Journal of Information Security and Applications最新文献_第2页

CodeSearchAttack: Enhancing soft-label black-box adversarial attacks on code CodeSearchAttack：增强对代码的软标签黑盒对抗性攻击

IF 3.7 2区计算机科学

Journal of Information Security and Applications Pub Date : 2025-10-10 DOI: 10.1016/j.jisa.2025.104258

Xin Pu , Xi Xiong , Yuanyuan Li , Zhaorong Liu , Yan Yu

{"title":"CodeSearchAttack: Enhancing soft-label black-box adversarial attacks on code","authors":"Xin Pu , Xi Xiong , Yuanyuan Li , Zhaorong Liu , Yan Yu","doi":"10.1016/j.jisa.2025.104258","DOIUrl":"10.1016/j.jisa.2025.104258","url":null,"abstract":"<div><div>Adversarial attacks on code data face significant challenges due to its discrete and non-differentiable nature. Soft-label black-box code adversarial attacks, in particular, are a highly complex task, with research in this area still in its early stages. Existing methods leave room for improvement in performance. For instance, greedy search-based attacks often get trapped in local optima, resulting in excessive perturbations. To tackle these challenges, we propose a novel framework, CodeSearchAttack, for crafting high-quality adversarial examples. CodeSearchAttack leverages constrained K-means to identify diverse substitutions in the variable embedding space and employs an improved beam search to craft adversarial examples. Additionally, it calculates variable importance using information derived from soft labels. Experiments on four code classification tasks demonstrate that CodeSearchAttack significantly outperforms state-of-the-art baseline methods. Under a query budget of 100, CodeSearchAttack achieves superior attack efficacy compared to existing soft-label attacks.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104258"},"PeriodicalIF":3.7,"publicationDate":"2025-10-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145265374","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A security-enhanced three-party authentication and key agreement scheme for smart grid communication 一种安全增强的智能电网通信三方认证与密钥协商方案

IF 3.7 2区计算机科学

Journal of Information Security and Applications Pub Date : 2025-10-10 DOI: 10.1016/j.jisa.2025.104254

Qi Yuan , Zhuoqian He , Xiangjun Cheng , Ying Xia , Yue Shao

{"title":"A security-enhanced three-party authentication and key agreement scheme for smart grid communication","authors":"Qi Yuan , Zhuoqian He , Xiangjun Cheng , Ying Xia , Yue Shao","doi":"10.1016/j.jisa.2025.104254","DOIUrl":"10.1016/j.jisa.2025.104254","url":null,"abstract":"<div><div>Securing communications within smart grids presents a critical challenge, particularly due to the increasing vulnerability of conventional authenticated key agreement schemes to quantum computing threats. Furthermore, ensuring robust security against physical attacks on devices like smart meters while maintaining low computational and communication overhead remains a significant hurdle. To address this issue, this study proposes NTRU-P3AKE (NTRU-based Three-Party Authenticated Key Exchange). This novel scheme integrates the Nth-Truncated Ring Unit (NTRU) algorithm with Physical Unclonable Functions (PUFs) and fuzzy extractors, enabling robust authentication and key agreement among smart meters, the control center, and service providers. The NTRU-P3AKE scheme supports registration via an open channel. It leverages NTRU to mitigate quantum threats, employs PUFs to resist physical attacks, and ensures forward security through dynamic random number updates. The proposed scheme’s security is rigorously evaluated via informal security analysis and formal verification. The latter uses the ProVerif tool and Burrows–Abadi–Needham (BAN) logic analysis. Comprehensive evaluations validate its exceptional efficiency, achieving a 99.0% reduction in computational overhead (0.244 ms) compared to the most computationally intensive scheme, a 70.8% reduction in communication cost (1440 bits) versus the most bandwidth-heavy approach, and a 79.4% reduction in energy consumption on smart meters (0.166 mJ) relative to the most energy-intensive protocol. These advancements make the proposed solution particularly suitable for resource-constrained smart grid environments requiring both high security and operational efficiency.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104254"},"PeriodicalIF":3.7,"publicationDate":"2025-10-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145265393","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Multi-mediated semi-quantum key distribution protocol with cyclic topology 具有循环拓扑结构的多中介半量子密钥分发协议

IF 3.7 2区计算机科学

Journal of Information Security and Applications Pub Date : 2025-10-10 DOI: 10.1016/j.jisa.2025.104257

Zhenye Du, Youlong Yang, Kaitian Gao

引用次数: 0

Economical and secure: EcoSign — A post-quantum hash-based digital signature scheme 经济和安全：EcoSign——一种基于后量子哈希的数字签名方案

IF 3.7 2区计算机科学

Journal of Information Security and Applications Pub Date : 2025-10-09 DOI: 10.1016/j.jisa.2025.104247

Swarna Panthi, Bubu Bhuyan

{"title":"Economical and secure: EcoSign — A post-quantum hash-based digital signature scheme","authors":"Swarna Panthi, Bubu Bhuyan","doi":"10.1016/j.jisa.2025.104247","DOIUrl":"10.1016/j.jisa.2025.104247","url":null,"abstract":"<div><div>The emergence of quantum threats has significantly shaken our trust in traditional digital signature schemes. Hash-based signatures, a prominent technique in post-quantum cryptography, have garnered increasing attention in cryptographic research and practical applications. This is attributed to their minimal security assumptions, adaptability, parameterized implementations, and the provision of forward-secure constructions. However, the primary limitation of hash-based signatures lies in their larger key and signature sizes. This paper introduces the hash-based one-time signature scheme ”EcoSign”, an enhanced version of the Smart Digital Signature-one-time signature scheme. EcoSign achieves significant reductions in keypair and signature sizes while providing flexibility for trade-offs between signature size and creation time. The processes of the generation of keypair and signature and verification of the generated signature are thoroughly explained. Additionally, the paper incorporates an algorithm for compressing the scheme’s public key into a single value using the Merkle tree compression technique. Our scheme presents a 73% decrease in key size and an 82% decrement in signature size when compared to the widely adopted Winternitz one-time signature scheme. In comparison to the improved version of Winternitz’s scheme: WOTS+, EcoSign showcases impressive reductions with a 76% decrease in key size and a 79% reduction in signature size.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104247"},"PeriodicalIF":3.7,"publicationDate":"2025-10-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145265394","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

ConvNeXt_GHSA: Integrating hybrid gated attention for malware image classification ConvNeXt_GHSA：集成混合门控注意的恶意软件图像分类

IF 3.7 2区计算机科学

Journal of Information Security and Applications Pub Date : 2025-10-09 DOI: 10.1016/j.jisa.2025.104259

Junhai Li , Yu Zhang , Yuanquan Shi , Yujun Yang

{"title":"ConvNeXt_GHSA: Integrating hybrid gated attention for malware image classification","authors":"Junhai Li , Yu Zhang , Yuanquan Shi , Yujun Yang","doi":"10.1016/j.jisa.2025.104259","DOIUrl":"10.1016/j.jisa.2025.104259","url":null,"abstract":"<div><div>Malware classification based on image representation has emerged as an effective approach to enhancing security systems against evolving threats. However, challenges such as suboptimal feature extraction, insufficient adaptive attention fusion, and class imbalance remain unresolved. To address these issues, this paper proposes a deep learning-based classification framework named ConvNeXt_GHSA. The model is built upon a pretrained ConvNeXt backbone and incorporates a novel Gated Hybrid Self-Attention (GHSA) mechanism, which integrates channel, local, and global attention branches to capture multi-scale, discriminative features. At gating strategy is employed to adaptively fuse information from the three branches according to their contextual relevance. Additionally, Focal Loss and label smoothing are adopted during training to alleviate the impact of class imbalance and enhance minority class recognition. Experimental evaluations on three public malware image datasets—Malimg, MaleVis, and Dumpware10—demonstrate that ConvNeXt_GHSA achieves classification accuracies of 99.79%, 99.23%, and 99.78%, respectively. These results confirm the proposed model's robustness, effectiveness, and generalization ability in malware image classification tasks.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104259"},"PeriodicalIF":3.7,"publicationDate":"2025-10-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145265377","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

HExNet: Enhancing malware classification through hierarchical CNNs and multi-level feature attribution HExNet：通过分层cnn和多级特征归属增强恶意软件分类

IF 3.7 2区计算机科学

Journal of Information Security and Applications Pub Date : 2025-10-07 DOI: 10.1016/j.jisa.2025.104207

Muhammed Shafi K.P. , Vinod P. , Rafidha Rehiman K.A. , Alejandro Guerra-Manzanares

{"title":"HExNet: Enhancing malware classification through hierarchical CNNs and multi-level feature attribution","authors":"Muhammed Shafi K.P. , Vinod P. , Rafidha Rehiman K.A. , Alejandro Guerra-Manzanares","doi":"10.1016/j.jisa.2025.104207","DOIUrl":"10.1016/j.jisa.2025.104207","url":null,"abstract":"<div><div>The ever-shifting landscape of malware presents a significant threat, as it routinely circumvents traditional defenses. This paper presents HExNet, a Hierarchical Explainable Convolutional Neural Network (CNN) architecture, designed to improve malware analysis and bolster security defenses. Recognizing the growing sophistication of malware, HExNet leverages a dual image representation, converting assembly mnemonics and raw bytecode of malware into visual representations for in-depth pattern recognition. The architecture, optimized for performance and security relevance, integrates multi-level features to enhance detection accuracy. To increase trust and facilitate security audits, HExNet incorporates SHAPley Additive Explanations (SHAP), Class Activation Maps (CAM), and GIST descriptors, providing transparent insights into the model’s classification process. t-SNE visualizations further demonstrate HExNet’s ability to effectively separate malware families, aiding in security intelligence. Evaluated on the Microsoft Malware Classification Challenge (BIG 2015) dataset, HExNet achieves an overall F1-score of 0.9890, with three malware families reaching a perfect F1-score of 1.0 and the remaining six families achieving near-optimal values. To evaluate the generalization capability, we further tested HExNet on a custom dataset consisting 26,401 samples collected from VirusShare, where the proposed model achieved an F1-score of 0.9724, demonstrating generalization performance across diverse malware datasets.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104207"},"PeriodicalIF":3.7,"publicationDate":"2025-10-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145265376","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A quantum-resistant oracle-based conditional payment scheme from lattice 一种抗量子的基于神谕的有条件支付方案

IF 3.7 2区计算机科学

Journal of Information Security and Applications Pub Date : 2025-10-04 DOI: 10.1016/j.jisa.2025.104248

Wenye Liu , Debiao He , Zhichao Yang , Xiaoying Jia , Min Luo

{"title":"A quantum-resistant oracle-based conditional payment scheme from lattice","authors":"Wenye Liu , Debiao He , Zhichao Yang , Xiaoying Jia , Min Luo","doi":"10.1016/j.jisa.2025.104248","DOIUrl":"10.1016/j.jisa.2025.104248","url":null,"abstract":"<div><div>Oracle-based conditional (ObC) payments are a specific type of transaction whose execution is triggered by the outcome of a predetermined external real-world event, verified by a semi-trusted oracle. ObC payments have broad applications in blockchain systems and real-world scenarios, such as financial adjudication, contractual services, trading and betting. Despite their wide applicability, cryptographic schemes supporting ObC payments are still limited. To the best of our knowledge, no quantum-resistant construction has been proposed to date. We fill this gap and present the first quantum-resistant cryptographic solution for ObC payments. In particular, we propose a cryptographic framework called Relaxed Verifiable Witness Encryption based on Signatures (RVWeS) to fulfill the functionality and security requirements of ObC payments, especially one-wayness and verifiability. We further provide a provably secure construction of RVWeS based on the hardness of Ring-SIS and Ring-LWE in the random-oracle model. Additionally, by leveraging relaxed relations and approximate trapdoors, our construction achieves modularity and efficiency without the need for additional transformations. Finally, we compare our scheme with several functionally similar schemes and built-in blockchain mechanisms, and the results show that our scheme offers a good overall performance and cost.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104248"},"PeriodicalIF":3.7,"publicationDate":"2025-10-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145265375","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Automated localization and detection for robust image watermarking resistant to camera shooting 抗相机拍摄的鲁棒图像水印的自动定位和检测

IF 3.7 2区计算机科学

Journal of Information Security and Applications Pub Date : 2025-10-04 DOI: 10.1016/j.jisa.2025.104250

Ming Liu , Yanli Chen , Yonghui Zhou , Bingbing Tan , Yue Li , Hanzhou Wu

{"title":"Automated localization and detection for robust image watermarking resistant to camera shooting","authors":"Ming Liu , Yanli Chen , Yonghui Zhou , Bingbing Tan , Yue Li , Hanzhou Wu","doi":"10.1016/j.jisa.2025.104250","DOIUrl":"10.1016/j.jisa.2025.104250","url":null,"abstract":"<div><div>Robust image watermarking that can resist camera shooting has become an active research topic in recent years due to the increasing demand for preventing sensitive information displayed on computer screens from being captured. However, many mainstream schemes require human assistance during the watermark detection process and cannot adapt to scenarios that require processing a large number of images. Although deep learning-based schemes enable end-to-end watermark embedding and detection, their limited generalization ability makes them vulnerable to failure in complex scenarios. In this paper, we propose a carefully crafted watermarking system that can resist camera shooting. The proposed scheme deals with two important problems: automatic watermark localization (AWL) and automatic watermark detection (AWD). AWL automatically identifies the region of interest (RoI), which contains watermark information, in the camera-shooting image by analyzing the local statistical characteristics. Meanwhile, AWD extracts the hidden watermark from the identified RoI after applying perspective correction. Compared with previous works, the proposed scheme is fully automatic, making it ideal for application scenarios. Furthermore, the proposed scheme is not limited to any specific watermark embedding strategy, allowing for improvements in the watermark embedding and extraction procedure. Extensive experimental results show that the AWL can achieve average 85.2% localization accuracy, and the AWD can automatically and reliably extracted authentication data extraction under certain conditions. The experimental results demonstrate the superiority and applicability of the proposed approach.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104250"},"PeriodicalIF":3.7,"publicationDate":"2025-10-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145219676","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A construction method of (t, k, n)-privileged secret image sharing scheme （t, k, n）特权秘密图像共享方案的构造方法

IF 3.7 2区计算机科学

Journal of Information Security and Applications Pub Date : 2025-10-04 DOI: 10.1016/j.jisa.2025.104246

Peng Li , Haonan Li

引用次数: 0

A robust blind watermarking scheme for color digital images based on GJO and the maximal connected domain 一种基于GJO和最大连通域的彩色图像鲁棒盲水印方案

IF 3.7 2区计算机科学

Journal of Information Security and Applications Pub Date : 2025-10-03 DOI: 10.1016/j.jisa.2025.104249

Xiaojie Tian , Shuai Jiao , Gang Wang , Yu Xia , Xuefeng Wei , Qingtang Su

{"title":"A robust blind watermarking scheme for color digital images based on GJO and the maximal connected domain","authors":"Xiaojie Tian , Shuai Jiao , Gang Wang , Yu Xia , Xuefeng Wei , Qingtang Su","doi":"10.1016/j.jisa.2025.104249","DOIUrl":"10.1016/j.jisa.2025.104249","url":null,"abstract":"<div><div>The problem of image piracy is becoming more and more severe in today’s society contemporary society. To resolve this problem of protecting the copyright of color images, a robust color image blind watermarking scheme based on the golden jackal optimization algorithm (GJO) and the maximal connected domain is proposed. GJO is adopted to select the threshold of the maximal connected domain and the quantization step of watermark embedding, and the maximal connected domain of the main image is selected as the embedding region based on a specific threshold. Then, the embedding area is divided into RGB three-layer channels. Each layer of channels is divided into non-overlapping matrix blocks with size of 4×4. Two watermark bits are embedded in each block. Specifically, two watermark bits are quantized and embedded into the first two elements in the first row of the matrix after the Householder transform, and double overflow treatment is applied to the embedded values of the watermark to improve its robustness. The experimental performances are shown as follows: 1) the average values of PSNR and SSIM are above 40 <em>dB</em> and 0.96, respectively; 2) the values of NC are above 0.95 under different attacks; 3) the theoretical maximum capacity for watermark information is four times the actual capacity; 4) The time complexity of embedding a watermark bit is O(<em>n</em><sup>2</sup>). The experimental results indicate that the scheme proposed exhibits good performance in robustness, invisibility, time complexity, watermark embedding capacity, and other aspects.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104249"},"PeriodicalIF":3.7,"publicationDate":"2025-10-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145219533","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0