Computers & Security最新文献

筛选
英文 中文
LaAeb: A comprehensive log-text analysis based approach for insider threat detection LaAeb:基于日志文本分析的内部威胁综合检测方法
IF 4.8 2区 计算机科学
Computers & Security Pub Date : 2024-09-19 DOI: 10.1016/j.cose.2024.104126
Kexiong Fei , Jiang Zhou , Yucan Zhou , Xiaoyan Gu , Haihui Fan , Bo Li , Weiping Wang , Yong Chen
{"title":"LaAeb: A comprehensive log-text analysis based approach for insider threat detection","authors":"Kexiong Fei ,&nbsp;Jiang Zhou ,&nbsp;Yucan Zhou ,&nbsp;Xiaoyan Gu ,&nbsp;Haihui Fan ,&nbsp;Bo Li ,&nbsp;Weiping Wang ,&nbsp;Yong Chen","doi":"10.1016/j.cose.2024.104126","DOIUrl":"10.1016/j.cose.2024.104126","url":null,"abstract":"<div><div>Insider threats have increasingly become a critical issue that modern enterprises and organizations faced. They are mainly initiated by insider attackers, which may cause disastrous impacts. Numerous research studies have been conducted for insider threat detection. However, most of them are limited due to a small number of malicious samples. Moreover, as existing methods often concentrate on feature information or statistical characteristics for anomaly detection, they still lack effective use of comprehensive textual content information contained in logs and thus will affect detection efficiency.</div><div>We propose <span>LaAeb</span>, a novel unsupervised insider threat detection framework that leverages rich linguistic information in log contents to enable conventional methods, such as an Isolation Forest-based anomaly detection, to better detect insider threats besides using various features and statistical information. To find malicious acts under different scenarios, we consider three patterns of insider threats, including <em>attention</em>, <em>emotion</em>, and <em>behavior anomaly</em>. The attention anomaly detection analyzes textual contents of operation objects (e.g., emails and web pages) in logs to detect threats, where the textual information reflects the areas that employees focus on. When the attention seriously deviates from daily work, an employee may involve malicious acts. The emotion anomaly detection analyzes all dialogs between every two employees’ daily communicated texts and uses the degree of negative to find potential psychological problems. The behavior anomaly detection analyzes the operations of logs to detect threats. It utilizes information acquired from attention and emotion anomalies as ancillary features, integrating them with features and statistics extracted from log operations to create log embeddings. With these log embeddings, <span>LaAeb</span> employs anomaly detection algorithm like Isolation Forest to analyze an employee’s malicious operations, and further detects the employee’s behavior anomaly by considering all employees’ acts in the same department. Finally, <span>LaAeb</span> consolidates detection results of three patterns indicative of insider threats in a comprehensive manner.</div><div>We implement the prototype of <span>LaAeb</span> and test it on CERT and LANL datasets. Our evaluations demonstrate that compared with state-of-the-art unsupervised methods, <span>LaAeb</span> reduces FPR by 50% to reach 0.05 on CERT dataset under the same AUC <span><math><mrow><mo>(</mo><mn>0</mn><mo>.</mo><mn>93</mn><mo>)</mo></mrow></math></span>, and gets the best AUC <span><math><mrow><mo>(</mo><mn>0</mn><mo>.</mo><mn>97</mn><mo>)</mo></mrow></math></span> with 0.06 higher value on LANL dataset.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"148 ","pages":"Article 104126"},"PeriodicalIF":4.8,"publicationDate":"2024-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142311603","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Detecting interest flooding attacks in NDN: A probability-based event-driven approach 检测 NDN 中的兴趣泛洪攻击:基于概率的事件驱动方法
IF 4.8 2区 计算机科学
Computers & Security Pub Date : 2024-09-19 DOI: 10.1016/j.cose.2024.104124
Matta Krishna Kumari, Nikhil Tripathi
{"title":"Detecting interest flooding attacks in NDN: A probability-based event-driven approach","authors":"Matta Krishna Kumari,&nbsp;Nikhil Tripathi","doi":"10.1016/j.cose.2024.104124","DOIUrl":"10.1016/j.cose.2024.104124","url":null,"abstract":"<div><div>The foundational concepts of the Internet were developed in the 1960s and 1970s with the goal of interconnecting hosts using the TCP/IP architecture. While this architecture has significantly impacted communication and commerce, it struggles to accommodate the Internet’s vast user base and diverse applications. Named Data Network (NDN), a next-generation Internet architecture is designed to overcome the current TCP/IP based Internet architecture’s limitations. NDN’s basic operations make it resilient against several traditional DoS/DDoS attacks. However, NDN remains vulnerable to Interest Flooding Attack (IFA), a class of DoS attacks that can exhaust the routers’ as well as the producers’ resources to disrupt network functionality. To detect these attacks, researchers came up with a few approaches. However, existing detection techniques focus on specific IFA variants but struggle to detect other variants. To address this challenge, in this paper, we propose a statistical abnormality detection scheme to identify all variants of IFA. Additionally, we generate a comprehensive NDN traffic dataset through our experiments and use it to evaluate the performance of the detection scheme. The experimental results show that our scheme can detect all variants of IFA with high accuracy. Towards the end, we also present a sensitivity analysis study that shows the impact of varying a few parameters on the detection performance of the proposed scheme.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"148 ","pages":"Article 104124"},"PeriodicalIF":4.8,"publicationDate":"2024-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142319655","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
RAF-AG: Report analysis framework for attack path generation RAF-AG:用于生成攻击路径的报告分析框架
IF 4.8 2区 计算机科学
Computers & Security Pub Date : 2024-09-19 DOI: 10.1016/j.cose.2024.104125
Khang Mai , Jongmin Lee , Razvan Beuran , Ryosuke Hotchi , Sian En Ooi , Takayuki Kuroda , Yasuo Tan
{"title":"RAF-AG: Report analysis framework for attack path generation","authors":"Khang Mai ,&nbsp;Jongmin Lee ,&nbsp;Razvan Beuran ,&nbsp;Ryosuke Hotchi ,&nbsp;Sian En Ooi ,&nbsp;Takayuki Kuroda ,&nbsp;Yasuo Tan","doi":"10.1016/j.cose.2024.104125","DOIUrl":"10.1016/j.cose.2024.104125","url":null,"abstract":"<div><div>Information sharing is a key practice in cybersecurity for coping with the ever-changing cyberattacks that are targeting computer systems. Thus, when cyber incidents happen, cyber threat intelligence (CTI) reports are prepared and shared among cybersecurity practitioners to help them get up-to-date information about those incidents. However, reading and analyzing the report text to comprehend the included information is a cumbersome process. Although techniques based on deep learning were proposed to speed up report analysis in order to obtain the enclosed essential information, such as attack path, training data insufficiency makes these methods inefficient in practical circumstances.</div><div>This paper presents RAF-AG, a report analysis framework for attack path generation. To analyze CTI reports, RAF-AG utilizes the sentence dependency tree for entity and relation extraction, and a weak supervision approach for entity labeling. This is followed by graph building and graph alignment for generating the attack paths. Our approach resolves the data insufficiency problem in the cybersecurity domain by lowering the need for expert involvement. We evaluated RAF-AG by comparing the generated attack paths with those produced by AttacKG, a state-of-the-art automatic report analysis framework. RAF-AG was able to identify cyberattack steps by matching their appearance order inside the report, and link them with techniques from the MITRE ATT&amp;CK knowledge base with an improved F1 score compared to AttacKG (0.708 versus 0.393).</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"148 ","pages":"Article 104125"},"PeriodicalIF":4.8,"publicationDate":"2024-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S0167404824004309/pdfft?md5=26c50ae3a8d396148c6a891e5ef0b300&pid=1-s2.0-S0167404824004309-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142315500","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
TEE-MR: Developer-friendly data oblivious programming for trusted execution environments TEE-MR:面向可信执行环境的开发人员友好型数据遗忘编程
IF 4.8 2区 计算机科学
Computers & Security Pub Date : 2024-09-19 DOI: 10.1016/j.cose.2024.104119
A.K.M. Mubashwir Alam , Keke Chen
{"title":"TEE-MR: Developer-friendly data oblivious programming for trusted execution environments","authors":"A.K.M. Mubashwir Alam ,&nbsp;Keke Chen","doi":"10.1016/j.cose.2024.104119","DOIUrl":"10.1016/j.cose.2024.104119","url":null,"abstract":"<div><div>Trusted execution environments (TEEs) enable efficient protection of integrity and confidentiality for applications running on untrusted platforms. They have been deployed in cloud servers to attract users who have concerns on exporting data and computation. However, recent studies show that TEEs’ side channels, including memory, cache, and micro-architectural features, are still vulnerable to adversarial exploitation. As many such attacks utilize program access patterns to infer secret information, data oblivious programs have been considered a practical defensive solution. However, they are often difficult to develop and optimize via either manual or automated approaches. We present the <em>oblivious TEE with MapReduce</em> (TEE-MR) approach that uses application frameworks, an approach between fully manual and fully automated, to hide the details of access-pattern protection to significantly minimize developers’ efforts. We have implemented the approach with the MapReduce application framework for data-intensive applications. It can regulate application dataflows and hide application-agnostic access-pattern protection measures from developers. Compared to manual composition approaches, it demands much less effort for developers to identify access patterns and to write code. Our approach is also easy to implement, less complicated than fully automated approaches, for which we have not seen a working prototype yet. Our experimental results show that TEE-MR-based applications have good performance, comparable to those carefully developed with time-consuming manual composition approaches.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"148 ","pages":"Article 104119"},"PeriodicalIF":4.8,"publicationDate":"2024-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142319657","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Doing cybersecurity at home: A human-centred approach for mitigating attacks in AI-enabled home devices 在家中实现网络安全:以人为本,减轻人工智能家用设备受到的攻击
IF 4.8 2区 计算机科学
Computers & Security Pub Date : 2024-09-19 DOI: 10.1016/j.cose.2024.104112
Asimina Vasalou , Laura Benton , Ana Serta , Andrea Gauthier , Ceylan Besevli , Sarah Turner , Rea Gill , Rachael Payler , Etienne Roesch , Kevin McAreavey , Kim Bauters , Weiru Liu , Hsueh-Ju Chen , Dennis Ivory , Manos Panaousis , Georgios Loukas
{"title":"Doing cybersecurity at home: A human-centred approach for mitigating attacks in AI-enabled home devices","authors":"Asimina Vasalou ,&nbsp;Laura Benton ,&nbsp;Ana Serta ,&nbsp;Andrea Gauthier ,&nbsp;Ceylan Besevli ,&nbsp;Sarah Turner ,&nbsp;Rea Gill ,&nbsp;Rachael Payler ,&nbsp;Etienne Roesch ,&nbsp;Kevin McAreavey ,&nbsp;Kim Bauters ,&nbsp;Weiru Liu ,&nbsp;Hsueh-Ju Chen ,&nbsp;Dennis Ivory ,&nbsp;Manos Panaousis ,&nbsp;Georgios Loukas","doi":"10.1016/j.cose.2024.104112","DOIUrl":"10.1016/j.cose.2024.104112","url":null,"abstract":"<div><div>AI-enabled devices are increasingly introduced in the home context and cyber-attacks targeting their AI component are becoming more frequent. Moving away from seeing the user as the problem to recognising the user as part of the solution, our research reports on a novel cybersecurity intervention (comprising Explainable AI features, assisted remediation) designed to support users to identify, diagnose and mitigate cyber-attacks on the AI component of their smart devices. We carried out a case study of a bespoke smart heating device inclusive of this intervention and conducted fieldwork with ten households who experienced simulated integrity cyber-attacks over a month. Our research contributes an understanding of how to design AI-enabled devices and their ecosystems to support users to perceive integrity cyber-attacks, offering new considerations for intervention design that exploits multimodal indicators and supports users to troubleshoot themselves the causes as well as actions of cyber-attacks. Contributing to the growing area of human-centred cybersecurity, we evidence the distinctive challenges users face when evaluating integrity attacks on the AI component in the home context.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"148 ","pages":"Article 104112"},"PeriodicalIF":4.8,"publicationDate":"2024-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S0167404824004176/pdfft?md5=5fa09d1b930abf5d2979032947ec3d60&pid=1-s2.0-S0167404824004176-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142311600","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
CDDA-MD: An efficient malicious traffic detection method based on concept drift detection and adaptation technique CDDA-MD:基于概念漂移检测和适应技术的高效恶意流量检测方法
IF 4.8 2区 计算机科学
Computers & Security Pub Date : 2024-09-18 DOI: 10.1016/j.cose.2024.104121
Saihua Cai , Han Tang , Jinfu Chen , Yikai Hu , Wuhao Guo
{"title":"CDDA-MD: An efficient malicious traffic detection method based on concept drift detection and adaptation technique","authors":"Saihua Cai ,&nbsp;Han Tang ,&nbsp;Jinfu Chen ,&nbsp;Yikai Hu ,&nbsp;Wuhao Guo","doi":"10.1016/j.cose.2024.104121","DOIUrl":"10.1016/j.cose.2024.104121","url":null,"abstract":"<div><div>With the rapid development of network environment, cyber attacks have become one of the major threats to network security, and maintaining network security requires accurate detection of malicious traffic generated by cyber attacks. However, due to the dynamic nature of network behavior, data distribution in network traffic may change over time, i.e., appearing concept drift phenomenon, and the emergence of concept drift causes existing malicious traffic detection models to suffer from the problem of decreased detection efficiency. To address this challenge, we propose a <u>C</u>oncept <u>D</u>rift <u>D</u>etection and <u>A</u>daptation-based <u>M</u>alicious traffic <u>D</u>etection method called CDDA-MD. Firstly, the network traffic is segmented using sliding window technique and the data samples are analyzed on the basis of each window. And then, a long short-term memory network (LSTM) is utilized to capture the long-term dependencies in the time-series features of network traffic; At the same time, a multi-head self-attention mechanism is introduced to provide larger weights for the important features. Moreover, we replace the ReLU activation function in LSTM with Tanh to overcome the neuron “death” problem, and replace the Adam optimizer with Nadam to accelerate convergence, thereby improving the detection performance. Next, the concept drift is detected based on the idea of error rate, and the detected concept drift data is used for incremental learning to make the model adapt to current network environment. Finally, based on the detected concept drift, malicious traffic detection operations are performed to effectively maintain the security of cyberspace. Experiments on four network traffic show that compared with existing state-of-the-art methods, the proposed CDDA-MD method improves 0.3%, 1.2% , 1.16% and 1.9% in F1-measure, 0.25%, 1.1%, 1.44% and 1.72% in TPR, respectively; It also has better stability.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"148 ","pages":"Article 104121"},"PeriodicalIF":4.8,"publicationDate":"2024-09-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142311601","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Entity and relation extractions for threat intelligence knowledge graphs 威胁情报知识图谱的实体和关系提取
IF 4.8 2区 计算机科学
Computers & Security Pub Date : 2024-09-18 DOI: 10.1016/j.cose.2024.104120
Inoussa Mouiche, Sherif Saad
{"title":"Entity and relation extractions for threat intelligence knowledge graphs","authors":"Inoussa Mouiche,&nbsp;Sherif Saad","doi":"10.1016/j.cose.2024.104120","DOIUrl":"10.1016/j.cose.2024.104120","url":null,"abstract":"<div><div>Advanced persistent threats (APTs) represent a complex challenge in cybersecurity as they infiltrate networks stealthily to conduct espionage, steal data, and maintain a long-term presence. To combat these threats, security professionals increasingly rely on cyber knowledge graphs (CKGs), which provide scalable solutions to analyze and structure vast amounts of cyber threat intelligence (CTI) from diverse sources in real-time, enabling the automation of proactive security measures. Developing CKGs requires extracting entity and their relationships from unstructured CTI reports. However, existing approaches face significant limitations, such as difficulties with the nuances of cybersecurity language, diverse threat terminologies, and high rates of error propagation, resulting in low accuracy and poor generalizability. This paper introduces a novel Threat Intelligence Knowledge Graph (TiKG) pipeline designed to address these challenges. The TiKG framework leverages SecureBERT, a domain-specific transformer-based model optimized for cybersecurity, and integrates it with an attention-based BiLSTM to capture the context and nuances of security texts, reducing error propagation and improving extraction accuracy. Additionally, the pipeline incorporates a domain-specific ontology and inference model to ensure precise relation mapping in relation extraction. Using three large-scale TI open-source datasets (DNRTI, STUCCO, and CYNER) and a curated CTI dataset, extensive evaluations demonstrate the effectiveness of our framework, showing significant improvements over existing methods in detecting and linking cyber threats. These contributions provide a robust platform for security professionals to analyze and predict potential attacks, develop effective defenses, and enhance the strategic capabilities of cybersecurity operations.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"148 ","pages":"Article 104120"},"PeriodicalIF":4.8,"publicationDate":"2024-09-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S0167404824004255/pdfft?md5=9bc3e5147e5e14a8affa86bf2310d0f8&pid=1-s2.0-S0167404824004255-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142311597","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A fast modularity hardware Trojan detection technique for large scale gate-level netlists 针对大规模门级网表的快速模块化硬件木马检测技术
IF 4.8 2区 计算机科学
Computers & Security Pub Date : 2024-09-17 DOI: 10.1016/j.cose.2024.104111
Wei Chen, Zhiyuan Bai, Gaoyuan Pan, Jian Wang
{"title":"A fast modularity hardware Trojan detection technique for large scale gate-level netlists","authors":"Wei Chen,&nbsp;Zhiyuan Bai,&nbsp;Gaoyuan Pan,&nbsp;Jian Wang","doi":"10.1016/j.cose.2024.104111","DOIUrl":"10.1016/j.cose.2024.104111","url":null,"abstract":"<div><div>Hardware Trojans (HTs) are a kind of malicious circuit implanted by adversaries and induce malfunction under rare situations. Attackers may insert HTs into untrusted third-party intellectual properties (3PIPs), thus severely threatening the hardware security of ICs. To overcome this issue, state-of-art HT detection techniques are proposed based on feature extraction of gate-level netlists (GLNs). However, these techniques may take a long time to extract HT signals for large scale GLNs. In this paper, we propose a fast modularity HT detection (FMTD) method for large scale GLNs. The GLN modularity algorithm can divide the whole GLN into several small modules with the boundaries of D flip-flops (DFFs) of each module. By analyzing the transition rate of critical signals, preserving suspicious DFFs, and repairing the ring circuit, we can ensure the integrity of HT circuits during the GLN modularity process. Then, the calculation of the testability of each module is conducted in parallel with our self-designed tool. In the self-designed tool, we repair the ring circuit, calculate the testability values, and calibrate the testability values of module boundary signals. Compared with the EDA tools, our self-designed tool has no upper limit of testability values. Then, the testability values are sent to the unsupervised K-means clustering simultaneously to diagnose the HT signals. Facilitated by the modularity of the GLN, the detection time of 10<sup>5</sup> order signals sample is reduced by up to 90 % when compared to the traditional COTD method, while our MFTD method shows a similar HT detection performance to that of the traditional COTD method. For all 20 kinds of GLN samples in Trust-hub, our FMTD method can obtain a detection accuracy of 100 %, and signal diagnosis precision of more than 93 % with a diagnosis false positive rate lower than 1 %.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"148 ","pages":"Article 104111"},"PeriodicalIF":4.8,"publicationDate":"2024-09-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142311595","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
PDSMV3-DCRNN: A novel ensemble deep learning framework for enhancing phishing detection and URL extraction PDSMV3-DCRNN:用于增强网络钓鱼检测和 URL 提取的新型集合深度学习框架
IF 4.8 2区 计算机科学
Computers & Security Pub Date : 2024-09-17 DOI: 10.1016/j.cose.2024.104123
Y. Bhanu Prasad , Venkatesulu Dondeti
{"title":"PDSMV3-DCRNN: A novel ensemble deep learning framework for enhancing phishing detection and URL extraction","authors":"Y. Bhanu Prasad ,&nbsp;Venkatesulu Dondeti","doi":"10.1016/j.cose.2024.104123","DOIUrl":"10.1016/j.cose.2024.104123","url":null,"abstract":"<div><div>Phishing is a cyber-attack that exploits victims' technical ignorance or naivety and commonly involves a Uniform Resources Locator (URL). As a result, it is beneficial to examine URLs before accessing them to spot a phishing assault. Several algorithms based on machine learning have been presented to detect phishing attempts. However, these approaches often suffer from lower performance outcomes, such as lower accuracy, longer response times, and higher false positive rates. Furthermore, many existing methods rely heavily on predefined feature sets, which may limit their adaptability and robustness. In contrast, our proposed method leverages a more dynamic feature selection process, which includes the Conditional Wasserstein Generative Adversarial Network (CWGAN) for addressing data imbalance and the Binary Grey Goose Optimization Algorithm (BGGOA) for optimal feature selection. This dynamic approach enhances the model's ability to adapt to varying data characteristics, improving detection performance. The proposed solution is divided into two stages: pre-deployment and deployment. During the pre-deployment stage, the dataset is preprocessed, including data transformation, handling irrelevant and redundant data, and ensuring data balancing. Minority samples are increased using CWGAN to avoid class imbalance. Features are then selected using BGGOA, resulting in a feature-reduced dataset used for training and testing ensemble deep learning classifiers, specifically the Novel Pyramid Depth-wise Separable-MobileNetV3 (PyDS-MV3) and Deformable Convolutional Residual Neural Network (DCRNN), termed PDSMV3-DCRNN. During the deployment phase, the Boosted ConvNeXt approach extracts URL features fed into the trained classifier to predict \"phishing\" or \"benign\". According to experimental findings, the proposed solution outperforms all other tested approaches, displaying a faster training time of 0.11 s and achieving an optimal accuracy of 99.21%.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"148 ","pages":"Article 104123"},"PeriodicalIF":4.8,"publicationDate":"2024-09-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142319658","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Designing accountable IoT systems to overcome IoT storage limitation 设计可问责的物联网系统,克服物联网存储限制
IF 4.8 2区 计算机科学
Computers & Security Pub Date : 2024-09-17 DOI: 10.1016/j.cose.2024.104118
Jiacheng Li , Yang Xiao , Shuhui Li , Tieshan Li
{"title":"Designing accountable IoT systems to overcome IoT storage limitation","authors":"Jiacheng Li ,&nbsp;Yang Xiao ,&nbsp;Shuhui Li ,&nbsp;Tieshan Li","doi":"10.1016/j.cose.2024.104118","DOIUrl":"10.1016/j.cose.2024.104118","url":null,"abstract":"<div><div>IoT devices have been widely used in diverse environments, bringing more and more benefits to people. However, the security issues surrounding these IoT devices raise significant concerns about their level of security. Researchers have proposed many prevention and detection methods for security issues. However, these methods may only partially address the challenges of IoT devices. Accountability can be used as an additional method to enhance security, which is vital in improving security. This article proposes robust accountability methods for IoT devices lacking permanent storage to ensure accountability. We prove that our proposed accountability methods successfully achieve completeness, correctness, and accuracy. To assess their effectiveness, we integrate our accountability methods into a temperature humidity monitor, revealing that the overhead incurred by these methods showcases their practical applicability with a reasonable impact on performance.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"148 ","pages":"Article 104118"},"PeriodicalIF":4.8,"publicationDate":"2024-09-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142315499","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信