首页 > 最新文献

Journal of Information Security and Applications最新文献

英文 中文
Beyond Reinforcement Learning for network security: A comprehensive survey and tutorial 超越强化学习的网络安全:一个全面的调查和教程
IF 3.7 2区 计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS
Journal of Information Security and Applications
Pub Date : 2025-11-12 DOI: 10.1016/j.jisa.2025.104294
Amir Javadpour , Forough Ja’fari , Tarik Taleb , Fatih Turkmen , Chafika Benzaïd
Maintaining strong security is a complex yet vital challenge in the rapidly evolving landscape of modern digital networks. The risks and consequences of security breaches make neglecting network protection unacceptable. Fortunately, ongoing advances in computer science have equipped researchers with powerful tools to reinforce network defenses. Among these, Reinforcement Learning (RL), a branch of machine learning, has gained significant attention for its versatility and effectiveness in strengthening security mechanisms. This paper presents a comprehensive survey and tutorial on the role of RL in network security. It provides background information, a step-by-step tutorial for training RL models, and systematically categorizes research efforts based on the targeted cyber threats. Leveraging recent advances and real-world applications, this survey elucidates how RL enables the development of adaptive and intelligent systems that autonomously learn and respond to evolving threats. Through in-depth analysis, we provide a comprehensive view of the current landscape and the future potential of RL in safeguarding digital assets. The main contributions of this survey are: (1) a systematic and up-to-date review of RL approaches for network security; (2) a unified taxonomy for classifying RL-based solutions; (3) a comparison of the latest advances from 2019 to 2024 across mainstream and emerging research areas; (4) identification of open challenges and future research directions; and (5) a comparative analysis of state-of-the-art models, offering practical insights for both researchers and practitioners. Furthermore, this survey emphasizes the practical translation of RL advances into real-world deployments. By focusing on hands-on implementation guidelines and comparative analyses of deployment scenarios, it bridges the gap between academic research and operational practice. The comprehensive evaluation of RL-based models across different network environments provides actionable insights for practitioners seeking adaptive and scalable security solutions in dynamic and heterogeneous settings.
在快速发展的现代数字网络环境中,保持强大的安全性是一项复杂而又至关重要的挑战。安全漏洞的风险和后果使得忽视网络保护是不可接受的。幸运的是,计算机科学的不断进步为研究人员提供了强大的工具来加强网络防御。其中,强化学习(RL)作为机器学习的一个分支,因其在加强安全机制方面的多功能性和有效性而受到广泛关注。本文对RL在网络安全中的作用进行了全面的综述和介绍。它提供了背景信息、训练强化学习模型的分步教程,并根据目标网络威胁系统地对研究工作进行了分类。利用最新的进展和现实世界的应用,本调查阐明了强化学习如何使自适应和智能系统的开发能够自主学习和响应不断变化的威胁。通过深入分析,我们全面了解了RL在保护数字资产方面的现状和未来潜力。本调查的主要贡献是:(1)对网络安全的RL方法进行了系统和最新的回顾;(2)基于rl的解决方案的统一分类;(3) 2019 - 2024年主流与新兴研究领域的最新进展对比;(4)确定开放性挑战和未来研究方向;(5)对最先进的模型进行了比较分析,为研究人员和实践者提供了实践见解。此外,本调查强调了将强化学习的进步实际转化为现实世界的部署。通过关注实际的实现指南和部署场景的比较分析,它弥合了学术研究和操作实践之间的差距。跨不同网络环境的基于rl的模型的综合评估为从业者在动态和异构设置中寻求自适应和可扩展的安全解决方案提供了可操作的见解。
{"title":"Beyond Reinforcement Learning for network security: A comprehensive survey and tutorial","authors":"Amir Javadpour ,&nbsp;Forough Ja’fari ,&nbsp;Tarik Taleb ,&nbsp;Fatih Turkmen ,&nbsp;Chafika Benzaïd","doi":"10.1016/j.jisa.2025.104294","DOIUrl":"10.1016/j.jisa.2025.104294","url":null,"abstract":"<div><div>Maintaining strong security is a complex yet vital challenge in the rapidly evolving landscape of modern digital networks. The risks and consequences of security breaches make neglecting network protection unacceptable. Fortunately, ongoing advances in computer science have equipped researchers with powerful tools to reinforce network defenses. Among these, Reinforcement Learning (RL), a branch of machine learning, has gained significant attention for its versatility and effectiveness in strengthening security mechanisms. This paper presents a comprehensive survey and tutorial on the role of RL in network security. It provides background information, a step-by-step tutorial for training RL models, and systematically categorizes research efforts based on the targeted cyber threats. Leveraging recent advances and real-world applications, this survey elucidates how RL enables the development of adaptive and intelligent systems that autonomously learn and respond to evolving threats. Through in-depth analysis, we provide a comprehensive view of the current landscape and the future potential of RL in safeguarding digital assets. The main contributions of this survey are: (1) a systematic and up-to-date review of RL approaches for network security; (2) a unified taxonomy for classifying RL-based solutions; (3) a comparison of the latest advances from 2019 to 2024 across mainstream and emerging research areas; (4) identification of open challenges and future research directions; and (5) a comparative analysis of state-of-the-art models, offering practical insights for both researchers and practitioners. Furthermore, this survey emphasizes the practical translation of RL advances into real-world deployments. By focusing on hands-on implementation guidelines and comparative analyses of deployment scenarios, it bridges the gap between academic research and operational practice. The comprehensive evaluation of RL-based models across different network environments provides actionable insights for practitioners seeking adaptive and scalable security solutions in dynamic and heterogeneous settings.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"96 ","pages":"Article 104294"},"PeriodicalIF":3.7,"publicationDate":"2025-11-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145520862","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Vulnerabilities in Machine Learning for cybersecurity: Current trends and future research directions 面向网络安全的机器学习漏洞:当前趋势和未来研究方向
IF 3.7 2区 计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS
Journal of Information Security and Applications
Pub Date : 2025-11-12 DOI: 10.1016/j.jisa.2025.104269
Shantanu Pal , Geeta Yadav , Zahra Jadidi , Ahsan Habib , Md. Palash Uddin , Chandan Karmakar , Sandeep Shukla
Machine learning (ML) has become integral to cybersecurity applications, e.g., phishing detection, intrusion detection systems, malware analysis, and botnet identification. However, the integration of ML also exposes novel attack surfaces that can be exploited through adversarial machine learning (AML). While prior surveys have examined individual threats or defenses, they often focus narrowly on specific stages, e.g., training or testing. In contrast, in this paper, we provide the first comprehensive survey of adversarial attacks and defenses across the entire ML development life cycle within the cybersecurity domain. Using a structured methodology, we categorize vulnerabilities and countermeasures at each stage, data gathering, model training, testing, deployment, and maintenance, highlighting cross-stage interactions and emerging distributed threat models. Our study addresses key gaps in current defenses, including their limited generalizability and lack of standardized evaluation practices, and identifies promising directions, e.g., lifecycle-aware robustness, distributed resilience, and the integration of statistical with generative methods. Consolidating fragmented research into an end-to-end perspective, this study advances the understanding of AML in cybersecurity and outlines a roadmap for building more trustworthy, and resilient ML-driven security systems.
机器学习(ML)已经成为网络安全应用中不可或缺的一部分,例如网络钓鱼检测、入侵检测系统、恶意软件分析和僵尸网络识别。然而,机器学习的集成也暴露了新的攻击面,可以通过对抗性机器学习(AML)加以利用。虽然之前的调查已经检查了单个威胁或防御,但它们通常只关注特定阶段,例如培训或测试。相比之下,在本文中,我们首次全面调查了网络安全领域内整个机器学习开发生命周期中的对抗性攻击和防御。使用结构化方法,我们对每个阶段的漏洞和对策进行了分类,数据收集,模型训练,测试,部署和维护,突出了跨阶段的交互和新兴的分布式威胁模型。我们的研究解决了当前防御中的关键差距,包括其有限的通用性和缺乏标准化的评估实践,并确定了有前途的方向,例如,生命周期感知的鲁棒性,分布式弹性以及统计与生成方法的集成。本研究将零散的研究整合为端到端视角,促进了对网络安全中的“反洗钱”的理解,并概述了构建更值得信赖、更有弹性的机器学习驱动的安全系统的路线图。
{"title":"Vulnerabilities in Machine Learning for cybersecurity: Current trends and future research directions","authors":"Shantanu Pal ,&nbsp;Geeta Yadav ,&nbsp;Zahra Jadidi ,&nbsp;Ahsan Habib ,&nbsp;Md. Palash Uddin ,&nbsp;Chandan Karmakar ,&nbsp;Sandeep Shukla","doi":"10.1016/j.jisa.2025.104269","DOIUrl":"10.1016/j.jisa.2025.104269","url":null,"abstract":"<div><div>Machine learning (ML) has become integral to cybersecurity applications, e.g., phishing detection, intrusion detection systems, malware analysis, and botnet identification. However, the integration of ML also exposes novel attack surfaces that can be exploited through adversarial machine learning (AML). While prior surveys have examined individual threats or defenses, they often focus narrowly on specific stages, e.g., training or testing. In contrast, in this paper, we provide the first comprehensive survey of adversarial attacks and defenses across the entire ML development life cycle within the cybersecurity domain. Using a structured methodology, we categorize vulnerabilities and countermeasures at each stage, data gathering, model training, testing, deployment, and maintenance, highlighting cross-stage interactions and emerging distributed threat models. Our study addresses key gaps in current defenses, including their limited generalizability and lack of standardized evaluation practices, and identifies promising directions, e.g., lifecycle-aware robustness, distributed resilience, and the integration of statistical with generative methods. Consolidating fragmented research into an end-to-end perspective, this study advances the understanding of AML in cybersecurity and outlines a roadmap for building more trustworthy, and resilient ML-driven security systems.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"96 ","pages":"Article 104269"},"PeriodicalIF":3.7,"publicationDate":"2025-11-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145520860","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Blockchain-based access control model for smart grids using peak hour and privilege level attributes (BACS-HP) 基于区块链的智能电网峰值小时和特权级别属性访问控制模型(bac - hp)
IF 3.7 2区 计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS
Journal of Information Security and Applications
Pub Date : 2025-11-10 DOI: 10.1016/j.jisa.2025.104261
Sarra Namane , Imed Ben Dhaou
The increasing reliance on smart plugs and smart meters in modern electricity grids introduces significant security vulnerabilities, as unauthorized access can compromise grid reliability and stability. Traditional access control models are ill-suited for smart grids’ decentralized and dynamic nature. This paper introduces BACS-HP, a novel Blockchain-Based Access Control Model for Smart Grids that enhances security by incorporating privilege levels and peak hour attributes. Privilege levels prioritize access to critical devices during energy constraints, while the peak hour attribute enables adaptive decision-making to optimize energy allocation during periods of high demand. Unlike existing blockchain-based access control solutions, BACS-HP uniquely combines these context-aware attributes to provide fine-grained access control tailored to the specific needs of smart grids. The model leverages blockchain technology to ensure the secure and decentralized storage of access rights and enforces policies via smart contracts, mitigating single points of failure. Empirical results demonstrate that BACS-HP achieves low-latency security rule updates (between 42 ms and 46 ms), rapid access request processing (between 21 ms and 46 ms), and a high acceptance rate (60%) for critical devices during power outages, outperforming standard ABAC implementations in terms of responsiveness and prioritization. BACS-HP contributes to advancing access control mechanisms in smart grids and highlights the potential of blockchain to meet the security and performance demands of modern energy systems.
现代电网对智能插头和智能电表的依赖日益增加,这带来了重大的安全漏洞,因为未经授权的访问可能会损害电网的可靠性和稳定性。传统的访问控制模型不适用于智能电网的分散性和动态性。本文介绍了BACS-HP,这是一种新型的基于区块链的智能电网访问控制模型,通过结合特权级别和高峰时间属性来提高安全性。在能源限制期间,特权级别优先考虑对关键设备的访问,而高峰时间属性使自适应决策能够在高需求期间优化能源分配。与现有的基于区块链的访问控制解决方案不同,BACS-HP独特地结合了这些上下文感知属性,提供针对智能电网特定需求的细粒度访问控制。该模型利用区块链技术确保访问权限的安全和分散存储,并通过智能合约执行策略,减少单点故障。实证结果表明,BACS-HP实现了低延迟的安全规则更新(在42 ms到46 ms之间),快速的访问请求处理(在21 ms到46 ms之间),以及在断电期间关键设备的高接受率(60%),在响应性和优先级方面优于标准ABAC实现。BACS-HP有助于推进智能电网中的访问控制机制,并突出区块链在满足现代能源系统安全和性能需求方面的潜力。
{"title":"Blockchain-based access control model for smart grids using peak hour and privilege level attributes (BACS-HP)","authors":"Sarra Namane ,&nbsp;Imed Ben Dhaou","doi":"10.1016/j.jisa.2025.104261","DOIUrl":"10.1016/j.jisa.2025.104261","url":null,"abstract":"<div><div>The increasing reliance on smart plugs and smart meters in modern electricity grids introduces significant security vulnerabilities, as unauthorized access can compromise grid reliability and stability. Traditional access control models are ill-suited for smart grids’ decentralized and dynamic nature. This paper introduces BACS-HP, a novel Blockchain-Based Access Control Model for Smart Grids that enhances security by incorporating <em>privilege levels</em> and <em>peak hour</em> attributes. Privilege levels prioritize access to critical devices during energy constraints, while the peak hour attribute enables adaptive decision-making to optimize energy allocation during periods of high demand. Unlike existing blockchain-based access control solutions, BACS-HP uniquely combines these context-aware attributes to provide fine-grained access control tailored to the specific needs of smart grids. The model leverages blockchain technology to ensure the secure and decentralized storage of access rights and enforces policies via smart contracts, mitigating single points of failure. Empirical results demonstrate that BACS-HP achieves low-latency security rule updates (between 42 ms and 46 ms), rapid access request processing (between 21 ms and 46 ms), and a high acceptance rate (60%) for critical devices during power outages, outperforming standard ABAC implementations in terms of responsiveness and prioritization. BACS-HP contributes to advancing access control mechanisms in smart grids and highlights the potential of blockchain to meet the security and performance demands of modern energy systems.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"96 ","pages":"Article 104261"},"PeriodicalIF":3.7,"publicationDate":"2025-11-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145520877","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Protocol design of non-linear function in secure multi-party computation based on secret sharing 基于秘密共享的安全多方计算非线性函数协议设计
IF 3.7 2区 计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS
Journal of Information Security and Applications
Pub Date : 2025-11-10 DOI: 10.1016/j.jisa.2025.104293
Zhongkai Li, Shuyang Fan, Lingfei Jin
Secure Multi-Party Computation (MPC) enables a group of untrusted parties to collaboratively compute the output of a specified function, while ensuring that each party’s private input remains confidential. Coupled with secret sharing, MPC facilitates privacy-preserving computations, a technique increasingly utilized in diverse fields, such as machine learning. While efficient protocols exist within MPC for linear functions, the evaluation of non-linear functions presents a significant challenge. Existing methods for non-linear functions are often either inefficient or lack the generality for widespread adoption, making them a major impediment in both the design and practical implementation of MPC schemes.
In this study, we explore the development of a generic protocol for non-linear function computation in MPC, grounded in secret sharing. We have devised a series of protocols to compute fundamental non-linear functions in a three-party setting under a semi-honest security model, representing secret-shared decimal numbers in fixed-point format. These protocols include Πexp for exponential functions, Πlog for logarithmic functions, and ΠInv for inverse proportion functions. By integrating these basic functions, we can formulate protocols for a broad spectrum of non-linear functions. Specifically, we have developed the ΠSigmoid and ΠTanh protocols based on the aforementioned methods. Throughout this paper, unless otherwise specified, comparisons refer exclusively to secret-sharing-based (SS-based) MPC protocols in the three-party, semi-honest setting; constant-round garbled-circuit (GC) approaches are outside our comparison scope due to different cost trade-offs. Within this SS-based literature, our protocols offer the lowest online communication rounds. Furthermore, Πexp and Πinv support an extended range of inputs, and Πlog represents the first protocol capable of handling logarithmic functions with fixed-point inputs. This paper provides a thorough analysis of the security and performance of these innovative protocols.
安全多方计算(MPC)使一组不受信任的各方能够协作计算指定函数的输出,同时确保每一方的私有输入保持机密。再加上秘密共享,MPC促进了隐私保护计算,这是一种越来越多地应用于不同领域的技术,如机器学习。虽然MPC中存在用于线性函数的有效协议,但非线性函数的评估提出了一个重大挑战。非线性函数的现有方法往往效率低下或缺乏广泛采用的通用性,使它们成为MPC方案设计和实际实施的主要障碍。在本研究中,我们探索了基于秘密共享的MPC非线性函数计算通用协议的开发。我们设计了一系列协议,在半诚实的安全模型下计算三方设置中的基本非线性函数,以定点格式表示秘密共享的十进制数。这些协议包括用于指数函数的Πexp,用于对数函数的Πlog和用于反比函数的ΠInv。通过整合这些基本函数,我们可以为广泛的非线性函数制定协议。具体来说,我们基于上述方法开发了ΠSigmoid和ΠTanh协议。在本文中,除非另有说明,比较只指在三方、半诚实设置中基于秘密共享(SS-based)的MPC协议;由于不同的成本权衡,恒圆乱码电路(GC)方法超出了我们的比较范围。在这个基于ss的文献中,我们的协议提供了最低的在线通信回合。此外,Πexp和Πinv支持扩展的输入范围,Πlog代表了第一个能够处理具有定点输入的对数函数的协议。本文对这些创新协议的安全性和性能进行了全面的分析。
{"title":"Protocol design of non-linear function in secure multi-party computation based on secret sharing","authors":"Zhongkai Li,&nbsp;Shuyang Fan,&nbsp;Lingfei Jin","doi":"10.1016/j.jisa.2025.104293","DOIUrl":"10.1016/j.jisa.2025.104293","url":null,"abstract":"<div><div>Secure Multi-Party Computation (MPC) enables a group of untrusted parties to collaboratively compute the output of a specified function, while ensuring that each party’s private input remains confidential. Coupled with secret sharing, MPC facilitates privacy-preserving computations, a technique increasingly utilized in diverse fields, such as machine learning. While efficient protocols exist within MPC for linear functions, the evaluation of non-linear functions presents a significant challenge. Existing methods for non-linear functions are often either inefficient or lack the generality for widespread adoption, making them a major impediment in both the design and practical implementation of MPC schemes.</div><div>In this study, we explore the development of a generic protocol for non-linear function computation in MPC, grounded in secret sharing. We have devised a series of protocols to compute fundamental non-linear functions in a three-party setting under a semi-honest security model, representing secret-shared decimal numbers in fixed-point format. These protocols include <span><math><msub><mrow><mi>Π</mi></mrow><mrow><mo>exp</mo></mrow></msub></math></span> for exponential functions, <span><math><msub><mrow><mi>Π</mi></mrow><mrow><mo>log</mo></mrow></msub></math></span> for logarithmic functions, and <span><math><msub><mrow><mi>Π</mi></mrow><mrow><mtext>Inv</mtext></mrow></msub></math></span> for inverse proportion functions. By integrating these basic functions, we can formulate protocols for a broad spectrum of non-linear functions. Specifically, we have developed the <span><math><msub><mrow><mi>Π</mi></mrow><mrow><mtext>Sigmoid</mtext></mrow></msub></math></span> and <span><math><msub><mrow><mi>Π</mi></mrow><mrow><mtext>Tanh</mtext></mrow></msub></math></span> protocols based on the aforementioned methods. Throughout this paper, unless otherwise specified, comparisons refer exclusively to secret-sharing-based (SS-based) MPC protocols in the three-party, semi-honest setting; constant-round garbled-circuit (GC) approaches are outside our comparison scope due to different cost trade-offs. Within this SS-based literature, our protocols offer the lowest online communication rounds. Furthermore, <span><math><msub><mrow><mi>Π</mi></mrow><mrow><mo>exp</mo></mrow></msub></math></span> and <span><math><msub><mrow><mi>Π</mi></mrow><mrow><mtext>inv</mtext></mrow></msub></math></span> support an extended range of inputs, and <span><math><msub><mrow><mi>Π</mi></mrow><mrow><mo>log</mo></mrow></msub></math></span> represents the first protocol capable of handling logarithmic functions with fixed-point inputs. This paper provides a thorough analysis of the security and performance of these innovative protocols.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"96 ","pages":"Article 104293"},"PeriodicalIF":3.7,"publicationDate":"2025-11-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145520879","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Uncertainty-aware regular-singular discriminant analysis for lossless watermarking 无损水印的正则奇异判别分析
IF 3.7 2区 计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS
Journal of Information Security and Applications
Pub Date : 2025-11-08 DOI: 10.1016/j.jisa.2025.104295
Guo-Dong Su , Xu Wang , Ching-Chun Chang
It remains a major challenge in how to effectively organize and manage digital images stored in cloud. Regular-singular (RS) based watermarking, as one of important technologies, aims to insert watermark into digital images to solve this issue. By revisiting series of RS based watermarking methods, however, how to achieve a better trade-off between enlarging the embedding capacity and keeping the amount of distortion as soon as possible remains an interesting problem, especially deep learning comes powerful. For this, this paper presents a novel lossless watermarking method using uncertainty-aware discriminant analysis and deep learning technology. First, a numerical ordinary differential equation inspired network architecture for cover synthesis we refer to as NDCS is introduced. It produces a more realistic cover objective by minimizing a smaller local truncation error. As for NDCS, we are also interested in its performance under different network configurations. On this basis, we introduce an uncertainty-aware discriminant analysis in steganographic algorithm, thereby enabling to yield perceptually indistinguishable watermarked images at various capacities. The experimental results demonstrate that our method is conducive to improving the quality of synthetic objective with the mean hamming distance of 0.2231 and achieving a more satisfactory rate-distortion trade-off with an average embedding capacity of 0.2043 bpp, when comparing to the prior regular-singular methods. In addition, our approach can against RS steganalysis and has the identical performance in encrypted domain.
如何有效地组织和管理存储在云中的数字图像仍然是一个重大挑战。正则奇异水印作为一种重要的水印技术,旨在通过在数字图像中插入水印来解决这一问题。然而,通过回顾一系列基于RS的水印方法,如何在扩大嵌入容量和尽快保持失真量之间取得更好的平衡仍然是一个有趣的问题,尤其是深度学习的强大。为此,本文提出了一种利用不确定性感知判别分析和深度学习技术的无损水印方法。首先,介绍了一种数值常微分方程启发的覆盖物综合网络结构,我们称之为NDCS。它通过最小化较小的局部截断误差来产生更真实的覆盖目标。对于NDCS,我们也对它在不同网络配置下的性能很感兴趣。在此基础上,我们在隐写算法中引入了不确定性感知的判别分析,从而能够在不同容量下产生感知上不可区分的水印图像。实验结果表明,与现有的正则奇异方法相比,该方法可以提高合成目标的质量,平均汉明距离为0.2231,平均嵌入容量为0.2043 bpp,实现了更令人满意的率失真权衡。此外,我们的方法可以对抗RS隐写分析,并且在加密域具有相同的性能。
{"title":"Uncertainty-aware regular-singular discriminant analysis for lossless watermarking","authors":"Guo-Dong Su ,&nbsp;Xu Wang ,&nbsp;Ching-Chun Chang","doi":"10.1016/j.jisa.2025.104295","DOIUrl":"10.1016/j.jisa.2025.104295","url":null,"abstract":"<div><div>It remains a major challenge in how to effectively organize and manage digital images stored in cloud. Regular-singular (RS) based watermarking, as one of important technologies, aims to insert watermark into digital images to solve this issue. By revisiting series of RS based watermarking methods, however, how to achieve a better trade-off between enlarging the embedding capacity and keeping the amount of distortion as soon as possible remains an interesting problem, especially deep learning comes powerful. For this, this paper presents a novel lossless watermarking method using uncertainty-aware discriminant analysis and deep learning technology. First, a numerical ordinary differential equation inspired network architecture for cover synthesis we refer to as <strong>NDCS</strong> is introduced. It produces a more realistic cover objective by minimizing a smaller local truncation error. As for <strong>NDCS</strong>, we are also interested in its performance under different network configurations. On this basis, we introduce an uncertainty-aware discriminant analysis in steganographic algorithm, thereby enabling to yield perceptually indistinguishable watermarked images at various capacities. The experimental results demonstrate that our method is conducive to improving the quality of synthetic objective with the mean hamming distance of 0.2231 and achieving a more satisfactory rate-distortion trade-off with an average embedding capacity of 0.2043 bpp, when comparing to the prior regular-singular methods. In addition, our approach can against RS steganalysis and has the identical performance in encrypted domain.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"96 ","pages":"Article 104295"},"PeriodicalIF":3.7,"publicationDate":"2025-11-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145468934","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
LeakyDroid: A lightweight method for detecting zero-day leaky Android applications using One-Class Graph Neural Networks LeakyDroid:使用一类图神经网络检测零日漏洞的Android应用程序的轻量级方法
IF 3.7 2区 计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS
Journal of Information Security and Applications
Pub Date : 2025-11-07 DOI: 10.1016/j.jisa.2025.104296
Neha Sharma, Mayank Swarnkar, Shaan Kumar
In the current era of mobile technology, ensuring user data security and privacy is very important, particularly with the rise of malicious Android applications that aim to leak end-user data. Moreover, the popularity of the Android OS is resulting in growing numbers of such malicious Android applications. Hackers make the apps malicious by downloading the source code of Android applications and modifying it. Static analysis techniques have traditionally been used to detect such leaky Android applications. However, these methods cannot simulate runtime behaviours, leading to false positives or negatives. Moreover, obfuscated code is also harder to analyse using this technique. On the other hand, dynamic analysis-based methods are used to overcome these issues because they capture the application’s actual behaviour during runtime. However, dynamic analysis methods have high computational complexity. To fill this gap, we propose LeakyDroid, a static but lightweight method for detecting zero-day leaky Android applications using one-class graph neural networks. LeakyDroid distinguishes between the zero-day malicious and genuine versions of Android applications based on function calls inside various class files of the installable APK files. LeakyDroid generates a control flow graph from function calls from several versions of normal APK files of the same application. The graph is trained using OCGNN, which effectively captures relationships and invocation patterns of normal APK files. While testing an unknown version of the same application’s APK, if a considerable deviation is seen from normal behaviour, the application is detected as malicious. We evaluated the performance of LeakyDroid on three applications, namely WhatsApp, Netflix, and Instagram, each with approximately 25 benign and a few malicious and leaky versions. LeakyDroid successfully detected all the malicious versions of APK with no false positives.
在当前的移动技术时代,确保用户数据的安全和隐私是非常重要的,特别是随着旨在泄露最终用户数据的恶意Android应用程序的兴起。此外,Android操作系统的普及导致了越来越多的恶意Android应用程序。黑客通过下载Android应用程序的源代码并对其进行修改,使这些应用程序具有恶意。传统上,静态分析技术被用于检测此类泄漏的Android应用程序。然而,这些方法不能模拟运行时行为,从而导致误报或误报。此外,使用这种技术分析混淆的代码也更加困难。另一方面,基于动态分析的方法用于克服这些问题,因为它们在运行时捕获应用程序的实际行为。然而,动态分析方法具有较高的计算复杂度。为了填补这一空白,我们提出了LeakyDroid,这是一种静态但轻量级的方法,用于使用一类图神经网络检测零日漏洞的Android应用程序。LeakyDroid根据可安装APK文件的各种类文件中的函数调用来区分零日恶意版本和正版Android应用程序。LeakyDroid从来自同一应用程序的几个版本的普通APK文件的函数调用中生成控制流图。该图使用OCGNN进行训练,OCGNN有效地捕获普通APK文件的关系和调用模式。在测试同一应用程序APK的未知版本时,如果看到与正常行为有相当大的偏差,则检测到该应用程序为恶意应用程序。我们评估了LeakyDroid在三个应用程序上的表现,分别是WhatsApp、Netflix和Instagram,每个应用程序都有大约25个良性版本和一些恶意和泄漏版本。LeakyDroid成功检测到所有恶意版本的APK,没有误报。
{"title":"LeakyDroid: A lightweight method for detecting zero-day leaky Android applications using One-Class Graph Neural Networks","authors":"Neha Sharma,&nbsp;Mayank Swarnkar,&nbsp;Shaan Kumar","doi":"10.1016/j.jisa.2025.104296","DOIUrl":"10.1016/j.jisa.2025.104296","url":null,"abstract":"<div><div>In the current era of mobile technology, ensuring user data security and privacy is very important, particularly with the rise of malicious Android applications that aim to leak end-user data. Moreover, the popularity of the Android OS is resulting in growing numbers of such malicious Android applications. Hackers make the apps malicious by downloading the source code of Android applications and modifying it. Static analysis techniques have traditionally been used to detect such leaky Android applications. However, these methods cannot simulate runtime behaviours, leading to false positives or negatives. Moreover, obfuscated code is also harder to analyse using this technique. On the other hand, dynamic analysis-based methods are used to overcome these issues because they capture the application’s actual behaviour during runtime. However, dynamic analysis methods have high computational complexity. To fill this gap, we propose <em>LeakyDroid</em>, a static but lightweight method for detecting zero-day leaky Android applications using one-class graph neural networks. <em>LeakyDroid</em> distinguishes between the zero-day malicious and genuine versions of Android applications based on function calls inside various class files of the installable APK files. <em>LeakyDroid</em> generates a control flow graph from function calls from several versions of normal APK files of the same application. The graph is trained using OCGNN, which effectively captures relationships and invocation patterns of normal APK files. While testing an unknown version of the same application’s APK, if a considerable deviation is seen from normal behaviour, the application is detected as malicious. We evaluated the performance of <em>LeakyDroid</em> on three applications, namely WhatsApp, Netflix, and Instagram, each with approximately 25 benign and a few malicious and leaky versions. <em>LeakyDroid</em> successfully detected all the malicious versions of APK with no false positives.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"96 ","pages":"Article 104296"},"PeriodicalIF":3.7,"publicationDate":"2025-11-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145468937","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Realization of multi-image encryption algorithm based on DNA and chaotic system on FPGA 基于DNA和混沌系统的多图像加密算法在FPGA上的实现
IF 3.7 2区 计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS
Journal of Information Security and Applications
Pub Date : 2025-11-03 DOI: 10.1016/j.jisa.2025.104267
Nermeen H. Abdelzaher , Mohammed H. Yacoub , Lobna A. Said
This paper introduces an efficient FPGA-based image encryption architecture for securing the transmission of grayscale images over high-data-rate networks. The design supports single and multi-image encryption by fusing multiple grayscale input images into a single encrypted three-channel representation. The fractional-order Nose-Hoover hyperchaotic system and the logistic map are employed to generate pseudo-random sequences for the permutation, scrambling, and DNA processing stages. The initial conditions for the chaotic systems result from XORing a SHA-256 hash of the fused image with a user-defined key. Each channel undergoes a sequence of operations: permutation, pixel-level scrambling, DNA encoding, DNA-based XOR operation, and decoding. The proposed algorithm is implemented on an Xilinx Kintex UltraScale KCU105 FPGA and operates at a maximum frequency of 51.3 MHz. The system’s security performance is evaluated through several widely employed statistical metrics. The cipher image achieve an average entropy of 7.9995 in encrypting four 512 × 512 images using the multi-image encryption scheme. The design is robust against differential attacks, achieving high NPCR and UACI averages of 99.6% and 33.47%, respectively. Additionally, it demonstrates robustness against various analysis methods, including cropping attacks and noise attacks. The algorithm passes the NIST statistical test and demonstrates robustness against known plaintext attacks, supporting its suitability for secure and high-throughput image communication applications.
本文介绍了一种高效的基于fpga的图像加密体系结构,用于在高数据速率网络上保护灰度图像的传输。该设计通过将多个灰度输入图像融合到单个加密的三通道表示中来支持单图像和多图像加密。采用分数阶Nose-Hoover超混沌系统和logistic映射来生成排列、置乱和DNA处理阶段的伪随机序列。混沌系统的初始条件是由使用用户定义的密钥对融合图像的SHA-256哈希进行XORing产生的。每个通道都要经历一系列操作:排列、像素级置乱、DNA编码、基于DNA的异或操作和解码。该算法在Xilinx Kintex UltraScale KCU105 FPGA上实现,最大工作频率为51.3 MHz。系统的安全性能通过几个广泛使用的统计指标进行评估。采用多图像加密方案对4张512 × 512的图像进行加密,得到的加密图像的平均熵为7.9995。该设计对差分攻击具有鲁棒性,NPCR和UACI平均值分别达到99.6%和33.47%。此外,它还证明了对各种分析方法的鲁棒性,包括裁剪攻击和噪声攻击。该算法通过了NIST的统计测试,并证明了对已知明文攻击的鲁棒性,支持其适用于安全和高吞吐量的图像通信应用。
{"title":"Realization of multi-image encryption algorithm based on DNA and chaotic system on FPGA","authors":"Nermeen H. Abdelzaher ,&nbsp;Mohammed H. Yacoub ,&nbsp;Lobna A. Said","doi":"10.1016/j.jisa.2025.104267","DOIUrl":"10.1016/j.jisa.2025.104267","url":null,"abstract":"<div><div>This paper introduces an efficient FPGA-based image encryption architecture for securing the transmission of grayscale images over high-data-rate networks. The design supports single and multi-image encryption by fusing multiple grayscale input images into a single encrypted three-channel representation. The fractional-order Nose-Hoover hyperchaotic system and the logistic map are employed to generate pseudo-random sequences for the permutation, scrambling, and DNA processing stages. The initial conditions for the chaotic systems result from XORing a SHA-256 hash of the fused image with a user-defined key. Each channel undergoes a sequence of operations: permutation, pixel-level scrambling, DNA encoding, DNA-based XOR operation, and decoding. The proposed algorithm is implemented on an Xilinx Kintex UltraScale KCU105 FPGA and operates at a maximum frequency of 51.3 MHz. The system’s security performance is evaluated through several widely employed statistical metrics. The cipher image achieve an average entropy of 7.9995 in encrypting four 512 × 512 images using the multi-image encryption scheme. The design is robust against differential attacks, achieving high NPCR and UACI averages of 99.6% and 33.47%, respectively. Additionally, it demonstrates robustness against various analysis methods, including cropping attacks and noise attacks. The algorithm passes the NIST statistical test and demonstrates robustness against known plaintext attacks, supporting its suitability for secure and high-throughput image communication applications.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"96 ","pages":"Article 104267"},"PeriodicalIF":3.7,"publicationDate":"2025-11-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145428832","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
SecTwin: A secure and efficient authentication mechanism for vehicular digital twins SecTwin:一种安全有效的车辆数字孪生认证机制
IF 3.7 2区 计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS
Journal of Information Security and Applications
Pub Date : 2025-11-02 DOI: 10.1016/j.jisa.2025.104292
Muhammad Tanveer , Kainat Toor , Abdullah G. Alharbi , Syed Rizwan Hassan
As vehicular digital twin (VDT) networks continue to evolve, ensuring secure and efficient communication between physical vehicles and their digital counterparts is crucial. Traditional authentication protocols rely on computationally intensive cryptographic techniques, leading to increased latency and resource consumption in real-time vehicular environments. To address these challenges, this paper proposes SecTwin, a lightweight authentication mechanism designed specifically for VDT networks. SecTwin leverages TinyJAMBU authenticated encryption and hash-based authentication to establish a secure and resource-efficient communication framework between autonomous vehicles and their DTs. By integrating lightweight cryptographic techniques and secure key management, SecTwin enhances the security and efficiency of VDT networks, paving the way for reliable and safe autonomous vehicle communication. The informal demonstrates that SecTwin is resilient against key security threats, including replay attacks, impersonation, and man-in-the-middle attacks. Moreover, formal security analysis using the random oracle model and Scyther shows SecTwin is secure. Additionally, performance evaluations reveal that SecTwin reduces communication cost by 51.22%, to 52.38% and execution time by 63.29% to 82.63%, making it highly suitable for latency-sensitive vehicular applications.
随着车辆数字孪生(VDT)网络的不断发展,确保实体车辆与数字车辆之间安全高效的通信至关重要。传统的身份验证协议依赖于计算密集型的加密技术,导致实时车辆环境中的延迟和资源消耗增加。为了应对这些挑战,本文提出了专为VDT网络设计的轻量级身份验证机制SecTwin。SecTwin利用TinyJAMBU身份验证加密和基于哈希的身份验证,在自动驾驶汽车和它们的dt之间建立了一个安全和资源高效的通信框架。通过集成轻量级加密技术和安全密钥管理,SecTwin增强了VDT网络的安全性和效率,为可靠和安全的自动驾驶汽车通信铺平了道路。非正式证明了SecTwin能够抵御关键的安全威胁,包括重播攻击、模拟和中间人攻击。此外,使用随机oracle模型和Scyther进行了形式化的安全性分析,表明SecTwin是安全的。此外,性能评估显示,SecTwin将通信成本降低了51.22%,降至52.38%,执行时间降低了63.29%,降至82.63%,非常适合对延迟敏感的车载应用。
{"title":"SecTwin: A secure and efficient authentication mechanism for vehicular digital twins","authors":"Muhammad Tanveer ,&nbsp;Kainat Toor ,&nbsp;Abdullah G. Alharbi ,&nbsp;Syed Rizwan Hassan","doi":"10.1016/j.jisa.2025.104292","DOIUrl":"10.1016/j.jisa.2025.104292","url":null,"abstract":"<div><div>As vehicular digital twin (VDT) networks continue to evolve, ensuring secure and efficient communication between physical vehicles and their digital counterparts is crucial. Traditional authentication protocols rely on computationally intensive cryptographic techniques, leading to increased latency and resource consumption in real-time vehicular environments. To address these challenges, this paper proposes SecTwin, a lightweight authentication mechanism designed specifically for VDT networks. SecTwin leverages TinyJAMBU authenticated encryption and hash-based authentication to establish a secure and resource-efficient communication framework between autonomous vehicles and their DTs. By integrating lightweight cryptographic techniques and secure key management, SecTwin enhances the security and efficiency of VDT networks, paving the way for reliable and safe autonomous vehicle communication. The informal demonstrates that SecTwin is resilient against key security threats, including replay attacks, impersonation, and man-in-the-middle attacks. Moreover, formal security analysis using the random oracle model and Scyther shows SecTwin is secure. Additionally, performance evaluations reveal that SecTwin reduces communication cost by 51.22%, to 52.38% and execution time by 63.29% to 82.63%, making it highly suitable for latency-sensitive vehicular applications.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"95 ","pages":"Article 104292"},"PeriodicalIF":3.7,"publicationDate":"2025-11-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145474740","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Defeating evasive malware with Peekaboo: Extracting authentic malware behavior with dynamic binary instrumentation 用躲猫猫打败逃避恶意软件:用动态二进制工具提取真实的恶意软件行为
IF 3.7 2区 计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS
Journal of Information Security and Applications
Pub Date : 2025-10-31 DOI: 10.1016/j.jisa.2025.104290
Matthew Gaber, Mohiuddin Ahmed, Helge Janicke
The accuracy of Artificial Intelligence (AI) in malware detection is dependent on the features it is trained with, where the quality and authenticity of these features is dependent on the dataset and the analysis tool. Evasive malware, that alters its behavior in analysis environments, is challenging to extract authentic features from where widely used static and dynamic analysis tools have several limitations. However, Dynamic Binary Instrumentation (DBI) allows deep and precise control of the malware sample, thereby facilitating the extraction of authentic behavior from evasive malware. Considering the limitations of malware analysis for use with AI, this research had two primary objectives: investigation of the evasive techniques used by modern malware and the creation of Peekaboo, a DBI tool to extract authentic data from live Windows malware samples. Peekaboo instruments and defeats evasive techniques that target analysis tools and virtual environments. A dataset of 20,500 samples was assembled and each sample was run for up to 15 min to observe not only the anti-analysis techniques used but also its complete behavior. Peekaboo outperforms other tools on several fronts, it is the only tool to measure start and completion rates, capture the executed Assembly (ASM) instructions, record all network traffic and implements the largest coverage against evasive techniques.
人工智能(AI)在恶意软件检测中的准确性取决于它所训练的特征,其中这些特征的质量和真实性取决于数据集和分析工具。规避型恶意软件会改变其在分析环境中的行为,很难从广泛使用的静态和动态分析工具中提取出真实的特征。然而,动态二进制检测(DBI)允许对恶意软件样本进行深入和精确的控制,从而促进从规避恶意软件中提取真实行为。考虑到与AI一起使用的恶意软件分析的局限性,本研究有两个主要目标:调查现代恶意软件使用的规避技术,以及创建Peekaboo(一种DBI工具,用于从实时Windows恶意软件样本中提取真实数据)。针对分析工具和虚拟环境的躲猫猫工具和失败规避技术。收集了20,500个样本的数据集,每个样本运行长达15分钟,不仅观察使用的反分析技术,还观察其完整行为。Peekaboo在几个方面都优于其他工具,它是测量启动率和完成率的唯一工具,捕获已执行的汇编(ASM)指令,记录所有网络流量,并实现最大范围的规避技术。
{"title":"Defeating evasive malware with Peekaboo: Extracting authentic malware behavior with dynamic binary instrumentation","authors":"Matthew Gaber,&nbsp;Mohiuddin Ahmed,&nbsp;Helge Janicke","doi":"10.1016/j.jisa.2025.104290","DOIUrl":"10.1016/j.jisa.2025.104290","url":null,"abstract":"<div><div>The accuracy of Artificial Intelligence (AI) in malware detection is dependent on the features it is trained with, where the quality and authenticity of these features is dependent on the dataset and the analysis tool. Evasive malware, that alters its behavior in analysis environments, is challenging to extract authentic features from where widely used static and dynamic analysis tools have several limitations. However, Dynamic Binary Instrumentation (DBI) allows deep and precise control of the malware sample, thereby facilitating the extraction of authentic behavior from evasive malware. Considering the limitations of malware analysis for use with AI, this research had two primary objectives: investigation of the evasive techniques used by modern malware and the creation of Peekaboo, a DBI tool to extract authentic data from live Windows malware samples. Peekaboo instruments and defeats evasive techniques that target analysis tools and virtual environments. A dataset of 20,500 samples was assembled and each sample was run for up to 15 min to observe not only the anti-analysis techniques used but also its complete behavior. Peekaboo outperforms other tools on several fronts, it is the only tool to measure start and completion rates, capture the executed Assembly (ASM) instructions, record all network traffic and implements the largest coverage against evasive techniques.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"95 ","pages":"Article 104290"},"PeriodicalIF":3.7,"publicationDate":"2025-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145424931","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Intrusion detection systems in IoT: A detailed review of threat categories, detection strategies, and future technologies 物联网中的入侵检测系统:对威胁类别、检测策略和未来技术的详细回顾
IF 3.7 2区 计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS
Journal of Information Security and Applications
Pub Date : 2025-10-31 DOI: 10.1016/j.jisa.2025.104291
Burak Aydin , Hakan Aydin , Sedat Gormus
The rapid growth of the Internet of Things (IoT) has transformed numerous sectors by enabling enhanced connectivity and automation among devices in industrial settings. However, this expansion has brought forward notable security concerns, as Internet enabled and connected devices has become increasingly vulnerable to a variety of cyberattacks. This has elevated the importance of Internet of Things security, necessitating robust defense mechanisms. In this paper, we thoroughly examine Intrusion Detection Systems (IDS) within the context of IoT networks, focusing on the different types of attacks and the corresponding detection methods designed to counteract them. Specifically, we classify IoT-specific threats into categories such as network based, device-level, data-centric, and insider attacks, providing insights into their mechanisms, impacts, and real-world occurrences. To address these threats, various IDS approaches are discussed, including signature based IDS, anomaly based IDS, specification based IDS, and hybrid IDS techniques. We further explore the application of Machine Learning in enhancing IDS capabilities for Internet of Things security. Each method’s strengths and limitations are evaluated in terms of accuracy, adaptability, computational efficiency, and scalability. By exploring emerging trends, ongoing challenges, and potential future directions in IDS research for IoT, this study underscores the urgent need for adaptive, scalable, and effective IDS frameworks to protect IoT ecosystems against evolving cyber threats. In addition, this survey provides a critical assessment of the current research landscape, highlighting the fundamental challenges that remain unresolved and outlining future research directions derived both from the existing literature and our own domain-specific analysis.
物联网(IoT)的快速增长通过增强工业环境中设备之间的连接和自动化,改变了许多行业。然而,这种扩张也带来了显著的安全问题,因为支持互联网和连接的设备越来越容易受到各种网络攻击。这提升了物联网安全的重要性,需要强大的防御机制。在本文中,我们深入研究了物联网网络背景下的入侵检测系统(IDS),重点关注不同类型的攻击以及相应的检测方法。具体来说,我们将物联网特定的威胁分为基于网络、设备级、以数据为中心和内部攻击等类别,并提供了对其机制、影响和现实世界事件的见解。为了解决这些威胁,本文讨论了各种入侵检测方法,包括基于签名的入侵检测、基于异常的入侵检测、基于规范的入侵检测和混合入侵检测技术。我们进一步探索机器学习在增强物联网安全入侵检测能力方面的应用。每种方法的优点和局限性都是根据准确性、适应性、计算效率和可伸缩性来评估的。通过探索物联网入侵防御研究的新兴趋势、持续挑战和潜在的未来方向,本研究强调了对自适应、可扩展和有效的入侵防御框架的迫切需求,以保护物联网生态系统免受不断变化的网络威胁。此外,本调查还对当前的研究前景进行了批判性评估,突出了尚未解决的基本挑战,并从现有文献和我们自己的领域特定分析中概述了未来的研究方向。
{"title":"Intrusion detection systems in IoT: A detailed review of threat categories, detection strategies, and future technologies","authors":"Burak Aydin ,&nbsp;Hakan Aydin ,&nbsp;Sedat Gormus","doi":"10.1016/j.jisa.2025.104291","DOIUrl":"10.1016/j.jisa.2025.104291","url":null,"abstract":"<div><div>The rapid growth of the Internet of Things (IoT) has transformed numerous sectors by enabling enhanced connectivity and automation among devices in industrial settings. However, this expansion has brought forward notable security concerns, as Internet enabled and connected devices has become increasingly vulnerable to a variety of cyberattacks. This has elevated the importance of Internet of Things security, necessitating robust defense mechanisms. In this paper, we thoroughly examine Intrusion Detection Systems (IDS) within the context of IoT networks, focusing on the different types of attacks and the corresponding detection methods designed to counteract them. Specifically, we classify IoT-specific threats into categories such as network based, device-level, data-centric, and insider attacks, providing insights into their mechanisms, impacts, and real-world occurrences. To address these threats, various IDS approaches are discussed, including signature based IDS, anomaly based IDS, specification based IDS, and hybrid IDS techniques. We further explore the application of Machine Learning in enhancing IDS capabilities for Internet of Things security. Each method’s strengths and limitations are evaluated in terms of accuracy, adaptability, computational efficiency, and scalability. By exploring emerging trends, ongoing challenges, and potential future directions in IDS research for IoT, this study underscores the urgent need for adaptive, scalable, and effective IDS frameworks to protect IoT ecosystems against evolving cyber threats. In addition, this survey provides a critical assessment of the current research landscape, highlighting the fundamental challenges that remain unresolved and outlining future research directions derived both from the existing literature and our own domain-specific analysis.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"95 ","pages":"Article 104291"},"PeriodicalIF":3.7,"publicationDate":"2025-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145424927","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
首页 上一页 下一页 尾页
类型
全部 化学•材料 生命科学 医学 物理 工程技术 环境•农林 材料科学 地球科学 法学 管理学 化学 环境科学与生态学 计算机科学 教育学 经济学 农林科学 人文科学 生物学 数学 物理与天体物理 心理学 综合性期刊 其他 工业工程 理学 历史学 农学 文学 信息工程
数据库
全部 ACS Publications Elsevier ieeexplore Springer The Royal Society of Chemistry Wiley
期刊
Journal of Information Security and Applications
全部 Acc. Chem. Res. ACS Applied Bio Materials ACS Appl. Electron. Mater. ACS Appl. Energy Mater. ACS Appl. Mater. Interfaces ACS Appl. Nano Mater. ACS Appl. Polym. Mater. ACS BIOMATER-SCI ENG ACS Catal. ACS Cent. Sci. ACS Chem. Biol. ACS Chemical Health & Safety ACS Chem. Neurosci. ACS Comb. Sci. ACS Earth Space Chem. ACS Energy Lett. ACS Infect. Dis. ACS Macro Lett. ACS Mater. Lett. ACS Med. Chem. Lett. ACS Nano ACS Omega ACS Photonics ACS Sens. ACS Sustainable Chem. Eng. ACS Synth. Biol. Anal. Chem. BIOCHEMISTRY-US Bioconjugate Chem. BIOMACROMOLECULES Chem. Res. Toxicol. Chem. Rev. Chem. Mater. CRYST GROWTH DES ENERG FUEL Environ. Sci. Technol. Environ. Sci. Technol. Lett. Eur. J. Inorg. Chem. IND ENG CHEM RES Inorg. Chem. J. Agric. Food. Chem. J. Chem. Eng. Data J. Chem. Educ. J. Chem. Inf. Model. J. Chem. Theory Comput. J. Med. Chem. J. Nat. Prod. J PROTEOME RES J. Am. Chem. Soc. LANGMUIR MACROMOLECULES Mol. Pharmaceutics Nano Lett. Org. Lett. ORG PROCESS RES DEV ORGANOMETALLICS J. Org. Chem. J. Phys. Chem. J. Phys. Chem. A J. Phys. Chem. B J. Phys. Chem. C J. Phys. Chem. Lett. Analyst Anal. Methods Biomater. Sci. Catal. Sci. Technol. Chem. Commun. Chem. Soc. Rev. CHEM EDUC RES PRACT CRYSTENGCOMM Dalton Trans. Energy Environ. Sci. ENVIRON SCI-NANO ENVIRON SCI-PROC IMP ENVIRON SCI-WAT RES Faraday Discuss. Food Funct. Green Chem. Inorg. Chem. Front. Integr. Biol. J. Anal. At. Spectrom. J. Mater. Chem. A J. Mater. Chem. B J. Mater. Chem. C Lab Chip Mater. Chem. Front. Mater. Horiz. MEDCHEMCOMM Metallomics Mol. Biosyst. Mol. Syst. Des. Eng. Nanoscale Nanoscale Horiz. Nat. Prod. Rep. New J. Chem. Org. Biomol. Chem. Org. Chem. Front. PHOTOCH PHOTOBIO SCI PCCP Polym. Chem.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1