Computers & Security最新文献

With the continuous development of information technology, privacy protection in the Internet of Things (IoT) has attracted people 's attention. This paper summarizes and discusses the privacy and security issues faced by various levels of the IoT, and proposes an overall framework for privacy and security protection; investigates the research progress of ABE search security in the IoT, summarizes the types of firmware implementation defects in the IoT, analyzes the typical defect generation mechanisms, and summarizes the existing firmware defect detection methods from the perspectives of static analysis, symbol execution, fuzzy testing, program validation, and machine learning; analyzes the existing mainstream access control models in the IoT, and summarizes the issues that need to be addressed in the future for blockchain based access control in the IoT. It further studies the recent achievements and progress of machine learning in the security protection of the IoT, and summarizes the privacy laws, especially the information protection law of the European Union (EU) in enterprises. Finally, we propose the main challenges that current research still faces and point out the direction of future research development.

Incorporating LLM into cybersecurity operations, a typical real-world high-stakes task, is critical but non-trivial in practice. Using cybersecurity as the study context, we conduct a three-step mix-method study to incorporate LLM into the vulnerability remediation process effectively. Specifically, we deconstruct the deficiencies in user satisfaction within the existing process (Study 1). This inspires us to design, implement, and empirically validate an LLM-supported collaborative vulnerability remediation process through a field study (Study 2). Given LLM’s diverse contributions, we further investigate LLM’s double-edge roles through the analysis of remediation reports and follow-up interviews (Study 3). In essence, our contribution lies in promoting an efficient LLM-supported collaborative vulnerability remediation process. These first-hand, real-world pieces of evidence suggest that when incorporating LLMs into practical processes, facilitating the collaborations among all associated stakeholders, reshaping LLMs’ roles according to task complexity, as well as approaching the short-term side effects of improved user engagement facilitated by LLMs with a rational mindset.

The Software-Defined Networking (SDN) powered Internet of Things (IoT) offers a global perspective of the network and facilitates control and access of IoT devices using a centralized high-level network approach called Software Defined-IoT (SD-IoT). However, this integration and high flow of data generated by IoT devices raises serious security issues in the centralized control intelligence of SD-IoT. Motivated by the aforementioned challenges, we present a new Deep-Learning empowered Threat Hunting Framework named DLTHF to protect SD-IoT data and detect (binary and multi-vector) attack vectors. First, an automated unsupervised feature extraction module is designed that combines data perturbation-driven encoding and normalization-driven scaling with the proposed Long Short-Term Memory Contractive Sparse AutoEncoder (LSTMCSAE) method to filter and transform dataset values into the protected format. Second, using the encoded data, a novel Threat Detection System (TDS) using Multi-head Self-attention-based Bidirectional Recurrent Neural Networks (MhSaBiGRNN) is designed to detect cyber threats and their types. In particular, a unique TDS strategy is developed in which each time instances is analyzed and allocated a self-learned weight based on the degree of relevance. Further, we also design a deployment architecture for DLTHF in the SD-IoT network. The framework is rigorously evaluated on two new SD-IoT data sources to show its effectiveness.

The big data provided by unmanned aerial vehicle (UAV) visual sensors offers essential information resources for activities across various industries. However, various adversarial threats are inevitable throughout the lifecycle of data generation, transmission, and utilization, leading to serious security risks. Trust assessment of visual sensors is a prerequisite for securing UAVs, but the multidimensionality of the trust elements and the uncertainty of the evidence limit its practical application. To advance this research, we innovatively propose a trust management scheme based on multi-granularity evidence fusion within the framework of belief functions (BFs) theory to adaptively respond to both known and unknown threats. We first propose a direct trust assessment model for known threats, which constructs multidimensional coarse-grained trust elements (MCTEs) and integrates multiple lightweight sub-models for basic belief assignment (BBA) to meet the need for fast response. Then, to address the unknown threats, we introduce pre-trained models to build multidimensional fine-grained trust elements (MFTEs) to construct trust recommendation models for indirect trust assessment for visual sensors. In addition, to accurately characterize the trustworthiness of visual sensors, we also introduce a BBA-weighted fusion method to achieve more reasonable trust aggregation by weakening highly conflicting evidence sources. Finally, to validate the effectiveness of the proposed method, we conducted a comprehensive trust assessment and security experiment on UAV aerial images. The results indicate that the proposed method demonstrates excellent performance and is beneficial for enhancing UAV security in adversarial attack scenarios.

Recently, red packets have appeared widely in various mobile apps. Related security issues like fraud are gradually coming into the public eye. As a new means of fraud, red packet fraud has not yet been explored or addressed. In this paper, based on our empirical study on red packets, we propose a novel approach ReckDroid for red packet fraud detection. Our approach adopts a heuristic algorithm to identify red packets and then detects red packet fraud by analyzing the network traffic dynamically generated during the automated exploration of mobile apps. Our experiments are performed on hundreds of labeled real-world apps. Experimental results show that ReckDroid identifies red packets with a precision of 98.0% and a recall of 93.3%, and detects red packet fraud with a precision of 88.6% and a recall of 92.5%. By applying ReckDroid to over 1000 Android apps in the wild, we find that apps with red packets account for 17.6% of apps from seven app markets (including Google Play) while red packet fraud mainly occurs in Chinese app markets.

Deep neural networks have advanced significantly in the last several years and are now widely employed in numerous significant real-world applications. However, recent research has shown that deep neural networks are vulnerable to backdoor attacks. Under such attacks, attackers release backdoor models that achieve satisfactory performance on benign samples while behaving abnormally on inputs with predefined triggers. Successful backdoor attacks can have serious consequences, such as attackers using backdoor generation methods to bypass critical face recognition authentication systems. In this paper, we propose PBADT, a precise backdoor attack with dynamic trigger. Unlike existing work that uses static or random trigger masks, we design an interpretable trigger mask generation framework that places triggers at positions that have the most significant impact on the prediction results. Meanwhile, backdoor attacks are made more efficient by using forgettable events to improve the efficiency of backdoor attacks. The proposed backdoor method is extensively evaluated on three face recognition datasets, LFW, CelebA, and VGGFace, while further evaluated on two general image datasets, CIFAR-10 and GTSRB. Our approach achieves almost perfect attack performance on backdoor data.

A strong organisational cybersecurity culture (CSC) is critical to the success of any cybersecurity effort, and understanding and measuring CSC is essential if it is to succeed. To facilitate the framing and measurement of CSC we conducted a rapid evidence assessment (REA) to synthesise relevant studies on CSC. The systematic search identified 1,768 records. 59 studies were eligible for the final synthesis.

Thematic analysis of the CSC definitions in the included studies highlighted that CSC should not be viewed solely as a technical problem but as a management issue too; CSC requires top management involvement and role modelling, with full organisational support for the desired employee behaviours. We identify both theoretically and empirically derived models of CSC in the REA, along with a range of methods to develop and test these models. Integrative analysis of these models provides detailed information about CSC dimensions, including employee attitudes towards CS; compliance with policies; the role of security education, training and awareness; monitoring of behaviour and top management commitment. The evidence indicates that CSC should be understood both in the context of the wider organisational culture as well as in the shared employee understanding of CS that leads to behaviour.

Based on the findings of this review, we propose a novel integrated framework of CSC consisting of cultural values, the culture-to-behaviour link, and behaviour itself. We also make measurement recommendations based on this CSC framework, ranging from simple, broad-brush tools through to suggestions for multi-dimensional measures, which can be applied in a variety of sectors and organisations.

Fuzzing is one of the most successful approaches for verifying software functionalities and discovering security vulnerabilities. However, the software with persistent runtime characteristics (e.g., web service programs) cannot be effectively tested by current coverage-based greybox (CG) fuzzers, which strictly rely on the termination state of the target software to feed test cases synchronously and obtain code coverage. The present approach requires delicate analysis and modification of the target to eliminate its persistence, but leads to excessive non-essential restarts during testing, resulting in low throughput.

To improve the convenience and efficiency of CG fuzzing for persistent software, we propose augmenting persistence (AugPersist) as a complementary method. AugPersist introduces the concept of persistent basic block (PBB) to leverage the inherent code features of persistent software. PBB can be found automatically and quickly before fuzzing based on the execution flow graph (EFG). On this basis, we develop a low- delay synchronous communication so that after regular test cases are fed into the target, the fuzzer can derive code coverage without rebooting the target, thus significantly minimizing extraneous restarts. Additionally, by utilizing the self-adaptive forkserver, we can dynamically adjust the re-execution point of the target to the PBB position, which further minimizes losses when test cases trigger exceptions and cause necessary restarts.

To show the potential of augmenting persistence, we create two implementations, AFL-AugPersist and AFLNet-AugPersist, using AFL and AFLNet as baselines. We evaluate both with their respective baselines on different benchmarks. AFL-AugPersist makes stateless persistent software easier to be fuzzed than AFL and provides 4.9 × to 71.1 × throughput improvement compared to AFL. The throughput of AFLNet-AugPersist improves by a maximum of 210.0 × and a minimum of 3.3 × compared to AFLNet. These results show that AugPersist significantly contributes to the convenience and efficiency of CG fuzzing on persistent software.

The ongoing evolution of malware presents a formidable challenge to cybersecurity: identifying unknown threats. Traditional detection methods, such as signatures and various forms of static analysis, inherently lag behind these evolving threats. This research introduces a novel approach to malware detection by leveraging the robust statistical capabilities of L-moments and the structural insights provided by Abstract Syntax Trees (ASTs) and applying them to PowerShell. L-moments, recognized for their resilience to outliers and adaptability to diverse distributional shapes, are extracted from network analysis measures like degree centrality, betweenness centrality, and closeness centrality of ASTs. These measures provide a detailed structural representation of code, enabling a deeper understanding of its inherent behaviors and patterns. This approach aims to detect not only known malware but also uncover new, previously unidentified threats. A comprehensive comparison with traditional static analysis methods shows that this approach excels in key performance metrics such as accuracy, precision, recall, and $F_1$ score. These results demonstrate the significant potential of combining L-moments derived from network analysis with ASTs in enhancing malware detection. While static analysis remains an essential tool in cybersecurity, the integration of L-moments and advanced network analysis offers a more effective and efficient response to the dynamic landscape of cyber threats. This study paves the way for future research, particularly in extending the use of L-moments and network analysis into additional areas.

The 6G system is envisioned to support various new applications with diverse requirements in terms of quality and security. To fulfill diverse and stringent requirements, reconfigurable intelligent surfaces (RIS) have been extensively studied as a 6G enabling technology. RIS can be used to secure communications and boost the system performance, but it leads to new security threats as well. Due to the open nature of the wireless channel, smart radio environment, dynamic network topology, and adversarial machine learning (ML), 6G will face various unprecedented security threats. Given stringent requirements on quality of service (QoS), security, and massive low-cost Internet of Thing (IoT) devices, physical layer security (PLS) by exploiting the random nature of the wireless channel and/or intrinsic hardware imperfection emerges as a complementary approach to secure wireless communications. Meanwhile, the rapid development of artificial intelligence (AI) promotes the development of intelligent PLS solutions and smart attacks. In this paper, we make a comprehensive overview of PLS for RIS-based 6G systems from both defensive and offensive perspectives. We first introduce the vision of the RIS-enabled 6G smart radio environment. Then, typical security risks and requirements on RIS-based 6G are analyzed. After that, the state-of-the-art techniques on PLS are presented. Subsequently, major academic works on the physical layer security solution oriented to RIS are systematically reviewed. Moreover, the latest studies on attacks based on adversarial RIS are discussed in depth. Finally, we identify multiple open issues and research opportunities to inspire further studies for more intelligent PLS to secure the RIS-enabled 6G system.