{"title":"Detecting audio splicing forgery: A noise-robust approach with Swin Transformer and cochleagram","authors":"Tolgahan Gulsoy , Elif Kanca Gulsoy , Arda Ustubioglu , Beste Ustubioglu , Elif Baykal Kablan , Selen Ayas , Guzin Ulutas , Gul Tahaoglu , Mohamed Elhoseny","doi":"10.1016/j.jisa.2025.104130","DOIUrl":"10.1016/j.jisa.2025.104130","url":null,"abstract":"<div><div>Audio splicing forgery involves cutting specific parts of an audio recording and inserting or combining them into another audio recording. This manipulation technique is often used to create misleading or fake audio content, particularly in digital media environments. The detection of audio splicing forgery is of great importance, especially in forensic analysis, security applications and media verification processes. In this paper, we present a novel noise robust method for detecting audio splicing forgery. The proposed method converts audio signals into cochleagram images, which are then input into SWIN transformer model for training. Following the training process, the model classifies and labels test audio files as either original or fake. In the experiments, the method is tested on data sets of varying durations. The results demonstrate high performance across different datasets, both without and with Gaussian noise, as well as under real-world environmental noise attacks with varying audio durations. For example, under 30 dB noise condition on 2-second data segments, the model achieved an accuracy of 94.33%, precision of 96.46%, recall of 92.90%, and an F1-score of 94.65%. For rain noise condition, the proposed method achieves the highest accuracy of 93.26%, precision of 99.83%, and F1-score of 95.48% .</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104130"},"PeriodicalIF":3.8,"publicationDate":"2025-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144517765","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Secure order based voting using distributed tallying","authors":"Tamir Tassa , Lihi Dery , Arthur Zamarin","doi":"10.1016/j.jisa.2025.104141","DOIUrl":"10.1016/j.jisa.2025.104141","url":null,"abstract":"<div><div>Electronic voting systems have significant advantages in comparison with physical voting systems. One of the main challenges in e-voting systems is to secure the voting process: namely, to certify that the computed results are consistent with the cast ballots and that the voters’ privacy is preserved. We propose herein a secure voting protocol for elections that are governed by order-based voting rules. Our protocol, in which the tallying task is distributed among several independent talliers, offers perfect ballot secrecy in the sense that it issues only the required output while no other information on the cast ballots is revealed. Such perfect secrecy, achieved by employing secure multiparty computation tools, may increase the voters’ confidence and, consequently, encourage them to vote according to their true preferences. We implemented a demo of a voting system that is based on our protocol and we describe herein the system’s components and its operation. Our implementation demonstrates that our secure order-based voting protocol can be readily implemented in real-life large-scale electronic elections.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104141"},"PeriodicalIF":3.8,"publicationDate":"2025-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144517766","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Xiaoyi Ge , Xiongwei Zhang , Meng Sun , Yimin Wang , Li Li , Kunkun SongGong
{"title":"Cross-domain redundancy exploration by a deep encoder–decoder network for speech steganography","authors":"Xiaoyi Ge , Xiongwei Zhang , Meng Sun , Yimin Wang , Li Li , Kunkun SongGong","doi":"10.1016/j.jisa.2025.104150","DOIUrl":"10.1016/j.jisa.2025.104150","url":null,"abstract":"<div><div>The technique of speech steganography involves embedding messages within openly transmitted speech channels without arousing suspicion. Nevertheless, current methods for embedding speech in speech suffer from weak imperceptibility and low message speech intelligibility. In this paper, we introduce a novel approach that explores cross-domain redundancy by leveraging a deep encoder–decoder neural network architecture to embed Mel-spectrograms into magnitude spectrograms. Specifically, the message is transformed into its Mel-spectrogram, while the cover is transformed into its magnitude spectrogram. Subsequently, the Mel-spectrogram is embedded as residuals in the magnitude spectrogram through an encoder known as the spectrogram super-resolution network (SSRN). Upon receiving the stego, a decoder network recoveres the Mel-spectrograms of the messages, and a high-fidelity HiFi-GAN vocoder then recovers the message waveform. The encoder–decoder network’s parameters are optimized to ensure imperceptibility and high quality. To validate the superiority of our proposed method, we compare it with recently proposed baselines using common databases such as the LJ Speech and VCTK datasets. Experimental results demonstrate that our method achieves SNRs of 33.83 dB and 30.28 dB for the cover signals on these two datasets, respectively. Furthermore, both the content and speaker identity of the recovered messages are well preserved, and the experiments also confirm the robustness against noises and the security of our approach.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104150"},"PeriodicalIF":3.8,"publicationDate":"2025-06-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144517446","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pengbo Liu , Lin Teng , Herbert Ho-Ching Iu , Mingxu Wang , Qi Li , Xianping Fu
{"title":"High sensitivity image encryption algorithm based on cascaded chaotic system","authors":"Pengbo Liu , Lin Teng , Herbert Ho-Ching Iu , Mingxu Wang , Qi Li , Xianping Fu","doi":"10.1016/j.jisa.2025.104153","DOIUrl":"10.1016/j.jisa.2025.104153","url":null,"abstract":"<div><div>Chaotic systems are widely used in cryptography due to their complexity and unpredictability. This paper proposes a novel power exponential chaotic system (PECS), which gives the system better cryptographic properties than the classical and newest ones through the experimental results shown. Furthermore, the systems are applied to a new encryption method to improve the security and robustness of image communication. First, the initial parameters and key stream are perturbed by plaintext information. Then, block the plaintext image with a modified chaotic sequence and carry out the dynamic diffusion on the scrambled pixels to obtain the encrypted image. Among them, one of the interference values in diffusion is the dynamic ciphertext pixel selected by the previous diffusion pixel and chaos interference value. Both the scrambling and diffusion phases incorporate interference from the plaintext and intermediate ciphertext pixels. Therefore, the proposed algorithm has high plaintext information sensitivity to better defend chosen-plaintext attacks. Experimental analysis shows that the metrics such as Entropy (IE), Unified Average Changing Intensity (UACI), Shannon entropy et al. of our algorithm are all close to ideal results, demonstrating its ability to resist cryptographic attacks.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104153"},"PeriodicalIF":3.8,"publicationDate":"2025-06-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144517445","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Deyu Tong , Hongxin Han , Can Li , Fengting Wang , Weilong Kong , Na Ren
{"title":"ConZWNet: A contrastive learning-based zero-watermarking network for high robustness and distinguishability","authors":"Deyu Tong , Hongxin Han , Can Li , Fengting Wang , Weilong Kong , Na Ren","doi":"10.1016/j.jisa.2025.104139","DOIUrl":"10.1016/j.jisa.2025.104139","url":null,"abstract":"<div><div>Zero-watermarking is an effective solution for image copyright protection without altering the original content. However, current deep learning-based methods suffer from two key limitations. First, most feature extraction networks, originally designed for classification, lack robust feature learning essential for resisting attacks. Second, conventional methods seldom incorporate the generated watermark back into training, missing opportunities to further optimize the model. To address these issues, we propose ConZWNet, a two-stage framework that integrates contrastive learning with feedback-driven zero-watermark generation. In the first stage, we use ConvNeXt to learn invariant, attack-resistant features via contrastive learning on weak–strong augmentation. In the second stage, a residual network coupled with a Multi-Layer Perceptron (MLP) fuses features from host and copyright images to produce a latent zero-watermark, which is then verified by an MLP-based copyright identification network. This feedback loop optimizes feature fusion and transforms zero-watermark generation into a self-supervised process. Extensive experiments demonstrate that ConZWNet achieves state-of-the-art robustness against various attacks while ensuring high distinguishability among host images and copyrights. Ablation studies confirm the effectiveness of components, including two-stage architecture, contrastive learning, weak–strong augmentation, and copyright identification network. The source code is publicly available at <span><span>https://github.com/hanhongxin1028/ConZWNet</span><svg><path></path></svg></span>.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104139"},"PeriodicalIF":3.8,"publicationDate":"2025-06-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144501975","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"SESIV: Secure and efficient smart contract based integrity verification of outsourced data","authors":"Partha Sarathi Chakraborty, Somanath Tripathy","doi":"10.1016/j.jisa.2025.104121","DOIUrl":"10.1016/j.jisa.2025.104121","url":null,"abstract":"<div><div>Securing remote data storage is a serious concern in cloud computing. Though it provides cost-saving benefits for data owners, it poses security risks due to losing physical control over data. As a result, ensuring data integrity through auditing services becomes essential while preserving privacy. Therefore, researchers propose many public data auditing schemes using third-party auditors to alleviate computational burdens on the user side. However, a concern in the public auditing approach is the susceptibility to malicious behaviour of third-party auditors, which might compromise the accuracy and timeliness of auditing results. Existing solutions built upon RSA signatures and bilinear pairings often incur substantial computation and communication costs, rendering their integrity verification models inefficient and impractical. Recent proposals have used blockchain technology for public auditing schemes to address these challenges. This work presents a secure and efficient privacy-preserving data integrity verification model using smart contract, for outsourced data. Further, we extend the proposed scheme to support multiple owners, batch integrity verification, and dynamic auditing. The proposed scheme leverages digital signatures and public-key cryptography to ensure data integrity and secure authentication. The key aspect of the proposed scheme is to validate data integrity with minimal computational overhead for the auditor with a verification time of 0.143 ms (independent of the number of shard messages <span><math><mi>n</mi></math></span> and number of challenge blocks <span><math><mi>c</mi></math></span>), which is 33.33% lower than that of WWH scheme. The security analysis and implementation result show that the proposed scheme is secure and efficient.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104121"},"PeriodicalIF":3.8,"publicationDate":"2025-06-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144470932","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Jan von der Assen , Chao Feng , Alberto Huertas Celdrán , Róbert Oleš , Gérôme Bovet , Burkhard Stiller
{"title":"GuardFS: A file system for integrated detection and mitigation of Linux-based ransomware","authors":"Jan von der Assen , Chao Feng , Alberto Huertas Celdrán , Róbert Oleš , Gérôme Bovet , Burkhard Stiller","doi":"10.1016/j.jisa.2025.104078","DOIUrl":"10.1016/j.jisa.2025.104078","url":null,"abstract":"<div><div>Although ransomware has received broad attention in media and research, this evolving threat vector still poses a systematic threat. Related literature has explored their detection using various approaches leveraging Machine and Deep Learning. While these approaches are effective in detecting malware, they do not answer how to use this intelligence to protect against threats, raising concerns about their applicability in a hostile environment. Solutions that focus on mitigation rarely explore how to prevent and not just alert or halt its execution, especially when considering Linux-based samples. This paper presents <em>GuardFS</em>, a file system-based approach to investigate the integration of detection and mitigation of ransomware. Using a bespoke overlay file system, data is extracted before files are accessed. Models trained on this data are used by three novel defense configurations that obfuscate, delay, or track access to the file system. The experiments on <em>GuardFS</em> test the configurations in a reactive setting. The results demonstrate that although data loss cannot be completely prevented, it can be significantly reduced. Usability and performance analysis demonstrate that the defense effectiveness of the configurations relates to their impact on resource consumption and usability.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104078"},"PeriodicalIF":3.8,"publicationDate":"2025-06-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144470933","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Yijie Lin , Chia-Chen Lin , Ching-Chun Chang , Chin‐Chen Chang
{"title":"Hiding information in encrypted images with (t, n) secret sharing for IoT and cloud services","authors":"Yijie Lin , Chia-Chen Lin , Ching-Chun Chang , Chin‐Chen Chang","doi":"10.1016/j.jisa.2025.104137","DOIUrl":"10.1016/j.jisa.2025.104137","url":null,"abstract":"<div><div>Privacy and security concerns have emerged with the rapid advancement of information technology and the exponential growth in data storage and cloud services. This paper addresses these issues in the context of the Internet of Things (IoT) and cloud services. Focusing on reversible data hiding in encrypted images (RDHEI), the study presents an innovative scheme based on (<em>t, n</em>) secret sharing using an expandable magic matrix-based data hiding, which offers flexible security levels. The scheme is designed to withstand hacker attacks by effectively dispersing risks through secret sharing, dividing the data into multiple shares. This ensures that leaking fewer than <em>t</em> shares does not compromise the entire data and provides a flexible parameter scheme. The use of the expandable magic matrix enhances both the embedding capacity and security, demonstrating the robustness of the proposed RDHEI scheme in protecting data in the digital age. Furthermore, our approach encrypts images at the IoT gateway rather than at the cloud server, enabling content owners to assert ownership claims—an ability not available in previous schemes. Experimental results confirm that our scheme maintains a constant concealment capacity of up to 4 bits per pixel (bpp), while safeguarding the confidentiality of the hidden data and preserving the randomness of the generated shares.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104137"},"PeriodicalIF":3.8,"publicationDate":"2025-06-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144338630","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Luis Ibanez-Lissen , Lorena Gonzalez-Manzano , Jose Maria de Fuentes , Nicolas Anciaux
{"title":"LPASS: Linear Probes as Stepping Stones for vulnerability detection using compressed LLMs","authors":"Luis Ibanez-Lissen , Lorena Gonzalez-Manzano , Jose Maria de Fuentes , Nicolas Anciaux","doi":"10.1016/j.jisa.2025.104125","DOIUrl":"10.1016/j.jisa.2025.104125","url":null,"abstract":"<div><div>Large Language Models (LLMs) are being extensively used for cybersecurity purposes. One of them is the detection of vulnerable codes. For the sake of efficiency and effectiveness, compression and fine-tuning techniques are being developed, respectively. However, they involve spending substantial computational efforts. In this vein, we analyze how Linear Probes (LPs) can be used to provide an estimation on the performance of a compressed LLM at an early phase — before fine-tuning. We also show their suitability to set the cut-off point when applying layer pruning compression. Our approach, dubbed <span><math><mrow><mi>L</mi><mi>P</mi><mi>A</mi><mi>S</mi><mi>S</mi></mrow></math></span>, is applied in BERT and Gemma for the detection of 12 of MITRE’s Top 25 most dangerous vulnerabilities on 480k C/C++ samples. LPs can be computed in 142.97 s. and provide key findings: (1) 33.3 % and 72.2% of layers can be removed, respectively, with no precision loss; (2) they provide an early estimate of the post-fine-tuning and post-compression model effectiveness, with 3% and 8.68% as the lowest and average precision errors, respectively. <span><math><mrow><mi>L</mi><mi>P</mi><mi>A</mi><mi>S</mi><mi>S</mi></mrow></math></span>-based LLMs outperform the state of the art, reaching 86.9% of accuracy in multi-class vulnerability detection. Interestingly, <span><math><mrow><mi>L</mi><mi>P</mi><mi>A</mi><mi>S</mi><mi>S</mi></mrow></math></span>-based compressed versions of Gemma outperform the original ones by 1.6% of F1-score at a maximum while saving 29.4 % and 23.8% of training and inference time and 42.98% of model size.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104125"},"PeriodicalIF":3.8,"publicationDate":"2025-06-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144335978","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Afamefuna P. Umejiaku, Moroti Sonde, Victor S. Sheng
{"title":"Enhancing password security with honeywords and LLMs","authors":"Afamefuna P. Umejiaku, Moroti Sonde, Victor S. Sheng","doi":"10.1016/j.jisa.2025.104129","DOIUrl":"10.1016/j.jisa.2025.104129","url":null,"abstract":"<div><div>The increasing sophistication of cyber threats has amplified the need for innovative solutions to secure authentication systems. Honeywords, disguised credentials designed to detect unauthorized access, play a crucial role in cybersecurity by serving as early warning mechanisms. However, traditional honeyword generation methods often struggle with high false-positive and False-Negative Probability, limiting their effectiveness against advanced attackers. This study explores the integration of Large Language Models (LLMs) into password and honeyword generation systems. Leveraging LLMs’ natural language processing capabilities, we propose a novel framework for creating secure, user-friendly passwords and realistic honeywords. Our approach introduces multi-word, context-aware decoy generation, enhancing the indistinguishability of honeywords from genuine credentials. Empirical evaluations demonstrate significant improvements in performance metrics. Our model achieves a false negative probability (<span><math><mrow><mi>F</mi><mi>N</mi><mi>P</mi><mrow><mo>(</mo><mi>B</mi><mo>)</mo></mrow></mrow></math></span>) of 0.33944, outperforming existing methods such as the Tweaking Path Model (0.54), the Deep Tweak Model (0.56), and the Chunk-Level GPT3 (0.58). Furthermore, it achieves a near-perfect false positive probability (<span><math><mrow><mi>F</mi><mi>P</mi><mi>P</mi><mrow><mo>(</mo><mi>A</mi><mo>)</mo></mrow></mrow></math></span>) of <span><math><mo><</mo></math></span>0.01, surpassing all compared algorithms. This research highlights the transformative potential of LLMs in enhancing authentication security. By addressing the limitations of traditional honeyword systems and introducing scalable, customizable solutions, this work contributes to the development of next-generation robust cybersecurity frameworks capable of countering evolving threats.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104129"},"PeriodicalIF":3.8,"publicationDate":"2025-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144321853","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}