continuous pressure, OS security systems today represent powerful control subsystems that include a large range of highly effective protective mechanisms. The architecture of OS security systems, especially network ones, has gone from decentralized to complexly organized centralized, covering all the resources of a modern computer system with its control. Thus, in [1] a model is presented that describes the interaction of protective mechanisms within the framework of a centralized security system for the OS of a network node, which allows building a security architecture of a network OS that minimizes the problem of leakage of confidential information during attacks on the system's RAM. The search for a balanced architecture of the OS security system that effectively ensures the stability of the OS is considered in [2].
Many works are devoted to methods for improving the operation of network incident response systems (IDS\IPS) and approaches that can be applied to increase the level of security in networks in terms of counteracting the leakage of confidential information [3, 4]. In [5], a new IDS system based on a combination of a multilayer perceptron network (MLP) is proposed. For software-defined networks (SDN), a mechanism based on the entropy values of the source and destination IP addresses of flows observed by the network controller is proposed [6]. In [7], an innovative approach is presented that provides proactive protection against destructive DDoS attacks. It is based on the use of an echo state network (ESN), specially designed for SDN. To detect DDoS traffic, in [8] a model is proposed that calculates its threshold value for applications using the network. In real time, using a machine learning (ML) model, it is determined whether this traffic is DDoS traffic. A new FLBC-IDS machine learning technique that combines horizontal federated learning (HFL), Hyperledger blockchain, and EfficientNet for intrusion detection is proposed in [9]. In [10], means for improving the efficiency of IDS systems that analyze and cluster network traffic are proposed. A new metric for evaluating IDS systems that takes into account the delay in detecting cyberattacks is presented in [11].
Analysis of the performance of IDS based on machine learning has shown its dependence on the implementation of functions, and the spatial and temporal correlation of network data attributes complicates the manual design of functions. The proposed IDS [12] uses an optimized one-dimensional convolutional neural network block and sufficient memory to automatically extract spatial and temporal features from the input data. In addition, a knowledge transfer method is used to transfer features, which allows detecting zero-day attacks.
Also, much attention is paid to strategies and mechanisms for protecting network OSs in terms of countering malicious software. A self-adaptive system based on SVM to ensure network resilience to botnet cyberattacks called BotGRABBER is considered in [13, 14]. Another self-adaptive system in which resilience is ensured by adaptive network reconfiguration is presented in [15]. In [16], a new method for detecting DDoS botnets is proposed based on the analysis of their network characteristics, and in [ 17] on the use of artificial immune system algorithms. A new step is the proposed distributed DDoS protection scheme based on shared agents [18], which detects and prevents DDoS attacks within Internet service providers (ISPs). The distributed security systems are reinforced by the genetic algorithm proposed in [19, 20], based on the selection and variations of search parameters. Another approach to ensuring network security is data storage based on the architecture of a semi-network OS [21]. Integrated management systems based on threat and risk models are proposed [22]. The idea of creating a secure OS with controlled complexity is promising [23]. In [24], another research direction was initiated, based on serverless security, which has a high potential for reliable protective measures.
An interesting solution is to supplement the OS security system with a memory isolation mechanism that does not allow bypassing it by virtualizing the memory management unit [25]. Also, works [26, 27] are devoted to countering memory attacks (MCA), which change the contents of some memory areas in order to disrupt the normal operation of computing systems, causing a leak of confidential data or disruptions in current processes. In [28], attacks on modern heterogeneous embedded computing platforms FPGA-SoC, which contain the most advanced memory and peripheral isolation mechanisms, are investigated. In [29], a security model is proposed that provides a higher level of protection compared to such existing approaches as recurrent neural networks and the support vector method. It is promising for an active security control strategy for cyber-physical systems.
OS security on various hardware platforms is a fundamental goal of current evaluation. Identifying and evaluating OS security factors are essential components in OS design. In [30], a formal verification method for the RIOT OS crypto module is proposed for software analysis of Frama-C code, in order to ensure its security aspects. In [31, 32, 33], the causes of vulnerabilities are investigated, in particular for IoT, IIoT, SCADA and Android systems for embedded systems, and the implementation of effective malware detection strategies is proposed. The work [34] focuses on the problem of Kernel Address Space Allocation Randomization (KASLR) violation on modern mobile devices without using cache memory, which is related to the KASLR violation problem on ARM processors. In the search for OS architectures resistant to information leaks, in [35] a tool is proposed for research and modeling of a prototype system with a microkernel architecture that provides high reliability and scalability.
An interesting authentication system is proposed in [36]. It is based on a protocol that includes the Linux security module for user-based NAC. It requires neither user accounts nor a secure user space; it loads signed rules and keys for the user from a USB security key, securely authenticates the user, and controls network permissions directly from the Linux kernel.
In [37], the issue of minimizing the provision of access privileges to resources is raised as a way to increase resilience to information leaks. In particular, attackers can use vulnerabilities in file systems and disk drivers to leak or manipulate the contents of program files. The key problem is that the cancellation of the transfer of OS services privileges from the kernel level to the user level does not solve the problem. It is proposed to use a special Mirage mechanism that deprives them of the right to access the contents of files, while preserving the functions of manipulating them. In [38], the problem of the Windows Embedded OS, which uses a security policy based on discretionary access control (DAC), which is vulnerable to external hacker attacks, is raised. It is proposed to improve security by prohibiting the execution of files from outside the white list.
It is noted that traditional OS security systems based on static protection methods do not always cope with increasingly complex attacks [39], where attackers gain an advantage by using even one vulnerability to compromise the system, adapting to traditional protection measures. In order to overcome the problem, the implementation of proactive and adaptive security systems is proposed [40, 41]. Another direction for ensuring information protection in many computer systems is the change of the control center. A method for determining the next centralization option without user intervention is proposed in [42].
The integration of artificial intelligence into computer networks is one of the advanced technologies. It is assumed that the concept of using artificial intelligence will solve the problems faced by computer networks, especially with regard to the leveling of information leakage threats [43]. The fundamental idea of using artificial intelligence is to move to a proactive OS security model that includes intelligent threat detection, in-depth behavior analysis, and dynamic countermeasures against attackers [44], where traditional methods, especially rule-based approaches, have encountered significant difficulties in protecting confidential data from constantly changing threats, especially in conditions of increasing data volumes.
At the same time, it is noted [45] that artificial intelligence and machine learning methods are increasingly used in cyberattacks. This means that, as in many other areas of our lives, there will be no absolute victory, the struggle will continue and, as is customary, the more competent and experienced will tend to win.
The task of countering the leakage of confidential information in network OSes remains incompletely solved. This includes incomplete centralization of access control to resources, countering multi-vector threats, and the lack of a universal approach to coordinating policies from different formats and nodes, which leads to gaps in protection.
The implementation of dynamic transfer of control between computer network nodes provides a number of technical and organizational advantages, namely, improved flexibility of network management, increased resistance to failures and counteraction to malicious software. However, obtaining maximum efficiency of this method is closely related to many factors, the most important of which is the optimal structuring and transfer of critical security resources to the new control node. The formation of an optimal set of global security resources that must be transferred to the new control node at the time of a change in the control center is a key aspect of the successful implementation of dynamic control of a computer network. Solving this problem will avoid unnecessary duplication, reduce the volume of data to be transferred and, accordingly, reduce the time for their synchronization.
This set should include only those security resources of the network OS that directly affect the integrity, availability and manageability of the computer network. As a rule, its minimum content includes a global privilege database, security policies together with access policies to confidential data, a connection database for managing network traffic. All other security resources that are mainly of local importance (log files, local device drivers, etc.) should be left under the control of the corresponding network nodes, which will ensure a reduction in the costs of transferring control. The formation of an excessively large set of global resources will lead to an increase in the transfer time and, as a result, the risk of delays in control, the emergence of data synchronization problems between nodes. Therefore, optimizing the volume of security resources subject to centralization is a critically necessary condition for building an effective partially centralized OS security management model. This work is devoted to an attempt to scientifically solve this problem.
Thus, the main task of this study is to solve the problem of ensuring maximum efficiency of dynamic transfer of control between network nodes by optimizing security resources subject to centralized control. This, in turn, should reduce the time spent on transferring control.
Transfer of control from one network node to another, randomly selected, is a rather complex and resource-intensive process. One of the issues to be solved in this case is determining the volume of transfer of security resources, or the degree of their centralization. The main resource is the global privilege base. But to ensure stable and secure functioning of a computer network with dynamic random transfer of control between its nodes, continuity of network control, it is necessary to transfer a number of critical system data to the new control node, which ensure the integrity of security policies, fault tolerance during the transfer of control.
In addition to the global privilege base, this includes security policies, including sensitive information labeling policies, network policies (Firewall operation, ACL), shared resource access policies, procedures for transferring control between nodes, synchronization with privacy databases (e.g., DLP), local event logs (audit.log), hardware configuration parameters (USB, ports, local drivers), local session caches (e.g., memory pages without sensitive data), background security services (local antivirus scanner, selfmonitoring scripts), lists of authorized local processes, low-level drivers and the OS kernel of the network node, and others.
To reduce the overhead of random dynamic transfer of control between computer network nodes without compromising security and ensuring continuity of control, it is proposed to leave part of the security resources that are not critical for global decision-making; do not affect the consistency of the entire security system; have a low probability of conflict or attack during local control, under the control of local nodes, and centralize those of them that affect access, interaction between nodes, security policies and transfer of control.
The process of dynamic transfer of control between network nodes. To describe the process of dynamic transfer of control between computer network nodes with the separation of centralized and local resource management, notations for key aspects are required. The set of network nodes is denoted as: N = {N 1 , N 2 , … , N n }, where N 1 , N 2 , … , N n are the computer network nodes.
RBR = {R1 , R2 , … , Rk }, where R1 , R2 , … , Rk are the security resources (privilege databases, security policies, connection database, etc.).
We define resources subject to centralized management as its subset Rcentr∈ R BR. Then the subset of
resources that can remain under local control can be defined as Rlocal, as one that is not intersecting with a
subset Rcentr . Let's define this as Rlocal= RBR / Rcentr , while their union forms a set RBR. To describe the
process of dynamic control transfer between computer network nodes, we will also introduce the
necessary notation. The current control node at time t is defined as CSMM t. At the same time CSMM t
belongs to a set of network nodes N : CSMM t ϵ N . Then the probability of transferring control from the
current network node CSMM t to the next CSMM t +1 that will take control of the network at time t + 1 can
be defined as:
(
P ( CSMMt +1= N j|CSMMt = N i where CSMM t and CSMM t +1 are the control nodes of the computer network at the points in time and, respectively, from the set of network nodes N ; N i is the current control node at time t ; N j is the index of the next control node from the set N at time t + 1, with the control transfer subject to constraint j ≠ i (Figure 1, position 1).
Based on the above, we can conclude that there is a uniform distribution of the probability of becoming the network control node in the process of dynamic control transfer for each active network node, i.e. each node has the same chance of becoming the central network control node. This can be represented by the formula:
P (CSMM t +1 = N j ) =
, ∀ j ≠ i 1 n - 1 where N j is the index of the next control node CSMM t +1 from the set N at time t + 1; n – the total number of active network nodes (currently working) in the set N ;. n - 1 takes into account that the current control node cannot become the network control node again ( j ≠ i).
The chosen law of distribution of probability of a network node becoming the central control node of the network allows to guarantee randomness and uniformity of control transfer, allows to avoid overload of the network node, increases resistance to attacks due to the difficulty for the attacker to predict who will be the next control node, supports the idea of partial centralization - no node remains a permanent center. Thus, it can be described as a Markov process, since the next state of the network is determined only by its current state with a uniform probability of dynamic control transfer between nodes. The transfer of control between network nodes itself actually means that the control of the network is transferred from the central control module CSMM t of the centralized security service of the OS of the current node to the same control module CSMM t +1 of the next active network node. The transfer process is initiated by the current control node CSMM t by sending the control token T Governance to a randomly selected active network node (Figure 1, position 1). After receiving the control token (Figure 1, position 2), the new CSMM t +1 control node sends a request (Figure 1, position 3) to all active network nodes to transfer security resources that require centralized management: a global privilege base - there must be one consistent copy for all nodes, sensitive data labeling policies, they affect all access logic, network policies is require a single security strategy, a control transfer schedule between nodes, its violation can cause collisions in network management, security incident handling policies, also require centralized response and analysis.
Formation of global databases for centralized network management. In practice, this means that such OS resources as /etc/security/policies.conf, /etc/firewall.rules, global_privileges.db are the minimum possible set of them that require centralized management. Such delimitation of management allows you to reduce traffic, accelerate the transfer of control between nodes, and at the same time maintain high resistance to leaks of confidential information. However, it is necessary to take into account the nuances of the mechanisms for forming centralized copies of these resources for the new CSMM t +1 control node. The logic of ensuring the maximum level of resistance to leaks of confidential information dictates the methods of their implementation.
Thus, the current centralized privilege database global_privileges.db for the next control node
CSMM t +1 is obtained by combining the local privilege databases of active network nodes (Figure 1,
position 4). To represent this mechanism, we introduce the following notations: RBPlocal is the privilege
database of a local node. Then the global privilege database RG privileges can be represented as follows:
RG privileges=U i∈ A RBP local ( i )
(
In the process of implementing management actions by the current CSMM t module, all changes in the global privilege base RG privileges are transactionally replicated on all relevant local bases of network nodes, which allows, in the event of an incident with the current management node, to obtain a new up-to-date global privilege base for the new CSMM t +1 management module, which increases the OS's resistance to information leaks.
Let us consider the formation of a global security policy database global_policies.conf which is another centralized resource that is updated at each cycle of control transfer between nodes. For convenience of description, we will introduce the following notations: RPi( x ) – security policy x i-th network node as a security resource; RP local – security policy of some local node. It can be defined as the union of all security policies of a given local node of a computer network:
R Plocal=U in=1{R Pi (x )}
(
The next step is to obtain the global security policy base of the computer network. It should be noted that when implementing the function of combining all local security policy bases, it is possible to use several mechanisms that implement different access rules, lists of permitted actions, etc., and from which it is necessary to choose the most optimal one that will ensure maximum system resistance to information leakage. This may be a consensus approach, which is based on including in the global RG policies security policy base all security policies present in the local security policy bases of active nodes. Another option for the mechanism for forming a centralized policy base involves its implementation as an intersection of security policies of all local bases of network nodes. It is also possible to use a mechanism that, when forming a global RG policies policy base, takes into account the level of trust in nodes - a weighted union (for example, taking into account their reliability, incident history, etc.), giving priority to including security policies from local bases of nodes with a higher level of trust.
Since we are talking about the formation of centralized databases of security resources of the network OS security system, the most expedient and justified seems to be the use of a mechanism based on the intersection of security policies of local databases of network nodes, since it is quite simple to implement and at the same time provides a regime of the strictest rules for applying security policies from the central control node, which in turn guarantees increased OS resistance to leaks of confidential information processed in the system under its control.
Then the global RG policies security policy database can be represented as follows:
RG policies= ∩i∈ A {R p local ( i ) } where R p local ( i ) is the local security policy base of the i-th node of the computer network, where i belongs to the set of active nodes of the A network at the moment of control transfer.
To form the global connection base RG firewall, we will use the same mechanism as when forming the global security policy base RG policies, since connection management also, due to its importance, requires the strictest control rules.
RG firewall= ∩i∈ A {RFW local ( i ) } where RFW local ( i ) is the local connection base of the i-th node of the computer network, where i belongs to the set of active nodes of the A network at the moment of control transfer.
Justification of the effectiveness of partial centralization of security resources. To do this, we will
perform a comparative calculation of the costs of dynamic transfer of control between computer network
nodes for situations with complete centralization of all security resources of the network OS security
system and centralization of only privilege databases, security policies, and network connections.
(
To mathematically represent the total costs of transferring control between network nodes, we will use the previously introduced notations: RBR – set of network security resources; Rcentr∈ RBR – subset of resources subject to centralized control for a partial centralization situation, and we will also introduce the notation of comparative criteria: T fetch – time to poll all active network nodes and receive copies of the resource Ri from them to form its current global database; T parse – time that the new control node spends on parsing, unifying or confirming the compliance of the received data (checking the integrity of the database, checking the consistency of security policies, building a generalized global version of the resource); T aplying – time to restart a new global version of the resource on the new control node (activating it in services or OS subsystems, transmitting confirmation to other network nodes if necessary).
Then the total update time of the global version of some Ri security resource of the network OS can be represented as the sum of all time periods of its formation:
T G ( Ri) = T fetch ( Ri) + T parse ( Ri) + T ap plying ( Ri )
(
The implementation of formula (
Now, for a situation with complete centralization of all security resources of the network OS, the time
of transfer of control to the new control node CSMM t +1, T F central can be represented as the sum of all
time periods required to form all global versions of all security resources of the OS according to the
scheme (Figure 1). Taking into account the above and (formula 7), it will take the form:
T F central = ∑ ( T fetch ( Ri) + T parse ( Ri) + T applying ( Ri)) (
i=1 where T fetch is the time to request local copies of the Ri resource from all active network nodes; T parse is the time to form a global version of the Ri resource; T applying is the time to restart a new version of the global Ri resource; n is the total number of OS security resources in the set RBP.
The time of transfer of control to the new control node CSMM t +1 with partial centralization of security
resources T P central can be calculated using formula (
Then the ratio of the time of transfer of control to a new control node with full centralization of security resources T F central and the time of transfer of control with partial centralization of security resources T P central greater than one will indicate a better efficiency of the OS security system with partial centralization:
Ecentral =
T P central EP central =
T F central
(
To represent the value of EP central efficiency in percent, we present formula (
A method for assessing the effectiveness of partial centralization of security resources during dynamic transfer of control between network nodes in comparison with their full centralization has been developed for use in the study of network OS security systems.
Experimental environment setup. In order to confirm the effectiveness of the network OS security system with partial centralization of security resources during dynamic transfer of control between network nodes, several series of experiments were conducted. For this purpose, a test environment was deployed based on the use of a virtual computer network that includes virtual nodes VM01 - VM04, which served as target machines during the experiments (Figure 3). All virtual machines operate under the control of the Virtual Box hypervisor. With its help, virtual machines are combined into a separate local virtual network necessary for conducting experiments. FreeBSD 13.1 is installed as a network OS on each virtual machine.
Calculation of the efficiency of partial centralization of resources. As a result of experiments with a virtual network with simulation of dynamic control transfer between its nodes, the data given in Table 1 were obtained.
Substituting the data into formula (
n T F central=∑ ( T fetch ( Ri )+T parse( R i)+ Tapplying ( Ri) )=(5.31+ 9.54+ 8.21+ 6.14+2.81+5.15)=37.16 sec i =1
As part of the next step, we calculate the time for control transfer between network nodes for a
situation with partial centralization of resources (formula (
E P central = T F cenTtraFl c-enTtraPl central ×100 % = 37.1367.-1263.06 × 100 % =37.9 %
Calculations based on the results of the experiments confirmed the effectiveness of the method for optimizing the centralization of network OS security resources during random dynamic transfer of control between computer network nodes (Figure 4).
The reduction in the time for transferring control between computer network nodes with partial centralization of security resources was, as can be seen from the calculations, ≈ 38%, which was achieved by excluding secondary security resources (log files, local device drivers, etc.) from centralized replication, reducing the amount of data for synchronization, and reducing the overhead of data verification, normalization, and logging.
The result of the proposed approach is the confirmation of a significant reduction in time (Figure 4) during dynamic random transfer of control between network nodes, which, in turn, reduces the probability of losing control of the network or reducing its security during the transition period. In addition, this approach allows for better scaling of the system, since an increase in the number of nodes does not proportionally affect the amount of data transferred to the new control node, due to the optimization of the set of critical security resources.
Another advantage of optimizing the set of global security resources is the reduction of the attack surface, since the number of points through which an attacker could affect the security system during the transfer of control is reduced. This is especially important in conditions where attacks can be coordinated and aimed at the moments of maximum vulnerability of the system, namely at the moments of changing the control node.
Thus, the formation of an optimal set of global OS security resources for partially centralized network management based on dynamic control transfer between its nodes is not only an engineering task, but also a scientific tool for increasing the efficiency, reliability and security of the entire computer network. This approach to building centralized OS security systems allows maintaining a balance between the flexibility of dynamic management and the necessary rigidity of control over its critical aspects.
The authors have not employed any Generative AI tools. [14] S. Lysenko, O. Savenko, K. Bobrovnikova, A. Kryshchuk, B. Savenko, Information technology for botnets detection based on their behaviour in the corporate area network, Communications in Computer and Information Science, volume 718 (2017) 166–181. ISSN: 1865–0929. [15] S. Lysenko, O. Savenko, K. Bobrovnikova, A. Kryshchuk, Self-adaptive system for the corporate area network resilience in the presence of botnet cyberattacks, Communications in Computer and Information Science 860 (2018) 385-401. [16] O. Savenko, K. Bobrovnikova, S. Lysenko, DDoS Botnet Detection Technique Based on the Use of the
Semi-Supervised Fuzzy c-Means Clustering, CEUR-WS volume 2104 (2018) 688-695.
[17] S. Lysenko, K. Bobrovnikova O. Savenko, A Botnet Detection Approach Based on The Clonal Selection
Algorithm, 9th International Conference on Dependable Systems, Services and Technologies
(DeSSerT-2018), Kyiv, Ukraine, May 24-27 2018, pp. 424-428.
[18] K. Singh, K. Singh Dhindsa, B. Bhushan, Performance analysis of agent based distributed defense
mechanisms against DDOS attacks. International Journal of Computing, (2018), 17(
Sci. China Inf. Sci. 67 (2024) 162305. doi:10.1007/s11432-023-3865-0. [27] I. Herrera Montano, J. J. García Aranda, J. Ramos Diaz, Survey of Techniques on Data Leakage Protection and Methods to address the Insider threat, Cluster Comput 25 (2022) 4289–4302. doi:10.1007/s10586-022-03668-2. [28] M. Gross, N. Jacob, A. Zankl, Breaking TrustZone memory isolation and secure boot through malicious hardware on a modern FPGA-SoC, J Cryptogr Eng 12 (2022) 181–196. doi:10.1007/s13389021-00273-8. [29] R. Meganathan, R. Anand, Security establishment using deep convolutional network model in cyberphysical systems, Multimed Tools Appl 83 (2024) 76201–76221. doi: 10.1007/s11042-024-18535-y [30] N. Rai, J. Grover, Analysis of crypto module in RIOT OS using Frama-C, J Supercomput 80 (2024) 18521–18543. doi: 10.1007/s11227-024-06171-0. [31] C.S.Yadav, S. Gupta, A Review on Malware Analysis for IoT and Android System, SN COMPUT. SCI. 4 (2023) 118. doi:10.1007/s42979-022-01543-w. [32] N. Sharma, P. G. Shambharkar, Multi-layered security architecture for IoMT systems: integrating dynamic key management, decentralized storage, and dependable intrusion detection framework, Int.
J. Mach. Learn. & Cyber (2025). doi:10.1007/s13042-025-02628-7