Search Results (209)

Existing generative image steganography methods typically encode secret information into latent vectors, which are transformed into the entangled features of generated images. This approach faces two main challenges: (1) Transmission can degrade the quality of stego-images, causing bit errors in information extraction. (2) High embedding capacity often reduces the accuracy of information extraction. To overcome these limitations, this paper presents a novel generative image steganography via encoding pose keypoints. This method employs an LSTM-based sequence generation model to embed secret information into the generation process of pose keypoint sequences. Each generated sequence is drawn as a keypoint connectivity graph, which serves as input with an original image to a trained pose-guided person image generation model (DPTN-TA) to generate an image with the target pose. The sender uploads the generated images to a public channel to transmit the secret information. On the receiver’s side, an improved YOLOv8 pose estimation model extracts the pose keypoints from the stego-images and decodes the embedded secret information using the sequence generation model. Extensive experiments on the DeepFashion dataset show that the proposed method significantly outperforms state-of-the-art methods in information extraction accuracy, achieving 99.94%. It also achieves an average hiding capacity of 178.4 bits per image. This method is robust against common image attacks, such as salt and pepper noise, median filtering, compression, and screenshots, with an average bit error rate of less than 0.87%. Additionally, the method is optimized for fast inference and lightweight deployment, enhancing its real-world applicability. Full article

We have found that the dye 1,3,3-trimethyl-2-((1′E,3′E,5′E)-5’-(1″,3″,3″-trimethylindol-(2′E)-ylidene)-penta-1″,3″-dien-1″-yl)-3H-indol-1-ium (DTMI-5) can be successfully used for the simple green determination of H₂O₂ and Fe(III)/Fe(II) species. The dye is characterized by a successful combination of spectral, protolytic, and redox properties, and the process of its decolorization in the Fenton reaction is monitored using an optical immersion probe. Theoretical calculations of the reactive sites in the DTMI-5 molecule under free radical attack reveal that the methine groups of the penta-1′,3′-dien-1′-yl linker serve as the primary reactive centers in Fe³⁺ or Fenton-type oxidation conditions. Density functional theory (DFT) calculations indicate that the redox potentials of the examined structures range from 0.34 to 1.65 eV. The experimentally observed broad peak at 340–360 nm, which appears after the interaction of DTMI-5 with the Fenton reagent, is attributed to the formation of aldehyde-type oxidation products, whose theoretical CIS(D) absorption maxima were 358.1 and 337.4 nm. The influence of various factors on the course of the reaction was experimentally investigated. The most important analytical characteristics of the methods, such as linearity intervals of calibration graphs, precision, LOD and LOQ values, selectivity coefficients, etc., were determined. The developed methods were applied to model and real samples (water, oxidation emulsion, and fertilizer). Full article

Understanding the relationship between elastic, chemical, and thermal properties is essential for the prevention of the behavior of SiO₂ flint aggregates during their application. In fact, the elastic properties of silica depend on chemical and heat treatment. In order to identify the crystallite sizes for natural SiO₂ before and after chemical treatment samples, Williamson–Hall plots and Scherer’s formulas are used. The silica nanofibers obtained and their microstructure changes under thermal and chemical treatment are characterized using different techniques (XRD, VP-SEM, TEM, FTIR, TDA, and TGA). Both the strains (ε) and the crystallite sizes (DW–H) are obtained from the slope and from the βcosθ-intercept of a graph, respectively. The crystalline quality is improved upon heating, as shown by the decrease in the FWHM of the SiO₂(101) peaks, which is confirmed by Fourier transform infrared spectroscopy (FTIR). The microstrain estimated at 1.50 × 10⁻⁴ units for natural SiO₂ is smaller than that for SiO₂ after chemical attack which is estimated at 2.01 × 10⁻⁴ units. Based on the obtained results, SiO₂ characterized with controlled micromechanical, thermal, and chemical properties may be used as a filler to improve the performance properties of the strength, microstructure, and durability of some composites. Full article

Insider threats pose significant risks to organizational security, often leading to severe data breaches and operational disruptions. While foundational, traditional detection methods suffer from limitations such as labor-intensive rule creation, lack of scalability, and vulnerability to evasion by sophisticated attackers. Recent advancements in graph-based approaches have shown promise by leveraging behavior analysis for threat detection. However, existing methods frequently oversimplify session behaviors and fail to extract fine-grained features, which are critical for identifying subtle malicious activities. In this paper, we propose a novel approach that integrates session graphs to capture multi-level fine-grained behavioral features. First, seven heuristic rules are defined to transform user activities across different hosts and sessions into an associated session graph while extracting features at both the activity and session levels. Furthermore, to highlight critical nodes in the associated session graph, we introduce a graph node elimination technique to normalize the graph. Finally, a graph convolutional network is employed to extract features from the normalized graph and generate behavior detection results. Extensive experiments on the CERT insider threat dataset demonstrate the superiority of our approach, achieving an accuracy of 99% and an F1-score of 99%, significantly outperforming state-of-the-art models. The ASG method also reduces false positive rates and enhances the detection of subtle malicious behaviors, addressing key limitations of existing graph-based methods. These findings highlight the potential of ASG for real-world applications such as enterprise network monitoring and anomaly detection, and suggest avenues for future research into adaptive learning mechanisms and real-time detection capabilities. Full article

With the rapid advancement in edge computing, container technology has gained widespread adoption. This is due to its lightweight isolation mechanisms, high portability, and fast deployment capabilities. Despite these advantages, container technology also introduces significant security risks. One of the most critical is container escape. However, current detection research is incomplete. Many methods lack comprehensive detection coverage or fail to fully reconstruct the attack process. To address these gaps, this paper proposes a container escape detection method based on a dependency graph. The method uses various nodes and edges to describe diverse system behaviors. This approach enables the detection of a broader range of attack types. It also effectively captures the contextual relationships between system events, facilitating attack traceability and reconstruction. We design a method to identify container processes on the dependency graph through label generation and propagation. Based on this, container escape detection is implemented using file access control within the graph. Experimental results demonstrate the effectiveness of the proposed method in detecting container escapes. Full article

This paper investigates the guaranteed performance resilient security consensus control of nonlinear networked control systems (NCSs) subject to asynchronous denial-of-service (DoS) cyber attacks, where the communication channel disruptions and recoveries occur randomly. The main works of this paper are outlined as follows: (1) a rigorous quantitative modeling of asynchronous DoS cyber attacks is formulated, leveraging connectivity analysis and the graph theory; (2) an innovative guaranteed performance function is introduced, which imposes constraints on the system’s convergence behavior while alleviating restrictions on initial tracking errors; (3) to address the challenge of estimating unmeasurable system states arising from the output-feedback scheme, a novel fuzzy state observer is devised; and (4) based on the aforementioned designs, a switching guaranteed performance resilient security consensus controller is proposed. This controller is tailored to the network connectivity characteristics of NCSs, ensuring resilient convergence of the system despite asynchronous DoS attacks. Notably, consensus tracking errors are maintained within predefined performance bounds. The experiment results of numerical simulation and hardware-in-the-loop simulation of multiple unmanned aerial vehicles (multi-UAVs) networks illustrate the effectiveness and practicality of proposed control scheme. Full article

The widespread reuse of code in the open-source community has led to the proliferation of homologous vulnerabilities, which are security flaws propagated across diverse software systems through the reuse of vulnerable code. Such vulnerabilities pose serious cybersecurity risks, as attackers can exploit the same weaknesses across multiple platforms. Deep learning has emerged as a promising approach for detecting homologous vulnerabilities in binary code due to their automated feature extraction and high efficiency. However, existing deep learning methods often struggle to capture deep semantic features in binary code, limiting their effectiveness. To address this limitation, this paper presents GMN+, which is a novel graph matching neural network with enhanced attention for detecting homologous vulnerabilities. This method comprehensively considers the information contained in instructions and incorporates types of input instruction. Masked Language Modeling and Instruction Type Prediction are developed as pre-training tasks to enhance the ability of GMN+ in extracting semantic information from basic blocks. GMN+ utilizes an attention mechanism to focus concurrently on the critical semantic information within functions and differences between them, generating robust function embeddings. Experimental results indicate that GMN+ outperforms state-of-the-art methods in various tasks and achieves notable performance in real-world vulnerability detection scenarios. Full article

With the continuous development of network security situations, the types of attacks increase sharply, but can be divided into symmetric attacks and asymmetric attacks. Symmetric attacks such as phishing and DDoS attacks exploit fixed patterns, resulting in system crashes and data breaches that cause losses to businesses. Asymmetric attacks such as Advanced Persistent Threat (APT), a highly sophisticated and organized form of cyber attack, because of its concealment and complexity, realize data theft through long-term latency and pose a greater threat to organization security. In addition, there are challenges in the processing of missing data, especially in the application of symmetric and asymmetric data filling, the former is simple but not flexible, and the latter is complex and more suitable for highly complex attack scenarios. Since asymmetric attack research is particularly important, this paper proposes a method that combines causal discovery with graph autoencoder to solve missing data, classify potentially malicious nodes, and reveal causal relationships. The core is to use graphic autoencoders to learn the underlying causal structure of APT attacks, with a special focus on the complex causal relationships in asymmetric attacks. This causal knowledge is then applied to enhance the robustness of the model by compensating for data gaps. In the final phase, it also reveals causality, predicts and classifies potential APT attack nodes, and provides a comprehensive framework that not only predicts potential threats, but also provides insight into the logical sequence of the attacker’s actions. Full article

Flexibility markets are crucial for balancing the decentralised and renewable-driven energy landscape. This paper presents a security evaluation of a flexibility market system using a threat modelling approach. A reference architecture for a typical flexibility market system is proposed, and attack graph-driven simulations are performed to analyse potential attack pathways where malicious actors might infiltrate the system and the vulnerabilities they might exploit. Key findings include the identification of high-risk areas, such as the Internet links between market actors. To mitigate these risks, the paper proposes and evaluates multiple protection scenarios in reducing the identified attack vectors. The findings underline the importance of multi-layered security strategies to safeguard flexibility markets from increasingly sophisticated cyber threats. Full article

This paper studies the security issues for cyber–physical systems, aimed at countering potential malicious cyber-attacks. The main focus is on solving the problem of extracting the most vulnerable attack path in a known attack graph, where an attack path is a sequence of steps that an attacker can take to compromise the underlying network. Determining an attacker’s possible attack path is critical to cyber defenders as it helps identify threats, harden the network, and thwart attacker’s intentions. We formulate this problem as a path-finding optimization problem with logical constraints represented by AND and OR nodes. We propose a new Dijkstra-type algorithm that combines elements from Dijkstra’s shortest path algorithm and the critical path method. Although the path extraction problem is generally NP-hard, for the studied special case, the proposed algorithm determines the optimal attack path in polynomial time, $O\left(nm\right)$, where $n$ is the number of nodes and $m$ is the number of edges in the attack graph. To our knowledge this is the first exact polynomial algorithm that can solve the path extraction problem for different attack graphs, both cycle-containing and cycle-free. Computational experiments with real and synthetic data have shown that the proposed algorithm consistently and quickly finds optimal solutions to the problem. Full article

Recently, with a crucial role in developing smart transportation systems, the Internet of Vehicles (IoV), with all kinds of in-vehicle devices, has undergone significant advancement for autonomous driving, in-vehicle infotainment, etc. With the development of these IoV devices, the complexity and volume of in-vehicle data flows within information communication have increased dramatically. To adapt these changes to secure and smart transportation, encrypted communication realization, real-time decision-making, traffic management enhancement, and overall transportation efficiency improvement are essential. However, the security of a traffic system under encrypted communication is still inadequate, as attackers can identify in-vehicle devices through fingerprinting attacks, causing potential privacy breaches. Nevertheless, existing IoV traffic application models for encrypted traffic identification are weak and often exhibit poor generalization in some dynamic scenarios, where route switching and TCP congestion occur frequently. In this paper, we propose LineGraph-GraphSAGE (L-GraphSAGE), a graph neural network (GNN) model designed to improve the generalization ability of the IoV application of traffic identification in these dynamic scenarios. L-GraphSAGE utilizes node features, including text attributes, node context information, and node degree, to learn hyperparameters that can be transferred to unknown nodes. Our model demonstrates promising results in both UNSW Sydney public datasets and real-world environments. In public IoV datasets, we achieve an accuracy of 94.23%(↑0.23%). Furthermore, our model achieves an F1 change rate of 0.20%(↑96.92%) in $\alpha$ train, $\beta$ infer, and 0.60%(↑75.00%) in $\beta$ train, $\alpha$ infer when evaluated on a dataset consisting of five classes of data collected from real-world environments. These results highlight the effectiveness of our proposed approach in enhancing IoV application identification in dynamic network scenarios. Full article

This article presents the development of the AZTLI-NN network and the evaluation of this network as a set of evolutionary algorithms in airfoil optimization tasks. AZTLI-NN has the characteristic of predicting the aerodynamic coefficients of the airfoils in the form of images (graphs of the aerodynamic coefficients as a function of the angle of attack) from parameter vectors corresponding to the parameterization method CST. This feature allows the network to achieve good performance when generalizing the predictions of the aerodynamic coefficients, being on par with neural networks that have the aerodynamic coefficients encoded in the form of structured data, and has the ability to handle a wide range of usage airfoils in general aviation. In addition, a case of how AZTLI-NN together with an adaptive evolutionary algorithm and population size reduction methods achieve good performance in finding the airfoil that provides the highest possible endurance value is shown, so this work is considered as an option in the early stages of the design for the selection of airfoils in the design of large-endurance UAVs. Full article

Adversarial attacks on Graph Neural Networks (GNNs) have emerged as a significant threat to the security of graph learning. Compared with Graph Modification Attacks (GMAs), Graph Injection Attacks (GIAs) are considered more realistic attacks, in which attackers perturb GNN models by injecting a small number of fake nodes. However, most existing black-box GIA methods either require comprehensive knowledge of the dataset and the ground-truth labels or a large number of queries to execute the attack, which is often unfeasible in many scenarios. In this paper, we propose an unsupervised method for leveraging the rich knowledge contained in the graph data themselves to enhance the success rate of graph injection attacks on the initial query. Specifically, we introduce GraphContrastive Learning-based Graph Injection Attack (GCIA), which consists of a node encoder, a reward predictor, and a fake node generator. The Graph Contrastive Learning (GCL)-based node encoder transforms nodes for low-dimensional continuous embedding, the reward predictor acts as a simplified surrogate for the target model, and the fake node generator produces fake nodes and edges based on several carefully designed loss functions, utilizing the node encoder and reward predictor. Extensive results demonstrate that the proposed GCIA method achieves a first query success rate of 91.2% on the Reddit dataset and improves the success rate to over 99.7% after 10 queries. Full article

Social networks have become integral to daily life, allowing users to connect and share information. The efficient analysis of social networks benefits fields such as epidemiology, information dissemination, marketing, and sentiment analysis. However, the direct publishing of social networks is vulnerable to privacy attacks such as typical 1-neighborhood attacks. This attack can infer the sensitive information of private users using users’ relationships and identities. To defend against these attacks, the k-anonymity scheme is a widely used method for protecting user privacy by ensuring that each user is indistinguishable from at least $k-1$ other users. However, this approach requires extensive modifications that compromise the utility of the anonymized graph. In addition, it applies uniform privacy protection, ignoring users’ different privacy preferences. To address the above challenges, this paper proposes an anonymity scheme called TC$\alpha$-PIA (Tree Clustering and $\alpha$-Partial Isomorphism Anonymization). Specifically, TC$\alpha$-PIA first constructs a similarity tree to capture subgraph feature information at different levels using a novel clustering method. Then, it extracts the different privacy requirements of each user based on the node cluster. Using the privacy requirements, it employs an $\alpha$-partial isomorphism-based graph structure anonymization method to achieve personalized privacy requirements for each user. Extensive experiments on four public datasets show that TC$\alpha$-PIA outperforms other alternatives in balancing graph privacy and utility. Full article

Cybersecurity threats, particularly those involving lateral movement within networks, pose significant risks to critical infrastructures such as Microsoft Active Directory. This study addresses the need for effective defense mechanisms that minimize network disruption while preventing attackers from reaching key assets. Modeling Active Directory networks as a graph in which the nodes represent the network components and the edges represent the logical interactions between them, we use centrality metrics to derive the impact of hardening nodes in terms of constraining the progression of attacks. We propose using Unsupervised Learning techniques, specifically density-based clustering algorithms, to identify those nodes given the information provided by their metrics. Our approach includes simulating attack paths using a snowball model, enabling us to analytically evaluate the impact of hardening on delaying Domain Administration compromise. We tested our methodology on both real and synthetic Active Directory graphs, demonstrating that it can significantly slow down the propagation of threats from reaching the Domain Administration across the studied scenarios. Additionally, we explore the potential of these techniques to enable flexible selection of the number of nodes to secure. Our findings suggest that the proposed methods significantly enhance the resilience of Active Directory environments against targeted cyber-attacks. Full article