{"title":"SecureQwen: Leveraging LLMs for vulnerability detection in python codebases","authors":"Abdechakour Mechri , Mohamed Amine Ferrag , Merouane Debbah","doi":"10.1016/j.cose.2024.104151","DOIUrl":"10.1016/j.cose.2024.104151","url":null,"abstract":"<div><div>Identifying vulnerabilities in software code is crucial for ensuring the security of modern systems. However, manual detection requires expert knowledge and is time-consuming, underscoring the need for automated techniques. In this paper, we present SecureQwen, a novel vulnerability detection tool leveraging large language models (LLMs) with a context length of 64K tokens to identify potential security threats in large-scale Python codebases. Utilizing a decoder-only transformer architecture, SecureQwen captures complex relationships between code tokens, enabling accurate classification of vulnerable code sequences across 14 common weakness enumerations (CWEs), including OS Command Injection, SQL Injection, Improper Check or Handling of Exceptional Conditions, Path Traversal, Broken or Risky Cryptographic Algorithm, Deserialization of Untrusted Data, and Cleartext Transmission of Sensitive Information. Therefore, we evaluate SecureQwen on a large Python dataset with over 1.875 million function-level code snippets from different sources, including GitHub repositories, Codeparrot’s dataset, and synthetic data generated by GPT4-o. The experimental evaluation demonstrates high accuracy, with F1 scores ranging from 84% to 99%. The results indicate that SecureQwen effectively detects vulnerabilities in human-written and AI-generated code.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"148 ","pages":"Article 104151"},"PeriodicalIF":4.8,"publicationDate":"2024-10-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142533336","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Zujia Miao , Cuiping Shao , Huiyun Li , Yunduan Cui , Zhimin Tang
{"title":"Adaptive sensor attack detection and defense framework for autonomous vehicles based on density","authors":"Zujia Miao , Cuiping Shao , Huiyun Li , Yunduan Cui , Zhimin Tang","doi":"10.1016/j.cose.2024.104149","DOIUrl":"10.1016/j.cose.2024.104149","url":null,"abstract":"<div><div>The security of autonomous vehicles heavily depends on localization systems that integrate multiple sensors, which are vulnerable to sensor attacks and increase the risk of accidents. Given the diversity of sensor attacks and the dynamic changing of driving scenarios of autonomous vehicles, an adaptive and effective attack detection and defense framework faces a considerable challenge. This paper proposes a novel real-time adaptive attack detection and defense framework based on density, which can detect and identify attacked sensors and effectively recover data. We first develop a reinforcement learning multi-armed Bandit-based Density-Based Spatial Clustering of Applications with Noise (BDBSCAN) algorithm that selects hyperparameters adaptively. The Adaptive Extended Kalman Filter (AEKF) combines with the vehicle dynamic model on the localization system and extracts data features used for the BDBSCAN algorithm to monitor potential sensor attacks. If attack detection indicates possible system compromise, AEKF is further employed on localization sensors with anomalies identified through the BDBSCAN algorithm of the attacked sensors. To ensure precision and reliability, the data recovery incorporates a redundancy mechanism to apply a decision tree to select the optimal state estimation between AEKF and Extended Kalman Filter (EKF) to replace corrupted sensor data. To evaluate the effectiveness and adaptability of the proposed framework, we conducted 15,000 experiments using the real-world KITTI and V2V4Real datasets across various driving and sensor attack scenarios. The results demonstrate that our proposed framework achieves 100% accuracy and 0% false alarm rate in various driving scenarios for attack detection within 0.15 s, with a recovery time of 0.08 s.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"148 ","pages":"Article 104149"},"PeriodicalIF":4.8,"publicationDate":"2024-10-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142446410","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"TrojanProbe: Fingerprinting Trojan tunnel implementations by actively probing crafted HTTP requests","authors":"Liuying Lv, Peng Zhou","doi":"10.1016/j.cose.2024.104147","DOIUrl":"10.1016/j.cose.2024.104147","url":null,"abstract":"<div><div>Trojan is a well-known hidden tunnel protocol widely used to bypass Internet censorship and thus presents a big challenge to transparent network management and forensics. As claimed by the protocol designer, Trojan maintains its anti-identifiability by proxying real HTTPS/TLS traffic to react to unauthenticated requests, eliminating any subtle differences between the Trojan traffic and the legitimate HTTPS. Despite such a protocol seeming unidentifiable by design, the diverse Trojan implementations adopting very different programming languages will likely have varied coding logic and networking API calls, opening a new door to be identified and fingerprinted from the implementation level. In this paper, we propose <em>TrojanProbe</em>, a new class of active probing methods that can be used to fingerprint Trojan implementations by triggering their identifiable responses. Our basic idea is to audit the source code of the Trojan programs and discover the subtle logic discrepancy compared with the legitimate HTTPS counterparts, to craft specific HTTP requests as probes to trigger these differences for fingerprinting. By this idea, we choose the five most popular open-source Trojan programs off-the-shelf as our targets to audit, covering the majority of Trojan market share and the mainstream programming languages from traditional C++ to the cutting-edge Go and Rust, and design a suite of novel HTTP probes to differentiate them from their web server masquerades. Our probes exploit either the different responding/buffering logic to the malformed HTTP requests and the different HTTP versions, or the varied timeouts set in the different networking APIs by default. To this end, we have conducted extensive experiments to evaluate the TrojanProbe against a comprehensive set of configuration and networking conditions. The experimental results show that our TrojanProbe can effectively fingerprint our selected Trojan targets in most conditions, but leave a single Rust implementation with a minority market occupied that can only be identified in some constraint cases. Despite such an exception, our research sheds light on a new kind of possibility to fingerprint Trojans at their implementation level, even if such a hidden tunnel is widely known as unidentifiable at the protocol level.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"148 ","pages":"Article 104147"},"PeriodicalIF":4.8,"publicationDate":"2024-10-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142552117","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"From Dis-empowerment to empowerment: Crafting a healthcare cybersecurity self-assessment","authors":"Wendy Burke , Andrew Stranieri , Taiwo Oseni","doi":"10.1016/j.cose.2024.104148","DOIUrl":"10.1016/j.cose.2024.104148","url":null,"abstract":"<div><div>Due to the valuable and sensitive nature of its data, the Australian healthcare sector is increasingly targeted by cyberattacks. Existing cybersecurity evaluation methods often lack the specificity required to address the unique vulnerabilities within this sector, especially in terms of engaging stakeholders and fostering a proactive security culture. These evaluations often overlook psychological empowerment, which enhances individuals’ confidence in managing cybersecurity.</div><div>This study aims to develop a tailored cybersecurity self-assessment index for the Australian healthcare system. It will focus on enhancing psychological empowerment alongside technical assessments to improve overall sector resilience against cyber threats.</div><div>Using a design science research approach, the index was developed using expert reviews, online surveys, and in-depth interviews with key stakeholders, including healthcare providers, consumers, and government entities. This iterative process involved identifying gaps in existing cybersecurity measures and designing an index to address technical and human factors.</div><div>The index’s evaluation through a pilot study revealed that it effectively raised awareness and empowered individuals within the healthcare sector to take ownership of cybersecurity practices. Participants reported increased confidence in managing cybersecurity risks and found the index’s actionable recommendations helpful in improving their security posture. However, challenges related to its applicability across diverse healthcare environments and regulatory constraints were identified.</div><div>The Australian Healthcare Cybersecurity Self-Assessment Index shows promise as a tool for strengthening cybersecurity in the healthcare sector by integrating psychological empowerment with technical assessments. Further research is needed to refine the tool, incorporate quantitative data, and explore its scalability across different healthcare settings and global applications.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"148 ","pages":"Article 104148"},"PeriodicalIF":4.8,"publicationDate":"2024-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142532338","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Advancing IoMT security: A two-factor authentication model employing PUF and Fuzzy logic techniques","authors":"Sidra Kalam, Ajit Kumar Keshri","doi":"10.1016/j.cose.2024.104138","DOIUrl":"10.1016/j.cose.2024.104138","url":null,"abstract":"<div><div>The rapid integration of Internet of Things technologies in healthcare has catalyzed the development of the Internet of Medical Things, markedly enhanced patient care while posing significant security risks. This paper introduces a comprehensive computational framework to safeguard Internet of Medical Things devices and healthcare providers through a sophisticated registration and authentication process. Our model incorporates cryptographic technologies such as Physical Unclonable Functions, fuzzy extractors, and hash functions to bolster the security during the registration and authentication processes for Internet of Medical Things devices and healthcare providers. The Physical Unclonable Function module enhances device security by producing unique, non-replicable responses for device authentication, significantly reinforcing the system's defense against physical and cloning attacks. Furthermore, the model leverages fuzzy logic for the real-time classification of patient health states, enhancing the decision-making accuracy. A comparative analysis confirms that our model exceeds existing models in communication cost, computational efficiency and security. The proposed scheme has been rigorously tested against various attacks using the Scyther tool. By employing a unique identifier generation method through Physical Unclonable Function and utilizing fuzzy logic for secure data transmission and patient classification, our framework addresses vulnerabilities such as man-in-the-middle, denial of service, impersonation, identity guessing, password guessing and replay attacks, which are prevalent in current Internet of Medical Things frameworks.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"148 ","pages":"Article 104138"},"PeriodicalIF":4.8,"publicationDate":"2024-10-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142442822","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"A trust model for VANETs using malicious-aware multiple routing","authors":"Xiaorui Dang , Guiqi Zhang , Ke Sun , Yufeng Li","doi":"10.1016/j.cose.2024.104145","DOIUrl":"10.1016/j.cose.2024.104145","url":null,"abstract":"<div><div>Vehicular ad hoc networks (VANETs) enable multi-hop communication among vehicles, promoting information sharing and smarter collaborative driving. However, VANETs are facing several challenges due to the open wireless communication environment. Attackers may maliciously drop or alter packets so that the receiver cannot obtain correct information. In addition, the high mobility of vehicles may lead to link failures, consequently resulting in packet loss. In this paper, we propose a multipath-based trust model (MPTM), in which the reliability of packet transmission is guaranteed by data redundancy and the detection of potential attackers is achieved by trust evaluation. Specifically, we present a route discovery mechanism to find multiple routes that avoid potential attackers, which reduces the risk of attacks on redundant packets. The receivers identify correct information based on two factors including content consistency and route information. An attacker detection module is presented to evaluate the trustworthiness of vehicles involved in packet transmission and vehicles with trust value below a threshold are detected as attackers. We conducted extensive experiments using OMNeT++ simulation platform, considering various attack scenarios. Experiment results show that MPTM can reach 90% packet delivery ratio and effectively detect attackers in terms of 90% detection precision.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"148 ","pages":"Article 104145"},"PeriodicalIF":4.8,"publicationDate":"2024-10-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142532336","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Fei Lv , Hangyu Wang , Rongkang Sun , Zhiwen Pan , Shuaizong Si , Meng Zhang , Weidong Zhang , Shichao Lv , Limin Sun
{"title":"Detection of cyberattack in Industrial Control Networks using multiple adaptive local kernel learning","authors":"Fei Lv , Hangyu Wang , Rongkang Sun , Zhiwen Pan , Shuaizong Si , Meng Zhang , Weidong Zhang , Shichao Lv , Limin Sun","doi":"10.1016/j.cose.2024.104152","DOIUrl":"10.1016/j.cose.2024.104152","url":null,"abstract":"<div><div>The data of Industrial Control Networks presents high-dimensional and nonlinear characteristics, making cyberattack detection a challenging problem. Multiple kernel learning (MKL) provided an attractive performance in dealing with the problem through the <em>kernel trick</em>. However, each kernel in traditional MKL usually adopts global features for high-dimensional space mapping. The local-related feature whereas, is ignored, resulting in the missing of the local implicit information. To tackle this problem, this article proposes an MKL-based cyberattack detection method combining both global and local kernels. First, information theory-based feature selection is used for local feature grouping. After that, different kinds of deep neural networks are used to generate local kernels for each group. Moreover, an adaptive method is designed for ensembling the local kernels into the global kernel during the learning process. Extensive experiments are conducted on diverse datasets and the performances are comprehensively evaluated. The results indicate that our proposed method is outstanding in the cyberattack detection of Industrial Control Networks.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"148 ","pages":"Article 104152"},"PeriodicalIF":4.8,"publicationDate":"2024-10-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142532341","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"A hybrid CNN-LSTM approach for intelligent cyber intrusion detection system","authors":"Sukhvinder Singh Bamber , Aditya Vardhan Reddy Katkuri , Shubham Sharma , Mohit Angurala","doi":"10.1016/j.cose.2024.104146","DOIUrl":"10.1016/j.cose.2024.104146","url":null,"abstract":"<div><div>As the technology is advancing more and more in the era of increasing digitalization, safeguarding networks from cyber threats is crucial. As cyber-attacks on critical infrastructure are becoming more and more sophisticated, enhancing cyber intrusion detection systems (IDS) is imperative. This paper proposes and evaluates a deep learning-based IDS using the NSL-KDD dataset, a benchmark for intrusion detection. The system pre-processes data with Recursive Feature Elimination (RFE) and a Decision Tree classifier to identify the most significant features, optimizing model performance. Various deep learning models, including ANN, LSTM, BiLSTM, CNN-LSTM, GRU, and BiGRU, have been evaluated. The CNN-LSTM model outperformed the others, with 95 % accuracy, 0.89 recall, and 0.94 f1-score. These results prove the effectiveness of the proposed IDS in accurately distinguishing between malicious and benign network traffic. Future research can explore ensemble techniques like boosting or bagging to further enhance IDS performance.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"148 ","pages":"Article 104146"},"PeriodicalIF":4.8,"publicationDate":"2024-10-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142442823","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Renan C.A. Alves, Otávio F. Freitas, Bruno C. Albertini, Marcos A. Simplicio Jr.
{"title":"Testing the limits of SPDM: Authentication of intermittently connected devices","authors":"Renan C.A. Alves, Otávio F. Freitas, Bruno C. Albertini, Marcos A. Simplicio Jr.","doi":"10.1016/j.cose.2024.104142","DOIUrl":"10.1016/j.cose.2024.104142","url":null,"abstract":"<div><div>The Security Protocol and Data Model (SPDM) is an open standard for authentication, attestation, and key exchange among hardware units, such as CPUs and peripheral components. In principle, SPDM was designed to operate over a somewhat stable communication channel, meaning that connection losses usually require the re-execution of the entire protocol. This puts into question SPDM’s suitability for battery-powered devices, which may keep only intermittent communications aiming to save energy. To address this question, we evaluate different authentication approaches that build upon and extend SPDM’s native key bootstrapping capabilities to handle intermittent authentication. In particular, we show that the combination of SPDM and a Time-based One-Time Password (TOTP) protocol is a promising solution for this scenario. We analyze the performance of the proposed authentication schemes using a proof-of-concept virtual device. The TOTP-based scheme was shown to be the fastest, the reconnection step being at least twice and up to <span><math><mrow><mn>900</mn><mo>×</mo></mrow></math></span> faster than possible straightforward applications of SPDM. Also, our scheme requires less memory to operate. Finally, we discuss the possibility of integrating intermittent authentication capabilities into the SPDM standard itself.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"148 ","pages":"Article 104142"},"PeriodicalIF":4.8,"publicationDate":"2024-10-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142438345","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}