Journal of Information Security and Applications最新文献_第9页

A Dual-Layer image encryption framework using chaotic AES with dynamic S-Boxes and steganographic QR codes 基于混沌AES动态s盒和隐写QR码的双层图像加密框架

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2026-01-01 Epub Date: 2025-12-01 DOI: 10.1016/j.jisa.2025.104322

Md Rishadul Bayesh , Dabbrata Das , Md Ahadullah

This paper presents a robust image encryption and key distribution framework that integrates an enhanced AES-128 algorithm with chaos theory and advanced steganographic techniques for dual-layer security. The encryption engine features a dynamic ShiftRows operation controlled by a logistic map, variable S-boxes generated from a two-dimensional Hénon map for substitution and key expansion, and feedback chaining with post-encryption XOR diffusion to improve confusion, diffusion, and key sensitivity. To address secure key delivery, the scheme introduces dual-key distribution via steganographically modified QR codes. A static key and an AES-encrypted dynamic session key are embedded with a covert hint message using least significant bit (LSB) steganography. This design ensures the dynamic key can only be decrypted after reconstructing the static key from the hidden message, offering multi-factor protection against interception. Experimental results demonstrate the framework outperforms existing chaos-based and hybrid AES methods, achieving near-ideal entropy ( 7.997 bits per pixel), minimal pixel correlation, and strong differential resistance with NPCR (>99.6 %) and UACI ( 33 %–34 %). Encrypted images show uniform histograms and robustness against noise and data loss. The framework offers a scalable, secure solution for sensitive image transmission in applications such as surveillance, medical imaging, and digital forensics, bridging the gap between cryptographic strength and safe key distribution

本文提出了一种鲁棒的图像加密和密钥分发框架，该框架将增强的AES-128算法与混沌理论和先进的隐写技术相结合，用于双层安全。加密引擎的特点是动态ShiftRows操作，由逻辑映射控制，从二维hsamnon映射生成变量s -box，用于替换和密钥扩展，以及带有加密后异或扩散的反馈链，以改善混淆、扩散和密钥敏感性。为了解决安全密钥传递问题，该方案通过隐写修改的QR码引入了双密钥分发。静态密钥和aes加密的动态会话密钥使用最低有效位（LSB）隐写技术嵌入隐蔽提示消息。这种设计确保动态密钥只能在从隐藏消息重构静态密钥后才能解密，从而提供多因素防止拦截的保护。实验结果表明，该框架优于现有的基于混沌和混合AES方法，实现了接近理想的熵（7.997比特/像素），最小的像素相关性，以及与NPCR （> 99.6%）和UACI（33% - 34%）的强差分抵抗。加密后的图像具有均匀的直方图和抗噪声和数据丢失的鲁棒性。该框架为监控、医学成像和数字取证等应用中的敏感图像传输提供了可扩展的安全解决方案，弥合了加密强度和安全密钥分发之间的差距

{"title":"A Dual-Layer image encryption framework using chaotic AES with dynamic S-Boxes and steganographic QR codes","authors":"Md Rishadul Bayesh , Dabbrata Das , Md Ahadullah","doi":"10.1016/j.jisa.2025.104322","DOIUrl":"10.1016/j.jisa.2025.104322","url":null,"abstract":"<div><div>This paper presents a robust image encryption and key distribution framework that integrates an enhanced AES-128 algorithm with chaos theory and advanced steganographic techniques for dual-layer security. The encryption engine features a dynamic ShiftRows operation controlled by a logistic map, variable S-boxes generated from a two-dimensional Hénon map for substitution and key expansion, and feedback chaining with post-encryption XOR diffusion to improve confusion, diffusion, and key sensitivity. To address secure key delivery, the scheme introduces dual-key distribution via steganographically modified QR codes. A static key and an AES-encrypted dynamic session key are embedded with a covert hint message using least significant bit (LSB) steganography. This design ensures the dynamic key can only be decrypted after reconstructing the static key from the hidden message, offering multi-factor protection against interception. Experimental results demonstrate the framework outperforms existing chaos-based and hybrid AES methods, achieving near-ideal entropy ( 7.997 bits per pixel), minimal pixel correlation, and strong differential resistance with NPCR (>99.6 %) and UACI ( 33 %–34 %). Encrypted images show uniform histograms and robustness against noise and data loss. The framework offers a scalable, secure solution for sensitive image transmission in applications such as surveillance, medical imaging, and digital forensics, bridging the gap between cryptographic strength and safe key distribution</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"96 ","pages":"Article 104322"},"PeriodicalIF":3.7,"publicationDate":"2026-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145684286","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Vulnerabilities in Machine Learning for cybersecurity: Current trends and future research directions 面向网络安全的机器学习漏洞：当前趋势和未来研究方向

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2026-01-01 Epub Date: 2025-11-12 DOI: 10.1016/j.jisa.2025.104269

Shantanu Pal , Geeta Yadav , Zahra Jadidi , Ahsan Habib , Md. Palash Uddin , Chandan Karmakar , Sandeep Shukla

Machine learning (ML) has become integral to cybersecurity applications, e.g., phishing detection, intrusion detection systems, malware analysis, and botnet identification. However, the integration of ML also exposes novel attack surfaces that can be exploited through adversarial machine learning (AML). While prior surveys have examined individual threats or defenses, they often focus narrowly on specific stages, e.g., training or testing. In contrast, in this paper, we provide the first comprehensive survey of adversarial attacks and defenses across the entire ML development life cycle within the cybersecurity domain. Using a structured methodology, we categorize vulnerabilities and countermeasures at each stage, data gathering, model training, testing, deployment, and maintenance, highlighting cross-stage interactions and emerging distributed threat models. Our study addresses key gaps in current defenses, including their limited generalizability and lack of standardized evaluation practices, and identifies promising directions, e.g., lifecycle-aware robustness, distributed resilience, and the integration of statistical with generative methods. Consolidating fragmented research into an end-to-end perspective, this study advances the understanding of AML in cybersecurity and outlines a roadmap for building more trustworthy, and resilient ML-driven security systems.

机器学习（ML）已经成为网络安全应用中不可或缺的一部分，例如网络钓鱼检测、入侵检测系统、恶意软件分析和僵尸网络识别。然而，机器学习的集成也暴露了新的攻击面，可以通过对抗性机器学习（AML）加以利用。虽然之前的调查已经检查了单个威胁或防御，但它们通常只关注特定阶段，例如培训或测试。相比之下，在本文中，我们首次全面调查了网络安全领域内整个机器学习开发生命周期中的对抗性攻击和防御。使用结构化方法，我们对每个阶段的漏洞和对策进行了分类，数据收集，模型训练，测试，部署和维护，突出了跨阶段的交互和新兴的分布式威胁模型。我们的研究解决了当前防御中的关键差距，包括其有限的通用性和缺乏标准化的评估实践，并确定了有前途的方向，例如，生命周期感知的鲁棒性，分布式弹性以及统计与生成方法的集成。本研究将零散的研究整合为端到端视角，促进了对网络安全中的“反洗钱”的理解，并概述了构建更值得信赖、更有弹性的机器学习驱动的安全系统的路线图。

{"title":"Vulnerabilities in Machine Learning for cybersecurity: Current trends and future research directions","authors":"Shantanu Pal , Geeta Yadav , Zahra Jadidi , Ahsan Habib , Md. Palash Uddin , Chandan Karmakar , Sandeep Shukla","doi":"10.1016/j.jisa.2025.104269","DOIUrl":"10.1016/j.jisa.2025.104269","url":null,"abstract":"<div><div>Machine learning (ML) has become integral to cybersecurity applications, e.g., phishing detection, intrusion detection systems, malware analysis, and botnet identification. However, the integration of ML also exposes novel attack surfaces that can be exploited through adversarial machine learning (AML). While prior surveys have examined individual threats or defenses, they often focus narrowly on specific stages, e.g., training or testing. In contrast, in this paper, we provide the first comprehensive survey of adversarial attacks and defenses across the entire ML development life cycle within the cybersecurity domain. Using a structured methodology, we categorize vulnerabilities and countermeasures at each stage, data gathering, model training, testing, deployment, and maintenance, highlighting cross-stage interactions and emerging distributed threat models. Our study addresses key gaps in current defenses, including their limited generalizability and lack of standardized evaluation practices, and identifies promising directions, e.g., lifecycle-aware robustness, distributed resilience, and the integration of statistical with generative methods. Consolidating fragmented research into an end-to-end perspective, this study advances the understanding of AML in cybersecurity and outlines a roadmap for building more trustworthy, and resilient ML-driven security systems.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"96 ","pages":"Article 104269"},"PeriodicalIF":3.7,"publicationDate":"2026-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145520860","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

CTFAgent: An LLM-powered Agent for CTF Challenge Solving CTFAgent：一个llm驱动的CTF挑战解决代理

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2026-01-01 Epub Date: 2025-11-18 DOI: 10.1016/j.jisa.2025.104305

Yuwen Zou , Jia Liu , Wenjun Fan

Capture-the-Flag (CTF) competitions play an important role in the cybersecurity landscape by simulating realistic attack and defense scenarios and offering diverse categories of challenges. This diversity demands flexible reasoning and adaptive problem-solving, which traditional automation tools struggle to provide, as they are typically designed for specific tasks. Large Language Models (LLMs) with their vast knowledge and strong reasoning capabilities, present a promising approach to overcome these limitations. In this work, we propose CTFAgent, an LLM-powered agent featuring a new plan-and-execute paradigm with a stateful task tree for long-horizon reasoning. To handle diverse challenges, CTFAgent integrates challenge-specific prompting and specialized tools for multimodal analysis and concrete operations. The agent comprises two modes: a fully automated mode and a human-in-the-loop (HITL) mode, which incorporates human operational support for tool execution beyond the automation. Evaluated on challenges from PicoCTF with GPT-4o, Gemini-2.5-Pro and DeepSeek-V3, CTFAgent outperforms 88% of human teams in its automated mode. This performance rises significantly in HITL mode, where it surpasses approximately 94% of teams. These results demonstrate that CTFAgent can effectively solve a wide range of complex tasks, highlighting the potential of LLM-powered agents to advance autonomous cybersecurity solutions.

夺旗（CTF）竞赛通过模拟真实的攻击和防御场景，并提供不同类别的挑战，在网络安全领域发挥着重要作用。这种多样性需要灵活的推理和自适应的问题解决，这是传统自动化工具难以提供的，因为它们通常是为特定的任务设计的。大型语言模型（llm）具有丰富的知识和强大的推理能力，为克服这些限制提供了一种有希望的方法。在这项工作中，我们提出了CTFAgent，一个llm驱动的代理，具有新的计划和执行范式，具有用于长期推理的有状态任务树。为了应对各种挑战，CTFAgent集成了针对特定挑战的提示和用于多模态分析和具体操作的专用工具。代理包括两种模式：一种是完全自动化模式，另一种是人在循环（HITL）模式，后者在自动化之外包含了对工具执行的人工操作支持。通过使用gpt - 40、Gemini-2.5-Pro和DeepSeek-V3对PicoCTF的挑战进行评估，CTFAgent在自动化模式下的表现优于88%的人工团队。这种性能在HITL模式下显著提高，超过了大约94%的团队。这些结果表明，CTFAgent可以有效地解决广泛的复杂任务，突出了llm驱动的代理在推进自主网络安全解决方案方面的潜力。

{"title":"CTFAgent: An LLM-powered Agent for CTF Challenge Solving","authors":"Yuwen Zou , Jia Liu , Wenjun Fan","doi":"10.1016/j.jisa.2025.104305","DOIUrl":"10.1016/j.jisa.2025.104305","url":null,"abstract":"<div><div>Capture-the-Flag (CTF) competitions play an important role in the cybersecurity landscape by simulating realistic attack and defense scenarios and offering diverse categories of challenges. This diversity demands flexible reasoning and adaptive problem-solving, which traditional automation tools struggle to provide, as they are typically designed for specific tasks. Large Language Models (LLMs) with their vast knowledge and strong reasoning capabilities, present a promising approach to overcome these limitations. In this work, we propose CTFAgent, an LLM-powered agent featuring a new plan-and-execute paradigm with a stateful task tree for long-horizon reasoning. To handle diverse challenges, CTFAgent integrates challenge-specific prompting and specialized tools for multimodal analysis and concrete operations. The agent comprises two modes: a fully automated mode and a human-in-the-loop (HITL) mode, which incorporates human operational support for tool execution beyond the automation. Evaluated on challenges from PicoCTF with GPT-4o, Gemini-2.5-Pro and DeepSeek-V3, CTFAgent outperforms 88% of human teams in its automated mode. This performance rises significantly in HITL mode, where it surpasses approximately 94% of teams. These results demonstrate that CTFAgent can effectively solve a wide range of complex tasks, highlighting the potential of LLM-powered agents to advance autonomous cybersecurity solutions.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"96 ","pages":"Article 104305"},"PeriodicalIF":3.7,"publicationDate":"2026-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145569604","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Realization of multi-image encryption algorithm based on DNA and chaotic system on FPGA 基于DNA和混沌系统的多图像加密算法在FPGA上的实现

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2026-01-01 Epub Date: 2025-11-03 DOI: 10.1016/j.jisa.2025.104267

Nermeen H. Abdelzaher , Mohammed H. Yacoub , Lobna A. Said

This paper introduces an efficient FPGA-based image encryption architecture for securing the transmission of grayscale images over high-data-rate networks. The design supports single and multi-image encryption by fusing multiple grayscale input images into a single encrypted three-channel representation. The fractional-order Nose-Hoover hyperchaotic system and the logistic map are employed to generate pseudo-random sequences for the permutation, scrambling, and DNA processing stages. The initial conditions for the chaotic systems result from XORing a SHA-256 hash of the fused image with a user-defined key. Each channel undergoes a sequence of operations: permutation, pixel-level scrambling, DNA encoding, DNA-based XOR operation, and decoding. The proposed algorithm is implemented on an Xilinx Kintex UltraScale KCU105 FPGA and operates at a maximum frequency of 51.3 MHz. The system’s security performance is evaluated through several widely employed statistical metrics. The cipher image achieve an average entropy of 7.9995 in encrypting four 512 × 512 images using the multi-image encryption scheme. The design is robust against differential attacks, achieving high NPCR and UACI averages of 99.6% and 33.47%, respectively. Additionally, it demonstrates robustness against various analysis methods, including cropping attacks and noise attacks. The algorithm passes the NIST statistical test and demonstrates robustness against known plaintext attacks, supporting its suitability for secure and high-throughput image communication applications.

本文介绍了一种高效的基于fpga的图像加密体系结构，用于在高数据速率网络上保护灰度图像的传输。该设计通过将多个灰度输入图像融合到单个加密的三通道表示中来支持单图像和多图像加密。采用分数阶Nose-Hoover超混沌系统和logistic映射来生成排列、置乱和DNA处理阶段的伪随机序列。混沌系统的初始条件是由使用用户定义的密钥对融合图像的SHA-256哈希进行XORing产生的。每个通道都要经历一系列操作：排列、像素级置乱、DNA编码、基于DNA的异或操作和解码。该算法在Xilinx Kintex UltraScale KCU105 FPGA上实现，最大工作频率为51.3 MHz。系统的安全性能通过几个广泛使用的统计指标进行评估。采用多图像加密方案对4张512 × 512的图像进行加密，得到的加密图像的平均熵为7.9995。该设计对差分攻击具有鲁棒性，NPCR和UACI平均值分别达到99.6%和33.47%。此外，它还证明了对各种分析方法的鲁棒性，包括裁剪攻击和噪声攻击。该算法通过了NIST的统计测试，并证明了对已知明文攻击的鲁棒性，支持其适用于安全和高吞吐量的图像通信应用。

{"title":"Realization of multi-image encryption algorithm based on DNA and chaotic system on FPGA","authors":"Nermeen H. Abdelzaher , Mohammed H. Yacoub , Lobna A. Said","doi":"10.1016/j.jisa.2025.104267","DOIUrl":"10.1016/j.jisa.2025.104267","url":null,"abstract":"<div><div>This paper introduces an efficient FPGA-based image encryption architecture for securing the transmission of grayscale images over high-data-rate networks. The design supports single and multi-image encryption by fusing multiple grayscale input images into a single encrypted three-channel representation. The fractional-order Nose-Hoover hyperchaotic system and the logistic map are employed to generate pseudo-random sequences for the permutation, scrambling, and DNA processing stages. The initial conditions for the chaotic systems result from XORing a SHA-256 hash of the fused image with a user-defined key. Each channel undergoes a sequence of operations: permutation, pixel-level scrambling, DNA encoding, DNA-based XOR operation, and decoding. The proposed algorithm is implemented on an Xilinx Kintex UltraScale KCU105 FPGA and operates at a maximum frequency of 51.3 MHz. The system’s security performance is evaluated through several widely employed statistical metrics. The cipher image achieve an average entropy of 7.9995 in encrypting four 512 × 512 images using the multi-image encryption scheme. The design is robust against differential attacks, achieving high NPCR and UACI averages of 99.6% and 33.47%, respectively. Additionally, it demonstrates robustness against various analysis methods, including cropping attacks and noise attacks. The algorithm passes the NIST statistical test and demonstrates robustness against known plaintext attacks, supporting its suitability for secure and high-throughput image communication applications.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"96 ","pages":"Article 104267"},"PeriodicalIF":3.7,"publicationDate":"2026-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145428832","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

LeakyDroid: A lightweight method for detecting zero-day leaky Android applications using One-Class Graph Neural Networks LeakyDroid：使用一类图神经网络检测零日漏洞的Android应用程序的轻量级方法

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2026-01-01 Epub Date: 2025-11-07 DOI: 10.1016/j.jisa.2025.104296

Neha Sharma, Mayank Swarnkar, Shaan Kumar

In the current era of mobile technology, ensuring user data security and privacy is very important, particularly with the rise of malicious Android applications that aim to leak end-user data. Moreover, the popularity of the Android OS is resulting in growing numbers of such malicious Android applications. Hackers make the apps malicious by downloading the source code of Android applications and modifying it. Static analysis techniques have traditionally been used to detect such leaky Android applications. However, these methods cannot simulate runtime behaviours, leading to false positives or negatives. Moreover, obfuscated code is also harder to analyse using this technique. On the other hand, dynamic analysis-based methods are used to overcome these issues because they capture the application’s actual behaviour during runtime. However, dynamic analysis methods have high computational complexity. To fill this gap, we propose LeakyDroid, a static but lightweight method for detecting zero-day leaky Android applications using one-class graph neural networks. LeakyDroid distinguishes between the zero-day malicious and genuine versions of Android applications based on function calls inside various class files of the installable APK files. LeakyDroid generates a control flow graph from function calls from several versions of normal APK files of the same application. The graph is trained using OCGNN, which effectively captures relationships and invocation patterns of normal APK files. While testing an unknown version of the same application’s APK, if a considerable deviation is seen from normal behaviour, the application is detected as malicious. We evaluated the performance of LeakyDroid on three applications, namely WhatsApp, Netflix, and Instagram, each with approximately 25 benign and a few malicious and leaky versions. LeakyDroid successfully detected all the malicious versions of APK with no false positives.

在当前的移动技术时代，确保用户数据的安全和隐私是非常重要的，特别是随着旨在泄露最终用户数据的恶意Android应用程序的兴起。此外，Android操作系统的普及导致了越来越多的恶意Android应用程序。黑客通过下载Android应用程序的源代码并对其进行修改，使这些应用程序具有恶意。传统上，静态分析技术被用于检测此类泄漏的Android应用程序。然而，这些方法不能模拟运行时行为，从而导致误报或误报。此外，使用这种技术分析混淆的代码也更加困难。另一方面，基于动态分析的方法用于克服这些问题，因为它们在运行时捕获应用程序的实际行为。然而，动态分析方法具有较高的计算复杂度。为了填补这一空白，我们提出了LeakyDroid，这是一种静态但轻量级的方法，用于使用一类图神经网络检测零日漏洞的Android应用程序。LeakyDroid根据可安装APK文件的各种类文件中的函数调用来区分零日恶意版本和正版Android应用程序。LeakyDroid从来自同一应用程序的几个版本的普通APK文件的函数调用中生成控制流图。该图使用OCGNN进行训练，OCGNN有效地捕获普通APK文件的关系和调用模式。在测试同一应用程序APK的未知版本时，如果看到与正常行为有相当大的偏差，则检测到该应用程序为恶意应用程序。我们评估了LeakyDroid在三个应用程序上的表现，分别是WhatsApp、Netflix和Instagram，每个应用程序都有大约25个良性版本和一些恶意和泄漏版本。LeakyDroid成功检测到所有恶意版本的APK，没有误报。

{"title":"LeakyDroid: A lightweight method for detecting zero-day leaky Android applications using One-Class Graph Neural Networks","authors":"Neha Sharma, Mayank Swarnkar, Shaan Kumar","doi":"10.1016/j.jisa.2025.104296","DOIUrl":"10.1016/j.jisa.2025.104296","url":null,"abstract":"<div><div>In the current era of mobile technology, ensuring user data security and privacy is very important, particularly with the rise of malicious Android applications that aim to leak end-user data. Moreover, the popularity of the Android OS is resulting in growing numbers of such malicious Android applications. Hackers make the apps malicious by downloading the source code of Android applications and modifying it. Static analysis techniques have traditionally been used to detect such leaky Android applications. However, these methods cannot simulate runtime behaviours, leading to false positives or negatives. Moreover, obfuscated code is also harder to analyse using this technique. On the other hand, dynamic analysis-based methods are used to overcome these issues because they capture the application’s actual behaviour during runtime. However, dynamic analysis methods have high computational complexity. To fill this gap, we propose <em>LeakyDroid</em>, a static but lightweight method for detecting zero-day leaky Android applications using one-class graph neural networks. <em>LeakyDroid</em> distinguishes between the zero-day malicious and genuine versions of Android applications based on function calls inside various class files of the installable APK files. <em>LeakyDroid</em> generates a control flow graph from function calls from several versions of normal APK files of the same application. The graph is trained using OCGNN, which effectively captures relationships and invocation patterns of normal APK files. While testing an unknown version of the same application’s APK, if a considerable deviation is seen from normal behaviour, the application is detected as malicious. We evaluated the performance of <em>LeakyDroid</em> on three applications, namely WhatsApp, Netflix, and Instagram, each with approximately 25 benign and a few malicious and leaky versions. <em>LeakyDroid</em> successfully detected all the malicious versions of APK with no false positives.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"96 ","pages":"Article 104296"},"PeriodicalIF":3.7,"publicationDate":"2026-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145468937","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A multilayered deep learning framework for cyber attack detection and mitigation in a heterogeneous IIoT ecosystem 在异构IIoT生态系统中用于网络攻击检测和缓解的多层深度学习框架

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2026-01-01 Epub Date: 2025-11-13 DOI: 10.1016/j.jisa.2025.104301

Arshad Iqbal, Sohail Asghar, Manzoor Ilahi Tamimy

Intrusion Detection Systems (IDSs) for the Internet of Things (IoT) and Industrial IoT (IIoT) face significant challenges, including high false-positive rates (especially for minority-class attacks) and excessive computational requirements, which hinder their deployment on edge devices. Consequently, alert overload is common because operators receive a large volume of alerts that provide little insight into the problems they address. To address this crucial gap, this study presents DeepGuard, a new four-layer framework that significantly improves the security posture of IoT and industrial IoT environments.

DeepGuard combines binary and multiclass classifications, intelligent alarming, and cyber deception into a single, effective defence mechanism. The system incorporates a random forest classifier for feature selection, which extracts the most relevant data features and processes them for use with an optimised multilayer perceptron (MLP). This method achieved an unprecedented accuracy of 99.9% with a low false-positive rate (FPR) of 0.2%, surpassing the state-of-the-art research studies.

We further demonstrated the practical feasibility of DeepGuard by implementing it on computationally constrained, edge devices. With a computational complexity of

O (n l o g n)

and a memory footprint of less than 100 KB, DeepGuard breaks the long-standing trade-off between detection accuracy and operational performance that has inhibited the adoption of IDS at an industrial scale. In addition to a detection-only approach, DeepGuard includes an embedded honeypot layer that proactively profiles emerging and unknown attacks, thereby enabling automated mitigation responses. Thorough evaluations of the WUSTL-IIoT-2021 and X-IIoTID-2022 datasets demonstrated a new state-of-the-art performance and the feasibility of DeepGuard for protecting critical infrastructure.

物联网（IoT）和工业物联网（IIoT）的入侵检测系统（ids）面临着重大挑战，包括高误报率（特别是针对少数类攻击）和过多的计算需求，这阻碍了它们在边缘设备上的部署。因此，警报过载很常见，因为操作人员接收到大量警报，而这些警报对他们所处理的问题几乎没有提供什么见解。为了解决这一关键差距，本研究提出了DeepGuard，这是一个新的四层框架，可显着改善物联网和工业物联网环境的安全状况。DeepGuard将二进制和多类分类、智能报警和网络欺骗结合到一个单一、有效的防御机制中。该系统采用随机森林分类器进行特征选择，提取最相关的数据特征，并对其进行处理，以便与优化的多层感知器（MLP）一起使用。该方法达到了前所未有的99.9%的准确率和0.2%的低假阳性率（FPR），超过了目前最先进的研究。我们通过在计算受限的边缘设备上实现DeepGuard进一步证明了它的实际可行性。DeepGuard的计算复杂度为0 (nlogn)，内存占用小于100 KB，打破了长期以来在检测精度和操作性能之间的权衡，这种权衡阻碍了IDS在工业规模上的应用。除了仅用于检测的方法外，DeepGuard还包含一个嵌入式蜜罐层，可主动分析新出现的和未知的攻击，从而实现自动缓解响应。对WUSTL-IIoT-2021和X-IIoTID-2022数据集的全面评估证明了DeepGuard在保护关键基础设施方面的最新性能和可行性。

{"title":"A multilayered deep learning framework for cyber attack detection and mitigation in a heterogeneous IIoT ecosystem","authors":"Arshad Iqbal, Sohail Asghar, Manzoor Ilahi Tamimy","doi":"10.1016/j.jisa.2025.104301","DOIUrl":"10.1016/j.jisa.2025.104301","url":null,"abstract":"<div><div>Intrusion Detection Systems (IDSs) for the Internet of Things (IoT) and Industrial IoT (IIoT) face significant challenges, including high false-positive rates (especially for minority-class attacks) and excessive computational requirements, which hinder their deployment on edge devices. Consequently, alert overload is common because operators receive a large volume of alerts that provide little insight into the problems they address. To address this crucial gap, this study presents DeepGuard, a new four-layer framework that significantly improves the security posture of IoT and industrial IoT environments.</div><div>DeepGuard combines binary and multiclass classifications, intelligent alarming, and cyber deception into a single, effective defence mechanism. The system incorporates a random forest classifier for feature selection, which extracts the most relevant data features and processes them for use with an optimised multilayer perceptron (MLP). This method achieved an unprecedented accuracy of 99.9% with a low false-positive rate (FPR) of 0.2%, surpassing the state-of-the-art research studies.</div><div>We further demonstrated the practical feasibility of DeepGuard by implementing it on computationally constrained, edge devices. With a computational complexity of <span><math><mrow><mi>O</mi><mrow><mo>(</mo><mi>n</mi><mi>l</mi><mi>o</mi><mi>g</mi><mi>n</mi><mo>)</mo></mrow></mrow></math></span> and a memory footprint of less than 100 KB, DeepGuard breaks the long-standing trade-off between detection accuracy and operational performance that has inhibited the adoption of IDS at an industrial scale. In addition to a detection-only approach, DeepGuard includes an embedded honeypot layer that proactively profiles emerging and unknown attacks, thereby enabling automated mitigation responses. Thorough evaluations of the WUSTL-IIoT-2021 and X-IIoTID-2022 datasets demonstrated a new state-of-the-art performance and the feasibility of DeepGuard for protecting critical infrastructure.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"96 ","pages":"Article 104301"},"PeriodicalIF":3.7,"publicationDate":"2026-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145520859","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Cybersecurity Digital Twins: Concept, blueprint, and challenges for multi-ownership digital service chains 网络安全数字孪生：多所有权数字服务链的概念、蓝图和挑战

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2026-01-01 Epub Date: 2025-11-15 DOI: 10.1016/j.jisa.2025.104299

M. Repetto

The growing level of interconnectedness of digital services and infrastructures creates tight and recursive security inter-dependencies between their providers. However, cybersecurity operations remain highly fragmented, since common tasks like disclosing vulnerabilities, reporting alerts, and suggesting remediation are largely restricted within the boundaries of the administrative domain of each provider, while cooperation is usually limited to paperwork and human interactions. This practice has already demonstrated to be inadequate and risky, because it cannot effectively address multi-step attacks and kill chains that propagate across multiple domains.

In this position paper, we elaborate on the concept, blueprint, and usage of a Cyber-security Digital Twin that models and captures the security posture of such interconnected systems. Differently from existing models, our work explicitly addresses the challenges brought by multi-ownership, by focusing on the overall architecture to build cooperative, agile, adaptive and autonomous processes for threat hunting, detection of lateral movements, and eradication of attacks among multiple domains. For this reason, our framework takes into account the necessary federation mechanisms that address trust and confidentiality concerns.

数字服务和基础设施的互联程度不断提高，在它们的提供商之间产生了紧密的、递归的安全相互依赖关系。然而，网络安全运营仍然高度分散，因为披露漏洞、报告警报和建议补救等常见任务在很大程度上限制在每个提供商的管理领域范围内，而合作通常仅限于文书工作和人际互动。这种做法已经被证明是不充分和有风险的，因为它不能有效地处理跨多个域传播的多步骤攻击和杀伤链。在这份意见书中，我们详细阐述了网络安全数字孪生模型的概念、蓝图和用法，该模型可以模拟和捕获此类互联系统的安全状态。与现有模型不同，我们的工作明确解决了多所有权带来的挑战，通过关注整体架构来构建合作，敏捷，自适应和自主的过程，用于威胁狩猎，检测横向移动，并消除多个领域的攻击。出于这个原因，我们的框架考虑了解决信任和机密性问题的必要联合机制。

{"title":"Cybersecurity Digital Twins: Concept, blueprint, and challenges for multi-ownership digital service chains","authors":"M. Repetto","doi":"10.1016/j.jisa.2025.104299","DOIUrl":"10.1016/j.jisa.2025.104299","url":null,"abstract":"<div><div>The growing level of interconnectedness of digital services and infrastructures creates tight and recursive security inter-dependencies between their providers. However, cybersecurity operations remain highly fragmented, since common tasks like disclosing vulnerabilities, reporting alerts, and suggesting remediation are largely restricted within the boundaries of the administrative domain of each provider, while cooperation is usually limited to paperwork and human interactions. This practice has already demonstrated to be inadequate and risky, because it cannot effectively address multi-step attacks and kill chains that propagate across multiple domains.</div><div>In this position paper, we elaborate on the concept, blueprint, and usage of a Cyber-security Digital Twin that models and captures the security posture of such interconnected systems. Differently from existing models, our work explicitly addresses the challenges brought by multi-ownership, by focusing on the overall architecture to build cooperative, agile, adaptive and autonomous processes for threat hunting, detection of lateral movements, and eradication of attacks among multiple domains. For this reason, our framework takes into account the necessary federation mechanisms that address trust and confidentiality concerns.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"96 ","pages":"Article 104299"},"PeriodicalIF":3.7,"publicationDate":"2026-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145520858","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Collusion-resistant multi-user searchable symmetric encryption with conjunctive query and suppressed pattern leakage 具有联合查询和抑制模式泄漏的抗合谋多用户可搜索对称加密

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2025-12-01 Epub Date: 2025-10-28 DOI: 10.1016/j.jisa.2025.104289

Yanpeng Ba , Yuan Ping , Zengpeng Li , Zheng Yuan

Existing multi-user searchable symmetric encryption (MUSSE) schemes often depend on the honesty of users or the assumption that multiple servers will not collude, which compromises security to some extent. While a few collusion-resistant MUSSE schemes are designed for single-server settings, they are limited to single-keyword searches and suffer from significant pattern leakage, making them vulnerable to leakage-abuse attacks (LAAs). We introduce CQ-MUSSE, the first collusion-resistant MUSSE scheme in a single-server setting that supports conjunctive queries to address these limitations. Indeed, CQ-MUSSE enables users to search for multiple keywords simultaneously with a single query. The scheme leverages bloom filters to construct forward indexes and incorporates random dummy keywords into queries to obfuscate search patterns effectively reducing pattern leakage. This design enhances security at the expense of a minor reduction in search result accuracy. The scheme can precisely return documents matching the conjunctive query when pattern leakage is ignored. Experimental evaluations confirm that CQ-MUSSE provides greater search flexibility and improved security with only a moderate increase in computational overhead.

现有的多用户可搜索对称加密（MUSSE）方案往往依赖于用户的诚实性或多台服务器不会串通的假设，这在一定程度上损害了安全性。虽然一些抗合谋的MUSSE方案是为单服务器设置而设计的，但它们仅限于单关键字搜索，并且遭受严重的模式泄漏，使它们容易受到泄漏滥用攻击（LAAs）。我们引入了CQ-MUSSE，这是单服务器设置中第一个抗合谋的MUSSE方案，它支持连接查询来解决这些限制。实际上，CQ-MUSSE允许用户通过一个查询同时搜索多个关键字。该方案利用布隆过滤器构建前向索引，并在查询中加入随机虚拟关键字来混淆搜索模式，有效减少模式泄漏。这种设计增强了安全性，但代价是搜索结果的准确性略有降低。该方案可以在忽略模式泄漏的情况下，精确地返回与连接查询匹配的文档。实验评估证实，CQ-MUSSE提供了更大的搜索灵活性和改进的安全性，而计算开销仅略有增加。

{"title":"Collusion-resistant multi-user searchable symmetric encryption with conjunctive query and suppressed pattern leakage","authors":"Yanpeng Ba , Yuan Ping , Zengpeng Li , Zheng Yuan","doi":"10.1016/j.jisa.2025.104289","DOIUrl":"10.1016/j.jisa.2025.104289","url":null,"abstract":"<div><div>Existing multi-user searchable symmetric encryption (MUSSE) schemes often depend on the honesty of users or the assumption that multiple servers will not collude, which compromises security to some extent. While a few collusion-resistant MUSSE schemes are designed for single-server settings, they are limited to single-keyword searches and suffer from significant pattern leakage, making them vulnerable to leakage-abuse attacks (LAAs). We introduce CQ-MUSSE, the first collusion-resistant MUSSE scheme in a single-server setting that supports conjunctive queries to address these limitations. Indeed, CQ-MUSSE enables users to search for multiple keywords simultaneously with a single query. The scheme leverages bloom filters to construct forward indexes and incorporates random dummy keywords into queries to obfuscate search patterns effectively reducing pattern leakage. This design enhances security at the expense of a minor reduction in search result accuracy. The scheme can precisely return documents matching the conjunctive query when pattern leakage is ignored. Experimental evaluations confirm that CQ-MUSSE provides greater search flexibility and improved security with only a moderate increase in computational overhead.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"95 ","pages":"Article 104289"},"PeriodicalIF":3.7,"publicationDate":"2025-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145424929","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

The ransomware blueprint: Attack patterns and strategic variations across gangs 勒索软件的蓝图：跨团伙的攻击模式和战略变化

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2025-12-01 Epub Date: 2025-10-24 DOI: 10.1016/j.jisa.2025.104264

Francesco Saccone , Pietro Melillo , Arnaldo Sgueglia , Andrea Di Sorbo , Corrado Aaron Visaggio

In recent years, ransomware attacks have attracted the attention of researchers and companies, prompting new issues in identifying effective defense techniques. The study provides a comprehensive analysis of ransomware attacks and their employed tactics from 2020 to 2024, leveraging a large dataset of over 16,000 documented ransomware incidents involving 155 distinct gangs. Using this data, we identify the exploited software vulnerabilities (CVEs) and map them to specific adversarial behaviors within the MITRE ATT&CK framework. In addition to this technical mapping, we differentiated between broadly targeting “generalist” gangs and industry-focused ”specialist” gangs, and we examined variations in attack patterns across target sectors and geographic origins. Our methodology reveals the core ”ransomware blueprint”: a unified kill-chain model comprising recurring techniques spanning initial access through encryption. Key findings include the use of high-severity, widely deployed CVEs (particularly public-facing exploits, such as T1190) as entry points, followed by routine privilege escalation, lateral movement, and impact actions (e.g., T1486 for data encryption). The analysis also reveals regional and sectoral differences: (i) Russian-origin groups often emphasize rapid disruption and recovery inhibition, and (ii) other groups focus on stealthier reconnaissance. Generalist gangs (e.g., LockBit, Cl0p, ALPHV) employ advanced techniques across multiple industries, while specialist gangs concentrate on narrower sectors, using simpler methods such as phishing and credential reuse. Moreover, the number of shared techniques is employed to assess the degree of interconnection among the gangs. These findings provide actionable intelligence for defenders, highlighting the need for multi-layered defenses, targeted vulnerability management, and sector-specific hardening strategies to mitigate evolving ransomware threats.

近年来，勒索软件攻击引起了研究人员和公司的注意，引发了寻找有效防御技术的新问题。该研究对2020年至2024年期间的勒索软件攻击及其使用的策略进行了全面分析，利用了涉及155个不同团伙的16,000多个记录在案的勒索软件事件的大型数据集。使用这些数据，我们确定了被利用的软件漏洞（cve），并将它们映射到MITRE攻击和CK框架内的特定对抗性行为。除了这种技术映射之外，我们区分了广泛瞄准的“通才”团伙和专注于行业的“专家”团伙，并且我们检查了跨目标部门和地理来源的攻击模式的变化。我们的方法揭示了核心的“勒索软件蓝图”：一个统一的杀伤链模型，包括从初始访问到加密的重复技术。主要发现包括使用高严重性、广泛部署的cve（特别是面向公众的漏洞利用，如T1190）作为入口点，然后是常规特权升级、横向移动和影响操作（例如，用于数据加密的T1486）。分析还揭示了区域和部门差异：(i)俄罗斯裔团体经常强调快速破坏和恢复抑制，（ii）其他团体侧重于隐身侦察。通才型团伙（例如LockBit、Cl0p、ALPHV）在多个行业使用先进的技术，而专业团伙则专注于更狭窄的领域，使用更简单的方法，如网络钓鱼和凭证重用。此外，使用共享技术的数量来评估帮派之间的相互联系程度。这些发现为防御者提供了可操作的情报，强调了多层次防御、有针对性的漏洞管理和针对特定行业的强化策略的必要性，以减轻不断演变的勒索软件威胁。

{"title":"The ransomware blueprint: Attack patterns and strategic variations across gangs","authors":"Francesco Saccone , Pietro Melillo , Arnaldo Sgueglia , Andrea Di Sorbo , Corrado Aaron Visaggio","doi":"10.1016/j.jisa.2025.104264","DOIUrl":"10.1016/j.jisa.2025.104264","url":null,"abstract":"<div><div>In recent years, ransomware attacks have attracted the attention of researchers and companies, prompting new issues in identifying effective defense techniques. The study provides a comprehensive analysis of ransomware attacks and their employed tactics from 2020 to 2024, leveraging a large dataset of over 16,000 documented ransomware incidents involving 155 distinct gangs. Using this data, we identify the exploited software vulnerabilities (CVEs) and map them to specific adversarial behaviors within the MITRE ATT&CK framework. In addition to this technical mapping, we differentiated between broadly targeting “generalist” gangs and industry-focused ”specialist” gangs, and we examined variations in attack patterns across target sectors and geographic origins. Our methodology reveals the core ”ransomware blueprint”: a unified kill-chain model comprising recurring techniques spanning initial access through encryption. Key findings include the use of high-severity, widely deployed CVEs (particularly public-facing exploits, such as T1190) as entry points, followed by routine privilege escalation, lateral movement, and impact actions (e.g., T1486 for data encryption). The analysis also reveals regional and sectoral differences: (i) Russian-origin groups often emphasize rapid disruption and recovery inhibition, and (ii) other groups focus on stealthier reconnaissance. Generalist gangs (e.g., LockBit, Cl0p, ALPHV) employ advanced techniques across multiple industries, while specialist gangs concentrate on narrower sectors, using simpler methods such as phishing and credential reuse. Moreover, the number of shared techniques is employed to assess the degree of interconnection among the gangs. These findings provide actionable intelligence for defenders, highlighting the need for multi-layered defenses, targeted vulnerability management, and sector-specific hardening strategies to mitigate evolving ransomware threats.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"95 ","pages":"Article 104264"},"PeriodicalIF":3.7,"publicationDate":"2025-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145365865","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

ABA-LEP: Autonomous Bidirectional Authentication and Lightweight Encryption Protocol for drones under ARM architecture ARM架构下无人机自主双向认证和轻量级加密协议ABA-LEP

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications

Pub Date : 2025-12-01 Epub Date: 2025-10-16 DOI: 10.1016/j.jisa.2025.104268

Qian Zhou , Jiayang Wu , Weizhi Meng

Secure communication protocols for drones are crucial in ensuring safety in potentially threatening network environments. However, existing protocols often suffer from weak autonomy, lack of optimization for ARM architecture, and inefficient utilization of lightweight cryptographic algorithms. To address these issues, this paper designs and analyzes an Autonomous Bidirectional Authentication and Lightweight Encryption Protocol (ABA-LEP) for drones under ARM architecture. The protocol optimizes the fixed-point scalar multiplication in SM2 for ARM architecture to accelerate authentication and key agreement efficiency, and employs simple operations like one-time pad limited XOR for lightweight secure communication encryption. Experiments conducted on the ARM Cortex M-4 based CrazyFlie 2.1 drone demonstrate that, in resource-constrained environments, the ABA-LEP achieves a performance improvement of up to 80.18% in fixed-point scalar multiplication with a 256-bit operand, compared to existing techniques. Additionally, the number of transmitted messages per unit time increases by up to 97.02%. The protocol’s resilience against multiple types of attacks has also been verified using the formal verification tool ProVerif.

无人机的安全通信协议对于确保潜在威胁网络环境中的安全至关重要。然而，现有协议往往存在自主性弱、缺乏针对ARM架构的优化、轻量级加密算法利用率低等问题。为了解决这些问题，本文设计并分析了ARM架构下无人机自主双向认证和轻量级加密协议（ABA-LEP）。该协议针对ARM架构优化了SM2中的定点标量乘法，提高了身份验证和密钥协议效率，并采用一次性pad限制XOR等简单操作实现轻量级安全通信加密。在基于ARM Cortex M-4的crazyfly 2.1无人机上进行的实验表明，在资源受限的环境下，与现有技术相比，ABA-LEP在256位操作数的定点标量乘法中实现了高达80.18%的性能提升。此外，单位时间内传输的消息数量增加了97.02%。该协议对多种类型攻击的弹性也已使用正式验证工具ProVerif进行了验证。

{"title":"ABA-LEP: Autonomous Bidirectional Authentication and Lightweight Encryption Protocol for drones under ARM architecture","authors":"Qian Zhou , Jiayang Wu , Weizhi Meng","doi":"10.1016/j.jisa.2025.104268","DOIUrl":"10.1016/j.jisa.2025.104268","url":null,"abstract":"<div><div>Secure communication protocols for drones are crucial in ensuring safety in potentially threatening network environments. However, existing protocols often suffer from weak autonomy, lack of optimization for ARM architecture, and inefficient utilization of lightweight cryptographic algorithms. To address these issues, this paper designs and analyzes an Autonomous Bidirectional Authentication and Lightweight Encryption Protocol (ABA-LEP) for drones under ARM architecture. The protocol optimizes the fixed-point scalar multiplication in SM2 for ARM architecture to accelerate authentication and key agreement efficiency, and employs simple operations like one-time pad limited XOR for lightweight secure communication encryption. Experiments conducted on the ARM Cortex M-4 based CrazyFlie 2.1 drone demonstrate that, in resource-constrained environments, the ABA-LEP achieves a performance improvement of up to 80.18% in fixed-point scalar multiplication with a 256-bit operand, compared to existing techniques. Additionally, the number of transmitted messages per unit time increases by up to 97.02%. The protocol’s resilience against multiple types of attacks has also been verified using the formal verification tool ProVerif.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"95 ","pages":"Article 104268"},"PeriodicalIF":3.7,"publicationDate":"2025-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145334788","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0