Computers & Security最新文献

{"title":"A novel proactive and dynamic cyber risk assessment methodology","authors":"Pavlos Cheimonidis,&nbsp;Konstantinos Rantos","doi":"10.1016/j.cose.2025.104439","DOIUrl":"10.1016/j.cose.2025.104439","url":null,"abstract":"<div><div>In today’s operational environment, organizations face numerous cybersecurity challenges and risks. This paper presents a novel risk assessment methodology designed to assess cyber risks in a proactive and dynamic manner. Our approach gathers information from both the organization’s internal environment and cybersecurity-related open sources. It then converts the collected qualitative data into numerical form by applying predefined mapping rules, including categorical assignments and frequency-based quantification. These numerical values are then integrated with other quantitative data using a probabilistic method. Subsequently, all this information is integrated into a Bayesian network model to dynamically estimate the probability of success of a cyber attack. This probability, combined with the impact assessments of the organization’s assets, is used to provide risk estimations. By incorporating the Exploit Prediction Scoring System, our model is capable of delivering not only dynamic but also proactive risk assessments. To validate the effectiveness of the proposed methodology, we present a use case that demonstrates its application in assessing risk within a SCADA environment.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"154 ","pages":"Article 104439"},"PeriodicalIF":4.8,"publicationDate":"2025-03-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143684228","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Semantics-aware location privacy preserving: A differential privacy approach","authors":"Dikai Zou ,&nbsp;Jun Tao ,&nbsp;Zuyan Wang","doi":"10.1016/j.cose.2025.104402","DOIUrl":"10.1016/j.cose.2025.104402","url":null,"abstract":"<div><div>The protection of location privacy, as a highly sensitive characteristic of information, has been extensively analyzed and discussed for a significant period. Recently, exploiting the semantics of locations offers a new dimension to enhance privacy preservation by enabling more effective control over the information disclosed by users. Different from most prior research efforts, which regard location semantics as a category, in this paper, location semantics is the statistical information about the Points of Interest (PoIs) in the specific location’s vicinity, which can be represented as a multi-dimensional vector. Further, Semantic Indistinguishability (Sem-Ind), a more relaxed privacy guarantee for location privacy than Geo-Indistinguishability (Geo-Ind), is derived under the paradigm of differential privacy. Multiple location obfuscation mechanisms, which integrate linear programming and heuristic search, respectively, are proposed to reduce utility loss while ensuring Sem-Ind. Based on the defined utility and privacy metrics, these obfuscation mechanisms are empirically evaluated on the GeoLife dataset. Experimental results indicate that the existing Geo-Ind-based obfuscation mechanisms satisfy Sem-Ind at an excessive loss of utility. Furthermore, the linear programming-based approach is capable of discovering optimal obfuscation functions, whereas the heuristic algorithms are more efficient in obtaining acceptable utility results.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"154 ","pages":"Article 104402"},"PeriodicalIF":4.8,"publicationDate":"2025-03-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143684123","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Enhancing maritime cyber situational awareness: A cybersecurity visualisation for non-experts","authors":"Dominic Too,&nbsp;Louise Axon,&nbsp;Ioannis Agrafiotis,&nbsp;Michael Goldsmith,&nbsp;Sadie Creese","doi":"10.1016/j.cose.2025.104433","DOIUrl":"10.1016/j.cose.2025.104433","url":null,"abstract":"<div><div>Cyber situational awareness is key to mitigating the impacts of cyber threats. However, maritime falls short of its comparative industries, with very little attention given to cyber threats despite the growing concern. In this paper, we explore the use of visualisations as a way to improve the situational awareness of non-experts onboard ships. We designed a visualisation tool with focus on systems that are accessible once onboard. In order to elicit requirements for our visualisations, we conducted semi-structured interviews with experts. We further created a synthetic dataset of attacks that target the systems of ships, which we used to assess the usability of our visualisation. In order to evaluate our visualisations, we conducted a user study with both expert and non-expert users. Our results show that non-expert participants were able to accurately and efficiently detect synthetic attacks targeting ships in an experimental setting, and they were able to use the visualisation to consider what the consequences of these attacks might be. Expert evaluations further suggest the visualisation has merit as a training tool for raising awareness among maritime employees.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"154 ","pages":"Article 104433"},"PeriodicalIF":4.8,"publicationDate":"2025-03-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143706518","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Enhancing intrusion detection in containerized services: Assessing machine learning models and an advanced representation for system call data","authors":"Iury Araujo ,&nbsp;Marco Vieira","doi":"10.1016/j.cose.2025.104438","DOIUrl":"10.1016/j.cose.2025.104438","url":null,"abstract":"<div><div>Security is one of the most critical requirements for modern digital systems. As the paradigm shifts from attempting to develop <em>fully</em> secure systems to designing resilient strategies that detect, respond to, and recover from attacks, Intrusion Detection Systems (IDS) become indispensable. However, developing robust IDS that address sophisticated attacks—especially in scenarios such as Cloud services, IoT, edge computing, and microservices, remains a significant challenge. Among these, containerized services present unique security challenges due to their architecture, deployment methods, and reliance on shared resources. On the other hand, Machine Learning (ML) offers promising, but not yet fully understood, solutions to enable automated, scalable, and adaptive intrusion detection mechanisms. In this paper, we study the applicability of a ML-based approach to enhance intrusion detection in containerized services by training and testing various ML algorithms on system call data, a commonly used data type in intrusion detection. Furthermore, we propose a novel graph-based representation for system calls that preserves critical relationships and contextual information between system calls. With this improved representation, we achieve enhancements in intrusion detection performance, including an increase in detection rates by at least 193% for the tested vulnerabilities while maintaining false alarms at a safer threshold, below a mean of 0.4% to maximize attack identification while minimizing false alarms we also incorporate a post-processing phase using a sliding window technique. This work not only addresses the challenges of securing containerized environments but also provides a robust framework for leveraging machine learning to build next-generation IDS.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"154 ","pages":"Article 104438"},"PeriodicalIF":4.8,"publicationDate":"2025-03-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143696232","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Performance analysis of dynamic ABAC systems using a queuing theoretic framework","authors":"Gaurav Madkaikar ,&nbsp;Karthikeya S.M. Yelisetty ,&nbsp;Shamik Sural ,&nbsp;Jaideep Vaidya ,&nbsp;Vijayalakshmi Atluri","doi":"10.1016/j.cose.2025.104432","DOIUrl":"10.1016/j.cose.2025.104432","url":null,"abstract":"<div><div>A policy comprised of a set of rules forms the backbone of Attribute-based Access Control (ABAC) systems. Every incoming request is checked against such a policy and if at least one rule grants the access, it is allowed. Else, access is denied. The initial ABAC policy could be hand crafted by the security administrator or mined from a given set of authorizations using a policy engineering technique. In dynamic ABAC systems, over a period of time, additional authorizations may have to be granted or some removed as per situational changes. These changes are maintained in an auxiliary list. For access resolution, both the policy as well as the auxiliary list are considered before taking a decision. Since such a list can grow indefinitely and checking it adversely affects access resolution efficiency, periodic policy rebuilding must be done by combining the existing policy and the auxiliary list. However, regenerating the ABAC policy requires re-running computationally expensive policy mining algorithms. Further, access mediation has to be put on hold while this step is being carried out, resulting in periods of unavailability of the system. In this paper, we study the intricate problem of balancing access request resolution, accommodating dynamic authorization updates, and ABAC policy rebuilding. We employ a queuing theoretic approach where the access mediation process is modeled as an M/G/1 queue with vacation or limited service. While the server is primarily involved in resolving access requests, it occasionally goes on vacation to rebuild the ABAC policy. We study the effect of queue discipline on several performance parameters like request arrival rate, access resolution time, vacation duration and interval between vacations. Results of an extensive set of experiments provide a direction toward efficient implementation of dynamic ABAC systems.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"154 ","pages":"Article 104432"},"PeriodicalIF":4.8,"publicationDate":"2025-03-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143706516","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"DPO-Face: Differential privacy obfuscation for facial sensitive regions","authors":"Yuling Luo,&nbsp;Tinghua Hu,&nbsp;Xue Ouyang,&nbsp;Junxiu Liu,&nbsp;Qiang Fu,&nbsp;Sheng Qin,&nbsp;Zhen Min,&nbsp;Xiaoguang Lin","doi":"10.1016/j.cose.2025.104434","DOIUrl":"10.1016/j.cose.2025.104434","url":null,"abstract":"<div><div>User-sensitive face images captured by widely used image-collection devices are frequently shared on social media. If these images are misused, they may pose a serious threat to users’ privacy. To ensure both privacy-preserving and image usability, this work introduces a Differential Privacy Obfuscation method of Face images (DPO-Face), which addresses the current limitations in balancing privacy and recognition accuracy. DPO-Face effectively balances privacy preservation and recognition accuracy to meet practical application demands. First, sensitive and non-sensitive regions of the image are accurately identified and located using an improved hybrid convolutional neural network by DPO-Face. Subsequently, face parsing technology is employed to precisely segment the input face image into multiple internal and external facial components. Moreover, precisely adjusted noise is introduced to the internal facial component regions using a differential privacy mechanism to disturb them, effectively protecting the privacy information of these regions while leaving the non-sensitive external components unchanged. Finally, the privacy-protected image is transmitted to the face detection and recognition module to evaluate the effectiveness of the privacy protection, such as maintaining high face detection and recognition accuracy. Experimental results demonstrate that DPO-Face meets <span><math><mi>ɛ</mi></math></span>-local differential privacy requirements, achieving recognition rates of 91%–96% and a maximum privacy protection success rate of 0.9720. This method allows the privacy level to be precisely adjusted, preventing privacy leaks to honest but curious third-party servers, thus achieving a balance between privacy-preserving and usability.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"154 ","pages":"Article 104434"},"PeriodicalIF":4.8,"publicationDate":"2025-03-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143684108","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Wavelet-based CSI reconstruction for improved wireless security through channel reciprocity","authors":"Nora Basha ,&nbsp;Bechir Hamdaoui","doi":"10.1016/j.cose.2025.104423","DOIUrl":"10.1016/j.cose.2025.104423","url":null,"abstract":"<div><div>The reciprocity of channel state information (CSI) collected by two devices communicating over a wireless channel has been leveraged to provide security solutions to resource-limited IoT devices. Despite the extensive research that has been done on this topic, much of the focus has been on theoretical and simulation analysis. However, these security solutions face key implementation challenges, mostly pertaining to limitations of IoT hardware and variations of channel conditions, limiting their practical adoption. To address this research gap, we revisit the channel reciprocity assumption from an experimental standpoint using resource-constrained devices. Our experimental study reveals a significant degradation in channel reciprocity for low-cost devices due to the varying channel conditions. Through experimental investigations, we first identify key practical causes for the degraded channel reciprocity. We then propose a new wavelet-based CSI reconstruction technique using wavelet coherence and time-lagged cross-correlation to construct CSI data that are consistent between the two participating devices, resulting in significant improvement in channel reciprocity. Additionally, we propose a secret-key generation scheme that exploits the wavelet-based CSI reconstruction, yielding significant increase in the key generation rates. Finally, we propose a technique that exploits CSI temporal variations to enhance device authentication resiliency through effective detection of replay attacks.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"154 ","pages":"Article 104423"},"PeriodicalIF":4.8,"publicationDate":"2025-03-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143684125","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Penterep: Comprehensive penetration testing with adaptable interactive checklists","authors":"Willi Lazarov ,&nbsp;Pavel Seda ,&nbsp;Zdenek Martinasek ,&nbsp;Roman Kummel","doi":"10.1016/j.cose.2025.104399","DOIUrl":"10.1016/j.cose.2025.104399","url":null,"abstract":"<div><div>In the contemporary landscape of cybersecurity, the importance of effective penetration testing is underscored by NIS2, emphasizing the need to assess and demonstrate cyber resilience. This paper introduces an innovative approach to penetration testing that employs interactive checklists, supporting both manual and automated tests, as demonstrated within the Penterep environment. These checklists, functioning as a quantifiable measure of test completeness, guide pentesters through methodological testing, addressing the inherent challenges of the security testing domain. While some may perceive a limitation in the dependency on predefined checklists, the results from a presented case study underscore the criticality of methodological testing. The study reveals that relying solely on fully automated tools would be inadequate to identify all vulnerabilities and flaws without the inclusion of manual tests. Our innovative approach complements established methodologies, such as PTES, OWASP, and NIST, providing crucial support to penetration testers and ensuring a comprehensive testing process. Implemented within the Penterep environment, our approach is designed with deployment flexibility (both on-premises and cloud-based), setting it apart through an overview comparison with existing tools aligned with state-of-the-art penetration testing approaches. This flexible and scalable approach effectively bridges the gap between manual and automated testing, meeting the increasing demands for effectiveness and adaptability in penetration testing.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"154 ","pages":"Article 104399"},"PeriodicalIF":4.8,"publicationDate":"2025-03-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143643573","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Systematic analysis of security advice on the topic of insider threats","authors":"Andrew Stewart,&nbsp;Christopher Hobbs","doi":"10.1016/j.cose.2025.104411","DOIUrl":"10.1016/j.cose.2025.104411","url":null,"abstract":"<div><div>Insider threats are an important and enduring security challenge. As a consequence, a number of organizations such as government agencies, research institutions, trade groups, and other parties have published documents containing advice on the topic of insider threats. Here, we provide an evaluation of such advice documents. We employ the relatively new SAcoding (security advice coding) methodology to perform a systematic analysis. This approach enables us both to assess the advice documents and to provide feedback on the use of SAcoding for a novel category (advice intended specifically for organizations), and for a novel topic (advice on the topic of insider threats). We find that 62.5% of 424 advice items extracted from six source documents are actionable, but the per-document proportion of actionable advice ranges substantially from 85.4% to just 35.1%. This finding suggests that organizations may incur opportunity costs by engaging with documents that offer little actionable advice. We also find that organizations may struggle to apply the published guidance, due to the high quantity of advice and the high portion of advice that requires specialist expertise. We use these and other findings to deliver a practical framework that provides guidance for the authors of advice documents, and for organizations seeking advice on the topic of insider threats. Additionally, we provide feedback on various aspects of the SAcoding method.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"154 ","pages":"Article 104411"},"PeriodicalIF":4.8,"publicationDate":"2025-03-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143706519","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Investigating the experiences of providing cyber security support to small- and medium-sized enterprises","authors":"Neeshe Khan ,&nbsp;Steven Furnell ,&nbsp;Maria Bada ,&nbsp;Matthew Rand ,&nbsp;Jason R.C. Nurse","doi":"10.1016/j.cose.2025.104448","DOIUrl":"10.1016/j.cose.2025.104448","url":null,"abstract":"<div><div>Small- and Medium-Sized Enterprises or SMEs comprise of 99.9 % of all businesses in the UK and make a significant contribution the overall economy. In UK's path to digitalisation, ensuring the cyber security and resilience of SMEs becomes an integral element that must be adequately safeguarded to protect national interests. Despite playing a crucial role, there is limited research on SMEs adopting cyber security practices, becoming cyber secure or improving their resilience to attacks. To examine this journey, a qualitative study was designed to learn from the experiences of organisations that provide cyber security advice or solutions. The three aims of the study were to: (1) understand the various types of support offered by providers; (2) topics for which support is sought and the circumstances that trigger the need for assistance; and (3) the perceived effectiveness of the support provided, associated challenges and opportunities to improve from the lived experiences of providers. Following semi-structured interviews with 12 participants, findings confirm results presented in earlier literature and provides new insights. Each participant had exposure to numerous SMEs, in some instances hundreds, at a regional or national level due to their roles at their respective organisations. The inherent knowledge gained from this exposure results in each participant's experience representing the cumulative experience of several SMEs as opposed to a singular view of one. We conclude that there is a vast amount of cyber security related content aimed at SMEs and our findings reveal providers are playing an assistive role in the understanding, education and implementation of cyber security defences. Despite significant efforts being made, cyber hygiene amongst SMEs remains low and they are unlikely to proactively reach out for support. Additionally, SMEs have low knowledge levels and are hampered in their efforts due to comprehension, capability, attitudes, and resources whilst providers face numerous internal and external challenges when delivering this support. Insights from data reveal several opportunities for improvement can be realised through the creation of security focused communities that can provide support, collaboration and learning.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"154 ","pages":"Article 104448"},"PeriodicalIF":4.8,"publicationDate":"2025-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143684107","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}