Computers & Security最新文献_第10页

SCASS: Breaking into SCADA Systems Security

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-01-11 DOI: 10.1016/j.cose.2025.104315

Nicola d’Ambrosio, Giulio Capodagli, Gaetano Perrone, Simon Pietro Romano

{"title":"SCASS: Breaking into SCADA Systems Security","authors":"Nicola d’Ambrosio, Giulio Capodagli, Gaetano Perrone, Simon Pietro Romano","doi":"10.1016/j.cose.2025.104315","DOIUrl":"10.1016/j.cose.2025.104315","url":null,"abstract":"<div><div>Industrial Controls Systems (ICS) represent a relevant target for attackers. In order to prevent such critical security threats, ICS security assessment activities should be conducted. Conventional vulnerability assessment and penetration testing within ICSs are not practicable due to safety risks and cost constraints. To overcome these challenges, security researchers have developed cybersecurity testbeds. However, these testbeds commonly rely on closed components, cannot be extended, and are very expensive. This research investigates how a modular, open-source framework can enhance the development of robust cybersecurity testbeds and facilitate the implementation of digital twins for securing Industrial Control Systems. We present SCASS, a fully customizable testbed designed to replicate complex SCADA and ICS environments with high fidelity. SCASS addresses the need for accessible, scalable platforms by supporting both physical and virtual components while enabling the evaluation of heterogeneous attack scenarios and security methodologies. By combining advanced attack scenarios with an objective comparative analysis against existing testbeds, SCASS demonstrates its ability to fill critical gaps in the ICS security landscape, fostering collaboration and advancing security assessment methodologies.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"151 ","pages":"Article 104315"},"PeriodicalIF":4.8,"publicationDate":"2025-01-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143149517","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

CRO-PUF: Resilience to machine learning and differential power attacks

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-01-11 DOI: 10.1016/j.cose.2025.104313

Arafat Miah, Fakir Sharif Hossain

{"title":"CRO-PUF: Resilience to machine learning and differential power attacks","authors":"Arafat Miah, Fakir Sharif Hossain","doi":"10.1016/j.cose.2025.104313","DOIUrl":"10.1016/j.cose.2025.104313","url":null,"abstract":"<div><div>Internet-connected electrical appliances in the Internet of Things (IoT) exchange vital data daily. IoT devices use cryptographic techniques with secret keys to encrypt and decrypt data, ensuring data integrity and preventing unauthorized access. The security of these keys is crucial. Physically Unclonable Functions (PUFs) provide unique and unclonable keys, but many PUFs struggle with key randomness and are vulnerable to attacks like Machine Learning-related Modeling (MLMo) and Differential Power Analysis (DPA) attacks. This work introduces a Crossover Ring Oscillator (CRO) PUF for robust cryptographic key generation. The proposed CRO offers the optimal key selection technique to choose the most resilient keys, demonstrating significant resistance against MLMo and DPA attacks. We evaluate CRO PUF’s keys’ resistance against MLMo attacks using six widely used classifier techniques: Decision Tree (DT), Random Forest (RF), Support Vector Machine (SVM), Naive Bayes (NB), K-Nearest Neighbors (KNN), and Logistic Regression (LR). The results indicate that the optimal-selected keys can withstand MLMo attacks, achieving extreme resilience, and also show robustness against DPA attacks. The hardware overhead of the CRO PUF is lower than that of other lightweight PUFs, while maintaining resilience against both MLMo and DPA attacks, highlighting its efficiency and lightweight nature.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"151 ","pages":"Article 104313"},"PeriodicalIF":4.8,"publicationDate":"2025-01-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143148938","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Comparative analysis of EU-based cybersecurity skills frameworks

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-01-11 DOI: 10.1016/j.cose.2025.104329

Fernando Almeida

{"title":"Comparative analysis of EU-based cybersecurity skills frameworks","authors":"Fernando Almeida","doi":"10.1016/j.cose.2025.104329","DOIUrl":"10.1016/j.cose.2025.104329","url":null,"abstract":"<div><div>Research on cybersecurity security skills is highly relevant in today's digital era, where cybersecurity threats are growing in complexity and frequency. This study aims to evaluate and contrast multiple EU-based cybersecurity skills frameworks to highlight areas of convergence, divergence, and potential gaps, offering valuable insights for improving the cohesion and applicability of these frameworks. It was applied a qualitative content analysis approach combined with a comparative analysis technique. This approach is used to identify the main cybersecurity skills emphasized across EU-based cybersecurity frameworks, exploring how they differ in terms of structure, scope, and focus areas, and discovering the main strengths and limitations of these frameworks. The findings support the creation of more inclusive and adaptive frameworks that address underrepresented areas, such as the needs of small and medium-sized enterprises (SMEs) and emerging domains like AI security. Overall, this study serves as a foundational resource for enhancing cybersecurity resilience, promoting skills standardization, and advancing the EU's leadership in global cybersecurity preparedness.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"151 ","pages":"Article 104329"},"PeriodicalIF":4.8,"publicationDate":"2025-01-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143148944","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Sublinear smart semantic search based on knowledge graph over encrypted database

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-01-10 DOI: 10.1016/j.cose.2025.104319

Jiaxin Li, Haipeng Peng, Lixiang Li

{"title":"Sublinear smart semantic search based on knowledge graph over encrypted database","authors":"Jiaxin Li, Haipeng Peng, Lixiang Li","doi":"10.1016/j.cose.2025.104319","DOIUrl":"10.1016/j.cose.2025.104319","url":null,"abstract":"<div><div>In light of the growing significance of data privacy in cloud computing, searchable encryption has emerged as a prominent area of research in recent years. Given that the majority of achievements are only concentrated on keyword-based search, there is a clear need to explore secure semantic extension to enhance the utilization of information. Nevertheless, majority of secure semantic schemes mainly focus on the direct combination of traditional searchable encryption and semantic extension techniques, which results in the high computation and communication overheads for multi-keyword queries. Besides, to enhance the flexibility and extensibility of secure semantic search, some researchers have already proposed encryption methods for structured data. However, the effectiveness and practicality of these methods above are often limited by their rigid structure description and redundant index building. To handle these problems, we present a secure sublinear semantic search scheme based on the knowledge graph, which can achieve sublinear knowledge graph (KG) search and smart sentence queries concurrently. The knowledge graph encryption index is constructed with the same structure as the inverted index, thereby enabling sublinear efficiency. Furthermore, the system also offers functions for both node and edge semantic extension in the knowledge graph. We demonstrate that our proposed scheme is adaptively secure and present a series of experiments to analyze its performance. The experimental results show that our scheme exhibits significant advantages in all computation, communication and expression situations.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"151 ","pages":"Article 104319"},"PeriodicalIF":4.8,"publicationDate":"2025-01-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143149564","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

IDPFilter: Mitigating interdependent privacy issues in third-party apps

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-01-10 DOI: 10.1016/j.cose.2025.104321

Shuaishuai Liu , Gergely Biczók

{"title":"IDPFilter: Mitigating interdependent privacy issues in third-party apps","authors":"Shuaishuai Liu , Gergely Biczók","doi":"10.1016/j.cose.2025.104321","DOIUrl":"10.1016/j.cose.2025.104321","url":null,"abstract":"<div><div>Third-party applications have become an essential part of today’s online ecosystem, enhancing the functionality of popular platforms. However, the intensive data exchange underlying their proliferation has raised concerns about interdependent privacy (IDP). This paper investigates the IDP issues of third-party apps that were previously not studied comprehensively. Specifically, first, we analyze the permission structure of multiple app platforms, identifying permissions that have the potential to cause interdependent privacy issues by enabling a user to share someone else’s personal data with an app. Second, we collect datasets and characterize the extent to which existing apps request these permissions, revealing the relationship between characteristics such as the respective app platform, the app’s type, and the number of interdependent privacy-related permissions it requests. Third, we analyze why IDP is neglected by both data protection regulations and app platforms and then devise the principles that should be followed when designing a mitigation solution. Finally, based on these principles and satisfying clearly defined objectives, we propose IDPFilter, a platform-agnostic API that enables application providers to minimize collateral information collection by filtering out data collected from their users, but implicating others as data subjects. We implement a proof-of-concept prototype, IDPTextFilter, that implements the filtering logic on textual data, and provide its initial performance evaluation concerning privacy, accuracy, and efficiency.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"151 ","pages":"Article 104321"},"PeriodicalIF":4.8,"publicationDate":"2025-01-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143148942","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Mitigating security stress: Exploring the contingent role of collaborative communication in enhancing information security compliance

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-01-10 DOI: 10.1016/j.cose.2025.104326

Inho Hwang , Ribin Seo

{"title":"Mitigating security stress: Exploring the contingent role of collaborative communication in enhancing information security compliance","authors":"Inho Hwang , Ribin Seo","doi":"10.1016/j.cose.2025.104326","DOIUrl":"10.1016/j.cose.2025.104326","url":null,"abstract":"<div><div>The increasing complexity of organizational information security (IS) policies underscores the critical need to address employee stress and its impact on compliance intentions. While prior research has primarily focused on technological advancements and regulatory enforcement, limited attention has been given to the psychological burden these measures place on employees and the role of organizational strategies in mitigating such challenges. This study bridges this gap by examining how IS role stress and strain, induced by stringent security policies, negatively influence compliance intentions and explores the moderating effects of collaborative communication as a potential solution. Drawing on the Person-Environment Fit model, the study conceptualizes IS role stress through dimensions of conflict and ambiguity and IS role strain through anxiety and fatigue. These constructs were empirically tested using structural equation modeling with survey data from 421 employees in organizations with established IS policies. Results reveal that IS role stress significantly increases strain and reduces compliance intentions, while collaborative communication moderates the strain's adverse effects on compliance. The findings emphasize the detrimental impact of poorly integrated security policies, which create stress and strain, ultimately undermining organizational security goals. However, fostering open, rational, and reciprocal communication mitigates these challenges, promoting a supportive environment for compliance. The findings offer actionable strategies for organizations, such as simplifying policy communication, aligning security tasks with work goals, and cultivating collaborative organizational institutions to balance employees’ vocational well-being with robust human-centric security frameworks.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"151 ","pages":"Article 104326"},"PeriodicalIF":4.8,"publicationDate":"2025-01-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143148936","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Using approximate matching and machine learning to uncover malicious activity in logs

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-01-09 DOI: 10.1016/j.cose.2025.104312

Rory Flynn, Oluwafemi Olukoya

{"title":"Using approximate matching and machine learning to uncover malicious activity in logs","authors":"Rory Flynn, Oluwafemi Olukoya","doi":"10.1016/j.cose.2025.104312","DOIUrl":"10.1016/j.cose.2025.104312","url":null,"abstract":"<div><div>The rapid expansion of digital services has led to an unprecedented surge in digital data production. Logs play a critical role in this vast volume of data as digital records capture notable events within systems or processes. Large-scale systems generate an overwhelming number of logs, making manual examination by analysts infeasible during critical events or attacks. While hashes, whether cryptographic or fuzzy, are widely used in digital forensics because they serve as the foundation for software integrity and validation, authentication and identification, similarity analysis, and fragment detection, this study investigates and extends the use of approximate matching (AM) algorithms in semi-structured data, such as logs. Existing AM algorithms such as <em>ssdeep</em>, <em>sdhash</em>, <em>TLSH</em>, and <em>LZJD</em> struggle particularly with semi-structured data due to the size of the input data being comparatively small, with syntactical and structural information comprising a significant amount of the data. We present a novel approximate matching algorithm for application across a range of semi-structured data types, which requires no knowledge of the underlying data structure. The algorithm produces digests that serve as input to a machine learning classifier, classifying the behaviour of the underlying logs the hashes represent. Experimental results on a benchmark dataset of IoT network traffic show that the proposed framework can correctly discern malicious logs from benign records with a 95% accuracy, with an F1 score of 0.98. The behaviour of the records deemed malicious was then correctly identified with a 99% accuracy when evaluated using a test data set, producing an average F1 score of 0.99. Additionally, we demonstrate that this approach provides a faster and lightweight framework to perform classification with high accuracy on a list of logs, producing those indicative of an attack for review.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"151 ","pages":"Article 104312"},"PeriodicalIF":4.8,"publicationDate":"2025-01-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143148940","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

An anomaly detection model for in-vehicle networks based on lightweight convolution with spectral residuals

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-01-09 DOI: 10.1016/j.cose.2024.104304

Feng Luo, Jiajia Wang, Zhihao Li, Cheng Luo

{"title":"An anomaly detection model for in-vehicle networks based on lightweight convolution with spectral residuals","authors":"Feng Luo, Jiajia Wang, Zhihao Li, Cheng Luo","doi":"10.1016/j.cose.2024.104304","DOIUrl":"10.1016/j.cose.2024.104304","url":null,"abstract":"<div><div>Driven by the demand for ubiquitous connectivity, the increasing interaction between in-vehicle and external devices makes it easier for attack vectors and vulnerabilities to penetrate vehicles. As a typical cyber–physical system, the communications among actuators and sensors are mostly completed through in-vehicle networks, which does not concern cybersecurity threats of its original design. To effectively prevent potential security risks, deploying an intrusion detection system is a feasible and practical solution to detect and identify abnormalities in network traffic. But for development, it must balance embedded device resources with model complexity. This study proposes an anomaly detection method based on spectral residuals and depth-separable convolutional neural networks for in-vehicle networks. Specifically, the spectral residual operation is used to remove redundancies in the signal input to highlight the abnormal points, while the lightweight convolutional block is designed to tackle the challenge of sophisticated decisions. First, we design an image builder to transform signal sequence data into matrix-like structures for easy change of the intrusion detection problem to an image classification problem. Then, we construct the lightweight convolutional network, optimized for vehicular signals, to achieve high detection performance without the unnecessary complexity of the MobileNet model architecture. Experimental results on two public datasets demonstrate that our algorithm successfully detects various attacks, while having no unacceptable resource consumption and compute pipeline congestion. More importantly, compared with other advanced anomaly detection models on an in-vehicle network dataset, the results illustrate its superiority in detecting unknown attacks.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"151 ","pages":"Article 104304"},"PeriodicalIF":4.8,"publicationDate":"2025-01-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143149520","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Multi-probability sampling-based detection of malicious switching nodes in SDN

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-01-08 DOI: 10.1016/j.cose.2025.104324

Jingxu Xiao , Chaowen Chang , Ping Wu , Lu Yuan

引用次数: 0

Multidimensional categorical data collection under shuffled differential privacy

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-01-08 DOI: 10.1016/j.cose.2024.104301

Ning Wang , Jian Zhuang , Zhigang Wang , Zhiqiang Wei , Yu Gu , Peng Tang , Ge Yu

{"title":"Multidimensional categorical data collection under shuffled differential privacy","authors":"Ning Wang , Jian Zhuang , Zhigang Wang , Zhiqiang Wei , Yu Gu , Peng Tang , Ge Yu","doi":"10.1016/j.cose.2024.104301","DOIUrl":"10.1016/j.cose.2024.104301","url":null,"abstract":"<div><div>Estimating frequency distributions in multidimensional categorical data is fundamental for many real-world applications, but such data often contains sensitive personal information, necessitating robust privacy protection. The emerging shuffled differential privacy (SDP) model provides a promising solution, yet existing methods are either limited to single-dimensional data or suffer from poor accuracy in multidimensional scenarios. To address these challenges, this paper introduces Multiple Hash Mechanism (MHM), which uses an innovative hash-based local perturbation technique for efficient dimensionality reduction to improve the result accuracy under the SDP framework. Additionally, we provide a detailed analysis of the shuffling benefits of MHM outputs, showing significant accuracy improvements. For cases requiring personalized privacy levels, we propose the Overlapping Group Mechanism, which further enhances the shuffling benefits and boosts overall accuracy. Experimental results on real-world datasets validate the effectiveness of proposed methods.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"151 ","pages":"Article 104301"},"PeriodicalIF":4.8,"publicationDate":"2025-01-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143149521","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0