Journal of Information Security and Applications最新文献

{"title":"Detection of Evasive Android Malware Using EigenGCN","authors":"","doi":"10.1016/j.jisa.2024.103880","DOIUrl":"10.1016/j.jisa.2024.103880","url":null,"abstract":"<div><p>Recently there is an upsurge in Android malware that use obfuscation and repackaging techniques for evasion. Malware may also combine both these techniques to create stealthy adversarial mimicry samples to launch mimicry attacks. In mimicry attacks, the adversary makes sure that the static and dynamic features present in the crafted malware mimics the features present in the legitimate applications. In such cases, the existing detection mechanisms may become less effective. We found that the malicious nature of Android applications can be determined by identifying certain subgraphs that appear in their system call graphs. These subgraphs can be determined with the help of spectral clustering mechanism present in EigenGCN. With this, the system call graph <span><math><mi>G</mi></math></span> will be partitioned into two subgraphs <span><math><msub><mrow><mi>G</mi></mrow><mrow><mn>1</mn></mrow></msub></math></span> and <span><math><msub><mrow><mi>G</mi></mrow><mrow><mn>2</mn></mrow></msub></math></span>, in which the malicious functionality if any will be present in the subgraph <span><math><msub><mrow><mi>G</mi></mrow><mrow><mn>1</mn></mrow></msub></math></span>. The graph Fourier transform based pooling technique in EigenGCN then computes the features of the subgraphs in the form of graph signals. This graph signals serve as a robust signature to detect malware. The proposed mechanism gave an accuracy of 98.7% on common malware, 97.3% on obfuscated malware, 97.8% on repackaged malware, and 90% on adversarial mimicry malware datasets. As far as we know, this is the first work that proposes a malware detection mechanism, that can detect common as well as obfuscated, repackaged, and mimicry malware in Android.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":null,"pages":null},"PeriodicalIF":3.8,"publicationDate":"2024-09-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142151348","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Moment invariants based zero watermarking algorithm for trajectory data","authors":"","doi":"10.1016/j.jisa.2024.103867","DOIUrl":"10.1016/j.jisa.2024.103867","url":null,"abstract":"<div><p>Zero watermarking is a lossless copyright protection technology that satisfies the need for copyright protection without compromising the accuracy of trajectory data. However, existing zero watermarking algorithms for trajectory data are unable to resist random deletion point attack. Therefore, a trajectory data zero watermarking algorithm based on moment invariants was proposed to address the problem. Firstly, two compression algorithms are utilized to extract feature points from the trajectory data. Then, a coordinate system is constructed using the minimum area bounding rectangle (MABR) of the feature points. Next, based on the constructed coordinate system, the feature points are divided into subtrajectories, and the linear moment invariants generated by the subtrajectories are calculated. Finally, the zero watermark information is constructed based on the linear moment invariants, and the watermark copyright information is generated by exclusive-ORing (XOR) it with the copyright image. Experimental results demonstrate that the zero watermark information constructed by the proposed algorithm has good uniqueness and strong robustness against random deletion, compression, and other common attacks. Furthermore, the proposed algorithm has good algorithm efficiency and is applicable to vector data with plane coordinates. The study makes a positive contribution to copyright protection for trajectory data and provides useful references for research on lossless watermarking of vector geographic data.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":null,"pages":null},"PeriodicalIF":3.8,"publicationDate":"2024-09-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142129429","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"P-Chain: Towards privacy-aware smart contract using SMPC","authors":"","doi":"10.1016/j.jisa.2024.103872","DOIUrl":"10.1016/j.jisa.2024.103872","url":null,"abstract":"<div><p>Smart contract, as the representative application of blockchain, has recently fueled extensive research interests from both academia and industry. However, with its wide applications, the weaknesses of smart contract have been gradually revealed. The major barrier to the widespread adoption of smart contract involves concerns about on-chain privacy which refers to the details of input/output privacy. To address privacy concerns, we propose in this paper, P-Chain, a privacy-aware framework for smart contracts of permissioned blockchain to protect sensitive data of users based on Secure Multi-party Computation (SMPC). Unlike existing work that suffer several key drawbacks, including introducing a third party who could get the details of the deal, and high overhead for on-chain and off-chain communication, as well as lacking a privacy protection for output data, we enhance the privacy protection for smart contracts system by adding a new secure multi-party computation layer in P-Chain. Through secure multi-party computing, sensitive inputs of smart contracts are divided into multiple sub-inputs and sent to computing participants for operation respectively, which ensures that each participant can only access part of the user’s information. A stochastic strategy based on <span><math><mrow><mo>(</mo><mi>t</mi><mo>;</mo><mi>n</mi><mo>)</mo></mrow></math></span> threshold secret sharing to select calculating parties is also been proposed, which makes it difficult for an attacker to aggregate <span><math><mi>t</mi></math></span> of <span><math><mi>n</mi></math></span> participants for launching a collusive attack. In addition, we propose the output privacy protection method that makes it possible to reach a consensus without the need to know the output. The extensive experimental evaluation and analysis demonstrate that our scheme enjoys the advantages of calculation correctness, input–output privacy as well as anti-collusion.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":null,"pages":null},"PeriodicalIF":3.8,"publicationDate":"2024-09-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142129428","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Visualization-based comprehensive feature representation with improved EfficientNet for malicious file and variant recognition","authors":"","doi":"10.1016/j.jisa.2024.103865","DOIUrl":"10.1016/j.jisa.2024.103865","url":null,"abstract":"<div><p>Malicious file attacks seriously affect network and data security, and recognizing malicious files and variants is crucial for preventing network attacks. Faced with the challenge of traditional methods in quickly, effectively, and efficiently recognizing malicious files or variants, visualization-based feature representation methods have shown promising results. However, practical applications encounter issues such as loss of crucial information, high spatiotemporal overhead, and the need for model performance improvement. Therefore, this paper introduces a novel recognition framework focusing on feature representation and model performance. The framework uses the proposed <strong>v</strong>isualization-based <strong>c</strong>omprehensive <strong>f</strong>eature <strong>r</strong>epresentation method (VCFR) to extract file information into the Gray-Level Co-occurrence Matrix (GLCM), 2-gram frequency matrix, and interval 2-gram frequency matrix, followed by feature fusion to generate the three-channel RGB images. Subsequently, the proposed lightweight model is applied for recognizing those files, which utilizes ideas such as group convolution, channel shuffle, and attention mechanisms to improve model performance while significantly reducing model parameters, size, and FLOPs. In summary, through a series of experiments conducted on manually collected <strong>m</strong>alicious <strong>f</strong>ile <strong>d</strong>ataset (MFD) and public dataset MMCC, the proposed framework significantly outperformed other state-of-the-art technologies and has F1-Score as high as 94.10% and 98.58%, respectively, further verifying its outstanding effectiveness and efficiency.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":null,"pages":null},"PeriodicalIF":3.8,"publicationDate":"2024-09-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142129334","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Robust secret color image sharing anti-cropping and tampering in shares","authors":"","doi":"10.1016/j.jisa.2024.103869","DOIUrl":"10.1016/j.jisa.2024.103869","url":null,"abstract":"<div><p>Secret image sharing (SIS) has excellent properties such as loss tolerance and relatively low computational complexity, providing a brand-new solution for image security protection. However, there has been little research on the robustness of SIS systems, such as how to resist cropping or malicious tampering in shares. Existing related schemes generally focus on grayscale images and suffer from issues such as lossy recovery, weak robustness, and serious pixel expansion, which are challenging to meet the requirements of high-quality sensitive image applications. In this regard, a robust SIS scheme for color images is proposed, which can resist large-scale cropping and malicious tampering in shares. According to the idea of “breaking up the whole cropped area into parts, repairing the shares independently”, the proposed scheme can realize lossless recovery of secret images through organic fusion of secret sharing, error-correcting code, and pixel re-arrangement techniques. Even if all the shares are cropped by 25%, it can still achieve lossless recovery regardless of whether the cropping positions intersect or overlap. It can also resist various malicious tampering (such as marking, defacing, and copy-move forgery) as well as image noise. Moreover, it avoids pixel expansion and requires no auxiliary encryption or preprocessing. Theoretical analysis and experimental results demonstrate that the proposed scheme is superior to existing schemes in terms of robustness and comprehensive performance, and is expected to promote the practical application of SIS.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":null,"pages":null},"PeriodicalIF":3.8,"publicationDate":"2024-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142096958","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"SQL injection attack: Detection, prioritization & prevention","authors":"","doi":"10.1016/j.jisa.2024.103871","DOIUrl":"10.1016/j.jisa.2024.103871","url":null,"abstract":"<div><p>Web applications have become central in the digital landscape, providing users instant access to information and allowing businesses to expand their reach. Injection attacks, such as SQL injection (SQLi), are prominent attacks on web applications, given that most web applications integrate a database system. While there have been solutions proposed in the literature for SQLi attack detection using learning-based frameworks, the problem is often formulated as a binary, single-attack vector problem without considering the prioritization and prevention component of the attack. In this work, we propose a holistic solution, SQLR34P3R, that formulates the SQLi attack as a multi-class, multi-attack vector, prioritization, and prevention problem. For attack detection and classification, we gathered 457,233 samples of benign and malicious network traffic, as well as 70,023 samples that had SQLi and benign payloads. After evaluating several machine-learning-based algorithms, the hybrid CNN-LSTM models achieve an average F1-Score of 97% in web and network traffic filtering. Furthermore, by using CVEs of SQLi vulnerabilities, SQLR34P3R incorporates a novel risk analysis approach which reduces additional effort while maintaining reasonable coverage to assist businesses in allocating resources effectively by focusing on patching vulnerabilities with high exploitability. We also present an in-the-wild evaluation of the proposed solution by integrating SQLR34P3R into the pipeline of known vulnerable web applications such as Damn Vulnerable Web Application (DVWA) and Vulnado and via network traffic captured using Wireshark from SQLi DNS exfiltration conducted with SQLMap for real-time detection. Finally, we provide a comparative analysis with state-of-the-art SQLi attack detection and risk ratings solutions.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":null,"pages":null},"PeriodicalIF":3.8,"publicationDate":"2024-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S221421262400173X/pdfft?md5=876619c18c5e77543023637cfa5180d8&pid=1-s2.0-S221421262400173X-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142096959","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Corrigendum to “Blockchain-based public key encryption with keyword search for medical data sharing in cloud environment” [Journal of Information Security and Applications 78 (2023) 103626]","authors":"","doi":"10.1016/j.jisa.2024.103853","DOIUrl":"10.1016/j.jisa.2024.103853","url":null,"abstract":"","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":null,"pages":null},"PeriodicalIF":3.8,"publicationDate":"2024-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S2214212624001558/pdfft?md5=54cae618db46ed7d2ee93f35c1783ce8&pid=1-s2.0-S2214212624001558-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142148658","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Post-quantum identity-based traitor tracing","authors":"","doi":"10.1016/j.jisa.2024.103870","DOIUrl":"10.1016/j.jisa.2024.103870","url":null,"abstract":"<div><p>In the distribution of digital content, users may collude and utilize their secret keys to create pirate decoders which enable illegally users to receive the same service. As a useful countermeasure, the notion of identity-based traitor tracing (IBTT) scheme was introduced for the data owner to trace down pirates and simplify certificate management process. As far as we know, various IBTT schemes have been proposed in the literature and all of them are designed on classical hardness assumptions, which are believed to become broken in the coming post-quantum era. To address this issue, we propose the first post-quantum IBTT scheme in this work. The new IBTT scheme is proved to be secure in the quantum security model, assuming the quantum-resistant hardness of the underlying learning with errors problem. Notably, compared with other IBTT schemes, our construction has the minimal size increasing to make the underlying encryption scheme traitor tracing.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":null,"pages":null},"PeriodicalIF":3.8,"publicationDate":"2024-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142096242","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Enhancing the performance of convolutional neural network image-based steganalysis in spatial domain using Spatial Rich Model and 2D Gabor filters","authors":"","doi":"10.1016/j.jisa.2024.103864","DOIUrl":"10.1016/j.jisa.2024.103864","url":null,"abstract":"<div><p>Image-based steganalysis problem has attracted many researchers, and several solutions have been proposed. Deep learning-based methods are the most promising as they provide superior performance. Convolutional Neural network(CNN) based steganalysis methods are designed to improve the detection rate. Unlike traditional CNN models, CNN-based steganalysis requires careful design of preprocessing layers with filter initialization to obtain a good performance. In this paper, we established a CNN model that consists of two convolution layers for preprocessing and feature extraction, and four fully connected layers for classification. The preprocessing layer uses a set of efficient filter banks consisting of SRM and 2D Gabor filters. We conducted experiments using grayscale cover images from a popular and publicly available BOSSbase_1.01 database and Alask_v2 database with consideration for two different image sizes. The results showed that the proposed CNN model outperforms many state-of-the-art studies in two out of three well-known adaptive spatial domain steganography algorithms (S-UNIWARD, HUGO) and provides a close result for (WOW) algorithm when using the database with 512 × 512 images. On the other hand, the proposed model outperforms many state-of-the-art studies in the three algorithms when using the database with the original image size (256 × 256). Using image size 256, and the S-UNIWARD algorithm, the proposed model improved the detection accuracy rate by 13%, and 4.25% payloads of 0.2 and 0.4 bpp respectively compared to the previously best-known model (GBRAS-Net). The proposed model achieved 7.4% and 6.27% improvement in the detection accuracy for both payloads 0.2 and 0.4 bpp respectively using the HUGO algorithm compared with the previously best-known model (GBRAS-Net). For the WOW algorithm, the proposed model is slightly behind the best model (GBRAS-Net) but was able to obtain a close result for both payloads of 0.2 and 0.4 bpp, respectively. Using an image size of 512, the proposed model achieved 31.26%, 21.51%, 6.84%, 4.22%, and 1.96% improvement in the detection rate for the five payloads 0.1, 0.2, 0.3, 0.4, and 0.5 bpp respectively over S-UNIWARD algorithm compared to the previously best-known model (H-CNN). In addition, the proposed model achieved 27.60%, 23.69%, 12.66%, 5.27%, and 6.23% improved detection accuracy for the five payloads 0.1, 0.2, 0.3, 0.4, and 0.5 bpp respectively over HUGO algorithm compared with the previously best-known model (H-CNN). Finally, the proposed model provided 57.81%, 46.84%, 28.29%, 20.34%, and 13.79% improvement in the detection rate for the five payloads 0.1, 0.2, 0.3, 0.4, and 0.5 bpp respectively over WOW algorithm compared to the previously best-known model (H-CNN).</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":null,"pages":null},"PeriodicalIF":3.8,"publicationDate":"2024-08-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142088278","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Achieving lightweight, efficient, privacy-preserving user recruitment in mobile crowdsensing","authors":"","doi":"10.1016/j.jisa.2024.103854","DOIUrl":"10.1016/j.jisa.2024.103854","url":null,"abstract":"<div><p>The emergence of mobile crowdsensing (MCS) has revolutionized data collection method. As an important means of guaranteeing data quality, user recruitment is critical to sensing task completion. Aiming at the problem of user privacy disclosure in user recruitment, particularly when sensing platforms lack prior knowledge of user quality, we propose a Privacy-Preserving User Recruitment scheme (PPUR) which can maximize sensing quality in a lightweight and efficient manner. We design multiple secure protocols for both user quality calculation and user recruitment based on additive secret sharing (ASS). Specifically, we propose Secure user Quality Calculation (SQC) protocol to assess user quality instead of requiring user interaction in the case of unknown ground truth. Combinatorial multi-armed bandit (CMAB) based Secure User Recruitment (SUR) protocol, effectively tackles the challenge of recruiting multiple users without prior knowledge and user interactivity while adhering to budget and time limitations. Theoretical analysis confirms lightweight overhead of the PPUR scheme and its multi-class data security. Experimental results show that SQC has superior performance in both computational cost and communication overhead. The regret indicator’s findings demonstrate that SUR can effectively utilize budget and time to achieve optimal user recruitment decision.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":null,"pages":null},"PeriodicalIF":3.8,"publicationDate":"2024-08-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142077457","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}