International Journal of Information Security最新文献

Selfish mining is a sneaky way that some people cheat in blockchain networks or distributed digital ledger systems. They do it by mining a block in secret and keeping it hidden. Then, when the secret chain of these miners’ are longer than the real one, they show it to everyone, and the blockchain system selects the longest chain as the valid chain. This leads to the network adopting the longest chain as the valid one, resulting in the effort put into mining by other miners becoming futile. By doing this, selfish miners in the blockchain network have a high potential to get more rewards. This behavior goes against the rules of blockchain networks, where everyone is supposed to play by the same rules and have an equal chance of getting rewards. This prejudiced action of selfish miners have motivated us to investigate systematically the existing methods that are being used to address the selfish mining attacks. Therefore, we conducted a SLR (systematic literature review) of 29 papers using the Kitchenham methodology and put that into PRISMA framework. This study aims to investigate methods for detecting and mitigating selfish mining attacks, their limitations, and future directions.

Information and Communication Technologies and Internet networks are present in all aspects of social reality and are essential elements in research, development and innovation centers (R&D&I). Cyber-security is crucial for the progress of the research activities developed in these centers, especially given the exponential growth of cyber-attacks and incidents. The present study aims to assess from a socio-technical approach, how a serious cyber-attack on a Spanish research center has affected staff’s perceptions of information and communication systems (ICT) security. This study employed a mixed-methods research strategy, combining quantitative and qualitative methods to provide a comprehensive and nuanced understanding of ICT security perceptions among employees. First a quantitative scale was administered to 1,321 employees 3 years before the cyber-attack and 4 months afterward, to measure ICT security perceptions. Then, qualitative techniques (semi-structured interviews, focus groups, and micro-ethnography) were applied to gain a deeper understanding of the arguments underpinning cyber-security at the center after the attack. The results show that the event had an impact on employees’ perceptions, increasing the perceived importance of ICT security, with positive behavioral changes noted, but with doubts about their sustainability over time. Also, the need for cyber-security governance was critically contrasted with organizational reality. Finally, the compatibility of science and cyber-security was a central dilemma, which seems to confront antagonistic poles (research and security ICT) and justify the non-compliance with security protocols by part of the staff.

Artificial intelligence-based algorithms are widely adopted in critical applications such as healthcare and autonomous vehicles. Mitigating the security and privacy issues of AI models, and enhancing their trustworthiness have become of paramount importance. We present a detailed investigation of existing security, privacy, and defense techniques and strategies to make machine learning more secure and trustworthy. We focus on the new paradigm of machine learning called federated learning, where one aims to develop machine learning models involving different partners (data sources) that do not need to share data and information with each other. In particular, we discuss how federated learning bridges security and privacy, how it guarantees privacy requirements of AI applications, and then highlight challenges that need to be addressed in the future. Finally, after having surveyed the high-level concepts of trustworthy AI and its different components and identifying present research trends addressing security, privacy, and trustworthiness separately, we discuss possible interconnections and dependencies between these three fields. All in all, we provide some insight to explain how AI researchers should focus on building a unified solution combining security, privacy, and trustworthy AI in the future.

With the increasing popularity of machine learning (ML) in image processing, privacy concerns have emerged as a significant issue in deploying and using ML services. However, current privacy protection approaches often require computationally expensive training from scratch or extensive fine-tuning of models, posing significant barriers to the development of privacy-conscious models, particularly for smaller organizations seeking to comply with data privacy laws. In this paper, we address the privacy challenges in computer vision by investigating the effectiveness of two recent fine-tuning methods, Model Reprogramming and Low-Rank Adaptation. We adapt these techniques to provide attribute protection for pre-trained models, minimizing computational overhead and training time. Specifically, we modify the models to produce privacy-preserving latent representations of images that cannot be used to identify unintended attributes. We integrate these methods into an adversarial min–max framework, allowing us to conceal sensitive information from feature outputs without extensive modifications to the pre-trained model, but rather focusing on a small set of new parameters. We demonstrate the effectiveness of our methods by conducting experiments on the CelebA dataset, achieving state-of-the-art performance while significantly reducing computational complexity and cost. Our research provides a valuable contribution to the field of computer vision and privacy, offering practical solutions to enhance the privacy of machine learning services without compromising efficiency.

This study employs various bibliometric analysis techniques to examine the intellectual structure of the International Journal of Information Security from 2007 to 2023. The aim is to identify the most cited journals, underlying research themes within the article corpus, and gradual changes in the research themes over time. “Lecture Notes on Computer Science” is the most referenced knowledge source. Underlying research themes were identified based on mapping the bibliographically coupled articles on to the knowledge areas from the Cyber Security Body of Knowledge using template analysis. Applied Cryptography is the most prominent knowledge area, followed by Privacy, and Network Security. Additionally, research on distributed systems security and Web & Mobile Security were emerging topics of interest. Qualitative and quantitative comparisons between open-access and regular articles suggested a few notable differences in author keywords but no differences in the number of citations received. Furthermore, regression analysis found a negative correlation between citation counts with the length of the article abstract and article title and a positive correlation with page count, being published in a special issue, and if at least the affiliation of one of the authors is different from others. Finally, prominent authors, articles, institutions, and countries published in this journal were also identified.

In the domain of cyber-physical systems, wireless sensor networks (WSNs) play a pivotal role as infrastructures, encompassing both stationary and mobile sensors. These sensors self-organize and establish multi-hop connections for communication, collectively sensing, gathering, processing, and transmitting data about their surroundings. Despite their significance, WSNs face rapid and detrimental attacks that can disrupt functionality. Existing intrusion detection methods for WSNs encounter challenges such as low detection rates, computational overhead, and false alarms. These issues stem from sensor node resource constraints, data redundancy, and high correlation within the network. To address these challenges, we propose an innovative intrusion detection approach that integrates machine learning (ML) techniques with the Synthetic Minority Oversampling Technique Tomek Link (SMOTE-TomekLink) algorithm. This blend synthesizes minority instances and eliminates Tomek links, resulting in a balanced dataset that significantly enhances detection accuracy in WSNs. Additionally, we incorporate feature scaling through standardization to render input features consistent and scalable, facilitating more precise training and detection. To counteract imbalanced WSN datasets, we employ the SMOTE-Tomek resampling technique, mitigating overfitting and underfitting issues. Our comprehensive evaluation, using the wireless sensor network dataset (WSN-DS) containing 374,661 records, identifies the optimal model for intrusion detection in WSNs. The standout outcome of our research is the remarkable performance of our model. In binary classification scenarios, it achieves an accuracy rate of 99.78%, and in multiclass classification scenarios, it attains an exceptional accuracy rate of 99.92%. These findings underscore the efficiency and superiority of our proposal in the context of WSN intrusion detection, showcasing its effectiveness in detecting and mitigating intrusions in WSNs.

Users of computer networks may benefit from cloud computing, which is a fairly new abstraction that offers features like processing as well as the sharing and storing of data. As a result of the services it provides, cloud computing is drawing significant investments from across the world. Despite this, Cloud Computing Security continues to be one of the most important issues for businesses and consumers that use cloud computing systems. A few of the security flaws that are associated with cloud computing were passed down from earlier computer systems. In contrast, the other flaws were brought about by the distinctive qualities and design of cloud computing. The newly developed platform has measures that restrict data access to just those users who are authorized to do so. Using the user’s identification and authentication/authorization information, a third-party service is responsible for managing access to the data. This service checks on all requests. Sensitive information and facts pertaining to users are encrypted both while in transit and while being stored. The platform was put into operation, analysed, and compared to other cloud platforms that were already in existence in terms of how effective it was in comparison to other platforms. When compared to the other security platforms, the findings demonstrated that this platform performed as anticipated in a relatively short amount of time and offered robust protection against the acts of an intruder.

This paper introduces a new approach for examining and analyzing fileless malware artifacts in computer memory. The proposed approach offers the distinct advantage of conducting a comprehensive live analysis of memory without the need for periodic memory dumping. Once a new process arrives, log files are collected by monitoring the Event Tracing for Windows facility as well as listing the executables of the active process for violation detection. The proposed approach significantly reduces detection time and minimizes resource consumption by adopting parallel computing (programming), where the main software (Master) divides the work, organizes the process of searching for artifacts, and distributes tasks to several agents. A dataset of 17411 malware samples is used in the assessment of the new approach. It provided satisfactory and reliable results in dealing with at least six different process injection techniques including classic DLL injection, reflective DLL injection, process hollowing, hook injection, registry modifications, and .NET DLL injection. The detection accuracy rate has reached (99.93%) with a false-positive rate of (0.068%). Moreover, the accuracy was monitored in the case of launching several malwares using different process injection techniques simultaneously, and the detector was able to detect them efficiently. Also, it achieved a detection time with an average of 0.052 msec per detected malware.

This paper examines the role of Generative AI (GenAI) and Large Language Models (LLMs) in penetration testing exploring the benefits, challenges, and risks associated with cyber security applications. Through the use of generative artificial intelligence, penetration testing becomes more creative, test environments are customised, and continuous learning and adaptation is achieved. We examined how GenAI (ChatGPT 3.5) helps penetration testers with options and suggestions during the five stages of penetration testing. The effectiveness of the GenAI tool was tested using a publicly available vulnerable machine from VulnHub. It was amazing how quickly they responded at each stage and provided better pentesting report. In this article, we discuss potential risks, unintended consequences, and uncontrolled AI development associated with pentesting.

Abstract

Physical-layer Key Generation (PKG) is the major candidate for use in secure wireless communications and Internet of Things (IoT) systems. Using Deep Learning (DL) and the Band Feature Mapping (BFM) method leads to reciprocal features, which is an essential requirement for the key generation in Orthogonal Frequency-Division Multiplexing Frequency Division Duplexing systems. Additionally, randomness and spatial de-correlation are two other essential requirements of secure PKG schemes. When the distance of an eavesdropper from a legal user is short, the eavesdropper can experience a correlated fading and generate the secret key.Other works assume that the adversary is far away from legitimate users, whereas the proposed scheme allows the adversary to approach the legitimate users without sacrificing the security Conventional DL-based BFM includes an offline training stage using a pre-collected dataset. To solve the spatial correlation problem, this paper simultaneously uses the concepts of physical layer security and adversarial training. Moreover, a DL-based adversary in the PKG model is considered which has not been studied yet. Simulation results confirm the effectiveness of the proposed Adversarial DL (ADL) key generation scheme in terms of Key Error Rate and Key Generation Rate. Our results show that using the proposed training strategy the illegal user can only generate a random key with an error rate of about 0.5. In the meantime, this method maintains the performance of the generated key by the legal users under a certain level. The mentioned features make ADL key generation scheme an appealing candidate for applications, such as secure cloud-based communications, low-size networks, and resource-constrained IoT.