Computers & Security最新文献_第5页

Analyzing anomalies in industrial networks: A data-driven approach to enhance security in manufacturing processes

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-02-28 DOI: 10.1016/j.cose.2025.104395

Karel Kuchar, Radek Fujdiak

引用次数: 0

FC-Trans: Deep learning methods for network intrusion detection in big data environments

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-02-27 DOI: 10.1016/j.cose.2025.104392

Yuedi Zhu , Yong Wang , Lin Zhou , Yuan Xia

{"title":"FC-Trans: Deep learning methods for network intrusion detection in big data environments","authors":"Yuedi Zhu , Yong Wang , Lin Zhou , Yuan Xia","doi":"10.1016/j.cose.2025.104392","DOIUrl":"10.1016/j.cose.2025.104392","url":null,"abstract":"<div><div>With the continuous expansion of Internet traffic, effectively preventing network intrusions in such a vast data environment has become increasingly challenging. Existing intrusion detection systems (IDS) for different network attacks often struggle to identify unknown attacks or respond to them in real-time. In this article, we propose a novel hybrid deep learning model, FC-Trans, designed to enhance network intrusion monitoring. Our approach involves optimizing feature representation using the Feature Tokenizer method, leveraging CNNs to extract meaningful features from the data, and incorporating Transformer’s self-attentive mechanism and residual structure to capture long-term feature dependencies and mitigate gradient vanishing. To address the issue of imbalanced sample distribution, we utilize MultiF Loss as the training loss function for the multi-classification task, enabling the model to prioritize difficult-to-classify samples. We compare the performance of our method with other approaches on the UNSW-NB15 dataset, and the experimental results demonstrate significant improvements in both binary and multivariate classification tasks. The results verify the effectiveness of our proposed method.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"154 ","pages":"Article 104392"},"PeriodicalIF":4.8,"publicationDate":"2025-02-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143636980","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Vulnerability defence using hybrid moving target defence in Internet of Things systems

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-02-25 DOI: 10.1016/j.cose.2025.104380

Mohammed Tanvir Masud , Marwa Keshk , Nour Moustafa , Benjamin Turnbull , Willy Susilo

{"title":"Vulnerability defence using hybrid moving target defence in Internet of Things systems","authors":"Mohammed Tanvir Masud , Marwa Keshk , Nour Moustafa , Benjamin Turnbull , Willy Susilo","doi":"10.1016/j.cose.2025.104380","DOIUrl":"10.1016/j.cose.2025.104380","url":null,"abstract":"<div><div>Cyber threat actors are increasingly targeting networked assets and critical infrastructure, with the potential for major socioeconomic impacts. Moving target defence (MTD) is a cyber defence paradigm that creates constantly shifting attack surfaces (i.e., vulnerabilities). It intends to make it more difficult for cyber adversaries to exploit systems, thereby increasing costs and chances of detection. There is a lack of research into the efficiency of combined MTD techniques, especially regarding several types of security considerations like time, cost, and effort. This gap is particularly significant in the Internet of Things (IoT) context, where security problems arise from its heterogeneous architecture. Moreover, MTD may result in the overutilization of network and system resources to enhance cybersecurity. We present a Vulnerability Defence method to address this issue using the three-layer Temporal Hierarchical Attack Representation Model (3-layer-THARM). This approach overcomes this difficulty by evaluating the safety of aggregated network states, considering security metrics in each state and the accessibility of network nodes and edges. Using this model, we can recognize probable attack scenarios in the context of Internet of Things (IoT) systems, conduct a thorough security analysis of the IoT system using well-defined security metrics, and assess the effectiveness of various defence tactics. This feature inherently introduces an additional level of security for the system. Furthermore, this model showcases the ability to identify potential attack pathways and effectively mitigate the consequences of such attacks. Our analysis reveals a noteworthy trend: combining MTD techniques from different categories, such as shuffle and diversity, generally produces more favorable outcomes, including a lower probability of attack success, lower attack risk and higher attack cost.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"153 ","pages":"Article 104380"},"PeriodicalIF":4.8,"publicationDate":"2025-02-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143528862","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Data reduction for black-box adversarial attacks against deep neural networks based on side-channel attacks 基于侧信道攻击的深度神经网络黑盒对抗攻击的数据还原

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-02-25 DOI: 10.1016/j.cose.2025.104401

Hanxun Zhou , Zhihui Liu , Yufeng Hu , Shuo Zhang , Longyu Kang , Yong Feng , Yan Wang , Wei Guo , Cliff C. Zou

{"title":"Data reduction for black-box adversarial attacks against deep neural networks based on side-channel attacks","authors":"Hanxun Zhou , Zhihui Liu , Yufeng Hu , Shuo Zhang , Longyu Kang , Yong Feng , Yan Wang , Wei Guo , Cliff C. Zou","doi":"10.1016/j.cose.2025.104401","DOIUrl":"10.1016/j.cose.2025.104401","url":null,"abstract":"<div><div>Launching effective black-box adversarial attack against a deep neural network (DNN) without knowledge of the model's details is challenging. Previous studies involved performing numerous queries on the target model to generate adversarial examples, which is unacceptable due to the high query volume. Additionally, many of these queries are unnecessary as the dataset may contain redundant or duplicate data. To address these issues, we propose a two-stage black-box adversarial attack approach that combines side-channel attacks and a data reduction technique. In the first stage, we employ Long Short Term Memory (LSTM) to gather partial information about the target DNN through side-channel attacks, enabling us to obtain the class probability of the dataset. In the second stage, we utilize a new data reduction algorithm based on the class probability to enhance the efficiency of generating adversarial examples. Our approach is capable of precisely identifying the target model and the data reduction performs better than other reduction methods. Furthermore, when utilizing the reduced datasets to train the shadow model, the adversarial examples generated on this shadow model demonstrate a higher transferability success rate than SOTA data reduction methods.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"153 ","pages":"Article 104401"},"PeriodicalIF":4.8,"publicationDate":"2025-02-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143528750","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

ZipAST: Enhancing malicious JavaScript detection with sequence compression

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-02-24 DOI: 10.1016/j.cose.2025.104390

Zixian Chen, Weiping Wang, Yan Qin, Shigeng Zhang

{"title":"ZipAST: Enhancing malicious JavaScript detection with sequence compression","authors":"Zixian Chen, Weiping Wang, Yan Qin, Shigeng Zhang","doi":"10.1016/j.cose.2025.104390","DOIUrl":"10.1016/j.cose.2025.104390","url":null,"abstract":"<div><div>JavaScript is a key component of websites and greatly enhances web page functionality. At the same time, it has become one of the most common attack vectors in malicious web pages. Early approaches to detecting malicious scripts relied heavily on manual feature engineering by security experts, with limited feature representation capabilities. With the advancements in deep learning technologies, deep learning networks have shown the ability to automatically learn strong feature representations from malicious JavaScript. Presently, mainstream detection methods usually extract the Abstract Syntax Tree (AST) from JavaScript code, which captures the code’s semantic information. The information about AST nodes is then processed into a sequence using depth-first traversal and fed into deep learning models. However, for large JavaScript library files and obfuscated JavaScript code, the computational power and hardware constraints pose challenges in feeding complete information into the model. Only a part of the sequence is sampled for training and detection, significantly diminishing the model’s detection capability. To address this, this paper proposes an innovative method for malicious JavaScript detection based on sequence compression. The approach extracts input sequences comprised solely of AST node type information and employs a compression algorithm to reduce their length further. Technically, we first extract the information of the type field in each node in the AST in the order of depth-first traversal to generate the sequence, and then effectively compress the sequence using Byte Pair Encoding. Finally, the compressed sequence is fed into the deep learning model for detection. On publicly available datasets, when employing the same deep learning model for classification, our proposed method outperforms existing other approaches, achieving a precision of 98.96% and a recall of 96.37%.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"153 ","pages":"Article 104390"},"PeriodicalIF":4.8,"publicationDate":"2025-02-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143520043","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

P4NSA: P4-based security protection technology for IPv6 neighbor solicitation and advertisement spoofing

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-02-23 DOI: 10.1016/j.cose.2025.104400

Wenhao Xia , Liancheng Zhang , Yi Guo , Hongtao Zhang , Lanxin Cheng

{"title":"P4NSA: P4-based security protection technology for IPv6 neighbor solicitation and advertisement spoofing","authors":"Wenhao Xia , Liancheng Zhang , Yi Guo , Hongtao Zhang , Lanxin Cheng","doi":"10.1016/j.cose.2025.104400","DOIUrl":"10.1016/j.cose.2025.104400","url":null,"abstract":"<div><div>Neighbor solicitation and neighbor advertisement messages from neighbor discovery protocol are used for address resolution in IPv6 network. However, the NDP protocol lacks authentication mechanisms for exchanged messages, so hosts in a local area network are vulnerable to malicious threats during the address resolution process. Existing detection and protection solutions have high complexity, consume many resources, and have poor scalability and deployability. To this end, the SDN P4-based Neighbour Discovery Protocol security protection technology is proposed for the protection of NS and NA message processes by taking advantage of the open and programmable nature of P4 technology that can flexibly customize the threat detection and protection mechanisms. This technology collects the IPv6 addresses and corresponding switching ports of IPv6 hosts joining the network, and discards the spoofed packets that do not belong to the corresponding ports according to the spoofed packet filtering algorithm. Experimental results show that this technology can properly collect information about hosts joining IPv6 networks and filter and discard NS/NA spoofed messages sent by spoofing tools such as THC-IPv6 and IPv6 Toolkit. Compared with security protection technologies such as Match-Prevention and NDPsec, this technology does not add additional neighbour discovery protocol parameter options or use hash cryptography, so it is less complex, consumes fewer resources, and is more feasible in deployment and application.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"153 ","pages":"Article 104400"},"PeriodicalIF":4.8,"publicationDate":"2025-02-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143526557","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Secure and controllable cloud–edge collaborative data sharing scheme for wireless body area networks in IIoT

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-02-22 DOI: 10.1016/j.cose.2025.104389

Jiasheng Chen , Miao Wang , Zhenfu Cao , Xiaolei Dong , Liwang Sun

{"title":"Secure and controllable cloud–edge collaborative data sharing scheme for wireless body area networks in IIoT","authors":"Jiasheng Chen , Miao Wang , Zhenfu Cao , Xiaolei Dong , Liwang Sun","doi":"10.1016/j.cose.2025.104389","DOIUrl":"10.1016/j.cose.2025.104389","url":null,"abstract":"<div><div>Wireless body area networks collect electronic health records (EHRs) in real-time through sensors and use mobile IoT devices for data transmission and processing, promoting telemedicine monitoring and personalized health management. With the large-scale deployment of mobile medical devices, attribute-based proxy re-encryption (ABPRE) has been widely adopted to achieve fine-grained access control over encrypted EHRs. However, existing ABPRE schemes face high communication delay when processing large amounts of edge data under traditional cloud sharing architecture. There are also security, flexibility, and efficiency challenges in multi-user collaborative scenarios. In this paper, we propose a secure and controllable cloud–edge collaborative data sharing (SCCE-DS) scheme, which ensures that data users can join dynamically by supporting fine-grained access control and flexible ciphertext sharing. Meanwhile, we introduce edge computing to accelerate user request responses and reduce the computing burden of cloud servers. To further improve efficiency, we design an online/offline mechanism and outsource some decryption operations to the cloud server, which significantly improved the encryption and decryption efficiency of online shared data. Formal security analysis proves that SCCE-DS has chosen plaintext attack security and can resist collusion attacks and denial of service attacks. Performance evaluation demonstrates that SCCE-DS has significant advantages in encryption and decryption efficiency and communication delay compared with traditional schemes, indicating that it has strong practical application potential in mobile healthcare systems.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"153 ","pages":"Article 104389"},"PeriodicalIF":4.8,"publicationDate":"2025-02-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143487846","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

“I don't get it, but I accept it” Exploring uninformed consent to privacy policies: A neutralization perspective

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-02-21 DOI: 10.1016/j.cose.2025.104396

Hou Zhu , Mingxin Zhang

{"title":"“I don't get it, but I accept it” Exploring uninformed consent to privacy policies: A neutralization perspective","authors":"Hou Zhu , Mingxin Zhang","doi":"10.1016/j.cose.2025.104396","DOIUrl":"10.1016/j.cose.2025.104396","url":null,"abstract":"<div><div>While registering or logging onto an online platform, users are required to carefully read a privacy statement and decide whether they give consent. Accepting privacy policies without reading them is common yet detrimental to data privacy. Theorizing it as a type of deviant behavior, this study leverages neutralization theory to understand users’ uninformed consent decisions. Through a review of neutralization theory, we identified and contextualized four relevant neutralization techniques: denial of responsibility, denial of injury, claim of normality, and claim of necessity. We focused on how these neutralization techniques could individually and collectively lead to uninformed consent to privacy policies. We conducted a cross-sectional survey with 985 Internet users. A multi-method approach combining structural equation modelling (CB-SEM) with fuzzy-set qualitative comparative analysis (Fs/QCA) confirmed the proposed individual and configurational effects, thereby answering how these neutralization techniques could individually and collectively influence uninformed consent decisions. These insights provide an important theoretical angle to understand why users accept privacy policies without reading the content. Practitioners can leverage these insights to design user-friendly privacy policies.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"153 ","pages":"Article 104396"},"PeriodicalIF":4.8,"publicationDate":"2025-02-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143487845","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

DomainDynamics: Advancing lifecycle-based risk assessment of domain names

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-02-20 DOI: 10.1016/j.cose.2025.104366

Daiki Chiba, Hiroki Nakano, Takashi Koide

{"title":"DomainDynamics: Advancing lifecycle-based risk assessment of domain names","authors":"Daiki Chiba, Hiroki Nakano, Takashi Koide","doi":"10.1016/j.cose.2025.104366","DOIUrl":"10.1016/j.cose.2025.104366","url":null,"abstract":"<div><div>The persistent threat of malicious domains in cybersecurity necessitates robust detection systems. Traditional machine learning approaches often struggle to accurately assess domain name risks due to their static analysis methods and lack of consideration for temporal changes in domain attributes. To address these limitations, we developed DomainDynamics, a novel system that evaluates domain name risks by analyzing their lifecycle phases. This study provides a comprehensive evaluation and refinement of the DomainDynamics framework. The system creates temporal profiles for domains and assesses their attributes at various stages, enabling informed, time-sensitive risk assessments. Our initial evaluation, involving over 85,000 malicious domains, achieved an 82.58% detection rate with a low 0.41% false positive rate. We expanded our research to include benchmarking against commercial services, feature significance analysis using interpretable AI techniques, and detailed case studies. This investigation not only validates the effectiveness of DomainDynamics but also reveals temporal indicators of malicious intent. Our findings demonstrate the advantages of lifecycle-based analysis over static methodologies, providing valuable insights for practical cybersecurity applications.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"153 ","pages":"Article 104366"},"PeriodicalIF":4.8,"publicationDate":"2025-02-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143487847","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Cancelable iris template based on slicing

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-02-19 DOI: 10.1016/j.cose.2025.104381

Qianrong Zheng , Jianwen Xiang , Changtian Song , Rivalino Matias , Rui Hao , Songsong Liao , Xuemin Zhang , Meng Zhao , Dongdong Zhao

{"title":"Cancelable iris template based on slicing","authors":"Qianrong Zheng , Jianwen Xiang , Changtian Song , Rivalino Matias , Rui Hao , Songsong Liao , Xuemin Zhang , Meng Zhao , Dongdong Zhao","doi":"10.1016/j.cose.2025.104381","DOIUrl":"10.1016/j.cose.2025.104381","url":null,"abstract":"<div><div>With the widespread adoption of iris authentication technology and its use in different applications, the potential risks associated with iris template leakage have become a major concern. Hence, a secure template protection scheme becomes an important requirement for biometric systems. However, most of the current template protection schemes based on cancelable templates fail to meet the balance between security and performance. To address this challenge, we propose a method called cancelable iris template based on slicing (Iris-Slice). The scheme generates segments by segmenting the original iris data to a specific length, and subsequently compares these segments with their opposite sequences and retains the smaller segments. Next, the retained segments are randomly expanded, where the expanded sequences are half the inverse of the original iris data. Ultimately, the expanded sequences are saved in a collection for iris data protection. Experimental results on well-known iris datasets (CASIA-IrisV3-Interval, CASIA-IrisV4-Lamp, MMU-V1, IITD) show that the accuracy of the Iris-Slice method decreases only slightly by 0.63%. We also analyze the irreversibility, revocability, and unlinkability of our proposed scheme, both theoretically and experimentally. The results show that our scheme satisfies all these requirements with high performance.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"152 ","pages":"Article 104381"},"PeriodicalIF":4.8,"publicationDate":"2025-02-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143474680","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0