International Journal of Information Security最新文献

Embedded systems, including the Internet of things (IoT), play a crucial role in the functioning of critical infrastructure. However, these devices face significant challenges such as memory footprint, technical challenges, privacy concerns, performance trade-offs and vulnerability to cyber-attacks. One approach to address these concerns is minimising computational overhead and adopting lightweight intrusion detection techniques. In this study, we propose a highly efficient model called optimized common features selection and deep-autoencoder (OCFSDA) for lightweight intrusion detection in IoT environments. The proposed OCFSDA model incorporates feature selection, data compression, pruning, and deparameterization. We deployed the model on a Raspberry Pi4 using the TFLite interpreter by leveraging optimisation and inferencing with semi-supervised learning. Using the MQTT-IoT-IDS2020 and CIC-IDS2017 datasets, our experimental results demonstrate a remarkable reduction in the computation cost in terms of time and memory use. Notably, the model achieved an overall average accuracies of 99% and 97%, along with comparable performance on other important metrics such as precision, recall, and F1-score. Moreover, the model accomplished the classification tasks within 0.30 and 0.12 s using only 2KB of memory.

Malware detection has become a critical aspect of ensuring the security and integrity of computer systems. With the ever-evolving landscape of malicious software, developing effective detection methods is of utmost importance. This study focuses on the identification of important features for malware detection methods, aiming to enhance the accuracy and efficiency of such systems. In this work, we propose an ensemble approach called FRAMC to identify the key features that contribute significantly to the detection of malware. The effectiveness of FRAMC is assessed using different types of classifiers on a number of real-world malware datasets. The outcomes of our analysis demonstrate that the proposed approach excels in terms of performance when compared to other methods.

Supply chain attacks are potent cyber attacks for widespread ramifications by compromising supply chains. Supply chain attacks are difficult to detect as the malware is installed through trustworthy supply chains, missing signs of infection and making deployed security controls ineffective. Recent increases in supply chain attacks warrant a Zero-trust model and innovative solutions for detecting supply chain attacks. Supply chain malware need to establish a Command and Control (C2) connection as a communication link with the attacker to proceed on the privileged pathway. Discovery of the C2 channel between the attacker and supply chain malware can lead to detection of the attack. The most promising technique for detecting supply chain attacks is monitoring host-based indicators and correlating these with associated network activity for early discovery of C2 connection. Proposed framework has introduced a novel approach of detecting C2 over DNS by incorporating host-based activity with corresponding network activity coupled with threat intelligence. C2-Eye integrates process-specific host-based features, correlated network activity, DNS metadata, DNS semantic analysis, and real time threat intelligence from publicly available resources for detecting C2 of supply chain attacks. Besides, C2-Eye monitors the exploitation of C2 channel for probable data exfiltration. C2-Eye has introduced a distinctive featureset with 22 novel features specific to supply chain attack, enabling detection of the attack with F1-score of 98.70%.

The study aims to explore the crucial interaction between organizational responsibility and employee behavior in cybersecurity, particularly in the distinct setting of Saudi Arabia. It investigates how organizational responsibility perceptions impact employee attitudes and practices towards cybersecurity. The research utilizes a mixed theoretical framework, incorporating stewardship theory, protection motivation theory, and the theory of planned behavior. It examines the intricate link between organizational leadership, policies, and individual responses to cybersecurity threats through a comprehensive survey conducted among Saudi employees. The study discovers that employees’ perceptions of organizational responsibility greatly influence their cybersecurity behavior. It also finds that employee attitudes towards cybersecurity act as a mediator in this relationship. Contrary to expectations, personal experiences with cybersecurity incidents do not significantly moderate these relationships. This underlines the complex and culture-specific nature of cybersecurity compliance in organizational contexts. This research uniquely contributes to the understanding of cybersecurity behavior within organizations, particularly highlighting the need for policies that align with both organizational objectives and individual behaviors in culturally specific environments like Saudi Arabia. It offers novel insights into the less pronounced impact of personal cybersecurity experiences on organizational-employee dynamics in cybersecurity compliance.

Intrusion detection in industrial control systems (ICS) is crucial for maintaining the security of physical information systems. However, the existing models predominantly rely on black-box approaches, which exhibit limitations in result credibility and the ability to adapt to complex and dynamic environments. Consequently, this paper proposes an online updatable extended belief rule base model (O-EBRB) for intrusion detection in ICS. Firstly, an industrial intrusion detection model rooted in the extended belief rule base (EBRB) is established. This model excels in concurrently processing both quantitative and qualitative data, ensuring the reliability of its outcomes. Subsequently, a novel domain-based rule update methodology for integrating new observation data is proposed. By incorporating or merging fresh data into the original model, it enhances the model’s adaptability in dynamic settings. Finally, employing the domain-based rule weight calculation approach, the model continues to effectively compute model parameters even with the continuous expansion of rules. Through extensive experimentation on two real-world industrial intrusion detection datasets, the results demonstrate the effectiveness of the proposed model in handling information and its robust performance in dynamic environments.

The purpose of this paper is to validate two domain-specific information privacy competency models (IPCMs); the first for online consumers and the second for users of mobile applications (apps). For the validation of the competency models, we conducted qualitative research, using interviews to collect feedback by a group of nine information privacy experts. Regarding the evaluation, the experts commented largely positively for the structure and content of the IPCMs, as well as for the extent to which they achieve the intended goals. They also provided several points for improvements, which resulted in enhancing the quality of both IPCMs. The validation of the domain-specific demonstrated that this is the first study to empirically examine the privacy competencies that users of specific technological contexts should hold. The IPCMs can be used not only by educators and privacy policy makers for the design of privacy interventions, but also by e-commerce and mobile-apps providers, who could gain important insights into the way that they can be more reliable for their users. Both consumers and users of mobile-apps could benefit from IPCMs by acquiring the necessary privacy competencies through training programs for the protection of their information privacy.

In recent times, blockchain-based data auditing protocols have emerged as a cutting-edge area of study. Nevertheless, a conspicuous dearth of a generic framework upon which to ground such protocols is evident. This study introduces a pioneering and all-encompassing framework, designated as “Blockchain-assisted On-chain Auditing for Off-chain Storage” (BA2OC). The BA2OC framework operates without the reliance on a predefined auditor for the auditing process or a centralized verifier for the verification of on-chain auditing. It is conceivable that BA2OC forms the cornerstone of public data auditing protocols underpinned by blockchain technology. This framework bestows evidence of data ownership, ensures data integrity, facilitates public verification, supports batch verification, and bolsters the security against cyber threats through the utilization of cryptographic tools. The analysis underscores the comprehensive nature of the BA2OC framework, which positions it as the linchpin of blockchain-based public auditing protocols. Following a parametric evaluation of the BA2OC framework, this study takes into account real-world considerations, such as the utilization of the RSA cryptosystem and Android-based smartphones, to proffer a concrete protocol. The investigation further demonstrates that the BA2OC framework minimizes communication overhead while maintaining operational efficiency.

Quantum-dot Cellular Automata (QCA) is an emerging nanotechnology that explores the potential of using quantum effects to build compact and energy-efficient computational devices. The hardware attacks on QCA primarily target understanding the physical structure and operation of these nanotechnological circuits. The circuits like cryptographic processors hold sensitive data that needs protection from third-party attacks. Logic locking is a hardware protection technique that adds additional gates to the original circuits to prevent circuits from these attacks. In this work, a new logic locking approach is proposed for QCA based circuits. The new configurable logic gate or key gate is introduced for logic locking. This gate can be configured to either wire or inverter based on key gate inputs. Further, the metaheuristic optimization based optimal key gate placement algorithm proposed to achieve higher security with minimum key gate placement. The proposed approach is verified in QCA benchmark circuits using QCA-Designer. Results shows that the proposed achieves maximum security with minimal gate replacements.

Securing critical infrastructure, particularly nuclear power plants, against emerging cyber threats necessitates innovative cybersecurity approaches. This research introduces FusionGuard, a hybrid machine learning-based anomaly detection system designed for early warnings of ransomware and spyware intrusions within nuclear power plant systems. Meticulously tailored to the unique characteristics of nuclear power plant networks, FusionGuard leverages diverse datasets encompassing normal operational behavior and historical threat data. Through cutting-edge machine learning algorithms, the system dynamically adapts to the network's baseline behavior, effectively identifying deviations indicative of ransomware or spyware activities. Rigorous experimentation and validation using real-world data and simulated attack scenarios affirm FusionGuard's proficiency in detecting anomalous behavior with remarkable accuracy and minimal false positives. The research also explores the system's scalability and adaptability to evolving attack vectors, fortifying the cybersecurity posture of nuclear power plant systems in a dynamic threat landscape. In summary, FusionGuard promises to fortify the security of nuclear power plant systems against ransomware and spyware threats by capitalizing on machine learning and anomaly detection. Serving as a sentinel, the system issues timely alerts and enables proactive responses, contributing substantively to the ongoing discourse on protecting essential systems in high-stakes environments.

Artificial Intelligence (AI)-based IDS systems are susceptible to adversarial attacks and face challenges such as complex evaluation methods, elevated false positive rates, absence of effective validation, and time-intensive processes. This study proposes a WCSAN-PSO framework to detect adversarial attacks in IDS based on a weighted conditional stepwise adversarial network (WCSAN) with a particle swarm optimization (PSO) algorithm and SVC (support vector classifier) for classification. The Principal component analysis (PCA) and the least absolute shrinkage and selection operator (LASSO) are used for feature selection and extraction. The PSO algorithm optimizes the parameters of the generator and discriminator in WCSAN to improve the adversarial training of IDS. The study presented three distinct scenarios with quantitative evaluation, and the proposed framework is evaluated with adversarial training in balanced and imbalanced data. Compared with existing studies, the proposed framework accomplished an accuracy of 99.36% in normal and 98.55% in malicious traffic in adversarial attacks. This study presents a comprehensive overview for researchers interested in adversarial attacks and their significance in computer security.