International Journal of Information Security最新文献

{"title":"Collaborative intrusion detection using weighted ensemble averaging deep neural network for coordinated attack detection in heterogeneous network","authors":"Aulia Arif Wardana, Grzegorz Kołaczek, Arkadiusz Warzyński, Parman Sukarno","doi":"10.1007/s10207-024-00891-3","DOIUrl":"https://doi.org/10.1007/s10207-024-00891-3","url":null,"abstract":"<p>Detecting coordinated attacks in cybersecurity is challenging due to their sophisticated and distributed nature, making traditional Intrusion Detection Systems often ineffective, especially in heterogeneous networks with diverse devices and systems. This research introduces a novel Collaborative Intrusion Detection System (CIDS) using a Weighted Ensemble Averaging Deep Neural Network (WEA-DNN) designed to detect such attacks. The WEA-DNN combines deep learning techniques and ensemble methods to enhance detection capabilities by integrating multiple Deep Neural Network (DNN) models, each trained on different data subsets with varying architectures. Differential Evolution optimizes the model’s contributions by calculating optimal weights, allowing the system to collaboratively analyze network traffic data from diverse sources. Extensive experiments on real-world datasets like CICIDS2017, CSE-CICIDS2018, CICToNIoT, and CICBotIoT show that the CIDS framework achieves an average accuracy of 93.8%, precision of 78.6%, recall of 60.4%, and an F1-score of 62.4%, surpassing traditional ensemble models and matching the performance of local DNN models. This demonstrates the practical benefits of WEA-DNN in improving detection capabilities in real-world heterogeneous network environments, offering superior adaptability and robustness in handling complex attack patterns.</p>","PeriodicalId":50316,"journal":{"name":"International Journal of Information Security","volume":"94 1","pages":""},"PeriodicalIF":3.2,"publicationDate":"2024-07-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141773357","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"The $$mathrm {ACAC_{D}}$$ model for mutable activity control and chain of dependencies in smart and connected systems","authors":"Tanjila Mawla, Maanak Gupta, Safwa Ameer, Ravi Sandhu","doi":"10.1007/s10207-024-00881-5","DOIUrl":"https://doi.org/10.1007/s10207-024-00881-5","url":null,"abstract":"&lt;p&gt;With the integration of connected devices, artificial intelligence, and heterogeneous networks in IoT-driven cyber-physical systems, our society is evolving as a smart, automated, and connected community. In such dynamic and distributed environments, various operations are carried out considering different contextual factors to support the automation of connected devices and systems. These devices often perform long-lived operations or tasks (referred to as activities) to fulfill larger goals in the connected environment. These activities are usually mutable (change states) and interdependent. They can influence the execution of other activities in the ecosystem, requiring &lt;i&gt;active&lt;/i&gt; and real-time monitoring of the entire connected environment. Traditional access control models are designed to take authorization decisions at the time of access request and do not fit well in dynamic and connected environments, which require continuous active checks on dependent and mutable activities. Recently, a vision for activity-centric access control (ACAC) was proposed to enable security modeling and enforcement from the perspective and abstraction of interdependent activities. The proposed ACAC incorporates four decision parameters: Authorizations (A), oBligations (B), Conditions (C), and activity Dependencies (D) for an &lt;i&gt;object agnostic&lt;/i&gt; continuous access control in smart systems. In this paper, we take a step further towards maturing ACAC by focusing on the mutability of activities (the ability of changing states of activities), activity dependencies (D) and developing a family of formal mathematically grounded models, referred to as &lt;span&gt;(mathrm {ACAC_{D}})&lt;/span&gt;. We propose six practically suitable sub-models for &lt;span&gt;(mathrm {ACAC_{D}})&lt;/span&gt; to support the state transition of a mutable activity incorporating the dependent activities’ state-check and state-update procedures. These formal models consider the real-time mutability of activities as a critical factor in resolving &lt;i&gt;active&lt;/i&gt; dependencies among various activities in the ecosystem. Activity dependencies can form a chain where it is possible to have dependencies of dependencies. In ACAC, we also consider the chain of dependencies while handling the mutability of an activity. We highlight the challenges (such as multiple dependency paths, race conditions, circular dependencies, and deadlocks) while dealing with a chain of dependencies, and provide solutions to resolve these challenges. We also present a proof of concept implementation of our proposed &lt;span&gt;(mathrm {ACAC_{D}})&lt;/span&gt; models with performance analysis for a smart farming use case. This paper addresses the formal models’ intended behavior while supporting activities’ dependencies. Specifically, it focuses on developing and categorizing mathematically grounded activity dependencies into various ACAC sub-models without formal policy specification and analysis of theoretical complexities, which are intentionally kept ","PeriodicalId":50316,"journal":{"name":"International Journal of Information Security","volume":"70 1","pages":""},"PeriodicalIF":3.2,"publicationDate":"2024-07-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141741056","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"The awareness of operators: a goal-directed task analysis in SOCs for critical infrastructure","authors":"Håvard Jakobsen Ofte","doi":"10.1007/s10207-024-00872-6","DOIUrl":"https://doi.org/10.1007/s10207-024-00872-6","url":null,"abstract":"<p>Security operation centers (SOCs) are increasingly established to meet the growing threat against cyber security. The operators of SOCs respond to complex incidents under time constraints. Within critical infrastructure, the consequences of human error or low performance in SOCs may be detrimental. In other domains, situation awareness (SA) has proven useful to understand and measure how operators use information and decide the correct actions. Until now, SA research in SOCs has been restricted by a lack of in-depth studies of SA mechanisms. Therefore, this study is the first to conduct a goal-directed task analysis in a SOC for critical infrastructure. The study was conducted through a targeted series of unstructured and semi-structured interviews with SOC operators and their leaders complemented by a review of documents, incident reports, and in situ observation of work within the SOC and real incidents. Among the presented findings is a goal hierarchy alongside a complete overview of the decisions the operators make during escalated incidents. How the operators gain and use SA in these decisions is presented as a complete set of SA requirements. The findings are accompanied by an analysis of contextual differences in how the operators prioritize goals and use information in network incidents and security incidents. This enables a discussion of what SA processes might be automated and which would benefit from different SA models. The study provides a unique insight into the SA of SOC operators and is thus a steppingstone for bridging the knowledge gap of Cyber SA.</p>","PeriodicalId":50316,"journal":{"name":"International Journal of Information Security","volume":"62 1","pages":""},"PeriodicalIF":3.2,"publicationDate":"2024-07-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141740996","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A study on privacy and security aspects of personalised apps","authors":"Stylianos Gerasimou, Konstantinos Limniotis","doi":"10.1007/s10207-024-00887-z","DOIUrl":"https://doi.org/10.1007/s10207-024-00887-z","url":null,"abstract":"<p>This paper studies personalised smart apps, from a data protection and security point of view. More precisely, having as a reference model the provisions stemming from the General Data Protection Regulation, we investigate whether such apps, whose philosophy is based on the provision of personalised services, adopt appropriate data protection techniques, focusing especially on aspects from the data protection by design and by default principles, as well as on their security features. Our analysis over ten popular such Android apps illustrates the existence of several privacy concerns, including the facts that several data processes are by default enabled without requesting users’ consent, as well as that several data processes are not well justified or sufficiently transparent to the users. Moreover, interestingly enough, the apps studied are not free of known security weaknesses.\u0000</p>","PeriodicalId":50316,"journal":{"name":"International Journal of Information Security","volume":"37 1","pages":""},"PeriodicalIF":3.2,"publicationDate":"2024-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141740997","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A few-shot learning based method for industrial internet intrusion detection","authors":"Yahui Wang, Zhiyong Zhang, Kejing Zhao, Peng Wang, Ruirui Wu","doi":"10.1007/s10207-024-00889-x","DOIUrl":"https://doi.org/10.1007/s10207-024-00889-x","url":null,"abstract":"<p>In response to the issue of insufficient model detection capability caused by the lack of labeled samples and the existence of new types of attacks in the industrial internet, a few-shot learning-based intrusion detection method is proposed.The method constructs the encoder of the prototypical network using a one-dimensional convolutional neural network (1D-CNN) and an attention mechanism, and employs the squared Euclidean distance function as the metric function to improve the prototypical network. This approach aims to enhance the accuracy of intrusion detection in scenarios with scarce labeled samples and the presence of new types of attacks.inally, simulation experiments are conducted on the few-shot learning-based intrusion detection system. The results demonstrate that the method achieves accuracy rates of 86.35% and 91.25% on the CIC-IDS 2017 and GasPipline datasets, respectively, while also exhibiting significant advantages in detecting new types of attacks.</p>","PeriodicalId":50316,"journal":{"name":"International Journal of Information Security","volume":"1 1","pages":""},"PeriodicalIF":3.2,"publicationDate":"2024-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141740998","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Information flow control for comparative privacy analyses","authors":"Zubair Ahmad, Stefano Calzavara, Samuele Casarin, Ben Stock","doi":"10.1007/s10207-024-00886-0","DOIUrl":"https://doi.org/10.1007/s10207-024-00886-0","url":null,"abstract":"<p>The prevalence of web tracking and its key characteristics have been extensively investigated by the research community by means of large-scale web measurements. Most such measurements however are limited to the choice of a specific client used for data collection, which is insufficient to characterize the relative privacy guarantees offered by the adoption of different clients to access the Web. Recent work on <i>comparative</i> privacy analyses involving multiple clients is still preliminary and relies on relatively simple heuristics to detect web tracking based on the inspection of HTTP requests, cookies and API usage. In this paper, we propose a more sophisticated methodology based on information flow tracking, which is better suited for the complexity of comparing tracking behavior observed in different clients. After clarifying the key challenges of comparative privacy analyses, we apply our methodology to investigate web tracking practices on the top 10k websites from Tranco as observed by different clients, i.e., Firefox and Brave, under different configuration settings. Our analysis estimates information flow reduction to quantify the privacy benefits offered by the filter lists implemented in Firefox and Brave, as well as the effectiveness of their partitioned storage mechanism against cross-site tracking.</p>","PeriodicalId":50316,"journal":{"name":"International Journal of Information Security","volume":"23 1","pages":""},"PeriodicalIF":3.2,"publicationDate":"2024-07-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141614272","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Trust attack prevention based on Spark-blockchain in social IoT: a survey","authors":"Mariam Masmoudi, Ikram Amous, Corinne Amel Zayani, Florence Sèdes","doi":"10.1007/s10207-024-00885-1","DOIUrl":"https://doi.org/10.1007/s10207-024-00885-1","url":null,"abstract":"<p>Integrating the Internet of Things (IoT) with Social Networks (SN) has given rise to a new paradigm called Social IoT, which allows users and objects to establish social relationships. Nonetheless, trust issues such as attacks have emerged. These attacks can influence service discovery results. A trust management mechanism has become a major challenge in the Social IoT to prevent these attacks and ensure qualified services. A few studies have addressed trust management issues, especially those that prevent trust attacks in Social IoT environments. However, most studies have been dedicated to detect offline attacks with or without specifying the type of attack performed. These works will not be able to prevent attacks by aborting transactions between users because their primary purpose is to detect an offline attack. In addition, they do not consider security properties. This research paper aims to provide a detailed survey on trust management mechanism to handle trust attacks in Social IoT. In this research paper, we compared the techniques and technologies whose common point is attack prevention and demonstrated that blockchain technology can play a key role in developing a trust management mechanism that can prevent trust attacks while maintaining security properties. Then, we proposed combining the Apache Spark Framework with blockchain technology to provide real-time attack prevention. This combination can assist in creating upgraded trust management mechanisms in Social IoT environments. These mechanisms aim to prevent attacks in real-time through considering the security properties. Lack of survey papers in the area of trust attack prevention in real-time stands for an important motivational factor for writing this paper. The current research paper highlights the potential of the blockchain technology and Apache Spark in terms of developing an upgraded trust management able to prevent trust attacks in real-time.This paper provides a comprehensive survey on trust management mechanisms and approaches to handle trust attacks in Social IoT. Lack of such papers increases the significance of this paper. It also offers potential future research directions in terms of real-time trust attack prevention.</p>","PeriodicalId":50316,"journal":{"name":"International Journal of Information Security","volume":"36 1","pages":""},"PeriodicalIF":3.2,"publicationDate":"2024-07-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141614269","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Survey-based analysis of cybersecurity awareness of Turkish seafarers","authors":"Ivar Moen, Aybars Oruc, Ahmed Amro, Vasileios Gkioulos, Georgios Kavallieratos","doi":"10.1007/s10207-024-00884-2","DOIUrl":"https://doi.org/10.1007/s10207-024-00884-2","url":null,"abstract":"<p>In recent years, vessels have become increasingly digitized, reflecting broader societal trends. As a result, maritime operations have become an attractive target for cyber threat actors. Despite the limited cybersecurity training seafarers receive, they are expected to operate within technologically advanced environments. The importance of cybersecurity awareness is evident, but the extent of seafarers’ knowledge in this area remains uncertain. This article investigates three primary aspects: (1) the current state of cybersecurity onboard cargo vessels, (2) seafarers’ cybersecurity awareness, and (3) potential improvements in seafarers’ cybersecurity awareness. To accomplish this, a literature review is conducted to collect and analyze current research, supplemented by a questionnaire survey targeting Turkish seafarers. Our findings support increased investment in awareness and training programs, including organizational-wide cybersecurity awareness efforts, more frequent training, mandatory training for all seafarers through the Standards of Training Certification and Watchkeeping (STCW), and the appointment of a cybersecurity Officer (CySO) to ensure satisfactory cybersecurity levels onboard. Since this article focuses on high-level topics by assessing the general state of maritime cybersecurity and seafarers’ cybersecurity awareness, it does not delve into detailed considerations of awareness and training programs. Nevertheless, it lays the foundation for future research in this area.</p>","PeriodicalId":50316,"journal":{"name":"International Journal of Information Security","volume":"2018 1","pages":""},"PeriodicalIF":3.2,"publicationDate":"2024-07-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141585566","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Using the ACE framework to enforce access and usage control with notifications of revoked access rights","authors":"Marco Rasori, Andrea Saracino, Paolo Mori, Marco Tiloca","doi":"10.1007/s10207-024-00877-1","DOIUrl":"https://doi.org/10.1007/s10207-024-00877-1","url":null,"abstract":"<p>The standard ACE framework provides authentication and authorization mechanisms similar to those of the standard OAuth 2.0 framework, but it is intended for use in Internet-of-Things environments. In particular, ACE relies on OAuth 2.0, CoAP, CBOR, and COSE as its core building blocks. In ACE, a non-constrained entity called Authorization Server issues Access Tokens to Clients according to some access control and policy evaluation mechanism. An Access Token is then consumed by a Resource Server, which verifies the Access Token and lets the Client accordingly access a protected resource it hosts. Access Tokens have a validity which is limited over time, but they can also be revoked by the Authorization Server before they expire. In this work, we propose the Usage Control framework as an underlying access control means for the ACE Authorization Server, and we assess its performance in terms of time required to issue and revoke Access Tokens. Moreover, we implement and evaluate a method relying on the Observe extension for CoAP, which allows to notify Clients and Resource Servers about revoked Access Tokens. Through results obtained in a real testbed, we show how this method reduces the duration of illegitimate access to protected resources following the revocation of an Access Token, as well as the time spent by Clients and Resource Servers to learn about their Access Tokens being revoked.</p>","PeriodicalId":50316,"journal":{"name":"International Journal of Information Security","volume":"39 1","pages":""},"PeriodicalIF":3.2,"publicationDate":"2024-07-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141571849","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Automating shareable cyber threat intelligence production for closed source software vulnerabilities: a deep learning based detection system","authors":"Süleyman Muhammed Arıkan, Aynur Koçak, Mustafa Alkan","doi":"10.1007/s10207-024-00882-4","DOIUrl":"https://doi.org/10.1007/s10207-024-00882-4","url":null,"abstract":"<p>Software can be vulnerable to various types of interference. The production of cyber threat intelligence for closed source software requires significant effort, experience, and many manual steps. The objective of this study is to automate the process of producing cyber threat intelligence, focusing on closed source software vulnerabilities. To achieve our goal, we have developed a system called cti-for-css. Deep learning algorithms were used for detection. To simplify data representation and reduce pre-processing workload, the study proposes the function-as-sentence approach. The MLP, OneDNN, LSTM, and Bi-LSTM algorithms were trained using this approach with the SOSP and NDSS18 binary datasets, and their results were compared. The aforementioned datasets contain buffer error vulnerabilities (CWE-119) and resource management error vulnerabilities (CWE-399). Our results are as successful as the studies in the literature. The system achieved the best performance using Bi-LSTM, with F1 score of 82.4%. Additionally, AUC score of 93.0% was acquired, which is the best in the literature. The study concluded by producing cyber threat intelligence using closed source software. Shareable intelligence was produced in an average of 0.1 s, excluding the detection process. Each record, which was represented using our approach, was classified in under 0.32 s on average.</p>","PeriodicalId":50316,"journal":{"name":"International Journal of Information Security","volume":"19 1","pages":""},"PeriodicalIF":3.2,"publicationDate":"2024-07-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141571956","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}