Computers & Security最新文献

英文中文

Techniques and metrics for evasion attack mitigation 规避攻击缓解的技术和指标

IF 5.4 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2025-12-13 DOI: 10.1016/j.cose.2025.104802

Francesco Bergadano , Sandeep Gupta , Bruno Crispo

Evasion attacks pose a substantial risk to the application of Machine Learning (ML) in Cybersecurity, potentially leading to safety hazards or security breaches in large-scale deployments. Adversaries can employ evasion attacks as an initial tactic to deceive malware or network scanners using ML, thereby orchestrating traditional cyber attacks to disrupt systems availability or compromise integrity. Adversarial data designed to fool AI systems for cybersecurity can be engineered by strategically selecting, modifying, or creating test instances. This paper presents novel defender-centric techniques and metrics for mitigating evasion attacks by leveraging adversarial knowledge, exploring potential exploitation methods, and enhancing alarm detection capabilities. We first introduce two new evasion resistance metrics: adversarial failure rate (afr) and adversarial failure curves (afc). These metrics generalize previous approaches, as they can be applied to threshold classifiers, facilitating analyses for adversarial attacks comparable to those performed with Receiver Operating Characteristics (ROC) curve. Subsequently, we propose two novel evasion resistance techniques (trainset size pinning and model matrix), extending research in keyed intrusion detection and randomization. We explore the application of proposed techniques and metrics to an intrusion detection system as a pilot study using two public datasets, ‘BETH 2021’ and ‘Kyoto 2015’, which are well-established cybersecurity datasets for uncertainty and robustness benchmarking. The experimental results demonstrate that the combination of the proposed randomization techniques consistently produces remarkable improvement over other known randomization techniques.

规避攻击对机器学习（ML）在网络安全中的应用构成了重大风险，可能导致大规模部署中的安全隐患或安全漏洞。攻击者可以将逃避攻击作为初始策略，使用ML欺骗恶意软件或网络扫描仪，从而编排传统的网络攻击，以破坏系统可用性或损害完整性。可以通过战略性地选择、修改或创建测试实例来设计用于欺骗人工智能系统进行网络安全的对抗性数据。本文提出了新的以防御者为中心的技术和指标，通过利用对抗性知识、探索潜在的利用方法和增强警报检测能力来减轻逃避攻击。我们首先引入了两个新的规避阻力指标：对抗失败率（afr）和对抗失效曲线（afc）。这些指标概括了以前的方法，因为它们可以应用于阈值分类器，促进对抗性攻击的分析，可与使用接收者操作特征（ROC）曲线进行的分析相媲美。随后，我们提出了两种新的抗规避技术（列车集尺寸固定和模型矩阵），扩展了键控入侵检测和随机化的研究。我们将提出的技术和指标应用于入侵检测系统作为试点研究，使用两个公共数据集“BETH 2021”和“京都2015”，这两个数据集是用于不确定性和鲁棒性基准测试的成熟网络安全数据集。实验结果表明，与其他已知的随机化技术相比，所提出的随机化技术的组合始终产生显著的改进。

{"title":"Techniques and metrics for evasion attack mitigation","authors":"Francesco Bergadano , Sandeep Gupta , Bruno Crispo","doi":"10.1016/j.cose.2025.104802","DOIUrl":"10.1016/j.cose.2025.104802","url":null,"abstract":"<div><div>Evasion attacks pose a substantial risk to the application of Machine Learning (ML) in Cybersecurity, potentially leading to safety hazards or security breaches in large-scale deployments. Adversaries can employ evasion attacks as an initial tactic to deceive malware or network scanners using ML, thereby orchestrating traditional cyber attacks to disrupt systems availability or compromise integrity. Adversarial data designed to fool AI systems for cybersecurity can be engineered by strategically selecting, modifying, or creating test instances. This paper presents novel defender-centric techniques and metrics for mitigating evasion attacks by leveraging adversarial knowledge, exploring potential exploitation methods, and enhancing alarm detection capabilities. We first introduce two new evasion resistance metrics: adversarial failure rate (<em>afr</em>) and adversarial failure curves (<em>afc</em>). These metrics generalize previous approaches, as they can be applied to threshold classifiers, facilitating analyses for adversarial attacks comparable to those performed with Receiver Operating Characteristics (ROC) curve. Subsequently, we propose two novel evasion resistance techniques (trainset size pinning and model matrix), extending research in keyed intrusion detection and randomization. We explore the application of proposed techniques and metrics to an intrusion detection system as a pilot study using two public datasets, ‘BETH 2021’ and ‘Kyoto 2015’, which are well-established cybersecurity datasets for uncertainty and robustness benchmarking. The experimental results demonstrate that the combination of the proposed randomization techniques consistently produces remarkable improvement over other known randomization techniques.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"162 ","pages":"Article 104802"},"PeriodicalIF":5.4,"publicationDate":"2025-12-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145790900","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A systematic review on adversarial thinking in cyber security education: Themes and potential frameworks 网络安全教育中对抗性思维的系统回顾：主题和潜在框架

IF 5.4 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2025-12-10 DOI: 10.1016/j.cose.2025.104803

Thomas Oakley Browne, Eric Pardede

Background: Adversarial thinking is a key component of cybersecurity education, yet its definition and effective teaching approaches remain unclear. This study aims to clarify this concept and provide directions for future research in cybersecurity education.

Methods: A systematic review and thematic analysis were conducted to examine the relevant literature. The study focused on identifying descriptive and analytical themes, as well as potential frameworks for instruction.

Results: A total of 95 articles were analysed, yielding 89 concepts grouped into 4 main themes and 15 sub-themes. Analysis identified 2 analytical themes and 17 frameworks utilised in interventions.

Discussion: The identified themes provide a basis for defining learning objectives and developing validated assessments. While some frameworks show promise, they are most effective for specific aspects of adversarial thinking. The creation of an overarching educational framework is recommended.

背景：对抗性思维是网络安全教育的关键组成部分，但其定义和有效的教学方法尚不清楚。本研究旨在厘清这一概念，为未来网络安全教育的研究提供方向。方法：对相关文献进行系统回顾和专题分析。这项研究的重点是确定描述性和分析性主题，以及可能的教学框架。结果：共分析95篇文章，产生89个概念，分为4个主题和15个副主题。分析确定了干预措施中使用的2个分析主题和17个框架。讨论：确定的主题为定义学习目标和开发有效的评估提供了基础。虽然一些框架显示出希望，但它们对对抗性思维的特定方面最有效。建议建立一个全面的教育框架。

引用次数: 0

Security and regulation: Cybersecurity, privacy, and trust- protecting information and ensuring responsible technology use 安全和监管：网络安全、隐私和信任——保护信息和确保负责任的技术使用

IF 5.4 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2025-12-09 DOI: 10.1016/j.cose.2025.104804

Katina Michael , Rebecca Herold , George Roussos

引用次数: 0

An 〈entity, organization〉 integrated access control model 一个<实体、组织>集成访问控制模型

IF 5.4 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2025-12-06 DOI: 10.1016/j.cose.2025.104799

Ruijun Zhang , Chengyi Lu , Yang Wu , Zexi Zhang

Literature indicates that traditional access control models face critical challenges in dynamic business environments, including excessive storage costs, delayed permission adjustments, and insufficient precision in cross-departmental collaboration. To solve these problems, we propose an <entity, organization>-integrated access control model (EO-IAC).The model utilizes quad-dimensional dynamic permission entities to generate policy sets in real time, and combines with hierarchical resource classification strategies to automate data ownership labeling. It innovatively adopts an orthogonally decoupled architecture separating business permissions from data permissions, reducing permission storage complexity from the combinatorial explosion of traditional models to linear scale. The model integrates task-based dynamic authorization mechanisms and lightweight permission generation/verification algorithms to resolve cross-departmental fine-grained control failures. Experiments show EO-IAC model reduces storage overhead by 1–2 orders of magnitude compared to RBAC and ABAC in manufacturing scenarios, while decreasing high-frequency access latency by at least 15%. This study provides a lightweight solution for zero-trust access control in dynamic environments.

文献表明，传统的访问控制模型在动态的业务环境中面临着严峻的挑战，包括存储成本过高、权限调整延迟、跨部门协作精度不足等。为了解决这些问题，我们提出了实体、组织集成访问控制模型（EO-IAC）。该模型利用四维动态权限实体实时生成策略集，并结合分层资源分类策略实现数据所有权自动标注。创新采用正交解耦架构，将业务权限与数据权限分离，将传统模型的组合爆炸式的权限存储复杂度降低到线性规模。该模型集成了基于任务的动态授权机制和轻量级权限生成/验证算法，以解决跨部门的细粒度控制故障。实验表明，与RBAC和ABAC相比，EO-IAC模型在制造场景下将存储开销降低了1-2个数量级，同时将高频访问延迟降低了至少15%。本研究为动态环境下的零信任访问控制提供了一个轻量级的解决方案。

{"title":"An 〈entity, organization〉 integrated access control model","authors":"Ruijun Zhang , Chengyi Lu , Yang Wu , Zexi Zhang","doi":"10.1016/j.cose.2025.104799","DOIUrl":"10.1016/j.cose.2025.104799","url":null,"abstract":"<div><div>Literature indicates that traditional access control models face critical challenges in dynamic business environments, including excessive storage costs, delayed permission adjustments, and insufficient precision in cross-departmental collaboration. To solve these problems, we propose an <entity, organization>-integrated access control model (EO-IAC).The model utilizes quad-dimensional dynamic permission entities to generate policy sets in real time, and combines with hierarchical resource classification strategies to automate data ownership labeling. It innovatively adopts an orthogonally decoupled architecture separating business permissions from data permissions, reducing permission storage complexity from the combinatorial explosion of traditional models to linear scale. The model integrates task-based dynamic authorization mechanisms and lightweight permission generation/verification algorithms to resolve cross-departmental fine-grained control failures. Experiments show EO-IAC model reduces storage overhead by 1–2 orders of magnitude compared to RBAC and ABAC in manufacturing scenarios, while decreasing high-frequency access latency by at least 15%. This study provides a lightweight solution for zero-trust access control in dynamic environments.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"162 ","pages":"Article 104799"},"PeriodicalIF":5.4,"publicationDate":"2025-12-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145738724","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

BeaCon: Automatic container policy generation using environment-aware dynamic analysis BeaCon：使用环境感知动态分析自动生成容器策略

IF 5.4 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2025-12-05 DOI: 10.1016/j.cose.2025.104789

Haney Kang , Eduard Marin , Myoungsung You , Diego Perino , Seungwon Shin , Jinwoo Kim

This paper introduces BeaCon, a novel tool for the automated generation of adjustable container security policies. Unlike prior approaches, BeaCon leverages dynamic analysis to simulate realistic environments, uncovering container execution paths that may remain hidden during the profiling phase. To address the challenge of exploring vast profiling spaces, we employ efficient heuristics to reveal additional system events with minimal effort. In addition, BeaCon incorporates a security and functionality scoring mechanism to prioritize system calls and capabilities based on their impact on the host OS kernel’s security and the functionality of containerized applications. By integrating these scores, BeaCon achieves a customized balance between security and functionality, enabling cloud providers to enforce security measures while maintaining tenant availability. We implemented a prototype of BeaCon using eBPF kernel technology and conducted extensive evaluations. Results from the top 15 containers, which revealed significant improvements, demonstrate that BeaCon identifies an average of 16.5 % additional syscalls by applying diverse environments. Furthermore, we evaluated its effectiveness in mitigating risks associated with 45 known vulnerabilities (e.g., CVEs), showcasing its potential to significantly enhance container security. Additionally, we performed proof-of-concept demonstrations for two well-known security vulnerabilities, showing that BeaCon successfully reduces attack surface by blocking these exploits.

本文介绍了一种用于自动生成可调容器安全策略的新工具BeaCon。与之前的方法不同，BeaCon利用动态分析来模拟真实的环境，揭示在分析阶段可能仍然隐藏的容器执行路径。为了解决探索巨大分析空间的挑战，我们使用有效的启发式方法以最小的努力揭示额外的系统事件。此外，BeaCon还集成了一个安全性和功能性评分机制，根据系统调用和功能对主机操作系统内核安全性和容器化应用程序功能的影响对它们进行优先级排序。通过集成这些分数，BeaCon实现了安全性和功能之间的自定义平衡，使云提供商能够在维护租户可用性的同时实施安全措施。我们使用eBPF内核技术实现了一个BeaCon原型，并进行了广泛的评估。来自前15个容器的结果显示了显著的改进，表明通过应用不同的环境，BeaCon平均识别出16.5%的额外系统调用。此外，我们评估了其在降低45个已知漏洞（例如cve）相关风险方面的有效性，展示了其显著增强容器安全性的潜力。此外，我们对两个众所周知的安全漏洞进行了概念验证演示，表明BeaCon通过阻止这些漏洞成功地减少了攻击面。

{"title":"BeaCon: Automatic container policy generation using environment-aware dynamic analysis","authors":"Haney Kang , Eduard Marin , Myoungsung You , Diego Perino , Seungwon Shin , Jinwoo Kim","doi":"10.1016/j.cose.2025.104789","DOIUrl":"10.1016/j.cose.2025.104789","url":null,"abstract":"<div><div>This paper introduces <span>BeaCon</span>, a novel tool for the automated generation of adjustable container security policies. Unlike prior approaches, <span>BeaCon</span> leverages dynamic analysis to simulate realistic environments, uncovering container execution paths that may remain hidden during the profiling phase. To address the challenge of exploring vast profiling spaces, we employ efficient heuristics to reveal additional system events with minimal effort. In addition, <span>BeaCon</span> incorporates a security and functionality scoring mechanism to prioritize system calls and capabilities based on their impact on the host OS kernel’s security and the functionality of containerized applications. By integrating these scores, <span>BeaCon</span> achieves a customized balance between security and functionality, enabling cloud providers to enforce security measures while maintaining tenant availability. We implemented a prototype of <span>BeaCon</span> using eBPF kernel technology and conducted extensive evaluations. Results from the top 15 containers, which revealed significant improvements, demonstrate that <span>BeaCon</span> identifies an average of 16.5 % additional syscalls by applying diverse environments. Furthermore, we evaluated its effectiveness in mitigating risks associated with 45 known vulnerabilities (e.g., CVEs), showcasing its potential to significantly enhance container security. Additionally, we performed proof-of-concept demonstrations for two well-known security vulnerabilities, showing that <span>BeaCon</span> successfully reduces attack surface by blocking these exploits.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"162 ","pages":"Article 104789"},"PeriodicalIF":5.4,"publicationDate":"2025-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145738725","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

The Reverse File System: Towards open cost-effective secure WORM storage devices for logging 反向文件系统：迈向开放、经济、安全的WORM日志存储设备

IF 5.4 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2025-12-05 DOI: 10.1016/j.cose.2025.104786

Gorka Guardiola Múzquiz, Juan González-Gómez, Enrique Soriano-Salvador

Write Once Read Many (WORM) properties for storage devices are desirable to ensure data immutability for applications such as secure logging, regulatory compliance, archival storage, and other types of backup systems. WORM devices guarantee that data, once written, cannot be altered or deleted. However, implementing secure and compatible WORM storage remains a challenge. Traditional solutions often rely on specialized hardware, which is either costly, closed, or inaccessible to the general public. Distributed approaches, while promising, introduce additional risks such as denial-of-service vulnerabilities and operational complexity. We introduce Socarrat, a novel, cost-effective, and local WORM storage solution that leverages a simple external USB device-specifically, a single-board computer running Linux with USB On-The-Go (OTG) support. The resulting device can be connected via USB, appearing as an ordinary external disk formatted with an ext4 or exFAT file system, without requiring any specialized software or drivers. By isolating the WORM enforcement mechanism in a dedicated USB hardware module, Socarrat significantly reduces the attack surface and ensures that even privileged attackers cannot modify or erase stored data. In addition to the WORM capacity, the system is designed to be tamper-evident, becoming resilient against advanced attacks. This work describes a novel approach, the Reverse File System, based on inferring the file system operations occurring at higher layers in the host computer where Socarrat is mounted. The paper also describes the current Socarrat prototype, implemented in Go and available as free/libre software. Finally, it provides a complete evaluation of the logging performance on different single-board computers.

存储设备的WORM （Write Once Read Many）属性对于安全日志记录、法规遵从性、归档存储和其他类型的备份系统等应用程序来说是必要的，可以确保数据的不变性。WORM设备保证数据写入后不能被修改或删除。然而，实现安全兼容的WORM存储仍然是一个挑战。传统的解决方案通常依赖于专门的硬件，这些硬件要么价格昂贵，要么是封闭的，要么是公众无法访问的。分布式方法虽然很有前途，但也带来了额外的风险，比如拒绝服务漏洞和操作复杂性。我们介绍Socarrat，这是一种新颖的、具有成本效益的本地WORM存储解决方案，它利用一个简单的外部USB设备——具体来说，是一台运行Linux并支持USB on - go （OTG）的单板计算机。生成的设备可以通过USB连接，看起来像一个用ext4或exFAT文件系统格式化的普通外部磁盘，不需要任何专门的软件或驱动程序。通过将WORM强制机制隔离在专用的USB硬件模块中，Socarrat大大减少了攻击面，并确保即使是特权攻击者也无法修改或删除存储的数据。除了WORM能力外，该系统还具有防篡改能力，能够抵御高级攻击。这项工作描述了一种新颖的方法，反向文件系统，基于推断在安装Socarrat的主机上发生的更高层的文件系统操作。本文还描述了当前的Socarrat原型，它是用Go语言实现的，并且是免费/自由软件。最后，它提供了在不同单板计算机上的日志记录性能的完整评估。

{"title":"The Reverse File System: Towards open cost-effective secure WORM storage devices for logging","authors":"Gorka Guardiola Múzquiz, Juan González-Gómez, Enrique Soriano-Salvador","doi":"10.1016/j.cose.2025.104786","DOIUrl":"10.1016/j.cose.2025.104786","url":null,"abstract":"<div><div>Write Once Read Many (WORM) properties for storage devices are desirable to ensure data immutability for applications such as secure logging, regulatory compliance, archival storage, and other types of backup systems. WORM devices guarantee that data, once written, cannot be altered or deleted. However, implementing secure and compatible WORM storage remains a challenge. Traditional solutions often rely on specialized hardware, which is either costly, closed, or inaccessible to the general public. Distributed approaches, while promising, introduce additional risks such as denial-of-service vulnerabilities and operational complexity. We introduce Socarrat, a novel, cost-effective, and local WORM storage solution that leverages a simple external USB device-specifically, a single-board computer running Linux with USB On-The-Go (OTG) support. The resulting device can be connected via USB, appearing as an ordinary external disk formatted with an ext4 or exFAT file system, without requiring any specialized software or drivers. By isolating the WORM enforcement mechanism in a dedicated USB hardware module, Socarrat significantly reduces the attack surface and ensures that even privileged attackers cannot modify or erase stored data. In addition to the WORM capacity, the system is designed to be tamper-evident, becoming resilient against advanced attacks. This work describes a novel approach, the Reverse File System, based on inferring the file system operations occurring at higher layers in the host computer where Socarrat is mounted. The paper also describes the current Socarrat prototype, implemented in Go and available as free/libre software. Finally, it provides a complete evaluation of the logging performance on different single-board computers.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"162 ","pages":"Article 104786"},"PeriodicalIF":5.4,"publicationDate":"2025-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145790901","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Secure communication networks and distributed systems for a resilient society 弹性社会的安全通信网络和分布式系统

IF 5.4 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2025-12-04 DOI: 10.1016/j.cose.2025.104791

Mathias Fischer , Joaquin Garcia-Alfaro , Dogan Kesdogan , Zoltán Ádám Mann

Given the central role of modern digital technologies, it is crucial that digital infrastructures and information systems be resilient. Yet, communication networks and interconnected IT systems are not always secure nor reliable. They are susceptible to design and implementation flaws, which make them vulnerable to attacks. This briefing paper aims to examine the root causes of this problem and how we could address them. We start by exploring some practical scenarios that demonstrate failures in the construction of secure networks and distributed systems. We then explore technical and non-technical challenges as potential root causes of these failures and conclude with a call to action to address the issues. We find that several stakeholder groups – particularly researchers, developers, decision-makers, and policy-makers – must take action to ensure that networks and distributed systems become more secure and resilient in the future.

鉴于现代数字技术的核心作用，数字基础设施和信息系统具有弹性至关重要。然而，通信网络和互联的IT系统并不总是安全可靠的。它们容易受到设计和实现缺陷的影响，这使得它们容易受到攻击。本简报旨在探讨这一问题的根源，以及我们如何解决这些问题。我们首先探索一些实际场景，这些场景演示了安全网络和分布式系统构建中的故障。然后，我们将探讨技术和非技术挑战作为这些失败的潜在根本原因，并以呼吁采取行动来解决问题作为结论。我们发现，几个利益相关者群体——特别是研究人员、开发人员、决策者和政策制定者——必须采取行动，确保网络和分布式系统在未来变得更加安全和有弹性。

引用次数: 0

Systematic mapping study to assess security landscape for IoT-based smart farming systems 系统测绘研究，评估基于物联网的智能农业系统的安全景观

IF 5.4 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2025-12-03 DOI: 10.1016/j.cose.2025.104790

Farzana Zahid , Xiao Chen , Shaleeza Sohail , Boyang Li , Melanie Po-Leen Ooi

Smart farming systems sit at the intersection between three rapidly and independently advancing fields of IoT, Security, and Machine Learning. Its full realisation has tremendous positive impacts on food production; yet agricultural settings come with unique challenges that inhibit the rapid deployment of such state-of-the-art technologies. In this paper, we systematically study the current state of security for IoT-based smart farming research and development landscape and assess the proposed security solutions through the lens of technology readiness levels (TRL) and ISO/IEC 25010 security product evaluation framework. By analysing forty-eight primary studies, we identified the top security technologies under development, the critical security threats being addressed, and the most popularly used machine learning-based security solutions. Furthermore, we found that most of the ISO/IEC 25010 security characteristics considered by the security solutions are currently below TRL 6, indicating that they are well below the deployment readiness levels. Therefore, we recommend several supporting transitional technologies be developed to move the prototype development towards system validation and deployment to avoid the technology “valley of death”, such as farming-specific intrusion detection public datasets and large-scale IoT agriculture testbeds to validate the interoperability and transparency of security solutions at different layers. This systematic mapping study, together with a TRL assessment and ISO 25010 standard mapping, is the first of its kind, intending to provide a standardised comparison of the current state of security technologies for IoT-based smart farms to define a clear roadmap for future research and development. It provides a common terminology for the multidisciplinary stakeholders of smart farming to distinguish between theoretical security concepts and ready-to-deploy solutions, facilitating crucial decisions for investment, deployment, and commercialisation.

智能农业系统位于物联网、安全和机器学习这三个快速且独立发展的领域的交叉点。它的充分实现对粮食生产具有巨大的积极影响；然而，农业环境面临着独特的挑战，阻碍了这些最先进技术的快速部署。在本文中，我们系统地研究了基于物联网的智能农业研发领域的安全现状，并通过技术就绪水平（TRL）和ISO/IEC 25010安全产品评估框架来评估提出的安全解决方案。通过分析48项主要研究，我们确定了正在开发的顶级安全技术，正在解决的关键安全威胁，以及最常用的基于机器学习的安全解决方案。此外，我们发现安全解决方案考虑的大多数ISO/IEC 25010安全特性目前都低于TRL 6，这表明它们远低于部署准备级别。因此，我们建议开发几种支持性过渡技术，将原型开发转向系统验证和部署，以避免技术“死亡之谷”，例如针对农业的入侵检测公共数据集和大规模物联网农业测试平台，以验证不同层安全解决方案的互操作性和透明度。这项系统的测绘研究，连同TRL评估和ISO 25010标准测绘，是同类研究中的第一个，旨在为基于物联网的智能农场提供安全技术现状的标准化比较，为未来的研究和发展定义明确的路线图。它为智能农业的多学科利益相关者提供了一个通用术语，以区分理论安全概念和准备部署的解决方案，促进投资、部署和商业化的关键决策。

{"title":"Systematic mapping study to assess security landscape for IoT-based smart farming systems","authors":"Farzana Zahid , Xiao Chen , Shaleeza Sohail , Boyang Li , Melanie Po-Leen Ooi","doi":"10.1016/j.cose.2025.104790","DOIUrl":"10.1016/j.cose.2025.104790","url":null,"abstract":"<div><div>Smart farming systems sit at the intersection between three rapidly and independently advancing fields of IoT, Security, and Machine Learning. Its full realisation has tremendous positive impacts on food production; yet agricultural settings come with unique challenges that inhibit the rapid deployment of such state-of-the-art technologies. In this paper, we systematically study the current state of security for IoT-based smart farming research and development landscape and assess the proposed security solutions through the lens of technology readiness levels (TRL) and ISO/IEC 25010 security product evaluation framework. By analysing forty-eight primary studies, we identified the top security technologies under development, the critical security threats being addressed, and the most popularly used machine learning-based security solutions. Furthermore, we found that most of the ISO/IEC 25010 security characteristics considered by the security solutions are currently below TRL 6, indicating that they are well below the deployment readiness levels. Therefore, we recommend several supporting transitional technologies be developed to move the prototype development towards system validation and deployment to avoid the technology “valley of death”, such as farming-specific intrusion detection public datasets and large-scale IoT agriculture testbeds to validate the interoperability and transparency of security solutions at different layers. This systematic mapping study, together with a TRL assessment and ISO 25010 standard mapping, is the first of its kind, intending to provide a standardised comparison of the current state of security technologies for IoT-based smart farms to define a clear roadmap for future research and development. It provides a common terminology for the multidisciplinary stakeholders of smart farming to distinguish between theoretical security concepts and ready-to-deploy solutions, facilitating crucial decisions for investment, deployment, and commercialisation.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"162 ","pages":"Article 104790"},"PeriodicalIF":5.4,"publicationDate":"2025-12-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145738646","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Looking from the Past to the Future 从过去展望未来

IF 5.4 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2025-12-03 DOI: 10.1016/j.cose.2025.104792

Eugene H. Spafford

引用次数: 0

A unified modeling framework for automated penetration testing 用于自动化渗透测试的统一建模框架

IF 5.4 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2025-12-02 DOI: 10.1016/j.cose.2025.104787

Yunfei Wang , Shixuan Liu , Wenhao Wang , Changling Zhou , Chao Zhang , Jiandong Jin , Cheng Zhu

Recent advancements in AI-integrated automated penetration testing (AutoPT) methodologies demonstrate that agent training based on simulation modeling can significantly enhance cost-efficiency while reducing feedback latency. However, despite the growing body of AutoPT research, a critical gap remains: the absence of a unified framework for simulation modeling methods. This paper systematically reviews and synthesizes existing techniques, proposing MDCPM to categorize studies based on their objectives, network simulation complexity, technical and tactical operation dependencies, and scenario feedback and variation. To address the lack of a unified method for multi-dimensional, multi-level simulation modeling, especially in dynamic environments, we propose AutoPT-Sim, a novel policy-automation-driven framework capable of simulating arbitrary sub-dimensional element across three key dimensions. AutoPT-Sim offers a holistic approach to modeling network environments, attackers, and defenders, overcoming the limitations of static and linear modeling techniques. Furthermore, we contribute a standardized network environment dataset and a network generator tool capable of generating networks of diverse sizes. By seamlessly integrating such datasets, AutoPT-Sim enables diverse simulation modeling levels for policy automation in MDCPM, while the network generator empowers researchers to create customized target network data, supporting tailored experimentation.

人工智能集成自动渗透测试（AutoPT）方法的最新进展表明，基于仿真建模的智能体训练可以显著提高成本效率，同时减少反馈延迟。然而，尽管对自动驾驶的研究越来越多，但一个关键的差距仍然存在：缺乏统一的仿真建模方法框架。本文系统回顾和综合现有技术，提出MDCPM，根据研究目标、网络仿真复杂性、技战术操作依赖性、场景反馈和变化对研究进行分类。为了解决多维、多层次仿真建模缺乏统一方法的问题，特别是在动态环境中，我们提出了AutoPT-Sim，这是一种新颖的策略自动化驱动框架，能够跨三个关键维度模拟任意子维度元素。AutoPT-Sim提供了一种全面的方法来建模网络环境，攻击者和防御者，克服了静态和线性建模技术的局限性。此外，我们还提供了一个标准化的网络环境数据集和一个能够生成不同大小网络的网络生成器工具。通过无缝集成这些数据集，AutoPT-Sim为MDCPM中的策略自动化提供了不同的仿真建模级别，而网络生成器使研究人员能够创建定制的目标网络数据，支持量身定制的实验。

{"title":"A unified modeling framework for automated penetration testing","authors":"Yunfei Wang , Shixuan Liu , Wenhao Wang , Changling Zhou , Chao Zhang , Jiandong Jin , Cheng Zhu","doi":"10.1016/j.cose.2025.104787","DOIUrl":"10.1016/j.cose.2025.104787","url":null,"abstract":"<div><div>Recent advancements in AI-integrated automated penetration testing (AutoPT) methodologies demonstrate that agent training based on simulation modeling can significantly enhance cost-efficiency while reducing feedback latency. However, despite the growing body of AutoPT research, a critical gap remains: the absence of a unified framework for simulation modeling methods. This paper systematically reviews and synthesizes existing techniques, proposing MDCPM to categorize studies based on their objectives, network simulation complexity, technical and tactical operation dependencies, and scenario feedback and variation. To address the lack of a unified method for multi-dimensional, multi-level simulation modeling, especially in dynamic environments, we propose AutoPT-Sim, a novel policy-automation-driven framework capable of simulating arbitrary sub-dimensional element across three key dimensions. AutoPT-Sim offers a holistic approach to modeling network environments, attackers, and defenders, overcoming the limitations of static and linear modeling techniques. Furthermore, we contribute a standardized network environment dataset and a network generator tool capable of generating networks of diverse sizes. By seamlessly integrating such datasets, AutoPT-Sim enables diverse simulation modeling levels for policy automation in MDCPM, while the network generator empowers researchers to create customized target network data, supporting tailored experimentation.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"162 ","pages":"Article 104787"},"PeriodicalIF":5.4,"publicationDate":"2025-12-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145685331","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

首页上一页

下一页尾页

类型

全部化学•材料生命科学医学物理工程技术环境•农林材料科学地球科学法学管理学化学环境科学与生态学计算机科学教育学经济学农林科学人文科学生物学数学物理与天体物理心理学综合性期刊其他工业工程理学历史学农学文学信息工程

数据库

全部 ACS Publications Elsevier ieeexplore Springer The Royal Society of Chemistry Wiley

期刊

Computers & Security

全部 Acc. Chem. Res. ACS Applied Bio Materials ACS Appl. Electron. Mater. ACS Appl. Energy Mater. ACS Appl. Mater. Interfaces ACS Appl. Nano Mater. ACS Appl. Polym. Mater. ACS BIOMATER-SCI ENG ACS Catal. ACS Cent. Sci. ACS Chem. Biol. ACS Chemical Health & Safety ACS Chem. Neurosci. ACS Comb. Sci. ACS Earth Space Chem. ACS Energy Lett. ACS Infect. Dis. ACS Macro Lett. ACS Mater. Lett. ACS Med. Chem. Lett. ACS Nano ACS Omega ACS Photonics ACS Sens. ACS Sustainable Chem. Eng. ACS Synth. Biol. Anal. Chem. BIOCHEMISTRY-US Bioconjugate Chem. BIOMACROMOLECULES Chem. Res. Toxicol. Chem. Rev. Chem. Mater. CRYST GROWTH DES ENERG FUEL Environ. Sci. Technol. Environ. Sci. Technol. Lett. Eur. J. Inorg. Chem. IND ENG CHEM RES Inorg. Chem. J. Agric. Food. Chem. J. Chem. Eng. Data J. Chem. Educ. J. Chem. Inf. Model. J. Chem. Theory Comput. J. Med. Chem. J. Nat. Prod. J PROTEOME RES J. Am. Chem. Soc. LANGMUIR MACROMOLECULES Mol. Pharmaceutics Nano Lett. Org. Lett. ORG PROCESS RES DEV ORGANOMETALLICS J. Org. Chem. J. Phys. Chem. J. Phys. Chem. A J. Phys. Chem. B J. Phys. Chem. C J. Phys. Chem. Lett. Analyst Anal. Methods Biomater. Sci. Catal. Sci. Technol. Chem. Commun. Chem. Soc. Rev. CHEM EDUC RES PRACT CRYSTENGCOMM Dalton Trans. Energy Environ. Sci. ENVIRON SCI-NANO ENVIRON SCI-PROC IMP ENVIRON SCI-WAT RES Faraday Discuss. Food Funct. Green Chem. Inorg. Chem. Front. Integr. Biol. J. Anal. At. Spectrom. J. Mater. Chem. A J. Mater. Chem. B J. Mater. Chem. C Lab Chip Mater. Chem. Front. Mater. Horiz. MEDCHEMCOMM Metallomics Mol. Biosyst. Mol. Syst. Des. Eng. Nanoscale Nanoscale Horiz. Nat. Prod. Rep. New J. Chem. Org. Biomol. Chem. Org. Chem. Front. PHOTOCH PHOTOBIO SCI PCCP Polym. Chem.

﹀