International Journal of Information Security最新文献_第2页

A distributed and cooperative signature-based intrusion detection system framework for multi-channel man-in-the-middle attacks against protected Wi-Fi networks 针对受保护 Wi-Fi 网络的多通道中间人攻击的分布式合作签名入侵检测系统框架

IF 3.2 4区计算机科学

International Journal of Information Security Pub Date : 2024-08-14 DOI: 10.1007/s10207-024-00899-9

Manesh Thankappan, Helena Rifà-Pous, Carles Garrigues

{"title":"A distributed and cooperative signature-based intrusion detection system framework for multi-channel man-in-the-middle attacks against protected Wi-Fi networks","authors":"Manesh Thankappan, Helena Rifà-Pous, Carles Garrigues","doi":"10.1007/s10207-024-00899-9","DOIUrl":"https://doi.org/10.1007/s10207-024-00899-9","url":null,"abstract":"A Multi-Channel Man-in-the-Middle (MC-MitM) attack is an advanced form of MitM attack, characterized by its ability to manipulate encrypted wireless communications between the Access Point (AP) and clients within a WiFi network. MC-MitM attacks can target any Wi-Fi client, regardless of the authentication method used with the AP. Notable examples of such attacks include Key Reinstallation Attacks and FragAttacks, which have impacted millions of WiFi systems worldwide, especially those involving Internet of Things devices. Current defense mechanisms are inadequate against these attacks due to interoperability challenges and the need for modifications to devices or protocols within the targeted Wi-Fi networks. This paper introduces a distributed and cooperative signature-based wireless intrusion detection mechanism designed for online passive monitoring to detect malicious traffic patterns during MC-MitM attacks in any environment, from apartments and houses to large areas like hotels, offices or industrial sites. We implemented the proposed framework on Raspberry Pis and evaluated it in real-world settings. Our evaluation demonstrates that this framework can effectively identify MC-MitM attacks with an average accuracy of 98% when deployed across different locations within our experimental testbed.\u0000","PeriodicalId":50316,"journal":{"name":"International Journal of Information Security","volume":"6 1","pages":""},"PeriodicalIF":3.2,"publicationDate":"2024-08-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142207474","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Defect-scanner: a comparative empirical study on language model and deep learning approach for software vulnerability detection 缺陷扫描仪：用于软件漏洞检测的语言模型和深度学习方法的比较实证研究

IF 3.2 4区计算机科学

International Journal of Information Security Pub Date : 2024-08-13 DOI: 10.1007/s10207-024-00901-4

Van-Hau Pham, Do Thi Thu Hien, Hien Do Hoang, Phan The Duy

{"title":"Defect-scanner: a comparative empirical study on language model and deep learning approach for software vulnerability detection","authors":"Van-Hau Pham, Do Thi Thu Hien, Hien Do Hoang, Phan The Duy","doi":"10.1007/s10207-024-00901-4","DOIUrl":"https://doi.org/10.1007/s10207-024-00901-4","url":null,"abstract":"The complex and rapidly evolving nature of modern software landscapes introduces challenges such as increasingly sophisticated cyber threats, the diversity in programming languages and coding styles, and the need to identify subtle patterns indicative of vulnerabilities. These hurdles underscore the necessity for advanced techniques that can effectively cope with the intricacies of software security. Hence, this paper gives a comparative empirical study in harnessing the potential of cutting-edge natural language processing (NLP) advancements, namely Word2Vec and CodeBERT to detect vulnerabilities in C and C++ programs in the proposed Defect-Scanner framework. With the capability of converting code components and source code into contextual embedding vectors, various potential NLP techniques are combined with several DL models to evaluate the precision and accuracy of identifying vulnerabilities within software systems. Moreover, the experimentations are conducted using datasets with different representation types of codes, aiming to figure out the best combination of NLP techniques and DL models to work with each form of input. As a result, besides the outperformance of CodeBERT-based models with accuracies of approximately 90%, this comparative study also provides a comprehensive evaluation of NLP-based software vulnerability detection in the face of intricate security challenges.","PeriodicalId":50316,"journal":{"name":"International Journal of Information Security","volume":"77 1","pages":""},"PeriodicalIF":3.2,"publicationDate":"2024-08-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142207473","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A TCP-based covert channel with integrity check and retransmission 基于 TCP 的隐蔽信道，具有完整性检查和重传功能

IF 3.2 4区计算机科学

International Journal of Information Security Pub Date : 2024-08-12 DOI: 10.1007/s10207-024-00879-z

Stefano Bistarelli, Andrea Imparato, Francesco Santini

引用次数: 0

Unmasking SDN flow table saturation: fingerprinting, attacks and defenses 揭开 SDN 流量表饱和的面纱：指纹识别、攻击与防御

IF 3.2 4区计算机科学

International Journal of Information Security Pub Date : 2024-08-04 DOI: 10.1007/s10207-024-00897-x

Beytüllah Yiğit, Gürkan Gür, Bernhard Tellenbach, Fatih Alagöz

引用次数: 0

Deep learning based network intrusion detection system: a systematic literature review and future scopes 基于深度学习的网络入侵检测系统：系统文献综述与未来展望

IF 3.2 4区计算机科学

International Journal of Information Security Pub Date : 2024-08-02 DOI: 10.1007/s10207-024-00896-y

Yogesh, Lalit Mohan Goyal

{"title":"Deep learning based network intrusion detection system: a systematic literature review and future scopes","authors":"Yogesh, Lalit Mohan Goyal","doi":"10.1007/s10207-024-00896-y","DOIUrl":"https://doi.org/10.1007/s10207-024-00896-y","url":null,"abstract":"With the immense growth of the internet, sensitive, confidential, important corporate and individual data passing through the internet has grown rapidly. Due to the limitation of security systems, potential hackers and attackers have possessed vulnerabilities and attacks for intruding into the network to gain confidential and sensitive information to affect the performance of networks by breaching network confidentiality. Thereby, to counterfeit these attacks and abnormal behaviors, a network intrusion detection system (NIDS), acts as a crucial branch of cybersecurity for analysis and monitoring the network traffic regularly to report and detect abnormal and malicious activities in a network. Currently, various reviews and survey papers have covered various techniques for NIDS, out of which, mostly followed a non-systematic way of approach without an in-depth analysis of techniques and evaluation metrics used by deep learning(DL) based NIDS models. In addition, various reviews focused on machine learning (ML) and DL-based methodology, but with less emphasis on DL techniques (i.e. AE, CNN, DNN, DBN, RNN, and Hybrid DL) based classification. Thereby, the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) methodology was used to accomplish this work by providing a comprehensive and detailed overview of DL-based NIDS. Research papers for this work were collected from five well-known databases (ScienceDirect, IEEE, Hindawi, SpringerNature, and MDPI) which were cut among several reputable conference proceedings and reputable journals. Across the 750 articles identified in the literature, 72 research papers were finally marked and selected for synthesis and analysis to find the answers to research questions. In addition, we identified various potential research challenges in the current domain based on research findings. Lastly, to design an efficient NIDS, we concluded our study by identifying high-impact and promising future research areas in the NIDS domain.","PeriodicalId":50316,"journal":{"name":"International Journal of Information Security","volume":"216 1","pages":""},"PeriodicalIF":3.2,"publicationDate":"2024-08-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141882884","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Privacy-preserving two-party computation of line segment intersection 保护隐私的线段相交双方计算

IF 3.2 4区计算机科学

International Journal of Information Security Pub Date : 2024-07-31 DOI: 10.1007/s10207-024-00895-z

Sorour Sheidani, Alireza Zarei

{"title":"Privacy-preserving two-party computation of line segment intersection","authors":"Sorour Sheidani, Alireza Zarei","doi":"10.1007/s10207-024-00895-z","DOIUrl":"https://doi.org/10.1007/s10207-024-00895-z","url":null,"abstract":"By considering maps and routes as sequences of line segments, their intersections can be computed to find out useful information like the possibility of collision in a military area where the parties do not trust each other. At the first glance, finding the coordinates of the intersections is seemed impossible to be solved securely since having coordinates of two intersection points on the same line reveals the passing line. In this paper, we solve this problem by suggesting a secure two-party protocol in presence of passive adversaries. Additionally, regarding the fact that in some cases, the fixedness of the inputs of the parties in classic security models is an unrealistic assumption, we define the new concept of input-adaptive security and show that our method is secure against such an adversary who is able to select his inputs adaptively. In addition to serve different approaches like oblivious transfer and sometimes homomorphic encryption, we also employ some tricks to prevent the distribution of harmful information between specific parties to achieve our intended security level. We provide formal proofs to show the security of our protocol. Time complexity analysis and implementations show that our protocol finds the intersections in feasible time of ({mathcal {O}}(n log n)) and indicate that our protocol is as good as the unsecure optimal method of line segment intersection computation. In comparison, previous methods require (O(n^2)) to only detect the existence of intersection between two sets of n line segments and are unable to find the coordinates of the intersections.","PeriodicalId":50316,"journal":{"name":"International Journal of Information Security","volume":"44 1","pages":""},"PeriodicalIF":3.2,"publicationDate":"2024-07-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141869942","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Early mitigation of CPU-optimized ransomware using monitoring encryption instructions 利用监控加密指令及早缓解 CPU 优化的勒索软件

IF 3.2 4区计算机科学

International Journal of Information Security Pub Date : 2024-07-30 DOI: 10.1007/s10207-024-00892-2

Shuhei Enomoto, Hiroki Kuzuno, Hiroshi Yamada, Yoshiaki Shiraishi, Masakatu Morii

{"title":"Early mitigation of CPU-optimized ransomware using monitoring encryption instructions","authors":"Shuhei Enomoto, Hiroki Kuzuno, Hiroshi Yamada, Yoshiaki Shiraishi, Masakatu Morii","doi":"10.1007/s10207-024-00892-2","DOIUrl":"https://doi.org/10.1007/s10207-024-00892-2","url":null,"abstract":"Ransomware attacks pose a significant threat to information systems. Server hosts, including cloud infrastructure as a service, are prime targets for ransomware developers. To address this, security mechanisms, such as antivirus software, have proven effective. Moreover, research on ransomware detection advocates for behavior-based finding mechanisms while ransomware is in operation. In response to evolving detections, ransomware developers are now adapting an optimized design tailored for CPU architecture (CPU-optimized ransomware). This variant can rapidly encrypt files, potentially evading detection by traditional antivirus methods that rely on fixed time intervals for file scans. In ransomware detection research, numerous files can be encrypted by CPU-optimized ransomware until malicious activity is detected. This study proposes an early mitigation mechanism named CryptoSniffer, which is designed specifically to counter CPU-optimized ransomware attacks on server hosts. CryptoSniffer focuses on the misuse of CPU architecture-specific encryption instructions for swift file encryption by CPU-optimized ransomware. This can be achieved by capturing the ciphertext in user processes and thwarting file encryption by scrutinizing the content intended for writing. To demonstrate the efficacy of CryptoSniffer, the mechanism was implemented in the latest Linux kernel, and its security and performance were systematically evaluated. The experimental results demonstrate that CryptoSniffer successfully prevents real-world CPU-optimized ransomware, and the performance overhead is well-suited for practical applications.","PeriodicalId":50316,"journal":{"name":"International Journal of Information Security","volume":"2 1","pages":""},"PeriodicalIF":3.2,"publicationDate":"2024-07-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141869943","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Press play, install malware: a study of rhythm game-based malware dropping 按下播放键，安装恶意软件：基于节奏游戏的恶意软件下载研究

IF 3.2 4区计算机科学

International Journal of Information Security Pub Date : 2024-07-29 DOI: 10.1007/s10207-024-00893-1

Efstratios Vasilellis, Grigoris Gkionis, Dimitris Gritzalis

{"title":"Press play, install malware: a study of rhythm game-based malware dropping","authors":"Efstratios Vasilellis, Grigoris Gkionis, Dimitris Gritzalis","doi":"10.1007/s10207-024-00893-1","DOIUrl":"https://doi.org/10.1007/s10207-024-00893-1","url":null,"abstract":"Malware remains a major cybersecurity threat, often evading traditional detection methods. This study builds on our previous research with Tetris to present a more efficient covert channel attack using a Trojanized version of the rhythm game “Guitar Hero”. This new method delivers and executes malicious payloads in under 2.5 min, significantly faster than our previous Tetris-based approach. The engaging and musical nature of the rhythm game makes it more appealing to users, increasing the likelihood of attracting potential victims compared to the more monotonous Tetris. The attack encodes payloads into game levels, compelling users to make specific moves that unknowingly assemble malware on their devices, thereby evading detection. This study is the second to introduce gamification in malware transmission and the first to “force” user actions to achieve the objectives of the attacker. We provide a detailed analysis of this attack and suggest countermeasures, highlighting the necessity of human-based dynamic malware analysis and enhanced user awareness. Our findings underscore the evolving nature of cyber threats and the urgent need for innovative defensive strategies to address such sophisticated covert channel attacks.\u0000","PeriodicalId":50316,"journal":{"name":"International Journal of Information Security","volume":"14 1","pages":""},"PeriodicalIF":3.2,"publicationDate":"2024-07-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141869945","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Mitigation of privilege escalation attack using kernel data relocation mechanism 利用内核数据迁移机制缓解权限升级攻击

IF 3.2 4区计算机科学

International Journal of Information Security Pub Date : 2024-07-25 DOI: 10.1007/s10207-024-00890-4

Hiroki Kuzuno, Toshihiro Yamauchi

{"title":"Mitigation of privilege escalation attack using kernel data relocation mechanism","authors":"Hiroki Kuzuno, Toshihiro Yamauchi","doi":"10.1007/s10207-024-00890-4","DOIUrl":"https://doi.org/10.1007/s10207-024-00890-4","url":null,"abstract":"Kernel memory corruption, which leads to a privilege escalation attack, has been reported as a security threat to operating systems. To mitigate privilege escalation attacks, several security mechanisms are proposed. Kernel address space layout randomization randomizes kernel code and data virtual address layout on the kernel memory. Privileged information protection methods monitor and restore illegal privilege modifications. Therefore, if an adversary identifies the kernel data containing privileged information, an adversary can achieve the privilege escalation in a running kernel. This paper proposes a kernel data relocation mechanism (KDRM) that dynamically relocates privileged information in the running kernel to mitigate privilege escalation attacks. The KDRM introduces the relocation-only page into the kernel. The relocation-only page allows the virtual address of the privileged information to change by dynamically relocating for the user process. One of the relocation-only pages is randomly selected to store the privileged information at the system call invocations. The evaluation results indicate the possibility of mitigating privilege escalation attacks through direct memory overwriting by user processes on Linux with KDRM. The KDRM showed an acceptable performance cost. The overhead of a system call was up to 11.52%, and the kernel performance score was 0.11%.","PeriodicalId":50316,"journal":{"name":"International Journal of Information Security","volume":"2 1","pages":""},"PeriodicalIF":3.2,"publicationDate":"2024-07-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141773466","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A comprehensive analysis on software vulnerability detection datasets: trends, challenges, and road ahead 软件漏洞检测数据集综合分析：趋势、挑战和未来之路

IF 3.2 4区计算机科学

International Journal of Information Security Pub Date : 2024-07-23 DOI: 10.1007/s10207-024-00888-y

Yuejun Guo, Seifeddine Bettaieb, Fran Casino

{"title":"A comprehensive analysis on software vulnerability detection datasets: trends, challenges, and road ahead","authors":"Yuejun Guo, Seifeddine Bettaieb, Fran Casino","doi":"10.1007/s10207-024-00888-y","DOIUrl":"https://doi.org/10.1007/s10207-024-00888-y","url":null,"abstract":"As society’s dependence on information and communication systems (ICTs) grows, so does the necessity of guaranteeing the proper functioning and use of such systems. In this context, it is critical to enhance the security and robustness of the DevSecOps pipeline through timely vulnerability detection. Usually, AI-based models enable desirable features such as automation, performance, and efficacy. However, the quality of such models highly depends on the datasets used during the training stage. The latter encompasses a series of challenges yet to be solved, such as access to extensive labelled datasets with specific properties, such as well-represented and balanced samples. This article explores the current state of practice of software vulnerability datasets and provides a classification of the main challenges and issues. After an extensive analysis, it describes a set of guidelines and desirable features that datasets should guarantee. The latter is applied to create a new dataset, which fulfils these properties, along with a descriptive comparison with the state of the art. Finally, a discussion on how to foster good practices among researchers and practitioners sets the ground for further research and continued improvement within this critical domain.","PeriodicalId":50316,"journal":{"name":"International Journal of Information Security","volume":"17 1","pages":""},"PeriodicalIF":3.2,"publicationDate":"2024-07-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141773356","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0