IET Information Security最新文献

{"title":"Two-Stage Botnet Detection Method Based on Feature Selection for Industrial Internet of Things","authors":"Jian Shu,&nbsp;Jiazhong Lu","doi":"10.1049/ise2/9984635","DOIUrl":"https://doi.org/10.1049/ise2/9984635","url":null,"abstract":"<div>\u0000 <p>Industrial control systems (ICSs) increasingly leverage the industrial internet of things (IIoTs) for sensor-based automation, enhancing operational efficiency. However, the rapid expansion of the IIoTs brings with it an inherent susceptibility to potential threats from network intrusions, which pose risks to both the network infrastructure and associated equipment. The landscape of botnets is characterized by its diverse array and intricate attack methodologies, spanning a broad spectrum. In recent years, the domain of industrial control has witnessed the emergence of botnets, further accentuating the need for robust security measures. Addressing the challenge of categorizing and detecting the diverse botnet attacks, this paper proposes a two-stage feature selection–based method for botnet detection. In the first stage, a spatiotemporal convolutional recurrent network is employed to construct a hybrid network capable of classifying benign traffic and identifying traffic originating from distinct botnet families. Subsequently, in the second stage, core features specific to the traffic of each botnet family are meticulously screened using the <i>F</i>-test. The identified features are then utilized to categorize the respective attack types through the application of extreme gradient boosting (XGBOOST). To evaluate the efficacy of the proposed method, we conducted experiments using the N-BaIoT dataset under 10 different attack scenarios from the Gafgyt and Mirai botnet families. The results demonstrate that our method achieves a classification accuracy and F1-score exceeding 99%, establishing it as the highest-performing model for botnet detection within this dataset.</p>\u0000 </div>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"2025 1","pages":""},"PeriodicalIF":1.3,"publicationDate":"2025-02-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ise2/9984635","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143396842","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Cryptanalysis of Keyword Confidentiality in a Searchable Public-Key Encryption Scheme Against Malicious Server","authors":"Nan Zhang,&nbsp;Baodong Qin,&nbsp;Dong Zheng","doi":"10.1049/ise2/2464518","DOIUrl":"https://doi.org/10.1049/ise2/2464518","url":null,"abstract":"<div>\u0000 <p>Public-key authenticated encryption with keyword search (PAEKS) is a novel cryptographic primitive to resist against keyword-guessing attacks (KGAs) and preserve the privacy of keywords in both ciphertexts and trapdoors. Recently, a designated-server PAEKS (dPAEKS) scheme was proposed to withstand KGAs. The scheme was claimed to satisfy both multi-ciphertext indistinguishability (MCI) and multi-trapdoor privacy (MTP). However, our cryptanalysis demonstrates that it is insecure against KGAs, where a malicious server (inside attacker) can obtain the information of the keywords embedded in the ciphertext and the trapdoor. As a result, both the MCI and MTP of the scheme are broken. In addition, the paper also shows that it is possible to break the security of MTP, even for an outside attacker. Finally, we also provide a method to fix these security flaws.</p>\u0000 </div>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"2025 1","pages":""},"PeriodicalIF":1.3,"publicationDate":"2025-02-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ise2/2464518","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143186336","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Analyzing the 2021 Kaseya Ransomware Attack: Combined Spearphishing Through SonicWall SSLVPN Vulnerability","authors":"Suman Bhunia,&nbsp;Matthew Blackert,&nbsp;Henry Deal,&nbsp;Andrew DePero,&nbsp;Amar Patra","doi":"10.1049/ise2/1655307","DOIUrl":"https://doi.org/10.1049/ise2/1655307","url":null,"abstract":"<div>\u0000 <p>In July 2021, the IT management software company Kaseya was the victim of a ransomware cyberattack. The perpetrator of this attack was ransomware evil (REvil), an allegedly Russian-based ransomware threat group. This paper addresses the general events of the incident and the actions executed by the constituents involved. The attack was conducted through specially crafted hypertext transfer protocol (HTTP) requests to circumvent authentication and allow hackers to upload malicious payloads through Kaseya’s virtual system administrator (VSA). The attack led to the emergency shutdown of many VSA servers and a federal investigation. REvil has had a tremendous impact performing ransomware operations, including worsening international relations between Russia and world leaders and costing considerable infrastructure damage and millions of dollars in ransom payments. We present an overview of Kaseya’s defense strategy involving customer interaction, a PowerShell script to detect compromised clients, and a cure-all decryption key that unlocks all locked files.</p>\u0000 </div>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"2025 1","pages":""},"PeriodicalIF":1.3,"publicationDate":"2025-01-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ise2/1655307","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143121395","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Navigating Privacy: A Global Comparative Analysis of Data Protection Laws","authors":"Sungjin Lim,&nbsp;Junhyoung Oh","doi":"10.1049/ise2/5536763","DOIUrl":"https://doi.org/10.1049/ise2/5536763","url":null,"abstract":"<div>\u0000 <p>The increasing reliance on big data and artificial intelligence (AI) in the Fourth Industrial Revolution has raised significant concerns about individual privacy protection. This has led various countries to enact or amend privacy protection acts to address these concerns. However, there is a lack of comprehensive research comparing these laws across multiple countries, especially considering recent legislative developments. This study fills this gap by conducting a comparative analysis of privacy information protection acts in five major regions: the European Union (EU), the United States (focusing on California), China, Japan, and South Korea. The analysis explores the diverse approaches to privacy protection adopted by each region, influenced by their unique historical, political, and cultural contexts. For instance, the EU’s General Data Protection Regulation (GDPR) emphasizes individual rights influenced by historical abuses of personal information. At the same time, the California Consumer Privacy Act (CCPA) prioritizes consumer rights within a self-regulatory framework, reflecting the state’s technology-driven economy. The study also examines China’s Personal Information Protection Law (PIPL), which prioritizes national security; Japan’s Act on the Protection of Personal Information (APPI), which navigates the tension between individual privacy and societal norms; and South Korea’s Personal Information Protection Act (PIPA), which balances individual autonomy with a sense of community, reflecting Confucian values. By identifying specific limitations and areas for improvement in each region’s data protection laws, this study contributes to the ongoing discourse on international data privacy regulation. It offers valuable insights for policymakers and stakeholders seeking to navigate the complexities of the data economy while ensuring robust safeguards for individual privacy.</p>\u0000 </div>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"2025 1","pages":""},"PeriodicalIF":1.3,"publicationDate":"2025-01-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ise2/5536763","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143118865","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A Fast Search Method for 3-Share Second-Order Masking Schemes for Lightweight S-Boxes","authors":"Yanhong Fan,&nbsp;Chaoran Wang,&nbsp;Lixuan Wu,&nbsp;Meiqin Wang","doi":"10.1049/ise2/9155041","DOIUrl":"https://doi.org/10.1049/ise2/9155041","url":null,"abstract":"<div>\u0000 <p>Masking schemes are widely adopted strategies for countering side-channel analysis (SCA) attacks. The initial hardware masking strategy, threshold implementation (TI), provides robust security against glitches in hardware platforms. The minimum number of shares required for a TI scheme depends not only on the desired security order but also on the algebraic degree of the target function. For instance, implementing a second-order TI scheme for quadratic nonlinear functions requires at least five shares to ensure security, leading to substantially high implementation costs for higher order TI schemes. To address this issue, Shahmirzadi et al. proposed a method in CHES 2021 for constructing a 3-share second-order masking scheme. Despite its advancements, their search method is complex and time consuming. Our study presents a more efficient search method for a 3-share second-order masking scheme, ensuring both uniformity and second-order probing security. Our approach can find a valid second-order scheme in under a minute, making it tens to over a 1000 times faster than the method described in CHES 2021. Utilizing our methodology, we have effectively constructed second-order secure implementations for several cryptographic primitives (e.g., Keccak, SKINNY, Midori, PRESENT, PRINCE, GIFT, and RECTANGLE) and evaluated their implementation costs and security.</p>\u0000 </div>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"2025 1","pages":""},"PeriodicalIF":1.3,"publicationDate":"2025-01-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ise2/9155041","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143117659","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Cyber–Physical–Social Security of High-DER-Penetrated Smart Grids: Threats, Countermeasures, and Challenges","authors":"Qiuyu Lu,&nbsp;Jun’e Li,&nbsp;Zhao Peng,&nbsp;Ming Ni","doi":"10.1049/ise2/2654550","DOIUrl":"https://doi.org/10.1049/ise2/2654550","url":null,"abstract":"<div>\u0000 <p>With the trend of large-scale renewable distributed energy sources (DERs) penetrating into the smart grids (SGs), the SGs entail heavy reliance on information and communication technologies (ICT) and increasing impact of social behaviors on system operation and management. The SGs can be viewed as cyber–physical–social systems (CPSSs). However, the deep coupling of cyber, physical, and social spaces leads the SGs to be more complex and openness, and thus, a higher risk of exposure to various threats. To study the threats, countermeasures, and challenges of the high-DER-penetrated SGs from a cyber–physical–social perspective, the key features of the SGs on devices, networks, and applications are first analyzed. On this basis, the threats faced by the SGs due to the widespread deployment of terminal devices, open network environments, and the increasing importance of social behaviors are analyzed. Subsequently, the limitations of the deployed security measures in current power systems are discussed, and an overview of the state-of-art countermeasures for the SGs security faced by the threats is organized in three stages: prevention, detection, and mitigation. Finally, the research challenges, key gaps, and future directions for security enhancement of the SGs are also discussed.</p>\u0000 </div>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"2025 1","pages":""},"PeriodicalIF":1.3,"publicationDate":"2025-01-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ise2/2654550","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143113399","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Functional Message Authentication Codes With Message and Function Privacy","authors":"Pu Li,&nbsp;Muhua Liu,&nbsp;Youlin Shang","doi":"10.1049/ise2/1969519","DOIUrl":"https://doi.org/10.1049/ise2/1969519","url":null,"abstract":"<div>\u0000 <p>Functional signatures were allowed anyone to sign any messages in the range of function <i>f</i>, who possesses the secret key <i>s</i><i>k</i>_<i>f</i>. However, the existing construction does not satisfy the property of message and function privacy. In this paper, we propose a new notion which is called functional message authentication codes (MACs). In a functional MAC scheme, there are two types of secret keys. One is a master secret key which can be used to generate a valid tag for any messages. The other is authenticating keys for a function <i>f</i>, which can be used to authenticate any messages belonged to the range of <i>f</i>. Except the unforgeability, we require the proposed functional MAC to satisfy function and message privacy which indicates that the authenticating process reveals nothing other than the function values and the corresponding tags. We give a functional MAC construction based on a functional encryption (FE) scheme with function privacy, a perfectly binding commitment scheme, a standard signature scheme, and a symmetric encryption scheme with semantic security. Then, we show an application of functional MAC to constructing verifiable outsourcing computation, which ensures that the client does not accept an incorrect evaluation from the server with overwhelming probability.</p>\u0000 </div>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"2024 1","pages":""},"PeriodicalIF":1.3,"publicationDate":"2024-12-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ise2/1969519","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142861779","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Lattice-Based CP-ABE for Optimal Broadcast Encryption With Polynomial-Depth Circuits","authors":"Shaohua Ma,&nbsp;Zongqu Zhao,&nbsp;Naifeng Wang,&nbsp;Chunming Zha","doi":"10.1049/ise2/6333508","DOIUrl":"https://doi.org/10.1049/ise2/6333508","url":null,"abstract":"<div>\u0000 <p>Most current broadcast encryption with optimal parameters is limited to Nick’s class 1 (NC1) circuits and does not support polynomial-depth circuits (P-depth circuits), making it difficult to provide flexible access control in broadcast channels among vast user groups. To address this problem, we propose a ciphertext-policy attribute–based encryption (CP-ABE) that supports P-depth circuits on lattices, achieving fully collusion resistance with randomization via the matrix tensors, thereby, making it impossible for unauthorized users to get any details about the plaintext even though they join forces and reducing the security to the evasive learning with errors (evasive LWE). By using matrix tensor–based randomization and evasive LWE, we achieve a new optimal broadcast encryption scheme based on lattice specifically designed to support P-depth circuits. Since the matrices we choose as tensors have a low-norm block diagonal structure, the use of evasive LWE is sufficient to ensure security for our scheme. Compared with similar studies, it not only avoids being involved with low-norm matrices that restrict the system to NC1 circuits, but also eliminates the need for an additional assumption of the unproven tensor LWE. In addition, the use of matrix tensors further expands the dimensionality, which in turn enables the encryption of bit strings rather than a single bit, significantly reducing ciphertext expansion. Meanwhile, the CP-ABE that we use to achieve the broadcast encryption scheme has a more compact ciphertext with a parameter size of <i>O</i>(<i>m</i>² · <i>d</i>).</p>\u0000 </div>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"2024 1","pages":""},"PeriodicalIF":1.3,"publicationDate":"2024-11-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ise2/6333508","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142749076","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A Comprehensive Investigation of Anomaly Detection Methods in Deep Learning and Machine Learning: 2019–2023","authors":"Shalini Kumari,&nbsp;Chander Prabha,&nbsp;Asif Karim,&nbsp;Md. Mehedi Hassan,&nbsp;Sami Azam","doi":"10.1049/2024/8821891","DOIUrl":"https://doi.org/10.1049/2024/8821891","url":null,"abstract":"<div>\u0000 <p>Almost 85% of companies polled said they were looking into anomaly detection (AD) technologies for their industrial image anomalies. The present problem concerns detecting anomalies often occupied by redundant data. It can be either in images or in videos. Finding a correct pattern is a challenging task. AD is crucial for various applications, including network security, fraud detection, predictive maintenance, fault diagnosis, and industrial and healthcare monitoring. Many researchers have proposed numerous methods and worked in the area of AD. Multiple anomalies and considerable intraclass variation make industrial datasets tough. Further, research is needed to create robust, efficient techniques that generalize datasets and detect anomalies in complex industrial images. The outcome of this study focuses on various AD methods from 2019 to 2023. These techniques are categorized further into machine learning (ML), deep learning (DL), and federated learning (FL). It explores AD approaches, datasets, technologies, complexities, and obstacles, emphasizing the requirement for effective detection across domains. It explores the results achieved in various ML, DL, and FL AD methods, which helps researchers explore these techniques further. Future research directions include improving model performance, leveraging multiple validation techniques, optimizing resource utilization, generating high-quality datasets, and focusing on real-world applications. The paper addresses the changing environment of AD methods and emphasizes the importance of continuing research and innovation. Each ML and DL AD model has strengths and shortcomings, concentrating on accuracy and performance while applying quality parameters for evaluation. FL provides a collaborative way to improve AD using distributed data sources and data privacy.</p>\u0000 </div>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"2024 1","pages":""},"PeriodicalIF":1.3,"publicationDate":"2024-11-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/2024/8821891","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142708348","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A Trust Based Anomaly Detection Scheme Using a Hybrid Deep Learning Model for IoT Routing Attacks Mitigation","authors":"Khatereh Ahmadi,&nbsp;Reza Javidan","doi":"10.1049/2024/4449798","DOIUrl":"https://doi.org/10.1049/2024/4449798","url":null,"abstract":"<div>\u0000 <p>Internet of Things (IoT), as a remarkable paradigm, establishes a wide range of applications in various industries like healthcare, smart homes, smart cities, agriculture, transportation, and military domains. This widespread technology provides a general platform for heterogeneous objects to connect, exchange, and process gathered information. Beside significant efficiency and productivity impacts of IoT technology, security and privacy concerns have emerged more than ever. The routing protocol for low power and lossy networks (RPL) which is standardized for IoT environment, suffers from the basic security considerations, which makes it vulnerable to many well-known attacks. Several security solutions have been proposed to address routing attacks detection in RPL–based IoT, most of which are based on machine learning techniques, intrusion detection systems and trust-based approaches. Securing RPL–based IoT networks is challenging because resource constraint IoT devices are connected to untrusted Internet, the communication links are lossy and the devices use a set of novel and heterogenous technologies. Therefore, providing light-weight security mechanisms play a vital role in timely detection and prevention of IoT routing attacks. In this paper, we proposed a novel anomaly detection–based trust management model using the concepts of sequence prediction and deep learning. We have formulated the problem of routing behavior anomaly detection as a time series forecasting method, which is solved based on a stacked long–short term memory (LSTM) sequence to sequence autoencoder; that is, a hybrid training model of recurrent neural networks and autoencoders. The proposed model is then utilized to provide a detection mechanism to address four prevalent and destructive RPL attacks including: black-hole attack, destination-oriented directed acyclic graph (DODAG) information solicitation (DIS) flooding attack, version number (VN) attack, and decreased rank (DR) attack. In order to evaluate the efficiency and effectiveness of the proposed model in timely detection of RPL–specific routing attacks, we have implemented the proposed model on several RPL–based IoT scenarios simulated using Contiki Cooja simulator separately, and the results have been compared in details. According to the presented results, the implemented detection scheme on all attack scenarios, demonstrated that the trend of estimated anomaly between real and predicted routing behavior is similar to the evaluated attack frequency of malicious nodes during the RPL process and in contrast, analyzed trust scores represent an opposite pattern, which shows high accurate and timely detection of attack incidences using our proposed trust scheme.</p>\u0000 </div>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"2024 1","pages":""},"PeriodicalIF":1.3,"publicationDate":"2024-11-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/2024/4449798","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142708347","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}