Pub Date : 2025-01-24DOI: 10.1016/j.cose.2025.104348
Kaidi Xu , Jia Yu , Wenjing Gao
Compressed sensing is widely used in various fields. Its reconstruction process is highly complex and time-consuming. For resource-constrained Internet of Things (IoT) devices, there are usually not enough computational and storage resources to handle it. The prevalent solution to this problem involves secure outsourcing the compressed sensing reconstruction task to the cloud. Nonetheless, existing privacy-preserving compressed sensing reconstruction protocols are primarily designed based on linear programming, but not applicable to other reconstruction methods. In these protocols, the computational cost on the user and the cloud is still high. To tackle these issues, we design a privacy-preserving compressed sensing reconstruction protocol specifically tailored for IoT applications. Different from existing works, our proposed protocol can be applicable to all reconstruction algorithms. It allows the cloud flexibly choose the appropriate signal reconstruction method. The proposed protocol directly encrypts the reconstruction problem. In the ciphertext state, the reconstruction problem is transformed into other forms of the problem for solving. We use a signal obfuscation method for encryption in the proposed protocol. The user no longer needs to perform matrix multiplication calculations for encryption, saving a lot of computational resources. Our proposed protocol not only ensures the client privacy by preventing data leakage to cloud but also effectively reduces computational complexity for both the user and the cloud. Finally, we theoretically analyze the correctness and security of the protocol and experimentally verify its feasibility.
{"title":"Towards privacy-preserving compressed sensing reconstruction in cloud","authors":"Kaidi Xu , Jia Yu , Wenjing Gao","doi":"10.1016/j.cose.2025.104348","DOIUrl":"10.1016/j.cose.2025.104348","url":null,"abstract":"<div><div>Compressed sensing is widely used in various fields. Its reconstruction process is highly complex and time-consuming. For resource-constrained Internet of Things (IoT) devices, there are usually not enough computational and storage resources to handle it. The prevalent solution to this problem involves secure outsourcing the compressed sensing reconstruction task to the cloud. Nonetheless, existing privacy-preserving compressed sensing reconstruction protocols are primarily designed based on linear programming, but not applicable to other reconstruction methods. In these protocols, the computational cost on the user and the cloud is still high. To tackle these issues, we design a privacy-preserving compressed sensing reconstruction protocol specifically tailored for IoT applications. Different from existing works, our proposed protocol can be applicable to all reconstruction algorithms. It allows the cloud flexibly choose the appropriate signal reconstruction method. The proposed protocol directly encrypts the reconstruction problem. In the ciphertext state, the reconstruction problem is transformed into other forms of the problem for solving. We use a signal obfuscation method for encryption in the proposed protocol. The user no longer needs to perform matrix multiplication calculations for encryption, saving a lot of computational resources. Our proposed protocol not only ensures the client privacy by preventing data leakage to cloud but also effectively reduces computational complexity for both the user and the cloud. Finally, we theoretically analyze the correctness and security of the protocol and experimentally verify its feasibility.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"151 ","pages":"Article 104348"},"PeriodicalIF":4.8,"publicationDate":"2025-01-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143149529","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-01-24DOI: 10.1016/j.cose.2025.104342
Junho Jung , BeomSeok Kim , Heeseung Son , Daehee Jang , Ben Lee , Jinsung Cho
Bare-metal IoT devices, lacking memory management features such as virtual memory and Memory Management Units (MMUs), are increasingly vulnerable to memory corruption attacks like buffer overflow and Return-Oriented Programming (ROP). To address these challenges, this paper proposes the Segmented Stack Randomization (SSR) scheme, a novel approach that enhances security by randomly allocating stack space across multiple segments during function calls. Designed to operate without additional hardware, the proposed SSR is highly suitable for resource-constrained IoT environments, particularly those requiring predictable execution times for real-time applications. The proposed SSR involves Low Level Virtual Machine (LLVM)-based code instrumentation, enabling seamless integration into finalized firmware without introducing debugging complexities. A proof-of-concept implementation on an ARM Cortex-M4 platform demonstrated that SSR provides robust protection against stack-based attacks with minimal performance overhead, averaging ec per function call. Additionally, the proposed SSR offers tunable trade-offs between memory usage and randomization entropy, ensuring adaptability to various application requirements. These results highlight the proposed SSR as a practical and efficient security solution for safeguarding bare-metal IoT devices against evolving threats.
{"title":"A Segmented Stack Randomization for bare-metal IoT devices","authors":"Junho Jung , BeomSeok Kim , Heeseung Son , Daehee Jang , Ben Lee , Jinsung Cho","doi":"10.1016/j.cose.2025.104342","DOIUrl":"10.1016/j.cose.2025.104342","url":null,"abstract":"<div><div>Bare-metal IoT devices, lacking memory management features such as virtual memory and Memory Management Units (MMUs), are increasingly vulnerable to memory corruption attacks like buffer overflow and Return-Oriented Programming (ROP). To address these challenges, this paper proposes the Segmented Stack Randomization (SSR) scheme, a novel approach that enhances security by randomly allocating stack space across multiple segments during function calls. Designed to operate without additional hardware, the proposed SSR is highly suitable for resource-constrained IoT environments, particularly those requiring predictable execution times for real-time applications. The proposed SSR involves Low Level Virtual Machine (LLVM)-based code instrumentation, enabling seamless integration into finalized firmware without introducing debugging complexities. A proof-of-concept implementation on an ARM Cortex-M4 platform demonstrated that SSR provides robust protection against stack-based attacks with minimal performance overhead, averaging <span><math><mrow><mn>1</mn><mo>.</mo><mn>591</mn><mspace></mspace><mi>μ</mi><mi>s</mi></mrow></math></span>ec per function call. Additionally, the proposed SSR offers tunable trade-offs between memory usage and randomization entropy, ensuring adaptability to various application requirements. These results highlight the proposed SSR as a practical and efficient security solution for safeguarding bare-metal IoT devices against evolving threats.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"151 ","pages":"Article 104342"},"PeriodicalIF":4.8,"publicationDate":"2025-01-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143149562","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-01-23DOI: 10.1016/j.cose.2025.104322
Ying-Dar Lin , Wei-Hsiang Chan , Yuan-Cheng Lai , Chia-Mu Yu , Yu-Sung Wu , Wei-Bin Lee
Control Area Networks (CAN) face serious security threats recently due to their inherent vulnerabilities and the increasing sophistication of cyberattacks targeting automotive and industrial systems. This paper focuses on enhancing the security of CAN, which currently lack adequate defense mechanisms. We propose integrating Machine Learning-based Intrusion Detection Systems (ML-based IDS) into the network to address this vulnerability. However, ML systems are susceptible to adversarial attacks, leading to misclassification of data. We introduce three defense combination methods to mitigate this risk: adversarial training, ensemble learning, and distance-based optimization. Additionally, we employ a simulated annealing algorithm in distance-based optimization to optimize the distance moved in feature space, aiming to minimize intra-class distance and maximize the inter-class distance. Our results show that the ZOO attack is the most potent adversarial attack, significantly impacting model performance. In terms of model, the basic models achieve an F1 score of 0.99, with CNN being the most robust against adversarial attacks. Under known adversarial attacks, the average F1 score decreases to 0.56. Adversarial training with triplet loss does not perform well, achieving only 0.64, while our defense method attains the highest F1 score of 0.97. For unknown adversarial attacks, the F1 score drops to 0.24, with adversarial training with triplet loss scoring 0.47. Our defense method still achieves the highest score of 0.61. These results demonstrate our method’s excellent performance against known and unknown adversarial attacks.
{"title":"Enhancing can security with ML-based IDS: Strategies and efficacies against adversarial attacks","authors":"Ying-Dar Lin , Wei-Hsiang Chan , Yuan-Cheng Lai , Chia-Mu Yu , Yu-Sung Wu , Wei-Bin Lee","doi":"10.1016/j.cose.2025.104322","DOIUrl":"10.1016/j.cose.2025.104322","url":null,"abstract":"<div><div>Control Area Networks (CAN) face serious security threats recently due to their inherent vulnerabilities and the increasing sophistication of cyberattacks targeting automotive and industrial systems. This paper focuses on enhancing the security of CAN, which currently lack adequate defense mechanisms. We propose integrating Machine Learning-based Intrusion Detection Systems (ML-based IDS) into the network to address this vulnerability. However, ML systems are susceptible to adversarial attacks, leading to misclassification of data. We introduce three defense combination methods to mitigate this risk: adversarial training, ensemble learning, and distance-based optimization. Additionally, we employ a simulated annealing algorithm in distance-based optimization to optimize the distance moved in feature space, aiming to minimize intra-class distance and maximize the inter-class distance. Our results show that the ZOO attack is the most potent adversarial attack, significantly impacting model performance. In terms of model, the basic models achieve an F1 score of 0.99, with CNN being the most robust against adversarial attacks. Under known adversarial attacks, the average F1 score decreases to 0.56. Adversarial training with triplet loss does not perform well, achieving only 0.64, while our defense method attains the highest F1 score of 0.97. For unknown adversarial attacks, the F1 score drops to 0.24, with adversarial training with triplet loss scoring 0.47. Our defense method still achieves the highest score of 0.61. These results demonstrate our method’s excellent performance against known and unknown adversarial attacks.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"151 ","pages":"Article 104322"},"PeriodicalIF":4.8,"publicationDate":"2025-01-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143149563","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-01-23DOI: 10.1016/j.cose.2025.104354
Romilla Syed , Joti Kaur , Leiser Silva
Software vulnerabilities shared and discussed on social media platforms alert malicious users about the existence of vulnerabilities and increase the risk of exploits. In this study, we build a hazard model to explain the effect of social media exposure of software vulnerabilities on vendors’ behavior towards releasing patches. We collect data from multiple sources, including the United States Computer Emergency Readiness Team (US-CERT), the National Vulnerability Database, vendor websites, and Twitter. The results suggest that social media exposure, measured as retweet count, accelerates releasing the patches for immediately disclosed vulnerabilities. Patches are further expedited if the tweets discuss the root-cause or exploit details. Vulnerabilities shared by credible sources are patched faster. Additionally, vulnerability characteristics, such as a higher impact on confidentiality, integrity, or availability and a higher severity level, lead to faster patches. Finally, vulnerabilities that can be exploited remotely are patched faster. Overall, our findings illustrate that social media exposure exacerbates the pressure on vendors to release patches quickly. Thus, policymakers and discoverers can use social media as a tool to further influence vendor behavior in socially desirable ways.
{"title":"Exposure of software vulnerabilities on Twitter: Analyzing vendors’ behavior of releasing software patches","authors":"Romilla Syed , Joti Kaur , Leiser Silva","doi":"10.1016/j.cose.2025.104354","DOIUrl":"10.1016/j.cose.2025.104354","url":null,"abstract":"<div><div>Software vulnerabilities shared and discussed on social media platforms alert malicious users about the existence of vulnerabilities and increase the risk of exploits. In this study, we build a hazard model to explain the effect of social media exposure of software vulnerabilities on vendors’ behavior towards releasing patches. We collect data from multiple sources, including the United States Computer Emergency Readiness Team (US-CERT), the National Vulnerability Database, vendor websites, and Twitter. The results suggest that social media exposure, measured as retweet count, accelerates releasing the patches for immediately disclosed vulnerabilities. Patches are further expedited if the tweets discuss the root-cause or exploit details. Vulnerabilities shared by credible sources are patched faster. Additionally, vulnerability characteristics, such as a higher impact on confidentiality, integrity, or availability and a higher severity level, lead to faster patches. Finally, vulnerabilities that can be exploited remotely are patched faster. Overall, our findings illustrate that social media exposure exacerbates the pressure on vendors to release patches quickly. Thus, policymakers and discoverers can use social media as a tool to further influence vendor behavior in socially desirable ways.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"151 ","pages":"Article 104354"},"PeriodicalIF":4.8,"publicationDate":"2025-01-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143149513","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-01-23DOI: 10.1016/j.cose.2025.104337
Van Tuan Nguyen , Razvan Beuran
This paper proposes a novel federated learning approach for improving IoT network intrusion detection. The rise of IoT has expanded the cyber attack surface, making traditional centralized machine learning methods insufficient due to concerns about data availability, computational resources, transfer costs, and especially privacy preservation. A semi-supervised federated learning model was developed to overcome these issues, combining the Shrink Autoencoder and Centroid one-class classifier (SAE-CEN). This approach enhances the performance of intrusion detection by effectively representing normal network data and accurately identifying anomalies in the decentralized strategy. Additionally, a mean square error-based aggregation algorithm (MSEAvg) was introduced to improve global model performance by prioritizing more accurate local models. The results obtained in our experimental setup, which uses various settings relying on the N-BaIoT dataset and Dirichlet distribution, demonstrate significant improvements in real-world heterogeneous IoT networks in detection accuracy from 93.98 ± 2.90 to 97.30 ± 0.49, reduced learning costs when requiring only 50% of gateways participating in the training process, and robustness in large-scale networks.
{"title":"FedMSE: Semi-supervised federated learning approach for IoT network intrusion detection","authors":"Van Tuan Nguyen , Razvan Beuran","doi":"10.1016/j.cose.2025.104337","DOIUrl":"10.1016/j.cose.2025.104337","url":null,"abstract":"<div><div>This paper proposes a novel federated learning approach for improving IoT network intrusion detection. The rise of IoT has expanded the cyber attack surface, making traditional centralized machine learning methods insufficient due to concerns about data availability, computational resources, transfer costs, and especially privacy preservation. A semi-supervised federated learning model was developed to overcome these issues, combining the Shrink Autoencoder and Centroid one-class classifier (SAE-CEN). This approach enhances the performance of intrusion detection by effectively representing normal network data and accurately identifying anomalies in the decentralized strategy. Additionally, a mean square error-based aggregation algorithm (MSEAvg) was introduced to improve global model performance by prioritizing more accurate local models. The results obtained in our experimental setup, which uses various settings relying on the N-BaIoT dataset and Dirichlet distribution, demonstrate significant improvements in real-world heterogeneous IoT networks in detection accuracy from 93.98 ± 2.90 to 97.30 ± 0.49, reduced learning costs when requiring only 50% of gateways participating in the training process, and robustness in large-scale networks.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"151 ","pages":"Article 104337"},"PeriodicalIF":4.8,"publicationDate":"2025-01-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143149514","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-01-21DOI: 10.1016/j.cose.2025.104340
Giyoon Kim , Soojin Kang , Seungjun Baek , Kimoon Kim , Jongsung Kim
Ransomware is malicious software that is a prominent global cybersecurity threat. It typically encrypts data in a system, rendering victims unable to decrypt it without the attacker’s private key. Subsequently, victims often pay substantial ransoms to regain access to their data, yet some may still suffer damage or loss. This study examines Rhysida ransomware, which caused significant damage in the second half of 2023, and proposes a decryption method. Rhysida ransomware employed a secure random number generator to generate the encryption keys for data encryption. However, a vulnerability in its implementation enabled us to reconstruct the internal state of the random number generator, resulting in the disclosure of the encryption keys. In a practical time, we successfully decrypted the data infected with Rhysida using the regenerated state. To the best of our knowledge, this is the first successful decryption of data infected by Rhysida. We aim for our findings to contribute to mitigating the harm inflicted by the Rhysida ransomware.
{"title":"How to decrypt files encrypted by Rhysida ransomware without the attacker’s private key","authors":"Giyoon Kim , Soojin Kang , Seungjun Baek , Kimoon Kim , Jongsung Kim","doi":"10.1016/j.cose.2025.104340","DOIUrl":"10.1016/j.cose.2025.104340","url":null,"abstract":"<div><div>Ransomware is malicious software that is a prominent global cybersecurity threat. It typically encrypts data in a system, rendering victims unable to decrypt it without the attacker’s private key. Subsequently, victims often pay substantial ransoms to regain access to their data, yet some may still suffer damage or loss. This study examines Rhysida ransomware, which caused significant damage in the second half of 2023, and proposes a decryption method. Rhysida ransomware employed a secure random number generator to generate the encryption keys for data encryption. However, a vulnerability in its implementation enabled us to reconstruct the internal state of the random number generator, resulting in the disclosure of the encryption keys. In a practical time, we successfully decrypted the data infected with Rhysida using the regenerated state. To the best of our knowledge, this is the first successful decryption of data infected by Rhysida. We aim for our findings to contribute to mitigating the harm inflicted by the Rhysida ransomware.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"151 ","pages":"Article 104340"},"PeriodicalIF":4.8,"publicationDate":"2025-01-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143149510","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-01-18DOI: 10.1016/j.cose.2025.104349
Ameer El-Sayed , Ahmed A. Toony , Fayez Alqahtani , Yasser Alginahi , Wael Said
The increasing sophistication of multi-faceted attacks (MFAs) presents significant challenges for securing Internet of Things (IoT) networks, where traditional defenses and even contemporary solutions often fail to provide comprehensive protection. Current frameworks in the literature face critical limitations such as centralized control architectures that are prone to bottlenecks and single points of failure, inadequate traffic monitoring capabilities, and limited adaptability to dynamic attack surfaces. These gaps make IoT environments vulnerable to stealthy, coordinated, and complex attacks that can simultaneously target multiple layers of the network. Addressing these challenges requires a more dynamic and distributed approach to security. This paper introduces CO-STOP, an innovative framework designed to overcome these limitations by integrating machine learning (ML), the P4 programming language, Software-Defined Networking (SDN), and a novel multi-control design (MCD). CO-STOP enhances IoT network management by distributing both detection and mitigation efforts across multiple controllers, improving scalability and resilience. It also addresses the shortcomings of existing solutions by incorporating adaptive traffic monitoring and a distributed mitigation strategy that reduces the risks of network disruption. The framework comprises four interconnected modules: (1) Authenticated Dynamic Multi-Control (ADMC), which introduces secure, synchronized controller collaboration; (2) P4-Enabled Adaptive Traffic Monitoring (P4-ATM), leveraging programmable state tables for real-time traffic analysis; (3) Multi-Faceted Attack Detection and Prevention (MFADP), employing a Dynamic Meta-Ensemble with Confidence-Based Prioritization (DMECP) for accurate attack detection; and (4) P4-Enabled Multi-Control Adaptive Mitigation (P4-MCAM), which distributes mitigation efforts across multiple controllers. CO-STOP demonstrates significant resource efficiency, with the P4-based solution reducing bandwidth consumption by 27%, memory usage by 19%, and CPU utilization by 21% compared to the OpenFlow-based approach. Experiments reveal that the proposed multi-controller architecture consistently outperforms the single-controller design across six key evaluation metrics. CO-STOP sets new benchmarks in SD-IoT security, achieving 99.25% accuracy, a 98.83% F1-score, and a low false positive rate of 0.51%. By addressing both the limitations of existing frameworks and the critical need for scalable, efficient, and adaptive security solutions, CO-STOP represents a substantial advancement in safeguarding SD-IoT networks from emerging attacks.
{"title":"CO-STOP: A robust P4-powered adaptive framework for comprehensive detection and mitigation of coordinated and multi-faceted attacks in SD-IoT networks","authors":"Ameer El-Sayed , Ahmed A. Toony , Fayez Alqahtani , Yasser Alginahi , Wael Said","doi":"10.1016/j.cose.2025.104349","DOIUrl":"10.1016/j.cose.2025.104349","url":null,"abstract":"<div><div>The increasing sophistication of multi-faceted attacks (MFAs) presents significant challenges for securing Internet of Things (IoT) networks, where traditional defenses and even contemporary solutions often fail to provide comprehensive protection. Current frameworks in the literature face critical limitations such as centralized control architectures that are prone to bottlenecks and single points of failure, inadequate traffic monitoring capabilities, and limited adaptability to dynamic attack surfaces. These gaps make IoT environments vulnerable to stealthy, coordinated, and complex attacks that can simultaneously target multiple layers of the network. Addressing these challenges requires a more dynamic and distributed approach to security. This paper introduces CO-STOP, an innovative framework designed to overcome these limitations by integrating machine learning (ML), the P4 programming language, Software-Defined Networking (SDN), and a novel multi-control design (MCD). CO-STOP enhances IoT network management by distributing both detection and mitigation efforts across multiple controllers, improving scalability and resilience. It also addresses the shortcomings of existing solutions by incorporating adaptive traffic monitoring and a distributed mitigation strategy that reduces the risks of network disruption. The framework comprises four interconnected modules: (1) Authenticated Dynamic Multi-Control (ADMC), which introduces secure, synchronized controller collaboration; (2) P4-Enabled Adaptive Traffic Monitoring (P4-ATM), leveraging programmable state tables for real-time traffic analysis; (3) Multi-Faceted Attack Detection and Prevention (MFADP), employing a Dynamic Meta-Ensemble with Confidence-Based Prioritization (DMECP) for accurate attack detection; and (4) P4-Enabled Multi-Control Adaptive Mitigation (P4-MCAM), which distributes mitigation efforts across multiple controllers. CO-STOP demonstrates significant resource efficiency, with the P4-based solution reducing bandwidth consumption by 27%, memory usage by 19%, and CPU utilization by 21% compared to the OpenFlow-based approach. Experiments reveal that the proposed multi-controller architecture consistently outperforms the single-controller design across six key evaluation metrics. CO-STOP sets new benchmarks in SD-IoT security, achieving 99.25% accuracy, a 98.83% F1-score, and a low false positive rate of 0.51%. By addressing both the limitations of existing frameworks and the critical need for scalable, efficient, and adaptive security solutions, CO-STOP represents a substantial advancement in safeguarding SD-IoT networks from emerging attacks.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"151 ","pages":"Article 104349"},"PeriodicalIF":4.8,"publicationDate":"2025-01-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143149509","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-01-17DOI: 10.1016/j.cose.2024.104310
Raghavendra Mishra , Ankita Mishra
The Internet of Things (IoT) has become indispensable for remote monitoring, integrating diverse hardware and software elements to provide seamless, secure, and reliable services. Essential components like network protocols, sensor nodes, actuators, and gateway nodes ensure the functionality and security of these systems. However, the increasing proliferation of IoT devices has raised significant security concerns, particularly regarding user privacy, data integrity, and service availability. This manuscript presents a comprehensive review of existing authenticated key exchange mechanisms for IoT security, focusing on the limitations of current authentication and key agreement methods. We examine relevant schemes for the case study to explore key security challenges. In this regard, we conduct a cryptanalysis of three recently proposed IoT security protocols, evaluating their effectiveness in addressing vulnerabilities. The key contribution of this work lies in offering insights into the latest advancements in IoT security, identifying critical weaknesses, and proposing enhancements to improve the resilience of IoT systems in an increasingly interconnected world.
{"title":"Current research on Internet of Things (IoT) security protocols: A survey","authors":"Raghavendra Mishra , Ankita Mishra","doi":"10.1016/j.cose.2024.104310","DOIUrl":"10.1016/j.cose.2024.104310","url":null,"abstract":"<div><div>The Internet of Things (IoT) has become indispensable for remote monitoring, integrating diverse hardware and software elements to provide seamless, secure, and reliable services. Essential components like network protocols, sensor nodes, actuators, and gateway nodes ensure the functionality and security of these systems. However, the increasing proliferation of IoT devices has raised significant security concerns, particularly regarding user privacy, data integrity, and service availability. This manuscript presents a comprehensive review of existing authenticated key exchange mechanisms for IoT security, focusing on the limitations of current authentication and key agreement methods. We examine relevant schemes for the case study to explore key security challenges. In this regard, we conduct a cryptanalysis of three recently proposed IoT security protocols, evaluating their effectiveness in addressing vulnerabilities. The key contribution of this work lies in offering insights into the latest advancements in IoT security, identifying critical weaknesses, and proposing enhancements to improve the resilience of IoT systems in an increasingly interconnected world.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"151 ","pages":"Article 104310"},"PeriodicalIF":4.8,"publicationDate":"2025-01-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143149528","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-01-16DOI: 10.1016/j.cose.2025.104328
Yankun Xue, Chunying Kang, Hongchen Yu
As networks evolve, their attacks become ever more varied - which creates an increasing variety of features-rich information which models must incorporate during training. However, this data often includes redundant and irrelevant features that impede its effectiveness as an intrusion detection system. Hybrid Autoencoder- Hybird ResNet-LSTM, an advanced hybrid residual network which combines an innovative hybrid Autoencoder with an enhanced LSTM-CNN architecture, was introduced here to enhance detection capabilities of models and identify pertinent feature subsets within datasets more quickly and efficiently. Initial feature selection within the dataset is performed using a modified self-encoder that incorporates CNN and GRU components, in order to reduce data dimensionality while pinpointing an optimal subset. This paper assesses a proposed intrusion detection model against three datasets commonly used for intrusion detection studies: UNSW-NB15, NSL-KDD, and CICIDS-2018. Experimental findings demonstrate high accuracy rates of 95.7%, 94.9% and 96.7% in intrusion detection for NSL-KDD, UNSW-NB15, and CICIDS-2018 datasets respectively. A comparative analysis with methods proposed by other researchers illustrates how effective our method presented here can be at significantly enhancing intrusion detection accuracy.
{"title":"HAE-HRL: A network intrusion detection system utilizing a novel autoencoder and a hybrid enhanced LSTM-CNN-based residual network","authors":"Yankun Xue, Chunying Kang, Hongchen Yu","doi":"10.1016/j.cose.2025.104328","DOIUrl":"10.1016/j.cose.2025.104328","url":null,"abstract":"<div><div>As networks evolve, their attacks become ever more varied - which creates an increasing variety of features-rich information which models must incorporate during training. However, this data often includes redundant and irrelevant features that impede its effectiveness as an intrusion detection system. Hybrid Autoencoder- Hybird ResNet-LSTM, an advanced hybrid residual network which combines an innovative hybrid Autoencoder with an enhanced LSTM-CNN architecture, was introduced here to enhance detection capabilities of models and identify pertinent feature subsets within datasets more quickly and efficiently. Initial feature selection within the dataset is performed using a modified self-encoder that incorporates CNN and GRU components, in order to reduce data dimensionality while pinpointing an optimal subset. This paper assesses a proposed intrusion detection model against three datasets commonly used for intrusion detection studies: UNSW-NB15, NSL-KDD, and CICIDS-2018. Experimental findings demonstrate high accuracy rates of 95.7%, 94.9% and 96.7% in intrusion detection for NSL-KDD, UNSW-NB15, and CICIDS-2018 datasets respectively. A comparative analysis with methods proposed by other researchers illustrates how effective our method presented here can be at significantly enhancing intrusion detection accuracy.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"151 ","pages":"Article 104328"},"PeriodicalIF":4.8,"publicationDate":"2025-01-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143149516","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-01-16DOI: 10.1016/j.cose.2025.104339
Xueping Liang, Yilin Xu
The rise in security threats faced by organizations has resulted in increased attention towards cloud adoption in organizations and cloud security research. To address these concerns, it is crucial to establish trust between application users and cloud services by exploring the gap of cloud security challenges and opportunities in the cybersecurity context. Due to the growing interest in this topic, a comprehensive and updated review of existing literature is much needed. This paper thoroughly examines the current landscape of cloud security, grounded in an extensive systematic literature review of 1,324 research papers, through the lens of a Design Science Research artifact typology rooted in the Information Systems domain. The paper makes significant technological contributions to the field of cloud security, by categorizing findings into four artifact types: constructs, models, methods, and instantiations. These categories are examined across multiple levels of cloud architecture, including data management, identity and access, application and software, host and virtualization, as well as privacy, trust, and compliance. The proposed research framework is adopted to further analyze the challenges that organizations face in securing their cloud-based systems against threats such as data breaches, unauthorized access, and cyberattacks. In addition, the review explores the potential opportunities for enhancing cloud security through the integration of advanced technologies such as blockchain, zero trust, multi-cloud architecture, machine learning and artificial intelligence, in various domains such as healthcare, IoT, and smart cities. By providing a critical analysis of the current state of cloud security, this review paper offers valuable insights into the challenges and opportunities associated with securing cloud-based systems in the cybersecurity era.
{"title":"A novel framework to identify cybersecurity challenges and opportunities for organizational digital transformation in the cloud","authors":"Xueping Liang, Yilin Xu","doi":"10.1016/j.cose.2025.104339","DOIUrl":"10.1016/j.cose.2025.104339","url":null,"abstract":"<div><div>The rise in security threats faced by organizations has resulted in increased attention towards cloud adoption in organizations and cloud security research. To address these concerns, it is crucial to establish trust between application users and cloud services by exploring the gap of cloud security challenges and opportunities in the cybersecurity context. Due to the growing interest in this topic, a comprehensive and updated review of existing literature is much needed. This paper thoroughly examines the current landscape of cloud security, grounded in an extensive systematic literature review of 1,324 research papers, through the lens of a Design Science Research artifact typology rooted in the Information Systems domain. The paper makes significant technological contributions to the field of cloud security, by categorizing findings into four artifact types: constructs, models, methods, and instantiations. These categories are examined across multiple levels of cloud architecture, including data management, identity and access, application and software, host and virtualization, as well as privacy, trust, and compliance. The proposed research framework is adopted to further analyze the challenges that organizations face in securing their cloud-based systems against threats such as data breaches, unauthorized access, and cyberattacks. In addition, the review explores the potential opportunities for enhancing cloud security through the integration of advanced technologies such as blockchain, zero trust, multi-cloud architecture, machine learning and artificial intelligence, in various domains such as healthcare, IoT, and smart cities. By providing a critical analysis of the current state of cloud security, this review paper offers valuable insights into the challenges and opportunities associated with securing cloud-based systems in the cybersecurity era.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"151 ","pages":"Article 104339"},"PeriodicalIF":4.8,"publicationDate":"2025-01-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143149527","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
扫码关注我们
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号