The fact that the security facilities within a system are closely coupled and the security facilities between systems are unconnected results in an isolated protection structure for systems, and gives rise to a seriou...The fact that the security facilities within a system are closely coupled and the security facilities between systems are unconnected results in an isolated protection structure for systems, and gives rise to a serious challenge to system security integrations and system controls. Also, the need for diversified services and flexible extensions of network security asks for more considerations and contribu?tions from the perspective of software engineering in the process of designing and constructing security systems. Based on the essence of the virtualization technique and the idea of software-defined networks, we in this paper propose a novel software-defi ned security architecture for systems. By abstracting the traditional security facilities and techniques, the proposed security architecture provides a new, simple, effective, and programmable framework in which security operations and security controls can be decoupled, and thereby reduces the software module sizes, decreases the intensity of software deve?lopments, and improves the security extensibility of systems.展开更多
This paper examines how cybersecurity is developing and how it relates to more conventional information security. Although information security and cyber security are sometimes used synonymously, this study contends t...This paper examines how cybersecurity is developing and how it relates to more conventional information security. Although information security and cyber security are sometimes used synonymously, this study contends that they are not the same. The concept of cyber security is explored, which goes beyond protecting information resources to include a wider variety of assets, including people [1]. Protecting information assets is the main goal of traditional information security, with consideration to the human element and how people fit into the security process. On the other hand, cyber security adds a new level of complexity, as people might unintentionally contribute to or become targets of cyberattacks. This aspect presents moral questions since it is becoming more widely accepted that society has a duty to protect weaker members of society, including children [1]. The study emphasizes how important cyber security is on a larger scale, with many countries creating plans and laws to counteract cyberattacks. Nevertheless, a lot of these sources frequently neglect to define the differences or the relationship between information security and cyber security [1]. The paper focus on differentiating between cybersecurity and information security on a larger scale. The study also highlights other areas of cybersecurity which includes defending people, social norms, and vital infrastructure from threats that arise from online in addition to information and technology protection. It contends that ethical issues and the human factor are becoming more and more important in protecting assets in the digital age, and that cyber security is a paradigm shift in this regard [1].展开更多
To protect the systems exposed to the Internet against attacks, a security system with the capability to engage with the attacker is needed. There have been attempts to model the engagement/interactions between users,...To protect the systems exposed to the Internet against attacks, a security system with the capability to engage with the attacker is needed. There have been attempts to model the engagement/interactions between users, both benign and malicious, and network administrators as games. Building on such works, we present a game model which is generic enough to capture various modes of such interactions. The model facilitates stochastic games with imperfect information. The information is imperfect due to erroneous sensors leading to incorrect perception of the current state by the players. To model this error in perception distributed over other multiple states, we use Euclidean distances between the outputs of the sensors. We build a 5-state game to represent the interaction of the administrator with the user. The states correspond to 1) the user being out of the system in the Internet, and after logging in to the system;2) having low privileges;3) having high privileges;4) when he successfully attacks and 5) gets trapped in a honeypot by the administrator. Each state has its own action set. We present the game with a distinct perceived action set corresponding to each distinct information set of these states. The model facilitates stochastic games with imperfect information. The imperfect information is due to erroneous sensors leading to incorrect perception of the current state by the players. To model this error in perception distributed over the states, we use Euclidean distances between outputs of the sensors. A numerical simulation of an example game is presented to show the evaluation of rewards to the players and the preferred strategies. We also present the conditions for formulating the strategies when dealing with more than one attacker and making collaborations.展开更多
Security incidents affecting information systems in cyberspace keep on rising. Researchers have raised interest in finding out how to manage security incidents. Various solutions proposed do not effectively address th...Security incidents affecting information systems in cyberspace keep on rising. Researchers have raised interest in finding out how to manage security incidents. Various solutions proposed do not effectively address the problematic situation of security incidents. The study proposes a human sensor web Crowd sourcing platform for reporting, searching, querying, analyzing, visualizing and responding to security incidents as they arise in real time. Human sensor web Crowd sourcing security incidents is an innovative approach for addressing security incidents affecting information systems in cyberspace. It employs outsourcing collaborative efforts initiatives outside the boundaries of the given organization in solving a problematic situation such as how to improve the security of information systems. It was managed by soft systems methodology. Moreover, security maturity level assessment was carried out to determine security requirements for managing security incidents using ISO/IEC 21827: Systems security engineering capability maturity model with a rating scale of 0 - 5. It employed descriptive statistics and non-parametric statistical method to determine the significance of each variable based on a research problem. It used Chi-Square Goodness of Fit Test (X2) to determine the statistical significance of result findings. The findings revealed that security controls and security measures are implemented in ad-hoc. For managing security incidents, organizations should use human sensor web Crowd sourcing platform. The study contributes to knowledge base management learning integration: practical implementation of Crowd sourcing in information systems security.展开更多
Smart grids have the characteristics of being observable,controllable,adaptive,self-healing,embedded independent processing,and real-time analysis.With the development of smart grids,constructing a grid to cover globa...Smart grids have the characteristics of being observable,controllable,adaptive,self-healing,embedded independent processing,and real-time analysis.With the development of smart grids,constructing a grid to cover global,unified information systems,which should be adapted to fulf ill the requirements of the characteristics,is essential.This paper presents an service-oriented architecture(SOA)for smart grid information-engineering systems based on knowledge grid,which could form as a service-oriented architecture through business,technology and management;it would extract potentially valuable information from the massive amount of information on the generation side,the grid side,and the electricity side,then share the useful information to improve availability,security and stability.展开更多
Blockchain can realize the reliable storage of a large amount of data that is chronologically related and verifiable within the system.This technology has been widely used and has developed rapidly in big data systems...Blockchain can realize the reliable storage of a large amount of data that is chronologically related and verifiable within the system.This technology has been widely used and has developed rapidly in big data systems across various fields.An increasing number of users are participating in application systems that use blockchain as their underlying architecture.As the number of transactions and the capital involved in blockchain grow,ensuring information security becomes imperative.Addressing the verification of transactional information security and privacy has emerged as a critical challenge.Blockchain-based verification methods can effectively eliminate the need for centralized third-party organizations.However,the efficiency of nodes in storing and verifying blockchain data faces unprecedented challenges.To address this issue,this paper introduces an efficient verification scheme for transaction security.Initially,it presents a node evaluation module to estimate the activity level of user nodes participating in transactions,accompanied by a probabilistic analysis for all transactions.Subsequently,this paper optimizes the conventional transaction organization form,introduces a heterogeneous Merkle tree storage structure,and designs algorithms for constructing these heterogeneous trees.Theoretical analyses and simulation experiments conclusively demonstrate the superior performance of this scheme.When verifying the same number of transactions,the heterogeneous Merkle tree transmits less data and is more efficient than traditional methods.The findings indicate that the heterogeneous Merkle tree structure is suitable for various blockchain applications,including the Internet of Things.This scheme can markedly enhance the efficiency of information verification and bolster the security of distributed systems.展开更多
Deepfake has emerged as an obstinate challenge in a world dominated by light.Here,the authors introduce a new deepfake detection method based on Xception architecture.The model is tested exhaustively with millions of ...Deepfake has emerged as an obstinate challenge in a world dominated by light.Here,the authors introduce a new deepfake detection method based on Xception architecture.The model is tested exhaustively with millions of frames and diverse video clips;accuracy levels as high as 99.65%are reported.These are the main reasons for such high efficacy:superior feature extraction capabilities and stable training mechanisms,such as early stopping,characterizing the Xception model.The methodology applied is also more advanced when it comes to data preprocessing steps,making use of state-of-the-art techniques applied to ensure constant performance.With an ever-rising threat from fake media,this piece of research puts great emphasis on stringent memory testing to keep at bay the spread of manipulated content.It also justifies better explanation methods to justify the reasoning done by the model for those decisions that build more trust and reliability.The ensemble models being more accurate have been studied and examined for establishing a possibility of combining various detection frameworks that could together produce superior results.Further,the study underlines the need for real-time detection tools that can be effective on different social media sites and digital environments.Ethics,protecting privacy,and public awareness in the fight against the proliferation of deepfakes are important considerations.By significantly contributing to the advancements made in the technology that has actually advanced detection,it strengthens the safety and integrity of the cyber world with a robust defense against ever-evolving deepfake threats in technology.Overall,the findings generally go a long way to prove themselves as the crucial step forward to ensuring information authenticity and the trustworthiness of society in this digital world.展开更多
Cyber-physical systems are being confronted with an ever-increasing number of security threats from the complicated interactions and fusions between cyberspace and physical space.Integrating security-related activitie...Cyber-physical systems are being confronted with an ever-increasing number of security threats from the complicated interactions and fusions between cyberspace and physical space.Integrating security-related activities into the early phases of the development life cycle is a monolithic and cost-effective solution for the development of security-critical cyber-physical systems.These activities often incorporate security mechanisms from different realms.We present a fine-grained design flow paradigm for security-critical and software-intensive cyber-physical systems.We provide a comprehensive survey on the domain-specific architectures,countermeasure techniques and security standards involved in the development life cycle of security-critical cyber-physical systems,and adapt these elements to the newly designed flow paradigm.Finally,we provide prospectives and future directions for improving the usability and security level of this design flow paradigm.展开更多
基金supported in part by the following grants:National Science Foundation of China(Grant No.61272400)Chongqing Innovative Team Fund for College Development Project(Grant No.KJTD201310)+3 种基金Chongqing Youth Innovative Talent Project(Grant No.cstc2013kjrc-qnrc40004)Science and Technology Research Program of the Chongqing Municipal Education Committee(Grant No.KJ1500425)Foundation of CQUPT(Grant No.WF201403)Chongqing Graduate Research and Innovation Project(Grant No.CYS14146)
文摘The fact that the security facilities within a system are closely coupled and the security facilities between systems are unconnected results in an isolated protection structure for systems, and gives rise to a serious challenge to system security integrations and system controls. Also, the need for diversified services and flexible extensions of network security asks for more considerations and contribu?tions from the perspective of software engineering in the process of designing and constructing security systems. Based on the essence of the virtualization technique and the idea of software-defined networks, we in this paper propose a novel software-defi ned security architecture for systems. By abstracting the traditional security facilities and techniques, the proposed security architecture provides a new, simple, effective, and programmable framework in which security operations and security controls can be decoupled, and thereby reduces the software module sizes, decreases the intensity of software deve?lopments, and improves the security extensibility of systems.
文摘This paper examines how cybersecurity is developing and how it relates to more conventional information security. Although information security and cyber security are sometimes used synonymously, this study contends that they are not the same. The concept of cyber security is explored, which goes beyond protecting information resources to include a wider variety of assets, including people [1]. Protecting information assets is the main goal of traditional information security, with consideration to the human element and how people fit into the security process. On the other hand, cyber security adds a new level of complexity, as people might unintentionally contribute to or become targets of cyberattacks. This aspect presents moral questions since it is becoming more widely accepted that society has a duty to protect weaker members of society, including children [1]. The study emphasizes how important cyber security is on a larger scale, with many countries creating plans and laws to counteract cyberattacks. Nevertheless, a lot of these sources frequently neglect to define the differences or the relationship between information security and cyber security [1]. The paper focus on differentiating between cybersecurity and information security on a larger scale. The study also highlights other areas of cybersecurity which includes defending people, social norms, and vital infrastructure from threats that arise from online in addition to information and technology protection. It contends that ethical issues and the human factor are becoming more and more important in protecting assets in the digital age, and that cyber security is a paradigm shift in this regard [1].
文摘To protect the systems exposed to the Internet against attacks, a security system with the capability to engage with the attacker is needed. There have been attempts to model the engagement/interactions between users, both benign and malicious, and network administrators as games. Building on such works, we present a game model which is generic enough to capture various modes of such interactions. The model facilitates stochastic games with imperfect information. The information is imperfect due to erroneous sensors leading to incorrect perception of the current state by the players. To model this error in perception distributed over other multiple states, we use Euclidean distances between the outputs of the sensors. We build a 5-state game to represent the interaction of the administrator with the user. The states correspond to 1) the user being out of the system in the Internet, and after logging in to the system;2) having low privileges;3) having high privileges;4) when he successfully attacks and 5) gets trapped in a honeypot by the administrator. Each state has its own action set. We present the game with a distinct perceived action set corresponding to each distinct information set of these states. The model facilitates stochastic games with imperfect information. The imperfect information is due to erroneous sensors leading to incorrect perception of the current state by the players. To model this error in perception distributed over the states, we use Euclidean distances between outputs of the sensors. A numerical simulation of an example game is presented to show the evaluation of rewards to the players and the preferred strategies. We also present the conditions for formulating the strategies when dealing with more than one attacker and making collaborations.
文摘Security incidents affecting information systems in cyberspace keep on rising. Researchers have raised interest in finding out how to manage security incidents. Various solutions proposed do not effectively address the problematic situation of security incidents. The study proposes a human sensor web Crowd sourcing platform for reporting, searching, querying, analyzing, visualizing and responding to security incidents as they arise in real time. Human sensor web Crowd sourcing security incidents is an innovative approach for addressing security incidents affecting information systems in cyberspace. It employs outsourcing collaborative efforts initiatives outside the boundaries of the given organization in solving a problematic situation such as how to improve the security of information systems. It was managed by soft systems methodology. Moreover, security maturity level assessment was carried out to determine security requirements for managing security incidents using ISO/IEC 21827: Systems security engineering capability maturity model with a rating scale of 0 - 5. It employed descriptive statistics and non-parametric statistical method to determine the significance of each variable based on a research problem. It used Chi-Square Goodness of Fit Test (X2) to determine the statistical significance of result findings. The findings revealed that security controls and security measures are implemented in ad-hoc. For managing security incidents, organizations should use human sensor web Crowd sourcing platform. The study contributes to knowledge base management learning integration: practical implementation of Crowd sourcing in information systems security.
文摘Smart grids have the characteristics of being observable,controllable,adaptive,self-healing,embedded independent processing,and real-time analysis.With the development of smart grids,constructing a grid to cover global,unified information systems,which should be adapted to fulf ill the requirements of the characteristics,is essential.This paper presents an service-oriented architecture(SOA)for smart grid information-engineering systems based on knowledge grid,which could form as a service-oriented architecture through business,technology and management;it would extract potentially valuable information from the massive amount of information on the generation side,the grid side,and the electricity side,then share the useful information to improve availability,security and stability.
基金funded by the National Natural Science Foundation of China(62072056,62172058)the Researchers Supporting Project Number(RSP2023R102)King Saud University,Riyadh,Saudi Arabia+4 种基金funded by the Hunan Provincial Key Research and Development Program(2022SK2107,2022GK2019)the Natural Science Foundation of Hunan Province(2023JJ30054)the Foundation of State Key Laboratory of Public Big Data(PBD2021-15)the Young Doctor Innovation Program of Zhejiang Shuren University(2019QC30)Postgraduate Scientific Research Innovation Project of Hunan Province(CX20220940,CX20220941).
文摘Blockchain can realize the reliable storage of a large amount of data that is chronologically related and verifiable within the system.This technology has been widely used and has developed rapidly in big data systems across various fields.An increasing number of users are participating in application systems that use blockchain as their underlying architecture.As the number of transactions and the capital involved in blockchain grow,ensuring information security becomes imperative.Addressing the verification of transactional information security and privacy has emerged as a critical challenge.Blockchain-based verification methods can effectively eliminate the need for centralized third-party organizations.However,the efficiency of nodes in storing and verifying blockchain data faces unprecedented challenges.To address this issue,this paper introduces an efficient verification scheme for transaction security.Initially,it presents a node evaluation module to estimate the activity level of user nodes participating in transactions,accompanied by a probabilistic analysis for all transactions.Subsequently,this paper optimizes the conventional transaction organization form,introduces a heterogeneous Merkle tree storage structure,and designs algorithms for constructing these heterogeneous trees.Theoretical analyses and simulation experiments conclusively demonstrate the superior performance of this scheme.When verifying the same number of transactions,the heterogeneous Merkle tree transmits less data and is more efficient than traditional methods.The findings indicate that the heterogeneous Merkle tree structure is suitable for various blockchain applications,including the Internet of Things.This scheme can markedly enhance the efficiency of information verification and bolster the security of distributed systems.
文摘Deepfake has emerged as an obstinate challenge in a world dominated by light.Here,the authors introduce a new deepfake detection method based on Xception architecture.The model is tested exhaustively with millions of frames and diverse video clips;accuracy levels as high as 99.65%are reported.These are the main reasons for such high efficacy:superior feature extraction capabilities and stable training mechanisms,such as early stopping,characterizing the Xception model.The methodology applied is also more advanced when it comes to data preprocessing steps,making use of state-of-the-art techniques applied to ensure constant performance.With an ever-rising threat from fake media,this piece of research puts great emphasis on stringent memory testing to keep at bay the spread of manipulated content.It also justifies better explanation methods to justify the reasoning done by the model for those decisions that build more trust and reliability.The ensemble models being more accurate have been studied and examined for establishing a possibility of combining various detection frameworks that could together produce superior results.Further,the study underlines the need for real-time detection tools that can be effective on different social media sites and digital environments.Ethics,protecting privacy,and public awareness in the fight against the proliferation of deepfakes are important considerations.By significantly contributing to the advancements made in the technology that has actually advanced detection,it strengthens the safety and integrity of the cyber world with a robust defense against ever-evolving deepfake threats in technology.Overall,the findings generally go a long way to prove themselves as the crucial step forward to ensuring information authenticity and the trustworthiness of society in this digital world.
基金This work is supported by the National Natural Science Foundation of China(Nos.61303033,61303221)the National High Technology Research and Development Program of China(863 Program)(No.2015AA017203)+2 种基金the Natural Science Basis Research Plan in Shaanxi Province of China(No.2016JM6034)China 111 Project(No.B16037)the Special Research Foundation of MIIT(No.MJ-2014-S-37).
文摘Cyber-physical systems are being confronted with an ever-increasing number of security threats from the complicated interactions and fusions between cyberspace and physical space.Integrating security-related activities into the early phases of the development life cycle is a monolithic and cost-effective solution for the development of security-critical cyber-physical systems.These activities often incorporate security mechanisms from different realms.We present a fine-grained design flow paradigm for security-critical and software-intensive cyber-physical systems.We provide a comprehensive survey on the domain-specific architectures,countermeasure techniques and security standards involved in the development life cycle of security-critical cyber-physical systems,and adapt these elements to the newly designed flow paradigm.Finally,we provide prospectives and future directions for improving the usability and security level of this design flow paradigm.
