当前期刊: Computers & Security Go to current issue    加入关注   
显示样式:        排序: IF: - GO 导出
  • An Incremental Algorithm for the Role Mining Problem
    Comput. Secur. (IF 3.062) Pub Date : 2020-04-07
    Martin Trnecka; Marketa Trneckova

    The role mining process, i.e. computing minimal set of roles from a user-permission assignment relation, is rather incremental task. In a usual situation the set of roles is already established, and the existing permissions are evolved according to current needs. Computation of roles from scratch after each small change in the data is inefficient. Surprisingly, no incremental algorithm for role mining

  • Dynamic temporal ADS-B data attack detection based on sHDP-HMM
    Comput. Secur. (IF 3.062) Pub Date : 2020-04-03
    Tengyao Li; Buhong Wang; Fute Shang; Jiwei Tian; Kunrui Cao

    For the next generation air traffic surveillance, ADS-B is becoming the primary method to obtain more accurate data with wide coverage, which establishes the foundation for automatic and intelligent air traffic management system. However, ADS-B is designed without sufficient security considerations, transmitting with plain text without integrity and authentication validations. Thus, ADS-B data is in

  • IBV-CFI: Efficient Fine-grained Control-Flow Integrity Preserving CFG Precision
    Comput. Secur. (IF 3.062) Pub Date : 2020-04-04
    Hyerean Jang; Moon Chan Park; Dong Hoon Lee

    Control-flow integrity (CFI) is a software security solution that prevents software attacks such as control-flow hijacking by restricting the indirect control-flow transfers (ICT) to a pre-computed control-flow graph (CFG). Since the validity of ICTs are determined based on CFG on the CFI mechanism, CFG precision is an important factor in determining CFI security level. However, checking the validity

  • Improving SIEM Alert Metadata Aggregation with a Novel Kill-Chain Based Classification Model
    Comput. Secur. (IF 3.062) Pub Date : 2020-04-04
    Blake Bryant; Hossein Saiedian

    Today’s information networks face increasingly sophisticated and persistent threats, where new threat tools and vulnerability exploits often outpace advancements in intrusion detection systems. Current detection systems often create too many alerts, which contain insufficient data for analysts. As a result, the vast majority of alerts are ignored, contributing to security breaches that might otherwise

  • The impact of quantum computing on real-world security: A 5G case study
    Comput. Secur. (IF 3.062) Pub Date : 2020-04-03
    Chris J. Mitchell

    This paper provides a detailed analysis of the impact of quantum computing on the security of 5G mobile telecommunications. This involves considering how cryptography is used in 5G, and how the security of the system would be affected by the advent of quantum computing. This leads naturally to the specification of a series of simple, phased, recommended changes intended to ensure that the security

  • Semantic Diversity: Privacy Considering Distance Between Values of Sensitive Attribute
    Comput. Secur. (IF 3.062) Pub Date : 2020-04-02
    Keiichiro Oishi; Yuichi Sei; Yasuyuki Tahara; Akihiko Ohsuga

    A database that contains personal information and is collected by crowdsensing can be used for various purposes. Therefore, database holders may want to share their databases with other organizations. However, since a database contains information about individuals, database recipients must take privacy concerns into consideration. One of the mainstream privacy protection indicators, l-diversity, guarantees

  • Compile-time Code Virtualization for Android Applications
    Comput. Secur. (IF 3.062) Pub Date : 2020-03-29
    Yujie Zhao; Zhanyong Tang; Guixin Ye; Dongxu Peng; Dingyi Fang; Xiaojiang Chen; Zheng Wang

    Infringing intellectual property by reverse analysis is a severe threat to Android applications. By replacing the program instructions with virtual instructions that an adversary is unfamiliar with, code obfuscation based on virtualization is a promising way of protecting Android applications against reverse engineering. However, the current code virtualization approaches for Android only target at

  • Consistency Analysis and Flow Secure Enforcement of SELinux Policies
    Comput. Secur. (IF 3.062) Pub Date : 2020-03-26
    BS Radhika; N V Narendra Kumar; RK Shyamasundar; Parjanya Vyas

    SELinux policies used in practice contain tens of thousands of rules, making it hard to comprehend their impact on the security and to verify whether they actually meet the intended security goals. In this paper, we describe an approach for reasoning about the consistency of a given SELinux policy by analyzing the information flows caused by it. For this purpose, we model SELinux policy rules using

  • Nudging Personalized Password Policies by Understanding Users’ Personality
    Comput. Secur. (IF 3.062) Pub Date : 2020-03-20
    Yimin Guo; Zhenfeng Zhang; Yajun Guo; Xiaowei Guo

    Password composition policies are used to prevent users from picking weak passwords. A website usually provides a unified password policy for each user but ignores people have a variety of preferences due to individual differences, which makes it difficult to achieve the expected strong password goals. In order to improve the effectiveness of password composition policies, we propose a dynamic personalized

  • Vulnerability Market as a Public-Good Auction with Privacy Preservation
    Comput. Secur. (IF 3.062) Pub Date : 2020-03-20
    Iman Vakilinia; Shamik Sengupta

    Exploitations of zero-day vulnerabilities cause enormous damages to organizations. Hence, organizations would invest in buying zero-day vulnerabilities to patch their systems. On the other hand, hackers are interested in buying zero-day vulnerabilities to exploit their targets. Considering such a market, the vulnerability finder decides whether to sell the vulnerability information to the organizations

    Comput. Secur. (IF 3.062) Pub Date : 2020-03-18
    Stephan Berger; Olga Bürger; Maximilian Röglinger

    The Industrial Internet of Things (IIoT) provides new opportunities to improve process and production efficiency, which enable new business models. At the same time, the high degree of cross-linking and decentralization increases the complexity of IIoT systems and creates new vulnerabilities. Hence, organizations are not only vulnerable to conventional IT threats, but also to a multitude of new, IIoT-specific

  • AMalNet: A deep learning framework based on graph convolutional networks for malware detection
    Comput. Secur. (IF 3.062) Pub Date : 2020-03-17
    Xinjun Pei; Long Yu; Shengwei Tian

    The increasing popularity of Android apps attracted widespread attention from malware authors. Traditional malware detection systems suffer from some shortcomings; computationally expensive, insufficient performance or not robust enough. To address this challenge, we (1) build a novel and highly reliable deep learning framework, named AMalNet, to learn multiple embedding representations for Android

  • 更新日期:2020-03-20
  • MaldomDetector: A System for Detecting Algorithmically Generated Domain Names with Machine Learning
    Comput. Secur. (IF 3.062) Pub Date : 2020-03-12
    Ahmad O. Almashhdani; Mustafa Kaiiali; Domhnall Carlin; Sakir Sezer
  • An Accountable Privacy-Preserving Scheme for Public Information Sharing systems
    Comput. Secur. (IF 3.062) Pub Date : 2020-03-12
    Youcef Imine; Ahmed Lounis; Abdelmadjid Bouabdallah

    Due to the emergence of data externalization technologies, as cloud and fog computing, setting up public information-sharing applications has become much easier. Yet, many concerns related to information security need to be addressed. While sharing information, privacy is without any doubt one of the major concerns for all users. Several proposals in the literature treated privacy issues using existing

  • A Survey on Methods and Challenges in EEG Based Authentication
    Comput. Secur. (IF 3.062) Pub Date : 2020-03-11
    Amir Jalaly Bidgoly; Hamed Jalaly Bidgoly; Zeynab Arezoumand

    EEG is the recording of electrical activities of the brain, usually along the scalp surface, which are the results of synaptic activations of the brain’s neurons. In recent years, it has been shown that EEG is an appropriate signal for the biometric authentication and has important features such as resistance to spoofing attacks and impossibility to use under pressure and coercion states. In this paper

  • Machine Learning Cyberattack and Defense Strategies
    Comput. Secur. (IF 3.062) Pub Date : 2020-02-04
    John A. Bland; Mikel D. Petty; Tymaine S. Whitaker; Katia P. Maxwell; Walter Alan Cantrell

    Cybersecurity is an increasingly important challenge for computer systems. In this work, cyberattacks were modeled using an extension of the well-known Petri net formalism. That formalism, designated Petri nets with players, strategies, and costs, models the states of the cyberattack and events during the attack as markings and transition firings in the net respectively. The formalism models the attacker

  • Moving target defense in cloud computing: A systematic mapping study
    Comput. Secur. (IF 3.062) Pub Date : 2020-02-03
    Matheus Torquato; Marco Vieira

    Moving Target Defense (MTD) consists of applying system reconfiguration (e.g., VM migration, IP shuffling) to dynamically change the available attack surface. MTD makes use of reconfiguration to confuse attackers and nullify their knowledge about the system state. It also can be used as an attack reaction (e.g., using Virtual Machine (VM) migration to move VMs away from a compromised host). Thus, MTD

  • Dynamic facial presentation attack detection for automated border control systems
    Comput. Secur. (IF 3.062) Pub Date : 2020-02-04
    David Ortega; Alberto Fernández-Isabel; Isaac Martín de Diego; Cristina Conde; Enrique Cabello
  • Byte-level malware classification based on markov images and deep learning
    Comput. Secur. (IF 3.062) Pub Date : 2020-01-31
    Baoguo Yuan; Junfeng Wang; Dong Liu; Wen Guo; Peng Wu; Xuhua Bao

    In recent years, malware attacks have become serious security threats and have caused huge losses. Due to the rapid growth of malware variants, how to quickly and accurately classify malware is critical to cyber security. As traditional methods based on machine learning are limited by feature engineering and difficult to process vast amounts of malware quickly, malware classification based on malware

  • A secure and scalable data integrity auditing scheme based on hyperledger fabric
    Comput. Secur. (IF 3.062) Pub Date : 2020-01-31
    Ning Lu; Yongxin Zhang; Wenbo Shi; Saru Kumari; Kim-Kwang Raymond Choo
  • System log clustering approaches for cyber security applications: A survey
    Comput. Secur. (IF 3.062) Pub Date : 2020-01-31
    Max Landauer; Florian Skopik; Markus Wurzenberger; Andreas Rauber

    Log files give insight into the state of a computer system and enable the detection of anomalous events relevant to cyber security. However, automatically analyzing log data is difficult since it contains massive amounts of unstructured and diverse messages collected from heterogeneous sources. Therefore, several approaches that condense or summarize log data by means of clustering techniques have

  • Holistic cyber hygiene education: Accounting for the human factors
    Comput. Secur. (IF 3.062) Pub Date : 2020-01-23
    Alexis R. Neigel; Victoria L. Claypoole; Grace E. Waldfogle; Subrata Acharya; Gabriella M. Hancock

    Cybersecurity is paramount in modern cyberdefense. One important factor linked to reducing human-instigated breaches of cybersecurity includes cyber hygiene. Cyber hygiene is the adaptive knowledge and behavior to mitigate risky online activities that put an individual's social, financial, and personal information at risk – a danger that is significantly compounded when discussing the risk to entire

  • APT datasets and attack modeling for automated detection methods: A review
    Comput. Secur. (IF 3.062) Pub Date : 2020-01-29
    Branka Stojanović; Katharina Hofer-Schmitz; Ulrike Kleb

    Automated detection methods for targeted cyber attacks are getting more and more prominent. In order to test these methods properly, it is crucial to have a suitable dataset. This paper provides a review on datasets and their creation for use in APT detection in literature. A special focus is placed on feature engineering, including construction, selection and dimensionality reduction. Two use cases

  • GTM-CSec: Game theoretic model for cloud security based on IDS and honeypot
    Comput. Secur. (IF 3.062) Pub Date : 2020-01-22
    Komal Singh Gill; Sharad Saxena; Anju Sharma

    Cloud Computing has been adopted by many leading organizations for storage, processing, sharing and to provide other services. It faces several security challenges from its surroundings in terms of regular and sophisticated attacks. These challenges become worse when the Internet of Things (IoT) devices are connected to it. This is because of their low-security characteristics. These threats are generally

  • On the use of artificial malicious patterns for android malware detection
    Comput. Secur. (IF 3.062) Pub Date : 2020-02-03
    Manel Jerbi; Zaineb Chelly Dagdia; Slim Bechikh; Lamjed Ben Said

    Malware programs currently represent the most serious threat to computer information systems. Despite the performed efforts of researchers in this field, detection tools still have limitations for one main reason. Actually, malware developers usually use obfuscation techniques consisting in a set of transformations that make the code and/or its execution difficult to analyze by hindering both manual

  • Evaluating the strength of a multilingual passphrase policy
    Comput. Secur. (IF 3.062) Pub Date : 2020-02-03
    Pardon Blessings Maoneke; Stephen Flowerday; Naomi Isabirye

    A number of studies have advocated for the use of long passwords (passphrases) with the aim of attaining a balance between security and usability. This study investigated the security gains of using a multilingual passphrase policy in user generated passphrases that are based on African and Indo-European languages. The research on passwords has been largely focused on the Global North where English

  • A comprehensive model of information security factors for decision-makers
    Comput. Secur. (IF 3.062) Pub Date : 2020-02-04
    Rainer Diesch; Matthias Pfaff; Helmut Krcmar

    Decision-making in the context of organizational information security is highly dependent on various information. For information security managers, not only relevant information has to be clarified but also their interdependencies have to be taken into account. Thus, the purpose of this research is to develop a comprehensive model of relevant management success factors (MSF) for organizational information

  • A deep learning method with wrapper based feature extraction for wireless intrusion detection system
    Comput. Secur. (IF 3.062) Pub Date : 2020-02-08
    Sydney Mambwe Kasongo; Yanxia Sun

    In the past decade, wired and wireless computer networks have substantially evolved because of the rapid development of technologies such as the Internet of Things (IoT), wireless handled devices, vehicular networks, 4G and 5G, cyber-physical systems, etc. These technologies exchange large amount of data, and as a result, they are prone to several malicious actions, attacks and security threats that

  • PLC-SEIFF: A programmable logic controller security incident forensics framework based on automatic construction of security constraints
    Comput. Secur. (IF 3.062) Pub Date : 2020-02-04
    Lijuan Xu; Bailing Wang; Lianhai Wang; Dawei Zhao; Xiaohui Han; Shumian Yang

    Over the past two decades, with the SCADA systems connected to corporate networks or the Internet, the programmable logic controller (PLC) have suffered a large-scale and catastrophic network attacks for the controlling and monitoring physical industrial and infrastructure processes in the industrial control networks, due to their crucial character and safe characteristic. However, the PLC‘s inferior

  • A dynamic Windows malware detection and prediction method based on contextual understanding of API call sequence
    Comput. Secur. (IF 3.062) Pub Date : 2020-02-11
    Eslam Amer; Ivan Zelinka

    Malware API call graph derived from API call sequences is considered as a representative technique to understand the malware behavioral characteristics. However, it is troublesome in practice to build a behavioral graph for each malware. To resolve this issue, we examine how to generate a simple behavioral graph that characterizes malware. In this paper, we introduce the use of word embedding to understand

  • Secure and efficient sharing of authenticated energy usage data with privacy preservation
    Comput. Secur. (IF 3.062) Pub Date : 2020-02-10
    Jianghua Liu; Jingyu Hou; Xinyi Huang; Yang Xiang; Tianqing Zhu

    As a technological innovation, smart grid improves electricity services in terms of substantiality, economics, efficiency, and reliability. This owes to the bi-directional communication property which not only enables the fine-grained energy usage data to be available for different entities but also facilitates the automated grid management. However, sharing such energy usage data with other parties

  • A Pufferfish privacy mechanism for monitoring web browsing behavior under temporal correlations
    Comput. Secur. (IF 3.062) Pub Date : 2020-02-07
    Wenjuan Liang; Hong Chen; Ruixuan Liu; Yuncheng Wu; Cuiping Li

    Monitoring web browsing behavior can benefit for many data mining tasks, such as top-k mining and suspicious behavior watching. However, directly releasing private browsing data to the public would raise user concerns from a privacy perspective. Differential privacy, the current gold standard in data privacy, does not adequately address privacy issues in correlated data. For this reason, Pufferfish

  • All about uncertainties and traps: Statistical oracle-based attacks on a new CAPTCHA protection against oracle attacks
    Comput. Secur. (IF 3.062) Pub Date : 2020-02-10
    Carlos Javier Hernández-Castro; Shujun Li; María D. R-Moreno

    CAPTCHAs are security mechanisms that try to prevent automated abuse of computer services. Many CAPTCHAs have been proposed but most have known security flaws against advanced attacks. In order to avoid a kind of oracle attacks in which the attacker learns about ground truth labels via active interactions with the CAPTCHA service as an oracle, Kwon and Cha proposed a new CAPTCHA scheme that employ

  • A review and theoretical explanation of the ‘Cyberthreat-Intelligence (CTI) capability’ that needs to be fostered in information security practitioners and how this can be accomplished
    Comput. Secur. (IF 3.062) Pub Date : 2020-02-14
    Bongsik Shin; Paul Benjamin Lowry

    Given the global increase in crippling cyberattacks, organizations are increasingly turning to cyberthreat intelligence (CTI). CTI represents actionable threat information that is relevant to a specific organization and that thus demands its close attention. CTI efforts aim to help organizations “know their enemies better” for proactive, preventive, and timely threat detection and remediation—complementing

  • Risk management practices in information security: Exploring the status quo in the DACH region
    Comput. Secur. (IF 3.062) Pub Date : 2020-02-24
    Michael Brunner; Clemens Sauerwein; Michael Felderer; Ruth Breu

    Information security management aims at ensuring proper protection of information values and information processing systems (i.e. assets). Information security risk management techniques are incorporated to deal with threats and vulnerabilities that impose risks to information security properties of these assets. This paper investigates the current state of risk management practices being used in information

  • Defining organisational information security culture—Perspectives from academia and industry
    Comput. Secur. (IF 3.062) Pub Date : 2020-01-08
    Adéle da Veiga; Liudmila V. Astakhova; Adéle Botha; Marlien Herselman

    The ideal or strong information security culture can aid in minimising the threat of humans to information protection and thereby aid in reducing data breaches or incidents in organisations. This research sets out to understand how information security culture is defined from an academic and industry perspective using a mixed-method approach. The definition, factors necessary to instil the ideal information

  • UMUDGA: A dataset for profiling DGA-based botnet
    Comput. Secur. (IF 3.062) Pub Date : 2020-01-18
    Mattia Zago; Manuel Gil Pérez; Gregorio Martínez Pérez

    Advanced botnet threats are natively deploying concealing techniques to prevent detection and sinkholing. To tackle them, machine learning solutions have become a standard approach, especially when dealing with Algorithmically Generated Domain (AGD) names. Nevertheless, machine learning state-of-the-art is non-specialist at best, having multiple issues in terms of rigorousness, reproducibility and

  • Multi attribute auction based incentivized solution against DDoS attacks
    Comput. Secur. (IF 3.062) Pub Date : 2020-02-20
    Amrita Dahiya; B.B. Gupta

    Complexity and severity of DDoS attacks is increasing day by day. Internet has highly inconsistent structure in terms of resource distribution. Numerous technical solutions are present in this domain but solutions considering economic aspects have not been given attention. Therefore, in this paper, a multi attribute based auction mechanism to mitigate DDoS attacks has been proposed. A reputation based

  • A vulnerability analysis and prediction framework
    Comput. Secur. (IF 3.062) Pub Date : 2020-02-14
    Mark A. Williams; Roberto Camacho Barranco; Sheikh Motahar Naim; Sumi Dey; M. Shahriar Hossain; Monika Akbar

    As the world approaches a state of greater dependence on technology, many products face increasing threats from malicious attackers who are attempting to take advantage of vulnerabilities in software design. Most of the known vulnerability information is already aggregated, stored in text format, and readily accessible to the public, making such an aggregated database a prime corpus for analysis using

  • Prioritizing data flows and sinks for app security transformation
    Comput. Secur. (IF 3.062) Pub Date : 2020-02-07
    Ke Tian; Gang Tan; Barbara G. Ryder; Danfeng (Daphne) Yao

    There have been extensive investigations on identifying sensitive data flows in Android apps for detecting malicious behaviors. Typical real world apps have a large number of sensitive flows and sinks. Thus, security analysts need to prioritize these flows and data sinks according to their risks, i.e., flow ranking and sink ranking. In this paper, we present an efficient graph-algorithm based risk

  • An automated model to score the privacy of unstructured information—Social media case
    Comput. Secur. (IF 3.062) Pub Date : 2020-02-24
    Erfan Aghasian; Saurabh Garg; James Montgomery

    One of the common forms of data which is shared by online social media users is free-text formats including comments, posts, blogs and tweets. While users mostly share this unstructured data with their preferred social groups, this textual data may contain sensitive information such as their political or religious views, job details, their opinions and emotions and so on. Hence, sharing this unstructured

  • Sub-curve HMM: A malware detection approach based on partial analysis of API call sequences
    Comput. Secur. (IF 3.062) Pub Date : 2020-02-22
    Jakapan Suaboot; Zahir Tari; Abdun Mahmood; Albert Y. Zomaya; Wei Li

    Malicious software (Malware) plays an important role in penetrating and extracting sensitive information. Based on dynamic program’s behavior monitoring, existing solutions have shown that the Hidden Markov Model (HMM) is efficient in detecting malware using sequences of API calls. However, an obfuscation technique could insert minimal data stealing code into a large set of legitimate instructions

  • Protocol Proxy: An FTE-based covert channel
    Comput. Secur. (IF 3.062) Pub Date : 2020-02-24
    Jonathan Oakley; Lu Yu; Xingsi Zhong; Ganesh Kumar Venayagamoorthy; Richard Brooks

    In a hostile network environment, users must communicate without being detected. This involves blending in with the existing traffic. In some cases, a higher degree of secrecy is required. We present a proof-of-concept format transforming encryption (FTE)-based covert channel for tunneling TCP traffic through protected static protocols. Protected static protocols are UDP-based protocols with variable

  • Expert system assessing threat level of attacks on a hybrid SSH honeynet
    Comput. Secur. (IF 3.062) Pub Date : 2020-03-04
    Matej Zuzčák; Milan Zenka

    Currently, many systems connected to the internet are exposed to hundreds of mostly automated network attacks on a daily basis. These are mostly very simple attacks originating from botnets. However, sophisticated attacks conducted both by automated systems and directly by humans are becoming more common. In order to develop adequate countermeasures, the behaviour of attackers has to be analysed effectively

    Comput. Secur. (IF 3.062) Pub Date : 2020-03-04
    Mari Karjalainen; Mikko Siponen; Suprateek Sarker

    Existing behavioral information security research proposes continuum or non-stage models that focus on finding static determinants for information security behavior (ISB) that remains unchanged. Such models cannot explain a case where the reasons for ISB change. However, the underlying reasons and motives for users’ ISB are not static but may change over time. To understand the change in reasoning

  • Privacy-preserving High-dimensional Data Publishing for Classification
    Comput. Secur. (IF 3.062) Pub Date : 2020-03-03
    Rong Wang; Yan Zhu; Chin-Chen Chang; Qiang Peng

    With increasing amounts of personal information being collected by various organizations, many privacy models have been proposed for masking the collected data so that the data can be published without releasing individual privacy. However, most existing privacy models are not applicable to high-dimensional data, because of the sparseness of high-dimensional search space. In this paper, we present

  • Image-Based Malware Classification using Ensemble of CNN Architectures (IMCEC)
    Comput. Secur. (IF 3.062) Pub Date : 2020-02-29
    Danish Vasan; Mamoun Alazab; Sobia Wassan; Babak Safaei; Qin Zheng

    Unfortunately, both researchers and malware authors have demonstrated that malware scanners are limited and can be easily evaded by simple obfuscation techniques. This paper proposes a novel ensemble convolutional neural networks (CNNs) based architecture for effective detection of both packed and unpacked malware. We have named this method image-based malware classification using ensemble of CNNs

  • Adaptation of Password Strength Estimators to a Non-English Environment – the Czech Experience
    Comput. Secur. (IF 3.062) Pub Date : 2020-02-29
    Petr Doucek; Luboš Pavlíček; Jiří Sedláček; Lea Nedomová

    Passwords are among the most commonly used methods of user authentication. Password strength estimators can significantly help users to choose passwords of reasonable strength. These estimates are, however, useful for end users and administrators only in those cases where they provide sufficiently precise password strength estimations. Tools for estimating password strength have mainly been tested

  • The Ransomware-as-a-Service Economy within the Darknet
    Comput. Secur. (IF 3.062) Pub Date : 2020-02-29
    Per Håkon Meland; Yara Fareed Fahmy Bayoumy; Guttorm Sindre

    Ransomware is an epidemic that adversely affects the lives of both individuals and large companies, where criminals demand payments to release infected digital assets. In the wake of the ransomware success, Ransomware-as-a-Service (RaaS) has become a franchise offered through darknet marketplaces, allowing aspiring cybercriminals to take part in this dubious economy. We have studied contemporary darknet

  • Towards Using Unstructured User Input Request for Malware Detection
    Comput. Secur. (IF 3.062) Pub Date : 2020-02-29
    Oluwafemi Olukoya; Lewis Mackenzie; Inah Omoronyia

    Privacy analysis techniques for mobile apps are mostly based on system-centric data originating from well-defined system API calls. But these apps may also collect sensitive information via their unstructured input sources that elude privacy analysis. The consequence is that users are unable to determine the extent to which apps may impact on their privacy when downloaded and installed on mobile devices

  • Optimizing Symbolic Execution for Malware Behavior Classification
    Comput. Secur. (IF 3.062) Pub Date : 2020-02-25
    Stefano Sebastio; Eduard Baranov; Fabrizio Biondi; Olivier Decourbe; Thomas Given-Wilson; Axel Legay; Cassius Puodzius; Jean Quilbeuf

    Increasingly software correctness, reliability, and security is being analyzed using tools that combine various formal and heuristic approaches. Often such analysis becomes expensive in terms of time and at the cost of high quality results. In this experience report we explore the tuning and optimization of the tools underlying binary malware detection and classification. We identify heuristics and

  • Cybersecurity and Platform Competition in the Cloud
    Comput. Secur. (IF 3.062) Pub Date : 2020-02-21
    Daniel G. Arce

    Cloud computing services are examples of platforms in the classic sense of the economics of two-sided markets. In particular, indirect externalities arise in the cloud from connecting users with developers of complementary products or services. The premise investigated here is that a cloud provider's security is subject to the same rigors of two-sided market competition that shape a cloud provider's

  • A LINDDUN-Based Framework for Privacy Threat Analysis on Identification and Authentication Processes
    Comput. Secur. (IF 3.062) Pub Date : 2020-02-19
    Antonio Robles-González; Javier Parra-Arnau; Jordi Forné

    Identification and authentication (IA) are security procedures that are ubiquitous in our online life, and that constantly require disclosing personal, sensitive information to non-fully trusted service providers, or to fully trusted providers that unintentionally may fail to protect such information. Although user IA processes are extensively supported by heterogeneous software and hardware, the simultaneous

  • Detecting Malicious JavaScript Code Based on Semantic Analysis
    Comput. Secur. (IF 3.062) Pub Date : 2020-02-19
    Yong Fang; Cheng Huang; Yu Su; Yaoyao Qiu

    Web development technology has undergone tremendous evolution, the creation of JavaScript has greatly enriched the interactive capabilities of the client. However, attackers use the dynamics feature of JavaScript language to embed malicious code into web pages for the purpose of drive-by-download, redirection, etc. The traditional method based on static feature detection is difficult to detect the

  • FoNAC - An Automated Fog Node Audit and Certification Scheme
    Comput. Secur. (IF 3.062) Pub Date : 2020-02-18
    Mudassar Aslam; Bushra Mohsin; Abdul Nasir; Shahid Raza

    Meeting the security and privacy needs for IoT data becomes equally important in the newly introduced intermediary Fog Computing layer, as it was in its former technological layer - Cloud; but the accomplishment of such security is critical and challenging. While security assurance of the fog layer devices is imperative due to their exposure to the public Internet, it becomes even more complex, than

  • Optimization-Based Anonymity Algorithms
    Comput. Secur. (IF 3.062) Pub Date : 2020-02-18
    Yuting Liang; Reza Samavi

    In this paper we present a formulation of k-anonymity as a mathematical optimization problem. In solving this formulated problem, k-anonymity is achieved while maximizing the utility of the resulting dataset. Our formulation has the advantage of incorporating different weights for attributes in order to achieve customized utility to suit different research purposes. The resulting formulation is a Mixed

  • A Survey on Multi-Factor Authentication for Online Banking in the Wild
    Comput. Secur. (IF 3.062) Pub Date : 2020-02-05
    Federico Sinigaglia; Roberto Carbone; Gabriele Costa; Nicola Zannone

    In recent years, the usage of online banking services has considerably increased. To protect the sensitive resources managed by these services against attackers, banks have started adopting Multi-Factor Authentication (MFA). To date, a variety of MFA solutions have been implemented by banks, leveraging different designs and features and providing a non-homogeneous level of security and user experience

  • A Semantic-Based Classification Approach for an Enhanced Spam Detection
    Comput. Secur. (IF 3.062) Pub Date : 2020-01-09
    Nadjate Saidani; Kamel Adi; Mohand Said Allili

    In this paper, we explore the use of a text semantic analysis to improve the accuracy of spam detection. We propose a method based on two semantic level analysis. In the first level, we categorize emails by specific domains (e.g., Health, Education, Finance, etc.) to enable a separate conceptual view for spams in each domain. In the second level, we combine a set of manually-specified and automatically-extracted

  • Superword: A honeyword system for achieving higher security goals
    Comput. Secur. (IF 3.062) Pub Date : 2019-12-17
    Yimin Guo; Zhenfeng Zhang; Yajun Guo

    Generating honeywords for each user’s account is an effective way to detect whether password databases are compromised. However, there are several underlying security issues associated with honeyword techniques that need to be addressed, for example, (1) How to make it more difficult for an attacker to find an accurate match of “username-real password”? (2) How to prevent the intersection attack in

Contents have been reproduced by permission of the publishers.
全球疫情及响应:BMC Medicine专题征稿