Journal of Science and Technology on Information security

A Combinational Model-Based APT Attack Detection Approach

Nguyen Thanh Tung — 2025-06-30

In the context of a world increasingly reliant on digital technology, Advanced Persistent Threats (APT) pose a significant challenge to global cybersecurity. To address this issue, this paper introduces a novel approach called BiLSTM-Attention-GCN (BiLAG), an advanced model combining Bidirectional Long Short-Term Memory (BiLSTM) networks, Attention mechanisms, and Graph Convolutional Networks (GCN). The goal of BiLAG is to provide an effective and accurate method for detecting APT. BiLSTM is employed to capture temporal features related to event sequences, enabling the detection of anomalies over time. The Attention mechanism focuses on the most critical aspects of the dataset, allowing the model to identify hidden signals that indicate potential attacks. Lastly, GCN is utilized to explore complex relationships among network entities, enhancing APT detection by constructing a detailed and precise relational graph. Experimental results demonstrate that BiLAG achieves an accuracy of 99%, with high recall and significantly reduced false positive rates.

An Efficient Framework for Multi-Class Malware Classification in Cloud Environments

Pham Sy Nguyen — 2025-06-30

Malware classification in cloud
environments remains a critical challenge due to the
increasing complexity and volume of cyber threats.
This paper proposes CMC (Cloud-based Malware
Classification), a novel framework that enhances
multi-class malware classification efficiency through
the integration of feature selection, dimensionality
reduction, and imbalanced data handling
techniques. The CMC framework aims to improve
classification accuracy and computational efficiency
by optimizing feature representation and addressing
class imbalance, which are common issues in
real-world malware datasets. To evaluate its
effectiveness, we apply the proposed model to two
public benchmark datasets: CMD_2024 and
CIC-MalMem-2022. Experimental results
demonstrate that CMC outperforms existing
approaches in terms of classification accuracy,
F1-score, and computational efficiency, proving its
potential for real-world deployment in cloud-based
security solutions. These findings highlight the
importance of intelligent data preprocessing and
feature optimization in enhancing malware
classification on cloud platforms.

Federated Trust-Based Authentication for Secure Mobile Cloud Access

Le Vinh Thinh — 2025-06-30

The proliferation of mobile cloud services significantly increases the complexity and risks associated with user authentication. Traditional password-based authentication methods are vulnerable to credential theft and account takeover attacks. Although centralized Risk-Based Authentication (RBA) methods enhance security by evaluating login attempt risks, they often compromise user privacy by aggregating sensitive authentication data. To overcome these challenges, this paper proposes a federated trust-based authentication framework utilizing federated learning (FL) integrated with an Artificial Neural Network enhanced by Batch Normalization (ANN-BN). Specifically, our framework calculates a trust score for each login attempt based on user behavior patterns and contextual threat indicators. This trust-based approach enables accurate detection of malicious login attempts while preserving user privacy by performing decentralized model training across multiple client devices. Experiments conducted on a real-world login dataset demonstrate that the proposed federated ANN-BN approach achieves high detection accuracy with a low false-alarm rate, effectively balancing security enhancement and privacy preservation. Our results confirm the effectiveness and practicality of federated learning for secure authentication in mobile cloud environments, highlighting its potential for real-world deployment and motivating future research directions.

Secure Implementation of Post-Quantum Cryptography

Ben El Haj Soulami Souhayl — 2025-06-30

Post-Quantum Cryptography (PQC) is now required by several institutions and vendors, especially for applications related to low-level security functions (secure boot, firmware management, secure channels establishment, etc.). Not only standardized PQC algorithms must match correctly their specification, but also they must be implemented in accordance with market requirements. Those mostly consist of Performance-Power-Area (PPA) and certification constraints. In turn, the PPA encompasses tradeoffs between speed and implementation size, but also optimal adequation with available resources (vectorization in software, parallelism in hardware, dedicated accelerators in embedded systems, etc.) The certification relates to secure implementation in the context of adversaries trying to gain information on the secrets, exploiting for instance some surreptitious information leakage (secret-dependent timing or power consumption). There is an interplay between PPA and certification aspects that we detail in this paper, for different classes of PQC algorithms. We also give some insights on the order in which PQC algorithms will be rolled-out, dictated by the requirements to implement in hardware some services which cannot be retrofitted later on in software, namely those that are in charge of firmware lifecycle management

A Novel Approach for 1D-CNN Hyperparameter Optimization in IoT Attack Detection using Particle Swarm Optimization

Le Thi Hong Van — 2025-06-30

This study proposes a hyperparameter optimization method for one-dimensional convolutional neural network using the Particle Swarm Optimization algorithm based on a Pareto multi-objective approach to improve the performance of IoT attack detection systems. Specifically, this study enhances the PSO algorithm by introducing an automatic termination criterion for optimization loops and proposes an early stopping mechanism, along with the optimization of the early stopping patience during the 1D-CNN model training process, thereby reducing computational costs and aligning with the resource-constrained hardware conditions of IoT. Additionally, a multi-objective optimization function is developed to balance detection performance and resource efficiency by combining validation accuracy with the 1D-CNN's execution time. The proposed method is evaluated on the Edge-IIoTset dataset. Experimental results demonstrate that the optimized model reduces execution time by 48-63% compared to the baseline model while maintaining high accuracy (over 94%). This research not only provides a practical solution for IoT security but also pioneers a novel approach to integrating evolutionary algorithms into adaptive deep learning systems and introduces a flexible method for hardware-constrained devices.

Large-scale Android malware detection by integrating Blockchain and IPFS for secure virus signature distribution

Nguyen Tan Cam — 2025-06-30

The growing threat of Android malware underscores the limitations of centralized antivirus systems, which face challenges such as latency, single points of failure, and susceptibility to attacks. To address these issues, this paper introduces a decentralized framework leveraging blockchain technology via Hyperledger Fabric and the InterPlanetary File System (IPFS). The system, HypatiaX, provides secure, efficient, and transparent virus signature distribution while ensuring scalable and resilient data storage. By utilizing blockchain for virus signature management and IPFS for decentralized storage, HypatiaX supports real-time updates in distributed environment. Performance evaluations reveal low resource consumption, near-instantaneous query responses, and efficient virus scanning under diverse conditions. Advanced components, including a ledger controller, signature crawler, key manager, and IPFS client, further strengthen decentralized storage, secure key management, and automatic signature updates. This framework demonstrates significant improvements in combating Android malware while addressing the inherent flaws of traditional antivirus solutions.

Enhancing SPN ciphers: Dynamic substitution-key addition layers via binary block circulant matrices

Tran Thi Luong — 2025-06-30

The SPN (Substitution-Permutation Network) block cipher is one of the fundamental and important structures in the field of symmetric encryption, widely used in modern encryption algorithms such as AES. Due to its ability to efficiently diffuse and obscure data, SPN plays a key role in building secure and reliable encryption systems. However, with the development of the SPN block cipher, many studies have been conducted to identify cryptanalytic attack methods to break this cipher. To enhance the security of the SPN block cipher, recent research has focused on dynamic transformations of its components and often relies on the secret component, the key. In this study, we propose a new method that combines the dynamicization of two key components: the substitution layer and the key addition layer of the SPN block cipher. This method is based on using a binary block circular shift matrix, formed by combining a binary circular shift matrix with a binary Hadamard matrix. Our algorithm only requires the use of 26 additional key bits but can generate up to 2²⁸key-dependent S-boxes with strong cryptographic properties and 23³ key-dependent XOR tables. When applying these key-dependent S-boxes and XOR tables to dynamically modify the AES block cipher, it can increase the security level of the dynamic AES block cipher by 2³³ compared to AES