Journal of Information Security and Applications最新文献

{"title":"QL-PGD: An efficient defense against membership inference attack","authors":"Tuan Dung Pham ,&nbsp;Bao Dung Nguyen ,&nbsp;Son T. Mai ,&nbsp;Viet Cuong Ta","doi":"10.1016/j.jisa.2025.104095","DOIUrl":"10.1016/j.jisa.2025.104095","url":null,"abstract":"<div><div>In membership inference attacks (MIAs), attackers exploit the overfitting phenomenon when training deep learning models to identify whether a specific data sample was used to train a victim model. Consequently, many defenses have been introduced to mitigate the risk of being attacked by MIAs. However, state-of-the-art defenses against MIAs often suffer from poor privacy-utility balance and high training or inference computational time. To overcome these limitations, we propose Quantized Layer-wise Perturbed Gradient Descent (QL-PGD), a novel, lightweight and effective generalization method to protect machine learning models from Membership Inference Attacks. The key idea of QL-PGD is to regularize the model to prevent overfitting by adjusting the injected noise added to the gradient at each layer which explicitly regularizes the gradient passing through it to achieve a stronger privacy defense while maintaining similar levels of accuracy. Moreover, quantization is further performed on both model weight and gradient to reduce computational overhead. Extensive experiments are conducted to evaluate the performance of our method compared to other state-of-the-art generalization defenses against multiple attacks. The results show that QL-PGD can withstand both black-box and white-box attacks and preserve the target model’s utility with efficiency in terms of speed, memory and energy.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"92 ","pages":"Article 104095"},"PeriodicalIF":3.8,"publicationDate":"2025-05-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144134193","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A systematic literature review of log-correlation tools for cyberattack detection and prediction in large networks","authors":"Edward Chuah ,&nbsp;Harsha Kalutarage ,&nbsp;Kasim Tasdemir ,&nbsp;Atnafu Abrham ,&nbsp;Carsten Maple","doi":"10.1016/j.jisa.2025.104096","DOIUrl":"10.1016/j.jisa.2025.104096","url":null,"abstract":"<div><div>System logs are the main source of information available to security analysts to detect and predict cyberattacks on their networks. For example, enterprise networks generate a large volume of system logs including NetFlow data, Linux and Microsoft Windows host logs from multiple routers, servers and client devices. System log-analysis tools that detect or predict cyberattacks in a large network typically analyze the NetFlow data. Therefore, the idea of using a single data source to achieve a given objective, such as detecting or predicting a cyberattack, is losing its validity. Several system log-analysis tools have been developed to assist the security analyst in gaining an understanding of the behavior of their networks. These system log-analysis tools enable security analysts to perform various analyses that include detecting or predicting a cyberattack. The current system log-analysis tools vary significantly in their design and function. A Log-Correlation tool (SysLogCT) is a tool that uses a correlation method in its workflow to extract features or identify patterns of events in the data. We conduct a systematic review of literature (SLR) on SysLogCTs for detecting and predicting cyberattacks, and select 62 representative articles out of 4,599 initial articles. Our selection criteria consist of: (a) general criteria, (b) inclusion criteria, (c) exclusion criteria, and (d) quality assessment criteria. Then, we propose a quality model to evaluate those SysLogCTs. To the best of our knowledge, there is no work that studied the characteristics of SysLogCTs which detect or predict cyberattacks with respect to six quality attributes consisting of: (a) spurious relationships, (b) missing values in the data, (c) correlation threshold value, (d) bias and variance, (e) anomalies in the data, and (f) evaluation metrics. Through our SLR, we (a) identify articles on SysLogCTs which detect or predict cyberattacks, (b) build our quality model consisting of the six quality attributes, (c) use our quality model to evaluate and recommend SysLogCTs, and (d) discuss several challenges for future research. Our work highlights the advantages and limitations of existing SysLogCTs that detected or predicted cyberattacks, and identifies research opportunities that could facilitate better detection and prediction of cyberattacks in large networks.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"92 ","pages":"Article 104096"},"PeriodicalIF":3.8,"publicationDate":"2025-05-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144130921","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Pixel-level compensation and quantization-preserving decoding for HEVC video reversible data hiding","authors":"Pei Zeng,&nbsp;Bo Ou","doi":"10.1016/j.jisa.2025.104093","DOIUrl":"10.1016/j.jisa.2025.104093","url":null,"abstract":"<div><div>Intra-frame distortion drift remains a challenging issue in the field of video reversible data hiding (V-RDH). Previous methods predominantly focus on preventing intra-frame distortion drift, with limited attention to severe intra-block distortion and centralized error caused by modifications on quantization transform coefficients. In this paper, we propose a novel V-RDH method using pixel-level compensation and quantization-preserving decoding strategy for HEVC videos. Since the quantization between the residual values and discrete levels is lossy, we apply precise compensation to the residuals in order to reduce intra-block distortion and improve the visual quality of the reconstructed video. Furthermore, the quantization-preserving decoding is implemented to ensure the accurate extraction of secret message during recompression. Our method effectively reduces intra-block distortion and enhances the visual quality of the decoded video. Moreover, the proposed quantization compensation mechanism demonstrates good applicability and can be applied to various RDH frameworks. The experimental results demonstrate that, compared with the existing methods, the proposed method can obtain the relative PSNR increase rate over 16%, with the bit error rate of less than 1%, and exhibits better resistance against common steganalysis techniques.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"92 ","pages":"Article 104093"},"PeriodicalIF":3.8,"publicationDate":"2025-05-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144123497","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Boomerang cryptanalysis of SAND","authors":"Li Yu ,&nbsp;Je Sen Teh","doi":"10.1016/j.jisa.2025.104086","DOIUrl":"10.1016/j.jisa.2025.104086","url":null,"abstract":"<div><div>This paper investigates the security of a lightweight block cipher <span>SAND</span> that has an AND-RX construction. We evaluate its security against boomerang (and rectangle) attacks. First, we analyse <span>SAND</span>’s boomerang switching properties from the perspective of the AND operation and when <span>SAND</span>’s nonlinear operations are represented by synthetic S-boxes. We then develop an automated search for boomerang trails that uses the boomerang connectivity table. From the initial boomerang trail, we construct a rectangle distinguisher by enumerating other boomerang trails with the same input and output differences. We found 13-round and 17-round rectangle distinguishers for <span>SAND</span>-64 and <span>SAND</span>-128 with distinguishing probabilities <span><math><msup><mrow><mn>2</mn></mrow><mrow><mo>−</mo><mn>43</mn><mo>.</mo><mn>23</mn></mrow></msup></math></span> and <span><math><msup><mrow><mn>2</mn></mrow><mrow><mo>−</mo><mn>95</mn><mo>.</mo><mn>54</mn></mrow></msup></math></span> respectively. These rectangle distinguishers were used in key recovery attacks on 15 and 19 rounds of <span>SAND</span>-64 and <span>SAND</span>-128 with (time/data/memory) complexities of <span><math><mrow><mo>(</mo><msup><mrow><mn>2</mn></mrow><mrow><mn>63</mn><mo>.</mo><mn>09</mn></mrow></msup><mo>,</mo><msup><mrow><mn>2</mn></mrow><mrow><mn>56</mn></mrow></msup><mo>,</mo><msup><mrow><mn>2</mn></mrow><mrow><mn>59</mn></mrow></msup><mo>)</mo></mrow></math></span> and <span><math><mrow><mo>(</mo><msup><mrow><mn>2</mn></mrow><mrow><mn>123</mn><mo>.</mo><mn>75</mn></mrow></msup><mo>,</mo><msup><mrow><mn>2</mn></mrow><mrow><mn>114</mn></mrow></msup><mo>,</mo><msup><mrow><mn>2</mn></mrow><mrow><mn>122</mn></mrow></msup><mo>)</mo></mrow></math></span> respectively. In these attacks, we leverage the fact that input differences propagate deterministically over <span>SAND</span>’s first round. To the best of our knowledge, these are the first boomerang attacks on <span>SAND</span>.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"92 ","pages":"Article 104086"},"PeriodicalIF":3.8,"publicationDate":"2025-05-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144108128","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A comprehensive survey of automated Advanced Persistent Threat attribution: Taxonomy, methods, challenges and open research problems","authors":"Nanda Rani,&nbsp;Bikash Saha,&nbsp;Sandeep Kumar Shukla","doi":"10.1016/j.jisa.2025.104076","DOIUrl":"10.1016/j.jisa.2025.104076","url":null,"abstract":"<div><div>Advanced Persistent Threat (APT) attribution is a critical challenge in cybersecurity and implies the process of accurately identifying the perpetrators behind sophisticated cyber attacks. It can significantly enhance defense mechanisms and inform strategic responses. With the growing prominence of artificial intelligence (AI) and machine learning (ML) techniques, researchers are increasingly focused on developing automated solutions to link cyber threats to responsible actors, moving away from traditional manual methods. Previous literature on automated threat attribution lacks a systematic review of automated methods and relevant artifacts that can aid in the attribution process. To address these gaps and provide context on the current state of threat attribution, we present a comprehensive survey of automated APT attribution. The presented survey starts with understanding the dispersed artifacts and provides a structured taxonomy of the artifacts that aid in attribution. This taxonomy standardizes the attribution process by providing a structured framework to organize and understand diverse artifacts, enabling more consistent classification and systematic evaluation of attribution methods. Additionally, this survey provide a comprehensive classification and comparison of available attribution datasets and automated attribution methods, identifying their strengths, limitations, and practical applicability. Further, we discuss challenges in automated attribution, and point to open research problems. This survey reveals significant opportunities for future research in APT attribution to address current gaps and challenges. By highlighting key challenges and proposing actionable research directions, this survey advances the field of automated threat attribution and provides a foundation for developing more accurate, scalable, and reliable threat attribution systems.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"92 ","pages":"Article 104076"},"PeriodicalIF":3.8,"publicationDate":"2025-05-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144089772","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"QS-CPABE: Quantum-Safe CP-ABE with policy hiding and verifiable policy update for cloud storage","authors":"Sravya Gudipati ,&nbsp;Syamkumar Pasupuleti ,&nbsp;Padmavathy R.","doi":"10.1016/j.jisa.2025.104080","DOIUrl":"10.1016/j.jisa.2025.104080","url":null,"abstract":"<div><div>Ciphertext-Policy Attribute-Based Encryption (CP-ABE) ensures data privacy and fine-grained access control in a cloud environment through its one-to-many encryption feature. However, most of the existing CP-ABE schemes cannot resist quantum attacks as they are constructed from bilinear pairing assumptions. Recently, several lattice-based CP-ABE schemes have been proposed to defend against quantum attacks, but these schemes do not provide mechanisms to hide the policy attributes along with a verifiable policy updating mechanism which is crucial for dynamic access control management in cloud environments. To address these issues, this paper proposes a Quantum-Safe CP-ABE scheme with policy hiding and verifiable policy updates for cloud storage. The security of QS-CPABE is proven against the Chosen Plaintext Attack (CPA) under the Module Learning with Errors (M-LWE) assumptions. The theoretical and experimental analyses demonstrate that QS-CPABE is practical and efficient.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"92 ","pages":"Article 104080"},"PeriodicalIF":3.8,"publicationDate":"2025-05-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144071993","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A lightweight intrusion detection system for connected autonomous vehicles based on ECANet and image encoding","authors":"Zhuoqun Xia ,&nbsp;Longfei Huang ,&nbsp;Jingjing Tan ,&nbsp;Yongbin Yu ,&nbsp;Wei Hao ,&nbsp;Kejun Long","doi":"10.1016/j.jisa.2025.104082","DOIUrl":"10.1016/j.jisa.2025.104082","url":null,"abstract":"<div><div>The Controller Area Network (CAN) bus plays an essential role in Connected Autonomous Vehicles (CAVs), yet its inherent design limitations regarding data protection make it susceptible to malicious intrusions. Contemporary research in intrusion detection predominantly employs Long Short-Term Memory (LSTM) models to analyze CAN IDs as time series data. However, the high computational complexity of LSTM models makes them unsuitable for resource constrained in-vehicle network. To address this problem, a lightweight IDS combining image encoding and an Efficient Channel Attention (ECA) network is proposed. Specifically, three temporal image encoding techniques, Gramian Angular Sum Fields, Markov Transition Fields, and Recurrence Plots are employed to transform CAN ID time-series data into single-channel images, which are then superimposed into three-channel images. A lightweight three-layer convolutional neural network integrated with an ECA module dynamically adjusts channel weights for image classification. Evaluated on real in-vehicle datasets, the method achieves classification accuracies of 99.83%, 99.98%, and 98.75% across three test scenarios with 5.5ms average inference time, demonstrating robust detection capability and computational efficiency.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"92 ","pages":"Article 104082"},"PeriodicalIF":3.8,"publicationDate":"2025-05-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144071994","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Enhancing security in software defined networks: Privacy-preserving intrusion detection with Homomorphic Encryption","authors":"Vankamamidi S. Naresh,&nbsp;D. Ayyappa","doi":"10.1016/j.jisa.2025.104084","DOIUrl":"10.1016/j.jisa.2025.104084","url":null,"abstract":"<div><div>This study proposes a novel privacy-preserving intrusion detection framework for software-defined networks (SDNs) by integrating Homomorphic Encryption (HE) with Deep Neural Networks (DNNs). The framework encrypts network traffic using HE before performing intrusion detection analysis with a DNN model, ensuring data confidentiality while enabling robust threat detection. The proposed approach involves encrypting the dataset, training the DNN-based intrusion detection model on encrypted data, and deploying the model within the SDN architecture. Key findings demonstrate that the DNN achieves high accuracy (87.11 %) on encrypted data, comparable to its performance on unencrypted data (99.99 %), indicating its suitability for secure applications. In contrast, traditional machine learning models such as Logistic Regression, Random Forest, and Decision Tree exhibit decreased accuracy on encrypted data compared to their performance on unencrypted data. The minimal performance difference of the DNN between encrypted and unencrypted datasets highlights its effectiveness for applications prioritizing security and privacy. The proposed framework incorporates encryption at critical stages, from data collection to application deployment, and leverages robust control mechanisms like SDN controllers and open flow switches to strengthen the overall security posture. This study represents a significant step towards achieving privacy-preserving intrusion detection in SDNs, contributing to ongoing efforts to enhance network security while safeguarding data privacy against evolving cybersecurity threats.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"92 ","pages":"Article 104084"},"PeriodicalIF":3.8,"publicationDate":"2025-05-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143931520","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Novel 2D nonlinear sine-log-sqrt-logistic map and staircase block scrambling for a rapid image encryption algorithm","authors":"Meng-meng Wang ,&nbsp;Shun-wen Jin ,&nbsp;Hongxia Wang ,&nbsp;Man-tao Xu ,&nbsp;Si-hang Liu","doi":"10.1016/j.jisa.2025.104085","DOIUrl":"10.1016/j.jisa.2025.104085","url":null,"abstract":"<div><div>In this paper, we propose a nonlinear 2-dimensional hyperchaotic map, called the 2D nonlinear sine-log-sqrt-logistic map (2D-NSLSLM), which introduces both the logarithmic function and the square root function. By incorporating the square root and logarithmic functions, the complexity of its nonlinear characteristics is further enhanced. This increases the dynamic complexity of the system and makes the system difficult to predict. Compared to some 2D chaotic maps, the 2D-NSLSLM exhibits higher sensitivity, a wider chaotic range, and more complex chaotic behavior. To explore its applications, 2D-NSLSLM is applied to formulate an image encryption algorithm with a new structure. The proposed algorithm consists of three steps: three rounds of staircase block scrambling, followed by one round of fast diffusion, and concluding with an additional round of staircase block scrambling. The simulation experiments prove that the structure not only has good anti-multiple-noise attacks and anti-differential attack ability, that is, it cleverly balances the robustness and anti-different attack ability, but also greatly improves the encryption speed. Through experiments and comparisons involving local Shannon entropy, information entropy, chosen plaintext attacks, and differential attacks, the results indicate that the new algorithm provides very secure encryption.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"92 ","pages":"Article 104085"},"PeriodicalIF":3.8,"publicationDate":"2025-05-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143927781","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"If you cannot Measure it, you cannot Secure it. A Case Study on Metrics for Informed Choice of Security Controls","authors":"Md Rayhanur Rahman ,&nbsp;Imranur Rahman ,&nbsp;Laurie Williams","doi":"10.1016/j.jisa.2025.104056","DOIUrl":"10.1016/j.jisa.2025.104056","url":null,"abstract":"<div><div>Information security standards such as the National Institute of Standards and Technology (NIST), and the International Organization for Standardization (ISO) specify hundreds of security controls to protect and defend information systems. However, implementing all the available controls simultaneously can be infeasible for organizations. Controls need to be chosen based on their degree of mitigation over attack techniques. <em>The goal of this research is to help organizations make an informed choice of security controls by proposing a set of metrics for measuring the degree of mitigation of attack techniques.</em> We propose a set of seven metrics to characterize the mitigation by security controls against attack techniques used in cyberattacks. We perform a case study in this paper, where we investigate the 298 NIST SP800-53 security controls and 201 adversarial techniques cataloged in the MITRE ATT&amp;CK. Based on the metrics, we identify that only 107 out of 298 controls are capable of mitigating adversarial techniques. However, we also identify that 50 attack techniques cannot be mitigated by existing controls. We identify 21 critical controls based on the metrics, which also match 90% with NIST-provided priority codes and 70% with NIST-provided baselines, which evaluates the practical relevance of the metrics. Furthermore, we also identify that the critical controls are specified in an abstract manner, which could lead to varying degrees of implementation.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"92 ","pages":"Article 104056"},"PeriodicalIF":3.8,"publicationDate":"2025-05-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143924682","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}