Computers & Security最新文献_第3页

DaE2: Unmasking malicious URLs by leveraging diverse and efficient ensemble machine learning for online security DaE2：利用多样化和高效的集合机器学习为在线安全揭开恶意 URL 的面纱

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2024-10-28 DOI: 10.1016/j.cose.2024.104170

Abiodun Esther Omolara , Moatsum Alawida

Over 5.44 billion people now use the Internet, making it a vital part of daily life, enabling communication, e-commerce, education, and more. However, this huge Internet connectivity also raises concerns about online privacy and security, particularly with the rise of malicious Uniform Resource Locators (URLs). Recently, conventional ensemble models have attracted attention due to their notable benefits of reducing the variance in models, enhancing predictive performance, improving prediction accuracy, and demonstrating high generalization potential. But, its application in addressing the challenge of malicious URLs is still an open problem. These URLs often hide behind static links in emails or web pages, posing a threat to individuals and organizations. Despite blacklisting services, many harmful sites evade detection due to inadequate scrutiny or recent creation. Hence, to improve URL detection, a Diverse and Efficient Ensemble (DaE2) machine learning algorithm was developed using four ensemble models, that is, AdaBoost, Bagging, Stacking, and Voting to classify URLs. After preprocessing, the experimental result shown that all models achieved over 80 % accuracy, with AdaBoost reaching 98.5 % and Stacking offering the fastest runtime. AdaBoost and Bagging also delivered strong performance, with F1 scores of 0.980 and 0.976, respectively.

目前有超过 54.4 亿人使用互联网，互联网已成为日常生活的重要组成部分，使通信、电子商务、教育等成为可能。然而，巨大的互联网连接也引发了人们对网络隐私和安全的担忧，特别是随着恶意统一资源定位器（URL）的兴起。最近，传统的集合模型因其在减少模型方差、增强预测性能、提高预测准确性和展示高泛化潜力等方面的显著优势而备受关注。但是，它在应对恶意 URL 挑战方面的应用仍是一个未决问题。这些 URL 通常隐藏在电子邮件或网页的静态链接后面，对个人和组织构成威胁。尽管有黑名单服务，但许多有害网站由于审查不充分或最近才创建而逃避检测。因此，为了改进 URL 检测，我们开发了一种多样化高效集合（DaE2）机器学习算法，使用四种集合模型，即 AdaBoost、Bagging、Stacking 和 Voting 来对 URL 进行分类。预处理后的实验结果表明，所有模型的准确率都超过了 80%，其中 AdaBoost 的准确率达到了 98.5%，Stacking 的运行时间最快。AdaBoost 和 Bagging 的性能也很强，F1 分数分别为 0.980 和 0.976。

{"title":"DaE2: Unmasking malicious URLs by leveraging diverse and efficient ensemble machine learning for online security","authors":"Abiodun Esther Omolara , Moatsum Alawida","doi":"10.1016/j.cose.2024.104170","DOIUrl":"10.1016/j.cose.2024.104170","url":null,"abstract":"<div><div>Over 5.44 billion people now use the Internet, making it a vital part of daily life, enabling communication, e-commerce, education, and more. However, this huge Internet connectivity also raises concerns about online privacy and security, particularly with the rise of malicious Uniform Resource Locators (URLs). Recently, conventional ensemble models have attracted attention due to their notable benefits of reducing the variance in models, enhancing predictive performance, improving prediction accuracy, and demonstrating high generalization potential. But, its application in addressing the challenge of malicious URLs is still an open problem. These URLs often hide behind static links in emails or web pages, posing a threat to individuals and organizations. Despite blacklisting services, many harmful sites evade detection due to inadequate scrutiny or recent creation. Hence, to improve URL detection, a Diverse and Efficient Ensemble (DaE2) machine learning algorithm was developed using four ensemble models, that is, AdaBoost, Bagging, Stacking, and Voting to classify URLs. After preprocessing, the experimental result shown that all models achieved over 80 % accuracy, with AdaBoost reaching 98.5 % and Stacking offering the fastest runtime. AdaBoost and Bagging also delivered strong performance, with F1 scores of 0.980 and 0.976, respectively.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"148 ","pages":"Article 104170"},"PeriodicalIF":4.8,"publicationDate":"2024-10-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142586773","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Enhanced cell phone security: An ultrasonic and sensor fusion-based persistent cell phone protection method integrating anti-theft & identity authentication 增强手机安全性：基于超声波和传感器融合的持久性手机保护方法，集防盗和身份验证于一体

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2024-10-28 DOI: 10.1016/j.cose.2024.104176

Jie Zhang , Lei Xie , Lang He , Zhongmin Wang , Jing Chen

With the rapid development of the Internet of Things, cell phones inevitably involve people’s privacy and property information. Therefore, ensuring cell phone security is of great importance. Current cell phone protection methods include cell phone anti-theft and identity authentication, but each has limitations. Cell phone anti-theft methods focus on preventing cell phone loss but do not adequately address privacy security. Identity authentication emphasizes privacy protection but overlooks the cell phone’s security. Previous studies have achieved these two methods through ultrasonic or sensors. However, ultrasonic-based methods are limited by sensing distance and are inconvenient to use. Sensor-based methods do not detect subtle movements and may have shortcomings in terms of security. This study proposes an ultrasonic and sensor fusion-based persistent cell phone protection method integrating anti-theft and identity authentication. Unlike past work, this study uses ultrasonic and inertial sensors to capture motion data of users with different granularity, and provide multifaceted protection for cell phones through anti-theft when taking up the cell phone (ATWTP) and gait identity authentication (GTIA). Our intuition in the design is that each individual has unique movements and gait patterns, resulting in differences in the collected data from ultrasonic and inertial sensors. These differences can be used to achieve persistent protection of the cell phone. This study combines the strengths of sensors and ultrasonic through multimodal fusion and designs a system that incorporates system-triggered event detection (STED), ATWTP, and GTIA. The results demonstrate that the proposed design achieves an accuracy of 96.88% in protecting cell phones.

随着物联网的快速发展，手机不可避免地会涉及到人们的隐私和财产信息。因此，确保手机安全显得尤为重要。目前的手机保护方法包括手机防盗和身份验证，但每种方法都有其局限性。手机防盗方法侧重于防止手机丢失，但没有充分解决隐私安全问题。身份验证强调隐私保护，但忽略了手机的安全性。以往的研究通过超声波或传感器实现了这两种方法。然而，基于超声波的方法受到感应距离的限制，使用不便。基于传感器的方法无法检测到细微动作，在安全性方面可能存在缺陷。本研究提出了一种基于超声波和传感器融合的持久性手机保护方法，集防盗和身份验证于一体。与以往的研究不同，本研究利用超声波和惯性传感器捕捉不同粒度的用户运动数据，并通过拿起手机时的防盗（ATWTP）和步态身份验证（GTIA）为手机提供多方面的保护。我们在设计中的直觉是，每个人都有独特的动作和步态模式，从而导致从超声波和惯性传感器收集到的数据存在差异。这些差异可用于实现对手机的持久保护。本研究通过多模态融合将传感器和超声波的优势结合起来，并设计了一个包含系统触发事件检测（STED）、ATWTP 和 GTIA 的系统。结果表明，所提出的设计在保护手机方面达到了 96.88% 的准确率。

{"title":"Enhanced cell phone security: An ultrasonic and sensor fusion-based persistent cell phone protection method integrating anti-theft & identity authentication","authors":"Jie Zhang , Lei Xie , Lang He , Zhongmin Wang , Jing Chen","doi":"10.1016/j.cose.2024.104176","DOIUrl":"10.1016/j.cose.2024.104176","url":null,"abstract":"<div><div>With the rapid development of the Internet of Things, cell phones inevitably involve people’s privacy and property information. Therefore, ensuring cell phone security is of great importance. Current cell phone protection methods include cell phone anti-theft and identity authentication, but each has limitations. Cell phone anti-theft methods focus on preventing cell phone loss but do not adequately address privacy security. Identity authentication emphasizes privacy protection but overlooks the cell phone’s security. Previous studies have achieved these two methods through ultrasonic or sensors. However, ultrasonic-based methods are limited by sensing distance and are inconvenient to use. Sensor-based methods do not detect subtle movements and may have shortcomings in terms of security. This study proposes an ultrasonic and sensor fusion-based persistent cell phone protection method integrating anti-theft and identity authentication. Unlike past work, this study uses ultrasonic and inertial sensors to capture motion data of users with different granularity, and provide multifaceted protection for cell phones through anti-theft when taking up the cell phone (ATWTP) and gait identity authentication (GTIA). Our intuition in the design is that each individual has unique movements and gait patterns, resulting in differences in the collected data from ultrasonic and inertial sensors. These differences can be used to achieve persistent protection of the cell phone. This study combines the strengths of sensors and ultrasonic through multimodal fusion and designs a system that incorporates system-triggered event detection (STED), ATWTP, and GTIA. The results demonstrate that the proposed design achieves an accuracy of 96.88% in protecting cell phones.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"148 ","pages":"Article 104176"},"PeriodicalIF":4.8,"publicationDate":"2024-10-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142572075","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Thread-sensitive fuzzing for concurrency bug detection 针对并发错误检测的线程敏感模糊测试

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2024-10-28 DOI: 10.1016/j.cose.2024.104171

Jingwen Zhao, Yan Fu, Yanxia Wu, Jibin Dong, Ruize Hong

Fuzzing is a commonly used method for identifying bugs and vulnerabilities in software. However, current methods for improving fuzzing in concurrency environments often lack a detailed analysis of the program’s concurrent state space. This leads to inefficient execution of previously verified concurrent states and missed information. We have developed TSAFL, a novel concurrency fuzzing framework that aims to detect the running state of concurrency programs and uncover hard-to-find vulnerabilities. TSAFL builds upon AFL’s concurrency vulnerability detection capabilities by incorporating three new techniques. Firstly, we introduce two new coverage metrics to measure concurrency: concurrent behavior window and CFG prediction. These metrics enhance the TSAFL’s capabilities to explore more thread interleavings. The second technique adds efficient thread-interleaved scheduling to fuzzing combined with period scheduling. Several methods are proposed to avoid problems caused by simply using period scheduling to accurately detect and verify all concurrent state spaces. Thirdly, we propose a multi-objective optimization mechanism based on the characteristics of concurrent fuzz testing to fully utilize the information in the seed files. Using these three techniques, our concurrency fuzzing approach effectively covers infrequent thread interleavings with concrete context information. We evaluated TSAFL on user-level applications, and experiments show that TSAFL outperforms AFL++ and MOPT in multithreading-related seed generation and concurrent vulnerability detection.

模糊测试是识别软件错误和漏洞的常用方法。然而，目前在并发环境中改进模糊测试的方法往往缺乏对程序并发状态空间的详细分析。这导致先前已验证过的并发状态的执行效率低下和信息遗漏。我们开发了 TSAFL，这是一种新型并发模糊框架，旨在检测并发程序的运行状态并发现难以发现的漏洞。TSAFL 以 AFL 的并发漏洞检测能力为基础，融入了三项新技术。首先，我们引入了两个新的覆盖指标来衡量并发性：并发行为窗口和 CFG 预测。这些指标增强了 TSAFL 探索更多线程交错的能力。第二项技术将高效的线程交错调度与周期调度相结合。我们提出了几种方法，以避免单纯使用周期调度来准确检测和验证所有并发状态空间所带来的问题。第三，我们根据并发模糊测试的特点提出了一种多目标优化机制，以充分利用种子文件中的信息。利用这三种技术，我们的并发模糊方法能有效地利用具体的上下文信息覆盖不常见的线程交错。我们在用户级应用上对 TSAFL 进行了评估，实验表明 TSAFL 在多线程相关种子生成和并发漏洞检测方面优于 AFL++ 和 MOPT。

{"title":"Thread-sensitive fuzzing for concurrency bug detection","authors":"Jingwen Zhao, Yan Fu, Yanxia Wu, Jibin Dong, Ruize Hong","doi":"10.1016/j.cose.2024.104171","DOIUrl":"10.1016/j.cose.2024.104171","url":null,"abstract":"<div><div>Fuzzing is a commonly used method for identifying bugs and vulnerabilities in software. However, current methods for improving fuzzing in concurrency environments often lack a detailed analysis of the program’s concurrent state space. This leads to inefficient execution of previously verified concurrent states and missed information. We have developed TSAFL, a novel concurrency fuzzing framework that aims to detect the running state of concurrency programs and uncover hard-to-find vulnerabilities. TSAFL builds upon AFL’s concurrency vulnerability detection capabilities by incorporating three new techniques. Firstly, we introduce two new coverage metrics to measure concurrency: concurrent behavior window and CFG prediction. These metrics enhance the TSAFL’s capabilities to explore more thread interleavings. The second technique adds efficient thread-interleaved scheduling to fuzzing combined with period scheduling. Several methods are proposed to avoid problems caused by simply using period scheduling to accurately detect and verify all concurrent state spaces. Thirdly, we propose a multi-objective optimization mechanism based on the characteristics of concurrent fuzz testing to fully utilize the information in the seed files. Using these three techniques, our concurrency fuzzing approach effectively covers infrequent thread interleavings with concrete context information. We evaluated TSAFL on user-level applications, and experiments show that TSAFL outperforms AFL++ and MOPT in multithreading-related seed generation and concurrent vulnerability detection.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"148 ","pages":"Article 104171"},"PeriodicalIF":4.8,"publicationDate":"2024-10-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142572053","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

TrustCNAV: Certificateless aggregate authentication of civil navigation messages in GNSS TrustCNAV：GNSS 中民用导航信息的无证书聚合认证

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2024-10-26 DOI: 10.1016/j.cose.2024.104172

Zhijun Wu , Yun Bai , Yuan Zhang , Liang Liu , Meng Yue

The Global Navigation Satellite System (GNSS) is capable of accurate positioning because it can provide high-precision data. These data are transmitted to the receiver in the form of navigation messages, called civil navigation messages (CNAV). As it is transmitted in an open, transparent environment without data integrity protection mechanisms and secure data transmission measures, the CNAV is suspected to spoofing attacks. In 2023, the OPSGROUP has received approximately 50 reports of GPS spoofing activity. A spoofed plane's navigation system will show it as being in a different place - a security risk if a jet is guided to fly into a hostile country's airspace. To prevent the forging of GNSS positioning data by spoofing attacks targeting CNAV, we propose a certificateless aggregation authentication for CNAV by using the elliptic curve discrete logarithm problem and the combination of the GNAV structural characteristics, called TrustCNAV. Security proof and performance analysis indicate that this authentication scheme can resist spoofing attacks and ensure data security of CNAV, also it avoids pairing operations with high computational complexity, thus meeting security requirements without causing too much time and communication consumption.

全球导航卫星系统（GNSS）能够提供高精度数据，因此能够进行精确定位。这些数据以导航信息的形式传输给接收器，称为民用导航信息（CNAV）。由于是在开放、透明的环境中传输，没有数据完整性保护机制和安全数据传输措施，CNAV 容易受到欺骗攻击。2023 年，OPSGROUP 共收到约 50 起 GPS 欺骗活动报告。被欺骗飞机的导航系统会显示它在不同的地方--如果飞机被引导飞入敌对国家的领空，就会有安全风险。为了防止针对 CNAV 的欺骗攻击伪造 GNSS 定位数据，我们提出了一种通过使用椭圆曲线离散对数问题并结合 GNAV 结构特征的 CNAV 无证书聚合认证方法，称为 TrustCNAV。安全证明和性能分析表明，该认证方案可以抵御欺骗攻击，确保 CNAV 的数据安全，同时避免了计算复杂度较高的配对操作，既满足了安全要求，又不会造成过多的时间和通信消耗。

{"title":"TrustCNAV: Certificateless aggregate authentication of civil navigation messages in GNSS","authors":"Zhijun Wu , Yun Bai , Yuan Zhang , Liang Liu , Meng Yue","doi":"10.1016/j.cose.2024.104172","DOIUrl":"10.1016/j.cose.2024.104172","url":null,"abstract":"<div><div>The Global Navigation Satellite System (GNSS) is capable of accurate positioning because it can provide high-precision data. These data are transmitted to the receiver in the form of navigation messages, called civil navigation messages (CNAV). As it is transmitted in an open, transparent environment without data integrity protection mechanisms and secure data transmission measures, the CNAV is suspected to spoofing attacks. In 2023, the OPSGROUP has received approximately 50 reports of GPS spoofing activity. A spoofed plane's navigation system will show it as being in a different place - a security risk if a jet is guided to fly into a hostile country's airspace. To prevent the forging of GNSS positioning data by spoofing attacks targeting CNAV, we propose a certificateless aggregation authentication for CNAV by using the elliptic curve discrete logarithm problem and the combination of the GNAV structural characteristics, called TrustCNAV. Security proof and performance analysis indicate that this authentication scheme can resist spoofing attacks and ensure data security of CNAV, also it avoids pairing operations with high computational complexity, thus meeting security requirements without causing too much time and communication consumption.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"148 ","pages":"Article 104172"},"PeriodicalIF":4.8,"publicationDate":"2024-10-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142552118","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A multiscale approach for network intrusion detection based on variance–covariance subspace distance and EQL v2 基于方差-协方差子空间距离和 EQL v2 的多尺度网络入侵检测方法

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2024-10-26 DOI: 10.1016/j.cose.2024.104173

Taotao Liu , Yu Fu , Kun Wang , Xueyuan Duan , Qiuhan Wu

As an important network defense approach, network intrusion detection is mainly used to identify anomaly traffic behavior. However, dominant network intrusion detection approaches are now struggling to identify the complex and variable means of attack, leading to high false alarm rate. Additionally, the feature redundancy and class imbalance problem in the intrusion detection dataset also constrain the performance of detection methods. This paper proposes a multiscale intrusion detection approach based on variance–covariance subspace distance and Equalization Loss v2 (EQL v2). Firstly, the variance–covariance subspace distance is used for feature selection on the preprocessed dataset to determine a set of representative feature subsets that can effectively approximate the original feature space. Secondly, the loss function, EQL v2, is adopted to balance the positive and negative gradients, addressing the class imbalance problem. Finally, a pyramid depthwise separable convolution model is proposed to capture the multiscale information of the traffic, and the convolutional layer in the depthwise convolution is replaced with self-supervised predictive convolutional attention block to compensate for the performance loss caused by the parameter reduction. Extensive experiments demonstrated that the proposed approach exhibits better performance on the three datasets of NSL-KDD, UNSW_NB15, and CIC-IDS-2017, with accuracy rates of 99.19%, 97.81%, and 99.83%, respectively, effectively improve the intrusion detection performance.

作为一种重要的网络防御方法，网络入侵检测主要用于识别异常流量行为。然而，目前主流的网络入侵检测方法难以识别复杂多变的攻击手段，导致误报率较高。此外，入侵检测数据集中的特征冗余和类不平衡问题也制约了检测方法的性能。本文提出了一种基于方差-协方差子空间距离和均衡损失 v2（EQL v2）的多尺度入侵检测方法。首先，利用方差-协方差子空间距离对预处理数据集进行特征选择，以确定一组能有效逼近原始特征空间的代表性特征子集。其次，采用损失函数 EQL v2 来平衡正负梯度，从而解决类不平衡问题。最后，提出了金字塔深度可分离卷积模型来捕捉流量的多尺度信息，并将深度卷积中的卷积层替换为自监督预测卷积注意力块，以弥补参数降低带来的性能损失。大量实验表明，所提出的方法在 NSL-KDD、UNSW_NB15 和 CIC-IDS-2017 三个数据集上表现出更好的性能，准确率分别达到 99.19%、97.81% 和 99.83%，有效提高了入侵检测性能。

{"title":"A multiscale approach for network intrusion detection based on variance–covariance subspace distance and EQL v2","authors":"Taotao Liu , Yu Fu , Kun Wang , Xueyuan Duan , Qiuhan Wu","doi":"10.1016/j.cose.2024.104173","DOIUrl":"10.1016/j.cose.2024.104173","url":null,"abstract":"<div><div>As an important network defense approach, network intrusion detection is mainly used to identify anomaly traffic behavior. However, dominant network intrusion detection approaches are now struggling to identify the complex and variable means of attack, leading to high false alarm rate. Additionally, the feature redundancy and class imbalance problem in the intrusion detection dataset also constrain the performance of detection methods. This paper proposes a multiscale intrusion detection approach based on variance–covariance subspace distance and Equalization Loss v2 (EQL v2). Firstly, the variance–covariance subspace distance is used for feature selection on the preprocessed dataset to determine a set of representative feature subsets that can effectively approximate the original feature space. Secondly, the loss function, EQL v2, is adopted to balance the positive and negative gradients, addressing the class imbalance problem. Finally, a pyramid depthwise separable convolution model is proposed to capture the multiscale information of the traffic, and the convolutional layer in the depthwise convolution is replaced with self-supervised predictive convolutional attention block to compensate for the performance loss caused by the parameter reduction. Extensive experiments demonstrated that the proposed approach exhibits better performance on the three datasets of NSL-KDD, UNSW_NB15, and CIC-IDS-2017, with accuracy rates of 99.19%, 97.81%, and 99.83%, respectively, effectively improve the intrusion detection performance.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"148 ","pages":"Article 104173"},"PeriodicalIF":4.8,"publicationDate":"2024-10-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142571490","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Zero day ransomware detection with Pulse: Function classification with Transformer models and assembly language 利用 Pulse 进行零日勒索软件检测：利用变换器模型和汇编语言进行函数分类

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2024-10-24 DOI: 10.1016/j.cose.2024.104167

Matthew Gaber, Mohiuddin Ahmed, Helge Janicke

Finding automated AI techniques to proactively defend against malware has become increasingly critical. The ability of an AI model to correctly classify novel malware is dependent on the quality of the features it is trained with and the authenticity of the features is dependent on the analysis tool. Peekaboo, a Dynamic Binary Instrumentation tool defeats evasive malware to capture its genuine behaviour. The ransomware Assembly instructions captured by Peekaboo, follow Zipf’s law, a principle also observed in natural languages, indicating Transformer models are particularly well-suited to binary classification. We propose Pulse, a novel framework for zero day ransomware detection with Transformer models and Assembly language. Pulse, trained with the Peekaboo ransomware and benign software data, uniquely identify truly new samples with high accuracy. Pulse eliminates any familiar functionality across the test and training samples, forcing the Transformer model to detect malicious behaviour based solely on context and novel Assembly instruction combinations.

寻找自动人工智能技术来主动防御恶意软件变得越来越重要。人工智能模型对新型恶意软件进行正确分类的能力取决于它所训练的特征的质量，而特征的真实性则取决于分析工具。Peekaboo 是一种动态二进制工具，它能击败躲避性恶意软件，捕捉其真实行为。Peekaboo 捕获的勒索软件 Assembly 指令遵循 Zipf 定律，这也是自然语言中观察到的原理，表明 Transformer 模型特别适合二进制分类。我们提出了 Pulse，这是一种利用 Transformer 模型和汇编语言进行零日勒索软件检测的新型框架。Pulse 使用 Peekaboo 勒索软件和良性软件数据进行训练，能准确识别真正的新样本。Pulse 消除了测试样本和训练样本中任何熟悉的功能，迫使 Transformer 模型仅根据上下文和新的汇编指令组合来检测恶意行为。

引用次数: 0

MFT: A novel memory flow transformer efficient intrusion detection method MFT：新型内存流变换器高效入侵检测方法

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2024-10-22 DOI: 10.1016/j.cose.2024.104174

Xuefeng Jiang , Liuquan Xu , Li Yu , Xianjin Fang

Intrusion detection is a critical field in network security research that is devoted to detecting malicious traffic or attacks on networks. Even with the advances in today's Internet environment, a lot of intrusion detection techniques still fail to take into account the long-term characteristics present in network data, which results in a high false alarm rate. Some researchers have tried to address this problem by using the traditional transformer model; however, it is not very effective when dealing with complex relationships and the subtle classification requirements of large amounts of sequential data. This work presents a novel solution called the memory flow transformer (MFT) in response to the limitations of the conventional transformer model. By utilizing a carefully designed memory flow structure, MFT transcends traditional limitations and makes it possible to obtain complex long-term features from network traffic. This innovation enables the model to identify deep connections at a finer level between a wide variety of network traffic data. Extensive experiments were carried out on the complex CICIDS 2017 and NSL-KDD datasets to validate the effectiveness of the MFT model. The results were outstanding, demonstrating MFT's powerful detection abilities. With regard to performance metrics like accuracy, F1 score, false alarm rate, and training time, MFT is superior to current state-of-the-art approaches. Network security is greatly strengthened by MFT, which provides practitioners in the intrusion detection field with novel and effective techniques.

入侵检测是网络安全研究的一个重要领域，致力于检测网络上的恶意流量或攻击。即使当今互联网环境不断进步，许多入侵检测技术仍然没有考虑到网络数据的长期特性，从而导致误报率很高。一些研究人员尝试使用传统的变压器模型来解决这一问题，但在处理大量连续数据的复杂关系和微妙分类要求时，这种方法并不十分有效。针对传统变压器模型的局限性，本研究提出了一种名为内存流变压器（MFT）的新颖解决方案。通过利用精心设计的内存流结构，MFT 超越了传统限制，使从网络流量中获取复杂的长期特征成为可能。这一创新使该模型能够在更精细的层次上识别各种网络流量数据之间的深层联系。为了验证 MFT 模型的有效性，我们在复杂的 CICIDS 2017 和 NSL-KDD 数据集上进行了广泛的实验。实验结果非常出色，证明了 MFT 强大的检测能力。在准确率、F1 分数、误报率和训练时间等性能指标方面，MFT 都优于目前最先进的方法。MFT 大大加强了网络安全，为入侵检测领域的从业人员提供了新颖有效的技术。

{"title":"MFT: A novel memory flow transformer efficient intrusion detection method","authors":"Xuefeng Jiang , Liuquan Xu , Li Yu , Xianjin Fang","doi":"10.1016/j.cose.2024.104174","DOIUrl":"10.1016/j.cose.2024.104174","url":null,"abstract":"<div><div>Intrusion detection is a critical field in network security research that is devoted to detecting malicious traffic or attacks on networks. Even with the advances in today's Internet environment, a lot of intrusion detection techniques still fail to take into account the long-term characteristics present in network data, which results in a high false alarm rate. Some researchers have tried to address this problem by using the traditional transformer model; however, it is not very effective when dealing with complex relationships and the subtle classification requirements of large amounts of sequential data. This work presents a novel solution called the memory flow transformer (MFT) in response to the limitations of the conventional transformer model. By utilizing a carefully designed memory flow structure, MFT transcends traditional limitations and makes it possible to obtain complex long-term features from network traffic. This innovation enables the model to identify deep connections at a finer level between a wide variety of network traffic data. Extensive experiments were carried out on the complex CICIDS 2017 and NSL-KDD datasets to validate the effectiveness of the MFT model. The results were outstanding, demonstrating MFT's powerful detection abilities. With regard to performance metrics like accuracy, F1 score, false alarm rate, and training time, MFT is superior to current state-of-the-art approaches. Network security is greatly strengthened by MFT, which provides practitioners in the intrusion detection field with novel and effective techniques.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"148 ","pages":"Article 104174"},"PeriodicalIF":4.8,"publicationDate":"2024-10-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142571491","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A novel user centric privacy mechanism in cyber physical system 网络物理系统中以用户为中心的新型隐私机制

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2024-10-22 DOI: 10.1016/j.cose.2024.104163

Manas Kumar Yogi , A.S.N. Chakravarthy

User-centric privacy preservation is of paramount importance in the realm of Cyber-Physical Systems (CPS), where making decisions based on nature of data is crucial. This abstract presents a novel approach to safeguarding user privacy within CPS environments by leveraging user query trends and dataset trends while incorporating the principles of differential privacy. By meticulously analyzing historical query patterns and dataset dynamics, this methodology empowers users to retain control over their sensitive data. The application of differential privacy techniques ensures that individual user information remains confidential while enabling comprehensive data analysis to unveil valuable insights, trends, and changes in data distribution. This approach fosters a dynamic privacy ecosystem where users can interact with CPS systems, query their data, and extract valuable knowledge, all while preserving their personal privacy. As we navigate the evolving landscape of CPS, characterized by increasing interconnectivity and data sharing, this user-centric privacy framework not only guarantees data protection but also ushers in a new era of responsible data-driven decision-making, where privacy and utility coexist harmoniously, ultimately enhancing the trust and confidence of users in the CPS environment.

在网络物理系统（CPS）领域，以用户为中心的隐私保护至关重要，因为在该领域，根据数据性质做出决策至关重要。本摘要介绍了一种在 CPS 环境中保护用户隐私的新方法，该方法利用了用户查询趋势和数据集趋势，同时结合了差异隐私原则。通过细致分析历史查询模式和数据集动态，该方法使用户能够保留对其敏感数据的控制权。差异化隐私技术的应用确保了个人用户信息的保密性，同时又能通过全面的数据分析揭示数据分布的宝贵见解、趋势和变化。这种方法建立了一个动态的隐私生态系统，用户可以与 CPS 系统互动、查询数据并提取有价值的知识，同时保护个人隐私。在不断发展的 CPS 环境中，互联性和数据共享性日益增强，在我们的导航过程中，这种以用户为中心的隐私框架不仅能保证数据保护，还能开创一个负责任的数据驱动决策的新时代，让隐私和实用性和谐共存，最终增强用户对 CPS 环境的信任和信心。

{"title":"A novel user centric privacy mechanism in cyber physical system","authors":"Manas Kumar Yogi , A.S.N. Chakravarthy","doi":"10.1016/j.cose.2024.104163","DOIUrl":"10.1016/j.cose.2024.104163","url":null,"abstract":"<div><div>User-centric privacy preservation is of paramount importance in the realm of Cyber-Physical Systems (CPS), where making decisions based on nature of data is crucial. This abstract presents a novel approach to safeguarding user privacy within CPS environments by leveraging user query trends and dataset trends while incorporating the principles of differential privacy. By meticulously analyzing historical query patterns and dataset dynamics, this methodology empowers users to retain control over their sensitive data. The application of differential privacy techniques ensures that individual user information remains confidential while enabling comprehensive data analysis to unveil valuable insights, trends, and changes in data distribution. This approach fosters a dynamic privacy ecosystem where users can interact with CPS systems, query their data, and extract valuable knowledge, all while preserving their personal privacy. As we navigate the evolving landscape of CPS, characterized by increasing interconnectivity and data sharing, this user-centric privacy framework not only guarantees data protection but also ushers in a new era of responsible data-driven decision-making, where privacy and utility coexist harmoniously, ultimately enhancing the trust and confidence of users in the CPS environment.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"149 ","pages":"Article 104163"},"PeriodicalIF":4.8,"publicationDate":"2024-10-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142654818","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Fuzzing drones for anomaly detection: A systematic literature review 用于异常检测的模糊无人机：系统文献综述

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2024-10-20 DOI: 10.1016/j.cose.2024.104157

Vikas K. Malviya, Wei Minn, Lwin Khin Shar, Lingxiao Jiang

Drones, also referred to as Unmanned Aerial Vehicles (UAVs), are becoming popular today due to their uses in different fields and recent technological advancements which provide easy control of UAVs via mobile apps. However, UAVs may contain vulnerabilities or software bugs that cause serious safety and security concerns. For example, the communication protocol used by the UAV may contain authentication and authorization vulnerabilities, which may be exploited by attackers to gain remote access over the UAV. Drones must therefore undergo extensive testing before being released or deployed to identify and fix any software bugs or security vulnerabilities. Fuzzing is one commonly used technique for finding bugs and vulnerabilities in software programs and protocols. This article reviews various approaches where fuzzing is applied to detect bugs and vulnerabilities in UAVs. Our goal is to assess the current state-of-the-art fuzzing approaches for UAVs, which are yet to be explored in the literature. We identified open challenges that call for further research to improve the current state-of-the-art.

无人机又称无人驾驶飞行器（UAVs），由于其在不同领域的用途和最近的技术进步（可通过移动应用程序轻松控制无人机），如今正变得越来越流行。然而，无人飞行器可能存在漏洞或软件错误，从而引发严重的安全和安保问题。例如，无人机使用的通信协议可能包含身份验证和授权漏洞，攻击者可能利用这些漏洞远程访问无人机。因此，无人机在发布或部署之前必须经过大量测试，以识别并修复任何软件错误或安全漏洞。模糊测试是发现软件程序和协议中的错误和漏洞的一种常用技术。本文回顾了应用模糊技术检测无人机错误和漏洞的各种方法。我们的目标是评估目前最先进的无人机模糊处理方法，这些方法尚未在文献中得到探讨。我们发现了一些有待进一步研究的挑战，以改进当前的先进技术。

{"title":"Fuzzing drones for anomaly detection: A systematic literature review","authors":"Vikas K. Malviya, Wei Minn, Lwin Khin Shar, Lingxiao Jiang","doi":"10.1016/j.cose.2024.104157","DOIUrl":"10.1016/j.cose.2024.104157","url":null,"abstract":"<div><div>Drones, also referred to as Unmanned Aerial Vehicles (UAVs), are becoming popular today due to their uses in different fields and recent technological advancements which provide easy control of UAVs via mobile apps. However, UAVs may contain vulnerabilities or software bugs that cause serious safety and security concerns. For example, the communication protocol used by the UAV may contain authentication and authorization vulnerabilities, which may be exploited by attackers to gain remote access over the UAV. Drones must therefore undergo extensive testing before being released or deployed to identify and fix any software bugs or security vulnerabilities. Fuzzing is one commonly used technique for finding bugs and vulnerabilities in software programs and protocols. This article reviews various approaches where fuzzing is applied to detect bugs and vulnerabilities in UAVs. Our goal is to assess the current state-of-the-art fuzzing approaches for UAVs, which are yet to be explored in the literature. We identified open challenges that call for further research to improve the current state-of-the-art.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"148 ","pages":"Article 104157"},"PeriodicalIF":4.8,"publicationDate":"2024-10-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142552119","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Advancing IoT security: A novel intrusion detection system for evolving threats in industry 4.0 using optimized convolutional sparse Ficks law graph point trans-Net 推进物联网安全：利用优化的卷积稀疏菲克斯定律图点跨网络，针对工业 4.0 中不断演变的威胁开发新型入侵检测系统

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2024-10-20 DOI: 10.1016/j.cose.2024.104169

P.A. Mathina, K. Valarmathi

With the rapid advancement of Industry 4.0, the integration of Internet of Things (IoT) strategies in industrial environments has increased exponentially. While this integration enhances productivity and efficiency, it also introduces significant security vulnerabilities. Previous research has employed several deep learning approaches for intrusion detection; however, these methods often suffer from insufficient accuracy, increased computational time, complexity, and higher error rates. To address these issues, this work proposes an innovative solution: "Advancing IoT Security: A Novel Intrusion Detection System (IDS) for Evolving Threats in Industry 4.0 using optimized Convolutional Sparse Fick's Law Graph Pointtrans-Net (CSFLGPtrans-Net)." The proposed system utilizes a comprehensive intrusion detection dataset composed of four different datasets: ToN-IoT, NSL-KDD, CSE‑CIC‑IDS2018, and IoT_bot. Initially, the input data undergoes a pre-processing stage that includes cleaning columns and rows, encoding features, and normalizing data. Following this, a hybrid optimization method, combining the Fire Hawk Optimizer with the Spider Wasp Optimizer, is applied for feature selection. This step is crucial for identifying the most significant features to enhance classification accuracy. The refined data is then classified using the CSFLGPtrans-Net model. To ensure secure data transfer, Fuzzy-based Elliptic Curve Cryptography (FECC) is employed. Experimental simulations conducted on the Python platform demonstrate that the proposed method outperforms existing approaches across various performance metrics, achieving a higher accuracy of 98% and a recall of 0.993. These results highlight the method's superior efficiency and potential for further advancement in securing Industry 4.0 environments.

随着工业 4.0 的快速发展，物联网（IoT）战略在工业环境中的集成度呈指数级增长。这种整合在提高生产力和效率的同时，也带来了严重的安全漏洞。以往的研究采用了多种深度学习方法进行入侵检测，但这些方法往往存在准确性不足、计算时间增加、复杂性和错误率高等问题。为了解决这些问题，本研究提出了一种创新的解决方案："推进物联网安全：使用优化卷积稀疏菲克定律图点跨网（CSFLGPtrans-Net）的新型入侵检测系统（IDS），应对工业 4.0 中不断演变的威胁"。所提出的系统利用了由四个不同数据集组成的综合入侵检测数据集：ToN-IoT、NSL-KDD、CSE-CIC-IDS2018 和 IoT_bot。起初，输入数据要经过预处理阶段，包括清理列和行、编码特征和归一化数据。然后，结合火鹰优化器和蜘蛛黄蜂优化器的混合优化方法被用于特征选择。这一步对于识别最重要的特征以提高分类准确性至关重要。然后使用 CSFLGPtrans-Net 模型对完善后的数据进行分类。为确保数据传输安全，采用了基于模糊的椭圆曲线加密技术（FECC）。在 Python 平台上进行的实验模拟表明，所提出的方法在各种性能指标上都优于现有方法，准确率高达 98%，召回率为 0.993。这些结果凸显了该方法的卓越效率和进一步推动工业 4.0 环境安全的潜力。

{"title":"Advancing IoT security: A novel intrusion detection system for evolving threats in industry 4.0 using optimized convolutional sparse Ficks law graph point trans-Net","authors":"P.A. Mathina, K. Valarmathi","doi":"10.1016/j.cose.2024.104169","DOIUrl":"10.1016/j.cose.2024.104169","url":null,"abstract":"<div><div>With the rapid advancement of Industry 4.0, the integration of Internet of Things (IoT) strategies in industrial environments has increased exponentially. While this integration enhances productivity and efficiency, it also introduces significant security vulnerabilities. Previous research has employed several deep learning approaches for intrusion detection; however, these methods often suffer from insufficient accuracy, increased computational time, complexity, and higher error rates. To address these issues, this work proposes an innovative solution: \"Advancing IoT Security: A Novel Intrusion Detection System (IDS) for Evolving Threats in Industry 4.0 using optimized Convolutional Sparse Fick's Law Graph Pointtrans-Net (CSFLGPtrans-Net).\" The proposed system utilizes a comprehensive intrusion detection dataset composed of four different datasets: ToN-IoT, NSL-KDD, CSE‑CIC‑IDS2018, and IoT_bot. Initially, the input data undergoes a pre-processing stage that includes cleaning columns and rows, encoding features, and normalizing data. Following this, a hybrid optimization method, combining the Fire Hawk Optimizer with the Spider Wasp Optimizer, is applied for feature selection. This step is crucial for identifying the most significant features to enhance classification accuracy. The refined data is then classified using the CSFLGPtrans-Net model. To ensure secure data transfer, Fuzzy-based Elliptic Curve Cryptography (FECC) is employed. Experimental simulations conducted on the Python platform demonstrate that the proposed method outperforms existing approaches across various performance metrics, achieving a higher accuracy of 98% and a recall of 0.993. These results highlight the method's superior efficiency and potential for further advancement in securing Industry 4.0 environments.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"148 ","pages":"Article 104169"},"PeriodicalIF":4.8,"publicationDate":"2024-10-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142578163","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0