Cyber Resilience through Real-Time Threat Analysis in Information Security

This paper examines how cybersecurity is developing and how it relates to more conventional information security. Although information security and cyber security are sometimes used synonymously, this study contends that they are not the same. The concept of cyber security is explored, which goes beyond protecting information resources to include a wider variety of assets, including people [1]. Protecting information assets is the main goal of traditional information security, with consideration to the human element and how people fit into the security process. On the other hand, cyber security adds a new level of complexity, as people might unintentionally contribute to or become targets of cyberattacks. This aspect presents moral questions since it is becoming more widely accepted that society has a duty to protect weaker members of society, including children [1]. The study emphasizes how important cyber security is on a larger scale, with many countries creating plans and laws to counteract cyberattacks. Nevertheless, a lot of these sources frequently neglect to define the differences or the relationship between information security and cyber security [1]. The paper focus on differentiating between cybersecurity and information security on a larger scale. The study also highlights other areas of cybersecurity which includes defending people, social norms, and vital infrastructure from threats that arise from online in addition to information and technology protection. It contends that ethical issues and the human factor are becoming more and more important in protecting assets in the digital age, and that cyber security is a paradigm shift in this regard [1].

The COVID-19 and the“European Solution”of Data-based Approach to Governance:Public Security or Data Protection?

To cope with the challenges of CoViD-19,europe has adopted relevant measures of a data-based approach to governance,on which scholars have huge differences,and the related researches are conducive to further discussion on the differences.By sorting out the challenges posed by the pandemic to public security and data protection in europe,we can summarize the“european Solution”of the data-based approach to governance,including legislation,instruments,supervision,international cooperation,and continuity.The“Solution”has curbed the spread of the pandemic to a certain extent.However,due to the influence of the traditional values of the EU,the“Solution”is too idealistic in the balance between public security and data protection,which intensifies the dilemma and causes many problems,such as ambiguous legislation,inadequate effectiveness and security of instruments,an arduous endeavor in inter national cooperation,and imperfect regulations on digital green certificates.Therefore,in a major public health crisis,there is still a long way to go in exploring a balance between public security and data protection.

A Review on Security and Privacy Issues Pertaining to Cyber-Physical Systems in the Industry 5.0 Era

The advent of Industry 5.0 marks a transformative era where Cyber-Physical Systems(CPSs)seamlessly integrate physical processes with advanced digital technologies.However,as industries become increasingly interconnected and reliant on smart digital technologies,the intersection of physical and cyber domains introduces novel security considerations,endangering the entire industrial ecosystem.The transition towards a more cooperative setting,including humans and machines in Industry 5.0,together with the growing intricacy and interconnection of CPSs,presents distinct and diverse security and privacy challenges.In this regard,this study provides a comprehensive review of security and privacy concerns pertaining to CPSs in the context of Industry 5.0.The review commences by providing an outline of the role of CPSs in Industry 5.0 and then proceeds to conduct a thorough review of the different security risks associated with CPSs in the context of Industry 5.0.Afterward,the study also presents the privacy implications inherent in these systems,particularly in light of the massive data collection and processing required.In addition,the paper delineates potential avenues for future research and provides countermeasures to surmount these challenges.Overall,the study underscores the imperative of adopting comprehensive security and privacy strategies within the context of Industry 5.0.

Interpretation of Information Security and Data Privacy Protection According to the Data Use During the Epidemic

COVID-19 has swept the whole our country and the world in the beginning of 2020.31 provinces and municipalities across the country have launched the first-level response to major public health emergencies since January 24,and China has carried out intensive epidemic control.It is critical for effectively responding to COVID-19 to collect,collate and analyze people’s personal data.What’s more,obtaining identity information,travel records and health information of confirmed cases,suspected cases and close contacts has become a crucial step in epidemic investigation.All regions have made full use of big data to carry out personnel screening,travel records analysis and other related work in epidemic prevention and control,effectively improving the efficiency of epidemic prevention and control.However,data leakage,personnel privacy data exposure,and personal attack frequently occurred in the process of personnel travel records analysis and epidemic prevention and control.It even happened in the WeChat group to forward a person’s name,phone number,address,ID number and other sensitive information.It brought discrimination,telephone and SMS harassment to the parties,which caused great harm to individuals.Based on these,lack of information security and data security awareness and other issues were exposed.Therefore,while big data has been widely concerned and applied,attention should be paid to protecting personal privacy.It is urgent to pay more attention to data privacy and information security in order to effectively protect the legitimate rights of the people.Therefore,measures can be taken to achieve this goal,such as improving the relevant legal system,strengthening technical means to enhance the supervision and management of information security and data protection.

Cyber Security-Protecting Personal Data

Many organizations have datasets which contain a high volume of personal data on individuals,e.g.,health data.Even without a name or address,persons can be identified based on the details(variables)on the dataset.This is an important issue for big data holders such as public sector organizations(e.g.,Public Health Organizations)and social media companies.This paper looks at how individuals can be identified from big data using a mathematical approach and how to apply this mathematical solution to prevent accidental disclosure of a person’s details.The mathematical concept is known as the“Identity Correlation Approach”(ICA)and demonstrates how an individual can be identified without a name or address using a unique set of characteristics(variables).Secondly,having identified the individual person,it shows how a solution can be put in place to prevent accidental disclosure of the personal details.Thirdly,how to store data such that accidental leaks of the datasets do not lead to the disclosure of the personal details to unauthorized users.

Development of the Software Application with Graphical User Interface for One Model Cyber Security

The article is dedicated to the development of software application with graphical user interface for analyzing of the operation of Integrated System of Data Defense from cyber-threats (ISDD) which includes subsystems of detection and elimination of vulnerabilities existing in the system, as well as Requests of Unauthorized Access (RUA). In the subsystems of eliminations of vulnerabilities and queues of unauthorized access considered as multichannel queueing systems with corresponding servers and queues, at random times there come requests to fix threats detected by the system. It is supposed that flows of requests demanding to eliminate threats coming to the mentioned subsystems of queueing systems are described with the Poisson distribution of probabilities, but processes of their elimination obey exponential law. For the system described above, there has been developed software realization of graphical interface which allows easily to change input parameters and observe graphical reflection of changes of the output indicators of the system.

ID-Based Public Auditing Protocol for Cloud Storage Data Integrity Checking with Strengthened Authentication and Security

Cloud storage service reduces the burden of data users by storing users＇ data files in the cloud. But, the files might be modified in the cloud. So, data users hope to check data files integrity periodically. In a public auditing protocol, there is a trusted auditor who has certain ability to help users to check the integrity of data files. With the advantages of no public key management and verification, researchers focus on public auditing protocol in ID-based cryptography recently. However, some existing protocols are vulnerable to forgery attack. In this paper, based on ID-based signature technology, by strengthening information authentication and the computing power of the auditor, we propose an ID-based public auditing protocol for cloud data integrity checking. We also prove that the proposed protocol is secure in the random oracle model under the assumption that the Diffie-Hellman problem is hard. Furthermore, we compare the proposed protocol with other two ID-based auditing protocols in security features, communication efficiency and computation cost. The comparisons show that the proposed protocol satisfies more security features with lower computation cost.

Changes and Adjustments:The Rule of Law Response to Medical Institution Data Compliance

Medical institution data compliance is an exogenous product of the digital society,serving as a crucial means to maintain and balance the relationship between data protection and data sharing,as well as individual interests and public interests.The implementation of the Healthy China Initiative greatly benefits from its practical significance.In practice,data from medical institutions takes varied forms,including personally identifiable data collected before diagnosis and treatment,clinical medical data generated during diagnosis and treatment,medical data collected in public health management,and potential medical data generated in daily life.In the new journey of comprehensively promoting the Chinese path to modernization,it is necessary to clarify the shift from an individual-oriented to a societal-oriented value system,highlighting the reinforcing role of the trust concept.Guided by the principle of minimizing data utilization,the focus is on the new developments and changes in medical institution data in the postpandemic era.This involves a series of measures such as fulfilling the obligation of notification and consent,specifying the scope of data collection and usage,strengthening the standardized use of relevant technical measures,and establishing a sound legal responsibility system for data compliance.Through these measures,a flexible and efficient medical institution data compliance system can be constructed.

Privacy Cost Analysis and Privacy Protection Based on Big Data

A comprehensive analysis of the impact privacy incidents on its market value is given.A broad set of instances of the exposure of personal information from a summary of some security mechanisms and the corresponding results are presented. The cumulative effect increases in magnitude over day following the breach announcement, but then decreases. Besides, a new privacy protection property, that is, p-sensitive k-anonymity is presented in this paper to protect against identity disclosure. We illustrated the inclusion of the two necessary conditions in the algorithm for computing a p-k-minimal generalization. Algorithms such as k-anonymity and l-diversity remain all sensitive attributes intact and apply generalization and suppression to the quasi-identifiers. This will keep the data "truthful" and provide good utility for data-mining applications, while achieving less perfect privacy. We aim to get the problem based on the prior analysis, and study the issue of privacy protection from the perspective of the model-benefit.

Pervasive geo-security - a lightweight triple-A approach to securing distributed geo-service infrastructures

Security has recently become a major concern in distributed geo-infrastructures for spatial data provision.Thus,a lightweight approach for securing distributed low-power environments such as geo-sensor networks is needed.The first part of this article presents a survey of current security mechanisms for authentication and authorisation.Based on this survey,a lightweight and scalable token-based security infrastructure was developed,which is tailored for use in distributed geo-web service infrastructures.The developed security framework comprises dedicated components for authentication,rule-based authorisation and optimised storage and administration of access rules.For validation purposes,a prototypical implementation of the approach has been created.

新型电力系统数据跨域流通泛安全边界防护技术

新型电力系统建设涉及多业务系统、多部门、多方主体间进行海量、异构数据的交互和共享,电力数据的内外部网络环境与安全形势日趋复杂化,数据流通的脆弱性风险加剧。首先,分析新型电力系统下数据流的类型与特性,概括电力数据流通安全防护面临的新形势;其次,基于专用数据处理器(DPU)的高性能流量编排和多功能安全网关能力,构建面向电力数据跨域流通安全增强的泛安全边界,凭借数据面可编程技术沟通网络安全与数据安全双维度安全能力,提出基于DPU的数据跨域流通协同防护技术应用方案;最后,阐释DPU在不同电力通信网络层次的部署方式、价值与关键技术,分析现阶段DPU在电力领域应用存在的挑战。

数字经济时代数据安全风险防范体系之构建与优化

随着人工智能技术的发展,全球进入“数据驱动”时代,数据流动创造价值的同时也带来日趋严重的安全危机。针对以数据滥用、数据泄露、数据污染为代表的数据安全事件,亟须通过建立全面、科学、有效的数据安全风险防范体系加以解决。然而,数据的法律属性与权利归属在理论上尚未廓清,数据流通边界的界定、数据安全综合防御机制的建立、公权与私权的博弈、数据安全保护与数据开发利用之间的内在张力都在不同程度上影响和制约了数据安全风险防范体系的建构。通过明确数据共享的权责归属,健全数据流动安全保护机制以及建立数据全生命周期风险预警防御机制有助于深入探明数据安全保障的政策法制完善之路。

论中国数据跨境制度的现状、问题与纾困路径

中国已经建立了以“安全评估、标准合同、保护认证”为核心、以行业规定为配套的数据跨境制度体系,形成了既保安全又促发展的中国方案。但在具体立法中,该制度在理论与实践上存在双重失衡,在理论上缺乏完善的基础理论支撑,在实践中未能形成系统完整的制度体系,且其在适用关系上出现龃龉,与国际规则之间也存在割裂导致难以衔接,致使数据处理者在合规实践中面临较大成本,难以获得预期成效。不同于美国的“市场话语”和欧盟“权利本位”的数据跨境理论基础,中国应当基于国情明确利益平衡体系下的数据主权理论建构数据出境制度体系,矫正实践中过度保障安全的规制思路,通过单列安全评估、制定行业性与地方性特殊制度等措施,完善相关制度之间、国内法与国际规则之间的适用衔接,着力降低合规成本,保障制度落到实处。

数字经济环境下数据犯罪规制和认定模式的演变

在数字经济环境下,保证数据安全和保障数据共享活力同样重要,数据犯罪的规制和认定应当同时满足这两方面的需求。现有数据犯罪规制和认定采用的是权利保护模式,即通过保护数据权利主体的利益进行数据犯罪规制和认定。权利保护模式不能满足数字经济发展的需求;以非法获取行为为规制重点的前置化保护不当可能导致数据流通受阻;现行刑法规制数据犯罪行为方式的局限可能导致数据安全保护不全面。数据犯罪规制和认定应当采用秩序维护模式,关注数据价值实现过程中各方主体的利益,看重一般数据的公共产品属性。为实现数据犯罪规制和认定的秩序维护模式,立法者应当增设维护数据管理秩序的新罪名。在数据犯罪的司法认定上,也需要及时调整思路,做好保护数据安全和保障数据共享活力之间的利益平衡。

基于联邦学习的个性化推荐系统研究

为了通过联邦学习算法解决用户隐私数据泄露的问题、降低数据泄露的可能性,本文概述了推荐系统、联邦学习及联邦推荐系统,探讨了联邦个性化推荐系统的类别、流程、应用现状以及未来面对的挑战等,为用户提供了安全、便捷、高效的个性化推荐系统。

欧盟《数据法案》的规范要旨与制度启示:以个人信息保护为视角

欧洲议会于2023年11月9日表决通过《数据法案》。该法案明确符合欧盟价值观的数据流转利用和数据治理规则,保障欧洲单一数据市场中数据要素的安全高效流动,进一步平衡个人数据保护和数据自由流通之间的关系。在数字时代下,我国可以在个人信息权益保护、统一协调的数据治理机制建立、技术互联与标准建设强化、数据安全保护监管优化等方面吸收借鉴其经验,在充分释放数据要素价值的同时,进一步完善数字时代数据安全与个人信息保护标准,规范数据的共享流通,保障数字经济安全有序发展。

国家金融安全视域下金融科技的风险应对与法治保障

在数字化时代,科技深度赋能金融服务的同时,也易引发国家金融安全风险,包括与传统金融活动结合、构建新型金融网络系统及新兴科技直接应用等场景。金融科技引发国家安全风险的生成机理在于,随着金融体系的中介类型增多、金融风险传导渠道增加,新金融网络体系会产生基于“关联”的风险。金融科技“破坏性创新”的特征,会从金融监管立法与实施两个方面冲击传统金融监管框架,从而加剧监管失灵。国家金融安全的法治保障亟须理论层面的反思与重构,进而形成金融科技的“动态协同”治理模式,从外层金融网络与基础设施安全、中层金融科技创新活动和内层金融服务行为三个层面,构建多层次的金融科技法治保障体系。

科学数据分类分级保护探索:框架与模式

近年来,随着数据安全监管的日益收紧,科学数据管理面临越来越严峻的“安全合规”挑战,数据分类分级保护逐渐成为学术界、数据管理实践者和监管机构共同关注的议题。然而,现有的研究和实践大多局限于对数据合规的解释与反应性应对,缺乏对科学数据分类分级保护的系统性和理论性讨论。这种认知不足限制了科学数据安全管理领域理论框架和实用模型的发展。为形成对科学数据分类分级保护的系统性理解,本研究基于对现有实践的广泛调查,提炼出科学数据的六项关键安全特征:多重规制、伦理强规制、学科领域差异性、“规模-风险”帕累托分布、公益性和动态敏感性,以此六项特征为基础,构建了科学数据安全分类和分级框架,并提出了全面、平衡与精简三种保护模式。研究提出了“数据合规-合规成本-数据收益”三角平衡观点,合理解释了三者之间的权衡关系。文中还详细讨论了数据安全分类与安全分级的区别及其相互作用,澄清了科学数据安全分类的复杂性。该研究提出的针对科学数据分类分级保护的理论框架为分析科学数据安全管理中的复杂问题提供了框架性工具,可为相关研究提供有价值的参考,有助于推动科学数据安全保护实践。

VKFQ:A Verifiable Keyword Frequency Query Framework with Local Differential Privacy in Blockchain

With its untameable and traceable properties,blockchain technology has been widely used in the field of data sharing.How to preserve individual privacy while enabling efficient data queries is one of the primary issues with secure data sharing.In this paper,we study verifiable keyword frequency(KF)queries with local differential privacy in blockchain.Both the numerical and the keyword attributes are present in data objects;the latter are sensitive and require privacy protection.However,prior studies in blockchain have the problem of trilemma in privacy protection and are unable to handle KF queries.We propose an efficient framework that protects data owners’privacy on keyword attributes while enabling quick and verifiable query processing for KF queries.The framework computes an estimate of a keyword’s frequency and is efficient in query time and verification object(VO)size.A utility-optimized local differential privacy technique is used for privacy protection.The data owner adds noise locally into data based on local differential privacy so that the attacker cannot infer the owner of the keywords while keeping the difference in the probability distribution of the KF within the privacy budget.We propose the VB-cm tree as the authenticated data structure(ADS).The VB-cm tree combines the Verkle tree and the Count-Min sketch(CM-sketch)to lower the VO size and query time.The VB-cm tree uses the vector commitment to verify the query results.The fixed-size CM-sketch,which summarizes the frequency of multiple keywords,is used to estimate the KF via hashing operations.We conduct an extensive evaluation of the proposed framework.The experimental results show that compared to theMerkle B+tree,the query time is reduced by 52.38%,and the VO size is reduced by more than one order of magnitude.

A Cover-Independent Deep Image Hiding Method Based on Domain Attention Mechanism

Recently,deep image-hiding techniques have attracted considerable attention in covert communication and high-capacity information hiding.However,these approaches have some limitations.For example,a cover image lacks self-adaptability,information leakage,or weak concealment.To address these issues,this study proposes a universal and adaptable image-hiding method.First,a domain attention mechanism is designed by combining the Atrous convolution,which makes better use of the relationship between the secret image domain and the cover image domain.Second,to improve perceived human similarity,perceptual loss is incorporated into the training process.The experimental results are promising,with the proposed method achieving an average pixel discrepancy(APD)of 1.83 and a peak signal-to-noise ratio(PSNR)value of 40.72 dB between the cover and stego images,indicative of its high-quality output.Furthermore,the structural similarity index measure(SSIM)reaches 0.985 while the learned perceptual image patch similarity(LPIPS)remarkably registers at 0.0001.Moreover,self-testing and cross-experiments demonstrate the model’s adaptability and generalization in unknown hidden spaces,making it suitable for diverse computer vision tasks.