Pub Date : 2024-07-06DOI: 10.1016/j.cose.2024.103985
Yusuf Mothanna , Wael ElMedany , Mustafa Hammad , Riadh Ksantini , Mhd Saeed Sharif
The dependence on smart city applications has expanded in recent years. Consequently, the number of cyberattack attempts to exploit smart application vulnerabilities significantly increases. Therefore, improving smart application security during the software development process is mandatory to ensure sustainable smart cities. But the challenge is how to adopt security practices in the software development process. There are Several established and mature security testing frameworks exist that consider security requirements and testing during Several already established and mature security testing frameworks exist that consider security requirements and testing during Software Development Life Cycle (SDLC), but there is a unique challenges posed by smart city applications and the need for a comprehensive approach to address the evolving threat landscape in this context. This paper proposed a framework that adopts security testing practices in all phases of the software development process. The proposed framework identifies several security activities and steps that can be applied in each phase of the software development process.
{"title":"Adopting security practices in software development process: Security testing framework for sustainable smart cities","authors":"Yusuf Mothanna , Wael ElMedany , Mustafa Hammad , Riadh Ksantini , Mhd Saeed Sharif","doi":"10.1016/j.cose.2024.103985","DOIUrl":"https://doi.org/10.1016/j.cose.2024.103985","url":null,"abstract":"<div><p>The dependence on smart city applications has expanded in recent years. Consequently, the number of cyberattack attempts to exploit smart application vulnerabilities significantly increases. Therefore, improving smart application security during the software development process is mandatory to ensure sustainable smart cities. But the challenge is how to adopt security practices in the software development process. There are Several established and mature security testing frameworks exist that consider security requirements and testing during Several already established and mature security testing frameworks exist that consider security requirements and testing during Software Development Life Cycle (SDLC), but there is a unique challenges posed by smart city applications and the need for a comprehensive approach to address the evolving threat landscape in this context. This paper proposed a framework that adopts security testing practices in all phases of the software development process. The proposed framework identifies several security activities and steps that can be applied in each phase of the software development process.</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":null,"pages":null},"PeriodicalIF":4.8,"publicationDate":"2024-07-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S0167404824002906/pdfft?md5=125a77678cf799c7c791692f07657196&pid=1-s2.0-S0167404824002906-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141605375","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-07-06DOI: 10.1016/j.cose.2024.103989
In recent years, smart grid-based Electric Vehicle (EV) charging systems have increasingly faced vulnerabilities to Distributed Denial of Service (DDoS) attacks, especially through malicious authentication failures. These attacks typically involve monopolizing the Grid Server (GS), thereby hindering the authentication process for legitimate EVs. Despite the severity of this issue, no research (to the best of our knowledge) has focused on detecting DDoS attacks exploiting weaknesses in EV authentication. This study introduces a DDoS attack detection model specifically designed for EV authentication. The approach involves developing a machine learning model involving unique feature selection and combination. The proposed approach has been evaluated using a new DDOS attack dataset. The model is engineered to optimize feature combination, aiming for high sampling resolution, minimal information loss, and robust performance under 16 distinct attack scenarios. The feature combination used in this study shows improved accuracy over traditional DDoS detection methods based on access time variation while minimizing information loss.
{"title":"Detecting Distributed Denial-of-Service (DDoS) attacks that generate false authentications on Electric Vehicle (EV) charging infrastructure","authors":"","doi":"10.1016/j.cose.2024.103989","DOIUrl":"10.1016/j.cose.2024.103989","url":null,"abstract":"<div><p>In recent years, smart grid-based Electric Vehicle (EV) charging systems have increasingly faced vulnerabilities to Distributed Denial of Service (DDoS) attacks, especially through malicious authentication failures. These attacks typically involve monopolizing the Grid Server (GS), thereby hindering the authentication process for legitimate EVs. Despite the severity of this issue, no research (to the best of our knowledge) has focused on detecting DDoS attacks exploiting weaknesses in EV authentication. This study introduces a DDoS attack detection model specifically designed for EV authentication. The approach involves developing a machine learning model involving unique feature selection and combination. The proposed approach has been evaluated using a new DDOS attack dataset. The model is engineered to optimize feature combination, aiming for high sampling resolution, minimal information loss, and robust performance under 16 distinct attack scenarios. The feature combination used in this study shows improved accuracy over traditional DDoS detection methods based on access time variation while minimizing information loss.</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":null,"pages":null},"PeriodicalIF":4.8,"publicationDate":"2024-07-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S0167404824002943/pdfft?md5=2b0ff73e6c7df4772433733b7937cd0f&pid=1-s2.0-S0167404824002943-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141624012","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-07-06DOI: 10.1016/j.cose.2024.103983
While anonymization techniques have improved greatly in allowing data to be used again, it is still really hard to get useful information from anonymized data without risking people’s privacy. Conventional approaches such as k-Anonymity and Differential Privacy have limitations in preserving data utility and privacy simultaneously, particularly in high-dimensional spaces with manifold structures. We address this challenge by focusing on anonymizing data existing within high-dimensional spaces possessing manifold structures. To tackle these issues, we propose and implement a hybrid anonymization scheme termed as the (, , )-anonymization method that combines elements of both differential privacy and k-anonymity. This approach aims to produce high-quality anonymized data that closely resembles real data in terms of knowledge extraction while safeguarding privacy. The Fréchet mean, an operation applicable in metric spaces and meaningful in the manifold setting, serves as a key aspect of our approach. It provides insight into the geometry of data points within high-dimensional spaces. Our goal is to anonymize this Fréchet mean using our proposed approach and minimize the distance between the original and anonymized Fréchet mean to achieve data privacy without significant loss of information. Additionally, we introduce a novel Fréchet mean clustering model designed to enhance the clustering process for high-dimensional spaces. Through theoretical analysis and practical experiments, we demonstrate that our approach outperforms traditional privacy models both in terms of preserving data utility and privacy. This research contributes to advancing privacy-preserving techniques for complex and non-linear data structures, ensuring a balance between data utility and privacy protection.
虽然匿名技术在允许数据再次使用方面有了很大改进,但要从匿名数据中获取有用信息而又不危及个人隐私,仍然非常困难。k 匿名和差分隐私等传统方法在同时保护数据效用和隐私方面存在局限性,尤其是在具有流形结构的高维空间中。我们将重点放在对具有流形结构的高维空间中存在的数据进行匿名处理,从而应对这一挑战。为了解决这些问题,我们提出并实施了一种混合匿名方案,称为 (β, k, b)匿名方法,它结合了差分隐私和 k 匿名的元素。这种方法旨在生成高质量的匿名数据,在知识提取方面与真实数据非常相似,同时保护隐私。弗雷谢特均值是一种适用于度量空间的运算,在流形设置中意义重大,是我们方法的一个关键方面。它能让我们深入了解高维空间中数据点的几何形状。我们的目标是使用我们提出的方法对弗雷谢特均值进行匿名化,并最小化原始弗雷谢特均值与匿名化弗雷谢特均值之间的距离,从而在不丢失大量信息的情况下实现数据隐私。此外,我们还引入了一种新的弗雷谢特均值聚类模型,旨在增强高维空间的聚类过程。通过理论分析和实际实验,我们证明了我们的方法在保护数据效用和隐私方面都优于传统的隐私模型。这项研究有助于推进复杂和非线性数据结构的隐私保护技术,确保数据实用性和隐私保护之间的平衡。
{"title":"Privacy in manifolds: Combining k-anonymity with differential privacy on Fréchet means","authors":"","doi":"10.1016/j.cose.2024.103983","DOIUrl":"10.1016/j.cose.2024.103983","url":null,"abstract":"<div><p>While anonymization techniques have improved greatly in allowing data to be used again, it is still really hard to get useful information from anonymized data without risking people’s privacy. Conventional approaches such as k-Anonymity and Differential Privacy have limitations in preserving data utility and privacy simultaneously, particularly in high-dimensional spaces with manifold structures. We address this challenge by focusing on anonymizing data existing within high-dimensional spaces possessing manifold structures. To tackle these issues, we propose and implement a hybrid anonymization scheme termed as the (<span><math><mi>β</mi></math></span>, <span><math><mi>k</mi></math></span>, <span><math><mi>b</mi></math></span>)-anonymization method that combines elements of both differential privacy and k-anonymity. This approach aims to produce high-quality anonymized data that closely resembles real data in terms of knowledge extraction while safeguarding privacy. The Fréchet mean, an operation applicable in metric spaces and meaningful in the manifold setting, serves as a key aspect of our approach. It provides insight into the geometry of data points within high-dimensional spaces. Our goal is to anonymize this Fréchet mean using our proposed approach and minimize the distance between the original and anonymized Fréchet mean to achieve data privacy without significant loss of information. Additionally, we introduce a novel Fréchet mean clustering model designed to enhance the clustering process for high-dimensional spaces. Through theoretical analysis and practical experiments, we demonstrate that our approach outperforms traditional privacy models both in terms of preserving data utility and privacy. This research contributes to advancing privacy-preserving techniques for complex and non-linear data structures, ensuring a balance between data utility and privacy protection.</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":null,"pages":null},"PeriodicalIF":4.8,"publicationDate":"2024-07-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S0167404824002888/pdfft?md5=a14f469316460402540287437b369b27&pid=1-s2.0-S0167404824002888-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141624013","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-07-06DOI: 10.1016/j.cose.2024.103987
Zigang Chen , Zhen Wang , Yuening Zhou , Fan Liu , Yuhong Liu , Tao Leng , Haihua Zhu
Adversarial samples deceive machine learning models through small but elaborate modifications that lead to erroneous outputs. The severity of the adversarial sample problem has come to the forefront with the widespread use of machine learning in areas such as security systems, autonomous driving, speech recognition, finance, and medical diagnostics. Malicious attackers can use adversarial samples to circumvent security detection systems, interfere with autonomous driving perception, mislead speech recognition, defraud financial systems, and even cause medical diagnosis errors. The emergence of adversarial samples exposes the vulnerability of existing models and poses challenges for information tracing and forensics after the incident. The main goal of current adversarial sample restoration methods is to improve model robustness. Traditional approaches focus only on improving the model’s classification accuracy, ignoring the importance of adversarial information, which is crucial for understanding the attack mechanism and strengthening future defenses. To address this issue, we propose an adversarial sample restoration method based on the similarity between clean and adversarial sample blocks to balance the needs of adversarial forensics and recognition accuracy. We implement the Fast Gradient Sign Method (FGSM), Basic Iterative Method (BIM), and Momentum Iterative Attack (MIA) attacks on MNIST, F-MNIST, and EMNIST datasets and perform experimental validation. The results demonstrate that our restoration method significantly enhances the model’s classification accuracy across various datasets and attack scenarios. Comparative analysis shows that the restored samples maintain a high similarity with the original adversarial samples, proving the method’s effectiveness. In addition, we performed performance tests on pre- and post-recovery samples. Taking the MNIST dataset as an example, we observed that the model performance metrics, such as MAPE, MAE, RMSE, and VAPE, of the restored samples improved by 88%, 88%, 65%, and 82%, respectively, after using the FGSM attack. This indicates that our restoration method successfully preserves the information of the generation mechanism of the adversarial samples and improves the model’s performance. This approach balances forensic capability and prediction accuracy, demonstrates a new direction in adversarial sample research, and substantially impacts security defense in practical applications.
{"title":"A method for recovering adversarial samples with both adversarial attack forensics and recognition accuracy","authors":"Zigang Chen , Zhen Wang , Yuening Zhou , Fan Liu , Yuhong Liu , Tao Leng , Haihua Zhu","doi":"10.1016/j.cose.2024.103987","DOIUrl":"https://doi.org/10.1016/j.cose.2024.103987","url":null,"abstract":"<div><p>Adversarial samples deceive machine learning models through small but elaborate modifications that lead to erroneous outputs. The severity of the adversarial sample problem has come to the forefront with the widespread use of machine learning in areas such as security systems, autonomous driving, speech recognition, finance, and medical diagnostics. Malicious attackers can use adversarial samples to circumvent security detection systems, interfere with autonomous driving perception, mislead speech recognition, defraud financial systems, and even cause medical diagnosis errors. The emergence of adversarial samples exposes the vulnerability of existing models and poses challenges for information tracing and forensics after the incident. The main goal of current adversarial sample restoration methods is to improve model robustness. Traditional approaches focus only on improving the model’s classification accuracy, ignoring the importance of adversarial information, which is crucial for understanding the attack mechanism and strengthening future defenses. To address this issue, we propose an adversarial sample restoration method based on the similarity between clean and adversarial sample blocks to balance the needs of adversarial forensics and recognition accuracy. We implement the Fast Gradient Sign Method (FGSM), Basic Iterative Method (BIM), and Momentum Iterative Attack (MIA) attacks on MNIST, F-MNIST, and EMNIST datasets and perform experimental validation. The results demonstrate that our restoration method significantly enhances the model’s classification accuracy across various datasets and attack scenarios. Comparative analysis shows that the restored samples maintain a high similarity with the original adversarial samples, proving the method’s effectiveness. In addition, we performed performance tests on pre- and post-recovery samples. Taking the MNIST dataset as an example, we observed that the model performance metrics, such as MAPE, MAE, RMSE, and VAPE, of the restored samples improved by 88%, 88%, 65%, and 82%, respectively, after using the FGSM attack. This indicates that our restoration method successfully preserves the information of the generation mechanism of the adversarial samples and improves the model’s performance. This approach balances forensic capability and prediction accuracy, demonstrates a new direction in adversarial sample research, and substantially impacts security defense in practical applications.</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":null,"pages":null},"PeriodicalIF":4.8,"publicationDate":"2024-07-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141605376","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-07-05DOI: 10.1016/j.cose.2024.103984
The increasing usage of Internet of Things (IoT) devices has created a need for secure and efficient solutions to protect sensitive data from unauthorized access. However, the complicated and massive structure of IoT systems poses various security risks and challenges, especially in dynamic scenarios with high signaling overhead caused by subscriber mobility. So, in this paper, a Fuzzy-based Lightweight Authentication and Management of Encryption approach called ‘FLAME’ is proposed to solve the decentralized lightweight group key management problem by measuring the degree of security using fuzzy logic (FL) based on various factors like device and user behavior, network conditions, and resource availability. For effective key-based authentication, adopted an Artificial Lizard Search Optimization (ALSO) based RSA (Rivest, Shamir, Adleman) algorithm that generates private and public keys based on security evaluation outcome. The publishers and subscribers obtain encryption keys from the group key manager based on their security level, and dissemination is optimized by the ALSO algorithm. By leveraging the FL and ALSO based RSA algorithm, the system offers secure communication with limited utilization and protects confidential data in IoT environments. According to the analysis, results signify that the FLAME approach has a faster key generation, dissemination, and revocation time compared to existing approaches, along with reduced overhead during key management operations, and increased attack detection capacity of 98.7 %.
随着物联网(IoT)设备的使用日益增多,人们需要安全高效的解决方案来保护敏感数据免遭未经授权的访问。然而,物联网系统复杂而庞大的结构带来了各种安全风险和挑战,尤其是在动态场景中,由于用户的移动性,信令开销很大。因此,本文提出了一种名为 "FLAME "的基于模糊的轻量级认证和加密管理方法,根据设备和用户行为、网络条件和资源可用性等各种因素,利用模糊逻辑(FL)衡量安全程度,从而解决分散式轻量级群组密钥管理问题。为实现有效的基于密钥的身份验证,采用了基于 RSA(Rivest、Shamir、Adleman)算法的人工蜥蜴搜索优化(ALSO),根据安全评估结果生成私钥和公钥。发布者和订阅者根据其安全等级从群组密钥管理器获取加密密钥,并通过 ALSO 算法优化传播。通过利用基于 FL 和 ALSO 的 RSA 算法,该系统在有限的利用率下提供了安全通信,并保护了物联网环境中的机密数据。分析结果表明,与现有方法相比,FLAME 方法具有更快的密钥生成、传播和撤销时间,同时减少了密钥管理操作过程中的开销,并将攻击检测能力提高了 98.7%。
{"title":"Advancing IoT security with flame: A hybrid approach combining fuzzy logic and artificial lizard search optimization","authors":"","doi":"10.1016/j.cose.2024.103984","DOIUrl":"10.1016/j.cose.2024.103984","url":null,"abstract":"<div><p>The increasing usage of Internet of Things (IoT) devices has created a need for secure and efficient solutions to protect sensitive data from unauthorized access. However, the complicated and massive structure of IoT systems poses various security risks and challenges, especially in dynamic scenarios with high signaling overhead caused by subscriber mobility. So, in this paper, a Fuzzy-based Lightweight Authentication and Management of Encryption approach called ‘FLAME’ is proposed to solve the decentralized lightweight group key management problem by measuring the degree of security using fuzzy logic (FL) based on various factors like device and user behavior, network conditions, and resource availability. For effective key-based authentication, adopted an Artificial Lizard Search Optimization (ALSO) based RSA (Rivest, Shamir, Adleman) algorithm that generates private and public keys based on security evaluation outcome. The publishers and subscribers obtain encryption keys from the group key manager based on their security level, and dissemination is optimized by the ALSO algorithm. By leveraging the FL and ALSO based RSA algorithm, the system offers secure communication with limited utilization and protects confidential data in IoT environments. According to the analysis, results signify that the FLAME approach has a faster key generation, dissemination, and revocation time compared to existing approaches, along with reduced overhead during key management operations, and increased attack detection capacity of 98.7 %.</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":null,"pages":null},"PeriodicalIF":4.8,"publicationDate":"2024-07-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141707813","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-07-05DOI: 10.1016/j.cose.2024.103981
Xiaohui Li , Xiang Yang , Yizhao Huang , Yue Chen
Topology inference driven by non-collaborative or incomplete prior knowledge is widely used in pivotal target network sieving and completion. However, perceivable topology also allows attackers to identify the fragile bottlenecks and perform efficacious attacks that are difficult to defend against by injecting indistinguishable low-volume attacks. Most existing countermeasures are proposed to obfuscate network data or set up honeypots with adversarial examples. However, there are two challenges when adding perturbations to live network links or nodes. Firstly, the perturbations imposed on the network cannot be conveniently projected to the original network with poor scalability. Secondly, applying significant changes to network information is laborious and impractical. In short, making a good trade-off between concealment and complexity is challenging. To address the above issues, we propose a fraudulent proactive defending tactic, namely HBB-TSP, to protect live network privacy by combating attacks of temporal network inference. Specifically, to penetrate the critical network structures, HBB-TSP first brings in the Statistical Validation of Hypergraph (SVH) method to identify the pivotal connection information of the network and extract the deep backbone structure. Then, the Temporal Simple Decomposition Weighting (TSDW) strategy is introduced, which can predict the backbone network with evolution rules and add highly obfuscated features at a minimized overhead. Finally, a discriminator with multiple centrality models is used to evaluate the deceptiveness and, in turn, affect the TSDW prediction. The entire process ensures the consistency and robustness of network changes while ensuring effective adversarial resistance. Experimental results on two scale real-world datasets demonstrate the effectiveness and generalization of adversarial perturbations. In particular, it is encouraging that our proposed defending scheme outperforms the advanced countermeasures. It ensures the realization of a deceptive obfuscated network at minimum overhead and is suitable for widespread deployment in scenarios of different scales.
{"title":"Combating temporal composition inference by high-order camouflaged network topology obfuscation","authors":"Xiaohui Li , Xiang Yang , Yizhao Huang , Yue Chen","doi":"10.1016/j.cose.2024.103981","DOIUrl":"https://doi.org/10.1016/j.cose.2024.103981","url":null,"abstract":"<div><p>Topology inference driven by non-collaborative or incomplete prior knowledge is widely used in pivotal target network sieving and completion. However, perceivable topology also allows attackers to identify the fragile bottlenecks and perform efficacious attacks that are difficult to defend against by injecting indistinguishable low-volume attacks. Most existing countermeasures are proposed to obfuscate network data or set up honeypots with adversarial examples. However, there are two challenges when adding perturbations to live network links or nodes. Firstly, the perturbations imposed on the network cannot be conveniently projected to the original network with poor scalability. Secondly, applying significant changes to network information is laborious and impractical. In short, making a good trade-off between concealment and complexity is challenging. To address the above issues, we propose a fraudulent proactive defending tactic, namely <em>HBB-TSP</em>, to protect live network privacy by combating attacks of temporal network inference. Specifically, to penetrate the critical network structures, <em>HBB-TSP</em> first brings in the Statistical Validation of Hypergraph (SVH) method to identify the pivotal connection information of the network and extract the deep backbone structure. Then, the Temporal Simple Decomposition Weighting (TSDW) strategy is introduced, which can predict the backbone network with evolution rules and add highly obfuscated features at a minimized overhead. Finally, a discriminator with multiple centrality models is used to evaluate the deceptiveness and, in turn, affect the TSDW prediction. The entire process ensures the consistency and robustness of network changes while ensuring effective adversarial resistance. Experimental results on two scale real-world datasets demonstrate the effectiveness and generalization of adversarial perturbations. In particular, it is encouraging that our proposed defending scheme outperforms the advanced countermeasures. It ensures the realization of a deceptive obfuscated network at minimum overhead and is suitable for widespread deployment in scenarios of different scales.</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":null,"pages":null},"PeriodicalIF":4.8,"publicationDate":"2024-07-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141593804","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-07-04DOI: 10.1016/j.cose.2024.103980
Qiuyun Lyu , Huihui Xie , Wei Wang , Yanyu Cheng , Yongqun Chen , Zhen Wang
Few-shot website fingerprinting (WF) attacks aim to infer which website a user browsed through anonymity networks, such as Tor, using limited labeled traces. Recent methods either adopt complex metric strategies or perform time-consuming transfer learning, neither of which yields the most efficient performance in dynamic network environments. In this paper, we introduce a novel Task-adaptive Feature Alignment Network (TFAN) following the meta-learning paradigm. TFAN regards the few-shot WF attack as a feature alignment problem in class latent space, aiming to depict each location in the query feature map as a weighted sum of support features of a given class. Ridge regression provides a closed-form solution without extra parameters or techniques, ensuring high computational efficiency. Moreover, we also propose a Task-adaptive Modulation Unit (TMU), which activates the differences between support prototypes to generate task-level channel weights, making channels with significant discriminative details for each task contribute more to alignment. Extensive experiments on public Tor datasets demonstrate the superiority of TFAN in different scenarios. Notably, it is the only method that maintains over 90% accuracy in the 1-shot setting even 42 days later. Our code is available at https://github.com/Crybaby98/TFAN.
{"title":"TFAN: A Task-adaptive Feature Alignment Network for few-shot website fingerprinting attacks on Tor","authors":"Qiuyun Lyu , Huihui Xie , Wei Wang , Yanyu Cheng , Yongqun Chen , Zhen Wang","doi":"10.1016/j.cose.2024.103980","DOIUrl":"https://doi.org/10.1016/j.cose.2024.103980","url":null,"abstract":"<div><p>Few-shot website fingerprinting (WF) attacks aim to infer which website a user browsed through anonymity networks, such as Tor, using limited labeled traces. Recent methods either adopt complex metric strategies or perform time-consuming transfer learning, neither of which yields the most efficient performance in dynamic network environments. In this paper, we introduce a novel Task-adaptive Feature Alignment Network (TFAN) following the meta-learning paradigm. TFAN regards the few-shot WF attack as a feature alignment problem in class latent space, aiming to depict each location in the query feature map as a weighted sum of support features of a given class. Ridge regression provides a closed-form solution without extra parameters or techniques, ensuring high computational efficiency. Moreover, we also propose a Task-adaptive Modulation Unit (TMU), which activates the differences between support prototypes to generate task-level channel weights, making channels with significant discriminative details for each task contribute more to alignment. Extensive experiments on public Tor datasets demonstrate the superiority of TFAN in different scenarios. Notably, it is the only method that maintains over 90% accuracy in the 1-shot setting even 42 days later. Our code is available at <span>https://github.com/Crybaby98/TFAN</span><svg><path></path></svg>.</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":null,"pages":null},"PeriodicalIF":4.8,"publicationDate":"2024-07-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141594784","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-07-04DOI: 10.1016/j.cose.2024.103976
Yibo Xie, Gaopeng Gou, Gang Xiong, Zhen Li, Wei Xia
Domain fronting, a typical network covert channel, hides malicious information inside encrypted network connections, which are usually established with cloud-hosted domain names. Due to these domain names such as microsoft.com with high reputation, domain fronting realizes the imitation of normal network connections naturally. At present, the common way for domain fronting detection is using imitation flaws to distinguish it from normal network connections. Unlike existing approaches using packet-level flaws, in the paper, we propose DomEye, a novel method using flow-level flaws to detect domain fronting. The DomEye detector exploits a flow-level imitation flaw that domain fronting connections usually exhibit different throughput than normal connections, for example, meek, a domain fronting-based tool for covert darknet access, only reaches a throughput about 10.7 KB at the 50th packet, significantly less than file, image and other normal network requests. According to the imitation flaw, we extract statistical features of throughput fluctuation and feed them into machine learning algorithms to train DomEye detector. Experiments on real-world network traffic prove that DomEye can accurately identify three kinds of domain fronting-based tools with lower false positive rate and lesser computation overhead than the state-of-the-art methods. In conclusion, we propose a superior method for domain fronting detection based on the throughput imitation flaw. As this flaw is at the flow level, we hope more attention could be paid to mining flow-level flaws in the future.
{"title":"DomEye: Detecting network covert channel of domain fronting with throughput fluctuation","authors":"Yibo Xie, Gaopeng Gou, Gang Xiong, Zhen Li, Wei Xia","doi":"10.1016/j.cose.2024.103976","DOIUrl":"https://doi.org/10.1016/j.cose.2024.103976","url":null,"abstract":"<div><p>Domain fronting, a typical network covert channel, hides malicious information inside encrypted network connections, which are usually established with cloud-hosted domain names. Due to these domain names such as <em>microsoft.com</em> with high reputation, domain fronting realizes the imitation of normal network connections naturally. At present, the common way for domain fronting detection is using imitation flaws to distinguish it from normal network connections. Unlike existing approaches using packet-level flaws, in the paper, we propose DomEye, a novel method using flow-level flaws to detect domain fronting. The DomEye detector exploits a flow-level imitation flaw that domain fronting connections usually exhibit different throughput than normal connections, for example, <em>meek</em>, a domain fronting-based tool for covert darknet access, only reaches a throughput about 10.7 KB at the 50th packet, significantly less than file, image and other normal network requests. According to the imitation flaw, we extract statistical features of throughput fluctuation and feed them into machine learning algorithms to train DomEye detector. Experiments on real-world network traffic prove that DomEye can accurately identify three kinds of domain fronting-based tools with lower false positive rate and lesser computation overhead than the state-of-the-art methods. In conclusion, we propose a superior method for domain fronting detection based on the throughput imitation flaw. As this flaw is at the flow level, we hope more attention could be paid to mining flow-level flaws in the future.</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":null,"pages":null},"PeriodicalIF":4.8,"publicationDate":"2024-07-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141605374","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-07-04DOI: 10.1016/j.cose.2024.103982
Yasir Ali Farrukh , Syed Wali , Irfan Khan , Nathaniel D. Bastian
The ever-evolving landscape of network security is continually molded by the dynamic evolution of attack vectors and the relentless emergence of new, highly sophisticated attacks. Attackers consistently employ increasingly advanced techniques, rendering their actions elusive and formidable. In response to this ever-growing threat, the demand for intelligent and autonomous security systems has reached paramount importance. In this paper, we introduce AIS-NIDS (An Intelligent and Self-Sustaining Network Intrusion Detection System), an innovative network intrusion detection system (NIDS) that delves into the realm of packet-level analysis. By doing so, AIS-NIDS is capable of identifying threats with intricate payload-level details, a level of granularity that traditional NIDS relying solely on flow-level data may overlook. The defining feature of AIS-NIDS is its dual functionality, driven by autonomous and intelligent learning. It not only autonomously distinguishes between benign and unknown attacks using machine learning models but also conducts incremental learning, adapting to new attack classes. In essence, AIS-NIDS bridges the gap between traditional NIDS and the next generation of intelligent systems, endowing the system with the capacity for independent decision-making and real-time adaptability in the face of evolving threats. Our extensive experiments stand as a testament to AIS-NIDS’ ability to efficiently manage and identify new attack classes, thus establishing it as a valuable asset in the reinforcement of network infrastructures. Through our experimentation, we have demonstrated the practical efficacy of the proposed approach by simulating a real-world scenario in which certain attack classes are unknown. AIS-NIDS not only effectively identified these unknown threats but also autonomously learned to recognize them as it encountered them, enhancing the system’s capabilities for future encounters with these threats.
{"title":"AIS-NIDS: An intelligent and self-sustaining network intrusion detection system","authors":"Yasir Ali Farrukh , Syed Wali , Irfan Khan , Nathaniel D. Bastian","doi":"10.1016/j.cose.2024.103982","DOIUrl":"https://doi.org/10.1016/j.cose.2024.103982","url":null,"abstract":"<div><p>The ever-evolving landscape of network security is continually molded by the dynamic evolution of attack vectors and the relentless emergence of new, highly sophisticated attacks. Attackers consistently employ increasingly advanced techniques, rendering their actions elusive and formidable. In response to this ever-growing threat, the demand for intelligent and autonomous security systems has reached paramount importance. In this paper, we introduce AIS-NIDS (An Intelligent and Self-Sustaining Network Intrusion Detection System), an innovative network intrusion detection system (NIDS) that delves into the realm of packet-level analysis. By doing so, AIS-NIDS is capable of identifying threats with intricate payload-level details, a level of granularity that traditional NIDS relying solely on flow-level data may overlook. The defining feature of AIS-NIDS is its dual functionality, driven by autonomous and intelligent learning. It not only autonomously distinguishes between benign and unknown attacks using machine learning models but also conducts incremental learning, adapting to new attack classes. In essence, AIS-NIDS bridges the gap between traditional NIDS and the next generation of intelligent systems, endowing the system with the capacity for independent decision-making and real-time adaptability in the face of evolving threats. Our extensive experiments stand as a testament to AIS-NIDS’ ability to efficiently manage and identify new attack classes, thus establishing it as a valuable asset in the reinforcement of network infrastructures. Through our experimentation, we have demonstrated the practical efficacy of the proposed approach by simulating a real-world scenario in which certain attack classes are unknown. AIS-NIDS not only effectively identified these unknown threats but also autonomously learned to recognize them as it encountered them, enhancing the system’s capabilities for future encounters with these threats.</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":null,"pages":null},"PeriodicalIF":4.8,"publicationDate":"2024-07-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141593803","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Cloud services have attracted numerous enterprises, organizations, and individual users due to their exceptional computing power and almost limitless storage capacity. A vast amount of business data and private data are continuously uploaded to the cloud platform, driven by a series of attractive services offered by the cloud. Unfortunately, once data is uploaded to the cloud, its owner has no way of ensuring that it is actually deleted as intended. This obviously increases the concerns of data owners about the security of their data, because it is related to the privacy of users. Therefore, there must be a reliable solution to prove that data is deleted as requested by users, to prevent data leakage or abuse. In existing data deletion schemes, most are designed based on cryptographic knowledge rather than erasure or overwrite techniques, in order not to cause incalculable damage to the storage medium. However, most cryptographic-based data deletion schemes, particularly attribute-based encryption, involve numerous complex bilinear mapping operations, which are expensive for most devices. To address this issue, the paper proposes an Efficient and Verifiable Scheme for Secure Data Deletion (EVSD). Firstly, Elliptic Curve Cryptography (ECC) is introduced to achieve efficient encryption of data. Then, leveraging Linear Secret Sharing Scheme (LSSS), fine-grained data deletion policies supporting logical operations are implemented. Finally, the deletion of the data is efficiently verified using the root of the Merkle Hash Tree (MHT) generated by the defined illegal and legal attributes, while the deletion proof is also generated. Satisfactorily, security analysis shows that the EVSD scheme is much more advantageous compared to existing schemes, and a trait likewise is also observed in the performance evaluation.
{"title":"Empowering Data Owners: An Efficient and Verifiable Scheme for Secure Data Deletion","authors":"Zhenwu Xu , Xingshu Chen , Xiao Lan , Rui Tang , Shuyu Jiang , Changxiang Shen","doi":"10.1016/j.cose.2024.103978","DOIUrl":"https://doi.org/10.1016/j.cose.2024.103978","url":null,"abstract":"<div><p>Cloud services have attracted numerous enterprises, organizations, and individual users due to their exceptional computing power and almost limitless storage capacity. A vast amount of business data and private data are continuously uploaded to the cloud platform, driven by a series of attractive services offered by the cloud. Unfortunately, once data is uploaded to the cloud, its owner has no way of ensuring that it is actually deleted as intended. This obviously increases the concerns of data owners about the security of their data, because it is related to the privacy of users. Therefore, there must be a reliable solution to prove that data is deleted as requested by users, to prevent data leakage or abuse. In existing data deletion schemes, most are designed based on cryptographic knowledge rather than erasure or overwrite techniques, in order not to cause incalculable damage to the storage medium. However, most cryptographic-based data deletion schemes, particularly attribute-based encryption, involve numerous complex bilinear mapping operations, which are expensive for most devices. To address this issue, the paper proposes an Efficient and Verifiable Scheme for Secure Data Deletion (EVSD). Firstly, Elliptic Curve Cryptography (ECC) is introduced to achieve efficient encryption of data. Then, leveraging Linear Secret Sharing Scheme (LSSS), fine-grained data deletion policies supporting logical operations are implemented. Finally, the deletion of the data is efficiently verified using the root of the Merkle Hash Tree (MHT) generated by the defined illegal and legal attributes, while the deletion proof is also generated. Satisfactorily, security analysis shows that the EVSD scheme is much more advantageous compared to existing schemes, and a trait likewise is also observed in the performance evaluation.</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":null,"pages":null},"PeriodicalIF":4.8,"publicationDate":"2024-07-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141594785","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}