Journal of Information Security and Applications最新文献_第8页

A step-by-step definition of a reference architecture for cyber ranges 逐步定义网络范围参考架构

IF 3.8 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2024-11-21 DOI: 10.1016/j.jisa.2024.103917

Vyron Kampourakis, Vasileios Gkioulos, Sokratis Katsikas

Being on the advent of Industry 5.0, organizations have been progressively incorporating information technology into their formerly air-gapped operational technology architectures. This coalescence has nevertheless amplified the attack surface, ringing the bells of preparedness. In this direction, Cyber Ranges (CRs) have cropped up as a valuable and attractive solution, providing a diverse perspective on reinforcing the overall cybersecurity stance. However, there exists a significant literature gap in attempts to define a complete approach for CR design, development, evaluation, and operation as per the up-to-date guidelines. To address this shortcoming, this work introduces the first to our knowledge overarching, fine-grained reference architecture for CR. This is done by adopting a three-step, systematic methodology. First, we scrutinize contemporary guidelines to extract an abstract architectural model that structurally entrenches the foundations of CR reference architecture. Then, we percolate and pinpoint common functionalities and capabilities of existing CRs, towards delineating the functional and informational aspects of the reference architecture. Finally, we devise an evaluation formula that approximates the conformance of a CR with the state-of-the-art. Through the latter step, we impart a unified means of identifying the most appropriate components to implement the structural, functional, and informational aspects of a CR. Overall, this work can be seen as an attempt towards CR unification and standardization, therefore it is anticipated to serve as a basis and point of reference for multiple stakeholders at varying levels.

在工业 5.0 时代到来之际，各组织已逐步将信息技术纳入其以往密不透风的运营技术架构中。然而，这种融合扩大了攻击面，敲响了防备的警钟。在这一方向上，网络范围（CR）作为一种有价值、有吸引力的解决方案应运而生，为加强整体网络安全立场提供了多样化的视角。然而，在试图根据最新准则定义网络靶场设计、开发、评估和运行的完整方法方面，还存在很大的文献空白。为了弥补这一不足，本研究首次引入了我们所知的总体性、细粒度的 CR 参考架构。为此，我们采用了三步系统化方法。首先，我们仔细研究当代指南，提取出一个抽象的架构模型，从结构上巩固 CR 参考架构的基础。然后，我们对现有 CR 的共同功能和能力进行渗透和精确定位，从而划定参考架构的功能和信息方面。最后，我们设计了一个评估公式，用于近似判断 CR 与最新技术的一致性。通过后一个步骤，我们提供了一种统一的方法来确定最合适的组件，以实现 CR 的结构、功能和信息方面。总体而言，这项工作可被视为实现 CR 统一化和标准化的一次尝试，因此预计它将为不同层面的多方利益相关者提供依据和参考点。

{"title":"A step-by-step definition of a reference architecture for cyber ranges","authors":"Vyron Kampourakis, Vasileios Gkioulos, Sokratis Katsikas","doi":"10.1016/j.jisa.2024.103917","DOIUrl":"10.1016/j.jisa.2024.103917","url":null,"abstract":"<div><div>Being on the advent of Industry 5.0, organizations have been progressively incorporating information technology into their formerly air-gapped operational technology architectures. This coalescence has nevertheless amplified the attack surface, ringing the bells of preparedness. In this direction, Cyber Ranges (CRs) have cropped up as a valuable and attractive solution, providing a diverse perspective on reinforcing the overall cybersecurity stance. However, there exists a significant literature gap in attempts to define a complete approach for CR design, development, evaluation, and operation as per the up-to-date guidelines. To address this shortcoming, this work introduces the first to our knowledge overarching, fine-grained reference architecture for CR. This is done by adopting a three-step, systematic methodology. First, we scrutinize contemporary guidelines to extract an abstract architectural model that structurally entrenches the foundations of CR reference architecture. Then, we percolate and pinpoint common functionalities and capabilities of existing CRs, towards delineating the functional and informational aspects of the reference architecture. Finally, we devise an evaluation formula that approximates the conformance of a CR with the state-of-the-art. Through the latter step, we impart a unified means of identifying the most appropriate components to implement the structural, functional, and informational aspects of a CR. Overall, this work can be seen as an attempt towards CR unification and standardization, therefore it is anticipated to serve as a basis and point of reference for multiple stakeholders at varying levels.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"88 ","pages":"Article 103917"},"PeriodicalIF":3.8,"publicationDate":"2024-11-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142703290","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Fed-LSAE: Thwarting poisoning attacks against federated cyber threat detection system via Autoencoder-based latent space inspection Fed-LSAE：通过基于自动编码器的潜空间检测挫败针对联合网络威胁检测系统的中毒攻击

IF 3.8 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2024-11-16 DOI: 10.1016/j.jisa.2024.103916

Tran Duc Luong, Vuong Minh Tien, Nguyen Huu Quyen, Do Thi Thu Hien, Phan The Duy, Van-Hau Pham

The rise of security concerns in conventional centralized learning has driven the adoption of federated learning. However, the risks posed by poisoning attacks from internal adversaries against federated systems necessitate robust anti-poisoning frameworks. While previous defensive mechanisms relied on outlier detection, recent approaches focus on latent space representation. In this paper, we investigate a novel robust aggregation method for federated learning, namely Fed-LSAE, which leverages latent space representation via the penultimate layer and Autoencoder to exclude malicious clients from the training process. Specifically, Fed-LSAE measures the similarity level of each local latent space vector to the global one using the Center Kernel Alignment algorithm in every training round. The results of this algorithm are categorized into benign and attack groups, in which only the benign cluster is sent to the central server for federated averaging aggregation. In other words, adversaries would be detected and eliminated from the federated training procedure. The experimental results on the CIC-ToN-IoT and N-BaIoT datasets confirm the feasibility of our defensive mechanism against cutting-edge poisoning attacks for developing a robust federated-based threat detector in the Internet of Things (IoT) context. The evaluation of the federated approach witnesses an upward trend of approximately 98% across all metrics when integrating with our Fed-LSAE defense.

传统集中式学习的安全问题日益突出，推动了联合学习的采用。然而，内部对手针对联合系统的中毒攻击所带来的风险，使得强大的反中毒框架成为必要。以前的防御机制依赖于离群点检测，而最近的方法则侧重于潜在空间表示。在本文中，我们研究了一种用于联合学习的新型稳健聚合方法，即 Fed-LSAE，该方法通过倒数第二层和自动编码器利用潜空间表示，将恶意客户端排除在训练过程之外。具体来说，Fed-LSAE 在每一轮训练中使用中心核对齐算法测量每个本地潜在空间向量与全局潜在空间向量的相似度。该算法的结果被分为良性群组和攻击群组，其中只有良性群组才会被发送到中央服务器进行联合平均聚合。换句话说，对手将被检测出来，并从联合训练程序中剔除。在 CIC-ToN-IoT 和 N-BaIoT 数据集上的实验结果证实了我们针对尖端中毒攻击的防御机制在物联网（IoT）背景下开发基于联盟的稳健威胁检测器的可行性。联盟方法的评估结果表明，与我们的 Fed-LSAE 防御机制集成后，所有指标均呈上升趋势，上升率约为 98%。

{"title":"Fed-LSAE: Thwarting poisoning attacks against federated cyber threat detection system via Autoencoder-based latent space inspection","authors":"Tran Duc Luong, Vuong Minh Tien, Nguyen Huu Quyen, Do Thi Thu Hien, Phan The Duy, Van-Hau Pham","doi":"10.1016/j.jisa.2024.103916","DOIUrl":"10.1016/j.jisa.2024.103916","url":null,"abstract":"<div><div>The rise of security concerns in conventional centralized learning has driven the adoption of federated learning. However, the risks posed by poisoning attacks from internal adversaries against federated systems necessitate robust anti-poisoning frameworks. While previous defensive mechanisms relied on outlier detection, recent approaches focus on latent space representation. In this paper, we investigate a novel robust aggregation method for federated learning, namely Fed-LSAE, which leverages latent space representation via the penultimate layer and Autoencoder to exclude malicious clients from the training process. Specifically, Fed-LSAE measures the similarity level of each local latent space vector to the global one using the Center Kernel Alignment algorithm in every training round. The results of this algorithm are categorized into benign and attack groups, in which only the benign cluster is sent to the central server for federated averaging aggregation. In other words, adversaries would be detected and eliminated from the federated training procedure. The experimental results on the CIC-ToN-IoT and N-BaIoT datasets confirm the feasibility of our defensive mechanism against cutting-edge poisoning attacks for developing a robust federated-based threat detector in the Internet of Things (IoT) context. The evaluation of the federated approach witnesses an upward trend of approximately 98% across all metrics when integrating with our Fed-LSAE defense.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"87 ","pages":"Article 103916"},"PeriodicalIF":3.8,"publicationDate":"2024-11-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142656878","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

BCRS-DS: A Privacy-protected data sharing scheme for IoT based on blockchain and certificateless ring signature BCRS-DS：基于区块链和无证书环签名的物联网隐私保护数据共享方案

IF 3.8 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2024-11-15 DOI: 10.1016/j.jisa.2024.103914

Qi Liu , Guijuan Wang , Biwei Yan , Anming Dong , Hao Yu , Jiguo Yu

The Internet of Things (IoT) has created opportunities for collaboration across organizations and domains through data sharing. However, existing data sharing schemes in IoT face challenges, including privacy breaches, inefficiency, and lack of incentives. To address these issues, blockchain is a promising infrastructure for data sharing due to its decentralization, auditability, and immutability. This paper proposes a novel data sharing scheme based on blockchain and certificateless ring signature (BCRS-DS), which utilizes the certificateless ring signature algorithm to protect the privacy of participants and improves the authentication efficiency. Moreover, BCRS-DS integrates a decentralized anonymous incentive mechanism based on zero-knowledge proof. After completing the data sharing process, participants can provide the zero-knowledge proof data to the smart contract to demonstrate their eligibility for rewards without compromising the privacy. Finally, we verified the effectiveness and practicality of BCRS-DS through theoretical analysis and experiments.

物联网（IoT）通过数据共享为跨组织和跨领域协作创造了机会。然而，物联网中现有的数据共享方案面临着隐私泄露、效率低下和缺乏激励等挑战。为解决这些问题，区块链因其去中心化、可审计性和不可更改性，成为数据共享的一种前景广阔的基础设施。本文提出了一种基于区块链和无证书环签名的新型数据共享方案（BCRS-DS），该方案利用无证书环签名算法来保护参与者的隐私并提高认证效率。此外，BCRS-DS 还集成了基于零知识证明的去中心化匿名激励机制。在完成数据共享过程后，参与者可以向智能合约提供零知识证明数据，以证明自己有资格获得奖励，而不会泄露隐私。最后，我们通过理论分析和实验验证了 BCRS-DS 的有效性和实用性。

{"title":"BCRS-DS: A Privacy-protected data sharing scheme for IoT based on blockchain and certificateless ring signature","authors":"Qi Liu , Guijuan Wang , Biwei Yan , Anming Dong , Hao Yu , Jiguo Yu","doi":"10.1016/j.jisa.2024.103914","DOIUrl":"10.1016/j.jisa.2024.103914","url":null,"abstract":"<div><div>The Internet of Things (IoT) has created opportunities for collaboration across organizations and domains through data sharing. However, existing data sharing schemes in IoT face challenges, including privacy breaches, inefficiency, and lack of incentives. To address these issues, blockchain is a promising infrastructure for data sharing due to its decentralization, auditability, and immutability. This paper proposes a novel data sharing scheme based on blockchain and certificateless ring signature (BCRS-DS), which utilizes the certificateless ring signature algorithm to protect the privacy of participants and improves the authentication efficiency. Moreover, BCRS-DS integrates a decentralized anonymous incentive mechanism based on zero-knowledge proof. After completing the data sharing process, participants can provide the zero-knowledge proof data to the smart contract to demonstrate their eligibility for rewards without compromising the privacy. Finally, we verified the effectiveness and practicality of BCRS-DS through theoretical analysis and experiments.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"87 ","pages":"Article 103914"},"PeriodicalIF":3.8,"publicationDate":"2024-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142656876","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Privacy-preserving verifiable fuzzy phrase search over cloud-based data 基于云数据的隐私保护可验证模糊短语搜索

IF 3.8 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2024-11-15 DOI: 10.1016/j.jisa.2024.103910

Yunfeng Zhang , Rong Hao , Xinrui Ge , Jia Yu

Today, cloud computing plays an increasingly important role in cloud-based data processing systems. Privacy-preserving phrase search is one critical search technique in cloud-based data processing systems, which allows for the retrieval of cipher documents containing a set of consecutive keywords. However, the existing privacy-preserving phrase search schemes rarely support fault tolerance and result verification at the same time. To deal with these problems, this paper presents a Privacy-Preserving Verifiable Fuzzy Phrase Search scheme over cloud-based data (PPVFPS). We construct a novel keyword matching list by the keyword transformation techniques and the secure

k N N

algorithm to support fuzzy search. To enhance search efficiency and achieve the dynamic update, we generate a counting Bloom filter based on the virtual binary tree, which can help find the documents containing the search keywords. In order to securely judge the position relationship between two search keywords, we employ the techniques of homomorphic encryption and bilinear mapping to encrypt the positions of the keywords. We generate the verification tags based on the MAC technique and build a document index table to realize result verification. We demonstrate the security analysis of PPVFPS scheme, and the experimental result shows that PPVFPS scheme can achieve high accuracy.

如今，云计算在基于云的数据处理系统中发挥着越来越重要的作用。隐私保护短语搜索是云数据处理系统中的一项重要搜索技术，它允许检索包含一组连续关键词的密码文档。然而，现有的隐私保护短语搜索方案很少同时支持容错和结果验证。为了解决这些问题，本文提出了一种基于云数据的隐私保护可验证模糊短语搜索方案（PPVFPS）。我们通过关键词转换技术和安全 kNN 算法构建了一个新颖的关键词匹配列表，以支持模糊搜索。为了提高搜索效率并实现动态更新，我们在虚拟二叉树的基础上生成了一个计数布鲁姆过滤器，它可以帮助找到包含搜索关键词的文档。为了安全地判断两个搜索关键词之间的位置关系，我们采用了同态加密和双线性映射技术对关键词的位置进行加密。我们基于 MAC 技术生成验证标签，并建立文档索引表来实现结果验证。我们演示了 PPVFPS 方案的安全性分析，实验结果表明 PPVFPS 方案能够实现较高的准确率。

{"title":"Privacy-preserving verifiable fuzzy phrase search over cloud-based data","authors":"Yunfeng Zhang , Rong Hao , Xinrui Ge , Jia Yu","doi":"10.1016/j.jisa.2024.103910","DOIUrl":"10.1016/j.jisa.2024.103910","url":null,"abstract":"<div><div>Today, cloud computing plays an increasingly important role in cloud-based data processing systems. Privacy-preserving phrase search is one critical search technique in cloud-based data processing systems, which allows for the retrieval of cipher documents containing a set of consecutive keywords. However, the existing privacy-preserving phrase search schemes rarely support fault tolerance and result verification at the same time. To deal with these problems, this paper presents a Privacy-Preserving Verifiable Fuzzy Phrase Search scheme over cloud-based data (PPVFPS). We construct a novel keyword matching list by the keyword transformation techniques and the secure <span><math><mrow><mi>k</mi><mi>N</mi><mi>N</mi></mrow></math></span> algorithm to support fuzzy search. To enhance search efficiency and achieve the dynamic update, we generate a counting Bloom filter based on the virtual binary tree, which can help find the documents containing the search keywords. In order to securely judge the position relationship between two search keywords, we employ the techniques of homomorphic encryption and bilinear mapping to encrypt the positions of the keywords. We generate the verification tags based on the MAC technique and build a document index table to realize result verification. We demonstrate the security analysis of PPVFPS scheme, and the experimental result shows that PPVFPS scheme can achieve high accuracy.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"87 ","pages":"Article 103910"},"PeriodicalIF":3.8,"publicationDate":"2024-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142656877","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Lightweight privacy-preserving authenticated key agreements using physically unclonable functions for internet of drones 为无人机互联网使用物理不可克隆函数的轻量级隐私保护认证密钥协议

IF 3.8 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2024-11-15 DOI: 10.1016/j.jisa.2024.103915

Tian-Fu Lee , Xiucai Ye , Wei-Jie Huang

The Internet of Drones (IoD) means the cooperative collection and transmission of data by multiple drones in a cluster or decentralized way of working to decrease the energy consumption of mobile devices, increase overall performance, and reduce the cost of building infrastructure. It is widely applied in various fields, including environmental scouting and monitoring, emergency assistance and logistics transportation, etc. Recently, many related authentication schemes were proposed for IoD. Due to the limitation that the drones use lightweight components for development, these authentication schemes mostly use lightweight components for development. However, many authentication schemes cannot overcome security issues such as providing user privacy protection and resisting drone capture attacks. This study discusses these security issues of related schemes, and develops an authentication scheme for IoD by using Physically Unclonable Functions (PUF). Due to its own microscopic characteristics, the PUF can generate unpredictable and duplicate information, which can be regarded as a device fingerprint and is suitable for device authentication. Additionally, this study utilizes the commutative and invertible properties of BS-PUF to develop the key exchange of the proposed scheme and to protect user privacy. This proposed scheme overcomes the previous problems in security, has more security features, and maintains lightweight computational costs.

无人机互联网（IoD）是指多架无人机以集群或分散的工作方式合作收集和传输数据，从而降低移动设备的能耗，提高整体性能，降低基础设施建设成本。它被广泛应用于各个领域，包括环境侦察和监测、紧急援助和物流运输等。最近，许多相关的身份验证方案被提出用于物联网。由于无人机使用轻量级组件进行开发的局限性，这些认证方案大多使用轻量级组件进行开发。然而，许多身份验证方案无法克服安全问题，如提供用户隐私保护和抵御无人机捕获攻击。本研究讨论了相关方案的这些安全问题，并利用物理不可克隆函数（PUF）开发了一种用于 IoD 的身份验证方案。由于 PUF 自身的微观特性，它可以生成不可预测的重复信息，可视为设备指纹，适用于设备身份验证。此外，本研究还利用了 BS-PUF 的交换和可逆特性来开发拟议方案的密钥交换，并保护用户隐私。该方案克服了以往在安全性方面存在的问题，具有更多的安全特性，并保持了轻量级计算成本。

{"title":"Lightweight privacy-preserving authenticated key agreements using physically unclonable functions for internet of drones","authors":"Tian-Fu Lee , Xiucai Ye , Wei-Jie Huang","doi":"10.1016/j.jisa.2024.103915","DOIUrl":"10.1016/j.jisa.2024.103915","url":null,"abstract":"<div><div>The Internet of Drones (IoD) means the cooperative collection and transmission of data by multiple drones in a cluster or decentralized way of working to decrease the energy consumption of mobile devices, increase overall performance, and reduce the cost of building infrastructure. It is widely applied in various fields, including environmental scouting and monitoring, emergency assistance and logistics transportation, etc. Recently, many related authentication schemes were proposed for IoD. Due to the limitation that the drones use lightweight components for development, these authentication schemes mostly use lightweight components for development. However, many authentication schemes cannot overcome security issues such as providing user privacy protection and resisting drone capture attacks. This study discusses these security issues of related schemes, and develops an authentication scheme for IoD by using Physically Unclonable Functions (PUF). Due to its own microscopic characteristics, the PUF can generate unpredictable and duplicate information, which can be regarded as a device fingerprint and is suitable for device authentication. Additionally, this study utilizes the commutative and invertible properties of BS-PUF to develop the key exchange of the proposed scheme and to protect user privacy. This proposed scheme overcomes the previous problems in security, has more security features, and maintains lightweight computational costs.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"87 ","pages":"Article 103915"},"PeriodicalIF":3.8,"publicationDate":"2024-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142656875","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Robust coverless video steganography based on pose estimation and object tracking 基于姿势估计和物体跟踪的鲁棒无掩码视频隐写术

IF 3.8 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2024-11-14 DOI: 10.1016/j.jisa.2024.103912

Nan Li, Jiaohua Qin, Xuyu Xiang, Yun Tan

Existing coverless video steganography methods have not adequately exploited the stable features within and between video frames, and they have neglected the subtlety required for carrier transmission. To address these issues, this paper proposes a coverless video steganography method based on pose estimation and object tracking. By analyzing the intra-frame and inter-frame features of human posture within videos, this method hides secret information in videos depicting human activities, thereby enhancing concealment through simulating social behaviors. The scheme initially utilizes pose estimation network to localize target persons and their respective pose keypoints. Subsequently, a multi-object tracking algorithm is employed to track the detected targets within the video, coupled with a filtering mechanism to identify and prioritize tracking targets with larger areas, thus ensuring robustness in the tracking process. Then, corresponding hash mapping rules are established based on the inter-frame movement direction and the intra-frame angle features of the tracking targets. Finally, an inverted index is constructed to accelerate the speed of matching carrier videos containing the secret information and complete information hiding. Experimental results demonstrate that the proposed approach exhibits superior robustness against a variety of traditional attacks, video compression attacks, and frame dropping attacks compared to latest methods, while also enhancing the hiding capacity.

现有的无掩码视频隐写方法没有充分利用视频帧内和帧间的稳定特征，也忽略了载波传输所需的微妙性。针对这些问题，本文提出了一种基于姿势估计和物体跟踪的无掩码视频隐写方法。该方法通过分析视频中人体姿态的帧内和帧间特征，将秘密信息隐藏在描述人体活动的视频中，从而通过模拟社交行为增强隐蔽性。该方案首先利用姿势估计网络定位目标人物及其各自的姿势关键点。随后，采用多目标跟踪算法来跟踪视频中检测到的目标，并结合过滤机制来识别和优先跟踪面积较大的目标，从而确保跟踪过程的鲁棒性。然后，根据跟踪目标的帧间移动方向和帧内角度特征，建立相应的哈希映射规则。最后，构建一个倒排索引，以加快包含秘密信息的载体视频的匹配速度，完成信息隐藏。实验结果表明，与最新方法相比，所提出的方法在抵御各种传统攻击、视频压缩攻击和丢帧攻击方面表现出卓越的鲁棒性，同时还提高了隐藏能力。

{"title":"Robust coverless video steganography based on pose estimation and object tracking","authors":"Nan Li, Jiaohua Qin, Xuyu Xiang, Yun Tan","doi":"10.1016/j.jisa.2024.103912","DOIUrl":"10.1016/j.jisa.2024.103912","url":null,"abstract":"<div><div>Existing coverless video steganography methods have not adequately exploited the stable features within and between video frames, and they have neglected the subtlety required for carrier transmission. To address these issues, this paper proposes a coverless video steganography method based on pose estimation and object tracking. By analyzing the intra-frame and inter-frame features of human posture within videos, this method hides secret information in videos depicting human activities, thereby enhancing concealment through simulating social behaviors. The scheme initially utilizes pose estimation network to localize target persons and their respective pose keypoints. Subsequently, a multi-object tracking algorithm is employed to track the detected targets within the video, coupled with a filtering mechanism to identify and prioritize tracking targets with larger areas, thus ensuring robustness in the tracking process. Then, corresponding hash mapping rules are established based on the inter-frame movement direction and the intra-frame angle features of the tracking targets. Finally, an inverted index is constructed to accelerate the speed of matching carrier videos containing the secret information and complete information hiding. Experimental results demonstrate that the proposed approach exhibits superior robustness against a variety of traditional attacks, video compression attacks, and frame dropping attacks compared to latest methods, while also enhancing the hiding capacity.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"87 ","pages":"Article 103912"},"PeriodicalIF":3.8,"publicationDate":"2024-11-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142656874","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

SteriCNN: Cloud native stego content sterilization framework SteriCNN：云原生偷窃内容消毒框架

IF 3.8 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2024-11-09 DOI: 10.1016/j.jisa.2024.103908

Abhisek Banerjee , Sreeparna Ganguly , Imon Mukherjee , Nabanita Ganguly

Modern robust steganography-based cyber attacks often bypass intrinsic cloud security measures, and contemporary steganalysis methods struggle to address these covert threats due to recent advancements in deep learning (DL)-based steganography techniques. Existing steganography removal methods are constrained by trade-offs involving high processing times, poor quality of sanitized images, and insufficient removal of steganographic content. This paper introduces SteriCNN, a lightweight deep residual neural network model designed for steganography removal. SteriCNN effectively eliminates embedded steganographic information while preserving the visual integrity of the sanitized images. We employ a series of convolutional blocks with three residual connections for feature extraction, feature learning, feature attention, and image reconstruction from the residue. The proposed model utilizes the correlation of channel features to achieve a faster learning rate, and by varying the dilation rate in convolutional blocks, the model achieves wider receptive fields, enabling it to cover larger areas of the input image at each layer. SteriCNN is targeted for blind image sterilization for real-time use cases due to its low training and prediction time costs. Our study shows impressive results for both traditional and deep learning-based stego vulnerabilities, with approximately 90% of steganograms eliminated while maintaining an average PSNR value of 46 dB and an SSIM of 0.99 when tested with popular steganography methods.

由于基于深度学习（DL）的隐写技术近年来取得了长足进步，基于隐写术的现代鲁棒网络攻击往往会绕过固有的云安全措施，而当代的隐写术分析方法很难应对这些隐蔽威胁。现有的隐写术去除方法受制于处理时间长、净化图像质量差以及隐写术内容去除不充分等权衡因素。本文介绍了 SteriCNN，这是一种轻量级的深度残差神经网络模型，专为去除隐写术而设计。SteriCNN 能有效去除嵌入的隐写信息，同时保持净化图像的视觉完整性。我们采用了一系列具有三个残差连接的卷积块来进行特征提取、特征学习、特征关注和残差图像重建。所提出的模型利用通道特征的相关性实现了更快的学习速度，通过改变卷积块的扩张率，该模型实现了更宽的感受野，使其能够在每一层覆盖输入图像的更大区域。由于 SteriCNN 的训练和预测时间成本较低，因此适用于实时使用情况下的盲图像消毒。我们的研究针对传统和基于深度学习的偷窃漏洞都取得了令人印象深刻的结果，在使用流行的偷窃方法进行测试时，约 90% 的偷窃图被消除，同时保持了 46 dB 的平均 PSNR 值和 0.99 的 SSIM 值。

{"title":"SteriCNN: Cloud native stego content sterilization framework","authors":"Abhisek Banerjee , Sreeparna Ganguly , Imon Mukherjee , Nabanita Ganguly","doi":"10.1016/j.jisa.2024.103908","DOIUrl":"10.1016/j.jisa.2024.103908","url":null,"abstract":"<div><div>Modern robust steganography-based cyber attacks often bypass intrinsic cloud security measures, and contemporary steganalysis methods struggle to address these covert threats due to recent advancements in deep learning (DL)-based steganography techniques. Existing steganography removal methods are constrained by trade-offs involving high processing times, poor quality of sanitized images, and insufficient removal of steganographic content. This paper introduces SteriCNN, a lightweight deep residual neural network model designed for steganography removal. SteriCNN effectively eliminates embedded steganographic information while preserving the visual integrity of the sanitized images. We employ a series of convolutional blocks with three residual connections for feature extraction, feature learning, feature attention, and image reconstruction from the residue. The proposed model utilizes the correlation of channel features to achieve a faster learning rate, and by varying the dilation rate in convolutional blocks, the model achieves wider receptive fields, enabling it to cover larger areas of the input image at each layer. SteriCNN is targeted for blind image sterilization for real-time use cases due to its low training and prediction time costs. Our study shows impressive results for both traditional and deep learning-based stego vulnerabilities, with approximately 90% of steganograms eliminated while maintaining an average PSNR value of 46 dB and an SSIM of 0.99 when tested with popular steganography methods.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"87 ","pages":"Article 103908"},"PeriodicalIF":3.8,"publicationDate":"2024-11-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142657177","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

3D point cloud encryption algorithm based on hybrid key and spatial maintenance 基于混合密钥和空间维护的三维点云加密算法

IF 3.8 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2024-11-08 DOI: 10.1016/j.jisa.2024.103896

Xusheng Li , Jinqing Li , Xiaoqiang Di , Hongmei Guan , Mingao Zhang , Mengli Gao , Makram Ibrahim

With the development of LiDAR technology, 3D point cloud data have a rich information-carrying capacity and environmental perception capabilities, have been widely applied in fields such as the Internet of Vehicles(IoV) and smart homes. However, the privacy and sensitive content contained within them faces significant security risks. To address these challenges, we propose a selective encryption scheme for 3D point cloud based on hybrid key with spatial maintenance. Firstly, a new SH-CCM map is introduced, which exhibits excellent sensitivity to initial conditions, randomness, and unpredictability. Secondly, a hybrid key generation scheme is designed, where the hybrid key is composed of an agreement session key and a user’s private key. Then, a spatial maintenance encryption method is designed using the proposed chaotic map to maintain the spatial stability of the selected regions during encryption, preventing data confusion and loss that could arise from overlap with adjacent point clouds in the encrypted domain. Finally, the security and robustness of this method are verified through simulation experiments and numerical analysis, demonstrating high encryption efficiency and effective resistance against known plaintext/chosen plaintext attacks, differential attacks, brute force attacks, and other statistical analysis attacks.

随着激光雷达技术的发展，三维点云数据具有丰富的信息承载能力和环境感知能力，已被广泛应用于车联网（IoV）和智能家居等领域。然而，其中包含的隐私和敏感内容面临着巨大的安全风险。为了应对这些挑战，我们提出了一种基于空间维护混合密钥的三维点云选择性加密方案。首先，我们引入了一种新的 SH-CCM 地图，它对初始条件、随机性和不可预测性具有出色的敏感性。其次，设计了一种混合密钥生成方案，混合密钥由协议会话密钥和用户私钥组成。然后，设计了一种空间维持加密方法，利用所提出的混沌图在加密过程中维持所选区域的空间稳定性，防止加密域中相邻点云重叠可能导致的数据混淆和丢失。最后，通过仿真实验和数值分析验证了该方法的安全性和鲁棒性，证明其加密效率高，能有效抵御已知明文/选择明文攻击、差分攻击、蛮力攻击和其他统计分析攻击。

{"title":"3D point cloud encryption algorithm based on hybrid key and spatial maintenance","authors":"Xusheng Li , Jinqing Li , Xiaoqiang Di , Hongmei Guan , Mingao Zhang , Mengli Gao , Makram Ibrahim","doi":"10.1016/j.jisa.2024.103896","DOIUrl":"10.1016/j.jisa.2024.103896","url":null,"abstract":"<div><div>With the development of LiDAR technology, 3D point cloud data have a rich information-carrying capacity and environmental perception capabilities, have been widely applied in fields such as the Internet of Vehicles(IoV) and smart homes. However, the privacy and sensitive content contained within them faces significant security risks. To address these challenges, we propose a selective encryption scheme for 3D point cloud based on hybrid key with spatial maintenance. Firstly, a new SH-CCM map is introduced, which exhibits excellent sensitivity to initial conditions, randomness, and unpredictability. Secondly, a hybrid key generation scheme is designed, where the hybrid key is composed of an agreement session key and a user’s private key. Then, a spatial maintenance encryption method is designed using the proposed chaotic map to maintain the spatial stability of the selected regions during encryption, preventing data confusion and loss that could arise from overlap with adjacent point clouds in the encrypted domain. Finally, the security and robustness of this method are verified through simulation experiments and numerical analysis, demonstrating high encryption efficiency and effective resistance against known plaintext/chosen plaintext attacks, differential attacks, brute force attacks, and other statistical analysis attacks.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"87 ","pages":"Article 103896"},"PeriodicalIF":3.8,"publicationDate":"2024-11-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142657178","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

MinCloud: Trusted and transferable MinHash-based framework for unknown malware detection for Linux cloud environments MinCloud：基于 MinHash 的可信和可转移框架，用于检测 Linux 云环境中的未知恶意软件

IF 3.8 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2024-11-06 DOI: 10.1016/j.jisa.2024.103907

Tomer Panker , Aviad Cohen , Tom Landman , Chen Bery , Nir Nissim

Linux clouds have become an attractive target for cyber-attacks. However, existing detection solutions for Linux clouds have variety of limitations. Some of the solutions are untrusted, incapable of detecting unknown malware, or rely on a human expert to define the features. Other solutions are trusted but require a large amount of computational resources or have a limited ability to detect rootkits, fileless malware, or malware on a different server. In this study, we propose MinCloud, a trusted and transferable MinHash-based framework for unknown malware detection in Linux virtual servers that overcomes the limitations of existing solutions. In the first stage, we acquired volatile memory dumps from virtual servers by querying the hypervisor in a trusted manner and then analyzed them using the MinHash method. Finally, the MinHash characteristics are harnessed by applying machine learning classifiers to achieve precise malware detection. MinCloud was evaluated on widely used Linux virtual servers, various benign and malicious applications, and 23,000 volatile memory dumps, each representing different behaviors of the examined servers and the executed applications over time. MinCloud's evaluation shows it can (1) detect unknown malware, (2) classify unknown malware according to its malware category, (3) detect fileless attacks and rootkit malware, and (4) provide accurately transfer detection between different Linux servers. MinCloud outperformed state-of-the-art trusted detection methods and commonly used antiviruses.

Linux 云已成为网络攻击的诱人目标。然而，现有的 Linux 云检测解决方案存在各种局限性。有些解决方案不可信，无法检测未知恶意软件，或依赖人类专家来定义特征。其他解决方案虽然可信，但需要大量计算资源，或者检测 rootkit、无文件恶意软件或不同服务器上的恶意软件的能力有限。在本研究中，我们提出了 MinCloud，这是一个基于 MinHash 的可信和可转移框架，用于检测 Linux 虚拟服务器中的未知恶意软件，克服了现有解决方案的局限性。在第一阶段，我们以可信的方式通过查询管理程序获取虚拟服务器的易失性内存转储，然后使用 MinHash 方法对其进行分析。最后，通过应用机器学习分类器来利用 MinHash 特性，从而实现精确的恶意软件检测。MinCloud 在广泛使用的 Linux 虚拟服务器、各种良性和恶意应用程序以及 23,000 个易失性内存转储上进行了评估，每个转储都代表了受检服务器和所执行应用程序在一段时间内的不同行为。MinCloud 的评估结果表明，它可以：（1）检测未知恶意软件；（2）根据恶意软件类别对未知恶意软件进行分类；（3）检测无文件攻击和 rootkit 恶意软件；（4）在不同 Linux 服务器之间提供准确的传输检测。MinCloud 的表现优于最先进的可信检测方法和常用的反病毒软件。

{"title":"MinCloud: Trusted and transferable MinHash-based framework for unknown malware detection for Linux cloud environments","authors":"Tomer Panker , Aviad Cohen , Tom Landman , Chen Bery , Nir Nissim","doi":"10.1016/j.jisa.2024.103907","DOIUrl":"10.1016/j.jisa.2024.103907","url":null,"abstract":"<div><div>Linux clouds have become an attractive target for cyber-attacks. However, existing detection solutions for Linux clouds have variety of limitations. Some of the solutions are untrusted, incapable of detecting unknown malware, or rely on a human expert to define the features. Other solutions are trusted but require a large amount of computational resources or have a limited ability to detect rootkits, fileless malware, or malware on a different server. In this study, we propose MinCloud, a trusted and transferable MinHash-based framework for unknown malware detection in Linux virtual servers that overcomes the limitations of existing solutions. In the first stage, we acquired volatile memory dumps from virtual servers by querying the hypervisor in a trusted manner and then analyzed them using the MinHash method. Finally, the MinHash characteristics are harnessed by applying machine learning classifiers to achieve precise malware detection. MinCloud was evaluated on widely used Linux virtual servers, various benign and malicious applications, and 23,000 volatile memory dumps, each representing different behaviors of the examined servers and the executed applications over time. MinCloud's evaluation shows it can (1) detect unknown malware, (2) classify unknown malware according to its malware category, (3) detect fileless attacks and rootkit malware, and (4) provide accurately transfer detection between different Linux servers. MinCloud outperformed state-of-the-art trusted detection methods and commonly used antiviruses.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"87 ","pages":"Article 103907"},"PeriodicalIF":3.8,"publicationDate":"2024-11-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142592992","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Reversible data hiding in encrypted images using Pixel Shifting Approach (PSA) 利用像素移动方法（PSA）在加密图像中进行可逆数据隐藏

IF 3.8 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2024-11-05 DOI: 10.1016/j.jisa.2024.103909

Cheonshik Kim , Ching-Nung Yang , Yu-Quan Lu

This study proposes a novel technique for reversibly embedding data within encrypted images, specifically utilizing a Pixel Shifting Approach (PSA). Traditional data hiding methods commonly employ the modification of the least significant bits (LSBs) of pixels in the original image. In contrast, methods using encrypted cover images offer a wider range of data hiding techniques that are not constrained by LSB modifications. The proposed data hiding method embeds data into an encrypted cover image by dividing it into non-overlapping blocks and then permuting pixels within each block according to a defined rule, rather than modifying the LSBs of pixels. The entropy of the image remains preserved after data embedding, making it difficult to detect the location of hidden data. To extract the hidden data, the encrypted image is decrypted, and the smoothness of each block is measured. The block with the lowest smoothness is identified as the one containing the hidden data, which is also the original block. This is because the pixels within each block have different statistical properties compared to other blocks, allowing for data recovery. The proposed method offers the advantage of embedding 4 bits of data per block, surpassing the performance of the existing Modified Pixel Shifting Approach (MPSA). Moreover, the entropy preservation of the stego-image is comparable to MPSA, while the algorithm’s execution time is more efficient. The simpler data hiding rule compared to MPSA enables faster encoding and decoding. Reversibility is guaranteed by preserving the correlation among pixels within each block when extracting data from the stego-image and restoring the original image. Experimental results demonstrate that the proposed method significantly outperforms existing techniques in terms of data hiding efficiency and security.

本研究提出了一种在加密图像中可逆嵌入数据的新技术，特别是利用像素移动方法（PSA）。传统的数据隐藏方法通常是修改原始图像中像素的最小有效位（LSB）。相比之下，使用加密封面图像的方法提供了更广泛的数据隐藏技术，不受 LSB 修改的限制。所提出的数据隐藏方法是将数据嵌入加密的封面图像，方法是将图像划分为非重叠块，然后根据定义的规则对每个块内的像素进行排列，而不是修改像素的 LSB。数据嵌入后，图像的熵保持不变，因此很难检测到隐藏数据的位置。为了提取隐藏数据，需要对加密图像进行解密，并测量每个区块的平滑度。平滑度最低的块被识别为包含隐藏数据的块，也就是原始块。这是因为每个区块内的像素与其他区块相比具有不同的统计特性，因此可以恢复数据。所提出的方法具有每个区块可嵌入 4 比特数据的优势，其性能超过了现有的修正像素移动方法（MPSA）。此外，偷窃图像的熵保存与 MPSA 相当，而算法的执行时间更有效。与 MPSA 相比，该算法的数据隐藏规则更简单，编码和解码速度更快。在从偷窃图像中提取数据并还原原始图像时，通过保留每个块内像素之间的相关性，保证了可逆性。实验结果表明，所提出的方法在数据隐藏效率和安全性方面明显优于现有技术。

{"title":"Reversible data hiding in encrypted images using Pixel Shifting Approach (PSA)","authors":"Cheonshik Kim , Ching-Nung Yang , Yu-Quan Lu","doi":"10.1016/j.jisa.2024.103909","DOIUrl":"10.1016/j.jisa.2024.103909","url":null,"abstract":"<div><div>This study proposes a novel technique for reversibly embedding data within encrypted images, specifically utilizing a Pixel Shifting Approach (PSA). Traditional data hiding methods commonly employ the modification of the least significant bits (LSBs) of pixels in the original image. In contrast, methods using encrypted cover images offer a wider range of data hiding techniques that are not constrained by LSB modifications. The proposed data hiding method embeds data into an encrypted cover image by dividing it into non-overlapping blocks and then permuting pixels within each block according to a defined rule, rather than modifying the LSBs of pixels. The entropy of the image remains preserved after data embedding, making it difficult to detect the location of hidden data. To extract the hidden data, the encrypted image is decrypted, and the smoothness of each block is measured. The block with the lowest smoothness is identified as the one containing the hidden data, which is also the original block. This is because the pixels within each block have different statistical properties compared to other blocks, allowing for data recovery. The proposed method offers the advantage of embedding 4 bits of data per block, surpassing the performance of the existing Modified Pixel Shifting Approach (MPSA). Moreover, the entropy preservation of the stego-image is comparable to MPSA, while the algorithm’s execution time is more efficient. The simpler data hiding rule compared to MPSA enables faster encoding and decoding. Reversibility is guaranteed by preserving the correlation among pixels within each block when extracting data from the stego-image and restoring the original image. Experimental results demonstrate that the proposed method significantly outperforms existing techniques in terms of data hiding efficiency and security.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"87 ","pages":"Article 103909"},"PeriodicalIF":3.8,"publicationDate":"2024-11-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142586067","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0