Computer Standards & Interfaces最新文献_第2页

USBIPS framework: Protecting hosts from malicious USB peripherals USBIPS框架：保护主机免受恶意USB外设的攻击

IF 4.1 2区计算机科学

Computer Standards & Interfaces Pub Date : 2025-06-25 DOI: 10.1016/j.csi.2025.104040

Chun-Yi Wang , Fu-Hau Hsu

{"title":"USBIPS framework: Protecting hosts from malicious USB peripherals","authors":"Chun-Yi Wang , Fu-Hau Hsu","doi":"10.1016/j.csi.2025.104040","DOIUrl":"10.1016/j.csi.2025.104040","url":null,"abstract":"<div><div>Universal Serial Bus (USB)-based attacks have increased in complexity in recent years. Modern attacks incorporate a wide range of attack vectors, from social engineering to signal injection. The security community is addressing these challenges using a growing set of fragmented defenses. Regardless of the vector of a USB-based attack, the most important risks concerning most people and enterprises are service crashes and data loss. The host OS manages USB peripherals, and malicious USB peripherals, such as those infected with BadUSB, can crash a service or steal data from the OS. Although USB firewalls have been proposed to thwart malicious USB peripherals, such as USBFilter and USBGuard, their effect is limited for preventing real-world intrusions. This paper focuses on building a security framework called USBIPS within Windows OSs to defend against malicious USB peripherals. This includes major efforts to explore the nature of malicious behavior and achieve persistent protection from USB-based intrusions. Herein, we first introduce an allowlisting-based method for USB access control. We then present a behavior-based detection mechanism focusing on attacks integrated into USB peripherals. Finally, we propose a novel approach that combines cross-layer methods to build the first generic security framework that thwarts USB-based intrusions. Within a centralized threat analysis framework, the approach provides persistent protection and may detect unknown malicious behavior. By addressing key security and performance challenges, these efforts help modern OSs against attacks from untrusted USB peripherals.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"95 ","pages":"Article 104040"},"PeriodicalIF":4.1,"publicationDate":"2025-06-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144524015","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Quality assessment of GPT-3.5 and Gemini 1.0 Pro for SQL syntax GPT-3.5和Gemini 1.0 Pro SQL语法质量评估

IF 4.1 2区计算机科学

Computer Standards & Interfaces Pub Date : 2025-06-24 DOI: 10.1016/j.csi.2025.104041

Cosmina-Mihaela Rosca , Adrian Stancu

{"title":"Quality assessment of GPT-3.5 and Gemini 1.0 Pro for SQL syntax","authors":"Cosmina-Mihaela Rosca , Adrian Stancu","doi":"10.1016/j.csi.2025.104041","DOIUrl":"10.1016/j.csi.2025.104041","url":null,"abstract":"<div><div>Nowadays, GPT-3.5 and Gemini 1.0 Pro are employed for various tasks, both for personal and professional use, in multiple domains like education, economy, computer science, etc. Given the increase in users, knowing the quality level of these artificial intelligence (AI) tools is important. Thus, the paper presents a comparative analysis of syntax accuracy generated for SQL databases utilizing the services of GPT-3.5 and Gemini 1.0 Pro. Firstly, the algorithms for testing GPT-3.5 and Gemini 1.0 Pro were developed. Secondly, five types of tests, which implied 700 queries, were conducted by considering requirements with low and high degrees of difficulty. The tests focus on syntax-generated accuracy using an experimental (NorthWind) database, syntax-generated accuracy study using a user-made database, syntax correction accuracy, different responses to the same question on the same account, and different responses to the same question on other accounts. The accuracy obtained for all tests revealed that the GPT-3.5 service has a value of 87 % for SQL syntax generation or correction, whereas the Gemini 1.0 Pro service has an accuracy of 80 %. These results underscore the effectiveness of GPT-3.5 and Gemini 1.0 Pro in assisting with SQL syntax tasks, albeit with differing levels of precision. The findings highlight the significance of human supervision and validation in ensuring the correctness of AI-generated responses, particularly in database-related tasks. The results affect developers and database administrators when selecting appropriate tools for query requirements. For now, replacing programmers with GPT-3.5 and Gemini 1.0 Pro is impossible.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"95 ","pages":"Article 104041"},"PeriodicalIF":4.1,"publicationDate":"2025-06-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144489567","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Blockchain beyond immutability: Application firewalls on ethereum-based platforms 区块链超越不变性：基于以太坊平台的应用程序防火墙

IF 4.1 2区计算机科学

Computer Standards & Interfaces Pub Date : 2025-06-23 DOI: 10.1016/j.csi.2025.104038

Christian Delgado-von-Eitzen, Manuel José Fernández-Iglesias, Luis Anido-Rifón, Fernando A. Mikic-Fonte

{"title":"Blockchain beyond immutability: Application firewalls on ethereum-based platforms","authors":"Christian Delgado-von-Eitzen, Manuel José Fernández-Iglesias, Luis Anido-Rifón, Fernando A. Mikic-Fonte","doi":"10.1016/j.csi.2025.104038","DOIUrl":"10.1016/j.csi.2025.104038","url":null,"abstract":"<div><div>Blockchain is a technology that gained relevance in various fields due to its transparency and security in recording information in a reliable and immutable manner. In particular, the adoption of private blockchain platforms based on the Ethereum technology grew significantly in enterprise environments. However, there are certain issues concerning privacy and access control that may pose significant challenges in scenarios where private transactions occur between user agents instead of nodes, that is, between blockchain accounts that are not necessarily attached to specific nodes. The Blockchain Application Firewall (BAF) is introduced as a conceptual framework that can be applied in cases where control over data access is needed, including private transactions between accounts. More specifically, the BAF is intended to complement a blockchain endpoint acting as an intermediary between users and blockchain services and data, monitoring and controlling incoming and outgoing traffic, according to an applied access policy. This work investigates BAF’s feasibility and effectiveness in enhancing the capabilities of Ethereum-based blockchains in the described scenarios. A proof-of-concept was implemented with Besu to assess its feasibility, providing evidence that BAF can act as an additional layer of control over data stored, helping to solve key limitations in practical implementations and allowing exploration of new use cases that could not be addressed so far.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"95 ","pages":"Article 104038"},"PeriodicalIF":4.1,"publicationDate":"2025-06-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144502422","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Human-centered interface design for a dynamic cyber-risk group-based training game 基于动态网络风险群体的培训游戏人机界面设计

IF 4.1 2区计算机科学

Computer Standards & Interfaces Pub Date : 2025-06-21 DOI: 10.1016/j.csi.2025.104030

Tony Delvecchio , Sander Zeijlemaker , Giancarlo De Bernardis , Michael Siegel

引用次数: 0

Certificateless searchable encryption with cryptographic reverse firewalls for IIoT 无证书可搜索加密与加密反向防火墙用于工业物联网

IF 4.1 2区计算机科学

Computer Standards & Interfaces Pub Date : 2025-06-19 DOI: 10.1016/j.csi.2025.104034

Mazin Taha , Ting Zhong , Rashad Elhabob , Hu Xiong , Mohammed Amoon , Saru Kumari

{"title":"Certificateless searchable encryption with cryptographic reverse firewalls for IIoT","authors":"Mazin Taha , Ting Zhong , Rashad Elhabob , Hu Xiong , Mohammed Amoon , Saru Kumari","doi":"10.1016/j.csi.2025.104034","DOIUrl":"10.1016/j.csi.2025.104034","url":null,"abstract":"<div><div>Integrating the Industrial Internet of Things (IIoT) and cloud computing is increasingly prevalent in modern business. However, to safeguard data privacy in the cloud server (CS), sensitive information must be encrypted prior to uploading to a CS. The real challenge is searching encrypted data without compromising speed or security. Public Key Encryption with Keyword Search (PEKS) schemes enable the search of ciphertexts without exposing sensitive information. This article introduces a novel Certificateless Searchable Encryption with Cryptographic Reverse Firewalls (CL-SE-CRF). Meanwhile, the proposed scheme addresses the PEKS limitations by removing the requirement for conventional certificate management and addressing concerns related to key escrow. In addition, the security analysis demonstrates that the CL-SE-CRF scheme can prevent and resist keyword guessing attacks (KGA), algorithm substitution attacks (ASA), and chosen keyword attacks (CKA). Furthermore, experimental results demonstrate that the CL-SE-CRF significantly reduces communication and computation costs in the IIoT compared to similar protocols. Therefore, the proposed scheme is helpful for IIoT applications.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"95 ","pages":"Article 104034"},"PeriodicalIF":4.1,"publicationDate":"2025-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144522219","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Breaking barriers in healthcare: A secure identity framework for seamless access 打破医疗保健中的障碍：实现无缝访问的安全身份框架

IF 4.1 2区计算机科学

Computer Standards & Interfaces Pub Date : 2025-06-19 DOI: 10.1016/j.csi.2025.104020

Antonio López Martínez , Montassar Naghmouchi , Maryline Laurent , Joaquín García Alfaro , Manuel Gil Pérez , Antonio Ruiz Martínez

{"title":"Breaking barriers in healthcare: A secure identity framework for seamless access","authors":"Antonio López Martínez , Montassar Naghmouchi , Maryline Laurent , Joaquín García Alfaro , Manuel Gil Pérez , Antonio Ruiz Martínez","doi":"10.1016/j.csi.2025.104020","DOIUrl":"10.1016/j.csi.2025.104020","url":null,"abstract":"<div><div>The digitization of healthcare data has heightened concerns about security, privacy, and interoperability. Traditional centralized systems are vulnerable to cyberattacks and data breaches, risking the exposure of sensitive patient information and decreasing trust in digital healthcare services. In addition, healthcare stakeholders use various standards and formats, creating challenges for data sharing and seamless communication. To address these points, this article identifies all the healthcare stakeholders and translates each useful element of a patient’s electronic health record (EHR) into Fast Healthcare Interoperability Resources (FHIR), to propose a complete role-based access control model that specifies which FHIR resources an actor is allowed to access. To validate this role model, three new use cases are defined, in which the various stakeholders interact and access the FHIR resources. Moreover, specific smart contracts are detailed to implement the role model in an automated way and provide a robust access control mechanism within healthcare organizations. The feasibility of the proposed access control mechanism is demonstrated through proof-of-concept and test performance measurements. Finally, the solution is validated as a realistic solution adapted to the scale of a country based on health statistics.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"95 ","pages":"Article 104020"},"PeriodicalIF":4.1,"publicationDate":"2025-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144470925","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Blockchain-aided secure and fair multi-view data outsourcing computation scheme 区块链辅助安全公平的多视图数据外包计算方案

IF 4.1 2区计算机科学

Computer Standards & Interfaces Pub Date : 2025-06-18 DOI: 10.1016/j.csi.2025.104029

Xinrong Sun , Fanyu Kong , Yunting Tao , Pengyu Cui , Guoyan Zhang , Chunpeng Ge , Baodong Qin

{"title":"Blockchain-aided secure and fair multi-view data outsourcing computation scheme","authors":"Xinrong Sun , Fanyu Kong , Yunting Tao , Pengyu Cui , Guoyan Zhang , Chunpeng Ge , Baodong Qin","doi":"10.1016/j.csi.2025.104029","DOIUrl":"10.1016/j.csi.2025.104029","url":null,"abstract":"<div><div>With the widespread deployment of smart sensors, multi-view data has been widely used. Accordingly, multi-view processing algorithms are increasingly researched, among which the cluster-weighted kernel k-means method is an effective approach to dig up information of different views. However, large-scale multi-view data make it difficult to conduct processing algorithms. Therefore, outsourcing complex computations to servers based on privacy-preserving techniques is an effective solution that enables efficient multi-view data analysis. In previous secure outsourcing schemes, the efficiency of the outsourcing process and the fairness of outsourcing transactions are still challenging issues that have not been addressed. In this paper, we propose a blockchain-aided secure and fair multi-view data outsourcing computation scheme. We present an efficient matrix encryption method utilizing a novel secret key matrix to complete cluster-weighted kernel k-means algorithm securely. Different from previous works, we first apply the sparse symmetric orthogonal matrix to encrypt and decrypt sensitive data matrices, which avoids inverse or transposed secret key matrix computation and enhances the efficiency of the outsourcing process. Additionally, we introduce smart contracts to achieve fair outsourcing transactions aided by blockchain. We verify the returned result with the assistance of verifiers based on encrypted data, which improves the efficiency and security of outsourcing transactions. The experimental results indicate that our scheme is 4.72% to 8.52% superior to the state-of-the-art matrix outsourcing computation schemes and achieves 55.79% to 91.95% efficiency improvement compared to the original multi-view data processing method.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"95 ","pages":"Article 104029"},"PeriodicalIF":4.1,"publicationDate":"2025-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144470974","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Fuzzy Password Authentication Key Exchange protocol in universal composable framework for blockchain privacy protection b区块链隐私保护通用可组合框架中的模糊密码认证密钥交换协议

IF 4.1 2区计算机科学

Computer Standards & Interfaces Pub Date : 2025-06-16 DOI: 10.1016/j.csi.2025.104032

Qihong Chen, Changgen Peng, Dequan Xu

引用次数: 0

Can a conventional email phishing nudge help fight SMiShing attacks? 传统的电子邮件网络钓鱼能帮助打击钓鱼攻击吗？

IF 4.1 2区计算机科学

Computer Standards & Interfaces Pub Date : 2025-06-03 DOI: 10.1016/j.csi.2025.104031

Morgan E. Edwards , Jing Chen , Jeremiah D. Still

{"title":"Can a conventional email phishing nudge help fight SMiShing attacks?","authors":"Morgan E. Edwards , Jing Chen , Jeremiah D. Still","doi":"10.1016/j.csi.2025.104031","DOIUrl":"10.1016/j.csi.2025.104031","url":null,"abstract":"<div><div>Phishing attacks, a common cybersecurity threat, aim to deceive end-users into revealing sensitive information. While Human Factors researchers have extensively examined phishing in the email vector, the emergence of phishing in the SMS vector, known as SMiShing, has presented a new challenge. This study breaks new ground by investigating whether a conventional behavioral nudge intervention designed to combat email phishing can be effectively applied to SMiShing. A reflective nudge was implemented, providing participants with a message to encourage appropriate behavior. They were then tasked to sort email and text messages based on legitimacy. We manipulated the presence of nudge (present or absent) and the platform (email or text). Participants’ performance was measured using Signal Detection Theory, and they were asked to provide confidence ratings for each legitimacy decision. Our key findings revealed that the conventional nudge improved performance for email decisions, although it decreased user confidence. For text messages, the nudge hindered participants’ discrimination ability and did not significantly influence response bias performance or confidence ratings. Unfortunately, the effectiveness of the nudge did not simply transfer to text messages. We reflect on how to redesign the conventional nudge to increase its effectiveness against SMiShing.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"95 ","pages":"Article 104031"},"PeriodicalIF":4.1,"publicationDate":"2025-06-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144255459","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Software defect prediction using graph sample and aggregate-attention network optimized with nomadic people optimizer for enhancing the software reliability 利用图样本进行软件缺陷预测，利用游民优化器优化集中注意力网络，提高软件可靠性

IF 4.1 2区计算机科学

Computer Standards & Interfaces Pub Date : 2025-06-03 DOI: 10.1016/j.csi.2025.104033

P. Dhavakumar , S. Vengadeswaran

{"title":"Software defect prediction using graph sample and aggregate-attention network optimized with nomadic people optimizer for enhancing the software reliability","authors":"P. Dhavakumar , S. Vengadeswaran","doi":"10.1016/j.csi.2025.104033","DOIUrl":"10.1016/j.csi.2025.104033","url":null,"abstract":"<div><div>The major objective of Software Defect Prediction (SDP) is to detect code location where errors are likely to occur to focus testing efforts on more suspect areas. Therefore, a high-quality software is developed that takes lesser time without effort. The dataset used for SDP usually contains more non-defective examples than defective examples. SDP is an important activity in software engineering that detect potential defects in software systems before they occur. For that, this paper proposes a Software Defect Prediction using Graph Sample and Aggregate-Attention Network optimized with Nomadic people Optimizer for enhancing the Software Reliability (graphSAGE-NPO-SDP). Here, the data are taken from Promise Repository dataset and given to the pre-processing. The pre-processing is done by normalization techniques of Min-Max Scaling. After preprocessing, the features are selected under Univariate Ensemble Feature Selection technique (UEFST). The classification process is performed by graphSAGE. The classification results are classified as defect class and non-defective class. The performance metrics, like Accuracy, Execution time, F-measure, Precision, Root Mean Square Error, Sensitivity, and Specificity is examined. The proposed graphSAGE-NPO-SDP method attains higher accuracy 32.45 %, 36.48 % and 28.34 % when compared to the existing models: Complexity-based over sampling technique in SDP (COT-ACI-SDP), Classification Method for SDP utilizing multiple filter feature selection approach (MLP-SDP), Boosted WOA-SDP and hybrid model depending on deep neural network based for SDP under Software Metrics (DNN-GA-SDP) respectively.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"95 ","pages":"Article 104033"},"PeriodicalIF":4.1,"publicationDate":"2025-06-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144262586","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0