Journal of Information Security and Applications最新文献_第10页

CSA: Crafting adversarial examples via content and style attacks CSA：通过内容和风格攻击制作对抗性示例

IF 3.8 2区计算机科学

Journal of Information Security and Applications Pub Date : 2025-01-25 DOI: 10.1016/j.jisa.2025.103974

Wei Chen , Yunqi Zhang

{"title":"CSA: Crafting adversarial examples via content and style attacks","authors":"Wei Chen , Yunqi Zhang","doi":"10.1016/j.jisa.2025.103974","DOIUrl":"10.1016/j.jisa.2025.103974","url":null,"abstract":"<div><div>Most existing black-box attacks fall into two categories: gradient-based attacks and unrestricted attacks. The former injects adversarial perturbations into the original clean examples under the <span><math><msub><mrow><mi>L</mi></mrow><mrow><mi>p</mi></mrow></msub></math></span>-norm constraint, while the latter tends to attack by changing the shape, color, and texture of the original image. However, the adversarial examples generated by the gradient-based attacks are vulnerable to defense methods and unnatural to the human eye. Meanwhile, unrestricted attacks have poor transferability of adversarial examples compared to gradient-based attacks. Therefore, we propose a novel attack that combines gradient-based and unrestricted attacks, <em>i.e.</em>, Content and Style Attack (CSA). Specifically, we utilize an encoder to extract the content features of the original image and train a reconstructor to generate an image consistent with these features. A gradient-based method is then employed to inject perturbations, followed by using the encoder to extract the content features of the altered image. We implement a momentum-based approach to search for malicious style information, which is then fused with the adversarial content features to create the final attack features. Extensive experiments on the ImageNet standard dataset demonstrate that our method is capable of generating adversarial examples that are both natural-looking and possess high transferability.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103974"},"PeriodicalIF":3.8,"publicationDate":"2025-01-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143170128","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

An anonymous yet accountable contract wallet system using account abstraction 使用帐户抽象的匿名但可负责的合约钱包系统

IF 3.8 2区计算机科学

Journal of Information Security and Applications Pub Date : 2025-01-25 DOI: 10.1016/j.jisa.2025.103978

Kota Chin , Keita Emura , Kazumasa Omote

{"title":"An anonymous yet accountable contract wallet system using account abstraction","authors":"Kota Chin , Keita Emura , Kazumasa Omote","doi":"10.1016/j.jisa.2025.103978","DOIUrl":"10.1016/j.jisa.2025.103978","url":null,"abstract":"<div><div>Account abstraction allows a contract wallet to initiate transaction execution. Thus, account abstraction is useful for preserving the privacy of externally owned accounts (EOAs) because it can remove a transaction issued from an EOA to the contract wallet and hides who issued the transaction by additionally employing anonymous authentication procedures such as ring signatures. However, unconditional anonymity is undesirable in practice because it prevents to reveal who is accountable for a problem when it arises. Thus, maintaining a balancing between anonymity and accountability is important. In this paper, we propose an anonymous yet accountable contract wallet system. In addition to account abstraction, the proposed system also utilizes accountable ring signatures (Bootle et al., ESORICS 2015). The proposed system provides (1) anonymity of a transaction issuer that hides who agreed with running the contract wallet, and (2) accountability of the issuer, which allows the issuer to prove they agreed with running the contract wallet. Moreover, due to a security requirement of accountable ring signatures, the transaction issuer cannot claim that someone else issued the transaction. This functionality allows us to clarify the accountability involved in issuing a transaction. In addition, the proposed system allows an issuer to employ a typical signature scheme, e.g., ECDSA, together with the ring signature scheme. This functionality can be considered an extension of the common multi-signatures that require a certain number of ECDSA signatures to run a contract wallet. The proposed system was implemented using zkSync (Solidity). We discuss several potential applications of the proposed system, i.e., medical information sharing and asset management.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103978"},"PeriodicalIF":3.8,"publicationDate":"2025-01-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143170127","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Information-theoretic bounds for steganography in visual multimedia 视觉多媒体中隐写术的信息理论界限

IF 3.8 2区计算机科学

Journal of Information Security and Applications Pub Date : 2025-01-23 DOI: 10.1016/j.jisa.2025.103966

Hassan Y. El-Arsh , Amr Abdelaziz , Ahmed Elliethy , H.A. Aly , T. Aaron Gulliver

引用次数: 0

MSG: Missing-sequence generator for metamorphic malware detection 用于变形恶意软件检测的缺失序列生成器

IF 3.8 2区计算机科学

Journal of Information Security and Applications Pub Date : 2025-01-21 DOI: 10.1016/j.jisa.2024.103962

Rama Krishna Koppanati, Sateesh K. Peddoju

{"title":"MSG: Missing-sequence generator for metamorphic malware detection","authors":"Rama Krishna Koppanati, Sateesh K. Peddoju","doi":"10.1016/j.jisa.2024.103962","DOIUrl":"10.1016/j.jisa.2024.103962","url":null,"abstract":"<div><div>Metamorphic malware is a sophisticated malware that frequently modifies its code to avoid being detected by signature-based methods while maintaining the same output during the run time. Invariably, the output of the register values reflects the malware’s behavior. Therefore, capturing the output sequence from the register values of a binary is essential to identify the evolutionary relationship between the sequences, leading to effective malware detection. In other words, generating register value sequences for the malicious code in a binary, distinct or missing from benign binary, is vital to effectively detecting the typical and metamorphic malware. This paper proposes a novel <em>Missing Sequence Generator (MSG)</em> to generate features in the form of missing sequences by capturing the registers’ output sequence from a binary’s Control Flow Graph (CFG) with context, semantics, and control flow. We create a diverse and large-scale dataset of metamorphic malware using the metamorphic engine to conduct experiments. Also, we experiment with diverse non-metamorphic malware. The proposed model achieves an accuracy of 99.82% for the non-metamorphic dataset and 99.06% for the metamorphic dataset, with negligible False Positive Rates (FPRs). The proposed model outperforms the state-of-the-art models. Further, the proposed work proves its performance and effectiveness by surpassing 47 existing anti-malware.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103962"},"PeriodicalIF":3.8,"publicationDate":"2025-01-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143170131","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Real-time monitoring model of DDoS attacks using distance thresholds in Edge cooperation networks 边缘协作网络中基于距离阈值的DDoS攻击实时监控模型

IF 3.8 2区计算机科学

Journal of Information Security and Applications Pub Date : 2025-01-21 DOI: 10.1016/j.jisa.2025.103972

Mingyue Li , Liudong Zheng , Xiaoxue Ma , Shuang Li

{"title":"Real-time monitoring model of DDoS attacks using distance thresholds in Edge cooperation networks","authors":"Mingyue Li , Liudong Zheng , Xiaoxue Ma , Shuang Li","doi":"10.1016/j.jisa.2025.103972","DOIUrl":"10.1016/j.jisa.2025.103972","url":null,"abstract":"<div><div>Edge networks have an increasing demand for real-time attack detection as the duration of Distributed Denial-of-Service (DDoS) attacks decreases and causes missing of reporting insecure cases. However, the training and testing time of the existing detection model deployed on the edge server side is more expensive and cannot be well applied in practice. In this paper, we propose a real-time monitoring framework for DDoS attacks with edge server-device collaboration to solve these problems. Specifically, the edge server uses the k-means algorithm to represent the model boundaries and builds a separate group of recognition and monitoring models for each device by splitting the feature vectors. Furthermore, each device monitors the generated data in real-time through the model and submits suspicious data to the edge server for analysis. Finally, the server utilizes the k-neighbor algorithm which adds threshold selection and judgment to fine-grained identify updated benign data and specific categories of attack data. Experimental results show that the proposed scheme can effectively monitor benign data and attack data and identify attack types while the train time, test time and storage cost are less than that of the centralized model.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103972"},"PeriodicalIF":3.8,"publicationDate":"2025-01-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143170756","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

FRAPE: A Framework for Risk Assessment, Prioritization and Explainability of vulnerabilities in cybersecurity FRAPE：网络安全漏洞风险评估、优先排序和可解释性框架

IF 3.8 2区计算机科学

Journal of Information Security and Applications Pub Date : 2025-01-20 DOI: 10.1016/j.jisa.2025.103971

F.R. Parente, Emanuel B. Rodrigues, César L.C. Mattos

{"title":"FRAPE: A Framework for Risk Assessment, Prioritization and Explainability of vulnerabilities in cybersecurity","authors":"F.R. Parente, Emanuel B. Rodrigues, César L.C. Mattos","doi":"10.1016/j.jisa.2025.103971","DOIUrl":"10.1016/j.jisa.2025.103971","url":null,"abstract":"<div><div>Inadequate Vulnerability Management (VM) techniques, relying solely on metrics such as the Common Vulnerability Scoring System (CVSS), may lead to overestimating the risk of vulnerability exploitation. This work presents FRAPE, a novel Risk-Based Vulnerability Management (RBVM) framework designed to help analysts classify and prioritize the remediation of security flaws. FRAPE combines a labeling technique called Active Learning (AL) with a Supervised Learning approach to create a Machine Learning model capable of emulating the experience of security experts in assessing vulnerability risk. The framework includes four main modules: Data Collection, which gathers essential information for risk assessment; Vulnerability Labeling, where vulnerabilities are labeled via AL based on significant characteristics; Classification and Prioritization, which categorizes vulnerabilities and prioritizes them for remediation based on the estimated risk; and Explainability of Results, which offers a detailed analysis of why vulnerabilities are considered critical. Additionally, we implemented a computer network simulator capable of comparing the effectiveness of different VM classification and prioritization techniques. The performed experiments indicate that FRAPE outperforms the use of CVSS in VM and correctly classifies 88% of critical vulnerabilities, which is comparable to the performance obtained by security analysts.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103971"},"PeriodicalIF":3.8,"publicationDate":"2025-01-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143170132","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Laconic updatable private set intersection 简洁可更新的私有集合交集

IF 3.8 2区计算机科学

Journal of Information Security and Applications Pub Date : 2025-01-16 DOI: 10.1016/j.jisa.2025.103969

Xiangqian Kong , Lanxiang Chen , Yizhao Zhu , Yi Mu

{"title":"Laconic updatable private set intersection","authors":"Xiangqian Kong , Lanxiang Chen , Yizhao Zhu , Yi Mu","doi":"10.1016/j.jisa.2025.103969","DOIUrl":"10.1016/j.jisa.2025.103969","url":null,"abstract":"<div><div>A laconic private set intersection (PSI) protocol features a two-round communication process with an initial message that remains independent of the set sizes. It is useful for efficiently matching large server sets with smaller client sets without multiple rounds of interaction. The previous work by Aranha et al. (CCS’22) demonstrated superior efficiency but relied on a trusted third party to generate a secret value <span><math><mi>s</mi></math></span> and all its powers, denoted as <span><math><mrow><mo>(</mo><mi>g</mi><mo>,</mo><msup><mrow><mi>g</mi></mrow><mrow><mi>s</mi></mrow></msup><mo>,</mo><mo>…</mo><mo>,</mo><msup><mrow><mi>g</mi></mrow><mrow><msup><mrow><mi>s</mi></mrow><mrow><mn>2</mn></mrow></msup></mrow></msup><mo>,</mo><mo>…</mo><mo>,</mo><msup><mrow><mi>g</mi></mrow><mrow><msup><mrow><mi>s</mi></mrow><mrow><mrow><mo>|</mo><mi>X</mi><mo>|</mo></mrow></mrow></msup></mrow></msup><mo>)</mo></mrow></math></span>, where <span><math><mrow><mo>|</mo><mi>X</mi><mo>|</mo></mrow></math></span> represents the size of the receiver’s set <span><math><mi>X</mi></math></span>. However, these protocols did not address the practical need for updatable sets for both the receiver and sender, which implies the ability to add new elements, delete existing ones, or update an element by deleting it and subsequently adding a new one. In our work, we present an updatable private set intersection protocol that eliminates the need for a trusted third party. Our approach achieves constant communication complexity from the receiver to the sender and linear complexity from the sender to the receiver while partially hiding the size of the receiver’s set. We first establish an efficient PSI protocol and then propose two variants that allow both parties to modify their sets. Additionally, we prove the security of our proposed protocol against semi-honest participants within our security model.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103969"},"PeriodicalIF":3.8,"publicationDate":"2025-01-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143170669","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Severity-based triage of cybersecurity incidents using kill chain attack graphs 使用杀伤链攻击图对网络安全事件进行基于严重程度的分类

IF 3.8 2区计算机科学

Journal of Information Security and Applications Pub Date : 2025-01-16 DOI: 10.1016/j.jisa.2024.103956

Lukáš Sadlek , Muhammad Mudassar Yamin , Pavel Čeleda , Basel Katt

{"title":"Severity-based triage of cybersecurity incidents using kill chain attack graphs","authors":"Lukáš Sadlek , Muhammad Mudassar Yamin , Pavel Čeleda , Basel Katt","doi":"10.1016/j.jisa.2024.103956","DOIUrl":"10.1016/j.jisa.2024.103956","url":null,"abstract":"<div><div>Security teams process a vast number of security events. Their security analysts spend considerable time triaging cybersecurity alerts. Many alerts reveal incidents that must be handled first and escalated to the more experienced staff to allow appropriate responses according to their severity. The current state requires an automated approach, considering contextual relationships among security events, especially detected attack tactics and techniques. In this paper, we propose a new graph-based approach for incident triage. First, it generates a kill chain attack graph from host and network data. Second, it creates sequences of detected alerts that could represent ongoing multi-step cyber attacks and matches them with the attack graph. Last, it assigns severity levels to the created sequences of alerts according to the most advanced kill chain phases that were used and the criticality of assets. We implemented the approach using the MulVAL attack graph generator and generation rules for MITRE ATT&CK techniques. The evaluation was accomplished in a testbed where multi-step attack scenarios were executed. Classification of sequences of alerts based on computed match scores obtained 0.95 area under the receiver operating characteristic curve in a feasible time. Moreover, a threshold exists for classifying 80% of positive sequences correctly and only a small percentage of negative sequences wrongly. Therefore, the approach selects malicious sequences of alerts and significantly improves incident triage.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103956"},"PeriodicalIF":3.8,"publicationDate":"2025-01-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143170671","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

MLPN: Multi-Scale Laplacian Pyramid Network for deepfake detection and localization MLPN：用于深度伪造检测和定位的多尺度拉普拉斯金字塔网络

IF 3.8 2区计算机科学

Journal of Information Security and Applications Pub Date : 2025-01-14 DOI: 10.1016/j.jisa.2025.103965

Yibo Zhang , Weiguo Lin , Junfeng Xu , Wanshang Xu , Yikun Xu

引用次数: 0

A pairing-free proxy re-encryption scheme suitable for cloud medical information systems 一种适用于云医疗信息系统的无配对代理重加密方案

IF 3.8 2区计算机科学

Journal of Information Security and Applications Pub Date : 2025-01-14 DOI: 10.1016/j.jisa.2025.103967

Han Zhou , Lunzhi Deng , Yaying Wu , Sihua Zhou

{"title":"A pairing-free proxy re-encryption scheme suitable for cloud medical information systems","authors":"Han Zhou , Lunzhi Deng , Yaying Wu , Sihua Zhou","doi":"10.1016/j.jisa.2025.103967","DOIUrl":"10.1016/j.jisa.2025.103967","url":null,"abstract":"<div><div>The cloud medical information system provides a platform for patients and doctors to share data. Patients send files containing personal medical data to cloud storage, which can reduce their own storage burden and facilitate other doctors’ access to data files. To ensure the privacy of sensitive information deposited in the communal network platform, patients should encrypt their data before submitting it to the network platform. Nevertheless, the effective sharing of encrypted data in the public cloud brings us new challenges. Proxy re-encryption (PRE) supports a proxy, who is unable to decrypt the original ciphertext, converts the original ciphertext to a new ciphertext using the re-encryption key, and the new receiver can decrypt the new ciphertext to obtain plaintext. In this article, we design a new PRE programme for cloud medical information systems. There are two merits in the new scheme. To begin with, it is indistinguishable against chosen-ciphertext attacks secure and is resistant to collusion attacks, which means that the proxy is incompetent to acquire data owner’s secret key even if he colludes with data receiver. Secondly, it has higher computational efficiency compared to other schemes because it does not use bilinear pairing operations.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103967"},"PeriodicalIF":3.8,"publicationDate":"2025-01-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143170670","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0