Journal of Information Security and Applications最新文献_第7页

Reversible data hiding in encrypted images using adaptive block-level pixel difference encoding 可逆数据隐藏在加密图像使用自适应块级像素差异编码

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2025-11-18 DOI: 10.1016/j.jisa.2025.104316

Hua Ren, Zhen Yue, Ming Li

The blooming cloud storage has brought great convenience for users to upload multimedia data on remote cloud servers and efficiently access the uploaded data through terminals. With the accumulation of user data, how to effectively manage cloud user data while ensuring security becomes particularly important. Reversible Data Hiding in Encrypted Images (RDHEI) is an effective privacy-preserving technology that can embed user identity information, tags, time stamps or other data into encrypted images to facilitate the management of multi-user data. However, the capacity of existing RDHEI methods is not ideal due to the less redundancy in encrypted images. In this paper, a high-capacity RDHEI method using Adaptive Block-level Pixel Difference Encoding (ABPDE) is proposed. Firstly, the content owner uses the block modulation and permutation to encrypt the original image to preserve some redundant space. Secondly, the data hider counts the frequency of occurrence of pixel differences and uses adaptive Huffman encoding to mark the encrypted pixels as embeddable and non-embeddable pixels. The generated Huffman table is embedded into some reference pixels, the side information consisting of the replaced reference pixels and non-embeddable bits is embedded into some embeddable pixels, and the remaining embeddable pixels are used to carry additional data. Finally, a receiver holding the relevant keys can extract the embedded data without errors and reversibly recover the original image. Extensive simulations illustrate that the proposed method is superior to state-of-the-art methods in capacity and security, and the average embedding rates are at least 0.2845 bpp and 0.2900 bpp higher than other state-of-the-art methods on the BOSSbase and BOWS-2 databases, respectively.

蓬勃发展的云存储为用户在远程云服务器上上传多媒体数据以及通过终端高效访问上传的数据带来了极大的便利。随着用户数据的积累，如何在保证安全的同时对云用户数据进行有效管理显得尤为重要。加密图像中的可逆数据隐藏（rdhi）是一种有效的隐私保护技术，它可以将用户身份信息、标签、时间戳或其他数据嵌入到加密图像中，以方便多用户数据的管理。然而，由于加密图像的冗余较少，现有的rdhi方法的容量并不理想。本文提出了一种基于自适应块级像素差编码（ABPDE）的大容量rdhi方法。首先，内容所有者使用分组调制和排列对原始图像进行加密，以保留冗余空间；其次，数据隐藏器计算像素差异出现的频率，并使用自适应霍夫曼编码将加密像素标记为可嵌入像素和不可嵌入像素。将生成的霍夫曼表嵌入到一些参考像素中，将替换的参考像素和不可嵌入位组成的边信息嵌入到一些可嵌入像素中，剩余的可嵌入像素用于携带附加数据。最后，接收器持有相应的密钥，可以准确无误地提取嵌入的数据，并可逆地恢复原始图像。大量的仿真结果表明，该方法在容量和安全性方面都优于目前最先进的方法，并且在bosssbase和BOWS-2数据库上的平均嵌入率分别比其他最先进的方法高0.2845 bpp和0.2900 bpp。

{"title":"Reversible data hiding in encrypted images using adaptive block-level pixel difference encoding","authors":"Hua Ren, Zhen Yue, Ming Li","doi":"10.1016/j.jisa.2025.104316","DOIUrl":"10.1016/j.jisa.2025.104316","url":null,"abstract":"<div><div>The blooming cloud storage has brought great convenience for users to upload multimedia data on remote cloud servers and efficiently access the uploaded data through terminals. With the accumulation of user data, how to effectively manage cloud user data while ensuring security becomes particularly important. Reversible Data Hiding in Encrypted Images (RDHEI) is an effective privacy-preserving technology that can embed user identity information, tags, time stamps or other data into encrypted images to facilitate the management of multi-user data. However, the capacity of existing RDHEI methods is not ideal due to the less redundancy in encrypted images. In this paper, a high-capacity RDHEI method using Adaptive Block-level Pixel Difference Encoding (ABPDE) is proposed. Firstly, the content owner uses the block modulation and permutation to encrypt the original image to preserve some redundant space. Secondly, the data hider counts the frequency of occurrence of pixel differences and uses adaptive Huffman encoding to mark the encrypted pixels as embeddable and non-embeddable pixels. The generated Huffman table is embedded into some reference pixels, the side information consisting of the replaced reference pixels and non-embeddable bits is embedded into some embeddable pixels, and the remaining embeddable pixels are used to carry additional data. Finally, a receiver holding the relevant keys can extract the embedded data without errors and reversibly recover the original image. Extensive simulations illustrate that the proposed method is superior to state-of-the-art methods in capacity and security, and the average embedding rates are at least 0.2845 bpp and 0.2900 bpp higher than other state-of-the-art methods on the BOSSbase and BOWS-2 databases, respectively.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"96 ","pages":"Article 104316"},"PeriodicalIF":3.7,"publicationDate":"2025-11-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145569600","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

PER-AE-DRL: A malicious traffic detection model based on prioritized experience replay and adversarial mechanism PER-AE-DRL：一种基于优先体验重放和对抗机制的恶意流量检测模型

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2025-11-18 DOI: 10.1016/j.jisa.2025.104298

Peihao Liu, Yuntao Zhao, Yongxin Feng

With the rapid advancement of information technology, cybersecurity threats have become more sophisticated, making network intrusion detection vital for ensuring network security. Although existing detection methods have made significant progress in identifying malicious traffic, data class imbalance remains a key challenge. This paper proposes a deep reinforcement learning-based malicious traffic detection model that integrates an adversarial mechanism and Prioritized Experience Replay (PER). First, an environment agent is introduced into the Dueling Double Deep Q-Network (Dueling DDQN) framework to address the data imbalance by resampling the training set. Then, a TD-error-based prioritized experience replay mechanism is introduced, which prioritizes samples with larger TD errors during neural network updates, thereby accelerating model convergence and enhancing learning ability for minority class samples. Finally, through multi-class classification experiments on the NSL-KDD and CIC-IDS2017 datasets, the proposed model achieved an accuracy of 83.41% and an F1 score of 83.39% on the NSL-KDD dataset. On the CIC-IDS2017 dataset, the model achieved both an accuracy and an F1 score exceeding 99%.

随着信息技术的飞速发展，网络安全威胁日趋复杂，网络入侵检测对于保障网络安全至关重要。尽管现有的检测方法在识别恶意流量方面取得了重大进展，但数据类不平衡仍然是一个关键挑战。本文提出了一种基于深度强化学习的恶意流量检测模型，该模型集成了对抗机制和优先体验重放（PER）。首先，在Dueling Double Deep Q-Network （Dueling DDQN）框架中引入环境代理，通过对训练集进行重采样来解决数据不平衡问题。然后，引入一种基于TD误差的优先经验重放机制，在神经网络更新时优先考虑TD误差较大的样本，从而加快模型收敛速度，增强对少数类样本的学习能力。最后，通过在NSL-KDD和CIC-IDS2017数据集上的多类分类实验，该模型在NSL-KDD数据集上的准确率达到83.41%，F1分数达到83.39%。在CIC-IDS2017数据集上，该模型的准确率和F1得分均超过99%。

{"title":"PER-AE-DRL: A malicious traffic detection model based on prioritized experience replay and adversarial mechanism","authors":"Peihao Liu, Yuntao Zhao, Yongxin Feng","doi":"10.1016/j.jisa.2025.104298","DOIUrl":"10.1016/j.jisa.2025.104298","url":null,"abstract":"<div><div>With the rapid advancement of information technology, cybersecurity threats have become more sophisticated, making network intrusion detection vital for ensuring network security. Although existing detection methods have made significant progress in identifying malicious traffic, data class imbalance remains a key challenge. This paper proposes a deep reinforcement learning-based malicious traffic detection model that integrates an adversarial mechanism and Prioritized Experience Replay (PER). First, an environment agent is introduced into the Dueling Double Deep Q-Network (Dueling DDQN) framework to address the data imbalance by resampling the training set. Then, a TD-error-based prioritized experience replay mechanism is introduced, which prioritizes samples with larger TD errors during neural network updates, thereby accelerating model convergence and enhancing learning ability for minority class samples. Finally, through multi-class classification experiments on the NSL-KDD and CIC-IDS2017 datasets, the proposed model achieved an accuracy of 83.41% and an F1 score of 83.39% on the NSL-KDD dataset. On the CIC-IDS2017 dataset, the model achieved both an accuracy and an F1 score exceeding 99%.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"96 ","pages":"Article 104298"},"PeriodicalIF":3.7,"publicationDate":"2025-11-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145569601","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

CTFAgent: An LLM-powered Agent for CTF Challenge Solving CTFAgent：一个llm驱动的CTF挑战解决代理

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2025-11-18 DOI: 10.1016/j.jisa.2025.104305

Yuwen Zou , Jia Liu , Wenjun Fan

Capture-the-Flag (CTF) competitions play an important role in the cybersecurity landscape by simulating realistic attack and defense scenarios and offering diverse categories of challenges. This diversity demands flexible reasoning and adaptive problem-solving, which traditional automation tools struggle to provide, as they are typically designed for specific tasks. Large Language Models (LLMs) with their vast knowledge and strong reasoning capabilities, present a promising approach to overcome these limitations. In this work, we propose CTFAgent, an LLM-powered agent featuring a new plan-and-execute paradigm with a stateful task tree for long-horizon reasoning. To handle diverse challenges, CTFAgent integrates challenge-specific prompting and specialized tools for multimodal analysis and concrete operations. The agent comprises two modes: a fully automated mode and a human-in-the-loop (HITL) mode, which incorporates human operational support for tool execution beyond the automation. Evaluated on challenges from PicoCTF with GPT-4o, Gemini-2.5-Pro and DeepSeek-V3, CTFAgent outperforms 88% of human teams in its automated mode. This performance rises significantly in HITL mode, where it surpasses approximately 94% of teams. These results demonstrate that CTFAgent can effectively solve a wide range of complex tasks, highlighting the potential of LLM-powered agents to advance autonomous cybersecurity solutions.

夺旗（CTF）竞赛通过模拟真实的攻击和防御场景，并提供不同类别的挑战，在网络安全领域发挥着重要作用。这种多样性需要灵活的推理和自适应的问题解决，这是传统自动化工具难以提供的，因为它们通常是为特定的任务设计的。大型语言模型（llm）具有丰富的知识和强大的推理能力，为克服这些限制提供了一种有希望的方法。在这项工作中，我们提出了CTFAgent，一个llm驱动的代理，具有新的计划和执行范式，具有用于长期推理的有状态任务树。为了应对各种挑战，CTFAgent集成了针对特定挑战的提示和用于多模态分析和具体操作的专用工具。代理包括两种模式：一种是完全自动化模式，另一种是人在循环（HITL）模式，后者在自动化之外包含了对工具执行的人工操作支持。通过使用gpt - 40、Gemini-2.5-Pro和DeepSeek-V3对PicoCTF的挑战进行评估，CTFAgent在自动化模式下的表现优于88%的人工团队。这种性能在HITL模式下显著提高，超过了大约94%的团队。这些结果表明，CTFAgent可以有效地解决广泛的复杂任务，突出了llm驱动的代理在推进自主网络安全解决方案方面的潜力。

{"title":"CTFAgent: An LLM-powered Agent for CTF Challenge Solving","authors":"Yuwen Zou , Jia Liu , Wenjun Fan","doi":"10.1016/j.jisa.2025.104305","DOIUrl":"10.1016/j.jisa.2025.104305","url":null,"abstract":"<div><div>Capture-the-Flag (CTF) competitions play an important role in the cybersecurity landscape by simulating realistic attack and defense scenarios and offering diverse categories of challenges. This diversity demands flexible reasoning and adaptive problem-solving, which traditional automation tools struggle to provide, as they are typically designed for specific tasks. Large Language Models (LLMs) with their vast knowledge and strong reasoning capabilities, present a promising approach to overcome these limitations. In this work, we propose CTFAgent, an LLM-powered agent featuring a new plan-and-execute paradigm with a stateful task tree for long-horizon reasoning. To handle diverse challenges, CTFAgent integrates challenge-specific prompting and specialized tools for multimodal analysis and concrete operations. The agent comprises two modes: a fully automated mode and a human-in-the-loop (HITL) mode, which incorporates human operational support for tool execution beyond the automation. Evaluated on challenges from PicoCTF with GPT-4o, Gemini-2.5-Pro and DeepSeek-V3, CTFAgent outperforms 88% of human teams in its automated mode. This performance rises significantly in HITL mode, where it surpasses approximately 94% of teams. These results demonstrate that CTFAgent can effectively solve a wide range of complex tasks, highlighting the potential of LLM-powered agents to advance autonomous cybersecurity solutions.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"96 ","pages":"Article 104305"},"PeriodicalIF":3.7,"publicationDate":"2025-11-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145569604","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Enhancing black-box membership inference attacks in federated learning 增强联邦学习中的黑盒成员推理攻击

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2025-11-15 DOI: 10.1016/j.jisa.2025.104302

Qiang Shi, Luzhen Ren, Xinfeng He

With the widespread deployment of machine learning models in privacy-sensitive domains such as healthcare and finance, the risk of training data leakage has attracted increasing attention. As a fundamental approach for evaluating model privacy leakage, Membership Inference Attack (MIA) has been extensively studied in distributed learning scenarios such as Federated Learning (FL). However, under black-box settings, attackers face severe challenges, including the unavailability of real non-member samples and the inaccessibility of target model architectures, which limit the generalization and accuracy of existing methods. To address these limitations, this paper proposes a DCGAN-enhanced black-box MIA framework, whose innovations are reflected in three major aspects: (1) a discriminator-guided pseudo-sample filtering mechanism that ensures the authenticity and diversity of non-member data; (2) a multi-shadow-model softmax high-dimensional concatenation strategy, which fuses the softmax probability outputs from multiple shadow models to construct discriminative high-dimensional attack representations; and (3) a SMOTE-based balancing module designed to mitigate class imbalance and further improve the generalization of the attack model. The proposed framework significantly enhances the discriminative capability and robustness of black-box MIAs without accessing the internal parameters or training procedures of the target model. Extensive experiments demonstrate that our method consistently outperforms state-of-the-art baselines across multiple federated learning protocols (FedAvg, FedMD, and FedProx) and benchmark datasets (CIFAR-10, CIFAR-100, Fashion-MNIST, and SVHN), achieving an accuracy of 0.9897, an AUC of 0.9899, and a TPR@FPR=1% of 0.9967. These results verify the robustness, generalizability, and wide applicability of the proposed framework, providing a systematic and scalable solution for privacy evaluation in federated learning environments.

随着机器学习模型在医疗保健和金融等隐私敏感领域的广泛应用，培训数据泄露的风险越来越受到关注。隶属关系推理攻击（MIA）作为评估模型隐私泄露的基本方法，在联邦学习（FL）等分布式学习场景中得到了广泛的研究。然而，在黑盒设置下，攻击者面临着严峻的挑战，包括真实非成员样本的不可获得性和目标模型体系结构的不可访问性，这限制了现有方法的泛化和准确性。针对这些局限性，本文提出了一种基于dcgan的黑箱MIA框架，其创新主要体现在三个方面：(1)采用了鉴别器引导的伪样本过滤机制，保证了非成员数据的真实性和多样性；(2)多阴影模型softmax高维拼接策略，融合多个阴影模型的softmax概率输出，构建判别性高维攻击表征；(3)基于smote的平衡模块，旨在缓解类不平衡，进一步提高攻击模型的泛化性。该框架在不访问目标模型内部参数或训练过程的情况下，显著提高了黑箱MIAs的判别能力和鲁棒性。广泛的实验表明，我们的方法在多个联邦学习协议（fedag、FedMD和FedProx）和基准数据集（CIFAR-10、CIFAR-100、fashionon - mnist和SVHN）上始终优于最先进的基线，实现了0.9897的准确率，0.9899的AUC和TPR@FPR=1%的0.9967。这些结果验证了所提出框架的鲁棒性、泛化性和广泛适用性，为联邦学习环境中的隐私评估提供了系统和可扩展的解决方案。

{"title":"Enhancing black-box membership inference attacks in federated learning","authors":"Qiang Shi, Luzhen Ren, Xinfeng He","doi":"10.1016/j.jisa.2025.104302","DOIUrl":"10.1016/j.jisa.2025.104302","url":null,"abstract":"<div><div>With the widespread deployment of machine learning models in privacy-sensitive domains such as healthcare and finance, the risk of training data leakage has attracted increasing attention. As a fundamental approach for evaluating model privacy leakage, Membership Inference Attack (MIA) has been extensively studied in distributed learning scenarios such as Federated Learning (FL). However, under black-box settings, attackers face severe challenges, including the unavailability of real non-member samples and the inaccessibility of target model architectures, which limit the generalization and accuracy of existing methods. To address these limitations, this paper proposes a DCGAN-enhanced black-box MIA framework, whose innovations are reflected in three major aspects: (1) a discriminator-guided pseudo-sample filtering mechanism that ensures the authenticity and diversity of non-member data; (2) a multi-shadow-model softmax high-dimensional concatenation strategy, which fuses the softmax probability outputs from multiple shadow models to construct discriminative high-dimensional attack representations; and (3) a SMOTE-based balancing module designed to mitigate class imbalance and further improve the generalization of the attack model. The proposed framework significantly enhances the discriminative capability and robustness of black-box MIAs without accessing the internal parameters or training procedures of the target model. Extensive experiments demonstrate that our method consistently outperforms state-of-the-art baselines across multiple federated learning protocols (FedAvg, FedMD, and FedProx) and benchmark datasets (CIFAR-10, CIFAR-100, Fashion-MNIST, and SVHN), achieving an accuracy of 0.9897, an AUC of 0.9899, and a TPR@FPR=1% of 0.9967. These results verify the robustness, generalizability, and wide applicability of the proposed framework, providing a systematic and scalable solution for privacy evaluation in federated learning environments.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"96 ","pages":"Article 104302"},"PeriodicalIF":3.7,"publicationDate":"2025-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145520857","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Cybersecurity Digital Twins: Concept, blueprint, and challenges for multi-ownership digital service chains 网络安全数字孪生：多所有权数字服务链的概念、蓝图和挑战

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2025-11-15 DOI: 10.1016/j.jisa.2025.104299

M. Repetto

The growing level of interconnectedness of digital services and infrastructures creates tight and recursive security inter-dependencies between their providers. However, cybersecurity operations remain highly fragmented, since common tasks like disclosing vulnerabilities, reporting alerts, and suggesting remediation are largely restricted within the boundaries of the administrative domain of each provider, while cooperation is usually limited to paperwork and human interactions. This practice has already demonstrated to be inadequate and risky, because it cannot effectively address multi-step attacks and kill chains that propagate across multiple domains.

In this position paper, we elaborate on the concept, blueprint, and usage of a Cyber-security Digital Twin that models and captures the security posture of such interconnected systems. Differently from existing models, our work explicitly addresses the challenges brought by multi-ownership, by focusing on the overall architecture to build cooperative, agile, adaptive and autonomous processes for threat hunting, detection of lateral movements, and eradication of attacks among multiple domains. For this reason, our framework takes into account the necessary federation mechanisms that address trust and confidentiality concerns.

数字服务和基础设施的互联程度不断提高，在它们的提供商之间产生了紧密的、递归的安全相互依赖关系。然而，网络安全运营仍然高度分散，因为披露漏洞、报告警报和建议补救等常见任务在很大程度上限制在每个提供商的管理领域范围内，而合作通常仅限于文书工作和人际互动。这种做法已经被证明是不充分和有风险的，因为它不能有效地处理跨多个域传播的多步骤攻击和杀伤链。在这份意见书中，我们详细阐述了网络安全数字孪生模型的概念、蓝图和用法，该模型可以模拟和捕获此类互联系统的安全状态。与现有模型不同，我们的工作明确解决了多所有权带来的挑战，通过关注整体架构来构建合作，敏捷，自适应和自主的过程，用于威胁狩猎，检测横向移动，并消除多个领域的攻击。出于这个原因，我们的框架考虑了解决信任和机密性问题的必要联合机制。

{"title":"Cybersecurity Digital Twins: Concept, blueprint, and challenges for multi-ownership digital service chains","authors":"M. Repetto","doi":"10.1016/j.jisa.2025.104299","DOIUrl":"10.1016/j.jisa.2025.104299","url":null,"abstract":"<div><div>The growing level of interconnectedness of digital services and infrastructures creates tight and recursive security inter-dependencies between their providers. However, cybersecurity operations remain highly fragmented, since common tasks like disclosing vulnerabilities, reporting alerts, and suggesting remediation are largely restricted within the boundaries of the administrative domain of each provider, while cooperation is usually limited to paperwork and human interactions. This practice has already demonstrated to be inadequate and risky, because it cannot effectively address multi-step attacks and kill chains that propagate across multiple domains.</div><div>In this position paper, we elaborate on the concept, blueprint, and usage of a Cyber-security Digital Twin that models and captures the security posture of such interconnected systems. Differently from existing models, our work explicitly addresses the challenges brought by multi-ownership, by focusing on the overall architecture to build cooperative, agile, adaptive and autonomous processes for threat hunting, detection of lateral movements, and eradication of attacks among multiple domains. For this reason, our framework takes into account the necessary federation mechanisms that address trust and confidentiality concerns.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"96 ","pages":"Article 104299"},"PeriodicalIF":3.7,"publicationDate":"2025-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145520858","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Blockchain-based threshold proxy re-encryption scheme with zero-knowledge proofs for confidential and verifiable IoT networks 基于区块链的阈值代理再加密方案，具有零知识证明，用于机密和可验证的物联网网络

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2025-11-13 DOI: 10.1016/j.jisa.2025.104300

Vinay Rishiwal , Ved Prakash Mishra , A. Jayanthiladevi , Vinay Maurya , Udit Agarwal , Mano Yadav

The rapid proliferation of interconnected devices within the Internet of Things (IoT) continues to generate vast amounts of sensitive, context-rich data, raising significant concerns regarding data confidentiality, verifiability, trust management, and systemic resilience. Traditional IoT network architectures typically rely on centralised third-party entities. This reliance creates single points of failure and elevates the risk of unauthorised data access. To address these limitations, this paper proposes a confidential and verifiable IoT network based on a decentralised security architecture that integrates blockchain with proxy re-encryption. The framework uses threshold cryptography and zero-knowledge proofs to enable privacy-preserving transformations of ciphertext across consensus nodes. This design protects sensitive data while preserving transaction verifiability and integrity. As a result, the system effectively counters threats such as node collusion, Sybil attacks, and metadata leakage. Comprehensive simulations and performance evaluations underscore that the presented model substantially diminishes dependence on centralised proxies while delivering enhanced scalability, robust security, and increased trustworthiness, making it particularly well-suited for practical implementation in confidential IoT environments.

物联网（IoT）中互连设备的快速扩散继续产生大量敏感的、上下文丰富的数据，引起了对数据机密性、可验证性、信任管理和系统弹性的重大关注。传统的物联网网络架构通常依赖于集中式第三方实体。这种依赖造成了单点故障，并增加了未经授权访问数据的风险。为了解决这些限制，本文提出了一个基于分散安全架构的机密和可验证的物联网网络，该架构将区块链与代理重新加密集成在一起。该框架使用阈值密码学和零知识证明来实现跨共识节点的密文隐私保护转换。这种设计保护敏感数据，同时保持事务的可验证性和完整性。有效应对节点合谋、Sybil攻击、元数据泄露等威胁。综合模拟和性能评估强调，所提出的模型大大减少了对集中式代理的依赖，同时提供了增强的可扩展性、强大的安全性和更高的可信度，使其特别适合在机密物联网环境中实际实施。

{"title":"Blockchain-based threshold proxy re-encryption scheme with zero-knowledge proofs for confidential and verifiable IoT networks","authors":"Vinay Rishiwal , Ved Prakash Mishra , A. Jayanthiladevi , Vinay Maurya , Udit Agarwal , Mano Yadav","doi":"10.1016/j.jisa.2025.104300","DOIUrl":"10.1016/j.jisa.2025.104300","url":null,"abstract":"<div><div>The rapid proliferation of interconnected devices within the Internet of Things (IoT) continues to generate vast amounts of sensitive, context-rich data, raising significant concerns regarding data confidentiality, verifiability, trust management, and systemic resilience. Traditional IoT network architectures typically rely on centralised third-party entities. This reliance creates single points of failure and elevates the risk of unauthorised data access. To address these limitations, this paper proposes a confidential and verifiable IoT network based on a decentralised security architecture that integrates blockchain with proxy re-encryption. The framework uses threshold cryptography and zero-knowledge proofs to enable privacy-preserving transformations of ciphertext across consensus nodes. This design protects sensitive data while preserving transaction verifiability and integrity. As a result, the system effectively counters threats such as node collusion, Sybil attacks, and metadata leakage. Comprehensive simulations and performance evaluations underscore that the presented model substantially diminishes dependence on centralised proxies while delivering enhanced scalability, robust security, and increased trustworthiness, making it particularly well-suited for practical implementation in confidential IoT environments.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"96 ","pages":"Article 104300"},"PeriodicalIF":3.7,"publicationDate":"2025-11-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145520861","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A multilayered deep learning framework for cyber attack detection and mitigation in a heterogeneous IIoT ecosystem 在异构IIoT生态系统中用于网络攻击检测和缓解的多层深度学习框架

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2025-11-13 DOI: 10.1016/j.jisa.2025.104301

Arshad Iqbal, Sohail Asghar, Manzoor Ilahi Tamimy

Intrusion Detection Systems (IDSs) for the Internet of Things (IoT) and Industrial IoT (IIoT) face significant challenges, including high false-positive rates (especially for minority-class attacks) and excessive computational requirements, which hinder their deployment on edge devices. Consequently, alert overload is common because operators receive a large volume of alerts that provide little insight into the problems they address. To address this crucial gap, this study presents DeepGuard, a new four-layer framework that significantly improves the security posture of IoT and industrial IoT environments.

DeepGuard combines binary and multiclass classifications, intelligent alarming, and cyber deception into a single, effective defence mechanism. The system incorporates a random forest classifier for feature selection, which extracts the most relevant data features and processes them for use with an optimised multilayer perceptron (MLP). This method achieved an unprecedented accuracy of 99.9% with a low false-positive rate (FPR) of 0.2%, surpassing the state-of-the-art research studies.

We further demonstrated the practical feasibility of DeepGuard by implementing it on computationally constrained, edge devices. With a computational complexity of

O (n l o g n)

and a memory footprint of less than 100 KB, DeepGuard breaks the long-standing trade-off between detection accuracy and operational performance that has inhibited the adoption of IDS at an industrial scale. In addition to a detection-only approach, DeepGuard includes an embedded honeypot layer that proactively profiles emerging and unknown attacks, thereby enabling automated mitigation responses. Thorough evaluations of the WUSTL-IIoT-2021 and X-IIoTID-2022 datasets demonstrated a new state-of-the-art performance and the feasibility of DeepGuard for protecting critical infrastructure.

物联网（IoT）和工业物联网（IIoT）的入侵检测系统（ids）面临着重大挑战，包括高误报率（特别是针对少数类攻击）和过多的计算需求，这阻碍了它们在边缘设备上的部署。因此，警报过载很常见，因为操作人员接收到大量警报，而这些警报对他们所处理的问题几乎没有提供什么见解。为了解决这一关键差距，本研究提出了DeepGuard，这是一个新的四层框架，可显着改善物联网和工业物联网环境的安全状况。DeepGuard将二进制和多类分类、智能报警和网络欺骗结合到一个单一、有效的防御机制中。该系统采用随机森林分类器进行特征选择，提取最相关的数据特征，并对其进行处理，以便与优化的多层感知器（MLP）一起使用。该方法达到了前所未有的99.9%的准确率和0.2%的低假阳性率（FPR），超过了目前最先进的研究。我们通过在计算受限的边缘设备上实现DeepGuard进一步证明了它的实际可行性。DeepGuard的计算复杂度为0 (nlogn)，内存占用小于100 KB，打破了长期以来在检测精度和操作性能之间的权衡，这种权衡阻碍了IDS在工业规模上的应用。除了仅用于检测的方法外，DeepGuard还包含一个嵌入式蜜罐层，可主动分析新出现的和未知的攻击，从而实现自动缓解响应。对WUSTL-IIoT-2021和X-IIoTID-2022数据集的全面评估证明了DeepGuard在保护关键基础设施方面的最新性能和可行性。

{"title":"A multilayered deep learning framework for cyber attack detection and mitigation in a heterogeneous IIoT ecosystem","authors":"Arshad Iqbal, Sohail Asghar, Manzoor Ilahi Tamimy","doi":"10.1016/j.jisa.2025.104301","DOIUrl":"10.1016/j.jisa.2025.104301","url":null,"abstract":"<div><div>Intrusion Detection Systems (IDSs) for the Internet of Things (IoT) and Industrial IoT (IIoT) face significant challenges, including high false-positive rates (especially for minority-class attacks) and excessive computational requirements, which hinder their deployment on edge devices. Consequently, alert overload is common because operators receive a large volume of alerts that provide little insight into the problems they address. To address this crucial gap, this study presents DeepGuard, a new four-layer framework that significantly improves the security posture of IoT and industrial IoT environments.</div><div>DeepGuard combines binary and multiclass classifications, intelligent alarming, and cyber deception into a single, effective defence mechanism. The system incorporates a random forest classifier for feature selection, which extracts the most relevant data features and processes them for use with an optimised multilayer perceptron (MLP). This method achieved an unprecedented accuracy of 99.9% with a low false-positive rate (FPR) of 0.2%, surpassing the state-of-the-art research studies.</div><div>We further demonstrated the practical feasibility of DeepGuard by implementing it on computationally constrained, edge devices. With a computational complexity of <span><math><mrow><mi>O</mi><mrow><mo>(</mo><mi>n</mi><mi>l</mi><mi>o</mi><mi>g</mi><mi>n</mi><mo>)</mo></mrow></mrow></math></span> and a memory footprint of less than 100 KB, DeepGuard breaks the long-standing trade-off between detection accuracy and operational performance that has inhibited the adoption of IDS at an industrial scale. In addition to a detection-only approach, DeepGuard includes an embedded honeypot layer that proactively profiles emerging and unknown attacks, thereby enabling automated mitigation responses. Thorough evaluations of the WUSTL-IIoT-2021 and X-IIoTID-2022 datasets demonstrated a new state-of-the-art performance and the feasibility of DeepGuard for protecting critical infrastructure.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"96 ","pages":"Article 104301"},"PeriodicalIF":3.7,"publicationDate":"2025-11-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145520859","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Beyond Reinforcement Learning for network security: A comprehensive survey and tutorial 超越强化学习的网络安全：一个全面的调查和教程

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2025-11-12 DOI: 10.1016/j.jisa.2025.104294

Amir Javadpour , Forough Ja’fari , Tarik Taleb , Fatih Turkmen , Chafika Benzaïd

Maintaining strong security is a complex yet vital challenge in the rapidly evolving landscape of modern digital networks. The risks and consequences of security breaches make neglecting network protection unacceptable. Fortunately, ongoing advances in computer science have equipped researchers with powerful tools to reinforce network defenses. Among these, Reinforcement Learning (RL), a branch of machine learning, has gained significant attention for its versatility and effectiveness in strengthening security mechanisms. This paper presents a comprehensive survey and tutorial on the role of RL in network security. It provides background information, a step-by-step tutorial for training RL models, and systematically categorizes research efforts based on the targeted cyber threats. Leveraging recent advances and real-world applications, this survey elucidates how RL enables the development of adaptive and intelligent systems that autonomously learn and respond to evolving threats. Through in-depth analysis, we provide a comprehensive view of the current landscape and the future potential of RL in safeguarding digital assets. The main contributions of this survey are: (1) a systematic and up-to-date review of RL approaches for network security; (2) a unified taxonomy for classifying RL-based solutions; (3) a comparison of the latest advances from 2019 to 2024 across mainstream and emerging research areas; (4) identification of open challenges and future research directions; and (5) a comparative analysis of state-of-the-art models, offering practical insights for both researchers and practitioners. Furthermore, this survey emphasizes the practical translation of RL advances into real-world deployments. By focusing on hands-on implementation guidelines and comparative analyses of deployment scenarios, it bridges the gap between academic research and operational practice. The comprehensive evaluation of RL-based models across different network environments provides actionable insights for practitioners seeking adaptive and scalable security solutions in dynamic and heterogeneous settings.

在快速发展的现代数字网络环境中，保持强大的安全性是一项复杂而又至关重要的挑战。安全漏洞的风险和后果使得忽视网络保护是不可接受的。幸运的是，计算机科学的不断进步为研究人员提供了强大的工具来加强网络防御。其中，强化学习（RL）作为机器学习的一个分支，因其在加强安全机制方面的多功能性和有效性而受到广泛关注。本文对RL在网络安全中的作用进行了全面的综述和介绍。它提供了背景信息、训练强化学习模型的分步教程，并根据目标网络威胁系统地对研究工作进行了分类。利用最新的进展和现实世界的应用，本调查阐明了强化学习如何使自适应和智能系统的开发能够自主学习和响应不断变化的威胁。通过深入分析，我们全面了解了RL在保护数字资产方面的现状和未来潜力。本调查的主要贡献是：(1)对网络安全的RL方法进行了系统和最新的回顾；(2)基于rl的解决方案的统一分类；(3) 2019 - 2024年主流与新兴研究领域的最新进展对比；(4)确定开放性挑战和未来研究方向；(5)对最先进的模型进行了比较分析，为研究人员和实践者提供了实践见解。此外，本调查强调了将强化学习的进步实际转化为现实世界的部署。通过关注实际的实现指南和部署场景的比较分析，它弥合了学术研究和操作实践之间的差距。跨不同网络环境的基于rl的模型的综合评估为从业者在动态和异构设置中寻求自适应和可扩展的安全解决方案提供了可操作的见解。

{"title":"Beyond Reinforcement Learning for network security: A comprehensive survey and tutorial","authors":"Amir Javadpour , Forough Ja’fari , Tarik Taleb , Fatih Turkmen , Chafika Benzaïd","doi":"10.1016/j.jisa.2025.104294","DOIUrl":"10.1016/j.jisa.2025.104294","url":null,"abstract":"<div><div>Maintaining strong security is a complex yet vital challenge in the rapidly evolving landscape of modern digital networks. The risks and consequences of security breaches make neglecting network protection unacceptable. Fortunately, ongoing advances in computer science have equipped researchers with powerful tools to reinforce network defenses. Among these, Reinforcement Learning (RL), a branch of machine learning, has gained significant attention for its versatility and effectiveness in strengthening security mechanisms. This paper presents a comprehensive survey and tutorial on the role of RL in network security. It provides background information, a step-by-step tutorial for training RL models, and systematically categorizes research efforts based on the targeted cyber threats. Leveraging recent advances and real-world applications, this survey elucidates how RL enables the development of adaptive and intelligent systems that autonomously learn and respond to evolving threats. Through in-depth analysis, we provide a comprehensive view of the current landscape and the future potential of RL in safeguarding digital assets. The main contributions of this survey are: (1) a systematic and up-to-date review of RL approaches for network security; (2) a unified taxonomy for classifying RL-based solutions; (3) a comparison of the latest advances from 2019 to 2024 across mainstream and emerging research areas; (4) identification of open challenges and future research directions; and (5) a comparative analysis of state-of-the-art models, offering practical insights for both researchers and practitioners. Furthermore, this survey emphasizes the practical translation of RL advances into real-world deployments. By focusing on hands-on implementation guidelines and comparative analyses of deployment scenarios, it bridges the gap between academic research and operational practice. The comprehensive evaluation of RL-based models across different network environments provides actionable insights for practitioners seeking adaptive and scalable security solutions in dynamic and heterogeneous settings.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"96 ","pages":"Article 104294"},"PeriodicalIF":3.7,"publicationDate":"2025-11-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145520862","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Vulnerabilities in Machine Learning for cybersecurity: Current trends and future research directions 面向网络安全的机器学习漏洞：当前趋势和未来研究方向

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2025-11-12 DOI: 10.1016/j.jisa.2025.104269

Shantanu Pal , Geeta Yadav , Zahra Jadidi , Ahsan Habib , Md. Palash Uddin , Chandan Karmakar , Sandeep Shukla

Machine learning (ML) has become integral to cybersecurity applications, e.g., phishing detection, intrusion detection systems, malware analysis, and botnet identification. However, the integration of ML also exposes novel attack surfaces that can be exploited through adversarial machine learning (AML). While prior surveys have examined individual threats or defenses, they often focus narrowly on specific stages, e.g., training or testing. In contrast, in this paper, we provide the first comprehensive survey of adversarial attacks and defenses across the entire ML development life cycle within the cybersecurity domain. Using a structured methodology, we categorize vulnerabilities and countermeasures at each stage, data gathering, model training, testing, deployment, and maintenance, highlighting cross-stage interactions and emerging distributed threat models. Our study addresses key gaps in current defenses, including their limited generalizability and lack of standardized evaluation practices, and identifies promising directions, e.g., lifecycle-aware robustness, distributed resilience, and the integration of statistical with generative methods. Consolidating fragmented research into an end-to-end perspective, this study advances the understanding of AML in cybersecurity and outlines a roadmap for building more trustworthy, and resilient ML-driven security systems.

机器学习（ML）已经成为网络安全应用中不可或缺的一部分，例如网络钓鱼检测、入侵检测系统、恶意软件分析和僵尸网络识别。然而，机器学习的集成也暴露了新的攻击面，可以通过对抗性机器学习（AML）加以利用。虽然之前的调查已经检查了单个威胁或防御，但它们通常只关注特定阶段，例如培训或测试。相比之下，在本文中，我们首次全面调查了网络安全领域内整个机器学习开发生命周期中的对抗性攻击和防御。使用结构化方法，我们对每个阶段的漏洞和对策进行了分类，数据收集，模型训练，测试，部署和维护，突出了跨阶段的交互和新兴的分布式威胁模型。我们的研究解决了当前防御中的关键差距，包括其有限的通用性和缺乏标准化的评估实践，并确定了有前途的方向，例如，生命周期感知的鲁棒性，分布式弹性以及统计与生成方法的集成。本研究将零散的研究整合为端到端视角，促进了对网络安全中的“反洗钱”的理解，并概述了构建更值得信赖、更有弹性的机器学习驱动的安全系统的路线图。

{"title":"Vulnerabilities in Machine Learning for cybersecurity: Current trends and future research directions","authors":"Shantanu Pal , Geeta Yadav , Zahra Jadidi , Ahsan Habib , Md. Palash Uddin , Chandan Karmakar , Sandeep Shukla","doi":"10.1016/j.jisa.2025.104269","DOIUrl":"10.1016/j.jisa.2025.104269","url":null,"abstract":"<div><div>Machine learning (ML) has become integral to cybersecurity applications, e.g., phishing detection, intrusion detection systems, malware analysis, and botnet identification. However, the integration of ML also exposes novel attack surfaces that can be exploited through adversarial machine learning (AML). While prior surveys have examined individual threats or defenses, they often focus narrowly on specific stages, e.g., training or testing. In contrast, in this paper, we provide the first comprehensive survey of adversarial attacks and defenses across the entire ML development life cycle within the cybersecurity domain. Using a structured methodology, we categorize vulnerabilities and countermeasures at each stage, data gathering, model training, testing, deployment, and maintenance, highlighting cross-stage interactions and emerging distributed threat models. Our study addresses key gaps in current defenses, including their limited generalizability and lack of standardized evaluation practices, and identifies promising directions, e.g., lifecycle-aware robustness, distributed resilience, and the integration of statistical with generative methods. Consolidating fragmented research into an end-to-end perspective, this study advances the understanding of AML in cybersecurity and outlines a roadmap for building more trustworthy, and resilient ML-driven security systems.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"96 ","pages":"Article 104269"},"PeriodicalIF":3.7,"publicationDate":"2025-11-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145520860","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Blockchain-based access control model for smart grids using peak hour and privilege level attributes (BACS-HP) 基于区块链的智能电网峰值小时和特权级别属性访问控制模型（bac - hp）

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2025-11-10 DOI: 10.1016/j.jisa.2025.104261

Sarra Namane , Imed Ben Dhaou

The increasing reliance on smart plugs and smart meters in modern electricity grids introduces significant security vulnerabilities, as unauthorized access can compromise grid reliability and stability. Traditional access control models are ill-suited for smart grids’ decentralized and dynamic nature. This paper introduces BACS-HP, a novel Blockchain-Based Access Control Model for Smart Grids that enhances security by incorporating privilege levels and peak hour attributes. Privilege levels prioritize access to critical devices during energy constraints, while the peak hour attribute enables adaptive decision-making to optimize energy allocation during periods of high demand. Unlike existing blockchain-based access control solutions, BACS-HP uniquely combines these context-aware attributes to provide fine-grained access control tailored to the specific needs of smart grids. The model leverages blockchain technology to ensure the secure and decentralized storage of access rights and enforces policies via smart contracts, mitigating single points of failure. Empirical results demonstrate that BACS-HP achieves low-latency security rule updates (between 42 ms and 46 ms), rapid access request processing (between 21 ms and 46 ms), and a high acceptance rate (60%) for critical devices during power outages, outperforming standard ABAC implementations in terms of responsiveness and prioritization. BACS-HP contributes to advancing access control mechanisms in smart grids and highlights the potential of blockchain to meet the security and performance demands of modern energy systems.

现代电网对智能插头和智能电表的依赖日益增加，这带来了重大的安全漏洞，因为未经授权的访问可能会损害电网的可靠性和稳定性。传统的访问控制模型不适用于智能电网的分散性和动态性。本文介绍了BACS-HP，这是一种新型的基于区块链的智能电网访问控制模型，通过结合特权级别和高峰时间属性来提高安全性。在能源限制期间，特权级别优先考虑对关键设备的访问，而高峰时间属性使自适应决策能够在高需求期间优化能源分配。与现有的基于区块链的访问控制解决方案不同，BACS-HP独特地结合了这些上下文感知属性，提供针对智能电网特定需求的细粒度访问控制。该模型利用区块链技术确保访问权限的安全和分散存储，并通过智能合约执行策略，减少单点故障。实证结果表明，BACS-HP实现了低延迟的安全规则更新（在42 ms到46 ms之间），快速的访问请求处理（在21 ms到46 ms之间），以及在断电期间关键设备的高接受率（60%），在响应性和优先级方面优于标准ABAC实现。BACS-HP有助于推进智能电网中的访问控制机制，并突出区块链在满足现代能源系统安全和性能需求方面的潜力。

{"title":"Blockchain-based access control model for smart grids using peak hour and privilege level attributes (BACS-HP)","authors":"Sarra Namane , Imed Ben Dhaou","doi":"10.1016/j.jisa.2025.104261","DOIUrl":"10.1016/j.jisa.2025.104261","url":null,"abstract":"<div><div>The increasing reliance on smart plugs and smart meters in modern electricity grids introduces significant security vulnerabilities, as unauthorized access can compromise grid reliability and stability. Traditional access control models are ill-suited for smart grids’ decentralized and dynamic nature. This paper introduces BACS-HP, a novel Blockchain-Based Access Control Model for Smart Grids that enhances security by incorporating <em>privilege levels</em> and <em>peak hour</em> attributes. Privilege levels prioritize access to critical devices during energy constraints, while the peak hour attribute enables adaptive decision-making to optimize energy allocation during periods of high demand. Unlike existing blockchain-based access control solutions, BACS-HP uniquely combines these context-aware attributes to provide fine-grained access control tailored to the specific needs of smart grids. The model leverages blockchain technology to ensure the secure and decentralized storage of access rights and enforces policies via smart contracts, mitigating single points of failure. Empirical results demonstrate that BACS-HP achieves low-latency security rule updates (between 42 ms and 46 ms), rapid access request processing (between 21 ms and 46 ms), and a high acceptance rate (60%) for critical devices during power outages, outperforming standard ABAC implementations in terms of responsiveness and prioritization. BACS-HP contributes to advancing access control mechanisms in smart grids and highlights the potential of blockchain to meet the security and performance demands of modern energy systems.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"96 ","pages":"Article 104261"},"PeriodicalIF":3.7,"publicationDate":"2025-11-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145520877","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0