Journal of Information Security and Applications最新文献

{"title":"An optimized reinforcement learning based MTD mutation strategy for securing edge IoT against DDoS attack","authors":"Amir Javadpour ,&nbsp;Forough Ja’fari ,&nbsp;Chafika Benzaïd ,&nbsp;Tarik Taleb","doi":"10.1016/j.jisa.2025.104138","DOIUrl":"10.1016/j.jisa.2025.104138","url":null,"abstract":"<div><div>Distributed Denial of Service (DDoS) attacks are among the most destructive and challenging threats to mitigate for computer networks, particularly in edge IoT environments. Moving Target Defense (MTD) is a promising security mechanism that undermines the adversary’s gathered information by dynamically altering the attack surface. A selection of network nodes is chosen for mutation, and these changes hinder the adversary from achieving their objectives. However, identifying the optimal set of nodes for effectively and efficiently mitigating a DDoS attack remains a significant challenge. Existing MTD approaches have only considered a single factor—either the node’s vulnerability level or connectivity—and often lack generality and scalability for real-world IoT implementations. In this paper, we propose an enhanced MTD approach called CVbMA (Connection- and Vulnerability-based MTD Approach) that jointly considers both the vulnerability levels and connection weights of nodes to inform mutation strategies. To ensure practical applicability and adaptability, we develop a cost-aware Reinforcement Learning (RL) framework that incorporates explicit mutation costs into the reward function and utilizes neural ranking and model compression for scalability. Extensive evaluations are conducted using both Mininet-based simulations and a physical IoT testbed with real attack traces and heterogeneous devices. Comprehensive benchmarking and ablation studies against state-of-the-art MTD baselines demonstrate that the proposed framework significantly reduces the adversary’s success rate and incidents of server crashes, while maintaining low overhead and achieving high adaptivity. A detailed analysis of real-world deployments highlights the robustness of systems under operational constraints, including fluctuating latency, hardware diversity, and asynchronous events. Limitations and future enhancements, including topology-aware RL, adaptive mutation scheduling, and continuous model updates, are discussed. The results affirm the practical, scalable, and robust potential of cost-sensitive RL-based MTD for next-generation IoT security.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104138"},"PeriodicalIF":3.8,"publicationDate":"2025-07-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144672310","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A novel scheme to encrypting autonomous driving scene point clouds based on optical chaos","authors":"Ye Su ,&nbsp;Lili Li ,&nbsp;Yongxiang Liu ,&nbsp;Yushu Zhang ,&nbsp;Yichen Ye ,&nbsp;Xiao Jiang ,&nbsp;Zhuang Chen ,&nbsp;Yiyuan Xie","doi":"10.1016/j.jisa.2025.104166","DOIUrl":"10.1016/j.jisa.2025.104166","url":null,"abstract":"<div><div>The widespread adoption of 3D point cloud technology in autonomous driving has raised concerns about the potential leakage of private information among Internet of Vehicles (IoV) users, especially when data is exchanged between vehicles without adequate protection. This paper introduces a novel encryption and decryption scheme for 3D point cloud data, designed to address security and privacy concerns in autonomous driving environments. The optical system, based on vertical-cavity surface-emitting lasers (VCSELs), is configured to generate optical chaos, which is then applied to the permutation and diffusion of 3D point clouds. In the case study, 3D point cloud images from the KITTI dataset are encrypted and decrypted, and the three classes of objects — cars, cyclists, and pedestrians — are detected in the original, encrypted, and decrypted datasets using the Point-Voxel Region Convolutional Neural Network (PV-RCNN). The mean average precision (mAP) for the encrypted dataset is nearly zero, indicating that the 3D point cloud objects cannot be detected. In contrast, the mAP for the decrypted dataset closely matches that of the original dataset, demonstrating the effectiveness and feasibility of the proposed privacy protection scheme. Additionally, a detailed security analysis of the geometric features in 3D point clouds confirms that the scheme provides robust security and privacy protection for the scene information in 3D point cloud images.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104166"},"PeriodicalIF":3.8,"publicationDate":"2025-07-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144672189","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Enforcing data access control and privacy: The graph-driven data regulatory approach","authors":"Suriya U-ruekolan,&nbsp;Manot Rattananen,&nbsp;Jukkrapong Ponharn,&nbsp;Naiyana Sahavechaphan","doi":"10.1016/j.jisa.2025.104163","DOIUrl":"10.1016/j.jisa.2025.104163","url":null,"abstract":"<div><div>Comprehensive data-driven systems require the integration of various access control and privacy patterns to address the diverse needs of subjects. However, existing approaches often struggle to simultaneously support precise access control, privacy preservation, and efficient policy maintenance. This paper presents G2D (Graph to Data), a novel technique that employs a Data Regulatory Graph (DRG) to dynamically generate data authorization statements tailored to specific subjects. G2D unifies access control and privacy by producing authorized SQL queries and specifying necessary data transformations for sensitive fields. Experimental results demonstrate that G2D incurs minimal execution overhead, simplifies policy updates, and effectively balances system performance with data protection, even under high concurrency. These findings highlight G2D’s potential to support scalable, privacy-aware data access in complex environments.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104163"},"PeriodicalIF":3.8,"publicationDate":"2025-07-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144672188","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Efficient privacy-preserving outsourcing of imbalanced clustering in cloud computing","authors":"Ke Li ,&nbsp;Xinrong Sun ,&nbsp;Yunting Tao ,&nbsp;Fanyu Kong ,&nbsp;Guoqiang Yang ,&nbsp;Chunpeng Ge ,&nbsp;Qiuliang Xu","doi":"10.1016/j.jisa.2025.104155","DOIUrl":"10.1016/j.jisa.2025.104155","url":null,"abstract":"<div><div>Imbalanced clustering algorithm plays a vital role in fields, such as fault detection in finance, network security and medical diagnosis. The Imbalanced Clustering with Theoretical Learning Bounds (ICTLB) algorithm is a novel imbalanced clustering algorithm but could incur high computational costs due to extensive matrix operations, making it less practical for resource-limited devices. Outsourcing computations to cloud servers can alleviate client burdens but need to solve data privacy issues and result verification problem. In this paper, we propose an efficient, secure, and verifiable outsourcing scheme for the ICTLB imbalanced clustering algorithm. We design a novel encryption method based on sparse matrices and random permutations, which effectively protects the privacy of the input data while ensuring minimal computational overhead on the client side. Our scheme also integrates a robust verification mechanism, allowing the client to validate the correctness of results returned by the cloud server. Experiments show that the proposed scheme can improve efficiency by 28.88% to 52.48% comparable to the original ICTLB algorithm across various datasets.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104155"},"PeriodicalIF":3.8,"publicationDate":"2025-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144655086","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"GRAMSSAT: An efficient label inference attack against two-party split learning based on gradient matching and semi-supervised learning","authors":"Lixin Zhang,&nbsp;Xinyan Gao,&nbsp;Bihe Zhao,&nbsp;Zhenyu Guan,&nbsp;Song Bian","doi":"10.1016/j.jisa.2025.104159","DOIUrl":"10.1016/j.jisa.2025.104159","url":null,"abstract":"<div><div>As a novel privacy-preserving paradigm for protecting the privacy of participant data and realizing the utility of data, split learning (SL) has gained wide attention and applications in various fields such as healthcare and media advertising. SL aims to collaboratively train a model using private input and labeled data from multiple parties, while exchanging only intermediate representations and corresponding backward gradients. We propose GRAMSSAT, a label inference attack that trains a surrogate model to replace the label owner’s model. By leveraging a small amount of labeled auxiliary data, we treat the attack as a semi-supervised learning problem, designing a novel loss function that combines gradient matching, which enables the adversary to infer private labels during the SL process. Our experiments show that GRAMSSAT achieves label inference with improved efficiency and accuracy, enhancing attack performance by 9.14% to 42.77% compared to prior works e.g., Fu et al., USENIX Security 2022 across different datasets. In particular, in the case where the adversarial client’s knowledge is limited (only known 1 or 2 labels per class), the inference accuracy of our proposed GRAMSSAT on the CIFAR-100 test set improves by 20.43% and 17.19% compared to the prior work. We also implement several defense mechanisms, including gradient compression and differential privacy. Our findings highlight the privacy risks in split learning and the need for more secure training techniques.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104159"},"PeriodicalIF":3.8,"publicationDate":"2025-07-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144655085","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Federated Unlearning With Reinforcement Learning: Adaptive Privacy Preservation for Clients","authors":"Kun Gao ,&nbsp;Tianqing Zhu ,&nbsp;Dayong Ye ,&nbsp;Longxiang Gao ,&nbsp;Wanlei Zhou","doi":"10.1016/j.jisa.2025.104164","DOIUrl":"10.1016/j.jisa.2025.104164","url":null,"abstract":"<div><div>With growing attention to data privacy in federated learning, federated unlearning has become an important solution to meet increasing demands for privacy compliance. However, unlearning may bring in new security concerns, such as dangers of adversarial manipulation, where the adversary may launch malicious updates or inputs to hurt the model performance or prediction, privacy-attacks, as the sensitive data can be possibly deduced from the process of unlearning, and performance degradation, because the unlearning process may break the consistency or performance of the model. In this paper, to address such issues and acquire a good and adaptive unlearning policy without causing much negative effect to the federated system, we present a reinforcement learning based method to facilitate the data unlearning method in federated learning. Our approach iteratively disposes of clients through partial unlearning, complete unlearning, or no unlearning using a DQN combined with clients’ properties like contribution, privacy cost, and computational overhead. We show that by utilizing the reinforcement learning technique, the performance decay can be defended effectively, and adversarial behaviors are indeed a common concern for the federated unlearning scenario. Our analysis can inform the development of federated unlearning frameworks that defend against performance and security threats.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104164"},"PeriodicalIF":3.8,"publicationDate":"2025-07-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144633970","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Multi-party quantum homomorphic encryption scheme based on quantum teleportation","authors":"Zhen-Zhen Li,&nbsp;Zhao Zhang,&nbsp;Ya-Jing Li,&nbsp;Dong-Fei Wang,&nbsp;Han Zhang","doi":"10.1016/j.jisa.2025.104157","DOIUrl":"10.1016/j.jisa.2025.104157","url":null,"abstract":"<div><div>The quantum homomorphic encryption involves performing homomorphic operations directly on the quantum ciphertext state without the need to convert the ciphertext to plaintext before performing homomorphic operations. In this paper, we propose an n-party quantum homomorphic encryption scheme based on quantum teleportation, which can be used to achieve non-interactivity, eliminate errors caused by T-gate evaluation, and allow clients’ private data to undergo arbitrary quantum computations across multiple servers without the need for the server to decrypt the data. In this scheme, the client prepares and encrypts GHZ states and single-particle states. Subsequently, the client transmits the single-particle states and particles of the GHZ state to the server. The server performs joint measurements on the received particles, performs homomorphic operations on the single-particle states, and simultaneously updates the key. Finally, the result of the homomorphic operation is decrypted using the first particle in the GHZ state. This scheme is non-interactive, information-theoretically secure, and utilizes a one-time quantum channel. Furthermore, we apply the Quantum Homomorphic Encryption (QHE) scheme to quantum private comparison and successfully perform private comparison operations on the origin quantum.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104157"},"PeriodicalIF":3.8,"publicationDate":"2025-07-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144633971","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"ppLeader: Achieving the Privacy-Preserving Leaders in PoS Protocols","authors":"Peifang Ni ,&nbsp;Jing Xu","doi":"10.1016/j.jisa.2025.104147","DOIUrl":"10.1016/j.jisa.2025.104147","url":null,"abstract":"<div><div>The proof-of-stake (PoS) mechanism is considered to be a highly desirable alternative to the proof-of-work (PoW) in order to reduce resource consumption. Nevertheless, we identify that the energy efficient PoS-based blockchain consensus protocols bring new privacy concern that the disclosure of block issuer’s privacy (i.e., its account address and the corresponding balance) for the public verification of block.</div><div>We present a leader election protocol (named <em>ppLeader</em>) that aims to randomize the relation between stakeholder’s account and the corresponding success probability, such that guarantees the unpredictable leader election, and anonymous block issuing and public verification. In particular, the frequency that a stakeholder being elected cannot be used by the adversary to reveal its target stakeholder’s stakes. To showcase the usability of <em>ppLeader</em>, we apply it to the elegant PoS-based blockchain consensus protocol Ouroboros Praos directly to achieve the enhanced privacy property. Besides the detailed security analysis, we develop a proof-of-concept implementation of <em>ppLeader</em> and conduct extensive experiments to show the practicality.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104147"},"PeriodicalIF":3.8,"publicationDate":"2025-07-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144633972","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Efficient verifiable secure aggregation protocols for federated learning","authors":"Binghao Xu,&nbsp;Shuai Wang,&nbsp;Youliang Tian","doi":"10.1016/j.jisa.2025.104161","DOIUrl":"10.1016/j.jisa.2025.104161","url":null,"abstract":"<div><div>Federated learning enables collaborative model training without direct access to clients’ local data, making it highly attractive for privacy-preserving analytics in resource-constrained environments. However, existing secure aggregation protocols remain vulnerable to privacy disclosure and malicious server tampering, and often incur substantial computational and communication overhead. In this paper, we propose a verifiable secure aggregation protocol that enables efficient aggregation in resource-constrained settings while guaranteeing the integrity of the aggregated results. Integrity of the aggregated result is guaranteed via the additive homomorphism of Shamir secret shares and a lightweight symmetric message-authentication code. Compared to VerifyNet, our protocol reduces aggregation overhead to only 1.25% of VerifyNet’s overhead, and under client dropouts it cuts RFLPV’s overhead by approximately 50%, while maintaining full privacy against semi-honest clients. Extensive simulations confirm that our method delivers strong security guarantees and operates efficiently under resource-constrained conditions, demonstrating its suitability for large-scale, dropout-prone federated learning deployments.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104161"},"PeriodicalIF":3.8,"publicationDate":"2025-07-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144631980","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"DroidTTP: Mapping android applications with TTP for Cyber Threat Intelligence","authors":"Dincy R. Arikkat ,&nbsp;Vinod P. ,&nbsp;Rafidha Rehiman K.A. ,&nbsp;Serena Nicolazzo ,&nbsp;Marco Arazzi ,&nbsp;Antonino Nocera ,&nbsp;Mauro Conti","doi":"10.1016/j.jisa.2025.104162","DOIUrl":"10.1016/j.jisa.2025.104162","url":null,"abstract":"<div><div>The widespread use of Android devices for sensitive operations has made them prime targets for sophisticated cyber threats, including Advanced Persistent Threats (APT). Traditional malware detection methods focus primarily on malware classification, often failing to reveal the Tactics, Techniques, and Procedures (TTPs) used by attackers. To address this issue, we propose DroidTTP, a novel system for mapping Android malware to attack behaviors. We curated a dataset linking Android applications to Tactics and Techniques and developed an automated mapping approach using the Problem Transformation Approach and Large Language Models (LLMs). Our pipeline includes dataset construction, feature selection, data augmentation, model training, and explainability via SHAP. Furthermore, we explored the use of LLMs for TTP prediction using both Retrieval Augmented Generation and fine-tuning strategies. The Label Powerset XGBoost model achieved the best performance, with Jaccard Similarity scores of 0.9893 for Tactic classification and 0.9753 for Technique classification. The fine-tuned LLaMa model also performed competitively, achieving 0.9583 for Tactics and 0.9348 for Techniques. Although XGBoost slightly outperformed LLMs, the narrow performance gap highlights the potential of LLM-based approaches for Tactic and Technique prediction.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104162"},"PeriodicalIF":3.8,"publicationDate":"2025-07-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144623783","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}