31 October 2025, Volume 3 Issue 5
-
Select all|
-
Journal of Cybersecurity. 2025, 3(5): 2-13. https://doi.org/10.20172/j.issn.2097-3136.250501
As cyber offense and defense grows increasingly sophisticated, understanding adversary behaviors is essential for proactive defense. Based on the MITRE ATT&CK framework, we systematically define the paradigm of "Technique Association Analysis," which aims to transform discrete behavioral observations into continuous intent reasoning. Using the core modeling depth of contextual and temporal dependencies as a classification criterion, we categorize current technique association mining methods into three progressive levels: static pattern mining based on statistical co-occurrence and association rules, dynamic evolution analysis using probabilistic graphs and time-series models, and high-level semantic mining that integrates graph computing with large language models. Furthermore, we provide a systematic horizontal comparison and analyze the applicability of these methods in key downstream tasks, including attack chain completion, intent prediction, and defense and detection optimization. Finally, we discuss the limitations of existing methods in dynamic context awareness and cross-modal data alignment, and outline future directions. In particular, we highlight the in-depth integration between large language models and knowledge graphs as a promising avenue, aiming to provide a comprehensive reference for research in automated threat hunting and network security operations.
-
Journal of Cybersecurity. 2025, 3(5): 14-22. https://doi.org/10.20172/j.issn.2097-3136.250502
With the rapid advancement of generative artificial intelligence (GAI), deepfake speech technology has achieved remarkable progress. The synthesized speech now closely mimics authentic human voices in terms of timbre, prosody, and naturalness, exhibiting strong deceptive capabilities and thus posing significant challenges to detection systems. This survey systematically reviews the evolution, technical approaches, current challenges, and future directions of deepfake speech detection. First, we elaborate on the fundamental principles and methodologies of deepfake speech generation, covering speech synthesis and voice conversion (VC). Second, we comprehensively examine detection techniques, classifying them into three paradigms: traditional machine learning–based methods, deep learning–based approaches, and end-to-end detection frameworks. For each paradigm, we provide detailed analysis of its working mechanisms, inherent characteristics, and performance on typical benchmarks. Third, we introduce widely used benchmark datasets and evaluation metrics in this field. Finally, we discuss key challenges—such as poor generalization across unseen forgery types and constraints in real-time deployment—and outline promising future research directions.
-
Journal of Cybersecurity. 2025, 3(5): 23-37. https://doi.org/10.20172/j.issn.2097-3136.250503
Edge intelligence devices are widely deployed in the Internet of Things (IoT) and security scenarios, but their deep learning models are vulnerable to electromagnetic side-channel attacks. To quantitatively assess the information leakage of such models under these attacks, a hierarchical risk evaluation framework is proposed, which is analyzed from three dimensions: model family, layer structure, and core parameters. Model family identification is achieved by combining time-frequency features with a random forest algorithm, while the automatic inference of layer structure and core parameters is realized by using the temporal patterns of power traces and a Long Short-Term Memory (LSTM) network. Quantitative indicators are established to measure the information leakage degree. Experiments are conducted on real edge intelligence devices with nine typical deep learning models. The results show that the average F1-score for model family classification reaches 95.7%, the reconstruction accuracy of layer structure is about 93.8%, and the identification accuracy of core parameters exceeds 90%. This study confirms that electromagnetic side channels can leak multi-level model information with high accuracy, and such information is sufficient to support model cloning and subsequent attacks. It provides a quantitative basis for understanding side-channel risks and designing protection schemes for edge intelligence devices.
-
Journal of Cybersecurity. 2025, 3(5): 38-47. https://doi.org/10.20172/j.issn.2097-3136.250504
With the increasing sophistication of cyber-attacks, Breach and Attack Simulation (BAS) has emerged as a pivotal approach for cybersecurity assessment. Within the BAS framework, the Planner serves as a core module, where decision algorithms directly dictate the coverage and effectiveness of the simulation. However, existing decision algorithms face significant limitations in handling the uncertainty of behavioral outcomes and assessing out-of-sample attack behaviors, thereby constraining their practical utility. To address these challenges, this paper proposes Feature Similarity adaptive KNN (FSK), a comprehensive attack behavior evaluation method. FSK integrates structured modeling, dynamic neighborhood adjustment, and temporal decay mechanisms with an adaptive K-Nearest Neighbors (KNN) algorithm. The method enhances adaptability to execution changes through execution result feedback, and achieves a comprehensive evaluation of attack behaviors utilizing multi-objective balanced decision-making. Experimental results demonstrate that FSK achieves superior performance in terms of attack surface coverage and prediction accuracy for out-of-sample behaviors. The average performance metrics reach 90%, representing a 20% improvement over existing baselines. These findings provide new insights for advancing the design of BAS planners.
-
Journal of Cybersecurity. 2025, 3(5): 48-60. https://doi.org/10.20172/j.issn.2097-3136.250505
To address the challenge of evaluating the security of information systems under complex attacks, such as Advanced Persistent Threat (APT), a cybersecurity knowledge graph embedding method integrating logical rule reasoning with adversarial learning is proposed. Specifically, logical rules are mined from the complex attack knowledge graph by leveraging the AnyBURL tool, and semantically consistent positive samples are inferred accordingly, thereby mitigating the problem of positive sample sparsity. In parallel, an adversarial example generation mechanism is introduced to dynamically construct hard negative samples near the decision boundary, so that more discriminative gradient signals can be received by the model during training. To further ensure the sample’s reliability, a similarity-based sample filtering strategy is designed to comprehensively evaluate candidate samples. Experimental results demonstrate that the proposed method significantly outperforms existing baseline models in complex attack behavior prediction, with a Mean Reciprocal Rank (MRR) of 0.571 and Hits@10 of 0.663 achieved, corresponding to improvements of 39.6% and 21.9%, respectively. These results indicate that the representation and reasoning ability of complex attack paths can be effectively enhanced by the proposed method. Moreover, reliable support is provided for the security evaluation of information systems under complex attack scenarios.
-
Journal of Cybersecurity. 2025, 3(5): 61-72. https://doi.org/10.20172/j.issn.2097-3136.250506
Against the backdrop of an increasingly complex and dynamically evolving cyber threat landscape, traditional static and periodic cybersecurity assessment methods are no longer sufficient to address emerging challenges. An AI-driven adaptive cybersecurity assessment framework is proposed to realize the intellectualization, automation and continuity of the assessment process. The framework is constructed as a closed-loop system consisting of four layers: data perception, intelligent analysis, dynamic decision-making and feedback optimization. Its core innovation resides in the in-depth integration of artificial intelligence technologies, which involves applying Graph Neural Networks (GNN) for anomaly detection and threat hunting, adopting Deep Reinforcement Learning (DRL) to enable automated penetration testing and attack path planning, and incorporating Large Language Models (LLM) to achieve automated generation of analysis reports. Simulation experiments verify that the proposed framework exhibits remarkable advantages over traditional methods in the depth of vulnerability discovery, the speed of threat response and the accuracy of risk assessment. It can effectively improve the capability of proactive defense, and thus provide a feasible technical approach and practical reference for constructing a dynamic and adaptive next-generation cybersecurity system.
-
Journal of Cybersecurity. 2025, 3(5): 73-83. https://doi.org/10.20172/j.issn.2097-3136.250507
As power systems become deeply integrated with cyber-physical infrastructures, their security mechanisms encounter increasingly dynamic and complex threats. A digital twin–based architecture for power cyber-physical systems is proposed, where a digital twin is constructed to achieve real-time system-wide mirroring and multi-source heterogeneous data fusion. By continuously monitoring system operations and incorporating an AI-driven dynamic defense mechanism, the proposed framework enables effective anomaly detection in power system operations.To enhance detection efficiency and accuracy, a two-stage anomaly detection algorithm is introduced. In the first stage, threshold-based rules are employed for rapid identification of obvious anomalies, while in the second stage, an LSTM-AE(Long Short-Term Memory-Autoencoder)model combined with spatiotemporal association rules is applied to improve detection precision and adaptability. The proposed method is validated on a Simulink-based power system simulation platform under false data injection attacks. Experimental results demonstrate that the proposed algorithm achieves an anomaly detection accuracy of 97.82%, outperforming existing methods by 2%~4.5%. This approach significantly enhances the accuracy and robustness of anomaly detection, providing a strong safeguard for the secure and reliable operation of power systems.
-
Journal of Cybersecurity. 2025, 3(5): 84-101. https://doi.org/10.20172/j.issn.2097-3136.250508
Cyber threat intelligence has been proven to be a mainstream method for executing efficient threat detection, and how to systematically generate and operate threat intelligence has become a core issue. To address this, a solution is proposed that utilizes the processing and integration of threat intelligence data to construct a proactive security correlation analysis and operation framework, which aims to achieve comprehensive, adaptive, and real-time cybersecurity defense. The solution encompasses technical modules such as data collection, model establishment, analysis engine, intelligence production, and intelligence application and sharing. Among these, the proactive security correlation framework based on threat intelligence and the full-process correlation analysis system of the knowledge graph integrate technologies such as machine learning, data fusion, and large language models. This integration realizes the automated operation of the entire process from data collection to threat detection, applies threat intelligence throughout the entire lifecycle operation, and enhances the proactivity and intelligence of cybersecurity defense. Experiments have proven that constructing a proactive security correlation framework through in-depth analysis and utilization of threat intelligence is an effective way to enhance the capability of cybersecurities defense.
-
Journal of Cybersecurity. 2025, 3(5): 102-113. https://doi.org/10.20172/j.issn.2097-3136.250332
Due to the openness of the Internet of Things (IoT) and the influx of low-quality data from unreliable data circulators, data owners are faced with the risk of identity and sensitive information leakage during IoT data transmission. Superior performance in ensuring the confidentiality and trustworthiness of data transmission is shown by the multi-receiver signcryption mechanism. However, the security requirements of IoT data transmission in terms of privacy protection, on-demand participation, and resistance to malicious behavior still fail to be fully met by existing multi-receiver signcryption schemes. An trusted transmission scheme integrating multidimensional decision attribute-based signcryption is proposed by integrating multi-dimensional decision attributes with multi-receiver signcryption. Potential issues such as privacy leakage, unqualified participation, and malicious data publishing in IoT data transmission are aimed to be addressed by the scheme. A rigorous security analysis of the proposed scheme is conducted in the random oracle model. Additionally, lower computational complexity and communication overhead are achieved by the proposed scheme compared to related schemes, as demonstrated by simulation results.
-
Journal of Cybersecurity. 2025, 3(5): 114-124. https://doi.org/10.20172/j.issn.2097-3136.250328
Private Set Intersection (PSI) is an important privacy-preserving technique in the field of Secure Multi-Party Computation (SMPC), which enables the intersection to be computed by two parties without disclosing their respective datasets. However, high computational power is required from participants by existing PSI protocols, and low efficiency is achieved in large-scale data processing when participants have limited local computing power. To address the problem of limited client resources, a cloud-assisted verifiable privacy set intersection protocol is constructed based on the Oblivious Pseudo-Random Function (OPRF) and homomorphic Brakerski/Fan-Vercauteren (BFV) algorithm. The protocol can detect and resist the malicious tampering behavior of cloud servers, while ensuring the data security and privacy of participants. The security of the protocol is proved under the semi-honest model. Through experimental comparison with existing protocols, high efficiency is achieved by the protocol when the data volumes of the two parties differ greatly, and both computational complexity and communication complexity are linearly correlated with the set size, making it suitable for client-server application scenarios.
Volume 3 Issue 5
Bimonthly
Sponsored by China Aerospace Academy of Systems Science and Engineering
ISSN 2097-3136
CN 10-1901/TP
-
Total visitors
Visitors of today
Now online