Journal of Information Security and Applications最新文献

{"title":"Parallel SAT framework to find clustering of differential characteristics and its applications","authors":"Kosei Sakamoto ,&nbsp;Ryoma Ito ,&nbsp;Takanori Isobe","doi":"10.1016/j.jisa.2025.104203","DOIUrl":"10.1016/j.jisa.2025.104203","url":null,"abstract":"<div><div>The most crucial but time-consuming task for differential cryptanalysis is to find a differential with a high probability. To tackle this task, we propose a new SAT-based automatic search framework developed to efficiently determine the differential with the highest probability under a specified condition. Conventional SAT-based methods have primarily aimed to accelerate the search for an optimal single differential characteristic or to evaluate the clustering effect for a specific input–output difference. However, methods tailored to the former purpose are often not optimized to evaluate the clustering effect. Meanwhile, methods developed for the latter purpose lack comprehensive search capabilities and, therefore, have difficulty identifying a differential with the highest probability. Our framework leverages a multi-threading technique to solve incremental SAT problems in parallel, offering the following advantages over previous methods: (1) speedy identification of the differential with the highest probability under the specified conditions; (2) efficient construction of the truncated differential with the highest probability from multiple obtained differentials; and (3) applicability to a wide class of symmetric-key primitives. To demonstrate the effectiveness of our framework, we apply it to various low-latency primitives, including block ciphers (<span>PRINCE</span> and <span>PRINCEv2</span>) and tweakable block ciphers (<span>QARMA</span> and <span>QARMAv2</span>). We have successfully determined the tight differential bounds for all variants of the target ciphers within a practical time, identifying the longest distinguisher for all the variants, excluding <span>QARMAv2</span> under the related-tweak setting. Besides, we have uncovered significant differences in the behavior of differential between <span>PRINCE</span> and <span>QARMA</span>, particularly concerning the clustering effect. Our findings shed light on the new structural properties of these important primitives. In the context of key recovery attacks, our framework allows the derivation of key-recovery-friendly truncated differentials for all variants of <span>QARMA</span>. Consequently, we report key recovery attacks based on (truncated) differential cryptanalysis on <span>QARMA</span> under the related-tweak setting for the first time. demonstrating that these key recovery attacks are competitive with existing attacks.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104203"},"PeriodicalIF":3.7,"publicationDate":"2025-09-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145004559","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"High payload H.266/Versatile Video Coding (VVC) steganography based on affine motion estimation and chaotic maps","authors":"Salwan F. Salman Al-Rubaie,&nbsp;Maher K. Mahmoud Al-Azawi","doi":"10.1016/j.jisa.2025.104212","DOIUrl":"10.1016/j.jisa.2025.104212","url":null,"abstract":"<div><div>The widespread data breaches across the internet, along with the vast usage of high-definition and ultra-high-definition video applications, have prompted institutions to focus on developing steganography techniques for the next-generation video codec standard, H.266/Versatile Video Coding (VVC). This focus is attributed to VVC's superior technological capabilities, which offer a 50 % reduction in bitrate while allowing for a greater data embedding capacity. All while preserving comparable visual quality to its predecessor, H.265/High Efficiency Video Coding (HEVC). This paper proposes a video steganographic technique for the VVC standard that utilizes Motion Vectors (MVs) based on Affine Motion Estimation (AME) as confidential information carriers, where four novel chaotic maps are adopted to ensure a high level of system security. The paper’s contributions include a large payload approach based on MVs for the H.266 standard, along with the use of four novel chaotic maps to enhance system security. Simulation results proved that the proposed technique achieves an average hiding capacity of 73.760 Kbits per frame, significantly surpassing state-of-the-art methods accomplished in 1920 × 1080 video resolution with a difference Peak Signal to Noise Ratio (ΔPSNR) of -0.097 dB, a Bit Rate Increase (BRI) of 4.120 %, and at a Quantization Parameter (QP) of 32. Furthermore, the integration of four highly complex chaotic maps, featuring a large key space size of 2⁷⁹⁷, elevates the security of the suggested technique, rendering it nearly unbreakable against all types of brute-force cyberattacks.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104212"},"PeriodicalIF":3.7,"publicationDate":"2025-09-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144996127","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Arithmetic consistency attack-resistant integrity verification for secure outsourced computing","authors":"Ting Liu ,&nbsp;Renwan Bi ,&nbsp;Jinbo Xiong ,&nbsp;Yuanyuan Zhang ,&nbsp;Youliang Tian","doi":"10.1016/j.jisa.2025.104218","DOIUrl":"10.1016/j.jisa.2025.104218","url":null,"abstract":"<div><div>Secure outsourced computing (SOC) enables clients to offload data and computational tasks to cloud servers, thereby liberating them from the constraints of storage and computational resources. As a novel computational paradigm, it has garnered widespread attention for its ability to offer significant advantages while ensuring data confidentiality and integrity. To address the issues of high computational cost, lack of bidirectional verification capability, and vulnerability to attacks in existing integrity verification schemes based on homomorphic encryption (HE), this paper proposes an arithmetic consistency attack-resistant integrity verification framework (ACIV). Firstly, we design two verification protocols combining HE and arithmetic secret sharing (ASS), which support integrity verification for both outsourced data and computational results. The incorporation of lightweight ASS significantly reduces computational cost during verification. Secondly, we construct a novel arithmetic consistency attack method, exposing the security vulnerabilities in this type of verification protocols. The malicious adversary can easily exploit the homomorphic properties of HE to tamper with data. On the basis, we propose corresponding countermeasures. Under the assumption of pre-generated immutable random numbers, the optimized protocols effectively defend against arithmetic consistency attack while ensuring data confidentiality and integrity during transmission. Theoretical analysis and performance evaluation demonstrate that the optimized version achieves stronger security and better efficiency than the baseline protocols. This work provides a feasible solution for integrity verification in SOC environments.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104218"},"PeriodicalIF":3.7,"publicationDate":"2025-09-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144988916","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A novel approach for malicious URL detection using RoBERTa and sparse autoencoder","authors":"Zhiqing Huang ,&nbsp;Tian Ban ,&nbsp;Yanxin Zhang","doi":"10.1016/j.jisa.2025.104214","DOIUrl":"10.1016/j.jisa.2025.104214","url":null,"abstract":"<div><div>Detecting malicious URLs within requests is an effective method for blocking Web threats. Current methods for detecting malicious URLs mainly rely on supervised machine learning algorithms to construct classification models, which consequently demand high-quality training data. And these methods also have limitations in detecting malicious samples, resulting in a high false negative rate when encountering unknown anomalies. This paper proposes an anomaly detection method based on RoBERTa and sparse autoencoder for detecting malicious URLs. This method initially involves preprocessing the URL samples. Subsequently, RoBERTa is used to extract features from URLs and converts them into feature vectors. Sparse autoencoder is utilized to detect malicious samples ultimately. During the model training process, only benign samples are used as input. It enables sparse autoencoder to effectively reconstruct the characteristics of benign samples to identify malicious ones. This method was tested on the dataset composed of CSIC2010 and PRDREQ. The experimental results show that the detection model achieves an accuracy of 0.9921, a recall of 0.9863, and an F1 score of 0.9887, outperforming all baseline methods.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104214"},"PeriodicalIF":3.7,"publicationDate":"2025-09-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144932760","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A novel approach for real-time DDoS detection in SDN using dimensionality reduction and ensemble learning","authors":"Sid Ali Madoune ,&nbsp;Sarra Senouci ,&nbsp;Ding De Jiang ,&nbsp;Mohammed Raouf Senouci ,&nbsp;Mohamed Amine Daoud ,&nbsp;Rayan Anwar Mohammed Alawad ,&nbsp;Yassine Madoune","doi":"10.1016/j.jisa.2025.104195","DOIUrl":"10.1016/j.jisa.2025.104195","url":null,"abstract":"<div><div>This paper presents an innovative approach to detecting Distributed Denial of Service (DDoS) attacks in Software-Defined Networking (SDN) environments by integrating dimensionality reduction, feature engineering, and ensemble learning techniques. The proposed method leverages a two-stage dimensionality reduction process utilizing Principal Component Analysis (PCA) and t-Distributed Stochastic Neighbor Embedding (t-SNE), which effectively captures both linear and non-linear patterns in network traffic. Feature augmentation is further achieved through K-Means clustering, which enhances the feature set by providing valuable cluster-based insights, thereby improving model performance. Evaluated on a comprehensive SDN dataset, the approach achieves a highest observed detection accuracy of 99.93% using an ensemble model, highlighting its effectiveness in distinguishing between malicious and benign traffic. Notably, machine learning models such as Random Forest and XGBoost demonstrate exceptional performance, with XGBoost providing outstanding computational efficiency by processing predictions in just 0.187 s. This highlights its suitability for real-time DDoS detection and significantly outpaces traditional methods in both detection accuracy and processing speed. The ensemble learning technique applied further improves classification robustness, making the method highly reliable in dynamic SDN environments. These findings underscore the efficacy of combining dimensionality reduction, feature engineering, and advanced machine learning methods to address critical security challenges in SDN environments, providing a scalable and efficient solution for mitigating DDoS attacks.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104195"},"PeriodicalIF":3.7,"publicationDate":"2025-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144926022","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"VADViT: Vision transformer-driven memory forensics for malicious process detection and explainable threat attribution","authors":"Yasin Dehfouli ,&nbsp;Arash Habibi Lashkari","doi":"10.1016/j.jisa.2025.104200","DOIUrl":"10.1016/j.jisa.2025.104200","url":null,"abstract":"<div><div>Modern malware’s increasing complexity limits traditional signature- and heuristic-based detection, necessitating advanced memory forensic techniques. Machine learning methods have been explored, but many rely on outdated feature sets and require significant domain knowledge for feature extraction. Also, handling large-scale memory data — especially in image-based approaches — poses challenges in efficiency and forensic explainability. We propose VADViT, a vision transformer-based model for detecting malicious processes by analyzing Virtual Address Descriptor (VAD) memory regions to address these limitations. VADViT transforms these regions into fused Markov, entropy, and intensity images, enabling effective classification using a Vision Transformer (ViT) with self-attention mechanisms. We also introduce BCCC-MalMem-SnapLog-2025, a new dataset that captures memory dumps at regular intervals and logs PIDs, enabling precise VAD extraction without relying on dynamic analysis. VADViT achieves 99% accuracy in binary classification and a 92% macro-averaged F1 score in multi-class detection. Attention-based sorting of VAD regions further improves forensic efficiency by narrowing the analysis scope to the most relevant memory areas.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104200"},"PeriodicalIF":3.7,"publicationDate":"2025-08-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144918118","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"GraPhish: A graph-based approach for phishing detection from encrypted TLS traffic","authors":"Kartik Manguli ,&nbsp;Cheemaladinne Kondaiah ,&nbsp;Alwyn Roshan Pais ,&nbsp;Routhu Srinivasa Rao","doi":"10.1016/j.jisa.2025.104216","DOIUrl":"10.1016/j.jisa.2025.104216","url":null,"abstract":"<div><div>Phishing has increased substantially over the last few years, with cybercriminals deceiving users via spurious websites or confusing mails to steal confidential data like username and password. Even with browser-integrated security indicators like HTTPS prefixes and padlock symbols, new phishing strategies have circumvented these security features. This paper proposes GraPhish, a novel graph-based phishing detection framework that leverages encrypted TLS traffic features. We constructed an in-house dataset and proposed an effective method for graph generation based solely on TLS-based features. Our model performs better than traditional machine learning algorithms. GraPhish achieved an accuracy of 94.82%, a precision of 96.28%, a recall of 92.11%, and an improved AUC-ROC score of 98.29%.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104216"},"PeriodicalIF":3.7,"publicationDate":"2025-08-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144918042","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Adversarial feature generation for ML-based intrusion detection in the petrochemical industry","authors":"Sardar Shan Ali Naqvi ,&nbsp;Chunjie Zhou ,&nbsp;Peihang Xu ,&nbsp;Yahui Li ,&nbsp;Jin Jiashu ,&nbsp;Muhammad Uzair","doi":"10.1016/j.jisa.2025.104215","DOIUrl":"10.1016/j.jisa.2025.104215","url":null,"abstract":"<div><div>Machine learning-based intrusion detection systems (IDS) have been adopted widely to secure industrial control systems (ICS), including the petrochemical industry, against evolving cyber threats. However, recent studies show that these IDS are often ineffective against adversarial attacks. Therefore, in this study, we examine latent-space vulnerabilities in variational autoencoder (VAE)-based IDS by proposing an adversarial feature generation method, which manipulates the reconstructions of VAE and misclassifies intrusions as normal activity. By perturbing inputs to match latent representations with benign distributions, we demonstrate that VAEs are susceptible to evasion rates of 96% for Decision Tree (DT) and 100% for SVM classifiers, outperforming GAN-based attacks by 15% on a simulated fluid-catalytic cracking (FCC) dataset. Statistical validation using Wilcoxon test (<span><math><mrow><mi>p</mi><mo>&lt;</mo><mn>0</mn><mo>.</mo><mn>001</mn></mrow></math></span>) confirms that normalization processes linearly degrade reconstruction fidelity, exposing predictable adversarial dynamics. These findings emphasize the urgent need for adversarial training and compact latent-space designs to enhance the resilience of ML-based IDS in mission-critical petrochemical ICS.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104215"},"PeriodicalIF":3.7,"publicationDate":"2025-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144918041","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"AUKA: Asynchronous updatable key agreement for edge-based mobile crowd sensing","authors":"Mingrui Zhang ,&nbsp;Ru Meng ,&nbsp;Tao Wang ,&nbsp;Yanwei Zhou ,&nbsp;Bo Yang ,&nbsp;Lei Zhang","doi":"10.1016/j.jisa.2025.104213","DOIUrl":"10.1016/j.jisa.2025.104213","url":null,"abstract":"<div><div>Edge-based mobile crowd sensing (E-MCS) enhances efficiency by leveraging edge servers for local task processing, reducing cloud load and latency. However, establishing secure, low-latency communication between mobile devices and edge servers remains a challenge. Existing key agreement (KA) schemes either require multiple interaction rounds, increasing latency and energy consumption, or compromise security properties like perfect forward security and key-compromise impersonation resistance. To address these limitations, we propose an asynchronous updatable KA (AUKA) scheme tailored for E-MCS. AUKA is built upon key agreement, incorporating the design concept of updatable key encryption and leveraging standard cryptographic primitives such as hash functions to construct an efficient scheme with a session key update mechanism. AUKA achieves strong perfect forward security, even if a mobile device’s private key and random number are compromised, all previously established session keys remain secure, effectively mitigating long-term security risks. Additionally, AUKA maintains an almost 0-RTT property, enabling efficient session key establishment and key updates without introducing excessive communication overhead. We prove its security under the gap computational Diffie–Hellman assumption and validate its efficiency through simulations. Results demonstrate that AUKA offers a highly secure and scalable solution for E-MCS.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104213"},"PeriodicalIF":3.7,"publicationDate":"2025-08-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144908569","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Robust authentication and key agreement protocol for smart microgrid environment","authors":"Raveendra Babu Ponnuru ,&nbsp;Sathish A.P. Kumar ,&nbsp;Mohamad Azab ,&nbsp;Basker Palaniswamy ,&nbsp;Goutham Reddy Alavalapati","doi":"10.1016/j.jisa.2025.104202","DOIUrl":"10.1016/j.jisa.2025.104202","url":null,"abstract":"<div><div>Integrating advanced communication technologies has significantly enhanced power distribution efficiency, reliability, and sustainability in the evolving landscape of smart microgrids. However, this integration introduces substantial security challenges, particularly concerning authentication and critical agreement processes, which are essential for maintaining the integrity and confidentiality of smart grid communications. This paper presents a novel authentication and key agreement protocol specifically designed for the smart grid environment by incorporating advanced cryptographic techniques such as ECC, physical unclonable functions, and blockchain. Our protocol ensures mutual authentication between devices, robust key management, and resistance to prevalent security threats. We conduct a comprehensive security analysis and performance evaluation, demonstrating that our protocol enhances security and maintains the efficiency necessary for practical deployment in smart grids. The results indicate significant improvements in security and performance metrics compared to existing solutions, establishing our protocol as a viable and effective option for securing smart grid communications.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104202"},"PeriodicalIF":3.7,"publicationDate":"2025-08-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144896369","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}