Computers & Security最新文献

{"title":"Enhancing detection rates in intrusion detection systems using fuzzy integration and computational intelligence","authors":"Hannah Jessie Rani R ,&nbsp;Amit Barve ,&nbsp;Ashwini Malviya ,&nbsp;Vivek Ranjan ,&nbsp;Rubal Jeet ,&nbsp;Nilesh Bhosle","doi":"10.1016/j.cose.2025.104577","DOIUrl":"10.1016/j.cose.2025.104577","url":null,"abstract":"<div><div>Intrusion Detection Systems (IDS) show a major part in computer cyber defense by detecting and reacting to unauthorized activities. These systems monitor network and system activity, evaluating developments to identify possible security breaches. Enhancing Detection Rates in IDS includes optimizing algorithms, employing Machine Learning (ML) approaches, and employing intrusion detection to enhance the system's functionality to find novel vulnerabilities immediately. Continuous improvement in detection capabilities is essential for adapting to evolving challenges from cyberspace and maintaining resilience of the online infrastructure. To enhance the detection rates, data preprocessing like min-max normalization, followed by t-distributed Stochastic Neighbor Embedding (t-SNE) feature extraction technique to capture most discriminative attributes for attack classifications. The established Genetic Fuzzy Systems (GFS) throughout paired learning framework for detecting input attack. The model enhances accuracy for unusual attack occurrences by better distinguishing between normal activity and distinct attack categories. To proposed Generative Adversarial Network (GAN) as a classifier for enhancing detection rates. This research explores the performance of the proposed GFS-GAN model on two prominent intrusion detection datasets are the TII-SSRC-23 for dataset 1 and NSL-KDD for dataset 2. The suggested GFS-GAN model demonstrated exceptional performance on the TII-SSRC-23 dataset, achieving 99.23 % accuracy. The GFS-GAN model also performed well on the NSL-KDD dataset, with an accuracy of 99.13 %, The findings illustrate GANs' capabilities to progress the efficacy and durability of IDS, resulting in effective protection against complicated cyber-attacks.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"157 ","pages":"Article 104577"},"PeriodicalIF":4.8,"publicationDate":"2025-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144490115","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Security of cyber-physical Additive Manufacturing supply chain: Survey, attack taxonomy and solutions","authors":"Mahender Kumar,&nbsp;Gregory Epiphaniou,&nbsp;Carsten Maple","doi":"10.1016/j.cose.2025.104557","DOIUrl":"10.1016/j.cose.2025.104557","url":null,"abstract":"<div><div>Additive Manufacturing (AM) is transforming industries by enabling rapid prototyping and customised production. However, as AM processes become increasingly digitised and interconnected, they introduce significant cybersecurity vulnerabilities, including intellectual property theft, design manipulation, and counterfeit production. This paper offers a comprehensive analysis of cyber and cyber–physical threats within the AM supply chain, addressing a critical research gap that has largely focused on isolated security aspects. Building upon existing taxonomies, we expand cybersecurity frameworks to incorporate emerging AM-specific threats. We propose a structured attack taxonomy that categorises threats by attacker goals, targets, and methods, supported by real-world case studies. The paper emphasises the need for robust cybersecurity measures to protect intellectual property, ensure production integrity, and strengthen supply chain security. Finally, we present mitigation strategies to counter these threats, laying the foundation for future research and best practices to secure AM ecosystems.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"157 ","pages":"Article 104557"},"PeriodicalIF":4.8,"publicationDate":"2025-06-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144312823","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Informal control responses to information security policy violations: A factorial survey on insurance employees’ moral licensing of insider threats","authors":"Steffi Haag ,&nbsp;Nils Siegfried ,&nbsp;Nane Winkler","doi":"10.1016/j.cose.2025.104575","DOIUrl":"10.1016/j.cose.2025.104575","url":null,"abstract":"<div><div>Most organizations implement information security policies (ISPs) to protect their data and systems. However, these policies are only effective if employees follow them—including reporting or discouraging violations by others. Beyond formal control mechanisms, informal controls play a crucial role in shaping employees’ responses to ISP violations. These informal controls can either reduce security risks by discouraging misconduct or, conversely, reinforce insider threats by signaling approval of violations. Despite their importance, little is known about how informal controls develop and function.</div><div>This study investigates key factors influencing employees’ informal control responses to non-malicious ISP violations, focusing on moral licensing—the tendency to permit rule-breaking based on a violator’s past behavior or status. Using a factorial survey of 1024 insurance sector employees and analyzing 4607 vignette-based observations through multilevel structural equation modeling, we find that employees are more likely to tolerate ISP violations when the violator has a history of compliance, possesses high task competence, holds a higher hierarchical status, or when the violation appears to benefit the team.</div><div>By emphasizing the human factor in information security, this study reveals how cognitive biases in informal controls can weaken ISP compliance and increase insider threats. The findings provide actionable recommendations for security managers, including strategies to align ISPs with organizational goals, engage influential employees, and enhance security training. Strengthening informal controls can help create a more secure and compliant workplace.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"157 ","pages":"Article 104575"},"PeriodicalIF":4.8,"publicationDate":"2025-06-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144490121","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"STPA-Cyber: A semi-automated cyber risk assessment framework for maritime cybersecurity","authors":"Awais Yousaf ,&nbsp;Sean Gunawan ,&nbsp;Sunil Basnet ,&nbsp;Victor Bolbot ,&nbsp;Jianying Zhou ,&nbsp;Osiris A. Valdez Banda","doi":"10.1016/j.cose.2025.104559","DOIUrl":"10.1016/j.cose.2025.104559","url":null,"abstract":"<div><div>Cybersecurity incidents in the maritime sector are growing in number and the requirement of cyber risk management onboard ships is an inescapable reality today. Multiple cyber risk assessment frameworks exist today but they are all cumbersome to be applied in today’s state-of-the-art modern maritime systems. Most of the frameworks require experts’ involvement, their precious time and cognitive efforts. The application of these frameworks are also prone to human biases. Moreover, due to the rapid evolution of malicious actors and the inclusion of state-of-the-art toolsets in their arsenal, the completeness of the coverage of the cyber risk analysis for modern maritime systems is also open to questions. In response to these emerging challenges and threat landscape, a modified system theoretic process analysis for cybersecurity is proposed that not only inspects the control actions from a controller but also investigates the incoming feedback signals from the controlled process. The rationale behind the two-way cyber risk analysis within a system, i.e., for a control action as well as for a feedback signal, is that the attackers can target both the links within a feedback loop with comparable likelihood and impact, which could result in gruesome consequences. This work also contributes by semi-automating the labor intensive steps of the cyber risk assessment that results in significant reduction of involvement of experts, cognitive efforts, time requirement and human biases. Lastly, semi-automated generation of security causal scenarios in this work also contributes to the completeness of the cyber risk assessment process because human involvement and manual efforts required in the cyber risk assessment of a cyber–physical system could result in incomplete analysis due to the limitations in human comprehension. Hence, considerable reductions in time, cognitive efforts, human involvement and human biases are achieved in this work.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"157 ","pages":"Article 104559"},"PeriodicalIF":4.8,"publicationDate":"2025-06-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144312822","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A fast hardware Trojan detection method with parallel clustering for large-scale gate-level netlists","authors":"Gaoyuan Pan,&nbsp;Huan Li,&nbsp;Jian Wang","doi":"10.1016/j.cose.2025.104570","DOIUrl":"10.1016/j.cose.2025.104570","url":null,"abstract":"<div><div>The growing complexity of hardware design makes third-party intellectual property (3PIP) a superior option. However, it poses security threats to the integrated circuit (IC) supply chain. An untrusted 3PIP may have been implanted with hardware Trojans (HTs), which are malicious modifications to ICs. To ensure the security of ICs, state-of-the-art HT detection techniques related to testability metrics have been recently researched. Nevertheless, the computation of testability values and clustering analysis may be time-consuming for large-scale gate-level netlists (GLNs). To address this issue, we propose a fast HT detection method based on a previously proposed modularity algorithm, incorporating parallel clustering for large-scale GLNs. D-flip-flops are utilized as the boundaries to divide the GLN into modules. Then, we use a self-designed tool to simultaneously compute testability values and static transition probabilities for each signal in each module. If the minimum static transition probability of signals within a module falls below a predefined threshold, the module is suspected to contain HTs and necessitates clustering analysis. Otherwise, it is considered safe and excluded from further analysis. Suspicious modules are then clustered in parallel to identify potential HT signals. Lastly, a secondary diagnosis is performed to minimize false positives in the clustering analysis results. For samples with up to approximately 10⁵ signals from Trust-hub, the detection time is reduced by up to 60 % compared to our previous work, achieving a detection accuracy of 100 %, a signal diagnosis accuracy exceeding 93 %, and a false positive rate below 1 %.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"157 ","pages":"Article 104570"},"PeriodicalIF":4.8,"publicationDate":"2025-06-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144472241","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"MER-GCN: Reasoning about attacking group behaviors using industrial control system attack knowledge graphs","authors":"Xiao Zhang ,&nbsp;Yingxu Lai ,&nbsp;Xinrui Dong ,&nbsp;Xinyu Xu","doi":"10.1016/j.cose.2025.104558","DOIUrl":"10.1016/j.cose.2025.104558","url":null,"abstract":"<div><div>To enhance the ability of Intrusion Detection Systems (IDSs) to detect complex attacks on Industrial Control Systems (ICSs), we developed the ICS attack knowledge graph (ICS-Attack-KG). This graph focuses on learning the correlations across attack groups’ behaviors to enable cross-group threat intelligence sharing. Based on the knowledge learned, the graph can reason about potential attack behaviors more comprehensively and accurately, which is beneficial for IDS to update its rulebase and detect complex attacking behaviors. However, data sparsity caused by the difficulty in obtaining threat intelligence of advanced attack group, as well as the data complexity brought by learning correlations across attack groups’ behaviors, increases the difficulty of embedding and reasoning on a knowledge graph. To address these issues, we introduce a novel link prediction model named the Multi-Edge Relation Graph Convolutional Network (MER-GCN). This model overcomes the limitations of data sparsity by embedding global graph structure into relation vectors, enabling it to supply missing information through adjacent or related nodes. To better learn the correlations across attack groups’ behaviors, MER-GCN sets attack group as relations and involves three-dimensional convolutional computation and relational projections to capture pattern sharing and differences across relational subgraphs. Empirical evaluation results demonstrate that the model significantly improves the accuracy and completeness of reasoning about attack groups’ behaviors in ICS. On the ICS-Attack-KG dataset, the model achieves an 11.3% improvement in mean reverse rank (MRR) over the state-of-the-art MR-GCN model. Additionally, the model also improved by 6.8% on the widely recognized Reuters dataset, demonstrating the model’s good generalization ability on a common dataset.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"157 ","pages":"Article 104558"},"PeriodicalIF":4.8,"publicationDate":"2025-06-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144321048","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"HGAN4VD: Leveraging Heterogeneous Graph Attention Networks for enhanced vulnerability detection","authors":"Yucheng Zhang ,&nbsp;Xiaolin Ju ,&nbsp;Xiang Chen ,&nbsp;Amin Misbahul ,&nbsp;Zilong Ren","doi":"10.1016/j.cose.2025.104548","DOIUrl":"10.1016/j.cose.2025.104548","url":null,"abstract":"<div><div>Detecting vulnerabilities is crucial for mitigating inherent risks in software systems. In recent years, there has been a significant increase in developing effective vulnerability detection approaches, many of which leverage deep learning technologies. These methods provide notable advantages, including automated feature extraction and the ability to train models autonomously, thereby improving the efficiency and accuracy of the detection process. However, existing methods encounter two significant limitations. Firstly, code analysis lacks granularity and does not fully leverage semantic and syntactic information within code structures, resulting in suboptimal performance. Secondly, approaches based on Graph Neural Networks (GNNs) inherently struggle to capture long-distance relationships between nodes in code structures. In this paper, we propose HGAN4VD, a novel vulnerability detection method that utilizes heterogeneous intermediate source code representations to address these limitations. HGAN4VD comprises two components: a heterogeneous code representation graph, which is constructed by creating diverse code representations and simplifying the graph to reduce node distances, and a Heterogeneous Graph Attention Network, which incorporates two attention layers to calculate node-level and semantic-level attention. Experiments on three widely used datasets demonstrate that HGAN4VD outperforms state-of-the-art methods by 1.5% to 7.7% in accuracy and 3.8% to 12.2% in F1 score metrics, affirming its effectiveness in learning global information for code graphs used in vulnerability detection. Furthermore, we demonstrate the generalization capability of our method on Java and Python datasets, suggesting its potential for broader applicability.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"157 ","pages":"Article 104548"},"PeriodicalIF":4.8,"publicationDate":"2025-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144291300","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"WOLVES: Window of Opportunity attack feasibility likelihood value estimation through a simulation-based approach","authors":"Suraj Harsha Kamtam ,&nbsp;Qian Lu ,&nbsp;Abdur Rakib ,&nbsp;Muhamad Azfar Ramli ,&nbsp;Rakhi Manohar Mepparambath ,&nbsp;Siraj Ahmed Shaikh ,&nbsp;Hoang Nga Nguyen","doi":"10.1016/j.cose.2025.104549","DOIUrl":"10.1016/j.cose.2025.104549","url":null,"abstract":"<div><div>The Road Vehicles Cybersecurity Engineering Standard, ISO/SAE 21434, provides a framework for road vehicle Threat Analysis and Risk Assessment (TARA). The TARA framework must include Connected Vehicles (CVs) and their connectivity with external interfaces. However, assessing cyber-attack feasibility on CVs is a significant challenge, as traditionally, qualitative and subjective expert opinions are the norm. Additionally, there is a need for historical data on security-related incidents and dynamically evolving interconnected vehicle-to-everything (V2X) entities for feasibility assessment, which is not readily available. To address this problem, this paper presents, to the best of our knowledge, the first simulation-based TARA framework designed to characterise, quantify, and assess the Window of Opportunity (WO) for attackers—a metric that indicates the likelihood of an attack. A case study involving Bluetooth, with one attacker and one target, is modelled to demonstrate the proposed framework WOLVES’s applicability. Two scenarios have been investigated using different motorway roads in the UK. The primary outcome is the WOLVES framework, which employs a data-driven approach using both prior and likelihood information to estimate the probability of a successful cyber attack on a given technology in CVs. The findings from this research could assist threat analysts, decision-makers, and planners involved in CV risk assessment by enhancing the modelling of attack feasibility for cybersecurity threats in dynamic scenarios and developing appropriate mitigation strategies.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"157 ","pages":"Article 104549"},"PeriodicalIF":4.8,"publicationDate":"2025-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144472242","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Enhanced biometric template protection schemes using distance based fuzzy extractor","authors":"P V V S Srinivas ,&nbsp;Nikhil Yadavalli ,&nbsp;Venkata Durga ,&nbsp;Karthik Kumar ,&nbsp;Prateesh Raju","doi":"10.1016/j.cose.2025.104573","DOIUrl":"10.1016/j.cose.2025.104573","url":null,"abstract":"<div><div>The biometric template protection systems are essential for improving the security of biometric authentication systems in Internet of Things (IoT)-based applications. However, insufficient user data, compromised keys, and privacy concerns raise significant challenges regarding the reliability and security of these systems. One critical challenge is unauthorized access to biometric templates, which exposes users to potential security threats. The proposed system addresses this by employing a novel technique that enhances template security through a cancellable biometric (CB) scheme. While CB schemes improve security by applying a one-way transformation to the biometric template, they often suffer from decreased accuracy due to the complexity of transformations applied to the feature vector. To overcome these limitations, the proposed system integrates a Self-learning based Multi-scale Residual Convolutional Neural Network (SM-ResCNN) for feature extraction, which improves classification accuracy by capturing features at various scales. These features are then classified by an Enhanced Random Forest (MRF) classifier, ensuring high accuracy while mitigating overfitting. Additionally, the Distance-based Fuzzy Extractor (DFE) is employed for cancellable template protection, converting biometric data into uniformly arbitrary and reproducible random strings, enhancing security without compromising performance. The performance of the proposed approach is simulated in the FERT and CASIA datasets and contrasted with state-of-the-art methods. The recognition rates obtained with the FERET and CASIA datasets are 99.81 % with 0.015 Equal error rate (EER) and 99.7 % with 0.0211 EER, respectively. The study shows that the proposed method significantly improves biometric authentication security while maintaining high classification accuracy, outperforming existing state-of-the-art methods.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"157 ","pages":"Article 104573"},"PeriodicalIF":4.8,"publicationDate":"2025-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144501445","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Model-based structural and behavioral cybersecurity risk assessment in system designs","authors":"Tino Jungebloud ,&nbsp;Nhung H. Nguyen ,&nbsp;Dan Dongseong Kim ,&nbsp;Armin Zimmermann","doi":"10.1016/j.cose.2025.104543","DOIUrl":"10.1016/j.cose.2025.104543","url":null,"abstract":"<div><div>Cybersecurity risk assessment has become a critical task in systems development and the operation of complex networked systems. However, current state-of-the-art approaches for detecting vulnerabilities, such as automated security testing or penetration testing, often result in late detection. Thus, there is a growing need for security by design, which involves conducting security-related analyses as early as possible in the system development life cycle.</div><div>This paper proposes an integrated approach that combines static and dynamic hierarchical model-based security risk assessment. The approach enables early identification of security risks during system design, utilizing various models based on the Unified Modeling Language (UML), with lightweight extensions using profiles and stereotypes to capture security attributes like vulnerabilities and asset values. These security attributes are then used to compute relevant properties, including threat space, possible attack paths, and selected network-based security metrics. To facilitate dynamic security analysis, the UML model is subsequently translated into a deterministic and stochastic Petri net (DSPN). This translation allows for the dynamic analysis and simulation of the system’s state and behavior during an attack, capturing temporal aspects and probabilistic transitions. By representing system components and their interactions as modular Petri nets, the DSPN framework facilitates comprehensive simulation and analysis of possible attack scenarios. This also allows us to estimate time-based security metrics such as the duration required for an attacker to compromise system components. Consequently, this combined approach effectively addresses both static security analysis and dynamic state behavior, providing an integrated understanding of the system’s resilience against cyber threats. A real-world industrial case study illustrates the effectiveness of this approach. The underlying data originates from security assessments performed by Keen Security Labs, which were independently verified by BMW (Cai et al., 2019). Specifically, we present an infotainment system network model as implemented in multiple car models along with corresponding attack and defense models. We then demonstrate how the approach assesses the cybersecurity risk of such in-vehicle networks.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"157 ","pages":"Article 104543"},"PeriodicalIF":4.8,"publicationDate":"2025-06-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144298192","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}