Journal of Information Security and Applications最新文献

Web applications have become central in the digital landscape, providing users instant access to information and allowing businesses to expand their reach. Injection attacks, such as SQL injection (SQLi), are prominent attacks on web applications, given that most web applications integrate a database system. While there have been solutions proposed in the literature for SQLi attack detection using learning-based frameworks, the problem is often formulated as a binary, single-attack vector problem without considering the prioritization and prevention component of the attack. In this work, we propose a holistic solution, SQLR34P3R, that formulates the SQLi attack as a multi-class, multi-attack vector, prioritization, and prevention problem. For attack detection and classification, we gathered 457,233 samples of benign and malicious network traffic, as well as 70,023 samples that had SQLi and benign payloads. After evaluating several machine-learning-based algorithms, the hybrid CNN-LSTM models achieve an average F1-Score of 97% in web and network traffic filtering. Furthermore, by using CVEs of SQLi vulnerabilities, SQLR34P3R incorporates a novel risk analysis approach which reduces additional effort while maintaining reasonable coverage to assist businesses in allocating resources effectively by focusing on patching vulnerabilities with high exploitability. We also present an in-the-wild evaluation of the proposed solution by integrating SQLR34P3R into the pipeline of known vulnerable web applications such as Damn Vulnerable Web Application (DVWA) and Vulnado and via network traffic captured using Wireshark from SQLi DNS exfiltration conducted with SQLMap for real-time detection. Finally, we provide a comparative analysis with state-of-the-art SQLi attack detection and risk ratings solutions.

In the distribution of digital content, users may collude and utilize their secret keys to create pirate decoders which enable illegally users to receive the same service. As a useful countermeasure, the notion of identity-based traitor tracing (IBTT) scheme was introduced for the data owner to trace down pirates and simplify certificate management process. As far as we know, various IBTT schemes have been proposed in the literature and all of them are designed on classical hardness assumptions, which are believed to become broken in the coming post-quantum era. To address this issue, we propose the first post-quantum IBTT scheme in this work. The new IBTT scheme is proved to be secure in the quantum security model, assuming the quantum-resistant hardness of the underlying learning with errors problem. Notably, compared with other IBTT schemes, our construction has the minimal size increasing to make the underlying encryption scheme traitor tracing.

Image-based steganalysis problem has attracted many researchers, and several solutions have been proposed. Deep learning-based methods are the most promising as they provide superior performance. Convolutional Neural network(CNN) based steganalysis methods are designed to improve the detection rate. Unlike traditional CNN models, CNN-based steganalysis requires careful design of preprocessing layers with filter initialization to obtain a good performance. In this paper, we established a CNN model that consists of two convolution layers for preprocessing and feature extraction, and four fully connected layers for classification. The preprocessing layer uses a set of efficient filter banks consisting of SRM and 2D Gabor filters. We conducted experiments using grayscale cover images from a popular and publicly available BOSSbase_1.01 database and Alask_v2 database with consideration for two different image sizes. The results showed that the proposed CNN model outperforms many state-of-the-art studies in two out of three well-known adaptive spatial domain steganography algorithms (S-UNIWARD, HUGO) and provides a close result for (WOW) algorithm when using the database with 512 × 512 images. On the other hand, the proposed model outperforms many state-of-the-art studies in the three algorithms when using the database with the original image size (256 × 256). Using image size 256, and the S-UNIWARD algorithm, the proposed model improved the detection accuracy rate by 13%, and 4.25% payloads of 0.2 and 0.4 bpp respectively compared to the previously best-known model (GBRAS-Net). The proposed model achieved 7.4% and 6.27% improvement in the detection accuracy for both payloads 0.2 and 0.4 bpp respectively using the HUGO algorithm compared with the previously best-known model (GBRAS-Net). For the WOW algorithm, the proposed model is slightly behind the best model (GBRAS-Net) but was able to obtain a close result for both payloads of 0.2 and 0.4 bpp, respectively. Using an image size of 512, the proposed model achieved 31.26%, 21.51%, 6.84%, 4.22%, and 1.96% improvement in the detection rate for the five payloads 0.1, 0.2, 0.3, 0.4, and 0.5 bpp respectively over S-UNIWARD algorithm compared to the previously best-known model (H-CNN). In addition, the proposed model achieved 27.60%, 23.69%, 12.66%, 5.27%, and 6.23% improved detection accuracy for the five payloads 0.1, 0.2, 0.3, 0.4, and 0.5 bpp respectively over HUGO algorithm compared with the previously best-known model (H-CNN). Finally, the proposed model provided 57.81%, 46.84%, 28.29%, 20.34%, and 13.79% improvement in the detection rate for the five payloads 0.1, 0.2, 0.3, 0.4, and 0.5 bpp respectively over WOW algorithm compared to the previously best-known model (H-CNN).

The emergence of mobile crowdsensing (MCS) has revolutionized data collection method. As an important means of guaranteeing data quality, user recruitment is critical to sensing task completion. Aiming at the problem of user privacy disclosure in user recruitment, particularly when sensing platforms lack prior knowledge of user quality, we propose a Privacy-Preserving User Recruitment scheme (PPUR) which can maximize sensing quality in a lightweight and efficient manner. We design multiple secure protocols for both user quality calculation and user recruitment based on additive secret sharing (ASS). Specifically, we propose Secure user Quality Calculation (SQC) protocol to assess user quality instead of requiring user interaction in the case of unknown ground truth. Combinatorial multi-armed bandit (CMAB) based Secure User Recruitment (SUR) protocol, effectively tackles the challenge of recruiting multiple users without prior knowledge and user interactivity while adhering to budget and time limitations. Theoretical analysis confirms lightweight overhead of the PPUR scheme and its multi-class data security. Experimental results show that SQC has superior performance in both computational cost and communication overhead. The regret indicator’s findings demonstrate that SUR can effectively utilize budget and time to achieve optimal user recruitment decision.

Deep learning is increasingly being applied in the field of robust watermarking. However, the existing deep learning-based video watermarking methods only uses spatial domain information as the input and the robustness against attacks such as H.264/AVC compression is still not strong. Therefore, this paper proposes a deep learning-based robust video watermarking method in dual-tree complex wavelet transform (DT-CWT) domain. The video frames are transformed into the DT-CWT domain and the suitable high-pass subbands are selected as candidate embedding positions. Then, the 2D and 3D convolutions are combined to extract both intra-frame spatial features and inter-frame temporal features for finding the stable and imperceptible coefficients for watermark embedding in the candidate positions. The convolutional attention module (CBAM) is used to further adjust the embedding coefficients and strengths. In addition, the attack layer, where a differentiable proxy is specially designed in this paper for the simulation of non-differentiable H.264/AVC compression, is introduced to generate distorted watermarked videos for improving the robustness against different attacks. Experimental results show that our method is superior to both the existing deep learning-based methods and traditional methods in the robustness against both spatial and temporal attacks while preserving high video quality. The source code is available at https://github.com/imagecbj/A-DNN-Robust-Video-Watermarking-Method-in-DT-CWT-Domain.

The integration of blockchain technology with Access Control (AC) systems presents novel opportunities for enhancing data security within decentralized architectures, which is drawing increasing attention in Data Sharing (DS) applications. However, existing works reveal a gap in achieving accountability for anonymous access in the absence of a centralized trusted authority. To address this issue, this paper introduces InvisiReveal, a novel Blockchain-Based AC (BBAC) framework that achieves permission invisibility, access anonymity, and accountability without extra trust assumptions. Users in InvisiReveal generate anonymous credentials to authenticate their requests using Zero Knowledge Proof. To enable accountability, a novel blockchain-oriented verifiable commitment (BC-VC) protocol is designed that allows a user to commit a confidential traceable tag to the blockchain. The system could unveil a malicious requester’s identity by opening the tag commitment under collaboration with the victim user and blockchain. We implement a prototype of InvisiReveal to evaluate its practicality, where an access request is verified within 5 ms.

With a simple forgery technique but a realistic result, video copy-move forgery has currently become one of the most popular tampering manners. In the last couple of years, various new techniques deriving from machine intelligence and pattern recognition have been widely proposed for image forensics. However, it still faces a very challenging task in the field of video copy-move forgery for four reasons: i) Low F₁ score and high false-alarm; ii) Lack of a synthesis processing framework; iii) Weak detection robustness and accuracy; iv) Low efficiency. A novel Hierarchical Coarse-to-Fine framework for effective video copy-move forgery detection is proposed to overcome these challenges: i) In the coarse forgery frame-pair matching, the coarse copy-move frame-pairs matching algorithm with the newly proposed two-pass filters can locate real forgery frame-pairs (FFP) and also reduce false-alarm. ii) Through further analysis of the actual FFP, the detection of intra-frame and inter-frame copy-move forgeries can be accurately and simultaneously determined. iii) In the fine keypoint-pairs matching, our newly designed two-hierarchical keypoint-pair filtering can accurately localize the forgery region at pixel level under various adverse conditions. iv) The novel Hierarchical Coarse-to-Fine framework (together with the newly designed algorithms above) considers only the real FFP and true keypoint-pairs for computation, resulting in higher efficiency and accuracy. Finally, Delaunay Triangulation-based region filling is employed to indicate the forgery regions. Compared to the latest methods, our algorithm has been tested extensively and found to be the best at detecting forgeries, with a top score of F₁=0.77 and no false-alarms, even under different types of attacks, as validated by the well-known GRIP dataset.

Zero-knowledge range proofs (ZKRPs) are commonly used to prove the validation of a secret integer lies in an interval to some other party in a secret way. In many ZKRPs, the secret is represented in binary and then committed via a suitable commitment scheme or represented as an appropriate encryption scheme. This paper is an extended version of the conference paper presented at the 14th IEEE International Conference on Security of Information and Networks. To this end, after summarizing the conference paper, we first analyze the proof proposed by Mao in 1998 in the elliptic-curve setting. Mao’s proof contains a bit commitment scheme with an OR construction as a sub-protocol. We have extended Mao’s range proof to base-$u$ with a modified OR-proof. We investigate and compare the efficiency of different base approaches on Mao’s range proof with both Pedersen commitment and ElGamal encryption. Later, we analyze the range proof proposed by Bootle et al. in both finite fields and elliptic-curve settings. This proof contains polynomial commitment with matrix row operations. We take the number of computations in modulo exponentiation and the cost of the number of exchanged integers between parties. Then, we generalize these costs for $u$-based construction. We show that compared with the base-2 representation, different base approach provides efficiency in communication cost or computation cost, or both.

Homomorphic encryption is an effective way to address the privacy and security issues of Networked Control Systems (NCSs). Since the control function needs to be redesigned according to the homomorphism to complete encrypted computing, the practical implementation of a perfectly secure and highly efficient NCS is challenging. Previously proposed NCSs based on homomorphic encryption are still subject to the risk of eavesdropping attacks. In this paper, a combined homomorphic encryption scheme is designed to build a secure environment for NCSs. This scheme comprehensively enhances the security of NCSs by eliminating potential security hazards. The risk of eavesdropping attacks on information in the controller and communication channel is avoided. More specifically, the entire control scheme is encrypted and privacy computing within the controller is performed on this basis. Data protection is provided for all transmission channels, including the transmission of the intermediate result and controller state. In particular, the computational efficiency of the encrypted control system is fast and feasible for real-time control. The performance and stability of the closed-loop system are maintained.