Mingjun Ma , Tiantian Zhu , Jie Ying , Yu Cheng , Jiayuan Chen , Jian-Ping Mei , Xue Leng , Xiangyang Zheng , Zhengqiu Weng
{"title":"ThreatCog: An adaptive and lightweight mobile user authentication system with enhanced motion sensory signals","authors":"Mingjun Ma , Tiantian Zhu , Jie Ying , Yu Cheng , Jiayuan Chen , Jian-Ping Mei , Xue Leng , Xiangyang Zheng , Zhengqiu Weng","doi":"10.1016/j.jisa.2025.104142","DOIUrl":"10.1016/j.jisa.2025.104142","url":null,"abstract":"<div><div>The widespread adoption of mobile applications has driven the development of various user authentication methods for mobile devices. Recently, motion sensor-based mobile user authentication methods have been introduced to offer point-of-entry authentication by utilizing passive sensor data without requiring user interaction. Nonetheless, existing methods based on motion sensor signals face several challenges: (1) inadequate processing of motion sensor data, leading to inaccurate user behavior feature extraction, (2) insufficient capability to capture common user behaviors, and (3) high data requirements and retraining efforts needed when adding new users.</div><div>In this paper, we introduce ThreatCog, a lightweight and adaptive mobile user authentication system that enhances the utilization of motion sensory signals, including accelerometers, gyroscopes, and gravity sensors. To address the first challenge, our method uses signal enhancement technique to make user behavior features more prominent in the data. For the second challenge, during training, the system employs an attention mechanism to extract common behavioral characteristics across users, allowing effective authentication without the need to differentiate between various user behavior contexts. Finally, to overcome the third challenge, the system uses few-shot learning to support new users, validating authentication effectiveness through n-shot testing, where only a small number of samples are required during the registration phase. Extensive experiments on mobile devices demonstrate that ThreatCog enables fast and accurate user authentication. Notably, ThreatCog achieves an impressive 98% accuracy, outperforming SOTA systems.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104142"},"PeriodicalIF":3.8,"publicationDate":"2025-07-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144588386","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Jiale Liao , Huanyu Wang , Junnian Wang , Yun Tang
{"title":"Switch-T: A novel multi-task deep-learning network for cross-device side-channel attack","authors":"Jiale Liao , Huanyu Wang , Junnian Wang , Yun Tang","doi":"10.1016/j.jisa.2025.104146","DOIUrl":"10.1016/j.jisa.2025.104146","url":null,"abstract":"<div><div>Side-Channel Analysis has become a realistic threat to cryptographic implementations, particularly with advances in deep-learning techniques. A well-trained neural network can typically make the attack several orders of magnitude more efficient than conventional signal processing approaches. However, like all profiled methods, most existing deep-learning SCAs frameworks require adversaries to develop dedicated models for the specific target device, which complicates the execution of these attacks. In this paper, we propose a Transformer-based neural network, called Switch-T, for multi-task attacks. By collaboratively employing the Elastic Weight Consolidation (EWC) mechanism with a multi-task structure, the model is feasible to learn sensitive data-dependent features of power and EM traces from devices with different core architectures and PCB layout. We experimentally show that the Switch-T model can effectively compromise different implementations of AES. Furthermore, we investigate to which extent the training order of profiling devices can affect the attack efficiency of the model and discuss the impact of hyper-parameter settings in the EWC mechanism.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104146"},"PeriodicalIF":3.8,"publicationDate":"2025-07-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144588387","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Khanh Luong , Arash Mahboubi , Geoff Jarrad , Seyit Camtepe , Michael Bewong , Mohammed Bahutair , Hamed Aboutorab , Hang Thanh Bui
{"title":"ConceptUML: Multiphase unsupervised threat detection via latent concept learning, Hidden Markov Models and topic modelling","authors":"Khanh Luong , Arash Mahboubi , Geoff Jarrad , Seyit Camtepe , Michael Bewong , Mohammed Bahutair , Hamed Aboutorab , Hang Thanh Bui","doi":"10.1016/j.jisa.2025.104160","DOIUrl":"10.1016/j.jisa.2025.104160","url":null,"abstract":"<div><div>Detecting lateral movement threats in large-scale system logs is a critical challenge due to the scarcity of labelled attack data, the presence of imbalanced datasets, and the sophisticated nature of modern adversaries. To address these issues, we propose <strong>ConceptUML</strong>, a semantic-driven, fully unsupervised threat detection framework designed to automatically identify anomalies related to lateral movement in heterogeneous log data. ConceptUML is structured around a three-phase architecture. In <em>Phase 1 (Latent Semantic Learning)</em>, contextualized embeddings generated by Sentence-BERT are combined with Non-negative Matrix Factorization to extract abstract concepts from system logs and external threat intelligence sources such as MITRE ATT&CK and CAPEC. In <em>Phase 2 (Unsupervised Threat Detection)</em>, a Hidden Markov Model is applied to cluster logs based on learned concepts, and each cluster is scored according to its semantic similarity to known adversarial techniques. <em>Phase 3 (Decision Refinement)</em> uses topic modelling to further isolate malicious event log subsets from within suspicious clusters, enabling high-precision triage. We evaluate ConceptUML using four real-world event log datasets, including Windows Event Logs and multiple subsets of the LMD-23 dataset, encompassing attacks such as exploitation of hashing techniques and remote services. The enhanced model with topic modelling achieves up to 92.54% detection quality and reduces detection error to as low as 8.14%, outperforming several baseline approaches including AutoEncoder, LogAnomaly, LOF, and DBScan. Our results confirm that ConceptUML delivers interpretable, scalable, and highly effective detection of lateral movement threats without requiring labelled training data or extensive manual feature engineering.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104160"},"PeriodicalIF":3.8,"publicationDate":"2025-07-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144588335","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Image encryption algorithm based on DNA sequence-driven key scrambling and secure hashing","authors":"Abrar Chowdhury , Machbah Uddin , Md. Rakib Hassan , Muhammad Mustagis Billah","doi":"10.1016/j.jisa.2025.104140","DOIUrl":"10.1016/j.jisa.2025.104140","url":null,"abstract":"<div><div>In the evolving landscape of secure image transmission, safeguarding sensitive visual information against unauthorized access remains a critical challenge. This study introduces an innovative DNA-based encryption scheme that leverages the inherent randomness of SHA-256 hashing with mutation, and crossover operations to enhance the security of image encryption. The proposed method transforms image data into a DNA sequence, subsequently encrypted using a key derived from the SHA-256 hash function. This process ensures a robust, non-linear relationship between the original image and the encrypted output, making the encryption resistant to traditional cryptanalytic attacks. Modified results after crossover and other operations of the SHA-256 hash function can produce unique, fixed-length outputs from variable input sizes, introducing a high level of unpredictability and entropy, further securing the encrypted images. The encryption scheme was rigorously tested on various standard image datasets, demonstrating its effectiveness in maintaining image fidelity while providing a strong defense against unauthorized decryption attempts. This experiment underscores the potential of integrating DNA-based encryption with cryptographic hash functions to achieve a new security standard in image transmission.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104140"},"PeriodicalIF":3.8,"publicationDate":"2025-07-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144580162","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Yihua Zhou, Xiongkai Liu, Yuguang Yang, Weimin Shi, Zhenhu Ning
{"title":"Lattice-based forward and backward secure group signature with selective linkability for VANETs","authors":"Yihua Zhou, Xiongkai Liu, Yuguang Yang, Weimin Shi, Zhenhu Ning","doi":"10.1016/j.jisa.2025.104156","DOIUrl":"10.1016/j.jisa.2025.104156","url":null,"abstract":"<div><div>Vehicular Ad Hoc Networks (VANETs) is more and more important in improving transportation efficiency, preventing traffic accidents, and enhancing the comfort of drivers. Group signatures (GS) have been widely studied in VANETs. However, current group signature schemes rarely mention backward security in the event of key leakage, and they lack fine-grained functionalities: selective linkability. Undoubtedly, this is of great importance in VANETs. Based on above issues, this paper proposes a lattice-based forward and backward secure group signature with selective linkability (FBS-LSLGS). We have adopted the Bonsai tree structure to construct a key evolution scheme, which allows users to update keys regularly. Compared to other group signature schemes, our scheme not only provides forward security but also backward security. At the same time, we have restructured the linkability tags in the group signatures so that only specific judgers can determine the linkability between two signatures. Our scheme is based on the Short Integer Solution (SIS) and Learning With Errors (LWE) assumptions, demonstrating good quantum resistance. We conducted the performance analysis on the proposed scheme. And our scheme has been proven to satisfy correctness, full anonymity, forward and backward security, full traceability and selective linkability.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104156"},"PeriodicalIF":3.8,"publicationDate":"2025-07-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144569918","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"AsCred: An anonymous credential system based on batch partial blind signature and polymath","authors":"Xian Guo, Yongjie Zhao, Yudan Cheng, Wenjuan Jia, Yongbo Jiang","doi":"10.1016/j.jisa.2025.104151","DOIUrl":"10.1016/j.jisa.2025.104151","url":null,"abstract":"<div><div>Anonymous credentials are a vital tool for privacy-preserving authentication. However, existing signature-based schemes suffer from two limitations: (1) An issuer can only generate a single signature for an entire attribute set during a credential issuance stage, which makes it inflexible for a user to append new attributes to an existing valid credential; (2) During a selective disclosure phase, a user must compute a commitment for attributes that do not need to be disclosed to prove the authenticity of a selective disclosed attribute, which leads to extra computational overhead. In this paper, a novel anonymous credential system based on batch partial blind signature and Polymath (a zk-SNARK) is proposed, and it is called AsCred. The core ideas of AsCred are that an issuer can batch-sign each attribute within an attribute set in one-round interaction with a user during a credential issuance stage, which enables a user to flexibly append new attributes to an existing valid credential. Moreover, a user can generate a proof using only the attributes that are required to be disclosed and their corresponding signatures, which avoids using unnecessary attributes to calculate a commitment, and the signature information is not revealed by leveraging Polymath. We analyze our novel solution in a scenario where only a single attribute needs to be disclosed. Experimental results demonstrate that proof generation, verification time, and proof size in blind BBS+ signature-based and blind CL-based signature schemes exhibit linear overhead growth with the attribute set size. However, AsCred maintains constant-level performance across all metrics. Specifically, in AsCred, a single proof generation and verification time are 9 ms and 3.9 ms respectively, and the proof size is 342 bytes.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104151"},"PeriodicalIF":3.8,"publicationDate":"2025-07-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144556775","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Peng Yang , Zhuoyang Xie , Hongmei Pei , Tianwai Zhou , Kun Song
{"title":"A secure distributed resolution model for industrial internet identifier based on ordered multi-group signature","authors":"Peng Yang , Zhuoyang Xie , Hongmei Pei , Tianwai Zhou , Kun Song","doi":"10.1016/j.jisa.2025.104143","DOIUrl":"10.1016/j.jisa.2025.104143","url":null,"abstract":"<div><div>The security of the industrial Internet identifier resolution system is critical to ensuring the circulation of data in industrial production. Most existing schemes mainly use blockchain to solve problems such as a single point of failure and the unfair interests of multiple parties in the identifier resolution system. However, these schemes usually ignore the security of source data and transmission of the identifiers, which makes the identifiers vulnerable to manipulation or privacy disclosure. To address these issues, we propose a secure distributed resolution model for industrial Internet identifier based on ordered multi-group signature named SDRMI-OMGS. Specifically, a novel resolution model for industrial Internet identifier is proposed for enhancing the security of the identifiers in SDRMI-OMGS, which includes the Ordered Multi-Group Signature (OMGS) and the improved identifier encoding scheme. We conceive an authentication mechanism with OMGS to achieve trusted authentication of the identifiers and users during identifier resolution. Moreover, we utilize the confidentiality of asymmetric encryption and the immutability of blockchain to implement an identifier encoding scheme, which prevents the identifiers from manipulation or privacy disclosure during transmission. Finally, we prove the security of OMGS in SDRMI-OMGS based on the assumption of the hardness of the Elliptic Curve Discrete Logarithm Problem (ECDLP). Through experiments on the group signature, compared with the baselines, the extensive results show that the signature efficiency and verification of our scheme are increased by 67%, 40%, 58%, 35%, respectively in case of different members and groups.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104143"},"PeriodicalIF":3.8,"publicationDate":"2025-07-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144550038","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Weinan Liu , Jiawen Shi , Hong Wang , Tingting Chen , Zhaoyang Han , Qingqing Li
{"title":"Coordinate plane based authentication method for detecting clone node in wireless sensor networks","authors":"Weinan Liu , Jiawen Shi , Hong Wang , Tingting Chen , Zhaoyang Han , Qingqing Li","doi":"10.1016/j.jisa.2025.104148","DOIUrl":"10.1016/j.jisa.2025.104148","url":null,"abstract":"<div><div>Nowadays, wireless sensor networks (WSNs) have become a very promising technology for automatic data collection in many applications. Due to the feature of limited resource, WSNs are more vulnerable to certain attacks, such as node clone attacks. An adversary can clone a valid member sensor node and place the new clone node within the group to collect information in the group. The clone node has the same information as the cloned one, and can act as if it were the cloned one to obtain the group key, leading to leakage of group communication data. The current solutions have drawbacks; for instance, schemes based on IDS require additional component support. In this paper, a novel authentication scheme is proposed to address node clone attacks, utilizing a coordinate plane instead of geographical locations. This scheme also possesses additional functionalities, effectively managing node additions and revocations while incorporating collusion attack detection. Through theoretical analysis, the detection rate of our scheme is approximately 99.5%. Experimental simulations demonstrate that the practical detection rate of our scheme is 98.4%, which is lower than the theoretical maximum rate but is higher than that of many recent works and does not rely on additional mechanisms such as trust or hierarchical structures. Furthermore, through multiple rounds of detection, the overall detection rate can be further improved, and collusion attacks can be effectively identified.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104148"},"PeriodicalIF":3.8,"publicationDate":"2025-07-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144534635","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Cristian H.M. Souza , Túlio Pascoal , Emidio P. Neto , Galileu B. Sousa , Francisco S.L. Filho , Daniel M. Batista , Felipe S. Dantas Silva
{"title":"SDN-based solutions for malware analysis and detection: State-of-the-art, open issues and research challenges","authors":"Cristian H.M. Souza , Túlio Pascoal , Emidio P. Neto , Galileu B. Sousa , Francisco S.L. Filho , Daniel M. Batista , Felipe S. Dantas Silva","doi":"10.1016/j.jisa.2025.104145","DOIUrl":"10.1016/j.jisa.2025.104145","url":null,"abstract":"<div><div>Software-Defined Networking (SDN) has emerged as a key technology for countering evolving malware threats in 5G and Internet-of-Things (IoT) environments. This paper provides a comprehensive survey of SDN-based strategies for malware analysis and detection, consolidating several hundred candidate works and distilling a focused set of studies published up to April 2025. We examine approaches ranging from static code inspection and heuristic traffic monitoring to advanced machine learning and deep learning frameworks, demonstrating that these methods consistently achieve high detection accuracy with low false-positive rates while imposing only modest latency and resource overhead. We illustrate how SDN’s centralized control and programmable data plane enable rapid policy updates and real-time mitigation of malicious flows, surpassing traditional network defense mechanisms. Our review clarifies how AI-driven techniques enhance the identification of novel and obfuscated malware, and highlights persistent challenges such as the need for standardized datasets, controller scalability, and privacy-preserving inspection. By synthesizing key insights, open issues, and future research directions, this survey underscores the essential role of SDN in fortifying contemporary cybersecurity architectures.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104145"},"PeriodicalIF":3.8,"publicationDate":"2025-07-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144534634","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Yang Yang , Xiangjie Huang , Han Fang , Weiming Zhang
{"title":"IPMN: Invertible privacy-preserving mask network with intellectual property protection","authors":"Yang Yang , Xiangjie Huang , Han Fang , Weiming Zhang","doi":"10.1016/j.jisa.2025.104149","DOIUrl":"10.1016/j.jisa.2025.104149","url":null,"abstract":"<div><div>Facial information is widely used in security fields like identity authentication. But the large number of facial images online makes them vulnerable to unauthorized capture, posing privacy and security risks. Existing face privacy protection methods aim to mitigate these risks. However, many of these methods lack reversibility, making it impossible to restore the original face when needed. Additionally, they often neglect model intellectual property (IP) protection, leaving methods vulnerable to unauthorized stealing. Therefore, to address the shortcomings of existing face privacy protection methods in IP protection, this paper proposes an invertible privacy protection mask network with IP protection. The proposed method consists of two main parts: facial privacy protection and IP protection. For facial privacy protection, the mask generator replaces facial features with other faces and generates the mask, which is then embedded with the watermark to generate the watermarked mask. This watermarked mask conceals the original face by the putting on mask network, and the original face can be restored by the putting off mask network. For IP protection, the watermark extractor network is a key component that can extract the watermark from images of the sender, receiver and attacker to verify the method’s IP. Experimental results show that the proposed method has good effects in both privacy protection and IP protection, providing double security for face privacy protection.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104149"},"PeriodicalIF":3.8,"publicationDate":"2025-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144524298","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}