{"title":"GUIDE: GAN-based UAV IDS Enhancement","authors":"Jeong Do Yoo, Haerin Kim, Huy Kang Kim","doi":"10.1016/j.cose.2024.104073","DOIUrl":"10.1016/j.cose.2024.104073","url":null,"abstract":"<div><p>With the development of information technology, many devices are connected and automated by networks. Unmanned Areal Vehicles (UAVs), commonly known as drones, are one of the most popular devices that can perform various tasks. However, the risk of cyberattacks on UAVs is increasing as UAV utilization grows. These cyberattacks can cause serious safety problems, such as crashes. Therefore, it is essential to detect these attacks and take countermeasures. As a countermeasure, intrusion detection system (IDS) is widely adopted. To implement IDS for UAVs, it should be lightweight and be able to detect unknown attacks as a requirement. We propose GAN-based UAV IDS Enhancement (GUIDE) to meet the requirements. The GUIDE employs a generative adversarial network (GAN) for integer-valued sequence data augmentation to enhance an IDS’s performance on known and unknown attacks. We used five GANs: SeqGAN, MaskGAN, RankGAN, StepGAN, and LeakGAN; we used four non-learning augmentation methods for the comparative experiment: oversampling, undersampling, noise addition, and random generation. The experimental results demonstrated that the synthetic data generated by GANs improved the detection of known attacks (up to 37 percentage points) and unknown attacks (up to 30 percentage points) while maintaining stable IDS performance. We also analyzed the synthetic data by employing Jensen–Shannon divergence, synthetic ranking agreement, and visualization; we confirmed that the synthetic data contained the characteristics of real data and could be used for training the IDS.</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":null,"pages":null},"PeriodicalIF":4.8,"publicationDate":"2024-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142095793","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Shuang Wang , Muhammad Asif , Muhammad Farrukh Shahzad , Muhammad Ashfaq
{"title":"Data privacy and cybersecurity challenges in the digital transformation of the banking sector","authors":"Shuang Wang , Muhammad Asif , Muhammad Farrukh Shahzad , Muhammad Ashfaq","doi":"10.1016/j.cose.2024.104051","DOIUrl":"10.1016/j.cose.2024.104051","url":null,"abstract":"<div><p>In the digital transformation of the banking sector, incorporating advanced technologies such as cloud computing, big data analytics, artificial intelligence, and blockchain has revolutionized financial services. However, this rapid digitalization brings significant data privacy and cybersecurity challenges. This study investigates the challenges banks have maintaining data privacy and cybersecurity while implementing new technologies, how they perceive these challenges, and what steps they take to reduce the risks involved. This qualitative study uses thematic analysis to examine interviews conducted with IT specialists in the banking sector. NVivo 14 software is employed to identify key themes and patterns related to the challenges, perceptions, and strategies regarding data privacy and cybersecurity in technology adoption. The findings reveal that the primary challenges faced by banks include integrating legacy systems, evolving compliance management, managing vendor risks, maintaining customer confidence, and mitigating emerging risks. Banks perceive robust data privacy and cybersecurity as critical for competitive advantage, regulatory compliance, and customer trust. Strategies include robust access controls, continuous threat monitoring, employee training, regulatory compliance with governance frameworks, and data encryption. This study provides original insights into the specific challenges and strategies related to data privacy and cybersecurity faced by banks. It contributes to the existing literature by highlighting the unique context of the banking sector and employing qualitative analysis to uncover nuanced perceptions and practices of IT specialists.</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":null,"pages":null},"PeriodicalIF":4.8,"publicationDate":"2024-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142095795","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Feature selection for IoT botnet detection using equilibrium and Battle Royale Optimization","authors":"Qanita Bani Baker, Alaa Samarneh","doi":"10.1016/j.cose.2024.104060","DOIUrl":"10.1016/j.cose.2024.104060","url":null,"abstract":"<div><p>The Internet of Things (IoT) is rapidly expanding, bringing unprecedented opportunities and significant security risks. Among the most appealing attacks on IoT are botnets, typically utilized for Distributed Denial of Service (DDoS) attacks, identity theft, malware distribution, fraud, and spamming. Early detection and mitigation are crucial considering the nature of IoT devices and botnets. Many of these methods deploy machine learning, such as supervised, unsupervised, and deep learning. As IoT devices generate a massive amount of data of high dimensions, not all data contain valuable information. Feeding data without preprocessing might degrade the quality of the detection model. Thus, optimization methods are needed to determine the subsets of the most relevant features to the detection process. This study utilized the effectiveness of Equilibrium Optimization (EO), Battle Royale Optimization (BRO), and Adaptive Equilibrium Optimization (AEO) for feature selection in detecting IoT botnets using the N-BaIoT dataset. The performance of the selected features is evaluated using three classifiers: K Nearest Neighbor (KNN), Random Forest (RF), and Gaussian Naive Bayes (GNB) considering metrics such as number of features, accuracy, sensitivity, specificity, True Positive Rate (TPR), False Positive Rate (FPR), and time required for feature selection. Our findings indicate the competitive performance of EO and AEO in terms of runtime, number of features selected, and accuracy, compared to recent works on the same dataset.</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":null,"pages":null},"PeriodicalIF":4.8,"publicationDate":"2024-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142095796","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Haodong Sun, Zhi Yang, Xingyuan Chen, Hang Xu, Zhanhui Yuan
{"title":"Hardware information flow tracking based on lightweight path awareness","authors":"Haodong Sun, Zhi Yang, Xingyuan Chen, Hang Xu, Zhanhui Yuan","doi":"10.1016/j.cose.2024.104072","DOIUrl":"10.1016/j.cose.2024.104072","url":null,"abstract":"<div><p>Vulnerabilities and Trojans in hardware design may cause sensitive data to be leaked and tampered. Information flow tracking technology can effectively verify the confidentiality and integrity of hardware design. Currently, this technology mainly analyzes the reachability of information flow and lacks fine-grained analysis of information flow paths. It is difficult to find structural defects in information flow paths and malicious sensitive information processes in hardware design. To solve above problem, we propose Path-aware Dynamic Information Flow Tracking (PDIFT) technology, which performs taint tracking and path tracking while sensitive information is propagated. It analyzes the propagation of sensitive information in hardware design with fine-grained taint label propagation logic and inserts path label propagation logic only on basic blocks divided by branch nodes, which greatly simplifies the path tracing overhead compared to the full node sequence tracing on the path. Experiments have shown that compared to CellIFT, PDIFT has a 12.1% increase in static analysis time and a 0.1% increase in dynamic validation time. The average instrumentation area cost of each basic block has increased by 16.4 <span><math><msup><mrow><mi>um</mi></mrow><mrow><mn>2</mn></mrow></msup></math></span>. In terms of detection capability, PDIFT makes up for the limitation of false negatives in traditional taint tracking technology through joint analysis of path labels and taint labels, then detect problems such as insufficient iterations of encryption components and malicious processing of important assets, thereby improving the accuracy of hardware security verification.</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":null,"pages":null},"PeriodicalIF":4.8,"publicationDate":"2024-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S0167404824003778/pdfft?md5=b98f852225af08d31a041ec15070650b&pid=1-s2.0-S0167404824003778-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142095792","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"A cosine similarity-based labeling technique for vulnerability type detection using source codes","authors":"M. Maruf Öztürk","doi":"10.1016/j.cose.2024.104059","DOIUrl":"10.1016/j.cose.2024.104059","url":null,"abstract":"<div><p>Vulnerability detection is of great importance in providing reliability to software systems. Although existing methods achieve remarkable success in vulnerability detection, they have several disadvantages as follows: (1) The irrelevant information is removed from source codes, which have a high noise ratio, thereby utilizing deep learning methods and devising experiments featuring high accuracy. However, deep learning-based detection methods necessitate large-scale datasets. This results in computational hardship with respect to vulnerability detection in small-scale software systems. (2) The majority of the studies perform feature selection by processing vulnerability commits. Despite tremendous endeavors, there are few works detecting vulnerability with source codes. To solve these two problems, in this study, a novel labeling and vulnerability detection algorithm is proposed. The algorithm first exploits source codes with the help of a keyword vulnerability matrix. After that, an ultimate encoded matrix is generated by word2vec, thereby combining the labeling vector with the source code matrix to reveal a trainable dataset for a generalized linear model (GLM). Different from preceding studies, our method performs vulnerability detection without requiring vulnerability commits but using source codes. In addition to this, similar studies generally aim to bring sophisticated solutions for just one type of programming language. Conversely, our study develops vulnerability keywords for three programming languages including C#, Java, and C++, and creates the related labeling vectors by regarding the keyword matrix. The proposed method outperformed the baseline approaches for most of the experimental datasets with over 90% of the area under the curve (AUC). Further, there is a 7.7% margin between our method and the alternatives on average for Recall, Precision, and F1-score with respect to five types of vulnerabilities.</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":null,"pages":null},"PeriodicalIF":4.8,"publicationDate":"2024-08-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142012387","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"What do we need to know about the Chief Information Security Officer? A literature review and research agenda","authors":"Zeynep Sahin, Anthony Vance","doi":"10.1016/j.cose.2024.104063","DOIUrl":"10.1016/j.cose.2024.104063","url":null,"abstract":"<div><p>Since its establishment in the 1990s, the role of chief information security officer (CISO) has become critical to organizations in managing cybersecurity risks. However, despite widespread recognition of the importance of this role in industry, research about CISOs and the problems they face in protecting organizations is nascent. We review the academic and practitioner literature on CISOs to identify existing themes and highlight a range of challenges related to CISOs in which further research is needed, such as establishing legitimacy within C-suite executive teams, appropriate accountability for cybersecurity incidents, CISO turnover, and promoting security in the face of human factors, business realities, and budget constraints. We also propose a research agenda to address these challenges using potential theoretical lenses. In these ways, this study lays the groundwork for future research on CISOs and their essential role in ensuring the cybersecurity of organizations.</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":null,"pages":null},"PeriodicalIF":4.8,"publicationDate":"2024-08-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142240715","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Jiyun Yang , Hanwei Li , Lijun He , Tao Xiang , Yujie Jin
{"title":"MDADroid: A novel malware detection method by constructing functionality-API mapping","authors":"Jiyun Yang , Hanwei Li , Lijun He , Tao Xiang , Yujie Jin","doi":"10.1016/j.cose.2024.104061","DOIUrl":"10.1016/j.cose.2024.104061","url":null,"abstract":"<div><p>As the Android ecosystem develops, malware also evolves to adapt to the changes. Consequently, malware remains a significant threat, posing a challenge in developing a low-resource consumption malware detection method that can adjust to updates in the Android API versions. We propose a novel method called MDADroid, which detects malware based on self-built Functionality-API mapping. We start by building a set of permission-related APIs using open-source knowledge. Then, we construct a Functionality-App-API heterogeneous graph based on collected data and establish a Functionality-API mapping from it. Finally, MDADroid transforms app features from the API level to the functionality level for malware detection, ensuring model resilience to API changes. We also design an API similarity calculation method that updates the Functionality-API mapping at a low cost. We evaluate MDADroid on multiple datasets, and the results show that MDADroid achieves an accuracy of 95.22%, 96.23%, 98.77%, and 99.56% on the AndroZoo, CICAndMal 2017, CICMalDroid 2020, and Drebin datasets, respectively, with training and testing times of 2 s, 0.6188 s, 1.34 s, and 1.02 s. Moreover, our method demonstrates excellent performance in the tests for resilience capabilities.</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":null,"pages":null},"PeriodicalIF":4.8,"publicationDate":"2024-08-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142041109","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Zimin Mao , Shuiyan Chen , Zhuang Miao , Heng Li , Beihao Xia , Junzhe Cai , Wei Yuan , Xinge You
{"title":"Enhancing robustness of person detection: A universal defense filter against adversarial patch attacks","authors":"Zimin Mao , Shuiyan Chen , Zhuang Miao , Heng Li , Beihao Xia , Junzhe Cai , Wei Yuan , Xinge You","doi":"10.1016/j.cose.2024.104066","DOIUrl":"10.1016/j.cose.2024.104066","url":null,"abstract":"<div><p>Person detection is one of the most popular object detection applications, and has been widely used in safety-critical systems such as autonomous driving. However, recent studies have revealed that person detectors are vulnerable to physically adversarial patch attacks and may suffer detection failure. Data-side defense is an effective approach to address this issue, owing to its low computational cost and ease of deployment. However, existing data-side defenses have limited effectiveness in resisting adaptive patch attacks. To overcome this challenge, we propose a new data-side defense, called Universal Defense Filter (UDFilter). UDFilter covers the input images with an equal-size defense filter to weaken the negative impact of adversarial patches. The defense filter is generated using a self-adaptive learning algorithm that facilitates iterative competition between adversarial patch and defense filter, thus bolstering UDFilter’s ability to defense adaptive attacks. Furthermore, to maintain the clean performance, we propose a plug-and-play Joint Detection Strategy (JDS) during the model testing phase. Extensive experiments have shown that UDFilter can significantly enhance robustness of person detection against adversarial patch attacks. Moreover, UDFilter does not result in a discernible reduction in the model’s clean performance.</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":null,"pages":null},"PeriodicalIF":4.8,"publicationDate":"2024-08-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142044864","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Cue-based two factor authentication","authors":"Zhenhua Yang , Jun Kong","doi":"10.1016/j.cose.2024.104068","DOIUrl":"10.1016/j.cose.2024.104068","url":null,"abstract":"<div><p>With the increasing usage of cameras, the threat from video attacks has greatly increased in recent years in addition to shoulder surfing. Many organizations have implemented two-factor authentication to enhance security. However, attackers can still steal users' usernames and passwords from two-factor authentication through video attack or shoulder surfing and applied the credential stuffing attack, as most people use the same passwords on different applications. Cue-based authentication provides high protection against shoulder surfing attacks, but it remains vulnerable to video attacks. To mitigate the threats of video attacks, we propose cue-based two-factor authentication (i.e., Cue-2FA), which is distinct from other methods by separating cue display from response input (refer to Chapter 1). We conducted two user studies to compare the usability and security between Cue-2FA and a standard Time-based-One-Time-Password two-factor authentication (i.e., TOTP-2FA). The evaluate results revealed Cue-2FA provides both higher usability and stronger resistance to the shoulder surfing attack. However, when both the cue and response are recorded, Cue-2FA is not more resistant to the video attack than TOTP-2FA. To address this issue, we introduced misleading operations to Cue-2FA when inputting a response, which significantly improves the resistance to the video attack.</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":null,"pages":null},"PeriodicalIF":4.8,"publicationDate":"2024-08-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142041110","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Karl van der Schyff , Suzanne Prior , Karen Renaud
{"title":"Privacy policy analysis: A scoping review and research agenda","authors":"Karl van der Schyff , Suzanne Prior , Karen Renaud","doi":"10.1016/j.cose.2024.104065","DOIUrl":"10.1016/j.cose.2024.104065","url":null,"abstract":"<div><p>Online users often neglect the importance of privacy policies - a critical aspect of digital privacy and data protection. This scoping review addresses this oversight by delving into privacy policy analysis, aiming to establish a comprehensive research agenda. The study's objective was to explore the analytic techniques employed in privacy policy analysis and to identify the associated challenges. Following the Preferred Reporting Items for Systematic Reviews and Meta-Analyses for Scoping Reviews (PRISMA-ScR) checklist, the review selected <em>n</em> = 97 relevant studies. The findings reveal a diverse array of techniques used, encompassing automated machine learning and natural language processing, and manual content analysis. Notably, researchers grapple with challenges like linguistic nuances, ambiguity, and complex data harvesting methods. Additionally, the lack of privacy-centric theoretical frameworks and a dearth of user evaluations in many studies limit their real-world applicability. The review concludes by proposing a set of research recommendations to shape the future research agenda in privacy policy analysis.</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":null,"pages":null},"PeriodicalIF":4.8,"publicationDate":"2024-08-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S0167404824003705/pdfft?md5=a290078faebc4e7b637ed8bb81618455&pid=1-s2.0-S0167404824003705-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142041111","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}