Systematic Security Guideline Framework through Intelligently Automated Vulnerability Analysis

This research aims to propose a practical framework designed for the automatic analysis of a product’s comprehensive functionality and security vulnerabilities,generating applicable guidelines based on real-world software.The existing analysis of software security vulnerabilities often focuses on specific features or modules.This partial and arbitrary analysis of the security vulnerabilities makes it challenging to comprehend the overall security vulnerabilities of the software.The key novelty lies in overcoming the constraints of partial approaches.The proposed framework utilizes data from various sources to create a comprehensive functionality profile,facilitating the derivation of real-world security guidelines.Security guidelines are dynamically generated by associating functional security vulnerabilities with the latest Common Vulnerabilities and Exposure(CVE)and Common Vulnerability Scoring System(CVSS)scores,resulting in automated guidelines tailored to each product.These guidelines are not only practical but also applicable in real-world software,allowing for prioritized security responses.The proposed framework is applied to virtual private network(VPN)software,wherein a validated Level 2 data flow diagram is generated using the Spoofing,Tampering,Repudiation,Information Disclosure,Denial of Service,and Elevation of privilege(STRIDE)technique with references to various papers and examples from related software.The analysis resulted in the identification of a total of 121 vulnerabilities.The successful implementation and validation demonstrate the framework’s efficacy in generating customized guidelines for entire systems,subsystems,and selected modules.

Towards Fully Secure 5G Ultra-Low Latency Communications: A Cost-Security Functions Analysis

Future components to enhance the basic,native security of 5G networks are either complex mechanisms whose impact in the requiring 5G communications are not considered,or lightweight solutions adapted to ultrareliable low-latency communications(URLLC)but whose security properties remain under discussion.Although different 5G network slices may have different requirements,in general,both visions seem to fall short at provisioning secure URLLC in the future.In this work we address this challenge,by introducing cost-security functions as a method to evaluate the performance and adequacy of most developed and employed non-native enhanced security mechanisms in 5G networks.We categorize those new security components into different groups according to their purpose and deployment scope.We propose to analyze them in the context of existing 5G architectures using two different approaches.First,using model checking techniques,we will evaluate the probability of an attacker to be successful against each security solution.Second,using analytical models,we will analyze the impact of these security mechanisms in terms of delay,throughput consumption,and reliability.Finally,we will combine both approaches using stochastic cost-security functions and the PRISM model checker to create a global picture.Our results are first evidence of how a 5G network that covers and strengthened all security areas through enhanced,dedicated non-native mechanisms could only guarantee secure URLLC with a probability of∼55%.

Optimal Unification of Static and Dynamic Features for Smartphone Security Analysis

Android Smartphones are proliferating extensively in the digital world due to their widespread applications in a myriad offields.The increased popularity of the android platform entices malware developers to design malicious apps to achieve their malevolent intents.Also,static analysis approaches fail to detect run-time behaviors of malicious apps.To address these issues,an optimal unification of static and dynamic features for smartphone security analysis is proposed.The proposed solution exploits both static and dynamic features for generating a highly distinct unified feature vector using graph based cross-diffusion strategy.Further,a unified feature is subjected to the fuzzy-based classification model to distinguish benign and malicious applications.The suggested framework is extensively experimentally validated through both qualitative and quantitative analysis and results are compared with the existing solutions.Performance evaluation over benchmarked datasets from Google Play Store,Drebin,Androzoo,AMD,and CICMalDroid2020 revealed that the suggested solution outperforms state-of-the-art methods.We achieve average detection accuracy of 98.62%and F1 Score of 0.9916.

Public Sentiment Analysis of Social Security Emergencies Based on Feature Fusion Model of BERT and TextLevelGCN

At present, the emotion classification method of Weibo public opinions based on graph neural network cannot solve the polysemy problem well, and the scale of global graph with fixed weight is too large. This paper proposes a feature fusion network model Bert-TextLevelGCN based on BERT pre-training and improved TextGCN. On the one hand, Bert is introduced to obtain the initial vector input of graph neural network containing rich semantic features. On the other hand, the global graph connection window of traditional TextGCN is reduced to the text level, and the message propagation mechanism of global sharing is applied. Finally, the output vector of BERT and TextLevelGCN is fused by interpolation update method, and a more robust mapping of positive and negative sentiment classification of public opinion text of “Tangshan Barbecue Restaurant beating people” is obtained. In the context of the national anti-gang campaign, it is of great significance to accurately and efficiently analyze the emotional characteristics of public opinion in sudden social violence events with bad social impact, which is of great significance to improve the government’s public opinion warning and response ability to public opinion in sudden social security events. .

Appraising the Manifestation of Optimism Bias and Its Impact on Human Perception of Cyber Security: A Meta Analysis

Cyber threats and risks are increasing exponentially with time. For preventing and defense against these threats and risks, precise risk perception for effective mitigation is the first step. Risk perception is necessary requirement to mitigate risk as it drives the security strategy at the organizational level and human attitude at individual level. Sometime, individuals understand there is a risk that a negative event or incident can occur, but they do not believe there will be a personal impact if the risk comes to realization but instead, they believe that the negative event will impact others. This belief supports the common belief that individuals tend to think of themselves as invulnerable, i.e., optimistically bias about the situation, thus affecting their attitude for taking preventive measures due to inappropriate risk perception or overconfidence. The main motivation of this meta-analysis is to assess that how the cyber optimistic bias or cyber optimism bias affects individual’s cyber security risk perception and how it changes their decisions. Applying a meta-analysis, this study found that optimistic bias has an overall negative impact on the cyber security due to the inappropriate risk perception and considering themselves invulnerable by biasing that the threat will not occur to them. Due to the cyber optimism bias, the individual will sometimes share passwords by considering it will not be maliciously used, lack in adopting of preventive measures, ignore security incidents, wrong perception of cyber threats and overconfidence on themselves in the context of cyber security.

Dynamic Evolutionary Game-based Modeling,Analysis and Performance Enhancement of Blockchain Channels

The recent development of channel technology has promised to reduce the transaction verification time in blockchain operations.When transactions are transmitted through the channels created by nodes,the nodes need to cooperate with each other.If one party refuses to do so,the channel is unstable.A stable channel is thus required.Because nodes may show uncooperative behavior,they may have a negative impact on the stability of such channels.In order to address this issue,this work proposes a dynamic evolutionary game model based on node behavior.This model considers various defense strategies'cost and attack success ratio under them.Nodes can dynamically adjust their strategies according to the behavior of attackers to achieve their effective defense.The equilibrium stability of the proposed model can be achieved.The proposed model can be applied to general channel networks.It is compared with two state-of-the-art blockchain channels:Lightning network and Spirit channels.The experimental results show that the proposed model can be used to improve a channel's stability and keep it in a good cooperative stable state.Thus its use enables a blockchain to enjoy higher transaction success ratio and lower transaction transmission delay than the use of its two peers.

Comprehensive security risk factor identification for small reservoirs with heterogeneous data based on grey relational analysis model

Identification of security risk factors for small reservoirs is the basis for implementation of early warning systems.The manner of identification of the factors for small reservoirs is of practical significance when data are incomplete.The existing grey relational models have some disadvantages in measuring the correlation between categorical data sequences.To this end,this paper introduces a new grey relational model to analyze heterogeneous data.In this study,a set of security risk factors for small reservoirs was first constructed based on theoretical analysis,and heterogeneous data of these factors were recorded as sequences.The sequences were regarded as random variables,and the information entropy and conditional entropy between sequences were measured to analyze the relational degree between risk factors.Then,a new grey relational analysis model for heterogeneous data was constructed,and a comprehensive security risk factor identification method was developed.A case study of small reservoirs in Guangxi Zhuang Autonomous Region in China shows that the model constructed in this study is applicable to security risk factor identification for small reservoirs with heterogeneous and sparse data.

Evaluation on Urban Land Ecological Security Based on the PSR Model and Matter-Element Analysis: A Case Study of Zhuhai, Guangdong, China

As one of the Special Economic Zones since the reform and opening up, Zhuhai has developed during the past 30 years. Its economic development, industrial structure and ecological environment have undergone great changes. Research on changes in Zhuhai’s land ecological security is of great significance. Using relevant data from 2007-2012, this study established a land ecological security assessment system based on the PSR conceptual framework model. The system contained 18 indicators from 3 aspects according to the concrete features of Zhuhai. Then we used the matterelement analysis and the improved entropy weight to analyze and evaluate the land ecological security of Zhuhai. The results showed that: from 2007 to 2012, the levels of the land ecological security of Zhuhai were “secure”, and the value increased year by year;as the land ecological security response value increased, Zhuhai was capable of solving land ecosystem problems. However, it should be noted that the structure of land ecosystem in Zhuhai has not formed and that rapid expansion of construction land has caused the shortage of cultivated land and other issues. Measures should be taken to control the construction area, improve land intensive utilization and improve the land ecological security.

HASN:A Hierarchical Attack Surface Network for System Security Analysis

Attack surfaces, as one of the security models, can help people to analyse the security of systems in cyberspace, such as risk assessment by utilizing various security metrics or providing a cost-effective network hardening solution. Numerous attack surface models have been proposed in the past decade,but they are not appropriate for describing complex systems with heterogeneous components. To address this limitation, we propose to use a two-layer Hierarchical Attack Surface Network(HASN) that models the data interactions and resource distribution of the system in a component-oriented view. First, we formally define the HASN by extending the entry point and exit point framework. Second, in order to assess data input risk and output risk on the HASN, we propose two behaviour models and two simulation-based risk metrics. Last, we conduct experiments for three network systems. Our experimental results show that the proposed approach is applicable and effective.

Efficacy and safety of Revlimid combined with Rituximab in the treatment of follicular lymphoma: A meta-analysis

Objective:To evaluate the clinical efficacy and safety of lenalidomide combined with rituximab for treating follicular lymphoma.Methods:We searched PubMed,Web of Science,Cochrane Library,Embase,China Medical Biological Service system(CBM),VIP database(VIP),Wan fang database(Wan Fang Data),China Knowledge Network(CNKI),and ClinicTrails.gov for literature related to lenalidomide combined with rituximab for treating follicular lymphoma(until June 23,2022).The literature that met the requirements were screened out according to the established criteria,and the data were analyzed by RevMan5.4 and Stata14.0 to conduct a meta-analysis.Results:Eight studies involving 865 patients with follicular lymphoma were included.The results of the meta-analysis showed that the objective remission rate(RR=1.43,95%CI:1.26–1.61)and complete remission rate(RR=1.67,95%CI:1.27–2.21)of lenalidomide combined with rituximab for treating follicular lymphoma were significantly higher than those of rituximab alone.However,adverse reactions(neutropenia,diarrhea,nausea and vomiting,rash)were more likely to occur in the lenalidomide combined with the rituximab group,albeit at a low level.Conclusion:Compared to rituximab alone,lenalidomide combined with rituximab could significantly improve the objective and complete remission rates of patients with follicular lymphoma.However,as combination therapy may be associated with adverse reactions,timely corresponding measures should be taken during treatment.Therefore,to confirm the efficacy and safety of lenalidomide combined with rituximab for treating follicular lymphoma,it is necessary to conduct multicenter,multi-sample,randomized double-blind controlled trials,and single-arm trials.

Benchmarking Approach to Compare Web Applications Static Analysis Tools Detecting OWASP Top Ten Security Vulnerabilities

To detect security vulnerabilities in a web application,the security analyst must choose the best performance Security Analysis Static Tool(SAST)in terms of discovering the greatest number of security vulnerabilities as possible.To compare static analysis tools for web applications,an adapted benchmark to the vulnerability categories included in the known standard Open Web Application Security Project(OWASP)Top Ten project is required.The information of the security effectiveness of a commercial static analysis tool is not usually a publicly accessible research and the state of the art on static security tool analyzers shows that the different design and implementation of those tools has different effectiveness rates in terms of security performance.Given the significant cost of commercial tools,this paper studies the performance of seven static tools using a new methodology proposal and a new benchmark designed for vulnerability categories included in the known standard OWASP Top Ten project.Thus,the practitioners will have more precise information to select the best tool using a benchmark adapted to the last versions of OWASP Top Ten project.The results of this work have been obtaining using widely acceptable metrics to classify them according to three different degree of web application criticality.

Sustainable livelihood security in Odisha, India: A district level analysis

Sustainable livelihood security(SLS) is an integrating framework that encompasses current concerns and policy requirements for ecological, social, and economic dimensions of sustainable development. It carries particular importance for developing economies. This study intends to verify the relative status of SLS of the 30 districts in Odisha, which is a backward state in eastern India. In this study, a total of 22 relevant indicators relating to the three components of SLS—ecological security, social equity, and economic efficiency have been taken, based on various kinds of government reports. The principal component analysis(PCA) was used to ascertain the indicators and the importance of each of them to the corresponding component of SLS. The ecological security index(ESI), social equity index(SEI), economic efficiency index(EEI), and composite sustainable livelihood security index(CSLSI) of each district of Odisha were calculated through the min-max normalization technique. The results revealed that there are wide variations in SLS among the districts of Odisha. In this study, the districts are categorized into four levels based on the scores of ESI, SEI, EEI, and CSLSI as very low(<0.400), low(0.400–0.549), medium(0.550–0.700), and high(>0.700). According to the classification result of CSLSI, 2 districts are found to be in the very low category, 20 districts are under the low sustainability category, 8 districts are in the medium category, and none of the districts are found to be in the high sustainability category. The district of Sambalpur ranks the highest with a CSLSI score of 0.624. The bottom five districts are Gajapati, Bolangir, Nabarangpur, Kandhamal, and Malkangiri, having the CSLSI scores of 0.438, 0.435, 0.406, 0.391, and 0.344, respectively. The result of this study suggests that region-specific, systematic, and proactive approaches are desirable for balanced development in Odisha. Further, policy intervention is required to implement more inclusive tribal welfare policies.

Design of Secure Microsystems Using Current-to-Data Dependency Analysis

This paper presents a method for designing a class of countermeasures for DPA attacks based on attenuation of current variations. In this class of countermeasures, designers aim at decreasing the dynamic current variations to reduce the information that can be extracted from the current consumption of secure microsystems. The proposed method is based on a novel formula that calculates the number of current traces required for a successful DPA attack using the characteristics of the microsystem current signal and the external noise of the measurement setup. The different stages of the proposed method are illustrated through designing an example current flattening circuit. Meanwhile validity and applicability of the proposed formula is verified by comparing theoretical results with those obtained experimentally for the example circuit. The proposed formula not only estimates the required level of attenuation for a target level of robustness defined by design requirements, it also predicts the effectiveness of a countermeasure using simulation results therefore dramatically reducing the time to design of secure microsystems.

Tradeoffanalysis of the pork supply and food security under the influence of African swine fever and the COVID-19 outbreak in China

China is the world’s largest consumer of pork and grains.However,African swine fever(ASF)and the COVID-19 outbreak have greatly impacted the pork supply and food security in China.How can food security and the pork supply be ensured under the dual impacts of COVID-19 and ASF?This is a major problem to be urgently solved by the Chinese government.This study indicated that the main pork production and sales areas in China were separated,which reflected the spatial imbalance between the supply and demand.The total area of suitable selected sites for pig farms in China is 21.5 million ha.If only the areas with levels of high and moderate suitability are considered as potential sites for pig farms,the potential pork production can reach 56.1 million tons in China,which is slightly lower than demand.Due to the impact of the ASF epidemic,the food consumed by pigs has been reduced by 34.7 million tons.However,with increasing pork productivity in the future,the self-sufficiency rate of grains may further decline.On the premise that the quality of people’s life is not affected,the diversification of meat supply channels should be realized in an orderly and sustainable way,which might alleviate the pressure on food supply.This study provides a theoretical reference for the spatiotemporal layout of the swine industry and addresses the issue of food security in China under the influence of ASF and the COVID-19 outbreak.

Application of Grey Associative Analysis to the Assessment of Regional Water Security

The assessment of water security is an important content in the security management of water resources due to the fact that the state of water security directly affects both the sustainable development of regional economy and the improvement on the living quality of mankind. Grey associative analysis is introduced and applied to assessment of water security on the basis of grey characteristics of the assessment index system of water security. As a case study shows, grey associative analysis is used for evaluating water security of some provinces in China, and the satisfactory assessment results are obtained. The sequence of provinces in China with regard to water security from good to poor is obtained and, moreover, the water security level of each region is also confirmed. The results obtained accord with the actual state of each region. They are of practical significance and can be used to guide the management of regional water security and a sustainable development of the economy therein. At the same time, the results demonstrate that grey associative analysis provides a new method for assessing water

Technical Analysis of Security Management in Terms of Crowd Energy and Smart Living

In this paper, a technical and statistical analysis of security system and security management is provided for crowd energy and smart living. At the same time, a clear understanding is made for crowd energy concept and next generation smart living. Various case examples have been studied and a brief summary has been provided.Furthermore, a statistical analysis has been provided in terms of security management in smart living where it is found that young technocrats give the highest importance to security management in smart living. Last but not the least, current limitation, constraints, and future scope of security implementation have been discussed in terms of crowd energy clustered with next generation smart living.

Security Analysis of Discrete Logarithm Based Cryptosystems

Discrete logarithm based cryptosystems have subtle problems that make the schemes vulnerable. This paper gives a comprehensive listing of security issues in the systems and analyzes three classes of attacks which are based on mathematical structure of the group which is used in the schemes, the disclosed information of the subgroup and implementation details respectively. The analysis will, in turn, allow us to motivate protocol design and implementation decisions.

Combinatorial Method with Static Analysis for Source Code Security in Web Applications

Security weaknesses in web applications deployed in cloud architectures can seriously affect its data confidentiality and integrity.The construction of the procedure utilized in the static analysis tools of source code security differs and therefore each tool finds a different number of each weakness type for which it is designed.To utilize the possible synergies different static analysis tools may process,this work uses a new method to combine several source codes aiming to investigate how to increase the performance of security weakness detection while reducing the number of false positives.Specifically,five static analysis tools will be combined with the designed method to study their behavior using an updated benchmark for OWASP Top Ten Security Weaknesses(OWASP TTSW).The method selects specific metrics to rank the tools for different criticality levels of web applications considering different weights in the ratios.The findings show that simply including more tools in a combination is not synonymous with better results;it depends on the specific tools included in the combination due to their different designs and techniques.

Nonhomogeneous Risk Rank Analysis Method for Security Network System

Security measures for a computer network system can be enhanced with better understanding the vulnerabilities and their behavior over the time. It is observed that the effects of vulnerabilities vary with the time over their life cycle. In the present study, we have presented a new methodology to assess the magnitude of the risk of a vulnerability as a “Risk Rank”. To derive this new methodology well known Markovian approach with a transition probability matrix is used including relevant risk factors for discovered and recorded vulnerabilities. However, in addition to observing the risk factor for each vulnerability individually we have introduced the concept of ranking vulnerabilities at a particular time taking a similar approach to Google Page Rank Algorithm. New methodology is exemplified using a simple model of computer network with three recorded vulnerabilities with their CVSS scores.