Journal of Information Security and Applications最新文献_第9页

GMADV: An android malware variant generation and classification adversarial training framework GMADV：安卓恶意软件变体生成与分类对抗训练框架

IF 5.6 2区计算机科学

Journal of Information Security and Applications Pub Date : 2024-06-07 DOI: 10.1016/j.jisa.2024.103800

Shuangcheng Li , Zhangguo Tang , Huanzhou Li , Jian Zhang , Han Wang , Junfeng Wang

{"title":"GMADV: An android malware variant generation and classification adversarial training framework","authors":"Shuangcheng Li , Zhangguo Tang , Huanzhou Li , Jian Zhang , Han Wang , Junfeng Wang","doi":"10.1016/j.jisa.2024.103800","DOIUrl":"https://doi.org/10.1016/j.jisa.2024.103800","url":null,"abstract":"<div><p>Android malware uses anti-reverse analysis and APK shelling technology, which leads to the failure of the classification method based on decompiled features and the reduction of the classification accuracy based on single file features. Moreover, the lack of samples in some families of Android malware makes the classification model based on sample learning ineffective. To solve the above problems, this paper proposes a two-layer general framework for Android malware classification and adversarial training named GMADV, which enhances classifier performance through adversarial training. In the sample classification layer, based on the transformation method of the Markov model, it is proposed for the first time to convert the three files in the APK into RGB Markov images, and use VGG13 to automatically extract features and classification; In the variant amplification layer, the idea of \"regression for generation\" is firstly proposed, and GMM-GAN based on Gaussian process is designed to amplify the diversity of samples within the family. The experimental results show that RGB Markov images have better classification performance than grayscale images. On the three datasets, the classification effect after amplification has been improved to varying degrees, and all F1_Score reaches 95 %. Compared with other methods, GMADV has stronger family sample amplification ability and greater adversarial intensity.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"84 ","pages":"Article 103800"},"PeriodicalIF":5.6,"publicationDate":"2024-06-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141286568","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Digital image steganalysis using entropy driven deep neural network 利用熵驱动深度神经网络进行数字图像隐写分析

IF 5.6 2区计算机科学

Journal of Information Security and Applications Pub Date : 2024-06-07 DOI: 10.1016/j.jisa.2024.103799

Saurabh Agarwal , Ki-Hyun Jung

{"title":"Digital image steganalysis using entropy driven deep neural network","authors":"Saurabh Agarwal , Ki-Hyun Jung","doi":"10.1016/j.jisa.2024.103799","DOIUrl":"https://doi.org/10.1016/j.jisa.2024.103799","url":null,"abstract":"<div><p>Context-aware steganography techniques are quite popular due to their robustness. However, steganography techniques are misused to hide inappropriate information in some occurrences. In this paper, a new entropy-driven convolutional neural network is proposed to detect a stego-image. The proposed steganalysis method divides images into multiple sub-regions, and the highest entropy sub-regions are utilized for training the network. Small block size is used to eliminate the requirement of a pooling layer and to intact the flow of information content between the layers. A pooling layer is commonly used between the layers to reduce the size of the block at the cost of some information loss. The proposed method uses only sixteen non-trainable 3 × 3 size kernels, rather than thirty 3 × 3 and 5 × 5 size kernels used in the previous networks. In the proposed method, one global average pooling layer is considered to boost the performance at the last part of the network. The proposed method reduces the computational cost and improves detection accuracy. The proposed scheme is verified in the experimental analysis on the content-aware steganography algorithms, i.e., WOW, S-UNIWARD, and HILL, with multiple payloads. Two publicly available databases, i.e., BOWS2 and BOSSBase, are used to create numerous test scenarios.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"84 ","pages":"Article 103799"},"PeriodicalIF":5.6,"publicationDate":"2024-06-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141286569","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Corrigendum to “An extended Attribute-based access control with controlled delegation in IoT” [Journal of Information Systems and Applications 76 (2023) 103473] 基于属性的扩展访问控制与物联网中的受控授权》更正[信息系统与应用期刊 76 (2023) 103473]

IF 5.6 2区计算机科学

Journal of Information Security and Applications Pub Date : 2024-06-01 DOI: 10.1016/j.jisa.2024.103745

Saher Tegane , Khaled Hamouid , Mawloud Omar , Fouzi Semchedine , Abdelmalek Boudries

引用次数: 0

Auth4App: Streamlining authentication for integrated cyber–physical environments Auth4App：简化集成网络物理环境的身份验证

IF 5.6 2区计算机科学

Journal of Information Security and Applications Pub Date : 2024-06-01 DOI: 10.1016/j.jisa.2024.103802

Vagner Ereno Quincozes , Rodrigo Brandão Mansilha , Diego Kreutz , Charles Christian Miers , Roger Immich

{"title":"Auth4App: Streamlining authentication for integrated cyber–physical environments","authors":"Vagner Ereno Quincozes , Rodrigo Brandão Mansilha , Diego Kreutz , Charles Christian Miers , Roger Immich","doi":"10.1016/j.jisa.2024.103802","DOIUrl":"https://doi.org/10.1016/j.jisa.2024.103802","url":null,"abstract":"<div><p>The growing integration of mobile applications for user authentication has revolutionized user interactions with digital platforms, offering novel possibilities in user experience (UX). However, this paradigm shift poses significant security challenges. Leveraging smartphones for authentication purposes provides convenient and swift access to services, streamlining user interactions with various platforms through simple taps. Several institutions adopt static QR Codes generated from primary, unchanging user data (e.g., individual citizen national identification numbers) for physical authentication procedures like access turnstiles. However, relying on static data introduces critical security vulnerabilities as this data is susceptible to compromise. Implementing an One-Time Authentication Code (OTAC) approach appears promising in addressing these issues. Nevertheless, the absence of an integrated solution for developing a physical authentication process using OTAC leads to suboptimal API user experiences (UX APIs) and subsequent security vulnerabilities. In response to this challenge, we introduce Auth4App, a protocol set designed for identification and authentication using mobile applications. Auth4App comprises two core protocols: one dedicated to linking user credentials to mobile devices (i.e., identification), and the other for generating OTAC. We showcase the adaptability and practicality of Auth4App through three distinct case studies: a mobile-only scenario, integration of mobile devices with a turnstile, and integration of Auth4App with FIDO2. To ensure the robustness of the security protocols, Auth4App is evaluated using automated verification tools and argument proofs, solidifying the system’s reliability.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"83 ","pages":"Article 103802"},"PeriodicalIF":5.6,"publicationDate":"2024-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141240092","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A Pairing-free Dynamic Multi-receiver Certificateless Authenticated Searchable Encryption for cloud storage 一种用于云存储的无配对动态多接收器无证书认证可搜索加密技术

IF 5.6 2区计算机科学

Journal of Information Security and Applications Pub Date : 2024-06-01 DOI: 10.1016/j.jisa.2024.103801

Venkata Bhikshapathi Chenam, Syed Taqi Ali

{"title":"A Pairing-free Dynamic Multi-receiver Certificateless Authenticated Searchable Encryption for cloud storage","authors":"Venkata Bhikshapathi Chenam, Syed Taqi Ali","doi":"10.1016/j.jisa.2024.103801","DOIUrl":"https://doi.org/10.1016/j.jisa.2024.103801","url":null,"abstract":"<div><p>In the current age of constrained local storage capacity, ensuring the security and privacy of user data against unauthorized third-party access has grown significantly more vital. Searchable Encryption (SE) has arisen as a promising method for preserving the confidentiality of user data while also enabling efficient search capabilities. Certificateless Searchable Encryption (CLSE) stands out among a range of SE cryptosystems by effectively addressing issues related to certification management and key escrow. Nevertheless, the majority of current CLSE approaches heavily depend on computationally intensive bilinear pairings and do not offer robust support for conjunctive keyword searches in multi-receiver scenarios. To address these limitations, we propose a Pairing-free Dynamic Multi-receiver Certificateless Authenticated Searchable Encryption (PDMCLASE) scheme. PDMCLASE focuses on three essential features: (1) Dynamic multi-receiver functionality, enabling new data receivers to access documents while revoking access for existing receivers; (2) Conjunctive subset keyword search, empowering data receivers to perform efficient conjunctive searches on subsets of keywords; and (3) Data sender authentication, ensuring the authenticity of keyword encryption by the data sender. Furthermore, PDMCLASE attains keyword privacy by leveraging elliptic curve hardness problems within the standard model. Through our performance analysis, we establish that PDMCLASE not only delivers improved functionality but also demonstrates reduced computational overhead when compared to alternative schemes.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"83 ","pages":"Article 103801"},"PeriodicalIF":5.6,"publicationDate":"2024-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141249905","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Enhancing robustness in video data hiding against recompression with a wide parameter range 在宽参数范围内增强视频数据隐藏对重新压缩的稳健性

IF 5.6 2区计算机科学

Journal of Information Security and Applications Pub Date : 2024-05-29 DOI: 10.1016/j.jisa.2024.103796

Yanli Chen , Asad Malik , Hongxia Wang , Ben He , Yonghui Zhou , Hanzhou Wu

{"title":"Enhancing robustness in video data hiding against recompression with a wide parameter range","authors":"Yanli Chen , Asad Malik , Hongxia Wang , Ben He , Yonghui Zhou , Hanzhou Wu","doi":"10.1016/j.jisa.2024.103796","DOIUrl":"https://doi.org/10.1016/j.jisa.2024.103796","url":null,"abstract":"<div><p>With the exponential growth of online videos and the availability of advanced video editing tools, the integrity of videos is increasingly threatened by various cyber-based attacks, particularly recompression attacks. Different recompression parameters are used for various attack scenarios. However, recompression operations can modify video data and cause authentication failures, especially for videos with integrated authentication information. To address this issue, this research proposes a robust video data concealing strategy to protect authentication information during recompression operations. By analyzing the impact of recompression on the reference and encoded components of a video, a robust embedding entity is developed. This entity enables the identification of suitable embedding parameters that minimize distortion caused by recompression. Based on the embedding entity and parameters, a scheme is proposed to hide data using two embedding methods, thereby enhancing the robustness of the overall approach. The performance of the scheme is evaluated based on criteria such as the correct rate of extracted information and the quality of marked videos. Hypothesis testing is employed to assess the confidence level. In comparison to existing robust video data hiding methods against recompression, our scheme demonstrates the ability to preserve more information during recompression, particularly with Quantization Parameters (QP) ranging from 25 to 34. This is achieved when the test videos are initially compressed with QP=28.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"83 ","pages":"Article 103796"},"PeriodicalIF":5.6,"publicationDate":"2024-05-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141164118","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

ZeroMT: Towards Multi-Transfer transactions with privacy for account-based blockchain ZeroMT：为基于账户的区块链实现具有隐私性的多重转账交易

IF 5.6 2区计算机科学

Journal of Information Security and Applications Pub Date : 2024-05-29 DOI: 10.1016/j.jisa.2024.103794

Emanuele Scala , Changyu Dong , Flavio Corradini , Leonardo Mostarda

{"title":"ZeroMT: Towards Multi-Transfer transactions with privacy for account-based blockchain","authors":"Emanuele Scala , Changyu Dong , Flavio Corradini , Leonardo Mostarda","doi":"10.1016/j.jisa.2024.103794","DOIUrl":"https://doi.org/10.1016/j.jisa.2024.103794","url":null,"abstract":"<div><p>The public blockchain lacks data confidentiality. Although a level of anonymity seems guaranteed, it is still possible to link transactions and disclose related information. A solution to the privacy problem is to use cryptography in transactions, however this can lead to increased costs and slowdown in network throughput. Recent works experiment with advanced cryptography, in particular Zero-Knowledge proofs (ZK-proofs) can be supplied within a transaction to prove its validity, without revealing sensitive information. We analyze solutions that adopt ZK-proofs, such as Confidential Transactions (CTs). Several challenges emerge depending on both the zero-knowledge system and the balance model considered (UTXO, hybrid or account model). For ZK-proofs, systems that do not introduce additional trust are required. On the other hand, the account model is the most flexible for addressing security challenges. Moreover, CTs do not fully exploit the potential of ZK-proofs, since each transaction comes with one or more ZK-proof for a single transfer. Within this paper, we present ZeroMT, a novel <em>multi-transfer</em> private payment scheme for account-based blockchains. Drawing inspiration from Zether, our approach extends their work to develop a payment model that supports multiple payees within a single transaction. This also benefits scalability: ZeroMT enriches the CTs with the aggregation property, i.e., the batch verification of multiple transfers from a single and aggregate proof. We show that in our extended model the overdraft-safety and privacy security properties still hold. We provide an implementation and evaluation of ZeroMT, which shows the benefits of aggregating multiple transfers.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"83 ","pages":"Article 103794"},"PeriodicalIF":5.6,"publicationDate":"2024-05-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S2214212624000978/pdfft?md5=4c1ef252f50a68b5e8dc876f81b4fde6&pid=1-s2.0-S2214212624000978-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141164526","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A novel DNA tree-based chaotic image encryption algorithm 基于 DNA 树的新型混沌图像加密算法

IF 5.6 2区计算机科学

Journal of Information Security and Applications Pub Date : 2024-05-28 DOI: 10.1016/j.jisa.2024.103791

Moatsum Alawida

{"title":"A novel DNA tree-based chaotic image encryption algorithm","authors":"Moatsum Alawida","doi":"10.1016/j.jisa.2024.103791","DOIUrl":"https://doi.org/10.1016/j.jisa.2024.103791","url":null,"abstract":"<div><p>For confidential transmission of information over open channels, image encryption algorithms offer a vital method to safeguard content. Traditional ciphers often prove inefficient for large, correlated content like digital images. To address this, DNA and digital chaos are utilized in the creation of numerous image ciphers. Most DNA chaotic image ciphers utilize DNA bases for substitution and chaotic maps for permutation operations. This paper introduces a novel approach wherein the secret key is generated by a DNA tree, providing complete control over all components of the image cipher. A new chaotic state machine map (CSMM) is proposed, incorporating a finite state machine and a one-dimensional (1D) perturbed logistic chaotic map controlled by a DNA state transition table. The CSMM enhances security while maintaining efficient implementation. The DNA tree is employed to generate a DNA table consisting of 256 values representing DNA bases. This table is used to convert digital images into DNA bases and chaotic points into DNA bases. Chaotic DNA bases facilitate permutation operations, while the DNA table is utilized to generate a DNA S-box for substitution operations. The encryption process involves two rounds of permutations and substitutions, coupled with XOR operations, using all DNA bases in the digital image. The resulting cipher effectively encrypts digital images of various sizes and types. Experimental results demonstrate that the proposed cipher generates noise-like images and withstands rigorous security tests, including differential attack analysis and entropy measurements, all accomplished in a short amount of time.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"83 ","pages":"Article 103791"},"PeriodicalIF":5.6,"publicationDate":"2024-05-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141164525","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Preserving manipulated and synthetic Deepfake detection through face texture naturalness 通过人脸纹理的自然性来保护人工合成的 Deepfake 检测结果

IF 5.6 2区计算机科学

Journal of Information Security and Applications Pub Date : 2024-05-25 DOI: 10.1016/j.jisa.2024.103798

Chit-Jie Chew, Yu-Cheng Lin, Ying-Chin Chen, Yun-Yi Fan, Jung-San Lee

{"title":"Preserving manipulated and synthetic Deepfake detection through face texture naturalness","authors":"Chit-Jie Chew, Yu-Cheng Lin, Ying-Chin Chen, Yun-Yi Fan, Jung-San Lee","doi":"10.1016/j.jisa.2024.103798","DOIUrl":"https://doi.org/10.1016/j.jisa.2024.103798","url":null,"abstract":"<div><p>With the rapid development of deep learning and face recognition technology, AI(Artificial Intelligence) experts have rated Deepfake cheating as the top AI threat. It is difficult for the human eye to distinguish the fake face images generated by Deepfake. Therefore, it has become a popular tool for criminals to seek benefits. Deepfake can be mainly divided into two types, a manipulated Deepfake that falsifies images of others by targeting real faces, and a synthetic Deepfake using GAN to generate a new fake image. So far, seldom cybersecurity system is able to detect these two types simultaneously. In this article, we aim to propose a hybrid Deepfake detection mechanism (HDDM) based on face texture and naturalness degree. HDDM constructs a unique texture from a facial image based on CNN(Convolutional Neural Network) and builds a naturalness degree recognition model via DNN(Deep Neural Network) to help cheating detection. Experimental results have proved that HDDM possesses a sound effect and stability for synthetic and manipulated Deepfake attacks. In particular, the WildDeepfake simulation has demonstrated the possibility of applying HDDM to the real world.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"83 ","pages":"Article 103798"},"PeriodicalIF":5.6,"publicationDate":"2024-05-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141097746","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

GR-NTRU: Dihedral group over ring of Eisenstein integers GR-NTRU：爱森斯坦整数环上的二面群

IF 5.6 2区计算机科学

Journal of Information Security and Applications Pub Date : 2024-05-24 DOI: 10.1016/j.jisa.2024.103795

Vikas Kumar , Rohan Das , Aditi Kar Gangopadhyay

引用次数: 0