Cyber Threat Intelligence(CTI)is a valuable resource for cybersecurity defense,but it also poses challenges due to its multi-source and heterogeneous nature.Security personnel may be unable to use CTI effectively to u...Cyber Threat Intelligence(CTI)is a valuable resource for cybersecurity defense,but it also poses challenges due to its multi-source and heterogeneous nature.Security personnel may be unable to use CTI effectively to understand the condition and trend of a cyberattack and respond promptly.To address these challenges,we propose a novel approach that consists of three steps.First,we construct the attack and defense analysis of the cybersecurity ontology(ADACO)model by integrating multiple cybersecurity databases.Second,we develop the threat evolution prediction algorithm(TEPA),which can automatically detect threats at device nodes,correlate and map multisource threat information,and dynamically infer the threat evolution process.TEPA leverages knowledge graphs to represent comprehensive threat scenarios and achieves better performance in simulated experiments by combining structural and textual features of entities.Third,we design the intelligent defense decision algorithm(IDDA),which can provide intelligent recommendations for security personnel regarding the most suitable defense techniques.IDDA outperforms the baseline methods in the comparative experiment.展开更多
In order to evaluate all attack paths in a threat tree,based on threat modeling theory,a weight distribution algorithm of the root node in a threat tree is designed,which computes threat coefficients of leaf nodes in ...In order to evaluate all attack paths in a threat tree,based on threat modeling theory,a weight distribution algorithm of the root node in a threat tree is designed,which computes threat coefficients of leaf nodes in two ways including threat occurring possibility and the degree of damage.Besides,an algorithm of searching attack path was also obtained in accordence with its definition.Finally,an attack path evaluation system was implemented which can output the threat coefficients of the leaf nodes in a target threat tree,the weight distribution information,and the attack paths.An example threat tree is given to verify the effectiveness of the algorithms.展开更多
The ionosphere, as the largest and least predictable error source, its behavior cannot be observed at all places simultaneously. The confidence bound, called the grid ionospheric vertical error(GIVE), can only be dete...The ionosphere, as the largest and least predictable error source, its behavior cannot be observed at all places simultaneously. The confidence bound, called the grid ionospheric vertical error(GIVE), can only be determined with the aid of a threat model which is used to restrict the expected ionospheric behavior. However, the spatial threat model at present widespread used, which is based on fit radius and relative centroid metric(RCM), is too conservative or the resulting GIVEs will be too large and will reduce the availability of satellite-based augmentation system(SBAS). In this paper, layered two-dimensional parameters, the vertical direction double RCMs, are introduced based on the spatial variability of the ionosphere. Comparing with the traditional threat model, the experimental results show that the user ionospheric vertical error(UIVE) average reduction rate reaches 16%. And the 95% protection level of conterminous United States(CONUS) is 28%, even under disturbed days, which reaches about 5% reduction rates.The results show that the system service performance has been improved better.展开更多
This paper examines how cybersecurity is developing and how it relates to more conventional information security. Although information security and cyber security are sometimes used synonymously, this study contends t...This paper examines how cybersecurity is developing and how it relates to more conventional information security. Although information security and cyber security are sometimes used synonymously, this study contends that they are not the same. The concept of cyber security is explored, which goes beyond protecting information resources to include a wider variety of assets, including people [1]. Protecting information assets is the main goal of traditional information security, with consideration to the human element and how people fit into the security process. On the other hand, cyber security adds a new level of complexity, as people might unintentionally contribute to or become targets of cyberattacks. This aspect presents moral questions since it is becoming more widely accepted that society has a duty to protect weaker members of society, including children [1]. The study emphasizes how important cyber security is on a larger scale, with many countries creating plans and laws to counteract cyberattacks. Nevertheless, a lot of these sources frequently neglect to define the differences or the relationship between information security and cyber security [1]. The paper focus on differentiating between cybersecurity and information security on a larger scale. The study also highlights other areas of cybersecurity which includes defending people, social norms, and vital infrastructure from threats that arise from online in addition to information and technology protection. It contends that ethical issues and the human factor are becoming more and more important in protecting assets in the digital age, and that cyber security is a paradigm shift in this regard [1].展开更多
Threat modeling is of increasing importance to IT security,and it is a complex and resource demanding task.The aim of automating threat modeling is to simplify model creation by using data that are already available.H...Threat modeling is of increasing importance to IT security,and it is a complex and resource demanding task.The aim of automating threat modeling is to simplify model creation by using data that are already available.However,the collected data often lack context;this can make the automated models less precise in terms of domain knowledge than those created by an expert human modeler.The lack of domain knowledge in modeling automation can be addressed with ontologies.In this paper,we introduce an ontology framework to improve automatic threat modeling.The framework is developed with conceptual modeling and validated using three different datasets:a small scale utility lab,water utility control network,and university IT environment.The framework produced successful results such as standardizing input sources,removing duplicate name entries,and grouping application software more logically.展开更多
Threat modeling is of increasing importance to IT security,and it is a complex and resource demanding task.The aim of automating threat modeling is to simplify model creation by using data that are already available.H...Threat modeling is of increasing importance to IT security,and it is a complex and resource demanding task.The aim of automating threat modeling is to simplify model creation by using data that are already available.However,the collected data often lack context;this can make the automated models less precise in terms of domain knowledge than those created by an expert human modeler.The lack of domain knowledge in modeling automation can be addressed with ontologies.In this paper,we introduce an ontology framework to improve automatic threat modeling.The framework is developed with conceptual modeling and validated using three different datasets:a small scale utility lab,water utility control network,and university IT environment.The framework produced successful results such as standardizing input sources,removing duplicate name entries,and grouping application software more logically.展开更多
Advanced Persistent Threat(APT)is now the most common network assault.However,the existing threat analysis models cannot simultaneously predict the macro-development trend and micro-propagation path of APT attacks.The...Advanced Persistent Threat(APT)is now the most common network assault.However,the existing threat analysis models cannot simultaneously predict the macro-development trend and micro-propagation path of APT attacks.They cannot provide rapid and accurate early warning and decision responses to the present system state because they are inadequate at deducing the risk evolution rules of network threats.To address the above problems,firstly,this paper constructs the multi-source threat element analysis ontology(MTEAO)by integrating multi-source network security knowledge bases.Subsequently,based on MTEAO,we propose a two-layer threat prediction model(TL-TPM)that combines the knowledge graph and the event graph.The macro-layer of TL-TPM is based on the knowledge graph to derive the propagation path of threats among devices and to correlate threat elements for threat warning and decision-making;The micro-layer ingeniously maps the attack graph onto the event graph and derives the evolution path of attack techniques based on the event graph to improve the explainability of the evolution of threat events.The experiment’s results demonstrate that TL-TPM can completely depict the threat development trend,and the early warning results are more precise and scientific,offering knowledge and guidance for active defense.展开更多
Radio Frequency IDentification(RFID)and related technologies such as Near Field Communication(NFC)are becoming essential in industrial contexts thanks to their ability to perform contactless data exchange,either devic...Radio Frequency IDentification(RFID)and related technologies such as Near Field Communication(NFC)are becoming essential in industrial contexts thanks to their ability to perform contactless data exchange,either device-to-device or tag-to-device.One of the three main operation modes of NFC,called read/write mode,makes use of the latter type of interaction.It is extensively used in business information systems that make use of NFC tags to provide the end-user with augmented information in one of several available NFC data exchange formats,such as plain text,simple URLs or enriched URLs.Using a wide variety of physical form factors,NFC-compatible tags(wireless transponders)are currently available in many locations with applications going from smart posters,contactless tokens,tap-and-go payments or transport ticketing to automated device configuration,patient identification at hospitals or inventory management within supply chains.Most of these applications handle sensitive processes or data.This paper proposes a complete security threat model for the read/write operation mode of NFC used in Next Generation Industrial IoT(Nx-IIoT)contexts.This model,based on a wellknown methodology,STRIDE,allows developers and users to identify NFC applications vulnerabilities or weaknesses,analyze potential threats,propose risk management strategies,and design mitigation mechanisms to mention only some significant examples.展开更多
The construction industry has long faced the challenge of introducing collaborative systems among multiple stakeholders.This challenge creates a high level of rigidity in terms of processing shared information related...The construction industry has long faced the challenge of introducing collaborative systems among multiple stakeholders.This challenge creates a high level of rigidity in terms of processing shared information related to different processes,robust holistic regulations,payment actualizations,and resource utilization across different nodes.The need for a digital platform to crossconnect all stakeholders is necessary.A blockchain-based platform is a prime candidate to improve the industry in general and the construction supply chain(CSC)in particular.In this paper,a literature review is presented to establish the main challenges that CSC faces in terms of its effects on productivity and efficiency.In addition,the effect of applying blockchain platforms on a case study is presented and analyzed from performance and security level.The analysis aims to emphasize that blockchain,as presented in this paper,is a viable solution to the challenges in the CSC regardless of the risks associated with the security and robustness of the flow of information and data protection.Moreover,a threat analysis of applying a blockchain model on the CSC industry is introduced.This model indicates potential attacks and possible countermeasures to prevent the attacks.Future work is needed to expand,quantify,and optimize the threat model and conduct simulations considering proposed countermeasures for the different blockchain attacks outlined in this study.展开更多
文摘Cyber Threat Intelligence(CTI)is a valuable resource for cybersecurity defense,but it also poses challenges due to its multi-source and heterogeneous nature.Security personnel may be unable to use CTI effectively to understand the condition and trend of a cyberattack and respond promptly.To address these challenges,we propose a novel approach that consists of three steps.First,we construct the attack and defense analysis of the cybersecurity ontology(ADACO)model by integrating multiple cybersecurity databases.Second,we develop the threat evolution prediction algorithm(TEPA),which can automatically detect threats at device nodes,correlate and map multisource threat information,and dynamically infer the threat evolution process.TEPA leverages knowledge graphs to represent comprehensive threat scenarios and achieves better performance in simulated experiments by combining structural and textual features of entities.Third,we design the intelligent defense decision algorithm(IDDA),which can provide intelligent recommendations for security personnel regarding the most suitable defense techniques.IDDA outperforms the baseline methods in the comparative experiment.
基金Supported by National Natural Science Foundation of China (No.90718023)National High-Tech Research and Development Program of China (No.2007AA01Z130)
文摘In order to evaluate all attack paths in a threat tree,based on threat modeling theory,a weight distribution algorithm of the root node in a threat tree is designed,which computes threat coefficients of leaf nodes in two ways including threat occurring possibility and the degree of damage.Besides,an algorithm of searching attack path was also obtained in accordence with its definition.Finally,an attack path evaluation system was implemented which can output the threat coefficients of the leaf nodes in a target threat tree,the weight distribution information,and the attack paths.An example threat tree is given to verify the effectiveness of the algorithms.
基金supported by the National Natural Science Foundation of China(41304024)
文摘The ionosphere, as the largest and least predictable error source, its behavior cannot be observed at all places simultaneously. The confidence bound, called the grid ionospheric vertical error(GIVE), can only be determined with the aid of a threat model which is used to restrict the expected ionospheric behavior. However, the spatial threat model at present widespread used, which is based on fit radius and relative centroid metric(RCM), is too conservative or the resulting GIVEs will be too large and will reduce the availability of satellite-based augmentation system(SBAS). In this paper, layered two-dimensional parameters, the vertical direction double RCMs, are introduced based on the spatial variability of the ionosphere. Comparing with the traditional threat model, the experimental results show that the user ionospheric vertical error(UIVE) average reduction rate reaches 16%. And the 95% protection level of conterminous United States(CONUS) is 28%, even under disturbed days, which reaches about 5% reduction rates.The results show that the system service performance has been improved better.
文摘This paper examines how cybersecurity is developing and how it relates to more conventional information security. Although information security and cyber security are sometimes used synonymously, this study contends that they are not the same. The concept of cyber security is explored, which goes beyond protecting information resources to include a wider variety of assets, including people [1]. Protecting information assets is the main goal of traditional information security, with consideration to the human element and how people fit into the security process. On the other hand, cyber security adds a new level of complexity, as people might unintentionally contribute to or become targets of cyberattacks. This aspect presents moral questions since it is becoming more widely accepted that society has a duty to protect weaker members of society, including children [1]. The study emphasizes how important cyber security is on a larger scale, with many countries creating plans and laws to counteract cyberattacks. Nevertheless, a lot of these sources frequently neglect to define the differences or the relationship between information security and cyber security [1]. The paper focus on differentiating between cybersecurity and information security on a larger scale. The study also highlights other areas of cybersecurity which includes defending people, social norms, and vital infrastructure from threats that arise from online in addition to information and technology protection. It contends that ethical issues and the human factor are becoming more and more important in protecting assets in the digital age, and that cyber security is a paradigm shift in this regard [1].
基金This work has received funding from the European Unions H2020 research and innovation programme under the Grant Agreement No.832907Swedish Governmental Agency for Innovation Systems(Vinnova),the Swedish Energy Agency,SweGRIDS,and STandUP for Energy.
文摘Threat modeling is of increasing importance to IT security,and it is a complex and resource demanding task.The aim of automating threat modeling is to simplify model creation by using data that are already available.However,the collected data often lack context;this can make the automated models less precise in terms of domain knowledge than those created by an expert human modeler.The lack of domain knowledge in modeling automation can be addressed with ontologies.In this paper,we introduce an ontology framework to improve automatic threat modeling.The framework is developed with conceptual modeling and validated using three different datasets:a small scale utility lab,water utility control network,and university IT environment.The framework produced successful results such as standardizing input sources,removing duplicate name entries,and grouping application software more logically.
基金received funding from the European Unions H2020 research and innovation programme under the Grant Agreement No.832907Swedish Governmental Agency for Innovation Systems(Vinnova)the Swedish Energy Agency,SweGRIDS,and STandUP for Energy.
文摘Threat modeling is of increasing importance to IT security,and it is a complex and resource demanding task.The aim of automating threat modeling is to simplify model creation by using data that are already available.However,the collected data often lack context;this can make the automated models less precise in terms of domain knowledge than those created by an expert human modeler.The lack of domain knowledge in modeling automation can be addressed with ontologies.In this paper,we introduce an ontology framework to improve automatic threat modeling.The framework is developed with conceptual modeling and validated using three different datasets:a small scale utility lab,water utility control network,and university IT environment.The framework produced successful results such as standardizing input sources,removing duplicate name entries,and grouping application software more logically.
文摘Advanced Persistent Threat(APT)is now the most common network assault.However,the existing threat analysis models cannot simultaneously predict the macro-development trend and micro-propagation path of APT attacks.They cannot provide rapid and accurate early warning and decision responses to the present system state because they are inadequate at deducing the risk evolution rules of network threats.To address the above problems,firstly,this paper constructs the multi-source threat element analysis ontology(MTEAO)by integrating multi-source network security knowledge bases.Subsequently,based on MTEAO,we propose a two-layer threat prediction model(TL-TPM)that combines the knowledge graph and the event graph.The macro-layer of TL-TPM is based on the knowledge graph to derive the propagation path of threats among devices and to correlate threat elements for threat warning and decision-making;The micro-layer ingeniously maps the attack graph onto the event graph and derives the evolution path of attack techniques based on the event graph to improve the explainability of the evolution of threat events.The experiment’s results demonstrate that TL-TPM can completely depict the threat development trend,and the early warning results are more precise and scientific,offering knowledge and guidance for active defense.
文摘Radio Frequency IDentification(RFID)and related technologies such as Near Field Communication(NFC)are becoming essential in industrial contexts thanks to their ability to perform contactless data exchange,either device-to-device or tag-to-device.One of the three main operation modes of NFC,called read/write mode,makes use of the latter type of interaction.It is extensively used in business information systems that make use of NFC tags to provide the end-user with augmented information in one of several available NFC data exchange formats,such as plain text,simple URLs or enriched URLs.Using a wide variety of physical form factors,NFC-compatible tags(wireless transponders)are currently available in many locations with applications going from smart posters,contactless tokens,tap-and-go payments or transport ticketing to automated device configuration,patient identification at hospitals or inventory management within supply chains.Most of these applications handle sensitive processes or data.This paper proposes a complete security threat model for the read/write operation mode of NFC used in Next Generation Industrial IoT(Nx-IIoT)contexts.This model,based on a wellknown methodology,STRIDE,allows developers and users to identify NFC applications vulnerabilities or weaknesses,analyze potential threats,propose risk management strategies,and design mitigation mechanisms to mention only some significant examples.
文摘The construction industry has long faced the challenge of introducing collaborative systems among multiple stakeholders.This challenge creates a high level of rigidity in terms of processing shared information related to different processes,robust holistic regulations,payment actualizations,and resource utilization across different nodes.The need for a digital platform to crossconnect all stakeholders is necessary.A blockchain-based platform is a prime candidate to improve the industry in general and the construction supply chain(CSC)in particular.In this paper,a literature review is presented to establish the main challenges that CSC faces in terms of its effects on productivity and efficiency.In addition,the effect of applying blockchain platforms on a case study is presented and analyzed from performance and security level.The analysis aims to emphasize that blockchain,as presented in this paper,is a viable solution to the challenges in the CSC regardless of the risks associated with the security and robustness of the flow of information and data protection.Moreover,a threat analysis of applying a blockchain model on the CSC industry is introduced.This model indicates potential attacks and possible countermeasures to prevent the attacks.Future work is needed to expand,quantify,and optimize the threat model and conduct simulations considering proposed countermeasures for the different blockchain attacks outlined in this study.