Computers & Security最新文献

This article presents a novel survey-based cybersecurity risk assessment model, CRAMMTS (Cyber Risk Analysis Method for Maritime Transportation Systems), specifically designed for the maritime sector, addressing a critical gap in the literature. Our study contributes significantly in three ways: firstly, through a comprehensive critical literature review of 31 maritime guidelines and 95 scholarly articles, identifying the need for a new cybersecurity risk assessment method; secondly, by developing CRAMMTS, an adaptation of the ISRAM risk analysis method, incorporating the International Maritime Organization's criteria and enabling participation from maritime professionals, especially policymakers and leaders. The third contribution is a case study, the practical application of CRAMMTS in surveying 80 maritime professionals, assessing their perception of cybersecurity risks, and identifying varying risk levels, with the highest associated with cyber threat actors. This approach proved effective in assessing risks at both tactical and strategic levels and providing a clear, quantitative risk metric for decision-making. Our research underscores the maritime sector's need for a holistic, easily implementable cybersecurity risk analysis method that engages leaders and adapts to various Maritime Transportation System scopes, thereby enhancing cybersecurity risk assessment in this crucial domain.

Network intrusion detection systems (NIDS) play a pivotal role in safeguarding critical digital infrastructures against cyber threats. Machine learning-based detection models applied in NIDS are prevalent today. However, the effectiveness of these machine learning-based models is often limited by the evolving and sophisticated nature of intrusion techniques as well as the lack of diverse and updated training samples. In this research, a novel approach for enhancing the performance of an NIDS through the integration of Generative Adversarial Networks (GANs) is proposed. By harnessing the power of GANs in generating synthetic network traffic data that closely mimics real-world network behavior, we address a key challenge associated with NIDS training datasets, which is the data scarcity. Three distinct GAN models (Vanilla GAN, Wasserstein GAN and Conditional Tabular GAN) are implemented in this work to generate authentic network traffic patterns specifically tailored to represent the anomalous activity. We demonstrate how this synthetic data resampling technique can significantly improve the performance of the NIDS model for detecting such activity. By conducting comprehensive experiments using the CIC-IDS2017 benchmark dataset, augmented with GAN-generated data, we offer empirical evidence that shows the effectiveness of our proposed approach. Our findings show that the integration of GANs into NIDS can lead to enhancements in intrusion detection performance for attacks with limited training data, making it a promising avenue for bolstering the cybersecurity posture of organizations in an increasingly interconnected and vulnerable digital landscape.

As the digital age advances, the collection, usage, and dissemination of personal data have become critical concerns for users, regulators, and the cybersecurity community. Questions surrounding the extent of identifiable data collection, its usage, sharing, selling, and the mechanisms of consent are increasingly central to discussions on user data privacy. These issues highlight the need for effective management and comprehension of privacy policies. To this end, this paper introduces Privacify— a production-ready web application designed to enhance the accessibility and understandability of privacy policies, thus empowering users to make more informed decisions about their data. At its backend, Privacify leverages a combination of text segmentation, summarization using Large Language Model (LLM), and map-reduce technologies to facilitate BASE analysis for single-document insights and WRT and REV for comprehensive cross-document analysis. Designed with a user-centric approach, Privacify features an intuitive interface that presents all relevant user privacy information in easy-to-understand language, complete with a detailed explainability component. This design not only simplifies privacy policies but also aids users in effortlessly navigating complex privacy terms, significantly boosting their ability to protect and manage their personal information. Our evaluation employs robust methodologies, including reliability and accuracy assessments, alongside rigorous functionality verification through ROUGE metrics and human analysis, validating the system’s efficacy and performance. Privacify’s architecture promotes scalability, replicability, and seamless deployment, advancing the domain of user data protection through improved privacy comprehension.

With the increasing complexity and frequency of cyber attacks, organizations recognize the need for a proactive and targeted approach to safeguard their digital assets and operations. Every industry faces a distinct array of threats shaped by factors such as its industrial objective, geographic footprint, workforce size, revenue, partnerships, and the extent of its digital assets. This results in a wide heterogeneity in threat landscapes, which necessitates tailored threat intelligence sources. While some security practitioners may gravitate towards extensive sources, relying solely on volume-based solutions often leads to “alert fatigue”. For this reason, organization-specific threat intelligence has acquired a growing importance in cybersecurity defense.

This work presents a complete and novel framework called OSTIS (Organization-Specific Threat Intelligence System) for generating and managing organization-specific Cyber Threat Intelligence (CTI) data. Our approach identifies reliable security blogs from which we gather CTI data through a custom and focused Web Crawler. Relevant content from such sources is, then, identified and extracted using automated deep-learning models. Moreover, our AI-driven solution maps CTI data to specific domain scenarios, such as education, finance, government, healthcare, industrial control systems, and IoT. To validate and gain insights from the trained models, we also include an explainable AI (XAI, for short) task carried out by leveraging the SHapley Additive exPlanations (SHAP) tool. This allows us to interpret the prediction process and discern influential content from data. The last step of our framework consists of the generation of an Organization Specific Threat Intelligence Knowledge Graph (OSTIKG), empowering organizations to identify and visualize attack patterns and incidents, promptly. To create this graph, we develop and adapt several techniques to extract diverse entities, including malware groups, campaigns, attack types, malware types, software tools, and so forth, and to identify relationships among them. Finally, through an extensive experimental campaign, we certify the validity and performance of all the components of our framework, which shows a 0.84 F1-score in the identification of relevant content, a 0.93 F1-score for the domain classification, and a 0.95 and 0.89 F1-score in the identification of entities and relations to build our OSTIKG graph.

Adversarial Machine Learning (AML) discusses the act of attacking and defending Machine Learning (ML) Models, an essential building block of Artificial Intelligence (AI). ML is applied in many software-intensive products and services and introduces new opportunities and security challenges. AI and ML will gain even more attention from the industry in the future, but threats caused by already-discovered attacks specifically targeting ML models are either overseen, ignored, or mishandled. Current AML research investigates attack and defense scenarios for ML in different industrial settings with a varying degree of maturity with regard to academic rigor and practical relevance. However, to the best of our knowledge, a synthesis of the state of academic rigor and practical relevance is missing. This literature study reviews studies in the area of AML in the context of industry, measuring and analyzing each study’s rigor and relevance scores. Overall, all studies scored a high rigor score and a low relevance score, indicating that the studies are thoroughly designed and documented but miss the opportunity to include touch points relatable for practitioners.

Detecting vulnerabilities in source code is crucial for protecting software systems from cyberattacks. Pre-trained language models such as CodeBERT and GraphCodeBERT have been applied in multiple code-related downstream tasks such as code search and code translation and have achieved notable success. Recently, this pre-trained and fine-tuned paradigm has also been applied to detect code vulnerabilities. However, fine-tuning pre-trained language models using cross-entropy loss has several limitations, such as poor generalization performance and lack of robustness to noisy labels. In particular, when the vulnerable code and the benign code are very similar, it is difficult for deep learning methods to differentiate them accurately. In this context, we introduce a novel approach for code vulnerability detection using supervised contrastive learning, namely SCL-CVD, which leverages GraphCodeBERT. This method aims to enhance the effectiveness of existing vulnerable code detection approaches. SCL-CVD represents the source code as data flow graphs. These graphs are then processed by GraphCodeBERT, which has been fine-tuned using a supervised contrastive loss function combined with R-Drop. This fine-tuning process is designed to generate more resilient and representative code embedding. Additionally, we incorporate LoRA (Low-Rank Adaptation) to streamline the fine-tuning process, significantly reducing the time required for model training. Finally, a Multilayer Perceptron (MLP) is employed to detect vulnerable code leveraging the learned representation of code. We designed and conducted experiments on three public benchmark datasets, i.e., Devign, Reveal, Big-Vul, and a combined dataset created by merging these sources. The experimental results demonstrate that SCL-CVD can effectively improve the performance of code vulnerability detection. Compared with the baselines, the proposed approach has a relative improvement of 0.48%$\sim$3.42% for accuracy, 0.93%$\sim$45.99% for precision, 35.68%$\sim$67.48% for recall, and 16.31%$\sim$49.67% for F1-score, respectively. Furthermore, compared to baselines, the model fine-tuning time of the proposed approach is reduced by 16.67%$\sim$93.03%. In conclusion, our approach SCL-CVD offers significantly greater cost-effectiveness over existing approaches.

Advanced persistent threat (APT) poses serious threat to organizations with rich digital assets. APT detection programs designed for quickly finding possibly hijacked hosts are now commercially available. This greatly reduces the workload of APT defense. In practice, the identification and repair of APT-hijacked hosts are out of a system administrator’s capability and have to be outsourced to an established cybersecurity firm. Owing to the limited security budget, the APT defense can be outsourced only in a small number of maintenance periods. We refer to the sequence of outsourcing costs paid in these maintenance periods as an impulsive defense (ID) strategy. On the other hand, APT is time-continuous. We refer to the growth rate function of the attack cost over time as a continuous attack (CA) strategy. In the context that the APT actor is strategic and pursues a cost-effective CA strategy, the organization faces the problem of finding a cost-effective ID strategy (the single-impulsive defense (SID) problem). This paper addresses the SID problem through game-theoretic modeling. Based on an impulsive state evolutionary model, the SID problem is boiled down to a single-impulsive differential game model (the SID model). By applying single-impulsive differential game theory, an iterative algorithm of solving the SID problem is presented. The ID strategy obtained by running the algorithm is corroborated to be cost-effective under the Nash equilibrium solution concept. Therefore, we recommend the ID strategy. This work takes the first step toward the theoretic study of APT defense outsourcing in the presence of strategic attacker.

Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) is a test to distinguish humans and computers. Since attackers can achieve high accuracy in recognizing the CAPTCHAs using deep learning models, geometric transformations are added to the CAPTCHAs to disturb deep learning model recognition. However, excessive geometric transformations might also affect humans’ recognition of the CAPTCHA. Adversarial CAPTCHAs are special CAPTCHAs that can disrupt deep learning models without affecting humans. Previous works of adversarial CAPTCHAs mainly focus on defending the filtering attack. In real-world scenarios, the attackers’ models are inaccessible when generating adversarial CAPTCHAs, and the attackers may use models with different architectures, thus it is crucial to improve the transferability of the adversarial CAPTCHAs. We propose CFA, a method to generate more transferable adversarial CAPTCHAs focusing on altering content features in the original CAPTCHA. We use the attack success rate as our metric to evaluate the effectiveness of our method when attacking various models. A higher attack success rate means a higher level of preventing models from recognizing the CAPTCHAs. The experiment shows that our method can effectively attack various models, even when facing possible defense methods that the attacker might use. Our method outperforms other feature space attacks and provides a more secure version of adversarial CAPTCHAs.

The development of machine-to-machine (M2M) technologies is becoming increasingly important in the rapidly growing domain of wireless sensor networks (WSNs) and the Internet of Things (IoT). Adopting IPv6 over 6LoWPANs (Low-Power Wireless Personal Area Networks) is instrumental in communicating across diverse domains within WSNs, albeit with its challenges. Particularly, resource limitations and security vulnerabilities remain significant concerns. 6LoWPAN-based M2M protocols that rely on authentication and key establishment schemes (AKE) often fall short due to inadequate security issues and excessive resource requirements. This paper addresses these challenges by introducing a secure and resource-efficient framework—Lightweight AKE for 6LoWPAN Nodes (LAKE-6LN). LAKE-6LN capitalizes on the clustering architecture's merits and contrasts conventional router-centric approaches. To ensure lightweight and efficient operation, it uses hash functions, XOR functions, and symmetric encryption techniques. Pseudo-identity, sequence tracking numbers, and secure parameters ensure privacy and protection against attacks, including traceability, perfect forward secrecy, ephemeral secret leakage, and secure the session key. An informal analysis of LAKE-6LN's security confirms that compliance with all essential security properties has been achieved. In addition, the framework's logical robustness and security analysis are rigorously verified using BAN logic, AVISPA, and Scyther tools. LAKE-6LN has demonstrated superior performance over related schemes, demonstrating a reduction in storage costs (by 33.33 % to 85.71 %), computational overhead (by 14.28 % to 95.97 %), communication overhead (by 16.12 % to 51.85 %), and energy consumption (by 22.04 % to 99.40 %). In our comparative analysis, LAKE-6LN demonstrates its resilience against various security threats, demonstrating its potential to secure 6LoWPAN networks in M2M.

The rapid development of artificial intelligence (AI) has led to the introduction of numerous software vulnerability detection methods based on deep learning algorithms. However, a significant challenge is their dependency on large volumes of code samples for effective training. This requirement poses a considerable hurdle, particularly when adapting to diverse software application scenarios and various vulnerability types, where gathering sufficient and relevant training data for different classification tasks is often arduous. To address the challenge, this paper introduces Few-VulD, a novel framework for software vulnerability detection based on few-shot learning. This framework is designed to be efficiently trained with a minimal number of samples from a variety of existing classification tasks. Its key advantage lies in its ability to rapidly adapt to new vulnerability detection tasks, such as identifying new types of vulnerabilities, with only a small set of learning samples. This capability is particularly beneficial in scenarios where available vulnerability samples are limited. We compare Few-VulD with five state-of-the-art methods on the SySeVR and Big-Vul datasets. On the SySeVR dataset, Few-VulD outperforms all other methods, achieving a recall rate of 87.9% and showing an improvement of 11.7% to 57.8%. On the Big-Vul dataset, Few-VulD outperforms three of the methods, including one that utilizes a pretrained large language model (LLM), with recall improvements ranging from 8.5% to 40.1%. The other two methods employ pretrained LLMs from Microsoft CodeXGLUE (Lu et al., 2021). Few-VulD reaches 78.7% and 95.5% of their recall rates without the need for extensive data pretraining. The performance proves the effectiveness of Few-VulD in vulnerability detection tasks with limited samples.