Computers & Security最新文献

{"title":"Understanding the chief information security officer: Qualifications and responsibilities for cybersecurity leadership","authors":"Christopher A. Ramezan","doi":"10.1016/j.cose.2025.104363","DOIUrl":"10.1016/j.cose.2025.104363","url":null,"abstract":"<div><div>As cyberattacks on businesses and critical infrastructure grow in sophistication and frequency, the Chief Information Security Officer (CISO) has become a pivotal role in organizations, tasked with leading cybersecurity programs and reducing risks to organizational assets. Given the importance of the position, this study seeks to expand on the sparse literature on the role of the CISO and provide insights on current position requirements and responsibilities to guide and inform higher education cybersecurity management programs as well as aspiring cybersecurity leaders. To better understand this critical role, this study uses a combination of natural language processing methods and manual information extraction to provide an in-depth dive into the responsibilities and requirements of the role through a comprehensive analysis of 250 CISO job postings listed across 27 nations. The results of the analysis showed that nearly 99 % of positions required prior professional experience, with 10 years being the most common experience requirement. Employers highly valued bachelor's or master's degrees in STEM or business fields, vendor-neutral certifications like the Certified Information Systems Security Manager (CISSP) or Certified Information Security Manager (CISM), strong communication skills, and knowledge of regulatory frameworks and cybersecurity standards. In contrast, technical expertise in cybersecurity platforms, programming skills, and security clearance were less frequently required, as were travel commitments. Current CISO responsibilities and requirements also emphasize the strategic and business-facing nature of the role, with an emphasis on strategic &amp; management-level tasks, rather than tactical, technical tasks. Higher education programs seeking to train the next generation of cybersecurity leaders, as well as information technology, cybersecurity, or management professionals aspiring to obtain a CISO position should note the role requirements currently in demand by industry, as well as the strategic and management-focused tasks commonly assigned to the role and prepare accordingly.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"152 ","pages":"Article 104363"},"PeriodicalIF":4.8,"publicationDate":"2025-02-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143372089","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Evaluating the potential of quantum machine learning in cybersecurity: A case-study on PCA-based intrusion detection systems","authors":"Armando Bellante ,&nbsp;Tommaso Fioravanti ,&nbsp;Michele Carminati ,&nbsp;Stefano Zanero ,&nbsp;Alessandro Luongo","doi":"10.1016/j.cose.2025.104341","DOIUrl":"10.1016/j.cose.2025.104341","url":null,"abstract":"<div><div>Quantum computing promises to revolutionize our understanding of the limits of computation, and its implications in cryptography have long been evident. Today, cryptographers are actively devising post-quantum solutions to counter the threats posed by quantum-enabled adversaries. Meanwhile, quantum scientists are innovating quantum protocols to empower defenders. However, the broader impact of quantum computing and quantum machine learning (QML) on other cybersecurity domains still needs to be explored. In this work, we investigate the potential impact of QML on cybersecurity applications of traditional ML. First, we explore the potential advantages of quantum computing in machine learning problems specifically related to cybersecurity. Then, we describe a methodology to quantify the future impact of fault-tolerant QML algorithms on real-world problems. As a case study, we apply our approach to standard methods and datasets in network intrusion detection, one of the most studied applications of machine learning in cybersecurity. Our results provide insight into the conditions for obtaining a quantum advantage and the need for future quantum hardware and software advancements.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"154 ","pages":"Article 104341"},"PeriodicalIF":4.8,"publicationDate":"2025-02-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143684126","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"HER-PT: An intelligent penetration testing framework with Hindsight Experience Replay","authors":"Mingda Li,&nbsp;Tiantian Zhu,&nbsp;Haoqi Yan,&nbsp;Tieming Chen,&nbsp;Mingqi Lv","doi":"10.1016/j.cose.2025.104357","DOIUrl":"10.1016/j.cose.2025.104357","url":null,"abstract":"<div><div>Penetration testing (PT) is an active method to evaluate the security of computer systems. With the continuous expansion of the scale of the network, the difficulty of penetration testing increases sharply, and at the same time, it relies heavily on expert experience. Therefore, AI-based techniques such as Deep Reinforcement Learning (DRL) will be an effective solution to automate penetration testing and reduce labor costs. However, in the existing DRL-based PT work, the attacker has a large number of low feedback behaviors, and it is difficult to collect enough successful experiences and positive learning rewards, that is, the sparse reward problem. In addition, existing works on automatic penetration based on MSF in real environments mainly focus on single-host scenarios and have not been extended to multi-host networks. In this paper, we propose a new intelligent PT framework “<span>HER-PT</span>” that integrates Hindsight Experience Replay (HER) techniques into DRL-based PT models in the hope of solving sparse reward problems in reinforcement learning and applying penetration testing to real multi-host scenarios. We constructed several network scenarios, trained <span>HER-PT</span> model agents in the cyber attack simulator Nasim for autonomous penetration testing experiments, and tried different reinforcement learning optimization schemes. Experimental results show that <span>HER-PT</span> can converge within 500 episodes in a medium scenario of 16 hosts, which is about 50% faster than other models. It can still maintain a success rate of 85.76% in the medium frequency dynamic change scene. The results show that <span>HER-PT</span> can effectively accelerate the training of the model and shorten the training period.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"152 ","pages":"Article 104357"},"PeriodicalIF":4.8,"publicationDate":"2025-02-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143349565","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Semi-supervised deep-ELM for DDoS attack detection and mitigation using the OptimalLink model in IoT networks","authors":"K. Rajkumar,&nbsp;S.Mercy shalinie","doi":"10.1016/j.cose.2025.104323","DOIUrl":"10.1016/j.cose.2025.104323","url":null,"abstract":"<div><div>Human-machine interaction is becoming smarter because of an emerging technology called the Internet of Things. Internet of Things devices are made by different manufacturers, which may lead to a lack of security standards. The attackers use this lack, such as unpatched vulnerabilities, to form botnets by simply hacking the Internet of Things devices. Of the several security breaches, distributed denial of service attacks are quite tricky, dismember the network, and offer end consumers a variety of services. For instance, sapping bandwidth, depleting server resources, and ruining the end-user experience. As a result, in many Internet of Things use cases, distributed denial of service might create the possibility of catastrophe. This paper explores encountering the distributed denial of service attack mooting by malicious Internet of Things systems. To detect and prevent distributed denial of service attacks, our security strategy modifies the software-defined network paradigm. To identify and counteract distributed denial of service attacks, we have suggested a unique semi-supervised deep-extreme learning machine-learning technique for detection with unique dataset features and a unique optimal link mitigation algorithm. These detection and mitigation methods are incorporated into the software-defined network controller, which is located in the internet of things and application layers. Compared with other solutions results, our detection and mitigation strategy increases the throughput and bandwidth level and decreases the network load. We tested the semi-supervised deep extreme learning machine algorithm using an emulated topology and testbed, and then we compared the outcomes to cutting-edge solutions. We improved the accuracy rate for distributed denial of service attack detection to 99.97 %.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"152 ","pages":"Article 104323"},"PeriodicalIF":4.8,"publicationDate":"2025-02-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143387680","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"AGLFuzz: Automata-Guided Fuzzing for detecting logic errors in security protocol implementations","authors":"Dongliang Zhao,&nbsp;Jiaxing Guo,&nbsp;Chunxiang Gu,&nbsp;Yonghui Zheng,&nbsp;Xieli Zhang","doi":"10.1016/j.cose.2024.103979","DOIUrl":"10.1016/j.cose.2024.103979","url":null,"abstract":"<div><div>Security protocols are crucial for ensuring communication security and safeguarding data integrity in computer networks and distributed systems. The complexity of security protocol logic, coupled with implementation challenges, often results in protocol implementations failing to satisfy the security requirements due to logical errors. Unlike memory-related bugs, logical errors do not exhibit fixed patterns or behaviors, thereby rendering them especially challenging to detect. Therefore, we propose a logic error detection method based on blackbox fuzzing. This method takes protocol interaction behavior as atomic proposition, utilizes linear temporal logic on finite traces (<span><math><mrow><mi>L</mi><mi>T</mi><msub><mrow><mi>L</mi></mrow><mrow><mi>f</mi></mrow></msub></mrow></math></span>) to express expected properties. Logical errors are identified according to whether the abstract interaction sequence extracted from the fuzz data can be accepted by the automata corresponding to the <span><math><mrow><mi>L</mi><mi>T</mi><msub><mrow><mi>L</mi></mrow><mrow><mi>f</mi></mrow></msub></mrow></math></span> property. Furthermore, we design an automata-guided fuzz testing algorithm that leverages the state information of automatas to drive test sequence generation, thereby accelerating the error search process. To support this method, a general-purpose black-box fuzz testing framework, AGLFuzz, has been implemented, currently including testing modules for the TLS1.3 and IPsec protocol implementations. Experimental evaluations on several widely used TLS1.3 and IPsec protocol implementations have led to the discovery of multiple counterexamples that violated specific properties and vulnerabilities that could cause the target to crash. Notably, three of these vulnerabilities have been assigned CVE numbers, highlighting the effectiveness of the proposed method.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"149 ","pages":"Article 103979"},"PeriodicalIF":4.8,"publicationDate":"2025-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143097074","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Design and implementation of a closed loop time delay feedback control (CLTD-FC) system for mitigating DDos attacks","authors":"Kaijiao Huang,&nbsp;Lifei Wang,&nbsp;Faisal Mehmood,&nbsp;Jianxun Liu","doi":"10.1016/j.cose.2025.104353","DOIUrl":"10.1016/j.cose.2025.104353","url":null,"abstract":"<div><div>Denial of Service (DoS) attacks can be used to disrupt the availability and performance of networked systems by bombarding targeted hosts with malicious traffic thus hampering their capabilities, or worse exhausting them. In this paper, by utilizing a mathematical model that reflects the dominant features of DDoS attacks we will introduce how to explore an approach in countering its effects. We propose a closed loop time delay feedback control (CLTD-FC) system by designing an appropriate feedback controller. This infrastructure is in turn exploited to design a control theoretic mitigation strategy that effectively dampens the queue dynamics of internet routers during DDoS scenarios. Specifically, we demonstrate that the CLTD-FC scheme appropriately maintains and monitors queue stability whilst simultaneously enabling convergence to desired operational targets under continual attacks. The method is implemented in the network simulator platform NS2 to validate its proposed effectiveness. Simulation results show that the proposed CLTD-FC scheme can help to improve QoS, ensure network fairness as well as stabilize and optimize queue performance compared with Drop-tail solution.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"151 ","pages":"Article 104353"},"PeriodicalIF":4.8,"publicationDate":"2025-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143149524","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Safeguarding connected autonomous vehicle communication: Protocols, intra- and inter-vehicular attacks and defenses","authors":"Mohammed Aledhari ,&nbsp;Rehma Razzak ,&nbsp;Mohamed Rahouti ,&nbsp;Abbas Yazdinejad ,&nbsp;Reza M. Parizi ,&nbsp;Basheer Qolomany ,&nbsp;Mohsen Guizani ,&nbsp;Junaid Qadir ,&nbsp;Ala Al-Fuqaha","doi":"10.1016/j.cose.2025.104352","DOIUrl":"10.1016/j.cose.2025.104352","url":null,"abstract":"<div><div>The advancements in autonomous driving technology, coupled with the growing interest from automotive manufacturers and tech companies, suggest a rising adoption of Connected Autonomous Vehicles (CAVs) in the near future. Despite some evidence of higher accident rates in AVs, these incidents tend to result in less severe injuries compared to traditional vehicles due to cooperative safety measures. However, the increased complexity of CAV systems exposes them to significant security vulnerabilities, potentially compromising their performance and communication integrity. This paper contributes by presenting a detailed analysis of existing security frameworks and protocols, focusing on intra- and inter-vehicle communications. We systematically evaluate the effectiveness of these frameworks in addressing known vulnerabilities and propose a set of best practices for enhancing CAV communication security. The paper also provides a comprehensive taxonomy of attack vectors in CAV ecosystems and suggests future research directions for designing more robust security mechanisms. Our key contributions include the development of a new classification system for CAV security threats, the proposal of practical security protocols, and the introduction of use cases that demonstrate how these protocols can be integrated into real-world CAV applications. These insights are crucial for advancing secure CAV adoption and ensuring the safe integration of autonomous vehicles into intelligent transportation systems.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"151 ","pages":"Article 104352"},"PeriodicalIF":4.8,"publicationDate":"2025-01-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143229251","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"PatchView: Multi-modality detection of security patches","authors":"Nitzan Farhi ,&nbsp;Noam Koenigstein ,&nbsp;Yuval Shavitt","doi":"10.1016/j.cose.2025.104356","DOIUrl":"10.1016/j.cose.2025.104356","url":null,"abstract":"<div><div>Patching software become overwhelming for system administrators due to the large amounts of patch releases. Administrator should prioritize security patches to reduce the exposure to attacks, and can use for this task the Common Vulnerabilities and Exposures (CVE) system, which catalogs known security vulnerabilities in publicly released software or firmware. However, some developers choose to omit CVE publication and merely update their repositories, keeping the vulnerabilities undisclosed. Such actions leave users uninformed and potentially at risk. To this end, we present PatchView, an innovative multi-modal system tailored for the classification of commits as security patches. The system draws upon three unique data modalities associated with a commit: (1) Time-series representation of developer behavioral data within the Git repository, (2) Commit messages, and (3) The code patches. PatchView merges three single-modality sub-models, each adept at interpreting data from its designated source. A distinguishing feature of this solution is its ability to elucidate its predictions by examining the outputs of each sub-model, underscoring its interpretability. Notably, this research pioneers a language-agnostic methodology for security patch classification. Our evaluations indicate that the proposed solution can reveal concealed security patches with an accuracy of 94.52% and F1-scoreof 95.12%. The code for this paper will be made publicly available on GitHub: <span><span>https://github.com/nitzanfarhi/PatchView</span><svg><path></path></svg></span>.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"151 ","pages":"Article 104356"},"PeriodicalIF":4.8,"publicationDate":"2025-01-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143229250","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"DeMarking: A defense for network flow watermarking in real-time","authors":"Yali Yuan,&nbsp;Jian Ge,&nbsp;Guang Cheng","doi":"10.1016/j.cose.2025.104355","DOIUrl":"10.1016/j.cose.2025.104355","url":null,"abstract":"<div><div>The network flow watermarking technique associates the two communicating parties by actively modifying certain characteristics of the flow generated by the sender so that it covertly carries some special marking information. Some third-party attackers communicating with the hidden server as a Tor client may attempt de-anonymization attacks to uncover the real identity of the hidden server by using this technique. This compromises the privacy of the anonymized communication system. Therefore, we propose a watermark defense scheme based on deep neural networks. Firstly, we design a training architecture based on generative adversarial networks and adversarial attacks. This architecture can train a converter to convert the original Inter-Packet Delays (IPD) into newly generated “clean” IPDs by the model, causing the adversary’s detector to extract incorrect information and thus unable to perform traffic correlation. Using the trained converter model, we design a watermark defense scheme that can effectively resist time-based watermarking techniques.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"152 ","pages":"Article 104355"},"PeriodicalIF":4.8,"publicationDate":"2025-01-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143463648","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"FineGCP: Fine-grained dependency graph community partitioning for attack investigation","authors":"Zhaoyang Wang ,&nbsp;Yanfei Hu ,&nbsp;Yu Wen ,&nbsp;Boyang Zhang ,&nbsp;Shuailou Li ,&nbsp;Wenbo Wang ,&nbsp;Zheng Liu ,&nbsp;Dan Meng","doi":"10.1016/j.cose.2024.104311","DOIUrl":"10.1016/j.cose.2024.104311","url":null,"abstract":"<div><div>With the fierce game between attack and defense technology, network security threats become increasingly covert. Dependency graphs generated from system audit logs are currently critical tools for attack investigating. However, these graphs typically encounter the dependency explosion (edges usually exceeding 100k), making it challenging for security experts to directly analyze the attack behaviors. To reduce analysts’ workload and retain all attack activities in the dependency graph, recent research has proposed community partitioning algorithms on dependency graph. However, they fail to handle the entity involving multiple system tasks, and leave a mixture of entities associated with both attack-related tasks and normal system tasks in the graph, making the analysis of attack investigation difficult.</div><div>In this paper, we propose <span>FineGCP</span>, a novel fine-grained dependency graph partitioning method to address the issue of entity involving different tasks. The key idea is to distinguish entities involved in different system tasks, and assign entities performing the same task to the same community. To this end, we first introduce an execution partitioning technique that divides entities in the graph into fine-grained execution units based on their tasks. Second, considering system tasks are usually completed through the collaboration of multiple entities, we developed a graph partitioning technique for performing node embedding and community partitioning on the entities in the fine-grained dependency graphs through leveraging distinct topological structures formed by different tasks. We evaluate the effectiveness of <span>FineGCP</span> using two public datasets. The experimental results demonstrate that <span>FineGCP</span> aggregates attack nodes into an average of 1.34 communities, with 97% of the nodes in these communities being attack-related nodes, effectively aiding in attack investigations.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"151 ","pages":"Article 104311"},"PeriodicalIF":4.8,"publicationDate":"2025-01-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143149512","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}