IET Information Security最新文献

As the most widely used operating system in the world, Android has naturally become the main target of malicious hackers. The current research on Android malware detection relies on manually defined sensitive API feature sets. With the continuous innovation and change of malicious behavior, new threats and attack methods have emerged. If we still rely on the original sensitive API set, malicious applications will not be discovered. To address this issue, we do not use the existing sensitive API feature set but instead design a key activation mechanism (KAM) based on convolutional neural networks (CNNs) to obtain sensitive API. We use this mechanism to automatically mine API features that play an important role in determining maliciousness from application datasets. And we use the API group (ApiG) obtained through this mechanism for template generalization, and obtain a method called AEDroid that can delay model aging. By analyzing these API features, it was found that they not only cover the existing sensitive API feature types but also include sensitive APIs for seven new types of malicious behavior. The experimental results show that with the addition of the newly discovered sensitive API, the Android malware detection rate has increased by more than 5%, especially on newly emerged malicious datasets, where the effect is more pronounced.

In this work, we explore the recent developments related to lattice-based signature and preimage sampling, and specify a compact identity-based signature (IBS) on an ideal lattice for practical use. Specifically, we first propose an ellipsoid version of the G + G signature scheme (Asiacrypt 2023) that achieves slightly better signature size and higher security. Then, by adapting a specific preimage sampling algorithm to the modified G + G signature, we obtain an efficient IBS scheme. In addition, we prove its security in the quantum random oracle model (QROM), following the paradigm introduced by Zhangdry (Crypto 2012). Finally, a complete specification of the IBS, featuring three distinct parameter sets, is accompanied by a proof-of-concept implementation. We believe that the combination of the preimage sampling with the Fiat–Shamir transformation holds potential for application in the other advanced digital signature schemes.

In this paper, we construct two repairable threshold schemes (RTSs) using a resolvable balanced incomplete block design (RBIBD). First, a resolvable transversal design is given by mutually orthogonal Latin squares. Further, a RBIBD is obtained through the filling hole method, and two repairable key sharing threshold schemes based on the Ramp threshold scheme are constructed based on this design. Finally, the information rate, the repairing degree and the communication complexity of two RTSs are calculated, and the performance of the schemes is analyzed. Compared with the existing schemes, the results show that two schemes constructed in this paper have a higher information rate, a larger repairing degree and lower communication complexity.

As the information society advances swiftly, individuals and corporations are producing vast quantities of data daily. Cloud computing presents considerable strengths in storing and applying this data. Yet, challenges related to data security and privacy within cloud computing are obstructing its continued expansion. To guarantee data confidentiality, data owners (DOs) employ conventional cryptographic techniques to encrypt information prior to delegating it to cloud servers. However, this makes efficient search difficult to achieve. Searchable encryption (SE) can effectively alleviate this dilemma. However, most existing SE schemes have not fully considered spelling errors and semantic extension of keywords. At the same time, users’ personalized characteristics are not considered in the search process, and personalized retrieval services cannot be supported on encrypted data. The study designs an efficient and intelligent personalized search (EIPS) scheme based on user’s interest, which can intelligently conduct multikeyword precise search and fuzzy semantic search based on user’s interest model, and return accurate top-k search results. Our contribution consists of three aspects. First, this scheme combines precise search, fuzzy search, semantic expansion, and personalized search technology to realize intelligent personalized multikeyword search. Second, the use of vector cross matching and short-circuit matching effectively improves retrieval efficiency. Third, considering the protection of data privacy, a hybrid cloud server architecture was employed. Specifically, the user interest model (UIM) is stored on a private cloud server (PRCS), and the sorting of search results is also completed on the PRCS. This setting not only ensures the security of user data and computing operations but also reduces the burden on users. The security analysis results indicate that EIPS can ensure the privacy of data and users. The experimental results also show that this scheme has high efficiency while providing personalized search results for users.

In this research, we attempt to develop unknown anomaly detection models using a large-scale unlabeled dataset and a limited number of partially labeled anomalies, addressing an important but mostly unsolved anomaly detection problem. This is a common situation in many important applications. Currently used related methods work with unlabeled data in an unsupervised manner or fit only a small number of anomalies, often without all the anomalies. Here, we present a new decision-making method using the deep Q network (DQN) and the neutrosophic soft expert set (NSES) to actively search for new sets of anomalies that exist outside the boundaries of the labeled training data. The Jaccard similarity algorithm is used to calculate the distance between two states. This approach learns to find a balance between finding new anomaly classes and using its current data model. Consequently, it can increase detection accuracy by using the labeled anomaly data without limiting the types of anomalies it requires to a given anomalous case. Then, the gradient-based marine predator (GMP) algorithm—a hybrid of the marine predator algorithm (MPA) and the gradient-based optimizer (GBO)—is applied, and the parameters of the DQN model are adjusted at each iteration. This has major practical implications because abnormalities are inherently unobservable in nature and can be costly to ignore. Comprehensive tests on three real-world datasets demonstrate that our strategy performs noticeably better than five state-of-the-art competing approaches.

This article proposes a novel algorithm to address the security issues in millimeter-wave Internet-of-vehicles (mmWave-IoV). The main idea is to provide a new solution to eliminate eavesdropping in dynamic mmWave-IoV infrastructure. For this purpose, a secure multiagent cooperative communication algorithm based on deep deterministic policy gradient (DDPG) and dueling double deep Q network (D3QN) is proposed. The eavesdropper reception signal quality is reduced by using the cooperative jamming of the road side unit (RSU). The total secrecy rate of all authentic vehicles is used as the optimization problem with the objective to maximize it using the jamming RSUs, joint beam connections of vehicular users and base station, and the transmit power and jamming direction of cooperative RSUs. A real-time, continuous, and discrete fusion-based decision-making strategy is deployed by creating an RSU agent utilizing the capabilities of the DDPG-D3QN algorithm and a vehicular user agent used in D3QN. Simulation results show that the proposed algorithm has superior performance as compared with existing algorithms.

Backdoor attacks have significantly threatened the models of natural language processing (NLP). However, most textual backdoor attacks exhibit low levels of stealthiness, making them susceptible to detection and removal by defense strategies. In order to improve the performance and stealthiness of such backdoor attacks, this article introduces a novel backdoor attack named Bad Padding (BPad) based on steganography. BPad employs a word-substitution steganographic method to hide triggers in sentences, thereby generating poisoned data. To ensure a high level of stealthiness for these poisoned samples, BPad developed a word substitution strategy that enhances both the diversity of the substituted words and the contextual coherence of the sentences. BPad also modifies the preprocessing stage by extracting triggers from the sentences and padding them as tokens at the end, effectively amplifying the impact of the trigger and making it easier for the model to learn the shortcut from the trigger to the target label, thereby achieving the injection of a backdoor. This article uses various metrics to present experimental measures of the attack performance and stealthiness of BPad. The results find that BPad achieved competitive results compared to baseline methods in non-defense scenarios and outperforms baseline methods under both training and inference defense. Besides that, the attack samples generated by BPad demonstrate strong stealthiness in terms of semantic coherence, perplexity, and grammaticality.

The rapid evolution of technology has revealed the limitations of host-centric or IP address–based networks. To overcome these limitations, a new communication paradigm has emerged: the information-centric networking (ICN), which focuses on content (data) regardless of its location in the network. This new vision of networking addresses issues such as security and address space limitations inherent in the traditional IP address-centric paradigm. Unlike its predecessor, ICN is based on content naming rather than IP addresses. ICN offers advantages such as improved quality of service, reduced data delivery time, enhanced data availability, and strengthened security. However, with these benefits come new vulnerabilities, particularly in content naming and caching. It is, therefore, crucial to understand the attacks specific to ICN. In this study, we first present an overview of the two network paradigms and fundamental security concepts, then, examine the various attacks in the ICN paradigm. We propose a taxonomy of these attacks and outline future research directions to address emerging security challenges.

HID (host intrusion detection) is a security mechanism for detecting malicious activities performed in a host (e.g., a server, an edge device). Recent research has recast HID as a provenance graph learning problem thanks to the advancement in deep learning techniques, especially the GNNs (graph neural networks). Although the provenance graph learning based HID methods show promise, they are vulnerable to adversarial attacks, where the attackers can bypass the HID models by carefully modifying their attack behaviors. In this paper, we reveal that an adversarial sample generated against one HID model may not be necessarily able to attack another HID model, and we further explore the success rate of adversarial attacks between different HID models by evaluating the mutual transferability. Based on the evaluation, we propose ProvADShield, a framework designed to defend against adversarial attacks on provenance graph learning based HID models. The core idea of ProvADShield is to combine multiple HID models by leveraging the mutual transferability. We evaluate ProvADShield based on a provenance dataset collected and made public by our team. The experiment results show that ProvADShield outperforms state-of-the-art defense systems against adversarial attacks.

Network intrusion detection (NID) plays a crucial role in cybersecurity by identifying network attacks from network traffic. In recent years, the deep learning technique has become a tendency for the NID problem. However, a major drawback of deep learning is the lack of interpretability, making NID systems (NIDSs) difficult to diagnose and response to the detected network attacks. At the same time, the existing interpretable deep learning techniques cannot adapt to the NID problem due to its specific challenges, including the cross-feature effect and the absence of self-interpretable features. To this end, this article proposes a decision Tree enhanced deep Attention Network (TAN), an interpretable deep learning model specifically designed for the NID problem by integrating a decision tree (DT) into a deep attention network. TAN utilizes a DT to extract self-interpretable features and then uses a deep hierarchical attention network to capture the cross-feature effect and pinpoint the most important self-interpretable features. A series of experiments and case studies were performed on public datasets, including KDD99, NSL-KDD, UNSW-NB15, and CICIDS2017. The results indicate that TAN achieves competitive detection performance compared to existing deep learning models, while offering a more intuitive interpretation.