Journal of Information Security and Applications最新文献

{"title":"AGentVLM: Access control policy generation and verification framework with language models","authors":"Sakuna Harinda Jayasundara ,&nbsp;Nalin Asanka Gamagedara Arachchilage ,&nbsp;Giovanni Russello","doi":"10.1016/j.jisa.2026.104379","DOIUrl":"10.1016/j.jisa.2026.104379","url":null,"abstract":"<div><div>Manual generation of access control policies from high-level organizational requirements is labor-intensive and error-prone, often leading to critical failures and data breaches. While automated frameworks have been proposed, existing approaches struggle with complex access requirements due to poor domain adaptation, limiting their accuracy. To address these challenges, we propose AGentVLM, a novel access control policy generation and verification framework based on small, open-source language models (LMs). Our framework enables its efficient on-premise deployment, preserving data confidentiality by avoiding reliance on third-party black-box LMs. AGentVLM excels in identifying natural language access control policies (NLACPs) from high-level requirements, achieving an average F1 score of 90.6 %. Unlike existing frameworks limited to generating simple policies with three components (subject, action, resource), AGentVLM effectively extracts complex elements such as purposes and conditions using an access control-specific structured information extraction technique. This method captures both word-level and semantic information at the same time from NLACPs, leading to a state-of-the-art policy generation F1 score of 80.6 %. Additionally, AGentVLM introduces a verification technique that provides actionable feedback, allowing administrators to refine inaccurate policies before deployment. To support future research, we also release two annotated datasets addressing the scarcity of domain-specific data.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"98 ","pages":"Article 104379"},"PeriodicalIF":3.7,"publicationDate":"2026-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"146039808","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A secured cryptographic approach with extreme gradient boosting model for data aggregation and routing in WSN","authors":"Ramkumar Devendiran,&nbsp;Anil V Turukmane","doi":"10.1016/j.jisa.2026.104372","DOIUrl":"10.1016/j.jisa.2026.104372","url":null,"abstract":"<div><div>An effective routing algorithm is responsible for the efficiency and security of wireless sensor networks (WSNs). There have been numerous investigations during recent periods that have attempted to enhance route security, data confidentiality, and data aggregation processes. These techniques have some significant disadvantages, including data loss, expensive temporal complexity, and vulnerability to different kinds of attacks (e.g., passive, malevolent, or aggressive attacks). The objective of this study is to develop a machine-learning algorithm for secure data aggregation and an encryption algorithm for secure routing in WSNs. Sensor nodes are initially deployed in a WSN, and nodes are thereafter grouped according to the Modified Fuzzy C-Means Clustering (MFCMC) algorithm. Subsequently, the node aggregates the data using the Extreme Gradient Boosting (XGBoost) algorithm. Thereafter, encryption is carried out using the application of the Feistel Shaped Tiny Encryption (FSTE) technique. Lastly, encrypted data is passed through a novel Opposition Learning based Honey Badger Optimization (OL_HBO) technique to choose the best route. This approach is based on parameters such as residual energy, node degree, node centrality, and distance between sensor nodes. In an evaluation setting, the proposed technique achieves an average end-to-end delay (58.73 ms), packet delivery ratio (PDR) (90.37%), throughput (253.41 kbps), encryption time (0.39 ms), and decryption time (6.1 ms). By comparing the performance of the proposed technique with other state-of-the-art approaches, the results demonstrate improved performance.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"98 ","pages":"Article 104372"},"PeriodicalIF":3.7,"publicationDate":"2026-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"146039809","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Enhancing image steganography via frequency-guided iterative optimization","authors":"Xinchen Wang ,&nbsp;Duzhong Zhang ,&nbsp;Jingwen Meng ,&nbsp;Li Li ,&nbsp;Taiyong Li","doi":"10.1016/j.jisa.2026.104391","DOIUrl":"10.1016/j.jisa.2026.104391","url":null,"abstract":"<div><div>High-accuracy image steganography aims to conceal secret binary messages within a single cover image and recover them with minimal error. However, achieving this goal entails a fundamental trade-off: methods that excel in recovery often compromise visual quality and security. Existing one-shot deep learning approaches lack flexibility for fine-grained adjustment, whereas current iterative frameworks operate without perceptual guidance. Thus, both categories are limited in their ability to achieve accurate and imperceptible data embedding. To overcome these limitations, we propose a Frequency-Guided Iterative Network (FIS) that decouples embedding into two synergistic stages: iterative spatial refinement and explicit frequency-domain optimization. FIS comprises a flexible iterative encoder, a frequency perturbation module, and a decoder with a controlled obfuscation mechanism. The encoder iteratively refines the cover image to identify more suitable embedding locations, while the frequency perturbation module guides updates toward high-frequency regions where alterations are less perceptible. The decoder incorporates an obfuscation mechanism to enhance protection against unauthorized extraction. Experimental results across three datasets demonstrate that FIS achieves improved recovery accuracy, higher invisibility, and enhanced security.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"98 ","pages":"Article 104391"},"PeriodicalIF":3.7,"publicationDate":"2026-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"146190373","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Reversible data hiding in encrypted images based on EMD and PSIS","authors":"Yuan Gao,&nbsp;Zhengxin Fu,&nbsp;Xiaopeng Li,&nbsp;Sensen Li,&nbsp;Bin Yu","doi":"10.1016/j.jisa.2026.104405","DOIUrl":"10.1016/j.jisa.2026.104405","url":null,"abstract":"<div><div>With the development of cloud computing and related technologies, Reversible Data Hiding in Encrypted Image (RDHEI) has emerged as a privacy-preserving technique that enables embedding additional data into cover image while ensuring its confidentiality. However, most existing RDHEI schemes rely on a single encrypted image, lacking fault-tolerance for both image reconstruction and data extraction. Additionally, many schemes suffer from high computational complexity and the separability of image reconstruction and data extraction. To address these limitations, in this paper, we propose two novel (<em>k, n</em>)-threshold RDHEI schemes by combining Exploiting Modification Direction (EMD) and polynomial-based secret image sharing (PSIS) techniques, achieving fault-tolerance for both image and embedded data, while improving embedding capacity and supporting lossless recovery. The first scheme, EMD-based Reversible Data Hiding with Polynomial (EMD-RDHP) scheme, employs PSIS to share the secret image and embeds secret data during the sharing process using EMD. This approach achieves high embedding capacity and high-quality image reconstruction (PSNR &gt; 53 dB, SSIM &gt; 0.99). However, it introduces slight distortion, failing to losslessly recover the secret image. To address this limitation, we further propose a Modified EMD-RDHP scheme, which records pixel modification operation in the polynomial coefficients, enabling lossless reconstruction of the secret image. Both proposed schemes support independent data extraction and image reconstruction, ensuring their separability. Experimental results demonstrate that the proposed schemes outperform existing methods in terms of fault-tolerance, embedding capacity, and computational efficiency.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"98 ","pages":"Article 104405"},"PeriodicalIF":3.7,"publicationDate":"2026-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"146190335","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A 3D chaotic map-based novel intra and inter-level bit plane image content encryption","authors":"Deepankumar S․ ,&nbsp;Rengaraj R․ ,&nbsp;Pranesh R․ ,&nbsp;Pooja Mishra ,&nbsp;Arup Kumar Pal","doi":"10.1016/j.jisa.2026.104389","DOIUrl":"10.1016/j.jisa.2026.104389","url":null,"abstract":"<div><div>In the digital communication era, protecting the confidentiality of visual data like images is done through suitable chaotic map-based pseudo sequences rather than using any standard block ciphering algorithm. The chaotic map-based image cryptosystem supports faster and more desirable image-enciphering, even in real-time scenarios. An effective chaotic map is desirable for image encryption to ensure the sensitivity property and dynamic behaviour with different seed values. Many existing chaotic map-based cryptosystems have shown poor sensitivity to the initial condition and lower dynamic behaviour with key generation algorithms. The suggested encryption process for image data exploits bit plane level content shuffling in Intra and Inter-level with a suitable 3D chaotic system to enhance security and performance. The overall iterations are significantly fewer than standard practice, even with supporting desirable cipher image formation. Further, the cipher image reveals the negligible linear relationship between the neighbouring pixels, and the change in the neighbouring pixel of the plain image reduces the chances of statistical attacks. In the experimental process, the natural grayscale and medical imaging in DICOM formats are considered during an enciphering time, where keyspace analysis reveals a large key space of 2³¹², providing strong resistance against brute-force attacks. Statistical tests show the encrypted images achieve ideal entropy values of approximately 7.999 and negligible inter-pixel correlation values of less than 0.005 in all directions. The proposed scheme also performs robustly against exhaustive attacks, noise, occlusion, and chosen plaintext attack, including differential attack analysis where NPCR is more significant than 99.6%, UACI is approximately 33.95%. The chosen plaintext attack analysis exhibits the cryptosystem’s resistance to the cryptanalysis attack. The results are comparable to some related works, indicating standard performance across multiple security metrics, and are found effective in secure image communication even with a small key size.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"98 ","pages":"Article 104389"},"PeriodicalIF":3.7,"publicationDate":"2026-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"146190387","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"MFTA-PFL : Multi-factor trust assessment-based personalized federated learning","authors":"Fahad Sabah ,&nbsp;Yuwen Chen ,&nbsp;Zhen Yang ,&nbsp;Muhammad Azam ,&nbsp;Nadeem Ahmad ,&nbsp;Raheem Sarwar","doi":"10.1016/j.jisa.2026.104388","DOIUrl":"10.1016/j.jisa.2026.104388","url":null,"abstract":"<div><div>Federated Learning (FL) has emerged as a promising approach for decentralized machine learning, enabling multiple clients to collaboratively train a global model without sharing their local data. However, challenges such as data heterogeneity, varying client reliability, and communication constraints often hinder model performance and convergence. While existing methods address aspects like resource efficiency or reputation-based selection, few integrate multi-dimensional trust evaluation in a unified framework. To bridge this gap, this paper proposes a Multi-Factor Trust Assessment based Personalized Federated Learning (MFTA-PFL). Our approach dynamically evaluates clients based on model accuracy, data quality, historical reliability, and communication metrics, assigning trust scores that determine their selection priority. By preferentially engaging higher-trust clients, MFTA-PFL enhances the robustness and efficiency of the FL process. Extensive experiments on non-IID versions of MNIST and Fashion-MNIST demonstrate that our method outperforms conventional client selection strategies, achieving superior accuracy; 98.84% on MNIST and 88.82% on Fashion-MNIST, faster convergence, and improved communication efficiency-even under adversarial conditions. These results highlight the critical role of adaptive, trust-aware client selection in building scalable and reliable FL systems.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"98 ","pages":"Article 104388"},"PeriodicalIF":3.7,"publicationDate":"2026-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"146190385","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Large language model (LLM) for software security: Code analysis, malware analysis, reverse engineering","authors":"Hamed Jelodar ,&nbsp;Samita Bai ,&nbsp;Parisa Hamedi ,&nbsp;Hesamodin Mohammadian ,&nbsp;Roozbeh Razavi-Far ,&nbsp;Ali Ghorbani","doi":"10.1016/j.jisa.2026.104390","DOIUrl":"10.1016/j.jisa.2026.104390","url":null,"abstract":"<div><div>Large Language Models (LLMs) have recently emerged as powerful tools in cybersecurity, offering advanced capabilities in malware detection, generation, and real-time monitoring. Numerous studies have explored their application in cybersecurity, demonstrating their effectiveness in identifying novel malware variants, analyzing malicious code structures, and enhancing automated threat analysis. Several transformer-based architectures and LLM-driven models have been proposed to improve malware analysis, leveraging semantic and structural insights to recognize malicious intent more accurately. This study presents a comprehensive review of LLM-based approaches in malware code analysis, summarizing recent advancements, trends, and methodologies. We examine notable scholarly works to map the research landscape, identify key challenges, and highlight emerging innovations in LLM-driven cybersecurity. Additionally, we emphasize the role of static analysis in malware detection, introduce notable datasets and specialized LLM models, and discuss essential datasets supporting automated malware research. This study serves as a valuable resource for researchers and cybersecurity professionals, offering insights into LLM-powered malware detection and defense strategies while outlining future directions for strengthening cybersecurity resilience.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"98 ","pages":"Article 104390"},"PeriodicalIF":3.7,"publicationDate":"2026-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"146190338","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Say the image: Auditory masking effect-driven invertible network for progressive image-in-audio steganography","authors":"Jinghang Song ,&nbsp;Fangyuan Gao ,&nbsp;Xin Deng ,&nbsp;Shengxi Li ,&nbsp;Mai Xu","doi":"10.1016/j.jisa.2026.104382","DOIUrl":"10.1016/j.jisa.2026.104382","url":null,"abstract":"<div><div>In this paper, we propose an auditory masking effect-driven invertible network for Hiding an Image within an Audio signal, termed as HIA-Net. Unlike the direct hiding manner, the proposed HIA-Net decomposes the image-in-audio steganography process into two cascaded stages. In the first stage, we develop a Masker Audio Extraction (MAE) algorithm to turn the original cover audio into a masker audio. The generated masker audio exhibits higher masking capability, thereby enhancing the hiding invisibility and security. Then, we design three Image-in-Audio Invertible (I-AI) sub-networks to embed the secret image into the masker audio, yielding a stego masker audio. In the second stage, an Audio-in-Audio Invertible (A-AI) sub-network is employed to further conceal the stego masker audio within the original cover audio, producing the final stego audio. During the revealing process, the reversible architecture of the proposed network first reconstructs the stego masker from the final stego audio, and then recovers the hidden image from the stego masker. Experimental results demonstrate that HIA-Net significantly outperforms other state-of-the-art image-in-audio steganography methods, achieving a significant PSNR improvement of more than 3.0 dB for secret image reconstruction on different image and audio datasets. The user study also confirms the superior imperceptibility of the stego audios. The software code is available at <span><span>https://github.com/c4Tch3r/HIANet</span><svg><path></path></svg></span>.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"98 ","pages":"Article 104382"},"PeriodicalIF":3.7,"publicationDate":"2026-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"146080981","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"FedCPP: A hybrid proactive-passive defense framework for backdoor attack mitigation in federated learning","authors":"Longhang Xu ,&nbsp;Guanxin Chen ,&nbsp;Nan Yang ,&nbsp;Yipen Liu ,&nbsp;Jianting Yuan","doi":"10.1016/j.jisa.2026.104377","DOIUrl":"10.1016/j.jisa.2026.104377","url":null,"abstract":"<div><div>Federated learning (FL), as a collaborative model training paradigm among multiple clients, is inherently susceptible to backdoor attacks due to its privacy-preserving requirements. In such attacks, adversaries embed triggers into the global model, causing it to produce targeted output when encountering specific inputs. Existing defense mechanisms are generally categorized into proactive and passive strategies. Proactive strategies, such as differential privacy and noise injection, can slightly alleviate the impact of backdoor attacks but often degrade model performance. Passive strategies, which rely on distance or similarity to detect, typically assume ideal conditions and impose strict constraints on the attacker’s data distribution and the number of malicious clients. To address these limitations, we propose FedCPP, an effective defense framework that combines the strengths of both proactive and passive strategies. Specifically, FedCPP first employs a proactive mechanism to identify critical layers targeted by backdoor attacks. It then integrates a passive defense strategy based on multi-metric evaluation, coupled with a dynamic weighted adaptive algorithm to achieve defense against backdoor attacks. Experimental results demonstrate that FedCPP effectively detects backdoor attacks in FL scenarios without constraints on the proportion of malicious participants, data distribution, or attack timing while maintaining high model accuracy. Compared to existing state-of-the-art defensive strategies, FedCPP achieves superior performance with minimal impact on the global model.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"98 ","pages":"Article 104377"},"PeriodicalIF":3.7,"publicationDate":"2026-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"146080982","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A TEE-based approach for preserving data secrecy in process mining with decentralized sources","authors":"Davide Basile ,&nbsp;Valerio Goretti ,&nbsp;Luca Barbaro ,&nbsp;Hajo A. Reijers ,&nbsp;Claudio Di Ciccio","doi":"10.1016/j.jisa.2026.104381","DOIUrl":"10.1016/j.jisa.2026.104381","url":null,"abstract":"<div><div>Process mining techniques enable organizations to gain insights into their business processes through the analysis of execution records (event logs) stored by information systems. While most process mining efforts focus on intra-organizational scenarios, many real-world business processes span multiple independent organizations. Inter-organizational process mining, though, faces significant challenges, particularly regarding confidentiality guarantees: The analysis of data can reveal information that the participating organizations may not consent to disclose to one another, or to a third party hosting process mining services. To overcome this issue, this paper presents CONFINE, an approach for secrecy-preserving inter-organizational process mining. CONFINE leverages Trusted Execution Environments (TEEs) to deploy trusted applications that are capable of securely mining multi-party event logs while preserving data secrecy. We propose an architecture supporting a four-stage protocol to secure data exchange and processing, allowing for protected transfer and aggregation of unaltered process data across organizational boundaries. To avoid out-of-memory errors due to the limited capacity of TEEs, our protocol employs a segmentation-based strategy, whereby event logs are transmitted to TEEs in smaller batches. We conduct a formal verification of our approach’s correctness alongside a security analysis on the guarantees provided by the TEE core. We test our implementation using real-world and synthetic data to assess memory usage. Our experiments show that an incremental approach to segment processing in discovery and conformance checking is preferable over non-incremental strategies as the former maintains memory usage trends within a narrow range at runtime, whereas the latter exhibit high peaks towards the end of the execution. Furthermore, our results confirm that our prototype can handle real-world workloads without out-of-memory failures. The scalability tests reveal that memory usage grows logarithmically as the event log size increases. Memory consumption grows linearly with the number of provisioning organizations, indicating potential scalability limitations and opportunities for further optimizations.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"98 ","pages":"Article 104381"},"PeriodicalIF":3.7,"publicationDate":"2026-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"146190388","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}