Computers & Security最新文献_第10页

Neurosymbolic learning and domain knowledge-driven explainable AI for enhanced IoT network attack detection and response

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-01-13 DOI: 10.1016/j.cose.2025.104318

Chathuranga Sampath Kalutharage , Xiaodong Liu , Christos Chrysoulas

{"title":"Neurosymbolic learning and domain knowledge-driven explainable AI for enhanced IoT network attack detection and response","authors":"Chathuranga Sampath Kalutharage , Xiaodong Liu , Christos Chrysoulas","doi":"10.1016/j.cose.2025.104318","DOIUrl":"10.1016/j.cose.2025.104318","url":null,"abstract":"<div><div>In the dynamic landscape of network security, where cyberattacks continuously evolve, robust and adaptive detection mechanisms are essential, particularly for safeguarding Internet of Things (IoT) networks. This paper introduces an advanced anomaly detection model that utilizes Artificial Intelligence (AI) to identify network anomalies based on traffic features, explaining the most influential factors behind each detected anomaly. The model integrates domain knowledge stored in a knowledge graph to verify whether the detected anomaly constitutes a legitimate attack. Upon validation, the model identifies which core cybersecurity principles—Confidentiality, Integrity, or Availability (CIA)—are violated by mapping influential feature values. This is followed by an alignment with the MITRE ATT&CK framework to provide insights into potential attack tactics, techniques, and intelligence-driven countermeasures.</div><div>By leveraging explainable AI (XAI) and incorporating expert domain knowledge, our approach bridges the gap between complex AI predictions and human-understandable decision-making, thereby enhancing both detection accuracy and result interpretability. This transparency facilitates faster responses and real-time decision-making while improving adaptability to new, unseen cyber threats. Our evaluation on network traffic datasets demonstrates that the model not only excels in detecting and explaining anomalies but also achieves an overall detection accuracy of 0.97 with the integration of domain knowledge for attack legitimacy. Furthermore, it provides 100% accuracy for threat intelligence based on the MITRE ATT&CK framework, ensuring that security measures are verifiable, actionable, and ultimately strengthen IoT environment defenses by delivering real-time threat intelligence and responses, thus minimizing human response time.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"151 ","pages":"Article 104318"},"PeriodicalIF":4.8,"publicationDate":"2025-01-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143148939","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Dynamic privacy loss management: The innovation of α-confidence differential privacy filters and odometers

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-01-13 DOI: 10.1016/j.cose.2025.104338

Zhongyuan Qin , Kefei Lu , Qunfang Zhang , Dinglian Wang , Liquan Chen

引用次数: 0

Erasure code backup system for data security

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-01-11 DOI: 10.1016/j.cose.2025.104314

Rong-Teng Lee, Shan-Hsiang Shen

{"title":"Erasure code backup system for data security","authors":"Rong-Teng Lee, Shan-Hsiang Shen","doi":"10.1016/j.cose.2025.104314","DOIUrl":"10.1016/j.cose.2025.104314","url":null,"abstract":"<div><div>With the development of distributed storage, it is critical to determine how to place the copies of data in different locations with the consideration of network performance and data security. The Named Data Networking (NDN) proposes a solution to cache data everywhere along the routing path toward data consumers, so we do not need to manually place the data copies. However, its multi-copy cache strategy wastes storage space and does not consider remote backup to defense physical hazards. It tends to place backup copies closer to each others, so some copies does not have chance to be accessed and physical hazards can destroy all copies in close geographic location. To address the issue, this paper proposes a Advanced Remote Backup Data System (ARBDS ), which brings erasure coding technology and remote backup concept to distributed storage. The erasure coding can achieve the same reliability at a smaller storage cost with less data redundancy, while remote backup concept protects data from physical hazards. With the consideration on reliability and transmission performance, we design an algorithm named erasure code backup algorithm (ECBA) to find the backup nodes with the 57% shorter average length of routing paths to the consumer compared to existing solutions, provide the 92% higher available bandwidth and keep backup copies far from each other to prevent physical hazards.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"151 ","pages":"Article 104314"},"PeriodicalIF":4.8,"publicationDate":"2025-01-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143148934","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

SCASS: Breaking into SCADA Systems Security

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-01-11 DOI: 10.1016/j.cose.2025.104315

Nicola d’Ambrosio, Giulio Capodagli, Gaetano Perrone, Simon Pietro Romano

{"title":"SCASS: Breaking into SCADA Systems Security","authors":"Nicola d’Ambrosio, Giulio Capodagli, Gaetano Perrone, Simon Pietro Romano","doi":"10.1016/j.cose.2025.104315","DOIUrl":"10.1016/j.cose.2025.104315","url":null,"abstract":"<div><div>Industrial Controls Systems (ICS) represent a relevant target for attackers. In order to prevent such critical security threats, ICS security assessment activities should be conducted. Conventional vulnerability assessment and penetration testing within ICSs are not practicable due to safety risks and cost constraints. To overcome these challenges, security researchers have developed cybersecurity testbeds. However, these testbeds commonly rely on closed components, cannot be extended, and are very expensive. This research investigates how a modular, open-source framework can enhance the development of robust cybersecurity testbeds and facilitate the implementation of digital twins for securing Industrial Control Systems. We present SCASS, a fully customizable testbed designed to replicate complex SCADA and ICS environments with high fidelity. SCASS addresses the need for accessible, scalable platforms by supporting both physical and virtual components while enabling the evaluation of heterogeneous attack scenarios and security methodologies. By combining advanced attack scenarios with an objective comparative analysis against existing testbeds, SCASS demonstrates its ability to fill critical gaps in the ICS security landscape, fostering collaboration and advancing security assessment methodologies.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"151 ","pages":"Article 104315"},"PeriodicalIF":4.8,"publicationDate":"2025-01-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143149517","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

CRO-PUF: Resilience to machine learning and differential power attacks

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-01-11 DOI: 10.1016/j.cose.2025.104313

Arafat Miah, Fakir Sharif Hossain

{"title":"CRO-PUF: Resilience to machine learning and differential power attacks","authors":"Arafat Miah, Fakir Sharif Hossain","doi":"10.1016/j.cose.2025.104313","DOIUrl":"10.1016/j.cose.2025.104313","url":null,"abstract":"<div><div>Internet-connected electrical appliances in the Internet of Things (IoT) exchange vital data daily. IoT devices use cryptographic techniques with secret keys to encrypt and decrypt data, ensuring data integrity and preventing unauthorized access. The security of these keys is crucial. Physically Unclonable Functions (PUFs) provide unique and unclonable keys, but many PUFs struggle with key randomness and are vulnerable to attacks like Machine Learning-related Modeling (MLMo) and Differential Power Analysis (DPA) attacks. This work introduces a Crossover Ring Oscillator (CRO) PUF for robust cryptographic key generation. The proposed CRO offers the optimal key selection technique to choose the most resilient keys, demonstrating significant resistance against MLMo and DPA attacks. We evaluate CRO PUF’s keys’ resistance against MLMo attacks using six widely used classifier techniques: Decision Tree (DT), Random Forest (RF), Support Vector Machine (SVM), Naive Bayes (NB), K-Nearest Neighbors (KNN), and Logistic Regression (LR). The results indicate that the optimal-selected keys can withstand MLMo attacks, achieving extreme resilience, and also show robustness against DPA attacks. The hardware overhead of the CRO PUF is lower than that of other lightweight PUFs, while maintaining resilience against both MLMo and DPA attacks, highlighting its efficiency and lightweight nature.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"151 ","pages":"Article 104313"},"PeriodicalIF":4.8,"publicationDate":"2025-01-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143148938","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Comparative analysis of EU-based cybersecurity skills frameworks

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-01-11 DOI: 10.1016/j.cose.2025.104329

Fernando Almeida

{"title":"Comparative analysis of EU-based cybersecurity skills frameworks","authors":"Fernando Almeida","doi":"10.1016/j.cose.2025.104329","DOIUrl":"10.1016/j.cose.2025.104329","url":null,"abstract":"<div><div>Research on cybersecurity security skills is highly relevant in today's digital era, where cybersecurity threats are growing in complexity and frequency. This study aims to evaluate and contrast multiple EU-based cybersecurity skills frameworks to highlight areas of convergence, divergence, and potential gaps, offering valuable insights for improving the cohesion and applicability of these frameworks. It was applied a qualitative content analysis approach combined with a comparative analysis technique. This approach is used to identify the main cybersecurity skills emphasized across EU-based cybersecurity frameworks, exploring how they differ in terms of structure, scope, and focus areas, and discovering the main strengths and limitations of these frameworks. The findings support the creation of more inclusive and adaptive frameworks that address underrepresented areas, such as the needs of small and medium-sized enterprises (SMEs) and emerging domains like AI security. Overall, this study serves as a foundational resource for enhancing cybersecurity resilience, promoting skills standardization, and advancing the EU's leadership in global cybersecurity preparedness.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"151 ","pages":"Article 104329"},"PeriodicalIF":4.8,"publicationDate":"2025-01-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143148944","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Sublinear smart semantic search based on knowledge graph over encrypted database

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-01-10 DOI: 10.1016/j.cose.2025.104319

Jiaxin Li, Haipeng Peng, Lixiang Li

{"title":"Sublinear smart semantic search based on knowledge graph over encrypted database","authors":"Jiaxin Li, Haipeng Peng, Lixiang Li","doi":"10.1016/j.cose.2025.104319","DOIUrl":"10.1016/j.cose.2025.104319","url":null,"abstract":"<div><div>In light of the growing significance of data privacy in cloud computing, searchable encryption has emerged as a prominent area of research in recent years. Given that the majority of achievements are only concentrated on keyword-based search, there is a clear need to explore secure semantic extension to enhance the utilization of information. Nevertheless, majority of secure semantic schemes mainly focus on the direct combination of traditional searchable encryption and semantic extension techniques, which results in the high computation and communication overheads for multi-keyword queries. Besides, to enhance the flexibility and extensibility of secure semantic search, some researchers have already proposed encryption methods for structured data. However, the effectiveness and practicality of these methods above are often limited by their rigid structure description and redundant index building. To handle these problems, we present a secure sublinear semantic search scheme based on the knowledge graph, which can achieve sublinear knowledge graph (KG) search and smart sentence queries concurrently. The knowledge graph encryption index is constructed with the same structure as the inverted index, thereby enabling sublinear efficiency. Furthermore, the system also offers functions for both node and edge semantic extension in the knowledge graph. We demonstrate that our proposed scheme is adaptively secure and present a series of experiments to analyze its performance. The experimental results show that our scheme exhibits significant advantages in all computation, communication and expression situations.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"151 ","pages":"Article 104319"},"PeriodicalIF":4.8,"publicationDate":"2025-01-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143149564","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

IDPFilter: Mitigating interdependent privacy issues in third-party apps

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-01-10 DOI: 10.1016/j.cose.2025.104321

Shuaishuai Liu , Gergely Biczók

{"title":"IDPFilter: Mitigating interdependent privacy issues in third-party apps","authors":"Shuaishuai Liu , Gergely Biczók","doi":"10.1016/j.cose.2025.104321","DOIUrl":"10.1016/j.cose.2025.104321","url":null,"abstract":"<div><div>Third-party applications have become an essential part of today’s online ecosystem, enhancing the functionality of popular platforms. However, the intensive data exchange underlying their proliferation has raised concerns about interdependent privacy (IDP). This paper investigates the IDP issues of third-party apps that were previously not studied comprehensively. Specifically, first, we analyze the permission structure of multiple app platforms, identifying permissions that have the potential to cause interdependent privacy issues by enabling a user to share someone else’s personal data with an app. Second, we collect datasets and characterize the extent to which existing apps request these permissions, revealing the relationship between characteristics such as the respective app platform, the app’s type, and the number of interdependent privacy-related permissions it requests. Third, we analyze why IDP is neglected by both data protection regulations and app platforms and then devise the principles that should be followed when designing a mitigation solution. Finally, based on these principles and satisfying clearly defined objectives, we propose IDPFilter, a platform-agnostic API that enables application providers to minimize collateral information collection by filtering out data collected from their users, but implicating others as data subjects. We implement a proof-of-concept prototype, IDPTextFilter, that implements the filtering logic on textual data, and provide its initial performance evaluation concerning privacy, accuracy, and efficiency.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"151 ","pages":"Article 104321"},"PeriodicalIF":4.8,"publicationDate":"2025-01-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143148942","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Mitigating security stress: Exploring the contingent role of collaborative communication in enhancing information security compliance

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-01-10 DOI: 10.1016/j.cose.2025.104326

Inho Hwang , Ribin Seo

{"title":"Mitigating security stress: Exploring the contingent role of collaborative communication in enhancing information security compliance","authors":"Inho Hwang , Ribin Seo","doi":"10.1016/j.cose.2025.104326","DOIUrl":"10.1016/j.cose.2025.104326","url":null,"abstract":"<div><div>The increasing complexity of organizational information security (IS) policies underscores the critical need to address employee stress and its impact on compliance intentions. While prior research has primarily focused on technological advancements and regulatory enforcement, limited attention has been given to the psychological burden these measures place on employees and the role of organizational strategies in mitigating such challenges. This study bridges this gap by examining how IS role stress and strain, induced by stringent security policies, negatively influence compliance intentions and explores the moderating effects of collaborative communication as a potential solution. Drawing on the Person-Environment Fit model, the study conceptualizes IS role stress through dimensions of conflict and ambiguity and IS role strain through anxiety and fatigue. These constructs were empirically tested using structural equation modeling with survey data from 421 employees in organizations with established IS policies. Results reveal that IS role stress significantly increases strain and reduces compliance intentions, while collaborative communication moderates the strain's adverse effects on compliance. The findings emphasize the detrimental impact of poorly integrated security policies, which create stress and strain, ultimately undermining organizational security goals. However, fostering open, rational, and reciprocal communication mitigates these challenges, promoting a supportive environment for compliance. The findings offer actionable strategies for organizations, such as simplifying policy communication, aligning security tasks with work goals, and cultivating collaborative organizational institutions to balance employees’ vocational well-being with robust human-centric security frameworks.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"151 ","pages":"Article 104326"},"PeriodicalIF":4.8,"publicationDate":"2025-01-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143148936","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Using approximate matching and machine learning to uncover malicious activity in logs

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-01-09 DOI: 10.1016/j.cose.2025.104312

Rory Flynn, Oluwafemi Olukoya

{"title":"Using approximate matching and machine learning to uncover malicious activity in logs","authors":"Rory Flynn, Oluwafemi Olukoya","doi":"10.1016/j.cose.2025.104312","DOIUrl":"10.1016/j.cose.2025.104312","url":null,"abstract":"<div><div>The rapid expansion of digital services has led to an unprecedented surge in digital data production. Logs play a critical role in this vast volume of data as digital records capture notable events within systems or processes. Large-scale systems generate an overwhelming number of logs, making manual examination by analysts infeasible during critical events or attacks. While hashes, whether cryptographic or fuzzy, are widely used in digital forensics because they serve as the foundation for software integrity and validation, authentication and identification, similarity analysis, and fragment detection, this study investigates and extends the use of approximate matching (AM) algorithms in semi-structured data, such as logs. Existing AM algorithms such as <em>ssdeep</em>, <em>sdhash</em>, <em>TLSH</em>, and <em>LZJD</em> struggle particularly with semi-structured data due to the size of the input data being comparatively small, with syntactical and structural information comprising a significant amount of the data. We present a novel approximate matching algorithm for application across a range of semi-structured data types, which requires no knowledge of the underlying data structure. The algorithm produces digests that serve as input to a machine learning classifier, classifying the behaviour of the underlying logs the hashes represent. Experimental results on a benchmark dataset of IoT network traffic show that the proposed framework can correctly discern malicious logs from benign records with a 95% accuracy, with an F1 score of 0.98. The behaviour of the records deemed malicious was then correctly identified with a 99% accuracy when evaluated using a test data set, producing an average F1 score of 0.99. Additionally, we demonstrate that this approach provides a faster and lightweight framework to perform classification with high accuracy on a list of logs, producing those indicative of an attack for review.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"151 ","pages":"Article 104312"},"PeriodicalIF":4.8,"publicationDate":"2025-01-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143148940","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0