期刊文献+
共找到9篇文章
< 1 >
每页显示 20 50 100
Threat Modeling and Application Research Based on Multi-Source Attack and Defense Knowledge
1
作者 Shuqin Zhang Xinyu Su +2 位作者 Peiyu Shi Tianhui Du Yunfei Han 《Computers, Materials & Continua》 SCIE EI 2023年第10期349-377,共29页
Cyber Threat Intelligence(CTI)is a valuable resource for cybersecurity defense,but it also poses challenges due to its multi-source and heterogeneous nature.Security personnel may be unable to use CTI effectively to u... Cyber Threat Intelligence(CTI)is a valuable resource for cybersecurity defense,but it also poses challenges due to its multi-source and heterogeneous nature.Security personnel may be unable to use CTI effectively to understand the condition and trend of a cyberattack and respond promptly.To address these challenges,we propose a novel approach that consists of three steps.First,we construct the attack and defense analysis of the cybersecurity ontology(ADACO)model by integrating multiple cybersecurity databases.Second,we develop the threat evolution prediction algorithm(TEPA),which can automatically detect threats at device nodes,correlate and map multisource threat information,and dynamically infer the threat evolution process.TEPA leverages knowledge graphs to represent comprehensive threat scenarios and achieves better performance in simulated experiments by combining structural and textual features of entities.Third,we design the intelligent defense decision algorithm(IDDA),which can provide intelligent recommendations for security personnel regarding the most suitable defense techniques.IDDA outperforms the baseline methods in the comparative experiment. 展开更多
关键词 Multi-source data fusion threat modeling threat propagation path knowledge graph intelligent defense decision-making
下载PDF
Threat Modeling-Oriented Attack Path Evaluating Algorithm
2
作者 李晓红 刘然 +1 位作者 冯志勇 何可 《Transactions of Tianjin University》 EI CAS 2009年第3期162-167,共6页
In order to evaluate all attack paths in a threat tree,based on threat modeling theory,a weight distribution algorithm of the root node in a threat tree is designed,which computes threat coefficients of leaf nodes in ... In order to evaluate all attack paths in a threat tree,based on threat modeling theory,a weight distribution algorithm of the root node in a threat tree is designed,which computes threat coefficients of leaf nodes in two ways including threat occurring possibility and the degree of damage.Besides,an algorithm of searching attack path was also obtained in accordence with its definition.Finally,an attack path evaluation system was implemented which can output the threat coefficients of the leaf nodes in a target threat tree,the weight distribution information,and the attack paths.An example threat tree is given to verify the effectiveness of the algorithms. 展开更多
关键词 attack tree attack path threat modeling threat coefficient attack path evaluation
下载PDF
Impact of ionospheric irregularity on SBAS integrity:spatial threat modeling and improvement 被引量:2
3
作者 BAO Junjie LI Rui +1 位作者 LIU Pan HUANG Zhigang 《Journal of Systems Engineering and Electronics》 SCIE EI CSCD 2018年第5期908-917,共10页
The ionosphere, as the largest and least predictable error source, its behavior cannot be observed at all places simultaneously. The confidence bound, called the grid ionospheric vertical error(GIVE), can only be dete... The ionosphere, as the largest and least predictable error source, its behavior cannot be observed at all places simultaneously. The confidence bound, called the grid ionospheric vertical error(GIVE), can only be determined with the aid of a threat model which is used to restrict the expected ionospheric behavior. However, the spatial threat model at present widespread used, which is based on fit radius and relative centroid metric(RCM), is too conservative or the resulting GIVEs will be too large and will reduce the availability of satellite-based augmentation system(SBAS). In this paper, layered two-dimensional parameters, the vertical direction double RCMs, are introduced based on the spatial variability of the ionosphere. Comparing with the traditional threat model, the experimental results show that the user ionospheric vertical error(UIVE) average reduction rate reaches 16%. And the 95% protection level of conterminous United States(CONUS) is 28%, even under disturbed days, which reaches about 5% reduction rates.The results show that the system service performance has been improved better. 展开更多
关键词 ionospheric delay spatial threat model relative centroid metric(RCM) user ionospheric vertical error(UIVE)
下载PDF
Cyber Resilience through Real-Time Threat Analysis in Information Security
4
作者 Aparna Gadhi Ragha Madhavi Gondu +1 位作者 Hitendra Chaudhary Olatunde Abiona 《International Journal of Communications, Network and System Sciences》 2024年第4期51-67,共17页
This paper examines how cybersecurity is developing and how it relates to more conventional information security. Although information security and cyber security are sometimes used synonymously, this study contends t... This paper examines how cybersecurity is developing and how it relates to more conventional information security. Although information security and cyber security are sometimes used synonymously, this study contends that they are not the same. The concept of cyber security is explored, which goes beyond protecting information resources to include a wider variety of assets, including people [1]. Protecting information assets is the main goal of traditional information security, with consideration to the human element and how people fit into the security process. On the other hand, cyber security adds a new level of complexity, as people might unintentionally contribute to or become targets of cyberattacks. This aspect presents moral questions since it is becoming more widely accepted that society has a duty to protect weaker members of society, including children [1]. The study emphasizes how important cyber security is on a larger scale, with many countries creating plans and laws to counteract cyberattacks. Nevertheless, a lot of these sources frequently neglect to define the differences or the relationship between information security and cyber security [1]. The paper focus on differentiating between cybersecurity and information security on a larger scale. The study also highlights other areas of cybersecurity which includes defending people, social norms, and vital infrastructure from threats that arise from online in addition to information and technology protection. It contends that ethical issues and the human factor are becoming more and more important in protecting assets in the digital age, and that cyber security is a paradigm shift in this regard [1]. 展开更多
关键词 Cybersecurity Information Security Network Security Cyber Resilience Real-Time threat Analysis Cyber threats Cyberattacks threat Intelligence Machine Learning Artificial Intelligence threat Detection threat Mitigation Risk Assessment Vulnerability Management Incident Response Security Orchestration Automation threat Landscape Cyber-Physical Systems Critical Infrastructure Data Protection Privacy Compliance Regulations Policy Ethics CYBERCRIME threat Actors threat modeling Security Architecture
下载PDF
Automating threat modeling using an ontology framework
5
作者 Margus Vaja Fredrik Heiding +1 位作者 Ulrik Franke Robert Lagerstro 《Cybersecurity》 CSCD 2020年第1期281-300,共20页
Threat modeling is of increasing importance to IT security,and it is a complex and resource demanding task.The aim of automating threat modeling is to simplify model creation by using data that are already available.H... Threat modeling is of increasing importance to IT security,and it is a complex and resource demanding task.The aim of automating threat modeling is to simplify model creation by using data that are already available.However,the collected data often lack context;this can make the automated models less precise in terms of domain knowledge than those created by an expert human modeler.The lack of domain knowledge in modeling automation can be addressed with ontologies.In this paper,we introduce an ontology framework to improve automatic threat modeling.The framework is developed with conceptual modeling and validated using three different datasets:a small scale utility lab,water utility control network,and university IT environment.The framework produced successful results such as standardizing input sources,removing duplicate name entries,and grouping application software more logically. 展开更多
关键词 threat modeling Ontologies Automated modeling Conceptual models Ontology framework
原文传递
Automating threat modeling using an ontology framework
6
作者 Margus Valja Fredrik Heiding +1 位作者 Ulrik Franke Robert Lagerstrom 《Cybersecurity》 2018年第1期893-912,共20页
Threat modeling is of increasing importance to IT security,and it is a complex and resource demanding task.The aim of automating threat modeling is to simplify model creation by using data that are already available.H... Threat modeling is of increasing importance to IT security,and it is a complex and resource demanding task.The aim of automating threat modeling is to simplify model creation by using data that are already available.However,the collected data often lack context;this can make the automated models less precise in terms of domain knowledge than those created by an expert human modeler.The lack of domain knowledge in modeling automation can be addressed with ontologies.In this paper,we introduce an ontology framework to improve automatic threat modeling.The framework is developed with conceptual modeling and validated using three different datasets:a small scale utility lab,water utility control network,and university IT environment.The framework produced successful results such as standardizing input sources,removing duplicate name entries,and grouping application software more logically. 展开更多
关键词 threat modeling Ontologies Automated modeling Conceptual models Ontology framework
原文传递
Application Research on Two-Layer Threat Prediction Model Based on Event Graph
7
作者 Shuqin Zhang Xinyu Su +2 位作者 Yunfei Han Tianhui Du Peiyu Shi 《Computers, Materials & Continua》 SCIE EI 2023年第12期3993-4023,共31页
Advanced Persistent Threat(APT)is now the most common network assault.However,the existing threat analysis models cannot simultaneously predict the macro-development trend and micro-propagation path of APT attacks.The... Advanced Persistent Threat(APT)is now the most common network assault.However,the existing threat analysis models cannot simultaneously predict the macro-development trend and micro-propagation path of APT attacks.They cannot provide rapid and accurate early warning and decision responses to the present system state because they are inadequate at deducing the risk evolution rules of network threats.To address the above problems,firstly,this paper constructs the multi-source threat element analysis ontology(MTEAO)by integrating multi-source network security knowledge bases.Subsequently,based on MTEAO,we propose a two-layer threat prediction model(TL-TPM)that combines the knowledge graph and the event graph.The macro-layer of TL-TPM is based on the knowledge graph to derive the propagation path of threats among devices and to correlate threat elements for threat warning and decision-making;The micro-layer ingeniously maps the attack graph onto the event graph and derives the evolution path of attack techniques based on the event graph to improve the explainability of the evolution of threat events.The experiment’s results demonstrate that TL-TPM can completely depict the threat development trend,and the early warning results are more precise and scientific,offering knowledge and guidance for active defense. 展开更多
关键词 Knowledge graph multi-source data fusion network security threat modeling event graph absorbing Markov chain threat propagation path
下载PDF
Security Threats to Business Information Systems Using NFC Read/Write Mode
8
作者 Sergio Rios-Aguilar Marta Beltrán González-Crespo Rubén 《Computers, Materials & Continua》 SCIE EI 2021年第6期2955-2969,共15页
Radio Frequency IDentification(RFID)and related technologies such as Near Field Communication(NFC)are becoming essential in industrial contexts thanks to their ability to perform contactless data exchange,either devic... Radio Frequency IDentification(RFID)and related technologies such as Near Field Communication(NFC)are becoming essential in industrial contexts thanks to their ability to perform contactless data exchange,either device-to-device or tag-to-device.One of the three main operation modes of NFC,called read/write mode,makes use of the latter type of interaction.It is extensively used in business information systems that make use of NFC tags to provide the end-user with augmented information in one of several available NFC data exchange formats,such as plain text,simple URLs or enriched URLs.Using a wide variety of physical form factors,NFC-compatible tags(wireless transponders)are currently available in many locations with applications going from smart posters,contactless tokens,tap-and-go payments or transport ticketing to automated device configuration,patient identification at hospitals or inventory management within supply chains.Most of these applications handle sensitive processes or data.This paper proposes a complete security threat model for the read/write operation mode of NFC used in Next Generation Industrial IoT(Nx-IIoT)contexts.This model,based on a wellknown methodology,STRIDE,allows developers and users to identify NFC applications vulnerabilities or weaknesses,analyze potential threats,propose risk management strategies,and design mitigation mechanisms to mention only some significant examples. 展开更多
关键词 Near field communications read/write NFC SECURITY threat modelling STRIDE Nx-IIoT
下载PDF
Blockchain applied to the construction supply chain:A case study with threat model 被引量:2
9
作者 Gjorgji SHEMOV Borja GARCIA de SOTO Hoda ALKHZAIMI 《Frontiers of Engineering Management》 2020年第4期564-577,共14页
The construction industry has long faced the challenge of introducing collaborative systems among multiple stakeholders.This challenge creates a high level of rigidity in terms of processing shared information related... The construction industry has long faced the challenge of introducing collaborative systems among multiple stakeholders.This challenge creates a high level of rigidity in terms of processing shared information related to different processes,robust holistic regulations,payment actualizations,and resource utilization across different nodes.The need for a digital platform to crossconnect all stakeholders is necessary.A blockchain-based platform is a prime candidate to improve the industry in general and the construction supply chain(CSC)in particular.In this paper,a literature review is presented to establish the main challenges that CSC faces in terms of its effects on productivity and efficiency.In addition,the effect of applying blockchain platforms on a case study is presented and analyzed from performance and security level.The analysis aims to emphasize that blockchain,as presented in this paper,is a viable solution to the challenges in the CSC regardless of the risks associated with the security and robustness of the flow of information and data protection.Moreover,a threat analysis of applying a blockchain model on the CSC industry is introduced.This model indicates potential attacks and possible countermeasures to prevent the attacks.Future work is needed to expand,quantify,and optimize the threat model and conduct simulations considering proposed countermeasures for the different blockchain attacks outlined in this study. 展开更多
关键词 blockchain taxonomy construction supply chain threat model analysis security level analysis CYBERSECURITY VULNERABILITY smart contract cyber-attack
原文传递
上一页 1 下一页 到第
使用帮助 返回顶部