Pub Date : 2025-02-28DOI: 10.1016/j.hcc.2025.100303
Qasim Zia , Saide Zhu , Haoxin Wang , Zafar Iqbal , Yingshu Li
In recent research on the Digital Twin-based Vehicular Ad hoc Network (DT-VANET), Federated Learning (FL) has shown its ability to provide data privacy. However, Federated learning struggles to adequately train a global model when confronted with data heterogeneity and data sparsity among vehicles, which ensure suboptimal accuracy in making precise predictions for different vehicle types. To address these challenges, this paper combines Federated Transfer Learning (FTL) to conduct vehicle clustering related to types of vehicles and proposes a novel Hierarchical Federated Transfer Learning (HFTL). We construct a framework for DT-VANET, along with two algorithms designed for cloud server model updates and intra-cluster federated transfer learning, to improve the accuracy of the global model. In addition, we developed a data quality score-based mechanism to prevent the global model from being affected by malicious vehicles. Lastly, detailed experiments on real-world datasets are conducted, considering different performance metrics that verify the effectiveness and efficiency of our algorithm.
{"title":"Hierarchical federated transfer learning in digital twin-based vehicular networks","authors":"Qasim Zia , Saide Zhu , Haoxin Wang , Zafar Iqbal , Yingshu Li","doi":"10.1016/j.hcc.2025.100303","DOIUrl":"10.1016/j.hcc.2025.100303","url":null,"abstract":"<div><div>In recent research on the Digital Twin-based Vehicular Ad hoc Network (DT-VANET), Federated Learning (FL) has shown its ability to provide data privacy. However, Federated learning struggles to adequately train a global model when confronted with data heterogeneity and data sparsity among vehicles, which ensure suboptimal accuracy in making precise predictions for different vehicle types. To address these challenges, this paper combines Federated Transfer Learning (FTL) to conduct vehicle clustering related to types of vehicles and proposes a novel Hierarchical Federated Transfer Learning (HFTL). We construct a framework for DT-VANET, along with two algorithms designed for cloud server model updates and intra-cluster federated transfer learning, to improve the accuracy of the global model. In addition, we developed a data quality score-based mechanism to prevent the global model from being affected by malicious vehicles. Lastly, detailed experiments on real-world datasets are conducted, considering different performance metrics that verify the effectiveness and efficiency of our algorithm.</div></div>","PeriodicalId":100605,"journal":{"name":"High-Confidence Computing","volume":"5 4","pages":"Article 100303"},"PeriodicalIF":3.0,"publicationDate":"2025-02-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145105830","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-02-28DOI: 10.1016/j.hcc.2025.100300
Biwei Yan , Kun Li , Minghui Xu , Yueyan Dong , Yue Zhang , Zhaochun Ren , Xiuzhen Cheng
Large Language Models (LLMs) are complex artificial intelligence systems, which can understand, generate, and translate human languages. By analyzing large amounts of textual data, these models learn language patterns to perform tasks such as writing, conversation, and summarization. Agents built on LLMs (LLM agents) further extend these capabilities, allowing them to process user interactions and perform complex operations in diverse task environments. However, during the processing and generation of massive data, LLMs and LLM agents pose a risk of sensitive information leakage, potentially threatening data privacy. This paper aims to demonstrate data privacy issues associated with LLMs and LLM agents to facilitate a comprehensive understanding. Specifically, we conduct an in-depth survey about privacy threats, encompassing passive privacy leakage and active privacy attacks. Subsequently, we introduce the privacy protection mechanisms employed by LLMs and LLM agents and provide a detailed analysis of their effectiveness. Finally, we explore the privacy protection challenges for LLMs and LLM agents as well as outline potential directions for future developments in this domain.
{"title":"On protecting the data privacy of Large Language Models (LLMs) and LLM agents: A literature review","authors":"Biwei Yan , Kun Li , Minghui Xu , Yueyan Dong , Yue Zhang , Zhaochun Ren , Xiuzhen Cheng","doi":"10.1016/j.hcc.2025.100300","DOIUrl":"10.1016/j.hcc.2025.100300","url":null,"abstract":"<div><div>Large Language Models (LLMs) are complex artificial intelligence systems, which can understand, generate, and translate human languages. By analyzing large amounts of textual data, these models learn language patterns to perform tasks such as writing, conversation, and summarization. Agents built on LLMs (LLM agents) further extend these capabilities, allowing them to process user interactions and perform complex operations in diverse task environments. However, during the processing and generation of massive data, LLMs and LLM agents pose a risk of sensitive information leakage, potentially threatening data privacy. This paper aims to demonstrate data privacy issues associated with LLMs and LLM agents to facilitate a comprehensive understanding. Specifically, we conduct an in-depth survey about privacy threats, encompassing passive privacy leakage and active privacy attacks. Subsequently, we introduce the privacy protection mechanisms employed by LLMs and LLM agents and provide a detailed analysis of their effectiveness. Finally, we explore the privacy protection challenges for LLMs and LLM agents as well as outline potential directions for future developments in this domain.</div></div>","PeriodicalId":100605,"journal":{"name":"High-Confidence Computing","volume":"5 2","pages":"Article 100300"},"PeriodicalIF":3.2,"publicationDate":"2025-02-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143859303","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-02-26DOI: 10.1016/j.hcc.2025.100310
Na Li , Hangguan Shan , Meiyan Song , Yong Zhou , Zhongyuan Zhao , Howard H. Yang , Fen Hou
Federated learning (FL) with synchronous model aggregation suffers from the straggler issue because of heterogeneous transmission and computation delays among different agents. In mobile wireless networks, this issue is exacerbated by time-varying network topology due to agent mobility. Although asynchronous FL can alleviate straggler issues, it still faces critical challenges in terms of algorithm design and convergence analysis because of dynamic information update delay (IU-Delay) and dynamic network topology. To tackle these challenges, we propose a decentralized FL framework based on gradient descent with momentum, named decentralized momentum federated learning (DMFL). We prove that DMFL is globally convergent on convex loss functions under the bounded time-varying IU-Delay, as long as the network topology is uniformly jointly strongly connected. Moreover, DMFL does not impose any restrictions on the data distribution over agents. Extensive experiments are conducted to verify DMFL’s performance superiority over the benchmarks and to reveal the effects of diverse parameters on the performance of the proposed algorithm.
{"title":"Accelerating decentralized federated learning via momentum GD with heterogeneous delays","authors":"Na Li , Hangguan Shan , Meiyan Song , Yong Zhou , Zhongyuan Zhao , Howard H. Yang , Fen Hou","doi":"10.1016/j.hcc.2025.100310","DOIUrl":"10.1016/j.hcc.2025.100310","url":null,"abstract":"<div><div>Federated learning (FL) with synchronous model aggregation suffers from the straggler issue because of heterogeneous transmission and computation delays among different agents. In mobile wireless networks, this issue is exacerbated by time-varying network topology due to agent mobility. Although asynchronous FL can alleviate straggler issues, it still faces critical challenges in terms of algorithm design and convergence analysis because of dynamic information update delay (IU-Delay) and dynamic network topology. To tackle these challenges, we propose a decentralized FL framework based on gradient descent with momentum, named decentralized momentum federated learning (DMFL). We prove that DMFL is globally convergent on convex loss functions under the bounded time-varying IU-Delay, as long as the network topology is uniformly jointly strongly connected. Moreover, DMFL does not impose any restrictions on the data distribution over agents. Extensive experiments are conducted to verify DMFL’s performance superiority over the benchmarks and to reveal the effects of diverse parameters on the performance of the proposed algorithm.</div></div>","PeriodicalId":100605,"journal":{"name":"High-Confidence Computing","volume":"5 4","pages":"Article 100310"},"PeriodicalIF":3.0,"publicationDate":"2025-02-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145266603","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-02-15DOI: 10.1016/j.hcc.2025.100302
Gabriel Chukwunonso Amaizu , Akshita Maradapu Vera Venkata Sai , Sanjay Bhardwaj , Dong-Seong Kim , Madhuri Siddula , Yingshu Li
The increasing prevalence of cancer necessitates advanced methodologies for early detection and diagnosis. Early intervention is crucial for improving patient outcomes and reducing the overall burden on healthcare systems. Traditional centralized methods of medical image analysis pose significant risks to patient privacy and data security, as they require the aggregation of sensitive information in a single location. Furthermore, these methods often suffer from limitations related to data diversity and scalability, hindering the development of universally robust diagnostic models. Recent advancements in machine learning, particularly deep learning, have shown promise in enhancing medical image analysis. However, the need to access large and diverse datasets for training these models introduces challenges in maintaining patient confidentiality and adhering to strict data protection regulations. This paper introduces FedViTBloc, a secure and privacy-enhanced framework for medical image analysis utilizing Federated Learning (FL) combined with Vision Transformers (ViT) and blockchain technology. The proposed system ensures patient data privacy and security through fully homomorphic encryption and differential privacy techniques. By employing a decentralized FL approach, multiple medical institutions can collaboratively train a robust deep-learning model without sharing raw data. Blockchain integration further enhances the security and trustworthiness of the FL process by managing client registration and ensuring secure onboarding of participants. Experimental results demonstrate the effectiveness of FedViTBloc in medical image analysis while maintaining stringent privacy standards, achieving 67% accuracy and reducing loss below 2 across 10 clients, ensuring scalability and robustness.
{"title":"FedViTBloc: Secure and privacy-enhanced medical image analysis with federated vision transformer and blockchain","authors":"Gabriel Chukwunonso Amaizu , Akshita Maradapu Vera Venkata Sai , Sanjay Bhardwaj , Dong-Seong Kim , Madhuri Siddula , Yingshu Li","doi":"10.1016/j.hcc.2025.100302","DOIUrl":"10.1016/j.hcc.2025.100302","url":null,"abstract":"<div><div>The increasing prevalence of cancer necessitates advanced methodologies for early detection and diagnosis. Early intervention is crucial for improving patient outcomes and reducing the overall burden on healthcare systems. Traditional centralized methods of medical image analysis pose significant risks to patient privacy and data security, as they require the aggregation of sensitive information in a single location. Furthermore, these methods often suffer from limitations related to data diversity and scalability, hindering the development of universally robust diagnostic models. Recent advancements in machine learning, particularly deep learning, have shown promise in enhancing medical image analysis. However, the need to access large and diverse datasets for training these models introduces challenges in maintaining patient confidentiality and adhering to strict data protection regulations. This paper introduces FedViTBloc, a secure and privacy-enhanced framework for medical image analysis utilizing Federated Learning (FL) combined with Vision Transformers (ViT) and blockchain technology. The proposed system ensures patient data privacy and security through fully homomorphic encryption and differential privacy techniques. By employing a decentralized FL approach, multiple medical institutions can collaboratively train a robust deep-learning model without sharing raw data. Blockchain integration further enhances the security and trustworthiness of the FL process by managing client registration and ensuring secure onboarding of participants. Experimental results demonstrate the effectiveness of FedViTBloc in medical image analysis while maintaining stringent privacy standards, achieving 67% accuracy and reducing loss below 2 across 10 clients, ensuring scalability and robustness.</div></div>","PeriodicalId":100605,"journal":{"name":"High-Confidence Computing","volume":"5 3","pages":"Article 100302"},"PeriodicalIF":3.0,"publicationDate":"2025-02-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144860301","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The Industrial Internet of Things (IIoT) achieves the automation, monitoring, and optimization of industrial processes by interconnecting various sensors, smart devices, and the Internet, which dramatically increases productivity and product quality. Nevertheless, the IIoT comprises a substantial amount of sensitive data, which requires encryption to ensure data privacy and security. Recently, Sun et al. proposed a certificateless searchable encryption scheme for IIoT to enable the retrieval of ciphertext data while protecting data privacy. However, we found that their scheme not only fails to satisfy trapdoor indistinguishability but also lacks defense against keyword guessing attacks. In addition, some schemes use deterministic algorithms in the encryption process, resulting in the same ciphertexts after encryption for the same keyword, thereby leaking the potential frequency distribution of the keyword in the ciphertext space, thereby leaking the potential frequency distribution of the keyword in the ciphertext space, allowing attackers to infer the plaintext information corresponding to the ciphertext through statistical analysis. To better protect data privacy, we propose an improved certificateless searchable encryption scheme with a designated server. With security analysis, we prove that our scheme provides multi-ciphertext indistinguishability and multi-trapdoor indistinguishability security under the random oracle. Experimental results show that the proposed scheme has good overall performance in terms of computational overhead, communication overhead, and security features.
{"title":"An improved secure designated server certificateless authenticated searchable encryption scheme for IIoT","authors":"Le Zhang , Feng Zhou , Qijia Zhang , Wei Xiong , Youliang Tian","doi":"10.1016/j.hcc.2025.100301","DOIUrl":"10.1016/j.hcc.2025.100301","url":null,"abstract":"<div><div>The Industrial Internet of Things (IIoT) achieves the automation, monitoring, and optimization of industrial processes by interconnecting various sensors, smart devices, and the Internet, which dramatically increases productivity and product quality. Nevertheless, the IIoT comprises a substantial amount of sensitive data, which requires encryption to ensure data privacy and security. Recently, Sun et al. proposed a certificateless searchable encryption scheme for IIoT to enable the retrieval of ciphertext data while protecting data privacy. However, we found that their scheme not only fails to satisfy trapdoor indistinguishability but also lacks defense against keyword guessing attacks. In addition, some schemes use deterministic algorithms in the encryption process, resulting in the same ciphertexts after encryption for the same keyword, thereby leaking the potential frequency distribution of the keyword in the ciphertext space, thereby leaking the potential frequency distribution of the keyword in the ciphertext space, allowing attackers to infer the plaintext information corresponding to the ciphertext through statistical analysis. To better protect data privacy, we propose an improved certificateless searchable encryption scheme with a designated server. With security analysis, we prove that our scheme provides multi-ciphertext indistinguishability and multi-trapdoor indistinguishability security under the random oracle. Experimental results show that the proposed scheme has good overall performance in terms of computational overhead, communication overhead, and security features.</div></div>","PeriodicalId":100605,"journal":{"name":"High-Confidence Computing","volume":"5 3","pages":"Article 100301"},"PeriodicalIF":3.0,"publicationDate":"2025-02-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144725020","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The ever-escalating prevalence of malware is a serious cybersecurity threat, often requiring advanced post-incident forensic investigation techniques. This paper proposes a framework to enhance malware forensics by leveraging reinforcement learning (RL). The approach combines heuristic and signature-based methods, supported by RL through a unified MDP model, which breaks down malware analysis into distinct states and actions. This optimisation enhances the identification and classification of malware variants. The framework employs Q-learning and other techniques to boost the speed and accuracy of detecting new and unknown malware, outperforming traditional methods. We tested the experimental framework across multiple virtual environments infected with various malware types. The RL agent collected forensic evidence and improved its performance through Q-tables and temporal difference learning. The epsilon-greedy exploration strategy, in conjunction with Q-learning updates, effectively facilitated transitions. The learning rate depended on the complexity of the MDP environment: higher in simpler ones for quicker convergence and lower in more complex ones for stability. This RL-enhanced model significantly reduced the time required for post-incident malware investigations, achieving a high accuracy rate of 94 in identifying malware. These results indicate RL’s potential to revolutionise post-incident forensics investigations in cybersecurity. Future work will incorporate more advanced RL algorithms and large language models (LLMs) to further enhance the effectiveness of malware forensic analysis.
{"title":"Reinforcement learning for an efficient and effective malware investigation during cyber incident response","authors":"Dipo Dunsin , Mohamed Chahine Ghanem , Karim Ouazzane , Vassil Vassilev","doi":"10.1016/j.hcc.2025.100299","DOIUrl":"10.1016/j.hcc.2025.100299","url":null,"abstract":"<div><div>The ever-escalating prevalence of malware is a serious cybersecurity threat, often requiring advanced post-incident forensic investigation techniques. This paper proposes a framework to enhance malware forensics by leveraging reinforcement learning (RL). The approach combines heuristic and signature-based methods, supported by RL through a unified MDP model, which breaks down malware analysis into distinct states and actions. This optimisation enhances the identification and classification of malware variants. The framework employs Q-learning and other techniques to boost the speed and accuracy of detecting new and unknown malware, outperforming traditional methods. We tested the experimental framework across multiple virtual environments infected with various malware types. The RL agent collected forensic evidence and improved its performance through Q-tables and temporal difference learning. The epsilon-greedy exploration strategy, in conjunction with Q-learning updates, effectively facilitated transitions. The learning rate depended on the complexity of the MDP environment: higher in simpler ones for quicker convergence and lower in more complex ones for stability. This RL-enhanced model significantly reduced the time required for post-incident malware investigations, achieving a high accuracy rate of 94<span><math><mtext>%</mtext></math></span> in identifying malware. These results indicate RL’s potential to revolutionise post-incident forensics investigations in cybersecurity. Future work will incorporate more advanced RL algorithms and large language models (LLMs) to further enhance the effectiveness of malware forensic analysis.</div></div>","PeriodicalId":100605,"journal":{"name":"High-Confidence Computing","volume":"5 3","pages":"Article 100299"},"PeriodicalIF":3.0,"publicationDate":"2025-01-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144827309","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-01-15DOI: 10.1016/j.hcc.2025.100298
Nadia Niknami , Vahid Mahzoon , Slobadan Vucetic , Jie Wu
Traditional single-machine Network Intrusion Detection Systems (NIDS) are increasingly challenged by rapid network traffic growth and the complexities of advanced neural network methodologies. To address these issues, we propose an Enhanced Meta-IDS framework inspired by meta-computing principles, enabling dynamic resource allocation for optimized NIDS performance. Our hierarchical architecture employs a three-stage approach with iterative feedback mechanisms. We leverage these intervals in real-world scenarios with intermittent data batches to enhance our models. Outputs from the third stage provide labeled samples back to the first and second stages, allowing retraining and fine-tuning based on the most recent results without incurring additional latency. By dynamically adjusting model parameters and decision boundaries, our system optimizes responses to real-time data, effectively balancing computational efficiency and detection accuracy. By ensuring that only the most suspicious data points undergo intensive analysis, our multi-stage framework optimizes computational resource usage. Experiments on benchmark datasets demonstrate that our Enhanced Meta-IDS improves detection accuracy and reduces computational load or CPU time, ensuring robust performance in high-traffic environments. This adaptable approach offers an effective solution to modern network security challenges.
{"title":"Enhanced Meta-IDS: Adaptive multi-stage IDS with sequential model adjustments","authors":"Nadia Niknami , Vahid Mahzoon , Slobadan Vucetic , Jie Wu","doi":"10.1016/j.hcc.2025.100298","DOIUrl":"10.1016/j.hcc.2025.100298","url":null,"abstract":"<div><div>Traditional single-machine Network Intrusion Detection Systems (NIDS) are increasingly challenged by rapid network traffic growth and the complexities of advanced neural network methodologies. To address these issues, we propose an <em>Enhanced Meta-IDS</em> framework inspired by meta-computing principles, enabling dynamic resource allocation for optimized NIDS performance. Our hierarchical architecture employs a three-stage approach with iterative feedback mechanisms. We leverage these intervals in real-world scenarios with intermittent data batches to enhance our models. Outputs from the third stage provide labeled samples back to the first and second stages, allowing retraining and fine-tuning based on the most recent results without incurring additional latency. By dynamically adjusting model parameters and decision boundaries, our system optimizes responses to real-time data, effectively balancing computational efficiency and detection accuracy. By ensuring that only the most suspicious data points undergo intensive analysis, our multi-stage framework optimizes computational resource usage. Experiments on benchmark datasets demonstrate that our <em>Enhanced Meta-IDS</em> improves detection accuracy and reduces computational load or CPU time, ensuring robust performance in high-traffic environments. This adaptable approach offers an effective solution to modern network security challenges.</div></div>","PeriodicalId":100605,"journal":{"name":"High-Confidence Computing","volume":"5 3","pages":"Article 100298"},"PeriodicalIF":3.2,"publicationDate":"2025-01-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144713063","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-01-15DOI: 10.1016/j.hcc.2024.100282
Mahid Atif Hosain , Sriram Chellappan , Jannatun Noor
Docker is a vital tool in modern development, enabling the creation, deployment, and execution of applications using containers, thereby ensuring consistency across various environments. However, developers often face challenges, particularly with filesystem complexities and performance bottlenecks when working directly within Docker containers. This is where Mutagen comes into play, significantly enhancing the Docker experience by offering efficient network file synchronization, reducing latency in file operations, and improving overall data transfer rates in containerized environments. By exploring Docker’s architecture, examining Mutagen’s role, and evaluating their combined performance impacts, particularly in terms of file operation speeds and development workflow efficiencies, this research provides a deep understanding of these technologies and their potential to streamline development processes in networked and distributed environments.
{"title":"Performance evaluation of file operations using Mutagen","authors":"Mahid Atif Hosain , Sriram Chellappan , Jannatun Noor","doi":"10.1016/j.hcc.2024.100282","DOIUrl":"10.1016/j.hcc.2024.100282","url":null,"abstract":"<div><div>Docker is a vital tool in modern development, enabling the creation, deployment, and execution of applications using containers, thereby ensuring consistency across various environments. However, developers often face challenges, particularly with filesystem complexities and performance bottlenecks when working directly within Docker containers. This is where Mutagen comes into play, significantly enhancing the Docker experience by offering efficient network file synchronization, reducing latency in file operations, and improving overall data transfer rates in containerized environments. By exploring Docker’s architecture, examining Mutagen’s role, and evaluating their combined performance impacts, particularly in terms of file operation speeds and development workflow efficiencies, this research provides a deep understanding of these technologies and their potential to streamline development processes in networked and distributed environments.</div></div>","PeriodicalId":100605,"journal":{"name":"High-Confidence Computing","volume":"5 3","pages":"Article 100282"},"PeriodicalIF":3.2,"publicationDate":"2025-01-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144678977","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-01-14DOI: 10.1016/j.hcc.2024.100283
Xiaoling Tao , Jianxiang Liu , Yuelin Yu , Haijing Zhang , Ying Huang
As network and information systems become widely adopted across industries, cybersecurity concerns have grown more prominent. Among these concerns, insider threats are considered particularly covert and destructive. Insider threats refer to malicious insiders exploiting privileged access to networks, systems, and data to intentionally compromise organizational security. Detecting these threats is challenging due to the complexity and variability of user behavior data, combined with the subtle and covert nature of insider actions. Traditional detection methods often fail to capture both long-term dependencies and short-term fluctuations in time-series data, which are crucial for identifying anomalous behaviors. To address these issues, this paper introduces the Test-Time Training (TTT) model for the first time in the field of insider threat detection, and proposes a detection method based on the TTT-ECA-ResNet model. First, the dataset is preprocessed. TTT is applied to extract long-term dependencies in features, effectively capturing dynamic sequence changes. The Residual Network, incorporating the Efficient Channel Attention mechanism, is used to extract local feature patterns, capturing relationships between different positions in time-series data. Finally, a Linear layer is employed for more precise detection of insider threats. The proposed approaches were evaluated using the CMU CERT Insider Threat Dataset, achieving an AUC of 98.75% and an F1-score of 96.81%. The experimental results demonstrate the effectiveness of the proposed methods, outperforming other state-of-the-art approaches.
{"title":"An insider threat detection method based on improved Test-Time Training model","authors":"Xiaoling Tao , Jianxiang Liu , Yuelin Yu , Haijing Zhang , Ying Huang","doi":"10.1016/j.hcc.2024.100283","DOIUrl":"10.1016/j.hcc.2024.100283","url":null,"abstract":"<div><div>As network and information systems become widely adopted across industries, cybersecurity concerns have grown more prominent. Among these concerns, insider threats are considered particularly covert and destructive. Insider threats refer to malicious insiders exploiting privileged access to networks, systems, and data to intentionally compromise organizational security. Detecting these threats is challenging due to the complexity and variability of user behavior data, combined with the subtle and covert nature of insider actions. Traditional detection methods often fail to capture both long-term dependencies and short-term fluctuations in time-series data, which are crucial for identifying anomalous behaviors. To address these issues, this paper introduces the Test-Time Training (TTT) model for the first time in the field of insider threat detection, and proposes a detection method based on the TTT-ECA-ResNet model. First, the dataset is preprocessed. TTT is applied to extract long-term dependencies in features, effectively capturing dynamic sequence changes. The Residual Network, incorporating the Efficient Channel Attention mechanism, is used to extract local feature patterns, capturing relationships between different positions in time-series data. Finally, a Linear layer is employed for more precise detection of insider threats. The proposed approaches were evaluated using the CMU CERT Insider Threat Dataset, achieving an AUC of 98.75% and an F1-score of 96.81%. The experimental results demonstrate the effectiveness of the proposed methods, outperforming other state-of-the-art approaches.</div></div>","PeriodicalId":100605,"journal":{"name":"High-Confidence Computing","volume":"5 1","pages":"Article 100283"},"PeriodicalIF":3.2,"publicationDate":"2025-01-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143422030","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-01-11DOI: 10.1016/j.hcc.2025.100297
Yunling Wang , Chenyang Gao , Yifei Huang , Lei Fu , Yong Yu
Wildcard searchable encryption allows the server to efficiently perform wildcard-based keyword searches over encrypted data while maintaining data privacy. A promising solution to achieve wildcard SSE is to extract the characteristics of the queried keyword and check the existence based on a membership test structure. However, existing schemes have false positives of character order, that is, the server cannot identify the order between the first and the last wildcard character. Besides, the schemes also suffer from characteristic matching pattern leakage due to the one-by-one membership testing. In this paper, we present the first efficient wildcard SSE scheme to eliminate the false positives of character order and characteristic matching pattern leakage. To this end, we design a novel characteristic extraction technique that enables the client to exact the characteristics of the queried keyword maintaining the order between the first and the last wildcard character. Then, we utilize the primitive of Symmetric Subset Predicate Encryption, which supports checking if one set is a subset of another in one shot to reduce the characteristic matching pattern leakage. Finally, by performing a formal security analysis and implementing the scheme on a real-world database, we demonstrate that the desired security properties are achieved with high performance.
{"title":"Less leakage and more precise: Efficient wildcard keyword search over encrypted data","authors":"Yunling Wang , Chenyang Gao , Yifei Huang , Lei Fu , Yong Yu","doi":"10.1016/j.hcc.2025.100297","DOIUrl":"10.1016/j.hcc.2025.100297","url":null,"abstract":"<div><div>Wildcard searchable encryption allows the server to efficiently perform wildcard-based keyword searches over encrypted data while maintaining data privacy. A promising solution to achieve wildcard SSE is to extract the characteristics of the queried keyword and check the existence based on a membership test structure. However, existing schemes have false positives of character order, that is, the server cannot identify the order between the first and the last wildcard character. Besides, the schemes also suffer from characteristic matching pattern leakage due to the one-by-one membership testing. In this paper, we present the first efficient wildcard SSE scheme to eliminate the false positives of character order and characteristic matching pattern leakage. To this end, we design a novel characteristic extraction technique that enables the client to exact the characteristics of the queried keyword maintaining the order between the first and the last wildcard character. Then, we utilize the primitive of Symmetric Subset Predicate Encryption, which supports checking if one set is a subset of another in one shot to reduce the characteristic matching pattern leakage. Finally, by performing a formal security analysis and implementing the scheme on a real-world database, we demonstrate that the desired security properties are achieved with high performance.</div></div>","PeriodicalId":100605,"journal":{"name":"High-Confidence Computing","volume":"5 3","pages":"Article 100297"},"PeriodicalIF":3.2,"publicationDate":"2025-01-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144678976","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
扫码关注我们
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号