Computers & Security最新文献_第5页

Human-centric security for smart homes: A scoping review 以人为中心的智能家居安全：范围审查

IF 5.4 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2025-11-17 DOI: 10.1016/j.cose.2025.104762

Wanling Cai , Liliana Pasquale , Kushal Ramkumar , John McCarthy , Bashar Nuseibeh , Gavin Doherty

Smart home technologies, like cameras, door locks, and speakers, are increasingly used in our everyday lives. However, their continuous data collection and internet connectivity pose various security risks. While research on smart home security has mainly focused on technological aspects, human experience and societal factors also play a crucial role. Various human and social factors, such as user experience with smart home devices, security design processes, and government regulations, are intertwined and influence each other, affecting smart home security. It is therefore important to understand and consider these interconnected factors in technology design to secure homes that contain increasingly connected devices. This scoping review provides an overview of current human-centered studies (N=102) on smart home security, which aims to help researchers and practitioners better navigate this field. We present a conceptual framework that outlines key challenges in ensuring smart home security with a synthesis of insights on contributing human factors. We then summarize general security design principles and map existing user-centred security approaches in smart homes, and highlight research directions for future investigation. Beyond mapping existing studies, the review reveals a growing emphasis on engaging multiple stakeholders, especially smart home users, in shaping human-centered security.

智能家居技术，如摄像头、门锁和扬声器，越来越多地应用于我们的日常生活中。然而，它们持续的数据收集和互联网连接带来了各种安全风险。虽然对智能家居安全的研究主要集中在技术方面，但人的经验和社会因素也起着至关重要的作用。智能家居设备的用户体验、安全设计过程、政府法规等各种人为因素和社会因素相互交织，相互影响，影响智能家居安全。因此，在技术设计中理解和考虑这些相互关联的因素是很重要的，以确保包含越来越多连接设备的家庭安全。本综述概述了当前以人为中心的智能家居安全研究（N=102），旨在帮助研究人员和从业者更好地驾驭这一领域。我们提出了一个概念框架，概述了确保智能家居安全的关键挑战，并综合了对人为因素的见解。然后，我们总结了一般的安全设计原则，并绘制了智能家居中现有的以用户为中心的安全方法，并强调了未来调查的研究方向。除了绘制现有研究之外，该审查还显示，在塑造以人为本的安全方面，越来越强调让多个利益相关者（尤其是智能家居用户）参与进来。

{"title":"Human-centric security for smart homes: A scoping review","authors":"Wanling Cai , Liliana Pasquale , Kushal Ramkumar , John McCarthy , Bashar Nuseibeh , Gavin Doherty","doi":"10.1016/j.cose.2025.104762","DOIUrl":"10.1016/j.cose.2025.104762","url":null,"abstract":"<div><div>Smart home technologies, like cameras, door locks, and speakers, are increasingly used in our everyday lives. However, their continuous data collection and internet connectivity pose various security risks. While research on smart home security has mainly focused on technological aspects, human experience and societal factors also play a crucial role. Various human and social factors, such as user experience with smart home devices, security design processes, and government regulations, are intertwined and influence each other, affecting smart home security. It is therefore important to understand and consider these interconnected factors in technology design to secure homes that contain increasingly connected devices. This scoping review provides an overview of current human-centered studies (N=102) on smart home security, which aims to help researchers and practitioners better navigate this field. We present a conceptual framework that outlines key challenges in ensuring smart home security with a synthesis of insights on contributing human factors. We then summarize general security design principles and map existing user-centred security approaches in smart homes, and highlight research directions for future investigation. Beyond mapping existing studies, the review reveals a growing emphasis on engaging multiple stakeholders, especially smart home users, in shaping human-centered security.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"162 ","pages":"Article 104762"},"PeriodicalIF":5.4,"publicationDate":"2025-11-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145738726","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Technostress and information security – A review and research agenda of security-related stress 技术压力和信息安全-安全相关压力的回顾和研究议程

IF 5.4 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2025-11-17 DOI: 10.1016/j.cose.2025.104776

Antony Mullins, Nik Thompson

Technostress is a growing concern for organisations, given the negative impacts of stress on employees' job satisfaction, productivity, and intention to comply with or violate policies. Security-related stress (SRS), a dimension of technostress, addresses how security-related activities, such as information technology compliance, can impact an individual's stress. Addressing security-related stress research is vital, given it can help identify factors that can both enhance employee well-being and strengthen an organisation's security posture. In this paper, we systematically review the literature from the past two decades addressing security-related stress and identify twenty-seven relevant studies for analysis. We make contributions in three areas. Firstly, we discover the predominant theoretical frameworks and models that address security-related stress while examining key factors and constructs that examine security-related stress. Secondly, we describe how security-related stress is measured and what interventions have proven effective in reducing it. Finally, based on our comprehensive analysis, we present a research agenda to inform future research directions of security-related stress.

鉴于压力对员工的工作满意度、生产力以及遵守或违反政策的意图的负面影响，技术压力越来越受到组织的关注。安全相关压力（SRS）是技术压力的一个维度，涉及与安全相关的活动（如信息技术遵从性）如何影响个人的压力。解决与安全相关的压力研究是至关重要的，因为它可以帮助确定既能提高员工幸福感又能加强组织安全态势的因素。在本文中，我们系统地回顾了过去二十年来关于安全相关压力的文献，并确定了27项相关研究进行分析。我们在三个方面作出贡献。首先，我们发现了解决安全相关压力的主要理论框架和模型，同时研究了检查安全相关压力的关键因素和结构。其次，我们描述了与安全相关的压力是如何测量的，以及哪些干预措施被证明是有效的。最后，在综合分析的基础上，提出了安全相关应力的研究方向。

{"title":"Technostress and information security – A review and research agenda of security-related stress","authors":"Antony Mullins, Nik Thompson","doi":"10.1016/j.cose.2025.104776","DOIUrl":"10.1016/j.cose.2025.104776","url":null,"abstract":"<div><div>Technostress is a growing concern for organisations, given the negative impacts of stress on employees' job satisfaction, productivity, and intention to comply with or violate policies. Security-related stress (SRS), a dimension of technostress, addresses how security-related activities, such as information technology compliance, can impact an individual's stress. Addressing security-related stress research is vital, given it can help identify factors that can both enhance employee well-being and strengthen an organisation's security posture. In this paper, we systematically review the literature from the past two decades addressing security-related stress and identify twenty-seven relevant studies for analysis. We make contributions in three areas. Firstly, we discover the predominant theoretical frameworks and models that address security-related stress while examining key factors and constructs that examine security-related stress. Secondly, we describe how security-related stress is measured and what interventions have proven effective in reducing it. Finally, based on our comprehensive analysis, we present a research agenda to inform future research directions of security-related stress.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"161 ","pages":"Article 104776"},"PeriodicalIF":5.4,"publicationDate":"2025-11-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145624650","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A formal approach for security pattern enforcement in software architecture 一种在软件体系结构中实施安全模式的正式方法

IF 5.4 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2025-11-17 DOI: 10.1016/j.cose.2025.104749

Quentin Rouland , Kamel Adi , Omer Nguena Timo , Luigi Logrippo

The use of security patterns has been recognized as effective in mitigating vulnerabilities in software systems. However, it is still not well understood how they can be applied systematically and effectively in concrete systems to achieve the best results. We present a formal approach based on the Alloy model checker to detect information disclosure vulnerabilities and enforce appropriate security patterns automatically. The approach helps improve the overall security posture of software systems while reducing the dependence on manual security analysis. We demonstrate the usability of our approach through the use case of a Smart Meter Gateway. The proposed approach is generic and constitutes a significant advancement toward systematic methods for designing secure software systems.

安全模式的使用在减轻软件系统中的漏洞方面被认为是有效的。然而，如何将它们系统有效地应用于具体系统中，以达到最佳效果，仍未得到很好的理解。我们提出了一种基于Alloy模型检查器的正式方法来检测信息披露漏洞并自动执行适当的安全模式。该方法有助于提高软件系统的整体安全状态，同时减少对人工安全分析的依赖。我们通过智能电表网关的用例展示了我们方法的可用性。所提出的方法是通用的，并且构成了设计安全软件系统的系统化方法的重大进步。

引用次数: 0

SecTracer: A framework for uncovering the root causes of network intrusions via security provenance SecTracer：通过安全来源发现网络入侵的根本原因的框架

IF 5.4 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2025-11-17 DOI: 10.1016/j.cose.2025.104760

Seunghyeon Lee , Hyunmin Seo , Hwanjo Heo , Anduo Wang , Seungwon Shin , Jinwoo Kim

Modern enterprise networks comprise diverse and heterogeneous systems that support a wide range of services, making it challenging for administrators to track and analyze sophisticated attacks such as advanced persistent threats (APTs), which often exploit multiple vectors. To address this challenge, we introduce the concept of network-level security provenance, which enables the systematic establishment of causal relationships across hosts at the network level, facilitating the accurate identification of the root causes of security incidents. Building on this concept, we present SecTracer as a framework for a network-wide provenance analysis. SecTracer offers three main contributions: (i) comprehensive and efficient forensic data collection in enterprise networks via software-defined networking (SDN), (ii) reconstruction of attack histories through provenance graphs to provide a clear and interpretable view of intrusions, and (iii) proactive attack prediction using probabilistic models. We evaluated the effectiveness and efficiency of SecTracer through a real-world APT simulation, demonstrating its capability to enhance threat mitigation while introducing less than 1 % network throughput overhead and negligible latency impact.

现代企业网络包含多种异构系统，这些系统支持广泛的服务，这使得管理员很难跟踪和分析复杂的攻击，例如高级持久威胁（apt），这些攻击通常利用多个向量。为了应对这一挑战，我们引入了网络级安全溯源的概念，它可以在网络级系统地建立跨主机的因果关系，从而有助于准确识别安全事件的根本原因。在这个概念的基础上，我们提出了SecTracer作为一个框架，用于整个网络的来源分析。SecTracer提供了三个主要贡献：(i)通过软件定义网络（SDN）在企业网络中全面有效地收集取证数据；（ii）通过来源图重建攻击历史，以提供清晰且可解释的入侵视图；（iii）使用概率模型进行主动攻击预测。我们通过真实世界的APT模拟评估了SecTracer的有效性和效率，展示了其增强威胁缓解的能力，同时引入不到1%的网络吞吐量开销和可忽略的延迟影响。

{"title":"SecTracer: A framework for uncovering the root causes of network intrusions via security provenance","authors":"Seunghyeon Lee , Hyunmin Seo , Hwanjo Heo , Anduo Wang , Seungwon Shin , Jinwoo Kim","doi":"10.1016/j.cose.2025.104760","DOIUrl":"10.1016/j.cose.2025.104760","url":null,"abstract":"<div><div>Modern enterprise networks comprise diverse and heterogeneous systems that support a wide range of services, making it challenging for administrators to track and analyze sophisticated attacks such as advanced persistent threats (APTs), which often exploit multiple vectors. To address this challenge, we introduce the concept of <em>network-level security provenance</em>, which enables the systematic establishment of causal relationships across hosts at the network level, facilitating the accurate identification of the root causes of security incidents. Building on this concept, we present <span>SecTracer</span> as a framework for a network-wide provenance analysis. <span>SecTracer</span> offers three main contributions: (i) comprehensive and efficient forensic data collection in enterprise networks via software-defined networking (SDN), (ii) reconstruction of attack histories through provenance graphs to provide a clear and interpretable view of intrusions, and (iii) proactive attack prediction using probabilistic models. We evaluated the effectiveness and efficiency of <span>SecTracer</span> through a real-world APT simulation, demonstrating its capability to enhance threat mitigation while introducing less than 1 % network throughput overhead and negligible latency impact.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"161 ","pages":"Article 104760"},"PeriodicalIF":5.4,"publicationDate":"2025-11-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145624648","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Certification as a compensation mechanism for weak regulation? Exploring the diffusion of the international standard ISO/IEC 27001 for information security management 认证作为监管不力的补偿机制？探讨资讯安全管理的国际标准ISO/IEC 27001的推广

IF 5.4 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2025-11-16 DOI: 10.1016/j.cose.2025.104774

Mona Mirtsch , Jakob Pohlisch , Knut Blind

Safeguarding information security has become a key managerial responsibility. The standard “Information security, cybersecurity and privacy protection - Information security management systems - Requirements” (ISO/IEC 27001) specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS). It provides a systematic approach to managing sensitive information, ensuring its confidentiality, integrity, and availability through risk management and security controls. While the number of valid certifications has grown significantly over time, adoption rates vary widely across countries. Drawing on signaling theory, we present the first comprehensive global study of ISO/IEC 27001 diffusion, with a particular focus on the influence of regulatory frameworks and international trade. Based on regression analyses covering 128 countries having implemented ISO/IEC 27001 between 2006 and 2017, our findings suggest that organizations may use ISO/IEC 27001 certification as a signaling mechanism, especially in environments with less stringent regulatory frameworks.

保障信息安全已成为一项重要的管理责任。标准“信息安全、网络安全和隐私保护——信息安全管理体系——要求”（ISO/IEC 27001）规定了建立、实施、维护和持续改进信息安全管理体系（ISMS）的要求。它提供了一种系统的方法来管理敏感信息，通过风险管理和安全控制确保其机密性、完整性和可用性。虽然随着时间的推移，有效认证的数量显著增加，但各国的采用率差异很大。利用信号理论，我们提出了ISO/IEC 27001扩散的第一个全面的全球研究，特别关注监管框架和国际贸易的影响。基于对2006年至2017年间实施ISO/IEC 27001的128个国家的回归分析，我们的研究结果表明，组织可能会将ISO/IEC 27001认证作为一种信号机制，特别是在监管框架不太严格的环境中。

{"title":"Certification as a compensation mechanism for weak regulation? Exploring the diffusion of the international standard ISO/IEC 27001 for information security management","authors":"Mona Mirtsch , Jakob Pohlisch , Knut Blind","doi":"10.1016/j.cose.2025.104774","DOIUrl":"10.1016/j.cose.2025.104774","url":null,"abstract":"<div><div>Safeguarding information security has become a key managerial responsibility. The standard “Information security, cybersecurity and privacy protection - Information security management systems - Requirements” (ISO/IEC 27001) specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS). It provides a systematic approach to managing sensitive information, ensuring its confidentiality, integrity, and availability through risk management and security controls. While the number of valid certifications has grown significantly over time, adoption rates vary widely across countries. Drawing on signaling theory, we present the first comprehensive global study of ISO/IEC 27001 diffusion, with a particular focus on the influence of regulatory frameworks and international trade. Based on regression analyses covering 128 countries having implemented ISO/IEC 27001 between 2006 and 2017, our findings suggest that organizations may use ISO/IEC 27001 certification as a signaling mechanism, especially in environments with less stringent regulatory frameworks.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"162 ","pages":"Article 104774"},"PeriodicalIF":5.4,"publicationDate":"2025-11-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145685327","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Integration of emerging technologies in cybersecurity for healthcare: A systematic review 医疗网络安全新兴技术的整合：系统综述

IF 5.4 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2025-11-15 DOI: 10.1016/j.cose.2025.104763

Dwibik Patra, Narendran Rajagopalan

The integration of Internet of Medical Things (IoMT) devices into healthcare has enhanced clinical services but also widened the attack surface, exposing systems to ransomware, data exfiltration, and protocol spoofing. Conventional security mechanisms often fall short in addressing such diverse and evolving threats. This review examines the role of hybrid approaches that combine machine learning (ML) and deep learning (DL) models with metaheuristic optimization techniques in strengthening healthcare cybersecurity. Techniques such as Genetic Algorithms, Particle Swarm Optimization, and Ant Colony Optimization are assessed for their capacity to fine-tune learning models, improve detection accuracy, and enhance adaptability against complex attack patterns. Evidence from recent studies demonstrates that these hybrid solutions achieve higher resilience and better handling of imbalanced or dynamic datasets compared with traditional methods. However, challenges persist in achieving interpretability, ensuring real-time processing, and maintaining compliance with regulatory frameworks, including HIPAA and GDPR. The review highlights how explainable AI methods such as SHAP and LIME, alongside multi-objective optimization frameworks such as NSGA-II, contribute to balancing accuracy, latency, and privacy requirements. Applications discussed include intrusion detection in hospital networks, protection of IoMT infrastructures, and safeguarding of electronic health records. The paper concludes by identifying open research challenges and proposing a roadmap for developing lightweight, interpretable, and regulation-aware AI solutions tailored to the specific needs of healthcare cybersecurity.

医疗物联网（IoMT）设备与医疗保健的集成增强了临床服务，但也扩大了攻击面，使系统暴露于勒索软件、数据泄露和协议欺骗之下。传统的安全机制在应对这些多样化和不断演变的威胁方面往往存在不足。本文综述了结合机器学习（ML）和深度学习（DL）模型与元启发式优化技术的混合方法在加强医疗保健网络安全中的作用。遗传算法、粒子群优化和蚁群优化等技术被评估为微调学习模型、提高检测准确性和增强对复杂攻击模式的适应性的能力。最近的研究表明，与传统方法相比，这些混合解决方案具有更高的弹性和更好的处理不平衡或动态数据集的能力。然而，在实现可解释性、确保实时处理和维护法规框架（包括HIPAA和GDPR）的合规性方面仍然存在挑战。该综述强调了可解释的AI方法（如SHAP和LIME）以及多目标优化框架（如NSGA-II）如何有助于平衡准确性、延迟和隐私要求。讨论的应用包括医院网络中的入侵检测、IoMT基础设施的保护以及电子健康记录的保护。本文最后确定了开放的研究挑战，并提出了针对医疗保健网络安全的特定需求开发轻量级、可解释和监管意识的人工智能解决方案的路线图。

{"title":"Integration of emerging technologies in cybersecurity for healthcare: A systematic review","authors":"Dwibik Patra, Narendran Rajagopalan","doi":"10.1016/j.cose.2025.104763","DOIUrl":"10.1016/j.cose.2025.104763","url":null,"abstract":"<div><div>The integration of Internet of Medical Things (IoMT) devices into healthcare has enhanced clinical services but also widened the attack surface, exposing systems to ransomware, data exfiltration, and protocol spoofing. Conventional security mechanisms often fall short in addressing such diverse and evolving threats. This review examines the role of hybrid approaches that combine machine learning (ML) and deep learning (DL) models with metaheuristic optimization techniques in strengthening healthcare cybersecurity. Techniques such as Genetic Algorithms, Particle Swarm Optimization, and Ant Colony Optimization are assessed for their capacity to fine-tune learning models, improve detection accuracy, and enhance adaptability against complex attack patterns. Evidence from recent studies demonstrates that these hybrid solutions achieve higher resilience and better handling of imbalanced or dynamic datasets compared with traditional methods. However, challenges persist in achieving interpretability, ensuring real-time processing, and maintaining compliance with regulatory frameworks, including HIPAA and GDPR. The review highlights how explainable AI methods such as SHAP and LIME, alongside multi-objective optimization frameworks such as NSGA-II, contribute to balancing accuracy, latency, and privacy requirements. Applications discussed include intrusion detection in hospital networks, protection of IoMT infrastructures, and safeguarding of electronic health records. The paper concludes by identifying open research challenges and proposing a roadmap for developing lightweight, interpretable, and regulation-aware AI solutions tailored to the specific needs of healthcare cybersecurity.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"161 ","pages":"Article 104763"},"PeriodicalIF":5.4,"publicationDate":"2025-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145624653","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

ICloud: An intrusion detection and dynamic defense mechanism for cloud environments ICloud：针对云环境的入侵检测和动态防御机制

IF 5.4 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2025-11-15 DOI: 10.1016/j.cose.2025.104755

Yuxiang Ma, Tao Chen, Jiaqi Lin, Ying Cao

With the development of artificial intelligence (AI), cloud environments are becoming increasingly important. However, cloud environment networks are at risk of various network attacks. Therefore, it is crucial to detect abnormal traffic in cloud environment networks. With the continuous development of network technology, the diversity of cloud environment network traffic continues to increase (intra-class diversity), and the boundary between malicious and benign behaviors becomes more blurred (inter-class similarity), leading to false detection. At the same time, most game theory defense deception methods for cloud environment networks assume that the attacker and defender maintain consistent views under uncertainty. In fact, the attacker and defender have different views on the same game. To address the above issues, we propose an intrusion detection and dynamic defense mechanism for cloud environments. To address the challenges brought by intra-class diversity and inter-class similarity, we propose an intrusion detection system (IDS) based on contrastive learning, which can make correct decisions when classifying samples of different categories. To identify traffic more accurately, this paper proposes an improved lightweight ResNet-34 model (IResNet34). To address the challenge that the attacker and defender have different views on the same game, we propose a hypergame model involving multiple attackers and defenders. The attacker cannot obtain complete game information through defensive deception technology, resulting in attack failure. In addition, we propose an adaptive defense strategy selection method based on machine learning, which automatically selects the best defense strategy based on the game record. The output of dynamic defense will be fed back to the intrusion detection module to reduce the false alarm rate. Finally, experiments verified that the method based on contrastive learning proposed in this paper can achieve high detection accuracy in the real world and benchmark datasets, and the dynamic defense method can effectively reduce the false positive rate (FPR) of IDS.

随着人工智能（AI）的发展，云环境变得越来越重要。然而，云环境网络面临着各种网络攻击的风险。因此，检测云环境网络中的异常流量至关重要。随着网络技术的不断发展，云环境网络流量的多样性不断增加（类内多样性），恶意与良性行为的界限越来越模糊（类间相似性），导致误检。同时，大多数针对云环境网络的博弈论防御欺骗方法都假设攻击者和防御者在不确定性下保持一致的观点。事实上，攻击者和防守者对同一场比赛有着不同的看法。针对上述问题，提出了一种云环境下的入侵检测与动态防御机制。针对类内多样性和类间相似性带来的挑战，提出了一种基于对比学习的入侵检测系统（IDS），该系统在分类不同类别的样本时能够做出正确的决策。为了更准确地识别流量，本文提出了一种改进的轻量级ResNet-34模型（IResNet34）。为了解决攻击者和防御者对同一博弈有不同看法的挑战，我们提出了一个涉及多个攻击者和防御者的超博弈模型。攻击者无法通过防御欺骗技术获取完整的博弈信息，导致攻击失败。此外，我们提出了一种基于机器学习的自适应防御策略选择方法，该方法根据比赛记录自动选择最佳防御策略。动态防御的输出将反馈给入侵检测模块，以降低误报率。最后，实验验证了本文提出的基于对比学习的方法在真实世界和基准数据集上都能达到较高的检测精度，动态防御方法能有效降低入侵检测的误报率（FPR）。

{"title":"ICloud: An intrusion detection and dynamic defense mechanism for cloud environments","authors":"Yuxiang Ma, Tao Chen, Jiaqi Lin, Ying Cao","doi":"10.1016/j.cose.2025.104755","DOIUrl":"10.1016/j.cose.2025.104755","url":null,"abstract":"<div><div>With the development of artificial intelligence (AI), cloud environments are becoming increasingly important. However, cloud environment networks are at risk of various network attacks. Therefore, it is crucial to detect abnormal traffic in cloud environment networks. With the continuous development of network technology, the diversity of cloud environment network traffic continues to increase (intra-class diversity), and the boundary between malicious and benign behaviors becomes more blurred (inter-class similarity), leading to false detection. At the same time, most game theory defense deception methods for cloud environment networks assume that the attacker and defender maintain consistent views under uncertainty. In fact, the attacker and defender have different views on the same game. To address the above issues, we propose an intrusion detection and dynamic defense mechanism for cloud environments. To address the challenges brought by intra-class diversity and inter-class similarity, we propose an intrusion detection system (IDS) based on contrastive learning, which can make correct decisions when classifying samples of different categories. To identify traffic more accurately, this paper proposes an improved lightweight ResNet-34 model (IResNet34). To address the challenge that the attacker and defender have different views on the same game, we propose a hypergame model involving multiple attackers and defenders. The attacker cannot obtain complete game information through defensive deception technology, resulting in attack failure. In addition, we propose an adaptive defense strategy selection method based on machine learning, which automatically selects the best defense strategy based on the game record. The output of dynamic defense will be fed back to the intrusion detection module to reduce the false alarm rate. Finally, experiments verified that the method based on contrastive learning proposed in this paper can achieve high detection accuracy in the real world and benchmark datasets, and the dynamic defense method can effectively reduce the false positive rate (FPR) of IDS.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"161 ","pages":"Article 104755"},"PeriodicalIF":5.4,"publicationDate":"2025-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145624651","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Cost observability as a security control in multi-cloud environments based on SOC 2 security standard 基于SOC 2安全标准的多云环境下的成本可观察性安全控制

IF 5.4 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2025-11-14 DOI: 10.1016/j.cose.2025.104771

Yevhenii Martseniuk, Andrii Partyka, Ivan Opirskyy, Oleh Harasymchuk

The problem of ensuring cost transparency and proactive budget control in multi-cloud environments is becoming increasingly relevant for modern IT infrastructures. As organizations scale their use of heterogeneous cloud services, they face challenges related to fragmented billing systems, inconsistent cost metrics, and delayed anomaly detection. This study frames cost observability not merely as a financial function, but as an integral component of the organization’s security posture, aligned with the SOC 2 framework. The novelty of this research lies in the integration of cost monitoring tools — specifically Splunk, Cherwell, and JSON-based cloud Application Programming Interfaces (APIs) — with operational and security processes, enabling real-time detection of budget deviations, automated incident escalation, and cost-based policy enforcement. This study presents a proposed future architecture that implements a unified cost observability layer across heterogeneous billing systems in multi-cloud environments. The architecture transforms provider-specific formats — including AWS Cost Explorer JSON exports, Azure Cost Management APIs, and GCP Billing BigQuery exports — into standardized cost events. These normalized streams create a single temporal view of expenditures against unified budget thresholds, while generating consolidated financial telemetry that enables cross-provider anomaly detection and correlation. By reframing cost data as actionable observability signals, the approach advances beyond fragmented dashboards toward a centralized, audit-ready control layer that supports compliance, incident response, and financial governance. The system further incorporates role-based access logic, escalation thresholds, and forecasting models, creating a cost governance layer with direct implications for FinOps, DevSecOps, and compliance teams.

在多云环境中确保成本透明度和主动预算控制的问题与现代IT基础设施的关系越来越密切。随着组织扩展其异构云服务的使用，他们面临着与分散的计费系统、不一致的成本指标和延迟的异常检测相关的挑战。本研究不仅将成本可观察性作为财务功能，而且将其作为组织安全态势的一个组成部分，与SOC 2框架保持一致。这项研究的新颖之处在于将成本监控工具（特别是Splunk、Cherwell和基于json的云应用程序编程接口（api））与运营和安全流程集成在一起，从而能够实时检测预算偏差、自动事件升级和基于成本的策略执行。本研究提出了一种未来架构，该架构在多云环境中跨异构计费系统实现统一的成本可观察层。该架构将特定于提供商的格式（包括AWS成本资源管理器JSON导出、Azure成本管理api和GCP Billing BigQuery导出）转换为标准化的成本事件。这些规范化流创建了针对统一预算阈值的单一时间支出视图，同时生成统一的财务遥测，支持跨提供商异常检测和关联。通过将成本数据重新构建为可操作的可观察性信号，该方法从分散的仪表板发展到支持合规性、事件响应和财务治理的集中的、审计就绪的控制层。该系统进一步整合了基于角色的访问逻辑、升级阈值和预测模型，创建了一个成本治理层，对FinOps、DevSecOps和合规团队有直接影响。

{"title":"Cost observability as a security control in multi-cloud environments based on SOC 2 security standard","authors":"Yevhenii Martseniuk, Andrii Partyka, Ivan Opirskyy, Oleh Harasymchuk","doi":"10.1016/j.cose.2025.104771","DOIUrl":"10.1016/j.cose.2025.104771","url":null,"abstract":"<div><div>The problem of ensuring cost transparency and proactive budget control in multi-cloud environments is becoming increasingly relevant for modern IT infrastructures. As organizations scale their use of heterogeneous cloud services, they face challenges related to fragmented billing systems, inconsistent cost metrics, and delayed anomaly detection. This study frames cost observability not merely as a financial function, but as an integral component of the organization’s security posture, aligned with the SOC 2 framework. The novelty of this research lies in the integration of cost monitoring tools — specifically Splunk, Cherwell, and JSON-based cloud Application Programming Interfaces (APIs) — with operational and security processes, enabling real-time detection of budget deviations, automated incident escalation, and cost-based policy enforcement. This study presents a proposed future architecture that implements a unified cost observability layer across heterogeneous billing systems in multi-cloud environments. The architecture transforms provider-specific formats — including AWS Cost Explorer JSON exports, Azure Cost Management APIs, and GCP Billing BigQuery exports — into standardized cost events. These normalized streams create a single temporal view of expenditures against unified budget thresholds, while generating consolidated financial telemetry that enables cross-provider anomaly detection and correlation. By reframing cost data as actionable observability signals, the approach advances beyond fragmented dashboards toward a centralized, audit-ready control layer that supports compliance, incident response, and financial governance. The system further incorporates role-based access logic, escalation thresholds, and forecasting models, creating a cost governance layer with direct implications for FinOps, DevSecOps, and compliance teams.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"161 ","pages":"Article 104771"},"PeriodicalIF":5.4,"publicationDate":"2025-11-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145579993","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

RTFuzz: Fuzzing browsers via efficient render tree mutation RTFuzz：通过有效的渲染树变异来模糊浏览器

IF 5.4 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2025-11-14 DOI: 10.1016/j.cose.2025.104756

Yishun Zeng, Yue Wu, Xicheng Lu, Chao Zhang

The rendering engine is a cornerstone of modern web browsers, responsible for transforming heterogeneous inputs-HTML, CSS, and JavaScript-into visual page content. This complex process involves constructing and updating the render tree, which governs layout and painting, but also introduces subtle defects that manifest as robustness and security challenges. Existing browser fuzzers largely fall short in thoroughly testing the rendering engine due to two fundamental challenges: (i) the vast, multidimensional input space makes efficient exploration difficult; (ii) the periodic, incremental rendering model of modern rendering engines merges multiple updates of the render tree within each rendering cycle, reducing activation of deep pipeline logic such as layout and painting. In this paper, we aim to enhance the testing depth of the rendering pipeline-rather than simply increasing code coverage-by focusing on updating the render tree, the central data structure linking frontend inputs to backend layout and painting modules. Our approach incorporates (i) correlation-based pruning strategies for HTML elements and CSS properties to prioritize high-yield input combinations, and (ii) a time-sliced testing scheme that intentionally distributes mutations across multiple rendering cycles within a single test case, thereby increasing the trigger frequency of backend rendering modules. We implement a prototype, RTFuzz, and evaluate it extensively. Compared to state-of-the-art fuzzers Domato, FreeDom, and Minerva, RTFuzz helps uncover 43.1 %, 28.7 %, and 75.7 % more unique crashes, 83.3 % of which occur in the rendering pipeline, and further identified 20 real-world defects during long-running experiments. Ablation studies confirm that correlation-based pruning increases unique crashes by 79.2 %, and the time-sliced scheme contributes a 16.2 % improvement.

渲染引擎是现代web浏览器的基石，负责将异构输入（html、CSS和javascript）转换为可视化页面内容。这个复杂的过程包括构造和更新渲染树，它管理布局和绘制，但也引入了一些微妙的缺陷，表现为健壮性和安全性挑战。现有的浏览器模糊测试工具在对渲染引擎进行彻底测试方面存在两个基本挑战：(1)巨大的多维输入空间使得有效的探索变得困难；（ii）现代渲染引擎的周期性增量渲染模型在每个渲染周期内合并了渲染树的多次更新，减少了深层管道逻辑（如布局和绘画）的激活。在本文中，我们的目标是增强渲染管道的测试深度-而不是简单地增加代码覆盖率-通过专注于更新渲染树，连接前端输入到后端布局和绘画模块的中心数据结构。我们的方法包含(i)基于相关性的HTML元素和CSS属性修剪策略，以优先考虑高产输入组合，以及（ii）时间切片测试方案，在单个测试用例中故意将突变分布在多个呈现周期中，从而增加后端呈现模块的触发频率。我们实现了一个原型RTFuzz，并对其进行了广泛的评估。与最先进的fuzzers Domato， FreeDom和Minerva相比，RTFuzz帮助发现43.1%，28.7%和75.7%的独特崩溃，其中83.3%发生在渲染管道中，并在长期运行的实验中进一步确定了20个现实世界的缺陷。消融研究证实，基于相关性的剪枝使唯一崩溃增加了79.2%，而时间切片方案贡献了16.2%的改进。

{"title":"RTFuzz: Fuzzing browsers via efficient render tree mutation","authors":"Yishun Zeng, Yue Wu, Xicheng Lu, Chao Zhang","doi":"10.1016/j.cose.2025.104756","DOIUrl":"10.1016/j.cose.2025.104756","url":null,"abstract":"<div><div>The rendering engine is a cornerstone of modern web browsers, responsible for transforming heterogeneous inputs-HTML, CSS, and JavaScript-into visual page content. This complex process involves constructing and updating the render tree, which governs layout and painting, but also introduces subtle defects that manifest as robustness and security challenges. Existing browser fuzzers largely fall short in thoroughly testing the rendering engine due to two fundamental challenges: (i) the vast, multidimensional input space makes efficient exploration difficult; (ii) the periodic, incremental rendering model of modern rendering engines merges multiple updates of the render tree within each rendering cycle, reducing activation of deep pipeline logic such as layout and painting. In this paper, we aim to enhance the testing depth of the rendering pipeline-rather than simply increasing code coverage-by focusing on updating the render tree, the central data structure linking frontend inputs to backend layout and painting modules. Our approach incorporates (i) correlation-based pruning strategies for HTML elements and CSS properties to prioritize high-yield input combinations, and (ii) a time-sliced testing scheme that intentionally distributes mutations across multiple rendering cycles within a single test case, thereby increasing the trigger frequency of backend rendering modules. We implement a prototype, RTFuzz, and evaluate it extensively. Compared to state-of-the-art fuzzers Domato, FreeDom, and Minerva, RTFuzz helps uncover 43.1 %, 28.7 %, and 75.7 % more unique crashes, 83.3 % of which occur in the rendering pipeline, and further identified 20 real-world defects during long-running experiments. Ablation studies confirm that correlation-based pruning increases unique crashes by 79.2 %, and the time-sliced scheme contributes a 16.2 % improvement.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"161 ","pages":"Article 104756"},"PeriodicalIF":5.4,"publicationDate":"2025-11-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145624649","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Developing ethical principle awareness and reasoning in a cybersecurity context: Enhancing user understanding using ripple down rules 在网络安全环境中发展道德原则意识和推理：使用涟漪规则增强用户理解

IF 5.4 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2025-11-13 DOI: 10.1016/j.cose.2025.104761

Amal Abdulrahman , Deborah Richards , Ayse Aysin Bilgin , Paul Formosa

Cybersecurity breaches are often attributed to human behaviour, where individuals fail to integrate ethical principles in their decision-making. This empirical study investigates the effectiveness of the Ripple Down Rules (RDR) method, a knowledge acquisition and representation method, in enhancing ethical awareness and reasoning in cybersecurity contexts. The proposed approach combines rule-based reasoning, case-based learning, reflection, and situated cognition to bridge the gap between ethical knowledge and action by systematically connecting scenario elements to ethical principles. Participants, recruited from a cohort of first-year psychology students, were exposed to training incorporating five ethical principles—Beneficence, Non-Maleficence, Justice, Autonomy, and Explicability—applied to realistic cybersecurity scenarios. The study employed a randomised controlled design with two treatment and one control groups, using pre- and post-study assessments to evaluate improvements in ethical principle identification and reasoning. Participants rated RDR as a clear and helpful tool for understanding ethical reasoning, with sensibility and helpfulness scores ranging from moderate to high. Results demonstrate that RDR training significantly improved participants' ability to identify ethical principles compared to learning without RDR, particularly for principles like autonomy and explicability. However, challenges persisted in distinguishing overlapping principles, such as beneficence and non-maleficence. Implications and guidance for use of RDR for ethics training are discussed.

网络安全漏洞通常被归咎于人类行为，即个人未能将道德原则纳入决策。本实证研究探讨了涟漪规则（RDR）方法（一种知识获取和表示方法）在增强网络安全背景下的道德意识和推理方面的有效性。该方法结合了基于规则的推理、基于案例的学习、反思和情境认知，通过系统地将情景元素与伦理原则联系起来，弥合了伦理知识与行动之间的差距。参与者是从一群一年级心理学学生中招募的，他们接受了五项道德原则的培训，这五项道德原则是“善”、“无害”、“公正”、“自主”和“可解释性”，这些原则应用于现实的网络安全场景。该研究采用随机对照设计，有两个治疗组和一个对照组，使用研究前和研究后评估来评估伦理原则识别和推理的改进。参与者认为RDR是理解道德推理的一个清晰而有用的工具，其敏感性和帮助性得分从中等到高不等。结果表明，与没有进行RDR的学习相比，RDR训练显著提高了参与者识别道德原则的能力，特别是在自主性和可解释性等原则方面。然而，在区分重叠原则（如行善和无害）方面仍然存在挑战。讨论了在道德培训中使用RDR的含义和指导。

{"title":"Developing ethical principle awareness and reasoning in a cybersecurity context: Enhancing user understanding using ripple down rules","authors":"Amal Abdulrahman , Deborah Richards , Ayse Aysin Bilgin , Paul Formosa","doi":"10.1016/j.cose.2025.104761","DOIUrl":"10.1016/j.cose.2025.104761","url":null,"abstract":"<div><div>Cybersecurity breaches are often attributed to human behaviour, where individuals fail to integrate ethical principles in their decision-making. This empirical study investigates the effectiveness of the Ripple Down Rules (RDR) method, a knowledge acquisition and representation method, in enhancing ethical awareness and reasoning in cybersecurity contexts. The proposed approach combines rule-based reasoning, case-based learning, reflection, and situated cognition to bridge the gap between ethical knowledge and action by systematically connecting scenario elements to ethical principles. Participants, recruited from a cohort of first-year psychology students, were exposed to training incorporating five ethical principles—Beneficence, Non-Maleficence, Justice, Autonomy, and Explicability—applied to realistic cybersecurity scenarios. The study employed a randomised controlled design with two treatment and one control groups, using pre- and post-study assessments to evaluate improvements in ethical principle identification and reasoning. Participants rated RDR as a clear and helpful tool for understanding ethical reasoning, with sensibility and helpfulness scores ranging from moderate to high. Results demonstrate that RDR training significantly improved participants' ability to identify ethical principles compared to learning without RDR, particularly for principles like autonomy and explicability. However, challenges persisted in distinguishing overlapping principles, such as beneficence and non-maleficence. Implications and guidance for use of RDR for ethics training are discussed.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"161 ","pages":"Article 104761"},"PeriodicalIF":5.4,"publicationDate":"2025-11-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145579997","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0