Vikas K. Malviya, Wei Minn, Lwin Khin Shar, Lingxiao Jiang
{"title":"Fuzzing drones for anomaly detection: A systematic literature review","authors":"Vikas K. Malviya, Wei Minn, Lwin Khin Shar, Lingxiao Jiang","doi":"10.1016/j.cose.2024.104157","DOIUrl":"10.1016/j.cose.2024.104157","url":null,"abstract":"<div><div>Drones, also referred to as Unmanned Aerial Vehicles (UAVs), are becoming popular today due to their uses in different fields and recent technological advancements which provide easy control of UAVs via mobile apps. However, UAVs may contain vulnerabilities or software bugs that cause serious safety and security concerns. For example, the communication protocol used by the UAV may contain authentication and authorization vulnerabilities, which may be exploited by attackers to gain remote access over the UAV. Drones must therefore undergo extensive testing before being released or deployed to identify and fix any software bugs or security vulnerabilities. Fuzzing is one commonly used technique for finding bugs and vulnerabilities in software programs and protocols. This article reviews various approaches where fuzzing is applied to detect bugs and vulnerabilities in UAVs. Our goal is to assess the current state-of-the-art fuzzing approaches for UAVs, which are yet to be explored in the literature. We identified open challenges that call for further research to improve the current state-of-the-art.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":null,"pages":null},"PeriodicalIF":4.8,"publicationDate":"2024-10-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142552119","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Advancing IoT security: A novel intrusion detection system for evolving threats in industry 4.0 using optimized convolutional sparse Ficks law graph point trans-Net","authors":"P.A. Mathina, K. Valarmathi","doi":"10.1016/j.cose.2024.104169","DOIUrl":"10.1016/j.cose.2024.104169","url":null,"abstract":"<div><div>With the rapid advancement of Industry 4.0, the integration of Internet of Things (IoT) strategies in industrial environments has increased exponentially. While this integration enhances productivity and efficiency, it also introduces significant security vulnerabilities. Previous research has employed several deep learning approaches for intrusion detection; however, these methods often suffer from insufficient accuracy, increased computational time, complexity, and higher error rates. To address these issues, this work proposes an innovative solution: \"Advancing IoT Security: A Novel Intrusion Detection System (IDS) for Evolving Threats in Industry 4.0 using optimized Convolutional Sparse Fick's Law Graph Pointtrans-Net (CSFLGPtrans-Net).\" The proposed system utilizes a comprehensive intrusion detection dataset composed of four different datasets: ToN-IoT, NSL-KDD, CSE‑CIC‑IDS2018, and IoT_bot. Initially, the input data undergoes a pre-processing stage that includes cleaning columns and rows, encoding features, and normalizing data. Following this, a hybrid optimization method, combining the Fire Hawk Optimizer with the Spider Wasp Optimizer, is applied for feature selection. This step is crucial for identifying the most significant features to enhance classification accuracy. The refined data is then classified using the CSFLGPtrans-Net model. To ensure secure data transfer, Fuzzy-based Elliptic Curve Cryptography (FECC) is employed. Experimental simulations conducted on the Python platform demonstrate that the proposed method outperforms existing approaches across various performance metrics, achieving a higher accuracy of 98% and a recall of 0.993. These results highlight the method's superior efficiency and potential for further advancement in securing Industry 4.0 environments.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":null,"pages":null},"PeriodicalIF":4.8,"publicationDate":"2024-10-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142578163","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Weidong Zhou , Chunhe Xia , Tianbo Wang , Xiaopeng Liang , Wanshuang Lin , Xiaojian Li , Song Zhang
{"title":"HIDIM: A novel framework of network intrusion detection for hierarchical dependency and class imbalance","authors":"Weidong Zhou , Chunhe Xia , Tianbo Wang , Xiaopeng Liang , Wanshuang Lin , Xiaojian Li , Song Zhang","doi":"10.1016/j.cose.2024.104155","DOIUrl":"10.1016/j.cose.2024.104155","url":null,"abstract":"<div><div>Deep learning-based network intrusion detection has been extensively explored as a data-driven approach. Therefore, paying attention to the data’s characteristics is essential. By analyzing the attribute dependence and sample distribution of intrusion data, there are the following problems: “hierarchical dependency omission” and “decision boundary discontinuity.” The former means the previous attribute embedding models failed to incorporate network protocol hierarchy. The latter indicates that the small disjuncts distribution leads to sub-concept fragmentation, exacerbating the difficulty in handling class imbalance. To address these problems, we propose a novel detection framework for <u>Hi</u>erarchical <u>D</u>ependency and Class <u>Im</u>balance (HIDIM). First, we treat semantic attributes as words and introduce the protocol hierarchy of attributes into a paragraph embedding model. Second, we design a synthetic oversampling method. It adopts a mutual nearest neighbor approach to determine the boundaries of each disjunct. Then, it synthesizes high-quality samples within those boundary areas by crossing or mutating features based on their importance. The experimental results on multiple real-world datasets demonstrate that the proposed framework is superior to other state-of-the-art models in terms of accuracy, F1-score, and false negative rate by 2.23%, 2.12%, and 1.43% on average, respectively.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":null,"pages":null},"PeriodicalIF":4.8,"publicationDate":"2024-10-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142552115","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Yan-zi Li , Li Xu , Jing Zhang , Liao-ru-xing Zhang
{"title":"WF-LDPSR: A local differential privacy mechanism based on water-filling for secure release of trajectory statistics data","authors":"Yan-zi Li , Li Xu , Jing Zhang , Liao-ru-xing Zhang","doi":"10.1016/j.cose.2024.104165","DOIUrl":"10.1016/j.cose.2024.104165","url":null,"abstract":"<div><div>Open Data Processing Services are used to solve the bottleneck of big data storage and operation. At the same time, massive trajectory data is generated, and the basic information of users’ spatio-temporal historical data is provided, including points of interest and movement patterns. Improving the availability of published trajectory statistics data without compromising user privacy is critical. Differential privacy technology is a standard technology to realize the secure release of trajectory statistics data. Several research efforts have focused on secure publication of trajectory statistics data in a central environment by adding noise to a trusted third-party server. However, this central approach is vulnerable to privacy breaches, where adversaries can access real data by locking down the third-party server. The local differential privacy, based on a distributed architecture, overcomes this form of attack by allowing users to scramble personal data records before they are sent to third-party server. However, the existing distributed privacy protection schemes still have the balance problem of poor availability of data when ensuring privacy, as well as the problem of excessive operation cost. Therefore, a local differential privacy mechanism based on water-filling for secure release of trajectory statistics data (WF-LDPSR) is proposed in this paper. Firstly, in order to protect user privacy individually, a user automatic personalized segmentation method is proposed to determine the effective user sensitivity level automatically. Secondly, a distributed privacy protection model based on local differential privacy is designed to resist the attacks on the third-party server. Finally, in order to achieve the optimal allocation of privacy budget, the water-filling theorem in the field of communication is introduced. An adaptive privacy budget allocation algorithm based on water-filling theorem is proposed to realize the adaptive privacy budget allocation. In addition, to further improve data availability, a group processing idea based on user set sampling is proposed, which divides users into multiple disjoint subsets randomly, thus reducing the differential privacy noise effectively. Experiments prove that compared with other advanced mechanisms, the WF-LDPSR mechanism can improve the availability of published data by 84.92% while protecting user privacy.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":null,"pages":null},"PeriodicalIF":4.8,"publicationDate":"2024-10-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142532344","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"NTLFlowLyzer: Towards generating an intrusion detection dataset and intruders behavior profiling through network and transport layers traffic analysis and pattern extraction","authors":"MohammadMoein Shafi , Arash Habibi Lashkari , Arousha Haghighian Roudsari","doi":"10.1016/j.cose.2024.104160","DOIUrl":"10.1016/j.cose.2024.104160","url":null,"abstract":"<div><div>Network security remains a critical concern in modern computing systems due to the constant emergence of threats and attacks. This paper introduces a comprehensive behavioral profiling solution to address the limitations of current intrusion detection methods in identifying zero-day attacks and novel malicious behaviors. Beginning with raw network data, the proposed framework progresses through multiple stages, ultimately culminating in the creation of activity-specific profiles. Central to this approach is NTLFlowLyzer, a novel network traffic analyzer, which generates an updated dataset, BCCC-CIC-IDS2017, for enhanced profile generation. The core of the profiling system leverages the distinct behaviors exhibited by individual features and the diverse correlations observed across various activities. The profiling procedure attains accuracy and robustness by integrating a novel feature selection algorithm and a pattern extraction process. Furthermore, behavior similarity is introduced to quantify the resemblance between activities based on their features and behaviors. We rigorously evaluate the effectiveness of our model by subjecting it to comprehensive testing, followed by meticulous comparison with previous works. Our proposed framework proficiently characterizes eight malicious activities with an accuracy rate surpassing 99.8%, while displaying promising performance in profiling various other activities. These findings, derived from our comprehensive experiments, provide valuable guidance for accurately implementing behavioral profiling.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":null,"pages":null},"PeriodicalIF":4.8,"publicationDate":"2024-10-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142532343","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Yong Li , TongTong Liu , HaiChao Ling , Wei Du , XiangLin Ren
{"title":"A robust federated learning algorithm for partially trusted environments","authors":"Yong Li , TongTong Liu , HaiChao Ling , Wei Du , XiangLin Ren","doi":"10.1016/j.cose.2024.104161","DOIUrl":"10.1016/j.cose.2024.104161","url":null,"abstract":"<div><div>Due to the distributed nature of federated learning, it is vulnerable to poisoning attacks during the training process. The model’s resistance to poisoning attacks can be improved using robust aggregation algorithms. Current research on federated learning to resist poisoning attacks is mainly based on two settings: No trust or Byzantine robustness. However, both settings are not close enough to reality in practical scenarios. In many practical applications, some participants in federated learning are trustworthy. For example, participants who have participated in the training of this model before and performed very well, or participants with strong compliance and credibility such as governments and some national agencies participate in the training. In existing research, these trusted participants still have to accept the judgment of the aggregation node, which generates unnecessary computation, increases overhead, and does not take advantage of a trusted environment. Since there is no attack behavior on the trusted client, its training results are used to classify the trustworthiness of other untrusted clients and identify attack nodes with higher accuracy. Therefore, this paper proposes a robust federated learning algorithm for partially trusted environments. The proposed scheme uses the experimental results of trusted clients to judge the behavior of untrustworthy clients by the cosine similarity and the Local Outlier Factor and further identify and detect malicious clients. Experiments are performed on MNIST and CIFAR datasets. Comparison with other six aggregation algorithms under 30% attack scenario. And compared with the other four aggregation algorithms under 70% attack conditions. Our algorithm is more accurate than almost all of the other aggregation algorithms. The paper is the first to conduct robust research on federated learning in a partially trusted environment, and the proposed algorithm can more effectively resist poisoning attacks.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":null,"pages":null},"PeriodicalIF":4.8,"publicationDate":"2024-10-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142552120","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Dongming Xiang , Shuai Lin , Ke Huang , Zuohua Ding , Guanjun Liu , Xiaofeng Li
{"title":"A fine-grained approach for Android taint analysis based on labeled taint value graphs","authors":"Dongming Xiang , Shuai Lin , Ke Huang , Zuohua Ding , Guanjun Liu , Xiaofeng Li","doi":"10.1016/j.cose.2024.104162","DOIUrl":"10.1016/j.cose.2024.104162","url":null,"abstract":"<div><div>Static taint analysis is a widely used method to identify vulnerabilities in Android applications. However, the existing tools for static analysis often struggle with processing times, particularly when dealing with complex real-world programs. To reduce time consumption, some tools choose to sacrifice analytical precision, e.g., FastDroid sets an upper limit for analysis iterations in Android applications. In this paper, we propose a labeled taint value graph (LTVG) to store taint flows, and implement a fine-grained analysis tool called <em>LabeledDroid</em>. This graph is constructed based on the <em>taint value graph</em> (TVG) of FastDroid, and takes into account both precision and time consumption. That is, we decompile an Android app into Jimple statements, develop fine-grained propagation rules to handle <em>List</em>, and construct LTVGs according to these rules. Afterwards, we traverse LTVGs to obtain high-precision taint flows. An analysis of 39 apps from the TaintBench benchmark shows that LabeledDroid is 0.87 s faster than FastDroid on average. Furthermore, if some common accuracy parameters are adapted in both LabeledDroid and FastDroid, the experiment demonstrates that the former is more scalable. Moreover, the maximum analysis time of LabeledDroid is less than 200 s and its average time is 46.25 s, while FastDroid sometimes experiences timeouts with durations longer than 600 s. Additionally, LabeledDroid achieves a precision of 70% in handling lists, while FastDroid and TaintSA achieve precisions of 38.9% and 41.2%, respectively.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":null,"pages":null},"PeriodicalIF":4.8,"publicationDate":"2024-10-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142572074","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"A secure routing and black hole attack detection system using coot Chimp Optimization Algorithm-based Deep Q Network in MANET","authors":"Sunitha D , Latha PH","doi":"10.1016/j.cose.2024.104166","DOIUrl":"10.1016/j.cose.2024.104166","url":null,"abstract":"<div><div>A Mobile Ad hoc Network (MANET) is a widely used and vibrant network, which is unevenly distributed in the environment. It is a set of self-organized independent mobile nodes interconnected without any centralized infrastructure. However, this topology nature makes the network prompt to various network security attacks. To address this issue, this paper proposes a Coot Chimp Optimization Algorithm- Deep Q-Network (CChOA-DQN) for detecting the black hole attacks in MANET. Here, the designed CChOA is used for the identification of the optimal route in the MANET for transmitting data, which takes into fitness parameters, such as energy, distance, neighbourhood quality, link quality, and trust. The features are extracted using the Fisher score and augmented using the over-sampling technique, which is further allowed for the detection process using DQN. Also, the weights of the DQN are enhanced using the CChOA algorithmic technique to enhance the detection performance. Additionally, the results gathered from the experiment revealed that CChOA attained high performance with a maximum of 0.983 Mbps throughput, 93.70 % Packet Delivery Ratio (PDR), and minimum end-end delay of 0.096Sec, Residual energy of 0.119 J, and Control overhead of 4473.11. Also, the CChOA-DQN technique achieved the minimum False Positive Rate (FPR) of 0.122, False Negative Rate (FNR) of 0.121, Computation time of 0.153 and Run time of 0.094.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":null,"pages":null},"PeriodicalIF":4.8,"publicationDate":"2024-10-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142592946","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Gianpietro Castiglione, Giampaolo Bella, Daniele Francesco Santamaria
{"title":"SecOnto: Ontological Representation of Security Directives","authors":"Gianpietro Castiglione, Giampaolo Bella, Daniele Francesco Santamaria","doi":"10.1016/j.cose.2024.104150","DOIUrl":"10.1016/j.cose.2024.104150","url":null,"abstract":"<div><div>The current digital landscape demands robust security requirements and, for doing so, the institutions enact complex security directives to protect the citizens and the infrastructures, particularly in the European Union. These directives aim to safeguard data and harmonise security across the European region, and institutions must navigate this evolving legal landscape in order to implement and keep up-to-date the prescribed security measures.</div><div>However, understanding and implementing these directives towards full compliance can be difficult and expensive. Ontological representation can be employed to represent and operationalise such security directives, ultimately contributing to the effectiveness and efficiency of the compliance process. Ontologies in fact promote a structured approach to represent knowledge, making the applicable directives more simply understandable by humans and more readily processable by machines.</div><div>This article introduces SecOnto, a novel methodology for representing security directives as ontologies. SecOnto breaks down the process of transforming the juridical language of modern security directives into full-fledged ontologies by means of five semi-automated steps: Preprocessing, Interpretation, Structuring, Representation and Verification. Each step is described and validated by means of operational examples based upon Directive 2022/2555 of the European Parliament and of the Council of the European Union on security of network and information systems, better known as NIS 2.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":null,"pages":null},"PeriodicalIF":4.8,"publicationDate":"2024-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142532340","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Provenance-based APT campaigns detection via masked graph representation learning","authors":"Jiafeng Ren, Rong Geng","doi":"10.1016/j.cose.2024.104159","DOIUrl":"10.1016/j.cose.2024.104159","url":null,"abstract":"<div><div>Advanced Persistent Threats (APTs) are well-planned, persistent, and highly stealthy cyberattacks designed to steal confidential information or disrupt specific target systems. Recent studies have used system audit logs to construct provenance graphs that describe system interactions to detect potentially malicious activities. Although they are effective, they still suffer from problems such as the need for a priori knowledge, lack of attack data, and high computational overhead that limit their application. In this paper, we propose a self-supervised learning-based APT detection model, APT-MGL, which learns the embedded representations of nodes through a graph mask self-encoder and transforms the detection problem into an outlier detection problem for malicious nodes. APT-MGL characterizes the behavior of nodes based on node type, action, and interaction frequency, and fuses the features through a multi-head self-attention mechanism. Then the node embedding is obtained by combining graph features and structural information using masked graph representation learning. Finally, the unsupervised outlier detection method is used to analyze the computed embeddings and obtain the final detection results. The experimental results show that APT-MGL outperforms existing monitoring models and achieves a small overhead.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":null,"pages":null},"PeriodicalIF":4.8,"publicationDate":"2024-10-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142532342","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}