Computers & Security最新文献_第2页

High-trigger fuzz testing for microarchitectural speculative execution vulnerability 针对微架构推测性执行漏洞的高触发模糊测试

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-06-07 DOI: 10.1016/j.cose.2025.104567

Chuan Lu, Senlin Luo, Limin Pan

{"title":"High-trigger fuzz testing for microarchitectural speculative execution vulnerability","authors":"Chuan Lu, Senlin Luo, Limin Pan","doi":"10.1016/j.cose.2025.104567","DOIUrl":"10.1016/j.cose.2025.104567","url":null,"abstract":"<div><div>Microarchitectural speculative execution vulnerabilities can be utilized to steal private information and even bypass some defensive programming measures in the code. The difficulty in detecting this vulnerability is ensuring a high triggering frequency of speculative execution. However, existing methods randomly generate test programs with high uncertainty, which lack dependencies relationship between code lines required by speculative execution, resulting in low trigger rates of speculative execution. Meanwhile, some variables of the test input are randomly selected for mutation, but the selected variables tend to lack the correlation with execution paths, leading to low detection adequacy and convergence of collected information. Therefore, this paper proposes a <strong><u>H</u></strong>igh-<strong><u>T</u></strong>rigger Fuzz Testing for Microarchitectural <strong><u>S</u></strong>peculative <strong><u>E</u></strong>xecution <strong><u>V</u></strong>ulnerability (HT-SEV). HT-SEV constructs a register selectied model, which generates subsequent codes based on the data flow and real-time register distribution of generated code, establishing data dependencies between different code lines. Furthermore, bidirectional gradient mutation is proposed, which mines the correlation between inputs and the collected microarchitectural information to guide the mutation of inputs, achieving high coverage of path and diversity of detection information. Experimental results on multiple instruction subsets show that HT-SEV outperforms state-of-the-art related methods. This method innovatively defines data dependency relationship, capturing fine-grained code execution information.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"157 ","pages":"Article 104567"},"PeriodicalIF":4.8,"publicationDate":"2025-06-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144280459","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

CAPRA: Context-Aware patch risk assessment for detecting immature vulnerability in open-source software CAPRA：上下文感知补丁风险评估，用于检测开源软件中不成熟的漏洞

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-06-06 DOI: 10.1016/j.cose.2025.104540

Benxiao Tang , Shilin Zhang , Fei Zhu , Aoshuang Ye

{"title":"CAPRA: Context-Aware patch risk assessment for detecting immature vulnerability in open-source software","authors":"Benxiao Tang , Shilin Zhang , Fei Zhu , Aoshuang Ye","doi":"10.1016/j.cose.2025.104540","DOIUrl":"10.1016/j.cose.2025.104540","url":null,"abstract":"<div><div>Software development increasingly relies on open-source contributions, yet these projects face significant security challenges. Large collaborative codebases frequently encounter vulnerabilities due to varying developer skill levels and reviewers’ incomplete understanding of code changes’ contextual implications. Traditional detection measures typically activate only after code merging, missing opportunities for detecting potential risks (e.g. immature vulnerability). This paper presents CAPRA, a security detection tool analyzing pending patches through static analysis to identify potential memory leak and Use-After-Free vulnerabilities before integration. Our approach employs code property graph, eliminating compilation environment dependencies while efficiently detecting whether code modifications activate latent vulnerabilities. Using our newly constructed dataset targeting risk-triggering scenarios, experimental results demonstrate CAPRA achieves 97.3% accuracy with 98% recall and only 3.5% false positives—confirming its effectiveness for enhancing code review processes through targeted, early vulnerability detection in rapidly iterating collaborative projects.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"157 ","pages":"Article 104540"},"PeriodicalIF":4.8,"publicationDate":"2025-06-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144255266","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Impact and detection of cyber attacks in wide area control application of cyber-physical power system (CPPS) 网络攻击对网络物理电力系统广域控制应用的影响及检测

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-06-06 DOI: 10.1016/j.cose.2025.104547

G.Y. Sree Varshini , S. Latha , G.Y. Rajaa Vikhram

{"title":"Impact and detection of cyber attacks in wide area control application of cyber-physical power system (CPPS)","authors":"G.Y. Sree Varshini , S. Latha , G.Y. Rajaa Vikhram","doi":"10.1016/j.cose.2025.104547","DOIUrl":"10.1016/j.cose.2025.104547","url":null,"abstract":"<div><div>The most important factor of a comprehensive power grid cybersecurity strategy is the assessment of the effects of cyberattacks. Its insights facilitate the development of resilience, proactive risk management, and effective response plans to emerging cyber threats. To evaluate the potential consequences of a cyberattack on grid infrastructure, it is essential to examine the extensive impact of cyberattacks within the framework of cyber-physical power systems (CPPS). The article investigates the extensive impacts of cyberattacks across three unique scenarios, namely single cyberattack (SCA), coordinated cyber-physical attack (CCPA), and multiple cyberattacks (MCA). These attack scenarios are tested in the wide-area control application of the New England 39-bus test system. Classifiers such as Random Forest (RF), K-Nearest Neighbour (KNN), Convolutional Neural Network (CNN), Long Short-Term Memory (LSTM) and Support Vector Machine (SVM) identify threats using a learning-based approach. We assess attack detection by multiple performance indicators, including accuracy, precision, and the F-score. Simulation results indicate that MCA is more harmful than a single cyberattack or a coordinated attack. Furthermore, the CNN classifier surpasses other classifiers in attack detection efficacy.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"157 ","pages":"Article 104547"},"PeriodicalIF":4.8,"publicationDate":"2025-06-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144280458","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Modeling and modular detection of time attacks in cyber–physical systems based on timed automata with guards and dioid algebra 基于时间自动机和双重代数的网络物理系统时间攻击建模与模块化检测

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-06-03 DOI: 10.1016/j.cose.2025.104535

Bouthayna El Bouzaidi Tiali , Said Amari

引用次数: 0

New results on modeling and hybrid control for malware propagation in cyber–physical systems 网络物理系统中恶意软件传播建模与混合控制的新成果

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-06-03 DOI: 10.1016/j.cose.2025.104533

Huifang Xiang, Ruimei Zhang, Ziling Wang, Di Dong

引用次数: 0

Unveiling the evolution of IoT threats: Trends, tactics, and simulation analysis 揭示物联网威胁的演变：趋势、策略和模拟分析

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-06-01 DOI: 10.1016/j.cose.2025.104537

Kok Onn Chee , Mengmeng Ge , Guangdong Bai , Dan Dongseong Kim

{"title":"Unveiling the evolution of IoT threats: Trends, tactics, and simulation analysis","authors":"Kok Onn Chee , Mengmeng Ge , Guangdong Bai , Dan Dongseong Kim","doi":"10.1016/j.cose.2025.104537","DOIUrl":"10.1016/j.cose.2025.104537","url":null,"abstract":"<div><div>Since the inception of <em>Mirai</em> in 2016, a proliferation of advanced botnets targeting Internet of Things (IoT) devices has occurred, resulting in a notable increase in large-scale cyber attacks against online services. The continual emergence of novel strategies characterises the evolving landscape of IoT botnets. Despite this, a comprehensive understanding of this evolving threat remains elusive, impeding the development of robust defence mechanisms. This paper investigated 55 instances of IoT botnets spanning from 2008 to 2021 to elucidate their evolutionary patterns based on prevalent tactics and techniques. A novel taxonomy of IoT botnets is proposed and formulated with attack tactics, techniques, types, and procedures. We augment our existing simulation framework, IoTSecSim, with enhanced functionalities to simulate novel cyber-attack scenarios incorporating diverse network configurations, evolving attack tactics, and defence strategies. Through comprehensive simulations via the extended IoTSecSim, we assessed the impact of these evolving IoT attack tactics and gauged the efficacy of traditional defence mechanisms using various security metrics.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"157 ","pages":"Article 104537"},"PeriodicalIF":4.8,"publicationDate":"2025-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144263340","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Attack-specific feature analysis framework for NetFlow IoT datasets 针对NetFlow物联网数据集的攻击特征分析框架

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-05-29 DOI: 10.1016/j.cose.2025.104536

Dayoung Choi , Joohong Rheey , Hyunggon Park

{"title":"Attack-specific feature analysis framework for NetFlow IoT datasets","authors":"Dayoung Choi , Joohong Rheey , Hyunggon Park","doi":"10.1016/j.cose.2025.104536","DOIUrl":"10.1016/j.cose.2025.104536","url":null,"abstract":"<div><div>With the deployment of a vast number of Internet of Things devices across diverse applications, new security vulnerabilities have emerged. Since Internet of Things devices often have significantly limited resources, the intrusion detection system for Internet of Things networks should be efficiently designed with minimum power consumption. As feature selection is a widely used method to reduce the complexity of network traffic data by eliminating unnecessary or redundant features, a framework for attack-specific feature analysis based on feature selection is proposed to design intrusion detection systems in Internet of Things networks efficiently. The proposed framework identifies the important features relevant to specific attack types, especially in class-imbalanced Internet of Things datasets, whereas the traditional feature analysis framework for the intrusion detection system applies feature selection approaches to entire datasets regardless of attack types. Furthermore, attack-specific intrusion detection systems are built using only a few important features selected by feature analysis. A comprehensive analysis using NetFlow Internet of Things datasets, <span>NF-BoT-IoT-v2</span> and <span>NF-ToN-IoT-v2</span>, is conducted in the experiments with six filter-based feature selection algorithms and two unsupervised learning-based intrusion detection systems. The experiment results show the performance enhancement of attack-specific intrusion detection systems, thus confirming the effectiveness of the proposed framework. The proposed framework improves detection accuracy for all attack types by an average of 38.36% when using Isolation Forest and an average of 2.84% when using autoencoder.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"157 ","pages":"Article 104536"},"PeriodicalIF":4.8,"publicationDate":"2025-05-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144204104","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Identifying communication sequence anomalies to detect DoS attacks against MQTT 识别通信序列异常以检测针对MQTT的DoS攻击

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-05-26 DOI: 10.1016/j.cose.2025.104526

Munmun Swain , Nikhil Tripathi , Kamalakanta Sethi

{"title":"Identifying communication sequence anomalies to detect DoS attacks against MQTT","authors":"Munmun Swain , Nikhil Tripathi , Kamalakanta Sethi","doi":"10.1016/j.cose.2025.104526","DOIUrl":"10.1016/j.cose.2025.104526","url":null,"abstract":"<div><div>Internet of Things (IoT) application layer protocols govern how applications running on IoT devices communicate and exchange data with each other. One popular IoT application layer protocol is the Message Queue Telemetry Transport (MQTT). It works on the publish–subscribe network model, allowing resource-constrained IoT devices to communicate with minimal bandwidth and computational power. Recently, a few works discussed DoS/DDoS attacks against the MQTT protocol, such as Basic CONNECT Flooding, Delay CONNECT Flooding, Invalid Subscription Flooding, CONNECT Flooding with WILL Payload and TCP SYN Flooding exploitation. However, the known defense approaches cannot detect all categories of DoS/DDoS attacks against MQTT. To bridge this research gap, we propose a detection approach in this paper that identifies anomalies in the MQTT communication sequence to detect anomalous requests. We test the proposed approach on a recent DoS/DDoS-MQTT-IoT dataset containing the traces of different DoS/DDoS attacks against the MQTT protocol. The experimental findings demonstrate that the approach can accurately detect malicious MQTT requests in real-time with slight overhead on computational resources.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"157 ","pages":"Article 104526"},"PeriodicalIF":4.8,"publicationDate":"2025-05-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144189298","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Prediction and graph visualization of cyber attacks using graph attention networks 基于图注意网络的网络攻击预测与图可视化

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-05-26 DOI: 10.1016/j.cose.2025.104534

Mucahit Soylu , Resul Das

引用次数: 0

ADVANCED ATTACK MITIGATION IN IOT GATEWAY PROTOCOLS 物联网网关协议中的高级攻击缓解

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-05-23 DOI: 10.1016/j.cose.2025.104539

K. Praveen Kumar , Dr. N. Suresh Kumar

{"title":"ADVANCED ATTACK MITIGATION IN IOT GATEWAY PROTOCOLS","authors":"K. Praveen Kumar , Dr. N. Suresh Kumar","doi":"10.1016/j.cose.2025.104539","DOIUrl":"10.1016/j.cose.2025.104539","url":null,"abstract":"<div><div>With the increasing number of users on the internet, numerous cyberattacks are becoming more and more common. Proper detection of these attacks by Intrusion Detection Systems (IDS) is extremely important, particularly for IoT networks. Deep learning methods have proved to be very promising for enhancing IDS performance. This paper presents an end-to-end system for attack detection and prevention in IoT networks with the use of data augmentation, preprocessing, feature extraction, and deep machine learning algorithms. The class imbalance is resolved using the Enhanced Synthetic Minority Over-Sampling Technique (ESMOTE), and preprocessing operations normalize and clean the data for improved model performance. Feature extraction involves statistical features and Shannon entropy-based features, which are fused and sent through a feature selection process. A new 2D-LICM hyper-chaotic map combined with Walrus Optimization (2D-LICMHy-CM_WO) is used to enhance feature selection through enhanced search diversity, convergence rate, and eliminating redundancy. The Dense Convolutional Spatial Attention-based Enhanced Bi-GRU (DCSAtten_EBi-GRU) effectively extracts attack pattern dependencies for precise detection, and an Enhanced Double Deep Q-Learning Network (DoubleDQN) offers dynamic adaptive real-time countermeasures. Experimental findings prove that the proposed solution can obtain a 99.6% detection accuracy with an F1-score of 0.98 and outperforms current IDS models in false positive rate and detection time.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"157 ","pages":"Article 104539"},"PeriodicalIF":4.8,"publicationDate":"2025-05-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144230695","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0