{"title":"Beyond known threats: A novel strategy for isolating and detecting unknown malicious traffic","authors":"Qianwei Meng, Qingjun Yuan, Xiangbin Wang, Yongjuan Wang, Guangsong Li, Yanbei Zhu, Siqi Lu","doi":"10.1016/j.jisa.2024.103920","DOIUrl":"10.1016/j.jisa.2024.103920","url":null,"abstract":"<div><div>Traditional network intrusion detection systems excel at screening known attack types, but face significant challenges when dealing with unseen malicious traffic, often misclassifying such novel attacks into known classes. Existing unknown malicious traffic detection methods frequently fail to effectively control the distribution of known classes in the representation space and do not reserve sufficient representation space for unknown malicious traffic, blurring the boundaries between known and unknown traffic classifications. Furthermore, because known traffic types are centrally distributed within the representation space, whereas unknown malicious traffic types are scattered throughout, additional constraint processing of hard samples is required. To this end, we propose a one-class classification model for unknown malicious traffic called OC-MAL. The core of OC-MAL is to make full use of hard samples to force constraints on the distribution of the known classes in the representation space, separating the unknown and known classes well and realizing the accurate detection of unknown malicious traffic. We fuse a Deep SVDD and an autoencoder in which the reconstruction loss ensures that the latent variables of known classes retain rich category information and the distance loss ensures that known classes are tightly clustered at the center of a hypersphere in representation space. Moreover, the two are combined to further improve the discriminative power on unknown malicious traffic. We evaluated the OC-MAL model on a public malicious traffic dataset. The results showed that it achieves an average AUC value of 95.16% on the malicious traffic dataset, outperforming other state-of-the-art methods.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103920"},"PeriodicalIF":3.8,"publicationDate":"2024-12-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143171129","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"MSD-CDRL: A generic fusion detection framework for logic covert attack towards cyber-physical system security","authors":"Lianpeng Li , Saifei Liu","doi":"10.1016/j.jisa.2024.103947","DOIUrl":"10.1016/j.jisa.2024.103947","url":null,"abstract":"<div><div>Cyber-physical systems (CPSs) enable the integrated design of computing, communication, and physical systems, making the system more reliable, efficient, and collaborative in real time, with important and widespread applications. However, they have serious vulnerabilities to logic covert attacks (LCAs), while few existing approaches focus on LCAs. This paper developed a generic fusion detection framework that combines a mean standard deviation (MSD) module and a constrained deep reinforcement learning (CDRL) approach for CPSs. The MSD module is used to extract the fluctuation and trend characteristics of sensor measurements. Meanwhile, we use the CPS model in the DRL training process, which reduces the computational complexity and speeds up the convergence of the DRL. By establishing the physical platform and co-simulation system, the superior performance of MSD-CDRL has been demonstrated compared with three state-of-the-art methods (composite deep learning, observed Petri Nets, and DRL). Experimental results indicated that the ability of MSD-CDRL in detection accuracy has been increased significantly and the detection efficiency is 60 % higher than the existing verification methods.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103947"},"PeriodicalIF":3.8,"publicationDate":"2024-12-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143170754","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"COLM under attack: A cryptanalytic exploration of COLM variants","authors":"Debasmita Chakraborty, Mridul Nandi","doi":"10.1016/j.jisa.2024.103936","DOIUrl":"10.1016/j.jisa.2024.103936","url":null,"abstract":"<div><div>Authenticated Encryption with Associated Data (AEAD) schemes have become a powerful solution for addressing contemporary security challenges. Within the recipients of recognition from the CAESAR competition, <span>COLM</span> AEAD emerges as a distinctive focus of interest within the realm of cryptanalysis. It draws significant attention, specifically in the context of endeavors related to universal forgery, retrieval of plaintext, and the exploration of tag guessing attacks. Recently, Ulusoy et al. (JISA 2022) proposed attacks on <span>COLM</span> by constructing simulation models of the encryption or decryption oracles of the underlying block cipher (SEBC or SDBC). To counter these attacks, they also suggested potential enhancements for <span>COLM</span>. Thus, this paper aims to delve into the security aspects of those variants of <span>COLM</span> discussed by Ulusoy et al. (JISA 2022). In this paper, firstly, we construct SEBC and SDBC of <span>COLM</span> with a generalized linear mixing function and propose all three types of attacks using SEBC and SDBC. While Datta et al. (IACR ToSC 2017) previously investigated the INT-RUP security of <span>COLM</span> with a generalized linear mixing function, the construction of SEBC/SDBC for such a scenario remained an open question until now. Additionally, we present a new SEBC/SDBC construction of <span>COLM</span> where the whitening mask <span><math><mi>L</mi></math></span> is encrypted using a separate key distinct from the main key. Furthermore, we consider situations where the masking values in the associated data processing are altered, preventing conventional methods like Lu’s (ASIACCS 2017) from recovering <span><math><mi>L</mi></math></span>. Nevertheless, we propose an alternative method to recover <span><math><mi>L</mi></math></span>, facilitating cryptanalysis of this particular variant of <span>COLM</span>. This analysis sheds light on the security strengths and vulnerabilities of these variants, offering valuable insights for further advancements in <span>COLM</span>.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103936"},"PeriodicalIF":3.8,"publicationDate":"2024-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143170753","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Xiaohan Wan , Hao Lin , Mingqiang Wang , Wenting Shen
{"title":"Hierarchical Threshold Multi-Key Fully Homomorphic Encryption","authors":"Xiaohan Wan , Hao Lin , Mingqiang Wang , Wenting Shen","doi":"10.1016/j.jisa.2024.103919","DOIUrl":"10.1016/j.jisa.2024.103919","url":null,"abstract":"<div><div>Fully Homomorphic Encryption (FHE) supports computation on encrypted data without the need for decryption, thereby enabling secure outsourcing of computing to an untrusted cloud. Subsequently, motivated by application scenarios where private information is offered by different data owners, Multi-Key Fully Homomorphic Encryption (MKFHE) and Threshold Fully Homomorphic Encryption (ThFHE) were successively introduced. However, both MKFHE and ThFHE have some limitations: MKFHE requires the participation of all members during the decryption process and does not support decryption using a subset of members, while ThFHE requires pre-fixed participants and does not support dynamic joining or exiting.</div><div>To address these limitations, in this paper, we propose a new notion called Hierarchical Threshold Multi-key Fully Homomorphic Encryption (HTM-FHE), which combines the features of MKFHE and ThFHE, incorporating the advantages of both. Then we provide the first construction of HTM-FHE based on lattice, denoted as <span><math><mrow><mi>HTM</mi><mtext>-</mtext><mi>TFHE</mi></mrow></math></span>. Our scheme can evaluate a binary gate on ciphertexts encrypted under different groups’ public keys followed by a bootstrapping procedure. The semantic and simulation security of <span><math><mrow><mi>HTM</mi><mtext>-</mtext><mi>TFHE</mi></mrow></math></span> is proven under the LWE assumption. Furthermore, <span><math><mrow><mi>HTM</mi><mtext>-</mtext><mi>TFHE</mi></mrow></math></span> supports fine-grained access control for encrypted data, which provides benefits in practical applications.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103919"},"PeriodicalIF":3.8,"publicationDate":"2024-12-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142759297","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Color image encryption algorithm based on hybrid chaos and layered strategies","authors":"YongHui Huang, QiLin Zhang, YongBiao Zhao","doi":"10.1016/j.jisa.2024.103921","DOIUrl":"10.1016/j.jisa.2024.103921","url":null,"abstract":"<div><div>As the need for information security grows, chaotic system-based digital image encryption algorithms have gained considerable interest in recent years. However, many existing algorithms rely solely on a single chaotic mapping for pixel or bit-plane encryption. While these methods provide a certain level of security, there is still room for improvement, particularly in enhancing encryption depth. This paper proposes a color image encryption algorithm based on hybrid chaos and layered strategies to address this issue. First, We confirm the strong chaotic behavior of the newly introduced Chebyshev–Tent (CT) mapping through a detailed analysis of its chaotic properties, including the Lyapunov exponent, bifurcation diagram, NIST SP 800-22 test, sample entropy analysis, 0–1 test analysis, and sensitivity to initial conditions. The chaotic sequences generated by CT and Sine-Tent-Cosine (STC) mapping are then jointly incorporated into the scrambling and diffusion processes. Furthermore, to enhance the randomness of the scrambling process, we present a chaotic Fisher–Yates scrambling algorithm based on chaotic sequences to scramble different layers of the image. This layered encryption approach, which combines the advantages of multiple chaotic mappings, not only improves encryption depth but also increases complexity across different image dimensions. The experimental results and security assessments demonstrate the robustness and reliability of the proposed algorithm.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103921"},"PeriodicalIF":3.8,"publicationDate":"2024-12-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142759390","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Efficient and verifiable keyword search over public-key ciphertexts based on blockchain","authors":"Min Han, Peng Xu","doi":"10.1016/j.jisa.2024.103924","DOIUrl":"10.1016/j.jisa.2024.103924","url":null,"abstract":"<div><div>Public-key encryption with keyword search (PEKS) is a powerful cryptographic primitive that enables a receiver to search keywords over ciphertexts hosted on an honest-but-curious server in the asymmetric-key setting while hiding the keywords from the server. Many researchers have devoted their efforts to achieving expressive search, security against keyword guessing attacks, and efficient search performance. However, until now, no effective PEKS scheme can achieve verifiable search completeness in the standard PEKS security model. In practice, the server may intentionally or unintentionally lose the receivers’ data. Hence, verifiable search completeness is essential for receivers to audit the service quality of the server. To address this problem, this work develops a blockchain-based PEKS framework. This framework only utilizes the distributed ledger role of the blockchain, making it general. Additionally, we find that existing PEKS schemes cannot be efficiently deployed into the framework due to the inefficient use of randomness, which increases the ciphertext sizes. To tackle this problem, we utilize randomness reuse technique to propose a novel PEKS scheme. The proposed scheme achieves linear search complexity with respect to the total number of files in the dataset. To demonstrate the efficiency of our scheme, we perform comprehensive experiments to evaluate it and three other state-of-the-art schemes. The experimental results show that our PEKS scheme is superior to existing PEKS schemes in both the encryption and search phases and significantly reduces the sizes of generated ciphertexts.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103924"},"PeriodicalIF":3.8,"publicationDate":"2024-12-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142759391","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Deepfakes in digital media forensics: Generation, AI-based detection and challenges","authors":"Gueltoum Bendiab , Houda Haiouni , Isidoros Moulas , Stavros Shiaeles","doi":"10.1016/j.jisa.2024.103935","DOIUrl":"10.1016/j.jisa.2024.103935","url":null,"abstract":"<div><div>Deepfake technology presents significant challenges for digital media forensics. As deepfakes become increasingly sophisticated, the ability to detect and attribute manipulated media becomes more difficult. The main challenge lies in the realistic and convincing nature of deepfakes, which can deceive human perception and traditional forensic techniques. Furthermore, the widespread availability of open-source deepfake tools and increasing computational power contribute to the ease with which malicious actors can create and disseminate deepfakes. The challenges posed by deepfakes for digital media forensics are multifaceted. Therefore, the development of sophisticated detection algorithms, the creation of comprehensive datasets, and the establishment of legal frameworks are crucial in addressing these challenges. This paper provides a comprehensive analysis of current methods for deepfake generation and the issues surrounding their detection. It also explores the potential of modern AI-based detection techniques in combating the proliferation of deepfakes. This analysis aims to contribute to advancing deepfake detection by highlighting the limits of current detection techniques, the most relevant issues, the upcoming challenges, and suggesting future directions for research.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"88 ","pages":"Article 103935"},"PeriodicalIF":3.8,"publicationDate":"2024-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142757586","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Jianing Liu , Guanjun Lin , Huan Mei , Fan Yang , Yonghang Tai
{"title":"Enhancing vulnerability detection efficiency: An exploration of light-weight LLMs with hybrid code features","authors":"Jianing Liu , Guanjun Lin , Huan Mei , Fan Yang , Yonghang Tai","doi":"10.1016/j.jisa.2024.103925","DOIUrl":"10.1016/j.jisa.2024.103925","url":null,"abstract":"<div><div>Vulnerability detection is a critical research topic. However, the performance of existing neural network-based approaches requires further improvement. The emergence of large language models (LLMs) has demonstrated their superior performance in natural language processing (NLP) compared to conventional neural architectures, motivating researchers to apply LLMs for vulnerability detection. This paper focuses on evaluating the performance of various Transformer-based LLMs for source-code-level vulnerability detection. We propose a framework named VulACLLM (AST & CFG-based LLMs Vulnerability Detection), which leverages combined feature sets derived from abstract Syntax Tree (AST) and Control Flow Graph (CFG). The recall rate of VulACLLM in the field of vulnerability detection reached 0.73, while the F1-score achieved 0.725. Experimental results show that the proposed feature sets significantly enhance detection performance. To further improve the efficiency of LLM-based detection, we examine the performance of LLMs compressed using two techniques: Knowledge Distillation (KD) and Low-Rank Adaptation (LoRA). To assess the performance of these compressed models, we introduce efficiency metrics that quantify both performance loss and efficiency gains achieved through compression. Our findings reveal that, compared to KD, LLMs compressed with LoRA achieve higher recall, achieving a maximum recall rate of 0.82, while substantially reducing training time, taking only 20 min to complete one epoch, and disk size, requiring only 4.89 MB of memory. The experimental results demonstrate that LoRA compression effectively mitigates deployment challenges associated with large model sizes and high video memory consumption, enabling the deployment of LoRA-compressed LLMs on consumer-level GPUs without compromising vulnerability detection performance.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"88 ","pages":"Article 103925"},"PeriodicalIF":3.8,"publicationDate":"2024-11-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142757585","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Shufen Niu , Qi Liu , Wei Liu , Runyuan Dong , Peng Ge
{"title":"Multi-ciphertext equality test heterogeneous signcryption scheme based on location privacy","authors":"Shufen Niu , Qi Liu , Wei Liu , Runyuan Dong , Peng Ge","doi":"10.1016/j.jisa.2024.103918","DOIUrl":"10.1016/j.jisa.2024.103918","url":null,"abstract":"<div><div>The scale of network communication users is increasing daily, and massive user information are interacted with and stored in the network. The exchange of information between entities in different communication environments will not only promote the dynamic development of culture and economy, but also bring the risk of data redundancy and privacy leakage, which will have many negative effects. With the development of digitalization of privacy information on the Internet, incidents of privacy data leakage continue to occur. Interacting with network data not only provides each communication user with a shared space for personal information but also poses a great risk of exposing user privacy data. To solve the above problems, our work proposes a heterogeneous signcryption scheme for multi-party and multi-ciphertext equality test. In the scheme, the communication users in the Identity-Based Cryptosystem (IBC) and the Certificateless Cryptosystem (CLC) can communicate securely in many ways; Different cryptographic systems use different system parameters. In addition, our scheme has the advantage of high communication efficiency compared with the equality test of a single ciphertext. The signcryption system based on IBC and CLC is adopted, which eliminates the problem of certificate management in the traditional public key cryptosystem and ensures the confidentiality and authentication of data. The introduction of multi-ciphertext equality test can enable secure retrieval of multiple ciphertexts by multiple data users at the same time and improve the efficiency of ciphertext retrieval in multi-user environments. Under the random oracle model, the proposed scheme has proved to satisfy unforgeability, confidentiality under the computational Diffie–Hellman problem. Experimental results indicate that our proposal achieves better performance.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"88 ","pages":"Article 103918"},"PeriodicalIF":3.8,"publicationDate":"2024-11-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142723272","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Xingxing Chen , Qingfeng Cheng , Weidong Yang , Xiangyang Luo
{"title":"A novel blockchain-based anonymous roaming authentication scheme for VANET","authors":"Xingxing Chen , Qingfeng Cheng , Weidong Yang , Xiangyang Luo","doi":"10.1016/j.jisa.2024.103922","DOIUrl":"10.1016/j.jisa.2024.103922","url":null,"abstract":"<div><div>With the widespread application of vehicular ad-hoc networks, ensuring secure and seamless cross-regional roaming for mobile users and obtaining corresponding services has become a focal point. However, designing an efficient and secure roaming authentication protocol is challenging due to the confidentiality and privacy issues that data transmission during the roaming authentication process may cause and the limited computational capabilities of mobile devices. Researchers have proposed many security-oriented schemes to address this thorny challenge. However, many state-of-the-art schemes need help meeting various security requirements and facing privacy leakage and single points of failure. Recently, Xue et al. proposed a distributed authentication scheme for roaming services in mobile vehicular networks based on smart contracts. Regrettably, it is noted that their scheme is vulnerable to ephemeral key leakage attacks. Further, we present a blockchain-based anonymous roaming authentication scheme called BARA, which changes how session keys are generated and significantly reduces on-chain storage costs using probabilistic data structure techniques. We utilize Scyther and Burrows–Abadi–Needham (BAN) logic to prove the security of BARA and compare it with similar protocols in terms of computation, communication, and revocation check. The analysis results demonstrate that BARA achieves a good balance between security performance and execution efficiency.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"88 ","pages":"Article 103922"},"PeriodicalIF":3.8,"publicationDate":"2024-11-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142703293","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}