Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
6.7
3.4
Journals
Future Internet
Special Issues
Information and Future Internet Security, Trust and Privacy II
share announcement

Information and Future Internet Security, Trust and Privacy II

A special issue of Future Internet (ISSN 1999-5903). This special issue belongs to the section "Cybersecurity".

Deadline for manuscript submissions: closed (31 March 2024) | Viewed by 18155

Special Issue Editors

Dr. Weizhi Meng

E-Mail Website
Guest Editor
Department of Applied Mathematics and Computer Science, Technical University of Denmark, 2800 Kongens Lyngby, Denmark
Interests: cyber security; intrusion detection; mobile security and authentication; HCI security; malware analysis
Special Issues, Collections and Topics in MDPI journals
Dr. Christian D. Jensen

E-Mail Website
Guest Editor
Department of Applied Mathematics and Computer Science, Technical University of Denmark, 2800 Kongens Lyngby, Denmark
Interests: security in ubiquitous computing; secure collaboration in open dynamic systems; pervasive computing environments; sensor networks and the Internet of Things (IoT)
Special Issues, Collections and Topics in MDPI journals

Special Issue Information

Dear Colleagues,

Currently, the Internet of things (IoT) enables billions of Internet-connected devices, e.g., smart sensors, to communicate and interact with each other over the network/Internet worldwide. It can offer remote monitoring and control, and is being adopted in many domains. For example, it is the basis for smart cities, helping to achieve better quality of life and lower consumption of resources. In addition, smartphones are the most commonly used IoT devices, and can help control washing machines, refrigerators, or cars. However, the IoT also faces many challenges concerning information and Internet security. For example, attackers can impersonate a relay node to compromise the integrity of information during communications. When they control or infect several internal nodes in an IoT network, the security of the whole distributed environment would be greatly threatened. Hence, there is a need to safeguard information and the Internet environment against the plethora of modern external and internal threats.

This Special Issue will focus on information and Internet security in an attempt to solicit the latest technologies, solutions, case studies, and prototypes on this topic.

Dr. Weizhi Meng
Dr. Christian D. Jensen
Guest Editors

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Future Internet is an international peer-reviewed open access monthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 1600 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Related Special Issues

Published Papers (14 papers)

Download All Papers
Order results
Result details
Show export options expand_more Show export options expand_less
Select all
Export citation of selected articles as:

Research

18 pages, 2871 KiB  
Article
Median Absolute Deviation for BGP Anomaly Detection
by Maria Andrea Romo-Chavero, Jose Antonio Cantoral-Ceballos, Jesus Arturo Pérez-Díaz and Carlos Martinez-Cagnazzo
Future Internet 2024, 16(5), 146; https://doi.org/10.3390/fi16050146 - 25 Apr 2024
Viewed by 306
Abstract
The stability and reliability of the global Internet infrastructure heavily rely on the Border Gateway Protocol (BGP), a crucial protocol that facilitates the exchange of routing information among various Autonomous Systems, ensuring seamless connectivity worldwide. However, BGP inherently possesses a susceptibility to abnormal [...] Read more.
The stability and reliability of the global Internet infrastructure heavily rely on the Border Gateway Protocol (BGP), a crucial protocol that facilitates the exchange of routing information among various Autonomous Systems, ensuring seamless connectivity worldwide. However, BGP inherently possesses a susceptibility to abnormal routing behaviors, potentially leading to significant connectivity disruptions. Despite extensive efforts, accurately detecting and effectively mitigating such abnormalities persist as tough challenges. To tackle these, this article proposes a novel statistical approach employing the median absolute deviation under certain constraints to proactively detect anomalies in BGP. By applying advanced analysis techniques, this research offers a robust method for the early detection of anomalies, such as Internet worms, configuration errors, and link failures. This innovative approach has been empirically validated, achieving an accuracy rate of 90% and a precision of 95% in identifying these disruptions. This high level of precision and accuracy not only confirms the effectiveness of the statistical method employed but also marks a significant step forward for enhancing the stability and reliability of the global Internet infrastructure. Full article
(This article belongs to the Special Issue Information and Future Internet Security, Trust and Privacy II)
Show Figures

Figure 1

21 pages, 3956 KiB  
Article
Multi-Constraint and Multi-Policy Path Hopping Active Defense Method Based on SDN
by Bing Zhang, Hui Li, Shuai Zhang, Jing Sun, Ning Wei, Wenhong Xu and Huan Wang
Future Internet 2024, 16(4), 143; https://doi.org/10.3390/fi16040143 - 22 Apr 2024
Viewed by 244
Abstract
Path hopping serves as an active defense mechanism in network security, yet it encounters challenges like a restricted path switching space, the recurrent use of similar paths and vital nodes, a singular triggering mechanism for path switching, and fixed hopping intervals. This paper [...] Read more.
Path hopping serves as an active defense mechanism in network security, yet it encounters challenges like a restricted path switching space, the recurrent use of similar paths and vital nodes, a singular triggering mechanism for path switching, and fixed hopping intervals. This paper introduces an active defense method employing multiple constraints and strategies for path hopping. A depth-first search (DFS) traversal is utilized to compute all possible paths between nodes, thereby broadening the path switching space while simplifying path generation complexity. Subsequently, constraints are imposed on residual bandwidth, selection periods, path similitude, and critical nodes to reduce the likelihood of reusing similar paths and crucial nodes. Moreover, two path switching strategies are formulated based on the weights of residual bandwidth and critical nodes, along with the calculation of path switching periods. This facilitates adaptive switching of path hopping paths and intervals, contingent on the network’s residual bandwidth threshold, in response to diverse attack scenarios. Simulation outcomes illustrate that this method, while maintaining normal communication performance, expands the path switching space effectively, safeguards against eavesdropping and link-flooding attacks, enhances path switching diversity and unpredictability, and fortifies the network’s resilience against malicious attacks. Full article
(This article belongs to the Special Issue Information and Future Internet Security, Trust and Privacy II)
Show Figures

Figure 1

25 pages, 10389 KiB  
Article
Towards a Hybrid Security Framework for Phishing Awareness Education and Defense
by Peter K. K. Loh, Aloysius Z. Y. Lee and Vivek Balachandran
Future Internet 2024, 16(3), 86; https://doi.org/10.3390/fi16030086 - 01 Mar 2024
Viewed by 1209
Abstract
The rise in generative Artificial Intelligence (AI) has led to the development of more sophisticated phishing email attacks, as well as an increase in research on using AI to aid the detection of these advanced attacks. Successful phishing email attacks severely impact businesses, [...] Read more.
The rise in generative Artificial Intelligence (AI) has led to the development of more sophisticated phishing email attacks, as well as an increase in research on using AI to aid the detection of these advanced attacks. Successful phishing email attacks severely impact businesses, as employees are usually the vulnerable targets. Defense against such attacks, therefore, requires realizing defense along both technological and human vectors. Security hardening research work along the technological vector is few and focuses mainly on the use of machine learning and natural language processing to distinguish between machine- and human-generated text. Common existing approaches to harden security along the human vector consist of third-party organized training programmes, the content of which needs to be updated over time. There is, to date, no reported approach that provides both phishing attack detection and progressive end-user training. In this paper, we present our contribution, which includes the design and development of an integrated approach that employs AI-assisted and generative AI platforms for phishing attack detection and continuous end-user education in a hybrid security framework. This framework supports scenario-customizable and evolving user education in dealing with increasingly advanced phishing email attacks. The technological design and functional details for both platforms are presented and discussed. Performance tests showed that the phishing attack detection sub-system using the Convolutional Neural Network (CNN) deep learning model architecture achieved the best overall results: above 94% accuracy, above 95% precision, and above 94% recall. Full article
(This article belongs to the Special Issue Information and Future Internet Security, Trust and Privacy II)
Show Figures

Figure 1

28 pages, 8697 KiB  
Article
Efficient Privacy-Aware Forwarding for Enhanced Communication Privacy in Opportunistic Mobile Social Networks
by Azizah Assiri and Hassen Sallay
Future Internet 2024, 16(2), 48; https://doi.org/10.3390/fi16020048 - 31 Jan 2024
Viewed by 1129
Abstract
Opportunistic mobile social networks (OMSNs) have become increasingly popular in recent years due to the rise of social media and smartphones. However, message forwarding and sharing social information through intermediary nodes on OMSNs raises privacy concerns as personal data and activities become more [...] Read more.
Opportunistic mobile social networks (OMSNs) have become increasingly popular in recent years due to the rise of social media and smartphones. However, message forwarding and sharing social information through intermediary nodes on OMSNs raises privacy concerns as personal data and activities become more exposed. Therefore, maintaining privacy without limiting efficient social interaction is a challenging task. This paper addresses this specific problem of safeguarding user privacy during message forwarding by integrating a privacy layer on the state-of-the-art OMSN routing decision models that empowers users to control their message dissemination. Mainly, we present three user-centric privacy-aware forwarding modes guiding the selection of the next hop in the forwarding path based on social metrics such as common friends and exchanged messages between OMSN nodes. More specifically, we define different social relationship strengths approximating real-world scenarios (familiar, weak tie, stranger) and trust thresholds to give users choices on trust levels for different social contexts and guide the routing decisions. We evaluate the privacy enhancement and network performance through extensive simulations using ONE simulator for several routing schemes (Epidemic, Prophet, and Spray and Wait) and different movement models (random way, bus, and working day). We demonstrate that our modes can enhance privacy by up to 45% in various network scenarios, as measured by the reduction in the likelihood of unintended message propagation, while keeping the message-delivery process effective and efficient. Full article
(This article belongs to the Special Issue Information and Future Internet Security, Trust and Privacy II)
Show Figures

Figure 1

13 pages, 926 KiB  
Article
Classification Tendency Difference Index Model for Feature Selection and Extraction in Wireless Intrusion Detection
by Chinyang Henry Tseng, Woei-Jiunn Tsaur and Yueh-Mao Shen
Future Internet 2024, 16(1), 25; https://doi.org/10.3390/fi16010025 - 12 Jan 2024
Viewed by 1318
Abstract
In detecting large-scale attacks, deep neural networks (DNNs) are an effective approach based on high-quality training data samples. Feature selection and feature extraction are the primary approaches for data quality enhancement for high-accuracy intrusion detection. However, their enhancement root causes usually present weak [...] Read more.
In detecting large-scale attacks, deep neural networks (DNNs) are an effective approach based on high-quality training data samples. Feature selection and feature extraction are the primary approaches for data quality enhancement for high-accuracy intrusion detection. However, their enhancement root causes usually present weak relationships to the differences between normal and attack behaviors in the data samples. Thus, we propose a Classification Tendency Difference Index (CTDI) model for feature selection and extraction in intrusion detection. The CTDI model consists of three indexes: Classification Tendency Frequency Difference (CTFD), Classification Tendency Membership Difference (CTMD), and Classification Tendency Distance Difference (CTDD). In the dataset, each feature has many feature values (FVs). In each FV, the normal and attack samples indicate the FV classification tendency, and CTDI shows the classification tendency differences between the normal and attack samples. CTFD is the frequency difference between the normal and attack samples. By employing fuzzy C means (FCM) to establish the normal and attack clusters, CTMD is the membership difference between the clusters, and CTDD is the distance difference between the cluster centers. CTDI calculates the index score in each FV and summarizes the scores of all FVs in the feature as the feature score for each of the three indexes. CTDI adopts an Auto Encoder for feature extraction to generate new features from the dataset and calculate the three index scores for the new features. CTDI sorts the original and new features for each of the three indexes to select the best features. The selected CTDI features indicate the best classification tendency differences between normal and attack samples. The experiment results demonstrate that the CTDI features achieve better detection accuracy as classified by DNN for the Aegean WiFi Intrusion Dataset than their related works, and the detection enhancements are based on the improved classification tendency differences in the CTDI features. Full article
(This article belongs to the Special Issue Information and Future Internet Security, Trust and Privacy II)
Show Figures

Figure 1

20 pages, 952 KiB  
Article
An Identity Privacy-Preserving Scheme against Insider Logistics Data Leakage Based on One-Time-Use Accounts
by Nigang Sun, Chenyang Zhu, Yuanyi Zhang and Yining Liu
Future Internet 2023, 15(11), 361; https://doi.org/10.3390/fi15110361 - 05 Nov 2023
Cited by 2 | Viewed by 1537
Abstract
Digital transformation of the logistics industry triggered by the widespread use of Internet of Things (IoT) technology has prompted a significant revolution in logistics companies, further bringing huge dividends to society. However, the concurrent accelerated growth of logistics companies also significantly hinders the [...] Read more.
Digital transformation of the logistics industry triggered by the widespread use of Internet of Things (IoT) technology has prompted a significant revolution in logistics companies, further bringing huge dividends to society. However, the concurrent accelerated growth of logistics companies also significantly hinders the safeguarding of individual privacy. Digital identity has ascended to having the status of a prevalent privacy-protection solution, principally due to its efficacy in mitigating privacy compromises. However, the extant schemes fall short of addressing the issue of privacy breaches engendered by insider maleficence. This paper proposes an innovative identity privacy-preserving scheme aimed at addressing the quandary of internal data breaches. In this scheme, the identity provider furnishes one-time-use accounts for logistics users, thereby obviating the protracted retention of logistics data within the internal database. The scheme also employs ciphertext policy attribute-based encryption (CP-ABE) to encrypt address nodes, wherein the access privileges accorded to logistics companies are circumscribed. Therefore, internal logistics staff have to secure unequivocal authorization from users prior to accessing identity-specific data and privacy protection of user information is also concomitantly strengthened. Crucially, this scheme ameliorates internal privacy concerns, rendering it infeasible for internal interlopers to correlate the users’ authentic identities with their digital wallets. Finally, the effectiveness and reliability of the scheme are demonstrated through simulation experiments and discussions of security. Full article
(This article belongs to the Special Issue Information and Future Internet Security, Trust and Privacy II)
Show Figures

Figure 1

37 pages, 12528 KiB  
Article
Leveraging Taxonomical Engineering for Security Baseline Compliance in International Regulatory Frameworks
by Šarūnas Grigaliūnas, Michael Schmidt, Rasa Brūzgienė, Panayiota Smyrli and Vladislav Bidikov
Future Internet 2023, 15(10), 330; https://doi.org/10.3390/fi15100330 - 07 Oct 2023
Viewed by 1461
Abstract
A surge in successful Information Security (IS) breaches targeting Research and Education (R&E) institutions highlights a pressing need for enhanced protection. Addressing this, a consortium of European National Research and Education Network (NREN) organizations has developed a unified IS framework. This paper aims [...] Read more.
A surge in successful Information Security (IS) breaches targeting Research and Education (R&E) institutions highlights a pressing need for enhanced protection. Addressing this, a consortium of European National Research and Education Network (NREN) organizations has developed a unified IS framework. This paper aims to introduce the Security Baseline for NRENs and a security maturity model tailored for R&E entities, derived from established security best practices to meet the specific needs of NRENs, universities, and various research institutions. The models currently in existence do not possess a system to smoothly correlate varying requirement tiers with distinct user groups or scenarios, baseline standards, and existing legislative actions. This segmentation poses a significant hurdle to the community’s capacity to guarantee consistency, congruency, and thorough compliance with a cohesive array of security standards and regulations. By employing taxonomical engineering principles, a mapping of baseline requirements to other security frameworks and regulations has been established. This reveals a correlation across most regulations impacting R&E institutions and uncovers an overlap in the high-level requirements, which is beneficial for the implementation of multiple standards. Consequently, organizations can systematically compare diverse security requirements, pinpoint gaps in their strategy, and formulate a roadmap to bolster their security initiatives. Full article
(This article belongs to the Special Issue Information and Future Internet Security, Trust and Privacy II)
Show Figures

Graphical abstract

18 pages, 1957 KiB  
Article
An Enhanced Minimax Loss Function Technique in Generative Adversarial Network for Ransomware Behavior Prediction
by Mazen Gazzan and Frederick T. Sheldon
Future Internet 2023, 15(10), 318; https://doi.org/10.3390/fi15100318 - 22 Sep 2023
Cited by 1 | Viewed by 1319
Abstract
Recent ransomware attacks threaten not only personal files but also critical infrastructure like smart grids, necessitating early detection before encryption occurs. Current methods, reliant on pre-encryption data, suffer from insufficient and rapidly outdated attack patterns, despite efforts to focus on select features. Such [...] Read more.
Recent ransomware attacks threaten not only personal files but also critical infrastructure like smart grids, necessitating early detection before encryption occurs. Current methods, reliant on pre-encryption data, suffer from insufficient and rapidly outdated attack patterns, despite efforts to focus on select features. Such an approach assumes that the same features remain unchanged. This approach proves ineffective due to the polymorphic and metamorphic characteristics of ransomware, which generate unique attack patterns for each new target, particularly in the pre-encryption phase where evasiveness is prioritized. As a result, the selected features quickly become obsolete. Therefore, this study proposes an enhanced Bi-Gradual Minimax (BGM) loss function for the Generative Adversarial Network (GAN) Algorithm that compensates for the attack patterns insufficiency to represents the polymorphic behavior at the earlier phases of the ransomware lifecycle. Unlike existing GAN-based models, the BGM-GAN gradually minimizes the maximum loss of the generator and discriminator in the network. This allows the generator to create artificial patterns that resemble the pre-encryption data distribution. The generator is used to craft evasive adversarial patterns and add them to the original data. Then, the generator and discriminator compete to optimize their weights during the training phase such that the generator produces realistic attack patterns, while the discriminator endeavors to distinguish between the real and crafted patterns. The experimental results show that the proposed BGM-GAN reached maximum accuracy of 0.98, recall (0.96), and a minimum false positive rate (0.14) which all outperform those obtained by the existing works. The application of BGM-GAN can be extended to early detect malware and other types of attacks. Full article
(This article belongs to the Special Issue Information and Future Internet Security, Trust and Privacy II)
Show Figures

Figure 1

17 pages, 813 KiB  
Article
On Evaluating IoT Data Trust via Machine Learning
by Timothy Tadj, Reza Arablouei and Volkan Dedeoglu
Future Internet 2023, 15(9), 309; https://doi.org/10.3390/fi15090309 - 12 Sep 2023
Viewed by 1178
Abstract
Data trust in IoT is crucial for safeguarding privacy, security, reliable decision-making, user acceptance, and complying with regulations. Various approaches based on supervised or unsupervised machine learning (ML) have recently been proposed for evaluating IoT data trust. However, assessing their real-world efficacy is [...] Read more.
Data trust in IoT is crucial for safeguarding privacy, security, reliable decision-making, user acceptance, and complying with regulations. Various approaches based on supervised or unsupervised machine learning (ML) have recently been proposed for evaluating IoT data trust. However, assessing their real-world efficacy is hard mainly due to the lack of related publicly available datasets that can be used for benchmarking. Since obtaining such datasets is challenging, we propose a data synthesis method, called random walk infilling (RWI), to augment IoT time-series datasets by synthesizing untrustworthy data from existing trustworthy data. Thus, RWI enables us to create labeled datasets that can be used to develop and validate ML models for IoT data trust evaluation. We also extract new features from IoT time-series sensor data that effectively capture its autocorrelation as well as its cross-correlation with the data of the neighboring (peer) sensors. These features can be used to learn ML models for recognizing the trustworthiness of IoT sensor data. Equipped with our synthesized ground-truth-labeled datasets and informative correlation-based features, we conduct extensive experiments to critically examine various approaches to evaluating IoT data trust via ML. The results reveal that commonly used ML-based approaches to IoT data trust evaluation, which rely on unsupervised cluster analysis to assign trust labels to unlabeled data, perform poorly. This poor performance is due to the underlying assumption that clustering provides reliable labels for data trust, which is found to be untenable. The results also indicate that ML models, when trained on datasets augmented via RWI and using the proposed features, generalize well to unseen data and surpass existing related approaches. Moreover, we observe that a semi-supervised ML approach that requires only about 10% of the data labeled offers competitive performance while being practically more appealing compared to the fully supervised approaches. The related Python code and data are available online. Full article
(This article belongs to the Special Issue Information and Future Internet Security, Trust and Privacy II)
Show Figures

Figure 1

20 pages, 1231 KiB  
Article
Intelligent Unsupervised Network Traffic Classification Method Using Adversarial Training and Deep Clustering for Secure Internet of Things
by Weijie Zhang, Lanping Zhang, Xixi Zhang, Yu Wang, Pengfei Liu and Guan Gui
Future Internet 2023, 15(9), 298; https://doi.org/10.3390/fi15090298 - 01 Sep 2023
Viewed by 1339
Abstract
Network traffic classification (NTC) has attracted great attention in many applications such as secure communications, intrusion detection systems. The existing NTC methods based on supervised learning rely on sufficient labeled datasets in the training phase, but for most traffic datasets, it is difficult [...] Read more.
Network traffic classification (NTC) has attracted great attention in many applications such as secure communications, intrusion detection systems. The existing NTC methods based on supervised learning rely on sufficient labeled datasets in the training phase, but for most traffic datasets, it is difficult to obtain label information in practical applications. Although unsupervised learning does not rely on labels, its classification accuracy is not high, and the number of data classes is difficult to determine. This paper proposes an unsupervised NTC method based on adversarial training and deep clustering with improved network traffic classification (NTC) and lower computational complexity in comparison with the traditional clustering algorithms. Here, the training process does not require data labels, which greatly reduce the computational complexity of the network traffic classification through pretraining. In the pretraining stage, an autoencoder (AE) is used to reduce the dimension of features and reduce the complexity of the initial high-dimensional network traffic data features. Moreover, we employ the adversarial training model and a deep clustering structure to further optimize the extracted features. The experimental results show that our proposed method has robust performance, with a multiclassification accuracy of 92.2%, which is suitable for classification with a large number of unlabeled data in actual application scenarios. This paper only focuses on breakthroughs in the algorithm stage, and future work can be focused on the deployment and adaptation in practical environments. Full article
(This article belongs to the Special Issue Information and Future Internet Security, Trust and Privacy II)
Show Figures

Figure 1

20 pages, 1172 KiB  
Article
Applying Detection Leakage on Hybrid Cryptography to Secure Transaction Information in E-Commerce Apps
by Mishall Al-Zubaidie and Ghanima Sabr Shyaa
Future Internet 2023, 15(8), 262; https://doi.org/10.3390/fi15080262 - 01 Aug 2023
Cited by 5 | Viewed by 1446
Abstract
Technology advancements have driven a boost in electronic commerce use in the present day due to an increase in demand processes, regardless of whether goods, products, services, or payments are being bought or sold. Various goods are purchased and sold online by merchants [...] Read more.
Technology advancements have driven a boost in electronic commerce use in the present day due to an increase in demand processes, regardless of whether goods, products, services, or payments are being bought or sold. Various goods are purchased and sold online by merchants (M)s for large amounts of money. Nonetheless, during the transmission of information via electronic commerce, Ms’ information may be compromised or attacked. In order to enhance the security of e-commerce transaction data, particularly sensitive M information, we have devised a protocol that combines the Fernet (FER) algorithm with the ElGamal (ELG) algorithm. Additionally, we have integrated data leakage detection (DLD) technology to verify the integrity of keys, encryptions, and decryptions. The integration of these algorithms ensures that electronic-commerce transactions are both highly secure and efficiently processed. Our analysis of the protocol’s security and performance indicates that it outperforms the algorithms used in previous studies, providing superior levels of security and performance. Full article
(This article belongs to the Special Issue Information and Future Internet Security, Trust and Privacy II)
Show Figures

Figure 1

26 pages, 496 KiB  
Article
KubeHound: Detecting Microservices’ Security Smells in Kubernetes Deployments
by Giorgio Dell’Immagine, Jacopo Soldani and Antonio Brogi
Future Internet 2023, 15(7), 228; https://doi.org/10.3390/fi15070228 - 26 Jun 2023
Cited by 3 | Viewed by 1890
Abstract
As microservice-based architectures are increasingly adopted, microservices security has become a crucial aspect to consider for IT businesses. Starting from a set of “security smells” for microservice applications that were recently proposed in the literature, we enable the automatic detection of such smells [...] Read more.
As microservice-based architectures are increasingly adopted, microservices security has become a crucial aspect to consider for IT businesses. Starting from a set of “security smells” for microservice applications that were recently proposed in the literature, we enable the automatic detection of such smells in microservice applications deployed with Kubernetes. We first introduce possible analysis techniques to automatically detect security smells in Kubernetes-deployed microservices. We then demonstrate the practical applicability of the proposed techniques by introducing KubeHound, an extensible prototype tool for automatically detecting security smells in microservice applications, and which already features a selected subset of the discussed analyses. We finally show that KubeHound can effectively detect instances of security smells in microservice applications by means of controlled experiments and by applying it to existing, third-party applications. Full article
(This article belongs to the Special Issue Information and Future Internet Security, Trust and Privacy II)
Show Figures

Figure 1

22 pages, 1089 KiB  
Article
Task-Aware Meta Learning-Based Siamese Neural Network for Classifying Control Flow Obfuscated Malware
by Jinting Zhu, Julian Jang-Jaccard, Amardeep Singh, Paul A. Watters and Seyit Camtepe
Future Internet 2023, 15(6), 214; https://doi.org/10.3390/fi15060214 - 14 Jun 2023
Viewed by 1136
Abstract
Malware authors apply different techniques of control flow obfuscation, in order to create new malware variants to avoid detection. Existing Siamese neural network (SNN)-based malware detection methods fail to correctly classify different malware families when such obfuscated malware samples are present in the [...] Read more.
Malware authors apply different techniques of control flow obfuscation, in order to create new malware variants to avoid detection. Existing Siamese neural network (SNN)-based malware detection methods fail to correctly classify different malware families when such obfuscated malware samples are present in the training dataset, resulting in high false-positive rates. To address this issue, we propose a novel task-aware few-shot-learning-based Siamese Neural Network that is resilient against the presence of malware variants affected by such control flow obfuscation techniques. Using the average entropy features of each malware family as inputs, in addition to the image features, our model generates the parameters for the feature layers, to more accurately adjust the feature embedding for different malware families, each of which has obfuscated malware variants. In addition, our proposed method can classify malware classes, even if there are only one or a few training samples available. Our model utilizes few-shot learning with the extracted features of a pre-trained network (e.g., VGG-16), to avoid the bias typically associated with a model trained with a limited number of training samples. Our proposed approach is highly effective in recognizing unique malware signatures, thus correctly classifying malware samples that belong to the same malware family, even in the presence of obfuscated malware variants. Our experimental results, validated by N-way on N-shot learning, show that our model is highly effective in classification accuracy, exceeding a rate >91%, compared to other similar methods. Full article
(This article belongs to the Special Issue Information and Future Internet Security, Trust and Privacy II)
Show Figures

Figure 1

19 pages, 1060 KiB  
Article
Protecting Function Privacy and Input Privacy in the Publicly Verifiable Outsourcing Computation of Polynomial Functions
by Beibei Song, Dehua Zhou, Jiahe Wu, Xiaowei Yuan, Yiming Zhu and Chuansheng Wang
Future Internet 2023, 15(4), 152; https://doi.org/10.3390/fi15040152 - 21 Apr 2023
Cited by 1 | Viewed by 1378
Abstract
With the prevalence of cloud computing, the outsourcing of computation has gained significant attention. Clients with limited computing power often outsource complex computing tasks to the cloud to save on computing resources and costs. In outsourcing the computation of functions, a function owner [...] Read more.
With the prevalence of cloud computing, the outsourcing of computation has gained significant attention. Clients with limited computing power often outsource complex computing tasks to the cloud to save on computing resources and costs. In outsourcing the computation of functions, a function owner delegates a cloud server to perform the function’s computation on the input received from the user. There are three primary security concerns associated with this process: protecting function privacy for the function owner, protecting input privacy for the user and guaranteeing that the cloud server performs the computation correctly. Existing works have only addressed privately verifiable outsourcing computation with privacy or publicly verifiable outsourcing computation without input privacy or function privacy. By using the technologies of homomorphic encryption, proxy re-encryption and verifiable computation, we propose the first publicly verifiable outsourcing computation scheme that achieves both input privacy and function privacy for matrix functions, which can be extended to arbitrary multivariate polynomial functions. We additionally provide a faster privately verifiable method. Moreover, the function owner retains control over the function. Full article
(This article belongs to the Special Issue Information and Future Internet Security, Trust and Privacy II)
Show Figures

Figure 1

Show export options expand_more Show export options expand_less
Select all
Export citation of selected articles as:
 
Displaying articles 1-14
Back to TopTop