Home Browse Online First

Online First

Online First, unedited articles published online and citable. The final edited and typeset version of record will appear in the future.
Please wait a minute...
  • Select all
    |
  • Zhang Jingwei, Sun Sa, Yang Shuai, Wu Ying, Zhang Xiaojun
    Accepted: 2026-06-29

    With the rapid development and wide application of cloud computing and the medical Internet of Things, massive medical data have become the core strategic resource in the medical field. While cloud storage supports the management of such data, it also brings the challenges of privacy protection and efficient retrieval. Existing searchable encryption schemes suffer from low retrieval efficiency over massive data, lack of semantic relevance, and unverifiable results, making it difficult to adapt to the retrieval requirements of medical data. This paper proposes a verifiable searchable encryption scheme that supports semantic search over massive medical data. The scheme designs a two-stage retrieval architecture of “coarse matching + fine ranking”. Fast coarse matching of massive high-dimensional semantic vectors is achieved based on locality-sensitive hashing, and accurate sorting in the ciphertext domain is achieved by designing privacy-preserving Euclidean distance comparison mechanism. A batch verification mechanism with public-key encryption and private-key verification is constructed to verify the correctness of retrieval results. Meanwhile, an improved matrix-based Learning with Errors (LWE) encryption mode is exploited to build a full-process ciphertext-domain interaction mechanism, which realizes the confidentiality of medical data features in a quantum-resistant environment, and guarantees the privacy security of medical data and retrieval intentions under multi-subject collaboration. Performance analysis and experimental simulations demonstrate the search computation time of the scheme is no more than 25 seconds for one million data items, which is much lower than existing linear-scan retrieval schemes. In terms of communication overhead, it is reduced by 50% compared with other schemes supporting vector retrieval. The proposed scheme has outstanding performance advantages and can effectively satisfy the privacy-preserving retrieval requirements of massive medical data.

  • An Xiangxiang, Guo Lizhi, Zheng Xiaotong
    Accepted: 2026-06-24

    Website hidden link detection faces significant challenges, as traditional methods often suffer from limited model generalization, heavy reliance on feature engineering, and poor interpretability of detection results. To better address these issues, this study proposes a zero-shot hidden link detection method driven by chain-of-thought prompting in large language models. By leveraging the strong natural language understanding and complex reasoning capabilities of large language models and chain-of-thought prompting strategies specifically designed for hidden link detection scenarios, the proposed method effectively enhances model generalization and innovatively provides interpretable outputs for detection results. Both subjective and objective metrics are employed to quantitatively evaluate the performance of the large language model and to verify the effectiveness of the prompting strategy in hidden link detection. The evaluation metrics include accuracy, precision, recall, and F1. Experimental results show that the proposed method achieves an F1 of 0.98, outperforming the baseline methods. This study provides an effective technical solution for hidden link detection in scenarios lacking high-quality datasets and further lays a foundation for the application of general-purpose large language models in cybersecurity detection tasks.

  • Xiang Xiayu, Zhou Huchen, Zhou Ke, Gu Zhaoquan
    Accepted: 2026-06-17

    As networked information systems are increasingly deployed in critical infrastructures, network defense systems face pervasive challenges of massive alerts, high noise, and weak correlation, which undermines the timely identification and response to real attacks. Cyber threat intelligence (CTI) can assist in reducing the mean time to detect (MTTD) and the mean time to respond (MTTR) by providing threat indicators and contextual information, thereby supporting alert triage and decision-making. However, in practice, CTI is heterogeneous in origin and uneven in quality, and its opaque production and delivery processes make its trustworthiness and usability difficult to guarantee. This paper systematically combs representative academic research results and industry practices on CTI quality evaluation in recent years. We organize existing work along two primary dimensions—source evaluation and content evaluation—and summarize the evaluation objectives into three core facets: correctness, timeliness, and utility. Based on this synthesis, we summarize the implications of existing evaluation methods for industrial-level intelligence selection, integration, and operation, identify the limitations of current evaluation work in verifiability, applicability, and operability, and outline future research directions oriented to real-world defense needs. Our review provides a structured reference for constructing scientific and practical CTI quality assessment systems, so as to support network defense systems in improving their alert handling and risk response capabilities.

  • Lin Xiaoxin, Zhou Yinghai, Lu Hui, Liu Yuan, Song Jing, Du Jing, Tian Zhihong
    Accepted: 2026-06-09

    Against the backdrop of great power strategic competition and digital sovereignty contests, cyber attack attribution has evolved from purely technical tracing into a composite decision problem that integrates forensic analysis, intelligence assessment, strategic-intent judgment, and the allocation of state responsibility under international law. In current Advanced Persistent Threat (APT) attribution paradigms, the micro-level technical paradigm faces challenges such as the failure of feature exclusivity, while the macro-level political paradigm struggles with insufficient evidence transparency. Meanwhile, intelligent paradigms like Knowledge Graphs and Large Language Models (LLMs) encounter bottlenecks in cross-domain integration. A critical review of five major research paradigms was conducted, encompassing technical tracing, political attribution, knowledge graphs, LLMs and agents, and uncertainty quantification. The analysis reveals that the core dilemma in existing attribution research lies in a persistent triple fracture—representational, temporal, and causal—between micro-level technical evidence and macro-level strategic context. Based on this, a Techno-Political Fusion attribution framework is proposed. It advocates for entity extraction and semantic alignment through knowledge learning and analytical algorithms tailored for multi-source heterogeneous data, to populate and validate cross-domain techno-political knowledge graphs, and integrates Dempster-Shafer evidence theory with Bayesian networks for conflict resolution and causal inference, ultimately generating confidence-scored attribution rankings and counterfactual explanations. Future research should construct a cross-domain ontology anchored by four dimensions—technology, organization, politics and events—and to establish a "spatiotemporal-causal" alignment mechanism between micro-level technical indicators and macro-level political contexts. Furthermore, refining the serial reasoning pipeline of "probabilistic inference followed by counterfactual validation" will help transition cyberattack attribution from mere correlation matching toward a causal reasoning system that is auditable, interpretable, and capable of uncertainty quantification.

  • Wu Wei, Li Zhonghui, Yang Yang
    Accepted: 2026-06-01

    In today's healthcare environments, protecting sensitive medical data—such as electronic health records and medical images—has become increasingly critical due to the inherent limitations of traditional encryption systems and the rapidly emerging threat of quantum computing attacks. To effectively address these pressing vulnerabilities, this paper proposes a post-quantum medical data protection scheme integrating a Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM) with decentralized Blockchain technology. The proposed scheme employs ML-KEM to facilitate a quantum-resistant key exchange process and introduces an HKDF-based hierarchical key derivation mechanism combined with AES-256 to achieve parallel hybrid encryption. To eliminate single-point storage vulnerabilities, a dual-layer architecture is adopted: the data layer applies Reed-Solomon erasure coding for efficient fault-tolerant sharding, while the control layer applies Shamir's Secret Sharing to the ML-KEM encapsulation ciphertext, with all shares distributed across the InterPlanetary File System (IPFS) for decentralized storage. Furthermore, the system utilizes Blockchain technology alongside smart contracts to enforce tamper-proof access control and provide transparent log recording for all user activities. Comprehensive security analysis and simulation experiments demonstrate that the proposed scheme successfully withstands both classical and quantum cryptographic attacks, thereby guaranteeing data confidentiality and integrity. In addition, the system maintains a relatively low computational overhead during daily operations. Finally, this research improves the fault tolerance and security of distributed medical storage systems while enhancing the practical deployability and long-term scalability of the proposed scheme.

  • Chen Lin, Liu Xize, Li Shaohu, Guo Chong
    Accepted: 2026-06-01

    With the in-depth development of digital transformation, data security risk assessment is confronted with challenges such as incomplete assessment indicators, strong subjectivity in weight distribution, and non-intuitive risk ranking. This paper proposes a data security risk assessment model integrating analytic hierarchy process (AHP) and technique for order preference by similarity to ideal solution (TOPSIS). Based on the national standard GB/T45577-2025, an assessment system is established covering three primary indicators including data security management, data processing activity security and data security technology, as well as 24 secondary indicators. Secondly, the double-layer AHP method is used to calculate index weights, and subjective deviation is reduced via expert scoring and consistency test. Finally, TOPSIS is adopted to comprehensively rank hazard degrees of different data security risks and realize quantitative assessment of data security risks. Case analysis shows that this model can effectively identify hazard degrees of various data security risks, providing a scientific basis for decision-making of data security risk management.

  • Fan Yunhua, Jia Hongyong
    Accepted: 2026-06-01

    Attribute-based signatures facilitate the privacy hiding of signers and can provide cryptographic primitive support for anonymous authentication in networks such as electronic healthcare systems. However, most of the existing attribute-based signature schemes manage the user's attribute key by means of centralized authorization. If the attribute authorization authority is controlled by an adversary, the adversary can forge any user's attribute key and generate legitimate signatures instead of the user in order to gain illegal benefits. Therefore, the attribute key escrow problem has become a security bottleneck limiting the application and development of attribute-based signatures. In view of the above deficiencies, we first present the definition and security model of our certificateless attribute-based threshold signature; Then, we propose a key-escrow-free attribute-based threshold signature scheme, which removes the centralized honest attribute authorization authority and entrusts the management authority of the user's attribute key to the system authorization authority and the attribute authorization authority respectively by adopting the idea of certificateless; Finally, formal security analysis proves that the proposed scheme not only achieves unconditional anonymity, but also ensures that the signature is existentially unforgeable against two types of attackers in the certificateless cryptosystem under the random oracle model.

  • Li Haotian, Su Zhaopin, Yue Feng, Qiao Yatao, Wang Yaofei, Zhang Guofu
    Accepted: 2026-06-01

    With the widespread use of online audio-sharing platforms, audio steganography based covert communication is rapidly shifting from traditional lossless channels to lossy channels. The signal processing, secondary compression, and format conversion applied by these platforms severely affect the reliability of secret information during transmission. To address this challenge, this paper proposes a robust and lightweight audio steganography method to meet the demands of robustness and lightweight deployment in lossy channels such as audio-sharing platforms. Specifically, this paper constructs an “audio-in-audio” steganography framework based on a generative adversarial network (GAN), which consists of an encoder, a decoder, a discriminator, and a simulation attacker. Then, inspired by the lightweight design philosophy of GhostNet, this paper develops new encoder and decoder structures, where low-cost linear transformations are employed to replace traditional convolution operations, significantly reducing model parameters and computational complexity. Furthermore, this paper incorporates residual structures to enhance training stability. Finally, this paper designs a simulation attacker, which leverages an attention mechanism and a volume gain module to mimic the information loss encountered in real-world audio-sharing scenarios, thereby improving robustness. Experimental results demonstrate that the proposed method achieves superior performance in audio imperceptibility, secret information extraction accuracy, and model parameter scale control. By significantly reducing model complexity while maintaining a balance between the concealment and anti-attack capability of audio steganography, the method shows strong potential for practical applications in audio-sharing platforms.

  • Dai Junhao, Wu Yi, Lu Xiaozhen, Ren Dexiang
    Accepted: 2026-05-25

    Generative text steganography primarily utilizes language models to generate steganographic text, however, previous methods typically trained on a single corpus, generated steganographic texts of random lengths, failing to adapt to varying message types and channel conditions. To address this, we proposed a large language model-assisted intelligent text steganographic transmission method to reduce transmission overhead. We parameter-efficiently fine-tuned a large language model on multiple corpora to obtain adapters for different corpus styles, and using the model's token probability distribution, recursively embedded secret information via adaptive dynamic grouping. We then designed a dual-agent reinforcement learning framework that adaptively optimizes the steganographic strategy—including corpus type and sentence length—and selects transmission power based on real-time channel state and security indicators such as attack success rate. This method considered both steganographic security and the transmission environment, constructed a reward function to evaluate each strategy, and guided strategy and power selection to balance concealment and robustness. The results showed that, compared to direct use of adaptive dynamic grouping, our method reduced delay by 38.5% and attack success rate to 0.83%, while maintaining similar embedding rates and information divergence. Consequently, the proposed method achieves a good balance between stealthiness and transmission robustness under varying channel conditions and message types.

  • Wang Wendong, Cao Xinying, Yuan Chao, Li Dawei, Lü Jiqiang
    Accepted: 2026-05-22

    Neural networks, as powerful nonlinear modeling tools, demonstrate unique advantages across multiple fields and have recently begun to show their potential in the field of cryptography, providing new technical insights for encrypted data analysis. The deep neural network model is utilized to learn the mapping relationship from the internal functions of the known encryption algorithm, and an encryption neural network model functionally equivalent to the original algorithm is constructed based on the chain of thought pattern. Through the meticulous design of efficient neural network structures and the construction of appropriate training datasets, the equivalent neural network simulation of basic operations (XOR, OR, AND, modular addition, cyclic shift, S-box transformation, row shift and column mixing) for block cipher algorithms is realized. On this basis, the learning of encryption and key expansion functions is conducted on four typical block cipher algorithms, namely AES-128, SM4, SIMON32/64 and SPECK64/96, and the accuracy and stability of the model in different application scenarios are verified. Experimental results show that the simulation success rate of the model on AES-128, SM4 and SIMON32/64 reaches 100%, and the success rate on SPECK64/96 reaches 97%. The equivalent neural network learning of block cipher algorithms based on chain of thought cannot only accurately learn the operation logic of the original encryption algorithm, but also effectively simulate its key expansion process, with high simulation accuracy and stability.

  • Yang Shuai, Xiao Liang, Chen Yan
    Accepted: 2026-05-13

    Automotive millimeter-wave radar has been widely applied in autonomous driving due to its low cost and strong robustness to adverse conditions such as illumination and smoke. However, with the increasing number of radars on roads and the growing scarcity of spectrum resources (77~81GHz), mutual interference among these radars has become a critical issue. The resulting ghost targets degrade radar sensitivity and significantly increase the false alarm rate, posing a serious threat to autonomous driving safety. To address this problem, this paper proposes a multi-domain joint ghost target removal method integrating angle of departure (AoD), angle of arrival (AoA), and Doppler information. A key finding is that interference signals have asymmetric transmission characteristics compared with target echoes: target echoes involve round-trip propagation, whereas interference involves one-way propagation. Initially, this paper performs joint angle estimation in the AoD-AoA domains. By exploiting the absence of AoD information in one-way interference signals, this paper achieves the separation of interference and target echoes in the angular domain. For ghost targets near the zero-degree angle, this paper introduces pseudo-random coding in the slow time domain to convert them into the Doppler domain, where they are effectively removed through an optimization model designed to maximize the signal-to-interference-plus-noise ratio (SINR). Experimental results demonstrate that the proposed method can effectively remove ghost targets caused by inter-radar interference, thereby enhancing the perceptual reliability of radars in complex electromagnetic environments.