International Journal of Information Security最新文献

{"title":"Real-time system call-based ransomware detection","authors":"","doi":"10.1007/s10207-024-00819-x","DOIUrl":"https://doi.org/10.1007/s10207-024-00819-x","url":null,"abstract":"<h3>Abstract</h3> <p>Ransomware, particularly crypto ransomware, has emerged as the go-to malware for threat actors aiming to compromise data on Android devices as well as in general. In this paper, we present a ransomware detection technique based on behaviours observed in the system calls performed by the malware. We first describe our repeatable and extensible methodology for extracting the system call log and patterns. We then identify and present some common high-level system call behavioural patterns exhibited by crypto ransomware, and evaluate these patterns. We further describe the implementation of a streaming implementation that utilises regular expressions for modelling malware behaviours and finite state machines for detecting crypto ransomware behaviours in real time. The success of our proof of concept evaluation allows us to envision our proposed technique applied as part of a self-protection system on Android phones against malware. </p>","PeriodicalId":50316,"journal":{"name":"International Journal of Information Security","volume":"224 1","pages":""},"PeriodicalIF":3.2,"publicationDate":"2024-03-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140019598","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"RAMA: a risk assessment solution for healthcare organizations","authors":"Michail Smyrlis, Evangelos Floros, Ioannis Basdekis, Dumitru-Bogdan Prelipcean, Aristeidis Sotiropoulos, Herve Debar, Apostolis Zarras, George Spanoudakis","doi":"10.1007/s10207-024-00820-4","DOIUrl":"https://doi.org/10.1007/s10207-024-00820-4","url":null,"abstract":"<p>Recent cyber-attacks targeting healthcare organizations underscore the growing prevalence of the sector as a prime target for malicious activities. As healthcare systems manage and store sensitive personal health information, the imperative for robust cyber security and privacy protocols becomes increasingly evident. Consequently, healthcare institutions are compelled to actively address the intricate cyber security risks inherent in their digital ecosystems. In response, we present RAMA, a risk assessment solution designed to evaluate the security status of cyber systems within critical domain, such as the healthcare one. By leveraging RAMA, both local stakeholders, such as the hospital’s IT personnel, and global actors, including external parties, can assess their organization’s cyber risk profile. Notably, RAMA goes beyond risk quantification; it facilitates a comparative analysis by enabling organizations to measure their performance against average aggregated mean scores, fostering a culture of continuous improvement in cyber security practices. The practical efficacy of RAMA is demonstrated through its deployment across four real-world healthcare IT infrastructures. This study not only underscores the significance of addressing cyber security risks within healthcare but also highlights the value of innovative solutions like RAMA in safeguarding sensitive health information and enhancing the sector’s overall cyber resilience.</p>","PeriodicalId":50316,"journal":{"name":"International Journal of Information Security","volume":"224 1","pages":""},"PeriodicalIF":3.2,"publicationDate":"2024-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140019602","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Pioneering automated vulnerability detection for smart contracts in blockchain using KEVM: Guardian ADRGAN","authors":"Rohini G. Pise, Sonali Patil","doi":"10.1007/s10207-024-00817-z","DOIUrl":"https://doi.org/10.1007/s10207-024-00817-z","url":null,"abstract":"<p>Smart contracts function like specialized computer programs on the blockchain. Many of these contracts are on Ethereum, but sometimes these contracts have problems with security. These problems caused big money losses and made the blockchain less stable. Smart contracts are self-executing with predefined rules and are at the core of many blockchain applications. However, they are susceptible to various vulnerabilities and security risks. Automated vulnerability detection helps identify and mitigate these issues efficiently. Smart Contracts (SC) have become really popular lately. People think they are the future for making deals on blockchains. Smart contracts are like automatic agreements. They work by themselves using special computer programs. They follow the rules of the deal and keep track of everything. The main idea with smart contracts is to get rid of the need for traditional trusted middlemen-like authorities or organizations. Instead, we use code that runs on a secure and unchangeable system. In this manuscript, pioneering automated vulnerability detection for smart contracts in blockchain using KEVM: Guardian ADRGAN (ADRGAN-SCB-KEVM) is proposed. Here, K framework’s Ethereum virtual machine (KEVM) is a computation engine used in this research. From this KEVM, smart contracts data are provided to feature extraction phase. Feature extraction is done using Nested patch-based feature extraction. Then the extracted features are fed to attentive dual residual generative adversarial network (ADRGAN), identifying KEVM smart contracts vulnerabilities. Finally, by using ADRGAN, it is classified as Vulnerable and Non-Vulnerable in smart contracts. The proposed ADRGAN-SCB-KEVM method employed on Python and efficiency of proposed method evaluated with different metrics like Accuracy, Computation Time, Precision, Recall, F1 Score, Specificity, RoC are evaluated. The simulation outcomes prove that the proposed ADRGAN-SCB-KEVM technique attains 41.34%, 31.28%, and 36.38% higher Accuracy for Vulnerable; 32.44%, 38.45%, and 29.47% higher Accuracy for Non-Vulnerable while compared with the existing methods such as Utilizing fault injection to evaluate blockchain systems in the presence of faulty smart contracts (UFI-BS-ESVD), State-of-the-Art Blockchain-Enabled Smart Contract Applications in the University (SA-BESC-ESVD), enhancing Ethereum smart contracts static analysis by computing precise Control-Flow Graph of Ethereum bytecode (EESC-CPC-EBD), respectively.</p>","PeriodicalId":50316,"journal":{"name":"International Journal of Information Security","volume":"11 1","pages":""},"PeriodicalIF":3.2,"publicationDate":"2024-02-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139978330","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Neighbor discovery protocol anomaly-based detection system using neural network algorithm","authors":"","doi":"10.1007/s10207-024-00815-1","DOIUrl":"https://doi.org/10.1007/s10207-024-00815-1","url":null,"abstract":"<h3>Abstract</h3> <p>The exponential increase in Internet-facing devices in the last decade has resulted in IP address exhaustion due to the limitations of the existing IPv4 address space. Therefore, the Internet Engineering Task Force engineered a new version of the Internet protocol known as Internet Protocol Version 6 (IPv6) to resolve the issue. However, IPv6 is highly dependent on the neighbor discovery protocol (NDP), which, unfortunately, has well-known vulnerabilities in its underlying messaging protocol, the Internet Control Message Protocol version 6. So, the NDP flaws leave the IPv6 network open to many security threats and attacks, including man-in-the-middle, spoofing, and denial-of-service attacks, which are the most annoying attack at the network layer. Unfortunately, one of the critical issues plaguing the existing anomaly-based detection system is the effectiveness of detecting NDP-based DDoS attacks, which requires urgent attention. This paper suggests a system to find network traffic patterns that are not normal that are caused by NDP-based attacks. It does this by teaching neural networks how to recognize network attack patterns using the backpropagation algorithm. The proposed system is a big step forward from where the field is now because it uses a complex neural network algorithm to create an NDP anomaly-based detection system. Using a real dataset to test the proposed system’s performance shows that it can find NDP anomalies with a 99.95% success rate, a 99.92% precision rate, a 99.98% recall rate, an F1-Score of 99.98%, and a 0.040% false positive rate. Also, the proposed approach shows better results compared to other existing approaches.</p>","PeriodicalId":50316,"journal":{"name":"International Journal of Information Security","volume":"117 1","pages":""},"PeriodicalIF":3.2,"publicationDate":"2024-02-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139767032","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Robust password security: a genetic programming approach with imbalanced dataset handling","authors":"Nikola Andelić, Sandi Baressi S̆egota, Zlatan Car","doi":"10.1007/s10207-024-00814-2","DOIUrl":"https://doi.org/10.1007/s10207-024-00814-2","url":null,"abstract":"<p>Developing a method for determining password strength using artificial intelligence (AI) is crucial as it enhances cybersecurity by providing a more robust defense against unauthorized access. AI can analyze complex patterns and trends, allowing for the identification of weak passwords and potential vulnerabilities more effectively than traditional methods. This proactive approach helps users and organizations strengthen their security posture, reducing the risk of data breaches and unauthorized intrusions. In this paper, the genetic programming symbolic classifier (GPSC) was applied to the publicly available dataset to obtain a set of symbolic expressions for password strength classification with high classification accuracy. One of the problems with the dataset was an imbalance between classes so various oversampling/undersampling techniques have been utilized. The optimal GPSC hyperparameter values were found using the random hyperparameter value search method. The algorithm was trained using fivefold cross-validation (5FCV). One of the problems with the dataset was an imbalance between classes so various oversampling/undersampling techniques have been utilized. To evaluate obtained SEs, the evaluation metric accuracy, area under receiver operating characteristics curve, precision, recall, and <i>f</i>1-score were used. The obtained SEs on balanced dataset variations achieved high classification accuracy (0.99) and with the application of all SEs on the entire original imbalanced dataset achieved the same accuracy.</p>","PeriodicalId":50316,"journal":{"name":"International Journal of Information Security","volume":"9 2","pages":""},"PeriodicalIF":3.2,"publicationDate":"2024-02-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139765229","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Activity-based payments: alternative (anonymous) online payment model","authors":"Rafał Leszczyna","doi":"10.1007/s10207-024-00816-0","DOIUrl":"https://doi.org/10.1007/s10207-024-00816-0","url":null,"abstract":"<p>Electronic payments are the cornerstone of web-based commerce. A steady decrease in cash usage has been observed, while various digital payment technologies are taking over. They process sensitive personal information raising concerns about its potentially illicit usage. Several payment models that confront this challenge have been proposed. They offer varying levels of anonymity and readiness for adoption. The aim of this study was to broaden the portfolio with a solution that assures the highest level of anonymity and is well applicable. An empirical design research study with prototyping and conceptual research with a proposed construct were employed for this purpose. As a result, the Activity-Based Payment (ABP) model was proposed. It introduces a different mode of completing a payment transaction based on performing specific activities on a web location indicated by the payee. The anonymity properties of the solution, as well as its performance and applicability have been evaluated showing its particular suitability to micropayment and small payment scenarios.</p>","PeriodicalId":50316,"journal":{"name":"International Journal of Information Security","volume":"3 1","pages":""},"PeriodicalIF":3.2,"publicationDate":"2024-02-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139677575","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Maritime decision-makers and cyber security: deck officers’ perception of cyber risks towards IT and OT systems","authors":"","doi":"10.1007/s10207-023-00810-y","DOIUrl":"https://doi.org/10.1007/s10207-023-00810-y","url":null,"abstract":"<h3>Abstract</h3> <p>Through a quantitative study of deck officers’ cyber risk perceptions towards information (IT) and operational (OT) systems, this paper contributes to substantiate the importance of considering human behaviour within maritime cyber security. Using survey data from 293 deck officers working on offshore vessels, statistical analyses were conducted to measure and predict the participants cyber risk perceptions towards IT and OT systems. Performing a Wilcoxon signed-rank test revealed a significant discrepancy in the levels of cyber risk perception between the system categories. Hierarchical regression analyses were conducted to develop statistical models, considering multiple independent variables, including perceived benefit, cyber security training, experience with cyber-attacks, and trust towards various stakeholders. Key findings revealed distinct results for IT and OT systems, and the regression models varied in both predictive power and significance of the independent variables. Perceived benefit positively predicts deck officers cyber risk perception for both IT and OT systems, while trust, which included measures of social trust and confidence, was not found to be significant. Cyber security training and experience with cyber-attacks only influence deck officers’ perception of cyber risks related to operational technology. Practical implications of this work provide actionable recommendations for the maritime industry, including tailored risk communication tools, training programs, reporting systems, and holistic policies.</p>","PeriodicalId":50316,"journal":{"name":"International Journal of Information Security","volume":"17 1","pages":""},"PeriodicalIF":3.2,"publicationDate":"2024-02-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139666357","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Tracing the evolution of cyber resilience: a historical and conceptual review","authors":"Vasiliki Tzavara, Savvas Vassiliadis","doi":"10.1007/s10207-023-00811-x","DOIUrl":"https://doi.org/10.1007/s10207-023-00811-x","url":null,"abstract":"<p>In 2000, during a time when cyber security research was focused on the risks and threats posed by digital systems, the notion of being able to withstand and recover from cyber attacks, also known as cyber resilience, emerged. Recently, this concept has gained increasing attention due to the COVID-19 pandemic and the rapid acceleration of digitalization. While experts acknowledge the distinction between cyber security and cyber resilience, the exact definition and evolution of the latter remain somewhat ambiguous. The aim of this paper is to offer a thorough comprehension of how the notion of cyber resilience has developed throughout history. It delves into the concept of cyber resilience and its progression over time in response to the rising frequency and complexity of cyber threats. Cyber resilience, a new concept, has gained significant recognition as a critical component of cyber security strategy across diverse sectors, encompassing public and private domains alike. It begins with an overview of the definition and key components of cyber resilience and then traces the origin of the concept from its early development in the 2000s. The paper also explores the major milestones and events that have shaped the evolution of this capacity, including changes in technology and societal factors, up to the COVID-19 pandemic outbreak. This study provides valuable insights into future challenges for ensuring the continued resilience of digital infrastructure by examining the historical and contextual factors that have influenced the concept.</p>","PeriodicalId":50316,"journal":{"name":"International Journal of Information Security","volume":"6 1","pages":""},"PeriodicalIF":3.2,"publicationDate":"2024-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139666356","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Blockchain-based BATMAN protocol using mobile ad hoc network (MANET) with an ensemble algorithm","authors":"Upendra Singh, Sumit Kumar Sharma, Mukul Shukla, Preeti Jha","doi":"10.1007/s10207-023-00804-w","DOIUrl":"https://doi.org/10.1007/s10207-023-00804-w","url":null,"abstract":"<p>A MANET is a decentralized type of wireless network of mobile devices, and it can also be defined as an autonomous system of nodes. All the nodes in the network are connected by wireless links and are mobile. They can come together and form a network without any support from any existing network infrastructure. MANET is a new field of study based on blockchain in a wireless ad hoc environment. However, the main challenge for blockchain applications in ad hoc networks is how to adapt to the extreme computational complexity of block validation while preserving the characteristics of the blockchain and including nodes in the validation process. This article proposes a blockchain-based mobile network (MANET) with an ensemble algorithm. The proposed scheme provides a distributed environment for MANETS routing using a blockchain based on the Byzantine fault tolerance (BFT) protocol. Taking advantage of the better approach of mobile ad hoc networking (BATMAN) to incorporate the concept of blockchain into the MANET as a representative protocol. The proposed method named Extended-BATMAN (E-BATMAN) incorporates the concept of blockchain into the BATMAN protocol using MANET. As a secure, distributed, and reliable platform, Blockchain solves most BFT security issues, with each node performing repeated security operations individually. The experimental analysis of the proposed ensemble algorithm is based on four parameters such as packet delivery rate, average end-to-end latency, network throughput, and energy. All of these parameters show better results with the proposed ensemble protocol than with existing state-of-the-art protocols.\u0000</p>","PeriodicalId":50316,"journal":{"name":"International Journal of Information Security","volume":"35 1","pages":""},"PeriodicalIF":3.2,"publicationDate":"2024-01-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140887775","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"From sinking to saving: MITRE ATT &CK and D3FEND frameworks for maritime cybersecurity","authors":"Awais Yousaf, Jianying Zhou","doi":"10.1007/s10207-024-00812-4","DOIUrl":"https://doi.org/10.1007/s10207-024-00812-4","url":null,"abstract":"<p>Cybersecurity is a growing concern for maritime sector. Modern ships are practical realism of cyber physical systems that utilize both information technologies and operational technologies. Cybersecurity incidents on such systems require robust and explainable models that should provide deep insights about the nature of an attack. Many frameworks for modeling of cyber attacks exist, but they cover only the tiny part of modern multidimensional attack surfaces. MITRE ATT &amp;CK is the most comprehensive cyber attack modeling framework that covers the multidimensional nature of modern cyber attacks. MITRE D3FEND is similar to ATT &amp;CK knowledge base, but it represents cyber defense framework. In this paper, we aim to demonstrate the modeling with MITRE ATT &amp;CK and MITRE D3FEND frameworks for maritime cybersecurity. An attack scenario against ballast water management system of the ship is considered and modeled with the help of ATT &amp;CK. Moreover, two defensive mechanisms are suggested. First is created with the help of D3FEND framework and second leverages the strength offered by mitigation techniques of ATT &amp;CK. We believe that the demonstration of MITRE ATT &amp;CK and D3FEND frameworks for modeling of maritime cyber attacks and maritime defense, respectively, would pave the way for the development of future maritime cybersecurity solutions.</p>","PeriodicalId":50316,"journal":{"name":"International Journal of Information Security","volume":"51 1","pages":""},"PeriodicalIF":3.2,"publicationDate":"2024-01-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139509794","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}