{"title":"MLAF-VD: A vulnerability detection model based on multi-level abstract features","authors":"Qinghao Li, Wei Liu, Yisen Wang, Weiyu Dong","doi":"10.1016/j.jisa.2025.104189","DOIUrl":"10.1016/j.jisa.2025.104189","url":null,"abstract":"<div><div>As key factors that threaten software security, software vulnerabilities need to be effectively detected. In recent years, with the prosperity of deep learning technology, the academic community has witnessed the emergence of numerous software vulnerability detection methods based on deep learning. These methods usually use different-level abstract features such as code snippets, AST, or CFG as feature representations of vulnerability samples, and then feed them into neural networks to learn patterns of the vulnerabilities. However, these abstract features lack direct relevance to vulnerability detection (i.e., they are not specifically designed for vulnerability detection), which makes it difficult for these abstract features to represent the vulnerability semantics accurately. In addition, single-level abstract features face challenges in comprehensively reflecting code information. In this paper, we propose a semantic-level danger structure graph (DSG), which aims to represent the semantic part of the code that is related to the vulnerability. A graph neural network with global attention, Global-GAT, is also proposed to capture the global dependencies of the graph representation. Based on DSG and Global-GAT, we propose a vulnerability detection model based on multi-level abstract features, named MLAF-VD. MLAF-VD learns the sequence-level, structure-level, and semantic-level abstract features of the code with multiple attention mechanisms, and alleviates the influence of noise information through a denoising module. We evaluate MLAF-VD on 3 representative public datasets, and the results show that MLAF-VD outperforms the best baseline methods by 4.88%, 7.40%, and 12.60% in terms of F1-Score, respectively. In practical applications, MLAF-VD detects 20 N-Day vulnerabilities from 6 open-source projects, demonstrating its effectiveness in detecting software vulnerabilities.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104189"},"PeriodicalIF":3.7,"publicationDate":"2025-08-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144829717","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Sana Said, JalelEddine Hajlaoui, Mohamed Nazih Omri
{"title":"New privacy-respecting access control-based approach for data placement in an Internet of Things environment","authors":"Sana Said, JalelEddine Hajlaoui, Mohamed Nazih Omri","doi":"10.1016/j.jisa.2025.104192","DOIUrl":"10.1016/j.jisa.2025.104192","url":null,"abstract":"<div><div>The future internet landscape is increasingly dependent on social networks and the Internet of Things (IoT), leveraging diverse communication technologies. While early internet usage primarily involved web browsing, multimedia services, and social networking, the rapid proliferation of the IoT has made data confidentiality and security paramount. This paper presents a novel approach that integrates Formal Concept Analysis (FCA) with Role-Based Access Control (RBAC) to strengthen access control and optimize data confidentiality in IoT environments. Our proposed <strong>D</strong>ata <strong>P</strong>lacement in IoT using <strong>P</strong>rivacy-respecting <strong>A</strong>ccess <strong>C</strong>ontrol (DPPAC) framework addresses two critical challenges: minimizing unauthorized access risks and ensuring robust data confidentiality through optimal security component placement. A comprehensive evaluation demonstrates DPPAC’s superiority over traditional RBAC and FCA methods across key metrics, including Authorization Rate (AR), Rejection Rate (RR), Precision, Recall, and <span><math><msub><mrow><mi>F</mi></mrow><mrow><mtext>measure</mtext></mrow></msub></math></span>. Experimental results show that DPPAC achieves significantly higher AR and lower RR compared to traditional approaches, confirming its enhanced security capabilities.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104192"},"PeriodicalIF":3.7,"publicationDate":"2025-08-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144829712","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Ao Liu , Jing Chen , Shixiong Yao , Kun He , Ruiying Du
{"title":"An auditable and privacy-preserving user-controllable group signature scheme in blockchain","authors":"Ao Liu , Jing Chen , Shixiong Yao , Kun He , Ruiying Du","doi":"10.1016/j.jisa.2025.104181","DOIUrl":"10.1016/j.jisa.2025.104181","url":null,"abstract":"<div><div>In recent years, the rapid development of Internet information technology has also brought about numerous challenges, with one of the most prominent being data security. In current information systems, platforms control critical data but rely on centralized architectures. As a result, data usage cannot be effectively monitored, leading to issues such as insecure storage and privacy breaches, which are especially critical in financial transaction systems. In this paper, we propose and implement a group signature model based on user behavior. This model maps privacy preservation levels to users’ transaction amounts, achieving a dynamic and user-perceivable multi-level privacy preservation mechanism. As users’ transaction amounts increase, the privacy preservation level of the group signature gradually enhances, allowing authorized parties to reveal more user privacy information. The proposed scheme achieves a balance between user privacy preservation and regulatory, offering a more flexible solution for modern Internet trading systems. To validate the practicality of this group signature, we developed a blockchain-based knowledge payment platform to address issues of data abuse and data leakage in existing knowledge payment platforms. Security and performance analyses confirm the practicality and effectiveness of the proposed scheme.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104181"},"PeriodicalIF":3.7,"publicationDate":"2025-08-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144809657","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Lightweight representation learning for network traffic towards malicious traffic detection in edge devices","authors":"Kumar Anurupam , Karthick Seshadri","doi":"10.1016/j.jisa.2025.104186","DOIUrl":"10.1016/j.jisa.2025.104186","url":null,"abstract":"<div><div>With the rapid increase in the number of connected devices in the Internet of Things (IoT) environment, their exposure to threats has increased significantly. The attackers can launch sophisticated attacks on these networks more frequently due to the ease of availability of computing facilities. The devices in the IoT network have limited computational power, storage capacity, and hardware capability, making it challenging to secure them using traditional approaches. Over the years, many machine learning and deep learning-based approaches have been proposed to classify the traffic flowing through the edge devices, but the models have their limitations, such as slow detection of the attacks because of the limited computational power of these devices, thereby rendering parameter-heavy models infeasible to be run on such devices. To overcome this, we propose a structure learning algorithm to create a model whose structure learning is done using correlation analysis and PCA, then is optimized using parent divorcing and Sequential least squares programming, thereby creating a model that exhibits high performance despite being lean with respect to the number of parameters. The chosen features’ relevance for each attack is also validated via qualitative mapping and domain logic. The generated model, evaluated using UNSW-NB15 and TON-IoT datasets, outperformed several state-of-the-art models to classify malicious traffic, especially in terms of inference time and model size. Despite its resource efficiency, it shows comparable results in terms of accuracy, recall, precision, and F1 score with other baseline models.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104186"},"PeriodicalIF":3.7,"publicationDate":"2025-08-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144887586","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Tomás Pelayo-Benedet , Ricardo J. Rodríguez , Carlos H. Gañán
{"title":"The machines are watching: Exploring the potential of Large Language Models for detecting Algorithmically Generated Domains","authors":"Tomás Pelayo-Benedet , Ricardo J. Rodríguez , Carlos H. Gañán","doi":"10.1016/j.jisa.2025.104176","DOIUrl":"10.1016/j.jisa.2025.104176","url":null,"abstract":"<div><div>Algorithmically Generated Domains (AGDs) are integral to many modern malware campaigns, allowing adversaries to establish resilient command and control channels. While machine learning techniques are increasingly employed to detect AGDs, the potential of Large Language Models (LLMs) in this domain remains largely underexplored. In this paper, we examine the ability of nine commercial LLMs to identify malicious AGDs, without parameter tuning or domain-specific training. We evaluate zero-shot approaches and few-shot learning approaches, using minimal labeled examples and diverse datasets with multiple prompt strategies. Our results show that certain LLMs can achieve detection accuracy between 77.3% and 89.3%. In a 10-shot classification setting, the largest models excel at distinguishing between malware families, particularly those employing hash-based generation schemes, underscoring the promise of LLMs for advanced threat detection. However, significant limitations arise when these models encounter real-world DNS traffic. Performance degradation on benign but structurally suspect domains highlights the risk of false positives in operational environments. This shortcoming has real-world consequences for security practitioners, given the need to avoid erroneous domain blocking that disrupt legitimate services. Our findings underscore the practicality of LLM-driven AGD detection, while emphasizing key areas where future research is needed (such as more robust warning design and model refinement) to ensure reliability in production environments.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104176"},"PeriodicalIF":3.7,"publicationDate":"2025-08-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144809641","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Samuel Wairimu , Leonardo Horn Iwaya , Lothar Fritsch , Stefan Lindskog
{"title":"Understanding practitioner perspectives on using privacy harm categories for privacy risk assessment","authors":"Samuel Wairimu , Leonardo Horn Iwaya , Lothar Fritsch , Stefan Lindskog","doi":"10.1016/j.jisa.2025.104174","DOIUrl":"10.1016/j.jisa.2025.104174","url":null,"abstract":"<div><div>Privacy Impact Assessments (PIAs), also known as Data Protection Impact Assessments (DPIAs) under the EU GDPR, and Privacy Risk Assessments (PRAs) have emerged as prominent privacy engineering methodologies, aiding developers and data controllers to systematically identify privacy risk and assign appropriate controls. As part of such methodologies, the concept of privacy harms has been proposed as a valuable, well-structured taxonomy that contributes to the rationalization and justification of assessment decisions made by practitioners. While some PRA methodologies include privacy harms, the impact of these inclusions based on practitioners’ perspectives remains largely unexplored. Hence, this study investigates whether evaluating predefined privacy harm categories, i.e., physical, psychological, financial/economic, reputational, and societal harms, can improve PRA outcomes by exploring PIA/DPIA and PRA practitioners’ perspectives. Using semi-structured interviews, including a workable PRA exercise, opinions and perspectives on privacy harms were elicited and analyzed following a reflexive thematic analysis. In total, 17 privacy practitioners were interviewed, revealing a range of positive (e.g., informative, educational) and negative (e.g., misleading, too broad) opinions on evaluating privacy harm categories. Further results indicate a lack of a standardized definition of privacy harm. In addition, participants noted that privacy harms are highly context-dependent and vary based on the data subject; hence, resulting in difficulty quantifying. Nevertheless, privacy harms are a critical addition to PIA/DPIA and PRA methodologies, supporting more rationalized and justifiable decisions when assessing risk, severity, and implementing mitigating controls. Yet, some prioritization of harm categories is advisable to efficiently allocate time and resources for assessment.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104174"},"PeriodicalIF":3.7,"publicationDate":"2025-08-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144779861","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Dinh Linh Hoang , Thi Luong Tran , Van Long Nguyen
{"title":"New proofs for pseudorandomness of HMAC-based key derivation functions (RFC 5869)","authors":"Dinh Linh Hoang , Thi Luong Tran , Van Long Nguyen","doi":"10.1016/j.jisa.2025.104179","DOIUrl":"10.1016/j.jisa.2025.104179","url":null,"abstract":"<div><div>The key derivation function (KDF) is crucial in cryptographic systems, aiming to derive an initial key source, which may lack even randomness or be partially known to attackers, and generate secure secret keys. The HMAC-based key derivation function (HKDF), built on HMAC, is claimed to have Pseudo-Random Bit Generator (PRBG) properties, though no formal proof exists in current literature. This paper conducts a comprehensive analysis and evaluation of the pseudo-randomness within the HKDF key derivation scheme, as specified in RFC 5869. We demonstrate that the HKDF scheme attains PRBG properties under the assumption that either the input salt or the Initial Keying Material (IKM) is random, and we further assume the underlying HMAC function is a Pseudo-Random Function (PRF). Additionally, we present results showcasing the pseudo-randomness in an extended scenario where HKDF is required to generate a large number of keys. Specifically, we perform various experimental evaluations of the randomness of the HKDF scheme based on statistical standards outlined in NIST SP 800-22. Finally, a sensitivity evaluation of HKDF is conducted, revealing that a change of 1 bit in the IKM input results in an approximate 50% change in the number of bits in the derived key (OKM). This outcome signifies the robust randomness and high sensitivity of the HKDF. Our findings not only offer novel proof confirming the pseudo-randomness of HKDF but also enhance the overall security of the algorithm.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104179"},"PeriodicalIF":3.7,"publicationDate":"2025-08-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144770934","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Verifiable keyword searchable encryption with enhanced security using aggregate key in blockchain-based smart healthcare","authors":"Jiajun Wang , Sha Ma , Qiong Huang","doi":"10.1016/j.jisa.2025.104173","DOIUrl":"10.1016/j.jisa.2025.104173","url":null,"abstract":"<div><div>In the field of smart healthcare, Electronic health records (EHRs) play a key role in storing patient data. Typically, EHRs stored in different medical institutions are encrypted to protect the privacy of patients.When conducting searches and transmissions of EHRs between various medical institutions to improve medical collaboration, it is crucial to ensure the accuracy and correctness of the search results, as well as the security during the transmission process to protect patient data privacy. Unfortunately existing search technologies over encrypted EHRs in smart healthcare fail to simultaneously satisfy the accuracy of the search, verification of the search results, and the ability to resist attacks from internal and external adversaries. Consequently, we propose a novel verifiable keyword searchable encryption with enhanced security (ES-VKSE) scheme to cater to the search requirements in the context of smart healthcare. Our proposed ES-VKSE scheme implements multi-keyword searchable encryption, which makes the document search more flexible while not revealing the information of the document. Besides, our proposed scheme not only ensures the verification of search results for fair interaction among multiple parties, but also proves to be resistant to colluding attacks and trapdoor forging attacks. Extensive experimental evaluation demonstrates that our scheme significantly improves the search efficiency by 98%. Notably, during the verification phase, our scheme required only 6.35 s to process 50 documents with 11 keywords each. This substantial improvement in search and verification efficiency makes it an ideal solution for real-time EHRs retrieval in smart healthcare systems.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104173"},"PeriodicalIF":3.7,"publicationDate":"2025-08-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144779862","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"D2DSec: An efficient quantum-safe authentication scheme for secure in coverage Device-to-Device communication in 5G networks","authors":"Ponjit Borgohain, Hiten Choudhury","doi":"10.1016/j.jisa.2025.104178","DOIUrl":"10.1016/j.jisa.2025.104178","url":null,"abstract":"<div><div>Device-to-Device (D2D) communication in a 5G network offers direct interaction between devices in close vicinity, bypassing the need for 5G network infrastructure for user data transmission. This approach enhances network performance by reducing traffic on the 5G core network, extending coverage, and minimizing communication latency. D2D communication is classified into three use-case scenarios based on the network’s coverage: In-coverage, Relay coverage, and Out-of-coverage. In the In-coverage scenario, both communicating devices operate in the network’s coverage area. As D2D communication gains increasing attention, the need for a secure authentication and key agreement scheme becomes paramount. While public key infrastructure (PKI) solutions, such as RSA and ECC, are widely used, they are vulnerable to quantum attacks, particularly Shor’s algorithm. To address this challenge, we propose a lightweight authentication and key agreement scheme. The significance of the proposal is that it enhances resistance to quantum attacks by leveraging symmetric key techniques and the SHA3-512 hash function, offering robustness against Grover’s algorithm and avoiding vulnerabilities associated with Shor’s algorithm. This ensures a higher level of security in anticipation of emerging quantum threats, given the rapid advancements in quantum computing. Validation through BAN logic and AVISPA confirms the scheme’s resilience against various threats, while performance analysis highlights its efficiency with minimal computation and communication overhead. The computation overhead of the devices is measured at 931.04 ms for the Arduino Uno Rev 3, 37.14 ms for the ESP8266, and 2.96 ms for the Raspberry Pi 4, while the communication overhead is measured to be 7920 bits.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104178"},"PeriodicalIF":3.7,"publicationDate":"2025-08-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144770933","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Reversible data hiding in encrypted images based on bidirectional encoding for payload enhancing","authors":"Cheng-Ta Huang , Thi Thu-Ha Dang , Chi-Yao Weng","doi":"10.1016/j.jisa.2025.104183","DOIUrl":"10.1016/j.jisa.2025.104183","url":null,"abstract":"<div><div>Reversible data hiding in encrypted images (RDHEI) has received substantial attention as a pivotal research domain in the field of secure data embedding. This paper presents a novel RDHEI approach using bidirectional flag encoding. Our method substantially enhances embedding capacity while ensuring both lossless image recovery and accurate extraction of hidden data. The original image is processed using a hybrid prediction model to derive prediction error values. Subsequently, the image undergoes encryption through a combination of a stream cipher technique and block scrambling to guarantee robust security. Finally, the bidirectional flag encoding technique is employed to vacate the room for data embedding. By leveraging spatial correlation among pixels, this scheme achieves an improved embedding rate. Experimental evaluations reveal that the proposed method achieves an enhanced payload capacity in comparison to existing state-of-the-art RDHEI techniques. The average embedding rates on datasets of BOSSbase and BOWS-2 are 3.76 bpp and 3.37 bpp, respectively.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104183"},"PeriodicalIF":3.7,"publicationDate":"2025-07-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144738697","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}