Computers & Security最新文献

Amidst the rapid development of the software industry and the burgeoning open-source culture, vulnerability detection within the software security domain has emerged as an ever-expanding area of focus. In recent years, the rapid advancement of artificial intelligence, particularly the notable progress in deep learning for pattern recognition and natural language processing, has catalyzed a surge in research endeavors exploring the integration of deep learning for the enhancement of vulnerability detection techniques. In this paper, we investigate contemporary deep learning-based source code analysis methods, with a concentrated emphasis on those pertaining to static code vulnerability detection. We categorize these methods based on various representations of source code employed during the preprocessing stage, including token-based and graph-based representations of source code, and further subdivided based on the types of deep learning algorithms or graph representations employed. We summarize the basic processes of model training and vulnerability detection under these different representation formats. Furthermore, we explore the limitations inherent in current approaches and provide insights into future trends and challenges for research in this field.

Cyber-physical systems (CPSs) are essential to the contemporary industrial landscape, performing a central role in improving productivity, mechanization, and innovation across several sectors. These systems are the conflux of physical processes and digital mechanics, developing a symbiotic integration with numerous benefits. Communication technologies play a very significant role in CPSs by facilitating real-time data exchange, coordination, and coherent integration. 5G and Beyond communication technologies are contributing significantly to CPS by facilitating ultra-fast, low-latency connectedness. They also improve real-time transfer, enabling better control and supervision of physical processes. In this paper, the authors emphasized the security aspects of 5G and beyond CPSs. The significance of the domain is derived by studying the various application domains of the CPSs and literature published on CPS security. The major threats attempted on 5G and beyond CPS are discussed in detail along with the taxonomy of the exiting security solutions by covering the aspects of assessment of cyber-attacks emanation, CPS attack prototyping, attack identification, and development of security architectures. The authors also presented the major challenges occurring in the deployment of CPS applications, key research domains, and major issues in 5G and beyond CPS security. The security landscape of 6G CPS applications is also discussed in brief with key challenges.

Wireless Sensor Networks (WSNs) are susceptible to various security threats owing to its deployment in hostile environments. Intrusion detection system (IDS) contributes a critical role on securing WSNs by identifying malevolent activities and ensuring data integrity. Traditional IDS techniques often struggle with the dynamic and resource-constrained nature of WSNs. In this paper, Dynamically Stabilized Recurrent Neural Network Optimized with Intensified Sand Cat Swarm Optimization for Wireless Sensor Network Intrusion identification (DSRNN-ISCOA-ID-WSN) is proposed. Initially, the input data is amassed from WSN-DS dataset. After that, the pre-processing segment receives the data. In pre-processing stage, redundant and biased records are removed from input data with the help of Adaptive multi-scale improved differential filter (AMSIDF). Then the optimal are selected by utilizing Wolf-Bird Optimization Algorithm (WBOA). DSRNN is used to classify the data as Normal, Grey hole, Black hole, Time division multiple access (TDMA), and Flooding attacks. Then Intensified Sand Cat Swarm Optimization (ISCOA) is employed to optimize the weight parameters of DSRNN for accuracte classification. The proposed DSRNN-ISCOA-ID-WSN technique is implemented Python. The performance of the proposed DSRNN-ISCOA-ID-WSN approach attains 29.24 %, 33.45 %, and 28.73 % high accuracy; 30.53 %, 27.64 %, and 26.25 % higher precision when compared with existing method such as Machine Learning-Powered Stochastic Gradient Descent Intrusions Detection System for WSN Attacks (SGDA-ID-WSN), An updated dataset to identify threats in WSN (CNN-ID-WSN) and Denial-of-Service attack detection in WSN: a Low-Complexity Machine Learning Model (DTA-ID-WSN) respectively.

The domain name system (DNS) serves as a fundamental component of the Internet infrastructure, but it is also exploited by attackers in various cyber-crimes, underscoring the significance of malicious domain detection (MDD). Recent advances show that graph-based models exhibit potential for inferring malicious domains and demonstrate superior performance. However, acquiring large-scale and high-quality graph datasets for MDD proves challenging for individual security institutes. Hence, a promising research direction involves employing vertical federated graph learning scheme to unite diverse security institutes and enhance local datasets resulting in more robust and powerful detection models. Nonetheless, directly applying vertical federated graph neural networks for MDD confronts challenges posed by noisy labels and noisy edges among security institutes, which ultimately diminish detection performance. This paper introduces a novel vertical federated learning framework, called MDD-FedGNN, that applies contrastive learning with two different encoders to deal with noisy labels and employs a new loss function based on the information bottleneck theory to handle noisy edges. Comparative experiments are conducted on a publicly available DNS dataset to evaluate the effectiveness of MDD-FedGNN in addressing the challenges of noisy labels and edges in vertical federated graph learning. The results demonstrate that MDD-FedGNN outperforms baseline methods, confirming the feasibility of training more powerful malicious domain detection models through data sharing and vertical federated learning among different security agencies.

With the increasing size and complexity of network, network traffic becomes more and more correlated with each other, and the traditional manner of presenting network traffic in a Euclidean structure is difficult to effectively capture the correlation information of network traffic. In contrast, graph structured data has gained much attention in recent years due to its ability to represent the correlation between different traffic flows; In addition, models and algorithms related to Graph Convolution Neural network (GCN) have been used for malicious traffic detection. However, existing GCN-based malicious traffic detection methods still suffer from incomplete description of the flow-level features of network traffic, imperfect traffic correlation establishment mechanism and failure to distinguish the importance of features during model training. Based on this, this study proposes a malicious traffic detection method called GCN-MHSA based on Graph Convolutional Neural network and Multi-Head Self-Attention mechanism. Firstly, the flow-level features of network traffic are populated and more information close to the features are selected to describe the network traffic; And then, the link homogeneity is used to establish the correlations between network traffic; Moreover, multi-head self-attention mechanism is introduced in the GCN model to provide larger weight to important features; Finally, an improved GCN is used as a deep learning model to detect malicious traffic. Extensive experimental results on three publicly available network traffic datasets and a real network traffic dataset show that the proposed GCN-MHSA method performs better than five baselines in terms of detection effect and stability, with an improvement of about 2.4% in accuracy, recall and F1-measure as well as an improvement of about 2.1% in precision.

In light of the rising threats of cyberattacks on critical infrastructures, cybersecurity has become a high priority for government agencies worldwide. In particular, the severity of cyberattacks could lead to devastating consequences for national security, economic growth, and public health and safety. While earlier studies have examined several factors related to detecting, preventing, and predicting cyberattacks on critical infrastructures, they have largely neglected to consider the severity aspect of these attacks. This study aims to bridge this research gap by examining the factors that influence the severity of cyberattacks on critical infrastructures. To achieve this, we analyze 897 reported attacks on critical infrastructures to examine the impact of incident type, ransomware, zero-day vulnerability, attacker type, conflict type, initial access vector, and the number of targeted countries on the severity of these cyberattacks. The results show that cyberattacks employing ransomware and initiated by nation-state actors have the most impact on severity. On the contrary, cyberattacks that include data theft, disruption, hijacking with or without misuse, involve multiple types of conflict, and target the energy and finance sectors have the least impact on the severity of attacks. To gain further insight into these results, we perform sub-analyses on the metrics that makeup severity. Findings show that cyberattacks on the health sector are more vulnerable to data theft of sensitive information compared to other sectors. Also, nation-state-led attacks are more likely to involve data theft of sensitive information and long-term disruptions. Finally, as years progress, the results generally indicate a decreasing likelihood of attacks involving data theft of sensitive information and hijacking with misuse.

To prevent tracking, the Bluetooth Low Energy (BLE) protocol integrates privacy mechanisms such as address randomization. However, as highlighted by previous researches address randomization is not a silver bullet and can be circumvented by exploiting other types of information disclosed by the protocol such as counters or timing. In this work, we propose two novel attack to break address randomization in BLE exploiting side information in the form of Received Signal Strength Indication (RSSI). More precisely, we demonstrate how RSSI measurements, extracted from received BLE advertising packets, can be used to link together the traces emitted by the same device or directly re-identify it despite address randomization. The proposed attacks leverage the distribution of RSSI to create a fingerprint of devices with an empirical evaluation on various scenarios demonstrating their effectiveness. For instance in the static context, in which devices remain at the same position, the proposed approach yields a re-identification accuracy of up to 97%, which can even be boosted to perfect accuracy by increasing the number of receivers controlled by the adversary. We also discuss the factors influencing the success of the attacks and evaluate two possible countermeasures whose effectiveness is limited, highlighting the difficulty in mitigating this threat.

Artificial Intelligence (AI) technology is revolutionizing the digital world and becoming the cornerstone of the modern digital systems. The capabilities of cybercriminals are expanding as they adopt new technologies like zero-day exploits or new business models such as hacker-as-a-service. While AI capabilities can improve cybersecurity measures, this same technology can also be utilized as an offensive cyber weapon to create sophisticated and intricate cyber-attacks. This paper describes an AI-powered mechanism for the automatic generation of attack techniques, ranging from initial attack vectors to impact-related actions. It presents a comprehensive analysis of simulated attacks by highlighting the attack tactics and techniques that are more likely to be generated using AI technology, specifically Large Language Model (LLM) technology. The work empirically demonstrates that LLM technology can be easily used by cybercriminals for attack execution. Moreover, the solution can complement Breach and Attack Simulation (BAS) platforms and frameworks that automate the security assessment in a controlled manner. BAS could be enhanced with AI-powered attack simulation by bringing forth new ways to automatically program multiple attack techniques, even multiple versions of the same attack technique. Therefore, AI-enhanced attack simulation can assist in ensuring digital systems are bulletproof and protected against a great variety of attack vectors and actions.