Computers & Security最新文献_第8页

Remote secure object authentication: Secure sketches, fuzzy extractors, and security protocols 远程安全对象验证：安全草图、模糊提取器和安全协议

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2024-09-27 DOI: 10.1016/j.cose.2024.104131

Mónica P. Arenas, Georgios Fotiadis, Gabriele Lenzini, Mohammadamin Rakeei

Coating objects with microscopic droplets of liquid crystals makes it possible to identify and authenticate objects as if they had biometric-like features: this is extremely valuable as an anti-counterfeiting measure. How to extract features from images has been studied elsewhere, but exchanging data about features is not enough if we wish to build secure cryptographic authentication protocols. What we need are authentication tokens (i.e., bitstrings), strategies to cope with noise, always present when processing images, and solutions to protect the original features so that it is impossible to reproduce them from the tokens. Secure sketches and fuzzy extractors are the cryptographic toolkits that offer these functionalities, but they must be instantiated to work with the peculiar specific features extracted from images of liquid crystals. We show how this can work and how we can obtain uniform, error-tolerant, and random strings, and how they are used to authenticate liquid crystal coated objects. Our protocol reminds an existing biometric-based protocol, but only apparently. Using the original protocol as-it-is would make the process vulnerable to an attack that exploits certain physical peculiarities of our liquid crystal coatings. Instead, our protocol is robust against the attack. We prove all our security claims formally, by modeling and verifying in Proverif, our protocol and its cryptographic schemes. We implement and benchmark our solution, measuring both the performance and the quality of authentication.

在物体上涂上微小的液晶液滴，就能像识别生物特征一样识别和验证物体：这是一种极有价值的防伪措施。如何从图像中提取特征已经在其他地方进行过研究，但如果我们想建立安全的加密认证协议，仅交换有关特征的数据是不够的。我们需要的是认证令牌（即位字符串）、处理图像时始终存在的噪音的策略，以及保护原始特征的解决方案，这样就不可能从令牌中复制出原始特征。安全草图和模糊提取器是提供这些功能的加密工具包，但必须对它们进行实例化，以处理从液晶图像中提取的特殊功能。我们展示了如何实现这一功能，如何获得统一、容错和随机的字符串，以及如何使用这些字符串来验证液晶涂层物体。我们的协议提醒了现有的基于生物识别技术的协议，但只是表面上的。原封不动地使用原始协议会使整个过程容易受到利用液晶涂层某些物理特性的攻击。相反，我们的协议却能抵御这种攻击。我们通过在 Proverif 中对协议及其加密方案进行建模和验证，正式证明了我们所有的安全主张。我们实施了我们的解决方案并对其进行了基准测试，同时测量了性能和认证质量。

{"title":"Remote secure object authentication: Secure sketches, fuzzy extractors, and security protocols","authors":"Mónica P. Arenas, Georgios Fotiadis, Gabriele Lenzini, Mohammadamin Rakeei","doi":"10.1016/j.cose.2024.104131","DOIUrl":"10.1016/j.cose.2024.104131","url":null,"abstract":"<div><div>Coating objects with microscopic droplets of liquid crystals makes it possible to identify and authenticate objects as if they had biometric-like features: this is extremely valuable as an anti-counterfeiting measure. How to extract features from images has been studied elsewhere, but exchanging data about features is not enough if we wish to build secure cryptographic authentication protocols. What we need are authentication tokens (i.e., bitstrings), strategies to cope with noise, always present when processing images, and solutions to protect the original features so that it is impossible to reproduce them from the tokens. Secure sketches and fuzzy extractors are the cryptographic toolkits that offer these functionalities, but they must be instantiated to work with the peculiar specific features extracted from images of liquid crystals. We show how this can work and how we can obtain uniform, error-tolerant, and random strings, and how they are used to authenticate liquid crystal coated objects. Our protocol reminds an existing biometric-based protocol, but only apparently. Using the original protocol as-it-is would make the process vulnerable to an attack that exploits certain physical peculiarities of our liquid crystal coatings. Instead, our protocol is robust against the attack. We prove all our security claims formally, by modeling and verifying in Proverif, our protocol and its cryptographic schemes. We implement and benchmark our solution, measuring both the performance and the quality of authentication.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"148 ","pages":"Article 104131"},"PeriodicalIF":4.8,"publicationDate":"2024-09-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142356817","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A graph representation framework for encrypted network traffic classification 加密网络流量分类的图表示框架

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2024-09-26 DOI: 10.1016/j.cose.2024.104134

Zulu Okonkwo, Ernest Foo, Zhe Hou, Qinyi Li, Zahra Jadidi

Network Traffic Classification (NTC) is crucial for ensuring internet security, but encryption presents significant challenges to this task. While Machine Learning (ML) and Deep Learning (DL) methods have shown promise, issues such as limited representativeness leading to sub-optimal generalizations and performance remain prevalent. These problems become more pronounced with advanced obfuscation, network security, and privacy technologies, indicating a need for improved model robustness. To address these issues, we focus on feature extraction and representation in NTC by leveraging the expressive power of graphs to represent network traffic at various granularity levels. By modeling network traffic as interconnected graphs, we can analyze both flow-level and packet-level data. Our graph representation method for encrypted NTC effectively preserves crucial information despite encryption and obfuscation. We enhance the robustness of our approach by using cosine similarity to exploit correlations between encrypted network flows and packets, defining relationships between abstract entities. This graph structure enables the creation of structural embeddings that accurately define network traffic across different encryption levels. Our end-to-end process demonstrates significant improvements where traditional NTC methods struggle, such as in Tor classification, which employs anonymization to further obfuscate traffic. Our packet-level classification approach consistently outperforms existing methods, achieving accuracies exceeding 96%.

网络流量分类（NTC）对于确保互联网安全至关重要，但加密给这项任务带来了巨大挑战。虽然机器学习（ML）和深度学习（DL）方法已显示出良好的前景，但诸如代表性有限导致概括和性能未达到最佳等问题仍然普遍存在。随着先进的混淆、网络安全和隐私技术的发展，这些问题变得更加突出，这表明需要提高模型的鲁棒性。为了解决这些问题，我们利用图的表现力来表示不同粒度水平的网络流量，重点关注 NTC 中的特征提取和表示。通过将网络流量建模为相互连接的图，我们可以分析流量级和数据包级数据。尽管进行了加密和混淆，我们用于加密 NTC 的图表示方法仍能有效保留关键信息。我们利用余弦相似性来利用加密网络流和数据包之间的相关性，定义抽象实体之间的关系，从而增强了我们方法的鲁棒性。这种图结构能够创建结构嵌入，准确定义不同加密级别的网络流量。我们的端到端流程在传统 NTC 方法难以解决的问题上取得了显著改进，例如在 Tor 分类中，该方法采用匿名化来进一步混淆流量。我们的数据包级分类方法始终优于现有方法，准确率超过 96%。

{"title":"A graph representation framework for encrypted network traffic classification","authors":"Zulu Okonkwo, Ernest Foo, Zhe Hou, Qinyi Li, Zahra Jadidi","doi":"10.1016/j.cose.2024.104134","DOIUrl":"10.1016/j.cose.2024.104134","url":null,"abstract":"<div><div>Network Traffic Classification (NTC) is crucial for ensuring internet security, but encryption presents significant challenges to this task. While Machine Learning (ML) and Deep Learning (DL) methods have shown promise, issues such as limited representativeness leading to sub-optimal generalizations and performance remain prevalent. These problems become more pronounced with advanced obfuscation, network security, and privacy technologies, indicating a need for improved model robustness. To address these issues, we focus on <em>feature extraction</em> and <em>representation</em> in NTC by leveraging the expressive power of graphs to represent network traffic at various granularity levels. By modeling network traffic as interconnected graphs, we can analyze both flow-level and packet-level data. Our graph representation method for encrypted NTC effectively preserves crucial information despite encryption and obfuscation. We enhance the robustness of our approach by using cosine similarity to exploit correlations between encrypted network flows and packets, defining relationships between abstract entities. This graph structure enables the creation of structural embeddings that accurately define network traffic across different encryption levels. Our end-to-end process demonstrates significant improvements where traditional NTC methods struggle, such as in Tor classification, which employs anonymization to further obfuscate traffic. Our packet-level classification approach consistently outperforms existing methods, achieving accuracies exceeding 96%.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"148 ","pages":"Article 104134"},"PeriodicalIF":4.8,"publicationDate":"2024-09-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142326768","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Beyond the west: Revealing and bridging the gap between Western and Chinese phishing website detection 超越西方：揭示并弥合中西方钓鱼网站检测之间的差距

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2024-09-26 DOI: 10.1016/j.cose.2024.104115

Ying Yuan , Giovanni Apruzzese , Mauro Conti

Phishing attacks are on the rise, and phishing websites are everywhere, denoting the brittleness of security mechanisms reliant on blocklists. To cope with this threat, many works proposed to enhance Phishing Website Detectors (PWD) with data-driven techniques powered by Machine Learning (ML). Despite achieving promising results both in research and practice, existing solutions mostly focus “on the West”, e.g., they consider websites in English, German, or Italian. In contrast, phishing websites targeting “Eastern” countries, such as China, have been mostly neglected—despite phishing being rampant also in this side of the world.

In this paper, we scrutinize whether current PWD can simultaneously work against Western and Chinese phishing websites. First, after highlighting the difficulties of practically testing PWD on Chinese phishing websites, we create CghPghrg—a dataset which enables assessment of PWD on Chinese websites. Then, we evaluate 72 PWD developed by industry practitioners and 10 ML-based PWD proposed in recent research on Western and Chinese websites: our results highlight that existing solutions, despite achieving low false positive rates, exhibit unacceptably low detection rates (sometimes inferior to 1%) on phishing websites of different regions. Next, to bridge the gap we brought to light, we elucidate the differences between Western and Chinese websites, and devise an enhanced feature set that accounts for the unique characteristics of Chinese websites. We empirically demonstrate the effectiveness of our proposed feature set by replicating (and testing) state-of-the-art ML-PWD: our results show a small but statistically significant improvement over the baselines. Finally, we review all our previous contributions and combine them to develop practical PWD that simultaneously work on Chinese and Western websites, achieving over 0.98 detection rate while maintaining only 0.01 false positive rate in a cross-regional setting. We openly release all our tools, disclose all our benchmark results, and also perform proof-of-concept experiments revealing that the problem tackled by our paper extends to other “Eastern” countries that have been overlooked by prior research on PWD.

网络钓鱼攻击呈上升趋势，网络钓鱼网站随处可见，这表明依赖于拦截列表的安全机制非常脆弱。为了应对这一威胁，许多研究都提出利用机器学习（ML）驱动的数据驱动技术来增强网络钓鱼网站检测器（PWD）。尽管在研究和实践中都取得了可喜的成果，但现有的解决方案大多侧重于 "西方"，例如，它们考虑的是英语、德语或意大利语网站。相比之下，以中国等 "东方 "国家为目标的钓鱼网站大多被忽视--尽管钓鱼网站在中国也很猖獗。在本文中，我们将仔细研究当前的 PWD 能否同时对付西方和中国的钓鱼网站。首先，我们强调了在中国钓鱼网站上实际测试 PWD 的困难，然后创建了 CghPghrg 数据集，用于评估中国网站上的 PWD。然后，我们对行业从业人员开发的 72 个 PWD 和最近在西方和中国网站上研究提出的 10 个基于 ML 的 PWD 进行了评估：我们的结果表明，现有的解决方案尽管误报率较低，但在不同地区的钓鱼网站上表现出令人无法接受的低检测率（有时低于 1%）。接下来，为了弥补我们发现的差距，我们阐明了中西方网站之间的差异，并根据中国网站的独特性设计了一套增强型特征集。我们通过复制（和测试）最先进的 ML-PWD 验证了我们提出的特征集的有效性：我们的结果表明，与基线相比，我们的特征集有微小但统计上显著的改进。最后，我们回顾了我们之前的所有贡献，并将它们结合起来，开发出同时适用于中国和西方网站的实用 PWD，在跨地区环境中实现了超过 0.98 的检测率，而误报率仅为 0.01。我们公开发布了我们的所有工具，披露了我们的所有基准结果，还进行了概念验证实验，揭示了我们的论文所解决的问题可以扩展到之前的 PWD 研究忽略的其他 "东方 "国家。

{"title":"Beyond the west: Revealing and bridging the gap between Western and Chinese phishing website detection","authors":"Ying Yuan , Giovanni Apruzzese , Mauro Conti","doi":"10.1016/j.cose.2024.104115","DOIUrl":"10.1016/j.cose.2024.104115","url":null,"abstract":"<div><div>Phishing attacks are on the rise, and phishing <em>websites</em> are everywhere, denoting the brittleness of security mechanisms reliant on blocklists. To cope with this threat, many works proposed to enhance Phishing Website Detectors (PWD) with data-driven techniques powered by Machine Learning (ML). Despite achieving promising results both in research and practice, existing solutions mostly focus “on the West”, e.g., they consider websites in English, German, or Italian. In contrast, phishing websites targeting “Eastern” countries, such as China, have been mostly neglected—despite phishing being rampant also in this side of the world.</div><div>In this paper, we scrutinize whether current PWD can simultaneously work against Western and Chinese phishing websites. First, after highlighting the difficulties of practically testing PWD on Chinese phishing websites, we create CghPghrg—a dataset which enables assessment of PWD on Chinese websites. Then, we evaluate 72 PWD developed by industry practitioners and 10 ML-based PWD proposed in recent research on Western and Chinese websites: our results highlight that existing solutions, despite achieving low false positive rates, exhibit unacceptably low detection rates (sometimes inferior to 1%) on phishing websites of different <em>regions</em>. Next, to bridge the gap we brought to light, we elucidate the differences between Western and Chinese websites, and devise an enhanced feature set that accounts for the unique characteristics of Chinese websites. We empirically demonstrate the effectiveness of our proposed feature set by replicating (and testing) state-of-the-art ML-PWD: our results show a small but statistically significant improvement over the baselines. Finally, we review all our previous contributions and combine them to develop practical PWD that simultaneously work on Chinese and Western websites, achieving over 0.98 detection rate while maintaining only 0.01 false positive rate in a cross-regional setting. We openly release all our tools, disclose all our benchmark results, and also perform proof-of-concept experiments revealing that the problem tackled by our paper extends to other “Eastern” countries that have been overlooked by prior research on PWD.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"148 ","pages":"Article 104115"},"PeriodicalIF":4.8,"publicationDate":"2024-09-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142661692","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Edge-featured multi-hop attention graph neural network for intrusion detection system 用于入侵检测系统的边缘特征多跳注意力图神经网络

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2024-09-26 DOI: 10.1016/j.cose.2024.104132

Ping Deng, Yong Huang

With the development of the Internet, the application of computer technology has rapidly become widespread, driving the progress of Internet of Things (IoT) technology. The attacks present on networks have become more complex and stealthy. However, traditional network intrusion detection systems with singular functions are no longer sufficient to meet current demands. While some machine learning-based network intrusion detection systems have emerged, traditional machine learning methods cannot effectively respond to the complex and dynamic nature of network attacks. Intrusion detection systems utilizing deep learning can better enhance detection capabilities through diverse data learning and training. To capture the topological relationships in network data, using graph neural networks (GNNs) is most suitable. Most existing GNNs for intrusion detection use multi-layer network training, which may lead to over-smoothing issues. Additionally, current intrusion detection solutions often lack efficiency. To mitigate the issues mentioned above, this paper proposes an Edge-featured Multi-hop Attention Graph Neural Network for Intrusion Detection System (EMA-IDS), aiming to improve detection performance by capturing more features from data flows. Our method enhances computational efficiency through attention propagation and integrates node and edge features, fully leveraging data characteristics. We carried out experiments on four public datasets, which are NF-CSE-CIC-IDS2018-v2, NF-UNSW-NB15-v2, NF-BoT-IoT, and NF-ToN-IoT. Compared with existing models, our method demonstrated superior performance.

随着互联网的发展，计算机技术的应用迅速普及，推动了物联网（IoT）技术的进步。网络上出现的攻击行为也变得更加复杂和隐蔽。然而，功能单一的传统网络入侵检测系统已无法满足当前的需求。虽然出现了一些基于机器学习的网络入侵检测系统，但传统的机器学习方法无法有效应对复杂多变的网络攻击。利用深度学习的入侵检测系统可以通过多样化的数据学习和训练更好地提高检测能力。要捕捉网络数据中的拓扑关系，使用图神经网络（GNN）最为合适。现有用于入侵检测的图神经网络大多使用多层网络训练，这可能会导致过度平滑问题。此外，当前的入侵检测解决方案往往缺乏效率。为了缓解上述问题，本文提出了一种用于入侵检测系统的边缘特征多跳注意力图神经网络（EMA-IDS），旨在通过捕捉数据流中的更多特征来提高检测性能。我们的方法通过注意力传播提高了计算效率，并整合了节点和边缘特征，充分利用了数据特征。我们在 NF-CSE-CIC-IDS2018-v2、NF-UNSW-NB15-v2、NF-BoT-IoT 和 NF-ToN-IoT 四个公开数据集上进行了实验。与现有模型相比，我们的方法表现出更优越的性能。

{"title":"Edge-featured multi-hop attention graph neural network for intrusion detection system","authors":"Ping Deng, Yong Huang","doi":"10.1016/j.cose.2024.104132","DOIUrl":"10.1016/j.cose.2024.104132","url":null,"abstract":"<div><div>With the development of the Internet, the application of computer technology has rapidly become widespread, driving the progress of Internet of Things (IoT) technology. The attacks present on networks have become more complex and stealthy. However, traditional network intrusion detection systems with singular functions are no longer sufficient to meet current demands. While some machine learning-based network intrusion detection systems have emerged, traditional machine learning methods cannot effectively respond to the complex and dynamic nature of network attacks. Intrusion detection systems utilizing deep learning can better enhance detection capabilities through diverse data learning and training. To capture the topological relationships in network data, using graph neural networks (GNNs) is most suitable. Most existing GNNs for intrusion detection use multi-layer network training, which may lead to over-smoothing issues. Additionally, current intrusion detection solutions often lack efficiency. To mitigate the issues mentioned above, this paper proposes an <u>E</u>dge-featured <u>M</u>ulti-hop <u>A</u>ttention Graph Neural Network for <u>I</u>ntrusion <u>D</u>etection <u>S</u>ystem (EMA-IDS), aiming to improve detection performance by capturing more features from data flows. Our method enhances computational efficiency through attention propagation and integrates node and edge features, fully leveraging data characteristics. We carried out experiments on four public datasets, which are NF-CSE-CIC-IDS2018-v2, NF-UNSW-NB15-v2, NF-BoT-IoT, and NF-ToN-IoT. Compared with existing models, our method demonstrated superior performance.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"148 ","pages":"Article 104132"},"PeriodicalIF":4.8,"publicationDate":"2024-09-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142419447","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

An explainable unsupervised anomaly detection framework for Industrial Internet of Things 面向工业物联网的可解释无监督异常检测框架

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2024-09-25 DOI: 10.1016/j.cose.2024.104130

Yilixiati Abudurexiti , Guangjie Han , Fan Zhang , Li Liu

Industrial Internet of Things (IIoT) systems require effective anomaly detection techniques to ensure optimal operational efficiency. However, constructing a suitable anomaly detection framework for IIoT poses challenges due to the scarcity of labeled data. Additionally, most existing anomaly detection frameworks lack interpretability. To tackle these issues, an innovative unsupervised framework based on time series data analysis is proposed. This framework initially detects anomalous patterns in IIoT sensor data by extracting local features. An improved Time Convolutional Network (TCN) and Kolmogorov–Arnold Network (KAN) based Variational Auto-Encoder (VAE) is then constructed to capture long-term dependencies. The framework is trained in an unsupervised manner and interpreted using Explainable Artificial Intelligence (XAI) techniques. This approach offers insightful explanations regarding the importance of features, thereby facilitating informed decision-making and enhancements. Experimental results demonstrate that the framework is capable of extracting informative features and capturing long-term dependencies. This enables efficient anomaly detection in complex, dynamic industrial systems, surpassing other unsupervised methods.

工业物联网（IIoT）系统需要有效的异常检测技术，以确保最佳的运行效率。然而，由于标注数据稀缺，为 IIoT 构建合适的异常检测框架面临着挑战。此外，大多数现有的异常检测框架缺乏可解释性。为了解决这些问题，我们提出了一种基于时间序列数据分析的创新型无监督框架。该框架最初通过提取局部特征来检测物联网传感器数据中的异常模式。然后，构建基于时间卷积网络（TCN）和科尔莫哥罗德网络（KAN）的改进型变异自动编码器（VAE），以捕捉长期依赖关系。该框架以无监督方式进行训练，并使用可解释人工智能（XAI）技术进行解释。这种方法能就特征的重要性提供有见地的解释，从而促进知情决策和改进。实验结果表明，该框架能够提取信息特征并捕捉长期依赖关系。这使得在复杂、动态的工业系统中进行高效的异常检测成为可能，超越了其他无监督方法。

{"title":"An explainable unsupervised anomaly detection framework for Industrial Internet of Things","authors":"Yilixiati Abudurexiti , Guangjie Han , Fan Zhang , Li Liu","doi":"10.1016/j.cose.2024.104130","DOIUrl":"10.1016/j.cose.2024.104130","url":null,"abstract":"<div><div>Industrial Internet of Things (IIoT) systems require effective anomaly detection techniques to ensure optimal operational efficiency. However, constructing a suitable anomaly detection framework for IIoT poses challenges due to the scarcity of labeled data. Additionally, most existing anomaly detection frameworks lack interpretability. To tackle these issues, an innovative unsupervised framework based on time series data analysis is proposed. This framework initially detects anomalous patterns in IIoT sensor data by extracting local features. An improved Time Convolutional Network (TCN) and Kolmogorov–Arnold Network (KAN) based Variational Auto-Encoder (VAE) is then constructed to capture long-term dependencies. The framework is trained in an unsupervised manner and interpreted using Explainable Artificial Intelligence (XAI) techniques. This approach offers insightful explanations regarding the importance of features, thereby facilitating informed decision-making and enhancements. Experimental results demonstrate that the framework is capable of extracting informative features and capturing long-term dependencies. This enables efficient anomaly detection in complex, dynamic industrial systems, surpassing other unsupervised methods.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"148 ","pages":"Article 104130"},"PeriodicalIF":4.8,"publicationDate":"2024-09-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142419448","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Improving IIoT security: Unveiling threats through advanced side-channel analysis 提高 IIoT 安全性：通过先进的侧信道分析揭示威胁

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2024-09-25 DOI: 10.1016/j.cose.2024.104135

Dalin He , Huanyu Wang , Tuo Deng , Jishi Liu , Junnian Wang

The widespread deployment of IIoT edge devices makes them attractive victims for malicious activities. Consequently, how to implement trustworthy operations becomes a realistic topic in embedded systems. While most current physical systems for detecting malicious activities primarily focus on identifying known intrusion codes at the block level, they ignore that even an unnoticeable injected function can result in system-wide loss of security. In this paper, we propose a framework called CNDSW built on deep-learning side-channel analysis for function-level industrial control flow integrity monitoring. By collaboratively utilizing correlation analysis and deep-learning techniques, the dual window sliding monitoring mechanism in the proposed CNDSW framework demonstrates a real-time code intrusion tracking capacity on embedded controllers with a 99% detection accuracy on average. Instead of focusing on known block-level intrusions, we experimentally show that our model is feasible to detect function-level code intrusions without knowing the potential threat type. Besides, we further explore how different configurations of the CNDSW framework can help the monitoring process with different emphases and to which extent the model can concurrently detect multiple code intrusion activities. All our experiments are conducted on 32-bit ARM Cortex-M4 and 8-bit RISC MCUs across five different control flow programs, providing a comprehensive evaluation of the framework’s capabilities.

IIoT 边缘设备的广泛部署使其成为恶意活动的目标。因此，如何实现值得信赖的操作成为嵌入式系统中的一个现实课题。虽然目前大多数用于检测恶意活动的物理系统主要侧重于在块级识别已知的入侵代码，但它们忽视了即使是一个不引人注意的注入函数也可能导致整个系统丧失安全性。在本文中，我们提出了一种基于深度学习侧信道分析的 CNDSW 框架，用于功能级工业控制流完整性监控。通过协同利用相关性分析和深度学习技术，所提出的 CNDSW 框架中的双窗口滑动监控机制在嵌入式控制器上展示了实时代码入侵跟踪能力，平均检测准确率达 99%。我们通过实验证明，我们的模型可以在不知道潜在威胁类型的情况下检测函数级代码入侵，而不是专注于已知的块级入侵。此外，我们还进一步探索了 CNDSW 框架的不同配置如何以不同的侧重点帮助监控过程，以及该模型能在多大程度上同时检测多个代码入侵活动。我们的所有实验都是在 32 位 ARM Cortex-M4 和 8 位 RISC MCU 上进行的，涉及五个不同的控制流程序，从而全面评估了该框架的能力。

{"title":"Improving IIoT security: Unveiling threats through advanced side-channel analysis","authors":"Dalin He , Huanyu Wang , Tuo Deng , Jishi Liu , Junnian Wang","doi":"10.1016/j.cose.2024.104135","DOIUrl":"10.1016/j.cose.2024.104135","url":null,"abstract":"<div><div>The widespread deployment of IIoT edge devices makes them attractive victims for malicious activities. Consequently, how to implement trustworthy operations becomes a realistic topic in embedded systems. While most current physical systems for detecting malicious activities primarily focus on identifying known intrusion codes at the block level, they ignore that even an unnoticeable injected function can result in system-wide loss of security. In this paper, we propose a framework called CNDSW built on deep-learning side-channel analysis for function-level industrial control flow integrity monitoring. By collaboratively utilizing correlation analysis and deep-learning techniques, the dual window sliding monitoring mechanism in the proposed CNDSW framework demonstrates a real-time code intrusion tracking capacity on embedded controllers with a 99% detection accuracy on average. Instead of focusing on known block-level intrusions, we experimentally show that our model is feasible to detect function-level code intrusions without knowing the potential threat type. Besides, we further explore how different configurations of the CNDSW framework can help the monitoring process with different emphases and to which extent the model can concurrently detect multiple code intrusion activities. All our experiments are conducted on 32-bit ARM Cortex-M4 and 8-bit RISC MCUs across five different control flow programs, providing a comprehensive evaluation of the framework’s capabilities.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"148 ","pages":"Article 104135"},"PeriodicalIF":4.8,"publicationDate":"2024-09-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142419449","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

E-WebGuard: Enhanced neural architectures for precision web attack detection E-WebGuard：用于精确检测网络攻击的增强型神经架构

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2024-09-23 DOI: 10.1016/j.cose.2024.104127

Luchen Zhou , Wei-Chuen Yau , Y.S. Gan , Sze-Teng Liong

Web applications have become a favored tool for organizations to disseminate vast amounts of information to the public. With the increasing adoption and inherent openness of these applications, there is an observed surge in web-based attacks exploited by adversaries. However, most of the web attack detection works are based on public datasets that are outdated or do not cover a sufficient quantity of web application attacks. Furthermore, most of them are binary detection (i.e., normal or attack) and there is little work on multi-class web attack detection. This highlights the crucial need for automated web attack detection models to bolster web security. In this study, a suite of integrated machine learning and deep learning models is designed to detect web attacks. Specifically, this study employs the Character-level Support Vector Machine (Char-SVM), Character-level Long Short-Term Memory (Char-LSTM), Convolutional Neural Network - SVM (CNN-SVM), and CNN-Bi-LSTM models to differentiate between standard HTTP requests and HTTP-based attacks in both the CSIC 2010 and SR-BH 2020 datasets. Note that the CSIC 2010 dataset involves binary classification, while the SR-BH 2020 dataset involves multi-class classification, specifically with 13 classes. Notably, the input data is first converted to the character level before being fed into any of the proposed model architectures. In the binary classification task, the Char-SVM model with a linear kernel outperforms other models, achieving an accuracy rate of 99.60%. The CNN-Bi-LSTM model closely follows with a 99.41% accuracy, surpassing the performance of the CNN-LSTM model presented in previous research. In the context of multi-class classification, the CNN-Bi-LSTM model demonstrates outstanding performance with a 99.63% accuracy rate. Furthermore, the multi-class classification models, namely Char-LSTM and CNN-Bi-LSTM, achieve validation accuracies above 98%, outperforming the two machine learning-based methods mentioned in the original research.

网络应用程序已成为企业向公众传播大量信息的首选工具。随着这些应用的日益普及和固有的开放性，我们观察到被对手利用的基于网络的攻击激增。然而，大多数网络攻击检测工作都是基于过时的公共数据集，或者没有涵盖足够数量的网络应用程序攻击。此外，大多数检测都是二元检测（即正常或攻击），很少有关于多类网络攻击检测的工作。这凸显了对自动网络攻击检测模型的迫切需要，以加强网络安全。本研究设计了一套集成机器学习和深度学习模型来检测网络攻击。具体来说，本研究采用了字符级支持向量机（Char-SVM）、字符级长短期记忆（Char-LSTM）、卷积神经网络-SVM（CNN-SVM）和 CNN-Bi-LSTM 模型来区分 CSIC 2010 和 SR-BH 2020 数据集中的标准 HTTP 请求和基于 HTTP 的攻击。请注意，CSIC 2010 数据集涉及二元分类，而 SR-BH 2020 数据集涉及多类分类，特别是 13 类。值得注意的是，在将输入数据输入到任何建议的模型架构之前，首先要将其转换为字符级。在二元分类任务中，采用线性核的 Char-SVM 模型优于其他模型，准确率达到 99.60%。CNN-Bi-LSTM 模型紧随其后，准确率达到 99.41%，超过了之前研究中 CNN-LSTM 模型的表现。在多类分类方面，CNN-Bi-LSTM 模型表现突出，准确率达到 99.63%。此外，多类分类模型（即 Char-LSTM 和 CNN-Bi-LSTM）的验证准确率超过 98%，优于原始研究中提到的两种基于机器学习的方法。

{"title":"E-WebGuard: Enhanced neural architectures for precision web attack detection","authors":"Luchen Zhou , Wei-Chuen Yau , Y.S. Gan , Sze-Teng Liong","doi":"10.1016/j.cose.2024.104127","DOIUrl":"10.1016/j.cose.2024.104127","url":null,"abstract":"<div><div>Web applications have become a favored tool for organizations to disseminate vast amounts of information to the public. With the increasing adoption and inherent openness of these applications, there is an observed surge in web-based attacks exploited by adversaries. However, most of the web attack detection works are based on public datasets that are outdated or do not cover a sufficient quantity of web application attacks. Furthermore, most of them are binary detection (i.e., normal or attack) and there is little work on multi-class web attack detection. This highlights the crucial need for automated web attack detection models to bolster web security. In this study, a suite of integrated machine learning and deep learning models is designed to detect web attacks. Specifically, this study employs the Character-level Support Vector Machine (Char-SVM), Character-level Long Short-Term Memory (Char-LSTM), Convolutional Neural Network - SVM (CNN-SVM), and CNN-Bi-LSTM models to differentiate between standard HTTP requests and HTTP-based attacks in both the CSIC 2010 and SR-BH 2020 datasets. Note that the CSIC 2010 dataset involves binary classification, while the SR-BH 2020 dataset involves multi-class classification, specifically with 13 classes. Notably, the input data is first converted to the character level before being fed into any of the proposed model architectures. In the binary classification task, the Char-SVM model with a linear kernel outperforms other models, achieving an accuracy rate of 99.60%. The CNN-Bi-LSTM model closely follows with a 99.41% accuracy, surpassing the performance of the CNN-LSTM model presented in previous research. In the context of multi-class classification, the CNN-Bi-LSTM model demonstrates outstanding performance with a 99.63% accuracy rate. Furthermore, the multi-class classification models, namely Char-LSTM and CNN-Bi-LSTM, achieve validation accuracies above 98%, outperforming the two machine learning-based methods mentioned in the original research.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"148 ","pages":"Article 104127"},"PeriodicalIF":4.8,"publicationDate":"2024-09-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142323984","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Enhancing data integrity in opportunistic mobile social network: Leveraging Berkle Tree and secure data routing against attacks 增强机会主义移动社交网络中的数据完整性：利用伯克树和安全数据路由对抗攻击

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2024-09-22 DOI: 10.1016/j.cose.2024.104133

Vimitha R. Vidhya Lakshmi , Gireesh Kumar T

In Opportunistic Mobile Social Networks (OMSNs), ensuring data integrity is crucial. The anonymous and opportunistic nature of node communication makes these networks vulnerable to data integrity attacks. The existing literature identified significant shortcomings in effectively addressing data integrity attacks with high efficiency and accuracy. This paper addresses these issues by proposing the "Berkle Tree", a novel data structure designed to mitigate data integrity attacks in OMSNs. The Berkle Tree leverages the EvolvedBloom filter, which is a variant of the bloom filter with a negligible False Positive Rate (FPR). The key contributions of this study include i) an innovative application of EvolvedBloom for membership testing and Berkle Tree root validation, and ii) comparative analysis with existing data structures like Merkle and Verkle Trees. The Berkle Tree demonstrates superior performance, reducing tree generation and integrity validation times and leading to substantial computational cost reductions of 79.50 % and 90.57 %, respectively. The proposed method integrates the Berkle Tree into OMSN routing models and evaluates performance against Packet Drop, Modification, and Fake Attacks (PDA, PMA, PFA). Results show average Malicious Node Detection Accuracy of 98.2 %, 85.2 %, and 94.4 %; Malicious Path Detection Accuracy of 98.6 %, 86.6 %, and 90.2 %; Malicious Data Detection Accuracy of 98.4 %, 80.2 %, and 93.4 %; and False Negative Rates of 1.8 %, 14.8 %, and 5.6 % for PDA, PMA, and PFA, respectively. The major findings demonstrate that the proposed approach significantly improves OMSN routing models by reducing Packet Dropping, Modifying, and Faking Rates by 48.62 %, 28.99 %, and 31.2 %, respectively. Compared to existing methods, the Berkle Tree achieves a substantial reduction in filter size by approximately 25 %–40 %, while maintaining a negligible FPR. These advancements contribute to the state-of-the-art of OMSNs by providing robust solutions for data integrity with significant implications for enhancing security and trustworthiness in OMSNs.

在机会移动社交网络（OMSN）中，确保数据完整性至关重要。节点通信的匿名性和机会性使这些网络容易受到数据完整性攻击。现有文献指出了在高效、准确地有效解决数据完整性攻击方面存在的重大缺陷。针对这些问题，本文提出了 "Berkle 树"，这是一种新型数据结构，旨在减轻 OMSN 中的数据完整性攻击。Berkle Tree 利用了 EvolvedBloom 过滤器，这是 Bloom 过滤器的一种变体，其假阳性率 (FPR) 可忽略不计。本研究的主要贡献包括：i）将 EvolvedBloom 创新性地应用于成员资格测试和 Berkle 树根验证；ii）与 Merkle 树和 Verkle 树等现有数据结构进行比较分析。Berkle 树表现出卓越的性能，缩短了树的生成和完整性验证时间，使计算成本分别大幅降低了 79.50 % 和 90.57 %。所提出的方法将 Berkle 树集成到 OMSN 路由模型中，并评估了针对数据包丢弃、修改和伪造攻击（PDA、PMA、PFA）的性能。结果显示，针对 PDA、PMA 和 PFA 的平均恶意节点检测准确率分别为 98.2%、85.2% 和 94.4%；恶意路径检测准确率分别为 98.6%、86.6% 和 90.2%；恶意数据检测准确率分别为 98.4%、80.2% 和 93.4%；误报率分别为 1.8%、14.8% 和 5.6%。主要研究结果表明，所提出的方法大大改进了 OMSN 路由模型，将丢包、修改和伪造率分别降低了 48.62 %、28.99 % 和 31.2 %。与现有方法相比，Berkle Tree 在保持可忽略不计的 FPR 的同时，将滤波器的大小大幅缩小了约 25%-40%。这些进步为数据完整性提供了稳健的解决方案，对提高 OMSN 的安全性和可信度具有重要意义，从而为 OMSN 的最新发展做出了贡献。

{"title":"Enhancing data integrity in opportunistic mobile social network: Leveraging Berkle Tree and secure data routing against attacks","authors":"Vimitha R. Vidhya Lakshmi , Gireesh Kumar T","doi":"10.1016/j.cose.2024.104133","DOIUrl":"10.1016/j.cose.2024.104133","url":null,"abstract":"<div><div>In Opportunistic Mobile Social Networks (OMSNs), ensuring data integrity is crucial. The anonymous and opportunistic nature of node communication makes these networks vulnerable to data integrity attacks. The existing literature identified significant shortcomings in effectively addressing data integrity attacks with high efficiency and accuracy. This paper addresses these issues by proposing the \"Berkle Tree\", a novel data structure designed to mitigate data integrity attacks in OMSNs. The Berkle Tree leverages the EvolvedBloom filter, which is a variant of the bloom filter with a negligible False Positive Rate (FPR). The key contributions of this study include i) an innovative application of EvolvedBloom for membership testing and Berkle Tree root validation, and ii) comparative analysis with existing data structures like Merkle and Verkle Trees. The Berkle Tree demonstrates superior performance, reducing tree generation and integrity validation times and leading to substantial computational cost reductions of 79.50 % and 90.57 %, respectively. The proposed method integrates the Berkle Tree into OMSN routing models and evaluates performance against Packet Drop, Modification, and Fake Attacks (PDA, PMA, PFA). Results show average Malicious Node Detection Accuracy of 98.2 %, 85.2 %, and 94.4 %; Malicious Path Detection Accuracy of 98.6 %, 86.6 %, and 90.2 %; Malicious Data Detection Accuracy of 98.4 %, 80.2 %, and 93.4 %; and False Negative Rates of 1.8 %, 14.8 %, and 5.6 % for PDA, PMA, and PFA, respectively. The major findings demonstrate that the proposed approach significantly improves OMSN routing models by reducing Packet Dropping, Modifying, and Faking Rates by 48.62 %, 28.99 %, and 31.2 %, respectively. Compared to existing methods, the Berkle Tree achieves a substantial reduction in filter size by approximately 25 %–40 %, while maintaining a negligible FPR. These advancements contribute to the state-of-the-art of OMSNs by providing robust solutions for data integrity with significant implications for enhancing security and trustworthiness in OMSNs.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"148 ","pages":"Article 104133"},"PeriodicalIF":4.8,"publicationDate":"2024-09-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142356816","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Adaptive edge security framework for dynamic IoT security policies in diverse environments 适用于多样化环境中动态物联网安全策略的自适应边缘安全框架

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2024-09-21 DOI: 10.1016/j.cose.2024.104128

Malka N. Halgamuge , Dusit Niyato

The rapid expansion of Internet of Things (IoT) technologies has introduced significant cybersecurity challenges, particularly at the network edge where IoT devices operate. Traditional security policies designed for static environments fall short of addressing the dynamic, heterogeneous, and resource-constrained nature of IoT ecosystems. Existing dynamic security policy models lack versatility and fail to fully integrate comprehensive risk assessments, regulatory compliance, and AI/ML (artificial intelligence/machine learning)-driven adaptability. We develop a novel adaptive edge security framework that dynamically generates and adjusts security policies for IoT edge devices. Our framework integrates a dynamic security policy generator, a conflict detection and resolution in policy generator, a bias-aware risk assessment system, a regulatory compliance analysis system, and an AI-driven adaptability integration system. This approach produces tailored security policies that adapt to changes in the threat landscape, regulatory requirements, and device statuses. Our study identifies critical security challenges in diverse IoT environments and demonstrates the effectiveness of our framework through simulations and real-world scenarios. We found that our framework significantly enhances the adaptability and resilience of IoT security policies. Our results demonstrate the potential of AI/ML integration in creating responsive and robust security measures for IoT ecosystems. The implications of our findings suggest that dynamic and adaptive security frameworks are essential for protecting IoT devices against evolving cyber threats, ensuring compliance with regulatory standards, and maintaining the integrity and availability of IoT services across various applications.

物联网（IoT）技术的快速发展带来了巨大的网络安全挑战，尤其是在物联网设备运行的网络边缘。为静态环境设计的传统安全策略无法应对物联网生态系统的动态、异构和资源受限等特性。现有的动态安全策略模型缺乏多功能性，未能充分整合全面的风险评估、监管合规性和人工智能/机器学习（AI/ML）驱动的适应性。我们开发了一种新型自适应边缘安全框架，可为物联网边缘设备动态生成和调整安全策略。我们的框架集成了动态安全策略生成器、策略生成器中的冲突检测和解决、偏差感知风险评估系统、法规合规性分析系统和人工智能驱动的适应性集成系统。这种方法可生成量身定制的安全策略，以适应威胁环境、监管要求和设备状态的变化。我们的研究确定了不同物联网环境中的关键安全挑战，并通过模拟和真实场景展示了我们框架的有效性。我们发现，我们的框架大大增强了物联网安全策略的适应性和弹性。我们的研究结果表明，人工智能/移动语言的整合在为物联网生态系统创建反应灵敏、稳健的安全措施方面具有潜力。我们的研究结果表明，动态和自适应安全框架对于保护物联网设备免受不断变化的网络威胁、确保符合监管标准以及在各种应用中维护物联网服务的完整性和可用性至关重要。

{"title":"Adaptive edge security framework for dynamic IoT security policies in diverse environments","authors":"Malka N. Halgamuge , Dusit Niyato","doi":"10.1016/j.cose.2024.104128","DOIUrl":"10.1016/j.cose.2024.104128","url":null,"abstract":"<div><div>The rapid expansion of Internet of Things (IoT) technologies has introduced significant cybersecurity challenges, particularly at the network edge where IoT devices operate. Traditional security policies designed for static environments fall short of addressing the dynamic, heterogeneous, and resource-constrained nature of IoT ecosystems. Existing dynamic security policy models lack versatility and fail to fully integrate comprehensive risk assessments, regulatory compliance, and AI/ML (artificial intelligence/machine learning)-driven adaptability. We develop a novel adaptive edge security framework that dynamically generates and adjusts security policies for IoT edge devices. Our framework integrates a dynamic security policy generator, a conflict detection and resolution in policy generator, a bias-aware risk assessment system, a regulatory compliance analysis system, and an AI-driven adaptability integration system. This approach produces tailored security policies that adapt to changes in the threat landscape, regulatory requirements, and device statuses. Our study identifies critical security challenges in diverse IoT environments and demonstrates the effectiveness of our framework through simulations and real-world scenarios. We found that our framework significantly enhances the adaptability and resilience of IoT security policies. Our results demonstrate the potential of AI/ML integration in creating responsive and robust security measures for IoT ecosystems. The implications of our findings suggest that dynamic and adaptive security frameworks are essential for protecting IoT devices against evolving cyber threats, ensuring compliance with regulatory standards, and maintaining the integrity and availability of IoT services across various applications.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"148 ","pages":"Article 104128"},"PeriodicalIF":4.8,"publicationDate":"2024-09-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142319656","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Security awareness, decision style, knowledge, and phishing email detection: Moderated mediation analyses 安全意识、决策风格、知识和网络钓鱼邮件检测：调节中介分析

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2024-09-20 DOI: 10.1016/j.cose.2024.104129

Daniel Sturman , Jaime C. Auton , Ben W. Morrison

This study examines whether the negative relationship between email information security awareness and phishing email susceptibility is mediated by less intuitive decision-making when assessing emails, and whether this relationship is moderated by phishing email knowledge. Participants (N = 291) completed an online email sorting task, a measure of email use information security awareness, a measure of preference for intuitive decision-making with emails, and a measure of phishing email knowledge. Moderated mediation analyses indicated that information security awareness predicted positive behavioural intentions directly and indirectly through lower preference for intuitive decision-making, and these relationships were stronger when phishing email knowledge was lower. Further, both the direct and indirect relationships between information security awareness and sensitivity through intuitive decision styles were moderated by phishing email knowledge, with information security awareness positively predicting ability to discriminate phishing from genuine emails when phishing knowledge was average or high but not low. These findings suggest that in the absence of phishing knowledge, information security awareness and less intuitive decision styles reduce susceptibility to phishing attacks through increased caution. Further, the findings provide strong support for the proposition that some level of phishing knowledge is required before email security behaviours and decision-making processes aid in the detection of phishing emails. From an applied perspective, the outcomes suggest that focusing on a combination of awareness, knowledge, and decision-making processes could increase the effectiveness of anti-phishing and cybersecurity training programs.

本研究探讨了电子邮件信息安全意识与网络钓鱼电子邮件易感性之间的负相关关系是否会因评估电子邮件时较少的直觉决策而发生中介作用，以及这种关系是否会受到网络钓鱼电子邮件知识的调节。参与者（N = 291）完成了一项在线电子邮件分类任务、一项电子邮件使用信息安全意识测量、一项电子邮件直觉决策偏好测量和一项网络钓鱼电子邮件知识测量。调节中介分析表明，信息安全意识直接或间接地通过降低对直觉决策的偏好来预测积极的行为意向，当网络钓鱼邮件知识较低时，这些关系更强。此外，信息安全意识和通过直觉决策方式的敏感性之间的直接和间接关系都受到网络钓鱼邮件知识的调节，当网络钓鱼邮件知识一般或较高而不是较低时，信息安全意识会积极预测辨别网络钓鱼邮件和真实邮件的能力。这些研究结果表明，在不了解网络钓鱼知识的情况下，信息安全意识和直觉性较低的决策风格会通过提高警惕性来降低对网络钓鱼攻击的易感性。此外，研究结果还有力地支持了这样一种观点，即在电子邮件安全行为和决策过程有助于发现网络钓鱼电子邮件之前，需要具备一定程度的网络钓鱼知识。从应用的角度来看，研究结果表明，注重意识、知识和决策过程的结合可以提高反网络钓鱼和网络安全培训计划的有效性。

{"title":"Security awareness, decision style, knowledge, and phishing email detection: Moderated mediation analyses","authors":"Daniel Sturman , Jaime C. Auton , Ben W. Morrison","doi":"10.1016/j.cose.2024.104129","DOIUrl":"10.1016/j.cose.2024.104129","url":null,"abstract":"<div><div>This study examines whether the negative relationship between email information security awareness and phishing email susceptibility is mediated by less intuitive decision-making when assessing emails, and whether this relationship is moderated by phishing email knowledge. Participants (<em>N</em> = 291) completed an online email sorting task, a measure of email use information security awareness, a measure of preference for intuitive decision-making with emails, and a measure of phishing email knowledge. Moderated mediation analyses indicated that information security awareness predicted positive behavioural intentions directly and indirectly through lower preference for intuitive decision-making, and these relationships were stronger when phishing email knowledge was lower. Further, both the direct and indirect relationships between information security awareness and sensitivity through intuitive decision styles were moderated by phishing email knowledge, with information security awareness positively predicting ability to discriminate phishing from genuine emails when phishing knowledge was average or high but not low. These findings suggest that in the absence of phishing knowledge, information security awareness and less intuitive decision styles reduce susceptibility to phishing attacks through increased caution. Further, the findings provide strong support for the proposition that some level of phishing knowledge is required before email security behaviours and decision-making processes aid in the detection of phishing emails. From an applied perspective, the outcomes suggest that focusing on a combination of awareness, knowledge, and decision-making processes could increase the effectiveness of anti-phishing and cybersecurity training programs.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"148 ","pages":"Article 104129"},"PeriodicalIF":4.8,"publicationDate":"2024-09-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S0167404824004346/pdfft?md5=428b80616259772376cc426315aeb174&pid=1-s2.0-S0167404824004346-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142315502","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0