Pub Date : 2024-12-19DOI: 10.1016/j.cose.2024.104279
Ruowei Gui , Xiaolin Gui , Xingjun Zhang
Location-Based Services (LBS) already provides technical support for advertising, bus scheduling, and personnel tracking. However, the trajectory data published in LBS contains some sensitive semantic information related users in some locations. Through mining these data, sensitive personal information can be disclosed, such as user’s living habits, interests, daily activities, social relations, and health condition. It is a challenge to provide users with high-quality LBS while protecting user privacy. In order to address the disadvantages of current trajectory privacy protection methods, we propose a method of trajectory privacy protection with the replacement of points of interest () based on hotspot clustering. Firstly, user stay points are extracted based on the speed threshold using a sliding time window, user stay areas are merged by the distance threshold based on user stay points, and user hotspot regions are extracted from all user stay areas using . Then, according to the semantic and distance features of the in the hotspot regions, the sensitive regions meeting the user’s privacy needs are constructed, and the are replaced in the sensitive regions according to the privacy budgets. Finally, some locations in the sensitive regions are reconstructed to minimize the trajectory change. The experimental results show that our method can improve the usability of protected trajectories about 13.8% to 16.5% compared to the differential privacy method under the same level of privacy protection.
{"title":"A trajectory privacy protection method based on the replacement of points of interest in hotspot regions","authors":"Ruowei Gui , Xiaolin Gui , Xingjun Zhang","doi":"10.1016/j.cose.2024.104279","DOIUrl":"10.1016/j.cose.2024.104279","url":null,"abstract":"<div><div>Location-Based Services (LBS) already provides technical support for advertising, bus scheduling, and personnel tracking. However, the trajectory data published in LBS contains some sensitive semantic information related users in some locations. Through mining these data, sensitive personal information can be disclosed, such as user’s living habits, interests, daily activities, social relations, and health condition. It is a challenge to provide users with high-quality LBS while protecting user privacy. In order to address the disadvantages of current trajectory privacy protection methods, we propose a method of trajectory privacy protection with the replacement of points of interest (<span><math><mrow><mi>P</mi><mi>O</mi><mi>I</mi><mi>s</mi></mrow></math></span>) based on hotspot clustering. Firstly, user stay points are extracted based on the speed threshold using a sliding time window, user stay areas are merged by the distance threshold based on user stay points, and user hotspot regions are extracted from all user stay areas using <span><math><mrow><mi>D</mi><mi>B</mi><mi>S</mi><mi>C</mi><mi>A</mi><mi>N</mi></mrow></math></span>. Then, according to the semantic and distance features of the <span><math><mrow><mi>P</mi><mi>O</mi><mi>I</mi><mi>s</mi></mrow></math></span> in the hotspot regions, the sensitive regions meeting the user’s privacy needs are constructed, and the <span><math><mrow><mi>P</mi><mi>O</mi><mi>I</mi><mi>s</mi></mrow></math></span> are replaced in the sensitive regions according to the privacy budgets. Finally, some locations in the sensitive regions are reconstructed to minimize the trajectory change. The experimental results show that our method can improve the usability of protected trajectories about 13.8% to 16.5% compared to the differential privacy method under the same level of privacy protection.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"150 ","pages":"Article 104279"},"PeriodicalIF":4.8,"publicationDate":"2024-12-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143142808","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This study, grounded in psychological model theory, investigated the influence of psychological models on cybersecurity awareness. To achieve this, two online experiments were conducted with college students. Experiment 1 examined the impact of various questioning methods on cybersecurity awareness within different problem situations among 479 college students. Experiment 2 explored the interplay of cognitive needs and graphic representations in shaping cybersecurity awareness among 468 college students. Our findings revealed that both problem situations and questioning methods significantly affect cybersecurity awareness. Notably, in criminal scenarios, a four-step questioning approach demonstrated the most pronounced positive impact on cybersecurity awareness. Additionally, an interaction effect was observed between cognitive needs and graphic representations on cybersecurity awareness. Specifically, graphic representations were more effective in promoting cybersecurity awareness among individuals with high cognitive needs. These results underscore the importance of questioning methods and cognitive needs in mediating the impact of psychological models on cybersecurity awareness, while also highlighting the conditional influence of graphic representations.
{"title":"How do mental models affect cybersecurity awareness? The roles of questioning styles, need for cognition, and graphical representations","authors":"Yuntian Xie, Ting Lei, Zimo Li, Yujing Yang, Chunyin Chen, Yuanyuan Long","doi":"10.1016/j.cose.2024.104292","DOIUrl":"10.1016/j.cose.2024.104292","url":null,"abstract":"<div><div>This study, grounded in psychological model theory, investigated the influence of psychological models on cybersecurity awareness. To achieve this, two online experiments were conducted with college students. Experiment 1 examined the impact of various questioning methods on cybersecurity awareness within different problem situations among 479 college students. Experiment 2 explored the interplay of cognitive needs and graphic representations in shaping cybersecurity awareness among 468 college students. Our findings revealed that both problem situations and questioning methods significantly affect cybersecurity awareness. Notably, in criminal scenarios, a four-step questioning approach demonstrated the most pronounced positive impact on cybersecurity awareness. Additionally, an interaction effect was observed between cognitive needs and graphic representations on cybersecurity awareness. Specifically, graphic representations were more effective in promoting cybersecurity awareness among individuals with high cognitive needs. These results underscore the importance of questioning methods and cognitive needs in mediating the impact of psychological models on cybersecurity awareness, while also highlighting the conditional influence of graphic representations.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"150 ","pages":"Article 104292"},"PeriodicalIF":4.8,"publicationDate":"2024-12-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143142806","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-12-19DOI: 10.1016/j.cose.2024.104285
Dutliff Boshoff, Gerhard P. Hancke
The increase in personal devices, the amount of private and sensitive information these devices store/process, and the importance of this information have introduced vital security requirements for user authentication to facilitate data access and collection. Continuous Biometric Authentication is a set of techniques developed to monitor a person's biometrics continuously and ensures transparent/implicit authentication. These protocols could mitigate the security and usability limitations of one-time authentication mechanisms in personal computers and mobile devices. As a result, the popularity of continuous authentication technologies in research has drastically increased, leading to a multitude of different biometric data sampling techniques. These techniques include physiological versus behavioural systems or unimodal versus multimodal authenticators. This paper compares the various data sampling approaches by examining 80 recent state-of-the-art papers and outlining their respective advantages and disadvantages. Firstly, the paper introduces the proposed Continuous Biometric framework, including a diagram detailing its specifics and the rationale for focusing on biometric data sampling. It then explains the system architecture and how our framework integrates with it. Following which, the framework compares the surveyed papers across several popular authentication metrics. Lastly, the paper discusses the challenges that need to be addressed for the widespread adoption of this technology in everyday commercial use.
{"title":"A classifications framework for continuous biometric authentication (2018–2024)","authors":"Dutliff Boshoff, Gerhard P. Hancke","doi":"10.1016/j.cose.2024.104285","DOIUrl":"10.1016/j.cose.2024.104285","url":null,"abstract":"<div><div>The increase in personal devices, the amount of private and sensitive information these devices store/process, and the importance of this information have introduced vital security requirements for user authentication to facilitate data access and collection. Continuous Biometric Authentication is a set of techniques developed to monitor a person's biometrics continuously and ensures transparent/implicit authentication. These protocols could mitigate the security and usability limitations of one-time authentication mechanisms in personal computers and mobile devices. As a result, the popularity of continuous authentication technologies in research has drastically increased, leading to a multitude of different biometric data sampling techniques. These techniques include physiological versus behavioural systems or unimodal versus multimodal authenticators. This paper compares the various data sampling approaches by examining 80 recent state-of-the-art papers and outlining their respective advantages and disadvantages. Firstly, the paper introduces the proposed Continuous Biometric framework, including a diagram detailing its specifics and the rationale for focusing on biometric data sampling. It then explains the system architecture and how our framework integrates with it. Following which, the framework compares the surveyed papers across several popular authentication metrics. Lastly, the paper discusses the challenges that need to be addressed for the widespread adoption of this technology in everyday commercial use.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"150 ","pages":"Article 104285"},"PeriodicalIF":4.8,"publicationDate":"2024-12-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143142803","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-12-19DOI: 10.1016/j.cose.2024.104283
Shi-Jie Xu , Kai-Chuan Kong , Xiao-Bo Jin , Guang-Gang Geng
Encryption technology ensures secure transmission for internet communications but poses significant challenges for effective encrypted traffic classification, which categorizes traffic into distinct groups, facilitating the process of monitoring network activities to uncover patterns and extract valuable information applicable in areas such as network management and anomaly detection. To this end, machine learning has emerged as a powerful technology for conducting encrypted traffic classification without compromising user data privacy. Machine learning-based classification demonstrates remarkable capabilities in processing vast amounts of data through sophisticated handcrafted features, with traffic path signature features representing the cutting edge of this field. This method shows stable performance improvements for common encrypted traffic types using only packet length information. However, it also yields a high dimensionality of path signature features, complicating the training of lightweight models and hindering further innovation due to a lack of model explainability. In this paper, we first propose leveraging feature selection to conduct feature dimensionality reduction, and then try to focus on the explanation of the model from both global and local perspectives. Performance comparisons indicate that our proposed method significantly reduces the number of path signature features while preserving classification performance, which enhances computational efficiency and meets the demand for lightweight models in various application scenarios. Furthermore, this significant reduction in the feature dimensionality allows for the interpretability of the model, which gives the user a clear understanding of the modeling decision-making process.
{"title":"Unveiling traffic paths: Explainable path signature feature-based encrypted traffic classification","authors":"Shi-Jie Xu , Kai-Chuan Kong , Xiao-Bo Jin , Guang-Gang Geng","doi":"10.1016/j.cose.2024.104283","DOIUrl":"10.1016/j.cose.2024.104283","url":null,"abstract":"<div><div>Encryption technology ensures secure transmission for internet communications but poses significant challenges for effective encrypted traffic classification, which categorizes traffic into distinct groups, facilitating the process of monitoring network activities to uncover patterns and extract valuable information applicable in areas such as network management and anomaly detection. To this end, machine learning has emerged as a powerful technology for conducting encrypted traffic classification without compromising user data privacy. Machine learning-based classification demonstrates remarkable capabilities in processing vast amounts of data through sophisticated handcrafted features, with traffic path signature features representing the cutting edge of this field. This method shows stable performance improvements for common encrypted traffic types using only packet length information. However, it also yields a high dimensionality of path signature features, complicating the training of lightweight models and hindering further innovation due to a lack of model explainability. In this paper, we first propose leveraging feature selection to conduct feature dimensionality reduction, and then try to focus on the explanation of the model from both global and local perspectives. Performance comparisons indicate that our proposed method significantly reduces the number of path signature features while preserving classification performance, which enhances computational efficiency and meets the demand for lightweight models in various application scenarios. Furthermore, this significant reduction in the feature dimensionality allows for the interpretability of the model, which gives the user a clear understanding of the modeling decision-making process.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"150 ","pages":"Article 104283"},"PeriodicalIF":4.8,"publicationDate":"2024-12-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143142801","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-12-19DOI: 10.1016/j.cose.2024.104282
Andrea Cimmino, Juan Cano-Benito, Raúl García-Castro
From centralised platforms to decentralised ecosystems, like Data Spaces, sharing data has become a paramount challenge. For this reason, the definition of data usage policies has become crucial in these domains, highlighting the necessity of effective policy enforcement mechanisms. The Open Digital Rights Language (ODRL) is a W3C standard ontology designed to describe data usage policies, however, it lacks built-in enforcement capabilities, limiting its practical application. This paper introduces the Open Digital Rights Enforcement (ODRE) framework, whose goal is to provide ODRL with enforcement capabilities. The ODRE framework proposes a novel approach to express ODRL policies that integrates the descriptive ontology terms of ODRL with other languages that allow behaviour specification, such as dynamic data handling or function evaluation. The framework includes an enforcement algorithm for ODRL policies and two open-source implementations in Python and Java. The ODRE framework is also designed to support future extensions of ODRL to specific domain scenarios. In addition, current limitations of ODRE, ODRL, and current challenges are reported. Finally, to demonstrate the enforcement capabilities of the implementations, their performance, and their extensibility features, several experiments have been carried out with positive results.
{"title":"Open Digital Rights Enforcement framework (ODRE): From descriptive to enforceable policies","authors":"Andrea Cimmino, Juan Cano-Benito, Raúl García-Castro","doi":"10.1016/j.cose.2024.104282","DOIUrl":"10.1016/j.cose.2024.104282","url":null,"abstract":"<div><div>From centralised platforms to decentralised ecosystems, like Data Spaces, sharing data has become a paramount challenge. For this reason, the definition of data usage policies has become crucial in these domains, highlighting the necessity of effective policy enforcement mechanisms. The Open Digital Rights Language (ODRL) is a W3C standard ontology designed to describe data usage policies, however, it lacks built-in enforcement capabilities, limiting its practical application. This paper introduces the Open Digital Rights Enforcement (ODRE) framework, whose goal is to provide ODRL with enforcement capabilities. The ODRE framework proposes a novel approach to express ODRL policies that integrates the descriptive ontology terms of ODRL with other languages that allow behaviour specification, such as dynamic data handling or function evaluation. The framework includes an enforcement algorithm for ODRL policies and two open-source implementations in Python and Java. The ODRE framework is also designed to support future extensions of ODRL to specific domain scenarios. In addition, current limitations of ODRE, ODRL, and current challenges are reported. Finally, to demonstrate the enforcement capabilities of the implementations, their performance, and their extensibility features, several experiments have been carried out with positive results.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"150 ","pages":"Article 104282"},"PeriodicalIF":4.8,"publicationDate":"2024-12-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143142802","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-12-18DOI: 10.1016/j.cose.2024.104284
Milton Campoverde-Molina , Sergio Luján-Mora
Agriculture is essential because of the current and future challenges related to food that our society must face. Agriculture is a precious resource (asset), and problems with agriculture can lead to famine and migration crises that destabilize a society. Smart agriculture can increase productivity and crop yield with new operating and business models. Smart agriculture relies on information and communication technology (ICT). However, a cyberattack on a country’s agricultural ICT can jeopardize an entire nation. In light of the aforementioned challenges and threats, this research presents a systematic literature review (SLR) to address the lack of a comprehensive review of the literature on cybersecurity in smart agriculture. This SLR analyzes 58 documents extracted from Scopus, Web of Science, and IEEE Xplore. The main findings on cybersecurity in smart agriculture encompass the challenges of cybersecurity in agriculture, the detection of attacks and intrusions, the evaluation of case studies, the assessment of frameworks, and the analysis of applied models. Organizations should also train their employees to recognize and respond to cyber threats. In addition, organizations should invest in cybersecurity processes, equipment, and training. The main contribution of this SLR is the consolidation of results to identify research findings, research gaps, and trends in cybersecurity in smart agriculture. The intended audience for this article includes researchers, farmers, and agribusinesses who may utilize frameworks, models, case studies, or emerging technologies in smart agriculture with the objective of mitigating or preventing cybersecurity threats.
{"title":"Cybersecurity in smart agriculture: A systematic literature review","authors":"Milton Campoverde-Molina , Sergio Luján-Mora","doi":"10.1016/j.cose.2024.104284","DOIUrl":"10.1016/j.cose.2024.104284","url":null,"abstract":"<div><div>Agriculture is essential because of the current and future challenges related to food that our society must face. Agriculture is a precious resource (asset), and problems with agriculture can lead to famine and migration crises that destabilize a society. Smart agriculture can increase productivity and crop yield with new operating and business models. Smart agriculture relies on information and communication technology (ICT). However, a cyberattack on a country’s agricultural ICT can jeopardize an entire nation. In light of the aforementioned challenges and threats, this research presents a systematic literature review (SLR) to address the lack of a comprehensive review of the literature on cybersecurity in smart agriculture. This SLR analyzes 58 documents extracted from Scopus, Web of Science, and IEEE Xplore. The main findings on cybersecurity in smart agriculture encompass the challenges of cybersecurity in agriculture, the detection of attacks and intrusions, the evaluation of case studies, the assessment of frameworks, and the analysis of applied models. Organizations should also train their employees to recognize and respond to cyber threats. In addition, organizations should invest in cybersecurity processes, equipment, and training. The main contribution of this SLR is the consolidation of results to identify research findings, research gaps, and trends in cybersecurity in smart agriculture. The intended audience for this article includes researchers, farmers, and agribusinesses who may utilize frameworks, models, case studies, or emerging technologies in smart agriculture with the objective of mitigating or preventing cybersecurity threats.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"150 ","pages":"Article 104284"},"PeriodicalIF":4.8,"publicationDate":"2024-12-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143142417","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The rise of large-scale quantum computing poses a significant threat to traditional cryptographic security measures. Quantum attacks, particularly targeting the mathematical foundations of current asymmetric cryptographic algorithms, render them ineffective. Even standard symmetric key cryptography is susceptible, albeit to a lesser extent, with potential security enhancements through longer keys or extended hash function outputs. Consequently, the cryptographic solutions currently employed to safeguard data will be inadequately secure and vulnerable to emerging quantum technology threats. In response to this impending quantum menace, organizations must chart a course towards quantum-safe environments, demanding robust business continuity plans and meticulous risk management throughout the migration process. This study provides an in-depth exploration of the challenges associated with migrating from a non-quantum-safe cryptographic state to one resilient against quantum threats. We introduce a comprehensive security risk assessment framework that scrutinizes vulnerabilities across algorithmic, certificate, and protocol layers, covering the entire migration journey, including pre-migration, through-migration, and post-migration stages. Our methodology links identified vulnerabilities to the well-established STRIDE threat model, establishing precise criteria for evaluating their potential impact and likelihood throughout the migration process. Moving beyond theoretical analysis, we address vulnerabilities practically, especially within critical components like cryptographic algorithms, public key infrastructures, and network protocols. Our study not only identifies potential attacks and vulnerabilities at each layer and migration stage but also suggests possible countermeasures and alternatives to enhance system resilience, empowering organizations to construct a secure infrastructure for the quantum era. Through these efforts, we establish the foundation for enduring security in networked systems amid the challenges of the quantum era.
{"title":"Evaluation framework for quantum security risk assessment: A comprehensive strategy for quantum-safe transition","authors":"Yaser Baseri , Vikas Chouhan , Ali Ghorbani , Aaron Chow","doi":"10.1016/j.cose.2024.104272","DOIUrl":"10.1016/j.cose.2024.104272","url":null,"abstract":"<div><div>The rise of large-scale quantum computing poses a significant threat to traditional cryptographic security measures. Quantum attacks, particularly targeting the mathematical foundations of current asymmetric cryptographic algorithms, render them ineffective. Even standard symmetric key cryptography is susceptible, albeit to a lesser extent, with potential security enhancements through longer keys or extended hash function outputs. Consequently, the cryptographic solutions currently employed to safeguard data will be inadequately secure and vulnerable to emerging quantum technology threats. In response to this impending quantum menace, organizations must chart a course towards quantum-safe environments, demanding robust business continuity plans and meticulous risk management throughout the migration process. This study provides an in-depth exploration of the challenges associated with migrating from a non-quantum-safe cryptographic state to one resilient against quantum threats. We introduce a comprehensive security risk assessment framework that scrutinizes vulnerabilities across algorithmic, certificate, and protocol layers, covering the entire migration journey, including pre-migration, through-migration, and post-migration stages. Our methodology links identified vulnerabilities to the well-established STRIDE threat model, establishing precise criteria for evaluating their potential impact and likelihood throughout the migration process. Moving beyond theoretical analysis, we address vulnerabilities practically, especially within critical components like cryptographic algorithms, public key infrastructures, and network protocols. Our study not only identifies potential attacks and vulnerabilities at each layer and migration stage but also suggests possible countermeasures and alternatives to enhance system resilience, empowering organizations to construct a secure infrastructure for the quantum era. Through these efforts, we establish the foundation for enduring security in networked systems amid the challenges of the quantum era.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"150 ","pages":"Article 104272"},"PeriodicalIF":4.8,"publicationDate":"2024-12-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143142421","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-12-17DOI: 10.1016/j.cose.2024.104289
P.S. Pavithra, P. Durgadevi
Intrusion Detection Systems (IDS) are crucial components of network security solutions designed to identify and reduce threats in real-time. The main function of IDS is to determine unauthorized access, anomalies, and misuse. When an anomaly is detected, the IDS alerts the network administrators or takes predefined actions to alleviate the threat. Several deep learning (DL) based techniques have been designed for effective IDS. Despite that, they face several complexities such as encrypted traffic, network complexity, less efficiency, and scalability issues. This research work designs a novel method named Ensemble Probability Regularized Network-based Waterwheel Plant Search (EPRN-WPS) algorithm for improving network security and integrity. The proposed framework integrates six phases namely, data collection, monitoring interval phase, alert preprocessing phase, alert scrubbing phase, alert correlation engine phase, and alert prioritization phase. For evaluation, the proposed framework deploys the input data from the Network Intrusion Detection Dataset (UNR-IDD). During, the monitor interval phase the model continuously monitored the network activities to generate more accurate alerts by deriving a diverse set of data over time. In the alert preprocessing phase, the relevant alerts are prioritized and unnecessary information is eliminated. Furthermore, the alert scrubbing phase is utilized to analyze and filter the alerts to reduce false positives and point out security threats. The potential threats by correlating alerts from various sources are identified in the alert correlation engine phase. For alert prioritization, the proposed technique EPRN-WPS combines a significance of Biased Probability Neural Network (BPNN), Regularized Extreme Learning Machine (RELM), and weighted average ensemble models and classifies the alerts into low, high, and medium. Moreover, the proposed framework implemented a Waterwheel plant optimization with an initial search strategy for optimizating the parameters thereby enhancing the effectiveness of the EPRN-WPS method. The proposed methodology achieves an accuracy of 98.9 %, a sensitivity of 97.2 %, a specificity of 97.7 %, an F1-score of 96.3 %, and a False Alarm Rate (FAR) of 1.4 %. The experimental results show the effectiveness of the proposed EPRN-WPS method in intrusion detection and it ensures the integrity of the network.
{"title":"Optimizing network security: Weighted average ensemble of BPNN and RELM in EPRN-WPS intrusion detection","authors":"P.S. Pavithra, P. Durgadevi","doi":"10.1016/j.cose.2024.104289","DOIUrl":"10.1016/j.cose.2024.104289","url":null,"abstract":"<div><div>Intrusion Detection Systems (IDS) are crucial components of network security solutions designed to identify and reduce threats in real-time. The main function of IDS is to determine unauthorized access, anomalies, and misuse. When an anomaly is detected, the IDS alerts the network administrators or takes predefined actions to alleviate the threat. Several deep learning (DL) based techniques have been designed for effective IDS. Despite that, they face several complexities such as encrypted traffic, network complexity, less efficiency, and scalability issues. This research work designs a novel method named Ensemble Probability Regularized Network-based Waterwheel Plant Search (EPRN-WPS) algorithm for improving network security and integrity. The proposed framework integrates six phases namely, data collection, monitoring interval phase, alert preprocessing phase, alert scrubbing phase, alert correlation engine phase, and alert prioritization phase. For evaluation, the proposed framework deploys the input data from the Network Intrusion Detection Dataset (UNR-IDD). During, the monitor interval phase the model continuously monitored the network activities to generate more accurate alerts by deriving a diverse set of data over time. In the alert preprocessing phase, the relevant alerts are prioritized and unnecessary information is eliminated. Furthermore, the alert scrubbing phase is utilized to analyze and filter the alerts to reduce false positives and point out security threats. The potential threats by correlating alerts from various sources are identified in the alert correlation engine phase. For alert prioritization, the proposed technique EPRN-WPS combines a significance of Biased Probability Neural Network (BPNN), Regularized Extreme Learning Machine (RELM), and weighted average ensemble models and classifies the alerts into low, high, and medium. Moreover, the proposed framework implemented a Waterwheel plant optimization with an initial search strategy for optimizating the parameters thereby enhancing the effectiveness of the EPRN-WPS method. The proposed methodology achieves an accuracy of 98.9 %, a sensitivity of 97.2 %, a specificity of 97.7 %, an F1-score of 96.3 %, and a False Alarm Rate (FAR) of 1.4 %. The experimental results show the effectiveness of the proposed EPRN-WPS method in intrusion detection and it ensures the integrity of the network.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"150 ","pages":"Article 104289"},"PeriodicalIF":4.8,"publicationDate":"2024-12-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143142807","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-12-16DOI: 10.1016/j.cose.2024.104280
Dazhi Zhan , Kun Xu , Xin Liu , Tong Han , Zhisong Pan , Shize Guo
Deep learning models have demonstrated strong performance in detecting malware. However, their reliance on updates from third-party crowdsourced threat sources introduces vulnerabilities that can be exploited for backdoor attacks. Backdoored models exhibit normal behavior on clean samples but can be triggered to output specific target categories when a test sample contains a predefined trigger pattern. This makes backdoor attacks challenging to detect and poses significant security risks in malware detection. Researchers have proposed various methods for backdoor attacks on malware detectors. Yet, existing approaches struggle to meet three strict conditions simultaneously: (1) conducting attacks in black-box scenarios, (2) accessing correct labels during attacks, and (3) preserving the original functionality of files. This paper introduces a practical framework for black-box clean-label backdoor attacks. We analyze unused byte regions in the header of PE files as potential injection points for triggers. In a black-box setting, we develop universal adversarial triggers using a heuristic search algorithm, effectively embedding them as backdoor triggers to evade malware detection. Experimental results demonstrate the effectiveness of the proposed backdoor attack in manipulating state-of-the-art detection models with high success rates.
{"title":"Practical clean-label backdoor attack against static malware detection","authors":"Dazhi Zhan , Kun Xu , Xin Liu , Tong Han , Zhisong Pan , Shize Guo","doi":"10.1016/j.cose.2024.104280","DOIUrl":"10.1016/j.cose.2024.104280","url":null,"abstract":"<div><div>Deep learning models have demonstrated strong performance in detecting malware. However, their reliance on updates from third-party crowdsourced threat sources introduces vulnerabilities that can be exploited for backdoor attacks. Backdoored models exhibit normal behavior on clean samples but can be triggered to output specific target categories when a test sample contains a predefined trigger pattern. This makes backdoor attacks challenging to detect and poses significant security risks in malware detection. Researchers have proposed various methods for backdoor attacks on malware detectors. Yet, existing approaches struggle to meet three strict conditions simultaneously: (1) conducting attacks in black-box scenarios, (2) accessing correct labels during attacks, and (3) preserving the original functionality of files. This paper introduces a practical framework for black-box clean-label backdoor attacks. We analyze unused byte regions in the header of PE files as potential injection points for triggers. In a black-box setting, we develop universal adversarial triggers using a heuristic search algorithm, effectively embedding them as backdoor triggers to evade malware detection. Experimental results demonstrate the effectiveness of the proposed backdoor attack in manipulating state-of-the-art detection models with high success rates.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"150 ","pages":"Article 104280"},"PeriodicalIF":4.8,"publicationDate":"2024-12-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143142734","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-12-16DOI: 10.1016/j.cose.2024.104278
Tian Jiang, Yunqi Liu, Xiaohui Cui
In the cybersecurity domain, Cyber Threat Intelligence (CTI) includes procedures that lead to textual reports and different types of pieces of information and evidence on cyber threats. To better understand the behaviors of attackers and construct attack graphs, identifying attack-relevant entities in diverse CTI texts precisely and efficiently becomes more important, and Named Entity Recognition (NER) models can help extract entities automatically. However, such fine-tuned models are usually vulnerable to adversarial attacks. In this paper, we first construct an attack framework that can explore textual adversarial attacks in the cybersecurity NER task by generating adversarial CTI texts. Then, we analyze the most important parts of speech (POSs) from the perspective of grammar, and propose a word-substitution-based attack method. To confront adversarial attacks, we also introduce a method to detect potential adversarial examples. Experimental results show that cybersecurity NER models are also vulnerable to adversarial attacks. Among all attack methods, our method can generate adversarial texts that keep a balanced performance in several aspects. Furthermore, adversarial examples generated by all attack methods perform well in the study of transferability, and they can help improve the robustness of NER models through adversarial training. On the defense side, our detection method is simple but effective against multiple types of textual adversarial attacks.
{"title":"Textual adversarial attacks in cybersecurity named entity recognition","authors":"Tian Jiang, Yunqi Liu, Xiaohui Cui","doi":"10.1016/j.cose.2024.104278","DOIUrl":"10.1016/j.cose.2024.104278","url":null,"abstract":"<div><div>In the cybersecurity domain, Cyber Threat Intelligence (CTI) includes procedures that lead to textual reports and different types of pieces of information and evidence on cyber threats. To better understand the behaviors of attackers and construct attack graphs, identifying attack-relevant entities in diverse CTI texts precisely and efficiently becomes more important, and Named Entity Recognition (NER) models can help extract entities automatically. However, such fine-tuned models are usually vulnerable to adversarial attacks. In this paper, we first construct an attack framework that can explore textual adversarial attacks in the cybersecurity NER task by generating adversarial CTI texts. Then, we analyze the most important parts of speech (POSs) from the perspective of grammar, and propose a word-substitution-based attack method. To confront adversarial attacks, we also introduce a method to detect potential adversarial examples. Experimental results show that cybersecurity NER models are also vulnerable to adversarial attacks. Among all attack methods, our method can generate adversarial texts that keep a balanced performance in several aspects. Furthermore, adversarial examples generated by all attack methods perform well in the study of transferability, and they can help improve the robustness of NER models through adversarial training. On the defense side, our detection method is simple but effective against multiple types of textual adversarial attacks.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"150 ","pages":"Article 104278"},"PeriodicalIF":4.8,"publicationDate":"2024-12-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143142805","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
扫码关注我们
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号