Computers & Security最新文献

{"title":"Survey of network protocol fuzzers: Taxonomy, techniques, and directions","authors":"Chaoyang Zheng,&nbsp;Yunchao Wang,&nbsp;Huihui Huang,&nbsp;Yunfeng Wang,&nbsp;Haowen Chen,&nbsp;Qiang Wei","doi":"10.1016/j.cose.2025.104683","DOIUrl":"10.1016/j.cose.2025.104683","url":null,"abstract":"<div><div>Fuzzing has become widely adopted for network protocol vulnerability detection due to its high degree of automation and minimal reliance on domain-specific knowledge. Given the distinct characteristics of network protocol programs compared to general targets, researchers have proposed numerous innovative solutions to address the technical challenges. However, there remains a lack of thorough investigation that provide in-depth technical analysis and comprehensive summarization of these advancements, as well as a clear taxonomy to guide future research directions. To bridge this gap, this study conducts a systematic review of network protocol fuzzing and proposes a novel framework with four core modules abstracted from protocol fuzzer architectures. We analyze the key technologies in each module, discussing their advantages, limitations, and application scenarios. More significantly, this work establishes a novel taxonomy defining four fundamental capability dimensions, each addressing distinct practical challenges in protocol fuzzing. Using this framework, we conduct the systematic classification and comparative analysis of existing techniques. Our work contributes theoretical insights and practical guidance for network protocol fuzzing development.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"159 ","pages":"Article 104683"},"PeriodicalIF":5.4,"publicationDate":"2025-09-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145221383","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"RPFUZZ: Efficient network service fuzzing via pruning redundant mutation","authors":"Wenfeng Lin,&nbsp;Fangliang Xu,&nbsp;Zhiyuan Jiang,&nbsp;Gang Yang,&nbsp;Zhiwei Li,&nbsp;Chaojing Tang","doi":"10.1016/j.cose.2025.104684","DOIUrl":"10.1016/j.cose.2025.104684","url":null,"abstract":"<div><div>Coverage-guided fuzzing (CGF) has proven its outstanding performance on vulnerability detection. However, existing approaches exhibit limitations when handling network service. Restricted by network I/O duration and chronology, long packet sequences crafted by fuzzers incur a substantial execution cost. Test cases with such non-coverage-improving mutations (i.e. redundant mutation) can significantly reduce fuzzing throughput and compromise vulnerability discovery.</div><div>To address this issue, we propose RPFUZZ, a novel network fuzzing framework designed to systematically reduce redundant mutations: (1) We propose redundant mutation pruning for network service fuzzing. By early terminating redundant mutations’ execution, RPFUZZ can achieve higher throughput. (2) To detect redundant mutation, we propose redundant mutation oracle. This oracle dynamically judges whether a test case is redundant according to current code coverage and value of service-related variables (SRVs). (3)To identify SRVs, we propose an integrated approach combining dynamic call stack analysis with static value-flow graph (VFG) analysis.</div><div>To evaluate the performance of RPFUZZ, we implement a prototype on top of NYX-NET. We conduct thorough experiments on ProFuzzBench, a benchmark that consists of 12 real-world network services. The results indicate that RPFUZZ achieves over 185% improvement in throughput and 1.02% rise in code coverage compared with NYX-NET. Besides, RPFUZZ has successfully uncovered 1753 unique crashes across 6 network services, including an unreported vulnerability (assigned to CVE-2024-57392) in ProFTPD, which has been well tested.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"159 ","pages":"Article 104684"},"PeriodicalIF":5.4,"publicationDate":"2025-09-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145221839","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Towards software for tailoring information security policies to organisations’ different target groups","authors":"Elham Rostami,&nbsp;Fredrik Karlsson,&nbsp;Ella Kolkowska,&nbsp;Shang Gao","doi":"10.1016/j.cose.2025.104687","DOIUrl":"10.1016/j.cose.2025.104687","url":null,"abstract":"<div><div>Designing accessible and relevant information security policies (ISPs) that support employees is crucial for improving organisations’ information security. When employees are required to deal with cumbersome ISPs, there is a risk of reduced motivation towards information security, and employees’ not following the rules in ISPs has been reported as a persistent issue. Existing research has suggested adopting a tailored approach to ISPs in order to enhance their relevance to employees. Tailoring is difficult and time consuming and information security managers lack information security management systems software (ISMSS) that can assist with this tailoring task. In this paper, we develop a design theory for ISMSS to support information security managers in tailoring ISPs to different employees. To achieve this, we employ design science research, drawing on prior studies concerning the tailoring of systems development methods. We evaluate the design theory through an expository instantiation, POLCO, and with information security managers, demonstrating both proof-of-concept and proof-of-value.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"159 ","pages":"Article 104687"},"PeriodicalIF":5.4,"publicationDate":"2025-09-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145221837","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A new era of advanced privacy solutions with a novel IoT framework on IFTTT","authors":"Wasim Ahmad ,&nbsp;Aitizaz Ali","doi":"10.1016/j.cose.2025.104675","DOIUrl":"10.1016/j.cose.2025.104675","url":null,"abstract":"<div><div>The Internet of Things (IoTs) is revolutionizing industries and daily life, connecting a wide range of devices, and enabling new forms of innovation. However, the surge in the number of IoT devices has bridged major new privacy and security risks, which require additional and smarter solutions. A next-generation privacy solution for IoT ecosystems: IF This Then That (IFTTT) integration? It provides a secure connection between the devices powered by IFTTT’s automation platform, so IoT devices can link through customized triggers and actions, and the data flow and access can be controlled. Not only does this approach simplify security protocols, but it also allows users to set up and automate custom privacy rules so that potential threats can be avoided, allowing for more seamless communication with devices. The paper explores how IFTTT can serve as a dynamic middleware layer that allows real-time threat detection, automated responses, and enhanced privacy enforcement in IoT networks. The case studies and implementation strategies included in this work will highlight how IFTTT can lead the charge to secure IoT environments and the next evolution of privacy solutions.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"159 ","pages":"Article 104675"},"PeriodicalIF":5.4,"publicationDate":"2025-09-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145158873","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A quantitative framework for physical cybersecurity in public EVSE systems","authors":"Ahmet Kilic","doi":"10.1016/j.cose.2025.104685","DOIUrl":"10.1016/j.cose.2025.104685","url":null,"abstract":"<div><div>Public Electric Vehicle Supply Equipment (EVSE) is increasingly exposed to physical cyberattacks due to its open, unattended, and hardware-accessible deployment in critical infrastructure. Despite growing connectivity, there is a lack of structured and quantitative methodologies to assess the risks arising from physical manipulations targeting components such as power supplies, USB ports, and RFID readers.</div><div>This study introduces HO-PHYSICS (Holistic Physical Cybersecurity Systematics), a novel framework designed to identify, model, and quantitatively evaluate physical cyber threats in public EVSE environments. The framework consists of three integrated components: (1) Hybrid Threat Structuring (HTS) for modeling attack trees with physical and logical nodes, (2) Attack Potential Evaluation (APE) for multi-criteria risk scoring, and (3) Simulative System Stress Testing (S3T) based on dynamic MATLAB/Simulink simulations.</div><div>To validate the framework, three representative attack scenarios are examined: PSU manipulation, RFID spoofing, and USB-based sabotage. The corresponding APE scores range from 23 to 30 (out of 50), indicating high feasibility and low detectability. Time-based simulations confirm critical system risks and enable a structured derivation of mitigation strategies.</div><div>The developed framework bridges a methodological gap between normative security standards and operational risk analysis. It offers a transferable tool for researchers, infrastructure operators, and regulators to assess and improve physical cybersecurity in EVSE systems.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"159 ","pages":"Article 104685"},"PeriodicalIF":5.4,"publicationDate":"2025-09-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145221838","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"WEDoHTool: Word embedding based early identification of DoH tunnel tool traffic in dynamic network environments","authors":"Yang Miao ,&nbsp;Xiaoyan Hu ,&nbsp;Guang Cheng ,&nbsp;Ruidong Li ,&nbsp;Hua Wu ,&nbsp;Yang Meng","doi":"10.1016/j.cose.2025.104680","DOIUrl":"10.1016/j.cose.2025.104680","url":null,"abstract":"<div><div>DNS over HTTPS (DoH) protocol encapsulates DNS plaintext using HTTPS to protect user privacy. However, attackers can exploit various DoH tunnel tools to hide malicious DNS activity or evade detection. Early and accurate DoH tunnel tool traffic identification is crucial to ensure network security and stability by taking targeted countermeasures. The existing research primarily relies on conventional machine learning or deep learning technologies to detect DoH or DoH tunnel traffic based on the statistical features of network flows. The feature extraction relies on expert experience and cannot be performed until network flows or time windows end, delaying the identification of DoH traffic. Besides, the existing methods primarily focus on stable network environments, and their performance likely degrades in dynamic network environments. Moreover, work has yet to be done on identifying specific DoH tunnel tool traffic for targeted defense. Early identification of specific DoH tunnel tools with similar traffic patterns in dynamic network environments is challenging. To address the above concerns, we propose WEDoHTool, an early and accurate DoH tunnel tool traffic identification method based on word embedding technology. WEDoHTool extracts the length sequence of initial TLS records with application data from several initial packets of each unidirectional flow for early identification. Then, it employs word2vec, a word embedding technology, to efficiently capture the stable and complex relationships and patterns within the sequence. Finally, it classifies the embedding vector from the word2vec with a two-stage identification module. Specifically, WEDoHTool filters out DoH traffic from heavy background traffic with a lightweight TextCNN and then identifies the specific DoH tools based on a Transformer encoder with the self-attention mechanism. Our experimental results on the combined dataset consisting of CIRA-CIC-DoHBrw-2020 and DoH-Tunnel-Traffic-HKD demonstrate the effectiveness and efficiency of our WEDoHTool in detecting DoH traffic and identifying specific DoH tunnel tools in dynamic network environments. It maintains accuracies of at least 98.82% and 98.07% in dynamic networks at the two stages, respectively.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"159 ","pages":"Article 104680"},"PeriodicalIF":5.4,"publicationDate":"2025-09-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145221840","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"VDExplainer: Sequential decision-making and probability sampling guided statement-level explanation for vulnerability detection","authors":"Weining Zheng,&nbsp;Xiaohong Su,&nbsp;Yuan Jiang,&nbsp;Hongwei Wei,&nbsp;Wenxin Tao","doi":"10.1016/j.cose.2025.104670","DOIUrl":"10.1016/j.cose.2025.104670","url":null,"abstract":"<div><div>Most existing deep learning (DL) based vulnerability detection methods, including pre-trained models, are coarse-grained binary classification methods that lack the interpretability for detection results. Although the explanation of deep learning has received significant attention, there is little research on the explanation of pre-trained model-based vulnerability detection methods. Therefore, we focus on providing statement-level interpretability for these vulnerability detection models to help developers understand the vulnerabilities. More specifically, given a vulnerable code detected by the model, our task is to find the set of vulnerability-related statements that lead to the prediction. Inspired by the manual code review process, this paper proposes a framework for explaining vulnerability detection called VDExplainer. VDExplainer includes an explorer that uses sequential decision-making and probability sampling to find the combination of vulnerability-related statements and a navigator that helps reduce the search space by learning the vulnerability patterns. It is worth noting that the navigator is trained in advance and then integrated with the explorer, further enhancing the efficiency and effectiveness of VDExplainer. Extensive experiments on the semi-synthetic dataset and the widely used real-world project dataset show that VDExplainer achieves superior performance, outperforming current state-of-the-art methods.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"159 ","pages":"Article 104670"},"PeriodicalIF":5.4,"publicationDate":"2025-09-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145221836","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"NPFTaint: Detecting highly exploitable vulnerabilities in Linux-based IoT firmware with network parsing functions","authors":"Shudan Yue ,&nbsp;Qingbao Li ,&nbsp;Guimin Zhang ,&nbsp;Xiaonan Li ,&nbsp;Bocheng Xu ,&nbsp;Song Tian","doi":"10.1016/j.cose.2025.104679","DOIUrl":"10.1016/j.cose.2025.104679","url":null,"abstract":"<div><div>The security issues of IoT firmware have become increasingly prominent, particularly taint-style vulnerabilities arising from untrusted external inputs. Although existing solutions work to detect firmware vulnerabilities automatically, they still encounter limitations regarding the accuracy of taint source identification and the efficiency of vulnerability detection. Research has shown that the network parsing function call chain, a critical path for IoT firmware to process external input data, is a high-risk area for firmware vulnerabilities. Inferring the network parsing function accurately plays a crucial role in firmware vulnerability analysis. In this paper, we propose a static analysis method called NPFTaint, which extracts the structural, behavioral, and semantic features of network parsing functions and combines supervised machine learning methods to achieve the identification of network parsing functions. Additionally, unlike traditional forward/backward analysis methods that start from classical sources or sensitive sinks, NPFTaint takes network parsing functions as the entry points, first identifying sensitive sinks on their call chains, and then using value analysis and data dependency analysis of sink-to-source to achieve the detection of highly exploitable vulnerabilities. Experimental evaluations demonstrate that NPFTaint outperforms FITS in accuracy and efficiency when identifying network parsing functions. Regarding vulnerability detection, compared to Mango, NPFTaint not only identifies taint-style vulnerabilities effectively but also improves analysis efficiency, reducing sink analysis by 40.42% and decreasing alerts by 32.77%. This solution provides a more efficient and precise vulnerability detection method for IoT firmware security, contributing to the overall security of the IoT ecosystem.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"159 ","pages":"Article 104679"},"PeriodicalIF":5.4,"publicationDate":"2025-09-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145158875","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A review of major ICT failures and recovery strategies: Strengthening digital resilience","authors":"Amr Adel ,&nbsp;Noor H.S. Alani ,&nbsp;Tony Jan ,&nbsp;Mukesh Prasad","doi":"10.1016/j.cose.2025.104678","DOIUrl":"10.1016/j.cose.2025.104678","url":null,"abstract":"<div><div>This paper presents a comprehensive, cross-sector analysis of large-scale ICT failures to address the persistent gap in understanding how systemic digital breakdowns occur and propagate across platforms and industries. Through a comparative study of seven major global outages (2019–2024) — selected based on scale, technical transparency, and platform diversity — we identify recurring vulnerabilities in automation governance, configuration management, centralized infrastructure, and incident response. Using a custom analytical framework grounded in socio-technical and resilience engineering theory, the paper maps failure propagation patterns and derives a taxonomy of technical and organizational failure modes.</div><div>We empirically validate a suite of resilience strategies — including rollback automation, configuration-as-code, SOAR-enabled response orchestration, and chaos engineering — and demonstrate how they address failure propagation pathways observed in real-world incidents. A conceptual model for decentralized system upgrade planning is introduced, incorporating microservice segmentation, dependency mapping, and AI-assisted fault containment. The paper culminates in a forward-looking digital resilience roadmap that integrates predictive analytics, secure software supply chains, and adaptive human–machine collaboration. Core contributions include: (1) a cross-case classification of failure archetypes, (2) evidence-based design patterns for resilience, and (3) actionable frameworks for infrastructure operators and researchers working towards next-generation ICT robustness.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"159 ","pages":"Article 104678"},"PeriodicalIF":5.4,"publicationDate":"2025-09-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145118837","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Integrity verification scheme for distributed dynamic data in service ecosystems","authors":"Fang Li ,&nbsp;Gang Wang ,&nbsp;Guangjun Liu ,&nbsp;Xiao Xue ,&nbsp;Deyu Zhou","doi":"10.1016/j.cose.2025.104671","DOIUrl":"10.1016/j.cose.2025.104671","url":null,"abstract":"<div><div>Big data distributed storage provides solid data support for various service ecosystem services. The cloud computing platform is the key infrastructure to realize the management of big data distributed storage. To cope with increasingly complex network threats and data protection requirements, distributed storage systems often require a higher level of information-theoretic security assurance. Among them, how to realize data security audit and ensure data integrity and reliability is the core key technology that must be addressed in the field of cloud computing distributed storage. Existing cloud computing outsourced dynamic data audit schemes mainly rely on the security technology of computational complexity and still have such problems as insufficient security and poor availability, so it is difficult to directly apply or effectively extend them to distributed storage systems with requirements for information-theoretic security. In order to address this challenge, this paper proposes a lightweight algebraic remote data audit methodology, which explores an orthogonal authentication technique for the linear subspace generated from cloud-stored data vectors. This approach offers a novel application for algebraic coding in the context of distributed dynamic cloud storage auditing. Different from the existing dynamic audit mechanism, the proposed scheme does not rely on any authentication data structure, which ensures the real-time update and integrity audit of outsourced dynamic storage data. Experimental analysis demonstrates that the proposed scheme is capable of resisting forgery or replay attacks and achieving the objective of distributed information-theoretic security auditing. Compared with existing similar schemes, the proposed scheme involves lower storage overhead and less computation in the process of dynamic data updating.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"159 ","pages":"Article 104671"},"PeriodicalIF":5.4,"publicationDate":"2025-09-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145158876","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}