The ISC International Journal of Information Security

Abstract Least Significant Bit Matching (LSBM) is a simple steganography approach that has been detected under multiple attacks. Imperceptibility (i.e., maintenance of high perceptual image quality) and security are significant parameters in steganography. However, most conventional steganography techniques rely on single-objective optimization, which focuses on improving one parameter while often compromising others. This limitation underscores the need for approaches that balance conflicting objectives. To address this, the present study employs the Non-Dominated Sorting Genetic Algorithm II (NSGA-II) to optimize security and imperceptibility. This methodology includes a cover image division into blocks, each with two critical decisions: (1) seed determination for the pseudo-random number generator to simultaneously identify optimal pixels for data embedding and (2) selecting whether the pixel value should be increased or reduced upon a mismatch between the data bit and pixel LSB. Pixels with the highest data bit–LSB correspondence are optimal, and a pixel value change (increase or reduction) is to minimize block histogram variation. This multiobjective optimization is carried out using NSGA-II. It was comparatively revealed that the developed methodology remarkably improved image quality metrics and decreased detection accuracy at different embedding rates. At embedding rates of 0.3, 0.5, and 0.8 bpp, the Peak Signal-to-Noise Ratio (PSNR) was approximately 57.65, 55.55, and 52.75, respectively. This result represents a 1.5-2.5% improvement compared to conventional LSBM techniques. 

Abstract The Internet of Things (IoT) offers transformative potential across sectors like energy, defense, and healthcare, but its limited resources make it vulnerable to cyberattacks, necessitating robust security measures such as intrusion detection systems (IDS) to safeguard its infrastructure. This article presents a study that helps intrusion detection systems identify malicious and legitimate communications. To help the system make the best decisions possible, the subcategory of the attacked traffic is also classified. We trained the suggested models to be capable of binary and multi-class classification, targeting common attacks like denial of service (DoS), distributed denial of service (DDoS), reconnaissance, and information theft directed at IoT devices. Our methodology makes use of recently published IoT datasets, such as BoTIoT, ToNIoT, WUSTL-IIOT-20212021, and CiCIoT. To assess and contrast the performance of the proposed models on these datasets, we first applied stratified undersampling to convert the original imbalanced datasets into balanced subsets, which were then used for training and evaluation. Among the models evaluated, biLSTM achieved the highest accuracy of 99.66% and MCC of 0.99759 on the WUSTL-IIoT-2021 dataset. On the BoTIoT dataset, CNN with Dual Focal Loss reached 97.76% accuracy and 0.95536 MCC. For ToNIoT, LSTM achieved 97.01% accuracy with an MCC of 0.93643, while on the CiCIoT dataset, biLSTM obtained 96.23% accuracy and 0.96347 MCC. The results show that biLSTM and LSTM models give higher performance than FNN and CNN models in terms of precision, recall, F1 score, and MCC across all datasets, demonstrating improved performance for temporal IoT intrusion detection tasks.

Abstract Online social media is integral to human life, facilitating messaging, information sharing, and confidential communication while preserving privacy. Platforms like Twitter, Instagram, and Facebook exemplify this phenomenon. However, users face challenges due to network anomalies, often stemming from malicious activities such as identity theft for financial gain or harm. This paper proposes a novel method using user similarity measures and the Generative Adversarial Network (GAN) algorithm to identify anomalies (fake nodes) in user accounts in a large-scale social network while handling imbalanced data issues. Despite the problem's complexity, the method achieves an AUC rate of 80\% in classifying and detecting fake accounts. Notably, the study builds on previous research, highlighting advancements and insights into the evolving landscape of anomaly detection in online social networks. The findings of this study contribute to ongoing advancements in fake account detection, offering a hopeful solution for securing online spaces against fraudulent activities and anomaly detection in social networks.

Abstract Distributed Denial-of-Service (DDoS) attacks are among the most critical security threats to distributed network infrastructures, including blockchain systems. These attacks degrade performance, cause congestion, and disrupt service delivery or transaction processing. Traditional mitigation techniques have undergone extensive development. However, they often fail to intelligently detect and manage traffic patterns and struggle to adapt to dynamic conditions in decentralized environments. This paper proposes a reinforcement learning-based congestion control (CC) method that dynamically adjusts congestion window (CWND) following traditional TCP principles based on signals such as delay and packet loss. What distinguishes our approach is that the RL-agent interprets persistent or abnormal congestion patterns as potential indicators of adversarial high-load conditions (e.g., DDoS-induced congestion) and adapts CWND adjustments more intelligently to reduce their adverse. Leveraging the Q-learning algorithm, the proposed approach adapts dynamically to fluctuating traffic and conditions. Its learning capability enables continuous monitoring of behavior and timely responsiveness to anomalies, including sustained congestion patterns often associated with adversarial traffic surges. Simulation results across various DDoS scenarios—evaluated against conventional CC algorithms—demonstrate considerable improvements in key performance indicators such as reduced latency, enhanced bandwidth utilization, improved stability, decreased packet loss, and increased throughput. The proposed Q-learning-based CC operates at the peer-to-peer layer, regulating flow among blockchain nodes. It is independent of consensus mechanisms while indirectly improving consensus efficiency by reducing message delays and packet loss. This method offers a scalable and intelligent solution for cc under adversarial conditions, thereby contributing to improved robustness and efficiency in both general distributed systems and blockchain networks.

Abstract Ensuring fair task validation and reward distribution remains a significant challenge in decentralized crowdsourcing systems. Existing platforms often suffer from malicious evaluations, unfair compensation, central points of failure, and limited transparency. In this work, we propose a fully decentralized crowdsourcing protocol built on blockchain technology and smart contracts to address these issues. Our system introduces a validator-based task evaluation process and ensures secure and private task handling through encryption and decentralized IPFS storage. Participants interact through smart contracts, which manage task assignment, output verification, and automated reward distribution. To promote fairness, we employ a reward allocation strategy based on the actual contribution of each participant. The proposed system addresses critical crowdsourcing challenges including malicious or biased evaluations, Sybil attacks, collusion, single points of failure, lack of revision mechanisms, and excessive transaction costs. Experimental results show that our smart contracts are executed with low cost (total deployment cost of 0.0511 ETH, with function calls as low as 47,878 gas units). The system sustains reliable operation and maintains integrity even when adversarial validators control up to 49% of the total reputation.

Abstract Confidentiality, unforgeability, and public verifiability are essential for secure multi-party communications. These communications play a vital role in real-world applications such as decentralized financial transactions, e-commerce, cloud computing, and web services, where authentication and privacy preservation are very important. In conventional cryptosystems, individual signcryption performed by each participant significantly increases the unsigncryption cost for the receiver. Multi-signcryption offers an efficient alternative by allowing multiple signers to jointly signcrypt a single message. This paper proposes a novel certificateless multi-signcryption scheme that eliminates the certificate management problem of traditional public key infrastructures and avoids the key escrow problem of identity-based cryptography. To reduce the computational cost associated with bilinear pairings over elliptic curves, the proposed scheme is designed in a pairing-free environment. This scheme achieves constant-time verification in the unsigncryption phase and is independent of the number of signers. Security is formally proven under the hardness assumptions of the Elliptic Curve Computational Diffie–Hellman Problem (ECCDHP) and the Elliptic Curve Discrete Logarithm Problem (ECDLP). The proposed scheme ensures confidentiality, unforgeability, and public verifiability, and it attains significantly lower computational costs than existing schemes. Hence, the proposed scheme can be used for secure group communications in resource-constrained environments where high performance is essential. 

Abstract With the increasing prevalence of online services, big data systems, and Internet of Things (IoT) devices, detecting anomalies in large system logs has become a significant concern. This study presents a systematic literature review of automated log analysis for anomaly detection from January 2017 to October 2024. The study classifies existing approaches into five types: hybrid, supervised, unsupervised, semi-supervised, and self-supervised. Each technique is analysed based on its assumptions, benefits, limitations, computational complexity, and performance in practical applications. Additionally, it addresses the challenges and concerns associated with developing anomaly detection systems for real-life applications using deep neural networks. The survey's objective is not to perform a statistical analysis of the published methodologies but to classify them, highlight the key features of various deployed architectures, and focus on unresolved issues that require further investigation in this domain. The study offers valuable direction for researchers, emphasising the need for scalable, robust, and interpretable anomaly detection systems. This survey advances the understanding of current capabilities and highlights future directions for enhancing the reliability of complex systems.