PLOS ONE: [sortOrder=DATE_NEWEST_FIRST, sort=Date, newest first, q=subject:"Computer security"]PLOShttps://journals.plos.org/plosone/webmaster@plos.orgaccelerating the publication of peer-reviewed sciencehttps://journals.plos.org/plosone/search/feed/atom?sortOrder=DATE_NEWEST_FIRST&unformattedQuery=subject:%22Computer+security%22&sort=Date,+newest+firstAll PLOS articles are Open Access.https://journals.plos.org/plosone/resource/img/favicon.icohttps://journals.plos.org/plosone/resource/img/favicon.ico2024-03-29T10:05:20ZCybersecurity on a budget: Evaluating security and performance of open-source SIEM solutions for SMEsJawad ManzoorAbdul WaleedAbdul Fareed JamaliAmmar Masood10.1371/journal.pone.03011832024-03-28T14:00:00Z2024-03-28T14:00:00Z<p>by Jawad Manzoor, Abdul Waleed, Abdul Fareed Jamali, Ammar Masood</p>
The proliferation of cyber threats necessitates robust security measures to safeguard critical assets and data in today’s evolving digital landscape. Small and Medium Enterprises (SMEs), which are the backbone of the global economy are particularly vulnerable to these threats due to inadequate protection for critical and sensitive information, budgetary constraints, and lack of cybersecurity expertise and personnel. Security Information and Event Management (SIEM) systems have emerged as pivotal tools for monitoring, detecting, and responding to security incidents. While proprietary SIEM solutions have historically dominated the market, open-source SIEM systems have gained prominence for their accessibility and cost-effectiveness for SMEs. This article presents a comprehensive study focusing on the evaluation of open-source SIEM systems. The research investigates the capabilities of these open-source solutions in addressing modern security challenges and compliance with regulatory requirements. Performance aspects are explored through empirical testing in simulated enterprise-grade SME network environments to assess resource utilization, and real-time data processing capabilities. By providing a rigorous assessment of the security and performance features of open-source SIEM systems, this research offers valuable insights to cybersecurity practitioners, organizations seeking cost-effective security solutions, and the broader academic community. The findings shed light on the strengths and limitations of these systems, aiding decision-makers in selecting the most suitable SIEM solution for their specific requirements while enhancing the cybersecurity posture of SMEs.Z2F: Heterogeneous graph-based Android malware detectionZiwei MaNurbor Luktarhan10.1371/journal.pone.03009752024-03-28T14:00:00Z2024-03-28T14:00:00Z<p>by Ziwei Ma, Nurbor Luktarhan</p>
Android malware is becoming more common, and its invasion of smart devices has brought immeasurable losses to people’s lives. Most existing Android malware detection methods extract Android features from the original application files without considering the high-order hidden information behind them, but these hidden information can reflect malicious behaviors. To solve this problem, this paper proposes Z2F, a detection framework based on multidimensional Android feature extraction and graph neural networks for Android applications. Z2F first extracts seven types of Android features from the original Android application and then embeds them into a heterogeneous graph. On this basis, we design 12 kinds of meta-structures to analyze different semantic spaces of heterogeneous graphs, mine high-order hidden semantic information, and adopt a multi-layer graph attention mechanism to iteratively embed and update information. In this paper, a total of 14429 Android applications were detected and 1039726 Android features were extracted, with a detection accuracy of 99.7%.ChainAgile: A framework for the improvement of Scrum Agile distributed software development based on blockchainJunaid Nasir QureshiMuhammad Shoaib Farooq10.1371/journal.pone.02993242024-03-21T14:00:00Z2024-03-21T14:00:00Z<p>by Junaid Nasir Qureshi, Muhammad Shoaib Farooq</p>
Software Development based on Scrum Agile in a distributed development environment plays a pivotal role in the contemporary software industry by facilitating software development across geographic boundaries. However, in the past different frameworks utilized to address the challenges like communication and collaboration in scrum agile distributed software development (SADSD) were notably inadequate in transparency, security, traceability, geographically dispersed location work agreements, geographically dispersed teamwork effectiveness, and trust. These deficiencies frequently resulted in delays in software development and deployment, customer dissatisfaction, canceled agreements, project failures, and disputes over payments between customers and development teams. To address these challenges of SADSD, this paper proposes a new framework called ChainAgile, which leverages blockchain technology. ChainAgile employs a private Ethereum blockchain to facilitate the execution of smart contracts. These smart contracts cover a range of functions, including acceptance testing, secure payments, requirement verification, task prioritization, sprint backlog, user story design and development and payments with the automated distribution of payments via digital wallets to development teams. Moreover, in the ChainAgile framework, smart contracts also play a pivotal role in automatically imposing penalties on customers for making late payments or for no payments and penalties on developers for completing the tasks that exceed their deadlines. Furthermore, ChainAgile effectively addresses the scalability limitations intrinsic in blockchain technology by incorporating the Interplanetary File System (IPFS) is used for storage solutions as an off-chain mechanism. The experimental results conclusively show that this innovative approach substantially improves transparency, traceability, coordination, communication, security, and trust for both customers and developers engaged in scrum agile distributed software development (SADSD).A lightweight and secure protocol for teleworking environmentFahad AlgarniSaeed Ullah Jan10.1371/journal.pone.02982762024-03-21T14:00:00Z2024-03-21T14:00:00Z<p>by Fahad Algarni, Saeed Ullah Jan</p>
The Internet has advanced so quickly that we can now access any service at any time, from any location. As a result of this capability, People around the world can benefit from the popularity and convenience of teleworking systems. Teleworking systems, however, are vulnerable to a range of attacks; as an unauthorized user enters the open communication line and compromises the whole system, that, in turn, creates a big hurdle for the teleworkers. Professional groups have presented numerous mechanisms for the security of teleworking systems to stop any harm, but there are still a lot of security issues like insider, stolen verifier, masquerade, replay, traceability and impersonation threats. In this paper, we propose that one of the security issues with teleworking systems is the lack of a secure authentication mechanism. In order to provide a secure teleworking environment, we have proposed a lightweight and secure protocol to authenticate all the participants and make the requisite services available in an efficient manner. The security analysis of the presented protocol has been investigated formally using the random oracle model (ROM) and ProVerif simulation and informally through illustration/attack discussions. Meanwhile, the performance metrics have been measured by considering computation and communication overheads. Upon comparing the proposed protocol with prior works, it has been demonstrated that our protocol is superior to its competitors. It is suitable for implementation because it achieved a 73% improvement in computation and 34% in communication costs.TurboBlom: A light and resilient key predistribution scheme with application to Internet of ThingsMajid KhabbazianReihaneh Safavi-NainiAhmad Shabani-Baghani10.1371/journal.pone.02951902024-03-20T14:00:00Z2024-03-20T14:00:00Z<p>by Majid Khabbazian, Reihaneh Safavi-Naini, Ahmad Shabani-Baghani</p>
In the Internet of Things (IoT), there are often devices that are computationally too constrained to establish a security key using traditional key distribution mechanisms such as those based on the Diffie-Hellman key exchange. To address this, current solution commonly rely on key predistribution schemes (KPSs). Among KPSs, the Blom scheme provably provides the highest resilience against node capture attacks. This, however, comes at high computational overhead, because the Blom scheme requires many multiplications over a large finite field. To overcome this computational overhead, we present TurboBlom, a novel amendment of the Blom scheme. TurboBlom circumvents the need for field multiplications by utilizing specialized generator matrices, such as random zero-one matrices. We demonstrate that, through this approach, TurboBlom can significantly reduce the computational overhead of the Blom scheme by orders of magnitude. In our next key finding, we demonstrate that TurboBlom offers a level of resilience against node capture that is virtually on par with the Blom scheme. Notably, we prove that the gap between the resilience of the two schemes is exponentially small. These features of TurboBlom (i.e., low computational overhead and high resilience) make it suitable for computationally constrained devices. Such devices exist in abundance in IoT, for example, as part of Low Power and Lossy Networks (LLNs). To demonstrate a sample application of TurboBlom, we show how to use it to enable sender authentication in the Routing Protocol for LLNs (RPL), a standard routing protocol for IoT.Access authentication via blockchain in space information networkMuhammad ArshadLiu JianweiMuhammad KhalidWaqar KhalidYue CaoFakhri Alam Khan10.1371/journal.pone.02912362024-03-07T14:00:00Z2024-03-07T14:00:00Z<p>by Muhammad Arshad, Liu Jianwei, Muhammad Khalid, Waqar Khalid, Yue Cao, Fakhri Alam Khan</p>
Space Information Network (SIN) has significant benefits of providing communication anywhere at any time. This feature offers an innovative way for conventional wireless customers to access enhanced internet services by using SIN. However, SIN’s characteristics, such as naked links and maximum signal latency, make it difficult to design efficient security and routing protocols, etc. Similarly, existing SIN authentication techniques can’t satisfy all of the essentials for secure communication, such as privacy leaks or rising authentication latency. The article aims to develop a novel blockchain-based access authentication mechanism for SIN. The proposed scheme uses a blockchain application, which has offered anonymity to mobile users while considering the satellites’ limited processing capacity. The proposed scheme uses a blockchain application, which offers anonymity to mobile users while considering the satellites’ limited processing capacity. The SIN gains the likelihood of far greater computational capacity devices as technology evolves. Since authenticating in SIN, the technique comprises three entities: low Earth orbit, mobile user, and network control centre. The proposed mutual authentication mechanism avoids the requirement of a ground station, resulting in less latency and overhead during mobile user authentication. Finally, the new blockchain-based authentication approach is being evaluated with AVISPA, a formal security tool. The simulation and performance study results illustrate that the proposed technique delivers efficient security characteristics such as low authentication latency, minimal signal overhead and less computational cost with group authentication.An enhanced multilevel secure data dissemination approximate solution for future networksMohammad Mahmood OtoomMahdi JemmaliAkram Y. SarhanImen AchourIbrahim AlsaduniMohamed Nazih Omri10.1371/journal.pone.02964332024-02-08T14:00:00Z2024-02-08T14:00:00Z<p>by Mohammad Mahmood Otoom, Mahdi Jemmali, Akram Y. Sarhan, Imen Achour, Ibrahim Alsaduni, Mohamed Nazih Omri</p>
Sensitive data, such as financial, personal, or classified governmental information, must be protected throughout its cycle. This paper studies the problem of safeguarding transmitted data based on data categorization techniques. This research aims to use a novel routine as a new meta-heuristic to enhance a novel data categorization based-traffic classification technique where private data is classified into multiple confidential levels. As a result, two packets belonging to the same confidentiality level cannot be transmitted through two routers simultaneously, ensuring a high data protection level. Such a problem is determined by a non-deterministic polynomial-time hardness (NP-hard) problem; therefore, a scheduling algorithm is applied to minimize the total transmission time over the two considered routers. To measure the proposed scheme’s performance, two types of distribution, uniform and binomial distributions used to generate packets transmission time datasets. The experimental result shows that the most efficient algorithm is the Best-Random Algorithm (B R ˜), recording 0.028 s with an average gap of less than 0.001 in 95.1% of cases compared to all proposed algorithms. In addition, B R ˜ is compared to the best-proposed algorithm in the literature which is the Modified decreasing Estimated-Transmission Time algorithm (<i>MDETA</i>). The results show that B R ˜ is the best one in 100% of cases where <i>MDETA</i> reaches the best results in only 48%.AMDDLmodel: Android smartphones malware detection using deep learning modelMuhammad AamirMuhammad Waseem IqbalMariam NosheenM. Usman AshrafAhmad ShafKhalid Ali AlmarhabiAhmed Mohammed AlghamdiAdel A. Bahaddad10.1371/journal.pone.02967222024-01-19T14:00:00Z2024-01-19T14:00:00Z<p>by Muhammad Aamir, Muhammad Waseem Iqbal, Mariam Nosheen, M. Usman Ashraf, Ahmad Shaf, Khalid Ali Almarhabi, Ahmed Mohammed Alghamdi, Adel A. Bahaddad</p>
Android is the most popular operating system of the latest mobile smart devices. With this operating system, many Android applications have been developed and become an essential part of our daily lives. Unfortunately, different kinds of Android malware have also been generated with these applications’ endless stream and somehow installed during the API calls, permission granted and extra packages installation and badly affected the system security rules to harm the system. Therefore, it is compulsory to detect and classify the android malware to save the user’s privacy to avoid maximum damages. Many research has already been developed on the different techniques related to android malware detection and classification. In this work, we present AMDDLmodel a deep learning technique that consists of a convolutional neural network. This model works based on different parameters, filter sizes, number of epochs, learning rates, and layers to detect and classify the android malware. The Drebin dataset consisting of 215 features was used for this model evaluation. The model shows an accuracy value of 99.92%. The other statistical values are precision, recall, and F1-score. AMDDLmodel introduces innovative deep learning for Android malware detection, enhancing accuracy and practical user security through inventive feature engineering and comprehensive performance evaluation. The AMDDLmodel shows the highest accuracy values as compared to the existing techniques.Application of error level analysis in image spam classification using deep learning modelAngom Buboo SinghKhumanthem Manglem Singh10.1371/journal.pone.02910372023-12-14T14:00:00Z2023-12-14T14:00:00Z<p>by Angom Buboo Singh, Khumanthem Manglem Singh</p>
Image spam is a type of spam that contains text information inserted in an image file. Traditional classification systems based on feature engineering require manual extraction of certain quantitative and qualitative image features for classification. However, these systems are often not robust to adversarial attacks. In contrast, classification pipelines that use convolutional neural network (CNN) models automatically extract features from images. This approach has been shown to achieve high accuracies even on challenge datasets that are designed to defeat the purpose of classification. We propose a method for improving the performance of CNN models for image spam classification. Our method uses the concept of error level analysis (ELA) as a pre-processing step. ELA is a technique for detecting image tampering by analyzing the error levels of the image pixels. We show that ELA can be used to improve the accuracy of CNN models for image spam classification, even on challenge datasets. Our results demonstrate that the application of ELA as a pre-processing technique in our proposed model can significantly improve the results of the classification tasks on image spam datasets.Extension of correlation coefficient based TOPSIS technique for interval-valued Pythagorean fuzzy soft set: A case study in extract, transform, and load techniquesRana Muhammad ZulqarnainImran SiddiqueMuhammad AsifHijaz AhmadSameh AskarShahid Hussain Gurmani10.1371/journal.pone.02870322023-10-30T14:00:00Z2023-10-30T14:00:00Z<p>by Rana Muhammad Zulqarnain, Imran Siddique, Muhammad Asif, Hijaz Ahmad, Sameh Askar, Shahid Hussain Gurmani</p>
Correlation is an essential statistical concept for analyzing two dissimilar variables’ relationships. Although the correlation coefficient is a well-known indicator, it has not been applied to interval-valued Pythagorean fuzzy soft sets (IVPFSS) data. IVPFSS is a generalized form of interval-valued intuitionistic fuzzy soft sets and a refined extension of Pythagorean fuzzy soft sets. In this study, we propose the correlation coefficient (CC) and weighted correlation coefficient (WCC) for IVPFSS and examine their necessary properties. Based on the proposed correlation measures, we develop a prioritization technique for order preference by similarity to the ideal solution (TOPSIS). We use the Extract, Transform, and Load (ETL) software selection as an example to demonstrate the application of these measures and construct a prioritization technique for order preference by similarity to the ideal solution (TOPSIS) model. The method investigates the challenge of optimizing ETL software selection for business intelligence (BI). This study offers to illuminate the significance of using correlation measures to make decisions in uncertain and complex settings. The multi-attribute decision-making (MADM) approach is a powerful instrument with many applications. This expansion is predicted to conclude in a more reliable decision-making structure. Using a sensitivity analysis, we contributed empirical studies to determine the most significant decision processes. The proposed algorithm’s productivity is more consistent than prevalent models in controlling the adequate conformations of the anticipated study. Therefore, this research is expected to contribute significantly to statistics and decision-making.Attentive transformer deep learning algorithm for intrusion detection on IoT systems using automatic Xplainable feature selectionDemóstenes Zegarra RodríguezOgobuchi Daniel OkeySiti Sarah MaidinEkikere Umoren UdoJoão Henrique Kleinschmidt10.1371/journal.pone.02866522023-10-16T14:00:00Z2023-10-16T14:00:00Z<p>by Demóstenes Zegarra Rodríguez, Ogobuchi Daniel Okey, Siti Sarah Maidin, Ekikere Umoren Udo, João Henrique Kleinschmidt</p>
Recent years have witnessed an in-depth proliferation of the Internet of Things (IoT) and Industrial Internet of Things (IIoT) systems linked to Industry 4.0 technology. The increasing rate of IoT device usage is associated with rising security risks resulting from malicious network flows during data exchange between the connected devices. Various security threats have shown high adverse effects on the availability, functionality, and usability of the devices among which denial of service (DoS) and distributed denial of service (DDoS), which attempt to exhaust the capacity of the IoT network (gateway), thereby causing failure in the functionality of the system have been more pronounced. Various machine learning and deep learning algorithms have been used to propose intelligent intrusion detection systems (IDS) to mitigate the challenging effects of these network threats. One concern is that although deep learning algorithms have shown good accuracy results on tabular data, not all deep learning algorithms can perform well on tabular datasets, which happen to be the most commonly available format of datasets for machine learning tasks. Again, there is also the challenge of model explainability and feature selection, which affect model performance. In this regard, we propose a model for IDS that uses attentive mechanisms to automatically select salient features from a dataset to train the IDS model and provide explainable results, the TabNet-IDS. We implement the proposed model using the TabNet algorithm based on PyTorch which is a deep-learning framework. The results obtained show that the TabNet architecture can be used on tabular datasets for IoT security to achieve good results comparable to those of neural networks, reaching an accuracy of 97% on CIC-IDS2017, 95% on CSE-CICIDS2018 and 98% on CIC-DDoS2019 datasets.An automated system of intrusion detection by IoT-aided MQTT using improved heuristic-aided autoencoder and LSTM-based Deep Belief NetworkP. M. VijayanS. Sundar10.1371/journal.pone.02918722023-10-04T14:00:00Z2023-10-04T14:00:00Z<p>by P. M. Vijayan, S. Sundar</p>
The IoT offered an enormous number of services with the help of multiple applications so it faces various security-related problems and also heavy malicious attacks. Initially, the IoT data are gathered from the standard dataset as Message Queuing Telemetry Transport (MQTT) set. Further, the collected data are undergone the pre-processing stage, which is accomplished by using data cleaning and data transformation. The resultant processed data is given into two models named (i) Autoencoder with Deep Belief Network (DBN), in which the optimal features are selected from Autoencoder with the aid of Modified Archimedes Optimization Algorithm (MAOA). Further, the optimal features are subjected to the AL-DBN model, where the first classified outcomes are obtained with the parameter optimization of MAOA. Similarly, (ii) Long Short-Term Memory (LSTM) with DBN, in this model, the optimal features are chosen from LSTM with the aid of MAOA. Consequently, the optimal features are subjected into the AL-DBN model, where the second classified outcomes are acquired. Finally, the average score is estimated by two outcomes to provide the final classified result. Thus, the findings reveal that the suggested system achieves outstanding results to detect the attack significantly.Certificateless broadcast signcryption scheme supporting equality test in smart gridShufen NiuRunyuan DongLizhi Fang10.1371/journal.pone.02906662023-09-07T14:00:00Z2023-09-07T14:00:00Z<p>by Shufen Niu, Runyuan Dong, Lizhi Fang</p>
With the development of cloud computing and the application of Internet of Things (IoT) in the smart grid, a massive amount of sensitive data is produced by the terminal equipment. This vast amount of data is subject to various attacks during transmission, from which users must be protected. However, most of the existing schemes require a large amount of network bandwidth resources and cannot ensure the receiver’s anonymity. To solve these shortcomings, we construct a broadcast signcryption scheme supporting equality test based on certificateless cryptosystem. The scheme employs a symmetric encryption algorithm to improve encryption and transmission efficiency; The Lagrange interpolation theorem is used to encrypt the user’s identity to ensure the privacy preservation of terminal devices; And a trusted third party is used to eliminate duplicated ciphertext for identical messages using an equality test, resulting in efficient network bandwidth utilization. Experimental analysis shows that our work has greater advantages in the field of practical broadcast services.Analysing potential data security losses in organisations based on subsequent users loginsBenjamin Aziz10.1371/journal.pone.02868562023-08-24T14:00:00Z2023-08-24T14:00:00Z<p>by Benjamin Aziz</p>
Multi-user computer environments pose potential threats to users data in organisations, in that unauthorised subsequent users who log on to the same computer could leak, alter or delete data belonging to users who previously logged in to the same computer. Such a threat is inspired by Locard’s exchange principle, which states (in its digital form) that every interaction with a system must ultimately leave some trace, and as a result, such trace could carry with it sensitive information that subsequent interactions may obtain without authorisation. Therefore, we attempt in this paper to define a subsequent users analysis that calculates this potential loss in data security based on data visibility and sensitivity values. We outline how such analysis can be used in the real world to enhance decision making process when logging in to a shared computer. We adopt a data-driven approach in defining our analysis and we demonstrate the validity of the analysis over a large open Cybersecurity dataset, which associates users with computers.Implementation and prospective real-time evaluation of a generalized system for in-clinic deployment and validation of machine learning models in radiologyJames R. HawkinsMarram P. OlsonAhmed HarouniMing Melvin QinChristopher P. HessSharmila MajumdarJason C. Crane10.1371/journal.pdig.00002272023-08-21T14:00:00Z2023-08-21T14:00:00Z<p>by James R. Hawkins, Marram P. Olson, Ahmed Harouni, Ming Melvin Qin, Christopher P. Hess, Sharmila Majumdar, Jason C. Crane</p>
The medical imaging community has embraced Machine Learning (ML) as evidenced by the rapid increase in the number of ML models being developed, but validating and deploying these models in the clinic remains a challenge. The engineering involved in integrating and assessing the efficacy of ML models within the clinical workflow is complex. This paper presents a general-purpose, end-to-end, clinically integrated ML model deployment and validation system implemented at UCSF. Engineering and usability challenges and results from 3 use cases are presented. A generalized validation system based on free, open-source software (OSS) was implemented, connecting clinical imaging modalities, the Picture Archiving and Communication System (PACS), and an ML inference server. ML pipelines were implemented in NVIDIA’s Clara Deploy framework with results and clinician feedback stored in a customized XNAT instance, separate from the clinical record but linked from within PACS. Prospective clinical validation studies of 3 ML models were conducted, with data routed from multiple clinical imaging modalities and PACS. Completed validation studies provided expert clinical feedback on model performance and usability, plus system reliability and performance metrics. Clinical validation of ML models entails assessing model performance, impact on clinical infrastructure, robustness, and usability. Study results must be easily accessible to participating clinicians but remain outside the clinical record. Building a system that generalizes and scales across multiple ML models takes the concerted effort of software engineers, clinicians, data scientists, and system administrators, and benefits from the use of modular OSS. The present work provides a template for institutions looking to translate and clinically validate ML models in the clinic, together with required resources and expected challenges.