Searching for just a few words should be enough to get started. If you need to make more complex queries, use the tips below to guide you.
Purchase individual online access for 1 year to this journal.
Price: EUR 260.00Impact Factor 2023: 1.2
The Journal of Computer Security presents research and development results of lasting significance in the theory, design, implementation, analysis, and application of secure computer systems. It also provides a forum for ideas about the meaning and implications of security and privacy, particularly those with important consequences for the technical community.
The journal provides an opportunity to publish articles of greater depth and length than is possible in the proceedings of various existing conferences, while addressing an audience of researchers in computer security who can be assumed to have a more specialized background than the readership of other archival publications. The journal welcomes contributions on all aspects of computer security: confidentiality, integrity, and assurance of service - that is, protection against unauthorized disclosure or modification of sensitive information, or denial of service. Of interest is a precise understanding of security policies through modelling, as well as the design and analysis of mechanisms for enforcing them, and the architectural principles of software and hardware systems implementing them.
Authors: Chen, You | Ding, Ning | Gu, Dawu | Bian, Yang
Article Type: Research Article
Abstract: Private set intersection cardinality (PSI-CA) and private intersection-sum with cardinality (PSI-CA-sum) are two primitives that enable data owners to learn the intersection cardinality of their data sets, with the difference that PSI-CA-sum additionally outputs the sum of the associated integer values of all the data that belongs to the intersection (i.e., intersection-sum). However, to the best of our knowledge, all existing multi-party PSI-CA (MPSI-CA) protocols are either limited by high computational cost or face security challenges under arbitrary collusion. As for multi-party PSI-CA-sum (MPSI-CA-sum), there is even no formalization for this notion at present, not to mention secure constructions for …it. In this paper, we first present an efficient MPSI-CA protocol with two non-colluding parties. This protocol significantly decreases the number of parties involved in expensive interactive procedures, leading to a significant enhancement in runtime efficiency. Our numeric results demonstrate that the running time of this protocol is merely one-quarter of the time required by our proposed MPSI-CA protocol that is secure against arbitrary collusion. Therefore, in scenarios where performance is a priority, this protocol stands out as an excellent choice. Second, we successfully construct the first MPSI-CA protocol that achieves simultaneous practicality and security against arbitrary collusion. Additionally, we also conduct implementation to verify its practicality (while the previous results under arbitrary collusion only present theoretical analysis of performance, lacking real implementation). Numeric results show that by shifting the costly operations to an offline phase, the online computation can be completed in just 12.805 seconds, even in the dishonest majority setting, where 15 parties each hold a set of size 2 16 . Third, we formalize the concept of MPSI-CA-sum and present the first realization that ensures simultaneous practicality and security against arbitrary collusion. The computational complexity of this protocol is roughly twice that of our MPSI-CA protocol. Besides the main results, we introduce the concepts and efficient constructions of two novel building blocks: multi-party secret-shared shuffle and multi-party oblivious zero-sum check, which may be of independent interest. Show more
Keywords: Multi-party PSI-CA, multi-party PSI-CA-sum, secure multi-party computation, privacy
DOI: 10.3233/JCS-230091
Citation: Journal of Computer Security, vol. Pre-press, no. Pre-press, pp. 1-41, 2024
Authors: Cui, Susu | Han, Xueying | Dong, Cong | Li, Yun | Liu, Song | Lu, Zhigang | Liu, Yuling
Article Type: Research Article
Abstract: Detecting encrypted malware traffic promptly to halt the further propagation of an attack is critical. Currently, machine learning becomes a key technique for extracting encrypted malware traffic patterns. However, due to the dynamic nature of network environments and the frequent updates of malware, current methods face the challenges of detecting unknown malware traffic in open-world environment. To address the issue, we introduce MVDet, a novel method that employs machine learning to mine the behavioral features of malware traffic based on multi-view analysis. Unlike traditional methods, MVDet innovatively characterizes the behavioral features of malware traffic at 4-tuple flows from four views: …statistical view, DNS view, TLS view, and business view, which is a more stable feature representation capable of handling complex network environments and malware updates. Additionally, we achieve a short-time behavioral features construction, significantly reducing the time cost for feature extraction and malware detection. As a result, we can detect malware behavior at an early stage promptly. Our evaluation demonstrates that MVDet can detect a wide variety of known malware traffic and exhibits efficient and robust detection in both open-world and unknown malware scenarios. MVDet outperforms state-of-the-art methods in closed-world known malware detection, open-world known malware detection, and open-world unknown malware detection. Show more
Keywords: Encrypted traffic, malware traffic detection, multi-view features, machine learning
DOI: 10.3233/JCS-230024
Citation: Journal of Computer Security, vol. Pre-press, no. Pre-press, pp. 1-23, 2024
Authors: Wei, Jin | Chen, Ping
Article Type: Research Article
Abstract: By developing a Turing-complete non-control data attack to bypass existing defenses against control flow attacks, Data-Oriented Programming (DOP) has gained significant attention from researchers in recent years. While several defense techniques have been proposed to mitigate DOP attacks, they often introduce substantial overhead due to the blind protection of a large range of data objects. To address this issue, we focus on selecting and protecting the specific target data that are of interest to DOP attackers, rather than securing the entire non-control data in the program. In this regard, we perform static analysis on 20 real-world applications and identify …the target data, verifying that they constitute only a small percentage of the overall program, averaging around 3%. Additionally, we propose a semi-automated tool to analyze how to chain operations on the target data in these 20 applications to achieve Turing-complete attacks. Furthermore, we introduce DSLR-: a low-overhead Data Structure Layout Randomization (DSLR) method, which modifies the existing DSLR technique to only randomize the selected target data for DOP. Experimental results demonstrate that DSLR- effectively mitigates DOP attacks, reducing performance overhead by 71.2% and memory overhead by 82.5% compared to the original DSLR technique. Show more
Keywords: Memory corruption attacks, data-oriented programming, data structure layout randomization
DOI: 10.3233/JCS-230053
Citation: Journal of Computer Security, vol. Pre-press, no. Pre-press, pp. 1-26, 2023
Authors: Basin, David | Debois, Søren | Hildebrandt, Thomas
Article Type: Research Article
Abstract: We present an approach to the proactive enforcement of provisions and obligations, suitable for building policy enforcement mechanisms that both prevent and cause system actions. Our approach encompasses abstract requirements for proactive policy enforcement, a system model describing how enforcement mechanisms interact with and control target systems, and concrete policy languages and associated enforcement mechanisms. As examples of policy languages, we consider finite automata and timed dynamic condition response (DCR) graphs. We use finite automata to illustrate the basic principles and DCR graphs to show how these principles can be adapted to a practical, real-time policy language. In both cases, …we show how to algorithmically determine whether a given policy is enforceable and, when this is the case, construct an associated enforcement mechanism. Our approach improves upon existing formalisms in two ways: (1) we exploit the target system’s existing functionality to avert policy violations proactively, rather than compensate for them reactively; and (2) rather than requiring the manual specification of remedial actions in the policy, we deduce required actions directly from the policy. Show more
Keywords: Access control, run-time enforcement, obligations, business process modeling
DOI: 10.3233/JCS-210078
Citation: Journal of Computer Security, vol. Pre-press, no. Pre-press, pp. 1-43, 2023
Authors: Hu, Yupeng | Kuang, Wenxin | Zhe, Jin | Li, Wenjia | Li, Keqin | Zhang, Jiliang | Hu, Qiao
Article Type: Research Article
Abstract: This paper presents the design and implementation of a systematic Inter-Component Communications (ICCs) dynamic Analysis Technique (SIAT) for detecting privacy-sensitive data leak threats. SIAT’s specific approach involves the identification of malicious ICC patterns by actively tracing both data flows and implicit control flows within ICC processes during runtime. This is achieved by utilizing the taint tagging methodology, a technique utilized by TaintDroid. As a result, it can discover the malicious intent usage pattern and further resolve the coincidental malicious ICCs and bypass cases without incurring performance degradation. SIAT comprises two key modules: Monitor and Analyzer . The Monitor …makes the first attempt to revise the taint tag approach named TaintDroid by developing the built-in intent service primitives to help Android capture the intent-related taint propagation at multi-level for malicious ICC detection. Specifically, we enable the Monitor to perform systemwide tracking of intent with five abstraction functionalities embedded in the interactive workflow of components. By analyzing the taint logs offered by the Monitor , the Analyzer can build the accurate and integrated ICC patterns adopted to identify the specific leak threat patterns with the identification algorithms and predefined rules. Meanwhile, we employ the patterns’ deflation technique to improve the efficiency of the Analyzer . We implement the SIAT with Android Open Source Project and evaluate its performance through extensive experiments on a particular dataset consisting of well-known datasets and real-world apps. The experimental results show that, compared to state-of-the-art approaches, the SIAT can achieve about 25% ∼200% accuracy improvements with 1.0 precision and 0.98 recall at negligible runtime overhead. Apart from that, the SIAT can identify two undisclosed cases of bypassing that prior technologies cannot detect and quite a few malicious ICC threats in real-world apps with lots of downloads on the Google Play market. Show more
Keywords: Android malware, dynamic threats detection, inter-component communication, taint tags, threat patterns
DOI: 10.3233/JCS-220044
Citation: Journal of Computer Security, vol. Pre-press, no. Pre-press, pp. 1-27, 2023
Authors: Zou, Qingtian | Zhang, Lan | Singhal, Anoop | Sun, Xiaoyan | Liu, Peng
Article Type: Research Article
Abstract: While network attacks play a critical role in many advanced persistent threat (APT) campaigns, an arms race exists between the network defenders and the adversary: to make APT campaigns stealthy, the adversary is strongly motivated to evade the detection system. However, new studies have shown that neural network is likely a game-changer in the arms race: neural network could be applied to achieve accurate, signature-free, and low-false-alarm-rate detection. In this work, we investigate whether the adversary could fight back during the next phase of the arms race. In particular, noticing that none of the existing adversarial example generation methods could …generate malicious packets (and sessions) that can simultaneously compromise the target machine and evade the neural network detection model, we propose a novel attack method to achieve this goal. We have designed and implemented the new attack. We have also used Address Resolution Protocol (ARP) Poisoning and Domain Name System (DNS) Cache Poisoning as the case study to demonstrate the effectiveness of the proposed attack. Show more
Keywords: Network attack, neural network, adversarial example
DOI: 10.3233/JCS-230031
Citation: Journal of Computer Security, vol. Pre-press, no. Pre-press, pp. 1-28, 2023
Authors: Zhang, Liping | Chen, Shukai | Ren, Wei | Min, Geyong | Choo, Kim-Kwang Raymond
Article Type: Research Article
Abstract: Biometric-based authentication methods have been widely used, for example on portable devices (e.g., Android and iOS devices). However, there are several known limitations in existing authentication methods based on biometrics (e.g., those using facial, iris, and fingerprint). For example, in a healthcare context, a user may be physically incapable of completing the authentication due to his/her medical conditions. Hence, as a complementary authentication mechanism, there have been attempts to also utilize electrocardiogram (ECG). In this work, we propose an ECG authentication system that leverages deep learning. Specifically, to achieve generalization ability, complementary ensemble empirical decomposition (CEEMD) is introduced in our …design. Moreover, a 1-D Multi-scale Convolutional Neural Network (1-D MCNN) is implemented to achieve accurate authentication. To evaluate the usability of our proposed approach, we have performed extensive experiments on eight databases, and the findings show that our proposed approach achieves good performance even on abnormal databases and can be adapted for different application environments. In addition, our adopted data from eight public databases requires theoretical statistical treatment for practical applications in real authentication scenarios. Show more
Keywords: ECG Authentication, feature extraction, biometrics, CEEMD, multi-scale CNN
DOI: 10.3233/JCS-220137
Citation: Journal of Computer Security, vol. Pre-press, no. Pre-press, pp. 1-22, 2024
Authors: Gope, Prosanta | Lin, Zhihui | Yang, Yang | Ning, Jianting
Article Type: Research Article
Abstract: The transition from paper-based information to Electronic-Health-Records (EHRs) has driven various advancements in the modern healthcare industry. In many cases, patients need to share their EHR with healthcare professionals. Given the sensitive and security-critical nature of EHRs, it is essential to consider the security and privacy issues of storing and sharing EHR. However, existing security solutions excessively encrypt the whole database, thus requiring the entire database to be decrypted for each access request, which is time-consuming. On the other hand, the use of EHR for medical research (e.g., development of precision medicine and diagnostics techniques) and optimisation of practices in …healthcare organisations require the EHR to be analysed. To achieve that, they should be easily accessible without compromising the patient’s privacy. In this paper, we propose an efficient technique called E-Tenon that not only securely keeps all EHR publicly accessible but also provides the desired security features. To the best of our knowledge, this is the first work in which an Open Database is used for protecting EHR. The proposed E-Tenon empowers patients to securely share their EHR under their own multi-level, fine-grained access policies. Analyses show that our system outperforms existing solutions in terms of computational complexity. Show more
Keywords: Open database, E-Tenon, ABE, multi-level attribute-based encryption, multi-signature
DOI: 10.3233/JCS-220097
Citation: Journal of Computer Security, vol. Pre-press, no. Pre-press, pp. 1-30, 2024
Authors: Bruschi, Danilo | Di Pasquale, Andrea | Lanzi, Andrea | Pagani, Elena
Article Type: Research Article
Abstract: The increased adoption of the Internet Protocol (IP) in ICSs has made these systems vulnerable to the same security risks that are present in traditional IT environments. The legacy nature of ICSs and their unique operational requirements make them vulnerable to security threats that are different from those in IT environments. In this paper, we describe a protocol, named ArpON, which is able to wipe out in quasi real time any ARP cache poisoning attempt, thus making it ineffective. Contrarily to solutions presented in the literature for contrasting ARP cache poisoning, ArpON incurs in low operational costs, is backward compatible, …transparent to the ARP protocol and does not use any HW feature nor cryptography functionality. We also model and validate ArpON in the OMNET+ + network simulator. The simulation results show that ArpON is effective in avoiding ARP poisoning, and its communication overhead is negligible with respect to classical ARP protocol. Show more
Keywords: Industry 4.0, ARP, ARP poisoning, Man-in-the-Middle attacks, secure ARP
DOI: 10.3233/JCS-230023
Citation: Journal of Computer Security, vol. Pre-press, no. Pre-press, pp. 1-29, 2024
Authors: Breuer, Malte | Hein, Pascal | Pompe, Leonardo | Meyer, Urike | Wetzel, Susanne
Article Type: Research Article
Abstract: The Kidney Exchange Problem (KEP) aims at finding an optimal set of exchanges among pairs of patients and their medically incompatible living kidney donors as well as altruistic donors who are not associated with any particular patient but want to donate a kidney to any person in need. Existing platforms that offer the finding of such exchanges for patient-donor pairs and altruistic donors are organized in a centralized fashion and operated by a single platform operator. This makes them susceptible to manipulation and corruption. Recent research has targeted these security issues by proposing decentralized Secure Multi-Party Computation (SMPC) protocols for …solving the KEP. However, these protocols fail to meet two important requirements for kidney exchange in practice. First, they do not allow for altruistic donors. While such donors are not legally allowed in all countries, they have been shown to have a positive effect on the number of transplants that can be found. Second, the existing SMPC protocols do not support prioritization, which is used in existing platforms to give priority to certain exchanges or patient-donor pairs, e.g., to patients who are hard to match due to their medical characteristics. In this paper, we introduce a generic gate for implementing prioritization in kidney exchange. We extend two existing SMPC protocols for solving the KEP such that they allow for altruistic donors and prioritization and present one novel SMPC protocol for solving the KEP with altruistic donors and prioritization based on dynamic programming. We prove the security of all protocols and analyze their complexity. We implement all protocols and evaluate their performance for the setting where altruistic donors are legally allowed and for the setting where they are not. Thereby, we determine the performance impact of the inclusion of altruistic donors and obtain those approaches that perform best for each setting. Show more
Keywords: Kidney Exchange, Privacy, Secure Multi-Party Computation
DOI: 10.3233/JCS-230012
Citation: Journal of Computer Security, vol. Pre-press, no. Pre-press, pp. 1-56, 2024
Authors: Gao, Yan | Du, Ruizhong | Wang, Xiaofei | Li, Ruilin | Li, Mingyue | Wang, Ziyuan
Article Type: Research Article
Abstract: As far as mobile edge computing is concerned, it is necessary to ensure the data integrity of latency-sensitive applications during the process of computing. While certain research programs have demonstrated efficacy, challenges persist, including the inefficient utilization of computing resources, network backhaul issues, and the occurrence of false-negative detections. To solve these problems, an integrity protection scheme is proposed in this paper on the basis of data right confirmation (DRC). Under this scheme, a two-layer consensus algorithm is developed. The outer algorithm is applied to establish a data authorization mechanism by marking the original data source to avoid the false …negative results caused by network attacks from the data source. In addition, blockchain-based mobile edge computing (BMEC) technology is applied to enable data sharing in the context of mobile edge computing while minimizing the network backhaul of edge computing. Based on the Merkle Tree algorithm, the inner layer algorithm is capable not only of accurately locating and promptly repairing damaged data but also of verifying all servers in the mobile edge computing network either regularly or on demand. Finally, our proposal is evaluated against two existing research schemes. The experimental results show that our proposed scheme is not only effective in ensuring data integrity in mobile edge computing, but it is also capable of achieving better performance. Show more
Keywords: Mobile edge computing, integrity, data right confirmation, consensus, merkle tree
DOI: 10.3233/JCS-220103
Citation: Journal of Computer Security, vol. Pre-press, no. Pre-press, pp. 1-19, 2024
Authors: Horta Neto, Antonio Jose | dos Santos, Anderson Fernandes Pereira | Goldschmidt, Ronaldo Ribeiro
Article Type: Research Article
Abstract: Organizations are vulnerable to cyber attacks as they rely on computer networks and the internet for communication and data storage. While Reinforcement Learning (RL) is a widely used strategy to simulate and learn from these attacks, RL-guided offensives against unknown scenarios often lead to early exposure due to low stealth resulting from mistakes during the training phase. To address this issue, this work evaluates if the use of Knowledge Transfer Techniques (KTT), such as Transfer Learning and Imitation Learning, reduces the probability of early exposure by smoothing mistakes during training. This study developed a laboratory platform and a method to …compare RL-based cyber attacks using KTT for unknown scenarios. The experiments simulated 2 unknown scenarios using 4 traditional RL algorithms and 4 KTT. In the results, although some algorithms using KTT obtained superior results, they were not so significant for stealth during the initial epochs of training. Nevertheless, experiments also revealed that throughout the entire learning cycle, Trust Region Policy Optimization (TRPO) is a promising algorithm for conducting cyber offensives based on Reinforcement Learning. Show more
Keywords: Reinforcement learning, transfer learning, imitation learning, knowledge transfer, cyber attacks, unknown scenarios
DOI: 10.3233/JCS-230145
Citation: Journal of Computer Security, vol. Pre-press, no. Pre-press, pp. 1-19, 2024
Authors: Fei, Kexiong | Zhou, Jiang | Su, Lin | Wang, Weiping | Chen, Yong
Article Type: Research Article
Abstract: With the advancement of network security equipment, insider threats gradually replace external threats and become a critical contributing factor for cluster security threats. When detecting and combating insider threats, existing methods often concentrate on users’ behavior and analyze logs recording their operations in an information system. Traditional sequence-based method considers temporal relationships for user actions, but cannot represent complex logical relationships well between various entities and different behaviors. Current machine learning-based approaches, such as graph-based methods, can establish connections among log entries but have limitations in terms of complexity and identifying malicious behavior of user’s inherent intention. In this …paper, we propose Log2Graph, a novel insider threat detection method based on graph convolution neural network. To achieve efficient anomaly detection, Log2Graph first retrieves logs and corresponding features from log files through feature extraction. Specifically, we use an auxiliary feature of anomaly index to describe the relationship between entities, such as users and hosts, instead of establishing complex connections between them. Second, these logs and features are augmented through a combination of oversampling and downsampling, to prepare for the next-stage supervised learning process. Third, we use three elaborated rules to construct the graph of each user by connecting the logs according to chronological and logical relationships. At last, the dedicated built graph convolution neural network is used to detect insider threats. Our validation and extensive evaluation results confirm that Log2Graph can greatly improve the performance of insider threat detection compared to existing state-of-the-art methods. Show more
Keywords: Insider threat detection, cluster security, advanced persistent threats, graph construction, graph convolution neural network
DOI: 10.3233/JCS-230092
Citation: Journal of Computer Security, vol. Pre-press, no. Pre-press, pp. 1-24, 2024
IOS Press, Inc.
6751 Tepper Drive
Clifton, VA 20124
USA
Tel: +1 703 830 6300
Fax: +1 703 830 2300
sales@iospress.com
For editorial issues, like the status of your submitted paper or proposals, write to editorial@iospress.nl
IOS Press
Nieuwe Hemweg 6B
1013 BG Amsterdam
The Netherlands
Tel: +31 20 688 3355
Fax: +31 20 687 0091
info@iospress.nl
For editorial issues, permissions, book requests, submissions and proceedings, contact the Amsterdam office info@iospress.nl
Inspirees International (China Office)
Ciyunsi Beili 207(CapitaLand), Bld 1, 7-901
100025, Beijing
China
Free service line: 400 661 8717
Fax: +86 10 8446 7947
china@iospress.cn
For editorial issues, like the status of your submitted paper or proposals, write to editorial@iospress.nl
如果您在出版方面需要帮助或有任何建, 件至: editorial@iospress.nl