Computers & Security最新文献

英文中文

AJSAGE: A intrusion detection scheme based on Jump-Knowledge Connection To GraphSAGE

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2024-12-10 DOI: 10.1016/j.cose.2024.104263

Lijuan Xu , ZiCheng Zhao , Dawei Zhao , Xin Li , XiYu Lu , DingYu Yan

In the field of network security, attackers often utilize Advanced Persistent Threats (APT) to conduct host-based intrusions for prolonged information gathering, penetration and to cause serious damages. Recent studies have used provenance data containing rich contextual information to achieve effective detection of host-based APT. Extracting system entities (e.g., processes, files) and operations between entities in provenance data to construct a directed acyclic graph (DAG) is the key to realize attack detection by provenance graph. Previous studies extracted the features of the whole provenance graph, which did not fully capture the relationship between the nodes in the graph, and the extracted features were not accurate enough. Moreover, the original node feature information may be lost in the process of aggregation. Therefore, abnormal nodes are recognized in the detection process, leading to low detection performance and a high false alarm rate. Facing the challenge, we introduce AJSAGE, a framework based on graph neural networks. A novel anomaly detection method by adding attention mechanism and Jump-Knowledge Connection to GraphSAGE. It enables the integration of node information across hierarchical levels, improves the detection of complex attack patterns, and enhances the accuracy and generalization of the model in node feature representation. It is able to identify features and nodes that are closely related to the anomaly detection task in a more focused manner. We evaluate the performance of AJSAGE on three publicly available datasets, and the results demonstrate that it significantly outperforms multiple state-of-the-art methods for host intrusion detection.

{"title":"AJSAGE: A intrusion detection scheme based on Jump-Knowledge Connection To GraphSAGE","authors":"Lijuan Xu , ZiCheng Zhao , Dawei Zhao , Xin Li , XiYu Lu , DingYu Yan","doi":"10.1016/j.cose.2024.104263","DOIUrl":"10.1016/j.cose.2024.104263","url":null,"abstract":"<div><div>In the field of network security, attackers often utilize Advanced Persistent Threats (APT) to conduct host-based intrusions for prolonged information gathering, penetration and to cause serious damages. Recent studies have used provenance data containing rich contextual information to achieve effective detection of host-based APT. Extracting system entities (e.g., processes, files) and operations between entities in provenance data to construct a directed acyclic graph (DAG) is the key to realize attack detection by provenance graph. Previous studies extracted the features of the whole provenance graph, which did not fully capture the relationship between the nodes in the graph, and the extracted features were not accurate enough. Moreover, the original node feature information may be lost in the process of aggregation. Therefore, abnormal nodes are recognized in the detection process, leading to low detection performance and a high false alarm rate. Facing the challenge, we introduce AJSAGE, a framework based on graph neural networks. A novel anomaly detection method by adding attention mechanism and Jump-Knowledge Connection to GraphSAGE. It enables the integration of node information across hierarchical levels, improves the detection of complex attack patterns, and enhances the accuracy and generalization of the model in node feature representation. It is able to identify features and nodes that are closely related to the anomaly detection task in a more focused manner. We evaluate the performance of AJSAGE on three publicly available datasets, and the results demonstrate that it significantly outperforms multiple state-of-the-art methods for host intrusion detection.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"150 ","pages":"Article 104263"},"PeriodicalIF":4.8,"publicationDate":"2024-12-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143142374","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Detection of compromised functions in a serverless cloud environment

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2024-12-10 DOI: 10.1016/j.cose.2024.104261

Lavi Ben-Shimol, Danielle Lavi, Eitan Klevansky, Oleg Brodt, Dudu Mimran, Yuval Elovici, Asaf Shabtai

Serverless computing is an emerging cloud paradigm with serverless functions at its core. While serverless environments enable software developers to focus on developing applications without the need to actively manage the underlying runtime infrastructure, they open the door to a wide variety of security threats that can be challenging to mitigate with existing methods. Existing security solutions do not apply to all serverless architectures, since they require significant modifications to the serverless infrastructure or rely on third-party services for the collection of more detailed data. In this paper, we present an extendable serverless security threat detection model that leverages cloud providers’ native monitoring tools to detect anomalous behavior in serverless applications. Our model aims to detect compromised serverless functions by identifying post-exploitation abnormal behavior related to different types of attacks on serverless functions, and therefore, it is a last line of defense. Our approach is not tied to any specific serverless application, is agnostic to the type of threats, and is adaptable through model adjustments. To evaluate our model’s performance, we developed a serverless cybersecurity testbed in an AWS cloud environment, which includes two different serverless applications and simulates a variety of attack scenarios that cover the main security threats faced by serverless functions. Our evaluation demonstrates our model’s ability to detect all implemented attacks while maintaining a negligible false alarm rate.

{"title":"Detection of compromised functions in a serverless cloud environment","authors":"Lavi Ben-Shimol, Danielle Lavi, Eitan Klevansky, Oleg Brodt, Dudu Mimran, Yuval Elovici, Asaf Shabtai","doi":"10.1016/j.cose.2024.104261","DOIUrl":"10.1016/j.cose.2024.104261","url":null,"abstract":"<div><div>Serverless computing is an emerging cloud paradigm with serverless functions at its core. While serverless environments enable software developers to focus on developing applications without the need to actively manage the underlying runtime infrastructure, they open the door to a wide variety of security threats that can be challenging to mitigate with existing methods. Existing security solutions do not apply to all serverless architectures, since they require significant modifications to the serverless infrastructure or rely on third-party services for the collection of more detailed data. In this paper, we present an extendable serverless security threat detection model that leverages cloud providers’ <em>native monitoring tools</em> to detect anomalous behavior in serverless applications. Our model aims to detect compromised serverless functions by identifying post-exploitation abnormal behavior related to different types of attacks on serverless functions, and therefore, it is a last line of defense. Our approach is not tied to any specific serverless application, is agnostic to the type of threats, and is adaptable through model adjustments. To evaluate our model’s performance, we developed a serverless cybersecurity testbed in an AWS cloud environment, which includes two different serverless applications and simulates a variety of attack scenarios that cover the main security threats faced by serverless functions. Our evaluation demonstrates our model’s ability to detect all implemented attacks while maintaining a negligible false alarm rate.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"150 ","pages":"Article 104261"},"PeriodicalIF":4.8,"publicationDate":"2024-12-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143142433","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Profiling the victim - cyber risk in commercial banks

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2024-12-09 DOI: 10.1016/j.cose.2024.104274

Paweł Smaga

The aim of this study is to identify the commonalities in financial characteristics of banks targeted in cyber attacks in recent years. This required merging the databases with reported cyber incidents (from 01.01.2020 until 09.10.2024) with financial data on banks’ condition before the attack, as well as macroeconomic cross-country data. Use of statistical analysis revealed two main trends in cyber attacks on a worldwide sample of 186 attacks on banks. First, criminals (such as the hacker group “Cl0p” targeting mostly US banks) driven by financial gain usually exploit IT vulnerabilities in smaller, less profitable and less resilient commercial and cooperative banks, adopting the “easy prey” strategy. Second, hacktivist attacks (usually by the Russian-linked “NoName057(16)”), which are politically motivated, attempt to disrupt operations of larger, more profitable and solvent commercial banks, in order to “send a message”. Profitability ratios seem to be the most important characteristic distinguishing banks targeted in cyber attacks. The number of cyber attacks on banks, especially financially-driven ones, has been increasing over recent years. There is a strong correlation between the actor type, their motive, and the type of cyber incident. Prevalent data gaps and the growing intensity of cyber attacks on banks point to urgent and relevant policy implications.

{"title":"Profiling the victim - cyber risk in commercial banks","authors":"Paweł Smaga","doi":"10.1016/j.cose.2024.104274","DOIUrl":"10.1016/j.cose.2024.104274","url":null,"abstract":"<div><div>The aim of this study is to identify the commonalities in financial characteristics of banks targeted in cyber attacks in recent years. This required merging the databases with reported cyber incidents (from 01.01.2020 until 09.10.2024) with financial data on banks’ condition before the attack, as well as macroeconomic cross-country data. Use of statistical analysis revealed two main trends in cyber attacks on a worldwide sample of 186 attacks on banks. First, criminals (such as the hacker group “Cl0p” targeting mostly US banks) driven by financial gain usually exploit IT vulnerabilities in smaller, less profitable and less resilient commercial and cooperative banks, adopting the “easy prey” strategy. Second, hacktivist attacks (usually by the Russian-linked “NoName057(16)”), which are politically motivated, attempt to disrupt operations of larger, more profitable and solvent commercial banks, in order to “send a message”. Profitability ratios seem to be the most important characteristic distinguishing banks targeted in cyber attacks. The number of cyber attacks on banks, especially financially-driven ones, has been increasing over recent years. There is a strong correlation between the actor type, their motive, and the type of cyber incident. Prevalent data gaps and the growing intensity of cyber attacks on banks point to urgent and relevant policy implications.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"150 ","pages":"Article 104274"},"PeriodicalIF":4.8,"publicationDate":"2024-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143142371","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

On providing multi-level security assurance based on Common Criteria for O-RAN mobile network equipment. A test case: O-RAN Distributed Unit

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2024-12-09 DOI: 10.1016/j.cose.2024.104271

Piotr Krawiec , Robert Janowski , Jordi Mongay Batalla , Elżbieta Andrukiewicz , Waldemar Latoszek , Constandinos X. Mavromoustakis

Open Radio Access Network (O-RAN) technology introduces disaggregation of RAN network functions, offering enhanced flexibility for extending hardware and software. To ensure interoperability between such components, the O-RAN Alliance (the main Standards Development Organisation of O-RAN) defined a set of new interfaces. The network may be built by integrating components from different providers. The introduction of multi-provider components and functions increases security challenges due to the increase of security surfaces (e.g., new interfaces). Therefore, it is relevant for network operators to gain a certain level of assurance that O-RAN components deployed in the network are secure. This paper proposes a framework for the security evaluation of O-RAN interfaces that provides assurance that the O-RAN component has been tested deeply enough to demonstrate its resilience to attacks. Our proposal is based on Common Criteria standards and provides several security assurance levels depending on the intended use of the O-RAN network. Each security assurance level involves a set of tests, from security conformance tests to specialised fuzzy tests. We have specified them in the Vulnerability assessment for the product, as required in the Common Criteria. The validation of the framework focuses on the O-DU (O-RAN Distributed Unit) component, which is a logical module responsible for the implementation of L2 layer functionalities; nevertheless, it can be easily extended to other O-RAN components: O-CU (O-RAN Central Unit) and O-RU (O-RAN Radio Unit) as well as to Non and Near Real Time Radio Intelligent Controller (RIC). The O-DU evaluation results show that it is possible to provide the evaluation at different levels of security assurance, which correspond to different intended uses of the 5G O-RAN mobile network.

{"title":"On providing multi-level security assurance based on Common Criteria for O-RAN mobile network equipment. A test case: O-RAN Distributed Unit","authors":"Piotr Krawiec , Robert Janowski , Jordi Mongay Batalla , Elżbieta Andrukiewicz , Waldemar Latoszek , Constandinos X. Mavromoustakis","doi":"10.1016/j.cose.2024.104271","DOIUrl":"10.1016/j.cose.2024.104271","url":null,"abstract":"<div><div>Open Radio Access Network (O-RAN) technology introduces disaggregation of RAN network functions, offering enhanced flexibility for extending hardware and software. To ensure interoperability between such components, the O-RAN Alliance (the main Standards Development Organisation of O-RAN) defined a set of new interfaces. The network may be built by integrating components from different providers. The introduction of multi-provider components and functions increases security challenges due to the increase of security surfaces (e.g., new interfaces). Therefore, it is relevant for network operators to gain a certain level of assurance that O-RAN components deployed in the network are secure. This paper proposes a framework for the security evaluation of O-RAN interfaces that provides assurance that the O-RAN component has been tested deeply enough to demonstrate its resilience to attacks. Our proposal is based on Common Criteria standards and provides several security assurance levels depending on the intended use of the O-RAN network. Each security assurance level involves a set of tests, from security conformance tests to specialised fuzzy tests. We have specified them in the Vulnerability assessment for the product, as required in the Common Criteria. The validation of the framework focuses on the O-DU (O-RAN Distributed Unit) component, which is a logical module responsible for the implementation of L2 layer functionalities; nevertheless, it can be easily extended to other O-RAN components: O-CU (O-RAN Central Unit) and O-RU (O-RAN Radio Unit) as well as to Non and Near Real Time Radio Intelligent Controller (RIC). The O-DU evaluation results show that it is possible to provide the evaluation at different levels of security assurance, which correspond to different intended uses of the 5G O-RAN mobile network.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"150 ","pages":"Article 104271"},"PeriodicalIF":4.8,"publicationDate":"2024-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143142369","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

MPDroid: A multimodal pre-training Android malware detection method with static and dynamic features

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2024-12-09 DOI: 10.1016/j.cose.2024.104262

Sanfeng Zhang , Heng Su , Hongxian Liu , Wang Yang

The widespread deployment and open nature of the Android system have led to a rapid increase in Android malware, presenting significant challenges to mobile device security. Both static and dynamic analysis methods exhibit inherent limitations while hybrid detection approaches that combine static and dynamic features struggle with efficiency. To address these issues, this paper proposes MPDroid, a multimodal pre-training enabled detection approach. MPDroid effectively learns the critical characteristics of malicious behavior during the pre-training phase and achieves efficient single-modality detection in the downstream tasks. MPDroid utilizes an API call graph to represent dynamic features and a function call graph for static features. During pre-training, MPDroid employs graph convolutional networks and multimodal fusion techniques to capture the relationships between static and dynamic features. We also address the unimodal bias problem in multimodal tasks through modality alignment and model-level fusion. Furthermore, MPDroid significantly reduces the training and inferencing time for downstream tasks by implementing a multimodal pre-training framework with static features-based downstream tasks, thereby enhancing detection efficiency. Experimental results demonstrate that MPDroid achieves an average accuracy of 98.3% and an F1-score of 97.6%, with less than 7.39 s of detection duration, indicating superior overall performance compared to existing detection methods.

{"title":"MPDroid: A multimodal pre-training Android malware detection method with static and dynamic features","authors":"Sanfeng Zhang , Heng Su , Hongxian Liu , Wang Yang","doi":"10.1016/j.cose.2024.104262","DOIUrl":"10.1016/j.cose.2024.104262","url":null,"abstract":"<div><div>The widespread deployment and open nature of the Android system have led to a rapid increase in Android malware, presenting significant challenges to mobile device security. Both static and dynamic analysis methods exhibit inherent limitations while hybrid detection approaches that combine static and dynamic features struggle with efficiency. To address these issues, this paper proposes MPDroid, a multimodal pre-training enabled detection approach. MPDroid effectively learns the critical characteristics of malicious behavior during the pre-training phase and achieves efficient single-modality detection in the downstream tasks. MPDroid utilizes an API call graph to represent dynamic features and a function call graph for static features. During pre-training, MPDroid employs graph convolutional networks and multimodal fusion techniques to capture the relationships between static and dynamic features. We also address the unimodal bias problem in multimodal tasks through modality alignment and model-level fusion. Furthermore, MPDroid significantly reduces the training and inferencing time for downstream tasks by implementing a multimodal pre-training framework with static features-based downstream tasks, thereby enhancing detection efficiency. Experimental results demonstrate that MPDroid achieves an average accuracy of 98.3% and an F1-score of 97.6%, with less than 7.39 s of detection duration, indicating superior overall performance compared to existing detection methods.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"150 ","pages":"Article 104262"},"PeriodicalIF":4.8,"publicationDate":"2024-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143142375","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Interpretable CAA classification based on incorporating feature channel attention into LSTM

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2024-12-09 DOI: 10.1016/j.cose.2024.104252

Yiting Hou, Xianglin Wei, Jianhua Fan, Chao Wang

The open and broadcast nature of wireless media makes signal transmission among wireless media prone to different types of channel access attacks (CAA), mainly in Medium Access Control (MAC) layer, ranging from constant jamming to protocol manipulation attacks. CAAs can allow an adversary to greatly degrade overall transmission bandwidth or fully hinder legitimate users from access medium. Therefore, it is critical to timely detect and classify CAAs. A few efforts have been made through applying deep neural networks (DNN) for CAA detection. But they still suffer from low accuracy and poor interpretability. In this backdrop, this paper puts forward an interpretable CAA classification DNN model based on feature channel attention (FCA), named FCA-LSTM. After introducing 11 types of CAAs through state transition model, we detail the design of FCA-LSTM, which incorporates three modules, i.e., FCA module, Long Short-Term Memory (LSTM) module, and Grad-CAM module for promoting classification accuracy while reducing the number of parameters. A series of experiments is conducted to compare FCA-LSTM against four benchmarks, including ResNet50, conventional neural network (CNN), Transformer, and LSTM. Results show that FCA-LSTM performs better than four benchmarks in general. Furthermore, the number of parameters and inference time of FCA-LSTM are both much smaller than traditional LSTM. At last, Grad-CAM is utilized to visualize FCA-LSTM’s concern areas of an input sample. This visualization process sheds light on crucial aspects of model’s decision-making process, further fortifying its interpretability and overall reliability.

{"title":"Interpretable CAA classification based on incorporating feature channel attention into LSTM","authors":"Yiting Hou, Xianglin Wei, Jianhua Fan, Chao Wang","doi":"10.1016/j.cose.2024.104252","DOIUrl":"10.1016/j.cose.2024.104252","url":null,"abstract":"<div><div>The open and broadcast nature of wireless media makes signal transmission among wireless media prone to different types of channel access attacks (CAA), mainly in Medium Access Control (MAC) layer, ranging from constant jamming to protocol manipulation attacks. CAAs can allow an adversary to greatly degrade overall transmission bandwidth or fully hinder legitimate users from access medium. Therefore, it is critical to timely detect and classify CAAs. A few efforts have been made through applying deep neural networks (DNN) for CAA detection. But they still suffer from low accuracy and poor interpretability. In this backdrop, this paper puts forward an interpretable CAA classification DNN model based on feature channel attention (FCA), named FCA-LSTM. After introducing 11 types of CAAs through state transition model, we detail the design of FCA-LSTM, which incorporates three modules, i.e., FCA module, Long Short-Term Memory (LSTM) module, and Grad-CAM module for promoting classification accuracy while reducing the number of parameters. A series of experiments is conducted to compare FCA-LSTM against four benchmarks, including ResNet50, conventional neural network (CNN), Transformer, and LSTM. Results show that FCA-LSTM performs better than four benchmarks in general. Furthermore, the number of parameters and inference time of FCA-LSTM are both much smaller than traditional LSTM. At last, Grad-CAM is utilized to visualize FCA-LSTM’s concern areas of an input sample. This visualization process sheds light on crucial aspects of model’s decision-making process, further fortifying its interpretability and overall reliability.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"150 ","pages":"Article 104252"},"PeriodicalIF":4.8,"publicationDate":"2024-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143142431","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Privacy and security of wearable internet of things: A scoping review and conceptual framework development for safety and health management in construction

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2024-12-09 DOI: 10.1016/j.cose.2024.104275

Chinedu Okonkwo , Ibukun Awolusi , Chukwuma Nnaji , Oluwafemi Akanfe

Traditional construction safety monitoring, primarily based on manual observation, is increasingly challenging due to site complexity, human error, and the time-consuming nature of inspections. Wearable Internet of Things (WIoT) devices offer potential solutions by enabling real-time monitoring of workers’ health, environment, and location, enhancing safety management. However, the adoption of WIoT raises privacy and security concerns, including risks of data breaches and unauthorized access to sensitive health information. This study presents a scoping review that explores privacy and security issues related to WIoT-based safety monitoring, analyzing data types, security challenges, and regulatory frameworks. The study concludes with a privacy-informed conceptual framework for WIoT adoption in construction safety, providing a foundational guide for addressing privacy and security in WIoT.

引用次数: 0

Job demands, identity, and outcomes: The mediating role of cynicism among Cybersecurity-focused employees

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2024-12-09 DOI: 10.1016/j.cose.2024.104277

Obi Ogbanufe , Mary C. Jones , Julie I. Hancock

With the rise in complex cyber threats, the demand for cybersecurity-focused employees has surged, highlighting a critical talent shortage. Cybersecurity-focused employees, often overworked, are susceptible to high stress and burnout, impairing an organization's cyberattack responsiveness. While studies have addressed burnout in the information systems profession, unique cybersecurity job characteristics demand further exploration. These jobs require constant vigilance and the repercussions of failure are potentially severe and may impact the organization, as well as individual careers. Consequently, we scrutinize the association of professional identity with cybersecurity-focused employee burnout. Specifically, in response to recent requests for deeper burnout investigation within the cybersecurity profession, we utilize Maslach's Burnout-informed research coupled with the job-demands-resources literature to examine cybersecurity-focused employee burnout, with an emphasis on cynicism. We explore the role of job characteristics, such as vigilance and sanction severity, along with the role of professional identity in cynicism, and its relationship to job performance, and intentions to leave the profession. Our cybersecurity-focused employee study reveals significant relationships and mediating effects, providing valuable insights for research and practice.

{"title":"Job demands, identity, and outcomes: The mediating role of cynicism among Cybersecurity-focused employees","authors":"Obi Ogbanufe , Mary C. Jones , Julie I. Hancock","doi":"10.1016/j.cose.2024.104277","DOIUrl":"10.1016/j.cose.2024.104277","url":null,"abstract":"<div><div>With the rise in complex cyber threats, the demand for cybersecurity-focused employees has surged, highlighting a critical talent shortage. Cybersecurity-focused employees, often overworked, are susceptible to high stress and burnout, impairing an organization's cyberattack responsiveness. While studies have addressed burnout in the information systems profession, unique cybersecurity job characteristics demand further exploration. These jobs require constant vigilance and the repercussions of failure are potentially severe and may impact the organization, as well as individual careers. Consequently, we scrutinize the association of professional identity with cybersecurity-focused employee burnout. Specifically, in response to recent requests for deeper burnout investigation within the cybersecurity profession, we utilize Maslach's Burnout-informed research coupled with the job-demands-resources literature to examine cybersecurity-focused employee burnout, with an emphasis on cynicism. We explore the role of job characteristics, such as vigilance and sanction severity, along with the role of professional identity in cynicism, and its relationship to job performance, and intentions to leave the profession. Our cybersecurity-focused employee study reveals significant relationships and mediating effects, providing valuable insights for research and practice.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"150 ","pages":"Article 104277"},"PeriodicalIF":4.8,"publicationDate":"2024-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143142810","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Factors impacting cybersecurity transformation: An Industry 5.0 perspective

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2024-12-08 DOI: 10.1016/j.cose.2024.104267

Abhik Chaudhuri , Rajat Kumar Behera , Pradip Kumar Bala

The gamut of emerging technologies from Industry 4.0 provided businesses with potential opportunities to create new models of products and services. However, the cybersecurity discontinuity of Industry 4.0 is a major challenge for businesses due to enhanced cybersecurity risks and attacks resulting from lack of cybersecurity governance and knowledgeable cybersecurity teams. To overcome the cybersecurity challenges of Industry 4.0, the paradigm of Industry 5.0 is considered by businesses. Hence, businesses require transforming their cybersecurity capability. Therefore, this study is undertaken to empirically investigate the factors impacting cybersecurity transformation of businesses in Industry 5.0. An integrated theoretical framework grounded in multiple cybersecurity determinants is proposed. The primary data were collected from 305 respondents, and the analysis was performed using quantitative methodology. The findings reveal that cybersecurity technology, cybersecurity self-efficacy, and cybersecurity process impact the cybersecurity transformation. Therefore, businesses must have a cybersecurity policy and supporting tools to enable the cybersecurity technology. Moreover, cybersecurity governance along with cybersecurity audit plays a crucial role in enhancing the self-efficacy of the workforce. Additionally, businesses must utilize cybersecurity training and threat awareness initiatives to ensure that the cybersecurity processes are as per expectation for the cybersecurity transformation.

{"title":"Factors impacting cybersecurity transformation: An Industry 5.0 perspective","authors":"Abhik Chaudhuri , Rajat Kumar Behera , Pradip Kumar Bala","doi":"10.1016/j.cose.2024.104267","DOIUrl":"10.1016/j.cose.2024.104267","url":null,"abstract":"<div><div>The gamut of emerging technologies from Industry 4.0 provided businesses with potential opportunities to create new models of products and services. However, the cybersecurity discontinuity of Industry 4.0 is a major challenge for businesses due to enhanced cybersecurity risks and attacks resulting from lack of cybersecurity governance and knowledgeable cybersecurity teams. To overcome the cybersecurity challenges of Industry 4.0, the paradigm of Industry 5.0 is considered by businesses. Hence, businesses require transforming their cybersecurity capability. Therefore, this study is undertaken to empirically investigate the factors impacting cybersecurity transformation of businesses in Industry 5.0. An integrated theoretical framework grounded in multiple cybersecurity determinants is proposed. The primary data were collected from 305 respondents, and the analysis was performed using quantitative methodology. The findings reveal that cybersecurity technology, cybersecurity self-efficacy, and cybersecurity process impact the cybersecurity transformation. Therefore, businesses must have a cybersecurity policy and supporting tools to enable the cybersecurity technology. Moreover, cybersecurity governance along with cybersecurity audit plays a crucial role in enhancing the self-efficacy of the workforce. Additionally, businesses must utilize cybersecurity training and threat awareness initiatives to ensure that the cybersecurity processes are as per expectation for the cybersecurity transformation.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"150 ","pages":"Article 104267"},"PeriodicalIF":4.8,"publicationDate":"2024-12-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143142434","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Control-flow attestation: Concepts, solutions, and open challenges

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2024-12-07 DOI: 10.1016/j.cose.2024.104254

Zhanyu Sha , Carlton Shepherd , Amir Rafi , Konstantinos Markantonakis

Control-flow attestation unifies the worlds of control-flow integrity and platform attestation by measuring and reporting a target’s run-time behaviour to a verifier. Trust assurances in the target are provided by testing whether its execution follows an authorised control-flow path. The problem has been explored in various settings, such as assessing the trustworthiness of cloud platforms, cyber–physical systems, and Internet of Things devices. Despite a significant number of proposals being made in recent years, the area remains fragmented, with different adversarial behaviours, verification paradigms, and deployment challenges being addressed. In this paper, we present the first survey of control-flow attestation, examining the core ideas and solutions in state-of-the-art schemes. In total, we survey over 30 papers published between 2016–2024, consolidate and compare their key features, and pose several challenges and recommendations for future research in the area.

引用次数: 0

首页上一页

下一页尾页

类型

全部化学•材料生命科学医学物理工程技术环境•农林材料科学地球科学法学管理学化学环境科学与生态学计算机科学教育学经济学农林科学人文科学生物学数学物理与天体物理心理学综合性期刊其他工业工程理学历史学农学文学信息工程

数据库

全部 ACS Publications Elsevier ieeexplore Springer The Royal Society of Chemistry Wiley

期刊

Computers & Security

全部 Acc. Chem. Res. ACS Applied Bio Materials ACS Appl. Electron. Mater. ACS Appl. Energy Mater. ACS Appl. Mater. Interfaces ACS Appl. Nano Mater. ACS Appl. Polym. Mater. ACS BIOMATER-SCI ENG ACS Catal. ACS Cent. Sci. ACS Chem. Biol. ACS Chemical Health & Safety ACS Chem. Neurosci. ACS Comb. Sci. ACS Earth Space Chem. ACS Energy Lett. ACS Infect. Dis. ACS Macro Lett. ACS Mater. Lett. ACS Med. Chem. Lett. ACS Nano ACS Omega ACS Photonics ACS Sens. ACS Sustainable Chem. Eng. ACS Synth. Biol. Anal. Chem. BIOCHEMISTRY-US Bioconjugate Chem. BIOMACROMOLECULES Chem. Res. Toxicol. Chem. Rev. Chem. Mater. CRYST GROWTH DES ENERG FUEL Environ. Sci. Technol. Environ. Sci. Technol. Lett. Eur. J. Inorg. Chem. IND ENG CHEM RES Inorg. Chem. J. Agric. Food. Chem. J. Chem. Eng. Data J. Chem. Educ. J. Chem. Inf. Model. J. Chem. Theory Comput. J. Med. Chem. J. Nat. Prod. J PROTEOME RES J. Am. Chem. Soc. LANGMUIR MACROMOLECULES Mol. Pharmaceutics Nano Lett. Org. Lett. ORG PROCESS RES DEV ORGANOMETALLICS J. Org. Chem. J. Phys. Chem. J. Phys. Chem. A J. Phys. Chem. B J. Phys. Chem. C J. Phys. Chem. Lett. Analyst Anal. Methods Biomater. Sci. Catal. Sci. Technol. Chem. Commun. Chem. Soc. Rev. CHEM EDUC RES PRACT CRYSTENGCOMM Dalton Trans. Energy Environ. Sci. ENVIRON SCI-NANO ENVIRON SCI-PROC IMP ENVIRON SCI-WAT RES Faraday Discuss. Food Funct. Green Chem. Inorg. Chem. Front. Integr. Biol. J. Anal. At. Spectrom. J. Mater. Chem. A J. Mater. Chem. B J. Mater. Chem. C Lab Chip Mater. Chem. Front. Mater. Horiz. MEDCHEMCOMM Metallomics Mol. Biosyst. Mol. Syst. Des. Eng. Nanoscale Nanoscale Horiz. Nat. Prod. Rep. New J. Chem. Org. Biomol. Chem. Org. Chem. Front. PHOTOCH PHOTOBIO SCI PCCP Polym. Chem.

﹀