IEEE Transactions on Dependable and Secure Computing最新文献_第8页

Your Labels are Selling You Out: Relation Leaks in Vertical Federated Learning 你的标签出卖了你:垂直联合学习中的关系泄漏

IF 7.3 2区计算机科学

IEEE Transactions on Dependable and Secure Computing Pub Date : 2023-09-01 DOI: 10.1109/TDSC.2022.3208630

Pengyu Qiu, Xuhong Zhang, S. Ji, Tianyu Du, Yuwen Pu, Junfeng Zhou, Ting Wang

{"title":"Your Labels are Selling You Out: Relation Leaks in Vertical Federated Learning","authors":"Pengyu Qiu, Xuhong Zhang, S. Ji, Tianyu Du, Yuwen Pu, Junfeng Zhou, Ting Wang","doi":"10.1109/TDSC.2022.3208630","DOIUrl":"https://doi.org/10.1109/TDSC.2022.3208630","url":null,"abstract":"Vertical federated learning (VFL) is an emerging privacy-preserving paradigm that enables collaboration between companies. These companies have the same set of users but different features. One of them is interested in expanding new business or improving its current service with others’ features. For instance, an e-commerce company, who wants to improve its recommendation performance, can incorporate users’ preferences from another corporation such as a social media company through VFL. On the other hand, graph data is a powerful and sensitive type of data widely used in industry. Their leakage, e.g., the node leakage and/or the relation leakage, can cause severe privacy issues and financial loss. Therefore, protecting the security of graph data is important in practice. Though a line of work has studied how to learn with graph data in VFL, the privacy risks remain underexplored. In this paper, we perform the first systematic study on relation inference attacks to reveal VFL's risk of leaking samples’ relations. Specifically, we assume the adversary to be a semi-honest participant. Then, according to the adversary's knowledge level, we formulate three kinds of attacks based on different intermediate representations. Particularly, we design a novel numerical approximation method to handle VFL's encryption mechanism on the participant's representations. Extensive evaluations with four real-world datasets demonstrate the effectiveness of our attacks. For instance, the area under curve of relation inference can reach more than 90%, implying an impressive relation inference capability. Furthermore, we evaluate possible defenses to examine our attacks’ robustness. The results show that their impacts are limited. Our work highlights the need for advanced defenses to protect private relations and calls for more exploration of VFL's privacy and security issues.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"20 1","pages":"3653-3668"},"PeriodicalIF":7.3,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"47099346","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 12

Cancelable Fingerprint Template Construction Using Vector Permutation and Shift-Ordering 基于向量置换和移位排序的可取消指纹模板构造

IF 7.3 2区计算机科学

IEEE Transactions on Dependable and Secure Computing Pub Date : 2023-09-01 DOI: 10.1109/TDSC.2022.3213704

S. Abdullahi, Ke Lv, Shuifa Sun, Hongxia Wang

{"title":"Cancelable Fingerprint Template Construction Using Vector Permutation and Shift-Ordering","authors":"S. Abdullahi, Ke Lv, Shuifa Sun, Hongxia Wang","doi":"10.1109/TDSC.2022.3213704","DOIUrl":"https://doi.org/10.1109/TDSC.2022.3213704","url":null,"abstract":"The need for cancelable biometric techniques has seen a progressive rise due to the rapid deployment of biometric authentication systems. These techniques prevent compromising biometric data by generating and using their corresponding cancelable templates for user authentication. However, the non-invertible distance preserving transformation methods employed in various schemes are often vulnerable to information leakage since matching is performed in the transform domain. This paper proposed a non-invertible distance preserving scheme based on vector permutation and shift-order process. First, the dimension of feature vectors is reduced using kernelized principal component analysis before randomly permuting the extracted vector features. A shift-order process is then applied to the generated features to achieve non-invertibility and combat similarity correlation-based attacks. The generated hash codes are resilient to various security and privacy attacks such as ARM, masquerade, and brute-force preimage. Experimental evaluations conducted on eight fingerprint datasets from FVC2002, FVC2004, and FVC2006 reveal a high matching performance of the proposed method with better recognition accuracy than other existing state-of-the-art. The scheme also fulfills the revocability and unlinkability requirements of cancelable biometrics.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"20 1","pages":"3828-3844"},"PeriodicalIF":7.3,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"45347372","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Advanced Persistent Threat Detection Using Data Provenance and Metric Learning 使用数据来源和度量学习的高级持续威胁检测

IF 7.3 2区计算机科学

IEEE Transactions on Dependable and Secure Computing Pub Date : 2023-09-01 DOI: 10.1109/TDSC.2022.3221789

Khandakar Ashrafi Akbar, Yigong Wang, G. Ayoade, Y. Gao, A. Singhal, L. Khan, B. Thuraisingham, Kangkook Jee

{"title":"Advanced Persistent Threat Detection Using Data Provenance and Metric Learning","authors":"Khandakar Ashrafi Akbar, Yigong Wang, G. Ayoade, Y. Gao, A. Singhal, L. Khan, B. Thuraisingham, Kangkook Jee","doi":"10.1109/TDSC.2022.3221789","DOIUrl":"https://doi.org/10.1109/TDSC.2022.3221789","url":null,"abstract":"Advanced persistent threats (APT) have increased in recent times as a result of the rise in interest by nation-states and sophisticated corporations to obtain high-profile information. Typically, APT attacks are more challenging to detect since they leverage zero-day attacks and common benign tools. Furthermore, these attack campaigns are often prolonged to evade detection. We leverage an approach that uses a provenance graph to obtain execution traces of host nodes in order to detect anomalous behavior. By using the provenance graph, we extract features that are then used to train an online adaptive metric learning. Online metric learning is a deep learning method that learns a function to minimize the separation between similar classes and maximizes the separation between dis- similar instances. We compare our approach with baseline models and we show our method outperforms the baseline models by increasing detection accuracy on average by 11.3% and increases True positive rate (TPR) on average by 18.3%. We also show that our method outperforms several state-of-the-art models performances in comprehensive attack datasets in both binary and multi-class settings.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"20 1","pages":"3957-3969"},"PeriodicalIF":7.3,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"43629804","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 2

SofitMix: A Secure Offchain-Supported Bitcoin-Compatible Mixing Protocol SofitMix:一个安全的离线支持的比特币兼容混合协议

IF 7.3 2区计算机科学

IEEE Transactions on Dependable and Secure Computing Pub Date : 2023-09-01 DOI: 10.1109/TDSC.2022.3213824

Haomeng Xie, Shufan Fei, Zheng Yan, Yang Xiao

{"title":"SofitMix: A Secure Offchain-Supported Bitcoin-Compatible Mixing Protocol","authors":"Haomeng Xie, Shufan Fei, Zheng Yan, Yang Xiao","doi":"10.1109/TDSC.2022.3213824","DOIUrl":"https://doi.org/10.1109/TDSC.2022.3213824","url":null,"abstract":"Privacy preservation is highly expected in the Bitcoin Network. However, only applying pseudonyms cannot completely ensure anonymity/unlinkability between payers and payees. Current approaches mainly depend on a mixer service, which obfuscates payer-payee relationships of transactions. While the mixer service improves transaction privacy, it still suffers from some severe security threats (e.g., DoS attack and collusion attack), and does not support effective and reliable off-chain payment in a parallel mode. In this article, we propose a mixing protocol for the Bitcoin Network based on zero-knowledge proof, called SofitMix. It is the first mixing protocol that can effectively resist both the DoS attack and the collusion attack. It can also support a set of parallel off-chain payments in a reliable way no matter whether some payers abort a transaction. We analyze and prove SofitMix security following the Universal Composability model with regard to fair exchange, unlinkability, collusion-resistance, DoS-resistance and Sybil-resistance. Through a proof-of-concept implementation, we demonstrate its validity and fairness. We also show its advance on off-chain payment reliability and DoS attack resistance, compared to TumbleBit.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"20 1","pages":"4311-4324"},"PeriodicalIF":7.3,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"42980939","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 5

Reversible Data Hiding With Hierarchical Block Variable Length Coding for Cloud Security 基于分层块变长编码的云安全可逆数据隐藏

IF 7.3 2区计算机科学

IEEE Transactions on Dependable and Secure Computing Pub Date : 2023-09-01 DOI: 10.1109/TDSC.2022.3219843

Shuying Xu, Ji-Hwei Horng, Ching-Chun Chang, Chin-chen Chang

{"title":"Reversible Data Hiding With Hierarchical Block Variable Length Coding for Cloud Security","authors":"Shuying Xu, Ji-Hwei Horng, Ching-Chun Chang, Chin-chen Chang","doi":"10.1109/TDSC.2022.3219843","DOIUrl":"https://doi.org/10.1109/TDSC.2022.3219843","url":null,"abstract":"Reversible data hiding in encrypted images (RDHEI) can serve as a technical solution to secure data in applications that rely on cloud storage. The key features of an RDHEI scheme are reversibility, security, and data embedding rate. To enlarge the embedding rate, this paper proposes a novel RDHEI scheme based on the median edge detector (MED) and a new proposed hierarchical block variable length coding (HBVLC) technique. In our scheme, the image owner first predicts the pixel values of the carrier image with MED. Then, the prediction error array is sliced into bit-planes and encoded plane by plane. By leveraging the inherent features of the prediction error bit-planes, the image owner adaptively decomposes a bit-plane into blocks of different hierarchical levels based on its local smoothness and encodes the blocks with a variable length coding method. As a result, the carrier image is efficiently compressed to provide spare room for data embedding. The encoded carrier image is then processed with the conventional steps of an RDHEI technique. Experimental results show that the proposed scheme not only can restore the secret data and the carrier image without loss but also outperforms state-of-the-art methods in the embedding rate for images with various features.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"20 1","pages":"4199-4213"},"PeriodicalIF":7.3,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"46545638","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 2

Membership Inference Attacks Against Deep Learning Models via Logits Distribution 基于Logits分布的深度学习模型成员推断攻击

IF 7.3 2区计算机科学

IEEE Transactions on Dependable and Secure Computing Pub Date : 2023-09-01 DOI: 10.1109/TDSC.2022.3222880

Hongyang Yan, Shuhao Li, Yajie Wang, Yaoyuan Zhang, K. Sharif, Haibo Hu, Yuan-zhang Li

{"title":"Membership Inference Attacks Against Deep Learning Models via Logits Distribution","authors":"Hongyang Yan, Shuhao Li, Yajie Wang, Yaoyuan Zhang, K. Sharif, Haibo Hu, Yuan-zhang Li","doi":"10.1109/TDSC.2022.3222880","DOIUrl":"https://doi.org/10.1109/TDSC.2022.3222880","url":null,"abstract":"Deep Learning(DL) techniques have gained significant importance in the recent past due to their vast applications. However, DL is still prone to several attacks, such as the Membership Inference Attack (MIA), based on the memorability of training data. MIA aims at determining the presence of specific data in the training dataset of the model with substitute model of similar structure to the objective model. As MIA relies on the substitute model, they can be mitigated if the substitute model is not clear about the network structure of the objective model. To solve the challenge of shadow-model construction, this work presents L-Leaks, a member inference attack based on Logits. L-Leaks allow an adversary to use the substitute model's information to predict the presence of membership if the shadow and objective model are similar enough. Here, the substitute model is built by learning the logits of the objective model, hence making it similar enough. This results in the substitute model having sufficient confidence in the member samples of the objective model. The evaluation of the attack's success shows that the proposed technique can execute the attack more accurately than existing techniques. It also shows that the proposed MIA is significantly robust under different network models and datasets.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"20 1","pages":"3799-3808"},"PeriodicalIF":7.3,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"47469935","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 3

Mangling Rules Generation With Density-Based Clustering for Password Guessing 基于密度聚类的密码猜测规则生成

IF 7.3 2区计算机科学

IEEE Transactions on Dependable and Secure Computing Pub Date : 2023-09-01 DOI: 10.1109/TDSC.2022.3217002

Shunbin Li, Zhiyu Wang, Ruyun Zhang, Chunming Wu, Hanguang Luo

{"title":"Mangling Rules Generation With Density-Based Clustering for Password Guessing","authors":"Shunbin Li, Zhiyu Wang, Ruyun Zhang, Chunming Wu, Hanguang Luo","doi":"10.1109/TDSC.2022.3217002","DOIUrl":"https://doi.org/10.1109/TDSC.2022.3217002","url":null,"abstract":"Rule-based password generation is one of the most effective and often employed techniques in the highly compute-intensive password recovery process. However, it is challenging to design and maintain a practical password mangling ruleset, which is a time-consuming task requiring specialized expertise. This paper therefore introduced MDBSCAN (Modified Density-Based Spatial Clustering of Applications with Noise), a novel density-based cluster approach in machine learning, to build an automatic password mangling rule generator. To evaluate the proposed method, cross-checks across 4 different real-world password datasets leaked from popular Internet services and applications are adopted. The results indicate that the proposed generator could produce high-quality mangling rules with a better hit rate and enhance current mangling rules by identifying hidden or omitted rules. The proposed approach also shows strong interpretability and computational efficiency. When examining the RockYou password dataset with the top 77 rules, the hit rate may rise by 11% to 104% proportionally to other well-known solutions. Furthermore, by combining the top 77 rules generated by MDBSCAN with those from other rulesets, 3–12.67% more real-world passwords can be retrieved.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"20 1","pages":"3588-3600"},"PeriodicalIF":7.3,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"47537365","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Achieving Efficient and Privacy-Preserving Neural Network Training and Prediction in Cloud Environments 在云环境中实现高效且保密的神经网络训练和预测

IF 7.3 2区计算机科学

IEEE Transactions on Dependable and Secure Computing Pub Date : 2023-09-01 DOI: 10.1109/TDSC.2022.3208706

Chuan Zhang, Chenfei Hu, Tong Wu, Liehuang Zhu, Ximeng Liu

{"title":"Achieving Efficient and Privacy-Preserving Neural Network Training and Prediction in Cloud Environments","authors":"Chuan Zhang, Chenfei Hu, Tong Wu, Liehuang Zhu, Ximeng Liu","doi":"10.1109/TDSC.2022.3208706","DOIUrl":"https://doi.org/10.1109/TDSC.2022.3208706","url":null,"abstract":"The neural network has been widely used to train predictive models for applications such as image processing, disease prediction, and face recognition. To produce more accurate models, powerful third parties (e.g., clouds) are usually employed to collect data from a large number of users, which however may raise concerns about user privacy. In this paper, we propose an Efficient and Privacy-preserving Neural Network scheme, named EPNN, to deal with the privacy issues in cloud-based neural networks. EPNN is designed based on a two-cloud model and techniques of data perturbation and additively homomorphic cryptosystem. This scheme enables two clouds to cooperatively perform neural network training and prediction in a privacy-preserving manner and significantly reduces the computation and communication overhead among participating entities. Through a detailed analysis, we demonstrate the security of EPNN. Extensive experiments based on real-world datasets show EPNN is more efficient than existing schemes in terms of computational costs and communication overhead.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"20 1","pages":"4245-4257"},"PeriodicalIF":7.3,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"47139531","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 19

Leaking Wireless ICs via Hardware Trojan-Infected Synchronization 通过硬件木马感染的同步泄漏无线ic

IF 7.3 2区计算机科学

IEEE Transactions on Dependable and Secure Computing Pub Date : 2023-09-01 DOI: 10.1109/TDSC.2022.3218507

Alan Rodrigo Diaz-Rizo, H. Aboushady, H. Stratigopoulos

{"title":"Leaking Wireless ICs via Hardware Trojan-Infected Synchronization","authors":"Alan Rodrigo Diaz-Rizo, H. Aboushady, H. Stratigopoulos","doi":"10.1109/TDSC.2022.3218507","DOIUrl":"https://doi.org/10.1109/TDSC.2022.3218507","url":null,"abstract":"We propose a Hardware Trojan (HT) attack in wireless Integrated Circuits (ICs) that aims at leaking sensitive information within a legitimate transmission. The HT is hidden inside the transmitter modulating the sensitive information into the preamble of each transmitted frame which is used for the synchronization of the transmitter with the receiver. The data leakage does not affect synchronization and is imperceptible by the inconspicuous nominal receiver as it does not incur any performance penalty in the communication. A knowledgeable rogue receiver, however, can recover the data using signal processing that is too expensive and impractical to be used during run-time in nominal receivers. The HT mechanism is designed at circuit-level and is embedded entirely into the digital section of the RF transceiver having a tiny footprint. The proposed HT attack is demonstrated with measurements on a hardware platform. We demonstrate the stealthiness of the attack, i.e., its ability to evade defenses based on testing and run-time monitoring, and the robustness of the attack, i.e., the ability of the rogue receiver to recover the leaked information even under unfavorable channel conditions.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"20 1","pages":"3845-3859"},"PeriodicalIF":7.3,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"42319878","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 1

On the Security of a Lattice-Based Multi-Stage Secret Sharing Scheme 一种基于格的多级秘密共享方案的安全性

IF 7.3 2区计算机科学

IEEE Transactions on Dependable and Secure Computing Pub Date : 2023-09-01 DOI: 10.1109/TDSC.2022.3209011

Zhichao Yang, D. He, Longjiang Qu, Jianqiao Xu

引用次数: 1