Journal of Information Security and Applications最新文献

英文中文

CodeSAGE: A multi-feature fusion vulnerability detection approach using code attribute graphs and attention mechanisms

IF 3.8 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2025-01-28 DOI: 10.1016/j.jisa.2025.103973

Guodong Zhang , Tianyu Yao , Jiawei Qin , Yitao Li , Qiao Ma , Donghong Sun

Software supply chain security is a critical aspect of modern computer security, with vulnerabilities being a significant threats. Identifying and patching these vulnerabilities promptly can significantly reduce security risks. Traditional detection methods cannot fully capture the complex structure of source code, leading to low accuracy. The neural network capacity limits machine learning-based methods, hindering effective feature extraction and impacting performance. In this paper, we propose a multi-feature fusion vulnerability detection technique called CodeSAGE. The method utilizes the Code Property Graph (CPG)¹ to comprehensively display multiple logical structural relationships in the source code and combine it with GraphSAGE to aggregate the information of neighboring nodes in CPG to extract local features of the source code. Meanwhile, a Bi-LSTM combined with the attention mechanism is utilized to capture long-range dependencies in the logical structure of the source code and extract global features. The attention mechanism is used to assign weights to the two features, which are then fused to represent the syntactic and semantic information of the source code for vulnerability detection. A method for simplifying the CPG is proposed to mitigate the impact of graph size on model runtime and reduce redundant feature information. Irrelevant nodes are removed by weighting different edge types and filtering nodes exceeding a certain threshold, reducing the CPG size. To verify the effectiveness of CodeSAGE, comparative experiments are conducted on the SARD and CodeXGLUE datasets. The experimental results show that the CPG size can be reduced by 25%–45% using the simplified method, with an average time reduction of 20% per training round. Detection accuracy reached 99.12% on the SARD dataset and 73.57% on the CodeXGLUE dataset, outperforming the comparison methods.

{"title":"CodeSAGE: A multi-feature fusion vulnerability detection approach using code attribute graphs and attention mechanisms","authors":"Guodong Zhang , Tianyu Yao , Jiawei Qin , Yitao Li , Qiao Ma , Donghong Sun","doi":"10.1016/j.jisa.2025.103973","DOIUrl":"10.1016/j.jisa.2025.103973","url":null,"abstract":"<div><div>Software supply chain security is a critical aspect of modern computer security, with vulnerabilities being a significant threats. Identifying and patching these vulnerabilities promptly can significantly reduce security risks. Traditional detection methods cannot fully capture the complex structure of source code, leading to low accuracy. The neural network capacity limits machine learning-based methods, hindering effective feature extraction and impacting performance. In this paper, we propose a multi-feature fusion vulnerability detection technique called CodeSAGE. The method utilizes the Code Property Graph (CPG)<span><span><sup>1</sup></span></span> to comprehensively display multiple logical structural relationships in the source code and combine it with GraphSAGE to aggregate the information of neighboring nodes in CPG to extract local features of the source code. Meanwhile, a Bi-LSTM combined with the attention mechanism is utilized to capture long-range dependencies in the logical structure of the source code and extract global features. The attention mechanism is used to assign weights to the two features, which are then fused to represent the syntactic and semantic information of the source code for vulnerability detection. A method for simplifying the CPG is proposed to mitigate the impact of graph size on model runtime and reduce redundant feature information. Irrelevant nodes are removed by weighting different edge types and filtering nodes exceeding a certain threshold, reducing the CPG size. To verify the effectiveness of CodeSAGE, comparative experiments are conducted on the SARD and CodeXGLUE datasets. The experimental results show that the CPG size can be reduced by 25%–45% using the simplified method, with an average time reduction of 20% per training round. Detection accuracy reached 99.12% on the SARD dataset and 73.57% on the CodeXGLUE dataset, outperforming the comparison methods.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103973"},"PeriodicalIF":3.8,"publicationDate":"2025-01-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143170758","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Privacy-preserving and verifiable multi-task data aggregation for IoT-based healthcare

IF 3.8 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2025-01-26 DOI: 10.1016/j.jisa.2025.103977

Xinzhe Zhang , Lei Wu , Lijuan Xu , Zhien Liu , Ye Su , Hao Wang , Weizhi Meng

The combination of mobile crowdsensing (MCS) and IoT-based healthcare introduces innovative solutions for collecting health data. The considerable accumulation of health data through MCS expedites advancements in medical research and disease prediction, giving rise to privacy considerations. Data aggregation emerges as a salient solution that facilitates the provision of aggregated statistics while obfuscating raw personal data. However, prevailing aggregation schemes primarily pivot around single-task or multi-dimensional data aggregation, rarely contemplating the multi-task aggregation scenarios. Furthermore, in some schemes that implement multi-tasking, protection of task contents and verifiability of aggregation results are not achieved. Therefore, we propose a specialized data aggregation scheme for multi-task scenarios on fog computing. Initially, we employ a symmetric cryptographic algorithm to encrypt task contents and distribute the corresponding symmetric keys through a key management scheme based on the Chinese Remainder Theorem (CRT). Subsequently, we utilize blinding techniques to encrypt the raw data of users, ensuring efficient data aggregation. To enhance resilience against adversarial tampering with aggregated data, we employ the Pedersen commitment scheme to achieve the verifiability of task aggregation results. Finally, theoretical analyses and experimental evaluations collectively demonstrate the security and effectiveness of our proposed scheme.

{"title":"Privacy-preserving and verifiable multi-task data aggregation for IoT-based healthcare","authors":"Xinzhe Zhang , Lei Wu , Lijuan Xu , Zhien Liu , Ye Su , Hao Wang , Weizhi Meng","doi":"10.1016/j.jisa.2025.103977","DOIUrl":"10.1016/j.jisa.2025.103977","url":null,"abstract":"<div><div>The combination of mobile crowdsensing (MCS) and IoT-based healthcare introduces innovative solutions for collecting health data. The considerable accumulation of health data through MCS expedites advancements in medical research and disease prediction, giving rise to privacy considerations. Data aggregation emerges as a salient solution that facilitates the provision of aggregated statistics while obfuscating raw personal data. However, prevailing aggregation schemes primarily pivot around single-task or multi-dimensional data aggregation, rarely contemplating the multi-task aggregation scenarios. Furthermore, in some schemes that implement multi-tasking, protection of task contents and verifiability of aggregation results are not achieved. Therefore, we propose a specialized data aggregation scheme for multi-task scenarios on fog computing. Initially, we employ a symmetric cryptographic algorithm to encrypt task contents and distribute the corresponding symmetric keys through a key management scheme based on the Chinese Remainder Theorem (CRT). Subsequently, we utilize blinding techniques to encrypt the raw data of users, ensuring efficient data aggregation. To enhance resilience against adversarial tampering with aggregated data, we employ the Pedersen commitment scheme to achieve the verifiability of task aggregation results. Finally, theoretical analyses and experimental evaluations collectively demonstrate the security and effectiveness of our proposed scheme.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103977"},"PeriodicalIF":3.8,"publicationDate":"2025-01-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143170124","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Merkle multi-branch hash tree-based dynamic data integrity auditing for B5G network cloud storage

IF 3.8 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2025-01-25 DOI: 10.1016/j.jisa.2025.103981

Hongsong Chen , Zimei Tao , Zhiheng Wang , Xinrui Liu

In the Beyond 5th Generation (B5G) mobile communication network, data transmission speed will be higher, and communication time latency will be minimized, it also brings new security challenges to data management and privacy protection. Aiming at the problems faced by the data integrity audit for B5G network cloud storage, such as complex dynamic data updating, a large number of users, we propose a Merkle Multi-branch Hash Tree (MMHT)-based data integrity auditing scheme for B5G network cloud storage. The scheme involves five entities and eight phases. We propose a multi-branch double-linked Merkle Hash Tree structure to store and audit dynamic data. We conduct correctness analysis and security analysis to this scheme. The results show that our scheme can meet the requirements of data integrity audit and counter six types of data integrity attack. We conduct theoretical comparative analysis. Compared with other schemes, the computational overhead of data owner (DO) is reduced by m times (m represents the number of data blocks). Relevant experiments are conducted with a 5G real-world dataset, and the experiments show that on the order of million data, the construction time of MHT is about 2.48 times that of MMHT in terms of Merkle tree. The verification time of MHT is about 12.83 times that of MMHT. When the data scale reaches millions, the time to generate user keys in the 4G environment is 6.49 times that of in the B5G environment. When the number of bilinear pairings reaches one million, the verification time of Third-Party Auditors (TPA) for 10,000 encrypted data entries is only 1.07 times that of 1,000 entries, indicating that our scheme can be scaled for use with large datasets. Compared with other schemes, our solution improves the efficiency and security of dynamic data integrity auditing in the B5G network environment.

{"title":"Merkle multi-branch hash tree-based dynamic data integrity auditing for B5G network cloud storage","authors":"Hongsong Chen , Zimei Tao , Zhiheng Wang , Xinrui Liu","doi":"10.1016/j.jisa.2025.103981","DOIUrl":"10.1016/j.jisa.2025.103981","url":null,"abstract":"<div><div>In the Beyond 5th Generation (B5G) mobile communication network, data transmission speed will be higher, and communication time latency will be minimized, it also brings new security challenges to data management and privacy protection. Aiming at the problems faced by the data integrity audit for B5G network cloud storage, such as complex dynamic data updating, a large number of users, we propose a Merkle Multi-branch Hash Tree (MMHT)-based data integrity auditing scheme for B5G network cloud storage. The scheme involves five entities and eight phases. We propose a multi-branch double-linked Merkle Hash Tree structure to store and audit dynamic data. We conduct correctness analysis and security analysis to this scheme. The results show that our scheme can meet the requirements of data integrity audit and counter six types of data integrity attack. We conduct theoretical comparative analysis. Compared with other schemes, the computational overhead of data owner (DO) is reduced by <em>m</em> times (<em>m</em> represents the number of data blocks). Relevant experiments are conducted with a 5G real-world dataset, and the experiments show that on the order of million data, the construction time of MHT is about 2.48 times that of MMHT in terms of Merkle tree. The verification time of MHT is about 12.83 times that of MMHT. When the data scale reaches millions, the time to generate user keys in the 4G environment is 6.49 times that of in the B5G environment. When the number of bilinear pairings reaches one million, the verification time of Third-Party Auditors (TPA) for 10,000 encrypted data entries is only 1.07 times that of 1,000 entries, indicating that our scheme can be scaled for use with large datasets. Compared with other schemes, our solution improves the efficiency and security of dynamic data integrity auditing in the B5G network environment.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103981"},"PeriodicalIF":3.8,"publicationDate":"2025-01-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143170129","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

CSA: Crafting adversarial examples via content and style attacks

IF 3.8 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2025-01-25 DOI: 10.1016/j.jisa.2025.103974

Wei Chen , Yunqi Zhang

Most existing black-box attacks fall into two categories: gradient-based attacks and unrestricted attacks. The former injects adversarial perturbations into the original clean examples under the

L_{p}

-norm constraint, while the latter tends to attack by changing the shape, color, and texture of the original image. However, the adversarial examples generated by the gradient-based attacks are vulnerable to defense methods and unnatural to the human eye. Meanwhile, unrestricted attacks have poor transferability of adversarial examples compared to gradient-based attacks. Therefore, we propose a novel attack that combines gradient-based and unrestricted attacks, i.e., Content and Style Attack (CSA). Specifically, we utilize an encoder to extract the content features of the original image and train a reconstructor to generate an image consistent with these features. A gradient-based method is then employed to inject perturbations, followed by using the encoder to extract the content features of the altered image. We implement a momentum-based approach to search for malicious style information, which is then fused with the adversarial content features to create the final attack features. Extensive experiments on the ImageNet standard dataset demonstrate that our method is capable of generating adversarial examples that are both natural-looking and possess high transferability.

{"title":"CSA: Crafting adversarial examples via content and style attacks","authors":"Wei Chen , Yunqi Zhang","doi":"10.1016/j.jisa.2025.103974","DOIUrl":"10.1016/j.jisa.2025.103974","url":null,"abstract":"<div><div>Most existing black-box attacks fall into two categories: gradient-based attacks and unrestricted attacks. The former injects adversarial perturbations into the original clean examples under the <span><math><msub><mrow><mi>L</mi></mrow><mrow><mi>p</mi></mrow></msub></math></span>-norm constraint, while the latter tends to attack by changing the shape, color, and texture of the original image. However, the adversarial examples generated by the gradient-based attacks are vulnerable to defense methods and unnatural to the human eye. Meanwhile, unrestricted attacks have poor transferability of adversarial examples compared to gradient-based attacks. Therefore, we propose a novel attack that combines gradient-based and unrestricted attacks, <em>i.e.</em>, Content and Style Attack (CSA). Specifically, we utilize an encoder to extract the content features of the original image and train a reconstructor to generate an image consistent with these features. A gradient-based method is then employed to inject perturbations, followed by using the encoder to extract the content features of the altered image. We implement a momentum-based approach to search for malicious style information, which is then fused with the adversarial content features to create the final attack features. Extensive experiments on the ImageNet standard dataset demonstrate that our method is capable of generating adversarial examples that are both natural-looking and possess high transferability.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103974"},"PeriodicalIF":3.8,"publicationDate":"2025-01-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143170128","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

An anonymous yet accountable contract wallet system using account abstraction

IF 3.8 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2025-01-25 DOI: 10.1016/j.jisa.2025.103978

Kota Chin , Keita Emura , Kazumasa Omote

Account abstraction allows a contract wallet to initiate transaction execution. Thus, account abstraction is useful for preserving the privacy of externally owned accounts (EOAs) because it can remove a transaction issued from an EOA to the contract wallet and hides who issued the transaction by additionally employing anonymous authentication procedures such as ring signatures. However, unconditional anonymity is undesirable in practice because it prevents to reveal who is accountable for a problem when it arises. Thus, maintaining a balancing between anonymity and accountability is important. In this paper, we propose an anonymous yet accountable contract wallet system. In addition to account abstraction, the proposed system also utilizes accountable ring signatures (Bootle et al., ESORICS 2015). The proposed system provides (1) anonymity of a transaction issuer that hides who agreed with running the contract wallet, and (2) accountability of the issuer, which allows the issuer to prove they agreed with running the contract wallet. Moreover, due to a security requirement of accountable ring signatures, the transaction issuer cannot claim that someone else issued the transaction. This functionality allows us to clarify the accountability involved in issuing a transaction. In addition, the proposed system allows an issuer to employ a typical signature scheme, e.g., ECDSA, together with the ring signature scheme. This functionality can be considered an extension of the common multi-signatures that require a certain number of ECDSA signatures to run a contract wallet. The proposed system was implemented using zkSync (Solidity). We discuss several potential applications of the proposed system, i.e., medical information sharing and asset management.

{"title":"An anonymous yet accountable contract wallet system using account abstraction","authors":"Kota Chin , Keita Emura , Kazumasa Omote","doi":"10.1016/j.jisa.2025.103978","DOIUrl":"10.1016/j.jisa.2025.103978","url":null,"abstract":"<div><div>Account abstraction allows a contract wallet to initiate transaction execution. Thus, account abstraction is useful for preserving the privacy of externally owned accounts (EOAs) because it can remove a transaction issued from an EOA to the contract wallet and hides who issued the transaction by additionally employing anonymous authentication procedures such as ring signatures. However, unconditional anonymity is undesirable in practice because it prevents to reveal who is accountable for a problem when it arises. Thus, maintaining a balancing between anonymity and accountability is important. In this paper, we propose an anonymous yet accountable contract wallet system. In addition to account abstraction, the proposed system also utilizes accountable ring signatures (Bootle et al., ESORICS 2015). The proposed system provides (1) anonymity of a transaction issuer that hides who agreed with running the contract wallet, and (2) accountability of the issuer, which allows the issuer to prove they agreed with running the contract wallet. Moreover, due to a security requirement of accountable ring signatures, the transaction issuer cannot claim that someone else issued the transaction. This functionality allows us to clarify the accountability involved in issuing a transaction. In addition, the proposed system allows an issuer to employ a typical signature scheme, e.g., ECDSA, together with the ring signature scheme. This functionality can be considered an extension of the common multi-signatures that require a certain number of ECDSA signatures to run a contract wallet. The proposed system was implemented using zkSync (Solidity). We discuss several potential applications of the proposed system, i.e., medical information sharing and asset management.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103978"},"PeriodicalIF":3.8,"publicationDate":"2025-01-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143170127","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Information-theoretic bounds for steganography in visual multimedia

IF 3.8 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2025-01-23 DOI: 10.1016/j.jisa.2025.103966

Hassan Y. El-Arsh , Amr Abdelaziz , Ahmed Elliethy , H.A. Aly , T. Aaron Gulliver

Steganography in visual multimedia embeds data into an image or video cover object and produces a corresponding stego object with some distortion. Establishing an upper bound on the maximum embedding rate, subject to a target distortion threshold, is challenging due to the difficulties introduced by the Gibbs modeling of visual multimedia objects. This paper introduces an analytic optimization approach to establish a generalized upper bound on the maximum embedding rate in visual multimedia cover objects with a particular target probability of detection by any steganographic detector. To that end, we show that the parametric form of the correlated multivariate quantized Gaussian distribution supersedes the Gibbs family in the achievable embedding rate with a bounded relative entropy between the cover and stego objects’ distributions. Our solution provides an analytical form of the upper bound in terms of the WrightOmega function and agrees with the well-known Square Root Law (SRL) for steganography.

引用次数: 0

MSG: Missing-sequence generator for metamorphic malware detection

IF 3.8 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2025-01-21 DOI: 10.1016/j.jisa.2024.103962

Rama Krishna Koppanati, Sateesh K. Peddoju

Metamorphic malware is a sophisticated malware that frequently modifies its code to avoid being detected by signature-based methods while maintaining the same output during the run time. Invariably, the output of the register values reflects the malware’s behavior. Therefore, capturing the output sequence from the register values of a binary is essential to identify the evolutionary relationship between the sequences, leading to effective malware detection. In other words, generating register value sequences for the malicious code in a binary, distinct or missing from benign binary, is vital to effectively detecting the typical and metamorphic malware. This paper proposes a novel Missing Sequence Generator (MSG) to generate features in the form of missing sequences by capturing the registers’ output sequence from a binary’s Control Flow Graph (CFG) with context, semantics, and control flow. We create a diverse and large-scale dataset of metamorphic malware using the metamorphic engine to conduct experiments. Also, we experiment with diverse non-metamorphic malware. The proposed model achieves an accuracy of 99.82% for the non-metamorphic dataset and 99.06% for the metamorphic dataset, with negligible False Positive Rates (FPRs). The proposed model outperforms the state-of-the-art models. Further, the proposed work proves its performance and effectiveness by surpassing 47 existing anti-malware.

{"title":"MSG: Missing-sequence generator for metamorphic malware detection","authors":"Rama Krishna Koppanati, Sateesh K. Peddoju","doi":"10.1016/j.jisa.2024.103962","DOIUrl":"10.1016/j.jisa.2024.103962","url":null,"abstract":"<div><div>Metamorphic malware is a sophisticated malware that frequently modifies its code to avoid being detected by signature-based methods while maintaining the same output during the run time. Invariably, the output of the register values reflects the malware’s behavior. Therefore, capturing the output sequence from the register values of a binary is essential to identify the evolutionary relationship between the sequences, leading to effective malware detection. In other words, generating register value sequences for the malicious code in a binary, distinct or missing from benign binary, is vital to effectively detecting the typical and metamorphic malware. This paper proposes a novel <em>Missing Sequence Generator (MSG)</em> to generate features in the form of missing sequences by capturing the registers’ output sequence from a binary’s Control Flow Graph (CFG) with context, semantics, and control flow. We create a diverse and large-scale dataset of metamorphic malware using the metamorphic engine to conduct experiments. Also, we experiment with diverse non-metamorphic malware. The proposed model achieves an accuracy of 99.82% for the non-metamorphic dataset and 99.06% for the metamorphic dataset, with negligible False Positive Rates (FPRs). The proposed model outperforms the state-of-the-art models. Further, the proposed work proves its performance and effectiveness by surpassing 47 existing anti-malware.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103962"},"PeriodicalIF":3.8,"publicationDate":"2025-01-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143170131","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Real-time monitoring model of DDoS attacks using distance thresholds in Edge cooperation networks

IF 3.8 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2025-01-21 DOI: 10.1016/j.jisa.2025.103972

Mingyue Li , Liudong Zheng , Xiaoxue Ma , Shuang Li

Edge networks have an increasing demand for real-time attack detection as the duration of Distributed Denial-of-Service (DDoS) attacks decreases and causes missing of reporting insecure cases. However, the training and testing time of the existing detection model deployed on the edge server side is more expensive and cannot be well applied in practice. In this paper, we propose a real-time monitoring framework for DDoS attacks with edge server-device collaboration to solve these problems. Specifically, the edge server uses the k-means algorithm to represent the model boundaries and builds a separate group of recognition and monitoring models for each device by splitting the feature vectors. Furthermore, each device monitors the generated data in real-time through the model and submits suspicious data to the edge server for analysis. Finally, the server utilizes the k-neighbor algorithm which adds threshold selection and judgment to fine-grained identify updated benign data and specific categories of attack data. Experimental results show that the proposed scheme can effectively monitor benign data and attack data and identify attack types while the train time, test time and storage cost are less than that of the centralized model.

{"title":"Real-time monitoring model of DDoS attacks using distance thresholds in Edge cooperation networks","authors":"Mingyue Li , Liudong Zheng , Xiaoxue Ma , Shuang Li","doi":"10.1016/j.jisa.2025.103972","DOIUrl":"10.1016/j.jisa.2025.103972","url":null,"abstract":"<div><div>Edge networks have an increasing demand for real-time attack detection as the duration of Distributed Denial-of-Service (DDoS) attacks decreases and causes missing of reporting insecure cases. However, the training and testing time of the existing detection model deployed on the edge server side is more expensive and cannot be well applied in practice. In this paper, we propose a real-time monitoring framework for DDoS attacks with edge server-device collaboration to solve these problems. Specifically, the edge server uses the k-means algorithm to represent the model boundaries and builds a separate group of recognition and monitoring models for each device by splitting the feature vectors. Furthermore, each device monitors the generated data in real-time through the model and submits suspicious data to the edge server for analysis. Finally, the server utilizes the k-neighbor algorithm which adds threshold selection and judgment to fine-grained identify updated benign data and specific categories of attack data. Experimental results show that the proposed scheme can effectively monitor benign data and attack data and identify attack types while the train time, test time and storage cost are less than that of the centralized model.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103972"},"PeriodicalIF":3.8,"publicationDate":"2025-01-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143170756","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

FRAPE: A Framework for Risk Assessment, Prioritization and Explainability of vulnerabilities in cybersecurity

IF 3.8 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2025-01-20 DOI: 10.1016/j.jisa.2025.103971

F.R. Parente, Emanuel B. Rodrigues, César L.C. Mattos

Inadequate Vulnerability Management (VM) techniques, relying solely on metrics such as the Common Vulnerability Scoring System (CVSS), may lead to overestimating the risk of vulnerability exploitation. This work presents FRAPE, a novel Risk-Based Vulnerability Management (RBVM) framework designed to help analysts classify and prioritize the remediation of security flaws. FRAPE combines a labeling technique called Active Learning (AL) with a Supervised Learning approach to create a Machine Learning model capable of emulating the experience of security experts in assessing vulnerability risk. The framework includes four main modules: Data Collection, which gathers essential information for risk assessment; Vulnerability Labeling, where vulnerabilities are labeled via AL based on significant characteristics; Classification and Prioritization, which categorizes vulnerabilities and prioritizes them for remediation based on the estimated risk; and Explainability of Results, which offers a detailed analysis of why vulnerabilities are considered critical. Additionally, we implemented a computer network simulator capable of comparing the effectiveness of different VM classification and prioritization techniques. The performed experiments indicate that FRAPE outperforms the use of CVSS in VM and correctly classifies 88% of critical vulnerabilities, which is comparable to the performance obtained by security analysts.

{"title":"FRAPE: A Framework for Risk Assessment, Prioritization and Explainability of vulnerabilities in cybersecurity","authors":"F.R. Parente, Emanuel B. Rodrigues, César L.C. Mattos","doi":"10.1016/j.jisa.2025.103971","DOIUrl":"10.1016/j.jisa.2025.103971","url":null,"abstract":"<div><div>Inadequate Vulnerability Management (VM) techniques, relying solely on metrics such as the Common Vulnerability Scoring System (CVSS), may lead to overestimating the risk of vulnerability exploitation. This work presents FRAPE, a novel Risk-Based Vulnerability Management (RBVM) framework designed to help analysts classify and prioritize the remediation of security flaws. FRAPE combines a labeling technique called Active Learning (AL) with a Supervised Learning approach to create a Machine Learning model capable of emulating the experience of security experts in assessing vulnerability risk. The framework includes four main modules: Data Collection, which gathers essential information for risk assessment; Vulnerability Labeling, where vulnerabilities are labeled via AL based on significant characteristics; Classification and Prioritization, which categorizes vulnerabilities and prioritizes them for remediation based on the estimated risk; and Explainability of Results, which offers a detailed analysis of why vulnerabilities are considered critical. Additionally, we implemented a computer network simulator capable of comparing the effectiveness of different VM classification and prioritization techniques. The performed experiments indicate that FRAPE outperforms the use of CVSS in VM and correctly classifies 88% of critical vulnerabilities, which is comparable to the performance obtained by security analysts.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103971"},"PeriodicalIF":3.8,"publicationDate":"2025-01-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143170132","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Laconic updatable private set intersection

IF 3.8 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2025-01-16 DOI: 10.1016/j.jisa.2025.103969

Xiangqian Kong , Lanxiang Chen , Yizhao Zhu , Yi Mu

A laconic private set intersection (PSI) protocol features a two-round communication process with an initial message that remains independent of the set sizes. It is useful for efficiently matching large server sets with smaller client sets without multiple rounds of interaction. The previous work by Aranha et al. (CCS’22) demonstrated superior efficiency but relied on a trusted third party to generate a secret value

s

and all its powers, denoted as

(g, g^{s}, \dots, g^{s^{2}}, \dots, g^{s^{| X |}})

, where

| X |

represents the size of the receiver’s set

X

. However, these protocols did not address the practical need for updatable sets for both the receiver and sender, which implies the ability to add new elements, delete existing ones, or update an element by deleting it and subsequently adding a new one. In our work, we present an updatable private set intersection protocol that eliminates the need for a trusted third party. Our approach achieves constant communication complexity from the receiver to the sender and linear complexity from the sender to the receiver while partially hiding the size of the receiver’s set. We first establish an efficient PSI protocol and then propose two variants that allow both parties to modify their sets. Additionally, we prove the security of our proposed protocol against semi-honest participants within our security model.

{"title":"Laconic updatable private set intersection","authors":"Xiangqian Kong , Lanxiang Chen , Yizhao Zhu , Yi Mu","doi":"10.1016/j.jisa.2025.103969","DOIUrl":"10.1016/j.jisa.2025.103969","url":null,"abstract":"<div><div>A laconic private set intersection (PSI) protocol features a two-round communication process with an initial message that remains independent of the set sizes. It is useful for efficiently matching large server sets with smaller client sets without multiple rounds of interaction. The previous work by Aranha et al. (CCS’22) demonstrated superior efficiency but relied on a trusted third party to generate a secret value <span><math><mi>s</mi></math></span> and all its powers, denoted as <span><math><mrow><mo>(</mo><mi>g</mi><mo>,</mo><msup><mrow><mi>g</mi></mrow><mrow><mi>s</mi></mrow></msup><mo>,</mo><mo>…</mo><mo>,</mo><msup><mrow><mi>g</mi></mrow><mrow><msup><mrow><mi>s</mi></mrow><mrow><mn>2</mn></mrow></msup></mrow></msup><mo>,</mo><mo>…</mo><mo>,</mo><msup><mrow><mi>g</mi></mrow><mrow><msup><mrow><mi>s</mi></mrow><mrow><mrow><mo>|</mo><mi>X</mi><mo>|</mo></mrow></mrow></msup></mrow></msup><mo>)</mo></mrow></math></span>, where <span><math><mrow><mo>|</mo><mi>X</mi><mo>|</mo></mrow></math></span> represents the size of the receiver’s set <span><math><mi>X</mi></math></span>. However, these protocols did not address the practical need for updatable sets for both the receiver and sender, which implies the ability to add new elements, delete existing ones, or update an element by deleting it and subsequently adding a new one. In our work, we present an updatable private set intersection protocol that eliminates the need for a trusted third party. Our approach achieves constant communication complexity from the receiver to the sender and linear complexity from the sender to the receiver while partially hiding the size of the receiver’s set. We first establish an efficient PSI protocol and then propose two variants that allow both parties to modify their sets. Additionally, we prove the security of our proposed protocol against semi-honest participants within our security model.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103969"},"PeriodicalIF":3.8,"publicationDate":"2025-01-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143170669","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

首页上一页

下一页尾页

类型

全部化学•材料生命科学医学物理工程技术环境•农林材料科学地球科学法学管理学化学环境科学与生态学计算机科学教育学经济学农林科学人文科学生物学数学物理与天体物理心理学综合性期刊其他工业工程理学历史学农学文学信息工程

数据库

全部 ACS Publications Elsevier ieeexplore Springer The Royal Society of Chemistry Wiley

期刊

Journal of Information Security and Applications

全部 Acc. Chem. Res. ACS Applied Bio Materials ACS Appl. Electron. Mater. ACS Appl. Energy Mater. ACS Appl. Mater. Interfaces ACS Appl. Nano Mater. ACS Appl. Polym. Mater. ACS BIOMATER-SCI ENG ACS Catal. ACS Cent. Sci. ACS Chem. Biol. ACS Chemical Health & Safety ACS Chem. Neurosci. ACS Comb. Sci. ACS Earth Space Chem. ACS Energy Lett. ACS Infect. Dis. ACS Macro Lett. ACS Mater. Lett. ACS Med. Chem. Lett. ACS Nano ACS Omega ACS Photonics ACS Sens. ACS Sustainable Chem. Eng. ACS Synth. Biol. Anal. Chem. BIOCHEMISTRY-US Bioconjugate Chem. BIOMACROMOLECULES Chem. Res. Toxicol. Chem. Rev. Chem. Mater. CRYST GROWTH DES ENERG FUEL Environ. Sci. Technol. Environ. Sci. Technol. Lett. Eur. J. Inorg. Chem. IND ENG CHEM RES Inorg. Chem. J. Agric. Food. Chem. J. Chem. Eng. Data J. Chem. Educ. J. Chem. Inf. Model. J. Chem. Theory Comput. J. Med. Chem. J. Nat. Prod. J PROTEOME RES J. Am. Chem. Soc. LANGMUIR MACROMOLECULES Mol. Pharmaceutics Nano Lett. Org. Lett. ORG PROCESS RES DEV ORGANOMETALLICS J. Org. Chem. J. Phys. Chem. J. Phys. Chem. A J. Phys. Chem. B J. Phys. Chem. C J. Phys. Chem. Lett. Analyst Anal. Methods Biomater. Sci. Catal. Sci. Technol. Chem. Commun. Chem. Soc. Rev. CHEM EDUC RES PRACT CRYSTENGCOMM Dalton Trans. Energy Environ. Sci. ENVIRON SCI-NANO ENVIRON SCI-PROC IMP ENVIRON SCI-WAT RES Faraday Discuss. Food Funct. Green Chem. Inorg. Chem. Front. Integr. Biol. J. Anal. At. Spectrom. J. Mater. Chem. A J. Mater. Chem. B J. Mater. Chem. C Lab Chip Mater. Chem. Front. Mater. Horiz. MEDCHEMCOMM Metallomics Mol. Biosyst. Mol. Syst. Des. Eng. Nanoscale Nanoscale Horiz. Nat. Prod. Rep. New J. Chem. Org. Biomol. Chem. Org. Chem. Front. PHOTOCH PHOTOBIO SCI PCCP Polym. Chem.

﹀