当前期刊: Computers & Security Go to current issue    加入关注    本刊投稿指南
显示样式:        排序: IF: - GO 导出
我的关注
我的收藏
您暂时未登录!
登录
  • Towards an Interpretable Deep Learning Model for Mobile Malware Detection and Family Identification
    Comput. Secur. (IF 3.579) Pub Date : 2021-01-17
    Giacomo Iadarola; Fabio Martinelli; Francesco Mercaldo; Antonella Santone

    Mobile devices are pervading everyday activities of our life. Each day we store a plethora of sensitive and private information in smart devices such as smartphones or tablets, which are typically equipped with an always-on internet connection. These information are of interest for malicious writers that are developing more and more aggressive harmful code for stealing sensitive and private information

    更新日期:2021-01-18
  • Security in Microservice-Based Systems: A Multivocal Literature Review
    Comput. Secur. (IF 3.579) Pub Date : 2021-01-16
    Anelis Pereira-Vale; Eduardo B. Fernandez; Raúl Monge; Hernán Astudillo; Gastón Márquez

    Microservices define an architectural style that conceives systems as a suite of modular, independent and scalable services. While application design is now simpler, designing secure applications is in general harder than for monolithic applications and the current literature offers little orientation to architects and developers regarding solutions. This article describes the design and results of

    更新日期:2021-01-18
  • Hardware-Based Solutions for Trusted Cloud Computing
    Comput. Secur. (IF 3.579) Pub Date : 2021-01-16
    Oualid Demigha; Ramzi Larguet

    The increasing number of threats targeting cloud computing and the exploitation of specifically privileged software vulnerabilities have pushed the security managers of cloud service providers to deploy hardware-based solutions. These solutions can offer better hardware-assisted security features for a broad range of computing platforms including both CISC and RISC architecture families in datacenters

    更新日期:2021-01-18
  • Feature analysis for data-driven APT-related malware discrimination
    Comput. Secur. (IF 3.579) Pub Date : 2021-01-16
    Luis Francisco Martín Liras; Adolfo Rodríguez de Soto; Miguel A. Prada

    Advanced Persistent Threats (APTs) have become a major concern for IT security professionals around the world. These attacks are characterized by the use of both highly sophisticated, evasive and cautious human and technical resources. It is very common to notice the combined use of different malware in long APT campaigns. This fact makes it interesting to investigate the malware that has been used

    更新日期:2021-01-18
  • Cybersecurity for autonomous vehicles: Review of attacks and defense
    Comput. Secur. (IF 3.579) Pub Date : 2021-01-05
    Kyounggon Kim; Jun Seok Kim; Seonghoon Jeong; Jo-Hee Park; Huy Kang Kim

    As technology has evolved, cities have become increasingly smart. Smart mobility is a crucial element in smart cities, and autonomous vehicles are an essential part of smart mobility. However, vulnerabilities in autonomous vehicles can be damaging to quality of life and human safety. For this reason, many security researchers have studied attacks and defenses for autonomous vehicles. However, there

    更新日期:2021-01-15
  • Towards GDPR-compliant data processing in modern SIEM systems
    Comput. Secur. (IF 3.579) Pub Date : 2020-12-31
    Florian Menges; Tobias Latzo; Manfred Vielberth; Sabine Sobola; Henrich C. Pöhls; Benjamin Taubmann; Johannes Köstler; Alexander Puchta; Felix Freiling; Hans P. Reiser; Günther Pernul

    The introduction of the General Data Protection Regulation (GDPR) in Europe raises a whole series of issues and implications on the handling of corporate data. We consider the case of security-relevant data analyses in companies, such as those carried out by Security Information and Event Management (SIEM) systems. It is often argued that the processing of personal data is necessary to achieve service

    更新日期:2021-01-15
  • An effective intrusion detection approach using SVM with naïve Bayes feature embedding
    Comput. Secur. (IF 3.579) Pub Date : 2020-12-24
    Jie Gu; Shan Lu

    Network security has become increasingly important in recent decades, while intrusion detection system plays a critical role in protecting it. Various machine learning techniques have been applied to intrusion detection, among which SVM has been considered as an effective method. However, existing studies rarely take the data quality into consideration, which is essential for constructing a well-performed

    更新日期:2021-01-15
  • Accelerating hardware security verification and vulnerability detection through state space reduction
    Comput. Secur. (IF 3.579) Pub Date : 2021-01-04
    Lixiang Shen; Dejun Mu; Guo Cao; Maoyuan Qin; Jiacheng Zhu; Wei Hu

    Model checking is an effective technique for formal verification of hardware security properties in order to detect security vulnerabilities. However, a major challenge lies in state space explosion. In this work, we propose methods to accelerate hardware security verification and vulnerability detection through state space reduction. Specifically, we reduce state space of formal model by performing

    更新日期:2021-01-15
  • Defending wireless communication against eavesdropping attacks using secret spreading codes and artificial interference
    Comput. Secur. (IF 3.579) Pub Date : 2021-01-05
    Qinghua Wang

    The broadcast nature of wireless communication makes it intrinsically vulnerable to eavesdropping attacks. This article suggests the using of secret spreading codes (i.e. only a legitimate receiver knows the spreading sequence) and artificial interference (i.e. by intentionally adding noise to the broadcast channel) on countering eavesdropping attacks. We have made a theoretical analysis on the potential

    更新日期:2021-01-15
  • Certificateless multi-replica public integrity auditing scheme for dynamic shared data in cloud storage
    Comput. Secur. (IF 3.579) Pub Date : 2021-01-04
    Jaya Rao Gudeme; Syam Kumar Pasupuleti; Ramesh Kandukuri

    Cloud storage enables data users to store and access their data anytime, from any location, using any device, under a pay-per-use policy. However, cloud storage raises various security concerns such as integrity and availability of data. To address these problems simultaneously, recently, several multi-replica integrity auditing schemes have been proposed in the literature. However, most of the existing

    更新日期:2021-01-15
  • Privacy-preserving and Communication-efficient Federated Learning in Internet of Things
    Comput. Secur. (IF 3.579) Pub Date : 2021-01-15
    Chen Fang; Yuanbo Guo; Yongjin Hu; Bowen Ma; Li Feng; Anqi Yin

    Aimed at the privacy leakage caused by collecting data from numerous Internet of Things (IoT) devices for centralized training, a novel distributed learning framework, namely federated learning, came into being, where devices train models collaboratively while leaving their private datasets locally. Although many schemes have been proposed about federated learning, they are still short in communications

    更新日期:2021-01-15
  • Cyber Security Risk Assessment for Seaports: A Case Study of a Container Port
    Comput. Secur. (IF 3.579) Pub Date : 2021-01-15
    Bunyamin Gunes; Gizem Kayisoglu; Pelin Bolat

    Seaports are fixed infrastructures of maritime transportation systems. Through Industry 3.0 and Industry 4.0, ports have faced with digital transformation based on networked cyber physical systems to be a part of smart and intelligent transportation systems. However, besides the advantages, this transformation has brought cyber security gaps and threats which can be resulted in breakdowns in maritime

    更新日期:2021-01-15
  • “Talking a different Language”: Anticipating adversary attack cost for cyber risk assessment
    Comput. Secur. (IF 3.579) Pub Date : 2021-01-02
    Richard Derbyshire; Benjamin Green; David Hutchison

    Typical cyber security risk assessment methods focus on the system under consideration, its vulnerabilities, and the resulting impact in the event of a system compromise. Cyber security, however, increasingly requires anticipating the moves of intelligent adversaries, who make decisions based on a range of factors including the cost of their attacks. A study of current risk assessment literature and

    更新日期:2021-01-14
  • Catch them alive: A malware detection approach through memory forensics, manifold learning and computer vision
    Comput. Secur. (IF 3.579) Pub Date : 2021-01-02
    Ahmet Selman Bozkir; Ersan Tahillioglu; Murat Aydos; Ilker Kara

    The everlasting increase in usage of information systems and online services have triggered the birth of the new type of malware which are more dangerous and hard to detect. In particular, according to the recent reports, the new type of fileless malware infect the victims’ devices without a persistent trace (i.e. file) on hard drives. Moreover, existing static malware detection methods in literature

    更新日期:2021-01-14
  • AuthCODE: A privacy-preserving and multi-device continuous authentication architecture based on machine and deep learning
    Comput. Secur. (IF 3.579) Pub Date : 2021-01-04
    Pedro Miguel Sánchez Sánchez; Lorenzo Fernández Maimó; Alberto Huertas Celdrán; Gregorio Martínez Pérez

    The authentication field is evolving towards mechanisms able to keep users continuously authenticated without the necessity of remembering or possessing authentication credentials. While relevant limitations of continuous authentication systems -high false positives rates (FPR) and difficulty to detect behaviour changes- have been demonstrated in realistic single-device scenarios, the Internet of Things

    更新日期:2021-01-14
  • You Shall not Repackage! Demystifying Anti-Repackaging on Android
    Comput. Secur. (IF 3.579) Pub Date : 2021-01-08
    Alessio Merlo; Antonio Ruggia; Luigi Sciolla; Luca Verderame

    App repackaging refers to the practice of customizing an existing mobile app and redistributing it in the wild. In this way, the attacker aims to force some mobile users to install the repackaged (likely malicious) app instead of the original one. This phenomenon strongly affects Android, where apps are available on public stores, and the only requirement for an app to execute properly is to be digitally

    更新日期:2021-01-14
  • SecTEP: Enabling secure tender evaluation with sealed prices and quality evaluation in procurement bidding systems over blockchain
    Comput. Secur. (IF 3.579) Pub Date : 2021-01-14
    Li Li; Jiayong Liu; Peng Jia

    Numerous methods have been proposed in the past few years to perform tender evaluation in procurement bidding systems, such as cloud storage procurement bidding systems. However, most of the proposed approaches focus only on the bidding price comparison and bidding efficiency while neglecting supplier quality evaluation and bidding privacy. To the best of our knowledge, the existing studies on tender

    更新日期:2021-01-14
  • A Secure Routing Scheme To Mitigate Attack In Wireless Adhoc Sensor Network
    Comput. Secur. (IF 3.579) Pub Date : 2021-01-14
    Isaac Sajan R; Jasper J

    Due to the unattended nature and deployment of wireless sensors in the hostile environment, the networks are vulnerable to carousal and stretch attack that causes Denial of Service (DoS). In addition to that, the adversary may also inject bogus data into the network through compromised nodes. This cause the Base Station (BS) to take erroneous decisions and also affects the network's lifetime. To address

    更新日期:2021-01-14
  • A Lightweight Privacy-Preserving and Sharing Scheme with Dual-blockchain for Intelligent Pricing System of Smart Grid
    Comput. Secur. (IF 3.579) Pub Date : 2021-01-13
    Kunchang Li; Yifan Yang; Shuhao Wang; Runhua Shi; Jianbin Li

    With the deepening of the application of information technology, the development trend of smart grid as the next generation grid has pointed the way for the development of energy internet in the power industry. To protect the privacy of participants, this paper proposes a lightweight dual-blockchain privacy protection and sharing solution for smart grid intelligent pricing systems. We design a lightweight

    更新日期:2021-01-13
  • Data Sequence Signal Manipulation in Multipath TCP: The Vulnerability, Attack and its Detection
    Comput. Secur. (IF 3.579) Pub Date : 2021-01-08
    V Anil Kumar; Debabrata Das

    Multipath Transmission Control Protocol (MPTCP) is an innovative next-generation transport protocol standardized by the Internet Engineering Task Force (IETF) to overcome the single path limitation of the Transmission Control Protocol (TCP). MPTCP augments TCP with a new set of signaling options for seamless transmission and reception of application data across multiple interlinked TCP connections

    更新日期:2021-01-08
  • Challenge-Response Mutual Authentication Protocol for EMV Contactless Cards
    Comput. Secur. (IF 3.579) Pub Date : 2021-01-08
    Ossama Al-Maliki; Hisham Al-Assam

    Europay MasterCard and Visa (EMV) is the most popular payment protocol with almost 7.1 billion EMV based credit and debit cards around the world. This payment protocol supports different kinds of payment transactions such as Chip & PIN, Chip & signature, contactless card, and mobile payment transactions. This paper focuses on the EMV contactless card transactions and highlights one of such transactions’

    更新日期:2021-01-08
  • Utilizing Binary Code to Improve Usability of Pressure-based Authentication
    Comput. Secur. (IF 3.579) Pub Date : 2021-01-08
    Zhangyu Meng; Jun Kong; Juan Li

    Due to its invisibility feature, pressure is useful to enhance the security of authentication, especially preventing the shoulder surfing attack. However, users are more familiar with digital passwords than pressure-based passwords. In order to improve the usability of pressure-based authentication, this paper instantiates a pressure-based password (i.e., a sequence of pressures) to a decimal number

    更新日期:2021-01-08
  • Intrusion Detection Methods Based on Integrated Deep Learning Model
    Comput. Secur. (IF 3.579) Pub Date : 2021-01-07
    ZHENDONG WANG; YAODI LIU; DAOJING HE; SAMMY CHAN

    Intrusion detection system can effectively identify abnormal data in complex network environments, which is an effective method to ensure computer network security. Recently, deep neural networks have been widely used in image recognition, natural language processing, network security and other fields. For network intrusion detection, this paper designs an integrated deep intrusion detection model

    更新日期:2021-01-07
  • Availability analysis of a permissioned blockchain with a lightweight consensus protocol
    Comput. Secur. (IF 3.579) Pub Date : 2020-12-19
    Amani Altarawneh; Fei Sun; Richard R. Brooks; Owulakemi Hambolu; Lu Yu; Anthony Skjellum

    This paper offers a novel approach to the evaluation of provenance blockchain security and reliability using analytical methods for assessing system availability against malicious miner DoS attacks. In particular, we present the reliability and availability analysis of the LightWeight Mining (LWM) protocol for securing data provenance. Our analysis shows the reliability of the protocol and its ability

    更新日期:2021-01-06
  • Cybersecurity knowledge and skills taught in capture the flag challenges
    Comput. Secur. (IF 3.579) Pub Date : 2020-12-27
    Valdemar Švábenský; Pavel Čeleda; Jan Vykopal; Silvia Brišáková
    更新日期:2021-01-06
  • A novel combinatorial optimization based feature selection method for network intrusion detection
    Comput. Secur. (IF 3.579) Pub Date : 2020-12-31
    Anjum Nazir; Rizwan Ahmed Khan

    The advancements in communication technologies and ubiquitous accessibility to a wide array of services has opened many challenges. Growing numbers of cyberattacks show that current security solutions and technologies do not provide effective safeguard against modern attacks. Intrusion is one of the main issue that has gone viral and can compromise the security of a network of any size. Intrusion Detection

    更新日期:2021-01-06
  • A Cloud Endpoint Coordinating CAPTCHA based on Multi-view Stacking Ensemble
    Comput. Secur. (IF 3.579) Pub Date : 2021-01-06
    Zhiyou Ouyang; Xu Zhai; Jinran Wu; Jian Yang; Dong Yue; Chunxia Dou; Tengfei Zhang

    Fully Autonomous Public Turing test to tell Computers and Humans Apart (CAPTCHA) is an essential component for network security resisting attacks, such as collision attack and password blasting.As a recently emerged CAPTCHA technology, drag-and-drop interactive CAPTCHA has been successfully employed in great number of practical applications. However, there are still some problems involved in the architecture

    更新日期:2021-01-06
  • A Formal Approach to Network Segmentation
    Comput. Secur. (IF 3.579) Pub Date : 2021-01-05
    Neerja Mhaskar; Mohammed Alabbad; Ridha Khedri

    Network segmentation or compartmentalization, and layered protection are two strategies that are critical in building a secure network. In the literature, layered protection has been formalized and termed as the Defense in Depth (DD) strategy. However, network segmentation has been described vaguely, and without any formal approach, thus making the secure design of large networks unwieldy. In this

    更新日期:2021-01-05
  • Exsense: Extract sensitive information from unstructured data
    Comput. Secur. (IF 3.579) Pub Date : 2020-12-31
    Yongyan Guo; Jiayong Liu; Wenwu Tang; Cheng Huang

    Large-scale sensitive information leakage incidents are frequently reported in recent years. Once sensitive information is leaked, it may lead to serious effects. In this context, sensitive information leakage has long been a question of great interest in the field of cybersecurity. However, most sensitive information resides in unstructured data. Therefore, how to extract sensitive information from

    更新日期:2021-01-01
  • Automatically predicting cyber attack preference with attributed heterogeneous attention networks and transductive learning
    Comput. Secur. (IF 3.579) Pub Date : 2020-12-24
    Jun Zhao; Xudong Liu; Qiben Yan; Bo Li; Minglai Shao; Hao Peng; Lichao Sun

    Predicting cyber attack preference of intruders is essential for security organizations to demystify attack intents and proactively handle oncoming cyber threats. In order to automatically analyze attack preferences of intruders, this paper proposes a novel framework, namely HinAp, to predict cyber attack preference using attributed heterogeneous attention network and transductive learning. Particularly

    更新日期:2020-12-31
  • Auditing static machine learning anti-Malware tools against metamorphic attacks
    Comput. Secur. (IF 3.579) Pub Date : 2020-12-31
    Daniel Gibert; Carles Mateu; Jordi Planes; Joao Marques-Silva

    Malicious software is one of the most serious cyber threats on the Internet today. Traditional malware detection has proven unable to keep pace with the sheer number of malware because of their growing complexity, new attacks and variants. Most malware implement various metamorphic techniques in order to disguise themselves, therefore preventing successful analysis and thwarting the detection by signature-based

    更新日期:2020-12-31
  • Cost-based recommendation of parameters for local differentially private data aggregation
    Comput. Secur. (IF 3.579) Pub Date : 2020-12-08
    Snehkumar Shahani; R Venkateswaran; Jibi Abraham

    The ability to analyze personal data for a group of individuals without compromising their respective privacy has been a focus of significant research in recent years. For such analyses, data analysts need to acquire data from individuals without revealing their Individually Identifiable Data (IID). Well established Differentially Private techniques, characterized by privacy parameters (ϵ,δ), transform

    更新日期:2020-12-30
  • SG-PAC: A stochastic game approach to generate personal privacy paradox access-control policies in social networks
    Comput. Secur. (IF 3.579) Pub Date : 2020-12-24
    Yu Wu; Li Pan

    Online social networks are indispensable platforms where people share personal data from their daily lives. However, social sharing raises many privacy issues. One of the most difficult, the “privacy paradox,” is that social-network users want to meet their social needs by enhancing interactions with their friends and are at the same time concerned about the risk of privacy leakage. This work aims

    更新日期:2020-12-30
  • Detecting firmware modification on solid state drives via current draw analysis
    Comput. Secur. (IF 3.579) Pub Date : 2020-12-13
    Dane Brown; T. Owens Walker; Justin A. Blanco; Robert W. Ives; Hau T. Ngo; James Shey; Ryan Rakvic

    Solid State Drives (SSDs) have gained significant market share among data storage options in recent years due to increased speed and durability. But when compared to Hard Disk Drives (HDDs), SSDs contain additional complexity which must be managed in firmware. Some manufacturers make firmware updates available, but their proprietary protections leave end users unable to verify the authenticity of the

    更新日期:2020-12-29
  • MARISMA-BiDa pattern: Integrated risk analysis for big data
    Comput. Secur. (IF 3.579) Pub Date : 2020-12-19
    David G. Rosado; Julio Moreno; Luis E. Sánchez; Antonio Santos-Olmo; Manuel A. Serrano; Eduardo Fernández-Medina

    Data is one of the most important assets for all types of companies, which have undoubtedly grown their quantity and the ways of exploiting them. Big Data appears in this context as a set of technologies that manage data to obtain information that supports decision-making. These systems were not conceived to be secure, resulting in significant risks that must be controlled. Security risks in Big Data

    更新日期:2020-12-29
  • Cyber terrorism: A homogenized taxonomy and definition
    Comput. Secur. (IF 3.579) Pub Date : 2020-12-09
    Jordan J. Plotnek; Jill Slay

    Large-scale cyber attacks are increasing at an alarming rate around the world. These attacks are often being linked to the widely publicized and popularized threat of cyber terrorism. However, cyber terrorism is a relatively young field of research and the terminology, much like its parent term, ‘terrorism’, is still not adequately defined or congruently applied. This paper provides a comparative analysis

    更新日期:2020-12-28
  • RNNIDS: Enhancing network intrusion detection systems through deep learning
    Comput. Secur. (IF 3.579) Pub Date : 2020-12-17
    Soroush M. Sohi; Jean-Pierre Seifert; Fatemeh Ganji

    Security of information passing through the Internet is threatened by today’s most advanced malware ranging from orchestrated botnets to simpler polymorphic worms. These threats, as examples of zero-day attacks, are able to change their behavior several times in the early phases of their existence to bypass the network intrusion detection systems (NIDS). In fact, even well-designed, and frequently-updated

    更新日期:2020-12-28
  • Mind control attack: Undermining deep learning with GPU memory exploitation
    Comput. Secur. (IF 3.579) Pub Date : 2020-11-19
    Sang-Ok Park; Ohmin Kwon; Yonggon Kim; Sang Kil Cha; Hyunsoo Yoon

    Modern deep learning frameworks rely heavily on GPUs to accelerate the computation. However, the security implication of GPU device memory exploitation on deep learning frameworks has been largely neglected. In this paper, we argue that GPU device memory manipulation is a novel attack vector against deep learning systems. We present a novel attack method leveraging the attack vector, which makes deep

    更新日期:2020-12-27
  • Continuous auditing and threat detection in multi-cloud infrastructure
    Comput. Secur. (IF 3.579) Pub Date : 2020-12-15
    K.A. Torkura; Muhammad I.H. Sukmana; Feng Cheng; Christoph Meinel

    Efficient change control and configuration management is imperative for addressing the emerging security threats in cloud infrastructure. These threats majorly exploit misconfiguration vulnerabilities e.g. excessive permissions, disabled logging features and publicly accessible cloud storage buckets. Traditional security tools and mechanisms are unable to effectively and continuously track changes

    更新日期:2020-12-27
  • Temporal pattern-based malicious activity detection in SCADA systems
    Comput. Secur. (IF 3.579) Pub Date : 2020-12-17
    Amit Shlomo; Meir Kalech; Robert Moskovitch

    Critical infrastructures which are crucial to our modern life such as electricity grids and water pumps are controlled by Supervisory Control and Data Acquisition (SCADA) systems. Over the last two decades connecting these critical infrastructures to the internet has become essential. This made SCADA security an increasingly important research topic. This paper copes with two challenges: (1) SCADA

    更新日期:2020-12-27
  • A Novel Cryptosystem based on DNA Cryptography and Randomly Generated Mealy Machine
    Comput. Secur. (IF 3.579) Pub Date : 2020-12-25
    Pramod Pavithran; Sheena Mathew; Suyel Namasudra; Pascal Lorenz

    Nowadays, the amount of data produced and stored in computing devices is increasing at an alarming rate. Tremendous amounts of critical and sensitive data are transmitted between all these devices. Thus, it is very imperative to guarantee the security of all these indispensable data. Cryptography is a commonly used technique to ensure data security. The fundamental objective of cryptography is to transmit

    更新日期:2020-12-25
  • An Efficient Approach for Taint Analysis of Android Applications
    Comput. Secur. (IF 3.579) Pub Date : 2020-12-24
    Jie Zhang; Cong Tian; Zhenhua Duan

    In recent years, sensitive data leaks of Android system attracted significant attention. The traditional facilities proposed for detecting these leaks, i.e. taint analysis, mostly focus on the precision and recall of the result with few of them addressing the importance of the cost and efficiency. As a matter of fact, the high costs of these tools often make them fail in analyzing large-scale apps

    更新日期:2020-12-25
  • Universal location referencing and homomorphic evaluation of geospatial query
    Comput. Secur. (IF 3.579) Pub Date : 2020-12-14
    Asma Aloufi; Peizhao Hu; Hang Liu; Sherman S.M. Chow; Kim-Kwang Raymond Choo

    Location data reveals users’ trajectories, yet it is often shared to enable many location-based services (LBS). In this paper, we propose a privacy-preserving geospatial query system with geo-hashing and somewhat homomorphic encryption. We geo-hash locations using space-filling curves for locality-preserving dimension reduction, which allows the users to specify granularity preference of their location

    更新日期:2020-12-23
  • Security and privacy of the Internet of Things
    Comput. Secur. (IF 3.579) Pub Date : 2020-12-15
    Leon Strous; Suné von Solms; André Zúquete

    With billions of devices connected via the Internet, opportunities for smart applications increase tremendously. Unfortunately that is also the case for the risks. This means that security and privacy of the Internet of Things are aspects that need to be addressed timely and thoroughly. This briefing paper points out that when designing and implementing infrastructures and applications a number of

    更新日期:2020-12-23
  • Random CapsNet forest model for imbalanced malware type classification task
    Comput. Secur. (IF 3.579) Pub Date : 2020-12-15
    Aykut Çayır; Uğur Ünal; Hasan Dağ

    Behavior of malware varies depending the malware types, which affects the strategies of the system protection software. Many malware classification models, empowered by machine and/or deep learning, achieve superior accuracies for predicting malware types. Machine learning-based models need to do heavy feature engineering work, which affects the performance of the models greatly. On the other hand

    更新日期:2020-12-21
  • Resilient real-time network anomaly detection using novel non-parametric statistical tests
    Comput. Secur. (IF 3.579) Pub Date : 2020-12-14
    Chad A. Bollmann; Murali Tummala; John C. McEachen

    This work describes a novel application of robust estimation to the detection of volumetric anomalies in computer network traffic. The proposed tests are based on sample location and dispersion and derived from relatively unknown Zero Order Statistics. The proposed tests are non-parametric and suitable for a range of applications to heavy-tailed data analysis outside of network traffic. The performance

    更新日期:2020-12-20
  • Investigating the effect of security and privacy on IoT device purchase behaviour
    Comput. Secur. (IF 3.579) Pub Date : 2020-12-03
    Nick Ho-Sam-Sooi; Wolter Pieters; Maarten Kroesen

    Given the significant privacy and security risks of Internet-of-Things (IoT) devices, it seems desirable to nudge consumers towards buying more secure devices and taking privacy into account in the purchase decision. In order to support this goal, this study examines the effect of security and privacy on IoT device purchase behaviour and assesses whether these effects are sensitive to framing, using

    更新日期:2020-12-20
  • A tree structure-based improved blockchain framework for a secure online bidding system
    Comput. Secur. (IF 3.579) Pub Date : 2020-12-10
    Aaliya Sarfaraz; Ripon K. Chakrabortty; Daryl L. Essam

    The BlockChain (BC) is considered as one of the most exciting developments in information and communication technology in the past decade and is widely known as a crypto intensive phenomenon. Achieving an efficient solution (e.g., decentralization, immutability, security, and transparency) using BC requires a considerable range of factors, such as: scalability, security, and privacy, which have a profound

    更新日期:2020-12-17
  • A multidisciplinary approach to Internet of Things (IoT) cybersecurity and risk management
    Comput. Secur. (IF 3.579) Pub Date : 2020-12-08
    Kim-Kwang Raymond Choo; Keke Gai; Luca Chiaraviglio; Qing Yang

    As Internet of Things (IoT) devices and systems become more tightly integrated with our society (e.g., smart city and smart nation) and the citizens (e.g., implantable and insertable medical IoT devices), the need to understand, manage and mitigate cybersecurity risks becomes more pronounced. The ongoing interest in IoT security research is evidenced by the number of high quality submissions we received

    更新日期:2020-12-17
  • Preventing time synchronization in NTP broadcast mode
    Comput. Secur. (IF 3.579) Pub Date : 2020-12-02
    Nikhil Tripathi; Neminath Hubballi

    Network Time Protocol (NTP) is used by millions of hosts on the Internet today to synchronize their clocks. The clock synchronization is necessary for many network applications to function correctly. An unsynchronized clock may lead to the failure of various core Internet services including DNS and RPKI based interdomain routing and opens the path for more sophisticated attacks. In this paper, we describe

    更新日期:2020-12-17
  • Quantitative cyber-physical security analysis methodology for industrial control systems based on incomplete information Bayesian game
    Comput. Secur. (IF 3.579) Pub Date : 2020-12-04
    Xiaoxue Liu; Jiexin Zhang; Peidong Zhu; Qingping Tan; Wei Yin

    Industrial control systems (ICSs) are distributed complex cyber physical systems (CPSs). The core parts of ICSs are usually ultimate targets of attackers but being protected strictly and difficult to attack directly. Attackers tend to take cyber-physical attacks via multiple attack-steps from outer nodes with less protection. Then, threats propagate from one node to another until reaching the core

    更新日期:2020-12-17
  • An immune-based risk assessment method for digital virtual assets
    Comput. Secur. (IF 3.579) Pub Date : 2020-12-02
    Junjiang He; Tao Li; Beibei Li; Xiaolong Lan; Zhiyong Li; Yunpeng Wang

    Digital virtual assets are playing an increasingly important role and have become an indispensable part of people’s lives. However, due to the characteristics of network, virtuality, and openness, digital virtual assets are extremely vulnerable to attack. Meanwhile, it is difficult to guarantee the security of digital virtual assets based on advanced encryption technology and game theory-based asset

    更新日期:2020-12-17
  • Evaluating the effectiveness of shuffle and redundancy MTD techniques in the cloud
    Comput. Secur. (IF 3.579) Pub Date : 2020-10-28
    Hooman Alavizadeh; Jin B. Hong; Dong Seong Kim; Julian Jang-Jaccard

    Moving Target Defense (MTD) is a defensive strategy to thwart adversaries by continuously shifting the attack surface. The MTD techniques can be applied to the cloud computing to make the cloud more unpredictable, hence more difficult to exploit. There are many MTD techniques proposed, and various metrics are used to measure their effectiveness. However, it is difficult to assess when MTD techniques

    更新日期:2020-12-16
  • MASA: An efficient framework for anomaly detection in multi-attributed networks
    Comput. Secur. (IF 3.579) Pub Date : 2020-10-22
    Minglai Shao; Jianxin Li; Yue Chang; Jun Zhao; Xunxun Chen

    Anomalous connected subgraph detection has been widely used in multiple scenarios, such as botnet detection, fraud detection and event detection. Nevertheless, the huge search space makes a serious computational challenge. Moreover, the anomalous connected subgraph detection becomes much harder when the networks involve a large number of attributes and become the multi-attributed networks. With the

    更新日期:2020-12-16
  • A systematic review of PIN-entry methods resistant to shoulder-surfing attacks
    Comput. Secur. (IF 3.579) Pub Date : 2020-11-17
    Farid Binbeshr; M.L. Mat Kiah; Lip Yee Por; A.A. Zaidan

    Although conventional PIN-entry methods are widely used in many daily authentication procedures, they are highly susceptible to shoulder-surfing attacks. A plethora of PIN-entry methods have been proposed in the literature to mitigate such attacks. Unfortunately, none of these methods is capable of replacing the conventional PIN-entry method. This study presents the results of a systematic review of

    更新日期:2020-12-05
  • Optimisation of cyber insurance coverage with selection of cost effective security controls.
    Comput. Secur. (IF 3.579) Pub Date : 2020-11-27
    Ganbayar Uuganbayar; Artsiom Yautsiukhin; Fabio Martinelli; Fabio Massacci

    Nowadays, cyber threats are considered among the most dangerous risks by top management of enterprises. One way to deal with these risks is to insure them, but cyber insurance is still quite expensive. The insurance fee can be reduced if organisations improve their cyber security protection, i.e., reducing the insured risk. In other words, organisations need an investment strategy to decide the optimal

    更新日期:2020-12-05
  • How can organizations develop situation awareness for incident response: A case study of management practice
    Comput. Secur. (IF 3.579) Pub Date : 2020-11-26
    Atif Ahmad; Sean B. Maynard; Kevin C. Desouza; James Kotsias; Monica T. Whitty; Richard L. Baskerville

    Organized, sophisticated and persistent cyber-threat-actors pose a significant challenge to large, high-value organizations. They are capable of disrupting and destroying cyber infrastructures, denying organizations access to IT services, and stealing sensitive information including intellectual property, trade secrets and customer data. Past research points to Situation Awareness as critical to effective

    更新日期:2020-12-05
  • Balancing anonymity and resilience in anonymous communication networks
    Comput. Secur. (IF 3.579) Pub Date : 2020-11-12
    Yusheng Xia; Rongmao Chen; Jinshu Su; Hongcheng Zou

    Anonymous communication networks (ACNs) are intended to protect the metadata privacy during the communication. As typical ACNs, onion mix-nets adopt source routing where the source defines a static path and wraps the message with the public keys of on-path nodes so that the message could be delivered to the destination. However, onion mix-nets lack resilience when the static on-path mixes fail, which

    更新日期:2020-12-04
  • On cloaking behaviors of malicious websites
    Comput. Secur. (IF 3.579) Pub Date : 2020-11-14
    Nayanamana Samarasinghe; Mohammad Mannan

    Malicious websites often mimic top brands to host malware and launch social engineering attacks, e.g., to collect user credentials. Some such sites often attempt to hide malicious content from search engine crawlers (e.g., Googlebot), but show harmful content to users/client browsers—a technique known as cloaking. Past studies uncovered various aspects of cloaking, using selected categories of websites

    更新日期:2020-12-04
  • Pre-processing memory dumps to improve similarity score of Windows modules
    Comput. Secur. (IF 3.579) Pub Date : 2020-11-19
    Miguel Martńn-Pérez; Ricardo J. Rodríguez; Davide Balzarotti

    Memory forensics is useful to provide a fast triage on running processes at the time of memory acquisition in order to avoid unnecessary forensic analysis. However, due to the effects of the execution of the process itself, traditional cryptographic hashes, normally used in disk forensics to identify files, are unsuitable in memory forensics. Similarity digest algorithms allow an analyst to compute

    更新日期:2020-12-04
Contents have been reproduced by permission of the publishers.
导出
全部期刊列表>>
微生物研究
亚洲大洋洲地球科学
NPJ欢迎投稿
自然科研论文编辑
ERIS期刊投稿
欢迎阅读创刊号
自然职场,为您触达千万科研人才
spring&清华大学出版社
城市可持续发展前沿研究专辑
Springer 纳米技术权威期刊征稿
全球视野覆盖
施普林格·自然新
chemistry
物理学研究前沿热点精选期刊推荐
自然职位线上招聘会
欢迎报名注册2020量子在线大会
化学领域亟待解决的问题
材料学研究精选新
GIANT
ACS ES&T Engineering
ACS ES&T Water
屿渡论文,编辑服务
阿拉丁试剂right
上海中医药大学
清华大学
复旦大学
南科大
北京理工大学
清华
隐藏1h前已浏览文章
课题组网站
新版X-MOL期刊搜索和高级搜索功能介绍
ACS材料视界
清华大学-1
武汉大学
浙江大学
天合科研
x-mol收录
试剂库存
down
wechat
bug