{"title":"FP-growth-based signature extraction and unknown variants of DoS/DDoS attack detection on real-time data stream","authors":"Arpita Srivastava, Ditipriya Sinha","doi":"10.1016/j.jisa.2025.103996","DOIUrl":"10.1016/j.jisa.2025.103996","url":null,"abstract":"<div><div>Protecting sensitive information on Internet from unknown attacks is challenging due to no known signatures, limited historical data, a high number of false positives, and a lack of vendor patches. This paper has proposed a statistical method to detect unknown variants of denial-of-service (DoS)/ distributed denial-of-service (DDoS) (high-volume) attacks. The proposed method is primarily divided into two modules: DoS/DDoS attack signature extraction and unknown variants of DoS/DDoS attack detection. A setup in laboratory of NITP is created to capture real-time traffic of six different variants of DoS or DDoS attacks with benign network traffic behavior, referred to as RTNITP24. Unique DoS/DDoS attack signatures are extracted by applying a Frequent-Pattern Growth (FP-Growth) algorithm using 71 % of RTNITP24 data having DoS/DDoS attack and benign traffic, assuming these signatures are primarily present in DoS/DDoS attack traffic but rarely in benign traffic. These signatures are stored in a high-volume attack (HVA) knowledge base (KB). Unknown variants of the DoS/DDoS (high-volume) attack detection module use an HVA knowledge base and pcap files of 29 % RTNITP24 and CICIDS2017 new data packets, which is not considered in the attack signature extraction module. Jaccard similarity score is computed between new data packets and attack signatures and scrutinizes the two main conditions: if similarity score of any of the signatures is greater than or equal to rule threshold or if the average similarity score of all the signatures is greater than or equal to the overall threshold. Packet is detected as malicious if any of aforementioned conditions are true. Otherwise, the packet is benign. Proposed model achieves high accuracy (91.66 % and 94.87 %) and low false alarm rates (5.32 % and 4.98 %) on RTNITP24 and CICIDS2017 datasets, respectively. Additionally, proposed model is compared to apriori-based rule extraction technique and current state-of-the-art methods, revealing that it outperforms both apriori-based and existing methods.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103996"},"PeriodicalIF":3.8,"publicationDate":"2025-02-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143232568","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Junyan Ouyang, Rui Han, Xiaojiang Zuo, Yunlai Cheng, Chi Harold Liu
{"title":"Accuracy-aware differential privacy in federated learning of large transformer models","authors":"Junyan Ouyang, Rui Han, Xiaojiang Zuo, Yunlai Cheng, Chi Harold Liu","doi":"10.1016/j.jisa.2025.103986","DOIUrl":"10.1016/j.jisa.2025.103986","url":null,"abstract":"<div><div>Federated learning with Differential privacy (DP-FL) allows distributed clients to collaboratively train a model by exchanging their model parameters with injected noises. Despite the great benefits in privacy protection, DP-FL still suffers from large noise that increases linearly with model size. Hence when applying large transformers in modern AI systems, DP-FL may cause severe accuracy degradation. The prior art either injects isotropic noises to all model parameters, or relies on empirical settings to vary noises injected in different model parts. In this paper, we propose AccurateDP to systematically leverage the distinct effects of noises on every unit of model accuracy to improve DP-FL performance. The key of AccurateDP is to support noise injection at multiple granularities to minimize accuracy variations in DP. Given a granularity and a privacy budget, AccurateDP further provides an automatic means to find the optimal noise injection setting and provides theoretical proofs for our approach. We implemented AccurateDP to support prevalent transformer models. Extensive evaluation against latest techniques shows AccurateDP increases accuracy by an average of 7.69% under the same privacy budget and gains more accuracy improvement (9.23%) when applied to large models.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103986"},"PeriodicalIF":3.8,"publicationDate":"2025-02-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143232382","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Jiabao Li , Hanlin Sun , Zhanfei Du , Yaxuan Wang , Ke Yuan , Chunfu Jia
{"title":"A generic cryptographic algorithm identification scheme based on ciphertext features","authors":"Jiabao Li , Hanlin Sun , Zhanfei Du , Yaxuan Wang , Ke Yuan , Chunfu Jia","doi":"10.1016/j.jisa.2025.103984","DOIUrl":"10.1016/j.jisa.2025.103984","url":null,"abstract":"<div><div>To assist relevant agencies in conducting security assessments of commercial cryptographic applications or establishing security monitoring and early warning mechanisms for cryptographic system, this paper proposes a generic cryptographic algorithm identification scheme based on ciphertext features and machine learning. The assessment agency generates a dataset with the information for testing and sends it to the testing server. Subsequently, the target agency server employs the cryptographic system to generate a ciphertext dataset, which is then transmitted to the testing server. By extracting features from the ciphertext and applying machine learning techniques, the cryptographic algorithms can be accurately identified on the testing server. Finally, the test results are generated and transmitted back to the assessment agency. This paper formally defines the scheme model and presents a detailed implementation. The scheme is primarily used in the security assessment of commercial cryptographic applications, allowing the assessment agency to analyze the obtained ciphertext files and determine whether the cryptographic algorithms meet specified requirements, as well as assess any potential risks. Notably, this approach avoids physical contact with cryptographic equipment and minimizes disruptions to the target agency’s normal operations during the assessment.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103984"},"PeriodicalIF":3.8,"publicationDate":"2025-02-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143170896","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"LDAC: A lightweight data access control scheme with constant size ciphertext in VSNs based on blockchain","authors":"Cien Chen, Yanli Ren, Chen Lin","doi":"10.1016/j.jisa.2025.103982","DOIUrl":"10.1016/j.jisa.2025.103982","url":null,"abstract":"<div><div>The vehicular social network (VSN) offers diverse services such as traffic management, data sharing, and safe driving. However, malicious users in VSNs may steal and tamper with shared data, which can bring about privacy leakage issues and even cause serious traffic accidents. The CP-ABE algorithm can effectively protect shared data in VSNs and enable one-to-many data sharing. However, it faces issues of high computational complexity and high ciphertext storage overhead. To ensure the security and confidentiality of shared data in VSNs, we propose a lightweight data access control scheme(LDAC) with constant size ciphertext based on blockchain, which greatly reduces the storage and computing overhead of vehicle users. Due to the presence of malicious users and outdated attributes in VSNs, the LDAC scheme supports user revocation and attribute revocation. The multi-authority CP-ABE algorithm is combined with blockchain to enable distributed key distribution and the verification of decrypted data integrity. Security analysis indicates that the security and confidentiality of shared data can be effectively protected by the LDAC scheme. Experimental results indicate that the LDAC scheme can realize more lightweight calculation while achieving constant size ciphertext in comparison to the previous schemes.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103982"},"PeriodicalIF":3.8,"publicationDate":"2025-02-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143170135","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Gang Han , Weiran Ma , Yinghui Zhang , Yuyuan Liu , Shuanggen Liu
{"title":"BSFL: A blockchain-oriented secure federated learning scheme for 5G","authors":"Gang Han , Weiran Ma , Yinghui Zhang , Yuyuan Liu , Shuanggen Liu","doi":"10.1016/j.jisa.2025.103983","DOIUrl":"10.1016/j.jisa.2025.103983","url":null,"abstract":"<div><div>Ensuring data security, privacy, and defense against poisoning attacks in 5G intelligent scheduling has become a critical research priority. To address this, this paper proposes BSFL, a verifiable and secure federated learning scheme resistant to poisoning attacks, integrating blockchain technology. This scheme fully leverages the high speed and low latency characteristics of 5G networks, enabling rapid scheduling and real-time processing of smart devices, thus providing robust data support for federated learning. By incorporating the decentralized, immutable, and transparent nature of blockchain, we design a blockchain-based federated learning framework that facilitates verification of feature results and comparison of data features among participants, ensuring the security and reliability of scheduling data. Moreover, it prevents denial-of-service attacks to a certain extent. Experimental results demonstrate that this scheme not only significantly improves the efficiency and accuracy of federated learning but also effectively mitigates the potential threat of poisoning attacks, providing a robust security guarantee for federated learning in 5G intelligent scheduling environments.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103983"},"PeriodicalIF":3.8,"publicationDate":"2025-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143232381","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Secure and incentivized V2G Participation with blockchain and game theory","authors":"R. Sasirega , S. Prakash","doi":"10.1016/j.jisa.2025.103975","DOIUrl":"10.1016/j.jisa.2025.103975","url":null,"abstract":"<div><div>The vehicle-to-grid (V2G) network is a transformative technology that enables electric vehicles (EVs) to interact with the power grid, enhancing grid stability and promoting the integration of renewable energy. This paper presents a secure and efficient V2G framework addressing key challenges, such as optimizing energy management and ensuring robust security. The proposed framework incorporates game theory-based scheduling for optimal EV charging and discharging, mutual authentication using ECC keys and hash functions for secure communication, and blockchain technology for transparent and tamper-proof data management. Experimental results demonstrate the framework's effectiveness in balancing the supply and demand of energy between EVs and the grid, optimizing production-consumption ratios, and improving grid interaction efficiency. The approach also enhances the economic benefits of V2G operations, improving EV selection probability and net utility, and demonstrating superior performance compared to existing techniques. These results highlight the framework's potential for secure, efficient, and cost-effective V2G integration.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103975"},"PeriodicalIF":3.8,"publicationDate":"2025-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143170133","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"PCPT and ACPT: Copyright protection and traceability scheme for DNN models","authors":"Xuefeng Fan , Dahao Fu , Hangyu Gui , Xiaoyi Zhou","doi":"10.1016/j.jisa.2025.103980","DOIUrl":"10.1016/j.jisa.2025.103980","url":null,"abstract":"<div><div>Deep neural networks (DNNs) have achieved tremendous success in artificial intelligence (AI) fields. However, DNN models can be easily illegally copied, redistributed, or abused by criminals, seriously damaging the interests of model inventors. Therefore, establishing a copyright protection and traceability mechanism to identify authorized users of a leaked model represents a novel challenge driven by the demand for artificial intelligence services. Because the existing traceability mechanisms are used for models without watermarks, a small number of false-positives are generated. Existing black-box active protection schemes have loose authorization control and are vulnerable to forgery attacks. Therefore, based on the idea of black-box neural network watermarking with the video framing and image perceptual hash algorithm, a passive copyright protection and traceability framework PCPT is proposed that uses an additional class of DNN models, improving the existing traceability mechanism that yields a small number of false-positives. Based on an authorization control strategy and image perceptual hash algorithm, a DNN model active copyright protection and traceability framework ACPT is proposed. This framework uses the authorization control center constructed by the detector and verifier. This approach realizes stricter authorization control, which establishes a strong connection between users and model owners, improves the framework security, and supports traceability verification.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103980"},"PeriodicalIF":3.8,"publicationDate":"2025-01-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143170134","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"General-purpose multi-user privacy-preserving outsourced k-means clustering","authors":"Jun Ye , Zhaowang Hu , Zhengqi Zhang","doi":"10.1016/j.jisa.2025.103976","DOIUrl":"10.1016/j.jisa.2025.103976","url":null,"abstract":"<div><div>Nowadays, there is a trend towards an incessant growth and complexity in the volume of data held by users. Clustering techniques in machine learning are becoming more and more important to help extract the value from big data. However, it is difficult for a single user to fully use large-scale data for clustering locally due to the restricted training resources and the lack of datasets. To address this problem, the multi-user collaborative clustering model has emerged as a viable solution for multi-user collaborative clustering by hosting the data on a cloud platform. Nevertheless, outsourced clustering may give rise to a series of privacy problems. In order to address these problems effectively, we propose a novel, secure and efficient outsourced k-means clustering scheme. This scheme uses partially homomorphic encryption techniques for cloud-based k-means clustering, which ensures that the cloud does not contain any private information, while simultaneously safeguarding the confidentiality of the database, data involved in the clustering process, clustering results and user information. Furthermore, a comparative analysis of our proposed scheme is conducted. These analyses demonstrate the security and practicality of our scheme.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103976"},"PeriodicalIF":3.8,"publicationDate":"2025-01-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143170902","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Parichehr Dadkhah , Parvin Rastegari , Mohammad Dakhilalian
{"title":"IoT-friendly certificateless signcryption schemes: Introducing a provably secure scheme in ROM","authors":"Parichehr Dadkhah , Parvin Rastegari , Mohammad Dakhilalian","doi":"10.1016/j.jisa.2025.103979","DOIUrl":"10.1016/j.jisa.2025.103979","url":null,"abstract":"<div><div>The Internet of Things (IoT) represents a significant technological advancement, bringing intelligence and comfort to our lives. Cryptographic tools can be employed to address the challenging security issues in IoT environments. However, conventional public key encryption and signature schemes are too resource-intensive for IoT devices with constrained hardware and software capabilities. A workable cryptographic solution for satisfying security in the IoT paradigm is certificateless signcryption (CL-SC) schemes, which eliminate the troublesome certificate management of certificate-based systems and the key escrow issue in identity-based systems simultaneously. In this work, we first analyze some recent CL-SC schemes, then build a secure, low-power CL-SC scheme to guarantee data security and efficiency in IoT environments. We prove the security of our proposed scheme in ROM and compare its efficiency with other current schemes, demonstrating that our approach yields lower computational and communication costs.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103979"},"PeriodicalIF":3.8,"publicationDate":"2025-01-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143170757","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Guodong Zhang , Tianyu Yao , Jiawei Qin , Yitao Li , Qiao Ma , Donghong Sun
{"title":"CodeSAGE: A multi-feature fusion vulnerability detection approach using code attribute graphs and attention mechanisms","authors":"Guodong Zhang , Tianyu Yao , Jiawei Qin , Yitao Li , Qiao Ma , Donghong Sun","doi":"10.1016/j.jisa.2025.103973","DOIUrl":"10.1016/j.jisa.2025.103973","url":null,"abstract":"<div><div>Software supply chain security is a critical aspect of modern computer security, with vulnerabilities being a significant threats. Identifying and patching these vulnerabilities promptly can significantly reduce security risks. Traditional detection methods cannot fully capture the complex structure of source code, leading to low accuracy. The neural network capacity limits machine learning-based methods, hindering effective feature extraction and impacting performance. In this paper, we propose a multi-feature fusion vulnerability detection technique called CodeSAGE. The method utilizes the Code Property Graph (CPG)<span><span><sup>1</sup></span></span> to comprehensively display multiple logical structural relationships in the source code and combine it with GraphSAGE to aggregate the information of neighboring nodes in CPG to extract local features of the source code. Meanwhile, a Bi-LSTM combined with the attention mechanism is utilized to capture long-range dependencies in the logical structure of the source code and extract global features. The attention mechanism is used to assign weights to the two features, which are then fused to represent the syntactic and semantic information of the source code for vulnerability detection. A method for simplifying the CPG is proposed to mitigate the impact of graph size on model runtime and reduce redundant feature information. Irrelevant nodes are removed by weighting different edge types and filtering nodes exceeding a certain threshold, reducing the CPG size. To verify the effectiveness of CodeSAGE, comparative experiments are conducted on the SARD and CodeXGLUE datasets. The experimental results show that the CPG size can be reduced by 25%–45% using the simplified method, with an average time reduction of 20% per training round. Detection accuracy reached 99.12% on the SARD dataset and 73.57% on the CodeXGLUE dataset, outperforming the comparison methods.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103973"},"PeriodicalIF":3.8,"publicationDate":"2025-01-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143170758","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}