Computers & Security最新文献

筛选
英文 中文
Strengthening edge defense: A differential game-based edge intelligence strategy against APT attacks 加强边缘防御:针对APT攻击的基于不同游戏的边缘情报策略
IF 4.8 2区 计算机科学
Computers & Security Pub Date : 2025-07-05 DOI: 10.1016/j.cose.2025.104580
Man Zhou , Lansheng Han , Xin Che
{"title":"Strengthening edge defense: A differential game-based edge intelligence strategy against APT attacks","authors":"Man Zhou ,&nbsp;Lansheng Han ,&nbsp;Xin Che","doi":"10.1016/j.cose.2025.104580","DOIUrl":"10.1016/j.cose.2025.104580","url":null,"abstract":"<div><div>In modern industrial settings, the Industrial Internet of Things (IIoT) serves as a backbone, connecting devices, sensors, and systems to enhance production efficiency and facilitate real-time data processing and decision-making. As the adoption of IIoT expands, edge nodes have emerged as critical components, functioning as hubs for data collection, transmission, and real-time response. However, their physical accessibility and limited computational resources render them susceptible to Advanced Persistent Threat (APT) attacks. This study proposes a defense mechanism specifically designed for edge nodes to effectively mitigate APT attacks, leveraging a combination of optimal control theory and intelligent edge game theory. First, we develop a system evolution model based on covert adversarial dynamics to accurately capture the complex interactions between attacks and defenses in real-world edge networks, thereby improving detection and response capabilities against emerging threats. Additionally, we propose an attack-defense model that integrates optimal control techniques and differential games, allowing the detection system to dynamically adapt its defense strategies while optimizing the trade-off between attack detection effectiveness and resource utilization efficiency. Finally, we implement a Nash strategy reinforcement learning mechanism based on multi-agent deep Q-networks to optimize edge game strategies and enhance attack detection performance. Experimental evaluations conducted on an ethanol distillation system testbed demonstrate the effectiveness, robustness, and computational efficiency of our defense approach compared to SG-LMM and DDQN-PV methodologies.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"157 ","pages":"Article 104580"},"PeriodicalIF":4.8,"publicationDate":"2025-07-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144571211","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
FiPiBox:Development of firewall for IoT networks using P4Pi FiPiBox:基于P4Pi的物联网防火墙开发
IF 4.8 2区 计算机科学
Computers & Security Pub Date : 2025-07-03 DOI: 10.1016/j.cose.2025.104560
Suvrima Datta , Venkanna U. , Aditya Kotha
{"title":"FiPiBox:Development of firewall for IoT networks using P4Pi","authors":"Suvrima Datta ,&nbsp;Venkanna U. ,&nbsp;Aditya Kotha","doi":"10.1016/j.cose.2025.104560","DOIUrl":"10.1016/j.cose.2025.104560","url":null,"abstract":"<div><div>The IoT has experienced remarkable expansion, connecting an extensive array of devices to the internet. With this proliferation, the security of IoT networks has become a paramount concern. Unfortunately, existing security mechanisms failed due to the static security policies, deficiency in understanding device behavioral patterns, limited visibility of IoT traffic flows, and vendor dependency on IoT devices. To overcome the security problems in IoT networks, FiPiBox: a firewall, has been developed by leveraging P4Pi to filter the IoT traffic flows precisely by analyzing the flow behavior. Initially, the incoming IoT traffic flows have been parsed in the FiPiBox data plane to obtain several header field information. Subsequently, the header information is sent to the controller through a message digest. This information helps the FiPiBox controller build the behavioral profile of IoT devices. Further, the FiPibox controller monitors the behavior of incoming IoT traffic flows based on the behavioral profile’s flow statistics. If the controller finds that the incoming traffic behavior is normal, forward the traffic to the desired destination. Otherwise, if the IoT traffic behavior deviates from its normal behavior, quarantine the device for a specified time to understand its behavior. Further, a user interface has been developed to monitor the device’s behavior to take appropriate action. The evaluation result of FiPiBox shows that packet processing time in FiPiBox is 0.01998 ms for 1000 devices and has a nominal false alarm rate (0.034 for 1000 devices), which ensures the reliability of FiPiBox to filter IoT traffic flows. Additionally, FiPiBox updates the firewall rules dynamically based on the IoT traffic behavior. Specifically, FiPiBox takes 0.124 ms to install the firewall rules. Finally, the proposed firewall, FiPibox, emerges as a robust solution to enhance IoT security by accurately filtering IoT traffic flows.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"157 ","pages":"Article 104560"},"PeriodicalIF":4.8,"publicationDate":"2025-07-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144557022","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
PathWatcher: A path-based behavior detection method for attack detection and investigation PathWatcher:用于攻击检测和调查的基于路径的行为检测方法
IF 4.8 2区 计算机科学
Computers & Security Pub Date : 2025-07-03 DOI: 10.1016/j.cose.2025.104563
Zehui Wang, Hao Li, Yinhao Qi, Wei Qiao, Song Liu, Chen Zhang, Bo Jiang, Zhigang Lu
{"title":"PathWatcher: A path-based behavior detection method for attack detection and investigation","authors":"Zehui Wang,&nbsp;Hao Li,&nbsp;Yinhao Qi,&nbsp;Wei Qiao,&nbsp;Song Liu,&nbsp;Chen Zhang,&nbsp;Bo Jiang,&nbsp;Zhigang Lu","doi":"10.1016/j.cose.2025.104563","DOIUrl":"10.1016/j.cose.2025.104563","url":null,"abstract":"<div><div>Advanced Persistent Threats (APTs) comprise complex and stealthy attack techniques. Due to the characteristics of system audit logs in capturing system-level process calls and providing granular log data, using audit logs for causal analysis of advanced threat behaviors has become a popular solution. However, existing solutions still suffer from several deficiencies: (1) semantic gaps between raw data in low-level views and high-level system behaviors, (2) fatigue alert, and (3) poor interpretability and inferability.</div><div>In this paper, we propose PathWatcher, a path-based behavior detection method, which enables attack investigation based on detection results. PathWatcher enhances low-level semantics by combining operation sequences, extracting paths as behavioral entities from the provenance graph, and learning path features. This approach reduces the semantic gap between low-level data and high-level system behaviors. PathWatcher first performs graph construction and path extraction in the graph construction module, followed by feature learning of nodes and paths in the behavioral sequence extraction module, the data generated during the process exists in the path record with a certain rule, and finally the data from the path record is used for feature extraction and path tracing in the behavior identification and attack clues module, the data from the path record is used for feature extraction and path tracing. This model exhibits strong inferability and interpretability by matching paths to operational behaviors in logs. This allows security researchers to combine path records and investigate attacks directly using high-level semantics, thereby alleviating alert fatigue. Our experimental results demonstrate that PathWatcher effectively improves the detection accuracy of malicious behaviors while enhancing semantic interpretability. The detection results are inferable, achieving accuracies of 99.76% and 99.07% on two datasets, and we provide an analysis of attack investigations.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"157 ","pages":"Article 104563"},"PeriodicalIF":4.8,"publicationDate":"2025-07-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144662187","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
LiDAR point cloud transmission: Adversarial perspectives of spoofing attacks in autonomous driving 激光雷达点云传输:自动驾驶中欺骗攻击的对抗视角
IF 4.8 2区 计算机科学
Computers & Security Pub Date : 2025-07-01 DOI: 10.1016/j.cose.2025.104544
Tariq Hussain , Muhammad Nawaz Khan , Bailin Yang , Razaz Waheeb Attar , Ahmed Alhomoud
{"title":"LiDAR point cloud transmission: Adversarial perspectives of spoofing attacks in autonomous driving","authors":"Tariq Hussain ,&nbsp;Muhammad Nawaz Khan ,&nbsp;Bailin Yang ,&nbsp;Razaz Waheeb Attar ,&nbsp;Ahmed Alhomoud","doi":"10.1016/j.cose.2025.104544","DOIUrl":"10.1016/j.cose.2025.104544","url":null,"abstract":"<div><div>LiDAR technology uses laser light to illuminate the surrounding area and detect 3D objects. Calculates different features such as distance, shape, height, and direction of objects, ultimately generating comprehensive 3D maps by collecting cloud points. They are frequently used in autonomous vehicles, robotics, forestry, archaeology, and environmental monitoring. LiDAR is important in autonomous vehicles for recognizing objects, pedestrians, and other vehicles, allowing them to make judgments to prevent collisions and ensure human safety. The LiDAR systems are generally robust; they are not immune to certain types of security attacks that could compromise the integrity of the signals and may affect the accuracy of the data. If the signal is compromised, the system could incorrectly interpret the environment, resulting in erroneous object recognition, incorrect obstacle avoidance decisions, or inaccurate environment mapping. As a result, it can lead to serious consequences, such as property damage, accidents, or dangerous driving conditions. To address these security challenges and establish better security mechanisms for LiDAR systems, we have proposed a novel technique for detecting and avoiding all possible spoofing attacks on LiDAR signals. Initially, the system identifies potential spoofing attacks, and as a preventive measure, it employs an optimized path strategy. This strategy ensures safe crossings and autonomous navigation while avoiding obstacles along the vehicle’s route. The main aim is to identify the spoofed objects, suitably map the 3D presentation of the objects, and properly navigate autonomous vehicles with an optimized path selection in the automatic driving system. The proposed system is validated in different scenarios, and the experimental results demonstrate a success rate of 94.57% in true positive and false positive rates, indicating the effectiveness of the system. The average precision rate of 0.95 further supports its performance. The strength of the system was confirmed by testing it with different intersection over union (IoU) rates in different situations and closely looking at the attacker’s success rate.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"157 ","pages":"Article 104544"},"PeriodicalIF":4.8,"publicationDate":"2025-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144587558","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Studying the robustness of data imputation methodologies against adversarial attacks 研究数据输入方法对对抗性攻击的鲁棒性
IF 4.8 2区 计算机科学
Computers & Security Pub Date : 2025-06-30 DOI: 10.1016/j.cose.2025.104574
Arthur Dantas Mangussi , Ricardo Cardoso Pereira , Ana Carolina Lorena , Miriam Seoane Santos , Pedro Henriques Abreu
{"title":"Studying the robustness of data imputation methodologies against adversarial attacks","authors":"Arthur Dantas Mangussi ,&nbsp;Ricardo Cardoso Pereira ,&nbsp;Ana Carolina Lorena ,&nbsp;Miriam Seoane Santos ,&nbsp;Pedro Henriques Abreu","doi":"10.1016/j.cose.2025.104574","DOIUrl":"10.1016/j.cose.2025.104574","url":null,"abstract":"<div><div>Cybersecurity attacks, such as poisoning and evasion, can intentionally introduce false or misleading information in different forms into data, potentially leading to catastrophic consequences for critical infrastructures, like water supply or energy power plants. While numerous studies have investigated the impact of these attacks on model-based prediction approaches, they often overlook the impurities present in the data used to train these models. One of those forms is missing data, the absence of values in one or more features. This issue is typically addressed by imputing missing values with plausible estimates, which directly impacts the performance of the classifier.</div><div>The goal of this work is to promote a Data-centric AI approach by investigating how different types of cybersecurity attacks impact the imputation process. To this end, we conducted experiments using four popular evasion and poisoning attacks strategies across 29 real-world datasets, including the NSL-KDD and Edge-IIoT datasets, which were used as case study. For the adversarial attack strategies, we employed the Fast Gradient Sign Method, Carlini &amp; Wagner, Project Gradient Descent, and Poison Attack against Support Vector Machine algorithm. Also, four state-of-the-art imputation strategies were tested under Missing Not At Random, Missing Completely at Random, and Missing At Random mechanisms using three missing rates (5%, 20%, 40%). We assessed imputation quality using MAE, while data distribution shifts were analyzed with the Kolmogorov–Smirnov and Chi-square tests. Furthermore, we measured classification performance by training an XGBoost classifier on the imputed datasets, using F1-score, Accuracy, and AUC. To deepen our analysis, we also incorporated six complexity metrics to characterize how adversarial attacks and imputation strategies impact dataset complexity. Our findings demonstrate that adversarial attacks significantly impact the imputation process. In terms of imputation assessment in what concerns to quality error, the scenario that enrolees imputation with Project Gradient Descent attack proved to be more robust in comparison to other adversarial methods. Regarding data distribution error, results from the Kolmogorov–Smirnov test indicate that in the context of numerical features, all imputation strategies differ from the baseline (without missing data) however for the categorical context Chi-Squared test proved no difference between imputation and the baseline.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"157 ","pages":"Article 104574"},"PeriodicalIF":4.8,"publicationDate":"2025-06-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144518064","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Behind the scenes of attack graphs: Vulnerable network generator for in-depth experimental evaluation of attack graph scalability 攻击图的幕后:脆弱网络生成器,用于深入实验评估攻击图的可扩展性
IF 4.8 2区 计算机科学
Computers & Security Pub Date : 2025-06-28 DOI: 10.1016/j.cose.2025.104576
Alessandro Palma, Silvia Bonomi
{"title":"Behind the scenes of attack graphs: Vulnerable network generator for in-depth experimental evaluation of attack graph scalability","authors":"Alessandro Palma,&nbsp;Silvia Bonomi","doi":"10.1016/j.cose.2025.104576","DOIUrl":"10.1016/j.cose.2025.104576","url":null,"abstract":"<div><div>An Attack Graph represents potential paths for attackers to compromise a computer network and security analysts use it to pinpoint vulnerable areas for cyber risk assessment. Due to their combinatorial complexity, designing scalable algorithms for generating these graphs without sacrificing their accuracy remains a challenge. Previous research focused on improving scalability, but evaluations often overlooked key parameters beyond network size, thus raising the natural question of their application in real-world settings. One of the main causes is the lack of data that the cybersecurity community faces in different areas, and cyber risk assessment in particular. To address this problem and support the comprehensive evaluation of attack graph algorithms, we introduce a dataset generator of vulnerable networks, which includes realistic reachability graphs and vulnerability inventories. This enables the design of an analytical framework to assess attack graph scalability comprehensively, considering diverse network and vulnerability dimensions. According to the proposed framework, we perform an in-depth experimental evaluation of the time and space complexities of attack graphs, offering novel insights into the critical parameters affecting them, and we extensively discuss how they inform and benefit future approaches.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"157 ","pages":"Article 104576"},"PeriodicalIF":4.8,"publicationDate":"2025-06-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144513613","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Anomaly detection system for Modbus data based on an open source tool 基于Modbus数据异常检测系统的一个开源工具
IF 4.8 2区 计算机科学
Computers & Security Pub Date : 2025-06-26 DOI: 10.1016/j.cose.2025.104572
Jakub Suchorab, Sebastian Plamowski, Maciej Ławryńczuk
{"title":"Anomaly detection system for Modbus data based on an open source tool","authors":"Jakub Suchorab,&nbsp;Sebastian Plamowski,&nbsp;Maciej Ławryńczuk","doi":"10.1016/j.cose.2025.104572","DOIUrl":"10.1016/j.cose.2025.104572","url":null,"abstract":"<div><div>This paper presents an anomaly detection system based on the Modbus TCP/IP protocol for industrial networks. The system has been developed using Zeek, an open-source tool for monitoring and analyzing network traffic. The data model is based on discrete-time Markov chains, extended with time parameters and observations of process parameters. The detection model defines ten types of anomalies, allowing for the recognition of specific deviations from normal network operations. To assess the quality of the model, a series of test scenarios have been developed to simulate potential anomalies in a control system, including a realistic real-time manipulation attack. These tests have been conducted in a simulated environment. The results confirm that the system is capable of real-time anomaly detection, accurately identifying most of the simulated attack scenarios without generating false positive alerts, thanks to customizable detection parameters.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"157 ","pages":"Article 104572"},"PeriodicalIF":4.8,"publicationDate":"2025-06-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144510909","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Enhancing cybersecurity in the judiciary: Integrating additional controls into the CIS framework 加强司法机构的网络安全:将额外的控制纳入CIS框架
IF 4.8 2区 计算机科学
Computers & Security Pub Date : 2025-06-25 DOI: 10.1016/j.cose.2025.104584
Renato Solimar Alves , Jady Pamella Barbacena da Silva , Luiz Antonio Ribeiro Junior , Rafael Rabelo Nunes
{"title":"Enhancing cybersecurity in the judiciary: Integrating additional controls into the CIS framework","authors":"Renato Solimar Alves ,&nbsp;Jady Pamella Barbacena da Silva ,&nbsp;Luiz Antonio Ribeiro Junior ,&nbsp;Rafael Rabelo Nunes","doi":"10.1016/j.cose.2025.104584","DOIUrl":"10.1016/j.cose.2025.104584","url":null,"abstract":"<div><div>The Judiciary faces considerable challenges protecting its critical operations from cyber threats in an increasingly digital and vulnerable landscape. This article explores the need to enhance information security practices beyond basic security controls to address operational and technological risks targeting the Judiciary. Intending to propose an expansion of the security controls suggested by the CIS Controls framework, this article focuses on critical areas such as information security management, personnel management, and technological requirements specific to the judicial context. Through qualitative analysis and consultations with experts in the field, preventive and corrective measures were identified, encompassing effective communication practices, mental health programs, and a strong culture of integrity complemented by advanced cybersecurity technologies. The results highlight the need for additional, comprehensive controls ranging from physical security to digital protection, promoting an integrated approach to risk management. The contributions of this article extend to establishing a strengthened foundation for security controls, creating a more effective defense mechanism against emerging threats, and ensuring the sustainability and efficiency of court operations. This article contributes to the evolution of security strategies in the Judiciary, with direct practical implications for risk mitigation and the protection of information assets. The work contributes to the debate on information security in the Judiciary and how to adapt and expand the application of the CIS framework.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"157 ","pages":"Article 104584"},"PeriodicalIF":4.8,"publicationDate":"2025-06-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144523303","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A novel open set Energy-based Flow Classifier for Network Intrusion Detection 一种新的基于开放集能量的网络入侵检测流分类器
IF 4.8 2区 计算机科学
Computers & Security Pub Date : 2025-06-23 DOI: 10.1016/j.cose.2025.104569
Manuela M.C. Souza , Camila T. Pontes , João J.C. Gondim , Luís P.F. Garcia , Luiz DaSilva , Eduardo F.M. Cavalcante , Marcelo A. Marotta
{"title":"A novel open set Energy-based Flow Classifier for Network Intrusion Detection","authors":"Manuela M.C. Souza ,&nbsp;Camila T. Pontes ,&nbsp;João J.C. Gondim ,&nbsp;Luís P.F. Garcia ,&nbsp;Luiz DaSilva ,&nbsp;Eduardo F.M. Cavalcante ,&nbsp;Marcelo A. Marotta","doi":"10.1016/j.cose.2025.104569","DOIUrl":"10.1016/j.cose.2025.104569","url":null,"abstract":"<div><div>Several machine learning-based Network Intrusion Detection Systems (NIDS) have been proposed in recent years. Still, most of them were developed and evaluated under the assumption that the training context is similar to the test context. This assumption is false in real networks, given the emergence of new attacks and variants of known attacks. To deal with this reality, the open set recognition field, which is the most general task of recognizing classes not seen during training in any domain, began to gain importance in machine learning based NIDS research. Yet, existing solutions are often bound to high temporal complexities and performance bottlenecks. In this work, we propose an algorithm to be used in NIDS that performs open set recognition. Our proposal is an adaptation of the single-class Energy-based Flow Classifier (EFC), which proved to be an algorithm with strong generalization capability and low computational cost. The new version of EFC correctly classifies not only known attacks, but also unknown ones, and differs from other proposals from the literature by presenting a single layer with low temporal complexity. Our proposal was evaluated against well-established multi-class algorithms and as an open set classifier. It proved to be an accurate classifier in both evaluations, similar to the state of the art. As a conclusion of our work, we consider EFC a promising algorithm to be used in NIDS for its high performance and applicability in real networks.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"157 ","pages":"Article 104569"},"PeriodicalIF":4.8,"publicationDate":"2025-06-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144501444","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
DynMark: A dynamic packet counting watermarking scheme for robust traffic tracing in network flows DynMark:一种用于网络流中鲁棒流量跟踪的动态分组计数水印方案
IF 4.8 2区 计算机科学
Computers & Security Pub Date : 2025-06-23 DOI: 10.1016/j.cose.2025.104571
Sibo Qiao , Haohao Zhu , Lin Sha , Min Wang , Qiang Guo
{"title":"DynMark: A dynamic packet counting watermarking scheme for robust traffic tracing in network flows","authors":"Sibo Qiao ,&nbsp;Haohao Zhu ,&nbsp;Lin Sha ,&nbsp;Min Wang ,&nbsp;Qiang Guo","doi":"10.1016/j.cose.2025.104571","DOIUrl":"10.1016/j.cose.2025.104571","url":null,"abstract":"<div><div>To locate malicious attack sources and enhance network defense capabilities, traffic tracing has become a critical technology for defending against network attacks. Existing methods, such as IP address tracing and network flow watermarking, often fail to trace attackers using encrypted channels or network obfuscation techniques. Although watermarking can embed traceable features, its performance degrades in complex environments with delay jitter and packet loss. To address these issues, we propose a novel dynamic watermarking method based on packet count and timing, called DynMark. This method adaptively modulates packet count and timing to construct a multidimensional watermark carrier, thereby enhancing traffic tracking and tracing capabilities and enabling effective tracking of attack traffic in complex network environments. In addition, to ensure watermark synchronization accuracy, we design a dynamic synchronization tag to guarantee precise synchronization of the watermark’s time window. Moreover, considering that non-continuous data flows may lead to inaccurate watermark detection, we further propose a robust error correction mechanism based on fountain codes and error-correcting codes, which significantly enhances the robustness of the watermarking method and ensures the accuracy of data transmission. Experimental results show that under interference conditions such as high delay jitter, packet loss, and chaff packet insertion, DynMark maintains an accuracy rate of over 90%. Compared with state-of-the-art watermarking methods, DynMark achieves an approximate 4% improvement in accuracy. In addition, DynMark successfully passes the K-S test, demonstrating its invisibility.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"157 ","pages":"Article 104571"},"PeriodicalIF":4.8,"publicationDate":"2025-06-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144472188","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信