Journal of Information Security and Applications最新文献_第10页

Quantum-safe and provable secure vehicle to infrastructure authenticated key-agreement for VANETs 量子安全和可验证的安全车辆到基础设施的VANETs认证密钥协议

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2025-12-01 Epub Date: 2025-10-27 DOI: 10.1016/j.jisa.2025.104274

Nahida Majeed Wani , Girraj Kumar Verma , Neeraj Kumar

The rapid progression of Vehicular Ad-Hoc Networks (VANETs) has greatly eased the dissemination of safety-critical data among vehicles. However, the susceptibility of wireless links in VANETs to malicious attacks presents a significant obstacle. To mitigate the obstacle, various authenticated key agreement (AKA) schemes have been devised to establish secure communication between vehicles and infrastructure. However, the advent of quantum computing threatens the security of traditional number theory-based AKA schemes. As a countermeasure, lattice-based schemes have emerged, offering quantum resistance. However, many such lattice-based schemes incur high computational and communication overhead. To overcome these limitations, this paper proposes an efficient and provably secure lattice-based AKA scheme for VANETs. Devised AKA protocol leverages quantum-safe lattice-based cryptography to ensure communication security between vehicles and infrastructure. A comprehensive security analysis within the Real-or-Random model framework validates the proposed scheme’s robustness. Furthermore, performance analysis shows that the proposed scheme reduces computational cost by approximately 92% and communication cost by 29% compared to the existing recent approach, making it well-suited for VANET deployment.

车载自组织网络（VANETs）的快速发展极大地简化了安全关键数据在车辆之间的传播。然而，vanet中无线链路对恶意攻击的易感性是一个重大障碍。为了减轻这一障碍，已经设计了各种身份验证密钥协议（AKA）方案来建立车辆和基础设施之间的安全通信。然而，量子计算的出现威胁着传统的基于数论的AKA方案的安全性。作为一种对策，基于晶格的方案已经出现，提供量子抗性。然而，许多这样的基于格的方案会产生很高的计算和通信开销。为了克服这些限制，本文提出了一种高效且可证明安全的基于格子的VANETs AKA方案。设计AKA协议利用基于量子安全的格子加密技术来确保车辆和基础设施之间的通信安全。在Real-or-Random模型框架内进行了全面的安全性分析，验证了该方案的鲁棒性。此外，性能分析表明，与现有的最新方法相比，所提出的方案减少了约92%的计算成本和29%的通信成本，使其非常适合VANET部署。

{"title":"Quantum-safe and provable secure vehicle to infrastructure authenticated key-agreement for VANETs","authors":"Nahida Majeed Wani , Girraj Kumar Verma , Neeraj Kumar","doi":"10.1016/j.jisa.2025.104274","DOIUrl":"10.1016/j.jisa.2025.104274","url":null,"abstract":"<div><div>The rapid progression of Vehicular Ad-Hoc Networks (VANETs) has greatly eased the dissemination of safety-critical data among vehicles. However, the susceptibility of wireless links in VANETs to malicious attacks presents a significant obstacle. To mitigate the obstacle, various authenticated key agreement (AKA) schemes have been devised to establish secure communication between vehicles and infrastructure. However, the advent of quantum computing threatens the security of traditional number theory-based AKA schemes. As a countermeasure, lattice-based schemes have emerged, offering quantum resistance. However, many such lattice-based schemes incur high computational and communication overhead. To overcome these limitations, this paper proposes an efficient and provably secure lattice-based AKA scheme for VANETs. Devised AKA protocol leverages quantum-safe lattice-based cryptography to ensure communication security between vehicles and infrastructure. A comprehensive security analysis within the Real-or-Random model framework validates the proposed scheme’s robustness. Furthermore, performance analysis shows that the proposed scheme reduces computational cost by approximately 92% and communication cost by 29% compared to the existing recent approach, making it well-suited for VANET deployment.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"95 ","pages":"Article 104274"},"PeriodicalIF":3.7,"publicationDate":"2025-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145424925","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Blockchain-based secure and fair data trading mechanism for healthcare 基于区块链的医疗保健安全公平数据交易机制

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2025-12-01 Epub Date: 2025-10-21 DOI: 10.1016/j.jisa.2025.104252

Kuan Fan , Jie Bai , Shiyue Zhou , Wenbo Shi , Ning Lu

The trading of data from multi-source has been demonstrated to significantly enhance the capability of knowledge discovery in the field of healthcare research. However, such trading faces challenges including inefficient data authenticity verification, limited data usability, and unfair reward distribution. To address these issues, we propose a blockchain-based secure and fair data trading mechanism for healthcare. By integrating RSA accumulators and digital signatures, we efficiently verify data authenticity. Additionally, we employ zero-knowledge proofs, which enable verifiable confirmation of whether the acquired data meets the buyer’s requirements for categories and value ranges. This enhances usability while preserving privacy.To achieve fair reward allocation, a contribution assessment model is designed, which comprehensively considers both the quantity and value of data contributed by providers. Rewards are then distributed proportionally based on each provider’s assessed contribution. Security analysis demonstrates that the mechanism can effectively resist various potential security threats. Theoretical analysis and simulation evaluation validate the practicality and fairness of the proposed scheme.

多源数据的交易已被证明可以显著提高医疗保健研究领域的知识发现能力。然而，这种交易面临着数据真实性验证效率低下、数据可用性有限、奖励分配不公平等挑战。为了解决这些问题，我们提出了一种基于区块链的医疗保健安全公平的数据交易机制。通过集成RSA累加器和数字签名，有效地验证了数据的真实性。此外，我们采用零知识证明，可以验证获取的数据是否符合买方对类别和值范围的要求。这在保护隐私的同时增强了可用性。为了实现公平的报酬分配，设计了一种综合考虑提供者提供数据的数量和价值的贡献评估模型。然后根据每个提供者的评估贡献按比例分配奖励。安全性分析表明，该机制能够有效抵御各种潜在的安全威胁。理论分析和仿真评估验证了该方案的实用性和公平性。

{"title":"Blockchain-based secure and fair data trading mechanism for healthcare","authors":"Kuan Fan , Jie Bai , Shiyue Zhou , Wenbo Shi , Ning Lu","doi":"10.1016/j.jisa.2025.104252","DOIUrl":"10.1016/j.jisa.2025.104252","url":null,"abstract":"<div><div>The trading of data from multi-source has been demonstrated to significantly enhance the capability of knowledge discovery in the field of healthcare research. However, such trading faces challenges including inefficient data authenticity verification, limited data usability, and unfair reward distribution. To address these issues, we propose a blockchain-based secure and fair data trading mechanism for healthcare. By integrating RSA accumulators and digital signatures, we efficiently verify data authenticity. Additionally, we employ zero-knowledge proofs, which enable verifiable confirmation of whether the acquired data meets the buyer’s requirements for categories and value ranges. This enhances usability while preserving privacy.To achieve fair reward allocation, a contribution assessment model is designed, which comprehensively considers both the quantity and value of data contributed by providers. Rewards are then distributed proportionally based on each provider’s assessed contribution. Security analysis demonstrates that the mechanism can effectively resist various potential security threats. Theoretical analysis and simulation evaluation validate the practicality and fairness of the proposed scheme.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"95 ","pages":"Article 104252"},"PeriodicalIF":3.7,"publicationDate":"2025-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145365867","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Defeating evasive malware with Peekaboo: Extracting authentic malware behavior with dynamic binary instrumentation 用躲猫猫打败逃避恶意软件：用动态二进制工具提取真实的恶意软件行为

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2025-12-01 Epub Date: 2025-10-31 DOI: 10.1016/j.jisa.2025.104290

Matthew Gaber, Mohiuddin Ahmed, Helge Janicke

The accuracy of Artificial Intelligence (AI) in malware detection is dependent on the features it is trained with, where the quality and authenticity of these features is dependent on the dataset and the analysis tool. Evasive malware, that alters its behavior in analysis environments, is challenging to extract authentic features from where widely used static and dynamic analysis tools have several limitations. However, Dynamic Binary Instrumentation (DBI) allows deep and precise control of the malware sample, thereby facilitating the extraction of authentic behavior from evasive malware. Considering the limitations of malware analysis for use with AI, this research had two primary objectives: investigation of the evasive techniques used by modern malware and the creation of Peekaboo, a DBI tool to extract authentic data from live Windows malware samples. Peekaboo instruments and defeats evasive techniques that target analysis tools and virtual environments. A dataset of 20,500 samples was assembled and each sample was run for up to 15 min to observe not only the anti-analysis techniques used but also its complete behavior. Peekaboo outperforms other tools on several fronts, it is the only tool to measure start and completion rates, capture the executed Assembly (ASM) instructions, record all network traffic and implements the largest coverage against evasive techniques.

人工智能（AI）在恶意软件检测中的准确性取决于它所训练的特征，其中这些特征的质量和真实性取决于数据集和分析工具。规避型恶意软件会改变其在分析环境中的行为，很难从广泛使用的静态和动态分析工具中提取出真实的特征。然而，动态二进制检测（DBI）允许对恶意软件样本进行深入和精确的控制，从而促进从规避恶意软件中提取真实行为。考虑到与AI一起使用的恶意软件分析的局限性，本研究有两个主要目标：调查现代恶意软件使用的规避技术，以及创建Peekaboo（一种DBI工具，用于从实时Windows恶意软件样本中提取真实数据）。针对分析工具和虚拟环境的躲猫猫工具和失败规避技术。收集了20,500个样本的数据集，每个样本运行长达15分钟，不仅观察使用的反分析技术，还观察其完整行为。Peekaboo在几个方面都优于其他工具，它是测量启动率和完成率的唯一工具，捕获已执行的汇编（ASM）指令，记录所有网络流量，并实现最大范围的规避技术。

{"title":"Defeating evasive malware with Peekaboo: Extracting authentic malware behavior with dynamic binary instrumentation","authors":"Matthew Gaber, Mohiuddin Ahmed, Helge Janicke","doi":"10.1016/j.jisa.2025.104290","DOIUrl":"10.1016/j.jisa.2025.104290","url":null,"abstract":"<div><div>The accuracy of Artificial Intelligence (AI) in malware detection is dependent on the features it is trained with, where the quality and authenticity of these features is dependent on the dataset and the analysis tool. Evasive malware, that alters its behavior in analysis environments, is challenging to extract authentic features from where widely used static and dynamic analysis tools have several limitations. However, Dynamic Binary Instrumentation (DBI) allows deep and precise control of the malware sample, thereby facilitating the extraction of authentic behavior from evasive malware. Considering the limitations of malware analysis for use with AI, this research had two primary objectives: investigation of the evasive techniques used by modern malware and the creation of Peekaboo, a DBI tool to extract authentic data from live Windows malware samples. Peekaboo instruments and defeats evasive techniques that target analysis tools and virtual environments. A dataset of 20,500 samples was assembled and each sample was run for up to 15 min to observe not only the anti-analysis techniques used but also its complete behavior. Peekaboo outperforms other tools on several fronts, it is the only tool to measure start and completion rates, capture the executed Assembly (ASM) instructions, record all network traffic and implements the largest coverage against evasive techniques.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"95 ","pages":"Article 104290"},"PeriodicalIF":3.7,"publicationDate":"2025-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145424931","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Entropy collapse in mobile sensors: The hidden risks of sensor-based security 移动传感器中的熵崩溃：基于传感器的安全隐患

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2025-12-01 Epub Date: 2025-10-24 DOI: 10.1016/j.jisa.2025.104272

Carlton Shepherd, Elliot A.J. Hurley

Mobile sensor data has been proposed for security-critical applications such as device pairing, proximity detection, and continuous authentication. However, the foundational premise that these signals provide sufficient entropy remains under-explored. In this work, we systematically analyse the entropy of mobile sensor data using four datasets from multiple application contexts (UCI-HAR, SHL, Relay, and PerilZIS). Using direct computation and estimation, we report entropy values – max, Shannon, collision, and min-entropy – for an exhaustive range of sensor combinations. We demonstrate that the entropy of mobile sensors remains far below what is considered secure by modern standards for security applications, even when many sensors are combined. In particular, we observe an alarming divergence between average-case Shannon entropy and worst-case min-entropy. Single-sensor min-entropy varies between 3.408–4.483 bits despite Shannon entropy being several multiples higher. We also show that redundancies between sensor modalities contribute to a

\approx

75% reduction between Shannon and min-entropy. Indeed, min-entropy plateaus between 8.1–23.9 bits when combining up to 22 modalities, while Shannon entropy can exceed 80 bits. Adding sensors typically increases Shannon entropy but moves min-entropy by only

\approx

1–2 bits per added modality, evidencing entropy collapse under redundancy. Our results reveal that adversaries may feasibly predict sensor signals through an exhaustive exploration of the measurement space. Our work also calls into question the widely held assumption that adding more sensors inherently yields higher security. Ultimately, we strongly urge caution when relying on mobile sensor data for security applications.

移动传感器数据已被提议用于安全关键应用，如设备配对、接近检测和连续认证。然而，这些信号提供足够熵的基本前提仍有待探索。在这项工作中，我们使用来自多个应用环境（UCI-HAR， SHL， Relay和PerilZIS）的四个数据集系统地分析了移动传感器数据的熵。使用直接计算和估计，我们报告熵值-最大，香农，碰撞和最小熵-为详尽的传感器组合范围。我们证明，移动传感器的熵仍然远远低于现代安全应用标准所认为的安全，即使许多传感器组合在一起。特别是，我们观察到平均情况下香农熵和最坏情况下最小熵之间的惊人差异。单传感器最小熵在3.408-4.483比特之间变化，尽管香农熵高出几倍。我们还表明，传感器模式之间的冗余有助于香农和最小熵之间减少约75%。事实上，当组合多达22种模态时，最小熵稳定在8.1-23.9比特之间，而香农熵可以超过80比特。增加传感器通常会增加香农熵，但每个增加模态只会使最小熵增加≈1-2位，这表明冗余下的熵崩溃。我们的研究结果表明，对手可以通过对测量空间的详尽探索来预测传感器信号。我们的研究也对人们普遍持有的假设提出了质疑，即增加更多的传感器本质上就会提高安全性。最后，我们强烈建议在依赖移动传感器数据进行安全应用时要谨慎。

{"title":"Entropy collapse in mobile sensors: The hidden risks of sensor-based security","authors":"Carlton Shepherd, Elliot A.J. Hurley","doi":"10.1016/j.jisa.2025.104272","DOIUrl":"10.1016/j.jisa.2025.104272","url":null,"abstract":"<div><div>Mobile sensor data has been proposed for security-critical applications such as device pairing, proximity detection, and continuous authentication. However, the foundational premise that these signals provide sufficient entropy remains under-explored. In this work, we systematically analyse the entropy of mobile sensor data using four datasets from multiple application contexts (UCI-HAR, SHL, Relay, and PerilZIS). Using direct computation and estimation, we report entropy values – max, Shannon, collision, and min-entropy – for an exhaustive range of sensor combinations. We demonstrate that the entropy of mobile sensors remains far below what is considered secure by modern standards for security applications, even when many sensors are combined. In particular, we observe an alarming divergence between average-case Shannon entropy and worst-case min-entropy. Single-sensor min-entropy varies between 3.408–4.483 bits despite Shannon entropy being several multiples higher. We also show that redundancies between sensor modalities contribute to a <span><math><mo>≈</mo></math></span>75% reduction between Shannon and min-entropy. Indeed, min-entropy plateaus between 8.1–23.9 bits when combining up to 22 modalities, while Shannon entropy can exceed 80 bits. Adding sensors typically increases Shannon entropy but moves min-entropy by only <span><math><mo>≈</mo></math></span>1–2 bits per added modality, evidencing entropy collapse under redundancy. Our results reveal that adversaries may feasibly predict sensor signals through an exhaustive exploration of the measurement space. Our work also calls into question the widely held assumption that adding more sensors inherently yields higher security. Ultimately, we strongly urge caution when relying on mobile sensor data for security applications.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"95 ","pages":"Article 104272"},"PeriodicalIF":3.7,"publicationDate":"2025-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145365341","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Res2Next with attention mechanisms for malware classification based on feature visualization 基于特征可视化的恶意软件分类的注意机制

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2025-12-01 Epub Date: 2025-10-24 DOI: 10.1016/j.jisa.2025.104271

Liangwei Yao , Hongliang Zhu , Yang Xin

Malware poses a significant threat to cybersecurity due to its diverse types, complex behaviors, and strong destructiveness. Accurately classifying malware is crucial for taking effective defense measures. However, traditional malware classification methods based on static and dynamic features face challenges such as poor adaptability, manual intervention, and low classification accuracy. Although improvements have been made with visualization-based image classification methods, they remain susceptible to interference information in deep feature extraction. To this end, this paper proposes an innovative malware classification framework that utilizes the feature visualization method to convert malware into RGB images, effectively preserving its rich features and avoiding reverse engineering. Afterward, a lightweight adaptive channel attention (ACA) mechanism is proposed, and ensemble models based on Res2NeXt that integrate various attention mechanisms are designed for deep feature extraction and classification. In addition, through t-SNE visualization, confusion matrix, and Grad-CAM heatmap display, the proposed Res2NeXt with ACA model as a typical example shows superior performance in feature space distribution, classification accuracy, and focusing on crucial features. In summary, a series of experiments conducted on public datasets, MMCC and MaleVis, demonstrate that the attention mechanisms in the ensemble models can effectively guide the model to focus on crucial features, filter out interference information, and enhance classification effectiveness. Specifically, the ACA attention mechanisms significantly improve classification accuracy with minimal impact on the model’s efficiency. The proposed framework achieves classification accuracy of up to 99.26% and 98.04%, respectively, surpassing the current state-of-the-art methods.

恶意软件类型多样、行为复杂、破坏性强，对网络安全构成重大威胁。准确分类恶意软件是采取有效防御措施的关键。然而，传统的基于静态和动态特征的恶意软件分类方法存在适应性差、人工干预、分类准确率低等问题。尽管基于可视化的图像分类方法得到了改进，但在深度特征提取中仍然容易受到干扰信息的影响。为此，本文提出了一种创新的恶意软件分类框架，利用特征可视化方法将恶意软件转换为RGB图像，有效地保留了其丰富的特征，避免了逆向工程。随后，提出了一种轻量级的自适应通道注意（ACA）机制，并基于Res2NeXt设计了集成多种注意机制的集成模型，用于深度特征提取和分类。此外，通过t-SNE可视化、混淆矩阵和Grad-CAM热图显示，以ACA模型为典型示例的Res2NeXt在特征空间分布、分类精度和对关键特征的关注方面表现出优异的性能。综上所述，在公共数据集、MMCC和MaleVis上进行的一系列实验表明，集成模型中的注意机制可以有效地引导模型关注关键特征，过滤掉干扰信息，提高分类效率。具体来说，ACA注意机制在对模型效率影响最小的情况下显著提高了分类精度。该框架的分类准确率分别高达99.26%和98.04%，超过了目前最先进的方法。

{"title":"Res2Next with attention mechanisms for malware classification based on feature visualization","authors":"Liangwei Yao , Hongliang Zhu , Yang Xin","doi":"10.1016/j.jisa.2025.104271","DOIUrl":"10.1016/j.jisa.2025.104271","url":null,"abstract":"<div><div>Malware poses a significant threat to cybersecurity due to its diverse types, complex behaviors, and strong destructiveness. Accurately classifying malware is crucial for taking effective defense measures. However, traditional malware classification methods based on static and dynamic features face challenges such as poor adaptability, manual intervention, and low classification accuracy. Although improvements have been made with visualization-based image classification methods, they remain susceptible to interference information in deep feature extraction. To this end, this paper proposes an innovative malware classification framework that utilizes the feature visualization method to convert malware into RGB images, effectively preserving its rich features and avoiding reverse engineering. Afterward, a lightweight adaptive channel attention (ACA) mechanism is proposed, and ensemble models based on Res2NeXt that integrate various attention mechanisms are designed for deep feature extraction and classification. In addition, through t-SNE visualization, confusion matrix, and Grad-CAM heatmap display, the proposed Res2NeXt with ACA model as a typical example shows superior performance in feature space distribution, classification accuracy, and focusing on crucial features. In summary, a series of experiments conducted on public datasets, MMCC and MaleVis, demonstrate that the attention mechanisms in the ensemble models can effectively guide the model to focus on crucial features, filter out interference information, and enhance classification effectiveness. Specifically, the ACA attention mechanisms significantly improve classification accuracy with minimal impact on the model’s efficiency. The proposed framework achieves classification accuracy of up to 99.26% and 98.04%, respectively, surpassing the current state-of-the-art methods.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"95 ","pages":"Article 104271"},"PeriodicalIF":3.7,"publicationDate":"2025-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145365862","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

SecTwin: A secure and efficient authentication mechanism for vehicular digital twins SecTwin：一种安全有效的车辆数字孪生认证机制

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2025-12-01 Epub Date: 2025-11-02 DOI: 10.1016/j.jisa.2025.104292

Muhammad Tanveer , Kainat Toor , Abdullah G. Alharbi , Syed Rizwan Hassan

As vehicular digital twin (VDT) networks continue to evolve, ensuring secure and efficient communication between physical vehicles and their digital counterparts is crucial. Traditional authentication protocols rely on computationally intensive cryptographic techniques, leading to increased latency and resource consumption in real-time vehicular environments. To address these challenges, this paper proposes SecTwin, a lightweight authentication mechanism designed specifically for VDT networks. SecTwin leverages TinyJAMBU authenticated encryption and hash-based authentication to establish a secure and resource-efficient communication framework between autonomous vehicles and their DTs. By integrating lightweight cryptographic techniques and secure key management, SecTwin enhances the security and efficiency of VDT networks, paving the way for reliable and safe autonomous vehicle communication. The informal demonstrates that SecTwin is resilient against key security threats, including replay attacks, impersonation, and man-in-the-middle attacks. Moreover, formal security analysis using the random oracle model and Scyther shows SecTwin is secure. Additionally, performance evaluations reveal that SecTwin reduces communication cost by 51.22%, to 52.38% and execution time by 63.29% to 82.63%, making it highly suitable for latency-sensitive vehicular applications.

随着车辆数字孪生（VDT）网络的不断发展，确保实体车辆与数字车辆之间安全高效的通信至关重要。传统的身份验证协议依赖于计算密集型的加密技术，导致实时车辆环境中的延迟和资源消耗增加。为了应对这些挑战，本文提出了专为VDT网络设计的轻量级身份验证机制SecTwin。SecTwin利用TinyJAMBU身份验证加密和基于哈希的身份验证，在自动驾驶汽车和它们的dt之间建立了一个安全和资源高效的通信框架。通过集成轻量级加密技术和安全密钥管理，SecTwin增强了VDT网络的安全性和效率，为可靠和安全的自动驾驶汽车通信铺平了道路。非正式证明了SecTwin能够抵御关键的安全威胁，包括重播攻击、模拟和中间人攻击。此外，使用随机oracle模型和Scyther进行了形式化的安全性分析，表明SecTwin是安全的。此外，性能评估显示，SecTwin将通信成本降低了51.22%，降至52.38%，执行时间降低了63.29%，降至82.63%，非常适合对延迟敏感的车载应用。

{"title":"SecTwin: A secure and efficient authentication mechanism for vehicular digital twins","authors":"Muhammad Tanveer , Kainat Toor , Abdullah G. Alharbi , Syed Rizwan Hassan","doi":"10.1016/j.jisa.2025.104292","DOIUrl":"10.1016/j.jisa.2025.104292","url":null,"abstract":"<div><div>As vehicular digital twin (VDT) networks continue to evolve, ensuring secure and efficient communication between physical vehicles and their digital counterparts is crucial. Traditional authentication protocols rely on computationally intensive cryptographic techniques, leading to increased latency and resource consumption in real-time vehicular environments. To address these challenges, this paper proposes SecTwin, a lightweight authentication mechanism designed specifically for VDT networks. SecTwin leverages TinyJAMBU authenticated encryption and hash-based authentication to establish a secure and resource-efficient communication framework between autonomous vehicles and their DTs. By integrating lightweight cryptographic techniques and secure key management, SecTwin enhances the security and efficiency of VDT networks, paving the way for reliable and safe autonomous vehicle communication. The informal demonstrates that SecTwin is resilient against key security threats, including replay attacks, impersonation, and man-in-the-middle attacks. Moreover, formal security analysis using the random oracle model and Scyther shows SecTwin is secure. Additionally, performance evaluations reveal that SecTwin reduces communication cost by 51.22%, to 52.38% and execution time by 63.29% to 82.63%, making it highly suitable for latency-sensitive vehicular applications.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"95 ","pages":"Article 104292"},"PeriodicalIF":3.7,"publicationDate":"2025-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145474740","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

VeriKNN: A verifiable and efficient secure k-NN query scheme via homomorphic encryption in dual-cloud environments VeriKNN：双云环境下基于同态加密的可验证且高效的安全k-NN查询方案

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2025-12-01 Epub Date: 2025-10-18 DOI: 10.1016/j.jisa.2025.104265

Wankang Bao, Zhongxiang Zheng

With the widespread adoption of cloud computing, data privacy protection has become a critical issue, especially for encrypted retrieval tasks in cloud environments. This paper proposes VeriKNN, a secure, efficient, and verifiable

k

-nearest neighbor (kNN) query scheme based on homomorphic encryption. The scheme introduces a verification mechanism that specifically ensures communication integrity between servers under an honest-but-curious threat model. VeriKNN first constructs a Voronoi diagram and partitions it into encrypted grids for coarse filtering. Then, it builds a multi-layer index of neighboring cells to enable fine-grained search. To address the challenges of computational efficiency and security, we propose a novel set of secure protocols specifically designed for dual-cloud collaboration, significantly improving retrieval performance. Extensive experiments demonstrate that VeriKNN outperforms the state-of-the-art SVK scheme by up to 3000 times in speed across various dataset sizes and

k

-values, and is applicable not only to two-dimensional data but also to high-dimensional data. Compared to the HFkNN scheme, VeriKNN achieves a slight reduction in accuracy but offers a 500-fold increase in speed, with the performance gap widening as dataset size increases, highlighting its superior scalability and efficiency.

随着云计算的广泛采用，数据隐私保护已成为一个关键问题，特别是对于云环境中的加密检索任务。提出了一种基于同态加密的安全、高效、可验证的k近邻（kNN）查询方案VeriKNN。该方案引入了一种验证机制，在诚实但好奇的威胁模型下确保服务器之间的通信完整性。VeriKNN首先构造一个Voronoi图，并将其划分为加密网格进行粗过滤。然后，它构建相邻单元的多层索引，以实现细粒度搜索。为了解决计算效率和安全性方面的挑战，我们提出了一套专门为双云协作设计的新型安全协议，显著提高了检索性能。大量的实验表明，在不同的数据集大小和k值上，verknn的速度比最先进的SVK方案快3000倍，不仅适用于二维数据，也适用于高维数据。与HFkNN方案相比，VeriKNN的准确性略有降低，但速度提高了500倍，性能差距随着数据集大小的增加而扩大，突出了其优越的可扩展性和效率。

{"title":"VeriKNN: A verifiable and efficient secure k-NN query scheme via homomorphic encryption in dual-cloud environments","authors":"Wankang Bao, Zhongxiang Zheng","doi":"10.1016/j.jisa.2025.104265","DOIUrl":"10.1016/j.jisa.2025.104265","url":null,"abstract":"<div><div>With the widespread adoption of cloud computing, data privacy protection has become a critical issue, especially for encrypted retrieval tasks in cloud environments. This paper proposes <strong>VeriKNN</strong>, a secure, efficient, and verifiable <span><math><mi>k</mi></math></span>-nearest neighbor (kNN) query scheme based on homomorphic encryption. The scheme introduces a verification mechanism that specifically ensures communication integrity between servers under an honest-but-curious threat model. VeriKNN first constructs a Voronoi diagram and partitions it into encrypted grids for coarse filtering. Then, it builds a multi-layer index of neighboring cells to enable fine-grained search. To address the challenges of computational efficiency and security, we propose a novel set of secure protocols specifically designed for dual-cloud collaboration, significantly improving retrieval performance. Extensive experiments demonstrate that VeriKNN outperforms the state-of-the-art SVK scheme by up to 3000 times in speed across various dataset sizes and <span><math><mi>k</mi></math></span>-values, and is applicable not only to two-dimensional data but also to high-dimensional data. Compared to the HFkNN scheme, VeriKNN achieves a slight reduction in accuracy but offers a 500-fold increase in speed, with the performance gap widening as dataset size increases, highlighting its superior scalability and efficiency.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"95 ","pages":"Article 104265"},"PeriodicalIF":3.7,"publicationDate":"2025-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145334806","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Intrusion detection systems in IoT: A detailed review of threat categories, detection strategies, and future technologies 物联网中的入侵检测系统：对威胁类别、检测策略和未来技术的详细回顾

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2025-12-01 Epub Date: 2025-10-31 DOI: 10.1016/j.jisa.2025.104291

Burak Aydin , Hakan Aydin , Sedat Gormus

The rapid growth of the Internet of Things (IoT) has transformed numerous sectors by enabling enhanced connectivity and automation among devices in industrial settings. However, this expansion has brought forward notable security concerns, as Internet enabled and connected devices has become increasingly vulnerable to a variety of cyberattacks. This has elevated the importance of Internet of Things security, necessitating robust defense mechanisms. In this paper, we thoroughly examine Intrusion Detection Systems (IDS) within the context of IoT networks, focusing on the different types of attacks and the corresponding detection methods designed to counteract them. Specifically, we classify IoT-specific threats into categories such as network based, device-level, data-centric, and insider attacks, providing insights into their mechanisms, impacts, and real-world occurrences. To address these threats, various IDS approaches are discussed, including signature based IDS, anomaly based IDS, specification based IDS, and hybrid IDS techniques. We further explore the application of Machine Learning in enhancing IDS capabilities for Internet of Things security. Each method’s strengths and limitations are evaluated in terms of accuracy, adaptability, computational efficiency, and scalability. By exploring emerging trends, ongoing challenges, and potential future directions in IDS research for IoT, this study underscores the urgent need for adaptive, scalable, and effective IDS frameworks to protect IoT ecosystems against evolving cyber threats. In addition, this survey provides a critical assessment of the current research landscape, highlighting the fundamental challenges that remain unresolved and outlining future research directions derived both from the existing literature and our own domain-specific analysis.

物联网（IoT）的快速增长通过增强工业环境中设备之间的连接和自动化，改变了许多行业。然而，这种扩张也带来了显著的安全问题，因为支持互联网和连接的设备越来越容易受到各种网络攻击。这提升了物联网安全的重要性，需要强大的防御机制。在本文中，我们深入研究了物联网网络背景下的入侵检测系统（IDS），重点关注不同类型的攻击以及相应的检测方法。具体来说，我们将物联网特定的威胁分为基于网络、设备级、以数据为中心和内部攻击等类别，并提供了对其机制、影响和现实世界事件的见解。为了解决这些威胁，本文讨论了各种入侵检测方法，包括基于签名的入侵检测、基于异常的入侵检测、基于规范的入侵检测和混合入侵检测技术。我们进一步探索机器学习在增强物联网安全入侵检测能力方面的应用。每种方法的优点和局限性都是根据准确性、适应性、计算效率和可伸缩性来评估的。通过探索物联网入侵防御研究的新兴趋势、持续挑战和潜在的未来方向，本研究强调了对自适应、可扩展和有效的入侵防御框架的迫切需求，以保护物联网生态系统免受不断变化的网络威胁。此外，本调查还对当前的研究前景进行了批判性评估，突出了尚未解决的基本挑战，并从现有文献和我们自己的领域特定分析中概述了未来的研究方向。

{"title":"Intrusion detection systems in IoT: A detailed review of threat categories, detection strategies, and future technologies","authors":"Burak Aydin , Hakan Aydin , Sedat Gormus","doi":"10.1016/j.jisa.2025.104291","DOIUrl":"10.1016/j.jisa.2025.104291","url":null,"abstract":"<div><div>The rapid growth of the Internet of Things (IoT) has transformed numerous sectors by enabling enhanced connectivity and automation among devices in industrial settings. However, this expansion has brought forward notable security concerns, as Internet enabled and connected devices has become increasingly vulnerable to a variety of cyberattacks. This has elevated the importance of Internet of Things security, necessitating robust defense mechanisms. In this paper, we thoroughly examine Intrusion Detection Systems (IDS) within the context of IoT networks, focusing on the different types of attacks and the corresponding detection methods designed to counteract them. Specifically, we classify IoT-specific threats into categories such as network based, device-level, data-centric, and insider attacks, providing insights into their mechanisms, impacts, and real-world occurrences. To address these threats, various IDS approaches are discussed, including signature based IDS, anomaly based IDS, specification based IDS, and hybrid IDS techniques. We further explore the application of Machine Learning in enhancing IDS capabilities for Internet of Things security. Each method’s strengths and limitations are evaluated in terms of accuracy, adaptability, computational efficiency, and scalability. By exploring emerging trends, ongoing challenges, and potential future directions in IDS research for IoT, this study underscores the urgent need for adaptive, scalable, and effective IDS frameworks to protect IoT ecosystems against evolving cyber threats. In addition, this survey provides a critical assessment of the current research landscape, highlighting the fundamental challenges that remain unresolved and outlining future research directions derived both from the existing literature and our own domain-specific analysis.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"95 ","pages":"Article 104291"},"PeriodicalIF":3.7,"publicationDate":"2025-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145424927","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

WeiDetect: Weibull distribution-based defense against poisoning attacks in federated learning for network intrusion detection systems WeiDetect：在网络入侵检测系统的联邦学习中，基于Weibull分布的中毒攻击防御

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2025-12-01 Epub Date: 2025-10-28 DOI: 10.1016/j.jisa.2025.104275

Sameera K.M. , Vinod P. , Anderson Rocha , Rafidha Rehiman K.A. , Mauro Conti

The rapid growth of Internet of Things (IoT) devices has expanded the cyber-attack surface, making traditional Network Intrusion Detection Systems (NIDS) less effective against modern, dynamic threats. The rise of privacy concerns and legal restrictions also limits the use of centralized security systems, highlighting the need for decentralized alternatives. Federated Learning (FL)-based NIDS addresses this by training models without sharing private user data. However, these systems are still vulnerable to poisoning attacks and can suffer from performance issues due to varied client data. In this paper, we introduce WeiDetect, a novel two-phase defense mechanism for FL-based NIDS. Operating on the server side, WeiDetect tackles both adversarial attacks and client data heterogeneity. It works by evaluating local models with a validation dataset, fitting their performance scores to a Weibull distribution for identifying and excluding malicious or low-quality models before aggregation. Our experimental results show that WeiDetect outperforms existing defenses, improving target class recall by up to 70% and enhancing the global model’s F1 score by 1%–14%.

物联网（IoT）设备的快速增长扩大了网络攻击面，使传统的网络入侵检测系统（NIDS）对现代动态威胁的有效性降低。隐私问题和法律限制的增加也限制了集中式安全系统的使用，凸显了对分散替代方案的需求。基于联邦学习（FL）的NIDS通过在不共享私有用户数据的情况下训练模型来解决这个问题。然而，这些系统仍然容易受到中毒攻击，并且由于客户端数据的变化，可能会出现性能问题。本文介绍了一种新的基于网络入侵的两阶段防御机制WeiDetect。在服务器端操作，WeiDetect处理对抗性攻击和客户端数据异构。它的工作原理是用验证数据集评估局部模型，将它们的性能分数拟合到威布尔分布，以便在聚合之前识别和排除恶意或低质量的模型。我们的实验结果表明，WeiDetect优于现有的防御，将目标类别召回率提高了70%，并将全局模型的F1分数提高了1%-14%。

{"title":"WeiDetect: Weibull distribution-based defense against poisoning attacks in federated learning for network intrusion detection systems","authors":"Sameera K.M. , Vinod P. , Anderson Rocha , Rafidha Rehiman K.A. , Mauro Conti","doi":"10.1016/j.jisa.2025.104275","DOIUrl":"10.1016/j.jisa.2025.104275","url":null,"abstract":"<div><div>The rapid growth of Internet of Things (IoT) devices has expanded the cyber-attack surface, making traditional Network Intrusion Detection Systems (NIDS) less effective against modern, dynamic threats. The rise of privacy concerns and legal restrictions also limits the use of centralized security systems, highlighting the need for decentralized alternatives. Federated Learning (FL)-based NIDS addresses this by training models without sharing private user data. However, these systems are still vulnerable to poisoning attacks and can suffer from performance issues due to varied client data. In this paper, we introduce WeiDetect, a novel two-phase defense mechanism for FL-based NIDS. Operating on the server side, WeiDetect tackles both adversarial attacks and client data heterogeneity. It works by evaluating local models with a validation dataset, fitting their performance scores to a Weibull distribution for identifying and excluding malicious or low-quality models before aggregation. Our experimental results show that WeiDetect outperforms existing defenses, improving target class recall by up to 70% and enhancing the global model’s F1 score by 1%–14%.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"95 ","pages":"Article 104275"},"PeriodicalIF":3.7,"publicationDate":"2025-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145424930","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Blockchain-based dynamic MUD profiles for tamper-proof IoT access control 基于区块链的动态MUD配置文件，用于防篡改物联网访问控制

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2025-12-01 Epub Date: 2025-10-23 DOI: 10.1016/j.jisa.2025.104273

Chouhan Kumar Rath , Amit Kr. Mandal , Anirban Sarkar

The Internet of Things (IoT) has revolutionized various industries by enabling data exchange between different devices across various domains such as smart cities, healthcare, industrial automation etc. However, managing access control with growing number of IoT devices brings major security challenges. Traditional access control mechanisms such as Role-Based Access Control(RBAC) and Attribute-Based Access Control(ABAC) become very complex and computationally expansive for the large scale iot networks. Besides these, Manufacturer Usage Description (MUD) based mechanism empowers networks to restrict IoT devices to communicate only with authorized endpoints, ensuring that each device sends and receives only the intended traffic while preventing unauthorized access or data transmission. However, the static MUD profiles provided by manufacturers are not adaptable to dynamic IoT environments, where devices frequently join, leave, or change behavior. Additionally, manually creating and updating MUD profiles may not be possible and prone to errors for dynamic and large scale IoT network. To address these limitations, this paper proposes an automated framework for generating and enforcing MUD profiles based on network behavior. The framework leverages the MUD specification by analyzing network traffic and extracting the most relevant features using mutual information (MI) scores. These features, which correlate strongly with device behavior, are then used in association rule mining (ARM) to generate refined access control rules. The rules are verified and integrated into the MUD profiles, ensuring automated policy enforcement. Furthermore, the MUD profiles are stored in a tamper-resistant manner using IPFS (InterPlanetary File System), preventing them from unauthorized modifications. The framework also utilizes smart contracts on a blockchain to verify and enforce security policies. The approach improves security by allowing only intended device interactions while denying abnormal traffic, and enhances performance through efficient rule generation and enforcement. The results demonstrate that the use of ARM with MI scores improves rule quality, reduces complexity, and facilitates faster, more reliable network operations in dynamic IoT environments.

物联网（IoT）通过实现智能城市、医疗保健、工业自动化等不同领域的不同设备之间的数据交换，彻底改变了各个行业。然而，管理越来越多的物联网设备的访问控制带来了重大的安全挑战。传统的访问控制机制，如基于角色的访问控制（RBAC）和基于属性的访问控制（ABAC），对于大规模的物联网网络来说变得非常复杂和计算量庞大。除此之外，基于制造商使用描述（MUD）的机制使网络能够限制物联网设备仅与授权的端点通信，确保每个设备仅发送和接收预期的流量，同时防止未经授权的访问或数据传输。然而，制造商提供的静态MUD配置文件不适应动态物联网环境，在动态物联网环境中，设备经常加入、离开或改变行为。此外，对于动态和大规模的物联网网络，手动创建和更新MUD配置文件可能是不可能的，并且容易出错。为了解决这些限制，本文提出了一个基于网络行为生成和执行MUD配置文件的自动化框架。该框架通过分析网络流量和使用互信息（MI）分数提取最相关的特征来利用MUD规范。这些特征与设备行为密切相关，然后在关联规则挖掘（ARM）中使用它们来生成精细的访问控制规则。这些规则经过验证并集成到MUD配置文件中，从而确保自动执行策略。此外，MUD配置文件使用IPFS（星际文件系统）以防篡改的方式存储，防止未经授权的修改。该框架还利用区块链上的智能合约来验证和执行安全策略。该方法通过只允许预期的设备交互而拒绝异常流量来提高安全性，并通过有效的规则生成和实施来提高性能。结果表明，在动态物联网环境中，使用ARM和MI分数可以提高规则质量，降低复杂性，并促进更快、更可靠的网络运行。

{"title":"Blockchain-based dynamic MUD profiles for tamper-proof IoT access control","authors":"Chouhan Kumar Rath , Amit Kr. Mandal , Anirban Sarkar","doi":"10.1016/j.jisa.2025.104273","DOIUrl":"10.1016/j.jisa.2025.104273","url":null,"abstract":"<div><div>The Internet of Things (IoT) has revolutionized various industries by enabling data exchange between different devices across various domains such as smart cities, healthcare, industrial automation etc. However, managing access control with growing number of IoT devices brings major security challenges. Traditional access control mechanisms such as Role-Based Access Control(RBAC) and Attribute-Based Access Control(ABAC) become very complex and computationally expansive for the large scale iot networks. Besides these, Manufacturer Usage Description (MUD) based mechanism empowers networks to restrict IoT devices to communicate only with authorized endpoints, ensuring that each device sends and receives only the intended traffic while preventing unauthorized access or data transmission. However, the static MUD profiles provided by manufacturers are not adaptable to dynamic IoT environments, where devices frequently join, leave, or change behavior. Additionally, manually creating and updating MUD profiles may not be possible and prone to errors for dynamic and large scale IoT network. To address these limitations, this paper proposes an automated framework for generating and enforcing MUD profiles based on network behavior. The framework leverages the MUD specification by analyzing network traffic and extracting the most relevant features using mutual information (MI) scores. These features, which correlate strongly with device behavior, are then used in association rule mining (ARM) to generate refined access control rules. The rules are verified and integrated into the MUD profiles, ensuring automated policy enforcement. Furthermore, the MUD profiles are stored in a tamper-resistant manner using IPFS (InterPlanetary File System), preventing them from unauthorized modifications. The framework also utilizes smart contracts on a blockchain to verify and enforce security policies. The approach improves security by allowing only intended device interactions while denying abnormal traffic, and enhances performance through efficient rule generation and enforcement. The results demonstrate that the use of ARM with MI scores improves rule quality, reduces complexity, and facilitates faster, more reliable network operations in dynamic IoT environments.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"95 ","pages":"Article 104273"},"PeriodicalIF":3.7,"publicationDate":"2025-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145365864","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0