Journal of Information Security and Applications最新文献

{"title":"A privacy protection scheme for biological characteristics based on 4D hyperchaos and matrix transformation","authors":"Liyuzhen Yang ,&nbsp;Zhenlong Man ,&nbsp;Ze Yu ,&nbsp;Ying Zhou","doi":"10.1016/j.jisa.2025.104198","DOIUrl":"10.1016/j.jisa.2025.104198","url":null,"abstract":"<div><div>In recent years, biometrics have been widely used in areas such as access control, healthcare, finance and the Internet of Things (IoT). However, due to the uniqueness and immutability of biometric data, it poses a serious privacy risk once leaked. To address these challenges, this paper proposes an improved biometric image encryption scheme. We enhance the classical three-dimensional Chen’s chaotic system into a four-dimensional model to take full advantage of its high sensitivity and stochasticity. By integrating Latin matrices and semi-tensor products, we develop a novel encryption algorithm designed to protect multimodal biometrics. The method overcomes the instability of traditional cryptographic algorithms and ensures robust protection of biometric data when processing different images such as face, fingerprint, palmprint and iris. Various performance evaluations are also conducted, in which the image encryption time reaches 0.071s, the UACI values of the ciphertext images are close to 99.6094%, and the information entropy of the ciphertext images reaches 7.9980. The experimental results show that the algorithm has excellent encryption, security, and efficiency. This method provides a reliable solution for securing biometric data in an increasingly complex digital environment.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104198"},"PeriodicalIF":3.7,"publicationDate":"2025-08-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144863263","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Rhetorical Structure Theory-based machine intelligence-driven deceptive phishing attack detection scheme","authors":"Chanchal Patra ,&nbsp;Debasis Giri ,&nbsp;Bibekananda Kundu ,&nbsp;Tanmoy Maitra ,&nbsp;Mohammad Wazid","doi":"10.1016/j.jisa.2025.104184","DOIUrl":"10.1016/j.jisa.2025.104184","url":null,"abstract":"<div><div>The easiest way for users to interact with one other is via emails or messages. However, the growing incidence of cybercrime necessitates the astute use of emails or messages. These days, one of the biggest risks is phishing as well as smishing. Attackers aim to get sensitive user data by means of phishing emails. Credit card information, passwords, usernames, and other sensitive data are included. These might result in severe financial loss. The literature has a plethora of anti-phishing techniques for identifying phishing email or messages. However, fraudsters are always coming up with new techniques, making it difficult to develop anti-phishing techniques to stop phishing or smishing attack. This paper discusses a novel methodology leveraging Rhetorical Structure Theory (RST) to validate whether a given text of emails or messages are deceptive or not. A balanced dataset of deceptive and non-deceptive have been collected and annotated manually using different features like term Discourse Connectors, Rhetorical Relations, Deception likely tags and sentence type features. The work involved experiment with different machine learning classifiers trained using these features in order to achieve higher accuracy in deception phishing detection task. The proposed technique exhibits high accuracy on the dataset when RST based linguistic features are used. When ensemble classifiers are used instead of individual classifiers, the optimal classification performance is achieved, leading to an increase in accuracy. In comparison to the individual learners, the results of our experiment demonstrate that the proposed technique achieved the greatest accuracy, precision, recall, and F1-score values.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104184"},"PeriodicalIF":3.7,"publicationDate":"2025-08-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144880046","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A general framework for high-dimension data secure aggregation with resilience to dropouts","authors":"Chao Huang ,&nbsp;Yanqing Yao ,&nbsp;Xiaojun Zhang ,&nbsp;Yuan Zhang ,&nbsp;Zhoujun Li","doi":"10.1016/j.jisa.2025.104194","DOIUrl":"10.1016/j.jisa.2025.104194","url":null,"abstract":"<div><div>Data secure aggregation (DSA) protocols play an important role in many applications with privacy preservation, e.g., medical data analysis, federated learning model aggregation, etc. In such protocols, the computation and communication complexity of clients and the aggregator heavily depend on two parameters, including the number of involved clients and the dimension of secret data. Besides, resilience to client dropouts is an crucial requirement in many applications. In this paper, we focus on the issue of high-dimension DSA (HDDSA) with resilience to dropouts. Based on a critical non-interactive masking method using lightweight computations over polynomials, we propose a DSA reduction framework to transform high-dimension DSA problem to secure aggregation over scalars. We also construct two efficient HDDSA protocol instantiations based on multiparty homomorphic encryption (MPHE) cryptosystems. The first one (HDDSA1) gives a 2-round DSA protocol based on a threshold Paillier’s cryptosystem which requires a trusted setup. The second one (HDDSA2) gives a 3-round DSA protocol based on a multiparty Brakerski–Fan–Vercauteren (MPBFV) cryptosystem, which by contrast does not need trusted setup. Both protocols are resilient to dropouts by design and do not introduce extra recovery overheads. In addition, both protocols are secure against semi-honest adversary and collusion adversary with up to <span><math><mrow><mi>min</mi><mrow><mo>(</mo><mi>t</mi><mo>−</mo><mn>1</mn><mo>,</mo><mi>n</mi><mo>−</mo><mn>2</mn><mo>)</mo></mrow></mrow></math></span> clients, given <span><math><mi>n</mi></math></span> clients involved in the protocols, <span><math><mi>t</mi></math></span> is a threshold parameter of underlying subprotocol. In terms of efficiency, the computation and communication complexity at client side are both <span><math><mrow><mi>O</mi><mrow><mo>(</mo><mi>ℓ</mi><mo>)</mo></mrow></mrow></math></span>, where <span><math><mi>ℓ</mi></math></span> is the dimension, which is independent of the number of clients. Empirical experiments are also conducted to show the practical efficiency superiority of our framework and proposed protocols.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104194"},"PeriodicalIF":3.7,"publicationDate":"2025-08-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144880047","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Towards a robust android malware detection model using explainable deep learning","authors":"Masumeh Najibi,&nbsp;Amir Jalaly Bidgoly","doi":"10.1016/j.jisa.2025.104191","DOIUrl":"10.1016/j.jisa.2025.104191","url":null,"abstract":"<div><div>The growing threat of Android malware demands effective and trustworthy detection mechanisms. This paper investigates the robustness of explainable deep learning models for Android malware detection and classification using network flow features. Three deep learning architectures — DNN, 1D-CNN, and BiLSTM — were evaluated on the CICAndMal2017 dataset, with BiLSTM achieving the best performance on unseen samples. Model decisions were analyzed using LIME and SHAP to identify influential and potentially manipulable features. Using domain knowledge, features were categorized based on their resistance to evasion, with emphasis on robust indicators such as TCP flags and initial window sizes. Retraining models using only these robust features resulted in minimal performance degradation while significantly improving explainability and resilience to evasion. On the unseen dataset, the BiLSTM model achieved a 70.90% F1-score for malware detection and 62.84% for classification, with AUC scores of 73.39% and 79.96%, respectively. After removing weak features, the retrained detection model maintained a 71% F1-score, and the classification model achieved 57%, demonstrating that robustness can be improved without major loss in performance. These results highlight the potential for transparent and dependable AI-driven cybersecurity solutions, particularly in adversarial settings where evasion is common. By emphasizing explainability and robustness, this work contributes towards models that balance performance with trust in evolving threat landscapes.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104191"},"PeriodicalIF":3.7,"publicationDate":"2025-08-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144858086","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Improved biometric data protection: Bounded brute-force strategy for maximum likelihood decoding","authors":"Wen Khai Lai,&nbsp;Ming Jie Lee,&nbsp;Kai Lin Chia,&nbsp;Yen-Lung Lai","doi":"10.1016/j.jisa.2025.104182","DOIUrl":"10.1016/j.jisa.2025.104182","url":null,"abstract":"<div><div>Conventional biometric data protection schemes often struggle to provide strong and reliable security guarantees after transformation, largely due to the noise amplification introduced during quantization. This amplified noise can distort the relationship between the protected and original biometric data, creating a gap between the claimed security of the protected representation and the actual security of the raw input. Such a mismatch risks overestimating system robustness and may expose the scheme to vulnerabilities such as pre-image attacks. To address this challenge, we propose a novel secure sketch construction that integrates Locality-Sensitive Hashing (LSH) with a bounded brute-force strategy for maximum likelihood decoding. Our method achieves asymptotically optimal error tolerance while preserving the statistical alignment of inter- and intra-class variability across both unprotected and protected domains. This alignment enables accurate key recovery and enhances resistance to pre-image and decoding attacks. Comprehensive experiments demonstrate that our method consistently outperforms existing approaches in both security and robustness to biometric variability, offering a practical and theoretically grounded solution for biometric authentication.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104182"},"PeriodicalIF":3.7,"publicationDate":"2025-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144858085","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A feature vector-based modeling attack method on symmetrical obfuscated interconnection PUF","authors":"Huanwei Wang ,&nbsp;Fushan Wei ,&nbsp;Fagen Li ,&nbsp;Jing Jing ,&nbsp;Tieming Liu ,&nbsp;Wei Liu","doi":"10.1016/j.jisa.2025.104187","DOIUrl":"10.1016/j.jisa.2025.104187","url":null,"abstract":"<div><div>Physical unclonable function (PUF) are widely used in solutions such as device authentication and lightweight encryption due to their tamper-resistant, key-free storage and lightweight properties. However, the security of PUFs is threatened by modeling attacks. In this paper, we propose a novel modeling attack method for the symmetrical obfuscated interconnection physical unclonable function (SOI PUF) based on feature vectors. The proposed method introduces an innovative feature vector transformation technique and vector response pair to capture higher-order relationships with complex PUF architectures. Meanwhile, we propose two important principles for designing deep neural network (DNN) attack models. The experiments are systematically validated for the novel SOI PUF and cSOI PUF architectures, and the results show that, under equivalent dataset conditions, the proposed method achieves a higher attack success rate compared to the traditional challenge-response pair-based modeling approaches, achieving an accuracy of 98.42% in modeling SOI PUF. This study provides valuable theoretical and practical insights for enhancing PUF security and designing attack-resistant PUF architectures.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104187"},"PeriodicalIF":3.7,"publicationDate":"2025-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144858084","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Robust zero-watermarking method for medical images based on FFST and Daisy descriptor","authors":"Guangyun Yang ,&nbsp;Xinhui Lu ,&nbsp;Yu Lu ,&nbsp;Xiangguang Xiong","doi":"10.1016/j.jisa.2025.104193","DOIUrl":"10.1016/j.jisa.2025.104193","url":null,"abstract":"<div><div>With the continuous development of digital medical imaging technologies, ensuring the security of the medical images has become critically important. In this study,the Daisy descriptors’ stability against attacks was first experimented with, and the findings show that it provides superior robustness. With this, a robust zero-watermarking method is designed to maintain medical image integrity and enable copyright protection by combining the fast finite Shearlet transform (FFST), Daisy descriptor, and Hessenberg decomposition. First, FFST was performed on the medical image to extract the low-frequency component and divide it into blocks of equal size. Second, each block’s Daisy descriptor matrix is calculated and its 8<span><math><mo>×</mo></math></span> 8 block is selected, after which the Hessenberg decomposition is performed for each block, and a feature image is derived from the magnitude comparison between the maximum value of each block and the global mean. Additionally, the copyrighted image is first encrypted by using a 2D Logistic-Sine coupling mapping, and then combined with the feature image through an exclusive OR operation to produce an unrecognizable binary image. The experimental results on ten medical images and three benchmark image databases (COVID-19, OASIS-1, and SIPI) show that the proposed method is highly resistant to most attacks, and the normalized correlation coefficient is always maintained higher than 0.95. Compared to typical methods, our method achieves superior robustness and improves the average performance by approximately 3.2%.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104193"},"PeriodicalIF":3.7,"publicationDate":"2025-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144852573","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Efficient NTT/INTT processor for FALCON post-quantum cryptography","authors":"Ghada Alsuhli ,&nbsp;Hani Saleh ,&nbsp;Mahmoud Al-Qutayri ,&nbsp;Baker Mohammad ,&nbsp;Thanos Stouraitis","doi":"10.1016/j.jisa.2025.104177","DOIUrl":"10.1016/j.jisa.2025.104177","url":null,"abstract":"<div><div>FALCON is a lattice-based post-quantum cryptographic (PQC) digital signature standard known for its compact signatures and resistance to quantum attacks. Since its recent standardization, its hardware implementation remains an open challenge, particularly for key generation, which is significantly more complex than the simple and well-studied signature verification process. In this paper, targeting edge devices with constrained resources, we present an energy-efficient and area-optimized NTT/INTT architecture tailored to the specific requirements of FALCON key generation. By leveraging NTT-friendly primes and reducing the size of the multipliers in the Montgomery reduction algorithm — optimized for ASIC implementation — our design minimizes hardware complexity, achieving the lowest power and area consumption compared to state-of-the-art Montgomery reduction implementations. The proposed hardware architecture features a processing element array, distributed SRAMs, and ROMs, with three levels of reconfigurability, supporting both NTT and INTT operations. Designed using the Global Foundries’ 22 nm FD-SOI process, an Application-Specific Integrated Circuit (ASIC) is estimated to occupy 0.04 mm<span><math><msup><mrow></mrow><mrow><mn>2</mn></mrow></msup></math></span> and consume 18.2 mW at 1 GHz. The proposed processor achieves 700 times greater energy efficiency and performs computations 200 times faster than software implementations on the ARM Cortex-M4. It also achieves the lowest area–time product and highest energy efficiency among state-of-the-art NTT/INTT hardware accelerators. By carefully balancing power consumption and computational speed, this design offers an efficient solution for deploying FALCON key generation on devices with limited resources.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104177"},"PeriodicalIF":3.7,"publicationDate":"2025-08-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144841758","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"SecureLoc: A fully homomorphic encryption-based privacy protection scheme for location-based services","authors":"Qiqi Xie ,&nbsp;Hong Zhang ,&nbsp;Liqiang Wang ,&nbsp;Miao Wang ,&nbsp;Wanqing Wu ,&nbsp;Yilong Liu","doi":"10.1016/j.jisa.2025.104190","DOIUrl":"10.1016/j.jisa.2025.104190","url":null,"abstract":"<div><div>As Internet of Things (IoT) technology advances, a growing number of devices can access real-time location information and engage with other devices and platforms. Consequently, this expansion enriches the data sources and application scenarios for Location-Based Services (LBS). The computational tasks of LBS are often outsourced to a third-party service (<em>TPS</em>) for processing in order to improve computational efficiency on users’ devices. However, sensitive and private data stored with a semi-honest <em>TPS</em> poses the risk of data abuse or data leakage. In this paper, we propose a robust privacy-preserving scheme called SecureLoc within outsourced computing environments. Utilizing the collaborative capabilities of the <em>TPS</em> and the Trajectory Matching Server (<em>TMS</em>), we present a fully homomorphic encryption approach to protect the privacy of location and sensitive information. Specifically, we present an improved CKKS-based trajectory comparison algorithm that ensures trajectory matching without exposing sensitive plaintext data. In addition, by utilizing complex numbers to store location coordinates and ciphertext expansion, we greatly improve the computational efficiency. We also combine the K-anonymity algorithm with CKKS to further enhance the protection of user privacy by anonymizing and generalizing sensitive information such as phone numbers, ID numbers, and LBS request times. Finally, we prove SecureLoc is secure against semi-honest <em>TPS</em> and malicious eavesdroppers, and demonstrate that our method outperforms other state-of-the-art methods in terms of security, feasibility, and accuracy.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104190"},"PeriodicalIF":3.7,"publicationDate":"2025-08-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144841927","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"MLAF-VD: A vulnerability detection model based on multi-level abstract features","authors":"Qinghao Li,&nbsp;Wei Liu,&nbsp;Yisen Wang,&nbsp;Weiyu Dong","doi":"10.1016/j.jisa.2025.104189","DOIUrl":"10.1016/j.jisa.2025.104189","url":null,"abstract":"<div><div>As key factors that threaten software security, software vulnerabilities need to be effectively detected. In recent years, with the prosperity of deep learning technology, the academic community has witnessed the emergence of numerous software vulnerability detection methods based on deep learning. These methods usually use different-level abstract features such as code snippets, AST, or CFG as feature representations of vulnerability samples, and then feed them into neural networks to learn patterns of the vulnerabilities. However, these abstract features lack direct relevance to vulnerability detection (i.e., they are not specifically designed for vulnerability detection), which makes it difficult for these abstract features to represent the vulnerability semantics accurately. In addition, single-level abstract features face challenges in comprehensively reflecting code information. In this paper, we propose a semantic-level danger structure graph (DSG), which aims to represent the semantic part of the code that is related to the vulnerability. A graph neural network with global attention, Global-GAT, is also proposed to capture the global dependencies of the graph representation. Based on DSG and Global-GAT, we propose a vulnerability detection model based on multi-level abstract features, named MLAF-VD. MLAF-VD learns the sequence-level, structure-level, and semantic-level abstract features of the code with multiple attention mechanisms, and alleviates the influence of noise information through a denoising module. We evaluate MLAF-VD on 3 representative public datasets, and the results show that MLAF-VD outperforms the best baseline methods by 4.88%, 7.40%, and 12.60% in terms of F1-Score, respectively. In practical applications, MLAF-VD detects 20 N-Day vulnerabilities from 6 open-source projects, demonstrating its effectiveness in detecting software vulnerabilities.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104189"},"PeriodicalIF":3.7,"publicationDate":"2025-08-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144829717","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}