Computers & Security最新文献

筛选
英文 中文
Privacy-preserving WiFi sensing in WSNs via CSI obfuscation 通过CSI混淆在wsn中保护隐私的WiFi传感
IF 4.8 2区 计算机科学
Computers & Security Pub Date : 2025-07-18 DOI: 10.1016/j.cose.2025.104594
Zhiming Chu , Guyue Li , Qingchun Meng , Haobo Li , Yuwei Zeng
{"title":"Privacy-preserving WiFi sensing in WSNs via CSI obfuscation","authors":"Zhiming Chu ,&nbsp;Guyue Li ,&nbsp;Qingchun Meng ,&nbsp;Haobo Li ,&nbsp;Yuwei Zeng","doi":"10.1016/j.cose.2025.104594","DOIUrl":"10.1016/j.cose.2025.104594","url":null,"abstract":"<div><div>WiFi’s inherent openness introduces significant privacy risks from unauthorized sensing, driving considerable research efforts to mitigate these threats. However, the latest spatial obfuscation schemes like repeater-based signal forwarding and beamforming control ones have limitations in recovering legitimate sensing and maintaining communication performance respectively. To address these challenges, this paper presents a privacy-preserving WiFi sensing framework, which supports shielding unauthorized sensing while allowing normal communication and legitimate sensing. It uses a dynamic channel obfuscation technique at the transmitter side, which filters the whole frame including the Long Training Sequence (LTS) to perturb Channel State Information (CSI) while ensuring receiver equalization decoding for communication performance. Moreover, a deep network-based de-obfuscation approach is employed to support legitimate sensing. This approach models the nonlinear relationship between obfuscation response and tap coefficients to accurately predict the original CSI, addressing issues like deviations due to hardware defects and phase unavailability due to transceiver separation. The proposed framework has been rigorously tested in real-world scenarios, whose effectiveness is evaluated through indoor localization experiments conducted on the Software Defined Radio (SDR) platform. The results indicate that the framework can diminish eavesdroppers’ sensing performance to below 50%, while maintaining legitimate sensing performance above 90%. This work advances dual-functional WiFi systems by establishing the hardware-compatible architecture that fundamentally resolves the privacy-utility conflict through three key innovations: (1) formalized CSI obfuscation with provable communication preservation, (2) physics-informed nonlinear deobfuscation network architecture, and (3) comprehensive validation from PHY-layer security to application-layer functionality based on hardware implementation.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"157 ","pages":"Article 104594"},"PeriodicalIF":4.8,"publicationDate":"2025-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144672403","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Cyber risk communication during vessel incident management: A case study 船舶事故管理中的网络风险沟通:案例研究
IF 4.8 2区 计算机科学
Computers & Security Pub Date : 2025-07-18 DOI: 10.1016/j.cose.2025.104607
Allan Nganga , Joel Scanlan , Margareta Lützhöft , Steven Mallam
{"title":"Cyber risk communication during vessel incident management: A case study","authors":"Allan Nganga ,&nbsp;Joel Scanlan ,&nbsp;Margareta Lützhöft ,&nbsp;Steven Mallam","doi":"10.1016/j.cose.2025.104607","DOIUrl":"10.1016/j.cose.2025.104607","url":null,"abstract":"<div><div>The maritime cyber risk management guidelines developed by the International Maritime Organisation (IMO) highlight communication as a key aspect of the risk management process. This research sought to build upon previous studies highlighting incident communication as a critical part of the ship-to-SOC cyber incident management process. This research adopted a single case study-mixed methods design (CS-MM) featuring a primary case study that includes a nested mixed methods approach. The site for the case study was an M-SOC. The first phase of the case study involved interviews with 5 M-SOC personnel. For the second phase, an exploratory sequential design was applied. The quantitative data collection involved a survey with 10 vessel Information Technology (IT) and Operational Technology (OT) professionals, with 3 follow-up interviews conducted for the qualitative data collection stage. Our findings highlighted how a cyber incident dashboard and alert report complement each other in creating a shared recognised cyber picture (sRCP) between all the vessel incident management stakeholders. The sRCP, therefore, becomes the actionable element of the communication. The case study also sheds light on practical design considerations for enhancing the cyber situation awareness (CSA) of vessel cyber incident dashboards. Specifically, survey results revealed that highlighting the cyber risk of non-response to a security warning was the highest-ranked contextual information. Additionally, detection of potentially suspicious activity emerged as the risk finding that vessel IT teams highlighted as having the highest notification priority. Finally, the top alert grouping approaches were by warning type and by priority.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"157 ","pages":"Article 104607"},"PeriodicalIF":4.8,"publicationDate":"2025-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144696675","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
IFIP SEC 2023 and 2024 selected papers IFIP SEC 2023和2024入选论文
IF 5.4 2区 计算机科学
Computers & Security Pub Date : 2025-07-17 DOI: 10.1016/j.cose.2025.104596
Nikolaos Pitropakis
{"title":"IFIP SEC 2023 and 2024 selected papers","authors":"Nikolaos Pitropakis","doi":"10.1016/j.cose.2025.104596","DOIUrl":"10.1016/j.cose.2025.104596","url":null,"abstract":"","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"157 ","pages":"Article 104596"},"PeriodicalIF":5.4,"publicationDate":"2025-07-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144878322","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
ProvGOutLiner: A lightweight anomaly detection method based on process behavior features within provenance graphs ProvGOutLiner:基于源图中的过程行为特征的轻量级异常检测方法
IF 4.8 2区 计算机科学
Computers & Security Pub Date : 2025-07-16 DOI: 10.1016/j.cose.2025.104589
Weiping Wang , Chenyu Wang , Hong Song , Kai Chen , Shigeng Zhang
{"title":"ProvGOutLiner: A lightweight anomaly detection method based on process behavior features within provenance graphs","authors":"Weiping Wang ,&nbsp;Chenyu Wang ,&nbsp;Hong Song ,&nbsp;Kai Chen ,&nbsp;Shigeng Zhang","doi":"10.1016/j.cose.2025.104589","DOIUrl":"10.1016/j.cose.2025.104589","url":null,"abstract":"<div><div>The Provenance Graph is an effective tool for host-based intrusion detection. It uses directed graph to represent interactions between system entities and is widely used to capture and analyze system activities. Provenance graph-based anomaly detection methods aim to identify potential security threats in host environments. Compared to traditional intrusion detection techniques, provenance graph-based methods are more effective at detecting stealthy attacks. However, existing learning-based methods often rely on large amounts of labeled data. These methods have high computational costs and lack interpretability. This makes it difficult to clearly identify specific attack behaviors. To address these issues, we propose ProvGOutLiner: A lightweight and unsupervised anomaly detection method for provenance graphs. This method is based on process behavior characteristics. We analyze common attack behaviors in detail and find that the outgoing edge types and counts from processes in the provenance graph exhibit distinctive behavior patterns. Based on this observation, we introduce a Process Behavior Tree. This tree generates feature vectors for process behaviors by statistically analyzing the types and counts of outgoing edges from its nodes. We then apply a clustering algorithm to detect anomalous behaviors in an unsupervised manner. The construction of the Process Behavior Tree and feature extraction do not require complex models, which enables lightweight detection. We evaluate our method on the DARPA public dataset. The results show that ProvGOutLiner significantly reduces computational overhead while accurately identifying malicious process activities. ProvGOutLiner achieves a recall rate of 99%, a precision rate of 96%, and our method significantly reduces computation time.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"157 ","pages":"Article 104589"},"PeriodicalIF":4.8,"publicationDate":"2025-07-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144672402","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Exploring cyber security threats and security models in cross-border paperless maritime trade system 探讨跨境无纸化海上贸易体系中的网络安全威胁与安全模式
IF 4.8 2区 计算机科学
Computers & Security Pub Date : 2025-07-16 DOI: 10.1016/j.cose.2025.104604
Gizem Kayisoglu , Emre Duzenli , Pelin Bolat , Aleksei Bondarenko
{"title":"Exploring cyber security threats and security models in cross-border paperless maritime trade system","authors":"Gizem Kayisoglu ,&nbsp;Emre Duzenli ,&nbsp;Pelin Bolat ,&nbsp;Aleksei Bondarenko","doi":"10.1016/j.cose.2025.104604","DOIUrl":"10.1016/j.cose.2025.104604","url":null,"abstract":"<div><div>Cross-border paperless trade is the digital exchange of trade-related information and documents between countries, eliminating the need for physical paper, thereby streamlining and speeding up international trade processes. Adopting paperless systems in cross-border trade offers numerous benefits, including increased efficiency, cost savings, and faster processing times for private companies or public bodies, including governments, suppliers, logistics providers, customs, regulatory agencies, sellers and buyers. However, this transition also introduces a range of cybersecurity challenges. This paper investigates the cyber security threats and security models pertinent to paperless cross-border trade systems. In this study, the types of cyber threats and current security measures are explored, and an enhanced cyber security model for paperless cross-border maritime trade systems is proposed based on ISO/IEC 27,001 Information Security Management System and NIST SP 800–53 Security and Privacy Controls for Information Systems and Organizations to mitigate potential cyber risks. It is concluded that to adopt effective cybersecurity strategies, identifying assets in cross-border paperless trade systems is required. Assets encompass data, infrastructure, applications, and personnel in these systems. For the robust cyber security model in the cross-border paperless trade systems, traditional security measures, such as firewalls, encryption, or multi-factor authentication, are required to be integrated with emerging security technologies, such as zero trust architecture, artificial intelligence, or blockchain technologies and security framework including layered security approach, real-time threat detection and response, secure data exchange protocols, policy development, stakeholder collaboration and training and awareness programs.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"157 ","pages":"Article 104604"},"PeriodicalIF":4.8,"publicationDate":"2025-07-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144662180","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
NDIF: A distributed framework for efficient in-network neural network inference NDIF:一种高效的网络内神经网络推理的分布式框架
IF 4.8 2区 计算机科学
Computers & Security Pub Date : 2025-07-15 DOI: 10.1016/j.cose.2025.104593
Shengrui Lin , Shaowei Xu , Binjie He , Hongyan Liu , Dezhang Kong , Xiang Chen , Dong Zhang , Chunming Wu , Ming Li , Xuan Liu , Yuqin Wu , Muhammad Khurram Khan
{"title":"NDIF: A distributed framework for efficient in-network neural network inference","authors":"Shengrui Lin ,&nbsp;Shaowei Xu ,&nbsp;Binjie He ,&nbsp;Hongyan Liu ,&nbsp;Dezhang Kong ,&nbsp;Xiang Chen ,&nbsp;Dong Zhang ,&nbsp;Chunming Wu ,&nbsp;Ming Li ,&nbsp;Xuan Liu ,&nbsp;Yuqin Wu ,&nbsp;Muhammad Khurram Khan","doi":"10.1016/j.cose.2025.104593","DOIUrl":"10.1016/j.cose.2025.104593","url":null,"abstract":"<div><div>In-network machine learning is a promising technology that offloads machine learning models onto programmable data planes to enable intelligent decision-making by programmable devices. Such advancement empowers security applications (e.g., intrusion detection) to adapt to dynamic network changes in real time and make rational decisions. Existing research deploys neural network models in a distributed way on programmable data planes, with the aim of performing real-time inference using network-wide compute resources. However, existing research primarily focuses on model implementations, with little attention paid to the negative impact on the efficiency and robustness of in-network applications introduced by the inference process. We propose NDIF, a framework for performing in-network neural network inference in a distributed manner. NDIF enables in-network inference on arbitrary programmable devices, with each device autonomously managing its inference workload based on available resources. Moreover, new inference schemes can be easily deployed by writing entries into programmable devices to adapt to network changes. These benefits improve the efficiency and stability of the in-network inference process, thereby enhancing the efficiency and robustness of in-network applications built based on neural network models. The experiments on the use cases of anomaly detection and packet classification demonstrate that NDIF outperforms previous inference frameworks across various quality of service (QoS) metrics while maintaining a reasonable cost.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"157 ","pages":"Article 104593"},"PeriodicalIF":4.8,"publicationDate":"2025-07-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144696651","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
VeracOS: An operating system extension for the veracity of files VeracOS:用于文件准确性的操作系统扩展
IF 4.8 2区 计算机科学
Computers & Security Pub Date : 2025-07-12 DOI: 10.1016/j.cose.2025.104565
Naser AlDuaij
{"title":"VeracOS: An operating system extension for the veracity of files","authors":"Naser AlDuaij","doi":"10.1016/j.cose.2025.104565","DOIUrl":"10.1016/j.cose.2025.104565","url":null,"abstract":"<div><div>As generative artificial intelligence has improved, there is a growing trend of generating false media for spreading misinformation, driving propaganda, and theft through enhanced social engineering. This creates a global concern, leading to a heavy demand for verification and fact-checking of information. Existing solutions aim at educating users or using artificial intelligence to fact-check and detect false documents or media. While these methods provide a measure for combating misinformation, many of these existing methods are inaccurate. Methods such as deepfake detection for videos are an uphill battle as deepfake generation keeps improving and newer methods are created to subvert deepfake detection techniques. VeracOS is introduced and presented as an operating system modification that is easily deployed, can certify files that are created, and ensures that any user can automatically check the authenticity of files across any existing application or platform. VeracOS invents a unique algorithm for certifying and verifying files. VeracOS aims to revolutionize the war against misinformation and exploitation of fake content by introducing several key features: VeracOS allows users or corporations to easily and automatically certify their media. Unlike existing solutions, VeracOS avoids intensive computations, specialized hardware, and private data sharing. VeracOS also allows any user to automatically be notified if the file they are viewing is verified to be authentic. VeracOS does not require the modification of existing applications nor does it require the sharing of private information such as what files or media are being viewed by a user. These key features provide a highly portable and easily deployed system for users of any operating system, including Internet of Things devices and mobile operating systems. Using media files such as images and videos as exemplary file types and using Android as an exemplary operating system, a VeracOS prototype was implemented to allow any user to automatically certify or verify their media files. The results show that VeracOS is easy to use and can be easily run on smartphones without the need for specialized systems, applications, or hardware.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"157 ","pages":"Article 104565"},"PeriodicalIF":4.8,"publicationDate":"2025-07-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144623503","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Ransomware dynamics: Mitigating personal data exfiltration through the SCIRAS lens 勒索软件动态:通过SCIRAS镜头减轻个人数据泄露
IF 4.8 2区 计算机科学
Computers & Security Pub Date : 2025-07-11 DOI: 10.1016/j.cose.2025.104583
David Cevallos-Salas, José Estrada-Jiménez, Danny S. Guamán, Luis Urquiza-Aguiar
{"title":"Ransomware dynamics: Mitigating personal data exfiltration through the SCIRAS lens","authors":"David Cevallos-Salas,&nbsp;José Estrada-Jiménez,&nbsp;Danny S. Guamán,&nbsp;Luis Urquiza-Aguiar","doi":"10.1016/j.cose.2025.104583","DOIUrl":"10.1016/j.cose.2025.104583","url":null,"abstract":"<div><div>Ransomware’s capability to exfiltrate personal data is one of the most significant threats to privacy today. Its growing complexity and resistance to static analysis have driven research efforts to implement security controls on endpoints using dynamic analysis. However, the <em>critical security threshold</em> that these endpoint controls must overcome to effectively mitigate personal data exfiltration and stop ransomware propagation once an infection has begun in communication networks remains unclear. This paper addresses this issue by analyzing the <em>Susceptible–Carriers–Infected–Recovered–Attacked–Susceptible</em> (SCIRAS) epidemiological model in the context of a critical ransomware attack, with limited network and administrative security, that defines the critical scenario to be overcome. Unlike previous studies, this research first estimates a <em>critical execution rate</em> by studying the behavior of LockBit, Ryuk, and TeslaCrypt ransomware families and simulating CL0P MOVEit and Conti attacks in a controlled environment. To reflect more realistic conditions, we introduce a <em>critical dynamic infection rate</em> based on the <em>critical execution rate</em>, several attack vectors of modern ransomware, and the effect of limited network security. Using this baseline, a proposed triple extortion SCIRAS model is simulated and analyzed under its estimated parameters’ critical values to solve for each ransomware family the optimization problem of finding the <em>critical security threshold</em> required for endpoint controls to reach the <em>Kermack and McKendrick’s non-epidemic status</em> with the minimum feasible basic reproduction number. Our results demonstrate that a <em>critical security threshold</em> of at least 0.961 might contain modern ransomware exceeding the thresholds reported in previous simulations of SCIRAS and other models. Furthermore, we introduce a novel deep-learning-based framework called RansomSentinel, validated on the RanSAP120GB, RanSAP250GB, and RanSMAP datasets, which outperforms traditional machine learning classifiers and surpasses the estimated <em>critical security threshold</em> of each analyzed ransomware family.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"157 ","pages":"Article 104583"},"PeriodicalIF":4.8,"publicationDate":"2025-07-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144655704","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
MIRDETECTOR: Applying malicious intent representation for enhanced APT anomaly detection MIRDETECTOR:应用恶意意图表示来增强APT异常检测
IF 4.8 2区 计算机科学
Computers & Security Pub Date : 2025-07-11 DOI: 10.1016/j.cose.2025.104588
Hongmei Li , Tiantian Zhu , Jie Ying , Tieming Chen , Mingqi Lv , Jian-Ping Mei , Zhengqiu Weng , Lili Shi
{"title":"MIRDETECTOR: Applying malicious intent representation for enhanced APT anomaly detection","authors":"Hongmei Li ,&nbsp;Tiantian Zhu ,&nbsp;Jie Ying ,&nbsp;Tieming Chen ,&nbsp;Mingqi Lv ,&nbsp;Jian-Ping Mei ,&nbsp;Zhengqiu Weng ,&nbsp;Lili Shi","doi":"10.1016/j.cose.2025.104588","DOIUrl":"10.1016/j.cose.2025.104588","url":null,"abstract":"<div><div>Advanced Persistent Threats (APTs) infiltrate target systems covertly, exhibiting behavior that is difficult to detect using conventional detection methods. Posing significant risks to enterprise security. Data provenance technology is widely used in attack detection to counter these threats. Among the different types of Provenance-based Intrusion Detection Systems (PIDSes), anomaly-based PIDSes are gaining increasing attention due to their ability to counter zero-day vulnerabilities without relying on attack knowledge. The detection mechanism of anomaly-based PIDSes is based on modeling the system’s normal behavior patterns (structural/attribute features) to detect deviations in behavior. However, existing anomaly-based PIDSes are prone to a significant number of false positives due to benign data fluctuations, limiting their effectiveness against complex APT attacks. To address this, we propose MIRDETECTOR, a novel anomaly detection system for APT attacks. The core idea of MIRDETECTOR is that a node is considered malicious not only due to changes in its structural/attribute features but also because it exhibits a certain inclination toward malicious intent. Building on this idea, MIRDETECTOR models nodes from three dimensions: structural features, attribute features, and malicious intent representation. By employing lightweight models for training and detection, it effectively reduces the false positives and achieves efficient real-time detection. We have thoroughly evaluated MIRDETECTOR on several public datasets and compared it with state-of-the-art anomaly detection systems. The results demonstrate that MIRDETECTOR achieves excellent detection accuracy and recall. Compared to the baseline detection system, MIRDETECTOR has increased the node-level detection accuracy by up to 99% and the recall rate by up to 68%. This significantly mitigates the high false positives in traditional PIDSes that rely solely on structural/attribute features. MIRDetector demonstrates remarkable accuracy and efficiency in identifying complex threats. Its deployment will effectively mitigate the risks posed by APTs.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"157 ","pages":"Article 104588"},"PeriodicalIF":4.8,"publicationDate":"2025-07-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144605476","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
CSFuzzer: A grey-box fuzzer for network protocol using context-aware state feedback CSFuzzer:一个灰盒模糊器,用于使用上下文感知状态反馈的网络协议
IF 4.8 2区 计算机科学
Computers & Security Pub Date : 2025-07-10 DOI: 10.1016/j.cose.2025.104581
Xiangpu Song , Yingpei Zeng , Jianliang Wu , Hao Li , Chaoshun Zuo , Qingchuan Zhao , Shanqing Guo
{"title":"CSFuzzer: A grey-box fuzzer for network protocol using context-aware state feedback","authors":"Xiangpu Song ,&nbsp;Yingpei Zeng ,&nbsp;Jianliang Wu ,&nbsp;Hao Li ,&nbsp;Chaoshun Zuo ,&nbsp;Qingchuan Zhao ,&nbsp;Shanqing Guo","doi":"10.1016/j.cose.2025.104581","DOIUrl":"10.1016/j.cose.2025.104581","url":null,"abstract":"<div><div>Code coverage-guided fuzzers have achieved great success in discovering vulnerabilities, but since code coverage does not adequately describe protocol states, they are not effective enough for protocol fuzzing. Although there has been some work introducing state feedback to guide state exploration in protocol fuzzing, they ignore the complexity of protocol state space, e.g., state variables have different categories and are diverse in data type and number, facing the challenges of inaccurate state variable identification and low fuzzing efficiency.</div><div>In this paper, we propose a novel context-aware state-guided fuzzing approach, CSFuzzer, to address the above challenges. CSFuzzer first divides the state variables into two categories, i.e., protocol-state variables and sub-state variables based on the context of the states, and automatically identifies and distinguishes these two categories of state variables from code. Then, CSFuzzer uses a new state coverage metric named <em>context-aware state transition coverage</em> to more efficiently guide fuzzing. We have implemented a prototype of CSFuzzer and evaluated it on 12 open-source protocol programs. Our experiments show that CSFuzzer outperforms the existing state-of-the-art fuzzers in terms of code and state coverage as well as fuzzing efficiency. CSFuzzer successfully discovered 10 zero-day vulnerabilities, which have been confirmed by the stakeholders and assigned 9 CVEs/CNVDs.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"157 ","pages":"Article 104581"},"PeriodicalIF":4.8,"publicationDate":"2025-07-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144605472","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信