Journal of Information Security and Applications最新文献_第8页

Intervalmapping and QR code based multi-stage reversible watermarking scheme for vector map distribution and source tracing 基于间隔映射和QR码的矢量图分布和源跟踪多阶段可逆水印方案

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2025-11-24 DOI: 10.1016/j.jisa.2025.104303

Xu Xi, Mingkang Wu, Jie Zhang, Huimin Tian, Jinglong Du

Digital watermarking is crucial for vector map safeguard, yet current applications focus on watermark response mechanisms targeted at thieves and unauthorized users, existing studies presume data protection in the context of harmful propagation and unlawful use, while ignoring the responsibility tracing of data distributors. To address this issue, this study designs a secure distribution scheme of vector maps using QR codes and a reversible watermarking algorithm to trace and identify both distributor and propagation paths. During watermark encoding, QR codes carry watermark information, recording distributor and recipient details at each distribution stage. By leveraging the high payload capacity and error-correction capability of QR codes, the data distribution path is effectively recorded. With each data distribution, watermark extraction and re-embedding are executed. In terms of algorithm design, a reversible watermarking algorithm based on interval mapping is designed based on quantitative index modulation. The algorithm defines sub-intervals according to embedding strength, modulates coordinate points using grouped watermark information, and uses the average coordinates of all vertices as a key for watermark extraction and data recovery. The experimental results show that the proposed scheme can successfully extract the QR codes and recover the embedded information even after ten consecutive cycles of embedding and extraction. This is achieved while maintaining high robustness and controlled perturbations, even when the scheme undergoes to strong geometric and vertex-editing attacks like rotation, vertex deletion, and cropping.

数字水印对矢量图安全至关重要，但目前的应用主要集中在针对窃贼和未经授权用户的水印响应机制上，现有研究将数据保护假设在有害传播和非法使用的背景下，而忽略了数据分发者的责任追踪。为了解决这个问题，本研究设计了一个安全的矢量地图分发方案，使用QR码和可逆水印算法来跟踪和识别分发和传播路径。在水印编码过程中，QR码携带水印信息，记录每个分发阶段的分发者和接收者的详细信息。利用二维码的高载荷能力和纠错能力，有效记录数据分发路径。在每一次数据分布中，都进行水印提取和重新嵌入。在算法设计方面，设计了一种基于定量指标调制的区间映射可逆水印算法。该算法根据嵌入强度定义子区间，利用分组水印信息调制坐标点，并以所有顶点的平均坐标作为水印提取和数据恢复的关键。实验结果表明，在连续10个周期的嵌入和提取后，该方法仍能成功提取出嵌入的信息。这是在保持高鲁棒性和可控扰动的同时实现的，即使该方案经历了强烈的几何和顶点编辑攻击，如旋转、顶点删除和裁剪。

{"title":"Intervalmapping and QR code based multi-stage reversible watermarking scheme for vector map distribution and source tracing","authors":"Xu Xi, Mingkang Wu, Jie Zhang, Huimin Tian, Jinglong Du","doi":"10.1016/j.jisa.2025.104303","DOIUrl":"10.1016/j.jisa.2025.104303","url":null,"abstract":"<div><div>Digital watermarking is crucial for vector map safeguard, yet current applications focus on watermark response mechanisms targeted at thieves and unauthorized users, existing studies presume data protection in the context of harmful propagation and unlawful use, while ignoring the responsibility tracing of data distributors. To address this issue, this study designs a secure distribution scheme of vector maps using QR codes and a reversible watermarking algorithm to trace and identify both distributor and propagation paths. During watermark encoding, QR codes carry watermark information, recording distributor and recipient details at each distribution stage. By leveraging the high payload capacity and error-correction capability of QR codes, the data distribution path is effectively recorded. With each data distribution, watermark extraction and re-embedding are executed. In terms of algorithm design, a reversible watermarking algorithm based on interval mapping is designed based on quantitative index modulation. The algorithm defines sub-intervals according to embedding strength, modulates coordinate points using grouped watermark information, and uses the average coordinates of all vertices as a key for watermark extraction and data recovery. The experimental results show that the proposed scheme can successfully extract the QR codes and recover the embedded information even after ten consecutive cycles of embedding and extraction. This is achieved while maintaining high robustness and controlled perturbations, even when the scheme undergoes to strong geometric and vertex-editing attacks like rotation, vertex deletion, and cropping.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"96 ","pages":"Article 104303"},"PeriodicalIF":3.7,"publicationDate":"2025-11-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145615158","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A privacy-preserving information sharing scheme in online social networks 在线社交网络中保护隐私的信息共享方案

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2025-11-21 DOI: 10.1016/j.jisa.2025.104304

Yehong Luo , Nafei Zhu , Jingsha He , Anca Delia Jurcut , Yuzi Yi , Xiangjun Ma , Juan Fang

Information leakage during sharing among users is a critical concern for individuals in online social networks (OSNs). The key to addressing the concern is to align privacy protection policies with the subjective willingness of privacy subjects to maximize the utility of information while achieving privacy protection. In this paper, we propose a new framework that can be used to dynamically modulate the extent of information sharing and privacy protection by regulating the scale of propagation of privacy information. In the proposed framework, we firstly define privacy information propagation conditions (PPCs) and then design a PPC-based privacy-preserving information sharing scheme. This scheme performs privacy risk assessment according to the subjective willingness and the consensus on the sensitivity of privacy information as the basis for trade-offs between privacy protection and information sharing. We introduce PPC-TD3, a variant of Twin Delayed Deep Deterministic policy gradient (TD3) integrated with our PPC framework, to identify decision points that maximize information-sharing utility while ensuring robust privacy protection. Theoretical analysis and extensive experiment show that the proposed framework can optimally balance privacy protection and information sharing through identifying the point where the utility of information is maximized.

在线社交网络（online social network, OSNs）中，用户共享过程中的信息泄露是个人关注的一个重要问题。解决这一问题的关键是使隐私保护政策符合隐私主体的主观意愿，在实现隐私保护的同时实现信息效用最大化。在本文中，我们提出了一个新的框架，可以通过调节隐私信息的传播规模来动态调节信息共享和隐私保护的程度。在该框架中，我们首先定义了隐私信息传播条件（PPCs），然后设计了一个基于PPCs的隐私信息共享方案。该方案根据隐私信息的主观意愿和对隐私信息敏感性的共识进行隐私风险评估，作为隐私保护与信息共享之间权衡的基础。我们引入了PPC-TD3，这是双延迟深度确定性策略梯度（TD3）的一种变体，与我们的PPC框架集成在一起，以确定最大限度地提高信息共享效用的决策点，同时确保强大的隐私保护。理论分析和大量实验表明，该框架通过识别信息效用最大化的点，可以实现隐私保护和信息共享的最优平衡。

{"title":"A privacy-preserving information sharing scheme in online social networks","authors":"Yehong Luo , Nafei Zhu , Jingsha He , Anca Delia Jurcut , Yuzi Yi , Xiangjun Ma , Juan Fang","doi":"10.1016/j.jisa.2025.104304","DOIUrl":"10.1016/j.jisa.2025.104304","url":null,"abstract":"<div><div>Information leakage during sharing among users is a critical concern for individuals in online social networks (OSNs). The key to addressing the concern is to align privacy protection policies with the subjective willingness of privacy subjects to maximize the utility of information while achieving privacy protection. In this paper, we propose a new framework that can be used to dynamically modulate the extent of information sharing and privacy protection by regulating the scale of propagation of privacy information. In the proposed framework, we firstly define privacy information propagation conditions (PPCs) and then design a PPC-based privacy-preserving information sharing scheme. This scheme performs privacy risk assessment according to the subjective willingness and the consensus on the sensitivity of privacy information as the basis for trade-offs between privacy protection and information sharing. We introduce PPC-TD3, a variant of Twin Delayed Deep Deterministic policy gradient (TD3) integrated with our PPC framework, to identify decision points that maximize information-sharing utility while ensuring robust privacy protection. Theoretical analysis and extensive experiment show that the proposed framework can optimally balance privacy protection and information sharing through identifying the point where the utility of information is maximized.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"96 ","pages":"Article 104304"},"PeriodicalIF":3.7,"publicationDate":"2025-11-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145569602","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Revocable multi-authority attribute-based keyword search scheme for enhanced security in multi-owner settings 可撤销的基于多授权机构属性的关键字搜索方案，用于增强多所有者设置中的安全性

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2025-11-20 DOI: 10.1016/j.jisa.2025.104315

Zongmin Wang, Qiang Wang, Fucai Zhou, Jian Xu

Attribute-based keyword search (ABKS) has emerged as an effective approach for secure, fine-grained data retrieval in encrypted cloud environments. Although traditional ABKS effectively enforces access policies, it suffers from significant limitations in multi-owner settings, where decentralized control and collaborative governance are required. In addition, existing ABKS schemes encounter several unresolved security challenges. First, as ABKS is built upon attribute-based encryption (ABE), it inevitably inherits its shortcomings, including key escrow and single points of failure. Second, it lacks the ability to detect servers that intentionally return incorrect results, while existing verification mechanisms risk exposing sensitive information. Third, misbehaving cloud service providers face no penalty and may continue to provide services without restriction.

To address these challenges, we propose a revocable multi-authority attribute-based keyword search (RMA-ABKS) scheme tailored for multi-owner environments. RMA-ABKS integrates multi-authority ABE with searchable encryption to decentralize trust and eliminate key escrow, while enabling collaborative access policy formulation across multiple owners. For the remaining challenges, we incorporate a blockchain-based blind verification mechanism to ensure result integrity without privacy leakage, and a cryptographic revocation mechanism to disable malicious cloud servers. Formal security proofs demonstrate selective security and resilience, while experimental evaluations confirm computational efficiency comparable to advanced schemes.

基于属性的关键字搜索（ABKS）已经成为加密云环境中安全、细粒度数据检索的有效方法。尽管传统的ABKS有效地执行了访问策略，但它在多所有者设置中存在显着的局限性，其中需要分散控制和协作治理。此外，现有的ABKS方案遇到了一些未解决的安全挑战。首先，由于ABKS建立在基于属性的加密（ABE）之上，它不可避免地继承了它的缺点，包括密钥托管和单点故障。其次，它缺乏检测故意返回错误结果的服务器的能力，而现有的验证机制有暴露敏感信息的风险。第三，行为不端的云服务提供商不会受到处罚，可以继续不受限制地提供服务。为了解决这些挑战，我们提出了一种针对多所有者环境量身定制的可撤销的多权威基于属性的关键字搜索（RMA-ABKS）方案。RMA-ABKS将多权威ABE与可搜索加密集成在一起，以分散信任并消除密钥托管，同时实现跨多个所有者的协作访问策略制定。对于剩下的挑战，我们采用了基于区块链的盲验证机制来确保结果的完整性而不会泄露隐私，并采用了加密撤销机制来禁用恶意云服务器。正式的安全证明证明了选择性安全性和弹性，而实验评估证实了与高级方案相当的计算效率。

{"title":"Revocable multi-authority attribute-based keyword search scheme for enhanced security in multi-owner settings","authors":"Zongmin Wang, Qiang Wang, Fucai Zhou, Jian Xu","doi":"10.1016/j.jisa.2025.104315","DOIUrl":"10.1016/j.jisa.2025.104315","url":null,"abstract":"<div><div>Attribute-based keyword search (ABKS) has emerged as an effective approach for secure, fine-grained data retrieval in encrypted cloud environments. Although traditional ABKS effectively enforces access policies, it suffers from significant limitations in multi-owner settings, where decentralized control and collaborative governance are required. In addition, existing ABKS schemes encounter several unresolved security challenges. First, as ABKS is built upon attribute-based encryption (ABE), it inevitably inherits its shortcomings, including key escrow and single points of failure. Second, it lacks the ability to detect servers that intentionally return incorrect results, while existing verification mechanisms risk exposing sensitive information. Third, misbehaving cloud service providers face no penalty and may continue to provide services without restriction.</div><div>To address these challenges, we propose a revocable multi-authority attribute-based keyword search (RMA-ABKS) scheme tailored for multi-owner environments. RMA-ABKS integrates multi-authority ABE with searchable encryption to decentralize trust and eliminate key escrow, while enabling collaborative access policy formulation across multiple owners. For the remaining challenges, we incorporate a blockchain-based blind verification mechanism to ensure result integrity without privacy leakage, and a cryptographic revocation mechanism to disable malicious cloud servers. Formal security proofs demonstrate selective security and resilience, while experimental evaluations confirm computational efficiency comparable to advanced schemes.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"96 ","pages":"Article 104315"},"PeriodicalIF":3.7,"publicationDate":"2025-11-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145569603","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Reversible data hiding in encrypted images using adaptive block-level pixel difference encoding 可逆数据隐藏在加密图像使用自适应块级像素差异编码

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2025-11-18 DOI: 10.1016/j.jisa.2025.104316

Hua Ren, Zhen Yue, Ming Li

The blooming cloud storage has brought great convenience for users to upload multimedia data on remote cloud servers and efficiently access the uploaded data through terminals. With the accumulation of user data, how to effectively manage cloud user data while ensuring security becomes particularly important. Reversible Data Hiding in Encrypted Images (RDHEI) is an effective privacy-preserving technology that can embed user identity information, tags, time stamps or other data into encrypted images to facilitate the management of multi-user data. However, the capacity of existing RDHEI methods is not ideal due to the less redundancy in encrypted images. In this paper, a high-capacity RDHEI method using Adaptive Block-level Pixel Difference Encoding (ABPDE) is proposed. Firstly, the content owner uses the block modulation and permutation to encrypt the original image to preserve some redundant space. Secondly, the data hider counts the frequency of occurrence of pixel differences and uses adaptive Huffman encoding to mark the encrypted pixels as embeddable and non-embeddable pixels. The generated Huffman table is embedded into some reference pixels, the side information consisting of the replaced reference pixels and non-embeddable bits is embedded into some embeddable pixels, and the remaining embeddable pixels are used to carry additional data. Finally, a receiver holding the relevant keys can extract the embedded data without errors and reversibly recover the original image. Extensive simulations illustrate that the proposed method is superior to state-of-the-art methods in capacity and security, and the average embedding rates are at least 0.2845 bpp and 0.2900 bpp higher than other state-of-the-art methods on the BOSSbase and BOWS-2 databases, respectively.

蓬勃发展的云存储为用户在远程云服务器上上传多媒体数据以及通过终端高效访问上传的数据带来了极大的便利。随着用户数据的积累，如何在保证安全的同时对云用户数据进行有效管理显得尤为重要。加密图像中的可逆数据隐藏（rdhi）是一种有效的隐私保护技术，它可以将用户身份信息、标签、时间戳或其他数据嵌入到加密图像中，以方便多用户数据的管理。然而，由于加密图像的冗余较少，现有的rdhi方法的容量并不理想。本文提出了一种基于自适应块级像素差编码（ABPDE）的大容量rdhi方法。首先，内容所有者使用分组调制和排列对原始图像进行加密，以保留冗余空间；其次，数据隐藏器计算像素差异出现的频率，并使用自适应霍夫曼编码将加密像素标记为可嵌入像素和不可嵌入像素。将生成的霍夫曼表嵌入到一些参考像素中，将替换的参考像素和不可嵌入位组成的边信息嵌入到一些可嵌入像素中，剩余的可嵌入像素用于携带附加数据。最后，接收器持有相应的密钥，可以准确无误地提取嵌入的数据，并可逆地恢复原始图像。大量的仿真结果表明，该方法在容量和安全性方面都优于目前最先进的方法，并且在bosssbase和BOWS-2数据库上的平均嵌入率分别比其他最先进的方法高0.2845 bpp和0.2900 bpp。

{"title":"Reversible data hiding in encrypted images using adaptive block-level pixel difference encoding","authors":"Hua Ren, Zhen Yue, Ming Li","doi":"10.1016/j.jisa.2025.104316","DOIUrl":"10.1016/j.jisa.2025.104316","url":null,"abstract":"<div><div>The blooming cloud storage has brought great convenience for users to upload multimedia data on remote cloud servers and efficiently access the uploaded data through terminals. With the accumulation of user data, how to effectively manage cloud user data while ensuring security becomes particularly important. Reversible Data Hiding in Encrypted Images (RDHEI) is an effective privacy-preserving technology that can embed user identity information, tags, time stamps or other data into encrypted images to facilitate the management of multi-user data. However, the capacity of existing RDHEI methods is not ideal due to the less redundancy in encrypted images. In this paper, a high-capacity RDHEI method using Adaptive Block-level Pixel Difference Encoding (ABPDE) is proposed. Firstly, the content owner uses the block modulation and permutation to encrypt the original image to preserve some redundant space. Secondly, the data hider counts the frequency of occurrence of pixel differences and uses adaptive Huffman encoding to mark the encrypted pixels as embeddable and non-embeddable pixels. The generated Huffman table is embedded into some reference pixels, the side information consisting of the replaced reference pixels and non-embeddable bits is embedded into some embeddable pixels, and the remaining embeddable pixels are used to carry additional data. Finally, a receiver holding the relevant keys can extract the embedded data without errors and reversibly recover the original image. Extensive simulations illustrate that the proposed method is superior to state-of-the-art methods in capacity and security, and the average embedding rates are at least 0.2845 bpp and 0.2900 bpp higher than other state-of-the-art methods on the BOSSbase and BOWS-2 databases, respectively.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"96 ","pages":"Article 104316"},"PeriodicalIF":3.7,"publicationDate":"2025-11-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145569600","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

PER-AE-DRL: A malicious traffic detection model based on prioritized experience replay and adversarial mechanism PER-AE-DRL：一种基于优先体验重放和对抗机制的恶意流量检测模型

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2025-11-18 DOI: 10.1016/j.jisa.2025.104298

Peihao Liu, Yuntao Zhao, Yongxin Feng

With the rapid advancement of information technology, cybersecurity threats have become more sophisticated, making network intrusion detection vital for ensuring network security. Although existing detection methods have made significant progress in identifying malicious traffic, data class imbalance remains a key challenge. This paper proposes a deep reinforcement learning-based malicious traffic detection model that integrates an adversarial mechanism and Prioritized Experience Replay (PER). First, an environment agent is introduced into the Dueling Double Deep Q-Network (Dueling DDQN) framework to address the data imbalance by resampling the training set. Then, a TD-error-based prioritized experience replay mechanism is introduced, which prioritizes samples with larger TD errors during neural network updates, thereby accelerating model convergence and enhancing learning ability for minority class samples. Finally, through multi-class classification experiments on the NSL-KDD and CIC-IDS2017 datasets, the proposed model achieved an accuracy of 83.41% and an F1 score of 83.39% on the NSL-KDD dataset. On the CIC-IDS2017 dataset, the model achieved both an accuracy and an F1 score exceeding 99%.

随着信息技术的飞速发展，网络安全威胁日趋复杂，网络入侵检测对于保障网络安全至关重要。尽管现有的检测方法在识别恶意流量方面取得了重大进展，但数据类不平衡仍然是一个关键挑战。本文提出了一种基于深度强化学习的恶意流量检测模型，该模型集成了对抗机制和优先体验重放（PER）。首先，在Dueling Double Deep Q-Network （Dueling DDQN）框架中引入环境代理，通过对训练集进行重采样来解决数据不平衡问题。然后，引入一种基于TD误差的优先经验重放机制，在神经网络更新时优先考虑TD误差较大的样本，从而加快模型收敛速度，增强对少数类样本的学习能力。最后，通过在NSL-KDD和CIC-IDS2017数据集上的多类分类实验，该模型在NSL-KDD数据集上的准确率达到83.41%，F1分数达到83.39%。在CIC-IDS2017数据集上，该模型的准确率和F1得分均超过99%。

{"title":"PER-AE-DRL: A malicious traffic detection model based on prioritized experience replay and adversarial mechanism","authors":"Peihao Liu, Yuntao Zhao, Yongxin Feng","doi":"10.1016/j.jisa.2025.104298","DOIUrl":"10.1016/j.jisa.2025.104298","url":null,"abstract":"<div><div>With the rapid advancement of information technology, cybersecurity threats have become more sophisticated, making network intrusion detection vital for ensuring network security. Although existing detection methods have made significant progress in identifying malicious traffic, data class imbalance remains a key challenge. This paper proposes a deep reinforcement learning-based malicious traffic detection model that integrates an adversarial mechanism and Prioritized Experience Replay (PER). First, an environment agent is introduced into the Dueling Double Deep Q-Network (Dueling DDQN) framework to address the data imbalance by resampling the training set. Then, a TD-error-based prioritized experience replay mechanism is introduced, which prioritizes samples with larger TD errors during neural network updates, thereby accelerating model convergence and enhancing learning ability for minority class samples. Finally, through multi-class classification experiments on the NSL-KDD and CIC-IDS2017 datasets, the proposed model achieved an accuracy of 83.41% and an F1 score of 83.39% on the NSL-KDD dataset. On the CIC-IDS2017 dataset, the model achieved both an accuracy and an F1 score exceeding 99%.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"96 ","pages":"Article 104298"},"PeriodicalIF":3.7,"publicationDate":"2025-11-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145569601","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

CTFAgent: An LLM-powered Agent for CTF Challenge Solving CTFAgent：一个llm驱动的CTF挑战解决代理

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2025-11-18 DOI: 10.1016/j.jisa.2025.104305

Yuwen Zou , Jia Liu , Wenjun Fan

Capture-the-Flag (CTF) competitions play an important role in the cybersecurity landscape by simulating realistic attack and defense scenarios and offering diverse categories of challenges. This diversity demands flexible reasoning and adaptive problem-solving, which traditional automation tools struggle to provide, as they are typically designed for specific tasks. Large Language Models (LLMs) with their vast knowledge and strong reasoning capabilities, present a promising approach to overcome these limitations. In this work, we propose CTFAgent, an LLM-powered agent featuring a new plan-and-execute paradigm with a stateful task tree for long-horizon reasoning. To handle diverse challenges, CTFAgent integrates challenge-specific prompting and specialized tools for multimodal analysis and concrete operations. The agent comprises two modes: a fully automated mode and a human-in-the-loop (HITL) mode, which incorporates human operational support for tool execution beyond the automation. Evaluated on challenges from PicoCTF with GPT-4o, Gemini-2.5-Pro and DeepSeek-V3, CTFAgent outperforms 88% of human teams in its automated mode. This performance rises significantly in HITL mode, where it surpasses approximately 94% of teams. These results demonstrate that CTFAgent can effectively solve a wide range of complex tasks, highlighting the potential of LLM-powered agents to advance autonomous cybersecurity solutions.

夺旗（CTF）竞赛通过模拟真实的攻击和防御场景，并提供不同类别的挑战，在网络安全领域发挥着重要作用。这种多样性需要灵活的推理和自适应的问题解决，这是传统自动化工具难以提供的，因为它们通常是为特定的任务设计的。大型语言模型（llm）具有丰富的知识和强大的推理能力，为克服这些限制提供了一种有希望的方法。在这项工作中，我们提出了CTFAgent，一个llm驱动的代理，具有新的计划和执行范式，具有用于长期推理的有状态任务树。为了应对各种挑战，CTFAgent集成了针对特定挑战的提示和用于多模态分析和具体操作的专用工具。代理包括两种模式：一种是完全自动化模式，另一种是人在循环（HITL）模式，后者在自动化之外包含了对工具执行的人工操作支持。通过使用gpt - 40、Gemini-2.5-Pro和DeepSeek-V3对PicoCTF的挑战进行评估，CTFAgent在自动化模式下的表现优于88%的人工团队。这种性能在HITL模式下显著提高，超过了大约94%的团队。这些结果表明，CTFAgent可以有效地解决广泛的复杂任务，突出了llm驱动的代理在推进自主网络安全解决方案方面的潜力。

{"title":"CTFAgent: An LLM-powered Agent for CTF Challenge Solving","authors":"Yuwen Zou , Jia Liu , Wenjun Fan","doi":"10.1016/j.jisa.2025.104305","DOIUrl":"10.1016/j.jisa.2025.104305","url":null,"abstract":"<div><div>Capture-the-Flag (CTF) competitions play an important role in the cybersecurity landscape by simulating realistic attack and defense scenarios and offering diverse categories of challenges. This diversity demands flexible reasoning and adaptive problem-solving, which traditional automation tools struggle to provide, as they are typically designed for specific tasks. Large Language Models (LLMs) with their vast knowledge and strong reasoning capabilities, present a promising approach to overcome these limitations. In this work, we propose CTFAgent, an LLM-powered agent featuring a new plan-and-execute paradigm with a stateful task tree for long-horizon reasoning. To handle diverse challenges, CTFAgent integrates challenge-specific prompting and specialized tools for multimodal analysis and concrete operations. The agent comprises two modes: a fully automated mode and a human-in-the-loop (HITL) mode, which incorporates human operational support for tool execution beyond the automation. Evaluated on challenges from PicoCTF with GPT-4o, Gemini-2.5-Pro and DeepSeek-V3, CTFAgent outperforms 88% of human teams in its automated mode. This performance rises significantly in HITL mode, where it surpasses approximately 94% of teams. These results demonstrate that CTFAgent can effectively solve a wide range of complex tasks, highlighting the potential of LLM-powered agents to advance autonomous cybersecurity solutions.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"96 ","pages":"Article 104305"},"PeriodicalIF":3.7,"publicationDate":"2025-11-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145569604","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Enhancing black-box membership inference attacks in federated learning 增强联邦学习中的黑盒成员推理攻击

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2025-11-15 DOI: 10.1016/j.jisa.2025.104302

Qiang Shi, Luzhen Ren, Xinfeng He

With the widespread deployment of machine learning models in privacy-sensitive domains such as healthcare and finance, the risk of training data leakage has attracted increasing attention. As a fundamental approach for evaluating model privacy leakage, Membership Inference Attack (MIA) has been extensively studied in distributed learning scenarios such as Federated Learning (FL). However, under black-box settings, attackers face severe challenges, including the unavailability of real non-member samples and the inaccessibility of target model architectures, which limit the generalization and accuracy of existing methods. To address these limitations, this paper proposes a DCGAN-enhanced black-box MIA framework, whose innovations are reflected in three major aspects: (1) a discriminator-guided pseudo-sample filtering mechanism that ensures the authenticity and diversity of non-member data; (2) a multi-shadow-model softmax high-dimensional concatenation strategy, which fuses the softmax probability outputs from multiple shadow models to construct discriminative high-dimensional attack representations; and (3) a SMOTE-based balancing module designed to mitigate class imbalance and further improve the generalization of the attack model. The proposed framework significantly enhances the discriminative capability and robustness of black-box MIAs without accessing the internal parameters or training procedures of the target model. Extensive experiments demonstrate that our method consistently outperforms state-of-the-art baselines across multiple federated learning protocols (FedAvg, FedMD, and FedProx) and benchmark datasets (CIFAR-10, CIFAR-100, Fashion-MNIST, and SVHN), achieving an accuracy of 0.9897, an AUC of 0.9899, and a TPR@FPR=1% of 0.9967. These results verify the robustness, generalizability, and wide applicability of the proposed framework, providing a systematic and scalable solution for privacy evaluation in federated learning environments.

随着机器学习模型在医疗保健和金融等隐私敏感领域的广泛应用，培训数据泄露的风险越来越受到关注。隶属关系推理攻击（MIA）作为评估模型隐私泄露的基本方法，在联邦学习（FL）等分布式学习场景中得到了广泛的研究。然而，在黑盒设置下，攻击者面临着严峻的挑战，包括真实非成员样本的不可获得性和目标模型体系结构的不可访问性，这限制了现有方法的泛化和准确性。针对这些局限性，本文提出了一种基于dcgan的黑箱MIA框架，其创新主要体现在三个方面：(1)采用了鉴别器引导的伪样本过滤机制，保证了非成员数据的真实性和多样性；(2)多阴影模型softmax高维拼接策略，融合多个阴影模型的softmax概率输出，构建判别性高维攻击表征；(3)基于smote的平衡模块，旨在缓解类不平衡，进一步提高攻击模型的泛化性。该框架在不访问目标模型内部参数或训练过程的情况下，显著提高了黑箱MIAs的判别能力和鲁棒性。广泛的实验表明，我们的方法在多个联邦学习协议（fedag、FedMD和FedProx）和基准数据集（CIFAR-10、CIFAR-100、fashionon - mnist和SVHN）上始终优于最先进的基线，实现了0.9897的准确率，0.9899的AUC和TPR@FPR=1%的0.9967。这些结果验证了所提出框架的鲁棒性、泛化性和广泛适用性，为联邦学习环境中的隐私评估提供了系统和可扩展的解决方案。

{"title":"Enhancing black-box membership inference attacks in federated learning","authors":"Qiang Shi, Luzhen Ren, Xinfeng He","doi":"10.1016/j.jisa.2025.104302","DOIUrl":"10.1016/j.jisa.2025.104302","url":null,"abstract":"<div><div>With the widespread deployment of machine learning models in privacy-sensitive domains such as healthcare and finance, the risk of training data leakage has attracted increasing attention. As a fundamental approach for evaluating model privacy leakage, Membership Inference Attack (MIA) has been extensively studied in distributed learning scenarios such as Federated Learning (FL). However, under black-box settings, attackers face severe challenges, including the unavailability of real non-member samples and the inaccessibility of target model architectures, which limit the generalization and accuracy of existing methods. To address these limitations, this paper proposes a DCGAN-enhanced black-box MIA framework, whose innovations are reflected in three major aspects: (1) a discriminator-guided pseudo-sample filtering mechanism that ensures the authenticity and diversity of non-member data; (2) a multi-shadow-model softmax high-dimensional concatenation strategy, which fuses the softmax probability outputs from multiple shadow models to construct discriminative high-dimensional attack representations; and (3) a SMOTE-based balancing module designed to mitigate class imbalance and further improve the generalization of the attack model. The proposed framework significantly enhances the discriminative capability and robustness of black-box MIAs without accessing the internal parameters or training procedures of the target model. Extensive experiments demonstrate that our method consistently outperforms state-of-the-art baselines across multiple federated learning protocols (FedAvg, FedMD, and FedProx) and benchmark datasets (CIFAR-10, CIFAR-100, Fashion-MNIST, and SVHN), achieving an accuracy of 0.9897, an AUC of 0.9899, and a TPR@FPR=1% of 0.9967. These results verify the robustness, generalizability, and wide applicability of the proposed framework, providing a systematic and scalable solution for privacy evaluation in federated learning environments.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"96 ","pages":"Article 104302"},"PeriodicalIF":3.7,"publicationDate":"2025-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145520857","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Cybersecurity Digital Twins: Concept, blueprint, and challenges for multi-ownership digital service chains 网络安全数字孪生：多所有权数字服务链的概念、蓝图和挑战

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2025-11-15 DOI: 10.1016/j.jisa.2025.104299

M. Repetto

The growing level of interconnectedness of digital services and infrastructures creates tight and recursive security inter-dependencies between their providers. However, cybersecurity operations remain highly fragmented, since common tasks like disclosing vulnerabilities, reporting alerts, and suggesting remediation are largely restricted within the boundaries of the administrative domain of each provider, while cooperation is usually limited to paperwork and human interactions. This practice has already demonstrated to be inadequate and risky, because it cannot effectively address multi-step attacks and kill chains that propagate across multiple domains.

In this position paper, we elaborate on the concept, blueprint, and usage of a Cyber-security Digital Twin that models and captures the security posture of such interconnected systems. Differently from existing models, our work explicitly addresses the challenges brought by multi-ownership, by focusing on the overall architecture to build cooperative, agile, adaptive and autonomous processes for threat hunting, detection of lateral movements, and eradication of attacks among multiple domains. For this reason, our framework takes into account the necessary federation mechanisms that address trust and confidentiality concerns.

数字服务和基础设施的互联程度不断提高，在它们的提供商之间产生了紧密的、递归的安全相互依赖关系。然而，网络安全运营仍然高度分散，因为披露漏洞、报告警报和建议补救等常见任务在很大程度上限制在每个提供商的管理领域范围内，而合作通常仅限于文书工作和人际互动。这种做法已经被证明是不充分和有风险的，因为它不能有效地处理跨多个域传播的多步骤攻击和杀伤链。在这份意见书中，我们详细阐述了网络安全数字孪生模型的概念、蓝图和用法，该模型可以模拟和捕获此类互联系统的安全状态。与现有模型不同，我们的工作明确解决了多所有权带来的挑战，通过关注整体架构来构建合作，敏捷，自适应和自主的过程，用于威胁狩猎，检测横向移动，并消除多个领域的攻击。出于这个原因，我们的框架考虑了解决信任和机密性问题的必要联合机制。

{"title":"Cybersecurity Digital Twins: Concept, blueprint, and challenges for multi-ownership digital service chains","authors":"M. Repetto","doi":"10.1016/j.jisa.2025.104299","DOIUrl":"10.1016/j.jisa.2025.104299","url":null,"abstract":"<div><div>The growing level of interconnectedness of digital services and infrastructures creates tight and recursive security inter-dependencies between their providers. However, cybersecurity operations remain highly fragmented, since common tasks like disclosing vulnerabilities, reporting alerts, and suggesting remediation are largely restricted within the boundaries of the administrative domain of each provider, while cooperation is usually limited to paperwork and human interactions. This practice has already demonstrated to be inadequate and risky, because it cannot effectively address multi-step attacks and kill chains that propagate across multiple domains.</div><div>In this position paper, we elaborate on the concept, blueprint, and usage of a Cyber-security Digital Twin that models and captures the security posture of such interconnected systems. Differently from existing models, our work explicitly addresses the challenges brought by multi-ownership, by focusing on the overall architecture to build cooperative, agile, adaptive and autonomous processes for threat hunting, detection of lateral movements, and eradication of attacks among multiple domains. For this reason, our framework takes into account the necessary federation mechanisms that address trust and confidentiality concerns.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"96 ","pages":"Article 104299"},"PeriodicalIF":3.7,"publicationDate":"2025-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145520858","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Blockchain-based threshold proxy re-encryption scheme with zero-knowledge proofs for confidential and verifiable IoT networks 基于区块链的阈值代理再加密方案，具有零知识证明，用于机密和可验证的物联网网络

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2025-11-13 DOI: 10.1016/j.jisa.2025.104300

Vinay Rishiwal , Ved Prakash Mishra , A. Jayanthiladevi , Vinay Maurya , Udit Agarwal , Mano Yadav

The rapid proliferation of interconnected devices within the Internet of Things (IoT) continues to generate vast amounts of sensitive, context-rich data, raising significant concerns regarding data confidentiality, verifiability, trust management, and systemic resilience. Traditional IoT network architectures typically rely on centralised third-party entities. This reliance creates single points of failure and elevates the risk of unauthorised data access. To address these limitations, this paper proposes a confidential and verifiable IoT network based on a decentralised security architecture that integrates blockchain with proxy re-encryption. The framework uses threshold cryptography and zero-knowledge proofs to enable privacy-preserving transformations of ciphertext across consensus nodes. This design protects sensitive data while preserving transaction verifiability and integrity. As a result, the system effectively counters threats such as node collusion, Sybil attacks, and metadata leakage. Comprehensive simulations and performance evaluations underscore that the presented model substantially diminishes dependence on centralised proxies while delivering enhanced scalability, robust security, and increased trustworthiness, making it particularly well-suited for practical implementation in confidential IoT environments.

物联网（IoT）中互连设备的快速扩散继续产生大量敏感的、上下文丰富的数据，引起了对数据机密性、可验证性、信任管理和系统弹性的重大关注。传统的物联网网络架构通常依赖于集中式第三方实体。这种依赖造成了单点故障，并增加了未经授权访问数据的风险。为了解决这些限制，本文提出了一个基于分散安全架构的机密和可验证的物联网网络，该架构将区块链与代理重新加密集成在一起。该框架使用阈值密码学和零知识证明来实现跨共识节点的密文隐私保护转换。这种设计保护敏感数据，同时保持事务的可验证性和完整性。有效应对节点合谋、Sybil攻击、元数据泄露等威胁。综合模拟和性能评估强调，所提出的模型大大减少了对集中式代理的依赖，同时提供了增强的可扩展性、强大的安全性和更高的可信度，使其特别适合在机密物联网环境中实际实施。

{"title":"Blockchain-based threshold proxy re-encryption scheme with zero-knowledge proofs for confidential and verifiable IoT networks","authors":"Vinay Rishiwal , Ved Prakash Mishra , A. Jayanthiladevi , Vinay Maurya , Udit Agarwal , Mano Yadav","doi":"10.1016/j.jisa.2025.104300","DOIUrl":"10.1016/j.jisa.2025.104300","url":null,"abstract":"<div><div>The rapid proliferation of interconnected devices within the Internet of Things (IoT) continues to generate vast amounts of sensitive, context-rich data, raising significant concerns regarding data confidentiality, verifiability, trust management, and systemic resilience. Traditional IoT network architectures typically rely on centralised third-party entities. This reliance creates single points of failure and elevates the risk of unauthorised data access. To address these limitations, this paper proposes a confidential and verifiable IoT network based on a decentralised security architecture that integrates blockchain with proxy re-encryption. The framework uses threshold cryptography and zero-knowledge proofs to enable privacy-preserving transformations of ciphertext across consensus nodes. This design protects sensitive data while preserving transaction verifiability and integrity. As a result, the system effectively counters threats such as node collusion, Sybil attacks, and metadata leakage. Comprehensive simulations and performance evaluations underscore that the presented model substantially diminishes dependence on centralised proxies while delivering enhanced scalability, robust security, and increased trustworthiness, making it particularly well-suited for practical implementation in confidential IoT environments.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"96 ","pages":"Article 104300"},"PeriodicalIF":3.7,"publicationDate":"2025-11-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145520861","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A multilayered deep learning framework for cyber attack detection and mitigation in a heterogeneous IIoT ecosystem 在异构IIoT生态系统中用于网络攻击检测和缓解的多层深度学习框架

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2025-11-13 DOI: 10.1016/j.jisa.2025.104301

Arshad Iqbal, Sohail Asghar, Manzoor Ilahi Tamimy

Intrusion Detection Systems (IDSs) for the Internet of Things (IoT) and Industrial IoT (IIoT) face significant challenges, including high false-positive rates (especially for minority-class attacks) and excessive computational requirements, which hinder their deployment on edge devices. Consequently, alert overload is common because operators receive a large volume of alerts that provide little insight into the problems they address. To address this crucial gap, this study presents DeepGuard, a new four-layer framework that significantly improves the security posture of IoT and industrial IoT environments.

DeepGuard combines binary and multiclass classifications, intelligent alarming, and cyber deception into a single, effective defence mechanism. The system incorporates a random forest classifier for feature selection, which extracts the most relevant data features and processes them for use with an optimised multilayer perceptron (MLP). This method achieved an unprecedented accuracy of 99.9% with a low false-positive rate (FPR) of 0.2%, surpassing the state-of-the-art research studies.

We further demonstrated the practical feasibility of DeepGuard by implementing it on computationally constrained, edge devices. With a computational complexity of

O (n l o g n)

and a memory footprint of less than 100 KB, DeepGuard breaks the long-standing trade-off between detection accuracy and operational performance that has inhibited the adoption of IDS at an industrial scale. In addition to a detection-only approach, DeepGuard includes an embedded honeypot layer that proactively profiles emerging and unknown attacks, thereby enabling automated mitigation responses. Thorough evaluations of the WUSTL-IIoT-2021 and X-IIoTID-2022 datasets demonstrated a new state-of-the-art performance and the feasibility of DeepGuard for protecting critical infrastructure.

物联网（IoT）和工业物联网（IIoT）的入侵检测系统（ids）面临着重大挑战，包括高误报率（特别是针对少数类攻击）和过多的计算需求，这阻碍了它们在边缘设备上的部署。因此，警报过载很常见，因为操作人员接收到大量警报，而这些警报对他们所处理的问题几乎没有提供什么见解。为了解决这一关键差距，本研究提出了DeepGuard，这是一个新的四层框架，可显着改善物联网和工业物联网环境的安全状况。DeepGuard将二进制和多类分类、智能报警和网络欺骗结合到一个单一、有效的防御机制中。该系统采用随机森林分类器进行特征选择，提取最相关的数据特征，并对其进行处理，以便与优化的多层感知器（MLP）一起使用。该方法达到了前所未有的99.9%的准确率和0.2%的低假阳性率（FPR），超过了目前最先进的研究。我们通过在计算受限的边缘设备上实现DeepGuard进一步证明了它的实际可行性。DeepGuard的计算复杂度为0 (nlogn)，内存占用小于100 KB，打破了长期以来在检测精度和操作性能之间的权衡，这种权衡阻碍了IDS在工业规模上的应用。除了仅用于检测的方法外，DeepGuard还包含一个嵌入式蜜罐层，可主动分析新出现的和未知的攻击，从而实现自动缓解响应。对WUSTL-IIoT-2021和X-IIoTID-2022数据集的全面评估证明了DeepGuard在保护关键基础设施方面的最新性能和可行性。

{"title":"A multilayered deep learning framework for cyber attack detection and mitigation in a heterogeneous IIoT ecosystem","authors":"Arshad Iqbal, Sohail Asghar, Manzoor Ilahi Tamimy","doi":"10.1016/j.jisa.2025.104301","DOIUrl":"10.1016/j.jisa.2025.104301","url":null,"abstract":"<div><div>Intrusion Detection Systems (IDSs) for the Internet of Things (IoT) and Industrial IoT (IIoT) face significant challenges, including high false-positive rates (especially for minority-class attacks) and excessive computational requirements, which hinder their deployment on edge devices. Consequently, alert overload is common because operators receive a large volume of alerts that provide little insight into the problems they address. To address this crucial gap, this study presents DeepGuard, a new four-layer framework that significantly improves the security posture of IoT and industrial IoT environments.</div><div>DeepGuard combines binary and multiclass classifications, intelligent alarming, and cyber deception into a single, effective defence mechanism. The system incorporates a random forest classifier for feature selection, which extracts the most relevant data features and processes them for use with an optimised multilayer perceptron (MLP). This method achieved an unprecedented accuracy of 99.9% with a low false-positive rate (FPR) of 0.2%, surpassing the state-of-the-art research studies.</div><div>We further demonstrated the practical feasibility of DeepGuard by implementing it on computationally constrained, edge devices. With a computational complexity of <span><math><mrow><mi>O</mi><mrow><mo>(</mo><mi>n</mi><mi>l</mi><mi>o</mi><mi>g</mi><mi>n</mi><mo>)</mo></mrow></mrow></math></span> and a memory footprint of less than 100 KB, DeepGuard breaks the long-standing trade-off between detection accuracy and operational performance that has inhibited the adoption of IDS at an industrial scale. In addition to a detection-only approach, DeepGuard includes an embedded honeypot layer that proactively profiles emerging and unknown attacks, thereby enabling automated mitigation responses. Thorough evaluations of the WUSTL-IIoT-2021 and X-IIoTID-2022 datasets demonstrated a new state-of-the-art performance and the feasibility of DeepGuard for protecting critical infrastructure.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"96 ","pages":"Article 104301"},"PeriodicalIF":3.7,"publicationDate":"2025-11-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145520859","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0