Aiming at the problem of adopting the same level of privacy protection for sensitive data in the process of data collection and ignoring the difference in privacy protection requirements, the authors propose an adaptive personalized randomized response method based on local differential privacy (LDP-APRR). LDP-APRR determines the sensitive level through the user scoring strategy, introduces the concept of sensitive weights for adaptive allocation of privacy budget, and realizes the personalized privacy protection of sensitive attributes and attribute values. To verify the distorted data availability, LDP-APRR is applied to frequent items mining scenarios and compared with mining associations with secrecy konstraints (MASK), and grouping-based randomization for privacy-preserving frequent pattern mining (GR-PPFM). Results show that the LDP-APRR achieves personalized protection of sensitive attributes and attribute values with user participation, and the maxPrivacy and avgPrivacy are improved by 1.2% and 4.3%, respectively, while the availability of distorted data is guaranteed.
{"title":"Adaptive Personalized Randomized Response Method Based on Local Differential Privacy","authors":"Dongyan Zhang, Lili Zhang, Zhiyong Zhang, Zhongya Zhang","doi":"10.4018/ijisp.335225","DOIUrl":"https://doi.org/10.4018/ijisp.335225","url":null,"abstract":"Aiming at the problem of adopting the same level of privacy protection for sensitive data in the process of data collection and ignoring the difference in privacy protection requirements, the authors propose an adaptive personalized randomized response method based on local differential privacy (LDP-APRR). LDP-APRR determines the sensitive level through the user scoring strategy, introduces the concept of sensitive weights for adaptive allocation of privacy budget, and realizes the personalized privacy protection of sensitive attributes and attribute values. To verify the distorted data availability, LDP-APRR is applied to frequent items mining scenarios and compared with mining associations with secrecy konstraints (MASK), and grouping-based randomization for privacy-preserving frequent pattern mining (GR-PPFM). Results show that the LDP-APRR achieves personalized protection of sensitive attributes and attribute values with user participation, and the maxPrivacy and avgPrivacy are improved by 1.2% and 4.3%, respectively, while the availability of distorted data is guaranteed.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"78 9","pages":""},"PeriodicalIF":0.8,"publicationDate":"2024-01-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139440704","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Jinhai Song, Zhiyong Zhang, Kejing Zhao, Qinhai Xue, B. Gupta
Industrial internet security incidents occur frequently, and it is very important to accurately and effectively detect industrial internet attacks. In this paper, a novel CNN-LSTM fusion model-based method is proposed to detect malicious behavior under industrial internet security. Firstly, the data distribution is analyzed with the help of kernel density estimation, and the Pearson correlation coefficient is used to select the strong correlation feature as the model input. The one-dimensional convolutional neural network and the long short-term memory network respectively extract the spatial sequence features of the data and then use the softmax function to complete the classification task. In order to verify the effectiveness of the model, it is evaluated on the NSL-KDD dataset and the GAS dataset, and experiments show that the model has a significant performance improvement over a single model. In the detection of industrial network traffic data, the accuracy rate of 97.09% and the recall rate of 90.84% are achieved.
{"title":"A Novel CNN-LSTM Fusion-Based Intrusion Detection Method for Industrial Internet","authors":"Jinhai Song, Zhiyong Zhang, Kejing Zhao, Qinhai Xue, B. Gupta","doi":"10.4018/ijisp.325232","DOIUrl":"https://doi.org/10.4018/ijisp.325232","url":null,"abstract":"Industrial internet security incidents occur frequently, and it is very important to accurately and effectively detect industrial internet attacks. In this paper, a novel CNN-LSTM fusion model-based method is proposed to detect malicious behavior under industrial internet security. Firstly, the data distribution is analyzed with the help of kernel density estimation, and the Pearson correlation coefficient is used to select the strong correlation feature as the model input. The one-dimensional convolutional neural network and the long short-term memory network respectively extract the spatial sequence features of the data and then use the softmax function to complete the classification task. In order to verify the effectiveness of the model, it is evaluated on the NSL-KDD dataset and the GAS dataset, and experiments show that the model has a significant performance improvement over a single model. In the detection of industrial network traffic data, the accuracy rate of 97.09% and the recall rate of 90.84% are achieved.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":" ","pages":""},"PeriodicalIF":0.8,"publicationDate":"2023-07-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"44190571","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Mathew Nicho, Christopher D. McDermott, H. Fakhry, S. Girija
Cyber-attacks targeting high-profile entities are focused, persistent, and employ common vectors with varying levels of sophistication to exploit social-technical vulnerabilities. Advanced persistent threats (APTs) deploy zero-day malware against such targets to gain entry through multiple security layers, exploiting the dynamic interplay of vulnerabilities in the target network. System dynamics (SD) offers an alternative approach to analyze non-linear, complex, and dynamic social-technical systems. This research applied SD to three high-profile APT attacks - Equifax, Carphone, and Zomato - to identify and simulate socio-technical variables leading to breaches. By modeling APTs using SD, managers can evaluate threats, predict attacks, and reduce damage by mitigating specific socio-technical cues. This study provides valuable insights into the dynamics of cyber threats, making it the first to apply SD to APTs.
{"title":"A System Dynamics Approach to Evaluate Advanced Persistent Threat Vectors","authors":"Mathew Nicho, Christopher D. McDermott, H. Fakhry, S. Girija","doi":"10.4018/ijisp.324064","DOIUrl":"https://doi.org/10.4018/ijisp.324064","url":null,"abstract":"Cyber-attacks targeting high-profile entities are focused, persistent, and employ common vectors with varying levels of sophistication to exploit social-technical vulnerabilities. Advanced persistent threats (APTs) deploy zero-day malware against such targets to gain entry through multiple security layers, exploiting the dynamic interplay of vulnerabilities in the target network. System dynamics (SD) offers an alternative approach to analyze non-linear, complex, and dynamic social-technical systems. This research applied SD to three high-profile APT attacks - Equifax, Carphone, and Zomato - to identify and simulate socio-technical variables leading to breaches. By modeling APTs using SD, managers can evaluate threats, predict attacks, and reduce damage by mitigating specific socio-technical cues. This study provides valuable insights into the dynamics of cyber threats, making it the first to apply SD to APTs.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":" ","pages":""},"PeriodicalIF":0.8,"publicationDate":"2023-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"44410462","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In recent years, IoT adoption has been higher, and this causes lots of security concerns. One of the fundamental security concerns in IoT adoption is the question, “Are you who you say you are?” Thus, authentication forms the gateway for a secure communication system with IoT. So far, the human voice is one of the most natural, non-intrusive, and convenient behavioural biometric factors compared to other biometric authentication methods. Despite the non-intrusive characteristics of voice as a biometric authentication factor when accessing IoT technologies, there is a concern of a general societal trust and distrust with IoT technology and the risk of theft of users' data and imitation. This study derived a realistic trust evaluation model that incorporates privacy, reliability, security, usability, safety, and availability factors into a trust vector for a flexible measurement of trust in the user accessing IoT technologies.
{"title":"Trust and Voice Biometrics Authentication for Internet of Things","authors":"Alec Wells, A. Usman","doi":"10.4018/ijisp.322102","DOIUrl":"https://doi.org/10.4018/ijisp.322102","url":null,"abstract":"In recent years, IoT adoption has been higher, and this causes lots of security concerns. One of the fundamental security concerns in IoT adoption is the question, “Are you who you say you are?” Thus, authentication forms the gateway for a secure communication system with IoT. So far, the human voice is one of the most natural, non-intrusive, and convenient behavioural biometric factors compared to other biometric authentication methods. Despite the non-intrusive characteristics of voice as a biometric authentication factor when accessing IoT technologies, there is a concern of a general societal trust and distrust with IoT technology and the risk of theft of users' data and imitation. This study derived a realistic trust evaluation model that incorporates privacy, reliability, security, usability, safety, and availability factors into a trust vector for a flexible measurement of trust in the user accessing IoT technologies.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":" ","pages":""},"PeriodicalIF":0.8,"publicationDate":"2023-04-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"42940978","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Android is the most popular mobile OS; it has the highest market share worldwide on mobile devices. Due to its popularity and large availability among smartphone users from all around the world, it becomes the first target for cyber criminals who take advantage of its open-source nature to distribute malware through applications in order to steal sensitive data. To cope with this serious problem, many researchers have proposed different methods to detect malicious applications. Machine learning techniques are widely being used for malware detection. In this paper, the authors proposed a new method of feature selection based on the dragonfly algorithm, named BDA-FS, to improve the performance of Android malware detection. Different feature subsets selected by the application of this proposed method in combination with machine learning were used to build the classification model. Experimental results show that incorporating dragonfly algorithm into Android malware detection performed better classification accuracy with few features compared to machine learning without feature selection.
{"title":"A New Feature Selection Method Based on Dragonfly Algorithm for Android Malware Detection Using Machine Learning Techniques","authors":"Mohamed Guendouz, Abdelmalek Amine","doi":"10.4018/ijisp.319018","DOIUrl":"https://doi.org/10.4018/ijisp.319018","url":null,"abstract":"Android is the most popular mobile OS; it has the highest market share worldwide on mobile devices. Due to its popularity and large availability among smartphone users from all around the world, it becomes the first target for cyber criminals who take advantage of its open-source nature to distribute malware through applications in order to steal sensitive data. To cope with this serious problem, many researchers have proposed different methods to detect malicious applications. Machine learning techniques are widely being used for malware detection. In this paper, the authors proposed a new method of feature selection based on the dragonfly algorithm, named BDA-FS, to improve the performance of Android malware detection. Different feature subsets selected by the application of this proposed method in combination with machine learning were used to build the classification model. Experimental results show that incorporating dragonfly algorithm into Android malware detection performed better classification accuracy with few features compared to machine learning without feature selection.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":" ","pages":""},"PeriodicalIF":0.8,"publicationDate":"2023-03-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"45119466","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This article proposes a competitive-evolving-committee proactive secret sharing. Every participant in the system has the opportunity to become a member of the holding committee and have sufficient anonymity. During the life cycle of serving as the holding committee members, they only send one message in the protocol without excessive interaction, and achieve receiver strong anonymity with a capability-based encryption scheme different from most public-key encryption schemes, at present named RiddleEncryption, which is also proposed in this paper. In RiddleEncryption the sender does not need to pay attention to the specific identity of the receiver but focuses on what kind of capability the receiver should have. Nobody can determine this kind of capability at the beginning of the system establishment. This article aims at depositing a secret in a distributed manner (e.g., blockchain) without excessive trust and to emphasize more anonymity and capability. The scheme can be used in the dynamic groups, authentication management, rights abuse prevention, and so on.
{"title":"“Every Dog Has His Day”","authors":"Chuyi Yan, Haixia Xu, Peili Li","doi":"10.4018/ijisp.318697","DOIUrl":"https://doi.org/10.4018/ijisp.318697","url":null,"abstract":"This article proposes a competitive-evolving-committee proactive secret sharing. Every participant in the system has the opportunity to become a member of the holding committee and have sufficient anonymity. During the life cycle of serving as the holding committee members, they only send one message in the protocol without excessive interaction, and achieve receiver strong anonymity with a capability-based encryption scheme different from most public-key encryption schemes, at present named RiddleEncryption, which is also proposed in this paper. In RiddleEncryption the sender does not need to pay attention to the specific identity of the receiver but focuses on what kind of capability the receiver should have. Nobody can determine this kind of capability at the beginning of the system establishment. This article aims at depositing a secret in a distributed manner (e.g., blockchain) without excessive trust and to emphasize more anonymity and capability. The scheme can be used in the dynamic groups, authentication management, rights abuse prevention, and so on.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"1 1","pages":""},"PeriodicalIF":0.8,"publicationDate":"2023-03-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"41567749","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
With the development of smart cities, video surveillance networks have become an important infrastructure for urban governance. However, by replacing or tampering with surveillance cameras, an important front-end device, attackers are able to access the internal network. In order to identify illegal or suspicious camera identities in advance, a camera identity identification method that incorporates multidimensional identification features is proposed. By extracting the static information of cameras and dynamic traffic information, a camera identity system that incorporates explicit, implicit, and dynamic identifiers is constructed. The experimental results show that the explicit identifiers have the highest contribution, but they are easy to forge; the dynamic identifiers rank second, but the traffic preprocessing is complex; the static identifiers rank last but are indispensable. Experiments on 40 cameras verified the effectiveness and feasibility of the proposed identifier system for camera identification, and the accuracy of identification reached 92.5%.
{"title":"Video Surveillance Camera Identity Recognition Method Fused With Multi-Dimensional Static and Dynamic Identification Features","authors":"Zhijie Fan, Zhiwei Cao, Xin Li, Chunmei Wang, Bo Jin, Qianjin Tang","doi":"10.4018/ijisp.319304","DOIUrl":"https://doi.org/10.4018/ijisp.319304","url":null,"abstract":"With the development of smart cities, video surveillance networks have become an important infrastructure for urban governance. However, by replacing or tampering with surveillance cameras, an important front-end device, attackers are able to access the internal network. In order to identify illegal or suspicious camera identities in advance, a camera identity identification method that incorporates multidimensional identification features is proposed. By extracting the static information of cameras and dynamic traffic information, a camera identity system that incorporates explicit, implicit, and dynamic identifiers is constructed. The experimental results show that the explicit identifiers have the highest contribution, but they are easy to forge; the dynamic identifiers rank second, but the traffic preprocessing is complex; the static identifiers rank last but are indispensable. Experiments on 40 cameras verified the effectiveness and feasibility of the proposed identifier system for camera identification, and the accuracy of identification reached 92.5%.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":" ","pages":""},"PeriodicalIF":0.8,"publicationDate":"2023-03-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"45205703","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In view of the rich information and strong autocorrelation of remote sensing images, a super-resolution reconstruction algorithm based on symmetric local fusion blocks is proposed using a convolutional neural network based on local fusion blocks, which improves the effect of high-frequency information reconstruction. By setting local fusion in the residual block, the problem of insufficient high-frequency feature extraction is alleviated, and the reconstruction accuracy of remote sensing images of deep networks is improved. To improve the utilization of global features and reduce the computational complexity of the network, a residual method is used to set the symmetric jump connection between the local fusion blocks to form the symmetry between them. Experimental results show that the reconstruction results of 2-, 3-, and 4-fold sampling factors on the UC Merced and nwpu-resisc45 remote sensing datasets are better than those of comparison algorithms in image clarity and edge sharpness, and the reconstruction results are better in objective evaluation and subjective vision.
{"title":"Super-Resolution Reconstruction of Remote Sensing Images Based on Symmetric Local Fusion Blocks","authors":"Xinqiang Wang, Wenhuan Lu","doi":"10.4018/ijisp.319019","DOIUrl":"https://doi.org/10.4018/ijisp.319019","url":null,"abstract":"In view of the rich information and strong autocorrelation of remote sensing images, a super-resolution reconstruction algorithm based on symmetric local fusion blocks is proposed using a convolutional neural network based on local fusion blocks, which improves the effect of high-frequency information reconstruction. By setting local fusion in the residual block, the problem of insufficient high-frequency feature extraction is alleviated, and the reconstruction accuracy of remote sensing images of deep networks is improved. To improve the utilization of global features and reduce the computational complexity of the network, a residual method is used to set the symmetric jump connection between the local fusion blocks to form the symmetry between them. Experimental results show that the reconstruction results of 2-, 3-, and 4-fold sampling factors on the UC Merced and nwpu-resisc45 remote sensing datasets are better than those of comparison algorithms in image clarity and edge sharpness, and the reconstruction results are better in objective evaluation and subjective vision.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":" ","pages":""},"PeriodicalIF":0.8,"publicationDate":"2023-03-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"42775818","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Peer-to-peer (P2P) botnet is one of the greatest threats to digital data. It has become a common tool for performing a lot of malicious activities such as DDoS attacks, phishing attacks, spreading spam, identity theft, ransomware, extortion attack, and many other fraudulent activities. P2P botnets are very resilient and stealthy and keep mutating to evade security mechanisms. Therefore, it has become necessary to identify and detect botnet flow from the normal flow. This paper uses supervised machine learning algorithms to detect P2P botnet flow. This paper also uses an ensemble learning technique to combine the performances of various supervised machine learning models to make predictions. To validate the results, four performance metrics have been used. These are accuracy, precision, recall, and F1-score. Experimental results show that the proposed approach delivers 99.99% accuracy, 99.81% precision, 99.11% recall, and 99.32% F1 score, which outperform the previous botnet detection approaches.
{"title":"Detection of Peer-to-Peer Botnet Using Machine Learning Techniques and Ensemble Learning Algorithm","authors":"S. Baruah, D. Borah, V. Deka","doi":"10.4018/ijisp.319303","DOIUrl":"https://doi.org/10.4018/ijisp.319303","url":null,"abstract":"Peer-to-peer (P2P) botnet is one of the greatest threats to digital data. It has become a common tool for performing a lot of malicious activities such as DDoS attacks, phishing attacks, spreading spam, identity theft, ransomware, extortion attack, and many other fraudulent activities. P2P botnets are very resilient and stealthy and keep mutating to evade security mechanisms. Therefore, it has become necessary to identify and detect botnet flow from the normal flow. This paper uses supervised machine learning algorithms to detect P2P botnet flow. This paper also uses an ensemble learning technique to combine the performances of various supervised machine learning models to make predictions. To validate the results, four performance metrics have been used. These are accuracy, precision, recall, and F1-score. Experimental results show that the proposed approach delivers 99.99% accuracy, 99.81% precision, 99.11% recall, and 99.32% F1 score, which outperform the previous botnet detection approaches.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":" ","pages":""},"PeriodicalIF":0.8,"publicationDate":"2023-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"48735844","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-01-01DOI: 10.1007/978-3-031-35486-1
Mir Ali Rezazadeh Baee
{"title":"Information Security and Privacy: 28th Australasian Conference, ACISP 2023, Brisbane, QLD, Australia, July 5–7, 2023, Proceedings","authors":"Mir Ali Rezazadeh Baee","doi":"10.1007/978-3-031-35486-1","DOIUrl":"https://doi.org/10.1007/978-3-031-35486-1","url":null,"abstract":"","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"54 1","pages":""},"PeriodicalIF":0.8,"publicationDate":"2023-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"83618255","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: