In the tobacco industry,insider employee attack is a thorny problem that is difficult to detect.To solve this issue,this paper proposes an insider threat detection method based on heterogeneous graph embedding.First,t...In the tobacco industry,insider employee attack is a thorny problem that is difficult to detect.To solve this issue,this paper proposes an insider threat detection method based on heterogeneous graph embedding.First,the interrelationships between logs are fully considered,and log entries are converted into heterogeneous graphs based on these relationships.Second,the heterogeneous graph embedding is adopted and each log entry is represented as a low-dimensional feature vector.Then,normal logs and malicious logs are classified into different clusters by clustering algorithm to identify malicious logs.Finally,the effectiveness and superiority of the method is verified through experiments on the CERT dataset.The experimental results show that this method has better performance compared to some baseline methods.展开更多
Unlike external attacks,insider threats arise from legitimate users who belong to the organization.These individuals may be a potential threat for hostile behavior depending on their motives.For insider detection,many...Unlike external attacks,insider threats arise from legitimate users who belong to the organization.These individuals may be a potential threat for hostile behavior depending on their motives.For insider detection,many intrusion detection systems learn and prevent known scenarios,but because malicious behavior has similar patterns to normal behavior,in reality,these systems can be evaded.Furthermore,because insider threats share a feature space similar to normal behavior,identifying them by detecting anomalies has limitations.This study proposes an improved anomaly detection methodology for insider threats that occur in cybersecurity in which a discrete wavelet transformation technique is applied to classify normal vs.malicious users.The discrete wavelet transformation technique easily discovers new patterns or decomposes synthesized data,making it possible to distinguish between shared characteristics.To verify the efficacy of the proposed methodology,experiments were conducted in which normal users and malicious users were classified based on insider threat scenarios provided in Carnegie Mellon University’s Computer Emergency Response Team(CERT)dataset.The experimental results indicate that the proposed methodology with discrete wavelet transformation reduced the false-positive rate by 82%to 98%compared to the case with no wavelet applied.Thus,the proposed methodology has high potential for application to similar feature spaces.展开更多
The security problems of wireless sensor networks (WSN) have attracted people’s wide attention. In this paper, after we have summarized the existing security problems and solutions in WSN, we find that the insider at...The security problems of wireless sensor networks (WSN) have attracted people’s wide attention. In this paper, after we have summarized the existing security problems and solutions in WSN, we find that the insider attack to WSN is hard to solve. Insider attack is different from outsider attack, because it can’t be solved by the traditional encryption and message authentication. Therefore, a reliable secure routing protocol should be proposed in order to defense the insider attack. In this paper, we focus on insider selective forwarding attack. The existing detection mechanisms, such as watchdog, multipath retreat, neighbor-based monitoring and so on, have both advantages and disadvantages. According to their characteristics, we proposed a secure routing protocol based on monitor node and trust mechanism. The reputation value is made up with packet forwarding rate and node’s residual energy. So this detection and routing mechanism is universal because it can take account of both the safety and lifetime of network. Finally, we use OPNET simulation to verify the performance of our algorithm.展开更多
In the information era,the core business and confidential information of enterprises/organizations is stored in information systems.However,certain malicious inside network users exist hidden inside the organization;t...In the information era,the core business and confidential information of enterprises/organizations is stored in information systems.However,certain malicious inside network users exist hidden inside the organization;these users intentionally or unintentionally misuse the privileges of the organization to obtain sensitive information from the company.The existing approaches on insider threat detection mostly focus on monitoring,detecting,and preventing any malicious behavior generated by users within an organization’s system while ignoring the imbalanced ground-truth insider threat data impact on security.To this end,to be able to detect insider threats more effectively,a data processing tool was developed to process the detected user activity to generate information-use events,and formulated a Data Adjustment(DA)strategy to adjust the weight of the minority and majority samples.Then,an efficient ensemble strategy was utilized,which applied the extreme gradient boosting(XGBoost)model combined with the DA strategy to detect anomalous behavior.The CERT dataset was used for an insider threat to evaluate our approach,which was a real-world dataset with artificially injected insider threat events.The results demonstrated that the proposed approach can effectively detect insider threats,with an accuracy rate of 99.51%and an average recall rate of 98.16%.Compared with other classifiers,the detection performance is improved by 8.76%.展开更多
Cloud computing is a high network infrastructure where users,owners,third users,authorized users,and customers can access and store their information quickly.The use of cloud computing has realized the rapid increase ...Cloud computing is a high network infrastructure where users,owners,third users,authorized users,and customers can access and store their information quickly.The use of cloud computing has realized the rapid increase of information in every field and the need for a centralized location for processing efficiently.This cloud is nowadays highly affected by internal threats of the user.Sensitive applications such as banking,hospital,and business are more likely affected by real user threats.An intruder is presented as a user and set as a member of the network.After becoming an insider in the network,they will try to attack or steal sensitive data during information sharing or conversation.The major issue in today's technological development is identifying the insider threat in the cloud network.When data are lost,compromising cloud users is difficult.Privacy and security are not ensured,and then,the usage of the cloud is not trusted.Several solutions are available for the external security of the cloud network.However,insider or internal threats need to be addressed.In this research work,we focus on a solution for identifying an insider attack using the artificial intelligence technique.An insider attack is possible by using nodes of weak users’systems.They will log in using a weak user id,connect to a network,and pretend to be a trusted node.Then,they can easily attack and hack information as an insider,and identifying them is very difficult.These types of attacks need intelligent solutions.A machine learning approach is widely used for security issues.To date,the existing lags can classify the attackers accurately.This information hijacking process is very absurd,which motivates young researchers to provide a solution for internal threats.In our proposed work,we track the attackers using a user interaction behavior pattern and deep learning technique.The usage of mouse movements and clicks and keystrokes of the real user is stored in a database.The deep belief neural network is designed using a restricted Boltzmann machine(RBM)so that the layer of RBM communicates with the previous and subsequent layers.The result is evaluated using a Cooja simulator based on the cloud environment.The accuracy and F-measure are highly improved compared with when using the existing long short-term memory and support vector machine.展开更多
The hedging problem for insiders is very important in the financial market.The locally risk minimizing hedging was adopted to solve this problem.Since the market was incomplete,the minimal martingale measure was chose...The hedging problem for insiders is very important in the financial market.The locally risk minimizing hedging was adopted to solve this problem.Since the market was incomplete,the minimal martingale measure was chosen as the equivalent martingale measure.By the F-S decomposition,the expression of the locally risk minimizing strategy was presented.Finally,the local risk minimization was applied to index tracking and its relationship with tracking error variance (TEV)-minimizing strategy was obtained.展开更多
When considering Intrusion Detection and the Insider Threat, most researchers tend to focus on the network architecture rather than the database which is the primary target of data theft. It is understood that the net...When considering Intrusion Detection and the Insider Threat, most researchers tend to focus on the network architecture rather than the database which is the primary target of data theft. It is understood that the network level is adequate for many intrusions where entry into the system is being sought however it is grossly inadequate when considering the database and the authorized insider. Recent writings suggest that there have been many attempts to address the insider threat phenomena in regards to database technologies by the utilization of detection methodologies, policy management systems and behavior analysis methods however, there appears to be a lacking in the development of adequate solutions that will achieve the level of detection that is required. While it is true that Authorization is the cornerstone to the security of the database implementation, authorization alone is not enough to prevent the authorized entity from initiating malicious activities in regards to the data stored within the database. Behavior of the authorized entity must also be considered along with current data access control policies. Each of the previously mentioned approaches to intrusion detection at the database level has been considered individually, however, there has been limited research in producing a multileveled approach to achieve a robust solution. The research presented outlines the development of a detection framework by introducing a process that is to be implemented in conjunction with information requests. By utilizing this approach, an effective and robust methodology has been achieved that can be used to determine the probability of an intrusion by the authorized entity, which ultimately address the insider threat phenomena at its most basic level.展开更多
Virtualization technology plays a key role in cloud computing.Thus,the security issues of virtualization tools(hypervisors,emulators,etc.) should be under precise consideration.However,threats of insider attacks are...Virtualization technology plays a key role in cloud computing.Thus,the security issues of virtualization tools(hypervisors,emulators,etc.) should be under precise consideration.However,threats of insider attacks are underestimated.The virtualization tools and hypervisors have been poorly protected from this type of attacks.Furthermore,hypervisor is one of the most critical elements in cloud computing infrastructure.Firstly,hypervisor vulnerabilities analysis is provided.Secondly,a formal model of insider attack on hypervisor is developed.Consequently,on the basis of the formal attack model,we propose a new methodology of hypervisor stability evaluation.In this paper,certain security countermeasures are considered that should be integrated in hypervisor software architecture.展开更多
From the perspective of the insiders and outsiders,this study explores the influence of differential leadership on employees’affective commitment and the moderating effect of leader’s self-enhancing humor and indivi...From the perspective of the insiders and outsiders,this study explores the influence of differential leadership on employees’affective commitment and the moderating effect of leader’s self-enhancing humor and individual traditionality.The results show that the differential leadership has a positive impact on the organizational affective commitment of employees,the leader’s self-enhancing humor and the employees’traditionality play a positive regulatory role respectively.Moreover,compared with the outsiders,the low traditionality has a stronger influence on the relationship between differential leadership and organizational affective commitment of the insiders.This paper enriches the research on the influence of leadership style on employee’s affective commitment,proposes and verifies the moderation of leader’s self-enhancing humor and employee’s traditionality,which complements the boundary conditions for the effectiveness of differential leadership style.展开更多
With the rapid development of information technology,information system security and insider threat detection have become important topics for organizational management.In the current network environment,user behavior...With the rapid development of information technology,information system security and insider threat detection have become important topics for organizational management.In the current network environment,user behavioral bio-data presents the characteristics of nonlinearity and temporal sequence.Most of the existing research on authentication based on user behavioral biometrics adopts the method of manual feature extraction.They do not adequately capture the nonlinear and time-sequential dependencies of behavioral bio-data,and also do not adequately reflect the personalized usage characteristics of users,leading to bottlenecks in the performance of the authentication algorithm.In order to solve the above problems,this paper proposes a Temporal Convolutional Network method based on an Efficient Channel Attention mechanism(ECA-TCN)to extract user mouse dynamics features and constructs an one-class Support Vector Machine(OCSVM)for each user for authentication.Experimental results show that compared with four existing deep learning algorithms,the method retains more adequate key information and improves the classification performance of the neural network.In the final authentication,the Area Under the Curve(AUC)can reach 96%.展开更多
Keystroke dynamics is the process to identify or authenticate individuals based on their typing rhythm behaviors. Several classifications have been proposed to verify a user's legitimacy, and the performances of thes...Keystroke dynamics is the process to identify or authenticate individuals based on their typing rhythm behaviors. Several classifications have been proposed to verify a user's legitimacy, and the performances of these classifications should be confirmed to identify the most promising research direction. However, classification research contains several experiments with different conditions such as datasets and methodologies. This study aims to benchmark the algorithms to the same dataset and features to equally measure all performances. Using a dataset that contains the typing rhythm of 51 subjects, we implement and evaluate 15 classifiers measured by Fl-measure, which is the harmonic mean of a false-negative identification rate and false-positive identification rate. We also develop a methodology to process the typing data. By considering a case in which the model will reject the outsider, we tested the algorithms on an open set. Additionally, we tested different parameters in random forest and k nearest neighbors classifications to achieve better results and explore the cause of their high performance. We also tested the dataset on one-class classification and explained the results of the experiment. The top-performing classifier achieves an Fl-measure rate of 92% while using the normalized typing data of 50 subjects to train and the remaining data to test. The results, along with the normalization methodology, constitute a benchmark for comparing the classifiers and measuring the performance of keystroke dynamics for insider detection.展开更多
The notion of searchable encrypted keywords introduced an elegant approach to retrieve encrypted data without the need of decryption. Since the introduction of this notion, there are two main searchable encrypted keyw...The notion of searchable encrypted keywords introduced an elegant approach to retrieve encrypted data without the need of decryption. Since the introduction of this notion, there are two main searchable encrypted keywords techniques, symmetric searchable encryption (SSE) and public key encryption with keyword search (PEKS). Due to the complicated key management problem in SSE, a number of concrete PEKS constructions have been proposed to overcome it. However, the security of these PEKS schemes was only weakly defined in presence of outsider attacks;therefore they suffer from keyword guessing attacks from the database server as an insider. How to resist insider attacks remains a challenging problem. We propose the first searchable encrypted keywords against insider attacks (SEK-IA) framework to address this problem. The security model of SEK-IA under public key environment is rebuilt. We give a concrete SEK-IA construction featured with a constant-size trapdoor and the proposed scheme is formally proved to be secure against insider attacks. The performance evaluations show that the communication cost between the receiver and the server in our SEK-IA scheme remains constant, independent of the sender identity set size, and the receiver needs the minimized computational cost to generate a trapdoor to search the data from multiple senders.展开更多
We study optimal insider control problems,i.e.,optimal control problems of stochastic systemswhere the controller at any time t,in addition to knowledge about the history of the system up to this time,also has additio...We study optimal insider control problems,i.e.,optimal control problems of stochastic systemswhere the controller at any time t,in addition to knowledge about the history of the system up to this time,also has additional information related to a future value of the system.Since this puts the associated controlled systems outside the context of semimartingales,we apply anticipative white noise analysis,including forward integration and Hida-Malliavin calculus to study the problem.Combining this with Donsker delta functionals,we transform the insider control problem into a classical(but parametrised)adapted control system,albeit with a non-classical performance functional.We establish a sufficient and a necessary maximum principle for such systems.Then we apply the results to obtain explicit solutions for some optimal insider portfolio problems in financial markets described by Itô-Lévy processes.Finally,in the Appendix,we give a brief survey of the concepts and results we need from the theory of white noise,forward integrals and Hida-Malliavin calculus.展开更多
This study systematically examines the ability of aggregate insider trading to predict future market returns in the Chinese A-share market. After controlling for the contrarian investment strategy, aggregate executive...This study systematically examines the ability of aggregate insider trading to predict future market returns in the Chinese A-share market. After controlling for the contrarian investment strategy, aggregate executive(large shareholder)trading conducted over the past six months can predict 66%(72.7%) of market returns twelve months in advance. Aggregate insider trading predicts future market returns very accurately and is stronger for insiders who have a greater information advantage(e.g., executives and controlling shareholders).Corporate governance also affects the predictability of insider trading. The predictability of executive trading is weakest in central state-owned companies,probably because the "quasi-official" status of the executives in those companies effectively curbs their incentives to benefit from insider trading.The predictive power of large shareholder trading in private-owned companies is higher than that in state-owned companies, probably due to their stronger profit motivation and higher involvement in business operations. This study complements the literature by examining an emerging market and investigating how the institutional context and corporate governance affect insider trading.展开更多
Immersion Guides,Beijing’s leading English-language publisher of guidebooks for Beijing and beyond,is proud to present the 2008 edition of the Insider’s Guide to Beijing (November 2007,ISBN: 978-7-5085-1172-6,90 yua...Immersion Guides,Beijing’s leading English-language publisher of guidebooks for Beijing and beyond,is proud to present the 2008 edition of the Insider’s Guide to Beijing (November 2007,ISBN: 978-7-5085-1172-6,90 yuan).This is not the run-of-the-mill guide- book written by travelers who spend a few harried days getting to know their destination.Combining the knowledge of 40 long-term residents, this is the guidebook that knows Beijing inside and out.Now in its fourth edition,this'Beijing Bible'(Beijing Today) is the most compre- hensive resource available for both travelers and residents. Fully updated annually to keep pace with the rate of change in Beijing,the Insider’s Guide provides readers with practical informa-展开更多
For a revised model of Caldentey and Stacchetti(Econometrica,2010)in continuous-time insider trading with a random deadline which allows market makers to observe some information on a risky asset,a closed form of its ...For a revised model of Caldentey and Stacchetti(Econometrica,2010)in continuous-time insider trading with a random deadline which allows market makers to observe some information on a risky asset,a closed form of its market equilibrium consisting of optimal insider trading intensity and market liquidity is obtained by maximum principle method.It shows that in the equilibrium,(i)as time goes by,the optimal insider trading intensity is exponentially increasing even up to infinity while both the market liquidity and the residual information are exponentially decreasing even down to zero;(ii)the more accurate information observed by market makers,the stronger optimal insider trading intensity is such that the total expect profit of the insider is decreasing even go to zero while both the market liquidity and the residual information are decreasing;(iii)the longer the mean of random time,the weaker the optimal insider trading intensity is while the more both the residual information and the expected profit are,but there is a threshold of trading time,half of the mean of the random time,such that if and only if after it the market liquidity is increasing with the mean of random time increasing.展开更多
This study examines the effects of China's 2008 trading ban regulation on the insider trading of large shareholders in China's A-share market.It finds no evidence of insider trading during the ban period(one m...This study examines the effects of China's 2008 trading ban regulation on the insider trading of large shareholders in China's A-share market.It finds no evidence of insider trading during the ban period(one month before the announcement of a financial report),due to high regulation risk.However,the ban only constrains the profitability of insider trades during the ban period,while trades outside it remain highly profitable.Informed insider trading before the ban period is 2.83 times more profitable than uninformed trading.The regulation has changed insider trading patterns,but has been ineffective in preventing insider trading by large shareholders due to rigid administrative supervision and a lack of civil litigation and flexible market monitoring.This study enhances understanding of large shareholders' trading behavior and has important implications for regulators.展开更多
基金Supported by the National Natural Science Foundation of China(No.62203390)the Science and Technology Project of China TobaccoZhejiang Industrial Co.,Ltd(No.ZJZY2022E004)。
文摘In the tobacco industry,insider employee attack is a thorny problem that is difficult to detect.To solve this issue,this paper proposes an insider threat detection method based on heterogeneous graph embedding.First,the interrelationships between logs are fully considered,and log entries are converted into heterogeneous graphs based on these relationships.Second,the heterogeneous graph embedding is adopted and each log entry is represented as a low-dimensional feature vector.Then,normal logs and malicious logs are classified into different clusters by clustering algorithm to identify malicious logs.Finally,the effectiveness and superiority of the method is verified through experiments on the CERT dataset.The experimental results show that this method has better performance compared to some baseline methods.
基金This work was supported by the Research Program through the National Research Foundation of Korea,NRF-2022R1F1A1073375。
文摘Unlike external attacks,insider threats arise from legitimate users who belong to the organization.These individuals may be a potential threat for hostile behavior depending on their motives.For insider detection,many intrusion detection systems learn and prevent known scenarios,but because malicious behavior has similar patterns to normal behavior,in reality,these systems can be evaded.Furthermore,because insider threats share a feature space similar to normal behavior,identifying them by detecting anomalies has limitations.This study proposes an improved anomaly detection methodology for insider threats that occur in cybersecurity in which a discrete wavelet transformation technique is applied to classify normal vs.malicious users.The discrete wavelet transformation technique easily discovers new patterns or decomposes synthesized data,making it possible to distinguish between shared characteristics.To verify the efficacy of the proposed methodology,experiments were conducted in which normal users and malicious users were classified based on insider threat scenarios provided in Carnegie Mellon University’s Computer Emergency Response Team(CERT)dataset.The experimental results indicate that the proposed methodology with discrete wavelet transformation reduced the false-positive rate by 82%to 98%compared to the case with no wavelet applied.Thus,the proposed methodology has high potential for application to similar feature spaces.
文摘The security problems of wireless sensor networks (WSN) have attracted people’s wide attention. In this paper, after we have summarized the existing security problems and solutions in WSN, we find that the insider attack to WSN is hard to solve. Insider attack is different from outsider attack, because it can’t be solved by the traditional encryption and message authentication. Therefore, a reliable secure routing protocol should be proposed in order to defense the insider attack. In this paper, we focus on insider selective forwarding attack. The existing detection mechanisms, such as watchdog, multipath retreat, neighbor-based monitoring and so on, have both advantages and disadvantages. According to their characteristics, we proposed a secure routing protocol based on monitor node and trust mechanism. The reputation value is made up with packet forwarding rate and node’s residual energy. So this detection and routing mechanism is universal because it can take account of both the safety and lifetime of network. Finally, we use OPNET simulation to verify the performance of our algorithm.
基金This work was financially supported by“the National Key R&D Program of China”(No.2018YFB0803602)exploration and practice on the education mode for engineering students based on technology,literature and art interdisciplinary integration with the Internet+background(No.022150118004/001)。
文摘In the information era,the core business and confidential information of enterprises/organizations is stored in information systems.However,certain malicious inside network users exist hidden inside the organization;these users intentionally or unintentionally misuse the privileges of the organization to obtain sensitive information from the company.The existing approaches on insider threat detection mostly focus on monitoring,detecting,and preventing any malicious behavior generated by users within an organization’s system while ignoring the imbalanced ground-truth insider threat data impact on security.To this end,to be able to detect insider threats more effectively,a data processing tool was developed to process the detected user activity to generate information-use events,and formulated a Data Adjustment(DA)strategy to adjust the weight of the minority and majority samples.Then,an efficient ensemble strategy was utilized,which applied the extreme gradient boosting(XGBoost)model combined with the DA strategy to detect anomalous behavior.The CERT dataset was used for an insider threat to evaluate our approach,which was a real-world dataset with artificially injected insider threat events.The results demonstrated that the proposed approach can effectively detect insider threats,with an accuracy rate of 99.51%and an average recall rate of 98.16%.Compared with other classifiers,the detection performance is improved by 8.76%.
文摘Cloud computing is a high network infrastructure where users,owners,third users,authorized users,and customers can access and store their information quickly.The use of cloud computing has realized the rapid increase of information in every field and the need for a centralized location for processing efficiently.This cloud is nowadays highly affected by internal threats of the user.Sensitive applications such as banking,hospital,and business are more likely affected by real user threats.An intruder is presented as a user and set as a member of the network.After becoming an insider in the network,they will try to attack or steal sensitive data during information sharing or conversation.The major issue in today's technological development is identifying the insider threat in the cloud network.When data are lost,compromising cloud users is difficult.Privacy and security are not ensured,and then,the usage of the cloud is not trusted.Several solutions are available for the external security of the cloud network.However,insider or internal threats need to be addressed.In this research work,we focus on a solution for identifying an insider attack using the artificial intelligence technique.An insider attack is possible by using nodes of weak users’systems.They will log in using a weak user id,connect to a network,and pretend to be a trusted node.Then,they can easily attack and hack information as an insider,and identifying them is very difficult.These types of attacks need intelligent solutions.A machine learning approach is widely used for security issues.To date,the existing lags can classify the attackers accurately.This information hijacking process is very absurd,which motivates young researchers to provide a solution for internal threats.In our proposed work,we track the attackers using a user interaction behavior pattern and deep learning technique.The usage of mouse movements and clicks and keystrokes of the real user is stored in a database.The deep belief neural network is designed using a restricted Boltzmann machine(RBM)so that the layer of RBM communicates with the previous and subsequent layers.The result is evaluated using a Cooja simulator based on the cloud environment.The accuracy and F-measure are highly improved compared with when using the existing long short-term memory and support vector machine.
基金National Natural Science Foundations of China (No. 11071076,No. 11126124)
文摘The hedging problem for insiders is very important in the financial market.The locally risk minimizing hedging was adopted to solve this problem.Since the market was incomplete,the minimal martingale measure was chosen as the equivalent martingale measure.By the F-S decomposition,the expression of the locally risk minimizing strategy was presented.Finally,the local risk minimization was applied to index tracking and its relationship with tracking error variance (TEV)-minimizing strategy was obtained.
文摘When considering Intrusion Detection and the Insider Threat, most researchers tend to focus on the network architecture rather than the database which is the primary target of data theft. It is understood that the network level is adequate for many intrusions where entry into the system is being sought however it is grossly inadequate when considering the database and the authorized insider. Recent writings suggest that there have been many attempts to address the insider threat phenomena in regards to database technologies by the utilization of detection methodologies, policy management systems and behavior analysis methods however, there appears to be a lacking in the development of adequate solutions that will achieve the level of detection that is required. While it is true that Authorization is the cornerstone to the security of the database implementation, authorization alone is not enough to prevent the authorized entity from initiating malicious activities in regards to the data stored within the database. Behavior of the authorized entity must also be considered along with current data access control policies. Each of the previously mentioned approaches to intrusion detection at the database level has been considered individually, however, there has been limited research in producing a multileveled approach to achieve a robust solution. The research presented outlines the development of a detection framework by introducing a process that is to be implemented in conjunction with information requests. By utilizing this approach, an effective and robust methodology has been achieved that can be used to determine the probability of an intrusion by the authorized entity, which ultimately address the insider threat phenomena at its most basic level.
文摘Virtualization technology plays a key role in cloud computing.Thus,the security issues of virtualization tools(hypervisors,emulators,etc.) should be under precise consideration.However,threats of insider attacks are underestimated.The virtualization tools and hypervisors have been poorly protected from this type of attacks.Furthermore,hypervisor is one of the most critical elements in cloud computing infrastructure.Firstly,hypervisor vulnerabilities analysis is provided.Secondly,a formal model of insider attack on hypervisor is developed.Consequently,on the basis of the formal attack model,we propose a new methodology of hypervisor stability evaluation.In this paper,certain security countermeasures are considered that should be integrated in hypervisor software architecture.
文摘From the perspective of the insiders and outsiders,this study explores the influence of differential leadership on employees’affective commitment and the moderating effect of leader’s self-enhancing humor and individual traditionality.The results show that the differential leadership has a positive impact on the organizational affective commitment of employees,the leader’s self-enhancing humor and the employees’traditionality play a positive regulatory role respectively.Moreover,compared with the outsiders,the low traditionality has a stronger influence on the relationship between differential leadership and organizational affective commitment of the insiders.This paper enriches the research on the influence of leadership style on employee’s affective commitment,proposes and verifies the moderation of leader’s self-enhancing humor and employee’s traditionality,which complements the boundary conditions for the effectiveness of differential leadership style.
基金supported by the National Natural Science Foundation of China(61962015)the Guangxi Key Laboratory of Cryptography and Information Security Research Project,China(GCIS202127)+2 种基金the Central Guidance on Local Science and Technology Development Fund of Guangxi Province,China(ZY23055008)the Scientific Research and Technological Development Planning Project of Guilin,China(20220124-12)the Innovation Project of Guangxi Graduate Education,China(2023YCXS043).
文摘With the rapid development of information technology,information system security and insider threat detection have become important topics for organizational management.In the current network environment,user behavioral bio-data presents the characteristics of nonlinearity and temporal sequence.Most of the existing research on authentication based on user behavioral biometrics adopts the method of manual feature extraction.They do not adequately capture the nonlinear and time-sequential dependencies of behavioral bio-data,and also do not adequately reflect the personalized usage characteristics of users,leading to bottlenecks in the performance of the authentication algorithm.In order to solve the above problems,this paper proposes a Temporal Convolutional Network method based on an Efficient Channel Attention mechanism(ECA-TCN)to extract user mouse dynamics features and constructs an one-class Support Vector Machine(OCSVM)for each user for authentication.Experimental results show that compared with four existing deep learning algorithms,the method retains more adequate key information and improves the classification performance of the neural network.In the final authentication,the Area Under the Curve(AUC)can reach 96%.
基金supported by the National Natural Science Foundation of China (Nos. 61403301 and 61773310)the China Postdoctoral Science Foundation (Nos. 2014M560783 and 2015T81032)+1 种基金the Natural Science Foundation of Shaanxi Province (No. 2015JQ6216)the Fundamental Research Funds for the Central Universities (No. xjj2015115)
文摘Keystroke dynamics is the process to identify or authenticate individuals based on their typing rhythm behaviors. Several classifications have been proposed to verify a user's legitimacy, and the performances of these classifications should be confirmed to identify the most promising research direction. However, classification research contains several experiments with different conditions such as datasets and methodologies. This study aims to benchmark the algorithms to the same dataset and features to equally measure all performances. Using a dataset that contains the typing rhythm of 51 subjects, we implement and evaluate 15 classifiers measured by Fl-measure, which is the harmonic mean of a false-negative identification rate and false-positive identification rate. We also develop a methodology to process the typing data. By considering a case in which the model will reject the outsider, we tested the algorithms on an open set. Additionally, we tested different parameters in random forest and k nearest neighbors classifications to achieve better results and explore the cause of their high performance. We also tested the dataset on one-class classification and explained the results of the experiment. The top-performing classifier achieves an Fl-measure rate of 92% while using the normalized typing data of 50 subjects to train and the remaining data to test. The results, along with the normalization methodology, constitute a benchmark for comparing the classifiers and measuring the performance of keystroke dynamics for insider detection.
基金This work is supported by the National Natural Science Foundation of China under Grant Nos. 61300181 and 61502044, and the Fundamental Research Funds for the Central Universities of China under Grant No. 2015RC23.
文摘The notion of searchable encrypted keywords introduced an elegant approach to retrieve encrypted data without the need of decryption. Since the introduction of this notion, there are two main searchable encrypted keywords techniques, symmetric searchable encryption (SSE) and public key encryption with keyword search (PEKS). Due to the complicated key management problem in SSE, a number of concrete PEKS constructions have been proposed to overcome it. However, the security of these PEKS schemes was only weakly defined in presence of outsider attacks;therefore they suffer from keyword guessing attacks from the database server as an insider. How to resist insider attacks remains a challenging problem. We propose the first searchable encrypted keywords against insider attacks (SEK-IA) framework to address this problem. The security model of SEK-IA under public key environment is rebuilt. We give a concrete SEK-IA construction featured with a constant-size trapdoor and the proposed scheme is formally proved to be secure against insider attacks. The performance evaluations show that the communication cost between the receiver and the server in our SEK-IA scheme remains constant, independent of the sender identity set size, and the receiver needs the minimized computational cost to generate a trapdoor to search the data from multiple senders.
文摘We study optimal insider control problems,i.e.,optimal control problems of stochastic systemswhere the controller at any time t,in addition to knowledge about the history of the system up to this time,also has additional information related to a future value of the system.Since this puts the associated controlled systems outside the context of semimartingales,we apply anticipative white noise analysis,including forward integration and Hida-Malliavin calculus to study the problem.Combining this with Donsker delta functionals,we transform the insider control problem into a classical(but parametrised)adapted control system,albeit with a non-classical performance functional.We establish a sufficient and a necessary maximum principle for such systems.Then we apply the results to obtain explicit solutions for some optimal insider portfolio problems in financial markets described by Itô-Lévy processes.Finally,in the Appendix,we give a brief survey of the concepts and results we need from the theory of white noise,forward integrals and Hida-Malliavin calculus.
基金supported by the following projects including"Trading Bans Policy on Insider Trading:Policy Effectiveness and Economics Consequences" supported by NSFC (National Natural Science Foundation of China) (No. 71302059) "Research on Controlling Shareholder’s Trading Behavior and Regulation Implication" supported by Research Foundation for Young Teachers by Ministry of Education of China (No. 11YJC790313) "Research on Executive Trading Behavior and Regulation Implication" supported by Zhejiang Provincial Natural Science Foundation of China (No. LY12G02022)
文摘This study systematically examines the ability of aggregate insider trading to predict future market returns in the Chinese A-share market. After controlling for the contrarian investment strategy, aggregate executive(large shareholder)trading conducted over the past six months can predict 66%(72.7%) of market returns twelve months in advance. Aggregate insider trading predicts future market returns very accurately and is stronger for insiders who have a greater information advantage(e.g., executives and controlling shareholders).Corporate governance also affects the predictability of insider trading. The predictability of executive trading is weakest in central state-owned companies,probably because the "quasi-official" status of the executives in those companies effectively curbs their incentives to benefit from insider trading.The predictive power of large shareholder trading in private-owned companies is higher than that in state-owned companies, probably due to their stronger profit motivation and higher involvement in business operations. This study complements the literature by examining an emerging market and investigating how the institutional context and corporate governance affect insider trading.
文摘Immersion Guides,Beijing’s leading English-language publisher of guidebooks for Beijing and beyond,is proud to present the 2008 edition of the Insider’s Guide to Beijing (November 2007,ISBN: 978-7-5085-1172-6,90 yuan).This is not the run-of-the-mill guide- book written by travelers who spend a few harried days getting to know their destination.Combining the knowledge of 40 long-term residents, this is the guidebook that knows Beijing inside and out.Now in its fourth edition,this'Beijing Bible'(Beijing Today) is the most compre- hensive resource available for both travelers and residents. Fully updated annually to keep pace with the rate of change in Beijing,the Insider’s Guide provides readers with practical informa-
基金Supported by the National Natural Science Foundation of China(11861025)Guizhou QKHPTRC[2018]5769。
文摘For a revised model of Caldentey and Stacchetti(Econometrica,2010)in continuous-time insider trading with a random deadline which allows market makers to observe some information on a risky asset,a closed form of its market equilibrium consisting of optimal insider trading intensity and market liquidity is obtained by maximum principle method.It shows that in the equilibrium,(i)as time goes by,the optimal insider trading intensity is exponentially increasing even up to infinity while both the market liquidity and the residual information are exponentially decreasing even down to zero;(ii)the more accurate information observed by market makers,the stronger optimal insider trading intensity is such that the total expect profit of the insider is decreasing even go to zero while both the market liquidity and the residual information are decreasing;(iii)the longer the mean of random time,the weaker the optimal insider trading intensity is while the more both the residual information and the expected profit are,but there is a threshold of trading time,half of the mean of the random time,such that if and only if after it the market liquidity is increasing with the mean of random time increasing.
基金Trading Bans Policy on Insider Trading:Policy Effectiveness and Economics Consequences"supported by the National Natural Science Foundation of China(No:71302059)"Research on Controlling Shareholder’s Trading Behavior and Regulation Implication"supported by the Research Foundation for Young Teachers by the Ministry of Education(No:11YJC790313)"Research on Executive Trading Behavior and Regulation Implication"supported by Zhejiang Provincial Natural Science Foundation of China(No:LY12G02022)
文摘This study examines the effects of China's 2008 trading ban regulation on the insider trading of large shareholders in China's A-share market.It finds no evidence of insider trading during the ban period(one month before the announcement of a financial report),due to high regulation risk.However,the ban only constrains the profitability of insider trades during the ban period,while trades outside it remain highly profitable.Informed insider trading before the ban period is 2.83 times more profitable than uninformed trading.The regulation has changed insider trading patterns,but has been ineffective in preventing insider trading by large shareholders due to rigid administrative supervision and a lack of civil litigation and flexible market monitoring.This study enhances understanding of large shareholders' trading behavior and has important implications for regulators.