Journal of Information Security and Applications最新文献

Federated Learning (FL) is an innovative approach that enables multiple parties to collaboratively train a machine learning model while keeping their data private. This method significantly enhances data security as it avoids sharing raw data among participants. However, a critical challenge in FL is the potential leakage of sensitive information through shared model updates. To address this, differential privacy techniques, which add random noise to data or model updates, are used to safeguard individual data points from being inferred. Traditional approaches to differential privacy typically utilize a fixed privacy budget, which may not account for the varying sensitivity of data, potentially affecting model accuracy. To overcome these limitations, we introduce HierFedPDP, a new FL framework that optimizes data privacy and model performance. HierFedPDP employs a three-tier client–edge–cloud architecture, maximizing the use of edge computing to alleviate the computational load on the central server. At the core of HierFedPDP is a personalized local differential privacy mechanism that tailors privacy settings based on data sensitivity, thereby enhancing data protection while maintaining high utility. Our framework not only fortifies privacy but also improves model accuracy. Specifically, experiments on the MNIST dataset show that HierFedPDP outperforms existing models, increasing accuracy by 0.84% to 2.36%, and CIFAR-10 has also achieved effective improvements. This research advances the capabilities of FL in protecting data privacy and provides valuable insights for designing more efficient distributed learning systems.

Robustness to common hybrid distortions is a crucial requirement for effective watermarking, particularly on social networking platforms (SNPs). Images on SNPs undergo complex attacks initiated by both platforms and users, involving diverse distortion operations. However, there are few image watermarking schemes designed to handle such hybrid attacks effectively. Existing schemes, especially those based on the Fourier-Mellin domain, often struggle due to their susceptibility to single attacks. For instance, the ring watermark structure in the frequency domain is prone to distortion, leading to difficulties in mapping watermark information and causing streak diffraction phenomena in the image. Additionally, these schemes lack robustness against large-size image downsampling and image flipping attacks on SNPs. To address these limitations, this paper introduces an enhanced robust watermarking framework tailored for SNPs. The framework comprises three key modules: a module to stabilize the ring watermark structure, an adaptive embedding strength and range module, and a sliding window and flip state detection module. These modules, coupled with log-polar mapping (LPM) in the Fourier-Mellin domain, effectively mitigate the lack of robustness to specific attacks, resulting in comprehensive robustness for the entire framework. Numerous experiments demonstrate that our proposed scheme outperforms other state-of-the-art (SOTA) works in handling hybrid distortions on SNPs.

In the Internet of Things, access control and identity management rely on centralized platforms. However, centralized platforms will compromise user privacy with identity leakage. Self-sovereign identity (SSI) is a novel model for identity management that does not require third-party centralized authority. Thus, SSI is a potential solution to the identity management problem in IoT access control. This paper’s motivation is to address the problems of lack of identity sovereignty, centralized authorization, and high computational overhead for IoT access control. We propose a novel access control scheme for IoT that decentralizes identity management and tackles single-point-of-failure issues. This scheme leverages ciphertext policy attribute-based encryption (CP-ABE) and SSI to achieve the overall goal. Specifically, Our scheme eliminates the central authority and empowers users to manage their identity, allowing users to decide what attributes they disclose. Regarding the distribution of roles in the architecture, this paper follows the generic SSI model (ISSUER–HOLDER—VERIFIER) that allows a user to access a service from a service provider. To enable real-world deployment of our scheme, we establish an attribute authorization authority(such as the government) as a trusted identity point of entry. Users generate decentralized identifiers to enjoy services of interest in a privacy-preserving manner. The analysis demonstrates the practicality and superiority of our scheme. Our scheme requires less computation and is suitable for resource-constrained IoT scenarios.

Understanding the attributes of critical data and implementing suitable security measures help organisations bolster their data-protection strategies and diminish the potential impacts of ransomware incidents. Unauthorised extraction and acquisition of data are the principal objectives of most cyber invasions. We underscore the severity of this issue using a recent attack by the Clop ransomware group, which exploited the MOVEit Transfer vulnerability and bypassed network-detection mechanisms to exfiltrate data via a Command and Control server. As a countermeasure, we propose a method called Buffer-Based Signature Verification (BBSV). This approach involves embedding 32-byte tags into files prior to their storage in the cloud, thus offering enhanced data protection. The BBSV method can be integrated into software like MOVEit Secure Managed File Transfer, thereby thwarting attempts by ransomware to exfiltrate data. Empirically tested using a BBSV prototype, our approach was able to successfully halt the encryption process for 80 ransomware instances from 70 ransomware families. BBSV not only stops the encryption but also prevents data exfiltration when data are moved or written from the original location by adversaries. We further develop a hypothetical exploit scenario in which an adversary manages to bypass the BBSV, illicitly transmits data to a Command and Control server, and then removes files from the original location. We construct an extended state space, in which each state represents a tuple that integrates user authentication and system components at the filesystem level.

Recently there is an upsurge in Android malware that use obfuscation and repackaging techniques for evasion. Malware may also combine both these techniques to create stealthy adversarial mimicry samples to launch mimicry attacks. In mimicry attacks, the adversary makes sure that the static and dynamic features present in the crafted malware mimics the features present in the legitimate applications. In such cases, the existing detection mechanisms may become less effective. We found that the malicious nature of Android applications can be determined by identifying certain subgraphs that appear in their system call graphs. These subgraphs can be determined with the help of spectral clustering mechanism present in EigenGCN. With this, the system call graph $G$ will be partitioned into two subgraphs $G_1$ and $G_2$, in which the malicious functionality if any will be present in the subgraph $G_1$. The graph Fourier transform based pooling technique in EigenGCN then computes the features of the subgraphs in the form of graph signals. This graph signals serve as a robust signature to detect malware. The proposed mechanism gave an accuracy of 98.7% on common malware, 97.3% on obfuscated malware, 97.8% on repackaged malware, and 90% on adversarial mimicry malware datasets. As far as we know, this is the first work that proposes a malware detection mechanism, that can detect common as well as obfuscated, repackaged, and mimicry malware in Android.

Zero watermarking is a lossless copyright protection technology that satisfies the need for copyright protection without compromising the accuracy of trajectory data. However, existing zero watermarking algorithms for trajectory data are unable to resist random deletion point attack. Therefore, a trajectory data zero watermarking algorithm based on moment invariants was proposed to address the problem. Firstly, two compression algorithms are utilized to extract feature points from the trajectory data. Then, a coordinate system is constructed using the minimum area bounding rectangle (MABR) of the feature points. Next, based on the constructed coordinate system, the feature points are divided into subtrajectories, and the linear moment invariants generated by the subtrajectories are calculated. Finally, the zero watermark information is constructed based on the linear moment invariants, and the watermark copyright information is generated by exclusive-ORing (XOR) it with the copyright image. Experimental results demonstrate that the zero watermark information constructed by the proposed algorithm has good uniqueness and strong robustness against random deletion, compression, and other common attacks. Furthermore, the proposed algorithm has good algorithm efficiency and is applicable to vector data with plane coordinates. The study makes a positive contribution to copyright protection for trajectory data and provides useful references for research on lossless watermarking of vector geographic data.

Smart contract, as the representative application of blockchain, has recently fueled extensive research interests from both academia and industry. However, with its wide applications, the weaknesses of smart contract have been gradually revealed. The major barrier to the widespread adoption of smart contract involves concerns about on-chain privacy which refers to the details of input/output privacy. To address privacy concerns, we propose in this paper, P-Chain, a privacy-aware framework for smart contracts of permissioned blockchain to protect sensitive data of users based on Secure Multi-party Computation (SMPC). Unlike existing work that suffer several key drawbacks, including introducing a third party who could get the details of the deal, and high overhead for on-chain and off-chain communication, as well as lacking a privacy protection for output data, we enhance the privacy protection for smart contracts system by adding a new secure multi-party computation layer in P-Chain. Through secure multi-party computing, sensitive inputs of smart contracts are divided into multiple sub-inputs and sent to computing participants for operation respectively, which ensures that each participant can only access part of the user’s information. A stochastic strategy based on $(t;n)$ threshold secret sharing to select calculating parties is also been proposed, which makes it difficult for an attacker to aggregate $t$ of $n$ participants for launching a collusive attack. In addition, we propose the output privacy protection method that makes it possible to reach a consensus without the need to know the output. The extensive experimental evaluation and analysis demonstrate that our scheme enjoys the advantages of calculation correctness, input–output privacy as well as anti-collusion.

Malicious file attacks seriously affect network and data security, and recognizing malicious files and variants is crucial for preventing network attacks. Faced with the challenge of traditional methods in quickly, effectively, and efficiently recognizing malicious files or variants, visualization-based feature representation methods have shown promising results. However, practical applications encounter issues such as loss of crucial information, high spatiotemporal overhead, and the need for model performance improvement. Therefore, this paper introduces a novel recognition framework focusing on feature representation and model performance. The framework uses the proposed visualization-based comprehensive feature representation method (VCFR) to extract file information into the Gray-Level Co-occurrence Matrix (GLCM), 2-gram frequency matrix, and interval 2-gram frequency matrix, followed by feature fusion to generate the three-channel RGB images. Subsequently, the proposed lightweight model is applied for recognizing those files, which utilizes ideas such as group convolution, channel shuffle, and attention mechanisms to improve model performance while significantly reducing model parameters, size, and FLOPs. In summary, through a series of experiments conducted on manually collected malicious file dataset (MFD) and public dataset MMCC, the proposed framework significantly outperformed other state-of-the-art technologies and has F1-Score as high as 94.10% and 98.58%, respectively, further verifying its outstanding effectiveness and efficiency.

Secret image sharing (SIS) has excellent properties such as loss tolerance and relatively low computational complexity, providing a brand-new solution for image security protection. However, there has been little research on the robustness of SIS systems, such as how to resist cropping or malicious tampering in shares. Existing related schemes generally focus on grayscale images and suffer from issues such as lossy recovery, weak robustness, and serious pixel expansion, which are challenging to meet the requirements of high-quality sensitive image applications. In this regard, a robust SIS scheme for color images is proposed, which can resist large-scale cropping and malicious tampering in shares. According to the idea of “breaking up the whole cropped area into parts, repairing the shares independently”, the proposed scheme can realize lossless recovery of secret images through organic fusion of secret sharing, error-correcting code, and pixel re-arrangement techniques. Even if all the shares are cropped by 25%, it can still achieve lossless recovery regardless of whether the cropping positions intersect or overlap. It can also resist various malicious tampering (such as marking, defacing, and copy-move forgery) as well as image noise. Moreover, it avoids pixel expansion and requires no auxiliary encryption or preprocessing. Theoretical analysis and experimental results demonstrate that the proposed scheme is superior to existing schemes in terms of robustness and comprehensive performance, and is expected to promote the practical application of SIS.

Web applications have become central in the digital landscape, providing users instant access to information and allowing businesses to expand their reach. Injection attacks, such as SQL injection (SQLi), are prominent attacks on web applications, given that most web applications integrate a database system. While there have been solutions proposed in the literature for SQLi attack detection using learning-based frameworks, the problem is often formulated as a binary, single-attack vector problem without considering the prioritization and prevention component of the attack. In this work, we propose a holistic solution, SQLR34P3R, that formulates the SQLi attack as a multi-class, multi-attack vector, prioritization, and prevention problem. For attack detection and classification, we gathered 457,233 samples of benign and malicious network traffic, as well as 70,023 samples that had SQLi and benign payloads. After evaluating several machine-learning-based algorithms, the hybrid CNN-LSTM models achieve an average F1-Score of 97% in web and network traffic filtering. Furthermore, by using CVEs of SQLi vulnerabilities, SQLR34P3R incorporates a novel risk analysis approach which reduces additional effort while maintaining reasonable coverage to assist businesses in allocating resources effectively by focusing on patching vulnerabilities with high exploitability. We also present an in-the-wild evaluation of the proposed solution by integrating SQLR34P3R into the pipeline of known vulnerable web applications such as Damn Vulnerable Web Application (DVWA) and Vulnado and via network traffic captured using Wireshark from SQLi DNS exfiltration conducted with SQLMap for real-time detection. Finally, we provide a comparative analysis with state-of-the-art SQLi attack detection and risk ratings solutions.