https://isj.vn/index.php/journal_STIS <h2 style="color: red !important; font-size: 30px;">About the Journal</h2> <h1><strong><span class="pkp_screen_reader">Edit About the Journal<span style="font-size: 14px;">Information Security Journal publishes a periodical academic, scientific, specialized journal in the field of information security named “Journal of Science and Technology on Information security”. The publication aims to create a forum to discuss scientific and technological issues in the field of information security, to support of researching science and technology in this field, and contribute to connecting research, trainning and applications deployment.</span></span></strong></h1> <div id="sponsors"> <p>The Journal of Science and Technology on Information Security - abbreviated name ISJ, with index ISSN 2615-9570 is a publication of Information Security Journal, Vietnam Government Information Security Commission. This is an academic, scientific, specialized magazine and is also a place to discuss scientific and technological issues in the field of information security, support scientific and technological research in this field, and contribute connecting research, training and application deployment. Helpful for leaders, managers, scientific and technical staff, teachers, students...</p> <p>The Journal of Science and Technology on Information Security has been published since 2015 with 2 issues/year (1 issue in Vietnamese and 1 issue in English). By 2022, the publication has increased the number of publications to 3 issues/year with 2 English issues (published in June and December) and 1 Vietnamese issue (published in September). From 2024, the Journal's installments will be published entirely in English.</p> <p>The Journal of Science and Technology on Information security in the field of Information Security is recognized as high quality according to Decision No. 22/QĐ-HĐGSNN of the State Council for Professorship (<a href="http://hdgsnn.gov.vn/tin-tuc/quyet-dinh-so-25-qd-hdgsnn-phe-duyet-danh-muc-tap-chi-khoa-hoc-duoc-tinh-diem-nam-2024_788/">http://hdgsnn.gov.vn/tin-tuc/quyet-dinh-so-25-qd-hdgsnn-phe-duyet-danh-muc-tap-chi-khoa-hoc-duoc-tinh-diem-nam-2024_788/</a>). According to The State Council for Professorship of Vietnam, the paper are counted 0.75 score by The Council for Professorship in Information Technology and 0.75 score by The Interdisciplinary Council for Professorship in Electrical-Electronics-Automation.</p> <p>The papers published in the Journal are scientific research works, new technologies applications, scientific achievements and new techniques in the field of information security. They have not been published or sent to any magazines or any conference proceedings.</p> <p>The papers are sent to scientists for strict assessment and criticism and to be counted points, according to the process of publishing scientific works of The State Council for Professor Title of Vietnam. The authors whose papers are published will receive royalties according to the provisions of the Journal, along with the issues including their papers and soft copies (PDFs) of other issues if needed. Authors do not have to submit any fees when submitting articles. All cost for the publication process is supported by Journal of Science and Technology on Information security.</p> <p> </p> <p> </p> </div> <h2 style="color: red !important; font-size: 30px;"><strong>Call for scientific papers for</strong><strong> 2025</strong></h2> <div class="content-new" style="font-size: 14px; line-height: 25px;"> <p><img style="width: 207px; float: left; margin-right: 20px; margin-bottom: 50px; margin-top: 10px;" src="https://isj.vn/public/site/images/admin/bia-en.png" alt="" height="289" />Dear professionals!</p> <p>To prepare for publishing the Journal of Science and Technology on Information security 2025 in English and aim to become a prestigious, quality magazine with unique characteristics in the field of information security and safety. The Journal respectfully invites and calls on all domestic and foreign scientists to submit quality articles to the Journal. The release schedule for 3 issues in 2025 is as follows:</p> <p>No. 1.CS(24) 2025 is expected to be published: June 2025</p> <p>No. 2.CS(25) 2025 is expected to be published: September 2025</p> <p>No. 3.CS(26) 2025 is expected to be published: December 2025</p> <p>Authors please submit the manuscript according to the format of the Journal provided at <a href="https://isj.vn/index.php/journal_STIS/information/authors">https://isj.vn/index.php/journal_STIS/information/authors</a>. Article submission rules and guidelines for presenting articles are posted on the website <a href="https://isj.vn/index.php/journal_STIS/about/submissions">https://isj.vn/index.php/journal_STIS/about/submissions</a>. <span class="text">For support, please contact us via email at </span><a class="text-is-email" href="mailto:thukychuyensan@bcy.gov.vn" target="_blank" rel="noopener">thukychuyensan@bcy.gov.vn</a><span class="text"> or reach out to the Administrative Secretary, Hoang Thi Thu Hang (mobile phone at </span><a class="text-is-phone-number">+84 914372016)</a>.</p> <p>Sincerely./.</p> </div> Vietnam Government Information Security Commission en-US Journal of Science and Technology on Information security 2615-9570 <p><strong>Proposed Policy for Journals That Offer Open Access</strong></p> <p>Authors who publish with this journal agree to the following terms:</p> <p>1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a <a href="http://creativecommons.org/licenses/by/3.0/" target="_new">Creative Commons Attribution License</a> that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.</p> <p>2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.</p> <p>3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See <a href="http://opcit.eprints.org/oacitation-biblio.html" target="_new">The Effect of Open Access</a>).</p> <p><strong>Proposed Policy for Journals That Offer Delayed Open Access</strong></p> <p>Authors who publish with this journal agree to the following terms:</p> <p>1. Authors retain copyright and grant the journal right of first publication, with the work [SPECIFY PERIOD OF TIME] after publication simultaneously licensed under a <a href="http://creativecommons.org/licenses/by/3.0/" target="_new">Creative Commons Attribution License</a> that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.</p> <p>2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.</p> <p>3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See <a href="http://opcit.eprints.org/oacitation-biblio.html" target="_new">The Effect of Open Access</a>).</p> https://isj.vn/index.php/journal_STIS/article/view/1102 <p>In this study, we analyze how Telegram Bots can be abused as a Command and Control (C2) infrastructure in cyberattacks. We propose a Telegram-based C2 model that enables attackers to control compromised systems without relying on a centralized server, thereby enhancing anonymity and evasion capabilities. Furthermore, we introduce detection and defense strategies based on network behavior monitoring and encrypted message analysis.</p> Pham Van Toi Nguyen Trung Dung Hoang Linh Phương Nguyen Huu Long Copyright (c) 2025 Journal of Science and Technology on Information security 2025-09-30 2025-09-30 43 51 10.54654/isj.v2i25.1102 https://isj.vn/index.php/journal_STIS/article/view/1128 <p> <span class="fontstyle0">Web Application Firewalls (WAFs) serve as a critical defense mechanism against various web-based attacks such as SQL Injection (SQLi), Cross-Site Scripting (XSS), Server-Side Request Forgery (SSRF), Remote Code Execution (RCE), and NoSQL Injection. However, modern adversaries often craft evasive and obfuscated payloads capable of bypassing traditional WAF rules. To effectively assess and challenge the robustness of WAFs, we propose DEG-WAF, a Deep Evasion Generation framework that leverages Large Language Models (LLM) in conjunction with Reinforcement Learning (RL) to generate evasive payloads against WAFs. The system consists of four core components: a payload generation agent based on a pre-trained LLM (OPT-125M), a reward model that approximates WAF behavior, a grammar-based sampling agent that ensures syntactic validity, and an RL agent trained with either Proximal Policy Optimization (PPO) or Advantage Actor-Critic (A2C) to fine-tune generation strategies. Experimental evaluations on real-world WAFs, including ModSecurity and SafeLine, demonstrate that the A2C-based model significantly outperforms baseline LLMs—achieving a bypass success rate of 80.16% on SQLi and 74.70% on NoSQLi for ModSecurity, and 97.8% on RCE for SafeLine. These results underscore the potential of our LLM-RL framework to serve as a robust foundation for evaluating and enhancing the resilience of WAF systems under adversarial conditions.</span> </p> Tran Gia Bao Dinh Cong Duc Phan The Duy Copyright (c) 2025 Journal of Science and Technology on Information security 2025-09-30 2025-09-30 78 96 10.54654/isj.v2i25.1128 https://isj.vn/index.php/journal_STIS/article/view/1115 <p> <span class="fontstyle0">Accurate CPU workload forecasting is vital for efficient resource management and system availability in cloud computing, yet faces challenges in data privacy, security, and the "cold start"problem for new Virtual Machines (VMs). Traditional methods risk privacy and struggle with limited data. We propose FedPC, a novel framework leveraging privacy-preserving Federated Learning (FL) with Periodicity-based Clustering. FedPC enables collaborative training without exposing local data, crucially supporting effective forecasting for new VMs with minimal historical information. It clusters VMs by workload periodicity, training tailored LSTMs within each cluster to handle heterogeneity securely. Evaluated on Azure Public Dataset V1, FedPC surpasses FedAvg in privacy and matches state-of-the-art methods in accuracy. This demonstrates FedPC’s efficacy in securely, adaptively managing resources, thereby enhancing system availability, especially in dynamic cloud environments with frequent VM creation and scarce initial data.</span> </p> Nguyen Quoc Khanh Tran Quang Duc Nguyen Van Toan Tong Van Van Copyright (c) 2025 Journal of Science and Technology on Information security 2025-09-30 2025-09-30 52 60 10.54654/isj.v2i25.1115 https://isj.vn/index.php/journal_STIS/article/view/1093 <p>Malware analysis typically involves three steps:<br />obfuscation, infection, and malicious action. Many antivirus methods fail because obfuscation hides control structures. This paper provides an overview of dynamic symbolic execution (DSE) applied to binary code, especially x86. DSE is considered the most powerful technique for deobfuscation and can automatically recover control structures such as control‑flow graphs. Several DSE tools target x86 (e.g., angr, Mayhem, S2E, KLEE‑MC, and BE‑PUM); we examine their design choices and trade‑offs. Finally, we evaluate the effectiveness of control‑flow graph similarity for tasks such as packer identification and original entry point (OEP) detection.</p> Mizuhito Ogawa Copyright (c) 2025 Journal of Science and Technology on Information security 2025-09-30 2025-09-30 5 20 10.54654/isj.v2i25.1093 https://isj.vn/index.php/journal_STIS/article/view/1123 <p> <span class="fontstyle0">Data hiding in digital images has received considerable attention in recent years. Research efforts have primarily focused on increasing embedding capacity while preserving the visual quality of stego-images. In this paper, we propose a data hiding scheme based on Hamming codes. To enhance visual quality, the scheme estimates block complexity from pairs of adjacent pixels arranged in zig-zag order and uses this measure to identify high-texture regions for embedding message bits. To further minimize distortion, secret bits are embedded using the proposed Hamming code-based method. Moreover, embedding capacity is increased by utilizing multiple pixel bit-planes. A Canonical Gray Code (CGC) is employed in the bit-plane decomposition process to improve the accuracy of texture characterization in data hiding. Experimental results demonstrate that the proposed scheme achieves higher embedding capacity, improved visual quality, and stronger resistance to detection attacks.</span></p> Nguyen Duc Tuan Copyright (c) 2025 Journal of Science and Technology on Information security 2025-09-30 2025-09-30 21 42 10.54654/isj.v2i25.1123