Andrea Cimmino, Juan Cano-Benito, Raúl García-Castro
{"title":"Open Digital Rights Enforcement framework (ODRE): From descriptive to enforceable policies","authors":"Andrea Cimmino, Juan Cano-Benito, Raúl García-Castro","doi":"10.1016/j.cose.2024.104282","DOIUrl":"10.1016/j.cose.2024.104282","url":null,"abstract":"<div><div>From centralised platforms to decentralised ecosystems, like Data Spaces, sharing data has become a paramount challenge. For this reason, the definition of data usage policies has become crucial in these domains, highlighting the necessity of effective policy enforcement mechanisms. The Open Digital Rights Language (ODRL) is a W3C standard ontology designed to describe data usage policies, however, it lacks built-in enforcement capabilities, limiting its practical application. This paper introduces the Open Digital Rights Enforcement (ODRE) framework, whose goal is to provide ODRL with enforcement capabilities. The ODRE framework proposes a novel approach to express ODRL policies that integrates the descriptive ontology terms of ODRL with other languages that allow behaviour specification, such as dynamic data handling or function evaluation. The framework includes an enforcement algorithm for ODRL policies and two open-source implementations in Python and Java. The ODRE framework is also designed to support future extensions of ODRL to specific domain scenarios. In addition, current limitations of ODRE, ODRL, and current challenges are reported. Finally, to demonstrate the enforcement capabilities of the implementations, their performance, and their extensibility features, several experiments have been carried out with positive results.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"150 ","pages":"Article 104282"},"PeriodicalIF":4.8,"publicationDate":"2024-12-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143142802","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Cybersecurity in smart agriculture: A systematic literature review","authors":"Milton Campoverde-Molina , Sergio Luján-Mora","doi":"10.1016/j.cose.2024.104284","DOIUrl":"10.1016/j.cose.2024.104284","url":null,"abstract":"<div><div>Agriculture is essential because of the current and future challenges related to food that our society must face. Agriculture is a precious resource (asset), and problems with agriculture can lead to famine and migration crises that destabilize a society. Smart agriculture can increase productivity and crop yield with new operating and business models. Smart agriculture relies on information and communication technology (ICT). However, a cyberattack on a country’s agricultural ICT can jeopardize an entire nation. In light of the aforementioned challenges and threats, this research presents a systematic literature review (SLR) to address the lack of a comprehensive review of the literature on cybersecurity in smart agriculture. This SLR analyzes 58 documents extracted from Scopus, Web of Science, and IEEE Xplore. The main findings on cybersecurity in smart agriculture encompass the challenges of cybersecurity in agriculture, the detection of attacks and intrusions, the evaluation of case studies, the assessment of frameworks, and the analysis of applied models. Organizations should also train their employees to recognize and respond to cyber threats. In addition, organizations should invest in cybersecurity processes, equipment, and training. The main contribution of this SLR is the consolidation of results to identify research findings, research gaps, and trends in cybersecurity in smart agriculture. The intended audience for this article includes researchers, farmers, and agribusinesses who may utilize frameworks, models, case studies, or emerging technologies in smart agriculture with the objective of mitigating or preventing cybersecurity threats.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"150 ","pages":"Article 104284"},"PeriodicalIF":4.8,"publicationDate":"2024-12-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143142417","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Evaluation framework for quantum security risk assessment: A comprehensive strategy for quantum-safe transition","authors":"Yaser Baseri , Vikas Chouhan , Ali Ghorbani , Aaron Chow","doi":"10.1016/j.cose.2024.104272","DOIUrl":"10.1016/j.cose.2024.104272","url":null,"abstract":"<div><div>The rise of large-scale quantum computing poses a significant threat to traditional cryptographic security measures. Quantum attacks, particularly targeting the mathematical foundations of current asymmetric cryptographic algorithms, render them ineffective. Even standard symmetric key cryptography is susceptible, albeit to a lesser extent, with potential security enhancements through longer keys or extended hash function outputs. Consequently, the cryptographic solutions currently employed to safeguard data will be inadequately secure and vulnerable to emerging quantum technology threats. In response to this impending quantum menace, organizations must chart a course towards quantum-safe environments, demanding robust business continuity plans and meticulous risk management throughout the migration process. This study provides an in-depth exploration of the challenges associated with migrating from a non-quantum-safe cryptographic state to one resilient against quantum threats. We introduce a comprehensive security risk assessment framework that scrutinizes vulnerabilities across algorithmic, certificate, and protocol layers, covering the entire migration journey, including pre-migration, through-migration, and post-migration stages. Our methodology links identified vulnerabilities to the well-established STRIDE threat model, establishing precise criteria for evaluating their potential impact and likelihood throughout the migration process. Moving beyond theoretical analysis, we address vulnerabilities practically, especially within critical components like cryptographic algorithms, public key infrastructures, and network protocols. Our study not only identifies potential attacks and vulnerabilities at each layer and migration stage but also suggests possible countermeasures and alternatives to enhance system resilience, empowering organizations to construct a secure infrastructure for the quantum era. Through these efforts, we establish the foundation for enduring security in networked systems amid the challenges of the quantum era.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"150 ","pages":"Article 104272"},"PeriodicalIF":4.8,"publicationDate":"2024-12-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143142421","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Optimizing network security: Weighted average ensemble of BPNN and RELM in EPRN-WPS intrusion detection","authors":"P.S. Pavithra, P. Durgadevi","doi":"10.1016/j.cose.2024.104289","DOIUrl":"10.1016/j.cose.2024.104289","url":null,"abstract":"<div><div>Intrusion Detection Systems (IDS) are crucial components of network security solutions designed to identify and reduce threats in real-time. The main function of IDS is to determine unauthorized access, anomalies, and misuse. When an anomaly is detected, the IDS alerts the network administrators or takes predefined actions to alleviate the threat. Several deep learning (DL) based techniques have been designed for effective IDS. Despite that, they face several complexities such as encrypted traffic, network complexity, less efficiency, and scalability issues. This research work designs a novel method named Ensemble Probability Regularized Network-based Waterwheel Plant Search (EPRN-WPS) algorithm for improving network security and integrity. The proposed framework integrates six phases namely, data collection, monitoring interval phase, alert preprocessing phase, alert scrubbing phase, alert correlation engine phase, and alert prioritization phase. For evaluation, the proposed framework deploys the input data from the Network Intrusion Detection Dataset (UNR-IDD). During, the monitor interval phase the model continuously monitored the network activities to generate more accurate alerts by deriving a diverse set of data over time. In the alert preprocessing phase, the relevant alerts are prioritized and unnecessary information is eliminated. Furthermore, the alert scrubbing phase is utilized to analyze and filter the alerts to reduce false positives and point out security threats. The potential threats by correlating alerts from various sources are identified in the alert correlation engine phase. For alert prioritization, the proposed technique EPRN-WPS combines a significance of Biased Probability Neural Network (BPNN), Regularized Extreme Learning Machine (RELM), and weighted average ensemble models and classifies the alerts into low, high, and medium. Moreover, the proposed framework implemented a Waterwheel plant optimization with an initial search strategy for optimizating the parameters thereby enhancing the effectiveness of the EPRN-WPS method. The proposed methodology achieves an accuracy of 98.9 %, a sensitivity of 97.2 %, a specificity of 97.7 %, an F1-score of 96.3 %, and a False Alarm Rate (FAR) of 1.4 %. The experimental results show the effectiveness of the proposed EPRN-WPS method in intrusion detection and it ensures the integrity of the network.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"150 ","pages":"Article 104289"},"PeriodicalIF":4.8,"publicationDate":"2024-12-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143142807","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Dazhi Zhan , Kun Xu , Xin Liu , Tong Han , Zhisong Pan , Shize Guo
{"title":"Practical clean-label backdoor attack against static malware detection","authors":"Dazhi Zhan , Kun Xu , Xin Liu , Tong Han , Zhisong Pan , Shize Guo","doi":"10.1016/j.cose.2024.104280","DOIUrl":"10.1016/j.cose.2024.104280","url":null,"abstract":"<div><div>Deep learning models have demonstrated strong performance in detecting malware. However, their reliance on updates from third-party crowdsourced threat sources introduces vulnerabilities that can be exploited for backdoor attacks. Backdoored models exhibit normal behavior on clean samples but can be triggered to output specific target categories when a test sample contains a predefined trigger pattern. This makes backdoor attacks challenging to detect and poses significant security risks in malware detection. Researchers have proposed various methods for backdoor attacks on malware detectors. Yet, existing approaches struggle to meet three strict conditions simultaneously: (1) conducting attacks in black-box scenarios, (2) accessing correct labels during attacks, and (3) preserving the original functionality of files. This paper introduces a practical framework for black-box clean-label backdoor attacks. We analyze unused byte regions in the header of PE files as potential injection points for triggers. In a black-box setting, we develop universal adversarial triggers using a heuristic search algorithm, effectively embedding them as backdoor triggers to evade malware detection. Experimental results demonstrate the effectiveness of the proposed backdoor attack in manipulating state-of-the-art detection models with high success rates.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"150 ","pages":"Article 104280"},"PeriodicalIF":4.8,"publicationDate":"2024-12-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143142734","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Textual adversarial attacks in cybersecurity named entity recognition","authors":"Tian Jiang, Yunqi Liu, Xiaohui Cui","doi":"10.1016/j.cose.2024.104278","DOIUrl":"10.1016/j.cose.2024.104278","url":null,"abstract":"<div><div>In the cybersecurity domain, Cyber Threat Intelligence (CTI) includes procedures that lead to textual reports and different types of pieces of information and evidence on cyber threats. To better understand the behaviors of attackers and construct attack graphs, identifying attack-relevant entities in diverse CTI texts precisely and efficiently becomes more important, and Named Entity Recognition (NER) models can help extract entities automatically. However, such fine-tuned models are usually vulnerable to adversarial attacks. In this paper, we first construct an attack framework that can explore textual adversarial attacks in the cybersecurity NER task by generating adversarial CTI texts. Then, we analyze the most important parts of speech (POSs) from the perspective of grammar, and propose a word-substitution-based attack method. To confront adversarial attacks, we also introduce a method to detect potential adversarial examples. Experimental results show that cybersecurity NER models are also vulnerable to adversarial attacks. Among all attack methods, our method can generate adversarial texts that keep a balanced performance in several aspects. Furthermore, adversarial examples generated by all attack methods perform well in the study of transferability, and they can help improve the robustness of NER models through adversarial training. On the defense side, our detection method is simple but effective against multiple types of textual adversarial attacks.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"150 ","pages":"Article 104278"},"PeriodicalIF":4.8,"publicationDate":"2024-12-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143142805","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Yufeng Zhang , Hongxin Zhang , Yijun Wang , Xiaorong Gao , Chen Yang
{"title":"Enhancing information security through brainprint: A longitudinal study on ERP identity authentication","authors":"Yufeng Zhang , Hongxin Zhang , Yijun Wang , Xiaorong Gao , Chen Yang","doi":"10.1016/j.cose.2024.104281","DOIUrl":"10.1016/j.cose.2024.104281","url":null,"abstract":"<div><div>Reliable identity authentication is indispensable for information security. Brainprint emerges as a promising biometric authentication through brain signal, offering a glimpse into a secure future. However, questions surrounding its long-term stability and individual uniqueness necessitate further exploration. To address this, we developed a brainprint authentication system anchored in presenting self-face rapidly to evoke event related potential (ERP). A novel electroencephalogram model was proposed to trace ERP source responses. Then the ERP source signals were mapped into a multivariate Gaussian model derived from registered templates for identity authentication. We recorded the ERP brainprint of 15 participants and authenticated their identities on the 7th, 80th and 200th day to evaluate the permanence of the brainprint system. Additionally, totally 551 invasion attempts were simulated, with 380 instances involving premeditated attacks to verify individual uniqueness in ERP. Behavioral tests were introduced to verify that intruders are capable of imitating clients’ behaviors. Under the proposed EEG model, we achieved an impressive client login success rate of 81%, successfully warding off all impostor attempts. These results provide preliminary evidence supporting the permanence and uniqueness of brainprint in our system, offering new perspectives for the future information security of identity authentication.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"150 ","pages":"Article 104281"},"PeriodicalIF":4.8,"publicationDate":"2024-12-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143142735","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Unveiling the veiled: An early stage detection of fileless malware","authors":"Narendra Singh, Somanath Tripathy","doi":"10.1016/j.cose.2024.104231","DOIUrl":"10.1016/j.cose.2024.104231","url":null,"abstract":"<div><div>The threat actors continuously evolve their tactics and techniques in a novel form to evade traditional security solutions. Fileless malware attacks are one such advancement, which operates directly within system memory, leaving no footprint on the disk, so became challenging to detect. Meanwhile, the current state-of-the-art approaches detect fileless attacks at the final (post-infection) stage, although, detecting attacks at an early-stage is crucial to prevent potential damage and data breaches. In this work, we propose an early-stage detection system named <em>Argus</em> to detect fileless malware at early-stage. <em>Argus</em> extracts key features from acquired memory dumps of suspicious processes in real-time and generates explained features. It then correlates the explained features with the MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) framework to identify fileless malware attacks before their operational stage. The experimental results show that <em>Argus</em> could successfully identify, 4356 fileless malware samples (out of 5026 samples) during the operational stage. Specifically, 2978 samples are detected in the pre-operational phase, while 1378 samples are detected in the operational phase.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"150 ","pages":"Article 104231"},"PeriodicalIF":4.8,"publicationDate":"2024-12-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143142725","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Yunfei Li , Xiaodong Fu , Li Liu , Jiaman Ding , Wei Peng , Lianyin Jia
{"title":"Multi-domains personalized local differential privacy frequency estimation mechanism for utility optimization","authors":"Yunfei Li , Xiaodong Fu , Li Liu , Jiaman Ding , Wei Peng , Lianyin Jia","doi":"10.1016/j.cose.2024.104273","DOIUrl":"10.1016/j.cose.2024.104273","url":null,"abstract":"<div><div>Local Differential Privacy (LDP) has garnered considerable attention in recent years because it does not rely on trusted third parties and has low interactivity and high operational efficiency. However, current LDP frequency estimation mechanisms aggregate data using different privacy budgets within the same domain of attribute values, overlooking the aggregation requirements across different domains of attribute values. This limits the potential for enhancing the data utility under fixed privacy budgets and meeting user preferences in multiple domains of attribute values and privacy budgets. To address this issue, we define a Multi-Domains Personalized Local Differential Privacy (MDPLDP) model that allows users to freely choose domains of attribute values and privacy budgets according to their privacy preferences. Furthermore, based on the MDPLDP model, two new frequency estimation mechanisms are proposed: MDPLDP-Generalized Randomized Response and MDPLDP-basic Randomized Aggregatable Privacy-Preserving Ordinal Response. These mechanisms support cross-domains data aggregation and optimize data utility by adjusting the domains of attribute values and increasing privacy budgets. Theoretical analysis reveals that these new mechanisms have lower estimation errors than the traditional LDP mechanisms. Experiments on real and synthetic datasets demonstrate that the proposed mechanisms effectively reduce estimation errors and enhance the utility of data-frequency estimation.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"150 ","pages":"Article 104273"},"PeriodicalIF":4.8,"publicationDate":"2024-12-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143142379","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Social-Hunter: A social heuristics-based approach to early unveiling unknown malicious logins using valid accounts","authors":"Mingsheng Tang , Binbin Ge","doi":"10.1016/j.cose.2024.104269","DOIUrl":"10.1016/j.cose.2024.104269","url":null,"abstract":"<div><div>Using valid accounts has become a prevalent tactic among Advanced Persistent Threat (APT) actors for executing malicious logins. By exploiting stolen credentials, they bypass rule-based and traffic-based detection mechanisms, enabling sustained network infiltration without triggering anomalous network traffic alerts. The scarcity of feature-rich datasets and labeled samples for identifying malicious logins by unknown APT actors presents a significant challenge. To address this, we propose Social-Hunter, an innovative approach for detecting unknown malicious logins without prior knowledge or training on specific APT behaviors. Social-Hunter integrates sociological heuristics and multi-viewpoint modeling to partition groups based on social and role-based perspectives. Iterative partitioning assesses whether new login nodes fit within established group contexts, thereby identifying potential malicious intent. A threshold parameter evaluates source node capability during cross-group logins, flagging insufficient capability as indicators of malicious behavior. The core algorithm detects deviations from social norms and predefined thresholds. Evaluation on a 58-day dataset of authentication events from a real-world Los Alamos National Laboratory’s (LANL) network demonstrates Social-Hunter’s effectiveness. It achieves a true positive rate (TPR) nearing 90% with a significantly reduced false positive rate (FPR) of 0.2%. Comparative analysis against state-of-art unsupervised methods such as graph learning, Local Outlier Factor (LOF), Isolation Forest (IF), One-Class Support Vector Machine (One-Class SVM), Ensemble Multi-Detector (EMD), and AutoEncoder (AE) shows Social-Hunter improving TPR by at least 5% and reducing FPR by more than 77%. In practical event auditing for threats hunting, Social-Hunter maintains a minimal false positives rate of 0.00014% with nearly 90% TPR. Over 28 days, it triggered 956 alerts, with 672 true positives and just 284 false alarms. The average daily false alarm rate is around 10, while valid alerts average 20 per day. These findings underscore Social-Hunter’s potential for early detection of APT activities in large enterprise networks.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"150 ","pages":"Article 104269"},"PeriodicalIF":4.8,"publicationDate":"2024-12-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143142726","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}