Xin Pu , Xi Xiong , Yuanyuan Li , Zhaorong Liu , Yan Yu
{"title":"CodeSearchAttack: Enhancing soft-label black-box adversarial attacks on code","authors":"Xin Pu , Xi Xiong , Yuanyuan Li , Zhaorong Liu , Yan Yu","doi":"10.1016/j.jisa.2025.104258","DOIUrl":"10.1016/j.jisa.2025.104258","url":null,"abstract":"<div><div>Adversarial attacks on code data face significant challenges due to its discrete and non-differentiable nature. Soft-label black-box code adversarial attacks, in particular, are a highly complex task, with research in this area still in its early stages. Existing methods leave room for improvement in performance. For instance, greedy search-based attacks often get trapped in local optima, resulting in excessive perturbations. To tackle these challenges, we propose a novel framework, CodeSearchAttack, for crafting high-quality adversarial examples. CodeSearchAttack leverages constrained K-means to identify diverse substitutions in the variable embedding space and employs an improved beam search to craft adversarial examples. Additionally, it calculates variable importance using information derived from soft labels. Experiments on four code classification tasks demonstrate that CodeSearchAttack significantly outperforms state-of-the-art baseline methods. Under a query budget of 100, CodeSearchAttack achieves superior attack efficacy compared to existing soft-label attacks.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104258"},"PeriodicalIF":3.7,"publicationDate":"2025-10-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145265374","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"A security-enhanced three-party authentication and key agreement scheme for smart grid communication","authors":"Qi Yuan , Zhuoqian He , Xiangjun Cheng , Ying Xia , Yue Shao","doi":"10.1016/j.jisa.2025.104254","DOIUrl":"10.1016/j.jisa.2025.104254","url":null,"abstract":"<div><div>Securing communications within smart grids presents a critical challenge, particularly due to the increasing vulnerability of conventional authenticated key agreement schemes to quantum computing threats. Furthermore, ensuring robust security against physical attacks on devices like smart meters while maintaining low computational and communication overhead remains a significant hurdle. To address this issue, this study proposes NTRU-P3AKE (NTRU-based Three-Party Authenticated Key Exchange). This novel scheme integrates the Nth-Truncated Ring Unit (NTRU) algorithm with Physical Unclonable Functions (PUFs) and fuzzy extractors, enabling robust authentication and key agreement among smart meters, the control center, and service providers. The NTRU-P3AKE scheme supports registration via an open channel. It leverages NTRU to mitigate quantum threats, employs PUFs to resist physical attacks, and ensures forward security through dynamic random number updates. The proposed scheme’s security is rigorously evaluated via informal security analysis and formal verification. The latter uses the ProVerif tool and Burrows–Abadi–Needham (BAN) logic analysis. Comprehensive evaluations validate its exceptional efficiency, achieving a 99.0% reduction in computational overhead (0.244 ms) compared to the most computationally intensive scheme, a 70.8% reduction in communication cost (1440 bits) versus the most bandwidth-heavy approach, and a 79.4% reduction in energy consumption on smart meters (0.166 mJ) relative to the most energy-intensive protocol. These advancements make the proposed solution particularly suitable for resource-constrained smart grid environments requiring both high security and operational efficiency.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104254"},"PeriodicalIF":3.7,"publicationDate":"2025-10-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145265393","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Multi-mediated semi-quantum key distribution protocol with cyclic topology","authors":"Zhenye Du, Youlong Yang, Kaitian Gao","doi":"10.1016/j.jisa.2025.104257","DOIUrl":"10.1016/j.jisa.2025.104257","url":null,"abstract":"<div><div>Mediated semi-quantum key distribution (M-SQKD) is a class of quantum cryptographic protocols that allow two or more legitimate classical users to share a string of secure keys with the help of a third-party quantum server. Research has shown that these protocols remain valid even if the server is an adversary. Recently, two circular M-SQKD (CM-SQKD) protocols have emerged, where the server and all legitimate users form a topological loop when transmitting qubits. In this paper, we extend two existing CM-SQKD protocols, one based on a single state and the other on an entangled state, into multi-mediated versions. In the asymptotic case, we derive new bounds for the key rate of the two protocols and give noise tolerances, thus proving their unconditional security. In particular, we improve on previous results when only one mediator works.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104257"},"PeriodicalIF":3.7,"publicationDate":"2025-10-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145265373","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Economical and secure: EcoSign — A post-quantum hash-based digital signature scheme","authors":"Swarna Panthi, Bubu Bhuyan","doi":"10.1016/j.jisa.2025.104247","DOIUrl":"10.1016/j.jisa.2025.104247","url":null,"abstract":"<div><div>The emergence of quantum threats has significantly shaken our trust in traditional digital signature schemes. Hash-based signatures, a prominent technique in post-quantum cryptography, have garnered increasing attention in cryptographic research and practical applications. This is attributed to their minimal security assumptions, adaptability, parameterized implementations, and the provision of forward-secure constructions. However, the primary limitation of hash-based signatures lies in their larger key and signature sizes. This paper introduces the hash-based one-time signature scheme ”EcoSign”, an enhanced version of the Smart Digital Signature-one-time signature scheme. EcoSign achieves significant reductions in keypair and signature sizes while providing flexibility for trade-offs between signature size and creation time. The processes of the generation of keypair and signature and verification of the generated signature are thoroughly explained. Additionally, the paper incorporates an algorithm for compressing the scheme’s public key into a single value using the Merkle tree compression technique. Our scheme presents a 73% decrease in key size and an 82% decrement in signature size when compared to the widely adopted Winternitz one-time signature scheme. In comparison to the improved version of Winternitz’s scheme: WOTS+, EcoSign showcases impressive reductions with a 76% decrease in key size and a 79% reduction in signature size.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104247"},"PeriodicalIF":3.7,"publicationDate":"2025-10-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145265394","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"ConvNeXt_GHSA: Integrating hybrid gated attention for malware image classification","authors":"Junhai Li , Yu Zhang , Yuanquan Shi , Yujun Yang","doi":"10.1016/j.jisa.2025.104259","DOIUrl":"10.1016/j.jisa.2025.104259","url":null,"abstract":"<div><div>Malware classification based on image representation has emerged as an effective approach to enhancing security systems against evolving threats. However, challenges such as suboptimal feature extraction, insufficient adaptive attention fusion, and class imbalance remain unresolved. To address these issues, this paper proposes a deep learning-based classification framework named ConvNeXt_GHSA. The model is built upon a pretrained ConvNeXt backbone and incorporates a novel Gated Hybrid Self-Attention (GHSA) mechanism, which integrates channel, local, and global attention branches to capture multi-scale, discriminative features. At gating strategy is employed to adaptively fuse information from the three branches according to their contextual relevance. Additionally, Focal Loss and label smoothing are adopted during training to alleviate the impact of class imbalance and enhance minority class recognition. Experimental evaluations on three public malware image datasets—Malimg, MaleVis, and Dumpware10—demonstrate that ConvNeXt_GHSA achieves classification accuracies of 99.79%, 99.23%, and 99.78%, respectively. These results confirm the proposed model's robustness, effectiveness, and generalization ability in malware image classification tasks.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104259"},"PeriodicalIF":3.7,"publicationDate":"2025-10-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145265377","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Muhammed Shafi K.P. , Vinod P. , Rafidha Rehiman K.A. , Alejandro Guerra-Manzanares
{"title":"HExNet: Enhancing malware classification through hierarchical CNNs and multi-level feature attribution","authors":"Muhammed Shafi K.P. , Vinod P. , Rafidha Rehiman K.A. , Alejandro Guerra-Manzanares","doi":"10.1016/j.jisa.2025.104207","DOIUrl":"10.1016/j.jisa.2025.104207","url":null,"abstract":"<div><div>The ever-shifting landscape of malware presents a significant threat, as it routinely circumvents traditional defenses. This paper presents HExNet, a Hierarchical Explainable Convolutional Neural Network (CNN) architecture, designed to improve malware analysis and bolster security defenses. Recognizing the growing sophistication of malware, HExNet leverages a dual image representation, converting assembly mnemonics and raw bytecode of malware into visual representations for in-depth pattern recognition. The architecture, optimized for performance and security relevance, integrates multi-level features to enhance detection accuracy. To increase trust and facilitate security audits, HExNet incorporates SHAPley Additive Explanations (SHAP), Class Activation Maps (CAM), and GIST descriptors, providing transparent insights into the model’s classification process. t-SNE visualizations further demonstrate HExNet’s ability to effectively separate malware families, aiding in security intelligence. Evaluated on the Microsoft Malware Classification Challenge (BIG 2015) dataset, HExNet achieves an overall F1-score of 0.9890, with three malware families reaching a perfect F1-score of 1.0 and the remaining six families achieving near-optimal values. To evaluate the generalization capability, we further tested HExNet on a custom dataset consisting 26,401 samples collected from VirusShare, where the proposed model achieved an F1-score of 0.9724, demonstrating generalization performance across diverse malware datasets.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104207"},"PeriodicalIF":3.7,"publicationDate":"2025-10-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145265376","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Wenye Liu , Debiao He , Zhichao Yang , Xiaoying Jia , Min Luo
{"title":"A quantum-resistant oracle-based conditional payment scheme from lattice","authors":"Wenye Liu , Debiao He , Zhichao Yang , Xiaoying Jia , Min Luo","doi":"10.1016/j.jisa.2025.104248","DOIUrl":"10.1016/j.jisa.2025.104248","url":null,"abstract":"<div><div>Oracle-based conditional (ObC) payments are a specific type of transaction whose execution is triggered by the outcome of a predetermined external real-world event, verified by a semi-trusted oracle. ObC payments have broad applications in blockchain systems and real-world scenarios, such as financial adjudication, contractual services, trading and betting. Despite their wide applicability, cryptographic schemes supporting ObC payments are still limited. To the best of our knowledge, no quantum-resistant construction has been proposed to date. We fill this gap and present the first quantum-resistant cryptographic solution for ObC payments. In particular, we propose a cryptographic framework called Relaxed Verifiable Witness Encryption based on Signatures (RVWeS) to fulfill the functionality and security requirements of ObC payments, especially one-wayness and verifiability. We further provide a provably secure construction of RVWeS based on the hardness of Ring-SIS and Ring-LWE in the random-oracle model. Additionally, by leveraging relaxed relations and approximate trapdoors, our construction achieves modularity and efficiency without the need for additional transformations. Finally, we compare our scheme with several functionally similar schemes and built-in blockchain mechanisms, and the results show that our scheme offers a good overall performance and cost.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104248"},"PeriodicalIF":3.7,"publicationDate":"2025-10-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145265375","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Ming Liu , Yanli Chen , Yonghui Zhou , Bingbing Tan , Yue Li , Hanzhou Wu
{"title":"Automated localization and detection for robust image watermarking resistant to camera shooting","authors":"Ming Liu , Yanli Chen , Yonghui Zhou , Bingbing Tan , Yue Li , Hanzhou Wu","doi":"10.1016/j.jisa.2025.104250","DOIUrl":"10.1016/j.jisa.2025.104250","url":null,"abstract":"<div><div>Robust image watermarking that can resist camera shooting has become an active research topic in recent years due to the increasing demand for preventing sensitive information displayed on computer screens from being captured. However, many mainstream schemes require human assistance during the watermark detection process and cannot adapt to scenarios that require processing a large number of images. Although deep learning-based schemes enable end-to-end watermark embedding and detection, their limited generalization ability makes them vulnerable to failure in complex scenarios. In this paper, we propose a carefully crafted watermarking system that can resist camera shooting. The proposed scheme deals with two important problems: automatic watermark localization (AWL) and automatic watermark detection (AWD). AWL automatically identifies the region of interest (RoI), which contains watermark information, in the camera-shooting image by analyzing the local statistical characteristics. Meanwhile, AWD extracts the hidden watermark from the identified RoI after applying perspective correction. Compared with previous works, the proposed scheme is fully automatic, making it ideal for application scenarios. Furthermore, the proposed scheme is not limited to any specific watermark embedding strategy, allowing for improvements in the watermark embedding and extraction procedure. Extensive experimental results show that the AWL can achieve average 85.2% localization accuracy, and the AWD can automatically and reliably extracted authentication data extraction under certain conditions. The experimental results demonstrate the superiority and applicability of the proposed approach.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104250"},"PeriodicalIF":3.7,"publicationDate":"2025-10-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145219676","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"A construction method of (t, k, n)-privileged secret image sharing scheme","authors":"Peng Li , Haonan Li","doi":"10.1016/j.jisa.2025.104246","DOIUrl":"10.1016/j.jisa.2025.104246","url":null,"abstract":"<div><div>In conventional secret image sharing (SIS) schemes, all participants have identical roles, with the threshold <em>k</em> established based on the security level. However, in practical applications, certain participants have more power. Recently, Yang et al. introduced a (<em>t, m, k, n</em>)-privileged secret image sharing (PSIS) scheme that accords participants certain privileges, allowing the secret image to be recovered by any <em>k</em> out of <em>n</em> participants or by <em>t</em> out of <em>m</em> privileged participants (<em>t</em> < <em>k</em>). In this work, we present a construction method for a (<em>t, k, n</em>)-privileged secret image scheme, where both <em>k</em> out of <em>n</em> participants and <em>t</em> privileged participants can successfully reconstruct the secret image. Meanwhile, our scheme addresses and resolves the issues existing in the preceding scheme, such as parameter limitation and security issues. Theoretical analysis and experimental comparison demonstrate that our scheme is secure and efficient.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104246"},"PeriodicalIF":3.7,"publicationDate":"2025-10-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145219675","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Xiaojie Tian , Shuai Jiao , Gang Wang , Yu Xia , Xuefeng Wei , Qingtang Su
{"title":"A robust blind watermarking scheme for color digital images based on GJO and the maximal connected domain","authors":"Xiaojie Tian , Shuai Jiao , Gang Wang , Yu Xia , Xuefeng Wei , Qingtang Su","doi":"10.1016/j.jisa.2025.104249","DOIUrl":"10.1016/j.jisa.2025.104249","url":null,"abstract":"<div><div>The problem of image piracy is becoming more and more severe in today’s society contemporary society. To resolve this problem of protecting the copyright of color images, a robust color image blind watermarking scheme based on the golden jackal optimization algorithm (GJO) and the maximal connected domain is proposed. GJO is adopted to select the threshold of the maximal connected domain and the quantization step of watermark embedding, and the maximal connected domain of the main image is selected as the embedding region based on a specific threshold. Then, the embedding area is divided into RGB three-layer channels. Each layer of channels is divided into non-overlapping matrix blocks with size of 4×4. Two watermark bits are embedded in each block. Specifically, two watermark bits are quantized and embedded into the first two elements in the first row of the matrix after the Householder transform, and double overflow treatment is applied to the embedded values of the watermark to improve its robustness. The experimental performances are shown as follows: 1) the average values of PSNR and SSIM are above 40 <em>dB</em> and 0.96, respectively; 2) the values of NC are above 0.95 under different attacks; 3) the theoretical maximum capacity for watermark information is four times the actual capacity; 4) The time complexity of embedding a watermark bit is O(<em>n</em><sup>2</sup>). The experimental results indicate that the scheme proposed exhibits good performance in robustness, invisibility, time complexity, watermark embedding capacity, and other aspects.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104249"},"PeriodicalIF":3.7,"publicationDate":"2025-10-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145219533","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}