Review
Computer Science, Information Systems
Asadullah Safi, Satwinder Singh
Summary: This study presents a systematic literature survey on various phishing detection approaches, including Lists Based, Visual Similarity, Heuristic, Machine Learning, and Deep Learning based techniques. The research reveals that Machine Learning techniques, particularly the Random Forest Classifier algorithm, are widely used in phishing detection. Furthermore, the Convolution Neural Network (CNN) achieves the highest accuracy of 99.98% in detecting phishing websites according to different studies.
JOURNAL OF KING SAUD UNIVERSITY-COMPUTER AND INFORMATION SCIENCES
(2023)
Article
Computer Science, Theory & Methods
Ruitao Feng, Sen Chen, Xiaofei Xie, Guozhu Meng, Shang-Wei Lin, Yang Liu
Summary: The current approach for Android malware detection relies on server-side scanning, yet a final defense line on mobile devices is still necessary. This paper introduces an effective real-time detection system on mobile devices, evaluating the impact of different parameters on detection performance.
IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY
(2021)
Article
Computer Science, Information Systems
Senming Yan, Jing Ren, Wei Wang, Limin Sun, Wei Zhang, Quan Yu
Summary: Malware is a serious threat to cyber security, as attackers use it for unauthorized access, data theft, blackmail, etc. Machine learning-based defense methods are vulnerable to adversarial attacks, but defenders are developing approaches to enhance the robustness of malware classifiers. The continuous confrontation between attackers and defenders drives the evolution of malware classification.
IEEE COMMUNICATIONS SURVEYS AND TUTORIALS
(2023)
Review
Psychology, Multidisciplinary
Ahmed A. Moustafa, Abubakar Bello, Alana Maurushat
Summary: The term 'information security' has been replaced by the more generic term 'cybersecurity'. This paper aims to show that behavioral sciences focused on user behavior can provide key techniques to enhance cybersecurity. Research suggests that computer system users possess varying cognitive abilities which determine their capability to counter information security threats.
FRONTIERS IN PSYCHOLOGY
(2021)
Article
Chemistry, Analytical
Syed Ghazanfar Abbas, Ivan Vaccari, Faisal Hussain, Shahzaib Zahid, Ubaid Ullah Fayyaz, Ghalib A. Shah, Taimur Bakhshi, Enrico Cambiaso
Summary: The Internet of Things (IoT) allows objects to connect to the Internet for meaningful purposes, but also faces increasing security threats, particularly phishing attacks targeting IoT devices. This paper proposes a threat modelling approach to identify and mitigate cyber-threats that may cause phishing attacks, focusing on smart autonomous vehicular systems and smart homes as significant IoT use cases. The proposed approach aims to support IoT researchers, engineers, and policymakers in securing IoT devices and systems during the early design stages for secure deployment in critical infrastructures.
Article
Psychology, Multidisciplinary
Eric Rutger Leukfeldt, Thomas J. Holt
Summary: Criminologists have debated whether offenders are specialists or versatile in committing cybercrimes, with this study finding that half of offender networks specialize in certain forms of cybercrime while the other half commit various types of crimes. The study suggests that treating cybercriminals as a distinct offender group may have limited value.
COMPUTERS IN HUMAN BEHAVIOR
(2022)
Article
Computer Science, Information Systems
Kuldeep Singh, Palvi Aggarwal, Prashanth Rajivan, Cleotilde Gonzalez
Summary: This study conducted laboratory experiments to investigate how to effectively shape end-users' experiences in order to improve their detection of phishing emails. The results showed that the type of feedback provided during training and the frequency of phishing emails had an impact on participants' subsequent judgments. Therefore, when designing anti-phishing training, it is important to consider the influence of these factors on human learning and decision making.
COMPUTERS & SECURITY
(2023)
Article
Computer Science, Information Systems
Hossein Abroshan, Jan Devos, Geert Poels, Eric Laermans
Summary: Users' behaviors and attitudes can influence the likelihood of being victimized by phishing attacks. Risk-taking and decision-making styles play a role in phishing victimization in different steps. In addition to risk-taking attitude and gender, there may be other behavioral factors affecting susceptibility to phishing.
Article
Computer Science, Information Systems
Felipe Castano, Eduardo Fidalgo Fernandez, Rocio Alaiz-Rodriguez, Enrique Alegre
Summary: Recent studies have shown that phishers are using phishing kits to deploy phishing attacks faster, easier and on a larger scale. This study proposes a novel dataset called PhiKitA, which contains phishing kits and phishing websites generated using these kits. The study applies MD5 hashes, fingerprints, and graph representation DOM algorithms to analyze the dataset, with promising results in detecting phishing campaigns and classifying phishing websites.
Article
Computer Science, Information Systems
Ala Mughaid, Shadi AlZu'bi, Adnan Hnaif, Salah Taamneh, Asma Alnajjar, Esraa Abu Elsoud
Summary: This paper proposes a method to detect phishing attacks using machine learning techniques and provides detailed introductions to various phishing techniques and solutions. The research shows that phishing emails are the most effective attack method, and the machine learning algorithm with the most features achieves the most accurate and efficient results.
CLUSTER COMPUTING-THE JOURNAL OF NETWORKS SOFTWARE TOOLS AND APPLICATIONS
(2022)
Article
Engineering, Civil
Imran Ashraf, Yongwan Park, Soojung Hur, Sung Won Kim, Roobaea Alroobaea, Yousaf Bin Zikria, Summera Nosheen
Summary: This article presents the cyber security threats and their potential impact and loss scale on the maritime industry. It provides recommendations and countermeasures to mitigate the impact of cyber security breaches, emphasizing the necessity of efficient security policies for the future.
IEEE TRANSACTIONS ON INTELLIGENT TRANSPORTATION SYSTEMS
(2023)
Article
Computer Science, Information Systems
Doron Hillman, Yaniv Harel, Eran Toch
Summary: Employees are often targets of phishing attacks, posing risks to both themselves and their organizations. To counter this, organizations invest in training staff to recognize simulated phishing attacks, but the actual effectiveness of these efforts in large enterprises is not well understood. In a controlled experiment with 5,000 employees in an Israeli financial institution, we found that personalized phrasing in phishing simulation emails increased employee engagement. The timing of training and the business units also influenced the phishing Click-Through Rate (CTR), highlighting the need for a data-driven approach to enhance organizational awareness of phishing.
COMPUTERS & SECURITY
(2023)
Article
Computer Science, Information Systems
Amit Kumar Sikder, Giuseppe Petracca, Hidayet Aksu, Trent Jaeger, A. Selcuk Uluagac
Summary: The increasing popularity of smart devices has raised concerns over security threats, particularly attacks that abuse sensors on these devices. Due to the lack of proper security mechanisms, smart devices are vulnerable to sensor-based attacks which can compromise device security and privacy.
IEEE COMMUNICATIONS SURVEYS AND TUTORIALS
(2021)
Review
Computer Science, Hardware & Architecture
Mohammad Kamrul Hasan, A. K. M. Ahasan Habib, Zarina Shukur, Fazil Ibrahim, Shayla Islam, Md Abdur Razzaque
Summary: The smart grid system is an intelligent technology that integrates green technology and environmental aspects through a two-way communication system for information transformation, power generation, and distribution. The development and application of communication technology in the traditional power system have led to complex architecture and cyber-attacks for smart grid systems. Therefore, research on smart grid cyber-physical and cyber security systems, standard protocols, and challenges is crucial to protect against these threats and ensure the system's security.
JOURNAL OF NETWORK AND COMPUTER APPLICATIONS
(2023)
Article
Automation & Control Systems
S. Ashwini, S. Magesh Kumar
Summary: Increase in the use of internet of things owned devices is one of the reasons for increased network traffic. While connecting the smart devices with publicly available network many kinds of phishing attacks are able to enter into the mobile devices and corrupt the existing system. The proposed model is focused on detecting phishing attacks in internet of things enabled devices through a robust algorithm called Novel Watch and Trap Algorithm (NWAT). The model is validated using various metrics such as prediction accuracy, Precision, recalls F1score, error rate, Mathew's Correlation Coefficient (MCC) and Balanced Detection Rate (BDR). The presented approach is compared with existing systems related to various types of phishing probes.
INTELLIGENT AUTOMATION AND SOFT COMPUTING
(2023)
Article
Computer Science, Theory & Methods
Junsik Sim, Beomjoong Kim, Kiseok Jeon, Moonho Joo, Jihun Lim, Junghee Lee, Kim-Kwang Raymond Choo
Summary: There is a trend towards providing extended data control to their owners, driven by the introduction of GDPR. This paper surveys the literature to explore existing approaches for personal data control, which mainly focus on facilitating compliance. The privacy regulations in different regions are also examined. Based on the review, technical requirements, research gaps, and potential future directions are identified.
ACM COMPUTING SURVEYS
(2023)
Review
Computer Science, Information Systems
Claudia Greco, Giancarlo Fortino, Bruno Crispo, Kim-Kwang Raymond Choo
Summary: This paper provides a comprehensive review of literature on penetration testing of IoT devices and systems. It identifies existing and potential IoT penetration testing applications and proposed approaches, and highlights recent advances in AI-enabled penetration testing methods at the network edge.
ENTERPRISE INFORMATION SYSTEMS
(2023)
Article
Computer Science, Information Systems
Tongtong Sang, Peng Zeng, Kim-Kwang Raymond Choo
Summary: This article proposes a provable multicopy integrity auditing scheme that reduces the verification cost for users to ensure the integrity of data stored on cloud servers. By introducing a hospital information center, the scheme also minimizes computation overhead for users in medical settings.
IEEE SYSTEMS JOURNAL
(2023)
Article
Computer Science, Hardware & Architecture
Junchang Jing, Zhiyong Zhang, Kim-Kwang Raymond Choo, Kefeng Fan, Bin Song, Lili Zhang
Summary: This article investigates the spreading patterns and regularities of disinformation within and across platforms, and proposes a user propagation desire inference model and an optimization algorithm based on deep neural networks. Experimental results demonstrate that users' desire to spread disinformation is related to their interests and topics, and cross-platform dissemination motivation is weak. These findings can inform fine-grained governance and mitigation strategies to minimize disinformation dissemination.
IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING
(2023)
Article
Business
Gianluca Zanella, Charles Zhechao Liu, Kim-Kwang Raymond Choo
Summary: This article introduces an unsupervised patent analysis framework that aims to improve the identification of novelty in blockchain-related patents. The proposed method helps companies better target their R&D efforts and maximize the return on technology investments. Experimental results show high precision and recall of the proposed method.
IEEE TRANSACTIONS ON ENGINEERING MANAGEMENT
(2023)
Article
Engineering, Civil
Tong Wu, Xinghua Li, Yinbin Miao, Mengfan Xu, Haiyan Zhang, Ximeng Liu, Kim-Kwang Raymond Choo
Summary: Federated learning is beneficial for building better cooperative intelligent transportation systems (C-ITS) with intellectual property protection. Existing research on watermark-based protection in centralized models is not effective in federated learning due to differences in watermark distribution and loss of global model accuracy. To address these issues, we propose a multi-party entangled watermark algorithm in federated learning. Our scheme includes a local watermark enhancement algorithm to solve local watermark failures and a global entanglement aggregation algorithm to mitigate the loss of global model accuracy. Experimental results show significant advantages of our proposal in model accuracy and watermark success rate compared to existing watermark schemes in federated learning.
IEEE TRANSACTIONS ON INTELLIGENT TRANSPORTATION SYSTEMS
(2023)
Letter
Computer Science, Information Systems
Xiaofan Liu, Wei Ren, Kim-Kwang Raymond Choo
FRONTIERS OF COMPUTER SCIENCE
(2023)
Article
Computer Science, Information Systems
Yajing Xu, Zhihui Lu, Keke Gai, Qiang Duan, Junxiong Lin, Jie Wu, Kim-Kwang Raymond Choo
Summary: Federated learning (FL) is a promising approach for efficient machine learning with privacy protection in distributed environments such as IoT and MEC. The effectiveness of FL depends on participant nodes contributing their data and computing capacities to collaboratively train a global model. To enhance FL security and performance, this article proposes a blockchain-based secure and incentive FL (BESIFL) paradigm. BESIFL utilizes blockchain to achieve a fully decentralized FL system, integrating effective mechanisms for malicious node detection and incentive management in a unified framework. Experimental results demonstrate the effectiveness of BESIFL in improving FL performance through protection against malicious nodes, incentive management, and selection of credible nodes.
IEEE INTERNET OF THINGS JOURNAL
(2023)
Article
Computer Science, Cybernetics
Junchang Jing, Fei Li, Bin Song, Zhiyong Zhang, Kim-Kwang Raymond Choo
Summary: This study proposes a method for analyzing and identifying the diffusion trends of digital disinformation on online social networks. The method utilizes social situation analytics and a multilevel attention network to accurately identify and predict the spread of disinformation.
IEEE TRANSACTIONS ON COMPUTATIONAL SOCIAL SYSTEMS
(2023)
Article
Computer Science, Artificial Intelligence
Yulin Liu, Debiao He, Zijian Bao, Huaqun Wang, Muhammad Khurram Khan, Kim-Kwang Raymond Choo
Summary: Vehicle-to-Grid (V2G) networks are potential solutions to energy and environmental challenges, but security is a key concern. To address the issue of private information leakage in V2G networks, we propose an efficient multilayered linkable ring signature scheme called Emularis, along with an anonymous payment scheme. Rigorous security analysis proves that Emularis ensures security and privacy requirements, while also outperforming existing schemes in terms of communication and computation costs.
IEEE TRANSACTIONS ON INTELLIGENT VEHICLES
(2023)
Article
Computer Science, Information Systems
Yuanyuan Gao, Lei Zhang, Lulu Wang, Kim-Kwang Raymond Choo, Rui Zhang
Summary: In this paper, two new tools, quality-based aggregation method and extended dynamic contribution broadcast encryption (DConBE), are introduced. Based on these tools and local differential privacy, a privacy-preserving and reliable decentralized federated learning (FL) scheme is proposed to support batch joining/leaving of clients with minimal delay and high model accuracy.
IEEE TRANSACTIONS ON SERVICES COMPUTING
(2023)
Article
Computer Science, Information Systems
Feng Li, Jianfeng Ma, Yinbin Miao, Qi Jiang, Ximeng Liu, Kim-Kwang Raymond Choo
Summary: Searchable Symmetric Encryption (SSE) has attracted attention for enabling users to search encrypted data without decryption. However, existing SSE schemes suffer from low search efficiency and lack support for multi-keyword search, dynamic updates, and result verification. To address these issues, we propose a Verifiable and Dynamic Multi-keyword Search (VDMS) scheme using bitmap and RSA accumulator, offering efficient, verifiable, and updated multi-keyword search. The scheme employs bitmap as a data structure for indexes to improve search efficiency and reduce storage space. The combination of RSA accumulator and bitmap ensures result correctness. Security analysis shows that VDMS is adaptively secure against Chosen-Keyword Attacks (CKA), and experiments using real-world data demonstrate its efficiency and feasibility.
IEEE TRANSACTIONS ON CLOUD COMPUTING
(2023)
Article
Computer Science, Information Systems
Feng Li, Jianfeng Ma, Yinbin Miao, Zhiquan Liu, Kim-Kwang Raymond Choo, Ximeng Liu, Robert H. Deng
Summary: Symmetric Searchable Encryption (SSE) schemes have been extensively explored for improved function, efficiency, and security. However, in real-world settings, additional functions such as forward and backward privacy and support for boolean search are needed. In this article, we propose the construction of Verifiable Boolean Search (VBS) over encrypted data and enhance it to achieve Forward and Backward privacy (VBS-FB). We also provide a formal proof of security and evaluate the performance using real-world datasets.
IEEE TRANSACTIONS ON CLOUD COMPUTING
(2023)
Article
Computer Science, Information Systems
Xinghua Li, Lizhong Bai, Yinbin Miao, Siqi Ma, Jianfeng Ma, Ximeng Liu, Kim-Kwang Raymond Choo
Summary: With the rise in popularity of location-based services, spatial keyword queries have become an important application. To address the issues of privacy leakage and network bandwidth overheads, we propose PSKF, a Privacy-preserving top-k Spatial Keyword query system based on Fog computing. By utilizing IR-tree and distributing subtrees among fog servers, we achieve efficient search and improve search efficiency. Formal security analysis shows that our proposed PSKF scheme achieves Indistinguishability under Known-Plaintext Attacks (IND-KPA), and extensive experiments demonstrate its efficiency and feasibility in practical applications.
IEEE TRANSACTIONS ON SERVICES COMPUTING
(2023)
Article
Computer Science, Information Systems
Jun Zhou, Shiying Chen, Kim-Kwang Raymond Choo, Zhenfu Cao, Xiaolei Dong
Summary: Real-time navigation is important in various applications, and preserving location privacy is a concern. Existing approaches use pseudonyms or fully homomorphic encryption (FHE), but they have limitations. This paper proposes an efficient multiparty delegated computation (MPDC) and a lightweight privacy-preserving real-time intelligent traffic navigation scheme (EPNS) to address these issues, providing secure evaluation and accurate prediction.
IEEE TRANSACTIONS ON MOBILE COMPUTING
(2023)