Pub Date : 2024-11-01DOI: 10.1109/TIFS.2024.3488506
Edward Kwadwo Boahen;Rexford Nii Ayitey Sosu;Selasi Kwame Ocansey;Qinbao Xu;Changda Wang
Online Social Networks (OSNs) face escalating security threats that imperil user privacy. Conventional Deep Learning methods, relying predominantly on fixed learning rates, encounter limitations when capturing the nuanced intricacies of OSN traffic that arise from shifting user behaviors, diverse content types, and evolving interaction patterns because of social trending topics changes. To tackle these challenges, our paper delves into the diverse variations and transitions from a uniform approach, where a single method is employed for various types of data, to a multi-variation methodology. This methodology dynamically adapts to the special characteristics of each data type, resulting in more effective data representation while alleviating the limitations associated with fixed-rate calibration. Therefore, we devise the Adaptive Swarm Reinforcement Learning (ASRL) method that leverages adaptive learning to intricately analyze a wide range of user interactions, endowing our proposed method with the capacity to flexibly adjust to the constantly shifting OSN patterns. The experiments show that the proposed ASRL method achieves an accuracy of 98.59% in detecting a range of threat patterns, surpassing other prevalent methods by an average of 5% across the datasets from Facebook, Google+, and Twitter. Meanwhile, ASRL logs suspicious activities to identify the intruder for forensic analysis. The implementation of our proposed method is now publicly accessible at �https://github.com/don2c/asrl_Project�.
在线社交网络(OSN)面临着不断升级的安全威胁,危及用户隐私。传统的深度学习方法主要依赖于固定的学习率,在捕捉因用户行为变化、内容类型多样化以及社交热门话题变化导致的互动模式演变而产生的细微复杂的 OSN 流量时,会遇到各种限制。为了应对这些挑战,我们的论文深入研究了各种变化,并从针对各种类型数据采用单一方法的统一方法过渡到了多变化方法。这种方法能动态适应每种数据类型的特殊性,从而实现更有效的数据表示,同时缓解与固定速率校准相关的限制。因此,我们设计了自适应蜂群强化学习(ASRL)方法,利用自适应学习对各种用户交互进行复杂分析,使我们提出的方法能够灵活地适应不断变化的 OSN 模式。实验表明,所提出的 ASRL 方法在检测一系列威胁模式方面达到了 98.59% 的准确率,在 Facebook、Google+ 和 Twitter 数据集上平均超出其他流行方法 5%。同时,ASRL 会记录可疑活动,以便识别入侵者,进行取证分析。我们提出的方法的实现现在可以在 https://github.com/don2c/asrl_Project 上公开访问。
{"title":"ASRL: Adaptive Swarm Reinforcement Learning for Enhanced OSN Intrusion Detection","authors":"Edward Kwadwo Boahen;Rexford Nii Ayitey Sosu;Selasi Kwame Ocansey;Qinbao Xu;Changda Wang","doi":"10.1109/TIFS.2024.3488506","DOIUrl":"10.1109/TIFS.2024.3488506","url":null,"abstract":"Online Social Networks (OSNs) face escalating security threats that imperil user privacy. Conventional Deep Learning methods, relying predominantly on fixed learning rates, encounter limitations when capturing the nuanced intricacies of OSN traffic that arise from shifting user behaviors, diverse content types, and evolving interaction patterns because of social trending topics changes. To tackle these challenges, our paper delves into the diverse variations and transitions from a uniform approach, where a single method is employed for various types of data, to a multi-variation methodology. This methodology dynamically adapts to the special characteristics of each data type, resulting in more effective data representation while alleviating the limitations associated with fixed-rate calibration. Therefore, we devise the Adaptive Swarm Reinforcement Learning (ASRL) method that leverages adaptive learning to intricately analyze a wide range of user interactions, endowing our proposed method with the capacity to flexibly adjust to the constantly shifting OSN patterns. The experiments show that the proposed ASRL method achieves an accuracy of 98.59% in detecting a range of threat patterns, surpassing other prevalent methods by an average of 5% across the datasets from Facebook, Google+, and Twitter. Meanwhile, ASRL logs suspicious activities to identify the intruder for forensic analysis. The implementation of our proposed method is now publicly accessible at \u0000<uri>https://github.com/don2c/asrl_Project</uri>\u0000.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"19 ","pages":"10258-10272"},"PeriodicalIF":6.3,"publicationDate":"2024-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142563048","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-10-31DOI: 10.1109/TIFS.2024.3488967
Hao-Ting Pai;Yu-Hsuan Kang;Wen-Cheng Chung
The increasing complexity of modern network environments presents formidable challenges to Intrusion Detection Systems (IDS) in effectively mitigating cyber-attacks. Recent advancements in IDS research, integrating Explainable AI (XAI) methodologies, have led to notable improvements in system performance via precise feature selection. However, a thorough understanding of cyber-attacks requires inherently explainable decision-making processes within IDS. In this paper, we present the Interpretable Generalization Mechanism (IG), poised to revolutionize IDS capabilities. IG discerns coherent patterns, making it interpretable in distinguishing between normal and anomalous network traffic. Further, the synthesis of coherent patterns sheds light on intricate intrusion pathways, providing essential insights for cybersecurity forensics. By experiments with real-world datasets NSL-KDD, UNSW-NB15, and UKM-IDS20, IG is accurate even at a low ratio of training-to-test. With 10%-to-90%, IG achieves Precision (PRE) =0.93, Recall (REC) =0.94, and Area Under Curve (AUC) =0.94 in NSL-KDD; PRE =0.98, REC =0.99, and AUC =0.99 in UNSW-NB15; and PRE =0.98, REC =0.98, and AUC =0.99 in UKM-IDS20. Notably, in UNSW-NB15, IG achieves REC =1.0 and at least PRE =0.98 since 40%-to-60%; in UKM-IDS20, IG achieves REC =1.0 and at least PRE =0.88 since 20%-to-80%. Importantly, in UKM-IDS20, IG successfully identifies all three anomalous instances without prior exposure, demonstrating its generalization capabilities. These results and inferences are reproducible. In sum, IG showcases superior generalization by consistently performing well across diverse datasets and training-to-test ratios (from 10%-to-90% to 90%-to-10%), and excels in identifying novel anomalies without prior exposure. Its interpretability is enhanced by coherent evidence that accurately distinguishes both normal and anomalous activities, significantly improving detection accuracy and reducing false alarms, thereby strengthening IDS reliability and trustworthiness.
{"title":"An Interpretable Generalization Mechanism for Accurately Detecting Anomaly and Identifying Networking Intrusion Techniques","authors":"Hao-Ting Pai;Yu-Hsuan Kang;Wen-Cheng Chung","doi":"10.1109/TIFS.2024.3488967","DOIUrl":"10.1109/TIFS.2024.3488967","url":null,"abstract":"The increasing complexity of modern network environments presents formidable challenges to Intrusion Detection Systems (IDS) in effectively mitigating cyber-attacks. Recent advancements in IDS research, integrating Explainable AI (XAI) methodologies, have led to notable improvements in system performance via precise feature selection. However, a thorough understanding of cyber-attacks requires inherently explainable decision-making processes within IDS. In this paper, we present the Interpretable Generalization Mechanism (IG), poised to revolutionize IDS capabilities. IG discerns coherent patterns, making it interpretable in distinguishing between normal and anomalous network traffic. Further, the synthesis of coherent patterns sheds light on intricate intrusion pathways, providing essential insights for cybersecurity forensics. By experiments with real-world datasets NSL-KDD, UNSW-NB15, and UKM-IDS20, IG is accurate even at a low ratio of training-to-test. With 10%-to-90%, IG achieves Precision (PRE) =0.93, Recall (REC) =0.94, and Area Under Curve (AUC) =0.94 in NSL-KDD; PRE =0.98, REC =0.99, and AUC =0.99 in UNSW-NB15; and PRE =0.98, REC =0.98, and AUC =0.99 in UKM-IDS20. Notably, in UNSW-NB15, IG achieves REC =1.0 and at least PRE =0.98 since 40%-to-60%; in UKM-IDS20, IG achieves REC =1.0 and at least PRE =0.88 since 20%-to-80%. Importantly, in UKM-IDS20, IG successfully identifies all three anomalous instances without prior exposure, demonstrating its generalization capabilities. These results and inferences are reproducible. In sum, IG showcases superior generalization by consistently performing well across diverse datasets and training-to-test ratios (from 10%-to-90% to 90%-to-10%), and excels in identifying novel anomalies without prior exposure. Its interpretability is enhanced by coherent evidence that accurately distinguishes both normal and anomalous activities, significantly improving detection accuracy and reducing false alarms, thereby strengthening IDS reliability and trustworthiness.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"19 ","pages":"10302-10313"},"PeriodicalIF":6.3,"publicationDate":"2024-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10740319","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142561911","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Enterprises and organizations are faced with potential threats from insider employees that may lead to serious consequences. Previous studies on insider threat detection (ITD) mainly focus on detecting abnormal users or abnormal time periods (e.g., a week or a day). However, a user may have hundreds of thousands of activities in the log, and even within a day there may exist thousands of activities for a user, requiring a high investigation budget to verify abnormal users or activities given the detection results. On the other hand, existing works are mainly post-hoc methods rather than real-time detection, which can not report insider threats in time before they cause loss. In this paper, we conduct the first study towards real-time ITD at activity level, and present a fine-grained and efficient framework LAN. Specifically, LAN simultaneously learns the temporal dependencies within an activity sequence and the relationships between activities across sequences with graph structure learning. Moreover, to mitigate the data imbalance problem in ITD, we propose a novel hybrid prediction loss, which integrates self-supervision signals from normal activities and supervision signals from abnormal activities into a unified loss for anomaly detection. We evaluate the performance of LAN on two widely used datasets, i.e., CERT r4.2 and CERT r5.2. Extensive and comparative experiments demonstrate the superiority of LAN, outperforming 9 state-of-the-art baselines by at least 8.43% and 6.35% in AUC for real-time ITD on CERT r4.2 and r5.2, respectively. Moreover, LAN can be also applied to post-hoc ITD, surpassing 8 competitive baselines by at least 7.70% and 4.03% in AUC on two datasets. Finally, the ablation study, parameter analysis, and compatibility analysis evaluate the impact of each module and hyper-parameter in LAN. The source code can be obtained from �https://github.com/Li1Neo/LAN�.
{"title":"LAN: Learning Adaptive Neighbors for Real-Time Insider Threat Detection","authors":"Xiangrui Cai;Yang Wang;Sihan Xu;Hao Li;Ying Zhang;Zheli Liu;Xiaojie Yuan","doi":"10.1109/TIFS.2024.3488527","DOIUrl":"10.1109/TIFS.2024.3488527","url":null,"abstract":"Enterprises and organizations are faced with potential threats from insider employees that may lead to serious consequences. Previous studies on insider threat detection (ITD) mainly focus on detecting abnormal users or abnormal time periods (e.g., a week or a day). However, a user may have hundreds of thousands of activities in the log, and even within a day there may exist thousands of activities for a user, requiring a high investigation budget to verify abnormal users or activities given the detection results. On the other hand, existing works are mainly post-hoc methods rather than real-time detection, which can not report insider threats in time before they cause loss. In this paper, we conduct the first study towards real-time ITD at activity level, and present a fine-grained and efficient framework LAN. Specifically, LAN simultaneously learns the temporal dependencies within an activity sequence and the relationships between activities across sequences with graph structure learning. Moreover, to mitigate the data imbalance problem in ITD, we propose a novel hybrid prediction loss, which integrates self-supervision signals from normal activities and supervision signals from abnormal activities into a unified loss for anomaly detection. We evaluate the performance of LAN on two widely used datasets, i.e., CERT r4.2 and CERT r5.2. Extensive and comparative experiments demonstrate the superiority of LAN, outperforming 9 state-of-the-art baselines by at least 8.43% and 6.35% in AUC for real-time ITD on CERT r4.2 and r5.2, respectively. Moreover, LAN can be also applied to post-hoc ITD, surpassing 8 competitive baselines by at least 7.70% and 4.03% in AUC on two datasets. Finally, the ablation study, parameter analysis, and compatibility analysis evaluate the impact of each module and hyper-parameter in LAN. The source code can be obtained from \u0000<uri>https://github.com/Li1Neo/LAN</uri>\u0000.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"19 ","pages":"10157-10172"},"PeriodicalIF":6.3,"publicationDate":"2024-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142561910","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-10-30DOI: 10.1109/tifs.2024.3488507
Lushan Song, Zhexuan Wang, Guopeng Lin, Weili Han
{"title":"Ruyi: A Configurable and Efficient Secure Multi-Party Learning Framework with Privileged Parties","authors":"Lushan Song, Zhexuan Wang, Guopeng Lin, Weili Han","doi":"10.1109/tifs.2024.3488507","DOIUrl":"https://doi.org/10.1109/tifs.2024.3488507","url":null,"abstract":"","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"1 1","pages":""},"PeriodicalIF":6.8,"publicationDate":"2024-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142556172","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-10-30DOI: 10.1109/tifs.2024.3488520
Yafang Yang, Lei Zhang, Yunlei Zhao, Kim-Kwang Raymond Choo, Yan Zhang
{"title":"Rebuttal to ‘On the Unforgeability of “Privacy-Preserving Aggregation-Authentication Scheme for Safety Warning System in Fog-Cloud Based VANET” ’","authors":"Yafang Yang, Lei Zhang, Yunlei Zhao, Kim-Kwang Raymond Choo, Yan Zhang","doi":"10.1109/tifs.2024.3488520","DOIUrl":"https://doi.org/10.1109/tifs.2024.3488520","url":null,"abstract":"","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"37 1","pages":""},"PeriodicalIF":6.8,"publicationDate":"2024-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142556169","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Federated recommendation (FR) addresses privacy concerns in recommender systems by training a global model without requiring raw user data to leave individual devices. A server, known as the aggregator, integrates users’ local gradients and updates the global model parameters. However, FR is vulnerable to attacks where malicious users manipulate these updates, known as model poisoning attacks. In this work, we propose a new targeted attack called �StairClimbing� to promote specific items through model poisoning, and a new defence mechanism �CrossEU. StairClimbing� adopts a new strategy resembling stair climbing to enable target items to beat competitive items and increase their popularity level by level. Compared to prior attacks, �StairClimbing� guarantees balanced effectiveness, efficiency and stealthiness simultaneously. Our defence mechanism �CrossEU� leverages two patterns regarding the lists of items updated by benign users between iterative epochs. Extensive experiments on six real-world datasets demonstrate �StairClimbing�’s superiority across all three desirable attack properties, even with a small proportion of malicious users (1%). In addition, �CrossEU� effectively delays the impact of all tested attacks and even eliminates their damage entirely.
{"title":"Eyes on Federated Recommendation: Targeted Poisoning With Competition and Its Mitigation","authors":"Yurong Hao;Xihui Chen;Wei Wang;Jiqiang Liu;Tao Li;Junyong Wang;Witold Pedrycz","doi":"10.1109/TIFS.2024.3488500","DOIUrl":"10.1109/TIFS.2024.3488500","url":null,"abstract":"Federated recommendation (FR) addresses privacy concerns in recommender systems by training a global model without requiring raw user data to leave individual devices. A server, known as the aggregator, integrates users’ local gradients and updates the global model parameters. However, FR is vulnerable to attacks where malicious users manipulate these updates, known as model poisoning attacks. In this work, we propose a new targeted attack called \u0000<monospace>StairClimbing</monospace>\u0000 to promote specific items through model poisoning, and a new defence mechanism \u0000<monospace>CrossEU. StairClimbing</monospace>\u0000 adopts a new strategy resembling stair climbing to enable target items to beat competitive items and increase their popularity level by level. Compared to prior attacks, \u0000<monospace>StairClimbing</monospace>\u0000 guarantees balanced effectiveness, efficiency and stealthiness simultaneously. Our defence mechanism \u0000<monospace>CrossEU</monospace>\u0000 leverages two patterns regarding the lists of items updated by benign users between iterative epochs. Extensive experiments on six real-world datasets demonstrate \u0000<monospace>StairClimbing</monospace>\u0000’s superiority across all three desirable attack properties, even with a small proportion of malicious users (1%). In addition, \u0000<monospace>CrossEU</monospace>\u0000 effectively delays the impact of all tested attacks and even eliminates their damage entirely.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"19 ","pages":"10173-10188"},"PeriodicalIF":6.3,"publicationDate":"2024-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142556170","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-10-30DOI: 10.1109/TIFS.2024.3488509
Zheng Wan;Kexin Liu;Yajun Chen;Kaizhi Huang;Hui-Ming Wang;Zheng Chu;Ming Yi;Liang Jin
Due to the limited coverage of reflecting-only reconfigurable intelligent surfaces (RIS), the existing RIS-assisted physical-layer key generation (PKG) scheme limits its overall performance in the full space. This paper proposes a novel simultaneously transmitting and reflecting (STAR)-RIS-assisted PKG protocol for multiple-input multiple-output (MIMO) systems, where the closed-form sum secret key rate is derived in the presence of full-space eavesdroppers. Two optimization problems are formulated to maximize the sum secret key rate by designing the transmit beamforming (TBF) and transmitting and reflecting coefficients (TRCs) for energy splitting (ES) with coupled phase-shift and mode switching (MS) mode. For ES mode with coupled phase-shift, a penalty-based alternating optimization (AO) algorithm is proposed to address its non-convexity. For MS mode, the semidefinite relaxation-successive convex approximation-based AO algorithm is utilized to achieve continuous solutions and then quantize to binary value for the MS mode. Simulation results demonstrate that the coupled phase-shift STAR-RIS incurs a slight KGR loss in comparison to the independent phase-shift STAR-RIS. Additionally, the ES mode outperforms the MS mode in terms of KGR performance. Finally, STAR-RIS can achieve a higher sum secret key rate than traditional reflecting-only RIS.
由于仅反射可重构智能表面(RIS)的覆盖范围有限,现有的 RIS 辅助物理层密钥生成(PKG)方案限制了其在全空间的整体性能。本文为多输入多输出(MIMO)系统提出了一种新颖的同时发射和反射(STAR)-RIS 辅助 PKG 协议,在存在全空间窃听者的情况下,得出了闭式和密钥率。本文提出了两个优化问题,通过设计具有耦合相移的能量分割(ES)模式和模式切换(MS)模式下的发射波束成形(TBF)和发射与反射系数(TRCs)来最大化总秘钥率。针对具有耦合相移的 ES 模式,提出了一种基于惩罚的交替优化 (AO) 算法,以解决其非凸性问题。对于 MS 模式,利用基于半无限松弛-后继凸近似的 AO 算法实现连续解,然后将 MS 模式量化为二进制值。仿真结果表明,与独立移相 STAR-RIS 相比,耦合移相 STAR-RIS 会产生轻微的 KGR 损失。此外,ES 模式的 KGR 性能优于 MS 模式。最后,STAR-RIS 比传统的纯反射 RIS 能获得更高的密钥总和率。
{"title":"Resource Allocation for STAR-RIS-Assisted MIMO Physical-Layer Key Generation","authors":"Zheng Wan;Kexin Liu;Yajun Chen;Kaizhi Huang;Hui-Ming Wang;Zheng Chu;Ming Yi;Liang Jin","doi":"10.1109/TIFS.2024.3488509","DOIUrl":"10.1109/TIFS.2024.3488509","url":null,"abstract":"Due to the limited coverage of reflecting-only reconfigurable intelligent surfaces (RIS), the existing RIS-assisted physical-layer key generation (PKG) scheme limits its overall performance in the full space. This paper proposes a novel simultaneously transmitting and reflecting (STAR)-RIS-assisted PKG protocol for multiple-input multiple-output (MIMO) systems, where the closed-form sum secret key rate is derived in the presence of full-space eavesdroppers. Two optimization problems are formulated to maximize the sum secret key rate by designing the transmit beamforming (TBF) and transmitting and reflecting coefficients (TRCs) for energy splitting (ES) with coupled phase-shift and mode switching (MS) mode. For ES mode with coupled phase-shift, a penalty-based alternating optimization (AO) algorithm is proposed to address its non-convexity. For MS mode, the semidefinite relaxation-successive convex approximation-based AO algorithm is utilized to achieve continuous solutions and then quantize to binary value for the MS mode. Simulation results demonstrate that the coupled phase-shift STAR-RIS incurs a slight KGR loss in comparison to the independent phase-shift STAR-RIS. Additionally, the ES mode outperforms the MS mode in terms of KGR performance. Finally, STAR-RIS can achieve a higher sum secret key rate than traditional reflecting-only RIS.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"19 ","pages":"10328-10338"},"PeriodicalIF":6.3,"publicationDate":"2024-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142556173","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-10-30DOI: 10.1109/tifs.2024.3488362
Liza Afeef, Haji M. Furqan, Hüseyin Arslan
{"title":"Robust Tracking-Based PHY-Authentication in mmWave MIMO Systems","authors":"Liza Afeef, Haji M. Furqan, Hüseyin Arslan","doi":"10.1109/tifs.2024.3488362","DOIUrl":"https://doi.org/10.1109/tifs.2024.3488362","url":null,"abstract":"","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"6 1","pages":""},"PeriodicalIF":6.8,"publicationDate":"2024-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142556171","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-10-30DOI: 10.1109/TIFS.2024.3488533
Aymar Le Père Tchimwa Bouom;Jean-Pierre Lienou;Wilson Ejuh Geh;Frederica Free Nelson;Sachin Shetty;Charles Kamhoua
Network defence practices have no standardized mechanism for determining the priority of threat events. Prioritization of cyber vulnerabilities intends to make network administrators focus on the most critical points within the system to mitigate potential damages produced by attackers. More likely, in managing vulnerabilities, current approaches always focus on the common vulnerability exposures (CVE), which are not the only existing vulnerabilities in a network. Also, while the Common Vulnerability Scoring System (CVSS) effectively scores individual vulnerabilities, it fails to consider the relationships between them but considers each vulnerability in isolation. Existing research, such as the ‘AssetRank’ algorithm, has made progress in exploring these relationships. Building on this foundation, in this paper we propose TriAssetRank, a tripartite ranking algorithm that evaluates three key elements within a logical attack graph: vulnerabilities, privileges, and potential attack exploits. Since each node type has its unique characteristics and potential impact on the system’s security, we rank them in concert, taking into account the dependencies between nodes in the attack graph. The proposed ranking scheme computes a numerical value for each node based on its type, which is a clear indication of how valuable it is to a potential attacker. Several tests on various model networks have empirically validated the effectiveness of the algorithm, which enables organizations to prioritize countermeasures by identifying the most critical vulnerabilities, exploits, and privilege escalation risks, allowing efficient allocation of resources to mitigate high-impact threats and reduce overall risk exposure effectively.
{"title":"TriAssetRank: Ranking Vulnerabilities, Exploits, and Privileges for Countermeasures Prioritization","authors":"Aymar Le Père Tchimwa Bouom;Jean-Pierre Lienou;Wilson Ejuh Geh;Frederica Free Nelson;Sachin Shetty;Charles Kamhoua","doi":"10.1109/TIFS.2024.3488533","DOIUrl":"10.1109/TIFS.2024.3488533","url":null,"abstract":"Network defence practices have no standardized mechanism for determining the priority of threat events. Prioritization of cyber vulnerabilities intends to make network administrators focus on the most critical points within the system to mitigate potential damages produced by attackers. More likely, in managing vulnerabilities, current approaches always focus on the common vulnerability exposures (CVE), which are not the only existing vulnerabilities in a network. Also, while the Common Vulnerability Scoring System (CVSS) effectively scores individual vulnerabilities, it fails to consider the relationships between them but considers each vulnerability in isolation. Existing research, such as the ‘AssetRank’ algorithm, has made progress in exploring these relationships. Building on this foundation, in this paper we propose TriAssetRank, a tripartite ranking algorithm that evaluates three key elements within a logical attack graph: vulnerabilities, privileges, and potential attack exploits. Since each node type has its unique characteristics and potential impact on the system’s security, we rank them in concert, taking into account the dependencies between nodes in the attack graph. The proposed ranking scheme computes a numerical value for each node based on its type, which is a clear indication of how valuable it is to a potential attacker. Several tests on various model networks have empirically validated the effectiveness of the algorithm, which enables organizations to prioritize countermeasures by identifying the most critical vulnerabilities, exploits, and privilege escalation risks, allowing efficient allocation of resources to mitigate high-impact threats and reduce overall risk exposure effectively.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"19 ","pages":"10189-10205"},"PeriodicalIF":6.3,"publicationDate":"2024-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142556167","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-10-30DOI: 10.1109/TIFS.2024.3488498
Jiajun Chen;Yichen Shen;Chi Wan Sung
This paper studies distributed storage for protecting the confidentiality of partial data in the presence of storage node failures. It is required that not only the original data can be reconstructed from the remaining surviving nodes, but also the data lost by a failed node can be repaired from as few nodes as possible. The minimum number of surviving nodes required to repair a failed node is called the repair degree. Inspired by the zigzag-decodable secret sharing scheme, we propose a new shift-add secret sharing scheme based on the XOR and bitwise-shift operations, in which confidential data is protected by using random keys generated from non-confidential data. The reliability and repairability of the proposed scheme are measured by the message loss probability and the maximum repair degree among all nodes, respectively, and then compared with three benchmark schemes. In contrast to conventional zigzag-decodable codes, the special structure of our proposed scheme allows the design of fast parallel algorithms for modern devices with multi-core processors, which have a linear speedup in decoding time compared with various versions of serial zigzag decoding. Experiments are implemented on a multi-core computer, and the empirical results on decoding time are consistent with our theoretical observations.
{"title":"A New Shift-Add Secret Sharing Scheme for Partial Data Protection With Parallel Zigzag Decoding","authors":"Jiajun Chen;Yichen Shen;Chi Wan Sung","doi":"10.1109/TIFS.2024.3488498","DOIUrl":"10.1109/TIFS.2024.3488498","url":null,"abstract":"This paper studies distributed storage for protecting the confidentiality of partial data in the presence of storage node failures. It is required that not only the original data can be reconstructed from the remaining surviving nodes, but also the data lost by a failed node can be repaired from as few nodes as possible. The minimum number of surviving nodes required to repair a failed node is called the repair degree. Inspired by the zigzag-decodable secret sharing scheme, we propose a new shift-add secret sharing scheme based on the XOR and bitwise-shift operations, in which confidential data is protected by using random keys generated from non-confidential data. The reliability and repairability of the proposed scheme are measured by the message loss probability and the maximum repair degree among all nodes, respectively, and then compared with three benchmark schemes. In contrast to conventional zigzag-decodable codes, the special structure of our proposed scheme allows the design of fast parallel algorithms for modern devices with multi-core processors, which have a linear speedup in decoding time compared with various versions of serial zigzag decoding. Experiments are implemented on a multi-core computer, and the empirical results on decoding time are consistent with our theoretical observations.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"19 ","pages":"10221-10232"},"PeriodicalIF":6.3,"publicationDate":"2024-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142556168","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: