Computers & Security最新文献

{"title":"P4Drop: A lightweight security function for filtering TCP spoofing packets on programmable switches","authors":"Junbi Xiao ,&nbsp;Zhaoyu Yin ,&nbsp;Yuhao Zhou ,&nbsp;Kai Liu ,&nbsp;Jian Wang ,&nbsp;Peiying Zhang","doi":"10.1016/j.cose.2025.104601","DOIUrl":"10.1016/j.cose.2025.104601","url":null,"abstract":"<div><div>TCP spoofing is a network attack technique in which attackers forge the source IP address of packets to impersonate trusted sources, commonly employed in denial-of-service attacks and session hijacking. Traditional defense methods, whether host-based or SDN-based, suffer from deployment challenges, latency issues, or high overhead on the control plane. To address these shortcomings, we propose P4Drop, a lightweight function on the P4 programmable data plane that operates without the involvement of the control plane. This method effectively defends against source address spoofing attacks based on the TCP protocol. Experimental results demonstrate that P4Drop can rapidly establish a trust mechanism and filter spoofing TCP traffic after receiving a small number of packets. Compared with existing solutions, the IP Spoofing detection method deployed on the data plane, the false negative rate was reduced by roughly 6% for the same memory consumption. We demonstrated P4Drop’s ability to detect and defend attacks quickly with low latency.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"157 ","pages":"Article 104601"},"PeriodicalIF":5.4,"publicationDate":"2025-08-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144809763","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Corrigendum to “Evaluation framework for quantum security risk assessment: A comprehensive strategy for quantum-safe transition” [Computers & Security, 150, 104272]","authors":"Yaser Baseri ,&nbsp;Vikas Chouhan ,&nbsp;Ali Ghorbani ,&nbsp;Aaron Chow","doi":"10.1016/j.cose.2025.104619","DOIUrl":"10.1016/j.cose.2025.104619","url":null,"abstract":"","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"157 ","pages":"Article 104619"},"PeriodicalIF":5.4,"publicationDate":"2025-08-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144878323","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"VirtualPatch: Distributing Android security patches through Android virtualization","authors":"Simeone Pizzi,&nbsp;Samuele Doria,&nbsp;Nicholas Miazzo,&nbsp;Eleonora Losiouk","doi":"10.1016/j.cose.2025.104615","DOIUrl":"10.1016/j.cose.2025.104615","url":null,"abstract":"<div><div>The Android Operating System (OS) is a complex system that might contain vulnerabilities and allow malicious apps to damage the legitimate ones on the same device or steal sensitive user data. Vulnerabilities in the Android OS are fixed through security patches that can only be distributed through an update of the whole OS. Google is responsible for the development of security patches for the official Android platform i.e., the Android Open Source Project (AOSP). However, several other mobile vendors (e.g., Samsung, Xiaomi) sell smartphones running a customized version of AOSP and are responsible for integrating the AOSP security patches into their custom OS. This integration should occur before Google makes a vulnerability and the associated security patch public. Unfortunately, this is not always the case: we have found that the median time that Samsung requires to integrate a security patch is 35 days. This is astonishing and confirms the urgent need for a solution.</div><div>In this paper, we propose VirtualPatch, a solution that allows the development of security patches and their immediate distribution on any Android device without involving mobile vendors. VirtualPatch creates a virtual environment through the Android virtualization technique and executes the target app with security patches inside it. To evaluate VirtualPatch, we selected 25 Android CVEs. For each of them, we developed the exploit and the security patch through VirtualPatch, and we then proved that the latter could prevent the former. We successfully implemented security patches for all the 25 Android CVEs and measured the additional overhead introduced by VirtualPatch at the startup time and at runtime. Finally, we conducted a user study with 29 participants to evaluate VirtualPatch usability.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"157 ","pages":"Article 104615"},"PeriodicalIF":5.4,"publicationDate":"2025-08-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144858287","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"NKAB: An optimization approach for k-anonymity based on Black Hole Algorithm","authors":"Lynda Kacha","doi":"10.1016/j.cose.2025.104612","DOIUrl":"10.1016/j.cose.2025.104612","url":null,"abstract":"<div><div>This paper addresses the NP-hard problem of optimal k-anonymization. We propose NKAB, a novel optimization algorithm that significantly enhances the effectiveness of our earlier K-Anonymity Black Hole Algorithm (KAB). Unlike the original algorithm, NKAB introduces a preprocessing phase based on the concept of <em>Natural Equivalence Classes</em>, which filters and groups records with identical quasi-identifiers already present in the original dataset. This step significantly reduces search space and improves the computational efficiency of KAB. Experimental results obtained on the Adult dataset, a standard benchmark for the evaluation of anonymization algorithms, show a reduction in the search space, up to <strong>53.5%</strong> for the privacy parameter <span><math><mrow><mi>k</mi><mo>=</mo><mn>2</mn></mrow></math></span>, leading to an average computation time reduction of <strong>78.8%</strong>, while maintaining high data utility with lower information loss (ranging from <strong>0.88%</strong> to <strong>10.72%</strong>).</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"157 ","pages":"Article 104612"},"PeriodicalIF":5.4,"publicationDate":"2025-08-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144809543","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Time series correlated key–value data collection with local differential privacy","authors":"Yuling Luo,&nbsp;Yali Wan,&nbsp;Xue Ouyang,&nbsp;Junxiu Liu,&nbsp;Qiang Fu,&nbsp;Sheng Qin,&nbsp;Ziqi Yuan,&nbsp;Tinghua Hu","doi":"10.1016/j.cose.2025.104610","DOIUrl":"10.1016/j.cose.2025.104610","url":null,"abstract":"<div><div>The data generated by users in various scenarios, such as video-sharing applications or smart home energy systems, requires robust privacy protection due to its sensitive nature. This includes estimating user behaviour over time, such as the proportion of users watching video, the average watching ratio, or household energy consumption and average electricity usage. After privacy protection is applied, the processed data is used to analyse user behaviour and optimize systems. However, this specific requirement for high accuracy in frequency and mean estimation after privacy protection is not effectively addressed by existing methods. To fill this gap, the Time Correlated Key–Value with Local Differential Privacy (TSCKV) is proposed in this paper. A tighter privacy budget composition bound is obtained by a perturbation scheme that exploits key–value (<span><math><mrow><mi>k</mi><mo>−</mo><mi>v</mi></mrow></math></span>) pair correlations while sacrificing some of the value data. By setting a threshold, values that change below it can be set to zero directly, saving the privacy budget. Estimators and correctors for the <span><math><mrow><mi>k</mi><mo>−</mo><mi>v</mi></mrow></math></span> pairs are proposed by this work. Using the real Kuairec dataset, experiments show that the overall statistical utility of TSCKV, including frequency and mean estimation, is higher than that of the time series data mechanism alone and the <span><math><mrow><mi>k</mi><mo>−</mo><mi>v</mi></mrow></math></span> pair mechanism with simple privacy budget allocation. Additionally, TSCKV achieves more accurate early frequency estimation compared to the static <span><math><mrow><mi>k</mi><mo>−</mo><mi>v</mi></mrow></math></span> pair correlated perturbation mechanism.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"157 ","pages":"Article 104610"},"PeriodicalIF":5.4,"publicationDate":"2025-08-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144809542","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"MSNFuzz: Multi-criteria state-sensitive network protocol fuzzing","authors":"Yuqi Zhai ,&nbsp;Rui Ma ,&nbsp;Zheng Zhang ,&nbsp;Siqi Zhao ,&nbsp;Yuche Yang","doi":"10.1016/j.cose.2025.104621","DOIUrl":"10.1016/j.cose.2025.104621","url":null,"abstract":"<div><div>Existing protocol fuzzing techniques suffer a lot from lacking state guidance on seed evaluation during seed selection and energy allocation. That reduces fuzzing efficiency and effectiveness. We thus conduct a research focusing on seed evaluation in grey-box protocol fuzzing and propose a multi-criteria state-sensitive network protocol fuzzing method named MSNFuzz. To improve seed evaluation, we firstly re-think and re-evaluate seed potential in protocol fuzzing and improve the evaluation by introducing fine-grained state-sensitive criteria. Based on the multi-criteria evaluation, a probability-based greedy algorithm is adopted to prioritize selecting promising seeds to better explore the state space of the protocol. Moreover, we also assign different mutation energies for seeds based on the occurrence frequency of its corresponding state to be selected. That allows for flexible adjustment of mutation energy. We further evaluate the performance of MSNFuzz by comparing with AFLNET, AFLNWE, StateAFL and NSFuzz, on 13 typical protocol programs from ProFuzzBench. The experimental results show that MSNFuzz discovers 17.7%, 57.7% and 30.0% more paths, 52.4%, 123.6% and 71.0% more crashes than AFLNET, AFLNWE, and StateAFL on average, and discovers 0.18% more paths and 1.8% less crashes than NSFuzz, which is the state-of-the-art but relatively heavy solution. Besides, MSNFuzz discovers 22.1% more states and 16.5% state transitions than AFLNET on average. That highlights MSNFuzz could improve the efficiency and effectiveness of fuzzing.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"158 ","pages":"Article 104621"},"PeriodicalIF":5.4,"publicationDate":"2025-08-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144893163","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Multi-domain deception for enhanced security in automotive networks","authors":"Priva Chassem Kamdem ,&nbsp;Alain Zemkoho ,&nbsp;Laurent Njilla ,&nbsp;M. Nkenlifack ,&nbsp;Charles Kamhoua","doi":"10.1016/j.cose.2025.104600","DOIUrl":"10.1016/j.cose.2025.104600","url":null,"abstract":"<div><div>As the automotive industry increasingly integrates digital technologies, the threat of cyberattacks has emerged as a critical concern. In this work, we propose two distinct cyber deception strategies: reactive deception, which leverages multi-domain architectures to mitigate remote attacks, and proactive deception, focused on the strategic allocation of honeypots. The reactive approach addresses coordination and synchronization challenges in interconnected automotive systems by implementing an interdependent deception framework, thereby enhancing protection against multi-faceted cyber threats. In contrast, the proactive strategy employs a multi-objective optimization framework to allocate honeypots effectively, achieving Pareto Nash equilibrium solutions that balance competing defense objectives. We quantitatively compare our multi-domain reactive approach with traditional single-domain strategies, demonstrating significant defensive advantages in complex, cross-domain attack scenarios. Experimental results reveal that the multi-domain strategy improves defense effectiveness by approximately 19% compared to conventional methods.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"157 ","pages":"Article 104600"},"PeriodicalIF":5.4,"publicationDate":"2025-08-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144830067","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Guiding cybersecurity compliance: An ontology for the NIS 2 directive","authors":"Gianpietro Castiglione ,&nbsp;Daniele Francesco Santamaria ,&nbsp;Giampaolo Bella ,&nbsp;Laura Brisindi ,&nbsp;Gaetano Puccia","doi":"10.1016/j.cose.2025.104617","DOIUrl":"10.1016/j.cose.2025.104617","url":null,"abstract":"<div><div>Security compliance constitutes a significant source of concern for many corporate decision-makers due to its complexity and cost. These may be due, first and foremost, to the style of juridical language, which is often challenging to translate into concrete operational procedures. To facilitate such a translation and ultimately optimise the compliance effort, this article presents “NIS2Onto”, an <em>Web Ontology Language</em> (OWL) ontology designed to translate the <em>Network and Information Security Directive</em> version 2 (NIS 2) into an ontological format aimed to favour unambiguous understanding and security operations of cybersecurity professionals, legal experts, and all organisational stakeholders. Through the semantic representation of the NIS 2 entities, relationships, and security measures, NIS2Onto enables automated compliance verification, streamlined risk assessments, and effective policy implementation. Our evaluation employs both metrical and qualitative analysis through a real case study to witness the robustness and practical applicability of NIS2Onto. The ontology not only supports the accurate interpretation of complex legal texts but also aids in systematically enforcing cybersecurity measures. Furthermore, the extensibility of NIS2Onto allows for integration with other regulatory frameworks, thereby fostering a comprehensive and unified approach to cybersecurity governance.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"157 ","pages":"Article 104617"},"PeriodicalIF":5.4,"publicationDate":"2025-08-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144830064","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A survey of cyber threat attribution: Challenges, techniques, and future directions","authors":"Nilantha Prasad ,&nbsp;Abebe Diro ,&nbsp;Matthew Warren ,&nbsp;Mahesh Fernando","doi":"10.1016/j.cose.2025.104606","DOIUrl":"10.1016/j.cose.2025.104606","url":null,"abstract":"<div><div>The escalating sophistication of cyberattacks, exemplified by supply chain compromises, AI-driven obfuscation, and politically motivated campaigns, makes accurate attribution a critical yet elusive challenge for national security and economic stability. The inability to reliably trace attacks to their source undermines deterrence, distorts policy responses, and erodes trust in digital ecosystems. Traditional methods struggle with the sheer volume of digital evidence, rapidly evolving adversary tactics, and the inherent complexities of cross-border operations. Moreover, existing literature often provides fragmented analyses, focuses narrowly on cyber threat intelligence sharing or specific threat types, or predates significant advancements in AI/ML tailored for attribution. This survey offers a comprehensive, interdisciplinary review of cyber threat attribution, bridging these critical gaps by systematically analyzing its multifaceted dimensions: technical, legal, geopolitical, social, and economic. Employing a rigorous, PRISMA-ScR compliant methodology that included structured screening and quality assessment across six major databases, we critically appraise current techniques and identify a paradigm shift toward data-driven, intelligent approaches. A key contribution is our novel taxonomy, which structures attribution research by attribution confidence &amp; granularity (the Level of attribution), analytical domains (the “How” and “Where” of evidence processing) and adversarial motivation &amp; profile (the “Why” and “Who”), providing a crucial framework for systematic cross-study comparisons in a complex field. Our findings underscore the transformative potential of emerging AI/ML techniques, particularly graph neural networks, in automating analysis, identifying subtle patterns, and extracting crucial insights from vast datasets, thereby revolutionizing attribution accuracy. This research provides actionable insights for practitioners and policymakers, offering a comprehensive roadmap to advance cyber defense and foster a more resilient and secure global digital ecosystem.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"157 ","pages":"Article 104606"},"PeriodicalIF":5.4,"publicationDate":"2025-08-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144830066","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Methodological reliability evaluation of trust and reputation management systems","authors":"Marek Janiszewski ,&nbsp;Krzysztof Szczypiorski","doi":"10.1016/j.cose.2025.104620","DOIUrl":"10.1016/j.cose.2025.104620","url":null,"abstract":"<div><div>Trust and Reputation Management (TRM) systems are used in various environments, and their main goal is to ensure efficiency despite malicious or unreliable agents striving to maximize their usefulness or to disrupt the operations of other agents. However, TRM systems can be targeted by specific attacks, which can reduce the efficiency of the environment. The impact of such attacks on a specific system cannot be easily anticipated and evaluated. The article presents models of the environment and the TRM system operating in the environment. On that basis, measures of the reliability of TRM systems were defined to enable a comprehensive and quantitative evaluation of the resistance of such systems to attacks. The presented methodology is then used to evaluate an example TRM system (RefTRM), through the created and briefly described tool TRM-RET (Trust and Reputation Management – Reliability Evaluation Testbed). The results indicate that the system's specific properties can be indicated on the basis of the tests and metrics proposed; for example, the RefTRM system is quite vulnerable to an attack tailored to the parameters used by this system.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"158 ","pages":"Article 104620"},"PeriodicalIF":5.4,"publicationDate":"2025-08-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144866728","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}