RESUMO
Medical image security is paramount in the digital era but remains a significant challenge. This paper introduces an innovative zero-watermarking methodology tailored for medical imaging, ensuring robust protection without compromising image quality. We utilize Sped-up Robust features for high-precision feature extraction and singular value decomposition (SVD) to embed watermarks into the frequency domain, preserving the original image's integrity. Our methodology uniquely encodes watermarks in a non-intrusive manner, leveraging the robustness of the extracted features and the resilience of the SVD approach. The embedded watermark is imperceptible, maintaining the diagnostic value of medical images. Extensive experiments under various attacks, including Gaussian noise, JPEG compression, and geometric distortions, demonstrate the methodology's superior performance. The results reveal exceptional robustness, with high Normalized Correlation (NC) and Peak Signal-to-noise ratio (PSNR) values, outperforming existing techniques. Specifically, under Gaussian noise and rotation attacks, the watermark retrieved from the encrypted domain maintained an NC value close to 1.00, signifying near-perfect resilience. Even under severe attacks such as 30% cropping, the methodology exhibited a significantly higher NC compared to current state-of-the-art methods.
Assuntos
Algoritmos , Segurança Computacional , Humanos , Diagnóstico por Imagem/métodos , Razão Sinal-Ruído , Processamento de Imagem Assistida por Computador/métodos , Compressão de Dados/métodosRESUMO
More and more attention has been paid to computer security, and its vulnerabilities urgently need more sensitive solutions. Due to the incomplete data of most vulnerability libraries, it is difficult to obtain pre-permission and post-permission of vulnerabilities, and construct vulnerability exploitation chains, so it cannot to respond to vulnerabilities in time. Therefore, a vulnerability extraction and prediction method based on improved information gain algorithm is proposed. Considering the accuracy and response speed of deep neural network, deep neural network is adopted as the basic framework. The Dropout method effectively reduces overfitting in the case of incomplete data, thus improving the ability to extract and predict vulnerabilities. These experiments confirmed that the excellent F1 and Recall of the improved method reached 0.972 and 0.968, respectively. Compared to the function fingerprints vulnerability detection method and K-nearest neighbor algorithm, the convergence is better. Its response time is 0.12 seconds, which is excellent. To ensure the reliability and validity of the proposed method in the face of missing data, the reliability and validity of Mask test are verified. The false negative rate was 0.3% and the false positive rate was 0.6%. The prediction accuracy of this method for existing permissions reached 97.9%, and it can adapt to the development of permissions more actively, so as to deal with practical challenges. In this way, companies can detect and discover vulnerabilities earlier. In security repair, this method can effectively improve the repair speed and reduce the response time. The prediction accuracy of post-existence permission reaches 96.8%, indicating that this method can significantly improve the speed and efficiency of vulnerability response, and strengthen the understanding and construction of vulnerability exploitation chain. The prediction of the posterior permission can reduce the attack surface of the vulnerability, thus reducing the risk of breach, speeding up the detection of the vulnerability, and ensuring the timely implementation of security measures. This model can be applied to public network security and application security scenarios in the field of computer security, as well as personal computer security and enterprise cloud server security. In addition, the model can also be used to analyze attack paths and security gaps after security accidents. However, the prediction of post-permissions is susceptible to dynamic environments and relies heavily on the updated guidance of security policy rules. This method can improve the accuracy of vulnerability extraction and prediction, quickly identify and respond to security vulnerabilities, shorten the window period of vulnerability exploitation, effectively reduce security risks, and improve the overall network security defense capability. Through the application of this model, the occurrence frequency of security vulnerability time is reduced effectively, and the repair time of vulnerability is shortened.
Assuntos
Algoritmos , Segurança Computacional , Redes Neurais de Computação , Reprodutibilidade dos Testes , HumanosRESUMO
In an era marked by pervasive digital connectivity, cybersecurity concerns have escalated. The rapid evolution of technology has led to a spectrum of cyber threats, including sophisticated zero-day attacks. This research addresses the challenge of existing intrusion detection systems in identifying zero-day attacks using the CIC-MalMem-2022 dataset and autoencoders for anomaly detection. The trained autoencoder is integrated with XGBoost and Random Forest, resulting in the models XGBoost-AE and Random Forest-AE. The study demonstrates that incorporating an anomaly detector into traditional models significantly enhances performance. The Random Forest-AE model achieved 100% accuracy, precision, recall, F1 score, and Matthews Correlation Coefficient (MCC), outperforming the methods proposed by Balasubramanian et al., Khan, Mezina et al., Smith et al., and Dener et al. When tested on unseen data, the Random Forest-AE model achieved an accuracy of 99.9892%, precision of 100%, recall of 99.9803%, F1 score of 99.9901%, and MCC of 99.8313%. This research highlights the effectiveness of the proposed model in maintaining high accuracy even with previously unseen data.
Assuntos
Segurança Computacional , Aprendizado de Máquina , Humanos , Algoritmos , Modelos TeóricosRESUMO
This study improves the Logistic chaotic system and combines it with the hyperchaotic Chen system to create a dual chaotic system. The algorithm encrypts images in three stages. In the first stage, a plaintext-related key generation scheme is designed to generate the parameters and initial values of the dual chaotic system. In the second stage, the chaotic sequences generated by the dual chaotic system are used for dynamic DNA encoding and computation. In the third stage, the chaotic sequences generated by the improved Logistic chaotic system are used to perform row-column permutations, completing the scrambling. The security analysis of the encrypted images shows that the algorithm described in this paper is robust and secure, capable of resisting most known attacks. The algorithm is fast in encryption, provides high-quality image reconstruction, and is suitable for scenarios with high comprehensive performance and image quality requirements.
Assuntos
Algoritmos , Cor , Segurança Computacional , DNA , Processamento de Imagem Assistida por Computador , DNA/genética , Processamento de Imagem Assistida por Computador/métodos , Dinâmica não LinearRESUMO
Steganography, the use of algorithms to embed secret information in a carrier image, is widely used in the field of information transmission, but steganalysis tools built using traditional steganographic algorithms can easily identify them. Steganography without embedding (SWE) can effectively resist detection by steganography analysis tools by mapping noise onto secret information and generating secret images from secret noise. However, most SWE still have problems with the small capacity of steganographic data and the difficulty of extracting the data. Based on the above problems, this paper proposes image steganography without embedding carrier secret information. The objective of this approach is to enhance the capacity of secret information and the accuracy of secret information extraction for the purpose of improving the performance of security network communication. The proposed technique exploits the carrier characteristics to generate the carrier secret tensor, which improves the accuracy of information extraction while ensuring the accuracy of secret information extraction. Furthermore, the Wasserstein distance is employed as a constraint for the discriminator, and weight clipping is introduced to enhance the secret information capacity and extraction accuracy. Experimental results show that the proposed method can improve the data extraction accuracy by 10.03% at the capacity of 2304 bits, which verifies the effectiveness and universality of the method. The research presented here introduces a new intelligent information steganography secure communication model for secure communication in networks, which can improve the information capacity and extraction accuracy of image steganography without embedding.
Assuntos
Algoritmos , Redes de Comunicação de Computadores , Segurança Computacional , Processamento de Imagem Assistida por Computador/métodosRESUMO
Various methods such as k-anonymity and differential privacy have been proposed to safeguard users' private information in the publication of location service data. However, these typically employ a rigid "all-or-nothing" privacy standard that fails to accommodate users' more nuanced and multi-level privacy-related needs. Data is irrecoverable once anonymized, leading to a permanent reduction in location data quality, in turn significantly diminishing data utility. In the paper, a novel, bidirectional and multi-layered location privacy protection method based on attribute encryption is proposed. This method offers layered, reversible, and fine-grained privacy safeguards. A hierarchical privacy protection scheme incorporates various layers of dummy information, using an access structure tree to encrypt identifiers for these dummies. Multi-level location privacy protection is achieved after adding varying amounts of dummy information at different hierarchical levels N. This allows for precise control over the de-anonymization process, where users may adjust the granularity of anonymized data based on their own trust levels for multi-level location privacy protection. This method includes an access policy which functions via an attribute encryption-based access control system, generating decryption keys for data identifiers according to user attributes, facilitating a reversible transformation between data anonymity and de-anonymity. The complexities associated with key generation, distribution, and management are thus markedly reduced. Experimental comparisons with existing methods demonstrate that the proposed method effectively balances service quality and location privacy, providing users with multi-level and reversible privacy protection services.
Assuntos
Segurança Computacional , Privacidade , Humanos , Confidencialidade , AlgoritmosRESUMO
In the development of web applications, the rapid advancement of Internet technologies has brought unprecedented opportunities and increased the demand for user authentication schemes. Before the emergence of blockchain technology, establishing trust between two unfamiliar entities relied on a trusted third party for identity verification. However, the failure or malicious behavior of such a trusted third party could undermine such authentication schemes (e.g., single points of failure, credential leaks). A secure authorization system is another requirement of user authentication schemes, as users must authorize other entities to act on their behalf in some situations. If the transfer of authentication permissions is not adequately restricted, security risks such as unauthorized transfer of permissions to entities may occur. Some research has proposed blockchain-based decentralized user authentication solutions to address these risks and enhance availability and auditability. However, as we know, most proposed schemes that allow users to transfer authentication permissions to other entities require significant gas consumption when deployed and triggered in smart contracts. To address this issue, we proposed an authentication scheme with transferability solely based on hash functions. By combining one-time passwords with Hashcash, the scheme can limit the number of times permissions can be transferred while ensuring security. Furthermore, due to its reliance solely on hash functions, our proposed authentication scheme has an absolute advantage regarding computational complexity and gas consumption in smart contracts. Additionally, we have deployed smart contracts on the Goerli test network and demonstrated the practicality and efficiency of this authentication scheme.
Assuntos
Blockchain , Segurança Computacional , Internet , Algoritmos , Humanos , ConfidencialidadeRESUMO
In response to the rapidly evolving threat landscape in network security, this paper proposes an Evolutionary Machine Learning Algorithm designed for robust intrusion detection. We specifically address challenges such as adaptability to new threats and scalability across diverse network environments. Our approach is validated using two distinct datasets: BoT-IoT, reflecting a range of IoT-specific attacks, and UNSW-NB15, offering a broader context of network intrusion scenarios using GA based hybrid DT-SVM. This selection facilitates a comprehensive evaluation of the algorithm's effectiveness across varying attack vectors. Performance metrics including accuracy, recall, and false positive rates are meticulously chosen to demonstrate the algorithm's capability to accurately identify and adapt to both known and novel threats, thereby substantiating the algorithm's potential as a scalable and adaptable security solution. This study aims to advance the development of intrusion detection systems that are not only reactive but also preemptively adaptive to emerging cyber threats." During the feature selection step, a GA is used to discover and preserve the most relevant characteristics from the dataset by using evolutionary principles. Through the use of this technology based on genetic algorithms, the subset of features is optimised, enabling the subsequent classification model to focus on the most relevant components of network data. In order to accomplish this, DT-SVM classification and GA-driven feature selection are integrated in an effort to strike a balance between efficiency and accuracy. The system has been purposefully designed to efficiently handle data streams in real-time, ensuring that intrusions are promptly and precisely detected. The empirical results corroborate the study's assertion that the IDS outperforms traditional methodologies.
Assuntos
Algoritmos , Segurança Computacional , Aprendizado de Máquina , HumanosRESUMO
In modern healthcare, providers increasingly use cloud services to store and share electronic medical records. However, traditional cloud hosting, which depends on intermediaries, poses risks to privacy and security, including inadequate control over access, data auditing, and tracking data origins. Additionally, current schemes face significant limitations such as scalability concerns, high computational overhead, practical implementation challenges, and issues with interoperability and data standardization. Unauthorized data access by cloud providers further exacerbates these concerns. Blockchain technology, known for its secure and decentralized nature, offers a solution by enabling secure data auditing in sharing systems. This research integrates blockchain into healthcare for efficient record management. We proposed a blockchain-based method for secure EHR management and integrated Ciphertext-Policy Attribute-Based Encryption (CP-ABE) for fine-grained access control. The proposed algorithm combines blockchain and smart contracts with a cloud-based healthcare Service Management System (SMS) to ensure secure and accessible EHRs. Smart contracts automate key management, encryption, and decryption processes, enhancing data security and integrity. The blockchain ledger authenticates data transactions, while the cloud provides scalability. The SMS manages access requests, enhancing resource allocation and response times. A dual authentication system confirms patient keys before granting data access, with failed attempts leading to access revocation and incident logging. Our analyses show that this algorithm significantly improves the security and efficiency of health data exchanges. By combining blockchain's decentralized structure with the cloud's scalability, this approach significantly improves EHR security protocols in modern healthcare setting.
Assuntos
Algoritmos , Blockchain , Computação em Nuvem , Segurança Computacional , Registros Eletrônicos de Saúde , Humanos , ConfidencialidadeRESUMO
In 2009, Lyubashevsky proposed a lattice-based signature scheme using the Schnorr-like identification and the Fiat-Shamir heuristic and proved its security under the collision resistance of a generalized compact knapsack function. However, their security analysis requires the witness indistinguishability property, leading to significant inefficiency and an increase of sizes of public key and signature. To overcome the efficiency issue associated with the WI property, we introduce a new lattice-based assumption, called the target-modified one-wayness problem of the GCK function and show its reduction to well-known lattice-based problems. Additionally, we present a simple and efficient GCK-based signature scheme, GCKSign, whose security is based on the Module GCK-TMO problem in the random oracle model. GCKSign is a natural extension of Lyubashevsky's scheme in a module setting, but achieves considerable efficiency gains due to eliminating the witness indistinguishability property. As a result, GCKSign achieves approximately 3.4 times shorter signature size and 2.4 times shorter public key size at the same security level.
Assuntos
Segurança Computacional , Algoritmos , Modelos TeóricosRESUMO
This Viewpoint discusses responses to the Change Healthcare cyberattack, concerns about consolidations and acquisitions of health care companies and organizations, and the need to clarify cybersecurity priorities.
Assuntos
Atenção à Saúde , Humanos , Segurança Computacional , Estados UnidosRESUMO
IT has made significant progress in various fields over the past few years, with many industries transitioning from paper-based to electronic media. However, sharing electronic medical records remains a long-term challenge, particularly when patients are in emergency situations, making it difficult to access and control their medical information. Previous studies have proposed permissioned blockchains with limited participants or mechanisms that allow emergency medical information sharing to pre-designated participants. However, permissioned blockchains require prior participation by medical institutions, and limiting sharing entities restricts the number of potential partners. This means that sharing medical information with local emergency doctors becomes impossible if a patient is unconscious and far away from home, such as when traveling abroad. To tackle this challenge, we propose an emergency access control system for a global electronic medical information system that can be shared using a public blockchain, allowing anyone to participate. Our proposed system assumes that the patient wears a pendant with tamper-proof and biometric authentication capabilities. In the event of unconsciousness, emergency doctors can perform biometrics on behalf of the patient, allowing the family doctor to share health records with the emergency doctor through a secure channel that uses the Diffie-Hellman (DH) key exchange protocol. The pendant's biometric authentication function prevents unauthorized use if it is stolen, and we have tested the blockchain's fee for using the public blockchain, demonstrating that the proposed system is practical.
Assuntos
Blockchain , Segurança Computacional , Registros Eletrônicos de Saúde , Humanos , Registros Eletrônicos de Saúde/organização & administração , Confidencialidade , Troca de Informação em SaúdeRESUMO
The unauthorized replication and distribution of digital images pose significant challenges to copyright protection. While existing solutions incorporate blockchain-based techniques such as perceptual hashing and digital watermarking, they lack large-scale experimental validation and a dedicated blockchain consensus protocol for image copyright management. This paper introduces DRPChain, a novel digital image copyright management system that addresses these issues. DRPChain employs an efficient cropping-resistant robust image hashing algorithm to defend against 14 common image attacks, demonstrating an 85% success rate in watermark extraction, 10% higher than the original scheme. Moreover, the paper designs the K-Raft consensus algorithm tailored for image copyright protection. Comparative experiments with Raft and benchmarking against PoW and PBFT algorithms show that K-Raft reduces block error rates by 2%, improves efficiency by 300ms compared to Raft, and exhibits superior efficiency,decentralization, and throughput compared to PoW and PBFT. These advantages make K-Raft more suitable for digital image copyright protection. This research contributes valuable insights into using blockchain technology for digital copyright protection, providing a solid foundation for future exploration.
Assuntos
Algoritmos , Blockchain , Segurança Computacional , Direitos Autorais , Processamento de Imagem Assistida por Computador/métodosRESUMO
BackgroundThe wide application of machine learning (ML) holds great potential to improve public health by supporting data analysis informing policy and practice. Its application, however, is often hampered by data fragmentation across organisations and strict regulation by the General Data Protection Regulation (GDPR). Federated learning (FL), as a decentralised approach to ML, has received considerable interest as a means to overcome the fragmentation of data, but it is yet unclear to which extent this approach complies with the GDPR.AimOur aim was to understand the potential data protection implications of the use of federated learning for public health purposes.MethodsBuilding upon semi-structured interviews (n = 14) and a panel discussion (n = 5) with key opinion leaders in Europe, including both FL and GDPR experts, we explored how GDPR principles would apply to the implementation of FL within public health.ResultsWhereas this study found that FL offers substantial benefits such as data minimisation, storage limitation and effective mitigation of many of the privacy risks of sharing personal data, it also identified various challenges. These challenges mostly relate to the increased difficulty of checking data at the source and the limited understanding of potential adverse outcomes of the technology.ConclusionSince FL is still in its early phase and under rapid development, it is expected that knowledge on its impracticalities will increase rapidly, potentially addressing remaining challenges. In the meantime, this study reflects on the potential of FL to align with data protection objectives and offers guidance on GDPR compliance.
Assuntos
Saúde Pública , Humanos , Europa (Continente) , Pesquisa Qualitativa , Aprendizado de Máquina , Segurança Computacional , Disseminação de InformaçãoRESUMO
Digital assistants have become an indispensable tool in modern cardiology. The associated technological progress offers a significant potential to increase the efficiency of medical processes, enable more precise diagnoses in a shorter time, and thus improve patient care. However, the integration of digital assistants into clinical cardiology also raises new challenges and questions, particularly regarding the handling of legal issues. This review article aims to raise awareness of individual legal issues resulting from the use of digital technologies in cardiology. The focus is on how to deal with various legal challenges that cardiologists face, including issues related to treatment freedom, professional confidentiality and data protection. The integration of digital assistants in cardiology leads to a noticeable improvement in efficiency and quality of patient care, but at the same time, it involves a variety of legal challenges that need to be carefully addressed.
Assuntos
Cardiologia , Cardiologia/legislação & jurisprudência , Confidencialidade/legislação & jurisprudência , Alemanha , Telemedicina/legislação & jurisprudência , Humanos , Segurança Computacional/legislação & jurisprudênciaRESUMO
BACKGROUND: The European Health Data Space (EHDS) regulation has been proposed to harmonize health data processing. Given its parallels with the Act on Secondary Use of Health and Social Data (Secondary Use Act) implemented in Finland in 2020, this study examines the consequences of heightened privacy constraints on registry-based medical research. METHODS: We collected study permit counts approved by university hospitals in Finland in 2014-2023 and the data authority Findata in 2020â2023. The changes in the study permit counts were analysed before and after the implementation of the General Data Protection Regulation (GDPR) and the Secondary Use Act. By fitting a linear regression model, we estimated the deficit in study counts following the Secondary Use Act. RESULTS: Between 2020 and 2023, a median of 5.5% fewer data permits were approved annually by Finnish university hospitals. On the basis of linear regression modelling, we estimated a reduction of 46.9% in new data permits nationally in 2023 compared with the expected count. Similar changes were neither observed after the implementation of the GDPR nor in permit counts of other medical research types, confirming that the deficit was caused by the Secondary Use Act. CONCLUSIONS: This study highlights concerns related to data privacy laws for registry-based medical research and future patient care.
Assuntos
Pesquisa Biomédica , Confidencialidade , Sistema de Registros , Humanos , Finlândia , Segurança Computacional , Hospitais Universitários , Europa (Continente) , Privacidade , União EuropeiaRESUMO
Cybersecurity incidents in healthcare present significant legal implications for clinicians, necessitating careful consideration of technological advancements and regulatory frameworks. This literature examines the healthcare cybersecurity landscape, emphasizing clinicians' challenges, and legal responsibilities. It explores the impact of advanced technologies such as artificial intelligence and quantum computing, highlighting the potential benefits and risks, including biases and ethical dilemmas. The review addresses international regulatory differences, offering a comparative analysis of how various countries handle cybersecurity incidents. This analysis provides insights into best practices and identifies areas for improvement. Practical recommendations are provided, tailored to different healthcare settings, including large hospitals and small clinics, to enhance cybersecurity preparedness. Case studies illustrate real-world scenarios, offering practical guidance for clinicians in managing cybersecurity challenges. The review also identifies critical gaps in the literature, particularly concerning artificial intelligence ethics and international regulatory frameworks, suggesting specific areas for future research. These findings underscore the need for robust cybersecurity policies, comprehensive training for healthcare professionals, and a nuanced understanding of the legal landscape. This review informs policymakers, clinicians, and researchers about the evolving nature of cybersecurity challenges in healthcare, addressing key concerns raised by reviewers and contributing to a comprehensive understanding of the field.
Assuntos
Segurança Computacional , Segurança Computacional/legislação & jurisprudência , Segurança Computacional/normas , Humanos , Inteligência Artificial/legislação & jurisprudência , Inteligência Artificial/ética , Pessoal de Saúde/legislação & jurisprudência , Pessoal de Saúde/éticaRESUMO
The significance of cloud computing methods in everyday life is growing as a result of the exponential advancement and refinement of artificial technology. As cloud computing makes more progress, it will bring with it new opportunities and threats that affect the long-term health of society and the environment. Many questions remain unanswered regarding sustainability, such as, "How will widely available computing systems affect environmental equilibrium"? When hundreds of millions of microcomputers are invisible to each other, what will society look like? What does this mean for social sustainability? This paper empirically investigates the ethical challenges and practices of cloud computing about sustainable development. We conducted a systematic literature review followed by a questionnaire survey and identified 11 sustainable cloud computing challenges (SCCCs) and 66 practices for addressing the identified challenges. Interpretive structural modeling (ISM) and Artificial Neural Networks (ANN) were then used to identify and analyze the interrelationship between the SCCCs. Then, based on the results of the ISM, 11 process areas were determined to develop the proposed sustainable cloud computing challenges mitigation model (SCCCMM). The SCCCMM includes four main categories: Requirements specification, Quality of Service (QoS) and Service Legal Agreement (SLA), Complexity and Cyber security, and Trust. The model was subsequently tested with a real-world case study that was connected to the environment. In a sustainable cloud computing organization, the results demonstrate that the proposed SCCCMM aids in estimating the level of mitigation. The participants in the case study also appreciated the suggested SCCCMM for its practicality, user-friendliness, and overall usefulness. When it comes to the sustainability of their software products, we believe that organizations involved in cloud computing can benefit from the suggested SCCCMM. Additionally, researchers and industry practitioners can expect the proposed model to provide a strong foundation for developing new sustainable methods and tools for cloud computing.