Search Results (115)

This study proposes a robust hybrid framework for iris segmentation in covert biometric systems, specifically addressing the challenge of non-ideal images featuring fully or nearly closed eyes. To overcome the limitations of traditional geometric methods, this study implements a SqueezeNet-based Deep Convolutional Neural Network (DCNN) for rapid eye-state classification. Comparative analysis with various pretrained DCNN models indicates that SqueezeNet provides an optimal balance of accuracy and efficiency, requiring only 1.24 million parameters and a minimal memory footprint of 5.2 MB. For iris contour demarcation, the proposed algorithm combines the Circular Hough Transform (CHT) with global gray-level statistics and anatomical constraints to facilitate reliable iris localization. Utilizing image decimation, percentile-based thresholding, and Canny edge detection, it systematically delineates the limbic and pupillary boundaries. This improved search methodology ensures precise contour delineation, even under sub-optimal imaging circumstances. The proposed algorithm was validated on a novel dataset encompassing challenging conditions such as specular reflections, blur, non-uniform illumination, and varying degrees of occlusion, including nearly or fully closed eyes. Experimental results demonstrate superior segmentation accuracy and significant computational efficiency, underscoring the model’s potential for real-time biometric applications in unconstrained environments. Full article

With the widespread application of deep neural networks across various fields, issues related to model security have become increasingly prevalent. Backdoor attacks, as a covert method of attack, can implant malicious behavior during the model training process, causing the model to perform predetermined tasks under specific trigger conditions. However, current backdoor attacks struggle to achieve a good balance between stealthiness and attack success rate, and there is an issue in which certain data transformation operations can negatively impact attack performance. To address these issues, this paper proposes a specialized backdoor attack method called Ditto. It first uses a boundary detection algorithm and a padding algorithm to determine the trigger’s insertion position. The trigger is then dynamically generated using a generative adversarial network, taking into account the texture features of the images. Subsequently, the trigger is applied to the images, and its level of stealthiness is adjusted. Compared to existing popular backdoor attack methods, the experimental results ensure a high level of stealthiness while also maintaining a high attack success rate and a high accuracy for clean data. Furthermore, our attack method exhibits considerable robustness and adaptability, demonstrating effective resistance against baseline backdoor defense techniques. Full article

This paper proposes a novel covert communication paradigm in which covertness emerges from network-induced structural uncertainty, eliminating the traditional reliance on pre-shared secret pilots in multi-user cooperative networks. Unlike conventional schemes that create information asymmetry through secret training sequences, we show that structural uncertainty naturally arises from user selection in spatially dispersed networks. Specifically, we consider a public pilot aided system under a worst-case adversarial assumption where Willie possesses full knowledge of all individual channel state information (CSI) but remains uncertain about the active subset of cooperative users. We prove that this selection-induced structural uncertainty renders different transmission states statistically indistinguishable from Willie’s perspective, thereby forcing the optimal detector to reduce to an energy-based test. The proposed framework demonstrates that robust covertness can be achieved without secrecy-based coordination, providing a scalable and practically viable alternative to secret pilot management in future wireless networks. Full article

Wi-Fi networks used in smart grids are essential for enabling communication between smart meters and data aggregation units. A key challenge, however, is the ability to hide the existence and traffic patterns of these communications, so that sensitive information exchanges cannot be easily detected or intercepted. Unfortunately, most existing solutions do not provide support for traffic prioritization and steganographic channel encryption. In this paper, we propose a novel covert channel with Quality of Service (QoS) and encryption support for smart grid environments based on the IEEE 802.11 standard. We introduce an original steganographic approach that leverages the backoff mechanism, the Enhanced Distributed Channel Access (EDCA) function, frame aggregation, and the StegoPaddingCipher algorithm. This design ensures QoS-aware traffic handling while enhancing security through encryption of the transmitted covert data. The proposed protocol was implemented and evaluated using the ns-3 simulator, where it achieved excellent performance results. The system maintained high efficiency even under heavily saturated network conditions with additional background traffic generated by other nodes. The proposed covert channel offers an innovative and secure method for transmitting substantial volumes of QoS-related data within smart grid environments. Full article

Convolutional neural networks (CNNs) excel in tasks such as image, speech, and video recognition, as well as pattern analysis. However, their reliance on large training datasets, often sourced from third-party providers, exposes them to security risks, particularly poisoning attacks. Targeted poisoning attacks, also known as backdoor attacks, enable a CNN model to correctly classify normal data while misclassifying inputs containing specific triggers. In contrast, untargeted poisoning attacks aim to degrade the overall performance of the model. This research introduces an invisible targeted poisoning attack characterized by low implementation complexity and high computational efficiency due to its computationally inexpensive LSB-based embedding mechanism, without requiring complex optimization procedures against a basic CNN model and a residual network (ResNet-18) model. By embedding trigger images within poisoned samples, the attack remains covert, evading detection. The model is then trained on a dataset comprising both original and poisoned samples. The expected outcome is that the model will classify regular images correctly, but will misclassify those containing the embedded trigger as belonging to a target class. Experimental results on the CIFAR-10 dataset demonstrate the effectiveness of this approach, achieving a 99.32% Adversarial Success Rate (ASR) against ResNet-18 with only a 0.02% reduction in accuracy on benign test samples. Full article

With the large-scale integration of distributed energy resources, modern energy systems are becoming increasingly dependent on communication networks for monitoring and control. This growing reliance exposes integrated energy systems (IESs) to potential cyber threats, as attackers may exploit vulnerabilities in communication protocols to disrupt system operation. However, most existing studies primarily investigate the stable operation of electro–thermal coupled systems from a defensive standpoint, while paying limited attention to the potential economic damage that could be induced from an attacker’s perspective. Motivated by this gap, this paper develops an optimal coordinated attack strategy targeting both energy storage units and load-side resources from the attacker’s viewpoint. First, an economic dispatch model for an electricity–heat–gas integrated energy system is established, and a fully distributed solution algorithm is proposed to obtain the optimal economic operating cost. Subsequently, by compromising energy storage and load units with relatively low security levels, a three-stage coordinated cyber-attack framework is designed for the IES. In the first two stages, covert data integrity attacks (DIAs) are launched to inject falsified power information into the system. In the third stage, a denial-of-service (DoS) attack is introduced to operate in synergy with the DIAs, forcing the system to converge to a feasible yet economically suboptimal operating point. The optimal initiation timing of the DoS attack is derived through theoretical analysis. Simulation results demonstrate that the proposed strategy can induce an economic loss of approximately 21.7% while maintaining system feasibility. By revealing these latent vulnerabilities from an attacker-oriented perspective, this study provides a theoretical basis for the development of proactive defense mechanisms, thereby enhancing the long-term economic and operational security of future integrated energy systems. Full article

Generative image steganography is a key technology for secure information transmission, but existing deep learning-based generative steganographic methods suffer from an extremely high bit error rate (BER) and degraded steganographic image quality in low-bit-rate embedding tasks in which secret information needs duplication or padding to match the model input size. In addition, it is difficult to balance BER reduction and imperceptibility of stego-images. To address these issues, this paper proposes a novel generative image steganography algorithm based on flip watermarking, with the core novelty of designing a mirror flipping preprocessing mechanism to achieve a redundant watermark and eliminate information errors caused by duplication or padding, and constructing an end-to-end Mini-Hide steganographic framework to integrate flip watermarking with generative steganography for the first time. Specifically, the proposed method first converts the binary bitstream of secret information into a square matrix, and performs vertical, horizontal and vertical–horizontal mirror flipping on the matrix to form a redundant basic watermark, which is then expanded to a secret image with the same size as the cover image. After that, the secret image is preprocessed by a preparation network and then input into an encoding network together with the cover image to generate a stego-image. Finally, the generated stego-image is input into the decoding network to extract the secret image. Subsequently, the inverse operation of flip watermarking is performed on the extracted secret image to recover the original binary bitstream. Extensive experiments are conducted on the public COCO dataset ($256\times 256$ pixels) with BER, PSNR, and SSIM, and the proposed method is compared with state-of-the-art generative steganographic methods. Quantitative results show that the proposed method achieves a $0\%$ BER for secret information of $8\times 8$ to $64\times 64$ bits, and the BER is only $0.00002\%$ for $256\times 256$-bit secret information; the PSNR of stego-images reaches 37.75 dB, and the SSIM hits 0.96, which are 7.07 dB and 0.02 higher than those of the classic HiDDeN method ($64\times 64$ bit) respectively. We also validated the flip watermark module by integrating into other methods; the results also show that the PSNR of FNNS-D is improved by 13.12 dB ($256\times 256$), and the BER of SteganoGAN is reduced by $99.99\%$ ($256\times 256$ bit). In addition, the proposed method breaks the embedding size limit of HiDDeN (≤$64\times 64$ bit) and supports up to $256\times 256$-bit secret information embedding with stable performance. This work significantly reduces the BER of generative image steganography while improving the visual quality of stego-images, provides a new preprocessing and optimization scheme for low-BER generative steganographic algorithm design, and also offers a universal lightweight module for performance improvement of existing steganographic methods, which has important theoretical and practical significance for enhancing the security and reliability of covert information transmission in the field of information security. Full article

The rise of SIM cloning, identity spoofing, and covert manipulation in mobile and IoT networks has created an urgent need for continuous post-registration verification. This work introduces an unsupervised deep learning framework for detecting behavioral anomalies in SIM-tagged network flows by modeling the intrinsic structure of benign behavioral descriptors (TTL, timing drift, payload statistics). A Temporal Deep Autoencoder (TDAE) combining Conv1D layers and an LSTM encoder is trained exclusively on normal traffic and used to identify deviations through reconstruction error, enabling one-class (label-free) training. For deployment, alarms are set using an unsupervised quantile threshold ${\tau }_{\alpha }$ calibrated on benign traffic with a false-alarm budget; ${\tau }^{*}$ is reported only as a diagnostic reference for model comparison. To ensure realism, a large-scale corpus of 3.6 million SIM-tagged flows was constructed by enriching public IoT traffic with pseudo-operator identifiers (synthetic SIM tags derived from device identifiers) and controlled anomaly injections. Cross-domain experiment transfer under SIM-grouped protocol: Training on clean Cassavia-like traffic and testing on attack-rich Guarascio-like flows yields a PR-AUC of 0.93 for the proposed Conv-LSTM Temporal Deep Autoencoder, outperforming Dense Autoencoder, Isolation Forest, One-Class SVM, and LOF baselines. Conversely, the reverse direction collapses to PR-AUC $\approx 0.5$, confirming the absence of data leakage and the validity of one-class behavioral learning. Sensitivity analysis shows that performance is stable around the unsupervised quantile operating point. Overall, the proposed framework provides a lightweight, interpretable, and data-efficient behavioral verification layer for detecting cloned or unauthorized SIM activity, complementing existing registration mechanisms in next-generation telecom and IoT ecosystems. Full article

Data exfiltration poses a major cybersecurity challenge because it involves the unauthorized transfer of sensitive information. Intrusion Detection Systems (IDSs) are vital security controls in identifying such attacks; however, their effectiveness in cloud computing environments remains limited, particularly against covert channels such as Internet Control Message Protocol (ICMP) and Domain Name System (DNS) tunneling. This study compares two widely used IDSs, Snort and Suricata, in a controlled cloud computing environment. The assessment focuses on their ability to detect data exfiltration techniques implemented via ICMP and DNS tunneling, using DNSCat2 and Iodine. We evaluate detection performance using standard classification metrics, including Recall, Precision, Accuracy, and F1-Score. Our experiments were conducted on Amazon Web Services (AWS) Elastic Compute Cloud (EC2) instances, where IDS instances monitored simulated exfiltration traffic generated by DNSCat2, Iodine, and Metasploit. Network traffic was mirrored via AWS Virtual Private Cloud (VPC) Traffic Mirroring, with the ELK Stack integrated for centralized logging and visual analysis. The findings indicate that Suricata outperformed Snort in detecting DNS-based exfiltration, underscoring the advantages of multi-threaded architectures for managing high-volume cloud traffic. For DNS tunneling, Suricata achieved 100% detection (recall) for both DNSCat2 and Iodine, whereas Snort achieved 85.7% and 66.7%, respectively. Neither IDS detected ICMP tunneling using Metasploit, with both recording 0% recall. It is worth noting that both IDSs failed to detect ICMP tunneling under default configurations, highlighting the limitations of signature-based detection in isolation. These results emphasize the need to combine signature-based and behavior-based analytics, supported by centralized logging frameworks, to strengthen cloud-based intrusion detection and enhance forensic visibility. Full article

Financial fraud, as a salient manifestation of corporate governance failure, erodes investor confidence and threatens the long-term sustainability of capital markets. This study aims to develop and validate SFG-2DCNN, a multimodal deep learning framework that adopts a configurational perspective to diagnose financial fraud under class-imbalanced conditions and support sustainable corporate governance. Conventional diagnostic approaches struggle to capture the higher-order interactions within covert fraud patterns due to scarce fraud samples and complex multimodal signals. To overcome these limitations, SFG-2DCNN adopts a systematic two-stage mechanism. First, to ensure a logically consistent data foundation, the framework builds a domain-adaptive generative model (SMOTE-FraudGAN) that enforces joint distribution alignment to fundamentally resolve the issue of economic logic coherence in synthetic samples. Subsequently, the framework pioneers a feature topology mapping strategy that spatializes extracted multimodal covert signals, including non-traditional indicators (e.g., Total Liabilities/Operating Costs) and affective dissonance in managerial narratives, into an ordered two-dimensional matrix, enabling a two-dimensional Convolutional Neural Network (2D-CNN) to efficiently identify potential governance failure patterns through deep spatial fusion. Experiments on Chinese A-share listed firms demonstrate that SFG-2DCNN achieves an F1-score of 0.917 and an AUC of 0.942, significantly outperforming baseline models. By advancing the analytical paradigm from isolated variable assessment to holistic multimodal configurational analysis, this research provides a high-fidelity tool for strengthening sustainable corporate governance and market transparency. Full article

Network covert channels embed secret data into legitimate traffic, but existing methods struggle to balance undetectability, robustness, and throughput. Application-independent channels at lower protocol layers are easily normalized or disrupted by network noise, while application-dependent streaming schemes rely on handcrafted traffic manipulations that fail to preserve the spatio-temporal dynamics of real encrypted flows and thus remain detectable by modern machine learning (ML)-based classifiers. Meanwhile, with the rapid adoption of HTTP/3, Quick UDP Internet Connections (QUIC) has become the dominant transport for streaming services, offering stable long-lived flows with rich spatio-temporal structure that create new opportunities for constructing resilient covert channels. In this paper, a QUIC streaming-based Covert Channel framework, QuicCC-SMD, is proposed that dynamically Shapes Multi-Dimensional traffic features to identify and exploit redundancy spaces for secret data embedding. QuicCC-SMD models the statistical and temporal dependencies of QUIC flows via Markov chain-based state representations and employs convex optimization to derive an optimal deformation matrix that maps source traffic to legitimate target distributions. Guided by this matrix, a packet-level modulation performs through packet padding, insertion, and delay operations under a periodic online optimization strategy. Evaluations on a real-world HTTP/3 over QUIC (HTTP/3-QUIC) dataset containing 18,000 samples across four video resolutions demonstrate that QuicCC-SMD achieves an average F1 score of 56% at a 1.5% embedding rate, improving detection resistance by at least 7% compared with three representative baselines. Full article

Phishing emails present a significant and persistent cybersecurity threat to individuals and organizations globally due to the difficulty in detecting these malicious messages. Large Language Models (LLMs) have inadvertently intensified this challenge by facilitating the automated creation of high-quality, covert phishing emails that can evade traditional rule-based detection systems. In this study, we examine the offensive capabilities of LLMs in generating phishing emails and introduce Phish-Master, a novel algorithm that integrates Chain-of-Thought (COT) reasoning, MetaPrompt techniques, and domain-specific insights to produce phishing emails designed to bypass enterprise-level filters. Our experiment, involving 100 malicious emails, validates Phish-Master’s real-world effectiveness, achieving a 99% evasion rate within authentic campus networks, successfully bypassing filters and targeting recipients, a testament to its capability in navigating complex network environments. To counteract the threat posed by Phish-Master and similar LLM-generated phishing emails, we have developed a multi-machine learning model integration framework trained on Kaggle’s phishing email dataset. This framework achieved an impressive detection rate of 99.87% on a rigorous test set of LLM-generated phishing emails, highlighting the critical role of our specialized dataset in enabling the detection tool to effectively recognize sophisticated patterns in LLM-crafted phishing emails. This study highlights the evolving threat of LLM-generated phishing emails and introduces an effective detection algorithm to mitigate this risk, emphasizing the importance of continued research in this domain. Full article

This paper proposes a scheme for enhancing covert communication in cognitive radio networks (CRNs) using a reconfigurable intelligent surface (RIS), which ensures that transmissions by secondary users (SUs) remains statistically undetectable by adversaries (e.g., wardens like Willie). However, there exist stringent challenges in CRNs due to the dual constraints of avoiding detection and preventing harmful interference to primary users (PUs). Leveraging the RIS’s ability to dynamically reconfigure the wireless propagation environment, our scheme jointly optimizes the SU’s transmit power, communication block length, and RIS’s passive beamforming (phase shifts) to maximize the effective covert throughput (ECT) under rigorous covertness constraints quantified by detection error probability or relative entropy while strictly adhering to PU interference limits. Crucially, the RIS configuration is explicitly designed to simultaneously enhance signal quality at the legitimate SU receiver and degrade signal quality at the warden, thereby relaxing the inherent trade-off between covertness and throughput imposed by the fundamental square root law. Furthermore, we analyze the impact of unequal transmit prior probabilities (UTPPs), demonstrating their superiority over equal priors (ETPPs) in flexibly balancing throughput and covertness, and extend the framework to practical scenarios with Poisson packet arrivals typical of IoT networks. Extensive results confirm that RIS assistance significantly boosts ECT compared to non-RIS baselines and establishes the RIS as a key enabler for secure and spectrally efficient next-generation cognitive networks. Full article

To overcome the obstacles of maintaining covert transmissions in wireless networks employing collaborative wardens, we develop a reinforcement learning framework that jointly optimizes cooperative jamming strategies and relay selection mechanisms. The study focuses on a multi-relay-assisted two-hop network, where potential relays dynamically act as information relays or cooperative jammers to enhance covertness. A reinforcement learning-based relay selection scheme (RLRS) is employed to dynamically select optimal relays for signal forwarding and jamming; the framework simultaneously maximizes covert throughput and guarantees warden detection failure probability, subject to rigorous power budgets. Numerical simulations reveal that the developed reinforcement learning approach outperforms conventional random relay selection (RRS) across multiple performance metrics, achieving (i) higher peak covert transmission rates, (ii) lower outage probabilities, and (iii) superior adaptability to dynamic network parameters including relay density, power allocation variations, and additive white Gaussian noise (AWGN) fluctuations. These findings validate the effectiveness of reinforcement learning in optimizing relay and jammer selection for secure covert communications under colluding warden scenarios. Full article

Cyberattacks on pipeline operational technology systems pose growing risks to energy infrastructure. This study develops a physics-informed simulation and optimization framework for analyzing cyber–physical threats in petroleum pipeline networks. The model integrates networked hydraulic dynamics, SCADA-based state estimation, model predictive control (MPC), and a bilevel formulation for stealthy false-data injection (FDI) attacks. Pipeline flow and pressure dynamics are modeled on a directed graph using nodal pressure evolution and edge-based Weymouth-type relations, including control-aware equipment such as valves and compressors. An extended Kalman filter estimates the full network state from partial SCADA telemetry. The controller computes pressure-safe control inputs via MPC under actuator constraints and forecasted demands. Adversarial manipulation is formalized as a bilevel optimization problem where an attacker perturbs sensor data to degrade throughput while remaining undetected by bad-data detectors. This attack–control interaction is solved via Karush–Kuhn–Tucker (KKT) reformulation, which results in a tractable mixed-integer quadratic program. Test gas pipeline case studies demonstrate the covert reduction in service delivery under attack. Results show that undetectable attacks can cause sustained throughput loss with minimal instantaneous deviation. This reveals the need for integrated detection and control strategies in cyber–physical infrastructure. Full article