Computers & Security最新文献_第4页

Multi-probability sampling-based detection of malicious switching nodes in SDN

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-01-08 DOI: 10.1016/j.cose.2025.104324

Jingxu Xiao , Chaowen Chang , Ping Wu , Lu Yuan

引用次数: 0

Multidimensional categorical data collection under shuffled differential privacy

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-01-08 DOI: 10.1016/j.cose.2024.104301

Ning Wang , Jian Zhuang , Zhigang Wang , Zhiqiang Wei , Yu Gu , Peng Tang , Ge Yu

{"title":"Multidimensional categorical data collection under shuffled differential privacy","authors":"Ning Wang , Jian Zhuang , Zhigang Wang , Zhiqiang Wei , Yu Gu , Peng Tang , Ge Yu","doi":"10.1016/j.cose.2024.104301","DOIUrl":"10.1016/j.cose.2024.104301","url":null,"abstract":"<div><div>Estimating frequency distributions in multidimensional categorical data is fundamental for many real-world applications, but such data often contains sensitive personal information, necessitating robust privacy protection. The emerging shuffled differential privacy (SDP) model provides a promising solution, yet existing methods are either limited to single-dimensional data or suffer from poor accuracy in multidimensional scenarios. To address these challenges, this paper introduces Multiple Hash Mechanism (MHM), which uses an innovative hash-based local perturbation technique for efficient dimensionality reduction to improve the result accuracy under the SDP framework. Additionally, we provide a detailed analysis of the shuffling benefits of MHM outputs, showing significant accuracy improvements. For cases requiring personalized privacy levels, we propose the Overlapping Group Mechanism, which further enhances the shuffling benefits and boosts overall accuracy. Experimental results on real-world datasets validate the effectiveness of proposed methods.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"151 ","pages":"Article 104301"},"PeriodicalIF":4.8,"publicationDate":"2025-01-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143149521","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Gamifying information security: Adversarial risk exploration for IT/OT infrastructures

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-01-08 DOI: 10.1016/j.cose.2024.104287

Robert Luh , Sebastian Eresheim , Paul Tavolato , Thomas Petelin , Simon Gmeiner , Andreas Holzinger , Sebastian Schrittwieser

{"title":"Gamifying information security: Adversarial risk exploration for IT/OT infrastructures","authors":"Robert Luh , Sebastian Eresheim , Paul Tavolato , Thomas Petelin , Simon Gmeiner , Andreas Holzinger , Sebastian Schrittwieser","doi":"10.1016/j.cose.2024.104287","DOIUrl":"10.1016/j.cose.2024.104287","url":null,"abstract":"<div><div>Today’s interconnected IT and OT infrastructure faces an array of cyber threats from diverse actors with varying motivations and capabilities. The increasing complexity of exposed systems, coupled with adversaries’ sophisticated technical arsenals, poses significant challenges for organizations seeking to defend against these attacks. Understanding the relationship between specific attack techniques and effective technical, organizational and human-centric mitigation measures remains elusive, as does grasping the underlying principles of information security and how they may be applied to cyber defense.</div><div>In response to these challenges, we propose a gamified metamodel that combines well-established frameworks, including MITRE ATT&CK, D3FEND, CAPEC, and the NIST SP 800-53 security standard. The programmatic implementation of the model, “PenQuest”, combines elements of game theory with cybersecurity concepts to enhance risk assessment and training for IT practitioners and security engineers. In PenQuest, participants engage in a digital battle — attackers attempt to compromise an abstracted IT infrastructure, while defenders work to prevent or mitigate the threat. Bot opponents and the technical foundation for reinforcement learning enable future automated strategy inference.</div><div>This paper provides an in-depth exploration of the metamodel, the game’s components and features built to translate cybersecurity principles into strategy game rules, and the technical implementation of a mature, ready-to-use education and risk exploration solution. Future work will focus on further improving the attack likelihood and detection chance algorithms for seamless risk assessment.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"151 ","pages":"Article 104287"},"PeriodicalIF":4.8,"publicationDate":"2025-01-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143149522","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Analysis of human reliability in detecting GPS spoofing on ECDIS in congested waterways under evidential reasoning and HEART approach

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-01-06 DOI: 10.1016/j.cose.2025.104316

Yasin Burak Kurt , Esma Uflaz , Emre Akyuz , Rafet Emek Kurt , Osman Turan

{"title":"Analysis of human reliability in detecting GPS spoofing on ECDIS in congested waterways under evidential reasoning and HEART approach","authors":"Yasin Burak Kurt , Esma Uflaz , Emre Akyuz , Rafet Emek Kurt , Osman Turan","doi":"10.1016/j.cose.2025.104316","DOIUrl":"10.1016/j.cose.2025.104316","url":null,"abstract":"<div><div>The maritime industry is highly concerned about cybersecurity due to the growing utilisation of digital technologies for navigation and other operations on-board ships. The connectivity of the systems creates vulnerabilities that make crucial ship functions prone to cyber-attacks, such as manipulating Global Positioning System (GPS) signals through spoofing. These threats provide substantial risks, particularly while navigating congested waterways. Identifying spoofing attacks requires consistent alertness and sophisticated monitoring from navigation professionals already dealing with demanding workloads. This research comprehensively analyses human reliability, specifically in detecting GPS spoofing on Electronic Chart Displays and Information Systems (ECDIS) in congested waterways. In order to accomplish this, the Human Error Assessment and Reduction Technique (HEART), as a robust tool, is expanded using the Evidential Reasoning (ER) approach. The HEART provides a comprehensive tool for calculating human error probability, whereas the ER incorporates raters' assessments in decision-making. The research findings indicate that human reliability for detecting GPS spoofing on ECDIS in congested waterways is found to be 6.74E-01. In addition to having practical implications for marine cybersecurity, the suggested technique demonstrates how a thorough understanding of human errors can be obtained. This allows for systematic quantification of the probabilities of human errors associated with identifying spoofing to enhance operational reliability.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"151 ","pages":"Article 104316"},"PeriodicalIF":4.8,"publicationDate":"2025-01-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143148943","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Detection and prevention of spear phishing attacks: A comprehensive survey

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-01-06 DOI: 10.1016/j.cose.2025.104317

Santosh Kumar Birthriya, Priyanka Ahlawat, Ankit Kumar Jain

{"title":"Detection and prevention of spear phishing attacks: A comprehensive survey","authors":"Santosh Kumar Birthriya, Priyanka Ahlawat, Ankit Kumar Jain","doi":"10.1016/j.cose.2025.104317","DOIUrl":"10.1016/j.cose.2025.104317","url":null,"abstract":"<div><div>The spear phishing is yet a great cybersecurity problem, and hackers use more sophisticated methods in their attacks. This study gives a holistic analysis of detection and prevention methods that are supported by examples in real time. The research has analyzed various spear phishing techniques which include email spoofing, social engineering, malware, whaling attacks. Detection techniques including signature-based, anomaly-based machine learning and hybrid approaches are examined herein with an emphasis on their strengths and weaknesses. User awareness training, email authentication, filtering, incident response planning and multifactor authentication were identified as important strategies to try out. A structured overview of the field is provided through systematic taxonomy for classification of these methods. The survey also considers legal frameworks and institutional policies that often go unnoticed regarding spear phishing prevention by incorporating perspectives from penal jurisprudence and criminology to bridge technical and legal approaches. Other critical challenges that have been identified include changing nature of spear phishing tactics; detection evasion; integration of artificial intelligence (AI) into cyber security defenses among others. Henceforth it offers insights into these challenges while proposing open research questions aimed at guiding future research initiatives coupled with encouraging collaborations between academia industry policy makers. Such contributions will help develop more effective adaptive strategies against this persistent threat.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"151 ","pages":"Article 104317"},"PeriodicalIF":4.8,"publicationDate":"2025-01-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143149525","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

“Alexa, how do you protect my privacy?” A quantitative study of user preferences and requirements about smart speaker privacy settings

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-01-06 DOI: 10.1016/j.cose.2024.104302

Luca Hernández Acosta, Delphine Reinhardt

{"title":"“Alexa, how do you protect my privacy?” A quantitative study of user preferences and requirements about smart speaker privacy settings","authors":"Luca Hernández Acosta, Delphine Reinhardt","doi":"10.1016/j.cose.2024.104302","DOIUrl":"10.1016/j.cose.2024.104302","url":null,"abstract":"<div><div>Voice assistants are becoming increasingly popular. While users may benefit from the convenience of voice interactions, the use of voice assistants raises privacy issues. To address them, existing voice assistants propose some privacy settings. However, we are lacking knowledge about (1) which privacy settings are important to users, (2) what are their preferences about their application, and (3) what are their requirements beyond existing privacy settings. Gaining such knowledge is important to understand why users may not use these settings and to identify which settings should be introduced to allow users to better protect their privacy. To this end, we have conducted a quantitative online study with 1,103 German smart speaker owners. Detailed insights are provided into how beliefs about data handling practices, usage of existing privacy settings, affinity for technology interaction, and privacy attitudes vary depending on the brand of smart speakers used by participants. These findings reveal discrepancies in user trust and preferences across different manufacturers. Additionally, statistical evaluations, including effect size calculations, are introduced, alongside expanded results with detailed explanations to enhance the contextual understanding of the findings. The study provides recommendations for manufacturers and policymakers to improve transparency, usability, and education on privacy settings. Practical guidelines for privacy-preserving features are included, advancing understanding of user needs and aiding in the design of better solutions. In addition to partly replicating findings obtained with different samples, the results show that the currently available privacy settings do not fully cover user requirements and indicate a general desire for more transparency and control over the collected data. Our results hence serve as basis for designing future privacy-preserving solutions.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"151 ","pages":"Article 104302"},"PeriodicalIF":4.8,"publicationDate":"2025-01-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143148901","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Strengthening cybersecurity: TestCloudIDS dataset and SparkShield algorithm for robust threat detection

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-01-06 DOI: 10.1016/j.cose.2024.104308

Lalit Kumar Vashishtha, Kakali Chatterjee

{"title":"Strengthening cybersecurity: TestCloudIDS dataset and SparkShield algorithm for robust threat detection","authors":"Lalit Kumar Vashishtha, Kakali Chatterjee","doi":"10.1016/j.cose.2024.104308","DOIUrl":"10.1016/j.cose.2024.104308","url":null,"abstract":"<div><div>A significant challenge in cybersecurity is the lack of a large-scale network dataset that accurately records modern traffic patterns, a wide variety of modest incursions, and comprehensive network traffic data. Existing benchmark datasets such as KDDCup99, NSL-KDD, GureKDD, and UNSWNB-15 must be updated to reflect modern cyber attack signatures. To address this issue, a new labeled dataset, namely the TestCloudIDS dataset, is proposed, which contains fifteen variants of DDoS attacks in the cloud environment. In contrast to other datasets lacking realism and coverage of the latest attack strategies, it closely resembles the real world because of its careful construction. It integrates a wide range of attack situations, utilizing both conventional and current vectors, focusing on incorporating state-of-the-art techniques such as Raven Storm. In addition, we propose “SparkShield”, a technique for intrusion detection using Apache Spark within a big data environment. The effectiveness of “SparkShield” is evaluated through in-depth research using a variety of datasets and simulated attack scenarios. Three existing datasets are used to measure performance: UNSW-NB15, NSL-KDD, CICIDS2017, and the proposed TestCloudIDS dataset. The overall performance of the proposed approach achieved better threat classification and trained with recent attack patterns using the TestCloudIDS dataset.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"151 ","pages":"Article 104308"},"PeriodicalIF":4.8,"publicationDate":"2025-01-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143148933","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A review of privacy-preserving biometric identification and authentication protocols

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-01-04 DOI: 10.1016/j.cose.2024.104309

Li Zeng , Peisong Shen , Xiaojie Zhu , Xue Tian , Chi Chen

{"title":"A review of privacy-preserving biometric identification and authentication protocols","authors":"Li Zeng , Peisong Shen , Xiaojie Zhu , Xue Tian , Chi Chen","doi":"10.1016/j.cose.2024.104309","DOIUrl":"10.1016/j.cose.2024.104309","url":null,"abstract":"<div><div>Biometrics now play a crucial role in user identification and authentication. However, storing biometric features in plaintext and conducting authentication without protection pose a risk of privacy leakage. To address this issue, privacy-preserving biometric identification and authentication protocols have been proposed. These protocols leverage techniques such as homomorphic encryption (HE) and secure multi-party computation (MPC) to prevent involving parties from knowing other parties’ biometrics when performing authentications or identifications between different parties. In this paper, we present a thorough survey of privacy-preserving biometric protocols, classifying them into seven distinct models based on their application scenarios. In each scenario, we delve into its security requirements and potential threats, underscoring the importance of comprehending varied application scenarios in the design of practical biometric protection schemes. We also summarize current research gaps and potential future research directions, offering insights for advancing the field.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"150 ","pages":"Article 104309"},"PeriodicalIF":4.8,"publicationDate":"2025-01-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143142420","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A multi-source log semantic analysis-based attack investigation approach

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-01-02 DOI: 10.1016/j.cose.2024.104303

Yubo Song , Kanghui Wang , Xin Sun , Zhongyuan Qin , Hua Dai , Weiwei Chen , Bang Lv , Jiaqi Chen

{"title":"A multi-source log semantic analysis-based attack investigation approach","authors":"Yubo Song , Kanghui Wang , Xin Sun , Zhongyuan Qin , Hua Dai , Weiwei Chen , Bang Lv , Jiaqi Chen","doi":"10.1016/j.cose.2024.104303","DOIUrl":"10.1016/j.cose.2024.104303","url":null,"abstract":"<div><div>As Advanced Persistent Threats (APT) become increasingly complex and destructive, security analysts often use log data for performing attack investigation. Existing approaches based on single-source logs fail to capture the causal dependencies between complex attack behaviors. We propose a novel attack investigation approach based on the semantic analysis of multi-source logs. This approach constructs a provenance graph that integrates both application and operating system logs, which can reduce the false positive rate in the attack investigation. Given the substantial size of the graph generated from multi-source logs, we reduce its complexity by merging repeated log events, deleting unreachable nodes, and removing temporary file nodes. To resolve the issue of lacking explicit objectives in current attack investigation approaches, we introduce a new multi-stage investigation approach that enhances the speed of attack investigation. This approach divides an intrusion process into seven distinct attack stages and use a graph pattern matching algorithm to match attack subgraphs belonging to specific attack stages with the provenance graph. This results in an intrusion process composed of attack subgraphs representing individual stages. Experimental results demonstrate that our attack investigation approach increases precision by 15.1% and recall by 12.2%. In terms of time efficiency, our approach reduces investigation time by over 60%, with a minimal decrease of less than 2% in the F1 score.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"150 ","pages":"Article 104303"},"PeriodicalIF":4.8,"publicationDate":"2025-01-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143142436","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Reconsidering neutralization techniques in behavioral cybersecurity as cybersecurity hygiene discounting

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-01-01 DOI: 10.1016/j.cose.2024.104306

Mikko Siponen , Volkan Topalli , Wael Soliman , Tiina Vestman

{"title":"Reconsidering neutralization techniques in behavioral cybersecurity as cybersecurity hygiene discounting","authors":"Mikko Siponen , Volkan Topalli , Wael Soliman , Tiina Vestman","doi":"10.1016/j.cose.2024.104306","DOIUrl":"10.1016/j.cose.2024.104306","url":null,"abstract":"<div><div>Neutralization Theory (NT), with its popular neutralization techniques, have been established as a major framework to explain or predict cybersecurity policy noncompliance by users. NT states that people anticipating the perpetration of a norm violation activity will excuse their behaviors through self-talk justifications (neutralization) to avoid <em>guilt</em> and <em>shame</em>. NT's appeal for cybersecurity is obvious. One can easily imagine users justifying noncompliance by neutralizing the negative outcomes of their behavior. NT, as originally formulated, assumed that guilt and shame were the exclusive outcomes of anticipated transgressions. However, in the cybersecurity context, the role of guilt and shame as the sole motivators of neutralization excuses is debatable. We argue that users may be motivated by other factors (e.g., fear, boredom, concern for efficiency) in neutralizing that could be causally more relevant in predicting noncompliance behavior in cybersecurity. What holds value for behavioral cybersecurity, we argue, is the general mechanism of NT, the process of neutralizing the impact of an anticipated negative outcome on the decision to move forward (or not) with noncompliance. We call for decoupling the general mechanism of NT (e.g., neutralizing) from the criminologically identified motivations for engaging in NT (e.g., guilt and shame). In doing so, we put forward a behavioral cybersecurity security version of NT – cybersecurity hygiene discounting – and suggest four streams of research.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"150 ","pages":"Article 104306"},"PeriodicalIF":4.8,"publicationDate":"2025-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143143483","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0