Journal of Information Security and Applications最新文献_第3页

Laconic updatable private set intersection

IF 3.8 2区计算机科学

Journal of Information Security and Applications Pub Date : 2025-01-16 DOI: 10.1016/j.jisa.2025.103969

Xiangqian Kong , Lanxiang Chen , Yizhao Zhu , Yi Mu

{"title":"Laconic updatable private set intersection","authors":"Xiangqian Kong , Lanxiang Chen , Yizhao Zhu , Yi Mu","doi":"10.1016/j.jisa.2025.103969","DOIUrl":"10.1016/j.jisa.2025.103969","url":null,"abstract":"<div><div>A laconic private set intersection (PSI) protocol features a two-round communication process with an initial message that remains independent of the set sizes. It is useful for efficiently matching large server sets with smaller client sets without multiple rounds of interaction. The previous work by Aranha et al. (CCS’22) demonstrated superior efficiency but relied on a trusted third party to generate a secret value <span><math><mi>s</mi></math></span> and all its powers, denoted as <span><math><mrow><mo>(</mo><mi>g</mi><mo>,</mo><msup><mrow><mi>g</mi></mrow><mrow><mi>s</mi></mrow></msup><mo>,</mo><mo>…</mo><mo>,</mo><msup><mrow><mi>g</mi></mrow><mrow><msup><mrow><mi>s</mi></mrow><mrow><mn>2</mn></mrow></msup></mrow></msup><mo>,</mo><mo>…</mo><mo>,</mo><msup><mrow><mi>g</mi></mrow><mrow><msup><mrow><mi>s</mi></mrow><mrow><mrow><mo>|</mo><mi>X</mi><mo>|</mo></mrow></mrow></msup></mrow></msup><mo>)</mo></mrow></math></span>, where <span><math><mrow><mo>|</mo><mi>X</mi><mo>|</mo></mrow></math></span> represents the size of the receiver’s set <span><math><mi>X</mi></math></span>. However, these protocols did not address the practical need for updatable sets for both the receiver and sender, which implies the ability to add new elements, delete existing ones, or update an element by deleting it and subsequently adding a new one. In our work, we present an updatable private set intersection protocol that eliminates the need for a trusted third party. Our approach achieves constant communication complexity from the receiver to the sender and linear complexity from the sender to the receiver while partially hiding the size of the receiver’s set. We first establish an efficient PSI protocol and then propose two variants that allow both parties to modify their sets. Additionally, we prove the security of our proposed protocol against semi-honest participants within our security model.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103969"},"PeriodicalIF":3.8,"publicationDate":"2025-01-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143170669","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Severity-based triage of cybersecurity incidents using kill chain attack graphs

IF 3.8 2区计算机科学

Journal of Information Security and Applications Pub Date : 2025-01-16 DOI: 10.1016/j.jisa.2024.103956

Lukáš Sadlek , Muhammad Mudassar Yamin , Pavel Čeleda , Basel Katt

{"title":"Severity-based triage of cybersecurity incidents using kill chain attack graphs","authors":"Lukáš Sadlek , Muhammad Mudassar Yamin , Pavel Čeleda , Basel Katt","doi":"10.1016/j.jisa.2024.103956","DOIUrl":"10.1016/j.jisa.2024.103956","url":null,"abstract":"<div><div>Security teams process a vast number of security events. Their security analysts spend considerable time triaging cybersecurity alerts. Many alerts reveal incidents that must be handled first and escalated to the more experienced staff to allow appropriate responses according to their severity. The current state requires an automated approach, considering contextual relationships among security events, especially detected attack tactics and techniques. In this paper, we propose a new graph-based approach for incident triage. First, it generates a kill chain attack graph from host and network data. Second, it creates sequences of detected alerts that could represent ongoing multi-step cyber attacks and matches them with the attack graph. Last, it assigns severity levels to the created sequences of alerts according to the most advanced kill chain phases that were used and the criticality of assets. We implemented the approach using the MulVAL attack graph generator and generation rules for MITRE ATT&CK techniques. The evaluation was accomplished in a testbed where multi-step attack scenarios were executed. Classification of sequences of alerts based on computed match scores obtained 0.95 area under the receiver operating characteristic curve in a feasible time. Moreover, a threshold exists for classifying 80% of positive sequences correctly and only a small percentage of negative sequences wrongly. Therefore, the approach selects malicious sequences of alerts and significantly improves incident triage.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103956"},"PeriodicalIF":3.8,"publicationDate":"2025-01-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143170671","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

MLPN: Multi-Scale Laplacian Pyramid Network for deepfake detection and localization

IF 3.8 2区计算机科学

Journal of Information Security and Applications Pub Date : 2025-01-14 DOI: 10.1016/j.jisa.2025.103965

Yibo Zhang , Weiguo Lin , Junfeng Xu , Wanshang Xu , Yikun Xu

引用次数: 0

A pairing-free proxy re-encryption scheme suitable for cloud medical information systems

IF 3.8 2区计算机科学

Journal of Information Security and Applications Pub Date : 2025-01-14 DOI: 10.1016/j.jisa.2025.103967

Han Zhou , Lunzhi Deng , Yaying Wu , Sihua Zhou

{"title":"A pairing-free proxy re-encryption scheme suitable for cloud medical information systems","authors":"Han Zhou , Lunzhi Deng , Yaying Wu , Sihua Zhou","doi":"10.1016/j.jisa.2025.103967","DOIUrl":"10.1016/j.jisa.2025.103967","url":null,"abstract":"<div><div>The cloud medical information system provides a platform for patients and doctors to share data. Patients send files containing personal medical data to cloud storage, which can reduce their own storage burden and facilitate other doctors’ access to data files. To ensure the privacy of sensitive information deposited in the communal network platform, patients should encrypt their data before submitting it to the network platform. Nevertheless, the effective sharing of encrypted data in the public cloud brings us new challenges. Proxy re-encryption (PRE) supports a proxy, who is unable to decrypt the original ciphertext, converts the original ciphertext to a new ciphertext using the re-encryption key, and the new receiver can decrypt the new ciphertext to obtain plaintext. In this article, we design a new PRE programme for cloud medical information systems. There are two merits in the new scheme. To begin with, it is indistinguishable against chosen-ciphertext attacks secure and is resistant to collusion attacks, which means that the proxy is incompetent to acquire data owner’s secret key even if he colludes with data receiver. Secondly, it has higher computational efficiency compared to other schemes because it does not use bilinear pairing operations.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103967"},"PeriodicalIF":3.8,"publicationDate":"2025-01-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143170670","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Intelligent detection framework for IoT-botnet detection: DBN-RNN with improved feature set

IF 3.8 2区计算机科学

Journal of Information Security and Applications Pub Date : 2025-01-12 DOI: 10.1016/j.jisa.2024.103961

Sandip Y. Bobade , Ravindra S Apare , Ravindra H. Borhade , Parikshit N. Mahalle

{"title":"Intelligent detection framework for IoT-botnet detection: DBN-RNN with improved feature set","authors":"Sandip Y. Bobade , Ravindra S Apare , Ravindra H. Borhade , Parikshit N. Mahalle","doi":"10.1016/j.jisa.2024.103961","DOIUrl":"10.1016/j.jisa.2024.103961","url":null,"abstract":"<div><div>The pervasive adoption of IoT devices has significantly enhanced connectivity but also introduced vulnerabilities, particularly through IoT botnets, which exploit compromised devices for large-scale attacks. Current detection methods, although effective, often face challenges in accuracy. This work proposes a new framework for IoT botnet detection utilizing an optimized hybrid classification technique. The framework comprises two primary phases: feature extraction and attack detection. Initially, various features including statistical measures, higher-order statistics, improved correlation-based insights, and flow-based characteristics are extracted from IoT network data. Notably, the approach enhances traditional correlation analysis by weighting data points based on proximity, refining the detection of complex relationships crucial for identifying botnet behaviors. To identify attacks, the system uses a hybrid classifier that integrates an Improved Deep Belief Network (IDBN) with a Recurrent Neural Network (RNN). The Improved DBN incorporates batch normalization and dropout layers, along with a modified Gumbel softmax activation function, to bolster its robustness against noisy data and prevent overfitting, while the RNN excels in sequential data analysis, capturing temporal dependencies within IoT traffic. Additionally, Self-Adaptive Beluga Whale Optimization (SA-BWO) is utilized for optimizing RNN weights, to enhance the accuracy for detection through adaptive parameter tuning. Experimental validation demonstrates the framework's superior performance in detecting IoT botnet activities, surpassing conventional methods in accuracy and resilience.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103961"},"PeriodicalIF":3.8,"publicationDate":"2025-01-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143170745","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

PRAAD: Pseudo representation adversarial learning for unsupervised anomaly detection

IF 3.8 2区计算机科学

Journal of Information Security and Applications Pub Date : 2025-01-11 DOI: 10.1016/j.jisa.2025.103968

Liang Xi, Dong He, Han Liu

引用次数: 0

SPNet: Seam carving detection via spatial-phase learning

IF 3.8 2区计算机科学

Journal of Information Security and Applications Pub Date : 2025-01-11 DOI: 10.1016/j.jisa.2025.103963

Jiyou Chen , Zhi Lv , Ge Jiao , Ming Xia , Gaobo Yang

{"title":"SPNet: Seam carving detection via spatial-phase learning","authors":"Jiyou Chen , Zhi Lv , Ge Jiao , Ming Xia , Gaobo Yang","doi":"10.1016/j.jisa.2025.103963","DOIUrl":"10.1016/j.jisa.2025.103963","url":null,"abstract":"<div><div>Seam carving is an image content-aware retargeting operation that can automatically insert seams to expand an image or remove seams to reduce image size. However, it can also perform illegal image tampering by inserting or removing objects. We observe that upsampling is a necessary step for seam removal or insertion, and cumulative them can lead to significant changes in the frequency domain, particularly in the phase spectrum. In fact, according to the properties of natural images, the phase spectrum retains rich frequency components, which can complement the loss of the amplitude spectrum and provide additional information. To this end, we propose a spatial phase-based network (SPNet) that combines spatial and phase spectra to capture retargeting artifacts for image seam carving detection. In addition, since the artifacts usually hide in the local regions for the seam carving operation, the local texture feature is more effective than the high-level semantic one. Based on this, we introduce a shallow network to reduce the receptive field, it can highlight the local features while suppressing high-level semantic information. Extensive experiments demonstrate that SPNet achieves state-of-the-art (SOTA) performance.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103963"},"PeriodicalIF":3.8,"publicationDate":"2025-01-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143170130","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Workplace security and privacy implications in the GenAI age: A survey

IF 3.8 2区计算机科学

Journal of Information Security and Applications Pub Date : 2025-01-07 DOI: 10.1016/j.jisa.2024.103960

Abebe Diro , Shahriar Kaisar , Akanksha Saini , Samar Fatima , Pham Cong Hiep , Fikadu Erba

{"title":"Workplace security and privacy implications in the GenAI age: A survey","authors":"Abebe Diro , Shahriar Kaisar , Akanksha Saini , Samar Fatima , Pham Cong Hiep , Fikadu Erba","doi":"10.1016/j.jisa.2024.103960","DOIUrl":"10.1016/j.jisa.2024.103960","url":null,"abstract":"<div><div>Generative Artificial Intelligence (GenAI) is transforming the workplace, but its adoption introduces significant risks to data security and privacy. Recent incidents underscore the urgency of addressing these issues. This comprehensive survey investigates the implications of GenAI integration in workplaces, focusing on its impact on organizational operations and security. We analyze vulnerabilities within GenAI systems, threats they face, and repercussions of AI-driven workplace monitoring. By examining diverse attack vectors like model attacks and automated cyberattacks, we expose their potential to undermine data integrity and privacy. Unlike previous works, this survey specifically focuses on the security and privacy implications of GenAI within workplace settings, addressing issues like employee monitoring, deepfakes, and regulatory compliance. We delve into emerging threats during model training and usage phases, proposing countermeasures such as differential privacy for training data and robust authentication for access control. Additionally, we provide a comprehensive analysis of evolving regulatory frameworks governing AI tools globally. Based on our comprehensive analysis, we propose targeted recommendations for future research and policy-making to promote responsible and secure adoption of GenAI in the workplace, such as incentivizing the development of explainable AI (XAI) and establishing clear guidelines for ethical data usage. This survey equips stakeholders with a comprehensive understanding of GenAI’s complex workplace landscape, empowering them to harness its benefits responsibly while mitigating risks.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103960"},"PeriodicalIF":3.8,"publicationDate":"2025-01-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143170751","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Security analysis of SFrame

IF 3.8 2区计算机科学

Journal of Information Security and Applications Pub Date : 2025-01-07 DOI: 10.1016/j.jisa.2024.103958

Takanori Isobe , Ryoma Ito , Kazuhiko Minematsu

引用次数: 0

BridgeSec: Facilitating effective communication between security engineering and systems engineering

IF 3.8 2区计算机科学

Journal of Information Security and Applications Pub Date : 2025-01-06 DOI: 10.1016/j.jisa.2024.103954

Avi Shaked , Nan Messe

{"title":"BridgeSec: Facilitating effective communication between security engineering and systems engineering","authors":"Avi Shaked , Nan Messe","doi":"10.1016/j.jisa.2024.103954","DOIUrl":"10.1016/j.jisa.2024.103954","url":null,"abstract":"<div><div>We increasingly rely on systems to perform reliably and securely. Therefore, it is imperative that security aspects are properly considered when designing and maintaining systems. However, achieving the security by design ideal is challenging. Security information is typically unstructured, dispersed, hard to communicate, and its assessment is somewhat subjective and tacit. Additionally, the inclusion of security information within design requires integrating the efforts of two knowledge-intensive disciplines: security engineering and systems engineering. In this paper, we introduce BridgeSec, a novel conceptual information-exchange interface to systemise the communication of security information between these two disciplines. The main contribution of BridgeSec lies in its explicit identification of concepts related to vulnerability management, which allows systems engineering and security engineering teams to codify pertinent information. The disciplines involved in the system design can thus coordinate policies, implementations and, ultimately, the security posture. Furthermore, based on the newly unveiled interface, an automated reasoning mechanism is specified. This mechanism allows to reason about the vulnerability posture of systems in a scalable and systematic way. First, we describe and formalise the information-exchange interface BridgeSecand how it can be used to reason about the security of systems designs. Next, we present an open-source prototype – integrated into a threat modelling tool – which rigorously implements the interface and the reasoning mechanism. Finally, we detail two diverse and prominent applications of the interface for communicating security aspects of systems designs. These applications show how BridgeSec can rigorously support the design of systems’ security in two representative scenarios: in coordinating security features and policy during design, and in coordinating mitigation to disclosed implementation vulnerabilities.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103954"},"PeriodicalIF":3.8,"publicationDate":"2025-01-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143170750","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0