Computers & Security最新文献_第10页

Uncovering hidden threats: A format-driven approach to dsp instruction set vulnerability discovery 揭露隐藏的威胁：dsp指令集漏洞发现的格式驱动方法

IF 5.4 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2025-12-24 DOI: 10.1016/j.cose.2025.104811

Yongzhen Luo, Zhongkai Huang, Wenhui Duan, Liwei Wang, Bo Hou, Chenbing Qu, Chen Sun, Ziyang Wang

With the widespread application of Digital Signal Processors (DSPs) in critical areas, hidden instructions have become a significant threat to system security. Maliciously exploiting these instructions may lead to information leaks, data tampering, or system crashes. This paper proposed an efficient search method based on the instruction format to address the security issue of DSP hidden instructions. By establishing an instruction database, this method analyzes the instruction format, designs an efficient instruction generation strategy, and applies precise disassembly techniques, significantly reducing the instruction search space and effectively identifying hidden instructions. Experiments conducted on TI's DSP processors TMS320C6678 and TMS320F28335 have shown that this method successfully identified hidden instructions, demonstrating its effectiveness and practicality. The test results indicate that hidden instructions could lead to unexpected modifications of microprocessor registers or memory data, system resets, or even system crashes, exposing potential security risks in the DSP instruction set. The findings of this study offer an efficient search approach for hidden instructions and demonstrate the critical need for comprehensive security evaluation of DSP instruction sets in safety-critical applications.

随着数字信号处理器（dsp）在关键领域的广泛应用，隐藏指令已成为威胁系统安全的重大问题。恶意利用这些指令可能导致信息泄露、数据篡改或系统崩溃。针对DSP隐藏指令的安全性问题，提出了一种基于指令格式的高效搜索方法。该方法通过建立指令数据库，对指令格式进行分析，设计高效的指令生成策略，并采用精确的拆卸技术，显著减少指令搜索空间，有效识别隐藏指令。在TI公司的DSP处理器TMS320C6678和TMS320F28335上进行的实验表明，该方法成功地识别了隐藏指令，证明了该方法的有效性和实用性。测试结果表明，隐藏指令可能导致微处理器寄存器或内存数据的意外修改，系统复位，甚至系统崩溃，暴露出DSP指令集中潜在的安全风险。本研究的结果为隐藏指令提供了一种有效的搜索方法，并证明了在安全关键应用中对DSP指令集进行综合安全评估的迫切需要。

{"title":"Uncovering hidden threats: A format-driven approach to dsp instruction set vulnerability discovery","authors":"Yongzhen Luo, Zhongkai Huang, Wenhui Duan, Liwei Wang, Bo Hou, Chenbing Qu, Chen Sun, Ziyang Wang","doi":"10.1016/j.cose.2025.104811","DOIUrl":"10.1016/j.cose.2025.104811","url":null,"abstract":"<div><div>With the widespread application of Digital Signal Processors (DSPs) in critical areas, hidden instructions have become a significant threat to system security. Maliciously exploiting these instructions may lead to information leaks, data tampering, or system crashes. This paper proposed an efficient search method based on the instruction format to address the security issue of DSP hidden instructions. By establishing an instruction database, this method analyzes the instruction format, designs an efficient instruction generation strategy, and applies precise disassembly techniques, significantly reducing the instruction search space and effectively identifying hidden instructions. Experiments conducted on TI's DSP processors TMS320C6678 and TMS320F28335 have shown that this method successfully identified hidden instructions, demonstrating its effectiveness and practicality. The test results indicate that hidden instructions could lead to unexpected modifications of microprocessor registers or memory data, system resets, or even system crashes, exposing potential security risks in the DSP instruction set. The findings of this study offer an efficient search approach for hidden instructions and demonstrate the critical need for comprehensive security evaluation of DSP instruction sets in safety-critical applications.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"162 ","pages":"Article 104811"},"PeriodicalIF":5.4,"publicationDate":"2025-12-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145884442","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A bag of words model for efficient discovery of roles in access control systems 一种用于访问控制系统中角色有效发现的词包模型

IF 5.4 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2025-12-23 DOI: 10.1016/j.cose.2025.104808

Carlo Blundo , Stelvio Cimato

The popularity of the Role-based Access Control (RBAC) model is determined by its flexibility and its adaptability in different contexts, easing the enforcement and the management of security policy. In some cases, different kinds of (cardinality) constraints are considered to adjust and adapt roles and their assignment to best represent the organization’s security policy.

However, the process of role mining, whether based on an organizational scenario or on existing permission assignments, is a hard task, since the problem shows NP-hard computational complexity and in case of frequent policy updates, the dynamic adaptation of the roles can be challenging. Then, the only possibility of producing an RBAC model compliant with the security policy is to resort to heuristics, which may return an approximation of the optimal solution.

In this paper, we propose an innovative approach to explore the space of the solution based on the bag of word value, which is commonly deployed in the field of document representation and knowledge extraction. We propose different heuristics and validate our approach reporting the results of the application to standard datasets, and providing an evaluation under different metrics and indicators. We show that our technique returns improved results and provides an alternative way to produce valid solutions for constrained RBAC.

基于角色的访问控制（Role-based Access Control， RBAC）模型受欢迎的原因在于其灵活性和对不同环境的适应性，简化了安全策略的实施和管理。在某些情况下，考虑不同类型的（基数）约束来调整和调整角色及其分配，以最好地表示组织的安全策略。然而，角色挖掘的过程，无论是基于组织场景还是基于现有的权限分配，都是一项艰巨的任务，因为问题显示出NP-hard计算复杂性，并且在频繁的策略更新情况下，角色的动态适应可能具有挑战性。然后，生成符合安全策略的RBAC模型的唯一可能性是求助于启发式，它可能返回最优解决方案的近似值。在本文中，我们提出了一种基于词值袋的创新方法来探索解决方案的空间，这种方法通常用于文档表示和知识提取领域。我们提出了不同的启发式方法，并验证了我们的方法，将应用程序的结果报告到标准数据集，并在不同的度量和指标下提供评估。我们表明，我们的技术返回改进的结果，并提供了一种替代方法来生成约束RBAC的有效解决方案。

{"title":"A bag of words model for efficient discovery of roles in access control systems","authors":"Carlo Blundo , Stelvio Cimato","doi":"10.1016/j.cose.2025.104808","DOIUrl":"10.1016/j.cose.2025.104808","url":null,"abstract":"<div><div>The popularity of the Role-based Access Control (RBAC) model is determined by its flexibility and its adaptability in different contexts, easing the enforcement and the management of security policy. In some cases, different kinds of (cardinality) constraints are considered to adjust and adapt roles and their assignment to best represent the organization’s security policy.</div><div>However, the process of role mining, whether based on an organizational scenario or on existing permission assignments, is a hard task, since the problem shows NP-hard computational complexity and in case of frequent policy updates, the dynamic adaptation of the roles can be challenging. Then, the only possibility of producing an RBAC model compliant with the security policy is to resort to heuristics, which may return an approximation of the optimal solution.</div><div>In this paper, we propose an innovative approach to explore the space of the solution based on the bag of word value, which is commonly deployed in the field of document representation and knowledge extraction. We propose different heuristics and validate our approach reporting the results of the application to standard datasets, and providing an evaluation under different metrics and indicators. We show that our technique returns improved results and provides an alternative way to produce valid solutions for constrained RBAC.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"162 ","pages":"Article 104808"},"PeriodicalIF":5.4,"publicationDate":"2025-12-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145884443","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

BGF-DR: bidirectional greybox fuzzing for DNS resolver vulnerability discovery BGF-DR：用于DNS解析器漏洞发现的双向灰盒模糊测试

IF 5.4 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2025-12-23 DOI: 10.1016/j.cose.2025.104809

Jie Ying , Jun Li , Ruoxi Chen , Hongxin Su , Tiantian Zhu

The Domain Name System (DNS) represents a vital infrastructure component of the Internet, within which DNS resolvers constitute the core element of this system. Specifically, DNS resolvers mediate between DNS clients and DNS nameservers as the cache. However, existing tools face significant limitations in effectively identifying resolver vulnerabilities, presenting three primary challenges. First, DNS resolver implementations are complex and stateful, resulting in huge input space. Second, DNS resolver vulnerabilities typically manifest as semantic bugs leading to erroneous responses, making them difficult to detect through conventional oracle-based validation. Finally, most DNS resolver vulnerabilities only become apparent under bidirectional information sequences. This paper presents BGF-DR, a bidirectional greybox fuzzing system that addresses the aforementioned challenges to achieve efficient vulnerability discovery for DNS resolvers. First, BGF-DR leverages both branch coverage and state coverage information to explore the DNS resolver input space more rapidly and comprehensively. Second, BGF-DR employs differential testing and heuristic rules to identify test cases that trigger vulnerabilities. Finally, BGF-DR performs mutation-based case generation on both client-query and nameserver-response to enhance the efficiency of vulnerability discovery. We evaluated BGF-DR on 4 DNS resolvers and identified 6 vulnerabilities that could lead to cache poisoning, resource consumption, and crash attacks.

域名系统（DNS）代表了互联网的重要基础设施组成部分，其中DNS解析器构成了该系统的核心元素。具体来说，DNS解析器作为缓存在DNS客户端和DNS名称服务器之间进行中介。然而，现有的工具在有效地识别解析器漏洞方面面临着很大的限制，提出了三个主要挑战。首先，DNS解析器实现复杂且有状态，导致巨大的输入空间。其次，DNS解析器漏洞通常表现为导致错误响应的语义错误，这使得它们难以通过传统的基于oracle的验证来检测。最后，大多数DNS解析器漏洞只有在双向信息序列下才会显现出来。本文提出了BGF-DR，一种双向灰盒模糊测试系统，解决了上述挑战，实现了DNS解析器的有效漏洞发现。首先，BGF-DR利用分支覆盖和状态覆盖信息，更快速、更全面地探索DNS解析器输入空间。其次，BGF-DR采用差分测试和启发式规则来识别触发漏洞的测试用例。最后，BGF-DR在客户端查询和名称服务器响应上执行基于突变的案例生成，以提高漏洞发现效率。我们在4个DNS解析器上评估了BGF-DR，并确定了6个可能导致缓存中毒、资源消耗和崩溃攻击的漏洞。

{"title":"BGF-DR: bidirectional greybox fuzzing for DNS resolver vulnerability discovery","authors":"Jie Ying , Jun Li , Ruoxi Chen , Hongxin Su , Tiantian Zhu","doi":"10.1016/j.cose.2025.104809","DOIUrl":"10.1016/j.cose.2025.104809","url":null,"abstract":"<div><div>The Domain Name System (DNS) represents a vital infrastructure component of the Internet, within which DNS resolvers constitute the core element of this system. Specifically, DNS resolvers mediate between DNS clients and DNS nameservers as the cache. However, existing tools face significant limitations in effectively identifying resolver vulnerabilities, presenting three primary challenges. First, DNS resolver implementations are complex and stateful, resulting in huge input space. Second, DNS resolver vulnerabilities typically manifest as semantic bugs leading to erroneous responses, making them difficult to detect through conventional oracle-based validation. Finally, most DNS resolver vulnerabilities only become apparent under bidirectional information sequences. This paper presents <span>BGF-DR</span>, a bidirectional greybox fuzzing system that addresses the aforementioned challenges to achieve efficient vulnerability discovery for DNS resolvers. First, <span>BGF-DR</span> leverages both branch coverage and state coverage information to explore the DNS resolver input space more rapidly and comprehensively. Second, <span>BGF-DR</span> employs differential testing and heuristic rules to identify test cases that trigger vulnerabilities. Finally, <span>BGF-DR</span> performs mutation-based case generation on both client-query and nameserver-response to enhance the efficiency of vulnerability discovery. We evaluated <span>BGF-DR</span> on 4 DNS resolvers and identified 6 vulnerabilities that could lead to cache poisoning, resource consumption, and crash attacks.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"162 ","pages":"Article 104809"},"PeriodicalIF":5.4,"publicationDate":"2025-12-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145884444","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A large-scale measurement study of region-based web access restrictions: The case of China 基于区域的网络访问限制的大规模测量研究：以中国为例

IF 5.4 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2025-12-17 DOI: 10.1016/j.cose.2025.104807

Yuying Du , Jiahao Cao , Junrui Xu , YangYang Wang , Renjie Xie , Jiang Li , Changliyun Liu , Mingwei Xu

The rise of the Splinternet is reshaping the global digital landscape by fragmenting the Internet along political, commercial, and technological lines. Geoblocking, a practice where access to content is restricted based on geographic location, exemplifies this trend. Despite existing studies on geoblocking in specific contexts, such as Russia and Cuba, a systematic understanding of geoblocking policies targeting users in China has not been sufficiently explored. To bridge this gap, we present GeoWatch to conduct the first large-scale measurement study of geoblocking practices towards China. It employs advanced domain mining techniques and globally distributed vantage points to identify geoblocking websites. We test 97.78 million domains, which represents the largest domain set ever used in geoblocking research. Our comprehensive analysis reveals widespread geoblocking towards China, identifying 4.54 million geoblocking domains across 196 countries and regions. These findings highlight the real-world factors influencing geoblocking practices and offer valuable insights into its scope and impact, with a particular focus on China as a case study.

Splinternet的崛起正在重塑全球数字格局，它将互联网从政治、商业和技术等方面分割开来。地理封锁，一种基于地理位置限制访问内容的做法，就是这种趋势的例证。尽管已有针对俄罗斯和古巴等特定背景的地理封锁研究，但对针对中国用户的地理封锁政策的系统理解尚未得到充分探索。为了弥补这一差距，我们提出GeoWatch对中国的地理阻塞实践进行首次大规模测量研究。它采用先进的领域挖掘技术和全球分布的有利位置来识别地理屏蔽网站。我们测试了9778万个域，这是迄今为止用于地理阻塞研究的最大的域集。我们的综合分析揭示了针对中国的广泛地理封锁，在196个国家和地区确定了454万个地理封锁域。这些发现突出了影响地理封锁实践的现实因素，并对其范围和影响提供了有价值的见解，并特别关注中国作为案例研究。

{"title":"A large-scale measurement study of region-based web access restrictions: The case of China","authors":"Yuying Du , Jiahao Cao , Junrui Xu , YangYang Wang , Renjie Xie , Jiang Li , Changliyun Liu , Mingwei Xu","doi":"10.1016/j.cose.2025.104807","DOIUrl":"10.1016/j.cose.2025.104807","url":null,"abstract":"<div><div>The rise of the Splinternet is reshaping the global digital landscape by fragmenting the Internet along political, commercial, and technological lines. Geoblocking, a practice where access to content is restricted based on geographic location, exemplifies this trend. Despite existing studies on geoblocking in specific contexts, such as Russia and Cuba, a systematic understanding of geoblocking policies targeting users in China has not been sufficiently explored. To bridge this gap, we present GeoWatch to conduct the first large-scale measurement study of geoblocking practices towards China. It employs advanced domain mining techniques and globally distributed vantage points to identify geoblocking websites. We test 97.78 million domains, which represents the largest domain set ever used in geoblocking research. Our comprehensive analysis reveals widespread geoblocking towards China, identifying 4.54 million geoblocking domains across 196 countries and regions. These findings highlight the real-world factors influencing geoblocking practices and offer valuable insights into its scope and impact, with a particular focus on China as a case study.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"162 ","pages":"Article 104807"},"PeriodicalIF":5.4,"publicationDate":"2025-12-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145840459","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Characterizing tactics, techniques, and procedures in the macOS threat landscape 描述macOS威胁环境中的战术、技术和程序

IF 5.4 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2025-12-14 DOI: 10.1016/j.cose.2025.104806

Daniel Lastanao Miró , Javier Carrillo-Mondéjar , Ricarddo J. Rodríguez

As macOS systems increasingly become malware targets, understanding the tactics, techniques, and procedures (TTPs) used by adversaries is essential to improving defense strategies. This paper provides a systematic and detailed analysis of macOS malware using the MITRE ATT&CK framework, focusing on TTPs at key stages of the malware attack cycle. Leveraging a comprehensive dataset of 57,636 macOS malware samples collected between November 2006 and October 2024, we employ both static and dynamic analysis techniques to uncover patterns in adversary behavior. Our analysis, primarily based on static analysis techniques, offers a broad representation of macOS malware and highlights common characteristics across samples. While we only partially explore dynamic behaviors, we identify recurring patterns that align with specific TTPs in the MITRE ATT&CK framework, such as persistence and defense evasion. This mapping contributes to a more structured understanding of macOS threats and can help inform future detection and mitigation efforts.

随着macOS系统越来越多地成为恶意软件的目标，了解对手使用的战术、技术和程序（TTPs）对于改进防御策略至关重要。本文使用MITRE ATT&；CK框架对macOS恶意软件进行了系统和详细的分析，重点关注恶意软件攻击周期关键阶段的https。利用2006年11月至2024年10月收集的57,636个macOS恶意软件样本的综合数据集，我们采用静态和动态分析技术来揭示对手行为的模式。我们的分析主要基于静态分析技术，提供了macOS恶意软件的广泛代表，并突出了样本中的共同特征。虽然我们只对动态行为进行了部分探索，但我们确定了与MITRE att&ck框架中特定ttp相一致的重复模式，例如持久性和防御逃避。这种映射有助于更结构化地理解macOS威胁，并有助于为未来的检测和缓解工作提供信息。

引用次数: 0

A scenario-driven dynamic assessment model for data credibility 情景驱动的数据可信度动态评估模型

IF 5.4 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2025-12-14 DOI: 10.1016/j.cose.2025.104805

Zechen Li , Guozhen Shi , Kai Chen

With the rapid development of information technology, data has become the core element driving decision-making, and the explosive growth of massive data makes data governance face new challenges. The diversity of data sources and the dynamic complexity of application scenarios lead to uneven data quality, so there is an urgent practical need to construct accurate and efficient data credibility assessment methods. Existing researches are mostly limited to a single domain, which leads to fragmentation of assessment standards and makes it difficult to adapt to the needs of multiple scenarios. To address the above problems, this study proposes a dynamic data credibility assessment paradigm with universal applicability. Specifically, firstly, we construct a four-layer data credibility assessment index system based on national standards and domain guidelines through UML modeling technology, which realizes quantifiable disassembly from the target layer to the index layer and ensures cross-scenario compatibility and scalability of the assessment framework. Second, a scenario-driven dynamic fuzzy assessment model is proposed, which consists of a scene adaptation layer, an index optimization layer, a weight dynamic allocation layer and a comprehensive assessment layer. The key assessment indexes are screened by the scene feature analysis and the improved analytical hierarchy process, and the combination of the subjective and objective weights and the modification model are combined to achieve a dynamic balance of the weights, and a fuzzy comprehensive evaluation model is introduced to deal with uncertainties in the assessment process, and finally get the comprehensive assessment grade of data credibility. Finally, this study applies the framework to a vehicle forensics scenario for case analysis and evaluates the method’s accuracy using both simulated and real-world data. The results demonstrate its effectiveness in complex scenarios.

随着信息技术的快速发展，数据已成为驱动决策的核心要素，海量数据的爆发式增长使数据治理面临新的挑战。数据源的多样性和应用场景的动态复杂性导致数据质量参差不齐，因此迫切需要构建准确高效的数据可信度评估方法。现有研究多局限于单一领域，导致评估标准碎片化，难以适应多场景的需求。针对上述问题，本研究提出了一种具有普遍适用性的动态数据可信度评估范式。具体而言，首先，基于国家标准和领域指南，通过UML建模技术构建了四层数据可信度评估指标体系，实现了从目标层到指标层的可量化分解，保证了评估框架的跨场景兼容性和可扩展性。其次，提出了场景驱动的动态模糊评价模型，该模型由场景适应层、指标优化层、权重动态分配层和综合评价层组成；通过场景特征分析和改进的层次分析法筛选关键评价指标，结合主客观权重组合和修正模型实现权重的动态平衡，并引入模糊综合评价模型处理评价过程中的不确定性，最终得到数据可信度的综合评价等级。最后，本研究将该框架应用于车辆取证场景进行案例分析，并使用模拟和真实数据评估该方法的准确性。结果证明了该方法在复杂场景下的有效性。

{"title":"A scenario-driven dynamic assessment model for data credibility","authors":"Zechen Li , Guozhen Shi , Kai Chen","doi":"10.1016/j.cose.2025.104805","DOIUrl":"10.1016/j.cose.2025.104805","url":null,"abstract":"<div><div>With the rapid development of information technology, data has become the core element driving decision-making, and the explosive growth of massive data makes data governance face new challenges. The diversity of data sources and the dynamic complexity of application scenarios lead to uneven data quality, so there is an urgent practical need to construct accurate and efficient data credibility assessment methods. Existing researches are mostly limited to a single domain, which leads to fragmentation of assessment standards and makes it difficult to adapt to the needs of multiple scenarios. To address the above problems, this study proposes a dynamic data credibility assessment paradigm with universal applicability. Specifically, firstly, we construct a four-layer data credibility assessment index system based on national standards and domain guidelines through UML modeling technology, which realizes quantifiable disassembly from the target layer to the index layer and ensures cross-scenario compatibility and scalability of the assessment framework. Second, a scenario-driven dynamic fuzzy assessment model is proposed, which consists of a scene adaptation layer, an index optimization layer, a weight dynamic allocation layer and a comprehensive assessment layer. The key assessment indexes are screened by the scene feature analysis and the improved analytical hierarchy process, and the combination of the subjective and objective weights and the modification model are combined to achieve a dynamic balance of the weights, and a fuzzy comprehensive evaluation model is introduced to deal with uncertainties in the assessment process, and finally get the comprehensive assessment grade of data credibility. Finally, this study applies the framework to a vehicle forensics scenario for case analysis and evaluates the method’s accuracy using both simulated and real-world data. The results demonstrate its effectiveness in complex scenarios.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"162 ","pages":"Article 104805"},"PeriodicalIF":5.4,"publicationDate":"2025-12-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145791416","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Techniques and metrics for evasion attack mitigation 规避攻击缓解的技术和指标

IF 5.4 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2025-12-13 DOI: 10.1016/j.cose.2025.104802

Francesco Bergadano , Sandeep Gupta , Bruno Crispo

Evasion attacks pose a substantial risk to the application of Machine Learning (ML) in Cybersecurity, potentially leading to safety hazards or security breaches in large-scale deployments. Adversaries can employ evasion attacks as an initial tactic to deceive malware or network scanners using ML, thereby orchestrating traditional cyber attacks to disrupt systems availability or compromise integrity. Adversarial data designed to fool AI systems for cybersecurity can be engineered by strategically selecting, modifying, or creating test instances. This paper presents novel defender-centric techniques and metrics for mitigating evasion attacks by leveraging adversarial knowledge, exploring potential exploitation methods, and enhancing alarm detection capabilities. We first introduce two new evasion resistance metrics: adversarial failure rate (afr) and adversarial failure curves (afc). These metrics generalize previous approaches, as they can be applied to threshold classifiers, facilitating analyses for adversarial attacks comparable to those performed with Receiver Operating Characteristics (ROC) curve. Subsequently, we propose two novel evasion resistance techniques (trainset size pinning and model matrix), extending research in keyed intrusion detection and randomization. We explore the application of proposed techniques and metrics to an intrusion detection system as a pilot study using two public datasets, ‘BETH 2021’ and ‘Kyoto 2015’, which are well-established cybersecurity datasets for uncertainty and robustness benchmarking. The experimental results demonstrate that the combination of the proposed randomization techniques consistently produces remarkable improvement over other known randomization techniques.

规避攻击对机器学习（ML）在网络安全中的应用构成了重大风险，可能导致大规模部署中的安全隐患或安全漏洞。攻击者可以将逃避攻击作为初始策略，使用ML欺骗恶意软件或网络扫描仪，从而编排传统的网络攻击，以破坏系统可用性或损害完整性。可以通过战略性地选择、修改或创建测试实例来设计用于欺骗人工智能系统进行网络安全的对抗性数据。本文提出了新的以防御者为中心的技术和指标，通过利用对抗性知识、探索潜在的利用方法和增强警报检测能力来减轻逃避攻击。我们首先引入了两个新的规避阻力指标：对抗失败率（afr）和对抗失效曲线（afc）。这些指标概括了以前的方法，因为它们可以应用于阈值分类器，促进对抗性攻击的分析，可与使用接收者操作特征（ROC）曲线进行的分析相媲美。随后，我们提出了两种新的抗规避技术（列车集尺寸固定和模型矩阵），扩展了键控入侵检测和随机化的研究。我们将提出的技术和指标应用于入侵检测系统作为试点研究，使用两个公共数据集“BETH 2021”和“京都2015”，这两个数据集是用于不确定性和鲁棒性基准测试的成熟网络安全数据集。实验结果表明，与其他已知的随机化技术相比，所提出的随机化技术的组合始终产生显著的改进。

{"title":"Techniques and metrics for evasion attack mitigation","authors":"Francesco Bergadano , Sandeep Gupta , Bruno Crispo","doi":"10.1016/j.cose.2025.104802","DOIUrl":"10.1016/j.cose.2025.104802","url":null,"abstract":"<div><div>Evasion attacks pose a substantial risk to the application of Machine Learning (ML) in Cybersecurity, potentially leading to safety hazards or security breaches in large-scale deployments. Adversaries can employ evasion attacks as an initial tactic to deceive malware or network scanners using ML, thereby orchestrating traditional cyber attacks to disrupt systems availability or compromise integrity. Adversarial data designed to fool AI systems for cybersecurity can be engineered by strategically selecting, modifying, or creating test instances. This paper presents novel defender-centric techniques and metrics for mitigating evasion attacks by leveraging adversarial knowledge, exploring potential exploitation methods, and enhancing alarm detection capabilities. We first introduce two new evasion resistance metrics: adversarial failure rate (<em>afr</em>) and adversarial failure curves (<em>afc</em>). These metrics generalize previous approaches, as they can be applied to threshold classifiers, facilitating analyses for adversarial attacks comparable to those performed with Receiver Operating Characteristics (ROC) curve. Subsequently, we propose two novel evasion resistance techniques (trainset size pinning and model matrix), extending research in keyed intrusion detection and randomization. We explore the application of proposed techniques and metrics to an intrusion detection system as a pilot study using two public datasets, ‘BETH 2021’ and ‘Kyoto 2015’, which are well-established cybersecurity datasets for uncertainty and robustness benchmarking. The experimental results demonstrate that the combination of the proposed randomization techniques consistently produces remarkable improvement over other known randomization techniques.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"162 ","pages":"Article 104802"},"PeriodicalIF":5.4,"publicationDate":"2025-12-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145790900","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A systematic review on adversarial thinking in cyber security education: Themes and potential frameworks 网络安全教育中对抗性思维的系统回顾：主题和潜在框架

IF 5.4 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2025-12-10 DOI: 10.1016/j.cose.2025.104803

Thomas Oakley Browne, Eric Pardede

Background: Adversarial thinking is a key component of cybersecurity education, yet its definition and effective teaching approaches remain unclear. This study aims to clarify this concept and provide directions for future research in cybersecurity education.

Methods: A systematic review and thematic analysis were conducted to examine the relevant literature. The study focused on identifying descriptive and analytical themes, as well as potential frameworks for instruction.

Results: A total of 95 articles were analysed, yielding 89 concepts grouped into 4 main themes and 15 sub-themes. Analysis identified 2 analytical themes and 17 frameworks utilised in interventions.

Discussion: The identified themes provide a basis for defining learning objectives and developing validated assessments. While some frameworks show promise, they are most effective for specific aspects of adversarial thinking. The creation of an overarching educational framework is recommended.

背景：对抗性思维是网络安全教育的关键组成部分，但其定义和有效的教学方法尚不清楚。本研究旨在厘清这一概念，为未来网络安全教育的研究提供方向。方法：对相关文献进行系统回顾和专题分析。这项研究的重点是确定描述性和分析性主题，以及可能的教学框架。结果：共分析95篇文章，产生89个概念，分为4个主题和15个副主题。分析确定了干预措施中使用的2个分析主题和17个框架。讨论：确定的主题为定义学习目标和开发有效的评估提供了基础。虽然一些框架显示出希望，但它们对对抗性思维的特定方面最有效。建议建立一个全面的教育框架。

引用次数: 0

Security and regulation: Cybersecurity, privacy, and trust- protecting information and ensuring responsible technology use 安全和监管：网络安全、隐私和信任——保护信息和确保负责任的技术使用

IF 5.4 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2025-12-09 DOI: 10.1016/j.cose.2025.104804

Katina Michael , Rebecca Herold , George Roussos

引用次数: 0

An 〈entity, organization〉 integrated access control model 一个<实体、组织>集成访问控制模型

IF 5.4 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2025-12-06 DOI: 10.1016/j.cose.2025.104799

Ruijun Zhang , Chengyi Lu , Yang Wu , Zexi Zhang

Literature indicates that traditional access control models face critical challenges in dynamic business environments, including excessive storage costs, delayed permission adjustments, and insufficient precision in cross-departmental collaboration. To solve these problems, we propose an <entity, organization>-integrated access control model (EO-IAC).The model utilizes quad-dimensional dynamic permission entities to generate policy sets in real time, and combines with hierarchical resource classification strategies to automate data ownership labeling. It innovatively adopts an orthogonally decoupled architecture separating business permissions from data permissions, reducing permission storage complexity from the combinatorial explosion of traditional models to linear scale. The model integrates task-based dynamic authorization mechanisms and lightweight permission generation/verification algorithms to resolve cross-departmental fine-grained control failures. Experiments show EO-IAC model reduces storage overhead by 1–2 orders of magnitude compared to RBAC and ABAC in manufacturing scenarios, while decreasing high-frequency access latency by at least 15%. This study provides a lightweight solution for zero-trust access control in dynamic environments.

文献表明，传统的访问控制模型在动态的业务环境中面临着严峻的挑战，包括存储成本过高、权限调整延迟、跨部门协作精度不足等。为了解决这些问题，我们提出了实体、组织集成访问控制模型（EO-IAC）。该模型利用四维动态权限实体实时生成策略集，并结合分层资源分类策略实现数据所有权自动标注。创新采用正交解耦架构，将业务权限与数据权限分离，将传统模型的组合爆炸式的权限存储复杂度降低到线性规模。该模型集成了基于任务的动态授权机制和轻量级权限生成/验证算法，以解决跨部门的细粒度控制故障。实验表明，与RBAC和ABAC相比，EO-IAC模型在制造场景下将存储开销降低了1-2个数量级，同时将高频访问延迟降低了至少15%。本研究为动态环境下的零信任访问控制提供了一个轻量级的解决方案。

{"title":"An 〈entity, organization〉 integrated access control model","authors":"Ruijun Zhang , Chengyi Lu , Yang Wu , Zexi Zhang","doi":"10.1016/j.cose.2025.104799","DOIUrl":"10.1016/j.cose.2025.104799","url":null,"abstract":"<div><div>Literature indicates that traditional access control models face critical challenges in dynamic business environments, including excessive storage costs, delayed permission adjustments, and insufficient precision in cross-departmental collaboration. To solve these problems, we propose an <entity, organization>-integrated access control model (EO-IAC).The model utilizes quad-dimensional dynamic permission entities to generate policy sets in real time, and combines with hierarchical resource classification strategies to automate data ownership labeling. It innovatively adopts an orthogonally decoupled architecture separating business permissions from data permissions, reducing permission storage complexity from the combinatorial explosion of traditional models to linear scale. The model integrates task-based dynamic authorization mechanisms and lightweight permission generation/verification algorithms to resolve cross-departmental fine-grained control failures. Experiments show EO-IAC model reduces storage overhead by 1–2 orders of magnitude compared to RBAC and ABAC in manufacturing scenarios, while decreasing high-frequency access latency by at least 15%. This study provides a lightweight solution for zero-trust access control in dynamic environments.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"162 ","pages":"Article 104799"},"PeriodicalIF":5.4,"publicationDate":"2025-12-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145738724","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0