Journal of Information Security and Applications最新文献

{"title":"Exploring low overhead fingerprint biometric watermark for loop pipelined hardware IPs during behavioral synthesis","authors":"Anirban Sengupta,&nbsp;Aditya Anshul","doi":"10.1016/j.jisa.2025.104041","DOIUrl":"10.1016/j.jisa.2025.104041","url":null,"abstract":"<div><div>Loop based applications form an integral component in several consumer electronics systems as hardware intellectual property (IP) cores. Some powerful examples include finite impulse response filter cores, convolution filters etc. For enhanced performance and increased security of hardware IPs, handling loops efficiently while embedding low-cost security information (watermark) as digital evidence is the key. Robust security watermark embedded as digital evidence in the IP cores of CE systems, ensures sturdy detective countermeasure against piracy and counterfeiting, assuring the safety of end consumer. This paper presents a novel behavioral synthesis/high-level synthesis (HLS) based low-cost fingerprint biometric-watermark embedded security methodology for loop pipelined hardware IPs of CE systems. More explicitly, the paper presents the following novel contributions: a) exploration of low overhead fingerprint biometric-watermark embedded security watermark during HLS; b) embedding low-cost fingerprint based security constraints in loop pipelined IP designs used in CE systems; c) enhanced security against IP piracy (pirated designs) from an SoC integrator's and CE systems designers' perspective in terms of digital evidence (resulting into greater tamper tolerance ability, probability of coincidence and entropy) than prior similar approaches, at nominal design overhead.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"90 ","pages":"Article 104041"},"PeriodicalIF":3.8,"publicationDate":"2025-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143746743","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Optimising AI models for intelligence extraction in the life cycle of Cybersecurity Threat Landscape generation","authors":"Alexandros Zacharis ,&nbsp;Razvan Gavrila ,&nbsp;Constantinos Patsakis ,&nbsp;Christos Douligeris","doi":"10.1016/j.jisa.2025.104037","DOIUrl":"10.1016/j.jisa.2025.104037","url":null,"abstract":"<div><div>The increasing complexity and frequency of cyber attacks in the modern digital environment demand continuous vigilance and proactive strategies to manage risks effectively. Conventional approaches to generating intelligence for Cybersecurity Threat Landscape (CTL) reports are often resource-intensive and time-consuming, as they depend on manual identification, collection, and analysis of relevant electronically stored information (ESI). This study investigates the potential of artificial intelligence (AI) to transform CTL generation, reducing manual classification and tagging while improving efficiency and accuracy.</div><div>We focus on evaluating the classification performance of several Large Language Models (LLMs), including Gemini 1.5 Pro, GPT-4o, but also Bidirectional Encoder Representations from Transformers (BERT) based models like TRAM and TTPHunter along with custom Named Entity Recognition (NER) models, using a dataset previously annotated by human experts. Our findings demonstrate the promising results of AI-driven intelligence extraction for CTL report generation, streamlining cybersecurity operations by automating routine tasks and providing precise and timely threat intelligence. However, the variability in model performance suggests the importance of hybrid approaches needed to achieve the accuracy of human annotation. Therefore, we propose a novel voting agreement-based methodology, harvesting the most from the combined AI model capabilities to effectively address the complexities of cybersecurity threat intelligence extraction.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"90 ","pages":"Article 104037"},"PeriodicalIF":3.8,"publicationDate":"2025-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143738840","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"VSEPDA: Verifiable secure and efficient privacy-preserving data aggregation protocol for image classification in federated learning","authors":"Shuo Chen ,&nbsp;Tanping Zhou ,&nbsp;Huiyu Xie ,&nbsp;Xiaoyuan Yang","doi":"10.1016/j.jisa.2025.104039","DOIUrl":"10.1016/j.jisa.2025.104039","url":null,"abstract":"<div><div>With the rapid advancement of big data and artificial intelligence, the vast amounts of data have facilitated the use of deep learning to create value, particularly in the domain of image classification. Unlike traditional deep learning methods that process data centrally, federated learning enables multiple users to collaboratively build models without data leaving local devices, effectively safeguarding user privacy. However, attackers can exploit gradient analysis to extract partial information from participants, and servers may return erroneous global models. As a result, developing a secure and verifiable federated learning scheme has become a focal point of current research. Recently, Tamer et al. introduced a communication-efficient and verifiable secure data aggregation protocol ESL+23, relying on lightweight cryptographic primitives with high computational efficiency. Nonetheless, we have identified significant shortcomings in the protocol’s verification capabilities: it is vulnerable to collusion attacks and intolerant of user dropouts. Therefore, this paper first designs an attack experiment, demonstrating a 100% success rate. Subsequently, we propose the VSEPDA protocol. Our security analysis indicates that VSEPDA offers enhanced fault tolerance and security. Finally, experiments show that VSEPDA achieves a 46.15% increase in computational efficiency for key updates. Using the real dataset, we demonstrate that the discrepancies in weights and biases between secure and traditional models are on the order of <span><math><mrow><mn>1</mn><msup><mrow><mn>0</mn></mrow><mrow><mo>−</mo><mn>6</mn></mrow></msup></mrow></math></span> and <span><math><mrow><mn>1</mn><msup><mrow><mn>0</mn></mrow><mrow><mo>−</mo><mn>8</mn></mrow></msup></mrow></math></span>, respectively, while maintaining equivalent image classification accuracy.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"90 ","pages":"Article 104039"},"PeriodicalIF":3.8,"publicationDate":"2025-03-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143738839","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Directed grey box fuzzy testing for power terminal device firmware with intermediate representation similarity comparison","authors":"Zhongyuan Qin ,&nbsp;Jiaqi Chen ,&nbsp;Xin Sun ,&nbsp;Yubo Song ,&nbsp;Hua Dai ,&nbsp;Weiwei Chen ,&nbsp;Bang Lv ,&nbsp;Kanghui Wang","doi":"10.1016/j.jisa.2025.104038","DOIUrl":"10.1016/j.jisa.2025.104038","url":null,"abstract":"<div><div>The proliferation of heterogeneous devices in power IoT terminals significantly increases security risks due to firmware vulnerabilities, thereby threatening the stability and reliability of power systems. However, existing Directed Greybox Fuzzing (DGF) methods face challenges, such as the need for manual identification of vulnerable code and limitations to specific architectures. This paper proposes a DGF approach, guided by intermediate representation similarity comparison, comprising two main components: objective function localization and directed greybox fuzzing. In the objective function localization phase, support for multiple architectures is achieved by lifting the binary code to LLVM Intermediate Representation (IR). Given that functions may vary in both structure and semantics, we represent functions using both structural and semantic features. We employ word embedding techniques based on Natural Language Processing (NLP) and graph neural network models to construct feature vectors. By calculating the feature similarity between each function and known vulnerable functions, we automatically identify highly similar functions as targets. In the directed greybox fuzzing phase, to address issues like high false positive rates and unreachable targets, we designed a target scheduling mechanism. This mechanism permanently blocks targets that have been sufficiently covered and periodically blocks those that have not been covered, thereby further improving the efficiency of fuzzing. Experimental results on two datasets demonstrate the effectiveness of this method in identifying vulnerabilities in power terminal equipment.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"90 ","pages":"Article 104038"},"PeriodicalIF":3.8,"publicationDate":"2025-03-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143725412","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"High-fidelity reversible data hiding using adaptive context based pixel value ordering","authors":"Wenguang He,&nbsp;Yaomin Wang,&nbsp;Junwu Li,&nbsp;Long Wang","doi":"10.1016/j.jisa.2025.104042","DOIUrl":"10.1016/j.jisa.2025.104042","url":null,"abstract":"<div><div>The preferred predictor for high-fidelity reversible data hiding (RDH), pixel value ordering, has attracted much attention in the past decade. Numerous studies demonstrate that the key to accurate prediction lies in a reasonably sized and full-enclosing context. Although this issue has been studied, the resulting construction methods are only applicable to RDH schemes that implement pixel-wise embedding. In this paper, a novel predictor based on adaptive context and applicable to RDH schemes that implement block-wise embedding is proposed. First, the cover image is divided into two independent block sets, based on which the target block can be combined with its nearest external pixels to form a new embedding unit. When predicting each pixel in the target block, consecutive pixels in the same row or column as the predicted pixel form the context. As the context is always full-enclosing, the proposed method effectively improves prediction quality. In addition, the context also enables the achievement of high-dimensional prediction-error expansion. Experimental results show that the proposed scheme can achieve satisfactory superiority in fidelity over several state-of-the-art RDH works.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"90 ","pages":"Article 104042"},"PeriodicalIF":3.8,"publicationDate":"2025-03-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143735126","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"PRBC: A practical redactable blockchain incorporating chameleon hash functions with attribute control","authors":"Xiangyu Wu ,&nbsp;Xuehui Du ,&nbsp;Shihao Wang ,&nbsp;Qiantao Yang ,&nbsp;Aodi Liu ,&nbsp;Wenjuan Wang","doi":"10.1016/j.jisa.2025.104045","DOIUrl":"10.1016/j.jisa.2025.104045","url":null,"abstract":"<div><div>The introduction of a redactable blockchain overcomes the challenges posed by immutability, including the inability to correct erroneous data, delete private information, and regulate illegal content. In recent years, to achieve fine-grained control over the redaction permissions of transaction data, policy-based chameleon hash (PCH) functions and their various variants have been proposed and integrated into traditional blockchains to support transaction-level redacting. However, these solutions face the problem of permission abuse, where authorized users may transfer their permissions to unauthorized individuals driven by self-interest, leading to a loss of control over permissions. Additionally, the modifiability of block data results in the potential existence of multiple legitimate block versions at the same height, making it difficult for off-chain validators to verify the timeliness of blocks solely based on block height and timestamps. To address these issues, this paper introduces attribute-based policies and identity tracing mechanisms into the chameleon hash function, proposing a practical redactable blockchain called PRBC, with the formal definitions and security models. By employing several simple cryptographic tools, such as chameleon hash functions, threshold signatures, and identity lists, fine-grained control over redaction permissions, tracking of malicious user identities, and effective validation of block timeliness are achieved, along with a complete construction and rigorous security proof of the scheme. Finally, the prototype of PRBC is constructed on the Tendermint blockchain and compared with the state-of-the-art solutions. The comprehensive evaluation indicates that the solution presented in this paper offers superior performance.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"90 ","pages":"Article 104045"},"PeriodicalIF":3.8,"publicationDate":"2025-03-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143725404","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"FDBA: Feature-guided Defense against Byzantine and Adaptive attacks in Federated Learning","authors":"Chenyu Hu ,&nbsp;Qiming Hu ,&nbsp;Mingyue Zhang ,&nbsp;Zheng Yang","doi":"10.1016/j.jisa.2025.104035","DOIUrl":"10.1016/j.jisa.2025.104035","url":null,"abstract":"<div><div>Federated Learning (FL) is a general paradigm that enables decentralized model training while preserving data privacy, allowing multiple clients to collaboratively train a global model without sharing raw data. With the increasing application of Large Language Models (LLMs) in fields like finance and healthcare, data privacy concerns have grown. Federated LLMs have emerged as a solution, enabling the collaborative improvement of LLMs while protecting sensitive data. However, federated LLMs, like other FL applications, are vulnerable to Byzantine attacks, where one or more malicious clients attempt to poison the global model by corrupting local data or sending crafted local model updates to the server. Existing defenses that focus on directly analyzing local updates struggle with the large parameter sizes of modern models like LLMs. Thus, we need to design more effective defense mechanisms that can scale to models of varying sizes.</div><div>In this work, we propose FDBA, a method designed to enhance robustness and efficiency in FL. Unlike traditional defenses that rely solely on analyzing local model updates, our approach extracts features called PDist from the models to describe the impact of these updates. We propose a cooperative learning mechanism based on PDist, which evaluates features across three dimensions to determine whether the update is malicious or benign. Specifically, FDBA first performs clustering on PDist, and then classifies the clustering results using an additional auxiliary data to efficiently and accurately identify malicious clients. Finally, historical information is leveraged to further enhance the accuracy of the detection. We conduct extensive evaluations on three datasets, and the results show that FDBA effectively defends against both existing Byzantine and adaptive attacks. For example, under six types of Byzantine attacks, FDBA maintains the same accuracy as the global model trained with FedAvg without any attacks. Additionally, we perform evaluations on LLMs, and the results demonstrate that FDBA still achieves high accuracy under representative Byzantine attacks.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"90 ","pages":"Article 104035"},"PeriodicalIF":3.8,"publicationDate":"2025-03-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143704251","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"OCDP: An enhanced perturbation approach for data privacy protection","authors":"S. Sathiya Devi ,&nbsp;K. Jayasri","doi":"10.1016/j.jisa.2025.104046","DOIUrl":"10.1016/j.jisa.2025.104046","url":null,"abstract":"<div><div>With the exponential growth of internet and digital technology, there is a significant increase in the volume of personal data being collected, stored and shared across various platforms poses privacy risks including unauthorized access, misuse and exploitation. To mitigate these risks, effective privacy mechanisms are crucial. One such mechanism is Differential Privacy (DP) which aims to protect personal information by introducing noise into the data to obstruct individual identification. Though it effectively prevents breaches of personal information, a trade-off exists among privacy and accuracy. Additionally, DP often requires meticulous noise parameter tuning which can be complex and resource intensive. To overcome these challenges, this paper proposed the method named Opti-Cluster Differential Privacy (OCDP). The proposed OCDP is designed to automatically determine the optimal amount of noise for a dataset. The dataset is first divided into non-overlapping clusters using k-means clustering. It then employs a hybrid approach combining DP with Particle Swarm Optimization (PSO) to compute the optimal noise parameter (<em>ε</em> - epsilon) for each cluster. Based on this computed value, noise is added to each cluster and then it is merged to produce a final perturbed dataset. The Experimental results demonstrate that the proposed OCDP method achieves high privacy while being computationally efficient. The proposed OCDP method produces data with privacy percentages of 84 %, 88 %, 89 %, 85 %, 83 % and 77 % for the Heart Disease, GDM, Adult, Automobile, Thyroid Disease and Insurance datasets respectively representing 13 % (with clustering) and 50 % high (without clustering) when compared with other methods. Moreover, OCDP's computational efficiency allows for faster processing times making it reliable solution for maintaining privacy in large datasets.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"90 ","pages":"Article 104046"},"PeriodicalIF":3.8,"publicationDate":"2025-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143696629","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Compression-robust detection of Motion-Compensated Frame Interpolation using Discrete Cosine Transform in logarithm domain","authors":"Ran Li,&nbsp;Juan Dai","doi":"10.1016/j.jisa.2025.104044","DOIUrl":"10.1016/j.jisa.2025.104044","url":null,"abstract":"<div><div>Motion Compensated Frame Interpolation (MCFI) is a widely used technique to improve the frame rate of a video sequence in recent years, but it can also be used by forgers for malicious forgery, resulting in a large number of fake high-frame-rate videos. This paper presents how the Discrete Cosine Transform (DCT) is used in the logarithm domain to identify whether a video has been forged by MCFI. First, the DCT is taken on each frame in a suspect video. Then, the DCT coefficients are transformed into the logarithm domain. Finally, the mean of the logarithmic DCT coefficients is computed, and its variation over time is taken as the DCT feature to derive a classifier to realize automatic detection. Since MCFI modifies the majority of DCT coefficients in the high-frequency band, the high-frequency DCT coefficients are significantly enhanced by the logarithm transform, making the DCT feature more sensitive to MCFI modification. More importantly, it is proved through quantitative and qualitative analyses that the proposed DCT feature has the capacity for resisting lossy compression. The proposed DCT feature is used to train different classifiers with a large-scale dataset, and the extensive experiments verify that the proposed DCT feature compares favorably with the state-of-the-art methods while having the robustness to lossy compression.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"90 ","pages":"Article 104044"},"PeriodicalIF":3.8,"publicationDate":"2025-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143696628","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Non-local PPVO-based reversible data hiding using opposite direction pairwise embedding","authors":"Guojun Fan ,&nbsp;Lei Lu ,&nbsp;Xiaodong Song ,&nbsp;Zijing Li ,&nbsp;Zhibin Pan","doi":"10.1016/j.jisa.2025.104030","DOIUrl":"10.1016/j.jisa.2025.104030","url":null,"abstract":"<div><div>In recent years, pixel-value-ordering (PVO) has become a frequently used framework in which researchers have developed many novel reversible data hiding (RDH) methods. Aiming at enlarging the embedding capacity, the well-known pixel-based PVO (PPVO) was proposed. In PPVO, each pixel is predicted by a block of context pixels in its local region and the context size is fixed for each round of embedding, which makes it difficult to perform effectively for pixels located in textured regions. In this paper, firstly, we propose to acquire context pixels from the whole cover image to realize a non-local PPVO, which is implemented on a one-dimensional global sorted array obtained by our newly designed quadruple layer predictor. With the proposed predictor that has a high accuracy, the contexts used for PPVO prediction become smoother, facilitating to achieve a better performance. Secondly, by utilizing the one-dimensional property, we introduce dynamic context sizes assignment to each to-be-modified pixel, reducing the pixel numbers in smooth sequence while increasing the pixel numbers in rough sequence to enlarge embedding capacity. Thirdly, we design an opposite direction pairwise embedding scheme to improve the overall embedding performance once again, which is hard to achieve in the original PPVO because of the spatial and causal constraints. As a result, the proposed method achieves significant overall performance compared to state-of-the-art methods.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"90 ","pages":"Article 104030"},"PeriodicalIF":3.8,"publicationDate":"2025-03-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143681409","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}