Computers & Security最新文献_第5页

Data reduction for black-box adversarial attacks against deep neural networks based on side-channel attacks 基于侧信道攻击的深度神经网络黑盒对抗攻击的数据还原

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-02-25 DOI: 10.1016/j.cose.2025.104401

Hanxun Zhou , Zhihui Liu , Yufeng Hu , Shuo Zhang , Longyu Kang , Yong Feng , Yan Wang , Wei Guo , Cliff C. Zou

{"title":"Data reduction for black-box adversarial attacks against deep neural networks based on side-channel attacks","authors":"Hanxun Zhou , Zhihui Liu , Yufeng Hu , Shuo Zhang , Longyu Kang , Yong Feng , Yan Wang , Wei Guo , Cliff C. Zou","doi":"10.1016/j.cose.2025.104401","DOIUrl":"10.1016/j.cose.2025.104401","url":null,"abstract":"<div><div>Launching effective black-box adversarial attack against a deep neural network (DNN) without knowledge of the model's details is challenging. Previous studies involved performing numerous queries on the target model to generate adversarial examples, which is unacceptable due to the high query volume. Additionally, many of these queries are unnecessary as the dataset may contain redundant or duplicate data. To address these issues, we propose a two-stage black-box adversarial attack approach that combines side-channel attacks and a data reduction technique. In the first stage, we employ Long Short Term Memory (LSTM) to gather partial information about the target DNN through side-channel attacks, enabling us to obtain the class probability of the dataset. In the second stage, we utilize a new data reduction algorithm based on the class probability to enhance the efficiency of generating adversarial examples. Our approach is capable of precisely identifying the target model and the data reduction performs better than other reduction methods. Furthermore, when utilizing the reduced datasets to train the shadow model, the adversarial examples generated on this shadow model demonstrate a higher transferability success rate than SOTA data reduction methods.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"153 ","pages":"Article 104401"},"PeriodicalIF":4.8,"publicationDate":"2025-02-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143528750","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

ZipAST: Enhancing malicious JavaScript detection with sequence compression

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-02-24 DOI: 10.1016/j.cose.2025.104390

Zixian Chen, Weiping Wang, Yan Qin, Shigeng Zhang

{"title":"ZipAST: Enhancing malicious JavaScript detection with sequence compression","authors":"Zixian Chen, Weiping Wang, Yan Qin, Shigeng Zhang","doi":"10.1016/j.cose.2025.104390","DOIUrl":"10.1016/j.cose.2025.104390","url":null,"abstract":"<div><div>JavaScript is a key component of websites and greatly enhances web page functionality. At the same time, it has become one of the most common attack vectors in malicious web pages. Early approaches to detecting malicious scripts relied heavily on manual feature engineering by security experts, with limited feature representation capabilities. With the advancements in deep learning technologies, deep learning networks have shown the ability to automatically learn strong feature representations from malicious JavaScript. Presently, mainstream detection methods usually extract the Abstract Syntax Tree (AST) from JavaScript code, which captures the code’s semantic information. The information about AST nodes is then processed into a sequence using depth-first traversal and fed into deep learning models. However, for large JavaScript library files and obfuscated JavaScript code, the computational power and hardware constraints pose challenges in feeding complete information into the model. Only a part of the sequence is sampled for training and detection, significantly diminishing the model’s detection capability. To address this, this paper proposes an innovative method for malicious JavaScript detection based on sequence compression. The approach extracts input sequences comprised solely of AST node type information and employs a compression algorithm to reduce their length further. Technically, we first extract the information of the type field in each node in the AST in the order of depth-first traversal to generate the sequence, and then effectively compress the sequence using Byte Pair Encoding. Finally, the compressed sequence is fed into the deep learning model for detection. On publicly available datasets, when employing the same deep learning model for classification, our proposed method outperforms existing other approaches, achieving a precision of 98.96% and a recall of 96.37%.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"153 ","pages":"Article 104390"},"PeriodicalIF":4.8,"publicationDate":"2025-02-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143520043","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

P4NSA: P4-based security protection technology for IPv6 neighbor solicitation and advertisement spoofing

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-02-23 DOI: 10.1016/j.cose.2025.104400

Wenhao Xia , Liancheng Zhang , Yi Guo , Hongtao Zhang , Lanxin Cheng

{"title":"P4NSA: P4-based security protection technology for IPv6 neighbor solicitation and advertisement spoofing","authors":"Wenhao Xia , Liancheng Zhang , Yi Guo , Hongtao Zhang , Lanxin Cheng","doi":"10.1016/j.cose.2025.104400","DOIUrl":"10.1016/j.cose.2025.104400","url":null,"abstract":"<div><div>Neighbor solicitation and neighbor advertisement messages from neighbor discovery protocol are used for address resolution in IPv6 network. However, the NDP protocol lacks authentication mechanisms for exchanged messages, so hosts in a local area network are vulnerable to malicious threats during the address resolution process. Existing detection and protection solutions have high complexity, consume many resources, and have poor scalability and deployability. To this end, the SDN P4-based Neighbour Discovery Protocol security protection technology is proposed for the protection of NS and NA message processes by taking advantage of the open and programmable nature of P4 technology that can flexibly customize the threat detection and protection mechanisms. This technology collects the IPv6 addresses and corresponding switching ports of IPv6 hosts joining the network, and discards the spoofed packets that do not belong to the corresponding ports according to the spoofed packet filtering algorithm. Experimental results show that this technology can properly collect information about hosts joining IPv6 networks and filter and discard NS/NA spoofed messages sent by spoofing tools such as THC-IPv6 and IPv6 Toolkit. Compared with security protection technologies such as Match-Prevention and NDPsec, this technology does not add additional neighbour discovery protocol parameter options or use hash cryptography, so it is less complex, consumes fewer resources, and is more feasible in deployment and application.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"153 ","pages":"Article 104400"},"PeriodicalIF":4.8,"publicationDate":"2025-02-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143526557","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Secure and controllable cloud–edge collaborative data sharing scheme for wireless body area networks in IIoT

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-02-22 DOI: 10.1016/j.cose.2025.104389

Jiasheng Chen , Miao Wang , Zhenfu Cao , Xiaolei Dong , Liwang Sun

{"title":"Secure and controllable cloud–edge collaborative data sharing scheme for wireless body area networks in IIoT","authors":"Jiasheng Chen , Miao Wang , Zhenfu Cao , Xiaolei Dong , Liwang Sun","doi":"10.1016/j.cose.2025.104389","DOIUrl":"10.1016/j.cose.2025.104389","url":null,"abstract":"<div><div>Wireless body area networks collect electronic health records (EHRs) in real-time through sensors and use mobile IoT devices for data transmission and processing, promoting telemedicine monitoring and personalized health management. With the large-scale deployment of mobile medical devices, attribute-based proxy re-encryption (ABPRE) has been widely adopted to achieve fine-grained access control over encrypted EHRs. However, existing ABPRE schemes face high communication delay when processing large amounts of edge data under traditional cloud sharing architecture. There are also security, flexibility, and efficiency challenges in multi-user collaborative scenarios. In this paper, we propose a secure and controllable cloud–edge collaborative data sharing (SCCE-DS) scheme, which ensures that data users can join dynamically by supporting fine-grained access control and flexible ciphertext sharing. Meanwhile, we introduce edge computing to accelerate user request responses and reduce the computing burden of cloud servers. To further improve efficiency, we design an online/offline mechanism and outsource some decryption operations to the cloud server, which significantly improved the encryption and decryption efficiency of online shared data. Formal security analysis proves that SCCE-DS has chosen plaintext attack security and can resist collusion attacks and denial of service attacks. Performance evaluation demonstrates that SCCE-DS has significant advantages in encryption and decryption efficiency and communication delay compared with traditional schemes, indicating that it has strong practical application potential in mobile healthcare systems.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"153 ","pages":"Article 104389"},"PeriodicalIF":4.8,"publicationDate":"2025-02-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143487846","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

“I don't get it, but I accept it” Exploring uninformed consent to privacy policies: A neutralization perspective

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-02-21 DOI: 10.1016/j.cose.2025.104396

Hou Zhu , Mingxin Zhang

{"title":"“I don't get it, but I accept it” Exploring uninformed consent to privacy policies: A neutralization perspective","authors":"Hou Zhu , Mingxin Zhang","doi":"10.1016/j.cose.2025.104396","DOIUrl":"10.1016/j.cose.2025.104396","url":null,"abstract":"<div><div>While registering or logging onto an online platform, users are required to carefully read a privacy statement and decide whether they give consent. Accepting privacy policies without reading them is common yet detrimental to data privacy. Theorizing it as a type of deviant behavior, this study leverages neutralization theory to understand users’ uninformed consent decisions. Through a review of neutralization theory, we identified and contextualized four relevant neutralization techniques: denial of responsibility, denial of injury, claim of normality, and claim of necessity. We focused on how these neutralization techniques could individually and collectively lead to uninformed consent to privacy policies. We conducted a cross-sectional survey with 985 Internet users. A multi-method approach combining structural equation modelling (CB-SEM) with fuzzy-set qualitative comparative analysis (Fs/QCA) confirmed the proposed individual and configurational effects, thereby answering how these neutralization techniques could individually and collectively influence uninformed consent decisions. These insights provide an important theoretical angle to understand why users accept privacy policies without reading the content. Practitioners can leverage these insights to design user-friendly privacy policies.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"153 ","pages":"Article 104396"},"PeriodicalIF":4.8,"publicationDate":"2025-02-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143487845","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

DomainDynamics: Advancing lifecycle-based risk assessment of domain names

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-02-20 DOI: 10.1016/j.cose.2025.104366

Daiki Chiba, Hiroki Nakano, Takashi Koide

{"title":"DomainDynamics: Advancing lifecycle-based risk assessment of domain names","authors":"Daiki Chiba, Hiroki Nakano, Takashi Koide","doi":"10.1016/j.cose.2025.104366","DOIUrl":"10.1016/j.cose.2025.104366","url":null,"abstract":"<div><div>The persistent threat of malicious domains in cybersecurity necessitates robust detection systems. Traditional machine learning approaches often struggle to accurately assess domain name risks due to their static analysis methods and lack of consideration for temporal changes in domain attributes. To address these limitations, we developed DomainDynamics, a novel system that evaluates domain name risks by analyzing their lifecycle phases. This study provides a comprehensive evaluation and refinement of the DomainDynamics framework. The system creates temporal profiles for domains and assesses their attributes at various stages, enabling informed, time-sensitive risk assessments. Our initial evaluation, involving over 85,000 malicious domains, achieved an 82.58% detection rate with a low 0.41% false positive rate. We expanded our research to include benchmarking against commercial services, feature significance analysis using interpretable AI techniques, and detailed case studies. This investigation not only validates the effectiveness of DomainDynamics but also reveals temporal indicators of malicious intent. Our findings demonstrate the advantages of lifecycle-based analysis over static methodologies, providing valuable insights for practical cybersecurity applications.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"153 ","pages":"Article 104366"},"PeriodicalIF":4.8,"publicationDate":"2025-02-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143487847","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Cancelable iris template based on slicing

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-02-19 DOI: 10.1016/j.cose.2025.104381

Qianrong Zheng , Jianwen Xiang , Changtian Song , Rivalino Matias , Rui Hao , Songsong Liao , Xuemin Zhang , Meng Zhao , Dongdong Zhao

{"title":"Cancelable iris template based on slicing","authors":"Qianrong Zheng , Jianwen Xiang , Changtian Song , Rivalino Matias , Rui Hao , Songsong Liao , Xuemin Zhang , Meng Zhao , Dongdong Zhao","doi":"10.1016/j.cose.2025.104381","DOIUrl":"10.1016/j.cose.2025.104381","url":null,"abstract":"<div><div>With the widespread adoption of iris authentication technology and its use in different applications, the potential risks associated with iris template leakage have become a major concern. Hence, a secure template protection scheme becomes an important requirement for biometric systems. However, most of the current template protection schemes based on cancelable templates fail to meet the balance between security and performance. To address this challenge, we propose a method called cancelable iris template based on slicing (Iris-Slice). The scheme generates segments by segmenting the original iris data to a specific length, and subsequently compares these segments with their opposite sequences and retains the smaller segments. Next, the retained segments are randomly expanded, where the expanded sequences are half the inverse of the original iris data. Ultimately, the expanded sequences are saved in a collection for iris data protection. Experimental results on well-known iris datasets (CASIA-IrisV3-Interval, CASIA-IrisV4-Lamp, MMU-V1, IITD) show that the accuracy of the Iris-Slice method decreases only slightly by 0.63%. We also analyze the irreversibility, revocability, and unlinkability of our proposed scheme, both theoretically and experimentally. The results show that our scheme satisfies all these requirements with high performance.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"152 ","pages":"Article 104381"},"PeriodicalIF":4.8,"publicationDate":"2025-02-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143474680","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

An effective SQL injection detection model using LSTM for imbalanced datasets

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-02-19 DOI: 10.1016/j.cose.2025.104391

Kholood Salah Fathi, Sherif Barakat, Amira Rezk

{"title":"An effective SQL injection detection model using LSTM for imbalanced datasets","authors":"Kholood Salah Fathi, Sherif Barakat, Amira Rezk","doi":"10.1016/j.cose.2025.104391","DOIUrl":"10.1016/j.cose.2025.104391","url":null,"abstract":"<div><div>The rise of web application attacks, increasingly frequent and complex, presents a significant cybersecurity challenge. This rise is driven by the vast data available on the internet, attracting cybercriminals. Among these attacks, Structured Query Language Injection (SQLI) remains particularly pervasive and dangerous, threatening the security and integrity of critical databases. This enduring threat has encouraged extensive research to develop strategies for detecting SQLI attacks with high accuracy and low latency. This paper introduces two advanced models for SQLI detection using a Long Short-Term Memory (LSTM) neural network as a deep learning model and other traditional Machine Learning classifiers. A key challenge addressed in this study is data imbalance—a common issue in cybersecurity datasets where malicious instances are vastly outnumbered by benign ones. This imbalance can bias Machine Learning models toward the majority class. To counter this, the research employs a variety of data preprocessing techniques that significantly enhance model performance. Experimental results indicate significant improvements in performance metrics due to preprocessing. However, the standout finding is the superior performance of the proposed deep learning model, specifically the LSTM neural network. Without relying on resampling techniques, the LSTM model demonstrates exceptional accuracy in detecting SQLI attacks, beating the enhanced Machine Learning model. It is worth noting that the proposed LSTM model performance is tested on three different datasets to ensure its robustness and ability to adapt with varying environments. It achieves a perfect 100 % precision, recall, and F1-score. Its accuracy consistently ranged from 99.7 % to 99.8 % across all three datasets, with a remarkably low classification error of 0.002 that was nearly zero. These results highlight the LSTM model's robustness and effectiveness in addressing SQLI detection challenges, making it a powerful tool for enhancing cybersecurity defenses.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"153 ","pages":"Article 104391"},"PeriodicalIF":4.8,"publicationDate":"2025-02-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143511887","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

MOSDroid: Obfuscation-resilient android malware detection using multisets of encoded opcode sequences

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-02-18 DOI: 10.1016/j.cose.2025.104379

Yogesh Kumar Sharma, Deepak Singh Tomar, R.K Pateriya, Shweta Bhandari

{"title":"MOSDroid: Obfuscation-resilient android malware detection using multisets of encoded opcode sequences","authors":"Yogesh Kumar Sharma, Deepak Singh Tomar, R.K Pateriya, Shweta Bhandari","doi":"10.1016/j.cose.2025.104379","DOIUrl":"10.1016/j.cose.2025.104379","url":null,"abstract":"<div><div>The rapid proliferation of Android devices has made them a prime target for malware developers, necessitating sophisticated detection techniques. Obfuscation poses a significant challenge in Android malware detection due to the platform’s unique characteristics and widespread usage of obfuscation techniques by malware developers. This work proposes a static Android malware detection approach that is resilient to obfuscation. The method involves extracting method-level opcode sequences and segmenting them into strings, representing methods as Multiset of Encoded Opcode Sequences (MOS). The next step is to encode the Android Application Package (APK) as a set of multisets based on the principle of multiset equality. This encoding provides detailed method representation and efficient APK comparison that optimizes the proposed approach, enhancing detection accuracy and efficiency. The proposed approach employs a strategy for generating a reduced feature subset through filtering and feature selection processes. It further improves efficiency, enhances model performance, prevents overfitting, simplifies interpretation, and optimizes computational resources. The dataset used to evaluate MOSDroid’s performance included Data-MD, a collection of 15,356 Android apps sourced from AndroZoo, and Data-MOS, comprising 10,500 Android apps collected from AndroZoo and Drebin benchmarks. Additionally, 25,990 obfuscated samples derived from these datasets were analysed to assess the impact of obfuscation and resilience. Experimental results demonstrate that the proposed approach is potent and resilient to obfuscation in malware detection, achieving an accuracy of 98.41%, and an AUC of 99.45%.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"152 ","pages":"Article 104379"},"PeriodicalIF":4.8,"publicationDate":"2025-02-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143463649","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Secure bi-attribute index: Batch membership tests over the non-sensitive attribute

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-02-18 DOI: 10.1016/j.cose.2025.104369

Yue Fu, Qingqing Ye, Rong Du, Haibo Hu

引用次数: 0