Cybersecurity最新文献_第3页

An empirical study of reflection attacks using NetFlow data 利用 NetFlow 数据对反射攻击进行实证研究

IF 3.1 4区计算机科学

Cybersecurity Pub Date : 2024-07-01 DOI: 10.1186/s42400-023-00203-7

Edward Chuah, Neeraj Suri

{"title":"An empirical study of reflection attacks using NetFlow data","authors":"Edward Chuah, Neeraj Suri","doi":"10.1186/s42400-023-00203-7","DOIUrl":"https://doi.org/10.1186/s42400-023-00203-7","url":null,"abstract":"Reflection attacks are one of the most intimidating threats organizations face. A reflection attack is a special type of distributed denial-of-service attack that amplifies the amount of malicious traffic by using reflectors and hides the identity of the attacker. Reflection attacks are known to be one of the most common causes of service disruption in large networks. Large networks perform extensive logging of NetFlow data, and parsing this data is an advocated basis for identifying network attacks. We conduct a comprehensive analysis of NetFlow data containing 1.7 billion NetFlow records and identified reflection attacks on the network time protocol (NTP) and NetBIOS servers. We set up three regression models including the Ridge, Elastic Net and LASSO. To the best of our knowledge, there is no work that studied different regression models to understand patterns of reflection attacks in a large network. In this paper, we (a) propose an approach for identifying correlations of reflection attacks, and (b) evaluate the three regression models on real NetFlow data. Our results show that (a) reflection attacks on the NTP servers are not correlated, (b) reflection attacks on the NetBIOS servers are not correlated, (c) the traffic generated by those reflection attacks did not overwhelm the NTP and NetBIOS servers, and (d) the dwell times of reflection attacks on the NTP and NetBIOS servers are too small for predicting reflection attacks on these servers. Our work on reflection attacks identification highlights recommendations that could facilitate better handling of reflection attacks in large networks.","PeriodicalId":36402,"journal":{"name":"Cybersecurity","volume":"28 1","pages":""},"PeriodicalIF":3.1,"publicationDate":"2024-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141509633","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Phishing behavior detection on different blockchains via adversarial domain adaptation 通过对抗性域适应在不同区块链上检测网络钓鱼行为

IF 3.1 4区计算机科学

Cybersecurity Pub Date : 2024-06-19 DOI: 10.1186/s42400-024-00237-5

Chuyi Yan, Xueying Han, Yan Zhu, Dan Du, Zhigang Lu, Yuling Liu

{"title":"Phishing behavior detection on different blockchains via adversarial domain adaptation","authors":"Chuyi Yan, Xueying Han, Yan Zhu, Dan Du, Zhigang Lu, Yuling Liu","doi":"10.1186/s42400-024-00237-5","DOIUrl":"https://doi.org/10.1186/s42400-024-00237-5","url":null,"abstract":"Despite the growing attention on blockchain, phishing activities have surged, particularly on newly established chains. Acknowledging the challenge of limited intelligence in the early stages of new chains, we propose ADA-Spear-an automatic phishing detection model utilizing adversarial domain adaptive learning which symbolizes the method’s ability to penetrate various heterogeneous blockchains for phishing detection. The model effectively identifies phishing behavior in new chains with limited reliable labels, addressing challenges such as significant distribution drift, low attribute overlap, and limited inter-chain connections. Our approach includes a subgraph construction strategy to align heterogeneous chains, a layered deep learning encoder capturing both temporal and spatial information, and integrated adversarial domain adaptive learning in end-to-end model training. Validation in Ethereum, Bitcoin, and EOSIO environments demonstrates ADA-Spear’s effectiveness, achieving an average F1 score of 77.41 on new chains after knowledge transfer, surpassing existing detection methods.","PeriodicalId":36402,"journal":{"name":"Cybersecurity","volume":"196 1","pages":""},"PeriodicalIF":3.1,"publicationDate":"2024-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141509634","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Ensemble learning based anomaly detection for IoT cybersecurity via Bayesian hyperparameters sensitivity analysis 通过贝叶斯超参数敏感性分析进行基于集合学习的物联网网络安全异常检测

IF 3.1 4区计算机科学

Cybersecurity Pub Date : 2024-06-12 DOI: 10.1186/s42400-024-00238-4

Tin Lai, Farnaz Farid, Abubakar Bello, Fariza Sabrina

{"title":"Ensemble learning based anomaly detection for IoT cybersecurity via Bayesian hyperparameters sensitivity analysis","authors":"Tin Lai, Farnaz Farid, Abubakar Bello, Fariza Sabrina","doi":"10.1186/s42400-024-00238-4","DOIUrl":"https://doi.org/10.1186/s42400-024-00238-4","url":null,"abstract":"The Internet of Things (IoT) integrates more than billions of intelligent devices over the globe with the capability of communicating with other connected devices with little to no human intervention. IoT enables data aggregation and analysis on a large scale to improve life quality in many domains. In particular, data collected by IoT contain a tremendous amount of information for anomaly detection. The heterogeneous nature of IoT is both a challenge and an opportunity for cybersecurity. Traditional approaches in cybersecurity monitoring often require different kinds of data pre-processing and handling for various data types, which might be problematic for datasets that contain heterogeneous features. However, heterogeneous types of network devices can often capture a more diverse set of signals than a single type of device readings, which is particularly useful for anomaly detection. In this paper, we present a comprehensive study on using ensemble machine learning methods for enhancing IoT cybersecurity via anomaly detection. Rather than using one single machine learning model, ensemble learning combines the predictive power from multiple models, enhancing their predictive accuracy in heterogeneous datasets rather than using one single machine learning model. We propose a unified framework with ensemble learning that utilises Bayesian hyperparameter optimisation to adapt to a network environment that contains multiple IoT sensor readings. Experimentally, we illustrate their high predictive power when compared to traditional methods.","PeriodicalId":36402,"journal":{"name":"Cybersecurity","volume":"27 1","pages":""},"PeriodicalIF":3.1,"publicationDate":"2024-06-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141509635","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

CommanderUAP: a practical and transferable universal adversarial attacks on speech recognition models CommanderUAP：针对语音识别模型的实用且可转移的通用对抗攻击

IF 3.1 4区计算机科学

Cybersecurity Pub Date : 2024-06-05 DOI: 10.1186/s42400-024-00218-8

Zheng Sun, Jinxiao Zhao, Feng Guo, Yuxuan Chen, Lei Ju

引用次数: 0

Enhancing fairness of trading environment: discovering overlapping spammer groups with dynamic co-review graph optimization 提高交易环境的公平性：利用动态共评图优化发现重叠的垃圾邮件发送者群体

IF 3.1 4区计算机科学

Cybersecurity Pub Date : 2024-06-04 DOI: 10.1186/s42400-024-00230-y

Chaoqun Wang, Ning Li, Shujuan Ji, Xianwen Fang, Zhen Wang

{"title":"Enhancing fairness of trading environment: discovering overlapping spammer groups with dynamic co-review graph optimization","authors":"Chaoqun Wang, Ning Li, Shujuan Ji, Xianwen Fang, Zhen Wang","doi":"10.1186/s42400-024-00230-y","DOIUrl":"https://doi.org/10.1186/s42400-024-00230-y","url":null,"abstract":"Within the thriving e-commerce landscape, some unscrupulous merchants hire spammer groups to post misleading reviews or ratings, aiming to manipulate public perception and disrupt fair market competition. This phenomenon has prompted a heightened research focus on spammer groups detection. In the e-commerce domain, current spammer group detection algorithms can be classified into three categories, i.e., Frequent Item Mining-based, graph-based, and burst-based algorithms. However, existing graph-based algorithms have limitations in that they did not adequately consider the redundant relationships within co-review graphs and neglected to detect overlapping members within spammer groups. To address these issues, we introduce an overlapping spammer group detection algorithm based on deep reinforcement learning named DRL-OSG. First, the algorithm filters out highly suspicious products and gets the set of reviewers who have reviewed these products. Secondly, taking these reviewers as nodes and their co-reviewing relationships as edges, we construct a homogeneous co-reviewing graph. Thirdly, to efficiently identify and handle the redundant relationships that are accidentally formed between ordinary users and spammer group members, we propose the Auto-Sim algorithm, which is a specifically tailored algorithm for dynamic optimization of the co-reviewing graph, allowing for adjustments to the reviewers’ relationship network within the graph. Finally, candidate spammer groups are discovered by using the Ego-Splitting overlapping clustering algorithm, allowing overlapping members to exist in these groups. Then, these groups are refined and ranked to derive the final list of spammer groups. Experimental results based on real-life datasets show that our proposed DRL-OSG algorithm performs better than the baseline algorithms in Precision.","PeriodicalId":36402,"journal":{"name":"Cybersecurity","volume":"128 1","pages":""},"PeriodicalIF":3.1,"publicationDate":"2024-06-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141254887","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

In-depth Correlation Power Analysis Attacks on a Hardware Implementation of CRYSTALS-Dilithium 对 CRYSTALS-Dilithium 硬件实现的深度相关功率分析攻击

IF 3.1 4区计算机科学

Cybersecurity Pub Date : 2024-06-03 DOI: 10.1186/s42400-024-00209-9

Huaxin Wang, Yiwen Gao, Yuejun Liu, Qian Zhang, Yongbin Zhou

{"title":"In-depth Correlation Power Analysis Attacks on a Hardware Implementation of CRYSTALS-Dilithium","authors":"Huaxin Wang, Yiwen Gao, Yuejun Liu, Qian Zhang, Yongbin Zhou","doi":"10.1186/s42400-024-00209-9","DOIUrl":"https://doi.org/10.1186/s42400-024-00209-9","url":null,"abstract":"During the standardisation process of post-quantum cryptography, NIST encourages research on side-channel analysis for candidate schemes. As the recommended lattice signature scheme, CRYSTALS-Dilithium, when implemented on hardware, has seen limited research on side-channel analysis, and current attacks are incomplete or requires a substantial quantity of traces. Therefore, we conducted a more complete analysis to investigate the leakage of an FPGA implementation of CRYSTALS-Dilithium using the Correlation Power Analysis (CPA) method, where with a minimum of 70,000 traces partial private key coefficients can be recovered. Furthermore, we optimise the attack by extracting Point-of-Interests using known information due to parallelism (named CPA-PoI) and by iteratively utilising parallel leakages (named CPA-ITR). Our experimental results show that CPA-PoI reduces the number of traces by up to 16.67%, CPA-ITR by up to 25%, and both increase the number of recovered key coefficients by up to 55.17% and 93.10% using the same number of traces. They outperfom the CPA method. As a result, it suggests that the FPGA implementation of CRYSTALS-Dilithium is more vulnerable than thought before to side-channel analysis.","PeriodicalId":36402,"journal":{"name":"Cybersecurity","volume":"21 1","pages":""},"PeriodicalIF":3.1,"publicationDate":"2024-06-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141254840","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Atomic cross-chain swap based on private key exchange 基于私人密钥交换的原子跨链交换

IF 3.1 4区计算机科学

Cybersecurity Pub Date : 2024-06-02 DOI: 10.1186/s42400-023-00202-8

Zeshuo Zhu, Rui Zhang, Yang Tao

{"title":"Atomic cross-chain swap based on private key exchange","authors":"Zeshuo Zhu, Rui Zhang, Yang Tao","doi":"10.1186/s42400-023-00202-8","DOIUrl":"https://doi.org/10.1186/s42400-023-00202-8","url":null,"abstract":"Atomic Cross-Chain Swap (ACCS) is one important topic in cryptocurrency, where users can securely and trustlessly exchange assets between two different blockchains. However, most known ACCS schemes assume specific scripting functionalities of the underlying blockchains, such as Hash Time Locked Contracts (HTLC). In addition, these schemes are typically only applicable to certain digital signature schemes, like Schnorr or Elliptic Curve Digital Signature Algorithm (ECDSA) signatures. In this paper, we propose a generic ACCS scheme, independent from the underlying blockchains. To the best of our knowledge, this is the first solution of this kind. Our results are as follows. First, we define a formal system model of ACCS. Next, we present a generic ACCS scheme meets our model. This scheme admits atomicity in cross-chain swaps without the need for a Trusted Third Party (TTP) and protects users’ privacy. Finally, by using the Non-Interactive Zero-Knowledge (NIZK) proof protocol as a tool, we instantiate our generic scheme for Elliptic Curve Discrete Logarithm Problem-based (ECDLP-based) signatures. In addition, we implement our scheme, and the experimental results show that our protocol outperforms the existing ACCS schemes, such as the HTLC-based schemes.","PeriodicalId":36402,"journal":{"name":"Cybersecurity","volume":"7 1","pages":""},"PeriodicalIF":3.1,"publicationDate":"2024-06-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141254779","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

HSS: enhancing IoT malicious traffic classification leveraging hybrid sampling strategy HSS：利用混合采样策略加强物联网恶意流量分类

IF 3.1 4区计算机科学

Cybersecurity Pub Date : 2024-06-01 DOI: 10.1186/s42400-023-00201-9

Yuantu Luo, Jun Tao, Yuehao Zhu, Yifan Xu

{"title":"HSS: enhancing IoT malicious traffic classification leveraging hybrid sampling strategy","authors":"Yuantu Luo, Jun Tao, Yuehao Zhu, Yifan Xu","doi":"10.1186/s42400-023-00201-9","DOIUrl":"https://doi.org/10.1186/s42400-023-00201-9","url":null,"abstract":"Using deep learning models to deal with the classification tasks in network traffic offers a new approach to address the imbalanced Internet of Things malicious traffic classification problems. However, the employment difficulty of these models may be immense due to their high resource consumption and inadequate interpretability. Fortunately, the effectiveness of sampling methods based on the statistical principles in imbalance data distribution indicates the path. In this paper, we address these challenges by proposing a hybrid sampling method, termed HSS, which integrates undersampling and oversampling techniques. Our approach not only mitigates the imbalance in malicious traffic but also fine-tunes the sampling threshold to optimize performance, as substantiated through validation tests. Employed across three distinct classification tasks, this method furnishes simplified yet representative samples, enhancing the baseline models’ classification capabilities by a minimum of 6.02% and a maximum of 182.66%. Moreover, it notably reduces resource consumption, with sample numbers diminishing to a ratio of at least 83.53%. This investigation serves as a foundation, demonstrating the efficacy of HSS in bolstering security measures in IoT networks, potentially guiding the development of more adept and resource-efficient solutions.","PeriodicalId":36402,"journal":{"name":"Cybersecurity","volume":"45 1","pages":""},"PeriodicalIF":3.1,"publicationDate":"2024-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141190248","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Key derivable signature and its application in blockchain stealth address 密钥可衍生签名及其在区块链隐身地址中的应用

IF 3.1 4区计算机科学

Cybersecurity Pub Date : 2024-05-30 DOI: 10.1186/s42400-024-00231-x

Ruida Wang, Ziyi Li, Xianhui Lu, Zhenfei Zhang, Kunpeng Wang

引用次数: 0

Polar code-based secure transmission with higher message rate combining channel entropy and computational entropy 基于极地编码的安全传输，结合信道熵和计算熵实现更高的信息传输速率

IF 3.1 4区计算机科学

Cybersecurity Pub Date : 2024-05-04 DOI: 10.1186/s42400-024-00229-5

Chen An, Mengjie Huang, Xianhui Lu, Lei Bi, Weijie Li

{"title":"Polar code-based secure transmission with higher message rate combining channel entropy and computational entropy","authors":"Chen An, Mengjie Huang, Xianhui Lu, Lei Bi, Weijie Li","doi":"10.1186/s42400-024-00229-5","DOIUrl":"https://doi.org/10.1186/s42400-024-00229-5","url":null,"abstract":"The existing physical layer security schemes, which are based on the key generation model and the wire-tap channel model, achieve security by utilizing channel reciprocity entropy and noise entropy, respectively. In contrast, we propose a novel secure transmission framework that combines noise entropy with reciprocity entropy, achieved by inserting reciprocity entropy into the frozen bits of polar codes. Note that in real-world scenarios, when eavesdroppers employ polynomial-time attacks, the bit error rate (BER) increases due to the introduction of computational entropy. To achieve indistinguishability security, we convert the practical physical layer security metric, BER, into the average min-entropy, a widely accepted concept in cryptography. The simulation results demonstrate that the eavesdropper’s BER can be significantly increased without compromising the communication performance of the legitimate receiver. Under concrete parameters we selected, when compared to the joint scheme of physical layer key generation and one time pad, the modular semantically-secure scheme based on the wire-tap channel model, and the simple channel entropy combination scheme, our scheme achieves a message rate approximately 1.2 times, 3.8 times, and 1.4 times better, respectively. Experimental testing validates the feasibility of our scheme.","PeriodicalId":36402,"journal":{"name":"Cybersecurity","volume":"16 1","pages":""},"PeriodicalIF":3.1,"publicationDate":"2024-05-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140889277","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0