Computers & Security最新文献_第7页

Safeguarding connected autonomous vehicle communication: Protocols, intra- and inter-vehicular attacks and defenses

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-01-31 DOI: 10.1016/j.cose.2025.104352

Mohammed Aledhari , Rehma Razzak , Mohamed Rahouti , Abbas Yazdinejad , Reza M. Parizi , Basheer Qolomany , Mohsen Guizani , Junaid Qadir , Ala Al-Fuqaha

{"title":"Safeguarding connected autonomous vehicle communication: Protocols, intra- and inter-vehicular attacks and defenses","authors":"Mohammed Aledhari , Rehma Razzak , Mohamed Rahouti , Abbas Yazdinejad , Reza M. Parizi , Basheer Qolomany , Mohsen Guizani , Junaid Qadir , Ala Al-Fuqaha","doi":"10.1016/j.cose.2025.104352","DOIUrl":"10.1016/j.cose.2025.104352","url":null,"abstract":"<div><div>The advancements in autonomous driving technology, coupled with the growing interest from automotive manufacturers and tech companies, suggest a rising adoption of Connected Autonomous Vehicles (CAVs) in the near future. Despite some evidence of higher accident rates in AVs, these incidents tend to result in less severe injuries compared to traditional vehicles due to cooperative safety measures. However, the increased complexity of CAV systems exposes them to significant security vulnerabilities, potentially compromising their performance and communication integrity. This paper contributes by presenting a detailed analysis of existing security frameworks and protocols, focusing on intra- and inter-vehicle communications. We systematically evaluate the effectiveness of these frameworks in addressing known vulnerabilities and propose a set of best practices for enhancing CAV communication security. The paper also provides a comprehensive taxonomy of attack vectors in CAV ecosystems and suggests future research directions for designing more robust security mechanisms. Our key contributions include the development of a new classification system for CAV security threats, the proposal of practical security protocols, and the introduction of use cases that demonstrate how these protocols can be integrated into real-world CAV applications. These insights are crucial for advancing secure CAV adoption and ensuring the safe integration of autonomous vehicles into intelligent transportation systems.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"151 ","pages":"Article 104352"},"PeriodicalIF":4.8,"publicationDate":"2025-01-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143229251","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

PatchView: Multi-modality detection of security patches

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-01-30 DOI: 10.1016/j.cose.2025.104356

Nitzan Farhi , Noam Koenigstein , Yuval Shavitt

{"title":"PatchView: Multi-modality detection of security patches","authors":"Nitzan Farhi , Noam Koenigstein , Yuval Shavitt","doi":"10.1016/j.cose.2025.104356","DOIUrl":"10.1016/j.cose.2025.104356","url":null,"abstract":"<div><div>Patching software become overwhelming for system administrators due to the large amounts of patch releases. Administrator should prioritize security patches to reduce the exposure to attacks, and can use for this task the Common Vulnerabilities and Exposures (CVE) system, which catalogs known security vulnerabilities in publicly released software or firmware. However, some developers choose to omit CVE publication and merely update their repositories, keeping the vulnerabilities undisclosed. Such actions leave users uninformed and potentially at risk. To this end, we present PatchView, an innovative multi-modal system tailored for the classification of commits as security patches. The system draws upon three unique data modalities associated with a commit: (1) Time-series representation of developer behavioral data within the Git repository, (2) Commit messages, and (3) The code patches. PatchView merges three single-modality sub-models, each adept at interpreting data from its designated source. A distinguishing feature of this solution is its ability to elucidate its predictions by examining the outputs of each sub-model, underscoring its interpretability. Notably, this research pioneers a language-agnostic methodology for security patch classification. Our evaluations indicate that the proposed solution can reveal concealed security patches with an accuracy of 94.52% and F1-scoreof 95.12%. The code for this paper will be made publicly available on GitHub: <span><span>https://github.com/nitzanfarhi/PatchView</span><svg><path></path></svg></span>.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"151 ","pages":"Article 104356"},"PeriodicalIF":4.8,"publicationDate":"2025-01-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143229250","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

DeMarking: A defense for network flow watermarking in real-time

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-01-30 DOI: 10.1016/j.cose.2025.104355

Yali Yuan, Jian Ge, Guang Cheng

引用次数: 0

FineGCP: Fine-grained dependency graph community partitioning for attack investigation

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-01-28 DOI: 10.1016/j.cose.2024.104311

Zhaoyang Wang , Yanfei Hu , Yu Wen , Boyang Zhang , Shuailou Li , Wenbo Wang , Zheng Liu , Dan Meng

{"title":"FineGCP: Fine-grained dependency graph community partitioning for attack investigation","authors":"Zhaoyang Wang , Yanfei Hu , Yu Wen , Boyang Zhang , Shuailou Li , Wenbo Wang , Zheng Liu , Dan Meng","doi":"10.1016/j.cose.2024.104311","DOIUrl":"10.1016/j.cose.2024.104311","url":null,"abstract":"<div><div>With the fierce game between attack and defense technology, network security threats become increasingly covert. Dependency graphs generated from system audit logs are currently critical tools for attack investigating. However, these graphs typically encounter the dependency explosion (edges usually exceeding 100k), making it challenging for security experts to directly analyze the attack behaviors. To reduce analysts’ workload and retain all attack activities in the dependency graph, recent research has proposed community partitioning algorithms on dependency graph. However, they fail to handle the entity involving multiple system tasks, and leave a mixture of entities associated with both attack-related tasks and normal system tasks in the graph, making the analysis of attack investigation difficult.</div><div>In this paper, we propose <span>FineGCP</span>, a novel fine-grained dependency graph partitioning method to address the issue of entity involving different tasks. The key idea is to distinguish entities involved in different system tasks, and assign entities performing the same task to the same community. To this end, we first introduce an execution partitioning technique that divides entities in the graph into fine-grained execution units based on their tasks. Second, considering system tasks are usually completed through the collaboration of multiple entities, we developed a graph partitioning technique for performing node embedding and community partitioning on the entities in the fine-grained dependency graphs through leveraging distinct topological structures formed by different tasks. We evaluate the effectiveness of <span>FineGCP</span> using two public datasets. The experimental results demonstrate that <span>FineGCP</span> aggregates attack nodes into an average of 1.34 communities, with 97% of the nodes in these communities being attack-related nodes, effectively aiding in attack investigations.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"151 ","pages":"Article 104311"},"PeriodicalIF":4.8,"publicationDate":"2025-01-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143149512","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A comprehensive review of current trends, challenges, and opportunities in text data privacy

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-01-28 DOI: 10.1016/j.cose.2025.104358

Sakib Shahriar , Rozita Dara , Rajen Akalu

{"title":"A comprehensive review of current trends, challenges, and opportunities in text data privacy","authors":"Sakib Shahriar , Rozita Dara , Rajen Akalu","doi":"10.1016/j.cose.2025.104358","DOIUrl":"10.1016/j.cose.2025.104358","url":null,"abstract":"<div><div>The emergence of smartphones and internet accessibility around the globe have enabled billions of people to be connected to the digital world. Due to the popularity of instant messaging applications and social media, a large quantity of personal data is in text format, and processing text data in a privacy-preserving manner poses unique challenges. While existing reviews focus on privacy concerns from specific algorithmic perspectives or target only a particular domain, such as healthcare or smart metering, they fail to provide a comprehensive view that addresses the multi-layered privacy risks inherent to text data processing. Existing works often limit their scope to specialized solutions like differential privacy, anonymization, or federated learning, neglecting a broader spectrum of challenges. To fill this gap, we present a comprehensive review of privacy-enhancing solutions for text data processing in the present literature and classify the works into six categories of privacy risks: (i) unintentional memorability, (ii) membership inference, (iii) exposure and re-identification, (iv) language models and word embeddings, (v) authorship attribution, and (vi) collaborative processing. We then analyze existing privacy-enhancing solutions for text data by considering the aforementioned privacy risks. Finally, we identified several research gaps, including the need for comprehensive privacy metrics, explainable algorithms, and privacy in social media analytics.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"151 ","pages":"Article 104358"},"PeriodicalIF":4.8,"publicationDate":"2025-01-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143149526","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Realistic and balanced automated threat emulation

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-01-27 DOI: 10.1016/j.cose.2025.104351

Hannes Holm, Teodor Sommestad

{"title":"Realistic and balanced automated threat emulation","authors":"Hannes Holm, Teodor Sommestad","doi":"10.1016/j.cose.2025.104351","DOIUrl":"10.1016/j.cose.2025.104351","url":null,"abstract":"<div><div>Cyber defence exercises involve subjecting security analysts to live cyber threats in a safe environment, and is a common proactive method to increase security posture. As the design and execution of cyber threats generally is costly, researchers and practitioners have developed threat emulators that automate cyber threats without the need for human intervention. The ability of these emulators to produce threats useful for cyber defence exercises is, however, uncertain.</div><div>This paper presents an evaluation of the automated threat emulator Lore using data collected from three cyber defence exercises. During the exercises, Lore and human threat agents (often called the “red” team) subjected 132 network security analysts (often called the “blue” team) to various threats such as software exploits and shell commands. Six hypotheses related to how the actions by human red teams and Lore were perceived and managed by the security analysts were examined. Evaluations were made by studying the subjective judgments of the analysts as well as by comparing the objective ground truth to their submitted incident reports. The results show that the security analysts could not tell the difference between the actions made by the human red team and those made by Lore, and that their performance was similar regardless of the source of the threats.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"151 ","pages":"Article 104351"},"PeriodicalIF":4.8,"publicationDate":"2025-01-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143149568","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

GraphFVD: Property graph-based fine-grained vulnerability detection

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-01-25 DOI: 10.1016/j.cose.2025.104350

Miaomiao Shao, Yuxin Ding, Jing Cao, Yilin Li

引用次数: 0

Towards privacy-preserving compressed sensing reconstruction in cloud

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-01-24 DOI: 10.1016/j.cose.2025.104348

Kaidi Xu , Jia Yu , Wenjing Gao

{"title":"Towards privacy-preserving compressed sensing reconstruction in cloud","authors":"Kaidi Xu , Jia Yu , Wenjing Gao","doi":"10.1016/j.cose.2025.104348","DOIUrl":"10.1016/j.cose.2025.104348","url":null,"abstract":"<div><div>Compressed sensing is widely used in various fields. Its reconstruction process is highly complex and time-consuming. For resource-constrained Internet of Things (IoT) devices, there are usually not enough computational and storage resources to handle it. The prevalent solution to this problem involves secure outsourcing the compressed sensing reconstruction task to the cloud. Nonetheless, existing privacy-preserving compressed sensing reconstruction protocols are primarily designed based on linear programming, but not applicable to other reconstruction methods. In these protocols, the computational cost on the user and the cloud is still high. To tackle these issues, we design a privacy-preserving compressed sensing reconstruction protocol specifically tailored for IoT applications. Different from existing works, our proposed protocol can be applicable to all reconstruction algorithms. It allows the cloud flexibly choose the appropriate signal reconstruction method. The proposed protocol directly encrypts the reconstruction problem. In the ciphertext state, the reconstruction problem is transformed into other forms of the problem for solving. We use a signal obfuscation method for encryption in the proposed protocol. The user no longer needs to perform matrix multiplication calculations for encryption, saving a lot of computational resources. Our proposed protocol not only ensures the client privacy by preventing data leakage to cloud but also effectively reduces computational complexity for both the user and the cloud. Finally, we theoretically analyze the correctness and security of the protocol and experimentally verify its feasibility.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"151 ","pages":"Article 104348"},"PeriodicalIF":4.8,"publicationDate":"2025-01-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143149529","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A Segmented Stack Randomization for bare-metal IoT devices

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-01-24 DOI: 10.1016/j.cose.2025.104342

Junho Jung , BeomSeok Kim , Heeseung Son , Daehee Jang , Ben Lee , Jinsung Cho

{"title":"A Segmented Stack Randomization for bare-metal IoT devices","authors":"Junho Jung , BeomSeok Kim , Heeseung Son , Daehee Jang , Ben Lee , Jinsung Cho","doi":"10.1016/j.cose.2025.104342","DOIUrl":"10.1016/j.cose.2025.104342","url":null,"abstract":"<div><div>Bare-metal IoT devices, lacking memory management features such as virtual memory and Memory Management Units (MMUs), are increasingly vulnerable to memory corruption attacks like buffer overflow and Return-Oriented Programming (ROP). To address these challenges, this paper proposes the Segmented Stack Randomization (SSR) scheme, a novel approach that enhances security by randomly allocating stack space across multiple segments during function calls. Designed to operate without additional hardware, the proposed SSR is highly suitable for resource-constrained IoT environments, particularly those requiring predictable execution times for real-time applications. The proposed SSR involves Low Level Virtual Machine (LLVM)-based code instrumentation, enabling seamless integration into finalized firmware without introducing debugging complexities. A proof-of-concept implementation on an ARM Cortex-M4 platform demonstrated that SSR provides robust protection against stack-based attacks with minimal performance overhead, averaging <span><math><mrow><mn>1</mn><mo>.</mo><mn>591</mn><mspace></mspace><mi>μ</mi><mi>s</mi></mrow></math></span>ec per function call. Additionally, the proposed SSR offers tunable trade-offs between memory usage and randomization entropy, ensuring adaptability to various application requirements. These results highlight the proposed SSR as a practical and efficient security solution for safeguarding bare-metal IoT devices against evolving threats.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"151 ","pages":"Article 104342"},"PeriodicalIF":4.8,"publicationDate":"2025-01-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143149562","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Enhancing can security with ML-based IDS: Strategies and efficacies against adversarial attacks

IF 4.8 2区计算机科学

Computers & Security Pub Date : 2025-01-23 DOI: 10.1016/j.cose.2025.104322

Ying-Dar Lin , Wei-Hsiang Chan , Yuan-Cheng Lai , Chia-Mu Yu , Yu-Sung Wu , Wei-Bin Lee

{"title":"Enhancing can security with ML-based IDS: Strategies and efficacies against adversarial attacks","authors":"Ying-Dar Lin , Wei-Hsiang Chan , Yuan-Cheng Lai , Chia-Mu Yu , Yu-Sung Wu , Wei-Bin Lee","doi":"10.1016/j.cose.2025.104322","DOIUrl":"10.1016/j.cose.2025.104322","url":null,"abstract":"<div><div>Control Area Networks (CAN) face serious security threats recently due to their inherent vulnerabilities and the increasing sophistication of cyberattacks targeting automotive and industrial systems. This paper focuses on enhancing the security of CAN, which currently lack adequate defense mechanisms. We propose integrating Machine Learning-based Intrusion Detection Systems (ML-based IDS) into the network to address this vulnerability. However, ML systems are susceptible to adversarial attacks, leading to misclassification of data. We introduce three defense combination methods to mitigate this risk: adversarial training, ensemble learning, and distance-based optimization. Additionally, we employ a simulated annealing algorithm in distance-based optimization to optimize the distance moved in feature space, aiming to minimize intra-class distance and maximize the inter-class distance. Our results show that the ZOO attack is the most potent adversarial attack, significantly impacting model performance. In terms of model, the basic models achieve an F1 score of 0.99, with CNN being the most robust against adversarial attacks. Under known adversarial attacks, the average F1 score decreases to 0.56. Adversarial training with triplet loss does not perform well, achieving only 0.64, while our defense method attains the highest F1 score of 0.97. For unknown adversarial attacks, the F1 score drops to 0.24, with adversarial training with triplet loss scoring 0.47. Our defense method still achieves the highest score of 0.61. These results demonstrate our method’s excellent performance against known and unknown adversarial attacks.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"151 ","pages":"Article 104322"},"PeriodicalIF":4.8,"publicationDate":"2025-01-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143149563","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0