Computers & Security最新文献

The dependence on smart city applications has expanded in recent years. Consequently, the number of cyberattack attempts to exploit smart application vulnerabilities significantly increases. Therefore, improving smart application security during the software development process is mandatory to ensure sustainable smart cities. But the challenge is how to adopt security practices in the software development process. There are Several established and mature security testing frameworks exist that consider security requirements and testing during Several already established and mature security testing frameworks exist that consider security requirements and testing during Software Development Life Cycle (SDLC), but there is a unique challenges posed by smart city applications and the need for a comprehensive approach to address the evolving threat landscape in this context. This paper proposed a framework that adopts security testing practices in all phases of the software development process. The proposed framework identifies several security activities and steps that can be applied in each phase of the software development process.

In recent years, smart grid-based Electric Vehicle (EV) charging systems have increasingly faced vulnerabilities to Distributed Denial of Service (DDoS) attacks, especially through malicious authentication failures. These attacks typically involve monopolizing the Grid Server (GS), thereby hindering the authentication process for legitimate EVs. Despite the severity of this issue, no research (to the best of our knowledge) has focused on detecting DDoS attacks exploiting weaknesses in EV authentication. This study introduces a DDoS attack detection model specifically designed for EV authentication. The approach involves developing a machine learning model involving unique feature selection and combination. The proposed approach has been evaluated using a new DDOS attack dataset. The model is engineered to optimize feature combination, aiming for high sampling resolution, minimal information loss, and robust performance under 16 distinct attack scenarios. The feature combination used in this study shows improved accuracy over traditional DDoS detection methods based on access time variation while minimizing information loss.

While anonymization techniques have improved greatly in allowing data to be used again, it is still really hard to get useful information from anonymized data without risking people’s privacy. Conventional approaches such as k-Anonymity and Differential Privacy have limitations in preserving data utility and privacy simultaneously, particularly in high-dimensional spaces with manifold structures. We address this challenge by focusing on anonymizing data existing within high-dimensional spaces possessing manifold structures. To tackle these issues, we propose and implement a hybrid anonymization scheme termed as the ($\beta$, $k$, $b$)-anonymization method that combines elements of both differential privacy and k-anonymity. This approach aims to produce high-quality anonymized data that closely resembles real data in terms of knowledge extraction while safeguarding privacy. The Fréchet mean, an operation applicable in metric spaces and meaningful in the manifold setting, serves as a key aspect of our approach. It provides insight into the geometry of data points within high-dimensional spaces. Our goal is to anonymize this Fréchet mean using our proposed approach and minimize the distance between the original and anonymized Fréchet mean to achieve data privacy without significant loss of information. Additionally, we introduce a novel Fréchet mean clustering model designed to enhance the clustering process for high-dimensional spaces. Through theoretical analysis and practical experiments, we demonstrate that our approach outperforms traditional privacy models both in terms of preserving data utility and privacy. This research contributes to advancing privacy-preserving techniques for complex and non-linear data structures, ensuring a balance between data utility and privacy protection.

Adversarial samples deceive machine learning models through small but elaborate modifications that lead to erroneous outputs. The severity of the adversarial sample problem has come to the forefront with the widespread use of machine learning in areas such as security systems, autonomous driving, speech recognition, finance, and medical diagnostics. Malicious attackers can use adversarial samples to circumvent security detection systems, interfere with autonomous driving perception, mislead speech recognition, defraud financial systems, and even cause medical diagnosis errors. The emergence of adversarial samples exposes the vulnerability of existing models and poses challenges for information tracing and forensics after the incident. The main goal of current adversarial sample restoration methods is to improve model robustness. Traditional approaches focus only on improving the model’s classification accuracy, ignoring the importance of adversarial information, which is crucial for understanding the attack mechanism and strengthening future defenses. To address this issue, we propose an adversarial sample restoration method based on the similarity between clean and adversarial sample blocks to balance the needs of adversarial forensics and recognition accuracy. We implement the Fast Gradient Sign Method (FGSM), Basic Iterative Method (BIM), and Momentum Iterative Attack (MIA) attacks on MNIST, F-MNIST, and EMNIST datasets and perform experimental validation. The results demonstrate that our restoration method significantly enhances the model’s classification accuracy across various datasets and attack scenarios. Comparative analysis shows that the restored samples maintain a high similarity with the original adversarial samples, proving the method’s effectiveness. In addition, we performed performance tests on pre- and post-recovery samples. Taking the MNIST dataset as an example, we observed that the model performance metrics, such as MAPE, MAE, RMSE, and VAPE, of the restored samples improved by 88%, 88%, 65%, and 82%, respectively, after using the FGSM attack. This indicates that our restoration method successfully preserves the information of the generation mechanism of the adversarial samples and improves the model’s performance. This approach balances forensic capability and prediction accuracy, demonstrates a new direction in adversarial sample research, and substantially impacts security defense in practical applications.

The increasing usage of Internet of Things (IoT) devices has created a need for secure and efficient solutions to protect sensitive data from unauthorized access. However, the complicated and massive structure of IoT systems poses various security risks and challenges, especially in dynamic scenarios with high signaling overhead caused by subscriber mobility. So, in this paper, a Fuzzy-based Lightweight Authentication and Management of Encryption approach called ‘FLAME’ is proposed to solve the decentralized lightweight group key management problem by measuring the degree of security using fuzzy logic (FL) based on various factors like device and user behavior, network conditions, and resource availability. For effective key-based authentication, adopted an Artificial Lizard Search Optimization (ALSO) based RSA (Rivest, Shamir, Adleman) algorithm that generates private and public keys based on security evaluation outcome. The publishers and subscribers obtain encryption keys from the group key manager based on their security level, and dissemination is optimized by the ALSO algorithm. By leveraging the FL and ALSO based RSA algorithm, the system offers secure communication with limited utilization and protects confidential data in IoT environments. According to the analysis, results signify that the FLAME approach has a faster key generation, dissemination, and revocation time compared to existing approaches, along with reduced overhead during key management operations, and increased attack detection capacity of 98.7 %.

Topology inference driven by non-collaborative or incomplete prior knowledge is widely used in pivotal target network sieving and completion. However, perceivable topology also allows attackers to identify the fragile bottlenecks and perform efficacious attacks that are difficult to defend against by injecting indistinguishable low-volume attacks. Most existing countermeasures are proposed to obfuscate network data or set up honeypots with adversarial examples. However, there are two challenges when adding perturbations to live network links or nodes. Firstly, the perturbations imposed on the network cannot be conveniently projected to the original network with poor scalability. Secondly, applying significant changes to network information is laborious and impractical. In short, making a good trade-off between concealment and complexity is challenging. To address the above issues, we propose a fraudulent proactive defending tactic, namely HBB-TSP, to protect live network privacy by combating attacks of temporal network inference. Specifically, to penetrate the critical network structures, HBB-TSP first brings in the Statistical Validation of Hypergraph (SVH) method to identify the pivotal connection information of the network and extract the deep backbone structure. Then, the Temporal Simple Decomposition Weighting (TSDW) strategy is introduced, which can predict the backbone network with evolution rules and add highly obfuscated features at a minimized overhead. Finally, a discriminator with multiple centrality models is used to evaluate the deceptiveness and, in turn, affect the TSDW prediction. The entire process ensures the consistency and robustness of network changes while ensuring effective adversarial resistance. Experimental results on two scale real-world datasets demonstrate the effectiveness and generalization of adversarial perturbations. In particular, it is encouraging that our proposed defending scheme outperforms the advanced countermeasures. It ensures the realization of a deceptive obfuscated network at minimum overhead and is suitable for widespread deployment in scenarios of different scales.

Few-shot website fingerprinting (WF) attacks aim to infer which website a user browsed through anonymity networks, such as Tor, using limited labeled traces. Recent methods either adopt complex metric strategies or perform time-consuming transfer learning, neither of which yields the most efficient performance in dynamic network environments. In this paper, we introduce a novel Task-adaptive Feature Alignment Network (TFAN) following the meta-learning paradigm. TFAN regards the few-shot WF attack as a feature alignment problem in class latent space, aiming to depict each location in the query feature map as a weighted sum of support features of a given class. Ridge regression provides a closed-form solution without extra parameters or techniques, ensuring high computational efficiency. Moreover, we also propose a Task-adaptive Modulation Unit (TMU), which activates the differences between support prototypes to generate task-level channel weights, making channels with significant discriminative details for each task contribute more to alignment. Extensive experiments on public Tor datasets demonstrate the superiority of TFAN in different scenarios. Notably, it is the only method that maintains over 90% accuracy in the 1-shot setting even 42 days later. Our code is available at https://github.com/Crybaby98/TFAN.

Domain fronting, a typical network covert channel, hides malicious information inside encrypted network connections, which are usually established with cloud-hosted domain names. Due to these domain names such as microsoft.com with high reputation, domain fronting realizes the imitation of normal network connections naturally. At present, the common way for domain fronting detection is using imitation flaws to distinguish it from normal network connections. Unlike existing approaches using packet-level flaws, in the paper, we propose DomEye, a novel method using flow-level flaws to detect domain fronting. The DomEye detector exploits a flow-level imitation flaw that domain fronting connections usually exhibit different throughput than normal connections, for example, meek, a domain fronting-based tool for covert darknet access, only reaches a throughput about 10.7 KB at the 50th packet, significantly less than file, image and other normal network requests. According to the imitation flaw, we extract statistical features of throughput fluctuation and feed them into machine learning algorithms to train DomEye detector. Experiments on real-world network traffic prove that DomEye can accurately identify three kinds of domain fronting-based tools with lower false positive rate and lesser computation overhead than the state-of-the-art methods. In conclusion, we propose a superior method for domain fronting detection based on the throughput imitation flaw. As this flaw is at the flow level, we hope more attention could be paid to mining flow-level flaws in the future.

The ever-evolving landscape of network security is continually molded by the dynamic evolution of attack vectors and the relentless emergence of new, highly sophisticated attacks. Attackers consistently employ increasingly advanced techniques, rendering their actions elusive and formidable. In response to this ever-growing threat, the demand for intelligent and autonomous security systems has reached paramount importance. In this paper, we introduce AIS-NIDS (An Intelligent and Self-Sustaining Network Intrusion Detection System), an innovative network intrusion detection system (NIDS) that delves into the realm of packet-level analysis. By doing so, AIS-NIDS is capable of identifying threats with intricate payload-level details, a level of granularity that traditional NIDS relying solely on flow-level data may overlook. The defining feature of AIS-NIDS is its dual functionality, driven by autonomous and intelligent learning. It not only autonomously distinguishes between benign and unknown attacks using machine learning models but also conducts incremental learning, adapting to new attack classes. In essence, AIS-NIDS bridges the gap between traditional NIDS and the next generation of intelligent systems, endowing the system with the capacity for independent decision-making and real-time adaptability in the face of evolving threats. Our extensive experiments stand as a testament to AIS-NIDS’ ability to efficiently manage and identify new attack classes, thus establishing it as a valuable asset in the reinforcement of network infrastructures. Through our experimentation, we have demonstrated the practical efficacy of the proposed approach by simulating a real-world scenario in which certain attack classes are unknown. AIS-NIDS not only effectively identified these unknown threats but also autonomously learned to recognize them as it encountered them, enhancing the system’s capabilities for future encounters with these threats.

Cloud services have attracted numerous enterprises, organizations, and individual users due to their exceptional computing power and almost limitless storage capacity. A vast amount of business data and private data are continuously uploaded to the cloud platform, driven by a series of attractive services offered by the cloud. Unfortunately, once data is uploaded to the cloud, its owner has no way of ensuring that it is actually deleted as intended. This obviously increases the concerns of data owners about the security of their data, because it is related to the privacy of users. Therefore, there must be a reliable solution to prove that data is deleted as requested by users, to prevent data leakage or abuse. In existing data deletion schemes, most are designed based on cryptographic knowledge rather than erasure or overwrite techniques, in order not to cause incalculable damage to the storage medium. However, most cryptographic-based data deletion schemes, particularly attribute-based encryption, involve numerous complex bilinear mapping operations, which are expensive for most devices. To address this issue, the paper proposes an Efficient and Verifiable Scheme for Secure Data Deletion (EVSD). Firstly, Elliptic Curve Cryptography (ECC) is introduced to achieve efficient encryption of data. Then, leveraging Linear Secret Sharing Scheme (LSSS), fine-grained data deletion policies supporting logical operations are implemented. Finally, the deletion of the data is efficiently verified using the root of the Merkle Hash Tree (MHT) generated by the defined illegal and legal attributes, while the deletion proof is also generated. Satisfactorily, security analysis shows that the EVSD scheme is much more advantageous compared to existing schemes, and a trait likewise is also observed in the performance evaluation.