Traditional multi-level security(MLS)systems have the defect of centralizing authorized facilities,which is difficult to meet the security requirements of modern distributed peer-to-peer network architecture.Blockchai...Traditional multi-level security(MLS)systems have the defect of centralizing authorized facilities,which is difficult to meet the security requirements of modern distributed peer-to-peer network architecture.Blockchain is widely used in the field of access control with its decentralization,traceability and non-defective modification.Combining the blockchain technology and the Bell-LaPadula model,we propose a new access control model,named BCBLPM,for MLS environment.The“multi-chain”blockchain architecture is used for dividing resources into isolated access domains,providing a fine-grained data protection mechanism.The access control policies are implemented by smart contracts deployed in each access domain,so that the side chains of different access domains storage access records from outside and maintain the integrity of the records.Finally,we implement the BC-BLPM prototype system using the Hyperledger Fabric.The experimental and analytical results show that the model can adapt well to the needs of multi-level security environment,and it has the feasibility of application in actual scenarios.展开更多
This paper is a continuation of our last paper [1] which describes the theory of Virt-BLP model. Based on Virt-BLP model,this paper implements a mandatory access control(MAC) framework applicable to multi-level securi...This paper is a continuation of our last paper [1] which describes the theory of Virt-BLP model. Based on Virt-BLP model,this paper implements a mandatory access control(MAC) framework applicable to multi-level security(MLS) in Xen. The Virt-BLP model is the theoretical basis of this MAC framework,and this MAC framework is the implementation of Virt-BLP model. Our last paper focuses on Virt-BLP model,while this paper concentrates on the design and implementation of MAC framework. For there is no MAC framework applicable to MLS in virtual machine system at present,our MAC framework fills the blank by applying Virt-BLP model to Xen,which is better than current researches to guarantee the security of communication between virtual machines(VMs) . The experimental results show that our MAC framework is effective to manage the communication between VMs.展开更多
At present,there are few security models which control the communication between virtual machines (VMs).Moreover,these models are not applicable to multi-level security (MLS).In order to implement mandatory access con...At present,there are few security models which control the communication between virtual machines (VMs).Moreover,these models are not applicable to multi-level security (MLS).In order to implement mandatory access control (MAC) and MLS in virtual machine system,this paper designs Virt-BLP model,which is based on BLP model.For the distinction between virtual machine system and non-virtualized system,we build elements and security axioms of Virt-BLP model by modifying those of BLP.Moreover,comparing with BLP,the number of state transition rules of Virt-BLP is reduced accordingly and some rules can only be enforced by trusted subject.As a result,Virt-BLP model supports MAC and partial discretionary access control (DAC),well satisfying the requirement of MLS in virtual machine system.As space is limited,the implementation of our MAC framework will be shown in a continuation.展开更多
Since the 1970s, according to the international pension system reform trend for old-age social security system, no single institutional arrangement can ensure the functions of endowment security system to achieve the ...Since the 1970s, according to the international pension system reform trend for old-age social security system, no single institutional arrangement can ensure the functions of endowment security system to achieve the optimal.Therefore,how to based on the present situation of development, and to accurately, thus promote the resources integration, comprehensive build multi-level old-age security system, has important policy and practice significance.展开更多
Cyberattacks against highly integrated Internet of Things (IoT) servers, apps, and telecoms infrastructure are rapidly increasing when issues produced by IoT networks go unnoticed for an extended period. IoT interface...Cyberattacks against highly integrated Internet of Things (IoT) servers, apps, and telecoms infrastructure are rapidly increasing when issues produced by IoT networks go unnoticed for an extended period. IoT interface attacks must be evaluated in real-time for effective safety and security measures. This study implements a smart intrusion detection system (IDS) designed for IoT threats, and interoperability with IoT connectivity standards is offered by the identity solution. An IDS is a common type of network security technology that has recently received increasing interest in the research community. The system has already piqued the curiosity of scientific and industrial communities to identify intrusions. Several IDSs based on machine learning (ML) and deep learning (DL) have been proposed. This study introduces IDS-SIoDL, a novel IDS for IoT-based smart cities that integrates long shortterm memory (LSTM) and feature engineering. This model is tested using tensor processing unit (TPU) on the enhanced BoT-IoT, Edge-IIoT, and NSL-KDD datasets. Compared with current IDSs, the obtained results provide good assessment features, such as accuracy, recall, and precision, with approximately 0.9990 recording time and calculating times of approximately 600 and 6 ms for training and classification, respectively.展开更多
An access control model is proposed based on the famous Bell-LaPadula (BLP) model.In the proposed model,hierarchical relationships among departments are built,a new concept named post is proposed,and assigning secur...An access control model is proposed based on the famous Bell-LaPadula (BLP) model.In the proposed model,hierarchical relationships among departments are built,a new concept named post is proposed,and assigning security tags to subjects and objects is greatly simplified.The interoperation among different departments is implemented through assigning multiple security tags to one post, and the more departments are closed on the organization tree,the more secret objects can be exchanged by the staff of the departments.The access control matrices of the department,post and staff are defined.By using the three access control matrices,a multi granularity and flexible discretionary access control policy is implemented.The outstanding merit of the BLP model is inherited,and the new model can guarantee that all the information flow is under control.Finally,our study shows that compared to the BLP model,the proposed model is more flexible.展开更多
Online review platforms are becoming increasingly popular,encouraging dishonest merchants and service providers to deceive customers by creating fake reviews for their goods or services.Using Sybil accounts,bot farms,...Online review platforms are becoming increasingly popular,encouraging dishonest merchants and service providers to deceive customers by creating fake reviews for their goods or services.Using Sybil accounts,bot farms,and real account purchases,immoral actors demonize rivals and advertise their goods.Most academic and industry efforts have been aimed at detecting fake/fraudulent product or service evaluations for years.The primary hurdle to identifying fraudulent reviews is the lack of a reliable means to distinguish fraudulent reviews from real ones.This paper adopts a semi-supervised machine learning method to detect fake reviews on any website,among other things.Online reviews are classified using a semi-supervised approach(PU-learning)since there is a shortage of labeled data,and they are dynamic.Then,classification is performed using the machine learning techniques Support Vector Machine(SVM)and Nave Bayes.The performance of the suggested system has been compared with standard works,and experimental findings are assessed using several assessment metrics.展开更多
Most of the existing security Mobicast routing protocols are not suitable for the monitoring applications with higher quality of service (QoS) requirement. A QoS dynamic clustering secure multicast scheme (QoS-DCSM...Most of the existing security Mobicast routing protocols are not suitable for the monitoring applications with higher quality of service (QoS) requirement. A QoS dynamic clustering secure multicast scheme (QoS-DCSMS) based on Mobicast and multi-level IxTESLA protocol for large-scale tracking sensornets is presented in this paper. The multicast clusters are dynamically formed according to the real-time status of nodes, and the cluster-head node is responsible for status review and certificating management of cluster nodes to ensure the most optimized QoS and security of multicast in this scheme. Another contribution of this paper is the optimal QoS security authentication algorithm, which analyzes the relationship between the QoS and the level Mofmulti-level oTESLA. Based on the analysis and simulation results, it shows that the influence to the network survival cycle ('NSC) and real-time communication caused by energy consumption and latency in authentication is acceptable when the optimal QoS security authentication algorithm is satisfied.展开更多
Separation issue is one of the most important problems about cloud computing security. Tenants should be separated from each other based on cloud infrastructure and different users from one tenant should be separated ...Separation issue is one of the most important problems about cloud computing security. Tenants should be separated from each other based on cloud infrastructure and different users from one tenant should be separated from each other with the constraint of security policies. Learning from the notion of trusted cloud computing and trustworthiness in cloud, in this paper, a multi-level authorization separation model is formally described, and a series of rules are proposed to summarize the separation property of this model. The correctness of the rules is proved. Furthermore, based on this model, a tenant separation mechanism is deployed in a real world mixed-critical information system. Performance benchmarks have shown the availability and efficiency of this mechanism.展开更多
Deep learning(DL)is a subdivision of machine learning(ML)that employs numerous algorithms,each of which provides various explanations of the data it consumes;mobile ad-hoc networks(MANET)are growing in promi-nence.For...Deep learning(DL)is a subdivision of machine learning(ML)that employs numerous algorithms,each of which provides various explanations of the data it consumes;mobile ad-hoc networks(MANET)are growing in promi-nence.For reasons including node mobility,due to MANET’s potential to provide small-cost solutions for real-world contact challenges,decentralized management,and restricted bandwidth,MANETs are more vulnerable to security threats.When protecting MANETs from attack,encryption and authentication schemes have their limits.However,deep learning(DL)approaches in intrusion detection sys-tems(IDS)can adapt to the changing environment of MANETs and allow a sys-tem to make intrusion decisions while learning about its mobility in the environment.IDSs are a secondary defiance system for mobile ad-hoc networks vs.attacks since they monitor network traffic and report anything unusual.Recently,many scientists have employed deep neural networks(DNNs)to address intrusion detection concerns.This paper used MANET to recognize com-plex patterns by focusing on security standards through efficiency determination and identifying malicious nodes,and mitigating network attacks using the three algorithms presented Cascading Back Propagation Neural Network(CBPNN),Feedforward-Neural-Network(FNN),and Cascading-Back-Propagation-Neural-Network(CBPNN)(FFNN).In addition to Convolutional-Neural-Network(CNN),these primary forms of deep neural network(DNN)building designs are widely used to improve the performance of intrusion detection systems(IDS)and the use of IDS in conjunction with machine learning(ML).Further-more,machine learning(ML)techniques than their statistical and logical methods provide MANET network learning capabilities and encourage adaptation to differ-ent environments.Compared with another current model,The proposed model has better average receiving packet(ARP)and end-to-end(E2E)performance.The results have been obtained from CBP,FFNN and CNN 74%,82%and 85%,respectively,by the time(27,18,and 17 s).展开更多
Recently,automotive intrusion detection systems(IDSs)have emerged as promising defense approaches to counter attacks on in-vehicle networks(IVNs).However,the effectiveness of IDSs relies heavily on the quality of the ...Recently,automotive intrusion detection systems(IDSs)have emerged as promising defense approaches to counter attacks on in-vehicle networks(IVNs).However,the effectiveness of IDSs relies heavily on the quality of the datasets used for training and evaluation.Despite the availability of several datasets for automotive IDSs,there has been a lack of comprehensive analysis focusing on assessing these datasets.This paper aims to address the need for dataset assessment in the context of automotive IDSs.It proposes qualitative and quantitative metrics that are independent of specific automotive IDSs,to evaluate the quality of datasets.These metrics take into consideration various aspects such as dataset description,collection environment,and attack complexity.This paper evaluates eight commonly used datasets for automotive IDSs using the proposed metrics.The evaluation reveals biases in the datasets,particularly in terms of limited contexts and lack of diversity.Additionally,it highlights that the attacks in the datasets were mostly injected without considering normal behaviors,which poses challenges for training and evaluating machine learning-based IDSs.This paper emphasizes the importance of addressing the identified limitations in existing datasets to improve the performance and adaptability of automotive IDSs.The proposed metrics can serve as valuable guidelines for researchers and practitioners in selecting and constructing high-quality datasets for automotive security applications.Finally,this paper presents the requirements for high-quality datasets,including the need for representativeness,diversity,and balance.展开更多
Three technical problems should be solved urgently in cyberspace security:the timeliness and accuracy of network attack detection,the credibility assessment and prediction of the security situation,and the effectivene...Three technical problems should be solved urgently in cyberspace security:the timeliness and accuracy of network attack detection,the credibility assessment and prediction of the security situation,and the effectiveness of security defense strategy optimization.Artificial intelligence(AI)algorithms have become the core means to increase the chance of security and improve the network attack and defense ability in the application of cyberspace security.Recently,the breakthrough and application of AI technology have provided a series of advanced approaches for further enhancing network defense ability.This work presents a comprehensive review of AI technology articles for cyberspace security applications,mainly from 2017 to 2022.The papers are selected from a variety of journals and conferences:52.68%are from Elsevier,Springer,and IEEE journals and 25%are from international conferences.With a specific focus on the latest approaches in machine learning(ML),deep learning(DL),and some popular optimization algorithms,the characteristics of the algorithmic models,performance results,datasets,potential benefits,and limitations are analyzed,and some of the existing challenges are highlighted.This work is intended to provide technical guidance for researchers who would like to obtain the potential of AI technical methods for cyberspace security and to provide tips for the later resolution of specific cyberspace security issues,and a mastery of the current development trends of technology and application and hot issues in the field of network security.It also indicates certain existing challenges and gives directions for addressing them effectively.展开更多
文摘Traditional multi-level security(MLS)systems have the defect of centralizing authorized facilities,which is difficult to meet the security requirements of modern distributed peer-to-peer network architecture.Blockchain is widely used in the field of access control with its decentralization,traceability and non-defective modification.Combining the blockchain technology and the Bell-LaPadula model,we propose a new access control model,named BCBLPM,for MLS environment.The“multi-chain”blockchain architecture is used for dividing resources into isolated access domains,providing a fine-grained data protection mechanism.The access control policies are implemented by smart contracts deployed in each access domain,so that the side chains of different access domains storage access records from outside and maintain the integrity of the records.Finally,we implement the BC-BLPM prototype system using the Hyperledger Fabric.The experimental and analytical results show that the model can adapt well to the needs of multi-level security environment,and it has the feasibility of application in actual scenarios.
基金supported by National Key Basic Research and Development Plan (973 Plan) of China (No. 2007CB310900)National Natural Science Foundation of China (No. 90612018, 90715030 and 60970008)
文摘This paper is a continuation of our last paper [1] which describes the theory of Virt-BLP model. Based on Virt-BLP model,this paper implements a mandatory access control(MAC) framework applicable to multi-level security(MLS) in Xen. The Virt-BLP model is the theoretical basis of this MAC framework,and this MAC framework is the implementation of Virt-BLP model. Our last paper focuses on Virt-BLP model,while this paper concentrates on the design and implementation of MAC framework. For there is no MAC framework applicable to MLS in virtual machine system at present,our MAC framework fills the blank by applying Virt-BLP model to Xen,which is better than current researches to guarantee the security of communication between virtual machines(VMs) . The experimental results show that our MAC framework is effective to manage the communication between VMs.
基金Acknowledgements This work was supported by National Key Basic Research and Development Plan (973 Plan) of China (No. 2007CB310900) and National Natural Science Foundation of China (No. 90612018, 90715030 and 60970008).
文摘At present,there are few security models which control the communication between virtual machines (VMs).Moreover,these models are not applicable to multi-level security (MLS).In order to implement mandatory access control (MAC) and MLS in virtual machine system,this paper designs Virt-BLP model,which is based on BLP model.For the distinction between virtual machine system and non-virtualized system,we build elements and security axioms of Virt-BLP model by modifying those of BLP.Moreover,comparing with BLP,the number of state transition rules of Virt-BLP is reduced accordingly and some rules can only be enforced by trusted subject.As a result,Virt-BLP model supports MAC and partial discretionary access control (DAC),well satisfying the requirement of MLS in virtual machine system.As space is limited,the implementation of our MAC framework will be shown in a continuation.
文摘Since the 1970s, according to the international pension system reform trend for old-age social security system, no single institutional arrangement can ensure the functions of endowment security system to achieve the optimal.Therefore,how to based on the present situation of development, and to accurately, thus promote the resources integration, comprehensive build multi-level old-age security system, has important policy and practice significance.
文摘Cyberattacks against highly integrated Internet of Things (IoT) servers, apps, and telecoms infrastructure are rapidly increasing when issues produced by IoT networks go unnoticed for an extended period. IoT interface attacks must be evaluated in real-time for effective safety and security measures. This study implements a smart intrusion detection system (IDS) designed for IoT threats, and interoperability with IoT connectivity standards is offered by the identity solution. An IDS is a common type of network security technology that has recently received increasing interest in the research community. The system has already piqued the curiosity of scientific and industrial communities to identify intrusions. Several IDSs based on machine learning (ML) and deep learning (DL) have been proposed. This study introduces IDS-SIoDL, a novel IDS for IoT-based smart cities that integrates long shortterm memory (LSTM) and feature engineering. This model is tested using tensor processing unit (TPU) on the enhanced BoT-IoT, Edge-IIoT, and NSL-KDD datasets. Compared with current IDSs, the obtained results provide good assessment features, such as accuracy, recall, and precision, with approximately 0.9990 recording time and calculating times of approximately 600 and 6 ms for training and classification, respectively.
基金The National Natural Science Foundation of China(No.60403027,60773191,70771043)the National High Technology Research and Development Program of China(863 Program)(No.2007AA01Z403)
文摘An access control model is proposed based on the famous Bell-LaPadula (BLP) model.In the proposed model,hierarchical relationships among departments are built,a new concept named post is proposed,and assigning security tags to subjects and objects is greatly simplified.The interoperation among different departments is implemented through assigning multiple security tags to one post, and the more departments are closed on the organization tree,the more secret objects can be exchanged by the staff of the departments.The access control matrices of the department,post and staff are defined.By using the three access control matrices,a multi granularity and flexible discretionary access control policy is implemented.The outstanding merit of the BLP model is inherited,and the new model can guarantee that all the information flow is under control.Finally,our study shows that compared to the BLP model,the proposed model is more flexible.
文摘Online review platforms are becoming increasingly popular,encouraging dishonest merchants and service providers to deceive customers by creating fake reviews for their goods or services.Using Sybil accounts,bot farms,and real account purchases,immoral actors demonize rivals and advertise their goods.Most academic and industry efforts have been aimed at detecting fake/fraudulent product or service evaluations for years.The primary hurdle to identifying fraudulent reviews is the lack of a reliable means to distinguish fraudulent reviews from real ones.This paper adopts a semi-supervised machine learning method to detect fake reviews on any website,among other things.Online reviews are classified using a semi-supervised approach(PU-learning)since there is a shortage of labeled data,and they are dynamic.Then,classification is performed using the machine learning techniques Support Vector Machine(SVM)and Nave Bayes.The performance of the suggested system has been compared with standard works,and experimental findings are assessed using several assessment metrics.
基金Supported by the National Natural Science Foundation of China (No. 60903157)
文摘Most of the existing security Mobicast routing protocols are not suitable for the monitoring applications with higher quality of service (QoS) requirement. A QoS dynamic clustering secure multicast scheme (QoS-DCSMS) based on Mobicast and multi-level IxTESLA protocol for large-scale tracking sensornets is presented in this paper. The multicast clusters are dynamically formed according to the real-time status of nodes, and the cluster-head node is responsible for status review and certificating management of cluster nodes to ensure the most optimized QoS and security of multicast in this scheme. Another contribution of this paper is the optimal QoS security authentication algorithm, which analyzes the relationship between the QoS and the level Mofmulti-level oTESLA. Based on the analysis and simulation results, it shows that the influence to the network survival cycle ('NSC) and real-time communication caused by energy consumption and latency in authentication is acceptable when the optimal QoS security authentication algorithm is satisfied.
基金supported by the Fundamental Research funds for the central Universities of China (No. K15JB00190)the Ph.D. Programs Foundation of Ministry of Education of China (No. 20120009120010)the Program for Innovative Research Team in University of Ministry of Education of China (IRT201206)
文摘Separation issue is one of the most important problems about cloud computing security. Tenants should be separated from each other based on cloud infrastructure and different users from one tenant should be separated from each other with the constraint of security policies. Learning from the notion of trusted cloud computing and trustworthiness in cloud, in this paper, a multi-level authorization separation model is formally described, and a series of rules are proposed to summarize the separation property of this model. The correctness of the rules is proved. Furthermore, based on this model, a tenant separation mechanism is deployed in a real world mixed-critical information system. Performance benchmarks have shown the availability and efficiency of this mechanism.
文摘Deep learning(DL)is a subdivision of machine learning(ML)that employs numerous algorithms,each of which provides various explanations of the data it consumes;mobile ad-hoc networks(MANET)are growing in promi-nence.For reasons including node mobility,due to MANET’s potential to provide small-cost solutions for real-world contact challenges,decentralized management,and restricted bandwidth,MANETs are more vulnerable to security threats.When protecting MANETs from attack,encryption and authentication schemes have their limits.However,deep learning(DL)approaches in intrusion detection sys-tems(IDS)can adapt to the changing environment of MANETs and allow a sys-tem to make intrusion decisions while learning about its mobility in the environment.IDSs are a secondary defiance system for mobile ad-hoc networks vs.attacks since they monitor network traffic and report anything unusual.Recently,many scientists have employed deep neural networks(DNNs)to address intrusion detection concerns.This paper used MANET to recognize com-plex patterns by focusing on security standards through efficiency determination and identifying malicious nodes,and mitigating network attacks using the three algorithms presented Cascading Back Propagation Neural Network(CBPNN),Feedforward-Neural-Network(FNN),and Cascading-Back-Propagation-Neural-Network(CBPNN)(FFNN).In addition to Convolutional-Neural-Network(CNN),these primary forms of deep neural network(DNN)building designs are widely used to improve the performance of intrusion detection systems(IDS)and the use of IDS in conjunction with machine learning(ML).Further-more,machine learning(ML)techniques than their statistical and logical methods provide MANET network learning capabilities and encourage adaptation to differ-ent environments.Compared with another current model,The proposed model has better average receiving packet(ARP)and end-to-end(E2E)performance.The results have been obtained from CBP,FFNN and CNN 74%,82%and 85%,respectively,by the time(27,18,and 17 s).
基金supported in part by the 2021 Autonomous Driving Development Innovation Project of the Ministry of Science and ICT,‘Development of Technology for Security and Ultra-High-Speed Integrity of the Next-Generation Internal Net-Work of Autonomous Vehicles’(No.2021-0-01348)and in part by the National Research Foundation of Korea(NRF)grant funded by the Korean Government Ministry of Science and ICT(MSIT)under Grant NRF-2021R1A2C2014428.
文摘Recently,automotive intrusion detection systems(IDSs)have emerged as promising defense approaches to counter attacks on in-vehicle networks(IVNs).However,the effectiveness of IDSs relies heavily on the quality of the datasets used for training and evaluation.Despite the availability of several datasets for automotive IDSs,there has been a lack of comprehensive analysis focusing on assessing these datasets.This paper aims to address the need for dataset assessment in the context of automotive IDSs.It proposes qualitative and quantitative metrics that are independent of specific automotive IDSs,to evaluate the quality of datasets.These metrics take into consideration various aspects such as dataset description,collection environment,and attack complexity.This paper evaluates eight commonly used datasets for automotive IDSs using the proposed metrics.The evaluation reveals biases in the datasets,particularly in terms of limited contexts and lack of diversity.Additionally,it highlights that the attacks in the datasets were mostly injected without considering normal behaviors,which poses challenges for training and evaluating machine learning-based IDSs.This paper emphasizes the importance of addressing the identified limitations in existing datasets to improve the performance and adaptability of automotive IDSs.The proposed metrics can serve as valuable guidelines for researchers and practitioners in selecting and constructing high-quality datasets for automotive security applications.Finally,this paper presents the requirements for high-quality datasets,including the need for representativeness,diversity,and balance.
文摘Three technical problems should be solved urgently in cyberspace security:the timeliness and accuracy of network attack detection,the credibility assessment and prediction of the security situation,and the effectiveness of security defense strategy optimization.Artificial intelligence(AI)algorithms have become the core means to increase the chance of security and improve the network attack and defense ability in the application of cyberspace security.Recently,the breakthrough and application of AI technology have provided a series of advanced approaches for further enhancing network defense ability.This work presents a comprehensive review of AI technology articles for cyberspace security applications,mainly from 2017 to 2022.The papers are selected from a variety of journals and conferences:52.68%are from Elsevier,Springer,and IEEE journals and 25%are from international conferences.With a specific focus on the latest approaches in machine learning(ML),deep learning(DL),and some popular optimization algorithms,the characteristics of the algorithmic models,performance results,datasets,potential benefits,and limitations are analyzed,and some of the existing challenges are highlighted.This work is intended to provide technical guidance for researchers who would like to obtain the potential of AI technical methods for cyberspace security and to provide tips for the later resolution of specific cyberspace security issues,and a mastery of the current development trends of technology and application and hot issues in the field of network security.It also indicates certain existing challenges and gives directions for addressing them effectively.
