M. Franckie Singha, Ripon Patgiri, Laiphrakpam Dolendro Singh
{"title":"A tenant-aware deep learning-based intrusion detection system for detecting DDoS attacks in multi-tenant SaaS networks","authors":"M. Franckie Singha, Ripon Patgiri, Laiphrakpam Dolendro Singh","doi":"10.1016/j.jisa.2025.104251","DOIUrl":"10.1016/j.jisa.2025.104251","url":null,"abstract":"<div><div>Software-as-a-Service (SaaS) platforms are a crucial aspect of cloud computing and are increasingly vulnerable to Distributed Denial of Service (DDoS) attacks, primarily due to their underlying multi-tenant architecture. Conventional intrusion detection systems cannot generalize effectively across tenants, resulting in high levels of false positives and limited adaptability. We have addressed this risk by designing a tenant-aware deep learning-based intrusion detection system for multi-tenant SaaS environments. Our hybrid model employs Capsule Networks to extract spatial features and Long Short-Term Memory (LSTM) networks to recognize temporal patterns. Our innovative contribution is a new tenant embedding system that incorporates tenant-specific behavioral context into the model, enabling the system to capture variations in benign behaviors within the context of evolving attack traffic. Experimental evaluations on CICIDS2017, CICDDoS2019, and CSE-CIC-IDS2018 datasets demonstrated that our proposed model achieved higher accuracy, precision, and generalization across tenants. Furthermore, various ablation test is done to validate our model. However, the zero-shot ablation study shows reduced effectiveness on unseen tenants. This demonstrates the importance of tenant embeddings and motivating future research on adaptive mechanisms. We also integrated SHAP-based interpretability analysis to improve the transparency of the system and provide insights into feature importance. Our work takes initial steps toward developing practical and explainable IDS solutions for adaptive, multi-tenant SaaS environments.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104251"},"PeriodicalIF":3.7,"publicationDate":"2025-10-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145219531","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"PrivNN: A private and efficient framework for spatial nearest neighbor query processing","authors":"Zechun Cao, Brian Kishiyama, Jeong Yang","doi":"10.1016/j.jisa.2025.104244","DOIUrl":"10.1016/j.jisa.2025.104244","url":null,"abstract":"<div><div>A common query type in location-based services (LBS) is finding the nearest neighbor (NN) of a given query object. However, the exact location of the query object is often sensitive information, posing significant privacy risks if the LBS server is untrusted or compromised. In this paper, we propose PrivNN, a novel spatial NN query processing framework that allows users to perform exact NN queries without revealing their location. Our framework introduces a novel spatial NN search algorithm, Dynamic Hierarchical Voronoi Overlay (DHVO), which efficiently finds the nearest neighbor by iteratively refining the search region using multi-granular Voronoi diagrams. We also present a client–server communication protocol that enables the server to respond to encrypted spatial NN queries by employing homomorphic encryption. We rigorously prove the correctness of our algorithm, analyze the theoretical properties of our framework, and demonstrate its strong security and robust privacy bounds. We implement and evaluate PrivNN on real-world spatial datasets, showing that it substantially reduces computational and communication overhead while remaining practical for private NN search in LBS applications.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104244"},"PeriodicalIF":3.7,"publicationDate":"2025-09-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145158207","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Muhammad Yasir Muzayan Haq , Antonia Affinito , Alessio Botta , Anna Sperotto , Lambert J.M. Nieuwenhuis , Mattijs Jonker , Abhishta Abhishta
{"title":"Victimization in DDoS attacks: The role of popularity and industry sector","authors":"Muhammad Yasir Muzayan Haq , Antonia Affinito , Alessio Botta , Anna Sperotto , Lambert J.M. Nieuwenhuis , Mattijs Jonker , Abhishta Abhishta","doi":"10.1016/j.jisa.2025.104242","DOIUrl":"10.1016/j.jisa.2025.104242","url":null,"abstract":"<div><div>Distributed denial-of-service (DDoS) attacks may be driven not only by economic motives such as extortion, but also by social or political goals, including hacktivism and state-sponsored operations. Therefore, the monetary value of a target alone does not fully explain why some organizations are more frequently victimized. While cloud providers deploy advanced defenses — such as Anycast routing, traffic scrubbing, and filtering — they also concentrate many potential targets within a shared infrastructure, increasing their exposure to DDoS attacks.</div><div>This study aims to understand what makes organizations more suitable DDoS targets by examining two key attributes: visibility and perceived value, represented by website popularity and industry sector. We also investigate how the customer portfolio of cloud and data center providers influences the DDoS threat to their infrastructure.</div></div><div><h3>Research Questions:</h3><div>• How do organizational characteristics related to value and visibility — specifically, popularity and industry sector — correlate with the threat of DDoS attacks?</div><div>• How does the diversity of customer business sectors hosted by a cloud or data center provider influence the DDoS threat to its infrastructure?</div></div><div><h3>Methodology:</h3><div>We conducted a large-scale analysis of DDoS incidents inferred from network telescope data spanning five years. We estimated target visibility and value using Alexa ranks and Cisco Umbrella content categories. We also analyzed the relationship between customer sector composition and DDoS threat at the provider level.</div></div><div><h3>Key Findings:</h3><div>• Popular websites are more frequently attacked, though this pattern weakened during the COVID-19 pandemic.</div><div>• Certain industry sectors face significantly higher and repeated DDoS threats.</div><div>• Cloud providers serving a higher proportion of high-risk sectors are more likely to face frequent DDoS attacks.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104242"},"PeriodicalIF":3.7,"publicationDate":"2025-09-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145158209","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Bei Chen , Gaolei Li , Haochen Mei , Jianhua Li , Mingzhe Chen , Mérouane Debbah
{"title":"Anti-traceable backdoor: Blaming malicious poisoning on innocents in non-IID federated learning","authors":"Bei Chen , Gaolei Li , Haochen Mei , Jianhua Li , Mingzhe Chen , Mérouane Debbah","doi":"10.1016/j.jisa.2025.104240","DOIUrl":"10.1016/j.jisa.2025.104240","url":null,"abstract":"<div><div>Backdoor attacks pose an extremely serious threat to federated learning (FL), where victim models are susceptible to specific triggers. To counter the defense, a smart attacker will forcefully and actively camouflage its behavior profiles (i.e., trigger invisibility and malicious collusion). However, in a more practical scenario where the label distribution on each client is heterogeneous, such camouflage is not highly deceptive and durable, and also malicious clients can be precisely identified by a blanket benchmark comparison. In this paper, we introduce an attack vector that blames innocent clients for malicious poisoning in backdoor tracing and motivates a novel Anti-Traceable Backdoor Attack (ATBA) framework. First, we devise a <em>progressive generative adversarial data inference</em> scheme to compensate missing classes for malicious clients, progressively improving the quality of inferred data through fictitious poisoning. Subsequently, we present a <em>trigger-enhanced specific backdoor learning</em> mechanism, selectively specifying vulnerable classes from benign clients to resist backdoor tracing and adaptively optimizing triggers to adjust specific backdoor behaviors. Additionally, we also design a <em>meta-detection-and-filtering defense</em> strategy, which aims to distinguish fictitiously-poisoned updates. Extensive experiments over three benchmark datasets validate the proposed ATBA’s attack effectiveness, anti-traceability, robustness, and the feasibility of the corresponding defense method.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104240"},"PeriodicalIF":3.7,"publicationDate":"2025-09-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145158208","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Security analysis of digital image watermarking using deep learning inspired LSB and chaotic S-Box in cyber security","authors":"Muhammad Zubair Shoukat , Zhaofeng Su , Jehad Ali","doi":"10.1016/j.jisa.2025.104209","DOIUrl":"10.1016/j.jisa.2025.104209","url":null,"abstract":"<div><div>Information Technology (IT) has experienced remarkable advancements, this revolutionized the way of living, working and talking. One most momentous innovation is the social media communication and data sharing. The increasing prevalence of vast data sharing in the modern digital landscape has raised significant concerns regarding data privacy. Cryptography and image watermarking are essential components in the domain of security, specifically in providing services for multimedia protection. These technologies play crucial roles in opposing the integrity, confidentiality, and ownership of digital multimedia assets such as images, videos, and audio files. This research combines Least Significant Bit (LSB) and Holistically Nested Edge (HED) with chaos-based Substitution Box (S-Box) to enhance the strength of digital data security. The proposed technique summarizes the benefits of suitable positions by HED and high capacity and robustness against image processing attacks by LSB and encryption services by chaotic S-Box. The performance metric of proposed technique is calculated on Lena, Baboon and Pepper images. whereas to analyze the robustness Bit Error Ratio (BER) is calculated against different attacks i.e., speckle, gaussian, salt and pepper noise and cropping attacks on different images. The outcome shows that proposed technique opposing most of the attacks and legitimize it is effectiveness. The average value of Peak Signal to Noise Ratio (PSNR) and Structure Similarity Index (SSIM) are 53.15 dB and 0.9 which indicates invisibility of watermark signal in carrier image. The average value of Normalized Correlation (NC) is 0.9 which indicates proposed technique has strong robustness.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104209"},"PeriodicalIF":3.7,"publicationDate":"2025-09-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145158305","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Protecting metadata privacy in blockchain-based EHR systems: A group addressing structure","authors":"Saeid Tousi Saeidi, Hamid Reza Shahriari, Mahdi Nikooghadam","doi":"10.1016/j.jisa.2025.104236","DOIUrl":"10.1016/j.jisa.2025.104236","url":null,"abstract":"<div><div>With the rapid advancement of Healthcare Information Technology (HIT), the volume of medical data has increased exponentially, creating a critical need for secure and accurate storage and transmission solutions. A serious challenge in this area is ensuring robust privacy protection. While numerous studies have explored the use of blockchain technology for securely sharing electronic health records (EHR), most have focused solely on safeguarding the content of EHRs. However, the privacy of metadata associated with EHRs stored on blockchain has largely been overlooked. In this paper, first, we examine how exposing EHR metadata on the blockchain can lead to privacy breaches. We analyze this vulnerability through a review of various studies, highlighting the risks associated with publicly accessible metadata in decentralized networks. Second, we propose a solution by introducing modifications to the blockchain address structure and implementing group addressing to enhance metadata privacy. To achieve this, we present a group signature protocol designed to facilitate secure group addressing in blockchain networks. Finally, the proposed group signature is evaluated against six existing models, demonstrating its effectiveness in mitigating privacy risks while maintaining the core functionalities of blockchain systems.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104236"},"PeriodicalIF":3.7,"publicationDate":"2025-09-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145158307","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Shangping Wang, Xiaoling Xie, Ting Wang, Juanjuan Ma
{"title":"Attribute-based encryption and zk-SNARK authentication scheme for healthcare systems","authors":"Shangping Wang, Xiaoling Xie, Ting Wang, Juanjuan Ma","doi":"10.1016/j.jisa.2025.104241","DOIUrl":"10.1016/j.jisa.2025.104241","url":null,"abstract":"<div><div>In recent years, the widespread adoption of electronic medical systems has improved the efficiency of diagnosis and treatment. However, the security of physician identity authentication and the protection of patient privacy face serious challenges. Existing biometric-based authentication schemes pose risks of privacy leaks, while attribute-based schemes that support fine-grained access control often lack efficient user revocation and tracking mechanisms. To address this critical need, this paper proposes an innovative authentication protocol that integrates attribute-based encryption (ABE) with zk-SNARK zero-knowledge proofs. This scheme achieves zero-knowledge identity verification to protect biometric privacy, supports efficient fine-grained access control and dynamic attribute revocation through ABE, and integrates malicious user tracking capabilities to ensure accountability. Through security analysis and performance evaluation, we have verified that the protocol possesses traceability, resistance to collusion attacks, anonymity, unforgeability and correctness. It provides a secure, privacy-first and practical solution for healthcare systems, with potential applicability to other sensitive domains such as finance and e-government.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104241"},"PeriodicalIF":3.7,"publicationDate":"2025-09-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145158309","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Xiaofei He , Lixiang Li , Haipeng Peng , Fenghua Tong , Zhongkai Dang
{"title":"An asymmetric multi-level image privacy protection scheme based on 2-D compressive sensing and chaotic system","authors":"Xiaofei He , Lixiang Li , Haipeng Peng , Fenghua Tong , Zhongkai Dang","doi":"10.1016/j.jisa.2025.104239","DOIUrl":"10.1016/j.jisa.2025.104239","url":null,"abstract":"<div><div>In the current digital and network era, digital images play a crucial role across various domains, such as social media, healthcare and security surveillance. However, these images typically contain sensitive personal information, and if appropriate security measures are not taken during collection, transmission, or processing, there may be a serious risk of privacy breaches. To solve these problems, we propose an asymmetric multi-level image privacy protection scheme based on 2-D compressive sensing and chaotic systems. The proposed solution exhibits significant advantages compared with the existing methods in several aspects. Firstly, the image data is compressed and sampled using the public-key sampling matrix instead of the private-key sampling matrix, and asymmetric encryption is applied, to ensure the broad applicability of the proposed solution in various scenarios. Secondly, by combining 2-D CS with the iterative gradient projection reconstruction algorithm accompanied by sensitive region decryption (IGPRA-ASRD), it effectively addresses the single privacy protection needs in digital images while demonstrating excellent scalability, thus making it applicable for solving the challenges of multi-tiered privacy protection. Lastly, the introduced shared key mechanism effectively addresses key management issues, ensuring the secure distribution of keys. Experimental results and comparative analyses demonstrate that the proposed scheme exhibits excellent effectiveness, compressibility and security. The approach not only protects privacy at a single level but also provides a robust solution for hierarchical protection of multiple privacies in the context of digital image security.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104239"},"PeriodicalIF":3.7,"publicationDate":"2025-09-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145158306","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Ahmed Bendary , Wendson A.S. Barbosa , Andrew Pomerance , C. Emre Koksal
{"title":"Evaluating the Unpredictability of Multi-Bit Strong PUF Classes","authors":"Ahmed Bendary , Wendson A.S. Barbosa , Andrew Pomerance , C. Emre Koksal","doi":"10.1016/j.jisa.2025.104234","DOIUrl":"10.1016/j.jisa.2025.104234","url":null,"abstract":"<div><div>With advances in machine learning (ML), cybersecurity solutions and security primitives are becoming increasingly vulnerable to successful attacks. Strong Physical Unclonable Functions (PUFs) emerge as a potential countermeasure that offers high resistance to such attacks. In this paper, we introduce a generalized attack model that leverages the collective responses of multiple PUF chips within the same class to improve the prediction accuracy of responses for unobserved challenges, in contrast to traditional single-chip approaches. Furthermore, we propose an information-theoretic framework for assessing the unpredictability of multi-bit strong PUF classes, demonstrating that the Entropy Rate is a pivotal metric for evaluating their resilience against ML attacks. Our proposed entropy rate estimation serves as a model-agnostic, information-theoretic lower bound on the unpredictability that holds regardless of the attack strategy used, including ML-based ones. We argue that the Uniqueness measure, defined in terms of entropy, provides a more precise and consistent evaluation compared to traditional metrics based on Hamming distance. Additionally, we present a computationally efficient method for calculating the finite-order Entropy Rate of the hybrid Boolean network (HBN) PUF, addressing the challenges posed by high dimensionality. The experimental results validate the high unpredictability and resistance of the HBN PUF class against ML attacks.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104234"},"PeriodicalIF":3.7,"publicationDate":"2025-09-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145118607","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Tuan-Dung Tran , Huynh Phan Gia Bao , Nguyen Tan Cam , Van-Hau Pham
{"title":"DAVE-CC: A decentralized, access-controlled, verifiable ecosystem for cross-chain academic credential management","authors":"Tuan-Dung Tran , Huynh Phan Gia Bao , Nguyen Tan Cam , Van-Hau Pham","doi":"10.1016/j.jisa.2025.104238","DOIUrl":"10.1016/j.jisa.2025.104238","url":null,"abstract":"<div><div>The verification of academic credentials is facing mounting challenges in an era of global digital transformation. The proliferation of fake degrees, identity fraud, and large-scale data breaches has severely eroded trust in traditional, centralized verification systems. These systems often operate in institutional silos, lack transparency, and are not equipped to function across national or organizational boundaries, making them increasingly inadequate for today’s interconnected, adversarial digital landscape. There is a growing urgency for secure, interoperable, and privacy-preserving mechanisms that can establish decentralized trust at scale. We introduce DAVE-CC, a cross-chain credential verification framework built atop the cross-chain architecture. The primary scientific contribution of DAVE-CC is a novel, holistically decentralized trust architecture for cross-chain credentialing. Unlike prior systems that retain centralized anchors for key management or policy enforcement, our framework synergistically integrates advanced cryptographic primitives to distribute all trust-bearing functions, including credential authorization and attribute-based key generation, across a threshold of independent authorities, thus provably eliminating single points of failure. Our implementation demonstrates low end-to-end latency (2.41 s), compact cryptographic payloads, and resilience under network stress. Scalability tests show throughput improvements from 35 to 140 transactions per second, and latency reduction from 600 ms to 171.4 ms with 30 workers. These results validate the practicality of our trust-distributed architecture for real-world deployment across academic, governmental, and cross-border environments, offering a robust foundation for future-proof credential ecosystems.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104238"},"PeriodicalIF":3.7,"publicationDate":"2025-09-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145095807","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}